From: Laszlo Ersek <lersek@redhat.com>
To: Samah Mansour <samah.mansour1@gmail.com>, edk2-devel@lists.01.org
Subject: Re: SPI Flash Corruption
Date: Thu, 20 Sep 2018 15:48:46 +0200 [thread overview]
Message-ID: <ed5cc02b-574f-7554-5a02-e9267b890fbd@redhat.com> (raw)
In-Reply-To: <CANzcc-fPmC03xw+p-8_m49pUS29-eL-8OuESJa39+dWfkoJ2GA@mail.gmail.com>
On 09/19/18 16:26, Samah Mansour wrote:
> Hello,
>
>
> Our product uses a Baytrail with Minnowboard Max bios firmware ( version
> 0.93). Every now and then we see SPI flash corruption due to power cuts
> while the unit is booting which causes the unit not to boot anymore. After
> investigation we noticed that the VPD area is all FFs (address
> 44000->47DFF0).
>
>
> We have noticed that the Bios while booting writes to the flash from
> several places in the code, which is if interrupted most probably is
> causing the corruption.
>
>
> Why is the bios writing all these configurations to flash while booting, is
> it to optimize boot time? is it ok if we disable the bios writing to flash
> completely to protect ourselves from corruption?
The firmware is at liberty to write various non-volatile UEFI variables
during boot. Some of those variables are standardized, some others may
be specific to UEFI drivers (with correspondingly private namespace
GUIDs for the variables).
Power loss during flash write (and resultant flash corruption) is
expected. My understanding is that the Fault Tolerant Write protocol /
driver, sitting between the FVB (firmware volume block, i.e. flash)
protocol / driver, and the variable write protocol / driver, implements
a kind of journaling. It is described in the Intel whitepaper
A Tour Beyond BIOS
Implementing UEFI Authenticated Variables in SMM with EDKII
September 2015
My expectation has been that the platform should recover from
interrupted writes. That is, for a single given UEFI variable, you
should either see "before" or "after" status, never "middle". (The
whitepaper says that "Individual variable atomicity" is maintained even
through a failed "reclaim", with the help of FTW.)
If multiple variables should be in sync with each other, that's a
different question. If the variables are not in sync, I think "failure
to boot" may be a reasonable outcome. But, "failure to boot" means a lot
of things, and I hope one should be at least dropped to the setup
utility or the shell. Are you seeing an actual crash?
Laszlo
next prev parent reply other threads:[~2018-09-20 13:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-19 14:26 SPI Flash Corruption Samah Mansour
2018-09-20 13:48 ` Laszlo Ersek [this message]
2018-09-20 15:47 ` Samah Mansour
2018-09-20 23:43 ` Yao, Jiewen
2018-09-21 9:26 ` Wei, David
2018-09-21 16:52 ` Andrew Fish
2018-09-21 17:18 ` Samah Mansour
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ed5cc02b-574f-7554-5a02-e9267b890fbd@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox