Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1463925pxv; Fri, 23 Jul 2021 08:55:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCY4QVGGrf02p3mmE9KnTOj5HGkRM5Ymk3JSVptCCNilpyOLS7OywgNSEEok/GDg0OQR9P X-Received: by 2002:a92:b111:: with SMTP id t17mr4117900ilh.208.1627055708183; Fri, 23 Jul 2021 08:55:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627055708; cv=none; d=google.com; s=arc-20160816; b=aTKfY7Je9y6LzRellCD8grFaQ2guLVPao0Mc+m3/uS8yt8JxZhAwAPz7z5jHsvIg+O YV2WMWw154W/STyaGLE6r/9d3ErOtZLhToyBeSK2TVc0k3bQNCZvUZEVS326+kVXGFV8 1A5f1l4YqtbtqH4iffY25xoYAiSasUU205Tj/TfbI5WRNf3jeYXTgCqaRZB3Cr+FuBTF q2zOvTqlGu0KAtoXicl8Zo+txsGPmbEJhKOsmG5YubsaRecIPVmTFbFHueG8rw4vGSYr 1p1RrmhKYsx/XqJwtstCOGT+vBv1xK/O9sgok1fkmPrba5ssJiXT63iH9wJIQYaSikvT 8cng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=kaNMHhBIQ48yWOkU8uHo8ryY1eYyyB9aeSquOcK0HX0=; b=DT8cXuu+Uqx68pn2BM5nmba0HBxswutHix5JW/XHf025c9e6ne6MrOuXj+N1PACwqh J3s8CONCYndYGPNT3yAn5gzthH5Nx0leNJBBdn3LdliM1IEaNXJyHPLqA6T4TVTUkk85 rKhnNXi7KrJ5ue07mSXtRbznYvii9i+A+QAqDW8Ap85kyXdwReFARxD3IwySWTCJLQHO IcOifdXq4SzLNPp+BRAsxrV/UOgvHtnr8a2+vG8nCnomApHyjRJhTz4/KbvEdz2Istv9 18d7Lm+IvkJl8uSJEePGu3n9FZdB2oIkJ2Zhdt1WZEIOU2rTmaYsePm7su8EeNzfD7yV dpNA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x7si41273642ilu.63.2021.07.23.08.54.56; Fri, 23 Jul 2021 08:55:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235609AbhGWPM5 convert rfc822-to-8bit (ORCPT + 99 others); Fri, 23 Jul 2021 11:12:57 -0400 Received: from relay8-d.mail.gandi.net ([217.70.183.201]:55297 "EHLO relay8-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235578AbhGWPMr (ORCPT ); Fri, 23 Jul 2021 11:12:47 -0400 Received: (Authenticated sender: clement.leger@bootlin.com) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 779FE1BF20A; Fri, 23 Jul 2021 15:53:16 +0000 (UTC) Date: Fri, 23 Jul 2021 17:53:15 +0200 From: =?UTF-8?B?Q2zDqW1lbnQgTMOpZ2Vy?= To: Mark Brown Cc: Lee Jones , Rob Herring , Greg Kroah-Hartman , "Rafael J. Wysocki" , Arnd Bergmann , devicetree@vger.kernel.org, linux-kernel@vger.kernel.org, Peng Fan , Sudeep Holla , Alexandre Belloni Subject: Re: [PATCH 1/3] regmap: add regmap using ARM SMCCC Message-ID: <20210723175315.3eb149c7@fixe.home> In-Reply-To: <20210723144317.GF5221@sirena.org.uk> References: <20210723135239.388325-1-clement.leger@bootlin.com> <20210723135239.388325-2-clement.leger@bootlin.com> <20210723144317.GF5221@sirena.org.uk> Organization: Bootlin X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mark, Le Fri, 23 Jul 2021 15:43:18 +0100, Mark Brown a écrit : > On Fri, Jul 23, 2021 at 03:52:37PM +0200, Clément Léger wrote: > > > When running under secure monitor control, some controllers can be > > placed in secure world and their access is thus not possible from > > normal world. However, these controllers frequently contain > > registers than are needed by the normal world for a few specific > > operations. > > > This patch adds a regmap where registers are accessed using SMCs. > > The secure monitor is then responsible to allow or deny access to > > the requested registers. > > I can't see any SMC specification for this interface? Frankly I have > some very substantial concerns about the use case for this over > exposing the functionality of whatever device the SMC is gating > access to through SMC interfaces specific to that functionality. This would require to modify drivers to check if the access should be done using SMCs, parse the device tree to find appropriate SMC ids for each functionality, add dependencies in KConfig on HAVE_ARM_SMCCC_DISCOVERY, and do SMC calls instead of regmap access. I'm not saying this is not the way to go but this is clearly more intrusive than keeping the existing syscon support. > Exposing raw access to a (presumed?) subset of whatever device > functionality feels like the wrong abstraction level to be working at > and like an invitation to system integrators to do things that are > going to get them into trouble down the line. Indeed, access is reduced to a subset of registers offset which are checked by the TEE. > > If the end user really is just twiddling a few bits here and there I'd > expect those functionality specific services to be pretty simple to > do, slightly more effort on the secure monitor side but a lot safer. The SMC id is supposed to be unique for a given device. The TEE check is merely a register offset check and a value check. But I agree that the attack surface is larger than with a SMC targeted for a single functionality though. > If there is a use case for passing through an entire device for some > reason (ran out of controllers or something?) then I think we > probably want an abstraction at the bus level so we don't need to add > custom support to every device that we want to pass through and it's > clear what's going on. In our use case, only a few registers located in a secure controller is needed to be done. We don't have a use case for an entire device access. Clément