Re: [PATCH 3/3] crypto: inside-secure - add support for using the EIP197 without firmware images

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Pascal,

On Wed, Jun 19, 2019 at 02:37:44PM +0000, Pascal Van Leeuwen wrote:
> > From: Antoine Tenart <antoine.tenart@xxxxxxxxxxx>
> > On Tue, Jun 18, 2019 at 07:56:24AM +0200, Pascal van Leeuwen wrote:
> 
> > In addition to this, the direction the kernel has taken was to *remove*
> > binary firmwares from its source code. I'm afraid adding this is a
> > no-go.
> 
> For a HW engineer, there really is no fundamental difference between
> control register contents or an instruction word. They can both have
> the exact same effects internal to the HW.
> If I had disguised this as a handful of config reg writes writing 
> some #define'd magic values, probably no one would have even noticed.

I do not fully agree. If this is comparable to configuring h/w
registers, then you could probably have defines explaining why each bit
is set and what it's doing. Which would be fine.

> By that same definition, the tokens the driver generates for
> processing could be considered "firmware" as well (as they are used by
> the hardware in a very similar way) ...

Right. The main difference here is we do have a clear definition of what
the tokens are doing. Thanks to your explanation, if this firmware is
really looking like the token we're using, the words have a defined
structure and the magic values could be generated with proper defines
and macros. And I think it's the main issue here: it's not acceptable to
have an array of magic values. If you can give a meaning to those bits,
I see no reason why it couldn't be added to the driver.

(And I'm all for what you're trying to achieve here :)).

> > The proper solution I believe would be to support loading this "MiniFW",
> > which (depending on the license) could be either distributed in the
> > rootfs and loaded (like what's done currently), or through
> > CONFIG_EXTRA_FIRMWARE.
> > 
> That seems total overkill for just a handful of words though.

Given your explanation, I agree. (If those bits can have meaning).

Thanks!
Antoine

-- 
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux