| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 May 2022 11:23:50 +0000
From: Oleksii Moisieiev <Oleksii_Moisieiev@...m.com>
To: "robh+dt@...nel.org" <robh+dt@...nel.org>
CC: Oleksii Moisieiev <Oleksii_Moisieiev@...m.com>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
Sudeep Holla <sudeep.holla@....com>,
Cristian Marussi <cristian.marussi@....com>,
Stefano Stabellini <sstabellini@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [PATCH v3 0/1] dt-bindings: Add device-perms property description
Introduce device-perms property which is intended to set the device
permissions for the System Management interfaces.
An example of this interface is SCMI (System Control and Management
Interface) which controls clocks/power-domains/resets etc from the
Firmware. This property sets the device_id to set the device permissions
for the Fimware using BASE_SET_DEVICE_PERMISSIONS message (see 4.2.2.10 of [0]).
Device permissions management described in DEN 0056, Section 4.2.2.10 [0].
Given parameter should set the device_id, needed to set device
permissions in the Firmware.
This property is used by trusted Agent to set permissions for the devices,
passed-through to the non-trusted Agents. Trusted Agent will use device-perms to
set the Device permissions for the Firmware (See Section 4.2.2.10 [0]
for details).
Agents concept is described in Section 4.2.1 [0].
device-perms in Device-tree node example:
usb@...90000
{
device-perms = <&scmi 19>;
clocks = <&scmi_clock 3>, <&scmi_clock 2>;
resets = <&scmi_reset 10>, <&scmi_reset 9>;
power-domains = <&scmi_power 0>;
};
Given example shows the configuration of the hsusb node, which is using
scmi to contol clocks, resets and power-domains. device-perms links to
&scmi phandle and set the permission parameter 19, which should match
defined id for usb in the Firmware.
Current implementation defines Xen hypervisor as trusted Agent and OS
(Linux or other) as non-trusted Agent.
Trusted Agent will use device-perms to set the device permissions for
the Agents. Non-trusted Agent (OS) should not have an access to the permissions
settings, so no code to process device-perms was presented in Linux
kernel.
We are currently contributing changes to Xen, which are intended to
mediate SCMI access from Guests to the Firmware. Xen uses device-perms to set
the permissions for the devices. See [1] thread for details.
[0] https://developer.arm.com/documentation/den0056/latest
[1] https://xen.markmail.org/message/mmi4fpb4qr6e3kad
---
Changes V1 -> V2:
- update parameter name, made it xen-specific
- add xen vendor bindings
Changes V2 -> V3:
- update parameter name, make it generic
- update parameter format, add link to controller
- do not include xen vendor bindings as already upstreamed
Oleksii Moisieiev (1):
dt-bindings: Add device-perms property description
.../bindings/firmware/device-perms.yaml | 43 +++++++++++++++++++
1 file changed, 43 insertions(+)
create mode 100644 Documentation/devicetree/bindings/firmware/device-perms.yaml
--
2.27.0
Powered by blists - more mailing lists