From: Ard Biesheuvel ard.biesheuvel@arm.com

...

Not a strong position, but you may also want to put the foot down on *when* the exposed Devicetree blob must be consistent (consistent with some firmware setting changes). Perhaps thats at ReadyToBoot or ExitBootServices.

ReadyToBoot is a PI concept, not a UEFI concept. And EBS() is way too late. But I don't think there is any need to specify this: the firmware needs to make the DT available before calling the OS loader - I don't think we need to spell that out.

But this brings something else to mind: in the past, we had to push back on efforts to upstream Linux changes to install the DTB back into the configuration table, so that at EBS() time, the firmware would see the modified version. *That* is something we should rule out:

Got it. Agreed.

A

On 05.05.20 15:51, Grant Likely wrote:

On 05/05/2020 08:30, Andrei Warkentin wrote:

...

*From:* Ard Biesheuvel ard.biesheuvel@arm.com

...

...

Not a strong position, but you may also want to put the foot down on *when* the exposed Devicetree blob must be consistent (consistent with some firmware setting changes). Perhaps thats at ReadyToBoot or ExitBootServices.

...

ReadyToBoot is a PI concept, not a UEFI concept. And EBS() is way too late. But I don't think there is any need to specify this: the firmware needs to make the DT available before calling the OS loader - I don't think we need to spell that out.

...

But this brings something else to mind: in the past, we had to push back on efforts to upstream Linux changes to install the DTB back into the configuration table, so that at EBS() time, the firmware would see the modified version. *That* is something we should rule out:

Got it. Agreed.

Needs to be worded carefully since it is a valid use case to replace the DTB entirely before ExitBootServices(). It needs to be clear that firmware is not required to consume the DTB if it gets replaced.

How about:

+If an OS Loader or other EFI application loads a new DTB that replaces +the DTB provided by firmware and registers it into the EFI_SYSTEM_TABLE, then firmware must not parse, modify, or +otherwise use the data contained in the new DTB. +In this scenario, the application becomes wholly responsible for the DTB data.

U-Boot currently makes at least the following changes to the device trees before registering them in the system table:

fdt_root(): Set property 'serial' from environment variable 'serial#'

fdt_chosen(): Set property chosen/bootargs Set property chosen/linux,stdout-path

arch_fixup_fdt() [RISC-V]: Set property chosen/boot-hartid

fdt_fixup_ethernet(): Set property mac-address and local-mac-address

board specific fixups like * setting property fsl,sc_rsrc_id on imx8 * disabling of nodes soc/can, soc/gpu depending on board configuration on STM32MP * enable GPU nodes on Nvidia Tegra (nvidia,gk20a, nvidia,gk20a)

optee_copy_fdt_nodes(): * transfer of optee nodes to new fdt

efi_carve_out_dt_rsv(): * create reserved memory nodes

GRUB is one software that may register a new devicetree as configuration table via the 'devicetree' tree command. Currently none of the fixups above will be applied. This may result in boot failure.

A software like GRUB is not meant to have any device specific knowledge. So it cannot possibly know which fix-ups are needed.

I stumbled over this problem when I booted devices via iSCSI. As up to now Linux device trees are not interchangeable between kernel versions I would have loved to have kernel, initrd, and device tree on the iSCSI drive and managed by GRUB. This would only work out if the device specific fix-ups would be applied after GRUB loads a device-tree. Cf. https://savannah.gnu.org/bugs/?52939.

As long as device-trees loaded by an EFI application like GRUB do not fully describe boards and miss on copying memory reservations, boot-hartid and everything else needed for successful booting the requirement not to fix-up device trees is not plausible to me.

Best regards

Heinrich

g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture

On 05/05/2020 16:57, Ard Biesheuvel wrote:

On Tue, 5 May 2020 at 17:49, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

...

...

As long as device-trees loaded by an EFI application like GRUB do not fully describe boards and miss on copying memory reservations, boot-hartid and everything else needed for successful booting the requirement not to fix-up device trees is not plausible to me.

This is a fair point. The point I made was about firmware relying on changes made by the kernel's EFI stub between entry and the point where it calls ExitBootServices().

Can we create a flow-diagram of who needs to modify what? Here's a first attempt:

Scenario 1: Firmware provides DTB

1) Firmware loads stock DTB into EfiACPIReclaimMemory 2) Firmware updates DTB /chosen and /memory with current config ---- DTB becomes immutable to firmware 3) Firmware calls EFI Application or OS Loader 4) ExitBootServices() 5) OS Consumes firmware-provided DTB

Scenario 2: EFI Application provides replacement DTB and handles fixups

1) Firmware loads stock DTB into EfiACPIReclaimMemory 2) Firmware updates DTB /chosen and /memory with current config ---- DTB becomes immutable to firmware 3) Firmware calls EFI Application which provides replacement DTB a) Application loads replacement DTB into EfiACPIReclaimMemory b) Application updates replacement DTB with /chosen & /memory from default DTB c) Application calls OS Loader 5) ExitBootServices() 6) OS Consumes replacement DTB

Scenario 3: EFI Application provides replacement DTB; but depends on firmware to provide fixups

1) Firmware loads stock DTB into EfiACPIReclaimMemory 2) Firmware calls EFI Application which provides replacement DTB a) Application loads replacement DTB into EfiACPIReclaimMemory b) Application calls OS Loader 3) ExitBootServices() a) Firmware updates current DTB /chosen and /memory with current config ---- DTB becomes immutable to firmware 4) OS Consumes replacement DTB

These are obviously trivial descriptions, but I'd like to flush out what is actually required. There is going to be tension here between what OS vendors need, and what vertically integrated embedded users will need.

g.

On 06/05/2020 15:21, Ard Biesheuvel wrote:

On Wed, 6 May 2020 at 15:56, Grant Likely grant.likely@arm.com wrote:

...

On 05/05/2020 16:57, Ard Biesheuvel wrote:

...

On Tue, 5 May 2020 at 17:49, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

...

...

As long as device-trees loaded by an EFI application like GRUB do not fully describe boards and miss on copying memory reservations, boot-hartid and everything else needed for successful booting the requirement not to fix-up device trees is not plausible to me.

This is a fair point. The point I made was about firmware relying on changes made by the kernel's EFI stub between entry and the point where it calls ExitBootServices().

Can we create a flow-diagram of who needs to modify what? Here's a first attempt:

Scenario 1: Firmware provides DTB

1. Firmware loads stock DTB into EfiACPIReclaimMemory
2. Firmware updates DTB /chosen and /memory with current config

---- DTB becomes immutable to firmware 3) Firmware calls EFI Application or OS Loader 4) ExitBootServices() 5) OS Consumes firmware-provided DTB

Scenario 2: EFI Application provides replacement DTB and handles fixups

1. Firmware loads stock DTB into EfiACPIReclaimMemory
2. Firmware updates DTB /chosen and /memory with current config

---- DTB becomes immutable to firmware 3) Firmware calls EFI Application which provides replacement DTB a) Application loads replacement DTB into EfiACPIReclaimMemory b) Application updates replacement DTB with /chosen & /memory from default DTB c) Application calls OS Loader 5) ExitBootServices() 6) OS Consumes replacement DTB

Scenario 3: EFI Application provides replacement DTB; but depends on firmware to provide fixups

1. Firmware loads stock DTB into EfiACPIReclaimMemory
2. Firmware calls EFI Application which provides replacement DTB a) Application loads replacement DTB into EfiACPIReclaimMemory b) Application calls OS Loader
3. ExitBootServices() a) Firmware updates current DTB /chosen and /memory with current config

---- DTB becomes immutable to firmware 4) OS Consumes replacement DTB

This doesn't make sense to me. EFI boot does not use /memory nodes in the first place (or /memreserve/s), but the OS does not even install the DTB back into the config table array. In Linux, the EFI stub just passes its address in memory via r0, because that is what the bare metal boot protocol stipulates.

Ah right, I forgot about that detail. Ignore the bits about /memory. My intent wasn't to be super-accurate at this point, but to start a chat about what firmware updates may need to be applied to a replacement DTB.

So whatever is in the config table array when the OS loader executes is what it will consume. It is fine if some intermediate agent replaces the DTB entirely, but the firmware should not expect to be able to make any changes to it once it hands off to the next boot stage.

This is essentially why I brought this up: the firmware should provide the DTB. We know that in reality, people used DTBs shipped with the OS, and this is not great but acceptable. If we allow firmware to have a reverse dependency on the DTB, we make this dependency hell only worse, since you may find yourself in the situation where your kernel does not support the DT shipped with your firmware, and your firmware does not support the DT shipped with your kernel.

Only if the door is wide open. If there is a /real need/ for a limited set of changes to the dtb, then those specific cases can be spelled out as things firmware is allowed to modify in a replacement DTB. Any scenarios here need to be very specific.

What specific cases do we know about?

g.

On 06/05/2020 15:52, Ard Biesheuvel wrote:

On 5/6/20 4:38 PM, Grant Likely wrote:

...

Only if the door is wide open. If there is a /real need/ for a limited set of changes to the dtb, then those specific cases can be spelled out as things firmware is allowed to modify in a replacement DTB. Any scenarios here need to be very specific.

What specific cases do we know about?

None. There is no way the firmware can currently manipulate the DTB after the EFI stub has taken ownership of it. We load the firmware provided one, copy it into a new allocation and make our changes there. This version is the one that is passed to the OS.

Before ExitBootServices()?

g.

On 06/05/2020 15:56, Ard Biesheuvel wrote:

On 5/6/20 4:54 PM, Grant Likely wrote:

...

On 06/05/2020 15:52, Ard Biesheuvel wrote:

...

On 5/6/20 4:38 PM, Grant Likely wrote:

...

Only if the door is wide open. If there is a /real need/ for a limited set of changes to the dtb, then those specific cases can be spelled out as things firmware is allowed to modify in a replacement DTB. Any scenarios here need to be very specific.

What specific cases do we know about?

None. There is no way the firmware can currently manipulate the DTB after the EFI stub has taken ownership of it. We load the firmware provided one, copy it into a new allocation and make our changes there. This version is the one that is passed to the OS.

Before ExitBootServices()?

Yes.

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'. - Before ExitBootServices() - After ???

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

g.

On 5/6/20 5:01 PM, Grant Likely wrote:

On 06/05/2020 15:56, Ard Biesheuvel wrote:

...

On 5/6/20 4:54 PM, Grant Likely wrote:

...

On 06/05/2020 15:52, Ard Biesheuvel wrote:

...

On 5/6/20 4:38 PM, Grant Likely wrote:

...

Only if the door is wide open. If there is a /real need/ for a limited set of changes to the dtb, then those specific cases can be spelled out as things firmware is allowed to modify in a replacement DTB. Any scenarios here need to be very specific.

What specific cases do we know about?

None. There is no way the firmware can currently manipulate the DTB after the EFI stub has taken ownership of it. We load the firmware provided one, copy it into a new allocation and make our changes there. This version is the one that is passed to the OS.

Before ExitBootServices()?

Yes.

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'.

• Before ExitBootServices()
• After ???

No changes should be made to the DTB after it has been installed as a config table.

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

On Wed, 6 May 2020 at 18:40, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

On 06.05.20 17:14, Ard Biesheuvel wrote:

...

On 5/6/20 5:01 PM, Grant Likely wrote:

...

On 06/05/2020 15:56, Ard Biesheuvel wrote:

...

On 5/6/20 4:54 PM, Grant Likely wrote:

...

On 06/05/2020 15:52, Ard Biesheuvel wrote:

...

On 5/6/20 4:38 PM, Grant Likely wrote: > Only if the door is wide open. If there is a /real need/ for a > limited set of changes to the dtb, then those specific cases can > be spelled out as things firmware is allowed to modify in a > replacement DTB. Any scenarios here need to be very specific. > > What specific cases do we know about? >

None. There is no way the firmware can currently manipulate the DTB after the EFI stub has taken ownership of it. We load the firmware provided one, copy it into a new allocation and make our changes there. This version is the one that is passed to the OS.

Before ExitBootServices()?

Yes.

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'.

• Before ExitBootServices()
• After ???

No changes should be made to the DTB after it has been installed as a config table.

...

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

This would imply that GRUB should not offer a devicetree command if it does not know what fix-ups are needed?

grub could apply its own fixups on the provided DTB assuming that the

result is still EFIAcpiReclaim memory.

Should GRUB command be marked as deprecated? - CC Daniel

https://www.gnu.org/software/grub/manual/grub/grub.html#devicetree

Best regards

Heinrich

On 06/05/2020 17:57, Ard Biesheuvel wrote:

On Wed, 6 May 2020 at 18:41, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

On 06.05.20 17:14, Ard Biesheuvel wrote:

...

On 5/6/20 5:01 PM, Grant Likely wrote:

...

...

...

...

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'.

• Before ExitBootServices()
• After ???

No changes should be made to the DTB after it has been installed as a config table.

...

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

This would imply that GRUB should not offer a devicetree command if it does not know what fix-ups are needed?

Grant and you keep mentioning fixups like it is common today for the system firmware to go and change the DTB at random times after invoking the next stage. What exactly do you have in mind here, and why do you think it works correctly today?

In the non-EFI boot flow, it is common for U-Boot to load the DTB, and then updating it in the bootm command to insert the kernel command line or in another command (e.g. applying overlays). The concern I've heard is that the EBBR boot flow won't support what is needed in the embedded space.

I want to make sure we're not ruling out behaviour that is required because it hasn't been discussed in this context. I suspect the answer will simply be exactly what you've already described: The DTB becomes static before any EFI applications are executed. Any fixups after that point are the responsibility of the boot flow. I want to be sure that works for the ST, NXP, TI, etc.

g.

...

Should GRUB command be marked as deprecated? - CC Daniel https://www.gnu.org/software/grub/manual/grub/grub.html#devicetree

I don't think so. There are valid use cases for it, and the system firmware should not be poking around in the DTB anyway after it has launched the next stage loader.

On Wed, 6 May 2020 at 20:00, Grant Likely grant.likely@arm.com wrote:

On 06/05/2020 17:57, Ard Biesheuvel wrote:

...

On Wed, 6 May 2020 at 18:41, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

On 06.05.20 17:14, Ard Biesheuvel wrote:

...

On 5/6/20 5:01 PM, Grant Likely wrote:

...

...

...

...

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'.

• Before ExitBootServices()
• After ???

No changes should be made to the DTB after it has been installed as a config table.

...

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

This would imply that GRUB should not offer a devicetree command if it does not know what fix-ups are needed?

Grant and you keep mentioning fixups like it is common today for the system firmware to go and change the DTB at random times after invoking the next stage. What exactly do you have in mind here, and why do you think it works correctly today?

In the non-EFI boot flow, it is common for U-Boot to load the DTB, and then updating it in the bootm command to insert the kernel command line or in another command (e.g. applying overlays). The concern I've heard is that the EBBR boot flow won't support what is needed in the embedded space.

I want to make sure we're not ruling out behaviour that is required because it hasn't been discussed in this context. I suspect the answer will simply be exactly what you've already described: The DTB becomes static before any EFI applications are executed. Any fixups after that point are the responsibility of the boot flow. I want to be sure that works for the ST, NXP, TI, etc.

I think this is just a terminology clash: in the embedded world, the DT is read from a file (which may be shipped separately), and so a 'fixup' step is required to put actual runtime data into it.

In the EDK/ACPI/SBBR world, 'fixing up' the firmware tables is the same as generating them in the first place, since the input is not taken from a file, and not necessarily in true DT format at all: Overdrive in edk2-platforms is a good example, it has a .dtb builtin in with lots of pieces missing, and these are all generated and inserted on the fly. On SynQuacer, I do something similar, but also apply overlays depending on what is plugged into the 96boards LS connector (in theory - only Secure96 is supported at the moment)

So we are basically talking about the same thing, and whatever the firmware needs to at runtime to produce a correct and accurate DT needs to be completed before it calls the next boot stage.

On Wed, May 06, 2020 at 06:40:49PM +0200, Heinrich Schuchardt wrote:

On 06.05.20 17:14, Ard Biesheuvel wrote:

...

On 5/6/20 5:01 PM, Grant Likely wrote:

...

On 06/05/2020 15:56, Ard Biesheuvel wrote:

...

On 5/6/20 4:54 PM, Grant Likely wrote:

...

On 06/05/2020 15:52, Ard Biesheuvel wrote:

...

On 5/6/20 4:38 PM, Grant Likely wrote: > Only if the door is wide open. If there is a /real need/ for a > limited set of changes to the dtb, then those specific cases can > be spelled out as things firmware is allowed to modify in a > replacement DTB. Any scenarios here need to be very specific. > > What specific cases do we know about? >

None. There is no way the firmware can currently manipulate the DTB after the EFI stub has taken ownership of it. We load the firmware provided one, copy it into a new allocation and make our changes there. This version is the one that is passed to the OS.

Before ExitBootServices()?

Yes.

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'.

• Before ExitBootServices()
• After ???

No changes should be made to the DTB after it has been installed as a config table.

...

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

This would imply that GRUB should not offer a devicetree command if it does not know what fix-ups are needed?

Quite the opposite.

It is partly *because* grub (which is part of the OS, not part of the system firmware) is entitled to make changes that the system firmware must leave the DTB alone.

Daniel.

On Thu, May 07, 2020 at 05:32:40PM +0200, François Ozog wrote:

On Thu, 7 May 2020 at 16:50, Daniel Thompson daniel.thompson@linaro.org wrote:

...

On Wed, May 06, 2020 at 06:40:49PM +0200, Heinrich Schuchardt wrote:

...

On 06.05.20 17:14, Ard Biesheuvel wrote:

...

On 5/6/20 5:01 PM, Grant Likely wrote:

...

On 06/05/2020 15:56, Ard Biesheuvel wrote:

...

On 5/6/20 4:54 PM, Grant Likely wrote: > > > On 06/05/2020 15:52, Ard Biesheuvel wrote: >> On 5/6/20 4:38 PM, Grant Likely wrote: >>> Only if the door is wide open. If there is a /real need/ for a >>> limited set of changes to the dtb, then those specific cases can >>> be spelled out as things firmware is allowed to modify in a >>> replacement DTB. Any scenarios here need to be very specific. >>> >>> What specific cases do we know about? >>> >> >> None. There is no way the firmware can currently manipulate the DTB >> after the EFI stub has taken ownership of it. We load the firmware >> provided one, copy it into a new allocation and make our changes >> there. This version is the one that is passed to the OS. > > Before ExitBootServices()? >

Yes.

Right, so the kernel stub is completely out and language is needed for when the DTB becomes 'sedimented'.

• Before ExitBootServices()
• After ???

No changes should be made to the DTB after it has been installed as a config table.

...

Second, if an Efi application replaces the DTB, what are the known scenarios for wanting firmware to apply fixups to the DTB (again; need to be very specific)

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

This would imply that GRUB should not offer a devicetree command if it does not know what fix-ups are needed?

Quite the opposite.

It is partly *because* grub (which is part of the OS, not part of the system firmware) is entitled to make changes that the system firmware must leave the DTB alone.

Isn't it more accurate to say that grub is part of Linux distros targeting servers and desktops. In embedded, I am not sure grub is in the picture all the time.

Sure grub isn't a mandatory but on systems which include it then it is part of the OS.

In your view, what is the role of grub in the DT lifecycle? I see it as the "authoritative entity" to deal with chosen node (bootargs, cma) and speical reverved-memory for kexec...

Er... I mostly use it to workaround broken system firmware ;-) and for development and testing.

However from an EBBR point of view there is no reason to care about the role of grub in the DT lifecycle because it is not in scope. Once we have handed over to next component (whether it is grub, the efistub, a bsd loader or any other OS component) then we no longer get a say in what happens to the DT.

Daniel.

On Tue, 12 May 2020 at 19:05, Grant Likely grant.likely@arm.com wrote:

On 07/05/2020 20:15, Daniel Thompson wrote:

...

On Thu, May 07, 2020 at 05:32:40PM +0200, François Ozog wrote:

...

On Thu, 7 May 2020 at 16:50, Daniel Thompson daniel.thompson@linaro.org wrote:

...

On Wed, May 06, 2020 at 06:40:49PM +0200, Heinrich Schuchardt wrote:

...

On 06.05.20 17:14, Ard Biesheuvel wrote:

...

On 5/6/20 5:01 PM, Grant Likely wrote: > On 06/05/2020 15:56, Ard Biesheuvel wrote: >> On 5/6/20 4:54 PM, Grant Likely wrote: >>> >>> >>> On 06/05/2020 15:52, Ard Biesheuvel wrote: >>>> On 5/6/20 4:38 PM, Grant Likely wrote: >>>>> Only if the door is wide open. If there is a /real need/ for a >>>>> limited set of changes to the dtb, then those specific cases can >>>>> be spelled out as things firmware is allowed to modify in a >>>>> replacement DTB. Any scenarios here need to be very specific. >>>>> >>>>> What specific cases do we know about? >>>>> >>>> >>>> None. There is no way the firmware can currently manipulate the DTB >>>> after the EFI stub has taken ownership of it. We load the firmware >>>> provided one, copy it into a new allocation and make our changes >>>> there. This version is the one that is passed to the OS. >>> >>> Before ExitBootServices()? >>> >> >> Yes. > > Right, so the kernel stub is completely out and language is needed for > when the DTB becomes 'sedimented'. > - Before ExitBootServices() > - After ??? >

No changes should be made to the DTB after it has been installed as a config table.

> Second, if an Efi application replaces the DTB, what are the known > scenarios for wanting firmware to apply fixups to the DTB (again; need > to be very specific) >

None. The firmware should not expect to be given the opportunity to tweak the DTB after it hands off to the next stage.

This would imply that GRUB should not offer a devicetree command if it does not know what fix-ups are needed?

Quite the opposite.

It is partly *because* grub (which is part of the OS, not part of the system firmware) is entitled to make changes that the system firmware must leave the DTB alone.

Isn't it more accurate to say that grub is part of Linux distros targeting servers and desktops. In embedded, I am not sure grub is in the picture all the time.

Sure grub isn't a mandatory but on systems which include it then it is part of the OS.

...

In your view, what is the role of grub in the DT lifecycle? I see it as the "authoritative entity" to deal with chosen node (bootargs, cma) and speical reverved-memory for kexec...

Er... I mostly use it to workaround broken system firmware ;-) and for development and testing.

However from an EBBR point of view there is no reason to care about the role of grub in the DT lifecycle because it is not in scope. Once we have handed over to next component (whether it is grub, the efistub, a bsd loader or any other OS component) then we no longer get a say in what happens to the DT.

To get back to something concrete in the EBBR text, how about the addition of the following text to the Devicetree section?

---

Firmware must have the DTB resident in memory and listed in the EFI system table before executing any UEFI applications. Firmware must not modify the resident DTB while a UEFI application is executing, including during calls to boot services or runtime services.

UEFI applications are permitted to modify or replace the loaded DTB. Firmware must ignore any changes to the DTB made by an application and simply pass the modified or replaced DTB through to the operating system. Firmware must not depend on the in-memory DTB for its own operation. I.e., Once execution of a UEFI application begins, firmware must treat the resident DTB as an anonymous blob and not depend on any data in the DTB.

---

I think that covers the use cases of UEFI applications making changes to the DTB (for any number of valid reasons); but spells out that the firmware is not to make use of or change the DTB once application execution begins.

This still suggests that the system firmware is involved at all in passing the DTB once it has handed off to any UEFI application including the OS loader, but it shouldn't be.

The system firmware should simply a) *produce* the DTB as a config table before calling any other applications (or even other 3rd party drivers if they are supported - this amounts to the meaning of EndOfDxe in PI) b) not *consume* a DTB from the config table - even if it uses DT internally, it should not reload the DT that a loader may have installed.

On 5/12/20 7:23 PM, Grant Likely wrote:

On 12/05/2020 18:16, Ard Biesheuvel wrote:

...

On Tue, 12 May 2020 at 19:05, Grant Likely grant.likely@arm.com wrote:

...

On 07/05/2020 20:15, Daniel Thompson wrote:

...

On Thu, May 07, 2020 at 05:32:40PM +0200, François Ozog wrote:

...

On Thu, 7 May 2020 at 16:50, Daniel Thompson daniel.thompson@linaro.org wrote:

...

On Wed, May 06, 2020 at 06:40:49PM +0200, Heinrich Schuchardt wrote: > On 06.05.20 17:14, Ard Biesheuvel wrote: >> On 5/6/20 5:01 PM, Grant Likely wrote: >>> On 06/05/2020 15:56, Ard Biesheuvel wrote: >>>> On 5/6/20 4:54 PM, Grant Likely wrote: >>>>> >>>>> >>>>> On 06/05/2020 15:52, Ard Biesheuvel wrote: >>>>>> On 5/6/20 4:38 PM, Grant Likely wrote: >>>>>>> Only if the door is wide open. If there is a /real need/ for a >>>>>>> limited set of changes to the dtb, then those specific >>>>>>> cases can >>>>>>> be spelled out as things firmware is allowed to modify in a >>>>>>> replacement DTB. Any scenarios here need to be very specific. >>>>>>> >>>>>>> What specific cases do we know about? >>>>>>> >>>>>> >>>>>> None. There is no way the firmware can currently manipulate >>>>>> the DTB >>>>>> after the EFI stub has taken ownership of it. We load the >>>>>> firmware >>>>>> provided one, copy it into a new allocation and make our >>>>>> changes >>>>>> there. This version is the one that is passed to the OS. >>>>> >>>>> Before ExitBootServices()? >>>>> >>>> >>>> Yes. >>> >>> Right, so the kernel stub is completely out and language is >>> needed for >>> when the DTB becomes 'sedimented'. >>> - Before ExitBootServices() >>> - After ??? >>> >> >> No changes should be made to the DTB after it has been installed >> as a >> config table. >> >>> Second, if an Efi application replaces the DTB, what are the known >>> scenarios for wanting firmware to apply fixups to the DTB >>> (again; need >>> to be very specific) >>> >> >> None. The firmware should not expect to be given the opportunity to >> tweak the DTB after it hands off to the next stage. > > This would imply that GRUB should not offer a devicetree command > if it > does not know what fix-ups are needed?

Quite the opposite.

It is partly *because* grub (which is part of the OS, not part of the system firmware) is entitled to make changes that the system firmware must leave the DTB alone.

Isn't it more accurate to say that grub is part of Linux distros targeting servers and desktops. In embedded, I am not sure grub is in the picture all the time.

Sure grub isn't a mandatory but on systems which include it then it is part of the OS.

...

In your view, what is the role of grub in the DT lifecycle? I see it as the "authoritative entity" to deal with chosen node (bootargs, cma) and speical reverved-memory for kexec...

Er... I mostly use it to workaround broken system firmware ;-) and for development and testing.

However from an EBBR point of view there is no reason to care about the role of grub in the DT lifecycle because it is not in scope. Once we have handed over to next component (whether it is grub, the efistub, a bsd loader or any other OS component) then we no longer get a say in what happens to the DT.

To get back to something concrete in the EBBR text, how about the addition of the following text to the Devicetree section?

---

Firmware must have the DTB resident in memory and listed in the EFI system table before executing any UEFI applications. Firmware must not modify the resident DTB while a UEFI application is executing, including during calls to boot services or runtime services.

UEFI applications are permitted to modify or replace the loaded DTB. Firmware must ignore any changes to the DTB made by an application and simply pass the modified or replaced DTB through to the operating system. Firmware must not depend on the in-memory DTB for its own operation. I.e., Once execution of a UEFI application begins, firmware must treat the resident DTB as an anonymous blob and not depend on any data in the DTB.

---

I think that covers the use cases of UEFI applications making changes to the DTB (for any number of valid reasons); but spells out that the firmware is not to make use of or change the DTB once application execution begins.

This still suggests that the system firmware is involved at all in passing the DTB once it has handed off to any UEFI application including the OS loader, but it shouldn't be.

The system firmware should simply a) *produce* the DTB as a config table before calling any other applications (or even other 3rd party drivers if they are supported - this amounts to the meaning of EndOfDxe in PI) b) not *consume* a DTB from the config table - even if it uses DT internally, it should not reload the DT that a loader may have installed.

Can you suggest how I describe this in the spec?

Perhaps something along the lines of:

""" If a DTB is used to describe the platform to the OS, it must be installed as a EFI configuration table under the appropriate GUID by the system firmware before starting any UEFI applications or drivers that are not part of the system firmware image themselves. Once the DTB is installed as a configuration table, the system firmware must not make any modifications to it.

UEFI applications are permitted to replace the installed DTB. Modifications to the installed DTB are not allowed, but it is permitted to clone the installed DTB, apply any changes to the clone and install it as a replacement.

The system firmware may use DTB internally in its implementation, but it must not rely on DTB images that are installed as EFI configuration tables by other agents under the reserved DTB GUID. """

On 5/13/20 2:48 PM, Grant Likely wrote:

On 12/05/2020 18:54, Ard Biesheuvel wrote:

...

On 5/12/20 7:23 PM, Grant Likely wrote:

...

On 12/05/2020 18:16, Ard Biesheuvel wrote:

...

On Tue, 12 May 2020 at 19:05, Grant Likely grant.likely@arm.com wrote:

...

On 07/05/2020 20:15, Daniel Thompson wrote:

...

On Thu, May 07, 2020 at 05:32:40PM +0200, François Ozog wrote: > On Thu, 7 May 2020 at 16:50, Daniel Thompson > daniel.thompson@linaro.org > wrote: > >> On Wed, May 06, 2020 at 06:40:49PM +0200, Heinrich Schuchardt >> wrote: >>> On 06.05.20 17:14, Ard Biesheuvel wrote: >>>> On 5/6/20 5:01 PM, Grant Likely wrote: >>>>> On 06/05/2020 15:56, Ard Biesheuvel wrote: >>>>>> On 5/6/20 4:54 PM, Grant Likely wrote: >>>>>>> >>>>>>> >>>>>>> On 06/05/2020 15:52, Ard Biesheuvel wrote: >>>>>>>> On 5/6/20 4:38 PM, Grant Likely wrote: >>>>>>>>> Only if the door is wide open. If there is a /real need/ >>>>>>>>> for a >>>>>>>>> limited set of changes to the dtb, then those specific >>>>>>>>> cases can >>>>>>>>> be spelled out as things firmware is allowed to modify in a >>>>>>>>> replacement DTB. Any scenarios here need to be very >>>>>>>>> specific. >>>>>>>>> >>>>>>>>> What specific cases do we know about? >>>>>>>>> >>>>>>>> >>>>>>>> None. There is no way the firmware can currently >>>>>>>> manipulate the DTB >>>>>>>> after the EFI stub has taken ownership of it. We load the >>>>>>>> firmware >>>>>>>> provided one, copy it into a new allocation and make our >>>>>>>> changes >>>>>>>> there. This version is the one that is passed to the OS. >>>>>>> >>>>>>> Before ExitBootServices()? >>>>>>> >>>>>> >>>>>> Yes. >>>>> >>>>> Right, so the kernel stub is completely out and language is >>>>> needed for >>>>> when the DTB becomes 'sedimented'. >>>>> - Before ExitBootServices() >>>>> - After ??? >>>>> >>>> >>>> No changes should be made to the DTB after it has been >>>> installed as a >>>> config table. >>>> >>>>> Second, if an Efi application replaces the DTB, what are the >>>>> known >>>>> scenarios for wanting firmware to apply fixups to the DTB >>>>> (again; need >>>>> to be very specific) >>>>> >>>> >>>> None. The firmware should not expect to be given the >>>> opportunity to >>>> tweak the DTB after it hands off to the next stage. >>> >>> This would imply that GRUB should not offer a devicetree >>> command if it >>> does not know what fix-ups are needed? >> >> Quite the opposite. >> >> It is partly *because* grub (which is part of the OS, not part >> of the >> system firmware) is entitled to make changes that the system >> firmware >> must leave the DTB alone. > > Isn't it more accurate to say that grub is part of Linux distros > targeting > servers and desktops. > In embedded, I am not sure grub is in the picture all the time.

Sure grub isn't a mandatory but on systems which include it then it is part of the OS.

> In your view, what is the role of grub in the DT lifecycle? I see > it as the > "authoritative entity" to deal with chosen node (bootargs, cma) and > speical reverved-memory for kexec...

Er... I mostly use it to workaround broken system firmware ;-) and for development and testing.

However from an EBBR point of view there is no reason to care about the role of grub in the DT lifecycle because it is not in scope. Once we have handed over to next component (whether it is grub, the efistub, a bsd loader or any other OS component) then we no longer get a say in what happens to the DT.

To get back to something concrete in the EBBR text, how about the addition of the following text to the Devicetree section?

---

Firmware must have the DTB resident in memory and listed in the EFI system table before executing any UEFI applications. Firmware must not modify the resident DTB while a UEFI application is executing, including during calls to boot services or runtime services.

UEFI applications are permitted to modify or replace the loaded DTB. Firmware must ignore any changes to the DTB made by an application and simply pass the modified or replaced DTB through to the operating system. Firmware must not depend on the in-memory DTB for its own operation. I.e., Once execution of a UEFI application begins, firmware must treat the resident DTB as an anonymous blob and not depend on any data in the DTB.

---

I think that covers the use cases of UEFI applications making changes to the DTB (for any number of valid reasons); but spells out that the firmware is not to make use of or change the DTB once application execution begins.

This still suggests that the system firmware is involved at all in passing the DTB once it has handed off to any UEFI application including the OS loader, but it shouldn't be.

The system firmware should simply a) *produce* the DTB as a config table before calling any other applications (or even other 3rd party drivers if they are supported - this amounts to the meaning of EndOfDxe in PI) b) not *consume* a DTB from the config table - even if it uses DT internally, it should not reload the DT that a loader may have installed.

Can you suggest how I describe this in the spec?

Perhaps something along the lines of:

""" If a DTB is used to describe the platform to the OS, it must be installed as a EFI configuration table under the appropriate GUID by the system firmware before starting any UEFI applications or drivers that are not part of the system firmware image themselves. Once the DTB is installed as a configuration table, the system firmware must not make any modifications to it.

Works for me.

...

UEFI applications are permitted to replace the installed DTB. Modifications to the installed DTB are not allowed, but it is permitted to clone the installed DTB, apply any changes to the clone and install it as a replacement.

I think this goes too far. Modifying a DTB in place is normal practice. Why is in not permitted to modify the firmware-provided DTB in-place?

This is related to the below. If the system firmware is permitted to use DTB internally, we should either require it to publish a copy, or require other agents to make a copy. Otherwise, these other agents may modify the data structure that the firmware relies on for its internal implementation. Of course, this assumes the internal and external DT are the same and thus compatible, which may not be the case.

...

The system firmware may use DTB internally in its implementation, but it must not rely on DTB images that are installed as EFI configuration tables by other agents under the reserved DTB GUID.

Works for me

g.

...

"""

---

boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture

On 06/05/2020 15:52, Ard Biesheuvel wrote:

On 5/6/20 4:38 PM, Grant Likely wrote:

...

On 06/05/2020 15:21, Ard Biesheuvel wrote:

...

On Wed, 6 May 2020 at 15:56, Grant Likely grant.likely@arm.com wrote:

...

On 05/05/2020 16:57, Ard Biesheuvel wrote:

...

On Tue, 5 May 2020 at 17:49, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

...

...

As long as device-trees loaded by an EFI application like GRUB do not fully describe boards and miss on copying memory reservations, boot-hartid and everything else needed for successful booting the requirement not to fix-up device trees is not plausible to me.

This is a fair point. The point I made was about firmware relying on changes made by the kernel's EFI stub between entry and the point where it calls ExitBootServices().

Can we create a flow-diagram of who needs to modify what? Here's a first attempt:

Scenario 1: Firmware provides DTB

1. Firmware loads stock DTB into EfiACPIReclaimMemory
2. Firmware updates DTB /chosen and /memory with current config

---- DTB becomes immutable to firmware 3) Firmware calls EFI Application or OS Loader 4) ExitBootServices() 5) OS Consumes firmware-provided DTB

Scenario 2: EFI Application provides replacement DTB and handles fixups

1. Firmware loads stock DTB into EfiACPIReclaimMemory
2. Firmware updates DTB /chosen and /memory with current config

---- DTB becomes immutable to firmware 3) Firmware calls EFI Application which provides replacement DTB     a) Application loads replacement DTB into EfiACPIReclaimMemory     b) Application updates replacement DTB with /chosen & /memory from default DTB     c) Application calls OS Loader 5) ExitBootServices() 6) OS Consumes replacement DTB

Scenario 3: EFI Application provides replacement DTB; but depends on firmware to provide fixups

1. Firmware loads stock DTB into EfiACPIReclaimMemory
2. Firmware calls EFI Application which provides replacement DTB

a) Application loads replacement DTB into EfiACPIReclaimMemory     b) Application calls OS Loader 3) ExitBootServices()     a) Firmware updates current DTB /chosen and /memory with current config ---- DTB becomes immutable to firmware 4) OS Consumes replacement DTB

This doesn't make sense to me. EFI boot does not use /memory nodes in the first place (or /memreserve/s), but the OS does not even install the DTB back into the config table array. In Linux, the EFI stub just passes its address in memory via r0, because that is what the bare metal boot protocol stipulates.

Ah right, I forgot about that detail. Ignore the bits about /memory. My intent wasn't to be super-accurate at this point, but to start a chat about what firmware updates may need to be applied to a replacement DTB.

...

So whatever is in the config table array when the OS loader executes is what it will consume. It is fine if some intermediate agent replaces the DTB entirely, but the firmware should not expect to be able to make any changes to it once it hands off to the next boot stage.

This is essentially why I brought this up: the firmware should provide the DTB. We know that in reality, people used DTBs shipped with the OS, and this is not great but acceptable. If we allow firmware to have a reverse dependency on the DTB, we make this dependency hell only worse, since you may find yourself in the situation where your kernel does not support the DT shipped with your firmware, and your firmware does not support the DT shipped with your kernel.

Only if the door is wide open. If there is a /real need/ for a limited set of changes to the dtb, then those specific cases can be spelled out as things firmware is allowed to modify in a replacement DTB. Any scenarios here need to be very specific.

What specific cases do we know about?

None. There is no way the firmware can currently manipulate the DTB after the EFI stub has taken ownership of it. We load the firmware provided one, copy it into a new allocation and make our changes there. This version is the one that is passed to the OS.

To clarify; I was not talking about the kernel's EFI stub in any scenario. I was asking about other EFI applications making changes before the kernel stub is called.

g.

On Tue, 5 May 2020 at 17:48, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

On 05.05.20 15:51, Grant Likely wrote:

...

On 05/05/2020 08:30, Andrei Warkentin wrote:

...

*From:* Ard Biesheuvel ard.biesheuvel@arm.com

...

...

Not a strong position, but you may also want to put the foot down on *when* the exposed Devicetree blob must be consistent (consistent

with

...

...

...

...

some firmware setting changes). Perhaps thats at ReadyToBoot or ExitBootServices.

...

ReadyToBoot is a PI concept, not a UEFI concept. And EBS() is way too late. But I don't think there is any need to specify this: the firmware needs to make the DT available before calling the OS loader - I don't think we need to spell that out.

...

But this brings something else to mind: in the past, we had to push

back

...

...

...

on efforts to upstream Linux changes to install the DTB back into the configuration table, so that at EBS() time, the firmware would see the modified version. *That* is something we should rule out:

Got it. Agreed.

Needs to be worded carefully since it is a valid use case to replace the DTB entirely before ExitBootServices(). It needs to be clear that firmware is not required to consume the DTB if it gets replaced.

How about:

+If an OS Loader or other EFI application loads a new DTB that replaces +the DTB provided by firmware and registers it into the EFI_SYSTEM_TABLE, then firmware must not parse, modify, or +otherwise use the data contained in the new DTB. +In this scenario, the application becomes wholly responsible for the DTB data.

U-Boot currently makes at least the following changes to the device trees before registering them in the system table:

fdt_root(): Set property 'serial' from environment variable 'serial#'

fdt_chosen(): Set property chosen/bootargs Set property chosen/linux,stdout-path

arch_fixup_fdt() [RISC-V]: Set property chosen/boot-hartid

fdt_fixup_ethernet(): Set property mac-address and local-mac-address

board specific fixups like

• setting property fsl,sc_rsrc_id on imx8
• disabling of nodes soc/can, soc/gpu depending on board configuration

on STM32MP

• enable GPU nodes on Nvidia Tegra (nvidia,gk20a, nvidia,gk20a)

optee_copy_fdt_nodes():

• transfer of optee nodes to new fdt

I start to think that, ultimately, there should be tfa_copy_fdt_nodes() equivalent so that the release cycle between TFA and other components are fully independent. The current behavior is U-Boot injects PSCI nodes (psci_fdt@arch/arm/lib/psci-dt.c) based on its assumption of the underlying TFA. As the release cycle has not be very rapid, this has not been a big issue. But all signs are showing that the speed of change will be faster on the TFA side, and not just for S-EL2.

efi_carve_out_dt_rsv():

• create reserved memory nodes

GRUB is one software that may register a new devicetree as configuration table via the 'devicetree' tree command. Currently none of the fixups above will be applied. This may result in boot failure.

A software like GRUB is not meant to have any device specific knowledge. So it cannot possibly know which fix-ups are needed.

I stumbled over this problem when I booted devices via iSCSI. As up to now Linux device trees are not interchangeable between kernel versions I would have loved to have kernel, initrd, and device tree on the iSCSI drive and managed by GRUB. This would only work out if the device specific fix-ups would be applied after GRUB loads a device-tree. Cf. https://savannah.gnu.org/bugs/?52939.

As long as device-trees loaded by an EFI application like GRUB do not fully describe boards and miss on copying memory reservations, boot-hartid and everything else needed for successful booting the requirement not to fix-up device trees is not plausible to me.

Cannot agree more. Isn't it true that systemd-boot has something similar?

Boot orchestration is one job very different from handing over a trustable platform description (=hw + firmware services such PSCI, SPCI...).

Best regards

Heinrich

...

g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture