Received: by 10.223.185.116 with SMTP id b49csp7484711wrg; Thu, 1 Mar 2018 06:20:17 -0800 (PST) X-Google-Smtp-Source: AG47ELsK6Z/n9v/FC8ikkBUH1fzM6YIyTCzzjLiWaf8MR+gJPGmfLymyRB5ovir6xSO6shVykSwd X-Received: by 10.99.116.23 with SMTP id p23mr1660811pgc.178.1519914017096; Thu, 01 Mar 2018 06:20:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519914017; cv=none; d=google.com; s=arc-20160816; b=Rzb38tsa1rU217jC37toirVC+xM46sHDHfe+dY9v5Ot1xUufx4ErS5tqP2mzJgvS82 ZZ2E4rDM/NtSVouWTZgpKf1lXbJ1pWmQ6zKObdbb61qDwY8SrNViRDEHa5pn+nZCbqmW f0iWQFOe2oyE95txJ6frcRsQN+XvfUEWHfRAMe8H2MQuO+mrnoqH+OqMaEcdUp3gR1n+ NexiZMibb4896D0XcOJKiirWGneFoR5wcVMAXOEIRiv1NmV9f9iJEPK/d15Hu9rXGl1+ CSQYAMpmjzad5pFA6bMYaixxPc3m5ZKmClVl2l1b9pHYgaXkhn6yy79rMXbK3Yc49wPK m22A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=ao614lqF2JEFf+nlJP4AMHhFEjlVNEwVE/IiFlKXHOc=; b=phACawP9V00/39VdC4CfarD4aqJOPHOCzEkGhQueAw7arC6zQ9O2HPnfxbbOSWKjK+ /gC0GRsK7RqsqMhc4nArIKjkCbMbCf2K3QPhpfV4t0cx9+mCVR5qPu9g4CODjM0R1e5i X+UVwQIV/79fKq64r3Y1HzZzDVTJCF0MnQRX1ykeAr7s2Y8Nq7PJiVf5eBEUv/J4Evfa YCknnpJ0nGvyvwzLZRbslopq7+oRvPJjCq13YM5Maqa1C37bNElOSwY+IN84rnslbVX6 a5NErMXLViPRb0hzYBp649gColi3NvdutKHG50jSkAyYDsj8M6fVq8hupivVYLtbn2Er +cGQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 61-v6si3145684plz.507.2018.03.01.06.20.02; Thu, 01 Mar 2018 06:20:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031280AbeCAOTZ (ORCPT + 99 others); Thu, 1 Mar 2018 09:19:25 -0500 Received: from foss.arm.com ([217.140.101.70]:39238 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1031206AbeCAOTX (ORCPT ); Thu, 1 Mar 2018 09:19:23 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 85BD71529; Thu, 1 Mar 2018 06:19:23 -0800 (PST) Received: from [10.1.210.88] (e110467-lin.cambridge.arm.com [10.1.210.88]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B7B223F246; Thu, 1 Mar 2018 06:19:21 -0800 (PST) Subject: Re: [PATCH v2 0/2] STM32 Extended TrustZone Protection driver To: Benjamin Gaignard , Mark Rutland Cc: Rob Herring , Maxime Coquelin , Alexandre Torgue , Arnd Bergmann , Loic PALLARDY , devicetree@vger.kernel.org, Linux ARM , Linux Kernel Mailing List , Benjamin Gaignard References: <20180301135806.19982-1-benjamin.gaignard@st.com> <20180301140243.3uamdvdcvmsxv6im@lakrids.cambridge.arm.com> From: Robin Murphy Message-ID: Date: Thu, 1 Mar 2018 14:19:16 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/03/18 14:15, Benjamin Gaignard wrote: > 2018-03-01 15:02 GMT+01:00 Mark Rutland : >> On Thu, Mar 01, 2018 at 02:58:04PM +0100, Benjamin Gaignard wrote: >>> On early boot stages STM32MP1 platform is able to dedicate some hardware blocks >>> to a secure OS running in TrustZone. >>> We need to avoid using those hardware blocks on non-secure context (i.e. kernel) >>> because read/write accesses could generate illegale access exceptions. >>> >>> Extended TrustZone Protection driver make sure that device is disabled if >>> non-secure world can't acces to it. >>> >>> version 2: >>> - do not use notifier anymore >>> - change status property value in device-tree if needed >>> - use a list of phandle instead of hard coded array >> >> As mentioned on v1, I don't think this should be done in Linux at all. >> >> If you wish to handle this dynamically, please fixup the DT *before* >> entering Linux. >> >> If you want a sane default in the dts file, put status = "disabled" on >> all nodes which the secure world might take ownership of. > > That is the case, nodes are disabled by ealier boot stages before entering > in Linux but, since mistakes and/or errors are always possible, fixup the DT > to avoid illegal access exceptions make sense for me. So why not also run a test on the memory controller in case the bootloader made a mistake in the memory node too? As I mentioned before, if you can't trust the DT to describe your hardware correctly you've already lost. Robin.