diff mbox series

[RESEND,2/2] firmware: qcom: scm: disable SDI on IPQ5018

Message ID 20230518140224.2248782-2-robimarko@gmail.com
State Superseded
Headers show
Series None | expand

Commit Message

Robert Marko May 18, 2023, 2:02 p.m. UTC
IPQ5018 seems to have SDI (Secure Debug Image) enabled by default which
prevents normal reboot from working causing the board to just hang after
reboot is called.

So, let disable SDI during SCM probe for IPQ5018.

Signed-off-by: Robert Marko <robimarko@gmail.com>
---
 drivers/firmware/qcom_scm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Brian Norris Aug. 13, 2023, 11:03 p.m. UTC | #1
On Thu, May 18, 2023 at 04:02:24PM +0200, Robert Marko wrote:
> IPQ5018 seems to have SDI (Secure Debug Image) enabled by default which
> prevents normal reboot from working causing the board to just hang after
> reboot is called.
> 
> So, let disable SDI during SCM probe for IPQ5018.
> 
> Signed-off-by: Robert Marko <robimarko@gmail.com>
> ---
>  drivers/firmware/qcom_scm.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
> index bdc9324d4e62..c6a38ce49fb0 100644
> --- a/drivers/firmware/qcom_scm.c
> +++ b/drivers/firmware/qcom_scm.c
> @@ -1525,6 +1525,14 @@ static int qcom_scm_probe(struct platform_device *pdev)
>  	if (download_mode)
>  		qcom_scm_set_download_mode(true);
>  
> +	/* IPQ5018 seems to have SDI (Secure Debug Image) enabled by default
> +	 * which will prevent normal reboot causing the board to hang after
> +	 * making the reboot call.
> +	 * So, make a call to SCM to disable SDI.
> +	 */
> +	if (of_machine_is_compatible("qcom,ipq5018"))
> +		qcom_scm_disable_sdi();
> +

I see there has been some reservation expressed on this patch (via patch
1 comments). I suppose this would be a nice time (though months-late) to
add my own potentially-constructive thoughts.

First, this is definitely a real problem, and for multiple products. See
my prior art with the exact same problem:

Subject: [RFC PATCH] firmware: qcom_scm: disable SDI at boot
https://lore.kernel.org/all/20200721080054.2803881-1-computersforpeace@gmail.com/

(I think you found this one already, although independently.)

Secondly, I think some reservation from patch 1 is on the precise method
of identifying such problematic systems, and I think I agree with the
sentiment. For one, I'm sure that in my case, not all IPQ4019-based
systems leave SDI enabled, and similarly, I doubt all IPQ5018 systems do
either. I believe any firmware that has this enabled in a production
system is essentially an oversight and a bug; it provides negative value
to non-Qualcomm-employees (who can't inspect this "debug" mode), and I
also believe it can potentially be "fixed" by firmware updates. So you
have cases where depending on which software updates have been applied
to an original product before being reprogrammed with a properly-open
Linux kernel/distro, the "same" product may or may not behave
differently.

On the other hand, my guess is that it is truly safe (or, redundant) to
make this call on *any* SCM system; if it was already disabled, then
it's a no-op. Now, that may be inconvenient for Qualcomm employees
trying to debug prototype boards, but that's a different problem...

So, it feels like either this should be:
(1) done inconditionally (like my RFC above), or
(2) supported by some kind of dedicated firmware or device tree flag, to
    denote precisely which systems need this behavior, and not just
    guess based on SoCs. We don't have any firmware interface for this
    [1], so I think the next best thing is Device Tree, which I believe
    is sometimes(?) allowed to carry "firmware" information, instead of
    just "hardware" information.

For example, maybe we document a "qcom,firmware-sdi-enabled" boolean, to
represent the fact that the particular board in question may hold
firmware which leaves SDI enabled?

I'd personally also be OK with (1), unless we (or more likely, Qualcomm)
can find some reason that it's not safe/redundant to do this
unconditionally.

Regards,
Brian

[1] As far as I know. There's no documentation about Qualcomm's SCM APIs
    that I'm aware of.
Sricharan Ramabadhran Sept. 5, 2023, 12:32 p.m. UTC | #2
Hi,

On 8/14/2023 4:33 AM, Brian Norris wrote:
> On Thu, May 18, 2023 at 04:02:24PM +0200, Robert Marko wrote:
>> IPQ5018 seems to have SDI (Secure Debug Image) enabled by default which
>> prevents normal reboot from working causing the board to just hang after
>> reboot is called.
>>
>> So, let disable SDI during SCM probe for IPQ5018.
>>
>> Signed-off-by: Robert Marko <robimarko@gmail.com>
>> ---
>>   drivers/firmware/qcom_scm.c | 8 ++++++++
>>   1 file changed, 8 insertions(+)
>>
>> diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
>> index bdc9324d4e62..c6a38ce49fb0 100644
>> --- a/drivers/firmware/qcom_scm.c
>> +++ b/drivers/firmware/qcom_scm.c
>> @@ -1525,6 +1525,14 @@ static int qcom_scm_probe(struct platform_device *pdev)
>>   	if (download_mode)
>>   		qcom_scm_set_download_mode(true);
>>   
>> +	/* IPQ5018 seems to have SDI (Secure Debug Image) enabled by default
>> +	 * which will prevent normal reboot causing the board to hang after
>> +	 * making the reboot call.
>> +	 * So, make a call to SCM to disable SDI.
>> +	 */
>> +	if (of_machine_is_compatible("qcom,ipq5018"))
>> +		qcom_scm_disable_sdi();
>> +
> 
> I see there has been some reservation expressed on this patch (via patch
> 1 comments). I suppose this would be a nice time (though months-late) to
> add my own potentially-constructive thoughts.
> 
> First, this is definitely a real problem, and for multiple products. See
> my prior art with the exact same problem:
> 
> Subject: [RFC PATCH] firmware: qcom_scm: disable SDI at boot
> https://lore.kernel.org/all/20200721080054.2803881-1-computersforpeace@gmail.com/
> 
> (I think you found this one already, although independently.)
> 
> Secondly, I think some reservation from patch 1 is on the precise method
> of identifying such problematic systems, and I think I agree with the
> sentiment. For one, I'm sure that in my case, not all IPQ4019-based
> systems leave SDI enabled, and similarly, I doubt all IPQ5018 systems do
> either. I believe any firmware that has this enabled in a production
> system is essentially an oversight and a bug; it provides negative value
> to non-Qualcomm-employees (who can't inspect this "debug" mode), and I
> also believe it can potentially be "fixed" by firmware updates. So you
> have cases where depending on which software updates have been applied
> to an original product before being reprogrammed with a properly-open
> Linux kernel/distro, the "same" product may or may not behave
> differently.
> 
> On the other hand, my guess is that it is truly safe (or, redundant) to
> make this call on *any* SCM system; if it was already disabled, then
> it's a no-op. Now, that may be inconvenient for Qualcomm employees
> trying to debug prototype boards, but that's a different problem...
> 
> So, it feels like either this should be:
> (1) done inconditionally (like my RFC above), or
> (2) supported by some kind of dedicated firmware or device tree flag, to
>      denote precisely which systems need this behavior, and not just
>      guess based on SoCs. We don't have any firmware interface for this
>      [1], so I think the next best thing is Device Tree, which I believe
>      is sometimes(?) allowed to carry "firmware" information, instead of
>      just "hardware" information.
> 
> For example, maybe we document a "qcom,firmware-sdi-enabled" boolean, to
> represent the fact that the particular board in question may hold
> firmware which leaves SDI enabled?
> 
> I'd personally also be OK with (1), unless we (or more likely, Qualcomm)
> can find some reason that it's not safe/redundant to do this
> unconditionally.
> 

  Sorry for joining this discussion late. This SDI bit is used for
  enabling ramdump collection in case of abnormal reset, like
  watchdog. That's why its enabled by default. That means it has to
  be explicitly disabled in case of intentional resets like, reboot,
  HLOS panic etc. So disabling should be done in panic/reboot paths.
  I guess it should be the same in msm's case also. Mukesh can confirm
  though.

  Also, on how to do it, instead of checking for 'compatible', i think
  would be better to check on availability of SCM using,
  '__qcom_scm_is_call_available'.

Regards,
  Sricharan
diff mbox series

Patch

diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
index bdc9324d4e62..c6a38ce49fb0 100644
--- a/drivers/firmware/qcom_scm.c
+++ b/drivers/firmware/qcom_scm.c
@@ -1525,6 +1525,14 @@  static int qcom_scm_probe(struct platform_device *pdev)
 	if (download_mode)
 		qcom_scm_set_download_mode(true);
 
+	/* IPQ5018 seems to have SDI (Secure Debug Image) enabled by default
+	 * which will prevent normal reboot causing the board to hang after
+	 * making the reboot call.
+	 * So, make a call to SCM to disable SDI.
+	 */
+	if (of_machine_is_compatible("qcom,ipq5018"))
+		qcom_scm_disable_sdi();
+
 	return 0;
 }