lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ac2e9f8f-ea52-5676-baaa-9439e8b35d8f@linaro.org>
Date:   Mon, 13 Dec 2021 12:35:40 +0000
From:   Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To:     Stephan Gerhold <stephan@...hold.net>
Cc:     robh+dt@...nel.org, gregkh@...uxfoundation.org,
        devicetree@...r.kernel.org, ekangupt@....qualcomm.com,
        jeyr@...eaurora.org, bkumar@....qualcomm.com,
        linux-kernel@...r.kernel.org, bjorn.andersson@...aro.org,
        linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH v2 5/8] dt-bindings: misc: add property to support
 non-secure DSP



On 13/12/2021 10:57, Stephan Gerhold wrote:
> On Thu, Dec 09, 2021 at 12:06:23PM +0000, Srinivas Kandagatla wrote:
>> From: Jeya R <jeyr@...eaurora.org>
>>
>> Add property to set DSP domain as non-secure.
>>
>> ADSP/MDSP/SDSP are by default secured, where as CDSP can be either be
>> secured/unsecured.
> 
> Wouldn't it be easier to avoid the negation and add a "qcom,secure-domain"
> property instead? Given PATCH 8/8 ("arm64: dts: qcom: add non-secure
> domain property to fastrpc nodes") it looks like you are intentionally
> breaking DT compatibility here, but this patch does not justify why this
> is necessary.

By default all ADSP/MDSP/SDSP are secured, so this property is only 
required for something that is not default. Only case that is 
configurable is the CDSP case where in by adding this flag we should be 
able to load an unsigned process to dsp using unsecured node.

Having said that, TBH When we first added the fastrpc patchset we did 
not take care of this security feature properly :-)

 From security point of view, its better to keep the default as secured 
rather than unsecured in DT too.

With this DTS patch older dts should continue to work.

--srini

> 
> Thanks,
> Stephan
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ