prm: smm goes on a diet speaker · 2021. 2. 5. · prm on iot, client, and server systems 3. 4...
TRANSCRIPT
SPEAKERPRM: SMM Goes on a Diet
Michael Kubacki <Microsoft>
Acknowledgements
A collaborative effort between Intel and Microsoft.
Major contributors:
2
Intel Microsoft
▪ Benjamin You ▪ Aacer Daken
▪ Erik Kaneda ▪ Peter Song
▪ Karthik Gopalakrishnan ▪ Yinghan Yang
▪ Sarathy Jayakumar
▪ Vamsi Krishna Sakalabattula
▪ Yun Liu
Agenda
▪ System Management Mode (SMM)
▪ Platform Runtime Mechanism (PRM)
▪ SMM to PRM Transition
▪ Open Source FW Info
▪ Current Status
3
System Management Mode (SMM)
4
Main benefits:
SMM is entered via a System Management Interrupt (SMI)
Power Management
OEM Code
Isolated execution environment
Firmware Handling of System Events
Compatibility
Hardware
Thermal
▪
▪ Provides a distinct & easily isolated processor environment▪ Operates independently of the OS & software applications▪ Ships with the platform
• Drawbacks of SMM
5
Difficult to Debug
▪ SMM is a black box to system software (e.g. OS and VMM)
Difficult to Manage & Secure
▪ SMI handlers execute with their own page tables
▪ SMM has higher privilege than ring 0
▪ SMM is non-maskable and uninterruptable
(e.g. see Windows SMM Security Mitigation Table / VBS for an instance of mitigation attempts)
Negative Performance Impact
▪ SMM requires core rendezvous (all cores)
▪ SMM blocks other system interrupts (NMI, maskable hardware interrupt, debug exception, etc.)
▪ An SMI can occur at inopportune times
▪ E.g. during long flow instructions (wbinvd, ucode patch load, etc.)
▪ Unpredictable performance jitters
▪ SMM code update requires a system reset (by flashing new UEFI FW)
SMI Classification
6
Due to the diverse application of SMM, an incremental approach is taken to reduce its usage.
Category Description Example
1 Software SMI handlers that do not require SMM privileges Address translation: From System Physical Address (SPA) to DIMM Address (DA)
2 Software SMI handlers that do require SMM privileges UEFI Authenticated Variables, UEFI Capsule Update
3 Hardware SMI handlers that do not require SMM privileges Memory error correction handling
4 Hardware SMI handlers that do require SMM privileges CPU hot add and remove
Platform Runtime Mechanism (PRM)
7
SMMSMI Handlers
OSKernel
PRM Modules can be updated at OS runtime.
8
PRM High-Level Loading Flow
9
. . .
. . .
1.
2.
3.
4.
PRM Invocation
10
PRMTACPI Table
Addresses legacy usage models
based on _DSM invocation
New option for PRM aware OS
and drivers
PRM Infrastructure
OS Driver
ASL Methods (e.g _DSM)
SMIX
ACPI / Bridge Driver (PRM.sys)
PRMOpRegion
OS Driver
PRM Handlers
Direct InvocationACPI Invocation
PRM Handlers in Lieu of SMI Handlers
*PRM_HANDLER (*ParamBuffer, *ContextBuffer)
Two types of invocation:1. Direct – A PRM aware OS driver
calls into the ACPI Bridge driver directly to invoke a PRM handler.
2. ACPI – An OS driver continues to call a _DSM which is implemented to invoke a PRM handler by writing to a PRM OpRegion instead of triggering a software SMI.
PRM OpRegion
11
OperationRegion (RegionName, // NameStringRegionSpace, // RegionSpaceKeywordOffset, // TermArg=>IntegerLength // TermArg=>Integer)
▪ PlatformRtMechanism – Type 0xB
▪ OpRegion has a single access type allowed:
OperationRegion ([RegionName], PlatformRtMechanism, 0, 1)Field ([RegionName], BufferAcc, NoLock, Preserve){
PRMF, 8}
Address Space Permitted Access Type(s)
Description
PlatformRtMechanism BufferAcc Reads and writes to this region involve the use of a region-specific data handler.
Write PRM ASL Data Buffer here to invoke PRM Handler
PRM ASL Data Buffer
▪ Used as the request/response buffer for the PRM Handler
▪ Contains the PRM Handler GUID
▪ Returns the PRM Handler status value
12
PRM Organization
13
PE32+ Image
• DOS Header
• NT Headers
• Data Directories
• EXPORT TABLE
• File Headers
• Optional Headers
• MajorImageVersion
• MinorImageVersion
Ordinal RVA Name
N 0xABCD PrmHandlerN
N + 1 0xABCD +sizeof (PrmHandlerN)
PrmHandlerN+1
New Export Table that lists PRM Handlers in a PRM Module
PRM moduleversion info inthe PE header
[code definition]
Handler GUID Handler Name
{d5f2ad5f-a347-4d3e-87bc-c2ce63029cc8} PrmHandlerN
{a9e7adc3-8cd0-429a-8915-10946ebde318} PrmHandlerN+1
EFI_STATUSPRM_EXPORT_API(EFIAPI *PRM_HANDLER) (
IN VOID *ParameterBuffer OPTIONAL,IN PRM_MODULE_CONTEXT_BUFFER *ContextBuffer OPTIONAL);
▪ ParameterBuffer – A virtual address pointer to a caller allocated buffer that may be consumed by the PRM handler.
▪ ContextBuffer – A virtual address pointer to a spec-defined context buffer with resources available to the PRMhandler.
PRM Handler Resources
14
▪
▪
▪
▪
▪
▪
PRM_CONTEXT_BUFFER
Header Signature, Version, HandlerGuid, …
StaticDataBuffer Static configuration data passed from UEFI firmware
RuntimeMmioRanges An array of descriptors for virtual:physical mapping ranges
PRM_CONFIG_PROTOCOL
Key PRM Data Structures
15
Field Byte length Byte offset Description
Signature 8 0 ‘PRM_MEDT’. Signature of the PRM Module Export Descriptor Table.
Only a single PRM Module Export Descriptor Table is allowed to exist per PRM Module.Revision 2 8 Revision of this PRM Module Export Descriptor Table structure.HandlerCount 2 10 Indicates the number of PRM Handler Information Structure entries that are present
in the HandlerExportDescriptorStructure[ ] field of this structure.PlatformGuid 16 12 The GUID of the platform firmware.ModuleGuid 16 28 The GUID of this PRM module.HandlerExportDescriptorStructure[HandlerCount]
Varies 44 An array of PrmHandlerExportDescriptors that describes the PRM Handler GUID to PRM Handler ordinal mapping for this PRM Module.
Field Byte length Byte offset DescriptionHandlerGuid 16 0 A PRM Handler GUID that maps to the PRM Handler name specified in this descriptor.
HandlerName 128 16 A PRM Handler name that maps to the PRM Handler GUID specified in this descriptor.
Key PRM Data Structures
16
Field Byte length Byte offset DescriptionHeaderSignature 4 0 ‘PRMT’. Signature of the PRM ACPI table.
Length 4 4 Length, in bytes, of the entire PRM ACPI table.
. . .ModuleInfoStructure[ModuleInfoCount]
Variable After table header
An array of PRM Module Information entries for this platform.
Field Byte length Byte offset Description. . .Identifier 16 4 GUID of the PRM Handler.PhysicalAddress 8 20 PRM Handler physical address.StaticDataBuffer 8 28 Static data buffer physical address.
AcpiParameterBuffer 8 36 ACPI parameter buffer physical address.
Field Byte length Byte offset Description. . . Identifier . . .HandlerCount 2 24 The number of Handler Info elements present.HandlerArrayOffset 4 26 Offset to from start to HandlerInfoStructure.Runtime MMIO Ranges 8 30 Pointer to a table of MMIO ranges mapped to
virtual memory.HandlerInfoStructure[HandlerCount]
Count * sizeof(Handler Info)
38 An array of PRM Handler Information entries for this PRM Module.
PRMT & PRM Export Table Sample
17
PRM ACPI Description Table
PRM Module Information Structure
PRM Handler Information Structure
PRM Handler Information Structure
PRM Handler Information Structure
SECTION HEADER #4.edata nameA7 virtual size5000 virtual address (0000000000005000 to 00000000000050A6)200 size of raw data2800 file pointer to raw data (00002800 to 000029FF)Initialized DataRead Only
RAW DATA #40000000000005000: 00 00 00 00 00 00 00 00 00 00 00 00 50 50 00 00 ............PP..0000000000005010: 01 00 00 00 04 00 00 00 04 00 00 00 28 50 00 00 ............(P..0000000000005020: 38 50 00 00 48 50 00 00 90 12 00 00 C0 12 00 00 8P..HP......À...0000000000005030: F0 12 00 00 20 40 00 00 69 50 00 00 75 50 00 00 ð... @..iP..uP..0000000000005040: 81 50 00 00 8D 50 00 00 00 00 01 00 02 00 03 00 .P...P..........0000000000005050: 50 72 6D 53 61 6D 70 6C 65 50 72 69 6E 74 4D 6F PrmSamplePrintMo0000000000005060: 64 75 6C 65 2E 64 6C 6C 00 50 72 6D 48 61 6E 64 dule.dll.PrmHand0000000000005070: 6C 65 72 31 00 50 72 6D 48 61 6E 64 6C 65 72 32 ler1.PrmHandler20000000000005080: 00 50 72 6D 48 61 6E 64 6C 65 72 4E 00 50 72 6D .PrmHandlerN.Prm0000000000005090: 4D 6F 64 75 6C 65 45 78 70 6F 72 74 44 65 73 63 ModuleExportDesc00000000000050A0: 72 69 70 74 6F 72 00 riptor.
Section contains the following exports for PrmSamplePrintModule
1 ordinal base4 number of functions4 number of names
ordinal hint RVA name
1 0 00001290 PrmHandler12 1 000012C0 PrmHandler23 2 000012F0 PrmHandlerN4 3 00004020 PrmModuleExportDescriptor
Open Source FW Info
18
Branch: edk2-staging/PlatformRuntimeMechanism
1. Generic infrastructure implemented for UEFI/edk2
2. Currently used with no modification to support PRM on IOT, Client, and Server systems
3. 4 sample PRM modules available
4. UEFI shell info & validation application available
5. Documentation covers PRM overview, how to write PRM Modules, and integrate to a platform FW
6. Open source platform integration examples:▪ edk2 QEMU – OvmfPkg example▪ Project Mu Q35 QEMU – QemuQ35Pkg example
Current Status
19
Firmware Implementation
• Generic open source UEFI/edk2 firmware infrastructure changes complete
edk2-staging/PlatformRuntimeMechanism
• 4 sample PRM modules added to open source
• UEFI application created to view PRM module info and exercise PRM handlers in UEFI
Specifications
•Ongoing work with the ACPI Specification Work Group (ASWG)
•Several ECRs outstanding for the PlatformRtMechanism OpRegion type
•Ongoing work with the UEFI Specification Work Group (USWG)
•Closed source PRM Specification to UEFI Forum Specification is in progress
Tool and OS Support
• iASL: 20200528
•Microsoft ASL: Implemented in current Windows Insider SDK builds
•Linux: Support pending PRM Specification publication and community review
•Windows 10: Implemented in current Windows Insider builds and available in all future versions of Client/Server Windows.
Real World SMM -> PRM Conversion
• Microsoft intends to evaluate usage of PRM in Azure as it becomes available and enabled in future platforms
• Conversion of relevant SMM handlers on client systems is in progress
Thank you
20
Visit edk2-staging/PlatformRuntimeMechanism to learn more.
Look out for the PRM Specification release!
References
Past related presentations:
• 2019 OCP (Open Compute Project) Global Summit
• Case Study: Alternatives for SMM usage in Intel Platforms
• 2018 OCP (Open Compute Project) Region Summit
• UEFI Implementation Intel® Xeon Based OCP Platform
21