From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLACK autolearn=no autolearn_force=no version=3.4.6 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 0BE8D4DACE; Sun, 28 Aug 2022 16:59:18 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id 09A194DB1E; Sun, 28 Aug 2022 16:59:15 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by atuin.qyliss.net (Postfix) with ESMTPS id 448BE4DB1D for ; Sun, 28 Aug 2022 16:59:10 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id C80D55C006B; Sun, 28 Aug 2022 12:59:08 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sun, 28 Aug 2022 12:59:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; t=1661705948; x=1661792348; bh=u46bVw0pse rKtNqq7rB2E2I0iIQ7CoG7hVPVg6pCRD0=; b=ta3hnDoJXMgADwVjLIdQdgpKQr +fZGNUF6F9cVmiNim1rpYFHSFoghvm8RnEhwonBlLoVL8QgJ+uSBKWwkXZkQGUo6 ysNl6wH462DkxQKy1CdEguf8ZpEbo1B43Kw+sYolQTMvucHrvUBS+qlFVYsnTEr9 sqURslh2xI5Q1n1NRC9hHH5Wb49eTUWmNXRLhMSA7Mav1lMqBhY7/bHJ/qrjWR/e fNsK90dUQy1VzerQg/f+LgW4znKw3BwYEOkVANSbSMQwaVOhG+55xT1EjGGPxHF0 SlK/voTvxKOSoeFasyaEnS12aNOb7URFBUBK822w9qXxc9LUJodwlbTsgFjw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1661705948; x=1661792348; bh=u46bVw0pserKtNqq7rB2E2I0iIQ7 CoG7hVPVg6pCRD0=; b=bsI/dfkpLIkxF/NpuOILcK1Ny7+Q4D22Tj94qHPmJCvG O6UQ8XWFIYfuAdi8ZthvvVT7UWmFw+ZoC8xmCpaFudjugNMgZ2quQGbgkbAUV+3k 6/z/Wk/oegEN4s4jCgNPyWLiGr5yqt8nva5PjVBx1QTiyPUbgkBF9ecRwOoBVhyS H+IFYWA0Zri0PJsKAPKtamHdSmKfEeMbuXHkz5GS6WZxDVs2LLM0zLjCzUdNt5EU u+9iOZK4odAfl+wqtUDdkAv/eMBI+wjwMEJfYu470/ZxK1sq1p+DM53fzQ3XUH18 N+eyRNnJlK2SmFcrQo0oMBuJAT+8PMgAPZ1j7jMjeQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdejledguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enogfuuhhsphgvtghtffhomhgrihhnucdlgeelmdenucfjughrpeffhffvvefukfhfgggt uggjsehgtddtredttddvnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlh ihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeevtefgkeduteehtddvfeegheekkeei ledtjeettdfhiedtueevffdtudehudduudenucffohhmrghinhepghhithhhuhgsrdhioh enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehqhihl ihhsshesgidvvddtrdhqhihlihhsshdrnhgvth X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 28 Aug 2022 12:59:08 -0400 (EDT) Received: by x220.qyliss.net (Postfix, from userid 1000) id 01E2526C; Sun, 28 Aug 2022 16:49:57 +0000 (UTC) Date: Sun, 28 Aug 2022 16:49:57 +0000 From: Alyssa Ross To: devel@spectrum-os.org Subject: Re: [PATCH] scripts/make-gpt.sh: reserve 8 MiB at start of GPT Message-ID: <20220828164957.p3743hvijjrkm66b@x220.qyliss.net> References: <20220826130923.1840670-1-hi@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="klx3qwdkmgycz4ko" Content-Disposition: inline In-Reply-To: <20220826130923.1840670-1-hi@alyssa.is> Message-ID-Hash: H2PNAENUWZQCZBWSBMSSULBH5VZUBR5V X-Message-ID-Hash: H2PNAENUWZQCZBWSBMSSULBH5VZUBR5V X-MailFrom: qyliss@x220.qyliss.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Yuriy Nesterov , Ville Ilvonen , Samuel Dionne-Riel X-Mailman-Version: 3.3.5 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --klx3qwdkmgycz4ko Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Aug 26, 2022 at 01:09:25PM +0000, Alyssa Ross wrote: > In some cases (e.g. a product built on Spectrum where updates to both > firmware and OS are delivered by the same vendor), it makes sense to > include firmware in the same image as the OS. This firmware tends to > live in the start of the image, after the GPT header. (The exact > location varies by board.) > > The 1 MiB reserved by sfdisk by default is not enough for this. The > conventional value seems to be 8 MiB. On NixOS, this is configurable > with the sdImage.firmwarePartitionOffset option, but this defaults to > 8 MiB and I wasn't able to find any examples in searches on DuckDuckGo > and GitHub of anybody using any other value, so it looks like 8 MiB is > broadly acceptable. Update: following some discussion in #spectrum, I'm now aware of a couple of changes we'd want to make if we went down this path: * We should use a "protective partition" in the GPT to identify firmware regions, rather than just offsetting the first partition, so it's clearer that that space is there and what it's used for, as described in the Embedded Boot Base Requirements (EBBR) spec[1]. * 8 MiB isn't enough for all boards. Specifically, with Rockchip + mainline U-Boot, the U-Boot image _starts_ at 8 MiB, so we'd want to reserve at least 16 MiB, and possibly more for forward compatibility. But another approach that was identified, that might work better, would be for "ports" of Spectrum that want to install firmware in the same image to just make their own GPTs, with space reserved for firmware as required, and copy the partitions from the Spectrum image into this new partition table. This way, we can avoid trying to find a one-size-fits-all solution to a problem that varies by platform, and avoid introducing configuration knobs unnecessarily. In Spectrum, partitions are always identified by UUID anyway, so it wouldn't matter if a downstream or end user moves them around as required. And we'll need to end up doing something like this at some point _anyway_, because to support dual boot setups our installer would need to be able to copy Spectrum partitions into place on the user's existing GPT. So I think that should be the path forward for Spectrum product images: have a script that creates a GPT, adds a partition for the platform firmware, then copies all the partitions from the Spectrum images into place after it. But as always, I'm open to further discussion if there's a problem with this approach. :) [1]: https://arm-software.github.io/ebbr/index.html#partitioning-of-shared-storage --klx3qwdkmgycz4ko Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmMLnKkACgkQ+dvtSFmy ccDQiQ/+M+hxelB6YYkmEcwPiKULBeOJazK1I0gSW3JQU6VBG7I689f6wm3rXteh IF8oszJ3r8tqjJngdLh95oLQTqIyLQOXvrabsBYMxycaWxRNDl/LTctx7yh3D2q+ bFiXyH2bTQQs4NAbyljkNJhAtnoYkWmNj+oNdpWgxKX+eb9ZoaaZyiEvBgvAD6hi GCKi3AXHMOvKYsqLqddcHUQ9GPody9xVAWq9zjOV1JlziDjRLq5LXVoCfnjJX0Mn t3xGbXJ2B4KmaVIEaQNQG4Nej2mh4sz0W+X4JJTuF4EXrOLy3XwGD1hOFyN3BzpN 7G6HaGTa2vJgptwsVuXrivIkAnl4aPx8Q38/FDNMMYp0fhcE96NDHnjAAsjmKwQG Ju/TPI8Hu22agT8j0QBwTDEN4HXb6rz7yvTDSs05XX4F1KWCHDeIekIw2UFWT4wF UNms3A5iX5g+jYnLRVj/H5s68uiqofcP2DbxSV1vDisUhVa7MujcPyFcFjJ6ttQx DtTcPT7KKv1Q12TLbw635HHdLw4easlzGHxFtRQq8VBiyEukH1puXz9+DEmLfCAJ 1Ylefy2aERv6u/UdaXa8i5L0JByhHO1hB2S/cdjPwViSc8dfSkfNe4plJxnxupib 00JIuemKvv/P2JT1DaEsiajJWygFrT5ltlKjjc5I4Qf4CiHCZi0= =qPMB -----END PGP SIGNATURE----- --klx3qwdkmgycz4ko--