Request for hosting a boot-firmware repository in u-boot git (denx and GitHub)

[Quentin Schulz]

Hi Nishanth Menon,

+Cc Kever from Rockchip as maintainer of the arch in U-Boot
+Cc Heiko as maintainer of many things Rockchip in many projects

On 6/20/24 11:35 PM, Nishanth Menon wrote:
> Hi Team,
> 
> We have briefly discussed this topic on IRC[1]. I would like to
> propose a new boot-firmware repository similar to the Linux-firmware
> repository under the aegis of u-boot hosting.
> 
> In addition to TI, it looks like some NXP[2] and Rockchip[3]
> platforms seem to require additional closed-source/open-source
> binaries to have a complete bootable image. Distribution rights and
> locations of these binaries are challenging, and there needs to be a
> standard for how and where they are hosted for end users.
> 
> Further, looking ahead to future architectures:
> * IP firmware: More and more IP vendors are embedding their own
>    "specialized controllers" and require firmware for the operation
>    (similar to Rockchip's DDR controller, I guess),
> * boot stage firmware: Additional stages of the boot process involve
>    vendor intermediate firmware, such as power configuration.
> * Security enclave binaries: While I see a few folks trying to have an
>    open-source s/w architecture, many PKA and PQC systems still require
>    prop binaries for IP reasons.
> 
> NOTE: I am not judging any company(including TI) for reasons why some
> firmware is proprietary, but I hate to have the end users and other
> system (distro) maintainers have to deal with hell trying to make the
> life of end users easy to live with.
> 
> In the case of TI's K3 architecture devices, we have two binary blobs
> that are critical for the boot process.
> 
> 1. TIFS Firmware / DMSC firmware[4]—This is the security enclave
>    firmware. It is often encrypted, and sources are not public (due to
>    various business/regulatory reasons).
> 2. DM Firmware[5] - There is a source in public in some cases and
>    binary only in others - essentially limited function binary to be
>    put up in the device management uC. In cases where the source is
>    available, the build procedure is, in my personal opinion, pretty
>    arcane, and even though in theory it is practical, in practice, not
>    friendly - efforts are going to simplify it, even probably integrate
>    it with a more opensource ecosystem, but that is talking "look at the
>    tea leaves" stuff.
> 3. Low Power Management (LPM) binaries: tifs stub: another encrypted
>    binary that gives the tifs system context restore logic before
>    retrieving tifs firmware and a corresponding DM restoration binary.
> 
> All told, this is not unlike the situation that necessitated the
> creation of a Linux firmware repository.
> 
> Options that I see:
> 
> 1. Let the status quo be - SoC vendors maintain random locations and
>    random rules to maintain boot firmware.
> 2. Ask Linux-firmware to host the binaries in a single canonical
>    location
> 3. Host a boot-firmware repository - u-boot repo may be the more
>    logical location.
> 
> * (1) isn't the correct answer.
> 
> * (2) Though I haven't seen any policy from the Linux-firmware
>    community mandating anything of the form, the binaries we are talking
>    of may not belong to Linux-firmware as they aren't strictly speaking
>    something Linux kernel will load (since the bootloader has that
>    responsibility), and in some cases may not even directly talk to
>    (security enclave or DDR firmware stuff). I am adding Josh to this
>    mail to see if he has any opinions on the topic (but keeping
>    from cross posting on linux-firmware list, unless folks feel it is
>    OK).
> 
> On (3):
> Proposal:
> 
> * Create a boot firmware repository in Denx and/or GitHub (if
>    financials are a hurdle, I hope we can solve it as a community).
> * Limit binaries only to those consumed part of the u-boot scope.
> 
> * Limit binaries only to those that do not have an opensource project
>    (Trusted Firmware-A/M, OP-TEE, etc..) or depend entirely on vendor
>    source or are binary only in nature (subject to licensing terms below)

FYI, on Rockchip, there are currently three blobs **we** use on Aarch64 
(i have only worked with RK3399, PX30 and RK3588, so they may be more :) ):
  - DDR bin/TPL no clue what this actually is under the hood. I think 
most SoCs do not get an open-source DDR init in U-Boot sadly, therefore 
mandatory until it isn't,
  - BL31, mandatory on Aarch64, a blob that is an old TF-A (v2.2/2.3 I 
don't remember anymore). I don't know the state for all SoCs, but I can 
say the RK3399, PX30 and RK3568 have an open one, RK3588 is one the way 
(but considering the RK3568 and RK3588 were released years ago, BL31 
blob is mandatory for a while),
  - BL32, OP-TEE. I don't think we support it upstream for Aarch64 (I 
think there was some issue around the binary format being different than 
the upstream OP-TEE?). Don't know the state for Aarch32 SoCs though.
  - I vaguely remember something about a miniloader but have no clue 
what is its use as I've never had to use it, mentioning it anyway.

So, BL31 and BL32 are blobs but based on open-source projects with 
"weak" licensing requirements. This means "Limit binaries only to those 
that do not have an opensource project" is maybe not the correct wording 
(or it is and then we can only have the DDR bin there, which isn't 
necessarily a win since we would have to fetch the binaries from some 
other places as well).

FYI, the DDR bin is printing stuff on the console, so we had to modify 
it (with a tool from Rockchip) to remove the gibberish breaking the 
terminal by setting the appropriate controller, mux and baudrate (for 
our products, there's no one size fits all :) ). The question is how to 
handle this since we cannot realistically store every possible 
permutation of that binary for each UART controller, mux of UART 
controller and baudrate (the only parameters **we** modify, but there 
are tons of others).

Cheers,
Quentin