[PATCH 0/7] efi: Various tidy-ups and drop the default

Simon Glass sjg at chromium.org
Mon Jun 28 16:18:26 CEST 2021


Hi Tom, Mark,

On Mon, 28 Jun 2021 at 07:37, Tom Rini <trini at konsulko.com> wrote:
>
> On Mon, Jun 28, 2021 at 10:38:50AM +0200, Mark Kettenis wrote:
> > > From: Simon Glass <sjg at chromium.org>
> > > Date: Sun, 27 Jun 2021 19:48:34 -0600
> > >
> > > It has come to light that EFI_LOADER adds an extraordinary amount of
> > > code to U-Boot. For example, with nokia_rx51 the size delta is about
> > > 90KB. About 170 boards explicitly disable the option, but is is clear
> > > that many more could, thus saving image size and boot time.
> >
> > EFI_LOADER used to be a lot smaller.  It is great to see that over the
> > years UEFI support has become more complete, but a lot of that new
> > code implements features that are not at all essential for just
> > booting an OS from storage.  If that growth leads to the suggestion to
> > disable EFI_LOADER completely by default, we're putting the cart
> > before the horse.
>
> Well, I see I forgot to prefix my patch with RFC, but I hadn't found
> EFI_LOADER being used in the wild on armv7, but wasn't sure about the
> BSD families.  I did see that Debian doesn't use it, and that Armbian
> doesn't even use it on aarch64.
>
> > > The current situation is affecting U-Boot's image as a svelt bootloader.
> >
> > Really?  I know UEFI has a bad reputation in the Open Source world,
> > and some of its Microsoft-isms are really annoying (yay UCS-2).  But
> > it works, it provides a standardized approach across several platforms
> > (ARMv7, AMRv8, RISC-V) and the industry seems to like it.  Personally
> > I'd wish the industry had standardized on Open Firmware instead, but
> > that ship sailed a long time ago...
> >
> > I find it hard to imagine that 90k is a serious amount of storage for
> > something that is going to include a multi-MB Linux kernel.  This
> > isn't code that lives in SPL or TPL where severe size restrictions
> > apply.
>
> In one of those cases where I need to pop back in to the other (Nokia
> N900 specific) thread and see if the big size reduction really was just
> disabling EFI_LOADER, it's perhaps just one of those "fun" things about
> Kconfig and anything other than "make oldconfig" for spotting new config
> options that default to enabled.

Yes it will be interesting to see what you find there. My results on
nokia_rx51 were something like this:

default
        arm: (for 1/1 boards) all +129370.0 bss +1136.0 data +7399.0
rodata +10989.0 text +109846.0

without ebbr
       arm: (for 1/1 boards) all +38460.0 bss +1040.0 data +2375.0
rodata +5333.0 text +29712.0

with various other things:
CONFIG_OF_LIBFDT_ASSUME_MASK=7
# CONFIG_OF_TRANSLATE is not set
# CONFIG_SIMPLE_BUS is not set
# CONFIG_TI_SYSC is not set
# CONFIG_CMD_FDT is not set

       arm: (for 1/1 boards) all +19170.0 bss -16.0 data +360.0 rodata
+3274.0 text +15552.0

(Mark, in the same email:)
> > FIT simply isn't fit for purpose (pun intended).  It only really works
> > for booting Linux, and forces people to combine u-boot, kernel,
> > initial ramdisk and other firmware components into a single image.
> > That is really undesirable as:
> > - This makes it sigificantly harder to update individual components of
> >   such an image.  Making it hard to update a kernel is obviously a
> >   serious security risk.
> > - This makes it impossible to build an OS install image that works om
> >   multiple boards/SoCs.


I would really like to understand this better. The whole thing is a
complete mystery to me.

Firstly I have sometimes fiddled with booting other OSes using FIT. It
seemed OK. I can't see why it only works with Linux.

Secondly, I don't expect that U-Boot itself would be in the FIT.

Thirdly, do you really want the kernel and initrd to be separate? At
least in the systems I have used, they are built together, even having
the same name, e.g.:

initrd.img-5.10.40-1rodete1-amd64
System.map-5.10.40-1rodete1-amd64
vmlinuz-5.10.28-1rodete2-amd64

Finally, for the firmware components, do you mean system firmware? If
so, I would expect it to be more convenient to distribute updates to
that separately, although I suppose they could be combined with the
kernel if the combinatorial explosion can be contained. What is the
problem, exactly? (If you mean peripheral firmware, I would expect
fwupd to handle that.)

What exactly is impossible? Can you please be more specific?

FIT is just a container. It seems to have been rejected by the EFI
crew at some point. Perhaps I just need to try to use it with one of
the distros out there, to actually understand what is going on here.
But any help is appreciated.

>
> > > EFI_LOADER is required by EBBR, a new boot standard which aims to
> > > bring in UEFI protocols to U-Boot. But EBRR is not required for
> > > booting. U-Boot already provides support for FIT, the 'bootm' command
> > > and a suitable hand-off to Linux. EBRR has made the decision to create
> > > a parallel infrastructure, e.g. does not use FIT, nor U-Boot's signing
> > > infrastructure.
> >
> > EFI_LOADER is required to boot FreeBSD and OpenBSD on several
> > platforms as well as generic Linux distros.  For example
> > OpenBSD/armv7, OpenBSD/arm64 and OpenBSD/riscv64 all rely on
> > EFI_LOADER to boot and have done so for the last 4 years.  The fact
> > that ARM has embraced UEFI as an embedded boot standard and branded it
> > EBBR really isn't all that relevant.
>
> To be clear here, I like EFI_LOADER.  I too do wish some other
> technologies had become dominant for technical rather than inertia
> reasons, but here we are.  Having played around with it on aarch64,
> there are some pretty nice comes-along-with parts to it.
>
> What I hadn't seen, and am only a little skeptical of still, is how far
> backwards in generations it's going to be used on.  The general wish is
> that users nor off the shelf OS groups need to rebuild U-Boot for a
> given board, and instead it just works.  The number of new designs for
> 32bit parts is no where near the number of new designs for 64bit parts.
> So what we're seeing in U-Boot now is people updating support on their
> older designs, and not necessarily caring about using EFI_LOADER.

In a reply to one of the patches in this series, Heinrich mentions a
few problems that need resolving (devices for partitions and file
handles). Both of those features should first be added to U-Boot, so
EFI can then use that support. In general, EFI has tried to work
beside driver model, creating its own parallel tables, etc. I have
tried to influence this at various points along the way, including at
the start and I'm happy to dig out those threads if it helps. But I
wasn't kidding. it really needs to be addressed. I would love to see
Linaro (for example) organise something here and take this on. I am
very happy to help.

Regards,
Simon


More information about the U-Boot mailing list