[PATCH v3 0/8] Suspend to RAM support for K3 J7200

[Andrew Davis]

On 1/8/24 10:56 AM, Thomas Richard wrote:
> This series is the U-Boot part of the work to add the suspend to RAM
> support for the K3 J7200 EVM board.
> 
> During the boot R5 SPL makes a copy of DM-Firmware and TF-A in memory.
> Resume detection is done by reading a magic value in a pmic register
> (set by DM-Firmware).
> 
> If a resume is detected, R5 SPL run the exit retention sequence of the
> DDR. Then it load TF-A and DM-Firmware using the copies done during the boot
> (fit image processing is skipped).
> Before to start TF-A, R5 SPL writes a magic value in scratchpad ram. This
> will be used by TF-A to detect that the board is resuming.
> 
> The copy of TF-A/DM-Firmware, the SPL stack and malloc are located in a
> reserved memory region (for the kernel point of view) to avoid any
> memory corruption.
> 
> This version is mostly to test the firewall protection with the suspend
> to ram.

Seems to show the opposite, if you are able to access and load TF-A
back to its spot after resume from un-trusted SPL then the firewall
did not survive suspend to RAM. That is a huge security gap if TIFS
is forgetting to put back the firewalls on resume.. What is the
point of firewalls on these systems if I can just knock them all
out by doing a simple suspend/resume cycle?

> Some comments (for the v2) were not fixed in this version.

Why not?

> This series has been tested with the series [1] to enable the firewall.
> At the end of the resume sequence, TF-A is well protected by the
> firewall, but OP-TEE remains unprotected.
> 

Then why post this? If it is just to get some eyes on it, then label
it as an "RFC" so our silence isn't considered acceptance, otherwise we
have to manually NAK these each time.

Andrew

> [1] https://lore.kernel.org/all/20231229-binman-firewalling-v7-0-47ed4af303fe@ti.com/
> 
> 
> Changes in v3:
> - At resume, R5 SPL doesn't restore TF-A anymore.
>    TF-A is started like during a cold boot. R5 SPL will notify that the board is
>    resuming using a magic value written in the scratchpad ram.
>    TF-A will restore itself.
> - Link to v2:
>    https://lore.kernel.org/u-boot/20231107161802.855154-1-thomas.richard@bootlin.com/
> 
> Changes in v2:
> - Set exit retention code for DDR behind CONFIG_K3_J721E_DDRSS
> - Check if TF-A is running in DRAM, if yes no need to restore it
> - Remove BL31_START macro, and get TF-A start address from the fit image
> - Remove the test_enter_suspend command
> - Link to v1:
>    https://lore.kernel.org/u-boot/20231016141135.325698-1-thomas.richard@bootlin.com/
> 
> Gowtham Tammana (1):
>    DO NOT MERGE: arm: dts: k3-j7200-r5-common: Add pmic node for esm
> 
> Gregory CLEMENT (2):
>    configs: j7200_evm_r5: Used reserved memory in DDR for stack
>    configs: j7200_evm_r5: Move address used for allocation in the
>      reserved space
> 
> Thomas Richard (5):
>    board: ti: j721e: Add resume detection for J7200
>    ram: k3-ddrss: Add exit retention support
>    board: ti: j721e: Add the missing part of exit retention for k3-ddrss
>      (J7200)
>    board: ti: j721e: During resume spl notify tf-a that the board is
>      resuming
>    arm: mach-k3: j7200: Skip fit processing when resuming
> 
>   .../arm/dts/k3-j7200-r5-common-proc-board.dts |  17 +-
>   arch/arm/mach-k3/common.c                     |  65 +++-
>   .../arm/mach-k3/include/mach/j721e_hardware.h |   1 +
>   arch/arm/mach-k3/include/mach/j721e_spl.h     |  30 ++
>   arch/arm/mach-k3/sysfw-loader.c               |  16 +-
>   board/ti/j721e/evm.c                          |  77 +++++
>   configs/j7200_evm_r5_defconfig                |   4 +-
>   drivers/ram/k3-ddrss/k3-ddrss.c               | 307 ++++++++++++++++++
>   8 files changed, 507 insertions(+), 10 deletions(-)
>