lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 May 2024 07:51:04 +0200
From: Krzysztof Kozlowski <krzk@...nel.org>
To: Vabhav Sharma <vabhav.sharma@....com>, Rob Herring <robh@...nel.org>,
 Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley
 <conor+dt@...nel.org>, Franck LENORMAND <franck.lenormand@....com>,
 Dong Aisheng <aisheng.dong@....com>, Shawn Guo <shawnguo@...nel.org>,
 Sascha Hauer <s.hauer@...gutronix.de>,
 Pengutronix Kernel Team <kernel@...gutronix.de>,
 Fabio Estevam <festevam@...il.com>, Peng Fan <peng.fan@....com>
Cc: devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
 imx@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org,
 Varun Sethi <V.Sethi@....com>, Silvano Di Ninno <silvano.dininno@....com>,
 Pankaj Gupta <pankaj.gupta@....com>, frank.li@....com,
 daniel.baluta@....com, Iuliana Prodan <iuliana.prodan@....com>,
 Horia Geanta <horia.geanta@....com>
Subject: Re: [PATCH 0/4] soc: imx: secvio: Add secvio support

On 09/05/2024 02:45, Vabhav Sharma wrote:
> The tampers are security feature available on i.MX products and
> managed by SNVS block.The tamper goal is to detect the variation
> of hardware or physical parameters, which can indicate an attack.
> 
> The SNVS, which provides secure non-volatile storage, allows to
> detect some hardware attacks against the SoC.They are connected
> to the security-violation ports, which send an alert when an
> out-of-range value is detected.
> 
> This detection is done by:
> -Analog tampers: measure analogic values
> 	- External clock frequency.
> 	- Temperature.
> 	- Voltage.
> 
> - Digital tampers:
> 	- External tamper
> 	- Other detectors:
> 		- Secure real-time counter rollover tamper.
> 		- Monotonic counter rollover tamper.
> 		- Power supply glitch tamper.
> 
> The on-chip sensors for voltage, temperature, and clock frequency
> indicate if tamper scenarios may be present. These sensors generate an
> out-of-range signal that causes a security violation to clear the
> authentication and storage keys and to block access to sensitive
> information.
> 
> Add linux module secvio driver to handle security violation interrupt.
> 
> The "imx-secvio-sc" module is designed to report security violations
> and tamper triggering to the user.
> 
> The functionalities of the module are accessible via the "debugfs"
> kernel.The folder containing the interface files for the module is
> "<kernel_debugfs>/secvio/".
> 
> Get status
> Reading from the "info" file will return the status of security:
> - Fuse related to security tampers.
> - SNVS readable registers.
> - DGO registers.
> 
> Signed-off-by: Vabhav Sharma <vabhav.sharma@....com>
> ---
> Vabhav Sharma (4):
>       dt-bindings: firmware: secvio: Add device tree bindings
>       firmware: imx: Add SC APIs required for secvio module
>       soc: imx: secvio: Add support for SNVS secvio and tamper via SCFW
>       arm64: dts: imx8q: Add node for Security Violation

Please version your patches correctly and provide changelog.

I wrote about b4 already, which solves this as well.

What changed here?

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ