[2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc

Message ID	20240510-imx-se-if-v1-2-27c5a674916d@nxp.com (mailing list archive)
State	Superseded
Headers	show Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2042.outbound.protection.outlook.com [40.107.6.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 054C312C805 for <imx@lists.linux.dev>; Fri, 10 May 2024 13:30:08 +0000 (UTC) From: Pankaj Gupta <pankaj.gupta@nxp.com> Date: Fri, 10 May 2024 18:57:28 +0530 Subject: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240510-imx-se-if-v1-2-27c5a674916d@nxp.com> References: <20240510-imx-se-if-v1-0-27c5a674916d@nxp.com> In-Reply-To: <20240510-imx-se-if-v1-0-27c5a674916d@nxp.com> To: Jonathan Corbet <corbet@lwn.net>, Rob Herring <robh+dt@kernel.org>, Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>, Conor Dooley <conor+dt@kernel.org>, Shawn Guo <shawnguo@kernel.org>, Sascha Hauer <s.hauer@pengutronix.de>, Pengutronix Kernel Team <kernel@pengutronix.de>, Fabio Estevam <festevam@gmail.com> Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org, Pankaj Gupta <pankaj.gupta@nxp.com> Precedence: bulk MIME-Version: 1.0
Series	Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave \| expand [0/4] Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave [1/4] Documentation/firmware: add imx/se to other_interfaces [2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc [3/4] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware [4/4] firmware: imx: add driver for NXP EdgeLock Enclave

Message ID

20240510-imx-se-if-v1-2-27c5a674916d@nxp.com (mailing list archive)

State

Superseded

Headers

From: Pankaj Gupta <pankaj.gupta@nxp.com>
Date: Fri, 10 May 2024 18:57:28 +0530
Subject: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20240510-imx-se-if-v1-2-27c5a674916d@nxp.com>
References: <20240510-imx-se-if-v1-0-27c5a674916d@nxp.com>
In-Reply-To: <20240510-imx-se-if-v1-0-27c5a674916d@nxp.com>
To: Jonathan Corbet <corbet@lwn.net>, Rob Herring <robh+dt@kernel.org>,
 Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
 Conor Dooley <conor+dt@kernel.org>, Shawn Guo <shawnguo@kernel.org>,
 Sascha Hauer <s.hauer@pengutronix.de>,
 Pengutronix Kernel Team <kernel@pengutronix.de>,
 Fabio Estevam <festevam@gmail.com>
Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
 devicetree@vger.kernel.org, imx@lists.linux.dev,
 linux-arm-kernel@lists.infradead.org, Pankaj Gupta <pankaj.gupta@nxp.com>
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?xa/HlCZ+B9y36a169ExBZ/aKul6w?=
	=?utf-8?q?kW0PVy2LYAfVXPAZ2xKF5Yt/QWC0ZtBis2U09bhzZABWYbfUuzDc3HDLHbk52JiCQ?=
	=?utf-8?q?tGublRmGa3q1DFAKS8ucUQilE1qRwPcxADpeFCSrUd0otCsOXSU+JpDCnc9VUT/y9?=
	=?utf-8?q?+y60Pjiyt7LoH+Xx0q1Induiq1/aMa2KqeAHMWZH77zwJZmrFr+nPkOEa4sXD7scc?=
	=?utf-8?q?9eXdLEwHPo36Y0gwCt72f2smPj87xRkbW3eaAXgC4mpMRIhoikGxi0OcGC8dAc5kd?=
	=?utf-8?q?wxG8pjYVhDjIM57UbW3HvxND4qo0+PRmbfOh85NYWq7wTdagPh+CBpDnfqZ2cLCqN?=
	=?utf-8?q?yfiZ2ipCMjqBQZ5VKZpFn9lXwUNFjqTNaiucC9j9Bgr+e5Qzw00hNQQ4zfkLeVroF?=
	=?utf-8?q?N/hIB7sP8XBdSFKroa4nAt5n9r0vQ6irCy2ELjvy5jAewOZU9zdH5z1kYIKf4/4rJ?=
	=?utf-8?q?7h3uVwtTELfrDGkNxZegKNVkgBsWgOSywII1Z2bHTshPGZXYkv+PwhXP4I3ovmaCs?=
	=?utf-8?q?CZTGPdTktanS69ubi/efoaAUy36+TTnUyOXi3axwm8g6darTGhbf9JzqDPXdfad8c?=
	=?utf-8?q?sdWK+7CIwMAFTk42HwcLdEnyVInVjxX0RRZQobDoyVRfYxMC82dzP1QhFDLMJ/fnm?=
	=?utf-8?q?8GD4LLYX1ZQad2HkkHZ7zSGA7WCEPXiOlBrJ3d3vDLbwHxPABtmCjVOz0TU6vdOWn?=
	=?utf-8?q?EJCIA5j2vcTwwlrJEa8um7wZBzDMaF4kguSEah3gAPFJLwECyl8532vANUQ+LcL2Z?=
	=?utf-8?q?2GvrAUtICEriS4Q7ApFQNsBcQ0DRunsSyL4Azx+IOVkgBa+fNfkDuYCFS+6lHJ9la?=
	=?utf-8?q?QVghzD50oig7RC8iqJv+RDYQEKf3VgdnAZtwgi+9Eu1e09pR1cilqS52RR23yuyzu?=
	=?utf-8?q?Kcrr0fK6r1FsTCy+5ojvFVkZLqoXbC8HZKMeJLaj5dscr1UBAg7UxTgK50BPO+56A?=
	=?utf-8?q?0lXjlLgxH/g0SZLkW5d2szRjsOxX/YtsvqXYc5RGwa+HUPGq+IRdX8DU6h5aEttpM?=
	=?utf-8?q?ibFfissaF9Losp5FEXw3KAFhlyz7CPQGEesxnllkJcrbvSfQVjm4KMya+Xoj34MW7?=
	=?utf-8?q?f4OFJiNK4CregZMMnhx2DAJ7K/KcmWN6HfRfivGY5hNsBCi69DyKTWg7Tw6ywePmb?=
	=?utf-8?q?keM2HSrSbzUxMbbLYlcDB4Qoq1suOD4e7Fx8RTGGuPvy9EyX7CrTo0Fi/l+of8Lq+?=
	=?utf-8?q?jxXimc0wl4RSgRGPMJRISUtl0BZm1+J81JU4LGSYBSSoqBLLVQqORdsBfSidIVb7O?=
	=?utf-8?q?QYMJ75lNXdZ/am6IXIwfLJaE8GPNuzAtQV1JROUjBMQTHYAtxIPGqKp+HjuEiDvnA?=
	=?utf-8?q?fR53msnhbO59GK23dgReR0mxdU9sS7jkxwUnMWMpArsPs6UUDVF3Z/ORdrtq8FEAd?=
	=?utf-8?q?UBHduqRK3Yd8HQ8LUkBPcvbr40fwxEDoKwa/IwDZWiFnSZUwfCyIWxrSbx/oS+gRL?=
	=?utf-8?q?THlUkyKms9Cmv/uCTg1u4sXsGkCAD+x22PtBduPBZuQ+Zp/TankJVbSpu7wgrUrSF?=
	=?utf-8?q?pwFIM5jZjowB?=
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6308109b-22d1-4324-fe3f-08dc70f54e39
X-MS-Exchange-CrossTenant-AuthSource: AM9PR04MB8604.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 May 2024 13:30:06.2312
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 UzyJjZopCdLvfw6qKmxLxO3z0kgngRJWkkvcq/4Knbju8UB6j+b7/ULj3w6Hv7RhnSdeddtGdrxd43Nzrqkotw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS5PR04MB10041

Series

Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave | expand

Commit Message

Pankaj Gupta May 10, 2024, 1:27 p.m. UTC

The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
creates an embedded secure enclave within the SoC boundary to enable
features like:
- HSM
- SHE
- V2X

Secure-Enclave(s) communication interface are typically via message
unit, i.e., based on mailbox linux kernel driver. This driver enables
communication ensuring well defined message sequence protocol between
Application Core and enclave's firmware.

Driver configures multiple misc-device on the MU, for multiple
user-space applications, to be able to communicate over single MU.

It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
 .../devicetree/bindings/firmware/fsl,imx-se.yaml   | 186 +++++++++++++++++++++
 1 file changed, 186 insertions(+)

Comments

Rob Herring (Arm) May 10, 2024, 2:22 p.m. UTC | #1

On Fri, 10 May 2024 18:57:28 +0530, Pankaj Gupta wrote:
> The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> creates an embedded secure enclave within the SoC boundary to enable
> features like:
> - HSM
> - SHE
> - V2X
> 
> Secure-Enclave(s) communication interface are typically via message
> unit, i.e., based on mailbox linux kernel driver. This driver enables
> communication ensuring well defined message sequence protocol between
> Application Core and enclave's firmware.
> 
> Driver configures multiple misc-device on the MU, for multiple
> user-space applications, to be able to communicate over single MU.
> 
> It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> 
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
>  .../devicetree/bindings/firmware/fsl,imx-se.yaml   | 186 +++++++++++++++++++++
>  1 file changed, 186 insertions(+)
> 

My bot found errors running 'make dt_binding_check' on your patch:

yamllint warnings/errors:

dtschema/dtc warnings/errors:
Documentation/devicetree/bindings/firmware/fsl,imx-se.example.dtb: /example-2/v2x: failed to match any schema with compatible: ['fsl,imx95-v2x']

doc reference errors (make refcheckdocs):

See https://patchwork.ozlabs.org/project/devicetree-bindings/patch/20240510-imx-se-if-v1-2-27c5a674916d@nxp.com

The base for the series is generally the latest rc1. A different dependency
should be noted in *this* patch.

If you already ran 'make dt_binding_check' and didn't see the above
error(s), then make sure 'yamllint' is installed and dt-schema is up to
date:

pip3 install dtschema --upgrade

Please check and re-submit after running the above command yourself. Note
that DT_SCHEMA_FILES can be set to your schema file to speed up checking
your schema. However, it must be unset to test all examples with your schema.

Rob Herring (Arm) May 10, 2024, 8:09 p.m. UTC | #2

On Fri, May 10, 2024 at 06:57:28PM +0530, Pankaj Gupta wrote:
> The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> creates an embedded secure enclave within the SoC boundary to enable
> features like:
> - HSM
> - SHE
> - V2X
> 
> Secure-Enclave(s) communication interface are typically via message
> unit, i.e., based on mailbox linux kernel driver. This driver enables
> communication ensuring well defined message sequence protocol between
> Application Core and enclave's firmware.
> 
> Driver configures multiple misc-device on the MU, for multiple
> user-space applications, to be able to communicate over single MU.
> 
> It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> 
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
>  .../devicetree/bindings/firmware/fsl,imx-se.yaml   | 186 +++++++++++++++++++++
>  1 file changed, 186 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> new file mode 100644
> index 000000000000..a858ef6965cb
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> @@ -0,0 +1,186 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> +
> +maintainers:
> +  - Pankaj Gupta <pankaj.gupta@nxp.com>
> +
> +description: |
> +  NXP's SoC may contain one or multiple embedded secure-enclave HW
> +  IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> +  enables features like
> +    - Hardware Security Module (HSM),
> +    - Security Hardware Extension (SHE), and
> +    - Vehicular to Anything (V2X)
> +
> +  Communication interface to the secure-enclaves is based on the
> +  messaging unit(s).
> +
> +properties:
> +  '#address-cells':
> +    const: 1
> +
> +  '#size-cells':
> +    const: 0
> +
> +  compatible:
> +    enum:
> +      - fsl,imx8ulp-ele
> +      - fsl,imx93-ele

You basically have 0 properties in the parent node. What's the point of 
it? Either just get rid of it and define the child nodes independently 
or make the parent contain all the resources.

> +
> +patternProperties:
> +  "^[0-9a-z]*-if@[0-9]+$":

unit-addresses are hex. 

> +    type: object
> +    description:
> +      Communication interface to secure-enclave node, that defines hardware
> +      properties to required to establish the communication. There can be
> +      multiple interfaces to the same secure-enclave. Each interface is
> +      enumerated with reg property. It optionally defines properties
> +      depending on the compatible string and interface enum identifier.
> +
> +    properties:
> +      reg:
> +        maxItems: 1
> +        description: Identifier of the communication interface to secure-enclave.

What are the identifiers based on? Is the value significant to s/w? Kind 
of looks like you just made up indices.

How many child nodes do you have? Is it fixed per SoC?

> +
> +      mboxes:
> +        description: contain a list of phandles to mailboxes.
> +        items:
> +          - description: Specify the mailbox used to send message to se firmware
> +          - description: Specify the mailbox used to receive message from se firmware
> +
> +      mbox-names:
> +        items:
> +          - const: tx
> +          - const: rx
> +          - const: txdb
> +          - const: rxdb
> +        minItems: 2
> +
> +      memory-region:
> +        description: contains a list of phandles to reserved external memory.
> +        items:
> +          - description: It is used by secure-enclave firmware. It is an optional
> +              property based on compatible and identifier to communication interface.
> +              (see bindings/reserved-memory/reserved-memory.txt)
> +
> +      sram:
> +        description: contains a list of phandles to sram.
> +        $ref: /schemas/types.yaml#/definitions/phandle-array
> +        items:
> +          - description: Phandle to the device SRAM. It is an optional property
> +              based on compatible and identifier to communication interface.
> +
> +    required:
> +      - reg
> +      - mboxes
> +      - mbox-names
> +
> +allOf:
> +  # memory-region
> +  - if:
> +      properties:
> +        compatible:
> +          contains:
> +            enum:
> +              - fsl,imx8ulp-ele
> +              - fsl,imx93-ele

What else would they contain? Those are the only compatibles defined 
here.

> +    then:
> +      patternProperties:
> +        "^[0-9a-z]*-if@[0-9]+$":
> +          allOf:
> +            - if:

These conditionals are hard to follow. Probably a sign some of this 
needs to be separate or simplified.

> +                properties:
> +                  reg:
> +                    items:
> +                      - enum:
> +                          - 0
> +              then:
> +                required:
> +                  - memory-region
> +              else:
> +                not:
> +                  required:
> +                    - memory-region
> +  # sram
> +  - if:
> +      properties:
> +        compatible:
> +          contains:
> +            enum:
> +              - fsl,imx8ulp-ele
> +    then:
> +      patternProperties:
> +        "^[0-9a-z]*-if@[0-9]+$":
> +          allOf:
> +            - if:
> +                properties:
> +                  reg:
> +                    items:
> +                      - enum:
> +                          - 0
> +              then:
> +                required:
> +                  - sram
> +              else:
> +                not:
> +                  required:
> +                    - sram
> +
> +additionalProperties: false

Pankaj Gupta May 13, 2024, 3:36 p.m. UTC | #3

> -----Original Message-----
> From: Rob Herring <robh@kernel.org>
> Sent: Saturday, May 11, 2024 1:39 AM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Krzysztof Kozlowski
> <krzysztof.kozlowski+dt@linaro.org>; Conor Dooley <conor+dt@kernel.org>;
> Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; linux-
> doc@vger.kernel.org; linux-kernel@vger.kernel.org;
> devicetree@vger.kernel.org; imx@lists.linux.dev; linux-arm-
> kernel@lists.infradead.org
> Subject: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding
> doc
> 
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
> 
> 
> On Fri, May 10, 2024 at 06:57:28PM +0530, Pankaj Gupta wrote:
> > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> > creates an embedded secure enclave within the SoC boundary to enable
> > features like:
> > - HSM
> > - SHE
> > - V2X
> >
> > Secure-Enclave(s) communication interface are typically via message
> > unit, i.e., based on mailbox linux kernel driver. This driver enables
> > communication ensuring well defined message sequence protocol between
> > Application Core and enclave's firmware.
> >
> > Driver configures multiple misc-device on the MU, for multiple
> > user-space applications, to be able to communicate over single MU.
> >
> > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> >
> > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > ---
> >  .../devicetree/bindings/firmware/fsl,imx-se.yaml   | 186
> +++++++++++++++++++++
> >  1 file changed, 186 insertions(+)
> >
> > diff --git
> > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > new file mode 100644
> > index 000000000000..a858ef6965cb
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > @@ -0,0 +1,186 @@
> > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2
> > +---
> > +$id:
> > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdevi
> > +cetree.org%2Fschemas%2Ffirmware%2Ffsl%2Cimx-
> se.yaml%23&data=05%7C02%7
> >
> +Cpankaj.gupta%40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C
> 686ea1d3
> >
> +bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638509685520936926%7CUnkn
> own%7CTWF
> >
> +pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
> VCI6
> >
> +Mn0%3D%7C0%7C%7C%7C&sdata=Rwof3k3K1OWimcI5ApRMiyvD%2FPXgk
> b%2BRWrvx76J
> > +YBtw%3D&reserved=0
> > +$schema:
> > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdevi
> > +cetree.org%2Fmeta-
> schemas%2Fcore.yaml%23&data=05%7C02%7Cpankaj.gupta%
> >
> +40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C686ea1d3bc2b4c
> 6fa92cd9
> >
> +9c5c301635%7C0%7C0%7C638509685520944809%7CUnknown%7CTWFpb
> GZsb3d8eyJWI
> >
> +joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> C0%7C%
> >
> +7C%7C&sdata=aile3WnYE69fuJHvAOXQARlqLV9roZDuDK63fCj2ZTE%3D&res
> erved=0
> > +
> > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > +
> > +maintainers:
> > +  - Pankaj Gupta <pankaj.gupta@nxp.com>
> > +
> > +description: |
> > +  NXP's SoC may contain one or multiple embedded secure-enclave HW
> > +  IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > +  enables features like
> > +    - Hardware Security Module (HSM),
> > +    - Security Hardware Extension (SHE), and
> > +    - Vehicular to Anything (V2X)
> > +
> > +  Communication interface to the secure-enclaves is based on the
> > + messaging unit(s).
> > +
> > +properties:
> > +  '#address-cells':
> > +    const: 1
> > +
> > +  '#size-cells':
> > +    const: 0
> > +
> > +  compatible:
> > +    enum:
> > +      - fsl,imx8ulp-ele
> > +      - fsl,imx93-ele
> 
> You basically have 0 properties in the parent node. What's the point of it?
> Either just get rid of it and define the child nodes independently or make the
> parent contain all the resources.
> 
> > +
> > +patternProperties:
> > +  "^[0-9a-z]*-if@[0-9]+$":
> 
> unit-addresses are hex.
Accepted.

> 
> > +    type: object
> > +    description:
> > +      Communication interface to secure-enclave node, that defines
> hardware
> > +      properties to required to establish the communication. There can be
> > +      multiple interfaces to the same secure-enclave. Each interface is
> > +      enumerated with reg property. It optionally defines properties
> > +      depending on the compatible string and interface enum identifier.
> > +
> > +    properties:
> > +      reg:
> > +        maxItems: 1
> > +        description: Identifier of the communication interface to secure-
> enclave.
> 
> What are the identifiers based on? 
Identifier is used to identify a particular secure enclave interface, within the multiple secure enclave interfaces under same compatible string.

Secure enclave interface is the combination of:
- messaging unit (hardware), and
- memory constraint applicable to a particular interface.

> Is the value significant to s/w? Kind of looks like you just made up indices.

For the below example:
    v2x {
      compatible = "fsl,imx95-v2x";
      #address-cells = <1>;
      #size-cells = <0>;

      v2x-if@0 { // if it is not @0, then what identifier to be used to identify a particular node.
        reg = <0x0>;
        mboxes = <&v2x_mu 0 0>, <&v2x_mu 1 0>;
        mbox-names = "tx", "rx";
      };
      v2x-if@1 {
        reg = <0x1>;
        mboxes = <&v2x_mu6 0 0>, <&v2x_mu6 1 0>;
        mbox-names = "txdb", "rxdb";
      };
      v2x-if@2 {
        reg = <0x2>;
        mboxes = <&v2x_mu7 0 0>, <&v2x_mu7 1 0>;
        mbox-names = "tx", "rx";
      };
    };
s/w needs to differentiate one node from another node, for the same compatible string for the SoC. 

> 
> How many child nodes do you have? Is it fixed per SoC?
It is fixed for a particular SoC.
While number of child nodes varies from one SoC to another SoC.

> 
> > +
> > +      mboxes:
> > +        description: contain a list of phandles to mailboxes.
> > +        items:
> > +          - description: Specify the mailbox used to send message to se
> firmware
> > +          - description: Specify the mailbox used to receive message
> > + from se firmware
> > +
> > +      mbox-names:
> > +        items:
> > +          - const: tx
> > +          - const: rx
> > +          - const: txdb
> > +          - const: rxdb
> > +        minItems: 2
> > +
> > +      memory-region:
> > +        description: contains a list of phandles to reserved external memory.
> > +        items:
> > +          - description: It is used by secure-enclave firmware. It is an optional
> > +              property based on compatible and identifier to communication
> interface.
> > +              (see bindings/reserved-memory/reserved-memory.txt)
> > +
> > +      sram:
> > +        description: contains a list of phandles to sram.
> > +        $ref: /schemas/types.yaml#/definitions/phandle-array
> > +        items:
> > +          - description: Phandle to the device SRAM. It is an optional property
> > +              based on compatible and identifier to communication interface.
> > +
> > +    required:
> > +      - reg
> > +      - mboxes
> > +      - mbox-names
> > +
> > +allOf:
> > +  # memory-region
> > +  - if:
> > +      properties:
> > +        compatible:
> > +          contains:
> > +            enum:
> > +              - fsl,imx8ulp-ele
> > +              - fsl,imx93-ele
> 
> What else would they contain? Those are the only compatibles defined here.

It will have multiple child nodes, but fixed number of child node for a particular SoC.

> 
> > +    then:
> > +      patternProperties:
> > +        "^[0-9a-z]*-if@[0-9]+$":
> > +          allOf:
> > +            - if:
> 
> These conditionals are hard to follow. Probably a sign some of this needs to be
> separate or simplified.
I am ready to separate and simplify. 
Please help by sharing an example on how to go about this change.  
Probably an example that helps me understand your point and then will start to work on this comment.
It is highly appreciated. Thanks.

> 
> > +                properties:
> > +                  reg:
> > +                    items:
> > +                      - enum:
> > +                          - 0
> > +              then:
> > +                required:
> > +                  - memory-region
> > +              else:
> > +                not:
> > +                  required:
> > +                    - memory-region
> > +  # sram
> > +  - if:
> > +      properties:
> > +        compatible:
> > +          contains:
> > +            enum:
> > +              - fsl,imx8ulp-ele
> > +    then:
> > +      patternProperties:
> > +        "^[0-9a-z]*-if@[0-9]+$":
> > +          allOf:
> > +            - if:
> > +                properties:
> > +                  reg:
> > +                    items:
> > +                      - enum:
> > +                          - 0
> > +              then:
> > +                required:
> > +                  - sram
> > +              else:
> > +                not:
> > +                  required:
> > +                    - sram
> > +
> > +additionalProperties: false

Pankaj Gupta May 21, 2024, 12:17 p.m. UTC | #4

> -----Original Message-----
> From: Pankaj Gupta
> Sent: Monday, May 13, 2024 9:07 PM
> To: Rob Herring <robh@kernel.org>
> Cc: Jonathan Corbet <corbet@lwn.net>; Krzysztof Kozlowski
> <krzysztof.kozlowski+dt@linaro.org>; Conor Dooley <conor+dt@kernel.org>;
> Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; linux-
> doc@vger.kernel.org; linux-kernel@vger.kernel.org;
> devicetree@vger.kernel.org; imx@lists.linux.dev; linux-arm-
> kernel@lists.infradead.org
> Subject: RE: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding
> doc
> 
> 
> 
> > -----Original Message-----
> > From: Rob Herring <robh@kernel.org>
> > Sent: Saturday, May 11, 2024 1:39 AM
> > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: Jonathan Corbet <corbet@lwn.net>; Krzysztof Kozlowski
> > <krzysztof.kozlowski+dt@linaro.org>; Conor Dooley
> > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; linux-
> > doc@vger.kernel.org; linux-kernel@vger.kernel.org;
> > devicetree@vger.kernel.org; imx@lists.linux.dev; linux-arm-
> > kernel@lists.infradead.org
> > Subject: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw
> > binding doc
> >
> > Caution: This is an external email. Please take care when clicking
> > links or opening attachments. When in doubt, report the message using
> > the 'Report this email' button
> >
> >
> > On Fri, May 10, 2024 at 06:57:28PM +0530, Pankaj Gupta wrote:
> > > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X
> > > etc., creates an embedded secure enclave within the SoC boundary to
> > > enable features like:
> > > - HSM
> > > - SHE
> > > - V2X
> > >
> > > Secure-Enclave(s) communication interface are typically via message
> > > unit, i.e., based on mailbox linux kernel driver. This driver
> > > enables communication ensuring well defined message sequence
> > > protocol between Application Core and enclave's firmware.
> > >
> > > Driver configures multiple misc-device on the MU, for multiple
> > > user-space applications, to be able to communicate over single MU.
> > >
> > > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> > >
> > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > ---
> > >  .../devicetree/bindings/firmware/fsl,imx-se.yaml   | 186
> > +++++++++++++++++++++
> > >  1 file changed, 186 insertions(+)
> > >
> > > diff --git
> > > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > new file mode 100644
> > > index 000000000000..a858ef6965cb
> > > --- /dev/null
> > > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > @@ -0,0 +1,186 @@
> > > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2
> > > +---
> > > +$id:
> > > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fde
> > > +vi
> > > +cetree.org%2Fschemas%2Ffirmware%2Ffsl%2Cimx-
> > se.yaml%23&data=05%7C02%7
> > >
> >
> +Cpankaj.gupta%40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C
> > 686ea1d3
> > >
> >
> +bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638509685520936926%7CUnkn
> > own%7CTWF
> > >
> >
> +pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
> > VCI6
> > >
> >
> +Mn0%3D%7C0%7C%7C%7C&sdata=Rwof3k3K1OWimcI5ApRMiyvD%2FPXgk
> > b%2BRWrvx76J
> > > +YBtw%3D&reserved=0
> > > +$schema:
> > > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fde
> > > +vi
> > > +cetree.org%2Fmeta-
> > schemas%2Fcore.yaml%23&data=05%7C02%7Cpankaj.gupta%
> > >
> >
> +40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C686ea1d3bc2b4c
> > 6fa92cd9
> > >
> >
> +9c5c301635%7C0%7C0%7C638509685520944809%7CUnknown%7CTWFpb
> > GZsb3d8eyJWI
> > >
> >
> +joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> > C0%7C%
> > >
> >
> +7C%7C&sdata=aile3WnYE69fuJHvAOXQARlqLV9roZDuDK63fCj2ZTE%3D&res
> > erved=0
> > > +
> > > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > > +
> > > +maintainers:
> > > +  - Pankaj Gupta <pankaj.gupta@nxp.com>
> > > +
> > > +description: |
> > > +  NXP's SoC may contain one or multiple embedded secure-enclave HW
> > > +  IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > > +  enables features like
> > > +    - Hardware Security Module (HSM),
> > > +    - Security Hardware Extension (SHE), and
> > > +    - Vehicular to Anything (V2X)
> > > +
> > > +  Communication interface to the secure-enclaves is based on the
> > > + messaging unit(s).
> > > +
> > > +properties:
> > > +  '#address-cells':
> > > +    const: 1
> > > +
> > > +  '#size-cells':
> > > +    const: 0
> > > +
> > > +  compatible:
> > > +    enum:
> > > +      - fsl,imx8ulp-ele
> > > +      - fsl,imx93-ele
> >
> > You basically have 0 properties in the parent node. What's the point of it?
> > Either just get rid of it and define the child nodes independently or
> > make the parent contain all the resources.
> >

Making the parent contains all the properties:

+               ele-if@0 {
+                        compatible = "fsl,imx8ulp-ele";
+                        reg = <0x0>;
+                        mbox-names = "tx", "rx";
+                        mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+                        sram = <&sram0>;
+                };

Will this be fine? Kindly suggest.
Thanks.

> > > +
> > > +patternProperties:
> > > +  "^[0-9a-z]*-if@[0-9]+$":
> >
> > unit-addresses are hex.
> Accepted 


> 
> >
> > > +    type: object
> > > +    description:
> > > +      Communication interface to secure-enclave node, that defines
> > hardware
> > > +      properties to required to establish the communication. There can be
> > > +      multiple interfaces to the same secure-enclave. Each interface is
> > > +      enumerated with reg property. It optionally defines properties
> > > +      depending on the compatible string and interface enum identifier.
> > > +
> > > +    properties:
> > > +      reg:
> > > +        maxItems: 1
> > > +        description: Identifier of the communication interface to
> > > + secure-
> > enclave.
> >
> > What are the identifiers based on?
> Identifier is used to identify a particular secure enclave interface, within the
> multiple secure enclave interfaces under same compatible string.
> 
> Secure enclave interface is the combination of:
> - messaging unit (hardware), and
> - memory constraint applicable to a particular interface.
> 
> > Is the value significant to s/w? Kind of looks like you just made up indices.
> 
> For the below example:
>     v2x {
>       compatible = "fsl,imx95-v2x";
>       #address-cells = <1>;
>       #size-cells = <0>;
> 
>       v2x-if@0 { // if it is not @0, then what identifier to be used to identify a
> particular node.
>         reg = <0x0>;
>         mboxes = <&v2x_mu 0 0>, <&v2x_mu 1 0>;
>         mbox-names = "tx", "rx";
>       };
>       v2x-if@1 {
>         reg = <0x1>;
>         mboxes = <&v2x_mu6 0 0>, <&v2x_mu6 1 0>;
>         mbox-names = "txdb", "rxdb";
>       };
>       v2x-if@2 {
>         reg = <0x2>;
>         mboxes = <&v2x_mu7 0 0>, <&v2x_mu7 1 0>;
>         mbox-names = "tx", "rx";
>       };
>     };
> s/w needs to differentiate one node from another node, for the same
> compatible string for the SoC.
> 
> >
> > How many child nodes do you have? Is it fixed per SoC?
> It is fixed for a particular SoC.
> While number of child nodes varies from one SoC to another SoC.
> 
> >
> > > +
> > > +      mboxes:
> > > +        description: contain a list of phandles to mailboxes.
> > > +        items:
> > > +          - description: Specify the mailbox used to send message
> > > + to se
> > firmware
> > > +          - description: Specify the mailbox used to receive
> > > + message from se firmware
> > > +
> > > +      mbox-names:
> > > +        items:
> > > +          - const: tx
> > > +          - const: rx
> > > +          - const: txdb
> > > +          - const: rxdb
> > > +        minItems: 2
> > > +
> > > +      memory-region:
> > > +        description: contains a list of phandles to reserved external memory.
> > > +        items:
> > > +          - description: It is used by secure-enclave firmware. It is an optional
> > > +              property based on compatible and identifier to
> > > + communication
> > interface.
> > > +              (see bindings/reserved-memory/reserved-memory.txt)
> > > +
> > > +      sram:
> > > +        description: contains a list of phandles to sram.
> > > +        $ref: /schemas/types.yaml#/definitions/phandle-array
> > > +        items:
> > > +          - description: Phandle to the device SRAM. It is an optional property
> > > +              based on compatible and identifier to communication interface.
> > > +
> > > +    required:
> > > +      - reg
> > > +      - mboxes
> > > +      - mbox-names
> > > +
> > > +allOf:
> > > +  # memory-region
> > > +  - if:
> > > +      properties:
> > > +        compatible:
> > > +          contains:
> > > +            enum:
> > > +              - fsl,imx8ulp-ele
> > > +              - fsl,imx93-ele
> >
> > What else would they contain? Those are the only compatibles defined here.
> 
> It will have multiple child nodes, but fixed number of child node for a
> particular SoC.
> 
> >
> > > +    then:
> > > +      patternProperties:
> > > +        "^[0-9a-z]*-if@[0-9]+$":
> > > +          allOf:
> > > +            - if:
> >
> > These conditionals are hard to follow. Probably a sign some of this
> > needs to be separate or simplified.
> I am ready to separate and simplify.
> Please help by sharing an example on how to go about this change.
> Probably an example that helps me understand your point and then will start
> to work on this comment.
> It is highly appreciated. Thanks.
> 
> >
> > > +                properties:
> > > +                  reg:
> > > +                    items:
> > > +                      - enum:
> > > +                          - 0
> > > +              then:
> > > +                required:
> > > +                  - memory-region
> > > +              else:
> > > +                not:
> > > +                  required:
> > > +                    - memory-region  # sram
> > > +  - if:
> > > +      properties:
> > > +        compatible:
> > > +          contains:
> > > +            enum:
> > > +              - fsl,imx8ulp-ele
> > > +    then:
> > > +      patternProperties:
> > > +        "^[0-9a-z]*-if@[0-9]+$":
> > > +          allOf:
> > > +            - if:
> > > +                properties:
> > > +                  reg:
> > > +                    items:
> > > +                      - enum:
> > > +                          - 0
> > > +              then:
> > > +                required:
> > > +                  - sram
> > > +              else:
> > > +                not:
> > > +                  required:
> > > +                    - sram
> > > +
> > > +additionalProperties: false

diff --git a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
new file mode 100644
index 000000000000..a858ef6965cb
--- /dev/null
+++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
@@ -0,0 +1,186 @@ 
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
+
+maintainers:
+  - Pankaj Gupta <pankaj.gupta@nxp.com>
+
+description: |
+  NXP's SoC may contain one or multiple embedded secure-enclave HW
+  IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
+  enables features like
+    - Hardware Security Module (HSM),
+    - Security Hardware Extension (SHE), and
+    - Vehicular to Anything (V2X)
+
+  Communication interface to the secure-enclaves is based on the
+  messaging unit(s).
+
+properties:
+  '#address-cells':
+    const: 1
+
+  '#size-cells':
+    const: 0
+
+  compatible:
+    enum:
+      - fsl,imx8ulp-ele
+      - fsl,imx93-ele
+
+patternProperties:
+  "^[0-9a-z]*-if@[0-9]+$":
+    type: object
+    description:
+      Communication interface to secure-enclave node, that defines hardware
+      properties to required to establish the communication. There can be
+      multiple interfaces to the same secure-enclave. Each interface is
+      enumerated with reg property. It optionally defines properties
+      depending on the compatible string and interface enum identifier.
+
+    properties:
+      reg:
+        maxItems: 1
+        description: Identifier of the communication interface to secure-enclave.
+
+      mboxes:
+        description: contain a list of phandles to mailboxes.
+        items:
+          - description: Specify the mailbox used to send message to se firmware
+          - description: Specify the mailbox used to receive message from se firmware
+
+      mbox-names:
+        items:
+          - const: tx
+          - const: rx
+          - const: txdb
+          - const: rxdb
+        minItems: 2
+
+      memory-region:
+        description: contains a list of phandles to reserved external memory.
+        items:
+          - description: It is used by secure-enclave firmware. It is an optional
+              property based on compatible and identifier to communication interface.
+              (see bindings/reserved-memory/reserved-memory.txt)
+
+      sram:
+        description: contains a list of phandles to sram.
+        $ref: /schemas/types.yaml#/definitions/phandle-array
+        items:
+          - description: Phandle to the device SRAM. It is an optional property
+              based on compatible and identifier to communication interface.
+
+    required:
+      - reg
+      - mboxes
+      - mbox-names
+
+allOf:
+  # memory-region
+  - if:
+      properties:
+        compatible:
+          contains:
+            enum:
+              - fsl,imx8ulp-ele
+              - fsl,imx93-ele
+    then:
+      patternProperties:
+        "^[0-9a-z]*-if@[0-9]+$":
+          allOf:
+            - if:
+                properties:
+                  reg:
+                    items:
+                      - enum:
+                          - 0
+              then:
+                required:
+                  - memory-region
+              else:
+                not:
+                  required:
+                    - memory-region
+  # sram
+  - if:
+      properties:
+        compatible:
+          contains:
+            enum:
+              - fsl,imx8ulp-ele
+    then:
+      patternProperties:
+        "^[0-9a-z]*-if@[0-9]+$":
+          allOf:
+            - if:
+                properties:
+                  reg:
+                    items:
+                      - enum:
+                          - 0
+              then:
+                required:
+                  - sram
+              else:
+                not:
+                  required:
+                    - sram
+
+additionalProperties: false
+
+examples:
+  - |
+    ele {
+      compatible = "fsl,imx8ulp-ele";
+      #address-cells = <1>;
+      #size-cells = <0>;
+
+      ele-if@0 {
+        reg = <0x0>;
+        mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+        mbox-names = "tx", "rx";
+        sram = <&sram0>;
+        memory-region = <&ele_reserved>;
+      };
+    };
+  - |
+    ele {
+      compatible = "fsl,imx93-ele";
+      #address-cells = <1>;
+      #size-cells = <0>;
+
+      ele-if@0 {
+        reg = <0x0>;
+        mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+        mbox-names = "tx", "rx";
+        memory-region = <&ele_reserved>;
+      };
+    };
+  - |
+    v2x {
+      compatible = "fsl,imx95-v2x";
+      #address-cells = <1>;
+      #size-cells = <0>;
+
+      v2x-if@0 {
+        reg = <0x0>;
+        mboxes = <&v2x_mu 0 0>, <&v2x_mu 1 0>;
+        mbox-names = "tx", "rx";
+      };
+      v2x-if@1 {
+        reg = <0x1>;
+        mboxes = <&v2x_mu6 0 0>, <&v2x_mu6 1 0>;
+        mbox-names = "txdb", "rxdb";
+      };
+      v2x-if@2 {
+        reg = <0x2>;
+        mboxes = <&v2x_mu7 0 0>, <&v2x_mu7 1 0>;
+        mbox-names = "tx", "rx";
+      };
+    };
+...

[2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc

Commit Message

Comments

Patch