* [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave
@ 2024-07-22 4:51 Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 1/5] Documentation/firmware: add imx/se to other_interfaces Pankaj Gupta
` (4 more replies)
0 siblings, 5 replies; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-22 4:51 UTC (permalink / raw)
To: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Pankaj Gupta, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
5/5
- replaced scope_gaurd with gaurd.
4/5
- replaced scope_gaurd with gaurd.
- remove reading the regs property from dtb.
- Added NULL check for priv data fetched from device, as a sanity check, for ele_base_msg apis)
3/5
- replace firmware with senclave-firmware.
2/5
- replace firmware with senclave-firmware.
- drop description for mbox
- Replaced "items:" with maxItems:1 for "memory-region"
- Replaced "items:" with maxItems:1 for "sram"
- remove regs property.
- remove "$nodename"
- Link to v5: https://lore.kernel.org/r/20240712-imx-se-if-v5-0-66a79903a872@nxp.com
Changes in v5:
2/5
- updated the description of mboxes
- updated the description & items for mbox-names.
- updated the description of memory-region
- move "additional properties: false" after allOf block.
- removed other example except one.
4/5
- Corrected the indentation in Kconfig.
- info members:mbox_tx_name & mbox_rx_name, are replaced with macros.
5/5
- Replaced "for secure enclaves", with "for secure enclaves"
- Replaced "user space" with "userspace".
- End the line "[include]<linux/firmware/imx/ele_mu_ioctl.h>" with a period.
- Link to v4: https://lore.kernel.org/r/20240705-imx-se-if-v4-0-52d000e18a1d@nxp.com
Changes in v4:
1/5
a. Removed - from EdgeLock Enclave.
b. Removed , after "Each of the above feature,"
c. replace "can exists" with "can exist".
d.
-messaging units(MU) per SE. Each co-existing 'se' can have one or multiple exclusive
-MU(s), dedicated to itself. None of the MU is shared between two SEs.
+messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive
+MUs, dedicated to itself. None of the MU is shared between two SEs.
Communication of the MU is realized using the Linux mailbox driver.
e.
-All those SE interfaces 'se-if' that is/are dedicated to a particular SE, will be
-enumerated and provisioned under the very single 'SE' node.
+Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has
+multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if'
+that is/are dedicated to a particular SE will be enumerated and provisioned using the
+single compatible node("fsl,imx95-se").
f. Removed ",". Replaced for "Each 'se-if'," with "Each se-if'.
g. removed ","
- This layer is responsible for ensuring the communication protocol, that is defined
+ This layer is responsible for ensuring the communication protocol that is defined
h. removed "-"
- - FW can handle one command-message at a time.
+ - FW can handle one command message at a time.
i.
- Using these multiple device contexts, that are getting multiplexed over a single MU,
- user-space application(s) can call fops like write/read to send the command-message,
- and read back the command-response-message to/from Firmware.
- fops like read & write uses the above defined service layer API(s) to communicate with
+ Using these multiple device contexts that are getting multiplexed over a single MU,
+ userspace application(s) can call fops like write/read to send the command message,
+ and read back the command response message to/from Firmware.
+ fops like read & write use the above defined service layer API(s) to communicate with
Firmware.
j. Uppercase for word "Linux".
2/5
a. Rephrased the description to remove list of phandles.
b. Moved required before allOf:
+required:
+ - compatible
+ - reg
+ - mboxes
+ - mbox-names
+
+additionalProperties: false
+
allOf:
c. replaced not: required: with properties: <property-name>: false.
# memory-region
- not:
- required:
- - memory-region
+ properties:
+ memory-region: false
# sram
- else:
- not:
- required:
- - sram
d. Reduced examples. keeping example of i.MX95.
e. node-name is changed to "firmware@<hex>"
3/5
- node name changed to "firmware@<hex>".
4/5
- used sizeof(*s_info)
- return early, rather than doing goto exit, in ele_get_info().
- Use upper_32_bits() and lower_32_bits()
- use rx_msg here instead of priv->rx_msg
- Moved the status check to validate_rsp_hdr. Rename the function to "se_val_rsp_hdr_n_status"
- typecasting removed header = (struct se_msg_hdr *) msg;
- Converted the API name with prefix imx_ele_* or imx_se_*, to ele_* and se_*, respectively.
- Removed the functions definition & declaration for: free_phybuf_mem_pool() & get_phybuf_mem_pool()
- removed the mbox_free_channel() calls from clean-up.
- Flag "priv->flags" is removed.
- Converted the int se_if_probe_cleanup() to void se_if_probe_cleanup().
- Replaced NULL initialization of structure members: priv->cmd_receiver_dev & priv->waiting_rsp_dev , with comments.
- Removed the function's declaration get_phy_buf_mem_pool1
5/5
Changes to Documentation/ABI/testing/se-cdev.
a. Removed "-" from "secure-enclave" and "file-descriptor".
b. Removed "-" from "shared-library"
c. Replaced "get" with "getting".
d. Added description for the new IOCTL "send command and receive command response"
e. Replaced "wakeup_intruptible" with "wait_event_interruptible"
f. Removed ";"
g. Removd "," from "mailbox_lock,"
h. Replaced "free" with "frees"
i. In mailbox callback function, checking the buffer size before
copying.
- Link to v3: https://lore.kernel.org/r/20240617-imx-se-if-v3-0-a7d28dea5c4a@nxp.com
Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave
Hardware interface of the NXP Secure Enclave HW IP(s) like EdgeLock Enclave,
V2X, SHE etc, is based on the Messaging Unit module that enables processing
elements like ARMv8 core, RISC V core, within the SoC to communicate and
coordinate by passing messages (e.g., data, status and control) through
these interfaces.
The NXP i.MX secure enclaves hardware interface kernel driver, is specifically
targeted for use between application core and NXP secure-enclave(s) HW. It allows
to send/receive messages to/from the secure-enclave.
Patch-set adds the kernel driver for communication interface to secure-enclave,
for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
both from:
- User-Space Applications via character driver.
- Kernel-space, used by kernel management layers like DM-Crypt.
To: Jonathan Corbet <corbet@lwn.net>
To: Rob Herring <robh+dt@kernel.org>
To: Conor Dooley <conor+dt@kernel.org>
To: Shawn Guo <shawnguo@kernel.org>
To: Sascha Hauer <s.hauer@pengutronix.de>
To: Pengutronix Kernel Team <kernel@pengutronix.de>
To: Fabio Estevam <festevam@gmail.com>
To: Rob Herring <robh@kernel.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: devicetree@vger.kernel.org
Cc: imx@lists.linux.dev
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Changes in v3:
5/5:
- Initialize tx_msg with NULL.
- memdup_user() returns an error pointer, not NULL. correct it by adding check for err_ptr.
- new IOCTL is added to send & recieve the message.
- replaced the while loop till list is empty, with list_for_each_entry.
- replaced __list_del_entry, with list_del.
- Removed the dev_err message from copy to user.
- Removed the casting of void *.
- corrected the typcasting in copy to user.
- removed un-necessary goto statement.
- Removed dead code for clean-up of memory.
- Removed un-mapping of secured memory
- Passing se_if_priv structure to init_device_context.
- Updated the below check to replace io.length with round_up(io.length).
if (shared_mem->size < shared_mem->pos|| io.length >= shared_mem->size - shared_mem->pos)
- Created a function to cleanup the list of shared memory buffers.
- Used list_for_each_entry_safe(). created a separate functions: se_dev_ctx_cpy_out_data() & se_dev_ctx_shared_mem_cleanup()
4/5
- Changed the compatible string to replace "-ele", to "-se".
- Declaration of imx_se_node_info, is done as const in the whole file
- Remove the unused macros from ele_base_msg.h
- Remove the function declaration get_phy_buf_mem_pool1, from the header file.
- Replace the use of dmam_alloc_coherent to dma_alloc_coherent
- Check for function pointer, before calling the fucntion pointer in imx_fetch_se_soc_info
- Removed the unused flag for SE_MU_IO_FLAGS_USE_SEC_MEM.
- Removed the unused macros WORD_SZ
- instead of struct device *dev, struct se_if_priv *priv, is used as argument to the funtions:se_save_imem_state, se_restore_imem_state, imx_fetch_se_soc_info
- Removed ret from validate_rsp_hdr.
- changed the prefix of the funtion: plat_add_msg_crc and plat_fill_cmd_msg_hdr.
- indentation correction for info structures.
- remove the check for priv not null from se_if_probe_cleanup
- Removed the casting of void *.
- se_load_firmware function is corrected for not freeing the buffer when allocation fails.
- Checking if get_imx_se_node_info() can return NULL, in se_if_probe()
- imem.size has type u32. return value from se_save_imem_state() will be assigned to imem.size in case of success only.
- removed the flag un-setting in case of failure. priv->flags &= (~RESERVED_DMA_POOL);
- removed the function call for devm_of_platform_populate(dev);
- Checking for not-NULL, before calling the funtion pointer se_fetch_soc_info.
- Removed the checking for reserved memory flag, before freeing up the reserved memory, in se_probe_if_cleanup.
3/5
- Changed the compatible string to replace "-ele", to "-se".
2/5
- to fix the warning error, replaced the "-ele" & "-v2x" in compatible string, to "-se".
- Added an example for ele@0 for compatible string "fsl,imx95-se"
Changes in v2:
4/4
- Split this patch into two: 1. base driver & 2. Miscdev
- Initialize the return variable "err" as 0, before calling 'return err', in the file ele_common.c
- Fix the usage of un-iniitialized pointer variable, by initializing them with NULL, in ele_base_msg.c.
- Fix initializing the ret variable, to return the correct error code in case of issue.
- replaced dmam_alloc_coherent with dma_alloc_coherent.
- Replace the use of ELE_GET_INFO_READ_SZ, with sizeof(soc_info).
- Replaced -1 with -EPERM
- Removed the safety check on func-input param, in ele_get_info().
- fix the assigning data[1] with lower 32 address, rather than zero, for ele_fw_authenticate API.
- Correctly initializing the function's return error code, for file ele_base_msg.c.
- replaced 'return' with 'goto'.
- Use length in bytes.
- Corrected the structure se_msg_hdr.
- Moved setting of rx_msg to priv, into the function imx_ele_msg_send_rcv
- Will add lockdep_assert_held, to receive path, in v2.
- corrected the spacing at "ret = validate_rsp_hdr"
- FIELD_GET() used for RES_STATUS
- Re-write the structure soc_info, matching the information provided in response to this api.
- The "|" goes to the end of the previous line.
- Moved the locking and unlocking of the command lock to the caller of the function.
- removed the safety check for device private data.
- Structure memory reference, used to read message header.
- In the interrupt call back function, remove assigning waiting_rsp_dev to NULL, in case of response message rcv from FW.
- do while removed.
- replaced BIT(1) for RESERVED_DMA_POOL, to BIT(0)
- The backslash is removed while assigning the file name with absolute path to structure variable.fw_name_in_rfs =.
- Update the 'if' condition by removing "idx < 0".
- mbox_request_channel_byname() uses a "char" for the name not a u8. Corrected.
- devm managed resources, are not cleaned now, in function se_probe_if_cleanup
- Used dev_err_probe().
- Used %pe to print error string.
- remove "__maybe_unused" for "struct platform_device *enum_plat_dev __maybe_unused;"
- used FIELD_GET(), for RES_STATUS. Removed the use of MSG_TAG, MSG_COMMAND, MSG_SIZE, MSG_VER.
- Depricated the used of member of struct se_if_priv, bool no_dev_ctx_used;
- Moved the text explaing the synchronization logic via mutexes, from patch 1/4 to se_ctrl.h.
- removed the type casting of info_list = (struct imx_se_node_info_list *) device_get_match_data(dev->parent);
- Used static variable priv->soc_rev in the se_ctrl.c, replaced the following condition: if (info_list->soc_rev) to if (priv->soc_rev) for checking if this flow is already executed or not.
- imx_fetch_soc_info will return failure if the get_info function fails.
- Removed devm_free from imx_fetch_soc_info too.
3/3
- Made changes to move all the properties to parent node, without any child node.
2/4
- Use Hex pattern string.
- Move the properties to parent node, with no child node.
- Add i.MX95-ele to compatible nodes to fix the warning "/example-2/v2x: failed to match any schema with compatible: ['fsl,imx95-v2x']"
1/1
- Corrected the spelling from creats to creates.
- drop the braces around the plural 's' for interfaces
- written se in upper case SE.
- Replace "multiple message(s)" with messages.
- Removed too much details about locks.
Testing
- make CHECK_DTBS=y freescale/imx8ulp-evk.dtb;
- make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j8 dt_binding_check DT_SCHEMA_FILES=fsl,imx-se.yaml
- make C=1 CHECK=scripts/coccicheck drivers/firmware/imx/*.* W=1 > r.txt
- ./scripts/checkpatch.pl --git <>..HEAD
- Tested the Image and .dtb, on the i.MX8ULP.
Reference
- Link to v1: https://lore.kernel.org/r/20240510-imx-se-if-v1-0-27c5a674916d@nxp.com
- Link to v2: https://lore.kernel.org/r/20240523-imx-se-if-v2-0-5a6fd189a539@nxp.com
---
Pankaj Gupta (5):
Documentation/firmware: add imx/se to other_interfaces
dt-bindings: arm: fsl: add imx-se-fw binding doc
arm64: dts: imx8ulp-evk: add nxp secure enclave firmware
firmware: imx: add driver for NXP EdgeLock Enclave
firmware: imx: adds miscdev
Documentation/ABI/testing/se-cdev | 43 +
.../devicetree/bindings/firmware/fsl,imx-se.yaml | 91 ++
.../driver-api/firmware/other_interfaces.rst | 121 ++
arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 +-
arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 13 +-
drivers/firmware/imx/Kconfig | 12 +
drivers/firmware/imx/Makefile | 2 +
drivers/firmware/imx/ele_base_msg.c | 274 +++++
drivers/firmware/imx/ele_base_msg.h | 95 ++
drivers/firmware/imx/ele_common.c | 450 ++++++++
drivers/firmware/imx/ele_common.h | 48 +
drivers/firmware/imx/se_ctrl.c | 1205 ++++++++++++++++++++
drivers/firmware/imx/se_ctrl.h | 133 +++
include/linux/firmware/imx/se_api.h | 14 +
include/uapi/linux/se_ioctl.h | 94 ++
15 files changed, 2609 insertions(+), 3 deletions(-)
---
base-commit: b63ff26648537a5600cf79bd62f916792c53e015
change-id: 20240507-imx-se-if-a40055093dc6
Best regards,
--
Pankaj Gupta <pankaj.gupta@nxp.com>
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v6 1/5] Documentation/firmware: add imx/se to other_interfaces
2024-07-22 4:51 [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave Pankaj Gupta
@ 2024-07-22 4:51 ` Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc Pankaj Gupta
` (3 subsequent siblings)
4 siblings, 0 replies; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-22 4:51 UTC (permalink / raw)
To: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Pankaj Gupta, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s)
that contains the NXP hardware IP(s) for Secure Enclaves(se) like:
- NXP EdgeLock Enclave on i.MX93 & i.MX8ULP
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
.../driver-api/firmware/other_interfaces.rst | 121 +++++++++++++++++++++
1 file changed, 121 insertions(+)
diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst
index 06ac89adaafb..a3a95b54a174 100644
--- a/Documentation/driver-api/firmware/other_interfaces.rst
+++ b/Documentation/driver-api/firmware/other_interfaces.rst
@@ -49,3 +49,124 @@ of the requests on to a secure monitor (EL3).
.. kernel-doc:: drivers/firmware/stratix10-svc.c
:export:
+
+NXP Secure Enclave Firmware Interface
+=====================================
+
+Introduction
+------------
+The NXP's i.MX HW IP like EdgeLock Enclave, V2X etc., creates an embedded secure
+enclave within the SoC boundary to enable features like
+ - Hardware Security Module (HSM)
+ - Security Hardware Extension (SHE)
+ - Vehicular to Anything (V2X)
+
+Each of the above feature is enabled through dedicated NXP H/W IP on the SoC.
+On a single SoC, multiple hardware IP (or can say more than one secure enclave)
+can exist.
+
+NXP SoCs enabled with the such secure enclaves(SEs) IPs are:
+i.MX93, i.MX8ULP
+
+To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated
+messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive
+MUs, dedicated to itself. None of the MU is shared between two SEs.
+Communication of the MU is realized using the Linux mailbox driver.
+
+NXP Secure Enclave(SE) Interface
+--------------------------------
+Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has
+multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if'
+that is/are dedicated to a particular SE will be enumerated and provisioned using the
+single compatible node("fsl,imx95-se").
+
+Each 'se-if' comprise of twp layers:
+- (C_DEV Layer) User-Space software-access interface.
+- (Service Layer) OS-level software-access interface.
+
+ +--------------------------------------------+
+ | Character Device(C_DEV) |
+ | |
+ | +---------+ +---------+ +---------+ |
+ | | misc #1 | | misc #2 | ... | misc #n | |
+ | | dev | | dev | | dev | |
+ | +---------+ +---------+ +---------+ |
+ | +-------------------------+ |
+ | | Misc. Dev Synchr. Logic | |
+ | +-------------------------+ |
+ | |
+ +--------------------------------------------+
+
+ +--------------------------------------------+
+ | Service Layer |
+ | |
+ | +-----------------------------+ |
+ | | Message Serialization Logic | |
+ | +-----------------------------+ |
+ | +---------------+ |
+ | | imx-mailbox | |
+ | | mailbox.c | |
+ | +---------------+ |
+ | |
+ +--------------------------------------------+
+
+- service layer:
+ This layer is responsible for ensuring the communication protocol that is defined
+ for communication with firmware.
+
+ FW Communication protocol ensures two things:
+ - Serializing the messages to be sent over an MU.
+
+ - FW can handle one command message at a time.
+
+- c_dev:
+ This layer offers character device contexts, created as '/dev/<se>_mux_chx'.
+ Using these multiple device contexts that are getting multiplexed over a single MU,
+ userspace application(s) can call fops like write/read to send the command message,
+ and read back the command response message to/from Firmware.
+ fops like read & write use the above defined service layer API(s) to communicate with
+ Firmware.
+
+ Misc-device(/dev/<se>_mux_chn) synchronization protocol:
+
+ Non-Secure + Secure
+ |
+ |
+ +---------+ +-------------+ |
+ | se_fw.c +<---->+imx-mailbox.c| |
+ | | | mailbox.c +<-->+------+ +------+
+ +---+-----+ +-------------+ | MU X +<-->+ ELE |
+ | +------+ +------+
+ +----------------+ |
+ | | |
+ v v |
+ logical logical |
+ receiver waiter |
+ + + |
+ | | |
+ | | |
+ | +----+------+ |
+ | | | |
+ | | | |
+ device_ctx device_ctx device_ctx |
+ |
+ User 0 User 1 User Y |
+ +------+ +------+ +------+ |
+ |misc.c| |misc.c| |misc.c| |
+ kernel space +------+ +------+ +------+ |
+ |
+ +------------------------------------------------------ |
+ | | | |
+ userspace /dev/ele_muXch0 | | |
+ /dev/ele_muXch1 | |
+ /dev/ele_muXchY |
+ |
+
+When a user sends a command to the firmware, it registers its device_ctx
+as waiter of a response from firmware.
+
+Enclave's Firmware owns the storage management, over Linux filesystem.
+For this c_dev provisions a dedicated slave device called "receiver".
+
+.. kernel-doc:: drivers/firmware/imx/se_fw.c
+ :export:
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-22 4:51 [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 1/5] Documentation/firmware: add imx/se to other_interfaces Pankaj Gupta
@ 2024-07-22 4:51 ` Pankaj Gupta
2024-07-22 16:50 ` Conor Dooley
2024-07-22 4:51 ` [PATCH v6 3/5] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware Pankaj Gupta
` (2 subsequent siblings)
4 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-22 4:51 UTC (permalink / raw)
To: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Pankaj Gupta, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
creates an embedded secure enclave within the SoC boundary to enable
features like:
- HSM
- SHE
- V2X
Secure-Enclave(s) communication interface are typically via message
unit, i.e., based on mailbox linux kernel driver. This driver enables
communication ensuring well defined message sequence protocol between
Application Core and enclave's firmware.
Driver configures multiple misc-device on the MU, for multiple
user-space applications, to be able to communicate over single MU.
It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
.../devicetree/bindings/firmware/fsl,imx-se.yaml | 91 ++++++++++++++++++++++
1 file changed, 91 insertions(+)
diff --git a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
new file mode 100644
index 000000000000..7511d0e9cf98
--- /dev/null
+++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
@@ -0,0 +1,91 @@
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
+
+maintainers:
+ - Pankaj Gupta <pankaj.gupta@nxp.com>
+
+description: |
+ NXP's SoC may contain one or multiple embedded secure-enclave HW
+ IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
+ enables features like
+ - Hardware Security Module (HSM),
+ - Security Hardware Extension (SHE), and
+ - Vehicular to Anything (V2X)
+
+ Communication interface to the secure-enclaves(se) is based on the
+ messaging unit(s).
+
+properties:
+ compatible:
+ enum:
+ - fsl,imx8ulp-se
+ - fsl,imx93-se
+ - fsl,imx95-se
+
+ mboxes:
+ items:
+ - description: mailbox phandle to send message to se firmware
+ - description: mailbox phandle to receive message from se firmware
+
+ mbox-names:
+ items:
+ - const: tx
+ - const: rx
+
+ memory-region:
+ maxItems: 1
+
+ sram:
+ maxItems: 1
+
+required:
+ - compatible
+ - mboxes
+ - mbox-names
+
+allOf:
+ # memory-region
+ - if:
+ properties:
+ compatible:
+ contains:
+ enum:
+ - fsl,imx8ulp-se
+ - fsl,imx93-se
+ then:
+ required:
+ - memory-region
+ else:
+ properties:
+ memory-region: false
+
+ # sram
+ - if:
+ properties:
+ compatible:
+ contains:
+ enum:
+ - fsl,imx8ulp-se
+ then:
+ required:
+ - sram
+
+ else:
+ properties:
+ sram: false
+
+additionalProperties: false
+
+examples:
+ - |
+ senclave-firmware {
+ compatible = "fsl,imx95-se";
+ mboxes = <&ele_mu0 0 0>, <&ele_mu0 1 0>;
+ mbox-names = "tx", "rx";
+ };
+...
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v6 3/5] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware
2024-07-22 4:51 [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 1/5] Documentation/firmware: add imx/se to other_interfaces Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc Pankaj Gupta
@ 2024-07-22 4:51 ` Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 4/5] firmware: imx: add driver for NXP EdgeLock Enclave Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 5/5] firmware: imx: adds miscdev Pankaj Gupta
4 siblings, 0 replies; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-22 4:51 UTC (permalink / raw)
To: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Pankaj Gupta, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
Add support for NXP secure enclave called EdgeLock Enclave
firmware (se-fw) for imx8ulp-evk.
EdgeLock Enclave has a hardware limitation of restricted access to DDR
address: 0x80000000 to 0xAFFFFFFF, so reserve 1MB of DDR memory region
from 0x80000000.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 ++++++++++++++++-
arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 13 +++++++++++--
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts b/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts
index 24bb253b938d..ca8958f28a83 100644
--- a/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts
+++ b/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
/*
- * Copyright 2021 NXP
+ * Copyright 2021, 2024 NXP
*/
/dts-v1/;
@@ -19,6 +19,17 @@ memory@80000000 {
device_type = "memory";
reg = <0x0 0x80000000 0 0x80000000>;
};
+ reserved-memory {
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+
+ ele_reserved: ele-reserved@90000000 {
+ compatible = "shared-dma-pool";
+ reg = <0 0x90000000 0 0x100000>;
+ no-map;
+ };
+ };
reserved-memory {
#address-cells = <2>;
@@ -146,6 +157,10 @@ &usdhc0 {
status = "okay";
};
+&ele_if0 {
+ memory-region = <&ele_reserved>;
+};
+
&fec {
pinctrl-names = "default", "sleep";
pinctrl-0 = <&pinctrl_enet>;
diff --git a/arch/arm64/boot/dts/freescale/imx8ulp.dtsi b/arch/arm64/boot/dts/freescale/imx8ulp.dtsi
index c460afaa76f5..94fd89d18019 100644
--- a/arch/arm64/boot/dts/freescale/imx8ulp.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8ulp.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
/*
- * Copyright 2021 NXP
+ * Copyright 2021, 2024 NXP
*/
#include <dt-bindings/clock/imx8ulp-clock.h>
@@ -152,7 +152,7 @@ sosc: clock-sosc {
#clock-cells = <0>;
};
- sram@2201f000 {
+ sram0: sram@2201f000 {
compatible = "mmio-sram";
reg = <0x0 0x2201f000 0x0 0x1000>;
@@ -167,6 +167,8 @@ scmi_buf: scmi-sram-section@0 {
};
firmware {
+ #address-cells = <1>;
+ #size-cells = <0>;
scmi {
compatible = "arm,scmi-smc";
arm,smc-id = <0xc20000fe>;
@@ -184,6 +186,13 @@ scmi_sensor: protocol@15 {
#thermal-sensor-cells = <1>;
};
};
+
+ ele_if0: senclave-firmware@0 {
+ compatible = "fsl,imx8ulp-se";
+ mbox-names = "tx", "rx";
+ mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+ sram = <&sram0>;
+ };
};
cm33: remoteproc-cm33 {
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v6 4/5] firmware: imx: add driver for NXP EdgeLock Enclave
2024-07-22 4:51 [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave Pankaj Gupta
` (2 preceding siblings ...)
2024-07-22 4:51 ` [PATCH v6 3/5] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware Pankaj Gupta
@ 2024-07-22 4:51 ` Pankaj Gupta
2024-07-23 14:28 ` Sascha Hauer
2024-07-22 4:51 ` [PATCH v6 5/5] firmware: imx: adds miscdev Pankaj Gupta
4 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-22 4:51 UTC (permalink / raw)
To: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Pankaj Gupta, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
are embedded in the SoC to support the features like HSM, SHE & V2X,
using message based communication interface.
The secure enclave FW communicates on a dedicated messaging unit(MU)
based interface(s) with application core, where kernel is running.
It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
This patch adds the driver for communication interface to secure-enclave,
for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
Enclave (ELE) from Kernel-space, used by kernel management layers like
- DM-Crypt.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
drivers/firmware/imx/Kconfig | 12 +
drivers/firmware/imx/Makefile | 2 +
drivers/firmware/imx/ele_base_msg.c | 274 +++++++++++++++++++
drivers/firmware/imx/ele_base_msg.h | 95 +++++++
drivers/firmware/imx/ele_common.c | 264 ++++++++++++++++++
drivers/firmware/imx/ele_common.h | 44 +++
drivers/firmware/imx/se_ctrl.c | 528 ++++++++++++++++++++++++++++++++++++
drivers/firmware/imx/se_ctrl.h | 87 ++++++
include/linux/firmware/imx/se_api.h | 14 +
9 files changed, 1320 insertions(+)
diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
index 183613f82a11..0f6877a24f0b 100644
--- a/drivers/firmware/imx/Kconfig
+++ b/drivers/firmware/imx/Kconfig
@@ -22,3 +22,15 @@ config IMX_SCU
This driver manages the IPC interface between host CPU and the
SCU firmware running on M4.
+
+config IMX_SEC_ENCLAVE
+ tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
+ depends on IMX_MBOX && ARCH_MXC && ARM64
+ default m if ARCH_MXC
+
+ help
+ It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
+ - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
+ like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
+ Unit. This driver exposes these interfaces via a set of file descriptors
+ allowing to configure shared memory, send and receive messages.
diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
index 8f9f04a513a8..aa9033e0e9e3 100644
--- a/drivers/firmware/imx/Makefile
+++ b/drivers/firmware/imx/Makefile
@@ -1,3 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_IMX_DSP) += imx-dsp.o
obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
+sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
+obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
new file mode 100644
index 000000000000..7f16184a8b10
--- /dev/null
+++ b/drivers/firmware/imx/ele_base_msg.c
@@ -0,0 +1,274 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2024 NXP
+ */
+
+#include <linux/types.h>
+
+#include <linux/completion.h>
+#include <linux/dma-mapping.h>
+#include <linux/genalloc.h>
+
+#include "ele_base_msg.h"
+#include "ele_common.h"
+
+int ele_get_info(struct device *dev, struct ele_dev_info *s_info)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree) = NULL;
+ struct se_api_msg *rx_msg __free(kfree) = NULL;
+ dma_addr_t get_info_addr = 0;
+ u32 *get_info_data = NULL;
+ int ret = 0;
+
+ if (!priv) {
+ ret = -EINVAL;
+ return ret;
+ }
+
+ memset(s_info, 0x0, sizeof(*s_info));
+
+ if (priv->mem_pool)
+ get_info_data = gen_pool_dma_alloc(priv->mem_pool,
+ ELE_GET_INFO_BUFF_SZ,
+ &get_info_addr);
+ else
+ get_info_data = dma_alloc_coherent(dev,
+ ELE_GET_INFO_BUFF_SZ,
+ &get_info_addr,
+ GFP_KERNEL);
+ if (!get_info_data) {
+ ret = -ENOMEM;
+ dev_dbg(dev,
+ "%s: Failed to allocate get_info_addr.\n",
+ __func__);
+ return ret;
+ }
+
+ tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+ priv->rx_msg_sz = ELE_GET_INFO_RSP_MSG_SZ;
+
+ ret = se_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_GET_INFO_REQ,
+ ELE_GET_INFO_REQ_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ tx_msg->data[0] = upper_32_bits(get_info_addr);
+ tx_msg->data[1] = lower_32_bits(get_info_addr);
+ tx_msg->data[2] = sizeof(*s_info);
+ ret = ele_msg_send_rcv(priv, tx_msg, rx_msg);
+ if (ret < 0)
+ goto exit;
+
+ ret = se_val_rsp_hdr_n_status(priv,
+ &rx_msg->header,
+ ELE_GET_INFO_REQ,
+ ELE_GET_INFO_RSP_MSG_SZ,
+ true);
+
+ memcpy(s_info, get_info_data, sizeof(*s_info));
+ priv->imem.state = s_info->d_addn_info.imem_state;
+
+exit:
+ if (priv->mem_pool)
+ gen_pool_free(priv->mem_pool,
+ (u64) get_info_data,
+ ELE_GET_INFO_BUFF_SZ);
+ else
+ dma_free_coherent(dev,
+ ELE_GET_INFO_BUFF_SZ,
+ get_info_data,
+ get_info_addr);
+
+ return ret;
+}
+
+int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 *serial_num)
+{
+ struct ele_dev_info s_info = {0};
+ int err = 0;
+
+ err = ele_get_info(dev, &s_info);
+ if (err < 0) {
+ dev_err(dev, "Error");
+ return err;
+ }
+
+ if (soc_rev)
+ *soc_rev = s_info.d_info.soc_rev;
+ if (serial_num)
+ *serial_num = GET_SERIAL_NUM_FROM_UID(s_info.d_info.uid, MAX_UID_SIZE >> 2);
+
+ return err;
+}
+
+int ele_ping(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree) = NULL;
+ struct se_api_msg *rx_msg __free(kfree) = NULL;
+ int ret = 0;
+
+ if (!priv) {
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ tx_msg = kzalloc(ELE_PING_REQ_SZ, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ rx_msg = kzalloc(ELE_PING_RSP_SZ, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+ priv->rx_msg_sz = ELE_PING_RSP_SZ;
+
+ ret = se_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_PING_REQ, ELE_PING_REQ_SZ, true);
+ if (ret) {
+ dev_err(dev, "Error: se_fill_cmd_msg_hdr failed.\n");
+ goto exit;
+ }
+
+ ret = ele_msg_send_rcv(priv, tx_msg, rx_msg);
+ if (ret)
+ goto exit;
+
+ ret = se_val_rsp_hdr_n_status(priv,
+ &rx_msg->header,
+ ELE_PING_REQ,
+ ELE_PING_RSP_SZ,
+ true);
+exit:
+ return ret;
+}
+
+int ele_service_swap(struct device *dev,
+ phys_addr_t addr,
+ u32 addr_size, u16 flag)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree) = NULL;
+ struct se_api_msg *rx_msg __free(kfree) = NULL;
+ int ret = 0;
+
+ if (!priv) {
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+ priv->rx_msg_sz = ELE_SERVICE_SWAP_RSP_MSG_SZ;
+
+ ret = se_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_SERVICE_SWAP_REQ,
+ ELE_SERVICE_SWAP_REQ_MSG_SZ, true);
+ if (ret)
+ goto exit;
+
+ tx_msg->data[0] = flag;
+ tx_msg->data[1] = addr_size;
+ tx_msg->data[2] = ELE_NONE_VAL;
+ tx_msg->data[3] = lower_32_bits(addr);
+ tx_msg->data[4] = se_add_msg_crc((uint32_t *)&tx_msg[0],
+ ELE_SERVICE_SWAP_REQ_MSG_SZ);
+ ret = ele_msg_send_rcv(priv, tx_msg, rx_msg);
+ if (ret < 0)
+ goto exit;
+
+ ret = se_val_rsp_hdr_n_status(priv,
+ &rx_msg->header,
+ ELE_SERVICE_SWAP_REQ,
+ ELE_SERVICE_SWAP_RSP_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ if (flag == ELE_IMEM_EXPORT)
+ ret = rx_msg->data[1];
+ else
+ ret = 0;
+
+exit:
+
+ return ret;
+}
+
+int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree) = NULL;
+ struct se_api_msg *rx_msg __free(kfree) = NULL;
+ int ret = 0;
+
+ if (!priv) {
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+ priv->rx_msg_sz = ELE_FW_AUTH_RSP_MSG_SZ;
+
+ ret = se_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_FW_AUTH_REQ,
+ ELE_FW_AUTH_REQ_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ tx_msg->data[1] = upper_32_bits(addr);
+ tx_msg->data[0] = lower_32_bits(addr);
+ tx_msg->data[2] = addr;
+
+ ret = ele_msg_send_rcv(priv, tx_msg, rx_msg);
+ if (ret < 0)
+ goto exit;
+
+ ret = se_val_rsp_hdr_n_status(priv,
+ &rx_msg->header,
+ ELE_FW_AUTH_REQ,
+ ELE_FW_AUTH_RSP_MSG_SZ,
+ true);
+exit:
+ return ret;
+}
diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h
new file mode 100644
index 000000000000..88ccfce8c8f7
--- /dev/null
+++ b/drivers/firmware/imx/ele_base_msg.h
@@ -0,0 +1,95 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ *
+ * Header file for the EdgeLock Enclave Base API(s).
+ */
+
+#ifndef ELE_BASE_MSG_H
+#define ELE_BASE_MSG_H
+
+#include <linux/device.h>
+#include <linux/types.h>
+
+#define WORD_SZ 4
+#define ELE_NONE_VAL 0x0
+
+#define ELE_GET_INFO_REQ 0xDA
+#define ELE_GET_INFO_REQ_MSG_SZ 0x10
+#define ELE_GET_INFO_RSP_MSG_SZ 0x08
+
+#define DEFAULT_IMX_SOC_VER 0xA000
+#define SOC_VER_MASK 0xFFFF0000
+#define SOC_ID_MASK 0x0000FFFF
+
+#define MAX_UID_SIZE (16)
+#define DEV_GETINFO_ROM_PATCH_SHA_SZ (32)
+#define DEV_GETINFO_FW_SHA_SZ (32)
+#define DEV_GETINFO_OEM_SRKH_SZ (64)
+#define DEV_GETINFO_MIN_VER_MASK 0xFF
+#define DEV_GETINFO_MAJ_VER_MASK 0xFF00
+#define ELE_DEV_INFO_EXTRA_SZ 0x60
+
+struct dev_info {
+ uint8_t cmd;
+ uint8_t ver;
+ uint16_t length;
+ uint16_t soc_id;
+ uint16_t soc_rev;
+ uint16_t lmda_val;
+ uint8_t ssm_state;
+ uint8_t dev_atts_api_ver;
+ uint8_t uid[MAX_UID_SIZE];
+ uint8_t sha_rom_patch[DEV_GETINFO_ROM_PATCH_SHA_SZ];
+ uint8_t sha_fw[DEV_GETINFO_FW_SHA_SZ];
+};
+
+struct dev_addn_info {
+ uint8_t oem_srkh[DEV_GETINFO_OEM_SRKH_SZ];
+ uint8_t trng_state;
+ uint8_t csal_state;
+ uint8_t imem_state;
+ uint8_t reserved2;
+};
+
+struct ele_dev_info {
+ struct dev_info d_info;
+ struct dev_addn_info d_addn_info;
+};
+
+#define ELE_GET_INFO_BUFF_SZ (sizeof(struct ele_dev_info) \
+ + ELE_DEV_INFO_EXTRA_SZ)
+
+#define GET_SERIAL_NUM_FROM_UID(x, uid_word_sz) \
+ (((u64)(((u32 *)(x))[(uid_word_sz) - 1]) << 32) | ((u32 *)(x))[0])
+
+#define ELE_DEBUG_DUMP_REQ 0x21
+#define ELE_DEBUG_DUMP_RSP_SZ 0x14
+
+#define ELE_PING_REQ 0x01
+#define ELE_PING_REQ_SZ 0x04
+#define ELE_PING_RSP_SZ 0x08
+
+#define ELE_SERVICE_SWAP_REQ 0xDF
+#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
+#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
+#define ELE_IMEM_SIZE 0x10000
+#define ELE_IMEM_STATE_OK 0xCA
+#define ELE_IMEM_STATE_BAD 0xFE
+#define ELE_IMEM_STATE_WORD 0x27
+#define ELE_IMEM_STATE_MASK 0x00ff0000
+#define ELE_IMEM_EXPORT 0x1
+#define ELE_IMEM_IMPORT 0x2
+
+#define ELE_FW_AUTH_REQ 0x02
+#define ELE_FW_AUTH_REQ_SZ 0x10
+#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
+
+int ele_get_info(struct device *dev, struct ele_dev_info *s_info);
+int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 *serial_num);
+int ele_ping(struct device *dev);
+int ele_service_swap(struct device *dev,
+ phys_addr_t addr,
+ u32 addr_size, u16 flag);
+int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
+#endif
diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
new file mode 100644
index 000000000000..3a6584d6f6f2
--- /dev/null
+++ b/drivers/firmware/imx/ele_common.c
@@ -0,0 +1,264 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2024 NXP
+ */
+
+#include "ele_base_msg.h"
+#include "ele_common.h"
+
+u32 se_add_msg_crc(u32 *msg, u32 msg_len)
+{
+ u32 nb_words = msg_len / (u32)sizeof(u32);
+ u32 crc = 0;
+ u32 i;
+
+ for (i = 0; i < nb_words - 1; i++)
+ crc ^= *(msg + i);
+
+ return crc;
+}
+
+int ele_msg_rcv(struct se_if_priv *priv)
+{
+ u32 wait;
+ int err = 0;
+
+ lockdep_assert_held(&priv->se_if_cmd_lock);
+
+ wait = msecs_to_jiffies(1000);
+ if (!wait_for_completion_timeout(&priv->done, wait)) {
+ dev_err(priv->dev,
+ "Error: wait_for_completion timed out.\n");
+ err = -ETIMEDOUT;
+ }
+
+ return err;
+}
+
+int ele_msg_send(struct se_if_priv *priv, void *tx_msg)
+{
+ struct se_msg_hdr *header;
+ int err;
+
+ header = tx_msg;
+
+ if (header->tag == priv->cmd_tag)
+ lockdep_assert_held(&priv->se_if_cmd_lock);
+
+ guard(mutex)(&priv->se_if_lock);
+
+ err = mbox_send_message(priv->tx_chan, tx_msg);
+ if (err < 0) {
+ dev_err(priv->dev, "Error: mbox_send_message failure.\n");
+ return err;
+ }
+
+ return err;
+}
+
+/* API used for send/receive blocking call. */
+int ele_msg_send_rcv(struct se_if_priv *priv, void *tx_msg, void *rx_msg)
+{
+ int err;
+
+ guard(mutex)(&priv->se_if_cmd_lock);
+ if (priv->waiting_rsp_dev) {
+ dev_warn(priv->dev,
+ "There should be no misc dev-ctx, waiting for resp.\n");
+ priv->waiting_rsp_dev = NULL;
+ }
+ priv->rx_msg = rx_msg;
+ err = ele_msg_send(priv, tx_msg);
+ if (err < 0)
+ goto exit;
+
+ err = ele_msg_rcv(priv);
+
+exit:
+ return err;
+}
+
+static bool exception_for_size(struct se_if_priv *priv,
+ struct se_msg_hdr *header)
+{
+ /* List of API(s) that can be accepte variable length
+ * response buffer.
+ */
+ if (header->command == ELE_DEBUG_DUMP_REQ &&
+ header->ver == priv->base_api_ver &&
+ header->size >= 0 &&
+ header->size <= ELE_DEBUG_DUMP_RSP_SZ)
+ return true;
+
+ return false;
+}
+
+/*
+ * Callback called by mailbox FW, when data is received.
+ */
+void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
+{
+ struct device *dev = mbox_cl->dev;
+ struct se_if_priv *priv;
+ struct se_msg_hdr *header;
+ u32 rx_msg_sz;
+
+ priv = dev_get_drvdata(dev);
+
+ /* The function can be called with NULL msg */
+ if (!msg) {
+ dev_err(dev, "Message is invalid\n");
+ return;
+ }
+
+ header = msg;
+ rx_msg_sz = header->size << 2;
+
+ if (header->tag == priv->rsp_tag) {
+ if (!priv->waiting_rsp_dev) {
+ /*
+ * Reading the EdgeLock Enclave response
+ * to the command, sent by other
+ * linux kernel services.
+ */
+ spin_lock(&priv->lock);
+ if (priv->rx_msg_sz != rx_msg_sz &&
+ !exception_for_size(priv, header))
+ dev_err(dev,
+ "Msg(priv) recvd with different sz(%d != %d).\n",
+ rx_msg_sz, priv->rx_msg_sz);
+ else
+ memcpy(priv->rx_msg, msg, rx_msg_sz);
+
+ complete(&priv->done);
+ spin_unlock(&priv->lock);
+ return;
+ }
+ }
+
+ dev_err(dev, "Failed to select a device for message: %.8x\n",
+ *((u32 *) header));
+}
+
+int se_val_rsp_hdr_n_status(struct se_if_priv *priv,
+ struct se_msg_hdr *header,
+ uint8_t msg_id,
+ uint8_t sz,
+ bool is_base_api)
+{
+ u32 status;
+
+ if (header->tag != priv->rsp_tag) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
+ msg_id, header->tag, priv->rsp_tag);
+ return -EINVAL;
+ }
+
+ if (header->command != msg_id) {
+ dev_err(priv->dev,
+ "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
+ header->command, msg_id);
+ return -EINVAL;
+ }
+
+ if (header->size != (sz >> 2)) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
+ msg_id, header->size, (sz >> 2));
+ return -EINVAL;
+ }
+
+ if (is_base_api && (header->ver != priv->base_api_ver)) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)",
+ msg_id, header->ver, priv->base_api_ver);
+ return -EINVAL;
+ } else if (!is_base_api && header->ver != priv->fw_api_ver) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
+ msg_id, header->ver, priv->fw_api_ver);
+ return -EINVAL;
+ }
+
+ status = RES_STATUS(priv->rx_msg->data[0]);
+ if (status != priv->success_tag) {
+ dev_err(priv->dev, "Command Id[%d], Response Failure = 0x%x",
+ header->command, status);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+int se_save_imem_state(struct se_if_priv *priv)
+{
+ int ret;
+
+ /* EXPORT command will save encrypted IMEM to given address,
+ * so later in resume, IMEM can be restored from the given
+ * address.
+ *
+ * Size must be at least 64 kB.
+ */
+ ret = ele_service_swap(priv->dev,
+ priv->imem.phyaddr,
+ ELE_IMEM_SIZE,
+ ELE_IMEM_EXPORT);
+ if (ret < 0)
+ dev_err(priv->dev, "Failed to export IMEM\n");
+ else
+ dev_info(priv->dev,
+ "Exported %d bytes of encrypted IMEM\n",
+ ret);
+
+ return ret;
+}
+
+int se_restore_imem_state(struct se_if_priv *priv)
+{
+ struct ele_dev_info s_info;
+ int ret;
+
+ /* get info from ELE */
+ ret = ele_get_info(priv->dev, &s_info);
+ if (ret) {
+ dev_err(priv->dev, "Failed to get info from ELE.\n");
+ return ret;
+ }
+
+ /* Get IMEM state, if 0xFE then import IMEM */
+ if (s_info.d_addn_info.imem_state == ELE_IMEM_STATE_BAD) {
+ /* IMPORT command will restore IMEM from the given
+ * address, here size is the actual size returned by ELE
+ * during the export operation
+ */
+ ret = ele_service_swap(priv->dev,
+ priv->imem.phyaddr,
+ priv->imem.size,
+ ELE_IMEM_IMPORT);
+ if (ret) {
+ dev_err(priv->dev, "Failed to import IMEM\n");
+ goto exit;
+ }
+ } else
+ goto exit;
+
+ /* After importing IMEM, check if IMEM state is equal to 0xCA
+ * to ensure IMEM is fully loaded and
+ * ELE functionality can be used.
+ */
+ ret = ele_get_info(priv->dev, &s_info);
+ if (ret) {
+ dev_err(priv->dev, "Failed to get info from ELE.\n");
+ goto exit;
+ }
+
+ if (s_info.d_addn_info.imem_state == ELE_IMEM_STATE_OK)
+ dev_info(priv->dev, "Successfully restored IMEM\n");
+ else
+ dev_err(priv->dev, "Failed to restore IMEM\n");
+
+exit:
+ return ret;
+}
diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
new file mode 100644
index 000000000000..5ef775a42ab3
--- /dev/null
+++ b/drivers/firmware/imx/ele_common.h
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ */
+
+
+#ifndef __ELE_COMMON_H__
+#define __ELE_COMMON_H__
+
+#include "se_ctrl.h"
+
+#define ELE_SUCCESS_IND 0xD6
+
+#define IMX_ELE_FW_DIR "imx/ele/"
+
+uint32_t se_add_msg_crc(uint32_t *msg, uint32_t msg_len);
+int ele_msg_rcv(struct se_if_priv *priv);
+int ele_msg_send(struct se_if_priv *priv, void *tx_msg);
+int ele_msg_send_rcv(struct se_if_priv *priv, void *tx_msg, void *rx_msg);
+void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
+int se_val_rsp_hdr_n_status(struct se_if_priv *priv,
+ struct se_msg_hdr *header,
+ uint8_t msg_id,
+ uint8_t sz,
+ bool is_base_api);
+
+/* Fill a command message header with a given command ID and length in bytes. */
+static inline int se_fill_cmd_msg_hdr(struct se_if_priv *priv,
+ struct se_msg_hdr *hdr,
+ u8 cmd, u32 len,
+ bool is_base_api)
+{
+ hdr->tag = priv->cmd_tag;
+ hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
+ hdr->command = cmd;
+ hdr->size = len >> 2;
+
+ return 0;
+}
+
+int se_save_imem_state(struct se_if_priv *priv);
+int se_restore_imem_state(struct se_if_priv *priv);
+
+#endif /*__ELE_COMMON_H__ */
diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
new file mode 100644
index 000000000000..23065db5ac17
--- /dev/null
+++ b/drivers/firmware/imx/se_ctrl.c
@@ -0,0 +1,528 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2024 NXP
+ */
+
+#include <linux/completion.h>
+#include <linux/delay.h>
+#include <linux/dev_printk.h>
+#include <linux/dma-mapping.h>
+#include <linux/errno.h>
+#include <linux/export.h>
+#include <linux/firmware.h>
+#include <linux/firmware/imx/se_api.h>
+#include <linux/genalloc.h>
+#include <linux/init.h>
+#include <linux/io.h>
+#include <linux/miscdevice.h>
+#include <linux/mod_devicetable.h>
+#include <linux/module.h>
+#include <linux/of_platform.h>
+#include <linux/of_reserved_mem.h>
+#include <linux/platform_device.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/sys_soc.h>
+
+#include "ele_base_msg.h"
+#include "ele_common.h"
+#include "se_ctrl.h"
+
+#define RESERVED_DMA_POOL BIT(0)
+#define MBOX_TX_NAME "tx"
+#define MBOX_RX_NAME "rx"
+
+struct se_if_node_info {
+ u8 se_if_id;
+ u8 se_if_did;
+ u8 max_dev_ctx;
+ u8 cmd_tag;
+ u8 rsp_tag;
+ u8 success_tag;
+ u8 base_api_ver;
+ u8 fw_api_ver;
+ u8 *se_name;
+ u8 *pool_name;
+ u8 *fw_name_in_rfs;
+ bool soc_register;
+ bool reserved_dma_ranges;
+ u8 *imem_mgmt_file_in_rfs;
+ int (*se_fetch_soc_info)(struct device *dev, u16 *soc_rev, u64 *serial_num);
+};
+
+struct se_if_node_info_list {
+ u8 num_mu;
+ u16 soc_id;
+ struct se_if_node_info info[];
+};
+
+static const struct se_if_node_info_list imx8ulp_info = {
+ .num_mu = 1,
+ .soc_id = SOC_ID_OF_IMX8ULP,
+ .info = {
+ {
+ .se_if_id = 2,
+ .se_if_did = 7,
+ .max_dev_ctx = 4,
+ .cmd_tag = 0x17,
+ .rsp_tag = 0xe1,
+ .success_tag = ELE_SUCCESS_IND,
+ .base_api_ver = MESSAGING_VERSION_6,
+ .fw_api_ver = MESSAGING_VERSION_7,
+ .se_name = "hsm1",
+ .pool_name = "sram",
+ .fw_name_in_rfs = IMX_ELE_FW_DIR
+ "mx8ulpa2ext-ahab-container.img",
+ .soc_register = true,
+ .reserved_dma_ranges = true,
+ .imem_mgmt_file_in_rfs = IMX_ELE_FW_DIR
+ "mx8ulpa2ext-imem-data.img",
+ .se_fetch_soc_info = ele_fetch_soc_info,
+ },
+ },
+};
+
+static const struct se_if_node_info_list imx93_info = {
+ .num_mu = 1,
+ .soc_id = SOC_ID_OF_IMX93,
+ .info = {
+ {
+ .se_if_id = 2,
+ .se_if_did = 3,
+ .max_dev_ctx = 4,
+ .cmd_tag = 0x17,
+ .rsp_tag = 0xe1,
+ .success_tag = ELE_SUCCESS_IND,
+ .base_api_ver = MESSAGING_VERSION_6,
+ .fw_api_ver = MESSAGING_VERSION_7,
+ .se_name = "hsm1",
+ .reserved_dma_ranges = true,
+ .soc_register = true,
+ },
+ },
+};
+
+static const struct of_device_id se_match[] = {
+ { .compatible = "fsl,imx8ulp-se", .data = (void *)&imx8ulp_info},
+ { .compatible = "fsl,imx93-se", .data = (void *)&imx93_info},
+ {},
+};
+
+static const struct se_if_node_info
+ *get_se_if_node_info(const struct se_if_node_info_list *info_list,
+ const u32 idx)
+{
+ if (idx > info_list->num_mu)
+ return NULL;
+
+ return &info_list->info[idx];
+}
+
+static int se_soc_info(struct se_if_priv *priv,
+ const struct se_if_node_info_list *info_list)
+{
+ const struct se_if_node_info *info;
+ struct soc_device_attribute *attr;
+ struct soc_device *sdev;
+ u64 serial_num;
+ u16 soc_rev;
+ int err = 0;
+
+ info = priv->info;
+
+ /* This function should be called once.
+ * Check if the soc_rev is zero to continue.
+ */
+ if (priv->soc_rev)
+ return err;
+
+ if (info->se_fetch_soc_info) {
+ err = info->se_fetch_soc_info(priv->dev, &soc_rev, &serial_num);
+ if (err < 0) {
+ dev_err(priv->dev, "Failed to fetch SoC Info.");
+ return err;
+ }
+ } else {
+ dev_err(priv->dev, "Failed to fetch SoC revision.");
+ if (info->soc_register)
+ dev_err(priv->dev, "Failed to do SoC registration.");
+ err = -EINVAL;
+ return err;
+ }
+
+ priv->soc_rev = soc_rev;
+ if (!info->soc_register)
+ return 0;
+
+ attr = devm_kzalloc(priv->dev, sizeof(*attr), GFP_KERNEL);
+ if (!attr)
+ return -ENOMEM;
+
+ if (FIELD_GET(DEV_GETINFO_MIN_VER_MASK, soc_rev))
+ attr->revision = devm_kasprintf(priv->dev, GFP_KERNEL, "%x.%x",
+ FIELD_GET(DEV_GETINFO_MIN_VER_MASK,
+ soc_rev),
+ FIELD_GET(DEV_GETINFO_MAJ_VER_MASK,
+ soc_rev));
+ else
+ attr->revision = devm_kasprintf(priv->dev, GFP_KERNEL, "%x",
+ FIELD_GET(DEV_GETINFO_MAJ_VER_MASK,
+ soc_rev));
+
+ switch (info_list->soc_id) {
+ case SOC_ID_OF_IMX8ULP:
+ attr->soc_id = devm_kasprintf(priv->dev, GFP_KERNEL,
+ "i.MX8ULP");
+ break;
+ case SOC_ID_OF_IMX93:
+ attr->soc_id = devm_kasprintf(priv->dev, GFP_KERNEL,
+ "i.MX93");
+ break;
+ }
+
+ err = of_property_read_string(of_root, "model",
+ &attr->machine);
+ if (err)
+ return -EINVAL;
+
+ attr->family = devm_kasprintf(priv->dev, GFP_KERNEL, "Freescale i.MX");
+
+ attr->serial_number
+ = devm_kasprintf(priv->dev, GFP_KERNEL, "%016llX", serial_num);
+
+ sdev = soc_device_register(attr);
+ if (IS_ERR(sdev))
+ return PTR_ERR(sdev);
+
+ return 0;
+}
+
+/* interface for managed res to free a mailbox channel */
+static void if_mbox_free_channel(void *mbox_chan)
+{
+ mbox_free_channel(mbox_chan);
+}
+
+static int se_if_request_channel(struct device *dev,
+ struct mbox_chan **chan,
+ struct mbox_client *cl,
+ const char *name)
+{
+ struct mbox_chan *t_chan;
+ int ret = 0;
+
+ t_chan = mbox_request_channel_byname(cl, name);
+ if (IS_ERR(t_chan)) {
+ ret = PTR_ERR(t_chan);
+ return dev_err_probe(dev, ret,
+ "Failed to request %s channel.", name);
+ }
+
+ ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
+ if (ret) {
+ dev_err(dev, "failed to add devm removal of mbox %s\n", name);
+ goto exit;
+ }
+
+ *chan = t_chan;
+
+exit:
+ return ret;
+}
+
+static void se_if_probe_cleanup(struct platform_device *pdev)
+{
+ struct device *dev = &pdev->dev;
+ struct se_if_priv *priv;
+
+ priv = dev_get_drvdata(dev);
+
+ /* In se_if_request_channel(), passed the clean-up functional
+ * pointer reference as action to devm_add_action().
+ * No need to free the mbox channels here.
+ */
+
+ /* free the buffer in se remove, previously allocated
+ * in se probe to store encrypted IMEM
+ */
+ if (priv->imem.buf) {
+ dmam_free_coherent(dev,
+ ELE_IMEM_SIZE,
+ priv->imem.buf,
+ priv->imem.phyaddr);
+ priv->imem.buf = NULL;
+ }
+
+ /* No need to check, if reserved memory is allocated
+ * before calling for its release. Or clearing the
+ * un-set bit.
+ */
+ of_reserved_mem_device_release(dev);
+}
+
+static void se_load_firmware(const struct firmware *fw, void *context)
+{
+ struct se_if_priv *priv = (struct se_if_priv *) context;
+ const struct se_if_node_info *info = priv->info;
+ const u8 *se_img_file_to_load = NULL;
+ phys_addr_t se_fw_phyaddr;
+ u8 *se_fw_buf;
+ int ret;
+
+ if (!fw) {
+ if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
+ dev_dbg(priv->dev,
+ "External FW not found, using ROM FW.\n");
+ else {
+ /*add a bit delay to wait for firmware priv released */
+ msleep(20);
+
+ if (priv->imem.state == ELE_IMEM_STATE_BAD)
+ se_img_file_to_load = info->imem_mgmt_file_in_rfs;
+ else
+ se_img_file_to_load = info->fw_name_in_rfs;
+
+ /* Load firmware one more time if timeout */
+ request_firmware_nowait(THIS_MODULE,
+ FW_ACTION_UEVENT, se_img_file_to_load,
+ priv->dev, GFP_KERNEL, priv,
+ se_load_firmware);
+ priv->fw_fail++;
+ dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
+ priv->fw_fail);
+ }
+
+ return;
+ }
+
+ if (priv->imem.state == ELE_IMEM_STATE_BAD) {
+ dev_err(priv->dev,
+ "Error %pe: Restore IMEM state post DPD.\n",
+ ERR_PTR(ret));
+ } else {
+ /* allocate buffer to store the SE FW */
+ se_fw_buf = dma_alloc_coherent(priv->dev, fw->size,
+ &se_fw_phyaddr, GFP_KERNEL);
+ if (!se_fw_buf) {
+ /* there is no return from this function.
+ * Hence adding the error message for
+ * out of memory
+ */
+ dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
+ goto exit;
+ }
+
+ memcpy(se_fw_buf, fw->data, fw->size);
+ ret = ele_fw_authenticate(priv->dev, se_fw_phyaddr);
+ if (ret < 0)
+ dev_err(priv->dev,
+ "Error %pe: Authenticate & load SE firmware %s.\n",
+ ERR_PTR(ret),
+ se_img_file_to_load);
+
+ dma_free_coherent(priv->dev,
+ fw->size,
+ se_fw_buf,
+ se_fw_phyaddr);
+ }
+
+exit:
+ release_firmware(fw);
+}
+
+static int se_if_probe(struct platform_device *pdev)
+{
+ const struct se_if_node_info_list *info_list;
+ const struct se_if_node_info *info;
+ struct device *dev = &pdev->dev;
+ u8 *se_img_file_to_load = NULL;
+ struct se_if_priv *priv;
+ u32 idx;
+ int ret;
+
+ idx = GET_IDX_FROM_DEV_NODE_NAME(dev->of_node);
+ info_list = device_get_match_data(dev);
+ if (idx > info_list->num_mu) {
+ dev_err(dev,
+ "Incorrect node name :%s\n",
+ dev->of_node->full_name);
+ dev_err(dev,
+ "%s@<index>, acceptable index range is 0..%d\n",
+ dev->of_node->name,
+ info_list->num_mu - 1);
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ info = get_se_if_node_info(info_list, idx);
+ if (!info) {
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
+ if (!priv) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ dev_set_drvdata(dev, priv);
+
+ /* Mailbox client configuration */
+ priv->se_mb_cl.dev = dev;
+ priv->se_mb_cl.tx_block = false;
+ priv->se_mb_cl.knows_txdone = true;
+ priv->se_mb_cl.rx_callback = se_if_rx_callback;
+
+ ret = se_if_request_channel(dev, &priv->tx_chan,
+ &priv->se_mb_cl, MBOX_TX_NAME);
+ if (ret)
+ goto exit;
+
+ ret = se_if_request_channel(dev, &priv->rx_chan,
+ &priv->se_mb_cl, MBOX_RX_NAME);
+ if (ret)
+ goto exit;
+
+ priv->dev = dev;
+ priv->info = info;
+
+ mutex_init(&priv->se_if_lock);
+ mutex_init(&priv->se_if_cmd_lock);
+
+ /*
+ * Initialized priv->cmd_receiver_dev and
+ * priv->waiting_rsp_dev = NULL;
+ */
+ priv->max_dev_ctx = info->max_dev_ctx;
+ priv->cmd_tag = info->cmd_tag;
+ priv->rsp_tag = info->rsp_tag;
+ if (info->pool_name) {
+ priv->mem_pool = of_gen_pool_get(dev->of_node,
+ info->pool_name, 0);
+ if (!priv->mem_pool) {
+ dev_err(dev,
+ "Unable to get sram pool = %s\n",
+ info->pool_name);
+ return 0;
+ }
+ }
+ priv->success_tag = info->success_tag;
+ priv->base_api_ver = info->base_api_ver;
+ priv->fw_api_ver = info->fw_api_ver;
+
+ init_completion(&priv->done);
+ spin_lock_init(&priv->lock);
+
+ if (info->reserved_dma_ranges) {
+ ret = of_reserved_mem_device_init(dev);
+ if (ret) {
+ dev_err(dev,
+ "failed to init reserved memory region %d\n",
+ ret);
+ goto exit;
+ }
+ }
+
+ ret = se_soc_info(priv, info_list);
+ if (ret) {
+ dev_err(dev,
+ "failed[%pe] to fetch SoC Info\n", ERR_PTR(ret));
+ goto exit;
+ }
+
+ se_img_file_to_load = info->fw_name_in_rfs;
+ if (info->imem_mgmt_file_in_rfs) {
+ /* allocate buffer where SE store encrypted IMEM */
+ priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
+ &priv->imem.phyaddr,
+ GFP_KERNEL);
+ if (!priv->imem.buf) {
+ dev_err(dev,
+ "dmam-alloc-failed: To store encr-IMEM.\n");
+ ret = -ENOMEM;
+ goto exit;
+ }
+ if (priv->imem.state == ELE_IMEM_STATE_BAD)
+ se_img_file_to_load = info->imem_mgmt_file_in_rfs;
+ }
+
+ if (se_img_file_to_load) {
+ ret = request_firmware_nowait(THIS_MODULE,
+ FW_ACTION_UEVENT,
+ se_img_file_to_load,
+ dev, GFP_KERNEL, priv,
+ se_load_firmware);
+ if (ret)
+ dev_warn(dev, "Failed to get firmware [%s].\n",
+ se_img_file_to_load);
+ ret = 0;
+ }
+
+ dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
+ info->se_name);
+ return ret;
+
+exit:
+ /* if execution control reaches here, if probe fails.
+ * hence doing the cleanup
+ */
+ se_if_probe_cleanup(pdev);
+
+ return ret;
+}
+
+static int se_if_remove(struct platform_device *pdev)
+{
+ se_if_probe_cleanup(pdev);
+
+ return 0;
+}
+
+static int se_suspend(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ const struct se_if_node_info *info = priv->info;
+ int ret = 0;
+
+ if (info && info->imem_mgmt_file_in_rfs) {
+ ret = se_save_imem_state(priv);
+ if (ret < 0)
+ goto exit;
+ priv->imem.size = ret;
+ }
+exit:
+ return ret;
+}
+
+static int se_resume(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ const struct se_if_node_info *info = priv->info;
+
+ if (info && info->imem_mgmt_file_in_rfs)
+ se_restore_imem_state(priv);
+
+ return 0;
+}
+
+static const struct dev_pm_ops se_pm = {
+ RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
+};
+
+static struct platform_driver se_driver = {
+ .driver = {
+ .name = "fsl-se-fw",
+ .of_match_table = se_match,
+ .pm = &se_pm,
+ },
+ .probe = se_if_probe,
+ .remove = se_if_remove,
+};
+MODULE_DEVICE_TABLE(of, se_match);
+
+module_platform_driver(se_driver);
+
+MODULE_AUTHOR("Pankaj Gupta <pankaj.gupta@nxp.com>");
+MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
+MODULE_LICENSE("GPL");
diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
new file mode 100644
index 000000000000..f6008481408a
--- /dev/null
+++ b/drivers/firmware/imx/se_ctrl.h
@@ -0,0 +1,87 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ */
+
+#ifndef SE_MU_H
+#define SE_MU_H
+
+#include <linux/miscdevice.h>
+#include <linux/semaphore.h>
+#include <linux/mailbox_client.h>
+
+#define MAX_FW_LOAD_RETRIES 50
+
+#define RES_STATUS(x) FIELD_GET(0x000000ff, x)
+#define MESSAGING_VERSION_6 0x6
+#define MESSAGING_VERSION_7 0x7
+
+#define GET_IDX_FROM_DEV_NODE_NAME(dev_of_node) \
+ (dev_of_node->full_name[strlen(dev_of_node->name) + 1] - '0')
+
+struct se_imem_buf {
+ u8 *buf;
+ phys_addr_t phyaddr;
+ u32 size;
+ u32 state;
+};
+
+/* Header of the messages exchange with the EdgeLock Enclave */
+struct se_msg_hdr {
+ u8 ver;
+ u8 size;
+ u8 command;
+ u8 tag;
+} __packed;
+
+#define SE_MU_HDR_SZ 4
+
+struct se_api_msg {
+ struct se_msg_hdr header;
+ u32 data[];
+};
+
+struct se_if_priv {
+ struct se_if_device_ctx *cmd_receiver_dev;
+ /* Update to the waiting_rsp_dev, to be protected
+ * under se_if_lock.
+ */
+ struct se_if_device_ctx *waiting_rsp_dev;
+ /*
+ * prevent parallel access to the se interface registers
+ * e.g. a user trying to send a command while the other one is
+ * sending a response.
+ */
+ struct mutex se_if_lock;
+ /*
+ * prevent a command to be sent on the se interface while another one is
+ * still processing. (response to a command is allowed)
+ */
+ struct mutex se_if_cmd_lock;
+ struct device *dev;
+ struct gen_pool *mem_pool;
+ u8 cmd_tag;
+ u8 rsp_tag;
+ u8 success_tag;
+ u8 base_api_ver;
+ u8 fw_api_ver;
+ u32 fw_fail;
+ u16 soc_rev;
+ const void *info;
+
+ struct mbox_client se_mb_cl;
+ struct mbox_chan *tx_chan, *rx_chan;
+
+ /* Assignment of the rx_msg buffer to held till the
+ * received content as part callback function, is copied.
+ */
+ struct se_api_msg *rx_msg;
+ u32 rx_msg_sz;
+ struct completion done;
+ spinlock_t lock;
+ u8 max_dev_ctx;
+ struct se_if_device_ctx **ctxs;
+ struct se_imem_buf imem;
+};
+
+#endif
diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h
new file mode 100644
index 000000000000..c47f84906837
--- /dev/null
+++ b/include/linux/firmware/imx/se_api.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ */
+
+#ifndef __SE_API_H__
+#define __SE_API_H__
+
+#include <linux/types.h>
+
+#define SOC_ID_OF_IMX8ULP 0x084D
+#define SOC_ID_OF_IMX93 0x9300
+
+#endif /* __SE_API_H__ */
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v6 5/5] firmware: imx: adds miscdev
2024-07-22 4:51 [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave Pankaj Gupta
` (3 preceding siblings ...)
2024-07-22 4:51 ` [PATCH v6 4/5] firmware: imx: add driver for NXP EdgeLock Enclave Pankaj Gupta
@ 2024-07-22 4:51 ` Pankaj Gupta
2024-07-22 11:37 ` [EXTERNAL] " Amit Singh Tomar
2024-07-23 14:20 ` Sascha Hauer
4 siblings, 2 replies; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-22 4:51 UTC (permalink / raw)
To: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Pankaj Gupta, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
Adds the driver for communication interface to secure-enclave,
for exchanging messages with NXP secure enclave HW IP(s) like
EdgeLock Enclave from:
- User-Space Applications via character driver.
ABI documentation for the NXP secure-enclave driver.
User-space library using this driver:
- i.MX Secure Enclave library:
-- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
- i.MX Secure Middle-Ware:
-- URL: https://github.com/nxp-imx/imx-smw.git
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
Documentation/ABI/testing/se-cdev | 43 +++
drivers/firmware/imx/ele_common.c | 192 ++++++++++-
drivers/firmware/imx/ele_common.h | 4 +
drivers/firmware/imx/se_ctrl.c | 677 ++++++++++++++++++++++++++++++++++++++
drivers/firmware/imx/se_ctrl.h | 46 +++
include/uapi/linux/se_ioctl.h | 94 ++++++
6 files changed, 1053 insertions(+), 3 deletions(-)
diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
new file mode 100644
index 000000000000..3451c909ccc4
--- /dev/null
+++ b/Documentation/ABI/testing/se-cdev
@@ -0,0 +1,43 @@
+What: /dev/<se>_mu[0-9]+_ch[0-9]+
+Date: May 2024
+KernelVersion: 6.8
+Contact: linux-imx@nxp.com, pankaj.gupta@nxp.com
+Description:
+ NXP offers multiple hardware IP(s) for secure enclaves like EdgeLock-
+ Enclave(ELE), SECO. The character device file descriptors
+ /dev/<se>_mu*_ch* are the interface between userspace NXP's secure-
+ enclave shared library and the kernel driver.
+
+ The ioctl(2)-based ABI is defined and documented in
+ [include]<linux/firmware/imx/ele_mu_ioctl.h>.
+ ioctl(s) are used primarily for:
+ - shared memory management
+ - allocation of I/O buffers
+ - getting mu info
+ - setting a dev-ctx as receiver to receive all the commands from FW
+ - getting SoC info
+ - send command and receive command response
+
+ The following file operations are supported:
+
+ open(2)
+ Currently the only useful flags are O_RDWR.
+
+ read(2)
+ Every read() from the opened character device context is waiting on
+ wait_event_interruptible, that gets set by the registered mailbox callback
+ function, indicating a message received from the firmware on message-
+ unit.
+
+ write(2)
+ Every write() to the opened character device context needs to acquire
+ mailbox_lock before sending message on to the message unit.
+
+ close(2)
+ Stops and frees up the I/O contexts that were associated
+ with the file descriptor.
+
+Users: https://github.com/nxp-imx/imx-secure-enclave.git,
+ https://github.com/nxp-imx/imx-smw.git
+ crypto/skcipher,
+ drivers/nvmem/imx-ocotp-ele.c
diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
index 3a6584d6f6f2..8167ae201b83 100644
--- a/drivers/firmware/imx/ele_common.c
+++ b/drivers/firmware/imx/ele_common.c
@@ -78,6 +78,149 @@ int ele_msg_send_rcv(struct se_if_priv *priv, void *tx_msg, void *rx_msg)
return err;
}
+int ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx,
+ void *rx_buf,
+ int rx_buf_sz)
+{
+ struct se_msg_hdr *header;
+ int err;
+
+ err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
+ if (err) {
+ dev_err(dev_ctx->dev,
+ "%s: Err[0x%x]:Interrupted by signal.\n",
+ dev_ctx->miscdev.name, err);
+ goto exit;
+ }
+
+ header = (struct se_msg_hdr *) dev_ctx->temp_resp;
+
+ if (header->tag == dev_ctx->priv->rsp_tag) {
+ if (dev_ctx->priv->waiting_rsp_dev && dev_ctx->priv->waiting_rsp_dev != dev_ctx) {
+ dev_warn(dev_ctx->dev,
+ "Dev-ctx waiting for response mismatch (%s != %s).\n",
+ dev_ctx->miscdev.name, dev_ctx->priv->waiting_rsp_dev->miscdev.name);
+ err = -EPERM;
+ goto exit;
+ }
+ }
+
+ dev_dbg(dev_ctx->dev,
+ "%s: %s %s\n",
+ dev_ctx->miscdev.name,
+ __func__,
+ "message received, start transmit to user");
+
+ /*
+ * Check that the size passed as argument is larger than
+ * the one carried in the message.
+ *
+ * In case of US-command/response, the dev_ctx->temp_resp_size
+ * is set before sending the command.
+ *
+ * In case of NVM Slave-command/response, the dev_ctx->temp_resp_size
+ * is set after receing the message from mailbox.
+ */
+ if (dev_ctx->temp_resp_size > rx_buf_sz) {
+ dev_err(dev_ctx->dev,
+ "%s: User buffer too small (%d < %d)\n",
+ dev_ctx->miscdev.name,
+ rx_buf_sz, dev_ctx->temp_resp_size);
+ dev_ctx->temp_resp_size = rx_buf_sz;
+ }
+
+ /* We may need to copy the output data to user before
+ * delivering the completion message.
+ */
+ err = se_dev_ctx_cpy_out_data(dev_ctx, true);
+ if (err < 0)
+ goto exit;
+
+ /* Copy data from the buffer */
+ print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
+ dev_ctx->temp_resp, dev_ctx->temp_resp_size, false);
+ if (copy_to_user(rx_buf, dev_ctx->temp_resp, dev_ctx->temp_resp_size)) {
+ dev_err(dev_ctx->dev,
+ "%s: Failed to copy to user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ err = dev_ctx->temp_resp_size;
+exit:
+ if (err < 0)
+ se_dev_ctx_cpy_out_data(dev_ctx, false);
+
+ /* free memory allocated on the shared buffers. */
+ dev_ctx->secure_mem.pos = 0;
+ dev_ctx->non_secure_mem.pos = 0;
+
+ dev_ctx->pending_hdr = 0;
+ se_dev_ctx_shared_mem_cleanup(dev_ctx);
+
+ return err;
+}
+
+int ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
+ void *tx_msg, int tx_msg_sz)
+{
+ struct se_if_priv *priv = dev_ctx->priv;
+ struct se_msg_hdr *header;
+ u32 size_to_send;
+ int err;
+
+ header = (struct se_msg_hdr *) tx_msg;
+
+ /*
+ * Check that the size passed as argument matches the size
+ * carried in the message.
+ */
+ size_to_send = header->size << 2;
+
+ if (size_to_send != tx_msg_sz) {
+ err = -EINVAL;
+ dev_err(priv->dev,
+ "%s: User buf hdr(0x%x) sz mismatced with input-sz (%d != %d).\n",
+ dev_ctx->miscdev.name, *(u32 *)header, size_to_send, tx_msg_sz);
+ goto exit;
+ }
+
+ /* Check the message is valid according to tags */
+ if (header->tag == priv->rsp_tag) {
+ /* Check the device context can send the command */
+ if (dev_ctx != priv->cmd_receiver_dev) {
+ dev_err(priv->dev,
+ "%s: Channel not configured to send resp to FW.",
+ dev_ctx->miscdev.name);
+ err = -EPERM;
+ goto exit;
+ }
+ } else if (header->tag == priv->cmd_tag) {
+ if (priv->waiting_rsp_dev != dev_ctx) {
+ dev_err(priv->dev,
+ "%s: Channel not configured to send cmd to FW.",
+ dev_ctx->miscdev.name);
+ err = -EPERM;
+ goto exit;
+ }
+ lockdep_assert_held(&priv->se_if_cmd_lock);
+ } else {
+ dev_err(priv->dev,
+ "%s: The message does not have a valid TAG\n",
+ dev_ctx->miscdev.name);
+ err = -EINVAL;
+ goto exit;
+ }
+ err = ele_msg_send(priv, tx_msg);
+ if (err < 0)
+ goto exit;
+
+ err = size_to_send;
+exit:
+ return err;
+}
+
static bool exception_for_size(struct se_if_priv *priv,
struct se_msg_hdr *header)
{
@@ -99,6 +242,7 @@ static bool exception_for_size(struct se_if_priv *priv,
void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
{
struct device *dev = mbox_cl->dev;
+ struct se_if_device_ctx *dev_ctx;
struct se_if_priv *priv;
struct se_msg_hdr *header;
u32 rx_msg_sz;
@@ -114,8 +258,50 @@ void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
header = msg;
rx_msg_sz = header->size << 2;
- if (header->tag == priv->rsp_tag) {
- if (!priv->waiting_rsp_dev) {
+ /* Incoming command: wake up the receiver if any. */
+ if (header->tag == priv->cmd_tag) {
+ dev_dbg(dev, "Selecting cmd receiver\n");
+ dev_ctx = priv->cmd_receiver_dev;
+ /* Pre-allocated buffer of MAX_NVM_MSG_LEN
+ * as the NVM command are initiated by FW.
+ * Size is revealed as part of this call function.
+ */
+ if (rx_msg_sz > MAX_NVM_MSG_LEN) {
+ dev_err(dev,
+ "%s: Msg recvd hdr(0x%x) with greater[%d] than allocated buf-sz.\n",
+ dev_ctx->miscdev.name,
+ *(u32 *) header,
+ rx_msg_sz);
+ } else
+ memcpy(dev_ctx->temp_resp, msg, rx_msg_sz);
+
+ /* NVM buffer size are not known prior receiving it from FW.
+ */
+ dev_ctx->temp_resp_size = rx_msg_sz;
+
+ /* Allow user to read */
+ dev_ctx->pending_hdr = 1;
+ wake_up_interruptible(&dev_ctx->wq);
+
+ return;
+ } else if (header->tag == priv->rsp_tag) {
+ if (priv->waiting_rsp_dev) {
+ dev_dbg(dev, "Selecting rsp waiter\n");
+ dev_ctx = priv->waiting_rsp_dev;
+ if (rx_msg_sz != dev_ctx->temp_resp_size
+ && !exception_for_size(priv, header))
+ dev_err(dev,
+ "%s: Msg RSP hdr(0x%x) with different sz(%d != %d).\n",
+ dev_ctx->miscdev.name,
+ *(u32 *) header,
+ rx_msg_sz, dev_ctx->temp_resp_size);
+ else
+ memcpy(dev_ctx->temp_resp, msg, rx_msg_sz);
+
+ /* Allow user to read */
+ dev_ctx->pending_hdr = 1;
+ wake_up_interruptible(&dev_ctx->wq);
+ } else {
/*
* Reading the EdgeLock Enclave response
* to the command, sent by other
@@ -132,8 +318,8 @@ void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
complete(&priv->done);
spin_unlock(&priv->lock);
- return;
}
+ return;
}
dev_err(dev, "Failed to select a device for message: %.8x\n",
diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
index 5ef775a42ab3..7b1c6bfc138b 100644
--- a/drivers/firmware/imx/ele_common.h
+++ b/drivers/firmware/imx/ele_common.h
@@ -17,6 +17,10 @@ uint32_t se_add_msg_crc(uint32_t *msg, uint32_t msg_len);
int ele_msg_rcv(struct se_if_priv *priv);
int ele_msg_send(struct se_if_priv *priv, void *tx_msg);
int ele_msg_send_rcv(struct se_if_priv *priv, void *tx_msg, void *rx_msg);
+int ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx,
+ void *rx_msg, int rx_msg_sz);
+int ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
+ void *tx_msg, int tx_msg_sz);
void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
int se_val_rsp_hdr_n_status(struct se_if_priv *priv,
struct se_msg_hdr *header,
diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
index 23065db5ac17..b12a9795b495 100644
--- a/drivers/firmware/imx/se_ctrl.c
+++ b/drivers/firmware/imx/se_ctrl.c
@@ -23,6 +23,7 @@
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/sys_soc.h>
+#include <uapi/linux/se_ioctl.h>
#include "ele_base_msg.h"
#include "ele_common.h"
@@ -197,6 +198,588 @@ static int se_soc_info(struct se_if_priv *priv,
return 0;
}
+static int se_ioctl_cmd_snd_rcv_rsp_handler(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
+ struct se_ioctl_cmd_snd_rcv_rsp_info cmd_snd_rcv_rsp_info;
+ struct se_api_msg *tx_msg __free(kfree) = NULL;
+ struct se_api_msg *rx_msg __free(kfree) = NULL;
+ int err = 0;
+
+ if (copy_from_user(&cmd_snd_rcv_rsp_info, (u8 *)arg,
+ sizeof(cmd_snd_rcv_rsp_info))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy cmd_snd_rcv_rsp_info from user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ if (cmd_snd_rcv_rsp_info.tx_buf_sz < SE_MU_HDR_SZ) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: User buffer too small(%d < %d)\n",
+ dev_ctx->miscdev.name,
+ cmd_snd_rcv_rsp_info.tx_buf_sz,
+ SE_MU_HDR_SZ);
+ err = -ENOSPC;
+ goto exit;
+ }
+
+ rx_msg = kzalloc(cmd_snd_rcv_rsp_info.rx_buf_sz, GFP_KERNEL);
+ if (!rx_msg) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ tx_msg = memdup_user(cmd_snd_rcv_rsp_info.tx_buf,
+ cmd_snd_rcv_rsp_info.tx_buf_sz);
+ if (IS_ERR(tx_msg)) {
+ err = PTR_ERR(tx_msg);
+ goto exit;
+ }
+
+ if (tx_msg->header.tag != priv->cmd_tag) {
+ err = -EINVAL;
+ goto exit;
+ }
+
+ guard(mutex)(&priv->se_if_cmd_lock);
+ priv->waiting_rsp_dev = dev_ctx;
+ dev_ctx->temp_resp_size = cmd_snd_rcv_rsp_info.rx_buf_sz;
+
+ /* Device Context that is assigned to be a
+ * FW's command receiver, has pre-allocated buffer.
+ */
+ if (dev_ctx != priv->cmd_receiver_dev)
+ dev_ctx->temp_resp = rx_msg;
+
+ err = ele_miscdev_msg_send(dev_ctx,
+ tx_msg,
+ cmd_snd_rcv_rsp_info.tx_buf_sz);
+ if (err < 0)
+ goto exit;
+
+ cmd_snd_rcv_rsp_info.tx_buf_sz = err;
+
+ err = ele_miscdev_msg_rcv(dev_ctx,
+ cmd_snd_rcv_rsp_info.rx_buf,
+ cmd_snd_rcv_rsp_info.rx_buf_sz);
+
+ if (err < 0)
+ goto exit;
+
+ cmd_snd_rcv_rsp_info.rx_buf_sz = err;
+
+exit:
+ dev_ctx->temp_resp_size = 0;
+ priv->waiting_rsp_dev = NULL;
+ if (dev_ctx != priv->cmd_receiver_dev)
+ dev_ctx->temp_resp = NULL;
+
+ if (copy_to_user((void *)arg, &cmd_snd_rcv_rsp_info,
+ sizeof(cmd_snd_rcv_rsp_info))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy cmd_snd_rcv_rsp_info from user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ }
+ return err;
+}
+
+/*
+ * File operations for user-space
+ */
+
+/* Write a message to the MU. */
+static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
+ size_t size, loff_t *ppos)
+{
+ struct se_api_msg *tx_msg __free(kfree) = NULL;
+ struct se_if_device_ctx *dev_ctx;
+ struct se_if_priv *priv;
+ int err;
+
+ dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ priv = dev_ctx->priv;
+ dev_dbg(priv->dev,
+ "%s: write from buf (%p)%zu, ppos=%lld\n",
+ dev_ctx->miscdev.name,
+ buf, size, ((ppos) ? *ppos : 0));
+
+ if (down_interruptible(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ if (dev_ctx->status != SE_IF_CTX_OPENED) {
+ err = -EINVAL;
+ goto exit;
+ }
+
+ if (size < SE_MU_HDR_SZ) {
+ dev_err(priv->dev,
+ "%s: User buffer too small(%zu < %d)\n",
+ dev_ctx->miscdev.name,
+ size, SE_MU_HDR_SZ);
+ err = -ENOSPC;
+ goto exit;
+ }
+ tx_msg = memdup_user(buf, size);
+ if (IS_ERR(tx_msg)) {
+ err = PTR_ERR(tx_msg);
+ goto exit;
+ }
+
+ print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
+ tx_msg, size, false);
+
+ err = ele_miscdev_msg_send(dev_ctx, tx_msg, size);
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return err;
+}
+
+/*
+ * Read a message from the MU.
+ * Blocking until a message is available.
+ */
+static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
+ size_t size, loff_t *ppos)
+{
+ struct se_if_device_ctx *dev_ctx;
+ struct se_if_priv *priv;
+ int err;
+
+ dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ priv = dev_ctx->priv;
+ dev_dbg(priv->dev,
+ "%s: read to buf %p(%zu), ppos=%lld\n",
+ dev_ctx->miscdev.name,
+ buf, size, ((ppos) ? *ppos : 0));
+
+ if (down_interruptible(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ if (dev_ctx->status != SE_IF_CTX_OPENED) {
+ err = -EINVAL;
+ goto exit;
+ }
+
+ err = ele_miscdev_msg_rcv(dev_ctx, buf, size);
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return err;
+}
+
+static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
+ struct se_if_node_info *if_node_info;
+ struct se_ioctl_get_if_info info;
+ int err = 0;
+
+ if_node_info = (struct se_if_node_info *)priv->info;
+
+ info.se_if_id = if_node_info->se_if_id;
+ info.interrupt_idx = 0;
+ info.tz = 0;
+ info.did = if_node_info->se_if_did;
+ info.cmd_tag = if_node_info->cmd_tag;
+ info.rsp_tag = if_node_info->rsp_tag;
+ info.success_tag = if_node_info->success_tag;
+ info.base_api_ver = if_node_info->base_api_ver;
+ info.fw_api_ver = if_node_info->fw_api_ver;
+
+ dev_dbg(priv->dev,
+ "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
+ dev_ctx->miscdev.name,
+ info.se_if_id, info.interrupt_idx, info.tz, info.did);
+
+ if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy mu info to user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+exit:
+ return err;
+}
+
+/* Need to copy the output data to user-device context.
+ */
+int se_dev_ctx_cpy_out_data(struct se_if_device_ctx *dev_ctx, bool do_cpy)
+{
+ struct se_buf_desc *b_desc, *temp;
+
+ list_for_each_entry_safe(b_desc, temp, &dev_ctx->pending_out, link) {
+ if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr && do_cpy) {
+
+ dev_dbg(dev_ctx->dev,
+ "%s: Copy output data to user\n",
+ dev_ctx->miscdev.name);
+ if (copy_to_user(b_desc->usr_buf_ptr,
+ b_desc->shared_buf_ptr,
+ b_desc->size)) {
+ dev_err(dev_ctx->dev,
+ "%s: Failure copying output data to user.",
+ dev_ctx->miscdev.name);
+ return -EFAULT;
+ }
+ }
+
+ if (b_desc->shared_buf_ptr)
+ memset(b_desc->shared_buf_ptr, 0, b_desc->size);
+
+ list_del(&b_desc->link);
+ kfree(b_desc);
+ }
+ return 0;
+}
+
+/*
+ * Clean the used Shared Memory space,
+ * whether its Input Data copied from user buffers, or
+ * Data received from FW.
+ */
+void se_dev_ctx_shared_mem_cleanup(struct se_if_device_ctx *dev_ctx)
+{
+ struct list_head *dev_ctx_lists[] = {&dev_ctx->pending_in,
+ &dev_ctx->pending_out};
+ struct se_buf_desc *b_desc, *temp;
+ int i;
+
+ for (i = 0; i < 2; i++) {
+ list_for_each_entry_safe(b_desc, temp,
+ dev_ctx_lists[i], link) {
+
+ if (b_desc->shared_buf_ptr)
+ memset(b_desc->shared_buf_ptr, 0, b_desc->size);
+
+ list_del(&b_desc->link);
+ kfree(b_desc);
+ }
+ }
+}
+
+/*
+ * Copy a buffer of data to/from the user and return the address to use in
+ * messages
+ */
+static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ struct se_shared_mem *shared_mem = NULL;
+ struct se_ioctl_setup_iobuf io = {0};
+ struct se_buf_desc *b_desc = NULL;
+ int err = 0;
+ u32 pos;
+
+ if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed copy iobuf config from user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ dev_dbg(dev_ctx->priv->dev,
+ "%s: io [buf: %p(%d) flag: %x]\n",
+ dev_ctx->miscdev.name,
+ io.user_buf, io.length, io.flags);
+
+ if (io.length == 0 || !io.user_buf) {
+ /*
+ * Accept NULL pointers since some buffers are optional
+ * in FW commands. In this case we should return 0 as
+ * pointer to be embedded into the message.
+ * Skip all data copy part of code below.
+ */
+ io.ele_addr = 0;
+ goto copy;
+ }
+
+ /* No specific requirement for this buffer. */
+ shared_mem = &dev_ctx->non_secure_mem;
+
+ /* Check there is enough space in the shared memory. */
+ if (shared_mem->size < shared_mem->pos ||
+ round_up(io.length, 8u) >= (shared_mem->size - shared_mem->pos)) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Not enough space in shared memory\n",
+ dev_ctx->miscdev.name);
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ /* Allocate space in shared memory. 8 bytes aligned. */
+ pos = shared_mem->pos;
+ shared_mem->pos += round_up(io.length, 8u);
+ io.ele_addr = (u64)shared_mem->dma_addr + pos;
+
+ memset(shared_mem->ptr + pos, 0, io.length);
+ if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
+ (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
+ /*
+ * buffer is input:
+ * copy data from user space to this allocated buffer.
+ */
+ if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
+ io.length)) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed copy data to shared memory\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+ }
+
+ b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
+ if (!b_desc) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+copy:
+ /* Provide the EdgeLock Enclave address to user space only if success.*/
+ if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy iobuff setup to user\n",
+ dev_ctx->miscdev.name);
+ kfree(b_desc);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ if (b_desc) {
+ b_desc->shared_buf_ptr = shared_mem->ptr + pos;
+ b_desc->usr_buf_ptr = io.user_buf;
+ b_desc->size = io.length;
+
+ if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
+ /*
+ * buffer is input:
+ * add an entry in the "pending input buffers" list so
+ * that copied data can be cleaned from shared memory
+ * later.
+ */
+ list_add_tail(&b_desc->link, &dev_ctx->pending_in);
+ } else {
+ /*
+ * buffer is output:
+ * add an entry in the "pending out buffers" list so data
+ * can be copied to user space when receiving Secure-Enclave
+ * response.
+ */
+ list_add_tail(&b_desc->link, &dev_ctx->pending_out);
+ }
+ }
+
+exit:
+ return err;
+}
+
+/* IOCTL to provide SoC information */
+static int se_ioctl_get_se_soc_info_handler(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ const struct se_if_node_info_list *info_list;
+ struct se_ioctl_get_soc_info soc_info;
+ int err = -EINVAL;
+
+ info_list = device_get_match_data(dev_ctx->priv->dev);
+ if (!info_list)
+ goto exit;
+
+ soc_info.soc_id = info_list->soc_id;
+ soc_info.soc_rev = dev_ctx->priv->soc_rev;
+
+ err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
+ if (err) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy soc info to user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+exit:
+ return err;
+}
+
+/* Open a character device. */
+static int se_if_fops_open(struct inode *nd, struct file *fp)
+{
+ struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ int err = 0;
+
+ /* Avoid race if opened at the same time */
+ if (down_trylock(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ /* Authorize only 1 instance. */
+ if (dev_ctx->status != SE_IF_CTX_FREE) {
+ err = -EBUSY;
+ goto exit;
+ }
+
+ /*
+ * Allocate some memory for data exchanges with S40x.
+ * This will be used for data not requiring secure memory.
+ */
+ dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
+ MAX_DATA_SIZE_PER_USER,
+ &dev_ctx->non_secure_mem.dma_addr,
+ GFP_KERNEL);
+ if (!dev_ctx->non_secure_mem.ptr) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
+ dev_ctx->non_secure_mem.pos = 0;
+ dev_ctx->status = SE_IF_CTX_OPENED;
+
+ dev_ctx->pending_hdr = 0;
+
+ goto exit;
+
+ dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
+ dev_ctx->non_secure_mem.ptr,
+ dev_ctx->non_secure_mem.dma_addr);
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return err;
+}
+
+/* Close a character device. */
+static int se_if_fops_close(struct inode *nd, struct file *fp)
+{
+ struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ struct se_if_priv *priv = dev_ctx->priv;
+
+ /* Avoid race if closed at the same time */
+ if (down_trylock(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ /* The device context has not been opened */
+ if (dev_ctx->status != SE_IF_CTX_OPENED)
+ goto exit;
+
+ /* check if this device was registered as command receiver. */
+ if (priv->cmd_receiver_dev == dev_ctx) {
+ priv->cmd_receiver_dev = NULL;
+ kfree(dev_ctx->temp_resp);
+ }
+
+ /* check if this device was registered as waiting response. */
+ if (priv->waiting_rsp_dev == dev_ctx) {
+ priv->waiting_rsp_dev = NULL;
+ mutex_unlock(&priv->se_if_cmd_lock);
+ }
+
+ /* Unmap secure memory shared buffer. */
+ if (dev_ctx->secure_mem.ptr)
+ devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
+
+ dev_ctx->secure_mem.ptr = NULL;
+ dev_ctx->secure_mem.dma_addr = 0;
+ dev_ctx->secure_mem.size = 0;
+ dev_ctx->secure_mem.pos = 0;
+
+ /* Free non-secure shared buffer. */
+ dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
+ dev_ctx->non_secure_mem.ptr,
+ dev_ctx->non_secure_mem.dma_addr);
+
+ dev_ctx->non_secure_mem.ptr = NULL;
+ dev_ctx->non_secure_mem.dma_addr = 0;
+ dev_ctx->non_secure_mem.size = 0;
+ dev_ctx->non_secure_mem.pos = 0;
+ se_dev_ctx_shared_mem_cleanup(dev_ctx);
+ dev_ctx->status = SE_IF_CTX_FREE;
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return 0;
+}
+
+/* IOCTL entry point of a character device */
+static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
+{
+ struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ struct se_if_priv *se_if_priv = dev_ctx->priv;
+ int err = -EINVAL;
+
+ /* Prevent race during change of device context */
+ if (down_interruptible(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ switch (cmd) {
+ case SE_IOCTL_ENABLE_CMD_RCV:
+ if (!se_if_priv->cmd_receiver_dev) {
+ err = 0;
+ se_if_priv->cmd_receiver_dev = dev_ctx;
+ dev_ctx->temp_resp = kzalloc(MAX_NVM_MSG_LEN, GFP_KERNEL);
+ if (!dev_ctx->temp_resp)
+ err = -ENOMEM;
+ }
+ break;
+ case SE_IOCTL_GET_MU_INFO:
+ err = se_ioctl_get_mu_info(dev_ctx, arg);
+ break;
+ case SE_IOCTL_SETUP_IOBUF:
+ err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
+ break;
+ case SE_IOCTL_GET_SOC_INFO:
+ err = se_ioctl_get_se_soc_info_handler(dev_ctx, arg);
+ break;
+ case SE_IOCTL_CMD_SEND_RCV_RSP:
+ err = se_ioctl_cmd_snd_rcv_rsp_handler(dev_ctx, arg);
+ break;
+
+ default:
+ err = -EINVAL;
+ dev_dbg(se_if_priv->dev,
+ "%s: IOCTL %.8x not supported\n",
+ dev_ctx->miscdev.name,
+ cmd);
+ }
+
+ up(&dev_ctx->fops_lock);
+ return (long)err;
+}
+
+/* Char driver setup */
+static const struct file_operations se_if_fops = {
+ .open = se_if_fops_open,
+ .owner = THIS_MODULE,
+ .release = se_if_fops_close,
+ .unlocked_ioctl = se_ioctl,
+ .read = se_if_fops_read,
+ .write = se_if_fops_write,
+};
+
+/* interface for managed res to unregister a character device */
+static void if_misc_deregister(void *miscdevice)
+{
+ misc_deregister(miscdevice);
+}
+
/* interface for managed res to free a mailbox channel */
static void if_mbox_free_channel(void *mbox_chan)
{
@@ -234,6 +817,7 @@ static void se_if_probe_cleanup(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
struct se_if_priv *priv;
+ int i;
priv = dev_get_drvdata(dev);
@@ -253,6 +837,17 @@ static void se_if_probe_cleanup(struct platform_device *pdev)
priv->imem.buf = NULL;
}
+ if (priv->ctxs) {
+ for (i = 0; i < priv->max_dev_ctx; i++) {
+ if (priv->ctxs[i]) {
+ devm_remove_action(dev,
+ if_misc_deregister,
+ &priv->ctxs[i]->miscdev);
+ misc_deregister(&priv->ctxs[i]->miscdev);
+ }
+ }
+ }
+
/* No need to check, if reserved memory is allocated
* before calling for its release. Or clearing the
* un-set bit.
@@ -260,6 +855,74 @@ static void se_if_probe_cleanup(struct platform_device *pdev)
of_reserved_mem_device_release(dev);
}
+static int init_device_context(struct se_if_priv *priv)
+{
+ const struct se_if_node_info *info = priv->info;
+ struct se_if_device_ctx *dev_ctx;
+ u8 *devname;
+ int ret = 0;
+ int i;
+
+ priv->ctxs = devm_kzalloc(priv->dev, sizeof(dev_ctx) * priv->max_dev_ctx,
+ GFP_KERNEL);
+
+ if (!priv->ctxs) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ /* Create users */
+ for (i = 0; i < priv->max_dev_ctx; i++) {
+ dev_ctx = devm_kzalloc(priv->dev, sizeof(*dev_ctx), GFP_KERNEL);
+ if (!dev_ctx) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ dev_ctx->dev = priv->dev;
+ dev_ctx->status = SE_IF_CTX_FREE;
+ dev_ctx->priv = priv;
+
+ priv->ctxs[i] = dev_ctx;
+
+ /* Default value invalid for an header. */
+ init_waitqueue_head(&dev_ctx->wq);
+
+ INIT_LIST_HEAD(&dev_ctx->pending_out);
+ INIT_LIST_HEAD(&dev_ctx->pending_in);
+ sema_init(&dev_ctx->fops_lock, 1);
+
+ devname = devm_kasprintf(priv->dev, GFP_KERNEL, "%s_ch%d",
+ info->se_name, i);
+ if (!devname) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ dev_ctx->miscdev.name = devname;
+ dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
+ dev_ctx->miscdev.fops = &se_if_fops;
+ dev_ctx->miscdev.parent = priv->dev;
+ ret = misc_register(&dev_ctx->miscdev);
+ if (ret) {
+ dev_err(priv->dev, "failed to register misc device %d\n",
+ ret);
+ return ret;
+ }
+
+ ret = devm_add_action(priv->dev, if_misc_deregister,
+ &dev_ctx->miscdev);
+ if (ret) {
+ dev_err(priv->dev,
+ "failed[%d] to add action to the misc-dev\n",
+ ret);
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
static void se_load_firmware(const struct firmware *fw, void *context)
{
struct se_if_priv *priv = (struct se_if_priv *) context;
@@ -459,6 +1122,16 @@ static int se_if_probe(struct platform_device *pdev)
ret = 0;
}
+ if (info->max_dev_ctx) {
+ ret = init_device_context(priv);
+ if (ret) {
+ dev_err(dev,
+ "Failed[0x%x] to create device contexts.\n",
+ ret);
+ goto exit;
+ }
+ }
+
dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
info->se_name);
return ret;
@@ -499,6 +1172,10 @@ static int se_resume(struct device *dev)
{
struct se_if_priv *priv = dev_get_drvdata(dev);
const struct se_if_node_info *info = priv->info;
+ int i;
+
+ for (i = 0; i < priv->max_dev_ctx; i++)
+ wake_up_interruptible(&priv->ctxs[i]->wq);
if (info && info->imem_mgmt_file_in_rfs)
se_restore_imem_state(priv);
diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
index f6008481408a..4f119a979a04 100644
--- a/drivers/firmware/imx/se_ctrl.h
+++ b/drivers/firmware/imx/se_ctrl.h
@@ -13,6 +13,8 @@
#define MAX_FW_LOAD_RETRIES 50
#define RES_STATUS(x) FIELD_GET(0x000000ff, x)
+#define MAX_DATA_SIZE_PER_USER (65 * 1024)
+#define MAX_NVM_MSG_LEN (256)
#define MESSAGING_VERSION_6 0x6
#define MESSAGING_VERSION_7 0x7
@@ -26,6 +28,48 @@ struct se_imem_buf {
u32 state;
};
+struct se_buf_desc {
+ u8 *shared_buf_ptr;
+ u8 *usr_buf_ptr;
+ u32 size;
+ struct list_head link;
+};
+
+/* Status of a char device */
+enum se_if_dev_ctx_status_t {
+ SE_IF_CTX_FREE,
+ SE_IF_CTX_OPENED
+};
+
+struct se_shared_mem {
+ dma_addr_t dma_addr;
+ u32 size;
+ u32 pos;
+ u8 *ptr;
+};
+
+/* Private struct for each char device instance. */
+struct se_if_device_ctx {
+ struct device *dev;
+ struct se_if_priv *priv;
+ struct miscdevice miscdev;
+
+ enum se_if_dev_ctx_status_t status;
+ wait_queue_head_t wq;
+ struct semaphore fops_lock;
+
+ u32 pending_hdr;
+ struct list_head pending_in;
+ struct list_head pending_out;
+
+ struct se_shared_mem secure_mem;
+ struct se_shared_mem non_secure_mem;
+
+ struct se_api_msg *temp_resp;
+ u32 temp_resp_size;
+ struct notifier_block se_notify;
+};
+
/* Header of the messages exchange with the EdgeLock Enclave */
struct se_msg_hdr {
u8 ver;
@@ -84,4 +128,6 @@ struct se_if_priv {
struct se_imem_buf imem;
};
+int se_dev_ctx_cpy_out_data(struct se_if_device_ctx *dev_ctx, bool do_cpy);
+void se_dev_ctx_shared_mem_cleanup(struct se_if_device_ctx *dev_ctx);
#endif
diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
new file mode 100644
index 000000000000..c2d0a92ef626
--- /dev/null
+++ b/include/uapi/linux/se_ioctl.h
@@ -0,0 +1,94 @@
+/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause*/
+/*
+ * Copyright 2024 NXP
+ */
+
+#ifndef SE_IOCTL_H
+#define SE_IOCTL_H
+
+/* IOCTL definitions. */
+
+struct se_ioctl_setup_iobuf {
+ u8 *user_buf;
+ u32 length;
+ u32 flags;
+ u64 ele_addr;
+};
+
+struct se_ioctl_shared_mem_cfg {
+ u32 base_offset;
+ u32 size;
+};
+
+struct se_ioctl_get_if_info {
+ u8 se_if_id;
+ u8 interrupt_idx;
+ u8 tz;
+ u8 did;
+ u8 cmd_tag;
+ u8 rsp_tag;
+ u8 success_tag;
+ u8 base_api_ver;
+ u8 fw_api_ver;
+};
+
+struct se_ioctl_cmd_snd_rcv_rsp_info {
+ u32 *tx_buf;
+ int tx_buf_sz;
+ u32 *rx_buf;
+ int rx_buf_sz;
+};
+
+struct se_ioctl_get_soc_info {
+ u16 soc_id;
+ u16 soc_rev;
+};
+
+/* IO Buffer Flags */
+#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
+#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
+#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
+#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
+#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
+
+/* IOCTLS */
+#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
+
+/*
+ * ioctl to designated the current fd as logical-reciever.
+ * This is ioctl is send when the nvm-daemon, a slave to the
+ * firmware is started by the user.
+ */
+#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
+
+/*
+ * ioctl to get the buffer allocated from the memory, which is shared
+ * between kernel and FW.
+ * Post allocation, the kernel tagged the allocated memory with:
+ * Output
+ * Input
+ * Input-Output
+ * Short address
+ * Secure-memory
+ */
+#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
+ struct se_ioctl_setup_iobuf)
+
+/*
+ * ioctl to get the mu information, that is used to exchange message
+ * with FW, from user-spaced.
+ */
+#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
+ struct se_ioctl_get_if_info)
+/*
+ * ioctl to get SoC Info from user-space.
+ */
+#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
+ struct se_ioctl_get_soc_info)
+
+/*
+ * ioctl to send command and receive response from user-space.
+ */
+#define SE_IOCTL_CMD_SEND_RCV_RSP _IOWR(SE_IOCTL, 0x07, \
+ struct se_ioctl_cmd_snd_rcv_rsp_info)
+#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [EXTERNAL] [PATCH v6 5/5] firmware: imx: adds miscdev
2024-07-22 4:51 ` [PATCH v6 5/5] firmware: imx: adds miscdev Pankaj Gupta
@ 2024-07-22 11:37 ` Amit Singh Tomar
2024-07-23 9:36 ` [EXT] " Pankaj Gupta
2024-07-23 14:20 ` Sascha Hauer
1 sibling, 1 reply; 23+ messages in thread
From: Amit Singh Tomar @ 2024-07-22 11:37 UTC (permalink / raw)
To: Pankaj Gupta, Jonathan Corbet, Rob Herring, Krzysztof Kozlowski,
Conor Dooley, Shawn Guo, Sascha Hauer, Pengutronix Kernel Team,
Fabio Estevam, Rob Herring
Cc: linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
Hi Pankaj,
>
> Adds the driver for communication interface to secure-enclave,
> for exchanging messages with NXP secure enclave HW IP(s) like
> EdgeLock Enclave from:
> - User-Space Applications via character driver.
>
> ABI documentation for the NXP secure-enclave driver.
>
> User-space library using this driver:
> - i.MX Secure Enclave library:
> -- URL:https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=C67hc24yMATzUglvGvywzpn0Efjurb6sOLm2V_9VpsI&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=C67hc24yMATzUglvGvywzpn0Efjurb6sOLm2V_9VpsI&e=>,
> - i.MX Secure Middle-Ware:
> -- URL:https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=NACAFfnEzGKFI7FlqdL4kxlt8PtxeXRorc3IWanqgtY&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=NACAFfnEzGKFI7FlqdL4kxlt8PtxeXRorc3IWanqgtY&e=>
>
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
> Documentation/ABI/testing/se-cdev | 43 +++
> drivers/firmware/imx/ele_common.c | 192 ++++++++++-
> drivers/firmware/imx/ele_common.h | 4 +
> drivers/firmware/imx/se_ctrl.c | 677 ++++++++++++++++++++++++++++++++++++++
> drivers/firmware/imx/se_ctrl.h | 46 +++
> include/uapi/linux/se_ioctl.h | 94 ++++++
> 6 files changed, 1053 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
> new file mode 100644
> index 000000000000..3451c909ccc4
> --- /dev/null
> +++ b/Documentation/ABI/testing/se-cdev
> @@ -0,0 +1,43 @@
> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> +Date: May 2024
> +KernelVersion: 6.8
> +Contact: linux-imx@nxp.com, pankaj.gupta@nxp.com
> +Description:
> + NXP offers multiple hardware IP(s) for secure enclaves like EdgeLock-
> + Enclave(ELE), SECO. The character device file descriptors
> + /dev/<se>_mu*_ch* are the interface between userspace NXP's secure-
> + enclave shared library and the kernel driver.
> +
> + The ioctl(2)-based ABI is defined and documented in
> + [include]<linux/firmware/imx/ele_mu_ioctl.h>.
> + ioctl(s) are used primarily for:
> + - shared memory management
> + - allocation of I/O buffers
> + - getting mu info
> + - setting a dev-ctx as receiver to receive all the commands from FW
> + - getting SoC info
> + - send command and receive command response
> +
> + The following file operations are supported:
> +
> + open(2)
> + Currently the only useful flags are O_RDWR.
> +
> + read(2)
> + Every read() from the opened character device context is waiting on
> + wait_event_interruptible, that gets set by the registered mailbox callback
> + function, indicating a message received from the firmware on message-
> + unit.
> +
> + write(2)
> + Every write() to the opened character device context needs to acquire
> + mailbox_lock before sending message on to the message unit.
> +
> + close(2)
> + Stops and frees up the I/O contexts that were associated
> + with the file descriptor.
> +
> +Users: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=C67hc24yMATzUglvGvywzpn0Efjurb6sOLm2V_9VpsI&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=C67hc24yMATzUglvGvywzpn0Efjurb6sOLm2V_9VpsI&e=>,
> + https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=NACAFfnEzGKFI7FlqdL4kxlt8PtxeXRorc3IWanqgtY&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=hqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-WqLaM_utz&s=NACAFfnEzGKFI7FlqdL4kxlt8PtxeXRorc3IWanqgtY&e=>
> + crypto/skcipher,
> + drivers/nvmem/imx-ocotp-ele.c
> diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
> index 3a6584d6f6f2..8167ae201b83 100644
> --- a/drivers/firmware/imx/ele_common.c
> +++ b/drivers/firmware/imx/ele_common.c
> @@ -78,6 +78,149 @@ int ele_msg_send_rcv(struct se_if_priv *priv, void *tx_msg, void *rx_msg)
> return err;
> }
>
> +int ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx,
> + void *rx_buf,
> + int rx_buf_sz)
> +{
> + struct se_msg_hdr *header;
> + int err;
> +
> + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
> + if (err) {
> + dev_err(dev_ctx->dev,
> + "%s: Err[0x%x]:Interrupted by signal.\n",
> + dev_ctx->miscdev.name, err);
> + goto exit;
> + }
> +
> + header = (struct se_msg_hdr *) dev_ctx->temp_resp;
> +
> + if (header->tag == dev_ctx->priv->rsp_tag) {
> + if (dev_ctx->priv->waiting_rsp_dev && dev_ctx->priv->waiting_rsp_dev != dev_ctx) {
> + dev_warn(dev_ctx->dev,
> + "Dev-ctx waiting for response mismatch (%s != %s).\n",
> + dev_ctx->miscdev.name, dev_ctx->priv->waiting_rsp_dev->miscdev.name);
> + err = -EPERM;
> + goto exit;
> + }
> + }
> +
> + dev_dbg(dev_ctx->dev,
> + "%s: %s %s\n",
> + dev_ctx->miscdev.name,
> + __func__,
> + "message received, start transmit to user");
> +
> + /*
> + * Check that the size passed as argument is larger than
> + * the one carried in the message.
> + *
> + * In case of US-command/response, the dev_ctx->temp_resp_size
> + * is set before sending the command.
> + *
> + * In case of NVM Slave-command/response, the dev_ctx->temp_resp_size
> + * is set after receing the message from mailbox.
> + */
> + if (dev_ctx->temp_resp_size > rx_buf_sz) {
> + dev_err(dev_ctx->dev,
> + "%s: User buffer too small (%d < %d)\n",
> + dev_ctx->miscdev.name,
> + rx_buf_sz, dev_ctx->temp_resp_size);
> + dev_ctx->temp_resp_size = rx_buf_sz;
> + }
> +
> + /* We may need to copy the output data to user before
> + * delivering the completion message.
> + */
> + err = se_dev_ctx_cpy_out_data(dev_ctx, true);
> + if (err < 0)
> + goto exit;
> +
> + /* Copy data from the buffer */
> + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> + dev_ctx->temp_resp, dev_ctx->temp_resp_size, false);
> + if (copy_to_user(rx_buf, dev_ctx->temp_resp, dev_ctx->temp_resp_size)) {
> + dev_err(dev_ctx->dev,
> + "%s: Failed to copy to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + err = dev_ctx->temp_resp_size;
> +exit:
> + if (err < 0)
> + se_dev_ctx_cpy_out_data(dev_ctx, false);
> +
> + /* free memory allocated on the shared buffers. */
> + dev_ctx->secure_mem.pos = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + dev_ctx->pending_hdr = 0;
> + se_dev_ctx_shared_mem_cleanup(dev_ctx);
> +
> + return err;
> +}
> +
> +int ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz)
> +{
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_msg_hdr *header;
> + u32 size_to_send;
> + int err;
> +
> + header = (struct se_msg_hdr *) tx_msg;
> +
> + /*
> + * Check that the size passed as argument matches the size
> + * carried in the message.
> + */
> + size_to_send = header->size << 2;
> +
> + if (size_to_send != tx_msg_sz) {
> + err = -EINVAL;
> + dev_err(priv->dev,
> + "%s: User buf hdr(0x%x) sz mismatced with input-sz (%d != %d).\n",
> + dev_ctx->miscdev.name, *(u32 *)header, size_to_send, tx_msg_sz);
> + goto exit;
> + }
> +
> + /* Check the message is valid according to tags */
> + if (header->tag == priv->rsp_tag) {
> + /* Check the device context can send the command */
> + if (dev_ctx != priv->cmd_receiver_dev) {
> + dev_err(priv->dev,
> + "%s: Channel not configured to send resp to FW.",
> + dev_ctx->miscdev.name);
> + err = -EPERM;
> + goto exit;
> + }
> + } else if (header->tag == priv->cmd_tag) {
> + if (priv->waiting_rsp_dev != dev_ctx) {
> + dev_err(priv->dev,
> + "%s: Channel not configured to send cmd to FW.",
> + dev_ctx->miscdev.name);
> + err = -EPERM;
> + goto exit;
> + }
> + lockdep_assert_held(&priv->se_if_cmd_lock);
> + } else {
> + dev_err(priv->dev,
> + "%s: The message does not have a valid TAG\n",
> + dev_ctx->miscdev.name);
> + err = -EINVAL;
> + goto exit;
> + }
> + err = ele_msg_send(priv, tx_msg);
> + if (err < 0)
> + goto exit;
> +
> + err = size_to_send;
> +exit:
> + return err;
> +}
> +
> static bool exception_for_size(struct se_if_priv *priv,
> struct se_msg_hdr *header)
> {
> @@ -99,6 +242,7 @@ static bool exception_for_size(struct se_if_priv *priv,
> void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> {
> struct device *dev = mbox_cl->dev;
> + struct se_if_device_ctx *dev_ctx;
> struct se_if_priv *priv;
> struct se_msg_hdr *header;
> u32 rx_msg_sz;
> @@ -114,8 +258,50 @@ void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> header = msg;
> rx_msg_sz = header->size << 2;
>
> - if (header->tag == priv->rsp_tag) {
> - if (!priv->waiting_rsp_dev) {
> + /* Incoming command: wake up the receiver if any. */
> + if (header->tag == priv->cmd_tag) {
> + dev_dbg(dev, "Selecting cmd receiver\n");
> + dev_ctx = priv->cmd_receiver_dev;
> + /* Pre-allocated buffer of MAX_NVM_MSG_LEN
> + * as the NVM command are initiated by FW.
> + * Size is revealed as part of this call function.
> + */
> + if (rx_msg_sz > MAX_NVM_MSG_LEN) {
> + dev_err(dev,
> + "%s: Msg recvd hdr(0x%x) with greater[%d] than allocated buf-sz.\n",
> + dev_ctx->miscdev.name,
> + *(u32 *) header,
> + rx_msg_sz);
> + } else
> + memcpy(dev_ctx->temp_resp, msg, rx_msg_sz);
It is categorically stated (in the Linux kernel coding style guide) that
this rule does not apply if only one branch of a conditional statement
consists of a single statement. In such cases, you should categorically
use braces for both branches of the conditional statement:
if (condition) {
do_this();
do_that();
} else {
otherwise();
}
Also, made a similar comment on the earlier version (v5) as well:
https://patchwork.kernel.org/project/imx/patch/20240712-imx-se-if-v5-4-66a79903a872@nxp.com/
Thanks
-Amit
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-22 4:51 ` [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc Pankaj Gupta
@ 2024-07-22 16:50 ` Conor Dooley
2024-07-23 9:28 ` [EXT] " Pankaj Gupta
0 siblings, 1 reply; 23+ messages in thread
From: Conor Dooley @ 2024-07-22 16:50 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc, linux-kernel, devicetree, imx,
linux-arm-kernel
[-- Attachment #1: Type: text/plain, Size: 3651 bytes --]
On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> creates an embedded secure enclave within the SoC boundary to enable
> features like:
> - HSM
> - SHE
> - V2X
>
> Secure-Enclave(s) communication interface are typically via message
> unit, i.e., based on mailbox linux kernel driver. This driver enables
> communication ensuring well defined message sequence protocol between
> Application Core and enclave's firmware.
>
> Driver configures multiple misc-device on the MU, for multiple
> user-space applications, to be able to communicate over single MU.
>
> It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
>
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
> .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91 ++++++++++++++++++++++
> 1 file changed, 91 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> new file mode 100644
> index 000000000000..7511d0e9cf98
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> @@ -0,0 +1,91 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> +
> +maintainers:
> + - Pankaj Gupta <pankaj.gupta@nxp.com>
> +
> +description: |
> + NXP's SoC may contain one or multiple embedded secure-enclave HW
> + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> + enables features like
> + - Hardware Security Module (HSM),
> + - Security Hardware Extension (SHE), and
> + - Vehicular to Anything (V2X)
> +
> + Communication interface to the secure-enclaves(se) is based on the
> + messaging unit(s).
> +
> +properties:
> + compatible:
> + enum:
> + - fsl,imx8ulp-se
> + - fsl,imx93-se
> + - fsl,imx95-se
> +
> + mboxes:
> + items:
> + - description: mailbox phandle to send message to se firmware
> + - description: mailbox phandle to receive message from se firmware
> +
> + mbox-names:
> + items:
> + - const: tx
> + - const: rx
> +
> + memory-region:
> + maxItems: 1
> +
> + sram:
> + maxItems: 1
> +
> +required:
> + - compatible
> + - mboxes
> + - mbox-names
> +
> +allOf:
> + # memory-region
> + - if:
> + properties:
> + compatible:
> + contains:
> + enum:
> + - fsl,imx8ulp-se
> + - fsl,imx93-se
> + then:
> + required:
> + - memory-region
> + else:
> + properties:
> + memory-region: false
> +
> + # sram
> + - if:
> + properties:
> + compatible:
> + contains:
> + enum:
> + - fsl,imx8ulp-se
> + then:
> + required:
> + - sram
> +
> + else:
> + properties:
> + sram: false
> +
> +additionalProperties: false
> +
> +examples:
> + - |
> + senclave-firmware {
Last revision this was "firmware", but now you've got something that
appears non-generic. Why did you change it? The normal differentiator for
multiple nodes is -[0-9]*, why can't you use that, if you're worried
about multiple nodes?
> + compatible = "fsl,imx95-se";
> + mboxes = <&ele_mu0 0 0>, <&ele_mu0 1 0>;
> + mbox-names = "tx", "rx";
> + };
> +...
>
> --
> 2.34.1
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-22 16:50 ` Conor Dooley
@ 2024-07-23 9:28 ` Pankaj Gupta
2024-07-23 14:08 ` Conor Dooley
0 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-23 9:28 UTC (permalink / raw)
To: Conor Dooley
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Conor Dooley <conor@kernel.org>
> Sent: Monday, July 22, 2024 10:20 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> linux-arm-kernel@lists.infradead.org
> Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding
> doc
>
> On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> > creates an embedded secure enclave within the SoC boundary to enable
> > features like:
> > - HSM
> > - SHE
> > - V2X
> >
> > Secure-Enclave(s) communication interface are typically via message
> > unit, i.e., based on mailbox linux kernel driver. This driver enables
> > communication ensuring well defined message sequence protocol between
> > Application Core and enclave's firmware.
> >
> > Driver configures multiple misc-device on the MU, for multiple
> > user-space applications, to be able to communicate over single MU.
> >
> > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> >
> > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > ---
> > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91
> ++++++++++++++++++++++
> > 1 file changed, 91 insertions(+)
> >
> > diff --git
> > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > new file mode 100644
> > index 000000000000..7511d0e9cf98
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > @@ -0,0 +1,91 @@
> > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2
> > +---
> > +$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
> > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > +
> > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > +
> > +maintainers:
> > + - Pankaj Gupta <pankaj.gupta@nxp.com>
> > +
> > +description: |
> > + NXP's SoC may contain one or multiple embedded secure-enclave HW
> > + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > + enables features like
> > + - Hardware Security Module (HSM),
> > + - Security Hardware Extension (SHE), and
> > + - Vehicular to Anything (V2X)
> > +
> > + Communication interface to the secure-enclaves(se) is based on the
> > + messaging unit(s).
> > +
> > +properties:
> > + compatible:
> > + enum:
> > + - fsl,imx8ulp-se
> > + - fsl,imx93-se
> > + - fsl,imx95-se
> > +
> > + mboxes:
> > + items:
> > + - description: mailbox phandle to send message to se firmware
> > + - description: mailbox phandle to receive message from se
> > + firmware
> > +
> > + mbox-names:
> > + items:
> > + - const: tx
> > + - const: rx
> > +
> > + memory-region:
> > + maxItems: 1
> > +
> > + sram:
> > + maxItems: 1
> > +
> > +required:
> > + - compatible
> > + - mboxes
> > + - mbox-names
> > +
> > +allOf:
> > + # memory-region
> > + - if:
> > + properties:
> > + compatible:
> > + contains:
> > + enum:
> > + - fsl,imx8ulp-se
> > + - fsl,imx93-se
> > + then:
> > + required:
> > + - memory-region
> > + else:
> > + properties:
> > + memory-region: false
> > +
> > + # sram
> > + - if:
> > + properties:
> > + compatible:
> > + contains:
> > + enum:
> > + - fsl,imx8ulp-se
> > + then:
> > + required:
> > + - sram
> > +
> > + else:
> > + properties:
> > + sram: false
> > +
> > +additionalProperties: false
> > +
> > +examples:
> > + - |
> > + senclave-firmware {
>
> Last revision this was "firmware", but now you've got something that appears
> non-generic. Why did you change it?
In case you missed, there was a previous email requesting your view on this change.
Having node as "firmware {", is very generic that has wide interpretation.
Hence, replaced firmware with "senclave-firmware".
Why "senclave"?
Like sram, for secure RAM, I proposed senclave for secure enclave.
Moreover, there are plenty of examples of YAML(s), that were already committed; that are using this:
linux_bkp$:> find Documentation/ -name "*.yaml" | xargs grep -r "\-firmware {"
Documentation/devicetree/bindings/crypto/xlnx,zynqmp-aes.yaml: zynqmp_firmware: zynqmp-firmware {
Documentation/devicetree/bindings/fpga/xlnx,zynqmp-pcap-fpga.yaml: zynqmp_firmware: zynqmp-firmware {
Documentation/devicetree/bindings/gpio/xlnx,zynqmp-gpio-modepin.yaml: zynqmp-firmware {
And more...
If you any other suggested word to pre-fix , that narrows down this broad referenced word "firmware". Please suggest.
> The normal differentiator for multiple
> nodes is -[0-9]*, why can't you use that, if you're worried about multiple
> nodes?
Thanks Conor, for the suggestion this. Will use this. Thanks.
>
> > + compatible = "fsl,imx95-se";
> > + mboxes = <&ele_mu0 0 0>, <&ele_mu0 1 0>;
> > + mbox-names = "tx", "rx";
> > + };
> > +...
> >
> > --
> > 2.34.1
> >
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [EXTERNAL] [PATCH v6 5/5] firmware: imx: adds miscdev
2024-07-22 11:37 ` [EXTERNAL] " Amit Singh Tomar
@ 2024-07-23 9:36 ` Pankaj Gupta
0 siblings, 0 replies; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-23 9:36 UTC (permalink / raw)
To: Amit Singh Tomar, Jonathan Corbet, Rob Herring,
Krzysztof Kozlowski, Conor Dooley, Shawn Guo, Sascha Hauer,
Pengutronix Kernel Team, Fabio Estevam, Rob Herring
Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Amit Singh Tomar <amitsinght@marvell.com>
> Sent: Monday, July 22, 2024 5:08 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Jonathan Corbet
> <corbet@lwn.net>; Rob Herring <robh@kernel.org>; Krzysztof Kozlowski
> <krzk+dt@kernel.org>; Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> <shawnguo@kernel.org>; Sascha Hauer <s.hauer@pengutronix.de>;
> Pengutronix Kernel Team <kernel@pengutronix.de>; Fabio Estevam
> <festevam@gmail.com>; Rob Herring <robh+dt@kernel.org>
> Cc: linux-doc@vger.kernel.org; linux-kernel@vger.kernel.org;
> devicetree@vger.kernel.org; imx@lists.linux.dev; linux-arm-
> kernel@lists.infradead.org
> Subject: [EXT] Re: [EXTERNAL] [PATCH v6 5/5] firmware: imx: adds miscdev
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> Hi Pankaj,
> >
> > Adds the driver for communication interface to secure-enclave, for
> > exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
> > Enclave from:
> > - User-Space Applications via character driver.
> >
> > ABI documentation for the NXP secure-enclave driver.
> >
> > User-space library using this driver:
> > - i.MX Secure Enclave library:
> > --
> >
> URL:https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > urldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-
> 3A__github.com_nxp-2D
> > imx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xt
> > fQ%26r%3DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0
> > jujItfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DC67hc24yMA
> >
> TzUglvGvywzpn0Efjurb6sOLm2V_9VpsI%26e%3D&data=05%7C02%7Cpanka
> j.gupta%4
> >
> 0nxp.com%7C5acd31c1cfc14661861c08dcaa42c232%7C686ea1d3bc2b4c6f
> a92cd99c
> >
> 5c301635%7C0%7C0%7C638572450920546605%7CUnknown%7CTWFpbG
> Zsb3d8eyJWIjoi
> >
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0
> %7C%7C%7
> >
> C&sdata=cV67vBSDb5uPaABT8RDTmtNOtqePRAALqo7QuUaV4QQ%3D&rese
> rved=0
> > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl
> > defense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-
> 3A__github.com_nxp-2Dimx
> > _imx-2Dsecure-
> 2Denclave.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%
> > 26r%3DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0juj
> > Itfaaf7PHhtqSHj4aoWie1-b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DC67hc24yMATzU
> >
> glvGvywzpn0Efjurb6sOLm2V_9VpsI%26e%3D&data=05%7C02%7Cpankaj.gu
> pta%40nx
> >
> p.com%7C5acd31c1cfc14661861c08dcaa42c232%7C686ea1d3bc2b4c6fa92
> cd99c5c3
> >
> 01635%7C0%7C0%7C638572450920558539%7CUnknown%7CTWFpbGZsb
> 3d8eyJWIjoiMC4
> >
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
> %7C%7C&s
> >
> data=yrSEmLSlxZrIZG%2Bk4J%2BbDyvzdEams5ux%2F8nKhQBLq74%3D&rese
> rved=0>,
> > - i.MX Secure Middle-Ware:
> > --
> >
> URL:https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > urldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-
> 3A__github.com_nxp-2D
> > imx_imx-
> 2Dsmw.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3D
> V_GK
> > 7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0jujItfaaf7PHh
> > tqSHj4aoWie1-b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DNACAFfnEzGKFI7FlqdL4kxl
> >
> t8PtxeXRorc3IWanqgtY%26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.
> com%7C5a
> >
> cd31c1cfc14661861c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd99c5c3016
> 35%7C0%
> >
> 7C0%7C638572450920566218%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiL
> >
> CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdat
> a=vuTve
> > lCrdOFlGPGGpwpx0YgA6So%2BRIPJQRSzOjfo2LM%3D&reserved=0
> > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl
> > defense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-
> 3A__github.com_nxp-2Dimx
> > _imx-
> 2Dsmw.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3D
> V_GK7jR
> > uCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0jujItfaaf7PHhtqS
> > Hj4aoWie1-b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DNACAFfnEzGKFI7FlqdL4kxlt8P
> >
> txeXRorc3IWanqgtY%26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.co
> m%7C5acd3
> >
> 1c1cfc14661861c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd99c5c301635
> %7C0%7C0
> > %7C638572450920572062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> 4wLjAwMDAiLCJQ
> >
> IjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=E
> DDL3DFE
> > erSUqrBRGQchaAsN3L0H2nkkRw4AsoNBMqA%3D&reserved=0>
> >
> > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > ---
> > Documentation/ABI/testing/se-cdev | 43 +++
> > drivers/firmware/imx/ele_common.c | 192 ++++++++++-
> > drivers/firmware/imx/ele_common.h | 4 +
> > drivers/firmware/imx/se_ctrl.c | 677
> ++++++++++++++++++++++++++++++++++++++
> > drivers/firmware/imx/se_ctrl.h | 46 +++
> > include/uapi/linux/se_ioctl.h | 94 ++++++
> > 6 files changed, 1053 insertions(+), 3 deletions(-)
> >
> > diff --git a/Documentation/ABI/testing/se-cdev
> > b/Documentation/ABI/testing/se-cdev
> > new file mode 100644
> > index 000000000000..3451c909ccc4
> > --- /dev/null
> > +++ b/Documentation/ABI/testing/se-cdev
> > @@ -0,0 +1,43 @@
> > +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> > +Date: May 2024
> > +KernelVersion: 6.8
> > +Contact: linux-imx@nxp.com, pankaj.gupta@nxp.com
> > +Description:
> > + NXP offers multiple hardware IP(s) for secure enclaves like EdgeLock-
> > + Enclave(ELE), SECO. The character device file descriptors
> > + /dev/<se>_mu*_ch* are the interface between userspace NXP's
> secure-
> > + enclave shared library and the kernel driver.
> > +
> > + The ioctl(2)-based ABI is defined and documented in
> > + [include]<linux/firmware/imx/ele_mu_ioctl.h>.
> > + ioctl(s) are used primarily for:
> > + - shared memory management
> > + - allocation of I/O buffers
> > + - getting mu info
> > + - setting a dev-ctx as receiver to receive all the commands from
> FW
> > + - getting SoC info
> > + - send command and receive command response
> > +
> > + The following file operations are supported:
> > +
> > + open(2)
> > + Currently the only useful flags are O_RDWR.
> > +
> > + read(2)
> > + Every read() from the opened character device context is waiting on
> > + wait_event_interruptible, that gets set by the registered mailbox
> callback
> > + function, indicating a message received from the firmware on
> message-
> > + unit.
> > +
> > + write(2)
> > + Every write() to the opened character device context needs to
> acquire
> > + mailbox_lock before sending message on to the message unit.
> > +
> > + close(2)
> > + Stops and frees up the I/O contexts that were associated
> > + with the file descriptor.
> > +
> > +Users:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldef
> ense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%
> 3DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-
> b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DC67hc24yMATzUglvGvywzpn0Efjurb6sOLm2V_9VpsI%
> 26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5acd31c1cfc146
> 61861c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C
> 0%7C638572450920577297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
> %7C%7C&sdata=FvSTP3MVF%2BSghK36fmJ8u%2FySJ80DP7VQjNYAytj9gws
> %3D&reserved=0
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld
> efense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%
> 3DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-
> b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DC67hc24yMATzUglvGvywzpn0Efjurb6sOLm2V_9VpsI%
> 26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5acd31c1cfc146
> 61861c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C
> 0%7C638572450920582198%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4
> wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
> %7C%7C&sdata=%2Fb342eydDBBpn451JY9h36udCBWaJmzMbMOQcJHWI%
> 2BQ%3D&reserved=0>,
> > +
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldef
> ense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-
> 2Dsmw.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3D
> V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-
> b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DNACAFfnEzGKFI7FlqdL4kxlt8PtxeXRorc3IWanqgtY%26e
> %3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5acd31c1cfc146618
> 61c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7
> C638572450920586967%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C
> %7C&sdata=sXtVRno2qOn6aGvIr2HpJrB0WbhexELpRMNQE8JPUxY%3D&res
> erved=0
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld
> efense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-
> 2Dsmw.git%26d%3DDwICaQ%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3D
> V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3Dhqz6ztDhob0jujItfaaf7PHhtqSHj4aoWie1-
> b4nAGXTUrSyBQtV9W-
> WqLaM_utz%26s%3DNACAFfnEzGKFI7FlqdL4kxlt8PtxeXRorc3IWanqgtY%26e
> %3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5acd31c1cfc146618
> 61c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7
> C638572450920591699%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C
> %7C&sdata=XVI6X7w5FBckyuDIklwBvWTvYQ69GJPvR%2FnIvgyWulU%3D&r
> eserved=0>
> > + crypto/skcipher,
> > + drivers/nvmem/imx-ocotp-ele.c
> > diff --git a/drivers/firmware/imx/ele_common.c
> > b/drivers/firmware/imx/ele_common.c
> > index 3a6584d6f6f2..8167ae201b83 100644
> > --- a/drivers/firmware/imx/ele_common.c
> > +++ b/drivers/firmware/imx/ele_common.c
> > @@ -78,6 +78,149 @@ int ele_msg_send_rcv(struct se_if_priv *priv, void
> *tx_msg, void *rx_msg)
> > return err;
> > }
> >
> > +int ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx,
> > + void *rx_buf,
> > + int rx_buf_sz)
> > +{
> > + struct se_msg_hdr *header;
> > + int err;
> > +
> > + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
> > + if (err) {
> > + dev_err(dev_ctx->dev,
> > + "%s: Err[0x%x]:Interrupted by signal.\n",
> > + dev_ctx->miscdev.name, err);
> > + goto exit;
> > + }
> > +
> > + header = (struct se_msg_hdr *) dev_ctx->temp_resp;
> > +
> > + if (header->tag == dev_ctx->priv->rsp_tag) {
> > + if (dev_ctx->priv->waiting_rsp_dev && dev_ctx->priv-
> >waiting_rsp_dev != dev_ctx) {
> > + dev_warn(dev_ctx->dev,
> > + "Dev-ctx waiting for response mismatch (%s != %s).\n",
> > + dev_ctx->miscdev.name, dev_ctx->priv->waiting_rsp_dev-
> >miscdev.name);
> > + err = -EPERM;
> > + goto exit;
> > + }
> > + }
> > +
> > + dev_dbg(dev_ctx->dev,
> > + "%s: %s %s\n",
> > + dev_ctx->miscdev.name,
> > + __func__,
> > + "message received, start transmit to user");
> > +
> > + /*
> > + * Check that the size passed as argument is larger than
> > + * the one carried in the message.
> > + *
> > + * In case of US-command/response, the dev_ctx->temp_resp_size
> > + * is set before sending the command.
> > + *
> > + * In case of NVM Slave-command/response, the dev_ctx-
> >temp_resp_size
> > + * is set after receing the message from mailbox.
> > + */
> > + if (dev_ctx->temp_resp_size > rx_buf_sz) {
> > + dev_err(dev_ctx->dev,
> > + "%s: User buffer too small (%d < %d)\n",
> > + dev_ctx->miscdev.name,
> > + rx_buf_sz, dev_ctx->temp_resp_size);
> > + dev_ctx->temp_resp_size = rx_buf_sz;
> > + }
> > +
> > + /* We may need to copy the output data to user before
> > + * delivering the completion message.
> > + */
> > + err = se_dev_ctx_cpy_out_data(dev_ctx, true);
> > + if (err < 0)
> > + goto exit;
> > +
> > + /* Copy data from the buffer */
> > + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + dev_ctx->temp_resp, dev_ctx->temp_resp_size, false);
> > + if (copy_to_user(rx_buf, dev_ctx->temp_resp, dev_ctx-
> >temp_resp_size)) {
> > + dev_err(dev_ctx->dev,
> > + "%s: Failed to copy to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + err = dev_ctx->temp_resp_size;
> > +exit:
> > + if (err < 0)
> > + se_dev_ctx_cpy_out_data(dev_ctx, false);
> > +
> > + /* free memory allocated on the shared buffers. */
> > + dev_ctx->secure_mem.pos = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + dev_ctx->pending_hdr = 0;
> > + se_dev_ctx_shared_mem_cleanup(dev_ctx);
> > +
> > + return err;
> > +}
> > +
> > +int ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz) {
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_msg_hdr *header;
> > + u32 size_to_send;
> > + int err;
> > +
> > + header = (struct se_msg_hdr *) tx_msg;
> > +
> > + /*
> > + * Check that the size passed as argument matches the size
> > + * carried in the message.
> > + */
> > + size_to_send = header->size << 2;
> > +
> > + if (size_to_send != tx_msg_sz) {
> > + err = -EINVAL;
> > + dev_err(priv->dev,
> > + "%s: User buf hdr(0x%x) sz mismatced with input-sz
> (%d != %d).\n",
> > + dev_ctx->miscdev.name, *(u32 *)header, size_to_send,
> tx_msg_sz);
> > + goto exit;
> > + }
> > +
> > + /* Check the message is valid according to tags */
> > + if (header->tag == priv->rsp_tag) {
> > + /* Check the device context can send the command */
> > + if (dev_ctx != priv->cmd_receiver_dev) {
> > + dev_err(priv->dev,
> > + "%s: Channel not configured to send resp to FW.",
> > + dev_ctx->miscdev.name);
> > + err = -EPERM;
> > + goto exit;
> > + }
> > + } else if (header->tag == priv->cmd_tag) {
> > + if (priv->waiting_rsp_dev != dev_ctx) {
> > + dev_err(priv->dev,
> > + "%s: Channel not configured to send cmd to FW.",
> > + dev_ctx->miscdev.name);
> > + err = -EPERM;
> > + goto exit;
> > + }
> > + lockdep_assert_held(&priv->se_if_cmd_lock);
> > + } else {
> > + dev_err(priv->dev,
> > + "%s: The message does not have a valid TAG\n",
> > + dev_ctx->miscdev.name);
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > + err = ele_msg_send(priv, tx_msg);
> > + if (err < 0)
> > + goto exit;
> > +
> > + err = size_to_send;
> > +exit:
> > + return err;
> > +}
> > +
> > static bool exception_for_size(struct se_if_priv *priv,
> > struct se_msg_hdr *header)
> > {
> > @@ -99,6 +242,7 @@ static bool exception_for_size(struct se_if_priv *priv,
> > void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> > {
> > struct device *dev = mbox_cl->dev;
> > + struct se_if_device_ctx *dev_ctx;
> > struct se_if_priv *priv;
> > struct se_msg_hdr *header;
> > u32 rx_msg_sz;
> > @@ -114,8 +258,50 @@ void se_if_rx_callback(struct mbox_client
> *mbox_cl, void *msg)
> > header = msg;
> > rx_msg_sz = header->size << 2;
> >
> > - if (header->tag == priv->rsp_tag) {
> > - if (!priv->waiting_rsp_dev) {
> > + /* Incoming command: wake up the receiver if any. */
> > + if (header->tag == priv->cmd_tag) {
> > + dev_dbg(dev, "Selecting cmd receiver\n");
> > + dev_ctx = priv->cmd_receiver_dev;
> > + /* Pre-allocated buffer of MAX_NVM_MSG_LEN
> > + * as the NVM command are initiated by FW.
> > + * Size is revealed as part of this call function.
> > + */
> > + if (rx_msg_sz > MAX_NVM_MSG_LEN) {
> > + dev_err(dev,
> > + "%s: Msg recvd hdr(0x%x) with greater[%d] than allocated
> buf-sz.\n",
> > + dev_ctx->miscdev.name,
> > + *(u32 *) header,
> > + rx_msg_sz);
> > + } else
> > + memcpy(dev_ctx->temp_resp, msg, rx_msg_sz);
>
> It is categorically stated (in the Linux kernel coding style guide) that this rule
> does not apply if only one branch of a conditional statement consists of a
> single statement. In such cases, you should categorically use braces for both
> branches of the conditional statement:
>
> if (condition) {
> do_this();
> do_that();
> } else {
> otherwise();
> }
Checkpatch.pl donot throw either warning or error, for this.
Adding the braces to else, do not throw error or warning, either.
Thus, will add this change.
>
> Also, made a similar comment on the earlier version (v5) as well:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatch
> work.kernel.org%2Fproject%2Fimx%2Fpatch%2F20240712-imx-se-if-v5-4-
> 66a79903a872%40nxp.com%2F&data=05%7C02%7Cpankaj.gupta%40nxp.c
> om%7C5acd31c1cfc14661861c08dcaa42c232%7C686ea1d3bc2b4c6fa92cd
> 99c5c301635%7C0%7C0%7C638572450920596406%7CUnknown%7CTWF
> pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
> VCI6Mn0%3D%7C0%7C%7C%7C&sdata=nnkWdELMd%2BaYqAcqFoeTaSOib
> VnSoMBegxXsn8PMePc%3D&reserved=0
>
> Thanks
> -Amit
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-23 9:28 ` [EXT] " Pankaj Gupta
@ 2024-07-23 14:08 ` Conor Dooley
2024-07-24 11:02 ` Pankaj Gupta
0 siblings, 1 reply; 23+ messages in thread
From: Conor Dooley @ 2024-07-23 14:08 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
[-- Attachment #1: Type: text/plain, Size: 6134 bytes --]
On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
>
> > -----Original Message-----
> > From: Conor Dooley <conor@kernel.org>
> > Sent: Monday, July 22, 2024 10:20 PM
> > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> > linux-arm-kernel@lists.infradead.org
> > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding
> > doc
Please fix this ^
> >
> > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> > > creates an embedded secure enclave within the SoC boundary to enable
> > > features like:
> > > - HSM
> > > - SHE
> > > - V2X
> > >
> > > Secure-Enclave(s) communication interface are typically via message
> > > unit, i.e., based on mailbox linux kernel driver. This driver enables
> > > communication ensuring well defined message sequence protocol between
> > > Application Core and enclave's firmware.
> > >
> > > Driver configures multiple misc-device on the MU, for multiple
> > > user-space applications, to be able to communicate over single MU.
> > >
> > > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> > >
> > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > ---
> > > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91
> > ++++++++++++++++++++++
> > > 1 file changed, 91 insertions(+)
> > >
> > > diff --git
> > > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > new file mode 100644
> > > index 000000000000..7511d0e9cf98
> > > --- /dev/null
> > > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > @@ -0,0 +1,91 @@
> > > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2
> > > +---
> > > +$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
> > > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > > +
> > > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > > +
> > > +maintainers:
> > > + - Pankaj Gupta <pankaj.gupta@nxp.com>
> > > +
> > > +description: |
> > > + NXP's SoC may contain one or multiple embedded secure-enclave HW
> > > + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > > + enables features like
> > > + - Hardware Security Module (HSM),
> > > + - Security Hardware Extension (SHE), and
> > > + - Vehicular to Anything (V2X)
> > > +
> > > + Communication interface to the secure-enclaves(se) is based on the
> > > + messaging unit(s).
> > > +
> > > +properties:
> > > + compatible:
> > > + enum:
> > > + - fsl,imx8ulp-se
> > > + - fsl,imx93-se
> > > + - fsl,imx95-se
> > > +
> > > + mboxes:
> > > + items:
> > > + - description: mailbox phandle to send message to se firmware
> > > + - description: mailbox phandle to receive message from se
> > > + firmware
> > > +
> > > + mbox-names:
> > > + items:
> > > + - const: tx
> > > + - const: rx
> > > +
> > > + memory-region:
> > > + maxItems: 1
> > > +
> > > + sram:
> > > + maxItems: 1
> > > +
> > > +required:
> > > + - compatible
> > > + - mboxes
> > > + - mbox-names
> > > +
> > > +allOf:
> > > + # memory-region
> > > + - if:
> > > + properties:
> > > + compatible:
> > > + contains:
> > > + enum:
> > > + - fsl,imx8ulp-se
> > > + - fsl,imx93-se
> > > + then:
> > > + required:
> > > + - memory-region
> > > + else:
> > > + properties:
> > > + memory-region: false
> > > +
> > > + # sram
> > > + - if:
> > > + properties:
> > > + compatible:
> > > + contains:
> > > + enum:
> > > + - fsl,imx8ulp-se
> > > + then:
> > > + required:
> > > + - sram
> > > +
> > > + else:
> > > + properties:
> > > + sram: false
> > > +
> > > +additionalProperties: false
> > > +
> > > +examples:
> > > + - |
> > > + senclave-firmware {
> >
> > Last revision this was "firmware", but now you've got something that appears
> > non-generic. Why did you change it?
>
> In case you missed, there was a previous email requesting your view on this change.
> Having node as "firmware {", is very generic that has wide interpretation.
> Hence, replaced firmware with "senclave-firmware".
Which I came across after reading the updated series. If you ask me for
my opinion on something, just wait til I reply to you before sending
another version.
> Why "senclave"?
> Like sram, for secure RAM, I proposed senclave for secure enclave.
>
>
> Moreover, there are plenty of examples of YAML(s), that were already committed; that are using this:
> linux_bkp$:> find Documentation/ -name "*.yaml" | xargs grep -r "\-firmware {"
Just because something got in before doesn't mean it should now.
> Documentation/devicetree/bindings/crypto/xlnx,zynqmp-aes.yaml: zynqmp_firmware: zynqmp-firmware {
> Documentation/devicetree/bindings/fpga/xlnx,zynqmp-pcap-fpga.yaml: zynqmp_firmware: zynqmp-firmware {
> Documentation/devicetree/bindings/gpio/xlnx,zynqmp-gpio-modepin.yaml: zynqmp-firmware {
> And more...
>
> If you any other suggested word to pre-fix , that narrows down this broad referenced word "firmware".
> Please suggest.
I already did:
> > The normal differentiator for multiple
> > nodes is -[0-9]*, why can't you use that, if you're worried about multiple
> > nodes?
> Thanks Conor, for the suggestion this. Will use this. Thanks.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v6 5/5] firmware: imx: adds miscdev
2024-07-22 4:51 ` [PATCH v6 5/5] firmware: imx: adds miscdev Pankaj Gupta
2024-07-22 11:37 ` [EXTERNAL] " Amit Singh Tomar
@ 2024-07-23 14:20 ` Sascha Hauer
2024-08-08 10:49 ` [EXT] " Pankaj Gupta
1 sibling, 1 reply; 23+ messages in thread
From: Sascha Hauer @ 2024-07-23 14:20 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Pengutronix Kernel Team, Fabio Estevam, Rob Herring,
linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
Hi Pankaj,
On Mon, Jul 22, 2024 at 10:21:40AM +0530, Pankaj Gupta wrote:
> +static int se_ioctl_cmd_snd_rcv_rsp_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> + struct se_ioctl_cmd_snd_rcv_rsp_info cmd_snd_rcv_rsp_info;
> + struct se_api_msg *tx_msg __free(kfree) = NULL;
> + struct se_api_msg *rx_msg __free(kfree) = NULL;
> + int err = 0;
> +
> + if (copy_from_user(&cmd_snd_rcv_rsp_info, (u8 *)arg,
> + sizeof(cmd_snd_rcv_rsp_info))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy cmd_snd_rcv_rsp_info from user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + if (cmd_snd_rcv_rsp_info.tx_buf_sz < SE_MU_HDR_SZ) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: User buffer too small(%d < %d)\n",
> + dev_ctx->miscdev.name,
> + cmd_snd_rcv_rsp_info.tx_buf_sz,
> + SE_MU_HDR_SZ);
> + err = -ENOSPC;
> + goto exit;
> + }
> +
> + rx_msg = kzalloc(cmd_snd_rcv_rsp_info.rx_buf_sz, GFP_KERNEL);
> + if (!rx_msg) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + tx_msg = memdup_user(cmd_snd_rcv_rsp_info.tx_buf,
> + cmd_snd_rcv_rsp_info.tx_buf_sz);
> + if (IS_ERR(tx_msg)) {
> + err = PTR_ERR(tx_msg);
> + goto exit;
> + }
> +
> + if (tx_msg->header.tag != priv->cmd_tag) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + guard(mutex)(&priv->se_if_cmd_lock);
> + priv->waiting_rsp_dev = dev_ctx;
> + dev_ctx->temp_resp_size = cmd_snd_rcv_rsp_info.rx_buf_sz;
> +
> + /* Device Context that is assigned to be a
> + * FW's command receiver, has pre-allocated buffer.
> + */
> + if (dev_ctx != priv->cmd_receiver_dev)
> + dev_ctx->temp_resp = rx_msg;
> +
> + err = ele_miscdev_msg_send(dev_ctx,
> + tx_msg,
> + cmd_snd_rcv_rsp_info.tx_buf_sz);
> + if (err < 0)
> + goto exit;
> +
> + cmd_snd_rcv_rsp_info.tx_buf_sz = err;
> +
> + err = ele_miscdev_msg_rcv(dev_ctx,
> + cmd_snd_rcv_rsp_info.rx_buf,
> + cmd_snd_rcv_rsp_info.rx_buf_sz);
Ok, here you now have serialized sending and receiving messages,
With this you no longer need priv->waiting_rsp_dev, dev_ctx->temp_resp
and dev_ctx->temp_resp_size. Drop these for further cleanup.
> +}
> +
> +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> + struct se_if_node_info *if_node_info;
> + struct se_ioctl_get_if_info info;
> + int err = 0;
> +
> + if_node_info = (struct se_if_node_info *)priv->info;
> +
> + info.se_if_id = if_node_info->se_if_id;
> + info.interrupt_idx = 0;
> + info.tz = 0;
> + info.did = if_node_info->se_if_did;
> + info.cmd_tag = if_node_info->cmd_tag;
> + info.rsp_tag = if_node_info->rsp_tag;
> + info.success_tag = if_node_info->success_tag;
> + info.base_api_ver = if_node_info->base_api_ver;
> + info.fw_api_ver = if_node_info->fw_api_ver;
This really shouldn't be here. You pass cmd_tag and rsp_tag to userspace
just to guide userspace how to construct a message.
This shows that the messages should be constructed in the Kernel rather
than in userspace. Just pass the message content from userspace to the
kernel and let the kernel build the message on the sender side.
> +/* IOCTL entry point of a character device */
> +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *se_if_priv = dev_ctx->priv;
> + int err = -EINVAL;
> +
> + /* Prevent race during change of device context */
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + switch (cmd) {
> + case SE_IOCTL_ENABLE_CMD_RCV:
> + if (!se_if_priv->cmd_receiver_dev) {
> + err = 0;
> + se_if_priv->cmd_receiver_dev = dev_ctx;
> + dev_ctx->temp_resp = kzalloc(MAX_NVM_MSG_LEN, GFP_KERNEL);
> + if (!dev_ctx->temp_resp)
> + err = -ENOMEM;
> + }
cmd_receiver_dev isn't locked by anything, still it can be accessed by
different userspace processes.
Besides, when already another instance is configured for receiving
commands I would expect an -EBUSY here instead of silently ignoring the
ioctl.
> + break;
> + case SE_IOCTL_GET_MU_INFO:
> + err = se_ioctl_get_mu_info(dev_ctx, arg);
> + break;
> + case SE_IOCTL_SETUP_IOBUF:
> + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> + break;
> + case SE_IOCTL_GET_SOC_INFO:
> + err = se_ioctl_get_se_soc_info_handler(dev_ctx, arg);
> + break;
> + case SE_IOCTL_CMD_SEND_RCV_RSP:
> + err = se_ioctl_cmd_snd_rcv_rsp_handler(dev_ctx, arg);
> + break;
> +
> + default:
> + err = -EINVAL;
> + dev_dbg(se_if_priv->dev,
> + "%s: IOCTL %.8x not supported\n",
> + dev_ctx->miscdev.name,
> + cmd);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return (long)err;
> +}
> +
...
> +static int init_device_context(struct se_if_priv *priv)
> +{
> + const struct se_if_node_info *info = priv->info;
> + struct se_if_device_ctx *dev_ctx;
> + u8 *devname;
> + int ret = 0;
> + int i;
> +
> + priv->ctxs = devm_kzalloc(priv->dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> + GFP_KERNEL);
> +
> + if (!priv->ctxs) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + /* Create users */
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + dev_ctx = devm_kzalloc(priv->dev, sizeof(*dev_ctx), GFP_KERNEL);
> + if (!dev_ctx) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->dev = priv->dev;
> + dev_ctx->status = SE_IF_CTX_FREE;
> + dev_ctx->priv = priv;
> +
> + priv->ctxs[i] = dev_ctx;
> +
> + /* Default value invalid for an header. */
> + init_waitqueue_head(&dev_ctx->wq);
> +
> + INIT_LIST_HEAD(&dev_ctx->pending_out);
> + INIT_LIST_HEAD(&dev_ctx->pending_in);
> + sema_init(&dev_ctx->fops_lock, 1);
> +
> + devname = devm_kasprintf(priv->dev, GFP_KERNEL, "%s_ch%d",
> + info->se_name, i);
> + if (!devname) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->miscdev.name = devname;
> + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> + dev_ctx->miscdev.fops = &se_if_fops;
> + dev_ctx->miscdev.parent = priv->dev;
> + ret = misc_register(&dev_ctx->miscdev);
> + if (ret) {
> + dev_err(priv->dev, "failed to register misc device %d\n",
> + ret);
> + return ret;
> + }
Here you register four character devices which all allow a single open.
There's no need to artificially limit the number of users. Just register
a single character device, allow it to be opened multiple times and
allocate the instance specific context as necessary in se_if_fops_open().
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v6 4/5] firmware: imx: add driver for NXP EdgeLock Enclave
2024-07-22 4:51 ` [PATCH v6 4/5] firmware: imx: add driver for NXP EdgeLock Enclave Pankaj Gupta
@ 2024-07-23 14:28 ` Sascha Hauer
0 siblings, 0 replies; 23+ messages in thread
From: Sascha Hauer @ 2024-07-23 14:28 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Pengutronix Kernel Team, Fabio Estevam, Rob Herring,
linux-doc, linux-kernel, devicetree, imx, linux-arm-kernel
On Mon, Jul 22, 2024 at 10:21:39AM +0530, Pankaj Gupta wrote:
> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> are embedded in the SoC to support the features like HSM, SHE & V2X,
> using message based communication interface.
>
> The secure enclave FW communicates on a dedicated messaging unit(MU)
> based interface(s) with application core, where kernel is running.
> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
>
> This patch adds the driver for communication interface to secure-enclave,
> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
> Enclave (ELE) from Kernel-space, used by kernel management layers like
> - DM-Crypt.
>
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
> drivers/firmware/imx/Kconfig | 12 +
> drivers/firmware/imx/Makefile | 2 +
> drivers/firmware/imx/ele_base_msg.c | 274 +++++++++++++++++++
> drivers/firmware/imx/ele_base_msg.h | 95 +++++++
> drivers/firmware/imx/ele_common.c | 264 ++++++++++++++++++
> drivers/firmware/imx/ele_common.h | 44 +++
> drivers/firmware/imx/se_ctrl.c | 528 ++++++++++++++++++++++++++++++++++++
> drivers/firmware/imx/se_ctrl.h | 87 ++++++
> include/linux/firmware/imx/se_api.h | 14 +
> 9 files changed, 1320 insertions(+)
>
> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> index 183613f82a11..0f6877a24f0b 100644
> --- a/drivers/firmware/imx/Kconfig
> +++ b/drivers/firmware/imx/Kconfig
> @@ -22,3 +22,15 @@ config IMX_SCU
>
> This driver manages the IPC interface between host CPU and the
> SCU firmware running on M4.
> +
> +config IMX_SEC_ENCLAVE
> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
> + depends on IMX_MBOX && ARCH_MXC && ARM64
> + default m if ARCH_MXC
> +
> + help
> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
> + Unit. This driver exposes these interfaces via a set of file descriptors
> + allowing to configure shared memory, send and receive messages.
> diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
> index 8f9f04a513a8..aa9033e0e9e3 100644
> --- a/drivers/firmware/imx/Makefile
> +++ b/drivers/firmware/imx/Makefile
> @@ -1,3 +1,5 @@
> # SPDX-License-Identifier: GPL-2.0
> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
> new file mode 100644
> index 000000000000..7f16184a8b10
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.c
> @@ -0,0 +1,274 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/types.h>
> +
> +#include <linux/completion.h>
> +#include <linux/dma-mapping.h>
> +#include <linux/genalloc.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +int ele_get_info(struct device *dev, struct ele_dev_info *s_info)
I still think it's a bad idea to use some arbitrary struct device * as
context pointer here. Users will be confused which device is expected
here and bad things happen in case it's the wrong one.
You should rather implement some ele_get() function which returns some
pointer to be used as a context pointer here.
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree) = NULL;
> + struct se_api_msg *rx_msg __free(kfree) = NULL;
> + int ret = 0;
> +
> + if (!priv) {
> + ret = -EINVAL;
> + goto exit;
> + }
> +
> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> +
> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> + priv->rx_msg_sz = ELE_SERVICE_SWAP_RSP_MSG_SZ;
> +
> + ret = se_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_REQ_MSG_SZ, true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = flag;
> + tx_msg->data[1] = addr_size;
> + tx_msg->data[2] = ELE_NONE_VAL;
> + tx_msg->data[3] = lower_32_bits(addr);
addr could be a 64bit address. Either handle this properly or return an
error when addr doesn't fit into 32bit.
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree) = NULL;
> + struct se_api_msg *rx_msg __free(kfree) = NULL;
> + int ret = 0;
> +
> + if (!priv) {
> + ret = -EINVAL;
> + goto exit;
> + }
> +
> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> +
> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> + priv->rx_msg_sz = ELE_FW_AUTH_RSP_MSG_SZ;
> +
> + ret = se_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_REQ_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[1] = upper_32_bits(addr);
> + tx_msg->data[0] = lower_32_bits(addr);
> + tx_msg->data[2] = addr;
Same here.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-23 14:08 ` Conor Dooley
@ 2024-07-24 11:02 ` Pankaj Gupta
2024-07-24 15:30 ` Conor Dooley
0 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-24 11:02 UTC (permalink / raw)
To: Conor Dooley
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Conor Dooley <conor@kernel.org>
> Sent: Tuesday, July 23, 2024 7:38 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> linux-arm-kernel@lists.infradead.org
> Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> binding doc
>
> On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> >
> > > -----Original Message-----
> > > From: Conor Dooley <conor@kernel.org>
> > > Sent: Monday, July 22, 2024 10:20 PM
> > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha
> Hauer
> > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > imx-se-fw binding doc
>
> Please fix this ^
>
> > >
> > > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > > > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X
> > > > etc., creates an embedded secure enclave within the SoC boundary
> > > > to enable features like:
> > > > - HSM
> > > > - SHE
> > > > - V2X
> > > >
> > > > Secure-Enclave(s) communication interface are typically via
> > > > message unit, i.e., based on mailbox linux kernel driver. This
> > > > driver enables communication ensuring well defined message
> > > > sequence protocol between Application Core and enclave's firmware.
> > > >
> > > > Driver configures multiple misc-device on the MU, for multiple
> > > > user-space applications, to be able to communicate over single MU.
> > > >
> > > > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> > > >
> > > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > ---
> > > > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91
> > > ++++++++++++++++++++++
> > > > 1 file changed, 91 insertions(+)
> > > >
> > > > diff --git
> > > > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > > new file mode 100644
> > > > index 000000000000..7511d0e9cf98
> > > > --- /dev/null
> > > > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > > @@ -0,0 +1,91 @@
> > > > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML
> > > > +1.2
> > > > +---
> > > > +$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
> > > > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > > > +
> > > > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > > > +
> > > > +maintainers:
> > > > + - Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > +
> > > > +description: |
> > > > + NXP's SoC may contain one or multiple embedded secure-enclave
> > > > +HW
> > > > + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > > > + enables features like
> > > > + - Hardware Security Module (HSM),
> > > > + - Security Hardware Extension (SHE), and
> > > > + - Vehicular to Anything (V2X)
> > > > +
> > > > + Communication interface to the secure-enclaves(se) is based on
> > > > + the messaging unit(s).
> > > > +
> > > > +properties:
> > > > + compatible:
> > > > + enum:
> > > > + - fsl,imx8ulp-se
> > > > + - fsl,imx93-se
> > > > + - fsl,imx95-se
> > > > +
> > > > + mboxes:
> > > > + items:
> > > > + - description: mailbox phandle to send message to se firmware
> > > > + - description: mailbox phandle to receive message from se
> > > > + firmware
> > > > +
> > > > + mbox-names:
> > > > + items:
> > > > + - const: tx
> > > > + - const: rx
> > > > +
> > > > + memory-region:
> > > > + maxItems: 1
> > > > +
> > > > + sram:
> > > > + maxItems: 1
> > > > +
> > > > +required:
> > > > + - compatible
> > > > + - mboxes
> > > > + - mbox-names
> > > > +
> > > > +allOf:
> > > > + # memory-region
> > > > + - if:
> > > > + properties:
> > > > + compatible:
> > > > + contains:
> > > > + enum:
> > > > + - fsl,imx8ulp-se
> > > > + - fsl,imx93-se
> > > > + then:
> > > > + required:
> > > > + - memory-region
> > > > + else:
> > > > + properties:
> > > > + memory-region: false
> > > > +
> > > > + # sram
> > > > + - if:
> > > > + properties:
> > > > + compatible:
> > > > + contains:
> > > > + enum:
> > > > + - fsl,imx8ulp-se
> > > > + then:
> > > > + required:
> > > > + - sram
> > > > +
> > > > + else:
> > > > + properties:
> > > > + sram: false
> > > > +
> > > > +additionalProperties: false
> > > > +
> > > > +examples:
> > > > + - |
> > > > + senclave-firmware {
> > >
> > > Last revision this was "firmware", but now you've got something that
> > > appears non-generic. Why did you change it?
> >
> > In case you missed, there was a previous email requesting your view on this
> change.
> > Having node as "firmware {", is very generic that has wide interpretation.
> > Hence, replaced firmware with "senclave-firmware".
>
> Which I came across after reading the updated series. If you ask me for my
> opinion on something, just wait til I reply to you before sending another
> version.
Sure, will ensure that in future.
>
> > Why "senclave"?
> > Like sram, for secure RAM, I proposed senclave for secure enclave.
> >
> >
> > Moreover, there are plenty of examples of YAML(s), that were already
> committed; that are using this:
> > linux_bkp$:> find Documentation/ -name "*.yaml" | xargs grep -r "\-
> firmware {"
>
> Just because something got in before doesn't mean it should now.
>
Ok, understood.
> > Documentation/devicetree/bindings/crypto/xlnx,zynqmp-aes.yaml:
> zynqmp_firmware: zynqmp-firmware {
> > Documentation/devicetree/bindings/fpga/xlnx,zynqmp-pcap-fpga.yaml:
> zynqmp_firmware: zynqmp-firmware {
> > Documentation/devicetree/bindings/gpio/xlnx,zynqmp-gpio-modepin.yaml:
> zynqmp-firmware {
> > And more...
> >
> > If you any other suggested word to pre-fix , that narrows down this broad
> referenced word "firmware".
>
> > Please suggest.
>
> I already did:
In case of imx8ulp, there is a single node.
Having a same node name for both parent and child, is bit strange.
firmware {
firmware {
};
};
Request you to allow to re-evaluate this point.
Thanks.
> > > The normal differentiator for multiple nodes is -[0-9]*, why can't
> > > you use that, if you're worried about multiple nodes?
> > Thanks Conor, for the suggestion this. Will use this. Thanks.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-24 11:02 ` Pankaj Gupta
@ 2024-07-24 15:30 ` Conor Dooley
2024-07-25 7:06 ` Pankaj Gupta
0 siblings, 1 reply; 23+ messages in thread
From: Conor Dooley @ 2024-07-24 15:30 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
[-- Attachment #1: Type: text/plain, Size: 2262 bytes --]
On Wed, Jul 24, 2024 at 11:02:21AM +0000, Pankaj Gupta wrote:
>
>
> > -----Original Message-----
> > From: Conor Dooley <conor@kernel.org>
> > Sent: Tuesday, July 23, 2024 7:38 PM
> > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> > linux-arm-kernel@lists.infradead.org
> > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> > binding doc
Please fix this ^
> > On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> > >
> > > > -----Original Message-----
> > > > From: Conor Dooley <conor@kernel.org>
> > > > Sent: Monday, July 22, 2024 10:20 PM
> > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > > > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > > > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha
> > Hauer
> > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > imx-se-fw binding doc
> >
> > Please fix this ^
> >
> > > >
> > > > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> In case of imx8ulp, there is a single node.
> Having a same node name for both parent and child, is bit strange.
> firmware {
> firmware {
> };
> };
>
> Request you to allow to re-evaluate this point.
I dunno, it's all firmware so I don't really get why it is so strange!
Can you remind me again why it is inside a parent node to begin with?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-24 15:30 ` Conor Dooley
@ 2024-07-25 7:06 ` Pankaj Gupta
2024-07-25 14:39 ` Conor Dooley
0 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-25 7:06 UTC (permalink / raw)
To: Conor Dooley
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Conor Dooley <conor@kernel.org>
> Sent: Wednesday, July 24, 2024 9:00 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> linux-arm-kernel@lists.infradead.org
> Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> binding doc
>
> On Wed, Jul 24, 2024 at 11:02:21AM +0000, Pankaj Gupta wrote:
> >
> >
> > > -----Original Message-----
> > > From: Conor Dooley <conor@kernel.org>
> > > Sent: Tuesday, July 23, 2024 7:38 PM
> > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha
> Hauer
> > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > imx-se-fw binding doc
>
> Please fix this ^
>
> > > On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> > > >
> > > > > -----Original Message-----
> > > > > From: Conor Dooley <conor@kernel.org>
> > > > > Sent: Monday, July 22, 2024 10:20 PM
> > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>;
> > > > > Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> > > > > <shawnguo@kernel.org>; Sascha
> > > Hauer
> > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > > imx-se-fw binding doc
> > >
> > > Please fix this ^
> > >
> > > > >
> > > > > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > In case of imx8ulp, there is a single node.
> > Having a same node name for both parent and child, is bit strange.
> > firmware {
> > firmware {
> > };
> > };
> >
> > Request you to allow to re-evaluate this point.
>
> I dunno, it's all firmware so I don't really get why it is so strange!
> Can you remind me again why it is inside a parent node to begin with?
Three type of security firmware(s): HSM, V2X-SHE, V2X-HSM, are running at the cores dedicated to the each different secure-enclave hardware IP(s).
Each firmware receives the message to act and response back with the completed act.
This message exchanges happens through the Message-Unit hardware interface.
There could be multiple MU for multiple security firmware, that would be used for respective message exchanges.
This node defines the details of each such MU interface.
Reason to put under firmware:
Since this node specifies interface details between kernel and firmware, it was put under parent "firmware {".
I am not sure if this reason is correct enough to begin with.
Thanks for allowing to revisit.
I will make the change to whatever you finalize now. Thanks.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-25 7:06 ` Pankaj Gupta
@ 2024-07-25 14:39 ` Conor Dooley
2024-07-26 12:35 ` Pankaj Gupta
0 siblings, 1 reply; 23+ messages in thread
From: Conor Dooley @ 2024-07-25 14:39 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
[-- Attachment #1: Type: text/plain, Size: 4409 bytes --]
On Thu, Jul 25, 2024 at 07:06:30AM +0000, Pankaj Gupta wrote:
>
>
> > -----Original Message-----
> > From: Conor Dooley <conor@kernel.org>
> > Sent: Wednesday, July 24, 2024 9:00 PM
> > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> > linux-arm-kernel@lists.infradead.org
> > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> > binding doc
For the third time, please fix your mail client so it stops inserting
this garbage.
> >
> > On Wed, Jul 24, 2024 at 11:02:21AM +0000, Pankaj Gupta wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Conor Dooley <conor@kernel.org>
> > > > Sent: Tuesday, July 23, 2024 7:38 PM
> > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > > > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > > > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha
> > Hauer
> > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > imx-se-fw binding doc
> >
> > Please fix this ^
> >
> > > > On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Conor Dooley <conor@kernel.org>
> > > > > > Sent: Monday, July 22, 2024 10:20 PM
> > > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>;
> > > > > > Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> > > > > > <shawnguo@kernel.org>; Sascha
> > > > Hauer
> > > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > > > imx-se-fw binding doc
> > > >
> > > > Please fix this ^
> > > >
> > > > > >
> > > > > > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > > In case of imx8ulp, there is a single node.
> > > Having a same node name for both parent and child, is bit strange.
> > > firmware {
> > > firmware {
> > > };
> > > };
> > >
> > > Request you to allow to re-evaluate this point.
> >
> > I dunno, it's all firmware so I don't really get why it is so strange!
> > Can you remind me again why it is inside a parent node to begin with?
>
> Three type of security firmware(s): HSM, V2X-SHE, V2X-HSM, are running at the cores dedicated to the each different secure-enclave hardware IP(s).
> Each firmware receives the message to act and response back with the completed act.
> This message exchanges happens through the Message-Unit hardware interface.
> There could be multiple MU for multiple security firmware, that would be used for respective message exchanges.
>
> This node defines the details of each such MU interface.
>
> Reason to put under firmware:
> Since this node specifies interface details between kernel and firmware, it was put under parent "firmware {".
> I am not sure if this reason is correct enough to begin with.
>
> Thanks for allowing to revisit.
>
> I will make the change to whatever you finalize now. Thanks.
I'm sorry, I still don't understand why you have the parent node. It
seems pointless to me, and this new node could be added at the top
level.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-25 14:39 ` Conor Dooley
@ 2024-07-26 12:35 ` Pankaj Gupta
2024-08-01 8:52 ` Pankaj Gupta
0 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-07-26 12:35 UTC (permalink / raw)
To: Conor Dooley
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Conor Dooley <conor@kernel.org>
> Sent: Thursday, July 25, 2024 8:09 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> linux-arm-kernel@lists.infradead.org
> Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> binding doc
>
> On Thu, Jul 25, 2024 at 07:06:30AM +0000, Pankaj Gupta wrote:
> >
> >
> > > -----Original Message-----
> > > From: Conor Dooley <conor@kernel.org>
> > > Sent: Wednesday, July 24, 2024 9:00 PM
> > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha
> Hauer
> > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > imx-se-fw binding doc
>
> For the third time, please fix your mail client so it stops inserting this garbage.
>
> > >
> > > On Wed, Jul 24, 2024 at 11:02:21AM +0000, Pankaj Gupta wrote:
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Conor Dooley <conor@kernel.org>
> > > > > Sent: Tuesday, July 23, 2024 7:38 PM
> > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>;
> > > > > Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> > > > > <shawnguo@kernel.org>; Sascha
> > > Hauer
> > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>;
> Rob
> > > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > > imx-se-fw binding doc
> > >
> > > Please fix this ^
> > >
> > > > > On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Conor Dooley <conor@kernel.org>
> > > > > > > Sent: Monday, July 22, 2024 10:20 PM
> > > > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>;
> > > > > > > Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> > > > > > > <shawnguo@kernel.org>; Sascha
> > > > > Hauer
> > > > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>;
> > > > > > > Rob Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org;
> > > > > > > linux- kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > > > > imx-se-fw binding doc
> > > > >
> > > > > Please fix this ^
> > > > >
> > > > > > >
> > > > > > > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > > > In case of imx8ulp, there is a single node.
> > > > Having a same node name for both parent and child, is bit strange.
> > > > firmware {
> > > > firmware {
> > > > };
> > > > };
> > > >
> > > > Request you to allow to re-evaluate this point.
> > >
> > > I dunno, it's all firmware so I don't really get why it is so strange!
> > > Can you remind me again why it is inside a parent node to begin with?
> >
> > Three type of security firmware(s): HSM, V2X-SHE, V2X-HSM, are running at
> the cores dedicated to the each different secure-enclave hardware IP(s).
> > Each firmware receives the message to act and response back with the
> completed act.
> > This message exchanges happens through the Message-Unit hardware
> interface.
> > There could be multiple MU for multiple security firmware, that would be
> used for respective message exchanges.
> >
> > This node defines the details of each such MU interface.
> >
> > Reason to put under firmware:
> > Since this node specifies interface details between kernel and
> firmware, it was put under parent "firmware {".
> > I am not sure if this reason is correct enough to begin with.
> >
> > Thanks for allowing to revisit.
> >
> > I will make the change to whatever you finalize now. Thanks.
>
> I'm sorry, I still don't understand why you have the parent node. It seems
> pointless to me, and this new node could be added at the top level.
Lately, I got this feedback in NXP internal as well.
Accepted. Will add it at the top level.
Thanks.
Help with the suggestion for the node name:
1. enclave-interface
For multiple nodes, it will be:
enclave-interface-0
enclave-interface-1
enclave-interface-2
2. secure-enclave
For multiple nodes, it will be:
secure-enclave-0
secure-enclave-1
secure-enclave-3
Or share any other suggested word(s).
Thanks.
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-07-26 12:35 ` Pankaj Gupta
@ 2024-08-01 8:52 ` Pankaj Gupta
2024-08-01 15:17 ` Conor Dooley
0 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-08-01 8:52 UTC (permalink / raw)
To: Conor Dooley, Jonathan Corbet, Rob Herring, Krzysztof Kozlowski,
Conor Dooley, Shawn Guo, Sascha Hauer, Pengutronix Kernel Team,
Fabio Estevam, Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Pankaj Gupta
> Sent: Friday, July 26, 2024 6:06 PM
> To: Conor Dooley <conor@kernel.org>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> linux-arm-kernel@lists.infradead.org
> Subject: RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> binding doc
>
>
>
> > -----Original Message-----
> > From: Conor Dooley <conor@kernel.org>
> > Sent: Thursday, July 25, 2024 8:09 PM
> > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > imx-se-fw binding doc
> >
> > On Thu, Jul 25, 2024 at 07:06:30AM +0000, Pankaj Gupta wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Conor Dooley <conor@kernel.org>
> > > > Sent: Wednesday, July 24, 2024 9:00 PM
> > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor
> > > > Dooley <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>;
> > > > Sascha
> > Hauer
> > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > imx-se-fw binding doc
> >
> > For the third time, please fix your mail client so it stops inserting this garbage.
> >
> > > >
> > > > On Wed, Jul 24, 2024 at 11:02:21AM +0000, Pankaj Gupta wrote:
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Conor Dooley <conor@kernel.org>
> > > > > > Sent: Tuesday, July 23, 2024 7:38 PM
> > > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>;
> > > > > > Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> > > > > > <shawnguo@kernel.org>; Sascha
> > > > Hauer
> > > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>;
> > Rob
> > > > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org;
> > > > > > linux- kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl:
> > > > > > add imx-se-fw binding doc
> > > >
> > > > Please fix this ^
> > > >
> > > > > > On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Conor Dooley <conor@kernel.org>
> > > > > > > > Sent: Monday, July 22, 2024 10:20 PM
> > > > > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > > > > <robh@kernel.org>; Krzysztof Kozlowski
> > > > > > > > <krzk+dt@kernel.org>; Conor Dooley <conor+dt@kernel.org>;
> > > > > > > > Shawn Guo <shawnguo@kernel.org>; Sascha
> > > > > > Hauer
> > > > > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > > > > <kernel@pengutronix.de>; Fabio Estevam
> > > > > > > > <festevam@gmail.com>; Rob Herring <robh+dt@kernel.org>;
> > > > > > > > linux-doc@vger.kernel.org;
> > > > > > > > linux- kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > > > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl:
> > > > > > > > add imx-se-fw binding doc
> > > > > >
> > > > > > Please fix this ^
> > > > > >
> > > > > > > >
> > > > > > > > On Mon, Jul 22, 2024 at 10:21:37AM +0530, Pankaj Gupta wrote:
> > > > > In case of imx8ulp, there is a single node.
> > > > > Having a same node name for both parent and child, is bit strange.
> > > > > firmware {
> > > > > firmware {
> > > > > };
> > > > > };
> > > > >
> > > > > Request you to allow to re-evaluate this point.
> > > >
> > > > I dunno, it's all firmware so I don't really get why it is so strange!
> > > > Can you remind me again why it is inside a parent node to begin with?
> > >
> > > Three type of security firmware(s): HSM, V2X-SHE, V2X-HSM, are
> > > running at
> > the cores dedicated to the each different secure-enclave hardware IP(s).
> > > Each firmware receives the message to act and response back with the
> > completed act.
> > > This message exchanges happens through the Message-Unit hardware
> > interface.
> > > There could be multiple MU for multiple security firmware, that
> > > would be
> > used for respective message exchanges.
> > >
> > > This node defines the details of each such MU interface.
> > >
> > > Reason to put under firmware:
> > > Since this node specifies interface details between kernel and
> > firmware, it was put under parent "firmware {".
> > > I am not sure if this reason is correct enough to begin with.
> > >
> > > Thanks for allowing to revisit.
> > >
> > > I will make the change to whatever you finalize now. Thanks.
> >
> > I'm sorry, I still don't understand why you have the parent node. It
> > seems pointless to me, and this new node could be added at the top level.
> Lately, I got this feedback in NXP internal as well.
>
> Accepted. Will add it at the top level.
> Thanks.
>
> Help with the suggestion for the node name:
> 1. enclave-interface
> For multiple nodes, it will be:
> enclave-interface-0
> enclave-interface-1
> enclave-interface-2
> 2. secure-enclave
> For multiple nodes, it will be:
> secure-enclave-0
> secure-enclave-1
> secure-enclave-3
>
> Or share any other suggested word(s).
> Thanks.
Will use "secure-enclave" as the node name, in the v7 patch.
Will post the V7 patch-set, by end of the next week.
Please reply if anyone think otherwise.
Thanks.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc
2024-08-01 8:52 ` Pankaj Gupta
@ 2024-08-01 15:17 ` Conor Dooley
0 siblings, 0 replies; 23+ messages in thread
From: Conor Dooley @ 2024-08-01 15:17 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Rob Herring, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org
[-- Attachment #1: Type: text/plain, Size: 5508 bytes --]
On Thu, Aug 01, 2024 at 08:52:48AM +0000, Pankaj Gupta wrote:
>
>
> > -----Original Message-----
> > From: Pankaj Gupta
> > Sent: Friday, July 26, 2024 6:06 PM
> > To: Conor Dooley <conor@kernel.org>
> > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > kernel@vger.kernel.org; devicetree@vger.kernel.org; imx@lists.linux.dev;
> > linux-arm-kernel@lists.infradead.org
> > Subject: RE: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw
> > binding doc
Every single mail I am pointing out your broken mail client, and every
single time you both ignore me and fail to fix it. Fix it.
> > > -----Original Message-----
> > > From: Conor Dooley <conor@kernel.org>
> > > Sent: Thursday, July 25, 2024 8:09 PM
> > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> > > Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> > > <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Sascha Hauer
> > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > imx-se-fw binding doc
> > >
> > > On Thu, Jul 25, 2024 at 07:06:30AM +0000, Pankaj Gupta wrote:
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Conor Dooley <conor@kernel.org>
> > > > > Sent: Wednesday, July 24, 2024 9:00 PM
> > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor
> > > > > Dooley <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>;
> > > > > Sascha
> > > Hauer
> > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>; Rob
> > > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org; linux-
> > > > > kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl: add
> > > > > imx-se-fw binding doc
> > >
> > > For the third time, please fix your mail client so it stops inserting this garbage.
> > >
> > > > >
> > > > > On Wed, Jul 24, 2024 at 11:02:21AM +0000, Pankaj Gupta wrote:
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Conor Dooley <conor@kernel.org>
> > > > > > > Sent: Tuesday, July 23, 2024 7:38 PM
> > > > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > > > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>;
> > > > > > > Conor Dooley <conor+dt@kernel.org>; Shawn Guo
> > > > > > > <shawnguo@kernel.org>; Sascha
> > > > > Hauer
> > > > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > > > <kernel@pengutronix.de>; Fabio Estevam <festevam@gmail.com>;
> > > Rob
> > > > > > > Herring <robh+dt@kernel.org>; linux-doc@vger.kernel.org;
> > > > > > > linux- kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > > > Subject: Re: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl:
> > > > > > > add imx-se-fw binding doc
> > > > >
> > > > > Please fix this ^
> > > > >
> > > > > > > On Tue, Jul 23, 2024 at 09:28:31AM +0000, Pankaj Gupta wrote:
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: Conor Dooley <conor@kernel.org>
> > > > > > > > > Sent: Monday, July 22, 2024 10:20 PM
> > > > > > > > > To: Pankaj Gupta <pankaj.gupta@nxp.com>
> > > > > > > > > Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring
> > > > > > > > > <robh@kernel.org>; Krzysztof Kozlowski
> > > > > > > > > <krzk+dt@kernel.org>; Conor Dooley <conor+dt@kernel.org>;
> > > > > > > > > Shawn Guo <shawnguo@kernel.org>; Sascha
> > > > > > > Hauer
> > > > > > > > > <s.hauer@pengutronix.de>; Pengutronix Kernel Team
> > > > > > > > > <kernel@pengutronix.de>; Fabio Estevam
> > > > > > > > > <festevam@gmail.com>; Rob Herring <robh+dt@kernel.org>;
> > > > > > > > > linux-doc@vger.kernel.org;
> > > > > > > > > linux- kernel@vger.kernel.org; devicetree@vger.kernel.org;
> > > > > > > > > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org
> > > > > > > > > Subject: [EXT] Re: [PATCH v6 2/5] dt-bindings: arm: fsl:
> > > > > > > > > add imx-se-fw binding doc
> > > > > > >
> > > > > > > Please fix this ^
> Will use "secure-enclave" as the node name, in the v7 patch.
> Will post the V7 patch-set, by end of the next week.
>
> Please reply if anyone think otherwise.
Sure, go for it :+1: And please actually read the comments I have left
on every mail about your mail client being broken. I don't want to see
20 lines of to and cc lists on every response :(
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 5/5] firmware: imx: adds miscdev
2024-07-23 14:20 ` Sascha Hauer
@ 2024-08-08 10:49 ` Pankaj Gupta
2024-08-09 7:09 ` Sascha Hauer
0 siblings, 1 reply; 23+ messages in thread
From: Pankaj Gupta @ 2024-08-08 10:49 UTC (permalink / raw)
To: Sascha Hauer
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Pengutronix Kernel Team, Fabio Estevam, Rob Herring,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org
> -----Original Message-----
> From: Sascha Hauer <s.hauer@pengutronix.de>
> Sent: Tuesday, July 23, 2024 7:51 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Pengutronix
> Kernel Team <kernel@pengutronix.de>; Fabio Estevam
> <festevam@gmail.com>; Rob Herring <robh+dt@kernel.org>; linux-
> doc@vger.kernel.org; linux-kernel@vger.kernel.org;
> devicetree@vger.kernel.org; imx@lists.linux.dev; linux-arm-
> kernel@lists.infradead.org
> Subject: [EXT] Re: [PATCH v6 5/5] firmware: imx: adds miscdev
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> Hi Pankaj,
>
> On Mon, Jul 22, 2024 at 10:21:40AM +0530, Pankaj Gupta wrote:
> > +static int se_ioctl_cmd_snd_rcv_rsp_handler(struct se_if_device_ctx
> *dev_ctx,
> > + u64 arg) {
> > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > + struct se_ioctl_cmd_snd_rcv_rsp_info cmd_snd_rcv_rsp_info;
> > + struct se_api_msg *tx_msg __free(kfree) = NULL;
> > + struct se_api_msg *rx_msg __free(kfree) = NULL;
> > + int err = 0;
> > +
> > + if (copy_from_user(&cmd_snd_rcv_rsp_info, (u8 *)arg,
> > + sizeof(cmd_snd_rcv_rsp_info))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy cmd_snd_rcv_rsp_info from user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + if (cmd_snd_rcv_rsp_info.tx_buf_sz < SE_MU_HDR_SZ) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: User buffer too small(%d < %d)\n",
> > + dev_ctx->miscdev.name,
> > + cmd_snd_rcv_rsp_info.tx_buf_sz,
> > + SE_MU_HDR_SZ);
> > + err = -ENOSPC;
> > + goto exit;
> > + }
> > +
> > + rx_msg = kzalloc(cmd_snd_rcv_rsp_info.rx_buf_sz, GFP_KERNEL);
> > + if (!rx_msg) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + tx_msg = memdup_user(cmd_snd_rcv_rsp_info.tx_buf,
> > + cmd_snd_rcv_rsp_info.tx_buf_sz);
> > + if (IS_ERR(tx_msg)) {
> > + err = PTR_ERR(tx_msg);
> > + goto exit;
> > + }
> > +
> > + if (tx_msg->header.tag != priv->cmd_tag) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + guard(mutex)(&priv->se_if_cmd_lock);
> > + priv->waiting_rsp_dev = dev_ctx;
> > + dev_ctx->temp_resp_size = cmd_snd_rcv_rsp_info.rx_buf_sz;
> > +
> > + /* Device Context that is assigned to be a
> > + * FW's command receiver, has pre-allocated buffer.
> > + */
> > + if (dev_ctx != priv->cmd_receiver_dev)
> > + dev_ctx->temp_resp = rx_msg;
> > +
> > + err = ele_miscdev_msg_send(dev_ctx,
> > + tx_msg,
> > + cmd_snd_rcv_rsp_info.tx_buf_sz);
> > + if (err < 0)
> > + goto exit;
> > +
> > + cmd_snd_rcv_rsp_info.tx_buf_sz = err;
> > +
> > + err = ele_miscdev_msg_rcv(dev_ctx,
> > + cmd_snd_rcv_rsp_info.rx_buf,
> > + cmd_snd_rcv_rsp_info.rx_buf_sz);
>
> Ok, here you now have serialized sending and receiving messages,
>
> With this you no longer need priv->waiting_rsp_dev, dev_ctx->temp_resp and
> dev_ctx->temp_resp_size. Drop these for further cleanup.
It is very much needed.
- priv->waiting_rsp_dev, help identify in the callback function that:
- the message is targeted for dev_ctx(user space) or dev(kernel space).
- the message is targeted for for which dev_ctx.
- dev_ctx->temp_resp, this buffer pointer is needed, to receive the message received in call back.
- dev_ctx->temp_resp_size, is needed to compare the size of in-coming message.
All the three are needed in callback function.
>
> > +}
> > +
> > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > + u64 arg) {
> > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > + struct se_if_node_info *if_node_info;
> > + struct se_ioctl_get_if_info info;
> > + int err = 0;
> > +
> > + if_node_info = (struct se_if_node_info *)priv->info;
> > +
> > + info.se_if_id = if_node_info->se_if_id;
> > + info.interrupt_idx = 0;
> > + info.tz = 0;
> > + info.did = if_node_info->se_if_did;
> > + info.cmd_tag = if_node_info->cmd_tag;
> > + info.rsp_tag = if_node_info->rsp_tag;
> > + info.success_tag = if_node_info->success_tag;
> > + info.base_api_ver = if_node_info->base_api_ver;
> > + info.fw_api_ver = if_node_info->fw_api_ver;
>
> This really shouldn't be here. You pass cmd_tag and rsp_tag to userspace just
> to guide userspace how to construct a message.
>
> This shows that the messages should be constructed in the Kernel rather than
> in userspace. Just pass the message content from userspace to the kernel and
> let the kernel build the message on the sender side.
This will help collecting user-space application logs, with correct tags.
This is already used by the customers, for debug.
>
> > +/* IOCTL entry point of a character device */ static long
> > +se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg) {
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *se_if_priv = dev_ctx->priv;
> > + int err = -EINVAL;
> > +
> > + /* Prevent race during change of device context */
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + switch (cmd) {
> > + case SE_IOCTL_ENABLE_CMD_RCV:
> > + if (!se_if_priv->cmd_receiver_dev) {
> > + err = 0;
> > + se_if_priv->cmd_receiver_dev = dev_ctx;
> > + dev_ctx->temp_resp = kzalloc(MAX_NVM_MSG_LEN,
> GFP_KERNEL);
> > + if (!dev_ctx->temp_resp)
> > + err = -ENOMEM;
> > + }
>
> cmd_receiver_dev isn't locked by anything, still it can be accessed by different
> userspace processes.
It is not accessed by different Userspace processes. It is a slave to FW.
FW interacts with it when FW receive a command to do any action, from userspace.
Hence, it will be executed under command-lock.
>
> Besides, when already another instance is configured for receiving commands I
> would expect an -EBUSY here instead of silently ignoring the ioctl.
Ok. Accepted.
>
> > + break;
> > + case SE_IOCTL_GET_MU_INFO:
> > + err = se_ioctl_get_mu_info(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_SETUP_IOBUF:
> > + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_GET_SOC_INFO:
> > + err = se_ioctl_get_se_soc_info_handler(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_CMD_SEND_RCV_RSP:
> > + err = se_ioctl_cmd_snd_rcv_rsp_handler(dev_ctx, arg);
> > + break;
> > +
> > + default:
> > + err = -EINVAL;
> > + dev_dbg(se_if_priv->dev,
> > + "%s: IOCTL %.8x not supported\n",
> > + dev_ctx->miscdev.name,
> > + cmd);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return (long)err;
> > +}
> > +
>
> ...
>
> > +static int init_device_context(struct se_if_priv *priv) {
> > + const struct se_if_node_info *info = priv->info;
> > + struct se_if_device_ctx *dev_ctx;
> > + u8 *devname;
> > + int ret = 0;
> > + int i;
> > +
> > + priv->ctxs = devm_kzalloc(priv->dev, sizeof(dev_ctx) * priv-
> >max_dev_ctx,
> > + GFP_KERNEL);
> > +
> > + if (!priv->ctxs) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + /* Create users */
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + dev_ctx = devm_kzalloc(priv->dev, sizeof(*dev_ctx), GFP_KERNEL);
> > + if (!dev_ctx) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->dev = priv->dev;
> > + dev_ctx->status = SE_IF_CTX_FREE;
> > + dev_ctx->priv = priv;
> > +
> > + priv->ctxs[i] = dev_ctx;
> > +
> > + /* Default value invalid for an header. */
> > + init_waitqueue_head(&dev_ctx->wq);
> > +
> > + INIT_LIST_HEAD(&dev_ctx->pending_out);
> > + INIT_LIST_HEAD(&dev_ctx->pending_in);
> > + sema_init(&dev_ctx->fops_lock, 1);
> > +
> > + devname = devm_kasprintf(priv->dev, GFP_KERNEL, "%s_ch%d",
> > + info->se_name, i);
> > + if (!devname) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->miscdev.name = devname;
> > + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> > + dev_ctx->miscdev.fops = &se_if_fops;
> > + dev_ctx->miscdev.parent = priv->dev;
> > + ret = misc_register(&dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(priv->dev, "failed to register misc device %d\n",
> > + ret);
> > + return ret;
> > + }
>
> Here you register four character devices which all allow a single open.
>
> There's no need to artificially limit the number of users. Just register a single
> character device, allow it to be opened multiple times and allocate the instance
> specific context as necessary in se_if_fops_open().
Accepted.
>
> Sascha
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 |
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
> pengutronix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5bb7
> 0a0c3bcb437e2e3808dcab229d77%7C686ea1d3bc2b4c6fa92cd99c5c3016
> 35%7C0%7C0%7C638573412358069325%7CUnknown%7CTWFpbGZsb3d8
> eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> D%7C0%7C%7C%7C&sdata=97GKp2ydNvQz0oOwGp0dM3eez3L8IAE1sOqC
> 3bhAxd8%3D&reserved=0 |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [EXT] Re: [PATCH v6 5/5] firmware: imx: adds miscdev
2024-08-08 10:49 ` [EXT] " Pankaj Gupta
@ 2024-08-09 7:09 ` Sascha Hauer
[not found] ` <AM9PR04MB8604068373E25AAA99641F0895BA2@AM9PR04MB8604.eurprd04.prod.outlook.com>
0 siblings, 1 reply; 23+ messages in thread
From: Sascha Hauer @ 2024-08-09 7:09 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Pengutronix Kernel Team, Fabio Estevam, Rob Herring,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org
On Thu, Aug 08, 2024 at 10:49:33AM +0000, Pankaj Gupta wrote:
> > > + if (tx_msg->header.tag != priv->cmd_tag) {
> > > + err = -EINVAL;
> > > + goto exit;
> > > + }
> > > +
> > > + guard(mutex)(&priv->se_if_cmd_lock);
> > > + priv->waiting_rsp_dev = dev_ctx;
> > > + dev_ctx->temp_resp_size = cmd_snd_rcv_rsp_info.rx_buf_sz;
> > > +
> > > + /* Device Context that is assigned to be a
> > > + * FW's command receiver, has pre-allocated buffer.
> > > + */
> > > + if (dev_ctx != priv->cmd_receiver_dev)
> > > + dev_ctx->temp_resp = rx_msg;
> > > +
> > > + err = ele_miscdev_msg_send(dev_ctx,
> > > + tx_msg,
> > > + cmd_snd_rcv_rsp_info.tx_buf_sz);
> > > + if (err < 0)
> > > + goto exit;
> > > +
> > > + cmd_snd_rcv_rsp_info.tx_buf_sz = err;
> > > +
> > > + err = ele_miscdev_msg_rcv(dev_ctx,
> > > + cmd_snd_rcv_rsp_info.rx_buf,
> > > + cmd_snd_rcv_rsp_info.rx_buf_sz);
> >
> > Ok, here you now have serialized sending and receiving messages,
> >
> > With this you no longer need priv->waiting_rsp_dev, dev_ctx->temp_resp and
> > dev_ctx->temp_resp_size. Drop these for further cleanup.
>
> It is very much needed.
> - priv->waiting_rsp_dev, help identify in the callback function that:
> - the message is targeted for dev_ctx(user space) or dev(kernel space).
> - the message is targeted for for which dev_ctx.
> - dev_ctx->temp_resp, this buffer pointer is needed, to receive the message received in call back.
> - dev_ctx->temp_resp_size, is needed to compare the size of in-coming message.
>
> All the three are needed in callback function.
I think you should throw away ele_miscdev_msg_send() and
ele_miscdev_msg_rcv() and instead use ele_msg_send_rcv() instead.
This driver contains a whole lot of unneeded complexity up to the point
where it's not clear what this driver is actually trying to archieve.
Please let's do a step back and try to find out the actual usecases.
What I have found out so far is:
1) We can send one message to the ELE and each message is expected to get
one response from the ELE.
2) We are not allowed to send another message to the ELE while there is a
message in flight that hasn't got a response.
3) Both Kernel and userspace shall be able to send commands and receive
its responses.
4) The ELE is able to send a command itself. Is this true? Does this
command need a response? Can we continue sending commands to the ELE
while the ELE waits for the response to the command?
1) and 2) is covered by ele_msg_send_rcv(). 3) is covered by
ele_msg_send_rcv() as well, it can be called directly by kernel
code or via an ioctl from userspace.
4) is the most unclear point for me, but 1) 2) and 3) seems straight
forward and should be solvable with significantly reduced code size.
Am I missing any features that you need as well?
>
> >
> > > +}
> > > +
> > > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > > + u64 arg) {
> > > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > > + struct se_if_node_info *if_node_info;
> > > + struct se_ioctl_get_if_info info;
> > > + int err = 0;
> > > +
> > > + if_node_info = (struct se_if_node_info *)priv->info;
> > > +
> > > + info.se_if_id = if_node_info->se_if_id;
> > > + info.interrupt_idx = 0;
> > > + info.tz = 0;
> > > + info.did = if_node_info->se_if_did;
> > > + info.cmd_tag = if_node_info->cmd_tag;
> > > + info.rsp_tag = if_node_info->rsp_tag;
> > > + info.success_tag = if_node_info->success_tag;
> > > + info.base_api_ver = if_node_info->base_api_ver;
> > > + info.fw_api_ver = if_node_info->fw_api_ver;
> >
> > This really shouldn't be here. You pass cmd_tag and rsp_tag to userspace just
> > to guide userspace how to construct a message.
> >
> > This shows that the messages should be constructed in the Kernel rather than
> > in userspace. Just pass the message content from userspace to the kernel and
> > let the kernel build the message on the sender side.
>
> This will help collecting user-space application logs, with correct tags.
> This is already used by the customers, for debug.
I don't bother that you provide this information to userspace. My point
is that it shouldn't be needed by userspace to assemble the packets that
are sent back to the kernel.
Really the packet encapsulation should be done in the kernel and
userspace shouldn't be bothered with it.
>
> >
> > > +/* IOCTL entry point of a character device */ static long
> > > +se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg) {
> > > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > > + struct se_if_device_ctx,
> > > + miscdev);
> > > + struct se_if_priv *se_if_priv = dev_ctx->priv;
> > > + int err = -EINVAL;
> > > +
> > > + /* Prevent race during change of device context */
> > > + if (down_interruptible(&dev_ctx->fops_lock))
> > > + return -EBUSY;
> > > +
> > > + switch (cmd) {
> > > + case SE_IOCTL_ENABLE_CMD_RCV:
> > > + if (!se_if_priv->cmd_receiver_dev) {
> > > + err = 0;
> > > + se_if_priv->cmd_receiver_dev = dev_ctx;
> > > + dev_ctx->temp_resp = kzalloc(MAX_NVM_MSG_LEN,
> > GFP_KERNEL);
> > > + if (!dev_ctx->temp_resp)
> > > + err = -ENOMEM;
> > > + }
> >
> > cmd_receiver_dev isn't locked by anything, still it can be accessed by different
> > userspace processes.
>
> It is not accessed by different Userspace processes. It is a slave to FW.
> FW interacts with it when FW receive a command to do any action, from userspace.
> Hence, it will be executed under command-lock.
When two userspace programs have a device instance open, then nothing
prevents them from calling this ioctl at the same time. You do a
if (!se_if_priv->cmd_receiver_dev)
se_if_priv->cmd_receiver_dev = dev_ctx;
which is executed by two threads simultaneously. It's one of the most
classic scenarios that need locking.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 23+ messages in thread
* RE: [EXT] Re: [PATCH v6 5/5] firmware: imx: adds miscdev
[not found] ` <AM9PR04MB8604068373E25AAA99641F0895BA2@AM9PR04MB8604.eurprd04.prod.outlook.com>
@ 2024-08-16 11:02 ` Pankaj Gupta
0 siblings, 0 replies; 23+ messages in thread
From: Pankaj Gupta @ 2024-08-16 11:02 UTC (permalink / raw)
To: Sascha Hauer
Cc: Jonathan Corbet, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Shawn Guo, Pengutronix Kernel Team, Fabio Estevam, Rob Herring,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org
Hi Sascha,
Thanks for the detail review.
Please find the comments in-line.
In our last one to one discussion, there is a specific input to have a common function "ele_msg_send_rcv( prv, tx_msg, rx_msg)" for:
- Userspace IOCTL
- Kernel message exchange.
As discussed, will try to get back to you with my analysis over it.
Thanks.
Pankaj
> -----Original Message-----
> From: Sascha Hauer <s.hauer@pengutronix.de>
> Sent: Friday, August 9, 2024 12:40 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Jonathan Corbet <corbet@lwn.net>; Rob Herring <robh@kernel.org>;
> Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley
> <conor+dt@kernel.org>; Shawn Guo <shawnguo@kernel.org>; Pengutronix
> Kernel Team <kernel@pengutronix.de>; Fabio Estevam
> <festevam@gmail.com>; Rob Herring <robh+dt@kernel.org>; linux-
> doc@vger.kernel.org; linux-kernel@vger.kernel.org;
> devicetree@vger.kernel.org; imx@lists.linux.dev; linux-arm-
> kernel@lists.infradead.org
> Subject: Re: [EXT] Re: [PATCH v6 5/5] firmware: imx: adds miscdev
>
> Caution: This is an external email. Please take care when clicking
> links or opening attachments. When in doubt, report the message using
> the 'Report this email' button
>
>
> On Thu, Aug 08, 2024 at 10:49:33AM +0000, Pankaj Gupta wrote:
> > > > + if (tx_msg->header.tag != priv->cmd_tag) {
> > > > + err = -EINVAL;
> > > > + goto exit;
> > > > + }
> > > > +
> > > > + guard(mutex)(&priv->se_if_cmd_lock);
> > > > + priv->waiting_rsp_dev = dev_ctx;
> > > > + dev_ctx->temp_resp_size = cmd_snd_rcv_rsp_info.rx_buf_sz;
> > > > +
> > > > + /* Device Context that is assigned to be a
> > > > + * FW's command receiver, has pre-allocated buffer.
> > > > + */
> > > > + if (dev_ctx != priv->cmd_receiver_dev)
> > > > + dev_ctx->temp_resp = rx_msg;
> > > > +
> > > > + err = ele_miscdev_msg_send(dev_ctx,
> > > > + tx_msg,
> > > > + cmd_snd_rcv_rsp_info.tx_buf_sz);
> > > > + if (err < 0)
> > > > + goto exit;
> > > > +
> > > > + cmd_snd_rcv_rsp_info.tx_buf_sz = err;
> > > > +
> > > > + err = ele_miscdev_msg_rcv(dev_ctx,
> > > > + cmd_snd_rcv_rsp_info.rx_buf,
> > > > + cmd_snd_rcv_rsp_info.rx_buf_sz);
> > >
> > > Ok, here you now have serialized sending and receiving messages,
> > >
> > > With this you no longer need priv->waiting_rsp_dev,
> > > dev_ctx->temp_resp and dev_ctx->temp_resp_size. Drop these for
> > > further
> cleanup.
> >
> > It is very much needed.
> > - priv->waiting_rsp_dev, help identify in the callback function that:
> > - the message is targeted for dev_ctx(user space) or dev(kernel space).
> > - the message is targeted for for which dev_ctx.
> > - dev_ctx->temp_resp, this buffer pointer is needed, to receive the
> > message
> received in call back.
> > - dev_ctx->temp_resp_size, is needed to compare the size of
> > in-coming
> message.
> >
> > All the three are needed in callback function.
>
> I think you should throw away ele_miscdev_msg_send() and
> ele_miscdev_msg_rcv() and instead use ele_msg_send_rcv() instead.
>
Both the API(s): ele_miscdev_msg_send() & ele_miscdev_msg_rcv()are needed.
- fops_read API, calls the ele_miscdev_msg_send(), &
- fops_write API, calls the ele_miscdev_msg_rcv()
> This driver contains a whole lot of unneeded complexity up to the
> point where it's not clear what this driver is actually trying to archieve.
>
> Please let's do a step back and try to find out the actual usecases.
>
> What I have found out so far is:
>
> 1) We can send one message to the ELE and each message is expected to get
> one response from the ELE.
For each message, it is not as simple as to get one response, without any other message exchange.
Why?
- In order to deliver the response to that message, FW could be exchanging multiple message with its slave called NVM-daemon running at Userspace.
- Once enough information is collected from its slave, to prepare the response. It will send the message response.
> 2) We are not allowed to send another message to the ELE while there is a
> message in flight that hasn't got a response.
Here "We" means Userspace application sending the command message on a particular MU.
In the case where ELE can receive message over two MU(s), another userspace application can send another command message, via different MU.
Hence there can be two command message in flight at a time, via two different MU(s).
> 3) Both Kernel and userspace shall be able to send commands and receive
> its responses.
Yes.
> 4) The ELE is able to send a command itself. Is this true?
No, rather ELE can send command to its slave, running as a NVM-daemon at userspace.
> Does this command need a response?
Yes.
> Can we continue sending commands to the ELE
> while the ELE waits for the response to the command?
No. "We" (Application that acts as the command sender, over one MU), the mutex-command-lock is taken by the first command. Hence if "We" tries to send the second command, the lock is not freed to be acquired.
At this state, ELE can send command to its slave and can wait for the response from its slave.
After collecting information from its slave, ELE will prepare the response to the command sent by "We", to send the response.
After the response is received by "We", the mutex-command-lock is freed.
>
>
> 1) and 2) is covered by ele_msg_send_rcv(). 3) is covered by
> ele_msg_send_rcv() as well, it can be called directly by kernel code
> or via an ioctl from userspace.
>
> 4) is the most unclear point for me, but 1) 2) and 3) seems straight
> forward and should be solvable with significantly reduced code size.
>
> Am I missing any features that you need as well?
Yes. As explained above with each bullet. There is a ELE's slave-daemon running at the userspace, with which ELE exchange messages.
Now, it must be clear why?
Both the API(s): ele_miscdev_msg_send() & ele_miscdev_msg_rcv()are needed.
>
>
> >
> > >
> > > > +}
> > > > +
> > > > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > > > + u64 arg) {
> > > > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > > > + struct se_if_node_info *if_node_info;
> > > > + struct se_ioctl_get_if_info info;
> > > > + int err = 0;
> > > > +
> > > > + if_node_info = (struct se_if_node_info *)priv->info;
> > > > +
> > > > + info.se_if_id = if_node_info->se_if_id;
> > > > + info.interrupt_idx = 0;
> > > > + info.tz = 0;
> > > > + info.did = if_node_info->se_if_did;
> > > > + info.cmd_tag = if_node_info->cmd_tag;
> > > > + info.rsp_tag = if_node_info->rsp_tag;
> > > > + info.success_tag = if_node_info->success_tag;
> > > > + info.base_api_ver = if_node_info->base_api_ver;
> > > > + info.fw_api_ver = if_node_info->fw_api_ver;
> > >
> > > This really shouldn't be here. You pass cmd_tag and rsp_tag to
> > > userspace just to guide userspace how to construct a message.
> > >
> > > This shows that the messages should be constructed in the Kernel
> > > rather than in userspace. Just pass the message content from
> > > userspace to the kernel and let the kernel build the message on
> > > the sender
> side.
> >
> > This will help collecting user-space application logs, with correct tags.
> > This is already used by the customers, for debug.
>
> I don't bother that you provide this information to userspace. My
> point is that it shouldn't be needed by userspace to assemble the
> packets that are sent back to the kernel.
>
> Really the packet encapsulation should be done in the kernel and
> userspace shouldn't be bothered with it.
Packet encapsulation cannot be removed from the userspace.
Only, userspace knows that the current API, that is sent, belongs to which set of API(s):
- Set of API(s) supported by FW code.
- Set of API(s) supported by ROM Code.
Only thing that can be saved is the encapsulating command tag for "We" and response tag for ELE's slave.
>
> >
> > >
> > > > +/* IOCTL entry point of a character device */ static long
> > > > +se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg) {
> > > > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > > > + struct se_if_device_ctx,
> > > > + miscdev);
> > > > + struct se_if_priv *se_if_priv = dev_ctx->priv;
> > > > + int err = -EINVAL;
> > > > +
> > > > + /* Prevent race during change of device context */
> > > > + if (down_interruptible(&dev_ctx->fops_lock))
> > > > + return -EBUSY;
> > > > +
> > > > + switch (cmd) {
> > > > + case SE_IOCTL_ENABLE_CMD_RCV:
> > > > + if (!se_if_priv->cmd_receiver_dev) {
> > > > + err = 0;
> > > > + se_if_priv->cmd_receiver_dev = dev_ctx;
> > > > + dev_ctx->temp_resp =
> > > > + kzalloc(MAX_NVM_MSG_LEN,
> > > GFP_KERNEL);
> > > > + if (!dev_ctx->temp_resp)
> > > > + err = -ENOMEM;
> > > > + }
> > >
> > > cmd_receiver_dev isn't locked by anything, still it can be
> > > accessed by different userspace processes.
> >
> > It is not accessed by different Userspace processes. It is a slave to FW.
> > FW interacts with it when FW receive a command to do any action,
> > from
> userspace.
> > Hence, it will be executed under command-lock.
>
> When two userspace programs have a device instance open, then nothing
> prevents them from calling this ioctl at the same time. You do a
>
> if (!se_if_priv->cmd_receiver_dev)
> se_if_priv->cmd_receiver_dev = dev_ctx;
>
> which is executed by two threads simultaneously. It's one of the most
> classic scenarios that need locking.
This IOCTL is not to be called by user-application.
It is to be called by one application(called ELE's Slave NVM-Daemon) implemented as part of secure-enclave library code-base.
This case will never be occurring.
I will update the SE-DEV text file against this ioctl.
>
> Sascha
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 |
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
> pengutronix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7Ca46d
> d4dd6a0542c2848608dcb842477e%7C686ea1d3bc2b4c6fa92cd99c5c3016
> 35%7C0%7C0%7C638587842010417199%7CUnknown%7CTWFpbGZsb3d8
> eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> D%7C0%7C%7C%7C&sdata=mslWc%2F%2Bp4PKtth3htkmdAJ0xHFh5MlCkcj
> %2FKNw7Tg5U%3D&reserved=0 |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2024-08-16 11:02 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-22 4:51 [PATCH v6 0/5] v6: firmware: imx: driver for NXP secure-enclave Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 1/5] Documentation/firmware: add imx/se to other_interfaces Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc Pankaj Gupta
2024-07-22 16:50 ` Conor Dooley
2024-07-23 9:28 ` [EXT] " Pankaj Gupta
2024-07-23 14:08 ` Conor Dooley
2024-07-24 11:02 ` Pankaj Gupta
2024-07-24 15:30 ` Conor Dooley
2024-07-25 7:06 ` Pankaj Gupta
2024-07-25 14:39 ` Conor Dooley
2024-07-26 12:35 ` Pankaj Gupta
2024-08-01 8:52 ` Pankaj Gupta
2024-08-01 15:17 ` Conor Dooley
2024-07-22 4:51 ` [PATCH v6 3/5] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware Pankaj Gupta
2024-07-22 4:51 ` [PATCH v6 4/5] firmware: imx: add driver for NXP EdgeLock Enclave Pankaj Gupta
2024-07-23 14:28 ` Sascha Hauer
2024-07-22 4:51 ` [PATCH v6 5/5] firmware: imx: adds miscdev Pankaj Gupta
2024-07-22 11:37 ` [EXTERNAL] " Amit Singh Tomar
2024-07-23 9:36 ` [EXT] " Pankaj Gupta
2024-07-23 14:20 ` Sascha Hauer
2024-08-08 10:49 ` [EXT] " Pankaj Gupta
2024-08-09 7:09 ` Sascha Hauer
[not found] ` <AM9PR04MB8604068373E25AAA99641F0895BA2@AM9PR04MB8604.eurprd04.prod.outlook.com>
2024-08-16 11:02 ` Pankaj Gupta
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).