Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp2685658rwl; Thu, 13 Apr 2023 09:30:12 -0700 (PDT) X-Google-Smtp-Source: AKy350bPv1r6IvHZy5LKwAKJoqlK+NvYbStvQyzrGzwasX+M/u3pyw3i2NROxZsHk/6q0MTU64Rf X-Received: by 2002:aa7:88c5:0:b0:5ce:ef1b:a86 with SMTP id k5-20020aa788c5000000b005ceef1b0a86mr4685091pff.2.1681403412408; Thu, 13 Apr 2023 09:30:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681403412; cv=none; d=google.com; s=arc-20160816; b=HWfLLxHAYrU4RiVhhCKRLtC4wFqSQZM80uNPlzIysk3uiqnS1lCLjxbmK2OnGsAAOq +LYz0+M4ZCNPCz7KhKSC8XFDNP581vgWQHoxxQkDwZtKjJ569wB7VzSfbT8y3v2gWW5f BSfEFQbyJfFSHWBWmrk3nKWuuxEwPXYBgaV822vdoPiE5DSQJF6rmX/c7FSBMTE8wpJn QN/RMrS6wc1q5PkfDImH6iERMNKGfyrS5x5JBhzP6ojyB+XJ4z6ojTifoq6ax9IgryFd TjkMoOOmQDBAeWVOBC0dkk8WPb3yCl6HnbLB3cOdvcWEa/BMyxk7Q6sgJwkPYmFKu8D1 5XQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :in-reply-to:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id; bh=pTHFNgyJbUZtNKTtt5HtaQXvUrV5qJcfdeeaFSUa//o=; b=gvbIG1sX9JGZBaAruPLFd1xhMYvBFCCdt+LeNcgm53T8ajWXeUXDWvoTmaSlh7aOl6 q9dcPSxruhyYapzyodeyW0pRUcRF3vqF3S50V4gHxPQqEcd9Lgr/HAaufD0HAZQ3Nv84 lnnPIJNQmIHuvea7vO89qeggizMQ/WekTTdTukp+ftmWo3OuBZRYmJWXaTI0j/j87Ghj hsPg4HApAkSkD5+h2/2dx2IrxjZ5uUQojCdGBjKyfKnlJyFIFyeUfwaNW5uUbIc4OAyl x+v3lNwltj9ASUtvgOIfq24YfvE2ysp5aPTbVbvSKbLyuWuNasikYbeT+k5mLTat+G/D SNiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z23-20020aa79497000000b005a8f2051fd3si2002440pfk.230.2023.04.13.09.29.56; Thu, 13 Apr 2023 09:30:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229775AbjDMQPj (ORCPT + 99 others); Thu, 13 Apr 2023 12:15:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229599AbjDMQPh (ORCPT ); Thu, 13 Apr 2023 12:15:37 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6982F83 for ; Thu, 13 Apr 2023 09:15:32 -0700 (PDT) Received: from [192.168.1.141] ([37.4.248.58]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MJm8N-1q2jCn41cn-00K9Yd; Thu, 13 Apr 2023 18:15:17 +0200 Message-ID: <9b03551a-278d-16dc-08ed-1ef0f89dc79c@i2se.com> Date: Thu, 13 Apr 2023 18:15:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH v2 2/2] ARM: dts: Add nvmem node for BCM2711 bootloader public key To: "Ivan T. Ivanov" Cc: Nicolas Saenz Julienne , Srinivas Kandagatla , Florian Fainelli , Tim Gover , Phil Elwell , linux-rpi-kernel@lists.infradead.org, linux-kernel@vger.kernel.org References: <20230413085206.149730-1-iivanov@suse.de> <20230413085206.149730-3-iivanov@suse.de> Content-Language: en-US From: Stefan Wahren In-Reply-To: <20230413085206.149730-3-iivanov@suse.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:xuyRRmVl4RrIuAlw3gGXHcQ/V1Gz7D5fI2wDb7+NFP/amX+exZj RAa+rM0dMedGkTHvcnrslOMoZPevDjUEF8QAxD0MOVDDm1YuDi2/62bVf4Xp5hkCagFmn9d TA14Ua1hceZaNRB1GOiVLCrLllgvAULd2hZc+qCqcUecd7nTz4AOq49CCvoBq8APjWq2rgn 2JZuPhawksgKRP6Ylah2A== UI-OutboundReport: notjunk:1;M01:P0:Wznru1Hlhf4=;iLltmxid+hryTPaj2pkC5HfeUsc HwzE8jvW6yN+OLynTQtB0gE8zf3e3ewttF1vYrnFeR1KnEKUNMo/hp/BExTJhXh7UdqOLPdYS s3x1pz601tiJ6jEtAiNS2uMy1szJrXXUx7BHBYKkgoHwdovWEd/O9rwiKhED/ojl1V0eVcmlW pJSeT9/lFWACZTQN72qrQqQh/NRcJz0VYSUJQpTPP4uTBUZw5JU6dpqx6MkeUj/XUZLPnLkpl pXB+Y/EOkh5h128VSAUc5iQlbKJfrgY09DUNqltUYCjIMZ15R1SXFyNJ4xfJLwVdZAZ3gWnTO XbPNevmjcfWU0KlYaYNxHkOZzq6uHrAswKkzWlZweSj6nvu4ahrB9EfaWcVt7sDclN/7PDT4P 7oKPkU/U+eoCJ1YqeLaqPGj6N3jIWHGD/6MeqmN5B0DTD5NnmooY15bLq49HyDjY7Y5RMC3bB tsgB2dUJjtMZU9pa8PO3/dzec5P6IQjsjZriNJRjlpjgIeihAwg0opbJ1UeI/zyrWKIAEMPTD F/e2ZsxFgDbgCrYHEzys1rI7bxFV17buYnzctpGLc8e/SPvL5wUhzu4BPFMFOsPg0ZSsHGFmS Q7RGsA/VTGD2DcJlDmbWnEVHZTHa5y6wASYR+DY/kptJQjNqMhVM6P6yjvViaLK7ec1BSY7dZ hNIL/Bz+YC0/FVO3qvl5qFFVX7Lobk+XLP7WCbCfKw== X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ivan, Am 13.04.23 um 10:52 schrieb Ivan T. Ivanov: > From: Tim Gover > > Make a copy of the bootloader secure-boot public key available to the OS > via an nvmem node. The placement information is populated by the > Raspberry Pi firmware if a public key is present in the BCM2711 > bootloader EEPROM. It would be nice to have a helpful link like: https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes > > Signed-off-by: Tim Gover > Signed-off-by: Ivan T. Ivanov > --- > arch/arm/boot/dts/bcm2711-rpi.dtsi | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/arch/arm/boot/dts/bcm2711-rpi.dtsi b/arch/arm/boot/dts/bcm2711-rpi.dtsi > index 98817a6675b9..e30fbe84f9c3 100644 > --- a/arch/arm/boot/dts/bcm2711-rpi.dtsi > +++ b/arch/arm/boot/dts/bcm2711-rpi.dtsi > @@ -15,6 +15,7 @@ aliases { > ethernet0 = &genet; > pcie0 = &pcie0; > blconfig = &blconfig; > + blpubkey = &blpubkey; > }; > }; > > @@ -67,6 +68,19 @@ blconfig: nvram@0 { > no-map; > status = "disabled"; > }; > + > + /* > + * RPi4 will copy the binary public key blob (if present) from the bootloader > + * into memory for use by the OS. > + */ > + blpubkey: nvram@1 { > + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; Yes this looks better, but this introduce a new dtbs_check issue. The new compatible must be documented in Documentation/devicetree/bindings/nvmem/rmem.yaml in a separate patch and reviewed by the DT guys. Btw better use linux-arm-kernel list instead of lkml Best regards > + #address-cells = <1>; > + #size-cells = <1>; > + reg = <0x0 0x0 0x0>; > + no-map; > + status = "disabled"; > + }; > }; > > &v3d {