Tuesday, April 26, 2016

Open source platforms, FSP consumers, FSP producers, and STM updates

You've seen in the past when I have talked about Intel Firmware Support Package (FSP), hearkening back to 2014 [1][2]. There are 2 parts to FSP - the Consumer or use of the FSP in a platform, and the production or creation of an FSP binary.  We'll review examples of each in turn below, in addition to some updates since the 2015 IDF prezo.

By the way, some of these items were also posted to [22] but the latest posting seems to have disappeared.  As such, if you've already read some of this from that site, feel free to skip over the duplicate material.

FSP Consumer
We're posting an updated platform using the 1.1 FSP [3][4]. This tree moves beyond the Baytrail work in [2] and includes Braswell [5]. A good overview of porting the tree is provided, too [6]. This shows some of the best practices on building EDKII on top of FSP. Specifically, the only macrocode binary is in the Intel FSP, with the rest of the EDKII code to provide the core UEFI & PI services, along with the platform initialization, in open source.

This is an important step to show how FSP + open source can be used to build a full solution, or EDKII can'Consume' an FSP binary. This provides parallel work-flows to things like a coreboot Braswell solution [13], for example, that also builds upon Intel FSP. Turing equivalence argues that it is all 'just code', so we want to show a few 'equivalences' here.

This is a work in progress that should eventually migrate to [11], but in the interim take a look and provide feedback on some of the code partitioning and design.

Speaking of coreboot, EDKII and FSP, my colleague Lee Leahy [23] and I are slated to talk at the upcoming coreboot conference [24]. We'll review the EDKII CorebootPayloadPkg [26] at [25].

FSP Producer
In addition to the Intel Atom based platform that consumes an Intel FSP binary from [12], there has been a lack of public demonstration of producing an Intel FSP, as described in [2]. This is by design in the sense that the Intel FSP encapsulates matter that does not have public documentation, thus cannot be open sourced. This poses the challenge of how to provide guidance on how to create an Intel FSP. This is where the Intel Quark EDKII code comes into play. Since the low-level silicon initialization, including memory initialization, is already open source, the project providesan opportunity to show how to create an Intel FSP [7]. Luckily we now have an early example of this in public view [8].
I look forward to future platforms that move beyond FSP 1.1, too [10]. And to that end, the FSP 2.0 specification is now live [27], along with the Boot Setting File (BSF) specification [28] that has been used in all of FSP 1.0, 1.1, and now 2.0.

Good stuff.

Speaking of good stuff, here are some updates following last year's IDF prezo [19], including the SMI Transfer Monitor (STM) mentioned at [14]. Specifically, you can now find the STM source code on a public repository [15]. In addition to the documents on the STM itself [21] and the original STM [20], there is also another virtualization technology shared in the repo that wasn't in [20] release, namely the DMA protection work described in [16] which can be found at [17]. This complements the host-based protection of the FRM [18] with some protection from I/O devices performing errant DMA transactions.

You'll hopefully observe a theme here of having more open source platform solutions, including protection technology. This is one way to engage with the community and reduce the barriers to providing robust, transparent platform solutions.

[1] Zimmer, "EDKII, FSP, and other topics", blog posting, September, 2014

[2] Zimmer, "Firmware Flexibility using Intel(R) Firmware Support Package," Intel Developer Forum,
September 2014

[3] Yao, et al, "A Tour Beyond BIOS Using the Intel(R) Firmware Support Package 1.1 with the EFI Developer Kit II," April 2015

[4] Intel Firmware Support Specification External Architecture Specification (EAS), Version 1.1a, November 2015

[5] Braswell EDKII project, April 2016

[6] Wei, et al, "Open Braswell UEFI Codebase - Design and Porting Guide," February 2016

[7] Yao, et al, "A Tour Beyond BIOS Creating the Intel(R) Firmware Support Package 1.1 with the EFI
Developer Kit II, April 2015

[8] Quark FSP 1.1, April 2016

[9] Quark SOC code

[10] Intel FSP2.0 consumer code, March 2016

[11] EDKII project www.tianocore.org

[12] Intel Firmware Support Package (FSP)

[13] coreboot Braswell code that consumes Intel FSP 1.1, April 2016

[14] SMI Transfer Monitor (STM) overview, August 2015

[15] STM Source code, March 2016

[16] Yao, Zimmer, "A Tour Beyond BIOS Using Intel(R) VT-d for DMA Protection in a UEFI BIOS," January 2015, https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Using_Intel_VT-d_for_DMA_Protection.pdf

[17] DMA Package https://github.com/vincentjzimmer/STM/tree/master/Test/DmaPkg

[18] Yao, Zimmer, "A Tour Beyond BIOS Launching a VMM in EFI Developer Kit II," September 2015, https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_VMM_in_EFI_Developer_Kit_II_0.pdf

[19] Zimmer, "STTS003 - Developing Best-in-Class Security Principles with Open Source Firmware", Intel Developer Forum (IDF), San Francisco, August 2015

[20] STM 1.0 August 2015

[21] Yao, Zimmer, "A Tour Beyond BIOS Launching STM to Monitor SMM in EDK II", August 2015 https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_STM_to_Monitor_SMM_in_EFI_Developer_Kit_II.pdf

[22] https://firmware.intel.com/blog

[23] coreboot Quark FSP MemoryInit support, January 2016 https://www.coreboot.org/pipermail/coreboot-gerrit/2016-January/039748.html

[24] coreboot convention 2016 https://www.coreboot.org/Coreboot_conference_San_Francisco_2016

[25] EDKII CorebootPayloadPkg overview, June 14, 2016 https://calendar.google.com/calendar/embed?src=6b1u8iq13jj8cp6kfokq4vlo20%40group.calendar.google.com&ct=America/Los_Angeles&dates=20160612/20160616&mode=agenda

[26] https://github.com/tianocore/edk2/tree/master/CorebootPayloadPkg

[27] Intel Firmware Support Package (FSP) 2.0 Specification, April 2016

[28] Boot Setting File (BSF) Specification version 1.0, March 2016

No comments: