| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<AS1PR04MB9358D3AE83FDB89672AE9158F3FB2@AS1PR04MB9358.eurprd04.prod.outlook.com>
Date: Fri, 7 Jun 2024 05:08:39 +0000
From: Vabhav Sharma <vabhav.sharma@....com>
To: Frank Li <frank.li@....com>
CC: Rob Herring <robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>,
Conor Dooley <conor+dt@...nel.org>, Franck Lenormand
<franck.lenormand@....com>, Aisheng Dong <aisheng.dong@....com>, Shawn Guo
<shawnguo@...nel.org>, Sascha Hauer <s.hauer@...gutronix.de>, Pengutronix
Kernel Team <kernel@...gutronix.de>, Fabio Estevam <festevam@...il.com>, Peng
Fan <peng.fan@....com>, "devicetree@...r.kernel.org"
<devicetree@...r.kernel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "imx@...ts.linux.dev" <imx@...ts.linux.dev>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>, Varun Sethi <V.Sethi@....com>,
Silvano Di Ninno <silvano.dininno@....com>, Pankaj Gupta
<pankaj.gupta@....com>, Daniel Baluta <daniel.baluta@....com>
Subject: RE: [PATCH 1/4] dt-bindings: firmware: secvio: Add device tree
bindings
> -----Original Message-----
> From: Frank Li <frank.li@....com>
> Sent: Thursday, May 9, 2024 8:37 AM
> To: Vabhav Sharma <vabhav.sharma@....com>
> Cc: Rob Herring <robh@...nel.org>; Krzysztof Kozlowski
> <krzk+dt@...nel.org>; Conor Dooley <conor+dt@...nel.org>; Franck
> Lenormand <franck.lenormand@....com>; Aisheng Dong
> <aisheng.dong@....com>; Shawn Guo <shawnguo@...nel.org>; Sascha
> Hauer <s.hauer@...gutronix.de>; Pengutronix Kernel Team
> <kernel@...gutronix.de>; Fabio Estevam <festevam@...il.com>; Peng Fan
> <peng.fan@....com>; devicetree@...r.kernel.org; linux-
> kernel@...r.kernel.org; imx@...ts.linux.dev; linux-arm-
> kernel@...ts.infradead.org; Varun Sethi <V.Sethi@....com>; Silvano Di Ninno
> <silvano.dininno@....com>; Pankaj Gupta <pankaj.gupta@....com>; Daniel
> Baluta <daniel.baluta@....com>
> Subject: Re: [PATCH 1/4] dt-bindings: firmware: secvio: Add device tree
> bindings
>
> On Thu, May 09, 2024 at 02:45:32AM +0200, Vabhav Sharma wrote:
> > Document the secvio device tree bindings.
>
> reduntant sentence.
Ok, I am removing in v3.
> >
> > The tampers are security feature available on i.MX products and
> > managed by SNVS block.The tamper goal is to detect the variation
> ^^ space here
>
> > of hardware or physical parameters, which can indicate an attack.
> >
> > The SNVS, which provides secure non-volatile storage, allows to detect
> > some hardware attacks against the SoC.They are connected
> ^^ space here
> > to the security-violation ports, which send an alert when an
> > out-of-range value is detected.
> >
> > The "imx-secvio-sc" module is designed to report security violations
> > and tamper triggering via SCU firmware to the user.
> >
> > Add the imx-scu secvio sub node and secvio sub node description.
> >
> > Signed-off-by: Franck LENORMAND <franck.lenormand@....com>
> > Signed-off-by: Vabhav Sharma <vabhav.sharma@....com>
> > ---
> > .../bindings/arm/freescale/fsl,scu-secvio.yaml | 35
> ++++++++++++++++++++++
> > .../devicetree/bindings/firmware/fsl,scu.yaml | 10 +++++++
> > 2 files changed, 45 insertions(+)
> >
> > diff --git
> > a/Documentation/devicetree/bindings/arm/freescale/fsl,scu-secvio.yaml
> > b/Documentation/devicetree/bindings/arm/freescale/fsl,scu-secvio.yaml
> > new file mode 100644
> > index 000000000000..30dc1e21f903
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/arm/freescale/fsl,scu-secvio.y
> > +++ aml
> > @@ -0,0 +1,35 @@
> > +# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) %YAML 1.2
> > +---
> > +$id: http://devicetree.org/schemas/arm/freescale/fsl,scu-secvio.yaml#
> > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > +
> > +title: NXP i.MX Security Violation driver
>
> Violation detect driver
Ok
>
> > +
> > +maintainers:
> > + - Franck LENORMAND <franck.lenormand@....com>
> > +
> > +description: |
>
> Needn't "|"
Ok
>
> > + Receive security violation from the SNVS via the SCU firmware.
> > + Allow to register notifier for additional processing
> > +
> > +properties:
> > + compatible:
> > + enum:
> > + - fsl,imx-sc-secvio
> > +
> > + nvmem:
> > + maxItems: 1
> > +
>
> any interrupt defined? how do you notify such violation event?
Yes, there is security violation interrupt bit in register map of SECVIO HW block with uses RPC call to notify/enable/disable this bit using RPC API exported through SCU firmware
>
> > +required:
> > + - compatible
> > + - nvmem
> > +
> > +additionalProperties: false
> > +
> > +examples:
> > + - |
> > + secvio {
> > + compatible = "fsl,imx-sc-secvio";
> > + nvmem = <&ocotp>;
> > + };
> > diff --git a/Documentation/devicetree/bindings/firmware/fsl,scu.yaml
> > b/Documentation/devicetree/bindings/firmware/fsl,scu.yaml
> > index 557e524786c2..b40e127fdc88 100644
> > --- a/Documentation/devicetree/bindings/firmware/fsl,scu.yaml
> > +++ b/Documentation/devicetree/bindings/firmware/fsl,scu.yaml
> > @@ -129,6 +129,11 @@ properties:
> > RTC controller provided by the SCU
> > $ref: /schemas/rtc/fsl,scu-rtc.yaml
> >
> > + secvio:
> > + description:
> > + Receive security violation from the SNVS via the SCU firmware
> > + $ref: /schemas/arm/freescale/fsl,scu-secvio.yaml
> > +
> > thermal-sensor:
> > description:
> > Thermal sensor provided by the SCU @@ -197,6 +202,11 @@
> > examples:
> > compatible = "fsl,imx8qxp-sc-rtc";
> > };
> >
> > + secvio {
> > + compatible = "fsl,imx-sc-secvio";
> > + nvmem = <&ocotp>;
> > + };
> > +
> > keys {
> > compatible = "fsl,imx8qxp-sc-key", "fsl,imx-sc-key";
> > linux,keycodes = <KEY_POWER>;
> >
> > --
> > 2.25.1
> >
Powered by blists - more mailing lists