On Mon, Dec 02, 2024 at 08:51:15PM +0530, Vikash Garodia wrote: > > On 12/2/2024 8:41 PM, Dmitry Baryshkov wrote: > > On Mon, Dec 02, 2024 at 06:20:40PM +0530, Vikash Garodia wrote: > >> > >> On 12/2/2024 6:16 PM, Dmitry Baryshkov wrote: > >>> On Mon, Dec 02, 2024 at 05:30:55PM +0530, Vikash Garodia wrote: > >>>> Hi Dmitry, > >>>> > >>>> On 11/29/2024 8:05 PM, Dmitry Baryshkov wrote: > >>>>> On Wed, Nov 20, 2024 at 01:22:50PM +0200, Dmitry Baryshkov wrote: > >>>>>> On Wed, Nov 20, 2024 at 04:40:51PM +0530, Vikash Garodia wrote: > >>>>>>> > >>>>>>> On 11/20/2024 4:09 PM, Dmitry Baryshkov wrote: > >>>>>>>> On Thu, Nov 14, 2024 at 01:31:14PM +0200, Dmitry Baryshkov wrote: > >>>>>>>>> On Thu, 14 Nov 2024 at 13:05, Vikash Garodia <quic_vgarodia@xxxxxxxxxxx> wrote: > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> On 11/14/2024 4:16 PM, Dmitry Baryshkov wrote: > >>>>>>>>>>> On Thu, Nov 14, 2024 at 09:06:55AM +0530, Vikash Garodia wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> On 11/13/2024 8:10 PM, Dmitry Baryshkov wrote: > >>>>>>>>>>>>> On Wed, Nov 13, 2024 at 10:50:44AM +0000, Renjiang Han (QUIC) wrote: > >>>>>>>>>>>>>> Hello > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> The following changes since commit 6482750d396980a31f76edd5a84b03a96bbdf3fe: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Merge branch 'verb' into 'main' (2024-11-11 20:01:00 +0000) > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> are available in the Git repository at: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> git@xxxxxxxxxxxxxxxxxx:clo/linux-kernel/linux-firmware.git<mailto:git@xxxxxxxxxxxxxxxxxx:clo/linux-kernel/linux-firmware.git> video-firmware-qcs615 > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> for you to fetch changes up to 1e7f65883150d3b48307b4f0d6871c60151ee25b: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> qcom: venus-5.4: add venus firmware file for qcs615 (2024-11-13 15:50:29 +0530) > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> ---------------------------------------------------------------- > >>>>>>>>>>>>>> Renjiang Han (1): > >>>>>>>>>>>>>> qcom: venus-5.4: add venus firmware file for qcs615 > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> WHENCE | 1 + > >>>>>>>>>>>>> > >>>>>>>>>>>>> Could you please be more specific, what is the difference between the > >>>>>>>>>>>>> existing file and a new file? According to the soc_vers the new file > >>>>>>>>>>>>> supports sdm845. Should it instead replace the old firmware? > >>>>>>>>>>>> SDM845, SC7180, qcs615 can be enabled on same firmware ideally, but due to a > >>>>>>>>>>>> different signing for qcs615, it takes a separate bin (xxx_s6.mbn). > >>>>>>>>>>> > >>>>>>>>>>> Can SDM845 handle v6 signatures? It supports v5 and PSS. Or can QCS615 > >>>>>>>>>>> use v5 signatures? > >>>>>>>>>> Infact we started with loading sc7180 firmware on qc615, video init failed. So > >>>>>>>>>> far i have seen 2 categories in signing version for video bins, either default > >>>>>>>>>> or v6 specific tool. > >>>>>>>>> > >>>>>>>>> Can firmware / security engineers actually advice us on using v5 > >>>>>>>>> firmware signatures with QCS615 _and_ with older platforms? > >>>>>>>>> Existing venus-5.4/venus.mbn uses v3 > >>>>>>>> > >>>>>>>> Vikash, any updates on this topic? Would it be possible to have a single > >>>>>>>> FW image with just v5 signatures? > >>>>>>> Not yet Dmitry. Having a followup with relevant folks this friday to understand > >>>>>>> the signing requirements across different SOCs, hopefully will be able to add > >>>>>>> something on this by then. > >>>>> > >>>>> It's been more than a week since the last email. Are there any updates? > >>>>> I'd really like to get this sorted out before next linux-firmware > >>>>> release, otherwise we'll be stuck with these names for the foreseeable > >>>>> future. > >>>> I have been chasing both the firmware and security folks to align on this. So > >>>> far the updates are that one is signed MBNv5 and other with MBNV6, hence leading > >>> > >>> I think the existing firmware uses v3, not v5. > >>> > >>> 00001000 00 00 00 00 03 00 00 00 00 00 00 00 28 00 a0 0f |............(...| > >>> > >>> > >>>> to different set of binaries. These MBN versions of signing is defined at SOC > >>>> level and depends on secure boot libraries used in that SOC. > >>>> At the same time, there is an experiment to check if SC7180 can be signed with > >>>> version used for QCS615 i.e MBNV6. > >>> > >>> Thanks! Are you trying that without updating the whole bootloader stack? I > >>> think some of SC7180 devices might be EOL'd, so it might be hard to get > >>> FW/bootloader updates. > >> Just the firmware part, by signing it with qcs615 way, as an experiment > >> suggested by security folks. > > > > Ok, that doesn't sound like a lengthy experiment: resign the FW, boot > > the laptop, caboom or not caboom. If I remember correctly the file that > > you've pushed even lists sc7180 as allowed. > its used only for qcs615. Huh? venus_s6.mbn lists 0x6000, 0x6001, 0x6004, 0x6005, 0x6007, 0x9001 and 0x600E as soc_vers values. I think that includes sc7180. > >>>> One query here - given that qcs615 only loads the venus_s6.mbn variant, and it > >>>> is not enabled yet (patches in review) for video, we should be good if we > >>>> conclude the firmware part before accepting the qcs615 enablement patches ? > >>> > >>> Good question. I think that depends on linux-firmware maintainer's > >>> opinion. > >>> > > -- With best wishes Dmitry
