lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 Nov 2013 10:52:36 -0700
From:	Stephen Warren <swarren@...dotorg.org>
To:	Catalin Marinas <catalin.marinas@....com>
CC:	Alex Courbot <acourbot@...dia.com>,
	Alexandre Courbot <gnurou@...il.com>,
	Kukjin Kim <kgene.kim@...sung.com>,
	Stephen Warren <swarren@...dia.com>,
	Tomasz Figa <t.figa@...sung.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Kyungmin Park <kyungmin.park@...sung.com>,
	"linux-samsung-soc@...r.kernel.org" 
	<linux-samsung-soc@...r.kernel.org>,
	Olof Johansson <olof@...om.net>,
	Russell King <linux@....linux.org.uk>,
	"linux-arm-kernel@...ts.infradead.org" 
	<linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] ARM: move firmware_ops to drivers/firmware

On 11/18/2013 10:30 AM, Catalin Marinas wrote:
> On Mon, Nov 18, 2013 at 05:03:37PM +0000, Stephen Warren wrote:
>> On 11/18/2013 04:58 AM, Catalin Marinas wrote:
>> ...
>>> Of course, trusted foundations interface could be plugged into cpu_ops
>>> on arm64 but I will NAK it on the grounds of not using the PSCI API, nor
>>> the SMC calling convention (and it's easy to fix when porting to ARMv8).
>>> If a supported standard API is used, then there is no need for
>>> additional code in the kernel.
>>
>> What happens when someone takes an existing working secure-mode SW stack
>> and simply re-uses it on some new ARMv8 SoC. Are you going to force
>> people working on upstream to re-write the secure mode firmware in
>> shipped hardware before allowing upstream kernel support?
> 
> Don't confuse the secure stack with the secure monitor running at EL3.
> If you want AArch64 support for lower levels (EL2, EL1, EL0), your
> monitor _must_ be AArch64. You can't run legacy AArch32 code at EL3 and
> have lower levels in AArch64 mode (architectural constraint).

I was assuming that vendors would take the existing source code and
simply rebuild it to create the AArch64 secure world. As such, the same
SMC IDs, same structures, etc. would be used. The only source difference
would be to perhaps change some 32-bit registers/struct-fields up to
64-bit. Naively that sounds like the lowest-effort way to get an AArch64
secure world, so I'm purely guessing that that's what vendors will do.

> You can
> still keep the secure services at S-EL1 in AArch32, only that the SMCs
> are handled by EL3 (and that's another aspect the SMC calling convention
> spec is trying to address, mixed register-width secure/non-secure OSes).

I'm not sure of the implications of that statement. Since you mention
SMCs being handled by EL3, I think the quick-and-dirty conversion I
mention above is still likely to be used.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ