Ampere: Add Firmware Update, TPM, IPMI ClearCMOS, and Redfish Host Interface #221
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The size of NVRAM Storage is 512KB including 192KB for Variable Storage, 64KB for FTW, and 256KB for FTW Spare. The header in the FV should be 8 blocks x 64KB per block instead of 3 blocks. It did not cause the significant issue because EDK2 code adjusts this but it must be changed for a correct definition in NVRAM header. The CheckSum in the header is updated as well. Signed-off-by: Nhi Pham <[email protected]>
In theory, the entire PCIe Root Complex configuration space has to be mapped as a device memory. However, with the recent changes of the new PCie driver code, only CSR spaces are mapped. So, this adds the full configuration space into the UEFI memory map. Signed-off-by: Nhi Pham <[email protected]>
This enables IPMI command library for PEI phase. Signed-off-by: Nhi Pham <[email protected]>
This adds support for handling IPMI clear cmos. When the clear cmos flag is set, the NVRAM will be erased, which is the same as changing the platform UUID at build time. Signed-off-by: Nhi Pham <[email protected]>
Signed-off-by: Nhi Pham <[email protected]>
Both the NVRAM and NVPARAM should be expected to be clear to prevent unbehavior issues when switching between UEFI firmware versions. Also, a reboot is required after clearing the user setting. Signed-off-by: Nhi Pham <[email protected]>
This adds the platform specific implemenation required for the capsule update as follows: * SystemFirmwareDescriptor, to determine the current firmware version. * SystemFirmwareUpdateConfig, to provide the inventory of components in the capsule. * PlatformFlashAccessLib, to implement flash write functions via Firmware Update MM services provided by Arm Trusted Firmware. Also, this connects the different modules to implement the signed capsule update. Below is the command to build capsule images: build -a AARCH64 -t GCC -b RELEASE \ -D SCP_IMAGE=path/to/the/jade_scp.slim \ -D UEFI_ATF_IMAGE=path/to/the/jade_tianocore_atf.img \ -p Platform/Ampere/JadePkg/JadeCapsule.dsc Signed-off-by: Nhi Pham <[email protected]>
This implements the in-band firmware update without rebooting via UEFI runtime services. The FW update service is hooked into the UEFI variable with the variable GUID gAmpereFWUpgradeGuid. Users in the operating system can download the update image to the service by setting continuously a chunk of the image via the variable. And, poll the status by getting the same variable. There are four type of the firmware image supported: - UpgradeSCPRequest: Upgrade SCP. - UpgradeATFUEFIRequest: Upgrade full FW including ATF, board config and UEFI. - UpgradeCFGUEFIRequest: Upgrade only board config and UEFI. - UpgradeUEFIRequest: Upgrade only UEFI. Signed-off-by: Nhi Pham <[email protected]>
In Ampere Altra, TPM is a secured device and can only be accessed in S-EL0 secure partition. Upper layers like UEFI and Operating Systems need the intermediate Secured Partition Manager (SPM) in Trusted Firmware BL31 to establish a communication with the TPM device which is physically connected to the Socket 0 SPI bus 1. The communication interface, designed as TPM CRB buffer, is inline with the TPM2.0 Mobile Command Response Buffer Interface specification. This patch introduces TPM2 support for Ampere Altra Mt. Jade platform based on edk2 implementation. Due to differences in platform design, the TPM2 code has been forked from the edk2/SecurityPkg and adapted to meet our specific requirements. The implementation focuses on meeting the mandatory TPM2 functionality and does not include all TPM2 or PPI features, limiting the scope to what is essential for Ampere platforms. We may expand the implementation later if more features are needed. Signed-off-by: Nhi Pham <[email protected]>
This enables Redfish Host Interface for support the future Redfish features, such as Remote BIOS Configuration. Signed-off-by: Nhi Pham <[email protected]>
chuongtranle
approved these changes
Oct 11, 2024
There was a problem hiding this comment.
Looks good to me. For this patch series,
Reviewed-by: Chuong Tran [email protected]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The patch set adds the following features: