| Message ID | 20210401151955.143817-1-manivannan.sadhasivam@linaro.org |
|---|---|
| Headers | show |
| Series | Add support for secure regions in NAND | expand |
On Thu, 1 Apr 2021 20:49:54 +0530 Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote: > @@ -565,6 +608,11 @@ static int nand_block_isreserved(struct mtd_info *mtd, loff_t ofs) > > if (!chip->bbt) > return 0; > + > + /* Check if the region is secured */ > + if (nand_region_is_secured(chip, ofs, 0)) > + return -EIO; That would is still wrong, you should never pass a 0 size to nand_region_is_secured().
On Thu, 1 Apr 2021 21:46:22 +0530 Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote: > On Thu, Apr 01, 2021 at 05:54:21PM +0200, Boris Brezillon wrote: > > On Thu, 1 Apr 2021 20:49:54 +0530 > > Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote: > > > > > @@ -565,6 +608,11 @@ static int nand_block_isreserved(struct mtd_info *mtd, loff_t ofs) > > > > > > if (!chip->bbt) > > > return 0; > > > + > > > + /* Check if the region is secured */ > > > + if (nand_region_is_secured(chip, ofs, 0)) > > > + return -EIO; > > > > That would is still wrong, you should never pass a 0 size to > > nand_region_is_secured(). > > > > Size doesn't matter here, that's why I passed 0. Maybe 1 would be > appropriate? You're checking if a block is reserved, so I think passing the eraseblock size would make more sense, but I actually don't understand why you need to check if the region is secure here (looks like nand_block_isreserved() does not access the flash).
On Fri, Apr 02, 2021 at 10:51:54AM +0200, Boris Brezillon wrote: > On Thu, 1 Apr 2021 21:46:22 +0530 > Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote: > > > On Thu, Apr 01, 2021 at 05:54:21PM +0200, Boris Brezillon wrote: > > > On Thu, 1 Apr 2021 20:49:54 +0530 > > > Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote: > > > > > > > @@ -565,6 +608,11 @@ static int nand_block_isreserved(struct mtd_info *mtd, loff_t ofs) > > > > > > > > if (!chip->bbt) > > > > return 0; > > > > + > > > > + /* Check if the region is secured */ > > > > + if (nand_region_is_secured(chip, ofs, 0)) > > > > + return -EIO; > > > > > > That would is still wrong, you should never pass a 0 size to > > > nand_region_is_secured(). > > > > > > > Size doesn't matter here, that's why I passed 0. Maybe 1 would be > > appropriate? > > You're checking if a block is reserved, so I think passing the > eraseblock size would make more sense, but I actually don't understand > why you need to check if the region is secure here (looks like > nand_block_isreserved() does not access the flash). > Ah yes indeed, brain fade... Thanks, Mani
On a typical end product, a vendor may choose to secure some regions in the NAND memory which are supposed to stay intact between FW upgrades. The access to those regions will be blocked by a secure element like Trustzone. So the normal world software like Linux kernel should not touch these regions (including reading). So this series adds a property for declaring such secure regions in DT so that the driver can skip touching them. While at it, the Qcom NANDc DT binding is also converted to YAML format. Thanks, Mani Changes in v10: * Added Rob's review tag for binding Changes in v9: Based on review comments from Miquel: * Fixed the secure-regions check * Renamed the function to nand_region_is_secured() and used bool return * Moved the parsing function to nand_scan() * Added a patch to fix nand_cleanup in qcom driver Changes in v8: * Reworked the secure region check logic based on input from Boris * Removed the check where unnecessary in rawnand core. Changes in v7: * Made "size" u64 and fixed a warning reported by Kernel test bot Changes in v6: * Made use of "size" of the regions for comparision * Used "secure" instead of "sec" * Fixed the sizeof parameter in of_get_nand_secure_regions() Changes in v5: * Switched to "uint64-matrix" as suggested by Rob * Moved the whole logic from qcom driver to nand core as suggested by Boris Changes in v4: * Used "uint32-matrix" instead of "uint32-array" as per Rob's review. * Collected Rob's review tag for binding conversion patch Changes in v3: * Removed the nand prefix from DT property and moved the property parsing logic before nand_scan() in driver. Changes in v2: * Moved the secure-regions property to generic NAND binding as a NAND chip property and renamed it as "nand-secure-regions". Manivannan Sadhasivam (4): dt-bindings: mtd: Convert Qcom NANDc binding to YAML dt-bindings: mtd: Add a property to declare secure regions in NAND chips mtd: rawnand: Add support for secure regions in NAND memory mtd: rawnand: qcom: Add missing nand_cleanup() in error path .../bindings/mtd/nand-controller.yaml | 7 + .../devicetree/bindings/mtd/qcom,nandc.yaml | 196 ++++++++++++++++++ .../devicetree/bindings/mtd/qcom_nandc.txt | 142 ------------- drivers/mtd/nand/raw/nand_base.c | 107 +++++++++- drivers/mtd/nand/raw/qcom_nandc.c | 1 + include/linux/mtd/rawnand.h | 14 ++ 6 files changed, 324 insertions(+), 143 deletions(-) create mode 100644 Documentation/devicetree/bindings/mtd/qcom,nandc.yaml delete mode 100644 Documentation/devicetree/bindings/mtd/qcom_nandc.txt