- boot-architecture - lists.linaro.org

by François Ozog

Hi, I have updated the document to reflect what I heard from the remainder of the last call. Please have a look and comment. https://docs.google.com/document/d/1CLkhLRaz_zcCq44DLGmPZQFPbYHOC6nzPowaL0X… If you volunteer to edit content, please ask me and I'll give you edit rights on the document. Shall we make a github backed document? If so, any volunteer to make it happen? Agenda for June 24th: - DT Overlay status presentation by Frank Rowand. - Document review and trying to close all comments. Cordially -- FF

5 years

3
4
0 0

[RFC] SMC yielding Trusted OS call discrepancies

by François Ozog

Hi, Trusted OSes such as OP-TEE or QSEE are using SMC yielding function numbers in the 0x32000000-0x3200006F range. The SMC calling conventions are specified in DEN0028 which has currently three versions (see below). To the best of my understanding, the use of this range is: - compliant with version a - acceptable with version b - somewhat contradicting with version c version a analysis: table 6.1 states that the trusted OS standard calls should be in the range "0x02000000-0x7FFFFFFF", so the selected range is good. Section 2.1 that defines a bit structure for function numbers for both yielding and fast calls and the range is compatible. The range covered by table 6.1 for Trusted OS calls is however much bigger that the bit structure definition. As a result a 0x02000000 call is a yielding Trusted OS call as per table 6.1 but a Yielding SiP call as per section 2.1. version b analysis: table 6.2 states that the trusted OS yielding calls should be in the range "0x02000000-0x1FFFFFFF" and that the range "0x20000000-0x7FFFFFFF" is "reserved for future expansion of Trusted OS Yielding Calls". So the range is acceptable but poorly selected. There is the same inconsistency as version a when it comes to qualifying a 0x02000000 call: table 6.2 says it is a Trusted OS yielding call, section 2.5 says it is a yielding SiP call. version c analysis: section 2.5.1 now clearly states that the bit structure is only for Fast calls. and both section 2.52 and table 6.2 state that Trusted OS calls should be in the range "0x02000000-0x1FFFFFFF". both section 2.5.2 and 6 qualify the 0x02000000 call as a Trusted OS yielding call. I think that version a and b have inconsistent between chapter 2 and 6. Version c brings internal consistency but seems to be not in alignment with best practices. I guess there is a need to both address internal document inconsistency and better reflect existing products. Any thoughts? -FF version a: https://drive.google.com/file/d/1OclQZk0o28n5ZUIYeTuFICbLiGWzOvxH/view?usp=… version b: https://static.docs.arm.com/den0028/b/ARM_DEN0028B_SMC_Calling_Convention.p… version c: https://static.docs.arm.com/den0028/c/Q1-ARM-DEN-0028_SMC_Calling_Conventio…

5 years, 1 month

2
2
0 0

DTE: PCIe memory mappings

by Heinrich Schuchardt

Hello Francois, in our last meeting you suggested to investigate deeper what meaning modularization in device trees could mean. One example I have seen is the definition of memory mappings for PCIe. If for you example you look in the device tree of the Raspberry Pi 4 you can find that there is an entry: pcie@7d500000 { ranges = < 0x2000000 0x00 0xf8000000 0x06 0x00 0x00 0x4000000>; }; The ranges property defines the mapping MEM 0x600000000..0x603ffffff -> 0xf8000000 and thereby the address and size of the memory windows used for communication. On some boards e.g. the MacchitoBin you have multiple platform devices each with its own ranges definitions. Here are the values in May 2019: pcie@f2600000 { ranges = < 0x81000000 0x0 0xf9000000 0x0 0xf9000000 0x0 0x10000 0x82000000 0x0 0xf6000000 0x0 0xf6000000 0x0 0xf00000>; } pcie@f2620000 { ranges = < 0x81000000 0x0 0xf9010000 0x0 0xf9010000 0x0 0x10000 0x82000000 0x0 0xf7000000 0x0 0xf7000000 0x0 0xf00000>; } pcie@f2640000 { ranges = < 0x81000000 0x0 0xf9020000 0x0 0xf9020000 0x0 0x10000 0x82000000 0x0 0xf8000000 0x0 0xf8000000 0x0 0xf00000>; } On my MacchitoBin the GPU card was not usable because the memory window was too small to create the required BARs. Changing the window size and location solved the problem, commit d3446b266a8c ("arm64: dts: marvell: mcbin: enlarge PCI memory window"). The problem with the current way in qhich PCI devices are declared is that they do not indicate requirements and capabilities and let the software figure out a good mapping. But instead fixed mappings are hard-coded into the device-tree. So for me this would be one element of DT modularization: The description of a device should provide capabilities and requirements and avoid fixed software settings. Best regards Heinrich

5 years, 1 month

3
2
0 0

[PATCH] Editorial fixups to devicetree requirements

by Grant Likely

Address comments from Heinrich Schuchardt: - Typo fixes - Be specific to say "Devicetree Blob" - Add comment on rationale for choosing EfiACPIReclaimMemory for DTB Cc: Heinrich Schuchardt <xypron.glpk(a)gmx.de> Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- source/chapter2-uefi.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index c9c0101..066fefb 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -81,9 +81,9 @@ A UEFI system that complies with this specification may provide the additional tables via the EFI Configuration Table. Compliant systems are required to provide one, but not both, of the following -tables. +tables: -- An Advanced Configuration and Power Interface [ACPI]_ table, or +- an Advanced Configuration and Power Interface [ACPI]_ table, or - a Devicetree [DTSPEC]_ system description EBBR systems must not provide both ACPI and Devicetree @@ -96,11 +96,13 @@ Devicetree ^^^^^^^^^^ If firmware provides a Devicetree system description then it must be provided -in Flattened Devicetree (DTB) format version 17 or higher as described in +in Flattened Devicetree Blob (DTB) format version 17 or higher as described in [DTSPEC]_ § 5.1. The following GUID must be used in the EFI system table ([UEFI]_ § 4) to identify the DTB. The DTB must be contained in memory of type EfiACPIReclaimMemory. +EfiACPIReclaimMemory was chosen to match the recommendation for ACPI +tables which fulfill the same task as the DTB. .. code-block:: c -- 2.20.1

5 years, 1 month

1
0
0 0

EBBR v1.0.1-rc1

by Grant Likely

I'd like to do a point release of EBBR in the near future. There is an important change to how RuntimeServicesSupported is described in the UEFI spec that needs to be adjusted in EBBR, and the DTB UUID was missing. The rest of the changes are minor editorial and typo fixes. I've tagged v1.0.1-rc1 in github for review. Full diff is below. Please review and comment. Thanks, g. --- .travis.yml | 82 +++++++++++++++++------------------------ CONTRIBUTING.rst | 23 +----------- source/chapter2-uefi.rst | 40 +++++++++++++++++--- source/chapter3-secureworld.rst | 6 +-- source/index.rst | 3 ++ source/references.rst | 10 ++--- 6 files changed, 81 insertions(+), 83 deletions(-) --- diff --git a/.travis.yml b/.travis.yml index 3688a67..4a63cb0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,63 +1,49 @@ sudo: false dist: trusty - cache: apt: true - env: global: - - SPHINXBUILD=~/.local/bin/sphinx-build - - DIFF_COMMIT=v0.5 - + - SPHINXBUILD=~/.local/bin/sphinx-build + - secure: Nn985mEk01BbYLY7IQToa51+jpVp8/f72Q+SY6GVe1cf41gRG4CWrrLFLo4Zrdd+e5a9tMKJ2o6WqT4m0i1AziVnoFx62QtC0dmJVsp4eVzQdhWkaRTcLdoKp18om0To6cVmBzYFzsIUROyOwwJfprpzwylQGFqNFoNG20UmnzTy5c/bg36Ohh/vcpt3HXO6emKDTychu1fBC8tuiy7k5BCfPekKAg6sKTqjsgKM+pEZuv9zTzrBY0HVqCoSLhWUraADko51baOtbBOzLtH4L4EO1rmiFs7/HpN/MzF6REurCAbBM5q82aS/z5KUoMGENt+OwWbeT9BcqUty1wYAFwuK7UwkDO2+YauqGhZ75GKOt213Fdn70Wx1xMkOerdEb8oSdH8Av/FWxwbfI6qxsAhjimYTZ5OCCZu06AVMBugxBnZeYxF89+83qVUxCHNGyGnql1PHJnlIiOzmCmcgjFo90u9fv24497m9O9QlEic/PnN0VLogPOftgcRUdoLjsYh9P6+BvXrWQ0omu41UwnzNJERaeUXuXV+iJsj6kBuj1j6EJ7OK4RyS/Td8mC7sGFBdwOX+HLaPqBTD2rm7z0wtST0jyFJjPfmvCU94+ovpCuYeMxgeudnUXT8T26v6v73nk7QLIIYm1Idg2ibSBfQy5IT220sH6291IryoY2c= git: depth: false - addons: apt: packages: - - python-pip - - latexmk - - libalgorithm-diff-perl - - texlive - - texlive-latex-extra - - texlive-humanities - - texlive-generic-recommended - - graphviz - - texlive-generic-extra - + - python-pip + - latexmk + - libalgorithm-diff-perl + - texlive + - texlive-latex-extra + - texlive-humanities + - texlive-generic-recommended + - graphviz + - texlive-generic-extra install: - - pip install --user mako - - pip install --user Sphinx - -before_script: - - wget https://github.com/ftilmann/latexdiff/releases/download/1.2.1/latexdiff-1.2… - - tar xvf latexdiff-1.2.1.tar.gz - - export PATH=$PWD/latexdiff-1.2.1/:$PATH - +- pip install --user mako +- pip install --user Sphinx script: - - make latexpdf - - make html - - make singlehtml - +- make latexpdf +- make html +- make singlehtml before_deploy: - - cp build/latex/ebbr.pdf build/ebbr-$TRAVIS_TAG.pdf - +- cp build/latex/ebbr.pdf build/ebbr-$TRAVIS_TAG.pdf deploy: - - provider: releases - prerelease: true - api_key: - secure: QAzEatdHC5w1uC06y6ceeRwL6dXhTz8DmkvIirXbv9paEKC7OHpsNm2NtCvLQDLnT98CFBj64y13P29DTYV0ExHNExnixP+R0b9G5kvCG/mGf+k6teXJmtsDRezTCmqAWwxLp70rewcHM+gQ1SdRy+HlHuVC5D70p99vv/f5hK/6f/PodxB0ftrvmb2S+B733+O7kiEKvBZUq/gaX5MTe8x+N09W+4SUTC4Xy5e0KlADfMWiLRhlJvU0PgtQ0IhRaeHnD+gmz/HUaUE/bsdXzIwv9Vb3p9eVmXLj1nE+p1toM5MJwmpKClXgph55PsD2X9xBSwxBhHZ3JOCl6QCOYaqkNvcE0U3e3QzC1b92EHoHN5vMrZenkALe0y1z1u1G+cZybjUEQ2lTmNq1HmO/QLdVHBCShR9xkpjm+8m//NXON8TDgP5z+hIU/g2NLfcSLdinogRLz2vnSmR6SjWzhH8q29d+wg3f5//eMgTCQF1dSRvNt8SjYUQDrW9z1k4dV64Jcn5AWjWmcaErG2D8jWJQGzzrts84Hcv3N7fRUwvMxdQOQDvoMaIxNxg35rBsuGa1tJkLyurOW31uwbOzrLlRSEcypPimpFQWysBwnX+aNTudhY0Dv4HKSIO12iZdIz9pbsMrJCBMCQdAydIDj35Fu5tJ5Ns4/JRaw5IoBQU= - file_glob: true - file: - - "build/ebbr-*.pdf" - skip_cleanup: true - on: - tags: true - branch: master - - provider: pages - github_token: $GITHUB_TOKEN - local_dir: "build/singlehtml" - skip_cleanup: true - on: - branch: master - +- provider: releases + prerelease: true + api_key: + secure: QAzEatdHC5w1uC06y6ceeRwL6dXhTz8DmkvIirXbv9paEKC7OHpsNm2NtCvLQDLnT98CFBj64y13P29DTYV0ExHNExnixP+R0b9G5kvCG/mGf+k6teXJmtsDRezTCmqAWwxLp70rewcHM+gQ1SdRy+HlHuVC5D70p99vv/f5hK/6f/PodxB0ftrvmb2S+B733+O7kiEKvBZUq/gaX5MTe8x+N09W+4SUTC4Xy5e0KlADfMWiLRhlJvU0PgtQ0IhRaeHnD+gmz/HUaUE/bsdXzIwv9Vb3p9eVmXLj1nE+p1toM5MJwmpKClXgph55PsD2X9xBSwxBhHZ3JOCl6QCOYaqkNvcE0U3e3QzC1b92EHoHN5vMrZenkALe0y1z1u1G+cZybjUEQ2lTmNq1HmO/QLdVHBCShR9xkpjm+8m//NXON8TDgP5z+hIU/g2NLfcSLdinogRLz2vnSmR6SjWzhH8q29d+wg3f5//eMgTCQF1dSRvNt8SjYUQDrW9z1k4dV64Jcn5AWjWmcaErG2D8jWJQGzzrts84Hcv3N7fRUwvMxdQOQDvoMaIxNxg35rBsuGa1tJkLyurOW31uwbOzrLlRSEcypPimpFQWysBwnX+aNTudhY0Dv4HKSIO12iZdIz9pbsMrJCBMCQdAydIDj35Fu5tJ5Ns4/JRaw5IoBQU= + file_glob: true + file: + - build/ebbr-*.pdf + skip_cleanup: true + on: + tags: true + branch: master +- provider: pages + github_token: "$GITHUB_TOKEN" + local_dir: build/singlehtml + skip_cleanup: true + on: + branch: master diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index a5643a3..7021f0f 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -8,35 +8,14 @@ Anyone may contribute to the EBBR project. Contributions are licensed under CC-BY-SA-4.0_ and must be made with a Developer Certificate of Origin (DCO_) attestation as described below. -EBBR discussion uses the boot-architecture_ and arm.ebbr-discuss mailing lists. -The 'official' list is arm.ebbr-discuss, but the list archives are not -yet public, so boot-architecture_ is being used to keep everything in -the open. +EBBR discussion uses the boot-architecture_ mailing list. * boot-architecture(a)lists.linaro.org -* arm.ebbr-discuss(a)arm.com Past discussions can be found in the boot-architecture-archive_. We use the IRC channel `#ebbr`_ on OFTC_. -There is a bi-weekly conference call to discuss EBBR topics on the 2nd -and 4th Tuesday of the month at 15:00 UTC/BST, 7:00 PST/PDT, 23:00/22:00 CST -(following UTC/BST daylight savings time shifts). -Anyone is welcome to join. - -- Online meeting: https://arm-onsite.webex.com/meet/gralik01 -- Phone - - - 1-408-792-6300 Call-in toll number (US/Canada) - - 1-877-668-4490 Call-in toll-free number (US/Canada) - - 44-203-478-5285 Call-in toll number (UK) - - 08-002061177 Call-in toll-free (UK) - - More access numbers: webex-global-numbers_ -- Access code: 809 053 990 - -.. _webex-global-numbers: https://arm-onsite.webex.com/cmp3300/webcomponents/widget/globalcallin/glob… - DCO Attestation --------------- diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index f6a5802..c9c0101 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -9,7 +9,7 @@ platforms. UEFI Version ============ -This document uses version 2.7 of the UEFI specification [UEFI]_. +This document uses version 2.8 Errata A of the UEFI specification [UEFI]_. UEFI Compliance =============== @@ -86,12 +86,41 @@ tables. - An Advanced Configuration and Power Interface [ACPI]_ table, or - a Devicetree [DTSPEC]_ system description -As stated above, EBBR systems must not provide both ACPI and Devicetree +EBBR systems must not provide both ACPI and Devicetree tables at the same time. Systems that support both interfaces must provide a configuration mechanism to select either ACPI or Devicetree, and must ensure only the selected interface is provided to the OS loader. +Devicetree +^^^^^^^^^^ + +If firmware provides a Devicetree system description then it must be provided +in Flattened Devicetree (DTB) format version 17 or higher as described in +[DTSPEC]_ § 5.1. +The following GUID must be used in the EFI system table ([UEFI]_ § 4) +to identify the DTB. +The DTB must be contained in memory of type EfiACPIReclaimMemory. + +.. code-block:: c + + #define EFI_DTB_GUID \ + EFI_GUID(0xb1b621d5, 0xf19c, 0x41a5, \ + 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0) + +Firmware must have the DTB resident in memory and installed in the EFI system table +before executing any UEFI applications or drivers that are not part of the system +firmware image. +Once the DTB is installed as a configuration table, +the system firmware must not make any modification to it or reference any data +contained within the DTB. + +UEFI applications are permitted to modify or replace the loaded DTB. +System firmware must not depend on any data contained within the DTB. +If system firmware makes use of a DTB for its own configuration, +it should use a separate private copy that is not installed in the +EFI System Table or otherwise be exposed to EFI applications. + UEFI Secure Boot (Optional) --------------------------- @@ -111,7 +140,7 @@ during both boot services and runtime services. However, it isn't always practical for all EFI_RUNTIME_SERVICES functions to be callable during runtime services due to hardware limitations. If any EFI_RUNTIME_SERVICES functions are only available during boot services -then firmware shall provide the global `RuntimeServicesSupported` variable to +then firmware shall provide the `EFI_RT_PROPERTIES_TABLE` to indicate which functions are available during runtime services. Functions that are not available during runtime services shall return EFI_UNSUPPORTED. @@ -148,7 +177,7 @@ Firmware shall not create runtime mappings, or perform any runtime IO that will conflict with device access by the OS. Normally this means a device may be controlled by firmware, or controlled by the OS, but not both. -e.g. If firmware attempts to access an eMMC device at runtime then it will +E.g. if firmware attempts to access an eMMC device at runtime then it will conflict with transactions being performed by the OS. Devices that are provided to the OS (i.e., via PCIe discovery or ACPI/DT @@ -202,7 +231,8 @@ If a platform does not implement modifying non-volatile variables with SetVariable() after ExitBootServices(), then firmware shall return EFI_UNSUPPORTED for any call to SetVariable(), and must advertise that SetVariable() isn't available during runtime services -via the `RuntimeServicesSupported` variable as defined in UEFI version 2.8. +via the `RuntimeServicesSupported` value in the `EFI_RT_PROPERTIES_TABLE` +as defined in [UEFI]_ § 4.6. EFI applications can read `RuntimeServicesSupported` to determine if calls to SetVariable() need to be performed before calling ExitBootServices(). diff --git a/source/chapter3-secureworld.rst b/source/chapter3-secureworld.rst index 4e9fa61..9c51bca 100644 --- a/source/chapter3-secureworld.rst +++ b/source/chapter3-secureworld.rst @@ -1,8 +1,8 @@ .. SPDX-License-Identifier: CC-BY-SA-4.0 -****************************** -Priviledged or Secure Firmware -****************************** +***************************** +Privileged or Secure Firmware +***************************** AArch32 Multiprocessor Startup Protocol ======================================= diff --git a/source/index.rst b/source/index.rst index 9bc4a09..7a5ded9 100644 --- a/source/index.rst +++ b/source/index.rst @@ -45,6 +45,9 @@ Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. 31 March 2019 1.0 - Remove unnecessary UEFI requirements appendix - Allow for ACPI vendor id in firmware path + 1 June 2020 1.0.1-rc1 - Update to UEFI 2.8 Errata A + - Specify UUID for passing DTB + - Typo and editorial fixes ================= ========= ============================================= .. toctree:: diff --git a/source/references.rst b/source/references.rst index a12c1a2..1eb0509 100644 --- a/source/references.rst +++ b/source/references.rst @@ -8,8 +8,8 @@ <https://github.com/devicetree-org/devicetree-specification/releases/tag/v0.2>`_, `Devicetree.org <https://devicetree.org>`_ -.. [LINUXA64BOOT] `Linux Documentation/arm64/booting.txt - <https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tre…>`_, +.. [LINUXA64BOOT] `Linux Documentation/arm64/booting.rst + <https://www.kernel.org/doc/html/latest/arm64/booting.html>`_, Linux kernel .. [PSCI] `Power State Coordination Interface Issue C (PSCI v1.0) @@ -20,6 +20,6 @@ <https://static.docs.arm.com/den0044/b/DEN0044B_Server_Base_Boot_Requirement…>`_ 8 March 2016, `Arm Limited <http://arm.com>`_ -.. [UEFI] `Unified Extensable Firmware Interface Specification v2.7A - <http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_7_A%20Sep…>`_, - August 2017, `UEFI Forum <http://www.uefi.org>`_ +.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 Errata A + <https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf>`_, + February 2020, `UEFI Forum <http://www.uefi.org>`_

5 years, 1 month

2
2
0 0

Re: RFC: EBBR specification update

by Daniel Thompson

On Wed, Mar 11, 2020 at 01:42:36PM +0100, Francois Ozog wrote: > On Wed, 11 Mar 2020 at 12:45, Daniel Thompson <daniel.thompson(a)linaro.org> > wrote: > > > On Wed, Mar 11, 2020 at 11:20:17AM +0100, Francois Ozog wrote: > > > On Wed, 11 Mar 2020 at 07:48, Heinrich Schuchardt <xypron.glpk(a)gmx.de> > > wrote: > > > > On 3/11/20 12:04 AM, Heinrich Schuchardt wrote: > > > > In the expert mode of gdisk there is command 'j' for moving the GPT > > > > Partition Entry Array to an arbitrary sector. This will protect the > > area > > > > between the GPT header and the GPT Partition Entry Array from being > > used > > > > for a partition. The same can be done with parameter -j of sgdisk. > > > > > > > > Furthermore gdisk supports creating a hybrid MBR. This allow to have > > > > GUID partition table and a MBR partion table at the same time where the > > > > MBR partition table mirrors up to three GPT partitions and the fourth > > > > MBR partition is used to protect the GUID partition table. > > > > > > > > So requiring GPT and having boards only supporting booting from an MBR > > > > partition (like the Raspberry) seems not to be exclusive. > > > > > > > > > > That sounds like a great solution! > > > > The last time we discussed this there was *very* strong opposition > > during meetings to hybrid partitioning and IIRC language was added to > > the spec to prohibit it. > > > > Hybrid partitioning is a problem because it imposes to difficult to meet > > constraints on partitioning tools provided by the operating system. > > > > In other words if we permit hybrid partitioning in order that boot code > > can find the firmware then the operating system would inherit a duty to > > not to screw up the firmware loading when it modifies the partition > > tables. It is hard to express how the OS should go about that. > > > > Hence the current approach where we accept that MBR partitioning > > offers an inferior feature set to GPT. > > > > > We have the following cases: > > - FW compatible with GPT (I mean firmware can be searched based on > GUID partition) > Ok > > - FW that uses offsets and can be positioned at LBA >= 33 > Ok > Need to define a protective partition > > - FW that uses offsets and can be positioned such that space between LBA-2 > and LBA-33 is used. > Ok in theory as the header states where the partition entries location is > specified in a GPT_HEADER "Starting LBA of array of partition entries". > Linux kernel properly loads the partition entries if we push them after > 16MB. > > read_lba <https://elixir.bootlin.com/linux/latest/ident/read_lba>(state, > le64_to_cpu <https://elixir.bootlin.com/linux/latest/ident/le64_to_cpu>(gpt->partition_entry_lba) > > But I bet 2 is hardcoded in many tools... Agree... but that's "just bugs" and I suspect we could get >90% test coverage for Linux systems just by checking util-linux (and the kernel itself). Maybe for extra style points also check on of the BSDs. > - FW that supposes LBA-1 (macchiatobin the firmware blob that contain TF-A > must be here) > In theory OK as Linux will detect bad signature and use the alternate GPT In the current spec this case isn't materially different to firmware whose boot ROM parses the MBR to load extra code (which wasn't listed above). In both cases the system would be expected to adopt MBR and create protective partitions for the firmware (and accept that the protective partition is vulnerable to damage by auto-partitioning installers). Having said is this really relevant for MacchiatoBin? Why put EBBR firmware onto shared media? I thought MacchiatoBin could boot from the 4MB SPI NOR. Daniel.

5 years, 1 month

4
13
0 0

Being effective at DT Evolution

by François Ozog

Hi, I have observed a spike in DT presentations at events in 2018 and a relative smaller set in 2019. Many discussions raise a lot of good points, there are lists of things to solve or proposals in various sites but there is no clear path to a widely acceptable solution. It feels like the traditional model of "contribute code first" reaches its limits here: Device Tree is not just a device tree. It is a pivotal piece of information manipulated by too many components from Trusted Firmware A to Mac OSX and U-boot. And there are many legitimate "owners" of pieces of the DT... We need to find a way to build consensus across projects. Mail discussions are good but I feel this does not fully help getting closer to having up streamed code and specs into projects such as (and not limited to): - Trusted Firmware - OP-TEE - Hafnium - U-Boot - Linux - Android - FreeBSD - DeviceTree - EBBR - Firmware Framework A - Parsec To that end, what about collectively building a Technical Report with a number of editors in charge of different sections? An example outline could be: - the problems we try to solve (and what is outside of scope) . board diversity handling (build/boot/runtime) . cape/hat/FPGA handling (build/boot/runtime) . product value chain handling (soc vendor/product vendor/sw vendor...) . trust of DT . device assignment to application or VM - DT evolution . actors (UML meaning) . responsibility boundaries (signatures...) . DTB format evolution . DTBo . DT at build time for many upstream projects - cross project incremental roadmap highlights . introduce DT signature Of course the Technical Report shall be supported by different PoCs on many topics such as DTB format so that the architecture is future proof and we can start small. What are your views? Cheers FF

5 years, 1 month

1
0
0 0

RFC: EBBR specification update

by Francois Ozog

Hi, Following implementation (or work towards) of EBBR 1.0 + UEFI Secure boot + UEFI update capsule we learnt a lot. Here are some topics that may need some clarification on the EBBR specs and It looks timely to start working on EBBR evolution. 0.1 - EBBR goal May be a reassessment on the "for what" the specification is built. Following all the discussions with prominent industry players, I start to think that limiting the constraints to be EBBR compliant may become counter productive. There will be both EBBR non compliant and EBBR compliant systems. This is inevitable. But EBBR exist for a number of use cases in a number of markets. The value of EBBR is consistent behavior across those. Maximising number of EBBR compliant systems without stating use case parameters ( "why" and "for what") may not be the best goal. Out of things to be more explicit are supported secure boot flows (with/without shim+grub or direct). Some vendors require shim+grub while industry players want the exact opposite: nothing but UEFI. This drivers a number of requirements in terms of UEFI protocols needed 0.2 - normative text The normative section shall be stated clearly: is " 1.2. Guiding Principles" normative? IETF and ETSI have different language conventions to express absolutely mandated and various levels of optionality. This spec may be red by Telecom people or Linux people. Their interpretation may be erroneous on words such as "shall" (ETSI "SHALL" = "IETF "MUST"). The language need to be explicit. I - protective offsets EBBR 1.0 states in "4.1. Partitioning of Shared Storage" that "Automatic partitioning tools (e.g. an OS installer) must not create partitions within the first 1MiB of storage, or delete, move, or modify protective partition entries." StandaloneMM is 2.5MB by itself with U-Boot being over 1MB without the variable rework done and update capsules. 4MB seems the minimum. 8MB to get margin and 16MB for A/B scheme. EBBR same paragraph also states: "Automatic partitioning tools (e.g. an OS installer) must not create partitions within the first 1MiB of storage, or delete, move, or modify protective partition entries. Manual partitioning tools should provide warnings when modifying protective partitions or creating partitions within the first 1MiB." is it expected that Linaro upstreams changes in installation tools, partition tools to conform to this (with updated to be agreed minimum)? II - identifying partitions Having two EFI partitions defined with EFI_GUID need a precise behaviour defined: boot with first or boot with second. Shall we have a EFI_GUID_ALT defined for A/B partition schemes? If not, the BootXXX variables should be used as selector? We lean towards BootXXX variables and not defining a new GUID. But this would mean explicit behavior to be stated in case of lack of BootXXX. I think GPT volume mirroring should be used in conjunction with A/B: A/B to recover version failures with current hardware, surrounding software; mirroring to protect against storage failures. Is there any recommendation on mirrored EFI volumes handling ? III - 32 bits are there any 32 bits specific considerations to be added? IV - UEFI_RNG_PROTOCOL Following my view in 0) I think this shall be made mandatory Linaro has upstreamed this in U-Boot and started to implement additional hardware drivers. KASLR is thus functional in 64 bits and will be in 32bits. V - UEFI SecureBoot Following my view in 0) I think this shall be made mandatory UEFI SecureBoot is not mentioned in section 2.6 so we need to clarify what needs to be implemented. In particular, we need to implement EFI_LOAD_FILE2_PROTOCOL for initrd signature checking. VI - UEFI update capsules Following my view in 0) I think this shall be made mandatory Section 2.6 of UEFI spec 2.7 mentions At some point in time we will need to propose UEFI specification update for: - anti-bricking anti rollback expected behavior - abstract capsules for "start transaction", "commit", "rollback" when we will be dealing with system wide transactional updates. There is probably a lot to state here but I am just starting the discussion. VII - UEFI watchdog Following my view in 0) I think this shall be made mandatory In addition to its definition, it should also integrate consistent parameters to define total duration covered as well as number of failed consecutive updates to be triggered as well as how it is delivered (powercycle, NMI, secureIRQ...) Cheers -- François-Frédéric

5 years, 1 month

10
45
0 0

[DTE] dynamic parts of device trees

by Heinrich Schuchardt

Hello Francois, in a previous post I already mentioned some device tree fix-ups that U-Boot is applying. One new fix-up I found is the "cpu-release-addr" property in CPU nodes if the "enable-method" is "spin-table". - Before seeing this I never imagined CPU nodes to be dynamically filled. I think for our DTE discussion on signed device trees it would be valuable to know which parts of the device-tree are dynamically created. Where would be a good location to collect this information? Would the topic of dynamic parts of device trees deserve two slides on our next meeting? Best regards Heinrich

5 years, 1 month

5
10
0 0

Re: RFC: EBBR specification update

by Heinrich Schuchardt

On 5/20/20 7:49 PM, François Ozog wrote: > > > On Wed, 20 May 2020 at 19:30, Daniel Thompson > <daniel.thompson(a)linaro.org <mailto:daniel.thompson@linaro.org>> wrote: > > On Wed, May 20, 2020 at 07:00:53PM +0200, François Ozog wrote: > > On Wed, 20 May 2020 at 18:39, Daniel Thompson > <daniel.thompson(a)linaro.org <mailto:daniel.thompson@linaro.org>> > > wrote: > > > > > On Tue, May 19, 2020 at 03:29:01PM +0100, Grant Likely wrote: > > > > On 11/03/2020 16:42, Daniel Thompson wrote: > > > > > On Wed, Mar 11, 2020 at 01:42:36PM +0100, Francois Ozog wrote: > > > > > > We have the following cases: > > > > > > > > > > > > - FW compatible with GPT (I mean firmware can be searched > based on > > > > > > GUID partition) > > > > > > Ok > > > > > > > > > > > > - FW that uses offsets and can be positioned at LBA >= 33 > > > > > > Ok > > > > > > Need to define a protective partition >> > > > > > > - FW that uses offsets and can be positioned such that > space between > > > LBA-2 > > > > > > and LBA-33 is used. > > > > > > Ok in theory as the header states where the partition entries > > > location is > > > > > > specified in a GPT_HEADER "Starting LBA of array of partition > > > entries". > > > > > > Linux kernel properly loads the partition entries if we > push them > > > after > > > > > > 16MB. > > > > > > > > > > > > read_lba > <https://elixir.bootlin.com/linux/latest/ident/read_lba > > > >(state, > > > > > > le64_to_cpu < > > > https://elixir.bootlin.com/linux/latest/ident/le64_to_cpu > > > >(gpt->partition_entry_lba) > > > > > > > > > > > > But I bet 2 is hardcoded in many tools... > > > > > > > > > > Agree... but that's "just bugs" and I suspect we could get > >90% test > > > > > coverage for Linux systems just by checking util-linux (and > the kernel > > > > > itself). Maybe for extra style points also check on of the BSDs. > > > > > > > > It is worth stepping back from the details to take a look at > the intent. > > > The > > > > purpose of this entire section of EBBR is to describe how > firmware and > > > the > > > > OS can co-exist on the same media device. In broad strokes it > means if > > > > firmware is stored on the block device, then the OS must > constrain how it > > > > uses the device. > > > > > > > > On platforms with separate firmware storage (e.g., SPI flash > or UFS boot > > > > partitions) this isn't an issue. The OS can blow away > everything on the > > > disk > > > > and recreate it. > > > > > > > > But when it is an issue, the rules need to lay down what regions > > > (offsets, > > > > partitions, or file paths) firmware is allowed to own and what > the OS is > > > and > > > > is not allowed to do. e.g., the OS is allowed to erase and > recreate the > > > OS > > > > partitions, but it is not allowed to write a blank GPT or > erase the > > > system > > > > partition. > > > > > > > > I think the EBBR spec should focus on defining exactly what > restrictions > > > on > > > > the OS are, and how the restrictions are communicated. Then OS > vendors > > > have > > > > a fighting chance of supporting the restricted platforms well. > > > > > > > > Ultimately though this is a guide and the OS could choose to > ignore the > > > > restrictions... in which case it gets to keep the unbootable > brick when > > > it > > > > does. :-) > > > > > > Agree with all above. > > > > > > Also I think we can turn at least part of the original issue into a > > > concrete question. > > > > > > We have a SOC with some magic values hard coded into its boot > ROM. The > > > System Firmware author wants to ship it with the following GPT > on the > > > shared eMMC. > > > > > > LBA0 Protective MBR > > > LBA1 Primary GPT header > > > LBA2..18001 Reserved, mixture of dead space and a system firmware > > > loaded by Boot rom > > > LBA18002 Start of partition arrray (Entry 1, 2, 3, 4) > > > ... > > > LBA18033 End of partition arrray > > > LBA18034 Start of allocatable partition space > > > LBA-33..-1 End of disk is labelled as normal > > > > > > (or in a shorter GPT jargon form, a system where > PartitionEntryLBA is > > > 18002). > > > > > > Is such a system EBBR compliant? If yes, should it be? > > > > > > I would say it is not EBBR compliant because it does not follow > EFI spec > > and we mandate it in EBBR. > > Sure, if there is language in the EFI spec that prohibits this then the > answer is a no brainer. > > Assuming you've found such language could you quote your references? ;-) > > Oups! I thought of GPT Header being at 18002..... > as you push the firstUsableLBA... it seems to be valid in that EFI > compliant and hence EBBR compliant ;-) > > That said to get the GPT Partition move, the spec patch to table 20 is > not impressive: > image.png > - set to 0x000001 (ie... > + the LBA to the GPT partition header The position of the GPT *HEADER* in Daniel's example is LBA 1 and should not be changed to stay UEFI compliant. Daniel moved the first GPT *TABLE* whose position is defined in the GPT header and this is UEFI compliant. Best regards Heinrich > > > Daniel. > > > > Is the use case "valid"? I think it is valid because when you deal > with > > immutable BootROM you don't want complex code, GPT may evolve so > that you > > would have to evolve the BootROM... > > If we conclude this is a valid use case (and not creating ugly > legacy to > > deal with in the future), we need a clean reservation in EFI so > that GPT > > can start at an arbitrary LBA as 18002. > > enhancing the protective MBR semantics does not seem too complex to > > achieve. > > Can we list SoCs that have similar characteristic? > > > > > > > > Daniel. > > > > > > > > > PS 18002 is arbitrary but I think the example is sufficient in this > > > form and it was easier to diagram with a concrete number. > > > > > > > > > -- > > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* > > T: +33.67221.6485 > > francois.ozog(a)linaro.org <mailto:francois.ozog@linaro.org> | > Skype: ffozog > > > > -- > > François-Frédéric Ozog | /Director Linaro Edge & Fog Computing Group/ > T: +33.67221.6485 > francois.ozog(a)linaro.org <mailto:francois.ozog@linaro.org> | Skype: ffozog > >

5 years, 1 month

1
0
0 0

[DTE] May 27th call agenda

by François Ozog

Hi, yet another email to spam you more.... I propose to have an Android DT overlay presentation next call and add topics that may arise from the list. Should you think we should discuss a particular topic, please respond to this mail thread. Cordially, Francois-Frederic

5 years, 1 month

4
11
0 0

[DTE] May 27th agenda

by François Ozog

Hi, Please find below the May 27th agenda: - Project overall: FF (5 minutes) - EBBR spec / DT stuff advances (mail thread): Grant (10 minutes) - dynamic parts of device trees presentation: Heinrich (30 minutes) - DTviewer presentation and demo: CVS (15 minutes) Scratch pad notes and agenda can be found here: https://docs.google.com/document/d/1GfYYph_XKt1LHuCs1w9kjvyyYYw1R7AH3dlZwIX… -- FF PS: I bcc'ed different lists until we have everyone on the boot-architecture mailing list. Please make sure you are on this list. The work addressed in DT Evolution project spans many operating systems, boot firmwares, trust environments and processor architectures.

5 years, 1 month

2
2
0 0

[EBBR PATCH v3 1/2] Update spec to address UEFI 2.8 Errata A

by Grant Likely

UEFI 2.8 Errata A changed RuntimeServiceSupported value to be passed via an EFI_RT_PROPERTIES_TABLE instead of via a runtime variable. This is a breaking change and we should do a new EBBR release in short order to keep EBBR up to date with what is in UEFI. However, real world impact is minimal. U-Boot has already converted to the new method, and Linux only ever implemented the EFI_RT_PROPERTIES_TABLE method. Cc: Andrei Warkentin <awarkentin(a)vmware.com> Cc: Francois Ozog <francois.ozog(a)linaro.org> Cc: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- source/chapter2-uefi.rst | 7 ++++--- source/references.rst | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index 82b1a42..c42691b 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -9,7 +9,7 @@ platforms. UEFI Version ============ -This document uses version 2.8 of the UEFI specification [UEFI]_. +This document uses version 2.8 Errata A of the UEFI specification [UEFI]_. UEFI Compliance =============== @@ -111,7 +111,7 @@ during both boot services and runtime services. However, it isn't always practical for all EFI_RUNTIME_SERVICES functions to be callable during runtime services due to hardware limitations. If any EFI_RUNTIME_SERVICES functions are only available during boot services -then firmware shall provide the global `RuntimeServicesSupported` variable to +then firmware shall provide the `EFI_RT_PROPERTIES_TABLE` to indicate which functions are available during runtime services. Functions that are not available during runtime services shall return EFI_UNSUPPORTED. @@ -202,7 +202,8 @@ If a platform does not implement modifying non-volatile variables with SetVariable() after ExitBootServices(), then firmware shall return EFI_UNSUPPORTED for any call to SetVariable(), and must advertise that SetVariable() isn't available during runtime services -via the `RuntimeServicesSupported` variable as defined in [UEFI]_ § 8.1. +via the `RuntimeServicesSupported` value in the `EFI_RT_PROPERTIES_TABLE` +as defined in [UEFI]_ § 4.6. EFI applications can read `RuntimeServicesSupported` to determine if calls to SetVariable() need to be performed before calling ExitBootServices(). diff --git a/source/references.rst b/source/references.rst index d901bb1..1eb0509 100644 --- a/source/references.rst +++ b/source/references.rst @@ -20,6 +20,6 @@ <https://static.docs.arm.com/den0044/b/DEN0044B_Server_Base_Boot_Requirement…>`_ 8 March 2016, `Arm Limited <http://arm.com>`_ -.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 - <http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf>`_, - March 2019, `UEFI Forum <http://www.uefi.org>`_ +.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 Errata A + <https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf>`_, + February 2020, `UEFI Forum <http://www.uefi.org>`_ -- 2.20.1

5 years, 1 month

1
2
0 0

EBBR v1.0.1 release in the near future

by Grant Likely

Hi all, I'm considering doing a quick point-release for EBBR to address the change to RuntimeServicesSupported in UEFI 2.8 Errata A. From 2.8final to 2.8_A, RuntimeServicesSupported changed from being a variable to data in a system table entry. U-Boot and Linux have been updated to the UEFI method. EBBR needs to be changed to match. There are patches on this list under discussion now. Once that is complete and the patches merged, how does everyone feel about an EBBR v1.0.1 release before the end of May? At this moment, the v1.0.1 changes would include: e47952b (HEAD -> master, glikely/master) Specify details of how a DTB is passed to the OS c155e96 Update spec to address UEFI 2.8 Errata A 7fad894 (origin/master, origin/HEAD) Fix all UEFI references to be the same version 498cad2 trivial: Fix typo in chater 3 title 2c40029 Merge pull request #43 from orangecms/link-to-linux-doc 1e51a1e Update link to Linux docs which changed to rst be7ddfa Update CONTRIBUTING.rst 763aed0 Update CONTRIBUTING.rst All of the above can be found queued up at http://github.com/glikely/ebbr g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years, 1 month

5
11
0 0

[DTE] DT update policies

by François Ozog

Hi, Following the presentation byt Joakim: https://docs.google.com/presentation/d/1CvKBBZ33ggzyhP2ub8iZ410I_KGrFjHftZL… The following does **NOT** represent consensus. I'd like to use those statements to trigger discussion: - a DTB (say osDTB) is passed from firmware to "downstream" OS; firmware can't use that DTB (read/write) after that event (Grant - separate active discussion thread in boot-architecture mailing list) - that osDTB is distinct from any DTBes that are used by firmware components. All may still be derived from a single repository (Joakim) - osDTB can be the result of applying programmatic fixups by diverse firmware components or by providing separate overlays to be merged later (last firmware component in the boot chain or by the OS itself), or by directly merging overlays (FF) - there are provisions in U-Boot to "sign" pieces of osDTB (Simon) - we need policies on what can be updated on osDTB, who can do it and how to verify them (Grant) - We don't want private keys in device so sign parts of osDTBs - there are no tools in Linux to deal with overlays (Heinrich), so for the moment we need firmware to aggregate any overlays into osDTB (FF) Cordially, Francois-Frederic

5 years, 2 months

1
0
0 0

[DTE] May 1"th meeting notes and other meetings

by François Ozog

Hi, please find the meeting notes: https://docs.google.com/document/d/1bz3BfVlXvvHO-kKC0Y1N2SGqPjlxe5eu3dM8sKU… As a reminder: there will be two calls per month: - 2nd wednesday 2pm UTC - 4th wednesday 2pm UTC 2pm UTC currently corresponds to 7am PST / 4pm CET. Call to be added to your agendas if you did not received it by mail: Device Tree Evolution forum calls. - 2nd Wednesday of the month prime focus: system device tree and RTOS tools. - 4th Wednesday of the month prime focus: device tree life cycle, overlays, authentication and unified repository Those calls are public. Participants are advised they should not introduce topics that relate to confidential matters. https://zoom.us/j/97895025968?pwd=N0JWWFBqY0Npdi9RY2JIOFc1ZzI0UT09 join by phone: https://zoom.us/u/asu8Yfroy meeting ID: 978 9502 5968 Password: 270935 Cordially, François-Frédéric

5 years, 2 months

1
0
0 0

[EBBR PATCH] Add EFI GUID for device tree blob

by Grant Likely

None of the relevent specs (EFI, DT, EBBR) specify the GUID for passing a DTB. Add it to the EBBR document so it is documented somewhere relevant. Fixes: #45 Cc: Andrei Warkentin <awarkentin(a)vmware.com> Cc: Francois Ozog <francois.ozog(a)linaro.org> Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- source/chapter2-uefi.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index f6a5802..cf2f652 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -86,6 +86,16 @@ tables. - An Advanced Configuration and Power Interface [ACPI]_ table, or - a Devicetree [DTSPEC]_ system description +A Devicetree system description MUST be provided in Flattened Devicetree (DTB) +format version 17 or higher. +The following GUID must be used in the EFT system table to identify the DTB. + +.. code-block:: c + + #define EFI_DTB_GUID \ + EFI_GUID(0xb1b621d5, 0xf19c, 0x41a5, \ + 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0) + As stated above, EBBR systems must not provide both ACPI and Devicetree tables at the same time. Systems that support both interfaces must provide a configuration -- 2.20.1 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years, 2 months

7
42
0 0

DT Evolution forum calls

by François Ozog

Hi, As per the results of the poll (https://docs.google.com/spreadsheets/d/1WdsXgUoS3naL_-5eap1e_Sd9t0PM60s0Ljs…), there will be two calls per month: - 2nd wednesday 2pm UTC - 4th wednesday 2pm UTC 2pm UTC currently corresponds to 7am PST / 4pm CET. Call to be added to your agendas if you did not received it by mail: Device Tree Evolution forum calls. - 2nd Wednesday of the month prime focus: system device tree and RTOS tools. - 4th Wednesday of the month prime focus: device tree life cycle, overlays, authentication and unified repository Those calls are public. Participants are advised they should not introduce topics that relate to confidential matters. https://zoom.us/j/97895025968?pwd=N0JWWFBqY0Npdi9RY2JIOFc1ZzI0UT09 join by phone: https://zoom.us/u/asu8Yfroy meeting ID: 978 9502 5968 Password: 270935 Cordially, François-Frédéric Ozog, Linaro

5 years, 2 months

1
0
0 0

[PATCH v2 1/2] Update spec to address UEFI 2.8 Errata A

by Grant Likely

UEFI 2.8 Errata A changed RuntimeServiceSupported value to be passed via an EFI_RT_PROPERTIES_TABLE instead of via a runtime variable. This is a breaking change and we should do a new EBBR release in short order to keep EBBR up to date with what is in UEFI. However, real world impact is minimal. U-Boot has already converted to the new method, and Linux only ever implemented the EFI_RT_PROPERTIES_TABLE method. Cc: Andrei Warkentin <awarkentin(a)vmware.com> Cc: Francois Ozog <francois.ozog(a)linaro.org> Cc: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- source/chapter2-uefi.rst | 7 ++++--- source/references.rst | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index 82b1a42..c42691b 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -9,7 +9,7 @@ platforms. UEFI Version ============ -This document uses version 2.8 of the UEFI specification [UEFI]_. +This document uses version 2.8 Errata A of the UEFI specification [UEFI]_. UEFI Compliance =============== @@ -111,7 +111,7 @@ during both boot services and runtime services. However, it isn't always practical for all EFI_RUNTIME_SERVICES functions to be callable during runtime services due to hardware limitations. If any EFI_RUNTIME_SERVICES functions are only available during boot services -then firmware shall provide the global `RuntimeServicesSupported` variable to +then firmware shall provide the `EFI_RT_PROPERTIES_TABLE` to indicate which functions are available during runtime services. Functions that are not available during runtime services shall return EFI_UNSUPPORTED. @@ -202,7 +202,8 @@ If a platform does not implement modifying non-volatile variables with SetVariable() after ExitBootServices(), then firmware shall return EFI_UNSUPPORTED for any call to SetVariable(), and must advertise that SetVariable() isn't available during runtime services -via the `RuntimeServicesSupported` variable as defined in [UEFI]_ § 8.1. +via the `RuntimeServicesSupported` value in the `EFI_RT_PROPERTIES_TABLE` +as defined in [UEFI]_ § 4.6. EFI applications can read `RuntimeServicesSupported` to determine if calls to SetVariable() need to be performed before calling ExitBootServices(). diff --git a/source/references.rst b/source/references.rst index d901bb1..1eb0509 100644 --- a/source/references.rst +++ b/source/references.rst @@ -20,6 +20,6 @@ <https://static.docs.arm.com/den0044/b/DEN0044B_Server_Base_Boot_Requirement…>`_ 8 March 2016, `Arm Limited <http://arm.com>`_ -.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 - <http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf>`_, - March 2019, `UEFI Forum <http://www.uefi.org>`_ +.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 Errata A + <https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf>`_, + February 2020, `UEFI Forum <http://www.uefi.org>`_ -- 2.20.1

5 years, 2 months

1
1
0 0

[PATCH] Update spec to address UEFI 2.8 Errata A

by Grant Likely

UEFI 2.8 Errata A changed RuntimeServiceSupported value to be passed via an EFI_RT_PROPERTIES_TABLE instead of via a runtime variable. This is a breaking change and we should do a new EBBR release in short order to keep EBBR up to date with what is in UEFI. Unsure what the overall impact will be. U-Boot implements the variable method which will need to be changed to a table. It is unclear if any OSes depend heavily on it being implemented. Cc: Andrei Warkentin <awarkentin(a)vmware.com> Cc: Francois Ozog <francois.ozog(a)linaro.org> Cc: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- source/chapter2-uefi.rst | 7 ++++--- source/references.rst | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index fe03ae3..b622abe 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -9,7 +9,7 @@ platforms. UEFI Version ============ -This document uses version 2.8 of the UEFI specification [UEFI]_. +This document uses version 2.8 Errata A of the UEFI specification [UEFI]_. UEFI Compliance =============== @@ -111,7 +111,7 @@ during both boot services and runtime services. However, it isn't always practical for all EFI_RUNTIME_SERVICES functions to be callable during runtime services due to hardware limitations. If any EFI_RUNTIME_SERVICES functions are only available during boot services -then firmware shall provide the global `RuntimeServicesSupported` variable to +then firmware shall provide the `EFI_RT_PROPERTIES_TABLE` to indicate which functions are available during runtime services. Functions that are not available during runtime services shall return EFI_UNSUPPORTED. @@ -202,7 +202,8 @@ If a platform does not implement modifying non-volatile variables with SetVariable() after ExitBootServices(), then firmware shall return EFI_UNSUPPORTED for any call to SetVariable(), and must advertise that SetVariable() isn't available during runtime services -via the `RuntimeServicesSupported` variable as defined in [UEFI]_ § 8.1. +via the `RuntimeServicesSupported` value in the `EFI_RT_PROPERTIES_TABLE` +as defined in [UEFI]_ § 4.6. EFI applications can read `RuntimeServicesSupported` to determine if calls to SetVariable() need to be performed before calling ExitBootServices(). diff --git a/source/references.rst b/source/references.rst index d901bb1..1eb0509 100644 --- a/source/references.rst +++ b/source/references.rst @@ -20,6 +20,6 @@ <https://static.docs.arm.com/den0044/b/DEN0044B_Server_Base_Boot_Requirement…>`_ 8 March 2016, `Arm Limited <http://arm.com>`_ -.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 - <http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf>`_, - March 2019, `UEFI Forum <http://www.uefi.org>`_ +.. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 Errata A + <https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf>`_, + February 2020, `UEFI Forum <http://www.uefi.org>`_ -- 2.20.1

5 years, 2 months

2
2
0 0

[PATCH] trivial: Fix typo in chater 3 title

by Grant Likely

Fixes: #42 Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- source/chapter3-secureworld.rst | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source/chapter3-secureworld.rst b/source/chapter3-secureworld.rst index 4e9fa61..9c51bca 100644 --- a/source/chapter3-secureworld.rst +++ b/source/chapter3-secureworld.rst @@ -1,8 +1,8 @@ .. SPDX-License-Identifier: CC-BY-SA-4.0 -****************************** -Priviledged or Secure Firmware -****************************** +***************************** +Privileged or Secure Firmware +***************************** AArch32 Multiprocessor Startup Protocol ======================================= -- 2.20.1

5 years, 2 months

2
3
0 0

DTE call meeting notes

by François Ozog

Hi, Thank you for your participation in yesterday's call. Here are meeting notes that you can update <https://docs.google.com/document/d/13TwImAK9bta5_qY2PAFplO6pypd0hpNQNkpkI_W…>as you see fit (I think the permissions associated with this new link are correct). Survey was answered by 12 participants while there were 27 people on the call. I would be more comfortable to select a time with more responses. Cordially, François-Frédéric -- François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

5 years, 2 months

1
0
0 0

DTE discussion agenda

by François Ozog

Hi, Here is the agenda for today's call <http://meet.google.com/oua-wrbf-ppi>: - DTE activities for the next cycle and overall organization - Regular meeting setup (survey <https://www.surveymonkey.com/r/F72TLPF>) - System Device Tree status and roadmap (JIRA?) this topic depends on presence of SDT stakeholders - Device Tree specification: its role in the future and short term - Device Tree lifecycle (what happens to a DT from TFA to OS): a presentation and a discussion Cheers FF

5 years, 2 months

1
0
0 0

DTE weekly

by François Ozog

Hi, I am taking over Steve to drive Device Tree Evolution project except the System Device Tree which will continue to evolve under the leadership of Nathalie and Stefano. To discuss: - lifecycle (how TFA, OP-TEE, U-Boot and Operating Systems deal with DT and pass information between them) - overlays - unified repo - summary of System DT activities I'd like to set up a weekly call starting next week. Please state the best timeslot in this poll: https://www.doodle.com/poll/k57zhwa4q9caivgy (the poll proposes the timeslot to be repeated). By next week, Joakim, Ilias and myself will have prepared some content to launch/continue debate. Cordially, François-Frédéric -- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

5 years, 2 months

2
3
0 0

Invitation: DTE discussion @ Mon 4 May 2020 18:00 - 19:00 (CEST) (boot-architecture@lists.linaro.org)

by François Ozog

You have been invited to the following event. Title: DTE discussion This is a one off meeting unless we find a sustainable timeslot for India participants. When: Mon 4 May 2020 18:00 – 19:00 Central European Time - Paris Joining info: Join with Google Meet https://meet.google.com/oua-wrbf-ppi Join by phone +33 1 87 40 48 87 (PIN: 588964477) More phone numbers: https://tel.meet/oua-wrbf-ppi?pin=4737911870439&hs=0 Calendar: boot-architecture(a)lists.linaro.org Who: * François Ozog- organiser * boot-architecture(a)lists.linaro.org * team-ledge * dte-all Event details: https://www.google.com/calendar/event?action=VIEW&eid=NzRkanQyMXZtOWwzc2xic… Invitation from Google Calendar: https://www.google.com/calendar/ You are receiving this courtesy email at the account boot-architecture(a)lists.linaro.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

5 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

boot-architecture