From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDD19C4332B for ; Thu, 11 Mar 2021 11:44:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 73E0E64FFB for ; Thu, 11 Mar 2021 11:44:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232798AbhCKLnh (ORCPT ); Thu, 11 Mar 2021 06:43:37 -0500 Received: from mail-out.m-online.net ([212.18.0.10]:44764 "EHLO mail-out.m-online.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232719AbhCKLnL (ORCPT ); Thu, 11 Mar 2021 06:43:11 -0500 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4Dx6Wv6wKFz1ry9k; Thu, 11 Mar 2021 12:43:07 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 4Dx6Wv4vCTz1qr4m; Thu, 11 Mar 2021 12:43:07 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id bwhSiK_6OLsr; Thu, 11 Mar 2021 12:43:05 +0100 (CET) X-Auth-Info: PWDLWpU/RF1mQ0vyUrR2TmlPpbT0QFk+u0aQwwhF6ik= Received: from [127.0.0.1] (p578adb1c.dip0.t-ipconnect.de [87.138.219.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Thu, 11 Mar 2021 12:43:05 +0100 (CET) Subject: Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode To: Alexandre TORGUE , "Alex G." , Gabriel FERNANDEZ - foss , Michael Turquette , Stephen Boyd , Rob Herring , Maxime Coquelin , Philipp Zabel , Etienne CARRIERE , Alexandre TORGUE - foss Cc: "devicetree@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-clk@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-stm32@st-md-mailman.stormreply.com" References: <20210126090120.19900-1-gabriel.fernandez@foss.st.com> <2e04f814-b694-119d-fe8a-13e6df129536@gmail.com> From: Marek Vasut Message-ID: Date: Thu, 11 Mar 2021 12:43:04 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/11/21 9:08 AM, Alexandre TORGUE wrote: > Hi ALex Hello everyone, [...] >> Subject: Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode >> >> On 1/26/21 3:01 AM, gabriel.fernandez@foss.st.com wrote: >>> From: Gabriel Fernandez >>> >>> Platform STM32MP1 can be used in configuration where some clocks and >>> IP resets can relate as secure resources. >>> These resources are moved from a RCC clock/reset handle to a SCMI >>> clock/reset_domain handle. >>> >>> The RCC clock driver is now dependent of the SCMI driver, then we have >>> to manage now the probe defering. >>> >>> v1 -> v2: >>> - fix yamllint warnings. >> >> Hi Gabriel, >> >> I don't have much clout with the maintainers, but I have to NAK this series >> after finding major breakage. >> >> The problem with series is that it breaks pretty much every board it touches. >> I have a DK2 here that I'm using for development, which no longer boots with >> this series applied. >> >> The crux of the matter is that this series assumes all boards will boot with an >> FSBL that implements a very specific SCMI clock tree. This is major ABI >> breakage for anyone not using TF-A as the first stage bootloader. Anyone >> using u-boot SPL is screwed. >> >> This series imposes a SOC-wide change via the dtsi files. So even boards that >> you don't intend to convert to SCMI will get broken this way. >> Adding a -no-scmi file that isn't used anywhere doesn't help things. > > You are right. We mainly take care about NO ST (DH/...) boards, but not really about current usage > Of our stm32 boards. Several options exist: Since a lot of people benefit from the good upstream support for the MP1 _and_ keep updating their machines to get the latest fixes, it is very important to keep the current usage working. > 1- Break the current ABI: as soon as those patches are merged, stm32mp157c-dk2.dtb will impose to use > A tf-a for scmi clocks. For people using u-boot spl, the will have to create their own "no-secure" devicetree. NAK, this breaks existing boards and existing setups, e.g. DK2 that does not use ATF. > 2-As you suggest, create a new "secure" dtb per boards (Not my wish for maintenance perspectives). I agree with Alex (G) that the "secure" option should be opt-in. That way existing setups remain working and no extra requirements are imposed on MP1 users. Esp. since as far as I understand this, the "secure" part isn't really about security, but rather about moving clock configuration from Linux to some firmware blob. > 3- Keep kernel device tree as they are and applied this secure layer (scmi clocks phandle) thanks to dtbo in > U-boot. Is this really better than #include "stm32mp15xx-enable-secure-stuff.dtsi" in a board DT ? Because that is how I imagine the opt-in "secure" option could work. > The third could be the less costly. [...] From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C323BC433DB for ; Thu, 11 Mar 2021 11:48:49 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 85BDB64F82 for ; Thu, 11 Mar 2021 11:48:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 85BDB64F82 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+StjsAVjgFRtZwCpsaefp1rNZTtM/G1ZU3O6G5sGLAs=; b=byiIHRz1SF0siqN9jd3nQ1qBI ozy9OBbjIXoEkKP/1tjsEn8JRPvL/ftxufBGQJuayZ09/+pGBegQl36PRhJQQcBiNqHWrXx0KEprh VvmSpBj7SOHpwg0+D5bgftjKIx+4YVXoSC1ofph2T5/TNsulPQSWFtGlP5C9q13pNP+md7rHlqEQe ERVo2nrYlgZ3r7IHS3STPdeoQYFy0dhdJ7LVhQ2Hz+7OADJexDzVKDiwWs7RWmIhyMvx/wu/a4727 yTUvUJ27QCZrvXXRJdAkAaVIvvHtL167BezSMaYiWGR7WnrfZYYjtW1ltzMW84KaOtFHuCqA0x7jN X9RTSF5Jw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKJmA-008yWU-S0; Thu, 11 Mar 2021 11:46:47 +0000 Received: from mail-out.m-online.net ([2001:a60:0:28:0:1:25:1]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lKJig-008xyn-RG for linux-arm-kernel@lists.infradead.org; Thu, 11 Mar 2021 11:43:16 +0000 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4Dx6Wv6wKFz1ry9k; Thu, 11 Mar 2021 12:43:07 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 4Dx6Wv4vCTz1qr4m; Thu, 11 Mar 2021 12:43:07 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id bwhSiK_6OLsr; Thu, 11 Mar 2021 12:43:05 +0100 (CET) X-Auth-Info: PWDLWpU/RF1mQ0vyUrR2TmlPpbT0QFk+u0aQwwhF6ik= Received: from [127.0.0.1] (p578adb1c.dip0.t-ipconnect.de [87.138.219.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Thu, 11 Mar 2021 12:43:05 +0100 (CET) Subject: Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode To: Alexandre TORGUE , "Alex G." , Gabriel FERNANDEZ - foss , Michael Turquette , Stephen Boyd , Rob Herring , Maxime Coquelin , Philipp Zabel , Etienne CARRIERE , Alexandre TORGUE - foss Cc: "devicetree@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-clk@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-stm32@st-md-mailman.stormreply.com" References: <20210126090120.19900-1-gabriel.fernandez@foss.st.com> <2e04f814-b694-119d-fe8a-13e6df129536@gmail.com> From: Marek Vasut Message-ID: Date: Thu, 11 Mar 2021 12:43:04 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210311_114311_583733_284C4F6A X-CRM114-Status: GOOD ( 25.15 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 3/11/21 9:08 AM, Alexandre TORGUE wrote: > Hi ALex Hello everyone, [...] >> Subject: Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode >> >> On 1/26/21 3:01 AM, gabriel.fernandez@foss.st.com wrote: >>> From: Gabriel Fernandez >>> >>> Platform STM32MP1 can be used in configuration where some clocks and >>> IP resets can relate as secure resources. >>> These resources are moved from a RCC clock/reset handle to a SCMI >>> clock/reset_domain handle. >>> >>> The RCC clock driver is now dependent of the SCMI driver, then we have >>> to manage now the probe defering. >>> >>> v1 -> v2: >>> - fix yamllint warnings. >> >> Hi Gabriel, >> >> I don't have much clout with the maintainers, but I have to NAK this series >> after finding major breakage. >> >> The problem with series is that it breaks pretty much every board it touches. >> I have a DK2 here that I'm using for development, which no longer boots with >> this series applied. >> >> The crux of the matter is that this series assumes all boards will boot with an >> FSBL that implements a very specific SCMI clock tree. This is major ABI >> breakage for anyone not using TF-A as the first stage bootloader. Anyone >> using u-boot SPL is screwed. >> >> This series imposes a SOC-wide change via the dtsi files. So even boards that >> you don't intend to convert to SCMI will get broken this way. >> Adding a -no-scmi file that isn't used anywhere doesn't help things. > > You are right. We mainly take care about NO ST (DH/...) boards, but not really about current usage > Of our stm32 boards. Several options exist: Since a lot of people benefit from the good upstream support for the MP1 _and_ keep updating their machines to get the latest fixes, it is very important to keep the current usage working. > 1- Break the current ABI: as soon as those patches are merged, stm32mp157c-dk2.dtb will impose to use > A tf-a for scmi clocks. For people using u-boot spl, the will have to create their own "no-secure" devicetree. NAK, this breaks existing boards and existing setups, e.g. DK2 that does not use ATF. > 2-As you suggest, create a new "secure" dtb per boards (Not my wish for maintenance perspectives). I agree with Alex (G) that the "secure" option should be opt-in. That way existing setups remain working and no extra requirements are imposed on MP1 users. Esp. since as far as I understand this, the "secure" part isn't really about security, but rather about moving clock configuration from Linux to some firmware blob. > 3- Keep kernel device tree as they are and applied this secure layer (scmi clocks phandle) thanks to dtbo in > U-boot. Is this really better than #include "stm32mp15xx-enable-secure-stuff.dtsi" in a board DT ? Because that is how I imagine the opt-in "secure" option could work. > The third could be the less costly. [...] _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel