Drivers taking different actions depending on sleep state

Sat Jun 10 02:16:48 PDT 2017

On 09/06/2017 23:30, Pavel Machek wrote:
> On Fri 2017-06-09 18:27:45, Mason wrote:
>> On 09/06/2017 17:20, Mason wrote:
>>
>>> Currently my platform's "mem" is a true suspend-to-RAM trigger,
>>> where drivers are supposed to save their state (register values
>>> will be lost), then Linux hands control over to firmware which
>>> enables RAM self-refresh and powers the chip down. When the system
>>> resumes, drivers restore their state from their copy in memory.
>>>
>>> One driver is responsible for loading/unloading microcode running
>>> on the DSPs. This operation is required only when powering down
>>> the chip, but it should be avoided for "low-latency" sleeps.
>>>
>>> The problem is that, if I understand correctly, drivers have no way
>>> of knowing which sleep state is being entered/exited?
>>>
>>> How can I have the microcode driver take different decisions
>>> based on the sleep state?
> 
> Well... question "does my chip lose state during standby/mem on _this_
> machine" is more complex then "is it standby or mem", right?

I think it's binary...
If power to the DSPs is cut, then they lose state.
If the DSPs remain powered, then they maintain state.

"mem" powers the entire chip down, including the DSPs
(by implementation's choice) but we are investigating
a lower-latency sleep state that wouldn't cut power.

> You should really ask the regulator framework, not core code.

The issue is that power cutting is not handled in Linux,
it is done by firmware. So I'm not sure what there is
to ask to the regulator framework?

>> Mason385	javier__: there's some authentication required when S2R is involved (from the firmware)
>> javier__	Mason385: ah, Ok. I just asked because if it was the latter, the regulator subsystem has infrastructure to keep the regulators on during S2R
>> Mason385	javier__: OK so there's two issues. We are required to
>> re-authenticate microcode when resuming from S2R (because someone
>> "may" have tampered with the contents) and on suspend, power is cut
>> to the DSPs and they lose context
> 
> I'm not sure what you are developing. Someone also "may" have modified
> the microcode while you were running. Someone also "may" have modified
> the kernel in RAM. Not sure what you are developing, but protecting
> against attacker with direct hardware access is impossible and not
> welcome.

There is no point in discussing the technical relevance
of these requirements, because they are *mandatory* for
certification. No certification, no customer.

So the feature must be implemented, whether it increases
"security" or not. FTR, what is being bitterly defended
is Hollywood's pixels.

Regards.