U-Boot file format could be a good starting point.
Problem of locking to avoid multiple processes writing to the file, potential large delay.
Problem with user accessing the file directly.
Problems with FAT could be mitigated by using ext4 for the ESP.
EFI spec does not require FAT.
If we push that to the userspace tools, how do we synchronize everyone?
Accessing the file: U-Boot, kernel, tools...
Size limit for storage in op-tee? Ilias tried 1/2 MB. StMM and U-Boot limits need to match.
Configuration table solution did not fly because one system could not change the firmware.
Goal: one kernel supporting all solutions.
Can bake PK/KEK/db/dbx into U-Boot (non standard)
U-Boot saves the authenticated variables, but will not load them.
Add to spec: description on how to do SetVariable() at runtime, RPMB, etc.
Supplicant in userspace. U-Boot, edk2 could have their supplicant, removing the need to standardize the format. Solves locking, too.
If device is fully in secure world, just implement SetVariable() at runtime.
Existing workaround solution using a csv, generated at runtime, read at next reboot and call SetVariable() at boot time accordingly. Need for standardizing? It seems no.
Could pstore help? Was part of solutions taxonomy presentation by Ilias a while ago.