Script for easy platform simulation when running DTS on QEMU

[DaniilKl]

The problem you're addressing (if any)

DTS has HAL that can simulate platforms on QEMU. But the way the platforms are simulated (combinations of TEST_* variables) are not well-documented and it is hard to determine value for some of the (for example for TEST_ME_OFFSET which requires ME offeset in firmware image for a specific platform).

Describe the solution you'd like

Documentation or a script that will be installed inside DTS and will configure DTS for platform emulation. The input could be: script-name MSI --me-on --fd-on.

Where is the value to a user, and who might that user be?

Faster development utilizing QEMU infrastructure.

Describe alternatives you've considered

No response

Additional context

No response

[3mkusiak]

I'm attaching notes on how to calculate TEST_ME_OFFSET.

Calculating ME offset on QEMU.md

[m-iwanicki]

@3mkusiak You could've just pasted it here. I'll do it:

---

When attempting to update FW in QEMU, DTS downloads temporary /tmp/biosupdate file, and searches for ME signature in it. This is done in check_blobs_in_binary() function. 

To get following ME warning:

The firmware binary contains Management Engine (ME), but ME is not disabled! 

….we must additionally supply two TEST parameters:

• TEST_BOARD_HAS_FD_REGION="true" to simulate having flash descriptor;
• TEST_ME_OFFSET so when /tmp/biosupdate file is checked, it finds aa55 bytes.

The reason for second parameter is that check_blobs_in_binary() fails to calculate ME_OFFSET using ifdtool. Using said tool to manually check /tmp/biosupdate will also fail. Additionally, offset reproted by ifdtool on .rom files, does not match for biosupdate file.

The workaround for this is basically find any set of “aa55” bytes and calculate the offset to “fool” dts that ME fw part was found.

To calculate TEST_ME_OFFSET:

• Kick off firmware update/installation.

• Connect to DTS via another console.

• Continue fw update till /tmp/biosupdate is created, check if it's created on second console.

• Find address of first set of aa55 byte set:

  xxd /tmp/biosupdate | grep aa55 | grep -v ffff | head -n 1
  # Eg. output
  # 010cc570: 200f 85c1 0000 0066 817c 2404 aa55 740a ...
  

• The output of this command displays n bytes and address of the first byte in the row. Now you must calculate the address of aa55 byte set. Verify if you got it right with following command

  xxd -s <addr> -l 2 /tmp/biosupdate
  # For <addr> = 0x10cc57c
  # aa55
  

• Now calculate TEST_ME_OFFSET according to following equation

  TEST_ME_OFFSET = <addr> - 0x1000
  # Eg. for <addr> = 0x10cc57c
  # TEST_ME_OFFSET = 0x10cb57c
  

  …and verify with following command:

  xxd -s $((TEST_ME_OFFSET + 0x1000)) -l2 /tmp/biosupdate
  # Should return aa55
  

•  Export calculated TEST_ME_OFFSET and attempt to update FW.

If you calculated the address properly now you should be greeted with similar message during installation.

The firmware binary contains Management Engine (ME), but ME is not disabled!        
                                                                                    
Flashing ME when not in disabled state may cause unexpected power management issues.
...