From: Randy Dunlap <rdunlap@infradead.org>
To: Pankaj Gupta <pankaj.gupta@nxp.com>,
Jonathan Corbet <corbet@lwn.net>, Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
Shawn Guo <shawnguo@kernel.org>,
Sascha Hauer <s.hauer@pengutronix.de>,
Pengutronix Kernel Team <kernel@pengutronix.de>,
Fabio Estevam <festevam@gmail.com>,
Rob Herring <robh+dt@kernel.org>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>
Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3 1/5] Documentation/firmware: add imx/se to other_interfaces
Date: Tue, 18 Jun 2024 14:13:13 -0700 [thread overview]
Message-ID: <c786ad0d-2a25-4066-b0df-04decc037c16@infradead.org> (raw)
In-Reply-To: <20240617-imx-se-if-v3-1-a7d28dea5c4a@nxp.com>
Hi--
IMO there is an overuse of hyphens (dashes) here.
Please consider the changes below.
On 6/17/24 12:29 AM, Pankaj Gupta wrote:
> Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s)
> that contains the NXP hardware IP(s) for secure-enclaves(se) like:
Is the product referred to as "secure-enclaves"? If not, "secure enclaves"
should be sufficient.
Hm, https://www.nxp.com/products/nxp-product-information/nxp-product-programs/edgelock-secure-enclave:EDGELOCK-SECURE-ENCLAVE
just says "Secure Enclave".
> - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP
>
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
> .../driver-api/firmware/other_interfaces.rst | 119 +++++++++++++++++++++
> 1 file changed, 119 insertions(+)
>
> diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst
> index 06ac89adaafb..65e69396e22a 100644
> --- a/Documentation/driver-api/firmware/other_interfaces.rst
> +++ b/Documentation/driver-api/firmware/other_interfaces.rst
> @@ -49,3 +49,122 @@ of the requests on to a secure monitor (EL3).
>
> .. kernel-doc:: drivers/firmware/stratix10-svc.c
> :export:
> +
> +NXP Secure Enclave Firmware Interface
> +=====================================
> +
> +Introduction
> +------------
> +The NXP's i.MX HW IP like EdgeLock-Enclave, V2X etc., creates an embedded secure
Edgelock Enclave
> +enclave within the SoC boundary to enable features like
> + - Hardware Security Module (HSM)
> + - Security Hardware Extension (SHE)
> + - Vehicular to Anything (V2X)
> +
> +Each of the above feature, is enabled through dedicated NXP H/W IP on the SoC.
features is enabled
> +On a single SoC, multiple hardware IP (or can say more than one secure enclave)
(or more than one secure enclave)
> +can exists.
can exist.
> +
> +NXP SoCs enabled with the such secure enclaves(SEs) IPs are:
with such
> +i.MX93, i.MX8ULP
> +
> +To communicate with one or more co-existing SE(s) on SoC, there is/are dedicated
hm, "co-existing" is a (UK) alternative for "coexisting" and since we accept
British spellings, it is OK.
> +messaging units(MU) per SE. Each co-existing 'se' can have one or multiple exclusive
why not 'SE'
?
> +MU(s), dedicated to itself. None of the MU is shared between two SEs.
MUs
or
MU(s)
> +Communication of the MU is realized using the Linux mailbox driver.
> +
> +NXP Secure Enclave(SE) Interface
> +--------------------------------
> +All those SE interfaces 'se-if' that is/are dedicated to a particular SE, will be
no comma ^
> +enumerated and provisioned under the very single 'SE' node.
> +
> +Each 'se-if', comprise of twp layers:
no comma ^ two
> +- (C_DEV Layer) User-Space software-access interface.
> +- (Service Layer) OS-level software-access interface.
> +
> + +--------------------------------------------+
> + | Character Device(C_DEV) |
> + | |
> + | +---------+ +---------+ +---------+ |
> + | | misc #1 | | misc #2 | ... | misc #n | |
> + | | dev | | dev | | dev | |
> + | +---------+ +---------+ +---------+ |
> + | +-------------------------+ |
> + | | Misc. Dev Synchr. Logic | |
> + | +-------------------------+ |
> + | |
> + +--------------------------------------------+
> +
> + +--------------------------------------------+
> + | Service Layer |
> + | |
> + | +-----------------------------+ |
> + | | Message Serialization Logic | |
> + | +-----------------------------+ |
> + | +---------------+ |
> + | | imx-mailbox | |
> + | | mailbox.c | |
> + | +---------------+ |
> + | |
> + +--------------------------------------------+
> +
> +- service layer:
> + This layer is responsible for ensuring the communication protocol, that is defined
no comma ^
> + for communication with firmware.
> +
> + FW Communication protocol ensures two things:
> + - Serializing the messages to be sent over an MU.
> +
> + - FW can handle one command-message at a time.
command message
> +
> +- c_dev:
> + This layer offers character device contexts, created as '/dev/<se>_mux_chx'.
> + Using these multiple device contexts, that are getting multiplexed over a single MU,
no comma ^ that are multiplexed over
> + user-space application(s) can call fops like write/read to send the command-message,
command message,
I prefer 'userspace' or 'user space' over 'user-space'. 'user-space' is the 3rd most used
of the 3 spellings in the kernel source tree.
> + and read back the command-response-message to/from Firmware.
command response message
> + fops like read & write uses the above defined service layer API(s) to communicate with
use
> + Firmware.
> +
> + Misc-device(/dev/<se>_mux_chn) synchronization protocol:
> +
> + Non-Secure + Secure
> + |
> + |
> + +---------+ +-------------+ |
> + | se_fw.c +<---->+imx-mailbox.c| |
> + | | | mailbox.c +<-->+------+ +------+
> + +---+-----+ +-------------+ | MU X +<-->+ ELE |
> + | +------+ +------+
> + +----------------+ |
> + | | |
> + v v |
> + logical logical |
> + receiver waiter |
> + + + |
> + | | |
> + | | |
> + | +----+------+ |
> + | | | |
> + | | | |
> + device_ctx device_ctx device_ctx |
> + |
> + User 0 User 1 User Y |
> + +------+ +------+ +------+ |
> + |misc.c| |misc.c| |misc.c| |
> + kernel space +------+ +------+ +------+ |
> + |
> + +------------------------------------------------------ |
> + | | | |
> + userspace /dev/ele_muXch0 | | |
> + /dev/ele_muXch1 | |
> + /dev/ele_muXchY |
> + |
> +
> +When a user sends a command to the firmware, it registers its device_ctx
> +as waiter of a response from firmware.
> +
> +Enclave's Firmware owns the storage management, over linux filesystem.
Linux
> +For this c_dev provisions a dedicated slave device called "receiver".
> +
> +.. kernel-doc:: drivers/firmware/imx/se_fw.c
> + :export:
>
--
~Randy
next prev parent reply other threads:[~2024-06-18 21:13 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-17 7:29 [PATCH v3 0/5] Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave Pankaj Gupta
2024-06-17 7:29 ` [PATCH v3 1/5] Documentation/firmware: add imx/se to other_interfaces Pankaj Gupta
2024-06-18 21:13 ` Randy Dunlap [this message]
2024-06-19 7:30 ` [EXT] " Pankaj Gupta
2024-06-17 7:29 ` [PATCH v3 2/5] dt-bindings: arm: fsl: add imx-se-fw binding doc Pankaj Gupta
2024-06-17 16:37 ` Conor Dooley
2024-06-18 10:58 ` [EXT] " Pankaj Gupta
2024-06-18 11:19 ` Conor Dooley
2024-06-24 13:46 ` Pankaj Gupta
2024-06-24 16:48 ` Conor Dooley
2024-06-24 13:12 ` Pankaj Gupta
2024-06-24 13:27 ` Conor Dooley
2024-06-17 7:29 ` [PATCH v3 3/5] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware Pankaj Gupta
2024-06-17 7:29 ` [PATCH v3 4/5] firmware: imx: add driver for NXP EdgeLock Enclave Pankaj Gupta
2024-06-18 8:31 ` Sascha Hauer
2024-07-01 7:45 ` [EXT] " Pankaj Gupta
2024-07-01 8:47 ` Sascha Hauer
2024-07-15 9:19 ` Pankaj Gupta
2024-07-19 4:49 ` Pankaj Gupta
2024-06-17 7:29 ` [PATCH v3 5/5] firmware: imx: adds miscdev Pankaj Gupta
2024-06-18 21:28 ` Randy Dunlap
2024-06-18 21:39 ` Randy Dunlap
2024-06-19 9:02 ` [EXT] " Pankaj Gupta
2024-06-19 8:58 ` Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c786ad0d-2a25-4066-b0df-04decc037c16@infradead.org \
--to=rdunlap@infradead.org \
--cc=conor+dt@kernel.org \
--cc=corbet@lwn.net \
--cc=devicetree@vger.kernel.org \
--cc=festevam@gmail.com \
--cc=imx@lists.linux.dev \
--cc=kernel@pengutronix.de \
--cc=krzk+dt@kernel.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pankaj.gupta@nxp.com \
--cc=robh+dt@kernel.org \
--cc=robh@kernel.org \
--cc=s.hauer@pengutronix.de \
--cc=shawnguo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).