THE IMPETUS
Platform & Silicon Firmware Development has historically been a niche field in the compute industry, requiring specific, hard-to-find engineering skill sets. As time progressed, firmware capabilities expanded, offering a large range of enhanced capabilities and platform intelligence ranging from rich feature sets to in-situ upgradability. Firmware became pervasive in the industry. However, the industry quickly realized that this increase in the role and capability of firmware, spread across so many different components on the platform, increased the attack surface for cyber attackers, potentially rendering the system vulnerable to malicious parties. Additionally, most Independent Silicon Vendors (ISVs) distribute their silicon-initialization firmware source code under a proprietary license to companies that have signed Non-Disclosure Agreements (NDAs). This limits the visibility the platform users have to inspect the security and functional validation that has gone into producing the firmware binaries running on their systems.
The above challenges present a pressing need for the following imperatives to be available at scale:
With the AMD Generic Encapsulated Software Architecture (AGESA™) solution, scaling to other nimbler host firmware solutions that foster a more robust security posture due to lower attack surface proved challenging. Below is the existing stack that caters to the UEFI host firmware requirements.
THE SOLUTION
AMD believes one of the ways to attain an improved security posture is to open Silicon Initialization Firmware architecture, development, and validation to the open-source community. AMD is committed to open-source software and is now expanding into the various firmware domains with the re-architecture of its x86 AGESA FW stack - designed with UEFI as the host firmware that prevented scaling, to other host firmware solutions such as coreboot, oreboot, FortiBIOS, Project µ and others. A newer, open architecture that potentially allows for reduced attack surface, and perceivably infinite scalability is now available as a Proof-of-Concept, within the open-source community for evaluation, called the AMD openSIL – Open-Source Silicon Initialization Library.
AMD openSIL adheres to simple goals of an agnostic set of library functions written in an industry-standard language that can be statically linked to the host firmware without having to adhere to any host firmware protocols. AMD openSIL is designed to be scalable and simple to integrate, light weight, low chirp and transparent, potentially allowing for an improved security posture.
AMD openSIL is a set of three statically linked libraries – xSIM (x86 Silicon Initialization Libraries), xPRF (x86 Platform Reference Library) & xUSL (x86 Utilities & Services Library), that can be statically linked to any host firmware during compile/link time. Below is a comparison firmware stack diagram that exhibits the scalability between two disparate platform host firmware solutions – UEFI & coreboot, which can be scaled to any other platform host firmwares that exist today and possibly in the future.
xSIM (x86 SILICON INITIALIZATION MODULES) LIBRARY
Provides a set of API services that initialize the platform host silicon. Most of the silicon initialization on AMD-based platforms is performed by embedded µControllers prior to x86 reset de-assertion. This includes Memory Interface training & signal conditioning, DRAM JEDEC initialization, and Host Memory Controller Initialization, collectively forming the bulk of Memory Initialization. As a result, system memory is already available by the time the x86 reset is de-asserted. Thus, the services exposed to the host FW by xSIM library are minimal, yet complete. Refer to the AMD openSIL UEFI / coreboot Integrator’s Guide for details on the exposed API Interfaces. This library is independent of the platform netlist and does not perform any silicon initialization tied to platform design (for example Host SoC GPIO programing). Platform designers should not have to make source code modifications to this library.
xPRF (x86 PLATFORM REFERENCE FIRMWARE) LIBRARY
Services from this library are used to initialize platform design- specific silicon initialization. An example of this would be GPIO programming. This may also include SMM handlers to handle events such as RAS etc. and is subject to the board design. Both xSIM and AMD CRB PRF libraries are expected to depart from any industry standard (UEFI, coreboot etc.). They are written in C-2020 language and leverage open-source tools (such as GCC) that are expected to be the development tools of choice (although it does not preclude one from using proprietary tool set). These two layers are hosted on independent git repositories and extensive use of Product Layered Branching strategy is fully expected. Customers will need to modify the xPRF to address platform design deviation from the Silicon Vendor’s CRB reference design. While the xSIM can remain untouched by customers, nothing prevents customers from making modifications per their system design requirements.
xUSL (x86 UTILITIES & SERVICES) LIBRARY
As the name suggests offers a set of helper functions to aid the xSIM and the xPRF libraries. This library is not exposed to the host firmware but is rather exclusively used by the xSIM and xPRF libraries.
AMD openSIL APIs AT A GLANCE
xSIM LIBRARY APIs
APIs provided by AMD openSIL to x86 host firmware to perform silicon initialization agnostic of platform configuration.
xPRF LIBRARY APIs
APIs provided by AMD openSIL to x86 host firmware to perform silicon initialization based on platform configuration.
INDUSTRY OPEN SOURCE COLLABORATION
AMD, in close collaboration with a few other organizations (9elements, AMI, AWS, 3mdeb, Datacom, Google, Meta, Oxide) from the open-source landscape, developed the first instance of AMD openSIL based on the 4th Gen AMD EPYC™ CPU, and plan to demonstrate its capabilities during the OCP Regional Summit in Q2 2023 (4/19/2023 – 4/20/2023).
“9elements is proud to be part of this groundbreaking effort in collaboration with AMD and other leading organizations in the open-source community. As the biggest open-source firmware vendor, we wholeheartedly support the development and implementation of AMD openSIL, which we believe is a significant step towards transitioning the x86 ecosystem towards open-source solutions. This initiative aligns with our mission to promote transparency, security, and scalability in firmware development. We are confident that AMD openSIL will revolutionize the industry by fostering increased collaboration, innovation, and trust among platform users and developers alike. 9elements will showcase their work on coreboot and LinuxBoot, powered by AMD openSIL, at 9elements booth (A3) at the OCP Regional Summit.”
Christian Walter, Managing Director Firmware, 9elements
“AMI has embraced the open-source community and applauds AMD for this bold step in enriching the developer community with this contribution. AMI is excited to be part of this journey and to support ecosystem and enterprise partners with their boot (UEFI and coreboot), BMC, and Platform/Hardware Root of Trust needs on AMD openSIL. OCP Regional Summit 2023 attendees can visit AMI’s booth (A4) to view the UEFI (Aptio OpenEdition™) and coreboot flow on the 4th Gen AMD EPYC™ processor-based AMD openSIL platform.
The future is open, and the future is now!”
Srinivasa Rao, Director of Engineering, American Megatrends Inc
Adonay Berhe, Product Marketing Manager, , American Megatrends Inc
“Oxide is a strong believer in the need for open-source software at the lowest layers of the stack -- including silicon initialization and platform enablement. With the availability of AMD openSIL, AMD is showing that they share this vision. We believe that the ultimate beneficiaries of open-source silicon initialization -- as it has been for open-source revolutions elsewhere in the stack -- will be customers and end-users, and we applaud AMD for taking this important and inspiring step!”
Bryan Cantrill, CTO and Co-Founder, Oxide Computer Company
AMD openSIL COLLATERAL
RAJ KAPOOR, Fellow - Chief Firmware Architect, Advanced Micro Devices Inc.
DISCLAIMER
AMD openSIL firmware libraries and associated host firmware are released as Proof-of-Concept (PoC) code for 4th Gen AMD EPYC™ based reference platform. The PoC code is not meant for production use yet. The AMD openSIL code is provided ‘as-is’.
The information presented in this document is for informational purposes only. The information presented in this document and any referenced AMD openSIL code may contain technical inaccuracies, omissions, and typographical errors. The information contained herein and any referenced AMD openSIL code is subject to change and may be rendered inaccurate for many reasons, including but not limited to product and roadmap changes, component and motherboard version changes, new model and/or product releases, product differences between differing manufacturers, software changes, BIOS flashes, firmware upgrades, or the like. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. AMD assumes no obligation to update or otherwise correct or revise this information or any referenced AMD openSIL code. However, AMD reserves the right to revise this information or any referenced AMD openSIL code and to make changes from time to time to the content hereof or any AMD openSIL code referenced hereof without obligation of AMD to notify any person of such revisions or changes.
THIS INFORMATION AND ANY AMD OPENSIL CODE REFERENCED HEREOF IS PROVIDED ‘AS IS.” AMD MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE CONTENTS HEREOF OR ANY AMD OPENSIL CODE REFERECED HEREOF AND ASSUMES NO RESPONSIBILITY FOR ANY INACCURACIES, ERRORS, OR OMISSIONS THAT MAY APPEAR IN THIS INFORMATION OF ANY AMD OPENSIL CODE REFERENCED IN THIS INFORMATION. AMD SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT WILL AMD BE LIABLE TO ANY PERSON FOR ANY RELIANCE, DIRECT, INDIRECT, SPECIAL, OR OTHER CONSEQUENTIAL DAMAGES ARISING FROM THE USE OF ANY INFORMATION CONTAINED HEREIN OR ANY AMD OPENSIL CODE REFERECED HEREIN, EVEN IF AMD IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
© 2023 Advanced Micro Devices, Inc. All rights reserved.