From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.16218.1638559897138879720 for ; Fri, 03 Dec 2021 11:31:37 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jeremy.linton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CD4891396; Fri, 3 Dec 2021 11:31:35 -0800 (PST) Received: from [192.168.122.166] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 78A4D3F5A1; Fri, 3 Dec 2021 11:31:35 -0800 (PST) Message-ID: <4a449f10-8c23-e8c8-6a94-9a574b0c46a9@arm.com> Date: Fri, 3 Dec 2021 13:31:34 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [edk2-devel] [PATCH 0/9] Platform/RaspberryPi: Utilize SPI flash for EFI variables To: Ard Biesheuvel Cc: edk2-devel-groups-io , Peter Batard , Ard Biesheuvel , Leif Lindholm , Andrei Warkentin , Sunny Wang , Samer El-Haj-Mahmoud , =?UTF-8?B?TWFyaW8gQsSDbMSDbmljxIM=?= References: <20211202165206.79615-1-jeremy.linton@arm.com> <6fbed0f3-3be4-83f6-e042-22ea1ceec7d8@arm.com> From: "Jeremy Linton" In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, On 12/3/21 12:12, Ard Biesheuvel wrote: > On Thu, 2 Dec 2021 at 18:55, Jeremy Linton wrote: >> >> Hi, >> >> >> On 12/2/21 11:09, Ard Biesheuvel wrote: >>> On Thu, 2 Dec 2021 at 18:03, Ard Biesheuvel wrote: >>>> >>>> On Thu, 2 Dec 2021 at 17:52, Jeremy Linton wrote: >>>>> >>>>> The RPi4 has a SPI flash with unused capacity. This set detects if >>>>> that capacity is sufficient for a UEFI variable store and utilizes >>>>> it as such. This fixes a long list of problems, and along the way likely >>>>> also fixes a random boot failure caused by the FaultTolerantWriteDxe >>>>> garbage collecting, and erasing the flash volume header which is being >>>>> used to return information about the underlying variable storage capacity. >>>>> >>>>> This set was dependent on an earlier, mostly ignored set of changes to >>>>> move the GPIO/etc devices into their own SSDT and disable them. Because >>>>> of that, the two sets have been merged. >>>>> >>>>> Why is that? Because the SPI flash is mux'ed with the PWM used to play >>>>> audio out the 3.5mm audio jack on this device. This causes a long list >>>>> of problems we must try and avoid, starting with the fact that the pins >>>>> need to be controlled by the uefi runtime service. The other problem is >>>>> obviously that any time a variable is updated, if the user is utilizing >>>>> the 3.5mm audio they will hear clicks and pops. Turns out that behavior >>>>> isn't unique to this patch set because the low level boot/etc exhibits this >>>>> when running in a TFA+uboot/edk2 environment. A fairly small tweak to TFA >>>>> fixes the majority of this, and the remaining runtime problems caused >>>>> by this patch actually are very slight and generally not noticeable unless >>>>> one goes looking for them. OTOH, we revert to the earlier non persisted >>>>> variable store if the firmware is running in a DT only mode, or the >>>>> user enables the ACPI GPIO block. >>>>> >>>>> >>>>> Jeremy Linton (9): >>>>> Platform/RaspberryPi: Cleanup menu visibility >>>>> Platform/RaspberryPi: Give the user control over the XHCI mailbox >>>>> Platform/RaspberryPi: Move GPIO/SPI/I2C to SSDT >>>>> Platform/RaspberryPi: Add menu item to enable/disable GPIO >>>>> Platform/RaspberryPi: Add constants for controlling SPI >>>>> Platform/RaspberryPi: Add mailbox cmd to control audio amp >>>>> Platform/RaspberryPi: Add SPI/GPIO to memory map >>>>> Platform/RaspberryPi: Allow pin function selection at runtime >>>>> Platform/RaspberryPi: Add SPI flash variable store. >>>>> >>>> >>>> Very nice! >>>> >>>> I am having trouble applying these patches, though. Could you please >>>> resend without the random whitespace changes? >>> >>> It appears only 2/9 is affected, the remaining ones apply cleanly, >>> with the exception of 9/9, which seems to be missing entirely. Could >>> you please resend that one as well? >>> >> >> Hi, >> >> So, 2/2 was probably me too, I resent it as well with the same subject >> but of course the email thread id isn't right. > > Thanks > > I gave this a spin, and Boot#### variables created by the Debian > installer persisted as expected, so > > Tested-by: Ard Biesheuvel > > Before I merge this, though, could you elaborate on how playing with > the SPI flash like this is not going to brick my RPi4? Also, others, > please chime in as well. > First though, in the constant tweaking of patches, I noticed that 6/9 "Add mailbox command to control audio amp" should probably have the LDO state DEBUG_ERROR's removed/reduced (I just removed them). NBD either way I guess. So, back to how you won't permanently brick your rpi. Bricking it seems a lot harder than random SPI corruption, which I managed to achieve a few times while developing this set. More than once I corrupted it sufficiently to keep the low level bootloader from running. In those cases the rpi foundation's https://www.raspberrypi.com/news/raspberry-pi-imager-imaging-utility/ imaging tool has an option "Bootloader EEPOM configuration", which creates an SD image that the SoC will prefer to boot from over the SPI flash. That utility erases the entire flash and writes the latest bootloader image to it. The whole process takes a few seconds if one keeps the recovery disk handy. So, I think we are good if someone decides to run that utility to upgrade their "EEPROM", or we have bugs that corrupt it. My larger worry is that we create upgrade problems with the EFI firmware itself, but I don't see any evidence of that happening yet, we just need to be careful about how we initialize new variables to avoid a situation where the user has to use that utility to reset the EFI variable portion of the flash. The other issue is that the rpi foundation hasn't made any guarantees that this space will remain available in the future, which this code should deal with as is, by reverting to the previous behavior. If/when they do that we can trim some of their fat, or ask them politely to create a reduced feature version for us (say by removing nvme boot/etc), or simply keep using the older versions until we find legitimate problems with them.