Thursday, December 16, 2021

wither network boot?

I thought about pre-OS networking recently after giving a talk to other engineers about the value of EQ + IQ recently.  For the latter, what I called "Technical IQ" in http://vzimmer.blogspot.com/2013/03/a-technical-career-path.html, I use the T-shaped model https://careeredge.bentley.edu/blog/2015/04/21/how-gaining-t-shaped-skills-will-give-you-an-edge/. For this model networking was in the depth or vertical bar of my T since evolving the EFI network stack from a simple legacy PXE & UNDI thunk wrapper in 1999 to the native mode implementation in the early 2000's, certifying a clean-room IPV6 stack, and further into scalable use cases with wireless and HTTP boot a half decade ago. In the late days of 2021 perhaps it's not as prominent in the vertical bar but it's an important capability nevertheless.

As part of this survey, this blog is an elaboration upon some arbitrary points on the timeline of UEFI firmware network boot history, in the spirit of older postings like http://vzimmer.blogspot.com/2013/02/anniversary-daynext-arch-ps-and-some.html. This latter posting mentioned the 1.2 work https://github.com/vincentjzimmer/Documents/blob/master/EFIS001_100_2004.pdf, including 
client authentication w/ EAP https://www.semanticscholar.org/paper/Cloud-Net-Booting-Beyond-BIOS-Using-the-Unified-Zimmer/8f158dd172ca406095d051cc9bb5a7f5cc09435b and the folly of trying to create bespoke authentication methods. 


This same work was described in the 2009 https://github.com/vincentjzimmer/Documents/blob/master/SAM6560.pdf  paper https://dblp.uni-trier.de/rec/conf/csreaSAM/Zimmer09.html?view=bibtex in 2009, the same year as Berkeley Cloud paper that it cited https://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf. At the time is was becoming increasingly obvious that a HTTP-based boot was necessary. We in fact left provision for the same in https://tools.ietf.org/rfc/rfc5970.txt

Page 97 of https://www.intel.com/content/dam/www/public/us/en/documents/research/2011-vol15-iss-1-intel-technology-journal.pdf notes the full move to standard network authentication protocols.

Another place I captured some history of pre-OS UEFI networking was in https://github.com/vincentjzimmer/Documents/raw/master/A-Quick-History-of-UEFI-Networking.pdf. This was just a quick background that I ultimately integrated into https://github.com/vincentjzimmer/Documents/blob/master/UEFI-Recovery-Options-002-1.pdf in 2016. This folds in advances such as UEFI wireless support and HTTP boot that I led through the UEFI Network (UNST) & Security (USST) subteams https://uefi.org/sites/default/files/resources/UEFI_Plugfest_VZimmer_Fall_2016.pdf, respectively, in the early portion of that decade.  Commercial usage of HTTP boot was described by HP enterprise, too

Although https://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_VZimmer_Fall_2016.pdf updates  after wireless UEFI boot, the suggested next paradigm of pre-OS network bootstrap of  'NVME over Fabric UEFI boot' has been evolved in the NVME standards group versus my UNST in UEFI  https://linuxplumbersconf.org/event/7/contributions/737/attachments/531/944/LPC_2020_-_NVMe-oF_Boot_from_Ethernet_-_Final.pdf. I discovered that working the standard closer to the subject matter experts is best, just as I created the EFI TCG Protocols http://people.eecs.berkeley.edu/~kubitron/courses/cs194-24-S14/hand-outs/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf in the Trusted Computing Group versus the UEFI Forum.  

At other times it is satisfying to see evolution of requirements that support important use cases. There has been a spate of activity in enabling https://csrc.nist.gov/publications/detail/sp/800-193/final over the last several years, including the low level infrastructure code like https://github.com/vincentjzimmer/Documents/blob/master/A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDKII.pdf. The idea therein entails having the platform having some degree of fault tolerance on the system board firmware and device firmware.


Beyond 193, though, there are scenarios where the operating system can become corrupted, such as infamous https://www.tomshardware.com/news/malware-shamoon-virus-security-disttrack,16988.html. There are some early thoughts about options here https://www.it-scc.org/uploads/4/7/2/3/47232717/requirements_for_recoverable_systems.pdf that happen to nicely match some of the OS recovery infrastructure defined in https://github.com/vincentjzimmer/Documents/blob/master/UEFI-Recovery-Options-002-1.pdf, especially figure 7 of the latter mapped to figure 2 of the former.
which not surprisingly bear resemblance to 



During that effort above on OS recovery it was noted that although we defined UEFI network support in the UEFI standard and some infrastructure for the same in https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/Supplicant.h, great support for multi device and protocol was available in https://ipxe.org. In fact, ipxe has historically been a favorite of datacenter operators using firmware based networking, including the ipxe scripting https://ipxe.org/scripting. I fact after talking with some hyperscalers in the mid 2000's, I tried to create a 'safe shell' subset to use .nsh in lieu of ipxe scripting for deployment w/ UEFI network stack to provide coequal, and in the limit script-compatible behavior between ipxe and UEFI. This didn't work out for various technical and community reasons.

This usage of ipxe in the pre-OS speaks to the challenge of OS-absent networking. There has always been a complain that UEFI didn't solve one of the fundamental systems problems, namely needing to write drivers twice: once for the boot environment, and once for the OS. Vertically integrated folks like Intel UEFI Apple Macs can have a OS kernel engineer and firmware engineer who is a domain expert do both, but in the horizontal industry where the OS providers and platform provider are different business entities, this is more difficult. And historically the OS folks eschewed using firmware at runtime, even for safe mode, which led to deprecating UNDI at runtime.

In the past some of the DEC Alpha platform manufacturers wrapped Windows NT NDIS drivers in the Arc firmware, but this was only the port level, datagram interface.  The higher level networking primitives had to be curated for each domain (pre-OS, OS runtime). Other challenges in pre-OS networking include security - the support of packets on the wire (or air with wireless) are a huge attack surface since the incoming packets are ostensibly attacker-controlled data. The use of hardware VPN's can ameliorate some of this concern for deployments in the traditional enterprise, but the world of borderless/zero trust architectures moots that argument. 

One potential approach to more robustness may include using language-based security, such as Rust and implementations such as smol https://github.com/smoltcp-rs/smoltcp? In the early 2000's I explored with Linux kernel EFI maintainer Matt Fleming on some options about encapsulating Linux in the pre-OS for the network stack and then returning to the UEFI environment to boot the downloaded image. There were a lot of intricacies about state of the platform in absence of exit boot services and other blockers that put that exploration on the shelf.  At the time there were already a lot of usages of embedding Linux in the flash as the boot environment, but it was a one-way gate from UEFI.  UEFI->Linux.  Never a UEFI->Linux->UEFI->Final OS.

It is nice to see that latter use-case having been re-invigorated in the last few years with https://www.linuxboot.org/ in the datacenter. Instead of UEFI netboot->Linux or the chain loading of UEFI netboot->ipxe->Linux, you have the platform firmware, UEFI or coreboot or slimboot or....based, directly launch Linux and its integrated networking support from the system board flash. 

In addition to the interesting works Trammel Hudson has done in firmware security, I am happy to see his work in this space of using Linux for pre-OS networking https://trmm.net/LinuxBoot_34c3/. This includes a recent patch to run interleave UEFI and Linux execution, or the design point Fleming and I explored years ago, viz.,

The other historical irony I have to mention about LinuxBoot and firmware relates to a conversation I had on the showcase floor at the Ubuntu Developer Summit in Oakland, CA 2012. My colleague brought Mark Shuttleworth over to have a conversation, ostensibly about UEFI secure boot and some of the other recent features I had been working on in this space. Shuttleworth nodded his head in response to the overview and then left me with the single question: "Why don't you just use Linux as the firmware to boot the operating system?"  Of course supply chain, horizontal industry COTs, .... and the myriad of other social, technical and business reasons from my confirmation bias vantage of working on UEFI and EDKII didn't really empower me to have a quick answer :)

So we mention LinuxBoot above which obviates the need for the UEFI network stack in some use-cases, especially Cloud. That doesn't mean that UEFI networking isn't important. In fact enterprise and client devices still deploy the capability today, and it definitely has challenges, including performance and robustness. On the former, we noted some of the glass jaws on the polled UEFI driver model and its impact on perf in https://uefi.org/sites/default/files/resources/7_Maciej%20Vincent_INTEL_network%20stack%20performance.pdf and the associated implementation using LWIP and multiprocessing https://github.com/tianocore/edk2-staging/tree/MpNetworkStack. For security we can go beyond just the forklift upgrade of a Rust port and near-term isolate the network stack drivers in ring 3 or user mode https://github.com/jyao1/SecurityEx/tree/master/UserModePkg or put into a VM https://www.intel.com/content/dam/develop/external/us/en/documents/a-tour-beyond-bios-launching-vmm-in-efi-developer-kit-ii-0-819978.pdf. In fact after the 2007 paper laying the ground work for UEFI secure boot in SAM07 https://www.semanticscholar.org/paper/Platform-Trust-Beyond-BIOS-Using-the-Unified-Zimmer/0bd3bdeb6dcadf088137e13c00adc7e4390fa0de was 2008 https://www.semanticscholar.org/paper/System-Isolation-Beyond-BIOS-using-the-Unified-Zimmer/cf0261fe8d8dc078fb389dc04a56188695581949 including VMM and rings for firmware. 

Firmware device interrupts http://vzimmer.blogspot.com/2015/06/guids-revisions-interrupts.html, ring isolation, multiprocessing, etc all seem to argue for just diving into a full operating system, but a deft hand can still apply some of these design precepts into pre-OS firmware. Driving change is hard, though. I recall a quote from a colleague about another engineer 'he spent a lot of time working on a problem that engineers (at the company) didn't want solved.' In other words, a good business problem isn't enough. For various historical and / or cultural reasons the existing engineering community may not want to pursue a solution. A mental model I sometimes use for this engineering reluctance is WWI/WWII. Leaders who came up in some technology era understand the guardrails and technologies for success there - mapping to WWI they are great trench builders and trench warfare combatants. And the ultimate example of trench warfare skills was the Maginot line https://en.wikipedia.org/wiki/Maginot_Line.


Technology changes. Say going from mainframe to mini, mini to PC, PC to Cloud/post-PC, anything to mobile, ...... A phase and its successor may represent a different corpus of technology or business constraints. Let's call one of these transitions going from a WWI to WWII based technology environment. When WWII commenced, airplanes just flew over the Maginot line. Just like your real competition is yourself professionally, not others, the way to leverage this insight is to avoid trying to leverage your trench-digging skills when the world war precepts have changed, and more importantly continually evolve skills and practices. As for the sentiment in the quotation above, a technologists should take a constructive approach that includes providing data on the environment change and technical options that can inform the organization of potentially evolve the bench from WWI to WWII class readiness.

OK. Enough on this topic of the past. If there are any more postings in '22 they will catch up to more recent events and commentary in the firmware space. 

Friday, November 19, 2021

books & old age

Let's start out with 'books.'  

When supporting the activity https://community.intel.com/t5/Blogs/Products-and-Solutions/Security/How-Secure-Boot-helps-protect-against-bootkits-used-in-malware/post/1337354 and the linked video https://www.youtube.com/watch?v=FqC332VCgYI I was reminded of my many office-mates during the work-from-home, namely

 

'books.'  I thought that the confinement of working from home would give me more of a chance to catch up with my reading backlog, but invariably the work-load seems to have increased with the time saved from having done my commute.  

Also, the shelves and my person are much more cluttered and in shambles that a similar view from a couple of years back 

(versus today)



I am a bit comforted by this disparity of 'owned' to 'read' books, though, after reading sentiments like Umberto Eco and his anti-library https://www.brainpickings.org/2015/03/24/umberto-eco-antilibrary/
"The library should contain as much of what you do not know".  

On that theme of variety, to me it's important to sample the humanities, such as good literature and philosophy, to remind myself what it means to be human, as it is to dive deeply into both my technical domain and the adjacencies. The latter is especially important as innovation often happens at the seams between two domains, and texts that go deep into my domain are often rearview mirror & retrospective, not forward looking. Forward looking includes fusion and leverage of alternate domains into my field.  Think some technique of mathematical logic that can be applied to system software, for example.

Another book that has pleased me during this confinement is "Software Engineering at Google" https://abseil.io/resources/swe-book. Although a read the dead tree version, a colleague let me know this week that there is a free PDF download, too. In addition to leveraging many aspects of the wisdom therein for my day job, such as code review practices, I really enjoyed the 3 'always'.  Always deciding, always scaling, and always leaving. The first helps but not falling into analysis paralysis and admiring problems too long but instead just 'doing something.' The 2nd I use to ensure that my activities can have the largest leverage & impact. And the final one, 'always leaving,' seemed a bit confusing at first blush. Given the 'great resignation' https://en.wikipedia.org/wiki/Great_Resignation and other perennial wars for talent, this struck me as something corporations wouldn't endorse. In closer reading, though, 'always leaving' really means doing your job in a way that you can 'leave' for a broader role, typically within the same organization. In absence of mentoring folks, building a bench, documenting you work, etc., you are stuck in the same role and cannot leave as you may become a Single Point Of Failure (SPOF). The latter is not good for the business, especially given the 'hit by a bus' risk and other reasons someone might leave. Sometime I see folks 'Always digging in' versus 'leaving' where they relish the guru/goto person status and their singular ability to fulfill a role. That's a corporate anti-pattern IMHO. To me I try to embrace this sentiment of always-leaving through well-commented code, documentation (e.g., specifications, design documents, white papers, papers, books, prezo's,....) and most importantly, interaction with colleagues. 

Books are also something of a lifestyle, too. Living in the Seattle area and with the advent of so many online purchasing opportunities, the brick-and-mortar bookstores are becoming rarer. Growing up in Houston I often found refuge in the dusty, disorganized shelf of the local Half-Price Books which was within bicycling distance. Once I could drive, my choices became even broader. After moving to the Pacific Northwest in 1997, my favorite haunt was the Half-Price Books on Roosevelt in the University District in the shadows of UW Seattle. I would often visit that store, both as part of sojourning from the south sound to Seattle for my masters work in the late 90's and as an excuse to go north. The store had the advantage of receiving stock from the local tech worker diaspora and both students and teachers from UW. I miss that haunt https://www.dailyuw.com/opinion/article_33647c22-1a7b-11e7-8490-679e314f85e7.html. Now that my daughter is living on campus at UW, I have a new favorite reason to visit the area, of course. 

So with time things change stores close, and other occurs mark signs of 'old age' increasing.

Another aspect of my biography in the first link above also mentions retro computing. I have regrettably accumulated an original IBM portable https://en.wikipedia.org/wiki/IBM_Portable_Personal_Computer, a 21264 Alpha server, an HP dual-socket Itanium, .... and too many more to mention. These computing devices also remind me of the arc of technology. I still recall how I was in awe of companies like DEC in 1988 or so when I was a electrical engineering student at Cornell and many DEC engineers were allowed to take a year off to study for a 'master of engineering' degree at Cornell. I also read about the accomplishments in IEEE journals and even acquired my first IEEE 'student' membership while an undergrad.  Below is a status from my present IEE profile history:

    Start Date:
 01-Nov-1990 | End Date: 31-Dec-1992


Fast forward to the 21st century and paper https://ieeexplore.ieee.org/document/9218694

   Date of Conference: 
20-24 July 2020

Almost 30 years from 'student member' to having a publication hosted by an IEEE venue.  Quite the span of time. Given that span of time, you'd think I would generate the energy to apply for 'senior member' or somesuch, but like my career, advancement in that domain seems sluggish these days.

Speaking of spans of time, I also just qualified for Intel's 'rule of 75'

https://www.intel.com/content/dam/www/program/employee/documents/irmp-serma-spd.pdf 


Or one of the benefits for 'retiring.'  

So now I'm setting on 30 years of retro computing and a tech career with things like 'retirement' options sitting in my inbox.  Quite the passage of time indeed.

Speaking of time, better quit blogging here and get back to work.

Tuesday, July 6, 2021

Patents and co-inventors

The following announcement of a fellow Cornell alum Mark Charney on his linkedin page

https://www.linkedin.com/feed/update/urn:li:activity:6815764405725270016/ caught my eye today

where Mark is celebrating the receipt of his 100th US patent.

I especially liked the comment about collaboration. That has always been the most interesting aspect of the inventive and technical development process.

To that end, I roamed over to https://en.wikipedia.org/wiki/List_of_prolific_inventors to see about other Intel inventors, and to my surprise, I saw 30 Intel inventors listed. I believe that I have mentioned this site before in earlier postings, too, http://vzimmer.blogspot.com/2014/08/ http://vzimmer.blogspot.com/2021/01/innovation-and-invention-redux.html.

Two immediate collaborators I recognize are Ned Smith and Mike Rothman. 

I am a co-inventor on 272 of Mike's (96%) issued US patents and 27 of Ned's (9.7%)

Ned has a pretty interesting publication history, too, with dblp picking up https://dblp.org/pid/56/3580.html. This compares to my dblp list https://dblp.org/pid/34/5641.html. Regrettably no joint publications, although I'm a big fan of Ned's Clark Wilson integrity model study of the TPM. We cited this in https://link.springer.com/book/10.1007/978-1-4842-6106-4, for example, along with his IOT security book. That paper was presented at the Security and Management (SAM) conference in Las Vegas. I published my first four papers in the 2000's at that venue, too. If I recall Selim Aissi https://www.linkedin.com/in/aissi/ encouraged folks to contribute to that venue?

I spent time working with Ned when he was the VPro security architect, too https://www.intel.com/content/dam/www/public/us/en/documents/research/2008-vol12-iss-4-intel-technology-journal.pdf. And it looks like Ned and I were co-inventors on my latest issued patent "Static and dynamic device profile reputation using cloud-based machine learning" 11,049,039 along with our erstwhile McAfee colleagues.

As for Mike Rothman, he has been a long-time collaborator (and physical office neighbor when we aren't in COVID seclusion). Mike overlaps on my dblp above with a couple of books and we also contribute to the firmware standards, including the review of the UEFI ecosystem in  https://www.intel.com/content/dam/www/public/us/en/documents/research/2011-vol15-iss-1-intel-technology-journal.pdf.

Perusing the list further I see David Durham with whom I collaborated on a few patents


or 4% of his total 216. And finally, one joint patent with another Cornell alum Gil Neiger 


out of his 211 patents (0.5%) as of July 6, 2021, along with some of the other Intel virtualization crowd https://ieeexplore.ieee.org/document/1430631

Although Neiger and Charney are Cornell alums, they are Phd's & I am but a BSEE from Cornell and MS Comp Sci from UW here in Seattle. I was reminded of my lowly spot on the tech education totem pole when shopping at Fred Meyer in Issaquah, WA last night and two customers were loudly speaking with each other in the vegetable section. I caught the fragment of their conversation "...and he only has an MS and not even a Phd." I didn't recognize the two but at that point I seriously doubted my credentials to buy that bundle of organic carrots I had in my hand....

Although we are not co-inventors on any patents, my more immediate neighbors on the https://en.wikipedia.org/wiki/List_of_prolific_inventors list include the number one Intel inventor Robert Chau https://newsroom.intel.com/news/creating-new-technologies-keep-moores-law-alive-well/ and number three inventor Jack Kavalieros  https://www.intel.com/content/www/us/en/newsroom/news/2021-inventor-year.html#gs.55miv2

who bound me from above with Chau's 486 patents, my 453, and Jack's 440 below, respectively.

Robert and I each passed the 300 mark in 2014, 


although Chau has pulled ahead of me quite a bit in subsequent years. And in light of the pipeline of pending patents Jack has, I suspect he'll leave me watching his transistor research taillights, too, in short order. 

The other good thing about Jack passing my count will be maintaining grade monotonicity. Instead of Fellow->Sr. PE->Sr. Fellow as we have today with Jack->Vincent->Robert, we'll have Sr. PE->Fellow->Sr. Fellow, where grade level will increase on the Y-axis as patent count increases on the X-axis.

Finally, given that Intel was founded on many of the transistor and integrated circuit accomplishments of folks like Robert Noyce https://en.wikipedia.org/wiki/Robert_Noyce, having Robert and Jack as the lead inventors for the company is a wonderful thing.

So much for random thoughts and numbers around issued US patents on a summer day.....

Wednesday, February 24, 2021

24 or Anniversary.Next^9 and 128 bits

I was pretty late last year in posting http://vzimmer.blogspot.com/2020/05/recovery-tech-talks-23-or.html in order to maintain this ritual. It's OK to be late but I cannot really make up by being early in 2021 since there is no guarantee that will be employed on the anniversary date, of course.

As such, here's the anniversary year 24 edition. It features rolling into upcoming year, which may culminate in the '25' edition of this posting. Either way, I hope to have a "Anniversary^10 and 25 years" post. 

I have definitely learned many things in the past past couple of decades, including how to take criticism, whether code & spec review or paper and patent feedback. It's tough sometimes but feedback provides one of the key ways to grow. There is always room to learn, too. Thanks to Hot, via Rob, for recent reference https://www.amazon.com/12-Essential-Skills-Software-Architects/dp/0321717295. I especially like the quote "Architecture is about business. It focuses on representing, communicating, and building on the key points of a technology or even a nontechnology solution that has beneficial impact to the business in some way."

Beyond keeping up with the times via feedback and book learning, I sometimes like to ponder the basics in this fast moving technology world. The basics include maths, science, and for computers. Vintage computer topics include the EDVAC http://web.mit.edu/STS.035/www/PDFs/edvac.pdf. This led me to think about pointer sizes. I started my career programming 8-bit 8051's with its infamous 16-bit 'DPTR' and Harvard Architecture. Then I moved to the 16-bit 186, 16-bit V20 286, 32-bit 386EX & 486 from Intel, 29k from AMD, and Pentium Pro. Then I segued to 64-bit with Itanium here at Intel where I on-boarded to lead some of the boot firmware development, and then EM64T/x64/x86_64 to provide the first EFI boot. But what about 128-bit https://en.wikipedia.org/wiki/128-bit_computing ?

My journey into the past led to some questions about the integer and pointer size of the Unisys 1100 (72 bit ptr, 576 bit integer?) mentioned in https://www2.cs.arizona.edu/~mccann/cstyle.html. GCC has a data type https://gcc.gnu.org/onlinedocs/gcc/_005f_005fint128.html. Maybe a future ILP128/LP128 to scale beyond today's ILP64/LP64 http://archive.opengroup.org/public/tech/aspen/lp64_wp.htm?

The C style document mentions DEC, which reminded me of some of the innovation they, as chronicled at http://simh.trailing-edge.com/dsarchive.html. During my undergraduate days at Cornell Digital was to place to go for systems work, and at Intel in the late 90's many ex-DEC engineers led the workstation work (e.g., Dileep B.).

Intel has been evolving physical addresses, too 5-level paging on Intel x86 https://software.intel.com/sites/default/files/managed/2b/80/5-level_paging_white_paper.pdf

Most interesting regarding deployed systems is the AS/400 single level store w/ 64 or 128 bit pointers. I ran into this while reading 'inside the as/400' https://www.amazon.com/Inside-AS-400-Frank-Soltis/dp/1882419669 book, Some CPU's have 96-bit physical addresses with the size hidden by the SLIC - system level interface code. IBM also has 80 bit VA and 64-bit PA on IBM https://www.ibm.com/support/knowledgecenter/ssw_aix_71/generalprogramming/address_space.html.

These pointer size ruminations led me to think of the more recent paper on the subject, namely the RISC-V paper and the architecture's support of 128 bit addressing. From https://people.eecs.berkeley.edu/~krste/papers/EECS-2016-1.pdf:

"At the historic growth rate of the memory capacity of TOP500 champions, about 70% per year, a 64-bit address space would be exhausted in about two decades. To the extent that global addressability of such systems is desired, we contend that flat addressability is the best approach; RV128I provides a promising solution."

Andrew W. mentioned that the 128 bit binding was considering something of a joke when he described it at the 2016 coreboot conference https://www.youtube.com/watch?v=f0ykeMmqglI&feature=youtu.be (12:25). 

In the intervening 5 years, though, the 'joke' takes on some more gravity with the comment about needing to work on the base spec for 128 bits (minute 3:58 of https://www.youtube.com/watch?utm_content=152341011&utm_medium=social&utm_source=linkedin&hss_channel=lcp-7579420&v=lg33UqZ_en0&feature=youtu.be)

There are no known soft or hard core IP implementations of RV128 I could find on the web, although the https://bellard.org/tinyemu/ RISC-V system emulator supports the RV128IMAFDQC base ISA (user level ISA version 2.2, privileged architecture version 1.10).

But extra bits do not have to be used for addressing. There are potential security usages https://riscv.org/wp-content/uploads/2017/12/Tue1554-xbgas-JLEIDEL.pdf, or more fringe ideas like mapping ipv6 address to memory locations https://patents.google.com/patent/US8266238

Again, these are 128 bit pointers, not 128 bit data types. A lot of the SIMD/Vector ISA extensions have broken the 128 bit data type long ago. This is a "sizeof (pointer_in_128_bit_ISA) == 128" thing.

Speaking of RISC-V, I was interested to see the progress in the EDK2 RISC-V port https://fosdem.org/2021/schedule/event/firmware_uor/. Some of this work was inspired after my posting http://vzimmer.blogspot.com/2014/11/porting-to-new-architecture.html which led to position papers https://github.com/vincentjzimmer/Documents/blob/master/risc-v-uefi-talk-001.pdf https://github.com/vincentjzimmer/Documents/blob/master/risc-v-uefi-talk-004.pdf and standards/open source work.

I asked the Fosdem developer if he had considered porting the UEFI Platform Initialization (PI) Management Mode (MM) to the System Binary Interface (SBI) https://github.com/riscv/opensbi machine mode. This is work we did https://github.com/vincentjzimmer/Documents/blob/master/A_Tour_Beyond_BIOS_Launching_Standalone_SMM_Drivers_in_PEI_using_the_EFI_Developer_Kit_II.pdf 

in order to allow decoupling the SMM from the host firmware environment https://github.com/tianocore/edk2/tree/master/StandaloneMmPkg was originally done for loading SMM from the Firmware Support Package (FSP) with a prototype at https://github.com/universalpayload/fspsdk/tree/qemu_fsp_x64_smm. The work was then picked up by the ARM community who need to load the TrustZone-variant of MM during early boot (e.g., SEC or PEI). The architecture neutrality of MM software model could thus be applied to RISC-V, just as the original "SMM Framework" mentioned "xMI's" to cover by the x86 system management interrupt (SMI) on x86 and the platform management interrupt (PMI) on Itanium. 

Today, though, SBI is really a set of call interfaces similar to the DEC Alpha PALcode or Itanium SAL/PAL Code.  I mention both PAL and SAL from Itanium since some of the SBI are SOC-specific (e.g., ISA emulation) whereas others may map to the platform (e.g., debug console). The runtime of host firmware is always challenging, whether it's traditional SMM on x64 and UEFI runtime and the interpreted ACPI, or the IBM Opal runtime or device tree. As always the execution of runtime should be minimized in order to avoid impacting host OS / hypervisor resource management, with 'minion cores', Embedded Controllers, BMC's, and other SOC microcontrollers providing independent execution regimes.


Saturday, January 23, 2021

books and computers

Saturdays are interesting, especially working for a multinational company with colleagues across the globe. I may have shared this sentiment before, but I still recall the tale that resonated with me from a currency arbitrage trader https://www.investopedia.com/terms/c/currency-arbitrage.asp. The person mentioned that he was working whenever a market was open. Luckily Saturday is the one day without any market open so he would use that day to do laundry, go grocery shopping, and follow-up on other chores. Feels like the work life of many in Friedman's flat world :).  Thus stealing a few moments on the Saturday nadir of activity for a quick blog.....

I'll commence this blog with observations about books, starting with my most recent  https://www.apress.com/us/book/9781484261057



Ir is not quite small, weighing in at 930 pp.


It's the 7th physical book / printing I have in hand. It culminates a stack of dead trees spanning 3 editions of Beyond BIOS, two of the Shell, security, and embedded. Publishers of this stack range from Intel Press (shuttered 5 years ago) through De Gruyter https://en.wikipedia.org/wiki/De_Gruyter and into Apress. And I also had 8 different co-authors spanning employers past or present including Intel, Phoenix, Insyde, Google, ARM, retirement, Sage, and Amazon. I've been at Intel the whole course of the book runs, though. The mountain of paper is shown below.

[from top down]










Now for a bit of history of Intel and tech books, at least as far as I'm aware. Prior to Intel Press, Intel technical books were done through McGraw Hill in the 1980's. Below is one example from my nearby shelf.

Then in the 1990's there were McGraw Hill / Intel joint imprints, such as the RMX and 486SL books below. 
https://www.amazon.com/Intels-Architecture-Designing-Applications-McGraw-Hill/dp/0079113362


I especially like the the drop-e in the logo of those books which was removed in 2006 by Intel.

And in the 2000's Intel Press published both books https://openlibrary.org/publishers/Intel_Press https://www.intel.cn/content/dam/www/public/us/en/documents/white-papers/developer-reading-list.pdf and the Intel Technology Journal (ITJ). I still recall reading the first IT issue https://www.intel.com/content/dam/www/public/us/en/documents/research/1997-vol01-iss-3-intel-technology-journal.pdf when I joined the company in 1997. I was happy to have the opportunity to lead the creation of the only printing in 2011 
https://www.intel.com/content/dam/www/public/us/en/documents/research/2011-vol15-iss-1-intel-technology-journal.pdf. It made me feel like a small part of the technology history of the company.



In that 2011 issue I co-authored 3 of the papers, including networking and security


which was referenced in the Apress firmware security book, as shown below.
And luckily the Intel Technology Journal PDF's were all archived on Intel.com after Noggin.intel.com and Intel Press were closed down.

Another notable reference in the Apress security book was http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf





which excerpted some of the principles of cryptography

and had the citation

I regret that only this final Apress book had rich citations. The other books were a bit light on the references. I'm still amazed by the longevity of Shannon's work on information theory and security.

Speaking of Apress, the publisher is actually an imprint of Springer Verlag https://en.wikipedia.org/wiki/Springer_Science%2BBusiness_Media.  In 2009 I wrote a chapter for Springer


with original Beyond BIOS co-authors.


Outside of Intel presentations or patents, the 2004 "Update at Intel" article is the first of prose describing firmware. This was part of a series of articles posted on the Intel website about recent technology evolution. I still like the fact that it described the XScale ARM port I did in 2001 and had a Pentium 4 in the block diagram. This same XScale work was elaborated upon the 2006 Beyond BIOS book code fragment, being placed by a mobile internet device (MID) in the 2010 2nd edition of Beyond BIOS, and finally turning into a Intel FSP example in the 2017 3rd printing of the book. Interesting evolution of the platform across the decade and a half.

It's also the only publication with a 'drop-e' that I created, too.






in its many translations:  English, Chinese, Portuguese, Japanese, Spanish, and Russian.

I still fondly recall the CDSA and ACSFL update articles, but unlike the ITJ, these pages have not been archived on intel.com, the wayback machine of archive.org, or other computer history repositories of lore such as bitsavers.org. For work that never made it to open source, I wonder how much interesting technology history is lost every year? 

In the spirit of the written word, and despite questions of the demise of print https://www.stamats.com/think-print-dead-think-again/, it's nice to see that Grove, the CEO 




when I joined in 1997, and Gelsinger, upcoming CEO this year, expressed both their technology and business insights via writing. 

[from top down]

https://www.amazon.com/High-Output-Management-Andrew-Grove/dp/0679762884

https://www.amazon.com/Only-Paranoid-Survive-Exploit-Challenge-ebook/dp/B0036S4B2G

https://www.amazon.com/Juggling-Act-Bringing-Balance-Family/dp/1434768740

https://www.amazon.com/Physics-Technology-Semiconductor-Devices-International/dp/0471329983

https://www.amazon.com/Programming-80386-John-H-Crawford/dp/0895883813



Writing books is one way to scale one's knowledge that transcends the utility of (cough cough) blogs, streaming video and podcasts IMHO.

Regarding the writing process, I am not sure about how easy of a time either my co-authors or luminaies like Grove and Gelsinger had in writing their tech and business books, but I feel like the following when trying to get the pages out.



So much for this Saturday typing. Here's looking forward to market openings and meetings commencing tomorrow. 

Friday, January 15, 2021

memories from uw and cornell

This is something of a random blog posting. 

As the new year rolls around, I became thoughtful of the page of milestones. These include my time at the University of Washington here in Seattle https://www.cs.washington.edu/ getting my CS Masters during the 1997-1999 time frame. 

I spoke a bit about the UWCSE in http://vzimmer.blogspot.com/2018/06/ along with the now-closed https://www.livingcomputers.org/. Given the recent interest in retrocomputing https://www.nytimes.com/2021/01/08/style/retrocomputing.html the museum would be overrun with aficionados if it were open.

I frame many of my UW memories via the professors. These included John Zahorjan https://www.cs.washington.edu/people/faculty/zahorjan on computer performance. I recall one project with a classmate Amanda Barrett (then an employee at Teledescic, Macaw's attempt at a satellite communications network in the late 90's) on modeling different web server scheduling policies, such as Round Robin DNS (RR-DNS) using C++Sim. The most interesting part of the effort was the ability to drive the simulation with anonymized, real-life web traffic from Metacrawler by way of UW alum Brian Pinkerton alumni https://en.wikipedia.org/wiki/WebCrawler https://www.w3.org/Conferences/WWW4/Papers/169/.

The next professor I recall is Anna Karlin for algorithms https://www.cs.washington.edu/people/faculty/karlin. She taught my first class at UW. The take-away I have from that course was the value and extent of mathematical rigor behind algorithms. From my undergraduate and 5 years prior industry experience I saw algorithms more as rote recipes than evolve mathemtical objects.

Next up was the artificial intelligence course with Dan Weld https://www.cs.washington.edu/people/faculty/weld. Like the performance class above, my strongest impression was the project course. The specific project included writing a movie recommendation system for movies. We would create Java wrappers for websites, such as for the recently launched https://www.imdb.com/, to support queries written in Datalog https://link.springer.com/referenceworkentry/10.1007%2F978-0-387-39940-9_968. It would allow the end user to write queries, such as 'Show me all of the movies in Seattle starring Tom Hanks.' The downside of the system is that this work predated the semantic web and the website wrappers had to continually get updated based upon the changes in sites like IMDB. 

The other part I recall from the AI adventure is that my partner was a local Intel DuPont employee in another team. His manager was much more liberal about taking classes so he had the opportunity to work on the course during the work day. My management, who had initially replied to me when I requested funding for the masters project with 'why do you want to take classes, you are already smart enough?' didn't permit such liberties. So like my patent writing of the last 20 years, my masters work was always a late-night after-hours and predominately weekend activity.

From AI I recall taking a second algorithms class with Richard Ladner  https://www.cs.washington.edu/people/faculty/ladner. I still recall a quote from Ladner early in the quarter, namely "I cannot teach you everything about algorithms since the field is so broad and continually changing, but what I can do is teach you have to do research and learn on your own." The deep project work done in that class involving assessing recent publications has stayed with me. And the wisdom still holds true today, every field is continually changing. Sort of the academic analogy to the pre-Socratic Heraclitis quote "You cannot step into the same place in a river twice."

Another part of the UW journey was sorrow, too, including the passing of my advisor https://s3-us-west-2.amazonaws.com/www-cse-public/publications/msb/msb11.1.pdf

Just like my undergraduate journey, I didn't have the luxury to take so many courses, so I calculated the exact number of credits I needed to get my degree. For undergraduate urgency the timing was economic based, whereas for my masters it was lifestyle based (i.e., high pressure job with hardware power-ons, new-borne daughter, etc). As such, one way to complete the requirements was through research credits, and one effort involved working on a project with Susan Eggers  https://homes.cs.washington.edu/~eggers/. She was a huge influence on me in computer architecture, and after meeting her, some of the stories I late reach https://egc.yale.edu/how-job-yale-1960s-set-susan-eggers-groundbreaking-path-computer-science did not surprise me at all.

Since distance learning was a bit nascent in the late 90's, I still recall hurrying from DuPont, WA Intel site to the U District in Seattle. I tried to time my arrival such that when the street parking became free at 6pm I could find a slot.

And the old CS building Sieg Hall, ah......


Definitely quite a change from the new EE/CS building, especially the Amazon auditorium. I luckily managed to catch a couple of interesting talks there in the last couple of years, including Patterson preaching about RISC-V https://www.youtube.com/watch?v=mD-njD2QKN0 (and getting one of the single-page ISA descriptions printed on green paper) and David Bacon on the evolution of quantum computing https://phys.washington.edu/events/2019-12-10/cse-colloquium-quantum-computer-versus-supercomputer.

An interesting aspect of the university, versus industry, is that the rank of a professor is much more explicit, such as the laddering of associate versus assistant versus full versus emeritus professor, respectively. Compare this with the wild variability of job titles in the technology industry https://www.levels.fyi/, for example. A principal at one company versus a partner at another versus....although https://news.ycombinator.com/item?id=25758663 recently had an interesting discussion thread on the topic.

Speaking of partner title, I still recall one MS partner architect telling me that partner is the 'throw the other guy under the bus' job band. This spoke to the highly competitive nature of the job category since like many domains the higher you advance leads to few openings and broader expectations with the competition to advance and challenge to sustain the level being commensurately intense. 

Even in my early late teens I saw a glimpse into this. At Cornell I recall a fellow undergraduate who had interned at Goldman. He related tales of other interns sniping at each other openly during presentations each was required to make. The same calculus applies - exclusive job category with high compensation, thus some 'throw them under the bus' behaviors.

Speaking of Cornell working on my BS EE https://www.ece.cornell.edu/ece during the 1988-1991 window, a few memories come to mind. The first includes the luminaries who visited campus, such as Normal Mailer and Roger Penrose to give talks. Penrose, Kip Thorne, and other physicists were drawn to a department that still had Hans Bethe https://en.wikipedia.org/wiki/Hans_Bethe. This was the same physics department that hosted the Feynman lectures. And for literature Cornell was the abode of the likes of Vladimir Nabakov, too.

Just like UW the professors made some of the largest impacts. These include Dynkin for real analysis https://news.cornell.edu/stories/2014/11/mathematician-eugene-dynkin-dies-90, Terrence Fine on probability https://www.engineering.cornell.edu/faculty-directory/terrence-fine, and the father of information retrieval Gerard Salton https://en.wikipedia.org/wiki/Gerard_Salton for discrete math. Cornell didn't just send TA's to instruct undergraduates but instead offered access to world class researchers in their fields.

Moving from maths to engineering, Prof Torng https://news.cornell.edu/stories/1997/12/cornell-professor-honored-intel-corp-his-computer-chip-improvement taught the course on digital design. K-maps, Mealy-Moore machines, etc. Good stuff. 

And closest to home there was Professor Gries https://www.cs.cornell.edu/home/gries/gries.html class on computability theory. This started with computational complexity, big-O notation, and other rudiments, leading into Hoare triples, such as pre-conditions, post-conditions, and invariants.  I still remember walking down the hall of the computer science building and seeing a room filled wall-to-wall with silver-covered Springer-Verlag "Texts and monographs in computer science."






Beyond visiting speakers and professors I recall lots of lake-effect snows and winds during the winter, and beautiful changes of seasons and the rugged environment of Ithaca, New York. There was a common theme on T-shirts and car stickers of 'Ithaca is gorges' as a play on the terrain and 'gorgeous' scenery up upstate New York.


Since I was so far from home and living on a budget, I would only return back to Houston for events like Christmas or summer. I recall one thanksgiving holidays eating at gas station since I had forgotten to do grocery shopping ahead of time. Other times I would travel to visit my aunt in New Jersey by way of New York Port Authority. Port Authority was definitely a stark contrast from bucolic Ithaca, NY or suburban Houston. I recall one trek through Port Authority when there was a body in a wheel chair parked outside of the bathroom. A sheet covered the bulk of the person but the hands were protruding with what looked like the stiffness of rigor. The crowd in the bus terminal where walking around the body as if it were just another obstruction on the path of their daily routine. Another trick I learned going through Port Authority with my suitcase was to put my money in my shoe. I'd leave $5 in my wallet so that when someone invariably wanted to 'help me' find my connecting bus terminal and then requested a gratuity because "you know I could be doing much worse to make money", I could satisfy the request and not get rolled for all of my traveling money.

When I think of growing up in Houston, or the US Southwest, doing undergrad in Ithaca in the US Northeast, and now leaving in the US Pacific Northwest, I'm mostly covered the continental US. Heat in the SW, cold in the NE, and rain in the NW. I'm only missing living in the US Southeast, such as Florida. But after reading Thomas McGuane's 'Ninety-two in the Shade' https://www.goodreads.com/book/show/51598.Ninety_two_in_the_Shade in my youth, I wasn't so anxious to move to that area.

Saturday, January 9, 2021

innovation and invention redux

In reading Bezos' book 'invent and wander' https://www.amazon.com/Invent-Wander-Collected-Writings-Introduction-ebook/dp/B08BCCT6MW he mentioned a couple of different problem solving techniques. The first includes a skills-forward problem solving approach where a team leverages what it knows to create products. This is more common in the industry and represents an amortization of an established set of capabilities and perhaps a given moat.' This is in contrast with a customer-problem first approach where you may need to invent a solution or build a competency. Bezos cited the Amazon Kindle which represented an approach to a customer problem, namely handling their library. And in pursuing solution of this problem, Amazon had to acquire skills in hardware development, create new models of cellular downloads, and evolve screen technologies..

Reading this passage coincided with the recent update of my patent list, namely hitting the 450 milestone of issued US patents, viz.,  http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.htm&r=0&p=1&f=S&l=50&d=PTXT&Query=apt%2F1+and+in%2FZimmer-Vincent$



As always with invention, I am as excited by the problem being addressed as my collaborators and co-inventors, including the following parties:

Yao, Chaganty, Ma, Rangarajan, Poornachandran, Aggarwal, Mudusuru, Zimmer, Yarlagadda, Chan, Das, "Enhanced Secure Boot," Issued 1/5/2021, US Patent #10,885,199

This small incremental increase cannot stem the tide of getting pushed further outside of the top 100 https://en.wikipedia.org/wiki/List_of_prolific_inventors


I fear, but the absolute number of patents was never the figure of interest. It has always been about supporting business-driven innovation http://vzimmer.blogspot.com/2013/12/invention-and-innovation.html.

Speaking of numbers, https://link.springer.com/book/10.1007/978-1-4842-0070-4 passed 300k downloads, too, during this same week.


The downloads on this book are probably 10x those of https://link.springer.com/book/10.1007/978-1-4842-6106-4, which speaks to the power of the open access model. I see similar diminutive numbers on other pay-walled publications, such as the Simics fuzzing paper with small double https://ieeexplore.ieee.org/document/9218694 and single https://dl.acm.org/doi/abs/10.5555/3437539.3437751 digit downloads, respectively.

Beyond downloads, another interesting statistic is citations. https://scholar.google.com/citations?hl=en&user=9fW87_IAAAAJ has the broadest collection of citations, whereas https://dblp.org/pid/34/5641https://www.scopus.com/authid/detail.uri?authorId=26325201900https://dl.acm.org/profile/81464676924, https://www.semanticscholar.org/author/V.-Zimmer/46617443, and https://ieeexplore.ieee.org/author/37088526460 find differing subsets.

2020 was quite an interesting year. Let's see if 2021 offers the same vicissitudes. Hopefully these ramblings about invention and numbers auger well for 2021. As I heard once, put a number next to someones name on the internet and they will obsess or do what they can to increase it. Twitter followers, LinkedIn connections, video views...... Hopefully I don't subscribe to that numeric obsession.