Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp345256ybm; Thu, 28 May 2020 04:24:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx+KE5FX8Lm6981tbMZsF65O2ozj22A4hziVoccbalwwPk5FK/juUvVTmvYHFOATf7Hslj+ X-Received: by 2002:a17:906:11c4:: with SMTP id o4mr2623376eja.163.1590665086229; Thu, 28 May 2020 04:24:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590665086; cv=none; d=google.com; s=arc-20160816; b=rBi48FA3iBhVsfqtKyKQLjT+jlw1+9NeM1CSln4CPg284RcAl0zfsK1qElYLF9AK9c OtFr/2UuRznzmFC8EUCoJJZgm6PbEaIUMQAj6/CHT4O2iMvSQTnf8z0b7XYZkKu89ph3 PfF8Ee+s+Uzgi79QlRNL1X0+7PbjLTBiWyiSf/4Qm5rV4GG7baVi2JFuwfSzHv2wYznG Fm3ua3+58rWg2GEbXLME6+juLa4CU09GEgiCh9gQX2hSNMl71YnGJZ3oNSheVBSkqiGJ GGfQAcAuTjUM5GBezl+f6RHiusKwsw9590ZUV+sKv2OB6meebMRlv7QG0ryEQ0O7bQKK 6tXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=74DSziAB8SCMNnPI/XvRGMiTWqrPf790coZDjqFYb+E=; b=rWuxtr63TUhsD9N2VyBXxTHcl2k4OIMdFD6RD8qyQJgnSFadFjadU3D8XzUBDi99Q4 1No9gf7mJL1m+7jdQ59nuh6JGNwKQpX8BCMCf1AZoZBGTfWzi5FwY8xWnp+D+xSC3U3z cmB0RpdnDCDcjpPrvCdyBTSn2seWUx4EvVeOLpv8am1K8tjv7Z0vwcy3GP91cdw+KK6R gZoU2qV1hYGL2NgrBsGY0MdLJHq8L0KyewI1Rx0RADHvctn5+PkxT6B1EBcbCy5dm5Wh 3jZnyyKwtd+BzdsnjLpCnacgsKW02u3zPXM/i4K8wjWAC/M3x1AbA0KTyVM+bubVyIe0 Quig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i17si3395538ejy.575.2020.05.28.04.24.22; Thu, 28 May 2020 04:24:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388341AbgE1LWe (ORCPT + 99 others); Thu, 28 May 2020 07:22:34 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:58278 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388202AbgE1LWe (ORCPT ); Thu, 28 May 2020 07:22:34 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 4C7001C0351; Thu, 28 May 2020 13:22:32 +0200 (CEST) Date: Thu, 28 May 2020 13:22:31 +0200 From: Pavel Machek To: "Alessandrelli, Daniele" Cc: "arnd@arndb.de" , "robh@kernel.org" , "Murphy, Paul J" , "gregkh@linuxfoundation.org" , "Shevchenko, Andriy" , "linux-kernel@vger.kernel.org" , "daniele.alessandrelli@linux.intel.com" Subject: Re: [PATCH 1/1] soc: keembay: Add Keem Bay IMR driver Message-ID: <20200528112231.GA22054@duo.ucw.cz> References: <13ca92165fab2827b6d439661e75f5b91ef083c2.1587485099.git.daniele.alessandrelli@intel.com> <20200501081002.GA1055721@kroah.com> <20200524212851.GG1192@bug> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > > Agreed, this sounds like an incompatible extension of the boot > > protocol > > that we should otherwise not merge. > >=20 > > However, there is also a lot of missing information here, and it is > > always > > possible they are trying to something for a good reason. As long as > > the > > problem that the bootloader is trying to solve is explained well > > enough > > in the changelog, we can discuss it to see how it should be done > > properly. >=20 >=20 > Apologies, I should have provided more information. Here it is :) >=20 > Basically, at boot time U-Boot code and core memory (.text, .data, > .bss, etc.) is protected by this Isolated Memory Region (IMR) which > prevents any device or processing units other than the ARM CPU to > access/modify the memory. >=20 > This is done for security reasons, to reduce the risks that a potential > attacker can use "hijacked" HW devices to interfere with the boot > process (and break the secure boot flow in place). Dunno. You disable that after boot anyway. Whether it is disabled just before starting kernel or just after it makes very little difference. Plus, I'm not sure if this has much security value at all. If I can corrupt data u-boot works _with_ (such as kernel, dtb), I'll take over the system anyway. IOW I believe the best/simplest way is to simply disable this in u-boot before jumping to kernel entrypoint. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCXs+e9wAKCRAw5/Bqldv6 8kTnAJkBCFaIH+RgyEIJB348L5Z1U0EPAwCglTSJuvMLH/LegS0zeGTtaIRLU2s= =U8+S -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL--