Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EFIFB support next steps #1461

Closed
10 of 12 tasks
tlaurion opened this issue Aug 10, 2023 · 13 comments
Closed
10 of 12 tasks

EFIFB support next steps #1461

tlaurion opened this issue Aug 10, 2023 · 13 comments

Comments

@tlaurion
Copy link
Collaborator

tlaurion commented Aug 10, 2023
edited
Loading

UNDONE:
Figure out what is missing for Q4.2 to be able to use efifb under dom0

Originally posted by @tlaurion in #1403 (comment) and modified here
@JonathonHall-Purism
Copy link
Collaborator

@tlaurion The 1366x768 patch is in fbwhiptail 1.2 🎉

@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 10, 2023
edited
Loading

@JonathonHall-Purism so I should add it under #1403? done.

  • tested under x230-maximized without setting width and height to native resolution and letting max.

@tlaurion tlaurion mentioned this issue Aug 10, 2023
Merged
17 tasks
@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 11, 2023
edited
Loading

Also to be noted, dgpu flavors of t530/w530 are currently enabling optional rom in "insecure mode", where coreboot is said to be significantly slower initializing if we were to change the defaults to enable it:

CONFIG_PCI_OPTION_ROM_RUN_YABEL:                                                                                                              │  
  │                                                                                                                                               │  
  │ If you select this option, the x86emu CPU emulator will be used to                                                                            │  
  │ execute PCI Option ROMs.                                                                                                                      │  
  │                                                                                                                                               │  
  │ This option prevents Option ROMs from doing dirty tricks with the                                                                             │  
  │ system (such as installing SMM modules or hypervisors), but it is                                                                             │  
  │ also significantly slower than the native Option ROM initialization                                                                           │  
  │ method.                                                                                                                                       │  
  │                                                                                                                                               │  
  │ This is the default choice for non-x86 systems.

@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 23, 2023
edited
Loading

Seems like qubesos is not providing efifb in compiled kernels @marmarek ?

Would be a good idea to provide it so that early print messages can be shown on consoles prior of i915drmfb taking ownership of the framebuffer, otherwise messages show on console after i915drmfb is loaded and ownership of FB is active.

  • open issue on qubesos side

@marmarek
Copy link
Contributor

We do have CONFIG_FB_EFI=y in our kernel. But, there is also CONFIG_SYSFS_SIMPLEFB=y (which IIUC is the newer approach for the same thing).
That said, I'm a bit confused how it is supposed to work. Heads isn't booting OS via EFI entry point and does not synthesize EFI system table, no? So, how OS would use EFI for locating the framebuffer? What am I missing?

@marmarek
Copy link
Contributor

And one more thing: dom0's kernel config isn't really relevant for early Xen messages. For that, there is a bunch of command line arguments, including vga=current which might be enough here. Xen does support getting framebuffer parameters via EFI, but again - I don't think this boot path is used under Heads at all.

@tlaurion
Copy link
Collaborator Author

We do have CONFIG_FB_EFI=y in our kernel. But, there is also CONFIG_SYSFS_SIMPLEFB=y (which IIUC is the newer approach for the same thing).
That said, I'm a bit confused how it is supposed to work. Heads isn't booting OS via EFI entry point and does not synthesize EFI system table, no? So, how OS would use EFI for locating the framebuffer? What am I missing?

@marmarek :
Since #1403 Heads avoids providing specific DRM/FB drivers, thanks to patches added to coreboot so that GOP/native GFX/vbios rom/libgfxinit offers a efifb compatible framebuffer to the kernel.

Heads kernel then kexec's into next kernel passing the FB address to next kernel, without needing to hack around newer kernel's restrictions not exposing addresses which otherwise required Heads to taint it's kernel exposing FB address (considered dangerous) and disabling framebuffer compression on i915drm module and a hack on kexec to force passing i915fb FB address as VLFB. Kexec detects Heads FB as efifb and gently provides the FB address to the next kernel without any previously needed hacks.

As if today (rudimentary testing booting latest 4.2 ISO with bug report since inst.repo is not found) Heads stays in the dark until i915drmfb takes ownership of the console.

Attempts under Heads to support simplefb didn't work since it is not possible to pass simplefb FB address through VLFB hack, there is no workaround permitting that driver to taint kernel in an insecure flashing like it is possible with i915drmfb.

I am confused into why simplefb is not kicking in prior of i915drmfb taking ownership of the FB under qubes as if now and will need to check this out.

You are right saying that OS deprecation plan for legacy boot support is to remove all advanced DRM drivers from their initrd, letting simplefb, simpledrm and efifb there for the moment, leaving initrd construction with proper advanced drm modules enablement to the final installed OS to construct it from detected GPUs.

Installation media consequently provide/will provide simpledrm/simplefb/efifb to not bloat initrd/unified kernels with all DRM/FB drivers that exist anymore and rely on UEFI to at least provide efifb compatible drivers which can after that be switched to simplefb/simpledrm or more advanced DRM drivers.

@tlaurion
Copy link
Collaborator Author

And one more thing: dom0's kernel config isn't really relevant for early Xen messages. For that, there is a bunch of command line arguments, including vga=current which might be enough here. Xen does support getting framebuffer parameters via EFI, but again - I don't think this boot path is used under Heads at all.

@marmarek AFAIK coreboot tables are now exposed but this is irrelevant here? How to check I'm not presently aware

@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 24, 2023
edited
Loading

We do have CONFIG_FB_EFI=y in our kernel. But, there is also CONFIG_SYSFS_SIMPLEFB=y (which IIUC is the newer approach for the same thing).
That said, I'm a bit confused how it is supposed to work. Heads isn't booting OS via EFI entry point and does not synthesize EFI system table, no? So, how OS would use EFI for locating the framebuffer? What am I missing?

@marmarek : Since #1403 Heads avoids providing specific DRM/FB drivers, thanks to patches added to coreboot so that GOP/native GFX/vbios rom/libgfxinit offers a efifb compatible framebuffer to the kernel.

Heads kernel then kexec's into next kernel passing the FB address to next kernel, without needing to hack around newer kernel's restrictions not exposing addresses which otherwise required Heads to taint it's kernel exposing FB address (considered dangerous) and disabling framebuffer compression on i915drm module and a hack on kexec to force passing i915fb FB address as VLFB. Kexec detects Heads FB as efifb and gently provides the FB address to the next kernel without any previously needed hacks.

As if today (rudimentary testing booting latest 4.2 ISO with bug report since inst.repo is not found) Heads stays in the dark until i915drmfb takes ownership of the console.

Attempts under Heads to support simplefb didn't work since it is not possible to pass simplefb FB address through VLFB hack, there is no workaround permitting that driver to taint kernel in an insecure flashing like it is possible with i915drmfb.

I am confused into why simplefb is not kicking in prior of i915drmfb taking ownership of the FB under qubes as if now and will need to check this out.

You are right saying that OS deprecation plan for legacy boot support is to remove all advanced DRM drivers from their initrd, letting simplefb, simpledrm and efifb there for the moment, leaving initrd construction with proper advanced drm modules enablement to the final installed OS to construct it from detected GPUs.

Installation media consequently provide/will provide simpledrm/simplefb/efifb to not bloat initrd/unified kernels with all DRM/FB drivers that exist anymore and rely on UEFI to at least provide efifb compatible drivers which can after that be switched to simplefb/simpledrm or more advanced DRM drivers.

Maybe its more practical to see with an example!

Under Heads linux-qemu.config under master, here is when the framebuffer is owned by efifb (QEMU TCG here, since qemu under Qubes so cannot have kvm).

Using rdosreport.txt shared under QubesOS/qubes-issues#8443

~ # cat rdsosreport.txt | grep -ie kernel -ie xen | grep -ie efi -ie fb -ie vga -ie 0000:00:02.0
[    1.332133] localhost kernel: clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
[    1.838870] localhost kernel: clocksource: xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[    1.919100] localhost kernel: fbcon: Taking over console
[    1.929042] localhost kernel: pci 0000:00:02.0: [8086:0166] type 00 class 0x030000
[    1.929107] localhost kernel: pci 0000:00:02.0: reg 0x10: [mem 0x82c00000-0x82ffffff 64bit]
[    1.929152] localhost kernel: pci 0000:00:02.0: reg 0x18: [mem 0x90000000-0x9fffffff 64bit pref]
[    1.929185] localhost kernel: pci 0000:00:02.0: reg 0x20: [io  0x1000-0x103f]
[    1.929259] localhost kernel: pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[    1.952993] localhost kernel: pci 0000:00:02.0: vgaarb: setting as boot VGA device
[    1.952993] localhost kernel: pci 0000:00:02.0: vgaarb: bridge control possible
[    1.952993] localhost kernel: pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[    1.953005] localhost kernel: vgaarb: loaded
[   19.375778] localhost kernel: i915 0000:00:02.0: [drm] VT-d active for gfx access
[   19.375889] localhost kernel: i915 0000:00:02.0: vgaarb: deactivate vga console
[   19.468365] localhost kernel: i915 0000:00:02.0: [drm] Transparent Hugepage support is recommended for optimal performance when IOMMU is enabled!
[   19.468380] localhost kernel: i915 0000:00:02.0: [drm] DMAR active, disabling use of stolen memory
[   19.577394] localhost kernel: i915 0000:00:02.0: [drm] Skipping intel_backlight registration
[   19.578870] localhost kernel: [drm] Initialized i915 1.6.0 20201103 for 0000:00:02.0 on minor 0
[   19.872710] localhost kernel: fbcon: i915drmfb (fb0) is primary device
[   20.700506] localhost kernel: i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device

fb0 is redrawn on screen at around 20s on real hardware and around 5s on qemu.
Qubes kernel doesn't know how to draw on screen prior of i915drmfb kicking in.

Under Heads, it required us to make the kernel config aware of EFI and coreboot tables, and enable efifb.

You can see the changes that were required under https://github.com/osresearch/heads/pull/1403/files#diff-816b79cd9a1192fa8cf78b9737f0d3fed5a943a0d2c952da591f8a2446edc1db

@marmarek :

  • Yes, the kernel needs to be EFI compatible (CONFIG_EFI=y) for efifb to even try to initialize fb
  • Coreboot tables awareness needs to be activated in kernel (CONFIG_GOOGLE_COREBOOT_TABLE=y)
  • And then, EFI->EFIFB will pick up fb early, and then i915drmfb will take ownership later on. The user will get fb really early.

marmarek added a commit to marmarek/qubes-linux-kernel that referenced this issue Aug 24, 2023
@marmarek
config: add coreboot framebuffer related settings
ccd255e 
This allows Linux to fetch framebuffer address from coreboot and make
Linux show messages early - before i915drm takes over later.
Whether that's enough to work also under Xen is not clear, but those
options may be useful in other cases anyway.

linuxboot/heads#1461
@marmarek marmarek mentioned this issue Aug 24, 2023
Draft
marmarek added a commit to marmarek/qubes-linux-kernel that referenced this issue Aug 25, 2023
@marmarek
config: add coreboot framebuffer related settings
c4ff0e4 
This allows Linux to fetch framebuffer address from coreboot and make
Linux show messages early - before i915drm takes over later.
Whether that's enough to work also under Xen is not clear, but those
options may be useful in other cases anyway.

linuxboot/heads#1461
@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 28, 2023
edited
Loading

@marmarek interesting https://forum.qubes-os.org/t/how-to-kexec-into-qubes-from-linux-livecd/17712/22

Might explain why marmarek/qubes-linux-kernel@c4ff0e4 is not enough

@JonathonHall-Purism any hunch?

The kexec with/without ebda hack works if I use QEMU with BIOS and multiboot2 (default for kexec > v2.0.22).

Important bits of the table there:

QEMU BIOS/UEFI multiboot/multiboot2 ebda hack Xen patch kexec works
Yes BIOS multiboot2 Yes/No No Yes
Yes BIOS multiboot Yes No Yes
Yes UEFI multiboot Yes Yes Yes
Yes BIOS multiboot No No No
Yes UEFI multiboot2 Yes/No Yes No
Yes UEFI multiboot No Yes No

@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 29, 2023
edited
Loading

Hmmm 2.0.27 supports device tree horms/kexec-tools@806711f

 x86: add devicetree support

Since linux kernel has dropped support for simple firmware interface
(SFI), the only way of boot newer versions on intel MID platform is
using devicetree

Also note that EBDA patch was under Heads kexec 2.0.26 but was dropped for a little while on 2.0.22

EDIT: trace of this put in branch https://github.com/tlaurion/heads/tree/enable_efi_compatibility_for_xen_efifb for further improvements

@tlaurion tlaurion mentioned this issue Nov 8, 2023
Merged
@tlaurion
Copy link
Collaborator Author

tlaurion commented Nov 8, 2023

All OP tasks under #1522.

Q4.2 still cannot offer EFIFB direct console output on installed systems which takes 6 seconds under x230 to show console once i915 takes ownership of framebuffer. On Q4.1/Q4.2, booting to a console at kexec call to working console takes 20 seconds per #1522 state as of today, but I think this will take more time to resolve.

@tlaurion
Copy link
Collaborator Author

Unless QubesOS dom0 can use efifb for early console ownership and then switch to i915+drm or whatever else needed there (something unknown is missing) all of this is fixed under #1522 now merged under master.

Maybe reopen the ticket later if we understand what is missing from coreboot->libgfxinit->tampoline patch to expose coreboot fb to linux efifb->kexec xen + kernel in multiboot->dom0 kernel seeing coreboot initialized efifb compliant framebuffer. But I have not figured that out yet.

@marmarek again, if you feel like reopening this, as of today, Q4.2 installer takes 20 seconds to have i915+drm initiaalized (not sure why) where installed system takes 6 seconds to init i915+drm and show console after kexec call on x230.

Closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marmarek @tlaurion @JonathonHall-Purism