From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from metis.whiteo.stw.pengutronix.de (metis.whiteo.stw.pengutronix.de [185.203.201.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A9B71B3B19 for ; Mon, 9 Sep 2024 12:19:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.203.201.7 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725884385; cv=none; b=nhiO0orKxvEvF0xXqwuozXwo28HB5V5wagdcNHRPRGd7rFwZ31Jrh1UwLsbH/Zp89ETINRLGdJqy7tZCmX3fh62gPm/LsEsPTh3zMfBg+jYDgaUx19inIjJKoKlQvIUSq3SafSa20Ky/2JBcgRqd20MtAw4fxfUGFniIfkZ0TLM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725884385; c=relaxed/simple; bh=XaGZJ26DCOzIFIxENjPMinMJ9iBdoY4E+FVtRLbXef0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=P+nMI8qVFuZOmfevcS1Z8jZoahDtLRgUzGgMU0irti3uDI437+WN5blKIzJmZaLTcKCnC5aySHoIBRUppkyD00PKSrpxJBpXx+XYjIMzofyVyzxsyqABNTYwc+Sy8BLXXKmz58G8pzJLfnyLpTFBm6FjYg8j9/R2M2ftS6qSszg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de; spf=pass smtp.mailfrom=pengutronix.de; arc=none smtp.client-ip=185.203.201.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pengutronix.de Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sndMe-0006Tx-V0; Mon, 09 Sep 2024 14:19:29 +0200 Received: from [2a0a:edc0:2:b01:1d::c5] (helo=pty.whiteo.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sndMe-006ePa-CL; Mon, 09 Sep 2024 14:19:28 +0200 Received: from sha by pty.whiteo.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1sndMe-00Fhph-0r; Mon, 09 Sep 2024 14:19:28 +0200 Date: Mon, 9 Sep 2024 14:19:28 +0200 From: Sascha Hauer To: Pankaj Gupta Cc: Jonathan Corbet , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Shawn Guo , Pengutronix Kernel Team , Fabio Estevam , Rob Herring , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, imx@lists.linux.dev, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v7 4/5] firmware: imx: add driver for NXP EdgeLock Enclave Message-ID: References: <20240904-imx-se-if-v7-0-5afd2ab74264@nxp.com> <20240904-imx-se-if-v7-4-5afd2ab74264@nxp.com> Precedence: bulk X-Mailing-List: linux-doc@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240904-imx-se-if-v7-4-5afd2ab74264@nxp.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: sha@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-doc@vger.kernel.org On Wed, Sep 04, 2024 at 04:21:20PM +0530, Pankaj Gupta wrote: > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE), > are embedded in the SoC to support the features like HSM, SHE & V2X, > using message based communication interface. > > The secure enclave FW communicates on a dedicated messaging unit(MU) > based interface(s) with application core, where kernel is running. > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93. > > This patch adds the driver for communication interface to secure-enclave, > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock > Enclave (ELE) from Kernel-space, used by kernel management layers like > - DM-Crypt. > > Signed-off-by: Pankaj Gupta > --- > drivers/firmware/imx/Kconfig | 12 + > drivers/firmware/imx/Makefile | 2 + > drivers/firmware/imx/ele_base_msg.c | 286 ++++++++++++++++++++ > drivers/firmware/imx/ele_base_msg.h | 95 +++++++ > drivers/firmware/imx/ele_common.c | 306 +++++++++++++++++++++ > drivers/firmware/imx/ele_common.h | 51 ++++ > drivers/firmware/imx/se_ctrl.c | 515 ++++++++++++++++++++++++++++++++++++ > drivers/firmware/imx/se_ctrl.h | 99 +++++++ > include/linux/firmware/imx/se_api.h | 14 + > 9 files changed, 1380 insertions(+) > > diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig > index 183613f82a11..0f6877a24f0b 100644 > --- a/drivers/firmware/imx/Kconfig > +++ b/drivers/firmware/imx/Kconfig > @@ -22,3 +22,15 @@ config IMX_SCU > > This driver manages the IPC interface between host CPU and the > SCU firmware running on M4. > + > +config IMX_SEC_ENCLAVE > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver." > + depends on IMX_MBOX && ARCH_MXC && ARM64 > + default m if ARCH_MXC > + > + help > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called: > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93), > + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging > + Unit. This driver exposes these interfaces via a set of file descriptors > + allowing to configure shared memory, send and receive messages. > diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile > index 8f9f04a513a8..aa9033e0e9e3 100644 > --- a/drivers/firmware/imx/Makefile > +++ b/drivers/firmware/imx/Makefile > @@ -1,3 +1,5 @@ > # SPDX-License-Identifier: GPL-2.0 > obj-$(CONFIG_IMX_DSP) += imx-dsp.o > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o > diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c > new file mode 100644 > index 000000000000..e3e570a25e85 > --- /dev/null > +++ b/drivers/firmware/imx/ele_base_msg.c > @@ -0,0 +1,286 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright 2024 NXP > + */ > + > +#include > + > +#include > +#include > +#include > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > + > +int ele_get_info(struct device *dev, struct ele_dev_info *s_info) I repeat once again: The context pointer argument should be struct se_if_priv *. Do not expect foreign code to pass in a struct device * here from which you blindly expect that it's the right one. > +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 *serial_num) Also here and all the other functions in this file. > + * > + * Header file for the EdgeLock Enclave Base API(s). > + */ > + > +#ifndef ELE_BASE_MSG_H > +#define ELE_BASE_MSG_H > + > +#include > +#include > + > +#define WORD_SZ i4 Unused. > +#define ELE_NONE_VAL 0x0 > + > +#define ELE_GET_INFO_REQ 0xDA > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10 > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08 > + > +#define DEFAULT_IMX_SOC_VER 0xA000 Unused > +#define SOC_VER_MASK 0xFFFF0000 Unused > +int ele_msg_send(struct se_if_priv *priv, > + void *tx_msg, > + int tx_msg_sz) > +{ > + struct se_msg_hdr *header; > + int err; > + > + header = tx_msg; > + > + /* > + * Check that the size passed as argument matches the size > + * carried in the message. > + */ > + if (header->size << 2 != tx_msg_sz) { > + err = -EINVAL; > + dev_err(priv->dev, > + "User buf hdr: 0x%x, sz mismatced with input-sz (%d != %d).", > + *(u32 *)header, > + header->size << 2, tx_msg_sz); > + goto exit; > + } > + guard(mutex)(&priv->se_if_lock); Drop this mutex. All it does is to protect mbox_send_message() which already has its own locking. > + > + err = mbox_send_message(priv->tx_chan, tx_msg); > + if (err < 0) { > + dev_err(priv->dev, "Error: mbox_send_message failure.\n"); > + return err; > + } > + err = tx_msg_sz; > + > +exit: > + return err; > +} > + > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg) > +{ > + struct se_clbk_handle *se_clbk_hdl; > + struct device *dev = mbox_cl->dev; > + struct se_msg_hdr *header; > + struct se_if_priv *priv; > + u32 rx_msg_sz; > + > + priv = dev_get_drvdata(dev); > + > + /* The function can be called with NULL msg */ You already identified this as a possible case... > + if (!msg) { > + dev_err(dev, "Message is invalid\n"); ...so why print an error message here? > + return; > + } > + > + header = msg; > + rx_msg_sz = header->size << 2; > + > + /* Incoming command: wake up the receiver if any. */ > + if (header->tag == priv->cmd_tag) { > + se_clbk_hdl = &priv->cmd_receiver_clbk_hdl; > + dev_dbg(dev, > + "Selecting cmd receiver for mesg header:0x%x.", > + *(u32 *) header); > + > + /* Pre-allocated buffer of MAX_NVM_MSG_LEN > + * as the NVM command are initiated by FW. > + * Size is revealed as part of this call function. > + */ > + if (rx_msg_sz > MAX_NVM_MSG_LEN) { > + dev_err(dev, > + "CMD-RCVER NVM: hdr(0x%x) with different sz(%d != %d).\n", > + *(u32 *) header, > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + > + se_clbk_hdl->rx_msg_sz = MAX_NVM_MSG_LEN; > + } > + se_clbk_hdl->rx_msg_sz = rx_msg_sz; > + > + } else if (header->tag == priv->rsp_tag) { > + se_clbk_hdl = &priv->waiting_rsp_clbk_hdl; > + dev_dbg(dev, > + "Selecting resp waiter for mesg header:0x%x.", > + *(u32 *) header); > + > + if (rx_msg_sz != se_clbk_hdl->rx_msg_sz > + && !exception_for_size(priv, header)) { > + dev_err(dev, > + "Rsp to CMD: hdr(0x%x) with different sz(%d != %d).\n", > + *(u32 *) header, > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + > + se_clbk_hdl->rx_msg_sz = min(rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + } > + } else { > + dev_err(dev, "Failed to select a device for message: %.8x\n", > + *((u32 *) header)); > + return; > + } > + > + memcpy(se_clbk_hdl->rx_msg, msg, se_clbk_hdl->rx_msg_sz); > + > + /* Allow user to read */ > + atomic_inc(&se_clbk_hdl->pending_hdr); > + > + wake_up_interruptible(&se_clbk_hdl->wq); You are rebuilding a completion here, why not use a completion then? > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > +#include "se_ctrl.h" > + > +#define RESERVED_DMA_POOL BIT(0) Unused > +static void se_load_firmware(const struct firmware *fw, void *context) > +{ > + struct se_if_priv *priv = context; > + const struct se_if_node_info *info = priv->info; > + phys_addr_t se_fw_phyaddr; > + u8 *se_fw_buf; > + int ret; > + > + if (!fw) { > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES) > + dev_dbg(priv->dev, > + "External FW not found, using ROM FW.\n"); > + else { > + /*add a bit delay to wait for firmware priv released */ > + msleep(20); > + > + /* Load firmware one more time if timeout */ > + request_firmware_nowait(THIS_MODULE, > + FW_ACTION_UEVENT, priv->se_img_file_to_load, > + priv->dev, GFP_KERNEL, priv, > + se_load_firmware); > + priv->fw_fail++; > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n", > + priv->fw_fail); > + } > + > + return; > + } Are you continuously trying to load the firmware here in the hope that the rootfs is mounted before your retry counter exceeds? Don't do this. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |