From patchwork Thu Apr 1 15:19:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manivannan Sadhasivam X-Patchwork-Id: 413625 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp655700jai; Thu, 1 Apr 2021 08:24:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJynnvB+QvTe5ZwSLIRY1nMq9V2ONoheiXqdMVbvvTDdIkBuwUNdo0oKlvQmjVlZ9Y+FhVHC X-Received: by 2002:a5d:670f:: with SMTP id o15mr10507064wru.349.1617290650529; Thu, 01 Apr 2021 08:24:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617290650; cv=none; d=google.com; s=arc-20160816; b=NDnbN5EwIaLa5wzJrIcGf4kjfW82jPrDGFg3l/Mh9JQ1KxfayVvSTqqedyhi7mzfrM yoj1E4CkgKIonFeCyBSp8mmxuMH3nTwp9HZFkP2oSKtSSgTRU2OEPQ+yuaifovy3NAi1 dv/sz+/CIg/WXWrRavcwjg/XSoNDu+IHdXX+N6RLCuLZGJqbnb3MVrENwlstXT8uL6aU eokXMMBtQ9Z9C6mGCB3SinLvWbplqPO1yXrTvJve9513zSQUeAhZhhikMPiiKlvdL1+t /obWukEwCH1J+xP5r9wLZsvXnauHBz5zkwT2fWwBaIxRqRtq6HYIijd2H3YecMLc8f8i ckHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-signature; bh=BwvkCsQZdoUlblqOUgJuwi4QR8F9xDK0ig5+St7HF0I=; b=ELZGg5LpfOJli3lkBIkPzkSUe9/Rhhr0BL3rih+coCRVB2yZmFSypFdh78T5gd7Dym Kn60FBGXZnHsiE55C6rooDGc/20rJfbjxphAmWjr0wU0mA/hpRzrylHnN4UsTToTFuCa 5M/uFfRcSHHlyIjZNmZvVyKAezP3fdRFTvtsgH/7j9+mrufUUbfGqcfvOeQMVXyKO8Th ckn47zYrCetCV9DJHo8JCCW6t7qcHHEuhBeEAqk78oNXeJvt0LEAww/wScrP65taKWdY /vOBvTHVvFXuItmgjDsKm+GjriKMg2Pi3SEx7DpkcAiJltDFj2KarSTXoT/tRIIFEwWV XSYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.infradead.org header.s=desiato.20200630 header.b=mwnV2Zvv; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=f3DwcN7w; spf=pass (google.com: best guess record for domain of linux-mtd-bounces+patch=linaro.org@lists.infradead.org designates 2001:8b0:10b:1:d65d:64ff:fe57:4e05 as permitted sender) smtp.mailfrom="linux-mtd-bounces+patch=linaro.org@lists.infradead.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from desiato.infradead.org (desiato.infradead.org. [2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by mx.google.com with ESMTPS id e14si6548759wme.56.2021.04.01.08.24.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Apr 2021 08:24:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-mtd-bounces+patch=linaro.org@lists.infradead.org designates 2001:8b0:10b:1:d65d:64ff:fe57:4e05 as permitted sender) client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.infradead.org header.s=desiato.20200630 header.b=mwnV2Zvv; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=f3DwcN7w; spf=pass (google.com: best guess record for domain of linux-mtd-bounces+patch=linaro.org@lists.infradead.org designates 2001:8b0:10b:1:d65d:64ff:fe57:4e05 as permitted sender) smtp.mailfrom="linux-mtd-bounces+patch=linaro.org@lists.infradead.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BwvkCsQZdoUlblqOUgJuwi4QR8F9xDK0ig5+St7HF0I=; b=mwnV2ZvvJbQAX9qyFj4LoysBk 8tuSgaoSFGrIlMqc99LzPWNpU/HPaCMgRNqawZyMuiXfjh+Hd7ML9CValpiw1GCz0LfcRLg9JrtJD Nkk7gWxoaSlsfRkR8J3xOjAlJl7MNv3ffSuL4AvMpkRDPB+zV4UmGwhxw90WSPJJ7FQ+fzKVKkhg9 1SrUYItNtiTk5RW5UoLaA593Ug9wCP8gyy7B7KpYDQzpA5LFYGGBsAW+cOgzSSxKlU9S7j2OidA5/ uPryVpEL/ufcCYMv/HNXSi1ZZmXovn9OnbwsJD4+R717RF+/+h7EZ8EeRP7NJfCcljnG1y0DASvR0 urVFIdqXw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lRzAL-00A0Fo-OB; Thu, 01 Apr 2021 15:23:26 +0000 Received: from mail-pf1-x434.google.com ([2607:f8b0:4864:20::434]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lRz7O-009zWy-OJ for linux-mtd@lists.infradead.org; Thu, 01 Apr 2021 15:20:27 +0000 Received: by mail-pf1-x434.google.com with SMTP id h3so1685502pfr.12 for ; Thu, 01 Apr 2021 08:20:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=v+aoqp7/hh2ZJdg8Bt5Hf7dmndB59spkh4lB3mp0E74=; b=f3DwcN7w4qd2BNUiwf2Zf6uIPlCFYdUV85r3kZddA+QC5XLH2diKbVl4PhBab2cvAU pmgFP02TGCZXCHfaTlBhV2jpRDmVgEDVkuwqh5ZIjpcQLtr4/kuGEOJXuDgrNZxLDhT+ xGYRHiODXoSV8YmtXXM+JZI7CQNGTH2nRU/95DBQHGG1zTzehtHMm8t/qmAu4kDBgIIa hGDQsIgddyP9kC/PjQ+RBG2D81N8jNGBQKYpBdOm/ehTLHydUR2WaDI8RE7rzqidQkqA mixaThPVCPLBnsj5x46KdlqlRVQbsCKCnHlBTcCgigALOvTIQqgT8jjEJh9Ld2IT348V Atmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=v+aoqp7/hh2ZJdg8Bt5Hf7dmndB59spkh4lB3mp0E74=; b=kooGyww1DY+5SK8SnE4gmY6hxiXWZVLUMCz79sUhesPr33zbs5CDOzswTdSGgU49KO nem6WWFde7KzrsrBTbojmeZ9R2kxCtOESGkNS4u0pKp1z+CTtXwwYFQZqC3uCSZpObHF vxtGx5nmmfPtUKxuUXRcVl4pYk/qCFsczW8iPq4XojnvJ0Gz9kA23imD8EBGLGZHhol/ mNS0dZK3VzaCkOq+TR6ZMCLsgjrKS23BXvWjjGCuvGN6Zq94clr4k5YgaQxd9z//3tCv htKz5w0pkSR6ZgOxpxO1J901axX6k/zPoNfuV/0cee86akmtF6GAT/TW8Oe7Od2tB4BA yFIQ== X-Gm-Message-State: AOAM532rP2DuHaaEgO3pwfIYpKT4/Z9HOTU3QjbV3oiHvUjuFJtl07ND QbMJl3RxXtteuoFlU0slzJHF X-Received: by 2002:a63:5004:: with SMTP id e4mr7841479pgb.61.1617290421033; Thu, 01 Apr 2021 08:20:21 -0700 (PDT) Received: from localhost.localdomain ([103.77.37.138]) by smtp.gmail.com with ESMTPSA id l22sm6500919pjl.14.2021.04.01.08.20.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Apr 2021 08:20:20 -0700 (PDT) From: Manivannan Sadhasivam To: miquel.raynal@bootlin.com, richard@nod.at, vigneshr@ti.com, robh+dt@kernel.org Cc: linux-arm-msm@vger.kernel.org, devicetree@vger.kernel.org, linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org, boris.brezillon@collabora.com, Daniele.Palmas@telit.com, bjorn.andersson@linaro.org, Manivannan Sadhasivam Subject: [PATCH v10 3/4] mtd: rawnand: Add support for secure regions in NAND memory Date: Thu, 1 Apr 2021 20:49:54 +0530 Message-Id: <20210401151955.143817-4-manivannan.sadhasivam@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210401151955.143817-1-manivannan.sadhasivam@linaro.org> References: <20210401151955.143817-1-manivannan.sadhasivam@linaro.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210401_162023_193491_DCDC8A7D X-CRM114-Status: GOOD ( 27.38 ) X-Spam-Score: 3.4 (+++) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On a typical end product, a vendor may choose to secure some regions in the NAND memory which are supposed to stay intact between FW upgrades. The access to those regions will be blocked by a secure e [...] Content analysis details: (3.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:434 listed in] [list.dnswl.org] 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [103.77.37.138 listed in zen.spamhaus.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+patch=linaro.org@lists.infradead.org On a typical end product, a vendor may choose to secure some regions in the NAND memory which are supposed to stay intact between FW upgrades. The access to those regions will be blocked by a secure element like Trustzone. So the normal world software like Linux kernel should not touch these regions (including reading). The regions are declared using a NAND chip DT property, "secure-regions". So let's make use of this property in the raw NAND core and skip access to the secure regions present in a system. Signed-off-by: Manivannan Sadhasivam --- drivers/mtd/nand/raw/nand_base.c | 107 ++++++++++++++++++++++++++++++- include/linux/mtd/rawnand.h | 14 ++++ 2 files changed, 120 insertions(+), 1 deletion(-) -- 2.25.1 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/ diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index c33fa1b1847f..c216d3eca915 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -278,11 +278,50 @@ static int nand_block_bad(struct nand_chip *chip, loff_t ofs) return 0; } +/** + * nand_region_is_secured() - Check if the region is secured + * @chip: NAND chip object + * @offset: Offset of the region to check + * @size: Size of the region to check + * + * Checks if the region is secured by comparing the offset and size with the + * list of secure regions obtained from DT. Returns true if the region is + * secured else false. + */ +static bool nand_region_is_secured(struct nand_chip *chip, loff_t offset, u64 size) +{ + int i; + + /* Skip touching the secure regions if present */ + for (i = 0; i < chip->nr_secure_regions; i++) { + const struct nand_secure_region *region = &chip->secure_regions[i]; + + if (offset + size <= region->offset || + offset >= region->offset + region->size) + continue; + + pr_debug("%s: Region 0x%llx - 0x%llx is secured!", + __func__, offset, offset + size); + + return true; + } + + return false; +} + static int nand_isbad_bbm(struct nand_chip *chip, loff_t ofs) { + struct mtd_info *mtd = nand_to_mtd(chip); + int last_page = ((mtd->erasesize - mtd->writesize) >> + chip->page_shift) & chip->pagemask; + if (chip->options & NAND_NO_BBM_QUIRK) return 0; + /* Check if the region is secured */ + if (nand_region_is_secured(chip, ofs, last_page)) + return -EIO; + if (chip->legacy.block_bad) return chip->legacy.block_bad(chip, ofs); @@ -397,6 +436,10 @@ static int nand_do_write_oob(struct nand_chip *chip, loff_t to, return -EINVAL; } + /* Check if the region is secured */ + if (nand_region_is_secured(chip, to, ops->ooblen)) + return -EIO; + chipnr = (int)(to >> chip->chip_shift); /* @@ -565,6 +608,11 @@ static int nand_block_isreserved(struct mtd_info *mtd, loff_t ofs) if (!chip->bbt) return 0; + + /* Check if the region is secured */ + if (nand_region_is_secured(chip, ofs, 0)) + return -EIO; + /* Return info from the table */ return nand_isreserved_bbt(chip, ofs); } @@ -3127,6 +3175,10 @@ static int nand_do_read_ops(struct nand_chip *chip, loff_t from, int retry_mode = 0; bool ecc_fail = false; + /* Check if the region is secured */ + if (nand_region_is_secured(chip, from, readlen)) + return -EIO; + chipnr = (int)(from >> chip->chip_shift); nand_select_target(chip, chipnr); @@ -3458,6 +3510,10 @@ static int nand_do_read_oob(struct nand_chip *chip, loff_t from, pr_debug("%s: from = 0x%08Lx, len = %i\n", __func__, (unsigned long long)from, readlen); + /* Check if the region is secured */ + if (nand_region_is_secured(chip, from, readlen)) + return -EIO; + stats = mtd->ecc_stats; len = mtd_oobavail(mtd, ops); @@ -3979,6 +4035,10 @@ static int nand_do_write_ops(struct nand_chip *chip, loff_t to, return -EINVAL; } + /* Check if the region is secured */ + if (nand_region_is_secured(chip, to, writelen)) + return -EIO; + column = to & (mtd->writesize - 1); chipnr = (int)(to >> chip->chip_shift); @@ -4180,6 +4240,10 @@ int nand_erase_nand(struct nand_chip *chip, struct erase_info *instr, if (check_offs_len(chip, instr->addr, instr->len)) return -EINVAL; + /* Check if the region is secured */ + if (nand_region_is_secured(chip, instr->addr, instr->len)) + return -EIO; + /* Grab the lock and see if the device is available */ ret = nand_get_device(chip); if (ret) @@ -4995,6 +5059,31 @@ static bool of_get_nand_on_flash_bbt(struct device_node *np) return of_property_read_bool(np, "nand-on-flash-bbt"); } +static int of_get_nand_secure_regions(struct nand_chip *chip) +{ + struct device_node *dn = nand_get_flash_node(chip); + int nr_elem, i, j; + + nr_elem = of_property_count_elems_of_size(dn, "secure-regions", sizeof(u64)); + if (!nr_elem) + return 0; + + chip->nr_secure_regions = nr_elem / 2; + chip->secure_regions = kcalloc(chip->nr_secure_regions, sizeof(*chip->secure_regions), + GFP_KERNEL); + if (!chip->secure_regions) + return -ENOMEM; + + for (i = 0, j = 0; i < chip->nr_secure_regions; i++, j += 2) { + of_property_read_u64_index(dn, "secure-regions", j, + &chip->secure_regions[i].offset); + of_property_read_u64_index(dn, "secure-regions", j + 1, + &chip->secure_regions[i].size); + } + + return 0; +} + static int rawnand_dt_init(struct nand_chip *chip) { struct nand_device *nand = mtd_to_nanddev(nand_to_mtd(chip)); @@ -5953,6 +6042,16 @@ static int nand_scan_tail(struct nand_chip *chip) goto err_free_interface_config; } + /* + * Look for secure regions in the NAND chip. These regions are supposed + * to be protected by a secure element like Trustzone. So the read/write + * accesses to these regions will be blocked in the runtime by this + * driver. + */ + ret = of_get_nand_secure_regions(chip); + if (ret) + goto err_free_interface_config; + /* Check, if we should skip the bad block table scan */ if (chip->options & NAND_SKIP_BBTSCAN) return 0; @@ -5960,10 +6059,13 @@ static int nand_scan_tail(struct nand_chip *chip) /* Build bad block table */ ret = nand_create_bbt(chip); if (ret) - goto err_free_interface_config; + goto err_free_secure_regions; return 0; +err_free_secure_regions: + kfree(chip->secure_regions); + err_free_interface_config: kfree(chip->best_interface_config); @@ -6051,6 +6153,9 @@ void nand_cleanup(struct nand_chip *chip) nanddev_cleanup(&chip->base); + /* Free secure regions data */ + kfree(chip->secure_regions); + /* Free bad block table memory */ kfree(chip->bbt); kfree(chip->data_buf); diff --git a/include/linux/mtd/rawnand.h b/include/linux/mtd/rawnand.h index 6b3240e44310..17ddc900a1dc 100644 --- a/include/linux/mtd/rawnand.h +++ b/include/linux/mtd/rawnand.h @@ -1036,6 +1036,16 @@ struct nand_manufacturer { void *priv; }; +/** + * struct nand_secure_region - NAND secure region structure + * @offset: Offset of the start of the secure region + * @size: Size of the secure region + */ +struct nand_secure_region { + u64 offset; + u64 size; +}; + /** * struct nand_chip - NAND Private Flash Chip Data * @base: Inherit from the generic NAND device @@ -1086,6 +1096,8 @@ struct nand_manufacturer { * NAND Controller drivers should not modify this value, but they're * allowed to read it. * @read_retries: The number of read retry modes supported + * @secure_regions: Structure containing the secure regions info + * @nr_secure_regions: Number of secure regions * @controller: The hardware controller structure which is shared among multiple * independent devices * @ecc: The ECC controller structure @@ -1135,6 +1147,8 @@ struct nand_chip { unsigned int suspended : 1; int cur_cs; int read_retries; + struct nand_secure_region *secure_regions; + u8 nr_secure_regions; /* Externals */ struct nand_controller *controller;