audk/PrmPkg/Readme.md

224 lines
13 KiB
Markdown
Raw Normal View History

# **Platform Runtime Mechanism**
Platform Runtime Mechanism (PRM) introduces the capability of moving platform-specific code out of SMM and into a
code module that executes within the OS context. Moving this firmware to the OS context provides better transparency
and mitigates the negative system impact currently accompanied with SMM solutions. Futhermore, the PRM code is
packaged into modules with well-defined entry points, each representing a specific PRM functionality.
The `PrmPkg` maintained in this branch provides a single cohesive set of generic PRM functionality that is intended
to be leveraged by platform firmware with minimal overhead to integrate PRM functionality in the firmware.
## **IMPORTANT NOTE**
> The code provided in this package and branch are for proof-of-concept purposes only. The code does not represent a
formal design and is not validated at product quality. The development of this feature is shared in the edk2-staging
branch to simplify collaboration by allowing direct code contributions and early feedback throughout its development.
## How to Build PrmPkg
As noted earlier, resources in `PrmPkg` are intended to be referenced by a platform firmware so it can adopt support
for PRM. In that case, the platform firmware should add the `PrmConfigDxe` and `PrmLoaderDxe` drivers to its DSC and
FDF files so they are built in the platform firmware build and dispatched during its runtime. All that is left is to
add individual PRM modules to the DSC and FDF. These can be built from source or included as binaries into the platform
firmware flash map.
### PrmPkg Standalone Build
**All changes to `PrmPkg` must not regress the standalone package build**. Any time a change is made to `PrmPkg`, the
package build must be tested. Since this is a forward looking package, to ease potential integration into the edk2
project in the future, the build is tested against the tip of the master branch in the [edk2](https://github.com/tianocore/edk2)
repository.
To build `PrmPkg` as a standalone package:
1. If new to EDK II, follow the directions in [Getting Started with EDK II](https://github.com/tianocore/tianocore.github.io/wiki/Getting-Started-with-EDK-II)
2. Clone the *master* branch on the edk2 repository locally \
``git clone https://github.com/tianocore/edk2.git``
3. Clone the *PlatformRuntimeMechanism* branch on the edk2-staging repository locally \
``git clone -b PlatformRuntimeMechanism --single-branch https://github.com/tianocore/edk2-staging.git``
> __*Note*__: The *--single-branch* argument is recommended since edk2-staging hosts many branches for completely
unrelated features. If you are just interested in PRM, this will avoid fetching all of the other branches.
4. Change to the edk2 workspace directory \
``cd edk2``
5. Run *edksetup* to set local environment variables needed for build
* Windows:
* ``edksetup.bat``
* Linux:
* If you have not already built BaseTools:
* ``make -C BaseTools``
* ``. edksetup.sh``
6. Set the PACKAGES_PATH environment variable to include the directory path that contains `PrmPkg`
* Windows example:
* ``set PACKAGES_PATH=c:\src\edk2-staging``
7. Change to the edk2-staging workspace directory
* Example: ``cd ../edk2-staging``
8. Build PrmPkg \
``build -p PrmPkg/PrmPkg.dsc -a IA32 -a X64``
> __*Note*__: Due to the way PRM modules are compiled with exports, **only building on Visual Studio compiler tool
chains is currently supported**.
### Build Flags
As PRM is a new feature at a proof-of-concept (POC) level of maturity, there's some changes to the normal build
available as build flags. By default, if no flags are specified, the build is done with the currently expected plan of
record (POR) configuration.
The following list are the currently defined build flags (if any) that may be passed to the `build` command
(e.g. -D FLAG=VALUE).
PrmPkg: Add ALLOCATE_CONTEXT_BUFFER_IN_FW build option There's currently two approaches being considered for how to allocate the context buffer passed to PRM handlers: 1. The context buffer is allocated and populated in firmware. As such, the FW converts all pointers internal to the buffer to virtual memory addresses at the virtual address change event. A single context buffer pointer is given to the OS via the PRM ACPI table and the OS converts this single physical address to a virtual address when it passes the context buffer as a pointer to PRM handlers. 2. The context buffer is allocated and populated in the OS. The OS gets all the information needed to populate the context buffer from other pre-existing resources (mainly physical addresses in the PRM ACPI table). The OS converts all the physical addresses to virtual addresses, allocates the context buffer instances, and fills in the information. The OS passes the context buffer virtual address to PRM handlers. The prior behavior was (1). The current POR behavior has moved to (2). Until (2) is used more widely, it can be kept around with fairly minimal overhead via a build flag in a few places. So the default behavior is now (2) (the expected permanent behavior) with (1) easily enabled by defining "ALLOCATE_CONTEXT_BUFFER_IN_FW" in the compiler defined macros. A DSC define was added in PrmPkg.dsc to set this compiler macro in the package build. At some point in the future, all code (and some peripheral code) surrounded with this build flag can be removed if (2) is fully decided upon. Cc: Andrew Fish <afish@apple.com> Cc: Kang Gao <kang.gao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Liu Yun <yun.y.liu@intel.com> Cc: Ankit Sinha <ankit.sinha@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Acked-by: Liming Gao <gaoliming@byosoft.com.cn> Acked-by: Leif Lindholm <quic_llindhol@quicinc.com> Reviewed-by: Ankit Sinha <ankit.sinha@intel.com>
2020-04-14 01:38:19 +02:00
* `ALLOCATE_CONTEXT_BUFFER_IN_FW` - Allocates the context buffer for each PRM handler in the firmware instead of
the operating system (OS).
Additional detail: The context buffer structure is defined in [PrmContextBuffer.h](PrmPkg/Include/PrmContextBuffer.h).
This structure can be instantiated by either firmware with a physical pointer to the buffer placed in the
`PRM_HANDLER_INFORMATION_STRUCT` for each handler wherein the OS would convert that physical pointer and pass it
as a virtual address pointer to each PRM handler. Alternatively, the context buffer can be allocated and populated
by the OS where it would get all the information to populate the context buffer from other structures.
The default is for the OS to allocate and populate the buffer. The alternative option of the firmware doing this
work is kept in the source code until broader OS testing is completed.
## Overview
At a high-level, PRM can be viewed from three levels of granularity:
1. PRM interface - Encompassing the entirety of firmware functionalities and data provided to OS runtime. Most
information is provided through ACPI tables to be agnostic to a UEFI implementation.
2. PRM module - An independently updatable package of PRM handlers. The PRM interface will be composed of multiple
PRM modules. This requirement allows for the separation of OEM and IHV PRM code, each of which can be serviced
independently.
3. PRM handler - The implementation/callback of a single PRM functionality as identified by a GUID.
## Firmware Design
The firmware has three key generic drivers to support PRM:
1. A PRM Loader driver - Functionality is split across three phases:
1. Discover - Find all PRM modules in the firmware image made available by the platform firmware author.
* This phase includes verifying authenticity/integrity of the image, the image executable type, the export
table is present and the PRM Export Module Descriptor is present and valid.
2. Process - Convert PRM handler GUID to name mappings in the PRM Module Export Descriptor to PRM handler Name
to physical address mappings required to construct the PRM ACPI table.
3. Publish - Publish the PRM ACPI table using the information from the Process phase.
2. A PRM Configuration driver - A generic driver responsible for processing PRM module configuration information
consumed through a `PRM_CONFIG_PROTOCOL` per PRM module instance. Therefore, the `PRM_CONFIG_PROTOCOL` serves
as the dynamic interface for this driver to process PRM module resources and prepare the module's data to be
configured properly for OS runtime.
3. A PRM Module - Not a single driver but a user written PE/COFF image that follows the PRM module authoring process.
A PRM module groups together cohesive sets of PRM functionality into functions referred to as "PRM handlers".
## PrmPkg Code Organization
The package follows a standard EDK II style package format. The list below contains some notable areas to
explore in the package:
* [ACPI Table Definitions](PrmPkg/PrmLoaderDxe/PrmAcpiTable.h)
* [Common Interface Definitions](PrmPkg/Include)
* [PRM Config Driver](PrmPkg/PrmConfigDxe)
* [PRM Loader Driver](PrmPkg/PrmLoaderDxe)
* [Sample PRM Modules](PrmPkg/Samples)
While the package does provide sample PRM modules to be used as a reference, actual PRM modules should not be
maintained in PrmPkg. It is intended to only contain PRM infrastructure code and a few samples of how to use
that infrastructure. The PrmPkg is meant to be used as-is by firmware that supports PRM. Any shortcomings that
prevent the package from being used as-is should be addressed directly in PrmPkg.
## PRM Module
By default, the EDK II implementation of UEFI does not allow images with the subsystem type
IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER to be built with exports. 
```
ERROR - Linker #1294 from LINK : fatal exports and import libraries are not supported with /SUBSYSTEM:EFI_RUNTIME_DRIVER
```
This can adjusted in the MSVC linker options.
__For the purposes of this POC__, the subsystem type is changed in the firmware build to allow the export table to be
added but the subsystem type in the final image is still 0xC (EFI Runtime Driver). This is important to allow the DXE
dispatcher to use its standard image verification and loading algorithms to load the image into permanent memory during
the DXE execution phase.
All firmware-loaded PRM modules are loaded into a memory buffer of type EfiRuntimeServicesCode. This means the
operating system must preserve all PRM handler code and the buffer will be reflected in the UEFI memory map. The
execution for invoking PRM handlers is the same as that required for UEFI Runtime Services, notably 4KiB or more of
available stack space must be provided and the stack must be 16-byte aligned. 
__*Note:*__ Long term it is possible to similarly load the modules into a EfiRuntimeServicesCode buffer and perform
relocation fixups with a new EFI module type for PRM if desired. It was simply not done since it is not essential
for this POC.
Where possible, PRM module information is stored and generated using industry compiler tool chains. This is a key
motivation behind using PE/COFF export tables to expose PRM module information and using a single PRM module binary
definition consistent between firmware and OS load.
### PRM Module Exports
A PRM module must contain at least two exports: A PRM Module Export Descriptor and at least one PRM handler. Here's
an example of an export table from a PRM module that has a single PRM handler:
```
0000000000005000: 00 00 00 00 FF FF FF FF 00 00 00 00 3C 50 00 00 ............<P..
0000000000005010: 01 00 00 00 02 00 00 00 02 00 00 00 28 50 00 00 ............(P..
0000000000005020: 30 50 00 00 38 50 00 00 78 13 00 00 20 40 00 00 0P..8P..x... @..
0000000000005030: 5D 50 00 00 7C 50 00 00 00 00 01 00 50 72 6D 53 ]P..|P......PrmS
0000000000005040: 61 6D 70 6C 65 43 6F 6E 74 65 78 74 42 75 66 66 ampleContextBuff
0000000000005050: 65 72 4D 6F 64 75 6C 65 2E 64 6C 6C 00 44 75 6D erModule.dll.Dum
0000000000005060: 70 53 74 61 74 69 63 44 61 74 61 42 75 66 66 65 pStaticDataBuffe
0000000000005070: 72 50 72 6D 48 61 6E 64 6C 65 72 00 50 72 6D 4D rPrmHandler.PrmM
0000000000005080: 6F 64 75 6C 65 45 78 70 6F 72 74 44 65 73 63 72 oduleExportDescr
0000000000005090: 69 70 74 6F 72 00 iptor.
00000000 characteristics
FFFFFFFF time date stamp
0.00 version
1 ordinal base
2 number of functions
2 number of names
ordinal hint RVA name
1 0 00001378 DumpStaticDataBufferPrmHandler
2 1 00004020 PrmModuleExportDescriptor
```
### PRM Image Format
PRM modules are ultimately PE/COFF images. However, when packaged in firmware the PE/COFF image is placed into a
Firmware File System (FFS) file. This is transparent to the operating system but done to better align with the typical
packaging of PE32(+) images managed in the firmware binary image. In the dump of the PRM FV binary image shown earlier,
the FFS sections placed by EDK II build tools ("DXE dependency", "User interface", "Version") that reside alongside the
PE/COFF binary are shown. A PRM module can be placed into a firmware image as a pre-built PE/COFF binary or built
during the firmware build process. In either case, the PE/COFF section is contained in a FFS file as shown in that
image.
### PRM Module Implementation
To simplify building the PRM Module Export Descriptor, a PRM module implementation can use the following macros to mark
functions as PRM handlers. In this example, a PRM module registers three functions by name as PRM handlers with the
associated GUIDs.
```
//
// Register the PRM export information for this PRM Module
//
PRM_MODULE_EXPORT (
PRM_HANDLER_EXPORT_ENTRY (PRM_HANDLER_1_GUID, PrmHandler1),
PRM_HANDLER_EXPORT_ENTRY (PRM_HANDLER_2_GUID, PrmHandler2),
PRM_HANDLER_EXPORT_ENTRY (PRM_HANDLER_N_GUID, PrmHandlerN)
);
```
`PRM_MODULE_EXPORT` take a variable-length argument list of `PRM_HANDLER_EXPORT_ENTRY` entries that each describe an
individual PRM handler being exported for the module. Ultimately, this information is used to define the structure
necessary to statically allocate the PRM Module Export Descriptor Structure (and its PRM Handler Export Descriptor
substructures) in the image.
Another required export for PRM modules is automatically provided in `PrmModule.h`, a header file that pulls together
all the includes needed to author a PRM module. This export is `PRM_MODULE_UPDATE_LOCK_EXPORT`. By including,
`PrmModule.h`, a PRM module has the `PRM_MODULE_UPDATE_LOCK_DESCRIPTOR` automatically exported.
## PRM Handler Constraints
At this time, PRM handlers are restricted to a maximum identifier length of 128 characters. This is checked when using
the `PRM_HANDLER_EXPORT` macro by using a static assert that reports a violation at build-time.
PRM handlers are **not** allowed to use UEFI Runtime Services and should not rely upon any UEFI constructs. For the
purposes of this POC, this is currently not explicitly enforced but should be in the final changes.