* [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds @ 2019-06-24 15:53 Tomas Pilar (tpilar) 2019-06-24 21:28 ` Laszlo Ersek 2019-06-25 14:52 ` Philippe Mathieu-Daudé 0 siblings, 2 replies; 7+ messages in thread From: Tomas Pilar (tpilar) @ 2019-06-24 15:53 UTC (permalink / raw) To: Devel EDK2; +Cc: jordan.l.justen@intel.com, Laszlo Ersek, Ard Biesheuvel Switching to this library enables capsule support for FMP devices. This will allow testing of FMP for PCI devices using OVMF and PCI passthrough as well as software parts of the FMP API. Simple tests show that a capsule with an embedded driver now updates using CapsuleApp. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Tomas Pilar <tpilar@solarflare.com> --- OvmfPkg/OvmfPkgX64.dsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 39ac791565..4c41e59a75 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -125,7 +125,7 @@ UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf -- 2.17.2 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds 2019-06-24 15:53 [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds Tomas Pilar (tpilar) @ 2019-06-24 21:28 ` Laszlo Ersek 2019-07-03 11:31 ` [edk2-devel] " Tomas Pilar (tpilar) 2019-06-25 14:52 ` Philippe Mathieu-Daudé 1 sibling, 1 reply; 7+ messages in thread From: Laszlo Ersek @ 2019-06-24 21:28 UTC (permalink / raw) To: Tomas Pilar (tpilar), Devel EDK2 Cc: jordan.l.justen@intel.com, Ard Biesheuvel, Michael Kinney (+Mike) On 06/24/19 17:53, Tomas Pilar (tpilar) wrote: > Switching to this library enables capsule support for FMP devices. > This will allow testing of FMP for PCI devices using OVMF and PCI > passthrough as well as software parts of the FMP API. > > Simple tests show that a capsule with an embedded driver now > updates using CapsuleApp. > > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Signed-off-by: Tomas Pilar <tpilar@solarflare.com> > --- > OvmfPkg/OvmfPkgX64.dsc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 39ac791565..4c41e59a75 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -125,7 +125,7 @@ > UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf > BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf > FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf > - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf > DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf > PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf > (I couldn't respond in time to the v1 posting, so I'm responding here.) (1) I'd like the commit message to be (even) more comprehensive. (Yes, I realize v2 is already an improvement in that direction, due to Ard's comments on v1.) In particular, I'd like to see "MdeModulePkg/Universal/CapsuleRuntimeDxe" being mentioned, as the implementation for the capsule runtime services, for which CapsuleLib provides the back-end. If there are other drivers affected, please list those as well (they can be collected from the OVMF build report file (--report-file=...). The pre-patch code was added in commit 49ba9447c92d ("Add initial version of Open Virtual Machine Firmware (OVMF) platform.", 2009-05-27), so this isn't exactly an oft-visited part of the DSC file(s) -- more explanation is welcome. (2) I see this change as part of a much larger feature, "capsule support". Multiple people have expressed interest in that (Mike had even run some WIP patches by me earlier, off-list). Ultimately it would aim at updating the platform firmware flash too, from the inside. (Which in turn would require us to solve <https://bugzilla.tianocore.org/show_bug.cgi?id=386> as well -- but that's just a minuscule part of the whole.) If I'm mistaken in this regard (that is, regarding feature size), please correct me. If I'm right (or sort-of-right), then please make this lib class resolution dependent on a new build flag (such as CAPSULE_ENABLE or similar). The default value should be FALSE. (3) I think the separate build flag (default FALSE) is even more desirable because with capsule updates supported for add-on devices, you can screw up an assigned *physical* device for good, with a botched firmware update. That's a "feature" we shouldn't enable lightly. (4) All of the OvmfPkg/OvmfPkg*.dsc files should be modified in sync. Thanks Laszlo ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds 2019-06-24 21:28 ` Laszlo Ersek @ 2019-07-03 11:31 ` Tomas Pilar (tpilar) 2019-07-03 14:45 ` Laszlo Ersek 0 siblings, 1 reply; 7+ messages in thread From: Tomas Pilar (tpilar) @ 2019-07-03 11:31 UTC (permalink / raw) To: devel, lersek; +Cc: jordan.l.justen@intel.com, Ard Biesheuvel, Michael Kinney On 24/06/2019 22:28, Laszlo Ersek wrote: > (+Mike) > > On 06/24/19 17:53, Tomas Pilar (tpilar) wrote: >> Switching to this library enables capsule support for FMP devices. >> This will allow testing of FMP for PCI devices using OVMF and PCI >> passthrough as well as software parts of the FMP API. >> >> Simple tests show that a capsule with an embedded driver now >> updates using CapsuleApp. >> >> Cc: Jordan Justen <jordan.l.justen@intel.com> >> Cc: Laszlo Ersek <lersek@redhat.com> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> Signed-off-by: Tomas Pilar <tpilar@solarflare.com> >> --- >> OvmfPkg/OvmfPkgX64.dsc | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >> index 39ac791565..4c41e59a75 100644 >> --- a/OvmfPkg/OvmfPkgX64.dsc >> +++ b/OvmfPkg/OvmfPkgX64.dsc >> @@ -125,7 +125,7 @@ >> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf >> BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf >> FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf >> - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf >> + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf >> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf >> DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf >> PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf >> > (I couldn't respond in time to the v1 posting, so I'm responding here.) > > (1) I'd like the commit message to be (even) more comprehensive. (Yes, I > realize v2 is already an improvement in that direction, due to Ard's > comments on v1.) > > In particular, I'd like to see > "MdeModulePkg/Universal/CapsuleRuntimeDxe" being mentioned, as the > implementation for the capsule runtime services, for which CapsuleLib > provides the back-end. > > If there are other drivers affected, please list those as well (they can > be collected from the OVMF build report file (--report-file=...). The > pre-patch code was added in commit 49ba9447c92d ("Add initial version of > Open Virtual Machine Firmware (OVMF) platform.", 2009-05-27), so this > isn't exactly an oft-visited part of the DSC file(s) -- more explanation > is welcome. Best I can tell based on the report, only CapsuleRuntimeDxe consumes the CapsuleLib in the Ovmf platform build. > > (2) I see this change as part of a much larger feature, "capsule > support". Multiple people have expressed interest in that (Mike had even > run some WIP patches by me earlier, off-list). Ultimately it would aim > at updating the platform firmware flash too, from the inside. (Which in > turn would require us to solve > <https://bugzilla.tianocore.org/show_bug.cgi?id=386> as well -- but > that's just a minuscule part of the whole.) It is quite out of scope for me to try and solve the problem of platform flash update. If the platform firmware publishes FMP instance then this library should Just Work unless there is a problem with flash locking that requires capsule in memory processed during SEC or PEI (correct me if I am wrong). > If I'm mistaken in this regard (that is, regarding feature size), please > correct me. If I'm right (or sort-of-right), then please make this lib > class resolution dependent on a new build flag (such as CAPSULE_ENABLE > or similar). The default value should be FALSE. The size increase due to including this library over the Null library is 0x4c1000 -> 0x4c6000 for the DXEFV. Seems fairly trivial to me. > > > (3) I think the separate build flag (default FALSE) is even more > desirable because with capsule updates supported for add-on devices, you > can screw up an assigned *physical* device for good, with a botched > firmware update. That's a "feature" we shouldn't enable lightly. I am not sure this is really necessary. If you configure your VM with PCI passthrough, which requires you to correctly configure IOMMU and the host virtualization support you are giving the VM the full, unqualified control over that device - that is what PCI passthrough means. If that's the case, you can brick your device in many different ways of which firmware update is just one. Similarly, users performing a flash update already know all the dangers - do not turn off the computer, do not do stupid things. It seems somewhat unnecessary to include the extra flag that amounts to "If you give the VM unqualified control over your device do you want the VM to be able to do a firmware update". > > > (4) All of the OvmfPkg/OvmfPkg*.dsc files should be modified in sync. > > > Thanks > Laszlo > > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds 2019-07-03 11:31 ` [edk2-devel] " Tomas Pilar (tpilar) @ 2019-07-03 14:45 ` Laszlo Ersek 2019-07-03 15:28 ` Tomas Pilar (tpilar) 0 siblings, 1 reply; 7+ messages in thread From: Laszlo Ersek @ 2019-07-03 14:45 UTC (permalink / raw) To: Tomas Pilar (tpilar), devel Cc: jordan.l.justen@intel.com, Ard Biesheuvel, Michael Kinney On 07/03/19 13:31, Tomas Pilar (tpilar) wrote: > On 24/06/2019 22:28, Laszlo Ersek wrote: >> (+Mike) >> >> On 06/24/19 17:53, Tomas Pilar (tpilar) wrote: >>> Switching to this library enables capsule support for FMP devices. >>> This will allow testing of FMP for PCI devices using OVMF and PCI >>> passthrough as well as software parts of the FMP API. >>> >>> Simple tests show that a capsule with an embedded driver now >>> updates using CapsuleApp. >>> >>> Cc: Jordan Justen <jordan.l.justen@intel.com> >>> Cc: Laszlo Ersek <lersek@redhat.com> >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >>> Signed-off-by: Tomas Pilar <tpilar@solarflare.com> >>> --- >>> OvmfPkg/OvmfPkgX64.dsc | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >>> index 39ac791565..4c41e59a75 100644 >>> --- a/OvmfPkg/OvmfPkgX64.dsc >>> +++ b/OvmfPkg/OvmfPkgX64.dsc >>> @@ -125,7 +125,7 @@ >>> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf >>> BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf >>> FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf >>> - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf >>> + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf >>> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf >>> DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf >>> PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf >>> >> (I couldn't respond in time to the v1 posting, so I'm responding here.) >> >> (1) I'd like the commit message to be (even) more comprehensive. (Yes, I >> realize v2 is already an improvement in that direction, due to Ard's >> comments on v1.) >> >> In particular, I'd like to see >> "MdeModulePkg/Universal/CapsuleRuntimeDxe" being mentioned, as the >> implementation for the capsule runtime services, for which CapsuleLib >> provides the back-end. >> >> If there are other drivers affected, please list those as well (they can >> be collected from the OVMF build report file (--report-file=...). The >> pre-patch code was added in commit 49ba9447c92d ("Add initial version of >> Open Virtual Machine Firmware (OVMF) platform.", 2009-05-27), so this >> isn't exactly an oft-visited part of the DSC file(s) -- more explanation >> is welcome. > Best I can tell based on the report, only CapsuleRuntimeDxe consumes the > CapsuleLib in the Ovmf platform build. OK, thanks. So please name CapsuleRuntimeDxe, and the runtime service(s) it's responsible for. >> (2) I see this change as part of a much larger feature, "capsule >> support". Multiple people have expressed interest in that (Mike had even >> run some WIP patches by me earlier, off-list). Ultimately it would aim >> at updating the platform firmware flash too, from the inside. (Which in >> turn would require us to solve >> <https://bugzilla.tianocore.org/show_bug.cgi?id=386> as well -- but >> that's just a minuscule part of the whole.) > It is quite out of scope for me to try and solve the problem of platform flash update. > If the platform firmware publishes FMP instance then this library should Just Work > unless there is a problem with flash locking that requires capsule in memory processed > during SEC or PEI (correct me if I am wrong). >> If I'm mistaken in this regard (that is, regarding feature size), please >> correct me. If I'm right (or sort-of-right), then please make this lib >> class resolution dependent on a new build flag (such as CAPSULE_ENABLE >> or similar). The default value should be FALSE. > The size increase due to including this library over the Null library is 0x4c1000 -> 0x4c6000 > for the DXEFV. Seems fairly trivial to me. Sorry, I must have been unclear. First, I definitely don't suggest that you take on platform flash update. Second, I wasn't concerned about an increase in the firmware binary size. I should have written "scope", rather than "size". So, to clarify, I see this feature fall under the same larger scope as "platform flash update", and that scope is large enough to deserve a new "-D" flag, even if the current change is just a tiny sub-feature of that scope. >> (3) I think the separate build flag (default FALSE) is even more >> desirable because with capsule updates supported for add-on devices, you >> can screw up an assigned *physical* device for good, with a botched >> firmware update. That's a "feature" we shouldn't enable lightly. > I am not sure this is really necessary. If you configure your VM with PCI passthrough, > which requires you to correctly configure IOMMU and the host virtualization support > you are giving the VM the full, unqualified control over that device - that is what PCI > passthrough means. If that's the case, you can brick your device in many different > ways of which firmware update is just one. I'm not sure I agree with you. For sake of discussion, just remove the entire VM / device assignment concept from the picture -- assume a card is simply plugged into a normal physical system, and a user runs a normal OS on the physical system. Do we really think that the user can brick their device in many different ways (just by virtue of this run-of-the-mill physical setup), of which firmware update is just one way? I'd opine a physical system user would never brick their card, *unless* they attempted a firmware upgrade on it. > Similarly, users performing a flash update already know all the dangers - do not turn > off the computer, do not do stupid things. > > It seems somewhat unnecessary to include the extra flag that amounts to "If you give > the VM unqualified control over your device do you want the VM to be able to do a > firmware update". I don't have evidence that you are wrong, and you could even be right, in a strict technical sense. However, "vectors" (avenues for arriving at the same thing) matter. In my opinion, it is a lot harder for a user to unintentionally shoot themselves in the foot if this feature is off by default. Thanks Laszlo >> (4) All of the OvmfPkg/OvmfPkg*.dsc files should be modified in sync. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds 2019-07-03 14:45 ` Laszlo Ersek @ 2019-07-03 15:28 ` Tomas Pilar (tpilar) 0 siblings, 0 replies; 7+ messages in thread From: Tomas Pilar (tpilar) @ 2019-07-03 15:28 UTC (permalink / raw) To: Laszlo Ersek, Devel EDK2 Cc: jordan.l.justen@intel.com, Ard Biesheuvel, Michael Kinney Fair enough, I'll spin a new patch. -----Original Message----- From: Laszlo Ersek <lersek@redhat.com> Sent: 03 July 2019 15:46 To: Tomas Pilar <tpilar@solarflare.com>; Devel EDK2 <devel@edk2.groups.io> Cc: jordan.l.justen@intel.com; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Michael Kinney <michael.d.kinney@intel.com> Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds On 07/03/19 13:31, Tomas Pilar (tpilar) wrote: > On 24/06/2019 22:28, Laszlo Ersek wrote: >> (+Mike) >> >> On 06/24/19 17:53, Tomas Pilar (tpilar) wrote: >>> Switching to this library enables capsule support for FMP devices. >>> This will allow testing of FMP for PCI devices using OVMF and PCI >>> passthrough as well as software parts of the FMP API. >>> >>> Simple tests show that a capsule with an embedded driver now updates >>> using CapsuleApp. >>> >>> Cc: Jordan Justen <jordan.l.justen@intel.com> >>> Cc: Laszlo Ersek <lersek@redhat.com> >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >>> Signed-off-by: Tomas Pilar <tpilar@solarflare.com> >>> --- >>> OvmfPkg/OvmfPkgX64.dsc | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index >>> 39ac791565..4c41e59a75 100644 >>> --- a/OvmfPkg/OvmfPkgX64.dsc >>> +++ b/OvmfPkg/OvmfPkgX64.dsc >>> @@ -125,7 +125,7 @@ >>> UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf >>> BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf >>> >>> FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib >>> .inf >>> - >>> CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull. >>> inf >>> + >>> + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsule >>> + Lib.inf >>> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf >>> DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf >>> >>> PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/Bas >>> ePeCoffGetEntryPointLib.inf >>> >> (I couldn't respond in time to the v1 posting, so I'm responding >> here.) >> >> (1) I'd like the commit message to be (even) more comprehensive. >> (Yes, I realize v2 is already an improvement in that direction, due >> to Ard's comments on v1.) >> >> In particular, I'd like to see >> "MdeModulePkg/Universal/CapsuleRuntimeDxe" being mentioned, as the >> implementation for the capsule runtime services, for which CapsuleLib >> provides the back-end. >> >> If there are other drivers affected, please list those as well (they >> can be collected from the OVMF build report file (--report-file=...). >> The pre-patch code was added in commit 49ba9447c92d ("Add initial >> version of Open Virtual Machine Firmware (OVMF) platform.", >> 2009-05-27), so this isn't exactly an oft-visited part of the DSC >> file(s) -- more explanation is welcome. > Best I can tell based on the report, only CapsuleRuntimeDxe consumes > the CapsuleLib in the Ovmf platform build. OK, thanks. So please name CapsuleRuntimeDxe, and the runtime service(s) it's responsible for. >> (2) I see this change as part of a much larger feature, "capsule >> support". Multiple people have expressed interest in that (Mike had >> even run some WIP patches by me earlier, off-list). Ultimately it >> would aim at updating the platform firmware flash too, from the >> inside. (Which in turn would require us to solve >> <https://bugzilla.tianocore.org/show_bug.cgi?id=386> as well -- but >> that's just a minuscule part of the whole.) > It is quite out of scope for me to try and solve the problem of platform flash update. > If the platform firmware publishes FMP instance then this library > should Just Work unless there is a problem with flash locking that > requires capsule in memory processed during SEC or PEI (correct me if I am wrong). >> If I'm mistaken in this regard (that is, regarding feature size), >> please correct me. If I'm right (or sort-of-right), then please make >> this lib class resolution dependent on a new build flag (such as >> CAPSULE_ENABLE or similar). The default value should be FALSE. > The size increase due to including this library over the Null library > is 0x4c1000 -> 0x4c6000 for the DXEFV. Seems fairly trivial to me. Sorry, I must have been unclear. First, I definitely don't suggest that you take on platform flash update. Second, I wasn't concerned about an increase in the firmware binary size. I should have written "scope", rather than "size". So, to clarify, I see this feature fall under the same larger scope as "platform flash update", and that scope is large enough to deserve a new "-D" flag, even if the current change is just a tiny sub-feature of that scope. >> (3) I think the separate build flag (default FALSE) is even more >> desirable because with capsule updates supported for add-on devices, >> you can screw up an assigned *physical* device for good, with a >> botched firmware update. That's a "feature" we shouldn't enable lightly. > I am not sure this is really necessary. If you configure your VM with > PCI passthrough, which requires you to correctly configure IOMMU and > the host virtualization support you are giving the VM the full, > unqualified control over that device - that is what PCI passthrough > means. If that's the case, you can brick your device in many different ways of which firmware update is just one. I'm not sure I agree with you. For sake of discussion, just remove the entire VM / device assignment concept from the picture -- assume a card is simply plugged into a normal physical system, and a user runs a normal OS on the physical system. Do we really think that the user can brick their device in many different ways (just by virtue of this run-of-the-mill physical setup), of which firmware update is just one way? I'd opine a physical system user would never brick their card, *unless* they attempted a firmware upgrade on it. > Similarly, users performing a flash update already know all the > dangers - do not turn off the computer, do not do stupid things. > > It seems somewhat unnecessary to include the extra flag that amounts > to "If you give the VM unqualified control over your device do you > want the VM to be able to do a firmware update". I don't have evidence that you are wrong, and you could even be right, in a strict technical sense. However, "vectors" (avenues for arriving at the same thing) matter. In my opinion, it is a lot harder for a user to unintentionally shoot themselves in the foot if this feature is off by default. Thanks Laszlo >> (4) All of the OvmfPkg/OvmfPkg*.dsc files should be modified in sync. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds 2019-06-24 15:53 [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds Tomas Pilar (tpilar) 2019-06-24 21:28 ` Laszlo Ersek @ 2019-06-25 14:52 ` Philippe Mathieu-Daudé 2019-06-25 15:14 ` Tomas Pilar (tpilar) 1 sibling, 1 reply; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2019-06-25 14:52 UTC (permalink / raw) To: devel, tpilar; +Cc: jordan.l.justen@intel.com, Laszlo Ersek, Ard Biesheuvel Hi Tomas, On 6/24/19 5:53 PM, Tomas Pilar (tpilar) wrote: > Switching to this library enables capsule support for FMP devices. > This will allow testing of FMP for PCI devices using OVMF and PCI > passthrough as well as software parts of the FMP API. > > Simple tests show that a capsule with an embedded driver now > updates using CapsuleApp. How can I test this? Thanks, Phil. > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Signed-off-by: Tomas Pilar <tpilar@solarflare.com> > --- > OvmfPkg/OvmfPkgX64.dsc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 39ac791565..4c41e59a75 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -125,7 +125,7 @@ > UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf > BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf > FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf > - CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf > DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf > PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds 2019-06-25 14:52 ` Philippe Mathieu-Daudé @ 2019-06-25 15:14 ` Tomas Pilar (tpilar) 0 siblings, 0 replies; 7+ messages in thread From: Tomas Pilar (tpilar) @ 2019-06-25 15:14 UTC (permalink / raw) To: Philippe Mathieu-Daudé, Devel EDK2 Cc: jordan.l.justen@intel.com, Laszlo Ersek, Ard Biesheuvel I mean you need a PCI device with a UEFI driver that implements FMP to test this. Our Solarflare driver currently does, so I can test this, I've sent two of our NICs to Peter Jones @ RedHat (If you are interested, I can get you a sample of our adapter along with drivers). Once you have your PCI device and a driver, you make a capsule using GenerateCapsule, adding the driver alongside your payload. With newish qemu and ovmf you can use PCI passthrough (also called hostdev) to pass the PCI device entirely into the VM. Then you run CapsuleApp.efi (built from MdeModulePkg) in UEFI shell in that VM and pass the capsule as first parameter. That's all there is to it. I can share my libvirt XML containing the hostdev configuration if you'd like. Cheers, Tom -----Original Message----- From: Philippe Mathieu-Daudé <philmd@redhat.com> Sent: 25 June 2019 15:52 To: Devel EDK2 <devel@edk2.groups.io>; Tomas Pilar <tpilar@solarflare.com> Cc: jordan.l.justen@intel.com; Laszlo Ersek <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org> Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds Hi Tomas, On 6/24/19 5:53 PM, Tomas Pilar (tpilar) wrote: > Switching to this library enables capsule support for FMP devices. > This will allow testing of FMP for PCI devices using OVMF and PCI > passthrough as well as software parts of the FMP API. > > Simple tests show that a capsule with an embedded driver now updates > using CapsuleApp. How can I test this? Thanks, Phil. > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Signed-off-by: Tomas Pilar <tpilar@solarflare.com> > --- > OvmfPkg/OvmfPkgX64.dsc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index > 39ac791565..4c41e59a75 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -125,7 +125,7 @@ > UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf > BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf > > FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.i > nf > - > CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.in > f > + > + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLi > + b.inf > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf > DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf > > PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BaseP > eCoffGetEntryPointLib.inf > ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-07-03 15:28 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-06-24 15:53 [PATCH v2] OvmfPkg: Use DxeRuntimeCapsuleLib from DxeCapsuleLibFmp in X64 builds Tomas Pilar (tpilar) 2019-06-24 21:28 ` Laszlo Ersek 2019-07-03 11:31 ` [edk2-devel] " Tomas Pilar (tpilar) 2019-07-03 14:45 ` Laszlo Ersek 2019-07-03 15:28 ` Tomas Pilar (tpilar) 2019-06-25 14:52 ` Philippe Mathieu-Daudé 2019-06-25 15:14 ` Tomas Pilar (tpilar)
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox