[v3,1/4] dt-bindings: firmware: qcom,scm: support indicating SDI default state

IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
means that WDT being asserted or just trying to reboot will hang the board
in the debug mode and only pulling the power and repowering will help.
Some IPQ4019 boards like Google WiFI have it enabled as well.

So, lets add a boolean property to indicate that SDI is enabled by default
and thus needs to be disabled by the kernel.

Signed-off-by: Robert Marko <robimarko@gmail.com>
---
Changes in v3:
* Change the property so it indicates that SDI has been enabled by default
---
 Documentation/devicetree/bindings/firmware/qcom,scm.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

On Aug 16 2023 18:45, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> Luckily, SDI can be disabled via an SCM call.
> 
> So, lets use the boolean DT property to identify boards that have SDI
> enabled by default and use the SCM call to disable SDI during SCM probe.
> It is important to disable it as soon as possible as we might have a WDT
> assertion at any time which would then leave the board in debug mode,
> thus disabling it during SCM removal is not enough.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>

Reviewed-by: Guru Das Srinagesh <quic_gurus@quicinc.com>

On 16.08.2023 18:45, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> Luckily, SDI can be disabled via an SCM call.
> 
> So, lets use the boolean DT property to identify boards that have SDI
> enabled by default and use the SCM call to disable SDI during SCM probe.
> It is important to disable it as soon as possible as we might have a WDT
> assertion at any time which would then leave the board in debug mode,
> thus disabling it during SCM removal is not enough.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>
> ---
[...]


> +	/*
> +	 * Disable SDI if indicated by DT that it is enabled by default.
> +	 */
> +	if (of_property_read_bool(pdev->dev.of_node, "qcom,sdi-enabled"))
> +		qcom_scm_disable_sdi();
Should we care about the return value?

Konrad

On Wed, Aug 16, 2023 at 06:45:38PM +0200, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> So, lets add a boolean property to indicate that SDI is enabled by default
> and thus needs to be disabled by the kernel.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>

The series looks good to me. Thanks for doing this!

Reviewed-by: Brian Norris <computersforpeace@gmail.com>

On 16/08/2023 18:45, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> So, lets add a boolean property to indicate that SDI is enabled by default
> and thus needs to be disabled by the kernel.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>

Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>

Best regards,
Krzysztof

On Wed, 16 Aug 2023 at 19:33, Konrad Dybcio <konrad.dybcio@linaro.org> wrote:
>
> On 16.08.2023 18:45, Robert Marko wrote:
> > IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> > means that WDT being asserted or just trying to reboot will hang the board
> > in the debug mode and only pulling the power and repowering will help.
> > Some IPQ4019 boards like Google WiFI have it enabled as well.
> >
> > Luckily, SDI can be disabled via an SCM call.
> >
> > So, lets use the boolean DT property to identify boards that have SDI
> > enabled by default and use the SCM call to disable SDI during SCM probe.
> > It is important to disable it as soon as possible as we might have a WDT
> > assertion at any time which would then leave the board in debug mode,
> > thus disabling it during SCM removal is not enough.
> >
> > Signed-off-by: Robert Marko <robimarko@gmail.com>
> > ---
> [...]
>
>
> > +     /*
> > +      * Disable SDI if indicated by DT that it is enabled by default.
> > +      */
> > +     if (of_property_read_bool(pdev->dev.of_node, "qcom,sdi-enabled"))
> > +             qcom_scm_disable_sdi();
> Should we care about the return value?

I dont really see a point, as we cant really do anything about it if it fails.
Also, the SDI SCM call seems to have weird return codes, for example, it works
but it returns 2.

Maybe somebody from QCA can shine some light on that?

Regards,
Robert
>
> Konrad

On 8/16/2023 10:15 PM, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> Luckily, SDI can be disabled via an SCM call.
> 
> So, lets use the boolean DT property to identify boards that have SDI
> enabled by default and use the SCM call to disable SDI during SCM probe.
> It is important to disable it as soon as possible as we might have a WDT
> assertion at any time which would then leave the board in debug mode,
> thus disabling it during SCM removal is not enough.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>
> ---
> Changes in v3:
> * Squashed ("firmware: qcom: scm: Add SDI disable support") and
> ("firmware: qcom_scm: disable SDI if required")
> ---
>   drivers/firmware/qcom_scm.c | 29 +++++++++++++++++++++++++++++
>   drivers/firmware/qcom_scm.h |  1 +
>   2 files changed, 30 insertions(+)
> 
> diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
> index 06fe8aca870d..de9d1a11d097 100644
> --- a/drivers/firmware/qcom_scm.c
> +++ b/drivers/firmware/qcom_scm.c
> @@ -403,6 +403,29 @@ int qcom_scm_set_remote_state(u32 state, u32 id)
>   }
>   EXPORT_SYMBOL_GPL(qcom_scm_set_remote_state);
>   
> +static int qcom_scm_disable_sdi(void)
> +{
> +	int ret;
> +	struct qcom_scm_desc desc = {
> +		.svc = QCOM_SCM_SVC_BOOT,
> +		.cmd = QCOM_SCM_BOOT_SDI_CONFIG,
> +		.args[0] = 1, /* Disable watchdog debug */
> +		.args[1] = 0, /* Disable SDI */
> +		.arginfo = QCOM_SCM_ARGS(2),
> +		.owner = ARM_SMCCC_OWNER_SIP,
> +	};
> +	struct qcom_scm_res res;
> +
> +	ret = qcom_scm_clk_enable();
> +	if (ret)
> +		return ret;
> +	ret = qcom_scm_call(__scm->dev, &desc, &res);

Would you not be wanting this call to be atomic ?

> +
> +	qcom_scm_clk_disable();
> +
> +	return ret ? : res.result[0];
> +}
> +
>   static int __qcom_scm_set_dload_mode(struct device *dev, bool enable)
>   {
>   	struct qcom_scm_desc desc = {
> @@ -1468,6 +1491,12 @@ static int qcom_scm_probe(struct platform_device *pdev)
>   	if (download_mode)
>   		qcom_scm_set_download_mode(true);
>   
> +	/*
> +	 * Disable SDI if indicated by DT that it is enabled by default.
> +	 */
> +	if (of_property_read_bool(pdev->dev.of_node, "qcom,sdi-enabled"))
> +		qcom_scm_disable_sdi();

Why don't we do this call in qcom_scm_shutdown()
also does it not conflict with above download_mode
we have enabled download mode but disabling SDI
means (hard reset) and will not be collecting
crash dump?

-Mukesh

> +
>   	return 0;
>   }
>   
> diff --git a/drivers/firmware/qcom_scm.h b/drivers/firmware/qcom_scm.h
> index e6e512bd57d1..7b68fa820495 100644
> --- a/drivers/firmware/qcom_scm.h
> +++ b/drivers/firmware/qcom_scm.h
> @@ -80,6 +80,7 @@ extern int scm_legacy_call(struct device *dev, const struct qcom_scm_desc *desc,
>   #define QCOM_SCM_SVC_BOOT		0x01
>   #define QCOM_SCM_BOOT_SET_ADDR		0x01
>   #define QCOM_SCM_BOOT_TERMINATE_PC	0x02
> +#define QCOM_SCM_BOOT_SDI_CONFIG	0x09
>   #define QCOM_SCM_BOOT_SET_DLOAD_MODE	0x10
>   #define QCOM_SCM_BOOT_SET_ADDR_MC	0x11
>   #define QCOM_SCM_BOOT_SET_REMOTE_STATE	0x0a

On 8/16/2023 10:15 PM, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> So, lets add a boolean property to indicate that SDI is enabled by default
> and thus needs to be disabled by the kernel.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>

Acked-by: Mukesh Ojha <quic_mojha@quicinc.com>

-Mukesh

> ---
> Changes in v3:
> * Change the property so it indicates that SDI has been enabled by default
> ---
>   Documentation/devicetree/bindings/firmware/qcom,scm.yaml | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/firmware/qcom,scm.yaml b/Documentation/devicetree/bindings/firmware/qcom,scm.yaml
> index 4233ea839bfc..590bbbd61de5 100644
> --- a/Documentation/devicetree/bindings/firmware/qcom,scm.yaml
> +++ b/Documentation/devicetree/bindings/firmware/qcom,scm.yaml
> @@ -89,6 +89,14 @@ properties:
>         protocol to handle sleeping SCM calls.
>       maxItems: 1
>   
> +  qcom,sdi-enabled:
> +    description:
> +      Indicates that the SDI (Secure Debug Image) has been enabled by TZ
> +      by default and it needs to be disabled.
> +      If not disabled WDT assertion or reboot will cause the board to hang
> +      in the debug mode.
> +    type: boolean
> +
>     qcom,dload-mode:
>       $ref: /schemas/types.yaml#/definitions/phandle-array
>       items:

On Tue, 22 Aug 2023 at 17:38, Mukesh Ojha <quic_mojha@quicinc.com> wrote:
>
>
>
> On 8/16/2023 10:15 PM, Robert Marko wrote:
> > IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> > means that WDT being asserted or just trying to reboot will hang the board
> > in the debug mode and only pulling the power and repowering will help.
> > Some IPQ4019 boards like Google WiFI have it enabled as well.
> >
> > Luckily, SDI can be disabled via an SCM call.
> >
> > So, lets use the boolean DT property to identify boards that have SDI
> > enabled by default and use the SCM call to disable SDI during SCM probe.
> > It is important to disable it as soon as possible as we might have a WDT
> > assertion at any time which would then leave the board in debug mode,
> > thus disabling it during SCM removal is not enough.
> >
> > Signed-off-by: Robert Marko <robimarko@gmail.com>
> > ---
> > Changes in v3:
> > * Squashed ("firmware: qcom: scm: Add SDI disable support") and
> > ("firmware: qcom_scm: disable SDI if required")
> > ---
> >   drivers/firmware/qcom_scm.c | 29 +++++++++++++++++++++++++++++
> >   drivers/firmware/qcom_scm.h |  1 +
> >   2 files changed, 30 insertions(+)
> >
> > diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
> > index 06fe8aca870d..de9d1a11d097 100644
> > --- a/drivers/firmware/qcom_scm.c
> > +++ b/drivers/firmware/qcom_scm.c
> > @@ -403,6 +403,29 @@ int qcom_scm_set_remote_state(u32 state, u32 id)
> >   }
> >   EXPORT_SYMBOL_GPL(qcom_scm_set_remote_state);
> >
> > +static int qcom_scm_disable_sdi(void)
> > +{
> > +     int ret;
> > +     struct qcom_scm_desc desc = {
> > +             .svc = QCOM_SCM_SVC_BOOT,
> > +             .cmd = QCOM_SCM_BOOT_SDI_CONFIG,
> > +             .args[0] = 1, /* Disable watchdog debug */
> > +             .args[1] = 0, /* Disable SDI */
> > +             .arginfo = QCOM_SCM_ARGS(2),
> > +             .owner = ARM_SMCCC_OWNER_SIP,
> > +     };
> > +     struct qcom_scm_res res;
> > +
> > +     ret = qcom_scm_clk_enable();
> > +     if (ret)
> > +             return ret;
> > +     ret = qcom_scm_call(__scm->dev, &desc, &res);
>
> Would you not be wanting this call to be atomic ?

This is implemented based off the downstream 5.4 kernel as I dont have
the SCM docs
so I dont know if its even supported in the atomic version.
>
> > +
> > +     qcom_scm_clk_disable();
> > +
> > +     return ret ? : res.result[0];
> > +}
> > +
> >   static int __qcom_scm_set_dload_mode(struct device *dev, bool enable)
> >   {
> >       struct qcom_scm_desc desc = {
> > @@ -1468,6 +1491,12 @@ static int qcom_scm_probe(struct platform_device *pdev)
> >       if (download_mode)
> >               qcom_scm_set_download_mode(true);
> >
> > +     /*
> > +      * Disable SDI if indicated by DT that it is enabled by default.
> > +      */
> > +     if (of_property_read_bool(pdev->dev.of_node, "qcom,sdi-enabled"))
> > +             qcom_scm_disable_sdi();
>
> Why don't we do this call in qcom_scm_shutdown()
> also does it not conflict with above download_mode
> we have enabled download mode but disabling SDI
> means (hard reset) and will not be collecting
> crash dump?

Because doing it in SCM removal is too late, what if we have a WDT
assertion and not a
regular reboot?
It would mean that the board will get stuck in the debug mode which is
not useful for users and
requires the power to be pulled in order to boot normally again.

I am not sure about the download mode, this is where insight from QCA
really help as I am
doing this with very limited docs.

Regards,
Robert
>
> -Mukesh
>
> > +
> >       return 0;
> >   }
> >
> > diff --git a/drivers/firmware/qcom_scm.h b/drivers/firmware/qcom_scm.h
> > index e6e512bd57d1..7b68fa820495 100644
> > --- a/drivers/firmware/qcom_scm.h
> > +++ b/drivers/firmware/qcom_scm.h
> > @@ -80,6 +80,7 @@ extern int scm_legacy_call(struct device *dev, const struct qcom_scm_desc *desc,
> >   #define QCOM_SCM_SVC_BOOT           0x01
> >   #define QCOM_SCM_BOOT_SET_ADDR              0x01
> >   #define QCOM_SCM_BOOT_TERMINATE_PC  0x02
> > +#define QCOM_SCM_BOOT_SDI_CONFIG     0x09
> >   #define QCOM_SCM_BOOT_SET_DLOAD_MODE        0x10
> >   #define QCOM_SCM_BOOT_SET_ADDR_MC   0x11
> >   #define QCOM_SCM_BOOT_SET_REMOTE_STATE      0x0a

On Fri, Aug 25, 2023 at 2:41 AM Robert Marko <robimarko@gmail.com> wrote:
> On Tue, 22 Aug 2023 at 17:38, Mukesh Ojha <quic_mojha@quicinc.com> wrote:
> > On 8/16/2023 10:15 PM, Robert Marko wrote:
> > > +     ret = qcom_scm_call(__scm->dev, &desc, &res);
> >
> > Would you not be wanting this call to be atomic ?
>
> This is implemented based off the downstream 5.4 kernel as I dont have
> the SCM docs
> so I dont know if its even supported in the atomic version.

More than that, it's known *not* to be properly supported on one such
applicable device:

Subject: [RFC] qcom_scm: IPQ4019 firmware does not support atomic API?
https://lore.kernel.org/linux-arm-kernel/20200913201608.GA3162100@bDebian/

I still haven't gotten a solution to *that* problem upstream, but it'd
be nice not to make it worse.

Brian

On 8/25/2023 3:11 PM, Robert Marko wrote:
> On Tue, 22 Aug 2023 at 17:38, Mukesh Ojha <quic_mojha@quicinc.com> wrote:
>>
>>
>>
>> On 8/16/2023 10:15 PM, Robert Marko wrote:
>>> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
>>> means that WDT being asserted or just trying to reboot will hang the board
>>> in the debug mode and only pulling the power and repowering will help.
>>> Some IPQ4019 boards like Google WiFI have it enabled as well.
>>>
>>> Luckily, SDI can be disabled via an SCM call.
>>>
>>> So, lets use the boolean DT property to identify boards that have SDI
>>> enabled by default and use the SCM call to disable SDI during SCM probe.
>>> It is important to disable it as soon as possible as we might have a WDT
>>> assertion at any time which would then leave the board in debug mode,
>>> thus disabling it during SCM removal is not enough.
>>>
>>> Signed-off-by: Robert Marko <robimarko@gmail.com>
>>> ---
>>> Changes in v3:
>>> * Squashed ("firmware: qcom: scm: Add SDI disable support") and
>>> ("firmware: qcom_scm: disable SDI if required")
>>> ---
>>>    drivers/firmware/qcom_scm.c | 29 +++++++++++++++++++++++++++++
>>>    drivers/firmware/qcom_scm.h |  1 +
>>>    2 files changed, 30 insertions(+)
>>>
>>> diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
>>> index 06fe8aca870d..de9d1a11d097 100644
>>> --- a/drivers/firmware/qcom_scm.c
>>> +++ b/drivers/firmware/qcom_scm.c
>>> @@ -403,6 +403,29 @@ int qcom_scm_set_remote_state(u32 state, u32 id)
>>>    }
>>>    EXPORT_SYMBOL_GPL(qcom_scm_set_remote_state);
>>>
>>> +static int qcom_scm_disable_sdi(void)
>>> +{
>>> +     int ret;
>>> +     struct qcom_scm_desc desc = {
>>> +             .svc = QCOM_SCM_SVC_BOOT,
>>> +             .cmd = QCOM_SCM_BOOT_SDI_CONFIG,
>>> +             .args[0] = 1, /* Disable watchdog debug */
>>> +             .args[1] = 0, /* Disable SDI */
>>> +             .arginfo = QCOM_SCM_ARGS(2),
>>> +             .owner = ARM_SMCCC_OWNER_SIP,
>>> +     };
>>> +     struct qcom_scm_res res;
>>> +
>>> +     ret = qcom_scm_clk_enable();
>>> +     if (ret)
>>> +             return ret;
>>> +     ret = qcom_scm_call(__scm->dev, &desc, &res);
>>
>> Would you not be wanting this call to be atomic ?
> 
> This is implemented based off the downstream 5.4 kernel as I dont have
> the SCM docs
> so I dont know if its even supported in the atomic version.

Ok,.

Well, Kernel version does not guarantees us whether certain things
are supported or not in the firmware and it is not bound to any
particular firmware version;

So, whatever firmware version it is running with, we should try to
support.

Should we implement certain kind of call, if fastcall(atomic) is 
supported go-ahead otherwise fallback to slowcalls (interruptible)
calls, but this is completely out of the context of this patch.

>>
>>> +
>>> +     qcom_scm_clk_disable();
>>> +
>>> +     return ret ? : res.result[0];
>>> +}
>>> +
>>>    static int __qcom_scm_set_dload_mode(struct device *dev, bool enable)
>>>    {
>>>        struct qcom_scm_desc desc = {
>>> @@ -1468,6 +1491,12 @@ static int qcom_scm_probe(struct platform_device *pdev)
>>>        if (download_mode)
>>>                qcom_scm_set_download_mode(true);
>>>
>>> +     /*
>>> +      * Disable SDI if indicated by DT that it is enabled by default.
>>> +      */
>>> +     if (of_property_read_bool(pdev->dev.of_node, "qcom,sdi-enabled"))
>>> +             qcom_scm_disable_sdi();
>>
>> Why don't we do this call in qcom_scm_shutdown()
>> also does it not conflict with above download_mode
>> we have enabled download mode but disabling SDI
>> means (hard reset) and will not be collecting
>> crash dump?
> 
> Because doing it in SCM removal is too late, what if we have a WDT
> assertion and not a
> regular reboot?
> It would mean that the board will get stuck in the debug mode which is
> not useful for users and
> requires the power to be pulled in order to boot normally again.

Agree.

Just a wild guess..

Can we check if this call __qcom_scm_is_call_available() helps
to determine, if the certain soc has this SCM calls supported
and if it is there it can be disabled.

__qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_BOOT, 
QCOM_SCM_BOOT_SDI_CONFIG)

> 
> I am not sure about the download mode, this is where insight from QCA
> really help as I am
> doing this with very limited docs.

Download mode would not be reflected unless it is debug
board, whatever you write will not be allowed if it is a
secure device.

-Mukesh
> 
> Regards,
> Robert
>>
>> -Mukesh
>>
>>> +
>>>        return 0;
>>>    }
>>>
>>> diff --git a/drivers/firmware/qcom_scm.h b/drivers/firmware/qcom_scm.h
>>> index e6e512bd57d1..7b68fa820495 100644
>>> --- a/drivers/firmware/qcom_scm.h
>>> +++ b/drivers/firmware/qcom_scm.h
>>> @@ -80,6 +80,7 @@ extern int scm_legacy_call(struct device *dev, const struct qcom_scm_desc *desc,
>>>    #define QCOM_SCM_SVC_BOOT           0x01
>>>    #define QCOM_SCM_BOOT_SET_ADDR              0x01
>>>    #define QCOM_SCM_BOOT_TERMINATE_PC  0x02
>>> +#define QCOM_SCM_BOOT_SDI_CONFIG     0x09
>>>    #define QCOM_SCM_BOOT_SET_DLOAD_MODE        0x10
>>>    #define QCOM_SCM_BOOT_SET_ADDR_MC   0x11
>>>    #define QCOM_SCM_BOOT_SET_REMOTE_STATE      0x0a

<snip ..>

>>>> +     int ret;
>>>> +     struct qcom_scm_desc desc = {
>>>> +             .svc = QCOM_SCM_SVC_BOOT,
>>>> +             .cmd = QCOM_SCM_BOOT_SDI_CONFIG,
>>>> +             .args[0] = 1, /* Disable watchdog debug */
>>>> +             .args[1] = 0, /* Disable SDI */
>>>> +             .arginfo = QCOM_SCM_ARGS(2),
>>>> +             .owner = ARM_SMCCC_OWNER_SIP,
>>>> +     };
>>>> +     struct qcom_scm_res res;
>>>> +
>>>> +     ret = qcom_scm_clk_enable();
>>>> +     if (ret)
>>>> +             return ret;
>>>> +     ret = qcom_scm_call(__scm->dev, &desc, &res);
>>>
>>> Would you not be wanting this call to be atomic ?
>>
>> This is implemented based off the downstream 5.4 kernel as I dont have
>> the SCM docs
>> so I dont know if its even supported in the atomic version.
> 
> Ok,.
> 
> Well, Kernel version does not guarantees us whether certain things
> are supported or not in the firmware and it is not bound to any
> particular firmware version;
> 
> So, whatever firmware version it is running with, we should try to
> support.
> 
> Should we implement certain kind of call, if fastcall(atomic) is 
> supported go-ahead otherwise fallback to slowcalls (interruptible)
> calls, but this is completely out of the context of this patch.
> 

  I replied on older thread, was not in CC here, just saw this.

  Agree, atomic api is out of this context and we could take it up
  separately.

>>>
>>>> +
>>>> +     qcom_scm_clk_disable();
>>>> +
>>>> +     return ret ? : res.result[0];
>>>> +}
>>>> +
>>>>    static int __qcom_scm_set_dload_mode(struct device *dev, bool 
>>>> enable)
>>>>    {
>>>>        struct qcom_scm_desc desc = {
>>>> @@ -1468,6 +1491,12 @@ static int qcom_scm_probe(struct 
>>>> platform_device *pdev)
>>>>        if (download_mode)
>>>>                qcom_scm_set_download_mode(true);
>>>>
>>>> +     /*
>>>> +      * Disable SDI if indicated by DT that it is enabled by default.
>>>> +      */
>>>> +     if (of_property_read_bool(pdev->dev.of_node, "qcom,sdi-enabled"))
>>>> +             qcom_scm_disable_sdi();
>>>
>>> Why don't we do this call in qcom_scm_shutdown()
>>> also does it not conflict with above download_mode
>>> we have enabled download mode but disabling SDI
>>> means (hard reset) and will not be collecting
>>> crash dump?
>>
>> Because doing it in SCM removal is too late, what if we have a WDT
>> assertion and not a
>> regular reboot?
>> It would mean that the board will get stuck in the debug mode which is
>> not useful for users and
>> requires the power to be pulled in order to boot normally again.
> 
> Agree.

  For IPQ chipsets, SDI bit is used like below,

    For abnormal resets (like WDT), should be set '1' for valid dump
    collection.

    For reboot, should be cleared to '0' to avoid dump collection which
    is not required in this case.

    For HLOS panic, is a don't care, dumps always get collected and
    firmware takes care of clearing the SDI bit.

    Mukesh,  Can you confirm if its same for msm also ?
> 
> Just a wild guess..
> 
> Can we check if this call __qcom_scm_is_call_available() helps
> to determine, if the certain soc has this SCM calls supported
> and if it is there it can be disabled.
> 
> __qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_BOOT, 
> QCOM_SCM_BOOT_SDI_CONFIG)
> 

  Yes, as i mentioned in other thread, checking using
  qcom_scm_is_call_available is better. That said, would require
  testing on all IPQ/MSM socs to confirm if firmware supports it.

>>
>> I am not sure about the download mode, this is where insight from QCA
>> really help as I am
>> doing this with very limited docs.
> 
> Download mode would not be reflected unless it is debug
> board, whatever you write will not be allowed if it is a
> secure device.
> 

   Yes, 'download mode' bit is similar, but that is used by the firmware
   to determining whether to collect dumps on non-secure boards.
   Specifically, 'SDI bit' on some socs is used by firmware to determine
   if boot is happening from a 'abnormal crash', hence put DDR to
   self-refresh etc for valid dumps.

Regards,
  Sricharan

On 9/7/2023 12:02 PM, Sricharan Ramabadhran wrote:
> 
> <snip ..>
> 
>>>>> +     int ret;
>>>>> +     struct qcom_scm_desc desc = {
>>>>> +             .svc = QCOM_SCM_SVC_BOOT,
>>>>> +             .cmd = QCOM_SCM_BOOT_SDI_CONFIG,
>>>>> +             .args[0] = 1, /* Disable watchdog debug */
>>>>> +             .args[1] = 0, /* Disable SDI */
>>>>> +             .arginfo = QCOM_SCM_ARGS(2),
>>>>> +             .owner = ARM_SMCCC_OWNER_SIP,
>>>>> +     };
>>>>> +     struct qcom_scm_res res;
>>>>> +
>>>>> +     ret = qcom_scm_clk_enable();
>>>>> +     if (ret)
>>>>> +             return ret;
>>>>> +     ret = qcom_scm_call(__scm->dev, &desc, &res);
>>>>
>>>> Would you not be wanting this call to be atomic ?
>>>
>>> This is implemented based off the downstream 5.4 kernel as I dont have
>>> the SCM docs
>>> so I dont know if its even supported in the atomic version.
>>
>> Ok,.
>>
>> Well, Kernel version does not guarantees us whether certain things
>> are supported or not in the firmware and it is not bound to any
>> particular firmware version;
>>
>> So, whatever firmware version it is running with, we should try to
>> support.
>>
>> Should we implement certain kind of call, if fastcall(atomic) is 
>> supported go-ahead otherwise fallback to slowcalls (interruptible)
>> calls, but this is completely out of the context of this patch.
>>
> 
>   I replied on older thread, was not in CC here, just saw this.
> 
>   Agree, atomic api is out of this context and we could take it up
>   separately.
> 
>>>>
>>>>> +
>>>>> +     qcom_scm_clk_disable();
>>>>> +
>>>>> +     return ret ? : res.result[0];
>>>>> +}
>>>>> +
>>>>>    static int __qcom_scm_set_dload_mode(struct device *dev, bool 
>>>>> enable)
>>>>>    {
>>>>>        struct qcom_scm_desc desc = {
>>>>> @@ -1468,6 +1491,12 @@ static int qcom_scm_probe(struct 
>>>>> platform_device *pdev)
>>>>>        if (download_mode)
>>>>>                qcom_scm_set_download_mode(true);
>>>>>
>>>>> +     /*
>>>>> +      * Disable SDI if indicated by DT that it is enabled by default.
>>>>> +      */
>>>>> +     if (of_property_read_bool(pdev->dev.of_node, 
>>>>> "qcom,sdi-enabled"))
>>>>> +             qcom_scm_disable_sdi();
>>>>
>>>> Why don't we do this call in qcom_scm_shutdown()
>>>> also does it not conflict with above download_mode
>>>> we have enabled download mode but disabling SDI
>>>> means (hard reset) and will not be collecting
>>>> crash dump?
>>>
>>> Because doing it in SCM removal is too late, what if we have a WDT
>>> assertion and not a
>>> regular reboot?
>>> It would mean that the board will get stuck in the debug mode which is
>>> not useful for users and
>>> requires the power to be pulled in order to boot normally again.
>>
>> Agree.
> 
>   For IPQ chipsets, SDI bit is used like below,
> 
>     For abnormal resets (like WDT), should be set '1' for valid dump
>     collection.
> 
>     For reboot, should be cleared to '0' to avoid dump collection which
>     is not required in this case.
> 
>     For HLOS panic, is a don't care, dumps always get collected and
>     firmware takes care of clearing the SDI bit.
> 
>     Mukesh,  Can you confirm if its same for msm also ?

Yes, it is same in MSM as well.

-Mukesh

>>
>> Just a wild guess..
>>
>> Can we check if this call __qcom_scm_is_call_available() helps
>> to determine, if the certain soc has this SCM calls supported
>> and if it is there it can be disabled.
>>
>> __qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_BOOT, 
>> QCOM_SCM_BOOT_SDI_CONFIG)
>>
> 
>   Yes, as i mentioned in other thread, checking using
>   qcom_scm_is_call_available is better. That said, would require
>   testing on all IPQ/MSM socs to confirm if firmware supports it.
> 
>>>
>>> I am not sure about the download mode, this is where insight from QCA
>>> really help as I am
>>> doing this with very limited docs.
>>
>> Download mode would not be reflected unless it is debug
>> board, whatever you write will not be allowed if it is a
>> secure device.
>>
> 
>    Yes, 'download mode' bit is similar, but that is used by the firmware
>    to determining whether to collect dumps on non-secure boards.
>    Specifically, 'SDI bit' on some socs is used by firmware to determine
>    if boot is happening from a 'abnormal crash', hence put DDR to
>    self-refresh etc for valid dumps.
> 
> Regards,
>   Sricharan

On Wed, 16 Aug 2023 18:45:38 +0200, Robert Marko wrote:
> IPQ5018 has SDI (Secure Debug Image) enabled by TZ by default, and that
> means that WDT being asserted or just trying to reboot will hang the board
> in the debug mode and only pulling the power and repowering will help.
> Some IPQ4019 boards like Google WiFI have it enabled as well.
> 
> So, lets add a boolean property to indicate that SDI is enabled by default
> and thus needs to be disabled by the kernel.
> 
> [...]

Applied, thanks!

[4/4] arm64: dts: qcom: ipq5018: indicate that SDI should be disabled
      commit: 79796e87215db9587d6c66ec6f6781e091bc6464

Best regards,