RE: [EXT] Re: [PATCH v7 4/5] firmware: imx: add driver for NXP EdgeLock Enclave

From: Pankaj Gupta
Date: Tue Oct 01 2024 - 03:49:54 EST




-----Original Message-----
From: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
Sent: Thursday, September 26, 2024 3:22 PM
To: Pankaj Gupta <pankaj.gupta@xxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>; Rob Herring <robh@xxxxxxxxxx>;
Krzysztof Kozlowski <krzk+dt@xxxxxxxxxx>; Conor Dooley
<conor+dt@xxxxxxxxxx>; Shawn Guo <shawnguo@xxxxxxxxxx>; Pengutronix Kernel
Team <kernel@xxxxxxxxxxxxxx>; Fabio Estevam <festevam@xxxxxxxxx>; Rob
Herring <robh+dt@xxxxxxxxxx>; linux-doc@xxxxxxxxxxxxxxx;
linux-kernel@xxxxxxxxxxxxxxx; devicetree@xxxxxxxxxxxxxxx;
imx@xxxxxxxxxxxxxxx; linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [EXT] Re: [PATCH v7 4/5] firmware: imx: add driver for NXP
EdgeLock Enclave

Caution: This is an external email. Please take care when clicking links or
opening attachments. When in doubt, report the message using the 'Report
this email' button


Hi Pankaj,

On Wed, Sep 25, 2024 at 12:00:28PM +0000, Pankaj Gupta wrote:
> >> Yes.
> >
> > > Don't do this.
> >
> >> Shall the retry counter to be removed, to make it predictable?
> >>Or am I missing something.
>
>> >Either compile the firmware into the kernel or the ELE driver as module.
>>
>> Cannot compile as part of Firmware.
>> There are OTA scenarios where the latest FW, that is downloaded to
>> replace the image in RFS, and FW needs to be re-init with this new
>> image, by putting the Linux to power-down state.
>
>> ELE driver is compiled as module only, by default. But if someone like
>> to make it as in-line to kernel image, still it should work.

> I am also not very happy with the situation that we can't compile drivers
into the kernel and just get the firmware later once it is available.

Driver is enabling the ROM API supports at probe time.
And, once the rootfs is available, and the Firmware image is loaded, then it
will enable the complete set of FW API(s), along with ROM API(s).

Hence, Driver can be compiled into the kernel to enable ELE-ROM API(s).

> That's the situation we are in though and if you want to change it you
have to discuss this with the firmware maintainers.
> What you've done in the ELE driver is a hack and I doubt that you get this
through.

> Sascha

--
Pengutronix e.K. | |
Steuerwalder Str. 21 |
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pengutr
onix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C2c679c3e06944a72d2ea08dcd
e10ce6d%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638629410983747053%7CUn
known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
VCI6Mn0%3D%7C0%7C%7C%7C&sdata=BhPRKBRuzvObxm2IRCTRDdykEcDBViW4PND9mo%2FDEM4%
3D&reserved=0 |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

Attachment: smime.p7s
Description: S/MIME cryptographic signature