Hi guys,
On Tue, Aug 01, 2023 at 11:00:57AM -0400, Tom Rini wrote:
> > > > > > > > ...
> > > > > > > > Changelog:
> > > > > > > > ===============
> > > > > > > >
> > > > > > > > v17:
> > > > > > > >
> > > > > > > > * show a debug message rather than an error when FF-A is not
> > > > > > > > detected
> > > > > > > [snip]
> > > > > > > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> > > > > > > > index c5835e6ef6..8fbadb9201 100644
> > > > > > > > --- a/lib/efi_loader/Kconfig
> > > > > > > > +++ b/lib/efi_loader/Kconfig
> > > > > > > > @@ -55,13 +55,53 @@ config EFI_VARIABLE_FILE_STORE
> > > > > > > > stored as file /ubootefi.var on the EFI system
> > > > > > > > partition.
> > > > > > > >
> > > > > > > > config EFI_MM_COMM_TEE
> > > > > > > > - bool "UEFI variables storage service via OP-TEE"
> > > > > > > > - depends on OPTEE
> > > > > > > > + bool "UEFI variables storage service via the trusted
> > > > > > > > world"
> > > > > > > > + depends on OPTEE && ARM_FFA_TRANSPORT
> > > > > > >
> > > > > > > You didn't get my changes in here however. If you can do
> > > > > > > EFI_MM_COMM_TEE
> > > > > > > without ARM_FFA_TRANSPORT (as lx2160ardb_tfa_stmm_defconfig does)
> > > > > > > then
> > > > > > > you don't make this option depend on . If FF-A is only
> > > > > > > for use here, you make FF-A depend on this, and the FF-A specific
> > > > > > > variable depend on ARM_FFA_TRANSPORT.
> > > > > >
> > > > > > Abdellatif hinted at what's going on here. When I added this
> > > > > > Kconfig
> > > > > > option to lx2160 FF-A wasn't implemented yet.
> > > > >
> > > > > The defconfig has existed since May 2020, which is when you added
> > > > > EFI_MM_COMM_TEE itself too. So I think it's that no one did the
> > > > > check I
> > > > > did until now and saw this series was disabling what was on the other
> > > > > platform.
> > > > >
> > > > > > Since FF-A isn't a new
> > > > > > communication mechanism but builds upon the existing SMCs to build
> > > > > > an
> > > > > > easier API, I asked Abdellatif to hide this complexity.
> > > > > > We had two options, either make Kconfig options for either FF-A or
> > > > > > the
> > > > > > traditional SMCs and remove the dependencies, or piggyback on FF-As
> > > > > > discovery mechanism and make the choice at runtime. The latter has
> > > > > > a
> > > > > > small impact on code size, but imho makes developers' life a lot
> > > > > > easier.
> > > > >
> > > > > I'm not sure how much you can do a run-time option here since you're
> > > > > setting a bunch of default values for FF-A to 0 in Kconfig. If we're
> > > > > supposed to be able to get them at run time, we shouldn't need a
> > > > > Kconfig
> > > > > option at all. I'm also not sure how valid a use case it is where we
> > > > > won't know at build time what the rest of the firmware stack supports
> > > > > here.
> > > > >
> > > >
> > > > That's a fair point. FF-A in theory has APIs to discover memory.
> > > > Abdellatif, why do we need the Kconfigs for shared memory on FF-A?
> > >
> > > The statically carved out MM shared buffer address, size and offset
> > > cannot be discovered by FF-A ABIs.
> > > The MM communication driver in U-Boot could allocate the buffer and share
> > > it with the MM SP but
> > > we do not implement that support currently in either U-Boot or UEFI.
> >
> > Ok, that's a bit unfortunate, but Tom is right. Having the FF-A
> > addresses show up is as confusing as having Kconfig options for
> > discrete options. The whole point of my suggestion was to make users'
> > lives easier. Apologies for the confusion but can you bring back the
> > ifdefs? Looking at the patch this should be minimal just use
> > ifdef ARM_FFA_TRANSPORT and ifndef ARM_FFA_TRANSPORT.
> >
> > Tom you prefer that as well?
>
> Pending an answer to Jens' feedback, yes, going back to #ifdef's is
> fine, especially since default values of 0 are nonsense in this case
> (and as Heinrich's patch re SYS_MALLOC_LEN shows, dangerous since 0 !=
> 0x0 once we do string comparisons).
>
I'd like to give some context why it's important for Corstone-1000 platform
that the DT passed to the kernel matches the official kernel DT.
There is a SystemReady IR 2.0 test checking the DT. It compares the DT
passed by U-Boot with a reference DT (the kernel DT) . The test fails if there
is a mismatch. So, if we add a DT node in U-Boot and the node is not upstreamed
to the kernel DT, the DT test will fail.
To be approved by the kernel DT maintainers, the node should have a use case
in the kernel which is not the case.
There is a solution for this which is deleting the node we don't want to pass to
the kernel using delete-node in the U-Boot DT.
This method is used by many boards in U-Boot.
Example: /delete-node/ mm-comms-buf@02000000;
Corstone-1000 can have a DT overlay that deletes the node just before running
Linux (in the boot command).
If you are happy with this solution, I can do the following:
1/ create a reserved-memory memory node for Corstone-1000,
adding mm-comms-buf sub-node which defines the buffer address, size and
offset.
With this we can get rid of the configs and the #defines:
FFA_SHARED_MM_BUF_ADDR,
FFA_SHARED_MM_BUF_OFFSET and FFA_SHARED_MM_BUF_SIZE.
Also, we will avoid setting 0 as default values for the address, size and
offset.
2/ the FF-A specific code in efi_variable_tee.c will try to find the
mm-comms-buf
reserved memory node. When found, it reads the buffer address, size and offset.
3/ adding #ifdef CONFIG_ARM_FFA_TRANSPORT in lib/efi_loader/efi_variable_tee.c
for the FF-A specific code.
4/ make EFI_MM_COMM_TEE depends on OPTEE only
What do you think guys ?
Kind regards
Abdellatif
