Hi,
I thought perhaps it might be worth starting a thread on this, as
despite Grant and Heinrich kinding spending a bit of time talking
about this, I am still very much in the dark about how 'embedded' and
distro/other boot flows are going to come together with EBBR. Of
course this would be easier f2f.
Case 1:
Firmware loads the kernel to a particular address, selects DT and
boots it. The kernel may require EFI boot services, or may not, but in
the general case the firmware provides them.
Case 2:
Firmware loads EFI app and provides EFI boot services to it. How the
system actually boots is under control of the app.
I feel that a lot of the confusion about verified boot, DT selections,
boot menus, etc. is coming from the introduction of an EFI app which
has no specification (it can be grub, shim or something else, as I
understand it). Certainly this is very flexible and future-proof, but
it is also arbitrarily complex, unpredictable and hard to secure.
I am wondering if we can come up with a way to deterministically
specify how a system will boot and how to make it boot a different way
(i.e. with a different kernel, initrd, DT).
Heinrich mentioned EFI variables as a way of selecting
kernel/initrd/DT. Then the problem becomes just a case of being able
to change those variables from Linux userspace. Is that right?
We are talking about having a 'secure' part of EBBR, which allows for
secure boot. Should we have a 'defined boot' part of EBBR, that
defines how the kernel/DT/initrd are selected, based on EFI variables?
Unfortunately I just don't know enough about all the different boot
flows used by the different distros. It seems like crazy town. Does
anyone have some pointers so I can do some study?
Regards,
SImon
Hello Atish,
the UEFI spec has this sentence:
"When UEFI firmware handoff control to OS, the RISC-V is operated in
machine-mode privilege." (M-mode is the equivalent to EL3 in ARM).
This does not make any sense to me when using a secure execution
environement (SEE) like OpenSBI.
The hand-off should occur in S-Mode if the CPU supports it and only in
M-Mode when the CPU only supports M-mode.
We should prescribe this in the EBBR and somehow get the UEFI spec fixed
afterwards.
An other issue is the calling convention. Chapter "2.3.7.3 Detailed
Calling Convention" does not describe which registers are saved by the
UEFI payload's entry point and restored by the payload before calling
the UEFI API or returning to the UEFI payload. This concerns especially
registers gp (x3) and tp (x4).
Into the EBBR or UEFI spec we should put a link to the "RISC-V ELF psABI
specification"
https://github.com/riscv/riscv-elf-psabi-doc/blob/master/riscv-elf.md
which is referenced by "The RISC-V Instruction Set Manual".
>From the "RISC-V ELF psABI specification" one might conclude that the
UEFI payload should not be allowed to change gp and tp before calling
ExitBootServices() or SetVirtualAddressMap() whichever occurs last.
Due to this missing clarification U-Boot is currently saving gp before
calling the entry point of the payload and restores it on reentry or on
entry of an API call. Nothing is done for tp.
Best regards
Heinrich
This patch series adds RISC-V compatibility content to EBBR.
The additional content is not a lot given that we just need to update the
architecture specific sections for RISC-V. Rest of the document is ISA agnostic
anyways. I am not sure about the copyrights though. There are two places where
copyrights are present. I have added Western Digital copyright for the index.rst
but I have not added it for conf.py as it goes into the first page of the EBBR
specification.
Should we add multiple lines of copyrights or just keep copyrights
at one place ? I am open to any other suggestions as well.
The series is also available in my github repo.
https://github.com/atishp04/ebbr/tree/riscv_update
Changes from v1->v2:
1. Added ACPI todo list.
2. Removed efistub requirements as that is linux specific.
3. Fix typos.
Atish Patra (2):
Add Western Digital copyright
Add RISC-V support content to the EBBR specification
source/chapter1-about.rst | 42 +++++++++++++++++++++++++++++++--
source/chapter2-uefi.rst | 10 +++++++-
source/chapter3-secureworld.rst | 14 +++++++++++
source/index.rst | 3 +++
source/references.rst | 4 ++++
5 files changed, 70 insertions(+), 3 deletions(-)
--
2.28.0
Reminder: Next EBBR Biweekly meeting is today at 16:00 UTC. Please note,
UK daylight savings time ended yesterday, so this will be an hour later
for everyone in the US or otherwise still on DST.
Please reply if you want to add an item to the agenda.
Notes will be collected on Etherpad. Please help take notes if you can.
Here is the link:
https://etherpad.opendev.org/p/EBBR
Time: Every second Monday starting 31 Aug at 16:00BST, 08:00PST
Join Zoom Meeting
https://armltd.zoom.us/j/92081365511?pwd=SFZpRitXUEp3Zy9GM0h3UUZ1b1pnUT09
Meeting ID: 920 8136 5511
Password: 490324
One tap mobile
+14086380968,,92081365511#,,#,490324# US (San Jose)
+16465189805,,92081365511#,,#,490324# US (New York)
Dial by your location
+1 408 638 0968 US (San Jose)
+1 646 518 9805 US (New York)
+1 346 248 7799 US (Houston)
Meeting ID: 920 8136 5511
Password: 490324
Find your local number: https://armltd.zoom.us/u/adYiWaDyys
This patch series adds RISC-V compatibility content to EBBR.
The additional content is not a lot given that we just need to update the
architecture specific sections for RISC-V. Rest of the document is ISA agnostic
anyways. I am not sure about the copyrights though. There are two places where
copyrights are present. I have added Western Digital copyright for the index.rst
but I have not added it for conf.py as it goes into the first page of the EBBR
specification.
Should we add multiple lines of copyrights or just keep copyrights
at one place ? I am open to any other suggestions as well.
The series is also available in my github repo.
https://github.com/atishp04/ebbr/tree/riscv_update
Atish Patra (2):
Add Western Digital copyright
Add RISC-V support content to the EBBR specification
source/chapter1-about.rst | 42 +++++++++++++++++++++++++++++++--
source/chapter2-uefi.rst | 10 +++++++-
source/chapter3-secureworld.rst | 13 ++++++++++
source/index.rst | 3 +++
source/references.rst | 4 ++++
5 files changed, 69 insertions(+), 3 deletions(-)
--
2.28.0
Hello Ilias, hello Christian,
with commit ec80b4735a59 ("efi_loader: Implement FileLoad2 for initramfs
loading") Ilias provided the possibility to specify a device path
(CONFIG_EFI_INITRD_FILESPEC) from which an initial RAM disk can be
served via the EFI_FILE_LOAD2_PROTOCOL.
Ard extended the Linux EFI stub to allow loading the initial RAM disk
via the EFI_FILE_LOAD2_PROTOCOL with the utmost priority.
With commit ecc7fdaa9ef1 ("bootm: Add a bootm command for type
IH_OS_EFI") Cristian enabled signed FIT images that contain a device
tree and a UEFI binary (enabled by CONFIG_BOOTM_EFI=y).
In the DTE calls we have discussed that it is unfortunate that we do not
have a method to validate initial RAM images in the UEFI context.
To me it would look like a good path forward to combine the two ideas:
* Let the signed FIT image (of type IH_OS_EFI) contain a RAM disk
* Pass location and size to the UEFI subsystem and serve them via
the EFI_FILE_LOAD2_PROTOCOL.
We could also extend the bootefi command to be callable as
bootefi $kernel_addr_r $ramdisk_addr_r:$filesize $fdt_addr_r
like the booti command to serve an initial RAM disk.
What are your thoughts?
Best regards
Heinrich
