- boot-architecture - lists.linaro.org

by Bill Mills

All, I will be on the bridge today but I have no topics queued up. Heinrich will not be on the call. We will be looking for a new time for EBBR/DT Evo. Thanks, Bill -- Bill Mills Principal Technical Consultant, Linaro +1-240-643-0836 TZ: US Eastern Work Schedule: Tues/Wed/Thur

4 years, 5 months

1
0
0 0

[EBBR PATCH] Relax Update requirements by dropping ESRT

by Grant Likely

The ESRT support in U-Boot is immature and not ready for mainline. Temporarily remove the ESRT requirement so that platforms can meaningfully conform to EBBR. When ESRT functionality has matured this requirement will can be brought back in. Signed-off-by: Grant Likely <grant.likely(a)arm.com> --- Hi all, As described above, I'm proposing ESRT gets dropped for v2.0.x series of EBBR, with the plan to add it back in ebbr-next. Once there are U-Boot releases that have a solid ESRT implementation that works for fwupd, mender.io and possibly Windows Update then I would like to bring it back in. Here's the pull request for the change in github: https://github.com/ARM-software/ebbr/pull/86 Thoughts? g. source/chapter2-uefi.rst | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index 092fd1d..4c4cacb 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -467,9 +467,7 @@ EBBR platforms are required to implement either an in-band or an out-of-band fir If firmware update is performed in-band (firmware on the application processor updates itself), then the firmware shall implement the `UpdateCapsule()` runtime service and accept updates in the "Firmware Management Protocol Data Capsule Structure" format as described in [UEFI]_ § 23.3, -"Delivering Capsules Containing Updates to Firmware Management Protocol. [#FMPNote]_ -Firmware is also required to provide an EFI System Resource Table (ESRT). [UEFI]_ § 23.4 -Every firmware image that can be updated in-band must be described in the ESRT. +"Delivering Capsules Containing Updates to Firmware Management Protocol." If firmware update is performed out-of-band (e.g., by an independent Baseboard Management Controller (BMC), or firmware is provided by a hypervisor), @@ -477,7 +475,6 @@ then the platform is not required to implement the `UpdateCapsule()` runtime ser `UpdateCapsule()` is only required before `ExitBootServices()` is called. - .. [#OPTEESupplicant] It is worth noting that OP-TEE has a similar problem regarding secure storage. OP-TEE's chosen solution is to rely on an OS supplicant agent to perform @@ -488,11 +485,3 @@ then the platform is not required to implement the `UpdateCapsule()` runtime ser during runtime services. https://optee.readthedocs.io/en/latest/architecture/secure_storage.html - -.. [#FMPNote] The `UpdateCapsule()` runtime service is expected to be suitable - for use by generic firmware update services like fwupd and Windows Update. - Both fwupd and Windows Update read the ESRT table to determine what firmware - can be updated, and use an EFI helper application to call `UpdateCapsule()` - before `ExitBootServices()` is called. - - https://fwupd.org/ -- 2.20.1 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 5 months

2
2
0 0

Today's DT Evo call canceled

by Bill Mills

All, It appears we do not have quorum today so I will cancel. I am thinking of sending a doodle poll for a new time for this call. What are peoples thoughts? Thanks, Bill -- Bill Mills Principal Technical Consultant, Linaro +1-240-643-0836 TZ: US Eastern Work Schedule: Tues/Wed/Thur

4 years, 5 months

1
0
0 0

Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by Julius Werner

> > Thank you all for your feedback. > > It appears that in theory we are all happy with using bloblist with few > implementation details which needs to be taken care of during > implementation. > Just to clarify: are you using "bloblist" as a general term for the concept of a simple linked list of tagged data blobs, or to refer specifically to the U-Boot implementation with that name? The existing TF-A implementation (bl_aux_params) is basically identical in concept to the U-Boot bloblist, but not binary compatible. Are we talking about just keeping that, or throwing it away in order to reimplement the exact structure U-Boot is using? (I would prefer to keep the bl_aux_params as they are to avoid disrupting existing uses, of course. Making backwards-incompatible changes to an interface that passes across multiple repos and firmware components is always a big pain.)

4 years, 5 months

5
9
0 0

Verified Boot for Embedded (VBE) proposal

by Simon Glass

Hi, This has been discussed in a few forums and the main VBE doc has been presented in a U-Boot contributor call recently. I have now written up a proposal for the mechanics of bootmethod / bootflow for review. Think of it as a newer version of Distro Boot. I'm not sure how to format it for the mailing lists, so please see : [1] VBE doc with minor updates [2] Proposal for the bootmethod/bootflow part of VBE Please let me know if you would like to comment on the source docs [3] and [4]. Regards, Simon [1] https://drive.google.com/file/d/187z5Mzdv2dnjUosmdh5dljVz7Jlydn7u/view?usp=… [2] https://drive.google.com/file/d/1TmbDachP8bnq0xffFsKL_oHYfeaYV0QK/view?usp=… [3] https://docs.google.com/document/d/1fuv12M7Z6yFlECD9xR2Z1nzKo72SL8Z3hrv_fxZ… [4] https://docs.google.com/document/d/1hn-0GaJBJqZ5SxxdS_g4XMqLHigNjTrzYD5wjnQ…

4 years, 5 months

1
0
0 0

DT Evo call today July 12

by Bill Mills

All, We have our normal call at the normal time and place today. 3 PM UTC / 11 AM US Eastern Zoom: [1] Meeting ID: 961 7042 8801 Passcode: 8250 Last meeting was on June 14. Notes here [2] Today I would like to start with Heinrich's DT signature patches / proposal if he is available. [3] (I have not heard from Heinrich today so perhaps not.) Other topics welcome or we can cancel if Heinrich is not available. Thanks, Bill [1] https://linaro-org.zoom.us/j/96170428801?pwd=elBJNFdVMFJub0UzanFUcVQxTHBqdz… [2] https://lists.linaro.org/pipermail/boot-architecture/2021-June/001877.html [3] https://lists.linaro.org/pipermail/boot-architecture/2021-May/001807.html -- Bill Mills Principal Technical Consultant, Linaro +1-240-643-0836 TZ: US Eastern Work Schedule: Tues/Wed/Thur

4 years, 5 months

1
1
0 0

[PATCH v4] Add RISC-V support content to the EBBR specification

by Atish Patra

This patch adds all the required content to make RISC-V EBBR compatible. The additional content is not a lot given that we just need to update the architecture specific sections for RISC-V. Rest of the document is ISA agnostic anyways. Signed-off-by: Atish Patra <atish.patra(a)wdc.com> --- source/chapter1-about.rst | 86 +++++++++++++++++++++++------ source/chapter2-uefi.rst | 41 +++++++++++++- source/chapter3-secureworld.rst | 12 ++++ source/images/riscv-sbi-intro1.png | Bin 0 -> 11926 bytes source/images/riscv-sbi-intro2.png | Bin 0 -> 23280 bytes source/index.rst | 3 + source/references.rst | 6 ++ 7 files changed, 130 insertions(+), 18 deletions(-) create mode 100644 source/images/riscv-sbi-intro1.png create mode 100644 source/images/riscv-sbi-intro2.png diff --git a/source/chapter1-about.rst b/source/chapter1-about.rst index 52e61e80b7f9..5097e85ea648 100644 --- a/source/chapter1-about.rst +++ b/source/chapter1-about.rst @@ -158,6 +158,8 @@ easily meet the stricter BBR requirements. By definition, all BBR compliant systems are also EBBR compliant, but the converse is not true. +This specification is also referenced by RISC-V platform specification [RVPLTSPEC]_. + Conventions Used in this Document ================================= @@ -181,14 +183,12 @@ This document uses the following terms and abbreviations. .. glossary:: +AARCH64 +------- A64 The 64-bit Arm instruction set used in AArch64 state. All A64 instructions are 32 bits. - AArch32 - Arm 32-bit architectures. AArch32 is a roll up term referring to all - 32-bit versions of the Arm architecture starting at ARMv4. - AArch64 state The Arm 64-bit Execution state that uses 64-bit general purpose registers, and a 64-bit program counter (PC), Stack Pointer (SP), and @@ -197,10 +197,6 @@ This document uses the following terms and abbreviations. AArch64 Execution state provides a single instruction set, A64. - EFI Loaded Image - An executable image to be run under the UEFI environment, - and which uses boot time services. - EL0 The lowest Exception level on AArch64. The Exception level that is used to execute user applications, in Non-secure state. @@ -218,17 +214,59 @@ This document uses the following terms and abbreviations. execute Secure Monitor code, which handles the transitions between Non-secure and Secure states. EL3 is always in Secure state. - Logical Unit (LU) - A logical unit (LU) is an externally addressable, independent entity - within a device. In the context of storage, a single device may use - logical units to provide multiple independent storage areas. +ARM +--- + AArch32 + Arm 32-bit architectures. AArch32 is a roll up term referring to all + 32-bit versions of the Arm architecture starting at ARMv4. - OEM - Original Equipment Manufacturer. In this document, the final device - manufacturer. +RISC-V +------ + HART + Hardware thread in RISC-V. This is the hardware execution context that contains + all the state mandated by the ISA. - SiP - Silicon Partner. In this document, the silicon manufacturer. + HSM + Hart State Management (HSM) is an SBI extension that enables the supervisor + mode software to implement ordered booting. + + HS Mode + Hypervisor-extended-supervisor mode which virtualizes the supervisor mode. + + M Mode + Machine mode is the most secure and privileged mode in RISC-V. + + RISC-V + An open standard Instruction Set Architecture (ISA) based on + Reduced Instruction Set Architecture (RISC). + + RV32 + 32 bit execution mode in RISC-V. + + RV64 + 64 bit execution mode in RISC-V. + + RISC-V Supervisor Binary Interface (SBI) + Supervisor Binary Interface. This is an interface between SEE and supervisor + mode in RISC-V. + + SEE + Supervisor Execution Environment in RISC-V. This can be M mode or HS mode. + + S Mode + Supervisor mode is the next privilege mode after M mode where virtual memory is enabled. + + U Mode + User mode is the least privilege mode where user-space application is expected to run. + + VS Mode + Virtulized supervisor mode where the guest OS is expected run when hypervisor is enabled. + +UEFI +---- + EFI Loaded Image + An executable image to be run under the UEFI environment, + and which uses boot time services. UEFI Unified Extensible Firmware Interface. @@ -240,3 +278,17 @@ This document uses the following terms and abbreviations. UEFI Runtime Services Functionality that is provided to an Operating System after the ExitBootServices() call. + +Miscellaneous +------------- + Logical Unit (LU) + A logical unit (LU) is an externally addressable, independent entity + within a device. In the context of storage, a single device may use + logical units to provide multiple independent storage areas. + + OEM + Original Equipment Manufacturer. In this document, the final device + manufacturer. + + SiP + Silicon Partner. In this document, the silicon manufacturer. diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst index 53c962ab5c25..18a9b5404cba 100644 --- a/source/chapter2-uefi.rst +++ b/source/chapter2-uefi.rst @@ -209,7 +209,7 @@ Resident UEFI firmware might target a specific privilege level. In contrast, UEFI Loaded Images, such as third-party drivers and boot applications, must not contain any built-in assumptions that they are to be loaded at a given privilege level during boot time since they can, for example, -legitimately be loaded into either EL1 or EL2 on AArch64. +legitimately be loaded into either EL1 or EL2 on AArch64 and HS/VS/S mode on RISC-V. AArch64 Exception Levels ------------------------ @@ -232,6 +232,45 @@ UEFI-compliant Operating System. In this instance, the UEFI boot-time environment can be provided, as a virtualized service, by the hypervisor and not as part of the host firmware. +RISC-V Privilege Levels +----------------------- + +Unlike AARCH64, RISC-V doesn't define dedicated privilege levels for hypervisor +enabled platforms. The supervisor mode becomes HS mode where a hypervisor or a hosting-capable +operating system runs while the guest OS runs in virtual S mode (VS mode) as shown in below figures. +Resident UEFI firmware can be executed in M mode or S/HS mode during POST. However, +the UEFI images must be loaded in HS or VS mode if virtualization is available at OS load time. + +.. image:: images/riscv-sbi-intro1.png + :align: center + +Figure1. RISC-V System without H-extension + +.. image:: images/riscv-sbi-intro2.png + :align: center + +Figure2. RISC-V System with H-extension + +UEFI Boot at S mode +^^^^^^^^^^^^^^^^^^^^^^ + +Most systems are expected to boot UEFI at S mode as the hypervisor extension [RVHYPSPEC]_ is +still in draft state. + +UEFI Boot at HS mode +^^^^^^^^^^^^^^^^^^^^ + +Any platform with hypervisor extension enabled most likely to boot UEFI at HS mode, +to allow for the installation of a hypervisor or a virtualization aware Operating System. + +UEFI Boot at VS mode +^^^^^^^^^^^^^^^^^^^^^^ + +Booting of UEFI at VS mode is employed within a hypervisor hosted Guest Operating System environment, +to allow the subsequent booting of a UEFI-compliant Operating System. +In this instance, the UEFI boot-time environment can be provided, as a +virtualized service, by the hypervisor and not as part of the host firmware. + UEFI Boot Services ================== diff --git a/source/chapter3-secureworld.rst b/source/chapter3-secureworld.rst index 9c51bca24f33..d6bfbd322837 100644 --- a/source/chapter3-secureworld.rst +++ b/source/chapter3-secureworld.rst @@ -27,3 +27,15 @@ Platforms without EL3 must implement one of: However, the spin table protocol is strongly discouraged. Future versions of this specification will only allow PSCI, and PSCI should be implemented in all new designs. + +RISC-V Multiprocessor Startup Protocol +====================================== +The resident firmware in M mode or hypervisor running in HS mode must implement +and conform to at least SBI [RVSBISPEC]_ v0.2 with HART +State Management(HSM) extension for both RV32 and RV64. In addition to that, the +firmware must ensure the following condition before jumping to the UEFI +application. + +The device tree must contain a property named **boot-hartid** under the */chosen* +node. This property must indicate the id of the booting hart. The corresponding entry +in the ACPI tables has not been defined yet as ACPI support in RISC-V is under progress. diff --git a/source/images/riscv-sbi-intro1.png b/source/images/riscv-sbi-intro1.png new file mode 100644 index 0000000000000000000000000000000000000000..953e6529912af2e5b774ec6033abd856262651fe GIT binary patch literal 11926 zcmeI2bySq?*Y8IqRYE`{1e6#+N@@@!q$P$%q!r1bBnPAvL68t(2<h&WE<q$DMH+^Z zk_Kspe6R8OJ<t0*=l7no&imhc);cT}_nMpgy61|0?fu=KYrj=fkte!La~T4G5Gg#A z(SSfMnm`~IE)!e?cf>u4Xdw`8Lj@U0EjOd}#4B!ELp29F(3p->sjHT^5VvL+rQYMQ zU#RI|uLv^XoMK~GY0|TeDt`2!;QBSSLB`8b`W!KuMZUPWmnxDT-wt}RPRL4dD$~+8 z`jYe}0gf-B=VqMH*qE-zzWE}IKNfSIbdItpM1DGsOFU>CNlKJ40G)umB$Oh;UQ>ui znZf0W;wN|#KK4HTAD=JVkbzHkabbku^5J4U4!9`4f@24e^%;5rTr{7cz~7hbB?{p3 znc{zXGkrgnOt2sXt{R$}L)$mDKSOOLbyPbgxF3+>;8x`f*Gz5%1qF3>cIM^ft*js_ zXx`A5DCmEN-X^$=t6u0-V_;@xwy>~Z8a*G05WFh(1XcMGE=5XlIZaPTL&NdM=U4sx z8jgx_nt4NacVEKM7h!~wYHWcBLv?j^2M1nZmL7I1soY1+-!H+eu8cC{NT%M(bHT;M zosSgAcCIn7tI{uglZtQCPg$Zs;43AmwK`m&TV^|6Ia!As@GGsaH~7cDOB9$SEm7M@ zA3wG9o=Y(57DaARZpQR^S@MO9O5Rkf+12l(cJD$~dF5{92$R_kLopVTp_MpX<|rd% zpLI!vRcPpCt+XH7YlHsVL0k9C*2sfH2;t<$0d1~MrUqfW7bSbbEi>TT*DYB`(dAQe zPf?YmIWkT8fm4^3j%n{((R+n1C0Zz3#vO_Xw8f_nKW4>QW_g0bJ26LzmOCzVCW(27 zBz`mc^ul(m)T}LpdU<*I<HwJ$@rclM$l_?_Y5pKJQ7F_L%-Y~k;qpn)b&gu+WvO(p z<9)*h&zjP{_3^4ODqhChw{P?E^78P6Ri^0=a$l@qe;8H1>~!?=jm3V7>tWPnF8rEp zWN~KoGRK#?1ESz}F3u}t2i?iEf(RQF*+`Vk=@PO0N+x3`_0$~xmJ`fM+M(=`Q|Zmx zdh1;u@z~Nb#YQrsV(WM3&BjbeSJM&+o!VsPuVxg%T4Eh|Yyy|=-{a(E;rwVg|3h8D z-m58H0XI`!C=^+~DKqYpVIg;VxZx*ZHxlhHC7%{$8xeq3T(CH?L8Z%wiNDxgLRVPV z#3v{Ftc`vg$~ViTy88rT(Vy#Z@8+PG^V0ViV{Zkb6~y9dB62F#ROGesi<CFs>Hhxy z*REZAjZgA(^Pt*c&N5JiEetLH8TwkQ??6I!dg4QXh35UAI=$-mj}`~Y)f=KMYh%kX zT^Uu4jB}}WU(%$G)7xCX_^d-ooSfSqKK^C5y&u$~ea@_!H=VqtIlE{JpK`c^IVI;M zH_pgR+f2+`3mevEG!6PPlQWsj#VxGldQTvGzWY~^@Z0=zR`=tM5BL^pLTQ_%^qF`r zb3To{nAe>dq4={|T*1|O$==dxfe#N`pyPjx`*?pneSdi%dvDTd@f#S4tgNg9l)*<` z{TdRvHY#aY+xlbUd#ZHqaT7kn^O*i!+ROo&buo|q=Lf%Lng`d>6&%QQrY9)LJMv$@ zeYuuYz86o?8xrK{5A{d087mPgN&Mgz%%Kgx-+h+zk<MX#Z*aKx7QABBqccNnknw1b zim5`paJ|=h+u{{8=BV3mfx#i>rrv&f!UR$9TU5Hh>yyKJ?^CrLg@5(f^C@a<Y;59g zL{wB}@8FsDEo2RRz!s4#>K;+Ys*;exjaxHbWO#orr;@YhYfV0@sAz&bwtr1Iei9uF z_3iZx*5U0JnAoN8nhhJCw5wMuq3*7{VaY@@2v#<yEeI~}MWN>#y=Vnj=rQyBqP{o6 z@7>h%^%iR*fNS_W_$2TW@vYL&M9{6oum~-1uN%3Ih<~etZWmsnK#*}+pd{5Wv6N*B zwO6uFQ^qfFN!i}^X``zxc;VK#?i_`ZC0gm%{ZZst>ZYY1tvVdeBwsylietk^wa|So zY|M4}+X?=?S9KzD;rw@<;&=HFHY4bHk7)-T9@z4dM>e$4LrYFvG~ZZFH;mV$M4|Ug z<|_?<XgIK=pjwQPe85%W%aZ~Wm)YOSp-rFbcxScRY<F@LXG|WAG@fP3TGGSAyStSQ zABi1Fmu}qAv`;dy*4(@;{f1yCS4g#cq}aH35{jLvY?9tLEX)C|Ei5+@hkZNltEe+` z^7_kZu7tE4eazbf%h+dsuVT*lh30rpR>>$%>Q0Rxi_ZuT+Xy*j)@Em*cTcCZ&Q$Un z62qS8p~#c7x78LSY6;(7^WpgW$}rjTRdYxTn81XQ8wTh?Fa;aajg6(H5e@ICczqcu zbTq}5NIGh}80NR-E4X8VX^u!7b8mM`v`>C~Ca<MM;nnQAG2y;4$bNLjWmJDpNGJv@ z@6{n3#A=X-x0sjyUU6?pn%oqNsJ&m-AT{BbYComUsglT*sRiZx*j=_A_9ZQiF2*pt zB<H<>u!D=k;GV?7?Xyw7pM5dyHRO-h91V<)yA{WU<n=^c$VWB@7?1qWI&Qni&)odw z_0`_W?9!7SOw?vn5ofLy1SRV{*lM?yUqYplVjV9Ya=}8c8`|q()XS2us;HRuI<<H( zD=<zgpmmJbwaVS-%Db)iF)>vxtB-60AJ;ltEq+V1Vq;~s0PeQ4bhn3I?1eJ|aVN2& zprBxD?&~JHLaC~p3mC`}h47*IQDs~2WI+p<_~2QAI1LMC2UQ-D%{V4wRd{bme1lY1 zIsb15y7rca7g}KGfzfA}JVq4nFxws@2Yn{!qeoTR>h|Bp*C^`VwL|mC*AY`%7oGZ( zT7;bVzn^m7+NrXVR?H$(cwC9vAZf2(;PG>Ae?H}D+<!k{uLJlDfqrN&z6%&(KlC-# zh4`xqTO>)mb`})A=rox*TfU`NAbbwp6)>~)8%`%3q{NLExENoKoA=bR6HQPke>;ck zGRz7Ggi$SNY^VgW@UKAK1Pujo{X)FoEj9|AKbqN)`KG9m+Vm6r6<hzkL3mu;iaUk@ z0`ZNluD&;#anYuq+pcPS!7(Z_lH&UH>l73P7a%X6_^r@t3+K6LZRKp_X8w-ynQ3Wh z1qC5?#X-Tr%QR>_2&9Q%NGQ)yYc*$9eNt2D>C%PxawVV~+}+)+tk@03oRcen`18G% zXRo!8Gpyd4UYi~L1*-{S^78J~eoR|^vr%HeJp%L<fm}|5dQ`fe{PnPvB)!YhB%>LI zdHMOvL8%@fSWeg>g&`0eCavk5PW8g{AbA&6E`OjO{uFI5eMaXbLoY%uUIn`B>}e3b z;AIHGU7*+wU&Y16T_qV*`wD@)!U4}qs6Bq%?z8JhvqA;A_5LON;tzbN@`ukb1tOQL z5YmT0>-`e6_?Docpzt(41J7mXD&)auNIcHx5u4GHS7H&VMR6A(1XS2J$DN#beu8W0 z^ni|C1**`q6PRA2O7;{qS4mQk1VT!MeHpt_G-sa&v-IEYNCyyW!!-yl=ea{(eulsZ zUv56HF(3|*7F4*+_D~uDgWQ5(`*q*EH>ps>lujVS{1W6M1PrVp9l1G`CpIkkpAQMO z(+!bAZhgi!5Lz3b&w|I}k<ceZM^n<%(=#w6hllqy`uGUuD*Q5d6k5qwhumy9-l$t< z0}HwIoR6PhK9nXC>Mq?_<vr#^>Wl3#EiC`!i~kjNr=#6v`7rvzoE$c8?xg!jI~A38 zaU;y0_OP9wJxpbdd&Bxlii+P7gq?t_aakQEVh}gz*}=0RJER9)^=>wg>h0`IQ?42> zBreAhhsD#~clGo4-&-9iuC3LhE4%Qw2g5=`GrQH(<!mQwD}eN)?&;~t>=U#ewhV{I z!w4tuOB(x}?j3H;-FI1;cNXF2=f@7>VA>}+VAM*WT+n8^!K)?k8X+O!+qZ9l<>^=2 z^u75u!d3ByGV2%d*jte$<TvkrsH&Q6NGD+Ved?3P9_EE5nL<~?RvYcg%XixOkG7ze z3x;*BUfUh4y-8wS(nqI*Rb20`y)*~Oz-N0)?Wwp}ev49;yI>qQ@4FW4huw+cHdJh) zwX2rwV&FHwDx2hU=DtBp&F5F^gXuC>NftjHvq)AKhyN@$HOd|q+r$`u_(Sc8KmP%# z*#?4#?I~t^LGL0DAJ9)gMim*>Mb}|4n6K~X^gq22tiZoYm7;Ha30-BcN*F*)r-ARR z9LtxPl9G~^<_rDKQ~&GYf@-2jRKTuBzP&yJ6Qt(?u%+qmc_*@|?(-#2o4+(SkI@E} zl-xZdM@B_O0m+e`YTtl)Q)|lA*VjiJ@EZEK-p0V-=EA^QURIV|ql%n8>?$?0?EczV z^JH@XiDrzs3+P>`{j@j&#kE`qoNl_SmR4kR!2>*H!u@k3RdET>J`)SJ)Z@cn2_888 zHp22d_T<|cz`nARUfdBEPl{ge&%E-L!DEeAUC7IGy<#NC>vV6#T8W58Adrp)2CGy} z7AI#_;pE~PlG`(H{>5*ETl$pi6_e?cBRg&FsD^wNj*QGq!mhD-Y|N`!Oj1b{`IyQ# ze<Ye`T+?9d6#@~!=5XH9`P-ppz%;+?^wA+D&QF};48TB8XfTlM)J&xqL<e`w>XgT3 zPkZ|lrrYgW<?8P&CwE+63a*(XE9#UVH|`khmUV#dxZJBbY~OggU%zPlcvZ)8xKdmW z5_bu>j>c4NOq=8Oyn-I={(b%6iRaBk6l2v6Oz?UW6BCt$d#Osrt?RBk76A?p4tnoT zw8x0f=GK6{kKpf>kc_R}`4wMudVC<{Arklg{e$3v3yue$4yFc*zZVqF>``5?BnCd@ z<ju!Uk4*h4I~1#`_rWBRgkJPv8AqHs*axA}hUJ#w(L2NX_Ug=nf>8}q4qxeNGkZyZ z)CNmy?77uCR%S8neQc{p#cSdRi%UvU30IXk)e3%(0@~Ef+<arAW@j*069`xRdN&6< zyQ1inLzK%%J4bQ7l#%ziZPof@U5x8n*AQq7TGIsaeb(t`cPiXxw@==gBgHsXcl_wD zURESp&Mz)5&d-CT=@SUQ3T0t28!dTS+;~<io?TlT7ZRHI46MabDv89&ucEq*+SwqE z1QiQ8xi+tZNu5WJvO>8HYs-Nne9<MmiQy0i)(;(EY3%Ooq>=DG0UM!Qon@?c^}62p zByt)kn6K^a4@Gjicp6VwB`|~}UOPQPRny)cb*}4{_Q$)+WsVDqr<Z%s|7nHX2-Z*& zkW-dRIclyi&_EvSfMouMkluGF*fOp5UpXI_JfOP-5xDf*twx=NQ~D$!$IN0r9j)Yp z$dKZWb%k_?Ro#$sVXU(!j_F!>eorf4_vA>FD0d9<5`uNysx#AyS}7@U_z;4t*ry^{ zl%jK>>^SExk01{qSjUllQ^I><*?C1QqLxBy2gD%Y_aMfo<mBQig_S&N$jg`5O<O!x z^7J)`8~Nq{o#0`+^s_sbpPik3Eqt)#y!XZhNCQ52jN!xGrx(YW1qXQ{4{lumZzrLk zq%4JNNQ05!kYUZ|0UQp0gJ0%TM*txp#r7zGoqmw*U-5xq-%TwY^!(C)8*=nhG75*E zms5dA$D5m*i@;oQ2SDI`Om9=8B)|zZe$VSBfo=d!Mq68ZXlUr~#DI+K3lJ9ICng4^ z8}Scb@bF<^L`1|TeB#LH=m^dJ1dYEZ{Zdj`DRScm3j8Ai`VR;}MwXV6@-iXfXC!w_ z*Sc%|-w*_NB?ufg<CV4t8<PU5oIE@_`M*^OE>;-52g2w9DLSKE;P#;9&P#aZhiEa5 zH|J{QN@O!L+Z+`!y^owcIom|~HS|tGsw-m_f6+0*<P4&rN6tD<aaqIT7R7vab~{qx zah$JFtT`Rx?;U(nvT}RS%*GcH<t&y8@uD94Yy7>U0~OXf*#p#cbY9DuG5f0{s&Ist z-kj+SYl+$Jcf)PvDN%#^I^`4V{KIh#hk?7)n4#W5W#gca@5%$sRU-3G_uRHRXwyu~ z+&n%WPD-cATL>0fAu_#SsM4AtCmGLz=YDT>8z1p|F)=WBljd&$A`+Esr4XOMXLfmg z0Yq=$Q%{F<j0^RvxOsT~^UHC|oufrVPhY(4oz5lEsIyn4KA200;BC`4(8=f`T6fnB ztqSyXrQkgMX&JN@LKc3_WD13d>z$u#CNUA5g1)Za=I63PQBzZw$ABQEiC^Co@Gtz) zFZQt5=u@T57~iwDklo$g(a}-K*Lc98=qP1vQp>W@laup5|M6gDW!TxfHR!rwt#fK$ zgV!;)af5-d?s%0w1FwmUl$4Z-38UAJB}c97I^&3CeNu{?)l$W_0C#L^+YQy2tr>}e zb-u=A&KKsvRN2*{hTZP<l4rFwCQpp7-QdXPG5uKFlgD7Pe<RStE{X(Z<=DIxlbk~r z6hsl5*uwL*v!=lN8j+XUwD%r6rbK|<h?zBT)raluZ1E_xVYhlh0j-UGincv14PpyO zX^jzMJ*!ctTOZPX_wCr$%Wo}U$w+AO<aucOd3dz|oL;sq(@~>gKNEc$*OrKKQBfbU zp%w0xX<$*M9Q$kOQ<`+%#Lz^3tMU2Zt?6n`L8Aob<YY~8y2yxUA6?`yD!i20M`;{d zt`LMTjXg@z023Qs-Z40+h3?8PZg|n3p%4$V6>*sLi%We?Vzs-}2b35PCtS##ot<R^ zFw=49OL$j*D2oV!FkTD9!O?aXPp+ily62~zZ}%gWEq*DH41P~8`10jTU|?X=Yy6!9 zkBMpr0U6dvkoNsCwd^bkNo{obgNOT3d@2<Yb=`tG9d3PytxLTIPD8;J>G?i9!F*AD z2ag_R*SPrIWO3@}xxaVeqkH(_TJc`I+Ye$)tYwF}Fv{a(k#Di7ZbhE@lzW*;IqaKb z;`wow+b;ds`gEOZq^t7aI#;gh0bbXgqaLq{bmai07Os&lrrEw5(2gJPtygz^_#VsA zH#Sx((XvpAafwedUe;+pnVMWdQJ?-S=#8pu_qiHL^2&;_J>({{I40Pw)#;h!*G%J7 zqi%ANz>>S+R6N6t1<=R#iRulSA!E6fWm0AgDbSq1c11>wtDYXsCWj>QGIGj&ai%$7 zNR%X@3@d8}v<#=kKtlca@neu9TWoLLxPILM32b{XQ~&A)F`Y<cEraK;3rO}*omN8; z_~2BT1qss1B4-@z?+vtkQJ<TbWGLCty_whtY+GLTUH3vAWBNL|1p^uObJsPZm@h{U zx+05X4C8LC#CSQqswMm+J`Q!_<IWGedvw#w&;6OVZPh&2SZ2))q}A8Jk=6a^EaZ_{ zXd3$sF0zdrI8(cMl9v{7pL+_1oM_#EwQhdt8=G)XngTNqEiKoM75P#2a9qfEg}4ry zag#I3w$#WgrdPw%ulBl`uK7<Hm)#$&mEYK=+1u8%#&uJ@ZPf+_-Qus#cJ`KMz{!BC zHr;;q^<8Ez_vS8KXfiS}vB#E4S68?G7P6v|q217Kz&Rexs+u&<J(;H#<2zwHQk3Wb z0L;(1i6L@&`fus`;lb3!tU2n4L7NCgW~9|4NoLkzS4>UjMcrWUv2&e+2T^-lcn<N4 zx-7>6>0)6+(fvGWVRzBe=-ve}n^ViuMG>9-N3??E?qp-<%@Qb{I<lDTk+w|+raDnC z&okb!Z*^JTxfA);Ix4I)dEDC$3jx-v@}Yl>cRui_$aSCU^zxob)~TX*CebMdSFq{D zYRGn?Nw-Qx;`NmgJVAJ9RmV<~K443g3Za{g=Vvnk3|V5qVPQI7MSppZFW+GerWwpE z`)s&ix&_ErasiY4yXRFM?SeGean1HZ&n-`E`gaHuw#PEeMMX2!Y$6g=b>DjHvfR6; zgU3*>bkbZ#0k?<}nA124+_N08(HKZJ?=-djvU_kIf$Cc0F!Ok6k#zJW<7hr@Xf~T^ zVe`G^dj~{%i1)(qVrO-r%ZQDxt76<Cx9wq5_TKQPq6w-&`M46P9703{9D$<?pg|Y( zEm)+!cSepKEGsYZPjBlYqX2g*s>nTfe_PrQGZ@eM6Nt=3J5;!}fRU<N`fl7JTxUHU zO4&noIPlf1cUX?9ETHJr$@E|-doXG>M%&jR=~%I+<592rKznRt<}RUPDcMXw5!&fX zu(-2!i_irf*MhLCTNBEhN!*KdeJaa!ZJGP^y2oQrZJfQnyHN};uB6O-FQ}vJ66fkl z^OUMvT0X*AE%Y#~;mrvXc<Qf4J}4S5%3$z2B&|)>9qjZ<oOiG$|MGbfE8!!)zSQ!T z9PB_WP20w=IZ-d{T1b0y_SyhJutVYq*y%N(Bw}N0Kx(0xtpd=v{nl)2O-+p`f}uuk zZVyNBkwl|(Qir~L;JFbuLv`Osd_Y&b^qU)q_WQ_!JRg5~kF0~EuF{(p26qyzHYqWZ z=mO&|q|9E|9on8cIXs`^E3xM>n0{1bIq^0w&eq7tpx52X&}-iQ0rknQduheLoWH%d zc(M?@y$+8X>|b-8JrD0FJG1v9?y2;**jJvoSKc%`V!&ct?(UQ6$=T6p$X{ZAnzO}L z&^sjAoT`hw&YnKN5G_teZ*-nj^v^Y|hvPZ?=0L!mPXf(5KR*wIEm{@<;`QX(bd+ua z-7{qTV#N<C5^Nq@WjFLD5Tq`E+{M0ebaag7($C^lnzliI#72tDf55JJn$QvQL7ct> zM-VZc6z}BjMxi^KMSiv_Y=_Fnsi^A?HYO;bck?`jQ6YXoKd&!uBbi}msZFJwl*l4- zA>wdV`E<qw`4>*vc~(5iWHA{61aTFg<PL90S?X8?<US96lYG7`==i?dDux+lRr-N~ zhc(^j(C~G_rOkF}^D}|6rtfduO$P7weS9tYzN^3G14FQ3@kkg=*lfx|jfmwv($yly zIm<##k(EYcN_`>j4Z$24nmVkZ|1~MEsoamSgP<`9*@C4O`b6GWEt8vj?<MvV^Xb}e z8Beesi;b2ffNj}UKd%z55RT6v+&YR`;4wS1wOU`a=-jPRN7u=oSf&_sT(xgByC7M} zHJWi@G=mHMc*br3;RM5=IWae$nj~ziHt%ju{t%3A3zCqtomLUu2^7JRY`A9A55c~@ z;JGv@jv%~5;nJV5jj#zy^e1d%2CxkR7~P+m65HhWL6+3NH)uLn11FEZ@&Cg}+uV7O z*?yR~)aC!r+5X#{t=q<NAPWx8tyGkhu8@#~g@yIDw=V%456eq_Epqc+OH0ed#01F3 zlkX!{I{IoMFQJ#P5XsG@)c?v24bT6AtVO3(eFmhGr{U1|+^C7i2cuLh40-tzOCGV! z3JN%b>L%@6Qi#)Wqobk-dy@l(7~5__9t`|uF7+b1Ha48C0OnNy61TnW=rS6QTMF;@ z)ob~131Ug}n=I(C#tS<^<8KatbQ=7woO5MPU9?6ZfXWdt@1_cx@IGEQa)SH|Bi(i4 zi<2j&g>j0C)_>!Wef;>tKK^=nO45f99{|L#w*HYaj0+K<2Dz$tGr9xNE<-J?-9b&& z)~{bR%>fy^SM>OY(6lGN-Ne113D2D#JyICq10`(IYCq~++7mByrB{M%rl{{CAT9bq z@8c2Io)JS*to|U7iEHy6sK{6#NDR|)>4hEr7(o~q`R9PE>?WbANhce1oAjb?zd*Vy zpqT)(r7`2yD-R^6xN>sPc-})|2x7iB7ePEuO6H#v<?ZdQqN1Xwr>CqO(meA}L4g`( zGrC&bSj19-i;$6*ACTF3%bIl0WhF8q-Q@xVj)#S6FHsjr4}bR!OyxxeY=(a6{Na_C zFf4+ee&y43^+7yHtN$dqE)RRpo6~L!(n3ff*jDWShJ00ZOHJP*BBU&RimyXREq_1s zHH-l%lK3JlgBy296!PH7Z|n>(%c^ZeEdmd6>j`!U)}Xg3|6m8gPCu0u6)$@*3+DXA z54@jz@guZB{V&-2?~wbFpr9Z%eNO7T3y_P1U_AeT<^f`VQ3Fuy@ZTwbD3?XtJU8P7 zJm389g$KR<t)w`TlH6a`U3Ijyv>rWr1k|UF&fhb4wm?9^|2IVkjEahi#5eD$>FFt| zC^#wpqgde@fLpDtt=PhX48lx3BJ9Zl*Ao;eI5Z3N^}UF#QK&WG1{nGu#Rw)nae@F6 zjDPYFg0ppXbqyh?Ui|6Z|8<liTY}Dz((|q6*0*`_5Pp|?N!tiD?fKAIf&ATF9%*q@ zQv37pA)}KGIS0E}al@v(!{Lu2sE^d=G@4S!FxyK-n^U(Qj*S1Xac2p*FH^5+nh|&w zyO(Z0N=-LqSZQ1hpA5Z)dI_f?P>G)p)(?eUT9;>O&nUiVVSJrInNlaatNqJIBQowg z#T_wKsHRT?gVj8l>!TRi*<jt-tf^8Z6{~KWxDb51kn)HEAyYAQ*50X9AFnR`<Tv)c zCfR3Z^Re-*A7ff_-A#HoTe_-(6IAvHhgn-*>^8GIM#2>1VejxlW%Mf*&WQ8+%)z;0 z$1%u#_5d`nl0;}`M7d7-QckDcJ)f}}Fxd^C)HL(^>0?evxgEDAxb%$u`1zAJYlyF- zo|rAF(`u`8#5mLT=i&}a(ryILYgQw5l%Q@h_o})^^3~X1BX1F+ADC&ZP@et16#yXE zpu)q$!$h|ODLoHo0@(W%>+B?h?bRQj{VF%)J!)UZByB#cKJXhNM=*UO=&N|`w#}Nh zGK3dPLn%piJx)@W5vJH86ZFcEW{~bpRwa3HOxU-ZPl;yp&op<HWArzN)ay@6KDY-z zRE=Iut?)W>K2@Y(*Uyf+(tG;@3)?mG=1bdFMv4WNH(2HNqRTW+bKW>O6k7W%B9+OQ zUIhAChEs8E*S4FU<`{Lp;gpLtPa6Fe(?0Jbt~>sTTR(~1&SzU+IHM6$y)<MpL4AyW z_Fb*!&EgI%&NH#7*oOP2X<rxff(<OYm$&m4#lqaJ2HH|n!Yw1<c-BDpjY2o;HXDEo z#nSZ*aFT{@JZ$CRbWIF+RAd0+g=+S|SiVj%mwsjU2VN#IvBc>0>BjS~3_jhlfT{tY zy4sg6Z)0Nv*p{(3#_ZHsU9aAamk9XWgY|JFI7~R=8Xg?{&Q>VQ&Haut0f=qca$H+R zP9HaP5tWzeh!!<(JY0pEy;7W!!J?1oIJl}KHCO0yVUP8D<?zngm)~Z)Ec{o6$5M)Z zMs{!d+&NoRP%reTZ4KFAO3p5<Ypjg-31#z9DA<a8rWaOfWu{wr9BTn{H$%MkE2&kq zHSp_LW=1a0bC|SomEO<DKQJx6*7oyT;{olpnfLoU7-iknucvCzg6gWKqaK(kZ>PXc zi}>BgazCfp$II<!h}mHoIvek$Nr-b*E35UW%q(bJen?bHy<17HjxY}`GUOlN)eTt( zM33ceTg4dlC$)o#D46Zd%QSDHW2PmKytDjmBUG&2+zvtXVCS>yXBP2}^IAn3z6!ve z8_azTv!AF|pT@%DTrXhhPCqAVoO16w%*xQD>0d_-U}jSRzg0VEqqRS2yCk@)@42Tf zjHD8>n?O!`9n7OtH9Tg%_=}n{JjFB*xVAozw_DG>{L2D$Wn(`gW$D=8F)-_f(TMrA zjAf>+rg^kopXpepZm{?{gQ}Zx@7Z#xAtnINa0<mXx%Pdv^oD3Moc=}SepyGh9pe3i zg{f6Wz2o$+)^*o+Oh?X4wN}v+?%Ra3KFN9O^q5a;{Wi*t-ex^=yXi-+{HklTN&QF* ziLop~Hff@jsU(hZS_Z9=UX3D3xv^L|Iyc9Hn_?pJp#!3hkA*OkgDJEr67TZq1e?FH zE$jDkXSU?g5<&kqXEY$eWU)VAE9+h2po@Z;N`kZ7OzlUH91lQT6yL0Qn^M_4^J8yd z9pZx7ssh;>Ox7)MLq4a@=iGZk<Ml|hVeLo?Y@MWHSw{0XFTZH^_A!C<9tknK0h#?? z7ROMa$F@v1g?m?Vsu;Is1eY&wQUI?hY$6jwEh*{MuqCJ^=iwox@GMd`(riy{Ysg+| zv_xV3)ou4eZ!Lv=nx{4!q7uSdYObofWxRGb&EnimCV9HVIv$3v*BvR0ch$?la+EZM zYVVf!;uaSFF$4E#Q@5T!o<DGAkV8sssl=M^JIjRcvAu=K%Y0bVc>YkJ102a)fgL#o zl{nqi6!{Voay9Ngs(CdagiV^#P>;3(v-t~Dbw#5E@E30*)DD2Ym>5zKK`uAEsiOh@ z>n|&ynlmDo>$KJo7n;*|JM&X*tnL@QatGFd;=dDajxm}WHY_u<N|wMBE+I458uq&I z2wyZ7Bit;HDn}kZBQL01qcr6|x*n&XJ8Uw@srgnPsc=c8tNljVyhS<6o0<MNJi%~F zU;R?uV79I?SKE-0<@~Go9_V#jOqB9K)|pXNe#eX5i{_}QA1GJxhoC@Y8>SFK&Hn}+ zCVrIT@KBPvbjjSJi<Qr4lYNO^^24;IskwPj?QtZO=?|yyY{FVfs@%qUfB#@QCpf_U zc;O+-qVG)VD*hCG?Hvx@w!*sMuCrrY%q?D3oq=4Xge2qf1ro~&*~r$=YjdwS2t!wh z*YDKP(p#2D@w0d7g~XZNaaiTHLc{sCe~@DK(!VZbziv4l=_nqMAHojds4`2A?p~vF zo+r$TV%pEFs(AgyWD#_=@5-S~KdonfHJvBm2G`@YN+eAC5`~?zeu<`@0g-n|xCeHt zyJa6EhN63oP*4Kh07xegkK@3Xf_=SJyIM2{?5>L;sgk3O>LBj<r^S(cV;ZJ)zYyl} zo$XKFTh6_kAJ;w5&P1Fb*YED%OE^SS+E5wK^euXX>LUwdSSDYDhSVRgqPczU?5|ns zY9E}aoW;HJzBV_j*y8p>Q7XMw7L{phVZ;azRM|UQHtFb<DN?X{6kS0j*rhc)JbA^X zN-%t8`_&3YRs)UF{$%ynl9lmt*w?zQ-hzfvoS#|?k7Z&wdIXc{Sq3Q23t&yFu7bK@ zMmZh>+UIc^zZ3+Tq1V?)be&HDw}L%Gfn(Qr-e-7|y5Dcs10(<r<@y>o%bzq|tZhvZ zc2iOLR%+H2xmTc9k!RfK4Nk!6M4YP^qV=bI&b@5gp<lKGve$!n+de_RGq3F%U~+n> zZ*MMC2;D26H=C0UkP*yr);+m$n>SoTAb)(nU3NRvVYO(lGy_i35xC!VRZClbFFGKa zg6Y8G^b!#zFL#kl2!0W>K%UakAt7eP3XxDATCi_&0>K;?9N`2557omLRqYa^^{Hh4 z)gn`~H4_O5%JA}vaY{vlUP!*#n8dFtv!+PvVf>xqa31DtmiE=4jZYdT3#+25E(4nU zYavEC@n2SWMt-0O?#A!hgDu((eN8*FE>Gio%V&AwqJwTk!CMBSwHj+BLLYxtQ*7}J zs6BlJJ&P}Dragm?43nS3bryK-e-ZvsHS<UD>1f8azhvPPl-ytCtiEuXf4xDCjo|;j z0i&RxwvjjlLOR&e+S&xY{siUfP&dgPlb?~1k&}~?lJW%P{Qq9A($5W!w1CES_Ruyk zP#*aX`>*R>?r?AbNvfozw7imfTrdf~CPd9E{f>OayF2tlVigqFQr$W&ZSB6$>xM$k z0Sk^b#1P1XyHb0hc{hhd^4w0&-%H>8Kj!t>=f&E$uYla;|FN3q+1B5+*eM`20$u;J bK>Nfey~M9A7FUcJ+=M8|s>l>cJ@Neyyz-YG literal 0 HcmV?d00001 diff --git a/source/images/riscv-sbi-intro2.png b/source/images/riscv-sbi-intro2.png new file mode 100644 index 0000000000000000000000000000000000000000..4f0bde914f6ba9d0fef8c673464cc598bfa39c68 GIT binary patch literal 23280 zcmd>mWn7e7+wXvan-)<zL=>b1C5A>qx?!Y2MWm#=K|nz1kOt|Yk&tEp0ST!Aq`O<` z=BzRH-p{k2_q^wv-}!XTd~qD^d)@0^bzT2hD^N*65)Ydk8v=pgNlS^VKp>ZdAP}^G zKhVK11es~w5QtWVw77_xliqp~meY0E*8@ww6Kq<{=YgapH*aA*xcTYU2^@a2wGl(S zxl#GE@&F+zC8qd8G?MGj?Jp;iXkNw`F-+unDE`O@Q}6nu;`NtkpNMfUUweh+mVJD? zrK?~wt)?H#Zt&tDk)fw<DY3eI()B_YHbJ<A1}Xq~7<N<b3hE1_Qpelw66(tz<oBd1 zY*F7J(<PUYc&INojlF*V@#X~T2goZ-DJbe+ulH#GpIzeB(%#mlqzi#uEqhpv24M-g zDr%1gdDx4-f(a?+3A2Den9=@^zoLJ!AJUcNSjdItUBBpvW^SL#g)tXmlfYEfYTLh4 zSCuz>%r`*3G&N=N`)D~;==vI$Of=d1(v{WZi}M4-d|+^}pzUJN<}Oww9*^S(xZj5* zJ&t6BY6e7+(@6Jw5uXPf9I&FL7QrJn*7A=q(tBRKVHP(VY7b}M4$N%T9q6@q_6Qz? zU1Y}S&E`VqUO{;$=_-ha-`UH>Q}Nl|^~;h^$a0N`S}G*x71e7UC`AdlpX?6`);}vj zTe?SF&b~ix*4i(9Fn@5va+HyoSyn;8<9H=|(CZ&hTpz1oyM6mMJ^kW*dt`NF$2{!? zf$-_g1wG$}5Grr;E>`+HjasMse#Zw}J%a|HL;CurPkpWsltiYfCGpxW`n9+<Kflzi z%VPR;y=o{ZJ94vqi+QrF)PC)8$I)lu^HfX$w#{}+B6b~!?ahgY(<|du9D7HIi?glj zr6k8m+MZzOB;0l0+Pm}4ojadi<E1Mu;roj@u9C*stT`V{IF1mJk;TQu@w)69pP9VM zcBss6pnbNp*j4AU_a-z{QA%og_`_U0m)UMF?~q4kW@b2(d4E>dD-4_{LqmKTAvvF| zXm!2zL0H~n<rm`Om(O%Rz9i#klo_mZJy?}BA1?OBr!S|WqMFE2WyoEn)r%SP$y#zk zIDc(TcI|TFTX{1zFEfVlyqIqEN#HaQb!Xz@vTyK0OW-!2y$VfBXG?oH5#|y$w&apb zJaA?{_AwJ(noO{{Nbk9!VSAjNbN?fSF-4MEf$c<&ji%cC@xVgFxeKkm^laV1Bpm@) z;Zo_;d~qU&U~+5pDlHW*Ndu)6^s3W~FR>!-=kK&F`UIg<Zl&;JG-Ya%%G2#mwu>d< zi=%}Y{qe<RYVyA8p@|$e^KJHPUvGd9F|k7213%GpiQoq>$hBV>YvAJGq|-*^RaI4~ zZ6Gr{lLcL|v9U4n$ZzXJUY3Mfj7!1DZ+TjYU?_Gy7#SJ4e&%_xb)kIJ<9W^zy@j~& zI6nEp(G%u>s%Fub=9jEU#}-@+M&59RB~7^^M(*mT`$e+6#@m>O)y~Af8mnaLRAz0o zoY~OhTjP~%#gy~?G0UZ{grP!R{)!E!SG!6I3L&fZGbYv(ih1dxTa$HrSEtP51)NI~ z+bOo}_>TBcuh*`;bMH%MN0RaJ?#g`C+5Q->cjd;%v9_JX1k2T<bto^(;^+QKm5L{o z5c-GJ-VL_9%YEOzS&`pgDW!uEQ1OWyZingjgn!1k=LuTMMQxusxwluTC4GK5QPB0B zXjeSfTyEluL(W2HOsPdb!a#&hD05@@gHK)=o!a2k$IY(=6fohlUDd+Hg@r2f$4iQy z$3%~&T-FL~qgg%o2Gw^Dh7jjm&gc6Th`<i(xS77l_=VMXtlDsyl-#P0H5L5$TC{qL z<RA0h4Jp{jyQr@9@+AulYCfu_r`JtQRz+1oDc}?)WYM=!fT<%jHj629_ujoi^&;v$ z7Y`*Vn)bA`G^wcdDTKa-$dprkca7s#H|%GdEFXTK8xRV<baZs2mWfac2??P`B=^M8 z`?s7rk*lu~g8_6|3aUi+O%mqOwGU?2RhV#FvMob~jI8X!<%uFExeN-%mMb)F#nO@V zoTDWvy(yAyaW-+z7iS03Iua5Rg?e>bj;+nj%Nxtf6c0JDVSDPw3W+?8SjV&2W<!OU z%U~XuDCR7*22(^vM%@W)iHNwitr{hCvU<e%lyr=NLETxmLnIQ~Fw|B0YYB=uTT~}U zTs-W3G*)fD_Vm+hDjq8@u_b|uA`Zt*od}C#3N7qp;+V4@p_6=gZPz{+GpbcaJ;^dz zCEul`rFFQrnsi`%eGT51+K)Pzi<D5qpSW;L*G4Et9{=spce@%DI<R_Tg;~6pn0D;u zvs->>cpNLW@aQdZJJxpPv`G;AvES{M01l(>Hr`VWhXJ^<WC&#{6P}gLfNI>~v=4zs zMW0m;e-A9=#BHlL;K8u6h{@wrI6UC>#K6EnkMKnza<h8vo((=JyI039VH~F6F{R>I z{t~mn{R+i|W?02qMAGjL2Mhc<6oE`sSPG*RQ&CZIBBY(@<Xx(APx3fBK3i2ssMJL} zY3b~Hf|c#|xz@**(hJmrE@7UNwa%#bePg#X;5SitmU3~L4L>ELJC<Eg6gu)1v#D=? zdS5u%hK~N%s3)Hp$Wc9g=&hd`@b)cTXyVOKoaEL&&Q+q<XGrY#vYeFqZD;4^{5X$$ zz1B=vZJZZ6qBF+8xcXY8-$PC15pWYx%JPY==5RN_o5t;1dKjZ>R$^Z5oudI&#l9&a z_v5zq4x+0T`p)P!v}4n|20Qt01P|iB+aV1RN6}fT8X8hG4Zdp?&34%zB0GBhnO9E? zT7#4?MLU%`i-T#MQ~j(3`*>c0e4#mzNG2=$O4g$8@WyCoXJ<bW*(Pk%O?jM<oLne; z%|5|W05zS>=`0$p&;&rRHpTYX?5(smpcS<41#?)@Kpd=RZ5Lh8sby;FPI`qzspFR? z`x~eB?Cv9AK~p&zRM)>_E}46ej_y;x*8GEZ5v2Kc#Rt3Pepb(KXX~Xs@GjjNhd$%U zkLKDT$XiXHNnBGr&z)tS1Xelkyx4a8-a^vEwcI~N#_^)9{dDqvMbDN##T5U$og3LS z2}ZD=A+1n{iC$gHAD`+Si)M-AmLBry>GdM@B0U%WRt2V=K1mwoD86)ZcymG*zxvUQ z&Ww!P$F3lFO9kGD+it~K@t68iQ=DC{7|SkFnaquxBGGqKKIlC9F>774atOh!B?6;2 zYkDR~nOZz~hb80rB3L!wi(KM8K0BD|H|lcPTOG_%%?8o;w9Z}7<=b>)%~pLvT6lPP zfp&#nrB!NnIcX<0<*kqAW1xqH<2j7c-}g*`D4o@(8j2+5Hv1a%`fz=H{b*;2xs$w4 zxbwBYe~OTMyZ{K80%8HVQ#(f7mGv7m8?W}&>)Dnabl>!Y3C#2}hfqJIS0DXapuGj2 z39=5A3K?l>=jBxY!y6v0!_tO_*>^iSItCuzNhVf19YDYEK@;_$*wZnj*PXNr?{8I& zKgUpM&A@Th;t#%^nwr|Q_c-zNU2>wOhlX58c6K!RuZ{-^TdeoJ8@HpWou<(S*GPyM z6f$<CM8B<%l$Ow7UmCs&l3cHr#sTW}L_Yh~ZvL(7o9E7u42oh}RG#<NCr1!I<ETNw z{Ssa~(E_qTil0ef>?j)KF*?YLpID>P<^N~CvO;_Zq_07|;%_rDN^dyn(dE)ktPbR) zTVO+OzE{h393zsdfIL*!n^j+W%C6BxwpY^B)C3lQ+1Xhn5?NC6pq$1<LQSl?uS6dW zVj8i!YvGE%LJYY%@uWDOd(}`On?qO_@&3KnYbWxlL62oJ(E9g`a{FsGurjnEUUoi> zrlatfjqxhmo@Bu*_>}LzCkZ9xo%M2n&d}-p{d~v@rq5uRG8>rqWA*O*!CSj4i9+%J z<z?Cx7F4Kf##ii!iHURntJ1V<oxZ=uqX1)Ff~E@x8++hCS1*^NQmh)yidQvh(p>T8 z1iF`BruKN5{S1|>|3ICn?`yy2A$y%@!pS{+1FZ)6O7`O$c?qsMzLLf{gyCx3^oK^< zqjlpEZ{t5urC)jREREc!#>;L8qy7P`$Ox6fD_B@qI63hcN{EXqY2ux{t#x3lm`@`e zyYJ$Kl}287f^1^Y+WRW-G17v|`n}&HhH1Eea=Px@^%JF}=&8X8t%z^u7cC)4G!Ewc z1}_?d6(jqKG`_$!wUTA)S_GhDvC}E-W(PL1_e@(If~aEy15I%^)5vx8hAq(-nN{~( z_D|l#Yy^>Wy+LZ!2_B5wnhxvFm%CQoA!!*7>ANI%RcPNrsCJUaEMB$*X^R$R0RpPL zv~;TbaEamD^{FxwB3?#utkxt>7t{E7jr8K#%al-a!3}k%7@<}rR?-yubo~#-`S?-9 z9B$-ic%7@pa^HGtb!rqJ6Pb^8_=ft_1i>X@NcI!Fj<jHP$!GPmhWwhEno-<thgQe3 zhFt4xdW91VrfKrpv~KGYZVh$TUpZr*XD*@Nod^J-rdJ4;l1Iq_6;Kn|5U1O`j{GLO z1DsqRB%Zb~^49K{m+4z`Ts*~HX}!|lOmtDfIs@Is4h$p+l)q_m<DgYbP|aw<J7DYz z|0<M_Fg!#ehp+-Sz|*XBJRoGe{-yn656QmX0b(`$x?^&tNXgLck`Hr}San(QQffiz z(pu{{7jvou8uYRn)f}@~u9VX1$QS+}4`JhZ%zH}f&5siE{R%sRjwhCzdt??Q?8ZM* z9xO^eE#U8O^%a-!H*`$PrJnsV%-H#9)DBBp3RfB~8ByJxTSv*o8}azT%-r-ny4=16 zzq738^^<BvjTazo{b(`4$Hc_+;K2ia{)Ai?<B4kfiYX7*v*SIwTerx$Ozk>ZD{A+? zYE#Zi*zG>L{<u&_x^G}WjY;2qZ%~aslzPGNb1;Qt7uQfPCZ`E<-j77@8>1-;k!;Mp zx|OVih=>T|QtdM1@2h!5tEquR3^ot^3aeLhr_MGVQ{4B-{D+I^`1e}mLv9!$*GIq# zewjqK+D^0F^oFE-NJjLJp<+DALx#_)Q(0`-`OXeotK78wMOXayxzGKy!GVDQvh57% zdloSCzW{KcudgqO&ps`809oZY>CC{&8k}ZVPt2n6KHu(7SeCsr{J}s{>us6wO{@&N zlcS{+lea6Cl!7i%f<JOE-lLlORywoYWvjN04_TK+>)lVlIEdir?C1dXlMoCJq2C(> zkJLSflG`qRNmbI(N&NmWCMHHTN-HEdI1>Ya3k7O-kuAdHg-74w_dOD>F0zH0_&>NU zzNbbVe8`&;(95nuF}m}0e2%aJ|JuFs=DuQX-5m0RjyKgQ#6y}NB%QA_SIo7iQB#ZY z_9@Dx+3eEjr`Zf_eP&|yHMED99{cl|dEUM+K6p4%H7OaqaEP#^(_JtQyC%FdSDo<o z+T<C*N(Rmthtu=%vOW8X#N3({@!jGWlN>m0delZ=-Wz}4cq<;Jk4C|&H3`dB%d5d0 zVjQJJ#Ag+oi;;by!P!hy4@2T<q&s83SzE;rQe%=?UQJ%`gUzhT?>*j&JhbAW1QRMx zy(lX@4qI*T1{U7OC{+6E20%RX<9t$nhxPIyy|s^2iUOzKK1J;`6DcYkg?gUSMSEVH zOsy$fcn{S(Y-n8*Q%e$b{dk~kaJ1!l!7tB=N6s0`YfCTRuvLF@Z{;>VAu37Ge9`%i z6+l{Y?w6#jT+iFC3Nlp~?8eeCcYpcvMW@V|u;AdsXX^CdRlbRu)4jFU4=7iMif95O z@5sKh;$mP}0)1{boHL#(cBMPR{C%m|AYdfUzI`H4d!Ji4$qn#kd&ZInz?;sQ0Fpj^ z`ZS}~nFJFLnI)h?MTy7a9c9t1swj9zhvsG_pY!(fT%ohwew}DXWTd3O7=h5?G#HL6 z5z%=x9*4BiMKzmz-5?QQg5~fl2UPP#OV?Q&Z;n@~)d8r8U;X}7Z7ay=l;T3z0=xUt zB~_ij=4(=JV_Dx1Ck&Fvl^rWGHzX0bMj{Z>%OoqUe9c@<L1P=CQ&97r9VS-PF>fkm z#{w%q5z|kO)Mo!U*G?In&^Nl4FC4pEy(6ymx$m~T39ZLuwoWEG?9-^jfsiSS|3q(O z$958T=za@Zl(aTrG#rAGu{YqBJ!8&lcxDrt-9h@_c-5u3O!oq$3jeL+Nr=e4`V>JG zt?<`Uop%<k_ckh~vP{>$7F5Zk6y_X%)wb-r@^ZheZNn+edaiXKb*M=HB6_Vm@@rKB zXJ7jGt9l0}rE)+%pav?1MWr{YB8sTg_IFLFcMMwMI2&!F2NJ9%#^!R5!pm@*K2LUC z>7roxlnN4L<)ht|ew#gzY|+xv+BNV-4r=J>QL9VmtCrg?b?a=PK(VxhZ8UN|I>I=8 zJA{hA(q*}qcIMiG4jv2II}6u?O*}k2c|}DwM-hzN2$uzTZDh%3-%D5Um9(s_@2ekd zO?h_PCj@s4#8rix74}iTJ3E{URde7=QllsEN8zBsi5f@SXzX!(b+D9)ELbAW-gVqQ zfy>bt^UM>?KD$Ln%6j{L+<xAsaL8Q`Aup1S<V<ZTHC**Pr8vcEU#ckL_z}MC`ll>S zK^v9jhX@lvrrJ5yYKGcRUGubkbQKSo{PXOgDFa_&4DBcI4_{p8_Z4na!2^T{Ochym zBP!7S#T3Ip@D{yQj;1w{+_uaV7agiEoz~v@_r9{Ty!xZB*cb-22WiO2qz#c|I);rR z3WX8(X6E7WyYbbVHCsZ&PlK}e?NJPYvgqd!DtkqL{88<K+b)$Itar_dRI@|Ce2n9c z?yx{~9D_NVu9zaUw>Ff$5=25+h$Z!-9$!Ll7_I(Qfge*&Zk&(f!Gp>tzLx_Nb1t&g z3T@)bx7#Bbs$6E9v2r6K^8iZVkk~Uccs4HQY}aMQS$tWen(*x8AiHa#(t1vk#$DXc zb+by6;Cr%ERlNV@qV+!I2>D#M{3FgpUfb6lc9(gZ{Yx@3eDkU=&odp|jRUj_{*f>H z4Kfka8Qra`g$H@pg=ye8hSEu4AH&jbh<?6#KD?TLc0X<Fs^q1OJk}tO$ec98{&e!V z9andexVA*edE(pmGbVDjStiECgBRWi9?u&UcC<F#H*JGg)6fhGXqT@k=_{FhUcN5{ z9oiRfA>|0B-k~!gBND>je9*++;Tj5_{?51P*5H~SC9QMgV7b}Q{>E5^h!19MK$yh? z_XPm06B8-jMaZ^o(bc<J;+zLGUaai5Go)C-Ui-}f6fSgrXpn0$Q4Q1k#_Z^N+x1Im z^ij#8B=W%@G_KH<7h3aR&{z8-uH;PhDo=|o$-}}e)UHOPDP>Sd?ip%YQVO}n=5fhP zXHvMkye~kk71mUqxSt;_xxh{Ov*vm2manSs?Cj*Y0A^?n>%lhR{i2c%2iKvEQL~~O z$y?Q#Sy^v7_?-tuV&4SaEI+KexTQ%IAE)bR7P!82NkiG;j7f5$w*SW4+H^t5-t?!4 zRr>Kj;g(ekKEjjPXC1hKA%jU}rlslCdva24x*bF61?8m+*PTVLU1Q8GpKdx0hlBUU zHyiTlur6|k7pYZ*#X8ZNux%_$<Ct!c?!#p|J1(hCCg&2!39{xTjQws|bYvIF;i^g< z?5soVp~qblwHsjdcL58A-&(!jCa(1!24f!f?I1uQFbcD=DLPt=l=ul?VPRcA%e9gH zLK7Gd78-|*QRO2LgXVH^72B)#XAi7)F%UKtk~Xi7KB&aotQ~cH`nAeT=>Wd>M0ldq zZ0O$1vEJJ#do-bpNww%JS*KEJo=-;0&D3X(ycvZRP~5D#SyY2;g>7LHfo<v*`_8!S z=$5bG@pAfS9f9pOIyEXmm$JlkIvT>ARbMP3-!<I|0O#YT>=QsN@PE;h%qoCbYh`Pn zaNVi{nFg&$)w7m26qdE&VnVdIk#H`S;~aI)JqL5`jg6Bo2I)^NY=?;iHyOT-z3dA` z!0Sp8PLjquYYXuGrpHdc>B>y3kI0#y9&N@VzGQx7de^mj^#qCJ%iF)>@t7QHPQ`k| zLyXORFl1h0URvX0XC>_UhsYRZwevR+?dGn7K$#D1+M*HgZt^8Rwp(9LV>#*q$veyF zXbF`=UdzuJEk&rvX_N`3Em`t57d1W--XY&$l-BqRy8+$UGw0Y0PgMHOh2iXqtFPKi zq9%YEvGi_~<A#?r64<^CX1e4Z9}T)*yJPk>f2Ih%t!UE7(6DY7DVz7WAWd<*Kg$F$ zVfzUWy1a3l!HmtI7dPAW`5~Uk5i|OiE~pvwW42t}Hf-Ttn_2eimpBgI{sj1k+9!># z0s;a6v_j^K$XNHKJrZ=?pTCO0JODg!ui6>F+&cDyu<cj+RbzC#ji(xn@{B(wt8Zvs z!jeVxZHKK%T^$`cPuIQGI~h6p-UK;N*m*p<Ct>4?or(zfcEfk6h_TmDEaqyvB%fxs zLeecRUKAPhrJ=7ug$}s^$d0A6)K}}muKVjCnMi<IQqR1?1`OOO$PRBUEw@QF*UEH- z&<G3B(fJ64C?yotALpLpsjhw)(y_&Jf0>5Q;d$<sndCU-9wYR!&%X+g-Q(7usdn2X z2%JNU;dZii6X$`;gHzUz#5NF&;-4eV|L9yLbskEmEGRX#1mK4jYfp4`H7w;uv>WHO z^K(O|3J+TQ2u{412x{w-X^;fw89SdFWt2%_nh2Zp-F$R1GZpN=i(&A&+i@VzN#e<P z?zemH?KDvP^4U;V^XOiWw}qC^GAje!Jw%LOeB3YZmB=}c(XI<3?|h!2wBqGEkXLku z-o|CVTf{Oj@=dkbax+UT^@v0Jvx1YlW^bjWjA%=!kGO=HFn+|~eT!pE!Hnlje=U%| zr!l7R#q^^L92L_3Y{ellP9(BS=0QNKGr1OE%4)3VBm`wjA;L~JHN+l635!o!F2LFp zo|2{yv%r$40oqF0zC<v2Fa=bhXO|wp3Ony`^!MiJU0Ir97ai!j_K2e{OXK*P!sYEy zoOz63*Noe-l+1TjzsG{?^`_g_L`Et<Aab)6s3IQk#&papM>5Tbts2_<tbG<q)3sY4 zwgx!IB_I}RsaN`<>+bwx<=*{+wV_Z?eR@GbcR*$7yM6a7vul78uDpQy@;jr|l(h<W zEFaKg*Wk(@3RSMP8RQlH;kb>iqg8p4J1O%eefmKLU)@;p!)gpjfLCX)(;@e9U0~Ba zvApi-dp9TYF%I+xwF8~6>%9Jxhaj{fBPW=WKtPp;4UGrM#xXJy%BRosT$t~NzUmD7 zll(vj<j2QV+|B<$V!({7{OvAH+hqNIvJ{jwKdXSxhd+Y?62mdLGO>Rd$qIQ`-S~vd z96W(`0#ccnqp<anA<O~|g2cnjGXd4ZU%_lxkh6EG5cIagfrMGGYshQcV><o|xgsSa z^Mlvn=Ki|Xs0%2XRL4t7{l8wNK}kbn*^bX~b3864rUFE@7KqnFF~PUTBzq55%?9QM z6qd=9@m3u0>nOb9KX3hHKE#xjl|4L!+;xTl38U*t0fBhGb|KzlTQwXQf`86Q>g5=W zvRIyg3~+iJ{GfqI-@JVbh!uQFo`>qx?iRzCkUuyFO5vW$Z0Yq9f(jeH$vIheVq2K+ zv%c5-V450~w6tVst}n-@E8;3-+Y&%-_A2$Hoj<AzIws%aDJOEtibvw1s?_?sN}8Hv zy5_r@-uG$%FNF?y_&zoH(b-!UvOTU<Yg2|@Ij&3!7bt`)c<M(-18r9U`~rdKJO<QW zP3b4URSaS<`aiyRyd(>VzV&V?l3WsvKct{zuO{(WumCN{wXm?jcn|)*)eGijSIV$F z(U1#n)s9R^=oDU($Kb-uN6$zQ6xqUjjDf@(j!zZy-=0?Z_n%_`wr*|~rykFF2;;h> zfi4B5K$VXR%4h40VOt7MO3jT&V?oPEzyl=_V}g=mKsMrRm5ut@8$6f>Jh%xwIKk%h z@OxXE6!;Sp@1VfdQ&86g?@7FTJWv)R$g!g(9bPAzQvcxr*7vT5TbN%_g++lL&JnA* zI<L0#@EhIDiI<oz&|>Z|i-r)MBnAIZsrVbBVUePy+<(}ByOO|N@2-Hm!hyJxGv{*W zx=N`?7`SWwGPp|sbr(=2bA0~!2gnoC3LYMW1Evv;1_2n1ZlvStg*qddvN7}X^S!;j zm6erIQBff8%9HkJbi`1z#48181ML!Kub#NLc<*LLR@VMXzofj4e{Ffp^G^5K2U7w{ z>C@|%)&QgLRpE1zuUUH6cD&MBGL)K?i3tVwfqYR~S~@6zfV-n{nvZf`dk@HjrS2qt zSs9sqkdfJ~Ab~IfciseUheq^np<-$<DV_K$v$L~RUp#%9O8&>?au%<TFGsFjyM`>( ztpSWC*CGZ`&@~!Hu6(@&2w%%92eGlF9qawsJ;!@%U^qt^k9{;}takeTY@*a=L58-D ztj_b|ywT?h)C74Oa5H~XcJpYc>ioJApa-ji%tAs!w6v*!dIyoVPi%=PMyt~5DZtA) zU5^X2l$(GeN5N$(o-kTvyHtcY*XoX`+Ue#u89A8p)W?&mJ=v_O#Woe-;6TZgM%{@s zVYNv%BhP8rXpa}sC|;Ek<X-^`$Rz$I5xv}#xF$}Eai{49Z-9>}lR)(21-PnU34o^* zfk+0$MN^=p<{UR(p-BW1&6p)3^AsduEA8W1dUxOp#l^+<bgMzr`A5wHd%@kOjju3V z(Akhh`iOMN(0iICzInX7ya0{>d_@?|Z?}B2T-^_}jA|3AJG`3P!s&(zwAIzr)HF1B z3_GrO&~TYv_n$9_?p!=^%ISp?3|~!je<BE2^lwkC^bsEJ2b&XOVq%&_R{>-^C2#<1 z#@b+>WGWyORHEk<)YPIr%?u+vh1n=5C}fX7e#ykf7BlwzIa+g=F<sAZ1eyEd#fw#} z+BVRIa5)v}LZIoq>mVc~bSXg(6qUKl$f$gYdKxo<%d8cq7xUp|eP|4}`;Hf0<F8Im zx#EbFc6N3K@>Ag3x9NsJUmCsus?VE_v6lcsaz}$qB8P3T%GT&H@BRDtfm%Y%{c;$% zG<M-EUZfsEc@L3FicbgvnX0t3w3yWQp8L(uKY!{nwDE1`6W|=4MAFM^%-_!t=VgN4 zi|IP}u99j=T};b!(%=H-^z_Aaz002IjLVInyeansT`4Ik)VLT=mn6UjgGW&jz+17` zxIn~wYAqJl+n2uHm$$@}Ng;iAgfX4vnI5cixyAw|@LLJe3fj#70Rv-y9#b&-KRm}{ zdtO?Ln~qNGV0UvOK>#p7fFJ@)9D_n)7?Sxe3(LG?-!lUPdj=CBLykjzV>a!Nat<BE z+}kC&4O8sqQ}uP(3<=-Ae=p<NxT!9DG*46|qG(7}0Xml5g1VUC_X}-I10iyUkWRww z^!w*2&kJ{H>Gp6s$<`1m+0O1{LG2zCYv>FX#pNwPI@7Vb7mE4g%f4e70UC82htbzU zU0Ez(%s{3GlXKnb0k4+sDy92KTpTPA9{VFkAmanc{ty70qaV%l81BZm*P6})mHMW; z^N_Bi``O-5nRMAx;6126_l?0WI|R-anY{DUogV4r4m=m8gsr*Erc)k>na^L-1`KK7 zU1)D_2aR#t<r)zYsLA=H>sC9jp`qdJj~ZS1K+(oGpQzreKiM=JEi-xk{JD%whZuoi zR7y&bB+8utbT&=QB-^tJAE42OU%ibNlbkH%^lh50{!lcOseKVvp=5Rm6W185Ux4u6 z7=Wqk+OHK<*r2p<kZC%C7dAEn+C`n!j3}yEcid~$bar_lIKQijMm-MtNeVBbsUPtW za*x$p5OK5e*D~ex5PuUi%d92jOCqmou(zx@q=)SfKC6B2J+SgQ+-7EeOS41PcX8xR z^X=p*9tC&eeS_EJmtyd}+s9get+4BD8Pbv0Te8GxxhO94qDNK)|C%1dgxUQoRy=Bh zi^uJn*f}FN+X!Q8&2fLOrVUx&in18PRJ$%UhBnNb8~l1Cw;`a>a;=D7T~II<lm5N1 zsJYLfk`fXf)xo(x;*n4LSoiN50DDmg%LF|41w_{CZ$Ec#FLWBNNc@PMa+AN~%M*PW zkmC>$X;vtE=bB;`UyiNa_+6>5xKw;mnG`n$NQ<%m{`36eVu@Y)EAmT^(IP97e!pM* z_V)I55;Y}*2Bs(5A31&v;~Ea+kNn_o7ba2NQ)4T>`d5i4$?&g=qQu8P>+pZ!Ps9-M ziOXmZxHOn510hRXe>Ed3#F(h_;KB=}iN>PWfy@PrJ0v7A@7}$Oj?Mv!*I(86nKfDy zHLch!E-jH<zaHjAx0kgq*7Mh!Vn9$?Xsdic63D<uN|%5~B4ZM)!zjV-&*rXx{E*=) zvBE*d=zij$VhP+Mj~+cT72d_Ax8(mhNPlU1<Gva|gUhJ^<?$tTH#La@l@RmKX8e`j zT8Ogf)j9#I76_+frACS(BHp6}f`7H<PZg0IDg~V;LG{S6Lbb^Q=3YTE<i;&-%d}+| zAE|sgQL#s&iIvqKmIsx)a<B{lbL2Z%Dz2j2#rq5%uY>bqoI2J5WGrm8!Y9n?h3m*n zSsNQ0V`F0-9UU-u0InIljhId@a4{oYWdxJ+eH}oq?<b_?<v04XL*wW1oz2+V-}$_~ zM!MnvmKB^K+2%K%K%SVl?9alB?n&g`X~JQ9{^A9&yhuEHr0cv8y)jy@x^3niUwO5h zIG6)3XoKLu<a71~>ujWBb7A=`%}#UF%&okt_{T)8q-V+3i0hbUpZU^>%eiTF<x|xx zV~&m7obb|ja^5%UihmS0*BZ<Z9BazTeIRQB^E*B%sbKL4<KX3>cBEVacktz9;C%xb zLpSixtUdrj&PHFlfBX`twwY(AH}tYZwS0<DQupR10)h93SMbQi&%t6E*+C~6lJUSk z6u`U-K%d%?*{=^Pw-;fU&Wa9badvaEmmIN~Uddi6f_ZL`8tm4{$L_oe2)a7+^x3E} zSHaiyG>Vr-K6aNpW)?;i6%|PeQ`{e4^7eB5xLR=k&rFIx#iL3~a&lB_(q{UOceusp zP?}KSGkWtT;<GAKr2i=Z;~X$m6_sUd9*6Z|zZQW{F`Z3*INE@^AtM_BW=Sq!HlPu% zS5B7z0T&FU^W(Lmz31dz?P4BU>Yyp$Oyzc);O(VlWz&s8T7Z&{bOHd@-yF<ScXM+S z6-Aep2GS9{!kCrZh@4dOV1Kmn=;Zkz8->BFCLhesl<t{9nf5bttv3}6dViSfve;N$ zQ>T9$U=?nYxjZJu;#?p@$7gfWdZSK2$2FFMig6K<u^5}5G*YJ^;FJwlm#opv<~Ir= zgqB^ipB0~QlCL^n^K>&-8i9~fWKev=Ve1j<B8(aV5)&Y0DT)fgDBr#TcSWgk$@%## zg_~0dPXJrx<2h5YnEy%|l^!7q#Vs4%_Gg~6F^Kr_Z`DS=a|gbvL9b?DoaoGZ-^#(k z0TN*M#V=&|?PH8F^817X4?qhygK4{RSuu$Zc2K)NYBpbWaeh)29~C7&2*^f@!*4To zeJMQFqCK2VF|r7cvk+>*>gVm(3K!?+!?u6tat(2uQT&wnxtn7ZTmCd2@6loQdmjPv zm!TIt@WElSQl;$b>cYdpSwm*x^jvle4V$NutdlhB<LPf`yS8S0Wl5M>4e?SuKz6r{ z`Yi08%OfJ#Z66_LNwcMHJ+0+v!W(`2np*bzJF^K~w+^WGl=H_!v<;G7#mBsSc|NS$ zb2Ykce1S_gua3-)h34{TbM_}*oTNG}iWJC<t+@Mia5oJ9njH*su}Xbtx**SurRR#L z<KeTM6tLOfoY3ysnnDOW(<>%_83ehY%AOB_5Rd!uF3?G3kG3g9K#nW8)Uy8RtrG_p zd5%6p=uU4U9P_qB2xS$(NWj<tU?fnMmCoVH={&bB3v{@rB$W~_%T@RJNimcIFIcsI z$NbTJq+(??fEFOhtH<}1U6}$jA+YrzcMN%qKyIy;l_!qMK)Hb*_SUUe9Gbx^MI+{b z`^?=9^vwgRZTf0<ibn@bW-hBzX5w`R5aFho%yD5WJ6F_yx29Cq)$07CdX*&hYK8%2 zLq=X1CVvfRMOw9a++%rj73JVSWUj0p(Uf^U^3?~b3VM#GvE*mx&&-U35?8Xi4zktN z91D@Tgfl{%cPlXa@sN0jeg{ULfI<QK2*HAKCq@?+ST-`1tgWp<;&IpR+q6h-#CYJF zH#R(!CkI<gh6V-(jGp~j@&NzZB;Z!iyWZnF`F1OrUW92a@;%`-zbGXYl{8F&20WB2 zD6jUO!H64;i1{`46^W&YsT<S$@QdRi1YC}qH@mFN4y<Fl%Jf1)$!q}tZwLa~ty5yR zr7HJgNVL#~mya*LgF!KQeiew$a2bU{6(f}VaD-olZm$sH68bULI?FqJ(00Q9#HMQ1 zXtyNL?rlguykq&uyeRLR(rCHKs845s?0Ci8*Vqr9`NlJzS#YdHGo$k<7pVEUe&!DU zMt#xi1H6ucM!O%&*4hX|k~q!w=O8j75)#SItjx?07b8Z1tg9HA^f)nRI#?f3)z1aZ zGwyDpWdd@(;-{YgiSb^NH$%P0`Tj|<zj(BcJwF!tOwDb2#|dB$J_YtaZWE;MBWf|3 zsC1h-n?D;vE|Di(fr*iWi2!B$1G!*Y{QPW;zK8Q{Aj4hn<JaW2wEFiJVUMbnMJn&H z6fz-$(~nEWotJMd=1%=uxQaqX8{_Uv>~XlnO<gmf>!Xv@TqA9v(Vo2ZeJtV8Cmcsx zuKU@N3l8J)$qlQl4@6I>h<L$7vKWK%8HUo}HT{?~hwl5pX~wEU5KwtM;W*{z>s$76 zB%(vmW%qqA$klhBXZQ00#nvM;p^xS~kwfn3Qf;hz)T1wX*d*>l8^C-(T*#1t65UOu zr31&`XO|oay&An8hTH(z>+P8p(WyFD=vn5rqVQP;J<Mi(_&(ovbscLza;qP&w*YAQ zYlB4$9^6|ie=_uE5<eD>ddIVI38{en*`dO6*ePzzCtaG8dOcO;vxg@ixBZMyUKYH( z?)hfpP^tEN;yW@T`$p-!uVdC`+i#MGgk+5=I8KgmKySy8K&?Bdg~@$Ch*YB?zMZV^ zNS*}+;ZF3|I9hJ!YkX*$u@aY*tZ_G}DJ~A1dh|9pcrb~!@PkxG_2K#_AMY3##`$X# zkPiq7j?7=tKb8*$hDmXYURBM{8$Vw(c)35DAgSA|u<G?W2*&F802s(83mi>doI``F zKq7SNdJ7~ok+ybGoh=z1`l{1xw|b4xncDPK-@p2H%7sx~4_q25s;a^#>!qsM3LsH1 z>rUha1jqvX;Ac;d-5rX7Xc?LcU*AU1n38Xv<<17_U%2ekZj=|7+cuYv8XVyC9q0|s zt93+=s@&e<?(X-n3)Y%j-WxJSEPOCYbttk(cIa0>+0Lq8#T<niG)r3MC1fPj-YT(H zG)^EVXUaOuY%-{KFtk=w7@3pwVdq9AS9-~3z$X|=dVh8<RQUY-WDDTO5K7($4(l3P z4uC{)>CT0X=H;D6*Pv8Ctz(@(9gLH}44bc8^X?ij7G_GK_={xA`Xh-09lQOR#)i(^ zaOk9yPgYY6@V%}TA+qGt@LWM8+heFzd*1>~DKM?Qr4-LX#K&f36x_L7F71^`;i(^g z1jPOYB@m;u%8Zo(I|=l|>gPEE7UMi;?RBr*s&vXagz>L!qyaKzZK!BSY)NMd*Ys;X znO{k1=~7Qh5sPd;#GKUr(P+l*?k*r^Jb@yGMCzrM8z-7Psb+Q69Upx(P?VjM7JFA- zx!i;ib6k(`Z0N#RI7Jz%*ZkS^9D32QwA?hyY!onMcg>!Nv#-A_eBbOQ^JM-XtSR)z zb|k?R##5J!WAo3xZINv0YFKqxSwBh}jepsy<mY0mbNDs8eKh!OjXe{!KE<yAxxKyw zI55ia#6-DBjKJjP=H|_b8pOe*tBnHSFaudPvw%tCofr!L0ZT<ZFj0X03K0?8y<!9l zOG|6Y@vq4_jT>-Q6?R4>rMZi${j@09pF9NXs!4Zd5^(9{S=8-4#-|c+`UaF^lnLD2 z90>m;_jK+;mvaE$@tzy281R>)ndYDk*fk)ii16r1j}QVWkF9utjs__w`0dCWN5$C7 z-_}$3?B5{J*lic(xG*2G{<ih~Ovt_YPEI{Ez<4+M5}Vozf$IWi9B@(MKAyu|!8}F( zK>+?n45$hD6Q=&o{81VCPn`IZy$=47F#V*3{+EjRcJT-eGC=v^!v|0l!LOol{rvm@ zYYf;wz~q3J*T($^-`qHFZuI+VFl7OP0mRM-ptHN~{RcYxFA(LO3b@Pn?*XNDiL+=O z*cB=MK~4V+->^r$dj|knUr<C!3fPZu0D++6?Xj%t4|KwdltWedQ;pc2$H;!Yt{CY4 zt~)I)Eu1+h9QQxF76Ku@@+XSI8~z6vZP*O5OLg(~12Fv8TVDE@Ra-02g7KelF!nzH zuQrF>veG+?f5*Wmz<?eR8{38q##V!Ic-{G1@%x5H+Y9+)q`A3d4cGnxlxQark&$$= z(0~8=H+!vFtsMP>r2eZNyyWBf9ScEGHo49>5C4T<uv_~o-)DaLC*3VK$^DC7ej=Hu zko{>!$uHsRd`4J2-Yd#~=Q7j=A7l9qyu3R9$KUTNDJfBF|K}ed?3LP-iTb~QECq!6 z%0V=<y2A?c4&a73IXUm$yLabKCa@y8sMV`4S@8hE7_d+LCdiCZqaG$+mm50QtgzRA z@ehznnsF3>I|n`+l++A|8-v&aR{gH-?yp48H6QEg)dK_gdGOR{8qaZa{7SXy>%+fB z1jI@hMNdZ}ii?%-)Sg8df>GMEx20qsdjHCR5D&(0`U5gfunC~i{MMh$^guDcW-Bt7 zctEg~Qt9MhO9ZZQZ$FZL;NJkO<>KPvD%SdvjkEI+AZ@{pEX8DiEyn(>9^ZH>0qI*0 zxMSeA&Tj|^3%h!jVz{CZx4gUzvdA^oV%4Hovgiulzj+j|x44@C?sRu{QgFPG)6t<c zM5R{x;f7ZTs3|#(uR0&^Z{+dQPTaflx0V8Ae34#V`~x~Vx+>EsLzLQ1z$h?b@CB`$ z;IE=lG(4cLRRGe)R1Yp$2fXS$NZ;!>?=O0dUde9w%^-Q5G}Zy@6P-lRAwaeW0D%B? z0^n{C75}>jz`WXp^@inSB|GKNd*u^>aQ?qn26UUPjSUDRk&%(<>FHGXlFyz!0|Yfl z@C60E4dVbEttKJSYTF~|xH`aiNAh3aAA-9{d}V3qcU>Tuj&FT-%zjVBpCp_idFt=6 zssL1{&PzabLh)_`B6Zh(Qfpxr4(N3h8q`wI-y{69J#CxxPf`xq_4}@uG9WSzr0V|h zbHapKa9;v<QGmNt7rT@4fTXj0k#b!F3vJ~EM{kXHIoJ!zy#Q1OVD{f`Q-J;BE`30Z z%r_?eAku&&<^d{)gQ^^gdt3PR`!OO3V;>DXh7>&J7yIV?JR2Q0hzogW^;^>70%R_@ z1KSiAa`g)+CJ!iUFXb&P?h$N)r3K>k1QV2S1C(Ia(b=i0qa+fH26;ucYw-jI0?!25 zis&9X<P{D0zclLqBQt;hKWc;O|M5;$9Efz^{nM?-s4}LB0H3~EhAoFuQ0*3yXn3(O zeHx#z#}-N08Us@y&^iG$GBGjH)Qscnd<8_mA1oOzxagE4UMxw$$iu@!L<9|sN5yiL z1t<4ccw{HV#oXyJ#-9MB3_yS=>2tN9vQi_-Pz1c)kJyHK%sE+CDhN_z6_yNp?^06q z)zmV&OWrg6(s)tzxCmP81sn3hUB;?x0sG3r!lGuRsdNLl@liA!s-m6}w#&0EZ=o-T zi$M|zJQmllUx$~nz_EYD@h9x0Uxa<^c5aMGLpPw$eU<74fu8l)wpBg<z(ao{ZG)8P zd}lgx&tSHVH^<D<z(YR4+VwicK#BZ|I_4k`MI4uHeXYE%g0vl}wbc<$T?Y@Rp-Z|d zDv<`y#Kb7A2?-go>_?$8ed)E%619Q*#_<vhj1v|x?n^JUiHM^u+(z;yA6{i&S#%&W zTmq!Np3{sUuz|L<wZY+V=AzmXU>Ah-n_a3H)07uC4=!e>AlLsedE#FF_G9|(Q?rIG zqFZ!Sw6wOC?f2=2Ud35j9R<WlnF~x5mfoK?5m7vsH3QpS5xAZotliKH)=EV@dy`5n z>mvo&#t#z=6hnCTzTogvlkdCq2#xGftYR%D7*S8ST+rN=Va|k6q_b1Re^ajhj`3o) zta$Q?sbY07C2vFrFc$CuvH)bkl>prXZRxRm5#G3k5f@?d6-Lth_&=Mj4U1-S?;%jQ z#EqAc{FtO1W}m-6V|TAS60UcI|EQlw!tm=FnzRW-y$Ib%Tym^<H<4m6$6{$54d>2X z&9&p;yEExEo<_KhFO6^YBD<Pgz|NDEcM%by3m~h7$y*b!Ra(t7f&G9HrWS*_gJ5TB zYbebWU?pN>V}ZQs3D`)N2T7LOVZwZT)gZ8_MQiaL0BcP~W~OqPd;&KPF^kei+drMu zV1w&>Ravue;yvQ0d{T{12JhEDV_VJEEVhlzGidsh{;7$d%Y;es&6V?S<I`&%gSYDy zo*QeJCb?WHG_P}>rn8~rYb|eM*0R#RVE6ZVED~84QEE7yURS6P8X6!M5VSsAxiUJ1 zuS_hwv+n!Uod3?}W<F6-yQOW914n6T`Jgw2BscmQ>RKixC7q_;m!MS#Zw~vsV{&&$ zL$%h#)P4uOng;UV71Ny@ndJQWH#PE!N8RR*6(+s0A!1q+85dP&)KxieEk3$YO0i-M ziS*jO+oO=8Hr44dLbQ_!Sh}nRGY^VYpUoWOM{!hXM;lEIkn^r&^i~N8z09{}blwSi zL47BEP#L{ol=Rg|ulW1S1iw8@RaYb{qx1=><AnVX9*vM2*xm*d7I?fihF&p{CIQQ) zTk;%B9fX8sITo$5fDW*6by|+k3g6!+7sT_E8Gjo1L)e+I#du|S#LD6M^egOb`h~^C z*M5HXD@ebhXy7kY4#0;3jw}{mg<Zows7S+Bxa%t?v!k)wAVFxbozT7!lM*bYsV0jv z{mTtrpEnnr9z9$BJ&1D8n%DB<ALqXE%nVXj_yvSjhxesSUc^RxYj;O5NK4*YuaSJ+ z&nXNyq?kcMw`Ys&5E}@wWEKkL?_NPkV8}=8%=gc=PB{_5O!(_8l}0cpqzD$C>ly7P zu)t4N+LTfqOBY?>7hDCtyN`*Dwyn><e^AbdgvYy1eWKiZQMxeqZP9Y`X3vHR>+ayh zI|n@H7vpyRwXh}mp7%#N(82*@M0Lpr_;Fd(%V#kO&YD@)ZcPnlMcGsXM8lRZyAqa< zI*hW)Obz~cAx7l=&Vu+Wg`8Jrf;P|76=Wum*{UPUHo)Fx*X7>S+%B~S-WrFEwC$Dt z?1j~lQX?@@(Ob7}@kE9ypv=P+FGoaS*IIs>hkxv-RUwDA!1w~xCO;TlQ8zJw$H&FB z!?p;se6Hg@rkZ2^N|gACT$BXne2FIAbctTwmWx~9Rc^u+AsdT%+2m2^arEUE`(2LY zL{j-m%bqkYZ}R+8NabN?Z_#U~)qPUfKOP;u|6HZDyNjb1jElEZFH*%d;o)-1mccf) zd8Tb3rQb^wrL>)mwU_oxRE%-}AEqe4b&rW9D5}?6Sb(A8Jq_s6@)MYe&d+AtQ8mbM zS8??}=ZVh+#-_ffGxI|`y#4dI@hL8IGQkoyi8diZN9rwznN5G=p=Dz$y315!6&6*p z79#;r<q|r@)9Bnl<-QJ?r~8~UF?O~%3>q4i?7%F&*o{Q0L}UVUbWmvMQZF!jCx?eO z8q%$-tl01$UvSMa#iXZ~TQ7nA_&Rs2<zY59<$854t?>Gna&oxphN5C(ysLsupTyC9 zU{i-BoCp1GiiX!7>Ifd~@}OM6oZ+@Ma!yWQsd`<$VfXDjHtREFeFXa%)V&I0&g}WA zmArSBoAdY5Pk923&$G`pBClh))><lA$V0CY-)7TrBJ1jZRdO*xQ8p88S=v>zSCO`Q zaF17&w;KduRMSMyv40y~^IHp{kJexDporeGbgoP6F^uFe_E>dhG|YVSfoCU5^)&l? z2F_=@RWg#)_RnS2((6m_f{!M}+l}p`9;ytY=CZFovTNJ~R@XR?YuAt3)tl@zi-ipU zRnC2qj#u=s1tk^lT)UvkTuPac)z0ly0k=bT^)rdTCM4p4=Z-u}{9@JdoI(2QGSh?z zC4Uk^q%K+HelS-4B%p-9?jgQm4;{(0+stF_eGD$CtWw=S?7OLr2zp1~GcCY+_XOej z{Bj`TojNCv{t*T7j^#$tbEeOl;TA&X4x8=-k)^QhXtgYa+WC;z8~+Hf4VR2lc+Z9| z`AfepwB_sRz6k9E8JFdVfD5(b#1okOfR|nWhuFy{_k!){KopWlWiG4~#j8{z=FDM& zvL6v=dRzh~*uthAJh}S1s+S`V3Xg-?sWP4vuafG2SoB!PAro$k+#?$c%x-1fbfxio z_KD7pf$>Jg#u|N5fPT-LKk#(JIiwVq9isQ?-<?+1Ww*#DmV6GyY?nz%A|)ZbpQWm3 z(B>x6GF78#n_KwBxq<MSXw&k1KS@0}jUbsi_V~ldl0<#fV|7<XqfJ)cU8vxFY0ulM z+*3}NU5a&M64&S0T$#42$$}p}m6!!gr9P(%^;UIbZaiFi#i3j4XRM2k=5pSiM{P5) zd;I3jn=G&uClze#hUuoEXL3a{A-LPvF!_=cnA(c)R79LS%&mYa0ysKya&o|Kq!F-< z6_{4IfE5PlDmDYIzAHB|d|;ms-*6r5)U0y8<)=B}KnSrR@+MQi!(_Kei?{m1Z(Drb zqY;(et3GZLYml%WwRG7aKMu0K(Rw4it8xWj#q}w^|GE5^TJO;CSlI&AtsRlj6pt6D zo2j0+Xp#FJZw{6xED(K+uBXOfFXsdibQdH9YPG^foQgP1=Yt3;7M%kmFf_211jTJz z6C(-24=YAa{UG(u`zk})QTEm&Kc>7QbM(f{I)(2HMON3^olxVcy_5r?+JinqqvRy3 z-FAe~R24~PS5?*Q=hH9R+@Z-ur>|EGhA#dsY!!g;#Hv*W2YeCAOaO@nJG-)l6&@>T zaTHltxobj49|4OF*x*s*9{}(WN=y?428W%c9`$#bIDXtLjEsTYjDIsumZ|^IFM^Gk z7xMjvtFrKg=w(JoNl0))2V&~`$a~>&M{|dM-{!X7;wWD}0>ko!gV~YAsZoST{(ceR zcwtLr+D`N;D`#`6r~7tiqvv`|U&K7VNz86@M&r<#>DVRD-LgvU?Ah<-A`i~b-fk1F zzCEpW)>8VeigOz=T(ww1K+Zuj{#CffLyWIGDvJh<TbTPK`}0MUWx|SnDEneUib$mD zmPuww!C65ThW1d=c8vvZ+)$qo@_PoiG!DJQBS!?2xhBHf1-;^BGb;9IySM7cd5`q} z3iL$mD=&<iTQDU_aUb_fsH}Lejgp>u48PSa=YM)zCo1J+$$L1KX28MWu=%z1sOz}) z7NU)#{~_6V0=nG&nRL5LATw`pN$16Vq0N8x<&d94TO~W$KJr-h?z<?9CFTo%lhCXi zY#W1R-w%YNB+J<ODKZj@P>?}3WRX1<ufV9^ZnYb4Zq{gWpog?P7wmhzS0GY-gi6&L zjPZY_^O!4(%zp;}xX3Q`e}N3YiUeByPZS~r)&FJxME!7N6lPKXFDT^Zgc}C%lHR^! za^ZIsg?Z|)QBdHlEP_qq-l@gKy(@OWqQSw&W(gFjx2Us&rl~kBk?Yd7ce^q;Q*u>* zK#3=JnV33yda^@t09eUhv;1+OP_56Re7v9uer8<MqN@EH3>c^fE?99fFfdS?c$q_m zpf6DudO7yiN|!QprE*3h-EtK^pb(CCYFSy7(A{1x$rMs>z5z9=Voq1O5;$FvlrkKQ zUD>PGf1oK+up4~YG`$DgZUh`j0(db9q=DafGGioiQ7K;9L<p9x0pJi6_505gi=G%d zR4Uc|KEx;g3(Cp~up%+I#><cqY(KCT0lrKKq!HLUAq^$K39{W&u8IPm53PP|@@4_J z6}U|Pb`eldqrizaz%lXz;zIrqMQ#56`utDQ3p~viIJhAB(tjFPAP=wpDD5Un@eT?C zCKOnE&LVh7@sBfvZUTNX+MYs8fr|iC4i8m1jFqni2~6X@H?!lx!A*^rsOp*iG-hH$ ze<FWyDK_fT!B|d{h}=;o6o&wTh+zD<6y?T@C_u3XpgL-(>agH5at~sF3vf^u%sNF_ z{AcsS9^9>{d&UaLlx5~)4#*5?z>vUfc9|fM0rVf+;pZOff`d-pp8h8v0z+F#er>HA zIH%#10)c`|W0VjGoC?)K#GebQWfT<|JW&oyc=O%P?VTOJwW-uqY6E;wHs|lMTbi50 z5Mb95VDZ`R-c|av`J7A^s-<*53J$A!pM^TTN`tau)wIbMi={ReoE1Vq$-@qXsw;*W zYW{<|0_EcWELU0=td75EtLS5SUtizl3l>?&4xs;l%4%DBC%N2!Kupn44cc;FUHyNB zvVx%a@gHrOQ~0<@Pd*ONC^}pnC4gEA^S_=9Xee;<mOS7~fCWe|H}Aios{XphVh{$f znPd>@_wRrK1fmEywFppOWc&^+hQJ}0Ky+Pmzh6=K`=x#$!)rK-f=)H1`B7o(yh6a# z{BKZHz!l93I0H~ICH4Psk`+1FAG%$tK=!xclivymsb3r^I6aK%$B74@R_ypF@nPjy zA_{-Iltl`#P--*uD0UWH%KfAFpZ~OeiC$b}fDu{yV??%npZg3bKEnwK6!ipte)(U_ z8+u@fjscSfP)fh&TLw4@<Np0{dx{$<XV~uv_Rr~xn$thsT@bHn)H!EQH2-3leogWR zbh>aoP_ovKmwMrkGl=tRo`8kqVK1toz~?F_s&?RW84oq4z(?c~=zj3|&zGRxWPEoq z1jaT5;zkEfQb>C2%?Q?Vufp0LTfoDhmgkq^{~fFJuMVw$@Ik}>9i{Yd#;kv^QUU)R zpY#tu)<1}^ze0|!s#FLG^hH3lrxH;RPBm9WJI%RB#vL5VfCQz2I5{V{R1w>`O9BtS zs{GCvsjVVj9K$@^n$c`HgVKD<MNhRwdPqA4cS8o>KA=)6JmT(XwqAfsQ-X1*S=n|} z%|Mrz<}mQ0hYkahhCS6K&s%7@;faNOa$NV9t0^H@hq#aerI^*ymGCP0`rPEjQ<wbJ zBKdyk`uNKaj%k&GvUw3M950TITB)Eerfpx;pHt(Ro*2F})=?j;>5<U0>ZXP}>n$^f z)X^)*6Y-xj=^?bAL#x7`cs%@)t}SV*ti=d;0zXZpIJ+#gJ{e|-rz(pKK486dYZlDb z0kGLrabwG&Vd$;^ff)O+v!m_cN9A}1))9kOfmQMjYx#z%AD{L(736Li>}_1zoV%m5 zmsyUdXv**5E_1`k#l6dU7LQ94y7S49`i@yr+8sAexxG*MrcIJ7tubM+8-7rLWN-)w zJh$5!?3aiX1w@iZr#8Hblw<M5*h%SJ6%-x!0+bH0-oAe9bnBD&i%a*9A1m{v%VdQF zMh4L%x>s(|i;DZdRWN}qiY|V^y`P`GKio;E(sHr6CEh79I;zb@Y?gABX!C0Ds_BN3 z*_421Dq%}hx$0a~IZpDm>jb5zgd5U2&w}72%*W479Jl7-A;2WEde&-5cF(2!>UZT^ zv@&*b{SgcBmmP29(&V@ZUY0VK&0ho+!Y5->sfg}foUmz05jT_6X$4WtorPSaCVXw0 zPh{#Q9XgdV^7ozip0j#u$(>in!n|aSkQK$qXd+Q4F856ng(<9BaJN?s*l>Z$d`l7R zH;JZk{~xVfYgAI%9``nlGp1!TiCGrCObfGo6_uqu@Wr5p`53LlGE_3CTbOC4lT%Ql zMG6{fsQ7+>reG?T<Et{o6jM_Moia&9OhbHR%H1?}*Q{C1m%Hw_^I@;E*WPEZeg6O7 zYXTiFmbCtZJdCRf@&V}&KecQ#HU>g4Z;Gx7K<zmdlBCbpf0r-T|KoqE#MT!*sH#d~ zy}SU@v`m0Di1=YpGwhb>T9U7+-DJ2KQhvEoy6c1ggLy|8`sFQneNzZ79sNk)eNk$V zZg(`8?Ei+m@`ijf`+)n2M`lHzJU)eRx5P71W^>*_FKQF4kD~<@J~~x~x_pC0yo^F` zFOQ-KX{Gd1uq*vK6{+w&e!Y>v!V4SW_0v||GhL{uM#BD>M15srD&pSZctoF5>%`ME zOpwNVtvuo590&u!I0JoUUm3_8nmU8+DLX>;-xk+fZm+q&Q*o%Iv7>g2et-LIWqzJ6 zJvAZDX~eV5yuF;G_sS>8!^Jm-9lByaW~Q0uf!C_phO6B%<nM0#dMOVk9;96-k#6gm zMeVC2Yv=e)0p|ZXpZ!}p$n+WmBmoeHQ~&OeCok2v+Ys05mhC4<2Un4+qD(}v8U%>f z>VW3fQ7x_2mV<!J2W|^XI-tH9HUL1TZn@Tz^E1s_c>gycV*h35<I`U4DCHh0HU9mf z|C<q7cBu7QG+Lma?rxRi*{B@eGbI~==Flm9g{}i8x2U76iW8Gnz?yk=hewrkmt+#A zVQ}#G?W{x_<waXwV3LPoKKs6p;zGY8f4R~sn-w+<VJCH`A!m_Ic5ic!b0pWU_U-(a zSmbP6J<E?i4LhP3E%Od-@H;bm_W8oTb;Y)^>@n_h`b-^ha!|lgGGgY~uP_#K%n*60 zp67VWY#4dcV<$jeO7mG`ByT#wO>g)4^|%g|t$beiL)&4)H6Vpd2(+>lmB0jYaXT7? zCD+x+;;XV?Hj@jsbO+4QV89^(m;b{$cVUZLwk+NJz5xt#MaEn60ebSD{Yleq9nMXQ zS<+U)G3`q_PCxRFZQA=WWBcar`c<+p;(<js3yk_&^WW0su^8p)33xr-(#{Lv<w06} zt!l~Z8^rc?lXvIiGms_6wEG91$dB55i<Q$7Vk7)$d6H`;;U`3KGz2>wW91Z`<&zG{ z?J4J6Iyv~B!N8crl$cq|c2g|+M~m;OXT4C*Z0X;~vvdi$3$eHp*EW39R6BWbDO005 zQ?!QyTXHTJKQsv<v|8H$cXA7a#x=mmF<Umo!+3Vs`BWb0#nUeUXo;MApabYpIm1RV z1)1#?`75B%mM^D4Z;r5n&}pYGW322O{saExZ38{uC}*R1+ECX?#QY%sC@5eiWZ~zh zFbIADZ#e&Hfx)xYT<$QZ5&IB|S<zfj=<D$D+0rm`tXF()4yxgt&t_>WN<MNw_mLd_ z$#8tcsprI&d5L`vR}&}kq&(=BTaT9K@CniEnT&+&zKy|rA8~WWyMK2HA`Cy#2?=gG zy+=gC*g+r~q^E{TR{1#`)L^(-m~#Wv2s_PjKCitt<pAq7QY?el67`~L^fLPJhr($d zotr^=U*>k`o6)BtT8f<XU3O~a72kZzQxnOag2Xvo^yKp5j7*DMWD3&<J+N|q!j{$$ z3+=yctYPiW$DZjJxZ{Rvjo;dogxHUTMaW^@uS7dv_?_TYrz*X!h+-~J+sWRSTdx#0 z7wJ|MCc9X*U?$yqgDqA^nm)_Lpchs#&Pkp_O&g0_ywK>&b(^V#CB0-+K5zgn=NPrC z1hzH|=AVA%PA30yn7QB%7bJrAf|_;BUSeQFGz7?VHj%3UHVytODxL4(&__pM*T<kA z$@NYoDOvArgMLLsKv0()dd#=KXe;%Xi;oQ=QZgYin4?s=>RU;g;>4kkBs0@P(XeW) z;*<?OyKmf6W@Pl%HilxnuwJ=cpsTrJiIZMidhdSc=0_N=V*N@Q)``V5hg63u!n0m3 z)9!$hn8|F$yqlY@>zD7gn_@cvKob3%Kfo!G)@-rPK8wSAqp9$9Cis>)hz6mnAUSj* zd;pFbC_439A)d8b=u|UHbyNt!NiDufv;xu&aFsc3wYRs2pX>bu65i<5+U7vc64wlP z^93}dM->h#;sqsAsja~7WHnmu2Skry&wjc-WV-lQGrMZh_0;UZB32ir18T!_t{6+G zWbTVB4y2~-rNi`<yB&z-{%hO0o=pOIY=k_2rsTA-GA(psU0E9Au}eZ(P%w)p^O|&^ z|7AZKABQ{7J`Zp$G{g#}l$y2NK2iJ%RDwcBLCc#K6r9GE!k`}3-5IrVL<k${JVPl^ z?TFW|_aWizU3i>HQ%j1Jw_}mf)1WTMRj5Nu+vAdARAuZtjdQGb#^)4`iN?)6hTAQM zF5y(AL>#enSFQMu?*YhALkI|nCIxdDIB5fuq5gcVPv>kPs5;cYzzn7N<4RK*S`m4# zGX*@kL)&T#@&5oTs4S|WvX!JR;25efum4hxf2Aq^S6l<!F+EwIlZ@Aa5ZoI?xrW2T zulQC$$vw6#367i0+(YwsO>*hjs_O<|4^tfo1PG_vpWXm55ABMFpR4)agK|Rw(~>Mi zA?0~{8$PqTBoJj56%_?g^j5lks(zVj;8%bKF!kTOsbJh!aS)&jB=Xt<zO5WtqN%Al zAIT3s`_200YG!AZ><V4P_<(&$qJ!Em7E;M@1&Na>9fCio@&cWxmQ-DhdJ;6x=7sud z2S~x+s68tNt;ed)rE2TzKr?ds=l}np@lr6u@s=-dkNNHcF|S&)V9R2#HZ@0EX9VYv HZ`6MPEO#^o literal 0 HcmV?d00001 diff --git a/source/index.rst b/source/index.rst index 48318757f717..acd214d25323 100644 --- a/source/index.rst +++ b/source/index.rst @@ -1,5 +1,6 @@ .. EBBR Source Document Copyright Arm Limited, 2017-2019 + Copyright Western Digital Corporation or its affiliates, 2021 SPDX-License-Identifier: CC-BY-SA-4.0 #################################################### @@ -8,6 +9,8 @@ Embedded Base Boot Requirements (EBBR) Specification Copyright © 2017-2019 Arm Limited and Contributors. +Copyright © 2021 Western Digital Corporation or its affiliates. + This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/ or send a letter to diff --git a/source/references.rst b/source/references.rst index 6d09d3c0aaa7..5b777a4d032f 100644 --- a/source/references.rst +++ b/source/references.rst @@ -29,3 +29,9 @@ .. [UEFI] `Unified Extensable Firmware Interface Specification v2.8 Errata A <https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf>`_, February 2020, `UEFI Forum <http://www.uefi.org>`_ + +.. [RVPLTSPEC] `RISC-V Platform specification <https://github.com/riscv/riscv-platform-specs>`_ + +.. [RVSBISPEC] `RISC-V Supervisor Binary Interface specification <https://github.com/riscv/riscv-sbi-doc>`_ + +.. [RVHYPSPEC] `RISC-V ISA Hypervisor extension <https://github.com/riscv/riscv-isa-manual/blob/master/src/hypervisor.tex>`_ -- 2.30.1

4 years, 6 months

5
15
0 0

No EBBR Biweekly for 5th or 19th July

by Grant Likely

I'm out on annual leave. There will be no EBBR biweekly meetings for July. g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 6 months

1
0
0 0

FF-A watchdog service

by François Ozog

Hi Following a discussion with Civil Infrastructure Project TSC, there is a watchdog protection issue with EFI: the time between the call to ExitBootService and Linux kernel takes over watchdog service is not covered by any watchdog protection. The EFI specification for BS.SetWatchdogTimer is very flexible as it states "perform a platform specific action that must eventually cause the platform to be reset.". So we could naively implement a solution that would arm platform hardware watchdog in addition to EFI timer. Assuming watchdog period is long enough that it cover the time for Linux to take over the hardware watchdog, there is nothing to be done in EFI Stub to benefit from the new protection. But this scheme fails to handle FF-A update capsules which can take a long time. So either the period is long enough to support that or we need a FF-A watchdog service. Based on Siemens feedback, time to update can last 20 minutes. StandAloneMM may also need such a protection so FF-A watchdog service seems desired. I'd be happy to receive feedback on the problem itself (watchdog in EFI) and on the possible solution (FF-A based). Cheers FF

4 years, 6 months

3
4
0 0

DTE call for June 28 canceled

by Bill Mills

All, Sorry but I am out on training tomorrow so I am going to cancel the call. Thanks, Bill -- Bill Mills Principal Technical Consultant, Linaro +1-240-643-0836 TZ: US Eastern Work Schedule: Tues/Wed/Thur

4 years, 6 months

1
0
0 0

EBBR Biweekly for 2021-Jun-21 -- cancelled

by Grant Likely

Hi all, I don't have an agenda for today and I didn't send out a reminder on Friday, so I'm cancelling for today. There are outstanding patches adding RISC-V support that still need to be reviewed and/or merged. Hopefully I'll be able to process those this week. I'll post any status updates to this mailing list g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 6 months

1
0
0 0

RE: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by Julian Hall

Hi, My interest in boot information passing is from the perspective of a down-boot-chain consumer. From this perspective, I have the following preferences: 1) Whatever information passing mechanism is used (e.g. HOB or DT), we use a common object identification scheme that may be used with either mechanism. This helps to decouple components that consume information from the actual delivery method. 2) A hierarchical naming scheme is used (e.g. like the DT 'compatible' string). This has the following benefits: a. Scales well as the naming authority can be delegated to different organisations. b. Clear traceability to the defining authority. c. No reliance on a central register of IDs. d. New IDs can be freely defined without much ceremony. e. Names can be meaningful and easy to understand. f. The hierarchical structure may be exploited if necessary to include things like family, version, instance number or any other structure that makes sense to the naming authority. Just my two cents worth. Best regards, Julian -----Original Message----- From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Madhukar Pappireddy via TF-A Sent: 19 May 2021 02:59 To: Joanna Farley <Joanna.Farley(a)arm.com>; Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass <sjg(a)chromium.org> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; Ed Stuber <edstuber(a)amperecomputing.com>; Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List <u-boot(a)lists.denx.de>; tf-a(a)lists.trustedfirmware.org; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Hi, I tried to summarize the discussions in the previous TF-A tech forum regarding the proposal to adopt Hand-off Blocks (HOBs) for passing information along the boot chain. I am certain I could not capture all suggestions/concerns brought up during the call. I apologize if I missed and/or misinterpreted any comments and would appreciate it if everyone could share their thoughts in response to this email thread. The idea is to share information to other boot phases: > Dynamic information: Created during runtime. Shared in the form of a chain of blobs(built as a linked list of C structure objects i.e., HOB list). > Static information: Known at compile time. Historically, shared through the use of Device Tree/ACPI tables Both the above requirements are common in many ecosystems and need to co-exist. There are broadly 3 problems to solve: 1. Format of HOB structures: It looks like the consensus is that we could use existing mechanisms for this (BL_AUX_PARAM in TF-A or bloblist in u-boot). 2. Identification of HOB list entries: There is a debate about whether tags would suffice or if the HOB list producer and consumer would depend on UUID/GUIDs for identifying a specific HOB structure. Another suggestion was to use a hybrid approach. Reserve a single tag ID for identifying/constructing a HOB structure that further leverages UUID based identifier. This way, the generic HOB list doesn't need to support UUIDs and can work with tags. 3. The design contract for the static interface between two boot phases: The problem at hand is whether to pass a pointer to a HOB list or a device tree blob through the general-purpose registers for configuration hand-off between two boot phases. Some proposals that came up: > Proposal 1: Always pass a pointer to the device tree blob through the GP register and capture the pointer to the HOB list as a property of a node that is uniquely identifiable by the downstream boot phase. This needs to define a device tree binding such that producer and consumer agree on the information passed. > Proposal 2: Pass a pointer to a generic container through the GP register that can be interpreted appropriately by both boot loaders(i.e., producer and consumer of the boot info). This container can either be a dtb or a HOB list which can be simply inferred by checking for a magic header that indicates if the buffer appears to be a flattened device tree. > One another concern that was brought up offline is to make sure we don't break current design contracts between various boot loader phases in TF-A. Many of the general-purpose registers have a designated purpose such as to share configurations between BL images( such as firmware config dtb, SoC config dtb, Non trusted firmware config dtb, memory layout, entry point info, etc.). If I am not mistaken, a single design may not fit the needs of every segment(client, Infra, embedded) and the forum is open to solutions tailored for individual segments. Joanna will be sending a follow up email with more information about future TF-A tech forums that serves as a platform for further discussions. Thanks, Madhukar -----Original Message----- From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna Farley via TF-A Sent: Sunday, May 16, 2021 5:19 AM To: Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass <sjg(a)chromium.org> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; Ed Stuber <edstuber(a)amperecomputing.com>; Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Apologies I failed with the recording. Manish/Madhu will reply early next week with the slides and some notes to help with a follow up session which we hope to hold this Thursday. Invite and agenda will also be sent out early next week. Thanks Joanna On 14/05/2021, 13:30, "TF-A on behalf of Okash Khawaja via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote: Hi, Do we have slides and video from last week's discussion? Thanks, Okash On Wed, May 5, 2021 at 11:52 PM Simon Glass via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > > Hi Harb, > > Thanks for the idea. I am still not completely sure what benefit UUID provides to an open project. I'd like to propose something different, more in the spirit of open collaboration. I also worry that the word 'standard' seems to be a synonym for UUIDs, UEFI, etc., i.e. enabling/preferring closed-source firmware and the continued decline of open-source projects. It really should not be. > > So I suggest: Use simple integer IDs and reserve some area for 'private' use. If you want to collaborate across projects outside your company, you either need to allocate a 'public' ID or agree privately between the parties which private ID to use. > > This means that the default and easiest option is for collaboration and a public ID, with private ones (whose purpose may be secret) reserved just for private use. > > Regards, > Simon > > On Wed, 5 May 2021 at 11:42, Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com> wrote: >> >> Hey Folks, >> >> We wanted to put out a middle-ground proposal to help guide the discussion on the call tomorrow. >> >> >> >> A proposal that we have been discussing offline involves reserving a single tag ID for the purpose of construction UEFI PI HOB List structure, and that tag would be used to identify a HOB-specific structure that does leverage UUID based identifier. This will eliminate the burden of having to support UUID as the tag, and this enables projects that require UUID based identifiers for the broad range of HOB structures that need to be produced during the booting of the platform. Once we have a tag for a HOB list, this will enable various HOB producers that can add/extend the HOB list in TF-A code (or even pre-TF-A code), with a HOB consumer for that UUID/GUID on the other side (i.e. whatever the BL33 image is booting on that platform). >> >> >> >> Essentially, the idea is if someone would like to support HOB structures in a standard way using TF-A, they would wrap it up in a BL_AUX_PARAM/BLOB structure (whatever the group decides) and the way we identify the structure as a HOB list is with this new reserved tag. >> >> >> >> Hopefully that makes sense and less contentious. Look forward to discuss this further on the call. >> >> >> >> Thanks, >> >> --Harb >> >> >> >> From: Manish Pandey2 <Manish.Pandey2(a)arm.com> >> Sent: Friday, April 30, 2021 8:14 AM >> To: François Ozog <francois.ozog(a)linaro.org> >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner <jwerner(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Hi All, >> >> >> >> Please find invite for next TF-A Tech Forum session to continue our discussions on HOB implementation, feel free to forward it to others. >> >> >> >> The next TF-A Tech Forum is scheduled for Thu 6th May 2021 16:00 – 17:00 (BST). >> >> >> >> Agenda: >> >> Discussion Session: Static and Dynamic Information Handling in TF-A >> >> Lead by Manish Pandey and Madhukar Pappireddy >> >> · There is ongoing mailing lists discussion[1] related with adopting a mechanism to pass information through boot stages. >> >> The requirement is two-fold: >> >> 1. Passing static information(config files) >> >> 2. Passing dynamic information (Hob list) >> >> In the upcoming TF-A tech forum, we can start with a discussion on dynamic information passing and if time permits, we can cover static information passing. The purpose of the call is to have an open discussion and continue the discussion from the trusted-substrate call[2] done earlier. We would like to understand the various requirements and possible ways to implement it in TF-A in a generalized way so that it can work with other Firmware projects. >> >> >> >> The two specific item which we would like to discuss are: >> >> 1. HOB format: TF-A/u-boot both has an existing bloblist implementation, which uses tag values. Question, can this be enhanced to use hybrid values(Tag and UUID) both? >> >> 2. Standardization on Physical register use to pass base of HoB data structure. >> >> References: >> >> [1] https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html >> >> [2] https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q% >> >> >> >> Thanks >> >> >> >> Joanna >> >> >> >> You have been invited to the following event. >> >> TF-A Tech Forum >> >> When >> >> Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time >> >> Calendar >> >> tf-a(a)lists.trustedfirmware.org >> >> Who >> >> • >> >> Bill Fletcher- creator >> >> • >> >> tf-a(a)lists.trustedfirmware.org >> >> more details » >> >> >> >> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. >> >> >> >> Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ >> >> >> >> Trusted Firmware is inviting you to a scheduled Zoom meeting. >> >> >> >> Join Zoom Meeting >> >> https://zoom.us/j/9159704974 >> >> >> >> Meeting ID: 915 970 4974 >> >> >> >> One tap mobile >> >> +16465588656,,9159704974# US (New York) >> >> +16699009128,,9159704974# US (San Jose) >> >> >> >> Dial by your location >> >> +1 646 558 8656 US (New York) >> >> +1 669 900 9128 US (San Jose) >> >> 877 853 5247 US Toll-free >> >> 888 788 0099 US Toll-free >> >> Meeting ID: 915 970 4974 >> >> Find your local number: https://zoom.us/u/ad27hc6t7h >> >> >> >> ________________________________ >> >> From: François Ozog <francois.ozog(a)linaro.org> >> Sent: 08 April 2021 16:50 >> To: Manish Pandey2 <Manish.Pandey2(a)arm.com> >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner <jwerner(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Hi >> >> >> >> here is the meeting recording: >> >> https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q%z >> >> >> >> I am really sorry about the confusion related to the meeting time. I have now understood: the Collaborate portal uses a specific calendar which is tied to US/Chicago timezone while the actual Google Calendar is tied to Central Europe timezone. I am going to drop the Collaborate portal and use a shared Google calendar (it should be visible on the trusted-substrate.org page). >> >> >> >> I'll try to summarize what I learnt and highlight my view on what can be next steps in a future mail. >> >> >> >> Cheers >> >> >> >> FF >> >> >> >> On Thu, 8 Apr 2021 at 13:56, Manish Pandey2 via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> >> >> From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms. >> >> >> >> To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed. >> >> >> >> The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations. >> >> >> >> One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.) >> >> >> >> Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values. >> >> >> >> Looking forward to having further discussions on zoom call today. >> >> >> >> Thanks >> >> Manish P >> >> >> >> ________________________________ >> >> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Julius Werner via TF-A <tf-a(a)lists.trustedfirmware.org> >> Sent: 25 March 2021 02:43 >> To: Simon Glass <sjg(a)chromium.org> >> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Just want to point out that TF-A currently already supports a (very simple) mechanism like this: >> >> >> >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> >> >> It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31. >> >> >> >> I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once. >> >> >> >> On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi Harb, >> >> >> >> On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com> wrote: >> >> Hello Folks, >> >> Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. >> >> >> >> I try to address the comments/feedback from Francois and Simon below…. >> >> >> >> @François Ozog – happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT. >> >> >> >> Note that I’m using the term “HOB” here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases. >> >> >> >> The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoC’s that support *any* BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity – e.g. an ODM/OEM). >> >> >> >> Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model: >> >> “SoC” or “silicon” firmware – in TF-A this may map to BL1, BL2, BL31, and *possibly* one or more BL32 instances >> “Platform” or “board” firmware – in TF-A this may map to BL33 and *possibly* one or more BL32 instances. >> >> >> >> Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code. >> >> >> >> To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software. >> >> >> >> I understand the versatility of DT, but I see two major problems with DT: >> >> DT requires more complicated parsing to get properties, and even more complex to dynamically set properties – this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained. >> DT is probably overkill for this purpose – We really just want a list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob) >> >> >> >> I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs). >> >> >> >> Frankly, I would personally push back pretty hard on defining SMC’s for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls. >> >> >> >> Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call. >> >> >> >> @Simon Glass - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a good baseline for what we may be looking for. >> >> >> >> That being said, I would say that there is some benefit in having some kind of unique identifiers (e.g. UUID or some unique signature) so that we can tie standardized data structures (based on some future TBD specs) to a particular ID. For example, if the TPM driver in BL33 is looking for the TPM structure in the HOB/BOB list, and may not care about the other data blobs. The driver needs a way to identify and locate the blob it cares about. >> >> >> >> The tag is intended to serve that purpose, although perhaps it should switch from an auto-allocating enum to one with explicit values for each entry and a range for 'local' use. >> >> >> >> I guess we can achieve this with the tag, but the problem with tag when you have eco-system with a lot of parties doing parallel development, you can end up with tag collisions and folks fighting about who has rights to what tag values. We would need some official process for folks to register tags for whatever new structures we define, or maybe some tag range for vendor specific structures. This comes with a lot of pain and bureaucracy. On the other hand, UUID has been a proven way to make it easy to just define your own blobs with *either* standard or vendor specific structures without worry of ID collisions between vendors. >> >> >> >> True. I think the pain is overstated, though. In this case I think we actually want something that can be shared between projects and orgs, so some amount of coordination could be considered a benefit. It could just be a github pull request. I find the UUID unfriendly and not just to code size and eyesight! Trying to discover what GUIDs mean or are valid is quite tricky. E.g. see this code: >> >> >> >> #define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ >> EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ >> 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) >> >> (etc.) >> >> >> >> static struct guid_name { >> efi_guid_t guid; >> const char *name; >> } guid_name[] = { >> { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, >> { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, >> { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, >> { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, >> { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, >> { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, >> >> (never figured out what those two are) >> >> >> { FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, >> { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, >> { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, >> { {}, "zero-guid" }, >> {} >> }; >> >> static const char *guid_to_name(const efi_guid_t *guid) >> { >> struct guid_name *entry; >> >> for (entry = guid_name; entry->name; entry++) { >> if (!guidcmp(guid, &entry->guid)) >> return entry->name; >> } >> >> return NULL; >> } >> >> >> >> Believe it or not it took a fair bit of effort to find just that small list, with nearly every one in a separate doc, from memory. >> >> >> >> >> >> We can probably debate whether there is any value in GUID/UUID or not during the call… but again, boblist seems like a reasonable starting point as an alternative to HOB. >> >> >> >> Indeed. There is certainly value in both approaches. >> >> >> >> Regards, >> >> Simon >> >> >> >> >> >> Thanks, >> >> --Harb >> >> >> >> From: François Ozog <francois.ozog(a)linaro.org> >> Sent: Tuesday, March 23, 2021 10:00 AM >> To: François Ozog <francois.ozog(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Paul Isaac's <paul.isaacs(a)linaro.org> >> Cc: Simon Glass <sjg(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> +Ron Minnich +Paul Isaac's >> >> >> >> Adding Ron and Paul because I think this interface should be also benefiting LinuxBoot efforts. >> >> >> >> On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> >> >> I propose we cover the topic at the next Trusted Substrate zoom call on April 8th 4pm CET. >> >> >> >> The agenda: >> >> ABI between non-secure firmware and the rest of firmware (EL3, S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions. >> >> runtime conditions here relates to DRAM size and topology detection, secure DRAM memory carvings, PSCI and SCMI interface publishing. >> >> >> >> For additional background on existing metadata: UEFI Platform Initialization Specification Version 1.7, 5.5 Resource Descriptor HOB >> >> Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY. >> >> This HOB lacks memory NUMA attachment or something that could be related to fill SRAT table for ACPI or relevant DT proximity domains. >> >> HOB is not consistent accros platforms: some platforms (Arm) lists memory from the booting NUMA node, other platforms (x86) lists all memory from all NUMA nodes. (At least this is the case on the two platforms I tested). >> >> >> >> There are two proposals to use memory structures from SPL/BLx up to the handover function (as defined in the Device Tree technical report) which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or EDK2. >> >> I would propose we also discuss possibility of FF-A interface to actually query information or request actions to be done (this is a model actually used in some SoCs with proprietary SMC calls). >> >> >> >> Requirements (to be validated): >> >> - ACPI and DT hardware descriptions. >> >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2) >> >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2, TF-A/LinuxBoot) >> >> - at least allows complete DRAM description and "persistent" usage (reserved areas for secure world or other usages) >> >> - support secure world device assignment >> >> >> >> Cheers >> >> >> >> FF >> >> >> >> >> >> On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg(a)chromium.org> wrote: >> >> Hi, >> >> Can I suggest using bloblist for this instead? It is lightweight, >> easier to parse, doesn't have GUIDs and is already used within U-Boot >> for passing info between SPL/U-Boot, etc. >> >> Docs here: https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist >> Header file describes the format: >> https://github.com/u-boot/u-boot/blob/master/include/bloblist.h >> >> Full set of unit tests: >> https://github.com/u-boot/u-boot/blob/master/test/bloblist.c >> >> Regards, >> Simon >> >> On Mon, 22 Mar 2021 at 23:58, François Ozog <francois.ozog(a)linaro.org> wrote: >> > >> > +Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org> >> > >> > standardization is very much welcomed here and need to accommodate a very >> > diverse set of situations. >> > For example, TEE OS may need to pass memory reservations to BL33 or >> > "capture" a device for the secure world. >> > >> > I have observed a number of architectures: >> > 1) pass information from BLx to BLy in the form of a specific object >> > 2) BLx called by BLy by a platform specific SMC to get information >> > 3) BLx called by BLy by a platform specific SMC to perform Device Tree >> > fixups >> > >> > I also imagined a standardized "broadcast" FF-A call so that any firmware >> > element can either provide information or "do something". >> > >> > My understanding of your proposal is about standardizing on architecture 1) >> > with the HOB format. >> > >> > The advantage of the HOB is simplicity but it may be difficult to implement >> > schemes such as pruning a DT because device assignment in the secure world. >> > >> > In any case, it looks feasible to have TF-A and OP-TEE complement the list >> > of HOBs to pass information downstream (the bootflow). >> > >> > It would be good to start with building the comprehensive list of >> > information that need to be conveyed between firmware elements: >> > >> > information. | authoritative entity | reporting entity | information >> > exchanged: >> > dram | TFA | TFA | >> > <format to be detailed, NUMA topology to build the SRAT table or DT >> > equivalent?> >> > PSCI | SCP | TFA? | >> > SCMI | SCP or TEE-OS | TFA? TEE-OS?| >> > secure SRAM | TFA. | TFA. | >> > secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | >> > other? | | >> > | >> > >> > Cheers >> > >> > FF >> > >> > >> > On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < >> > tf-a(a)lists.trustedfirmware.org> wrote: >> > >> > > Hello Folks, >> > > >> > > >> > > >> > > I'm emailing to start an open discussion about the adoption of a concept >> > > known as "hand-off blocks" or HOB to become a part of the TF-A Firmware >> > > Framework Architecture (FFA). This is something that is a pretty major >> > > pain point when it comes to the adoption of TF-A in ARM Server SoC’s >> > > designed to enable a broad range of highly configurable datacenter >> > > platforms. >> > > >> > > >> > > >> > > >> > > >> > > What is a HOB (Background)? >> > > >> > > --------------------------- >> > > >> > > UEFI PI spec describes a particular definition for how HOB may be used for >> > > transitioning between the PEI and DXE boot phases, which is a good >> > > reference point for this discussion, but not necessarily the exact solution >> > > appropriate for TF-A. >> > > >> > > >> > > >> > > A HOB is simply a dynamically generated data structure passed in between >> > > two boot phases. This is information that was obtained through discovery >> > > and needs to be passed forward to the next boot phase *once*, with no API >> > > needed to call back (e.g. no call back into previous firmware phase is >> > > needed to fetch this information at run-time - it is simply passed one time >> > > during boot). >> > > >> > > >> > > >> > > There may be one or more HOBs passed in between boot phases. If there are >> > > more than one HOB that needs to be passed, this can be in a form of a "HOB >> > > table", which (for example) could be a UUID indexed array of pointers to >> > > HOB structures, used to locate a HOB of interest (based on UUID). In such >> > > cases, instead of passing a single HOB, the boot phases may rely on passing >> > > the pointer to the HOB table. >> > > >> > > >> > > >> > > This has been extremely useful concept to employ on highly configurable >> > > systems that must rely on flexible discovery mechanisms to initialize and >> > > boot the system. This is especially helpful when you have multiple >> > > >> > > >> > > >> > > >> > > >> > > Why do we need HOBs in TF-A?: >> > > >> > > ----------------------------- >> > > >> > > It is desirable that EL3 firmware (e.g. TF-A) built for ARM Server SoC in >> > > a way that is SoC specific *but* platform agnostic. This means that a >> > > single ARM SoC that a SiP may deliver to customers may provide a single >> > > TF-A binary (e.g. BL1, BL2, BL31) that could be used to support a broad >> > > range of platform designs and configurations in order to boot a platform >> > > specific firmware (e.g. BL33 and possibly even BL32 code). In order to >> > > achieve this, the platform configuration must be *discovered* instead of >> > > statically compiled as it is today in TF-A via device tree based >> > > enumeration. The mechanisms of discovery may differ broadly depending on >> > > the relevant industry standard, or in some cases may have rely on SiP >> > > specific discovery flows. >> > > >> > > >> > > >> > > For example: On server systems that support a broad range DIMM memory >> > > population/topologies, all the necessary information required to boot is >> > > fully discovered via standard JEDEC Serial Presence Detect (SPD) over an >> > > I2C bus. Leveraging the SPD bus, may platform variants could be supported >> > > with a single TF-A binary. Not only is this information required to >> > > initialize memory in early boot phases (e.g. BL2), the subsequent boot >> > > phases will also need this SPD info to construct a system physical address >> > > map and properly initialize the MMU based on the memory present, and where >> > > the memory may be present. Subsequent boot phases (e.g. BL33 / UEFI) may >> > > need to generate standard firmware tables to the operating systems, such as >> > > SMBIOS tables describing DIMM topology and various ACPI tables (e.g. SLIT, >> > > SRAT, even NFIT if NVDIMM's are present). >> > > >> > > >> > > >> > > In short, it all starts with a standardized or vendor specific discovery >> > > flow in an early boot stage (e.g. BL1/BL2), followed by the passing of >> > > information to the next boot stages (e.g. BL31/BL32/BL33). >> > > >> > > >> > > >> > > Today, every HOB may be a vendor specific structure, but in the future >> > > there may be benefit of defining standard HOBs. This may be useful for >> > > memory discovery, passing the system physical address map, enabling TPM >> > > measured boot, and potentially many other common HOB use-cases. >> > > >> > > >> > > >> > > It would be extremely beneficial to the datacenter market segment if the >> > > TF-A community would adopt this concept of information passing between all >> > > boot phases as opposed to rely solely on device tree enumeration. This is >> > > not intended to replace device tree, rather intended as an alternative way >> > > to describe the info that must be discovered and dynamically generated. >> > > >> > > >> > > >> > > >> > > >> > > Conclusion: >> > > >> > > ----------- >> > > >> > > We are proposing that the TF-A community begin pursuing the adoption of >> > > HOBs as a mechanism used for information exchange between each boot stage >> > > (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer term we >> > > want to explore standardizing some HOB structures for the BL33 phase (e.g. >> > > UEFI HOB structures), but initially would like to agree on this being a >> > > useful mechanism used to pass information between each boot stage. >> > > >> > > >> > > >> > > Thanks, >> > > >> > > --Harb >> > > >> > > >> > > >> > > >> > > >> > > >> > > -- >> > > TF-A mailing list >> > > TF-A(a)lists.trustedfirmware.org >> > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> > > >> > >> > >> > -- >> > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* >> > T: +33.67221.6485 >> > francois.ozog(a)linaro.org | Skype: ffozog >> > _______________________________________________ >> > boot-architecture mailing list >> > boot-architecture(a)lists.linaro.org >> > https://lists.linaro.org/mailman/listinfo/boot-architecture >> >> >> >> >> -- >> >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group >> >> T: +33.67221.6485 >> francois.ozog(a)linaro.org | Skype: ffozog >> >> >> >> -- >> TF-A mailing list >> TF-A(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> >> >> >> >> -- >> >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group >> >> T: +33.67221.6485 >> francois.ozog(a)linaro.org | Skype: ffozog >> >> >> >> -- >> TF-A mailing list >> TF-A(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> >> -- >> TF-A mailing list >> TF-A(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> >> >> >> >> -- >> >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group >> >> T: +33.67221.6485 >> francois.ozog(a)linaro.org | Skype: ffozog >> >> > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 6 months

4
3
0 0

Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by François Ozog

+Loic from ST for 32bits perspective. Le ven. 18 juin 2021 à 19:17, Tom Rini <trini(a)konsulko.com> a écrit : > On Thu, Jun 17, 2021 at 04:45:48PM -0700, raghu.ncstate(a)icloud.com wrote: > > [snip] > > I also think it is incorrect to partition platforms into what > u-boot/linux boot/embdedded systems do and what “UEFI/private code” does. > UEFI is a huge part of the ARM eco-system and is being used fairly > extensively and supported across different markets and is not private code. > > I don't think "u-boot/linux boot/embedded systems" vs "UEFI/private > code" is the right distinction. It's "device tree/related" vs > "ACPI/related" as the difference between U-Boot (for example) and EDK II > (for another example) on aarch64 booting a system via EFI is that U-Boot > is likely to be passing in a device tree (setting aside what we can do > on x86 as a digression) and EDK II being likely to pass ACPI/related. > In both cases we can quite easily be talking about all of the data > having been written to persistent flash and automatically passed along. > > To riff on a phrase, U-Boot can be quite boring too. > > -- > Tom > -- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

4 years, 6 months

1
0
0 0

RE: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by raghu.ncstate＠icloud.com

My take: Don’t force device tree on platforms. Lets not make decisions about whether SDRAM is sufficient to expose device tree, that is assuming size may be the only problem with device tree. Some platforms don’t want to use device tree just like some platforms don’t want to use UUID’s(which b.t.w does not necessarily mean private use as was explained during the TF-A forums). I support ARM’s proposal that partitions the problem based on market segments and allows different platforms to choose what is right for them, that includes the ability to use UUID if a platform so chooses AND across boundaries. I wouldn’t vote for the proposal below about using bloblist for simple things and device tree for other complex things based on SRAM/SDRAM etc. that complicates things further. What if you need to pass information from the bloblist to later boot stages? Do we take data from bloblist and patch it into a device tree? I also think it is incorrect to partition platforms into what u-boot/linux boot/embdedded systems do and what “UEFI/private code” does. UEFI is a huge part of the ARM eco-system and is being used fairly extensively and supported across different markets and is not private code. Thanks -Raghu From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of François Ozog via TF-A Sent: Thursday, June 17, 2021 12:57 PM To: Simon Glass <sjg(a)chromium.org> Cc: Ed Stuber <edstuber(a)amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Arjun Khare <akhare(a)amperecomputing.com>; tf-a(a)lists.trustedfirmware.org; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Le jeu. 17 juin 2021 à 21:38, Simon Glass <sjg(a)chromium.org <mailto:sjg@chromium.org> > a écrit : Hi, On Fri, 11 Jun 2021 at 05:52, François Ozog <francois.ozog(a)linaro.org <mailto:francois.ozog@linaro.org> > wrote: On Thu, 10 Jun 2021 at 23:57, Manish Pandey2 <Manish.Pandey2(a)arm.com <mailto:Manish.Pandey2@arm.com> > wrote: Hi Everyone, I have tried to conclude the discussions we had in two of the TF-A tech forum sessions and on mailing list. The problem we are trying to solve is already solved in different projects in different ways, the purpose of these discussions was to come up with a standard way which can be adopted widely. Considering that many Firmware projects are not DT aware its better to avoid its usage and use simple C structures for wider acceptance. Based on the discussions following design came up as most acceptable solution * Use list of pre-defined C data structures(blobs) to pass information, let's call it bloblist * Only bootloaders stages will participate * Blobs will be identified by either tags or UUIDs They always have a tag, but one of the tags can be BLOBLISTT_UUID indicating it is for private use. But we should not allow this for passing across a boundary, so that no software needs to deal with UUID unless it is UEFI / private code. So, basically what Francios says below. * * Pass pointer to the bloblist head through x0 * Existing usage of x0 will be translated into a blob After all discussions, I now support Simon proposal to use existing bloblist: it does the job, is already upstream in key projects (core boot, U-Boot), is supported on x86 and Arm. I would think of a few additions on the bloblist_rec: struct <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/blob…> bloblist_rec { <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/u32> u32 <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/tag> tag; <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/u32> u32 <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/hdr_…> hdr_size; <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/u32> u32 size; <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/u32> u32 <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/spare> spare; }; enum <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/blob…> bloblist_tag_t { <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_NONE = 0, /* Vendor-specific tags are permitted here */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_EC_HOSTEVENT, /* Chromium OS EC host-event mask */ We can give these each a value (=1, =2) so it is clear. <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_SPL_HANDOFF, /* Hand-off info from SPL */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_VBOOT_CTX, /* Chromium OS verified boot context */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_VBOOT_HANDOFF, /* Chromium OS internal handoff info */ /* * Advanced Configuration and Power Interface Global Non-Volatile * Sleeping table. This forms part of the ACPI tables passed to Linux. */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_ACPI_GNVS, <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_INTEL_VBT, /* Intel Video-BIOS table */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_TPM2_TCG_LOG, /* TPM v2 log space */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_TCPA_LOG, /* TPM log space */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_ACPI_TABLES, /* ACPI tables for x86 */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_SMBIOS_TABLES, /* SMBIOS tables for x86 */ How about: BLOBLISTT_LOCAL = 0xf0000000u /* values in this space are for local use during development */ <https://elixir.bootlin.com/u-boot/latest/source/include/latest/C/ident/BLOB…> BLOBLISTT_COUNT }; I would add a BLOBLISTT_UUID for all proprietary things that people want to add. Using private space in a 64 bit field does not make the thing open. So by using this tag, we know exactly the nature of the blob. Negotiating for adding a new tag is a good open governance process. +1 We may have to deal with super small SRAM (256KB) and thus we can assume the bloblist will be a single region of blobs. So I would add a BLOBLISTT_CONTINUATION which would be a pointer from the SRAM bloblist to a DRAM backed bloblist. It is possible to relocate a bloblist, so I wonder if another approach would be to allow the bloblist to grow as it progresses through the boot (e.g. once SDRAM is available). That is what U-Boot does and it makes the code simpler (although only very slightly). However, it does introduce copying overhead...? looks good: just making the problem. Other tags to consider: PSCI interface details, DRAM information, SCMI stuff, Secure SRAM and DRAM information... * Going forward we would provide core changes to demonstrate this design on various TF-A boundries, BL1<->BL2, BL2<->BL31 and BL31<->BL33(only BL31 part) Please share your thoughts if you disagree to the proposed solution. Also, refer to attached slide deck which was presented during last tech forum session on 3rd june, it also captures the points discussed during meeting and next steps for implementing it in TF-A. Re devicetree, how about we use bloblist for simple things, but use a devicetree (perhaps in the bloblist) once SDRAM is available. Blobs that were created pre-SDRAM can continue to be passed on, but anything created after SDRAM is available should use devicetree? This would ensure that complex structures use devicetree rather than C structs, which are of course harder to extend / describe. +1 Regards, Simon Thanks Manish Pandey _____ From: Joanna Farley <Joanna.Farley(a)arm.com <mailto:Joanna.Farley@arm.com> > Sent: 02 June 2021 16:26 To: Madhukar Pappireddy <Madhukar.Pappireddy(a)arm.com <mailto:Madhukar.Pappireddy@arm.com> >; Okash Khawaja <okash.khawaja(a)gmail.com <mailto:okash.khawaja@gmail.com> >; Simon Glass <sjg(a)chromium.org <mailto:sjg@chromium.org> > Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com <mailto:abdulhamid@os.amperecomputing.com> >; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org <mailto:boot-architecture@lists.linaro.org> >; Ed Stuber <edstuber(a)amperecomputing.com <mailto:edstuber@amperecomputing.com> >; Arjun Khare <akhare(a)amperecomputing.com <mailto:akhare@amperecomputing.com> >; U-Boot Mailing List <u-boot(a)lists.denx.de <mailto:u-boot@lists.denx.de> >; Paul Isaac's <paul.isaacs(a)linaro.org <mailto:paul.isaacs@linaro.org> >; Ron Minnich <rminnich(a)google.com <mailto:rminnich@google.com> >; Moe Ammar <moe(a)amperecomputing.com <mailto:moe@amperecomputing.com> >; tf-a(a)lists.trustedfirmware.org <mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org <mailto:tf-a@lists.trustedfirmware.org> >; Manish Pandey2 <Manish.Pandey2(a)arm.com <mailto:Manish.Pandey2@arm.com> > Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages + TF-A list that got dropped (again)! Joanna From: Joanna Farley < <mailto:Joanna.Farley@arm.com> Joanna.Farley(a)arm.com> Date: Wednesday, 2 June 2021 at 15:29 To: Madhukar Pappireddy < <mailto:Madhukar.Pappireddy@arm.com> Madhukar.Pappireddy(a)arm.com>, Okash Khawaja < <mailto:okash.khawaja@gmail.com> okash.khawaja(a)gmail.com>, Simon Glass < <mailto:sjg@chromium.org> sjg(a)chromium.org> Cc: Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com>, Boot Architecture Mailman List < <mailto:boot-architecture@lists.linaro.org> boot-architecture(a)lists.linaro.org>, Ed Stuber < <mailto:edstuber@amperecomputing.com> edstuber(a)amperecomputing.com>, Arjun Khare < <mailto:akhare@amperecomputing.com> akhare(a)amperecomputing.com>, U-Boot Mailing List < <mailto:u-boot@lists.denx.de> u-boot(a)lists.denx.de>, Paul Isaac's < <mailto:paul.isaacs@linaro.org> paul.isaacs(a)linaro.org>, Ron Minnich < <mailto:rminnich@google.com> rminnich(a)google.com>, Moe Ammar < <mailto:moe@amperecomputing.com> moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Hi Everyone, The Manish Pandy and Madhukar Pappireddy of the TF-A team are planning to host another TF-A Tech Forum this Thursday to continue the live discussion. Here is their agenda: On tech forum this week, we would like to continue discussions on HOB list design. The topics which we would like to cover is 1. Evaluate different proposals of passing information through boot phases. 2. If we don't get an agreement on one solution fit for all then we would try to get consensus for Infra segment platform(to solve original problem mentioned by Harb) 3. Try to get an agreement on size of tags and how "hybrid and tag only" HOB list can co-exist together? Details of the call are: ====================== TF-A Tech Forum When Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time Calendar <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org Who • Bill Fletcher- creator • <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: <https://www.trustedfirmware.org/meetings/tf-a-technical-forum/> https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting <https://zoom.us/j/9159704974> https://zoom.us/j/9159704974 Meeting ID: <tel:(915)%20970-4974> 915 970 4974 One tap mobile <tel:(646)%20558-8656> +16465588656,, <tel:(915)%20970-4974> 9159704974# US (New York) <tel:(669)%20900-9128> +16699009128,, <tel:(915)%20970-4974> 9159704974# US (San Jose) Dial by your location <tel:(646)%20558-8656> +1 646 558 8656 US (New York) <tel:(669)%20900-9128> +1 669 900 9128 US (San Jose) <tel:(877)%20853-5247> 877 853 5247 US Toll-free <tel:(888)%20788-0099> 888 788 0099 US Toll-free Meeting ID: <tel:(915)%20970-4974> 915 970 4974 Find your local number: <https://zoom.us/u/ad27hc6t7h> https://zoom.us/u/ad27hc6t7h ================ Joanna On 19/05/2021, 03:50, "Madhukar Pappireddy" < <mailto:Madhukar.Pappireddy@arm.com> Madhukar.Pappireddy(a)arm.com> wrote: Attached slides presented by Manish in the TF-A tech forum. -----Original Message----- From: TF-A < <mailto:tf-a-bounces@lists.trustedfirmware.org> tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Madhukar Pappireddy via TF-A Sent: Tuesday, May 18, 2021 8:59 PM To: Joanna Farley < <mailto:Joanna.Farley@arm.com> Joanna.Farley(a)arm.com>; Okash Khawaja < <mailto:okash.khawaja@gmail.com> okash.khawaja(a)gmail.com>; Simon Glass < <mailto:sjg@chromium.org> sjg(a)chromium.org> Cc: Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < <mailto:boot-architecture@lists.linaro.org> boot-architecture(a)lists.linaro.org>; Ed Stuber < <mailto:edstuber@amperecomputing.com> edstuber(a)amperecomputing.com>; Arjun Khare < <mailto:akhare@amperecomputing.com> akhare(a)amperecomputing.com>; U-Boot Mailing List < <mailto:u-boot@lists.denx.de> u-boot(a)lists.denx.de>; <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org; Paul Isaac's < <mailto:paul.isaacs@linaro.org> paul.isaacs(a)linaro.org>; Ron Minnich < <mailto:rminnich@google.com> rminnich(a)google.com>; Moe Ammar < <mailto:moe@amperecomputing.com> moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Hi, I tried to summarize the discussions in the previous TF-A tech forum regarding the proposal to adopt Hand-off Blocks (HOBs) for passing information along the boot chain. I am certain I could not capture all suggestions/concerns brought up during the call. I apologize if I missed and/or misinterpreted any comments and would appreciate it if everyone could share their thoughts in response to this email thread. The idea is to share information to other boot phases: > Dynamic information: Created during runtime. Shared in the form of a chain of blobs(built as a linked list of C structure objects i.e., HOB list). > Static information: Known at compile time. Historically, shared through the use of Device Tree/ACPI tables Both the above requirements are common in many ecosystems and need to co-exist. There are broadly 3 problems to solve: 1. Format of HOB structures: It looks like the consensus is that we could use existing mechanisms for this (BL_AUX_PARAM in TF-A or bloblist in u-boot). 2. Identification of HOB list entries: There is a debate about whether tags would suffice or if the HOB list producer and consumer would depend on UUID/GUIDs for identifying a specific HOB structure. Another suggestion was to use a hybrid approach. Reserve a single tag ID for identifying/constructing a HOB structure that further leverages UUID based identifier. This way, the generic HOB list doesn't need to support UUIDs and can work with tags. 3. The design contract for the static interface between two boot phases: The problem at hand is whether to pass a pointer to a HOB list or a device tree blob through the general-purpose registers for configuration hand-off between two boot phases. Some proposals that came up: > Proposal 1: Always pass a pointer to the device tree blob through the GP register and capture the pointer to the HOB list as a property of a node that is uniquely identifiable by the downstream boot phase. This needs to define a device tree binding such that producer and consumer agree on the information passed. > Proposal 2: Pass a pointer to a generic container through the GP register that can be interpreted appropriately by both boot loaders(i.e., producer and consumer of the boot info). This container can either be a dtb or a HOB list which can be simply inferred by checking for a magic header that indicates if the buffer appears to be a flattened device tree. > One another concern that was brought up offline is to make sure we don't break current design contracts between various boot loader phases in TF-A. Many of the general-purpose registers have a designated purpose such as to share configurations between BL images( such as firmware config dtb, SoC config dtb, Non trusted firmware config dtb, memory layout, entry point info, etc.). If I am not mistaken, a single design may not fit the needs of every segment(client, Infra, embedded) and the forum is open to solutions tailored for individual segments. Joanna will be sending a follow up email with more information about future TF-A tech forums that serves as a platform for further discussions. Thanks, Madhukar -----Original Message----- From: TF-A < <mailto:tf-a-bounces@lists.trustedfirmware.org> tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna Farley via TF-A Sent: Sunday, May 16, 2021 5:19 AM To: Okash Khawaja < <mailto:okash.khawaja@gmail.com> okash.khawaja(a)gmail.com>; Simon Glass < <mailto:sjg@chromium.org> sjg(a)chromium.org> Cc: Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < <mailto:boot-architecture@lists.linaro.org> boot-architecture(a)lists.linaro.org>; <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org; Ed Stuber < <mailto:edstuber@amperecomputing.com> edstuber(a)amperecomputing.com>; Arjun Khare < <mailto:akhare@amperecomputing.com> akhare(a)amperecomputing.com>; U-Boot Mailing List < <mailto:u-boot@lists.denx.de> u-boot(a)lists.denx.de>; Paul Isaac's < <mailto:paul.isaacs@linaro.org> paul.isaacs(a)linaro.org>; Ron Minnich < <mailto:rminnich@google.com> rminnich(a)google.com>; Moe Ammar < <mailto:moe@amperecomputing.com> moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Apologies I failed with the recording. Manish/Madhu will reply early next week with the slides and some notes to help with a follow up session which we hope to hold this Thursday. Invite and agenda will also be sent out early next week. Thanks Joanna On 14/05/2021, 13:30, "TF-A on behalf of Okash Khawaja via TF-A" < <mailto:tf-a-bounces@lists.trustedfirmware.org> tf-a-bounces(a)lists.trustedfirmware.org on behalf of <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org> wrote: Hi, Do we have slides and video from last week's discussion? Thanks, Okash On Wed, May 5, 2021 at 11:52 PM Simon Glass via TF-A < <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org> wrote: > > Hi Harb, > > Thanks for the idea. I am still not completely sure what benefit UUID provides to an open project. I'd like to propose something different, more in the spirit of open collaboration. I also worry that the word 'standard' seems to be a synonym for UUIDs, UEFI, etc., i.e. enabling/preferring closed-source firmware and the continued decline of open-source projects. It really should not be. > > So I suggest: Use simple integer IDs and reserve some area for 'private' use. If you want to collaborate across projects outside your company, you either need to allocate a 'public' ID or agree privately between the parties which private ID to use. > > This means that the default and easiest option is for collaboration and a public ID, with private ones (whose purpose may be secret) reserved just for private use. > > Regards, > Simon > > On Wed, 5 May 2021 at 11:42, Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com> wrote: >> >> Hey Folks, >> >> We wanted to put out a middle-ground proposal to help guide the discussion on the call tomorrow. >> >> >> >> A proposal that we have been discussing offline involves reserving a single tag ID for the purpose of construction UEFI PI HOB List structure, and that tag would be used to identify a HOB-specific structure that does leverage UUID based identifier. This will eliminate the burden of having to support UUID as the tag, and this enables projects that require UUID based identifiers for the broad range of HOB structures that need to be produced during the booting of the platform. Once we have a tag for a HOB list, this will enable various HOB producers that can add/extend the HOB list in TF-A code (or even pre-TF-A code), with a HOB consumer for that UUID/GUID on the other side (i.e. whatever the BL33 image is booting on that platform). >> >> >> >> Essentially, the idea is if someone would like to support HOB structures in a standard way using TF-A, they would wrap it up in a BL_AUX_PARAM/BLOB structure (whatever the group decides) and the way we identify the structure as a HOB list is with this new reserved tag. >> >> >> >> Hopefully that makes sense and less contentious. Look forward to discuss this further on the call. >> >> >> >> Thanks, >> >> --Harb >> >> >> >> From: Manish Pandey2 < <mailto:Manish.Pandey2@arm.com> Manish.Pandey2(a)arm.com> >> Sent: Friday, April 30, 2021 8:14 AM >> To: François Ozog < <mailto:francois.ozog@linaro.org> francois.ozog(a)linaro.org> >> Cc: Simon Glass < <mailto:sjg@chromium.org> sjg(a)chromium.org>; Julius Werner < <mailto:jwerner@chromium.org> jwerner(a)chromium.org>; Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < <mailto:boot-architecture@lists.linaro.org> boot-architecture(a)lists.linaro.org>; <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org; U-Boot Mailing List < <mailto:u-boot@lists.denx.de> u-boot(a)lists.denx.de>; Paul Isaac's < <mailto:paul.isaacs@linaro.org> paul.isaacs(a)linaro.org>; Ron Minnich < <mailto:rminnich@google.com> rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Hi All, >> >> >> >> Please find invite for next TF-A Tech Forum session to continue our discussions on HOB implementation, feel free to forward it to others. >> >> >> >> The next TF-A Tech Forum is scheduled for Thu 6th May 2021 16:00 – 17:00 (BST). >> >> >> >> Agenda: >> >> Discussion Session: Static and Dynamic Information Handling in TF-A >> >> Lead by Manish Pandey and Madhukar Pappireddy >> >> · There is ongoing mailing lists discussion[1] related with adopting a mechanism to pass information through boot stages. >> >> The requirement is two-fold: >> >> 1. Passing static information(config files) >> >> 2. Passing dynamic information (Hob list) >> >> In the upcoming TF-A tech forum, we can start with a discussion on dynamic information passing and if time permits, we can cover static information passing. The purpose of the call is to have an open discussion and continue the discussion from the trusted-substrate call[2] done earlier. We would like to understand the various requirements and possible ways to implement it in TF-A in a generalized way so that it can work with other Firmware projects. >> >> >> >> The two specific item which we would like to discuss are: >> >> 1. HOB format: TF-A/u-boot both has an existing bloblist implementation, which uses tag values. Question, can this be enhanced to use hybrid values(Tag and UUID) both? >> >> 2. Standardization on Physical register use to pass base of HoB data structure. >> >> References: >> >> [1] <https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html> https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html >> >> [2] <https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn…> https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q% >> >> >> >> Thanks >> >> >> >> Joanna >> >> >> >> You have been invited to the following event. >> >> TF-A Tech Forum >> >> When >> >> Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time >> >> Calendar >> >> <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org >> >> Who >> >> • >> >> Bill Fletcher- creator >> >> • >> >> <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org >> >> more details » >> >> >> >> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. >> >> >> >> Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: <https://www.trustedfirmware.org/meetings/tf-a-technical-forum/> https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ >> >> >> >> Trusted Firmware is inviting you to a scheduled Zoom meeting. >> >> >> >> Join Zoom Meeting >> >> <https://zoom.us/j/9159704974> https://zoom.us/j/9159704974 >> >> >> >> Meeting ID: <tel:(915)%20970-4974> 915 970 4974 >> >> >> >> One tap mobile >> >> <tel:(646)%20558-8656> +16465588656,,9159704974# US (New York) >> >> <tel:(669)%20900-9128> +16699009128,,9159704974# US (San Jose) >> >> >> >> Dial by your location >> >> <tel:(646)%20558-8656> +1 646 558 8656 US (New York) >> >> <tel:(669)%20900-9128> +1 669 900 9128 US (San Jose) >> >> <tel:(877)%20853-5247> 877 853 5247 US Toll-free >> >> <tel:(888)%20788-0099> 888 788 0099 US Toll-free >> >> Meeting ID: <tel:(915)%20970-4974> 915 970 4974 >> >> Find your local number: <https://zoom.us/u/ad27hc6t7h> https://zoom.us/u/ad27hc6t7h >> >> >> >> ________________________________ >> >> From: François Ozog < <mailto:francois.ozog@linaro.org> francois.ozog(a)linaro.org> >> Sent: 08 April 2021 16:50 >> To: Manish Pandey2 < <mailto:Manish.Pandey2@arm.com> Manish.Pandey2(a)arm.com> >> Cc: Simon Glass < <mailto:sjg@chromium.org> sjg(a)chromium.org>; Julius Werner < <mailto:jwerner@chromium.org> jwerner(a)chromium.org>; Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < <mailto:boot-architecture@lists.linaro.org> boot-architecture(a)lists.linaro.org>; <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org < <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List < <mailto:u-boot@lists.denx.de> u-boot(a)lists.denx.de>; Paul Isaac's < <mailto:paul.isaacs@linaro.org> paul.isaacs(a)linaro.org>; Ron Minnich < <mailto:rminnich@google.com> rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Hi >> >> >> >> here is the meeting recording: >> >> <https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn…> https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q%z >> >> >> >> I am really sorry about the confusion related to the meeting time. I have now understood: the Collaborate portal uses a specific calendar which is tied to US/Chicago timezone while the actual Google Calendar is tied to Central Europe timezone. I am going to drop the Collaborate portal and use a shared Google calendar (it should be visible on the <http://trusted-substrate.org> trusted-substrate.org page). >> >> >> >> I'll try to summarize what I learnt and highlight my view on what can be next steps in a future mail. >> >> >> >> Cheers >> >> >> >> FF >> >> >> >> On Thu, 8 Apr 2021 at 13:56, Manish Pandey2 via TF-A < <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> >> >> From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms. >> >> >> >> To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed. >> >> >> >> The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations. >> >> >> >> One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.) >> >> >> >> Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values. >> >> >> >> Looking forward to having further discussions on zoom call today. >> >> >> >> Thanks >> >> Manish P >> >> >> >> ________________________________ >> >> From: TF-A < <mailto:tf-a-bounces@lists.trustedfirmware.org> tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Julius Werner via TF-A < <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org> >> Sent: 25 March 2021 02:43 >> To: Simon Glass < <mailto:sjg@chromium.org> sjg(a)chromium.org> >> Cc: Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < <mailto:boot-architecture@lists.linaro.org> boot-architecture(a)lists.linaro.org>; <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org < <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List < <mailto:u-boot@lists.denx.de> u-boot(a)lists.denx.de>; Paul Isaac's < <mailto:paul.isaacs@linaro.org> paul.isaacs(a)linaro.org>; Ron Minnich < <mailto:rminnich@google.com> rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Just want to point out that TF-A currently already supports a (very simple) mechanism like this: >> >> >> >> <https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/…> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> <https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/…> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> <https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/…> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> >> >> It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31. >> >> >> >> I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once. >> >> >> >> On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A < <mailto:tf-a@lists.trustedfirmware.org> tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi Harb, >> >> >> >> On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS < <mailto:abdulhamid@os.amperecomputing.com> abdulhamid(a)os.amperecomputing.com> wrote: >> >> Hello Folks, >> >> Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. >> >> >> >> I try to address the comments/feedback from Francois and Simon below…. >> >> >> >> @François Ozog – happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT. >> >> >> >> Note that I’m using the term “HOB” here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases. >> >> >> >> The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoC’s that support *any* BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity – e.g. an ODM/OEM). >> >> >> >> Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model: >> >> “SoC” or “silicon” firmware – in TF-A this may map to BL1, BL2, BL31, and *possibly* one or more BL32 instances >> “Platform” or “board” firmware – in TF-A this may map to BL33 and *possibly* one or more BL32 instances. >> >> >> >> Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code. >> >> >> >> To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software. >> >> >> >> I understand the versatility of DT, but I see two major problems with DT: >> >> DT requires more complicated parsing to get properties, and even more complex to dynamically set properties – this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained. >> DT is probably overkill for this purpose – We really just want a list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob) >> >> >> >> I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs). >> >> >> >> Frankly, I would personally push back pretty hard on defining SMC’s for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls. >> >> >> >> Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call. >> >> >> >> @Simon Glass - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a goo -- <https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&ex…> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group T: +33.67221.6485 <mailto:francois.ozog@linaro.org> francois.ozog(a)linaro.org | Skype: ffozog

4 years, 6 months

3
2
0 0

RE: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by Madhukar Pappireddy

Attached slides presented by Manish in the TF-A tech forum. -----Original Message----- From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Madhukar Pappireddy via TF-A Sent: Tuesday, May 18, 2021 8:59 PM To: Joanna Farley <Joanna.Farley(a)arm.com>; Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass <sjg(a)chromium.org> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; Ed Stuber <edstuber(a)amperecomputing.com>; Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List <u-boot(a)lists.denx.de>; tf-a(a)lists.trustedfirmware.org; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Hi, I tried to summarize the discussions in the previous TF-A tech forum regarding the proposal to adopt Hand-off Blocks (HOBs) for passing information along the boot chain. I am certain I could not capture all suggestions/concerns brought up during the call. I apologize if I missed and/or misinterpreted any comments and would appreciate it if everyone could share their thoughts in response to this email thread. The idea is to share information to other boot phases: > Dynamic information: Created during runtime. Shared in the form of a chain of blobs(built as a linked list of C structure objects i.e., HOB list). > Static information: Known at compile time. Historically, shared through the use of Device Tree/ACPI tables Both the above requirements are common in many ecosystems and need to co-exist. There are broadly 3 problems to solve: 1. Format of HOB structures: It looks like the consensus is that we could use existing mechanisms for this (BL_AUX_PARAM in TF-A or bloblist in u-boot). 2. Identification of HOB list entries: There is a debate about whether tags would suffice or if the HOB list producer and consumer would depend on UUID/GUIDs for identifying a specific HOB structure. Another suggestion was to use a hybrid approach. Reserve a single tag ID for identifying/constructing a HOB structure that further leverages UUID based identifier. This way, the generic HOB list doesn't need to support UUIDs and can work with tags. 3. The design contract for the static interface between two boot phases: The problem at hand is whether to pass a pointer to a HOB list or a device tree blob through the general-purpose registers for configuration hand-off between two boot phases. Some proposals that came up: > Proposal 1: Always pass a pointer to the device tree blob through the GP register and capture the pointer to the HOB list as a property of a node that is uniquely identifiable by the downstream boot phase. This needs to define a device tree binding such that producer and consumer agree on the information passed. > Proposal 2: Pass a pointer to a generic container through the GP register that can be interpreted appropriately by both boot loaders(i.e., producer and consumer of the boot info). This container can either be a dtb or a HOB list which can be simply inferred by checking for a magic header that indicates if the buffer appears to be a flattened device tree. > One another concern that was brought up offline is to make sure we don't break current design contracts between various boot loader phases in TF-A. Many of the general-purpose registers have a designated purpose such as to share configurations between BL images( such as firmware config dtb, SoC config dtb, Non trusted firmware config dtb, memory layout, entry point info, etc.). If I am not mistaken, a single design may not fit the needs of every segment(client, Infra, embedded) and the forum is open to solutions tailored for individual segments. Joanna will be sending a follow up email with more information about future TF-A tech forums that serves as a platform for further discussions. Thanks, Madhukar -----Original Message----- From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna Farley via TF-A Sent: Sunday, May 16, 2021 5:19 AM To: Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass <sjg(a)chromium.org> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; Ed Stuber <edstuber(a)amperecomputing.com>; Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages Apologies I failed with the recording. Manish/Madhu will reply early next week with the slides and some notes to help with a follow up session which we hope to hold this Thursday. Invite and agenda will also be sent out early next week. Thanks Joanna On 14/05/2021, 13:30, "TF-A on behalf of Okash Khawaja via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote: Hi, Do we have slides and video from last week's discussion? Thanks, Okash On Wed, May 5, 2021 at 11:52 PM Simon Glass via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > > Hi Harb, > > Thanks for the idea. I am still not completely sure what benefit UUID provides to an open project. I'd like to propose something different, more in the spirit of open collaboration. I also worry that the word 'standard' seems to be a synonym for UUIDs, UEFI, etc., i.e. enabling/preferring closed-source firmware and the continued decline of open-source projects. It really should not be. > > So I suggest: Use simple integer IDs and reserve some area for 'private' use. If you want to collaborate across projects outside your company, you either need to allocate a 'public' ID or agree privately between the parties which private ID to use. > > This means that the default and easiest option is for collaboration and a public ID, with private ones (whose purpose may be secret) reserved just for private use. > > Regards, > Simon > > On Wed, 5 May 2021 at 11:42, Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com> wrote: >> >> Hey Folks, >> >> We wanted to put out a middle-ground proposal to help guide the discussion on the call tomorrow. >> >> >> >> A proposal that we have been discussing offline involves reserving a single tag ID for the purpose of construction UEFI PI HOB List structure, and that tag would be used to identify a HOB-specific structure that does leverage UUID based identifier. This will eliminate the burden of having to support UUID as the tag, and this enables projects that require UUID based identifiers for the broad range of HOB structures that need to be produced during the booting of the platform. Once we have a tag for a HOB list, this will enable various HOB producers that can add/extend the HOB list in TF-A code (or even pre-TF-A code), with a HOB consumer for that UUID/GUID on the other side (i.e. whatever the BL33 image is booting on that platform). >> >> >> >> Essentially, the idea is if someone would like to support HOB structures in a standard way using TF-A, they would wrap it up in a BL_AUX_PARAM/BLOB structure (whatever the group decides) and the way we identify the structure as a HOB list is with this new reserved tag. >> >> >> >> Hopefully that makes sense and less contentious. Look forward to discuss this further on the call. >> >> >> >> Thanks, >> >> --Harb >> >> >> >> From: Manish Pandey2 <Manish.Pandey2(a)arm.com> >> Sent: Friday, April 30, 2021 8:14 AM >> To: François Ozog <francois.ozog(a)linaro.org> >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner <jwerner(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Hi All, >> >> >> >> Please find invite for next TF-A Tech Forum session to continue our discussions on HOB implementation, feel free to forward it to others. >> >> >> >> The next TF-A Tech Forum is scheduled for Thu 6th May 2021 16:00 – 17:00 (BST). >> >> >> >> Agenda: >> >> Discussion Session: Static and Dynamic Information Handling in TF-A >> >> Lead by Manish Pandey and Madhukar Pappireddy >> >> · There is ongoing mailing lists discussion[1] related with adopting a mechanism to pass information through boot stages. >> >> The requirement is two-fold: >> >> 1. Passing static information(config files) >> >> 2. Passing dynamic information (Hob list) >> >> In the upcoming TF-A tech forum, we can start with a discussion on dynamic information passing and if time permits, we can cover static information passing. The purpose of the call is to have an open discussion and continue the discussion from the trusted-substrate call[2] done earlier. We would like to understand the various requirements and possible ways to implement it in TF-A in a generalized way so that it can work with other Firmware projects. >> >> >> >> The two specific item which we would like to discuss are: >> >> 1. HOB format: TF-A/u-boot both has an existing bloblist implementation, which uses tag values. Question, can this be enhanced to use hybrid values(Tag and UUID) both? >> >> 2. Standardization on Physical register use to pass base of HoB data structure. >> >> References: >> >> [1] https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html >> >> [2] https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q% >> >> >> >> Thanks >> >> >> >> Joanna >> >> >> >> You have been invited to the following event. >> >> TF-A Tech Forum >> >> When >> >> Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time >> >> Calendar >> >> tf-a(a)lists.trustedfirmware.org >> >> Who >> >> • >> >> Bill Fletcher- creator >> >> • >> >> tf-a(a)lists.trustedfirmware.org >> >> more details » >> >> >> >> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. >> >> >> >> Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ >> >> >> >> Trusted Firmware is inviting you to a scheduled Zoom meeting. >> >> >> >> Join Zoom Meeting >> >> https://zoom.us/j/9159704974 >> >> >> >> Meeting ID: 915 970 4974 >> >> >> >> One tap mobile >> >> +16465588656,,9159704974# US (New York) >> >> +16699009128,,9159704974# US (San Jose) >> >> >> >> Dial by your location >> >> +1 646 558 8656 US (New York) >> >> +1 669 900 9128 US (San Jose) >> >> 877 853 5247 US Toll-free >> >> 888 788 0099 US Toll-free >> >> Meeting ID: 915 970 4974 >> >> Find your local number: https://zoom.us/u/ad27hc6t7h >> >> >> >> ________________________________ >> >> From: François Ozog <francois.ozog(a)linaro.org> >> Sent: 08 April 2021 16:50 >> To: Manish Pandey2 <Manish.Pandey2(a)arm.com> >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner <jwerner(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Hi >> >> >> >> here is the meeting recording: >> >> https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q%z >> >> >> >> I am really sorry about the confusion related to the meeting time. I have now understood: the Collaborate portal uses a specific calendar which is tied to US/Chicago timezone while the actual Google Calendar is tied to Central Europe timezone. I am going to drop the Collaborate portal and use a shared Google calendar (it should be visible on the trusted-substrate.org page). >> >> >> >> I'll try to summarize what I learnt and highlight my view on what can be next steps in a future mail. >> >> >> >> Cheers >> >> >> >> FF >> >> >> >> On Thu, 8 Apr 2021 at 13:56, Manish Pandey2 via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> >> >> From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms. >> >> >> >> To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed. >> >> >> >> The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations. >> >> >> >> One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.) >> >> >> >> Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values. >> >> >> >> Looking forward to having further discussions on zoom call today. >> >> >> >> Thanks >> >> Manish P >> >> >> >> ________________________________ >> >> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Julius Werner via TF-A <tf-a(a)lists.trustedfirmware.org> >> Sent: 25 March 2021 02:43 >> To: Simon Glass <sjg(a)chromium.org> >> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> Just want to point out that TF-A currently already supports a (very simple) mechanism like this: >> >> >> >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… >> >> >> >> It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31. >> >> >> >> I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once. >> >> >> >> On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi Harb, >> >> >> >> On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com> wrote: >> >> Hello Folks, >> >> Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. >> >> >> >> I try to address the comments/feedback from Francois and Simon below…. >> >> >> >> @François Ozog – happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT. >> >> >> >> Note that I’m using the term “HOB” here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases. >> >> >> >> The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoC’s that support *any* BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity – e.g. an ODM/OEM). >> >> >> >> Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model: >> >> “SoC” or “silicon” firmware – in TF-A this may map to BL1, BL2, BL31, and *possibly* one or more BL32 instances >> “Platform” or “board” firmware – in TF-A this may map to BL33 and *possibly* one or more BL32 instances. >> >> >> >> Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code. >> >> >> >> To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software. >> >> >> >> I understand the versatility of DT, but I see two major problems with DT: >> >> DT requires more complicated parsing to get properties, and even more complex to dynamically set properties – this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained. >> DT is probably overkill for this purpose – We really just want a list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob) >> >> >> >> I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs). >> >> >> >> Frankly, I would personally push back pretty hard on defining SMC’s for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls. >> >> >> >> Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call. >> >> >> >> @Simon Glass - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a good baseline for what we may be looking for. >> >> >> >> That being said, I would say that there is some benefit in having some kind of unique identifiers (e.g. UUID or some unique signature) so that we can tie standardized data structures (based on some future TBD specs) to a particular ID. For example, if the TPM driver in BL33 is looking for the TPM structure in the HOB/BOB list, and may not care about the other data blobs. The driver needs a way to identify and locate the blob it cares about. >> >> >> >> The tag is intended to serve that purpose, although perhaps it should switch from an auto-allocating enum to one with explicit values for each entry and a range for 'local' use. >> >> >> >> I guess we can achieve this with the tag, but the problem with tag when you have eco-system with a lot of parties doing parallel development, you can end up with tag collisions and folks fighting about who has rights to what tag values. We would need some official process for folks to register tags for whatever new structures we define, or maybe some tag range for vendor specific structures. This comes with a lot of pain and bureaucracy. On the other hand, UUID has been a proven way to make it easy to just define your own blobs with *either* standard or vendor specific structures without worry of ID collisions between vendors. >> >> >> >> True. I think the pain is overstated, though. In this case I think we actually want something that can be shared between projects and orgs, so some amount of coordination could be considered a benefit. It could just be a github pull request. I find the UUID unfriendly and not just to code size and eyesight! Trying to discover what GUIDs mean or are valid is quite tricky. E.g. see this code: >> >> >> >> #define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ >> EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ >> 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) >> >> (etc.) >> >> >> >> static struct guid_name { >> efi_guid_t guid; >> const char *name; >> } guid_name[] = { >> { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, >> { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, >> { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, >> { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, >> { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, >> { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, >> >> (never figured out what those two are) >> >> >> { FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, >> { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, >> { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, >> { {}, "zero-guid" }, >> {} >> }; >> >> static const char *guid_to_name(const efi_guid_t *guid) >> { >> struct guid_name *entry; >> >> for (entry = guid_name; entry->name; entry++) { >> if (!guidcmp(guid, &entry->guid)) >> return entry->name; >> } >> >> return NULL; >> } >> >> >> >> Believe it or not it took a fair bit of effort to find just that small list, with nearly every one in a separate doc, from memory. >> >> >> >> >> >> We can probably debate whether there is any value in GUID/UUID or not during the call… but again, boblist seems like a reasonable starting point as an alternative to HOB. >> >> >> >> Indeed. There is certainly value in both approaches. >> >> >> >> Regards, >> >> Simon >> >> >> >> >> >> Thanks, >> >> --Harb >> >> >> >> From: François Ozog <francois.ozog(a)linaro.org> >> Sent: Tuesday, March 23, 2021 10:00 AM >> To: François Ozog <francois.ozog(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Paul Isaac's <paul.isaacs(a)linaro.org> >> Cc: Simon Glass <sjg(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages >> >> >> >> +Ron Minnich +Paul Isaac's >> >> >> >> Adding Ron and Paul because I think this interface should be also benefiting LinuxBoot efforts. >> >> >> >> On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> >> >> I propose we cover the topic at the next Trusted Substrate zoom call on April 8th 4pm CET. >> >> >> >> The agenda: >> >> ABI between non-secure firmware and the rest of firmware (EL3, S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions. >> >> runtime conditions here relates to DRAM size and topology detection, secure DRAM memory carvings, PSCI and SCMI interface publishing. >> >> >> >> For additional background on existing metadata: UEFI Platform Initialization Specification Version 1.7, 5.5 Resource Descriptor HOB >> >> Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY. >> >> This HOB lacks memory NUMA attachment or something that could be related to fill SRAT table for ACPI or relevant DT proximity domains. >> >> HOB is not consistent accros platforms: some platforms (Arm) lists memory from the booting NUMA node, other platforms (x86) lists all memory from all NUMA nodes. (At least this is the case on the two platforms I tested). >> >> >> >> There are two proposals to use memory structures from SPL/BLx up to the handover function (as defined in the Device Tree technical report) which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or EDK2. >> >> I would propose we also discuss possibility of FF-A interface to actually query information or request actions to be done (this is a model actually used in some SoCs with proprietary SMC calls). >> >> >> >> Requirements (to be validated): >> >> - ACPI and DT hardware descriptions. >> >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2) >> >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2, TF-A/LinuxBoot) >> >> - at least allows complete DRAM description and "persistent" usage (reserved areas for secure world or other usages) >> >> - support secure world device assignment >> >> >> >> Cheers >> >> >> >> FF >> >> >> >> >> >> On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg(a)chromium.org> wrote: >> >> Hi, >> >> Can I suggest using bloblist for this instead? It is lightweight, >> easier to parse, doesn't have GUIDs and is already used within U-Boot >> for passing info between SPL/U-Boot, etc. >> >> Docs here: https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist >> Header file describes the format: >> https://github.com/u-boot/u-boot/blob/master/include/bloblist.h >> >> Full set of unit tests: >> https://github.com/u-boot/u-boot/blob/master/test/bloblist.c >> >> Regards, >> Simon >> >> On Mon, 22 Mar 2021 at 23:58, François Ozog <francois.ozog(a)linaro.org> wrote: >> > >> > +Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org> >> > >> > standardization is very much welcomed here and need to accommodate a very >> > diverse set of situations. >> > For example, TEE OS may need to pass memory reservations to BL33 or >> > "capture" a device for the secure world. >> > >> > I have observed a number of architectures: >> > 1) pass information from BLx to BLy in the form of a specific object >> > 2) BLx called by BLy by a platform specific SMC to get information >> > 3) BLx called by BLy by a platform specific SMC to perform Device Tree >> > fixups >> > >> > I also imagined a standardized "broadcast" FF-A call so that any firmware >> > element can either provide information or "do something". >> > >> > My understanding of your proposal is about standardizing on architecture 1) >> > with the HOB format. >> > >> > The advantage of the HOB is simplicity but it may be difficult to implement >> > schemes such as pruning a DT because device assignment in the secure world. >> > >> > In any case, it looks feasible to have TF-A and OP-TEE complement the list >> > of HOBs to pass information downstream (the bootflow). >> > >> > It would be good to start with building the comprehensive list of >> > information that need to be conveyed between firmware elements: >> > >> > information. | authoritative entity | reporting entity | information >> > exchanged: >> > dram | TFA | TFA | >> > <format to be detailed, NUMA topology to build the SRAT table or DT >> > equivalent?> >> > PSCI | SCP | TFA? | >> > SCMI | SCP or TEE-OS | TFA? TEE-OS?| >> > secure SRAM | TFA. | TFA. | >> > secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | >> > other? | | >> > | >> > >> > Cheers >> > >> > FF >> > >> > >> > On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < >> > tf-a(a)lists.trustedfirmware.org> wrote: >> > >> > > Hello Folks, >> > > >> > > >> > > >> > > I'm emailing to start an open discussion about the adoption of a concept >> > > known as "hand-off blocks" or HOB to become a part of the TF-A Firmware >> > > Framework Architecture (FFA). This is something that is a pretty major >> > > pain point when it comes to the adoption of TF-A in ARM Server SoC’s >> > > designed to enable a broad range of highly configurable datacenter >> > > platforms. >> > > >> > > >> > > >> > > >> > > >> > > What is a HOB (Background)? >> > > >> > > --------------------------- >> > > >> > > UEFI PI spec describes a particular definition for how HOB may be used for >> > > transitioning between the PEI and DXE boot phases, which is a good >> > > reference point for this discussion, but not necessarily the exact solution >> > > appropriate for TF-A. >> > > >> > > >> > > >> > > A HOB is simply a dynamically generated data structure passed in between >> > > two boot phases. This is information that was obtained through discovery >> > > and needs to be passed forward to the next boot phase *once*, with no API >> > > needed to call back (e.g. no call back into previous firmware phase is >> > > needed to fetch this information at run-time - it is simply passed one time >> > > during boot). >> > > >> > > >> > > >> > > There may be one or more HOBs passed in between boot phases. If there are >> > > more than one HOB that needs to be passed, this can be in a form of a "HOB >> > > table", which (for example) could be a UUID indexed array of pointers to >> > > HOB structures, used to locate a HOB of interest (based on UUID). In such >> > > cases, instead of passing a single HOB, the boot phases may rely on passing >> > > the pointer to the HOB table. >> > > >> > > >> > > >> > > This has been extremely useful concept to employ on highly configurable >> > > systems that must rely on flexible discovery mechanisms to initialize and >> > > boot the system. This is especially helpful when you have multiple >> > > >> > > >> > > >> > > >> > > >> > > Why do we need HOBs in TF-A?: >> > > >> > > ----------------------------- >> > > >> > > It is desirable that EL3 firmware (e.g. TF-A) built for ARM Server SoC in >> > > a way that is SoC specific *but* platform agnostic. This means that a >> > > single ARM SoC that a SiP may deliver to customers may provide a single >> > > TF-A binary (e.g. BL1, BL2, BL31) that could be used to support a broad >> > > range of platform designs and configurations in order to boot a platform >> > > specific firmware (e.g. BL33 and possibly even BL32 code). In order to >> > > achieve this, the platform configuration must be *discovered* instead of >> > > statically compiled as it is today in TF-A via device tree based >> > > enumeration. The mechanisms of discovery may differ broadly depending on >> > > the relevant industry standard, or in some cases may have rely on SiP >> > > specific discovery flows. >> > > >> > > >> > > >> > > For example: On server systems that support a broad range DIMM memory >> > > population/topologies, all the necessary information required to boot is >> > > fully discovered via standard JEDEC Serial Presence Detect (SPD) over an >> > > I2C bus. Leveraging the SPD bus, may platform variants could be supported >> > > with a single TF-A binary. Not only is this information required to >> > > initialize memory in early boot phases (e.g. BL2), the subsequent boot >> > > phases will also need this SPD info to construct a system physical address >> > > map and properly initialize the MMU based on the memory present, and where >> > > the memory may be present. Subsequent boot phases (e.g. BL33 / UEFI) may >> > > need to generate standard firmware tables to the operating systems, such as >> > > SMBIOS tables describing DIMM topology and various ACPI tables (e.g. SLIT, >> > > SRAT, even NFIT if NVDIMM's are present). >> > > >> > > >> > > >> > > In short, it all starts with a standardized or vendor specific discovery >> > > flow in an early boot stage (e.g. BL1/BL2), followed by the passing of >> > > information to the next boot stages (e.g. BL31/BL32/BL33). >> > > >> > > >> > > >> > > Today, every HOB may be a vendor specific structure, but in the future >> > > there may be benefit of defining standard HOBs. This may be useful for >> > > memory discovery, passing the system physical address map, enabling TPM >> > > measured boot, and potentially many other common HOB use-cases. >> > > >> > > >> > > >> > > It would be extremely beneficial to the datacenter market segment if the >> > > TF-A community would adopt this concept of information passing between all >> > > boot phases as opposed to rely solely on device tree enumeration. This is >> > > not intended to replace device tree, rather intended as an alternative way >> > > to describe the info that must be discovered and dynamically generated. >> > > >> > > >> > > >> > > >> > > >> > > Conclusion: >> > > >> > > ----------- >> > > >> > > We are proposing that the TF-A community begin pursuing the adoption of >> > > HOBs as a mechanism used for information exchange between each boot stage >> > > (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer term we >> > > want to explore standardizing some HOB structures for the BL33 phase (e.g. >> > > UEFI HOB structures), but initially would like to agree on this being a >> > > useful mechanism used to pass information between each boot stage. >> > > >> > > >> > > >> > > Thanks, >> > > >> > > --Harb >> > > >> > > >> > > >> > > >> > > >> > > >> > > -- >> > > TF-A mailing list >> > > TF-A(a)lists.trustedfirmware.org >> > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> > > >> > >> > >> > -- >> > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* >> > T: +33.67221.6485 >> > francois.ozog(a)linaro.org | Skype: ffozog >> > _______________________________________________ >> > boot-architecture mailing list >> > boot-architecture(a)lists.linaro.org >> > https://lists.linaro.org/mailman/listinfo/boot-architecture >> >> >> >> >> -- >> >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group >> >> T: +33.67221.6485 >> francois.ozog(a)linaro.org | Skype: ffozog >> >> >> >> -- >> TF-A mailing list >> TF-A(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> >> >> >> >> -- >> >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group >> >> T: +33.67221.6485 >> francois.ozog(a)linaro.org | Skype: ffozog >> >> >> >> -- >> TF-A mailing list >> TF-A(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> >> -- >> TF-A mailing list >> TF-A(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a >> >> >> >> >> -- >> >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group >> >> T: +33.67221.6485 >> francois.ozog(a)linaro.org | Skype: ffozog >> >> > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 6 months

5
8
0 0

Devietree Eco Call Today Jun 14 3PM UTC

by Bill Mills

All, We have our normal call at the normal time and place today. 3 PM UTC / 11 AM US Eastern Zoom: [1] Meeting ID: 961 7042 8801 Passcode: 8250 Last meeting was on May 17 and we discussed Franks DTB nee format page: https://elinux.org/New_FDT_format Today I would like to start with Heinrich's DT signature patches / proposal. (He has been waiting a while.) [2] I would also like to discuss how we make concrete progress on the new DTB format via shared experiments as suggested by Simon last time. Other topics welcome. Thanks, Bill [1] https://linaro-org.zoom.us/j/96170428801?pwd=elBJNFdVMFJub0UzanFUcVQxTHBqdz… [2] https://lists.linaro.org/pipermail/boot-architecture/2021-May/001807.html -- Bill Mills Principal Technical Consultant, Linaro +1-240-643-0836 TZ: US Eastern Work Schedule: Tues/Wed/Thur

4 years, 6 months

1
1
0 0

EBBR biweekly CANCELLED for 7th Jun

by Grant Likely

I have a conflict with an internal meeting today and need to cancel. Next EBBR biweekly with be 21st Jun. g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 7 months

1
0
0 0

Fwd: EBBR Testing topic for today?

by Grant Likely

For the EBBR meeting today: Attached is the test result report from running a recent version of U-Boot on an iMX8 platform and parsed with the SCT_Parser tool. g. -------- Forwarded Message -------- Subject: Re: EBBR Testing topic for today? Date: Mon, 10 May 2021 14:22:56 +0100 From: Vincent Stehle <Vincent.Stehle(a)arm.com> To: Grant Likely <Grant.Likely(a)arm.com> Hi Grant, Here are some more SCT results: a run from this morning on Compulab, with latest firmware from Paul (+ 3 patches) and latest sct parser config. INFO main: 0 dropped(s), 0 failure(s), 66 ignored(s), 10753 pass(s), 60 waived(s), 0 warning(s) (The attached summary excludes the pass.) Best regards, Vincent.

4 years, 7 months

5
16
0 0

DTE Meeting Monday May 31: Should we cancel?

by Bill Mills

All, Our next DTE meeting is scheduled for this coming Monday May 31. This is a holiday in the US, UK and perhaps other places as well. I suggest we cancel and will do so tomorrow unless I here objections. Thanks, Bill -- Bill Mills Principal Technical Consultant, Linaro +1-240-643-0836 TZ: US Eastern Work Schedule: Tues/Wed/Thur

4 years, 7 months

1
1
0 0

RPI4 booting with SystemReady-IR flow

by François Ozog

Hi, I verified that RPI4 can boot Ubuntu and LEDGE RP with UEFI + U-Boot. Two flows have been checked: direct (kernel+initrd in BootXXX variable leveraging LOAD_FILE2 mechanism) and through grub. Note: Grub (current head) behaves properly but does not display anything on serial console because lack of U-Boot (2021.07-rc2) support for: GRUB_EFI_SERIAL_IO_GUID \ { 0xbb25cf6f, 0xf1d4, 0x11d2, \ { 0x9a, 0x0c, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0xfd } \ } /* details: grub-core/term/efi/serial.c, grub_efiserial_init() -> grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &serial_io_guid,...) returns NULL */ So I think we need to add this protocol and some others to make the UEFI text environment fully supported for grub. Cheers FF PS: It would be nice to have an efidebug command to actually trace all boot services calls to "get_protocol" and either trace all requests or just failed requests. -- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

4 years, 7 months

5
7
0 0

Fwd: [SystemArchAC] SystemReady IR ACS Beta available for Certification

by Grant Likely

Hi all, For everyone interested in SystemReady IR certification, Arm has now made public the Architecture Compliance Suite (ACS) for SystemReady IR. Binaries and source can be found on Github at the link below: g. https://github.com/ARM-software/arm-systemready/tree/main/IR -------- Forwarded Message -------- Subject: [SystemArchAC] SystemReady IR ACS Beta available for Certification Date: Tue, 25 May 2021 06:16:47 +0000 From: SystemArchAC <systemarchac(a)arm.causewaynow.com> Reply-To: dong.wei(a)arm.com To: systemarchac(a)arm.causewaynow.com <systemarchac(a)arm.causewaynow.com> Hi All, We have populated the new ï¿½SystemReady ACS github repo at https://github.com/ARM-software/arm-systemready <https://github.com/ARM-software/arm-systemready>. Specifically, the beta release of the SystemReady IR ACS is now used for the SystemReady IR v1.0 certification. See https://github.com/ARM-software/arm-systemready/tree/main/IR <https://github.com/ARM-software/arm-systemready/tree/main/IR>. We are continuing the restructuring of the ACS. In the meantime, the SystemReady SR v2.0 and ES v1.0 certifications are still using Enterprise ACS 3.0 at https://github.com/ARM-software/arm-enterprise-acs <https://github.com/ARM-software/arm-enterprise-acs>. cidimage001.png(a)01D559D5.83B2FFF0 Dong Weiï¿½| Standards Architect and Fellow Dong.Wei(a)arm.com <mailto:Dong.Wei@arm.com> MS Teams: +1 (669)284-0488 Cell: +1 (916) 622-9101 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 7 months

1
0
0 0

EBBR Biweekly for 24 May 2021

by Grant Likely

Hi everyone, Here is the agenda for Monday's EBBR meeting. This week Ilias will present his proposed solution to to solve StMM RPMB writes at runtime so that SetVariable can be generically enabled. Ilias, do you have any details that you can provide ahead of the meeting? Dial in details are below g. Agenda: - StMM RPMB writes at runtime - ESRT requirement review - other business --- Join Zoom Meeting https://armltd.zoom.us/j/92081365511?pwd=SFZpRitXUEp3Zy9GM0h3UUZ1b1pnUT09 Topic: EBBR Biweekly Time: 10 May 2021, 16:00-17:00 GMT Meeting ID: 920 8136 5511 Passcode: 490324 One tap mobile +14086380968,,92081365511#,,,,*490324# US (San Jose) +16465189805,,92081365511#,,,,*490324# US (New York) Dial by your location +1 408 638 0968 US (San Jose) +1 646 518 9805 US (New York) +1 346 248 7799 US (Houston) Meeting ID: 920 8136 5511 Passcode: 490324 Find your local number: https://armltd.zoom.us/u/abf0Umg7EM Join by SIP 92081365511(a)zoomcrc.com Join by H.323 162.255.37.11 (US West) 162.255.36.11 (US East) 115.114.131.7 (India Mumbai) 115.114.115.7 (India Hyderabad) 213.19.144.110 (Amsterdam Netherlands) 213.244.140.110 (Germany) 103.122.166.55 (Australia Sydney) 103.122.167.55 (Australia Melbourne) 209.9.211.110 (Hong Kong SAR) 149.137.40.110 (Singapore) 64.211.144.160 (Brazil) 69.174.57.160 (Canada Toronto) 65.39.152.160 (Canada Vancouver) 207.226.132.110 (Japan Tokyo) 149.137.24.110 (Japan Osaka) Meeting ID: 920 8136 5511 Passcode: 490324 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 7 months

2
1
0 0

Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by François Ozog

Le mer. 19 mai 2021 à 03:58, Madhukar Pappireddy via TF-A < tf-a(a)lists.trustedfirmware.org> a écrit : > Hi, > > I tried to summarize the discussions in the previous TF-A tech forum > regarding the proposal to adopt Hand-off Blocks (HOBs) for passing > information along the boot chain. I am certain I could not capture all > suggestions/concerns brought up during the call. I apologize if I missed > and/or misinterpreted any comments and would appreciate it if everyone > could share their thoughts in response to this email thread. > > The idea is to share information to other boot phases: > > Dynamic information: Created during runtime. Shared in the form of a > chain of blobs(built as a linked list of C structure objects i.e., HOB > list). > > Static information: Known at compile time. Historically, shared through > the use of Device Tree/ACPI tables > > Both the above requirements are common in many ecosystems and need to > co-exist. > > There are broadly 3 problems to solve: > 1. Format of HOB structures: It looks like the consensus is that we could > use existing mechanisms for this (BL_AUX_PARAM in TF-A or bloblist in > u-boot). > 2. Identification of HOB list entries: There is a debate about whether > tags would suffice or if the HOB list producer and consumer would depend on > UUID/GUIDs for identifying a specific HOB structure. Another suggestion was > to use a hybrid approach. Reserve a single tag ID for > identifying/constructing a HOB structure that further leverages UUID based > identifier. This way, the generic HOB list doesn't need to support UUIDs > and can work with tags. > 3. The design contract for the static interface between two boot phases: > The problem at hand is whether to pass a pointer to a HOB list or a device > tree blob through the general-purpose registers for configuration hand-off > between two boot phases. Some proposals that came up: > > Proposal 1: Always pass a pointer to the device tree blob > through the GP register and capture the pointer to the HOB list as a > property of a node that is uniquely identifiable by the downstream boot > phase. This needs to define a device tree binding such that producer and > consumer agree on the information passed. > > Proposal 2: Pass a pointer to a generic container through the GP > register that can be interpreted appropriately by both boot loaders(i.e., > producer and consumer of the boot info). This container can either be a dtb > or a HOB list which can be simply inferred by checking for a magic header > that indicates if the buffer appears to be a flattened device tree. > > One another concern that was brought up offline is to make sure > we don't break current design contracts between various boot loader phases > in TF-A. Many of the general-purpose registers have a designated purpose > such as to share configurations between BL images( such as firmware config > dtb, SoC config dtb, Non trusted firmware config dtb, memory layout, entry > point info, etc.). > there should be another paragraph: 4. Requirements for data representation. I’ll take two concrete examples related to DIMM slot population and reporting. 6 years ago (can’t be sure) only DRAM modules could be fitted into DIMM slots. And then came NVDIMM and flash as DIMM (invented by Diablo technologies: 1TB of flash on a DIMM with a few MB as IO buffers and control registers - those memory regions where the only addressable DRAM). In both cases all firmware chain had to be changed to cope with them. If we had used self descriptive information passing (CBOR, DT, AML) for DIMM slot population and not C structure the journey would have been much simpler with forward and backward compatibility as a major side effect. So for data representation , I would concur with previous Ron Minnich @googke comment that we should be using self descriptive information rather than C structures. > > If I am not mistaken, a single design may not fit the needs of every > segment(client, Infra, embedded) and the forum is open to solutions > tailored for individual segments. Joanna will be sending a follow up email > with more information about future TF-A tech forums that serves as a > platform for further discussions. > > Thanks, > Madhukar > > -----Original Message----- > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna > Farley via TF-A > Sent: Sunday, May 16, 2021 5:19 AM > To: Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass <sjg(a)chromium.org > > > Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot > Architecture Mailman List <boot-architecture(a)lists.linaro.org>; > tf-a(a)lists.trustedfirmware.org; Ed Stuber <edstuber(a)amperecomputing.com>; > Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List < > u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich > <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> > Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for > information passing between boot stages > > Apologies I failed with the recording. Manish/Madhu will reply early next > week with the slides and some notes to help with a follow up session which > we hope to hold this Thursday. Invite and agenda will also be sent out > early next week. > > Thanks > > Joanna > > On 14/05/2021, 13:30, "TF-A on behalf of Okash Khawaja via TF-A" < > tf-a-bounces(a)lists.trustedfirmware.org on behalf of > tf-a(a)lists.trustedfirmware.org> wrote: > > Hi, > > Do we have slides and video from last week's discussion? > > Thanks, > Okash > > > On Wed, May 5, 2021 at 11:52 PM Simon Glass via TF-A > <tf-a(a)lists.trustedfirmware.org> wrote: > > > > Hi Harb, > > > > Thanks for the idea. I am still not completely sure what benefit > UUID provides to an open project. I'd like to propose something different, > more in the spirit of open collaboration. I also worry that the word > 'standard' seems to be a synonym for UUIDs, UEFI, etc., i.e. > enabling/preferring closed-source firmware and the continued decline of > open-source projects. It really should not be. > > > > So I suggest: Use simple integer IDs and reserve some area for > 'private' use. If you want to collaborate across projects outside your > company, you either need to allocate a 'public' ID or agree privately > between the parties which private ID to use. > > > > This means that the default and easiest option is for collaboration > and a public ID, with private ones (whose purpose may be secret) reserved > just for private use. > > > > Regards, > > Simon > > > > On Wed, 5 May 2021 at 11:42, Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com> wrote: > >> > >> Hey Folks, > >> > >> We wanted to put out a middle-ground proposal to help guide the > discussion on the call tomorrow. > >> > >> > >> > >> A proposal that we have been discussing offline involves reserving > a single tag ID for the purpose of construction UEFI PI HOB List structure, > and that tag would be used to identify a HOB-specific structure that does > leverage UUID based identifier. This will eliminate the burden of having > to support UUID as the tag, and this enables projects that require UUID > based identifiers for the broad range of HOB structures that need to be > produced during the booting of the platform. Once we have a tag for a HOB > list, this will enable various HOB producers that can add/extend the HOB > list in TF-A code (or even pre-TF-A code), with a HOB consumer for that > UUID/GUID on the other side (i.e. whatever the BL33 image is booting on > that platform). > >> > >> > >> > >> Essentially, the idea is if someone would like to support HOB > structures in a standard way using TF-A, they would wrap it up in a > BL_AUX_PARAM/BLOB structure (whatever the group decides) and the way we > identify the structure as a HOB list is with this new reserved tag. > >> > >> > >> > >> Hopefully that makes sense and less contentious. Look forward to > discuss this further on the call. > >> > >> > >> > >> Thanks, > >> > >> --Harb > >> > >> > >> > >> From: Manish Pandey2 <Manish.Pandey2(a)arm.com> > >> Sent: Friday, April 30, 2021 8:14 AM > >> To: François Ozog <francois.ozog(a)linaro.org> > >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner < > jwerner(a)chromium.org>; Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; > U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's < > paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) > for information passing between boot stages > >> > >> > >> > >> Hi All, > >> > >> > >> > >> Please find invite for next TF-A Tech Forum session to continue our > discussions on HOB implementation, feel free to forward it to others. > >> > >> > >> > >> The next TF-A Tech Forum is scheduled for Thu 6th May 2021 16:00 – > 17:00 (BST). > >> > >> > >> > >> Agenda: > >> > >> Discussion Session: Static and Dynamic Information Handling in TF-A > >> > >> Lead by Manish Pandey and Madhukar Pappireddy > >> > >> · There is ongoing mailing lists discussion[1] related with > adopting a mechanism to pass information through boot stages. > >> > >> The requirement is two-fold: > >> > >> 1. Passing static information(config files) > >> > >> 2. Passing dynamic information (Hob list) > >> > >> In the upcoming TF-A tech forum, we can start with a discussion on > dynamic information passing and if time permits, we can cover static > information passing. The purpose of the call is to have an open discussion > and continue the discussion from the trusted-substrate call[2] done > earlier. We would like to understand the various requirements and possible > ways to implement it in TF-A in a generalized way so that it can work with > other Firmware projects. > >> > >> > >> > >> The two specific item which we would like to discuss are: > >> > >> 1. HOB format: TF-A/u-boot both has an existing bloblist > implementation, which uses tag values. Question, can this be enhanced to > use hybrid values(Tag and UUID) both? > >> > >> 2. Standardization on Physical register use to pass base of > HoB data structure. > >> > >> References: > >> > >> [1] > https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html > >> > >> [2] > https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… > Passcode: IPn+5q% > >> > >> > >> > >> Thanks > >> > >> > >> > >> Joanna > >> > >> > >> > >> You have been invited to the following event. > >> > >> TF-A Tech Forum > >> > >> When > >> > >> Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time > >> > >> Calendar > >> > >> tf-a(a)lists.trustedfirmware.org > >> > >> Who > >> > >> • > >> > >> Bill Fletcher- creator > >> > >> • > >> > >> tf-a(a)lists.trustedfirmware.org > >> > >> more details » > >> > >> > >> > >> We run an open technical forum call for anyone to participate and > it is not restricted to Trusted Firmware project members. It will operate > under the guidance of the TF TSC. > >> > >> > >> > >> Feel free to forward this invite to colleagues. Invites are via the > TF-A mailing list and also published on the Trusted Firmware website. > Details are here: > https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ > >> > >> > >> > >> Trusted Firmware is inviting you to a scheduled Zoom meeting. > >> > >> > >> > >> Join Zoom Meeting > >> > >> https://zoom.us/j/9159704974 > >> > >> > >> > >> Meeting ID: 915 970 4974 > >> > >> > >> > >> One tap mobile > >> > >> +16465588656,,9159704974# US (New York) > >> > >> +16699009128,,9159704974# US (San Jose) > >> > >> > >> > >> Dial by your location > >> > >> +1 646 558 8656 US (New York) > >> > >> +1 669 900 9128 US (San Jose) > >> > >> 877 853 5247 US Toll-free > >> > >> 888 788 0099 US Toll-free > >> > >> Meeting ID: 915 970 4974 > >> > >> Find your local number: https://zoom.us/u/ad27hc6t7h > >> > >> > >> > >> ________________________________ > >> > >> From: François Ozog <francois.ozog(a)linaro.org> > >> Sent: 08 April 2021 16:50 > >> To: Manish Pandey2 <Manish.Pandey2(a)arm.com> > >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner < > jwerner(a)chromium.org>; Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org < > tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; > Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) > for information passing between boot stages > >> > >> > >> > >> Hi > >> > >> > >> > >> here is the meeting recording: > >> > >> > https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… > Passcode: IPn+5q%z > >> > >> > >> > >> I am really sorry about the confusion related to the meeting time. > I have now understood: the Collaborate portal uses a specific calendar > which is tied to US/Chicago timezone while the actual Google Calendar is > tied to Central Europe timezone. I am going to drop the Collaborate portal > and use a shared Google calendar (it should be visible on the > trusted-substrate.org page). > >> > >> > >> > >> I'll try to summarize what I learnt and highlight my view on what > can be next steps in a future mail. > >> > >> > >> > >> Cheers > >> > >> > >> > >> FF > >> > >> > >> > >> On Thu, 8 Apr 2021 at 13:56, Manish Pandey2 via TF-A < > tf-a(a)lists.trustedfirmware.org> wrote: > >> > >> Hi, > >> > >> > >> > >> From TF-A project point of view, we prefer to use existing > mechanism to pass parameters across boot stages using linked list of tagged > elements (as suggested by Julius). It has support for both generic and > SiP-specific tags. Having said that, it does not stop partners to introduce > new mechanisms suitable for their usecase in platform port initially and > later move to generic code if its suitable for other platforms. > >> > >> > >> > >> To start with, Ampere can introduce a platform specific > implementation of memory tag(speed/NUMA topology etc) which can be > evaluated and discussed for generalization in future. The tag will be > populated in BL2 stage and can be forwarded to further stages(and to BL33) > by passing the head of list pointer in one of the registers. Initially any > register can be used but going forward a standardization will be needed. > >> > >> > >> > >> The U-boot bloblist mentioned by Simon is conceptually similar to > what TF-A is using, if there is consensus of using bloblist/taglist then > TF-A tag list may be enhanced to take best of both the implementations. > >> > >> > >> > >> One of the potential problems of having structure used in different > projects is maintainability, this can be avoided by having a single copy of > these structures in TF-A (kept inside "include/export" which intended to be > used by other projects.) > >> > >> > >> > >> Regarding usage of either UUID or tag, I echo the sentiments of > Simon and Julius to keep it simple and use tag values. > >> > >> > >> > >> Looking forward to having further discussions on zoom call today. > >> > >> > >> > >> Thanks > >> > >> Manish P > >> > >> > >> > >> ________________________________ > >> > >> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of > Julius Werner via TF-A <tf-a(a)lists.trustedfirmware.org> > >> Sent: 25 March 2021 02:43 > >> To: Simon Glass <sjg(a)chromium.org> > >> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot > Architecture Mailman List <boot-architecture(a)lists.linaro.org>; > tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot > Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; > Ron Minnich <rminnich(a)google.com> > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) > for information passing between boot stages > >> > >> > >> > >> Just want to point out that TF-A currently already supports a (very > simple) mechanism like this: > >> > >> > >> > >> > https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > >> > >> > https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > >> > >> > https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > >> > >> > >> > >> It's just a linked list of tagged elements. The tag space is split > into TF-A-wide generic tags and SiP-specific tags (with plenty of room to > spare if more areas need to be defined -- a 64-bit tag can fit a lot). This > is currently being used by some platforms that run coreboot in place of > BL1/BL2, to pass information from coreboot (BL2) to BL31. > >> > >> > >> > >> I would echo Simon's sentiment of keeping this as simple as > possible and avoiding complicated and bloated data structures with UUIDs. > You usually want to parse something like this as early as possible in the > passed-to firmware stage, particularly if the structure encodes information > about the debug console (like it does for the platforms I mentioned above). > For example, in BL31 this basically means doing it right after moving from > assembly to C in bl31_early_platform_setup2() to get the console up before > running anything else. At that point in the BL31 initialization, the MMU > and caches are disabled, so data accesses are pretty expensive and you > don't want to spend a lot of parsing effort or calculate complicated > checksums or the like. You just want something extremely simple where you > ideally have to touch every data word only once. > >> > >> > >> > >> On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A < > tf-a(a)lists.trustedfirmware.org> wrote: > >> > >> Hi Harb, > >> > >> > >> > >> On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com> wrote: > >> > >> Hello Folks, > >> > >> Appreciate the feedback and replies on this. Glad to see that > there is interest in this topic. > >> > >> > >> > >> I try to address the comments/feedback from Francois and Simon > below…. > >> > >> > >> > >> @François Ozog – happy to discuss this on a zoom call. I will make > that time slot work, and will be available to attend April 8, 4pm CT. > >> > >> > >> > >> Note that I’m using the term “HOB” here more generically, as there > are typically vendor specific structures beyond the resource descriptor > HOB, which provides only a small subset of the information that needs to be > passed between the boot phases. > >> > >> > >> > >> The whole point here is to provide mechanism to develop firmware > that we can build ARM Server SoC’s that support *any* BL33 payload (e.g. > EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at > some point). In other-words, we are trying to come up with a TF-A that > would be completely agnostic to the implementation of BL33 (i.e. BL33 is > built completely independently by a separate entity – e.g. an ODM/OEM). > >> > >> > >> > >> Keep in mind, in the server/datacenter market segment we are not > building vertically integrated systems with a single entity compiling > firmware/software stacks like most folks in TF-A have become use to. There > are two categories of higher level firmware code blobs in the > server/datacenter model: > >> > >> “SoC” or “silicon” firmware – in TF-A this may map to BL1, BL2, > BL31, and *possibly* one or more BL32 instances > >> “Platform” or “board” firmware – in TF-A this may map to BL33 and > *possibly* one or more BL32 instances. > >> > >> > >> > >> Even the platform firmware stack could be further fragmented by > having multiple entities involved in delivering the entire firmware stack: > IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code. > >> > >> > >> > >> To support a broad range of platform designs with a broad range of > memory devices, we need a crisp and clear contract between the SoC firmware > that initializes memory (e.g. BL2) and how that platform boot firmware > (e.g. BL33) gathers information about what memory that was initialized, at > what speeds, NUMA topology, and many other relevant information that needs > to be known and comprehended by the platform firmware and eventually by the > platform software. > >> > >> > >> > >> I understand the versatility of DT, but I see two major problems > with DT: > >> > >> DT requires more complicated parsing to get properties, and even > more complex to dynamically set properties – this HOB structures may need > to be generated in boot phases where DDR is not available, and therefore we > will be extremely memory constrained. > >> DT is probably overkill for this purpose – We really just want a > list of pointers to simple C structures that code cast (e.g. JEDEC SPD data > blob) > >> > >> > >> > >> I think that we should not mix the efforts around DT/ACPI specs > with what we are doing here, because those specs and concepts were > developed for a completely different purpose (i.e. abstractions needed for > OS / RTOS software, and not necessarily suitable for firmware-to-firmware > hand-offs). > >> > >> > >> > >> Frankly, I would personally push back pretty hard on defining SMC’s > for something that should be one way information passing. Every SMC we add > is another attack vector to the secure world and an increased burden on the > folks that have to do security auditing and threat analysis. I see no > benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls. > >> > >> > >> > >> Please do let me know if you disagree and why. Look forward to > discussing on this thread or on the call. > >> > >> > >> > >> @Simon Glass - Thanks for the pointer to bloblist. I briefly > reviewed and it seems like a good baseline for what we may be looking for. > >> > >> > >> > >> That being said, I would say that there is some benefit in having > some kind of unique identifiers (e.g. UUID or some unique signature) so > that we can tie standardized data structures (based on some future TBD > specs) to a particular ID. For example, if the TPM driver in BL33 is > looking for the TPM structure in the HOB/BOB list, and may not care about > the other data blobs. The driver needs a way to identify and locate the > blob it cares about. > >> > >> > >> > >> The tag is intended to serve that purpose, although perhaps it > should switch from an auto-allocating enum to one with explicit values for > each entry and a range for 'local' use. > >> > >> > >> > >> I guess we can achieve this with the tag, but the problem with tag > when you have eco-system with a lot of parties doing parallel development, > you can end up with tag collisions and folks fighting about who has rights > to what tag values. We would need some official process for folks to > register tags for whatever new structures we define, or maybe some tag > range for vendor specific structures. This comes with a lot of pain and > bureaucracy. On the other hand, UUID has been a proven way to make it easy > to just define your own blobs with *either* standard or vendor specific > structures without worry of ID collisions between vendors. > >> > >> > >> > >> True. I think the pain is overstated, though. In this case I think > we actually want something that can be shared between projects and orgs, so > some amount of coordination could be considered a benefit. It could just be > a github pull request. I find the UUID unfriendly and not just to code size > and eyesight! Trying to discover what GUIDs mean or are valid is quite > tricky. E.g. see this code: > >> > >> > >> > >> #define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ > >> EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ > >> 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) > >> > >> (etc.) > >> > >> > >> > >> static struct guid_name { > >> efi_guid_t guid; > >> const char *name; > >> } guid_name[] = { > >> { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, > >> { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, > >> { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, > >> { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, > >> { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, > >> { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, > >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, > >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, > >> > >> (never figured out what those two are) > >> > >> > >> { FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, > >> { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, > >> { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, > >> { {}, "zero-guid" }, > >> {} > >> }; > >> > >> static const char *guid_to_name(const efi_guid_t *guid) > >> { > >> struct guid_name *entry; > >> > >> for (entry = guid_name; entry->name; entry++) { > >> if (!guidcmp(guid, &entry->guid)) > >> return entry->name; > >> } > >> > >> return NULL; > >> } > >> > >> > >> > >> Believe it or not it took a fair bit of effort to find just that > small list, with nearly every one in a separate doc, from memory. > >> > >> > >> > >> > >> > >> We can probably debate whether there is any value in GUID/UUID or > not during the call… but again, boblist seems like a reasonable starting > point as an alternative to HOB. > >> > >> > >> > >> Indeed. There is certainly value in both approaches. > >> > >> > >> > >> Regards, > >> > >> Simon > >> > >> > >> > >> > >> > >> Thanks, > >> > >> --Harb > >> > >> > >> > >> From: François Ozog <francois.ozog(a)linaro.org> > >> Sent: Tuesday, March 23, 2021 10:00 AM > >> To: François Ozog <francois.ozog(a)linaro.org>; Ron Minnich < > rminnich(a)google.com>; Paul Isaac's <paul.isaacs(a)linaro.org> > >> Cc: Simon Glass <sjg(a)chromium.org>; Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) > for information passing between boot stages > >> > >> > >> > >> +Ron Minnich +Paul Isaac's > >> > >> > >> > >> Adding Ron and Paul because I think this interface should be also > benefiting LinuxBoot efforts. > >> > >> > >> > >> On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A < > tf-a(a)lists.trustedfirmware.org> wrote: > >> > >> Hi, > >> > >> > >> > >> I propose we cover the topic at the next Trusted Substrate zoom > call on April 8th 4pm CET. > >> > >> > >> > >> The agenda: > >> > >> ABI between non-secure firmware and the rest of firmware (EL3, > S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions. > >> > >> runtime conditions here relates to DRAM size and topology > detection, secure DRAM memory carvings, PSCI and SCMI interface publishing. > >> > >> > >> > >> For additional background on existing metadata: UEFI Platform > Initialization Specification Version 1.7, 5.5 Resource Descriptor HOB > >> > >> Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY. > >> > >> This HOB lacks memory NUMA attachment or something that could be > related to fill SRAT table for ACPI or relevant DT proximity domains. > >> > >> HOB is not consistent accros platforms: some platforms (Arm) lists > memory from the booting NUMA node, other platforms (x86) lists all memory > from all NUMA nodes. (At least this is the case on the two platforms I > tested). > >> > >> > >> > >> There are two proposals to use memory structures from SPL/BLx up to > the handover function (as defined in the Device Tree technical report) > which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or > EDK2. > >> > >> I would propose we also discuss possibility of FF-A interface to > actually query information or request actions to be done (this is a model > actually used in some SoCs with proprietary SMC calls). > >> > >> > >> > >> Requirements (to be validated): > >> > >> - ACPI and DT hardware descriptions. > >> > >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2) > >> > >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2, > TF-A/LinuxBoot) > >> > >> - at least allows complete DRAM description and "persistent" usage > (reserved areas for secure world or other usages) > >> > >> - support secure world device assignment > >> > >> > >> > >> Cheers > >> > >> > >> > >> FF > >> > >> > >> > >> > >> > >> On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg(a)chromium.org> wrote: > >> > >> Hi, > >> > >> Can I suggest using bloblist for this instead? It is lightweight, > >> easier to parse, doesn't have GUIDs and is already used within > U-Boot > >> for passing info between SPL/U-Boot, etc. > >> > >> Docs here: > https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist > >> Header file describes the format: > >> https://github.com/u-boot/u-boot/blob/master/include/bloblist.h > >> > >> Full set of unit tests: > >> https://github.com/u-boot/u-boot/blob/master/test/bloblist.c > >> > >> Regards, > >> Simon > >> > >> On Mon, 22 Mar 2021 at 23:58, François Ozog < > francois.ozog(a)linaro.org> wrote: > >> > > >> > +Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org> > >> > > >> > standardization is very much welcomed here and need to > accommodate a very > >> > diverse set of situations. > >> > For example, TEE OS may need to pass memory reservations to BL33 > or > >> > "capture" a device for the secure world. > >> > > >> > I have observed a number of architectures: > >> > 1) pass information from BLx to BLy in the form of a specific > object > >> > 2) BLx called by BLy by a platform specific SMC to get information > >> > 3) BLx called by BLy by a platform specific SMC to perform Device > Tree > >> > fixups > >> > > >> > I also imagined a standardized "broadcast" FF-A call so that any > firmware > >> > element can either provide information or "do something". > >> > > >> > My understanding of your proposal is about standardizing on > architecture 1) > >> > with the HOB format. > >> > > >> > The advantage of the HOB is simplicity but it may be difficult to > implement > >> > schemes such as pruning a DT because device assignment in the > secure world. > >> > > >> > In any case, it looks feasible to have TF-A and OP-TEE complement > the list > >> > of HOBs to pass information downstream (the bootflow). > >> > > >> > It would be good to start with building the comprehensive list of > >> > information that need to be conveyed between firmware elements: > >> > > >> > information. | authoritative entity | reporting entity | > information > >> > exchanged: > >> > dram | TFA | TFA > | > >> > <format to be detailed, NUMA topology to build the SRAT table or > DT > >> > equivalent?> > >> > PSCI | SCP | TFA? > | > >> > SCMI | SCP or TEE-OS | TFA? TEE-OS?| > >> > secure SRAM | TFA. | TFA. | > >> > secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | > >> > other? | | > >> > | > >> > > >> > Cheers > >> > > >> > FF > >> > > >> > > >> > On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < > >> > tf-a(a)lists.trustedfirmware.org> wrote: > >> > > >> > > Hello Folks, > >> > > > >> > > > >> > > > >> > > I'm emailing to start an open discussion about the adoption of > a concept > >> > > known as "hand-off blocks" or HOB to become a part of the TF-A > Firmware > >> > > Framework Architecture (FFA). This is something that is a > pretty major > >> > > pain point when it comes to the adoption of TF-A in ARM Server > SoC’s > >> > > designed to enable a broad range of highly configurable > datacenter > >> > > platforms. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > What is a HOB (Background)? > >> > > > >> > > --------------------------- > >> > > > >> > > UEFI PI spec describes a particular definition for how HOB may > be used for > >> > > transitioning between the PEI and DXE boot phases, which is a > good > >> > > reference point for this discussion, but not necessarily the > exact solution > >> > > appropriate for TF-A. > >> > > > >> > > > >> > > > >> > > A HOB is simply a dynamically generated data structure passed > in between > >> > > two boot phases. This is information that was obtained through > discovery > >> > > and needs to be passed forward to the next boot phase *once*, > with no API > >> > > needed to call back (e.g. no call back into previous firmware > phase is > >> > > needed to fetch this information at run-time - it is simply > passed one time > >> > > during boot). > >> > > > >> > > > >> > > > >> > > There may be one or more HOBs passed in between boot phases. > If there are > >> > > more than one HOB that needs to be passed, this can be in a > form of a "HOB > >> > > table", which (for example) could be a UUID indexed array of > pointers to > >> > > HOB structures, used to locate a HOB of interest (based on > UUID). In such > >> > > cases, instead of passing a single HOB, the boot phases may > rely on passing > >> > > the pointer to the HOB table. > >> > > > >> > > > >> > > > >> > > This has been extremely useful concept to employ on highly > configurable > >> > > systems that must rely on flexible discovery mechanisms to > initialize and > >> > > boot the system. This is especially helpful when you have > multiple > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > Why do we need HOBs in TF-A?: > >> > > > >> > > ----------------------------- > >> > > > >> > > It is desirable that EL3 firmware (e.g. TF-A) built for ARM > Server SoC in > >> > > a way that is SoC specific *but* platform agnostic. This means > that a > >> > > single ARM SoC that a SiP may deliver to customers may provide > a single > >> > > TF-A binary (e.g. BL1, BL2, BL31) that could be used to support > a broad > >> > > range of platform designs and configurations in order to boot a > platform > >> > > specific firmware (e.g. BL33 and possibly even BL32 code). In > order to > >> > > achieve this, the platform configuration must be *discovered* > instead of > >> > > statically compiled as it is today in TF-A via device tree based > >> > > enumeration. The mechanisms of discovery may differ broadly > depending on > >> > > the relevant industry standard, or in some cases may have rely > on SiP > >> > > specific discovery flows. > >> > > > >> > > > >> > > > >> > > For example: On server systems that support a broad range DIMM > memory > >> > > population/topologies, all the necessary information required > to boot is > >> > > fully discovered via standard JEDEC Serial Presence Detect > (SPD) over an > >> > > I2C bus. Leveraging the SPD bus, may platform variants could > be supported > >> > > with a single TF-A binary. Not only is this information > required to > >> > > initialize memory in early boot phases (e.g. BL2), the > subsequent boot > >> > > phases will also need this SPD info to construct a system > physical address > >> > > map and properly initialize the MMU based on the memory > present, and where > >> > > the memory may be present. Subsequent boot phases (e.g. BL33 / > UEFI) may > >> > > need to generate standard firmware tables to the operating > systems, such as > >> > > SMBIOS tables describing DIMM topology and various ACPI tables > (e.g. SLIT, > >> > > SRAT, even NFIT if NVDIMM's are present). > >> > > > >> > > > >> > > > >> > > In short, it all starts with a standardized or vendor specific > discovery > >> > > flow in an early boot stage (e.g. BL1/BL2), followed by the > passing of > >> > > information to the next boot stages (e.g. BL31/BL32/BL33). > >> > > > >> > > > >> > > > >> > > Today, every HOB may be a vendor specific structure, but in the > future > >> > > there may be benefit of defining standard HOBs. This may be > useful for > >> > > memory discovery, passing the system physical address map, > enabling TPM > >> > > measured boot, and potentially many other common HOB use-cases. > >> > > > >> > > > >> > > > >> > > It would be extremely beneficial to the datacenter market > segment if the > >> > > TF-A community would adopt this concept of information passing > between all > >> > > boot phases as opposed to rely solely on device tree > enumeration. This is > >> > > not intended to replace device tree, rather intended as an > alternative way > >> > > to describe the info that must be discovered and dynamically > generated. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > Conclusion: > >> > > > >> > > ----------- > >> > > > >> > > We are proposing that the TF-A community begin pursuing the > adoption of > >> > > HOBs as a mechanism used for information exchange between each > boot stage > >> > > (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer > term we > >> > > want to explore standardizing some HOB structures for the BL33 > phase (e.g. > >> > > UEFI HOB structures), but initially would like to agree on this > being a > >> > > useful mechanism used to pass information between each boot > stage. > >> > > > >> > > > >> > > > >> > > Thanks, > >> > > > >> > > --Harb > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > -- > >> > > TF-A mailing list > >> > > TF-A(a)lists.trustedfirmware.org > >> > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > > > >> > > >> > > >> > -- > >> > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing > Group* > >> > T: +33.67221.6485 > >> > francois.ozog(a)linaro.org | Skype: ffozog > >> > _______________________________________________ > >> > boot-architecture mailing list > >> > boot-architecture(a)lists.linaro.org > >> > https://lists.linaro.org/mailman/listinfo/boot-architecture > >> > >> > >> > >> > >> -- > >> > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group > >> > >> T: +33.67221.6485 > >> francois.ozog(a)linaro.org | Skype: ffozog > >> > >> > >> > >> -- > >> TF-A mailing list > >> TF-A(a)lists.trustedfirmware.org > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > >> > >> > >> > >> -- > >> > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group > >> > >> T: +33.67221.6485 > >> francois.ozog(a)linaro.org | Skype: ffozog > >> > >> > >> > >> -- > >> TF-A mailing list > >> TF-A(a)lists.trustedfirmware.org > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > >> -- > >> TF-A mailing list > >> TF-A(a)lists.trustedfirmware.org > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > >> > >> > >> > >> -- > >> > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group > >> > >> T: +33.67221.6485 > >> francois.ozog(a)linaro.org | Skype: ffozog > >> > >> > > > > -- > > TF-A mailing list > > TF-A(a)lists.trustedfirmware.org > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

4 years, 7 months

1
0
0 0

Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by François Ozog

Le mer. 19 mai 2021 à 23:51, Jeremy Linton via TF-A < tf-a(a)lists.trustedfirmware.org> a écrit : > On 5/18/21 8:59 PM, Madhukar Pappireddy via TF-A wrote: > > Hi, > > > > I tried to summarize the discussions in the previous TF-A tech forum > regarding the proposal to adopt Hand-off Blocks (HOBs) for passing > information along the boot chain. I am certain I could not capture all > suggestions/concerns brought up during the call. I apologize if I missed > and/or misinterpreted any comments and would appreciate it if everyone > could share their thoughts in response to this email thread. > > > > The idea is to share information to other boot phases: > >> Dynamic information: Created during runtime. Shared in the form of a > chain of blobs(built as a linked list of C structure objects i.e., HOB > list). > >> Static information: Known at compile time. Historically, shared through > the use of Device Tree/ACPI tables > > > > Both the above requirements are common in many ecosystems and need to > co-exist. > > > > There are broadly 3 problems to solve: > > 1. Format of HOB structures: It looks like the consensus is that we > could use existing mechanisms for this (BL_AUX_PARAM in TF-A or bloblist in > u-boot). > > 2. Identification of HOB list entries: There is a debate about whether > tags would suffice or if the HOB list producer and consumer would depend on > UUID/GUIDs for identifying a specific HOB structure. Another suggestion was > to use a hybrid approach. Reserve a single tag ID for > identifying/constructing a HOB structure that further leverages UUID based > identifier. This way, the generic HOB list doesn't need to support UUIDs > and can work with tags. > > 3. The design contract for the static interface between two boot phases: > The problem at hand is whether to pass a pointer to a HOB list or a device > tree blob through the general-purpose registers for configuration hand-off > between two boot phases. Some proposals that came up: > > > Proposal 1: Always pass a pointer to the device tree blob > through the GP register and capture the pointer to the HOB list as a > property of a node that is uniquely identifiable by the downstream boot > phase. This needs to define a device tree binding such that producer and > consumer agree on the information passed. > > > Using DT to pass platform info at this level is sort of crazy on an ACPI > machine which won't have native DTs. Meaning there is an additional > level of unnecessary indirection that needs to be converted back into a > format which can be utilized by AML and other parts of the ACPI stack. I would love the BL33 becomes a product maker (using a board vendor product) decision: using EDK2, U-Boot, LinuxBoot or even Xen directly as BL33. If this is a goal , then there will be a need for a translation layer between the firmware framework (tfa, core boot, uboot SPL) formats and the non secure firmware format. If this is not a goal then I agree that passing a DT in an ACPI system is suboptimal. That said there is a UEFI PI HOB that is a DT container and used in existing systems. And conversely, in systems with complex MDIO or other hardware without ACPI representation (serdes), it does not make sense to bring ACPI stuff. The easiest path is to not give a choice of BL33 and have a format for each “realm”: DT or ACPI. > > Its also helpful to look at what has become of the rpi4 uefi port, where > the DT is actually dynamic (or provided by the user, complete with HAT > overlays) and fed into the lower level firmware and propagated up > through the system. The result has frequently been subtle bugs or boot > failures because the DT provided by the rpi foundation as part of their > low level firwmare+kernel stack is modified by their low level firwmare, > and it differs from the DT in mainline linux. So more than once we have > discovered that there isn't a single DT that can be boot both the > current firmware and a current mainline linux. In the past there was > even an option to use one DT for the firmware and an entirely seperate > one for linux, but that was removed when it bacame apparent you couldn't > have the lower level firmwaer say modifying MMIO windows for the PCIe > subsystem and not propogate that into the other user supplied DT. > ACPI shows that firmware provided hardware description makes life easier. That’s why Arm SystemReady-IR states that it should be the case for DT too. RPI4 and beaglebone have had different strategies and each with good and bad things. The Linaro Device Tree Evolution open project is tackling diverse aspects of DT including proper handling hats, and other runtime adaptations. > > At this point the uefi firmware on the rpi will provide a DT if asked, > but it doesn't parse it nor does anything in the AML. Instead everything > is done directly against the hardware, even when the HW registers aren't > well documented.That is in large parts because the AML requirements are > a lot different than what is provided in the DT. > > > > > > Proposal 2: Pass a pointer to a generic container through the GP > register that can be interpreted appropriately by both boot loaders(i.e., > producer and consumer of the boot info). This container can either be a dtb > or a HOB list which can be simply inferred by checking for a magic header > that indicates if the buffer appears to be a flattened device tree. > > > One another concern that was brought up offline is to make sure > we don't break current design contracts between various boot loader phases > in TF-A. Many of the general-purpose registers have a designated purpose > such as to share configurations between BL images( such as firmware config > dtb, SoC config dtb, Non trusted firmware config dtb, memory layout, entry > point info, etc.). > > > > If I am not mistaken, a single design may not fit the needs of every > segment(client, Infra, embedded) and the forum is open to solutions > tailored for individual segments. Joanna will be sending a follow up email > with more information about future TF-A tech forums that serves as a > platform for further discussions. > > > > Thanks, > > Madhukar > > > > -----Original Message----- > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna > Farley via TF-A > > Sent: Sunday, May 16, 2021 5:19 AM > > To: Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass < > sjg(a)chromium.org> > > Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot > Architecture Mailman List <boot-architecture(a)lists.linaro.org>; > tf-a(a)lists.trustedfirmware.org; Ed Stuber <edstuber(a)amperecomputing.com>; > Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List < > u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich > <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> > > Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for > information passing between boot stages > > > > Apologies I failed with the recording. Manish/Madhu will reply early > next week with the slides and some notes to help with a follow up session > which we hope to hold this Thursday. Invite and agenda will also be sent > out early next week. > > > > Thanks > > > > Joanna > > > > On 14/05/2021, 13:30, "TF-A on behalf of Okash Khawaja via TF-A" < > tf-a-bounces(a)lists.trustedfirmware.org on behalf of > tf-a(a)lists.trustedfirmware.org> wrote: > > > > Hi, > > > > Do we have slides and video from last week's discussion? > > > > Thanks, > > Okash > > > > > > On Wed, May 5, 2021 at 11:52 PM Simon Glass via TF-A > > <tf-a(a)lists.trustedfirmware.org> wrote: > > > > > > Hi Harb, > > > > > > Thanks for the idea. I am still not completely sure what benefit > UUID provides to an open project. I'd like to propose something different, > more in the spirit of open collaboration. I also worry that the word > 'standard' seems to be a synonym for UUIDs, UEFI, etc., i.e. > enabling/preferring closed-source firmware and the continued decline of > open-source projects. It really should not be. > > > > > > So I suggest: Use simple integer IDs and reserve some area for > 'private' use. If you want to collaborate across projects outside your > company, you either need to allocate a 'public' ID or agree privately > between the parties which private ID to use. > > > > > > This means that the default and easiest option is for > collaboration and a public ID, with private ones (whose purpose may be > secret) reserved just for private use. > > > > > > Regards, > > > Simon > > > > > > On Wed, 5 May 2021 at 11:42, Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com> wrote: > > >> > > >> Hey Folks, > > >> > > >> We wanted to put out a middle-ground proposal to help guide the > discussion on the call tomorrow. > > >> > > >> > > >> > > >> A proposal that we have been discussing offline involves > reserving a single tag ID for the purpose of construction UEFI PI HOB List > structure, and that tag would be used to identify a HOB-specific structure > that does leverage UUID based identifier. This will eliminate the burden > of having to support UUID as the tag, and this enables projects that > require UUID based identifiers for the broad range of HOB structures that > need to be produced during the booting of the platform. Once we have a tag > for a HOB list, this will enable various HOB producers that can add/extend > the HOB list in TF-A code (or even pre-TF-A code), with a HOB consumer for > that UUID/GUID on the other side (i.e. whatever the BL33 image is booting > on that platform). > > >> > > >> > > >> > > >> Essentially, the idea is if someone would like to support HOB > structures in a standard way using TF-A, they would wrap it up in a > BL_AUX_PARAM/BLOB structure (whatever the group decides) and the way we > identify the structure as a HOB list is with this new reserved tag. > > >> > > >> > > >> > > >> Hopefully that makes sense and less contentious. Look forward > to discuss this further on the call. > > >> > > >> > > >> > > >> Thanks, > > >> > > >> --Harb > > >> > > >> > > >> > > >> From: Manish Pandey2 <Manish.Pandey2(a)arm.com> > > >> Sent: Friday, April 30, 2021 8:14 AM > > >> To: François Ozog <francois.ozog(a)linaro.org> > > >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner < > jwerner(a)chromium.org>; Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; > U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's < > paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks > (HOBs) for information passing between boot stages > > >> > > >> > > >> > > >> Hi All, > > >> > > >> > > >> > > >> Please find invite for next TF-A Tech Forum session to continue > our discussions on HOB implementation, feel free to forward it to others. > > >> > > >> > > >> > > >> The next TF-A Tech Forum is scheduled for Thu 6th May 2021 16:00 > – 17:00 (BST). > > >> > > >> > > >> > > >> Agenda: > > >> > > >> Discussion Session: Static and Dynamic Information Handling in > TF-A > > >> > > >> Lead by Manish Pandey and Madhukar Pappireddy > > >> > > >> · There is ongoing mailing lists discussion[1] related > with adopting a mechanism to pass information through boot stages. > > >> > > >> The requirement is two-fold: > > >> > > >> 1. Passing static information(config files) > > >> > > >> 2. Passing dynamic information (Hob list) > > >> > > >> In the upcoming TF-A tech forum, we can start with a discussion > on dynamic information passing and if time permits, we can cover static > information passing. The purpose of the call is to have an open discussion > and continue the discussion from the trusted-substrate call[2] done > earlier. We would like to understand the various requirements and possible > ways to implement it in TF-A in a generalized way so that it can work with > other Firmware projects. > > >> > > >> > > >> > > >> The two specific item which we would like to discuss are: > > >> > > >> 1. HOB format: TF-A/u-boot both has an existing bloblist > implementation, which uses tag values. Question, can this be enhanced to > use hybrid values(Tag and UUID) both? > > >> > > >> 2. Standardization on Physical register use to pass base of > HoB data structure. > > >> > > >> References: > > >> > > >> [1] > https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html > > >> > > >> [2] > https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… > Passcode: IPn+5q% > > >> > > >> > > >> > > >> Thanks > > >> > > >> > > >> > > >> Joanna > > >> > > >> > > >> > > >> You have been invited to the following event. > > >> > > >> TF-A Tech Forum > > >> > > >> When > > >> > > >> Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time > > >> > > >> Calendar > > >> > > >> tf-a(a)lists.trustedfirmware.org > > >> > > >> Who > > >> > > >> • > > >> > > >> Bill Fletcher- creator > > >> > > >> • > > >> > > >> tf-a(a)lists.trustedfirmware.org > > >> > > >> more details » > > >> > > >> > > >> > > >> We run an open technical forum call for anyone to participate > and it is not restricted to Trusted Firmware project members. It will > operate under the guidance of the TF TSC. > > >> > > >> > > >> > > >> Feel free to forward this invite to colleagues. Invites are via > the TF-A mailing list and also published on the Trusted Firmware website. > Details are here: > https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ > > >> > > >> > > >> > > >> Trusted Firmware is inviting you to a scheduled Zoom meeting. > > >> > > >> > > >> > > >> Join Zoom Meeting > > >> > > >> https://zoom.us/j/9159704974 > > >> > > >> > > >> > > >> Meeting ID: 915 970 4974 > > >> > > >> > > >> > > >> One tap mobile > > >> > > >> +16465588656,,9159704974# US (New York) > > >> > > >> +16699009128,,9159704974# US (San Jose) > > >> > > >> > > >> > > >> Dial by your location > > >> > > >> +1 646 558 8656 US (New York) > > >> > > >> +1 669 900 9128 US (San Jose) > > >> > > >> 877 853 5247 US Toll-free > > >> > > >> 888 788 0099 US Toll-free > > >> > > >> Meeting ID: 915 970 4974 > > >> > > >> Find your local number: https://zoom.us/u/ad27hc6t7h > > >> > > >> > > >> > > >> ________________________________ > > >> > > >> From: François Ozog <francois.ozog(a)linaro.org> > > >> Sent: 08 April 2021 16:50 > > >> To: Manish Pandey2 <Manish.Pandey2(a)arm.com> > > >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner < > jwerner(a)chromium.org>; Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org < > tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; > Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks > (HOBs) for information passing between boot stages > > >> > > >> > > >> > > >> Hi > > >> > > >> > > >> > > >> here is the meeting recording: > > >> > > >> > https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… > Passcode: IPn+5q%z > > >> > > >> > > >> > > >> I am really sorry about the confusion related to the meeting > time. I have now understood: the Collaborate portal uses a specific > calendar which is tied to US/Chicago timezone while the actual Google > Calendar is tied to Central Europe timezone. I am going to drop the > Collaborate portal and use a shared Google calendar (it should be visible > on the trusted-substrate.org page). > > >> > > >> > > >> > > >> I'll try to summarize what I learnt and highlight my view on > what can be next steps in a future mail. > > >> > > >> > > >> > > >> Cheers > > >> > > >> > > >> > > >> FF > > >> > > >> > > >> > > >> On Thu, 8 Apr 2021 at 13:56, Manish Pandey2 via TF-A < > tf-a(a)lists.trustedfirmware.org> wrote: > > >> > > >> Hi, > > >> > > >> > > >> > > >> From TF-A project point of view, we prefer to use existing > mechanism to pass parameters across boot stages using linked list of tagged > elements (as suggested by Julius). It has support for both generic and > SiP-specific tags. Having said that, it does not stop partners to introduce > new mechanisms suitable for their usecase in platform port initially and > later move to generic code if its suitable for other platforms. > > >> > > >> > > >> > > >> To start with, Ampere can introduce a platform specific > implementation of memory tag(speed/NUMA topology etc) which can be > evaluated and discussed for generalization in future. The tag will be > populated in BL2 stage and can be forwarded to further stages(and to BL33) > by passing the head of list pointer in one of the registers. Initially any > register can be used but going forward a standardization will be needed. > > >> > > >> > > >> > > >> The U-boot bloblist mentioned by Simon is conceptually similar > to what TF-A is using, if there is consensus of using bloblist/taglist > then TF-A tag list may be enhanced to take best of both the implementations. > > >> > > >> > > >> > > >> One of the potential problems of having structure used in > different projects is maintainability, this can be avoided by having a > single copy of these structures in TF-A (kept inside "include/export" which > intended to be used by other projects.) > > >> > > >> > > >> > > >> Regarding usage of either UUID or tag, I echo the sentiments of > Simon and Julius to keep it simple and use tag values. > > >> > > >> > > >> > > >> Looking forward to having further discussions on zoom call today. > > >> > > >> > > >> > > >> Thanks > > >> > > >> Manish P > > >> > > >> > > >> > > >> ________________________________ > > >> > > >> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf > of Julius Werner via TF-A <tf-a(a)lists.trustedfirmware.org> > > >> Sent: 25 March 2021 02:43 > > >> To: Simon Glass <sjg(a)chromium.org> > > >> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; > Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; > tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot > Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; > Ron Minnich <rminnich(a)google.com> > > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks > (HOBs) for information passing between boot stages > > >> > > >> > > >> > > >> Just want to point out that TF-A currently already supports a > (very simple) mechanism like this: > > >> > > >> > > >> > > >> > https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > > >> > > >> > https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > > >> > > >> > https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > > >> > > >> > > >> > > >> It's just a linked list of tagged elements. The tag space is > split into TF-A-wide generic tags and SiP-specific tags (with plenty of > room to spare if more areas need to be defined -- a 64-bit tag can fit a > lot). This is currently being used by some platforms that run coreboot in > place of BL1/BL2, to pass information from coreboot (BL2) to BL31. > > >> > > >> > > >> > > >> I would echo Simon's sentiment of keeping this as simple as > possible and avoiding complicated and bloated data structures with UUIDs. > You usually want to parse something like this as early as possible in the > passed-to firmware stage, particularly if the structure encodes information > about the debug console (like it does for the platforms I mentioned above). > For example, in BL31 this basically means doing it right after moving from > assembly to C in bl31_early_platform_setup2() to get the console up before > running anything else. At that point in the BL31 initialization, the MMU > and caches are disabled, so data accesses are pretty expensive and you > don't want to spend a lot of parsing effort or calculate complicated > checksums or the like. You just want something extremely simple where you > ideally have to touch every data word only once. > > >> > > >> > > >> > > >> On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A < > tf-a(a)lists.trustedfirmware.org> wrote: > > >> > > >> Hi Harb, > > >> > > >> > > >> > > >> On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com> wrote: > > >> > > >> Hello Folks, > > >> > > >> Appreciate the feedback and replies on this. Glad to see that > there is interest in this topic. > > >> > > >> > > >> > > >> I try to address the comments/feedback from Francois and Simon > below…. > > >> > > >> > > >> > > >> @François Ozog – happy to discuss this on a zoom call. I will > make that time slot work, and will be available to attend April 8, 4pm CT. > > >> > > >> > > >> > > >> Note that I’m using the term “HOB” here more generically, as > there are typically vendor specific structures beyond the resource > descriptor HOB, which provides only a small subset of the information that > needs to be passed between the boot phases. > > >> > > >> > > >> > > >> The whole point here is to provide mechanism to develop firmware > that we can build ARM Server SoC’s that support *any* BL33 payload (e.g. > EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at > some point). In other-words, we are trying to come up with a TF-A that > would be completely agnostic to the implementation of BL33 (i.e. BL33 is > built completely independently by a separate entity – e.g. an ODM/OEM). > > >> > > >> > > >> > > >> Keep in mind, in the server/datacenter market segment we are not > building vertically integrated systems with a single entity compiling > firmware/software stacks like most folks in TF-A have become use to. There > are two categories of higher level firmware code blobs in the > server/datacenter model: > > >> > > >> “SoC” or “silicon” firmware – in TF-A this may map to BL1, BL2, > BL31, and *possibly* one or more BL32 instances > > >> “Platform” or “board” firmware – in TF-A this may map to BL33 > and *possibly* one or more BL32 instances. > > >> > > >> > > >> > > >> Even the platform firmware stack could be further fragmented by > having multiple entities involved in delivering the entire firmware stack: > IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code. > > >> > > >> > > >> > > >> To support a broad range of platform designs with a broad range > of memory devices, we need a crisp and clear contract between the SoC > firmware that initializes memory (e.g. BL2) and how that platform boot > firmware (e.g. BL33) gathers information about what memory that was > initialized, at what speeds, NUMA topology, and many other relevant > information that needs to be known and comprehended by the platform > firmware and eventually by the platform software. > > >> > > >> > > >> > > >> I understand the versatility of DT, but I see two major problems > with DT: > > >> > > >> DT requires more complicated parsing to get properties, and even > more complex to dynamically set properties – this HOB structures may need > to be generated in boot phases where DDR is not available, and therefore we > will be extremely memory constrained. > > >> DT is probably overkill for this purpose – We really just want a > list of pointers to simple C structures that code cast (e.g. JEDEC SPD data > blob) > > >> > > >> > > >> > > >> I think that we should not mix the efforts around DT/ACPI specs > with what we are doing here, because those specs and concepts were > developed for a completely different purpose (i.e. abstractions needed for > OS / RTOS software, and not necessarily suitable for firmware-to-firmware > hand-offs). > > >> > > >> > > >> > > >> Frankly, I would personally push back pretty hard on defining > SMC’s for something that should be one way information passing. Every SMC > we add is another attack vector to the secure world and an increased burden > on the folks that have to do security auditing and threat analysis. I see > no benefit in exposing these boot/HOB/BOB structures at run-time via SMC > calls. > > >> > > >> > > >> > > >> Please do let me know if you disagree and why. Look forward to > discussing on this thread or on the call. > > >> > > >> > > >> > > >> @Simon Glass - Thanks for the pointer to bloblist. I briefly > reviewed and it seems like a good baseline for what we may be looking for. > > >> > > >> > > >> > > >> That being said, I would say that there is some benefit in > having some kind of unique identifiers (e.g. UUID or some unique signature) > so that we can tie standardized data structures (based on some future TBD > specs) to a particular ID. For example, if the TPM driver in BL33 is > looking for the TPM structure in the HOB/BOB list, and may not care about > the other data blobs. The driver needs a way to identify and locate the > blob it cares about. > > >> > > >> > > >> > > >> The tag is intended to serve that purpose, although perhaps it > should switch from an auto-allocating enum to one with explicit values for > each entry and a range for 'local' use. > > >> > > >> > > >> > > >> I guess we can achieve this with the tag, but the problem with > tag when you have eco-system with a lot of parties doing parallel > development, you can end up with tag collisions and folks fighting about > who has rights to what tag values. We would need some official process for > folks to register tags for whatever new structures we define, or maybe some > tag range for vendor specific structures. This comes with a lot of pain > and bureaucracy. On the other hand, UUID has been a proven way to make it > easy to just define your own blobs with *either* standard or vendor > specific structures without worry of ID collisions between vendors. > > >> > > >> > > >> > > >> True. I think the pain is overstated, though. In this case I > think we actually want something that can be shared between projects and > orgs, so some amount of coordination could be considered a benefit. It > could just be a github pull request. I find the UUID unfriendly and not > just to code size and eyesight! Trying to discover what GUIDs mean or are > valid is quite tricky. E.g. see this code: > > >> > > >> > > >> > > >> #define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ > > >> EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ > > >> 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) > > >> > > >> (etc.) > > >> > > >> > > >> > > >> static struct guid_name { > > >> efi_guid_t guid; > > >> const char *name; > > >> } guid_name[] = { > > >> { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, > > >> { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, > > >> { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" > }, > > >> { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, > > >> { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, > > >> { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, > > >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database > ea" }, > > >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database > 9b" }, > > >> > > >> (never figured out what those two are) > > >> > > >> > > >> { FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, > > >> { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, > > >> { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" > }, > > >> { {}, "zero-guid" }, > > >> {} > > >> }; > > >> > > >> static const char *guid_to_name(const efi_guid_t *guid) > > >> { > > >> struct guid_name *entry; > > >> > > >> for (entry = guid_name; entry->name; entry++) { > > >> if (!guidcmp(guid, &entry->guid)) > > >> return entry->name; > > >> } > > >> > > >> return NULL; > > >> } > > >> > > >> > > >> > > >> Believe it or not it took a fair bit of effort to find just that > small list, with nearly every one in a separate doc, from memory. > > >> > > >> > > >> > > >> > > >> > > >> We can probably debate whether there is any value in GUID/UUID > or not during the call… but again, boblist seems like a reasonable starting > point as an alternative to HOB. > > >> > > >> > > >> > > >> Indeed. There is certainly value in both approaches. > > >> > > >> > > >> > > >> Regards, > > >> > > >> Simon > > >> > > >> > > >> > > >> > > >> > > >> Thanks, > > >> > > >> --Harb > > >> > > >> > > >> > > >> From: François Ozog <francois.ozog(a)linaro.org> > > >> Sent: Tuesday, March 23, 2021 10:00 AM > > >> To: François Ozog <francois.ozog(a)linaro.org>; Ron Minnich < > rminnich(a)google.com>; Paul Isaac's <paul.isaacs(a)linaro.org> > > >> Cc: Simon Glass <sjg(a)chromium.org>; Harb Abdulhamid OS < > abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org > > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks > (HOBs) for information passing between boot stages > > >> > > >> > > >> > > >> +Ron Minnich +Paul Isaac's > > >> > > >> > > >> > > >> Adding Ron and Paul because I think this interface should be > also benefiting LinuxBoot efforts. > > >> > > >> > > >> > > >> On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A < > tf-a(a)lists.trustedfirmware.org> wrote: > > >> > > >> Hi, > > >> > > >> > > >> > > >> I propose we cover the topic at the next Trusted Substrate > zoom call on April 8th 4pm CET. > > >> > > >> > > >> > > >> The agenda: > > >> > > >> ABI between non-secure firmware and the rest of firmware (EL3, > S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions. > > >> > > >> runtime conditions here relates to DRAM size and topology > detection, secure DRAM memory carvings, PSCI and SCMI interface publishing. > > >> > > >> > > >> > > >> For additional background on existing metadata: UEFI Platform > Initialization Specification Version 1.7, 5.5 Resource Descriptor HOB > > >> > > >> Out of the ResourceType we care about is > EFI_RESOURCE_SYSTEM_MEMORY. > > >> > > >> This HOB lacks memory NUMA attachment or something that could be > related to fill SRAT table for ACPI or relevant DT proximity domains. > > >> > > >> HOB is not consistent accros platforms: some platforms (Arm) > lists memory from the booting NUMA node, other platforms (x86) lists all > memory from all NUMA nodes. (At least this is the case on the two platforms > I tested). > > >> > > >> > > >> > > >> There are two proposals to use memory structures from SPL/BLx up > to the handover function (as defined in the Device Tree technical report) > which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or > EDK2. > > >> > > >> I would propose we also discuss possibility of FF-A interface to > actually query information or request actions to be done (this is a model > actually used in some SoCs with proprietary SMC calls). > > >> > > >> > > >> > > >> Requirements (to be validated): > > >> > > >> - ACPI and DT hardware descriptions. > > >> > > >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2) > > >> > > >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, > TF-A/EDK2, TF-A/LinuxBoot) > > >> > > >> - at least allows complete DRAM description and "persistent" > usage (reserved areas for secure world or other usages) > > >> > > >> - support secure world device assignment > > >> > > >> > > >> > > >> Cheers > > >> > > >> > > >> > > >> FF > > >> > > >> > > >> > > >> > > >> > > >> On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg(a)chromium.org> > wrote: > > >> > > >> Hi, > > >> > > >> Can I suggest using bloblist for this instead? It is lightweight, > > >> easier to parse, doesn't have GUIDs and is already used within > U-Boot > > >> for passing info between SPL/U-Boot, etc. > > >> > > >> Docs here: > https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist > > >> Header file describes the format: > > >> https://github.com/u-boot/u-boot/blob/master/include/bloblist.h > > >> > > >> Full set of unit tests: > > >> https://github.com/u-boot/u-boot/blob/master/test/bloblist.c > > >> > > >> Regards, > > >> Simon > > >> > > >> On Mon, 22 Mar 2021 at 23:58, François Ozog < > francois.ozog(a)linaro.org> wrote: > > >> > > > >> > +Boot Architecture Mailman List < > boot-architecture(a)lists.linaro.org> > > >> > > > >> > standardization is very much welcomed here and need to > accommodate a very > > >> > diverse set of situations. > > >> > For example, TEE OS may need to pass memory reservations to > BL33 or > > >> > "capture" a device for the secure world. > > >> > > > >> > I have observed a number of architectures: > > >> > 1) pass information from BLx to BLy in the form of a specific > object > > >> > 2) BLx called by BLy by a platform specific SMC to get > information > > >> > 3) BLx called by BLy by a platform specific SMC to perform > Device Tree > > >> > fixups > > >> > > > >> > I also imagined a standardized "broadcast" FF-A call so that > any firmware > > >> > element can either provide information or "do something". > > >> > > > >> > My understanding of your proposal is about standardizing on > architecture 1) > > >> > with the HOB format. > > >> > > > >> > The advantage of the HOB is simplicity but it may be difficult > to implement > > >> > schemes such as pruning a DT because device assignment in the > secure world. > > >> > > > >> > In any case, it looks feasible to have TF-A and OP-TEE > complement the list > > >> > of HOBs to pass information downstream (the bootflow). > > >> > > > >> > It would be good to start with building the comprehensive list > of > > >> > information that need to be conveyed between firmware elements: > > >> > > > >> > information. | authoritative entity | reporting entity | > information > > >> > exchanged: > > >> > dram | TFA | TFA > | > > >> > <format to be detailed, NUMA topology to build the SRAT table > or DT > > >> > equivalent?> > > >> > PSCI | SCP | TFA? > | > > >> > SCMI | SCP or TEE-OS | TFA? TEE-OS?| > > >> > secure SRAM | TFA. | TFA. > | > > >> > secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | > > >> > other? | | > > >> > | > > >> > > > >> > Cheers > > >> > > > >> > FF > > >> > > > >> > > > >> > On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < > > >> > tf-a(a)lists.trustedfirmware.org> wrote: > > >> > > > >> > > Hello Folks, > > >> > > > > >> > > > > >> > > > > >> > > I'm emailing to start an open discussion about the adoption > of a concept > > >> > > known as "hand-off blocks" or HOB to become a part of the > TF-A Firmware > > >> > > Framework Architecture (FFA). This is something that is a > pretty major > > >> > > pain point when it comes to the adoption of TF-A in ARM > Server SoC’s > > >> > > designed to enable a broad range of highly configurable > datacenter > > >> > > platforms. > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > What is a HOB (Background)? > > >> > > > > >> > > --------------------------- > > >> > > > > >> > > UEFI PI spec describes a particular definition for how HOB > may be used for > > >> > > transitioning between the PEI and DXE boot phases, which is > a good > > >> > > reference point for this discussion, but not necessarily the > exact solution > > >> > > appropriate for TF-A. > > >> > > > > >> > > > > >> > > > > >> > > A HOB is simply a dynamically generated data structure > passed in between > > >> > > two boot phases. This is information that was obtained > through discovery > > >> > > and needs to be passed forward to the next boot phase > *once*, with no API > > >> > > needed to call back (e.g. no call back into previous > firmware phase is > > >> > > needed to fetch this information at run-time - it is simply > passed one time > > >> > > during boot). > > >> > > > > >> > > > > >> > > > > >> > > There may be one or more HOBs passed in between boot > phases. If there are > > >> > > more than one HOB that needs to be passed, this can be in a > form of a "HOB > > >> > > table", which (for example) could be a UUID indexed array of > pointers to > > >> > > HOB structures, used to locate a HOB of interest (based on > UUID). In such > > >> > > cases, instead of passing a single HOB, the boot phases may > rely on passing > > >> > > the pointer to the HOB table. > > >> > > > > >> > > > > >> > > > > >> > > This has been extremely useful concept to employ on highly > configurable > > >> > > systems that must rely on flexible discovery mechanisms to > initialize and > > >> > > boot the system. This is especially helpful when you have > multiple > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > Why do we need HOBs in TF-A?: > > >> > > > > >> > > ----------------------------- > > >> > > > > >> > > It is desirable that EL3 firmware (e.g. TF-A) built for ARM > Server SoC in > > >> > > a way that is SoC specific *but* platform agnostic. This > means that a > > >> > > single ARM SoC that a SiP may deliver to customers may > provide a single > > >> > > TF-A binary (e.g. BL1, BL2, BL31) that could be used to > support a broad > > >> > > range of platform designs and configurations in order to > boot a platform > > >> > > specific firmware (e.g. BL33 and possibly even BL32 code). > In order to > > >> > > achieve this, the platform configuration must be > *discovered* instead of > > >> > > statically compiled as it is today in TF-A via device tree > based > > >> > > enumeration. The mechanisms of discovery may differ broadly > depending on > > >> > > the relevant industry standard, or in some cases may have > rely on SiP > > >> > > specific discovery flows. > > >> > > > > >> > > > > >> > > > > >> > > For example: On server systems that support a broad range > DIMM memory > > >> > > population/topologies, all the necessary information > required to boot is > > >> > > fully discovered via standard JEDEC Serial Presence Detect > (SPD) over an > > >> > > I2C bus. Leveraging the SPD bus, may platform variants > could be supported > > >> > > with a single TF-A binary. Not only is this information > required to > > >> > > initialize memory in early boot phases (e.g. BL2), the > subsequent boot > > >> > > phases will also need this SPD info to construct a system > physical address > > >> > > map and properly initialize the MMU based on the memory > present, and where > > >> > > the memory may be present. Subsequent boot phases (e.g. > BL33 / UEFI) may > > >> > > need to generate standard firmware tables to the operating > systems, such as > > >> > > SMBIOS tables describing DIMM topology and various ACPI > tables (e.g. SLIT, > > >> > > SRAT, even NFIT if NVDIMM's are present). > > >> > > > > >> > > > > >> > > > > >> > > In short, it all starts with a standardized or vendor > specific discovery > > >> > > flow in an early boot stage (e.g. BL1/BL2), followed by the > passing of > > >> > > information to the next boot stages (e.g. BL31/BL32/BL33). > > >> > > > > >> > > > > >> > > > > >> > > Today, every HOB may be a vendor specific structure, but in > the future > > >> > > there may be benefit of defining standard HOBs. This may be > useful for > > >> > > memory discovery, passing the system physical address map, > enabling TPM > > >> > > measured boot, and potentially many other common HOB > use-cases. > > >> > > > > >> > > > > >> > > > > >> > > It would be extremely beneficial to the datacenter market > segment if the > > >> > > TF-A community would adopt this concept of information > passing between all > > >> > > boot phases as opposed to rely solely on device tree > enumeration. This is > > >> > > not intended to replace device tree, rather intended as an > alternative way > > >> > > to describe the info that must be discovered and dynamically > generated. > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > Conclusion: > > >> > > > > >> > > ----------- > > >> > > > > >> > > We are proposing that the TF-A community begin pursuing the > adoption of > > >> > > HOBs as a mechanism used for information exchange between > each boot stage > > >> > > (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? > Longer term we > > >> > > want to explore standardizing some HOB structures for the > BL33 phase (e.g. > > >> > > UEFI HOB structures), but initially would like to agree on > this being a > > >> > > useful mechanism used to pass information between each boot > stage. > > >> > > > > >> > > > > >> > > > > >> > > Thanks, > > >> > > > > >> > > --Harb > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > -- > > >> > > TF-A mailing list > > >> > > TF-A(a)lists.trustedfirmware.org > > >> > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > >> > > > > >> > > > >> > > > >> > -- > > >> > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing > Group* > > >> > T: +33.67221.6485 > > >> > francois.ozog(a)linaro.org | Skype: ffozog > > >> > _______________________________________________ > > >> > boot-architecture mailing list > > >> > boot-architecture(a)lists.linaro.org > > >> > https://lists.linaro.org/mailman/listinfo/boot-architecture > > >> > > >> > > >> > > >> > > >> -- > > >> > > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing > Group > > >> > > >> T: +33.67221.6485 > > >> francois.ozog(a)linaro.org | Skype: ffozog > > >> > > >> > > >> > > >> -- > > >> TF-A mailing list > > >> TF-A(a)lists.trustedfirmware.org > > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > >> > > >> > > >> > > >> > > >> -- > > >> > > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing > Group > > >> > > >> T: +33.67221.6485 > > >> francois.ozog(a)linaro.org | Skype: ffozog > > >> > > >> > > >> > > >> -- > > >> TF-A mailing list > > >> TF-A(a)lists.trustedfirmware.org > > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > >> > > >> -- > > >> TF-A mailing list > > >> TF-A(a)lists.trustedfirmware.org > > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > >> > > >> > > >> > > >> > > >> -- > > >> > > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing > Group > > >> > > >> T: +33.67221.6485 > > >> francois.ozog(a)linaro.org | Skype: ffozog > > >> > > >> > > > > > > -- > > > TF-A mailing list > > > TF-A(a)lists.trustedfirmware.org > > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > -- > > TF-A mailing list > > TF-A(a)lists.trustedfirmware.org > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > > > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

4 years, 7 months

1
0
0 0

Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages

by Jeremy Linton

On 5/18/21 8:59 PM, Madhukar Pappireddy via TF-A wrote: > Hi, > > I tried to summarize the discussions in the previous TF-A tech forum regarding the proposal to adopt Hand-off Blocks (HOBs) for passing information along the boot chain. I am certain I could not capture all suggestions/concerns brought up during the call. I apologize if I missed and/or misinterpreted any comments and would appreciate it if everyone could share their thoughts in response to this email thread. > > The idea is to share information to other boot phases: >> Dynamic information: Created during runtime. Shared in the form of a chain of blobs(built as a linked list of C structure objects i.e., HOB list). >> Static information: Known at compile time. Historically, shared through the use of Device Tree/ACPI tables > > Both the above requirements are common in many ecosystems and need to co-exist. > > There are broadly 3 problems to solve: > 1. Format of HOB structures: It looks like the consensus is that we could use existing mechanisms for this (BL_AUX_PARAM in TF-A or bloblist in u-boot). > 2. Identification of HOB list entries: There is a debate about whether tags would suffice or if the HOB list producer and consumer would depend on UUID/GUIDs for identifying a specific HOB structure. Another suggestion was to use a hybrid approach. Reserve a single tag ID for identifying/constructing a HOB structure that further leverages UUID based identifier. This way, the generic HOB list doesn't need to support UUIDs and can work with tags. > 3. The design contract for the static interface between two boot phases: The problem at hand is whether to pass a pointer to a HOB list or a device tree blob through the general-purpose registers for configuration hand-off between two boot phases. Some proposals that came up: > > Proposal 1: Always pass a pointer to the device tree blob through the GP register and capture the pointer to the HOB list as a property of a node that is uniquely identifiable by the downstream boot phase. This needs to define a device tree binding such that producer and consumer agree on the information passed. Using DT to pass platform info at this level is sort of crazy on an ACPI machine which won't have native DTs. Meaning there is an additional level of unnecessary indirection that needs to be converted back into a format which can be utilized by AML and other parts of the ACPI stack. Its also helpful to look at what has become of the rpi4 uefi port, where the DT is actually dynamic (or provided by the user, complete with HAT overlays) and fed into the lower level firmware and propagated up through the system. The result has frequently been subtle bugs or boot failures because the DT provided by the rpi foundation as part of their low level firwmare+kernel stack is modified by their low level firwmare, and it differs from the DT in mainline linux. So more than once we have discovered that there isn't a single DT that can be boot both the current firmware and a current mainline linux. In the past there was even an option to use one DT for the firmware and an entirely seperate one for linux, but that was removed when it bacame apparent you couldn't have the lower level firmwaer say modifying MMIO windows for the PCIe subsystem and not propogate that into the other user supplied DT. At this point the uefi firmware on the rpi will provide a DT if asked, but it doesn't parse it nor does anything in the AML. Instead everything is done directly against the hardware, even when the HW registers aren't well documented.That is in large parts because the AML requirements are a lot different than what is provided in the DT. > > Proposal 2: Pass a pointer to a generic container through the GP register that can be interpreted appropriately by both boot loaders(i.e., producer and consumer of the boot info). This container can either be a dtb or a HOB list which can be simply inferred by checking for a magic header that indicates if the buffer appears to be a flattened device tree. > > One another concern that was brought up offline is to make sure we don't break current design contracts between various boot loader phases in TF-A. Many of the general-purpose registers have a designated purpose such as to share configurations between BL images( such as firmware config dtb, SoC config dtb, Non trusted firmware config dtb, memory layout, entry point info, etc.). > > If I am not mistaken, a single design may not fit the needs of every segment(client, Infra, embedded) and the forum is open to solutions tailored for individual segments. Joanna will be sending a follow up email with more information about future TF-A tech forums that serves as a platform for further discussions. > > Thanks, > Madhukar > > -----Original Message----- > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joanna Farley via TF-A > Sent: Sunday, May 16, 2021 5:19 AM > To: Okash Khawaja <okash.khawaja(a)gmail.com>; Simon Glass <sjg(a)chromium.org> > Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; Ed Stuber <edstuber(a)amperecomputing.com>; Arjun Khare <akhare(a)amperecomputing.com>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Moe Ammar <moe(a)amperecomputing.com> > Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages > > Apologies I failed with the recording. Manish/Madhu will reply early next week with the slides and some notes to help with a follow up session which we hope to hold this Thursday. Invite and agenda will also be sent out early next week. > > Thanks > > Joanna > > On 14/05/2021, 13:30, "TF-A on behalf of Okash Khawaja via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote: > > Hi, > > Do we have slides and video from last week's discussion? > > Thanks, > Okash > > > On Wed, May 5, 2021 at 11:52 PM Simon Glass via TF-A > <tf-a(a)lists.trustedfirmware.org> wrote: > > > > Hi Harb, > > > > Thanks for the idea. I am still not completely sure what benefit UUID provides to an open project. I'd like to propose something different, more in the spirit of open collaboration. I also worry that the word 'standard' seems to be a synonym for UUIDs, UEFI, etc., i.e. enabling/preferring closed-source firmware and the continued decline of open-source projects. It really should not be. > > > > So I suggest: Use simple integer IDs and reserve some area for 'private' use. If you want to collaborate across projects outside your company, you either need to allocate a 'public' ID or agree privately between the parties which private ID to use. > > > > This means that the default and easiest option is for collaboration and a public ID, with private ones (whose purpose may be secret) reserved just for private use. > > > > Regards, > > Simon > > > > On Wed, 5 May 2021 at 11:42, Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com> wrote: > >> > >> Hey Folks, > >> > >> We wanted to put out a middle-ground proposal to help guide the discussion on the call tomorrow. > >> > >> > >> > >> A proposal that we have been discussing offline involves reserving a single tag ID for the purpose of construction UEFI PI HOB List structure, and that tag would be used to identify a HOB-specific structure that does leverage UUID based identifier. This will eliminate the burden of having to support UUID as the tag, and this enables projects that require UUID based identifiers for the broad range of HOB structures that need to be produced during the booting of the platform. Once we have a tag for a HOB list, this will enable various HOB producers that can add/extend the HOB list in TF-A code (or even pre-TF-A code), with a HOB consumer for that UUID/GUID on the other side (i.e. whatever the BL33 image is booting on that platform). > >> > >> > >> > >> Essentially, the idea is if someone would like to support HOB structures in a standard way using TF-A, they would wrap it up in a BL_AUX_PARAM/BLOB structure (whatever the group decides) and the way we identify the structure as a HOB list is with this new reserved tag. > >> > >> > >> > >> Hopefully that makes sense and less contentious. Look forward to discuss this further on the call. > >> > >> > >> > >> Thanks, > >> > >> --Harb > >> > >> > >> > >> From: Manish Pandey2 <Manish.Pandey2(a)arm.com> > >> Sent: Friday, April 30, 2021 8:14 AM > >> To: François Ozog <francois.ozog(a)linaro.org> > >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner <jwerner(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages > >> > >> > >> > >> Hi All, > >> > >> > >> > >> Please find invite for next TF-A Tech Forum session to continue our discussions on HOB implementation, feel free to forward it to others. > >> > >> > >> > >> The next TF-A Tech Forum is scheduled for Thu 6th May 2021 16:00 – 17:00 (BST). > >> > >> > >> > >> Agenda: > >> > >> Discussion Session: Static and Dynamic Information Handling in TF-A > >> > >> Lead by Manish Pandey and Madhukar Pappireddy > >> > >> · There is ongoing mailing lists discussion[1] related with adopting a mechanism to pass information through boot stages. > >> > >> The requirement is two-fold: > >> > >> 1. Passing static information(config files) > >> > >> 2. Passing dynamic information (Hob list) > >> > >> In the upcoming TF-A tech forum, we can start with a discussion on dynamic information passing and if time permits, we can cover static information passing. The purpose of the call is to have an open discussion and continue the discussion from the trusted-substrate call[2] done earlier. We would like to understand the various requirements and possible ways to implement it in TF-A in a generalized way so that it can work with other Firmware projects. > >> > >> > >> > >> The two specific item which we would like to discuss are: > >> > >> 1. HOB format: TF-A/u-boot both has an existing bloblist implementation, which uses tag values. Question, can this be enhanced to use hybrid values(Tag and UUID) both? > >> > >> 2. Standardization on Physical register use to pass base of HoB data structure. > >> > >> References: > >> > >> [1] https://lists.trustedfirmware.org/pipermail/tf-a/2021-April/001069.html > >> > >> [2] https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q% > >> > >> > >> > >> Thanks > >> > >> > >> > >> Joanna > >> > >> > >> > >> You have been invited to the following event. > >> > >> TF-A Tech Forum > >> > >> When > >> > >> Every 2 weeks from 16:00 to 17:00 on Thursday United Kingdom Time > >> > >> Calendar > >> > >> tf-a(a)lists.trustedfirmware.org > >> > >> Who > >> > >> • > >> > >> Bill Fletcher- creator > >> > >> • > >> > >> tf-a(a)lists.trustedfirmware.org > >> > >> more details » > >> > >> > >> > >> We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. > >> > >> > >> > >> Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ > >> > >> > >> > >> Trusted Firmware is inviting you to a scheduled Zoom meeting. > >> > >> > >> > >> Join Zoom Meeting > >> > >> https://zoom.us/j/9159704974 > >> > >> > >> > >> Meeting ID: 915 970 4974 > >> > >> > >> > >> One tap mobile > >> > >> +16465588656,,9159704974# US (New York) > >> > >> +16699009128,,9159704974# US (San Jose) > >> > >> > >> > >> Dial by your location > >> > >> +1 646 558 8656 US (New York) > >> > >> +1 669 900 9128 US (San Jose) > >> > >> 877 853 5247 US Toll-free > >> > >> 888 788 0099 US Toll-free > >> > >> Meeting ID: 915 970 4974 > >> > >> Find your local number: https://zoom.us/u/ad27hc6t7h > >> > >> > >> > >> ________________________________ > >> > >> From: François Ozog <francois.ozog(a)linaro.org> > >> Sent: 08 April 2021 16:50 > >> To: Manish Pandey2 <Manish.Pandey2(a)arm.com> > >> Cc: Simon Glass <sjg(a)chromium.org>; Julius Werner <jwerner(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages > >> > >> > >> > >> Hi > >> > >> > >> > >> here is the meeting recording: > >> > >> https://linaro-org.zoom.us/rec/share/zjfHeMIumkJhirLCVQYTHR6ftaqyWvF_0klgQn… Passcode: IPn+5q%z > >> > >> > >> > >> I am really sorry about the confusion related to the meeting time. I have now understood: the Collaborate portal uses a specific calendar which is tied to US/Chicago timezone while the actual Google Calendar is tied to Central Europe timezone. I am going to drop the Collaborate portal and use a shared Google calendar (it should be visible on the trusted-substrate.org page). > >> > >> > >> > >> I'll try to summarize what I learnt and highlight my view on what can be next steps in a future mail. > >> > >> > >> > >> Cheers > >> > >> > >> > >> FF > >> > >> > >> > >> On Thu, 8 Apr 2021 at 13:56, Manish Pandey2 via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > >> > >> Hi, > >> > >> > >> > >> From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms. > >> > >> > >> > >> To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed. > >> > >> > >> > >> The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations. > >> > >> > >> > >> One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.) > >> > >> > >> > >> Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values. > >> > >> > >> > >> Looking forward to having further discussions on zoom call today. > >> > >> > >> > >> Thanks > >> > >> Manish P > >> > >> > >> > >> ________________________________ > >> > >> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Julius Werner via TF-A <tf-a(a)lists.trustedfirmware.org> > >> Sent: 25 March 2021 02:43 > >> To: Simon Glass <sjg(a)chromium.org> > >> Cc: Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; U-Boot Mailing List <u-boot(a)lists.denx.de>; Paul Isaac's <paul.isaacs(a)linaro.org>; Ron Minnich <rminnich(a)google.com> > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages > >> > >> > >> > >> Just want to point out that TF-A currently already supports a (very simple) mechanism like this: > >> > >> > >> > >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > >> > >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > >> > >> https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/… > >> > >> > >> > >> It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31. > >> > >> > >> > >> I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once. > >> > >> > >> > >> On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > >> > >> Hi Harb, > >> > >> > >> > >> On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com> wrote: > >> > >> Hello Folks, > >> > >> Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. > >> > >> > >> > >> I try to address the comments/feedback from Francois and Simon below…. > >> > >> > >> > >> @François Ozog – happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT. > >> > >> > >> > >> Note that I’m using the term “HOB” here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases. > >> > >> > >> > >> The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoC’s that support *any* BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity – e.g. an ODM/OEM). > >> > >> > >> > >> Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model: > >> > >> “SoC” or “silicon” firmware – in TF-A this may map to BL1, BL2, BL31, and *possibly* one or more BL32 instances > >> “Platform” or “board” firmware – in TF-A this may map to BL33 and *possibly* one or more BL32 instances. > >> > >> > >> > >> Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code. > >> > >> > >> > >> To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software. > >> > >> > >> > >> I understand the versatility of DT, but I see two major problems with DT: > >> > >> DT requires more complicated parsing to get properties, and even more complex to dynamically set properties – this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained. > >> DT is probably overkill for this purpose – We really just want a list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob) > >> > >> > >> > >> I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs). > >> > >> > >> > >> Frankly, I would personally push back pretty hard on defining SMC’s for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls. > >> > >> > >> > >> Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call. > >> > >> > >> > >> @Simon Glass - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a good baseline for what we may be looking for. > >> > >> > >> > >> That being said, I would say that there is some benefit in having some kind of unique identifiers (e.g. UUID or some unique signature) so that we can tie standardized data structures (based on some future TBD specs) to a particular ID. For example, if the TPM driver in BL33 is looking for the TPM structure in the HOB/BOB list, and may not care about the other data blobs. The driver needs a way to identify and locate the blob it cares about. > >> > >> > >> > >> The tag is intended to serve that purpose, although perhaps it should switch from an auto-allocating enum to one with explicit values for each entry and a range for 'local' use. > >> > >> > >> > >> I guess we can achieve this with the tag, but the problem with tag when you have eco-system with a lot of parties doing parallel development, you can end up with tag collisions and folks fighting about who has rights to what tag values. We would need some official process for folks to register tags for whatever new structures we define, or maybe some tag range for vendor specific structures. This comes with a lot of pain and bureaucracy. On the other hand, UUID has been a proven way to make it easy to just define your own blobs with *either* standard or vendor specific structures without worry of ID collisions between vendors. > >> > >> > >> > >> True. I think the pain is overstated, though. In this case I think we actually want something that can be shared between projects and orgs, so some amount of coordination could be considered a benefit. It could just be a github pull request. I find the UUID unfriendly and not just to code size and eyesight! Trying to discover what GUIDs mean or are valid is quite tricky. E.g. see this code: > >> > >> > >> > >> #define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ > >> EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ > >> 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) > >> > >> (etc.) > >> > >> > >> > >> static struct guid_name { > >> efi_guid_t guid; > >> const char *name; > >> } guid_name[] = { > >> { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, > >> { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, > >> { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, > >> { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, > >> { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, > >> { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, > >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, > >> { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, > >> > >> (never figured out what those two are) > >> > >> > >> { FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, > >> { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, > >> { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, > >> { {}, "zero-guid" }, > >> {} > >> }; > >> > >> static const char *guid_to_name(const efi_guid_t *guid) > >> { > >> struct guid_name *entry; > >> > >> for (entry = guid_name; entry->name; entry++) { > >> if (!guidcmp(guid, &entry->guid)) > >> return entry->name; > >> } > >> > >> return NULL; > >> } > >> > >> > >> > >> Believe it or not it took a fair bit of effort to find just that small list, with nearly every one in a separate doc, from memory. > >> > >> > >> > >> > >> > >> We can probably debate whether there is any value in GUID/UUID or not during the call… but again, boblist seems like a reasonable starting point as an alternative to HOB. > >> > >> > >> > >> Indeed. There is certainly value in both approaches. > >> > >> > >> > >> Regards, > >> > >> Simon > >> > >> > >> > >> > >> > >> Thanks, > >> > >> --Harb > >> > >> > >> > >> From: François Ozog <francois.ozog(a)linaro.org> > >> Sent: Tuesday, March 23, 2021 10:00 AM > >> To: François Ozog <francois.ozog(a)linaro.org>; Ron Minnich <rminnich(a)google.com>; Paul Isaac's <paul.isaacs(a)linaro.org> > >> Cc: Simon Glass <sjg(a)chromium.org>; Harb Abdulhamid OS <abdulhamid(a)os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org>; tf-a(a)lists.trustedfirmware.org > >> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages > >> > >> > >> > >> +Ron Minnich +Paul Isaac's > >> > >> > >> > >> Adding Ron and Paul because I think this interface should be also benefiting LinuxBoot efforts. > >> > >> > >> > >> On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > >> > >> Hi, > >> > >> > >> > >> I propose we cover the topic at the next Trusted Substrate zoom call on April 8th 4pm CET. > >> > >> > >> > >> The agenda: > >> > >> ABI between non-secure firmware and the rest of firmware (EL3, S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions. > >> > >> runtime conditions here relates to DRAM size and topology detection, secure DRAM memory carvings, PSCI and SCMI interface publishing. > >> > >> > >> > >> For additional background on existing metadata: UEFI Platform Initialization Specification Version 1.7, 5.5 Resource Descriptor HOB > >> > >> Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY. > >> > >> This HOB lacks memory NUMA attachment or something that could be related to fill SRAT table for ACPI or relevant DT proximity domains. > >> > >> HOB is not consistent accros platforms: some platforms (Arm) lists memory from the booting NUMA node, other platforms (x86) lists all memory from all NUMA nodes. (At least this is the case on the two platforms I tested). > >> > >> > >> > >> There are two proposals to use memory structures from SPL/BLx up to the handover function (as defined in the Device Tree technical report) which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or EDK2. > >> > >> I would propose we also discuss possibility of FF-A interface to actually query information or request actions to be done (this is a model actually used in some SoCs with proprietary SMC calls). > >> > >> > >> > >> Requirements (to be validated): > >> > >> - ACPI and DT hardware descriptions. > >> > >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2) > >> > >> - agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2, TF-A/LinuxBoot) > >> > >> - at least allows complete DRAM description and "persistent" usage (reserved areas for secure world or other usages) > >> > >> - support secure world device assignment > >> > >> > >> > >> Cheers > >> > >> > >> > >> FF > >> > >> > >> > >> > >> > >> On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg(a)chromium.org> wrote: > >> > >> Hi, > >> > >> Can I suggest using bloblist for this instead? It is lightweight, > >> easier to parse, doesn't have GUIDs and is already used within U-Boot > >> for passing info between SPL/U-Boot, etc. > >> > >> Docs here: https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist > >> Header file describes the format: > >> https://github.com/u-boot/u-boot/blob/master/include/bloblist.h > >> > >> Full set of unit tests: > >> https://github.com/u-boot/u-boot/blob/master/test/bloblist.c > >> > >> Regards, > >> Simon > >> > >> On Mon, 22 Mar 2021 at 23:58, François Ozog <francois.ozog(a)linaro.org> wrote: > >> > > >> > +Boot Architecture Mailman List <boot-architecture(a)lists.linaro.org> > >> > > >> > standardization is very much welcomed here and need to accommodate a very > >> > diverse set of situations. > >> > For example, TEE OS may need to pass memory reservations to BL33 or > >> > "capture" a device for the secure world. > >> > > >> > I have observed a number of architectures: > >> > 1) pass information from BLx to BLy in the form of a specific object > >> > 2) BLx called by BLy by a platform specific SMC to get information > >> > 3) BLx called by BLy by a platform specific SMC to perform Device Tree > >> > fixups > >> > > >> > I also imagined a standardized "broadcast" FF-A call so that any firmware > >> > element can either provide information or "do something". > >> > > >> > My understanding of your proposal is about standardizing on architecture 1) > >> > with the HOB format. > >> > > >> > The advantage of the HOB is simplicity but it may be difficult to implement > >> > schemes such as pruning a DT because device assignment in the secure world. > >> > > >> > In any case, it looks feasible to have TF-A and OP-TEE complement the list > >> > of HOBs to pass information downstream (the bootflow). > >> > > >> > It would be good to start with building the comprehensive list of > >> > information that need to be conveyed between firmware elements: > >> > > >> > information. | authoritative entity | reporting entity | information > >> > exchanged: > >> > dram | TFA | TFA | > >> > <format to be detailed, NUMA topology to build the SRAT table or DT > >> > equivalent?> > >> > PSCI | SCP | TFA? | > >> > SCMI | SCP or TEE-OS | TFA? TEE-OS?| > >> > secure SRAM | TFA. | TFA. | > >> > secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | > >> > other? | | > >> > | > >> > > >> > Cheers > >> > > >> > FF > >> > > >> > > >> > On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < > >> > tf-a(a)lists.trustedfirmware.org> wrote: > >> > > >> > > Hello Folks, > >> > > > >> > > > >> > > > >> > > I'm emailing to start an open discussion about the adoption of a concept > >> > > known as "hand-off blocks" or HOB to become a part of the TF-A Firmware > >> > > Framework Architecture (FFA). This is something that is a pretty major > >> > > pain point when it comes to the adoption of TF-A in ARM Server SoC’s > >> > > designed to enable a broad range of highly configurable datacenter > >> > > platforms. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > What is a HOB (Background)? > >> > > > >> > > --------------------------- > >> > > > >> > > UEFI PI spec describes a particular definition for how HOB may be used for > >> > > transitioning between the PEI and DXE boot phases, which is a good > >> > > reference point for this discussion, but not necessarily the exact solution > >> > > appropriate for TF-A. > >> > > > >> > > > >> > > > >> > > A HOB is simply a dynamically generated data structure passed in between > >> > > two boot phases. This is information that was obtained through discovery > >> > > and needs to be passed forward to the next boot phase *once*, with no API > >> > > needed to call back (e.g. no call back into previous firmware phase is > >> > > needed to fetch this information at run-time - it is simply passed one time > >> > > during boot). > >> > > > >> > > > >> > > > >> > > There may be one or more HOBs passed in between boot phases. If there are > >> > > more than one HOB that needs to be passed, this can be in a form of a "HOB > >> > > table", which (for example) could be a UUID indexed array of pointers to > >> > > HOB structures, used to locate a HOB of interest (based on UUID). In such > >> > > cases, instead of passing a single HOB, the boot phases may rely on passing > >> > > the pointer to the HOB table. > >> > > > >> > > > >> > > > >> > > This has been extremely useful concept to employ on highly configurable > >> > > systems that must rely on flexible discovery mechanisms to initialize and > >> > > boot the system. This is especially helpful when you have multiple > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > Why do we need HOBs in TF-A?: > >> > > > >> > > ----------------------------- > >> > > > >> > > It is desirable that EL3 firmware (e.g. TF-A) built for ARM Server SoC in > >> > > a way that is SoC specific *but* platform agnostic. This means that a > >> > > single ARM SoC that a SiP may deliver to customers may provide a single > >> > > TF-A binary (e.g. BL1, BL2, BL31) that could be used to support a broad > >> > > range of platform designs and configurations in order to boot a platform > >> > > specific firmware (e.g. BL33 and possibly even BL32 code). In order to > >> > > achieve this, the platform configuration must be *discovered* instead of > >> > > statically compiled as it is today in TF-A via device tree based > >> > > enumeration. The mechanisms of discovery may differ broadly depending on > >> > > the relevant industry standard, or in some cases may have rely on SiP > >> > > specific discovery flows. > >> > > > >> > > > >> > > > >> > > For example: On server systems that support a broad range DIMM memory > >> > > population/topologies, all the necessary information required to boot is > >> > > fully discovered via standard JEDEC Serial Presence Detect (SPD) over an > >> > > I2C bus. Leveraging the SPD bus, may platform variants could be supported > >> > > with a single TF-A binary. Not only is this information required to > >> > > initialize memory in early boot phases (e.g. BL2), the subsequent boot > >> > > phases will also need this SPD info to construct a system physical address > >> > > map and properly initialize the MMU based on the memory present, and where > >> > > the memory may be present. Subsequent boot phases (e.g. BL33 / UEFI) may > >> > > need to generate standard firmware tables to the operating systems, such as > >> > > SMBIOS tables describing DIMM topology and various ACPI tables (e.g. SLIT, > >> > > SRAT, even NFIT if NVDIMM's are present). > >> > > > >> > > > >> > > > >> > > In short, it all starts with a standardized or vendor specific discovery > >> > > flow in an early boot stage (e.g. BL1/BL2), followed by the passing of > >> > > information to the next boot stages (e.g. BL31/BL32/BL33). > >> > > > >> > > > >> > > > >> > > Today, every HOB may be a vendor specific structure, but in the future > >> > > there may be benefit of defining standard HOBs. This may be useful for > >> > > memory discovery, passing the system physical address map, enabling TPM > >> > > measured boot, and potentially many other common HOB use-cases. > >> > > > >> > > > >> > > > >> > > It would be extremely beneficial to the datacenter market segment if the > >> > > TF-A community would adopt this concept of information passing between all > >> > > boot phases as opposed to rely solely on device tree enumeration. This is > >> > > not intended to replace device tree, rather intended as an alternative way > >> > > to describe the info that must be discovered and dynamically generated. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > Conclusion: > >> > > > >> > > ----------- > >> > > > >> > > We are proposing that the TF-A community begin pursuing the adoption of > >> > > HOBs as a mechanism used for information exchange between each boot stage > >> > > (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer term we > >> > > want to explore standardizing some HOB structures for the BL33 phase (e.g. > >> > > UEFI HOB structures), but initially would like to agree on this being a > >> > > useful mechanism used to pass information between each boot stage. > >> > > > >> > > > >> > > > >> > > Thanks, > >> > > > >> > > --Harb > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > -- > >> > > TF-A mailing list > >> > > TF-A(a)lists.trustedfirmware.org > >> > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > > > >> > > >> > > >> > -- > >> > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* > >> > T: +33.67221.6485 > >> > francois.ozog(a)linaro.org | Skype: ffozog > >> > _______________________________________________ > >> > boot-architecture mailing list > >> > boot-architecture(a)lists.linaro.org > >> > https://lists.linaro.org/mailman/listinfo/boot-architecture > >> > >> > >> > >> > >> -- > >> > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group > >> > >> T: +33.67221.6485 > >> francois.ozog(a)linaro.org | Skype: ffozog > >> > >> > >> > >> -- > >> TF-A mailing list > >> TF-A(a)lists.trustedfirmware.org > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > >> > >> > >> > >> -- > >> > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group > >> > >> T: +33.67221.6485 > >> francois.ozog(a)linaro.org | Skype: ffozog > >> > >> > >> > >> -- > >> TF-A mailing list > >> TF-A(a)lists.trustedfirmware.org > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > >> -- > >> TF-A mailing list > >> TF-A(a)lists.trustedfirmware.org > >> https://lists.trustedfirmware.org/mailman/listinfo/tf-a > >> > >> > >> > >> > >> -- > >> > >> François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group > >> > >> T: +33.67221.6485 > >> francois.ozog(a)linaro.org | Skype: ffozog > >> > >> > > > > -- > > TF-A mailing list > > TF-A(a)lists.trustedfirmware.org > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a >

4 years, 7 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

boot-architecture