1===================
2Fallback mechanisms
3===================
4
5A fallback mechanism is supported to allow to overcome failures to do a direct
6filesystem lookup on the root filesystem or when the firmware simply cannot be
7installed for practical reasons on the root filesystem. The kernel
8configuration options related to supporting the firmware fallback mechanism are:
9
10  * CONFIG_FW_LOADER_USER_HELPER: enables building the firmware fallback
11    mechanism. Most distributions enable this option today. If enabled but
12    CONFIG_FW_LOADER_USER_HELPER_FALLBACK is disabled, only the custom fallback
13    mechanism is available and for the request_firmware_nowait() call.
14  * CONFIG_FW_LOADER_USER_HELPER_FALLBACK: force enables each request to
15    enable the kobject uevent fallback mechanism on all firmware API calls
16    except request_firmware_direct(). Most distributions disable this option
17    today. The call request_firmware_nowait() allows for one alternative
18    fallback mechanism: if this kconfig option is enabled and your second
19    argument to request_firmware_nowait(), uevent, is set to false you are
20    informing the kernel that you have a custom fallback mechanism and it will
21    manually load the firmware. Read below for more details.
22
23Note that this means when having this configuration:
24
25CONFIG_FW_LOADER_USER_HELPER=y
26CONFIG_FW_LOADER_USER_HELPER_FALLBACK=n
27
28the kobject uevent fallback mechanism will never take effect even
29for request_firmware_nowait() when uevent is set to true.
30
31Justifying the firmware fallback mechanism
32==========================================
33
34Direct filesystem lookups may fail for a variety of reasons. Known reasons for
35this are worth itemizing and documenting as it justifies the need for the
36fallback mechanism:
37
38* Race against access with the root filesystem upon bootup.
39
40* Races upon resume from suspend. This is resolved by the firmware cache, but
41  the firmware cache is only supported if you use uevents, and its not
42  supported for request_firmware_into_buf().
43
44* Firmware is not accessible through typical means:
45        * It cannot be installed into the root filesystem
46        * The firmware provides very unique device specific data tailored for
47          the unit gathered with local information. An example is calibration
48          data for WiFi chipsets for mobile devices. This calibration data is
49          not common to all units, but tailored per unit.  Such information may
50          be installed on a separate flash partition other than where the root
51          filesystem is provided.
52
53Types of fallback mechanisms
54============================
55
56There are really two fallback mechanisms available using one shared sysfs
57interface as a loading facility:
58
59* Kobject uevent fallback mechanism
60* Custom fallback mechanism
61
62First lets document the shared sysfs loading facility.
63
64Firmware sysfs loading facility
65===============================
66
67In order to help device drivers upload firmware using a fallback mechanism
68the firmware infrastructure creates a sysfs interface to enable userspace
69to load and indicate when firmware is ready. The sysfs directory is created
70via fw_create_instance(). This call creates a new struct device named after
71the firmware requested, and establishes it in the device hierarchy by
72associating the device used to make the request as the device's parent.
73The sysfs directory's file attributes are defined and controlled through
74the new device's class (firmware_class) and group (fw_dev_attr_groups).
75This is actually where the original firmware_class module name came from,
76given that originally the only firmware loading mechanism available was the
77mechanism we now use as a fallback mechanism, which registers a struct class
78firmware_class. Because the attributes exposed are part of the module name, the
79module name firmware_class cannot be renamed in the future, to ensure backward
80compatibility with old userspace.
81
82To load firmware using the sysfs interface we expose a loading indicator,
83and a file upload firmware into:
84
85  * /sys/$DEVPATH/loading
86  * /sys/$DEVPATH/data
87
88To upload firmware you will echo 1 onto the loading file to indicate
89you are loading firmware. You then write the firmware into the data file,
90and you notify the kernel the firmware is ready by echo'ing 0 onto
91the loading file.
92
93The firmware device used to help load firmware using sysfs is only created if
94direct firmware loading fails and if the fallback mechanism is enabled for your
95firmware request, this is set up with :c:func:`firmware_fallback_sysfs`. It is
96important to re-iterate that no device is created if a direct filesystem lookup
97succeeded.
98
99Using::
100
101        echo 1 > /sys/$DEVPATH/loading
102
103Will clean any previous partial load at once and make the firmware API
104return an error. When loading firmware the firmware_class grows a buffer
105for the firmware in PAGE_SIZE increments to hold the image as it comes in.
106
107firmware_data_read() and firmware_loading_show() are just provided for the
108test_firmware driver for testing, they are not called in normal use or
109expected to be used regularly by userspace.
110
111firmware_fallback_sysfs
112-----------------------
113.. kernel-doc:: drivers/base/firmware_loader/fallback.c
114   :functions: firmware_fallback_sysfs
115
116Firmware kobject uevent fallback mechanism
117==========================================
118
119Since a device is created for the sysfs interface to help load firmware as a
120fallback mechanism userspace can be informed of the addition of the device by
121relying on kobject uevents. The addition of the device into the device
122hierarchy means the fallback mechanism for firmware loading has been initiated.
123For details of implementation refer to fw_load_sysfs_fallback(), in particular
124on the use of dev_set_uevent_suppress() and kobject_uevent().
125
126The kernel's kobject uevent mechanism is implemented in lib/kobject_uevent.c,
127it issues uevents to userspace. As a supplement to kobject uevents Linux
128distributions could also enable CONFIG_UEVENT_HELPER_PATH, which makes use of
129core kernel's usermode helper (UMH) functionality to call out to a userspace
130helper for kobject uevents. In practice though no standard distribution has
131ever used the CONFIG_UEVENT_HELPER_PATH. If CONFIG_UEVENT_HELPER_PATH is
132enabled this binary would be called each time kobject_uevent_env() gets called
133in the kernel for each kobject uevent triggered.
134
135Different implementations have been supported in userspace to take advantage of
136this fallback mechanism. When firmware loading was only possible using the
137sysfs mechanism the userspace component "hotplug" provided the functionality of
138monitoring for kobject events. Historically this was superseded be systemd's
139udev, however firmware loading support was removed from udev as of systemd
140commit be2ea723b1d0 ("udev: remove userspace firmware loading support")
141as of v217 on August, 2014. This means most Linux distributions today are
142not using or taking advantage of the firmware fallback mechanism provided
143by kobject uevents. This is specially exacerbated due to the fact that most
144distributions today disable CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
145
146Refer to do_firmware_uevent() for details of the kobject event variables
147setup. The variables currently passed to userspace with a "kobject add"
148event are:
149
150* FIRMWARE=firmware name
151* TIMEOUT=timeout value
152* ASYNC=whether or not the API request was asynchronous
153
154By default DEVPATH is set by the internal kernel kobject infrastructure.
155Below is an example simple kobject uevent script::
156
157        # Both $DEVPATH and $FIRMWARE are already provided in the environment.
158        MY_FW_DIR=/lib/firmware/
159        echo 1 > /sys/$DEVPATH/loading
160        cat $MY_FW_DIR/$FIRMWARE > /sys/$DEVPATH/data
161        echo 0 > /sys/$DEVPATH/loading
162
163Firmware custom fallback mechanism
164==================================
165
166Users of the request_firmware_nowait() call have yet another option available
167at their disposal: rely on the sysfs fallback mechanism but request that no
168kobject uevents be issued to userspace. The original logic behind this
169was that utilities other than udev might be required to lookup firmware
170in non-traditional paths -- paths outside of the listing documented in the
171section 'Direct filesystem lookup'. This option is not available to any of
172the other API calls as uevents are always forced for them.
173
174Since uevents are only meaningful if the fallback mechanism is enabled
175in your kernel it would seem odd to enable uevents with kernels that do not
176have the fallback mechanism enabled in their kernels. Unfortunately we also
177rely on the uevent flag which can be disabled by request_firmware_nowait() to
178also setup the firmware cache for firmware requests. As documented above,
179the firmware cache is only set up if uevent is enabled for an API call.
180Although this can disable the firmware cache for request_firmware_nowait()
181calls, users of this API should not use it for the purposes of disabling
182the cache as that was not the original purpose of the flag. Not setting
183the uevent flag means you want to opt-in for the firmware fallback mechanism
184but you want to suppress kobject uevents, as you have a custom solution which
185will monitor for your device addition into the device hierarchy somehow and
186load firmware for you through a custom path.
187
188Firmware fallback timeout
189=========================
190
191The firmware fallback mechanism has a timeout. If firmware is not loaded
192onto the sysfs interface by the timeout value an error is sent to the
193driver. By default the timeout is set to 60 seconds if uevents are
194desirable, otherwise MAX_JIFFY_OFFSET is used (max timeout possible).
195The logic behind using MAX_JIFFY_OFFSET for non-uevents is that a custom
196solution will have as much time as it needs to load firmware.
197
198You can customize the firmware timeout by echo'ing your desired timeout into
199the following file:
200
201* /sys/class/firmware/timeout
202
203If you echo 0 into it means MAX_JIFFY_OFFSET will be used. The data type
204for the timeout is an int.
205
206EFI embedded firmware fallback mechanism
207========================================
208
209On some devices the system's EFI code / ROM may contain an embedded copy
210of firmware for some of the system's integrated peripheral devices and
211the peripheral's Linux device-driver needs to access this firmware.
212
213Device drivers which need such firmware can use the
214firmware_request_platform() function for this, note that this is a
215separate fallback mechanism from the other fallback mechanisms and
216this does not use the sysfs interface.
217
218A device driver which needs this can describe the firmware it needs
219using an efi_embedded_fw_desc struct:
220
221.. kernel-doc:: include/linux/efi_embedded_fw.h
222   :functions: efi_embedded_fw_desc
223
224The EFI embedded-fw code works by scanning all EFI_BOOT_SERVICES_CODE memory
225segments for an eight byte sequence matching prefix; if the prefix is found it
226then does a sha256 over length bytes and if that matches makes a copy of length
227bytes and adds that to its list with found firmwares.
228
229To avoid doing this somewhat expensive scan on all systems, dmi matching is
230used. Drivers are expected to export a dmi_system_id array, with each entries'
231driver_data pointing to an efi_embedded_fw_desc.
232
233To register this array with the efi-embedded-fw code, a driver needs to:
234
2351. Always be builtin to the kernel or store the dmi_system_id array in a
236   separate object file which always gets builtin.
237
2382. Add an extern declaration for the dmi_system_id array to
239   include/linux/efi_embedded_fw.h.
240
2413. Add the dmi_system_id array to the embedded_fw_table in
242   drivers/firmware/efi/embedded-firmware.c wrapped in a #ifdef testing that
243   the driver is being builtin.
244
2454. Add "select EFI_EMBEDDED_FIRMWARE if EFI_STUB" to its Kconfig entry.
246
247The firmware_request_platform() function will always first try to load firmware
248with the specified name directly from the disk, so the EFI embedded-fw can
249always be overridden by placing a file under /lib/firmware.
250
251Note that:
252
2531. The code scanning for EFI embedded-firmware runs near the end
254   of start_kernel(), just before calling rest_init(). For normal drivers and
255   subsystems using subsys_initcall() to register themselves this does not
256   matter. This means that code running earlier cannot use EFI
257   embedded-firmware.
258
2592. At the moment the EFI embedded-fw code assumes that firmwares always start at
260   an offset which is a multiple of 8 bytes, if this is not true for your case
261   send in a patch to fix this.
262
2633. At the moment the EFI embedded-fw code only works on x86 because other archs
264   free EFI_BOOT_SERVICES_CODE before the EFI embedded-fw code gets a chance to
265   scan it.
266
2674. The current brute-force scanning of EFI_BOOT_SERVICES_CODE is an ad-hoc
268   brute-force solution. There has been discussion to use the UEFI Platform
269   Initialization (PI) spec's Firmware Volume protocol. This has been rejected
270   because the FV Protocol relies on *internal* interfaces of the PI spec, and:
271   1. The PI spec does not define peripheral firmware at all
272   2. The internal interfaces of the PI spec do not guarantee any backward
273   compatibility. Any implementation details in FV may be subject to change,
274   and may vary system to system. Supporting the FV Protocol would be
275   difficult as it is purposely ambiguous.
276
277Example how to check for and extract embedded firmware
278------------------------------------------------------
279
280To check for, for example Silead touchscreen controller embedded firmware,
281do the following:
282
2831. Boot the system with efi=debug on the kernel commandline
284
2852. cp /sys/kernel/debug/efi/boot_services_code? to your home dir
286
2873. Open the boot_services_code? files in a hex-editor, search for the
288   magic prefix for Silead firmware: F0 00 00 00 02 00 00 00, this gives you
289   the beginning address of the firmware inside the boot_services_code? file.
290
2914. The firmware has a specific pattern, it starts with a 8 byte page-address,
292   typically F0 00 00 00 02 00 00 00 for the first page followed by 32-bit
293   word-address + 32-bit value pairs. With the word-address incrementing 4
294   bytes (1 word) for each pair until a page is complete. A complete page is
295   followed by a new page-address, followed by more word + value pairs. This
296   leads to a very distinct pattern. Scroll down until this pattern stops,
297   this gives you the end of the firmware inside the boot_services_code? file.
298
2995. "dd if=boot_services_code? of=firmware bs=1 skip=<begin-addr> count=<len>"
300   will extract the firmware for you. Inspect the firmware file in a
301   hexeditor to make sure you got the dd parameters correct.
302
3036. Copy it to /lib/firmware under the expected name to test it.
304
3057. If the extracted firmware works, you can use the found info to fill an
306   efi_embedded_fw_desc struct to describe it, run "sha256sum firmware"
307   to get the sha256sum to put in the sha256 field.
308