lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 30 Aug 2023 09:52:21 +0100
From:   Suzuki K Poulose <suzuki.poulose@....com>
To:     Yabin Cui <yabinc@...gle.com>
Cc:     Mike Leach <mike.leach@...aro.org>,
        James Clark <james.clark@....com>,
        Leo Yan <leo.yan@...aro.org>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        coresight@...ts.linaro.org, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] coresight: tmc-etr: Don't fail probe when non-secure
 access is disabled

Hi Yabin

On 29/08/2023 22:16, Yabin Cui wrote:
>> How can this be enabled ? Why not enable it before probing the ETR ?
> How can a user know if this has been done or not ?
> 
> Pixel devices (like Pixel 6, 7) support enabling some debugging features
> (including granting non-secure access to ETM/ETR) even on devices with
> secure boot. It is only used internally and has strict requirements,
> needing to connect to a server to verify identification after booting.
> So it can't be established when probing ETR at device boot time.

Are you not able to build the coresight drivers as modules and load
them after the device has been authenticated and NS access enabled ?
Running a trace session without NS access enabled on a normal device
would be asking for trouble in the "normal world".

Suzuki

> 
> 
> On Sun, Aug 27, 2023 at 2:37 PM Suzuki K Poulose <suzuki.poulose@....com> wrote:
>>
>> On 26/08/2023 00:39, Yabin Cui wrote:
>>> Because the non-secure access can be enabled later on some devices.
>>
>> How can this be enabled ? Why not enable it before probing the ETR ?
>> How can a user know if this has been done or not ? It is asking for
>> trouble to continue without this.
>>
>> Suzuki
>>
>>>
>>> Signed-off-by: Yabin Cui <yabinc@...gle.com>
>>> ---
>>>    drivers/hwtracing/coresight/coresight-tmc-core.c | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/hwtracing/coresight/coresight-tmc-core.c b/drivers/hwtracing/coresight/coresight-tmc-core.c
>>> index c106d142e632..5ebfd12b627b 100644
>>> --- a/drivers/hwtracing/coresight/coresight-tmc-core.c
>>> +++ b/drivers/hwtracing/coresight/coresight-tmc-core.c
>>> @@ -370,7 +370,7 @@ static int tmc_etr_setup_caps(struct device *parent, u32 devid, void *dev_caps)
>>>        struct tmc_drvdata *drvdata = dev_get_drvdata(parent);
>>>
>>>        if (!tmc_etr_has_non_secure_access(drvdata))
>>> -             return -EACCES;
>>> +             dev_warn(parent, "TMC ETR doesn't have non-secure access\n");
>>>
>>>        /* Set the unadvertised capabilities */
>>>        tmc_etr_init_caps(drvdata, (u32)(unsigned long)dev_caps);
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ