lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Dec 2020 14:52:11 -0600
From:   Richard Gong <richard.gong@...ux.intel.com>
To:     Moritz Fischer <mdf@...nel.org>
Cc:     gregkh@...uxfoundation.org, trix@...hat.com,
        linux-fpga@...r.kernel.org, linux-kernel@...r.kernel.org,
        dinguyen@...nel.org, sridhar.rajagopal@...el.com,
        richard.gong@...el.com
Subject: Re: [PATCHv2 1/5] firmware: stratix10-svc: add
 COMMAND_AUTHENTICATE_BITSTREAM flag

Hi Moritz,

On 12/1/20 1:19 PM, Moritz Fischer wrote:
> Hi Richard,
> 
> On Tue, Dec 01, 2020 at 01:30:16PM -0600, Richard Gong wrote:
> 
>>> Can U-Boot determine whether it's the new or old flow? Can you set a
>>> different compatible value in your device-tree, to disambiguate
>>> behaviors?
>>>
>>
>> The boot flow is determined by defconfig during compilation, which means
>> each boot flow will have its own defconfig.
>>
>> SDM firmware loads SPL into OCRAM, then SPL will load the apporiate ATF or
>> U-boot into the DRAM according to the setting of CONFIG_SPL_ATF. If
>> CONFIG_SPL_ATF=y, SPL loads ATF and then jumps to ATF. ATF setups EL3
>> environment and initialize the PSCI services.
>>
>> CONFIG_SPL_ATF is not set for the old boot flow.
> 
> So you know at (U-Boot) build time? Can you just pass a different DT to
> the kernel in that case?
> 

Yes, we have decided the boot flow at build time. Starting from the next 
release, our U-boot will use the ATF boot flow.

Per my limited knowledge in U-boot, I don't think we can follow your 
suggestion. Or it will take a lot of efforts to achieve.

I think that back compatibility is your main concern, correct? the issue 
does exist with the old boot flow and old firmware, whenever the 
customers try to use authentication. Unfortunately we can't update 
U-boot or firmware that has been released.

The authentication feature is supported only at the ATF boot flow, 
updated kernel and firmware. We will have a well-documented document to 
inform our customers that if they want to have authentication feature, 
they need to upgrade the latest U-boot, kernel and firmware.

We always encourage our customers to take the latest U-boot, kernel and 
firmware releases in their developments.

> - Moritz
> 

Regards,
Richard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ