lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOX2RU6be+eeTPT7HbC8_-C7d7oVhspsXWOmwtgg6s=QMe6QEg@mail.gmail.com>
Date:   Mon, 21 Aug 2023 21:35:42 +0200
From:   Robert Marko <robimarko@...il.com>
To:     Rob Herring <robh@...nel.org>
Cc:     Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        agross@...nel.org, andersson@...nel.org, konrad.dybcio@...aro.org,
        krzysztof.kozlowski+dt@...aro.org, conor+dt@...nel.org,
        quic_gurus@...cinc.com, linux-arm-msm@...r.kernel.org,
        devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
        computersforpeace@...il.com
Subject: Re: [PATCH v2 1/5] dt-bindings: firmware: qcom,scm: Document SDI disable

On Mon, 21 Aug 2023 at 21:31, Rob Herring <robh@...nel.org> wrote:
>
> On Wed, Aug 16, 2023 at 08:15:54AM +0200, Krzysztof Kozlowski wrote:
> > On 15/08/2023 15:59, Robert Marko wrote:
> > > IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> > > means that WDT being asserted or just trying to reboot will hang the board
> > > in the debug mode and only pulling the power and repowering will help.
> > > Some IPQ4019 boards like Google WiFI have it enabled as well.
> > >
> > > So, lets add a boolean property to indicate that SDI should be disabled.
> > >
> > > Signed-off-by: Robert Marko <robimarko@...il.com>
> > > ---
> > >  Documentation/devicetree/bindings/firmware/qcom,scm.yaml | 8 ++++++++
> > >  1 file changed, 8 insertions(+)
> > >
> > > diff --git a/Documentation/devicetree/bindings/firmware/qcom,scm.yaml b/Documentation/devicetree/bindings/firmware/qcom,scm.yaml
> > > index 4233ea839bfc..bf753192498a 100644
> > > --- a/Documentation/devicetree/bindings/firmware/qcom,scm.yaml
> > > +++ b/Documentation/devicetree/bindings/firmware/qcom,scm.yaml
> > > @@ -89,6 +89,14 @@ properties:
> > >        protocol to handle sleeping SCM calls.
> > >      maxItems: 1
> > >
> > > +  qcom,sdi-disable:
> >
> > The property should describe rather current hardware/firmware state,
> > instead of expressing your intention for OS what to do. Therefore rather:
> > qcom,sdi-enabled
> > or
> > qcom,secure-debug-image
>
> Why can't you just disable SDI unconditionally when going into debug
> mode? Is doing that when not enabled going to crash the system or
> something?

Because if not disabled you will enter the Secure Debug mode even on a
regular reboot and then you have to pull the power in order to boot again.
Even according to QCA docs they intended for the Linux to disable SDI as
TZ/QSEE will always enable it as part of booting.

Regards,
Robert
>
> Rob
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ