| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2024 21:48:47 +0300 From: Kalle Valo <kvalo@...nel.org> To: Bjorn Andersson <andersson@...nel.org> Cc: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>, Bjorn Andersson <quic_bjorande@...cinc.com>, neil.armstrong@...aro.org, Konrad Dybcio <konrad.dybcio@...aro.org>, Loic Poulain <loic.poulain@...aro.org>, Mathieu Poirier <mathieu.poirier@...aro.org>, Rob Herring <robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley <conor+dt@...nel.org>, linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org, wcn36xx@...ts.infradead.org, linux-wireless@...r.kernel.org, linux-remoteproc@...r.kernel.org, devicetree@...r.kernel.org, Arnd Bergmann <arnd@...db.de> Subject: Re: [PATCH 01/12] soc: qcom: add firmware name helper Bjorn Andersson <andersson@...nel.org> writes: > On Mon, May 27, 2024 at 02:42:44PM GMT, Dmitry Baryshkov wrote: > >> On Thu, 23 May 2024 at 01:48, Bjorn Andersson <quic_bjorande@...cinc.com> wrote: >> > >> > On Tue, May 21, 2024 at 03:08:31PM +0200, Dmitry Baryshkov wrote: >> > > On Tue, 21 May 2024 at 13:20, Kalle Valo <kvalo@...nel.org> wrote: >> > > > >> > > > Dmitry Baryshkov <dmitry.baryshkov@...aro.org> writes: >> > > > >> > > > > On Tue, 21 May 2024 at 12:52, <neil.armstrong@...aro.org> wrote: >> > > > >> >> > > > >> On 21/05/2024 11:45, Dmitry Baryshkov wrote: >> > > > >> > Qualcomm platforms have different sets of the firmware files, which >> > > > >> > differ from platform to platform (and from board to board, due to the >> > > > >> > embedded signatures). Rather than listing all the firmware files, >> > > > >> > including full paths, in the DT, provide a way to determine firmware >> > > > >> > path based on the root DT node compatible. >> > > > >> >> > > > >> Ok this looks quite over-engineered but necessary to handle the legacy, >> > > > >> but I really think we should add a way to look for a board-specific path >> > > > >> first and fallback to those SoC specific paths. >> > > > > >> > > > > Again, CONFIG_FW_LOADER_USER_HELPER => delays. >> > > > >> > > > To me this also looks like very over-engineered, can you elaborate more >> > > > why this is needed? Concrete examples would help to understand better. >> > > >> > > Sure. During the meeting last week Arnd suggested evaluating if we can >> > > drop firmware-name from the board DT files. Several reasons for that: >> > > - DT should describe the hardware, not the Linux-firmware locations >> > > - having firmware name in DT complicates updating the tree to use >> > > different firmware API (think of mbn vs mdt vs any other format) >> > > - If the DT gets supplied by the vendor (e.g. for >> > > SystemReady-certified devices), there should be a sync between the >> > > vendor's DT, linux kernel and the rootfs. Dropping firmware names from >> > > DT solves that by removing one piece of the equation >> > > >> > > Now for the complexity of the solution. Each SoC family has their own >> > > firmware set. This includes firmware for the DSPs, for modem, WiFi >> > > bits, GPU shader, etc. >> > > For the development boards these devices are signed by the testing key >> > > and the actual signature is not validated against the root of trust >> > > certificate. >> > > For the end-user devices the signature is actually validated against >> > > the bits fused to the SoC during manufacturing process. CA certificate >> > > (and thus the fuses) differ from vendor to vendor (and from the device >> > > to device) >> > > >> > > Not all of the firmware files are a part of the public linux-firmware >> > > tree. However we need to support the rootfs bundled with the firmware >> > > for different platforms (both public and vendor). The non-signed files >> > > come from the Adreno GPU and can be shared between platforms. All >> > > other files are SoC-specific and in some cases device-specific. >> > > >> > > So for example the SDM845 db845c (open device) loads following firmware files: >> > > Not signed: >> > > - qcom/a630_sqe.fw >> > > - qcom/a630_gmu.bin >> > > >> > > Signed, will work for any non-secured sdm845 device: >> > > - qcom/sdm845/a630_zap.mbn >> > > - qcom/sdm845/adsp.mbn >> > > - qcom/sdm845/cdsp.mbn >> > > - qcom/sdm485/mba.mbn >> > > - qcom/sdm845/modem.mbn >> > > - qcom/sdm845/wlanmdsp.mbn (loaded via TQFTP) >> > > - qcom/venus-5.2/venus.mbn >> > > >> > > Signed, works only for DB845c. >> > > - qcom/sdm845/Thundercomm/db845c/slpi.mbn >> > > >> > > In comparison, the SDM845 Pixel-3 phone (aka blueline) should load the >> > > following firmware files: >> > > - qcom/a630_sqe.fw (the same, non-signed file) >> > > - qcom/a630_gmu.bin (the same, non-signed file) >> > > - qcom/sdm845/Google/blueline/a630_zap.mbn >> > >> > How do you get from "a630_zap.mbn" to this? By extending the lookup >> > table for every target, or what am I missing? >> >> More or less so. Matching the root OF node gives us the firmware >> location, then it gets prepended to all firmware targets. Not an ideal >> solution, as there is no fallback support, but at least it gives us >> some points to discuss (and to decide whether to move to some >> particular direction or to abandon the idea completely, making Arnd >> unhappy again). >> > > I understand the desire to not put linux-firmware-specific paths in the > DeviceTree Me too. > but I think I'm less keen on having a big lookup table in the > kernel... Yeah, also for me this feels wrong. But on the other hand I don't have anything better to suggest either... -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists