From patchwork Fri May 10 13:27:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13661605 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2071.outbound.protection.outlook.com [40.107.8.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE9E8127E0D for ; Fri, 10 May 2024 13:30:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.8.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715347805; cv=fail; b=Yizx08QtnGOW4Sg3nJrp0hP95YkHY7eMeOSBFVT2z4yygSlB42XfpOr2L74jfHjtNrJiLZMTmfooze8f2yfrz3jLJEIIPMJQRBACmDYnsIphYE96kIjBv4GJLA+BiGDUkVcK8300KgVZerzWl9YfNhXAYjN6lUE/qXQgq5Qgmtg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715347805; c=relaxed/simple; bh=jRb9hkx63cBBovA5OBhcBSDVUlY2RiZksRaCBeA1JzM=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=iIJ2Rz9PE6mpD+j5HzFsoexzi4ipGKobjVgrE70E7E/tGXLSbE+0FG7EJ/KAZGdaryAhsrqITA5rbkaAwyvpL8KFz3gHgZ6m41zYUeyxk+GP9+mbTgO4ePV77OXIMN8pcpZQFJkPoJSbdOk6CAtG93JJMNZJNmLA29CrtVO7+gA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b=BUanqYst; arc=fail smtp.client-ip=40.107.8.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b="BUanqYst" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S7yAlSUCEnM87z90QUIMjKjDKanUm819n+IbNvYrCoIvDdUPkBRHIzXEGEp3Ha0NYgx83tjVD6oTewk4mLNQYLz5m19CWWAaNXoxWfRYbKkkTIdhEaqbjDRT6GZE/FdSCOOm0RaR+fTbxXlS9Y0flAhamW6liRVrTJX1wjHC7mJXMchgnhfaUNhWaYa7f9vAkDkvz6NvaB9Capi0anjAakP+5cTrHdl5tBL+Y2yi4+m3MF0mllPCXTR4/3DD6WD74x+Vz2X5HeHx5kq15g0wUxVw5j8xz63p7miw9bdXY/BIM0X7ONzkD1Xoyw/UNHhyFSaVaehPsiz8VEwRQo76RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4tBlC/XR1f4RxxBF5JWmW+shNxBORK4iecFaaqtiQ+o=; b=duh9btrEwnQl06JkbdOJ+JYAnOlPYpa48emYUZrn0OX93I7DtZvesscUh8CtoZIEpHKz/MyKtNf8w8n9M0PYC7wjNoqTuUQrTHNz87mc5S7hi02Vfa9qO6Zc3cYt1vCPcMZsykICNZ5DKb87VYAoSLdrLDTcL0mkFF5/m0wQuIQ7Aa4Kgm6hM/ZD6qN9oJbYSi6hUHYSVjjXGhkmdfUexUwGvso29Fv0fPuRZfWMomcdAsWE9qJ/qw0SVxRRte2pMDrtr5SkIOT2MJHUxb73OARGOZ8M1gJruppdwiTxLYBUihavLlHjb2zSVEAeg4QMegufB42uwHV7vduDeUyBRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4tBlC/XR1f4RxxBF5JWmW+shNxBORK4iecFaaqtiQ+o=; b=BUanqYst0RLnz3IcMZogJ02Mo+twVI+eOTAouwB1MpAzwy2DhGB5XZkbsLSdJ6WYI5ujiQqK4+j9ZOtdXYopjuG0WpnK27M6MkAfTQQel0hugdWKfE2uanpt+jzKTHQp6IsavmgdwyCnCgkw3xPEfuLSAFG4wUncMixWoT2UpqQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) by AS5PR04MB10041.eurprd04.prod.outlook.com (2603:10a6:20b:67c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.49; Fri, 10 May 2024 13:30:01 +0000 Received: from AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827]) by AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827%4]) with mapi id 15.20.7544.048; Fri, 10 May 2024 13:30:01 +0000 From: Pankaj Gupta Date: Fri, 10 May 2024 18:57:27 +0530 Subject: [PATCH 1/4] Documentation/firmware: add imx/se to other_interfaces Message-Id: <20240510-imx-se-if-v1-1-27c5a674916d@nxp.com> References: <20240510-imx-se-if-v1-0-27c5a674916d@nxp.com> In-Reply-To: <20240510-imx-se-if-v1-0-27c5a674916d@nxp.com> To: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org, Pankaj Gupta X-Mailer: b4 0.13.0 X-ClientProxiedBy: SI2PR06CA0003.apcprd06.prod.outlook.com (2603:1096:4:186::14) To AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) Precedence: bulk X-Mailing-List: imx@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR04MB8604:EE_|AS5PR04MB10041:EE_ X-MS-Office365-Filtering-Correlation-Id: 7331c625-afb4-4dec-5528-08dc70f54b8c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230031|366007|1800799015|7416005|376005|52116005|38350700005; X-Microsoft-Antispam-Message-Info: =?utf-8?q?+kYJGj1lliwGxVe+pVH2m/+/cXGW01M?= =?utf-8?q?58pW3PHWgvjcL9DHNoBKiq6W4JN/DQHa7DNjv23MuQIynCcQjwvYFx0RZ8n6zPl+i?= =?utf-8?q?fBY4SWsRynHQiekOivf/sLpRQ7mB/+7p0qgyxI/GFdqy5xEM6Fz8D58Qb0bczGQ9M?= =?utf-8?q?c+E8G6uUS8ozz/XkaVYK72k9314+m7o+2dc0mMgI5V7FaU0DyuvJZWY3tfvbG++/o?= =?utf-8?q?aS6omdH/B7gVFubZVg6g5+M9ClKLn0S02zxPFftRfsO1m4WYE0WMdOg4vAisyqtjQ?= =?utf-8?q?XJNG4HvyBBqSHJKPaEBwTTP6i5nCwqJcT5QA7ihZxFuJY4/kb3boXgtajU/3H+P7n?= =?utf-8?q?4z5rdUxQFZWc20WQ2mp+1t4SW71V3FxODPtvjNS/RVKQ5mpy5KhJQhbwNV0H896J9?= =?utf-8?q?ELKJ7ees6FoYi7dAU6WdrlFI+PjztZTCB9tgYiJaofmnyLM7aFuZOaZQccspTAqTs?= =?utf-8?q?FvaK8wUZHDg/papx4EvzOLvgJTjN6/1CYhH6sqcJ5cQWcnldv71Kt12aqTfIXrj4x?= =?utf-8?q?/j7ohyHycQmxN96NsyJu4QOnmLk+uItp6pN3PyV7AM1pKiCPgcNrhtYaZ2lZ6Rz8a?= =?utf-8?q?VKpinUGlxtKacbmshxmm8EPq5MXuwQeBtwygy5DeTMn+AuxRZVH4VAmHt+g1l9EZV?= =?utf-8?q?SKWcW4OwK0FWEvDZTZJkbzQ/X5awdlIMHS0wDZE+V9YOAG5T5FAoOlPaXrbn6UFjB?= =?utf-8?q?TJhG5ZeNpgPbkamdsO1qUP3bJkaMVjEodHCWQqxSzmg8h78mmN1aOWKO9FBrytUeF?= =?utf-8?q?Gaxwlxo5a4UnJN8AMA0Mga75FmxPqbPEvVrtDLyRPkeFwanLZvSKLBu8D048b4RF+?= =?utf-8?q?lzBRv666SoZBPACPvxto3XfjqxsVVM+sYLKKXlDYexjFhAdbxaMNbqc1pf5EFZVVf?= =?utf-8?q?uW63hOMl/q3uVoAd4eh5puVvTv56nxj1kIVBkuGXe100/kLwUW6aXeF569ngpAp3C?= =?utf-8?q?RlfqEFF6sIiB+cIy7C9Zg0AAXETHFleUyQkYSjwQfQ3N6VipZ4Jrcov4bQFi8MEzX?= =?utf-8?q?qdsYIOF2/2RQ2JYitCgBCi03EXjwLY3WNVnbiz5qwGrXqIJhjBQrryGpFe/6elYl5?= =?utf-8?q?c8avxwNAqRYZKIixxo9jGTElPm2HsahosIU+CbwoLq+VDqxaNH/yNrKt9izNMRB1C?= =?utf-8?q?EJtBc0acJKOrfTW37FDQk+EgpqkCRT829sb+IJUOfHvqQNICL9nqz4im5/Tb3p3q0?= =?utf-8?q?p1Bbv0D5HsixOrS2C/BEToFplz8F4mfROwvjZxxK3vsM2YTgvBWMTSEjlEka1+FBD?= =?utf-8?q?UN9NwU0o+U1WvLl79z23tBT/Y7uvazCnspA=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR04MB8604.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(7416005)(376005)(52116005)(38350700005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?yF4a+qkVr5eKj1jdZbawOarjvlqC?= =?utf-8?q?HBQDiX+RpS3dRvpNrOf4nVrq/CgMtjO1/c3Zc5psr7/Cv3rBQlU2GLZ0RgSrvwn5D?= =?utf-8?q?Am94iDqOo7EPeTpSnC569CwAgpgePnXBBIPrNSDXkodtrYFUc4YFBD93gPLaJ7AY7?= =?utf-8?q?oEMp6dt9PlO26XndmlUiGF6rf0rzKEQBZXICNJ/RTbaZ39oAB7ZBFVKhHIeiMxArk?= =?utf-8?q?vm9m9Bzi7yH04PSbDiKW58qo6nVpe7Najt4yBKvv1q+V82d+74nkwOgo63w9k+Kz1?= =?utf-8?q?0gsrcs1DgbCsBRKzvlllqJi2LY+E9GmA5EYVxB/Njl7u6F5ht6IAQ+OdEx7Vfh6J1?= =?utf-8?q?4EV7eNfsDc2G0ibBlEZIF2LB4pArTCKqvQC+wYAGSRvvQt+DJjWc5Q3bYMMDLxMrb?= =?utf-8?q?jljaQKxDr/J3Hn1jNkJmDUypG0g7bP/lUOBUbxWL3rUyw3FGt7uN7g1W1sT4AOQKg?= =?utf-8?q?V8z29OI+72dDm43uVBIR6cVMlwq5b+xUrAlKBVHnZjsOhUpxaj+x8FVnaqxDREZCr?= =?utf-8?q?nTSRFz5USn9WIcRWrpNgdJvHBZyiY79gUpibg93+muXyH4g/CNkZw1ETaA4yZ5sD8?= =?utf-8?q?hJAZWGbtOtn77MFlATgZpvqL7zg0JHSZRz112TAFAOH4Z3w6GWgpXSibdoOPUHUCv?= =?utf-8?q?iUmBjgRYnsbQ8xEubaevrP01aVr47aTujKY7jLL1ZyINxC8vfnpW2UoCKNJDzgJKL?= =?utf-8?q?Z0KFTQyOov71LL15sDCA2aOn9FnWx9LdNfDHPGLiKn52eubL5Tm+40Y+Xn8zuQKxz?= =?utf-8?q?uQumXDzjNmnkwhQmt7+wTNiPNeESekO8kFS/Dke7++i+c/2sU5qiDyt+HUg9TH04S?= =?utf-8?q?FpROMNueIlO3qzpiI1MPo6+NEVwOfqB2r4PgGI6fOE535WvUeZTJaZyL1z+EFKFfw?= =?utf-8?q?4yM7N2GpNwzh8joeEuHjKR8b5LvLAXMs53Ib4fpJg8BYX1khCzluCZQ0L1zypy/Ix?= =?utf-8?q?NWxhQXdladWhnxkz3VLXjYPR0JBZWpzakNmUp7l1v+8/DERTpGFH5EQhlq4b5iEld?= =?utf-8?q?iR7iOIqiAjvoXCsKiEd7QV9MiTiAdGIXg2S3iESVmxFU7tBoQ/uSWFuRU3Jke4IS/?= =?utf-8?q?gJL+/J5zPPiJPnLUHkbZaz4+X2b4IdqiR+afn8KiXf/vh4d7fGwo/Iu4dMJQzoY/m?= =?utf-8?q?5RmcMD2raITbyz/snLIOTy8krBG2Ew9QsbKM5O77cK6mXnasUQG6GvgaE2hRMoWi5?= =?utf-8?q?N+YSux3kI2P9EZF6BvWdJd6QsfrECUfVWCcmP3z8k4eqy+Y4sik/HqlGcTcSPIPNu?= =?utf-8?q?u5WzzBoSjjze9/qNcXUp/jdraxrwD6WHp/wPIa+J7qyfkWr1L398iD6Vr7R8U/wZW?= =?utf-8?q?p21HL3BFcCdtfVQtK45sEkOcxhk0wPRhREYwjxVqoFylY1H1X3McHNb3BOU1vkjfj?= =?utf-8?q?AuDPMy0+uEiLW5Xktsq479OHH7cwqDaOsMzdU/t1t+95mLLIYagqMC7CyHq8IFhX4?= =?utf-8?q?Zm9vnFAq+m+11IkpILD7XUDlATK/Zfy20Jul/WpEit8W3FoDB1gjA3qt1vVqZmvOX?= =?utf-8?q?MVF/v3cJCZkq?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7331c625-afb4-4dec-5528-08dc70f54b8c X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8604.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 May 2024 13:30:01.7232 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6X7TXvoiMsWdOeXkyXNBMASPgI0C0cooKWu75yE/CbcwU1MIU0Dh0cTZxxKleBw6ovIiutbugj8jr2XzBGRVdw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS5PR04MB10041 Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s) that contains the NXP hardware IP(s) for secure-enclaves(se) like: - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP Signed-off-by: Pankaj Gupta --- .../driver-api/firmware/other_interfaces.rst | 126 +++++++++++++++++++++ 1 file changed, 126 insertions(+) diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst index 06ac89adaafb..c18c2d3e6e08 100644 --- a/Documentation/driver-api/firmware/other_interfaces.rst +++ b/Documentation/driver-api/firmware/other_interfaces.rst @@ -49,3 +49,129 @@ of the requests on to a secure monitor (EL3). .. kernel-doc:: drivers/firmware/stratix10-svc.c :export: + +NXP Secure Enclave Firmware Interface +===================================== + +Introduction +------------ +The NXP's i.MX HW IP like EdgeLock-Enclave, V2X etc., creats an embedded secure +enclave within the SoC boundary to enable features like + - Hardware Security Module (HSM) + - Security Hardware Extension (SHE) + - Vehicular to Anything (V2X) + +Each of the above feature, is enabled through dedicated NXP H/W IP on the SoC. +On a single SoC, multiple hardware IP (or can say more than one secure enclave) +can exists. + +NXP SoC(s) enabled with the such secure enclave(se) IP(s) are: +i.MX93, i.MX8ULP + +To communicate with one or more co-existing 'se'(s) on SoC, there is/are dedicated +messaging units(MU) per 'se'. Each co-existing 'se' can have one or multiple exclusive +MU(s), dedicated to itself. None of the MU is shared between two se(s). +Communication of the MU is realized using the Linux mailbox driver. + +NXP Secure Enclave(SE) Interface +-------------------------------- +All those SE interface(s) 'se-if(s)' that is/are dedicated to a particular 'se', will be +enumerated and provisioned under the very single 'se' node. + +Each 'se-if', comprise of twp layers: +- (C_DEV Layer) User-Space software-access interface. +- (Service Layer) OS-level software-access interface. + + +--------------------------------------------+ + | Character Device(C_DEV) | + | | + | +---------+ +---------+ +---------+ | + | | misc #1 | | misc #2 | ... | misc #n | | + | | dev | | dev | | dev | | + | +---------+ +---------+ +---------+ | + | +-------------------------+ | + | | Misc. Dev Synchr. Logic | | + | +-------------------------+ | + | | + +--------------------------------------------+ + + +--------------------------------------------+ + | Service Layer | + | | + | +-----------------------------+ | + | | Message Serialization Logic | | + | +-----------------------------+ | + | +---------------+ | + | | imx-mailbox | | + | | mailbox.c | | + | +---------------+ | + | | + +--------------------------------------------+ + +- service layer: + This layer is responsible for ensuring the communication protocol, that is defined + for communication with firmware. + + FW Communication protocol ensures two things: + - Serializing the multiple message(s) to be sent over an MU. + A mutex locks instance "mu_lock" is instantiated per MU. It is taken to ensure + one message is sent over MU at a time. The lock "mu_lock" is unlocked, post sending + the message using the mbox api(s) exposed by mailbox kernel driver. + + - FW can handle one command-message at a time. + Second command-message must wait till first command message is completely processed. + Hence, another mutex lock instance "mu_cmd_lock" is instantiated per MU. It is taken + to ensure one command-message is sent at a time, towards FW. This lock is not unlocked, + for the next command-message, till previous command message is processed completely. + +- c_dev: + This layer offers character device contexts, created as '/dev/_mux_chx'. + Using these multiple device contexts, that are getting multiplexed over a single MU, + user-space application(s) can call fops like write/read to send the command-message, + and read back the command-response-message to/from Firmware. + fops like read & write uses the above defined service layer API(s) to communicate with + Firmware. + + Misc-device(/dev/_mux_chn) synchronization protocol: + + Non-Secure + Secure + | + | + +---------+ +-------------+ | + | se_fw.c +<---->+imx-mailbox.c| | + | | | mailbox.c +<-->+------+ +------+ + +---+-----+ +-------------+ | MU X +<-->+ ELE | + | +------+ +------+ + +----------------+ | + | | | + v v | + logical logical | + receiver waiter | + + + | + | | | + | | | + | +----+------+ | + | | | | + | | | | + device_ctx device_ctx device_ctx | + | + User 0 User 1 User Y | + +------+ +------+ +------+ | + |misc.c| |misc.c| |misc.c| | + kernel space +------+ +------+ +------+ | + | + +------------------------------------------------------ | + | | | | + userspace /dev/ele_muXch0 | | | + /dev/ele_muXch1 | | + /dev/ele_muXchY | + | + +When a user sends a command to the firmware, it registers its device_ctx +as waiter of a response from firmware. + +Enclave's Firmware owns the storage management, over linux filesystem. +For this c_dev provisions a dedicated slave device called "receiver". + +.. kernel-doc:: drivers/firmware/imx/se_fw.c + :export: