Message ID | 20241204150326.1470749-1-quic_vdadhani@quicinc.com (mailing list archive) |
---|---|
Headers | show |
Series | Add support to load QUP SE firmware from | expand |
On 4.12.2024 4:03 PM, Viken Dadhaniya wrote: > In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP > hardware has traditionally been managed by TrustZone (TZ). This setup > handled Serial Engines(SE) assignments and access control permissions, > ensuring a high level of security but limiting flexibility and > accessibility. > > This limitation poses a significant challenge for developers who need more > flexibility to enable any protocol on any of the SEs within the QUP > hardware. > > To address this, we are introducing a change that opens the firmware > loading mechanism to the Linux environment. This enhancement increases > flexibility and allows for more streamlined and efficient management. We > can now handle SE assignments and access control permissions directly > within Linux, eliminating the dependency on TZ. > > We propose an alternative method for firmware loading and SE > ownership/transfer mode configuration based on device tree configuration. > This method does not rely on other execution environments, making it > accessible to all developers. > > For SEs used prior to the kernel, their firmware will be loaded by the > respective image drivers (e.g., Debug UART, Secure or trusted SE). > Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, > will not be loaded by Linux driver but TZ only. At the kernel level, only > the SE protocol driver should load the respective protocol firmware. I think this is a great opportunity to rethink the SE node in general. Currently, for each supported protocol, we create a new node that differs in (possibly) interconnects and pinctrl states. These are really defined per-SE however and we can programmatically determine which ones are relevant. With the growing number of protocols supported, we would have to add 20+ nodes in some cases for each one of them. I think a good one would look like: geni_se10: serial-engine@abcdef { compatible = "qcom,geni-se"; reg clocks power-domains interconnects ... status geni_se10_i2c: i2c { // i2c-controller.yaml }; geni_se10_spi: spi { // spi-controller.yaml }; ... } Or maybe even get rid of the subnodes and restrict that to a single se-protocol = <SE_PROTOCOL_xyz> property, if the bindings folks agree. We could extend the DMA APIs to dynamically determine the protocol ID and get rid of hardcoding it. And then we could spawn an instance of the spi, i2c, etc. driver from the GENI SE driver. Konrad
On 05/12/2024 16:59, Konrad Dybcio wrote: > On 4.12.2024 4:03 PM, Viken Dadhaniya wrote: >> In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP >> hardware has traditionally been managed by TrustZone (TZ). This setup >> handled Serial Engines(SE) assignments and access control permissions, >> ensuring a high level of security but limiting flexibility and >> accessibility. >> >> This limitation poses a significant challenge for developers who need more >> flexibility to enable any protocol on any of the SEs within the QUP >> hardware. >> >> To address this, we are introducing a change that opens the firmware >> loading mechanism to the Linux environment. This enhancement increases >> flexibility and allows for more streamlined and efficient management. We >> can now handle SE assignments and access control permissions directly >> within Linux, eliminating the dependency on TZ. >> >> We propose an alternative method for firmware loading and SE >> ownership/transfer mode configuration based on device tree configuration. >> This method does not rely on other execution environments, making it >> accessible to all developers. >> >> For SEs used prior to the kernel, their firmware will be loaded by the >> respective image drivers (e.g., Debug UART, Secure or trusted SE). >> Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, >> will not be loaded by Linux driver but TZ only. At the kernel level, only >> the SE protocol driver should load the respective protocol firmware. > > I think this is a great opportunity to rethink the SE node in general. > > Currently, for each supported protocol, we create a new node that > differs in (possibly) interconnects and pinctrl states. These are really > defined per-SE however and we can programmatically determine which ones > are relevant. > > With the growing number of protocols supported, we would have to add > 20+ nodes in some cases for each one of them. I think a good one would > look like: > > geni_se10: serial-engine@abcdef { > compatible = "qcom,geni-se"; > > reg > clocks > power-domains > interconnects > ... > > status > > geni_se10_i2c: i2c { > // i2c-controller.yaml > }; > > geni_se10_spi: spi { > // spi-controller.yaml > }; > > ... > } > > Or maybe even get rid of the subnodes and restrict that to a single > se-protocol = <SE_PROTOCOL_xyz> property, if the bindings folks agree. > > We could extend the DMA APIs to dynamically determine the protocol > ID and get rid of hardcoding it. > > And then we could spawn an instance of the spi, i2c, etc. driver from > the GENI SE driver. How/where would you add the peripheral subnodes ? A Serial Engine can only be a single type on a board, but I agree we could have a "generic" serial engine node that would be differenciated in the board DT with the protocol, and use the bindings yaml checked to properly check the subnodes/properties depending on the protocol property. But we would still need all the serial nodes in the SoC DT. This may make the software support harder, meaning we would either need to have the same compatible probed in sequence from the i2c/spi/uart driver until one matches the protocol, or have the qup driver spawn an auxiliary device. Honestly, not sure it would be much simpler... Neil > > Konrad >
On 12/5/2024 9:29 PM, Konrad Dybcio wrote: > On 4.12.2024 4:03 PM, Viken Dadhaniya wrote: >> In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP >> hardware has traditionally been managed by TrustZone (TZ). This setup >> handled Serial Engines(SE) assignments and access control permissions, >> ensuring a high level of security but limiting flexibility and >> accessibility. >> >> This limitation poses a significant challenge for developers who need more >> flexibility to enable any protocol on any of the SEs within the QUP >> hardware. >> >> To address this, we are introducing a change that opens the firmware >> loading mechanism to the Linux environment. This enhancement increases >> flexibility and allows for more streamlined and efficient management. We >> can now handle SE assignments and access control permissions directly >> within Linux, eliminating the dependency on TZ. >> >> We propose an alternative method for firmware loading and SE >> ownership/transfer mode configuration based on device tree configuration. >> This method does not rely on other execution environments, making it >> accessible to all developers. >> >> For SEs used prior to the kernel, their firmware will be loaded by the >> respective image drivers (e.g., Debug UART, Secure or trusted SE). >> Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, >> will not be loaded by Linux driver but TZ only. At the kernel level, only >> the SE protocol driver should load the respective protocol firmware. > > I think this is a great opportunity to rethink the SE node in general. > > Currently, for each supported protocol, we create a new node that > differs in (possibly) interconnects and pinctrl states. These are really > defined per-SE however and we can programmatically determine which ones > are relevant. > > With the growing number of protocols supported, we would have to add > 20+ nodes in some cases for each one of them. I think a good one would > look like: > > geni_se10: serial-engine@abcdef { > compatible = "qcom,geni-se"; > > reg > clocks > power-domains > interconnects > ... > > status > > geni_se10_i2c: i2c { > // i2c-controller.yaml > }; > > geni_se10_spi: spi { > // spi-controller.yaml > }; > > ... > } > > Or maybe even get rid of the subnodes and restrict that to a single > se-protocol = <SE_PROTOCOL_xyz> property, if the bindings folks agree. > > We could extend the DMA APIs to dynamically determine the protocol > ID and get rid of hardcoding it. > > And then we could spawn an instance of the spi, i2c, etc. driver from > the GENI SE driver. > > Konrad Thanks for the advice. The above design suggested by you may add more code change into protocol driver as well as common driver. I am really interested to discuss more options and come to better design. let me discuss with you on this. Also do you think we can push the re-design of DTSI nodes as separate change instead of clubbing with this FW load change ?
On 12/9/2024 8:15 PM, neil.armstrong@linaro.org wrote: > On 05/12/2024 16:59, Konrad Dybcio wrote: >> On 4.12.2024 4:03 PM, Viken Dadhaniya wrote: >>> In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP >>> hardware has traditionally been managed by TrustZone (TZ). This setup >>> handled Serial Engines(SE) assignments and access control permissions, >>> ensuring a high level of security but limiting flexibility and >>> accessibility. >>> This limitation poses a significant challenge for developers who need >>> more >>> flexibility to enable any protocol on any of the SEs within the QUP >>> hardware. >>> To address this, we are introducing a change that opens the firmware >>> loading mechanism to the Linux environment. This enhancement increases >>> flexibility and allows for more streamlined and efficient management. We >>> can now handle SE assignments and access control permissions directly >>> within Linux, eliminating the dependency on TZ. >>> We propose an alternative method for firmware loading and SE >>> ownership/transfer mode configuration based on device tree >>> configuration. >>> This method does not rely on other execution environments, making it >>> accessible to all developers. >>> For SEs used prior to the kernel, their firmware will be loaded by the >>> respective image drivers (e.g., Debug UART, Secure or trusted SE). >>> Additionally, the GSI firmware, which is common to all SEs per QUPV3 >>> core, >>> will not be loaded by Linux driver but TZ only. At the kernel level, >>> only >>> the SE protocol driver should load the respective protocol firmware. >> >> I think this is a great opportunity to rethink the SE node in general. >> >> Currently, for each supported protocol, we create a new node that >> differs in (possibly) interconnects and pinctrl states. These are really >> defined per-SE however and we can programmatically determine which ones >> are relevant. >> >> With the growing number of protocols supported, we would have to add >> 20+ nodes in some cases for each one of them. I think a good one would >> look like: >> >> geni_se10: serial-engine@abcdef { >> compatible = "qcom,geni-se"; >> >> reg >> clocks >> power-domains >> interconnects >> ... >> >> status >> >> geni_se10_i2c: i2c { >> // i2c-controller.yaml >> }; >> >> geni_se10_spi: spi { >> // spi-controller.yaml >> }; >> >> ... >> } >> >> Or maybe even get rid of the subnodes and restrict that to a single >> se-protocol = <SE_PROTOCOL_xyz> property, if the bindings folks agree. >> >> We could extend the DMA APIs to dynamically determine the protocol >> ID and get rid of hardcoding it. >> >> And then we could spawn an instance of the spi, i2c, etc. driver from >> the GENI SE driver. > > How/where would you add the peripheral subnodes ? A Serial Engine can > only be a > single type on a board, but I agree we could have a "generic" serial > engine node > that would be differenciated in the board DT with the protocol, and use > the bindings > yaml checked to properly check the subnodes/properties depending on the > protocol > property. > > But we would still need all the serial nodes in the SoC DT. > > This may make the software support harder, meaning we would either need to > have the same compatible probed in sequence from the i2c/spi/uart driver > until > one matches the protocol, or have the qup driver spawn an auxiliary device. > > Honestly, not sure it would be much simpler... > Agree Neil, it has it's own challenges in terms actual code changes per driver and common driver redesign when we move the SE nodes and make it common. We may come up with some solution to make one SE DTSI node for all protocols having different (pinctrl configuration, DMA configuration) but it's also going to add some level of code complexities and yaml changes. Can we exclude this design change for this firmware loading and later align to this new design change ? > Neil > >> >> Konrad >> >
On 9.12.2024 3:45 PM, neil.armstrong@linaro.org wrote: > On 05/12/2024 16:59, Konrad Dybcio wrote: >> On 4.12.2024 4:03 PM, Viken Dadhaniya wrote: >>> In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP >>> hardware has traditionally been managed by TrustZone (TZ). This setup >>> handled Serial Engines(SE) assignments and access control permissions, >>> ensuring a high level of security but limiting flexibility and >>> accessibility. >>> This limitation poses a significant challenge for developers who need more >>> flexibility to enable any protocol on any of the SEs within the QUP >>> hardware. >>> To address this, we are introducing a change that opens the firmware >>> loading mechanism to the Linux environment. This enhancement increases >>> flexibility and allows for more streamlined and efficient management. We >>> can now handle SE assignments and access control permissions directly >>> within Linux, eliminating the dependency on TZ. >>> We propose an alternative method for firmware loading and SE >>> ownership/transfer mode configuration based on device tree configuration. >>> This method does not rely on other execution environments, making it >>> accessible to all developers. >>> For SEs used prior to the kernel, their firmware will be loaded by the >>> respective image drivers (e.g., Debug UART, Secure or trusted SE). >>> Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, >>> will not be loaded by Linux driver but TZ only. At the kernel level, only >>> the SE protocol driver should load the respective protocol firmware. >> >> I think this is a great opportunity to rethink the SE node in general. >> >> Currently, for each supported protocol, we create a new node that >> differs in (possibly) interconnects and pinctrl states. These are really >> defined per-SE however and we can programmatically determine which ones >> are relevant. >> >> With the growing number of protocols supported, we would have to add >> 20+ nodes in some cases for each one of them. I think a good one would >> look like: >> >> geni_se10: serial-engine@abcdef { >> compatible = "qcom,geni-se"; >> >> reg >> clocks >> power-domains >> interconnects >> ... >> >> status >> >> geni_se10_i2c: i2c { >> // i2c-controller.yaml >> }; >> >> geni_se10_spi: spi { >> // spi-controller.yaml >> }; >> >> ... >> } >> >> Or maybe even get rid of the subnodes and restrict that to a single >> se-protocol = <SE_PROTOCOL_xyz> property, if the bindings folks agree. >> >> We could extend the DMA APIs to dynamically determine the protocol >> ID and get rid of hardcoding it. >> >> And then we could spawn an instance of the spi, i2c, etc. driver from >> the GENI SE driver. > > How/where would you add the peripheral subnodes ? A Serial Engine can only be a > single type on a board, but I agree we could have a "generic" serial engine node > that would be differenciated in the board DT with the protocol, and use the bindings > yaml checked to properly check the subnodes/properties depending on the protocol > property. > > But we would still need all the serial nodes in the SoC DT. Correct, but NUM_PROTOCOLS times less. NUM_PROTOCOLS is 3 upstream as of right now, but it's much higher in general (which will trickle upstream one day or another). > > This may make the software support harder, meaning we would either need to > have the same compatible probed in sequence from the i2c/spi/uart driver until > one matches the protocol, or have the qup driver spawn an auxiliary device. No, just read back the protocol id from hardware (if the SE is running), or from some DT property (if we need to load the FW ourselves). Then, based on that, we can call platform_device_register_data(dev, "geni_i2c", ...) (or similar) > Honestly, not sure it would be much simpler... Not sure if I'm happy to maintain NUM_QUPs * NUM_SEs * NUM_PROTOCOLS DT nodes, per each platform separately.. Konrad
On 10.12.2024 6:06 AM, Viken Dadhaniya wrote: > > > On 12/5/2024 9:29 PM, Konrad Dybcio wrote: >> On 4.12.2024 4:03 PM, Viken Dadhaniya wrote: >>> In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP >>> hardware has traditionally been managed by TrustZone (TZ). This setup >>> handled Serial Engines(SE) assignments and access control permissions, >>> ensuring a high level of security but limiting flexibility and >>> accessibility. >>> This limitation poses a significant challenge for developers who need more >>> flexibility to enable any protocol on any of the SEs within the QUP >>> hardware. >>> To address this, we are introducing a change that opens the firmware >>> loading mechanism to the Linux environment. This enhancement increases >>> flexibility and allows for more streamlined and efficient management. We >>> can now handle SE assignments and access control permissions directly >>> within Linux, eliminating the dependency on TZ. >>> We propose an alternative method for firmware loading and SE >>> ownership/transfer mode configuration based on device tree configuration. >>> This method does not rely on other execution environments, making it >>> accessible to all developers. >>> For SEs used prior to the kernel, their firmware will be loaded by the >>> respective image drivers (e.g., Debug UART, Secure or trusted SE). >>> Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, >>> will not be loaded by Linux driver but TZ only. At the kernel level, only >>> the SE protocol driver should load the respective protocol firmware. >> >> I think this is a great opportunity to rethink the SE node in general. >> >> Currently, for each supported protocol, we create a new node that >> differs in (possibly) interconnects and pinctrl states. These are really >> defined per-SE however and we can programmatically determine which ones >> are relevant. >> >> With the growing number of protocols supported, we would have to add >> 20+ nodes in some cases for each one of them. I think a good one would >> look like: >> >> geni_se10: serial-engine@abcdef { >> compatible = "qcom,geni-se"; >> >> reg >> clocks >> power-domains >> interconnects >> ... >> >> status >> >> geni_se10_i2c: i2c { >> // i2c-controller.yaml >> }; >> >> geni_se10_spi: spi { >> // spi-controller.yaml >> }; >> >> ... >> } >> >> Or maybe even get rid of the subnodes and restrict that to a single >> se-protocol = <SE_PROTOCOL_xyz> property, if the bindings folks agree. >> >> We could extend the DMA APIs to dynamically determine the protocol >> ID and get rid of hardcoding it. >> >> And then we could spawn an instance of the spi, i2c, etc. driver from >> the GENI SE driver. >> >> Konrad > > Thanks for the advice. > The above design suggested by you may add more code change into protocol driver as well as common driver. > I am really interested to discuss more options and come to better design. let me discuss with you on this. > Also do you think we can push the re-design of DTSI nodes as separate change instead of clubbing with this FW load change ? Sure, the firmware loading support itself is a separate change. I simply used this thread as an opportunity to talk about a future cleanup. Konrad
Hi Viken, On 04/12/2024 16:03, Viken Dadhaniya wrote: > In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP > hardware has traditionally been managed by TrustZone (TZ). This setup > handled Serial Engines(SE) assignments and access control permissions, > ensuring a high level of security but limiting flexibility and > accessibility. > > This limitation poses a significant challenge for developers who need more > flexibility to enable any protocol on any of the SEs within the QUP > hardware. > > To address this, we are introducing a change that opens the firmware > loading mechanism to the Linux environment. This enhancement increases > flexibility and allows for more streamlined and efficient management. We > can now handle SE assignments and access control permissions directly > within Linux, eliminating the dependency on TZ. > > We propose an alternative method for firmware loading and SE > ownership/transfer mode configuration based on device tree configuration. > This method does not rely on other execution environments, making it > accessible to all developers. > > For SEs used prior to the kernel, their firmware will be loaded by the > respective image drivers (e.g., Debug UART, Secure or trusted SE). > Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, > will not be loaded by Linux driver but TZ only. At the kernel level, only > the SE protocol driver should load the respective protocol firmware. I gave this series a spin on the RB3 Gen 2 with U-Boot. After fixing the compilation errors, it seems like there is a consistent hard crash (the board freezes and resets) at some point during i2c controller init with this series. I noticed a similar issue with this same logic implemented in U-Boot. Could you clarify which xfer mode is appropriate for the i2c controllers on the RB3 Gen 2 and maybe give this a try yourself, or let me know what other info you'd need to debug this. Thanks and kind regards, > > Viken Dadhaniya (7): > dt-bindings: i2c: qcom,i2c-geni: Document DT properties for QUP > firmware loading > spi: dt-bindings: Document DT properties for QUP firmware loading > dt-bindings: serial: Document DT properties for QUP firmware loading > soc: qcom: geni-se:: Add support to load QUP SE Firmware via Linux > subsystem > i2c: qcom-geni: Load i2c qup Firmware from linux side > spi: geni-qcom: Load spi qup Firmware from linux side > serial: qcom-geni: Load UART qup Firmware from linux side > > .../bindings/i2c/qcom,i2c-geni-qcom.yaml | 11 + > .../serial/qcom,serial-geni-qcom.yaml | 12 + > .../bindings/spi/qcom,spi-geni-qcom.yaml | 11 + > drivers/i2c/busses/i2c-qcom-geni.c | 11 +- > drivers/soc/qcom/qcom-geni-se.c | 445 ++++++++++++++++++ > drivers/spi/spi-geni-qcom.c | 7 +- > drivers/tty/serial/qcom_geni_serial.c | 7 +- > include/linux/soc/qcom/geni-se.h | 17 + > include/linux/soc/qcom/qup-fw-load.h | 179 +++++++ > 9 files changed, 692 insertions(+), 8 deletions(-) > create mode 100644 include/linux/soc/qcom/qup-fw-load.h >
Thanks Caleb for your testing and sharing results. Since Viken is on leave, i am following on this. On 1/7/2025 4:55 PM, Caleb Connolly wrote: > Hi Viken, > > On 04/12/2024 16:03, Viken Dadhaniya wrote: >> In Qualcomm SoCs, firmware loading for Serial Engines (SE) in the QUP >> hardware has traditionally been managed by TrustZone (TZ). This setup >> handled Serial Engines(SE) assignments and access control permissions, >> ensuring a high level of security but limiting flexibility and >> accessibility. >> >> This limitation poses a significant challenge for developers who need more >> flexibility to enable any protocol on any of the SEs within the QUP >> hardware. >> >> To address this, we are introducing a change that opens the firmware >> loading mechanism to the Linux environment. This enhancement increases >> flexibility and allows for more streamlined and efficient management. We >> can now handle SE assignments and access control permissions directly >> within Linux, eliminating the dependency on TZ. >> >> We propose an alternative method for firmware loading and SE >> ownership/transfer mode configuration based on device tree configuration. >> This method does not rely on other execution environments, making it >> accessible to all developers. >> >> For SEs used prior to the kernel, their firmware will be loaded by the >> respective image drivers (e.g., Debug UART, Secure or trusted SE). >> Additionally, the GSI firmware, which is common to all SEs per QUPV3 core, >> will not be loaded by Linux driver but TZ only. At the kernel level, only >> the SE protocol driver should load the respective protocol firmware. > > I gave this series a spin on the RB3 Gen 2 with U-Boot. > Is it possible to try on RB8 board ? Because that's where this support is enabled. It also needs respective TZ configuration to allow FW loading from Linux. > After fixing the compilation errors, it seems like there is a consistent > hard crash (the board freezes and resets) at some point during i2c > controller init with this series. > Can you please share exact repro steps ? We can try locally and check what's wrong and also review in future how we make it working for U-boot combination. > I noticed a similar issue with this same logic implemented in U-Boot. > > Could you clarify which xfer mode is appropriate for the i2c controllers > on the RB3 Gen 2 and maybe give this a try yourself, or let me know what > other info you'd need to debug this. > Yes, please share the procedure , we will try internally. is there any DTSI change done as part of your testing ? > Thanks and kind regards, >> >> Viken Dadhaniya (7): >> dt-bindings: i2c: qcom,i2c-geni: Document DT properties for QUP >> firmware loading >> spi: dt-bindings: Document DT properties for QUP firmware loading >> dt-bindings: serial: Document DT properties for QUP firmware loading >> soc: qcom: geni-se:: Add support to load QUP SE Firmware via Linux >> subsystem >> i2c: qcom-geni: Load i2c qup Firmware from linux side >> spi: geni-qcom: Load spi qup Firmware from linux side >> serial: qcom-geni: Load UART qup Firmware from linux side >> >> .../bindings/i2c/qcom,i2c-geni-qcom.yaml | 11 + >> .../serial/qcom,serial-geni-qcom.yaml | 12 + >> .../bindings/spi/qcom,spi-geni-qcom.yaml | 11 + >> drivers/i2c/busses/i2c-qcom-geni.c | 11 +- >> drivers/soc/qcom/qcom-geni-se.c | 445 ++++++++++++++++++ >> drivers/spi/spi-geni-qcom.c | 7 +- >> drivers/tty/serial/qcom_geni_serial.c | 7 +- >> include/linux/soc/qcom/geni-se.h | 17 + >> include/linux/soc/qcom/qup-fw-load.h | 179 +++++++ >> 9 files changed, 692 insertions(+), 8 deletions(-) >> create mode 100644 include/linux/soc/qcom/qup-fw-load.h >> >