Request for hosting a boot-firmware repository in u-boot git (denx and GitHub)

Quentin Schulz quentin.schulz at cherry.de
Fri Jun 21 10:44:32 CEST 2024 

Hi Peter,

On 6/21/24 12:29 AM, Peter Robinson wrote:
> On Thu, 20 Jun 2024 at 23:22, Quentin Schulz <quentin.schulz at cherry.de> wrote:
>>
>> Hi Nishanth Menon,
>>
>> +Cc Kever from Rockchip as maintainer of the arch in U-Boot
>> +Cc Heiko as maintainer of many things Rockchip in many projects
>>
>> On 6/20/24 11:35 PM, Nishanth Menon wrote:
>>> Hi Team,
>>>
>>> We have briefly discussed this topic on IRC[1]. I would like to
>>> propose a new boot-firmware repository similar to the Linux-firmware
>>> repository under the aegis of u-boot hosting.
>>>
>>> In addition to TI, it looks like some NXP[2] and Rockchip[3]
>>> platforms seem to require additional closed-source/open-source
>>> binaries to have a complete bootable image. Distribution rights and
>>> locations of these binaries are challenging, and there needs to be a
>>> standard for how and where they are hosted for end users.
>>>
>>> Further, looking ahead to future architectures:
>>> * IP firmware: More and more IP vendors are embedding their own
>>>     "specialized controllers" and require firmware for the operation
>>>     (similar to Rockchip's DDR controller, I guess),
>>> * boot stage firmware: Additional stages of the boot process involve
>>>     vendor intermediate firmware, such as power configuration.
>>> * Security enclave binaries: While I see a few folks trying to have an
>>>     open-source s/w architecture, many PKA and PQC systems still require
>>>     prop binaries for IP reasons.
>>>
>>> NOTE: I am not judging any company(including TI) for reasons why some
>>> firmware is proprietary, but I hate to have the end users and other
>>> system (distro) maintainers have to deal with hell trying to make the
>>> life of end users easy to live with.
>>>
>>> In the case of TI's K3 architecture devices, we have two binary blobs
>>> that are critical for the boot process.
>>>
>>> 1. TIFS Firmware / DMSC firmware[4]—This is the security enclave
>>>     firmware. It is often encrypted, and sources are not public (due to
>>>     various business/regulatory reasons).
>>> 2. DM Firmware[5] - There is a source in public in some cases and
>>>     binary only in others - essentially limited function binary to be
>>>     put up in the device management uC. In cases where the source is
>>>     available, the build procedure is, in my personal opinion, pretty
>>>     arcane, and even though in theory it is practical, in practice, not
>>>     friendly - efforts are going to simplify it, even probably integrate
>>>     it with a more opensource ecosystem, but that is talking "look at the
>>>     tea leaves" stuff.
>>> 3. Low Power Management (LPM) binaries: tifs stub: another encrypted
>>>     binary that gives the tifs system context restore logic before
>>>     retrieving tifs firmware and a corresponding DM restoration binary.
>>>
>>> All told, this is not unlike the situation that necessitated the
>>> creation of a Linux firmware repository.
>>>
>>> Options that I see:
>>>
>>> 1. Let the status quo be - SoC vendors maintain random locations and
>>>     random rules to maintain boot firmware.
>>> 2. Ask Linux-firmware to host the binaries in a single canonical
>>>     location
>>> 3. Host a boot-firmware repository - u-boot repo may be the more
>>>     logical location.
>>>
>>> * (1) isn't the correct answer.
>>>
>>> * (2) Though I haven't seen any policy from the Linux-firmware
>>>     community mandating anything of the form, the binaries we are talking
>>>     of may not belong to Linux-firmware as they aren't strictly speaking
>>>     something Linux kernel will load (since the bootloader has that
>>>     responsibility), and in some cases may not even directly talk to
>>>     (security enclave or DDR firmware stuff). I am adding Josh to this
>>>     mail to see if he has any opinions on the topic (but keeping
>>>     from cross posting on linux-firmware list, unless folks feel it is
>>>     OK).
>>>
>>> On (3):
>>> Proposal:
>>>
>>> * Create a boot firmware repository in Denx and/or GitHub (if
>>>     financials are a hurdle, I hope we can solve it as a community).
>>> * Limit binaries only to those consumed part of the u-boot scope.
>>>
>>> * Limit binaries only to those that do not have an opensource project
>>>     (Trusted Firmware-A/M, OP-TEE, etc..) or depend entirely on vendor
>>>     source or are binary only in nature (subject to licensing terms below)
>>
>> FYI, on Rockchip, there are currently three blobs **we** use on Aarch64
>> (i have only worked with RK3399, PX30 and RK3588, so they may be more :) ):
>>    - DDR bin/TPL no clue what this actually is under the hood. I think
>> most SoCs do not get an open-source DDR init in U-Boot sadly, therefore
>> mandatory until it isn't,
>>    - BL31, mandatory on Aarch64, a blob that is an old TF-A (v2.2/2.3 I
>> don't remember anymore). I don't know the state for all SoCs, but I can
>> say the RK3399, PX30 and RK3568 have an open one, RK3588 is one the way
>> (but considering the RK3568 and RK3588 were released years ago, BL31
>> blob is mandatory for a while),
> 
> rk3568 is now upstream, there was a PR upstream for this for some
> time, similar to rk3588, albeit not as long as rk56x. In some cases
> the issue here is the speed of review of upstream ATF. I don't think
> that means it should go into something like this.
> 

If the BL31 blob doesn't go into boot-firmware, I don't see the benefit 
of boot-firmware for Rockchip platforms to be honest. Instead of telling 
people to get their firmware from github.com/rockchip-linux/rkbin we'll 
tell them to get one from rkbin and the other from boot-firmware. And I 
have a feeling that if that's how it'll go that the vendor will just not 
care about boot-firmware as they would anyway need to keep updating 
rkbin as well.

It doesn't matter whose fault it is for not being upstreamed earlier, 
the fact is, we still don't have a **merged** open-source BL31 for 
RK3588 2 and half years after the Rock5B from Radxa was announced. So in 
that whole timeframe, we have to work with blobs (or maintain your own 
forked TF-A whenever patches are posted and hope it works well enough).

[...]

>> FYI, the DDR bin is printing stuff on the console, so we had to modify
>> it (with a tool from Rockchip) to remove the gibberish breaking the
>> terminal by setting the appropriate controller, mux and baudrate (for
>> our products, there's no one size fits all :) ). The question is how to
>> handle this since we cannot realistically store every possible
>> permutation of that binary for each UART controller, mux of UART
>> controller and baudrate (the only parameters **we** modify, but there
>> are tons of others).
> 
> I think those sort of things should be mostly quiet TBH.

Mostly != fully. The console doesn't break consistently so I assume that 
if it even prints a tiny bit of info it would still be able to break 
stuff. I assume we could have binman run some logic to replace the uart 
controller, mux and baudrate. Not sure we want that but we could.

Also, the DDR bin is passing the console info to the BL31 binary through 
ATAGS, so if you don't fix the DDR bin baudrate, controller and mux, the 
BL31 will also not be fixed.

Cheers,
Quentin

More information about the U-Boot mailing list