Hello Aaron,
thanks for your reply.
On 30.04.2018 05:22, Aaron Durbin wrote:
On Sat, Apr 28, 2018 at 7:16 AM, Nico Huber nico.h@gmx.de wrote:
Hello coreboot folks, hello Intel and Google coreboot developers,
back on Tuesday, some of us discovered a commit on gerrit [1] that implements (another) foreign interface inside coreboot. Discussing
It's more of a bridge into coreboot's infrastructure, imo.
It is. Anyway, maybe discuss that in another thread or on gerrit.
it didn't go well and I kind of bursted. I feel sorry about that now (especially because I got too personal).
One of the causes for this clash definitely was that things apparently were discussed before but not with coreboot (i.e. this coreboot mailing list). So I'll try to take the general discussion here, but I've to start some years back, where you lost me.
Some questions (that I believe have to be answered) right away. I'll argue about why later, so these won't get lost (in an already too long email):
TLDR; For Google: You kind of introduced blobs in coreboot (with Sandy Bridge) which was a simple jump-in-jump-out thing and kind of accepted. The argument was that the things it does aren't documented by Intel anymore, AFAIR. But with Broadwell suddenly another blob emerged (in ramstage) some `refcode.elf` AIUI. It turned out, later, that this blob (also) does things that were open source for Haswell (and would work verbatim on Broadwell). It seems to play a role comparable to FSP-S. o What's the story behind this blob? o Why was it introduced? o Was there more than IP concerns? Time to market pressure maybe?
Saying it's comparable to FSP-S is apt. The story is, like most things, that it has specific things that are not architectural that Intel thinks they need to be secret. Typical settings are related to power management. When needing to be competitive in the laptop space power is a big concern. Time to market may have been a thing too, but I don't recall all the specifics. I'll get to it later in the response, but there are temporal components to decisions and/or how things change over time that are not within Google's control when working on a particular platform.
For Intel: It's hard for me to understand what parts of your silicon init you can open-source and what parts you can't. I know your BIOS Writer's Guides (BWG) / BIOS Spec, and many things therein are often published by you or Google. Please tell us. o Are the things that you can *not* open-source documented at all? o if so, in these BWG documents? o Or is everything in these documents generally publishable (with some NDA clearance, ofc)? o For a configuration of FSP-S that just runs the bare minimum to boot (e.g. skips questionable add-ons like TXT, SGX), is there anything not publishable? o Can anything be done to get more documentation published? e.g. for things that are done in open source (or were done in the past) but are not publicly documented.
Based on my working history a lot of BWGs and/or specs are usually wrong. They don't always contain the right information, but generally contain quite a few things that are wrong where you second guess everything in the docs. This should sound familiar: the 'reference code' is the documentation. Most docs are not in sync with reality or necessarily with how the silicon was actually designed. It's my belief when there wasn't as much change from version to version, the copy-pasting in docs just kinda worked. But as things have been getting more complicated and incorporating more 'features' the documentation has not been keeping up.
Still these documents exist. And I deem them most valuable. I know there are flaws that can drive you crazy. But! they give a very good overview about what has to happen for silicon init. If published (for my sake w/o the secret ingredient bits) [2], they would be a great reference for discussions about the design of clean silicon-init code. We could har- ness the power of the community much better.
It doesn't matter if somebody with access to the reference code has to fix some bugs later, once you have a decent maintainable code base. Neither would a blob that hides the secret ingredients if it only con- tains those (and no infrastructure / control flow; I think you, Aaron, and me share the same opinion on that).
So why ask? The original introduction of blobs in coreboot in general happened with the argument that the things it does (e.g. memory init) are not documented anymore by Intel. This is a valid argument because the lack of documentation makes it harder to write clean code. I also believe it's true (that no documentation exists) because I've seen a previous BWG that already referred a lot to the reference code.
But, AFAIR, the introduction of blobs in coreboot's *ramstage* was never discussed. The blobs I've seen so far all did things that were already open source for earlier platforms. Plus they are twisting coreboot into something that isn't coreboot anymore. Architectural changes happen in chipset specific code instead of moving coreboot as a whole (after an open discussion). Also, most of the positive aspects about coreboot are lost.
Purely business commentary: In order to develop a competitive laptop on recent hardware one needs to include the features that consumers expect. Intel also ties those features inside of FSP, but FSP has a responsibility problem. It has traditionally attempted to do things it should not. FSP should be a library of sorts, but it has things in there it shouldn't. I mentioned some of this on the CL itself about our usage of SkipMpInit. It trying to take over resources that it shouldn't (among other things).
What architectural changes are you referring to? And what is your
You've got me there. I meant architectural things, not changes. Like that patch on gerrit. It doesn't seem to be Intel specific, I also can't find any soc_ reference in it. Yet, it's pushed to soc/intel/ and to me that looks like somebody wants to sneak it it (without big discussion / being thought through for all of coreboot).
definition of coreboot (I know see you wrote it below :)? early firmware that will initialize everything in open source for Intel platforms? I wish that were the case, but it's not something that is allowed by Intel currently. I'd love to see more granularity in FSP, but as noted in the CL commentary Intel hasn't been accepting of my suggestions for making things more granular such that one could do the only things that are deemed 'super secret' by Intel. The muddling of responsibility and lack of granularity are the current result.
Of course, it's hard to argument about whether something is coreboot or not without a clear definition of coreboot. But let me get this one straight: It's definitely not coreboot just because it happens on coreboot.org.
I'll try to sum up what is coreboot to me, and compare that to a current coreboot with FSP. coreboot
- is free software
- is open source
- is auditable
- is lean (less code means less bugs)
- gives control to the user
but with FSP:
- You can not fully adapt it, you can't even just download it (often have to steal the FSP binary): 0%
- Comparing the sizes of open-source parts and FSP, maybe 30%. But if you don't count open-source code that is only needed to handle blob issues, rather 20%
Is this 20-30% coreboot/open source of the total? Were you counting the edk2 stuff in there? A lot of the bloat in FSP comes from open source edk2.
You can't count EDK2 into it. Once it's built into FSP, it's not open- source any more (unless somebody proves what parts match a reproducible compilation of the open-source code). And for an open-source experience you'd still need means to adapt these EDK2 parts in the binary. It was just a wild guess based on my experience with Kaby Lake FSP (~500KiB), and guessed 200KiB coreboot.
- If you are backed by a huge company or government, you can audit coreboot+FSP (I guess), if not than not, 50%? But given that the size of the whole package is about 10 times the size of a clean implementation, you have to audit 10 times more code (of much poorer quality), thus at most 5%
- 0% (see above)
- That seems to be my only point that Intel cares about. Still, coreboot compatible binaries are often not available. You need very weird workarounds if the one setting you miss is not there: 50%
Numbers are just educated guesses, but might match reality. If you average these, you'll see that coreboot+FSP is only 15% of (my) coreboot. I would estimate that you can get up to 20% with the design of FPS2.0.
I agree with the overall assessment above. As currently deployed/supported FSP is not really geared to people who don't have a more intimate relationship with Intel. It's been brought up numerous times, but it's Intel's decision to make a better product.
Right, quality of their products is up to them. But isn't it our re- sponsibility to decide whether they can do that (15%) in the name of coreboot?
Nico
[2] Assuming that the BWGs don't contain the secret ingredients, even an NDA offer to all coreboot developer's (both hired ones and indi- viduals) could help. If Intel allows to derive open-source code from it (e.g. after a private review on gerrit) people would have less doubts about signing an NDA, IMHO. Just a random thought; anything I can come up with atm seems to be better than the status quo.
So it's time for an FSP3.0 that was designed with the community, I'd say.
Best regards, Nico
Nico, Aaron,
You are just, with this desperate chit-chat, fueling INTEL's big EGO. Please, continue to do so! INTEL, at the end of the day, will thank you for that! :-))
Zoran _______
On Mon, Apr 30, 2018 at 4:48 PM, Nico Huber nico.h@gmx.de wrote:
Hello Aaron,
thanks for your reply.
On 30.04.2018 05:22, Aaron Durbin wrote:
On Sat, Apr 28, 2018 at 7:16 AM, Nico Huber nico.h@gmx.de wrote:
Hello coreboot folks, hello Intel and Google coreboot developers,
back on Tuesday, some of us discovered a commit on gerrit [1] that implements (another) foreign interface inside coreboot. Discussing
It's more of a bridge into coreboot's infrastructure, imo.
It is. Anyway, maybe discuss that in another thread or on gerrit.
it didn't go well and I kind of bursted. I feel sorry about that now (especially because I got too personal).
One of the causes for this clash definitely was that things apparently were discussed before but not with coreboot (i.e. this coreboot mailing list). So I'll try to take the general discussion here, but I've to start some years back, where you lost me.
Some questions (that I believe have to be answered) right away. I'll argue about why later, so these won't get lost (in an already too long email):
TLDR; For Google: You kind of introduced blobs in coreboot (with Sandy Bridge) which was a simple jump-in-jump-out thing and kind of accepted. The argument was that the things it does aren't documented by Intel anymore, AFAIR. But with Broadwell suddenly another blob emerged (in ramstage) some `refcode.elf` AIUI. It turned out, later, that this blob (also) does things that were open source for Haswell (and would work verbatim on Broadwell). It seems to play a role comparable to FSP-S. o What's the story behind this blob? o Why was it introduced? o Was there more than IP concerns? Time to market pressure maybe?
Saying it's comparable to FSP-S is apt. The story is, like most things, that it has specific things that are not architectural that Intel thinks they need to be secret. Typical settings are related to power management. When needing to be competitive in the laptop space power is a big concern. Time to market may have been a thing too, but I don't recall all the specifics. I'll get to it later in the response, but there are temporal components to decisions and/or how things change over time that are not within Google's control when working on a particular platform.
For Intel: It's hard for me to understand what parts of your silicon init you can open-source and what parts you can't. I know your BIOS Writer's Guides (BWG) / BIOS Spec, and many things therein are often published by you or Google. Please tell us. o Are the things that you can *not* open-source documented at all? o if so, in these BWG documents? o Or is everything in these documents generally publishable (with some NDA clearance, ofc)? o For a configuration of FSP-S that just runs the bare minimum to boot (e.g. skips questionable add-ons like TXT, SGX), is there anything not publishable? o Can anything be done to get more documentation published? e.g. for things that are done in open source (or were done in the past) but are not publicly documented.
Based on my working history a lot of BWGs and/or specs are usually wrong. They don't always contain the right information, but generally contain quite a few things that are wrong where you second guess everything in the docs. This should sound familiar: the 'reference code' is the documentation. Most docs are not in sync with reality or necessarily with how the silicon was actually designed. It's my belief when there wasn't as much change from version to version, the copy-pasting in docs just kinda worked. But as things have been getting more complicated and incorporating more 'features' the documentation has not been keeping up.
Still these documents exist. And I deem them most valuable. I know there are flaws that can drive you crazy. But! they give a very good overview about what has to happen for silicon init. If published (for my sake w/o the secret ingredient bits) [2], they would be a great reference for discussions about the design of clean silicon-init code. We could har- ness the power of the community much better.
It doesn't matter if somebody with access to the reference code has to fix some bugs later, once you have a decent maintainable code base. Neither would a blob that hides the secret ingredients if it only con- tains those (and no infrastructure / control flow; I think you, Aaron, and me share the same opinion on that).
So why ask? The original introduction of blobs in coreboot in general happened with the argument that the things it does (e.g. memory init) are not documented anymore by Intel. This is a valid argument because the lack of documentation makes it harder to write clean code. I also believe it's true (that no documentation exists) because I've seen a previous BWG that already referred a lot to the reference code.
But, AFAIR, the introduction of blobs in coreboot's *ramstage* was never discussed. The blobs I've seen so far all did things that were already open source for earlier platforms. Plus they are twisting coreboot into something that isn't coreboot anymore. Architectural changes happen in chipset specific code instead of moving coreboot as a whole (after an open discussion). Also, most of the positive aspects about coreboot are lost.
Purely business commentary: In order to develop a competitive laptop on recent hardware one needs to include the features that consumers expect. Intel also ties those features inside of FSP, but FSP has a responsibility problem. It has traditionally attempted to do things it should not. FSP should be a library of sorts, but it has things in there it shouldn't. I mentioned some of this on the CL itself about our usage of SkipMpInit. It trying to take over resources that it shouldn't (among other things).
What architectural changes are you referring to? And what is your
You've got me there. I meant architectural things, not changes. Like that patch on gerrit. It doesn't seem to be Intel specific, I also can't find any soc_ reference in it. Yet, it's pushed to soc/intel/ and to me that looks like somebody wants to sneak it it (without big discussion / being thought through for all of coreboot).
definition of coreboot (I know see you wrote it below :)? early firmware that will initialize everything in open source for Intel platforms? I wish that were the case, but it's not something that is allowed by Intel currently. I'd love to see more granularity in FSP, but as noted in the CL commentary Intel hasn't been accepting of my suggestions for making things more granular such that one could do the only things that are deemed 'super secret' by Intel. The muddling of responsibility and lack of granularity are the current result.
Of course, it's hard to argument about whether something is coreboot or not without a clear definition of coreboot. But let me get this one straight: It's definitely not coreboot just because it happens on coreboot.org.
I'll try to sum up what is coreboot to me, and compare that to a current coreboot with FSP. coreboot
- is free software
- is open source
- is auditable
- is lean (less code means less bugs)
- gives control to the user
but with FSP:
- You can not fully adapt it, you can't even just download it (often have to steal the FSP binary): 0%
- Comparing the sizes of open-source parts and FSP, maybe 30%. But if you don't count open-source code that is only needed to handle blob issues, rather 20%
Is this 20-30% coreboot/open source of the total? Were you counting the edk2 stuff in there? A lot of the bloat in FSP comes from open source edk2.
You can't count EDK2 into it. Once it's built into FSP, it's not open- source any more (unless somebody proves what parts match a reproducible compilation of the open-source code). And for an open-source experience you'd still need means to adapt these EDK2 parts in the binary. It was just a wild guess based on my experience with Kaby Lake FSP (~500KiB), and guessed 200KiB coreboot.
- If you are backed by a huge company or government, you can audit coreboot+FSP (I guess), if not than not, 50%? But given that the size of the whole package is about 10 times the size of a clean implementation, you have to audit 10 times more code (of much poorer quality), thus at most 5%
- 0% (see above)
- That seems to be my only point that Intel cares about. Still, coreboot compatible binaries are often not available. You need very weird workarounds if the one setting you miss is not there: 50%
Numbers are just educated guesses, but might match reality. If you average these, you'll see that coreboot+FSP is only 15% of (my) coreboot. I would estimate that you can get up to 20% with the design of FPS2.0.
I agree with the overall assessment above. As currently deployed/supported FSP is not really geared to people who don't have a more intimate relationship with Intel. It's been brought up numerous times, but it's Intel's decision to make a better product.
Right, quality of their products is up to them. But isn't it our re- sponsibility to decide whether they can do that (15%) in the name of coreboot?
Nico
[2] Assuming that the BWGs don't contain the secret ingredients, even an NDA offer to all coreboot developer's (both hired ones and indi- viduals) could help. If Intel allows to derive open-source code from it (e.g. after a private review on gerrit) people would have less doubts about signing an NDA, IMHO. Just a random thought; anything I can come up with atm seems to be better than the status quo.
So it's time for an FSP3.0 that was designed with the community, I'd say.
Best regards, Nico
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
-
Nico Huber -
Zoran Stojsavljevic