From: Grant Likely <grant.likely@secretlab.ca>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Olof Johansson <olof@lixom.net>,
scott.branden@broadcom.com,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>, Arnd Bergmann <arnd@arndb.de>,
bcm-kernel-feedback-list@broadcom.com,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Leif Lindholm <leif.lindholm@linaro.org>,
Alexander Graf <agraf@suse.de>
Subject: Re: [PATCH] arm64: defconfig: enable EFI_ARMSTUB_DTB_LOADER
Date: Wed, 5 Sep 2018 20:09:50 +0100 [thread overview]
Message-ID: <CACxGe6vSAjO3N-_6OHASHiDLpN+0b3=p54WWq93GgCY=YGQiKw@mail.gmail.com> (raw)
In-Reply-To: <CAKv+Gu_zDJ11+CjgpBPRm2C66sUq6bzGGA2EBCZoDXa-3NdYNA@mail.gmail.com>
On Wed, Sep 5, 2018 at 10:37 AM Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 4 September 2018 at 12:13, Grant Likely <grant.likely@secretlab.ca> wrote:
> > On Tue, Sep 4, 2018 at 7:24 AM Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> >>
> >> On 2 September 2018 at 04:54, Olof Johansson <olof@lixom.net> wrote:
> >> > On Thu, Aug 30, 2018 at 9:23 AM, Ard Biesheuvel
> >> > <ard.biesheuvel@linaro.org> wrote:
> >> >> On 30 August 2018 at 17:06, Olof Johansson <olof@lixom.net> wrote:
> >> >>> On Wed, Aug 29, 2018 at 10:54 PM, Ard Biesheuvel
> >> >>> <ard.biesheuvel@linaro.org> wrote:
> >> >>>> Don't be surprised if some future enhancements of the EFI stub code
> >> >>>> depend on !EFI_ARMSTUB_DTB_LOADER.
> >
> > That's an odd statement to make. The DTB loader code is well contained
> > and with defined semantics... True, the semantics are "I DON'T BELIEVE
> > FIRMWARE", but it is still well defined. What scenario are you
> > envisioning where EFI_ARMSTUB_DTB_LOADER would be explicitly excluded?
> >
>
> Well, to be honest, I don't have a real-world example at hand, but my
> concern is about cases where the firmware provided DTB and the
> override DTB diverge in a way that leaves it up to the EFI stub to
> reconcile them and/or to reason about which one it should prefer.
>
> One example could be OP-TEE support: currently, we put a
> /firmware/optee node in the DT to inform the OS that OP-TEE is running
> in the secure world. If we allow a DT to be provided via dtb= that
> provides such a node, we are blocking all future opportunities in
> future kernels to do any kind of preparatory OP-TEE related
> initialization in the EFI stub [while boot services are still
> available] unless we decide to make it the EFI stub's problem to
> reason about which version of the DT is the correct one to use. What
> if the firmware's DT has /firmware/optee/status = disabled and the
> dtb= one does not?
>
> Another trivial example is GRUB: passing dtb= via the command line
> will break initrds loaded via GRUB, since they are passed via the
> /chosen node.
Using 'dtb=' straight out means *I don't believe anything firmware
tells me*, so of course nothing like OP-TEE integration, command line
passing, dynamic configuration, or anything that firmware might want
to tell the kernel is going to work. Anyone who uses dtb= gets to keep
the pieces when they break stuff. That can be written down into policy
in the dtb= documentation if you like. I've just posted a patch to do
that.
g.
WARNING: multiple messages have this Message-ID (diff)
From: grant.likely@secretlab.ca (Grant Likely)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: defconfig: enable EFI_ARMSTUB_DTB_LOADER
Date: Wed, 5 Sep 2018 20:09:50 +0100 [thread overview]
Message-ID: <CACxGe6vSAjO3N-_6OHASHiDLpN+0b3=p54WWq93GgCY=YGQiKw@mail.gmail.com> (raw)
In-Reply-To: <CAKv+Gu_zDJ11+CjgpBPRm2C66sUq6bzGGA2EBCZoDXa-3NdYNA@mail.gmail.com>
On Wed, Sep 5, 2018 at 10:37 AM Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 4 September 2018 at 12:13, Grant Likely <grant.likely@secretlab.ca> wrote:
> > On Tue, Sep 4, 2018 at 7:24 AM Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> >>
> >> On 2 September 2018 at 04:54, Olof Johansson <olof@lixom.net> wrote:
> >> > On Thu, Aug 30, 2018 at 9:23 AM, Ard Biesheuvel
> >> > <ard.biesheuvel@linaro.org> wrote:
> >> >> On 30 August 2018 at 17:06, Olof Johansson <olof@lixom.net> wrote:
> >> >>> On Wed, Aug 29, 2018 at 10:54 PM, Ard Biesheuvel
> >> >>> <ard.biesheuvel@linaro.org> wrote:
> >> >>>> Don't be surprised if some future enhancements of the EFI stub code
> >> >>>> depend on !EFI_ARMSTUB_DTB_LOADER.
> >
> > That's an odd statement to make. The DTB loader code is well contained
> > and with defined semantics... True, the semantics are "I DON'T BELIEVE
> > FIRMWARE", but it is still well defined. What scenario are you
> > envisioning where EFI_ARMSTUB_DTB_LOADER would be explicitly excluded?
> >
>
> Well, to be honest, I don't have a real-world example at hand, but my
> concern is about cases where the firmware provided DTB and the
> override DTB diverge in a way that leaves it up to the EFI stub to
> reconcile them and/or to reason about which one it should prefer.
>
> One example could be OP-TEE support: currently, we put a
> /firmware/optee node in the DT to inform the OS that OP-TEE is running
> in the secure world. If we allow a DT to be provided via dtb= that
> provides such a node, we are blocking all future opportunities in
> future kernels to do any kind of preparatory OP-TEE related
> initialization in the EFI stub [while boot services are still
> available] unless we decide to make it the EFI stub's problem to
> reason about which version of the DT is the correct one to use. What
> if the firmware's DT has /firmware/optee/status = disabled and the
> dtb= one does not?
>
> Another trivial example is GRUB: passing dtb= via the command line
> will break initrds loaded via GRUB, since they are passed via the
> /chosen node.
Using 'dtb=' straight out means *I don't believe anything firmware
tells me*, so of course nothing like OP-TEE integration, command line
passing, dynamic configuration, or anything that firmware might want
to tell the kernel is going to work. Anyone who uses dtb= gets to keep
the pieces when they break stuff. That can be written down into policy
in the dtb= documentation if you like. I've just posted a patch to do
that.
g.
next prev parent reply other threads:[~2018-09-05 19:10 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-29 17:21 [PATCH] arm64: defconfig: enable EFI_ARMSTUB_DTB_LOADER Scott Branden
2018-08-29 17:21 ` Scott Branden
2018-08-29 18:44 ` Olof Johansson
2018-08-29 18:44 ` Olof Johansson
2018-08-29 18:59 ` Scott Branden
2018-08-29 18:59 ` Scott Branden
2018-08-30 5:54 ` Ard Biesheuvel
2018-08-30 5:54 ` Ard Biesheuvel
2018-08-30 15:06 ` Olof Johansson
2018-08-30 15:06 ` Olof Johansson
2018-08-30 16:23 ` Ard Biesheuvel
2018-08-30 16:23 ` Ard Biesheuvel
2018-08-31 21:28 ` Scott Branden
2018-08-31 21:28 ` Scott Branden
2018-09-02 2:54 ` Olof Johansson
2018-09-02 2:54 ` Olof Johansson
2018-09-04 6:23 ` Ard Biesheuvel
2018-09-04 6:23 ` Ard Biesheuvel
2018-09-04 10:13 ` Grant Likely
2018-09-04 10:13 ` Grant Likely
2018-09-04 17:19 ` Scott Branden
2018-09-04 17:19 ` Scott Branden
2018-09-05 9:40 ` Ard Biesheuvel
2018-09-05 9:40 ` Ard Biesheuvel
2018-09-05 17:27 ` Scott Branden
2018-09-05 17:27 ` Scott Branden
2018-09-05 18:00 ` Grant Likely
2018-09-05 18:00 ` Grant Likely
2018-09-05 18:04 ` Scott Branden
2018-09-05 18:04 ` Scott Branden
2018-09-09 11:07 ` Catalin Marinas
2018-09-09 11:07 ` Catalin Marinas
2018-09-09 15:55 ` Ard Biesheuvel
2018-09-09 15:55 ` Ard Biesheuvel
2018-09-04 17:28 ` Olof Johansson
2018-09-04 17:28 ` Olof Johansson
2018-09-05 9:37 ` Ard Biesheuvel
2018-09-05 9:37 ` Ard Biesheuvel
2018-09-05 19:09 ` Grant Likely [this message]
2018-09-05 19:09 ` Grant Likely
2018-09-10 17:53 ` Scott Branden
2018-09-10 17:53 ` Scott Branden
2018-09-10 18:01 ` Olof Johansson
2018-09-10 18:01 ` Olof Johansson
2018-09-10 18:08 ` Ard Biesheuvel
2018-09-10 18:08 ` Ard Biesheuvel
2018-09-13 20:22 ` Scott Branden
2018-09-13 20:22 ` Scott Branden
2018-09-14 6:06 ` Ard Biesheuvel
2018-09-14 6:06 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACxGe6vSAjO3N-_6OHASHiDLpN+0b3=p54WWq93GgCY=YGQiKw@mail.gmail.com' \
--to=grant.likely@secretlab.ca \
--cc=agraf@suse.de \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=catalin.marinas@arm.com \
--cc=leif.lindholm@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=olof@lixom.net \
--cc=scott.branden@broadcom.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.