From patchwork Wed Sep 4 10:51:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13790497 Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazon11012068.outbound.protection.outlook.com [52.101.66.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BE2D446CF for ; Wed, 4 Sep 2024 10:55:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.66.68 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725447336; cv=fail; b=oG3Ut02Febxh3jtyzVm4FWBctxznDSjI3XQGo8lRvqoHwV/bbrRx+1Hy66xQXORMEzx3DUEN1OBG+7XS9WMRtwwqWoxauD5qV8grn5JijeIWzhAYxcsJfPN0JkqH3sho28tpdidDguCEZhb2nvhIVHwluriL7JSNbmeqDA2vPPQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725447336; c=relaxed/simple; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=ltkv4bqB/xqr8HR28Bnu901y3hMK7ecyGPSDNq8cXv7/N6nxL47LENKRJbeI1Lw7sQ0xRlBlkv90LBSsDxvcXvYv7TqteAq34eHHD4fV8YDLXq7GVdLU96UNh7kUrrZlMs9qjSJOdrzfrFBZiL4zz8TQVm9C1goBsgvT7hhDTtM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b=hTWZI5nO; arc=fail smtp.client-ip=52.101.66.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b="hTWZI5nO" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vuUycfwKuDS07l6+H5ncwIjvzy4a03265ojVSOoGaFTsRXdAZHSQLrfie+MNlml85xpvAu1UzwssT6k6rFefk3sIwQC6vxw8cpdWlOyGPREFrW3UH+nPn9Jjio9CwEtlpvIMFOcUFT3Z2jYrf/5RqpoB314gyWmcDsQZGFOeXH/DOcG8vlUDDhueT4Qj/LYlnjfe85S6FKGmbY4Bnhk6pSRr7P4fpaA7VMtSE8yZFV7QjXk8hOYLlTxNC3qVVmZ5TxvkfP9mNfoZPLb/3nZ5B4A4inEVlP/W0F55vB3rzBLG0dTu+yX8sjRTycHbo8RnKTavfO128wVGCRQfDbnLJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=R6GJjdbmhz9tjgvFYMBRoTFGadqDsaDMqJn6miTYeUAV+H/Qi8waxOSFvFvh242CC/S6maIhMN4w0zp3Flca0JJk+SwaGbM4rdz6FvbCzUhOgXqBYj4+h2Gfvk2tH9ziLB6G7DVJhY2Lya+Yj4oQ2ZZ1f4co3/Aee5L4YBePVN6Ydj7dOpJHYUTBEZrXCt3OlEAjNx0Dea1wLmoL3l9mqqvBJmNqx0a1HYaGp+qCUziDpTlDbSjWi/ITfva3EdJfvruracWjDMtb94TAMG4FjeGejiS5rczKzeEpK2wt2Xs3g1l4t2bJliT3FNuV7i/gfNp+AfT8LDfM2Fp1Mmu5gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=hTWZI5nOjTmG8yQSrOC9nnvJkkuYmVYZIbWPkqhuZetn0jtp3skHWrO2P9gWxs88jTEHssL2t4N6lMC+rQPkSKoAknO9PO4g8D1WfFvL8ZuCTCWP2/tPvYUscDtAvFE4kgRNjp9wSNiaUgmrjjnDu9HUhyIa2RRzR6tbSApH8OQY80RbFpDbgIzN+llT16NW3oveJQHcvVZYG5sE9Xdsuf90M3VDiVRYJktMyfoZ3iuqWorbrKfYjV+4wYXucw0ZL3XRf3h+WzPExX36GFnODA9YN8aYgJFp+pItNSd0NASoH/iFE7A6kgs0xz97Fe538ziuT5xRisedCOjk78JuGw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) by DU2PR04MB8583.eurprd04.prod.outlook.com (2603:10a6:10:2da::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27; Wed, 4 Sep 2024 10:55:32 +0000 Received: from AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827]) by AM9PR04MB8604.eurprd04.prod.outlook.com ([fe80::e751:223e:aa3d:5827%5]) with mapi id 15.20.7918.024; Wed, 4 Sep 2024 10:55:31 +0000 From: Pankaj Gupta Date: Wed, 04 Sep 2024 16:21:17 +0530 Subject: [PATCH v7 1/5] Documentation/firmware: add imx/se to other_interfaces Message-Id: <20240904-imx-se-if-v7-1-5afd2ab74264@nxp.com> References: <20240904-imx-se-if-v7-0-5afd2ab74264@nxp.com> In-Reply-To: <20240904-imx-se-if-v7-0-5afd2ab74264@nxp.com> To: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , Pankaj Gupta , Rob Herring Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1725447104; l=6679; i=pankaj.gupta@nxp.com; s=20240523; h=from:subject:message-id; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; b=CFQ2dR7bZ3jQ2Kh5VOKxn8XPuCrg7pIeyQ6UcEm3wqjDw12DgR2TgZofUdu6tIFvN51Hiy+ON o4LmypXiMQ9DefI3JKcUpN8JN46yyI4WKFsqzKyElnpmYgHB6lyosqj X-Developer-Key: i=pankaj.gupta@nxp.com; a=ed25519; pk=OA0pBQoupy5lV0XfKzD8B0OOBVB6tpAoIf+0x1bYGRg= X-ClientProxiedBy: SG2PR04CA0152.apcprd04.prod.outlook.com (2603:1096:4::14) To AM9PR04MB8604.eurprd04.prod.outlook.com (2603:10a6:20b:43b::21) Precedence: bulk X-Mailing-List: imx@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR04MB8604:EE_|DU2PR04MB8583:EE_ X-MS-Office365-Filtering-Correlation-Id: 64649f9c-da98-4ba3-a79f-08dcccd0185f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|52116014|366016|1800799024|921020|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?ukVQ7e2cesa+61cPa0A4UxvvhSGNfg/?= =?utf-8?q?God6GwdN3wqhKy/7wQY3qZe40/xuLMENOlTsg3XFZ7w6qrM0wZWesRoQlY4Jq+kZB?= =?utf-8?q?ytJCh6KFG6BFbAK76dp7K3Zyi57slODSiP9+UXKsisrA9gUIGYMLuR6I+qVHY9rfK?= =?utf-8?q?CpKMMxWaoHRyzcbo9Clrl/uZHPODqOAAGm8L2oqI6LvzTyIvQuQn3akoEZswRtlPN?= =?utf-8?q?Io3Q4Lpk63al34WdmCJA8W7DJfkAy7ssA8xd3QV0BrpbolFBfpUJL3LIe6QvQsWfO?= =?utf-8?q?xfbQlh3fBiu32ue8kxkzZ3ayIb29sW4qemOcswDZZYf92tF3NJJCC24vvrBVps4w1?= =?utf-8?q?6Wg36IZFTveGTdvvwOyd21EwQ2WKJvGXD+yOkoJb9I+/aTORDfoRXb40+CFNpZDQY?= =?utf-8?q?ARAKX1MyStj35OTm9k8kqMs4e6Mpbf/64COBKommpKiKaFPV8WvN+1unvAVNBbcRQ?= =?utf-8?q?FcjvHFh6mPc91SilHUkRJVDV/xnHcgJwivdLOyel8omEFLqO7OBMNcoeSixLqOs64?= =?utf-8?q?n8fw4tidLLe6BgwTrxpri+7DOvudR+XB5hx7JXcyKOcGQwdF0/xvaNrVI1/K1Flnh?= =?utf-8?q?Z6AkLdUMRs4/qksfYUT/VFVNeLM5SRFatpqVta5aw0q/35NUqbAVIjRjO4/sHdL+F?= =?utf-8?q?hOdyIT6gbRJYE5QQRZidiH+wP+S4ztWR2C6UcMwvpIYDK7DBYx8JieoPysJSXIvx7?= =?utf-8?q?gSA/mNir2TF1UIIxWwRJWcK6PJaIIYqVpK44AWTPEy+k6wI84aaoPKUNwyjunv+NQ?= =?utf-8?q?ENqR5E8mmVpNQKFCjvWJm0wpHJAMjl2p5RGwj4ZVNt7GHjPSYIVWhJMB+GrDey9sn?= =?utf-8?q?aTVQxLrxq1LByLCJHfjCcCiGIOykq9JFYTIzlD66HrITwE6P1gxU/wtac3eakonYa?= =?utf-8?q?HNdRmTKYyFu96ul2MxmOz5ksAwMe0fVsm687scuEk5xWZjlFGvvDLX7xIgBiB7vYl?= =?utf-8?q?wnBEPEXnazjo9sRAw2Y64WsaBuA+MgQ1F9/86ukBL0Gol8h+mATalSjgf5dtwJ4kR?= =?utf-8?q?CAM/ea/5F35XEPN3kL4HLJYRNOITZIYK92wqBwYXFE2IXK+Ow+d8iIctLYIKk7t10?= =?utf-8?q?nm2IObxSQ9RrnQ6MeA4R8oMtSqcW6DOLX6Aqvkn+R5vDzruJcK4JIB535OxFy/YNv?= =?utf-8?q?AYPkX0jmnvxxYb5AB33PBBVUTIU2M0WCTboSUJ7SeKqMU+Gc0ICApQXvkgpk7rw/P?= =?utf-8?q?sArHffw2MXAYnlHIVZNJ8nCSHKfpOw+uJPojggKAEOhWA9VwLz61zsyE54DNMgHfV?= =?utf-8?q?q6ntnNPeMicLrIRKOVLBnKuzcqlgviZrNpCGv5yDjNCue5vDDOTjkY204ICj9jiuu?= =?utf-8?q?t9v3oufhZ6DopQ977ZUegkXWvb7/NqRGRJ3xHi1kiYwfKsc9KXosbS4=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR04MB8604.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(52116014)(366016)(1800799024)(921020)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?+IyF/KgK9cbghlXzZv6vCMET4ALH?= =?utf-8?q?frHhDkW8CgXz+jTpTIp5d30eRjX8hjGpALTqAP7HjfL+D4tatu/Blt9uUK8VkkrNy?= =?utf-8?q?lJ9/9ba2XDCQIDbAOmaBAL4rlcFELkaJYTNpmCr7yUOt68dRy6gR9ykZRngUBiWJl?= =?utf-8?q?xYPpoFz5r7/gizCKrvx+9lTsmuHEtF932Fxz2i0TSfgmgAfnS2Rnzl2/8RzI1WJb2?= =?utf-8?q?BkyNoBr8243swlzoQJPJO4UzGqd34qJM0Cdh7/DyAxxDch28+cPHUj/kQDe9nswNq?= =?utf-8?q?9r0Dum4dDN9N11YI4whXNlLKrK4MzNpqlPW6d7sAeAoNbeHYI5yCw4S0iS8epvYVj?= =?utf-8?q?qKqDFMmpVC8eURyXS4yFrmsDa2sPP97AoNov5P+a93a1kJLXmM9EwHb8bVr2O9hAT?= =?utf-8?q?Yo6IgPkArI27/tKKqzAYnrb9aMjneFXpBQlsc3PQnrp15cPgEXhrOEjMhaPyHIRoS?= =?utf-8?q?QakNKowYyJO60LszLY9Mkf6uLlW9StJxEeuJPTuutTkQVlo17Nc1F4+jbVAIlrlXr?= =?utf-8?q?WNNTzdhiT/03ixJKHSnpERwykbDD3Zaq3b/elMeoAc57uVJ5s2qBu1uesVs4JXkQ9?= =?utf-8?q?cEROF7EAY+cyZtb/na+Qxx/NGVACjWugDGVnkujNih2ct0vXNnK1qS39NCfIIs+Sg?= =?utf-8?q?wugjj49T0GBYpOzE2HqeMZ1tQdTPwuWlUuVBw8SEPtjWkCk81d/2rUCYu2i+NWPYg?= =?utf-8?q?K8FRJPVa59cAsNXWvrpFLO9RYcWb79tPfB+yDBUBu8k+JN1ruFIsBjDTvkmJQFHMe?= =?utf-8?q?MZkwcATSsY3LqEvVQFuQ8EB98RSAUrjHpIVurjJa78dYmiXdEr6UfJ/8c1jVwbGXN?= =?utf-8?q?OvoKnNUNa9/APmsY6P6PZH22wPAJ0uKWzovGEd71+6wezEcZCnX2FS8qtz+Sdh7u8?= =?utf-8?q?5Bfah46MLoZT3uRPflrTK0SGZ8bWiHWrwjyuX4e537dmU7nkOrhpJTfo8pcldsVUL?= =?utf-8?q?ve3TFDvTeKA6T64hW7qMkkCXhixme492aB1hiQblTbHFmNc5JmAF3tuQwmQrcO/1b?= =?utf-8?q?ewoz6TpwaJRY6F02vIdWE4fk6CDESqzeG7AQ8oAJ4xtmtbhIh+wxSK0Lj78c1gdKZ?= =?utf-8?q?dPiPsRkTDlElwACmrcBH4Mn0eIDSKKyzuI/qKefq1sUgPMBAZhNaoDF74OiZ5m6Av?= =?utf-8?q?Nie/DP1mu3xQcT4q5HL10p16AjP118MjLFDeRaGaFJfCk5dwIphDAJEUUOrXlQnE5?= =?utf-8?q?2A5TxcwH3LbFlgoKvuqWQnYFofd1bPXiK811mVkafVr6/zi+vhj4eq213SgT2NnTT?= =?utf-8?q?Na4lyspZj80t4tTY1K+sr1EDoLnwnWyj143RT4Targk02Vw0lGCai0YXcR9UqlQ1Z?= =?utf-8?q?UCsGdrmUMFkm4iZSkBbdRT2LMJga/niYVrLgWQfZaO5w2ALdyqBzz8y33JMGLoKrj?= =?utf-8?q?/S66Mq1sM0LJ0q5Te2fgevj6WMQKsOhOqUkWFmpjmz1gHqCNPhX9xFxwSuqkv4ViH?= =?utf-8?q?HY/RdZIdieXyiAV3mr9dcbqXsg6xzUyOpG4YKz81N5QwmHI7ScKvpY0+u/lcSHBcd?= =?utf-8?q?qV75Emt1V53m?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 64649f9c-da98-4ba3-a79f-08dcccd0185f X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8604.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2024 10:55:31.7172 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Pcy5svWIgGlVyT6YF/iLFkfVlMXpPl4HhtHFDPSFdjD5TGHzAcOha/xvNPYQvQB7iPUtW6lxdtZsy+THj/PyYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR04MB8583 Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s) that contains the NXP hardware IP(s) for Secure Enclaves(se) like: - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP Signed-off-by: Pankaj Gupta --- .../driver-api/firmware/other_interfaces.rst | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst index 06ac89adaafb..a3a95b54a174 100644 --- a/Documentation/driver-api/firmware/other_interfaces.rst +++ b/Documentation/driver-api/firmware/other_interfaces.rst @@ -49,3 +49,124 @@ of the requests on to a secure monitor (EL3). .. kernel-doc:: drivers/firmware/stratix10-svc.c :export: + +NXP Secure Enclave Firmware Interface +===================================== + +Introduction +------------ +The NXP's i.MX HW IP like EdgeLock Enclave, V2X etc., creates an embedded secure +enclave within the SoC boundary to enable features like + - Hardware Security Module (HSM) + - Security Hardware Extension (SHE) + - Vehicular to Anything (V2X) + +Each of the above feature is enabled through dedicated NXP H/W IP on the SoC. +On a single SoC, multiple hardware IP (or can say more than one secure enclave) +can exist. + +NXP SoCs enabled with the such secure enclaves(SEs) IPs are: +i.MX93, i.MX8ULP + +To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive +MUs, dedicated to itself. None of the MU is shared between two SEs. +Communication of the MU is realized using the Linux mailbox driver. + +NXP Secure Enclave(SE) Interface +-------------------------------- +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' +that is/are dedicated to a particular SE will be enumerated and provisioned using the +single compatible node("fsl,imx95-se"). + +Each 'se-if' comprise of twp layers: +- (C_DEV Layer) User-Space software-access interface. +- (Service Layer) OS-level software-access interface. + + +--------------------------------------------+ + | Character Device(C_DEV) | + | | + | +---------+ +---------+ +---------+ | + | | misc #1 | | misc #2 | ... | misc #n | | + | | dev | | dev | | dev | | + | +---------+ +---------+ +---------+ | + | +-------------------------+ | + | | Misc. Dev Synchr. Logic | | + | +-------------------------+ | + | | + +--------------------------------------------+ + + +--------------------------------------------+ + | Service Layer | + | | + | +-----------------------------+ | + | | Message Serialization Logic | | + | +-----------------------------+ | + | +---------------+ | + | | imx-mailbox | | + | | mailbox.c | | + | +---------------+ | + | | + +--------------------------------------------+ + +- service layer: + This layer is responsible for ensuring the communication protocol that is defined + for communication with firmware. + + FW Communication protocol ensures two things: + - Serializing the messages to be sent over an MU. + + - FW can handle one command message at a time. + +- c_dev: + This layer offers character device contexts, created as '/dev/_mux_chx'. + Using these multiple device contexts that are getting multiplexed over a single MU, + userspace application(s) can call fops like write/read to send the command message, + and read back the command response message to/from Firmware. + fops like read & write use the above defined service layer API(s) to communicate with + Firmware. + + Misc-device(/dev/_mux_chn) synchronization protocol: + + Non-Secure + Secure + | + | + +---------+ +-------------+ | + | se_fw.c +<---->+imx-mailbox.c| | + | | | mailbox.c +<-->+------+ +------+ + +---+-----+ +-------------+ | MU X +<-->+ ELE | + | +------+ +------+ + +----------------+ | + | | | + v v | + logical logical | + receiver waiter | + + + | + | | | + | | | + | +----+------+ | + | | | | + | | | | + device_ctx device_ctx device_ctx | + | + User 0 User 1 User Y | + +------+ +------+ +------+ | + |misc.c| |misc.c| |misc.c| | + kernel space +------+ +------+ +------+ | + | + +------------------------------------------------------ | + | | | | + userspace /dev/ele_muXch0 | | | + /dev/ele_muXch1 | | + /dev/ele_muXchY | + | + +When a user sends a command to the firmware, it registers its device_ctx +as waiter of a response from firmware. + +Enclave's Firmware owns the storage management, over Linux filesystem. +For this c_dev provisions a dedicated slave device called "receiver". + +.. kernel-doc:: drivers/firmware/imx/se_fw.c + :export: