Add patina_sre crate (System Recovery Environment boot orchestrator)#91
Closed
kat-perez wants to merge 1 commit into
Closed
Add patina_sre crate (System Recovery Environment boot orchestrator)#91kat-perez wants to merge 1 commit into
kat-perez wants to merge 1 commit into
Conversation
Closed
5 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new uefi/crates/patina_sre crate providing SreBootManager, a reference patina_boot::BootOrchestrator implementation intended to drive a “normal boot” BDS-phase sequence for ODP platforms that ship an SRE alongside the main OS.
Changes:
- Introduces
SreBootManagerwith an interleave connect/dispatch loop plus a normal-bootexecute()implementation. - Adds unit tests covering the connect/dispatch interleave behavior and trait-object construction.
- Adds crate packaging/docs/tooling files (Cargo manifest, README, rust-toolchain, rustfmt config) and a crate-local lockfile.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| uefi/crates/patina_sre/src/lib.rs | Implements SreBootManager, interleave helper, and unit tests. |
| uefi/crates/patina_sre/Cargo.toml | Defines crate metadata and git-based dependencies for patina* crates. |
| uefi/crates/patina_sre/README.md | Documents intended boot sequence and adoption guidance. |
| uefi/crates/patina_sre/rust-toolchain.toml | Pins the nightly toolchain + UEFI targets/components for this crate. |
| uefi/crates/patina_sre/rustfmt.toml | Sets formatting configuration for the crate. |
| uefi/crates/patina_sre/Cargo.lock | Pins dependency resolution for the crate directory. |
| } | ||
|
|
||
| if let Err(e) = patina_nvme::lock_partition_write(boot_services, &self.boot_partition_path) { | ||
| log::error!("lock_partition_write failed: {:?}", e); |
Comment on lines
+119
to
+126
| match helpers::boot_from_device_path(boot_services, image_handle, &self.main_os_path) { | ||
| Ok(()) => log::warn!("Main OS boot returned control"), | ||
| Err(_) => log::warn!("Main OS boot failed"), | ||
| } | ||
|
|
||
| log::error!("SRE normal boot exhausted main OS path"); | ||
| Err(EfiError::NotFound) | ||
| } |
Comment on lines
+103
to
+105
| if let Err(e) = helpers::signal_bds_phase_entry(boot_services) { | ||
| log::error!("signal_bds_phase_entry failed: {:?}", e); | ||
| } |
Comment on lines
+6
to
+12
| [package] | ||
| name = "patina_sre" | ||
| version = "0.1.0" | ||
| edition = "2024" | ||
| rust-version = "1.89" | ||
| license = "MIT" | ||
| repository = "https://github.com/OpenDevicePartnership/odp-platform-common" |
kat-perez
force-pushed
the
kat-perez/patina-sre
branch
2 times, most recently
from
debca5c to
b73e22a
Compare
kat-perez
force-pushed
the
kat-perez/patina-sre
branch
from
b73e22a to
b140afe
Compare
This was referenced May 26, 2026
Contributor
Author
|
Superseded by #95 |
Contributor
Author
|
Verification complete and PR opened: #95 End-to-end on real Maa Intel Surface hardware:
|
This was referenced May 27, 2026
kat-perez
added a commit
to kat-perez/odp-platform-common
that referenced
this pull request
Jun 16, 2026
Adds patina_sre at uefi/crates/patina_sre/ — implements
patina_boot::BootOrchestrator for platforms shipping a System Recovery
Environment alongside the main OS. The skeleton implements the normal
boot path:
1. interleave connect+dispatch (10-round cap)
2. extra connect_all before EndOfDxe so PartitionDxe can bind GPT
child handles during the open driver-binding window
3. signal EndOfDxe
4. discover console devices
5. boot-partition write-lock (currently a log::warn! stub pending
odp-platform-common#61's patina_boot::partition helper)
6. discover_boot_options + iterate each Boot#### entry through
signal_ready_to_boot + boot_from_device_path; logs the device path
and underlying error on each failure
7. fall back to the constructor-provided main_os_path if discovery
yields no entries OR fails
8. return EfiError::NotFound once every attempt is exhausted
The crate re-exports DevicePathBuf + EndEntire from its own patina
source so callers (e.g. surface_patina_intel/patina_bin) can construct
the constructor's device-path arguments without picking up a different
patina (which would break trait coherence).
Hotkey-to-SRE entry, WIM-to-RAM-disk boot, and capsule pre-boot hook
are tracked separately and will layer onto this skeleton.
Verified end-to-end on Maa Intel Surface hardware (Kioxia KBG8 NVMe,
NVMe 2.0, CAP.BPS=1) via the paired surface_patina_intel feature
branch: BootDispatcher dispatches, SreBootManager.execute() runs the
full BDS phase, discover_boot_options finds the Windows Boot Manager
Boot####, expand_device_path resolves the short-form HD(GPT,GUID) path
against the live device topology, and bootmgfw.efi loads + starts
cleanly.
Closes OpenDevicePartnership#91.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a new `patina_sre` crate at `uefi/crates/patina_sre/` containing `SreBootManager` — a reference implementation of `patina_boot::BootOrchestrator` for ODP platforms shipping a System Recovery Environment alongside the main OS. The orchestrator is generic over a [`HotkeySource`] abstraction so vendors can wire platform-specific hotkey hardware while keeping the SRE flow itself portable.
The crate ships:
Platform vendors implement `HotkeySource` themselves to bridge their hotkey hardware (e.g. Surface's `MsButtonServicesProtocol`).
This supersedes patina#1492, which placed `SreBootManager` inside `patina_boot`. Per the reviewer thread on patina#1488, the SRE orchestrator is a platform-level component and doesn't belong in the generic `patina_boot` SDK crate.
Closes ODP-board #62 (`SreBootManager` skeleton), #63 (`HotkeySource` trait), and #68 (SRE boot path wiring).
How This Was Tested
`cargo test --lib` — all 9 tests pass:
```
test hotkey::tests::always_sre_returns_true ... ok
test hotkey::tests::never_sre_returns_false ... ok
test tests::test_new_constructs ... ok
test tests::test_new_with_always_sre ... ok
test tests::test_interleave_single_round_no_drivers_dispatched ... ok
test tests::test_interleave_dispatch_failure_propagates ... ok
test tests::test_interleave_stops_at_max_rounds ... ok
test tests::test_implements_boot_orchestrator ... ok
test tests::test_arc_dyn_construction ... ok
```
Coverage spans the interleave-connect-dispatch loop (single-round convergence, dispatch-error propagation, max-rounds graceful exit), the `HotkeySource` impls, `BootOrchestrator` trait conformance for both `SreBootManager` and `SreBootManager`, and `Arc` construction (matching the `BootDispatcher` consumption path).
End-to-end QEMU validation is a separate change on `patina-dxe-core-qemu` that wires `SreBootManager` into the Q35 platform component list and exercises both paths under `patina-qemu`.
Integration Instructions
Add `patina_sre` to your platform DXE core's component list, with a `HotkeySource` implementation appropriate to the platform:
```rust,ignore
use patina_boot::BootDispatcher;
use patina_sre::{NeverSre, SreBootManager};
Core::default()
.with_component(BootDispatcher::new(SreBootManager::new(
boot_partition_device_path,
main_os_device_path,
"\\SRE\\winvos.wim",
NeverSre, // replace with your platform's hotkey impl (e.g. SurfaceButtonHotkeySource)
)))
```
`patina`, `patina_boot`, `patina_nvme`, `patina_partition`, and `patina_ram_disk` are consumed as git dependencies because none of those releases are on crates.io yet. A `[patch]` block redirects transitive `patina` deps from upstream's `feature/patina-boot` onto a temporary combined branch (`kat-perez/sre-base` = `feature/patina-boot` + the EFI_RAM_DISK_PROTOCOL binding from patina#1490) so cargo sees one shared `patina` version across the dep tree. Once the corresponding patina release ships, the manifest moves to versioned crates.io references and downstream consumers won't need any patch glue.