lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4860198.rnE6jSC6OK@diego>
Date: Fri, 24 Jan 2025 11:50:12 +0100
From: Heiko Stübner <heiko@...ech.de>
To: Niklas Cassel <cassel@...nel.org>
Cc: Quentin Schulz <quentin.schulz@...rry.de>,
 Quentin Schulz <foss+kernel@...il.net>, Rob Herring <robh@...nel.org>,
 Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley <conor+dt@...nel.org>,
 Jagan Teki <jagan@...eble.ai>,
 Michael Riesch <michael.riesch@...fvision.net>, devicetree@...r.kernel.org,
 linux-arm-kernel@...ts.infradead.org, linux-rockchip@...ts.infradead.org,
 linux-kernel@...r.kernel.org
Subject:
 Re: [PATCH v2 0/3] arm64: dts: rockchip: minimal support for Pre-ICT tester
 adapter for RK3588 Jaguar + add overlay tests

Am Freitag, 24. Januar 2025, 11:21:00 CET schrieb Niklas Cassel:
> On Thu, Jan 23, 2025 at 03:13:01PM +0100, Heiko Stübner wrote:
> > Am Mittwoch, 22. Januar 2025, 17:12:26 CET schrieb Niklas Cassel:
> > > On Wed, Jan 22, 2025 at 04:38:16PM +0100, Quentin Schulz wrote:
> > > > So essentially, if SPL_ATF_NO_PLATFORM_PARAM is selected (the default for
> > > > RK356x, RK3588, forced on on RK3308, enabled for the majority of RK3399
> > > > boards, enabled for all RK3328 boards) the DT won't be passed to TF-A so no
> > > > issue in terms of size on that side.
> > > > If it is not selected, for TF-A < 2.4 (released 20201117, 4 years ago), a
> > > > DTB bigger than 64KiB will crash TF-A.
> > > > If it is not selected, for TF-A >= 2.4, a DTB bigger than 128KiB will result
> > > > in TF-A not being able to read the DTB (for Rockchip, that means not being
> > > > able to derive the UART settings (controller and baudrate) to use, and will
> > > > use the compile-time default instead).
> > > 
> > > Not everyone is using binary blobs from Rockchip.
> > > On my rock5b (rk3588), I'm building the bootloader using buildroot,
> > > which is using upstream TrustedFirmware-A (v2.12).
> > > 
> > > 
> > > > In short, I don't know where to go with that additional piece of
> > > > information, but this is a bit bigger than simply moving things around and
> > > > adding compile-time tests for overlay application.
> > > 
> > > This is significant information indeed.
> > 
> > I guess the question is, can this hurt existing devices?
> > 
> > As Quentin mentioned, this only affects DTs that get handed over from
> > U-Boot to TF-A (and maybe OP-TEE).
> > 
> > So the whole range of things loading their DT from extlinux.conf or
> > whatever are not really affected.
> > 
> > 
> > DTs U-Boot can hand over are 2 types,
> > (1) built from within u-boot and
> > (2) stored somewhere centrally (SPI flash).
> > 
> > 
> > Case (1) is again not affected, as U-Boot (and other bootloaders) may
> > very well sync the DTS files, but generally not the build-system, so if
> > U-Boot (or any other bootloader) creates DTBs with symbols is completely
> > their own choice.
> > 
> > 
> > And for case (2) I see the manufacturer being responsible. Having the DT
> > in central storage makes it somewhat part of a "bios"-level in the hirarchy
> > and the general guarantee is that new software _will work_ with older DTs,
> > but the other way around is more a nice to have (old SW with new DTB).
> > 
> > So if some manufacturer has a centrally located DTB this does not matter
> > until they upgrade, and when that happens I do expect testing to happen
> > at the manufacturers side, before rolling out a "bios update"
> 
> Personally, I'm all for letting the kernel build the DTBs with symbols.
> 
> (I have a patch that I keep rebasing on my tree only for that purpose.
> Sure, I could modify my build scripts to build the DTB separately,
> but with this patch, I do not need to do anything since the kernel
> builds the DTBs already.)
> 
> Other platforms, e.g. TI already build many boards with symbols:
> https://github.com/torvalds/linux/blob/v6.13/arch/arm64/boot/dts/ti/Makefile#L242-L261
> 
> 
> You seems to have been against enabling symbols before:
> https://lore.kernel.org/linux-rockchip/171941553475.921128.9467465539299233735.b4-ty@sntech.de/
> https://lore.kernel.org/linux-rockchip/1952472.6tgchFWduM@diego/
> 
> But if you have changed you mind, and you are no longer concerned about
> doing so, then in my own self-interest I'm all for it :)

I'm all for keeping compatibility as good as possible and that issue came
on the table way too often already ;-) . In the past it was essentially easy
to go with "just don't enable symbols" and not go down the nitty-gritty
detail route - because that whole mesh of different firmware combinations
gives me a headache ;-) [0]

So finally going through those possible affected variants gave me those
thoughts of "is there even an actual problem with existing boards?".
Especially wrt forward<->backwards compatibility.

Outcome is, I'm definitly not sure about myself, but also could not come
up with an actual scenario. But that compile-time testing of applying
DTBOs is way too great to pass up on :-)


Heiko


[0] If just some vendor would directly work on upstream TF-A from the
beginning, instead of hacking up some half-decade old ATF  ... ;-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ