* [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 @ 2019-08-27 7:14 Elon Zhang 2019-08-27 14:28 ` Heiko Stuebner 0 siblings, 1 reply; 5+ messages in thread From: Elon Zhang @ 2019-08-27 7:14 UTC (permalink / raw) To: heiko, mark.rutland, robh+dt Cc: Elon Zhang, devicetree, linux-kernel, linux-arm-kernel, linux-rockchip Not every board needs to enable crypto node, so the node should be set default disabled in rk3288.dtsi and enabled in specific board dts file. Signed-off-by: Elon Zhang <zhangzj@rock-chips.com> --- arch/arm/boot/dts/rk3288.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi index cc893e154fe5..d509aa24177c 100644 --- a/arch/arm/boot/dts/rk3288.dtsi +++ b/arch/arm/boot/dts/rk3288.dtsi @@ -984,7 +984,7 @@ clock-names = "aclk", "hclk", "sclk", "apb_pclk"; resets = <&cru SRST_CRYPTO>; reset-names = "crypto-rst"; - status = "okay"; + status = "disabled"; }; iep_mmu: iommu@ff900800 { -- 2.17.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 2019-08-27 7:14 [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 Elon Zhang @ 2019-08-27 14:28 ` Heiko Stuebner 2019-08-29 11:31 ` Elon Zhang 0 siblings, 1 reply; 5+ messages in thread From: Heiko Stuebner @ 2019-08-27 14:28 UTC (permalink / raw) To: Elon Zhang Cc: mark.rutland, robh+dt, linux-arm-kernel, linux-kernel, devicetree, linux-rockchip Hi, Am Dienstag, 27. August 2019, 09:14:39 CEST schrieb Elon Zhang: > Not every board needs to enable crypto node, so the node should > be set default disabled in rk3288.dtsi and enabled in specific > board dts file. Can you give a bit more rationale here? There would need to be a very specific reason because of the following: The crypto module is not wired to some board-specific components, so its usability does not depend on the specific board at all. Instead every board can just use it out of the box and the devicetree is supposed to describe the hardware and is _not_ meant as a space for user configuration. So in fact the status property should probably go away completely from the crypto node, as it's usable out of the box in all cases. Heiko > Signed-off-by: Elon Zhang <zhangzj@rock-chips.com> > --- > arch/arm/boot/dts/rk3288.dtsi | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi > index cc893e154fe5..d509aa24177c 100644 > --- a/arch/arm/boot/dts/rk3288.dtsi > +++ b/arch/arm/boot/dts/rk3288.dtsi > @@ -984,7 +984,7 @@ > clock-names = "aclk", "hclk", "sclk", "apb_pclk"; > resets = <&cru SRST_CRYPTO>; > reset-names = "crypto-rst"; > - status = "okay"; > + status = "disabled"; > }; > > iep_mmu: iommu@ff900800 { > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 2019-08-27 14:28 ` Heiko Stuebner @ 2019-08-29 11:31 ` Elon Zhang 2019-08-31 23:04 ` Heiko Stuebner 0 siblings, 1 reply; 5+ messages in thread From: Elon Zhang @ 2019-08-29 11:31 UTC (permalink / raw) To: Heiko Stuebner Cc: mark.rutland, robh+dt, linux-arm-kernel, linux-kernel, devicetree, linux-rockchip Hi Heiko, On 8/27/2019 22:28, Heiko Stuebner wrote: > Hi, > > Am Dienstag, 27. August 2019, 09:14:39 CEST schrieb Elon Zhang: >> Not every board needs to enable crypto node, so the node should >> be set default disabled in rk3288.dtsi and enabled in specific >> board dts file. > Can you give a bit more rationale here? There would need to be a very > specific reason because of the following: > > The crypto module is not wired to some board-specific components, > so its usability does not depend on the specific board at all. > Instead every board can just use it out of the box and the devicetree > is supposed to describe the hardware and is _not_ meant as a space > for user configuration. Right for almost all normal hardware modules but the crypto module was designed for secure world. As a result, the crypto module will become inaccessible for linux kernel if secure world enable it. We plan to enable the crypto module in secure world so we should set crypto module default disabled in linux kernel. > > So in fact the status property should probably go away completely from > the crypto node, as it's usable out of the box in all cases. > > > Heiko > > > >> Signed-off-by: Elon Zhang <zhangzj@rock-chips.com> >> --- >> arch/arm/boot/dts/rk3288.dtsi | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi >> index cc893e154fe5..d509aa24177c 100644 >> --- a/arch/arm/boot/dts/rk3288.dtsi >> +++ b/arch/arm/boot/dts/rk3288.dtsi >> @@ -984,7 +984,7 @@ >> clock-names = "aclk", "hclk", "sclk", "apb_pclk"; >> resets = <&cru SRST_CRYPTO>; >> reset-names = "crypto-rst"; >> - status = "okay"; >> + status = "disabled"; >> }; >> >> iep_mmu: iommu@ff900800 { >> > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 2019-08-29 11:31 ` Elon Zhang @ 2019-08-31 23:04 ` Heiko Stuebner 2019-09-10 2:45 ` Elon Zhang 0 siblings, 1 reply; 5+ messages in thread From: Heiko Stuebner @ 2019-08-31 23:04 UTC (permalink / raw) To: Elon Zhang Cc: mark.rutland, robh+dt, linux-arm-kernel, linux-kernel, devicetree, linux-rockchip Hi Elon, Am Donnerstag, 29. August 2019, 13:31:00 CEST schrieb Elon Zhang: > On 8/27/2019 22:28, Heiko Stuebner wrote: > > Am Dienstag, 27. August 2019, 09:14:39 CEST schrieb Elon Zhang: > >> Not every board needs to enable crypto node, so the node should > >> be set default disabled in rk3288.dtsi and enabled in specific > >> board dts file. > > Can you give a bit more rationale here? There would need to be a very > > specific reason because of the following: > > > > The crypto module is not wired to some board-specific components, > > so its usability does not depend on the specific board at all. > > Instead every board can just use it out of the box and the devicetree > > is supposed to describe the hardware and is _not_ meant as a space > > for user configuration. > > Right for almost all normal hardware modules but the crypto module was > designed > > for secure world. As a result, the crypto module will become > inaccessible for linux kernel if secure world enable it. > > We plan to enable the crypto module in secure world so we should set > crypto module default disabled in linux kernel. ok ... I'm halfway convinced ;-) . The big thing I want to see is that secure setting in the actual firmware. Aka right now you probably have that in your Rockchip-specific ATF fork and I really want to see the relevant change for public uboot or ATF. I don't necessarily require it to be fully merged before taking this, but I really want to see the change either on a mailing list or atf gerrit instance [that makes the crypto engine secure only]. Rationale behind this is that we don't care very much about private stuff that the general ecosystem doesn't benefit from. Thanks Heiko > > So in fact the status property should probably go away completely from > > the crypto node, as it's usable out of the box in all cases. > > > > > > Heiko > > > > > > > >> Signed-off-by: Elon Zhang <zhangzj@rock-chips.com> > >> --- > >> arch/arm/boot/dts/rk3288.dtsi | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi > >> index cc893e154fe5..d509aa24177c 100644 > >> --- a/arch/arm/boot/dts/rk3288.dtsi > >> +++ b/arch/arm/boot/dts/rk3288.dtsi > >> @@ -984,7 +984,7 @@ > >> clock-names = "aclk", "hclk", "sclk", "apb_pclk"; > >> resets = <&cru SRST_CRYPTO>; > >> reset-names = "crypto-rst"; > >> - status = "okay"; > >> + status = "disabled"; > >> }; > >> > >> iep_mmu: iommu@ff900800 { > >> > > > > > > > > > > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 2019-08-31 23:04 ` Heiko Stuebner @ 2019-09-10 2:45 ` Elon Zhang 0 siblings, 0 replies; 5+ messages in thread From: Elon Zhang @ 2019-09-10 2:45 UTC (permalink / raw) To: Heiko Stuebner Cc: mark.rutland, robh+dt, linux-arm-kernel, linux-kernel, devicetree, linux-rockchip Hi Heiko, On 9/1/2019 07:04, Heiko Stuebner wrote: > Hi Elon, > > Am Donnerstag, 29. August 2019, 13:31:00 CEST schrieb Elon Zhang: >> On 8/27/2019 22:28, Heiko Stuebner wrote: >>> Am Dienstag, 27. August 2019, 09:14:39 CEST schrieb Elon Zhang: >>>> Not every board needs to enable crypto node, so the node should >>>> be set default disabled in rk3288.dtsi and enabled in specific >>>> board dts file. >>> Can you give a bit more rationale here? There would need to be a very >>> specific reason because of the following: >>> >>> The crypto module is not wired to some board-specific components, >>> so its usability does not depend on the specific board at all. >>> Instead every board can just use it out of the box and the devicetree >>> is supposed to describe the hardware and is _not_ meant as a space >>> for user configuration. >> Right for almost all normal hardware modules but the crypto module was >> designed >> >> for secure world. As a result, the crypto module will become >> inaccessible for linux kernel if secure world enable it. >> >> We plan to enable the crypto module in secure world so we should set >> crypto module default disabled in linux kernel. > ok ... I'm halfway convinced ;-) . > > The big thing I want to see is that secure setting in the actual firmware. > Aka right now you probably have that in your Rockchip-specific ATF fork > and I really want to see the relevant change for public uboot or ATF. > > I don't necessarily require it to be fully merged before taking this, but > I really want to see the change either on a mailing list or atf gerrit > instance [that makes the crypto engine secure only]. > > Rationale behind this is that we don't care very much about private stuff > that the general ecosystem doesn't benefit from. Now the crypto security property setting is done in the rockchip private code, which is not opensource. So if you don't care about private stuff and the change in private stuff will not affect the upstream kernel, the crypto can be enabled in upstream kernel? > > > Thanks > Heiko > > >>> So in fact the status property should probably go away completely from >>> the crypto node, as it's usable out of the box in all cases. >>> >>> >>> Heiko >>> >>> >>> >>>> Signed-off-by: Elon Zhang <zhangzj@rock-chips.com> >>>> --- >>>> arch/arm/boot/dts/rk3288.dtsi | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi >>>> index cc893e154fe5..d509aa24177c 100644 >>>> --- a/arch/arm/boot/dts/rk3288.dtsi >>>> +++ b/arch/arm/boot/dts/rk3288.dtsi >>>> @@ -984,7 +984,7 @@ >>>> clock-names = "aclk", "hclk", "sclk", "apb_pclk"; >>>> resets = <&cru SRST_CRYPTO>; >>>> reset-names = "crypto-rst"; >>>> - status = "okay"; >>>> + status = "disabled"; >>>> }; >>>> >>>> iep_mmu: iommu@ff900800 { >>>> >>> >>> >>> >>> >>> >> >> > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-09-10 2:45 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-08-27 7:14 [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288 Elon Zhang 2019-08-27 14:28 ` Heiko Stuebner 2019-08-29 11:31 ` Elon Zhang 2019-08-31 23:04 ` Heiko Stuebner 2019-09-10 2:45 ` Elon Zhang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox