Sridhar Siricilla has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
soc/intel/common: Boot time optimization
Th CSE RW blob which will be used by coreboot to update CSE RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly loads and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. The boot time impact is around 300ms.
The patch addresses boot time by pulling CSE RW blob outside of FW_MAIN_A/B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions as a CBFS file.
Changes: 1. Makefile changes to accommodate CSE RW blob part of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite driver
BUG=b:169077783 TEST=verified on hatch. Yet to verify on JSL/TGL platforms.
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 227 insertions(+), 60 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/1
diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig index 1cb7d35..0172fc2 100644 --- a/src/soc/intel/common/block/cse/Kconfig +++ b/src/soc/intel/common/block/cse/Kconfig @@ -37,3 +37,15 @@ default "" help Intel CSE CBFS RW blob path and file name + +config SOC_INTEL_CSE_RW_METADATA_CBFS_NAME + string "CBFS entry name for CSE RW blob" + default "me_rw_metadata" + help + CBFS entry name for Intel CSE CBFS RW blob + +config SOC_INTEL_CSE_RW_METADATA_FILE + string "Intel CSE CBFS RW path and filename" + default "" + help + Intel CSE CBFS RW blob path and file name diff --git a/src/soc/intel/common/block/cse/Makefile.inc b/src/soc/intel/common/block/cse/Makefile.inc index 11cc3c2..9543156 100644 --- a/src/soc/intel/common/block/cse/Makefile.inc +++ b/src/soc/intel/common/block/cse/Makefile.inc @@ -4,11 +4,21 @@ ramstage-$(CONFIG_SOC_INTEL_CSE_LITE_SKU) += cse_lite.c smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_HECI_DISABLE_IN_SMM) += disable_heci.c
+ ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"") -CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME)) -regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B -cbfs-files-y += $(CSE_LITE_ME_RW) -$(CSE_LITE_ME_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) -$(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW) -$(CSE_LITE_ME_RW)-type := raw +CSE_LITE_RW = $(call strip_quotes, $(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME)) +regions-for-file-$(CSE_LITE_RW) = FW_MAIN_A_EXTN,FW_MAIN_B_EXTN +cbfs-files-y += $(CSE_LITE_RW) +$(CSE_LITE_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) +$(CSE_LITE_RW)-name := $(CSE_LITE_RW) +$(CSE_LITE_RW)-type := raw +endif + +ifneq ($(CONFIG_SOC_INTEL_CSE_RW_METADATA_FILE),"") +CSE_LITE_RW_METADATA = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME)) +regions-for-file-$(CSE_LITE_RW_METADATA) = FW_MAIN_A,FW_MAIN_B +cbfs-files-y += $(CSE_LITE_RW_METADATA) +$(CSE_LITE_RW_METADATA)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_METADATA_FILE)) +$(CSE_LITE_RW_METADATA)-name := $(CSE_LITE_RW_METADATA) +$(CSE_LITE_RW_METADATA)-type := raw endif diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index c9e4e1f..5b50828 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -12,6 +12,11 @@ #include <vb2_api.h> #include <soc/intel/common/reset.h>
+ +#define FMAP_FW_MAIN_A_EXTN_NAME "FW_MAIN_A_EXTN" + +#define FMAP_FW_MAIN_B_EXTN_NAME "FW_MAIN_B_EXTN" + /* CSE RW version size reserved in the CSE CBFS RW binary */ #define CSE_RW_VERSION_SZ 16
@@ -64,7 +69,13 @@ CSE_LITE_SKU_COMMUNICATION_ERROR = 6,
/* Fails to wipe CSE runtime data */ - CSE_LITE_SKU_DATA_WIPE_ERROR = 7 + CSE_LITE_SKU_DATA_WIPE_ERROR = 7, + + /* CSE RW is not found */ + CSE_LITE_SKU_RW_BLOB_NOT_FOUND = 8, + + /* CSE CBFS RW SHA-256 mismatch with the provided SHA */ + CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH = 9 };
/* @@ -157,6 +168,43 @@ struct cse_bp_info bp_info; } __packed;
+/* CSE CBFS RW metadata */ +struct cse_cbfs_rw_info { + + /* This struct version */ + uint8_t version; + + /* CSE CBFS RW version */ + struct fw_version fw_ver; + + /* Ifwi build version */ + uint8_t ifwi_build_version; + + /* Indicate CSE CBFS RW is compressed or not */ + uint8_t compressed; + + /* SHA-256 of CSE CBFS RW */ + uint8_t hash[VB2_SHA256_DIGEST_SIZE]; + + uint8_t reserved[5]; +}; + +/* CSE Boot Partition Descriptor Table Header */ +struct cse_bpdt { + + /* Signature:0x000055AA is expected for a valid BP */ + uint32_t signature; + + /* reserved field */ + uint8_t reserved[8]; + + /* ifwi build version */ + uint32_t ifwi_build_ver; + + /* FIT tool version */ + struct fw_version fit_tool_ver; +}; + static void cse_log_status_registers(void) { printk(BIOS_DEBUG, "cse_lite: CSE status registers: HFSTS1: 0x%x, HFSTS2: 0x%x " @@ -419,11 +467,38 @@ return true; }
+static bool cse_get_cbfs_rw(struct region_device *rdev) +{ + const char *fmap_fw_main_extn; + uint32_t cbfs_type = CBFS_TYPE_RAW; + static struct cbfsf fh; + struct vb2_context *ctx = vboot_get_context(); + if (ctx == NULL) + return false; + + if (vboot_is_firmware_slot_a(ctx)) + fmap_fw_main_extn = FMAP_FW_MAIN_A_EXTN_NAME; + else + fmap_fw_main_extn = FMAP_FW_MAIN_B_EXTN_NAME; + + if (cbfs_locate_file_in_region(&fh, fmap_fw_main_extn, + CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, &cbfs_type)) { + printk(BIOS_ERR, "cse_lite: Failed to locate %s in the %s", + CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, fmap_fw_main_extn); + + return false; + } + + cbfs_file_data(rdev, &fh); + + return true; +} + static bool cse_get_cbfs_rdev(struct region_device *source_rdev) { struct cbfsf file_desc;
- if (cbfs_boot_locate(&file_desc, CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, NULL) < 0) + if (cbfs_boot_locate(&file_desc, CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME, NULL) < 0) return false;
cbfs_file_data(source_rdev, &file_desc); @@ -503,15 +578,32 @@ return true; }
-static bool cse_get_cbfs_rw_version(const struct region_device *source_rdev, - void *cse_cbfs_rw_ver) +static bool cse_get_cbfs_rw_metadata(const struct region_device *source_info_rdev, + struct cse_cbfs_rw_info *source_info) {
- if (rdev_readat(source_rdev, (void *) cse_cbfs_rw_ver, 0, sizeof(struct fw_version)) - != sizeof(struct fw_version)) { - printk(BIOS_ERR, "cse_lite: Failed to read CSE CBFW RW version\n"); + if (rdev_readat(source_info_rdev, (void *) source_info, 0, + sizeof(struct cse_cbfs_rw_info)) != sizeof(struct cse_cbfs_rw_info)) { + printk(BIOS_ERR, "cse_lite: Failed to read CSE CBFW RW blob metadata\n"); return false; } + + printk(BIOS_SPEW, "cse_lite: version: %d\n", source_info->version); + printk(BIOS_SPEW, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n", + source_info->fw_ver.major, + source_info->fw_ver.minor, + source_info->fw_ver.hotfix, + source_info->fw_ver.build); + printk(BIOS_SPEW, "cse_lite: IFWI build version: 0x%x\n", + source_info->ifwi_build_version); + printk(BIOS_SPEW, "cse_lite: compressed blob: 0x%x\n", + source_info->compressed); + printk(BIOS_SPEW, "cse_lite: RW blob hash: "); + + for (uint8_t i = 0; i < 32; i++) + printk(BIOS_SPEW, "%x", source_info->hash[i]); + + printk(BIOS_SPEW, "\n"); return true; }
@@ -522,30 +614,27 @@ * If ver_cmp_status > 0, coreboot upgrades CSE RW region */ static int cse_check_version_mismatch(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_cbfs_rw_info *source_info) { - struct fw_version cse_cbfs_rw_ver; const struct fw_version *cse_rw_ver;
- if (!cse_get_cbfs_rw_version(source_rdev, &cse_cbfs_rw_ver)) - return false;
printk(BIOS_DEBUG, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n", - cse_cbfs_rw_ver.major, - cse_cbfs_rw_ver.minor, - cse_cbfs_rw_ver.hotfix, - cse_cbfs_rw_ver.build); + source_info->fw_ver.major, + source_info->fw_ver.minor, + source_info->fw_ver.hotfix, + source_info->fw_ver.build);
cse_rw_ver = cse_get_rw_version(cse_bp_info);
- if (cse_cbfs_rw_ver.major != cse_rw_ver->major) - return cse_cbfs_rw_ver.major - cse_rw_ver->major; - else if (cse_cbfs_rw_ver.minor != cse_rw_ver->minor) - return cse_cbfs_rw_ver.minor - cse_rw_ver->minor; - else if (cse_cbfs_rw_ver.hotfix != cse_rw_ver->hotfix) - return cse_cbfs_rw_ver.hotfix - cse_rw_ver->hotfix; + if (source_info->fw_ver.major != cse_rw_ver->major) + return source_info->fw_ver.major - cse_rw_ver->major; + else if (source_info->fw_ver.minor != cse_rw_ver->minor) + return source_info->fw_ver.minor - cse_rw_ver->minor; + else if (source_info->fw_ver.hotfix != cse_rw_ver->hotfix) + return source_info->fw_ver.hotfix - cse_rw_ver->hotfix; else - return cse_cbfs_rw_ver.build - cse_rw_ver->build; + return source_info->fw_ver.build - cse_rw_ver->build; }
/* Check if CSE RW data partition is valid or not */ @@ -557,6 +646,21 @@ return rw_bp->status != BP_STATUS_DATA_FAILURE; }
+static int cse_is_ifwi_build_version_latest(const struct cse_cbfs_rw_info *source_info, + const struct region_device *target_dev) +{ + uint32_t ifwi_build_ver; + uint8_t ifwi_build_ver_offset = offsetof(struct cse_bpdt, ifwi_build_ver); + + if (rdev_readat(target_dev, &ifwi_build_ver, ifwi_build_ver_offset, + sizeof(ifwi_build_ver)) != sizeof(ifwi_build_ver)) { + printk(BIOS_ERR, "cse_lite: Failed to read OEM Version CSE RW partition\n"); + return false; + } + + return (ifwi_build_ver == source_info->ifwi_build_version); +} + /* * It returns true if RW partition doesn't indicate BP_STATUS_DATA_FAILURE * otherwise false if any operation fails. @@ -587,8 +691,8 @@ return true; }
-static bool cse_copy_rw(const struct region_device *target_rdev, const void *buf, size_t offset, - size_t size) +static bool cse_copy_rw(const struct region_device *target_rdev, const void *buf, + size_t offset, size_t size) { if (rdev_writeat(target_rdev, buf, offset, size) < 0) { printk(BIOS_ERR, "cse_lite: Failed to update CSE firmware\n"); @@ -599,36 +703,33 @@ }
static bool cse_is_rw_version_latest(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_cbfs_rw_info *source_info) { - return !cse_check_version_mismatch(cse_bp_info, source_rdev); + return !cse_check_version_mismatch(cse_bp_info, source_info); }
static bool cse_is_downgrade_instance(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_cbfs_rw_info *source_info) { - return cse_check_version_mismatch(cse_bp_info, source_rdev) < 0; + return cse_check_version_mismatch(cse_bp_info, source_info) < 0; }
static bool cse_is_update_required(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev, struct region_device *target_rdev) + const struct cse_cbfs_rw_info *source_info, struct region_device *target_rdev) { return (!cse_is_rw_bp_sign_valid(target_rdev) || - !cse_is_rw_version_latest(cse_bp_info, source_rdev)); + !cse_is_rw_version_latest(cse_bp_info, source_info) || + !cse_is_ifwi_build_version_latest(source_info, target_rdev)); }
static bool cse_write_rw_region(const struct region_device *target_rdev, - const struct region_device *source_rdev) + const void *cse_cbfs_rw, const size_t cse_cbfs_rw_sz) { - void *cse_cbfs_rw = rdev_mmap(source_rdev, CSE_RW_VERSION_SZ, - region_device_sz(source_rdev) - CSE_RW_VERSION_SZ); - /* Points to CSE CBFS RW image after boot partition signature */ uint8_t *cse_cbfs_rw_wo_sign = (uint8_t *)cse_cbfs_rw + CSE_RW_SIGN_SIZE;
/* Size of CSE CBFS RW image without boot partition signature */ - uint32_t cse_cbfs_rw_wo_sign_sz = region_device_sz(source_rdev) - - (CSE_RW_VERSION_SZ + CSE_RW_SIGN_SIZE); + uint32_t cse_cbfs_rw_wo_sign_sz = cse_cbfs_rw_sz - CSE_RW_SIGN_SIZE;
/* Update except CSE RW signature */ if (!cse_copy_rw(target_rdev, cse_cbfs_rw_wo_sign, CSE_RW_SIGN_SIZE, @@ -639,21 +740,19 @@ if (!cse_copy_rw(target_rdev, (void *)cse_cbfs_rw, 0, CSE_RW_SIGN_SIZE)) goto exit_rw_update;
- rdev_munmap(source_rdev, cse_cbfs_rw_wo_sign); return true;
exit_rw_update: - rdev_munmap(source_rdev, cse_cbfs_rw_wo_sign); return false; }
-static bool cse_update_rw(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev, struct region_device *target_rdev) +static bool cse_update_rw(const struct cse_bp_info *cse_bp_info, const void *cse_cbfs_rw, + const size_t cse_blob_sz, struct region_device *target_rdev) { if (!cse_erase_rw_region(target_rdev)) return false;
- if (!cse_write_rw_region(target_rdev, source_rdev)) + if (!cse_write_rw_region(target_rdev, cse_cbfs_rw, cse_blob_sz)) return false;
printk(BIOS_INFO, "cse_lite: CSE RW Update Successful\n"); @@ -661,7 +760,7 @@ }
static bool cse_prep_for_rw_update(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_cbfs_rw_info *source_info) { /* * To set CSE's operation mode to HMRFPO mode: @@ -671,7 +770,7 @@ if (!cse_boot_to_ro(cse_bp_info)) return false;
- if (cse_is_downgrade_instance(cse_bp_info, source_rdev) && + if (cse_is_downgrade_instance(cse_bp_info, source_info) && !cse_data_clear_request(cse_bp_info)) { printk(BIOS_ERR, "cse_lite: CSE FW downgrade is aborted\n"); return false; @@ -680,20 +779,54 @@ return cse_hmrfpo_enable(); }
-static uint8_t cse_trigger_fw_update(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev, struct region_device *target_rdev) +/* The function calculates SHA-256 of CSE RW blob and compares it with the provided SHA value */ +static uint8_t cse_verify_rw_blob_sha256(const uint8_t *expected_rw_blob_sha, + const void *rw_blob, const size_t rw_blob_sz) + { - if (!cse_prep_for_rw_update(cse_bp_info, source_rdev)) + uint8_t rw_comp_sha[VB2_SHA256_DIGEST_SIZE]; + + if (!vb2_digest_buffer(rw_blob, rw_blob_sz, VB2_HASH_SHA256, rw_comp_sha, + VB2_SHA256_DIGEST_SIZE)) { + printk(BIOS_ERR, "cse_lite: CSE RW blob SHA-256 calculation has failed\n"); + return false; + } + + if (!memcmp(expected_rw_blob_sha, rw_comp_sha, VB2_SHA256_DIGEST_SIZE)) { + printk(BIOS_ERR, "cse_lite: Computed SHA is not matching with the given SHA\n"); + return false; + } + + return true; +} + +static uint8_t cse_trigger_fw_update(const struct cse_bp_info *cse_bp_info, + const struct cse_cbfs_rw_info *source_info, struct region_device *target_rdev) +{ + + struct region_device source_rdev; + + if (!cse_get_cbfs_rw(&source_rdev)) + return CSE_LITE_SKU_RW_BLOB_NOT_FOUND; + + void *cse_cbfs_rw = rdev_mmap(&source_rdev, 0, region_device_sz(&source_rdev)); + + if (cse_verify_rw_blob_sha256(source_info->hash, cse_cbfs_rw, + region_device_sz(&source_rdev))) + return CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH; + + if (!cse_prep_for_rw_update(cse_bp_info, source_info)) return CSE_LITE_SKU_COMMUNICATION_ERROR;
- if (!cse_update_rw(cse_bp_info, source_rdev, target_rdev)) + if (!cse_update_rw(cse_bp_info, cse_cbfs_rw, region_device_sz(&source_rdev), + target_rdev)) return CSE_LITE_SKU_FW_UPDATE_ERROR;
return 0; }
static uint8_t cse_fw_update(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct region_device *source_info_rdev) { struct region_device target_rdev;
@@ -702,9 +835,17 @@ return CSE_LITE_SKU_RW_ACCESS_ERROR; }
- if (cse_is_update_required(cse_bp_info, source_rdev, &target_rdev)) { + struct cse_cbfs_rw_info source_info; + + /* Read CSE RW blob metadata */ + if (!cse_get_cbfs_rw_metadata(source_info_rdev, &source_info)) { + printk(BIOS_ERR, "cse_lite: Failed to get CSE RW blob metadata\n"); + return CSE_LITE_SKU_UNSPECIFIED; + } + + if (cse_is_update_required(cse_bp_info, &source_info, &target_rdev)) { printk(BIOS_DEBUG, "cse_lite: CSE RW update is initiated\n"); - return cse_trigger_fw_update(cse_bp_info, source_rdev, &target_rdev); + return cse_trigger_fw_update(cse_bp_info, &source_info, &target_rdev); }
if (!cse_is_rw_bp_status_valid(cse_bp_info)) @@ -736,11 +877,15 @@ if (!cse_fix_data_failure_err(&cse_bp_info.bp_info)) cse_trigger_recovery(CSE_LITE_SKU_DATA_WIPE_ERROR);
- /* If RW blob is present in CBFS, then trigger CSE firmware update */ + /* + * If RW blob metadata is present in CBFS, then trigger CSE firmware update. + * The driver triggers if RW blob metadata is present in the CBFS and RW blob is not + * available. + */ uint8_t rv; - struct region_device source_rdev; - if (cse_get_cbfs_rdev(&source_rdev)) { - rv = cse_fw_update(&cse_bp_info.bp_info, &source_rdev); + struct region_device source_info_rdev; + if (cse_get_cbfs_rdev(&source_info_rdev)) { + rv = cse_fw_update(&cse_bp_info.bp_info, &source_info_rdev); if (rv) cse_trigger_recovery(rv); }
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#2).
Change subject: soc/intel/common: Boot time optimization ......................................................................
soc/intel/common: Boot time optimization
Th CSE RW blob which will be used by coreboot to update CSE RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. The boot time impact is around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A/B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions as a CBFS file.
Changes: 1. Makefile changes to accommodate CSE RW blob part of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite driver
BUG=b:169077783 TEST=verified on hatch. Yet to verify on JSL/TGL platforms.
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 216 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/2
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#3).
Change subject: soc/intel/common: Boot time optimization ......................................................................
soc/intel/common: Boot time optimization
Th CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. The boot time impact is around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A/B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions as a CBFS file.
Changes: 1. Makefile changes to accommodate CSE RW blob part of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite driver
BUG=b:169077783 TEST=verified on hatch. Yet to verify on JSL/TGL platforms.
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 216 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/3
Nick Vaccaro has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
Patch Set 3:
(3 comments)
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 630: int bool ?
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 646: uint8_t bool ?
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 793: uint8_t Perhaps add "CSE_LITE_SKU_NO_ERROR = 0" to the enum csme_failure_reason and then have this routine declare that it returns an enum csme_failure_reason?
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#4).
Change subject: soc/intel/common: Boot time optimization ......................................................................
soc/intel/common: Boot time optimization
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It impacts the boot time around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A/B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions(FW_MAIN_A_EXTN/FW_MAIN_B_EXTN) as a CBFS file.
Changes: 1. Makefile changes to accommodate CSE RW blob part of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite driver
BUG=b:169077783 TEST=Verified on hatch and JSL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 222 insertions(+), 64 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/4
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
Patch Set 4:
(3 comments)
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 630: int
bool ?
Done
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 646: uint8_t
bool ?
Done
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 793: uint8_t
Perhaps add "CSE_LITE_SKU_NO_ERROR = 0" to the enum csme_failure_reason and then have this routine d […]
Yes, it make sense to me.
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
Patch Set 4:
(4 comments)
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@7 PS4, Line 7: Boot time optimization Please make it a statement by using a verb (in imperative mood).
Move CSE RW into new FMAP region to decrease boot time by 300 ms
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@12 PS4, Line 12: impacts increases the boot time by around 300 ms.
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@28 PS4, Line 28: TEST=Verified on hatch and JSL platforms What is the old boot time, and what is the new one?
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@29 PS4, Line 29: What commit does it fix? Please add a Fixes tag.
Jamie Ryu has uploaded a new patch set (#5) to the change originally created by Sridhar Siricilla. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
soc/intel/common: Boot time optimization
Th CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. The boot time impact is around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A/B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions as a CBFS file.
Changes: 1. Makefile changes to accommodate CSE RW blob part of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite driver
BUG=b:169077783 TEST=verified on hatch. Yet to verify on JSL/TGL platforms.
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 216 insertions(+), 59 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/5
Tim Wawrzynczak has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
Patch Set 5:
We still need to evaluate the downstream effects of this change on the rest of our infrastructure, tooling, etc. That's not to say we won't go this route, but we need to be a little more thorough with making sure all of our ebuilds, other tools, etc. that rely on the current flash layout to make sure they are up to date with this as well.
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Boot time optimization ......................................................................
Patch Set 5:
Patch Set 5:
We still need to evaluate the downstream effects of this change on the rest of our infrastructure, tooling, etc. That's not to say we won't go this route, but we need to be a little more thorough with making sure all of our ebuilds, other tools, etc. that rely on the current flash layout to make sure they are up to date with this as well.
+1 to what Tim said. There are a number of factors that will have to be evaluated to ensure that we do not silently break or cause incompatibilities with any of the existing infrastructure: 1. Signer 2. Futility 3. Firmware updater (both RO+RW as well as RW only) 4. Autotest lab firmware recovery 5. FAFT ...
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#6).
Change subject: soc/intel/common: Boot time optimization ......................................................................
soc/intel/common: Boot time optimization
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions(FW_MAIN_A_EXTN and FW_MAIN_B_EXTN) as a CBFS file.
The driver provides Kconfig options to place CSE RW blob into FW_MAIN_X or FW_MAIN_X_EXTN. These config options are CONFG_SOC_INTEL_CSE_LITE_SKU_1_0 and CONFIG_SOC_INTEL_CSE_LITE_SKU_2_0.
Chose Kconfig: CONFIG_SOC_INTEL_CSE_LITE_SKU_1_0 : To place CSE RW blob into FW_MAIN_A and FW_MAIN_B. CONFIG_SOC_INTEL_CSE_LITE_SKU_2_0 : To place CSE RW blob into FW_MAIN_A_EXTN and FW_MAIN_B_EXTN.
Boot Time Measurement details with CONFIG_SOC_INTEL_CSE_LITE_SKU_2_0: -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile changes to accommodate CSE RW blob part of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on hatch, JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 141 insertions(+), 23 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/6
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#7).
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
soc/intel/common: Move CSE RW into new FMAP region to optimize boot time
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions (FW_MAIN_A_EXTN and FW_MAIN_B_EXTN) as a CBFS file.
Also, the driver look for CSE RW blob based on the Kconfig configuration. The Kconfig options are CONFG_SOC_INTEL_CSE_LITE_SKU_1_0 and CONFIG_SOC_INTEL_CSE_LITE_SKU_2_0.
Usage of Kconfig options:
CONFIG_SOC_INTEL_CSE_LITE_SKU_1_0 : If FMAP change is made to add CSE RW blob into FW_MAIN_A and FW_MAIN_B FMAP regions.
CONFIG_SOC_INTEL_CSE_LITE_SKU_2_0 : If FMAP change is made to add CSE RW blob into FW_MAIN_A_EXTN and FW_MAIN_B_EXTN FMAP regions.
Boot Time Measurement details when CSE RW blob is added in the FW_MAIN_A_EXTN and FW_MAIN_B_EXTN. -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile changes to accommodate CSE RW blob into of FW_MAIN_A_EXTN/ FW_MAIN_B_EXTN or FW_MAIN_A and FW_MAIN_B and add RW blob metadata file part of FW_MAIN_A/B. 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on hatch, JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 141 insertions(+), 23 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/7
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 7:
Patch Set 5:
Patch Set 5:
We still need to evaluate the downstream effects of this change on the rest of our infrastructure, tooling, etc. That's not to say we won't go this route, but we need to be a little more thorough with making sure all of our ebuilds, other tools, etc. that rely on the current flash layout to make sure they are up to date with this as well.
+1 to what Tim said. There are a number of factors that will have to be evaluated to ensure that we do not silently break or cause incompatibilities with any of the existing infrastructure:
- Signer
- Futility
- Firmware updater (both RO+RW as well as RW only)
- Autotest lab firmware recovery
- FAFT
...
Sridhar/Rizwan - have you evaluated the impact of the change on rest of the infrastructure? Is this captured anywhere?
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 7:
(4 comments)
Patch Set 7:
Patch Set 5:
Patch Set 5:
We still need to evaluate the downstream effects of this change on the rest of our infrastructure, tooling, etc. That's not to say we won't go this route, but we need to be a little more thorough with making sure all of our ebuilds, other tools, etc. that rely on the current flash layout to make sure they are up to date with this as well.
+1 to what Tim said. There are a number of factors that will have to be evaluated to ensure that we do not silently break or cause incompatibilities with any of the existing infrastructure:
- Signer
- Futility
- Firmware updater (both RO+RW as well as RW only)
- Autotest lab firmware recovery
- FAFT
...
Sridhar/Rizwan - have you evaluated the impact of the change on rest of the infrastructure? Is this captured anywhere?
@Tim/@Furquan, We have evaluated and capured impact of FMAP change on coreboots' test and development infra @ https://docs.google.com/document/d/1WlYqzUbdexHvB_xEF7UZ_PGXZS_3-lQ6z0DWnIW4...
Please review and let us know your comments.
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@7 PS4, Line 7: Boot time optimization
Please make it a statement by using a verb (in imperative mood). […]
Done
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@12 PS4, Line 12: impacts
increases the boot time by around 300 ms.
Done
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@28 PS4, Line 28: TEST=Verified on hatch and JSL platforms
What is the old boot time, and what is the new one?
Ack
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/3/src/soc/intel/common/block/... PS3, Line 793: uint8_t
Yes, it make sense to me.
Done
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Nick Vaccaro, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#9).
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata
The patch modifies CSE Lite driver to support to have separate CBFS file for metadata of RW blobs. So, the driver expects separate CBFS files for CSE RW and it's metadata. Also, the driver initiates CSE Firmware update if it finds the metadata CBFS file. Currently, CSE RW blob and it's metadata were merged into one RW blob.
BUG=b:169077783 TEST=Build for hatch
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 198 insertions(+), 66 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/9
V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
Patch Set 9:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/9/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/9/src/soc/intel/common/block/... PS9, Line 159: struct cse_cbfs_rw_info { metadata structure is already defined in https://review.coreboot.org/c/coreboot/+/47431/7/src/soc/intel/common/block/...
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Nick Vaccaro, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#10).
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata
The patch modifies CSE Lite driver to support to have separate CBFS file for metadata of RW blobs. So, the driver expects separate CBFS files for CSE RW and it's metadata. Also, the driver initiates CSE Firmware update if it finds the metadata CBFS file. Currently, CSE RW blob and it's metadata were merged into one RW blob.
BUG=b:169077783 TEST=Build for hatch
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 199 insertions(+), 66 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/10
Tim Wawrzynczak has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
Patch Set 10:
(10 comments)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 73: 9 nit: `9,`
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 166: authenticness authenticity
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 167: containing precalculated containing a precalculated
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 167: of CSE of the CSE
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 169: Fimrware firmware
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 562: (void *) unnecessary cast, any pointer type can automatically cast to `void *`
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 626: is not matching with "does not match"
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 630: with remove this word
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 725: exit_rw_update: this label is now obsolete; the above gotos can just be changed to `return false`
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 773: ``` if (!cse_cbfs_rw) { rv = CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH goto error_exit; } ```
Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
Patch Set 10:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 159: struct cse_cbfs_rw_info { This seems a duplicate definition of struct cse_rw_metadata. Can that be reused?
Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
Patch Set 10:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 542: static Why static?
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
Patch Set 10:
(18 comments)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 33: FW_MAIN_A CSE_RW_A
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 40: FW_MAIN_B CSE_RW_B
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 47: CSE_LITE_SKU_NO_ERROR = 0, nit: blank line after this to match the other entries in the enum.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 49: = 1, General comment: Why do we need to manually assign numbers to each of the enums? It should be fine to drop the "= <number>" since these are just assigned one after the other.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 159: struct cse_cbfs_rw_info { This structure definition is not required. This is exactly the same as `struct cse_rw_metadata`. We don't need to define a separate structure in this file.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 436: cse_get_cbfs_rdev This function can now be completely dropped. See my comments below.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 523: if the CSE CBFS RW placed outside : * of FW_MAIN_A and FW_MAIN_B. This is currently always true. I don't think this comment is required.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 535: return NULL; deadcode.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 590: source_info cse_rw_metadata
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 601: : if (source_info->fw_ver.major != cse_rw_ver->major) : return source_info->fw_ver.major - cse_rw_ver->major; : else if (source_info->fw_ver.minor != cse_rw_ver->minor) : return source_info->fw_ver.minor - cse_rw_ver->minor; : else if (source_info->fw_ver.hotfix != cse_rw_ver->hotfix) : return source_info->fw_ver.hotfix - cse_rw_ver->hotfix; : else : return source_info->fw_ver.build - cse_rw_ver->build; This should be changed to: return memcmp(cse_rw_ver, cse_rw_metadata->fw_version, sizeof(*cse_rw_ver));
There is no benefit of comparing each field individually here. memcmp already provides you the same functionality.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 764: *source_info cse_rw_metadata
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 768: cse_get_cbfs_rw Probably name cse_get_source_rdev()?
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 771: enum csme_failure_reason rv; Place all the declarations at the start of the function.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 772: rdev_mmap(&source_rdev, 0, region_device_sz(&source_rdev)); rdev_mmap_full(&source_rdev);
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 794: const struct region_device *source_info_rdev This parameter is not required at all with the Kconfig check in caller.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 803: struct cse_cbfs_rw_info source_info; : : /* Read CSE CBFS RW metadata */ : if (!cse_get_cbfs_rw_metadata(source_info_rdev, &source_info)) { : printk(BIOS_ERR, "cse_lite: Failed to get CSE RW blob metadata\n"); : return CSE_LITE_SKU_UNSPECIFIED; : } This can be simplified as mentioned below:
``` struct cse_rw_metadata cse_rw_metadata; if (cbfs_boot_load_file(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME, &cse_rw_metadata, sizeof(cse_rw_metadata), CBFS_TYPE_STRUCT) != sizeof(cse_rw_metadata) { printk(...); return CSE_LITE_SKU_RW_BLOB_NOT_FOUND; } ```
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 811: &source_info This will then change to `&cse_rw_metadata`.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 851: struct region_device source_info_rdev; : if (cse_get_cbfs_rdev(&source_info_rdev)) Things actually become much simpler now that the CBFS file is added as a struct. All you need to do is: ``` struct cse_rw_metadata cse_rw_metadata; if (cbfs_boot_load_file(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME, &cse_rw_metadata, sizeof(cse_rw_metadata), CBFS_TYPE_STRUCT) != sizeof(cse_rw_metadata) { printk(...); } ```
Also combining this with earlier suggestion of using Kconfig, I think this should now be something like:
``` if (CONFIG(SOC_INTEL_CSE_RW_UPDATE)) { rv = cse_fw_update(&cse_bp_info.bp_info); if (rv) cse_trigger_recovery(rv); }
... ```
Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Add support for CSE Lite driver to handle CSE RW and metadata ......................................................................
Patch Set 10:
(2 comments)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 568: printk(BIOS_SPEW, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n", : source_info->fw_ver.major, : source_info->fw_ver.minor, : source_info->fw_ver.hotfix, : source_info->fw_ver.build); Logged again in line 594. So not required.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 576: for (uint8_t i = 0; i < VB2_SHA256_DIGEST_SIZE; i++) : printk(BIOS_SPEW, "%x", source_info->hash[i]); : : printk(BIOS_SPEW, "\n"); Do we need to log SHA Digest? Not sure how it helps with debugging.
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Nick Vaccaro, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#11).
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
soc/intel/common: Move CSE RW into new FMAP region to optimize boot time
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions (ME_RW_A and ME_RW_B) as a CBFS file.
Boot Time Measurement details when CSE RW blob is added in the ME_RW_A and ME_RW_B. -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile change to accommodate CSE RW blob into ME_RW_A/ME_RW_B 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 165 insertions(+), 87 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/11
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 11:
(33 comments)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 33: FW_MAIN_A
CSE_RW_A
ME_RW_A (inline with SI_ME) will be used for consistency
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 40: FW_MAIN_B
CSE_RW_B
ME_RW_B will be used for consistency
https://review.coreboot.org/c/coreboot/+/46312/9/src/soc/intel/common/block/... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/9/src/soc/intel/common/block/... PS9, Line 159: struct cse_cbfs_rw_info {
metadata structure is already defined in https://review.coreboot. […]
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 47: CSE_LITE_SKU_NO_ERROR = 0,
nit: blank line after this to match the other entries in the enum.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 49: = 1,
General comment: Why do we need to manually assign numbers to each of the enums? It should be fine t […]
True, I assigned numbers manually so as to quickly identify value to enum definition.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 73: 9
nit: `9,`
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 159: struct cse_cbfs_rw_info {
This seems a duplicate definition of struct cse_rw_metadata. […]
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 159: struct cse_cbfs_rw_info {
This structure definition is not required. This is exactly the same as `struct cse_rw_metadata`. […]
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 166: authenticness
authenticity
structure is removed.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 167: containing precalculated
containing a precalculated
structure is removed.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 167: of CSE
of the CSE
structure is removed.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 169: Fimrware
firmware
structure is removed.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 436: cse_get_cbfs_rdev
This function can now be completely dropped. See my comments below.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 523: if the CSE CBFS RW placed outside : * of FW_MAIN_A and FW_MAIN_B.
This is currently always true. I don't think this comment is required.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 535: return NULL;
deadcode.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 542: static
Why static?
Static is not required. Thanks
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 562: (void *)
unnecessary cast, any pointer type can automatically cast to `void *`
The function is removed.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 568: printk(BIOS_SPEW, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n", : source_info->fw_ver.major, : source_info->fw_ver.minor, : source_info->fw_ver.hotfix, : source_info->fw_ver.build);
Logged again in line 594. So not required.
The function is removed
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 576: for (uint8_t i = 0; i < VB2_SHA256_DIGEST_SIZE; i++) : printk(BIOS_SPEW, "%x", source_info->hash[i]); : : printk(BIOS_SPEW, "\n");
Do we need to log SHA Digest? Not sure how it helps with debugging.
The function is removed
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 590: source_info
cse_rw_metadata
source_info or source_metadata?
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 601: : if (source_info->fw_ver.major != cse_rw_ver->major) : return source_info->fw_ver.major - cse_rw_ver->major; : else if (source_info->fw_ver.minor != cse_rw_ver->minor) : return source_info->fw_ver.minor - cse_rw_ver->minor; : else if (source_info->fw_ver.hotfix != cse_rw_ver->hotfix) : return source_info->fw_ver.hotfix - cse_rw_ver->hotfix; : else : return source_info->fw_ver.build - cse_rw_ver->build;
This should be changed to: […]
memcmp() does a byte wise comparison.So, it doesn't work here. For example, when comparing two CSE Kit versions (having build numbers CBFS RW blob# 954, RW partition# 1234,), memcmp() compares first byte in the build numbers and returns 20. So, we can't use memcmp here.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 626: is not matching with
"does not match"
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 630: with
remove this word
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 725: exit_rw_update:
this label is now obsolete; the above gotos can just be changed to `return false`
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 764: *source_info
cse_rw_metadata
source_info or source_metadata?
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 768: cse_get_cbfs_rw
Probably name cse_get_source_rdev()?
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 771: enum csme_failure_reason rv;
Place all the declarations at the start of the function.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 772: rdev_mmap(&source_rdev, 0, region_device_sz(&source_rdev));
rdev_mmap_full(&source_rdev);
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 773:
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 794: const struct region_device *source_info_rdev
This parameter is not required at all with the Kconfig check in caller.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 803: struct cse_cbfs_rw_info source_info; : : /* Read CSE CBFS RW metadata */ : if (!cse_get_cbfs_rw_metadata(source_info_rdev, &source_info)) { : printk(BIOS_ERR, "cse_lite: Failed to get CSE RW blob metadata\n"); : return CSE_LITE_SKU_UNSPECIFIED; : }
This can be simplified as mentioned below: […]
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 811: &source_info
This will then change to `&cse_rw_metadata`.
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 851: struct region_device source_info_rdev; : if (cse_get_cbfs_rdev(&source_info_rdev))
Things actually become much simpler now that the CBFS file is added as a struct. […]
Ack
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 11:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@29 PS4, Line 29:
What commit does it fix? Please add a Fixes tag.
Sorry, I didn't get you. Can you elaborate?
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 11:
(3 comments)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 49: = 1,
True, I assigned numbers manually so as to quickly identify value to enum definition.
Ack.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 601: : if (source_info->fw_ver.major != cse_rw_ver->major) : return source_info->fw_ver.major - cse_rw_ver->major; : else if (source_info->fw_ver.minor != cse_rw_ver->minor) : return source_info->fw_ver.minor - cse_rw_ver->minor; : else if (source_info->fw_ver.hotfix != cse_rw_ver->hotfix) : return source_info->fw_ver.hotfix - cse_rw_ver->hotfix; : else : return source_info->fw_ver.build - cse_rw_ver->build;
memcmp() does a byte wise comparison.So, it doesn't work here. […]
Ack. My bad.
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 764: *source_info
source_info or source_metadata?
I think it would be good to have "metadata" in the name just to make it easier to relate that this is cse_rw_metadata structure. Maybe go with source_metadata?
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 11:
(5 comments)
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 35: Location Name of CSE RW A region in FMAP
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 42: Location of CSE RW B in FMAP Name of CSE RW A region in FMAP
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 504: nit: extra blank space not required.
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 506: nit: extra blank space not required.
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 797: SOC_INTEL_CSE_RW_UPDATE This still needs to be defined in one of the preceding CLs.
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Nick Vaccaro, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#13).
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
soc/intel/common: Move CSE RW into new FMAP region to optimize boot time
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions (ME_RW_A and ME_RW_B) as a CBFS file.
Boot Time Measurement details when CSE RW blob is added in the ME_RW_A and ME_RW_B. -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile change to accommodate CSE RW blob into ME_RW_A/ME_RW_B 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 167 insertions(+), 87 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/13
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 13:
(9 comments)
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 33: FW_MAIN_A
ME_RW_A (inline with SI_ME) will be used for consistency
Done
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 40: FW_MAIN_B
ME_RW_B will be used for consistency
Done
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 35: Location
Name of CSE RW A region in FMAP
Ack
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 42: Location of CSE RW B in FMAP
Name of CSE RW A region in FMAP
Ack
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 590: source_info
source_info or source_metadata?
Done
https://review.coreboot.org/c/coreboot/+/46312/10/src/soc/intel/common/block... PS10, Line 764: *source_info
I think it would be good to have "metadata" in the name just to make it easier to relate that this i […]
Done
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... File src/soc/intel/common/block/cse/cse_lite.c:
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 504:
nit: extra blank space not required.
Ack
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 506:
nit: extra blank space not required.
Ack
https://review.coreboot.org/c/coreboot/+/46312/11/src/soc/intel/common/block... PS11, Line 797: SOC_INTEL_CSE_RW_UPDATE
This still needs to be defined in one of the preceding CLs.
done
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 14:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/14/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/14/src/soc/intel/common/block... PS14, Line 38: SOC_INTEL_CSE_RW_A_FMAP_NAME These also need to be within SOC_INTEL_CSE_RW_UPDATE if block below.
Hello V Sowmya, build bot (Jenkins), Furquan Shaikh, Jamie Ryu, Patrick Georgi, Martin Roth, Rizwan Qureshi, Nick Vaccaro, Krishna P Bhat D, Tim Wawrzynczak, Patrick Rudolph, Karthik Ramasubramanian,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46312
to look at the new patch set (#15).
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
soc/intel/common: Move CSE RW into new FMAP region to optimize boot time
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions (ME_RW_A and ME_RW_B) as a CBFS file.
Boot Time Measurement details when CSE RW blob is added in the ME_RW_A and ME_RW_B. -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile change to accommodate CSE RW blob into ME_RW_A/ME_RW_B 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 273 insertions(+), 191 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/15
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 15:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/14/src/soc/intel/common/block... File src/soc/intel/common/block/cse/Kconfig:
https://review.coreboot.org/c/coreboot/+/46312/14/src/soc/intel/common/block... PS14, Line 38: SOC_INTEL_CSE_RW_A_FMAP_NAME
These also need to be within SOC_INTEL_CSE_RW_UPDATE if block below.
Done
V Sowmya has uploaded a new patch set (#16) to the change originally created by Sridhar Siricilla. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
soc/intel/common: Move CSE RW into new FMAP region to optimize boot time
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions (ME_RW_A and ME_RW_B) as a CBFS file.
Boot Time Measurement details when CSE RW blob is added in the ME_RW_A and ME_RW_B. -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile change to accommodate CSE RW blob into ME_RW_A/ME_RW_B 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 173 insertions(+), 95 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/46312/16
Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 16: Code-Review+2
Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 16: Code-Review+2
Sridhar Siricilla has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
Patch Set 16:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/46312/4//COMMIT_MSG@29 PS4, Line 29:
Sorry, I didn't get you. […]
Done
Furquan Shaikh has submitted this change. ( https://review.coreboot.org/c/coreboot/+/46312 )
Change subject: soc/intel/common: Move CSE RW into new FMAP region to optimize boot time ......................................................................
soc/intel/common: Move CSE RW into new FMAP region to optimize boot time
CSE RW blob which will be used by coreboot to update CSE's RW partition, is packed part of FW_MAIN_A and FW_MAIN_B. This will increase the size of FW_MAIN_A and FW_MAIN_B. So, accordingly load and hash calculation of FW_MAIN_A (or FW_MAIN_B) increases during verstage. It increases the boot time by around 300ms.
The patch address the boot time by pulling CSE RW blob outside of FW_MAIN_A and FW_MAIN_B. So, it creates new FMAP region within RW_SECTION_A and RW_SECTION_B and adds CSE RW blob in the new regions (ME_RW_A and ME_RW_B) as a CBFS file.
Boot Time Measurement details when CSE RW blob is added in the ME_RW_A and ME_RW_B. -------------------------------------------------------- | Platform | Old Boot Time | New Boot Time | -------------------------------------------------------- | JSL | 1.3s | 1.06s | -------------------------------------------------------- | TGL | 1.63s | 1.36s | --------------------------------------------------------
Changes: 1. Makefile change to accommodate CSE RW blob into ME_RW_A/ME_RW_B 2. Kconfig change to define CBFS name and default file name for RW blob metadata. 3. CSE Lite Driver
BUG=b:169077783 TEST=Verified on JSL & TGL platforms
Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: If043c9cb99fb822b62633591bf9c5bd75dfe8349 Reviewed-on: https://review.coreboot.org/c/coreboot/+/46312 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Furquan Shaikh furquan@google.com Reviewed-by: Karthik Ramasubramanian kramasub@google.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c 3 files changed, 173 insertions(+), 95 deletions(-)
Approvals: build bot (Jenkins): Verified Furquan Shaikh: Looks good to me, approved Karthik Ramasubramanian: Looks good to me, approved
diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig index b427b15..ee6ce68 100644 --- a/src/soc/intel/common/block/cse/Kconfig +++ b/src/soc/intel/common/block/cse/Kconfig @@ -35,6 +35,20 @@ help Name of CSE region in FMAP
+config SOC_INTEL_CSE_RW_A_FMAP_NAME + string "Location of CSE RW A in FMAP" + depends on SOC_INTEL_CSE_LITE_SKU + default "ME_RW_A" + help + Name of CSE RW A region in FMAP + +config SOC_INTEL_CSE_RW_B_FMAP_NAME + string "Location of CSE RW B in FMAP" + depends on SOC_INTEL_CSE_LITE_SKU + default "ME_RW_B" + help + Name of CSE RW B region in FMAP + config SOC_INTEL_CSE_RW_CBFS_NAME string "CBFS entry name for CSE RW blob" default "me_rw" diff --git a/src/soc/intel/common/block/cse/Makefile.inc b/src/soc/intel/common/block/cse/Makefile.inc index 1bc69c5..d2f94a4 100644 --- a/src/soc/intel/common/block/cse/Makefile.inc +++ b/src/soc/intel/common/block/cse/Makefile.inc @@ -7,7 +7,8 @@ ifeq ($(CONFIG_SOC_INTEL_CSE_RW_UPDATE),y) ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"") CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME)) -regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B +regions-for-file-$(CSE_LITE_ME_RW) = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME)), \ + $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME)) cbfs-files-y += $(CSE_LITE_ME_RW) $(CSE_LITE_ME_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) $(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW) diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index 39f2cda..9c498b5 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -11,9 +11,6 @@ #include <security/vboot/misc.h> #include <soc/intel/common/reset.h>
-/* CSE RW version size reserved in the CSE CBFS RW binary */ -#define CSE_RW_VERSION_SZ 16 - /* Converts bp index to boot partition string */ #define GET_BP_STR(bp_index) (bp_index ? "RW" : "RO")
@@ -44,6 +41,10 @@
/* CSE recovery sub-error codes */ enum csme_failure_reason { + + /* No error */ + CSE_LITE_SKU_NO_ERROR = 0, + /* Unspecified error */ CSE_LITE_SKU_UNSPECIFIED = 1,
@@ -63,7 +64,16 @@ CSE_LITE_SKU_COMMUNICATION_ERROR = 6,
/* Fails to wipe CSE runtime data */ - CSE_LITE_SKU_DATA_WIPE_ERROR = 7 + CSE_LITE_SKU_DATA_WIPE_ERROR = 7, + + /* CSE RW is not found */ + CSE_LITE_SKU_RW_BLOB_NOT_FOUND = 8, + + /* CSE CBFS RW SHA-256 mismatch with the provided SHA */ + CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH = 9, + + /* CSE CBFS RW metadata is not found */ + CSE_LITE_SKU_RW_METADATA_NOT_FOUND = 10, };
/* @@ -342,7 +352,7 @@ size_t data_clr_rsp_sz = sizeof(data_clr_rsp);
if (!heci_send_receive(&data_clr_rq, sizeof(data_clr_rq), &data_clr_rsp, - &data_clr_rsp_sz)) { + &data_clr_rsp_sz)) { return false; }
@@ -354,6 +364,7 @@
return true; } + __weak void cse_board_reset(void) { /* Default weak implementation, does nothing. */ @@ -417,7 +428,7 @@
#if CONFIG(SOC_INTEL_CSE_RW_UPDATE) static const struct fw_version *cse_get_bp_entry_version(enum boot_partition_id bp, - const struct cse_bp_info *bp_info) + const struct cse_bp_info *bp_info) { const struct cse_bp_entry *cse_bp;
@@ -431,7 +442,7 @@ }
static void cse_get_bp_entry_range(const struct cse_bp_info *cse_bp_info, - enum boot_partition_id bp, uint32_t *start_offset, uint32_t *end_offset) + enum boot_partition_id bp, uint32_t *start_offset, uint32_t *end_offset) { const struct cse_bp_entry *cse_bp;
@@ -471,24 +482,13 @@ { if (fmap_locate_area_as_rdev_rw(CONFIG_SOC_INTEL_CSE_FMAP_NAME, rdev) < 0) { printk(BIOS_ERR, "cse_lite: Failed to locate %s in FMAP\n", - CONFIG_SOC_INTEL_CSE_FMAP_NAME); + CONFIG_SOC_INTEL_CSE_FMAP_NAME); return false; }
return true; }
-static bool cse_get_cbfs_rdev(struct region_device *source_rdev) -{ - struct cbfsf file_desc; - - if (cbfs_boot_locate(&file_desc, CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, NULL) < 0) - return false; - - cbfs_file_data(source_rdev, &file_desc); - return true; -} - static bool cse_is_rw_bp_sign_valid(const struct region_device *target_rdev) { uint32_t cse_bp_sign; @@ -524,16 +524,35 @@ return true; }
- -static bool cse_get_cbfs_rw_version(const struct region_device *source_rdev, - void *cse_cbfs_rw_ver) +static const char *cse_get_source_rdev_fmap(void) { + struct vb2_context *ctx = vboot_get_context(); + if (ctx == NULL) + return NULL;
- if (rdev_readat(source_rdev, (void *) cse_cbfs_rw_ver, 0, sizeof(struct fw_version)) - != sizeof(struct fw_version)) { - printk(BIOS_ERR, "cse_lite: Failed to read CSE CBFW RW version\n"); + if (vboot_is_firmware_slot_a(ctx)) + return CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME; + + return CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME; +} + +static bool cse_get_source_rdev(struct region_device *rdev) +{ + const char *reg_name; + uint32_t cbfs_type = CBFS_TYPE_RAW; + struct cbfsf fh; + + reg_name = cse_get_source_rdev_fmap(); + + if (reg_name == NULL) return false; - } + + if (cbfs_locate_file_in_region(&fh, reg_name, CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, + &cbfs_type) < 0) + return false; + + cbfs_file_data(rdev, &fh); + return true; }
@@ -544,30 +563,49 @@ * If ver_cmp_status > 0, coreboot upgrades CSE RW region */ static int cse_check_version_mismatch(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_rw_metadata *source_metadata) { - struct fw_version cse_cbfs_rw_ver; const struct fw_version *cse_rw_ver;
- if (!cse_get_cbfs_rw_version(source_rdev, &cse_cbfs_rw_ver)) - return false; - printk(BIOS_DEBUG, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n", - cse_cbfs_rw_ver.major, - cse_cbfs_rw_ver.minor, - cse_cbfs_rw_ver.hotfix, - cse_cbfs_rw_ver.build); + source_metadata->version.major, + source_metadata->version.minor, + source_metadata->version.hotfix, + source_metadata->version.build);
cse_rw_ver = cse_get_rw_version(cse_bp_info);
- if (cse_cbfs_rw_ver.major != cse_rw_ver->major) - return cse_cbfs_rw_ver.major - cse_rw_ver->major; - else if (cse_cbfs_rw_ver.minor != cse_rw_ver->minor) - return cse_cbfs_rw_ver.minor - cse_rw_ver->minor; - else if (cse_cbfs_rw_ver.hotfix != cse_rw_ver->hotfix) - return cse_cbfs_rw_ver.hotfix - cse_rw_ver->hotfix; + if (source_metadata->version.major != cse_rw_ver->major) + return source_metadata->version.major - cse_rw_ver->major; + else if (source_metadata->version.minor != cse_rw_ver->minor) + return source_metadata->version.minor - cse_rw_ver->minor; + else if (source_metadata->version.hotfix != cse_rw_ver->hotfix) + return source_metadata->version.hotfix - cse_rw_ver->hotfix; else - return cse_cbfs_rw_ver.build - cse_rw_ver->build; + return source_metadata->version.build - cse_rw_ver->build; +} + +/* The function calculates SHA-256 of CSE RW blob and compares it with the provided SHA value */ +static bool cse_verify_cbfs_rw_sha256(const uint8_t *expected_rw_blob_sha, + const void *rw_blob, const size_t rw_blob_sz) + +{ + uint8_t rw_comp_sha[VB2_SHA256_DIGEST_SIZE]; + + if (vb2_digest_buffer(rw_blob, rw_blob_sz, VB2_HASH_SHA256, rw_comp_sha, + VB2_SHA256_DIGEST_SIZE)) { + printk(BIOS_ERR, "cse_lite: CSE CBFS RW's SHA-256 calculation has failed\n"); + return false; + } + + if (memcmp(expected_rw_blob_sha, rw_comp_sha, VB2_SHA256_DIGEST_SIZE)) { + printk(BIOS_ERR, "cse_lite: Computed CBFS RW's SHA-256 does not match with" + "the provided SHA in the metadata\n"); + return false; + } + printk(BIOS_SPEW, "cse_lite: Computed SHA of CSE CBFS RW Image matches the" + " provided hash in the metadata\n"); + return true; }
static bool cse_erase_rw_region(const struct region_device *target_rdev) @@ -579,8 +617,8 @@ return true; }
-static bool cse_copy_rw(const struct region_device *target_rdev, const void *buf, size_t offset, - size_t size) +static bool cse_copy_rw(const struct region_device *target_rdev, const void *buf, + size_t offset, size_t size) { if (rdev_writeat(target_rdev, buf, offset, size) < 0) { printk(BIOS_ERR, "cse_lite: Failed to update CSE firmware\n"); @@ -591,69 +629,63 @@ }
static bool cse_is_rw_version_latest(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_rw_metadata *source_metadata) { - return !cse_check_version_mismatch(cse_bp_info, source_rdev); + return !cse_check_version_mismatch(cse_bp_info, source_metadata); }
static bool cse_is_downgrade_instance(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_rw_metadata *source_metadata) { - return cse_check_version_mismatch(cse_bp_info, source_rdev) < 0; + return cse_check_version_mismatch(cse_bp_info, source_metadata) < 0; }
static bool cse_is_update_required(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev, struct region_device *target_rdev) + const struct cse_rw_metadata *source_metadata, + struct region_device *target_rdev) { return (!cse_is_rw_bp_sign_valid(target_rdev) || - !cse_is_rw_version_latest(cse_bp_info, source_rdev)); + !cse_is_rw_version_latest(cse_bp_info, source_metadata)); }
static bool cse_write_rw_region(const struct region_device *target_rdev, - const struct region_device *source_rdev) + const void *cse_cbfs_rw, const size_t cse_cbfs_rw_sz) { - void *cse_cbfs_rw = rdev_mmap(source_rdev, CSE_RW_VERSION_SZ, - region_device_sz(source_rdev) - CSE_RW_VERSION_SZ); - /* Points to CSE CBFS RW image after boot partition signature */ uint8_t *cse_cbfs_rw_wo_sign = (uint8_t *)cse_cbfs_rw + CSE_RW_SIGN_SIZE;
/* Size of CSE CBFS RW image without boot partition signature */ - uint32_t cse_cbfs_rw_wo_sign_sz = region_device_sz(source_rdev) - - (CSE_RW_VERSION_SZ + CSE_RW_SIGN_SIZE); + uint32_t cse_cbfs_rw_wo_sign_sz = cse_cbfs_rw_sz - CSE_RW_SIGN_SIZE;
/* Update except CSE RW signature */ if (!cse_copy_rw(target_rdev, cse_cbfs_rw_wo_sign, CSE_RW_SIGN_SIZE, cse_cbfs_rw_wo_sign_sz)) - goto exit_rw_update; + return false;
/* Update CSE RW signature to indicate update is complete */ if (!cse_copy_rw(target_rdev, (void *)cse_cbfs_rw, 0, CSE_RW_SIGN_SIZE)) - goto exit_rw_update; - - rdev_munmap(source_rdev, cse_cbfs_rw_wo_sign); - return true; - -exit_rw_update: - rdev_munmap(source_rdev, cse_cbfs_rw_wo_sign); - return false; -} - -static bool cse_update_rw(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev, struct region_device *target_rdev) -{ - if (!cse_erase_rw_region(target_rdev)) - return false; - - if (!cse_write_rw_region(target_rdev, source_rdev)) return false;
printk(BIOS_INFO, "cse_lite: CSE RW Update Successful\n"); return true; }
+static enum csme_failure_reason cse_update_rw(const struct cse_bp_info *cse_bp_info, + const void *cse_cbfs_rw, const size_t cse_blob_sz, + struct region_device *target_rdev) +{ + + if (!cse_erase_rw_region(target_rdev)) + return CSE_LITE_SKU_FW_UPDATE_ERROR; + + if (!cse_write_rw_region(target_rdev, cse_cbfs_rw, cse_blob_sz)) + return CSE_LITE_SKU_FW_UPDATE_ERROR; + + return CSE_LITE_SKU_NO_ERROR; +} + static bool cse_prep_for_rw_update(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) + const struct cse_rw_metadata *source_metadata) { /* * To set CSE's operation mode to HMRFPO mode: @@ -663,7 +695,7 @@ if (!cse_boot_to_ro(cse_bp_info)) return false;
- if (cse_is_downgrade_instance(cse_bp_info, source_rdev) && + if (cse_is_downgrade_instance(cse_bp_info, source_metadata) && !cse_data_clear_request(cse_bp_info)) { printk(BIOS_ERR, "cse_lite: CSE FW downgrade is aborted\n"); return false; @@ -672,31 +704,62 @@ return cse_hmrfpo_enable(); }
-static uint8_t cse_trigger_fw_update(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev, struct region_device *target_rdev) +static enum csme_failure_reason cse_trigger_fw_update(const struct cse_bp_info *cse_bp_info, + const struct cse_rw_metadata *source_metadata, + struct region_device *target_rdev) { - if (!cse_prep_for_rw_update(cse_bp_info, source_rdev)) - return CSE_LITE_SKU_COMMUNICATION_ERROR; + struct region_device source_rdev; + enum csme_failure_reason rv;
- if (!cse_update_rw(cse_bp_info, source_rdev, target_rdev)) - return CSE_LITE_SKU_FW_UPDATE_ERROR; + if (!cse_get_source_rdev(&source_rdev)) + return CSE_LITE_SKU_RW_BLOB_NOT_FOUND;
- return 0; + void *cse_cbfs_rw = rdev_mmap_full(&source_rdev); + + if (!cse_cbfs_rw) { + printk(BIOS_ERR, "cse_lite: CSE CBFS RW blob could not be mapped\n"); + return CSE_LITE_SKU_RW_BLOB_NOT_FOUND; + } + + if (!cse_verify_cbfs_rw_sha256(source_metadata->sha256, cse_cbfs_rw, + region_device_sz(&source_rdev))) { + rv = CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH; + goto error_exit; + } + + if (!cse_prep_for_rw_update(cse_bp_info, source_metadata)) { + rv = CSE_LITE_SKU_COMMUNICATION_ERROR; + goto error_exit; + } + + rv = cse_update_rw(cse_bp_info, cse_cbfs_rw, region_device_sz(&source_rdev), + target_rdev); + +error_exit: + rdev_munmap(&source_rdev, cse_cbfs_rw); + return rv; }
-static uint8_t cse_fw_update(const struct cse_bp_info *cse_bp_info, - const struct region_device *source_rdev) +static uint8_t cse_fw_update(const struct cse_bp_info *cse_bp_info) { struct region_device target_rdev; + struct cse_rw_metadata source_metadata; + + /* Read CSE CBFS RW metadata */ + if (cbfs_boot_load_file(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME, &source_metadata, + sizeof(source_metadata), CBFS_TYPE_RAW) != sizeof(source_metadata)) { + printk(BIOS_ERR, "cse_lite: Failed to get CSE CBFS RW metadata\n"); + return CSE_LITE_SKU_RW_METADATA_NOT_FOUND; + }
if (!cse_get_target_rdev(cse_bp_info, &target_rdev)) { printk(BIOS_ERR, "cse_lite: Failed to get CSE RW Partition\n"); return CSE_LITE_SKU_RW_ACCESS_ERROR; }
- if (cse_is_update_required(cse_bp_info, source_rdev, &target_rdev)) { + if (cse_is_update_required(cse_bp_info, &source_metadata, &target_rdev)) { printk(BIOS_DEBUG, "cse_lite: CSE RW update is initiated\n"); - return cse_trigger_fw_update(cse_bp_info, source_rdev, &target_rdev); + return cse_trigger_fw_update(cse_bp_info, &source_metadata, &target_rdev); }
if (!cse_is_rw_bp_status_valid(cse_bp_info)) @@ -729,15 +792,15 @@ if (!cse_fix_data_failure_err(&cse_bp_info.bp_info)) cse_trigger_recovery(CSE_LITE_SKU_DATA_WIPE_ERROR);
- /* If RW blob is present in CBFS, then trigger CSE firmware update */ + /* + * If SOC_INTEL_CSE_RW_UPDATE is defined , then trigger CSE firmware update. The driver + * triggers recovery if CSE CBFS RW metadata or CSE CBFS RW blob is not available. + */ #if CONFIG(SOC_INTEL_CSE_RW_UPDATE) uint8_t rv; - struct region_device source_rdev; - if (cse_get_cbfs_rdev(&source_rdev)) { - rv = cse_fw_update(&cse_bp_info.bp_info, &source_rdev); - if (rv) - cse_trigger_recovery(rv); - } + rv = cse_fw_update(&cse_bp_info.bp_info); + if (rv) + cse_trigger_recovery(rv); #endif
if (!cse_boot_to_rw(&cse_bp_info.bp_info)) {
-
Furquan Shaikh (Code Review) -
Jamie Ryu (Code Review)
-
Karthik Ramasubramanian (Code Review)
-
Nick Vaccaro (Code Review)
-
Paul Menzel (Code Review)
-
Sridhar Siricilla (Code Review)
-
Tim Wawrzynczak (Code Review)
-
V Sowmya (Code Review)