lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 Jan 2022 23:19:08 +0000
From:   David Brazdil <dbrazdil@...gle.com>
To:     Rob Herring <robh+dt@...nel.org>
Cc:     Rob Herring <robh+dt@...nel.org>, Arnd Bergmann <arnd@...db.de>,
        Frank Rowand <frowand.list@...il.com>,
        Will Deacon <will@...nel.org>,
        Andrew Scull <ascull@...gle.com>,
        Wedson Almeida Filho <wedsonaf@...gle.com>,
        devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH v7 1/2] dt-bindings: reserved-memory: Open Profile for
 DICE

Hi Rob,

On Wed, Jan 26, 2022 at 11:12:36PM +0000, David Brazdil wrote:
> Add DeviceTree bindings for Open Profile for DICE, an open protocol for
> measured boot. Firmware uses DICE to measure the hardware/software
> combination and generates Compound Device Identifier (CDI) certificates.
> These are stored in memory and the buffer is described in the DT as
> a reserved memory region compatible with 'google,open-dice'.
> 
> 'no-map' is required to ensure the memory region is never treated by
> the kernel as system memory.
> 
> Signed-off-by: David Brazdil <dbrazdil@...gle.com>
> ---
>  .../reserved-memory/google,open-dice.yaml     | 46 +++++++++++++++++++
>  1 file changed, 46 insertions(+)
>  create mode 100644 Documentation/devicetree/bindings/reserved-memory/google,open-dice.yaml
> 
> diff --git a/Documentation/devicetree/bindings/reserved-memory/google,open-dice.yaml b/Documentation/devicetree/bindings/reserved-memory/google,open-dice.yaml
> new file mode 100644
> index 000000000000..257a0b51994a
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/reserved-memory/google,open-dice.yaml
> @@ -0,0 +1,46 @@
> +# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/reserved-memory/google,open-dice.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: Open Profile for DICE Device Tree Bindings
> +
> +description: |
> +  This binding represents a reserved memory region containing data
> +  generated by the Open Profile for DICE protocol.
> +
> +  See https://pigweed.googlesource.com/open-dice/
> +
> +maintainers:
> +  - David Brazdil <dbrazdil@...gle.com>
> +
> +allOf:
> +  - $ref: "reserved-memory.yaml"
> +
> +properties:
> +  compatible:
> +    const: google,open-dice
> +
> +  reg:
> +    description: page-aligned region of memory containing DICE data
> +
> +required:
> +  - compatible
> +  - reg
> +  - no-map

You already gave this a Reviewed-by in v6. Just want to mention that I
didn't pick it up because I added a required no-map here. It was always
included in our DTs but I made it required because the kernel should
never treat that region as system memory. The kernel will warn when the
driver tries to wipe the memory otherwise.

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ