From patchwork Wed Oct 16 16:18:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13838639 Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2065.outbound.protection.outlook.com [40.107.103.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 067CB210C3A for ; Wed, 16 Oct 2024 16:23:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.103.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729095813; cv=fail; b=cbTmczceSqrd1ScVRf28p8Rm7QYDI4r0++f0bYt+mEpzz4VHWeRGg5AkzXpsOtbQGCwW0/Dl5VFFUvmEyXFg/9Yi2c/yVIsy2U6ky2USQ4V+YJ5G9iqXX+whsr/rzfMOi70XVNaVl21gqqwoMfusrv4o2ZOK2P56TxqxWTmCk+A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729095813; c=relaxed/simple; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=sDpJWWudY0oCmi6YlS43i7JMR3IwNWEmo8t0ZqJIqcShBRVlt1C8xoim1XFp0WbTyqRo/2QNJYKR9ztWA0QaPaClL65kTOWqcIG6S6iJECmjcb3VtWZccROHR8QEJ77YBfJhFCiONprzBuOg1Rse/TTFBtXOcXimPovXLuk4dxg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b=Pe8z+T36; arc=fail smtp.client-ip=40.107.103.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b="Pe8z+T36" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YdEO+JmG7TAB8vWALFxbECfV533RWOOqLRloIG307xU4BgezG3SIwFFYBdQWsKgraqVWewDldPxVmSgdTLwy/1sOFtUucPQyZ+hw5Qje6xUBAcdtfTXKx7Jop+5uxXT9SN30u1w7V37PlJ21/1W93EE84xNT/3KD59GIEONrpfRTgWOTPB8hpfIzMPd2jKtuSgBnPu3QhFyusN9dvF6LEBqsIMB/Kzzhd7iSS9pdNts/8dfTQmHYo+U58de1IcFrRXWTGCLAalL8993cTADzwvWrWKaYz9MfvLwMjgWoI8PmUnlFuCWJzA4X8oF7sz2QeF1v8eYIo1cL65gA6WaI8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=SpIq4F1iyUdX7VGB9donFcTJNXa1Bo83q2N3vKzdbKl2E+nJiOQuICULcAJ8ZCgwlmC3+WmWaxJaiEMpbge8h2YotUUX796ai4vYFZJ5MWSzAI3Ru/vtAirEJXHxyMpkvdUbSJKa/KMAphRAblHkyukcXHOLaso0MWcQISjLZ836kK12us+pxXK2+CiVVUq+aqAt+RnXUFWs4H9JIFuR5XCA7awxaJlGGqv+1D+4EC4XnyXi1GUdRe5mly40+woDbFmtFlW3Xs1HXv7b/vxtnIlNnUxOne1mjlwpLQEkGGiEl86uKyIM1ZvioZOjr1cjknjWtYzODNSoBwSe3ZO3Ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rydjPSyjFpE1b+KVUJhSPw9jPLhoKfIzwxtGoWGJhg4=; b=Pe8z+T36LLLGox2Q/X8kq2Y5BU9NireGzPpxYWQYhWrQxwCFBDOabR5WrTG7CcssqqPkmi8PeHP8xKrsucEnxNGEblPhFES+qztK2Upq2f/nCIoE9iY87DdTpqzKxFSd4LPutGhrAWoS6Cx3PofI6SAwniUXgyn88SG4+SyA6rAE+5T7QVtXf85J8r8d5/x0yLpQ4tHrZ1tiw9uPMfbGkNX1zEjkbw3OxnWbmddq5mhUxTmxd+U0I4CAwO2YGIrJO9fKm/p2q7QyXgJuAUpUaQSxU4aT8KYzp6lqs2PBDXEYX0HlNZ6QDofxEdUMIAcWxx2C8l9bkmiCXo4CWioUiQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8599.eurprd04.prod.outlook.com (2603:10a6:10:2da::7) by AM0PR04MB6884.eurprd04.prod.outlook.com (2603:10a6:208:183::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.18; Wed, 16 Oct 2024 16:23:27 +0000 Received: from DU2PR04MB8599.eurprd04.prod.outlook.com ([fe80::763:eb3b:6607:1e72]) by DU2PR04MB8599.eurprd04.prod.outlook.com ([fe80::763:eb3b:6607:1e72%5]) with mapi id 15.20.8069.016; Wed, 16 Oct 2024 16:23:27 +0000 From: Pankaj Gupta Date: Wed, 16 Oct 2024 21:48:58 +0530 Subject: [PATCH v9 1/5] Documentation/firmware: add imx/se to other_interfaces Message-Id: <20241016-imx-se-if-v9-1-fd8fa0c04eab@nxp.com> References: <20241016-imx-se-if-v9-0-fd8fa0c04eab@nxp.com> In-Reply-To: <20241016-imx-se-if-v9-0-fd8fa0c04eab@nxp.com> To: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , Pankaj Gupta Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1729095547; l=6679; i=pankaj.gupta@nxp.com; s=20240523; h=from:subject:message-id; bh=FwHu8HOgjdeesS4jBLvkey7Y+WnnBYkcgUp1hGR75ZU=; b=ET9o4TYtEmE2iOu2H5udFFqOsZeGIGrT9EzdjnNf/UG9wp53DmDKoEM+gECNvxxvVTkTQU+yt kjauYXvTUxVAJVwej7oUNiulDy7o+y3MoIzorR6T0I5mbATbXkKIxtC X-Developer-Key: i=pankaj.gupta@nxp.com; a=ed25519; pk=OA0pBQoupy5lV0XfKzD8B0OOBVB6tpAoIf+0x1bYGRg= X-ClientProxiedBy: SG2PR02CA0037.apcprd02.prod.outlook.com (2603:1096:3:18::25) To DU2PR04MB8599.eurprd04.prod.outlook.com (2603:10a6:10:2da::7) Precedence: bulk X-Mailing-List: imx@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8599:EE_|AM0PR04MB6884:EE_ X-MS-Office365-Filtering-Correlation-Id: a7dac2b9-7a42-444b-ede3-08dcedfedd64 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|7416014|366016|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?hmoACh4yoXeME+L4tAIjE5H9T2RV7tA?= =?utf-8?q?aSLGMSXX4L+v5zWWykp5C7Uh01DxXKz40j3QnWQD6meK6UM8blza4InzX8gCMl1h/?= =?utf-8?q?TlOSAEqPOHXBb+dnHoy/N+xz7kGdfaz7mcsqpMmbTX3oHag+Dg6cswj4sQsQvOPpS?= =?utf-8?q?umeUq+hVorEG10FBpDjrgtngIUgdufA4bykrYxHa7TeDDuDIasqsEWBJ+XYsrem9a?= =?utf-8?q?gkO1pCCjWTPSB/L3gZf9VT7BMd94nutZc4C7dYTjlTSewCu9dZIVlaIO2AEvIjF8r?= =?utf-8?q?IQj2lHCIDLD6KZ0iT1Oq3TzYMPbiyRYmz36UxqB+eroCxTy6Ra6tmhaXBcsrxm7uE?= =?utf-8?q?kLegsttfRK9cNQhqiwzr8USeq/Vdu03aroDq1LzEMkZU9cqJhjNpmblkmRgfUsW+w?= =?utf-8?q?sWB6dfucBGJ/Vo2P70YkrT4zwfnBczcwo/QxDtIuSQLXJ4+kbm3jirfDeVJjekl1G?= =?utf-8?q?Zd7bSGGco5im9ayY7OaIO2jRVDH2tQJIXuTtaq7xYM52/Egfg3ZM/McpChg5er42v?= =?utf-8?q?+IQZ44Av9zoep/YyazEhmmUR+x/eFByU/D75V6QB/JYTgi70RxtLKXNaZS6KoUqN/?= =?utf-8?q?F4ALc82EMdJzExrIA3FD+cqNrMadDnM3+WFVcvuVUExCQrgjurObW44ut++iVmrWS?= =?utf-8?q?Fc1yxl/1vI0FrUaP85/esInXVDOj/UAE1zgNDL58VwsTpEN3UAn1CSj3nvgQ7cLkc?= =?utf-8?q?7GKqU8HhZMArl4v0eEoDfzaPCh4TmU8McSmmZ2c2eKeCOJnMHQZD/LmBlnhozFKzW?= =?utf-8?q?sp1l0McHT9h5mZ95A5cuRXOeDOUb0LjD3WaxZGSpUBaOmQz80PB55+dL0bWkVwEL9?= =?utf-8?q?9RiQIDp8VQ1/bE9TRAXE2vWjLHqya0huk2C7mFLw5IUxB6Y29nfoE1b6jYtUGTHlI?= =?utf-8?q?N1FnwM5ZnsU2kpBsSJKIr3a3Ff5+fcdJ4Rj5AInpJeiUDVBO7PJ9YaUvTtTGhFbdw?= =?utf-8?q?y5ceOuQLpDS/yhCvEzyF84sOq0ZQKr9l54GM5s54bUnrZLTm9eUA/IrD4SRyXqtFR?= =?utf-8?q?2wQk06haigFX4LC82bvcCz3hOlpP07LwAcmmtWX4yL14KD9D/arIsV3biJautOb53?= =?utf-8?q?pGmKXkJGE3kzJX4rL5qNmR+vMn5OR8vMagAWoyEJA8k1ch/tNHJ9z4IdpIbSdNAHF?= =?utf-8?q?KM/3WbzyIb9NvnJ2rgDs9drUr+CBHSB+ud25kztsFHogOVClf3WQ6/R3GYUGVy12I?= =?utf-8?q?XxDHnMBp5bK45griMhjt8O0YwXGJqDMs9XV6eqOIJEFp6HIzWpWYYNa33aGp7pLrG?= =?utf-8?q?UDzPCRkEsRDznNLiBLfk7qjOySuyqnPeNAA=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8599.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(7416014)(366016)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?PK1M2c8tV3Qk4jjU97S7IXTpkBXb?= =?utf-8?q?FCGIEFIPcxBJgGzxAtUd0mf3D7NKwcYf0M4IdrreMYyrvjIgX/qkEtB1+q3NfU4Nh?= =?utf-8?q?krn1Gk4NPv9rPd2vaqtba4Z3+jLXFO3S+3fDG3ur3McXcDiTyV8r9W/9G9WC21Nct?= =?utf-8?q?a3GGWY9inj37XPTnl7qJ94KjFP9S/qZkm9Lf/3ZZyRd4+b57ReVB29hLwZB2pjYeR?= =?utf-8?q?ZG1xkUIuITpBbPKa9TCW2uAUiaHuFPbxajIB+uJzr+DdxfUUe8UD39sY1t122wXH9?= =?utf-8?q?CHOORCFVqS6rKKvTsUBP+CIOeqpuhZn3wFaLR4CN6eoO0tVNrj17kuKdD5sFWFRbX?= =?utf-8?q?tLgeoNMNO1iR/NSzIZnzdt+F3v915OtlotQn/AvT50/vydQkNLGykJQRGyORcilTd?= =?utf-8?q?sm7+snTZmguHx5x0vqOUXtFVTOKC0vdXxMkCi7SGLHQKsbslEMjj9/WzNZRI6lmJi?= =?utf-8?q?1kl2d8q+5GFjPMxrsK/f01m5CXwy1UknfqeyR9TDowFQW69btLxD6IO5e0HdOdNTa?= =?utf-8?q?G134batgAX7txqpCE+ojUwSOnOKvvyR57e1x7xtf6vHRKfxu9Z6Q9xolbYWb+xIH+?= =?utf-8?q?iFrZd2W/kBS4ynIvbZQ3b36Rr0OIn2xsIsAb552E/lgG/SZD/PVsUInkmWZnc6UaW?= =?utf-8?q?b4/5foqYNOftGXaVYZ88cNo1//DIi6qgkOjXSS0htqvNhy0vGLFTwoH1zbpn39q/h?= =?utf-8?q?DsarL9cnwUg8IJ/MnGDz29brV41+w4me2tNtJyan/EGpaFA9d19u0dn7V306sIhtj?= =?utf-8?q?Yw0XQndo0nrKMioqwjkG+49T4KUFv3FQDHXUt2uNRNPIzjnNOK6P99sMIdv8z460R?= =?utf-8?q?0p2puJBmbed4U0Ul+HmYEa0EcVMZIZ9X8mivZHZpGmwMG5uKSGoh14n93beC+g9Da?= =?utf-8?q?dR9Sa+XzFwinBD+/Pq9u75SOpHYtyTd7neXD4WUDQnUb76AuN2Puow3tuTTM3i8qr?= =?utf-8?q?s/M+f3ZdhqT3IPid5ah0Zc6U7zpWcw7TWR0RTTLtVw7c/w4bZCTJa052+1UJeoYJU?= =?utf-8?q?NPaAQRPZUCUUz/Mpy2jelm/iybBGQx7RF1txogUFjz2ptmS1L00xqbLaywQKjxvBq?= =?utf-8?q?mV5z7pHzh3PIG0rLFT2JDioU0dCA6EbdjsZ4+xUcWmKbWx5bU1fGlPPGslAfnMmMo?= =?utf-8?q?6DmJCI9U/yt3CJPj/1JDQ6n3IFrvkFlaoJHWR78jMYJabNGMooZby0MAEyZuasol5?= =?utf-8?q?TZp61Mm+K4XI5kbi9bOiXWPuB9b55V4VI0/uWAKKYdbbOwFQyn20BqWnxpUqNkfhB?= =?utf-8?q?OwAZjLLhWD6HODnylZXOnNuC8+AhRn+lcrKa2ukEgqtCHU1Z+7NcACQv0EaVkv9sT?= =?utf-8?q?GyAGygU5HXkKL0m62l+s5lCmNdY80zWfi5Y4Ob2C+rYP2moAxSaWhxdmtmlNX4gBu?= =?utf-8?q?1tbQFIigejnfXbNQnesH9kJtz1oYlzToNkeuf7fAHmd1x/8uZyD5HAt2yXFxhqybi?= =?utf-8?q?ideyuvjPcO1P2uZ+3YdWBVypWILAzVdx3aJxoBVvJ1whdOPiT4TN4UMstwaJuPbez?= =?utf-8?q?ig1V02XWyMj8?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: a7dac2b9-7a42-444b-ede3-08dcedfedd64 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8599.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Oct 2024 16:23:27.2783 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /IlQPbIAXW/EkobGLpxU2RTMQGhtpxKaJWW+6bB2Q3IKnMnOvqzzwrDPx/J4yLcofyl8o9fzKVBpRvWp2KDmuw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6884 Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s) that contains the NXP hardware IP(s) for Secure Enclaves(se) like: - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP Signed-off-by: Pankaj Gupta --- .../driver-api/firmware/other_interfaces.rst | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst index 06ac89adaafb..a3a95b54a174 100644 --- a/Documentation/driver-api/firmware/other_interfaces.rst +++ b/Documentation/driver-api/firmware/other_interfaces.rst @@ -49,3 +49,124 @@ of the requests on to a secure monitor (EL3). .. kernel-doc:: drivers/firmware/stratix10-svc.c :export: + +NXP Secure Enclave Firmware Interface +===================================== + +Introduction +------------ +The NXP's i.MX HW IP like EdgeLock Enclave, V2X etc., creates an embedded secure +enclave within the SoC boundary to enable features like + - Hardware Security Module (HSM) + - Security Hardware Extension (SHE) + - Vehicular to Anything (V2X) + +Each of the above feature is enabled through dedicated NXP H/W IP on the SoC. +On a single SoC, multiple hardware IP (or can say more than one secure enclave) +can exist. + +NXP SoCs enabled with the such secure enclaves(SEs) IPs are: +i.MX93, i.MX8ULP + +To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive +MUs, dedicated to itself. None of the MU is shared between two SEs. +Communication of the MU is realized using the Linux mailbox driver. + +NXP Secure Enclave(SE) Interface +-------------------------------- +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' +that is/are dedicated to a particular SE will be enumerated and provisioned using the +single compatible node("fsl,imx95-se"). + +Each 'se-if' comprise of twp layers: +- (C_DEV Layer) User-Space software-access interface. +- (Service Layer) OS-level software-access interface. + + +--------------------------------------------+ + | Character Device(C_DEV) | + | | + | +---------+ +---------+ +---------+ | + | | misc #1 | | misc #2 | ... | misc #n | | + | | dev | | dev | | dev | | + | +---------+ +---------+ +---------+ | + | +-------------------------+ | + | | Misc. Dev Synchr. Logic | | + | +-------------------------+ | + | | + +--------------------------------------------+ + + +--------------------------------------------+ + | Service Layer | + | | + | +-----------------------------+ | + | | Message Serialization Logic | | + | +-----------------------------+ | + | +---------------+ | + | | imx-mailbox | | + | | mailbox.c | | + | +---------------+ | + | | + +--------------------------------------------+ + +- service layer: + This layer is responsible for ensuring the communication protocol that is defined + for communication with firmware. + + FW Communication protocol ensures two things: + - Serializing the messages to be sent over an MU. + + - FW can handle one command message at a time. + +- c_dev: + This layer offers character device contexts, created as '/dev/_mux_chx'. + Using these multiple device contexts that are getting multiplexed over a single MU, + userspace application(s) can call fops like write/read to send the command message, + and read back the command response message to/from Firmware. + fops like read & write use the above defined service layer API(s) to communicate with + Firmware. + + Misc-device(/dev/_mux_chn) synchronization protocol: + + Non-Secure + Secure + | + | + +---------+ +-------------+ | + | se_fw.c +<---->+imx-mailbox.c| | + | | | mailbox.c +<-->+------+ +------+ + +---+-----+ +-------------+ | MU X +<-->+ ELE | + | +------+ +------+ + +----------------+ | + | | | + v v | + logical logical | + receiver waiter | + + + | + | | | + | | | + | +----+------+ | + | | | | + | | | | + device_ctx device_ctx device_ctx | + | + User 0 User 1 User Y | + +------+ +------+ +------+ | + |misc.c| |misc.c| |misc.c| | + kernel space +------+ +------+ +------+ | + | + +------------------------------------------------------ | + | | | | + userspace /dev/ele_muXch0 | | | + /dev/ele_muXch1 | | + /dev/ele_muXchY | + | + +When a user sends a command to the firmware, it registers its device_ctx +as waiter of a response from firmware. + +Enclave's Firmware owns the storage management, over Linux filesystem. +For this c_dev provisions a dedicated slave device called "receiver". + +.. kernel-doc:: drivers/firmware/imx/se_fw.c + :export: