Protected UEFI Variables With U-Boot
Monday, January 4, 2021 Critical system variables, like the UEFI ones, must be protected against a variety of attacks. On Arm servers and desktops, which typically run EDK2, dedicated flashes are used. Those would normally be accessible from the secure world only, since they are storing critical variables for our systems integrity and security. But what's the status of devices running on U-Boot?