summaryrefslogtreecommitdiff
path: root/src/lib/prog_loaders.c
AgeCommit message (Collapse)Author
2019-01-30selfload: check target memory type in selfload_checkTing Shen
Currently, selflock_check() verifies that the binary is loaded in an usable RAM area. Extend its functionality so we can also check that BL31 is loaded in a manually reserved area, and fail early if the range is not protected. Change-Id: Iecdeedd9e8da67f73ac47d2a82e85b306469a626 Signed-off-by: Ting Shen <phoenixshen@google.com> Reviewed-on: https://review.coreboot.org/c/31122 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-01-16buildsystem: Promote rules.h to default includeKyösti Mälkki
Does not fix 3rdparty/, *.S or *.ld or yet. Change-Id: I66b48013dd89540b35ab219d2b64bc13f5f19cda Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/17656 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2018-12-22arch/x86 cbmem: Drop tests for LATE_CBMEM_INITKyösti Mälkki
Remove all cases in code where we tested for EARLY_CBMEM_INIT or LATE_CBMEM_INIT being set. This also removes all references to LATE_CBMEM_INIT in comments. Change-Id: I4e47fb5c8a947d268f4840cfb9c0d3596fb9ab39 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/26827 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-11-16src: Get rid of duplicated includesElyes HAOUAS
Change-Id: I252a1cd77bf647477edb7dddadb7e527de872439 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29582 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2018-10-25selfboot: create selfboot_check function, remove check paramRonald G. Minnich
The selfboot function was changed at some point to take a parameter which meant "check the allocated descriptors to see if they target regions of real memory." The region check had to be buried deep in the last step of loading since that is where those descriptors were created and used. An issue with the use of the parameter was that it was not possible for compilers to easily divine whether the check code was used, and it was hence possible for the code, and its dependencies, to be compiled in even if never used (which caused problems for the rampayload code). Now that bounce buffers are gone, we can hoist the check code to the outermost level. Further, by creating a selfload_check and selfload function, we can make it easy for compilers to discard unused code: if selfload_check is never called, all the code it uses can be discarded too. Change-Id: Id5b3f450fd18480d54ffb6e395429fba71edcd77 Signed-off-by: Ronald G. Minnich <rminnich@gmail.com> Reviewed-on: https://review.coreboot.org/29259 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-10-22reset: Provide new single-function reset APINico Huber
board_reset() replaces the existing common reset API. There is no common distinction between reset types across platforms, hence, common code could never decide which one to call. Currently only hard_reset() is used by common code. We replace these calls and provide a fall-back to the current hard_reset() implemen- tation. The fall-back will be removed along with hard_reset() after the transition of all boards. Change-Id: I274a8cee9cb38226b5a0bdff6a847c74ef0b3128 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/29047 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-06-27stage_cache: Disable when APCI S3 is not possibleKyösti Mälkki
Don't consume CBMEM for stage cache when we would never use it. Change-Id: I606e0457ff3085822554c4041fc56f0d28cc9c2d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/27230 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-06-19lib: Add FIT payload supportPatrick Rudolph
* Add support for parsing and booting FIT payloads. * Build fit loader code from depthcharge. * Fix coding style. * Add Kconfig option to add compiletime support for FIT. * Add support for initrd. * Add default compat strings * Apply optional devicetree fixups using dt_apply_fixups Starting at this point the CBFS payload/ can be either SELF or FIT. Tested on Cavium SoC: Parses and loads a Linux kernel 4.16.3. Tested on Cavium SoC: Parses and loads a Linux kernel 4.15.0. Tested on Cavium SoC: Parses and loads a Linux kernel 4.1.52. Change-Id: I0f27b92a5e074966f893399eb401eb97d784850d Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/25019 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-06-19lib/prog_loaders: Move argument selection into selfloadPatrick Rudolph
Set the payload argument in selfload, as other (non self) payloads, are going to set a different argument. Change-Id: I994f604fc4501e0e3b00165819f796b1b8275d8c Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/25861 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-05-16lib/prog_loaders: Store CBFS type in struct progPatrick Rudolph
Store the type of the loaded program after locating the file and add a method to retrieve the type. Will be used to distinguish between SELF and FIT payloads. Change-Id: Ic226e7e028d722ab9e3c6f7f1c22bde2a1cd8a85 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/26028 Reviewed-by: Ronald G. Minnich <rminnich@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-04-24compiler.h: add __weak macroAaron Durbin
Instead of writing out '__attribute__((weak))' use a shorter form. Change-Id: If418a1d55052780077febd2d8f2089021f414b91 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/25767 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2017-03-13src/lib: Remove unnecessary codeLee Leahy
Fix the following warnings detected by checkpatch.pl: WARNING: break is not useful after a goto or return WARNING: Statements terminations use 1 semicolon WARNING: else is not generally useful after a break or return WARNING: void function return statements are not generally useful TEST=Build and run on Galileo Gen2 Change-Id: I6f095c4e9cb1ee4ff2ebdf095ef612e1a8393231 Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com> Reviewed-on: https://review.coreboot.org/18762 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-12-01romstage_handoff: add helper to determine resume statusAaron Durbin
Instead of having callers query the romstage handoff resume status by inspecting the object themselves add romstage_handoff_is_resume() so that the same information can be queried easily. Change-Id: I40f3769b7646bf296ee4bc323a9ab1d5e5691e21 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/17647 Tested-by: build bot (Jenkins) Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-11-09ACPI S3: Remove HIGH_MEMORY_SAVE where possibleKyösti Mälkki
Add implementation to use actual requirements of ramstage size for S3 resume backup in CBMEM. The backup covers complete pages of 4 KiB. Only the required amount of low memory is backed up when ACPI_TINY_LOWMEM_BACKUP is selected for the platform. Enable this option for AGESA and binaryPI, other platforms (without RELOCATABLE_RAMSTAGE) currently keep their romstage ramstack in low memory for s3 resume path. Change-Id: Ide7ce013f3727c2928cdb00fbcc7e7e84e859ff1 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/15255 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com>
2016-10-31lib/prog_loaders: use common ramstage_cache_invalid()Aaron Durbin
All current implementations of ramstage_cache_invalid() were just resetting the system based on the RESET_ON_INVALID_RAMSTAGE_CACHE Kconfig option. Move that behavior to a single implementation within prog_loaders.c which removes duplication. Change-Id: I67aae73f9e1305732f90d947fe57c5aaf66ada9e Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/17184 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-10-06arm64: Use 'payload' format for ATF instead of 'stage'Simon Glass
Switch the BL31 (ARM Trusted Firmware) format to payload so that it can have multiple independent segments. This also requires disabling the region check since SRAM is currently faulted by that check. This has been tested with Rockchip's pending change: https://chromium-review.googlesource.com/#/c/368592/3 with the patch mentioned on the bug at #13. BUG=chrome-os-partner:56314 BRANCH=none TEST=boot on gru and see that BL31 loads and runs. Im not sure if it is correct though: CBFS: Locating 'fallback/payload' CBFS: Found @ offset 1b440 size 15a75 Loading segment from ROM address 0x0000000000100000 code (compression=1) New segment dstaddr 0x18104800 memsize 0x117fbe0 srcaddr 0x100038 filesize 0x15a3d Loading segment from ROM address 0x000000000010001c Entry Point 0x0000000018104800 Loading Segment: addr: 0x0000000018104800 memsz: 0x000000000117fbe0 filesz: 0x0000000000015a3d lb: [0x0000000000300000, 0x0000000000320558) Post relocation: addr: 0x0000000018104800 memsz: 0x000000000117fbe0 filesz: 0x0000000000015a3d using LZMA [ 0x18104800, 18137d90, 0x192843e0) <- 00100038 Clearing Segment: addr: 0x0000000018137d90 memsz: 0x000000000114c650 dest 0000000018104800, end 00000000192843e0, bouncebuffer ffffffffffffffff Loaded segments BS: BS_PAYLOAD_LOAD times (us): entry 0 run 125150 exit 1 Jumping to boot code at 0000000018104800(00000000f7eda000) CPU0: stack: 00000000ff8ec000 - 00000000ff8f0000, lowest used address 00000000ff8ef3d0, stack used: 3120 bytes CBFS: 'VBOOT' located CBFS at [402000:44cc00) CBFS: Locating 'fallback/bl31' CBFS: Found @ offset 10ec0 size 8d0c Loading segment from ROM address 0x0000000000100000 code (compression=1) New segment dstaddr 0x10000 memsize 0x40000 srcaddr 0x100054 filesize 0x8192 Loading segment from ROM address 0x000000000010001c code (compression=1) New segment dstaddr 0xff8d4000 memsize 0x1f50 srcaddr 0x1081e6 filesize 0xb26 Loading segment from ROM address 0x0000000000100038 Entry Point 0x0000000000010000 Loading Segment: addr: 0x0000000000010000 memsz: 0x0000000000040000 filesz: 0x0000000000008192 lb: [0x0000000000300000, 0x0000000000320558) Post relocation: addr: 0x0000000000010000 memsz: 0x0000000000040000 filesz: 0x0000000000008192 using LZMA [ 0x00010000, 00035708, 0x00050000) <- 00100054 Clearing Segment: addr: 0x0000000000035708 memsz: 0x000000000001a8f8 dest 0000000000010000, end 0000000000050000, bouncebuffer ffffffffffffffff Loading Segment: addr: 0x00000000ff8d4000 memsz: 0x0000000000001f50 filesz: 0x0000000000000b26 lb: [0x0000000000300000, 0x0000000000320558) Post relocation: addr: 0x00000000ff8d4000 memsz: 0x0000000000001f50 filesz: 0x0000000000000b26 using LZMA [ 0xff8d4000, ff8d5f50, 0xff8d5f50) <- 001081e6 dest 00000000ff8d4000, end 00000000ff8d5f50, bouncebuffer ffffffffffffffff Loaded segments INFO: plat_rockchip_pmusram_prepare pmu: code d2bfe625,d2bfe625,80 INFO: plat_rockchip_pmusram_prepare pmu: code 0xff8d4000,0x50000,3364 INFO: plat_rockchip_pmusram_prepare: data 0xff8d4d28,0xff8d4d24,4648 NOTICE: BL31: v1.2(debug): NOTICE: BL31: Built : Sun Sep 4 22:36:16 UTC 2016 INFO: GICv3 with legacy support detected. ARM GICV3 driver initialized in EL3 INFO: plat_rockchip_pmu_init(1189): pd status 3e INFO: BL31: Initializing runtime services INFO: BL31: Preparing for EL3 exit to normal world INFO: Entry point address = 0x18104800 INFO: SPSR = 0x8 Change-Id: Ie2484d122a603f1c7b7082a1de3f240aa6e6d540 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 8c1d75bff6e810a39776048ad9049ec0a9c5d94e Original-Change-Id: I2d60e5762f8377e43835558f76a3928156acb26c Original-Signed-off-by: Simon Glass <sjg@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/376849 Original-Commit-Ready: Simon Glass <sjg@google.com> Original-Tested-by: Simon Glass <sjg@google.com> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/16706 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-06-24region: Add writeat and eraseat supportAntonello Dettori
Implement writeat and eraseat support into the region_device_ops struct. Change-Id: Iac2cf32e523d2f19ee9e5feefe1fba8c68982f3d Signed-off-by: Antonello Dettori <dev@dettori.io> Reviewed-on: https://review.coreboot.org/15318 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-05-09lib/prog_loaders: Allow platforms to skip stage cacheFurquan Shaikh
Before multi-CBFS support was added, x86 platforms cached their ramstage in TSEG so that it could be re-used on the resume path. However, more resources/assets are being put in cbfs that are utilized during ramstage. Just caching ramstage does not mean that correct cbfs region is used for all the data. Thus, provide an option to allow platforms to skip caching any component for resume. Change-Id: I0e957a6b859cc7d700aaff67209a17c6558be5de Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/14636 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2016-02-11lib/prog_loaders.c: remove arch/stages.h includeAaron Durbin
There's no delcaration used. Remove the include. Change-Id: I6fa7de6362ca0e92f0d5a7d07f3a224b9f77f709 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/13679 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-12-10lib: remove assets infrastructureAaron Durbin
Now that only CBFS access is supported for finding resources within the boot media the assets infrastructure can be removed. Remove it. BUG=chromium:445938 BRANCH=None TEST=Built and ran on glados. Change-Id: I383fd6579280cf9cfe5a18c2851baf74cad004e9 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/12690 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-12-10cbfs/vboot: remove firmware component supportAaron Durbin
The Chrome OS verified boot path supported multiple CBFS instances in the boot media as well as stand-alone assets sitting in each vboot RW slot. Remove the support for the stand-alone assets and always use CBFS accesses as the way to retrieve data. This is implemented by adding a cbfs_locator object which is queried for locating the current CBFS. Additionally, it is also signalled prior to when a program is about to be loaded by coreboot for the subsequent stage/payload. This provides the same opportunity as previous for vboot to hook in and perform its logic. BUG=chromium:445938 BRANCH=None TEST=Built and ran on glados. CQ-DEPEND=CL:307121,CL:31691,CL:31690 Change-Id: I6a3a15feb6edd355d6ec252c36b6f7885b383099 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/12689 Tested-by: build bot (Jenkins) Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-10-31tree: drop last paragraph of GPL copyright headerPatrick Georgi
It encourages users from writing to the FSF without giving an address. Linux also prefers to drop that and their checkpatch.pl (that we imported) looks out for that. This is the result of util/scripts/no-fsf-addresses.sh with no further editing. Change-Id: Ie96faea295fe001911d77dbc51e9a6789558fbd6 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/11888 Tested-by: build bot (Jenkins) Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
2015-09-24coreboot: move TS_END_ROMSTAGE to one spotAaron Durbin
While the romstage code flow is not consistent across all mainboards/chipsets there is only one way of running ramstage from romstage -- run_ramstage(). Move the timestamp_add_now(TS_END_ROMSTAGE) to be within run_ramstage(). BUG=chrome-os-partner:44827 BRANCH=None TEST=Built and booted glados. TS_END_ROMSTAGE still present in timestamp table. Change-Id: I4b584e274ce2107e83ca6425491fdc71a138e82c Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/11700 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-08-14stage_cache: make prog const in stage_cache_add()Aaron Durbin
The stage_cache_add() function should not be manipulating the struct prog argument in anyway. Therefore, mark it as const. BUG=chrome-os-partner:43636 BRANCH=None TEST=Built, booted, suspended, and resumed on glados. Original-Change-Id: I4509e478d3c98247b9d776f6534b949d9ba6282c Original-Signed-off-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/290721 Original-Reviewed-by: Leroy P Leahy <leroy.p.leahy@intel.com> Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Change-Id: Ibadc00a9e1cbbf12119def92d77a79077625fb85 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/11192 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-06-26prog_loader: Play nice with gc-sectionsStefan Reinauer
With an x86_64-elf toolchain, this code that is unused outside of ramstage, is causing undefined references. Help the compiler along a little bit by conditionally compiling the code in ramstage only. Change-Id: I75518149b53c24eda4b985b0fef856447e196dec Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-on: http://review.coreboot.org/10585 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-06-02assets: abstract away the firmware assets used for bootingAaron Durbin
As there can be more than one source of firmware assets this patch generalizes the notion of locating a particular asset. struct asset is added along with some helper functions for working on assets as a first class citizen. Change-Id: I2ce575d1e5259aed4c34c3dcfd438abe9db1d7b9 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10264 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
2015-06-02prog_loading: add region_device representing memoryAaron Durbin
One can remove the struct buffer_area and use the region_device embedded in the struct prog to represent the in-memory loaded program. Do this by introducing a addrspace_32bit mem_region_device that can have region_device operations performed on it. The addrspace_32bit name was chosen to make it explicit that 32-bits of address space is supported at the max. Change-Id: Ifffa0ef301141de940e54581b5a7b6cd81311ead Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10261 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
2015-06-02cbfs: new API and better program loadingAaron Durbin
A new CBFS API is introduced to allow making CBFS access easier for providing multiple CBFS sources. That is achieved by decoupling the cbfs source from a CBFS file. A CBFS source is described by a descriptor. It contains the necessary properties for walking a CBFS to locate a file. The CBFS file is then decoupled from the CBFS descriptor in that it's no longer needed to access the contents of the file. All of this is accomplished using the regions infrastructure by repsenting CBFS sources and files as region_devices. Because region_devices can be chained together forming subregions this allows one to decouple a CBFS source from a file. This also allows one to provide CBFS files that came from other sources for payload and/or stage loading. The program loading takes advantage of those very properties by allowing multiple sources for locating a program. Because of this we can reduce the overhead of loading programs because it's all done in the common code paths. Only locating the program is per source. Change-Id: I339b84fce95f03d1dbb63a0f54a26be5eb07f7c8 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/9134 Tested-by: build bot (Jenkins) Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com>