Re: [PATCH v2 3/3] mtd: rawnand: qcom: Add support for secure regions in NAND memory

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Miquel Raynal <miquel.raynal@bootlin.com>
To: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: richard@nod.at, vigneshr@ti.com, robh+dt@kernel.org,
	linux-arm-msm@vger.kernel.org, linux-mtd@lists.infradead.org,
	devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
	boris.brezillon@collabora.com, Daniele.Palmas@telit.com,
	bjorn.andersson@linaro.org
Subject: Re: [PATCH v2 3/3] mtd: rawnand: qcom: Add support for secure regions in NAND memory
Date: Thu, 25 Feb 2021 08:47:02 +0100	[thread overview]
Message-ID: <20210225084702.2c753b99@xps13> (raw)
In-Reply-To: <20210225041129.58576-4-manivannan.sadhasivam@linaro.org>

Hi Manivannan,

Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Thu,
25 Feb 2021 09:41:29 +0530:

> On a typical end product, a vendor may choose to secure some regions in
> the NAND memory which are supposed to stay intact between FW upgrades.
> The access to those regions will be blocked by a secure element like
> Trustzone. So the normal world software like Linux kernel should not
> touch these regions (including reading).
> 
> The regions are declared using a NAND chip DT property,
> "nand-secure-regions". So let's make use of this property and skip
> access to the secure regions present in a system.
> 
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---

[...]

>  	config_nand_page_write(nandc);
> @@ -2830,7 +2865,8 @@ static int qcom_nand_host_init_and_register(struct qcom_nand_controller *nandc,
>  	struct nand_chip *chip = &host->chip;
>  	struct mtd_info *mtd = nand_to_mtd(chip);
>  	struct device *dev = nandc->dev;
> -	int ret;
> +	struct property *prop;
> +	int ret, length, nr_elem;
>  
>  	ret = of_property_read_u32(dn, "reg", &host->cs);
>  	if (ret) {
> @@ -2886,6 +2922,24 @@ static int qcom_nand_host_init_and_register(struct qcom_nand_controller *nandc,
>  		}
>  	}
>  
> +	/*
> +	 * Look for secure regions in the NAND chip. These regions are supposed
> +	 * to be protected by a secure element like Trustzone. So the read/write
> +	 * accesses to these regions will be blocked in the runtime by this
> +	 * driver.
> +	 */
> +	prop = of_find_property(dn, "nand-secure-regions", &length);

I'm not sure the nand- prefix on this property is needed here, but
whatever.

> +	if (prop) {
> +		nr_elem = length / sizeof(u32);
> +		host->nr_sec_regions = nr_elem / 2;
> +
> +		host->sec_regions = devm_kcalloc(dev, nr_elem, sizeof(u32), GFP_KERNEL);
> +		if (!host->sec_regions)
> +			return -ENOMEM;
> +
> +		of_property_read_u32_array(dn, "nand-secure-regions", host->sec_regions, nr_elem);
> +	}
> +

I would move this before nand_scan().

If you don't, you should bail out with a nand_cleanup() upon error.

>  	ret = mtd_device_parse_register(mtd, probes, NULL, NULL, 0);
>  	if (ret)
>  		nand_cleanup(chip);


Otherwise lgtm.

Thanks,
Miquèl

next prev parent reply	other threads:[~2021-02-25  7:48 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-25  4:11 [PATCH v2 0/3] Add support for secure regions in Qcom NANDc driver Manivannan Sadhasivam
2021-02-25  4:11 ` [PATCH v2 1/3] dt-bindings: mtd: Convert Qcom NANDc binding to YAML Manivannan Sadhasivam
2021-02-25  4:11 ` [PATCH v2 2/3] dt-bindings: mtd: Add a property to declare secure regions in NAND chips Manivannan Sadhasivam
2021-02-25  4:11 ` [PATCH v2 3/3] mtd: rawnand: qcom: Add support for secure regions in NAND memory Manivannan Sadhasivam
2021-02-25  7:47   ` Miquel Raynal [this message]
2021-02-25 13:19     ` Manivannan Sadhasivam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210225084702.2c753b99@xps13 \
    --to=miquel.raynal@bootlin.com \
    --cc=Daniele.Palmas@telit.com \
    --cc=bjorn.andersson@linaro.org \
    --cc=boris.brezillon@collabora.com \
    --cc=devicetree@vger.kernel.org \
    --cc=linux-arm-msm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=manivannan.sadhasivam@linaro.org \
    --cc=richard@nod.at \
    --cc=robh+dt@kernel.org \
    --cc=vigneshr@ti.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox