lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6df7b823-463b-d6fa-9662-54f39463a894@foss.st.com>
Date:   Wed, 9 Nov 2022 18:35:06 +0100
From:   Patrick DELAUNAY <patrick.delaunay@...s.st.com>
To:     Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
        Alexandre TORGUE <alexandre.torgue@...s.st.com>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>
CC:     Etienne CARRIERE <etienne.carriere@...aro.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>,
        <linux-stm32@...md-mailman.stormreply.com>,
        Fabrice Gasnier <fabrice.gasnier@...s.st.com>
Subject: Re: [PATCH 3/3] nvmem: stm32: add OP-TEE support for STM32MP13x

Hi,

On 11/8/22 11:03, Srinivas Kandagatla wrote:
>
>
> On 02/11/2022 10:59, Patrick DELAUNAY wrote:
>> Hi,
>>
>> On 11/1/22 08:26, Srinivas Kandagatla wrote:
>>>
>>>
>>> On 28/10/2022 15:52, Patrick Delaunay wrote:
>>>> For boot with OP-TEE on STM32MP13, the communication with the secure
>>>> world no more use STMicroelectronics SMC but communication with the
>>>> BSEC TA, for data access (read/write) or lock operation:
>>>> - all the request are sent to OP-TEE trusted application,
>>>> - for upper OTP with ECC protection and with word programming only
>>>>    each OTP are permanently locked when programmed to avoid ECC error
>>>>    on the second write operation
>>>>
>>>> Signed-off-by: Patrick Delaunay <patrick.delaunay@...s.st.com>
>>>> ---
>>>
>>> For some reason I pushed this patch without a full review, This is 
>>> now reverted from nvmem-next.
>>
>>
>> Ok
>>
>>
>>>
>>> Why not add TEE client based new driver instead of ifdefing around 
>>> this driver? Also I see there is not much common across both drivers 
>>> anyway.
>>
>>
>> I hesitate between the 2 solutions. I choose this update to handle 
>> the STM32MP15 support with OP-TEE.
>
> How are you to handing this?
>
>>
>> For backward compatibility reason the same driver STM32 ROMEM 
>> associated to compatible "st,stm32mp15-bsec" should be kept.
>>
>> - the lower OTP can directly accessible by Linux (the IP is not 
>> secured) => boot with SPL
>
> Can we determine this at runtime?


Not directly with IP register, but we detect the OP-TEE support at runtime.


>
>>
>> - the upper OTP and the write operation are requested by 
>> STMicroelectronics SMCs
>>
>>     => boot with TF-A SPMIN and old OP-TEE (before migration to STM32 
>> BSEC PTA)
>>
>>
>> But in the future OP-TEE the access to OTP should be also done with 
>> STM32 BSEC PTA...
>
> Given that we have only one compatible for these two type of 
> combinations how are you planning to deal with both the cases and 
> still be backward compatible?


yes, as it is the SOC dtsi, I don't want change the IP compatible

but I will handle in this driver probe to be backward compatible: 
detection of OP-TEE presence and SMC/PTA support.


only the STM32MP13 SoC only use the PTA, as we have no backward 
compatibility issue.


I will include this STM32MP15 patch in the serie for V2, it should be 
mode clear for the review.


>
> --srini
>>
>>
>> I can manage this compatibility by detection in STM32 romem driver if 
>> the booth access are managed in the same driver.
>
>
>
>>
>> This patch can be added in the serie to understood the detection 
>> mechanism.
>>

Regards

Patrick

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ