From patchwork Fri Jul 5 13:52:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13725188 Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazon11013067.outbound.protection.outlook.com [52.101.67.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F83E15B0E1 for ; Fri, 5 Jul 2024 13:56:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.67.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720187764; cv=fail; b=fB0fTJF0Hwi51KPFQgZqarLwGVXZKrk4AUhTV5V/MCVPfkoKsldcwIcTiZS02mEPds/oiAqy+UNHYnATSVvWN/Sl9R5lEE5iyRBHFQTfMx22sbJ5r7ZcpLlnw3piERJFuZBIIDbxPbJJTk6ikKiRFFDTDR+yFeDE9F7M0Sl1K0A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720187764; c=relaxed/simple; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=nJ9Wrdg1jN1y5ZUVCj7xfHamfzboCFsgwwe1bwFY/NpGGNRaGAKLI2G36tlOBSyVKzknpPMaypNkDtwSA4uWpH+vlUthewShiyxPjIOIciSXANQMpIuOt870EKJY1+Yj9IlHniXjRXD+5f2sQTPEAfMsOm+b5Fo/o3YF9lUZc9w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b=LU3TBWDb; arc=fail smtp.client-ip=52.101.67.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b="LU3TBWDb" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lQ8r/4o0AE2oj0GRqOqbd8ibUuBVtnG1JJlQuqxR3YFbxYWxF1ZW0zeVo+EFx2/nO/DnjUpXSuOcwEU38fXHtFEbq4PaqTa3tC82WagDMBcMd+IFPstMEBvTmp+iwoFy+WSGiTd1DHItsf1aT+vrzJQmnBO7arxe8CjlWXSiK8d4CWbPkQNziwRhxYvschhg30tG8i99A1YiGJXljDgpFAleWRAvCJX1OORy6sK5jJuVd0RLz9efPpaZ9wKyHz7lJreI9xq/8oEuKso5eH0JuJ22Et+odqXOOOOtutUi2NpvdXeE6sPsfet4JTCVsWeWHztLe78LSiJNSaQadsqj5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=IDmwkJw8Zc8X22yQbLtCTXSEzMUXVt5IwpfUM3XbBP8CmSZvyLFfep+JvCEoBP64WKp1w4Bb8b+yVtsPuQJ8PQcBJlxgKIH+DUtaLTov7n6JQzZUUqcuLnaIddAuD30tBi+vGI/UPawrzjKEuTgrqcr55dUhmBdycA6LPiD7kN8AvjI7abymUWs9DH65UT5mTB1VL5ZRhTc7GRRw83FXMZnizh9qshh/uLj2G1tR6va3nZAMAO0mMIGB9Eosfh0nng9uJixrZiRPWnWQ5NpCKyAw0KsNNLb++nI3rvqrjby9U/SGh0bhmtN9faPhRNQM1uGi5OUcXjkvIjaBb9DAIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=LU3TBWDb8Y5u/QXYLv+fICSidhWzp6ain225H0u/V0usrTM7Wx66V9CqxV916wEHV7y7U6GSudMKjNxWrJgmHFLOMoxhVE2zgDtOot788zFtNCUPUl7Dv/jDZ8qM38oY/o5htMymSvJA7WFeC48eYuiEiOOIb1awf4YLwYqxQNQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) by DB9PR04MB9260.eurprd04.prod.outlook.com (2603:10a6:10:370::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.23; Fri, 5 Jul 2024 13:55:57 +0000 Received: from AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827]) by AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827%3]) with mapi id 15.20.7741.030; Fri, 5 Jul 2024 13:55:57 +0000 From: Pankaj Gupta Date: Fri, 05 Jul 2024 19:22:40 +0530 Subject: [PATCH v4 1/5] Documentation/firmware: add imx/se to other_interfaces Message-Id: <20240705-imx-se-if-v4-1-52d000e18a1d@nxp.com> References: <20240705-imx-se-if-v4-0-52d000e18a1d@nxp.com> In-Reply-To: <20240705-imx-se-if-v4-0-52d000e18a1d@nxp.com> To: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , Pankaj Gupta , Rob Herring , Krzysztof Kozlowski Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1720187574; l=6679; i=pankaj.gupta@nxp.com; s=20240523; h=from:subject:message-id; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; b=R9/0YCYU174roB+f20ugHh4UxZ1oK0oPF5gsNoQfv+uPZP0ubuzwYTgV3rz+i5HseFWwbAUiR BCU3h1oV+00DPD1jphwaGxvhXpZIDLg2n/DlHDaGF/NyAPH/Y9rhpUp X-Developer-Key: i=pankaj.gupta@nxp.com; a=ed25519; pk=OA0pBQoupy5lV0XfKzD8B0OOBVB6tpAoIf+0x1bYGRg= X-ClientProxiedBy: SI1PR02CA0059.apcprd02.prod.outlook.com (2603:1096:4:1f5::19) To AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) Precedence: bulk X-Mailing-List: imx@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR04MB8604:EE_|DB9PR04MB9260:EE_ X-MS-Office365-Filtering-Correlation-Id: 487f3743-d422-4e52-ccef-08dc9cfa31f5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|52116014|1800799024|366016|921020|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?rgDxj9b5VLWoBw3ET21Kq88tJBe2FNm?= =?utf-8?q?euP5zq/O1BTJ3PBzS24gOHgkbgkcZ985tzfbFp4t5/t0m5ronxl2ta32v9wn32Yio?= =?utf-8?q?6QpIr/kQykwHoU8CCx7CU91bkMpVRoYZf4HYBXnlqrY/HvqJy98uZ+CUc+NUUJny+?= =?utf-8?q?IoDxvUieWVmUmVEXMTIt39q2aE7kSUMTmQsOj4NKCYUoUPoyAMDsNo3WqM7I9HTv+?= =?utf-8?q?/6s4USSErVpBE29HMSr00SuyGQEhcXXV1tS4n01Bjni3AW5utN3cQdSfwe2WJs5Pu?= =?utf-8?q?nG9JeIv3TkGTj7uDmqqpVpbXCPeggxmDW6nWRxbgX47Ffkmbu757vU0EoZ+hFhhL2?= =?utf-8?q?FrSafNREz9ombYuDDjfo1Cvjk8QMjui8CmRrgPCJAGxPXuaUztvRy/J5IN/sTtn9C?= =?utf-8?q?nyJNavhnmG7BRjLiOTk3iJhhqXZJVEe0YoCQSEbR5/kzKB73r4xbW/hye6gRBPKPF?= =?utf-8?q?66UY58gQikFftM8pX3cW1cNhu0/D55/hPVfNbO9zrhB4S37gFPZhTJ7V+EylSH7y+?= =?utf-8?q?/FEmsGDSZzZak4qfC4nyXLZjxvvCG54+PGoIHnFIhGiEYanAiPxOyyhW8AjDBRPl7?= =?utf-8?q?FZBWN95R+FSUtydwjUMM8fBEauWn+nDpeThAmHoXIcrkCFYC3RxvJ9YPmrXmWHBRc?= =?utf-8?q?r9VYHRuLzzBrMmmkkVrUIh4n6PFnXGAGGHaycApcpMjOa4N7fNnPls/6H/0RpNhPy?= =?utf-8?q?ou/ZJiSUECwM0UrLCbQJ9IDkuBsfL5oAqC17JtMCOPN5zYRRduuClxOPybasBTFdo?= =?utf-8?q?L7aw3UrgQE2LlpzdIkdpTjhShcIEAmzH5NQXq3RSQFLnU7WOxmPftZoO7x27JpK4d?= =?utf-8?q?ut6DZXPpCGbdR0Ai9n62km7al0D02pHc6pWIgB3WCZIXA+0ZDjQCi3ME2pvSQ5vte?= =?utf-8?q?VWdhp9RFRx1nK8M4X4TUFymShwQzGIyWNZk+X7PCJeyyCMuiQB+VnKa5PSXPY4kgV?= =?utf-8?q?S/PxMaJFrd195CxAU3M5d7xHuUws4ZBnEySke75wrlnO9xwU9R5J71HJYzW6Oacq4?= =?utf-8?q?c41UGhvZDHY1tFUvOSPgvYYfJM1ubxHOZiOvlksN/Ns5Q6Su3fTcYsn3Ml8/IwZOZ?= =?utf-8?q?c04QOUDKuRrjrn6RYzKlUIIaf1E/7r5PqTI24c7soxdhK+cVxHJQ72Nrm6TnydLB7?= =?utf-8?q?7ZRBOFm+8K+BARoswA2fBHzzkHr/CPyeg5YEFIq+2MdmSqrxj14FP2PnjdBRbPrzd?= =?utf-8?q?I4O+MP1QfulM6vPmMPaOdzUG8aAjge9OiA36sk3GjSB3cSykbXk0OdR860rmZ4Kbo?= =?utf-8?q?2w6t7RLdTVqxEGZd6IuOInqb3fMXDjE4hJLVIzvVtdPYqlt9OUg7YWcgr+ef3hl+8?= =?utf-8?q?9xsv0WT+8q6vgokqEPg1vtzaWLBVxyvxOYVUwgFqHwzRkK0iNuMaxIU=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR04MB8604.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(52116014)(1800799024)(366016)(921020)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?Jbe9sPgnX/C7QYUavtUYQw+d20c5?= =?utf-8?q?ojhju7W5WH9WGD/5eSQ4gT5eQMaScgSwn1t/XvCmoR52psa6yV8c9H3C1VvqoqyD6?= =?utf-8?q?v1bRVWC/ueoPG3TvsePZxGdwOL7wH+iKSBLebJzmNVfglNqmH04eAWoiUi19YcDAh?= =?utf-8?q?gn6tMIxlo0iONXFUXmk3aMvELrmkSMvsVVNt45LCZkFxivUaTGF5wIJU5MbSC95y/?= =?utf-8?q?wh1HijfiC7UKOnBtzpd2omLOtp8Wtszy+4ijtjY2mk09g8YCqnhEh/B4q6PbwB5P7?= =?utf-8?q?YH1vJBkI07IL4hgoxbd8+IBrojZQvd4LHaqBHA/C7B/JmmbnNRt7vZ8YaqqpYLZcI?= =?utf-8?q?g9BfdBd/E5yIourSZm/eZee1j0PegENDL8dHHL/Er+/dekswRIH/OU8QHvNUBssTz?= =?utf-8?q?1GvCH4b/Eo8+u2/keA1mRGIGi0DxNx+6igNXNOdZl/YiEdmJJg73nfOWvD3OPx7pj?= =?utf-8?q?XPkpWHjTelyc1vSerDg7t5Kpo4h7RAqCPv9f0DOTMkEomLl/GXA8Gwf5P0ZeR97ay?= =?utf-8?q?AWijM6WpojG5aXm53d7N9Om2gV1Wn280MFcxKA0tfzVmckyq7ROvQdBKkOv2/sM/E?= =?utf-8?q?vFpLhdDFvvXu5gmz0jHf3gPYVjcEZ7yRoUeZCDpCM4kJ1R+tjzCMMeU1m95bX6TZ+?= =?utf-8?q?yO38+JqsDnGDo072qgPezhaGpCBbIubUz+fulgZBj+dEsGJUmAfwqbZUT6dkJZn1i?= =?utf-8?q?palYBl45vXJVfCDjwOaZC4elU9zOziz0TO+++KAVXtRqVvZAonOTMAD1m9qFCsF/c?= =?utf-8?q?+44mwOsyA7MozhDON53M+rVX9316NwBzPzRibR308TzctvlGVyWnGHZ/f/sN3gucS?= =?utf-8?q?/MVVBwYWpOMidMLdSlu5oBtsZNaynHDfHHv0Ge5MiRnJ5KrrGOGqhExOPuaeZrCTu?= =?utf-8?q?qfh3RcRsfkbzF1dE98p5eg0EOsnJ+ssxj4laH1uI0As5hSvNA9+pwUW14F/bNP0to?= =?utf-8?q?/v4f4e5izRt2eULeru9QA3x7gUxGm97ZEpWa+Vuy0qsPbbKZ1TBoTzOcpzHZYnZ+3?= =?utf-8?q?Z8h1+RYpgHgY4bO4HCxXBMO6jIWNoXti9EMz4dIDW0VVw4aDFUN87EBufwtulU85E?= =?utf-8?q?hLEl9vj70gDxkG/heHkYKNKEcKyUf/Gg61oiodbEYm0aNGgfUSyGEkdwjS7wcrQVp?= =?utf-8?q?FpwCG303BIDNLcMAOh9hN5z4WACK8jg9xTrPg14hAZHkgfMi5rfmQVESR9vxDiyb2?= =?utf-8?q?7B6T+y8Oorp5hfX0K/vCdp4IjkPSYO+2VMQM0ZYYuE5VCxitgnietVJV1W4DXJMxJ?= =?utf-8?q?M/JibncurClkmgsFwPNP9szUNl2ZCILQHw5s6+UW48BomSDNO7j+iNIMJysKJ0iwU?= =?utf-8?q?GArqlXkO6GZXWZjNYgP+vt80zaMliA+0gHXWauyxgjLTtqpWWcy4ZvpphrmtEQXYw?= =?utf-8?q?hFvlQVdwah9Suw4E0rA51qO0p8/SAPV7xSQvWDOCun5ysoYry7lnp3RmOgtnRQJ1X?= =?utf-8?q?1OJA9OBY8gtokd2E5j0s09ik3//WZpOcOQuqHna1zjnEfEAw1YXSY+/p/Kglz7kfZ?= =?utf-8?q?rLoysyLvNDv6?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 487f3743-d422-4e52-ccef-08dc9cfa31f5 X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8604.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jul 2024 13:55:57.4484 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9etNok/Bz7RiQX0bvCYjvPJYnE/5I+jt5/QZePiqW8q7OexgLqeW3yCTfvR+ALIfxmubb0hcwbYTshkrW285Bg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB9260 Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s) that contains the NXP hardware IP(s) for Secure Enclaves(se) like: - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP Signed-off-by: Pankaj Gupta --- .../driver-api/firmware/other_interfaces.rst | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst index 06ac89adaafb..a3a95b54a174 100644 --- a/Documentation/driver-api/firmware/other_interfaces.rst +++ b/Documentation/driver-api/firmware/other_interfaces.rst @@ -49,3 +49,124 @@ of the requests on to a secure monitor (EL3). .. kernel-doc:: drivers/firmware/stratix10-svc.c :export: + +NXP Secure Enclave Firmware Interface +===================================== + +Introduction +------------ +The NXP's i.MX HW IP like EdgeLock Enclave, V2X etc., creates an embedded secure +enclave within the SoC boundary to enable features like + - Hardware Security Module (HSM) + - Security Hardware Extension (SHE) + - Vehicular to Anything (V2X) + +Each of the above feature is enabled through dedicated NXP H/W IP on the SoC. +On a single SoC, multiple hardware IP (or can say more than one secure enclave) +can exist. + +NXP SoCs enabled with the such secure enclaves(SEs) IPs are: +i.MX93, i.MX8ULP + +To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive +MUs, dedicated to itself. None of the MU is shared between two SEs. +Communication of the MU is realized using the Linux mailbox driver. + +NXP Secure Enclave(SE) Interface +-------------------------------- +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' +that is/are dedicated to a particular SE will be enumerated and provisioned using the +single compatible node("fsl,imx95-se"). + +Each 'se-if' comprise of twp layers: +- (C_DEV Layer) User-Space software-access interface. +- (Service Layer) OS-level software-access interface. + + +--------------------------------------------+ + | Character Device(C_DEV) | + | | + | +---------+ +---------+ +---------+ | + | | misc #1 | | misc #2 | ... | misc #n | | + | | dev | | dev | | dev | | + | +---------+ +---------+ +---------+ | + | +-------------------------+ | + | | Misc. Dev Synchr. Logic | | + | +-------------------------+ | + | | + +--------------------------------------------+ + + +--------------------------------------------+ + | Service Layer | + | | + | +-----------------------------+ | + | | Message Serialization Logic | | + | +-----------------------------+ | + | +---------------+ | + | | imx-mailbox | | + | | mailbox.c | | + | +---------------+ | + | | + +--------------------------------------------+ + +- service layer: + This layer is responsible for ensuring the communication protocol that is defined + for communication with firmware. + + FW Communication protocol ensures two things: + - Serializing the messages to be sent over an MU. + + - FW can handle one command message at a time. + +- c_dev: + This layer offers character device contexts, created as '/dev/_mux_chx'. + Using these multiple device contexts that are getting multiplexed over a single MU, + userspace application(s) can call fops like write/read to send the command message, + and read back the command response message to/from Firmware. + fops like read & write use the above defined service layer API(s) to communicate with + Firmware. + + Misc-device(/dev/_mux_chn) synchronization protocol: + + Non-Secure + Secure + | + | + +---------+ +-------------+ | + | se_fw.c +<---->+imx-mailbox.c| | + | | | mailbox.c +<-->+------+ +------+ + +---+-----+ +-------------+ | MU X +<-->+ ELE | + | +------+ +------+ + +----------------+ | + | | | + v v | + logical logical | + receiver waiter | + + + | + | | | + | | | + | +----+------+ | + | | | | + | | | | + device_ctx device_ctx device_ctx | + | + User 0 User 1 User Y | + +------+ +------+ +------+ | + |misc.c| |misc.c| |misc.c| | + kernel space +------+ +------+ +------+ | + | + +------------------------------------------------------ | + | | | | + userspace /dev/ele_muXch0 | | | + /dev/ele_muXch1 | | + /dev/ele_muXchY | + | + +When a user sends a command to the firmware, it registers its device_ctx +as waiter of a response from firmware. + +Enclave's Firmware owns the storage management, over Linux filesystem. +For this c_dev provisions a dedicated slave device called "receiver". + +.. kernel-doc:: drivers/firmware/imx/se_fw.c + :export: