|
| 1 | +# Introduction to Intel Top Swap A/B Redundancy for coreboot |
| 2 | + |
| 3 | +The problem addressed by this functionality is that when a platform's firmware |
| 4 | +crashes during the boot process, the only mode of recovery is usually taking |
| 5 | +apart the platform, attaching a SPI clip and flashing recovery firmware as per |
| 6 | +our recovery guides ([example](https://docs.dasharo.com/unified/protectli/recovery/)). |
| 7 | + |
| 8 | +With the Top Swap A/B redundancy, there are two firmware slots - A and B, |
| 9 | +of which A is a read-only golden copy, and B is the update partition. A |
| 10 | +firmware update is going to target the B slot, and boot from it. Should the new |
| 11 | +firmware fail, the platform can be brought back to life by performing a |
| 12 | +**CMOS reset**, which will cause the platform to boot from the safe slot A |
| 13 | +again. |
| 14 | + |
| 15 | +This should significantly reduce the friction of testing the firmware, |
| 16 | +especially during development and at early beta stages. |
| 17 | + |
| 18 | +## How It Works |
| 19 | + |
| 20 | +* **Top Swap Control**: The Intel Top Swap feature allows the PCH to take two |
| 21 | +physically topmost chunks of the BIOS flash chip, and decide in which order |
| 22 | +to map them - effectively allowing to swap the two chunks. |
| 23 | + |
| 24 | +* **A/B Slot Setup**: The firmware is divided into two slots: `BOOTBLOCK` and |
| 25 | +`TOPSWAP`, which contain bootblocks "chosen" by the Top Swap mechanism. They |
| 26 | +in turn choose `COREBOOT` and `COREBOOT_TS` regions correspondingly to load |
| 27 | +consecutive stages from. |
| 28 | + |
| 29 | +* **Runtime CMOS Control**: The CMOS option `attempt_slot_b` controls the Top |
| 30 | +Swap state, also enabling users to manually select the active slot by setting |
| 31 | +this value via nvramtool. If the option is set, the platform will attempt |
| 32 | +booting slot B. |
| 33 | + |
| 34 | +## Updating Firmware with Flashrom |
| 35 | + |
| 36 | +If you wish to update the firmware using Flashrom, you need to follow |
| 37 | +these additional steps: |
| 38 | + |
| 39 | +```bash |
| 40 | +sudo flashrom -w coreboot.rom --fmap -i TOPSWAP -i COREBOOT_TS |
| 41 | +sudo nvramtool -w attempt_slot_b=Enable |
| 42 | +``` |
| 43 | + |
| 44 | +This command sequence writes the new firmware image into the appropriate regions |
| 45 | +(`TOPSWAP` and `COREBOOT_TS`) and enables the Top Swap feature by setting the |
| 46 | +`attempt_slot_b` CMOS option to "Enable". This ensures that after the next |
| 47 | +reboot, the system will boot from the newly updated slot. |
| 48 | + |
| 49 | +## Further reading |
| 50 | + |
| 51 | +For a more detailed documentation of the implementation, please read the |
| 52 | +[upstream coreboot documentation](WIP.com) |
0 commit comments