[PATCH v6 3/7] tpm: Add the RNG child device

Fri Jul 15 17:38:38 CEST 2022

Hi,

On Thu, 14 Jul 2022 at 11:55, Rob Herring <robh at kernel.org> wrote:
>
> On Wed, Jul 13, 2022 at 9:28 AM Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi Rob,
> >
> > On Tue, 12 Jul 2022 at 08:11, Rob Herring <robh at kernel.org> wrote:
> > >
> > > On Tue, Jul 12, 2022 at 5:04 AM Simon Glass <sjg at chromium.org> wrote:
> > > >
> > > > Hi Ilias,
> > > >
> > > > On Fri, 8 Jul 2022 at 02:24, Ilias Apalodimas
> > > > <ilias.apalodimas at linaro.org> wrote:
> > > > >
> > > > > Hi Simon,
> > > > >
> > > > > [...]
> > > > >
> > > > > > > +
> > > > > > >  UCLASS_DRIVER(tpm) = {
> > > > > > > -       .id             = UCLASS_TPM,
> > > > > > > -       .name           = "tpm",
> > > > > > > -       .flags          = DM_UC_FLAG_SEQ_ALIAS,
> > > > > > > +       .id                     = UCLASS_TPM,
> > > > > > > +       .name                   = "tpm",
> > > > > > > +       .flags                  = DM_UC_FLAG_SEQ_ALIAS,
> > > > > > >  #if CONFIG_IS_ENABLED(OF_REAL)
> > > > > > > -       .post_bind      = dm_scan_fdt_dev,
> > > > > > > +       .post_bind              = dm_scan_fdt_dev,
> > > > > > >  #endif
> > > > > > > +       .post_probe             = tpm_uclass_post_probe,
> > > > > > >         .per_device_auto        = sizeof(struct tpm_chip_priv),
> > > > > > >  };
> > > > > > > --
> > > > > > > 2.25.1
> > > > > > >
> > > > > >
> > > > > > The driver needs a compatible string so it can be in the device tree.
> > > > >
> > > > > Why?  I've tried to hint this on the previous iteration of the patch.
> > > > > The RNG here is not a *device*.  The TPM is the device and you are
> > > > > guaranteed to have an RNG.  The way to get a random number is send a
> > > > > special command to the TPM. So all that we should do here is leverage
> > > > > the fact that the TPM is already in the device tree.
> > > > >
> > > > > And fwiw we should stick to try to stick to what the DT spec defines
> > > > > as much as possible.  I personally don't see this as a special usecase
> > > > > were deviating from the spec is justified.
> > > >
> > > > This is not a deviation from a spec. What spec? Also, I don't want to
> > > > get into another discussion about what a device is. We can disagree on
> > > > that if you like.
> > > >
> > > > One reason is that U-Boot generally requires compatible strings, e.g.
> > > > with of-platdata. But also we can refer to the rand device from
> > > > elsewhere in the tree. I know that Linux does lots of ad-hoc device
> > > > creation and doesn't really have the concept of a uclass consistently
> > > > applied, but this is U-Boot.
> > >
> > > You are letting client/OS details define your binding. Doing so
> > > doesn't result in OS agnostic bindings. Sure, it would be nice if DT
> > > nodes and drivers were always a nice clean 1:1 ratio, but h/w is messy
> > > sometimes and DT is not an abstraction layer. The general guidance on
> > > whether there are child nodes for sub-blocks is do they have their own
> > > resources in DT or are the sub-blocks reusable on multiple devices.
> > > Neither of those are the case here.
> > >
> > > Besides, we already have TPM device bindings defined. Requiring
> > > binding changes when adding a new client/OS feature is not good
> > > practice either.
> >
> > I'm not sure what to do with this, but in general the practice of
> > implied subnodes is not friendly to U-Boot. Yet it seems like a common
> > feature of the bindings at present, for example GPIOs.
>
> It's perfectly normal for a single device to be multiple providers. A
> common example is clock AND reset blocks. They are both a clock and
> reset provider. So you could have either:
>
> crm {
>   compatible = "foo,soc-crm";
>   clock-controller {
>    compatible = "foo,soc-crm-clocks";
>    #clock-cells = <1>;
>   };
>   reset-controller {
>     compatible = "foo,soc-crm-resets";
>     #reset-cells = <1>;
>   };
> };
>
> or:
>
> crm {
>   compatible = "foo,soc-crm";
>   #clock-cells = <1>;
>   #reset-cells = <1>;
> };
>
> Which one's right? Well, depends on the h/w really. If clock and reset
> controls are interleaved bits or registers, then the first case really
> doesn't make sense.
>
> In any case, this ship has sailed. There are tons of the latter case
> already, so either you have to figure out support 1 DT node to N
> drivers or you're going to be carrying a bunch of your own u-boot
> bindings.

Thanks for the info. I'm really only talking about this TPM issue here.

>
> > The device tree is how U-Boot determines which random-number generator
> > to use for a particular function. For example, for VBE, if we need to
> > generate some random numbers we'd like to specify which device creates
> > them. It can't just be 'use the TPM if you find one'.
>
> Why not?

It isn't deterministic. This is exactly the sort of selection that
device tree is supposed to permit. It would be better to have a
phandle from the board-config node, VBE method node, or something else
that provides the devices to be used.

>
> > I'm not sure how that works in Linux?
>
> Not sure. I think Linux's answer is use all of the RNG sources and
> none of them directly.

OK.

Re Ilias' question about cr50, I don't know.

Re Tom's point about matching on compatible strings, IMO it is cleaner
for the driver to create a child device for the random-number device
if it can provide one, as is done with PMIC when providing GPIOS and
regulators, for example.

Since it seems that the TPM binding does not have this, my preference
would be to add this to the TPM binding.

If that is not acceptable, then we have the TPM_RNG option which we
can disable when we do have such a binding, perhaps only in U-Boot.

I think I have made my point here and people understand it, so I'll
drop my objection to this patch and we can worry about it later if it
causes problems.

Regards,
Simon