[PATCH v3 1/1] dt-bindings: Add device-perms property description

[PATCH v3 1/1] dt-bindings: Add device-perms property description

[Oleksii Moisieiev]

Document device-perms property which is intended to set the device
permissions for the System Management interfaces.
An example of this interface is SCMI (System Control and Management
Interface) which controls clocks/power-domains/resets etc from the
Firmware. This property sets the device_id to set the device permissions
for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).
Device permissions management described in DEN 0056, Section 4.2.2.10 [0].

For SCMI this property is used by Trusted Agent to set the device permissions
for the Non-Trusted Agents.
Trusted and non-trusted Agent terms described in Section 4.1.1 [0].

[0] https://developer.arm.com/documentation/den0056/latest

Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>
---
Changes V1 -> V2:
   - update parameter name, made it xen-specific
   - add xen vendor bindings

Changes V2 -> V3:
   - update parameter name, make it generic
   - update parameter format, add link to controller
   - do not include xen vendor bindings as already upstreamed
---
 .../bindings/firmware/device-perms.yaml       | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/firmware/device-perms.yaml

diff --git a/Documentation/devicetree/bindings/firmware/device-perms.yaml b/Documentation/devicetree/bindings/firmware/device-perms.yaml
new file mode 100644
index 000000000000..5cf45f7f26d3
--- /dev/null
+++ b/Documentation/devicetree/bindings/firmware/device-perms.yaml
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
+# Copyright 2022 EPAM Systems.
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/firmware/device-perms.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: Device Permission settings for the Firmware
+
+maintainers:
+  - Oleksii Moisieiev <oleksii_moisieiev@epam.com>
+
+select: true
+
+description: |
+  The provided property is intendend to set the device permissions for the
+  System Management interfaces.
+  An expample of such interface is SCMI (System Control and Management
+  Interface) which manages the device permissions via SCMI protocol in the
+  Firmware. Binding provides ID for each related device which should match
+  device ids, defined in the Firmware so the device permissions
+  can be requested by sending BASE_SET_DEVICE_PERMISSIONS (see 4.2.2.10 of [0]).
+
+  For SCMI this property is used by Trusted Agent to set the device permissions
+  for the Non-Trusted Agents.
+
+  [0] https://developer.arm.com/documentation/den0056/latest
+
+properties:
+  device-perms:
+    description: Link to DT node, which should set the device permissions,
+        device unique identifier should be set as the parameter.
+
+additionalProperties: true
+
+examples:
+  - |
+    ohci1: usb@ee0a0000 {
+        /* ... */
+        reg = <0xee0a0000 0x100>;
+        device-perms = <&scmi 11>;
+        clocks = <&scmi_clock 4>;
+    };
-- 
2.27.0

[PATCH v3 0/1] dt-bindings: Add device-perms property description

[Oleksii Moisieiev]

Introduce device-perms property which is intended to set the device
permissions for the System Management interfaces.
An example of this interface is SCMI (System Control and Management
Interface) which controls clocks/power-domains/resets etc from the
Firmware. This property sets the device_id to set the device permissions
for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).
Device permissions management described in DEN 0056, Section 4.2.2.10 [0].
Given parameter should set the device_id, needed to set device
permissions in the Firmware.
This property is used by trusted Agent to set permissions for the devices,
passed-through to the non-trusted Agents. Trusted Agent will use device-perms to
set the Device permissions for the Firmware (See Section 4.2.2.10 [0]
for details).
Agents concept is described in Section 4.2.1 [0].

device-perms in Device-tree node example:
usb@e6590000
{
    device-perms = <&scmi 19>;
    clocks = <&scmi_clock 3>, <&scmi_clock 2>;
    resets = <&scmi_reset 10>, <&scmi_reset 9>;
    power-domains = <&scmi_power 0>;
};

Given example shows the configuration of the hsusb node, which is using
scmi to contol clocks, resets and power-domains. device-perms links to
&scmi phandle and set the permission parameter 19, which should match
defined id for usb in the Firmware.

Current implementation defines Xen hypervisor as trusted Agent and OS
(Linux or other) as non-trusted Agent.
Trusted Agent will use device-perms to set the device permissions for
the Agents. Non-trusted Agent (OS) should not have an access to the permissions
settings, so no code to process device-perms was presented in Linux
kernel.

We are currently contributing changes to Xen, which are intended to
mediate SCMI access from Guests to the Firmware. Xen uses device-perms to set
the permissions for the devices. See [1] thread for details.

[0] https://developer.arm.com/documentation/den0056/latest
[1] https://xen.markmail.org/message/mmi4fpb4qr6e3kad

---
Changes V1 -> V2:
   - update parameter name, made it xen-specific
   - add xen vendor bindings

Changes V2 -> V3:
   - update parameter name, make it generic
   - update parameter format, add link to controller
   - do not include xen vendor bindings as already upstreamed

Oleksii Moisieiev (1):
  dt-bindings: Add device-perms property description

 .../bindings/firmware/device-perms.yaml       | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/firmware/device-perms.yaml

-- 
2.27.0

Re: [PATCH v3 1/1] dt-bindings: Add device-perms property description

[Oleksii Moisieiev]

Hello Rob,

Did you have a chance to take a look on the patch?

--
Oleksii.

On Thu, May 05, 2022 at 11:23:50AM +0000, Oleksii Moisieiev wrote:
> Document device-perms property which is intended to set the device
> permissions for the System Management interfaces.
> An example of this interface is SCMI (System Control and Management
> Interface) which controls clocks/power-domains/resets etc from the
> Firmware. This property sets the device_id to set the device permissions
> for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).
> Device permissions management described in DEN 0056, Section 4.2.2.10 [0].
> 
> For SCMI this property is used by Trusted Agent to set the device permissions
> for the Non-Trusted Agents.
> Trusted and non-trusted Agent terms described in Section 4.1.1 [0].
> 
> [0] https://developer.arm.com/documentation/den0056/latest
> 
> Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>
> ---
> Changes V1 -> V2:
>    - update parameter name, made it xen-specific
>    - add xen vendor bindings
> 
> Changes V2 -> V3:
>    - update parameter name, make it generic
>    - update parameter format, add link to controller
>    - do not include xen vendor bindings as already upstreamed
> ---
>  .../bindings/firmware/device-perms.yaml       | 43 +++++++++++++++++++
>  1 file changed, 43 insertions(+)
>  create mode 100644 Documentation/devicetree/bindings/firmware/device-perms.yaml
> 
> diff --git a/Documentation/devicetree/bindings/firmware/device-perms.yaml b/Documentation/devicetree/bindings/firmware/device-perms.yaml
> new file mode 100644
> index 000000000000..5cf45f7f26d3
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/firmware/device-perms.yaml
> @@ -0,0 +1,43 @@
> +# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
> +# Copyright 2022 EPAM Systems.
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/firmware/device-perms.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: Device Permission settings for the Firmware
> +
> +maintainers:
> +  - Oleksii Moisieiev <oleksii_moisieiev@epam.com>
> +
> +select: true
> +
> +description: |
> +  The provided property is intendend to set the device permissions for the
> +  System Management interfaces.
> +  An expample of such interface is SCMI (System Control and Management
> +  Interface) which manages the device permissions via SCMI protocol in the
> +  Firmware. Binding provides ID for each related device which should match
> +  device ids, defined in the Firmware so the device permissions
> +  can be requested by sending BASE_SET_DEVICE_PERMISSIONS (see 4.2.2.10 of [0]).
> +
> +  For SCMI this property is used by Trusted Agent to set the device permissions
> +  for the Non-Trusted Agents.
> +
> +  [0] https://developer.arm.com/documentation/den0056/latest
> +
> +properties:
> +  device-perms:
> +    description: Link to DT node, which should set the device permissions,
> +        device unique identifier should be set as the parameter.
> +
> +additionalProperties: true
> +
> +examples:
> +  - |
> +    ohci1: usb@ee0a0000 {
> +        /* ... */
> +        reg = <0xee0a0000 0x100>;
> +        device-perms = <&scmi 11>;
> +        clocks = <&scmi_clock 4>;
> +    };
> -- 
> 2.27.0

Re: [PATCH v3 0/1] dt-bindings: Add device-perms property description

[Rob Herring]

On Thu, May 05, 2022 at 11:23:50AM +0000, Oleksii Moisieiev wrote:
> Introduce device-perms property which is intended to set the device
> permissions for the System Management interfaces.
> An example of this interface is SCMI (System Control and Management
> Interface) which controls clocks/power-domains/resets etc from the
> Firmware. This property sets the device_id to set the device permissions
> for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).

Is that an exhaustive list of controls? Seems like there would be a 
GET_DEVICE_PERMISSIONS.

> Device permissions management described in DEN 0056, Section 4.2.2.10 [0].
> Given parameter should set the device_id, needed to set device
> permissions in the Firmware.
> This property is used by trusted Agent to set permissions for the devices,
> passed-through to the non-trusted Agents. Trusted Agent will use device-perms to
> set the Device permissions for the Firmware (See Section 4.2.2.10 [0]
> for details).
> Agents concept is described in Section 4.2.1 [0].

As I said on the call discussing this, this looks very similar to other 
proposals wanting to control or check permissions on devices handled by 
some provider. While the consumer of the binding is different in various 
proposals, that doesn't really matter from a DT perspective. DT is just 
describing some type of connection between nodes. So I'm looking for 
collaboration here with folks that have made prior proposals. To put it 
another way, for a new common binding like this, I want to see more than 
one user. 

> 
> device-perms in Device-tree node example:
> usb@e6590000
> {
>     device-perms = <&scmi 19>;

Please follow typical design patterns. For example, all of these:

>     clocks = <&scmi_clock 3>, <&scmi_clock 2>;
>     resets = <&scmi_reset 10>, <&scmi_reset 9>;
>     power-domains = <&scmi_power 0>;

The provider is what determines the number of cells and their meaning. 
That's certainly the case here.

> };
> 
> Given example shows the configuration of the hsusb node, which is using
> scmi to contol clocks, resets and power-domains. device-perms links to
> &scmi phandle and set the permission parameter 19, which should match
> defined id for usb in the Firmware.

See, the provider is what determines the meaning.

> Current implementation defines Xen hypervisor as trusted Agent and OS
> (Linux or other) as non-trusted Agent.
> Trusted Agent will use device-perms to set the device permissions for
> the Agents. Non-trusted Agent (OS) should not have an access to the permissions
> settings, so no code to process device-perms was presented in Linux
> kernel.
> 
> We are currently contributing changes to Xen, which are intended to
> mediate SCMI access from Guests to the Firmware. Xen uses device-perms to set
> the permissions for the devices. See [1] thread for details.
> 
> [0] https://developer.arm.com/documentation/den0056/latest
> [1] https://xen.markmail.org/message/mmi4fpb4qr6e3kad
> 
> ---
> Changes V1 -> V2:
>    - update parameter name, made it xen-specific
>    - add xen vendor bindings
> 
> Changes V2 -> V3:
>    - update parameter name, make it generic
>    - update parameter format, add link to controller
>    - do not include xen vendor bindings as already upstreamed
> 
> Oleksii Moisieiev (1):
>   dt-bindings: Add device-perms property description
> 
>  .../bindings/firmware/device-perms.yaml       | 43 +++++++++++++++++++
>  1 file changed, 43 insertions(+)
>  create mode 100644 Documentation/devicetree/bindings/firmware/device-perms.yaml
> 
> -- 
> 2.27.0
> 

Re: [PATCH v3 0/1] dt-bindings: Add device-perms property description

[Stefano Stabellini]

On Wed, 1 Jun 2022, Rob Herring wrote:
> On Thu, May 05, 2022 at 11:23:50AM +0000, Oleksii Moisieiev wrote:
> > Introduce device-perms property which is intended to set the device
> > permissions for the System Management interfaces.
> > An example of this interface is SCMI (System Control and Management
> > Interface) which controls clocks/power-domains/resets etc from the
> > Firmware. This property sets the device_id to set the device permissions
> > for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).
> 
> Is that an exhaustive list of controls? Seems like there would be a 
> GET_DEVICE_PERMISSIONS.
> 
> > Device permissions management described in DEN 0056, Section 4.2.2.10 [0].
> > Given parameter should set the device_id, needed to set device
> > permissions in the Firmware.
> > This property is used by trusted Agent to set permissions for the devices,
> > passed-through to the non-trusted Agents. Trusted Agent will use device-perms to
> > set the Device permissions for the Firmware (See Section 4.2.2.10 [0]
> > for details).
> > Agents concept is described in Section 4.2.1 [0].
> 
> As I said on the call discussing this, this looks very similar to other 
> proposals wanting to control or check permissions on devices handled by 
> some provider. While the consumer of the binding is different in various 
> proposals, that doesn't really matter from a DT perspective. DT is just 
> describing some type of connection between nodes. So I'm looking for 
> collaboration here with folks that have made prior proposals. To put it 
> another way, for a new common binding like this, I want to see more than 
> one user. 

Do you have a pointer to another similar proposal or the name of someone
that might be interested and might be having a second use-case for this?

Re: [PATCH v3 0/1] dt-bindings: Add device-perms property description

[Rob Herring]

On Thu, Jun 02, 2022 at 06:19:00PM -0700, Stefano Stabellini wrote:
> On Wed, 1 Jun 2022, Rob Herring wrote:
> > On Thu, May 05, 2022 at 11:23:50AM +0000, Oleksii Moisieiev wrote:
> > > Introduce device-perms property which is intended to set the device
> > > permissions for the System Management interfaces.
> > > An example of this interface is SCMI (System Control and Management
> > > Interface) which controls clocks/power-domains/resets etc from the
> > > Firmware. This property sets the device_id to set the device permissions
> > > for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).
> > 
> > Is that an exhaustive list of controls? Seems like there would be a 
> > GET_DEVICE_PERMISSIONS.
> > 
> > > Device permissions management described in DEN 0056, Section 4.2.2.10 [0].
> > > Given parameter should set the device_id, needed to set device
> > > permissions in the Firmware.
> > > This property is used by trusted Agent to set permissions for the devices,
> > > passed-through to the non-trusted Agents. Trusted Agent will use device-perms to
> > > set the Device permissions for the Firmware (See Section 4.2.2.10 [0]
> > > for details).
> > > Agents concept is described in Section 4.2.1 [0].
> > 
> > As I said on the call discussing this, this looks very similar to other 
> > proposals wanting to control or check permissions on devices handled by 
> > some provider. While the consumer of the binding is different in various 
> > proposals, that doesn't really matter from a DT perspective. DT is just 
> > describing some type of connection between nodes. So I'm looking for 
> > collaboration here with folks that have made prior proposals. To put it 
> > another way, for a new common binding like this, I want to see more than 
> > one user. 
> 
> Do you have a pointer to another similar proposal or the name of someone
> that might be interested and might be having a second use-case for this?

ST folks who were on the call... IIRC from earlier SystemDT calls, that 
Xilinx had a similar need? Here's the various proposals I found:

https://lore.kernel.org/all/20200701132523.32533-1-benjamin.gaignard@st.com/
https://lore.kernel.org/all/20190318100605.29120-1-benjamin.gaignard@st.com/
https://lore.kernel.org/all/20180227140926.22996-1-benjamin.gaignard@st.com/

The h/w in question is the ETZPC or TZPC. I would guess the SCMI 
interface was designed with this h/w in mind.

Rob