From: Mukesh Ojha <mukesh.ojha@oss.qualcomm.com>
To: Bjorn Andersson <andersson@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
Manivannan Sadhasivam <mani@kernel.org>,
Konrad Dybcio <konradybcio@kernel.org>
Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org,
devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
Mukesh Ojha <mukesh.ojha@oss.qualcomm.com>
Subject: [PATCH v3 06/12] firmware: qcom_scm: Add a prep version of auth_and_reset function
Date: Sun, 21 Sep 2025 01:11:04 +0530 [thread overview]
Message-ID: <20250921-kvm_rproc_pas-v3-6-458f09647920@oss.qualcomm.com> (raw)
In-Reply-To: <20250921-kvm_rproc_pas-v3-0-458f09647920@oss.qualcomm.com>
Qualcomm SoCs running with QHEE (Qualcomm Hypervisor Execution
Environment—a library present in the Gunyah hypervisor) utilize the
Peripheral Authentication Service (PAS) from TrustZone (TZ) firmware to
securely authenticate and reset remote processors via a sequence of SMC
calls such as qcom_scm_pas_init_image(), qcom_scm_pas_mem_setup(), and
qcom_scm_pas_auth_and_reset().
For memory passed to Qualcomm TrustZone, it must either be part of a
pool registered with TZ or be directly registered via SHMbridge SMC
calls. When QHEE is present, PAS SMC calls from Linux running at EL1 are
trapped by QHEE (running at EL2), which then creates or retrieves memory
from the SHMbridge for both metadata and remoteproc carveout memory
before passing them to TZ. However, when the SoC runs with a
non-QHEE-based hypervisor, Linux must create the SHM bridge for both
metadata (before it is passed to TZ in qcom_scm_pas_init_image()) and
for remoteproc memory (before the call is made to TZ in
qcom_scm_pas_auth_and_reset()).
For auth_and_reset() call, first it need to register remoteproc carveout
memory with TZ via SHMbridge SMC call and then it can trigger
auth_and_reset SMC call and once the call returns, remoteproc carveout
memory can be deregisterd with TZ.
Add qcom_scm_pas_prepare_and_auth_reset() function which does prepare
the SHMbridge over carveout memory and call auth_and_reset SMC call.
Signed-off-by: Mukesh Ojha <mukesh.ojha@oss.qualcomm.com>
---
drivers/firmware/qcom/qcom_scm.c | 46 ++++++++++++++++++++++++++++++++++
include/linux/firmware/qcom/qcom_scm.h | 2 ++
2 files changed, 48 insertions(+)
diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c
index 917341308873..7a86b27ea666 100644
--- a/drivers/firmware/qcom/qcom_scm.c
+++ b/drivers/firmware/qcom/qcom_scm.c
@@ -790,6 +790,52 @@ int qcom_scm_pas_auth_and_reset(u32 pas_id)
}
EXPORT_SYMBOL_GPL(qcom_scm_pas_auth_and_reset);
+/**
+ * qcom_scm_pas_prepare_and_auth_reset() - Prepare, authenticate, and reset the remote processor
+ *
+ * @ctx: Context saved during call to qcom_scm_pas_ctx_init()
+ *
+ * This function performs the necessary steps to prepare a PAS subsystem,
+ * authenticate it using the provided metadata, and initiate a reset sequence.
+ *
+ * It should be used when Linux is in control setting up the IOMMU hardware
+ * for remote subsystem during secure firmware loading processes. The preparation
+ * step sets up a shmbridge over the firmware memory before TrustZone accesses the
+ * firmware memory region for authentication. The authentication step verifies
+ * the integrity and authenticity of the firmware or configuration using secure
+ * metadata. Finally, the reset step ensures the subsystem starts in a clean and
+ * sane state.
+ *
+ * Return: 0 on success, negative errno on failure.
+ */
+int qcom_scm_pas_prepare_and_auth_reset(struct qcom_scm_pas_ctx *ctx)
+{
+ u64 handle;
+ int ret;
+
+ if (!ctx->has_iommu)
+ return qcom_scm_pas_auth_and_reset(ctx->pas_id);
+
+ /*
+ * When Linux running at EL1, Gunyah(EL2) traps auth_and_reset call and creates
+ * shmbridge on remote subsystem memory region before it passes the call to
+ * TrustZone to authenticate it while when Linux runs at EL2, it needs to create
+ * shmbridge before this call goes to TrustZone.
+ */
+ ret = qcom_tzmem_shm_bridge_create(ctx->mem_phys, ctx->mem_size, &handle);
+ if (ret) {
+ dev_err(__scm->dev, "Failed to create shmbridge ret=%d %u\n",
+ ret, ctx->pas_id);
+ return ret;
+ }
+
+ ret = qcom_scm_pas_auth_and_reset(ctx->pas_id);
+ qcom_tzmem_shm_bridge_delete(handle);
+
+ return ret;
+}
+EXPORT_SYMBOL_GPL(qcom_scm_pas_prepare_and_auth_reset);
+
/**
* qcom_scm_pas_shutdown() - Shut down the remote processor
* @pas_id: peripheral authentication service id
diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h
index 9ca3218f0948..1774584ff5e3 100644
--- a/include/linux/firmware/qcom/qcom_scm.h
+++ b/include/linux/firmware/qcom/qcom_scm.h
@@ -78,6 +78,7 @@ struct qcom_scm_pas_ctx {
phys_addr_t mem_phys;
size_t mem_size;
struct qcom_scm_pas_metadata *metadata;
+ bool has_iommu;
};
void *qcom_scm_pas_ctx_init(struct device *dev, u32 pas_id, phys_addr_t mem_phys,
@@ -90,6 +91,7 @@ int qcom_scm_pas_mem_setup(u32 pas_id, phys_addr_t addr, phys_addr_t size);
int qcom_scm_pas_auth_and_reset(u32 pas_id);
int qcom_scm_pas_shutdown(u32 pas_id);
bool qcom_scm_pas_supported(u32 pas_id);
+int qcom_scm_pas_prepare_and_auth_reset(struct qcom_scm_pas_ctx *ctx);
int qcom_scm_io_readl(phys_addr_t addr, unsigned int *val);
int qcom_scm_io_writel(phys_addr_t addr, unsigned int val);
--
2.50.1
next prev parent reply other threads:[~2025-09-20 19:42 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-20 19:40 [PATCH v3 00/12] Peripheral Image Loader support for Qualcomm SoCs running Linux host at EL2 Mukesh Ojha
2025-09-20 19:40 ` [PATCH v3 01/12] dt-bindings: remoteproc: qcom,pas: Add iommus property Mukesh Ojha
2025-09-21 21:32 ` Bryan O'Donoghue
2025-09-22 20:29 ` Rob Herring (Arm)
2025-09-20 19:41 ` [PATCH v3 02/12] firmware: qcom_scm: Rename peripheral as pas_id Mukesh Ojha
2025-09-21 21:31 ` Bryan O'Donoghue
2025-09-20 19:41 ` [PATCH v3 03/12] firmware: qcom_scm: Introduce PAS context initialization and destroy helper Mukesh Ojha
2025-09-21 21:40 ` Bryan O'Donoghue
2025-09-22 11:34 ` Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 04/12] soc: qcom: mdtloader: Add context aware qcom_mdt_pas_load() helper Mukesh Ojha
2025-09-21 7:31 ` kernel test robot
2025-09-21 21:49 ` Bryan O'Donoghue
2025-09-20 19:41 ` [PATCH v3 05/12] remoteproc: pas: Use PAS context awareness in smc and mdt functions Mukesh Ojha
2025-09-21 22:14 ` Bryan O'Donoghue
2025-09-20 19:41 ` Mukesh Ojha [this message]
2025-09-21 22:23 ` [PATCH v3 06/12] firmware: qcom_scm: Add a prep version of auth_and_reset function Bryan O'Donoghue
2025-09-21 22:27 ` Bryan O'Donoghue
2025-09-22 6:12 ` Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 07/12] firmware: qcom_scm: Simplify qcom_scm_pas_init_image() Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 08/12] firmware: qcom_scm: Add shmbridge support to pas_init/release function Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 09/12] firmware: qcom_scm: Add qcom_scm_pas_get_rsc_table() to get resource table Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 10/12] remoteproc: pas: Extend parse_fw callback to fetch resources via SMC call Mukesh Ojha
2025-09-21 18:07 ` kernel test robot
2025-09-22 6:08 ` Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 11/12] remoteproc: qcom: pas: Enable Secure PAS support with IOMMU managed by Linux Mukesh Ojha
2025-09-20 19:41 ` [PATCH v3 12/12] arm64: dts: qcom: Add EL2 overlay for Lemans Mukesh Ojha
2025-09-22 8:21 ` Stephan Gerhold
2025-09-22 11:06 ` Mukesh Ojha
2025-09-22 12:15 ` Akhil P Oommen
2025-09-22 8:10 ` [PATCH v3 00/12] Peripheral Image Loader support for Qualcomm SoCs running Linux host at EL2 Stephan Gerhold
2025-09-22 9:47 ` Mukesh Ojha
2025-09-22 9:53 ` Stephan Gerhold
2025-09-22 10:33 ` Mukesh Ojha
2025-10-08 9:49 ` Konrad Dybcio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250921-kvm_rproc_pas-v3-6-458f09647920@oss.qualcomm.com \
--to=mukesh.ojha@oss.qualcomm.com \
--cc=andersson@kernel.org \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=konradybcio@kernel.org \
--cc=krzk+dt@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-remoteproc@vger.kernel.org \
--cc=mani@kernel.org \
--cc=mathieu.poirier@linaro.org \
--cc=robh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).