From patchwork Fri Jul 12 06:19:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13731305 Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazon11010044.outbound.protection.outlook.com [52.101.69.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 882C813D51D for ; Fri, 12 Jul 2024 06:23:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.69.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720765402; cv=fail; b=RBa/mlQBW62yAwczscHgWDV20xRqPf1ShoC0FTocpGSAzGHvRJFid/bw3vcNCWxf3mQSHPMxxvGmQiR/zBuXlYnLqg5mUqwUkYgZU4pB+6hdwFJVqChl625y1p2Thk4ewUX/hjtq+P0m5VGq/N2iLuUlQodVTG3VGsywXxALXFc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720765402; c=relaxed/simple; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=mgiY6FWK59cKJPqMjaXft8NLQWC6N1qOjtU1jgTLZPGz3yEbsTHHe1q4QJIB53HCmmkUoUGQMvgEyrpU1BYG7HG5xWOx9vugHF0cDz9UR/MzlC6NONaBATlZV4mdAl00kQL8g9huKBFkvm8IsJFGK6lwafaKKN0UPsNgvT/wc4M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b=F/daEBIV; arc=fail smtp.client-ip=52.101.69.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b="F/daEBIV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rWnt4hAkZCw8a3wwh6b0IdUkKjFKWtuGcXHywIS1Ml/RrzGO51+PEsZZCOgLQ+ZX+0I1QzIuN1OdwLNmLS6qnkRo8mIjjRkmx7h9bJpz3jJitAYA744469jZ/g9nLzEQM7fFGnNFBkZWV7uwt4QmHMv5iO2sT7D+rdWzg/v3xDCeRjE+9BL2E+zOTpvfmVtZqUxe4ls6zz0VHDowgrSE+RGHsiiMI49XZWBA8fvzVkLm/quc7L43mhhS4juTKgVgz471QWYyKspXDY+SzJuhtOvsCWWU33Mdocn9idsOBUJt6TjrX20J09j3MhKtlyYHmfLwIoTji4pGwTXi/3PRpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=Es/cPaMwkBrSEfR5Pgtp1GUSqkNG3yG11EHjB7HzMAGorT+CUHKLPNmnVur00/XsaYO+RjM/hl/qaJnRz0ubxYkahov+kDnzTsZ5WdwptvJ1gEe/DreNn2wBrT4rtLkhsaYTlk5AU2xySmVj1S0DhmIxpRc+TkVN+5ZkH4mQld5H6SW6BH/1OpzrwqR7cN0kQYwrUBxjb0K87DCkpelONFliG36nX7ogdtYrgA3IvVyM8kJ3jBn+L9K4pkXIhvMRVuoJ7gAeApUubNOVeYDwtOUunt1ZVSTAMQBtMbctn/uC8bmDOS/EszS9z2PPoxrurBHEKIyldt9alJe2bosb7w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=F/daEBIVZo2C4yDyT/Z0bWg4hvOeYDD28qD6VtmKm3FRJKXqnSiJDdQf+7ZHKdcBGoM4b6n4qeS4oCFUkmSo0V552WQzPKwP6SvqY6TgnQXzXyz8Jv1M2mm48b3KaHEXOOfo2Vo65jHVHKlORaHUUBvMYUk9FAcbR13om1F4Cj4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) by DB8PR04MB7068.eurprd04.prod.outlook.com (2603:10a6:10:fe::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.22; Fri, 12 Jul 2024 06:23:18 +0000 Received: from AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827]) by AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827%3]) with mapi id 15.20.7762.020; Fri, 12 Jul 2024 06:23:18 +0000 From: Pankaj Gupta Date: Fri, 12 Jul 2024 11:49:56 +0530 Subject: [PATCH v5 1/5] Documentation/firmware: add imx/se to other_interfaces Message-Id: <20240712-imx-se-if-v5-1-66a79903a872@nxp.com> References: <20240712-imx-se-if-v5-0-66a79903a872@nxp.com> In-Reply-To: <20240712-imx-se-if-v5-0-66a79903a872@nxp.com> To: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , Pankaj Gupta , Rob Herring Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1720765211; l=6679; i=pankaj.gupta@nxp.com; s=20240523; h=from:subject:message-id; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; b=RD5rtwxBrO46VyRWWD++pn/rgjgg4wsYvG3GphfG8JxJ6bkSM/6sDtGpWCpyfOUgU7fia6/zL /RjEZdDSbqIAsuLUVq61NoOlpBRN3MZG0w4j7vJJFAiUs2s46LF5+HH X-Developer-Key: i=pankaj.gupta@nxp.com; a=ed25519; pk=OA0pBQoupy5lV0XfKzD8B0OOBVB6tpAoIf+0x1bYGRg= X-ClientProxiedBy: SI2P153CA0006.APCP153.PROD.OUTLOOK.COM (2603:1096:4:140::22) To AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) Precedence: bulk X-Mailing-List: imx@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR04MB8604:EE_|DB8PR04MB7068:EE_ X-MS-Office365-Filtering-Correlation-Id: f2c218f2-583e-4e51-17a9-08dca23b1eef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|52116014|1800799024|366016|921020|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?AVTvQKxJmzqzPedN5ytC+lgT8gPN9sV?= =?utf-8?q?DMMLIrE0X4/EA41+APB3Utte6uRgMtnbfSCPPoxZpjHC3BQMyJj5KPuIHdOk0ridd?= =?utf-8?q?bIf66D/YxD3gpwxE731VFzfwqaLO54e/P3B4x8y1KKynSr67Bpc7S+moj4D5AWZq4?= =?utf-8?q?nB4DH9x+KB71p4ZSLdAeeSlDN0KI89w7eheLLLAmZfqUkqsOrRPCngDhp9yAWkYE6?= =?utf-8?q?6c7jf4PFE/8HIqnB3pr9QX7clpK0rVHZr+iysiw+AlgUTjYfHxdHhYGUEMfQp6Xbq?= =?utf-8?q?Z2uOd6eC1++tr4+Y1QP/DV1JApdwRSHttt7iiTVhFubpeunIfya3//b5JzT5gaFV9?= =?utf-8?q?adnNkxct15dqNdgfyb5NIuVjVeDK9CHqjaezmN2H/LWlkCwp/Vcfgf1lWcW+Xx+F2?= =?utf-8?q?x3pRAUvKKqHypMPZNaT0VRpLKTtZCNafPDAW8JJbzqM2Uh1BitkLyKjmibcgLOHL7?= =?utf-8?q?vtVJoyuNri26GVnqEbuSww9oeEJJL/36gcOX72neDzG1KP3PmwBW/m+b96LLza8Tb?= =?utf-8?q?MiytwHNNRbBW/jl/U6Z6KLxIopnrar+aXR0cFo9RAWKrq1cGh8hGADKzeZgud9qD2?= =?utf-8?q?Gn9ivgmTPwASTLtxLn1G2H+YhorX7LvAipqhm3mAy/NpWqG99zXJFgqpCdgf53Tas?= =?utf-8?q?U5LCtFyEQcUoH/0YhIVU0Opj+WAkJk4qDO1d8pCG9hD4551uz22MPJMa2Qc4m0PUs?= =?utf-8?q?UuxT6ZjUMZqTdYYDz34VMQ8Px5zgH6idhwc/T9EbyyUjfYIU/wxCaROriiaIKoW3S?= =?utf-8?q?DS9BqbcvjI6uX8XaTg9Z3bdk8R6b0jXUChb3mPPcdWS6txOd4W5oouQNVDxo4DR+D?= =?utf-8?q?yemNEh7Ie9z5/DF5b5T7/rP90btzsHGoNodCyegb6DUjHZqIEFJHVSURx6D1hF2xE?= =?utf-8?q?L3xamCJLorkHDdyoIaByRMz6WRvq1ODA2/BEEtcaE+9/8iTWQnUHAXymFkYzKwTTE?= =?utf-8?q?2R/jCT5/4qfJnVPjwU1ZRI5WcWDoGXX27UclGi129/b2807BzNCkjwOIfL2rJfCPm?= =?utf-8?q?jmlQ8fYyz2Dscdy3VqoF0K2FgLlDLHtm9GTreGxqxg0l6SBgPu9cNFmgqOJ/kGdro?= =?utf-8?q?WgGFmDIwgtqUHHwcSfQKtWhz9qkzeRTTv8l6jp+bC0XxKM72xiMCxOOsxRRGxzEWe?= =?utf-8?q?kTkazoU8nquFVFghopO8oqTKPXZcSm1Aa47Vl4HQrGDVENwOZ29cjnmSq20jB4KMI?= =?utf-8?q?Rvnm3pBzsRtXatilyYidBreAGUk1EiZTmUremnXxVLMJAk468gSJio4fmHKQBL+Hy?= =?utf-8?q?99L2qC5YXiqVkKhG6jgafM68zgJJI4PWRrt4++nobMD9yQm/ZrbsrCGAKGYYmxZz7?= =?utf-8?q?6ldRkRbdelT0I4i4wp3nE206ZEd/Dxx3VPhBLUlKKNkEQhAAWxWawuU=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR04MB8604.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(52116014)(1800799024)(366016)(921020)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?lc3BKLt91a2aJGtf0wEJkiYpDuRC?= =?utf-8?q?D0VwKgg5F8W244a3+XMsaoeq87hq6oQxD5rKa5JpVtk3ESgD1GoXR4+BbnkP8dqoF?= =?utf-8?q?bXbVPkghRwl7ohv8zAcNzoIKAmHLZ4Xpsj+1ysiPopvfsoRGj48FnRh7VIkkGzF9P?= =?utf-8?q?XyL1Xt9/3UKRoQXfzxgalg0389ESAoc1c3YHzndt2p8gCIP6/wm58yn4uD9ndsTs3?= =?utf-8?q?DGpw4/8hgxppIcfz4kVUJJ3TRoJEStC3m63lSwPD2/295SkORMRhDRe4yNaBNtqj4?= =?utf-8?q?k7zv87smo+bcPnY03XVVEbw5/8PdThWlYjuRSAiajd1a2wh24+3JdSZJHMb6svnrA?= =?utf-8?q?9vmGmDzi2okiJUji62pHwS4JAblMn2NpB9I6nVcUrWGw5rawPbA1KstFaX3EQFXwg?= =?utf-8?q?nItIFZR6kCRWZpKI0ZSfcLonGLav0wFvJJYAvg/mfcNI/icdOeVwFLUEPMAkfGsz1?= =?utf-8?q?CyoZ8s+kmVC5vo8xQjRec2rI6IgM333SAZ8pL8InHO2PiPWL+Ra7q0XrdFODRF5I7?= =?utf-8?q?zBBMUHSGNl0qQIhxPOo02sRuFHB6YfRfrtJBXlBwDqU2FQ/XD8oJ927+1o+2TB5Qt?= =?utf-8?q?3pwXZ3S8PLoxQFPWJuOJmS2ijlPWwVFre/27T7Rti0FyfatMYNwD+S9XW7XIMmtl/?= =?utf-8?q?QghmeEsoD2nX+lXg23FjoROfvcmc9/JR8SIryxNUBB7jCribxyAkGPtpKmky5Gf97?= =?utf-8?q?KPSh2rzYXQZx8JqGV2fbCrN5kuH4NoEqs9F2OkS9RYDVtNcZCp5I0lRQCdc1AgUxT?= =?utf-8?q?150K3pir8V5wVb3oppWWJQv8yz+ZfutzniwRAGqOB32+GrGktNPFQdu7luxly6wHh?= =?utf-8?q?+p694LR1MeuEdVXeZ0IfCuKvN6vOVMF4OrCDtv4P8ivVbN3uTmSIzDQgh/vbxkJs/?= =?utf-8?q?tXLx81tuh4W3tT+iEvQ5S47uGIZbqnKy9YDCqLNms6DvTr0bx25JYOvJ/EM7uKvuL?= =?utf-8?q?nEexvRM6+uiu5N+zV6yX6uq0pVspjn7wR0sFWQAT/W8XaKQU7jZfgYKVaUsHndW1O?= =?utf-8?q?DVBus+IUofXjz8u7QDSxEtx9aiXPkldUySmPhw2cltpLuZ+CfmzuldSFno46WpZ7H?= =?utf-8?q?D7nm+ztsFFU3SW5vblAWhdBZnWk3MTFo0zJ8LtIWdTl9nfyvNQQc1NSXUZxNipGuX?= =?utf-8?q?vZS3B5mbBBXyMBXqhPXioOS2PF2l0jFUkoeQXXZJ+M4yT9TkorfaxVfYPOQqjT2hB?= =?utf-8?q?S69Ezsh2R75QVc++t43lLiS1vAdbZ/uibJWp/OUxElGxwyugdRHm3Jfu7XXWz6EfN?= =?utf-8?q?nNGOP2wc+/J2/UocC9FRKtx4R8H0gfczbHad7XS/f58o86o+aVJawnTqS/oh/qnKA?= =?utf-8?q?IaPV/HzKNlcF8AQisaGNQVZn0u4RD1+g+B9vQBeIAcgo1QOCv/gX8evn16o4AOjnj?= =?utf-8?q?z99I7q6gLY45QO87ghbx0NuNfUjn680i5RUoVlhZ8er1KOinHyUN5eEzBSiEBm9g1?= =?utf-8?q?aZTobUO344T6Mf7I8d/rK4oguqmJLy3B+iTUmZd3gKaQqk/UY9R/IGMRrsG/7y7YQ?= =?utf-8?q?9GFK+tdiCRXD?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: f2c218f2-583e-4e51-17a9-08dca23b1eef X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8604.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2024 06:23:18.7089 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YznCul5qZ6GgPcMu4bsef0ISkZugAOYoKHKiWbjqHhZgnxeq+hIuP9ScL0p7X1YPF33Asr84P3v4nhq1v8a9nQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR04MB7068 Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s) that contains the NXP hardware IP(s) for Secure Enclaves(se) like: - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP Signed-off-by: Pankaj Gupta --- .../driver-api/firmware/other_interfaces.rst | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst index 06ac89adaafb..a3a95b54a174 100644 --- a/Documentation/driver-api/firmware/other_interfaces.rst +++ b/Documentation/driver-api/firmware/other_interfaces.rst @@ -49,3 +49,124 @@ of the requests on to a secure monitor (EL3). .. kernel-doc:: drivers/firmware/stratix10-svc.c :export: + +NXP Secure Enclave Firmware Interface +===================================== + +Introduction +------------ +The NXP's i.MX HW IP like EdgeLock Enclave, V2X etc., creates an embedded secure +enclave within the SoC boundary to enable features like + - Hardware Security Module (HSM) + - Security Hardware Extension (SHE) + - Vehicular to Anything (V2X) + +Each of the above feature is enabled through dedicated NXP H/W IP on the SoC. +On a single SoC, multiple hardware IP (or can say more than one secure enclave) +can exist. + +NXP SoCs enabled with the such secure enclaves(SEs) IPs are: +i.MX93, i.MX8ULP + +To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive +MUs, dedicated to itself. None of the MU is shared between two SEs. +Communication of the MU is realized using the Linux mailbox driver. + +NXP Secure Enclave(SE) Interface +-------------------------------- +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' +that is/are dedicated to a particular SE will be enumerated and provisioned using the +single compatible node("fsl,imx95-se"). + +Each 'se-if' comprise of twp layers: +- (C_DEV Layer) User-Space software-access interface. +- (Service Layer) OS-level software-access interface. + + +--------------------------------------------+ + | Character Device(C_DEV) | + | | + | +---------+ +---------+ +---------+ | + | | misc #1 | | misc #2 | ... | misc #n | | + | | dev | | dev | | dev | | + | +---------+ +---------+ +---------+ | + | +-------------------------+ | + | | Misc. Dev Synchr. Logic | | + | +-------------------------+ | + | | + +--------------------------------------------+ + + +--------------------------------------------+ + | Service Layer | + | | + | +-----------------------------+ | + | | Message Serialization Logic | | + | +-----------------------------+ | + | +---------------+ | + | | imx-mailbox | | + | | mailbox.c | | + | +---------------+ | + | | + +--------------------------------------------+ + +- service layer: + This layer is responsible for ensuring the communication protocol that is defined + for communication with firmware. + + FW Communication protocol ensures two things: + - Serializing the messages to be sent over an MU. + + - FW can handle one command message at a time. + +- c_dev: + This layer offers character device contexts, created as '/dev/_mux_chx'. + Using these multiple device contexts that are getting multiplexed over a single MU, + userspace application(s) can call fops like write/read to send the command message, + and read back the command response message to/from Firmware. + fops like read & write use the above defined service layer API(s) to communicate with + Firmware. + + Misc-device(/dev/_mux_chn) synchronization protocol: + + Non-Secure + Secure + | + | + +---------+ +-------------+ | + | se_fw.c +<---->+imx-mailbox.c| | + | | | mailbox.c +<-->+------+ +------+ + +---+-----+ +-------------+ | MU X +<-->+ ELE | + | +------+ +------+ + +----------------+ | + | | | + v v | + logical logical | + receiver waiter | + + + | + | | | + | | | + | +----+------+ | + | | | | + | | | | + device_ctx device_ctx device_ctx | + | + User 0 User 1 User Y | + +------+ +------+ +------+ | + |misc.c| |misc.c| |misc.c| | + kernel space +------+ +------+ +------+ | + | + +------------------------------------------------------ | + | | | | + userspace /dev/ele_muXch0 | | | + /dev/ele_muXch1 | | + /dev/ele_muXchY | + | + +When a user sends a command to the firmware, it registers its device_ctx +as waiter of a response from firmware. + +Enclave's Firmware owns the storage management, over Linux filesystem. +For this c_dev provisions a dedicated slave device called "receiver". + +.. kernel-doc:: drivers/firmware/imx/se_fw.c + :export: