linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Leonard Crestez <leonard.crestez@nxp.com>
To: Sudeep Holla <sudeep.holla@arm.com>, Jacky Bai <ping.bai@nxp.com>,
	Peng Fan <peng.fan@nxp.com>
Cc: "Aisheng Dong" <aisheng.dong@nxp.com>,
	"mark.rutland@arm.com" <mark.rutland@arm.com>,
	"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
	"festevam@gmail.com" <festevam@gmail.com>,
	"s.hauer@pengutronix.de" <s.hauer@pengutronix.de>,
	"Clément Faure" <clement.faure@nxp.com>,
	"robh+dt@kernel.org" <robh+dt@kernel.org>,
	dl-linux-imx <linux-imx@nxp.com>,
	"kernel@pengutronix.de" <kernel@pengutronix.de>,
	"Andre Przywara" <andre.przywara@arm.com>,
	"Silvano Di Ninno" <silvano.dininno@nxp.com>,
	"shawnguo@kernel.org" <shawnguo@kernel.org>,
	"linux-arm-kernel@lists.infradead.org"
	<linux-arm-kernel@lists.infradead.org>,
	"Lucas Stach" <l.stach@pengutronix.de>
Subject: Re: [PATCH 0/3] Add power domain driver support for i.mx8m family
Date: Wed, 17 Apr 2019 16:21:55 +0000	[thread overview]
Message-ID: <VI1PR04MB5533A1F87436C0839A772D03EE250@VI1PR04MB5533.eurprd04.prod.outlook.com> (raw)
In-Reply-To: 68aaace3-f66e-b4b8-30a0-57b8b66a7524@arm.com

On 4/17/2019 4:33 PM, Sudeep Holla wrote:
>>> I don't yet buy the security argument. There are many more shared parts
>>> on the SoC, like the clock controller, that would need to be taken away
>>> from the non-secure world if one would want to run an untrusted OS
>>> kernel on a i.MX8M system.
>>>
>>> To properly implement security on any i.MX8M based system the firmware
>>> would need to grow something like a full ARM SCPI implementation, so
>>> all shared critical peripherals are solely under firmware control.
>>
>> It might be possible to rework this to use some form of SCMI-over-SMC
>> instead of vendor-specific SMCCC SIP calls
> 
> Sounds feasible and good if all the custom IDs/calls/..etc are well
> hidden in the firmware(TF-A in this case) behind the existing
> abstraction in Linux kernel.

>> Hiding everything critical for security (especially CCM) behind a SCMI
>> interface would be a large amount of work but introducing SCMI
>> incrementally (starting with imx8mm power) would be useful by itself
>> because it simplifies OS implementation.
> 
> Agreed, but not at the expense of introducing and maintaining *random*
> *one-off* *custom* SMC extensions. Sorry, that's not open to debate.
> 
>> Many at NXP have attempted to evaluate SCMI and their conclusion has
>> always been that "many extensions are required".
> 
> I would like to hear the evaluation. Don't assume that you need to
> implement something similar to ARM SCMI reference design. All OSPM like
> Linux kernel cares is conformance to the interface, what/how you
> implement on the other side is left to you.

Brief summary from some attempts at nudging NXP devs towards SCMI:


There is no SCMI-over-SMC support specified? This would make it possible 
to use SCMI as a purely software solution on platforms which did not 
take SCMI into account at hardware design time or which don't have a 
dedicated SCP inside the SOC. This applies to all imx.

Peng has been looking at some out-of-tree arm-smc-mailbox patches so 
it's not just NXP which would like the option of implementing SCMI 
vendor side in ATF. Like this: https://lwn.net/Articles/726861/

Blessing SCMI-over-SMC would allow stuff like intercepting a SCMI 
message in EL2; checking if the guest is allowed to use that resource 
and then either forward to EL3 or return an error.


SCMI clock protocol does not cover muxes? On imx the clk hierarchy is 
very intricate and it relies on many clk core features (including 
notifiers) and occasional assigned-clocks-parents properties to control 
muxes from linux. Moving all that to firmware would be a huge amount of 
effort.

If SCMI included a generic clk mux and allowed keeping the clk hierarchy 
inside linux then the effort required for hiding the CCM would still be 
large, but more approachable. It would not "simplify the rich OS" but it 
would still improve security.


Last point is that SCMI does not cover pinctrl? This is a large chunk of 
firmware functionality on some imx and security control over individual 
pins is desirable.

--
Regards,
Leonard

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2019-04-17 16:22 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-17  5:27 [PATCH 0/3] Add power domain driver support for i.mx8m family Jacky Bai
2019-04-17  5:27 ` [PATCH 1/3] dt-bindings: power: Add power domain binding " Jacky Bai
2019-04-17  5:27 ` [PATCH 2/3] soc: imx: Add power domain driver support " Jacky Bai
2019-04-17  5:27 ` [PATCH 3/3] arm64: dts: freescale: Add power domain nodes for i.mx8mm Jacky Bai
2019-04-17 11:16 ` [PATCH 0/3] Add power domain driver support for i.mx8m family Aisheng Dong
2019-04-17 12:13   ` Lucas Stach
2019-04-17 12:40     ` Leonard Crestez
2019-04-17 12:54       ` Lucas Stach
2019-04-17 13:25         ` Sudeep Holla
2019-04-17 12:54       ` Peng Fan
2019-04-17 13:33       ` Sudeep Holla
2019-04-17 16:21         ` Leonard Crestez [this message]
2019-04-18 14:43           ` Sudeep Holla
2019-11-07 21:28             ` Adam Ford
2020-02-13  9:16               ` Schrempf Frieder
2020-02-13  9:21                 ` Jacky Bai
2020-02-13 10:52                   ` Schrempf Frieder
2020-02-13 11:32                   ` Lucas Stach
2020-02-13 14:30                     ` Leonard Crestez
2020-02-13 14:47                       ` Lucas Stach
2020-02-13 15:19                         ` Leonard Crestez
2020-02-13 15:58                           ` Lucas Stach
2020-02-13 16:16                             ` Schrempf Frieder
2019-04-17 13:23     ` Sudeep Holla
2019-04-17 13:36       ` Sudeep Holla
     [not found] <VI1PR0402MB3519F2EBBDB8DAB002EAAA2E87250@VI1PR0402MB3519.eurprd04.prod.outlook.com>
2019-04-17 14:43 ` Sudeep Holla
     [not found] <AM0PR04MB44812EBB23214A5892C3E04C88200@AM0PR04MB4481.eurprd04.prod.outlook.com>
2019-04-23 11:07 ` Sudeep Holla
2019-04-23 14:02   ` Peng Fan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=VI1PR04MB5533A1F87436C0839A772D03EE250@VI1PR04MB5533.eurprd04.prod.outlook.com \
    --to=leonard.crestez@nxp.com \
    --cc=aisheng.dong@nxp.com \
    --cc=andre.przywara@arm.com \
    --cc=clement.faure@nxp.com \
    --cc=devicetree@vger.kernel.org \
    --cc=festevam@gmail.com \
    --cc=kernel@pengutronix.de \
    --cc=l.stach@pengutronix.de \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-imx@nxp.com \
    --cc=mark.rutland@arm.com \
    --cc=peng.fan@nxp.com \
    --cc=ping.bai@nxp.com \
    --cc=robh+dt@kernel.org \
    --cc=s.hauer@pengutronix.de \
    --cc=shawnguo@kernel.org \
    --cc=silvano.dininno@nxp.com \
    --cc=sudeep.holla@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).