[PATCH 0/3] STM32 Extended TrustZone Protection driver
Robin Murphy
robin.murphy at arm.com
Tue Feb 27 11:46:29 PST 2018
On 27/02/18 19:16, Benjamin Gaignard wrote:
> 2018-02-27 18:11 GMT+01:00 Mark Rutland <mark.rutland at arm.com>:
>> On Tue, Feb 27, 2018 at 03:09:23PM +0100, Benjamin Gaignard wrote:
>>> On early boot stages STM32MP1 platform is able to dedicate some hardware blocks
>>> to a secure OS running in TrustZone.
>>> We need to avoid using those hardware blocks on non-secure context (i.e. kernel)
>>> because read/write access will all be discarded.
>>>
>>> Extended TrustZone Protection driver register itself as listener of
>>> BUS_NOTIFY_BIND_DRIVER and check, given the device address, if the hardware block
>>> could be used in a Linux context. If not it returns NOTIFY_BAD to driver core
>>> to stop driver probing.
>>
>> Huh?
>>
>> If these devices are not usable from the non-secure side, why are they
>> not removed form the DT (or marked disabled)?
>>
>> In other cases, where resources are carved out for the secure side (e.g.
>> DRAM carveouts), that's how we handle things.
>>
>
> That true you can parse and disable a device a boot time but if DT doesn't
> exactly reflect etzpc status bits we will in trouble when try to get access to
> the device.
Well, yes. If the DT doesn't correctly represent the hardware, things
will probably go wrong; that's hardly a novel concept, and it's
certainly not unique to this particular SoC.
> Changing the DT is a software protection while etzpc is an hardware protection
> so we need to check it anyway.
There are several in-tree DT and code examples where devices are marked
as disabled on certain boards/SoC variants/etc. because attempting to
access them can abort/lock up/trigger a secure watchdog reset/etc. The
only "special" thing in this particular situation is apparently that
this device even allows its secure configuration to be probed from the
non-secure side at all.
Implementing a boardfile so that you can "check" the DT makes very
little sense to me; Linux is not a firmware validation suite.
Robin.
More information about the linux-arm-kernel
mailing list