From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=DQQT=LW=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-22.0 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3EF80C2B9F4
	for <u-boot@archiver.kernel.org>; Mon, 28 Jun 2021 05:40:17 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 14FD861C17
	for <u-boot@archiver.kernel.org>; Mon, 28 Jun 2021 05:40:15 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 14FD861C17
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=siemens.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id D580382D6F;
	Mon, 28 Jun 2021 07:40:13 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=siemens.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id E6E3A82D73; Mon, 28 Jun 2021 07:40:11 +0200 (CEST)
Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 9447982D62
 for <u-boot@lists.denx.de>; Mon, 28 Jun 2021 07:40:08 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=siemens.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
 by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id 15S5e287005873
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Mon, 28 Jun 2021 07:40:02 +0200
Received: from [167.87.73.78] ([167.87.73.78])
 by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 15S5e1Pl004396;
 Mon, 28 Jun 2021 07:40:01 +0200
Subject: Re: [PATCH v2 4/5] watchdog: rti_wdt: Add support for loading firmware
To: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>, Lokesh Vutla <lokeshvutla@ti.com>,
 U-Boot Mailing List <u-boot@lists.denx.de>,
 Le Jin <le.jin@siemens.com>, Bao Cheng Su <baocheng.su@siemens.com>,
 Nian Gao <nian.gao@siemens.com>, Chao Zeng <chao.zeng@siemens.com>
References: <cover.1622626660.git.jan.kiszka@siemens.com>
 <88d7d3e323c27417d7109b8a92bf53a08ad77654.1622626660.git.jan.kiszka@siemens.com>
 <96039724-9a5f-dbb8-d46b-b268a0d9a8c2@ti.com>
 <20210607114007.GD9516@bill-the-cat>
 <c7bbcc4c-35f1-a7b5-309e-278c9fc02640@siemens.com>
 <bbfb8b21-f753-654e-08c3-0de814bd6619@siemens.com>
 <c1a26957-ad18-9c37-a58f-a96d6b4b7c3b@ti.com>
 <20210611140831.GU9516@bill-the-cat>
 <CAPnjgZ0oSr0faRSoqV1tu+=kERv=3GHqYEdRgUYxLbmmGGvjjQ@mail.gmail.com>
 <54a75091-0499-8902-b7f5-b1f75ae0091c@siemens.com>
 <CAPnjgZ3idzeSaLAv28ytY6Eq5Ac4pM7i78bjtWFimGwL_+HrVg@mail.gmail.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <53a5e923-04a1-3ca6-14ed-d051c123fab3@siemens.com>
Date: Mon, 28 Jun 2021 07:40:00 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAPnjgZ3idzeSaLAv28ytY6Eq5Ac4pM7i78bjtWFimGwL_+HrVg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On 27.06.21 20:18, Simon Glass wrote:
> Hi Jan,
> 
> On Sun, 27 Jun 2021 at 12:01, Jan Kiszka <jan.kiszka@siemens.com> wrote:
>>
>> On 26.06.21 20:29, Simon Glass wrote:
>>> Hi,
>>>
>>> On Fri, 11 Jun 2021 at 08:08, Tom Rini <trini@konsulko.com> wrote:
>>>>
>>>> On Fri, Jun 11, 2021 at 07:14:21PM +0530, Lokesh Vutla wrote:
>>>>> Hi Tom,
>>>>>
>>>>> On 09/06/21 6:47 pm, Jan Kiszka wrote:
>>>>>> On 07.06.21 13:44, Jan Kiszka wrote:
>>>>>>> On 07.06.21 13:40, Tom Rini wrote:
>>>>>>>> On Mon, Jun 07, 2021 at 03:33:52PM +0530, Lokesh Vutla wrote:
>>>>>>>>> +Tom,
>>>>>>>>>
>>>>>>>>> Hi Tom,
>>>>>>>>>
>>>>>>>>> On 02/06/21 3:07 pm, Jan Kiszka wrote:
>>>>>>>>>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>>>>>>>>>
>>>>>>>>>> To avoid the need of extra boot scripting on AM65x for loading a
>>>>>>>>>> watchdog firmware, add the required rproc init and loading logic for the
>>>>>>>>>> first R5F core to the watchdog start handler. In case the R5F cluster is
>>>>>>>>>> in lock-step mode, also initialize the second core. The firmware itself
>>>>>>>>>> is embedded into U-Boot binary to ease access to it and ensure it is
>>>>>>>>>> properly hashed in case of secure boot.
>>>>>>>>>>
>>>>>>>>>> One possible firmware source is https://github.com/siemens/k3-rti-wdt.
>>>>>>>>>>
>>>>>>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>>>>>>>>>> ---
>>>>>>>>>>  drivers/watchdog/Kconfig      | 20 ++++++++++++
>>>>>>>>>>  drivers/watchdog/Makefile     |  5 +++
>>>>>>>>>>  drivers/watchdog/rti_wdt.c    | 58 ++++++++++++++++++++++++++++++++++-
>>>>>>>>>>  drivers/watchdog/rti_wdt_fw.S | 20 ++++++++++++
>>>>>>>>>>  4 files changed, 102 insertions(+), 1 deletion(-)
>>>>>>>>>>  create mode 100644 drivers/watchdog/rti_wdt_fw.S
>>>>>>>>>>
>>>>>>>>>> diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
>>>>>>>>>> index f0ff2612a6..1a1fddfe9f 100644
>>>>>>>>>> --- a/drivers/watchdog/Kconfig
>>>>>>>>>> +++ b/drivers/watchdog/Kconfig
>>>>>>>>>> @@ -209,6 +209,26 @@ config WDT_K3_RTI
>>>>>>>>>>           Say Y here if you want to include support for the K3 watchdog
>>>>>>>>>>           timer (RTI module) available in the K3 generation of processors.
>>>>>>>>>>
>>>>>>>>>> +if WDT_K3_RTI
>>>>>>>>>> +
>>>>>>>>>> +config WDT_K3_RTI_LOAD_FW
>>>>>>>>>> +       bool "Load watchdog firmware"
>>>>>>>>>> +       depends on REMOTEPROC
>>>>>>>>>> +       help
>>>>>>>>>> +         Automatically load the specified firmware image into the MCU R5F
>>>>>>>>>> +         core 0. On the AM65x, this firmware is supposed to handle the expiry
>>>>>>>>>> +         of the watchdog timer, typically by resetting the system.
>>>>>>>>>> +
>>>>>>>>>> +config WDT_K3_RTI_FW_FILE
>>>>>>>>>> +       string "Watchdog firmware image file"
>>>>>>>>>> +       default "k3-rti-wdt.fw"
>>>>>>>>>> +       depends on WDT_K3_RTI_LOAD_FW
>>>>>>>>>> +       help
>>>>>>>>>> +         Firmware image to be embedded into U-Boot and loaded on watchdog
>>>>>>>>>> +         start.
>>>>>>>>>
>>>>>>>>> I need your input on this proach. Is it okay to include the linker file unders
>>>>>>>>> drivers?
>>>>>>>>
>>>>>>>> Maybe?  I suppose the first thing that springs to mind is why aren't we
>>>>>>>> using binman and including this blob (which I happily see is GPLv2)
>>>>>>>> similar to how we do things with x86 for one example.
>>>>>>>>
>>>>>>>
>>>>>>> See https://www.mail-archive.com/u-boot@lists.denx.de/msg377894.html
>>>>>>>
>>>>>>> Jan
>>>>>>>
>>>>>>
>>>>>> Did this help to answer open questions? Otherwise, please let me know.
>>>>>>
>>>>>> I'd also like to avoid that his patch alone blocks 1-3 of the series
>>>>>> needless - but I would also not mind getting everything in at once.
>>>>>
>>>>> Can you provide your reviewed-by if you are okay with this approach?
>>>>
>>>> I was kind of hoping Simon would chime in here on binman usage.  So,
>>>> re-re-reading the above URL, yes, fsloader wouldn't be the right choice
>>>> for watchdog firmware.  But I think binman_entry_find() and related
>>>> could work, in general, for this case of "need firmware blob embedded in
>>>> to image".  That said, this isn't just any firmware blob, it's the
>>>> watchdog firmware.  The less reliance on other things the safer it is.
>>>> That means this would be an exception to the general firmware blob
>>>> loading rule and yeah, OK, we can do it this way.  Sorry for the delay.
>>>
>>> Yes I've been a little tied up recently. But I think this should use
>>> binman. We really don't want to be building binary firmware into
>>> U-Boot itself!
>>>
>>> Also Tom says, see x86 for a load of binaries of different types and
>>> how they are accessed at runttime. This is what binman is for.
>>>
>>
>> Please take the time and study my arguments. I'm open for better
>> proposals, but they need to be concrete and addressing my points.
> 
> Do you mean 'properly hashed' and 'easy access', or something else?
> What can binman not do?

Binman itself can stick things into binary images. But that is at most
half of the tasks needed here. I would need concrete guidance how to

 - access that binary from u-boot proper in a reasonably simple way
 - make sure the binary can be signed and the signature is evaluated
   before using it

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux