From: Lars Pedersen <lapeddk@gmail.com>
To: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
barebox@lists.infradead.org,
Bruno Thomsen <bruno.thomsen@gmail.com>
Subject: Re: [PATCH] ARM: i.MX: Kamstrup mx7 concentrator board support
Date: Mon, 12 Apr 2021 14:39:42 +0200 [thread overview]
Message-ID: <CAKd8=Gs0yZAbBwxnzrtzRQkHNY6qEEs5FStrqnqjyyUHNgtgYA@mail.gmail.com> (raw)
In-Reply-To: <28d4e31c21b59e3ae6fcd84617207ab02e3af02d.camel@pengutronix.de>
Hello Rouven.
Thanks for your response.
We will need another hardware update before production so we will try
to get this added.
Regards,
Lars Pedersen
On Mon, 12 Apr 2021 at 14:22, Rouven Czerwinski
<r.czerwinski@pengutronix.de> wrote:
>
> On Mon, 2021-04-12 at 13:24 +0200, Ahmad Fatoum wrote:
> > Hello Lars,
> >
> > On 12.04.21 12:45, Lars Pedersen wrote:
> > > > > +#define BOARD_RESTART_GPIO IMX_GPIO_NR(7, 12)
> > > > > +#define TPM_RESET_GPIO IMX_GPIO_NR(3, 8)
> > > > > +
> > > > > +static void kamstrup_mx7_tpm_reset(void)
> > > > > +{
> > > > > + imx7_setup_pad(MX7D_PAD_LCD_DATA03__GPIO3_IO8);
> > > > > +
> > > > > + gpio_request(TPM_RESET_GPIO, "tpm-reset");
> > > > > + gpio_direction_output(TPM_RESET_GPIO, 1);
> > > > > + mdelay(100);
> > > > > + gpio_set_value(TPM_RESET_GPIO, 0);
> > > > > + mdelay(100);
> > > > > + gpio_set_value(TPM_RESET_GPIO, 1);
> > > > > + gpio_free(TPM_RESET_GPIO);
> > > >
> > > > We are trying to cut down on code that doesn't use the driver model.
> > > > Couldn't this be represented as a gpio-hog in the device tree or
> > > > a reset line for the SPI device?
> > >
> > > I can't find anything in the DT binding for the SPI/TPM driver to use
> > > a reset line.
> >
> > Proper way would be for this to be added into Linux then,
> > but that's out of scope for the patch here.
> >
> > > Can a DT gpio-hog toggle the pin? Don't you need a
> > > driver for this?
> >
> > You can't pulse with a gpio-hog. I assumed the TPM is in reset by
> > default.
> >
> > > I see the following options:
> > >
> > > 1) gpio-hog with a label and use new gpiolib in board.c.
> > > 2) gpio-hog and control the pin in a boot script.
> >
> > If there's no straight-forward way to do it without board code,
> > it's ok the way it is with one change though: I missed it the first
> > time, but your board breaks multi-image support because you don't
> > check whether the initcall is indeed running on your board (See for
> > example imx_v7_defconfig, which builds over a hundred boards at once).
> >
> > Easiest way to get this right is to write a board driver.
> > See arch/arm/boards/lxa-mc1/board.c for an example.
>
> TPMs usually don't have a reset line since it is a hardware misdesign
> if the reset needs to be done within the bootloader. This opens up the
> TPM to an attack where the system is properly booted, unlocking keys
> which are only accessible if the correct PCR sequence is send to the
> TPM. Than the attacker resets the hardware/CPU, but potentially loads
> up a different bootloader or tricks the bootloader into skipping the
> TPM reset. This will leave the TPM keys accessible even if the system
> has not been booted with the correct measured boot values. Boards with
> TPMs should be designed so that a CPU-Reset always results in a TPM
> Reset as well.
>
> Regards,
> Rouven
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
prev parent reply other threads:[~2021-04-12 12:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 13:20 Lars Pedersen
2021-04-10 10:43 ` Ahmad Fatoum
2021-04-12 10:45 ` Lars Pedersen
2021-04-12 11:24 ` Ahmad Fatoum
2021-04-12 12:09 ` Lars Pedersen
2021-04-12 12:43 ` Ahmad Fatoum
2021-04-12 14:17 ` Lars Pedersen
2021-04-12 14:20 ` Ahmad Fatoum
2021-04-12 12:22 ` Rouven Czerwinski
2021-04-12 12:39 ` Lars Pedersen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKd8=Gs0yZAbBwxnzrtzRQkHNY6qEEs5FStrqnqjyyUHNgtgYA@mail.gmail.com' \
--to=lapeddk@gmail.com \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=bruno.thomsen@gmail.com \
--cc=r.czerwinski@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox