Re: [edk2] [PATCH edk2-non-osi 2/2] Silicon/AMD/Styx: update ArmTrustedFirmware.bin

2018-02-03 Thread Ard Biesheuvel 
On 3 February 2018 at 14:44, Marc Zyngier  wrote:
> On Thu, 1 Feb 2018 16:42:53 +
> Ard Biesheuvel  wrote:
>
>> On 1 February 2018 at 16:04, Ard Biesheuvel  
>> wrote:
>> > The ARM Trusted Firmware build we have been using up until now was built
>> > with optimizations disabled (which means every variable manipulation
>> > involves a load, the operation itself and a store), and runs with the
>> > MMU disabled, making it needlessly slow.
>> >
>> > This appears to be due to the fact that
>> > a) the page tables are not set up correctly, so not all memory can be
>> >accessed from EL3
>> > b) the handling of SMC service calls does not take into account that
>> >these calls may be made with the MMU off (e.g., by UEFI PEI).
>> >
>> > These issues have been fixed in the source code, which should hopefully
>> > remove any performance bottlenecks that may become more noticeable now
>> > that we are going to call into the secure firmware more often to perform
>> > Spectre variant 2 mitigations, which have been backported as well.
>> >
>> > So update the binary image to a RELEASE build that was created with
>> > optimizations enabled, and has the above fixes incorporated.
>> >
>> > Contributed-under: TianoCore Contribution Agreement 1.1
>> > Signed-off-by: Ard Biesheuvel 
>> > ---
>> >  Silicon/AMD/Styx/ArmTrustedFirmware.bin | Bin 75344 -> 34320 bytes
>> >  1 file changed, 0 insertions(+), 0 deletions(-)
>> >
>>
>> Note to Marc: this is the exact image I shared with you as
>> bl31.bin-release earlier today, so if that works as expected, could
>> you report back here please? Thanks.
>
> To confirm, this firmware boots perfectly on Cello, and the new SMCCC
> 1.1 is now reported by the kernel (with in-flight patches):
>
> [0.00] psci: probing for conduit method from DT.
> [0.00] psci: PSCIv1.0 detected in firmware.
> [0.00] psci: Using standard PSCI v0.2 function IDs
> [0.00] psci: MIGRATE_INFO_TYPE not supported.
> [0.00] psci: SMC Calling Convention v1.1
>
> as well as ARM_SMCCC_ARCH_WORKAROUND_1, allowing for efficient
> mitigation of Spectre v2. I guess we have quite a few Seattle/Overdrive
> and OD1000 that now need this to be deployed.
>
> Thanks a lot Ard!
>

Liekwise. Let me know if you need help upgrading those Overdrive systems.
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi 2/2] Silicon/AMD/Styx: update ArmTrustedFirmware.bin

2018-02-03 Thread Marc Zyngier 
On Thu, 1 Feb 2018 16:42:53 +
Ard Biesheuvel  wrote:

> On 1 February 2018 at 16:04, Ard Biesheuvel  wrote:
> > The ARM Trusted Firmware build we have been using up until now was built
> > with optimizations disabled (which means every variable manipulation
> > involves a load, the operation itself and a store), and runs with the
> > MMU disabled, making it needlessly slow.
> >
> > This appears to be due to the fact that
> > a) the page tables are not set up correctly, so not all memory can be
> >accessed from EL3
> > b) the handling of SMC service calls does not take into account that
> >these calls may be made with the MMU off (e.g., by UEFI PEI).
> >
> > These issues have been fixed in the source code, which should hopefully
> > remove any performance bottlenecks that may become more noticeable now
> > that we are going to call into the secure firmware more often to perform
> > Spectre variant 2 mitigations, which have been backported as well.
> >
> > So update the binary image to a RELEASE build that was created with
> > optimizations enabled, and has the above fixes incorporated.
> >
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Ard Biesheuvel 
> > ---
> >  Silicon/AMD/Styx/ArmTrustedFirmware.bin | Bin 75344 -> 34320 bytes
> >  1 file changed, 0 insertions(+), 0 deletions(-)
> >  
> 
> Note to Marc: this is the exact image I shared with you as
> bl31.bin-release earlier today, so if that works as expected, could
> you report back here please? Thanks.

To confirm, this firmware boots perfectly on Cello, and the new SMCCC
1.1 is now reported by the kernel (with in-flight patches):

[0.00] psci: probing for conduit method from DT.
[0.00] psci: PSCIv1.0 detected in firmware.
[0.00] psci: Using standard PSCI v0.2 function IDs
[0.00] psci: MIGRATE_INFO_TYPE not supported.
[0.00] psci: SMC Calling Convention v1.1

as well as ARM_SMCCC_ARCH_WORKAROUND_1, allowing for efficient
mitigation of Spectre v2. I guess we have quite a few Seattle/Overdrive
and OD1000 that now need this to be deployed.

Thanks a lot Ard!

M.
-- 
Without deviation from the norm, progress is not possible.
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi 2/2] Silicon/AMD/Styx: update ArmTrustedFirmware.bin

2018-02-01 Thread Marc Zyngier 
On 01/02/18 16:42, Ard Biesheuvel wrote:
> On 1 February 2018 at 16:04, Ard Biesheuvel  wrote:
>> The ARM Trusted Firmware build we have been using up until now was built
>> with optimizations disabled (which means every variable manipulation
>> involves a load, the operation itself and a store), and runs with the
>> MMU disabled, making it needlessly slow.
>>
>> This appears to be due to the fact that
>> a) the page tables are not set up correctly, so not all memory can be
>>accessed from EL3
>> b) the handling of SMC service calls does not take into account that
>>these calls may be made with the MMU off (e.g., by UEFI PEI).
>>
>> These issues have been fixed in the source code, which should hopefully
>> remove any performance bottlenecks that may become more noticeable now
>> that we are going to call into the secure firmware more often to perform
>> Spectre variant 2 mitigations, which have been backported as well.
>>
>> So update the binary image to a RELEASE build that was created with
>> optimizations enabled, and has the above fixes incorporated.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ard Biesheuvel 
>> ---
>>  Silicon/AMD/Styx/ArmTrustedFirmware.bin | Bin 75344 -> 34320 bytes
>>  1 file changed, 0 insertions(+), 0 deletions(-)
>>
> 
> Note to Marc: this is the exact image I shared with you as
> bl31.bin-release earlier today, so if that works as expected, could
> you report back here please? Thanks.

Absolutely. I'll give it a shot at the weekend (or earlier if I can).

Thanks,

M.
-- 
Jazz is not dead. It just smells funny...
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi 2/2] Silicon/AMD/Styx: update ArmTrustedFirmware.bin

2018-02-01 Thread Ard Biesheuvel 
On 1 February 2018 at 16:04, Ard Biesheuvel  wrote:
> The ARM Trusted Firmware build we have been using up until now was built
> with optimizations disabled (which means every variable manipulation
> involves a load, the operation itself and a store), and runs with the
> MMU disabled, making it needlessly slow.
>
> This appears to be due to the fact that
> a) the page tables are not set up correctly, so not all memory can be
>accessed from EL3
> b) the handling of SMC service calls does not take into account that
>these calls may be made with the MMU off (e.g., by UEFI PEI).
>
> These issues have been fixed in the source code, which should hopefully
> remove any performance bottlenecks that may become more noticeable now
> that we are going to call into the secure firmware more often to perform
> Spectre variant 2 mitigations, which have been backported as well.
>
> So update the binary image to a RELEASE build that was created with
> optimizations enabled, and has the above fixes incorporated.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel 
> ---
>  Silicon/AMD/Styx/ArmTrustedFirmware.bin | Bin 75344 -> 34320 bytes
>  1 file changed, 0 insertions(+), 0 deletions(-)
>

Note to Marc: this is the exact image I shared with you as
bl31.bin-release earlier today, so if that works as expected, could
you report back here please? Thanks.
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH edk2-non-osi 2/2] Silicon/AMD/Styx: update ArmTrustedFirmware.bin

2018-02-01 Thread Ard Biesheuvel 
The ARM Trusted Firmware build we have been using up until now was built
with optimizations disabled (which means every variable manipulation
involves a load, the operation itself and a store), and runs with the
MMU disabled, making it needlessly slow.

This appears to be due to the fact that
a) the page tables are not set up correctly, so not all memory can be
   accessed from EL3
b) the handling of SMC service calls does not take into account that
   these calls may be made with the MMU off (e.g., by UEFI PEI).

These issues have been fixed in the source code, which should hopefully
remove any performance bottlenecks that may become more noticeable now
that we are going to call into the secure firmware more often to perform
Spectre variant 2 mitigations, which have been backported as well.

So update the binary image to a RELEASE build that was created with
optimizations enabled, and has the above fixes incorporated.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel 
---
 Silicon/AMD/Styx/ArmTrustedFirmware.bin | Bin 75344 -> 34320 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/Silicon/AMD/Styx/ArmTrustedFirmware.bin 
b/Silicon/AMD/Styx/ArmTrustedFirmware.bin
index 
9278e32a2dd9230e4f0220a530a94fce5780ee9a..67b2ccb3605788ed2000b61068abc777e4295e29
 100644
GIT binary patch
literal 34320
zcmeIb3wTu3z3{#Ep2zNf_Z=cy=R93(YD|F
zecw6H`xKw;+IwC9>wjPWwbn$XUE8Dj@7k==#`L^e;_AsCty)Z__9$s!eQd2Iy
zM71cTvi?L`s;%u((ne`vr_DFW?|jacraJ9D24}i@%yjCkP#J1P3eU(4Gkr|YKjx?w
z{~1?W^_h`r9;IGfnaj7X=C<+tlJ^c%^{k?fQvNQD=UjrXzcOMxvd-Lrg5Mp>T90Ou)@e1C?fg-W|H00x#U$p{rWMSesi-n*w*~
z1hqyVtr8F9=BupQnvVyoPF0qM-p@1#_e(K7!7jAvv)M+=Uhh4S61
zPVgqM{2OJOuBx^iRDn`pZ91rmwG@Aap6KtYj#n$;oC;sOD&}eTEl`0K8LFiX{^NVV
zSV>uiYWLGt#@F03{=r=(N}W_`t=sJJIzsSng^af>TeYl8RV`a-U#i3BPx`wQGB8-`
z>Ji#maI5`Yy82Fqo)@e)1edduGT=9_0WH)AOD#tPT)
zo-DMYou(eP`nKn5*FTkF)62%svqSuO3b}cY_V0gL51p=Yh2D3?g-;`I{Vpy1fy)
zy0pM<=C$K<=75*>#NhMJU@mO0^ty<%D}(+2IIJ4f)?D@1UObVy`QUysYp}@-~pS
zL(e2HGknNun;Bk59yC6z{F4Gd=KW_p!Z$}rE#Cfe8L*Ux#V6|0AUe0RPheNG
zAMNUVrOkd<-|renyRr18qc3ZGlLDTC{at3k{=S1B4`w?$<0~%J(rCDPtTBT{fr50^
zavIt@|Vck!M;|dj)S|ZvX?x~j8S1`sp3}JnK@>$!u|{HJZ=>zG1SRw^sjs$
zjZ;$LK~ObZ0QEkv+zh*bdHO;XF(HN4qe`L1xW$s)($LP8e@AF*X(Q5wd2BL
z%U?2@{TXJl=<7CM@#mVw@Xr*+#;BUFa!EMV_X|+42(0M=szN{VjDu)RlSoGgPrP
zcVN#K*v|}B{n^Gv)K2XWp+gRP%xM9Kzb!p5S`DDX2A+kl1pZ8(Y1BJ%t+}~nQc|FS
zd7R!nH87HS=$hrL$XGAGlcrjNW1y*9@PEb-Tn)-sC%vhR95N#5F2>C-cZxBWs&1
zdiyILJ($1GudCv{@hX544RjQ!lb*AKRp6@P^k{Ry(Fj1ht>aL
zuFOqr1bV1Tcv1N1x+ouA4lT#R%fDE>Xy2>wQWNwG!b=_nO>$JR$})@R!%vaH!NM}y
zl)W^zc|Q5`;j@j|D$5h)tpm(g{GHPlEK!|smTIloJMF43W4hs5WS{
z4q16C`7Vh0UdwmmL#pnZ%qLpM+r#{w`r>cda2(ooH*jc5Pp7|(V~4a!1
zI{LutNmJ?gMYY)N_NGBwU!3zHzV)d-gri@7$++ONOKcfBwlB`Tq2e2fPu0gWo`T-u
zx2iOi;ll4+k8eB98sA@0qFlAd;5~gkv{*d4Qe%Dv=xc#d;Mqx;=7pb?BrW?hscBj=NG|)a(&;jw;C`B-AmpZVd1dk
z%!s;3c5ALmw0_|^og`q%r%n)jt2nz4DH9%nS285^Yv<={`uDp^!3Q#F)iWa3
z^hEHRr7n4gl`%bF0#lh=?YR!0=}CMdH!%H@eg~s+`AfIiUZN6eJ@)%rE&7UlAH
ztTaJQ!RN}YJ>*!APLKdIc!!NueD9e@W9(+fH^k4W?
zpw+MHMAr$}vfei)Fv*foOi=RRnX-#?3fz1gIj0}4d?`;f)3_;@4HnZbhOz&-dIig(R-Q!#e8@SxZc;6axadw@sQSOQPJFS+yTZKu5+vh6hf!WGaQT@u{F+K0IZw<>I}zas0cZw~STcn|)D
z_`e;Eu24t0YVR0yhdRDY+87_|XprxOP)D_f;5Bl%j9Frf|L2q