alexhung's Tech Zone

Monday, May 13, 2019

ACPI Debugging (4) -Analyse ACPI Tables in a Text File with FWTS

I often need to implement tests for new ACPI tables before they become available on real hardware. Fortunately, FWTS provides a framework to read ACPI tables' binary.

The below technique is especially convenient for ACPI firmware and OS kernel developers. It provides a simple approach to verify ACPI tables without compiling firmware and deploying it to hardware.

Using acpidump.log as an Input for FWTS

The command to read ACPI tables' binary is

# check ACPI methods from a text file
$ fwts method --dumpfile=acpidump.log

or

# check ACPI FACP table from a text file
$ fwts facp --dumpfile=acpidump.log

where acpidump.log contains ACPI tables' binary in a specific format as depicted below:

Table Signature - the 4-byte long ACPI table signature
Offset - data start from 0000 and increase by 16 bytes per line
Hex Data- each line has 16 hex integers of the compiled ACPI table
ASCII Data - the ASCII presentation of the hex data

This format may look familiar because it is not specific to FWTS. In fact, it is the same format generated by acpidump. In other words, the following commands generate the identical results.

# reading ACPI tables from memory
$ sudo fwts method

# dumping ACPI tables and testing it
$ sudo acpidump > acpidump.log
$ fwts method --dumpfile=acpidump.log

This means it is probable to debug remote systems by the following steps: 1) run sudo acpidump > acpidump.log, 2) copy acpidump.log and 3) run fwts with the --dumpfile=acpidump.log.

For developers, using --dumpfile option also means it is possible to test ACPI tables before deploying them on real hardware. The following sections present how to prepare a customized acpidump.log for such purposes.

Using a customized acpidump.log for FWTS

We can use acpica-tools to generate an acpidump.log. The following is an example of building a customized acpidump for the method test.

1. Generate a dummy FACP table

FWTS requires a FACP table in an acpidump.log so it can recognize acpidump.log as a valid input file.

iasl -T FACP
iasl facp.asl > /dev/zero
echo "FACP @ 0x0000000000000000" >> acpidump.log
xxd -c 16 -g 1 facp.aml | sed 's/^0000/ /' >> acpidump.log
echo "" >> acpidump.log

2. Generate a Customized DSDT table

A customized DSDT can be generated by the following commands

Generate a DSDT - run "iasl -T DSDT"
Customize dsdt.asl - ex. adding an ACPI battery device

3. Compile the DSDT table to binary

Similar to FACP, the DSDT can be compiled and appended to acpidump.log.

iasl dsdt.asl > /dev/zero
echo "DSDT @ 0x0000000000000000" >> acpidump.log
xxd -c 16 -g 1 dsdt.aml | sed 's/^0000/ /' >> acpidump.log
echo "" >> acpidump.log

3. Run FWTS method with acpidump.log

And finally, run fwts with the generated acpidump.log

fwts method --dumpfile=acpidump.log

Final Words

While we use DSDT as an example, the same technique applies to all ACPI tables. For instance, HMAT was introduced and frequently updates in recent ACPI specs, and Firmware Test Suite includes most, if not all, changes up-to-date; therefore, FWTS is able to detect errors before firmware developers integrate HMAT into their projects, and therefore reduce errors in final products.

Friday, February 1, 2019

ACPI Debugging (3) - Debug ACPI Tables with Firmware Test Suite (FWTS)

Previous two articles, ACPI AML Debugger in Ubuntu 18.04 & Debug AML (DSD & SSDT) with ACPICA Utilities, discuss techniques for AML debugging; however ACPI specification includes many other important tables. Firmware Test Suite (FWTS) can play a big role in debugging ACPI implementation.

While other ACPI tables include fixed fields and lengths, it doesn't mean their contents cannot go wrong. In fact, many systems have many incorrect ACPI tables in their firmware. This can happen when systems are developed by integrating code from various parties without being modified specifically for customised hardware.

A test suite is a good solution to catch errors without involving too many engineering resources as it can identify errors automatically or semi-automatically. In particular, Firmware Test Suite is one of the best test suite (did I also mention it is freely available too?) and it is the recommended ACPI SCT by UEFI forum, who is the owner of the specification.

What is Firmware Test Suite (FWTS) ?

Firmware Test Suite (FWTS) is a test suite that performs sanity checks on firmware. It is intended to identify BIOS, UEFI, ACPI and many other errors and if appropriate it will try to explain the errors and give advice to help workaround or fix firmware bugs.

More information can be found at its official website.

Installing FWTS

Installation for Ubuntu Linux is as below:

Add stable PPA for latest FWTS (optional) - sudo add-apt-repository ppa:firmware-testing-team/ppa-fwts-stable
Install FWTS - sudo apt install fwts

FWTS packages for Other Linux distros can be found here.

Running Firmware Test Suite

FWTS is a command-line tool and its usage is "fwts cmds" (root access is usually required). The below is an example of checking FACP table

~$ sudo fwts fadt
Running 1 tests, results appended to results.log
Test: FADT Fixed ACPI Description Table tests.                              
  ACPI FADT Description Table flag info.                  1 info only          
  FADT checksum test.                                     1 passed             
  FADT revision test.                                     1 warning            
  ACPI FADT Description Table tests.                      24 passed, 2 warnings, 2 skipped
  Test FADT SCI_EN bit is enabled.                        1 passed             
  Test FADT reset register.                               2 passed             
~$ sudo fwts mcfg
Running 1 tests, results appended to results.log
Test: MCFG PCI Express* memory mapped config space test.                    
  Validate MCFG table.                                    1 passed                                                                                                                                                                                             
  Validate MCFG PCI config space.                         1 passed                                                                                                                                                                                             
~$ sudo fwts checksum 
Running 1 tests, results appended to results.log
Test: ACPI table checksum test.                                             
  ACPI table checksum test.                               20 passed                                                                                                                                                                                            
~$ sudo fwts acpitables 
Running 1 tests, results appended to results.log
Test: ACPI table headers sanity tests.                                      
  Test ACPI headers.                                      17 passed, 1 failed

More test details can be found on its references.

Running Multiple Tests

FWTS can also run multiple tests by appending tests one after another as below:

~$ sudo fwts fadt mcfg checksum acpitables
Running 4 tests, results appended to results.log
Test: FADT Fixed ACPI Description Table tests.                              
  ACPI FADT Description Table flag info.                  1 info only          
  FADT checksum test.                                     1 passed             
  FADT revision test.                                     1 warning            
  ACPI FADT Description Table tests.                      24 passed, 2 warnings, 2 skipped
  Test FADT SCI_EN bit is enabled.                        1 passed             
  Test FADT reset register.                               2 passed             
Test: MCFG PCI Express* memory mapped config space test.                    
  Validate MCFG table.                                    1 passed                                                                                                                                                                                             
  Validate MCFG PCI config space.                         1 passed                                                                                                                                                                                             
Test: ACPI table checksum test.                                             
  ACPI table checksum test.                               20 passed                                                                                                                                                                                            
Test: ACPI table headers sanity tests.                                      
  Test ACPI headers.                                      17 passed, 1 failed

Running All ACPI Tests

FWTS provides a way to execute all tests in a category. For example, sudo fwts --acpitests run all ACPI tests all together. A similar command is sudo fwts --uefitests which will not be discussed in details here.

Let's See Some Examples...

FWTS is used for real projects. Here are some examples of tests we have run.

Checking FADT

Running fadt includes 6 tests that check whether system firmware/BIOS implements FACP table correctly.

Especially, the sizes of FACP table grow with ACPI specs, but some firmware/BIOS updates the FACP major and minor versions without adding the new fields in later ACPI spec. This can be caught by FWTS with ease. An example is Test 3 in results.log shown below.

~$ sudo fwts fadt ; cat results.log
Running 1 tests, results appended to results.log
Test: FADT Fixed ACPI Description Table tests.                              
  ACPI FADT Description Table flag info.                  1 info only                                                                                                                                                                                          
  FADT checksum test.                                     1 passed                                                                                                                                                                                             
  FADT revision test.                                     1 warning                                                                                                                                                                                            
  ACPI FADT Description Table tests.                      24 passed, 2 warnings, 2 skipped                                                                                                                                                                     
  Test FADT SCI_EN bit is enabled.                        1 passed                                                                                                                                                                                             
  Test FADT reset register.                               2 passed                                                                                                                                                                                             
Results generated by fwts: Version V19.01.00 (2019-01-16 03:58:48).

Some of this work - Copyright (c) 1999 - 2019, Intel Corp. All rights reserved.
Some of this work - Copyright (c) 2010 - 2019, Canonical.
Some of this work - Copyright (c) 2016 - 2019, IBM.
Some of this work - Copyright (c) 2017 - 2019, ARM Ltd.

This test run on 24/01/19 at 17:16:21 on host Linux earth 4.15.0-43-generic
#46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64.

Command: "fwts fadt".
Running tests: fadt.

fadt: FADT Fixed ACPI Description Table tests.
--------------------------------------------------------------------------------
FADT X_FIRMWARE_CTRL 64 bit pointer was zero, falling back to using
FIRMWARE_CTRL 32 bit pointer.
Test 1 of 6: ACPI FADT Description Table flag info.
FADT: flag states
 WBINVD is set
 WBINVD_FLUSH is not set
 PROC_C1 is set
 P_LVL2_UP is not set
 PWR_BUTTON is not set
 SLP_BUTTON is set
 FIX_RTC is not set
 RTC_S4 is set
 TMR_VAL_EXT is not set
 DCK_CAP is not set
 RESET_REG_SUP is set
 SEALED_CASE is not set
 HEADLESS is not set
 CPU_SW_SLP is not set
 PCI_EXP_WAK is not set
 USE_PLATFORM_CLOCK is set
 S4_RTC_STS_VALID is set
 REMOTE_POWER_ON_CAPABLE is set
 FORCE_APIC_CLUSTER_MODEL is not set
 FORCE_APIC_PHYSICAL_DESTINATION_MODE is not set
 HW_REDUCED_ACPI is not set
 LOW_POWER_S0_IDLE_CAPABLE is not set
FADT: IA-PC Boot Architecture flag states
 LEGACY_DEVICES is not set
 8042 is not set
 VGA_NOT_PRESENT is not set
 MSI_NOT_SUPPORTED is not set
 PCIE_ASPM_CONTROLS is not set
 CMOS_RTC_NOT_PRESENT is not set
FADT: ARM Boot Architecture flag states
 PSCI_COMPLIANT is not set
 PSCI_USE_HVC is not set

Test 2 of 6: FADT checksum test.
PASSED: Test 2, FADT checksum is correct

Test 3 of 6: FADT revision test.
FADT revision: 5.0
FADT table length: 268
WARNING: Test 3, FADT revision is outdated: 5.0

ADVICE: The most recent revision of the FADT defined in the ACPI specification
is 6.2. While older revisions of the FADT can be used, newer ones may enable
additional functionality that cannot be used until the FADT is updated.


Test 4 of 6: ACPI FADT Description Table tests.
PASSED: Test 4, Only one of FIRMWARE_CTRL and X_FIRMWARE_CTRL is non-zero.
PASSED: Test 4, FADT 32 bit DSDT and 64 bit X_DSDT both point to the same
physical address (0xd8fef1b0).

ADVICE: While it is not correct to use both of the 32- and 64-bit DSDT address
fields in recent versions of ACPI, they are at least the same address, which
keeps the kernel from getting confused. At some point, the 32-bit DSDT address
may get ignored so it is recommended that the FADT be upgraded to only use the
64-bit X_DSDT field. In the meantime, however, ACPI will still behave correctly.

PASSED: Test 4, FADT first reserved field is one (compatible with ACPI 1.0).
PASSED: Test 4, FADT second reserved field is zero.
FADT Preferred PM Profile: 1 (Desktop)
PASSED: Test 4, FADT has a valid preferred PM profile.
FADT indicates ACPI IS NOT in reduced hardware mode.
FADT SCI_INT is 9
PASSED: Test 4, FADT SMI_CMD indicates System Management Mode is supported, and
the SCI Interrupt is non-zero.
PASSED: Test 4, FADT SMI ACPI enable command is non-zero, and SMM is supported.
PASSED: Test 4, FADT SMI ACPI disable command is non-zero, and SMM is supported.
PASSED: Test 4, FADT indicates we are not in reduced hardware mode, and required
FACS is present.
PASSED: Test 4, FADT S4BIOS_REQ command is not set and FACS indicates it is not
supported.
PASSED: Test 4, FADT required PM1A_EVT_BLK field is non-zero
PASSED: Test 4, FADT 32- and 64-bit PM1A_EVT_BLK fields are at least equal.

ADVICE: Both FADT 32- and 64-bit PM1A_EVT_BLK fields are being used, but only
one should be non-zero. However, they are at least equal so the kernel will at
least have a usable value.

SKIPPED: Test 4, FADT PM1B_EVT_BLK not being used.
PASSED: Test 4, FADT required PM1A_CNT_BLK field is non-zero
PASSED: Test 4, FADT 32- and 64-bit PM1A_CNT_BLK fields are at least equal.

ADVICE: Both FADT 32- and 64-bit PM1A_CNT_BLK fields are being used, but only
one should be non-zero. However, they are at least equal so the kernel will at
least have a usable value.

SKIPPED: Test 4, FADT PM1B_CNT_BLK not being used.
PASSED: Test 4, FADT 32- and 64-bit PM2_CNT_BLK fields are at least equal.

ADVICE: Both FADT 32- and 64-bit PM2_CNT_BLK fields are being used, but only one
should be non-zero. However, they are at least equal so the kernel will at least
have a usable value.

PASSED: Test 4, FADT 32- and 64-bit PM_TMR_BLK fields are at least equal.

ADVICE: Both FADT 32- and 64-bit PM_TMR_BLK fields are being used, but only one
should be non-zero. However, they are at least equal so the kernel will at least
have a usable value.

PASSED: Test 4, FADT PM1_EVT_LEN >= 4.
PASSED: Test 4, FADT PM1_CNT_LEN >= 2.
PASSED: Test 4, FADT PM2_CNT_LEN >= 1.
PASSED: Test 4, FADT PM_TMR_LEN is 4.
PASSED: Test 4, FADT GPE0_BLK_LEN non-zero and a non-negative multiple of 2: 16.
PASSED: Test 4, FADT GPE1_BLK_LEN is zero and GPE1_BLK is not supported.
FADT GPE1_BASE is 0
Using P_BLK address of 0x1810
WARNING: Test 4, FADT P_LVL2_LAT is > 100 (101) but a P_BLK is defined. This
implies a C2 state is not supported, but there is a P_BLK register block defined
which implies there might be a C2 state that works. There is not enough
information to determine if this is expected or not.
WARNING: Test 4, FADT P_LVL3_LAT is > 1000 (1001) but a P_BLK is defined. This
implies a C3 state is not supported, but there is a P_BLK register block defined
which implies there might be a C3 state that works. There is not enough
information to determine if this is expected or not.
FADT FLUSH_SIZE is 1024
FADT FLUSH_STRIDE is 16
FADT DUTY_OFFSET is 0
FADT DUTY_WIDTH is 0
FADT DAY_ALRM is 13
FADT MON_ALRM is 0
FADT CENTURY is 50
PASSED: Test 4, FADT SLEEP_CONTROL_REG is null and not available when not in
reduced hardware mode.
PASSED: Test 4, FADT SLEEP_STATUS_REG is null and not available when not in
reduced hardware mode.
FADT Hypervisor Vendor Identity is 0

Test 5 of 6: Test FADT SCI_EN bit is enabled.
FADT is greater than ACPI version 1.0
PASSED: Test 5, SCI_EN bit in PM1a Control Register Block is enabled.

Test 6 of 6: Test FADT reset register.
PASSED: Test 6, FADT reset register width is 8 bits wide as expected.
PASSED: Test 6, FADT register bit offset is 0 as expected.

================================================================================
28 passed, 0 failed, 3 warnings, 0 aborted, 2 skipped, 1 info only.
================================================================================


28 passed, 0 failed, 3 warnings, 0 aborted, 2 skipped, 1 info only.

Test Failure Summary
================================================================================

Critical failures: NONE

High failures: NONE

Medium failures: NONE

Low failures: NONE

Other failures: NONE

Test           |Pass |Fail |Abort|Warn |Skip |Info |
---------------+-----+-----+-----+-----+-----+-----+
fadt           |   28|     |     |    3|    2|    1|
---------------+-----+-----+-----+-----+-----+-----+
Total:         |   28|    0|    0|    3|    2|    1|
---------------+-----+-----+-----+-----+-----+-----+

Checking Table Checksum

Another common error in system firmware/BIOS is ACPI table checksum. When built by AML compiler, ex. iasl, table checksum is updated; however, it is a common practice that system firmware/BIOS modifies ACPI tables for hardware customisation during boot time. This can corrupt table checksum if firmware/BIOS does not update it accordingly.

Below is an example to verify the checksum fields of all ACPI tables.

~$ sudo fwts checksum ; cat results.log Running 1 tests, results appended to results.log Test: ACPI table checksum test. ACPI table checksum test. 20 passed Results generated by fwts: Version V19.01.00 (2019-01-16 03:58:48). Some of this work - Copyright (c) 1999 - 2019, Intel Corp. All rights reserved. Some of this work - Copyright (c) 2010 - 2019, Canonical. Some of this work - Copyright (c) 2016 - 2019, IBM. Some of this work - Copyright (c) 2017 - 2019, ARM Ltd. This test run on 24/01/19 at 17:23:54 on host Linux earth 4.15.0-43-generic #46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64. Command: "fwts checksum". Running tests: checksum. checksum: ACPI table checksum test. -------------------------------------------------------------------------------- Test 1 of 1: ACPI table checksum test. FADT X_FIRMWARE_CTRL 64 bit pointer was zero, falling back to using FIRMWARE_CTRL 32 bit pointer. PASSED: Test 1, Table RSDP has correct checksum 0x90. PASSED: Test 1, Table RSDP has correct extended checksum 0x8e. PASSED: Test 1, Table XSDT has correct checksum 0x21 PASSED: Test 1, Table DSDT has correct checksum 0xfc PASSED: Test 1, Table FACP has correct checksum 0xc9 PASSED: Test 1, Table APIC has correct checksum 0xbf PASSED: Test 1, Table FPDT has correct checksum 0x73 PASSED: Test 1, Table SLIC has correct checksum 0x6a PASSED: Test 1, Table SSDT has correct checksum 0x36 PASSED: Test 1, Table SSDT has correct checksum 0xb7 PASSED: Test 1, Table SSDT has correct checksum 0x3e PASSED: Test 1, Table HPET has correct checksum 0xa9 PASSED: Test 1, Table SSDT has correct checksum 0x3e PASSED: Test 1, Table MCFG has correct checksum 0x9c PASSED: Test 1, Table SSDT has correct checksum 0x31 PASSED: Test 1, Table ASF! has correct checksum 0xb8 PASSED: Test 1, Table BGRT has correct checksum 0x46 PASSED: Test 1, Table DMAR has correct checksum 0x37 PASSED: Test 1, Table RSDT has correct checksum 0xbd PASSED: Test 1, Table FACP has correct checksum 0xa1 ================================================================================ 20 passed, 0 failed, 0 warning, 0 aborted, 0 skipped, 0 info only. ================================================================================ 20 passed, 0 failed, 0 warning, 0 aborted, 0 skipped, 0 info only. Test Failure Summary ================================================================================ Critical failures: NONE High failures: NONE Medium failures: NONE Low failures: NONE Other failures: NONE Test |Pass |Fail |Abort|Warn |Skip |Info | ---------------+-----+-----+-----+-----+-----+-----+ checksum | 20| | | | | | ---------------+-----+-----+-----+-----+-----+-----+ Total: | 20| 0| 0| 0| 0| 0| ---------------+-----+-----+-----+-----+-----+-----+

Next Topic...

FWTS can analyze ACPI tables from other systems. This can be done with fwts --dumpfile=acpidump.log. More details will be discussed in the next blog.

Thursday, January 10, 2019

ACPI Debugging (2) - Debug AML (DSDT & SSDT) with ACPICA Utilities

Using acpidbg on Ubuntu 18.04 x64 can be quite handy; however, the Linux kernel with ACPI_DEBUGGER is not always available, such as on Ubuntu for ARM. In such cases, acpica also provides a set of utilities, named acpica-tools, for ACPI debugging.

Installation

The acpica-tools can be installed by

sudo apt install acpica-tool

The latest source code can be downloaded from either of below, and it can be compiled and installed by “make” followed by “sudo make install“.

Windows: https://acpica.org/downloads/binary-tools
Ubuntu: sudo apt install acpica-tool

ACPICA Tools

The acpica-tools consist of the following utilities: acpibin, acpiexamples, acpihelp, acpisrc, iasl, acpidump, acpiexec, acpinames and acpixtract. This article focuses on how to use iasl, acpidump, acpiexec and acpixtract because they are commonly used in debugging.

acpidump - collect ACPI tables from a running system
acpixtract - extract ACPI tables from an acpidump file
acpiexec - emulate ACPI tables from extracted acpi tables
iasl - compile & disassemble ACPI tables

A Case Study - Airplane Mode

The airplane-mode button on laptops is usually implemented by both system BIOS and an OS driver. More specifically, it requires an ACPI device to be “present” in DSDT (or SSDT) table and a corresponding device driver. The figure below demonstrates how to debug if the airplane mode button fails to work.

Each computer brand has its specific implementation(s) and corresponding device driver(s). Some examples are listed below. Similarly, other driver source code can be found in Linux kernel.

Acer - acer-wireless
ASUS - asus-wireless
Dell - dell-rbtn, intel-hid, intel-vbtn
HP - hp-wireless
Lenovo - idealpad-laptop, thinkpad_acpi
Xiaomi - hp-wireless

Let’s use a Dell system as an example but the same technique also applies for others. To understand whether the airplane mode driver is loaded, one can run

$ lsmod | grep -E 'dell_rbtn|intel_hid|intel_vbtn'
intel_hid               16384  0
sparse_keymap   16384  2 intel_hid,dell_wmi

As expected, the intel-hid is used on this particular Dell system.

As seen above, the “intel-hid” is used on this particular Dell system.
Let’s assume we know intel-hid is supposed to be used on this Dell system but it is not loaded for now. We can debug BIOS ASL/AML code using ACPICA utilities following the below steps.

Find Out ACPI Device's (intel-hid's) Hardware ID

A quick online search shows intel-hid.c is for an ACPI device with _HID “INT33D5”.

Extract and Disassemble ACPI Tables

Get all ACPI tables: sudo acpidump > acpi.log
Extract DSDT and SSDT: acpixtract acpi.log
Disassemble tables: iasl -d *.dat

Check Whether INT33D5 is "Present"

Find INT33D5 in DSDT or SSDT: grep INT33DT *.dsl

 $ grep INT33D5 *.dsl
  dsdt.dsl:            Name (_HID, "INT33D5")  // _HID: Hardware ID

Once found, let's use vi to see more details in DSDT such as the device name (HIDD) as below:

Scope (_SB)
{
    Device (HIDD)
    {
        Name (_HID, "INT33D5")  // _HID: Hardware ID
        // ... skipped
        Method (_STA, 0, Serialized)  // _STA: Status
        {
            If ((OIDE () >= One))
            {
                Return (0x0F)
            }
            Else
            {
                Return (Zero)
            }
        }
...

Check device status, i.e. Method (_STA)

In addition to the device declaration, Linux ACPI device driver is loaded when _STA returns “present”. As in the above ASL code, _STA can be present (return 0x0F) or absent (return Zero). One can continue to trace OIDE() -> OSID() and so on to find out what _STA returns.

Alternatively, using acpiexec is easier for this task.

Evaluate _SB.HIDD._STA with acpiexec

Using acpiexec is the same as acpidbg, but it loads ACPI tables from files and runs AML in emulation mode, i.e. it does not touch hardware registers or actual memory.

Load ACPI tables: acpiexec *.dat
Find HIDD path: find HIDD
Execute HIDD's _STA: execute _SB.HIDD._STA

If _SB.HIDD._STA returns 0xF but intel-hid is not loaded, something is wrong with Linux kernel, ex. intel-hid is not compiled or is blacklisted. In this case, this should be forwarded to a Linux kernel engineer.

If _SB.HIDD._STA returns 0, we can continue to use acpiexec to find out OIDE() returns. In fact, we can use acpiexec to trace _SB._HIDD._STA

Trace _SB.HIDD._STA: debug _SB.HIDD._STA

Tutorial of using acpiexec is the same as acpidbg and can be found in the previous blog.

Final Words

ACPICA tools are very useful for debugging ACPI bugs, and using it well can save much time. This tutorial touches surface of what ACPICA tools can do and more documents can be found on acpica.org website.

Tuesday, May 1, 2018

ACPI Debugging (1) - ACPI AML Runtime Debugger in Ubuntu 18.04 (x64)

ACPICA is an open-source project that provides an operating system (OS)-independent reference implementation. It also contains a list of utilities such as ASL compiler (iasl), acpiexec (an AML emulator) and so on. However, debugging AML on Linux in runtime wasn't provided in ACPICA ... not until Linux Kernel 4.13.

Enabling AML Debugging

The aml-debugger.txt, the instruction for enabling AML runtime debugger, is available at Documentation/acpi/ in Linux kernel source code. In short, two things are required for AML runtime debugging

Enable AML debugging (CONFIG_ACPI_DEBUGGER=y & CONFIG_ACPI_DEBUGGER_USER=m) when compiling Linux kernel

Compile an utility, acpidbg from Linux kernel (I uploaded a copy here)

While compiling a custom-build kernel is nothing new to kernel developers, it is often inconvenient for system firmware / BIOS developers who need to verify ACPI AML implementation in their firmware. Fortunately, Ubuntu 18.04 (x64) and later enable these config by default, and one can simply execute acpidbg on Ubuntu 18.04 - even on Ubuntu Live from USB too!

Running AML Debugging

Executing acpidbg on Ubuntu 18.04 (x64) is straight-forward

$ sudo ./acpidbg 

-

and "help" shows a list supported commands

- help

General-Purpose Commands:            
 ...
 ...
Namespace Access Commands:
 ...
 ...
Control Method Execution Commands: 
 ...
 ...

Examples

acpidbg is particularly handy when one needs to evaluate any ACPI AML objects during runtime - especially ones that change under different conditions. This may be explained by some examples below:

Example 1 - To determine AC power status in runtime.

Find _PSR objects
Evaluate _PSR when AC is disconnected
Evaluate _PSR when AC is connected.

- find _PSR
        \_SB.PCI0.LPC.EC.AC._PSR Method       00000000c53d0a47 01 Args 0 Len 0023 Aml 00000000eab88cb2

- execute \_SB.PCI0.LPC.EC.AC._PSR
Evaluating \_SB.PCI0.LPC.EC.AC._PSR
Evaluation of \_SB.PCI0.LPC.EC.AC._PSR returned object 00000000c46fa555, external buffer length 18
 [Integer] = 0000000000000000

- execute \_SB.PCI0.LPC.EC.AC._PSR
Evaluating \_SB.PCI0.LPC.EC.AC._PSR
Evaluation of \_SB.PCI0.LPC.EC.AC._PSR returned object 00000000c46fa555, external buffer length 18
 [Integer] = 0000000000000001

acpidbg also works with complex objects such as packages.
Example 2 - To determine battery information and status.

Find _BIF and _BST objects
Evaluate _BIF and _BST objects (note _BST changes dynamically).

- find _BIF
      \_SB.PCI0.LPC.EC.BAT0._BIF Method       00000000817541c3 01 Args 0 Len 0040 Aml 000000009abb252e

- execute \_SB.PCI0.LPC.EC.BAT0._BIF
Evaluating \_SB.PCI0.LPC.EC.BAT0._BIF
Evaluation of \_SB.PCI0.LPC.EC.BAT0._BIF returned object 00000000c46fa555, external buffer length 170
 [Package] Contains 13 Elements:
  [Integer] = 0000000000000000
  [Integer] = 000000000000ABE0
  [Integer] = 0000000000009E34
  [Integer] = 0000000000000001
  [Integer] = 0000000000003B60
  [Integer] = 00000000000007E9
  [Integer] = 00000000000000C8
  [Integer] = 0000000000000001
  [Integer] = 0000000000000001
  [String] Length 07 = "00HW027"
  [String] Length 05 = "  409"
  [String] Length 03 = "LiP"
  [String] Length 03 = "SMP"

- find _BST
      \_SB.PCI0.LPC.EC.BAT0._BST Method       00000000ed98c5ba 01 Args 0 Len 001D Aml 00000000a48eaeb6

- execute \_SB.PCI0.LPC.EC.BAT0._BST
Evaluating \_SB.PCI0.LPC.EC.BAT0._BST
Evaluation of \_SB.PCI0.LPC.EC.BAT0._BST returned object 00000000c46fa555, external buffer length 78
 [Package] Contains 4 Elements:
  [Integer] = 0000000000000001
  [Integer] = 00000000000010C6
  [Integer] = 00000000000088B8
  [Integer] = 0000000000003FC9

acpidbg can decode bit fields and save time on counting bits. Try to run acpidbg to evaluate any _PLD objects and you will see what I mean :).

Wednesday, November 22, 2017

[Presentation] Firmware Test Suite - Uses, Development, Contribution and GPL

I did a presentation of "Firmware Test Suite - Uses, Development, Contribution and GPL" in UEFI Plugfest in Taipei on Nov 1 2017. The presentation is shared @ slideshare and can be viewed below:

Firmware Test Suite - Uses, Development, Contribution and GPL from Alex Hung

Monday, July 10, 2017

Changes of the _OSI object in ACPI spec 6.1a & 6.2 and in Linux

ACPI _OSI is the most controversial object in my opinions. Not only _OSI was not welcomed by Linux kernel but also it has been discussed multiple times in ACPI Spec Work Group (ASWG) meetings. Many spec contributers tried to remove _OSI from ACPI spec, but the impacts were too great to depreciate _OSI...

Until _OSI is now redefined in ACPI 6.1a & ACPI 6.2 as below

5.7.2 _OSI (Operating System Interfaces)
...
Arguments: (1)
Arg0 – A String containing the optional OS vendor prefix (as defined in Table 5-163) and/or the
required Feature Group string (as ACPI-defined in Table 5-164 , or a vendor-defined custom feature/
interface string). The optional OS vendor string is not needed in the case of the ACPI-defined feature
group strings.

Return Value:
An Integer containing a Boolean that indicates whether the requested feature is supported:
0x0 (Zero) – The interface, behavior, or feature is not supported
Ones (-1) – The interface, behavior, or feature is supported. Note: The value of Ones is
0xFFFFFFFF in 32-bit mode (DSDT revision 1) or 0xFFFFFFFFFFFFFFFF in 64-bit mode (DSDT
revision 2 and greater)

Still confused? Let's take a look at "Table 5-163 Predefined Operating System Vendor String Prefixes" in ACPI 6.1a below:

Operating System Vendor String Prefix	Description
“FreeBSD” <FeatureGroupString>	Free BSD OS features/interfaces
“HP-UX” <FeatureGroupString>	HP Unix Operating Environment OS features/interfaces
“Linux” <FeatureGroupString>	GNU/Linux Operating system OS features/interfaces
“OpenVMS” <FeatureGroupString>	HP OpenVMS Operating Environment OS features/interfaces
“Windows” <FeatureGroupString>	Microsoft Windows OS features/interfaces

While <FeatureGroupString> looks like something new, this addition is backward-compatible - it is very common to see "Windows 2009" (Windows 7), "Windows 2013" (Windows 8.1) and "Windows 2015" (Windows 10). 2009, 2013 and 2015 are sets of new features provided by each new Windows OS and is more than a name of each new OS. Does this make sense?

In fact, the main purpose of this _OSI change is to clarify "_OSI is not to be used to detect operating systems but feature sets supported by operating systems" - these aren't my words but the words of spec contributers in ASWG's meetings. In other words, please stop complaining why OSI("Linux") doesn't work - this usage is never the intention of ACPI spec.

While _OSI("Linux") does NOT work in Linux kernel by default, kernel maintainers now agree Linux isn't always compatible with Windows and using _OSI("Windows xxxx") isn't the best idea. Each OEM can define different "Linux <FeatureGroupString>" in their ACPI BIOS, and OEM can submit patches so new strings will be recognized by Linux kernel.

The string should be in the format "Linux-OEM-my_interface_name" as defined here. I would guess a valid string can be something like "Linux-Dell-SuperVGA" or "Linux-HP-CrystalAudio" (I made them up, and they aren't recognized by Linux kernel). The kernel document discusses the history and the rules, and BIOS engineers should not abuse this mechanism - if you want to a workaround, create a new string for it, ex. "Linux-Dell-VGA-Workaround" and submit a new patch to Linux kernel. DO NOT use unrelated OEM strings for other purposes.

The new _OSI is introduced for very short time and no ACPI BIOS uses new Linux strings yet. It is our hope this can provide better compatibilities between ACPI BIOS and non-Windows OS's. If anyone has any feedbacks or concerns about this new _OSI thing, I am happy to answer or forward to ACPI Work Group for more discussion.

Friday, July 7, 2017

Why cannot ACPI _REV object be used to detect Linux anymore?

Linux community is never a fan of distinguishing Windows & Linux in BIOS (see my 2012's blog Why does Linux Say It Is not Linux in _OSI("Linux")?). However, many BIOS engineers seem to see the needs of to workaround BIOS bugs for Linux regardlessly. After realising _OSI("Linux") cannot be used by default, some creative BIOS engineers figured ACPI's _REV object could be used for this purpose some years ago, based on the following facts:

1. _REV definition in ACPI spec 5.1

5.7.4 \_REV (Revision Data Object)

This predefined object evaluates to the revision of the ACPI Specification that the specified \_OS implements as a DWORD. Larger values are newer revisions of the ACPI specification.

Arguments:
None

Return Value:
An Integer containing the revision of the currently executing ACPI implementation

2. Windows returns 2 & Linux returns ACPI revision

If (_REV == 2) {
    // This is Windows
} Elseif (_REV == 4 || _REV == 5) {
    // This is Linux
}

While it is obvious it was Windows which did not follow ACPI spec, nothing can stop BIOS engineers from mis-using _REV as a mechanism to detect Linux in BIOS ASL codes.

It did not take long when ACPI Spec Work Group (ASWG), the owner and the publisher of ACPI spec, realised that many systems are mis-using _REV objects in their firmware. Eventually a spec contributer submitted a change to _REV object in ACPI 6.0 and later, and the _REV object is now defined as below:

5.7.4 \_REV (Revision Data Object)

This predefined object evaluates to an Integer (DWORD) representing the revision of the ACPI Specification implemented by the specified \_OS.

Arguments:
None

Return Value:
An Integer representing the revision of the currently executing ACPI implementation.
1. Only ACPI 1 is supported, only 32-bit integers.
2. ACPI 2 or greater is supported. Both 32-bit and 64-bit integers are supported. Actual integer width depends on the revision of the DSDT (revision < 2 means 32-bit. >= 2 means 64-bit).
Other values - Reserved

After ACPI 6.0 was published, the corresponding changes are also made to Linux kernel - the evaluation of _REV now returns 2 in kernel 4.1 and later (for example, Ubuntu 15.10 with kernel 4.2).

In order to provide backward compatibility, a new kernel parameter "acpi_rev_override" was introduced for those who still want to use _REV = 5 in their BIOS ASL code, but most of major Linux distributions do not include this kernel parameter by default, and it should be used with cautions.

If you are using one of the systems with _REV in the firmware, you can develop a kernel patch to add your system to the _REV quirk list acpi_rev_dmi_table in drivers/acpi/blacklist.c as below, like the patch I submitted.


static struct dmi_system_id acpi_rev_dmi_table[] __initdata = {
        {
         .callback = dmi_enable_rev_override,
         .ident = "DELL XPS 13 (2015)",
         .matches = {
                      DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
                      DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9343"),
                },
        },
        ...

DMI_SYS_VENDOR can be identified by sudo dmidecode -s system-manufacturer
DMI_PRODUCT_NAME can be identified by sudo dmidecode -s system-product-name.