>> Could this section be updated in order to reduce the number of different
>> interpretations?
>
> Yes, it can be clarified. As Daniel says, this section is only
> intended for platforms where there is no other place to store
> firmware. If the OS and the firmware need to share a logical block
> device, and there is no way to protect the firmware bits, then this
> section describes how they can co-exist. e.g., you don't want an OS
> deployment to accidentally wipe out firmware.
>
> It is preferred and encouraged to have firmware contained entirely in
> something separate from the main block storage. For example, in eMMC
> boot areas (separate from the primary area), or on a separate device
> entirely (SPI flash). I predict that a future version of EBBR will
> require this and drop the shared storage option entirely because it is
> necessary to protect against attacks against firmware (replacement or
> deletion)
>
> g.
>
Thank you all contributing to this thread!
While most of the points in this thread are self-explanatory and should
not need a summary, I want to extract the main points to avoid
misinterpretations:
1. Chapters '4.1 Partitioning of Shared Storage' and '4.2 Firmware
Partition Filesystem' refer to cases when shared storage is used for OS
and firmware images. In this case, the block device needs to be
partitioned using GPT and the firmware binaries should be stored in a
FAT partition. The folder organization for this partition is described
in the '4.2.1 The firmware directory hierarchy' chapter. Ideally, the
BootROM should be able to load images from a FAT partition. However, a
feature release of the EBBR is likely to drop this option in the future.
2. For scenarios involving dedicated storage, the organization of
the underlying storage for firmware falls outside the scope of the EBBR
and can be arranged according to the SoC vendor's discretion. This can
include options such as offset addressing, without GPT, with MRB, with
or without a partition, based on the platform's requirements or limitations.
Could you please confirm that this understanding is correct?
> If I recall correctly, on the Arm platform, A-BL1 (BootROM) and A-BL2
> are responsible only for
> loading the images. SCP_BL2 is loaded by BL2 into trusted SRAM and then
> transferred to the SCP using the MHU protocol and I believe it is
> followed this
> way for other platforms also (?).
> In summary, A-BL1(BootROM) and A-BL2 need to be aware of their next
> stages to load those
> images properly:
> BootROM -> BL2 -> BL31 -> ...
> |
> v
> SCP
If the above summary points are valid, then in the case of a shared
device, the BL2 should be able to load the next image(s) (either FIP or
BL31) from a FAT partition, I suppose.
Regards,
Ghennadi
Greetings everyone,
I came across the following paragraph while reading the 'Firmware Partition Filesystem' chapter from EBBR v2.2.0
and I would like to clarify my understanding:
Where possible, firmware images and data should be stored in a filesystem. Firmware can be stored either in a
dedicated firmware partition, or in certain circumstances in the UEFI System Partition (ESP). Using a filesystem
makes it simpler to manage multiple firmware files and makes it possible for a single disk image to contain firmware
for multiple platforms.
Dedicated firmware partitions should be formatted with a FAT filesystem as defined in UEFI § 13.3 File System
Format. Dedicated firmware partitions should use the same /FIRMWARE directory hierarchy. OS tools shall ignore
dedicated firmware partitions, and shall not attempt to use a dedicated firmware partition as an ESP
Questions:
1. Does the above paragraph mean that, if the device allows, all firmware binaries (TF-A, U-Boot, and some others)
must be stored in a dedicated firmware partition formatted with a FAT filesystem and GUID Partition Table (GPT)
disk layout?
2. If so, would this also mean that, where possible, the BootROM or a (first stage) bootloader running before TF-A
should have GPT and FAT support embedded support to load one of the TF-A stages (BL1/BL2)?
Regards,
Ghennadi
Hi,
We have nothing on today's EBBR call's agenda [1]; I would thus be inclined to
cancel it.
If you have an urgent topic to discuss today, please let us know before 1pm UTC,
otherwise we will adjourn the call.
Best regards,
Vincent Stehlé
System Architect - Arm
[1]: https://github.com/ARM-software/ebbr/wiki/EBBR-Meetings
Hi,
The question of moving the EBBR call 1/2 hour earlier was raised during our last
call [1].
Some people have colliding meetings now and it would make their lives easier.
Also, this seemed practical for all the people present.
Could all the EBBR attendees please tick their available hours on the following
poll?
https://framadate.org/FWI2Ff4Tmyz9yOfR
Thank you in advance!
If possible we will move the EBBR call to 14:30 UTC/BST starting with our next
call on Jul 15.
Best regards,
Vincent Stehlé
System Architect - Arm
[1] https://github.com/ARM-software/ebbr/wiki/EBBR-Notes-2024.07.01
