From: Miquel Raynal <miquel.raynal@bootlin.com>
To: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: richard@nod.at, vigneshr@ti.com, robh+dt@kernel.org,
linux-arm-msm@vger.kernel.org, linux-mtd@lists.infradead.org,
devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
boris.brezillon@collabora.com, Daniele.Palmas@telit.com,
bjorn.andersson@linaro.org
Subject: Re: [PATCH v2 3/3] mtd: rawnand: qcom: Add support for secure regions in NAND memory
Date: Thu, 25 Feb 2021 08:47:02 +0100 [thread overview]
Message-ID: <20210225084702.2c753b99@xps13> (raw)
In-Reply-To: <20210225041129.58576-4-manivannan.sadhasivam@linaro.org>
Hi Manivannan,
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Thu,
25 Feb 2021 09:41:29 +0530:
> On a typical end product, a vendor may choose to secure some regions in
> the NAND memory which are supposed to stay intact between FW upgrades.
> The access to those regions will be blocked by a secure element like
> Trustzone. So the normal world software like Linux kernel should not
> touch these regions (including reading).
>
> The regions are declared using a NAND chip DT property,
> "nand-secure-regions". So let's make use of this property and skip
> access to the secure regions present in a system.
>
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---
[...]
> config_nand_page_write(nandc);
> @@ -2830,7 +2865,8 @@ static int qcom_nand_host_init_and_register(struct qcom_nand_controller *nandc,
> struct nand_chip *chip = &host->chip;
> struct mtd_info *mtd = nand_to_mtd(chip);
> struct device *dev = nandc->dev;
> - int ret;
> + struct property *prop;
> + int ret, length, nr_elem;
>
> ret = of_property_read_u32(dn, "reg", &host->cs);
> if (ret) {
> @@ -2886,6 +2922,24 @@ static int qcom_nand_host_init_and_register(struct qcom_nand_controller *nandc,
> }
> }
>
> + /*
> + * Look for secure regions in the NAND chip. These regions are supposed
> + * to be protected by a secure element like Trustzone. So the read/write
> + * accesses to these regions will be blocked in the runtime by this
> + * driver.
> + */
> + prop = of_find_property(dn, "nand-secure-regions", &length);
I'm not sure the nand- prefix on this property is needed here, but
whatever.
> + if (prop) {
> + nr_elem = length / sizeof(u32);
> + host->nr_sec_regions = nr_elem / 2;
> +
> + host->sec_regions = devm_kcalloc(dev, nr_elem, sizeof(u32), GFP_KERNEL);
> + if (!host->sec_regions)
> + return -ENOMEM;
> +
> + of_property_read_u32_array(dn, "nand-secure-regions", host->sec_regions, nr_elem);
> + }
> +
I would move this before nand_scan().
If you don't, you should bail out with a nand_cleanup() upon error.
> ret = mtd_device_parse_register(mtd, probes, NULL, NULL, 0);
> if (ret)
> nand_cleanup(chip);
Otherwise lgtm.
Thanks,
Miquèl
WARNING: multiple messages have this Message-ID (diff)
From: Miquel Raynal <miquel.raynal@bootlin.com>
To: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: devicetree@vger.kernel.org, vigneshr@ti.com, richard@nod.at,
linux-kernel@vger.kernel.org, boris.brezillon@collabora.com,
bjorn.andersson@linaro.org, robh+dt@kernel.org,
linux-mtd@lists.infradead.org, linux-arm-msm@vger.kernel.org,
Daniele.Palmas@telit.com
Subject: Re: [PATCH v2 3/3] mtd: rawnand: qcom: Add support for secure regions in NAND memory
Date: Thu, 25 Feb 2021 08:47:02 +0100 [thread overview]
Message-ID: <20210225084702.2c753b99@xps13> (raw)
In-Reply-To: <20210225041129.58576-4-manivannan.sadhasivam@linaro.org>
Hi Manivannan,
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Thu,
25 Feb 2021 09:41:29 +0530:
> On a typical end product, a vendor may choose to secure some regions in
> the NAND memory which are supposed to stay intact between FW upgrades.
> The access to those regions will be blocked by a secure element like
> Trustzone. So the normal world software like Linux kernel should not
> touch these regions (including reading).
>
> The regions are declared using a NAND chip DT property,
> "nand-secure-regions". So let's make use of this property and skip
> access to the secure regions present in a system.
>
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---
[...]
> config_nand_page_write(nandc);
> @@ -2830,7 +2865,8 @@ static int qcom_nand_host_init_and_register(struct qcom_nand_controller *nandc,
> struct nand_chip *chip = &host->chip;
> struct mtd_info *mtd = nand_to_mtd(chip);
> struct device *dev = nandc->dev;
> - int ret;
> + struct property *prop;
> + int ret, length, nr_elem;
>
> ret = of_property_read_u32(dn, "reg", &host->cs);
> if (ret) {
> @@ -2886,6 +2922,24 @@ static int qcom_nand_host_init_and_register(struct qcom_nand_controller *nandc,
> }
> }
>
> + /*
> + * Look for secure regions in the NAND chip. These regions are supposed
> + * to be protected by a secure element like Trustzone. So the read/write
> + * accesses to these regions will be blocked in the runtime by this
> + * driver.
> + */
> + prop = of_find_property(dn, "nand-secure-regions", &length);
I'm not sure the nand- prefix on this property is needed here, but
whatever.
> + if (prop) {
> + nr_elem = length / sizeof(u32);
> + host->nr_sec_regions = nr_elem / 2;
> +
> + host->sec_regions = devm_kcalloc(dev, nr_elem, sizeof(u32), GFP_KERNEL);
> + if (!host->sec_regions)
> + return -ENOMEM;
> +
> + of_property_read_u32_array(dn, "nand-secure-regions", host->sec_regions, nr_elem);
> + }
> +
I would move this before nand_scan().
If you don't, you should bail out with a nand_cleanup() upon error.
> ret = mtd_device_parse_register(mtd, probes, NULL, NULL, 0);
> if (ret)
> nand_cleanup(chip);
Otherwise lgtm.
Thanks,
Miquèl
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2021-02-25 7:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-25 4:11 [PATCH v2 0/3] Add support for secure regions in Qcom NANDc driver Manivannan Sadhasivam
2021-02-25 4:11 ` Manivannan Sadhasivam
2021-02-25 4:11 ` [PATCH v2 1/3] dt-bindings: mtd: Convert Qcom NANDc binding to YAML Manivannan Sadhasivam
2021-02-25 4:11 ` Manivannan Sadhasivam
2021-02-25 4:11 ` [PATCH v2 2/3] dt-bindings: mtd: Add a property to declare secure regions in NAND chips Manivannan Sadhasivam
2021-02-25 4:11 ` Manivannan Sadhasivam
2021-02-25 4:11 ` [PATCH v2 3/3] mtd: rawnand: qcom: Add support for secure regions in NAND memory Manivannan Sadhasivam
2021-02-25 4:11 ` Manivannan Sadhasivam
2021-02-25 7:47 ` Miquel Raynal [this message]
2021-02-25 7:47 ` Miquel Raynal
2021-02-25 13:19 ` Manivannan Sadhasivam
2021-02-25 13:19 ` Manivannan Sadhasivam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210225084702.2c753b99@xps13 \
--to=miquel.raynal@bootlin.com \
--cc=Daniele.Palmas@telit.com \
--cc=bjorn.andersson@linaro.org \
--cc=boris.brezillon@collabora.com \
--cc=devicetree@vger.kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=manivannan.sadhasivam@linaro.org \
--cc=richard@nod.at \
--cc=robh+dt@kernel.org \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.