Thread (5 messages) 5 messages, 2 authors, 2019-09-10

Re: [PATCH v1 1/1] ARM: dts: rockchip: set crypto default disabled on rk3288

From: Elon Zhang <hidden>
Date: 2019-09-10 02:45:27
Also in: linux-arm-kernel, linux-rockchip, lkml 

Hi Heiko,

On 9/1/2019 07:04, Heiko Stuebner wrote:
Hi Elon,

Am Donnerstag, 29. August 2019, 13:31:00 CEST schrieb Elon Zhang:
quoted
On 8/27/2019 22:28, Heiko Stuebner wrote:
quoted
Am Dienstag, 27. August 2019, 09:14:39 CEST schrieb Elon Zhang:
quoted
Not every board needs to enable crypto node, so the node should
be set default disabled in rk3288.dtsi and enabled in specific
board dts file.
Can you give a bit more rationale here? There would need to be a very
specific reason because of the following:

The crypto module is not wired to some board-specific components,
so its usability does not depend on the specific board at all.
Instead every board can just use it out of the box and the devicetree
is supposed to describe the hardware and is _not_ meant as a space
for user configuration.
Right for almost all normal hardware modules but the crypto module was
designed

for secure world. As a result,  the crypto module will become
inaccessible for linux kernel if secure world enable it.

We plan to enable the crypto module in secure world so we should set
crypto module default disabled in linux kernel.
ok ... I'm halfway convinced ;-) .

The big thing I want to see is that secure setting in the actual firmware.
Aka right now you probably have that in your Rockchip-specific ATF fork
and I really want to see the relevant change for public uboot or ATF.

I don't necessarily require it to be fully merged before taking this, but
I really want to see the change either on a mailing list or atf gerrit
instance [that makes the crypto engine secure only].

Rationale behind this is that we don't care very much about private stuff
that the general ecosystem doesn't benefit from.
Now the crypto security property setting is done in the rockchip private 
code, which is not

opensource. So  if you don't care about private stuff and the change in 
private stuff will not

affect the upstream kernel,  the crypto can be enabled in upstream kernel?


Thanks
Heiko
quoted
quoted
So in fact the status property should probably go away completely from
the crypto node, as it's usable out of the box in all cases.


Heiko
quoted
Signed-off-by: Elon Zhang <redacted>
---
   arch/arm/boot/dts/rk3288.dtsi | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi
index cc893e154fe5..d509aa24177c 100644
--- a/arch/arm/boot/dts/rk3288.dtsi
+++ b/arch/arm/boot/dts/rk3288.dtsi
@@ -984,7 +984,7 @@
   		clock-names = "aclk", "hclk", "sclk", "apb_pclk";
   		resets = <&cru SRST_CRYPTO>;
   		reset-names = "crypto-rst";
-		status = "okay";
+		status = "disabled";
   	};
   
   	iep_mmu: iommu@ff900800 {







  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help