lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Feb 2022 21:39:33 +0000
From:   Oleksii Moisieiev <Oleksii_Moisieiev@...m.com>
To:     Krzysztof Kozlowski <krzk@...nel.org>
CC:     "robh+dt@...nel.org" <robh+dt@...nel.org>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        Sudeep Holla <sudeep.holla@....com>,
        Cristian Marussi <cristian.marussi@....com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 0/1] dt-bindings: arm: Add scmi_devid paramter for

Hi Krzysztof,

On Mon, Feb 21, 2022 at 10:01:43PM +0100, Krzysztof Kozlowski wrote:
> On 21/02/2022 18:26, Oleksii Moisieiev wrote:
> > Introducing new parameter called scmi_devid to the device-tree bindings.
> > This parameter should be set for the device nodes, which has
> > clocks/power-domains/resets working through SCMI.
> > Given parameter should set the device_id, needed to set device
> > permissions in the Firmware. This feature will be extremely useful for
> > the virtualized systems, which has more that one Guests running on the
> > system at the same time or for the syestems, which require several
> > agents with different permissions. Trusted agent will use scmi_devid to
> > set the Device permissions for the Firmware (See Section 4.2.2.10 [0]
> > for details).
> > Agents concept is described in Section 4.2.1 [0].
> > 
> > scmi_devid in Device-tree node example:
> > usb@...90000
> > {
> >     scmi_devid = <19>;
> >     clocks = <&scmi_clock 3>, <&scmi_clock 2>;
> >     resets = <&scmi_reset 10>, <&scmi_reset 9>;
> >     power-domains = <&scmi_power 0>;
> > };
> 
> And how do you prevent DT overlay adding such devid to any other node
> thus allowing any other device to send requests with given devid?
>
Thank you for the quick response.
scmi_devid value will be used only by Trusted Agent when the device
permissions are set. Non-trusted agents, which in our case are
represented as Guest OS are using scmi drivers, already present in linux
kernel, ignores scmi_devid and uses scmi_clocks, scmi_power, scmi_reset
nodes to access to SCMI protocol.

> Plus few technicalities:
> 1. Hyphen, not underscore in property name, so scmi-devid.

Thanks for the tip, I will change that in v2.

> 2. Your schema does is not selected by anything. How is it intended to
> be used? Nothing is including it, either...
> 

The idea is to use this parameter to set the device_id for the device in
the device-tree, which matches to the device mapping in the Firmware, so
Trusted Agent can use it to the device permissions.
Please see Sections 4.2.2.10 and 4.2.1 [0] (Link was provided in the
cover letter).

I'm currently propose the new feature, called SCI mediator to Xen-devel
community. Please see link [1] from cover letter for the details.
In this feature - Xen is the Trusted Agent, which uses scmi_devid
parameter to set the device permissions.
We think that this parameter will be useful for other possible SCMI
implementations, such as other hypervisor or SCMI backend server etc.

Best regards,
Oleksii.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ