Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode

From: Marek Vasut
Date: Thu Mar 11 2021 - 06:44:32 EST

Next message: Valdis Klētnieks: "Re: 'make O=' indigestion with module signing"
Previous message: Greg KH: "Re: [PATCH v2] configfs: Fix config_item refcnt error in __configfs_open_file()"
In reply to: Alex G.: "Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode"
Next in thread: Marek Vasut: "Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/11/21 9:08 AM, Alexandre TORGUE wrote:

Hi ALex

Hello everyone,

[...]

Subject: Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode

On 1/26/21 3:01 AM, gabriel.fernandez@xxxxxxxxxxx wrote:

From: Gabriel Fernandez <gabriel.fernandez@xxxxxxxxxxx>

Platform STM32MP1 can be used in configuration where some clocks and
IP resets can relate as secure resources.
These resources are moved from a RCC clock/reset handle to a SCMI
clock/reset_domain handle.

The RCC clock driver is now dependent of the SCMI driver, then we have
to manage now the probe defering.

v1 -> v2:
- fix yamllint warnings.

Hi Gabriel,

I don't have much clout with the maintainers, but I have to NAK this series
after finding major breakage.

The problem with series is that it breaks pretty much every board it touches.
I have a DK2 here that I'm using for development, which no longer boots with
this series applied.

The crux of the matter is that this series assumes all boards will boot with an
FSBL that implements a very specific SCMI clock tree. This is major ABI
breakage for anyone not using TF-A as the first stage bootloader. Anyone
using u-boot SPL is screwed.

This series imposes a SOC-wide change via the dtsi files. So even boards that
you don't intend to convert to SCMI will get broken this way.
Adding a -no-scmi file that isn't used anywhere doesn't help things.

You are right. We mainly take care about NO ST (DH/...) boards, but not really about current usage
Of our stm32 boards. Several options exist:

Since a lot of people benefit from the good upstream support for the MP1 _and_ keep updating their machines to get the latest fixes, it is very important to keep the current usage working.

1- Break the current ABI: as soon as those patches are merged, stm32mp157c-dk2.dtb will impose to use
A tf-a for scmi clocks. For people using u-boot spl, the will have to create their own "no-secure" devicetree.

NAK, this breaks existing boards and existing setups, e.g. DK2 that does not use ATF.

2-As you suggest, create a new "secure" dtb per boards (Not my wish for maintenance perspectives).

I agree with Alex (G) that the "secure" option should be opt-in.
That way existing setups remain working and no extra requirements are imposed on MP1 users. Esp. since as far as I understand this, the "secure" part isn't really about security, but rather about moving clock configuration from Linux to some firmware blob.

3- Keep kernel device tree as they are and applied this secure layer (scmi clocks phandle) thanks to dtbo in
U-boot.

Is this really better than
#include "stm32mp15xx-enable-secure-stuff.dtsi"
in a board DT ? Because that is how I imagine the opt-in "secure" option could work.

The third could be the less costly.

[...]

Next message: Valdis Klētnieks: "Re: 'make O=' indigestion with module signing"
Previous message: Greg KH: "Re: [PATCH v2] configfs: Fix config_item refcnt error in __configfs_open_file()"
In reply to: Alex G.: "Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode"
Next in thread: Marek Vasut: "Re: [PATCH v2 00/14] Introduce STM32MP1 RCC in secured mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]