Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp1088933rdb; Fri, 22 Dec 2023 14:38:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IEzaT6HAtge96hAJFogb6ixP3+v6/0LCZEPU02imYZ3czi/dK+2OtIxaM0kHfUm+CMRpr7r X-Received: by 2002:a17:906:1088:b0:a23:5eac:181e with SMTP id u8-20020a170906108800b00a235eac181emr598979eju.258.1703284708332; Fri, 22 Dec 2023 14:38:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703284708; cv=none; d=google.com; s=arc-20160816; b=FDW3z5EUQEo8faI7ElEytcXFRk5ESRX6Ms9+D3K2fQEPyZLC/JBWRN9DJW4flUckuh r0qnFNFaYjLEmrT2wZ3zMqY2locy5/6aBt1CgPbaXUc+2bmIn+Kgp0LzIvE3a6Qsy2dN ATdZ6rG9AGN/lAwAcqxGzkPtCAm7ffVfhK3KJF13UXKD997ymtZV4xx15hyctbHpWqrU GWx2qR0K1dDtZc0RIHmSGLEraDt8ibiV2+/KMiAqre/yyfGAbw3a9Qnqhu5jP6RhmohW OuN1FSW56pnfoPwYGdAep9dQ6zUqp498COOJcLIUBW+qZzGxCZVSzOTw7isV7q4V/FW7 /syw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature:dkim-signature; bh=/41xo+PgsU6BMJfQdmIBbnZG36MQnMC6lXFKf5V3ln0=; fh=94UIxiHhaN2G/ctULg07eTstAwdt5dEMWhGIb8BIJhQ=; b=gIGYjgZDq5rsLMH3BYtvuLzFbgart3CciKoHknMVK8pycG7LNRdSHGaiMxG2suwycq HAz9RWWRad+6qS2Xq20C3T1C7NC+n4fYnMth41h2D16oSATtkUC5GxGJs+7thw4bVy2T XpPaWeL4TjQfv782JpQM2cGj+ECAmzu0OnoQT8nIzZX1j/YRUbFIpaQgghXR7y0EVYiY LvgaF+sR8m6he9+1u3ZsTgHlg/gbmsqz/MGAdVuYERJ2UWNWfUw++9Cv0OOKs9Fu2rvh TkJHxO/myLSdvcQTiePwRGQidhCFFs4FbjDG9q+8mhjN3uSGqI8yVk4qhlcyQLnZqtYI OAaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@stwcx.xyz header.s=fm1 header.b=lHECv2H0; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EEs74KvM; spf=pass (google.com: domain of linux-kernel+bounces-10084-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-10084-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id u7-20020a1709060b0700b00a26ac2f2725si1560173ejg.303.2023.12.22.14.38.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 14:38:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-10084-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@stwcx.xyz header.s=fm1 header.b=lHECv2H0; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=EEs74KvM; spf=pass (google.com: domain of linux-kernel+bounces-10084-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-10084-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E6A171F23F1C for ; Fri, 22 Dec 2023 22:38:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 527492EAFA; Fri, 22 Dec 2023 22:38:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=stwcx.xyz header.i=@stwcx.xyz header.b="lHECv2H0"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="EEs74KvM" X-Original-To: linux-kernel@vger.kernel.org Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44F311EB37; Fri, 22 Dec 2023 22:38:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=stwcx.xyz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=stwcx.xyz Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 28ADB5C025B; Fri, 22 Dec 2023 17:38:14 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Fri, 22 Dec 2023 17:38:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stwcx.xyz; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1703284694; x=1703371094; bh=/41xo+PgsU 6BMJfQdmIBbnZG36MQnMC6lXFKf5V3ln0=; b=lHECv2H0/3MzwSqA+HM3sTqnY7 w0W2Je0aveo3bUZ9Ze60PgAM8iugwNGsSAYt7e1/XV8hKDaRscf14WGo+Cz970z0 EmU25JPlbfyztsOuPJPYZSa1BeC6fUqbQ7tVb+PvRJ2hzP4EFipW4UbpV+5u0pMx lfM85irt67KA8UrjHxuUKl/+ZCCjra+Z+2JWU5rU4VGOfQs+WST4TE/gmRa4+3Ar 8ngZL49ZSBPddByIJpH/clUptH/loOKadZfQigH4OlOGPB5jeD1ElHOu4dsUI2Vq GTvv6G8+lpbvz/gyn7C6e8yhpPmtRzH4C7viXQ+b7cLKkXFIMg77SMp3Cu7w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1703284694; x=1703371094; bh=/41xo+PgsU6BMJfQdmIBbnZG36MQ nMC6lXFKf5V3ln0=; b=EEs74KvMB9STSi74yK0MEsMjXS0SdviaIBnWISrsDx2z 8mrOGIjI2X0thmLryHks6aJtQsEU32oHZqICJCJiDfbul67TZEedh5p3nQxbKpLP z1KH3NaY187b7R7v8bsT5b1DtA1G0TnahphCeK6qIwopjfH36BcIa5T8C0L6ysJe 95BphITNVPB+2UwvLVMw/IJwed6sfXk1y85ahhO+JgJiilpa5hMYzTa5vuk9FsDy nVpBLcWfVpHrBtzyxCI9YmIyC/XQqZZg6BwFY1cSCe8sPYU2VS72/bY39ezA/cYT FYq0p2QL6j/OSGo30PLfPLlvHB0PX6GMMY5Vnd7LZQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvddukecutefuodetggdotefrodftvfcurf hrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlh cuvffnffculddugedmnecujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvden ucfhrhhomheprfgrthhrihgtkhcuhghilhhlihgrmhhsuceophgrthhrihgtkhesshhtfi gtgidrgiihiieqnecuggftrfgrthhtvghrnhepleekhefhffejffehhfeuheeffeekueet teduhfeugfevudevheehieeuhfejveejnecuffhomhgrihhnpehkvghrnhgvlhdrohhrgh dpghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepphgrthhrihgtkhesshhtfigtgidrgiihii X-ME-Proxy: Feedback-ID: i68a1478a:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 22 Dec 2023 17:38:12 -0500 (EST) Date: Fri, 22 Dec 2023 16:38:12 -0600 From: Patrick Williams To: Lukas Wunner Cc: Howard Chiu , robh+dt@kernel.org, joel@jms.id.au, andrew@aj.id.au, devicetree@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-aspeed@lists.ozlabs.org, linux-kernel@vger.kernel.org, potin.lai@quantatw.com, Howard Chiu , linux-integrity@vger.kernel.org Subject: Re: [PATCH v8] ARM: dts: aspeed: Adding Facebook Bletchley BMC Message-ID: References: <20231220080733.GA30641@wunner.de> <20231220170012.GA10387@wunner.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OQcMnazqIYJ69ZvE" Content-Disposition: inline In-Reply-To: <20231220170012.GA10387@wunner.de> --OQcMnazqIYJ69ZvE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable (cc'd TPM mailing list for awareness) On Wed, Dec 20, 2023 at 06:00:12PM +0100, Lukas Wunner wrote: > On Wed, Dec 20, 2023 at 06:38:59AM -0600, Patrick Williams wrote: > > On Dec 20, 2023, at 2:07AM, Lukas Wunner wrote: > > > On Tue, Dec 07, 2021 at 05:49:24PM +0800, Howard Chiu wrote: > > > > Initial introduction of Facebook Bletchley equipped with > > > > Aspeed 2600 BMC SoC. > > > [...] > > > > + tpmdev@0 { > > > > + compatible =3D "tcg,tpm_tis-spi"; > > >=20 > > > What's the chip used on this board? Going forward, the DT schema for= TPMs > > > requires the exact chip name in addition to the generic "tcg,tpm_tis-= spi". > >=20 > > Why is this a requirement? This assumes there is exactly one chip. > > TPMs are often placed on a pluggable module in which multiple vendors > > could be used. There is no way in the DTS to specify multiple compatible > > chips. >=20 > It seems to be a convention to provide the name of the chip that's > actually used, in addition to the generic compatible. My impression is that this is subsystem dependent. The MTD SPI-NOR subsystem, for example, does not want any compatible or additional devices added and instead `compatible =3D "jedic,spi-nor"` is all you need. The subsystem does the SFDP detection of the specific device (and parameters) [1]. > One advantage I see is that specific properties can be enforced per-chip. > E.g. Infineon SLB9670 TPMs support an SPI clock of up to 43 MHz, > whereas Atmel ATTPM20P support 36 MHz. The devicetree schema may > contain those maximum speeds and the validator can check whether > devicetrees observe them. Noble goal. For the Aspeed SOC that we use to interact with the TPM module, the hardware logic doesn't properly implement bi-directional access, so we end up using the SPI-GPIO driver and running at speeds far far below any device maximum (obviously this isn't everyone's problem). > Similarly, a device driver may use chip-specific quirks based on the > compatible string. IMO, if a chip requires quirks in order to function properly then it isn't compatible with "tcg,tpm_tis-spi" is it? Standards exist for a reason. If a chip can't follow them, don't claim it does. > Last not least, it is useful for documentation purposes to specify which > chip is used. >=20 > If chips are dual-sourced or triple-sourced, as you say, and they > behave identically, then I think it is fine to specify all of their > compatible strings plus the generic compatible. =20 This has explicitly been rejected before; having multiple incompatible chips listed in the same compatible. I've tried to search lore but I can't find a reference unfortunately. We've had similar scenarios with second-source scenarios and have been told to: change the DTS in u-boot, use user-space bind calls, or work with the DTS overlay project to get that working. Frankly, all of those options are a challenge for something fundamental like the TPM. Furthermore, what you're suggesting does not jive with what is in the devicetree binding documentation for tpm_tis-spi [2]: - compatible: should be **one** of the following (emphasis mine) > If they do not > behave identically, separate devicetrees should be used for each > board version with a different chip. I am not following how that would work in a reasonable way. As I said, these are pluggable modules and not simply second-source builds. There are a collection of modules that can all be plugged into the same header. They might not even be shipped with the device... You might want TPM modules provisioned under control of your own process, rather than the device manufacturer, and you plug them in prior to using the device. The only way I can conceive of doing this is to have a good chunk of u-boot code that detects which module is plugged in and manually modifies the compatible string in the DTS before loading the kernel. Of course, doing this changes your measurements and has to be done in the CRTM, both of which decrease your security posture. 1. https://lore.kernel.org/lkml/4817515e-2833-6d39-03c3-30470344ac3a@microc= hip.com/ 2. https://github.com/torvalds/linux/blob/c0f65a7c112b3cfa691cead54bcf24d6c= c2182b5/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt#L2 --=20 Patrick Williams --OQcMnazqIYJ69ZvE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEBGD9ii4LE9cNbqJBqwNHzC0AwRkFAmWGD9IACgkQqwNHzC0A wRmWYxAAlDTf5ibEEie/2tY+6Ye3F23Zs2JKQIBmmFJhOhVPx59wzNM4gZ4VESoX 93pM9mZ5zqK9isCRUTKARNL/KcB/A23Q6T/iXccbMW3DMo/xKtTMKN9oHh5fWqxh QWv1uNOGxYbuuIHlMjsvArdoA5sFxQpL0gJvg20nee6uhmtYxvQk4KPDOgMaF7zv ZUY42FAiAfu96VLC1okPmHJC45O59QMPbvTb1JjFxyijzwXyXWpPrOBywZozWqr+ BNlJuhPjHZ1GE0yylsGeCQyTLgVPoPxPRLtZgd2meWBgQO45pqxzmw12acQphjrc ua7mjfK0bCsphvQNJUR0Qy45zCJ3LQBB2MxSkkNN/mPPh0xce/C7uqX/vBCZ0wOf Uu9tg92VTDcPn1blCYb6vGdnaVwWodJ24XikdZ4n+KGIkaw7lbK2n7Ldpze9NaAq Xn4ZZHfWTKe1aHHBAW+17neq6+zaZdQYd4UUas96uAJJpD1ywnQQY1zWdgOqaKld HkfnbWCDaimZg5haf7U5+sD3DbS+HEMtvIzrYwzvy/H1lSq/0j/B1pB8aysILrXm zsS2jPZDs8+btNneH80zlZkkTEQmT5If2IOKxcGrDxRKz/z5w6CUKlgY+2j03yXv M+7UcXeKjx5fsy5s9rj36P3vrHL/R7DuKeNMRqaajkLkJB5wc9E= =BJb0 -----END PGP SIGNATURE----- --OQcMnazqIYJ69ZvE--