[PATCHv2] RTC/i.MX/DryICE: add recovery routines to the driver

From: Juergen Borleis
Date: Mon Apr 27 2015 - 10:00:55 EST

Next message: Juergen Borleis: "[PATCH 6/6] RTC/i.MX/DryIce: prepare to force a security violation"
Previous message: Juergen Borleis: "[PATCH 5/6] RTC/i.MX/DryIce: when locked, do not fail silently"
Next in thread: Juergen Borleis: "[PATCH 2/6] RTC/i.MX/DryIce: add some background info about the states the machine can be in"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The built-in RTC unit on some i.MX SoCs isn't an RTC only. It is also a tamper
monitor unit which can keep some (secret) keys. When it does its tamper
detection job and a security violation is detected, the whole DryICE unit
including the real-time counter locks completely. In this state the whole unit
is completely useless. The only way to bring it out of this locked state is a
power cylce with a POR (most of the case) or additionally a battery power
cycle which includes the loss of the secret keys.
At the next boot time some flags signals the security violation and a specific
register access sequence must be done to finaly bring this unit into life
again. Until this is done, there is no way to use it again as an RTC.

But also without any enabled tamper detection sometimes this unit tends to
lock. And in this case the same steps must be done to bring it into life
again.

The current implementation of the DryIce driver isn't able to unlock the
device successfully in the case it is locked somehow. Only a full power cycle
including *battery power* can help in this case.

The attached change set adds the required routines to be able to unlock the
DryIce unit in the case the driver detects a locked unit. This includes
unlocking it if it is locked by accident or malfunction and not by a real
security violation.

The last patch of this series is for reference only and should not be part
of the kernel. It just adds some code to force a locked DryIce unit to check
if the new routines are able to unlock it again. This code was required
because I had no hardware which really uses the tamper detection features of
this unit.

This is the 2nd version of the patch series. Hopefully I addressed all comments
from Alexandre.

In this version I added a new patch which replaces all __raw* register functions
as recommended by Alexandre.

Comments are welcome.

jbe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Juergen Borleis: "[PATCH 6/6] RTC/i.MX/DryIce: prepare to force a security violation"
Previous message: Juergen Borleis: "[PATCH 5/6] RTC/i.MX/DryIce: when locked, do not fail silently"
Next in thread: Juergen Borleis: "[PATCH 2/6] RTC/i.MX/DryIce: add some background info about the states the machine can be in"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]