I've been testing out different mainline Linux kernels on the LS1088 and found that kernel 5.2 and later will not boot out of the box due to this change:
Commit 954a03be033c7cef80ddc232e7cbdb17df735663
Hello Mathew McBride,
This problem has already been tracked in https://jira.sw.nxp.com/browse/QORIQLU-471 in our internal defect system, it has not been fixed so far.
This patch starts the transition over to make it much harder to run
your system insecurely. Expected steps:
1. By default disable bypass (so anyone insecure will notice) but make
it easy for someone to re-enable bypass with just a KConfig change.
That's this patch.
2. After people have had a little time to come to grips with the fact
that they need to set their IOMMUs properly and have had time to
dig into how to do this, the KConfig will be eliminated and bypass
will simply be disabled. Folks who are truly upset and still
haven't fixed their system can either figure out how to add
'arm-smmu.disable_bypass=n' to their command line or revert the
patch in their own private kernel. Of course these folks will be
less secure.
Thanks,
Yiping
Yiping,
I was wondering if there is an update on this issue? I tried following the link to your JIRA site that you provided, but it gives my browser a "Secure Connection Failed" message in Firefox, so I cannot see the progress.
I am currently using the mitigation that has been suggested ("arm-smmu.disable_bypass=n"), but I would really appreciate it if I can remove the mitigation and have the correct, secure configuration.
Thank you!
Jared D.