* [PATCH v8 4/6] MAINTAINERS: add entry for DCP-based trusted keys
From: David Gstir @ 2024-04-03 7:21 UTC (permalink / raw)
To: Mimi Zohar, James Bottomley, Jarkko Sakkinen, Herbert Xu,
David S. Miller
Cc: David Gstir, Shawn Guo, Jonathan Corbet, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, NXP Linux Team,
Ahmad Fatoum, sigma star Kernel Team, David Howells, Li Yang,
Paul Moore, James Morris, Serge E. Hallyn, Paul E. McKenney,
Randy Dunlap, Catalin Marinas, Rafael J. Wysocki, Tejun Heo,
Steven Rostedt (Google), linux-doc, linux-kernel, linux-integrity,
keyrings, linux-crypto, linux-arm-kernel, linuxppc-dev,
linux-security-module
In-Reply-To: <20240403072131.54935-1-david@sigma-star.at>
This covers trusted keys backed by NXP's DCP (Data Co-Processor) chip
found in smaller i.MX SoCs.
Signed-off-by: David Gstir <david@sigma-star.at>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
---
MAINTAINERS | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 976a5cea1577..ca7f42ca9338 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12019,6 +12019,15 @@ S: Maintained
F: include/keys/trusted_caam.h
F: security/keys/trusted-keys/trusted_caam.c
+KEYS-TRUSTED-DCP
+M: David Gstir <david@sigma-star.at>
+R: sigma star Kernel Team <upstream+dcp@sigma-star.at>
+L: linux-integrity@vger.kernel.org
+L: keyrings@vger.kernel.org
+S: Supported
+F: include/keys/trusted_dcp.h
+F: security/keys/trusted-keys/trusted_dcp.c
+
KEYS-TRUSTED-TEE
M: Sumit Garg <sumit.garg@linaro.org>
L: linux-integrity@vger.kernel.org
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v8 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys
From: David Gstir @ 2024-04-03 7:21 UTC (permalink / raw)
To: Mimi Zohar, James Bottomley, Jarkko Sakkinen, Herbert Xu,
David S. Miller
Cc: David Gstir, Shawn Guo, Jonathan Corbet, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, NXP Linux Team,
Ahmad Fatoum, sigma star Kernel Team, David Howells, Li Yang,
Paul Moore, James Morris, Serge E. Hallyn, Paul E. McKenney,
Randy Dunlap, Catalin Marinas, Rafael J. Wysocki, Tejun Heo,
Steven Rostedt (Google), linux-doc, linux-kernel, linux-integrity,
keyrings, linux-crypto, linux-arm-kernel, linuxppc-dev,
linux-security-module, Richard Weinberger, David Oberhollenzer
In-Reply-To: <20240403072131.54935-1-david@sigma-star.at>
DCP (Data Co-Processor) is the little brother of NXP's CAAM IP.
Beside of accelerated crypto operations, it also offers support for
hardware-bound keys. Using this feature it is possible to implement a blob
mechanism similar to what CAAM offers. Unlike on CAAM, constructing and
parsing the blob has to happen in software (i.e. the kernel).
The software-based blob format used by DCP trusted keys encrypts
the payload using AES-128-GCM with a freshly generated random key and nonce.
The random key itself is AES-128-ECB encrypted using the DCP unique
or OTP key.
The DCP trusted key blob format is:
/*
* struct dcp_blob_fmt - DCP BLOB format.
*
* @fmt_version: Format version, currently being %1
* @blob_key: Random AES 128 key which is used to encrypt @payload,
* @blob_key itself is encrypted with OTP or UNIQUE device key in
* AES-128-ECB mode by DCP.
* @nonce: Random nonce used for @payload encryption.
* @payload_len: Length of the plain text @payload.
* @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
* GCM auth tag of size AES_BLOCK_SIZE is attached at the end of it.
*
* The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len +
* AES_BLOCK_SIZE.
*/
struct dcp_blob_fmt {
__u8 fmt_version;
__u8 blob_key[AES_KEYSIZE_128];
__u8 nonce[AES_KEYSIZE_128];
__le32 payload_len;
__u8 payload[];
} __packed;
By default the unique key is used. It is also possible to use the
OTP key. While the unique key should be unique it is not documented how
this key is derived. Therefore selection the OTP key is supported as
well via the use_otp_key module parameter.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
include/keys/trusted_dcp.h | 11 +
security/keys/trusted-keys/Kconfig | 8 +
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 6 +-
security/keys/trusted-keys/trusted_dcp.c | 313 ++++++++++++++++++++++
5 files changed, 339 insertions(+), 1 deletion(-)
create mode 100644 include/keys/trusted_dcp.h
create mode 100644 security/keys/trusted-keys/trusted_dcp.c
diff --git a/include/keys/trusted_dcp.h b/include/keys/trusted_dcp.h
new file mode 100644
index 000000000000..9aaa42075b40
--- /dev/null
+++ b/include/keys/trusted_dcp.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2021 sigma star gmbh
+ */
+
+#ifndef TRUSTED_DCP_H
+#define TRUSTED_DCP_H
+
+extern struct trusted_key_ops dcp_trusted_key_ops;
+
+#endif
diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
index 553dc117f385..1fb8aa001995 100644
--- a/security/keys/trusted-keys/Kconfig
+++ b/security/keys/trusted-keys/Kconfig
@@ -39,6 +39,14 @@ config TRUSTED_KEYS_CAAM
Enable use of NXP's Cryptographic Accelerator and Assurance Module
(CAAM) as trusted key backend.
+config TRUSTED_KEYS_DCP
+ bool "DCP-based trusted keys"
+ depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
+ default y
+ select HAVE_TRUSTED_KEYS
+ help
+ Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
+
if !HAVE_TRUSTED_KEYS
comment "No trust source selected!"
endif
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
index 735aa0bc08ef..f0f3b27f688b 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -14,3 +14,5 @@ trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
+
+trusted-$(CONFIG_TRUSTED_KEYS_DCP) += trusted_dcp.o
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index fee1ab2c734d..5113aeae5628 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -10,6 +10,7 @@
#include <keys/trusted-type.h>
#include <keys/trusted_tee.h>
#include <keys/trusted_caam.h>
+#include <keys/trusted_dcp.h>
#include <keys/trusted_tpm.h>
#include <linux/capability.h>
#include <linux/err.h>
@@ -30,7 +31,7 @@ MODULE_PARM_DESC(rng, "Select trusted key RNG");
static char *trusted_key_source;
module_param_named(source, trusted_key_source, charp, 0);
-MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)");
+MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee, caam or dcp)");
static const struct trusted_key_source trusted_key_sources[] = {
#if defined(CONFIG_TRUSTED_KEYS_TPM)
@@ -42,6 +43,9 @@ static const struct trusted_key_source trusted_key_sources[] = {
#if defined(CONFIG_TRUSTED_KEYS_CAAM)
{ "caam", &trusted_key_caam_ops },
#endif
+#if defined(CONFIG_TRUSTED_KEYS_DCP)
+ { "dcp", &dcp_trusted_key_ops },
+#endif
};
DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[0].ops->seal);
diff --git a/security/keys/trusted-keys/trusted_dcp.c b/security/keys/trusted-keys/trusted_dcp.c
new file mode 100644
index 000000000000..16c44aafeab3
--- /dev/null
+++ b/security/keys/trusted-keys/trusted_dcp.c
@@ -0,0 +1,313 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2021 sigma star gmbh
+ */
+
+#include <crypto/aead.h>
+#include <crypto/aes.h>
+#include <crypto/algapi.h>
+#include <crypto/gcm.h>
+#include <crypto/skcipher.h>
+#include <keys/trusted-type.h>
+#include <linux/key-type.h>
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <linux/random.h>
+#include <linux/scatterlist.h>
+#include <soc/fsl/dcp.h>
+
+#define DCP_BLOB_VERSION 1
+#define DCP_BLOB_AUTHLEN 16
+
+/**
+ * struct dcp_blob_fmt - DCP BLOB format.
+ *
+ * @fmt_version: Format version, currently being %1.
+ * @blob_key: Random AES 128 key which is used to encrypt @payload,
+ * @blob_key itself is encrypted with OTP or UNIQUE device key in
+ * AES-128-ECB mode by DCP.
+ * @nonce: Random nonce used for @payload encryption.
+ * @payload_len: Length of the plain text @payload.
+ * @payload: The payload itself, encrypted using AES-128-GCM and @blob_key,
+ * GCM auth tag of size DCP_BLOB_AUTHLEN is attached at the end of it.
+ *
+ * The total size of a DCP BLOB is sizeof(struct dcp_blob_fmt) + @payload_len +
+ * DCP_BLOB_AUTHLEN.
+ */
+struct dcp_blob_fmt {
+ __u8 fmt_version;
+ __u8 blob_key[AES_KEYSIZE_128];
+ __u8 nonce[AES_KEYSIZE_128];
+ __le32 payload_len;
+ __u8 payload[];
+} __packed;
+
+static bool use_otp_key;
+module_param_named(dcp_use_otp_key, use_otp_key, bool, 0);
+MODULE_PARM_DESC(dcp_use_otp_key, "Use OTP instead of UNIQUE key for sealing");
+
+static bool skip_zk_test;
+module_param_named(dcp_skip_zk_test, skip_zk_test, bool, 0);
+MODULE_PARM_DESC(dcp_skip_zk_test, "Don't test whether device keys are zero'ed");
+
+static unsigned int calc_blob_len(unsigned int payload_len)
+{
+ return sizeof(struct dcp_blob_fmt) + payload_len + DCP_BLOB_AUTHLEN;
+}
+
+static int do_dcp_crypto(u8 *in, u8 *out, bool do_encrypt)
+{
+ struct skcipher_request *req = NULL;
+ struct scatterlist src_sg, dst_sg;
+ struct crypto_skcipher *tfm;
+ u8 paes_key[DCP_PAES_KEYSIZE];
+ DECLARE_CRYPTO_WAIT(wait);
+ int res = 0;
+
+ if (use_otp_key)
+ paes_key[0] = DCP_PAES_KEY_OTP;
+ else
+ paes_key[0] = DCP_PAES_KEY_UNIQUE;
+
+ tfm = crypto_alloc_skcipher("ecb-paes-dcp", CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL);
+ if (IS_ERR(tfm)) {
+ res = PTR_ERR(tfm);
+ tfm = NULL;
+ goto out;
+ }
+
+ req = skcipher_request_alloc(tfm, GFP_NOFS);
+ if (!req) {
+ res = -ENOMEM;
+ goto out;
+ }
+
+ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ crypto_req_done, &wait);
+ res = crypto_skcipher_setkey(tfm, paes_key, sizeof(paes_key));
+ if (res < 0)
+ goto out;
+
+ sg_init_one(&src_sg, in, AES_KEYSIZE_128);
+ sg_init_one(&dst_sg, out, AES_KEYSIZE_128);
+ skcipher_request_set_crypt(req, &src_sg, &dst_sg, AES_KEYSIZE_128,
+ NULL);
+
+ if (do_encrypt)
+ res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+ else
+ res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
+
+out:
+ skcipher_request_free(req);
+ crypto_free_skcipher(tfm);
+
+ return res;
+}
+
+static int do_aead_crypto(u8 *in, u8 *out, size_t len, u8 *key, u8 *nonce,
+ bool do_encrypt)
+{
+ struct aead_request *aead_req = NULL;
+ struct scatterlist src_sg, dst_sg;
+ struct crypto_aead *aead;
+ int ret;
+
+ aead = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(aead)) {
+ ret = PTR_ERR(aead);
+ goto out;
+ }
+
+ ret = crypto_aead_setauthsize(aead, DCP_BLOB_AUTHLEN);
+ if (ret < 0) {
+ pr_err("Can't set crypto auth tag len: %d\n", ret);
+ goto free_aead;
+ }
+
+ aead_req = aead_request_alloc(aead, GFP_KERNEL);
+ if (!aead_req) {
+ ret = -ENOMEM;
+ goto free_aead;
+ }
+
+ sg_init_one(&src_sg, in, len);
+ if (do_encrypt) {
+ /*
+ * If we encrypt our buffer has extra space for the auth tag.
+ */
+ sg_init_one(&dst_sg, out, len + DCP_BLOB_AUTHLEN);
+ } else {
+ sg_init_one(&dst_sg, out, len);
+ }
+
+ aead_request_set_crypt(aead_req, &src_sg, &dst_sg, len, nonce);
+ aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL,
+ NULL);
+ aead_request_set_ad(aead_req, 0);
+
+ if (crypto_aead_setkey(aead, key, AES_KEYSIZE_128)) {
+ pr_err("Can't set crypto AEAD key\n");
+ ret = -EINVAL;
+ goto free_req;
+ }
+
+ if (do_encrypt)
+ ret = crypto_aead_encrypt(aead_req);
+ else
+ ret = crypto_aead_decrypt(aead_req);
+
+free_req:
+ aead_request_free(aead_req);
+free_aead:
+ crypto_free_aead(aead);
+out:
+ return ret;
+}
+
+static int decrypt_blob_key(u8 *key)
+{
+ return do_dcp_crypto(key, key, false);
+}
+
+static int encrypt_blob_key(u8 *key)
+{
+ return do_dcp_crypto(key, key, true);
+}
+
+static int trusted_dcp_seal(struct trusted_key_payload *p, char *datablob)
+{
+ struct dcp_blob_fmt *b = (struct dcp_blob_fmt *)p->blob;
+ int blen, ret;
+
+ blen = calc_blob_len(p->key_len);
+ if (blen > MAX_BLOB_SIZE)
+ return -E2BIG;
+
+ b->fmt_version = DCP_BLOB_VERSION;
+ get_random_bytes(b->nonce, AES_KEYSIZE_128);
+ get_random_bytes(b->blob_key, AES_KEYSIZE_128);
+
+ ret = do_aead_crypto(p->key, b->payload, p->key_len, b->blob_key,
+ b->nonce, true);
+ if (ret) {
+ pr_err("Unable to encrypt blob payload: %i\n", ret);
+ return ret;
+ }
+
+ ret = encrypt_blob_key(b->blob_key);
+ if (ret) {
+ pr_err("Unable to encrypt blob key: %i\n", ret);
+ return ret;
+ }
+
+ b->payload_len = get_unaligned_le32(&p->key_len);
+ p->blob_len = blen;
+ return 0;
+}
+
+static int trusted_dcp_unseal(struct trusted_key_payload *p, char *datablob)
+{
+ struct dcp_blob_fmt *b = (struct dcp_blob_fmt *)p->blob;
+ int blen, ret;
+
+ if (b->fmt_version != DCP_BLOB_VERSION) {
+ pr_err("DCP blob has bad version: %i, expected %i\n",
+ b->fmt_version, DCP_BLOB_VERSION);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ p->key_len = le32_to_cpu(b->payload_len);
+ blen = calc_blob_len(p->key_len);
+ if (blen != p->blob_len) {
+ pr_err("DCP blob has bad length: %i != %i\n", blen,
+ p->blob_len);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ret = decrypt_blob_key(b->blob_key);
+ if (ret) {
+ pr_err("Unable to decrypt blob key: %i\n", ret);
+ goto out;
+ }
+
+ ret = do_aead_crypto(b->payload, p->key, p->key_len + DCP_BLOB_AUTHLEN,
+ b->blob_key, b->nonce, false);
+ if (ret) {
+ pr_err("Unwrap of DCP payload failed: %i\n", ret);
+ goto out;
+ }
+
+ ret = 0;
+out:
+ return ret;
+}
+
+static int test_for_zero_key(void)
+{
+ /*
+ * Encrypting a plaintext of all 0x55 bytes will yield
+ * this ciphertext in case the DCP test key is used.
+ */
+ static const u8 bad[] = {0x9a, 0xda, 0xe0, 0x54, 0xf6, 0x3d, 0xfa, 0xff,
+ 0x5e, 0xa1, 0x8e, 0x45, 0xed, 0xf6, 0xea, 0x6f};
+ void *buf = NULL;
+ int ret = 0;
+
+ if (skip_zk_test)
+ goto out;
+
+ buf = kmalloc(AES_BLOCK_SIZE, GFP_KERNEL);
+ if (!buf) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ memset(buf, 0x55, AES_BLOCK_SIZE);
+
+ ret = do_dcp_crypto(buf, buf, true);
+ if (ret)
+ goto out;
+
+ if (memcmp(buf, bad, AES_BLOCK_SIZE) == 0) {
+ pr_warn("Device neither in secure nor trusted mode!\n");
+ ret = -EINVAL;
+ }
+out:
+ kfree(buf);
+ return ret;
+}
+
+static int trusted_dcp_init(void)
+{
+ int ret;
+
+ if (use_otp_key)
+ pr_info("Using DCP OTP key\n");
+
+ ret = test_for_zero_key();
+ if (ret) {
+ pr_warn("Test for zero'ed keys failed: %i\n", ret);
+
+ return -EINVAL;
+ }
+
+ return register_key_type(&key_type_trusted);
+}
+
+static void trusted_dcp_exit(void)
+{
+ unregister_key_type(&key_type_trusted);
+}
+
+struct trusted_key_ops dcp_trusted_key_ops = {
+ .exit = trusted_dcp_exit,
+ .init = trusted_dcp_init,
+ .seal = trusted_dcp_seal,
+ .unseal = trusted_dcp_unseal,
+ .migratable = 0,
+};
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v8 1/6] crypto: mxs-dcp: Add support for hardware-bound keys
From: David Gstir @ 2024-04-03 7:21 UTC (permalink / raw)
To: Mimi Zohar, James Bottomley, Jarkko Sakkinen, Herbert Xu,
David S. Miller
Cc: David Gstir, Shawn Guo, Jonathan Corbet, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, NXP Linux Team,
Ahmad Fatoum, sigma star Kernel Team, David Howells, Li Yang,
Paul Moore, James Morris, Serge E. Hallyn, Paul E. McKenney,
Randy Dunlap, Catalin Marinas, Rafael J. Wysocki, Tejun Heo,
Steven Rostedt (Google), linux-doc, linux-kernel, linux-integrity,
keyrings, linux-crypto, linux-arm-kernel, linuxppc-dev,
linux-security-module, Richard Weinberger, David Oberhollenzer
In-Reply-To: <20240403072131.54935-1-david@sigma-star.at>
DCP (Data Co-Processor) is able to derive private keys for a fused
random seed, which can be referenced by handle but not accessed by
the CPU. Similarly, DCP is able to store arbitrary keys in four
dedicated key slots located in its secure memory area (internal SRAM).
These keys can be used to perform AES encryption.
Expose these derived keys and key slots through the crypto API via their
handle. The main purpose is to add DCP-backed trusted keys. Other
use cases are possible too (see similar existing paes implementations),
but these should carefully be evaluated as e.g. enabling AF_ALG will
give userspace full access to use keys. In scenarios with untrustworthy
userspace, this will enable en-/decryption oracles.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
drivers/crypto/mxs-dcp.c | 104 ++++++++++++++++++++++++++++++++++-----
include/soc/fsl/dcp.h | 20 ++++++++
2 files changed, 113 insertions(+), 11 deletions(-)
create mode 100644 include/soc/fsl/dcp.h
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index 2b3ebe0db3a6..057d73c370b7 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -15,6 +15,7 @@
#include <linux/platform_device.h>
#include <linux/stmp_device.h>
#include <linux/clk.h>
+#include <soc/fsl/dcp.h>
#include <crypto/aes.h>
#include <crypto/sha1.h>
@@ -101,6 +102,7 @@ struct dcp_async_ctx {
struct crypto_skcipher *fallback;
unsigned int key_len;
uint8_t key[AES_KEYSIZE_128];
+ bool key_referenced;
};
struct dcp_aes_req_ctx {
@@ -155,6 +157,7 @@ static struct dcp *global_sdcp;
#define MXS_DCP_CONTROL0_HASH_TERM (1 << 13)
#define MXS_DCP_CONTROL0_HASH_INIT (1 << 12)
#define MXS_DCP_CONTROL0_PAYLOAD_KEY (1 << 11)
+#define MXS_DCP_CONTROL0_OTP_KEY (1 << 10)
#define MXS_DCP_CONTROL0_CIPHER_ENCRYPT (1 << 8)
#define MXS_DCP_CONTROL0_CIPHER_INIT (1 << 9)
#define MXS_DCP_CONTROL0_ENABLE_HASH (1 << 6)
@@ -168,6 +171,8 @@ static struct dcp *global_sdcp;
#define MXS_DCP_CONTROL1_CIPHER_MODE_ECB (0 << 4)
#define MXS_DCP_CONTROL1_CIPHER_SELECT_AES128 (0 << 0)
+#define MXS_DCP_CONTROL1_KEY_SELECT_SHIFT 8
+
static int mxs_dcp_start_dma(struct dcp_async_ctx *actx)
{
int dma_err;
@@ -224,13 +229,16 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
struct dcp *sdcp = global_sdcp;
struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan];
struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);
+ bool key_referenced = actx->key_referenced;
int ret;
- key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key,
- 2 * AES_KEYSIZE_128, DMA_TO_DEVICE);
- ret = dma_mapping_error(sdcp->dev, key_phys);
- if (ret)
- return ret;
+ if (!key_referenced) {
+ key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key,
+ 2 * AES_KEYSIZE_128, DMA_TO_DEVICE);
+ ret = dma_mapping_error(sdcp->dev, key_phys);
+ if (ret)
+ return ret;
+ }
src_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_in_buf,
DCP_BUF_SZ, DMA_TO_DEVICE);
@@ -255,8 +263,12 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
MXS_DCP_CONTROL0_INTERRUPT |
MXS_DCP_CONTROL0_ENABLE_CIPHER;
- /* Payload contains the key. */
- desc->control0 |= MXS_DCP_CONTROL0_PAYLOAD_KEY;
+ if (key_referenced)
+ /* Set OTP key bit to select the key via KEY_SELECT. */
+ desc->control0 |= MXS_DCP_CONTROL0_OTP_KEY;
+ else
+ /* Payload contains the key. */
+ desc->control0 |= MXS_DCP_CONTROL0_PAYLOAD_KEY;
if (rctx->enc)
desc->control0 |= MXS_DCP_CONTROL0_CIPHER_ENCRYPT;
@@ -270,6 +282,9 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
else
desc->control1 |= MXS_DCP_CONTROL1_CIPHER_MODE_CBC;
+ if (key_referenced)
+ desc->control1 |= sdcp->coh->aes_key[0] << MXS_DCP_CONTROL1_KEY_SELECT_SHIFT;
+
desc->next_cmd_addr = 0;
desc->source = src_phys;
desc->destination = dst_phys;
@@ -284,9 +299,9 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
err_dst:
dma_unmap_single(sdcp->dev, src_phys, DCP_BUF_SZ, DMA_TO_DEVICE);
err_src:
- dma_unmap_single(sdcp->dev, key_phys, 2 * AES_KEYSIZE_128,
- DMA_TO_DEVICE);
-
+ if (!key_referenced)
+ dma_unmap_single(sdcp->dev, key_phys, 2 * AES_KEYSIZE_128,
+ DMA_TO_DEVICE);
return ret;
}
@@ -453,7 +468,7 @@ static int mxs_dcp_aes_enqueue(struct skcipher_request *req, int enc, int ecb)
struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);
int ret;
- if (unlikely(actx->key_len != AES_KEYSIZE_128))
+ if (unlikely(actx->key_len != AES_KEYSIZE_128 && !actx->key_referenced))
return mxs_dcp_block_fallback(req, enc);
rctx->enc = enc;
@@ -500,6 +515,7 @@ static int mxs_dcp_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
* there can still be an operation in progress.
*/
actx->key_len = len;
+ actx->key_referenced = false;
if (len == AES_KEYSIZE_128) {
memcpy(actx->key, key, len);
return 0;
@@ -516,6 +532,32 @@ static int mxs_dcp_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
return crypto_skcipher_setkey(actx->fallback, key, len);
}
+static int mxs_dcp_aes_setrefkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int len)
+{
+ struct dcp_async_ctx *actx = crypto_skcipher_ctx(tfm);
+
+ if (len != DCP_PAES_KEYSIZE)
+ return -EINVAL;
+
+ switch (key[0]) {
+ case DCP_PAES_KEY_SLOT0:
+ case DCP_PAES_KEY_SLOT1:
+ case DCP_PAES_KEY_SLOT2:
+ case DCP_PAES_KEY_SLOT3:
+ case DCP_PAES_KEY_UNIQUE:
+ case DCP_PAES_KEY_OTP:
+ memcpy(actx->key, key, len);
+ actx->key_len = len;
+ actx->key_referenced = true;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
static int mxs_dcp_aes_fallback_init_tfm(struct crypto_skcipher *tfm)
{
const char *name = crypto_tfm_alg_name(crypto_skcipher_tfm(tfm));
@@ -539,6 +581,13 @@ static void mxs_dcp_aes_fallback_exit_tfm(struct crypto_skcipher *tfm)
crypto_free_skcipher(actx->fallback);
}
+static int mxs_dcp_paes_init_tfm(struct crypto_skcipher *tfm)
+{
+ crypto_skcipher_set_reqsize(tfm, sizeof(struct dcp_aes_req_ctx));
+
+ return 0;
+}
+
/*
* Hashing (SHA1/SHA256)
*/
@@ -889,6 +938,39 @@ static struct skcipher_alg dcp_aes_algs[] = {
.ivsize = AES_BLOCK_SIZE,
.init = mxs_dcp_aes_fallback_init_tfm,
.exit = mxs_dcp_aes_fallback_exit_tfm,
+ }, {
+ .base.cra_name = "ecb(paes)",
+ .base.cra_driver_name = "ecb-paes-dcp",
+ .base.cra_priority = 401,
+ .base.cra_alignmask = 15,
+ .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+ .base.cra_blocksize = AES_BLOCK_SIZE,
+ .base.cra_ctxsize = sizeof(struct dcp_async_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = DCP_PAES_KEYSIZE,
+ .max_keysize = DCP_PAES_KEYSIZE,
+ .setkey = mxs_dcp_aes_setrefkey,
+ .encrypt = mxs_dcp_aes_ecb_encrypt,
+ .decrypt = mxs_dcp_aes_ecb_decrypt,
+ .init = mxs_dcp_paes_init_tfm,
+ }, {
+ .base.cra_name = "cbc(paes)",
+ .base.cra_driver_name = "cbc-paes-dcp",
+ .base.cra_priority = 401,
+ .base.cra_alignmask = 15,
+ .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+ .base.cra_blocksize = AES_BLOCK_SIZE,
+ .base.cra_ctxsize = sizeof(struct dcp_async_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = DCP_PAES_KEYSIZE,
+ .max_keysize = DCP_PAES_KEYSIZE,
+ .setkey = mxs_dcp_aes_setrefkey,
+ .encrypt = mxs_dcp_aes_cbc_encrypt,
+ .decrypt = mxs_dcp_aes_cbc_decrypt,
+ .ivsize = AES_BLOCK_SIZE,
+ .init = mxs_dcp_paes_init_tfm,
},
};
diff --git a/include/soc/fsl/dcp.h b/include/soc/fsl/dcp.h
new file mode 100644
index 000000000000..3ec335d8ca8b
--- /dev/null
+++ b/include/soc/fsl/dcp.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2021 sigma star gmbh
+ *
+ * Specifies paes key slot handles for NXP's DCP (Data Co-Processor) to be used
+ * with the crypto_skcipher_setkey().
+ */
+
+#ifndef MXS_DCP_H
+#define MXS_DCP_H
+
+#define DCP_PAES_KEYSIZE 1
+#define DCP_PAES_KEY_SLOT0 0x00
+#define DCP_PAES_KEY_SLOT1 0x01
+#define DCP_PAES_KEY_SLOT2 0x02
+#define DCP_PAES_KEY_SLOT3 0x03
+#define DCP_PAES_KEY_UNIQUE 0xfe
+#define DCP_PAES_KEY_OTP 0xff
+
+#endif /* MXS_DCP_H */
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v8 5/6] docs: document DCP-backed trusted keys kernel params
From: David Gstir @ 2024-04-03 7:21 UTC (permalink / raw)
To: Mimi Zohar, James Bottomley, Jarkko Sakkinen, Herbert Xu,
David S. Miller
Cc: David Gstir, Shawn Guo, Jonathan Corbet, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, NXP Linux Team,
Ahmad Fatoum, sigma star Kernel Team, David Howells, Li Yang,
Paul Moore, James Morris, Serge E. Hallyn, Paul E. McKenney,
Randy Dunlap, Catalin Marinas, Rafael J. Wysocki, Tejun Heo,
Steven Rostedt (Google), linux-doc, linux-kernel, linux-integrity,
keyrings, linux-crypto, linux-arm-kernel, linuxppc-dev,
linux-security-module, Richard Weinberger, David Oberhollenzer
In-Reply-To: <20240403072131.54935-1-david@sigma-star.at>
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 24c02c704049..3a59abf06039 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6698,6 +6698,7 @@
- "tpm"
- "tee"
- "caam"
+ - "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@@ -6713,6 +6714,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ trusted.dcp_use_otp_key
+ This is intended to be used in combination with
+ trusted.source=dcp and will select the DCP OTP key
+ instead of the DCP UNIQUE key blob encryption.
+
+ trusted.dcp_skip_zk_test
+ This is intended to be used in combination with
+ trusted.source=dcp and will disable the check if the
+ blob key is all zeros. This is helpful for situations where
+ having this key zero'ed is acceptable. E.g. in testing
+ scenarios.
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v8 2/6] KEYS: trusted: improve scalability of trust source config
From: David Gstir @ 2024-04-03 7:21 UTC (permalink / raw)
To: Mimi Zohar, James Bottomley, Jarkko Sakkinen, Herbert Xu,
David S. Miller
Cc: David Gstir, Shawn Guo, Jonathan Corbet, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, NXP Linux Team,
Ahmad Fatoum, sigma star Kernel Team, David Howells, Li Yang,
Paul Moore, James Morris, Serge E. Hallyn, Paul E. McKenney,
Randy Dunlap, Catalin Marinas, Rafael J. Wysocki, Tejun Heo,
Steven Rostedt (Google), linux-doc, linux-kernel, linux-integrity,
keyrings, linux-crypto, linux-arm-kernel, linuxppc-dev,
linux-security-module
In-Reply-To: <20240403072131.54935-1-david@sigma-star.at>
Enabling trusted keys requires at least one trust source implementation
(currently TPM, TEE or CAAM) to be enabled. Currently, this is
done by checking each trust source's config option individually.
This does not scale when more trust sources like the one for DCP
are added, because the condition will get long and hard to read.
Add config HAVE_TRUSTED_KEYS which is set to true by each trust source
once its enabled and adapt the check for having at least one active trust
source to use this option. Whenever a new trust source is added, it now
needs to select HAVE_TRUSTED_KEYS.
Signed-off-by: David Gstir <david@sigma-star.at>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org> # for TRUSTED_KEYS_TPM
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
security/keys/trusted-keys/Kconfig | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
index dbfdd8536468..553dc117f385 100644
--- a/security/keys/trusted-keys/Kconfig
+++ b/security/keys/trusted-keys/Kconfig
@@ -1,3 +1,6 @@
+config HAVE_TRUSTED_KEYS
+ bool
+
config TRUSTED_KEYS_TPM
bool "TPM-based trusted keys"
depends on TCG_TPM >= TRUSTED_KEYS
@@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM
select ASN1_ENCODER
select OID_REGISTRY
select ASN1
+ select HAVE_TRUSTED_KEYS
help
Enable use of the Trusted Platform Module (TPM) as trusted key
backend. Trusted keys are random number symmetric keys,
@@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE
bool "TEE-based trusted keys"
depends on TEE >= TRUSTED_KEYS
default y
+ select HAVE_TRUSTED_KEYS
help
Enable use of the Trusted Execution Environment (TEE) as trusted
key backend.
@@ -29,10 +34,11 @@ config TRUSTED_KEYS_CAAM
depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
default y
+ select HAVE_TRUSTED_KEYS
help
Enable use of NXP's Cryptographic Accelerator and Assurance Module
(CAAM) as trusted key backend.
-if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
-comment "No trust source selected!"
+if !HAVE_TRUSTED_KEYS
+ comment "No trust source selected!"
endif
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v8 0/6] DCP as trusted keys backend
From: David Gstir @ 2024-04-03 7:21 UTC (permalink / raw)
To: Mimi Zohar, James Bottomley, Jarkko Sakkinen, Herbert Xu,
David S. Miller
Cc: David Gstir, Shawn Guo, Jonathan Corbet, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, NXP Linux Team,
Ahmad Fatoum, sigma star Kernel Team, David Howells, Li Yang,
Paul Moore, James Morris, Serge E. Hallyn, Paul E. McKenney,
Randy Dunlap, Catalin Marinas, Rafael J. Wysocki, Tejun Heo,
Steven Rostedt (Google), linux-doc, linux-kernel, linux-integrity,
keyrings, linux-crypto, linux-arm-kernel, linuxppc-dev,
linux-security-module
This is a revival of the previous patch set submitted by Richard Weinberger:
https://lore.kernel.org/linux-integrity/20210614201620.30451-1-richard@nod.at/
After having been thoroughly reviewed by Jarkko, it would be great if this
could go into 6.10. :-)
v7 is here:
https://lore.kernel.org/keyrings/20240327082454.13729-1-david@sigma-star.at/
v7 -> v8:
- Add Reviewed-by from Jarkko Sakkinen for patches #2 and #5
- Use kernel-doc for DCP blob format documentation instead of copy-pasting as
suggested by Jarkko Sakkinen
- Fix wording in docs for trusted.dcp_skip_zk_test kernel param
v6 -> v7:
- Add Reviewed-by from Jarkko Sakkinen for patches #1 and #3
- Improved commit messages
- Changed log level for non-trusted/secure mode check from error to warning
v5 -> v6:
- Cleaned up coding style and commit messages to make the whole series more
coherent as suggested by Jarkko Sakkinen
- Added Acked-By from Jarkko Sakkinen to patch #4 - thanks!
- Rebased against next-20240307
v4 -> v5:
- Make Kconfig for trust source check scalable as suggested by Jarkko Sakkinen
- Add Acked-By from Herbert Xu to patch #1 - thanks!
v3 -> v4:
- Split changes on MAINTAINERS and documentation into dedicated patches
- Use more concise wording in commit messages as suggested by Jarkko Sakkinen
v2 -> v3:
- Addressed review comments from Jarkko Sakkinen
v1 -> v2:
- Revive and rebase to latest version
- Include review comments from Ahmad Fatoum
The Data Co-Processor (DCP) is an IP core built into many NXP SoCs such
as i.mx6ull.
Similar to the CAAM engine used in more powerful SoCs, DCP can AES-
encrypt/decrypt user data using a unique, never-disclosed,
device-specific key. Unlike CAAM though, it cannot directly wrap and
unwrap blobs in hardware. As DCP offers only the bare minimum feature
set and a blob mechanism needs aid from software. A blob in this case
is a piece of sensitive data (e.g. a key) that is encrypted and
authenticated using the device-specific key so that unwrapping can only
be done on the hardware where the blob was wrapped.
This patch series adds a DCP based, trusted-key backend and is similar
in spirit to the one by Ahmad Fatoum [0] that does the same for CAAM.
It is of interest for similar use cases as the CAAM patch set, but for
lower end devices, where CAAM is not available.
Because constructing and parsing the blob has to happen in software,
we needed to decide on a blob format and chose the following:
struct dcp_blob_fmt {
__u8 fmt_version;
__u8 blob_key[AES_KEYSIZE_128];
__u8 nonce[AES_KEYSIZE_128];
__le32 payload_len;
__u8 payload[];
} __packed;
The `fmt_version` is currently 1.
The encrypted key is stored in the payload area. It is AES-128-GCM
encrypted using `blob_key` and `nonce`, GCM auth tag is attached at
the end of the payload (`payload_len` does not include the size of
the auth tag).
The `blob_key` itself is encrypted in AES-128-ECB mode by DCP using
the OTP or UNIQUE device key. A new `blob_key` and `nonce` are generated
randomly, when sealing/exporting the DCP blob.
This patchset was tested with dm-crypt on an i.MX6ULL board.
[0] https://lore.kernel.org/keyrings/20220513145705.2080323-1-a.fatoum@pengutronix.de/
David Gstir (6):
crypto: mxs-dcp: Add support for hardware-bound keys
KEYS: trusted: improve scalability of trust source config
KEYS: trusted: Introduce NXP DCP-backed trusted keys
MAINTAINERS: add entry for DCP-based trusted keys
docs: document DCP-backed trusted keys kernel params
docs: trusted-encrypted: add DCP as new trust source
.../admin-guide/kernel-parameters.txt | 13 +
.../security/keys/trusted-encrypted.rst | 53 +++
MAINTAINERS | 9 +
drivers/crypto/mxs-dcp.c | 104 +++++-
include/keys/trusted_dcp.h | 11 +
include/soc/fsl/dcp.h | 20 ++
security/keys/trusted-keys/Kconfig | 18 +-
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 6 +-
security/keys/trusted-keys/trusted_dcp.c | 332 ++++++++++++++++++
10 files changed, 554 insertions(+), 14 deletions(-)
create mode 100644 include/keys/trusted_dcp.h
create mode 100644 include/soc/fsl/dcp.h
create mode 100644 security/keys/trusted-keys/trusted_dcp.c
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply
* [PATCH v4 7/9] drm/mediatek: Add secure layer config support for ovl
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add secure layer config support for ovl.
TODO:
1. Move DISP_REG_OVL_SECURE setting to secure world.
2. Change the parameter register address in mtk_ddp_sec_write()
from "u32 addr" to "struct cmdq_client_reg *cmdq_reg".
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 1 +
drivers/gpu/drm/mediatek/mtk_disp_drv.h | 2 ++
drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 30 +++++++++++++++++++++++--
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_ddp_comp.c b/drivers/gpu/drm/mediatek/mtk_ddp_comp.c
index cda0da4848029..b2f59e54c3f4b 100644
--- a/drivers/gpu/drm/mediatek/mtk_ddp_comp.c
+++ b/drivers/gpu/drm/mediatek/mtk_ddp_comp.c
@@ -382,6 +382,7 @@ static const struct mtk_ddp_comp_funcs ddp_ovl = {
.bgclr_in_off = mtk_ovl_bgclr_in_off,
.get_formats = mtk_ovl_get_formats,
.get_num_formats = mtk_ovl_get_num_formats,
+ .get_sec_port = mtk_ovl_get_sec_port,
};
static const struct mtk_ddp_comp_funcs ddp_postmask = {
diff --git a/drivers/gpu/drm/mediatek/mtk_disp_drv.h b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
index d2c8fac468798..c4e1b5b8a2e31 100644
--- a/drivers/gpu/drm/mediatek/mtk_disp_drv.h
+++ b/drivers/gpu/drm/mediatek/mtk_disp_drv.h
@@ -9,6 +9,7 @@
#include <linux/soc/mediatek/mtk-cmdq.h>
#include <linux/soc/mediatek/mtk-mmsys.h>
#include <linux/soc/mediatek/mtk-mutex.h>
+#include "mtk_ddp_comp.h"
#include "mtk_mdp_rdma.h"
#include "mtk_plane.h"
@@ -84,6 +85,7 @@ void mtk_ovl_clk_disable(struct device *dev);
void mtk_ovl_config(struct device *dev, unsigned int w,
unsigned int h, unsigned int vrefresh,
unsigned int bpc, struct cmdq_pkt *cmdq_pkt);
+u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx);
int mtk_ovl_layer_check(struct device *dev, unsigned int idx,
struct mtk_plane_state *mtk_state);
void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
index 279e6193e7975..8cee64495cd04 100644
--- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
+++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
@@ -74,6 +74,7 @@
#define DISP_REG_OVL_ADDR(ovl, n) ((ovl)->data->addr + 0x20 * (n))
#define DISP_REG_OVL_HDR_ADDR(ovl, n) ((ovl)->data->addr + 0x20 * (n) + 0x04)
#define DISP_REG_OVL_HDR_PITCH(ovl, n) ((ovl)->data->addr + 0x20 * (n) + 0x08)
+#define DISP_REG_OVL_SECURE 0x0fc0
#define GMC_THRESHOLD_BITS 16
#define GMC_THRESHOLD_HIGH ((1 << GMC_THRESHOLD_BITS) / 4)
@@ -218,6 +219,16 @@ void mtk_ovl_crc_read(struct device *dev)
mtk_crtc_read_crc(&ovl->crc, ovl->regs);
}
+u64 mtk_ovl_get_sec_port(struct mtk_ddp_comp *comp, unsigned int idx)
+{
+ if (comp->id == DDP_COMPONENT_OVL0)
+ return BIT_ULL(CMDQ_SEC_DISP_OVL0);
+ else if (comp->id == DDP_COMPONENT_OVL1)
+ return BIT_ULL(CMDQ_SEC_DISP_OVL1);
+
+ return 0;
+}
+
static irqreturn_t mtk_disp_ovl_irq_handler(int irq, void *dev_id)
{
struct mtk_disp_ovl *priv = dev_id;
@@ -665,8 +676,22 @@ void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
DISP_REG_OVL_SRC_SIZE(idx));
mtk_ddp_write_relaxed(cmdq_pkt, offset, &ovl->cmdq_reg, ovl->regs,
DISP_REG_OVL_OFFSET(idx));
- mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl->regs,
- DISP_REG_OVL_ADDR(ovl, idx));
+
+ if (state->pending.is_secure) {
+ const struct drm_format_info *fmt_info = drm_format_info(fmt);
+ unsigned int buf_size = (pending->height - 1) * pending->pitch +
+ pending->width * fmt_info->cpp[0];
+
+ mtk_ddp_write_mask(cmdq_pkt, BIT(idx), &ovl->cmdq_reg, ovl->regs,
+ DISP_REG_OVL_SECURE, BIT(idx));
+ mtk_ddp_sec_write(cmdq_pkt, ovl->regs_pa + DISP_REG_OVL_ADDR(ovl, idx),
+ pending->addr, CMDQ_IWC_H_2_MVA, 0, buf_size, 0);
+ } else {
+ mtk_ddp_write_mask(cmdq_pkt, 0, &ovl->cmdq_reg, ovl->regs,
+ DISP_REG_OVL_SECURE, BIT(idx));
+ mtk_ddp_write_relaxed(cmdq_pkt, addr, &ovl->cmdq_reg, ovl->regs,
+ DISP_REG_OVL_ADDR(ovl, idx));
+ }
if (is_afbc) {
mtk_ddp_write_relaxed(cmdq_pkt, hdr_addr, &ovl->cmdq_reg, ovl->regs,
@@ -745,6 +770,7 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev)
}
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ priv->regs_pa = res->start;
priv->regs = devm_ioremap_resource(dev, res);
if (IS_ERR(priv->regs)) {
dev_err(dev, "failed to ioremap ovl\n");
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 2/9] dt-bindings: mailbox: Add mboxes property for CMDQ secure driver
From: Shawn Sung @ 2024-04-03 6:55 UTC (permalink / raw)
To: CK Hu, Jassi Brar, AngeloGioacchino Del Regno
Cc: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Matthias Brugger,
Hsiao Chien Sung, Jason-JH . Lin, Houlong Wei, linux-kernel,
devicetree, linux-arm-kernel, linux-mediatek
In-Reply-To: <20240403065603.21920-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add mboxes to define a GCE loopping thread as a secure irq handler.
This property is only required if CMDQ secure driver is supported.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
.../devicetree/bindings/mailbox/mediatek,gce-mailbox.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/devicetree/bindings/mailbox/mediatek,gce-mailbox.yaml b/Documentation/devicetree/bindings/mailbox/mediatek,gce-mailbox.yaml
index cef9d76013985..cf39e70747de6 100644
--- a/Documentation/devicetree/bindings/mailbox/mediatek,gce-mailbox.yaml
+++ b/Documentation/devicetree/bindings/mailbox/mediatek,gce-mailbox.yaml
@@ -49,6 +49,9 @@ properties:
items:
- const: gce
+ mboxes:
+ maxItems: 1
+
required:
- compatible
- "#mbox-cells"
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 2/9] drm/mediatek: Add secure buffer control flow to mtk_drm_gem
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add secure buffer control flow to mtk_drm_gem.
When user space takes DRM_MTK_GEM_CREATE_ENCRYPTED flag and size
to create a mtk_drm_gem object, mtk_drm_gem will find a matched size
dma buffer from secure dma-heap and bind it to mtk_drm_gem object.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_gem.c | 85 +++++++++++++++++++++++++++++-
drivers/gpu/drm/mediatek/mtk_gem.h | 4 ++
2 files changed, 88 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_gem.c b/drivers/gpu/drm/mediatek/mtk_gem.c
index e59e0727717b7..ec34d02c14377 100644
--- a/drivers/gpu/drm/mediatek/mtk_gem.c
+++ b/drivers/gpu/drm/mediatek/mtk_gem.c
@@ -4,6 +4,8 @@
*/
#include <linux/dma-buf.h>
+#include <linux/dma-heap.h>
+#include <uapi/linux/dma-heap.h>
#include <drm/mediatek_drm.h>
#include <drm/drm.h>
@@ -102,6 +104,81 @@ struct mtk_gem_obj *mtk_gem_create(struct drm_device *dev,
return ERR_PTR(ret);
}
+struct mtk_gem_obj *mtk_gem_create_from_heap(struct drm_device *dev,
+ const char *heap, size_t size)
+{
+ struct mtk_drm_private *priv = dev->dev_private;
+ struct mtk_gem_obj *mtk_gem;
+ struct drm_gem_object *obj;
+ struct dma_heap *dma_heap;
+ struct dma_buf *dma_buf;
+ struct dma_buf_attachment *attach;
+ struct sg_table *sgt;
+ struct iosys_map map = {};
+ int ret;
+
+ mtk_gem = mtk_gem_init(dev, size);
+ if (IS_ERR(mtk_gem))
+ return ERR_CAST(mtk_gem);
+
+ obj = &mtk_gem->base;
+
+ dma_heap = dma_heap_find(heap);
+ if (!dma_heap) {
+ DRM_ERROR("heap find fail\n");
+ goto err_gem_free;
+ }
+ dma_buf = dma_heap_buffer_alloc(dma_heap, size,
+ O_RDWR | O_CLOEXEC, DMA_HEAP_VALID_HEAP_FLAGS);
+ if (IS_ERR(dma_buf)) {
+ DRM_ERROR("buffer alloc fail\n");
+ dma_heap_put(dma_heap);
+ goto err_gem_free;
+ }
+ dma_heap_put(dma_heap);
+
+ attach = dma_buf_attach(dma_buf, priv->dma_dev);
+ if (IS_ERR(attach)) {
+ DRM_ERROR("attach fail, return\n");
+ dma_buf_put(dma_buf);
+ goto err_gem_free;
+ }
+
+ sgt = dma_buf_map_attachment(attach, DMA_BIDIRECTIONAL);
+ if (IS_ERR(sgt)) {
+ DRM_ERROR("map failed, detach and return\n");
+ dma_buf_detach(dma_buf, attach);
+ dma_buf_put(dma_buf);
+ goto err_gem_free;
+ }
+ obj->import_attach = attach;
+ mtk_gem->dma_addr = sg_dma_address(sgt->sgl);
+ mtk_gem->sg = sgt;
+ mtk_gem->size = dma_buf->size;
+
+ if (!strcmp(heap, "mtk_svp") || !strcmp(heap, "mtk_svp_cma")) {
+ /* secure buffer can not be mapped */
+ mtk_gem->secure = true;
+ } else {
+ ret = dma_buf_vmap(dma_buf, &map);
+ mtk_gem->kvaddr = map.vaddr;
+ if (ret) {
+ DRM_ERROR("map failed, ret=%d\n", ret);
+ dma_buf_unmap_attachment(attach, sgt, DMA_BIDIRECTIONAL);
+ dma_buf_detach(dma_buf, attach);
+ dma_buf_put(dma_buf);
+ mtk_gem->kvaddr = NULL;
+ }
+ }
+
+ return mtk_gem;
+
+err_gem_free:
+ drm_gem_object_release(obj);
+ kfree(mtk_gem);
+ return ERR_PTR(-ENOMEM);
+}
+
void mtk_gem_free_object(struct drm_gem_object *obj)
{
struct mtk_gem_obj *mtk_gem = to_mtk_gem_obj(obj);
@@ -229,7 +306,9 @@ struct drm_gem_object *mtk_gem_prime_import_sg_table(struct drm_device *dev,
if (IS_ERR(mtk_gem))
return ERR_CAST(mtk_gem);
+ mtk_gem->secure = !sg_page(sg->sgl);
mtk_gem->dma_addr = sg_dma_address(sg->sgl);
+ mtk_gem->size = attach->dmabuf->size;
mtk_gem->sg = sg;
return &mtk_gem->base;
@@ -304,7 +383,11 @@ int mtk_gem_create_ioctl(struct drm_device *dev, void *data,
struct drm_mtk_gem_create *args = data;
int ret;
- mtk_gem = mtk_gem_create(dev, args->size, false);
+ if (args->flags & DRM_MTK_GEM_CREATE_ENCRYPTED)
+ mtk_gem = mtk_gem_create_from_heap(dev, "mtk_svp_cma", args->size);
+ else
+ mtk_gem = mtk_gem_create(dev, args->size, false);
+
if (IS_ERR(mtk_gem))
return PTR_ERR(mtk_gem);
diff --git a/drivers/gpu/drm/mediatek/mtk_gem.h b/drivers/gpu/drm/mediatek/mtk_gem.h
index 4d7598220ca8f..e1d3537a55ecb 100644
--- a/drivers/gpu/drm/mediatek/mtk_gem.h
+++ b/drivers/gpu/drm/mediatek/mtk_gem.h
@@ -27,9 +27,11 @@ struct mtk_gem_obj {
void *cookie;
void *kvaddr;
dma_addr_t dma_addr;
+ size_t size;
unsigned long dma_attrs;
struct sg_table *sg;
struct page **pages;
+ bool secure;
};
#define to_mtk_gem_obj(x) container_of(x, struct mtk_gem_obj, base)
@@ -39,6 +41,8 @@ struct mtk_gem_obj *mtk_gem_create(struct drm_device *dev, size_t size,
bool alloc_kmap);
int mtk_gem_dumb_create(struct drm_file *file_priv, struct drm_device *dev,
struct drm_mode_create_dumb *args);
+struct mtk_gem_obj *mtk_gem_create_from_heap(struct drm_device *dev,
+ const char *heap, size_t size);
struct sg_table *mtk_gem_prime_get_sg_table(struct drm_gem_object *obj);
struct drm_gem_object *mtk_gem_prime_import_sg_table(struct drm_device *dev,
struct dma_buf_attachment *attach, struct sg_table *sg);
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 8/9] drm/mediatek: Add secure flow support to mediatek-drm
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
To add secure flow support for mediatek-drm, each crtc have to
create a secure cmdq mailbox channel. Then cmdq packets with
display HW configuration will be sent to secure cmdq mailbox channel
and configured in the secure world.
Each crtc have to use secure cmdq interface to configure some secure
settings for display HW before sending cmdq packets to secure cmdq
mailbox channel.
If any of fb get from current drm_atomic_state is secure, then crtc
will switch to the secure flow to configure display HW.
If all fbs are not secure in current drm_atomic_state, then crtc will
switch to the normal flow.
TODO:
1. Remove get sec larb port interface in ddp_comp, ovl and ovl_adaptor.
2. Verify instruction for enabling/disabling dapc and larb port in TEE
drop the sec_engine flags in normal world.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_crtc.c | 271 ++++++++++++++++++++++++++-
drivers/gpu/drm/mediatek/mtk_crtc.h | 1 +
drivers/gpu/drm/mediatek/mtk_plane.c | 7 +
3 files changed, 269 insertions(+), 10 deletions(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_crtc.c b/drivers/gpu/drm/mediatek/mtk_crtc.c
index 29d00d11224b0..a6ba9965500f0 100644
--- a/drivers/gpu/drm/mediatek/mtk_crtc.c
+++ b/drivers/gpu/drm/mediatek/mtk_crtc.c
@@ -57,6 +57,11 @@ struct mtk_crtc {
u32 cmdq_event;
u32 cmdq_vblank_cnt;
wait_queue_head_t cb_blocking_queue;
+
+ struct cmdq_client sec_cmdq_client;
+ struct cmdq_pkt sec_cmdq_handle;
+ bool sec_cmdq_working;
+ wait_queue_head_t sec_cb_blocking_queue;
#endif
struct device *mmsys_dev;
@@ -73,6 +78,8 @@ struct mtk_crtc {
struct mtk_ddp_comp *crc_provider;
struct drm_vblank_work crc_work;
+
+ bool sec_on;
};
struct mtk_crtc_state {
@@ -117,6 +124,154 @@ static void mtk_drm_finish_page_flip(struct mtk_crtc *mtk_crtc)
}
}
+void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
+{
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+ enum cmdq_sec_scenario sec_scn = CMDQ_SEC_SCNR_MAX;
+ int i;
+ struct mtk_ddp_comp *ddp_first_comp;
+ struct mtk_crtc *mtk_crtc = to_mtk_crtc(crtc);
+ u64 sec_engine = 0; /* for hw engine write output secure fb */
+ u64 sec_port = 0; /* for larb port read input secure fb */
+
+ mutex_lock(&mtk_crtc->hw_lock);
+
+ if (!mtk_crtc->sec_cmdq_client.chan) {
+ pr_err("crtc-%d secure mbox channel is NULL\n", drm_crtc_index(crtc));
+ goto err;
+ }
+
+ if (!mtk_crtc->sec_on) {
+ pr_debug("crtc-%d is already disabled!\n", drm_crtc_index(crtc));
+ goto err;
+ }
+
+ mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
+ mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
+
+ if (mtk_crtc->sec_cmdq_handle.sec_data) {
+ struct cmdq_sec_data *sec_data;
+
+ sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
+ sec_data->addr_metadata_cnt = 0;
+ sec_data->addr_metadatas = (uintptr_t)NULL;
+ }
+
+ /*
+ * Secure path only support DL mode, so we just wait
+ * the first path frame done here
+ */
+ cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event, false);
+
+ ddp_first_comp = mtk_crtc->ddp_comp[0];
+ for (i = 0; i < mtk_crtc->layer_nr; i++) {
+ struct drm_plane *plane = &mtk_crtc->planes[i];
+
+ sec_port |= mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
+
+ /* make sure secure layer off before switching secure state */
+ if (!mtk_plane_fb_is_secure(plane->state->fb)) {
+ struct mtk_plane_state *plane_state = to_mtk_plane_state(plane->state);
+
+ plane_state->pending.enable = false;
+ mtk_ddp_comp_layer_config(ddp_first_comp, i, plane_state,
+ &mtk_crtc->sec_cmdq_handle);
+ }
+ }
+
+ /* Disable secure path */
+ if (drm_crtc_index(crtc) == 0)
+ sec_scn = CMDQ_SEC_SCNR_PRIMARY_DISP_DISABLE;
+ else if (drm_crtc_index(crtc) == 1)
+ sec_scn = CMDQ_SEC_SCNR_SUB_DISP_DISABLE;
+
+ cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, sec_engine, sec_scn);
+
+ cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
+ dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan->mbox->dev,
+ mtk_crtc->sec_cmdq_handle.pa_base,
+ mtk_crtc->sec_cmdq_handle.cmd_buf_size,
+ DMA_TO_DEVICE);
+
+ mtk_crtc->sec_cmdq_working = true;
+ mbox_send_message(mtk_crtc->sec_cmdq_client.chan, &mtk_crtc->sec_cmdq_handle);
+ mbox_client_txdone(mtk_crtc->sec_cmdq_client.chan, 0);
+
+ // Wait for sec state to be disabled by cmdq
+ wait_event_timeout(mtk_crtc->sec_cb_blocking_queue,
+ !mtk_crtc->sec_cmdq_working,
+ msecs_to_jiffies(500));
+
+ mtk_crtc->sec_on = false;
+ pr_debug("crtc-%d disable secure plane!\n", drm_crtc_index(crtc));
+
+err:
+ mutex_unlock(&mtk_crtc->hw_lock);
+#endif
+}
+
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+static void mtk_crtc_enable_secure_state(struct drm_crtc *crtc)
+{
+ enum cmdq_sec_scenario sec_scn = CMDQ_SEC_SCNR_MAX;
+ int i;
+ struct mtk_ddp_comp *ddp_first_comp;
+ struct mtk_crtc *mtk_crtc = to_mtk_crtc(crtc);
+ u64 sec_engine = 0; /* for hw engine write output secure fb */
+ u64 sec_port = 0; /* for larb port read input secure fb */
+
+ cmdq_pkt_wfe(&mtk_crtc->sec_cmdq_handle, mtk_crtc->cmdq_event, false);
+
+ ddp_first_comp = mtk_crtc->ddp_comp[0];
+ for (i = 0; i < mtk_crtc->layer_nr; i++)
+ if (mtk_crtc->planes[i].type == DRM_PLANE_TYPE_CURSOR)
+ sec_port |= mtk_ddp_comp_layer_get_sec_port(ddp_first_comp, i);
+
+ if (drm_crtc_index(crtc) == 0)
+ sec_scn = CMDQ_SEC_SCNR_PRIMARY_DISP;
+ else if (drm_crtc_index(crtc) == 1)
+ sec_scn = CMDQ_SEC_SCNR_SUB_DISP;
+
+ cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, sec_port, sec_scn);
+
+ pr_debug("crtc-%d enable secure plane!\n", drm_crtc_index(crtc));
+}
+#endif
+
+static void mtk_crtc_plane_switch_sec_state(struct drm_crtc *crtc,
+ struct drm_atomic_state *state)
+{
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+ bool sec_on[MAX_CRTC] = {0};
+ int i;
+ struct drm_crtc_state *crtc_state;
+ struct mtk_crtc *mtk_crtc = to_mtk_crtc(crtc);
+ struct drm_plane *plane;
+ struct drm_plane_state *old_plane_state;
+
+ for_each_old_plane_in_state(state, plane, old_plane_state, i) {
+ if (!plane->state->crtc)
+ continue;
+
+ if (plane->state->fb &&
+ mtk_plane_fb_is_secure(plane->state->fb) &&
+ mtk_crtc->sec_cmdq_client.chan)
+ sec_on[drm_crtc_index(plane->state->crtc)] = true;
+ }
+
+ for_each_old_crtc_in_state(state, crtc, crtc_state, i) {
+ mtk_crtc = to_mtk_crtc(crtc);
+
+ if (!sec_on[i])
+ mtk_crtc_disable_secure_state(crtc);
+
+ mutex_lock(&mtk_crtc->hw_lock);
+ mtk_crtc->sec_on = true;
+ mutex_unlock(&mtk_crtc->hw_lock);
+ }
+#endif
+}
+
#if IS_REACHABLE(CONFIG_MTK_CMDQ)
static int mtk_drm_cmdq_pkt_create(struct cmdq_client *client, struct cmdq_pkt *pkt,
size_t size)
@@ -152,22 +307,33 @@ static void mtk_drm_cmdq_pkt_destroy(struct cmdq_pkt *pkt)
dma_unmap_single(client->chan->mbox->dev, pkt->pa_base, pkt->buf_size,
DMA_TO_DEVICE);
kfree(pkt->va_base);
+ kfree(pkt->sec_data);
}
#endif
static void mtk_crtc_destroy(struct drm_crtc *crtc)
{
struct mtk_crtc *mtk_crtc = to_mtk_crtc(crtc);
+ struct mtk_drm_private *priv = crtc->dev->dev_private;
int i;
+ priv = priv->all_drm_private[drm_crtc_index(crtc)];
+
mtk_mutex_put(mtk_crtc->mutex);
#if IS_REACHABLE(CONFIG_MTK_CMDQ)
mtk_drm_cmdq_pkt_destroy(&mtk_crtc->cmdq_handle);
+ mtk_drm_cmdq_pkt_destroy(&mtk_crtc->sec_cmdq_handle);
if (mtk_crtc->cmdq_client.chan) {
mbox_free_channel(mtk_crtc->cmdq_client.chan);
mtk_crtc->cmdq_client.chan = NULL;
}
+
+ if (mtk_crtc->sec_cmdq_client.chan) {
+ device_link_remove(priv->dev, mtk_crtc->sec_cmdq_client.chan->mbox->dev);
+ mbox_free_channel(mtk_crtc->sec_cmdq_client.chan);
+ mtk_crtc->sec_cmdq_client.chan = NULL;
+ }
#endif
for (i = 0; i < mtk_crtc->ddp_comp_nr; i++) {
@@ -316,6 +482,11 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg)
if (data->sta < 0)
return;
+ if (!data->pkt || !data->pkt->sec_data)
+ mtk_crtc = container_of(cmdq_cl, struct mtk_crtc, cmdq_client);
+ else
+ mtk_crtc = container_of(cmdq_cl, struct mtk_crtc, sec_cmdq_client);
+
state = to_mtk_crtc_state(mtk_crtc->base.state);
state->pending_config = false;
@@ -344,6 +515,11 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg)
mtk_crtc->pending_async_planes = false;
}
+ if (mtk_crtc->sec_cmdq_working) {
+ mtk_crtc->sec_cmdq_working = false;
+ wake_up(&mtk_crtc->sec_cb_blocking_queue);
+ }
+
mtk_crtc->cmdq_vblank_cnt = 0;
wake_up(&mtk_crtc->cb_blocking_queue);
}
@@ -567,7 +743,8 @@ static void mtk_crtc_ddp_config(struct drm_crtc *crtc,
static void mtk_crtc_update_config(struct mtk_crtc *mtk_crtc, bool needs_vblank)
{
#if IS_REACHABLE(CONFIG_MTK_CMDQ)
- struct cmdq_pkt *cmdq_handle = &mtk_crtc->cmdq_handle;
+ struct cmdq_client cmdq_client;
+ struct cmdq_pkt *cmdq_handle;
#endif
struct drm_crtc *crtc = &mtk_crtc->base;
struct mtk_drm_private *priv = crtc->dev->dev_private;
@@ -605,14 +782,36 @@ static void mtk_crtc_update_config(struct mtk_crtc *mtk_crtc, bool needs_vblank)
mtk_mutex_release(mtk_crtc->mutex);
}
#if IS_REACHABLE(CONFIG_MTK_CMDQ)
- if (mtk_crtc->cmdq_client.chan) {
+ if (mtk_crtc->sec_on) {
+ mbox_flush(mtk_crtc->sec_cmdq_client.chan, 0);
+ mtk_crtc->sec_cmdq_handle.cmd_buf_size = 0;
+
+ if (mtk_crtc->sec_cmdq_handle.sec_data) {
+ struct cmdq_sec_data *sec_data;
+
+ sec_data = mtk_crtc->sec_cmdq_handle.sec_data;
+ sec_data->addr_metadata_cnt = 0;
+ sec_data->addr_metadatas = (uintptr_t)NULL;
+ }
+
+ mtk_crtc_enable_secure_state(crtc);
+
+ cmdq_client = mtk_crtc->sec_cmdq_client;
+ cmdq_handle = &mtk_crtc->sec_cmdq_handle;
+ } else if (mtk_crtc->cmdq_client.chan) {
mbox_flush(mtk_crtc->cmdq_client.chan, 2000);
- cmdq_handle->cmd_buf_size = 0;
+ mtk_crtc->cmdq_handle.cmd_buf_size = 0;
+
+ cmdq_client = mtk_crtc->cmdq_client;
+ cmdq_handle = &mtk_crtc->cmdq_handle;
+ }
+
+ if (cmdq_client.chan) {
cmdq_pkt_clear_event(cmdq_handle, mtk_crtc->cmdq_event);
cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
mtk_crtc_ddp_config(crtc, cmdq_handle);
cmdq_pkt_finalize(cmdq_handle);
- dma_sync_single_for_device(mtk_crtc->cmdq_client.chan->mbox->dev,
+ dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
cmdq_handle->pa_base,
cmdq_handle->cmd_buf_size,
DMA_TO_DEVICE);
@@ -625,8 +824,8 @@ static void mtk_crtc_update_config(struct mtk_crtc *mtk_crtc, bool needs_vblank)
*/
mtk_crtc->cmdq_vblank_cnt = 3;
- mbox_send_message(mtk_crtc->cmdq_client.chan, cmdq_handle);
- mbox_client_txdone(mtk_crtc->cmdq_client.chan, 0);
+ mbox_send_message(cmdq_client.chan, cmdq_handle);
+ mbox_client_txdone(cmdq_client.chan, 0);
}
#endif
mtk_crtc->config_updating = false;
@@ -835,6 +1034,8 @@ static void mtk_crtc_atomic_disable(struct drm_crtc *crtc,
if (!mtk_crtc->enabled)
return;
+ mtk_crtc_disable_secure_state(crtc);
+
/* Set all pending plane state to disabled */
for (i = 0; i < mtk_crtc->layer_nr; i++) {
struct drm_plane *plane = &mtk_crtc->planes[i];
@@ -873,6 +1074,8 @@ static void mtk_crtc_atomic_begin(struct drm_crtc *crtc,
struct mtk_crtc *mtk_crtc = to_mtk_crtc(crtc);
unsigned long flags;
+ mtk_crtc_plane_switch_sec_state(crtc, state);
+
if (mtk_crtc->event && mtk_crtc_state->base.event)
DRM_ERROR("new event while there is still a pending event\n");
@@ -1169,8 +1372,7 @@ int mtk_crtc_create(struct drm_device *drm_dev, const unsigned int *path,
if (ret) {
dev_dbg(dev, "mtk_crtc %d failed to get mediatek,gce-events property\n",
drm_crtc_index(&mtk_crtc->base));
- mbox_free_channel(mtk_crtc->cmdq_client.chan);
- mtk_crtc->cmdq_client.chan = NULL;
+ goto cmdq_err;
} else {
ret = mtk_drm_cmdq_pkt_create(&mtk_crtc->cmdq_client,
&mtk_crtc->cmdq_handle,
@@ -1178,14 +1380,63 @@ int mtk_crtc_create(struct drm_device *drm_dev, const unsigned int *path,
if (ret) {
dev_dbg(dev, "mtk_crtc %d failed to create cmdq packet\n",
drm_crtc_index(&mtk_crtc->base));
- mbox_free_channel(mtk_crtc->cmdq_client.chan);
- mtk_crtc->cmdq_client.chan = NULL;
+ goto cmdq_err;
}
}
/* for sending blocking cmd in crtc disable */
init_waitqueue_head(&mtk_crtc->cb_blocking_queue);
}
+
+ mtk_crtc->sec_cmdq_client.client.dev = mtk_crtc->mmsys_dev;
+ mtk_crtc->sec_cmdq_client.client.tx_block = false;
+ mtk_crtc->sec_cmdq_client.client.knows_txdone = true;
+ mtk_crtc->sec_cmdq_client.client.rx_callback = ddp_cmdq_cb;
+ mtk_crtc->sec_cmdq_client.chan =
+ mbox_request_channel(&mtk_crtc->sec_cmdq_client.client, i + 1);
+ if (IS_ERR(mtk_crtc->sec_cmdq_client.chan)) {
+ dev_err(dev, "mtk_crtc %d failed to create sec mailbox client\n",
+ drm_crtc_index(&mtk_crtc->base));
+ mtk_crtc->sec_cmdq_client.chan = NULL;
+ }
+
+ if (mtk_crtc->sec_cmdq_client.chan) {
+ struct device_link *link;
+
+ /* add devlink to cmdq dev to make sure suspend/resume order is correct */
+ link = device_link_add(priv->dev, mtk_crtc->sec_cmdq_client.chan->mbox->dev,
+ DL_FLAG_PM_RUNTIME | DL_FLAG_STATELESS);
+ if (!link) {
+ dev_err(priv->dev, "Unable to link dev=%s\n",
+ dev_name(mtk_crtc->sec_cmdq_client.chan->mbox->dev));
+ ret = -ENODEV;
+ goto cmdq_err;
+ }
+
+ ret = mtk_drm_cmdq_pkt_create(&mtk_crtc->sec_cmdq_client,
+ &mtk_crtc->sec_cmdq_handle,
+ PAGE_SIZE);
+ if (ret) {
+ dev_dbg(dev, "mtk_crtc %d failed to create cmdq secure packet\n",
+ drm_crtc_index(&mtk_crtc->base));
+ goto cmdq_err;
+ }
+
+ /* for sending blocking cmd in crtc disable */
+ init_waitqueue_head(&mtk_crtc->sec_cb_blocking_queue);
+ }
+
+cmdq_err:
+ if (ret) {
+ if (mtk_crtc->cmdq_client.chan) {
+ mbox_free_channel(mtk_crtc->cmdq_client.chan);
+ mtk_crtc->cmdq_client.chan = NULL;
+ }
+ if (mtk_crtc->sec_cmdq_client.chan) {
+ mbox_free_channel(mtk_crtc->sec_cmdq_client.chan);
+ mtk_crtc->sec_cmdq_client.chan = NULL;
+ }
+ }
#endif
if (conn_routes) {
diff --git a/drivers/gpu/drm/mediatek/mtk_crtc.h b/drivers/gpu/drm/mediatek/mtk_crtc.h
index a79c4611754e4..340217d6acd3c 100644
--- a/drivers/gpu/drm/mediatek/mtk_crtc.h
+++ b/drivers/gpu/drm/mediatek/mtk_crtc.h
@@ -62,5 +62,6 @@ void mtk_crtc_create_crc_cmdq(struct device *dev, struct mtk_crtc_crc *crc);
void mtk_crtc_start_crc_cmdq(struct mtk_crtc_crc *crc);
void mtk_crtc_stop_crc_cmdq(struct mtk_crtc_crc *crc);
#endif
+void mtk_crtc_disable_secure_state(struct drm_crtc *crtc);
#endif /* MTK_CRTC_H */
diff --git a/drivers/gpu/drm/mediatek/mtk_plane.c b/drivers/gpu/drm/mediatek/mtk_plane.c
index 021148d4b5d4a..9762bba23273b 100644
--- a/drivers/gpu/drm/mediatek/mtk_plane.c
+++ b/drivers/gpu/drm/mediatek/mtk_plane.c
@@ -289,6 +289,13 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane,
mtk_plane_state->pending.enable = false;
wmb(); /* Make sure the above parameter is set before update */
mtk_plane_state->pending.dirty = true;
+
+ if (mtk_plane_state->pending.is_secure) {
+ struct drm_plane_state *old_state = drm_atomic_get_old_plane_state(state, plane);
+
+ if (old_state->crtc)
+ mtk_crtc_disable_secure_state(old_state->crtc);
+ }
}
static void mtk_plane_atomic_update(struct drm_plane *plane,
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 5/9] drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add get_sec_port interface to ddp_comp to get the secure port settings
from ovl and ovl_adaptor.
Then mediatek-drm will use secure cmdq driver to configure DRAM access
permission in secure world by their secure port settings.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/gpu/drm/mediatek/mtk_ddp_comp.h b/drivers/gpu/drm/mediatek/mtk_ddp_comp.h
index a00258a5cefda..a22725e5cdce9 100644
--- a/drivers/gpu/drm/mediatek/mtk_ddp_comp.h
+++ b/drivers/gpu/drm/mediatek/mtk_ddp_comp.h
@@ -92,6 +92,7 @@ struct mtk_ddp_comp_funcs {
size_t (*crc_cnt)(struct device *dev);
u32 *(*crc_entry)(struct device *dev);
void (*crc_read)(struct device *dev);
+ u64 (*get_sec_port)(struct mtk_ddp_comp *comp, unsigned int idx);
};
struct mtk_ddp_comp {
@@ -237,6 +238,14 @@ static inline unsigned int mtk_ddp_gamma_get_lut_size(struct mtk_ddp_comp *comp)
return 0;
}
+static inline u64 mtk_ddp_comp_layer_get_sec_port(struct mtk_ddp_comp *comp,
+ unsigned int idx)
+{
+ if (comp->funcs && comp->funcs->get_sec_port)
+ return comp->funcs->get_sec_port(comp, idx);
+ return 0;
+}
+
static inline void mtk_ddp_gamma_set(struct mtk_ddp_comp *comp,
struct drm_crtc_state *state)
{
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 0/9] Add mediate-drm secure flow for SVP
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Hsiao Chien Sung
From: Hsiao Chien Sung <shawn.sung@mediatek.corp-partner.google.com>
Memory Definitions:
secure memory - Memory allocated in the TEE (Trusted Execution
Environment) which is inaccessible in the REE (Rich Execution
Environment, i.e. linux kernel/userspace).
secure handle - Integer value which acts as reference to 'secure
memory'. Used in communication between TEE and REE to reference
'secure memory'.
secure buffer - 'secure memory' that is used to store decrypted,
compressed video or for other general purposes in the TEE.
secure surface - 'secure memory' that is used to store graphic buffers.
Memory Usage in SVP:
The overall flow of SVP starts with encrypted video coming in from an
outside source into the REE. The REE will then allocate a 'secure
buffer' and send the corresponding 'secure handle' along with the
encrypted, compressed video data to the TEE. The TEE will then decrypt
the video and store the result in the 'secure buffer'. The REE will
then allocate a 'secure surface'. The REE will pass the 'secure
handles' for both the 'secure buffer' and 'secure surface' into the
TEE for video decoding. The video decoder HW will then decode the
contents of the 'secure buffer' and place the result in the 'secure
surface'. The REE will then attach the 'secure surface' to the overlay
plane for rendering of the video.
Everything relating to ensuring security of the actual contents of the
'secure buffer' and 'secure surface' is out of scope for the REE and
is the responsibility of the TEE.
DRM driver handles allocation of gem objects that are backed by a 'secure
surface' and for displaying a 'secure surface' on the overlay plane.
This introduces a new flag for object creation called
DRM_MTK_GEM_CREATE_ENCRYPTED which indicates it should be a 'secure
surface'. All changes here are in MediaTek specific code.
---
TODO:
1) Remove get sec larb port interface in ddp_comp, ovl and ovl_adaptor.
2) Verify instruction for enabling/disabling dapc and larb port in TEE
drop the sec_engine flags in normal world and.
3) Move DISP_REG_OVL_SECURE setting to secure world for mtk_disp_ovl.c.
4) Change the parameter register address in mtk_ddp_sec_write()
from "u32 addr" to "struct cmdq_client_reg *cmdq_reg".
5) Implement setting mmsys routing table in the secure world series.
---
Based on 5 series and 1 patch:
[1] v3 dma-buf: heaps: Add MediaTek secure heap
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=809023
[2] v3 add driver to support secure video decoder
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=807308
[3] v4 soc: mediatek: Add register definitions for GCE
- https://patchwork.kernel.org/project/linux-mediatek/patch/20231212121957.19231-2-shawn.sung@mediatek.com/
[4] v2 Add CMDQ driver support for mt8188
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=810302
[5] Add mediatek,gce-events definition to mediatek,gce-mailbox bindings
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=810938
[6] v3 Add CMDQ secure driver for SVP
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=812379
---
Changes in v4:
1. Rebase on mediatek-drm-next(278640d4d74cd) and fix the conflicts
2. This series is based on 20240129063025.29251-1-yunfei.dong@mediatek.com
3. This series is based on 20240322052829.9893-1-shawn.sung@mediatek.com
4. This series is based on 20240403065603.21920-1-shawn.sung@mediatek.com
Changes in v3:
1. fix kerneldoc problems
2. fix typo in title and commit message
3. adjust naming for secure variable
4. add the missing part for is_suecure plane implementation
5. use BIT_ULL macro to replace bit shifting
6. move modification of ovl_adaptor part to the correct patch
7. add TODO list in commit message
8. add commit message for using share memory to store execute count
Changes in v2:
1. remove the DRIVER_RDNDER flag for mtk_drm_ioctl
2. move cmdq_insert_backup_cookie into client driver
3. move secure gce node define from mt8195-cherry.dtsi to mt8195.dtsi
---
CK Hu (1):
drm/mediatek: Add interface to allocate MediaTek GEM buffer.
Jason-JH.Lin (9):
drm/mediatek/uapi: Add DRM_MTK_GEM_CREATE_ENCRYPTED flag
drm/mediatek: Add secure buffer control flow to mtk_drm_gem
drm/mediatek: Add secure identify flag and funcution to mtk_drm_plane
drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info
drm/mediatek: Add get_sec_port interface to mtk_ddp_comp
drm/mediatek: Add secure layer config support for ovl_adaptor
drm/mediatek: Add secure layer config support for ovl
drm/mediatek: Add secure flow support to mediatek-drm
drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize
drivers/gpu/drm/mediatek/mtk_crtc.c | 273 +++++++++++++++++-
drivers/gpu/drm/mediatek/mtk_crtc.h | 1 +
drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 16 +
drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 13 +
drivers/gpu/drm/mediatek/mtk_disp_drv.h | 3 +
drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 30 +-
.../gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 15 +
drivers/gpu/drm/mediatek/mtk_gem.c | 85 +++++-
drivers/gpu/drm/mediatek/mtk_gem.h | 4 +
drivers/gpu/drm/mediatek/mtk_mdp_rdma.c | 11 +-
drivers/gpu/drm/mediatek/mtk_mdp_rdma.h | 2 +
drivers/gpu/drm/mediatek/mtk_plane.c | 25 ++
drivers/gpu/drm/mediatek/mtk_plane.h | 2 +
include/uapi/drm/mediatek_drm.h | 1 +
14 files changed, 465 insertions(+), 16 deletions(-)
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply
* [PATCH v4 4/9] drm/mediatek: Add mtk_ddp_sec_write to config secure buffer info
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add mtk_ddp_sec_write to configure secure buffer information to
cmdq secure packet data.
Then secure cmdq driver will use these information to configure
curresponding secure DRAM address to HW overlay in secure world.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 14 ++++++++++++++
drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/drivers/gpu/drm/mediatek/mtk_ddp_comp.c b/drivers/gpu/drm/mediatek/mtk_ddp_comp.c
index 8aab373ce67c9..0ee9e42cdf0a0 100644
--- a/drivers/gpu/drm/mediatek/mtk_ddp_comp.c
+++ b/drivers/gpu/drm/mediatek/mtk_ddp_comp.c
@@ -111,6 +111,20 @@ void mtk_ddp_write_mask(struct cmdq_pkt *cmdq_pkt, unsigned int value,
#endif
}
+void mtk_ddp_sec_write(struct cmdq_pkt *cmdq_pkt, u32 addr, u64 base,
+ const enum cmdq_iwc_addr_metadata_type type,
+ const u32 offset, const u32 size, const u32 port)
+{
+#if IS_REACHABLE(CONFIG_MTK_CMDQ)
+ if (!cmdq_pkt)
+ return;
+
+ /* secure buffer will be 4K alignment */
+ cmdq_sec_pkt_write(cmdq_pkt, addr, base, type,
+ offset, ALIGN(size, PAGE_SIZE), port);
+#endif
+}
+
static int mtk_ddp_clk_enable(struct device *dev)
{
struct mtk_ddp_comp_dev *priv = dev_get_drvdata(dev);
diff --git a/drivers/gpu/drm/mediatek/mtk_ddp_comp.h b/drivers/gpu/drm/mediatek/mtk_ddp_comp.h
index b9c79e740abe0..a00258a5cefda 100644
--- a/drivers/gpu/drm/mediatek/mtk_ddp_comp.h
+++ b/drivers/gpu/drm/mediatek/mtk_ddp_comp.h
@@ -8,6 +8,7 @@
#include <linux/io.h>
#include <linux/pm_runtime.h>
+#include <linux/mailbox/mtk-cmdq-sec-mailbox.h>
#include <linux/soc/mediatek/mtk-cmdq.h>
#include <linux/soc/mediatek/mtk-mmsys.h>
#include <linux/soc/mediatek/mtk-mutex.h>
@@ -346,4 +347,7 @@ void mtk_ddp_write_relaxed(struct cmdq_pkt *cmdq_pkt, unsigned int value,
void mtk_ddp_write_mask(struct cmdq_pkt *cmdq_pkt, unsigned int value,
struct cmdq_client_reg *cmdq_reg, void __iomem *regs,
unsigned int offset, unsigned int mask);
+void mtk_ddp_sec_write(struct cmdq_pkt *cmdq_pkt, u32 addr, u64 base,
+ const enum cmdq_iwc_addr_metadata_type type,
+ const u32 offset, const u32 size, const u32 port);
#endif /* MTK_DDP_COMP_H */
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 9/9] drm/mediatek: Add cmdq_insert_backup_cookie before secure pkt finalize
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add cmdq_insert_backup_cookie to append some commands before EOC:
1. Get GCE HW thread execute count from the GCE HW register.
2. Add 1 to the execute count and then store into a shared memory.
3. Set a software event siganl as secure irq to GCE HW.
Since the value of execute count + 1 is stored in a shared memory,
CMDQ driver in the normal world can use it to handle task done in irq
handler and CMDQ driver in the secure world will use it to schedule
the task slot for each secure thread.
The reason why we use shared memory to record execute count here is:
1. normal world can not access the register of secure GCE thread in
normal world.
2. calling TEE invoke cmd in the irq handler would be expensive and not
stable. I've tested that a single TEE invloke cmd to CMDQ PTA costs
19~53 us. Maybe it would cost more during the scenario that needs more
CPU loading.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_crtc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_crtc.c b/drivers/gpu/drm/mediatek/mtk_crtc.c
index a6ba9965500f0..2fb52928a3055 100644
--- a/drivers/gpu/drm/mediatek/mtk_crtc.c
+++ b/drivers/gpu/drm/mediatek/mtk_crtc.c
@@ -186,7 +186,7 @@ void mtk_crtc_disable_secure_state(struct drm_crtc *crtc)
sec_scn = CMDQ_SEC_SCNR_SUB_DISP_DISABLE;
cmdq_sec_pkt_set_data(&mtk_crtc->sec_cmdq_handle, sec_engine, sec_engine, sec_scn);
-
+ cmdq_sec_insert_backup_cookie(&mtk_crtc->sec_cmdq_handle);
cmdq_pkt_finalize(&mtk_crtc->sec_cmdq_handle);
dma_sync_single_for_device(mtk_crtc->sec_cmdq_client.chan->mbox->dev,
mtk_crtc->sec_cmdq_handle.pa_base,
@@ -810,6 +810,8 @@ static void mtk_crtc_update_config(struct mtk_crtc *mtk_crtc, bool needs_vblank)
cmdq_pkt_clear_event(cmdq_handle, mtk_crtc->cmdq_event);
cmdq_pkt_wfe(cmdq_handle, mtk_crtc->cmdq_event, false);
mtk_crtc_ddp_config(crtc, cmdq_handle);
+ if (cmdq_handle->sec_data)
+ cmdq_sec_insert_backup_cookie(cmdq_handle);
cmdq_pkt_finalize(cmdq_handle);
dma_sync_single_for_device(cmdq_client.chan->mbox->dev,
cmdq_handle->pa_base,
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 3/9] drm/mediatek: Add secure identify flag and funcution to mtk_drm_plane
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add is_sec flag to identify current mtk_drm_plane is secure.
Add mtk_plane_is_sec_fb() to check current drm_framebuffer is secure.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/gpu/drm/mediatek/mtk_plane.c | 18 ++++++++++++++++++
drivers/gpu/drm/mediatek/mtk_plane.h | 2 ++
2 files changed, 20 insertions(+)
diff --git a/drivers/gpu/drm/mediatek/mtk_plane.c b/drivers/gpu/drm/mediatek/mtk_plane.c
index 5bf757a3ef202..021148d4b5d4a 100644
--- a/drivers/gpu/drm/mediatek/mtk_plane.c
+++ b/drivers/gpu/drm/mediatek/mtk_plane.c
@@ -210,6 +210,7 @@ static void mtk_plane_update_new_state(struct drm_plane_state *new_state,
mtk_plane_state->pending.height = drm_rect_height(&new_state->dst);
mtk_plane_state->pending.rotation = new_state->rotation;
mtk_plane_state->pending.color_encoding = new_state->color_encoding;
+ mtk_plane_state->pending.is_secure = mtk_plane_fb_is_secure(fb);
}
static void mtk_plane_atomic_async_update(struct drm_plane *plane,
@@ -361,3 +362,20 @@ int mtk_plane_init(struct drm_device *dev, struct drm_plane *plane,
return 0;
}
+
+bool mtk_plane_fb_is_secure(struct drm_framebuffer *fb)
+{
+ struct drm_gem_object *gem = NULL;
+ struct mtk_gem_obj *mtk_gem = NULL;
+
+ if (!fb)
+ return false;
+
+ gem = fb->obj[0];
+ if (!gem)
+ return false;
+
+ mtk_gem = to_mtk_gem_obj(gem);
+
+ return mtk_gem->secure;
+}
diff --git a/drivers/gpu/drm/mediatek/mtk_plane.h b/drivers/gpu/drm/mediatek/mtk_plane.h
index 231bb7aac9473..a7779a91f0a20 100644
--- a/drivers/gpu/drm/mediatek/mtk_plane.h
+++ b/drivers/gpu/drm/mediatek/mtk_plane.h
@@ -33,6 +33,7 @@ struct mtk_plane_pending_state {
bool async_dirty;
bool async_config;
enum drm_color_encoding color_encoding;
+ bool is_secure;
};
struct mtk_plane_state {
@@ -46,6 +47,7 @@ to_mtk_plane_state(struct drm_plane_state *state)
return container_of(state, struct mtk_plane_state, base);
}
+bool mtk_plane_fb_is_secure(struct drm_framebuffer *fb);
int mtk_plane_init(struct drm_device *dev, struct drm_plane *plane,
unsigned long possible_crtcs, enum drm_plane_type type,
unsigned int supported_rotations, const u32 *formats,
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 1/9] drm/mediatek/uapi: Add DRM_MTK_GEM_CREATE_ENCRYPTED flag
From: Shawn Sung @ 2024-04-03 7:07 UTC (permalink / raw)
To: Chun-Kuang Hu
Cc: Philipp Zabel, David Airlie, Daniel Vetter, Matthias Brugger,
AngeloGioacchino Del Regno, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, Sumit Semwal, Christian König, dri-devel,
linux-mediatek, linux-kernel, linux-arm-kernel, linux-media,
linaro-mm-sig, Jason-JH.Lin, Hsiao Chien Sung
In-Reply-To: <20240403070732.22085-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
Add DRM_MTK_GEM_CREATE_ENCRYPTED flag to allow user to allocate
a secure buffer to support secure video path feature.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
include/uapi/drm/mediatek_drm.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/drm/mediatek_drm.h b/include/uapi/drm/mediatek_drm.h
index b0dea00bacbc4..e9125de3a24ad 100644
--- a/include/uapi/drm/mediatek_drm.h
+++ b/include/uapi/drm/mediatek_drm.h
@@ -54,6 +54,7 @@ struct drm_mtk_gem_map_off {
#define DRM_MTK_GEM_CREATE 0x00
#define DRM_MTK_GEM_MAP_OFFSET 0x01
+#define DRM_MTK_GEM_CREATE_ENCRYPTED 0x02
#define DRM_IOCTL_MTK_GEM_CREATE DRM_IOWR(DRM_COMMAND_BASE + \
DRM_MTK_GEM_CREATE, struct drm_mtk_gem_create)
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* Re: [PATCH] dt-bindings: mfd: syscon: Add missing simple syscon compatibles
From: Krzysztof Kozlowski @ 2024-04-03 7:07 UTC (permalink / raw)
To: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Andrew Lunn,
Gregory Clement, Sebastian Hesselbarth, Lee Jones, Ray Jui,
Scott Branden, Broadcom internal kernel review list,
Matthias Brugger, AngeloGioacchino Del Regno
Cc: devicetree, linux-kernel, linux-arm-kernel, linux-mediatek
In-Reply-To: <20240402202413.757283-1-robh@kernel.org>
On 02/04/2024 22:24, Rob Herring wrote:
> Add various "simple" syscon compatibles which were undocumented or
> still documented with old text bindings.
>
> apm,xgene-csw, apm,xgene-efuse, apm,xgene-mcb, apm,xgene-rb,
> fsl,ls1088a-reset, marvell,armada-3700-cpu-misc,
> mediatek,mt2712-pctl-a-syscfg, mediatek,mt6397-pctl-pmic-syscfg, and
> mediatek,mt8173-pctl-a-syscfg were all undocumented, but are in use
> already. Remove the old text binding docs for the others.
>
> Signed-off-by: Rob Herring <robh@kernel.org>
> ---
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Best regards,
Krzysztof
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply
* Re: [PATCH 5/5] arm64: dts: Add device tree source for the Au-Zone Maivin Starter Kit
From: Francesco Dolcini @ 2024-04-03 7:06 UTC (permalink / raw)
To: Laurent Pinchart, Shawn Guo
Cc: devicetree, imx, linux-arm-kernel, Trevor Zaharichuk, Greg Lytle,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, Krzysztof Kozlowski, Conor Dooley
In-Reply-To: <ZgyjE05p/1NZnzaK@dragon>
Hello Laurent,
On Wed, Apr 03, 2024 at 08:30:11AM +0800, Shawn Guo wrote:
> On Mon, Mar 25, 2024 at 10:32:45PM +0200, Laurent Pinchart wrote:
> > diff --git a/arch/arm64/boot/dts/freescale/imx8mp-maivin.dts b/arch/arm64/boot/dts/freescale/imx8mp-maivin.dts
> > new file mode 100644
> > index 000000000000..2d1c8e782465
> > --- /dev/null
> > +++ b/arch/arm64/boot/dts/freescale/imx8mp-maivin.dts
> > @@ -0,0 +1,236 @@
[...]
> > +/* Verdin I2C_2_DSI */
> > +&i2c2 {
> > + status = "okay";
> > +
> > + clock-frequency = <400000>;
> > + scl-gpios = <&gpio5 16 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
> > + sda-gpios = <&gpio5 17 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
>
> We usually end property list with 'status'.
This is now a written and explicit guideline, no longer tribal knowledge,
see https://docs.kernel.org/devicetree/bindings/dts-coding-style.html#order-of-properties-in-device-node
Francesco
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply
* Re: [PATCH v4 4/4] remoteproc: stm32: Add support of an OP-TEE TA to load the firmware
From: Arnaud POULIQUEN @ 2024-04-03 7:04 UTC (permalink / raw)
To: Mathieu Poirier
Cc: Bjorn Andersson, Jens Wiklander, Rob Herring, Krzysztof Kozlowski,
Conor Dooley, linux-stm32, linux-arm-kernel, linux-remoteproc,
linux-kernel, op-tee, devicetree
In-Reply-To: <ZgrW2avODv29vWNP@p14s>
On 4/1/24 17:46, Mathieu Poirier wrote:
> On Fri, Mar 29, 2024 at 11:57:43AM +0100, Arnaud POULIQUEN wrote:
>>
>>
>> On 3/27/24 18:14, Mathieu Poirier wrote:
>>> On Tue, Mar 26, 2024 at 08:31:33PM +0100, Arnaud POULIQUEN wrote:
>>>>
>>>>
>>>> On 3/25/24 17:51, Mathieu Poirier wrote:
>>>>> On Fri, Mar 08, 2024 at 03:47:08PM +0100, Arnaud Pouliquen wrote:
>>>>>> The new TEE remoteproc device is used to manage remote firmware in a
>>>>>> secure, trusted context. The 'st,stm32mp1-m4-tee' compatibility is
>>>>>> introduced to delegate the loading of the firmware to the trusted
>>>>>> execution context. In such cases, the firmware should be signed and
>>>>>> adhere to the image format defined by the TEE.
>>>>>>
>>>>>> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
>>>>>> ---
>>>>>> Updates from V3:
>>>>>> - remove support of the attach use case. Will be addressed in a separate
>>>>>> thread,
>>>>>> - add st_rproc_tee_ops::parse_fw ops,
>>>>>> - inverse call of devm_rproc_alloc()and tee_rproc_register() to manage cross
>>>>>> reference between the rproc struct and the tee_rproc struct in tee_rproc.c.
>>>>>> ---
>>>>>> drivers/remoteproc/stm32_rproc.c | 60 +++++++++++++++++++++++++++++---
>>>>>> 1 file changed, 56 insertions(+), 4 deletions(-)
>>>>>>
>>>>>> diff --git a/drivers/remoteproc/stm32_rproc.c b/drivers/remoteproc/stm32_rproc.c
>>>>>> index 8cd838df4e92..13df33c78aa2 100644
>>>>>> --- a/drivers/remoteproc/stm32_rproc.c
>>>>>> +++ b/drivers/remoteproc/stm32_rproc.c
>>>>>> @@ -20,6 +20,7 @@
>>>>>> #include <linux/remoteproc.h>
>>>>>> #include <linux/reset.h>
>>>>>> #include <linux/slab.h>
>>>>>> +#include <linux/tee_remoteproc.h>
>>>>>> #include <linux/workqueue.h>
>>>>>>
>>>>>> #include "remoteproc_internal.h"
>>>>>> @@ -49,6 +50,9 @@
>>>>>> #define M4_STATE_STANDBY 4
>>>>>> #define M4_STATE_CRASH 5
>>>>>>
>>>>>> +/* Remote processor unique identifier aligned with the Trusted Execution Environment definitions */
>>>>>
>>>>> Why is this the case? At least from the kernel side it is possible to call
>>>>> tee_rproc_register() with any kind of value, why is there a need to be any
>>>>> kind of alignment with the TEE?
>>>>
>>>>
>>>> The use of the proc_id is to identify a processor in case of multi co-processors.
>>>>
>>>
>>> That is well understood.
>>>
>>>> For instance we can have a system with A DSP and a modem. We would use the same
>>>> TEE service, but
>>>
>>> That too.
>>>
>>>> the TEE driver will probably be different, same for the signature key.
>>>
>>> What TEE driver are we talking about here?
>>
>> In OP-TEE remoteproc frameork is divided in 2 or 3 layers:
>>
>> - the remoteproc Trusted Application (TA) [1] which is platform agnostic
>> - The remoteproc Pseudo Trusted Application (PTA) [2] which is platform
>> dependent and can rely on the proc ID to retrieve the context.
>> - the remoteproc driver (optional for some platforms) [3], which is in charge
>> of DT parsing and platform configuration.
>>
>
> That part makes sense.
>
>> Here TEE driver can be interpreted by remote PTA and/or platform driver.
>>
>
> I have to guess PTA means "Platform Trusted Application" but I have no
> guarantee, adding to the level of (already high) confusion brought on by this
> patchset.
As mentioned above, PTA is Pseudo Trusted Application. It is an interface
exposed by OP-TEE core to the OP-TEE application.
In this case PTA is used to implement the platform part.
If you need more details about the remoteproc framework in OP-TEE, there is a
link in the to a presentation in the cover letter.
>
>> [1]
>> https://elixir.bootlin.com/op-tee/latest/source/ta/remoteproc/src/remoteproc_core.c
>> [2]
>> https://elixir.bootlin.com/op-tee/latest/source/core/pta/stm32mp/remoteproc_pta.c
>> [3]
>> https://elixir.bootlin.com/op-tee/latest/source/core/drivers/remoteproc/stm32_remoteproc.c
>>
>>>
>>>> In such case the proc ID allows to identify the the processor you want to address.
>>>>
>>>
>>> That too is well understood, but there is no alignment needed with the TEE, i.e
>>> the TEE application is not expecting a value of '0'. We could set
>>> STM32_MP1_M4_PROC_ID to 0xDEADBEEF and things would work. This driver won't go
>>> anywhere for as long as it is not the case.
>>
>>
>> Here I suppose that you do not challenge the rproc_ID use in general, but for
>> the stm32mp1 platform as we have only one remote processor. I'm right?
>
> That is correct - I understand the need for an rproc_ID. The problem is with
> the comment that states that '0' is aligned with the TEE definitions, which in
> my head means hard coded value and a big red flag. What it should say is
> "aligned with the TEE device tree definition".
>
>>
>> In OP-TEE the check is done here:
>> https://elixir.bootlin.com/op-tee/latest/source/core/drivers/remoteproc/stm32_remoteproc.c#L64
>>
>> If driver does not register the proc ID an error is returned indicating that the
>> feature is not supported.
>>
>> In case of stm32mp1 yes we could consider it as useless as we have only one
>> remote proc.
>>
>> Nevertheless I can not guaranty that a customer will not add an external
>> companion processor that uses OP-TEE to authenticate the associated firmware. As
>> the trusted Application is the unique entry point. he will need the proc_id to
>> identify the target at PTA level.
>>
>> So from my point of view having a proc ID on stm32MP1 (and on stm32mp2 that will
>> reuse same driver) aligned between Linux and OP-TEE is useful.
>
> I agree, for as long as it is not hard coded. The way remote processors are
> discovered in the DT is perfectly acceptable, i.e the first remote processor is
> for application X, the second for application Y...
>
>>
>> That said using a TEE_REMOTEPROC_DEFAULT_ID is something that could be
>> more generic (for linux and OP-TEE). This ID could be reuse in the stm32mp
>> driver and platform drivers with an unique internal remote processor.
>>
>
> I can't find the definition of TEE_REMOTEPROC_DEFAULT_ID anywhere, something
> that doesn't help the confusion I referred to above.
The TEE_REMOTEPROC_DEFAULT_ID does not yet exist; it is a proposal.
Nevertheless I also had in mind the addition of a "proc ID" property in the DT.
I will proceed in this way
I think I now have all the information needed to prepare a new revision.
Thanks for the time passed on this series and your advises
Regards,
Arnaud
>
>> It that solution would be ok for you?
>>
>> Regards,
>> Arnaud
>>
>>
>>>
>>>>
>>>>>
>>>>>> +#define STM32_MP1_M4_PROC_ID 0
>>>>>> +
>>>>>> struct stm32_syscon {
>>>>>> struct regmap *map;
>>>>>> u32 reg;
>>>>>> @@ -257,6 +261,19 @@ static int stm32_rproc_release(struct rproc *rproc)
>>>>>> return 0;
>>>>>> }
>>>>>>
>>>>>> +static int stm32_rproc_tee_stop(struct rproc *rproc)
>>>>>> +{
>>>>>> + int err;
>>>>>> +
>>>>>> + stm32_rproc_request_shutdown(rproc);
>>>>>> +
>>>>>> + err = tee_rproc_stop(rproc);
>>>>>> + if (err)
>>>>>> + return err;
>>>>>> +
>>>>>> + return stm32_rproc_release(rproc);
>>>>>> +}
>>>>>> +
>>>>>> static int stm32_rproc_prepare(struct rproc *rproc)
>>>>>> {
>>>>>> struct device *dev = rproc->dev.parent;
>>>>>> @@ -693,8 +710,19 @@ static const struct rproc_ops st_rproc_ops = {
>>>>>> .get_boot_addr = rproc_elf_get_boot_addr,
>>>>>> };
>>>>>>
>>>>>> +static const struct rproc_ops st_rproc_tee_ops = {
>>>>>> + .prepare = stm32_rproc_prepare,
>>>>>> + .start = tee_rproc_start,
>>>>>> + .stop = stm32_rproc_tee_stop,
>>>>>> + .kick = stm32_rproc_kick,
>>>>>> + .load = tee_rproc_load_fw,
>>>>>> + .parse_fw = tee_rproc_parse_fw,
>>>>>> + .find_loaded_rsc_table = tee_rproc_find_loaded_rsc_table,
>>>>>> +};
>>>>>> +
>>>>>> static const struct of_device_id stm32_rproc_match[] = {
>>>>>> - { .compatible = "st,stm32mp1-m4" },
>>>>>> + {.compatible = "st,stm32mp1-m4",},
>>>>>> + {.compatible = "st,stm32mp1-m4-tee",},
>>>>>> {},
>>>>>> };
>>>>>> MODULE_DEVICE_TABLE(of, stm32_rproc_match);
>>>>>> @@ -853,6 +881,7 @@ static int stm32_rproc_probe(struct platform_device *pdev)
>>>>>> struct device *dev = &pdev->dev;
>>>>>> struct stm32_rproc *ddata;
>>>>>> struct device_node *np = dev->of_node;
>>>>>> + struct tee_rproc *trproc = NULL;
>>>>>> struct rproc *rproc;
>>>>>> unsigned int state;
>>>>>> int ret;
>>>>>> @@ -861,9 +890,26 @@ static int stm32_rproc_probe(struct platform_device *pdev)
>>>>>> if (ret)
>>>>>> return ret;
>>>>>>
>>>>>> - rproc = devm_rproc_alloc(dev, np->name, &st_rproc_ops, NULL, sizeof(*ddata));
>>>>>> - if (!rproc)
>>>>>> - return -ENOMEM;
>>>>>> + if (of_device_is_compatible(np, "st,stm32mp1-m4-tee")) {
>>>>>> + /*
>>>>>> + * Delegate the firmware management to the secure context.
>>>>>> + * The firmware loaded has to be signed.
>>>>>> + */
>>>>>> + rproc = devm_rproc_alloc(dev, np->name, &st_rproc_tee_ops, NULL, sizeof(*ddata));
>>>>>> + if (!rproc)
>>>>>> + return -ENOMEM;
>>>>>> +
>>>>>> + trproc = tee_rproc_register(dev, rproc, STM32_MP1_M4_PROC_ID);
>>>>>> + if (IS_ERR(trproc)) {
>>>>>> + dev_err_probe(dev, PTR_ERR(trproc),
>>>>>> + "signed firmware not supported by TEE\n");
>>>>>> + return PTR_ERR(trproc);
>>>>>> + }
>>>>>> + } else {
>>>>>> + rproc = devm_rproc_alloc(dev, np->name, &st_rproc_ops, NULL, sizeof(*ddata));
>>>>>> + if (!rproc)
>>>>>> + return -ENOMEM;
>>>>>> + }
>>>>>>
>>>>>> ddata = rproc->priv;
>>>>>>
>>>>>> @@ -915,6 +961,9 @@ static int stm32_rproc_probe(struct platform_device *pdev)
>>>>>> dev_pm_clear_wake_irq(dev);
>>>>>> device_init_wakeup(dev, false);
>>>>>> }
>>>>>> + if (trproc)
>>>>>
>>>>> if (rproc->tee_interface)
>>>>>
>>>>>
>>>>> I am done reviewing this set.
>>>>
>>>> Thank for your review!
>>>> Arnaud
>>>>
>>>>>
>>>>> Thanks,
>>>>> Mathieu
>>>>>
>>>>>> + tee_rproc_unregister(trproc);
>>>>>> +
>>>>>> return ret;
>>>>>> }
>>>>>>
>>>>>> @@ -935,6 +984,9 @@ static void stm32_rproc_remove(struct platform_device *pdev)
>>>>>> dev_pm_clear_wake_irq(dev);
>>>>>> device_init_wakeup(dev, false);
>>>>>> }
>>>>>> + if (rproc->tee_interface)
>>>>>> + tee_rproc_unregister(rproc->tee_interface);
>>>>>> +
>>>>>> }
>>>>>>
>>>>>> static int stm32_rproc_suspend(struct device *dev)
>>>>>> --
>>>>>> 2.25.1
>>>>>>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply
* [PATCH v4 1/9] dt-bindings: gce: mt8195: Add CMDQ_SYNC_TOKEN_SECURE_THR_EOF event id
From: Shawn Sung @ 2024-04-03 6:55 UTC (permalink / raw)
To: CK Hu, Jassi Brar, AngeloGioacchino Del Regno
Cc: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Matthias Brugger,
Hsiao Chien Sung, Jason-JH . Lin, Houlong Wei, linux-kernel,
devicetree, linux-arm-kernel, linux-mediatek
In-Reply-To: <20240403065603.21920-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
There are 2 kind of GCE event signal:
- The SW token means: a GCE event signal triggered by SW drivers.
e.g. SW driver append a GCE command to set a GCE event after a specific
GCE command. Or SW driver use CPU to write a event id to GCE register to
trigger the GCE event corresponding to that event id.
- The HW event means: a GCE event signal triggered by HW engines.
e.g. When HW OVL fetches all the data in frame buffer, HW OVL will send
a frame done irq and also send a frame done GCE event via HW bus directly.
CMDQ_SYNC_TOKEN_SECURE_THR_EOF is a SW token event that is set in the
end of each cmdq secure pkt. It is used as a secure irq to notify
CMDQ driver in the normal world that GCE secure thread has completed
a secure cmd buffer in thee secure world.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
include/dt-bindings/gce/mt8195-gce.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/dt-bindings/gce/mt8195-gce.h b/include/dt-bindings/gce/mt8195-gce.h
index dcfb302b8a5bc..b6b3db82c381e 100644
--- a/include/dt-bindings/gce/mt8195-gce.h
+++ b/include/dt-bindings/gce/mt8195-gce.h
@@ -800,6 +800,12 @@
#define CMDQ_EVENT_WPE_VPP1_WPE_GCE_FRAME_DONE 969
#define CMDQ_EVENT_WPE_VPP1_WPE_DONE_SYNC_OUT 970
+/*
+ * Notify normal CMDQ there are some secure task done,
+ * this token sync with secure world.
+ */
+#define CMDQ_SYNC_TOKEN_SECURE_THR_EOF 980
+
#define CMDQ_EVENT_DP_TX_VBLANK_FALLING 994
#define CMDQ_EVENT_DP_TX_VSC_FINISH 995
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 8/9] mailbox: mediatek: Add CMDQ secure mailbox driver
From: Shawn Sung @ 2024-04-03 6:56 UTC (permalink / raw)
To: CK Hu, Jassi Brar, AngeloGioacchino Del Regno
Cc: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Matthias Brugger,
Hsiao Chien Sung, Jason-JH . Lin, Houlong Wei, linux-kernel,
devicetree, linux-arm-kernel, linux-mediatek
In-Reply-To: <20240403065603.21920-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
To support secure video path feature, GCE have to read/write registgers
in the secure world. GCE will enable the secure access permission to the
HW who wants to access the secure content buffer.
Add CMDQ secure mailbox driver to make CMDQ client user is able to
sending their HW settings to the secure world. So that GCE can execute
all instructions to configure HW in the secure world.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/mailbox/Makefile | 2 +-
drivers/mailbox/mtk-cmdq-sec-mailbox.c | 1091 +++++++++++++++++
drivers/mailbox/mtk-cmdq-sec-tee.c | 165 +++
include/linux/mailbox/mtk-cmdq-mailbox.h | 2 +
.../linux/mailbox/mtk-cmdq-sec-iwc-common.h | 385 ++++++
include/linux/mailbox/mtk-cmdq-sec-mailbox.h | 158 +++
include/linux/mailbox/mtk-cmdq-sec-tee.h | 105 ++
7 files changed, 1907 insertions(+), 1 deletion(-)
create mode 100644 drivers/mailbox/mtk-cmdq-sec-mailbox.c
create mode 100644 drivers/mailbox/mtk-cmdq-sec-tee.c
create mode 100644 include/linux/mailbox/mtk-cmdq-sec-iwc-common.h
create mode 100644 include/linux/mailbox/mtk-cmdq-sec-mailbox.h
create mode 100644 include/linux/mailbox/mtk-cmdq-sec-tee.h
diff --git a/drivers/mailbox/Makefile b/drivers/mailbox/Makefile
index 18793e6caa2f1..bd4b4d64cc317 100644
--- a/drivers/mailbox/Makefile
+++ b/drivers/mailbox/Makefile
@@ -51,7 +51,7 @@ obj-$(CONFIG_STM32_IPCC) += stm32-ipcc.o
obj-$(CONFIG_MTK_ADSP_MBOX) += mtk-adsp-mailbox.o
-obj-$(CONFIG_MTK_CMDQ_MBOX) += mtk-cmdq-mailbox.o
+obj-$(CONFIG_MTK_CMDQ_MBOX) += mtk-cmdq-mailbox.o mtk-cmdq-sec-mailbox.o mtk-cmdq-sec-tee.o
obj-$(CONFIG_ZYNQMP_IPI_MBOX) += zynqmp-ipi-mailbox.o
diff --git a/drivers/mailbox/mtk-cmdq-sec-mailbox.c b/drivers/mailbox/mtk-cmdq-sec-mailbox.c
new file mode 100644
index 0000000000000..c08d42bcc06f6
--- /dev/null
+++ b/drivers/mailbox/mtk-cmdq-sec-mailbox.c
@@ -0,0 +1,1091 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2019 MediaTek Inc.
+ */
+
+#include <linux/clk.h>
+#include <linux/dma-mapping.h>
+#include <linux/io.h>
+#include <linux/mailbox_controller.h>
+#include <linux/of_platform.h>
+#include <linux/sched/clock.h>
+#include <linux/timer.h>
+
+#include <linux/mailbox/mtk-cmdq-sec-mailbox.h>
+
+#define CMDQ_THR_EXEC_CNT_PA (0x28)
+
+#define CMDQ_TIMEOUT_DEFAULT (1000)
+#define CMDQ_NO_TIMEOUT (0xffffffff)
+#define ADDR_METADATA_MAX_COUNT_ORIGIN (8)
+
+struct cmdq_sec_task {
+ struct cmdq_task task;
+
+ /* secure CMDQ */
+ bool reset_exec;
+ u32 wait_cookie;
+ u64 engine_flag;
+ s32 scenario;
+ u64 trigger;
+ u64 exec_time;
+ struct work_struct exec_work;
+};
+
+struct cmdq_sec_thread {
+ struct cmdq_thread thread;
+
+ /* secure CMDQ */
+ u32 idx;
+ struct timer_list timeout;
+ u32 timeout_ms;
+ struct work_struct timeout_work;
+ u32 wait_cookie;
+ u32 next_cookie;
+ u32 task_cnt;
+ struct workqueue_struct *task_exec_wq;
+};
+
+/**
+ * struct cmdq_sec_context - CMDQ secure context structure.
+ * @tgid: tgid of process context.
+ * @state: state of inter-world communicatiom.
+ * @iwc_msg: buffer for inter-world communicatiom message.
+ * @tee_ctx: context structure for tee vendor.
+ *
+ * Note it is not global data, each process has its own cmdq_sec_context.
+ */
+struct cmdq_sec_context {
+ u32 tgid;
+ enum cmdq_iwc_state_enum state;
+ void *iwc_msg;
+ struct cmdq_sec_tee_context tee_ctx;
+};
+
+/**
+ * struct cmdq_sec_shared_mem - shared memory between normal and secure world
+ * @va: virtual address of share memory.
+ * @pa: physical address of share memory.
+ * @size: size of share memory.
+ *
+ */
+struct cmdq_sec_shared_mem {
+ void *va;
+ dma_addr_t pa;
+ u32 size;
+};
+
+struct cmdq_sec {
+ struct mbox_controller mbox;
+ const struct gce_sec_plat *pdata;
+ void __iomem *base;
+ phys_addr_t base_pa;
+ struct cmdq_sec_thread *sec_thread;
+ struct cmdq_client *clt;
+ struct cmdq_pkt *clt_pkt;
+
+ atomic_t path_res;
+ struct cmdq_sec_shared_mem *shared_mem;
+ struct cmdq_sec_context *context;
+ struct iwc_cmdq_cancel_task_t cancel;
+
+ struct workqueue_struct *timeout_wq;
+ u64 sec_invoke;
+ u64 sec_done;
+
+ bool notify_run;
+ struct work_struct irq_notify_work;
+ struct workqueue_struct *notify_wq;
+ /* mutex for cmdq_sec_thread excuting cmdq_sec_task */
+ struct mutex exec_lock;
+};
+
+static atomic_t cmdq_path_res = ATOMIC_INIT(0);
+
+static int cmdq_sec_task_submit(struct cmdq_sec *cmdq, struct cmdq_sec_task *sec_task,
+ const u32 iwc_cmd, const u32 thrd_idx, void *data);
+
+int cmdq_sec_insert_backup_cookie(struct cmdq_pkt *pkt)
+{
+ struct cmdq_client *cl = (struct cmdq_client *)pkt->cl;
+ struct cmdq_thread *thread = ((struct mbox_chan *)(cl->chan))->con_priv;
+ struct cmdq_sec_thread *sec_thread = container_of(thread, struct cmdq_sec_thread, thread);
+ struct cmdq_sec *cmdq = container_of(thread->chan->mbox, struct cmdq_sec, mbox);
+ struct cmdq_operand left, right;
+ dma_addr_t addr;
+
+ if (!cmdq->shared_mem)
+ return -EFAULT;
+
+ dev_dbg(cmdq->mbox.dev, "%s %d: pkt:%p thread:%u gce:%#lx",
+ __func__, __LINE__, pkt, sec_thread->idx, (unsigned long)cmdq->base_pa);
+
+ addr = (u32)(cmdq->base_pa + CMDQ_THR_BASE +
+ CMDQ_THR_SIZE * sec_thread->idx + CMDQ_THR_EXEC_CNT_PA);
+
+ cmdq_pkt_assign(pkt, CMDQ_THR_SPR_IDX1, CMDQ_ADDR_HIGH(addr));
+ cmdq_pkt_read_s(pkt, CMDQ_THR_SPR_IDX1, CMDQ_ADDR_LOW(addr), CMDQ_THR_SPR_IDX1);
+
+ left.reg = true;
+ left.idx = CMDQ_THR_SPR_IDX1;
+ right.reg = false;
+ right.value = 1;
+ cmdq_pkt_logic_command(pkt, CMDQ_THR_SPR_IDX1, &left, CMDQ_LOGIC_ADD, &right);
+
+ addr = cmdq->shared_mem->pa + CMDQ_SEC_SHARED_THR_CNT_OFFSET +
+ sec_thread->idx * sizeof(u32);
+
+ cmdq_pkt_assign(pkt, CMDQ_THR_SPR_IDX2, CMDQ_ADDR_HIGH(addr));
+ cmdq_pkt_write_s(pkt, CMDQ_THR_SPR_IDX2, CMDQ_ADDR_LOW(addr), CMDQ_THR_SPR_IDX1);
+ cmdq_pkt_set_event(pkt, cmdq->pdata->cmdq_event);
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_insert_backup_cookie);
+
+static int cmdq_sec_realloc_addr_list(struct cmdq_pkt *pkt, const u32 count)
+{
+ struct cmdq_sec_data *sec_data = (struct cmdq_sec_data *)pkt->sec_data;
+ void *prev = (void *)(unsigned long)sec_data->addr_metadatas, *curr;
+
+ if (count <= sec_data->addr_metadata_max_cnt)
+ return 0;
+
+ curr = kcalloc(count, sizeof(*sec_data), GFP_KERNEL);
+ if (!curr)
+ return -ENOMEM;
+
+ if (count && sec_data->addr_metadatas)
+ memcpy(curr, prev, sizeof(*sec_data) * sec_data->addr_metadata_max_cnt);
+
+ kfree(prev);
+
+ sec_data->addr_metadatas = (uintptr_t)curr;
+ sec_data->addr_metadata_max_cnt = count;
+ return 0;
+}
+
+void cmdq_sec_pkt_free_sec_data(struct cmdq_pkt *pkt)
+{
+ kfree(pkt->sec_data);
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_pkt_free_sec_data);
+
+int cmdq_sec_pkt_alloc_sec_data(struct cmdq_pkt *pkt)
+{
+ struct cmdq_sec_data *sec_data;
+
+ if (pkt->sec_data)
+ return 0;
+
+ sec_data = kzalloc(sizeof(*sec_data), GFP_KERNEL);
+ if (!sec_data)
+ return -ENOMEM;
+
+ pkt->sec_data = (void *)sec_data;
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_pkt_alloc_sec_data);
+
+static int cmdq_sec_append_metadata(struct cmdq_pkt *pkt,
+ const enum cmdq_iwc_addr_metadata_type type,
+ const u64 base, const u32 offset, const u32 size,
+ const u32 port)
+{
+ struct cmdq_sec_data *sec_data;
+ struct iwc_cmdq_addr_metadata_t *meta;
+ int idx, max, ret;
+
+ pr_debug("[%s %d] pkt:%p type:%u base:%#llx offset:%#x size:%#x port:%#x",
+ __func__, __LINE__, pkt, type, base, offset, size, port);
+
+ ret = cmdq_sec_pkt_alloc_sec_data(pkt);
+ if (ret < 0)
+ return ret;
+
+ sec_data = (struct cmdq_sec_data *)pkt->sec_data;
+ idx = sec_data->addr_metadata_cnt;
+ if (idx >= CMDQ_IWC_MAX_ADDR_LIST_LENGTH) {
+ pr_err("idx:%u reach over:%u", idx, CMDQ_IWC_MAX_ADDR_LIST_LENGTH);
+ return -EFAULT;
+ }
+
+ if (!sec_data->addr_metadata_max_cnt)
+ max = ADDR_METADATA_MAX_COUNT_ORIGIN;
+ else if (idx >= sec_data->addr_metadata_max_cnt)
+ max = sec_data->addr_metadata_max_cnt * 2;
+ else
+ max = sec_data->addr_metadata_max_cnt;
+
+ ret = cmdq_sec_realloc_addr_list(pkt, max);
+ if (ret)
+ return ret;
+
+ if (!sec_data->addr_metadatas) {
+ pr_info("addrMetadatas is missing");
+
+ meta = kzalloc(sizeof(*meta), GFP_KERNEL);
+ if (!meta)
+ return -ENOMEM;
+
+ sec_data->addr_metadatas = (uintptr_t)(void *)meta;
+ }
+ meta = (struct iwc_cmdq_addr_metadata_t *)(uintptr_t)sec_data->addr_metadatas;
+
+ meta[idx].instr_idx = pkt->cmd_buf_size / CMDQ_INST_SIZE - 1;
+ meta[idx].type = type;
+ meta[idx].base_handle = base;
+ meta[idx].offset = offset;
+ meta[idx].size = size;
+ meta[idx].port = port;
+ sec_data->addr_metadata_cnt += 1;
+ return 0;
+}
+
+int cmdq_sec_pkt_set_data(struct cmdq_pkt *pkt, const u64 dapc_engine,
+ const u64 port_sec_engine, const enum cmdq_sec_scenario scenario)
+{
+ struct cmdq_sec_data *sec_data;
+ int ret;
+
+ if (!pkt) {
+ pr_err("invalid pkt:%p", pkt);
+ return -EINVAL;
+ }
+
+ ret = cmdq_sec_pkt_alloc_sec_data(pkt);
+ if (ret < 0)
+ return ret;
+
+ pr_debug("[%s %d] pkt:%p sec_data:%p dapc:%llu port_sec:%llu scen:%u",
+ __func__, __LINE__, pkt, pkt->sec_data, dapc_engine, port_sec_engine, scenario);
+
+ sec_data = (struct cmdq_sec_data *)pkt->sec_data;
+ sec_data->engs_need_dapc |= dapc_engine;
+ sec_data->engs_need_sec_port |= port_sec_engine;
+ sec_data->scenario = scenario;
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_pkt_set_data);
+
+int cmdq_sec_pkt_write(struct cmdq_pkt *pkt, u32 addr, u64 base,
+ const enum cmdq_iwc_addr_metadata_type type,
+ const u32 offset, const u32 size, const u32 port)
+{
+ int ret;
+
+ ret = cmdq_pkt_assign(pkt, CMDQ_THR_SPR_IDX0, addr);
+ if (ret)
+ return ret;
+
+ ret = cmdq_pkt_write_s_reg_value(pkt, CMDQ_THR_SPR_IDX0, (u32)base);
+ if (ret)
+ return ret;
+
+ return cmdq_sec_append_metadata(pkt, type, base, offset, size, port);
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_pkt_write);
+
+static u32 cmdq_sec_get_cookie(struct cmdq_sec *cmdq, u32 idx)
+{
+ return *(u32 *)(cmdq->shared_mem->va +
+ CMDQ_SEC_SHARED_THR_CNT_OFFSET + idx * sizeof(u32));
+}
+
+static void cmdq_sec_task_done(struct cmdq_sec_task *sec_task, int sta)
+{
+ struct cmdq_cb_data data;
+
+ data.sta = sta;
+ data.pkt = sec_task->task.pkt;
+
+ pr_debug("%s sec_task:%p pkt:%p err:%d",
+ __func__, sec_task, sec_task->task.pkt, sta);
+
+ mbox_chan_received_data(sec_task->task.thread->chan, &data);
+
+ list_del_init(&sec_task->task.list_entry);
+ kfree(sec_task);
+}
+
+static bool cmdq_sec_irq_handler(struct cmdq_sec_thread *sec_thread,
+ const u32 cookie, const int err)
+{
+ struct cmdq_sec_task *sec_task;
+ struct cmdq_task *task, *temp, *cur_task = NULL;
+ struct cmdq_sec *cmdq = container_of(sec_thread->thread.chan->mbox, struct cmdq_sec, mbox);
+ unsigned long flags;
+ int done;
+
+ spin_lock_irqsave(&sec_thread->thread.chan->lock, flags);
+ if (sec_thread->wait_cookie <= cookie)
+ done = cookie - sec_thread->wait_cookie + 1;
+ else if (sec_thread->wait_cookie == (cookie + 1) % CMDQ_MAX_COOKIE_VALUE)
+ done = 0;
+ else
+ done = CMDQ_MAX_COOKIE_VALUE - sec_thread->wait_cookie + 1 + cookie + 1;
+
+ list_for_each_entry_safe(task, temp, &sec_thread->thread.task_busy_list, list_entry) {
+ if (!done)
+ break;
+
+ sec_task = container_of(task, struct cmdq_sec_task, task);
+ cmdq_sec_task_done(sec_task, err);
+
+ if (sec_thread->task_cnt)
+ sec_thread->task_cnt -= 1;
+
+ done--;
+ }
+
+ cur_task = list_first_entry_or_null(&sec_thread->thread.task_busy_list,
+ struct cmdq_task, list_entry);
+ if (err && cur_task) {
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+
+ sec_task = container_of(cur_task, struct cmdq_sec_task, task);
+
+ /* for error task, cancel, callback and done */
+ memset(&cmdq->cancel, 0, sizeof(cmdq->cancel));
+ cmdq_sec_task_submit(cmdq, sec_task, CMD_CMDQ_IWC_CANCEL_TASK,
+ sec_thread->idx, &cmdq->cancel);
+
+ cmdq_sec_task_done(sec_task, err);
+
+ spin_lock_irqsave(&sec_thread->thread.chan->lock, flags);
+
+ task = list_first_entry_or_null(&sec_thread->thread.task_busy_list,
+ struct cmdq_task, list_entry);
+ if (cur_task == task)
+ cmdq_sec_task_done(sec_task, err);
+ else
+ dev_err(cmdq->mbox.dev, "task list changed");
+
+ /*
+ * error case stop all task for secure,
+ * since secure tdrv always remove all when cancel
+ */
+ while (!list_empty(&sec_thread->thread.task_busy_list)) {
+ cur_task = list_first_entry(&sec_thread->thread.task_busy_list,
+ struct cmdq_task, list_entry);
+
+ sec_task = container_of(cur_task, struct cmdq_sec_task, task);
+ cmdq_sec_task_done(sec_task, -ECONNABORTED);
+ }
+ } else if (err) {
+ dev_dbg(cmdq->mbox.dev, "error but all task done, check notify callback");
+ }
+
+ if (list_empty(&sec_thread->thread.task_busy_list)) {
+ sec_thread->wait_cookie = 0;
+ sec_thread->next_cookie = 0;
+ sec_thread->task_cnt = 0;
+ __raw_writel(0, (void __iomem *)cmdq->shared_mem->va +
+ CMDQ_SEC_SHARED_THR_CNT_OFFSET +
+ sec_thread->idx * sizeof(u32));
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+ del_timer(&sec_thread->timeout);
+ return true;
+ }
+
+ sec_thread->wait_cookie = cookie % CMDQ_MAX_COOKIE_VALUE + 1;
+
+ mod_timer(&sec_thread->timeout, jiffies + msecs_to_jiffies(sec_thread->timeout_ms));
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+
+ return false;
+}
+
+static void cmdq_sec_irq_notify_work(struct work_struct *work_item)
+{
+ struct cmdq_sec *cmdq = container_of(work_item, struct cmdq_sec, irq_notify_work);
+ int i;
+ u32 thread_max = cmdq->pdata->secure_thread_min + cmdq->pdata->secure_thread_nr;
+
+ mutex_lock(&cmdq->exec_lock);
+
+ for (i = cmdq->pdata->secure_thread_min; i <= thread_max; i++) {
+ struct cmdq_sec_thread *sec_thread = &cmdq->sec_thread[i];
+ u32 cookie = cmdq_sec_get_cookie(cmdq, sec_thread->idx);
+
+ if (cookie < sec_thread->wait_cookie || !sec_thread->task_cnt)
+ continue;
+
+ cmdq_sec_irq_handler(sec_thread, cookie, 0);
+ }
+
+ mutex_unlock(&cmdq->exec_lock);
+}
+
+static void cmdq_sec_irq_notify_callback(struct mbox_client *cl, void *mssg)
+{
+ struct cmdq_cb_data *data = (struct cmdq_cb_data *)mssg;
+ struct cmdq_sec *cmdq = container_of(((struct cmdq_client *)data->pkt->cl)->chan->mbox,
+ struct cmdq_sec, mbox);
+
+ if (work_pending(&cmdq->irq_notify_work)) {
+ dev_dbg(cmdq->mbox.dev, "%s last notify callback working", __func__);
+ return;
+ }
+
+ queue_work(cmdq->notify_wq, &cmdq->irq_notify_work);
+}
+
+static int cmdq_sec_irq_notify_start(struct cmdq_sec *cmdq)
+{
+ int err;
+
+ if (cmdq->notify_run)
+ return 0;
+
+ if (!cmdq->clt_pkt) {
+ cmdq->clt = cmdq_mbox_create(cmdq->mbox.dev, 0);
+ if (!cmdq->clt || IS_ERR(cmdq->clt)) {
+ dev_err(cmdq->mbox.dev, "clt mbox_create failed clt:%p index:%d",
+ cmdq->clt, CMDQ_SEC_IRQ_THREAD);
+ return -EINVAL;
+ }
+ cmdq->clt->client.rx_callback = cmdq_sec_irq_notify_callback;
+
+ cmdq->clt_pkt = cmdq_pkt_create(cmdq->clt, PAGE_SIZE);
+ if (!cmdq->clt_pkt || IS_ERR(cmdq->clt_pkt)) {
+ dev_err(cmdq->mbox.dev, "clt_pkt cmdq_pkt_create failed pkt:%p index:%d",
+ cmdq->clt_pkt, CMDQ_SEC_IRQ_THREAD);
+ return -EINVAL;
+ }
+
+ INIT_WORK(&cmdq->irq_notify_work, cmdq_sec_irq_notify_work);
+ }
+
+ cmdq_pkt_wfe(cmdq->clt_pkt, cmdq->pdata->cmdq_event, true);
+ cmdq_pkt_finalize_loop(cmdq->clt_pkt);
+ dma_sync_single_for_device(cmdq->mbox.dev,
+ cmdq->clt_pkt->pa_base,
+ cmdq->clt_pkt->cmd_buf_size,
+ DMA_TO_DEVICE);
+ err = mbox_send_message(cmdq->clt->chan, cmdq->clt_pkt);
+ mbox_client_txdone(cmdq->clt->chan, 0);
+ if (err < 0) {
+ dev_err(cmdq->mbox.dev, "%s failed:%d", __func__, err);
+
+ cmdq_sec_pkt_free_sec_data(cmdq->clt_pkt);
+ cmdq_pkt_destroy(cmdq->clt_pkt);
+ cmdq_mbox_destroy(cmdq->clt);
+
+ return err;
+ }
+
+ cmdq->notify_run = true;
+ dev_dbg(cmdq->mbox.dev, "%s success!", __func__);
+
+ return 0;
+}
+
+static int cmdq_sec_session_init(struct cmdq_sec_context *context)
+{
+ int err = 0;
+
+ if (context->state >= IWC_SES_OPENED) {
+ pr_debug("session opened:%u", context->state);
+ return 0;
+ }
+
+ switch (context->state) {
+ case IWC_INIT:
+ err = cmdq_sec_init_context(&context->tee_ctx);
+ if (err)
+ return err;
+ context->state = IWC_CONTEXT_INITED;
+ fallthrough;
+ case IWC_CONTEXT_INITED:
+ if (context->iwc_msg) {
+ pr_err("iwcMessage not NULL:%p", context->iwc_msg);
+ return -EINVAL;
+ }
+
+ err = cmdq_sec_allocate_wsm(&context->tee_ctx, &context->iwc_msg,
+ sizeof(struct iwc_cmdq_message_t));
+ if (err)
+ return err;
+
+ context->state = IWC_WSM_ALLOCATED;
+ fallthrough;
+ case IWC_WSM_ALLOCATED:
+ err = cmdq_sec_open_session(&context->tee_ctx, context->iwc_msg);
+ if (err)
+ return err;
+
+ context->state = IWC_SES_OPENED;
+ fallthrough;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+static int cmdq_sec_fill_iwc_msg(struct cmdq_sec_context *context,
+ struct cmdq_sec_task *sec_task, u32 thrd_idx)
+{
+ struct iwc_cmdq_message_t *iwc_msg = NULL;
+ struct cmdq_sec_data *data = (struct cmdq_sec_data *)sec_task->task.pkt->sec_data;
+ u32 size = 0, offset = 0, *instr;
+
+ iwc_msg = (struct iwc_cmdq_message_t *)context->iwc_msg;
+
+ if (sec_task->task.pkt->cmd_buf_size + 4 * CMDQ_INST_SIZE > CMDQ_TZ_CMD_BLOCK_SIZE) {
+ pr_err("sec_task:%p size:%zu > %u",
+ sec_task, sec_task->task.pkt->cmd_buf_size, CMDQ_TZ_CMD_BLOCK_SIZE);
+ return -EFAULT;
+ }
+
+ if (thrd_idx == CMDQ_INVALID_THREAD) {
+ iwc_msg->command.cmd_size = 0;
+ iwc_msg->command.metadata.addr_list_length = 0;
+ return -EINVAL;
+ }
+
+ iwc_msg->command.thread = thrd_idx;
+ iwc_msg->command.scenario = sec_task->scenario;
+ iwc_msg->command.eng_flag = sec_task->engine_flag;
+ size = sec_task->task.pkt->cmd_buf_size;
+ memcpy(iwc_msg->command.va_base + offset, sec_task->task.pkt->va_base, size);
+ iwc_msg->command.cmd_size += size;
+ offset += size / 4;
+
+ instr = &iwc_msg->command.va_base[iwc_msg->command.cmd_size / 4 - 4];
+ if ((u64)*instr == CMDQ_EOC_CMD)
+ instr[0] = 0;
+ else
+ pr_err("%s %d: find EOC failed: %#x %#x",
+ __func__, __LINE__, instr[1], instr[0]);
+
+ iwc_msg->command.wait_cookie = sec_task->wait_cookie;
+ iwc_msg->command.reset_exec = sec_task->reset_exec;
+
+ if (data->addr_metadata_cnt) {
+ iwc_msg->command.metadata.addr_list_length = data->addr_metadata_cnt;
+ memcpy(iwc_msg->command.metadata.addr_list,
+ (u32 *)(unsigned long)data->addr_metadatas,
+ data->addr_metadata_cnt * sizeof(struct iwc_cmdq_addr_metadata_t));
+ }
+
+ iwc_msg->command.metadata.engs_need_dapc = data->engs_need_dapc;
+ iwc_msg->command.metadata.engs_need_sec_port = data->engs_need_sec_port;
+ iwc_msg->command.normal_task_handle = (unsigned long)sec_task->task.pkt;
+
+ return 0;
+}
+
+static int cmdq_sec_session_send(struct cmdq_sec_context *context,
+ struct cmdq_sec_task *sec_task, const u32 iwc_cmd,
+ const u32 thrd_idx, struct cmdq_sec *cmdq)
+{
+ int err = 0;
+ u64 cost;
+ struct iwc_cmdq_message_t *iwc_msg = NULL;
+
+ iwc_msg = (struct iwc_cmdq_message_t *)context->iwc_msg;
+
+ memset(iwc_msg, 0, sizeof(*iwc_msg));
+ iwc_msg->cmd = iwc_cmd;
+ iwc_msg->cmdq_id = cmdq->pdata->hwid;
+ iwc_msg->command.thread = thrd_idx;
+
+ switch (iwc_cmd) {
+ case CMD_CMDQ_IWC_SUBMIT_TASK:
+ err = cmdq_sec_fill_iwc_msg(context, sec_task, thrd_idx);
+ if (err)
+ return err;
+ break;
+ case CMD_CMDQ_IWC_CANCEL_TASK:
+ iwc_msg->cancel_task.wait_cookie = sec_task->wait_cookie;
+ iwc_msg->cancel_task.thread = thrd_idx;
+ break;
+ case CMD_CMDQ_IWC_PATH_RES_ALLOCATE:
+ if (!cmdq->shared_mem || !cmdq->shared_mem->va) {
+ dev_err(cmdq->mbox.dev, "%s %d: shared_mem is NULL", __func__, __LINE__);
+ return -EFAULT;
+ }
+ iwc_msg->path_resource.size = cmdq->shared_mem->size;
+ iwc_msg->path_resource.share_memoy_pa = cmdq->shared_mem->pa;
+ iwc_msg->path_resource.use_normal_irq = 1;
+ break;
+ default:
+ break;
+ }
+
+ cmdq->sec_invoke = sched_clock();
+ dev_dbg(cmdq->mbox.dev, "%s execute cmdq:%p sec_task:%p command:%u thread:%u cookie:%d",
+ __func__, cmdq, sec_task, iwc_cmd, thrd_idx,
+ sec_task ? sec_task->wait_cookie : -1);
+
+ /* send message */
+ err = cmdq_sec_execute_session(&context->tee_ctx, iwc_cmd, CMDQ_TIMEOUT_DEFAULT);
+
+ cmdq->sec_done = sched_clock();
+ cost = div_u64(cmdq->sec_done - cmdq->sec_invoke, 1000000);
+ if (cost >= CMDQ_TIMEOUT_DEFAULT)
+ dev_err(cmdq->mbox.dev, "%s execute timeout cmdq:%p sec_task:%p cost:%lluus",
+ __func__, cmdq, sec_task, cost);
+ else
+ dev_dbg(cmdq->mbox.dev, "%s execute done cmdq:%p sec_task:%p cost:%lluus",
+ __func__, cmdq, sec_task, cost);
+
+ if (err)
+ return err;
+
+ context->state = IWC_SES_ON_TRANSACTED;
+ return 0;
+}
+
+static int cmdq_sec_session_reply(const u32 iwc_cmd, struct iwc_cmdq_message_t *iwc_msg,
+ void *data, struct cmdq_sec_task *sec_task)
+{
+ struct iwc_cmdq_cancel_task_t *cancel = data;
+ struct cmdq_sec_data *sec_data = sec_task->task.pkt->sec_data;
+
+ if (iwc_cmd == CMD_CMDQ_IWC_SUBMIT_TASK && iwc_msg->rsp < 0) {
+ /* submit fail case copy status */
+ memcpy(&sec_data->sec_status, &iwc_msg->sec_status,
+ sizeof(sec_data->sec_status));
+ sec_data->response = iwc_msg->rsp;
+ } else if (iwc_cmd == CMD_CMDQ_IWC_CANCEL_TASK && cancel) {
+ /* cancel case only copy cancel result */
+ memcpy(cancel, &iwc_msg->cancel_task, sizeof(*cancel));
+ }
+
+ return iwc_msg->rsp;
+}
+
+static int cmdq_sec_task_submit(struct cmdq_sec *cmdq, struct cmdq_sec_task *sec_task,
+ const u32 iwc_cmd, const u32 thrd_idx, void *data)
+{
+ struct cmdq_sec_context *context;
+ int err = 0;
+
+ if (!cmdq->context) {
+ context = kzalloc(sizeof(*cmdq->context), GFP_ATOMIC);
+ if (!context)
+ return -ENOMEM;
+
+ cmdq->context = context;
+ cmdq->context->state = IWC_INIT;
+ cmdq->context->tgid = current->tgid;
+ }
+
+ if (cmdq->context->state == IWC_INIT)
+ cmdq_sec_setup_tee_context(&cmdq->context->tee_ctx);
+
+ err = cmdq_sec_session_init(cmdq->context);
+ if (err) {
+ dev_err(cmdq->mbox.dev, "%s %d: cmdq_sec_session_init fail: %d",
+ __func__, __LINE__, err);
+ return err;
+ }
+
+ err = cmdq_sec_irq_notify_start(cmdq);
+ if (err) {
+ dev_err(cmdq->mbox.dev, "%s %d: cmdq_sec_irq_notify_start fail: %d",
+ __func__, __LINE__, err);
+ return err;
+ }
+
+ err = cmdq_sec_session_send(cmdq->context, sec_task, iwc_cmd, thrd_idx, cmdq);
+ if (err) {
+ dev_err(cmdq->mbox.dev, "%s %d: iwc_cmd:%d err:%d sec_task:%p thread:%u gce:%#lx",
+ __func__, __LINE__, iwc_cmd, err,
+ sec_task, thrd_idx, (unsigned long)cmdq->base_pa);
+ return err;
+ }
+
+ err = cmdq_sec_session_reply(iwc_cmd, cmdq->context->iwc_msg, data, sec_task);
+ if (err) {
+ dev_err(cmdq->mbox.dev, "%s %d: cmdq_sec_session_reply fail: %d",
+ __func__, __LINE__, err);
+ return err;
+ }
+
+ return 0;
+}
+
+static int cmdq_sec_suspend(struct device *dev)
+{
+ struct cmdq_sec *cmdq = dev_get_drvdata(dev);
+
+ clk_bulk_disable_unprepare(cmdq->pdata->gce_num, cmdq->pdata->clocks);
+ return 0;
+}
+
+static int cmdq_sec_resume(struct device *dev)
+{
+ struct cmdq_sec *cmdq = dev_get_drvdata(dev);
+
+ WARN_ON(clk_bulk_prepare_enable(cmdq->pdata->gce_num, cmdq->pdata->clocks));
+ return 0;
+}
+
+static const struct dev_pm_ops cmdq_sec_pm_ops = {
+ .suspend = cmdq_sec_suspend,
+ .resume = cmdq_sec_resume,
+};
+
+static void cmdq_sec_task_exec_work(struct work_struct *work_item)
+{
+ struct cmdq_sec_task *sec_task = container_of(work_item,
+ struct cmdq_sec_task, exec_work);
+ struct cmdq_sec_thread *sec_thread = container_of(sec_task->task.thread,
+ struct cmdq_sec_thread, thread);
+ struct cmdq_sec *cmdq = container_of(sec_thread->thread.chan->mbox,
+ struct cmdq_sec, mbox);
+ struct cmdq_sec_data *data;
+ unsigned long flags;
+ int err;
+
+ dev_dbg(cmdq->mbox.dev, "%s gce:%#lx sec_task:%p pkt:%p thread:%u",
+ __func__, (unsigned long)cmdq->base_pa,
+ sec_task, sec_task->task.pkt, sec_thread->idx);
+
+ if (!sec_task->task.pkt->sec_data) {
+ dev_err(cmdq->mbox.dev, "pkt:%p without sec_data", sec_task->task.pkt);
+ return;
+ }
+ data = (struct cmdq_sec_data *)sec_task->task.pkt->sec_data;
+
+ mutex_lock(&cmdq->exec_lock);
+
+ spin_lock_irqsave(&sec_thread->thread.chan->lock, flags);
+ if (!sec_thread->task_cnt) {
+ mod_timer(&sec_thread->timeout, jiffies +
+ msecs_to_jiffies(sec_thread->timeout_ms));
+ sec_thread->wait_cookie = 1;
+ sec_thread->next_cookie = 1;
+ sec_thread->task_cnt = 0;
+ __raw_writel(0, (void __iomem *)cmdq->shared_mem->va +
+ CMDQ_SEC_SHARED_THR_CNT_OFFSET + sec_thread->idx * sizeof(u32));
+ }
+
+ sec_task->reset_exec = sec_thread->task_cnt ? false : true;
+ sec_task->wait_cookie = sec_thread->next_cookie;
+ sec_thread->next_cookie = (sec_thread->next_cookie + 1) % CMDQ_MAX_COOKIE_VALUE;
+ list_add_tail(&sec_task->task.list_entry, &sec_thread->thread.task_busy_list);
+ sec_thread->task_cnt += 1;
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+ sec_task->trigger = sched_clock();
+
+ if (!atomic_cmpxchg(&cmdq_path_res, 0, 1)) {
+ err = cmdq_sec_task_submit(cmdq, NULL, CMD_CMDQ_IWC_PATH_RES_ALLOCATE,
+ CMDQ_INVALID_THREAD, NULL);
+ if (err) {
+ atomic_set(&cmdq_path_res, 0);
+ goto task_end;
+ }
+ }
+
+ if (sec_thread->task_cnt > CMDQ_MAX_TASK_IN_SECURE_THREAD) {
+ dev_err(cmdq->mbox.dev, "task_cnt:%u cannot more than %u sec_task:%p thread:%u",
+ sec_thread->task_cnt, CMDQ_MAX_TASK_IN_SECURE_THREAD,
+ sec_task, sec_thread->idx);
+ err = -EMSGSIZE;
+ goto task_end;
+ }
+
+ err = cmdq_sec_task_submit(cmdq, sec_task, CMD_CMDQ_IWC_SUBMIT_TASK,
+ sec_thread->idx, NULL);
+ if (err)
+ dev_err(cmdq->mbox.dev, "cmdq_sec_task_submit err:%d sec_task:%p thread:%u",
+ err, sec_task, sec_thread->idx);
+
+task_end:
+ if (err) {
+ struct cmdq_cb_data cb_data;
+
+ cb_data.sta = err;
+ cb_data.pkt = sec_task->task.pkt;
+ mbox_chan_received_data(sec_thread->thread.chan, &cb_data);
+
+ spin_lock_irqsave(&sec_thread->thread.chan->lock, flags);
+ if (!sec_thread->task_cnt)
+ dev_err(cmdq->mbox.dev, "thread:%u task_cnt:%u cannot below zero",
+ sec_thread->idx, sec_thread->task_cnt);
+ else
+ sec_thread->task_cnt -= 1;
+
+ sec_thread->next_cookie = (sec_thread->next_cookie - 1 +
+ CMDQ_MAX_COOKIE_VALUE) % CMDQ_MAX_COOKIE_VALUE;
+ list_del(&sec_task->task.list_entry);
+ dev_dbg(cmdq->mbox.dev, "gce:%#lx err:%d sec_task:%p pkt:%p",
+ (unsigned long)cmdq->base_pa, err, sec_task, sec_task->task.pkt);
+ dev_dbg(cmdq->mbox.dev, "thread:%u task_cnt:%u wait_cookie:%u next_cookie:%u",
+ sec_thread->idx, sec_thread->task_cnt,
+ sec_thread->wait_cookie, sec_thread->next_cookie);
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+
+ kfree(sec_task);
+ }
+
+ mutex_unlock(&cmdq->exec_lock);
+}
+
+static int cmdq_sec_mbox_send_data(struct mbox_chan *chan, void *data)
+{
+ struct cmdq_pkt *pkt = (struct cmdq_pkt *)data;
+ struct cmdq_sec_data *sec_data = (struct cmdq_sec_data *)pkt->sec_data;
+ struct cmdq_thread *thread = (struct cmdq_thread *)chan->con_priv;
+ struct cmdq_sec_thread *sec_thread = container_of(thread, struct cmdq_sec_thread, thread);
+ struct cmdq_sec_task *sec_task;
+
+ if (!sec_data)
+ return -EINVAL;
+
+ sec_task = kzalloc(sizeof(*sec_task), GFP_ATOMIC);
+ if (!sec_task)
+ return -ENOMEM;
+
+ sec_task->task.pkt = pkt;
+ sec_task->task.thread = thread;
+ sec_task->scenario = sec_data->scenario;
+ sec_task->engine_flag = sec_data->engs_need_dapc | sec_data->engs_need_sec_port;
+
+ INIT_WORK(&sec_task->exec_work, cmdq_sec_task_exec_work);
+ queue_work(sec_thread->task_exec_wq, &sec_task->exec_work);
+ return 0;
+}
+
+static void cmdq_sec_thread_timeout(struct timer_list *t)
+{
+ struct cmdq_sec_thread *sec_thread = from_timer(sec_thread, t, timeout);
+ struct cmdq_sec *cmdq = container_of(sec_thread->thread.chan->mbox, struct cmdq_sec, mbox);
+
+ if (!work_pending(&sec_thread->timeout_work))
+ queue_work(cmdq->timeout_wq, &sec_thread->timeout_work);
+}
+
+static void cmdq_sec_task_timeout_work(struct work_struct *work_item)
+{
+ struct cmdq_sec_thread *sec_thread = container_of(work_item,
+ struct cmdq_sec_thread, timeout_work);
+ struct cmdq_sec *cmdq = container_of(sec_thread->thread.chan->mbox,
+ struct cmdq_sec, mbox);
+ struct cmdq_task *task;
+ struct cmdq_sec_task *sec_task;
+ unsigned long flags;
+ u64 duration;
+ u32 cookie;
+
+ mutex_lock(&cmdq->exec_lock);
+
+ spin_lock_irqsave(&sec_thread->thread.chan->lock, flags);
+ if (list_empty(&sec_thread->thread.task_busy_list)) {
+ dev_err(cmdq->mbox.dev, "thread:%u task_list is empty", sec_thread->idx);
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+ goto done;
+ }
+
+ task = list_first_entry(&sec_thread->thread.task_busy_list,
+ struct cmdq_task, list_entry);
+ sec_task = container_of(task, struct cmdq_sec_task, task);
+ duration = div_u64(sched_clock() - sec_task->trigger, 1000000);
+ if (duration < sec_thread->timeout_ms) {
+ mod_timer(&sec_thread->timeout, jiffies +
+ msecs_to_jiffies(sec_thread->timeout_ms - duration));
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+ goto done;
+ }
+
+ cookie = cmdq_sec_get_cookie(cmdq, sec_thread->idx);
+ spin_unlock_irqrestore(&sec_thread->thread.chan->lock, flags);
+
+ dev_err(cmdq->mbox.dev, "%s duration:%llu cookie:%u thread:%u",
+ __func__, duration, cookie, sec_thread->idx);
+ cmdq_sec_irq_handler(sec_thread, cookie, -ETIMEDOUT);
+
+done:
+ mutex_unlock(&cmdq->exec_lock);
+}
+
+static int cmdq_sec_mbox_startup(struct mbox_chan *chan)
+{
+ struct cmdq_thread *thread = (struct cmdq_thread *)chan->con_priv;
+ struct cmdq_sec_thread *sec_thread = container_of(thread,
+ struct cmdq_sec_thread, thread);
+ char name[20];
+
+ timer_setup(&sec_thread->timeout, cmdq_sec_thread_timeout, 0);
+
+ INIT_WORK(&sec_thread->timeout_work, cmdq_sec_task_timeout_work);
+ snprintf(name, sizeof(name), "task_exec_wq_%u", sec_thread->idx);
+ sec_thread->task_exec_wq = create_singlethread_workqueue(name);
+ return 0;
+}
+
+static void cmdq_sec_mbox_shutdown(struct mbox_chan *chan)
+{
+}
+
+static int cmdq_sec_mbox_flush(struct mbox_chan *chan, unsigned long timeout)
+{
+ struct cmdq_thread *thread = (struct cmdq_thread *)chan->con_priv;
+ struct cmdq_sec *cmdq = container_of(thread->chan->mbox, struct cmdq_sec, mbox);
+ int i;
+ u32 thread_max = cmdq->pdata->secure_thread_min + cmdq->pdata->secure_thread_nr;
+
+ mutex_lock(&cmdq->exec_lock);
+
+ if (list_empty(&thread->task_busy_list)) {
+ mutex_unlock(&cmdq->exec_lock);
+ return 0;
+ }
+
+ for (i = cmdq->pdata->secure_thread_min; i < thread_max; i++) {
+ struct cmdq_sec_thread *sec_thread = &cmdq->sec_thread[i];
+ u32 cookie = cmdq_sec_get_cookie(cmdq, sec_thread->idx);
+
+ if (cookie < sec_thread->wait_cookie || !sec_thread->task_cnt)
+ continue;
+
+ cmdq_sec_irq_handler(sec_thread, cookie, -ECONNABORTED);
+ }
+
+ mutex_unlock(&cmdq->exec_lock);
+ return 0;
+}
+
+static const struct mbox_chan_ops cmdq_sec_mbox_chan_ops = {
+ .send_data = cmdq_sec_mbox_send_data,
+ .startup = cmdq_sec_mbox_startup,
+ .shutdown = cmdq_sec_mbox_shutdown,
+ .flush = cmdq_sec_mbox_flush,
+};
+
+static struct mbox_chan *cmdq_sec_mbox_of_xlate(struct mbox_controller *mbox,
+ const struct of_phandle_args *sp)
+{
+ struct cmdq_thread *thread;
+ struct cmdq_sec_thread *sec_thread;
+ int idx = sp->args[0];
+
+ if (mbox->num_chans <= idx) {
+ pr_err("invalid thrd-idx:%u", idx);
+ return ERR_PTR(-EINVAL);
+ }
+
+ thread = (struct cmdq_thread *)mbox->chans[idx].con_priv;
+ thread->chan = &mbox->chans[idx];
+ thread->priority = sp->args[1];
+ sec_thread = container_of(thread, struct cmdq_sec_thread, thread);
+ sec_thread->timeout_ms = CMDQ_NO_TIMEOUT;
+
+ return &mbox->chans[idx];
+}
+
+static int cmdq_sec_probe(struct platform_device *pdev)
+{
+ int i, err;
+ struct cmdq_sec *cmdq;
+ struct device *dev = &pdev->dev;
+ struct device *gce_dev;
+ struct resource *res;
+
+ cmdq = devm_kzalloc(dev, sizeof(*cmdq), GFP_KERNEL);
+ if (!cmdq)
+ return -ENOMEM;
+
+ cmdq->pdata = (struct gce_sec_plat *)pdev->dev.platform_data;
+ if (!cmdq->pdata) {
+ dev_err(dev, "no valid gce platform data!\n");
+ return -EINVAL;
+ }
+
+ gce_dev = cmdq->pdata->gce_dev;
+ cmdq->base = devm_platform_get_and_ioremap_resource(to_platform_device(gce_dev),
+ 0, &res);
+ if (IS_ERR(cmdq->base))
+ return PTR_ERR(cmdq->base);
+
+ cmdq->base_pa = res->start;
+
+ cmdq->mbox.dev = gce_dev;
+ cmdq->mbox.chans = devm_kcalloc(dev, cmdq->pdata->thread_nr,
+ sizeof(*cmdq->mbox.chans), GFP_KERNEL);
+ if (!cmdq->mbox.chans)
+ return -ENOMEM;
+
+ cmdq->mbox.ops = &cmdq_sec_mbox_chan_ops;
+ cmdq->mbox.num_chans = cmdq->pdata->thread_nr;
+ cmdq->mbox.of_xlate = cmdq_sec_mbox_of_xlate;
+
+ /* make use of TXDONE_BY_ACK */
+ cmdq->mbox.txdone_irq = false;
+ cmdq->mbox.txdone_poll = false;
+
+ cmdq->sec_thread = devm_kcalloc(dev, cmdq->pdata->thread_nr,
+ sizeof(*cmdq->sec_thread), GFP_KERNEL);
+ if (!cmdq->sec_thread)
+ return -ENOMEM;
+
+ mutex_init(&cmdq->exec_lock);
+ for (i = 0; i < cmdq->pdata->thread_nr; i++) {
+ cmdq->sec_thread[i].thread.base = cmdq->base + CMDQ_THR_BASE + CMDQ_THR_SIZE * i;
+ INIT_LIST_HEAD(&cmdq->sec_thread[i].thread.task_busy_list);
+ cmdq->sec_thread[i].idx = i;
+ cmdq->mbox.chans[i].con_priv = (void *)&cmdq->sec_thread[i].thread;
+ }
+
+ cmdq->notify_wq = create_singlethread_workqueue("mtk_cmdq_sec_notify_wq");
+ cmdq->timeout_wq = create_singlethread_workqueue("mtk_cmdq_sec_timeout_wq");
+ err = devm_mbox_controller_register(dev, &cmdq->mbox);
+ if (err)
+ return err;
+
+ cmdq->shared_mem = devm_kzalloc(dev, sizeof(*cmdq->shared_mem), GFP_KERNEL);
+ if (!cmdq->shared_mem)
+ return -ENOMEM;
+
+ cmdq->shared_mem->va = dma_alloc_coherent(dev, PAGE_SIZE,
+ &cmdq->shared_mem->pa, GFP_KERNEL);
+ cmdq->shared_mem->size = PAGE_SIZE;
+
+ platform_set_drvdata(pdev, cmdq);
+ WARN_ON(clk_bulk_prepare_enable(cmdq->pdata->gce_num, cmdq->pdata->clocks));
+
+ return 0;
+}
+
+static int cmdq_sec_remove(struct platform_device *pdev)
+{
+ struct cmdq_sec *cmdq = platform_get_drvdata(pdev);
+
+ if (cmdq->context)
+ cmdq_sec_free_wsm(&cmdq->context->tee_ctx, &cmdq->context->iwc_msg);
+
+ mbox_controller_unregister(&cmdq->mbox);
+
+ clk_bulk_disable_unprepare(cmdq->pdata->gce_num, cmdq->pdata->clocks);
+ return 0;
+}
+
+static struct platform_driver cmdq_sec_drv = {
+ .probe = cmdq_sec_probe,
+ .remove = cmdq_sec_remove,
+ .driver = {
+ .name = "mtk-cmdq-sec",
+ .pm = &cmdq_sec_pm_ops,
+ },
+};
+
+static int __init cmdq_sec_init(void)
+{
+ int err;
+
+ err = platform_driver_register(&cmdq_sec_drv);
+ if (err)
+ pr_err("platform_driver_register failed:%d", err);
+ return err;
+}
+
+rootfs_initcall(cmdq_sec_init);
+
+MODULE_LICENSE("GPL");
diff --git a/drivers/mailbox/mtk-cmdq-sec-tee.c b/drivers/mailbox/mtk-cmdq-sec-tee.c
new file mode 100644
index 0000000000000..e3f5ba6aaaaad
--- /dev/null
+++ b/drivers/mailbox/mtk-cmdq-sec-tee.c
@@ -0,0 +1,165 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2019 MediaTek Inc.
+ */
+
+#include <linux/math64.h>
+#include <linux/sched/clock.h>
+
+#include <linux/mailbox/mtk-cmdq-sec-tee.h>
+#include <linux/soc/mediatek/mtk-cmdq.h>
+
+/* lock to protect atomic secure task execution */
+static DEFINE_MUTEX(cmdq_sec_exec_lock);
+
+void cmdq_sec_setup_tee_context(struct cmdq_sec_tee_context *tee)
+{
+ /* 09010000 0000 0000 0000000000000000 */
+ memset(tee->uuid, 0, sizeof(tee->uuid));
+ tee->uuid[0] = 0x9;
+ tee->uuid[1] = 0x1;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_setup_tee_context);
+
+static int tee_dev_match(struct tee_ioctl_version_data *t, const void *v)
+{
+ if (t->impl_id == TEE_IMPL_ID_OPTEE)
+ return 1;
+
+ return 0;
+}
+
+int cmdq_sec_init_context(struct cmdq_sec_tee_context *tee)
+{
+ tee->tee_context = tee_client_open_context(NULL, tee_dev_match, NULL, NULL);
+ if (!tee->tee_context) {
+ pr_err("[%s][%d] tee_client_open_context failed!", __func__, __LINE__);
+ return -EFAULT;
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_init_context);
+
+int cmdq_sec_deinit_context(struct cmdq_sec_tee_context *tee)
+{
+ if (tee && tee->tee_context)
+ tee_client_close_context(tee->tee_context);
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_deinit_context);
+
+int cmdq_sec_allocate_wsm(struct cmdq_sec_tee_context *tee, void **wsm_buffer, u32 size)
+{
+ void *buffer;
+
+ if (!wsm_buffer)
+ return -EINVAL;
+
+ if (size == 0)
+ return -EINVAL;
+
+ buffer = kmalloc(size, GFP_KERNEL);
+ if (!buffer)
+ return -ENOMEM;
+
+ tee->shared_mem = tee_shm_register_kernel_buf(tee->tee_context, buffer, size);
+ if (!tee->shared_mem) {
+ kfree(buffer);
+ return -ENOMEM;
+ }
+
+ *wsm_buffer = buffer;
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_allocate_wsm);
+
+int cmdq_sec_free_wsm(struct cmdq_sec_tee_context *tee, void **wsm_buffer)
+{
+ if (!wsm_buffer)
+ return -EINVAL;
+
+ tee_shm_put(tee->shared_mem);
+ tee->shared_mem = NULL;
+ kfree(*wsm_buffer);
+ *wsm_buffer = NULL;
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_free_wsm);
+
+int cmdq_sec_open_session(struct cmdq_sec_tee_context *tee, void *wsm_buffer)
+{
+ struct tee_ioctl_open_session_arg osarg = {0};
+ struct tee_param params = {0};
+ int ret = 0;
+
+ if (!wsm_buffer)
+ return -EINVAL;
+
+ osarg.num_params = 1;
+ memcpy(osarg.uuid, tee->uuid, sizeof(osarg.uuid));
+ osarg.clnt_login = 0;
+
+ ret = tee_client_open_session(tee->tee_context, &osarg, ¶ms);
+ if (ret)
+ return -EFAULT;
+
+ if (!osarg.ret)
+ tee->session = osarg.session;
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_open_session);
+
+int cmdq_sec_close_session(struct cmdq_sec_tee_context *tee)
+{
+ tee_client_close_session(tee->tee_context, tee->session);
+ return 0;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_close_session);
+
+int cmdq_sec_execute_session(struct cmdq_sec_tee_context *tee, u32 cmd, s32 timeout_ms)
+{
+ struct tee_ioctl_invoke_arg invoke_arg = {0};
+ struct tee_param params = {0};
+ u64 ts = sched_clock();
+ int ret = 0;
+
+ mutex_lock(&cmdq_sec_exec_lock);
+
+ params.attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT;
+ params.u.memref.shm = tee->shared_mem;
+ params.u.memref.shm_offs = 0;
+ params.u.memref.size = tee->shared_mem->size;
+
+ invoke_arg.num_params = 1;
+ invoke_arg.session = tee->session;
+ invoke_arg.func = cmd;
+
+ ret = tee_client_invoke_func(tee->tee_context, &invoke_arg, ¶ms);
+ if (ret) {
+ pr_err("tee_client_invoke_func failed, ret=%d\n", ret);
+ return -EFAULT;
+ }
+
+ ret = invoke_arg.ret;
+
+ mutex_unlock(&cmdq_sec_exec_lock);
+
+ ts = div_u64(sched_clock() - ts, 1000000);
+
+ if (ret != 0)
+ pr_err("[SEC]execute: TEEC_InvokeCommand:%u ret:%d cost:%lluus", cmd, ret, ts);
+ else if (ts > timeout_ms)
+ pr_err("[SEC]execute: TEEC_InvokeCommand:%u ret:%d cost:%lluus", cmd, ret, ts);
+ else
+ pr_debug("[SEC]execute: TEEC_InvokeCommand:%u ret:%d cost:%lluus", cmd, ret, ts);
+
+ return ret;
+}
+EXPORT_SYMBOL_GPL(cmdq_sec_execute_session);
+
+MODULE_LICENSE("GPL");
diff --git a/include/linux/mailbox/mtk-cmdq-mailbox.h b/include/linux/mailbox/mtk-cmdq-mailbox.h
index 43eae45a08c94..d29916d171109 100644
--- a/include/linux/mailbox/mtk-cmdq-mailbox.h
+++ b/include/linux/mailbox/mtk-cmdq-mailbox.h
@@ -22,6 +22,7 @@
#define CMDQ_SUBSYS_SHIFT 16
#define CMDQ_OP_CODE_SHIFT 24
#define CMDQ_JUMP_PASS CMDQ_INST_SIZE
+#define CMDQ_EOC_CMD 0x4000000000000001ULL
#define CMDQ_WFE_UPDATE BIT(31)
#define CMDQ_WFE_UPDATE_VALUE BIT(16)
@@ -84,6 +85,7 @@ struct cmdq_pkt {
size_t buf_size; /* real buffer size */
void *cl;
bool loop;
+ void *sec_data;
};
struct cmdq_thread {
diff --git a/include/linux/mailbox/mtk-cmdq-sec-iwc-common.h b/include/linux/mailbox/mtk-cmdq-sec-iwc-common.h
new file mode 100644
index 0000000000000..655185ea8a82c
--- /dev/null
+++ b/include/linux/mailbox/mtk-cmdq-sec-iwc-common.h
@@ -0,0 +1,385 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (c) 2019 MediaTek Inc.
+ */
+
+#ifndef __CMDQ_SEC_IWC_COMMON_H__
+#define __CMDQ_SEC_IWC_COMMON_H__
+
+/**
+ * CMDQ_SEC_SHARED_THR_CNT_OFFSET - shared memory offset to store thread count.
+ */
+#define CMDQ_SEC_SHARED_THR_CNT_OFFSET 0x100
+
+/**
+ * CMDQ_TZ_CMD_BLOCK_SIZE - total command buffer size copy from normal world to secure world.
+ * maximum 20 pages may be requested for MDP readback.
+ */
+#define CMDQ_TZ_CMD_BLOCK_SIZE (20 << 12)
+
+/**
+ * CMDQ_IWC_MAX_CMD_LENGTH - max length of u32 array to store commanad buffer.
+ */
+#define CMDQ_IWC_MAX_CMD_LENGTH (CMDQ_TZ_CMD_BLOCK_SIZE / sizeof(u32))
+
+/**
+ * CMDQ_IWC_MAX_ADDR_LIST_LENGTH - max length of addr metadata list.
+ */
+#define CMDQ_IWC_MAX_ADDR_LIST_LENGTH (30)
+
+/**
+ * CMDQ_IWC_CLIENT_NAME - length for caller_name in iwc_cmdq_command_t.
+ */
+#define CMDQ_IWC_CLIENT_NAME (16)
+
+/**
+ * CMDQ_MAX_READBACK_ENG - length for readback_engs in iwc_cmdq_command_t.
+ */
+#define CMDQ_MAX_READBACK_ENG (8)
+
+/**
+ * CMDQ_SEC_MESSAGE_INST_LEN - length for sec_inst in iwc_cmdq_sec_status_t.
+ */
+#define CMDQ_SEC_MESSAGE_INST_LEN (8)
+
+/**
+ * CMDQ_SEC_DISPATCH_LEN - length for dispatch in iwc_cmdq_sec_status_t.
+ */
+#define CMDQ_SEC_DISPATCH_LEN (8)
+
+/*
+ * IWC Command IDs - ID for normal world(TLC or linux kernel) to secure world.
+ */
+#define CMD_CMDQ_IWC_SUBMIT_TASK (1) /* submit current task */
+#define CMD_CMDQ_IWC_CANCEL_TASK (3) /* cancel current task */
+#define CMD_CMDQ_IWC_PATH_RES_ALLOCATE (4) /* create global resource for secure path */
+
+/**
+ * enum cmdq_iwc_addr_metadata_type - address medadata type to be converted in secure world.
+ * @CMDQ_IWC_H_2_PA: secure handle to sec PA.
+ * @CMDQ_IWC_H_2_MVA: secure handle to sec MVA.
+ * @CMDQ_IWC_NMVA_2_MVA: map normal MVA to secure world.
+ * @CMDQ_IWC_PH_2_MVA: session protected handle to sec MVA.
+ *
+ * To tell secure world waht operation to use for converting address in metadata list.
+ */
+enum cmdq_iwc_addr_metadata_type {
+ CMDQ_IWC_H_2_PA = 0,
+ CMDQ_IWC_H_2_MVA = 1,
+ CMDQ_IWC_NMVA_2_MVA = 2,
+ CMDQ_IWC_PH_2_MVA = 3,
+};
+
+/*
+ * enum cmdq_sec_engine_enum - the flag for HW engines need to be proteced in secure world.
+ * Each enum is a bit in a u64 engine flag variable.
+ */
+enum cmdq_sec_engine_enum {
+ /* MDP */
+ CMDQ_SEC_MDP_RDMA0 = 0,
+ CMDQ_SEC_MDP_RDMA1 = 1,
+ CMDQ_SEC_MDP_WDMA = 2,
+ CMDQ_SEC_MDP_RDMA2 = 3,
+ CMDQ_SEC_MDP_RDMA3 = 4,
+ CMDQ_SEC_MDP_WROT0 = 5,
+ CMDQ_SEC_MDP_WROT1 = 6,
+ CMDQ_SEC_MDP_WROT2 = 7,
+ CMDQ_SEC_MDP_WROT3 = 8,
+ CMDQ_SEC_MDP_HDR0 = 9,
+ CMDQ_SEC_MDP_HDR1 = 10,
+ CMDQ_SEC_MDP_HDR2 = 11,
+ CMDQ_SEC_MDP_HDR3 = 12,
+ CMDQ_SEC_MDP_AAL0 = 13,
+ CMDQ_SEC_MDP_AAL1 = 14,
+ CMDQ_SEC_MDP_AAL2 = 15,
+ CMDQ_SEC_MDP_AAL3 = 16,
+
+ /* DISP (VDOSYS0) */
+ CMDQ_SEC_DISP_RDMA0 = 17,
+ CMDQ_SEC_DISP_RDMA1 = 18,
+ CMDQ_SEC_DISP_WDMA0 = 19,
+ CMDQ_SEC_DISP_WDMA1 = 20,
+ CMDQ_SEC_DISP_OVL0 = 21,
+ CMDQ_SEC_DISP_OVL1 = 22,
+ CMDQ_SEC_DISP_OVL2 = 23,
+ CMDQ_SEC_DISP_2L_OVL0 = 24,
+ CMDQ_SEC_DISP_2L_OVL1 = 25,
+ CMDQ_SEC_DISP_2L_OVL2 = 26,
+
+ /* DSIP (VDOSYS1) */
+ CMDQ_SEC_VDO1_DISP_RDMA_L0 = 27,
+ CMDQ_SEC_VDO1_DISP_RDMA_L1 = 28,
+ CMDQ_SEC_VDO1_DISP_RDMA_L2 = 29,
+ CMDQ_SEC_VDO1_DISP_RDMA_L3 = 30,
+
+ /* VENC */
+ CMDQ_SEC_VENC_BSDMA = 31,
+ CMDQ_SEC_VENC_CUR_LUMA = 32,
+ CMDQ_SEC_VENC_CUR_CHROMA = 33,
+ CMDQ_SEC_VENC_REF_LUMA = 34,
+ CMDQ_SEC_VENC_REF_CHROMA = 35,
+ CMDQ_SEC_VENC_REC = 36,
+ CMDQ_SEC_VENC_SUB_R_LUMA = 37,
+ CMDQ_SEC_VENC_SUB_W_LUMA = 38,
+ CMDQ_SEC_VENC_SV_COMV = 39,
+ CMDQ_SEC_VENC_RD_COMV = 40,
+ CMDQ_SEC_VENC_NBM_RDMA = 41,
+ CMDQ_SEC_VENC_NBM_WDMA = 42,
+ CMDQ_SEC_VENC_NBM_RDMA_LITE = 43,
+ CMDQ_SEC_VENC_NBM_WDMA_LITE = 44,
+ CMDQ_SEC_VENC_FCS_NBM_RDMA = 45,
+ CMDQ_SEC_VENC_FCS_NBM_WDMA = 46,
+
+ CMDQ_SEC_MAX_ENG_COUNT
+};
+
+/**
+ * struct iwc_cmdq_addr_metadata_t - metadata structure for converting address of secure buffer.
+ * @instr_idx: index of instruction.
+ * @type: addr metadata type.
+ * @base_handle: secure address handle.
+ * @block_offset: block offset from handle(PA) to current block(plane).
+ * @offset: buffser offset to secure handle.
+ * @size: buffer size.
+ * @port: HW port id (i.e. M4U port id)
+ */
+struct iwc_cmdq_addr_metadata_t {
+ /**
+ * @instr_idx: update its arg_b value to real PA/MVA in secure world.
+ */
+ u32 instr_idx;
+
+ /**
+ * @type: address medadata type to be converted in secure world.
+ */
+ u32 type;
+
+ /**
+ * @base_handle:
+ * @block_offset:
+ * @offset:
+ * @size:
+ * these members are used to store the buffer and offset relationship.
+ *
+ * -------------
+ * | | |
+ * -------------
+ * ^ ^ ^ ^
+ * A B C D
+ *
+ * A: base_handle
+ * B: base_handle + block_offset
+ * C: base_handle + block_offset + offset
+ * A~B or B~D: size
+ */
+ u64 base_handle;
+ u32 block_offset;
+ u32 offset;
+ u32 size;
+
+ /**
+ * @port: [IN]
+ *
+ * used to configure M4U port id.
+ */
+ u32 port;
+};
+
+/**
+ * struct iwc_cmdq_metadata_t - metadata structure for converting a list of secure buffer address.
+ * @addr_list_length: length of metadata address list.
+ * @addr_list: array of metadata address list.
+ * @engs_need_dapc: HW engines need to be protected by dapc.
+ * @engs_need_sec_port: HW engines need to be protected by secure larb port.
+ */
+struct iwc_cmdq_metadata_t {
+ u32 addr_list_length;
+ struct iwc_cmdq_addr_metadata_t addr_list[CMDQ_IWC_MAX_ADDR_LIST_LENGTH];
+ u64 engs_need_dapc;
+ u64 engs_need_sec_port;
+};
+
+/**
+ * enum sec_extension_iwc - extension HW engine flag to be protcted in secure world.
+ * @IWC_MDP_AAL: for MDP AAL engine.
+ * @IWC_MDP_TDSHP: for MDP TDSHP engine.
+ */
+enum sec_extension_iwc {
+ IWC_MDP_AAL = 0,
+ IWC_MDP_TDSHP,
+};
+
+/**
+ * struct readback_engine - readback engine parameters.
+ * @engine: HW engine flag for readback.
+ * @start: start address pa of readback buffer.
+ * @count: u32 size count of readback buffer.
+ * @param: other parameters need in secure world.
+ */
+struct readback_engine {
+ u32 engine;
+ u32 start;
+ u32 count;
+ u32 param;
+};
+
+/**
+ * struct iwc_cmdq_command_t - structure for excuting cmdq task in secure world.
+ * @thread: GCE secure thread index to execute command.
+ * @scenario: scenario to execute command.
+ * @priority: priority of GCE secure thread.
+ * @cmd_size: command size used in command buffer.
+ * @eng_flag: HW engine flag need to enable protection configuration.
+ * @va_base: command buffer
+ * @wait_cookie: index in thread's task list, it should be (nextCookie - 1).
+ * @reset_exec: reset HW thread.
+ * @caller_pid: pid of client module.
+ * @caller_name: name of client module.
+ * @metadata: metadata structure for converting a list of secure buffer address.
+ * @extension: extension HW engine flag to be protcted in secure world.
+ * @readback_pa: readback buffer pa.
+ * @normal_task_handle: handle to reference task in normal world.
+ * @mdp_extension: extension MDP HW engine flag to be protcted in secure world.
+ * @readback_engs: array of readback engines parameters.
+ * @readback_cnt: count of readback_engs array.
+ */
+struct iwc_cmdq_command_t {
+ /* basic execution data */
+ u32 thread;
+ u32 scenario;
+ u32 priority;
+ u32 cmd_size;
+ u64 eng_flag;
+ u32 va_base[CMDQ_IWC_MAX_CMD_LENGTH];
+
+ /* exec order data */
+ u32 wait_cookie;
+ bool reset_exec;
+
+ /* client info */
+ s32 caller_pid;
+ char caller_name[CMDQ_IWC_CLIENT_NAME];
+
+ /* metadata */
+ struct iwc_cmdq_metadata_t metadata;
+
+ /* client extension bits */
+ u64 extension;
+ u64 readback_pa;
+
+ /* debug */
+ u64 normal_task_handle;
+
+ /* SVP HDR */
+ u32 mdp_extension;
+ struct readback_engine readback_engs[CMDQ_MAX_READBACK_ENG];
+ u32 readback_cnt;
+};
+
+/**
+ * struct iwc_cmdq_cancel_task_t - structure for canceling cmdq task in the secure world.
+ * @thread: [IN] GCE secure thread index.
+ * @wait_cookie: [IN] execute count cookie to wait.
+ * @throw_aee: [OUT] AEE has thrown.
+ * @has_reset: [OUT] current secure thread has been reset
+ * @irq_status: [OUT] global secure IRQ flag.
+ * @irq_flag: [OUT] thread IRQ flag.
+ * @err_instr: [OUT] err_instr[0] = instruction low bits, err_instr[1] = instruction high bits.
+ * @reg_value: [OUT] value of error register.
+ * @pc: [OUT] current pc.
+ *
+ * used to allocate share memory from secure world.
+ */
+struct iwc_cmdq_cancel_task_t {
+ s32 thread;
+ u32 wait_cookie;
+ bool throw_aee;
+ bool has_reset;
+ s32 irq_status;
+ s32 irq_flag;
+ u32 err_instr[2];
+ u32 reg_value;
+ u32 pc;
+};
+
+/**
+ * struct iwc_cmdq_path_resource_t - Inter-World Communication resource allocation structure.
+ * @share_memoy_pa: use long long for 64 bit compatible support.
+ * @size: size of share memory.
+ * @use_normal_irq: use normal IRQ in secure world.
+ *
+ * used to allocate share memory from secure world.
+ */
+struct iwc_cmdq_path_resource_t {
+ long long share_memoy_pa;
+ u32 size;
+ bool use_normal_irq;
+};
+
+/**
+ * struct iwc_cmdq_debug_config_t - debug config structure for secure debug log.
+ *
+ * @log_level: log level in secure world.
+ * @enable_profile: enable profile in secure world.
+ */
+struct iwc_cmdq_debug_config_t {
+ s32 log_level;
+ s32 enable_profile;
+};
+
+/**
+ * struct iwc_cmdq_sec_status_t - secure status from secure world.
+ *
+ * @step: the step in secure cmdq TA.
+ * @status: the status in secure cmdq TA.
+ * @args: the status arguments in secure cmdq TA.
+ * @sec_inst: current instruction in secure cmdq TA.
+ * @inst_index: current instruction index in secure cmdq TA.
+ * @dispatch: current HW engine configuring in secure cmdq TA.
+ */
+struct iwc_cmdq_sec_status_t {
+ u32 step;
+ s32 status;
+ u32 args[4];
+ u32 sec_inst[CMDQ_SEC_MESSAGE_INST_LEN];
+ u32 inst_index;
+ char dispatch[CMDQ_SEC_DISPATCH_LEN];
+};
+
+/**
+ * struct iwc_cmdq_message_t - Inter-World Communication message structure.
+ * @cmd: [IN] iwc command id.
+ * @rsp: [OUT] respond from secureworld, 0 for success, < 0 for error.
+ * @command: [IN] structure for excuting cmdq task in secure world.
+ * @cancel_task: [IN] structure for canceling cmdq task in the secure world.
+ * @path_resource: [IN]
+ * @debug: [IN] debug config structure for secure debug log.
+ * @sec_status: [OUT] secure status from secure world.
+ * @cmdq_id: [IN] GCE core id.
+ *
+ * Both Linex kernel and mobicore have their own MMU tables for mapping
+ * world shared memory and physical addresses, so mobicore does not understand
+ * linux virtual address mapping.
+ * If we want to transact a large buffer in TCI/DCI, there are 2 ways (both require 1 copy):
+ * 1. Ue mc_map to map the normal world buffer to WSM and pass secure_virt_addr in TCI/DCI buffer.
+ * Note that mc_map implies a memcopy to copy the content from normal world to WSM.
+ * 2. Declare a fixed-length array in TCI/DCI struct and its size must be < 1M.
+ */
+struct iwc_cmdq_message_t {
+ union {
+ u32 cmd;
+ s32 rsp;
+ };
+
+ union {
+ struct iwc_cmdq_command_t command;
+ struct iwc_cmdq_cancel_task_t cancel_task;
+ struct iwc_cmdq_path_resource_t path_resource;
+ };
+
+ struct iwc_cmdq_debug_config_t debug;
+ struct iwc_cmdq_sec_status_t sec_status;
+
+ u8 cmdq_id;
+};
+#endif /* __CMDQ_SEC_IWC_COMMON_H__ */
diff --git a/include/linux/mailbox/mtk-cmdq-sec-mailbox.h b/include/linux/mailbox/mtk-cmdq-sec-mailbox.h
new file mode 100644
index 0000000000000..01a842d713e63
--- /dev/null
+++ b/include/linux/mailbox/mtk-cmdq-sec-mailbox.h
@@ -0,0 +1,158 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (c) 2019 MediaTek Inc.
+ */
+
+#ifndef __MTK_CMDQ_SEC_MAILBOX_H__
+#define __MTK_CMDQ_SEC_MAILBOX_H__
+
+#include <linux/kernel.h>
+
+#include <linux/mailbox/mtk-cmdq-mailbox.h>
+#include <linux/mailbox/mtk-cmdq-sec-iwc-common.h>
+#include <linux/mailbox/mtk-cmdq-sec-tee.h>
+#include <linux/soc/mediatek/mtk-cmdq.h>
+
+#define CMDQ_INVALID_THREAD (-1)
+#define CMDQ_MAX_TASK_IN_SECURE_THREAD (16)
+#define CMDQ_SEC_IRQ_THREAD (15)
+
+/**
+ * CMDQ_MAX_COOKIE_VALUE - max value of CMDQ_THR_EXEC_CNT_PA (value starts from 0)
+ */
+#define CMDQ_MAX_COOKIE_VALUE (0xffff)
+
+/**
+ * enum cmdq_sec_scenario - scenario settings for cmdq TA.
+ * @CMDQ_SEC_SCNR_PRIMARY_DISP: primary display vdo mode enable.
+ * @CMDQ_SEC_SCNR_SUB_DISP: external display vdo mode enable.
+ * @CMDQ_SEC_SCNR_PRIMARY_DISP_DISABLE: primary display vdo mode disable.
+ * @CMDQ_SEC_SCNR_SUB_DISP_DISABLE: external display vdo mode disable.
+ * @CMDQ_SEC_SCNR_MAX: the end of enum.
+ *
+ * These states are used to record the state of IWC message structure.
+ */
+enum cmdq_sec_scenario {
+ CMDQ_SEC_SCNR_PRIMARY_DISP = 1,
+ CMDQ_SEC_SCNR_SUB_DISP = 4,
+ CMDQ_SEC_SCNR_PRIMARY_DISP_DISABLE = 18,
+ CMDQ_SEC_SCNR_SUB_DISP_DISABLE = 19,
+ CMDQ_SEC_SCNR_MAX,
+};
+
+/**
+ * enum cmdq_iwc_state_enum - state of Inter-world Communication(IWC) message
+ * @IWC_INIT: state of initializing tee context, means tee context has not initialized.
+ * @IWC_CONTEXT_INITED: tee context has initialized.
+ * @IWC_WSM_ALLOCATED: world share memory has allocated.
+ * @IWC_SES_OPENED: session to the tee context has opend.
+ * @IWC_SES_ON_TRANSACTED: session to the tee context has transacted.
+ * @IWC_STATE_MAX: the end of enum.
+ *
+ * These states are used to record the state of IWC message structure.
+ */
+enum cmdq_iwc_state_enum {
+ IWC_INIT,
+ IWC_CONTEXT_INITED,
+ IWC_WSM_ALLOCATED,
+ IWC_SES_OPENED,
+ IWC_SES_ON_TRANSACTED,
+ IWC_STATE_MAX,
+};
+
+/**
+ * struct gce_sec_plat - used to pass platform data from cmdq driver.
+ * @gce_dev: pointer to GCE device.
+ * @hwid: GCE core id.
+ * @gce_num: number of GCE core.
+ * @clocks: GCE clocks.
+ * @thread_nr: number of thread in each GCE core.
+ * @secure_thread_nr: number of secure thread.
+ * @secure_thread_min: min index of secure thread.
+ * @cmdq_event: secure EOF event id.
+ */
+struct gce_sec_plat {
+ struct device *gce_dev;
+ u32 hwid;
+ u32 gce_num;
+ struct clk_bulk_data *clocks;
+ u32 thread_nr;
+ u8 secure_thread_nr;
+ u8 secure_thread_min;
+ u32 cmdq_event;
+};
+
+/**
+ * struct cmdq_sec_data - used to translate secure buffer PA related instruction
+ * @addr_metadata_cnt: count of element in addr_list.
+ * @addr_metadatas: array of iwc_cmdq_addr_metadata_t.
+ * @addr_metadata_max_cnt: Reserved.
+ * @scenario: scenario config for secure world.
+ * @engs_need_dapc: engine falgs that need to config dapc in secure world.
+ * @engs_need_sec_port: engine falgs that need to config secure larb port in secure world.
+ * @response: return value from secure world.
+ * @sec_status: current iwc message status from secure world.
+ *
+ */
+struct cmdq_sec_data {
+ u32 addr_metadata_cnt;
+ u64 addr_metadatas;
+ u32 addr_metadata_max_cnt;
+ enum cmdq_sec_scenario scenario;
+ u64 engs_need_dapc;
+ u64 engs_need_sec_port;
+ s32 response;
+ struct iwc_cmdq_sec_status_t sec_status;
+};
+
+/**
+ * cmdq_sec_pkt_free_sec_data() - free sec_data for CMDQ packet.
+ * @pkt: the CMDQ packet.
+ */
+void cmdq_sec_pkt_free_sec_data(struct cmdq_pkt *pkt);
+
+/**
+ * cmdq_sec_pkt_alloc_sec_data() - allocate sec_data for CMDQ packet.
+ * @pkt: the CMDQ packet.
+ *
+ * Return: 0 for success; else the error code is returned
+ */
+int cmdq_sec_pkt_alloc_sec_data(struct cmdq_pkt *pkt);
+
+/**
+ * cmdq_sec_insert_backup_cookie() - append backup cookie related instructions.
+ * @pkt: the CMDQ packet.
+ *
+ * Return: 0 for success; else the error code is returned
+ */
+int cmdq_sec_insert_backup_cookie(struct cmdq_pkt *pkt);
+
+/**
+ * cmdq_sec_pkt_set_data() - set secure configuration to sec_data in CDMQ packet.
+ * @pkt: the CMDQ packet.
+ * @dapc_engine: the engine flag for dapc protection.
+ * @port_sec_engine: the engine flag for secure larb prot protection.
+ * @scenario: the scenario to CMDQ TA.
+ *
+ * Return: 0 for success; else the error code is returned
+ */
+int cmdq_sec_pkt_set_data(struct cmdq_pkt *pkt, const u64 dapc_engine,
+ const u64 port_sec_engine, const enum cmdq_sec_scenario scenario);
+
+/**
+ * cmdq_sec_pkt_write() - append write secure buffer related instructions.
+ * @pkt: the CMDQ packet.
+ * @addr: the register to be configured.
+ * @base: the secure handle of secure buffer.
+ * @type: the address metadata conversion type.
+ * @offset: the address offset of secure buffer.
+ * @size: the secure buffer size.
+ * @port: the HW port id to M4U TA.
+ *
+ * Return: 0 for success; else the error code is returned
+ */
+int cmdq_sec_pkt_write(struct cmdq_pkt *pkt, u32 addr, u64 base,
+ const enum cmdq_iwc_addr_metadata_type type,
+ const u32 offset, const u32 size, const u32 port);
+
+#endif /* __MTK_CMDQ_SEC_MAILBOX_H__ */
diff --git a/include/linux/mailbox/mtk-cmdq-sec-tee.h b/include/linux/mailbox/mtk-cmdq-sec-tee.h
new file mode 100644
index 0000000000000..d2c97a137e01f
--- /dev/null
+++ b/include/linux/mailbox/mtk-cmdq-sec-tee.h
@@ -0,0 +1,105 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (c) 2019 MediaTek Inc.
+ */
+
+#ifndef __MTK_CMDQ_SEC_TEE_H__
+#define __MTK_CMDQ_SEC_TEE_H__
+
+#include <linux/types.h>
+#include <linux/delay.h>
+#include <linux/tee_drv.h>
+
+/**
+ * struct cmdq_sec_tee_context - context for tee vendor
+ * @uuid: Universally Unique Identifier of secure world.
+ * @tee_context: basic tee context.
+ * @session: session handle.
+ * @shared_mem: shared memory.
+ */
+struct cmdq_sec_tee_context {
+ u8 uuid[TEE_IOCTL_UUID_LEN];
+ struct tee_context *tee_context;
+ u32 session;
+ struct tee_shm *shared_mem;
+};
+
+/**
+ * cmdq_sec_setup_tee_context() - setup the uuid for the tee context to communicate with
+ * @tee: context for tee vendor
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+void cmdq_sec_setup_tee_context(struct cmdq_sec_tee_context *tee);
+
+/**
+ * cmdq_sec_init_context() - initialize the tee context
+ * @tee: context for tee vendor
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_init_context(struct cmdq_sec_tee_context *tee);
+
+/**
+ * cmdq_sec_deinit_context() - de-initialize the tee context
+ * @tee: context for tee vendor
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_deinit_context(struct cmdq_sec_tee_context *tee);
+
+/**
+ * cmdq_sec_allocate_wsm() - allocate the world share memory to pass message to tee
+ * @tee: context for tee vendor
+ * @wsm_buffer: world share memory buffer with parameters pass to tee
+ * @size: size to allocate
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_allocate_wsm(struct cmdq_sec_tee_context *tee, void **wsm_buffer, u32 size);
+
+/**
+ * cmdq_sec_free_wsm() - free the world share memory
+ * @tee: context for tee vendor
+ * @wsm_buffer: world share memory buffer with parameters pass to tee
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_free_wsm(struct cmdq_sec_tee_context *tee, void **wsm_buffer);
+
+/**
+ * cmdq_sec_open_session() - open session to the tee context
+ * @tee: context for tee vendor
+ * @wsm_buffer: world share memory buffer with parameters pass to tee
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_open_session(struct cmdq_sec_tee_context *tee, void *wsm_buffer);
+
+/**
+ * cmdq_sec_close_session() - close session to the tee context
+ * @tee: context for tee vendor
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_close_session(struct cmdq_sec_tee_context *tee);
+
+/**
+ * cmdq_sec_execute_session() - execute session to the tee context
+ * @tee: context for tee vendor
+ * @cmd: tee invoke cmd id
+ * @timeout_ms: timeout ms to current tee invoke cmd
+ *
+ * Return: 0 for success; else the error code is returned
+ *
+ */
+int cmdq_sec_execute_session(struct cmdq_sec_tee_context *tee, u32 cmd, s32 timeout_ms);
+
+#endif /* __MTK_CMDQ_SEC_TEE_H__ */
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 0/9] Add CMDQ secure driver for SVP
From: Shawn Sung @ 2024-04-03 6:55 UTC (permalink / raw)
To: CK Hu, Jassi Brar, AngeloGioacchino Del Regno
Cc: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Matthias Brugger,
Hsiao Chien Sung, Jason-JH . Lin, Houlong Wei, linux-kernel,
devicetree, linux-arm-kernel, linux-mediatek, Hsiao Chien Sung
From: Hsiao Chien Sung <shawn.sung@mediatek.corp-partner.google.com>
For the Secure Video Path (SVP) feature, inculding the memory stored
secure video content, the registers of display HW pipeline and the
HW configure operations are required to execute in the secure world.
So using a CMDQ secure driver to make all display HW registers
configuration secure DRAM access permision settings execute by GCE
secure thread in the secure world.
We are landing this feature on mt8188 and mt8195 currently.
---
Based on 2 series and 1 patch:
[1] Add CMDQ driver support for mt8188
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=810382
[2] Add mediatek,gce-events definition to mediatek,gce-mailbox bindings
- https://patchwork.kernel.org/project/linux-mediatek/list/?series=810938
[3] soc: mediatek: Add register definitions for GCE
- https://patchwork.kernel.org/project/linux-mediatek/patch/20231017064717.21616-2-shawn.sung@mediatek.com/
---
Changes in v4:
1. Rebase on mediatek-drm-next(278640d4d74cd) and fix the conflicts
2. This series is based on 20240307013458.23550-1-jason-jh.lin@mediatek.com
Changes in v3:
1. separate mt8188 driver porting patches to another series
2. separate adding 'mediatek,gce-events' event prop to another series
3. sepatate mailbox helper and controller driver modification to a
single patch for adding looping thread
4. add kerneldoc for secure mailbox related definition
5. add moving reuseable definition patch before adding secure mailbox
driver patch
6. adjust redundant logic in mtk-cmdq-sec-mailbox
Changes in v2:
1. adjust dt-binding SW event define patch before the dt-binding patch using it
2. adjust dt-binding patch for secure cmdq driver
3. remove the redundant patches or merge the patches of modification for the same API
Jason-JH.Lin (9):
dt-bindings: gce: mt8195: Add CMDQ_SYNC_TOKEN_SECURE_THR_EOF event id
dt-bindings: mailbox: Add mboxes property for CMDQ secure driver
soc: mediatek: cmdq: Add cmdq_pkt_logic_command to support math
operation
soc: mediatek: cmdq: Add cmdq_pkt_write_s_reg_value to support write
value to reg
mailbox: mtk-cmdq: Support GCE loop packets in interrupt handler
mediatek: cmdq: Add cmdq_pkt_finalize_loop for looping cmd with irq
mailbox: mediatek: Move reuseable definition to header for secure
driver
mailbox: mediatek: Add CMDQ secure mailbox driver
mailbox: mediatek: Add secure CMDQ driver support for CMDQ driver
.../mailbox/mediatek,gce-mailbox.yaml | 3 +
drivers/mailbox/Makefile | 2 +-
drivers/mailbox/mtk-cmdq-mailbox.c | 79 +-
drivers/mailbox/mtk-cmdq-sec-mailbox.c | 1091 +++++++++++++++++
drivers/mailbox/mtk-cmdq-sec-tee.c | 165 +++
drivers/soc/mediatek/mtk-cmdq-helper.c | 72 ++
include/dt-bindings/gce/mt8195-gce.h | 6 +
include/linux/mailbox/mtk-cmdq-mailbox.h | 36 +
.../linux/mailbox/mtk-cmdq-sec-iwc-common.h | 385 ++++++
include/linux/mailbox/mtk-cmdq-sec-mailbox.h | 158 +++
include/linux/mailbox/mtk-cmdq-sec-tee.h | 105 ++
include/linux/soc/mediatek/mtk-cmdq.h | 61 +
12 files changed, 2132 insertions(+), 31 deletions(-)
create mode 100644 drivers/mailbox/mtk-cmdq-sec-mailbox.c
create mode 100644 drivers/mailbox/mtk-cmdq-sec-tee.c
create mode 100644 include/linux/mailbox/mtk-cmdq-sec-iwc-common.h
create mode 100644 include/linux/mailbox/mtk-cmdq-sec-mailbox.h
create mode 100644 include/linux/mailbox/mtk-cmdq-sec-tee.h
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply
* [PATCH v4 9/9] mailbox: mediatek: Add secure CMDQ driver support for CMDQ driver
From: Shawn Sung @ 2024-04-03 6:56 UTC (permalink / raw)
To: CK Hu, Jassi Brar, AngeloGioacchino Del Regno
Cc: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Matthias Brugger,
Hsiao Chien Sung, Jason-JH . Lin, Houlong Wei, linux-kernel,
devicetree, linux-arm-kernel, linux-mediatek
In-Reply-To: <20240403065603.21920-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
CMDQ driver will probe a secure CMDQ driver when has_sec flag
in platform data is true and its device node in dts has defined a
event id of CMDQ_SYNC_TOKEN_SEC_EOF.
Secure CMDQ driver support on mt8188 and mt8195 currently.
So add a has_secure flag to their driver data to probe it.
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/mailbox/mtk-cmdq-mailbox.c | 38 ++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/drivers/mailbox/mtk-cmdq-mailbox.c b/drivers/mailbox/mtk-cmdq-mailbox.c
index e04302ca6ec03..a8a0619baaa5c 100644
--- a/drivers/mailbox/mtk-cmdq-mailbox.c
+++ b/drivers/mailbox/mtk-cmdq-mailbox.c
@@ -15,6 +15,7 @@
#include <linux/pm_runtime.h>
#include <linux/mailbox_controller.h>
#include <linux/mailbox/mtk-cmdq-mailbox.h>
+#include <linux/mailbox/mtk-cmdq-sec-mailbox.h>
#include <linux/of.h>
#define CMDQ_MBOX_AUTOSUSPEND_DELAY_MS 100
@@ -60,6 +61,9 @@ struct gce_plat {
u8 shift;
bool control_by_sw;
bool sw_ddr_en;
+ bool has_secure;
+ u32 secure_thread_nr;
+ u32 secure_thread_min;
u32 gce_num;
};
@@ -569,6 +573,7 @@ static int cmdq_probe(struct platform_device *pdev)
int alias_id = 0;
static const char * const clk_name = "gce";
static const char * const clk_names[] = { "gce0", "gce1" };
+ u32 hwid = 0;
cmdq = devm_kzalloc(dev, sizeof(*cmdq), GFP_KERNEL);
if (!cmdq)
@@ -594,6 +599,8 @@ static int cmdq_probe(struct platform_device *pdev)
dev, cmdq->base, cmdq->irq);
if (cmdq->pdata->gce_num > 1) {
+ hwid = of_alias_get_id(dev->of_node, clk_name);
+
for_each_child_of_node(phandle->parent, node) {
alias_id = of_alias_get_id(node, clk_name);
if (alias_id >= 0 && alias_id < cmdq->pdata->gce_num) {
@@ -676,6 +683,31 @@ static int cmdq_probe(struct platform_device *pdev)
pm_runtime_set_autosuspend_delay(dev, CMDQ_MBOX_AUTOSUSPEND_DELAY_MS);
pm_runtime_use_autosuspend(dev);
+ if (cmdq->pdata->has_secure) {
+ struct platform_device *mtk_cmdq_sec;
+ static struct gce_sec_plat sec_plat = {0};
+
+ if (of_property_read_u32_index(dev->of_node, "mediatek,gce-events", 0,
+ &sec_plat.cmdq_event) == 0) {
+ sec_plat.gce_dev = dev;
+ sec_plat.hwid = hwid;
+ sec_plat.gce_num = cmdq->pdata->gce_num;
+ sec_plat.clocks = cmdq->clocks;
+ sec_plat.thread_nr = cmdq->pdata->thread_nr;
+ sec_plat.secure_thread_nr = cmdq->pdata->secure_thread_nr;
+ sec_plat.secure_thread_min = cmdq->pdata->secure_thread_min;
+
+ mtk_cmdq_sec = platform_device_register_data(dev, "mtk-cmdq-sec",
+ PLATFORM_DEVID_AUTO,
+ &sec_plat,
+ sizeof(sec_plat));
+ if (IS_ERR(mtk_cmdq_sec)) {
+ dev_err(dev, "failed to register platform_device mtk-cmdq-sec\n");
+ return PTR_ERR(mtk_cmdq_sec);
+ }
+ }
+ }
+
return 0;
}
@@ -719,6 +751,9 @@ static const struct gce_plat gce_plat_mt8188 = {
.thread_nr = 32,
.shift = 3,
.control_by_sw = true,
+ .has_secure = true,
+ .secure_thread_nr = 2,
+ .secure_thread_min = 8,
.gce_num = 2
};
@@ -733,6 +768,9 @@ static const struct gce_plat gce_plat_mt8195 = {
.thread_nr = 24,
.shift = 3,
.control_by_sw = true,
+ .has_secure = true,
+ .secure_thread_nr = 2,
+ .secure_thread_min = 8,
.gce_num = 2
};
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH v4 7/9] mailbox: mediatek: Move reuseable definition to header for secure driver
From: Shawn Sung @ 2024-04-03 6:56 UTC (permalink / raw)
To: CK Hu, Jassi Brar, AngeloGioacchino Del Regno
Cc: Rob Herring, Krzysztof Kozlowski, Conor Dooley, Matthias Brugger,
Hsiao Chien Sung, Jason-JH . Lin, Houlong Wei, linux-kernel,
devicetree, linux-arm-kernel, linux-mediatek
In-Reply-To: <20240403065603.21920-1-shawn.sung@mediatek.com>
From: "Jason-JH.Lin" <jason-jh.lin@mediatek.com>
To support CMDQ secure driver, move some reuseable definition to header.
- define: e.g. CMDQ_GCE_NUM_MAX, CMDQ_THR_BASE, CMDQ_THR_SIZE.
- struct: e.g. cmdq_thread, cmdq, cmdq_task.
- include: e.g. <linux/clk.h>.
Add "#include <linux/mailbox_controller.h>" for the function that takes
"struct mbox_chan * chan" as a parameter. That may occur a build error
if secure driver header includes the mtk-cmdq-mailbox.h.
- function: e.g. cmdq_get_shift_pa(struct mbox_chan *chan).
Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Signed-off-by: Hsiao Chien Sung <shawn.sung@mediatek.com>
---
drivers/mailbox/mtk-cmdq-mailbox.c | 30 ---------------------
include/linux/mailbox/mtk-cmdq-mailbox.h | 33 ++++++++++++++++++++++++
2 files changed, 33 insertions(+), 30 deletions(-)
diff --git a/drivers/mailbox/mtk-cmdq-mailbox.c b/drivers/mailbox/mtk-cmdq-mailbox.c
index 5906e0343d1fc..e04302ca6ec03 100644
--- a/drivers/mailbox/mtk-cmdq-mailbox.c
+++ b/drivers/mailbox/mtk-cmdq-mailbox.c
@@ -3,7 +3,6 @@
// Copyright (c) 2018 MediaTek Inc.
#include <linux/bitops.h>
-#include <linux/clk.h>
#include <linux/clk-provider.h>
#include <linux/dma-mapping.h>
#include <linux/errno.h>
@@ -22,13 +21,10 @@
#define CMDQ_OP_CODE_MASK (0xff << CMDQ_OP_CODE_SHIFT)
#define CMDQ_NUM_CMD(t) (t->cmd_buf_size / CMDQ_INST_SIZE)
-#define CMDQ_GCE_NUM_MAX (2)
#define CMDQ_CURR_IRQ_STATUS 0x10
#define CMDQ_SYNC_TOKEN_UPDATE 0x68
#define CMDQ_THR_SLOT_CYCLES 0x30
-#define CMDQ_THR_BASE 0x100
-#define CMDQ_THR_SIZE 0x80
#define CMDQ_THR_WARM_RESET 0x00
#define CMDQ_THR_ENABLE_TASK 0x04
#define CMDQ_THR_SUSPEND_TASK 0x08
@@ -59,32 +55,6 @@
#define CMDQ_JUMP_BY_OFFSET 0x10000000
#define CMDQ_JUMP_BY_PA 0x10000001
-struct cmdq_thread {
- struct mbox_chan *chan;
- void __iomem *base;
- struct list_head task_busy_list;
- u32 priority;
-};
-
-struct cmdq_task {
- struct cmdq *cmdq;
- struct list_head list_entry;
- dma_addr_t pa_base;
- struct cmdq_thread *thread;
- struct cmdq_pkt *pkt; /* the packet sent from mailbox client */
-};
-
-struct cmdq {
- struct mbox_controller mbox;
- void __iomem *base;
- int irq;
- u32 irq_mask;
- const struct gce_plat *pdata;
- struct cmdq_thread *thread;
- struct clk_bulk_data clocks[CMDQ_GCE_NUM_MAX];
- bool suspended;
-};
-
struct gce_plat {
u32 thread_nr;
u8 shift;
diff --git a/include/linux/mailbox/mtk-cmdq-mailbox.h b/include/linux/mailbox/mtk-cmdq-mailbox.h
index f78a08e7c6ede..43eae45a08c94 100644
--- a/include/linux/mailbox/mtk-cmdq-mailbox.h
+++ b/include/linux/mailbox/mtk-cmdq-mailbox.h
@@ -7,10 +7,17 @@
#ifndef __MTK_CMDQ_MAILBOX_H__
#define __MTK_CMDQ_MAILBOX_H__
+#include <linux/clk.h>
+#include <linux/mailbox_controller.h>
#include <linux/platform_device.h>
#include <linux/slab.h>
#include <linux/types.h>
+#define CMDQ_GCE_NUM_MAX 2
+
+#define CMDQ_THR_BASE 0x100
+#define CMDQ_THR_SIZE 0x80
+
#define CMDQ_INST_SIZE 8 /* instruction is 64-bit */
#define CMDQ_SUBSYS_SHIFT 16
#define CMDQ_OP_CODE_SHIFT 24
@@ -79,6 +86,32 @@ struct cmdq_pkt {
bool loop;
};
+struct cmdq_thread {
+ struct mbox_chan *chan;
+ void __iomem *base;
+ struct list_head task_busy_list;
+ u32 priority;
+};
+
+struct cmdq {
+ struct mbox_controller mbox;
+ void __iomem *base;
+ int irq;
+ u32 irq_mask;
+ const struct gce_plat *pdata;
+ struct cmdq_thread *thread;
+ struct clk_bulk_data clocks[CMDQ_GCE_NUM_MAX];
+ bool suspended;
+};
+
+struct cmdq_task {
+ struct cmdq *cmdq;
+ struct list_head list_entry;
+ dma_addr_t pa_base;
+ struct cmdq_thread *thread;
+ struct cmdq_pkt *pkt; /* the packet sent from mailbox client */
+};
+
u8 cmdq_get_shift_pa(struct mbox_chan *chan);
#endif /* __MTK_CMDQ_MAILBOX_H__ */
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
* [PATCH] arm64: tlb: Fix TLBI RANGE operand
From: Gavin Shan @ 2024-04-03 6:49 UTC (permalink / raw)
To: linux-arm-kernel
Cc: linux-kernel, catalin.marinas, will, akpm, maz, apopple,
mark.rutland, ryan.roberts, rananta, yangyicong, v-songbaohua,
yezhenyu2, yihyu, shan.gavin
KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty
bitmap is collected by VMM and the corresponding PTEs need to be
write-protected again. Unfortunately, the operand passed to the TLBI
RANGE instruction isn't correctly sorted out by commit d1d3aa98b1d4
("arm64: tlb: Use the TLBI RANGE feature in arm64"). It leads to
crash on the destination VM after live migration because some of the
dirty pages are missed.
For example, I have a VM where 8GB memory is assigned, starting from
0x40000000 (1GB). Note that the host has 4KB as the base page size.
All TLBs for VM can be covered by one TLBI RANGE operation. However,
I receives 0xffff708000040000 as the operand, which is wrong and the
correct one should be 0x00007f8000040000. From the wrong operand, we
have 3 and 1 for SCALE (bits[45:44) and NUM (bits943:39], only 1GB
instead of 8GB memory is covered.
Fix the macro __TLBI_RANGE_NUM() so that the correct NUM and TLBI
RANGE operand are provided.
Fixes: d1d3aa98b1d4 ("arm64: tlb: Use the TLBI RANGE feature in arm64")
Cc: stable@kernel.org # v5.10+
Reported-by: Yihuang Yu <yihyu@redhat.com>
Signed-off-by: Gavin Shan <gshan@redhat.com>
---
arch/arm64/include/asm/tlbflush.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
index 3b0e8248e1a4..07c4fb4b82b4 100644
--- a/arch/arm64/include/asm/tlbflush.h
+++ b/arch/arm64/include/asm/tlbflush.h
@@ -166,7 +166,7 @@ static inline unsigned long get_trans_granule(void)
*/
#define TLBI_RANGE_MASK GENMASK_ULL(4, 0)
#define __TLBI_RANGE_NUM(pages, scale) \
- ((((pages) >> (5 * (scale) + 1)) & TLBI_RANGE_MASK) - 1)
+ ((((pages) >> (5 * (scale) + 1)) - 1) & TLBI_RANGE_MASK)
/*
* TLB Invalidation
--
2.44.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox