Re: [PATCH v2 5/5] security: kernel_pinctrl: fixup pinctrl in kernel dts

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sascha Hauer <s.hauer@pengutronix.de>
To: Fabian Pflug <f.pflug@pengutronix.de>
Cc: BAREBOX <barebox@lists.infradead.org>
Subject: Re: [PATCH v2 5/5] security: kernel_pinctrl: fixup pinctrl in kernel dts
Date: Tue, 17 Mar 2026 11:07:36 +0100	[thread overview]
Message-ID: <abkn6JHOXG59eBOh@pengutronix.de> (raw)
In-Reply-To: <20260316-v2026-02-0-topic-sconfig_console-v2-5-1eee8c762beb@pengutronix.de>

On Mon, Mar 16, 2026 at 12:36:32PM +0100, Fabian Pflug wrote:
> Going through the kernel dts and replacing
> barebox,policy-<active_policy> with default in order to change pinctrl
> not only for barebox, but also for kernel when booting with security
> profiles.
> 
> Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
> ---
>  security/Makefile         |  1 +
>  security/kernel_pinctrl.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 59 insertions(+)
> 
> diff --git a/security/Makefile b/security/Makefile
> index 1096cbfb9b..2e8cdfe7c2 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -2,6 +2,7 @@
>  
>  obj-$(CONFIG_SECURITY_POLICY)		+= policy.o
>  obj-$(CONFIG_SECURITY_POLICY_NAMES)	+= sconfig_names.o
> +obj-$(CONFIG_SECURITY_POLICY_PINCTRL)	+= kernel_pinctrl.o
>  obj-$(CONFIG_CRYPTO_KEYSTORE)	+= keystore.o
>  obj-$(CONFIG_JWT)		+= jwt.o
>  obj-pbl-$(CONFIG_HAVE_OPTEE)	+= optee.o
> diff --git a/security/kernel_pinctrl.c b/security/kernel_pinctrl.c
> new file mode 100644
> index 0000000000..af65961bbc
> --- /dev/null
> +++ b/security/kernel_pinctrl.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +
> +#include <common.h>
> +#include <linux/printk.h>
> +#include <pinctrl.h>
> +#include <security/policy.h>
> +#include <security/config.h>
> +
> +#define NUM_NAMES	10
> +
> +
> +/**
> + * Replace 'default' with 'old_default' and 'barebox,policy-<active_policy>'
> + * with 'default', if both are found in pinctrl.
> + */
> +static void kernel_of_fixup_pinctrl(struct device_node *node, char *policy_name)
> +{
> +	const char *names[NUM_NAMES];
> +	int num_read, pos_default, pos_policy;

You could reduce the scope of these variables.

> +	struct device_node *next;
> +
> +	while (node) {

list_for_each_entry(np, &node->list, list)

Or move the of_tree_for_each_node_from macro to include/of.h

> +		num_read = of_property_read_string_array(node, "pinctrl-names", names, NUM_NAMES);
> +
> +		pos_default = -1;
> +		pos_policy = -1;
> +		for (int i = 0; i < num_read; i++) {
> +			if (strcmp(policy_name, names[i]) == 0)
> +				pos_policy = i;
> +			if (strcmp("default", names[i]) == 0)
> +				pos_default = i;
> +		}
> +		if (pos_default >= 0 && pos_policy >= 0) {
> +			names[pos_default] = "old_default";
> +			names[pos_policy] = "default";
> +			of_property_write_string_array(node, "pinctrl-names", names, num_read);
> +		}
> +
> +		next = list_first_entry(&node->list, struct device_node, list);
> +		node = next->parent ? next : NULL;
> +	}
> +}

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

     prev parent reply	other threads:[~2026-03-17 10:08 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-16 11:36 [PATCH v2 0/5] Add helper for security policies Fabian Pflug
2026-03-16 11:36 ` [PATCH v2 1/5] of: add of_property_write_string_array() Fabian Pflug
2026-03-16 11:36 ` [PATCH v2 2/5] common: bootm: add policy to commandline Fabian Pflug
2026-03-16 11:36 ` [PATCH v2 3/5] security: policy: set active policy on boot Fabian Pflug
2026-03-16 11:36 ` [PATCH v2 4/5] security: configure pinctrl based on policy name Fabian Pflug
2026-03-16 11:36 ` [PATCH v2 5/5] security: kernel_pinctrl: fixup pinctrl in kernel dts Fabian Pflug
2026-03-17 10:07   ` Sascha Hauer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=abkn6JHOXG59eBOh@pengutronix.de \
    --to=s.hauer@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    --cc=f.pflug@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.