| Message ID | 20241205-secvio-v4-0-5c37cdc39573@nxp.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | firmware: imx: secvio: Add secvio support | expand |
On Thu, Dec 05, 2024 at 05:56:31AM +0100, Vabhav Sharma wrote: > The tampers are security feature available on i.MX products and > managed by SNVS block.The tamper goal is to detect the variation > of hardware or physical parameters, which can indicate an attack. > > The SNVS, which provides secure non-volatile storage, allows to > detect some hardware attacks against the SoC.They are connected > to the security-violation ports, which send an alert when an > out-of-range value is detected. > > This detection is done by: > -Analog tampers: measure analogic values > - External clock frequency. > - Temperature. > - Voltage. > > - Digital tampers: > - External tamper > - Other detectors: > - Secure real-time counter rollover tamper. > - Monotonic counter rollover tamper. > - Power supply glitch tamper. > > The on-chip sensors for voltage, temperature, and clock frequency > indicate if tamper scenarios may be present. These sensors generate an > out-of-range signal that causes a security violation to clear the > authentication and storage keys and to block access to sensitive > information. > > Add linux module secvio driver to handle security violation interrupt. > > The "imx-secvio-sc" module is designed to report security violations > and tamper triggering to the user. > > The functionalities of the module are accessible via the "debugfs" > kernel.The folder containing the interface files for the module is > "<kernel_debugfs>/secvio/". Debugfs is for debugging, not accessing functions. Come with proper sysfs or other control interface and its ABI, not debugging one to avoid any review. Best regards, Krzysztof
The tampers are security feature available on i.MX products and managed by SNVS block.The tamper goal is to detect the variation of hardware or physical parameters, which can indicate an attack. The SNVS, which provides secure non-volatile storage, allows to detect some hardware attacks against the SoC.They are connected to the security-violation ports, which send an alert when an out-of-range value is detected. This detection is done by: -Analog tampers: measure analogic values - External clock frequency. - Temperature. - Voltage. - Digital tampers: - External tamper - Other detectors: - Secure real-time counter rollover tamper. - Monotonic counter rollover tamper. - Power supply glitch tamper. The on-chip sensors for voltage, temperature, and clock frequency indicate if tamper scenarios may be present. These sensors generate an out-of-range signal that causes a security violation to clear the authentication and storage keys and to block access to sensitive information. Add linux module secvio driver to handle security violation interrupt. The "imx-secvio-sc" module is designed to report security violations and tamper triggering to the user. The functionalities of the module are accessible via the "debugfs" kernel.The folder containing the interface files for the module is "<kernel_debugfs>/secvio/". Get status Reading from the "info" file will return the status of security: - Fuse related to security tampers. - SNVS readable registers. - DGO registers. To: Rob Herring <robh@kernel.org> To: Krzysztof Kozlowski <krzk+dt@kernel.org> To: Conor Dooley <conor+dt@kernel.org> To: Dong Aisheng <aisheng.dong@nxp.com> To: Shawn Guo <shawnguo@kernel.org> To: Sascha Hauer <s.hauer@pengutronix.de> To: Pengutronix Kernel Team <kernel@pengutronix.de> To: Fabio Estevam <festevam@gmail.com> Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: imx@lists.linux.dev Cc: linux-arm-kernel@lists.infradead.org Cc: frank.li@nxp.com Cc: pankaj.gupta@nxp.com Cc: daniel.baluta@nxp.com Cc: silvano.dininno@nxp.com Cc: V.Sethi@nxp.com Cc: meenakshi.aggarwal@nxp.com Signed-off-by: Vabhav Sharma <vabhav.sharma@nxp.com> Changes in v4: - Modify description of NVMEM controller handle to be used by snvs driver. - Modify the type of argument1 in copy_to_user() in imx_secvio_sc_ioctl(). - Modified the type of argument 2 in copy_from_user() in imx_secvio_sc_ioctl(). - Modified the type of variable as static for structure device, platform_device. - Export the API imx_scu_secvio_init() to be used in SCU probe imx_scu_probe(). - Link to v3: https://lore.kernel.org/r/20241107-secvio-v3-0-ea27f1e9ced4@nxp.com Changes in v3: - Dropped [PATCH 1/4] dt-bindings: firmware: secvio: Add device tree bindings. - Reuse SCU node to prove secvio driver asynchronously. - Dropped [PATCH 4/4] arm64: dts: imx8q: Add node for Security Violation. - Removed explicit secvio sub-node within SCU node. - Create seperate secvio platform devices. - secvio driver probe asynchronously. - SCU driver keep going and finish the probe first. - added new function imx_scu_secvio_init() called within imx_scu_probe() - Link to v2: https://lore.kernel.org/r/20240509-secvio-v1-0-90fbe2baeda2@nxp.com Changes in v2: - used b4 to add the devicetree list. - Added all necessary to/cc list. - Link to v1: https://lore.kernel.org/r/20240501053205.1737248-1-vabhav.sharma@nxp.com --- Vabhav Sharma (4): dt-bindings: firmware: imx: add nvmem phandle arm64: dts: imx8qxp: add node for nvmem property firmware: imx: Add SC APIs required for secvio module firmware: imx: secvio: Add support for SNVS secvio and tamper via SCFW .../devicetree/bindings/firmware/fsl,scu.yaml | 3 + arch/arm64/boot/dts/freescale/imx8qxp.dtsi | 1 + drivers/firmware/imx/Kconfig | 11 + drivers/firmware/imx/Makefile | 4 +- drivers/firmware/imx/imx-scu-secvio-debugfs.c | 274 +++++++++ drivers/firmware/imx/imx-scu-secvio.c | 619 +++++++++++++++++++++ drivers/firmware/imx/imx-scu.c | 8 +- drivers/firmware/imx/seco.c | 216 +++++++ include/linux/firmware/imx/ipc.h | 1 + include/linux/firmware/imx/sci.h | 9 + include/linux/firmware/imx/svc/imx-secvio-sc.h | 216 +++++++ include/linux/firmware/imx/svc/seco.h | 69 +++ 12 files changed, 1429 insertions(+), 2 deletions(-) --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20240508-secvio-8acfa2838385 Best regards,