On Thu, 12 Dec 2024 at 10:22, Vikash Garodia <quic_vgarodia@xxxxxxxxxxx> wrote: > > > On 12/2/2024 8:51 PM, Vikash Garodia wrote: > > > > On 12/2/2024 8:41 PM, Dmitry Baryshkov wrote: > >> On Mon, Dec 02, 2024 at 06:20:40PM +0530, Vikash Garodia wrote: > >>> > >>> On 12/2/2024 6:16 PM, Dmitry Baryshkov wrote: > >>>> On Mon, Dec 02, 2024 at 05:30:55PM +0530, Vikash Garodia wrote: > >>>>> Hi Dmitry, > >>>>> > >>>>> On 11/29/2024 8:05 PM, Dmitry Baryshkov wrote: > >>>>>> On Wed, Nov 20, 2024 at 01:22:50PM +0200, Dmitry Baryshkov wrote: > >>>>>>> On Wed, Nov 20, 2024 at 04:40:51PM +0530, Vikash Garodia wrote: > >>>>>>>> > >>>>>>>> On 11/20/2024 4:09 PM, Dmitry Baryshkov wrote: > >>>>>>>>> On Thu, Nov 14, 2024 at 01:31:14PM +0200, Dmitry Baryshkov wrote: > >>>>>>>>>> On Thu, 14 Nov 2024 at 13:05, Vikash Garodia <quic_vgarodia@xxxxxxxxxxx> wrote: > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> On 11/14/2024 4:16 PM, Dmitry Baryshkov wrote: > >>>>>>>>>>>> On Thu, Nov 14, 2024 at 09:06:55AM +0530, Vikash Garodia wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> On 11/13/2024 8:10 PM, Dmitry Baryshkov wrote: > >>>>>>>>>>>>>> On Wed, Nov 13, 2024 at 10:50:44AM +0000, Renjiang Han (QUIC) wrote: > >>>>>>>>>>>>>>> Hello > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> The following changes since commit 6482750d396980a31f76edd5a84b03a96bbdf3fe: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Merge branch 'verb' into 'main' (2024-11-11 20:01:00 +0000) > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> are available in the Git repository at: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> git@xxxxxxxxxxxxxxxxxx:clo/linux-kernel/linux-firmware.git<mailto:git@xxxxxxxxxxxxxxxxxx:clo/linux-kernel/linux-firmware.git> video-firmware-qcs615 > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> for you to fetch changes up to 1e7f65883150d3b48307b4f0d6871c60151ee25b: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> qcom: venus-5.4: add venus firmware file for qcs615 (2024-11-13 15:50:29 +0530) > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> ---------------------------------------------------------------- > >>>>>>>>>>>>>>> Renjiang Han (1): > >>>>>>>>>>>>>>> qcom: venus-5.4: add venus firmware file for qcs615 > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> WHENCE | 1 + > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Could you please be more specific, what is the difference between the > >>>>>>>>>>>>>> existing file and a new file? According to the soc_vers the new file > >>>>>>>>>>>>>> supports sdm845. Should it instead replace the old firmware? > >>>>>>>>>>>>> SDM845, SC7180, qcs615 can be enabled on same firmware ideally, but due to a > >>>>>>>>>>>>> different signing for qcs615, it takes a separate bin (xxx_s6.mbn). > >>>>>>>>>>>> > >>>>>>>>>>>> Can SDM845 handle v6 signatures? It supports v5 and PSS. Or can QCS615 > >>>>>>>>>>>> use v5 signatures? > >>>>>>>>>>> Infact we started with loading sc7180 firmware on qc615, video init failed. So > >>>>>>>>>>> far i have seen 2 categories in signing version for video bins, either default > >>>>>>>>>>> or v6 specific tool. > >>>>>>>>>> > >>>>>>>>>> Can firmware / security engineers actually advice us on using v5 > >>>>>>>>>> firmware signatures with QCS615 _and_ with older platforms? > >>>>>>>>>> Existing venus-5.4/venus.mbn uses v3 > >>>>>>>>> > >>>>>>>>> Vikash, any updates on this topic? Would it be possible to have a single > >>>>>>>>> FW image with just v5 signatures? > >>>>>>>> Not yet Dmitry. Having a followup with relevant folks this friday to understand > >>>>>>>> the signing requirements across different SOCs, hopefully will be able to add > >>>>>>>> something on this by then. > >>>>>> > >>>>>> It's been more than a week since the last email. Are there any updates? > >>>>>> I'd really like to get this sorted out before next linux-firmware > >>>>>> release, otherwise we'll be stuck with these names for the foreseeable > >>>>>> future. > >>>>> I have been chasing both the firmware and security folks to align on this. So > >>>>> far the updates are that one is signed MBNv5 and other with MBNV6, hence leading > >>>> > >>>> I think the existing firmware uses v3, not v5. > >>>> > >>>> 00001000 00 00 00 00 03 00 00 00 00 00 00 00 28 00 a0 0f |............(...| > >>>> > >>>> > >>>>> to different set of binaries. These MBN versions of signing is defined at SOC > >>>>> level and depends on secure boot libraries used in that SOC. > >>>>> At the same time, there is an experiment to check if SC7180 can be signed with > >>>>> version used for QCS615 i.e MBNV6. > >>>> > >>>> Thanks! Are you trying that without updating the whole bootloader stack? I > >>>> think some of SC7180 devices might be EOL'd, so it might be hard to get > >>>> FW/bootloader updates. > >>> Just the firmware part, by signing it with qcs615 way, as an experiment > >>> suggested by security folks. > >> > >> Ok, that doesn't sound like a lengthy experiment: resign the FW, boot > >> the laptop, caboom or not caboom. If I remember correctly the file that > >> you've pushed even lists sc7180 as allowed. > > its used only for qcs615. > some good news, we could now have qcs615 firmware as common for both qcs615 as > well as sc7180. A PR would be raised to updated 5.4/venus.mbn and at the same > time to delete 5.4/venus_s6.mbn. Note, 5.4/venus_s6.mbn has been included into December release, so ideally you have to provide backwards compatible link (unless maintainers allow you to skip one). > > Regards, > Vikash > >> > >>> > >>>>> One query here - given that qcs615 only loads the venus_s6.mbn variant, and it > >>>>> is not enabled yet (patches in review) for video, we should be good if we > >>>>> conclude the firmware part before accepting the qcs615 enablement patches ? > >>>> > >>>> Good question. I think that depends on linux-firmware maintainer's > >>>> opinion. > >>>> > >> -- With best wishes Dmitry
