Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp601303ybl; Tue, 28 Jan 2020 08:37:45 -0800 (PST) X-Google-Smtp-Source: APXvYqzjM2dReqoqSJFXXC16UUfCvZ+a8h+tmwhYDrRrpXozfmF+lW9WGbQU3QxPJTD0gd9Edeuf X-Received: by 2002:a9d:10e:: with SMTP id 14mr16678024otu.59.1580229465156; Tue, 28 Jan 2020 08:37:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580229465; cv=none; d=google.com; s=arc-20160816; b=teZcRjMcIHU0i8vG0jr2YxjU6vYwAHP38U50kvJNQ5kEtVzUNNNOz5/T5uGHMivcdr C7RHrfzt/nO/qRQenD5ecDwqJJexZRzZC3y3TZqg0xsefl//+17cwrQ3FHQbxrkdxKFE /o76BvSAKiQlVrQrmGnXxWJdCG7W8hR3aijjSAA3IJAosXDd6VLXoYTyUSoA6QKiH7b6 cM8aSt4jBIRArsZ/5KvSpFS9gyMW0ktGIfXQSRw4547dpuXB/i4qJq5zJpgtBG0Z2K/h w1M7iV7vAHsk6E7E0m0ec0A8Npzz0Xm96UuT/VExeiHCLm5vFbHEKW9yyQ/fVY985rB+ /9Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0S1ZcEnNWpR2b8h8A7VtPVHtAL1Xx1woERGFH7fP4Os=; b=fLYSqPevwj/JJp2HCqcBtmXUlo/dP09UAGNalXqgL5+TFqBgXTunfkO3NnfZxuLM+P fDnmDTc5VsPQGN/w3slNi9QK/3xA7A4BbQvm98rF3ODY7kmtC+W0CWsjCvj/7SoH3dvH jmSTJD9JbelnFUDpQXFyeG7PkCIglpKZIZTTVnVCF4aEjI5g0rM8GAKp5fCgB6OWSM7p sazOa6L8fQO2GGFTIiYTlPOGRSmvONOYCbrY1Qpz4oXfLor9+qRlR/DQMP/1WCjZHEDs MlyiIC+kNrhVP5p1OuQMb+nEjbVgDMur0OVm/bfDC3YQYIXQZt3tiOQto9E9EGzmo/7g trGw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e14si9329075oti.33.2020.01.28.08.37.32; Tue, 28 Jan 2020 08:37:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726482AbgA1Qgd (ORCPT + 99 others); Tue, 28 Jan 2020 11:36:33 -0500 Received: from foss.arm.com ([217.140.110.172]:60324 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726034AbgA1Qgd (ORCPT ); Tue, 28 Jan 2020 11:36:33 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1D4D71FB; Tue, 28 Jan 2020 08:36:33 -0800 (PST) Received: from bogus (e103737-lin.cambridge.arm.com [10.1.197.49]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E072A3F68E; Tue, 28 Jan 2020 08:36:30 -0800 (PST) Date: Tue, 28 Jan 2020 16:36:28 +0000 From: Sudeep Holla To: Benjamin Gaignard Cc: broonie@kernel.org, robh@kernel.org, arnd@arndb.de, shawnguo@kernel.org, s.hauer@pengutronix.de, fabio.estevam@nxp.com, lkml@metux.net, loic.pallardy@st.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, linux-imx@nxp.com, kernel@pengutronix.de, linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org, system-dt@lists.openampproject.org, stefano.stabellini@xilinx.com, Sudeep Holla Subject: Re: [PATCH v2 0/7] Introduce bus firewall controller framework Message-ID: <20200128163628.GB30489@bogus> References: <20200128153806.7780-1-benjamin.gaignard@st.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200128153806.7780-1-benjamin.gaignard@st.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 28, 2020 at 04:37:59PM +0100, Benjamin Gaignard wrote: > Bus firewall framework aims to provide a kernel API to set the configuration > of the harware blocks in charge of busses access control. > > Framework architecture is inspirated by pinctrl framework: > - a default configuration could be applied before bind the driver. > If a configuration could not be applied the driver is not bind > to avoid doing accesses on prohibited regions. > - configurations could be apllied dynamically by drivers. > - device node provides the bus firewall configurations. > > An example of bus firewall controller is STM32 ETZPC hardware block > which got 3 possible configurations: > - trust: hardware blocks are only accessible by software running on trust > zone (i.e op-tee firmware). > - non-secure: hardware blocks are accessible by non-secure software (i.e. > linux kernel). > - coprocessor: hardware blocks are only accessible by the coprocessor. > Up to 94 hardware blocks of the soc could be managed by ETZPC. > /me confused. Is ETZPC accessible from the non-secure kernel space to begin with ? If so, is it allowed to configure hardware blocks as secure or trusted ? I am failing to understand the overall design of a system with ETZPC controller. > At least two other hardware blocks can take benefits of this: > - ARM TZC-400: http://infocenter.arm.com/help/topic/com.arm.doc.100325_0001_02_en/arm_corelink_tzc400_trustzone_address_space_controller_trm_100325_0001_02_en.pdf > which is able to manage up to 8 regions in address space. I strongly have to disagree with the above and NACK any patch trying to do so. AFAIK, no system designed has TZC with non-secure access. So we simply can't access this in the kernel and hence need no driver for the same. Please avoid adding above misleading information in future. -- Regards, Sudeep