Bug#1102494: marked as done (efivar: add patch to enable storing EFI variables in the ESP)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 20 Aug 2025 04:19:10 +0000
with message-id <E1uoaI2-005e6h-1b@fasolo.debian.org>
and subject line Bug#1102494: fixed in efivar 39-2
has caused the Debian Bug report #1102494,
regarding efivar: add patch to enable storing EFI variables in the ESP
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1102494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102494
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: efivar: add patch to enable storing EFI variables in the ESP
• From: Christopher Obbard <obbardc@debian.org>
• Date: Wed, 09 Apr 2025 17:19:41 +0100
• Message-id: <174421558175.571744.3455853353727612750.reportbug@nox>

Source: efivar
Version: 38-3.1
Severity: minor
Tags: patch
X-Debbugs-Cc: obbardc@debian.org, ilias.apalodimas@linaro.org

Dear Maintainer,

In efivar upstream there is an outstanding patch to enable storing the
EFI variables in the ESP.

The description of the patch is as follows:

EFI is becoming more common on embedded boards with the embracing of
SystemReady-IR.

U-Boot which is the most commonly used firmware, is usually storing the
EFI variables in a file in the ESP since [1]. That makes it impossible
to support SetVariable at Runtime reliably, since the OS doesn't know
how to access, read or write that file.

OSes usually need SetVariable at runtime for three reasons:
 - Set the BootOrder
 - Enable UEFI Secure Boot
 - OSIndication to signal capsule updates on-disk.

Since the variables are stored in a file U-Boot enables SetVariable at
runtime in the EFI config table and stores any updates in RAM. At the same
file it creates 2 volatile variables:
 - RTStorageVolatile is the location of the file relative to the ESP
 - VarTofile contains a binary dump of the EFI variables that need to be
   preserved on the file (BS, RT, NV)
 - U-Boot fills in the VarToFile dynamically on reads and that includes any
   updates the OS did in the meantime.

The patch updates efivar to do the same thing. Once a variable is written to
the efivarfs, make sure efivars is mounted as rw and scan for the file
"RTStorageVolatile". If we find that, copy the "VarToFile" contents in a
file and preserve the variables across reboots.



In theory this change is transparant to the user, as the code path will only
be used if the file exists on the ESP, thus shouldn't introduce any
new bugs. I would like this to get into trixie before the freeze, then
once the patch is merged upstream drop it. We are struggling to install
Debian using the installer ISO on SystemReady-IR targets due to D-I
complaining because the installer installs grub and sets Boot0000 as the
default boot option, which fails because SetVariable at runtime isn't
supported. With this patch applied, SetVariable becomes supported on
SystemReady-IR platforms.

I can (and will if no objections to this bug) do the work here to:

1) update efivar 39 from upstream.
2) apply the patch[1].

Please let me know of any objections.



Cheers!

Chris


[0]: https://github.com/rhboot/efivar/pull/267
[1]: https://lore.kernel.org/u-boot/20240406140203.248211-6-ilias.apalodimas@linaro.org/T/

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.21-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

• To: 1102494-close@bugs.debian.org
• Subject: Bug#1102494: fixed in efivar 39-2
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Wed, 20 Aug 2025 04:19:10 +0000
• Message-id: <E1uoaI2-005e6h-1b@fasolo.debian.org>
• Reply-to: Mario Limonciello <superm1@debian.org>

Source: efivar
Source-Version: 39-2
Done: Mario Limonciello <superm1@debian.org>

We believe that the bug you reported is fixed in the latest version of
efivar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1102494@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mario Limonciello <superm1@debian.org> (supplier of updated efivar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 Aug 2025 22:54:25 -0500
Source: efivar
Built-For-Profiles: noudeb
Architecture: source
Version: 39-2
Distribution: unstable
Urgency: medium
Maintainer: Debian UEFI Maintainers <debian-efi@lists.debian.org>
Changed-By: Mario Limonciello <superm1@debian.org>
Closes: 1102494
Changes:
 efivar (39-2) unstable; urgency=medium
 .
   * Add s390x and ppc64el to architectures
   * Backport a patch from upstream to enable storing variables on ESP.
     (Closes: #1102494)
Checksums-Sha1:
 4a75ff4b6994c505b7d6b29431d7d0a87d962ba4 2927 efivar_39-2.dsc
 107fbb2a8bb936bf791d5c9e8cc229c05d08f3dd 463349 efivar_39.orig.tar.gz
 5a598030ed5c8819ffa801e1036a53d9a736da8f 10916 efivar_39-2.debian.tar.xz
 2bf55c836e06a3896a8aae4dbca4f2f49daf6bd6 8313 efivar_39-2_source.buildinfo
Checksums-Sha256:
 65558eed72f726519963e04ae945e057edfb4d63ffc1121f1af8518f85180b95 2927 efivar_39-2.dsc
 c9edd15f2eeeea63232f3e669a48e992c7be9aff57ee22672ac31f5eca1609a6 463349 efivar_39.orig.tar.gz
 2e72e616eb326875670b9416d00b63230d4f5e20b234c03bf8f9255da0b81918 10916 efivar_39-2.debian.tar.xz
 659f922ed7b1939f8b226a079817e14e043a79e60b235a36d3b152d08f4dec50 8313 efivar_39-2_source.buildinfo
Files:
 7127879ce8f195b1bae791d9a8ec8801 2927 libs optional efivar_39-2.dsc
 a8fc3e79336cd6e738ab44f9bc96a5aa 463349 libs optional efivar_39.orig.tar.gz
 874fccf63c56d9a3ed4f029ce265f5c5 10916 libs optional efivar_39-2.debian.tar.xz
 b3a712d6761881e77a1a6cc879638611 8313 libs optional efivar_39-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEECwtuSU6dXvs5GA2aLRkspiR3AnYFAmilR8ETHHN1cGVybTFA
ZGViaWFuLm9yZwAKCRAtGSymJHcCdkhBD/92ggv37GmkoyG04Tqqg9mG/ZVBFe4h
IxbW8F829fACxxFAsdJC5xzOGyMC9T3D9KhxxPRCdrp+qXR3sMN4tmwHfXwDzV+E
vdqo6FuwCUgqI/7baerVIZdZNCAt7SJc3XZ4Jk/b55BnpTaYq+179bO4X5oTYxWn
y8NL7gkxW6q8Rw7zKLE6Uzh3gLioT+AK5im5fjJ8a+TZyNWlifUbQi/T05oLRh9Y
qBIdSwba833uEihJpFSs78eoHqwJSN/r0Tw6Y1WhwMIyWA3wuEI3XFodoj3UIvIq
vmkHlUiFnL6SooaoB8oBmQx6WlQU6iGMMVEwB81wX6DO4fDBqPx19PHTov5+4qPt
fMRisWpO0/GZKtBXXeh/80ndSxr1iEZ7IDIpGB/a3dLu8WukEyzL+6Zj7Jme5OMm
NBh3gfS+XW8yjviVeAx9oQtc8153GvwJQhoZWp61YHwn3EgOQcXurU5C78RnWt36
qazry97fZj2GSEmjVXLpJkj+QSvMU1rc+SgesYL7+3dsy507HAZuM7oU9fHEuX6m
jFBB0nozH815iNVfRiW+IheuIs3SfUFlOK9df97/KM27X4izf345OZK6WOgaCIP3
SwNufbARGDuYvq7m27ICSM942zJ0wZ9HPeHdDFl3yb3e7qNOQy08RC8l5vS915yK
weR4uKVZkCSytg==
=tWe1
-----END PGP SIGNATURE-----

Attachment: pgpLqgsJs96PO.pgp
Description: PGP signature

--- End Message ---