Hi
back in April we had a workshop on firmware sustainability. Since then a
number of discussions related concerns on closed source components in TF-A
and U-Boot communities. We are also approaching a technical maturity level
on SystemReady that it looks timely to revisit this aspect.
Would it be a good move to adopt the Open System Firmware check list
<https://www.opencompute.org/wiki/Open_System_Firmware/Checklist> as part
of SystemReady?
*NOTE1: believe SystemReady is at right level as it addresses compliance
of platforms. EBBR is a technical recipe to make it work for a particular
environment (like SBBR) and so not the best place to deal with
redistribution license of binary blobs and other platform owernship
aspects.*
*NOTE2/ Adoption could come in different forms: referring to it, crafting a
similar one for SystemReady scope, any other smart ways of doing it.*
Cheers
FF
--
François-Frédéric Ozog | *Director Business Development*
T: +33.67221.6485
francois.ozog(a)linaro.org | Skype: ffozog
Hi Tom
Le lun. 25 oct. 2021 à 18:59, Tom Rini <trini(a)konsulko.com> a écrit :
> On Mon, Oct 25, 2021 at 05:41:44PM +0100, Daniel Thompson wrote:
> > On Mon, Oct 25, 2021 at 03:59:49PM +0200, Heinrich Schuchardt wrote:
> > > On 10/25/21 15:32, Daniel Thompson wrote:
> > > > On Mon, Oct 25, 2021 at 01:51:34PM +0200, Heinrich Schuchardt wrote:
> > > > > On 10/25/21 12:43, François Ozog wrote:
> > > > > > Hi
> > > > > >
> > > > > > back in April we had a workshop on firmware sustainability.
> Since then a
> > > > > > number of discussions related concerns on closed source
> components in TF-A
> > > > > > and U-Boot communities. We are also approaching a technical
> maturity level
> > > > >
> > > > > U-Boot is licenced under GPL. You must not include any code which
> is not
> > > > > licensed under GPL or a compatible license (cf.
> > > > > https://www.gnu.org/licenses/license-list.html) into U-Boot. This
> > > > > disqualifies any closed source component but also open source
> which is not
> > > > > GPL compatible like OpenSSL.
> > > > >
> > > > > The BSD-3 license of TF-A is compatible with GPL.
> > > > >
> > > > > For closed source TF-A components distributed with U-Boot the
> following GPL
> > > > > exception *MIGHT* apply in some cases:
> > > > >
> > > > > "However, as a special exception, the source code distributed need
> not
> > > > > include anything that is normally distributed (in either source or
> binary
> > > > > form) with the major components (compiler, kernel, and so on) of
> the
> > > > > operating system on which the executable runs, unless that
> component itself
> > > > > accompanies the executable."
> > > >
> > > > The GNU GPLv2 "mere aggregation" language must also be mentioned when
> > > > looking at the license effects here.
> > > >
> > > > If TF-A and u-boot were merely aggregated together on the same
> storage
> > > > media then the license of one would not influence the licensing of
> > > > the other.
> > > >
> > > > I am doubtful that one component being responsible for copying the
> other
> > > > into memory would change this.
> > >
> > > Think of U-Boot's UEFI variables managed by an OP-TEE module
> (Standalone
> > > MM), or U-Boot (or Linux) invoking PSCI. These are not cases of mere
> > > aggregation but come close to the operating system case. But TF-A is
> not an
> > > operating system.
> >
> > This is very much an example of "each case turns on its own facts".
> >
> > PSCI is a generic protocol. It is based on traps. Its primary purpose is
> > to decouple components that run at different trust levels. TF-A is not
> > the only implementation. U-boot is not the only client.
> >
> > Such facts make it unlikely that TF-A would become a derived work of
> > u-boot simply because u-boot gets PSCI services from TF-A.
> >
> > To be clear I agree there are definitely circumstances that could lead
> > an OP-TEE TA, OP-TEE itself or TF-A being combined with u-boot (rather
> > than aggregated alongside). A OP-TEE TA to assist with variable storage
> > could certainly reach this level, especially if it's interfaces were
> > specifically designed to match the u-boot driver model (although this
> > still may not impact TF-A).
>
> So, this might be an unpopular opinion here, but perhaps the Canonical
> or Linaro lawyers could chime in with some non-binding thoughts?
> Engineers arguing about the law tends to not be productive.
i agree. From my standpoint, there are products on the market that assemble
firmware components such as TF-A , U-Boot and OP-TEE in various ways : so
lawyers have done their job and it is possible.
My question is: can we further characterize the distributed firmware with
regards to parameters described in the checklist?
If there are binary components in the mix, how much a platform owner (in
the checklist sense) can rebuild the open source portion, include the
binaries and redistribute the result?
>
>
> --
> Tom
>
--
François-Frédéric Ozog | *Director Business Development*
T: +33.67221.6485
francois.ozog(a)linaro.org | Skype: ffozog
All,
We have our DT evo call today one hour earlier than normal.
2 PM UTC / 3PM UK / 10 AM US East (NY)
(in 48 min as I write this.)
Today we will talk about DTB life cycle in firmware at run time.
We might get an update from Simon of DTB signatures.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Yep I see your info. Thanks for the bug report :)
-- Bill
On 10/5/21 12:02 PM, Simon Glass wrote:
> OK that worked, I think.
>
> - Simon
>
> On Mon, 4 Oct 2021 at 19:19, Bill Mills <bill.mills(a)linaro.org> wrote:
>>
>> Sorry wrong link.
>> Please try this one:
>> https://doodle.com/meeting/participate/id/mepQEZNa
>>
>> On 10/4/21 6:19 PM, Bill Mills wrote:
>>> All,
>>>
>>> If you normally attend the Devicetree evolution call,
>>> Please fill out this poll:
>>> https://doodle.com/meeting/organize/id/mepQEZNa
>>>
>>> Thanks,
>>> Bill
>>>
>>> --
>>> Bill Mills
>>> Principal Technical Consultant, Linaro
>>> +1-240-643-0836
>>> TZ: US Eastern
>>> Work Schedule: Tues/Wed/Thur
>>
>> --
>> Bill Mills
>> Principal Technical Consultant, Linaro
>> +1-240-643-0836
>> TZ: US Eastern
>> Work Schedule: Tues/Wed/Thur
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
All,
If you normally attend the Devicetree evolution call,
Please fill out this poll:
https://doodle.com/meeting/organize/id/mepQEZNa
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
All,
I have recordings and automated transcripts of all the meetings in 2021.
So far I have not made these public.
*** Is there any objection to making them public? ***
I don't imagine many people will go back and look but it is sometimes
nice to know that you could.
Please let me know if you have any concern. I will take no action until
next week.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
All,
Today we discussed Simon's slides [1] about DTB signatures.
Simmons points (as I understand them)
* U-boot has used signatures in FIT format for years
* The technique used for FIT is actually generic to any DTB
* Such a signed DTB could still be passed to kernel
* even an old one like 4.4
* Suggest we adopt this for signing individual DTBs
Discussion:
* General interest in idea, no strong objections
* multiple people want to see the worked example to know for sure
* Which nodes do we want to sign?
* Should we sign in a way that allows the kernel to recheck
the signature?
* would require we exclude from hashing anything that will get fixed
up by u-boot at run time, such as mac addrs and chosen
* If u-boot applies any non-trivial DTBO's, the kernel won't be able
to check the result, is it worth the effort for the simple case?
* If we really want the kernel to verify, we should pass on a set of
dtbs: a base and set of overlays, one overlay would be the fixup
data. kernel could check each dtb and then verify that fixup data
only touches the stuff that it should
* Joakim worked with a student to do things very similar to what Simon
is talking about. see [2]
Other comments:
* verifying 10 rsa signatures on 10 hashes is more expensive than
verifying 1 rsa signature of 10 strong hashes. (RSA signatures on the
actual data itself would be VERY expensive.)
* We should be careful about boot time in all these discussions.
* If all the DTB data is internal to u-boot, just use FIT and have
one signature for all the various hashes.
* Is it OK to use the "exploded" rsa public key data in all cases?
* Is the exploded for faster or just less code?
* Can we supply the plan/std pub key AND the exploded version?
* implementations that care about speed and code size can use the
exploded ver, while things that need to standard key structure
can use that. We would need a offline tool to verify both.
* UEFI secure boot will have public keys installed.
Can we explode the key on install for internal storage?
Actions:
* Simon to work up an example of signing just one dtb
We also introduced the topics of DT lifecycle at firmware level:
A) Source level lifecycle, keeping things in sync
A1) Golden source repo
A2: Golden source for platforms that opt-in
A3) auto checker but manual fixup
A4) remove DT from sub projects and rely on B2 model
Pretty sure this is a NOPE!
A5) do nothing and trust platforms maintainers to do the right
thing (despite evidence that many are not currently).
B) runtime life-cycle
B1) each component has its own DTB
B2) DTB is only present in "first" firmware and is
passed along from there
B3) mixture of B1 & B2 at different firmware stages
Actions:
* Bill to make slides so we can discuss properly on Oct 18.
[1]
https://drive.google.com/file/d/1PA5aQ2rISOrdNbqElfIWXaSrCG28Rqx4/view?usp=…
[2]
https://github.com/marianomarciello/Device_Tree_Verification/tree/e0b2fc989…
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Hello,
We have our DT evo call in just a bit.
Today I would like to talk about DT lifecycle and flow "with in" firmware.
Up till this point we have focused on firmware to "OS layer" hand off.
That topic is not done but I think we need to start exploring the flow
within firmware as people seem to have very different views.
We need to figure out what models are valid (2 seems plenty) and how we
can talk about them.
I don't have slides today but we can start the discussion.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Hi,
Following the EFI capsule revert, here* is a contribution to
understand the context in which we designed the patch set. (everyone
is a commenter, please be mindful).
The presentation explores booting, with more details for the Arm
context, pre and post U-Boot. On Arm, pre-U-Boot is shaped after
Firmware Framework-A and other interfaces. There is a similar approach
in RISC-V with OpenSBI.
There is nothing to agree on: many elements of the presentation are
specifications for the Arm ecosystem. The purpose is to reach common
understanding of those for rest of the journey.
Careful reading is required because as we all know very well the
topic, we may skip over stuff and miss key elements that may have
changed since you last checked. So I'll attract your attention on:
Slide 9: there can be multiple device trees in a Trusted Firmware FIP
(nothing to agree on...)
Slide 11: roles and responsibilities of firmware go far beyond booting
and OTA. CoreBoot and SPL will have to take those into account in the
future.
Slide 17: there is a new boot flow based on "give-me-my-initrd" UEFI protocol
Slide 24: when the firmware is stored on Secure Storage which is a
common case for products, U-Boot/Linux have absolutely no means to
perform the update (see notes for details).
Slide 28: there are plenty of keys needed, the U-Boot and U-Boot
updater can be different; as well as all firmware components.
I acknowledge that the presentation is hard to read without enough
speaker notes or myself talking to it. Let's say that I prefer to keep
the ball rolling before we can actually program a call: could you send
me in private message your preferred day of the week and best time
(with TZ) for such a thing?
Cordially,
--
François-Frédéric Ozog
*) https://docs.google.com/presentation/d/1AHTf9xMNqPXbiDLkBpoKt45UTjV8s34Jdtm…
Hi Paul
Too posting because I think we also need to address this at a higher level.
i think we discussed this topic quite a while back. I may be wrong but it
may be Bill Mills who proposed to have an eeprom on the extensions that the
carrier board can use to detect and fetch proper overlay. Another way would
be that the contract between the extension board and the carrier board
includes an i2c accessible storage to fetch an overlay that would identify
the board and give all details. Bottom line, a software only solution seems
not entirely satisfying.
In that suboptimal case, U-Boot shall be able to assemble a DT for itself
and another for OS (may be same in some cases) through scripting. And in
this case, come your questions below
.
Le sam. 18 sept. 2021 à 01:21, Ying-Chun Liu (PaulLiu) <paulliu(a)debian.org>
a écrit :
> Hi all,
>
>
> I have some questions about how to implement extension board usage.
> My case is on imx8mm-cl-iot-gate. It can add three different types of
> extension boards.
> One of the extension boards is SPI extension which have 3 empty slots.
> And you can add
> some small boards onto it. One of them is a "TPM2" module.
>
>
> My first question is if I want to use tpm2 in U-boot for measured boot.
> How to implement this right? Currently I just modify the dts used by
> U-boot to let it drive
> the extension board. And let it drive the TPM. But it is not good for
> upstreaming because
> when other types of extension boards installed then it is not working.
> Where to implement this? What is the best practice of this?
> The second question is about extension manager.
> I have read the extension.rst. I think I'll implement this anyway
> because then
> I can have a command to query what type of extension boards I have.
> And if the extension board is the 3 slots one. I can then detect which
> slot is the TPM.
> I'll implement this anyway because the "extension" command is convenient
> for users.
> But it seems to me that it only solves the problem for Linux kernel.
> It can apply a DTB Overlay to Linux DTB to let Linux knows we have that
> extension board.
> But it is too late for U-boot itself, right?
>
>
> The third question is I'm also dong SystemReady IR certificate. That means
> the dtb for Linux is directly provided by U-boot. We use U-boot dtb
> directly to Linux
> kernel. In this case, how to modify that dts dynamically to feed to the
> Linux kernel by
> the extension manager?
> What is the best practice if I want to use U-boot dts for Linux in
> implementation?
>
>
> Thanks a lot.
>
>
> Yours,
> Paul
>
>
> --
François-Frédéric Ozog | *Director Business Development*
T: +33.67221.6485
francois.ozog(a)linaro.org | Skype: ffozog
