Nathaniel L Desimone has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36328 )
Change subject: [RFC] Documentation/fsp: Discuss FSP-S issues ......................................................................
Patch Set 4:
(5 comments)
https://review.coreboot.org/c/coreboot/+/36328/4/Documentation/fsp/fsp-s_dis... File Documentation/fsp/fsp-s_discussion.md:
https://review.coreboot.org/c/coreboot/+/36328/4/Documentation/fsp/fsp-s_dis... PS4, Line 89: * One either has to assume that FSP doesn't perform any locking : and do it redundantly in the firmware framework, or expensively : test what is locked and keep doing so for every new FSP revision. The direction from Intel's security team is that there have been many examples of OEM firmware that forgets to set lock bits, so that have made it mandatory that we do so in the FSP. I'm open to having a dialog for when this is done, but keep in mind that people above me require it be done in the FSP binary.
https://review.coreboot.org/c/coreboot/+/36328/4/Documentation/fsp/fsp-s_dis... PS4, Line 126: FSP Switches SAI : ---------------- My comment above applies for this entire section.
https://review.coreboot.org/c/coreboot/+/36328/4/Documentation/fsp/fsp-s_dis... PS4, Line 155: Missing Communication and Responsibility To be crystal clear, FSP binaries are provided by Intel as-is. They do not come with a gratis Service Agreement. As far as "responsibility" goes, we make a good faith effort to provide community support but please realize it will be lower priority.
If you want professional level service, then it is possible to purchase support contracts with Intel.
https://review.coreboot.org/c/coreboot/+/36328/4/Documentation/fsp/fsp-s_dis... PS4, Line 176: None of the listed issues would exist if FSP were open-source and the : initialization steps could be integrated into coreboot, like they were : before. To be open and direct with all of you, this is extremely unlikely.
https://review.coreboot.org/c/coreboot/+/36328/4/Documentation/fsp/fsp-s_dis... PS4, Line 194: or raise legal concerns
Done
Please take this out, otherwise I run the risk of getting in trouble for talking to you at all.
This is feeling like a broken record, but I would like to point out...
1. The MP_SERVICES pointer is completely optional. You can set it to NULL and FSP will use its built-in MP implementation, which negates this whole argument. I am aware of several platforms that use coreboot with this set to NULL. It is the user's choice to configure coreboot in this way, not Intel's.
2. The MP_SERVICES pointer is NOT part of the FSP 2.1 specification, it is an implementation level UPD that is included in the FSP for some platforms but not all.
3. coreboot is not the only bootloader that uses FSP binaries, there are plenty of other solutions with different licensing paradigms.