From: swarren@wwwdotorg•org (Stephen Warren)
To: linux-arm-kernel@lists•infradead.org
Subject: [PATCH v3 1/5] ARM: add basic Trusted Foundations support
Date: Mon, 19 Aug 2013 09:56:46 -0600 [thread overview]
Message-ID: <5212403E.9070304@wwwdotorg.org> (raw)
In-Reply-To: <CAAVeFuJ9tgXRf+QZRK5K8O2X=mKxUZtFgTsB06r4huQrDwZx2A@mail.gmail.com>
On 08/18/2013 02:37 AM, Alexandre Courbot wrote:
> On Thu, Aug 15, 2013 at 6:35 AM, Stephen Warren <swarren@wwwdotorg•org> wrote:
>> On 08/12/2013 08:29 PM, Alexandre Courbot wrote:
>>> Trusted Foundations is a TrustZone-based secure monitor for ARM that
>>> can be invoked using a consistent smc-based API on all supported
>>> platforms. This patch adds initial basic support for Trusted
>>> Foundations using the ARM firmware API. Current features are limited
>>> to the ability to boot secondary processors.
>>
>>> diff --git a/Documentation/devicetree/bindings/arm/firmware/tl,trusted-foundations.txt b/Documentation/devicetree/bindings/arm/firmware/tl,trusted-foundations.txt
>>
>>> +Trusted Foundations
>>> +
>>> +Boards that use the Trusted Foundations secure monitor can signal its
>>> +presence by declaring a node compatible with "tl,trusted-foundations"
>>> +(the name and location of the node does not matter).
>>> +
>>> +Required properties:
>>> +- compatible : "tl,trusted-foundations"
>>
>>> +- version : Must contain the version number string of the Trusted Foundation
>>> + firmware.
>>
>> Can the version be queried at run-time from the firmware itself?
>
> I'm afraid there is not, unfortunately. :/
>
>> If not, I wonder if we shouldn't instead encode the version number into
>> the compatible value.
>
> Why? This would make the node harder to find and would also complicate
> the case where a given firmware handler can support a given range of
> versions (which is what I expect will happen).
I guess that would be painful. There are probably a lot more valid
version numbers for a SW firmware interface than there are for a HW IP
block interface, so it makes less sense to encoded the version into the
compatible value, at least in cases where the interface is "similar
enough"; we can add some kind of basic version number into the
compatible values for radically different interfaces if they appear in
the future.
>>> diff --git a/arch/arm/firmware/Kconfig b/arch/arm/firmware/Kconfig
>>
>>> +config ARCH_SUPPORTS_TRUSTED_FOUNDATIONS
>>> + bool
>>
>> Shouldn't that be "config ARCH_SUPPORTS_FIRMWARE", since presumably in
>> the future there will be more entries in the menu, and hence we want the
>> menu to appear if any of those entries are useful?
>
> The things is that because you support one firmware does not mean you
> will support then all. Only some set of architectures will support
> firmware X, and another set (maybe not inclusive) will support
> firmware Y. We do not want to allow selecting firmware Y if the kernel
> does not support any of the architectures that may make use of it.
>
>>> +
>>> +menu "Firmware options"
>>> + depends on ARCH_SUPPORTS_TRUSTED_FOUNDATIONS
>>
>> Or perhaps that comment is more appropriate for that "depends".
>
> Here the idea is to not show the "Firmware options" menu if the kernel
> does not include support for any architecture that uses them. As more
> firmwares get added, the depends line should expand into something
> like "depends on ARCH_SUPPORTS_FIRMWARE_X || ARCH_SUPPORTS_FIRMWARE_Y
> || ...
>
> Maybe there's a better way to express this?
Is there a need for a menu at all? I suppose it might group things
nicely. If so, how about:
config ARCH_SUPPORTS_FIRMWARE
bool
config ARCH_SUPPORTS_TRUSTED_FOUNDATIONS
bool
select ARCH_SUPPORTS_FIRMWARE
config ARCH_SUPPORTS_SOME_OTHER_FW
bool
select ARCH_SUPPORTS_FIRMWARE
menu "Firmware options"
depends on ARCH_SUPPORTS_FIRMWARE
That's probably slightly easier to read than a huge "depends" statement
in the menu stanza, and ARCH_SUPPORTS_FIRMWARE might be a useful to
build in support for any core firmware utility code.
next prev parent reply other threads:[~2013-08-19 15:56 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-13 2:29 [PATCH v3 0/5] ARM: tegra: support for Trusted Foundations Alexandre Courbot
2013-08-13 2:29 ` [PATCH v3 1/5] ARM: add basic Trusted Foundations support Alexandre Courbot
2013-08-14 21:35 ` Stephen Warren
2013-08-18 8:37 ` Alexandre Courbot
2013-08-19 15:56 ` Stephen Warren [this message]
2013-08-15 11:52 ` Dave Martin
2013-08-15 22:02 ` Stephen Warren
2013-08-16 13:23 ` Dave Martin
2013-08-18 8:38 ` Alexandre Courbot
2013-08-18 8:37 ` Alexandre Courbot
2013-08-13 2:29 ` [PATCH v3 2/5] ARM: tegra: add support for Trusted Foundations Alexandre Courbot
2013-08-14 21:38 ` Stephen Warren
2013-08-18 8:37 ` Alexandre Courbot
2013-08-13 2:29 ` [PATCH v3 3/5] ARM: tegra: split setting of CPU reset handler Alexandre Courbot
2013-08-13 2:29 ` [PATCH v3 4/5] ARM: tegra: set CPU reset handler with firmware op Alexandre Courbot
2013-08-14 21:40 ` Stephen Warren
2013-08-18 8:37 ` Alexandre Courbot
2013-08-13 2:29 ` [PATCH v3 5/5] ARM: tegra: support Trusted Foundations by default Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5212403E.9070304@wwwdotorg.org \
--to=swarren@wwwdotorg$(echo .)org \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox