[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <097eb672-ee9f-523c-d52d-79e723a7bf2c@gmail.com>
Date: Fri, 29 Jul 2022 17:11:04 +0200
From: Maximilian Luz <luzmaximilian@...il.com>
To: Sudeep Holla <sudeep.holla@....com>
Cc: Ilias Apalodimas <ilias.apalodimas@...aro.org>,
Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
Andy Gross <agross@...nel.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Ard Biesheuvel <ardb@...nel.org>,
Konrad Dybcio <konrad.dybcio@...ainline.org>,
Rob Herring <robh+dt@...nel.org>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
Steev Klimaszewski <steev@...i.org>,
Shawn Guo <shawn.guo@...aro.org>,
Cristian Marussi <cristian.marussi@....com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-arm-msm@...r.kernel.org, linux-efi@...r.kernel.org,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/4] dt-bindings: firmware: Add Qualcomm UEFI Secure
Application client
On 7/29/22 10:52, Sudeep Holla wrote:
> On Thu, Jul 28, 2022 at 07:27:19PM +0200, Maximilian Luz wrote:
>
> [...]
>
>> My current suggestion (already sent to Sudeep earlier) is (roughly)
>> this: Add one compatible for the TrEE / TrustZone interface.
>
> Still I don't understand why you need extra compatible if you know
> this laptop(with a unique compatible to identify it) always runs this
> TrEE interface.
First of all, to recap: I suggest adding a device and driver for the TrEE
interface, with a compatible for that. That then (based on platform)
instantiates devices and drivers for the applications running in TrEE. The
compatible I'm talking about is for that general TrEE interface. Not any
specific application.
a) Because this better reflects the ACPI tables on those devices. As I've said,
there is a HID specifically for the TrEE interface. You were concerned
earlier that we should try to add support for that, and now you want to
create a purely artificial divide between ACPI and DT? Ideally, we can have
the driver load via both the DT compatible and the ACPI HID depending on
whether we use one or the other without many other changes.
Would you equally suggest that we not load the driver by its ACPI HID and
instead do DMI matching?
b) Qualcomm also has a DT compatible for this (qcom,qseecom), see e.g. [1].
Note: they seem to have changed the name from Secure Execution Environment
to Trusted Execution Environment, at least in their Windows driver. This is
why I used "tee" instead of "see" (also their naming of things is somewhat
confusing and seems to change randomly). Fundamentally, this is the same
interface (they just implement a lot more things in their driver, the couple
of functions I proposed here handle the absolute minimum required for
uefisecapp, it can always be extended later when needed).
c) Given their naming of the DT compatible, this interface itself is pretty
much guaranteed to be stable. It's definitely not going away with some
firmware update. So your earlier concerns about having to update the DT in
case of firmware changes do simply not apply here. It is a core component of
these platforms. As far as I can see, your "let's load the TrEE driver via
the platform compatible" suggestion is now exactly the same as a "let's load
some PCIe controller via the platform/SoC compatible". It's an interface
that is either present or not present, depending on the device. We're not
encoding any firmware specifics (ie. what's running inside the TrEE) in the
DT, we just say that it's there (the rest is decided by the driver, e.g. via
platform compatibles or DMI matching).
d) By specifying it in the DT, we can properly link it up via a phandle to the
SCM and properly model the supplier/client relation between them. While we
can't do that with ACPI, I think it's still a good idea to handle this
properly in times we can.
Regards,
Max
[1]: https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/blob/auto-kernel.lnx.4.14.c34/drivers/misc/qseecom.c
Powered by blists - more mailing lists