Varshit B Pandya has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Documentation/soc/intel: Add documentation for MCU update
Change-Id: I3deb24550c1f1cd4c7b8082af75115ca174c295a Signed-off-by: Pandya, Varshit B varshit.b.pandya@intel.com --- A Documentation/soc/intel/ucode_update/Flash_Layout.PNG A Documentation/soc/intel/ucode_update/microcode_update_model.md 2 files changed, 43 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34657/1
diff --git a/Documentation/soc/intel/ucode_update/Flash_Layout.PNG b/Documentation/soc/intel/ucode_update/Flash_Layout.PNG new file mode 100644 index 0000000..ac18977 --- /dev/null +++ b/Documentation/soc/intel/ucode_update/Flash_Layout.PNG Binary files differ diff --git a/Documentation/soc/intel/ucode_update/microcode_update_model.md b/Documentation/soc/intel/ucode_update/microcode_update_model.md new file mode 100644 index 0000000..e2d7f35 --- /dev/null +++ b/Documentation/soc/intel/ucode_update/microcode_update_model.md @@ -0,0 +1,43 @@ +# Microcode update mechanism for devices in field + +## Introduction + +Processor microcode (MCU) is akin to processor firmware. Processors may need updates to their microcode to operate correctly. These updates fix bugs/errata that can cause anything from incorrect processing, to code and data corruption, and system lockups. + +##Problem Statement + +As per chrome design, any field updatable FW has to be first verified by vboot (chrome root of trust - CROT) before it is allowed to run on the system. CROT executes on the CPU, hence FW such as MCU loaded before the CPU reset cannot be verified before it actually gets loaded. As a result today Chromebooks are not able to apply MCU in the field. This proposal tries to address the issue + +Prior to CPU reset, the CPU HW locates the FIT table from the storage, walks over the FIT table and picks-up the MCU that matches the CPU Family, Model, Stepping and PLATFORM ID with the highest revision ID. CPU verifies that MCU is signed by Intel and once verification is successful, it attempts to load the MCU. + +However FIT does not contain any fall back mechanism. If one MCU loading fails for whatever reason, it drops the further loading process and moves on to CPU reset. While it is fairly a remote chance, in case of any failure to load MCU which cause hang like situations before CPU reset, a platform based mechanism can be put in place to enter recovery mode. As detailed below, if we are using BUC register based top swap implementation, then an RTC reset may be required to clear top swap bit. + +## Design Proposal + +The proposal relies on the following Intel SoC features: + +1. Top swap, which enables the BIOS to have 2 bootblocks and bot from either using a RTC backed Top swap control bit in BUC register. +2. Firmware Interface Table (FIT) based MCU loading. + +The idea is to have 2 bootblocks, each having its own FIT table. The FIT in one of them will be configured to point to an MCU in RO firmware, and the FIT in other one will point to a fixed flash region (aka MCU staging area), which will contain an MCU from RW firmware. + +Top-swap feature of Intel CPUs, will be used to switch between 2 bootblocks, based on the bootmode i.e., recovery or normal/developer mode. + +Coreboot will keep the MCU staging area updated with the MCU from the currently selected RW firmware. + +## Implementation Details + +1. Create 2 BBs (bb_ro_ucode and bb_staged_ucode) each containing their own FIT tables. Both bootblocks will be in the RO section. + a. bb_ro_ucode contains a FIT which has pointer to MCU (microcode_blob.bin) which resides in RO section. This is will be used in the recovery scenario. + b. bb_staged_ucode is identical to bb_ro_ucode but contains a FIT which has pointer to a MCU that will reside in a staging area. +2. Create a MCU staging area + a. Reserve a region in the FMAP which is equal to or greater than the MCU size specified in the BWG for that SoC. This is a RW region just lke the RW_MRC_CACHE. + b. MCU from RW-A/RW-B will be copied to this region during boot. + c. A Flash Protected Range (FPR) should be configured to write protect this MCU Staging area. + d. bb_staged_ucode FIT points to the MCU in this staging area. +3. The resulting flash layout is shown below, +**Flash Layout** +![Flash Layout][flash_layout] +[flash_layout]: Flash_Layout.PNG + +4. The proposed design uses the PCR register based control for top-swap
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/34657
to look at the new patch set (#3).
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Documentation/soc/intel: Add documentation for MCU update
Change-Id: I3deb24550c1f1cd4c7b8082af75115ca174c295a Signed-off-by: Pandya, Varshit B varshit.b.pandya@intel.com --- A Documentation/soc/intel/ucode_update/Flash_Layout.PNG A Documentation/soc/intel/ucode_update/microcode_update_model.md 2 files changed, 43 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34657/3
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/34657
to look at the new patch set (#6).
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Documentation/soc/intel: Add documentation for MCU update
Change-Id: I3deb24550c1f1cd4c7b8082af75115ca174c295a Signed-off-by: Pandya, Varshit B varshit.b.pandya@intel.com --- A Documentation/soc/intel/ucode_update/Flash_Layout.PNG A Documentation/soc/intel/ucode_update/microcode_update_model.md 2 files changed, 43 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34657/6
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 7:
please follow https://doc.coreboot.org/getting_started/writing_documentation.html have a look at 5, 7, 8, 11
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/34657
to look at the new patch set (#11).
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Documentation/soc/intel: Add documentation for MCU update
Change-Id: I3deb24550c1f1cd4c7b8082af75115ca174c295a Signed-off-by: Pandya, Varshit B varshit.b.pandya@intel.com --- M Documentation/soc/intel/index.md A Documentation/soc/intel/ucode_update/flash_layout.png A Documentation/soc/intel/ucode_update/microcode_update_model.md 3 files changed, 78 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34657/11
Varshit B Pandya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 11:
Patch Set 7:
please follow https://doc.coreboot.org/getting_started/writing_documentation.html have a look at 5, 7, 8, 11
Hello Patrick, corrected the code, please check.
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 11:
(1 comment)
https://review.coreboot.org/c/coreboot/+/34657/10/Documentation/soc/intel/uc... File Documentation/soc/intel/ucode_update/Flash_Layout.PNG:
PS10: Do you know if there is a SVG version of this image? The current PNG is rather large in size.
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/34657
to look at the new patch set (#12).
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Documentation/soc/intel: Add documentation for MCU update
Change-Id: I3deb24550c1f1cd4c7b8082af75115ca174c295a Signed-off-by: Pandya, Varshit B varshit.b.pandya@intel.com --- M Documentation/soc/intel/index.md A Documentation/soc/intel/ucode_update/flash_layout.svg A Documentation/soc/intel/ucode_update/microcode_update_model.md 3 files changed, 80 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34657/12
Varshit B Pandya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 12:
Patch Set 11:
(1 comment)
Created and updated the SVG image
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 12:
Patch Set 12:
Patch Set 11:
(1 comment)
Created and updated the SVG image
Thank you. I have a problem when viewing the SVG, though: the right part is cut: https://imgur.com/7F5mrNO.png
Does this also happen to you?
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 12:
(1 comment)
Patch Set 12:
Patch Set 12:
Patch Set 11:
(1 comment)
Created and updated the SVG image
Thank you. I have a problem when viewing the SVG, though: the right part is cut: https://imgur.com/7F5mrNO.png
Does this also happen to you?
Found how to fix it :-)
https://review.coreboot.org/c/coreboot/+/34657/12/Documentation/soc/intel/uc... File Documentation/soc/intel/ucode_update/flash_layout.svg:
https://review.coreboot.org/c/coreboot/+/34657/12/Documentation/soc/intel/uc... PS12, Line 1: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="1380px" height="920px" viewBox="0 0 1380 920" preserveAspectRatio="xMidYMid meet" ><rect id="svgEditorBackground" x="0" y="0" width="1380" height="920" style="fill: none; stroke: none;"/> If you replace the ocurrences of '1380' with '1920' and the ocurrences of '920' with '1080', the entire image shows properly. The relevant numbers are in the first two XML <tags>:
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="1380px" height="920px" viewBox="0 0 1380 920" preserveAspectRatio="xMidYMid meet" ><rect id="svgEditorBackground" x="0" y="0" width="1380" height="920" style="fill: none; stroke: none;"/>
Hello Patrick Rudolph, Rizwan Qureshi, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/34657
to look at the new patch set (#13).
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Documentation/soc/intel: Add documentation for MCU update
Change-Id: I3deb24550c1f1cd4c7b8082af75115ca174c295a Signed-off-by: Pandya, Varshit B varshit.b.pandya@intel.com --- M Documentation/soc/intel/index.md A Documentation/soc/intel/ucode_update/flash_layout.svg A Documentation/soc/intel/ucode_update/microcode_update_model.md 3 files changed, 374 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/57/34657/13
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 14: Code-Review-1
(12 comments)
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... File Documentation/soc/intel/ucode_update/microcode_update_model.md:
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 1: Microcode update mechanism for devices in field #
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 5: Processor microcode (MCU) is akin to processor firmware. Processors may remove whitespace on all lines
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 6: need updates to their microcode to operate correctly. These updates fix whitespace
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 10: ##Problem Statement what about other microcode update mechanisms? Why isn't it sufficient to update in bootblock?
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 13: by vboot (chrome root of trust - CROT) before it is allowed to run on whitespace
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 17: proposal tries to address the issue period
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 19: Prior to CPU reset, the CPU HW locates the FIT table from the storage, FIT specific. move to FIT documentation.
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 37: 1. Top swap, which enables the BIOS to have 2 bootblocks and bot from boot
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 41: The idea is to have 2 bootblocks, each having its own FIT table. The FIT mention downsides
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 57: a. bb_ro_ucode contains a FIT which has pointer to MCU invalid identation
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 64: a. Reserve a region in the FMAP which is equal to or greater invalid identation
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 73: **Flash Layout** not shown
Rizwan Qureshi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 14:
(10 comments)
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... File Documentation/soc/intel/ucode_update/microcode_update_model.md:
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 1: Microcode update mechanism for devices in field
#
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 5: Processor microcode (MCU) is akin to processor firmware. Processors may
remove whitespace on all lines
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 6: need updates to their microcode to operate correctly. These updates fix
whitespace
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 10: ##Problem Statement
what about other microcode update mechanisms? […]
FIT based loading of MCU will make sure that the FW patches that are to be patched prior to reset are applied. Microcode update in BIOS e.g. during MP initialization, will not apply some FW patches. Hence the need to load the MCU via FIT.
Updated in the same in documentation
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 13: by vboot (chrome root of trust - CROT) before it is allowed to run on
whitespace
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 17: proposal tries to address the issue
period
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 19: Prior to CPU reset, the CPU HW locates the FIT table from the storage,
FIT specific. move to FIT documentation.
Putting this little FIT piece gives a complete picture of the update feature. We can add the same to FIT documentation as well.
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 57: a. bb_ro_ucode contains a FIT which has pointer to MCU
invalid identation
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 64: a. Reserve a region in the FMAP which is equal to or greater
invalid identation
Done
https://review.coreboot.org/c/coreboot/+/34657/14/Documentation/soc/intel/uc... PS14, Line 73: **Flash Layout**
not shown
Fixed. Let me know if you are able to see. I opened it in Atom IDE it shows the vector graphic.
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34657 )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Patch Set 14:
Please rebase to get it verified by the builders.
Stefan Reinauer has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/34657?usp=email )
Change subject: Documentation/soc/intel: Add documentation for MCU update ......................................................................
Abandoned
-
Angel Pons (Code Review) -
Patrick Rudolph (Code Review)
-
Paul Menzel (Code Review)
-
Rizwan Qureshi (Code Review)
-
Stefan Reinauer (Code Review)
-
Varshit B Pandya (Code Review)