Development Guidelines

From flashprog
Revision as of 17:46, 3 December 2023 by Stefanct@flashrom.org/ (talk) ("Stefanct@flashrom.org/: copy signed-of-by procedure from coreboot")
Jump to navigation Jump to search

Patch submission

Please send any patches to our mailing list according to the rules and information in this section.

Our guidelines heavily borrow heavily from the coreboot development guidelines, and most of them apply to flashrom as well. The really important part is about the Signed-off-by procedure which is quoted below.

We try to reuse as much code as possible and create new files only if absolutely needed, so if you find a function somewhere in the tree which already does what you want (even if it is for a totally different chip), please use it. See also Command set secrets.

The patch reviews may sound harsh, but please don't get discouraged. We try to merge simple patches after one or two iterations and complicated ones as soon as possible, but we have quite high standards regarding code quality.

If you introduce new features (not flash chips, but stuff like partial programming, support for new external programmers, voltage handling, etc) please discuss your plans on the mailing list first. That way, we can avoid duplicated work and know about how flashrom internals need to be adjusted and you avoid frustration if there is some disagreement about the design.

For patches that modify convoluted tables like struct flashchip flashchips[] in flashchips.c it may make sense to increase the lines of context to include enough information directly in the patch for reviewers (for example to include the chip names when changing other parameters like .voltage). To do this with subversion use svn diff --diff-cmd diff -x -u5; or with git use git format-patch -U5 where 5 is an example for the number of lines of context you want.

Sign-off Procedure

We employ a similar sign-off procedure as the Linux kernel developers do. Please add a note such as

Signed-off-by: Random J Developer <random@developer.example.org>

to your email/patch if you agree with the following Developer's Certificate of Origin 1.1.

You have to use your real name in the Signed-off-by line and in any copyright notices you add. Patches without an associated real name cannot be committed!

Developer's Certificate of Origin 1.1:

By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it; and
(d) In the case of each of (a), (b), or (c), I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license indicated in the file.

Note: The Developer's Certificate of Origin 1.1 is licensed under the terms of the Creative Commons Attribution-ShareAlike 2.5 License.

Reviews

Contributors without commit rights should receive at least a preliminary review within one week of submission by some committer. At minimum this should include a broad indication of acceptance or rejection of...

  • the idea/rationale/motivation,
  • the implementation

respectively.

In general, reviews should focus on the architectural changes and things that affect flashrom as a whole. This includes (but is by no means limited to) changes in APIs and types, safety, portability, extensibility, and maintainability. The purpose of reviews is not to create perfect patches, but to steer development in the right direction and produce consensus within the community. The goal of each patch should be to improve the state of the project - it does not need to fix all problems of the respective field perfectly. NB: New contributors may need more detailed advices and should be told about minor issues like formatting problems more precisely. The result of a review should either be a

Acked-by

  • Trivial stuff like...
    • compile fixes (that are tested on all or at least some affected and some unaffected platforms),
    • marking boards/chips/programmers as tested, and
    • typo and whitespace fixes etc.
do not need an Acked-by line from someone else than the author.
  • If the patch is something like a board enable, new chip(set) support etc. (i.e. no refactoring, no architectural impact), you can get an ack from someone who is not an experienced developer after he/she has tested the patch, or ack yourself if proof exists that it worked.
  • However, for more complicated patches you should get a review from someone who knows the code well if possible.
    • If no one replies to the patch submission on the mailing list within 2 weeks, you may assume consent by the community and ack yourself.
    • If, however, one of the known community members comments on your submission and requests changes or further information/a rationale etc., you need to come to some consensus with that member about the points complained about (only).
      • If your answer (e.g. in form of a new iteration of the patch including the requested changes or a mail containing the requested information) does not get any replies for three weeks, you may ack yourself.
      • When consensus in all points have been reached, but no explicit ack has been sent, then the submission falls under the same timeout rule again; i.e. if no one replies to your last e-mail within 2 weeks, you may ack yourself.
  • Contributions from people without commit rights should not be treated much differently.
Maintainers should merge them if there is no objection from the community within the timeframes and according to the rule set described above.

Adding/reviewing a new flash chip

  1. Get the datasheet of the exact type of chip.
  2. Open flashchips.c and flashchips.h.
  3. First, find the best* IDs in the datasheet (*FIXME: this needs to be explained together with the probing somewhere else in detail) and check if the ID exists in flashchips.h already
    • If it does but is named after a different chip,
      then add a comment regarding the twin and continue by comparing the definition in flashchips.c with the datasheet of the twin/new chip as if you would add it but leave out the next step (see below). First you should change the .name to reflect the additional chip model (see other chips of naming examples). If you find significant* differences in the chips behavior you have found a so called evil twin (*judging the significance of a difference is quite hard and requires some understanding of flashrom behavior, examples of significant differences are: different sizes of blocks or different opcodes for operations). In that case copy the entry and continue to change that (don't forget to undo the previous changes before).
    • If it does and the name matches too,
      the chip is either already added or only the ID was added and you should use that define.
    • If it does not,
      then you should add it conforming to the standards/comments in the file.
    Usually the chip IDs follow a simple scheme: They are all uppercase; first the manufacturer name (like for the manufacturer IDs on top of each paragraph in flashchips.h) followed by an underscore and then the chipname. The latter should in general equal the .name, with dots (and other disallowed characters) replaced by underscores. Shared chip IDs typically use the macro name that happened to be added first to flashrom (which is also probably the first one manufactured) and which usually matches the other chips of that series in flashchips.h.
  4. If possible copy an existing, similar entry in the giant array in flashchips.c or start a new one at the right position (according to the comment on top of the array)
  5. Add .vendor, .name, IDs selected as explained above and .total_size.
  6. .page_size is really hard. Please read this long explanation, or ignore it for now and set it to 256.
  7. We encode various features of flash chips in a bitmask named .feature_bits. The various possibilities can be found in flash.h.
  8. .tested is used to indicate if the code was tested to work with real hardware, its possible values are defined in flash.h. Without any tests it should be set to TEST_UNTESTED.
  9. .probe indicates which function is called to fetch IDs from the chip and to compare them with the ones in .manufacture_id and .model_id. This requires some knowledge or source reading. For most SPI flash chips probe_spi_rdid is the right one if the datasheets mentions 0x9f as an identification/probing opcode.
  10. .probe_timing is only used for non-SPI chips. It indicates the delay after "enter/exit ID mode" commands in microseconds (see flash.h for special values).
  11. .block_erasers stores an array of pairs of erase functions (.block_erase) with their respective layout (.eraseblocks).
    1. .block_erase is similar to the probing function. You should at least check that the opcode named in the function name is matching the respective opcode in the datasheet.
    2. Two forms of .eraseblocks can be distinguished: symmetric and asymmetric layouts. Symmetric means that all blocks that can be erased by an opcode are sized equal. In that case a single range can define the whole layout (e.g. {4 * 1024, 256} means 256 blocks of 4 kB each). Asymmetric layouts on the other hand contain differently sized blocks, ordered by their base addresses (e.g. {{8 * 1024, 1}, {4 * 1024, 2}, {16 * 1024, 7}} describes a layout that starts with a single 8 kB block, followed by two 4 kB blocks and 7 16 kB blocks at the end).
  12. .printlock is a misnomer to some extent. It is misused not only to print (write) protected address ranges of the chip, but also to pretty print the values of the status register(s) - especially true for SPI chips. There are a lot of existing functions for that already and you should reuse one if possible. Comparing the description of the status register in the datasheet of an already supported chip with that of your chip can help to determine if you can reuse a printlock function.
  13. .unlock is called before flashrom wants to modify the chip's contents to disable possible write protections. It is tightly related to the .printlock function as it tries to change some of the bits displayed by .printlock.
  14. .write and .read are function pointers with the obvious meaning. Currently flashrom does only support a single function each. The one that is best supported by existing programmers should be used for now, but others should be noted in a comment if available.
  15. .voltage defines the upper and lower bounds of the supply voltage of the chip. If there are multiple chip models with different allowed voltage ranges, the intersection should be used and an appropriate comment added.
  16. The write granularity can be expressed by the .gran field. If you think you need something else than the default (write_gran_256bytes) then you should definitely ask one of the regular flashrom hackers first. Possible values can be found in flash.h.

Committing

Those with commit rights to the (currently subversion-based) source repository should follow the following rules.

  • Reviews
    • Changes should generally be discussed and reviewed before committing, see above
  • The commit log
    • Should start with a short sentence summing up the changes of the patch.
    • Optionally this should be prefixed with a topic or file name if the changes are targeting one area only.
    • End the sentence with a full stop followed by an empty line.
    • The body of the commit log should be short, but descriptive: If anyone involved in flashrom reads your comment in a year, she/he shall still be able to understand what your commit is about, without analyzing the code (what was the motivation for the change? what are the differences to the previous behavior?).
    • At the end it has to list Signed-off-by lines of all authors and at least one Acked-by line.
    • Optionally one can add Tested-by lines to give credit to testers.
  • Committing
    • Who actually pushes/commits to the repository depends on who is actually allowed to:
      • If you ack something and the sender has commit rights, let him commit unless he asks you to commit. Ask the sender when there is no commit for a few days after the ack - sometimes things are forgotten.
      • If the sender does not have commit rights, note in the mail with the ack that you intend to commit the change to give him/her an opportunity to add final refinements or comments. Wait for at least 24 hours before you commit.
    • After committing please reply to the mailing thread that contains the patch with at least the revision in the body to notify anyone involved of the commit and document it for references in the future and in patchwork or similar facilities. Also, mark the patch as accepted on patchwork if you can.
  • Don't share your login(s)/password(s) (should be obvious, but sadly it is not for everyone :)