lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2174509.SLDT7moDbM@pc-42>
Date:   Fri, 01 Oct 2021 17:09:41 +0200
From:   Jérôme Pouiller <jerome.pouiller@...abs.com>
To:     Kalle Valo <kvalo@...eaurora.org>
Cc:     linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "David S . Miller" <davem@...emloft.net>,
        devicetree@...r.kernel.org, Rob Herring <robh+dt@...nel.org>,
        linux-mmc@...r.kernel.org,
        Pali Rohár <pali@...nel.org>,
        Ulf Hansson <ulf.hansson@...aro.org>
Subject: Re: [PATCH v7 10/24] wfx: add fwio.c/fwio.h

On Friday 1 October 2021 13:58:38 CEST Kalle Valo wrote:
> Jerome Pouiller <Jerome.Pouiller@...abs.com> writes:
> 
> > From: Jérôme Pouiller <jerome.pouiller@...abs.com>
> >
> > Signed-off-by: Jérôme Pouiller <jerome.pouiller@...abs.com>
> 
> [...]
> 
> > +static int get_firmware(struct wfx_dev *wdev, u32 keyset_chip,
> > +                     const struct firmware **fw, int *file_offset)
> > +{
> > +     int keyset_file;
> > +     char filename[256];
> > +     const char *data;
> > +     int ret;
> > +
> > +     snprintf(filename, sizeof(filename), "%s_%02X.sec",
> > +              wdev->pdata.file_fw, keyset_chip);
> > +     ret = firmware_request_nowarn(fw, filename, wdev->dev);
> > +     if (ret) {
> > +             dev_info(wdev->dev, "can't load %s, falling back to %s.sec\n",
> > +                      filename, wdev->pdata.file_fw);
> > +             snprintf(filename, sizeof(filename), "%s.sec",
> > +                      wdev->pdata.file_fw);
> > +             ret = request_firmware(fw, filename, wdev->dev);
> > +             if (ret) {
> > +                     dev_err(wdev->dev, "can't load %s\n", filename);
> > +                     *fw = NULL;
> > +                     return ret;
> > +             }
> > +     }
> 
> How is this firmware file loading supposed to work? If I'm reading the
> code right, the driver tries to load file "wfm_wf200_??.sec" but in
> linux-firmware the file is silabs/wfm_wf200_C0.sec:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/silabs
> 
> That can't work automatically, unless I'm missing something of course.

The firmware are signed. "C0" is the key used to sign this firmware. This
key must match with the key burned into the chip. Fortunately, the driver
is able to read the key accepted by the chip and automatically choose the
right firmware.

We could imagine to add a attribute in the DT to choose the firmware to
load. However, it would be a pity to have to specify it manually whereas
the driver is able to detect it automatically.

Currently, the only possible key is C0. However, it exists some internal
parts with other keys. In addition, it is theoretically possible to ask
to Silabs to burn parts with a specific key in order to improve security
of a product. 

Obviously, for now, this feature mainly exists for the Silabs firmware
developers who have to work with other keys.
 
> Also I would prefer to use directory name as the driver name wfx, but I
> guess silabs is also doable.

I have no opinion.


> Also I'm not seeing the PDS files in linux-firmware. The idea is that
> when user installs an upstream kernel and the linux-firmware everything
> will work automatically, without any manual file installations.

WF200 is just a chip. Someone has to design an antenna before to be able
to use.

However, we have evaluation boards that have antennas and corresponding
PDS files[1]. Maybe linux-firmware should include the PDS for these boards
and the DT should contains the name of the design. eg:

    compatible = "silabs,brd4001a", "silabs,wf200";

So the driver will know which PDS it should use. 

In fact, I am sure I had this idea in mind when I have started to write
the wfx driver. But with the time I have forgotten it. 

If you agree with that idea, I can work on it next week.


[1]: https://github.com/SiliconLabs/wfx-pds

-- 
Jérôme Pouiller


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ