Re: [PATCH 3/3] crypto: inside-secure - add support for using the EIP197 without firmware images

[Antoine Tenart <antoine.tenart@bootlin.com>]

Hi Pascal,

On Thu, Jun 20, 2019 at 02:59:20PM +0000, Pascal Van Leeuwen wrote:
> > From: Antoine Tenart <antoine.tenart@bootlin.com>
> > On Wed, Jun 19, 2019 at 02:37:44PM +0000, Pascal Van Leeuwen wrote:
> > > > From: Antoine Tenart <antoine.tenart@bootlin.com>
> > > > On Tue, Jun 18, 2019 at 07:56:24AM +0200, Pascal van Leeuwen wrote:
> > >
> > > > In addition to this, the direction the kernel has taken was to *remove*
> > > > binary firmwares from its source code. I'm afraid adding this is a
> > > > no-go.
> > >
> > > For a HW engineer, there really is no fundamental difference between
> > > control register contents or an instruction word. They can both have
> > > the exact same effects internal to the HW.
> > > If I had disguised this as a handful of config reg writes writing
> > > some #define'd magic values, probably no one would have even noticed.
> > 
> > I do not fully agree. If this is comparable to configuring h/w
> > registers, then you could probably have defines explaining why each bit
> > is set and what it's doing. Which would be fine.
> > 
> Strictly speaking, we (and probably most other HW vendors as well) don't do 
> that for every register bit either, not even in the official Programmer Manual. 
> Some bits are just "you don't need to know, just write this" :-)

That's right... :-(

> > > By that same definition, the tokens the driver generates for
> > > processing could be considered "firmware" as well (as they are used by
> > > the hardware in a very similar way) ...
> > 
> > Right. The main difference here is we do have a clear definition of what
> > the tokens are doing. Thanks to your explanation, if this firmware is
> > really looking like the token we're using, the words have a defined
> > structure and the magic values could be generated with proper defines
> > and macros. And I think it's the main issue here: it's not acceptable to
> > have an array of magic values. If you can give a meaning to those bits,
> > I see no reason why it couldn't be added to the driver.
> > 
> > (And I'm all for what you're trying to achieve here :)).
> > 
> Now we're reaching a tricky subject. Because I think if some people here
> find out those token bits are explicitly documented in the driver, they
> will not be so happy ... (don't worry, I won't wake any sleeping dogs :-)
> We provide this information to our customers under NDA, but it's 
> obviously quite sensitive information as it reveals a lot about the
> inner workings of our HW design.
> 
> The encoding of the microengine control words is considered even
> more sensitive, so we don't even provide that under NDA.
> Adding that to the driver will probably get me in trouble.

I fully understand this. This is not perfect, but at least it's the way
it is right now.

> So maybe putting these images in /lib/firmware is unavoidable, but
> I'd really like to hear some more opinions on that subject.

Yes, you either have to choice to put it in /lib/firmware (and in the
linux-firmwares project!) or to convince people to allow releasing this.

We can wait for others to hop in on the discussion, of course.

Thanks!
Antoine

-- 
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com