I've made the following changes to EBBR to prepare for the v1.0 release.
Most of these are editorial. The biggest change is the SetVariable()
language which has already been discussed.
Cheers,
g.
Hi Grant!
[ Re-adding the CC to the list, I guess you dropped that by mistake ]
On Thu, Feb 28, 2019 at 05:22:10PM +0000, Grant Likely wrote:
>On 28/02/2019 17:12, Steve McIntyre wrote:
>>
>> I'm now looking at updating our logic on armhf/arm64 to do something
>> like:
>>
>> if (booted via UEFI); then
>> if (booted using U-Boot); then
>> echo MBR
>> else
>> echo GPT
>> fi
>> else
>> echo MBR
>> fi
>>
>> but I'll need to find a sane way to detect U-Boot->UEFI boot. For now
>> I'm looking at parsing dmesg output to look for something like
>>
>> [ 0.000000] efi: EFI v2.70 by Das U-Boot
>>
>> but I'm hoping for a better solution. This is also somewhat assuming
>> that detecting U-Boot in the boot chain is a valid indicator for
>> "unsafe location for firmware", but I'm not sure of a better way!
>
>I really want to avoid installers checking for specific firmware
>implementations. The interface is UEFI regardless of U-Boot or tianocore
>as the implementation.
>
>It also isn't actually about U-Boot. It's a limitation of the boot
>masked ROM in the SoC that do not respect partitioning schemes. In these
>cases both Tianocore and U-Boot have the same problem, and
>repartitioning the device will blow away the bootloader.
ACK - I've acknowledged that above. I've personally seen very few
devices with Tianocore firmware at arbitrary locations, but lots with
U-Boot. That seems to be the pattern. Do you have any common
examples for Tianocore?
>Perhaps there should be a property in the DT that lists the reserved
>blocks on the SD or eMMC device.
Maybe, but that bird has already flown surely? I'm talking about
existing devices that vendors are not updating.
>Or, maybe, we can define an information block that has an
>identifiable header+checksum which can tell the OS which blocks are
>occupied by firmware. If it exists somewhere within the first few
>blocks then the partitioning tool could scan for it before
>repartitioning. It could also be embedded into the firmware image
>that gets dd'ed onto the media.
Maybe we can scan the first few sectors of a disk to see if it has any
other recognisable strings, then. I'm trying to work out a safe(!) yet
also reasonably easy way for partitioning to work. Our existing code
isn't working, and we are already over-writing firmware stored in dumb
places. :-(
Cheers,
--
Steve McIntyre steve.mcintyre(a)linaro.org
<http://www.linaro.org/> Linaro.org | Open source software for ARM SoCs
I accidentally deleted the old series of EBBR meetings. However, that's
okay since other meetings have moved around and it is time to review the
meeting time anyway.
I think we should switch to bi-weekly meetings alternating with the
LEDGE SC meeting. Here is a doodle poll for a new meeting time:
https://doodle.com/poll/359273ngta74rqut
I'll set up a new meeting series about this time next week. Please let
me know what times work for you.
Thanks,
g.
Hi folks,
I've just been having a discussion with folks about installing Debian
on an arm64 device. Another developer is booting via U-Boot with UEFI
and things are working OK, except...
The intructions for their board [0] include writing things raw to both
sector 0 and sector 1 of an SD card, meaning that both MBR and GPT
partitioning schemes are likely to break. Ugh. :-/
So, I have two (related) worries:
1. At the moment in Debian, our installer will default to using GPT
for arm64 machines (where disks are not already formatted). That
was fine when we were expecting server systems booting using edk2,
but it looks like that's now a dangerous assumption, as more and
more U-Boot devices are out there which will be wanting to load
firmware from low-numbered LBAs.
2. I'm just in the middle of adding EFI armhf installer support, and
that is also (currently) defaulting to GPT if you've booted via
EFI. This is fine for VMs booted using a 32-bit Arm build of edk2,
but also it's starting to look like a bad option for real boards
booting using U-Boot's EFI support (for similar reasons).
The "Firmware Storage" section of EBBR v0.6 touches on this and
describes how to store firmware in a safer manner, but obviously
(some/many) vendors are not following the spec thus far. What are
other folks doing in this area? How do you recognise which devices
it's safe to use GPT on, for example?
I'm now looking at updating our logic on armhf/arm64 to do something
like:
if (booted via UEFI); then
if (booted using U-Boot); then
echo MBR
else
echo GPT
fi
else
echo MBR
fi
but I'll need to find a sane way to detect U-Boot->UEFI boot. For now
I'm looking at parsing dmesg output to look for something like
[ 0.000000] efi: EFI v2.70 by Das U-Boot
but I'm hoping for a better solution. This is also somewhat assuming
that detecting U-Boot in the boot chain is a valid indicator for
"unsafe location for firmware", but I'm not sure of a better way!
[0] http://share.loverpi.com/board/libre-computer-project/libre-computer-board-…
Cheers,
--
Steve McIntyre steve.mcintyre(a)linaro.org
<http://www.linaro.org/> Linaro.org | Open source software for ARM SoCs
+boot-architecture list
On Tue, Feb 19, 2019 at 07:52:47PM +0800, liaoweixiong wrote:
> Create DT binding document for blkoops.
>
> Signed-off-by: liaoweixiong <liaoweixiong(a)allwinnertech.com>
> ---
> .../devicetree/bindings/pstore/blkoops.txt | 53 ++++++++++++++++++++++
> MAINTAINERS | 1 +
> 2 files changed, 54 insertions(+)
> create mode 100644 Documentation/devicetree/bindings/pstore/blkoops.txt
>
> diff --git a/Documentation/devicetree/bindings/pstore/blkoops.txt b/Documentation/devicetree/bindings/pstore/blkoops.txt
> new file mode 100644
> index 0000000..5462915
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/pstore/blkoops.txt
> @@ -0,0 +1,53 @@
> +Blkoops oops logger
> +===================
> +
> +Blkoops provides a block partition for oops, excluding panics now, so they can
> +be recovered after a reboot.
> +
> +Any space of block device will be used for a circular buffer of oops records.
> +These records have a configurable size, with a size of 0 indicating that they
> +should be disabled.
> +
> +At least one of "block-device" and "total_size" must be set.
> +
> +At least one of "dmesg-size" or "pmsg-size" must be set non-zero.
> +
> +Required properties:
> +
> +- compatible: must be "blkoops".
> +
> +Optional properties:
> +
> +- block-device: The block device to use. Most of the time, it is a partition of
> + device. If block-device is NULL, no block device is effective
> + and the data will be lost after rebooting.
> + It accept the following variants:
> + 1) <hex_major><hex_minor> device number in hexadecimal
> + represents itself no leading 0x, for example b302.
> + 2) /dev/<disk_name> represents the device number of disk
> + 3) /dev/<disk_name><decimal> represents the device number of
> + partition - device number of disk plus the partition number
> + 4) /dev/<disk_name>p<decimal> - same as the above, that form is
> + used when disk name of partitioned disk ends on a digit.
> + 5) PARTUUID=00112233-4455-6677-8899-AABBCCDDEEFF representing
> + the unique id of a partition if the partition table provides
> + it. The UUID may be either an EFI/GPT UUID, or refer to an
> + MSDOS partition using the format SSSSSSSS-PP, where SSSSSSSS
> + is a zero-filled hex representation of the 32-bit
> + "NT disk signature", and PP is a zero-filled hex
> + representation of the 1-based partition number.
> + 6) PARTUUID=<UUID>/PARTNROFF=<int> to select a partition in
> + relation to a partition with a known unique id.
> + 7) <major>:<minor> major and minor number of the device
> + separated by a colon.
No.
I didn't suggest to go look at PARTUUID to copy it into the binding, but
rather to point out that the kernel can already mount by UUID.
Specifying the UUID in DT is also not what I suggested. My suggestion is
to define a known UUID so that the kernel (and bootloaders, userspace,
the world) can just know the UUID. Just like the EFI system partition.
Now this means you have to get it defined in the UEFI specification
(or maybe EBBR[1]). If you want help with how to do that, the
boot-architecture list is a good place to start.
major/minor numbers are a Linux thing, so they don't go in DT.
/dev/* is Linux thing, so it doesn't go in DT.
You can always define all these parameters as kernel command line
options and avoid DT. That would also make this work on *all* systems,
not just DT based systems. (Though I still believe that the partition
should be discoverable.)
Rob
[1] https://github.com/ARM-software/ebbr
Instead of masking out GetVariable() when SetVariable() isn't available
during runtime services, simplify the requirements without losing the
ability to read variables by using the RuntimeServicesSupported variable
from UEFI v2.8.1 (unreleased); Mantis issue 1961.
Peter Jones's earlier patch also specified a Capsule-on-Disk format for
updating variables that the OS could store in the ESP. I've not included
that specification in this patch as it is logically a separate feature.
It may reappear in a separate patch at a later date, or it may get
proposed for inclusion in the UEFI spec proper.
Signed-off-by: Grant Likely <grant.likely(a)arm.com>
Cc: Peter Jones <pjones(a)redhat.com>
---
source/chapter2-uefi.rst | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/source/chapter2-uefi.rst b/source/chapter2-uefi.rst
index 379f0ca..4f74d43 100644
--- a/source/chapter2-uefi.rst
+++ b/source/chapter2-uefi.rst
@@ -201,14 +201,15 @@ variables stored on shared media. [#OPTEESupplicant]_
If a platform does not implement modifying non-volatile variables with
SetVariable() after ExitBootServices(),
-then it must not provide any variable operations after ExitBootServices().
-Firmware shall return EFI_UNSUPPORTED for any call to GetVariable(),
-GetNextVariableName() and SetVariable().
-Firmware shall not emulated non-volatile variables using volatile RAM cache.
+then firmware shall return EFI_UNSUPPORTED for any call to SetVariable(),
+and must advertise that SetVariable() isn't available during runtime services
+via the "RuntimeServicesSupported" variable as defined in UEFI version 2.8.1.
+EFI applications can read RuntimeServicesSupported to determine if calls
+to SetVariable() need to be performed before calling ExitBootServices().
-.. note:: The behaviour when SetVariable() is not supported during runtime
- services is still under discussion and subject to change.
- Do not make any firmware implementation decisions based on this text yet.
+Even when SetVariable() is not supported during runtime services, firmware
+should cache variable names and values in EfiRuntimeServicesData memory so
+that GetVariable() and GetNextVeriableName() can behave as specified.
.. [#OPTEESupplicant] It is worth noting that OP-TEE has a similar problem
regarding secure storage.
@@ -216,5 +217,7 @@ Firmware shall not emulated non-volatile variables using volatile RAM cache.
storage operations on behalf of OP-TEE.
The same solution may be applicable to solving the UEFI non-volatile
variable problem, but it requires additional OS support to work.
+ Regardless, EBBR compliance does not require SetVariable() support
+ during runtime services.
https://github.com/OP-TEE/optee_os/blob/master/documentation/secure_storage…
--
2.13.0
On Fri, Dec 7, 2018 at 9:16 AM Mark Brown <broonie(a)kernel.org> wrote:
>
> On Fri, Dec 07, 2018 at 08:57:06AM -0600, Rob Herring wrote:
> > On Thu, Dec 6, 2018 at 2:07 PM Mark Brown <broonie(a)kernel.org> wrote:
>
> > > The issues with the existing install_dtbs sounded unrelated to this.
>
> > Maybe, what are the issues? We can't change the source layout
> > transparently if dtbs_install is not being used.
>
> I thought that was the thing with adding -@ so overlays could be used?
I don't think so as that is during building, not install. Any user can
set '-@' with 'make DTC_FLAGS="-@" ...' already. The issue with that
was changing the default globally and no way to set per platform. Now
that I think about, moving the sources to subdirs may allow setting
DTC_FLAGS per subdir which may be good enough.
Rob
On Thu, Dec 6, 2018 at 2:07 PM Mark Brown <broonie(a)kernel.org> wrote:
>
> On Thu, Dec 06, 2018 at 01:06:43PM -0600, Rob Herring wrote:
> > On Thu, Dec 6, 2018 at 7:32 AM Andreas Färber <afaerber(a)suse.de> wrote:
>
> > > I'd be okay with distinguishing source vs. install location. Due to the
> > > issue I mention below (and more) we can't use install_dtbs for openSUSE
> > > and had to reimplement it, which we'd need to (and can) adjust.
>
> > What would be needed for dtbs_install to work? arm64 needs to support
> > a flat install? If it doesn't work for Debian or openSUSE, I'm not
> > sure why we have it. So I'd like to make it work.
>
> Correct me if I'm wrong but as far as the flat vs directory thing goes
> isn't the issue that this winds up being a rename for an existing 32 bit
> system? If you just install the dtbs in the default location then a
> bootloader or whatever that is hard coded to look for foo-bar.dtb won't
> see the new foo/foo-bar.dtb (or whatever) and will continue to use the
> old binary. It's not the fact that that it's in a directory, it's the
> fact that the bootloader sees the name it needs to look for change (if
> it's looking on a filesystem at all).
Correct.
> This isn't a problem for arm64 as
> the location isn't changing, it's used directories from day one.
The kernel may have used directories, but that's not what the distros
did according to Andreas:
> We already had that discussion for arm64 because Debian chose to ignore
> the kernel-installed subdirectories and installed .dtb files into a flat
> directory, which collided with openSUSE sticking to the kernel choice.
So are the distros different or who changed to align? That's not clear
from this thread.
> The issues with the existing install_dtbs sounded unrelated to this.
Maybe, what are the issues? We can't change the source layout
transparently if dtbs_install is not being used.
My question here is whether a flat install is useful on arm64. We can
either have a kconfig variable that arm32 sets to do flat installs or
it could be some command line make variable and then any user can pick
what they want for any arch.
Rob
On Thu, Dec 6, 2018 at 12:07 PM Mark Brown <broonie(a)kernel.org> wrote:
>
> On Thu, Dec 06, 2018 at 01:06:43PM -0600, Rob Herring wrote:
> > On Thu, Dec 6, 2018 at 7:32 AM Andreas Färber <afaerber(a)suse.de> wrote:
>
> > > I'd be okay with distinguishing source vs. install location. Due to the
> > > issue I mention below (and more) we can't use install_dtbs for openSUSE
> > > and had to reimplement it, which we'd need to (and can) adjust.
>
> > What would be needed for dtbs_install to work? arm64 needs to support
> > a flat install? If it doesn't work for Debian or openSUSE, I'm not
> > sure why we have it. So I'd like to make it work.
>
> Correct me if I'm wrong but as far as the flat vs directory thing goes
> isn't the issue that this winds up being a rename for an existing 32 bit
> system? If you just install the dtbs in the default location then a
> bootloader or whatever that is hard coded to look for foo-bar.dtb won't
> see the new foo/foo-bar.dtb (or whatever) and will continue to use the
> old binary. It's not the fact that that it's in a directory, it's the
> fact that the bootloader sees the name it needs to look for change (if
> it's looking on a filesystem at all). This isn't a problem for arm64 as
> the location isn't changing, it's used directories from day one.
Yeah, install needs to remain flat even if the dts files move into
subdirectories. It will be painful for everybody if the install
location moves.
> The issues with the existing install_dtbs sounded unrelated to this.
Agreed.
-Olof