From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (EUR04-DB3-obe.outbound.protection.outlook.com [40.107.6.59]) by mx.groups.io with SMTP id smtpd.web10.449.1592413615683033356 for ; Wed, 17 Jun 2020 10:06:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=v2PwGxlO; spf=pass (domain: arm.com, ip: 40.107.6.59, mailfrom: samer.el-haj-mahmoud@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQ0GB7cBmu/BfYLMSC8N91nnTRSrhMc28fg/Ii5QNX0=; b=v2PwGxlOaMFYXPn2g+35TMg0jOzj8kGZyu2vnEu0CjXbKLiiy3ZjgpHNtgFYPJbF/JzwDNFMXWyQ28T4Cl4bItw8R0r3LsKd5ss7d87plUnXVCb/iMvCr7klqgMIKwJUrP43sqLkWr/1SIJThEIeTrCtXNFZbtXGcjQYxlBp4eM= Received: from AM5PR1001CA0047.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:206:15::24) by AM6PR08MB3271.eurprd08.prod.outlook.com (2603:10a6:209:47::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Wed, 17 Jun 2020 17:06:47 +0000 Received: from VE1EUR03FT051.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:15:cafe::23) by AM5PR1001CA0047.outlook.office365.com (2603:10a6:206:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.21 via Frontend Transport; Wed, 17 Jun 2020 17:06:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT051.mail.protection.outlook.com (10.152.19.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Wed, 17 Jun 2020 17:06:46 +0000 Received: ("Tessian outbound 866352848bb9:v59"); Wed, 17 Jun 2020 17:06:46 +0000 X-CR-MTA-TID: 64aa7808 Received: from d5cc03974b92.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id DF4D9DDD-6A13-47CF-8A81-33519288950A.1; Wed, 17 Jun 2020 17:06:41 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d5cc03974b92.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 17 Jun 2020 17:06:41 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hSQMsEM79tbFwj+20i3oQZa8tEbHXZPt9D7w4cMxogSuDzMnINHf+IubrLmbJ3ZuJF1aFGly8cufYLW3nK2wpC6ncBQn1zzNbcqahrwxHd6OLl3vdzVZX6D02jvRYDunX1qSqENamXSEKziU5DS+vX9rxP5m8MuG9lW2MHtz4r9N2QEulA14UXw0S3wxYZYBlrtJFvkl9cBxY4uj9Dy+zPr8DUMMSGCowyBDuz408iI3Ewd6Vx5MpG2Ry1KqRMwjetirdyH8qaFVMAQybYLhI0GReUL88rS7gy2FaJmnf65vgOOKLbhE3W1cB8HgYaRRhFeODxBJVvaFr+CjJQDPzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQ0GB7cBmu/BfYLMSC8N91nnTRSrhMc28fg/Ii5QNX0=; b=licE54gXjDGnIRoVrw4byeVLIKFpM88AdO+rul+VcBzWssP3ADkdfdz06LtjNJILxJOgZMenTuslcPVbnvDblaRCYRxJFjkyz7vUkYd9cLaUxMeZJzMc1azmTImnyJN/Z95iCATIFmOZupa9S2SkweNj6XgeLYA0eKop6jNwwTxgOpAIhuq9BW4EfVQP/2C+WpvmwQaRw8dpwo3VWx6ktvCDFeC3WIA4dnQCTILf0n1t/tZPwh2vhXgdxfOc3IMEKVgs6hHZyGYIUHTYvtcBuPogdLUUUMAPcrJQsQjslX8UA/o6EfocDDEJjv46Z6EthfNeYmLNrS8MBvEl2adRjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQ0GB7cBmu/BfYLMSC8N91nnTRSrhMc28fg/Ii5QNX0=; b=v2PwGxlOaMFYXPn2g+35TMg0jOzj8kGZyu2vnEu0CjXbKLiiy3ZjgpHNtgFYPJbF/JzwDNFMXWyQ28T4Cl4bItw8R0r3LsKd5ss7d87plUnXVCb/iMvCr7klqgMIKwJUrP43sqLkWr/1SIJThEIeTrCtXNFZbtXGcjQYxlBp4eM= Received: from DB7PR08MB3260.eurprd08.prod.outlook.com (2603:10a6:5:21::23) by DB7PR08MB3595.eurprd08.prod.outlook.com (2603:10a6:10:40::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Wed, 17 Jun 2020 17:06:39 +0000 Received: from DB7PR08MB3260.eurprd08.prod.outlook.com ([fe80::88ec:d703:3e32:4c6b]) by DB7PR08MB3260.eurprd08.prod.outlook.com ([fe80::88ec:d703:3e32:4c6b%5]) with mapi id 15.20.3109.021; Wed, 17 Jun 2020 17:06:39 +0000 From: "Samer El-Haj-Mahmoud" To: "devel@edk2.groups.io" , Samer El-Haj-Mahmoud , "Andrei Warkentin (awarkentin@vmware.com)" , "Wang, Sunny (HPS SW)" , "pete@akeo.ie" CC: "zhichao.gao@intel.com" , "ray.ni@intel.com" , Ard Biesheuvel , "leif@nuviainc.com" , Samer El-Haj-Mahmoud Subject: Re: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManagerLib: Signal ReadyToBoot on platform recovery Thread-Topic: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManagerLib: Signal ReadyToBoot on platform recovery Thread-Index: AQHWQ8SQFLvwmBvsZES/t57IY1DSLKjcd5EAgAAtnACAACLVAIAAOroAgAAAxYCAAABtYIAABBLA Date: Wed, 17 Jun 2020 17:06:38 +0000 Message-ID: References: <20200616095622.2820-1-pete@akeo.ie> <20200616095622.2820-2-pete@akeo.ie> <99904809-1e07-6bd8-f7ba-25e87b1fe543@akeo.ie> , <161962620CFC252E.28613@groups.io> In-Reply-To: <161962620CFC252E.28613@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 54691a1d-4812-420c-b0e8-5dd469276b03.1 x-checkrecipientchecked: true Authentication-Results-Original: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=arm.com; x-originating-ip: [99.132.126.10] x-ms-publictraffictype: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 66a2332b-6306-48e7-acfa-08d812e0d168 x-ms-traffictypediagnostic: DB7PR08MB3595:|AM6PR08MB3271: x-ld-processed: f34e5979-57d9-4aaa-ad4d-b122a662184d,ExtAddr x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000; x-forefront-prvs: 04371797A5 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: M8GPtwiMBso8/089BnSoC0XRcIl5mffZbKjcX3OhCR9lf6eKzvEmduWqW4MSuebz4pomPMj8tq9scyVtrqmKKc4RLMo+FcGWiYAHNn9MmdS18F42R8EC92QhRqgqM95Z4fBsGegTkPxfoP8iko4RFTIB2T7I4WvrmGllv0xDuOYwKTuwQ3GhJbmVA9QKToQu/b7l9T8iGZPA1xZefkKorNttqou1WAqsAy2Xmz7KZP0Z1o2O09sM77njiesKan2+owwUA7M+VuhjqU1hT3k9XryXuRmNYtxZVwcJS9mKEbuSPnUhUxyp1RR474wt/3fIC902tuDOFDKQrJyhVIhZyxz23U/yn2GS+AQl9MevRARhEMB8+k3ptEUdU8l18M67bIJFIFIJBUzTinReszCi5A== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB7PR08MB3260.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(6029001)(4636009)(396003)(346002)(136003)(366004)(376002)(39860400002)(52536014)(83380400001)(53546011)(71200400001)(45080400002)(478600001)(8676002)(6506007)(86362001)(8936002)(30864003)(26005)(966005)(2906002)(316002)(9686003)(54906003)(66946007)(64756008)(66476007)(66556008)(76116006)(66446008)(33656002)(186003)(7696005)(55016002)(4326008)(110136005)(5660300002)(579004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: +Bzm69ne+lYJPxkwP651Yf/qb3P5fJOycu9cu+k7jgAK7nKsVIJV8/YJ38iovMVbAb5+azA5yCn4OcV/AX0ONnE9WmWmFeouCGLTlpqcnuf1WRC1DCWA67j7GLTstvY+4OrNrtT50d1h+bs3wqUOln+Z50yQNMfLxw07j90xoFcf+2PNntUK1OyyrzYAQcVG0WRD+kb84X3ifs3xzxhN1vCXSUx6DNpmpW0yI1to/Ak5qwuA8J3ZNDNU/wf7bsMFUA4d2H18avvxAURe+3eOC1rDTzI/zRuDdmOiw/yGKWb02aqEmFIpVtU2sM+lxEYFNYn6atBHIqG8rbRr/U9HgI77bSQ7JktE01QUfptzNWZq9y1SW+bfj/1F0gPDYQp1tJSnL3032BFUQgKnEVNYgJj/6hquNujgO4JskFB7PPqPoHEp4HmF9Dmt/pGbuNU4h9WcR6L5WvyUq1ZvliT7EbT1aAs8TPpJ5oqrxyntCymHGRgMgm8GCnd7DfxKDYx/ MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3595 Original-Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=arm.com; Return-Path: Samer.El-Haj-Mahmoud@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT051.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFTY:;SFS:(6029001)(4636009)(396003)(39860400002)(376002)(136003)(346002)(46966005)(33656002)(8936002)(7696005)(30864003)(8676002)(54906003)(966005)(110136005)(45080400002)(83380400001)(478600001)(4326008)(86362001)(55016002)(36906005)(2906002)(316002)(26005)(186003)(52536014)(5660300002)(47076004)(336012)(6506007)(70206006)(53546011)(70586007)(356005)(82740400003)(9686003)(82310400002)(81166007);DIR:OUT;SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: e036222a-8f4c-4e11-2187-08d812e0cce1 X-Forefront-PRVS: 04371797A5 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ksvmzn+6iOX87gJLsPR6xtihe3jpGK9GkHmnD0R9w9Ufwl5VNOJ5l1wykOk+hPeqiRnasKajVx/tbR8BidYXyz9dJoZtv97M0HkBGoKXCC+E08VLun8IB8K3pCMQAvGl45w0Ccb0/THykKW4QDV7eEW25GYhWCpBEYvuY8HHImZMats6WG7aF16d8ZBjAmkr2DEZ9IFUu2QeQ0CrzkdpPWNUUcpYJ4KIfi3o5ui2qe8nEPO3FxObn5yTYPmRw2t/tw/ibppMUsGdyyxtzi6zVwc0GIsZMMsn6xwYjP7pl81rTzZ5oeN0/AWQ+brcfo362OGY4sAusVmwx4cI0k9X9dDyllamGz6zIFvq+fGcuMvGY+1JVThaZgl88ds5jHP+AbzUMPv0j88HvxM6dMtAu2RIO6H2kaHc/EzhO+6gRHRm5JSr0IQBMcUCs9WcrA6x6yrLu+GSmIf5o5Wbad6RCnaiSJHAI3sehpo0JvCleH4= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2020 17:06:46.6668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 66a2332b-6306-48e7-acfa-08d812e0d168 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3271 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I worked with Pete offline on this.. This code seems to be violating the UEFI Spec: https://github.com/tianocore/edk2/blob/a56af23f066e2816c67b7c6e64de7ddefcd= 70780/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c#L1763 // // 3. Signal the EVT_SIGNAL_READY_TO_BOOT event when we are about to loa= d and execute // the boot option. // if (BmIsBootManagerMenuFilePath (BootOption->FilePath)) { DEBUG ((EFI_D_INFO, "[Bds] Booting Boot Manager Menu.\n")); BmStopHotkeyService (NULL, NULL); } else { EfiSignalEventReadyToBoot(); // // Report Status Code to indicate ReadyToBoot was signalled // REPORT_STATUS_CODE (EFI_PROGRESS_CODE, (EFI_SOFTWARE_DXE_BS_DRIVER | E= FI_SW_DXE_BS_PC_READY_TO_BOOT_EVENT)); // // 4. Repair system through DriverHealth protocol // BmRepairAllControllers (0); } The UEFI Spec section 3.1.7 clearly states that Boot Options (and their Fi= lePathList) *shall not* be evaluated prior to the completion of EFI_EVENT_G= ROUP_READY_TO_BOOT event group processing: "After all SysPrep#### variables have been launched and exited, the platfo= rm shall notify EFI_EVENT_GROUP_READY_TO_BOOT event group and begin to eval= uate Boot#### variables with Attributes set to LOAD_OPTION_CATEGORY_BOOT ac= cording to the order defined by BootOrder. The FilePathList of variables ma= rked LOAD_OPTION_CATEGORY_BOOT shall not be evaluated prior to the completi= on of EFI_EVENT_GROUP_READY_TO_BOOT event group processing." This is a prescriptive language that is stronger than the language in sect= ion 7.1 which defines the ReadyToBoot event group in a general way: "EFI_EVENT_GROUP_RESET_SYSTEM This event group is notified by the system when ResetSystem() is invoked a= nd the system is about to be reset. The event group is only notified prior = to ExitBootServices() invocation." The EDK2 code in the else block above (to call EfiSignalEventReadyToBoot()= ) need to move before the code that is processing BootOption->FilePath. In= fact, why is this signaling even a BootManager task? It should be a higher= level BDS task (after processing SysPrp and before processing Boot options= , per the spec). This would be somewhere around https://github.com/tianocor= e/edk2/blob/b15646484eaffcf7cc464fdea0214498f26addc2/MdeModulePkg/Universal= /BdsDxe/BdsEntry.c#L1007 where SysPrep is processed. This should also take care of the issue Pete reported in this thread, with= out the need for explicitly signaling ReadyToBoot from PlatformRecovery (or= changing the UEFI spec). Thanks, --Samer From: devel@edk2.groups.io On Behalf Of Samer El-Ha= j-Mahmoud via groups.io Sent: Wednesday, June 17, 2020 12:42 PM To: devel@edk2.groups.io; Andrei Warkentin (awarkentin@vmware.com) ; Wang, Sunny (HPS SW) ; pete@akeo.ie Cc: zhichao.gao@intel.com; ray.ni@intel.com; Ard Biesheuvel ; leif@nuviainc.com; Samer El-Haj-Mahmoud Subject: Re: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManagerLi= b: Signal ReadyToBoot on platform recovery The UEFI spec (3.1.7) says: "After all SysPrep#### variables have been launched and exited, the platfo= rm shall notify EFI_EVENT_GROUP_READY_TO_BOOT event group and begin to eval= uate Boot#### variables with Attributes set to LOAD_OPTION_CATEGORY_BOOT ac= cording to the order defined by BootOrder. The FilePathList of variables ma= rked LOAD_OPTION_CATEGORY_BOOT shall not be evaluated prior to the completi= on of EFI_EVENT_GROUP_READY_TO_BOOT event group processing." The way I read this, I expect ReadyToBoot to be signaled after SysPrep####= (if any) are processed, but before Boot#### are processed. Is my understan= ding correct that this language implies ReadyToBoot need to be signaled eve= n if BootOrder does not contain any Boot#### options marked as LOAD_OPTION_= CATEGORY_BOOT? And if so, is EDK2 not doing this, which leads us to this pa= tch (signaling it in PlatformRecovery?) From: mailto:devel@edk2.groups.io On Behalf = Of Andrei Warkentin via groups.io Sent: Wednesday, June 17, 2020 12:37 PM To: Wang, Sunny (HPS SW) ; mailto:devel@edk2.gro= ups.io; mailto:pete@akeo.ie Cc: mailto:zhichao.gao@intel.com; mailto:ray.ni@intel.com; Ard Biesheuvel = ; mailto:leif@nuviainc.com Subject: Re: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManagerLi= b: Signal ReadyToBoot on platform recovery Thanks Pete. I think the question I have, that I hope Tiano veterans can chime in, is w= hether we are doing the right thing, or if we should be overriding the boot= mode? I.e. is it normal that we boot up in recovery until options are save= d? A ________________________________________ From: mailto:devel@edk2.groups.io on behalf = of Pete Batard via groups.io Sent: Wednesday, June 17, 2020 11:34 AM To: Wang, Sunny (HPS SW) ; mailto:devel@edk2.gro= ups.io Cc: mailto:zhichao.gao@intel.com ; mailto:ra= y.ni@intel.com ; mailto:ard.biesheuvel@arm.com ; mailto:leif@nuviainc.com Subject: Re: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManagerLi= b: Signal ReadyToBoot on platform recovery On 2020.06.17 14:04, Wang, Sunny (HPS SW) wrote: > Thanks for checking my comments, Pete. > >> Or is the "one more" the issue, meaning that it would get signaled more= than once? > [Sunny] Yeah, it would get signaled more than once if the PlatformRecove= ry option (a UEFI application) calls EfiBootManagerBoot() to launch the rec= overed boot option inside of the application. Okay. One element that I'm going to point out is that, with the current EDK2 code (i.e. without this proposal applied), and after a user goes into the setup to save their boot options in order for regular boot options to get executed instead of PlaformRecovery, the OnReadyToBoot event is actually called twice. So my understanding is that, while we of course want to avoid this and any patch proposal should actively try to prevent it, it seems we already have behaviour in EDK2 that can lead to OnReadyToBoot being signalled more than once. At least the current Pi 4 platform does demonstrate this behaviour. For instance, if you run DEBUG, you will see two instances of: RemoveDtStdoutPath: could not retrieve DT blob - Not Found which is a one-instance message generated from the ConsolePrefDxe's OnReadyToBoot() call. I've also confirmed more specifically that OnReadyToBoot() is indeed called twice. I don't recall us doing much of any special with regards to boot options for the Pi platform, so my guess is that it's probably not the only platform where OnReadyToBoot might be signalled more than once, and that this might be tied to a default EDK2 behaviour. Therefore I don't see having a repeated event as a major deal breaker (though, again, if we can avoid that, we of course will want to). >> I don't mind trying an alternative approach, but I don't understand how= what you describe would help. Can you please be more specific about what y= ou have in mind? > [Sunny] Sure. I added more information below. If it is still not clear e= nough, feel free to let me know. > 1. Create a UEFI application with the code to signal ReadyToBoot a= nd pick /efi/boot/bootaa64.efi from either SD or USB and run it. So that would basically be adding code that duplicates, in part, what Platform Recovery already does. I have to be honest: Even outside of the extra work this would require, I don't really like the idea of having to write our own application, as it will introduce new possible points of failures and require extra maintenance (especially as we will want to be able to handle network boot and other options, and before long, I fear that we're going to have to write our own Pi specific boot manager). Doing so simply because the current Platform Recovery, which does suit our needs otherwise, is not designed to call ReadyToBoot does not seem like the best course of action in my book. Instead, I still logically believe that any option that calls a boot loader should signal ReadyToBoot, regardless of whether it was launched from Boot Manager or Platform Recovery, and that it shouldn't be left to each platform to work around that. Of course, I understand that this would require a specs change, and that it also may have ramifications for existing platforms that interpret the current specs pedantically. But to me, regardless of what the specs appear to be limiting it to right now, the logic of a "ReadyToBoot" event is that it should be signalled whenever a bootloader is about to be executed, rather than only when a bootloader happened to be launched through a formal Boot Manager option. I would therefore appreciate if other people could weigh in on this matter, to see if I'm the only one who believes that we could ultimately have more to gain from signalling ReadyToBoot with PlatformRecovery options than leaving things as they stand right now... > 2. Then, call EfiBootManagerInitializeLoadOption like the followin= g in a DXE driver or other places before "Default PlatformRecovery" registr= ation: > Status =3D EfiBootManagerInitializeLoadOption ( > &LoadOption, > 0, = -> 0 is the OptionNumber to let application be load be= fore " Default PlatformRecovery" option > LoadOptionTypePlatformRecovery, > LOAD_OPTION_ACTIVE, > L"Application for recovering boot options", > FilePath, = -> FilePath is the Application's device path, > NULL, > 0 > ); > > >> My reasoning is that, if PlatformRecovery#### can execute a regular boo= tloader like /efi/boot/boot####.efi from installation media, then it should= go through the same kind of initialization that happens for a regular boot= option, and that should include signaling the ReadyToBoot event. > [Sunny] Thanks for clarifying this, and Sorry about that I missed your c= over letter for this patch. I was just thinking that we may not really nee= d to make this behavior change in both EDK II code and UEFI specification f= or solving the problem specific to the case that OS is loaded by "Default P= latformRecovery" option, The way I see it is that the Pi platform is unlikely to be the only one where PlatformRecovery is seen as a means to install an OS. Granted, this may seem like abusing the option, but since UEFI doesn't provide an "Initial OS Install" mode, I would assert that it as good a use of this option as any. In other words, I don't think this improvement would only benefit the Pi platform. > and I'm also not sure if it is worth making this change to affect some o= f the system or BIOS vendors who have implemented their PlatformRecovery op= tion. That's a legitimate concern, and I would agree the one major potential pitfall of this proposal, if there happens to exist a system where an OnReadyToBoot even before running the recovery option can have adverse effects. I don't really believe that such a system exists, because I expect most recovery boot loaders to also work (or at least have been designed to work) as regular boot options. But I don't have enough experience with platform recovery to know if that's a correct assertion to make... > If the alternative approach I mentioned works for you, I think that woul= d be an easier solution. Right now, even as the patch proposal has multiple issues that require it to be amended (Don't signal ReadyToBoot except for PlatformRecovery + Prevent situations where ReadyToBoot could be signalled multiple times) I still see it as both an easier solution than the alternative, as well as one that *should* benefit people who design Platform Recovery UEFI applications in the long run. So that is why I am still trying to advocate for it. But I very much hear your concerns, and I agree that specs changes are better avoided when possible. Thus, at this stage, even as I don't want to drag this discussion much further, I don't feel like I want to commit to one solution or the other before we have had a chance to hear other people, who may have their own opinion on the matter, express their views. Regards, /Pete > > Regards, > Sunny Wang > > -----Original Message----- > From: Pete Batard [mailto:pete@akeo.ie] > Sent: Wednesday, June 17, 2020 6:59 PM > To: Wang, Sunny (HPS SW) ; mailto:devel@edk2.g= roups.io > Cc: mailto:zhichao.gao@intel.com; mailto:ray.ni@intel.com; mailto:ard.bi= esheuvel@arm.com; mailto:leif@nuviainc.com > Subject: Re: [edk2-devel] [edk2][PATCH 1/1] MdeModulePkg/UefiBootManager= Lib: Signal ReadyToBoot on platform recovery > > Hi Sunny, thanks for looking into this. > > On 2020.06.17 09:16, Wang, Sunny (HPS SW) wrote: >> Hi Pete. >> >> Since the EfiBootManagerProcessLoadOption is called by ProcessLoadOptio= ns as well, your change would also cause some unexpected behavior like: >> 1. Signal one more ReadyToBoot for the PlatformRecovery option which is= an application that calls EfiBootManagerBoot() to launch its recovered boo= t option. > > I'm not sure I understand how this part is unwanted. > > The point of this patch is to ensure that ReadyToBoot is signalled for t= he PlatformRecovery option, so isn't what you describe above exactly what w= e want? > > Or is the "one more" the issue, meaning that it would get signalled more= than once? > > >> 2. Signal ReadyToBoot for SysPrep#### or Driver#### that is not really = a "boot" option. > > Yes, I've been wondering about that, because BdsEntry.c's ProcessLoadOpt= ions(), which calls EfiBootManagerProcessLoadOption(), > mentions that it will load will load and start every Driver####, SysPrep= #### or PlatformRecovery####. But the comment about the while() loop in Efi= BootManagerProcessLoadOption() only mentions PlatformRecovery####. > > If needed, I guess we could amend the patch to detect the type of option= and only signal ReadyToBoot for PlatformRecovery####. > >> To solve your problem, creating a PlatformRecovery option with the smal= lest option number and using it instead of default one (with short-form Fil= e Path Media Device Path) looks like a simpler solution. > > I don't mind trying an alternative approach, but I don't understand how = what you describe would help. Can you please be more specific about what yo= u have in mind? > > Our main issue here is that we must have ReadyToBoot signalled so that t= he ReadyToBoot() function callback from EmbeddedPkg/Drivers/ConsolePrefDxe = gets executed in order for the boot loader invoked from PlatformRecovery###= # to use a properly initialized graphical console. So I'm not sure I quite= get how switching from one PlatformRecovery#### option to another would im= prove things. > > If it helps, here is what we currently default to, in terms of boot opti= ons, on a Raspberry Pi 4 platform with a newly build firmware: > > [Bds]=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DBegin Load Options Dumping .= ..=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > Driver Options: > SysPrep Options: > Boot Options: > Boot0000: UiApp 0x0109 > Boot0001: UEFI Shell 0x0000 > PlatformRecovery Options: > PlatformRecovery0000: Default PlatformRecovery 0x000= 1 > [Bds]=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3DEnd Load Options Dumping=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > With this, PlatformRecovery0000 gets executed by default, which is what = we want, since it will pick /efi/boot/bootaa64.efi from either SD or USB an= d run it, the only issue being that, because ReadyToBoot has not been execu= ted, the graphical console is not operative so users can't interact with th= e OS installer. > > So I'm really not sure how adding an extra PlatformRecovery#### would he= lp. And I'm also not too familiar with how one would go around to add such = an entry... > >> By the way, I also checked the UEFI specification. It looks making sens= e to only signal ReadyToBoot for boot option (Boot####). > > That's something I considered too, but I disagree with this conclusion. > > My reasoning is that, if PlatformRecovery#### can execute a regular boot= loader like /efi/boot/boot####.efi from installation media, then it should = go through the same kind of initialization that happens for a regular boot = option, and that should include signalling the ReadyToBoot event. > > If there was a special bootloader for PlatformRecovery#### (e.g. > /efi/boot/recovery####.efi) then I would agree with only signalling Read= yToBoot for a formal Boot#### option. But that isn't the case, so I think i= t is reasonable to want to have ReadyToBoot also occur when a /efi/boot/boo= t####.efi bootloader is executed from PlatformRecovery####., especially whe= n we know it can be crucial to ensuring that the end user can actually use = the graphical console. > >> Therefore, your change may also require specification change. > > Yes, I mentioned that in the cover letter for this patch (https://nam04.= safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2F= devel%2Fmessage%2F61327&data=3D02%7C01%7Cawarkentin%40vmware.com%7C5f90= d077bc7949c1122f08d812dc48d3%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C6= 37280084611749324&sdata=3D2%2B%2FcvMkrmZGTRRLDGSuMsKbiyDOGtwYwZ7qSqMyMi= cc%3D&reserved=3D0 ), which also describes the issue we are trying to s= olve in greater details. This is what I wrote: > > ------------------------------------------------------------------------ > Note however that this may require a specs update, as the current UEFI s= pecs for EFI_BOOT_SERVICES.CreateEventEx() have: > > > EFI_EVENT_GROUP_READY_TO_BOOT > > This event group is notified by the system when the Boot Manager > > is about to load and execute a boot option. > > and, once this patch has been applied, we may want to update this sectio= n to mention that it applies to both Boot Manager and Platform Recovery. > ------------------------------------------------------------------------ > > > Again, I don't have an issue with trying to use an alternate approach to= solve our problem (though I ultimately believe that, if PlatformRecovery##= ## can launch a /efi/boot/boot####.efi bootloader then we must update the s= pecs and the code to have ReadyToBoot also signalled then, because that's t= he logical thing to do). But right now, I'm not seeing how to achieve that = when PlatformRecovery#### is the option that is used to launch the OS insta= llation the bootloader. So if you can provide mode details on how exactly y= ou think creating an alternate PlatformRecovery option would help, I would = appreciate it. > > Regards, > > /Pete > >> >> Regards, >> Sunny Wang >> >> -----Original Message----- >> From: mailto:devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Beha= lf Of >> Pete Batard >> Sent: Tuesday, June 16, 2020 5:56 PM >> To: mailto:devel@edk2.groups.io >> Cc: mailto:zhichao.gao@intel.com; mailto:ray.ni@intel.com; mailto:ard.b= iesheuvel@arm.com; >> mailto:leif@nuviainc.com >> Subject: [edk2-devel] [edk2][PATCH 1/1] >> MdeModulePkg/UefiBootManagerLib: Signal ReadyToBoot on platform >> recovery >> >> Currently, the ReadyToBoot event is only signaled when a formal Boot Ma= nager option is executed (in BmBoot.c -> EfiBootManagerBoot ()). >> >> However, with the introduction of Platform Recovery in UEFI 2.5, which = may lead to the execution of a boot loader that has similar requirements to= a regular one, yet is not launched as a Boot Manager option, it also becom= es necessary to signal ReadyToBoot when a Platform Recovery boot loader run= s. >> >> Especially, this can be critical to ensuring that the graphical console= is actually usable during platform recovery, as some platforms do rely on = the ConsolePrefDxe driver, which only performs console initialization after= ReadyToBoot is triggered. >> >> This patch fixes that behaviour by calling EfiSignalEventReadyToBoot ()= in EfiBootManagerProcessLoadOption (), which is the function that sets up = the platform recovery boot process. >> >> Signed-off-by: Pete Batard >> --- >> MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c | 9 +++++++++ >> 1 file changed, 9 insertions(+) >> >> diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c >> b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c >> index 89372b3b97b8..117f1f5b124c 100644 >> --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c >> +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c >> @@ -1376,6 +1376,15 @@ EfiBootManagerProcessLoadOption ( >> return EFI_SUCCESS; >> } >> >> + // >> + // Signal the EVT_SIGNAL_READY_TO_BOOT event when we are about to lo= ad and execute the boot option. >> + // >> + EfiSignalEventReadyToBoot (); >> + // >> + // Report Status Code to indicate ReadyToBoot was signalled // >> + REPORT_STATUS_CODE (EFI_PROGRESS_CODE, (EFI_SOFTWARE_DXE_BS_DRIVER | >> + EFI_SW_DXE_BS_PC_READY_TO_BOOT_EVENT)); >> + >> // >> // Load and start the load option. >> // >> -- >> 2.21.0.windows.1 >> >> >> >> > IMPORTANT NOTICE: The contents of this email and any attachments are confi= dential and may also be privileged. If you are not the intended recipient, = please notify the sender immediately and do not disclose the contents to an= y other person, use it for any purpose, or store or copy the information in= any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confi= dential and may also be privileged. If you are not the intended recipient, = please notify the sender immediately and do not disclose the contents to an= y other person, use it for any purpose, or store or copy the information in= any medium. Thank you.