Message ID | 20230413085206.149730-3-iivanov@suse.de |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp885712vqo; Thu, 13 Apr 2023 01:54:38 -0700 (PDT) X-Google-Smtp-Source: AKy350YWunagQkP7HcW9OmhOS6fp7Ox2USBSRfsUpLDkxe0CpXpTFFZJBpO8iA3YDIKJHZEYU/4P X-Received: by 2002:a05:6a20:4d9d:b0:eb:e22b:ef9f with SMTP id gj29-20020a056a204d9d00b000ebe22bef9fmr1394557pzb.36.1681376077797; Thu, 13 Apr 2023 01:54:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681376077; cv=none; d=google.com; s=arc-20160816; b=jPjZkXCXUgcwERHTEyc+20KLm+3FeJ6boGdy6Kd6Ma0hrWXBCJDhaHvGy72dAu+yiY 3qLQU7IIFPXa12XFJDsQ4f/LV1q1s7CIHIQgsplsUtdMa67zEJoB2oDT+y+ZzOL3b60L FqbMv3I7uFIcXd2PoUY93DZq9yxleLdkX8u4iD3nkZCxuYzDn9hP4vR6uN/xlPj19j1+ iX20XLmthIhwHr01zY//41I2j9h4Ekq9vO9gqZdnRXIkkN7R1CDEKxqY5BP51mzN1YDN 4uwpprQFxpAqaTBvRtMIuJmR6On5217Fznc1OQw2kSmZStKEZb5piCF3qvm6hnwUSIH7 GIjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=Vw1ZoNwWrSTGCF9w3p1Uuiz6HkW0chKEEXorzYdcJC8=; b=GASkvuxFFK3ZUwuUWmarBNAxQ2VRLrVjkfoQ8Kns2ZrTKOcLu2GM/sUE8GbuRZchR9 4DBwkZUOXQJrRn8cXBCKO+COtzxtlAyv3agule3vbWlbdb3t59xigXZaYRl5X7uQX6nb IwwD4SZKU6qVrDC43Il/IxWtXlsLLjgRwn966yq41LVCcHubFGdJI6URwe8OmE6v3XL2 Juap/rcY4/WzGRvxpW4EY4Nf4PJAM4i1zrGY8QrBZK/fTflF9AgIILVdeUXQBLLXMMCr V5y2jYxcF71LhlQxM1lmHLrVlq1ggSF2bqaxeo8ww/U5Mw3Z/fsZIUHsL9fGEPGoV69J V84A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=fdEKnQ9D; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b6-20020a656686000000b0051909d663desi1550573pgw.481.2023.04.13.01.54.25; Thu, 13 Apr 2023 01:54:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=fdEKnQ9D; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229648AbjDMIxf (ORCPT <rfc822;peter110.wang@gmail.com> + 99 others); Thu, 13 Apr 2023 04:53:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229922AbjDMIxT (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 13 Apr 2023 04:53:19 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4554993CA for <linux-kernel@vger.kernel.org>; Thu, 13 Apr 2023 01:53:06 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id F40911FD68; Thu, 13 Apr 2023 08:53:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1681375985; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Vw1ZoNwWrSTGCF9w3p1Uuiz6HkW0chKEEXorzYdcJC8=; b=fdEKnQ9DznBOosiiDYeBvRSZ4TdmZiA9We57/ZfpE/tUk5DzZ+sbRtX9EEM2Ow7QBa1yQy RsMvuZoF/BnCguN5YcrEaL+EsFFNu7JgdaJ0min47h6wyt7WNAafY5SMOtbLe9ZRNVS5vu Gx+GoJyuW0U4Z/Z14udlXGHYTGda2xI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1681375985; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Vw1ZoNwWrSTGCF9w3p1Uuiz6HkW0chKEEXorzYdcJC8=; b=mFlVifnwk8TtEc5aaOWUwgDbFirHu/qEIAW+bmbqRAvZPQphqnw9nuQeCukJIUdiuvkmMr p/glk/SPaCfJ4KBA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id E205313421; Thu, 13 Apr 2023 08:53:04 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id EBLyNvDCN2RyIAAAMHmgww (envelope-from <iivanov@suse.de>); Thu, 13 Apr 2023 08:53:04 +0000 From: "Ivan T. Ivanov" <iivanov@suse.de> To: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Cc: Nicolas Saenz Julienne <nsaenz@kernel.org>, Florian Fainelli <f.fainelli@gmail.com>, Stefan Wahren <stefan.wahren@i2se.com>, Tim Gover <tim.gover@raspberrypi.com>, Phil Elwell <phil@raspberrypi.com>, linux-rpi-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, "Ivan T . Ivanov" <iivanov@suse.de> Subject: [PATCH v2 2/2] ARM: dts: Add nvmem node for BCM2711 bootloader public key Date: Thu, 13 Apr 2023 11:52:06 +0300 Message-Id: <20230413085206.149730-3-iivanov@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230413085206.149730-1-iivanov@suse.de> References: <20230413085206.149730-1-iivanov@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763050601994493316?= X-GMAIL-MSGID: =?utf-8?q?1763050601994493316?= |
Series |
nvmem: rmem: Make reserved region name unique
|
|
Commit Message
Ivan T. Ivanov
April 13, 2023, 8:52 a.m. UTC
From: Tim Gover <tim.gover@raspberrypi.com> Make a copy of the bootloader secure-boot public key available to the OS via an nvmem node. The placement information is populated by the Raspberry Pi firmware if a public key is present in the BCM2711 bootloader EEPROM. Signed-off-by: Tim Gover <tim.gover@raspberrypi.com> Signed-off-by: Ivan T. Ivanov <iivanov@suse.de> --- arch/arm/boot/dts/bcm2711-rpi.dtsi | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
Comments
Hi Ivan, Am 13.04.23 um 10:52 schrieb Ivan T. Ivanov: > From: Tim Gover <tim.gover@raspberrypi.com> > > Make a copy of the bootloader secure-boot public key available to the OS > via an nvmem node. The placement information is populated by the > Raspberry Pi firmware if a public key is present in the BCM2711 > bootloader EEPROM. It would be nice to have a helpful link like: https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes > > Signed-off-by: Tim Gover <tim.gover@raspberrypi.com> > Signed-off-by: Ivan T. Ivanov <iivanov@suse.de> > --- > arch/arm/boot/dts/bcm2711-rpi.dtsi | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/arch/arm/boot/dts/bcm2711-rpi.dtsi b/arch/arm/boot/dts/bcm2711-rpi.dtsi > index 98817a6675b9..e30fbe84f9c3 100644 > --- a/arch/arm/boot/dts/bcm2711-rpi.dtsi > +++ b/arch/arm/boot/dts/bcm2711-rpi.dtsi > @@ -15,6 +15,7 @@ aliases { > ethernet0 = &genet; > pcie0 = &pcie0; > blconfig = &blconfig; > + blpubkey = &blpubkey; > }; > }; > > @@ -67,6 +68,19 @@ blconfig: nvram@0 { > no-map; > status = "disabled"; > }; > + > + /* > + * RPi4 will copy the binary public key blob (if present) from the bootloader > + * into memory for use by the OS. > + */ > + blpubkey: nvram@1 { > + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; Yes this looks better, but this introduce a new dtbs_check issue. The new compatible must be documented in Documentation/devicetree/bindings/nvmem/rmem.yaml in a separate patch and reviewed by the DT guys. Btw better use linux-arm-kernel list instead of lkml Best regards > + #address-cells = <1>; > + #size-cells = <1>; > + reg = <0x0 0x0 0x0>; > + no-map; > + status = "disabled"; > + }; > }; > > &v3d {
On 04-13 18:15, Stefan Wahren wrote: > > Hi Ivan, > > Am 13.04.23 um 10:52 schrieb Ivan T. Ivanov: > > From: Tim Gover <tim.gover@raspberrypi.com> > > > > Make a copy of the bootloader secure-boot public key available to the OS > > via an nvmem node. The placement information is populated by the > > Raspberry Pi firmware if a public key is present in the BCM2711 > > bootloader EEPROM. > > It would be nice to have a helpful link like: > https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes Yep, make sense. > > + > > + /* > > + * RPi4 will copy the binary public key blob (if present) from the bootloader > > + * into memory for use by the OS. > > + */ > > + blpubkey: nvram@1 { > > + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; > > Yes this looks better, but this introduce a new dtbs_check issue. The new Oops, yes, I forgot to make this check. > compatible must be documented in > Documentation/devicetree/bindings/nvmem/rmem.yaml in a separate patch and > reviewed by the DT guys. Or I can drop the new compatible string altogether? It looks like only alias is strictly required?! Tim Gover is this correct? Regards, Ivan
Hi Ivan, Am 13.04.23 um 20:18 schrieb Ivan T. Ivanov: > On 04-13 18:15, Stefan Wahren wrote: >> >> Hi Ivan, >> >> Am 13.04.23 um 10:52 schrieb Ivan T. Ivanov: >>> From: Tim Gover <tim.gover@raspberrypi.com> >>> >>> Make a copy of the bootloader secure-boot public key available to the OS >>> via an nvmem node. The placement information is populated by the >>> Raspberry Pi firmware if a public key is present in the BCM2711 >>> bootloader EEPROM. >> >> It would be nice to have a helpful link like: >> https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes > > Yep, make sense. > >>> + >>> + /* >>> + * RPi4 will copy the binary public key blob (if present) from the bootloader >>> + * into memory for use by the OS. >>> + */ >>> + blpubkey: nvram@1 { >>> + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; >> >> Yes this looks better, but this introduce a new dtbs_check issue. The new > > Oops, yes, I forgot to make this check. > >> compatible must be documented in >> Documentation/devicetree/bindings/nvmem/rmem.yaml in a separate patch and >> reviewed by the DT guys. > > Or I can drop the new compatible string altogether? It looks like > only alias is strictly required?! Tim Gover is this correct? i cannot speak for the firmware side, but i think we should try to keep it compatible with the vendor DTB here. > > Regards, > Ivan >
On Thu, 13 Apr 2023 at 19:44, Stefan Wahren <stefan.wahren@i2se.com> wrote: > > Hi Ivan, > > Am 13.04.23 um 20:18 schrieb Ivan T. Ivanov: > > On 04-13 18:15, Stefan Wahren wrote: > >> > >> Hi Ivan, > >> > >> Am 13.04.23 um 10:52 schrieb Ivan T. Ivanov: > >>> From: Tim Gover <tim.gover@raspberrypi.com> > >>> > >>> Make a copy of the bootloader secure-boot public key available to the OS > >>> via an nvmem node. The placement information is populated by the > >>> Raspberry Pi firmware if a public key is present in the BCM2711 > >>> bootloader EEPROM. > >> > >> It would be nice to have a helpful link like: > >> https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes > > > > Yep, make sense. > > > >>> + > >>> + /* > >>> + * RPi4 will copy the binary public key blob (if present) from the bootloader > >>> + * into memory for use by the OS. > >>> + */ > >>> + blpubkey: nvram@1 { > >>> + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; > >> > >> Yes this looks better, but this introduce a new dtbs_check issue. The new > > > > Oops, yes, I forgot to make this check. > > > >> compatible must be documented in > >> Documentation/devicetree/bindings/nvmem/rmem.yaml in a separate patch and > >> reviewed by the DT guys. > > > > Or I can drop the new compatible string altogether? It looks like > > only alias is strictly required?! Tim Gover is this correct? > > i cannot speak for the firmware side, but i think we should try to keep > it compatible with the vendor DTB here. > The firmware doesn't look at the compatible string. It locates the nodes to update using the 'blconfig' and 'blpubkey' aliases. Userspace scripts (including the documentation example) should also use these aliases. Therefore, I don't think it matters if the compatible strings is modified, but I won't pretend to know what the correct DT style is here :) Tim
Hi, Am 13.04.23 um 21:28 schrieb Tim Gover: > On Thu, 13 Apr 2023 at 19:44, Stefan Wahren <stefan.wahren@i2se.com> wrote: >> >> Hi Ivan, >> >> Am 13.04.23 um 20:18 schrieb Ivan T. Ivanov: >>> On 04-13 18:15, Stefan Wahren wrote: >>>> >>>> Hi Ivan, >>>> >>>> Am 13.04.23 um 10:52 schrieb Ivan T. Ivanov: >>>>> From: Tim Gover <tim.gover@raspberrypi.com> >>>>> >>>>> Make a copy of the bootloader secure-boot public key available to the OS >>>>> via an nvmem node. The placement information is populated by the >>>>> Raspberry Pi firmware if a public key is present in the BCM2711 >>>>> bootloader EEPROM. >>>> >>>> It would be nice to have a helpful link like: >>>> https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes >>> >>> Yep, make sense. >>> >>>>> + >>>>> + /* >>>>> + * RPi4 will copy the binary public key blob (if present) from the bootloader >>>>> + * into memory for use by the OS. >>>>> + */ >>>>> + blpubkey: nvram@1 { >>>>> + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; >>>> >>>> Yes this looks better, but this introduce a new dtbs_check issue. The new >>> >>> Oops, yes, I forgot to make this check. >>> >>>> compatible must be documented in >>>> Documentation/devicetree/bindings/nvmem/rmem.yaml in a separate patch and >>>> reviewed by the DT guys. >>> >>> Or I can drop the new compatible string altogether? It looks like >>> only alias is strictly required?! Tim Gover is this correct? >> >> i cannot speak for the firmware side, but i think we should try to keep >> it compatible with the vendor DTB here. >> > > The firmware doesn't look at the compatible string. It locates the > nodes to update using the 'blconfig' and 'blpubkey' aliases. Userspace > scripts (including the documentation example) should also use these > aliases. > Therefore, I don't think it matters if the compatible strings is > modified, but I won't pretend to know what the correct DT style is > here :) okay, regardless of the compatible string the patch must be send to the DT maintainers and the devicetree mailing list otherwise they don't have any chance to review. Thanks > > Tim
Hi, On 04-16 15:11, Stefan Wahren wrote: > > > > > > > > Or I can drop the new compatible string altogether? It looks like > > > > only alias is strictly required?! Tim Gover is this correct? > > > > > > i cannot speak for the firmware side, but i think we should try to keep > > > it compatible with the vendor DTB here. > > > > > > > The firmware doesn't look at the compatible string. It locates the > > nodes to update using the 'blconfig' and 'blpubkey' aliases. Userspace > > scripts (including the documentation example) should also use these > > aliases. > > Therefore, I don't think it matters if the compatible strings is > > modified, but I won't pretend to know what the correct DT style is > > here :) Ok. Perhaps Stefan have a point and will be better if we keep things in sync between vendor DTS and upstream one. > > okay, regardless of the compatible string the patch must be send to the DT > maintainers and the devicetree mailing list otherwise they don't have any > chance to review. > Sure, my fault. I just used list of recipients from the initial patch. Regards, Ivan
diff --git a/arch/arm/boot/dts/bcm2711-rpi.dtsi b/arch/arm/boot/dts/bcm2711-rpi.dtsi index 98817a6675b9..e30fbe84f9c3 100644 --- a/arch/arm/boot/dts/bcm2711-rpi.dtsi +++ b/arch/arm/boot/dts/bcm2711-rpi.dtsi @@ -15,6 +15,7 @@ aliases { ethernet0 = &genet; pcie0 = &pcie0; blconfig = &blconfig; + blpubkey = &blpubkey; }; }; @@ -67,6 +68,19 @@ blconfig: nvram@0 { no-map; status = "disabled"; }; + + /* + * RPi4 will copy the binary public key blob (if present) from the bootloader + * into memory for use by the OS. + */ + blpubkey: nvram@1 { + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x0 0x0 0x0>; + no-map; + status = "disabled"; + }; }; &v3d {