From: Jan Kiszka <jan.kiszka@siemens.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 06/12] virt-dt: Allow reservation of the secure region when it is in a RAM carveout.
Date: Mon, 16 Feb 2015 16:38:01 +0100 [thread overview]
Message-ID: <54E20ED9.4000708@siemens.com> (raw)
In-Reply-To: <20150216145643.GG8994@leverpostej>
On 2015-02-16 15:56, Mark Rutland wrote:
> On Mon, Feb 16, 2015 at 02:31:21PM +0000, Jan Kiszka wrote:
>> On 2015-02-16 15:25, Mark Rutland wrote:
>>> On Mon, Feb 16, 2015 at 01:51:37PM +0000, Jan Kiszka wrote:
>>>> On 2015-02-16 14:42, Mark Rutland wrote:
>>>>> On Mon, Feb 16, 2015 at 12:54:43PM +0000, Jan Kiszka wrote:
>>>>>> From: Ian Campbell <ijc@hellion.org.uk>
>>>>>>
>>>>>> In this case the secure code lives in RAM, and hence needs to be reserved, but
>>>>>> it has been relocated, so the reservation of __secure_start does not apply.
>>>>>>
>>>>>> Add support for setting CONFIG_ARMV7_SECURE_RESERVE_SIZE to reserve such a
>>>>>> region.
>>>>>>
>>>>>> This will be used in a subsequent patch for Jetson-TK1
>>>>>
>>>>> Using a memreserve and allowing the OS to map the memory but not poke it
>>>>> can be problematic due to the potential of mismatched attributes between
>>>>> the monitor and the OS.
>>>>
>>>> OK, here my knowledge is not yet sufficient to process this remark. What
>>>> kind of problems can arise from what kind of attribute mismatch? And why
>>>> should the OS be able to cause problems for the monitor?
>>>
>>> For example, consider the case of the region being mapped cacheable by
>>> the OS but not by the monitor. The monitor communicates between cores
>>> expecting to never hit in a cache (because it uses a non-cacheable
>>> mapping), but the mapping used by the OS can cause the region to be
>>> allocated into caches at any point in time even if it never accesses the
>>> region explicitly.
>>>
>>> The CPU _may_ hit in a cache even if making a non-cacheable access (this
>>> is called an "unexepcted data cache hit"), so the cache allocations
>>> caused by the OS can mask data other CPUs wrote straight to memory.
>>>
>>> Other than that case, I believe the rules given in the ARM ARM for
>>> mismatched memory attributes may apply for similar reasons. Thus
>>> allowing the OS to map this memory can cause a loss of coherency on the
>>> monitor side, if the OS and monitor map the region with different
>>> attributes.
>>>
>>> This is all IMPLEMENTATION DEFINED, so it may be that you're fine on the
>>> system you're dealing with. I don't immediately know whether that is the
>>> case, however. Never telling the OS about the memory in the first place
>>> avoids the possibility in all cases.
>>
>> But from a security point of view, it must not matter if the OS maps the
>> memory or not - the monitor must be robust against that, no? If the
>> architecture cannot provide such guarantees, it has to be worked around
>> in software in the monitor (I hope you can do so...).
>
> Well, yes and no.
>
> In this case it sounds like due to the security controller you should
> never encounter the mismatched attributes issue in the first place,
> though you may encounter issues w.r.t. speculative accesses triggering
> violations arbitrarily. Not telling the OS about the secure memory means
> that said violations shouldn't occur in normal operation; only when the
> non-secure OS is trying to do something bad.
>
> If the OS has access to the memory, then you're already trusting it to
> not write to there or you can't trust that memory at all (and hence
> cannot use it). Given that means you must already assume that the OS is
> cooperative, it's simpler to not tell it about the memory than to add
> cache maintenance around every memory access within the monitor. You can
> never make things secure in this case, but you can at least offer the
> abstraction provided by PSCI.
>
> So as far as I can see in either case it's better to not tell the OS
> about the memory you wish to use from the monitor. If you have no HW
> protection and can't trust the OS then you've already lost, and if you
> do have HW protection you don't want it to trigger
> continuously/spuriously as a result of speculation.
OK, that makes sense again.
Now I just need to figure out how to split/adjust the memory node
instead of adding a reservation region.
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2015-02-16 15:38 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-16 12:54 [U-Boot] [PATCH v2 00/12] Add PSCI support for Jetson TK1/Tegra124 + CNTFRQ fix Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 01/12] ARM: Factor out reusable psci_cpu_off_common Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 02/12] ARM: Factor out reusable psci_cpu_entry Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 03/12] ARM: Factor out reusable psci_get_cpu_stack_top Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 04/12] ARM: Put target PC for PSCI CPU_ON on per-CPU stack Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 05/12] tegra124: Add more registers to struct mc_ctlr Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 06/12] virt-dt: Allow reservation of the secure region when it is in a RAM carveout Jan Kiszka
2015-02-16 13:42 ` Mark Rutland
2015-02-16 13:51 ` Jan Kiszka
2015-02-16 14:25 ` Mark Rutland
2015-02-16 14:31 ` Jan Kiszka
2015-02-16 14:56 ` Mark Rutland
2015-02-16 15:38 ` Jan Kiszka [this message]
2015-02-17 8:09 ` Jan Kiszka
2015-02-17 10:46 ` Mark Rutland
2015-02-17 11:32 ` Jan Kiszka
2015-02-17 11:55 ` Mark Rutland
2015-02-19 8:28 ` Thierry Reding
2015-02-19 9:19 ` Ian Campbell
2015-02-19 9:25 ` Jan Kiszka
2015-02-19 10:13 ` Ian Campbell
2015-02-19 13:49 ` Mark Rutland
2015-02-19 10:22 ` Thierry Reding
2015-02-19 13:42 ` Mark Rutland
2015-02-19 10:34 ` Thierry Reding
2015-02-19 11:17 ` Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 07/12] tegra: Make tegra_powergate_power_on public Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 08/12] tegra: Add ap_pm_init hook Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 09/12] tegra124: Add PSCI support for Tegra124 Jan Kiszka
2015-02-17 21:03 ` Stephen Warren
2015-02-18 6:13 ` Jan Kiszka
2015-02-18 16:34 ` Stephen Warren
2015-02-19 9:14 ` Thierry Reding
2015-02-20 9:36 ` Jan Kiszka
2015-02-24 7:23 ` Jan Kiszka
2015-02-24 8:18 ` Thierry Reding
2015-02-24 8:23 ` Jan Kiszka
2015-02-19 8:57 ` Thierry Reding
2015-02-19 9:04 ` Thierry Reding
2015-02-16 12:54 ` [U-Boot] [PATCH v2 10/12] jetson-tk1: Add PSCI configuration options and reserve secure code Jan Kiszka
2015-02-17 21:05 ` Stephen Warren
2015-02-18 7:39 ` Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 11/12] tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0 Jan Kiszka
2015-02-16 13:49 ` Mark Rutland
2015-02-16 13:55 ` Jan Kiszka
2015-02-17 21:06 ` Stephen Warren
2015-02-18 7:24 ` Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 12/12] tegra: Set CNTFRQ for secondary CPUs Jan Kiszka
2015-02-16 13:37 ` Mark Rutland
2015-02-16 13:44 ` Jan Kiszka
2015-02-16 13:51 ` Mark Rutland
2015-02-16 14:02 ` Jan Kiszka
2015-02-17 7:01 ` Jan Kiszka
2015-02-17 10:21 ` Mark Rutland
2015-02-17 10:27 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54E20ED9.4000708@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox