lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  7 Jan 2022 16:00:54 +0000
From:   Andre Przywara <andre.przywara@....com>
To:     Will Deacon <will@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>
Cc:     Marc Zyngier <maz@...nel.org>, Mark Rutland <mark.rutland@....com>,
        Jonathan Corbet <corbet@....net>,
        linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] arm64: booting.rst: Clarify EL2 and cover v8-R64

Hi,

clarify the wording of the ARM64 boot protocol requirements, to both
cater for the introduction of secure EL2 in Armv8.4, but also for the
addition of the Armv8-R64 architecture branch.
There is an ARM ARM supplement for v8-R64[1], and also a free model[2].

On top of those clarifications, there are at least two other issues to
consider for v8-R64 on Linux, I wonder if those should be documented
somewhere, although I doubt that booting.rst is the right place:
- Linux clears the NS/NSTable bit in the PTEs. In non-secure world those
  bits are ignored, but when in secure world this means "secure PA".
  That luckily matches the design here (secure-only), but we should avoid
  re-purposing those bits in the future (which would be technically
  possible when running only non-secure).
- The GIC needs to be implemented using a "single Security state" for
  the Linux GIC driver to work. The model mentioned above defaults to
  a security aware GIC, so needs to be told off using the command line.
  I wonder if this is should be explicitly mentioned somewhere, to avoid
  disappointment by implementors later.

I'd be grateful for any hint whether to state those things and where to
put them.

Cheers,
Andre

[1] https://developer.arm.com/documentation/ddi0600/latest/
[2] https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models

Andre Przywara (2):
  arm64: booting.rst: Clarify on requiring non-secure EL2
  arm64: booting.rst: Cover Armv8-R64

 Documentation/arm64/booting.rst | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ