subject:"RE\: \[PATCH v2 5\/5\] soc\: imx8\: Add the SC SECVIO driver"

RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

2020-10-18 Thread Peng Fan

> Subject: Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver
> 
> On Sun, Oct 18, 2020 at 05:21:28AM +, Aisheng Dong wrote:
> > Not sure if EDAC could be a better place.
> > e.g.
> > drivers/edac/sifive_edac.c
> 
> I don't see how this functionality has anything to do with EDAC.

Yes, this has nothing related with EDAC

> 
> > If not, maybe we can put in 'soc' first.
> 
> Or drivers/misc/

I think drivers/soc/imx should be ok.

Regards,
Peng.

> 
> --
> Regards/Gruss,
> Boris.
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpeople
> .kernel.org%2Ftglx%2Fnotes-about-netiquettedata=04%7C01%7Cpeng
> .fan%40nxp.com%7C8d27c325ceb844ef09a608d87348a2d1%7C686ea1d3bc
> 2b4c6fa92cd99c5c301635%7C0%7C0%7C637386103105628193%7CUnknow
> n%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
> WwiLCJXVCI6Mn0%3D%7C1000sdata=q4m%2F65tyfJjf6nYrwgCKaw5M
> NGNn3W%2BlYn3Kka1wpyE%3Dreserved=0

Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

2020-10-18 Thread Borislav Petkov

On Sun, Oct 18, 2020 at 05:21:28AM +, Aisheng Dong wrote:
> Not sure if EDAC could be a better place.
> e.g.
> drivers/edac/sifive_edac.c

I don't see how this functionality has anything to do with EDAC.

> If not, maybe we can put in 'soc' first.

Or drivers/misc/

-- 
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

2020-10-17 Thread Aisheng Dong

> From: Shawn Guo 
> Sent: Wednesday, August 19, 2020 9:32 PM
> >
> > The SNVS is a hardware component in the imx8 SoC. One of its function
> > is to detect hardware attacks, in which case it creates a SECurity
> > VIOlation.
> >
> > This patch adds the support for the reception of these secvio and
> > report it to the audit framework.
> >
> > It also gives the possibility to perform custom processing when a
> > secvio is detected.
> >
> > Signed-off-by: Franck LENORMAND 
> > Reported-by: kernel test robot 
> > ---
> >  drivers/soc/imx/Kconfig |  10 +
> >  drivers/soc/imx/Makefile|   1 +
> >  drivers/soc/imx/secvio/Kconfig  |  10 +
> >  drivers/soc/imx/secvio/Makefile |   3 +
> >  drivers/soc/imx/secvio/imx-secvio-audit.c   |  39 ++
> >  drivers/soc/imx/secvio/imx-secvio-debugfs.c | 379 
> > drivers/soc/imx/secvio/imx-secvio-sc-int.h  |  84 +++
> >  drivers/soc/imx/secvio/imx-secvio-sc.c  | 858
> 
> >  include/soc/imx/imx-secvio-sc.h | 177 ++
> >  9 files changed, 1561 insertions(+)
> >  create mode 100644 drivers/soc/imx/secvio/Kconfig  create mode 100644
> > drivers/soc/imx/secvio/Makefile  create mode 100644
> > drivers/soc/imx/secvio/imx-secvio-audit.c
> >  create mode 100644 drivers/soc/imx/secvio/imx-secvio-debugfs.c
> >  create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc-int.h
> >  create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc.c
> >  create mode 100644 include/soc/imx/imx-secvio-sc.h
> 
> Hi Arnd,
> 
> Do we have any subsystem to accommodate this driver?  Or 'soc' is just the
> right place for it?
> 

Not sure if EDAC could be a better place.
e.g.
drivers/edac/sifive_edac.c
If not, maybe we can put in 'soc' first.

Regards
Aisheng

> Shawn
> 
> >
> > diff --git a/drivers/soc/imx/Kconfig b/drivers/soc/imx/Kconfig index
> > a9370f4..6c1bc78 100644
> > --- a/drivers/soc/imx/Kconfig
> > +++ b/drivers/soc/imx/Kconfig
> > @@ -19,4 +19,14 @@ config SOC_IMX8M
> >   support, it will provide the SoC info like SoC family,
> >   ID and revision etc.
> >
> > +config SECVIO_SC
> > +tristate "NXP SC secvio support"
> > +depends on IMX_SCU
> > +help
> > +   If you say yes here you get support for the NXP SNVS security
> > +   violation module. It includes the possibility to read 
> > information
> > +   related to security violations and tampers. It also gives the
> > +   possibility to register user callbacks when a security violation
> > +   occurs.
> > +
> >  endmenu
> > diff --git a/drivers/soc/imx/Makefile b/drivers/soc/imx/Makefile index
> > 078dc91..c91a499 100644
> > --- a/drivers/soc/imx/Makefile
> > +++ b/drivers/soc/imx/Makefile
> > @@ -5,3 +5,4 @@ endif
> >  obj-$(CONFIG_HAVE_IMX_GPC) += gpc.o
> >  obj-$(CONFIG_IMX_GPCV2_PM_DOMAINS) += gpcv2.o
> >  obj-$(CONFIG_SOC_IMX8M) += soc-imx8m.o
> > +obj-${CONFIG_SECVIO_SC} += secvio/
> > diff --git a/drivers/soc/imx/secvio/Kconfig
> > b/drivers/soc/imx/secvio/Kconfig new file mode 100644 index
> > 000..dcfaea5
> > --- /dev/null
> > +++ b/drivers/soc/imx/secvio/Kconfig
> > @@ -0,0 +1,10 @@
> > +config SECVIO_SC
> > +tristate "NXP SC secvio support"
> > +depends on IMX_SCU
> > +help
> > +   If you say yes here you get support for the NXP SNVS security
> > +   violation module. It includes the possibility to read 
> > information
> > +   related to security violations and tampers. It also gives the
> > +   possibility to register user callbacks when a security violation
> > +   occurs.
> > +
> > diff --git a/drivers/soc/imx/secvio/Makefile
> > b/drivers/soc/imx/secvio/Makefile new file mode 100644 index
> > 000..d5a89ba
> > --- /dev/null
> > +++ b/drivers/soc/imx/secvio/Makefile
> > @@ -0,0 +1,3 @@
> > +obj-y +=  imx-secvio-sc.o
> > +obj-$(CONFIG_DEBUG_FS) += imx-secvio-debugfs.o
> > +obj-$(CONFIG_AUDIT) += imx-secvio-audit.o
> > diff --git a/drivers/soc/imx/secvio/imx-secvio-audit.c
> > b/drivers/soc/imx/secvio/imx-secvio-audit.c
> > new file mode 100644
> > index 000..dc96e16
> > --- /dev/null
> > +++ b/drivers/soc/imx/secvio/imx-secvio-audit.c
> > @@ -0,0 +1,39 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2019-2020 NXP
> > + */
> > +
> > +#include 
> > +
> > +#include 
> > +
> > +/**
> > + * report_to_audit_notify() - Report secvio and tamper status to
> > +audit FW
> > + *
> > + * This function can be chained in a notifier list
> > + *
> > + * @nb: notifier block
> > + * @status: error code
> > + * @notif_info: Pointer on secvio_sc_notifier_info structure
> > + *
> > + * Return:
> > + * 0 - OK
> > + * < 0 - error.
> > + */
> > +int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
> > +  void *notif_info)
> > +{
> > +   struct audit_buffer *ab;
> > +   struct secvio_sc_notifier_info *info = notif_info;
> > +
>

RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

2020-09-07 Thread Franck Lenormand (OSS)




Regards,

Franck LENORMAND, STEC Engineer

-Original Message-
From: Shawn Guo  
Sent: Wednesday, August 19, 2020 3:32 PM
To: Franck Lenormand (OSS) ; Arnd Bergmann 

Cc: s.ha...@pengutronix.de; feste...@gmail.com; ker...@pengutronix.de; 
linux-kernel@vger.kernel.org; linux-arm-ker...@lists.infradead.org; 
dl-linux-imx ; Aisheng Dong ; Abel 
Vesa ; Anson Huang ; 
li...@rempel-privat.de; Leonard Crestez ; Daniel 
Baluta ; Joakim Zhang ; Peng 
Fan 
Subject: Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

On Tue, Jul 21, 2020 at 05:20:35PM +0200, franck.lenorm...@oss.nxp.com wrote:
> From: Franck LENORMAND 
> 
> The SNVS is a hardware component in the imx8 SoC. One of its function 
> is to detect hardware attacks, in which case it creates a SECurity 
> VIOlation.
> 
> This patch adds the support for the reception of these secvio and 
> report it to the audit framework.
> 
> It also gives the possibility to perform custom processing when a 
> secvio is detected.
> 
> Signed-off-by: Franck LENORMAND 
> Reported-by: kernel test robot 
> ---
>  drivers/soc/imx/Kconfig |  10 +
>  drivers/soc/imx/Makefile|   1 +
>  drivers/soc/imx/secvio/Kconfig  |  10 +
>  drivers/soc/imx/secvio/Makefile |   3 +
>  drivers/soc/imx/secvio/imx-secvio-audit.c   |  39 ++
>  drivers/soc/imx/secvio/imx-secvio-debugfs.c | 379   
> drivers/soc/imx/secvio/imx-secvio-sc-int.h  |  84 +++
>  drivers/soc/imx/secvio/imx-secvio-sc.c  | 858 
> 
>  include/soc/imx/imx-secvio-sc.h | 177 ++
>  9 files changed, 1561 insertions(+)
>  create mode 100644 drivers/soc/imx/secvio/Kconfig  create mode 100644 
> drivers/soc/imx/secvio/Makefile  create mode 100644 
> drivers/soc/imx/secvio/imx-secvio-audit.c
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-debugfs.c
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc-int.h
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc.c
>  create mode 100644 include/soc/imx/imx-secvio-sc.h

Hi Arnd,

Do we have any subsystem to accommodate this driver?  Or 'soc' is just the 
right place for it?
[FL:] I was not able to find other devices which detects hardware intrusions so 
it seemed to be the best place for the driver.

Shawn

> 
> diff --git a/drivers/soc/imx/Kconfig b/drivers/soc/imx/Kconfig index 
> a9370f4..6c1bc78 100644
> --- a/drivers/soc/imx/Kconfig
> +++ b/drivers/soc/imx/Kconfig
> @@ -19,4 +19,14 @@ config SOC_IMX8M
> support, it will provide the SoC info like SoC family,
> ID and revision etc.
>  
> +config SECVIO_SC
> +tristate "NXP SC secvio support"
> +depends on IMX_SCU
> +help
> +   If you say yes here you get support for the NXP SNVS security
> +   violation module. It includes the possibility to read information
> +   related to security violations and tampers. It also gives the
> +   possibility to register user callbacks when a security violation
> +   occurs.
> +
>  endmenu
> diff --git a/drivers/soc/imx/Makefile b/drivers/soc/imx/Makefile index 
> 078dc91..c91a499 100644
> --- a/drivers/soc/imx/Makefile
> +++ b/drivers/soc/imx/Makefile
> @@ -5,3 +5,4 @@ endif
>  obj-$(CONFIG_HAVE_IMX_GPC) += gpc.o
>  obj-$(CONFIG_IMX_GPCV2_PM_DOMAINS) += gpcv2.o
>  obj-$(CONFIG_SOC_IMX8M) += soc-imx8m.o
> +obj-${CONFIG_SECVIO_SC} += secvio/
> diff --git a/drivers/soc/imx/secvio/Kconfig 
> b/drivers/soc/imx/secvio/Kconfig new file mode 100644 index 
> 000..dcfaea5
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/Kconfig
> @@ -0,0 +1,10 @@
> +config SECVIO_SC
> +tristate "NXP SC secvio support"
> +depends on IMX_SCU
> +help
> +   If you say yes here you get support for the NXP SNVS security
> +   violation module. It includes the possibility to read information
> +   related to security violations and tampers. It also gives the
> +   possibility to register user callbacks when a security violation
> +   occurs.
> +
> diff --git a/drivers/soc/imx/secvio/Makefile 
> b/drivers/soc/imx/secvio/Makefile new file mode 100644 index 
> 000..d5a89ba
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/Makefile
> @@ -0,0 +1,3 @@
> +obj-y +=  imx-secvio-sc.o
> +obj-$(CONFIG_DEBUG_FS) += imx-secvio-debugfs.o
> +obj-$(CONFIG_AUDIT) += imx-secvio-audit.o
> diff --git a/drivers/soc/imx/secvio/imx-secvio-audit.c 
> b/drivers/soc/imx/secvio/imx-secvio-audit.c
> new file mode 100644
> index 000..dc96e16
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/imx-secvio-audit.c
> @@ -0,0 +1,39 @@
> +// SPDX-License-Identifier: GPL-2.0+

Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

2020-08-19 Thread Shawn Guo

On Tue, Jul 21, 2020 at 05:20:35PM +0200, franck.lenorm...@oss.nxp.com wrote:
> From: Franck LENORMAND 
> 
> The SNVS is a hardware component in the imx8 SoC. One of its
> function is to detect hardware attacks, in which case it creates
> a SECurity VIOlation.
> 
> This patch adds the support for the reception of these secvio and
> report it to the audit framework.
> 
> It also gives the possibility to perform custom processing when a
> secvio is detected.
> 
> Signed-off-by: Franck LENORMAND 
> Reported-by: kernel test robot 
> ---
>  drivers/soc/imx/Kconfig |  10 +
>  drivers/soc/imx/Makefile|   1 +
>  drivers/soc/imx/secvio/Kconfig  |  10 +
>  drivers/soc/imx/secvio/Makefile |   3 +
>  drivers/soc/imx/secvio/imx-secvio-audit.c   |  39 ++
>  drivers/soc/imx/secvio/imx-secvio-debugfs.c | 379 
>  drivers/soc/imx/secvio/imx-secvio-sc-int.h  |  84 +++
>  drivers/soc/imx/secvio/imx-secvio-sc.c  | 858 
> 
>  include/soc/imx/imx-secvio-sc.h | 177 ++
>  9 files changed, 1561 insertions(+)
>  create mode 100644 drivers/soc/imx/secvio/Kconfig
>  create mode 100644 drivers/soc/imx/secvio/Makefile
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-audit.c
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-debugfs.c
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc-int.h
>  create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc.c
>  create mode 100644 include/soc/imx/imx-secvio-sc.h

Hi Arnd,

Do we have any subsystem to accommodate this driver?  Or 'soc' is just
the right place for it?

Shawn

> 
> diff --git a/drivers/soc/imx/Kconfig b/drivers/soc/imx/Kconfig
> index a9370f4..6c1bc78 100644
> --- a/drivers/soc/imx/Kconfig
> +++ b/drivers/soc/imx/Kconfig
> @@ -19,4 +19,14 @@ config SOC_IMX8M
> support, it will provide the SoC info like SoC family,
> ID and revision etc.
>  
> +config SECVIO_SC
> +tristate "NXP SC secvio support"
> +depends on IMX_SCU
> +help
> +   If you say yes here you get support for the NXP SNVS security
> +   violation module. It includes the possibility to read information
> +   related to security violations and tampers. It also gives the
> +   possibility to register user callbacks when a security violation
> +   occurs.
> +
>  endmenu
> diff --git a/drivers/soc/imx/Makefile b/drivers/soc/imx/Makefile
> index 078dc91..c91a499 100644
> --- a/drivers/soc/imx/Makefile
> +++ b/drivers/soc/imx/Makefile
> @@ -5,3 +5,4 @@ endif
>  obj-$(CONFIG_HAVE_IMX_GPC) += gpc.o
>  obj-$(CONFIG_IMX_GPCV2_PM_DOMAINS) += gpcv2.o
>  obj-$(CONFIG_SOC_IMX8M) += soc-imx8m.o
> +obj-${CONFIG_SECVIO_SC} += secvio/
> diff --git a/drivers/soc/imx/secvio/Kconfig b/drivers/soc/imx/secvio/Kconfig
> new file mode 100644
> index 000..dcfaea5
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/Kconfig
> @@ -0,0 +1,10 @@
> +config SECVIO_SC
> +tristate "NXP SC secvio support"
> +depends on IMX_SCU
> +help
> +   If you say yes here you get support for the NXP SNVS security
> +   violation module. It includes the possibility to read information
> +   related to security violations and tampers. It also gives the
> +   possibility to register user callbacks when a security violation
> +   occurs.
> +
> diff --git a/drivers/soc/imx/secvio/Makefile b/drivers/soc/imx/secvio/Makefile
> new file mode 100644
> index 000..d5a89ba
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/Makefile
> @@ -0,0 +1,3 @@
> +obj-y +=  imx-secvio-sc.o
> +obj-$(CONFIG_DEBUG_FS) += imx-secvio-debugfs.o
> +obj-$(CONFIG_AUDIT) += imx-secvio-audit.o
> diff --git a/drivers/soc/imx/secvio/imx-secvio-audit.c 
> b/drivers/soc/imx/secvio/imx-secvio-audit.c
> new file mode 100644
> index 000..dc96e16
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/imx-secvio-audit.c
> @@ -0,0 +1,39 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2019-2020 NXP
> + */
> +
> +#include 
> +
> +#include 
> +
> +/**
> + * report_to_audit_notify() - Report secvio and tamper status to audit FW
> + *
> + * This function can be chained in a notifier list
> + *
> + * @nb: notifier block
> + * @status: error code
> + * @notif_info: Pointer on secvio_sc_notifier_info structure
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
> +void *notif_info)
> +{
> + struct audit_buffer *ab;
> + struct secvio_sc_notifier_info *info = notif_info;
> +
> + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_INTEGRITY_RULE);
> + if (!ab)
> + return -ENOMEM;
> +
> + audit_log_format(ab, " hpsvs=0x%.08x lps=0x%.08x lptds=0x%.08x",
> +  info->hpsvs, info->lps, info->lptds);
> + audit_log_task_info(ab);
> + audit_log_end(ab);
> +
> +

RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver

5 matches

Site Navigation

Mail list logo

Footer information