[2/3] dt-bindings: mtd: Add a property to declare secure regions in Qcom NANDc

On a typical end product, a vendor may choose to secure some regions in
the NAND memory which are supposed to stay intact between FW upgrades.
The access to those regions will be blocked by a secure element like
Trustzone. So the normal world software like Linux kernel should not
touch these regions (including reading).

So let's add a property for declaring such secure regions so that the
driver can skip touching them.

Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

Hi Manivannan,

Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Mon,
22 Feb 2021 17:32:58 +0530:

> On a typical end product, a vendor may choose to secure some regions in
> the NAND memory which are supposed to stay intact between FW upgrades.
> The access to those regions will be blocked by a secure element like
> Trustzone. So the normal world software like Linux kernel should not
> touch these regions (including reading).
> 
> So let's add a property for declaring such secure regions so that the
> driver can skip touching them.
> 
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---
>  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> index 84ad7ff30121..7500e20da9c1 100644
> --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> @@ -48,6 +48,13 @@ patternProperties:
>          enum:
>            - 512
>  
> +      qcom,secure-regions:
> +        $ref: /schemas/types.yaml#/definitions/uint32-array
> +        description:
> +          Regions in the NAND memory which are protected using a secure element
> +          like Trustzone. This property contains the start address and size of
> +          the secure regions present (optional).

What does this "(optional)" means? If you mean the property is optional
then it should be described accordingly in the yaml file, or am I
missing something?

I wonder if it wouldn't be better to make this a NAND chip node
property. I don't think a qcom prefix is needed as potentially many
other SoCs might have the same "feature".

I'm fine adding support for it in the qcom driver only though.

> +
>  allOf:
>    - $ref: "nand-controller.yaml#"
>  

Thanks,
Miquèl

Hi Miquel,

On Tue, Feb 23, 2021 at 05:49:22PM +0100, Miquel Raynal wrote:
> Hi Manivannan,
> 
> Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Mon,
> 22 Feb 2021 17:32:58 +0530:
> 
> > On a typical end product, a vendor may choose to secure some regions in
> > the NAND memory which are supposed to stay intact between FW upgrades.
> > The access to those regions will be blocked by a secure element like
> > Trustzone. So the normal world software like Linux kernel should not
> > touch these regions (including reading).
> > 
> > So let's add a property for declaring such secure regions so that the
> > driver can skip touching them.
> > 
> > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> > ---
> >  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > index 84ad7ff30121..7500e20da9c1 100644
> > --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > @@ -48,6 +48,13 @@ patternProperties:
> >          enum:
> >            - 512
> >  
> > +      qcom,secure-regions:
> > +        $ref: /schemas/types.yaml#/definitions/uint32-array
> > +        description:
> > +          Regions in the NAND memory which are protected using a secure element
> > +          like Trustzone. This property contains the start address and size of
> > +          the secure regions present (optional).
> 
> What does this "(optional)" means? If you mean the property is optional
> then it should be described accordingly in the yaml file, or am I
> missing something?
> 

IIUC, if a property is not listed under "required" section then it is
optional. But I've added the quote here to just make it explicit.

> I wonder if it wouldn't be better to make this a NAND chip node
> property. I don't think a qcom prefix is needed as potentially many
> other SoCs might have the same "feature".
> 
> I'm fine adding support for it in the qcom driver only though.
> 

Hmm, sounds good to me.

Thanks,
Mani

> > +
> >  allOf:
> >    - $ref: "nand-controller.yaml#"
> >  
> 
> Thanks,
> Miquèl

Hi Manivannan,

Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Tue,
23 Feb 2021 23:15:46 +0530:

> Hi Miquel,
> 
> On Tue, Feb 23, 2021 at 05:49:22PM +0100, Miquel Raynal wrote:
> > Hi Manivannan,
> > 
> > Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> wrote on Mon,
> > 22 Feb 2021 17:32:58 +0530:
> >   
> > > On a typical end product, a vendor may choose to secure some regions in
> > > the NAND memory which are supposed to stay intact between FW upgrades.
> > > The access to those regions will be blocked by a secure element like
> > > Trustzone. So the normal world software like Linux kernel should not
> > > touch these regions (including reading).
> > > 
> > > So let's add a property for declaring such secure regions so that the
> > > driver can skip touching them.
> > > 
> > > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> > > ---
> > >  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
> > >  1 file changed, 7 insertions(+)
> > > 
> > > diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > index 84ad7ff30121..7500e20da9c1 100644
> > > --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > @@ -48,6 +48,13 @@ patternProperties:
> > >          enum:
> > >            - 512
> > >  
> > > +      qcom,secure-regions:
> > > +        $ref: /schemas/types.yaml#/definitions/uint32-array
> > > +        description:
> > > +          Regions in the NAND memory which are protected using a secure element
> > > +          like Trustzone. This property contains the start address and size of
> > > +          the secure regions present (optional).  
> > 
> > What does this "(optional)" means? If you mean the property is optional
> > then it should be described accordingly in the yaml file, or am I
> > missing something?
> >   
> 
> IIUC, if a property is not listed under "required" section then it is
> optional. But I've added the quote here to just make it explicit.

Absolutely, I was just wondering why you mentioned it here. I don't
think it's useful, you can drop it.

> 
> > I wonder if it wouldn't be better to make this a NAND chip node
> > property. I don't think a qcom prefix is needed as potentially many
> > other SoCs might have the same "feature".
> > 
> > I'm fine adding support for it in the qcom driver only though.
> >   
> 
> Hmm, sounds good to me.
> 
> Thanks,
> Mani
> 
> > > +
> > >  allOf:
> > >    - $ref: "nand-controller.yaml#"
> > >    
> > 
> > Thanks,
> > Miquèl  


Thanks,
Miquèl

On Mon, Feb 22, 2021 at 05:32:58PM +0530, Manivannan Sadhasivam wrote:
> On a typical end product, a vendor may choose to secure some regions in
> the NAND memory which are supposed to stay intact between FW upgrades.
> The access to those regions will be blocked by a secure element like
> Trustzone. So the normal world software like Linux kernel should not
> touch these regions (including reading).
> 
> So let's add a property for declaring such secure regions so that the
> driver can skip touching them.
> 
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---
>  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> index 84ad7ff30121..7500e20da9c1 100644
> --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> @@ -48,6 +48,13 @@ patternProperties:
>          enum:
>            - 512
>  
> +      qcom,secure-regions:
> +        $ref: /schemas/types.yaml#/definitions/uint32-array

Don't you need 64-bit regions potentially? Though 4GB should be enough 
for anyone.

If more than one addr+size, then you need a matrix.

> +        description:
> +          Regions in the NAND memory which are protected using a secure element
> +          like Trustzone. This property contains the start address and size of
> +          the secure regions present (optional).
> +
>  allOf:
>    - $ref: "nand-controller.yaml#"
>  
> -- 
> 2.25.1
>

On Fri, Mar 05, 2021 at 05:36:57PM -0600, Rob Herring wrote:
> On Mon, Feb 22, 2021 at 05:32:58PM +0530, Manivannan Sadhasivam wrote:
> > On a typical end product, a vendor may choose to secure some regions in
> > the NAND memory which are supposed to stay intact between FW upgrades.
> > The access to those regions will be blocked by a secure element like
> > Trustzone. So the normal world software like Linux kernel should not
> > touch these regions (including reading).
> > 
> > So let's add a property for declaring such secure regions so that the
> > driver can skip touching them.
> > 
> > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> > ---
> >  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > index 84ad7ff30121..7500e20da9c1 100644
> > --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > @@ -48,6 +48,13 @@ patternProperties:
> >          enum:
> >            - 512
> >  
> > +      qcom,secure-regions:
> > +        $ref: /schemas/types.yaml#/definitions/uint32-array
> 
> Don't you need 64-bit regions potentially? Though 4GB should be enough 
> for anyone.
> 

Yes, given the size of current NAND based systems around, I thought 32 bit is
enough.

> If more than one addr+size, then you need a matrix.
> 

Okay.

Thanks,
Mani

> > +        description:
> > +          Regions in the NAND memory which are protected using a secure element
> > +          like Trustzone. This property contains the start address and size of
> > +          the secure regions present (optional).
> > +
> >  allOf:
> >    - $ref: "nand-controller.yaml#"
> >  
> > -- 
> > 2.25.1
> >

On Sun, Mar 7, 2021 at 10:31 PM Manivannan Sadhasivam
<manivannan.sadhasivam@linaro.org> wrote:
>
> On Fri, Mar 05, 2021 at 05:36:57PM -0600, Rob Herring wrote:
> > On Mon, Feb 22, 2021 at 05:32:58PM +0530, Manivannan Sadhasivam wrote:
> > > On a typical end product, a vendor may choose to secure some regions in
> > > the NAND memory which are supposed to stay intact between FW upgrades.
> > > The access to those regions will be blocked by a secure element like
> > > Trustzone. So the normal world software like Linux kernel should not
> > > touch these regions (including reading).
> > >
> > > So let's add a property for declaring such secure regions so that the
> > > driver can skip touching them.
> > >
> > > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> > > ---
> > >  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
> > >  1 file changed, 7 insertions(+)
> > >
> > > diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > index 84ad7ff30121..7500e20da9c1 100644
> > > --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > @@ -48,6 +48,13 @@ patternProperties:
> > >          enum:
> > >            - 512
> > >
> > > +      qcom,secure-regions:
> > > +        $ref: /schemas/types.yaml#/definitions/uint32-array
> >
> > Don't you need 64-bit regions potentially? Though 4GB should be enough
> > for anyone.
> >
>
> Yes, given the size of current NAND based systems around, I thought 32 bit is
> enough.

Huh!? I was joking. 4GB is small nowadays. Make this 64-bit.

Rob

On Tue, Mar 09, 2021 at 07:32:28PM -0700, Rob Herring wrote:
> On Sun, Mar 7, 2021 at 10:31 PM Manivannan Sadhasivam
> <manivannan.sadhasivam@linaro.org> wrote:
> >
> > On Fri, Mar 05, 2021 at 05:36:57PM -0600, Rob Herring wrote:
> > > On Mon, Feb 22, 2021 at 05:32:58PM +0530, Manivannan Sadhasivam wrote:
> > > > On a typical end product, a vendor may choose to secure some regions in
> > > > the NAND memory which are supposed to stay intact between FW upgrades.
> > > > The access to those regions will be blocked by a secure element like
> > > > Trustzone. So the normal world software like Linux kernel should not
> > > > touch these regions (including reading).
> > > >
> > > > So let's add a property for declaring such secure regions so that the
> > > > driver can skip touching them.
> > > >
> > > > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> > > > ---
> > > >  Documentation/devicetree/bindings/mtd/qcom,nandc.yaml | 7 +++++++
> > > >  1 file changed, 7 insertions(+)
> > > >
> > > > diff --git a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > > index 84ad7ff30121..7500e20da9c1 100644
> > > > --- a/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > > +++ b/Documentation/devicetree/bindings/mtd/qcom,nandc.yaml
> > > > @@ -48,6 +48,13 @@ patternProperties:
> > > >          enum:
> > > >            - 512
> > > >
> > > > +      qcom,secure-regions:
> > > > +        $ref: /schemas/types.yaml#/definitions/uint32-array
> > >
> > > Don't you need 64-bit regions potentially? Though 4GB should be enough
> > > for anyone.
> > >
> >
> > Yes, given the size of current NAND based systems around, I thought 32 bit is
> > enough.
> 
> Huh!? I was joking. 4GB is small nowadays. Make this 64-bit.
> 

Well I was speaking in the context of Qcom chipsets making use of NAND. Mostly
the Qcom modem chipsets have <4GB of memory. But since this property is now not
specific to Qcom, I agree with you and will make it 64 bit.

Thanks,
Mani

> Rob