| Message ID | 20211213195833.772892-2-dbrazdil@google.com |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
| Series | Driver for Open Profile for DICE | expand |
| Context | Check | Description |
|---|---|---|
| robh/checkpatch | success | |
| robh/dtbs-check | success | |
| robh/dt-meta-schema | success |
On Mon, Dec 13, 2021 at 07:58:32PM +0000, David Brazdil wrote: > Add DeviceTree bindings for Open Profile for DICE, an open protocol for > measured boot. Firmware uses DICE to measure the hardware/software > combination and generates Compound Device Identifier (CDI) certificates. > These are stored in memory and the buffer is described in the DT as > a reserved memory region referenced by a compatible device node. > > Signed-off-by: David Brazdil <dbrazdil@google.com> > --- > .../bindings/firmware/google,open-dice.yaml | 51 +++++++++++++++++++ > 1 file changed, 51 insertions(+) > create mode 100644 Documentation/devicetree/bindings/firmware/google,open-dice.yaml > > diff --git a/Documentation/devicetree/bindings/firmware/google,open-dice.yaml b/Documentation/devicetree/bindings/firmware/google,open-dice.yaml > new file mode 100644 > index 000000000000..1aa69f381b8c > --- /dev/null > +++ b/Documentation/devicetree/bindings/firmware/google,open-dice.yaml > @@ -0,0 +1,51 @@ > +# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause > +%YAML 1.2 > +--- > +$id: http://devicetree.org/schemas/firmware/google,open-dice.yaml# > +$schema: http://devicetree.org/meta-schemas/core.yaml# > + > +title: Open Profile for DICE Device Tree Bindings > + > +description: | > + This binding represents a reserved memory region containing data > + generated by the Open Profile for DICE protocol. > + > + See https://pigweed.googlesource.com/open-dice/ > + > +maintainers: > + - David Brazdil <dbrazdil@google.com> > + > +properties: > + compatible: > + enum: > + - google,open-dice > + > + memory-region: > + maxItems: 1 > + description: | > + phandle to the reserved memory node to be associated with the device > + The reserved memory node should be defined as per the bindings, > + Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml > + > +required: > + - compatible > + - memory-region > + > +additionalProperties: false > + > +examples: > + - | > + reserved-memory { > + #address-cells = <2>; > + #size-cells = <1>; > + > + dice_reserved: dice@12340000 { > + reg = <0x00 0x12340000 0x2000>; > + no-map; > + }; > + }; > + > + dice { > + compatible = "google,open-dice"; > + memory-region = <&dice_reserved>; There's no need for this indirection. Just add the compatible to the dice@12340000 node. You can bind drivers to /reserved-memory nodes. Rob
Hi Rob, > > + dice_reserved: dice@12340000 { > > + reg = <0x00 0x12340000 0x2000>; > > + no-map; > > + }; > > + }; > > + > > + dice { > > + compatible = "google,open-dice"; > > + memory-region = <&dice_reserved>; > > There's no need for this indirection. Just add the compatible to the > dice@12340000 node. You can bind drivers to /reserved-memory nodes. I have not found a way to make that work for kernel modules. Built-in drivers can bind with RESERVEDMEM_OF_DECLARE, which puts an entry in __reservedmem_of_table and __reserved_mem_init_node() iterates find it there. A good case study might be CONFIG_TEGRA210_EMC, where the driver itself can be a module but the rmem parsing is always built-in under CONFIG_TEGRA210_EMC_TABLE. I don't think that's worth the trouble with this driver. David
On Wed, Dec 15, 2021 at 3:08 PM David Brazdil <dbrazdil@google.com> wrote: > > Hi Rob, > > > > + dice_reserved: dice@12340000 { > > > + reg = <0x00 0x12340000 0x2000>; > > > + no-map; > > > + }; > > > + }; > > > + > > > + dice { > > > + compatible = "google,open-dice"; > > > + memory-region = <&dice_reserved>; > > > > There's no need for this indirection. Just add the compatible to the > > dice@12340000 node. You can bind drivers to /reserved-memory nodes. > > I have not found a way to make that work for kernel modules. Built-in > drivers can bind with RESERVEDMEM_OF_DECLARE, which puts an entry in > __reservedmem_of_table and __reserved_mem_init_node() iterates find it > there. A good case study might be CONFIG_TEGRA210_EMC, where the driver > itself can be a module but the rmem parsing is always built-in under > CONFIG_TEGRA210_EMC_TABLE. I don't think that's worth the trouble with > this driver. I forgot you have to add the compatible to reserved_mem_matches in drivers/of/platform.c. Rob
On Thu, Dec 16, 2021 at 09:21:00AM -0600, Rob Herring wrote: > On Wed, Dec 15, 2021 at 3:08 PM David Brazdil <dbrazdil@google.com> wrote: > > > > Hi Rob, > > > > > > + dice_reserved: dice@12340000 { > > > > + reg = <0x00 0x12340000 0x2000>; > > > > + no-map; > > > > + }; > > > > + }; > > > > + > > > > + dice { > > > > + compatible = "google,open-dice"; > > > > + memory-region = <&dice_reserved>; > > > > > > There's no need for this indirection. Just add the compatible to the > > > dice@12340000 node. You can bind drivers to /reserved-memory nodes. > > > > I have not found a way to make that work for kernel modules. Built-in > > drivers can bind with RESERVEDMEM_OF_DECLARE, which puts an entry in > > __reservedmem_of_table and __reserved_mem_init_node() iterates find it > > there. A good case study might be CONFIG_TEGRA210_EMC, where the driver > > itself can be a module but the rmem parsing is always built-in under > > CONFIG_TEGRA210_EMC_TABLE. I don't think that's worth the trouble with > > this driver. > > I forgot you have to add the compatible to reserved_mem_matches in > drivers/of/platform.c. Oh nice! Exactly what I was looking for, thanks. I'll respin shortly. David
diff --git a/Documentation/devicetree/bindings/firmware/google,open-dice.yaml b/Documentation/devicetree/bindings/firmware/google,open-dice.yaml new file mode 100644 index 000000000000..1aa69f381b8c --- /dev/null +++ b/Documentation/devicetree/bindings/firmware/google,open-dice.yaml @@ -0,0 +1,51 @@ +# SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/firmware/google,open-dice.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: Open Profile for DICE Device Tree Bindings + +description: | + This binding represents a reserved memory region containing data + generated by the Open Profile for DICE protocol. + + See https://pigweed.googlesource.com/open-dice/ + +maintainers: + - David Brazdil <dbrazdil@google.com> + +properties: + compatible: + enum: + - google,open-dice + + memory-region: + maxItems: 1 + description: | + phandle to the reserved memory node to be associated with the device + The reserved memory node should be defined as per the bindings, + Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml + +required: + - compatible + - memory-region + +additionalProperties: false + +examples: + - | + reserved-memory { + #address-cells = <2>; + #size-cells = <1>; + + dice_reserved: dice@12340000 { + reg = <0x00 0x12340000 0x2000>; + no-map; + }; + }; + + dice { + compatible = "google,open-dice"; + memory-region = <&dice_reserved>; + };
Add DeviceTree bindings for Open Profile for DICE, an open protocol for measured boot. Firmware uses DICE to measure the hardware/software combination and generates Compound Device Identifier (CDI) certificates. These are stored in memory and the buffer is described in the DT as a reserved memory region referenced by a compatible device node. Signed-off-by: David Brazdil <dbrazdil@google.com> --- .../bindings/firmware/google,open-dice.yaml | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/google,open-dice.yaml