Firmware Encoding Index

  • Increase font size
  • Default font size
  • Decrease font size
Introduce the latest firmware technology UEFI/EFI

Phase Change Memory (PCM): A new memory technology to enable new memory usage models

E-mail Print PDF

Phase Change Memory (PCM) : A new memory
technology to enable new memory usage models
Today’s advanced applications are driving the demand for new memory technology capabilities. As electronic systems require greater volumes of code and data, the resulting impact creates
an insatiable appetite for memory. Phase Change Memory (PCM) meets the needs of today’s demanding electronic systems with innovative key technology features.

 

UEFI Secure Boot

E-mail Print PDF

Instruction from UDK package:

================================================================================
                    HOW TO ENABLE SECURE BOOT SERVICE
================================================================================
Based on original variable driver in MdeModulePkg, variable driver in SecurityPkg
provides authenticated variable service in UEFI 2.3.1 spec. Runtime crypto library,
OpenSSL* library and variable driver are required to enable this feature.

1.  Ensure OpensslLib* library instance is defined in [LibraryClasses] section of
    the platform DSC file:
    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf

2.  Ensure BaseCryptLib library instances are defined in the platform DSC file:
    For PEI driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
    For DXE driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
    For RUNTIME driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
    For SMM driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf

3.  Ensure platform secure library is added in platform DSC. A NULL instance for
    PlatformSecureLib is provided as below. It can be replaced by a platform-specific
    library instance.
    SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf

4.  Ensure library instance DxeImageVerificationLib is added to LibraryClasses section
    of module SecurityStubDxe in the platform DSC file:
    MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
      
          NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
    }

5.  Add Authenticated Variable driver INF to [Component] section of the platform
    DSC file:
    SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
    SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

6.  Remove original variable driver INF from the platform FDF file:
    INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
    INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf

    Add Authenticated Variable Driver INF to the platform FDF file:
    INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
    INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
    INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

7.  Update Variable GUID value of VARIABLE_STORE_HEADER in FDF file as:
    #Signature: gEfiAuthenticatedVariableGuid =
    # {0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92}}
    0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
    0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,

8.  Set appropriate value of gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize
    for security feature relative databases which uses EFI Variable as storage.
    Each database stores in a single variable, the maximum variable size is
    defined by PCD value of gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize.
    Database categories include:
    1)  PK database: only one entry for public key of PK plus header info.
    2)  KEK database: multi-entry for public key of KEK plus header info.
    3)  Authorized signature database: multi-entries for authorized signatures
        and one entry for root X509 certificate, plus header info.
    4)  Forbidden signature database: multi-entries for forbidden signatures,
        plus header info.

    NOTICE: Typically the size of one X509 certificate is ~2k, which may exceed
            the default maximum variable size. Please adjust the value by PCD if
            needed.

9.  Set a platform policy of image verification by PCDs.
    User can customize platform policy of image verification by PCD value
    before build a platform. In [PcdsFixedAtBuild] section of SecurityPkg.dec
    file, set the PCD value for each type of device accordingly.

    For example, if the platform policy is defined as:
    1)  Trust all images from OptionROM.
    2)  Validate all images from removable devices and deny execute when security
        violation occurs.
    3)  Validate all images from hard disk and query user to make decision when
        security violation occurs.

    In this case, the PCD value should be set as following:
    gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001
    gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002
    gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003

10. Another authenticated variable service, named SMM authenticated variable, is
    also provided in SecurityPkg. SMM authenticated variable driver requires SMM
    FVB protocol which should be provided by platform driver and SMM FTW protocol
    which is already provided in MdeModulePkg. To enable SMM authenticated variable
    driver instead of non-SMM authenticated variable driver in SecurityPkg,
        SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
    should be replaced by following drivers in step 5 and 6:
        SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
        SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf

================================================================================
                        HOW TO ENABLE USER IDENTIFICATION
================================================================================
In UID (User Identification) infrastructure, there are 4 UEFI drivers, one library
instance and some platform specific changes in BDS. To enable UID feature:
1.  Ensure the platform specific code had been integrated into the platform BDS.
    Identify () in User Manager Protocol should be invoked after console is ready
    and authentication device (e.g. Smart card) is connected.

2.  Ensure OpensslLib* library instance is defined in [LibraryClasses] section of
    the platform DSC file:
    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf

3.  Ensure BaseCryptLib library instances in each phase are defined in the platform
    DSC file:
    PEI phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
    DXE phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
    RUNTIME phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf

4.  Add UID drivers to [Component] section of the platform DSC file:
    1)  UserIdentifyManagerDxe driver produces user manager protocol and loads
        deferred image after user authentication.
        SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf

    2)  PwdCredentialProviderDxe driver produces user credential protocol and
        provides support for password credential.
        SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf

    3)  UsbCredentialProviderDxe driver produces user credential protocol and
        provides support for secure card credential.
        SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf

    4)  UserProfileManagerDxe driver provide UI configure for user profiles in
        UEFI HII Form Browser. It is an sample driver to configure basic user
        information. For advanced configuration, such as forbidding a user to
        load image from USB disk, it is not supported by this driver.
        SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf

5.  Add library instance DxeDeferImageLoadLib to LibraryClasses section of module
    SecurityStubDxe in the platform DSC file.
    The library instance is invoked during loading an image into memory. The
    image loading could be deferred by the predefined policy in a PCD before user
    authentication, or be verified by current user access policy after user
    authentication.
    MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
      
         NULL|SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
    }

6.  Add UID drivers to the platform FDF file:
    INF  SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
    INF  SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
    INF  SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
    INF  SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf

7.  Set the platform policy by PCDs.
    User can customize platform policy by changing the default PCD value in
    SecurityPkg.dec before building a platform.

    1)  Deferred image load policy
        The policy makes use of bitmasks for five predefined device types. If
        a bit is set, the image from the corresponding device will be trusted
        when loading. Image from any device is trusted by default.

    2)  USB token file name
        USB credential provider will read a file as the credential information.
        The token file should be at the root directory of USB storage disk and
        its name is specified by PCD value. "Token.bin" is the default name of
        token file.

================================================================================
                        HOW TO ENABLE TCG TPM
================================================================================
TCG measured boot consists of two PEI modules, four DXE drivers and three libraries
and some platform specific changes. To enable TCG TPM feature:

1.  Ensure the platform specific changes had been done.
    1)  Memory should be cleared if ClearMemory bit of variable MemoryOverwriteRequestControl
        is set when doing memory initialization.
    2)  TcgPhysicalPresenceLibProcessRequest () from TCG physical presenceLib library
        should be invoked to process pending TPM request in BDS when console is ready.

2.  Ensure OpensslLib* library instance is defined in [LibraryClasses] section of
    the platform DSC file:
    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf

3.  Ensure BaseCryptLib library instances in each phase are defined in the platfrom
    DSC file:
    PEI phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
    DXE phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf

4.  Add library instance in the platform DSC file.
    1)  TPM common library
        It provides some common function routines used by TCG drivers.
        SecurityPkg/Library/TpmCommLib/TpmCommLib.inf
    2)  TCG physical presence library
        This library requires output device to display TPM state change request and
        input device to get user confirmation. Often it is invoked by BDS driver when
        console is ready.
        SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
    3)  TPM measure boot library
        The library instance provides measurement and log service for TPM measured
        boot. The instance is invoked during loading an image into memory. It should
        be added into LibraryClasses section of module SecurityStubDxe in the platform
        DSC file.
        SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
        MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
         
            NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
        }

5.  Add TPM drivers to [Component] section of the platform DSC file:
    1)  TCG TPM PEI driver initializes TPM device and measures the drivers in firmware.
        SecurityPkg/Tcg/TcgPei/TcgPei.inf
    2)  TCG TPM DXE driver produces EFI TCG protocol and measure the drivers which
        are not from firmware.
        SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
    3)  TCG SMM driver implements TPM definition block in ACPI table and registers
        SMI callback functions for physical presence and MemoryClear to handle the
        requests from ACPI method.
        SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
    4)  TCG UI driver provides a generic TCG configuration page in setup browser to
        config TCG items.
        SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
    5)  TCG physical presence PEI driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to
        indicate whether TPM need be locked in PEI phase or not. It can be replaced
        by a platform specific driver.
        SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
    6)  TCG memory overwrite Control driver initilizes MemoryOverwriteRequestControl
        variable. It will clear MOR_CLEAR_MEMORY_BIT bit if it is set.
        SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf

6.  Add TPM drivers to the platform FDF file:
    INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
    INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
    INF  SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
    INF  SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
    INF  SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
    INF  SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf

7.  Set the platform policy by PCDs.
    User can customize platform policy by changing the default PCD value in
    SecurityPkg.dec before building a platform.

    1)  TCG platform type
        PCD PcdTpmPlatformClass specifies the type of TCG platform that contains
        TPM chip. Its value is set to 0 for PC client type by default. It should
        be set 1 for server.
        gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006

    2)  Hide TPM device
        The TPM device can be hided from firmware and OS. PcdHideTpm can dynamically
        control whether to hide the TPM if PcdHideTpmSupport is set TRUE.
        gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport|FALSE|BOOLEAN|0x00000007

================================================================================
                                 NOTES
================================================================================
1.  In this version of implementation of authenticated variable service, we support:
    1)  Public exponent of RSA key value is fixed as 0x10001.
    2)  Encoding schema of RSA is PKCS1.15.
2.  Currently certificate time expiration checking is ignored.
3.  No real-time CRL checking requirements for performance and size restriction in
    pre-boot environment.
4.  Variable Size Limitation: KEK/X509/Signature Database store as authenticated
    variables in the system,  with the database size limitation of max variable
    size of the platform. Users may choose to increase max variable size by PCD
    or to delete unused items when the database is full.

* Other names and brands may be claimed as the property of others.

Attachments:
Download this file (lf_uefi_secure_boot_open_platforms.pdf)lf_uefi_secure_boot_open_platforms.pdf[Making UEFI Secure Boot Work With Open Platforms]367 Kb
Download this file (UEFI_Plugfest_2011Q4_P5_Insyde.pdf)UEFI_Plugfest_2011Q4_P5_Insyde.pdf[UEFI Security Enhancements]1825 Kb
Download this file (UPFS11_P2_SecureBoot_Insyde.pdf)Implementing a Secure Boot Path with UEFI 2.3.1[Implementing a Secure Boot Path with UEFI 2.3.1]1501 Kb
Last Updated on Wednesday, 22 February 2012 07:06
 

RemoteSensors development detail

E-mail Print PDF

RemoteSensors development detail


                                                            User application, which can utilize GPS, accelerometer...
                                                                                        |
                Android                                         Windows 7 Sensor and Location Platform
                   |                                                                    |
         System Sensors, GPS & 3G location          RemoteSensors Driver
                   |                                                                    |
                   |                                                                    |
           PcRemote Advance(Android)     -------->    PcRemote Server

Advance function available now:
a. Map your Gps or WIFI location to Windows 7 location service
b. Map your Accelerometer sensor to Windows 7 Motion Accelerometer sensor
c. Map your Orientation sensor to Windows 7 Orientation Compass sensor
d. Map your Magnetic sensor to Windows 7 Orientation Inclonometer sensor
e. Map your Light sensor to Windows 7 Light sensor


GPS and 3G location data of your mobile phone will maped to following data for your Windows 7
Category: SENSOR_CATEGORY_LOCATION
Sensor Type: SENSOR_TYPE_LOCATION_GPS
Data available:
SENSOR_DATA_TYPE_TIMESTAMP
SENSOR_DATA_TYPE_ERROR_RADIUS_METERS
SENSOR_DATA_TYPE_LATITUDE_DEGREES
SENSOR_DATA_TYPE_LONGITUDE_DEGREES
SENSOR_DATA_TYPE_ALTITUDE_SEALEVEL_METERS

Accelerometer sensor data of your mobile phone will maped to following data for your Windows 7
Category: SENSOR_CATEGORY_MOTION
Sensor Type: SENSOR_TYPE_ACCELEROMETER_3D
Data available:
SENSOR_DATA_TYPE_TIMESTAMP
SENSOR_DATA_TYPE_ACCELERATION_X_G
SENSOR_DATA_TYPE_ACCELERATION_Y_G
SENSOR_DATA_TYPE_ACCELERATION_Z_G

Orientation sensor data of your mobile phone will maped to following data for your Windows 7
Category: SENSOR_CATEGORY_ORIENTATION
Sensor Type: SENSOR_TYPE_COMPASS_3D
Data available:
SENSOR_DATA_TYPE_TIMESTAMP
SENSOR_DATA_TYPE_TILT_X_DEGREES
SENSOR_DATA_TYPE_TILT_Y_DEGREES
SENSOR_DATA_TYPE_TILT_Z_DEGREES

Magnetic sensor data of your mobile phone will maped to following data for your Windows 7
Category: SENSOR_CATEGORY_ORIENTATION
Sensor Type: SENSOR_TYPE_INCLINOMETER_3D
Data available:
SENSOR_DATA_TYPE_TIMESTAMP
SENSOR_DATA_TYPE_MAGNETIC_HEADING_X_DEGREES
SENSOR_DATA_TYPE_MAGNETIC_HEADING_Y_DEGREES
SENSOR_DATA_TYPE_MAGNETIC_HEADING_Z_DEGREES

Light sensor data of your mobile phone will maped to following data for your Windows 7
Category: SENSOR_CATEGORY_LIGHT
Sensor Type: SENSOR_TYPE_AMBIENT_LIGHT
Data available:
SENSOR_DATA_TYPE_TIMESTAMP
SENSOR_DATA_TYPE_LIGHT_LEVEL_LUX

for detail how to use these data, please refer:
Introduction to the Sensor and Location Platform in Windows
http://msdn.microsoft.com/en-us/library/dd318936%28v=vs.85%29.aspx

Unlike

Geosense software, RemoteSensors share your mobile phone's GPS or 3G location to Windows, it's more accuracy than Geosense.

Last Updated on Thursday, 04 August 2011 12:58
 

VirtualBox UEFI UDK VBoxPkg build guide

E-mail Print PDF

VirtualBox UEFI UDK VBoxPkg build guide

from (VboxPkg readme.txt file)

$Id: ReadMe.txt 29156 2010-05-06 13:50:07Z vboxsync $

Setting up the source trees
===========================

Check out the EDK2 trunk/edk2 to some directory of your choice (the command
creates an edk2 subdirectory):

svn checkout \
--username guest --password guest \
-r9332 https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2 edk2

Enter into the edk2 directory and check out EFI/Firmware2/VBoxPkg into a
VBoxPkg subdirectory:

svn checkout \
http://www.virtualbox.org/svn/vbox/trunk/src/VBox/Devices/EFI/Firmware2/VBoxPkg VBoxPkg

Enter into the VBoxPkg/Include and check out include/iprt and include/VBox:

svn checkout http://www.virtualbox.org/svn/vbox/trunk/include/iprt iprt
svn checkout http://www.virtualbox.org/svn/vbox/trunk/include/VBox VBox

Then copy version-generated.h from
/out/win.*/*/version-generated.h (into VBoxPkg/include/).
/out/win.*/*/product-generated.h (into VBoxPkg/include/).


Symlink alternative for Vista
-----------------------------

Say you've got VBox checked out as e:\vbox\trunk and you're on 32-bit Windows
and having done a debug build. Check out EDK2 somewhere (see above). Then do:

kmk_ln -s %VBOXSVN%\src\VBox\Devices\EFI\Firmware2\VBoxPkg\ edk2\VBoxPkg
kmk_ln -s %VBOXSVN%\include\iprt\ edk2\VBoxPkg\Include\iprt
kmk_ln -s %VBOXSVN%\include\VBox\ edk2\VBoxPkg\Include\VBox
kmk_ln -s %VBOXSVN%\out\win.x86\debug\version-generated.h edk2\VBoxPkg\Include\version-generated.h
kmk_ln -s %VBOXSVN%\out\win.x86\debug\product-generated.h edk2\VBoxPkg\Include\product-generated.h

MinGW for Linux
================

To install MinGW on Ubuntu systems, just perform

apt-get install mingw32-binutils mingw32 mingw32-runtime

After that, you can even avoid setting up symlinks, as build script will do
that automagically.

MinGW-w64 for Linux
===================
To build the X64 firmware on Linux, the wimgw-w64 port of mingw is required.
The binaries are available at:

http://sourceforge.net/projects/mingw-w64/files/

Some non-fatal warnings might appears while compiling on Linux machine so it
is recommended to disable -Werror at Conf/tools_def.txt:*_UNIXGCC_X64_CC_FLAGS.

While building some versions of wingw-w64/linker might complain that __ModuleEntryPoint wasn't found (and fills entry point field with some default value)
to fix that, just split the the definition (IA32 and X64),with removing leading underscore '_' for X64 at Conf/tools_def.txt:
*_UNIXGCC_*_DLINK_FLAGS=... -entry _$(IMAGE_ENTRY_POINT) ...
to
*_UNIXGCC_IA32_DLINK_FLAGS=... -entry _$(IMAGE_ENTRY_POINT) ...
*_UNIXGCC_X64_DLINK_FLAGS=... -entry $(IMAGE_ENTRY_POINT) ...

Setting up the environment
==========================

First, enter the VirtualBox environment using tools/env.cmd (and whatever
local additions you normally use).

Go to the EDK2 source tree you set up in the previous section and run
VBoxPkg/env.cmd (Windows) and VBoxPkg/env.sh (Unix).

That's it. You can now run build.


Patching
========

VBox guests and hardware required some modifications in EDK2 do before
building some patches are required:

cat VBoxPkg/edk2.patch-pmtimer | patch -p0
cat VBoxPkg/edk2.patch-no_blocking_partition | patch -p0
cat VBoxPkg/edk2.patch-ovmf_pei | patch -p0
cat VBoxPkg/edk2.patch-no_blocking_partition | patch -p0
cat VBoxPkg/edk2.patch-apple | patch -p0
cat VBoxPkg/edk2.patch-rtc | patch -p0
cat VBoxPkg/edk2.patch-mem_acpi | patch -p0
cat VBoxPkg/edk2.patch-idtgdt | patch -p0


Building
========
Edit Cont/target.txt:

$ cat Conf/target.txt
ACTIVE_PLATFORM = VBoxPkg/VBoxPkgOSE.dsc
TARGET =  DEBUG
TARGET_ARCH = IA32
TOOL_CHAIN_CONF = Conf/tools_def.txt
TOOL_CHAIN_TAG = UNIXGCC
MAX_CONCURRENT_THREAD_NUMBER = 1
MULTIPLE_THREAD = Disable
BUILD_RULE_CONF = Conf/build_rule.txt

The make program is called 'build' (edk2\BaseTools\Bin\Win32\build.exe). To
start building just execute 'build'. If you have a multicore machine and run
into bad build errors, try 'build -n 1' to avoid mixing up errors. For more
options try 'build --help'.


Running
=======

Copy (or symlink) Build\VBoxPkg\DEBUG_MYTOOLS\FV\VBOX.fd to the
VirtualBox bin directory as vboxefi.fv.
copy      e:\edk2\Build\VBoxPkg\DEBUG_MYTOOLS\FV\VBOX.fd e:\vbox\trunk\out\win.x86\debug\bin\VBoxEFI32.fd
or
kmk_ln -s e:\edk2\Build\VBoxPkg\DEBUG_MYTOOLS\FV\VBOX.fd e:\vbox\trunk\out\win.x86\debug\bin\VBoxEFI32.fd

You need to build have a VirtualBox debug build with the following in your
Note that these options will not change the VirtualBox behavior only enable
the EFI feature.

Create a new VM with enabled EFI support.

Currently all there is to see is in the log output and debugger. Suggested
log setup (debug builds only):

set VBOX_LOG=dev_efi.e.l2
set VBOX_LOG_DEST=stderr
set VBOX_LOG_FLAGS=unbuffered msprog thread

And suggested way of starting the VM:

VirtualBox.exe --startvm efi

Last Updated on Thursday, 04 August 2011 13:06
 

CPU hotplug Support in Linux(tm) Kernel

E-mail Print PDF
CPU hotplug Support in Linux(tm) Kernel

Maintainers:
CPU Hotplug Core:
Rusty Russell
Srivatsa Vaddagiri
i386:
Zwane Mwaikambo
ppc64:
Nathan Lynch
Joel Schopp
ia64/x86_64:
Ashok Raj
s390:
Heiko Carstens

Authors: Ashok Raj
Lots of feedback: Nathan Lynch ,
Joel Schopp

Introduction

Modern advances in system architectures have introduced advanced error
reporting and correction capabilities in processors. CPU architectures permit
partitioning support, where compute resources of a single CPU could be made
available to virtual machine environments. There are couple OEMS that
support NUMA hardware which are hot pluggable as well, where physical
node insertion and removal require support for CPU hotplug.

Such advances require CPUs available to a kernel to be removed either for
provisioning reasons, or for RAS purposes to keep an offending CPU off
system execution path. Hence the need for CPU hotplug support in the
Linux kernel.

A more novel use of CPU-hotplug support is its use today in suspend
resume support for SMP. Dual-core and HT support makes even
a laptop run SMP kernels which didn't support these methods. SMP support
for suspend/resume is a work in progress.

General Stuff about CPU Hotplug
--------------------------------

Command Line Switches
---------------------
maxcpus=n    Restrict boot time cpus to n. Say if you have 4 cpus, using
maxcpus=2 will only boot 2. You can choose to bring the
other cpus later online, read FAQ's for more info.

additional_cpus=n (*)    Use this to limit hotpluggable cpus. This option sets
cpu_possible_map = cpu_present_map + additional_cpus

cede_offline={"off","on"}  Use this option to disable/enable putting offlined
processors to an extended H_CEDE state on
supported pseries platforms.
If nothing is specified,
cede_offline is set to "on".

(*) Option valid only for following architectures
- ia64

ia64 uses the number of disabled local apics in ACPI tables MADT to
determine the number of potentially hot-pluggable cpus. The implementation
should only rely on this to count the # of cpus, but *MUST* not rely
on the apicid values in those tables for disabled apics. In the event
BIOS doesn't mark such hot-pluggable cpus as disabled entries, one could
use this parameter "additional_cpus=x" to represent those cpus in the
cpu_possible_map.

possible_cpus=n        [s390,x86_64] use this to set hotpluggable cpus.
This option sets possible_cpus bits in
cpu_possible_map. Thus keeping the numbers of bits set
constant even if the machine gets rebooted.

CPU maps and such
-----------------
[More on cpumaps and primitive to manipulate, please check
include/linux/cpumask.h that has more descriptive text.]

cpu_possible_map: Bitmap of possible CPUs that can ever be available in the
system. This is used to allocate some boot time memory for per_cpu variables
that aren't designed to grow/shrink as CPUs are made available or removed.
Once set during boot time discovery phase, the map is static, i.e no bits
are added or removed anytime.  Trimming it accurately for your system needs
upfront can save some boot time memory. See below for how we use heuristics
in x86_64 case to keep this under check.

cpu_online_map: Bitmap of all CPUs currently online. Its set in __cpu_up()
after a cpu is available for kernel scheduling and ready to receive
interrupts from devices. Its cleared when a cpu is brought down using
__cpu_disable(), before which all OS services including interrupts are
migrated to another target CPU.

cpu_present_map: Bitmap of CPUs currently present in the system. Not all
of them may be online. When physical hotplug is processed by the relevant
subsystem (e.g ACPI) can change and new bit either be added or removed
from the map depending on the event is hot-add/hot-remove. There are currently
no locking rules as of now. Typical usage is to init topology during boot,
at which time hotplug is disabled.

You really dont need to manipulate any of the system cpu maps. They should
be read-only for most use. When setting up per-cpu resources almost always use
cpu_possible_map/for_each_possible_cpu() to iterate.

Never use anything other than cpumask_t to represent bitmap of CPUs.

#include

for_each_possible_cpu     - Iterate over cpu_possible_map
for_each_online_cpu       - Iterate over cpu_online_map
for_each_present_cpu      - Iterate over cpu_present_map
for_each_cpu_mask(x,mask) - Iterate over some random collection of cpu mask.

#include
get_online_cpus() and put_online_cpus():

The above calls are used to inhibit cpu hotplug operations. While the
cpu_hotplug.refcount is non zero, the cpu_online_map will not change.
If you merely need to avoid cpus going away, you could also use
preempt_disable() and preempt_enable() for those sections.
Just remember the critical section cannot call any
function that can sleep or schedule this process away. The preempt_disable()
will work as long as stop_machine_run() is used to take a cpu down.

CPU Hotplug - Frequently Asked Questions.

Q: How to enable my kernel to support CPU hotplug?
A: When doing make defconfig, Enable CPU hotplug support

"Processor type and Features" -> Support for Hotpluggable CPUs

Make sure that you have CONFIG_HOTPLUG, and CONFIG_SMP turned on as well.

You would need to enable CONFIG_HOTPLUG_CPU for SMP suspend/resume support
as well.

Q: What architectures support CPU hotplug?
A: As of 2.6.14, the following architectures support CPU hotplug.

i386 (Intel), ppc, ppc64, parisc, s390, ia64 and x86_64

Q: How to test if hotplug is supported on the newly built kernel?
A: You should now notice an entry in sysfs.

Check if sysfs is mounted, using the "mount" command. You should notice
an entry as shown below in the output.

....
none on /sys type sysfs (rw)
....

If this is not mounted, do the following.

#mkdir /sysfs
#mount -t sysfs sys /sys

Now you should see entries for all present cpu, the following is an example
in a 8-way system.

#pwd
#/sys/devices/system/cpu
#ls -l
total 0
drwxr-xr-x  10 root root 0 Sep 19 07:44 .
drwxr-xr-x  13 root root 0 Sep 19 07:45 ..
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu0
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu1
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu2
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu3
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu4
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu5
drwxr-xr-x   3 root root 0 Sep 19 07:44 cpu6
drwxr-xr-x   3 root root 0 Sep 19 07:48 cpu7

Under each directory you would find an "online" file which is the control
file to logically online/offline a processor.

Q: Does hot-add/hot-remove refer to physical add/remove of cpus?
A: The usage of hot-add/remove may not be very consistently used in the code.
CONFIG_HOTPLUG_CPU enables logical online/offline capability in the kernel.
To support physical addition/removal, one would need some BIOS hooks and
the platform should have something like an attention button in PCI hotplug.
CONFIG_ACPI_HOTPLUG_CPU enables ACPI support for physical add/remove of CPUs.

Q: How do i logically offline a CPU?
A: Do the following.

#echo 0 > /sys/devices/system/cpu/cpuX/online

Once the logical offline is successful, check

#cat /proc/interrupts

You should now not see the CPU that you removed. Also online file will report
the state as 0 when a cpu if offline and 1 when its online.

#To display the current cpu state.
#cat /sys/devices/system/cpu/cpuX/online

Q: Why cant i remove CPU0 on some systems?
A: Some architectures may have some special dependency on a certain CPU.

For e.g in IA64 platforms we have ability to sent platform interrupts to the
OS. a.k.a Corrected Platform Error Interrupts (CPEI). In current ACPI
specifications, we didn't have a way to change the target CPU. Hence if the
current ACPI version doesn't support such re-direction, we disable that CPU
by making it not-removable.

In such cases you will also notice that the online file is missing under cpu0.

Q: How do i find out if a particular CPU is not removable?
A: Depending on the implementation, some architectures may show this by the
absence of the "online" file. This is done if it can be determined ahead of
time that this CPU cannot be removed.

In some situations, this can be a run time check, i.e if you try to remove the
last CPU, this will not be permitted. You can find such failures by
investigating the return value of the "echo" command.

Q: What happens when a CPU is being logically offlined?
A: The following happen, listed in no particular order :-)

- A notification is sent to in-kernel registered modules by sending an event
CPU_DOWN_PREPARE or CPU_DOWN_PREPARE_FROZEN, depending on whether or not the
CPU is being offlined while tasks are frozen due to a suspend operation in
progress
- All processes are migrated away from this outgoing CPU to new CPUs.
The new CPU is chosen from each process' current cpuset, which may be
a subset of all online CPUs.
- All interrupts targeted to this CPU is migrated to a new CPU
- timers/bottom half/task lets are also migrated to a new CPU
- Once all services are migrated, kernel calls an arch specific routine
__cpu_disable() to perform arch specific cleanup.
- Once this is successful, an event for successful cleanup is sent by an event
CPU_DEAD (or CPU_DEAD_FROZEN if tasks are frozen due to a suspend while the
CPU is being offlined).

"It is expected that each service cleans up when the CPU_DOWN_PREPARE
notifier is called, when CPU_DEAD is called its expected there is nothing
running on behalf of this CPU that was offlined"

Q: If i have some kernel code that needs to be aware of CPU arrival and
departure, how to i arrange for proper notification?
A: This is what you would need in your kernel code to receive notifications.

#include
static int __cpuinit foobar_cpu_callback(struct notifier_block *nfb,
unsigned long action, void *hcpu)
{
unsigned int cpu = (unsigned long)hcpu;

switch (action) {
case CPU_ONLINE:
case CPU_ONLINE_FROZEN:
foobar_online_action(cpu);
break;
case CPU_DEAD:
case CPU_DEAD_FROZEN:
foobar_dead_action(cpu);
break;
}
return NOTIFY_OK;
}

static struct notifier_block __cpuinitdata foobar_cpu_notifer =
{
.notifier_call = foobar_cpu_callback,
};

You need to call register_cpu_notifier() from your init function.
Init functions could be of two types:
1. early init (init function called when only the boot processor is online).
2. late init (init function called _after_ all the CPUs are online).

For the first case, you should add the following to your init function

register_cpu_notifier(&foobar_cpu_notifier);

For the second case, you should add the following to your init function

register_hotcpu_notifier(&foobar_cpu_notifier);

You can fail PREPARE notifiers if something doesn't work to prepare resources.
This will stop the activity and send a following CANCELED event back.

CPU_DEAD should not be failed, its just a goodness indication, but bad
things will happen if a notifier in path sent a BAD notify code.

Q: I don't see my action being called for all CPUs already up and running?
A: Yes, CPU notifiers are called only when new CPUs are on-lined or offlined.
If you need to perform some action for each cpu already in the system, then

for_each_online_cpu(i) {
foobar_cpu_callback(&foobar_cpu_notifier, CPU_UP_PREPARE, i);
foobar_cpu_callback(&foobar_cpu_notifier, CPU_ONLINE, i);
}

Q: If i would like to develop cpu hotplug support for a new architecture,
what do i need at a minimum?
A: The following are what is required for CPU hotplug infrastructure to work
correctly.

- Make sure you have an entry in Kconfig to enable CONFIG_HOTPLUG_CPU
- __cpu_up()        - Arch interface to bring up a CPU
- __cpu_disable()   - Arch interface to shutdown a CPU, no more interrupts
can be handled by the kernel after the routine
returns. Including local APIC timers etc are
shutdown.
- __cpu_die()      - This actually supposed to ensure death of the CPU.
Actually look at some example code in other arch
that implement CPU hotplug. The processor is taken
down from the idle() loop for that specific
architecture. __cpu_die() typically waits for some
per_cpu state to be set, to ensure the processor
dead routine is called to be sure positively.

Q: I need to ensure that a particular cpu is not removed when there is some
work specific to this cpu is in progress.
A: There are two ways.  If your code can be run in interrupt context, use
smp_call_function_single(), otherwise use work_on_cpu().  Note that
work_on_cpu() is slow, and can fail due to out of memory:

int my_func_on_cpu(int cpu)
{
int err;
get_online_cpus();
if (!cpu_online(cpu))
err = -EINVAL;
else
#if NEEDS_BLOCKING
err = work_on_cpu(cpu, __my_func_on_cpu, NULL);
#else
smp_call_function_single(cpu, __my_func_on_cpu, &err,
true);
#endif
put_online_cpus();
return err;
}

Q: How do we determine how many CPUs are available for hotplug.
A: There is no clear spec defined way from ACPI that can give us that
information today. Based on some input from Natalie of Unisys,
that the ACPI MADT (Multiple APIC Description Tables) marks those possible
CPUs in a system with disabled status.

Andi implemented some simple heuristics that count the number of disabled
CPUs in MADT as hotpluggable CPUS.  In the case there are no disabled CPUS
we assume 1/2 the number of CPUs currently present can be hotplugged.

Caveat: Today's ACPI MADT can only provide 256 entries since the apicid field
in MADT is only 8 bits.

User Space Notification

Hotplug support for devices is common in Linux today. Its being used today to
support automatic configuration of network, usb and pci devices. A hotplug
event can be used to invoke an agent script to perform the configuration task.

You can add /etc/hotplug/cpu.agent to handle hotplug notification user space
scripts.

#!/bin/bash
# $Id: cpu.agent
# Kernel hotplug params include:
#ACTION=%s [online or offline]
#DEVPATH=%s
#
cd /etc/hotplug
. ./hotplug.functions

case $ACTION in
online)
echo `date` ":cpu.agent" add cpu >> /tmp/hotplug.txt
;;
offline)
echo `date` ":cpu.agent" remove cpu >>/tmp/hotplug.txt
;;
*)
debug_mesg CPU $ACTION event not supported
exit 1
;;
esac
Attachments:
Download this file (cpu-hotplug.pdf)cpu-hotplug.pdf[ ]96 Kb
 
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »


Page 1 of 35

Login Form

Who's Online

We have 10 guests online

Latest Comments

  • Thank you for the [X]pici[X] writeup. It in fact w...
  • Hi there, its nice piece of writing regarding medi...
  • Hi to every , for the reason that I am truly keen ...
  • Hmm is anyone else having problems with the images...
  • Images[X]n be uploaded onto the[X] and[X]n be view...