Hi,
From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms.
To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed.
The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations.
One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.)
Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values.
Looking forward to having further discussions on zoom call today.
Thanks Manish P
________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Julius Werner via TF-A tf-a@lists.trustedfirmware.org Sent: 25 March 2021 02:43 To: Simon Glass sjg@chromium.org Cc: Harb Abdulhamid OS abdulhamid@os.amperecomputing.com; Boot Architecture Mailman List boot-architecture@lists.linaro.org; tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org; U-Boot Mailing List u-boot@lists.denx.de; Paul Isaac's paul.isaacs@linaro.org; Ron Minnich rminnich@google.com Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
Just want to point out that TF-A currently already supports a (very simple) mechanism like this:
https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+... https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+... https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+...
It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31.
I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once.
On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> wrote: Hi Harb,
On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS <abdulhamid@os.amperecomputing.commailto:abdulhamid@os.amperecomputing.com> wrote:
Hello Folks,
Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. đ
I try to address the comments/feedback from Francois and Simon belowâŠ.
@François Ozogmailto:francois.ozog@linaro.org â happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT.
Note that Iâm using the term âHOBâ here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases.
The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoCâs that support *any* BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity â e.g. an ODM/OEM).
Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model:
1. âSoCâ or âsiliconâ firmware â in TF-A this may map to BL1, BL2, BL31, and *possibly* one or more BL32 instances 2. âPlatformâ or âboardâ firmware â in TF-A this may map to BL33 and *possibly* one or more BL32 instances.
Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code.
To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software.
I understand the versatility of DT, but I see two major problems with DT:
* DT requires more complicated parsing to get properties, and even more complex to dynamically set properties â this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained. * DT is probably overkill for this purpose â We really just want a list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob)
I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs).
Frankly, I would personally push back pretty hard on defining SMCâs for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls.
Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call.
@Simon Glassmailto:sjg@chromium.org - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a good baseline for what we may be looking for.
That being said, I would say that there is some benefit in having some kind of unique identifiers (e.g. UUID or some unique signature) so that we can tie standardized data structures (based on some future TBD specs) to a particular ID. For example, if the TPM driver in BL33 is looking for the TPM structure in the HOB/BOB list, and may not care about the other data blobs. The driver needs a way to identify and locate the blob it cares about.
The tag is intended to serve that purpose, although perhaps it should switch from an auto-allocating enum to one with explicit values for each entry and a range for 'local' use.
I guess we can achieve this with the tag, but the problem with tag when you have eco-system with a lot of parties doing parallel development, you can end up with tag collisions and folks fighting about who has rights to what tag values. We would need some official process for folks to register tags for whatever new structures we define, or maybe some tag range for vendor specific structures. This comes with a lot of pain and bureaucracy. On the other hand, UUID has been a proven way to make it easy to just define your own blobs with *either* standard or vendor specific structures without worry of ID collisions between vendors.
True. I think the pain is overstated, though. In this case I think we actually want something that can be shared between projects and orgs, so some amount of coordination could be considered a benefit. It could just be a github pull request. I find the UUID unfriendly and not just to code size and eyesight! Trying to discover what GUIDs mean or are valid is quite tricky. E.g. see this code:
#define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) (etc.)
static struct guid_name { efi_guid_t guid; const char *name; } guid_name[] = { { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, (never figured out what those two are)
{ FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, { {}, "zero-guid" }, {} };
static const char *guid_to_name(const efi_guid_t *guid) { struct guid_name *entry;
for (entry = guid_name; entry->name; entry++) { if (!guidcmp(guid, &entry->guid)) return entry->name; }
return NULL; }
Believe it or not it took a fair bit of effort to find just that small list, with nearly every one in a separate doc, from memory.
We can probably debate whether there is any value in GUID/UUID or not during the call⊠but again, boblist seems like a reasonable starting point as an alternative to HOB.
Indeed. There is certainly value in both approaches.
Regards, Simon
Thanks,
--Harb
From: François Ozog <francois.ozog@linaro.orgmailto:francois.ozog@linaro.org> Sent: Tuesday, March 23, 2021 10:00 AM To: François Ozog <francois.ozog@linaro.orgmailto:francois.ozog@linaro.org>; Ron Minnich <rminnich@google.commailto:rminnich@google.com>; Paul Isaac's <paul.isaacs@linaro.orgmailto:paul.isaacs@linaro.org> Cc: Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org>; Harb Abdulhamid OS <abdulhamid@os.amperecomputing.commailto:abdulhamid@os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org>; tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
+Ron Minnichmailto:rminnich@google.com +Paul Isaac'smailto:paul.isaacs@linaro.org
Adding Ron and Paul because I think this interface should be also benefiting LinuxBoot efforts.
On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> wrote:
Hi,
I propose we cover the topic at the next Trusted Substratehttps://collaborate.linaro.org/display/TS/Trusted+Substrate+Home zoom callhttps://linaro-org.zoom.us/j/94563644892 on April 8th 4pm CET.
The agenda:
ABI between non-secure firmware and the rest of firmware (EL3, S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions.
runtime conditions here relates to DRAM size and topology detection, secure DRAM memory carvings, PSCI and SCMI interface publishing.
For additional background on existing metadata: UEFI Platform Initialization Specification Version 1.7https://uefi.org/sites/default/files/resources/PI_Spec_1_7_final_Jan_2019.pdf, 5.5 Resource Descriptor HOB
Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY.
This HOB lacks memory NUMA attachment or something that could be related to fill SRAT table for ACPI or relevant DT proximity domains.
HOB is not consistent accros platforms: some platforms (Arm) lists memory from the booting NUMA node, other platforms (x86) lists all memory from all NUMA nodes. (At least this is the case on the two platforms I tested).
There are two proposals to use memory structures from SPL/BLx up to the handover function (as defined in the Device Tree technical reporthttps://docs.google.com/document/d/1CLkhLRaz_zcCq44DLGmPZQFPbYHOC6nzPowaL0XmRk0/edit?usp=sharing) which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or EDK2.
I would propose we also discuss possibility of FF-A interface to actually query information or request actions to be done (this is a model actually used in some SoCs with proprietary SMC calls).
Requirements (to be validated):
- ACPI and DT hardware descriptions.
- agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2)
- agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2, TF-A/LinuxBoot)
- at least allows complete DRAM description and "persistent" usage (reserved areas for secure world or other usages)
- support secure world device assignment
Cheers
FF
On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org> wrote:
Hi,
Can I suggest using bloblist for this instead? It is lightweight, easier to parse, doesn't have GUIDs and is already used within U-Boot for passing info between SPL/U-Boot, etc.
Docs here: https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist Header file describes the format: https://github.com/u-boot/u-boot/blob/master/include/bloblist.h
Full set of unit tests: https://github.com/u-boot/u-boot/blob/master/test/bloblist.c
Regards, Simon
On Mon, 22 Mar 2021 at 23:58, François Ozog <francois.ozog@linaro.orgmailto:francois.ozog@linaro.org> wrote:
+Boot Architecture Mailman List <boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org>
standardization is very much welcomed here and need to accommodate a very diverse set of situations. For example, TEE OS may need to pass memory reservations to BL33 or "capture" a device for the secure world.
I have observed a number of architectures:
- pass information from BLx to BLy in the form of a specific object
- BLx called by BLy by a platform specific SMC to get information
- BLx called by BLy by a platform specific SMC to perform Device Tree
fixups
I also imagined a standardized "broadcast" FF-A call so that any firmware element can either provide information or "do something".
My understanding of your proposal is about standardizing on architecture 1) with the HOB format.
The advantage of the HOB is simplicity but it may be difficult to implement schemes such as pruning a DT because device assignment in the secure world.
In any case, it looks feasible to have TF-A and OP-TEE complement the list of HOBs to pass information downstream (the bootflow).
It would be good to start with building the comprehensive list of information that need to be conveyed between firmware elements:
information. | authoritative entity | reporting entity | information exchanged: dram | TFA | TFA | <format to be detailed, NUMA topology to build the SRAT table or DT equivalent?> PSCI | SCP | TFA? | SCMI | SCP or TEE-OS | TFA? TEE-OS?| secure SRAM | TFA. | TFA. | secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | other? | | |
Cheers
FF
On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> wrote:
Hello Folks,
I'm emailing to start an open discussion about the adoption of a concept known as "hand-off blocks" or HOB to become a part of the TF-A Firmware Framework Architecture (FFA). This is something that is a pretty major pain point when it comes to the adoption of TF-A in ARM Server SoCâs designed to enable a broad range of highly configurable datacenter platforms.
What is a HOB (Background)?
UEFI PI spec describes a particular definition for how HOB may be used for transitioning between the PEI and DXE boot phases, which is a good reference point for this discussion, but not necessarily the exact solution appropriate for TF-A.
A HOB is simply a dynamically generated data structure passed in between two boot phases. This is information that was obtained through discovery and needs to be passed forward to the next boot phase *once*, with no API needed to call back (e.g. no call back into previous firmware phase is needed to fetch this information at run-time - it is simply passed one time during boot).
There may be one or more HOBs passed in between boot phases. If there are more than one HOB that needs to be passed, this can be in a form of a "HOB table", which (for example) could be a UUID indexed array of pointers to HOB structures, used to locate a HOB of interest (based on UUID). In such cases, instead of passing a single HOB, the boot phases may rely on passing the pointer to the HOB table.
This has been extremely useful concept to employ on highly configurable systems that must rely on flexible discovery mechanisms to initialize and boot the system. This is especially helpful when you have multiple
Why do we need HOBs in TF-A?:
It is desirable that EL3 firmware (e.g. TF-A) built for ARM Server SoC in a way that is SoC specific *but* platform agnostic. This means that a single ARM SoC that a SiP may deliver to customers may provide a single TF-A binary (e.g. BL1, BL2, BL31) that could be used to support a broad range of platform designs and configurations in order to boot a platform specific firmware (e.g. BL33 and possibly even BL32 code). In order to achieve this, the platform configuration must be *discovered* instead of statically compiled as it is today in TF-A via device tree based enumeration. The mechanisms of discovery may differ broadly depending on the relevant industry standard, or in some cases may have rely on SiP specific discovery flows.
For example: On server systems that support a broad range DIMM memory population/topologies, all the necessary information required to boot is fully discovered via standard JEDEC Serial Presence Detect (SPD) over an I2C bus. Leveraging the SPD bus, may platform variants could be supported with a single TF-A binary. Not only is this information required to initialize memory in early boot phases (e.g. BL2), the subsequent boot phases will also need this SPD info to construct a system physical address map and properly initialize the MMU based on the memory present, and where the memory may be present. Subsequent boot phases (e.g. BL33 / UEFI) may need to generate standard firmware tables to the operating systems, such as SMBIOS tables describing DIMM topology and various ACPI tables (e.g. SLIT, SRAT, even NFIT if NVDIMM's are present).
In short, it all starts with a standardized or vendor specific discovery flow in an early boot stage (e.g. BL1/BL2), followed by the passing of information to the next boot stages (e.g. BL31/BL32/BL33).
Today, every HOB may be a vendor specific structure, but in the future there may be benefit of defining standard HOBs. This may be useful for memory discovery, passing the system physical address map, enabling TPM measured boot, and potentially many other common HOB use-cases.
It would be extremely beneficial to the datacenter market segment if the TF-A community would adopt this concept of information passing between all boot phases as opposed to rely solely on device tree enumeration. This is not intended to replace device tree, rather intended as an alternative way to describe the info that must be discovered and dynamically generated.
Conclusion:
We are proposing that the TF-A community begin pursuing the adoption of HOBs as a mechanism used for information exchange between each boot stage (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer term we want to explore standardizing some HOB structures for the BL33 phase (e.g. UEFI HOB structures), but initially would like to agree on this being a useful mechanism used to pass information between each boot stage.
Thanks,
--Harb
-- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
-- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture
--
[https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&...]
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog
-- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
--
[https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&...]
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog
-- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Manish, Simon,
* The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations.
Honestly, âconceptually similarâ is not good enough and feels like a frustratingly dismissive response to the concerns we are raising. The whole point of starting this thread is because we *know* the existing TF-A mechanisms donât work for the datacenter market segment for various reasons that we called out below.
We have a specific set of requirements that the existing framework does not really meet. And that was not for a lack of trying after many years of trying to make TF-A framework work on ARMv8 Server SoCâs.
* Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values.
I think you might be misunderstanding the problem UUIDs solve. We are talking about implementing early BL phases (BL1 â BL31) that can support a broad range of BL33 flavors with the same silicon (EDK2, AptioV, CoreBoot, LinuxBoot, or other future boot loaders).
These structures we are talking about may not be defined by the SiP, and just saying we have SiP specific tags is not good enough.
These maybe many different structures that we need to pass from BL1/BL2/BL31 to BL33 that could be defined by one of many different standards bodies (e.g. ARM, JEDEC, TCG, UEFI, PCI SIG, CXL, etc.).
If we use tags, then we must agree on who owns/dictates the tag list, and how we add/claim tags for vendor specific purposes and avoid tag collisions.
I have not heard a solution to that without establishing some owner / standards body to allocate tags. Until we do, tags are not going to work for the types of platform/system agnostic features we must support.
We canât just hand-wave this problem away, because it is a real and major problem that exists on highly configurable systems.
* Looking forward to having further discussions on zoom call today.
Looks like there was a mix up on the zoom call time⊠so look forward to the follow up.
Hopefully we can try to sort things out at the next opportunity.
Thanks, --Harb
From: Manish Pandey2 Manish.Pandey2@arm.com Sent: Thursday, April 8, 2021 7:56 AM To: Simon Glass sjg@chromium.org; Julius Werner jwerner@chromium.org Cc: Harb Abdulhamid OS abdulhamid@os.amperecomputing.com; Boot Architecture Mailman List boot-architecture@lists.linaro.org; tf-a@lists.trustedfirmware.org; U-Boot Mailing List u-boot@lists.denx.de; Paul Isaac's paul.isaacs@linaro.org; Ron Minnich rminnich@google.com Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
Hi,
From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms.
To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed.
The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations.
One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.)
Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values.
Looking forward to having further discussions on zoom call today.
Thanks Manish P
________________________________ From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> on behalf of Julius Werner via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Sent: 25 March 2021 02:43 To: Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org> Cc: Harb Abdulhamid OS <abdulhamid@os.amperecomputing.commailto:abdulhamid@os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org>; tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org>; U-Boot Mailing List <u-boot@lists.denx.demailto:u-boot@lists.denx.de>; Paul Isaac's <paul.isaacs@linaro.orgmailto:paul.isaacs@linaro.org>; Ron Minnich <rminnich@google.commailto:rminnich@google.com> Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
Just want to point out that TF-A currently already supports a (very simple) mechanism like this:
https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+... https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+... https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+...
It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31.
I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once.
On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> wrote: Hi Harb,
On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS <abdulhamid@os.amperecomputing.commailto:abdulhamid@os.amperecomputing.com> wrote:
Hello Folks,
Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. đ
I try to address the comments/feedback from Francois and Simon belowâŠ.
@François Ozogmailto:francois.ozog@linaro.org â happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT.
Note that Iâm using the term âHOBâ here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases.
The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoCâs that support *any* BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity â e.g. an ODM/OEM).
Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model:
1. âSoCâ or âsiliconâ firmware â in TF-A this may map to BL1, BL2, BL31, and *possibly* one or more BL32 instances 2. âPlatformâ or âboardâ firmware â in TF-A this may map to BL33 and *possibly* one or more BL32 instances.
Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code.
To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software.
I understand the versatility of DT, but I see two major problems with DT:
* DT requires more complicated parsing to get properties, and even more complex to dynamically set properties â this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained. * DT is probably overkill for this purpose â We really just want a list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob)
I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs).
Frankly, I would personally push back pretty hard on defining SMCâs for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls.
Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call.
@Simon Glassmailto:sjg@chromium.org - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a good baseline for what we may be looking for.
That being said, I would say that there is some benefit in having some kind of unique identifiers (e.g. UUID or some unique signature) so that we can tie standardized data structures (based on some future TBD specs) to a particular ID. For example, if the TPM driver in BL33 is looking for the TPM structure in the HOB/BOB list, and may not care about the other data blobs. The driver needs a way to identify and locate the blob it cares about.
The tag is intended to serve that purpose, although perhaps it should switch from an auto-allocating enum to one with explicit values for each entry and a range for 'local' use.
I guess we can achieve this with the tag, but the problem with tag when you have eco-system with a lot of parties doing parallel development, you can end up with tag collisions and folks fighting about who has rights to what tag values. We would need some official process for folks to register tags for whatever new structures we define, or maybe some tag range for vendor specific structures. This comes with a lot of pain and bureaucracy. On the other hand, UUID has been a proven way to make it easy to just define your own blobs with *either* standard or vendor specific structures without worry of ID collisions between vendors.
True. I think the pain is overstated, though. In this case I think we actually want something that can be shared between projects and orgs, so some amount of coordination could be considered a benefit. It could just be a github pull request. I find the UUID unfriendly and not just to code size and eyesight! Trying to discover what GUIDs mean or are valid is quite tricky. E.g. see this code:
#define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55) (etc.)
static struct guid_name { efi_guid_t guid; const char *name; } guid_name[] = { { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, (never figured out what those two are)
{ FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, { {}, "zero-guid" }, {} };
static const char *guid_to_name(const efi_guid_t *guid) { struct guid_name *entry;
for (entry = guid_name; entry->name; entry++) { if (!guidcmp(guid, &entry->guid)) return entry->name; }
return NULL; }
Believe it or not it took a fair bit of effort to find just that small list, with nearly every one in a separate doc, from memory.
We can probably debate whether there is any value in GUID/UUID or not during the call⊠but again, boblist seems like a reasonable starting point as an alternative to HOB.
Indeed. There is certainly value in both approaches.
Regards, Simon
Thanks,
--Harb
From: François Ozog <francois.ozog@linaro.orgmailto:francois.ozog@linaro.org> Sent: Tuesday, March 23, 2021 10:00 AM To: François Ozog <francois.ozog@linaro.orgmailto:francois.ozog@linaro.org>; Ron Minnich <rminnich@google.commailto:rminnich@google.com>; Paul Isaac's <paul.isaacs@linaro.orgmailto:paul.isaacs@linaro.org> Cc: Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org>; Harb Abdulhamid OS <abdulhamid@os.amperecomputing.commailto:abdulhamid@os.amperecomputing.com>; Boot Architecture Mailman List <boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org>; tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
+Ron Minnichmailto:rminnich@google.com +Paul Isaac'smailto:paul.isaacs@linaro.org
Adding Ron and Paul because I think this interface should be also benefiting LinuxBoot efforts.
On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> wrote:
Hi,
I propose we cover the topic at the next Trusted Substratehttps://collaborate.linaro.org/display/TS/Trusted+Substrate+Home zoom callhttps://linaro-org.zoom.us/j/94563644892 on April 8th 4pm CET.
The agenda:
ABI between non-secure firmware and the rest of firmware (EL3, S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions.
runtime conditions here relates to DRAM size and topology detection, secure DRAM memory carvings, PSCI and SCMI interface publishing.
For additional background on existing metadata: UEFI Platform Initialization Specification Version 1.7https://uefi.org/sites/default/files/resources/PI_Spec_1_7_final_Jan_2019.pdf, 5.5 Resource Descriptor HOB
Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY.
This HOB lacks memory NUMA attachment or something that could be related to fill SRAT table for ACPI or relevant DT proximity domains.
HOB is not consistent accros platforms: some platforms (Arm) lists memory from the booting NUMA node, other platforms (x86) lists all memory from all NUMA nodes. (At least this is the case on the two platforms I tested).
There are two proposals to use memory structures from SPL/BLx up to the handover function (as defined in the Device Tree technical reporthttps://docs.google.com/document/d/1CLkhLRaz_zcCq44DLGmPZQFPbYHOC6nzPowaL0XmRk0/edit?usp=sharing) which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or EDK2.
I would propose we also discuss possibility of FF-A interface to actually query information or request actions to be done (this is a model actually used in some SoCs with proprietary SMC calls).
Requirements (to be validated):
- ACPI and DT hardware descriptions.
- agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2)
- agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2, TF-A/LinuxBoot)
- at least allows complete DRAM description and "persistent" usage (reserved areas for secure world or other usages)
- support secure world device assignment
Cheers
FF
On Mon, 22 Mar 2021 at 19:56, Simon Glass <sjg@chromium.orgmailto:sjg@chromium.org> wrote:
Hi,
Can I suggest using bloblist for this instead? It is lightweight, easier to parse, doesn't have GUIDs and is already used within U-Boot for passing info between SPL/U-Boot, etc.
Docs here: https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist Header file describes the format: https://github.com/u-boot/u-boot/blob/master/include/bloblist.h
Full set of unit tests: https://github.com/u-boot/u-boot/blob/master/test/bloblist.c
Regards, Simon
On Mon, 22 Mar 2021 at 23:58, François Ozog <francois.ozog@linaro.orgmailto:francois.ozog@linaro.org> wrote:
+Boot Architecture Mailman List <boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org>
standardization is very much welcomed here and need to accommodate a very diverse set of situations. For example, TEE OS may need to pass memory reservations to BL33 or "capture" a device for the secure world.
I have observed a number of architectures:
- pass information from BLx to BLy in the form of a specific object
- BLx called by BLy by a platform specific SMC to get information
- BLx called by BLy by a platform specific SMC to perform Device Tree
fixups
I also imagined a standardized "broadcast" FF-A call so that any firmware element can either provide information or "do something".
My understanding of your proposal is about standardizing on architecture 1) with the HOB format.
The advantage of the HOB is simplicity but it may be difficult to implement schemes such as pruning a DT because device assignment in the secure world.
In any case, it looks feasible to have TF-A and OP-TEE complement the list of HOBs to pass information downstream (the bootflow).
It would be good to start with building the comprehensive list of information that need to be conveyed between firmware elements:
information. | authoritative entity | reporting entity | information exchanged: dram | TFA | TFA | <format to be detailed, NUMA topology to build the SRAT table or DT equivalent?> PSCI | SCP | TFA? | SCMI | SCP or TEE-OS | TFA? TEE-OS?| secure SRAM | TFA. | TFA. | secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | other? | | |
Cheers
FF
On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> wrote:
Hello Folks,
I'm emailing to start an open discussion about the adoption of a concept known as "hand-off blocks" or HOB to become a part of the TF-A Firmware Framework Architecture (FFA). This is something that is a pretty major pain point when it comes to the adoption of TF-A in ARM Server SoCâs designed to enable a broad range of highly configurable datacenter platforms.
What is a HOB (Background)?
UEFI PI spec describes a particular definition for how HOB may be used for transitioning between the PEI and DXE boot phases, which is a good reference point for this discussion, but not necessarily the exact solution appropriate for TF-A.
A HOB is simply a dynamically generated data structure passed in between two boot phases. This is information that was obtained through discovery and needs to be passed forward to the next boot phase *once*, with no API needed to call back (e.g. no call back into previous firmware phase is needed to fetch this information at run-time - it is simply passed one time during boot).
There may be one or more HOBs passed in between boot phases. If there are more than one HOB that needs to be passed, this can be in a form of a "HOB table", which (for example) could be a UUID indexed array of pointers to HOB structures, used to locate a HOB of interest (based on UUID). In such cases, instead of passing a single HOB, the boot phases may rely on passing the pointer to the HOB table.
This has been extremely useful concept to employ on highly configurable systems that must rely on flexible discovery mechanisms to initialize and boot the system. This is especially helpful when you have multiple
Why do we need HOBs in TF-A?:
It is desirable that EL3 firmware (e.g. TF-A) built for ARM Server SoC in a way that is SoC specific *but* platform agnostic. This means that a single ARM SoC that a SiP may deliver to customers may provide a single TF-A binary (e.g. BL1, BL2, BL31) that could be used to support a broad range of platform designs and configurations in order to boot a platform specific firmware (e.g. BL33 and possibly even BL32 code). In order to achieve this, the platform configuration must be *discovered* instead of statically compiled as it is today in TF-A via device tree based enumeration. The mechanisms of discovery may differ broadly depending on the relevant industry standard, or in some cases may have rely on SiP specific discovery flows.
For example: On server systems that support a broad range DIMM memory population/topologies, all the necessary information required to boot is fully discovered via standard JEDEC Serial Presence Detect (SPD) over an I2C bus. Leveraging the SPD bus, may platform variants could be supported with a single TF-A binary. Not only is this information required to initialize memory in early boot phases (e.g. BL2), the subsequent boot phases will also need this SPD info to construct a system physical address map and properly initialize the MMU based on the memory present, and where the memory may be present. Subsequent boot phases (e.g. BL33 / UEFI) may need to generate standard firmware tables to the operating systems, such as SMBIOS tables describing DIMM topology and various ACPI tables (e.g. SLIT, SRAT, even NFIT if NVDIMM's are present).
In short, it all starts with a standardized or vendor specific discovery flow in an early boot stage (e.g. BL1/BL2), followed by the passing of information to the next boot stages (e.g. BL31/BL32/BL33).
Today, every HOB may be a vendor specific structure, but in the future there may be benefit of defining standard HOBs. This may be useful for memory discovery, passing the system physical address map, enabling TPM measured boot, and potentially many other common HOB use-cases.
It would be extremely beneficial to the datacenter market segment if the TF-A community would adopt this concept of information passing between all boot phases as opposed to rely solely on device tree enumeration. This is not intended to replace device tree, rather intended as an alternative way to describe the info that must be discovered and dynamically generated.
Conclusion:
We are proposing that the TF-A community begin pursuing the adoption of HOBs as a mechanism used for information exchange between each boot stage (e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer term we want to explore standardizing some HOB structures for the BL33 phase (e.g. UEFI HOB structures), but initially would like to agree on this being a useful mechanism used to pass information between each boot stage.
Thanks,
--Harb
-- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
-- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.orgmailto:boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture
--
[https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&...]
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog
-- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
--
[https://drive.google.com/a/linaro.org/uc?id=0BxTAygkus3RgQVhuNHMwUi1mYWc&...]
François-Frédéric Ozog | Director Linaro Edge & Fog Computing Group
T: +33.67221.6485 francois.ozog@linaro.orgmailto:francois.ozog@linaro.org | Skype: ffozog
-- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hi Harb,
On Fri, 9 Apr 2021 at 05:24, Harb Abdulhamid OS < abdulhamid@os.amperecomputing.com> wrote:
Manish, Simon,
- The U-boot bloblist mentioned by Simon is conceptually similar to
what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations.
Honestly, âconceptually similarâ is not good enough and feels like a frustratingly dismissive response to the concerns we are raising. The whole point of starting this thread is because we **know** the existing TF-A mechanisms donât work for the datacenter market segment for various reasons that we called out below.
We have a specific set of requirements that the existing framework does not really meet. And that was not for a lack of trying after many years of trying to make TF-A framework work on ARMv8 Server SoCâs.
- Regarding usage of either UUID or tag, I echo the sentiments of
Simon and Julius to keep it simple and use tag values.
I think you might be misunderstanding the problem UUIDs solve. We are talking about implementing early BL phases (BL1 â BL31) that can support a broad range of BL33 flavors with the same silicon (EDK2, AptioV, CoreBoot, LinuxBoot, or other future boot loaders).
These structures we are talking about may not be defined by the SiP, and just saying we have SiP specific tags is not good enough.
These maybe many different structures that we need to pass from BL1/BL2/BL31 to BL33 that could be defined by one of many different standards bodies (e.g. ARM, JEDEC, TCG, UEFI, PCI SIG, CXL, etc.).
If we use tags, then we must agree on who owns/dictates the tag list, and how we add/claim tags for vendor specific purposes and avoid tag collisions.
I have not heard a solution to that without establishing some owner / standards body to allocate tags. Until we do, tags are not going to work for the types of platform/system agnostic features we must support.
We canât just hand-wave this problem away, because it is a real and major problem that exists on highly configurable systems.
Is this really the only problem? I think that is easy to solve with a github repo containing some documentation and a few owners. How do you solve the opposite problem with UUID, that of not knowing what the UUID is supposed to mean? You still need to put it somewhere and agree on the values, don't you? How about for this project we come up with a list of UUIDs in existence, and allocate them a number?
Here are a few thoughts on UUIDs. Why a UUID/GUID is probably not the answer
sjg, 30-Mar-21 Code is for humans
Code should be readable, so far as possible.
This is not readable:
#define FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID \
EFI_GUID(0x6dadf1d1, 0xd4cc, 0x4910, \
0xbb, 0x6e, 0x82, 0xb1, 0xfd, 0x80, 0xff, 0x3d)
This is readable:
enum {
BLOBLISTT_SPL_HANDOFF = 123,
}; UUID is more like a hash than a sequence number
-
we use them with git -
although the short form is provided -
why use a hash to identify something?
Yes, distributed allocation is useful...
-
But not that useful -
We have ways to shared IDs, e.g. a github pull request -
It should not define the entire approach
...but it comes across as just obfuscation
-
How can anyone tell what this value is in a debugger, or in memory, etc.?
#define FSP_NON_VOLATILE_STORAGE_HOB_GUID
0x721acf02, 0x4d77, 0x4c2a, 0xb3, 0xdc, 0x27, 0x0b, 0x7b, 0xa9, 0xe4, 0xb0)
#define FSP_VARIABLE_NV_DATA_HOB_GUID
EFI_GUID(0xa034147d, 0x690c, 0x4154, 0x8d, 0xe6, 0xc0, 0x44, 0x64, 0x1d, 0xe9, 0x42)
#define FSP_BOOTLOADER_TEMP_MEM_HOB_GUID
EFI_GUID(0xbbcff46c, 0xc8d3, 0x4113, 0x89, 0x85, 0xb9, 0xd4, 0xf3, 0xb3, 0xf6, 0x4e)
#define FSP_HOB_RESOURCE_OWNER_FSP_GUID
EFI_GUID(0x69a79759, 0x1373, 0x4367, 0xa6, 0xc4, 0xc7, 0xf5, 0x9e, 0xfd, 0x98, 0x6e)
#define FSP_HOB_RESOURCE_OWNER_TSEG_GUID
EFI_GUID(0xd038747c, 0xd00c, 0x4980, 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55)
#define FSP_HOB_RESOURCE_OWNER_GRAPHICS_GUID
EFI_GUID(0x9c7c3aa7, 0x5332, 0x4917, 0x82, 0xb9, 0x56, 0xa5, 0xf3, 0xe6, 0x2a, 0x07)
-
Not discoverable
-
I found this UUID in the code; what does it mean? -
Who even owns it? -
There is no central register so we don't know -
More obfuscation
Inefficient and overkill
We don't need or want 16 bytes for a unique identifier in a shared project. It is about 10^38. Modern SoCs cannot keep that in a register and there is no C int type to represent it on most common hardware todayl Having to check that adds time and code to no benefit. In early boot, space and time are particularly precious. Value has no intrinsic meaning and is hard to lookup
Each one of these entries is 16 bytes long. At least people might get to learn an int value (16d or 6fe) but a UUID remains gibberish even after looking at them for quite a while.
-
static struct guid_name { -
efi_guid_t guid; -
const char *name; -
} guid_name[] = { -
{ FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, -
{ FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, -
{ FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, -
{ FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, -
{ FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, -
{ FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, -
{ FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, -
{ FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" }, -
{ FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, -
{ FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, -
{ FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, -
{ {}, "zero-guid" }, -
{} -
}; - -
static const char *guid_to_name(const efi_guid_t *guid) -
{ -
struct guid_name *entry; - -
for (entry = guid_name; entry->name; entry++) { -
if (!guidcmp(guid, &entry->guid)) -
return entry->name; -
} - -
return NULL; -
}
What is a GUID?
-
Is it the same as a UUID? -
Endianness? -
https://stackoverflow.com/questions/246930/is-there-any-difference-between-a...
Regards, Simon
- Looking forward to having further discussions on zoom call today.
Looks like there was a mix up on the zoom call time⊠so look forward to the follow up.
Hopefully we can try to sort things out at the next opportunity.
Thanks,
--Harb
*From:* Manish Pandey2 Manish.Pandey2@arm.com *Sent:* Thursday, April 8, 2021 7:56 AM *To:* Simon Glass sjg@chromium.org; Julius Werner jwerner@chromium.org *Cc:* Harb Abdulhamid OS abdulhamid@os.amperecomputing.com; Boot Architecture Mailman List boot-architecture@lists.linaro.org; tf-a@lists.trustedfirmware.org; U-Boot Mailing List u-boot@lists.denx.de; Paul Isaac's paul.isaacs@linaro.org; Ron Minnich rminnich@google.com *Subject:* Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
Hi,
From TF-A project point of view, we prefer to use existing mechanism to pass parameters across boot stages using linked list of tagged elements (as suggested by Julius). It has support for both generic and SiP-specific tags. Having said that, it does not stop partners to introduce new mechanisms suitable for their usecase in platform port initially and later move to generic code if its suitable for other platforms.
To start with, Ampere can introduce a platform specific implementation of memory tag(speed/NUMA topology etc) which can be evaluated and discussed for generalization in future. The tag will be populated in BL2 stage and can be forwarded to further stages(and to BL33) by passing the head of list pointer in one of the registers. Initially any register can be used but going forward a standardization will be needed.
The U-boot bloblist mentioned by Simon is conceptually similar to what TF-A is using, if there is consensus of using bloblist/taglist then TF-A tag list may be enhanced to take best of both the implementations.
One of the potential problems of having structure used in different projects is maintainability, this can be avoided by having a single copy of these structures in TF-A (kept inside "include/export" which intended to be used by other projects.)
Regarding usage of either UUID or tag, I echo the sentiments of Simon and Julius to keep it simple and use tag values.
Looking forward to having further discussions on zoom call today.
Thanks
Manish P
*From:* TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Julius Werner via TF-A tf-a@lists.trustedfirmware.org *Sent:* 25 March 2021 02:43 *To:* Simon Glass sjg@chromium.org *Cc:* Harb Abdulhamid OS abdulhamid@os.amperecomputing.com; Boot Architecture Mailman List boot-architecture@lists.linaro.org; tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org; U-Boot Mailing List u-boot@lists.denx.de; Paul Isaac's paul.isaacs@linaro.org; Ron Minnich rminnich@google.com *Subject:* Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
Just want to point out that TF-A currently already supports a (very simple) mechanism like this:
https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+...
https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+...
https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+...
It's just a linked list of tagged elements. The tag space is split into TF-A-wide generic tags and SiP-specific tags (with plenty of room to spare if more areas need to be defined -- a 64-bit tag can fit a lot). This is currently being used by some platforms that run coreboot in place of BL1/BL2, to pass information from coreboot (BL2) to BL31.
I would echo Simon's sentiment of keeping this as simple as possible and avoiding complicated and bloated data structures with UUIDs. You usually want to parse something like this as early as possible in the passed-to firmware stage, particularly if the structure encodes information about the debug console (like it does for the platforms I mentioned above). For example, in BL31 this basically means doing it right after moving from assembly to C in bl31_early_platform_setup2() to get the console up before running anything else. At that point in the BL31 initialization, the MMU and caches are disabled, so data accesses are pretty expensive and you don't want to spend a lot of parsing effort or calculate complicated checksums or the like. You just want something extremely simple where you ideally have to touch every data word only once.
On Wed, Mar 24, 2021 at 5:06 PM Simon Glass via TF-A < tf-a@lists.trustedfirmware.org> wrote:
Hi Harb,
On Wed, 24 Mar 2021 at 11:39, Harb Abdulhamid OS < abdulhamid@os.amperecomputing.com> wrote:
Hello Folks,
Appreciate the feedback and replies on this. Glad to see that there is interest in this topic. đ
I try to address the comments/feedback from Francois and Simon belowâŠ.
@François Ozog francois.ozog@linaro.org â happy to discuss this on a zoom call. I will make that time slot work, and will be available to attend April 8, 4pm CT.
Note that Iâm using the term âHOBâ here more generically, as there are typically vendor specific structures beyond the resource descriptor HOB, which provides only a small subset of the information that needs to be passed between the boot phases.
The whole point here is to provide mechanism to develop firmware that we can build ARM Server SoCâs that support **any** BL33 payload (e.g. EDK2, AptioV, CoreBoot, and maybe even directly boot strapping LinuxBoot at some point). In other-words, we are trying to come up with a TF-A that would be completely agnostic to the implementation of BL33 (i.e. BL33 is built completely independently by a separate entity â e.g. an ODM/OEM).
Keep in mind, in the server/datacenter market segment we are not building vertically integrated systems with a single entity compiling firmware/software stacks like most folks in TF-A have become use to. There are two categories of higher level firmware code blobs in the server/datacenter model:
- âSoCâ or âsiliconâ firmware â in TF-A this may map to BL1, BL2,
BL31, and **possibly** one or more BL32 instances 2. âPlatformâ or âboardâ firmware â in TF-A this may map to BL33 and * *possibly** one or more BL32 instances.
Even the platform firmware stack could be further fragmented by having multiple entities involved in delivering the entire firmware stack: IBVs, ODMs, OEMs, CSPs, and possibly even device vendor code.
To support a broad range of platform designs with a broad range of memory devices, we need a crisp and clear contract between the SoC firmware that initializes memory (e.g. BL2) and how that platform boot firmware (e.g. BL33) gathers information about what memory that was initialized, at what speeds, NUMA topology, and many other relevant information that needs to be known and comprehended by the platform firmware and eventually by the platform software.
I understand the versatility of DT, but I see two major problems with DT:
- DT requires more complicated parsing to get properties, and even
more complex to dynamically set properties â this HOB structures may need to be generated in boot phases where DDR is not available, and therefore we will be extremely memory constrained.
- DT is probably overkill for this purpose â We really just want a
list of pointers to simple C structures that code cast (e.g. JEDEC SPD data blob)
I think that we should not mix the efforts around DT/ACPI specs with what we are doing here, because those specs and concepts were developed for a completely different purpose (i.e. abstractions needed for OS / RTOS software, and not necessarily suitable for firmware-to-firmware hand-offs).
Frankly, I would personally push back pretty hard on defining SMCâs for something that should be one way information passing. Every SMC we add is another attack vector to the secure world and an increased burden on the folks that have to do security auditing and threat analysis. I see no benefit in exposing these boot/HOB/BOB structures at run-time via SMC calls.
Please do let me know if you disagree and why. Look forward to discussing on this thread or on the call.
@Simon Glass sjg@chromium.org - Thanks for the pointer to bloblist. I briefly reviewed and it seems like a good baseline for what we may be looking for.
That being said, I would say that there is some benefit in having some kind of unique identifiers (e.g. UUID or some unique signature) so that we can tie standardized data structures (based on some future TBD specs) to a particular ID. For example, if the TPM driver in BL33 is looking for the TPM structure in the HOB/BOB list, and may not care about the other data blobs. The driver needs a way to identify and locate the blob it cares about.
The tag is intended to serve that purpose, although perhaps it should switch from an auto-allocating enum to one with explicit values for each entry and a range for 'local' use.
I guess we can achieve this with the tag, but the problem with tag when you have eco-system with a lot of parties doing parallel development, you can end up with tag collisions and folks fighting about who has rights to what tag values. We would need some official process for folks to register tags for whatever new structures we define, or maybe some tag range for vendor specific structures. This comes with a lot of pain and bureaucracy. On the other hand, UUID has been a proven way to make it easy to just define your own blobs with **either** standard or vendor specific structures without worry of ID collisions between vendors.
True. I think the pain is overstated, though. In this case I think we actually want something that can be shared between projects and orgs, so some amount of coordination could be considered a benefit. It could just be a github pull request. I find the UUID unfriendly and not just to code size and eyesight! Trying to discover what GUIDs mean or are valid is quite tricky. E.g. see this code:
#define FSP_HOB_RESOURCE_OWNER_TSEG_GUID \ EFI_GUID(0xd038747c, 0xd00c, 0x4980, \ 0xb3, 0x19, 0x49, 0x01, 0x99, 0xa4, 0x7d, 0x55)
(etc.)
static struct guid_name { efi_guid_t guid; const char *name; } guid_name[] = { { FSP_HOB_RESOURCE_OWNER_TSEG_GUID, "TSEG" }, { FSP_HOB_RESOURCE_OWNER_FSP_GUID, "FSP" }, { FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID, "SMM PEI SMRAM" }, { FSP_NON_VOLATILE_STORAGE_HOB_GUID, "NVS" }, { FSP_VARIABLE_NV_DATA_HOB_GUID, "Variable NVS" }, { FSP_GRAPHICS_INFO_HOB_GUID, "Graphics info" }, { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID1, "PCD database ea" }, { FSP_HOB_RESOURCE_OWNER_PCD_DATABASE_GUID2, "PCD database 9b" },
(never figured out what those two are)
{ FSP_HOB_RESOURCE_OWNER_PEIM_DXE_GUID, "PEIM Init DXE" }, { FSP_HOB_RESOURCE_OWNER_ALLOC_STACK_GUID, "Alloc stack" }, { FSP_HOB_RESOURCE_OWNER_SMBIOS_MEMORY_GUID, "SMBIOS memory" }, { {}, "zero-guid" }, {} };
static const char *guid_to_name(const efi_guid_t *guid) { struct guid_name *entry;
for (entry = guid_name; entry->name; entry++) { if (!guidcmp(guid, &entry->guid)) return entry->name; }
return NULL; }
Believe it or not it took a fair bit of effort to find just that small list, with nearly every one in a separate doc, from memory.
We can probably debate whether there is any value in GUID/UUID or not during the call⊠but again, boblist seems like a reasonable starting point as an alternative to HOB.
Indeed. There is certainly value in both approaches.
Regards,
Simon
Thanks,
--Harb
*From:* François Ozog francois.ozog@linaro.org *Sent:* Tuesday, March 23, 2021 10:00 AM *To:* François Ozog francois.ozog@linaro.org; Ron Minnich < rminnich@google.com>; Paul Isaac's paul.isaacs@linaro.org *Cc:* Simon Glass sjg@chromium.org; Harb Abdulhamid OS < abdulhamid@os.amperecomputing.com>; Boot Architecture Mailman List < boot-architecture@lists.linaro.org>; tf-a@lists.trustedfirmware.org *Subject:* Re: [TF-A] Proposal: TF-A to adopt hand-off blocks (HOBs) for information passing between boot stages
+Ron Minnich rminnich@google.com +Paul Isaac's paul.isaacs@linaro.org
Adding Ron and Paul because I think this interface should be also benefiting LinuxBoot efforts.
On Tue, 23 Mar 2021 at 11:17, François Ozog via TF-A < tf-a@lists.trustedfirmware.org> wrote:
Hi,
I propose we cover the topic at the next Trusted Substrate https://collaborate.linaro.org/display/TS/Trusted+Substrate+Home zoom call https://linaro-org.zoom.us/j/94563644892 on April 8th 4pm CET.
The agenda:
ABI between non-secure firmware and the rest of firmware (EL3, S-EL1, S-EL2, SCP) to adapt hardware description to some runtime conditions.
runtime conditions here relates to DRAM size and topology detection, secure DRAM memory carvings, PSCI and SCMI interface publishing.
For additional background on existing metadata: UEFI Platform Initialization Specification Version 1.7 https://uefi.org/sites/default/files/resources/PI_Spec_1_7_final_Jan_2019.pdf , 5.5 Resource Descriptor HOB
Out of the ResourceType we care about is EFI_RESOURCE_SYSTEM_MEMORY.
This HOB lacks memory NUMA attachment or something that could be related to fill SRAT table for ACPI or relevant DT proximity domains.
HOB is not consistent accros platforms: some platforms (Arm) lists memory from the booting NUMA node, other platforms (x86) lists all memory from all NUMA nodes. (At least this is the case on the two platforms I tested).
There are two proposals to use memory structures from SPL/BLx up to the handover function (as defined in the Device Tree technical report https://docs.google.com/document/d/1CLkhLRaz_zcCq44DLGmPZQFPbYHOC6nzPowaL0XmRk0/edit?usp=sharing) which can be U-boot (BL33 or just U-Boot in case of SPL/U-Boot scheme) or EDK2.
I would propose we also discuss possibility of FF-A interface to actually query information or request actions to be done (this is a model actually used in some SoCs with proprietary SMC calls).
Requirements (to be validated):
ACPI and DT hardware descriptions.
agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2)
agnostic to boot framework (SPL/U-Boot, TF-A/U-Boot, TF-A/EDK2,
TF-A/LinuxBoot)
- at least allows complete DRAM description and "persistent" usage
(reserved areas for secure world or other usages)
- support secure world device assignment
Cheers
FF
On Mon, 22 Mar 2021 at 19:56, Simon Glass sjg@chromium.org wrote:
Hi,
Can I suggest using bloblist for this instead? It is lightweight, easier to parse, doesn't have GUIDs and is already used within U-Boot for passing info between SPL/U-Boot, etc.
Docs here: https://github.com/u-boot/u-boot/blob/master/doc/README.bloblist Header file describes the format: https://github.com/u-boot/u-boot/blob/master/include/bloblist.h
Full set of unit tests: https://github.com/u-boot/u-boot/blob/master/test/bloblist.c
Regards, Simon
On Mon, 22 Mar 2021 at 23:58, François Ozog francois.ozog@linaro.org wrote:
+Boot Architecture Mailman List boot-architecture@lists.linaro.org
standardization is very much welcomed here and need to accommodate a very diverse set of situations. For example, TEE OS may need to pass memory reservations to BL33 or "capture" a device for the secure world.
I have observed a number of architectures:
- pass information from BLx to BLy in the form of a specific object
- BLx called by BLy by a platform specific SMC to get information
- BLx called by BLy by a platform specific SMC to perform Device Tree
fixups
I also imagined a standardized "broadcast" FF-A call so that any firmware element can either provide information or "do something".
My understanding of your proposal is about standardizing on architecture
with the HOB format.
The advantage of the HOB is simplicity but it may be difficult to
implement
schemes such as pruning a DT because device assignment in the secure
world.
In any case, it looks feasible to have TF-A and OP-TEE complement the
list
of HOBs to pass information downstream (the bootflow).
It would be good to start with building the comprehensive list of information that need to be conveyed between firmware elements:
information. | authoritative entity | reporting entity | information exchanged: dram | TFA | TFA | <format to be detailed, NUMA topology to build the SRAT table or DT equivalent?> PSCI | SCP | TFA? | SCMI | SCP or TEE-OS | TFA? TEE-OS?| secure SRAM | TFA. | TFA. | secure DRAM | TFA? TEE-OS? | TFA? TEE-OS? | other? | | |
Cheers
FF
On Mon, 22 Mar 2021 at 09:34, Harb Abdulhamid OS via TF-A < tf-a@lists.trustedfirmware.org> wrote:
Hello Folks,
I'm emailing to start an open discussion about the adoption of a
concept
known as "hand-off blocks" or HOB to become a part of the TF-A Firmware Framework Architecture (FFA). This is something that is a pretty major pain point when it comes to the adoption of TF-A in ARM Server SoCâs designed to enable a broad range of highly configurable datacenter platforms.
What is a HOB (Background)?
UEFI PI spec describes a particular definition for how HOB may be used
for
transitioning between the PEI and DXE boot phases, which is a good reference point for this discussion, but not necessarily the exact
solution
appropriate for TF-A.
A HOB is simply a dynamically generated data structure passed in
between
two boot phases. This is information that was obtained through
discovery
and needs to be passed forward to the next boot phase *once*, with no
API
needed to call back (e.g. no call back into previous firmware phase is needed to fetch this information at run-time - it is simply passed one
time
during boot).
There may be one or more HOBs passed in between boot phases. If there
are
more than one HOB that needs to be passed, this can be in a form of a
"HOB
table", which (for example) could be a UUID indexed array of pointers
to
HOB structures, used to locate a HOB of interest (based on UUID). In
such
cases, instead of passing a single HOB, the boot phases may rely on
passing
the pointer to the HOB table.
This has been extremely useful concept to employ on highly configurable systems that must rely on flexible discovery mechanisms to initialize
and
boot the system. This is especially helpful when you have multiple
Why do we need HOBs in TF-A?:
It is desirable that EL3 firmware (e.g. TF-A) built for ARM Server SoC
in
a way that is SoC specific *but* platform agnostic. This means that a single ARM SoC that a SiP may deliver to customers may provide a single TF-A binary (e.g. BL1, BL2, BL31) that could be used to support a broad range of platform designs and configurations in order to boot a
platform
specific firmware (e.g. BL33 and possibly even BL32 code). In order to achieve this, the platform configuration must be *discovered* instead
of
statically compiled as it is today in TF-A via device tree based enumeration. The mechanisms of discovery may differ broadly depending
on
the relevant industry standard, or in some cases may have rely on SiP specific discovery flows.
For example: On server systems that support a broad range DIMM memory population/topologies, all the necessary information required to boot
is
fully discovered via standard JEDEC Serial Presence Detect (SPD) over
an
I2C bus. Leveraging the SPD bus, may platform variants could be
supported
with a single TF-A binary. Not only is this information required to initialize memory in early boot phases (e.g. BL2), the subsequent boot phases will also need this SPD info to construct a system physical
address
map and properly initialize the MMU based on the memory present, and
where
the memory may be present. Subsequent boot phases (e.g. BL33 / UEFI)
may
need to generate standard firmware tables to the operating systems,
such as
SMBIOS tables describing DIMM topology and various ACPI tables (e.g.
SLIT,
SRAT, even NFIT if NVDIMM's are present).
In short, it all starts with a standardized or vendor specific
discovery
flow in an early boot stage (e.g. BL1/BL2), followed by the passing of information to the next boot stages (e.g. BL31/BL32/BL33).
Today, every HOB may be a vendor specific structure, but in the future there may be benefit of defining standard HOBs. This may be useful for memory discovery, passing the system physical address map, enabling TPM measured boot, and potentially many other common HOB use-cases.
It would be extremely beneficial to the datacenter market segment if
the
TF-A community would adopt this concept of information passing between
all
boot phases as opposed to rely solely on device tree enumeration.
This is
not intended to replace device tree, rather intended as an alternative
way
to describe the info that must be discovered and dynamically generated.
Conclusion:
We are proposing that the TF-A community begin pursuing the adoption of HOBs as a mechanism used for information exchange between each boot
stage
(e.g. BL1->BL2, BL2->BL31, BL31->BL32, and BL31->BL33)? Longer term we want to explore standardizing some HOB structures for the BL33 phase
(e.g.
UEFI HOB structures), but initially would like to agree on this being a useful mechanism used to pass information between each boot stage.
Thanks,
--Harb
-- TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
-- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog@linaro.org | Skype: ffozog _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture
--
*François-Frédéric Ozog* | *Director Linaro Edge & Fog Computing Group*
T: +33.67221.6485 francois.ozog@linaro.org | Skype: ffozog
-- TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
--
*François-Frédéric Ozog* | *Director Linaro Edge & Fog Computing Group*
T: +33.67221.6485 francois.ozog@linaro.org | Skype: ffozog
-- TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
From: Simon Glass sjg@chromium.org Date: Fri, 9 Apr 2021 06:19:08 +1200
Here are a few thoughts on UUIDs. Why a UUID/GUID is probably not the answer
sjg, 30-Mar-21 Code is for humans
Code should be readable, so far as possible.
This is not readable:
#define FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID \
EFI_GUID(0x6dadf1d1, 0xd4cc, 0x4910, \
0xbb, 0x6e, 0x82, 0xb1, 0xfd, 0x80, 0xff, 0x3d)
This is readable:
enum {
BLOBLISTT_SPL_HANDOFF = 123,
}; UUID is more like a hash than a sequence number
No kidding. Try figuring out what an ACPI ASL methods like _DSM and _OSC are supposed to do when trying to figure out what the code is supposed to do.
They're terrible to grep for in source code since there is no uniform way to format them in the code.
And then there is the issue of byte order of course.
Hi,
I promised to send my summary of Trusted Substrate architecture council call on HOBs, here it is:
Topics where there seem to be consensus
- Scope include diverse firmware flows (U-Boot/SPL, TFA, CoreBootâŠ) on difference architectures (Arm, RiscV) - Definitions: The Hand Over Function is the firmware component that hands off to the booted payload = {OS/Hypervisor/Grub/Shim}. - Hand Over Function can be EDK2, U-Boot or LinuxBoot. - The HOF, through ACPI or DT is responsible to describe what shall be controlled and partly how (some parameters) - *There is information that can only be discovered at runtime and needs to be conveyed through the HOF to the booted payload.*
- The proposal is to convey that dynamic information in the form of HandOverBlocks (HOBs) whose format is yet to be defined and built as a linked list of objects. The other proposal to use call backs (mmc calls or equivalent) from HOF to firmware is rejected. In Arm architecture, that choice does not preclude some firmware components to use SCMI calls into SCP to obtain authoritative information.
- The firmware components shall not care about what is the actual HOF:the format is standard regardless if HOF is EDK2, U-Boot or LinuxBoot. In TF-A words, the HOBs become part of the input ABI for BL33.
Characteristics to consider about HOBs:
- HOBs can be built by very early components and must fit into highly constrained SRAM - A HOB may be passed between different firmware components, secure and non-secure. - A HOB can be built by secure and non-secure firmware components - An information can have a single format: no alternative representation is allowed. In other words if the information is passed as a data structure it cannot be represented by a DT fragment by another implementation and conversely.
Topics that need more discussion
- HOBs need a way to be identified: UUID, ID, hybrid (like Platform Initialization).
*My views: the hybrid allows constraints firmware components to be using simple IDs and richer components may want leverage UUIDs (same as Platform Initialization).*
- HOB format: binary information; just static structure or flatten device tree fragments/overlays.
*My views: again hybrid approach seem very efficient. Static structures for memory information, DT fragment for device assignment (for non-secure partitions or for secure world / secure partitions). Typically I would imagine a UUID HOB with a DT fragment seems just good. This is actually implemented like that with Platform Initialization:*
*HOBs are identified by a simple ID, out of IDs are EFI_HOB_RESOURCE_DESCRIPTOR for DRAM description and EFI_HOB_GUID_TYPE that contains something identified by a GUID. There is a GUID used in the context of EDK2 to actually contain a DT fragment today.*
Cheers
FF
On Mon, 12 Apr 2021 at 16:49, Mark Kettenis mark.kettenis@xs4all.nl wrote:
From: Simon Glass sjg@chromium.org Date: Fri, 9 Apr 2021 06:19:08 +1200
Here are a few thoughts on UUIDs. Why a UUID/GUID is probably not the answer
sjg, 30-Mar-21 Code is for humans
Code should be readable, so far as possible.
This is not readable:
#define FSP_HOB_RESOURCE_OWNER_SMM_PEI_SMRAM_GUID \
EFI_GUID(0x6dadf1d1, 0xd4cc, 0x4910, \
0xbb, 0x6e, 0x82, 0xb1, 0xfd, 0x80, 0xff, 0x3d)
This is readable:
enum {
BLOBLISTT_SPL_HANDOFF = 123,
}; UUID is more like a hash than a sequence number
No kidding. Try figuring out what an ACPI ASL methods like _DSM and _OSC are supposed to do when trying to figure out what the code is supposed to do.
They're terrible to grep for in source code since there is no uniform way to format them in the code.
And then there is the issue of byte order of course. _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture
These structures we are talking about may not be defined by the SiP, and
just saying we have SiP specific tags is not good enough.
There is enough room in 64-bits to create separate tag spaces for every kind of category you can think of. (In fact, we could also just let every vendor allocate their globally unique tags instead if we prefer that model. We're not going to have more than 4 billion entities working on this together, and none of them will need more than 4 billion types of tags.)
If we use tags, then we must agree on who owns/dictates the tag list, and how we add/claim tags for vendor specific purposes and avoid tag collisions.
I have not heard a solution to that without establishing some owner / standards body to allocate tags. Until we do, tags are not going to work for the types of platform/system agnostic features we must support.
Why not just define the tags in the TF-A upstream repository? Like Simon said, TF-A needs to maintain a list of them anyway to be able to interpret them, so why not just make that list the global authoritative source? This doesn't need to be some complicated bureaucracy. The TF-A headers defining this are written in a way that they can directly be included from other C code bases without include dependency issues (e.g. as a Git submodule, or by just copying them verbatim and resyncing regularly... this is the include/export thing Manish mentioned). I think that model actually makes coordination much easier than if a bunch of different projects needed to manually reimplement the same structure definitions tied to UUIDs.
tf-a@lists.trustedfirmware.org