Tuesday, April 26, 2016

Open source platforms, FSP consumers, FSP producers, and STM updates

Overview
You've seen in the past when I have talked about Intel Firmware Support Package (FSP), hearkening back to 2014 [1][2]. There are 2 parts to FSP - the Consumer or use of the FSP in a platform, and the production or creation of an FSP binary.  We'll review examples of each in turn below, in addition to some updates since the 2015 IDF prezo.

By the way, some of these items were also posted to [22] but the latest posting seems to have disappeared.  As such, if you've already read some of this from that site, feel free to skip over the duplicate material.

FSP Consumer
We're posting an updated platform using the 1.1 FSP [3][4]. This tree moves beyond the Baytrail work in [2] and includes Braswell [5]. A good overview of porting the tree is provided, too [6]. This shows some of the best practices on building EDKII on top of FSP. Specifically, the only macrocode binary is in the Intel FSP, with the rest of the EDKII code to provide the core UEFI & PI services, along with the platform initialization, in open source.

This is an important step to show how FSP + open source can be used to build a full solution, or EDKII can'Consume' an FSP binary. This provides parallel work-flows to things like a coreboot Braswell solution [13], for example, that also builds upon Intel FSP. Turing equivalence argues that it is all 'just code', so we want to show a few 'equivalences' here.

This is a work in progress that should eventually migrate to [11], but in the interim take a look and provide feedback on some of the code partitioning and design.

Speaking of coreboot, EDKII and FSP, my colleague Lee Leahy [23] and I are slated to talk at the upcoming coreboot conference [24]. We'll review the EDKII CorebootPayloadPkg [26] at [25].

FSP Producer
In addition to the Intel Atom based platform that consumes an Intel FSP binary from [12], there has been a lack of public demonstration of producing an Intel FSP, as described in [2]. This is by design in the sense that the Intel FSP encapsulates matter that does not have public documentation, thus cannot be open sourced. This poses the challenge of how to provide guidance on how to create an Intel FSP. This is where the Intel Quark EDKII code comes into play. Since the low-level silicon initialization, including memory initialization, is already open source, the project providesan opportunity to show how to create an Intel FSP [7]. Luckily we now have an early example of this in public view [8].
I look forward to future platforms that move beyond FSP 1.1, too [10]. And to that end, the FSP 2.0 specification is now live [27], along with the Boot Setting File (BSF) specification [28] that has been used in all of FSP 1.0, 1.1, and now 2.0.

Good stuff.

STM
Speaking of good stuff, here are some updates following last year's IDF prezo [19], including the SMI Transfer Monitor (STM) mentioned at [14]. Specifically, you can now find the STM source code on a public repository [15]. In addition to the documents on the STM itself [21] and the original STM [20], there is also another virtualization technology shared in the repo that wasn't in [20] release, namely the DMA protection work described in [16] which can be found at [17]. This complements the host-based protection of the FRM [18] with some protection from I/O devices performing errant DMA transactions.

Conclusion
You'll hopefully observe a theme here of having more open source platform solutions, including protection technology. This is one way to engage with the community and reduce the barriers to providing robust, transparent platform solutions.

References
[1] Zimmer, "EDKII, FSP, and other topics", blog posting, September, 2014
https://firmware.intel.com/blog/edkii-fsp-and-other-topics

[2] Zimmer, "Firmware Flexibility using Intel(R) Firmware Support Package," Intel Developer Forum,
September 2014
https://firmware.intel.com/sites/default/files/SF14_STTS001_Intel%28R%29_FSP.pdf

[3] Yao, et al, "A Tour Beyond BIOS Using the Intel(R) Firmware Support Package 1.1 with the EFI Developer Kit II," April 2015
https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Creating_the_Intel_Firmware_Support_Package_Version_1_1_with_the_EFI_Developer_Kit_II.pdf

[4] Intel Firmware Support Specification External Architecture Specification (EAS), Version 1.1a, November 2015
http://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/fsp-architecture-spec-v1-1a.pdf

[5] Braswell EDKII project, April 2016
https://github.com/mangguo321/Braswell

[6] Wei, et al, "Open Braswell UEFI Codebase - Design and Porting Guide," February 2016
https://github.com/mangguo321/Braswell/blob/master/Documents/Open_Braswell_Platform_Designing_Porting_Guide.pdf

[7] Yao, et al, "A Tour Beyond BIOS Creating the Intel(R) Firmware Support Package 1.1 with the EFI
Developer Kit II, April 2015
https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Creating_the_Intel_Firmware_Support_Package_Version_1_1_with_the_EFI_Developer_Kit_II.pdf

[8] Quark FSP 1.1, April 2016
https://github.com/feizwang/quarkfsp

[9] Quark SOC code
https://github.com/tianocore/edk2/tree/master/QuarkSocPkg

[10] Intel FSP2.0 consumer code, March 2016
https://github.com/jyao1/FSP2.0

[11] EDKII project www.tianocore.org

[12] Intel Firmware Support Package (FSP)
intel.com/fsp

[13] coreboot Braswell code that consumes Intel FSP 1.1, April 2016
https://github.com/coreboot/coreboot/tree/master/src/soc/intel/braswell

[14] SMI Transfer Monitor (STM) overview, August 2015
https://firmware.intel.com/blog/stm-updates
http://vzimmer.blogspot.com/2015/08/smi-transfer-monitor-stm-unleashed.html

[15] STM Source code, March 2016
https://github.com/jyao1/STM

[16] Yao, Zimmer, "A Tour Beyond BIOS Using Intel(R) VT-d for DMA Protection in a UEFI BIOS," January 2015, https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Using_Intel_VT-d_for_DMA_Protection.pdf

[17] DMA Package https://github.com/vincentjzimmer/STM/tree/master/Test/DmaPkg

[18] Yao, Zimmer, "A Tour Beyond BIOS Launching a VMM in EFI Developer Kit II," September 2015, https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_VMM_in_EFI_Developer_Kit_II_0.pdf

[19] Zimmer, "STTS003 - Developing Best-in-Class Security Principles with Open Source Firmware", Intel Developer Forum (IDF), San Francisco, August 2015
https://firmware.intel.com/sites/default/files/STTS003%20-%20SF15_STTS003_100f.pdf

[20] STM 1.0 August 2015
https://firmware.intel.com/sites/default/files/STM_Release_1.0.zip

[21] Yao, Zimmer, "A Tour Beyond BIOS Launching STM to Monitor SMM in EDK II", August 2015 https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_STM_to_Monitor_SMM_in_EFI_Developer_Kit_II.pdf

[22] https://firmware.intel.com/blog

[23] coreboot Quark FSP MemoryInit support, January 2016 https://www.coreboot.org/pipermail/coreboot-gerrit/2016-January/039748.html

[24] coreboot convention 2016 https://www.coreboot.org/Coreboot_conference_San_Francisco_2016
https://calendar.google.com/calendar/embed?src=6b1u8iq13jj8cp6kfokq4vlo20%40group.calendar.google.com&ct=America/Los_Angeles&dates=20160612/20160616&mode=agenda

[25] EDKII CorebootPayloadPkg overview, June 14, 2016 https://calendar.google.com/calendar/embed?src=6b1u8iq13jj8cp6kfokq4vlo20%40group.calendar.google.com&ct=America/Los_Angeles&dates=20160612/20160616&mode=agenda

[26] https://github.com/tianocore/edk2/tree/master/CorebootPayloadPkg

[27] Intel Firmware Support Package (FSP) 2.0 Specification, April 2016
https://firmware.intel.com/sites/default/files/FSP_EAS_v2.0_Draft%20External.pdf

[28] Boot Setting File (BSF) Specification version 1.0, March 2016
https://firmware.intel.com/sites/default/files/BSF_1_0.pdf 

Tuesday, April 5, 2016

Colleagues across the Pacific


The nice thing about working with a multinational company (MNC) is that I have colleagues from around the world. The far east represents an important location for systems development, including Shanghai and Taipei. Regarding the former, below I had a lunch at the in-famous R&R mentioned in http://vzimmer.blogspot.com/2014/12/so-long-and-thanks-for-all-fish.html with Mike Kinney and Bryan Wang last Friday. I've worked with Mike since 1999 and he's one of the original developers of EFI1.02 through his role today in tianocore.org as one of the 3 stewards https://www.mail-archive.com/edk2-devel@lists.01.org/msg08825.html.




Moving from R&R in WA to another important Intel location, Hillsboro, OR, I caught a lunch yesterday with some colleagues from Oregon and Taipei. The below group includes Giri and Maurice. Maurice (2nd from right) is the inventor of the Intel Firmware Support Package (FSP) 1.0 - see his bio in http://www.amazon.com/Embedded-Firmware-Solutions-Development-Practices/dp/1484200713/.



Maurice and Giri (middle) helped drive definition of Intel FSP 1.1 http://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/fsp-architecture-spec-v1-1.pdf, and Page and Elvis (left 2) create the FSP 1.1 implementation https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Creating_the_Intel_Firmware_Support_Package_Version_1_1_with_the_EFI_Developer_Kit_II.pdf and EDKII code to leverage the Intel FSP 1.1 https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Using_the_Intel_Firmware_Support_Package_Version_1_1_with_the_EFI_Developer_Kit_II.pdf.

This group of technologists, with the input and assistance of others, have helped scale the Intel FSP, too. Hints of the successor to Intel FSP 1.1 are now visible in the upstream communities, as noted by http://firmwaresecurity.com/2016/03/15/intel-fsp-2-0-in-the-works/ and now visible at https://github.com/jyao1/FSP2.0.

Again, recall that Intel FSP helps us scale working with various open source communities https://firmware.intel.com/sites/default/files/resources/SF14_STTS001_102f.pdf



Working with bilingual colleagues is always interesting. If anyone complains about a Chinese engineer's English, I always remind them that their English is often much better than our Mandarin. Over lunch the aforementioned phenomena is sometimes called Chinglish for "Chinese English" https://en.wikipedia.org/wiki/Chinglish. I learned from Giri that there's a similar phenomena in India with "Hindi English" https://en.wikipedia.org/wiki/Hinglish.

So much for firmware and lunch today. Good tidings and firmware writing.