From: "Alex G." <mr.nuke.me@gmail.com>
To: Alexandre TORGUE <alexandre.torgue@foss.st.com>,
Marek Vasut <marex@denx.de>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
Alexandre TORGUE <alexandre.torgue@st.com>,
Gabriel FERNANDEZ - foss <gabriel.fernandez@foss.st.com>,
Michael Turquette <mturquette@baylibre.com>,
Stephen Boyd <sboyd@kernel.org>, Rob Herring <robh+dt@kernel.org>,
Maxime Coquelin <mcoquelin.stm32@gmail.com>,
Philipp Zabel <p.zabel@pengutronix.de>,
Etienne CARRIERE <etienne.carriere@st.com>
Cc: "devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"linux-stm32@st-md-mailman.stormreply.com"
<linux-stm32@st-md-mailman.stormreply.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-clk@vger.kernel.org" <linux-clk@vger.kernel.org>
Subject: Re: [Linux-stm32] [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode
Date: Thu, 11 Mar 2021 12:23:50 -0600 [thread overview]
Message-ID: <6c470715-0042-622b-d53d-59445cab8ed1@gmail.com> (raw)
In-Reply-To: <a23933fa-0c94-1e22-6100-d5b1a50826dd@foss.st.com>
On 3/11/21 12:10 PM, Alexandre TORGUE wrote:
> Hi Guys
>
> On 3/11/21 5:11 PM, Marek Vasut wrote:
>> On 3/11/21 3:41 PM, Ahmad Fatoum wrote:
>>> Hello,
>>
>> Hi,
>>
>>> On 11.03.21 15:02, Alexandre TORGUE wrote:
>>>> On 3/11/21 12:43 PM, Marek Vasut wrote:
>>>>> On 3/11/21 9:08 AM, Alexandre TORGUE wrote:
>>>>>> 1- Break the current ABI: as soon as those patches are merged,
>>>>>> stm32mp157c-dk2.dtb will impose to use
>>>>>> A tf-a for scmi clocks. For people using u-boot spl, the will have
>>>>>> to create their own "no-secure" devicetree.
>>>>>
>>>>> NAK, this breaks existing boards and existing setups, e.g. DK2 that
>>>>> does not use ATF.
>>>>>
>>>>>> 2-As you suggest, create a new "secure" dtb per boards (Not my
>>>>>> wish for maintenance perspectives).
>>>>>
>>>>> I agree with Alex (G) that the "secure" option should be opt-in.
>>>>> That way existing setups remain working and no extra requirements
>>>>> are imposed on MP1 users. Esp. since as far as I understand this,
>>>>> the "secure" part isn't really about security, but rather about
>>>>> moving clock configuration from Linux to some firmware blob.
>>>>>
>>>>>> 3- Keep kernel device tree as they are and applied this secure
>>>>>> layer (scmi clocks phandle) thanks to dtbo in
>>>>>> U-boot.
>>>>>
>>>>> Is this really better than
>>>>> #include "stm32mp15xx-enable-secure-stuff.dtsi"
>>>>> in a board DT ? Because that is how I imagine the opt-in "secure"
>>>>> option could work.
>>>>>
>>>>
>>>> Discussing with Patrick about u-boot, we could use dtbo application
>>>> thanks to extlinux.conf. BUT it it will not prevent other case (i.e.
>>>> TF-A which jump directly in kernel@). So the "least worst" solution
>>>> is to create a new "stm32mp1257c-scmi-dk2 board which will overload
>>>> clock entries with a scmi phandle (as proposed by Alex).
>>>
>>> I raised this issue before with your colleagues. I still believe the
>>> correct way
>>> would be for the TF-A to pass down either a device tree or an overlay
>>> with the
>>> actual settings in use, e.g.:
>>>
>>> - Clocks/Resets done via SCMI
>>> - Reserved memory regions
>>>
>>> If TF-A directly boots Linux, it can apply the overlay itself,
>>> otherwise it's
>>> passed down to SSBL that applies it before booting Linux.
>>
>> That sounds good and it is something e.g. R-Car already does, it
>> merges DT fragment from prior stages at U-Boot level and then passes
>> the result to Linux.
>>
>> So on ST hardware, the same could very well happen and it would work
>> for both non-ATF / ATF / ATF+TEE options.
>
> Even this solution sounds good but we are currently not able to do it in
> our TF-A/u-boot so not feasible for the moment. So we have to find a
> solution for now. Create a new dtb can be this solution. Our internal
> strategy is to use scmi on our official ST board. It will be a really
> drawback to include a "no-scmi.dtsi" in DH boards (for example) and to
> create a stm32mp157c-noscmi-dk2.dts ?
It could work, as long as all users are reminded to change their build
scripts to pick up a "-noscmi.dtb". I suspect that if this were the case
we'll see quite a few bug reports saying "stm32mp1 no longer boots with
kernel v5.13".
I didn't think of this originally, though u-boot already does the DTB
patching for OPTEE reserved memory regions. It's not too hard to also
patch in the SCMI clocks at boot. In u-boot's case, runtime detection
might even be feasible.
Alex
next prev parent reply other threads:[~2021-03-11 18:24 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 9:01 [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 01/14] clk: stm32mp1: merge 'clk-hsi-div' and 'ck_hsi' into one clock gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 02/14] clk: stm32mp1: merge 'ck_hse_rtc' and 'ck_rtc' " gabriel.fernandez
2021-02-09 8:00 ` Stephen Boyd
2021-02-12 8:08 ` gabriel.fernandez
[not found] ` <161369805767.1254594.5233096495913117772@swboyd.mtv.corp.google.com>
2021-02-23 16:34 ` gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 03/14] clk: stm32mp1: remove intermediate pll clocks gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 04/14] clk: stm32mp1: convert to module driver gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 05/14] clk: stm32mp1: move RCC reset controller into RCC clock driver gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 06/14] reset: stm32mp1: remove stm32mp1 reset gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 07/14] dt-bindings: clock: add IDs for SCMI clocks on stm32mp15 gabriel.fernandez
2021-02-09 17:52 ` Rob Herring
2021-01-26 9:01 ` [PATCH v2 08/14] dt-bindings: reset: add IDs for SCMI reset domains " gabriel.fernandez
2021-02-09 17:53 ` Rob Herring
2021-01-26 9:01 ` [PATCH v2 09/14] dt-bindings: reset: add MCU HOLD BOOT ID " gabriel.fernandez
2021-02-09 17:54 ` Rob Herring
2021-01-26 9:01 ` [PATCH v2 10/14] clk: stm32mp1: new compatible for secure RCC support gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 11/14] ARM: dts: stm32: define SCMI resources on stm32mp15 gabriel.fernandez
2021-01-26 9:01 ` [PATCH v2 12/14] ARM: dts: stm32: move clocks/resets to SCMI resources for stm32mp15 gabriel.fernandez
2021-02-18 9:45 ` [Linux-stm32] " Ahmad Fatoum
2021-01-26 9:01 ` [PATCH v2 13/14] dt-bindings: clock: stm32mp1 new compatible for secure rcc gabriel.fernandez
2021-02-09 17:56 ` Rob Herring
2021-01-26 9:01 ` [PATCH v2 14/14] ARM: dts: stm32: introduce basic boot include on stm32mp15x board gabriel.fernandez
2021-03-09 21:50 ` [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode Alex G.
[not found] ` <AS8PR10MB4712C27260707345FA99ED5AEE909@AS8PR10MB4712.EURPRD10.PROD.OUTLOOK.COM>
2021-03-11 11:43 ` Marek Vasut
[not found] ` <ac98b89f-9664-b89c-c12c-24c1cbd29b00@foss.st.com>
2021-03-11 13:23 ` Marek Vasut
[not found] ` <463dafed-ec60-cd9a-33d2-ba118a6af629@foss.st.com>
2021-03-11 14:41 ` [Linux-stm32] " Ahmad Fatoum
[not found] ` <c0898d96-2ea1-9b50-a195-8f619121c91c@foss.st.com>
2021-03-11 15:49 ` Ahmad Fatoum
2021-03-11 16:11 ` Marek Vasut
[not found] ` <a23933fa-0c94-1e22-6100-d5b1a50826dd@foss.st.com>
2021-03-11 18:23 ` Alex G. [this message]
2021-03-11 20:09 ` Marek Vasut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6c470715-0042-622b-d53d-59445cab8ed1@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=a.fatoum@pengutronix.de \
--cc=alexandre.torgue@foss.st.com \
--cc=alexandre.torgue@st.com \
--cc=devicetree@vger.kernel.org \
--cc=etienne.carriere@st.com \
--cc=gabriel.fernandez@foss.st.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=marex@denx.de \
--cc=mcoquelin.stm32@gmail.com \
--cc=mturquette@baylibre.com \
--cc=p.zabel@pengutronix.de \
--cc=robh+dt@kernel.org \
--cc=sboyd@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).