From patchwork Mon Jul 22 04:51:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13738267 Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazon11013003.outbound.protection.outlook.com [52.101.67.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 237BC4C6E for ; Mon, 22 Jul 2024 04:55:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.67.3 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721624110; cv=fail; b=RWf7Ubk9KexAkgWlO3nTeFFCPVpzGOGKWj/NeFhuIEoF8x+jBucqSI8ODch4hh9juuz1fBeO/18ZwTjGJDT7pvwuhGJOkIx03V9VBNL5SU3pWfUpFFYSjCTSVPn/LW2CRNWd3nDjLnG4z+dL58aKKqpnCG5kqmmY0m0cvEeWkuk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721624110; c=relaxed/simple; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=GGihD2BG9r4nuE5c5bu3x+Ci1upZpXyY6zWDFvlKQf2vby2eSQPba9D7sC0JjGurba92soI2vQJHfOdSTTT3DLtn+zHK3ZPWbMqx7hfRJdHbaeMgHCGqiPDAVrlFj4e92phfH/JM4x7v8DjX05vjYvfW7/P+qfyKTl2SpsytwTY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b=QkaU2hsU; arc=fail smtp.client-ip=52.101.67.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b="QkaU2hsU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PNwMEmSzMdWWmUytHCvif/talqi7XwRw/9BLsJ5vQBmEn44PmLbveOerNuWjSEGjD62vIU8DHemrgdNg05cvowPYGQoJfa4jJGJ1l4liwZEVFTqgHa5YqFFbbLEDDOAwyOQYoe10dhz8TFqIzWEOOWU/WV3tG89wfOnUPeeLF0ESOWq3od6OW8FJTFxKnGX9yzWT8V2LisUbnuQvhnDh188klxR/eTzrLx32LogqHomtH4oiWLgNabqsWoQBPbkEDmktZDovAWWhJq2R+Szjve+KLFxIFGn/riOZfTXPxy6EgGroTKf1OxMWxuXw8RKOwL/i2ItwoP4xvaM9l4IDVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=ONBBF3gZkSkwhQED7KFL25ecyiCcYDTprdJQAWjjohy1Bsyy+fk/Z1elFeuYMnEOq+cCS9+C9NZMcsn2e+nM83uqXpPYt9dlIpZl18UF0+/oUQ9hwST3DyVPVtXhphikN2twCSJuyUNKkVC+dS/c2zmciHP0mt/rjIZnedFODxq+1n3NnLxs6SfhSoF7tAOUuYh5XD9bDqSHIEhszc8t+IzxymCIdCck/jiaPbq7MosoMhJPmjppC6MRBvWkdQM/B1UwulA16AkYZsH2WBXEYKS33Hy79Bl0awBRC35A7khWFkUJ7fgfkfSiFC/a6wplUoR2ylE8sic2cWDjo9Cwig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=QkaU2hsUqa41lcW1M/YkxZSxcQJa87DkcGtk/Yj4IVktFsisuwKc/rwycIcM/CmbmXXUe8G+9bqCCczQoyOmXPaPfZj8p7uJkm3uoVxk97aWkypM77zBUvs042ioNLQSQNETmfRM2qiL7T1yl4YNlXKhanJT9tcdDO2J32ZuBT0= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) by PA1PR04MB10441.eurprd04.prod.outlook.com (2603:10a6:102:447::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.20; Mon, 22 Jul 2024 04:55:05 +0000 Received: from AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827]) by AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827%3]) with mapi id 15.20.7784.017; Mon, 22 Jul 2024 04:55:05 +0000 From: Pankaj Gupta Date: Mon, 22 Jul 2024 10:21:36 +0530 Subject: [PATCH v6 1/5] Documentation/firmware: add imx/se to other_interfaces Message-Id: <20240722-imx-se-if-v6-1-ee26a87b824a@nxp.com> References: <20240722-imx-se-if-v6-0-ee26a87b824a@nxp.com> In-Reply-To: <20240722-imx-se-if-v6-0-ee26a87b824a@nxp.com> To: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , Pankaj Gupta , Rob Herring Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1721623911; l=6679; i=pankaj.gupta@nxp.com; s=20240523; h=from:subject:message-id; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; b=Xf/d3sgwWHkhondZwUgp3VsXNunyBRZ1EEnsx75Uh5JowvZ9cLtNB0Vi1on+/y0FqhfhbBKHU t/6poiigNd7BUYD1lPdygLhBAcQpWEpfWQzLk8/ai8BvIZAS94a11O8 X-Developer-Key: i=pankaj.gupta@nxp.com; a=ed25519; pk=OA0pBQoupy5lV0XfKzD8B0OOBVB6tpAoIf+0x1bYGRg= X-ClientProxiedBy: SGBP274CA0018.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:b0::30) To AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) Precedence: bulk X-Mailing-List: imx@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR04MB8604:EE_|PA1PR04MB10441:EE_ X-MS-Office365-Filtering-Correlation-Id: cef6496d-01b9-4c37-44e4-08dcaa0a7448 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|52116014|1800799024|366016|38350700014|921020; X-Microsoft-Antispam-Message-Info: =?utf-8?q?H0BpepUDMdhd0Smqjq8IBueTrHzk9MI?= =?utf-8?q?MzU8HNuuUci3+1UqPUV45vIN5ElDynSO8atb9y3UdOZWIzgBhbfsXicd4PESVyAvU?= =?utf-8?q?iQXa3wgXsDG8MEIDw2gCWcmtdtqdo8YDBI5ERi3MWdQQuxKdUlyjDPiNucRvYqUHA?= =?utf-8?q?STqoI5hHkujQzbt7K+FkPlBxNo2ctRJUICnuVf6CkJQ9sqKUze8nPntFPl9YWrDnd?= =?utf-8?q?nbYDAeQYm/vEp5FStSDzcenJT36kAUmuqM0CZ3hVRHpRuGvifQ+Hkxhtqw2nkksfQ?= =?utf-8?q?/yoxMpr+13YLsQ6Cl0cOTSmse8+lAdUrdZppM9GeeLXQnSUM5KxLtvdXrg9lPyLZ+?= =?utf-8?q?vD3bpmYvuJS6UygC0yxItMe2mLxGCfcwZPxJwymqyJMzsAc0F4994r7qAZi/F91ed?= =?utf-8?q?ilTVu8pAJjLZxBlD790nDvksCuOhZxBC89j4+nbGcsdC8E+8OAwNTHLaYIN8fam8v?= =?utf-8?q?AYdxieEL7B3Yjcy5uwhvDLPc1CDm9mFg4QyBjdHHtyX7jUGIwJg1hOGk6SOE7WHji?= =?utf-8?q?YXCQr6hJtYWUWgFdFUgDOV8ZKQfoi0Un8X0hmsicHyJEJMH26ALf54GQSpR5aEEZo?= =?utf-8?q?hvrJil4ulb0Tbyd9CJXN13qipzh5/dLFPhAMq4Hl8Q7kr9SC7xVotwSc9Y/0WppEu?= =?utf-8?q?FhqbojmSAqRIu6TCCoZXRgyYAAuLEU+GVNjmbg6t7rQT48249Uvlp9jflmRBk9fOC?= =?utf-8?q?GY3CKgvxebZf6Lt5PBKoOHSOc6xZjbgfvckm4w7dX5Iy5Dg8uwu0f7sBrTLPExR85?= =?utf-8?q?Ts2s3UOd91gyJxQ/qd+K2SgqcZNQz1mXUQpUtRxh70aFddhKUfRZ+qY1WP1TU3DlF?= =?utf-8?q?8z1RnlhgYQTsnuy73jtCJZYC1CScuROvm/K8+d20H9X0eEe4pL7LffCC4IpiSXQSA?= =?utf-8?q?2yDvozniE+5lzumekpvSqts4UjUqeXBoEzPhW1UiP8qjwIl3IwwsE7JXo8yNGhF6W?= =?utf-8?q?XlyZxA1NFXdes+8oc7MFK4p3Vf0M+a3bHBcT32+i3fvKwuF3IL2VWNlFtiBR9JblH?= =?utf-8?q?9sPCUlJZktjXCNoGsjb1a6pyYDdhDGWzjDcYgydumgOHOJ3F7Y+Cv8P0DAKwvSo+R?= =?utf-8?q?FxUZpQdnvJMYedoEJ1VPuU2agYwaM6k8O9b4L+LPzsjIaXm6Vcz5xVrcrAGjoUa1a?= =?utf-8?q?CaZcYgKTxVJw8Xg7gyvJan8V5Q3Q//U1uebKUehQKw9AH5ges8fkcUH/E8U6McDuL?= =?utf-8?q?75971l4xDSbgT+/W+zCuxjGs6QP+9mruk/5ff6RpxviUgFJiR7nuxMgWCsiV4rsyG?= =?utf-8?q?yZoXTtuEu6PT5FrpVc8cq3+HHAi5jauaAq/Nymw/gfWUEvYRU6i9pp93pHrO+tsaw?= =?utf-8?q?W03RqBtkNvPEHbL7CGHouNvQjitdSHx8tCZ7xKcl1zM10WnatsKNb9A=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR04MB8604.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(52116014)(1800799024)(366016)(38350700014)(921020);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?a4bIl8fJ1oGp/OnNb98k8mikvfaR?= =?utf-8?q?7Tym/Lu+7fEg/bIOTr4v52GySWeok/PhCBmCnmDUz3aBsP+XRpuunXbJ3nvMQ+o03?= =?utf-8?q?kxpRs4T7CcV5J1XJKM08mqyZG3p7cuETcZ27eLpOxTT6SX8r2+aITTVM03gBs7eOX?= =?utf-8?q?y4VjHf4Y0tZGfHwMT19002iTwKA8vZ52rQn2foPjaop4t4CjCXBKNHmKP9XS69m4F?= =?utf-8?q?xJ+OSSspwtOk2aCQEHxjOmGts7FzSU3mb9V4EsYuVKcX+uN1FdyTjcSatJ3tlCSxq?= =?utf-8?q?RzUkM+uhXcWXrT+LRqvYll9KBCzySrIHaVdXZsB2qhpsuT/ohV9J4ObJQyEs4TMTh?= =?utf-8?q?xzmeMO9jZonbZfPxOc3bNpgu9HnvS8ku4H+qbHB2FcSAhTu3NalMn0piuVRJj6YaJ?= =?utf-8?q?XyliFvlFeXHphyW+OxY4WTJBQ/r2MO6uNqMg2m/CgK57n4OqZ7a9nbHs6EfBYntkS?= =?utf-8?q?vdEnl3xgYSVkdbGZ/Qg4hwBqe12ffmiuqh6NXBLRLmZqZsgMq6MRk8/Ff+YReSn5I?= =?utf-8?q?LQpOgmP/sZrWhJOBcznppT6DlItvPfv4bY1gUPRxMcJ2OFT1Oz/43Bv0W5nmNJreY?= =?utf-8?q?+Qn5rAxlZ28bLh+yl96fIVJE48aVuUX8bla+PyUCwXClKJlQxP4ObLI44VXnuT0rV?= =?utf-8?q?A5CeykpClwujRM8sTF8bQbDROdGUyaGyewg5a6vHvWXhrlLzOmSGv6H/c4SvtHxeQ?= =?utf-8?q?Z+SnFwOMnsShT3I+8o+USJXces0Th+LlKo5hM0VZh20+pW+O3wTikMKYbT81/Vi8M?= =?utf-8?q?2nPJEQtStzZdszx5yJxSznpLyiKTN7qSARNR6rrUvBcyNiz+qcSSjFUd0fz2s3Klf?= =?utf-8?q?3sDGwF9dusGbgQ264DNXm616axYeRBZQci3gws6pXgNc7y2mJDy25epX4+dBaZzGU?= =?utf-8?q?UOC2nVihFKTBo4JjRTAohEJoihstUfcJeK9PvAwNCifJQ/ioKDnGad/DZUSOGIVZT?= =?utf-8?q?g4Oz8a2NW3iS8zgcNBKPGUnU5VK1fXaq7I82yDMgORAHisB9aafqPtpjx+c32T8b4?= =?utf-8?q?z2fNCRcwh1oI+l5/4FcTxIgS+IZ5QKuNf7xawoyE4EVod2UGEDT36rVlNqnVieDjJ?= =?utf-8?q?nVPFYgiuMy0gTfHxfkJdyS3WKtk9k82eJJ9Bjhd+DkDtVLzzGMw5TUPaWfJmDHSIU?= =?utf-8?q?j18G+xEkAg0UWu0VR5VWOUWQV1YS7PsM/kreae9r1f3khSYU4pIYFEStPtlpK+GlF?= =?utf-8?q?BUzAM8VBfZUPoTp092jSfX0dJLYyj4850gucgZIZ25IoAWVrjZWu72XPDwyy4sani?= =?utf-8?q?1guF6+zAAsubgXZTyUqgjaKVjJZwd5RnoKI+FgbiAstOd2o6r1sjEvcq3gVg6g14V?= =?utf-8?q?iIJnGjy3aSH2nSVpFb9yjQg/EmxeZpgkZNoeY9tJnparuvAEJLR9AYPYW1xG1CF/+?= =?utf-8?q?lPiprnWr+a99gBs6tXqSI10DH/CpMzEJUs67B+8oZokum5XMmiMk1vXqs7x+nP0y5?= =?utf-8?q?G6pjJgO+aKRjYfhDb+g/+7xXrrx/GQmbMsumhEb87AcWlEaZOCzApXdkOw+o4oquQ?= =?utf-8?q?Lf/p+2905J76?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: cef6496d-01b9-4c37-44e4-08dcaa0a7448 X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8604.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2024 04:55:05.7908 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iT00UfuvfMehJorHpuL1SSTxXZowAxsNir75zN8ZFou8G7ZaTlq36qOdw48qZmDoqicguXtuSBsy5TBkZCwH0A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR04MB10441 Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s) that contains the NXP hardware IP(s) for Secure Enclaves(se) like: - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP Signed-off-by: Pankaj Gupta --- .../driver-api/firmware/other_interfaces.rst | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst index 06ac89adaafb..a3a95b54a174 100644 --- a/Documentation/driver-api/firmware/other_interfaces.rst +++ b/Documentation/driver-api/firmware/other_interfaces.rst @@ -49,3 +49,124 @@ of the requests on to a secure monitor (EL3). .. kernel-doc:: drivers/firmware/stratix10-svc.c :export: + +NXP Secure Enclave Firmware Interface +===================================== + +Introduction +------------ +The NXP's i.MX HW IP like EdgeLock Enclave, V2X etc., creates an embedded secure +enclave within the SoC boundary to enable features like + - Hardware Security Module (HSM) + - Security Hardware Extension (SHE) + - Vehicular to Anything (V2X) + +Each of the above feature is enabled through dedicated NXP H/W IP on the SoC. +On a single SoC, multiple hardware IP (or can say more than one secure enclave) +can exist. + +NXP SoCs enabled with the such secure enclaves(SEs) IPs are: +i.MX93, i.MX8ULP + +To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive +MUs, dedicated to itself. None of the MU is shared between two SEs. +Communication of the MU is realized using the Linux mailbox driver. + +NXP Secure Enclave(SE) Interface +-------------------------------- +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' +that is/are dedicated to a particular SE will be enumerated and provisioned using the +single compatible node("fsl,imx95-se"). + +Each 'se-if' comprise of twp layers: +- (C_DEV Layer) User-Space software-access interface. +- (Service Layer) OS-level software-access interface. + + +--------------------------------------------+ + | Character Device(C_DEV) | + | | + | +---------+ +---------+ +---------+ | + | | misc #1 | | misc #2 | ... | misc #n | | + | | dev | | dev | | dev | | + | +---------+ +---------+ +---------+ | + | +-------------------------+ | + | | Misc. Dev Synchr. Logic | | + | +-------------------------+ | + | | + +--------------------------------------------+ + + +--------------------------------------------+ + | Service Layer | + | | + | +-----------------------------+ | + | | Message Serialization Logic | | + | +-----------------------------+ | + | +---------------+ | + | | imx-mailbox | | + | | mailbox.c | | + | +---------------+ | + | | + +--------------------------------------------+ + +- service layer: + This layer is responsible for ensuring the communication protocol that is defined + for communication with firmware. + + FW Communication protocol ensures two things: + - Serializing the messages to be sent over an MU. + + - FW can handle one command message at a time. + +- c_dev: + This layer offers character device contexts, created as '/dev/_mux_chx'. + Using these multiple device contexts that are getting multiplexed over a single MU, + userspace application(s) can call fops like write/read to send the command message, + and read back the command response message to/from Firmware. + fops like read & write use the above defined service layer API(s) to communicate with + Firmware. + + Misc-device(/dev/_mux_chn) synchronization protocol: + + Non-Secure + Secure + | + | + +---------+ +-------------+ | + | se_fw.c +<---->+imx-mailbox.c| | + | | | mailbox.c +<-->+------+ +------+ + +---+-----+ +-------------+ | MU X +<-->+ ELE | + | +------+ +------+ + +----------------+ | + | | | + v v | + logical logical | + receiver waiter | + + + | + | | | + | | | + | +----+------+ | + | | | | + | | | | + device_ctx device_ctx device_ctx | + | + User 0 User 1 User Y | + +------+ +------+ +------+ | + |misc.c| |misc.c| |misc.c| | + kernel space +------+ +------+ +------+ | + | + +------------------------------------------------------ | + | | | | + userspace /dev/ele_muXch0 | | | + /dev/ele_muXch1 | | + /dev/ele_muXchY | + | + +When a user sends a command to the firmware, it registers its device_ctx +as waiter of a response from firmware. + +Enclave's Firmware owns the storage management, over Linux filesystem. +For this c_dev provisions a dedicated slave device called "receiver". + +.. kernel-doc:: drivers/firmware/imx/se_fw.c + :export: