-# iSCSI booting with U-Boot and iPXE
+.. SPDX-License-Identifier: GPL-2.0+
+.. Copyright (c) 2018 Heinrich Schuchardt
-## Motivation
+iSCSI booting with U-Boot and iPXE
+==================================
+
+Motivation
+----------
U-Boot has only a reduced set of supported network protocols. The focus for
network booting has been on UDP based protocols. A TCP stack and HTTP support
iPXE can be built as an EFI application (named snp.efi) which can be loaded and
run by U-Boot.
-## Boot sequence
+Boot sequence
+-------------
U-Boot loads the EFI application iPXE snp.efi using the bootefi command. This
application has network access via the simple network protocol offered by
| |
| ~ ~ ~ ~|
-## Security
+Security
+--------
The iSCSI protocol is not encrypted. The traffic could be secured using IPsec
but neither U-Boot nor iPXE does support this. So we should at least separate
the iSCSI traffic from all other network traffic. This can be achieved using a
virtual local area network (VLAN).
-## Configuration
+Configuration
+-------------
-### iPXE
+iPXE
+~~~~
For running iPXE on arm64 the bin-arm64-efi/snp.efi build target is needed::
iPXE by default will put the CPU to rest when waiting for input. U-Boot does
not wake it up due to missing interrupt support. To avoid this behavior create
-file src/config/local/nap.h::
+file src/config/local/nap.h:
+
+.. code-block:: c
/* nap.h */
#undef NAP_EFIX86
#define NAP_NULL
The supported commands in iPXE are controlled by an include, too. Putting the
-following into src/config/local/general.h is sufficient for most use cases::
+following into src/config/local/general.h is sufficient for most use cases:
+
+.. code-block:: c
/* general.h */
#define NSLOOKUP_CMD /* Name resolution command */
#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */
#define DOWNLOAD_PROTO_FILE /* Local file system access */
-### Open-iSCSI
+Open-iSCSI
+~~~~~~~~~~
When the root file system is on an iSCSI drive you should disable pings and set
-the replacement timer to a high value [3]:
+the replacement timer to a high value in the configuration file [3]::
node.conn[0].timeo.noop_out_interval = 0
node.conn[0].timeo.noop_out_timeout = 0
node.session.timeo.replacement_timeout = 86400
-## Links
+Links
+-----
-* [1](https://ipxe.org) https://ipxe.org - iPXE open source boot firmware
-* [2](https://www.gnu.org/software/grub/) https://www.gnu.org/software/grub/ -
- GNU GRUB (Grand Unified Bootloader)
-* [3](https://github.com/open-iscsi/open-iscsi/blob/master/README)
- https://github.com/open-iscsi/open-iscsi/blob/master/README -
- Open-iSCSI README
+* [1] https://ipxe.org - iPXE open source boot firmware
+* [2] https://www.gnu.org/software/grub/ -
+ GNU GRUB (Grand Unified Bootloader)
+* [3] https://github.com/open-iscsi/open-iscsi/blob/master/README -
+ Open-iSCSI README
-# SPDX-License-Identifier: GPL-2.0+
-#
-# Copyright (C) 2015 Google, Inc
+.. SPDX-License-Identifier: GPL-2.0+
+.. Copyright (C) 2015 Google, Inc
U-Boot on EFI
=============
as an application or just as a means of getting U-Boot onto a new platform.
-=========== Table of Contents ===========
-
-Motivation
-Status
-Build Instructions
-Trying it out
-Inner workings
-EFI Application
-EFI Payload
-Tables
-Interrupts
-32/64-bit
-Future work
-Where is the code?
-
-
Motivation
----------
Running U-Boot on EFI is useful in several situations:
- You have EFI running on a board but U-Boot does not natively support it
-fully yet. You can boot into U-Boot from EFI and use that until U-Boot is
-fully ported
+ fully yet. You can boot into U-Boot from EFI and use that until U-Boot is
+ fully ported
- You need to use an EFI implementation (e.g. UEFI) because your vendor
-requires it in order to provide support
+ requires it in order to provide support
- You plan to use coreboot to boot into U-Boot but coreboot support does
-not currently exist for your platform. In the meantime you can use U-Boot
-on EFI and then move to U-Boot on coreboot when ready
+ not currently exist for your platform. In the meantime you can use U-Boot
+ on EFI and then move to U-Boot on coreboot when ready
- You use EFI but want to experiment with a simpler alternative like U-Boot
To build U-Boot as an EFI application (32-bit EFI required), enable CONFIG_EFI
and CONFIG_EFI_APP. The efi-x86_app config (efi-x86_app_defconfig) is set up
-for this. Just build U-Boot as normal, e.g.
+for this. Just build U-Boot as normal, e.g.::
make efi-x86_app_defconfig
make
CONFIG_EFI, CONFIG_EFI_STUB, and select either CONFIG_EFI_STUB_32BIT or
CONFIG_EFI_STUB_64BIT. The efi-x86_payload configs (efi-x86_payload32_defconfig
and efi-x86_payload32_defconfig) are set up for this. Then build U-Boot as
-normal, e.g.
+normal, e.g.::
make efi-x86_payload32_defconfig (or efi-x86_payload64_defconfig)
make
You will end up with one of these files depending on what you build for:
- u-boot-app.efi - U-Boot EFI application
- u-boot-payload.efi - U-Boot EFI payload application
+* u-boot-app.efi - U-Boot EFI application
+* u-boot-payload.efi - U-Boot EFI payload application
Trying it out
-------------
QEMU is an emulator and it can emulate an x86 machine. Please make sure your
QEMU version is 2.3.0 or above to test this. You can run the payload with
-something like this:
+something like this::
mkdir /tmp/efi
cp /path/to/u-boot*.efi /tmp/efi
prebuilt EFI BIOS for QEMU or you can build one from source as well.
To try it on real hardware, put u-boot-app.efi on a suitable boot medium,
-such as a USB stick. Then you can type something like this to start it:
+such as a USB stick. Then you can type something like this to start it::
fs0:u-boot-payload.efi
Inner workings
-==============
+--------------
Here follow a few implementation notes for those who want to fiddle with
this and perhaps contribute patches.
implemented completely differently.
EFI Application
----------------
+~~~~~~~~~~~~~~~
For the application the whole of U-Boot is built as a shared library. The
efi_main() function is in lib/efi/efi_app.c. It sets up some basic EFI
functions with efi_init(), sets up U-Boot global_data, allocates memory for
Use the 'reset' command to get back to EFI.
EFI Payload
------------
+~~~~~~~~~~~
The payload approach is a different kettle of fish. It works by building
U-Boot exactly as normal for your target board, then adding the entire
image (including device tree) into a small EFI stub application responsible
section).
Tables
-------
+~~~~~~
The payload can pass information to U-Boot in the form of EFI tables. At
present this feature is used to pass the EFI memory map, an inordinately
large list of memory regions. You can use the 'efi mem all' command to
below 4GB.
Interrupts
-----------
+~~~~~~~~~~
U-Boot drivers typically don't use interrupts. Since EFI enables interrupts
it is possible that an interrupt will fire that U-Boot cannot handle. This
seems to cause problems. For this reason the U-Boot payload runs with
interrupts disabled at present.
32/64-bit
----------
+~~~~~~~~~
While the EFI application can in principle be built as either 32- or 64-bit,
only 32-bit is currently supported. This means that the application can only
be used with 32-bit EFI.
- Figure out how to solve the interrupt problem
- Add more drivers to the application side (e.g. video, block devices, USB,
-environment access). This would mostly be an academic exercise as a strong
-use case is not readily apparent, but it might be fun.
+ environment access). This would mostly be an academic exercise as a strong
+ use case is not readily apparent, but it might be fun.
- Avoid turning off boot services in the stub. Instead allow U-Boot to make
-use of boot services in case it wants to. It is unclear what it might want
-though.
+ use of boot services in case it wants to. It is unclear what it might want
+ though.
Where is the code?
------------------
Google, Inc
July 2015
-[1] http://www.qemu.org
-[2] http://www.tianocore.org/ovmf/
+* [1] http://www.qemu.org
+* [2] http://www.tianocore.org/ovmf/
-<!--
-SPDX-License-Identifier: GPL-2.0+
+.. SPDX-License-Identifier: GPL-2.0+
+.. Copyright (c) 2018 Heinrich Schuchardt
-Copyright (c) 2018 Heinrich Schuchardt
--->
-
-# UEFI on U-Boot
+UEFI on U-Boot
+==============
The Unified Extensible Firmware Interface Specification (UEFI) [1] has become
the default for booting on AArch64 and x86 systems. It provides a stable API for
access to block storage, network, and console to name a few. The Linux kernel
and boot loaders like GRUB or the FreeBSD loader can be executed.
-## Development target
+Development target
+------------------
The implementation of UEFI in U-Boot strives to reach the requirements described
in the "Embedded Base Boot Requirements (EBBR) Specification - Release v1.0"
-[4]. The "Server Base Boot Requirements System Software on ARM Platforms" [5]
+[2]. The "Server Base Boot Requirements System Software on ARM Platforms" [3]
describes a superset of the EBBR specification and may be used as further
reference.
A full blown UEFI implementation would contradict the U-Boot design principle
"keep it small".
-## Building for UEFI
+Building U-Boot for UEFI
+------------------------
The UEFI standard supports only little-endian systems. The UEFI support can be
-activated for ARM and x86 by specifying
+activated for ARM and x86 by specifying::
CONFIG_CMD_BOOTEFI=y
CONFIG_EFI_LOADER=y
in the .config file.
Support for attaching virtual block devices, e.g. iSCSI drives connected by the
-loaded UEFI application [3], requires
+loaded UEFI application [4], requires::
CONFIG_BLK=y
CONFIG_PARTITIONS=y
-### Executing a UEFI binary
+Executing a UEFI binary
+~~~~~~~~~~~~~~~~~~~~~~~
The bootefi command is used to start UEFI applications or to install UEFI
-drivers. It takes two parameters
+drivers. It takes two parameters::
bootefi <image address> [fdt address]
* image address - the memory address of the UEFI binary
* fdt address - the memory address of the flattened device tree
-Below you find the output of an example session starting GRUB.
+Below you find the output of an example session starting GRUB::
=> load mmc 0:2 ${fdt_addr_r} boot/dtb
29830 bytes read in 14 ms (2 MiB/s)
table. The Linux kernel EFI stub uses the load options as command line
arguments.
-### Executing the boot manager
+Executing the boot manager
+~~~~~~~~~~~~~~~~~~~~~~~~~~
The UEFI specification foresees to define boot entries and boot sequence via UEFI
-variables. Booting according to these variables is possible via
+variables. Booting according to these variables is possible via::
bootefi bootmgr [fdt address]
As of U-Boot v2018.03 UEFI variables are not persisted and cannot be set at
runtime.
-### Executing the built in hello world application
+Executing the built in hello world application
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-A hello world UEFI application can be built with
+A hello world UEFI application can be built with::
CONFIG_CMD_BOOTEFI_HELLO_COMPILE=y
-It can be embedded into the U-Boot binary with
+It can be embedded into the U-Boot binary with::
CONFIG_CMD_BOOTEFI_HELLO=y
-The bootefi command is used to start the embedded hello world application.
+The bootefi command is used to start the embedded hello world application::
bootefi hello [fdt address]
-Below you find the output of an example session.
+Below you find the output of an example session::
=> bootefi hello ${fdtcontroladdr}
## Starting EFI application at 01000000 ...
The environment variable fdtcontroladdr points to U-Boot's internal device tree
(if available).
-### Executing the built-in self-test
+Executing the built-in self-test
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-An UEFI self-test suite can be embedded in U-Boot by building with
+An UEFI self-test suite can be embedded in U-Boot by building with::
CONFIG_CMD_BOOTEFI_SELFTEST=y
For testing the UEFI implementation the bootefi command can be used to start the
-self-test.
+self-test::
bootefi selftest [fdt address]
it is not provided all tests are executed except those marked as 'on request'.
If the environment variable is set to 'list' a list of all tests is shown.
-Below you can find the output of an example session.
+Below you can find the output of an example session::
=> setenv efi_selftest simple network protocol
=> bootefi selftest
Summary: 0 failures
Preparing for reset. Press any key.
-## The UEFI life cycle
+The UEFI life cycle
+-------------------
After the U-Boot platform has been initialized the UEFI API provides two kinds
-of services
+of services:
-* boot services and
-* runtime services.
+* boot services
+* runtime services
-The API can be extended by loading UEFI drivers which come in two variants
+The API can be extended by loading UEFI drivers which come in two variants:
-* boot drivers and
-* runtime drivers.
+* boot drivers
+* runtime drivers
UEFI drivers are installed with U-Boot's bootefi command. With the same command
UEFI applications can be executed.
So this is a point of no return. Afterwards the UEFI application can only return
to U-Boot by rebooting.
-## The UEFI object model
+The UEFI object model
+---------------------
UEFI offers a flexible and expandable object model. The objects in the UEFI API
are devices, drivers, and loaded images. These objects are referenced by
Loaded images offer the EFI_LOADED_IMAGE_PROTOCOL. This protocol provides meta
information about the image and a pointer to the unload callback function.
-## The UEFI events
+The UEFI events
+---------------
In the UEFI terminology an event is a data object referencing a notification
function which is queued for calling when the event is signaled. The following
Events can be assigned to an event group. If any of the events in a group is
signaled, all other events in the group are also set to the signaled state.
-## The UEFI driver model
+The UEFI driver model
+---------------------
A driver is specific for a single protocol installed on a device. To install a
driver on a device the ConnectController service is called. In this context
A driver can be detached from a device using the DisconnectController service.
-## U-Boot devices mapped as UEFI devices
+U-Boot devices mapped as UEFI devices
+-------------------------------------
Some of the U-Boot devices are mapped as UEFI devices
As of U-Boot 2018.03 the logic for doing this is hard coded.
The development target is to integrate the setup of these UEFI devices with the
-U-Boot driver model. So when a U-Boot device is discovered a handle should be
-created and the device path protocol and the relevant IO protocol should be
+U-Boot driver model [5]. So when a U-Boot device is discovered a handle should
+be created and the device path protocol and the relevant IO protocol should be
installed. The UEFI driver then would be attached by calling ConnectController.
When a U-Boot device is removed DisconnectController should be called.
-## UEFI devices mapped as U-Boot devices
+UEFI devices mapped as U-Boot devices
+-------------------------------------
UEFI drivers binaries and applications may create new (virtual) devices, install
a protocol and call the ConnectController service. Now the matching UEFI driver
In U-Boot 2018.03 this has only been implemented for block IO devices.
-### UEFI uclass
+UEFI uclass
+~~~~~~~~~~~
An UEFI uclass driver (lib/efi_driver/efi_uclass.c) has been created that
takes care of initializing the UEFI drivers and providing the
A linker created list is used to keep track of the UEFI drivers. To create an
entry in the list the UEFI driver uses the U_BOOT_DRIVER macro specifying
-UCLASS_EFI as the ID of its uclass, e.g.
+UCLASS_EFI as the ID of its uclass, e.g::
/* Identify as UEFI driver */
U_BOOT_DRIVER(efi_block) = {
- .name = "EFI block driver",
- .id = UCLASS_EFI,
- .ops = &driver_ops,
+ .name = "EFI block driver",
+ .id = UCLASS_EFI,
+ .ops = &driver_ops,
};
-The available operations are defined via the structure struct efi_driver_ops.
+The available operations are defined via the structure struct efi_driver_ops::
struct efi_driver_ops {
const efi_guid_t *protocol;
controllers created by the UEFI driver and the UEFI driver. (In U-Boot v2013.03
this is not yet completely implemented.)
-### UEFI block IO driver
+UEFI block IO driver
+~~~~~~~~~~~~~~~~~~~~
The UEFI block IO driver supports devices exposing the EFI_BLOCK_IO_PROTOCOL.
When connected it creates a new U-Boot block IO device with interface type
IF_TYPE_EFI, adds child controllers mapping the partitions, and installs the
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL on these. This can be used together with the
-software iPXE to boot from iSCSI network drives [3].
+software iPXE to boot from iSCSI network drives [4].
-This driver is only available if U-Boot is configured with
+This driver is only available if U-Boot is configured with::
CONFIG_BLK=y
CONFIG_PARTITIONS=y
-## TODOs as of U-Boot 2019.04
-
-* unimplemented or incompletely implemented boot services
- * Exit - call unload function, unload applications only
- * ProtocolRegisterNotify
- * UnloadImage
-
-* unimplemented or incompletely implemented runtime services
- * SetVariable() ignores attribute EFI_VARIABLE_APPEND_WRITE
- * QueryVariableInfo is not implemented
-
-* unimplemented events
- * EVT_RUNTIME
- * EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
-
-* data model
- * manage configuration tables in a linked list
-
-* UEFI drivers
- * support DisconnectController for UEFI block devices.
-
-* support for CONFIG_EFI_LOADER in the sandbox (CONFIG_SANDBOX=y)
-
-* UEFI variables
- * persistence
- * runtime support
-
-* incompletely implemented protocols
- * support version 0x00020000 of the EFI file protocol
-
-## Links
+Links
+-----
-* [1](http://uefi.org/specifications)
- http://uefi.org/specifications - UEFI specifications
-* [2](./driver-model/README.txt) doc/driver-model/README.txt - Driver model
-* [3](./README.iscsi) doc/README.iscsi - iSCSI booting with U-Boot and iPXE
-* [4](https://github.com/ARM-software/ebbr/releases/download/v1.0/ebbr-v1.0.pdf)
+* [1] http://uefi.org/specifications - UEFI specifications
+* [2] https://github.com/ARM-software/ebbr/releases/download/v1.0/ebbr-v1.0.pdf -
Embedded Base Boot Requirements (EBBR) Specification - Release v1.0
-* [5](https://developer.arm.com/docs/den0044/latest/server-base-boot-requirements-system-software-on-arm-platforms-version-11)
+* [3] https://developer.arm.com/docs/den0044/latest/server-base-boot-requirements-system-software-on-arm-platforms-version-11 -
Server Base Boot Requirements System Software on ARM Platforms - Version 1.1
+* [4] :doc:`iscsi`
+* [5] :doc:`../driver-model/index`