| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D6VNZP10UQQM.1OZECZ6TZPY3P@fairphone.com> Date: Tue, 07 Jan 2025 08:32:22 +0100 From: "Luca Weiss" <luca.weiss@...rphone.com> To: "Vedang Nagar" <quic_vnagar@...cinc.com>, "Dmitry Baryshkov" <dmitry.baryshkov@...aro.org> Cc: <cros-qcom-dts-watchers@...omium.org>, "Bjorn Andersson" <andersson@...nel.org>, "Konrad Dybcio" <konrad.dybcio@...aro.org>, "Rob Herring" <robh@...nel.org>, "Krzysztof Kozlowski" <krzk+dt@...nel.org>, "Conor Dooley" <conor+dt@...nel.org>, <linux-arm-msm@...r.kernel.org>, <devicetree@...r.kernel.org>, <linux-kernel@...r.kernel.org>, "Vikash Garodia (QUIC)" <quic_vgarodia@...cinc.com> Subject: Re: [PATCH] arm64: dts: qcom: sc7280: enable venus node Hi Vedang, On Tue Jan 7, 2025 at 5:11 AM CET, Vedang Nagar wrote: > Hi Luca, > > On 11/13/2024 1:33 PM, Luca Weiss wrote: > > Hi Vedang, > > > > On Wed Nov 13, 2024 at 8:01 AM CET, Vedang Nagar wrote: > >> Hi Luca, > >> On 11/12/2024 8:49 PM, Luca Weiss wrote: > >>> Hi Vedang, > >>> > >>> On Tue Nov 12, 2024 at 3:39 PM CET, Vedang Nagar wrote: > >>>> > >>>> > >>>> On 11/12/2024 6:43 PM, Dmitry Baryshkov wrote: > >>>>> On Tue, 12 Nov 2024 at 08:17, Vedang Nagar <quic_vnagar@...cinc.com> wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> On 10/7/2024 1:20 AM, Dmitry Baryshkov wrote: > >>>>>>> On Fri, Oct 04, 2024 at 04:22:31PM GMT, Vedang Nagar wrote: > >>>>>>>> Enable the venus node on Qualcomm sc7280. It was made disabled > >>>>>>>> earlier to avoid bootup crash, which is fixed now with [1]. > >>>>>>> > >>>>>>> NAK, there might be other reasons to keep venus disabled, like the lack > >>>>>>> of the vendor-signed firmware for the particular device. > >>>>>> Can you pls elaborate more on this? Any device with sc7280 SOC can use > >>>>>> venus.mbn which is already present in linux-firmware git. > >>>>> > >>>>> Can it though if the device is fused to use vendor keys and to check > >>>>> the trust chain? > >>>> Yes, infact the existing ones are signed and works with trustzone authentication. > >>> > >>> No, the venus firmware from linux-firmware does not work on a device > >>> with secure boot on, like the (QCM6490) Fairphone 5 smartphone. > >> Are you saying even after applying this [1] you are seeing the same ? > >> > >> [1] > >> https://patchwork.kernel.org/project/linux-media/patch/20231201-sc7280-venus-pas-v3-2-bc132dc5fc30@fairphone.com/ > > > > That patch has been in mainline since v6.9 and my tree is newer, so yes. > > > > See e.g. Qualcomm doc KBA-161204232438 for some details. > > > > Regards > > Luca > > > >>> > >>> $ rm /lib/firmware/qcom/qcm6490/fairphone5/venus.mbn > >>> $ cp /lib/firmware/qcom/vpu-2.0/venus.mbn.zst /lib/firmware/qcom/qcm6490/fairphone5/venus.mbn.zst > >>> > >>> leads to > >>> > >>> [ 10.848191] qcom-venus aa00000.video-codec: Adding to iommu group 13 > >>> [ 10.863062] qcom-venus aa00000.video-codec: non legacy binding > >>> [ 10.909555] qcom-venus aa00000.video-codec: error -22 initializing firmware qcom/qcm6490/fairphone5/venus.mbn > >>> [ 10.910099] qcom-venus aa00000.video-codec: fail to load video firmware > >>> [ 10.910849] qcom-venus aa00000.video-codec: probe with driver qcom-venus failed with error -22 > >>> > We have seen similar issue with older firmware present in > linux-firmware git due to a bug in singing of the firmware image. > > This issue seems to be resolved with below change: > aeede7afb7a186b62f9e1f959c33fd5f2dea0f7a: qcom: update venus firmware file for SC7280 > > Can you pls give a try with latest firmware if you still see the same issue? > We tried internally and do not see any such failure now. Still same issue after $ sudo rm /lib/firmware/qcom/qcm6490/fairphone5/venus.mbn $ sudo cp ~/linux-firmware-aeede7afb7a186b62f9e1f959c33fd5f2dea0f7a/qcom/vpu/vpu20_p1.mbn /lib/firmware/qcom/qcm6490/fairphone5/venus.mbn [ 10.260044] qcom-venus aa00000.video-codec: Adding to iommu group 13 [ 10.260681] qcom-venus aa00000.video-codec: non legacy binding [ 10.406306] qcom-venus aa00000.video-codec: error -22 initializing firmware qcom/qcm6490/fairphone5/venus.mbn [ 10.406681] qcom-venus aa00000.video-codec: fail to load video firmware [ 10.420897] qcom-venus aa00000.video-codec: probe with driver qcom-venus failed with error -22 Did you try internally on a board with secure boot on or off? I can imagine this image working fine on SB-off, but not on SB-on, as mentioned before. Because when I take that image from linux-firmware and run it through sectools with the signing config for this device, that firmware initializes fine. ./sectools/sectools.py secimage --sign --validate \ --image_file=vpu20_p1.mbn --sign_id=venus --chipset=kodiak \ --output_dir=out-signed --cfg_selected_cert_config=my_sign_config [ 10.624885] qcom-venus aa00000.video-codec: Adding to iommu group 13 [ 10.632036] qcom-venus aa00000.video-codec: non legacy binding $ cat /sys/kernel/debug/qcom_socinfo/video/name 14:video-firmware.1.0-ed457c183307eff1737608763ca0f23656c95b53 $ cat /sys/kernel/debug/qcom_socinfo/video/oem :hw-skotecha-hyd $ cat /sys/kernel/debug/qcom_socinfo/video/variant PROD Regards Luca > > Regards, > Vedang Nagar > > >>> It's the same with e.g. adsp firmware, modem firmware, etc. > >>> > >>> With secure boot off, yes, the hardware will load any firmware > >>> regardless of the signature. > >>> > >>> Regards > >>> Luca > >>> > >>>>> > >>>>>> > >>>>>> Regards, > >>>>>> Vedang Nagar > >>>>>>> > >>>>>>>> > >>>>>>>> [1] > >>>>>>>> https://lore.kernel.org/linux-media/20231201-sc7280-venus-pas-v3-2-bc132dc5fc30@fairphone.com/ > >>>>>>>> > >>>>>>>> Signed-off-by: Vedang Nagar <quic_vnagar@...cinc.com> > >>>>>>>> --- > >>>>>>>> arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 -- > >>>>>>>> 1 file changed, 2 deletions(-) > >>>>>>> > >>>>> > >>>>> > >>>>> > >>>
Powered by blists - more mailing lists