diff options
Diffstat (limited to 'arch/arm/include')
-rw-r--r-- | arch/arm/include/asm/arch-imx8/imx8qm_pads.h | 2 | ||||
-rw-r--r-- | arch/arm/include/asm/arch-imx8/imx8qxp_pads.h | 2 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/ipc.h | 2 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/rpc.h | 38 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/irq/api.h | 6 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/misc/api.h | 106 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/pad/api.h | 8 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/pm/api.h | 95 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/rm/api.h | 39 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/seco/api.h | 347 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/svc/timer/api.h | 17 | ||||
-rw-r--r-- | arch/arm/include/asm/mach-imx/sci/types.h | 52 |
12 files changed, 452 insertions, 262 deletions
diff --git a/arch/arm/include/asm/arch-imx8/imx8qm_pads.h b/arch/arm/include/asm/arch-imx8/imx8qm_pads.h index 5cd2b76759..6b62f7d8f6 100644 --- a/arch/arm/include/asm/arch-imx8/imx8qm_pads.h +++ b/arch/arm/include/asm/arch-imx8/imx8qm_pads.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ diff --git a/arch/arm/include/asm/arch-imx8/imx8qxp_pads.h b/arch/arm/include/asm/arch-imx8/imx8qxp_pads.h index 8db40c549a..c35e5dfa60 100644 --- a/arch/arm/include/asm/arch-imx8/imx8qxp_pads.h +++ b/arch/arm/include/asm/arch-imx8/imx8qxp_pads.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ diff --git a/arch/arm/include/asm/mach-imx/sci/ipc.h b/arch/arm/include/asm/mach-imx/sci/ipc.h index 145df1db80..a484963bd4 100644 --- a/arch/arm/include/asm/mach-imx/sci/ipc.h +++ b/arch/arm/include/asm/mach-imx/sci/ipc.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ diff --git a/arch/arm/include/asm/mach-imx/sci/rpc.h b/arch/arm/include/asm/mach-imx/sci/rpc.h index 5c46855344..4105bde1f4 100644 --- a/arch/arm/include/asm/mach-imx/sci/rpc.h +++ b/arch/arm/include/asm/mach-imx/sci/rpc.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -20,7 +20,7 @@ /* Defines */ #define SCFW_API_VERSION_MAJOR 1U -#define SCFW_API_VERSION_MINOR 7U +#define SCFW_API_VERSION_MINOR 15U #define SC_RPC_VERSION 1U @@ -31,9 +31,13 @@ #define RPC_SVC(MESG) ((MESG)->svc) #define RPC_FUNC(MESG) ((MESG)->func) #define RPC_R8(MESG) ((MESG)->func) +#define RPC_I64(MESG, IDX) (I64(RPC_U32((MESG), (IDX))) << 32ULL) \ + | I64(RPC_U32((MESG), (IDX) + 4U)) #define RPC_I32(MESG, IDX) ((MESG)->DATA.i32[(IDX) / 4U]) #define RPC_I16(MESG, IDX) ((MESG)->DATA.i16[(IDX) / 2U]) #define RPC_I8(MESG, IDX) ((MESG)->DATA.i8[(IDX)]) +#define RPC_U64(MESG, IDX) (U64(RPC_U32((MESG), (IDX))) << 32ULL) \ + | U64(RPC_U32((MESG), (IDX) + 4U)) #define RPC_U32(MESG, IDX) ((MESG)->DATA.u32[(IDX) / 4U]) #define RPC_U16(MESG, IDX) ((MESG)->DATA.u16[(IDX) / 2U]) #define RPC_U8(MESG, IDX) ((MESG)->DATA.u8[(IDX)]) @@ -56,11 +60,15 @@ #define SC_RPC_ASYNC_STATE_WR_ACTIVE 4U #define SC_RPC_ASYNC_STATE_WR_DONE 5U +/* SC -> Client general-purpose MU IRQs */ #define SC_RPC_MU_GIR_SVC 0x1U #define SC_RPC_MU_GIR_WAKE 0x2U #define SC_RPC_MU_GIR_BOOT 0x4U #define SC_RPC_MU_GIR_DBG 0x8U +/* Client -> SC general-purpose MU IRQs */ +#define SC_RPC_MU_GIR_RST 0x1U + #define I8(X) ((int8_t) (X)) #define I16(X) ((int16_t) (X)) #define I32(X) ((int32_t) (X)) @@ -131,31 +139,5 @@ typedef struct */ void sc_call_rpc(sc_ipc_t ipc, sc_rpc_msg_t *msg, sc_bool_t no_resp); -/*! - * This is an internal function to dispath an RPC call that has - * arrived via IPC over an MU. It is called by server-side SCFW. - * - * @param[in] mu MU message arrived on - * @param[in,out] msg handle to a message - * - * The function result is returned in \a msg. - */ -void sc_rpc_dispatch(sc_rsrc_t mu, sc_rpc_msg_t *msg); - -/*! - * This function translates an RPC message and forwards on to the - * normal RPC API. It is used only by hypervisors. - * - * @param[in] ipc IPC handle - * @param[in,out] msg handle to a message - * - * This function decodes a message, calls macros to translate the - * resources, pads, addresses, partitions, memory regions, etc. and - * then forwards on to the hypervisors SCFW API.Return results are - * translated back abd placed back into the message to be returned - * to the original API. - */ -void sc_rpc_xlate(sc_ipc_t ipc, sc_rpc_msg_t *msg); - #endif /* SC_RPC_H */ diff --git a/arch/arm/include/asm/mach-imx/sci/svc/irq/api.h b/arch/arm/include/asm/mach-imx/sci/svc/irq/api.h index b065e45706..50713bc9c8 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/irq/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/irq/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -9,7 +9,7 @@ * Header file containing the public API for the System Controller (SC) * Interrupt (IRQ) function. * - * @addtogroup IRQ_SVC (SVC) Interrupt Service + * @addtogroup IRQ_SVC IRQ: Interrupt Service * * Module for the Interrupt (IRQ) service. * @@ -91,6 +91,8 @@ #define SC_IRQ_USR1 (1U << 2U) /*!< User defined 1 */ #define SC_IRQ_USR2 (1U << 3U) /*!< User defined 2 */ #define SC_IRQ_BC_PAD (1U << 4U) /*!< Pad wakeup (broadcast to all partitions) */ +#define SC_IRQ_SW_WAKE (1U << 5U) /*!< Software requested wake */ +#define SC_IRQ_SECVIO (1U << 6U) /*!< Security violation */ /*@}*/ /*! diff --git a/arch/arm/include/asm/mach-imx/sci/svc/misc/api.h b/arch/arm/include/asm/mach-imx/sci/svc/misc/api.h index 783c54749f..9fda313527 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/misc/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/misc/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -9,7 +9,7 @@ * Header file containing the public API for the System Controller (SC) * Miscellaneous (MISC) function. * - * @addtogroup MISC_SVC (SVC) Miscellaneous Service + * @addtogroup MISC_SVC MISC: Miscellaneous Service * * Module for the Miscellaneous (MISC) service. * @@ -54,18 +54,6 @@ /*@}*/ /*! - * @name Defines for sc_misc_seco_auth_cmd_t - */ -/*@{*/ -#define SC_MISC_AUTH_CONTAINER 0U /*!< Authenticate container */ -#define SC_MISC_VERIFY_IMAGE 1U /*!< Verify image */ -#define SC_MISC_REL_CONTAINER 2U /*!< Release container */ -#define SC_MISC_SECO_AUTH_SECO_FW 3U /*!< SECO Firmware */ -#define SC_MISC_SECO_AUTH_HDMI_TX_FW 4U /*!< HDMI TX Firmware */ -#define SC_MISC_SECO_AUTH_HDMI_RX_FW 5U /*!< HDMI RX Firmware */ -/*@}*/ - -/*! * @name Defines for sc_misc_bt_t */ /*@{*/ @@ -89,11 +77,6 @@ typedef uint8_t sc_misc_dma_group_t; typedef uint8_t sc_misc_boot_status_t; /*! - * This type is used to issue SECO authenticate commands. - */ -typedef uint8_t sc_misc_seco_auth_cmd_t; - -/*! * This type is used report boot status. */ typedef uint8_t sc_misc_temp_t; @@ -202,87 +185,6 @@ sc_err_t sc_misc_set_dma_group(sc_ipc_t ipc, sc_rsrc_t resource, /* @} */ /*! - * @name Security Functions - * @{ - */ - -/*! - * @deprecated Use sc_seco_image_load() instead. - */ -sc_err_t sc_misc_seco_image_load(sc_ipc_t ipc, sc_faddr_t addr_src, - sc_faddr_t addr_dst, uint32_t len, sc_bool_t fw); - -/*! - * @deprecated Use sc_seco_authenticate() instead. - */ -sc_err_t sc_misc_seco_authenticate(sc_ipc_t ipc, - sc_misc_seco_auth_cmd_t cmd, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_fuse_write() instead. - */ -sc_err_t sc_misc_seco_fuse_write(sc_ipc_t ipc, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_enable_debug() instead. - */ -sc_err_t sc_misc_seco_enable_debug(sc_ipc_t ipc, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_forward_lifecycle() instead. - */ -sc_err_t sc_misc_seco_forward_lifecycle(sc_ipc_t ipc, uint32_t change); - -/*! - * @deprecated Use sc_seco_return_lifecycle() instead. - */ -sc_err_t sc_misc_seco_return_lifecycle(sc_ipc_t ipc, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_build_info() instead. - */ -void sc_misc_seco_build_info(sc_ipc_t ipc, uint32_t *version, - uint32_t *commit); - -/*! - * @deprecated Use sc_seco_chip_info() instead. - */ -sc_err_t sc_misc_seco_chip_info(sc_ipc_t ipc, uint16_t *lc, - uint16_t *monotonic, uint32_t *uid_l, uint32_t *uid_h); - -/*! - * @deprecated Use sc_seco_attest_mode() instead. - */ -sc_err_t sc_misc_seco_attest_mode(sc_ipc_t ipc, uint32_t mode); - -/*! - * @deprecated Use sc_seco_attest() instead. - */ -sc_err_t sc_misc_seco_attest(sc_ipc_t ipc, uint64_t nonce); - -/*! - * @deprecated Use sc_seco_get_attest_pkey() instead. - */ -sc_err_t sc_misc_seco_get_attest_pkey(sc_ipc_t ipc, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_get_attest_sign() instead. - */ -sc_err_t sc_misc_seco_get_attest_sign(sc_ipc_t ipc, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_attest_verify() instead. - */ -sc_err_t sc_misc_seco_attest_verify(sc_ipc_t ipc, sc_faddr_t addr); - -/*! - * @deprecated Use sc_seco_commit() instead. - */ -sc_err_t sc_misc_seco_commit(sc_ipc_t ipc, uint32_t *info); - -/* @} */ - -/*! * @name Debug Functions * @{ */ @@ -327,7 +229,7 @@ void sc_misc_build_info(sc_ipc_t ipc, uint32_t *build, * @param[out] sv_maj pointer to return major part of SCFW version * @param[out] sv_min pointer to return minor part of SCFW version * - * Client verion is the version of the API ported to and used by the caller. + * Client version is the version of the API ported to and used by the caller. * SCFW version is the version of the SCFW binary running on the CPU. * * Note a major version difference indicates a break in compatibility. @@ -433,7 +335,7 @@ sc_err_t sc_misc_otp_fuse_read(sc_ipc_t ipc, uint32_t word, uint32_t *val); * The command is passed as is to SECO. SECO uses part of the * \a word parameter to indicate if the fuse should be locked * after programming. See the "Write common fuse" section of - * the Security Reference Manual (SRM) for more info. + * the SECO API Reference Guide for more info. * * @return Returns and error code (SC_ERR_NONE = success). * diff --git a/arch/arm/include/asm/mach-imx/sci/svc/pad/api.h b/arch/arm/include/asm/mach-imx/sci/svc/pad/api.h index b7d536f0e6..739058bd27 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/pad/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/pad/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -9,7 +9,7 @@ * Header file containing the public API for the System Controller (SC) * Pad Control (PAD) function. * - * @addtogroup PAD_SVC (SVC) Pad Service + * @addtogroup PAD_SVC PAD: Pad Service * * Module for the Pad Control (PAD) service. * @@ -43,7 +43,7 @@ * * Pads are managed as a resource by the Resource Manager (RM). They have * assigned owners and only the owners can configure the pads. Some of the - * pads are reserved for use by the SCFW itself and this can be overriden + * pads are reserved for use by the SCFW itself and this can be overridden * with the implementation of board_config_sc(). Additionally, pads may * be assigned to various other partitions via the implementation of * board_system_config(). @@ -160,7 +160,7 @@ typedef uint8_t sc_pad_config_t; * This type is used to declare a pad low-power isolation config. * ISO_LATE is the most common setting. ISO_EARLY is only used when * an output pad is directly determined by another input pad. The - * other two are only used when SW wants to directly contol isolation. + * other two are only used when SW wants to directly control isolation. */ typedef uint8_t sc_pad_iso_t; diff --git a/arch/arm/include/asm/mach-imx/sci/svc/pm/api.h b/arch/arm/include/asm/mach-imx/sci/svc/pm/api.h index 026aa27c1a..063cabf98f 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/pm/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/pm/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -10,7 +10,7 @@ * Power Management (PM) function. This includes functions for power state * control, clock control, reset control, and wake-up event control. * - * @addtogroup PM_SVC (SVC) Power Management Service + * @addtogroup PM_SVC PM: Power Management Service * * Module for the Power Management (PM) service. * @@ -85,9 +85,9 @@ * @name Defines for sc_pm_clk_mode_t */ /*@{*/ -#define SC_PM_CLK_MODE_ROM_INIT 0U /*!< Clock is initialized by ROM. */ +#define SC_PM_CLK_MODE_ROM_INIT 0U /*!< Clock is initialized by ROM */ #define SC_PM_CLK_MODE_OFF 1U /*!< Clock is disabled */ -#define SC_PM_CLK_MODE_ON 2U /*!< Clock is enabled. */ +#define SC_PM_CLK_MODE_ON 2U /*!< Clock is enabled */ #define SC_PM_CLK_MODE_AUTOGATE_SW 3U /*!< Clock is in SW autogate mode */ #define SC_PM_CLK_MODE_AUTOGATE_HW 4U /*!< Clock is in HW autogate mode */ #define SC_PM_CLK_MODE_AUTOGATE_SW_HW 5U /*!< Clock is in SW-HW autogate mode */ @@ -97,7 +97,7 @@ * @name Defines for sc_pm_clk_parent_t */ /*@{*/ -#define SC_PM_PARENT_XTAL 0U /*!< Parent is XTAL. */ +#define SC_PM_PARENT_XTAL 0U /*!< Parent is XTAL */ #define SC_PM_PARENT_PLL0 1U /*!< Parent is PLL0 */ #define SC_PM_PARENT_PLL1 2U /*!< Parent is PLL1 or PLL0/2 */ #define SC_PM_PARENT_PLL2 3U /*!< Parent in PLL2 or PLL0/4 */ @@ -265,6 +265,23 @@ sc_err_t sc_pm_get_sys_power_mode(sc_ipc_t ipc, sc_rm_pt_t pt, sc_pm_power_mode_t *mode); /*! + * This function sends a wake interrupt to a partition. + * + * @param[in] ipc IPC handle + * @param[in] pt handle of partition to wake + * + * @return Returns an error code (SC_ERR_NONE = success). + * + * An SC_IRQ_SW_WAKE interrupt is sent to all MUs owned by the + * partition that have this interrupt enabled. The CPU using an + * MU will exit a low-power state to service the MU interrupt. + * + * Return errors: + * - SC_ERR_PARM if invalid partition + */ +sc_err_t sc_pm_partition_wake(sc_ipc_t ipc, sc_rm_pt_t pt); + +/*! * This function sets the power mode of a resource. * * @param[in] ipc IPC handle @@ -275,6 +292,7 @@ sc_err_t sc_pm_get_sys_power_mode(sc_ipc_t ipc, sc_rm_pt_t pt, * * Return errors: * - SC_ERR_PARM if invalid resource or mode, + * - SC_ERR_PARM if resource is the MU used to make the call, * - SC_ERR_NOACCESS if caller's partition is not the resource owner * or parent of the owner * @@ -290,7 +308,7 @@ sc_err_t sc_pm_get_sys_power_mode(sc_ipc_t ipc, sc_rm_pt_t pt, * Note some resources are still not accessible even when powered up if bus * transactions go through a fabric not powered up. Examples of this are * resources in display and capture subsystems which require the display - * controller or the imaging subsytem to be powered up first. + * controller or the imaging subsystem to be powered up first. * * Not that resources are grouped into power domains by the underlying * hardware. If any resource in the domain is on, the entire power domain @@ -316,7 +334,7 @@ sc_err_t sc_pm_set_resource_power_mode(sc_ipc_t ipc, sc_rsrc_t resource, * Return errors: * - SC_ERR_PARM if invalid partition or mode, * - SC_ERR_NOACCESS if caller's partition is not the parent -* of \a pt +* (with grant) of \a pt * * This functions loops through all the resources owned by \a pt * and sets the power mode to \a mode. It will skip setting @@ -344,7 +362,7 @@ sc_err_t sc_pm_get_resource_power_mode(sc_ipc_t ipc, sc_rsrc_t resource, sc_pm_power_mode_t *mode); /*! - * This function requests the low power mode some of the resources + * This function specifies the low power mode some of the resources * can enter based on their state. This API is only valid for the * following resources : SC_R_A53, SC_R_A53_0, SC_R_A53_1, SC_A53_2, * SC_A53_3, SC_R_A72, SC_R_A72_0, SC_R_A72_1, SC_R_CC1, SC_R_A35, @@ -400,6 +418,9 @@ sc_err_t sc_pm_req_cpu_low_power_mode(sc_ipc_t ipc, sc_rsrc_t resource, * - SC_ERR_PARM if invalid resource or address, * - SC_ERR_NOACCESS if caller's partition is not the parent of the * resource (CPU) owner + * + * Note the address is limited by the hardware implementation. See the + * [CPU Start Address](@ref BOOT_ADDR) section in the Porting Guide. */ sc_err_t sc_pm_set_cpu_resume_addr(sc_ipc_t ipc, sc_rsrc_t resource, sc_faddr_t address); @@ -419,13 +440,16 @@ sc_err_t sc_pm_set_cpu_resume_addr(sc_ipc_t ipc, sc_rsrc_t resource, * - SC_ERR_PARM if invalid resource or address, * - SC_ERR_NOACCESS if caller's partition is not the parent of the * resource (CPU) owner + * + * Note the address is limited by the hardware implementation. See the + * [CPU Start Address](@ref BOOT_ADDR) section in the Porting Guide. */ sc_err_t sc_pm_set_cpu_resume(sc_ipc_t ipc, sc_rsrc_t resource, sc_bool_t isPrimary, sc_faddr_t address); /*! * This function requests the power mode configuration for system-level - * interfaces including messaging units, interconnect, and memories. This API + * interfaces including messaging units, interconnect, and memories. This API * is only valid for the following resources : SC_R_A53, SC_R_A72, and * SC_R_M4_x_PID_y. For all other resources, it will return SC_ERR_PARAM. * The requested power mode will be captured and applied to system-level @@ -488,6 +512,10 @@ sc_err_t sc_pm_set_clock_rate(sc_ipc_t ipc, sc_rsrc_t resource, * or parent of the owner, * - SC_ERR_UNAVAILABLE if clock/PLL not applicable to this resource * + * This function returns the actual clock rate of the hardware. This rate + * may be different from the original requested clock rate if the resource + * is set to a low power mode. + * * Refer to the [Clock List](@ref CLOCKS) for valid clock/PLL values. */ sc_err_t sc_pm_get_clock_rate(sc_ipc_t ipc, sc_rsrc_t resource, @@ -513,7 +541,7 @@ sc_err_t sc_pm_get_clock_rate(sc_ipc_t ipc, sc_rsrc_t resource, * Return errors: * - SC_ERR_PARM if invalid resource or clock, * - SC_ERR_NOACCESS if caller's partition is not the resource owner - * or parent of the owner, + * or parent (with grant) of the owner, * - SC_ERR_UNAVAILABLE if clock not applicable to this resource * * Refer to the [Clock List](@ref CLOCKS) for valid clock values. @@ -528,14 +556,14 @@ sc_err_t sc_pm_clock_enable(sc_ipc_t ipc, sc_rsrc_t resource, * @param[in] ipc IPC handle * @param[in] resource ID of the resource * @param[in] clk clock to affect - * @param[in] parent New parent of the clock. + * @param[in] parent New parent of the clock * * @return Returns an error code (SC_ERR_NONE = success). * * Return errors: * - SC_ERR_PARM if invalid resource or clock, * - SC_ERR_NOACCESS if caller's partition is not the resource owner - * or parent of the owner, + * or parent (with grant) of the owner, * - SC_ERR_UNAVAILABLE if clock not applicable to this resource * - SC_ERR_BUSY if clock is currently enabled. * - SC_ERR_NOPOWER if resource not powered @@ -551,7 +579,7 @@ sc_err_t sc_pm_set_clock_parent(sc_ipc_t ipc, sc_rsrc_t resource, * @param[in] ipc IPC handle * @param[in] resource ID of the resource * @param[in] clk clock to affect - * @param[out] parent pointer to return parent of clock. + * @param[out] parent pointer to return parent of clock * * @return Returns an error code (SC_ERR_NONE = success). * @@ -647,6 +675,9 @@ sc_err_t sc_pm_get_reset_part(sc_ipc_t ipc, sc_rm_pt_t *pt); * This must be used to boot a partition. Only a partition booted this * way can be rebooted using the watchdog, sc_pm_boot() or * sc_pm_reboot_partition(). + * + * Note the address is limited by the hardware implementation. See the + * [CPU Start Address](@ref BOOT_ADDR) section in the Porting Guide. */ sc_err_t sc_pm_boot(sc_ipc_t ipc, sc_rm_pt_t pt, sc_rsrc_t resource_cpu, sc_faddr_t boot_addr, @@ -669,6 +700,9 @@ sc_err_t sc_pm_boot(sc_ipc_t ipc, sc_rm_pt_t pt, * This function can be used to change the boot parameters for a partition. * This can be useful if a partitions reboots differently from the initial * boot done via sc_pm_boot() or via ROM. + * + * Note the address is limited by the hardware implementation. See the + * [CPU Start Address](@ref BOOT_ADDR) section in the Porting Guide. */ sc_err_t sc_pm_set_boot_parm(sc_ipc_t ipc, sc_rsrc_t resource_cpu, sc_faddr_t boot_addr, @@ -755,15 +789,18 @@ sc_err_t sc_pm_reboot_continue(sc_ipc_t ipc, sc_rm_pt_t pt); * - SC_ERR_NOACCESS if caller's partition is not the parent of the * resource (CPU) owner * - * This function is usually used to start a secondar CPU in the - * same partition as the caller. It is not used to start the first - * CPU in a dedicated partition. That would be started by calling + * This function is usually used to start a secondary CPU in the + * same partition as the caller. It is not used to start the first + * CPU in a dedicated partition. That would be started by calling * sc_pm_boot(). * * A CPU started with sc_pm_cpu_start() will not restart as a result * of a watchdog event or calling sc_pm_reboot() or sc_pm_reboot_partition(). * Those will reboot that partition which will start the CPU started with * sc_pm_boot(). + * + * Note the address is limited by the hardware implementation. See the + * [CPU Start Address](@ref BOOT_ADDR) section in the Porting Guide. */ sc_err_t sc_pm_cpu_start(sc_ipc_t ipc, sc_rsrc_t resource, sc_bool_t enable, sc_faddr_t address); @@ -784,10 +821,36 @@ sc_err_t sc_pm_cpu_start(sc_ipc_t ipc, sc_rsrc_t resource, sc_bool_t enable, * Note this just resets the CPU. None of the peripherals or bus fabric used by * the CPU is reset. State configured in the SCFW is not reset. The SW running * on the core has to understand and deal with this. + * + * The address is limited by the hardware implementation. See the + * [CPU Start Address](@ref BOOT_ADDR) section in the Porting Guide. */ void sc_pm_cpu_reset(sc_ipc_t ipc, sc_rsrc_t resource, sc_faddr_t address); /*! + * This function is used to reset a peripheral. + * + * @param[in] ipc IPC handle + * @param[in] resource resource to reset + * + * This function will reset a resource. Most resources cannot be reset unless + * the SoC design specifically allows it. In the case on MUs, the IPC/RPC + * protocol is also reset. Note a caller cannot reset an MU that this API + * call is sent on. + * + * @return Returns an error code (SC_ERR_NONE = success). + * + * Return errors: + * - SC_ERR_PARM if invalid resource, + * - SC_ERR_PARM if resource is the MU used to make the call, + * - SC_ERR_NOACCESS if caller's partition is not the resource owner or parent + * (with grant) of the owner, + * - SC_ERR_BUSY if the resource cannot be reset due to power state of buses, + * - SC_ERR_UNAVAILABLE if the resource cannot be reset due to hardware limitations + */ +sc_err_t sc_pm_resource_reset(sc_ipc_t ipc, sc_rsrc_t resource); + +/*! * This function returns a bool indicating if a partition was started. * * @param[in] ipc IPC handle diff --git a/arch/arm/include/asm/mach-imx/sci/svc/rm/api.h b/arch/arm/include/asm/mach-imx/sci/svc/rm/api.h index 8ac304e80f..afce3aba5b 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/rm/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/rm/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -10,7 +10,7 @@ * Resource Management (RM) function. This includes functions for * partitioning resources, pads, and memory regions. * - * @addtogroup RM_SVC (SVC) Resource Management Service + * @addtogroup RM_SVC RM: Resource Management Service * * Module for the Resource Management (RM) service. * @@ -336,7 +336,7 @@ sc_err_t sc_rm_move_all(sc_ipc_t ipc, sc_rm_pt_t pt_src, sc_rm_pt_t pt_dst, * * This action resets the resource's master and peripheral attributes. * Privilege attribute will be PASSTHRU, security attribute will be - * ASSERT if the partition si secure and NEGATE if it is not, and + * ASSERT if the partition is secure and NEGATE if it is not, and * masters will defaulted to SMMU bypass. Access permissions will reset * to SEC_RW for the owning partition only for secure partitions, FULL for * non-secure. Default is no access by other partitions. @@ -586,15 +586,18 @@ sc_err_t sc_rm_get_resource_info(sc_ipc_t ipc, sc_rsrc_t resource, * - SC_ERR_UNAVAILABLE if memory region table is full (no more allocation * space) * - * The area covered by the memory region must currently be owned by the caller. - * By default, the new region will have access permission set to allow the - * caller to access. + * This function will create a new memory region. The area covered by the + * new region must already exist in a memory region owned by the caller. The + * result will be two memory regions, the new one overlapping the existing + * one. The new region has higher priority. See the XRDC2 MRC documentation + * for how it resolves access permissions in this case. By default, the new + * region will have access permission set to allow the caller to access. */ sc_err_t sc_rm_memreg_alloc(sc_ipc_t ipc, sc_rm_mr_t *mr, sc_faddr_t addr_start, sc_faddr_t addr_end); /*! - * This function requests that the SC split a memory region. + * This function requests that the SC split an existing memory region. * * @param[in] ipc IPC handle * @param[in] mr handle of memory region to split @@ -615,7 +618,9 @@ sc_err_t sc_rm_memreg_alloc(sc_ipc_t ipc, sc_rm_mr_t *mr, * - SC_ERR_UNAVAILABLE if memory region table is full (no more allocation * space) * - * Note the new region must start or end on the split region. + * This function will take an existing region and split it into two, + * non-overlapping regions. Note the new region must start or end on the + * split region. */ sc_err_t sc_rm_memreg_split(sc_ipc_t ipc, sc_rm_mr_t mr, sc_rm_mr_t *mr_ret, sc_faddr_t addr_start, sc_faddr_t addr_end); @@ -641,7 +646,9 @@ sc_err_t sc_rm_memreg_split(sc_ipc_t ipc, sc_rm_mr_t mr, * space) * * This function finds the memory region containing the address range. - * It then splits it as required and returns the extracted region. + * It then splits it as required and returns the extracted region. The + * result is 2-3 non-overlapping regions, depending on how the new region + * aligns with existing regions. */ sc_err_t sc_rm_memreg_frag(sc_ipc_t ipc, sc_rm_mr_t *mr_ret, sc_faddr_t addr_start, sc_faddr_t addr_end); @@ -697,6 +704,12 @@ sc_err_t sc_rm_find_memreg(sc_ipc_t ipc, sc_rm_mr_t *mr, * * @return Returns an error code (SC_ERR_NONE = success). * + * This function assigns a memory region to a partition. This partition is then + * the owner. All regions always have an owner (one owner). The owner + * has various rights to make API calls affecting the region. Ownership + * does not imply access to the memory itself (that is based on access + * rights). + * * Return errors: * - SC_PARM if arguments out of range or invalid, * - SC_ERR_NOACCESS if caller's partition is not the \a mr owner or parent @@ -715,11 +728,9 @@ sc_err_t sc_rm_assign_memreg(sc_ipc_t ipc, sc_rm_pt_t pt, sc_rm_mr_t mr); * applied for * @param[in] perm permissions to apply to \a mr for \a pt * - * This function assigned a memory region to a partition. This partition is then - * the owner. All regions always have an owner (one owner). The owner - * has various rights to make API calls affecting the region. Ownership - * does not imply access to the memory itself (that is based on access - * rights). + * This operates on the memory region specified. If SC_RM_PT_ALL is specified + * then it operates on all the regions owned by the caller that exist at the + * time of the call. * * @return Returns an error code (SC_ERR_NONE = success). * diff --git a/arch/arm/include/asm/mach-imx/sci/svc/seco/api.h b/arch/arm/include/asm/mach-imx/sci/svc/seco/api.h index 42b9593210..4040448f55 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/seco/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/seco/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -9,10 +9,14 @@ * Header file containing the public API for the System Controller (SC) * Security (SECO) function. * - * @addtogroup SECO_SVC (SVC) Security Service + * @addtogroup SECO_SVC SECO: Security Service * * Module for the Security (SECO) service. * + * @anchor seco_err + * + * @includedoc seco/details.dox + * * @{ */ @@ -36,6 +40,7 @@ #define SC_SECO_AUTH_SECO_FW 3U /*!< SECO Firmware */ #define SC_SECO_AUTH_HDMI_TX_FW 4U /*!< HDMI TX Firmware */ #define SC_SECO_AUTH_HDMI_RX_FW 5U /*!< HDMI RX Firmware */ +#define SC_SECO_EVERIFY_IMAGE 6U /*!< Enhanced verify image */ /*@}*/ /*! @@ -72,20 +77,23 @@ typedef uint32_t sc_seco_rng_stat_t; * @param[in] ipc IPC handle * @param[in] addr_src address of image source * @param[in] addr_dst address of image destination - * @param[in] len lenth of image to load + * @param[in] len length of image to load * @param[in] fw SC_TRUE = firmware load * * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This is used to load images via the SECO. Examples include SECO * Firmware and IVT/CSF data used for authentication. These are usually * loaded into SECO TCM. \a addr_src is in secure memory. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_image_load(sc_ipc_t ipc, sc_faddr_t addr_src, sc_faddr_t addr_dst, uint32_t len, sc_bool_t fw); @@ -100,18 +108,66 @@ sc_err_t sc_seco_image_load(sc_ipc_t ipc, sc_faddr_t addr_src, * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_BUSY if SECO is busy with another authentication request, + * - SC_ERR_FAIL if SECO response is bad, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This is used to authenticate a SECO image or issue a security * command. \a addr often points to an container. It is also * just data (or even unused) for some commands. * - * See the Security Reference Manual (SRM) for more info. + * Implementation of this command depends on the underlying security + * architecture of the device. For example, on devices with SECO FW, + * the following options apply: + * + * - cmd=SC_SECO_AUTH_CONTAINER, addr=container address (sends AHAB_AUTH_CONTAINER_REQ to SECO) + * - cmd=SC_SECO_VERIFY_IMAGE, addr=image mask (sends AHAB_VERIFY_IMAGE_REQ to SECO) + * - cmd=SC_SECO_REL_CONTAINER, addr unused (sends AHAB_RELEASE_CONTAINER_REQ to SECO) + * - cmd=SC_SECO_AUTH_HDMI_TX_FW, addr unused (sends AHAB_ENABLE_HDMI_X_REQ with Subsystem=0 to SECO) + * - cmd=SC_SECO_AUTH_HDMI_RX_FW, addr unused (sends AHAB_ENABLE_HDMI_X_REQ with Subsystem=1 to SECO) + * + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_authenticate(sc_ipc_t ipc, sc_seco_auth_cmd_t cmd, sc_faddr_t addr); +/*! + * This function is used to authenticate a SECO image or command. This is an + * enhanced version that has additional mask arguments. + * + * @param[in] ipc IPC handle + * @param[in] cmd authenticate command + * @param[in] addr address of/or metadata + * @param[in] mask1 metadata + * @param[in] mask2 metadata + * + * Return errors codes: + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_BUSY if SECO is busy with another authentication request, + * - SC_ERR_FAIL if SECO response is bad, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section + * + * This supports all the commands found in sc_seco_authenticate(). Those + * commands should set both masks to 0 (except SC_SECO_VERIFY_IMAGE). + + * New commands are as follows: + * + * - cmd=SC_SECO_VERIFY_IMAGE, addr unused, mask1=image mask, mask2 unused (sends AHAB_VERIFY_IMAGE_REQ to SECO) + * - cmd=SC_SECO_EVERIFY_IMAGE, addr=container address, mask1=image mask, mask2=move mask (sends AHAB_EVERIFY_IMAGE_REQ to SECO) + * + * See the <em>SECO API Reference Guide</em> for more info. + */ +sc_err_t sc_seco_enh_authenticate(sc_ipc_t ipc, + sc_seco_auth_cmd_t cmd, sc_faddr_t addr, + uint32_t mask1, uint32_t mask2); + /* @} */ /*! @@ -123,16 +179,19 @@ sc_err_t sc_seco_authenticate(sc_ipc_t ipc, * This function updates the lifecycle of the device. * * @param[in] ipc IPC handle - * @param[in] change desired lifecycle transistion + * @param[in] change desired lifecycle transition * * @return Returns and error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * - * This message is used for going from Open to NXP Closed to OEM Closed. + * This function is used for going from Open to NXP Closed to OEM Closed. * Note \a change is NOT the new desired lifecycle. It is a lifecycle - * transition as documented in the Security Reference Manual (SRM). + * transition as documented in the <em>SECO API Reference Guide</em>. * * If any SECO request fails or only succeeds because the part is in an * "OEM open" lifecycle, then a request to transition from "NXP closed" @@ -152,7 +211,10 @@ sc_err_t sc_seco_forward_lifecycle(sc_ipc_t ipc, uint32_t change); * @return Returns and error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * Note \a addr must be a pointer to a signed message block. * @@ -160,7 +222,7 @@ sc_err_t sc_seco_forward_lifecycle(sc_ipc_t ipc, uint32_t change); * by NXP SRK. For OEM States (Partial Field Return), must be signed by OEM * SRK. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_return_lifecycle(sc_ipc_t ipc, sc_faddr_t addr); @@ -177,8 +239,11 @@ sc_err_t sc_seco_return_lifecycle(sc_ipc_t ipc, sc_faddr_t addr); * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if \a info is invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if \a info is invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section */ sc_err_t sc_seco_commit(sc_ipc_t ipc, uint32_t *info); @@ -199,18 +264,21 @@ sc_err_t sc_seco_commit(sc_ipc_t ipc, uint32_t *info); * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if \a mode is invalid - * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if \a mode is invalid, + * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This is used to set the SECO attestation mode. This can be prover - * or verfier. See the Security Reference Manual (SRM) for more on the - * suported modes, mode values, and mode behavior. + * or verifier. See the <em>SECO API Reference Guide</em> for more on the + * supported modes, mode values, and mode behavior. */ sc_err_t sc_seco_attest_mode(sc_ipc_t ipc, uint32_t mode); /*! - * This function is used to request atestation. Only the owner of + * This function is used to request attestation. Only the owner of * the SC_R_ATTESTATION resource may make this call. * * @param[in] ipc IPC handle @@ -219,14 +287,17 @@ sc_err_t sc_seco_attest_mode(sc_ipc_t ipc, uint32_t mode); * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This is used to ask SECO to perform an attestation. The result depends * on the attestation mode. After this call, the signature can be * requested or a verify can be requested. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_attest(sc_ipc_t ipc, uint64_t nonce); @@ -238,18 +309,21 @@ sc_err_t sc_seco_attest(sc_ipc_t ipc, uint64_t nonce); * @param[in] ipc IPC handle * @param[in] addr address to write response * - * Result will be written to \a addr. The \a addr parmater must point + * Result will be written to \a addr. The \a addr parameter must point * to an address SECO can access. It must be 64-bit aligned. There * should be 96 bytes of space. * * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if \a addr bad or attestation has not been requested - * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if \a addr bad or attestation has not been requested, + * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_get_attest_pkey(sc_ipc_t ipc, sc_faddr_t addr); @@ -261,18 +335,21 @@ sc_err_t sc_seco_get_attest_pkey(sc_ipc_t ipc, sc_faddr_t addr); * @param[in] ipc IPC handle * @param[in] addr address to write response * - * Result will be written to \a addr. The \a addr parmater must point + * Result will be written to \a addr. The \a addr parameter must point * to an address SECO can access. It must be 64-bit aligned. There * should be 120 bytes of space. * * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if \a addr bad or attestation has not been requested - * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if \a addr bad or attestation has not been requested, + * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_get_attest_sign(sc_ipc_t ipc, sc_faddr_t addr); @@ -283,18 +360,21 @@ sc_err_t sc_seco_get_attest_sign(sc_ipc_t ipc, sc_faddr_t addr); * @param[in] ipc IPC handle * @param[in] addr address of signature * - * The \a addr parmater must point to an address SECO can access. It must be + * The \a addr parameter must point to an address SECO can access. It must be * 64-bit aligned. * * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if \a addr bad or attestation has not been requested - * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller - * - SC_ERR_UNAVAILABLE if SECO not available - * - SC_ERR_FAIL if signature doesn't match + * - SC_ERR_PARM if \a addr bad or attestation has not been requested, + * - SC_ERR_NOACCESS if SC_R_ATTESTATON not owned by caller, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_FAIL if signature doesn't match, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_attest_verify(sc_ipc_t ipc, sc_faddr_t addr); @@ -317,13 +397,16 @@ sc_err_t sc_seco_attest_verify(sc_ipc_t ipc, sc_faddr_t addr); * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This function is used to encapsulate sensitive keys in a specific structure * called a blob, which provides both confidentiality and integrity protection. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_gen_key_blob(sc_ipc_t ipc, uint32_t id, sc_faddr_t load_addr, sc_faddr_t export_addr, uint16_t max_size); @@ -338,15 +421,18 @@ sc_err_t sc_seco_gen_key_blob(sc_ipc_t ipc, uint32_t id, * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This function is used to install private cryptographic keys encapsulated * in a blob previously generated by SECO. The controller can be either the * IEE or the VPU. The blob header carries the controller type and the key * size, as provided by the user when generating the key blob. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_load_key(sc_ipc_t ipc, uint32_t id, sc_faddr_t addr); @@ -368,14 +454,17 @@ sc_err_t sc_seco_load_key(sc_ipc_t ipc, uint32_t id, * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This function is supported only in OEM-closed lifecycle. It generates * the mfg public key and stores it in a specific location in the secure * memory. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_get_mp_key(sc_ipc_t ipc, sc_faddr_t dst_addr, uint16_t dst_size); @@ -392,15 +481,18 @@ sc_err_t sc_seco_get_mp_key(sc_ipc_t ipc, sc_faddr_t dst_addr, * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This function is supported only in OEM-closed lifecycle. It updates the * content of the MPMR (Manufacturing Protection Message register of 256 * bits). This register will be appended to the input-data message when * generating the signature. Please refer to the CAAM block guide for details. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_update_mpmr(sc_ipc_t ipc, sc_faddr_t addr, uint8_t size, uint8_t lock); @@ -417,8 +509,11 @@ sc_err_t sc_seco_update_mpmr(sc_ipc_t ipc, sc_faddr_t addr, * @return Returns an error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_PARM if word fuse index param out of range or invalid - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_PARM if word fuse index param out of range or invalid, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * This function is used to generate an ECDSA signature for an input-data * message and to store it in a specific location in the secure memory. It @@ -426,7 +521,7 @@ sc_err_t sc_seco_update_mpmr(sc_ipc_t ipc, sc_faddr_t addr, * signature, the RNG must be initialized. In case it has not been started * an error will be returned. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_get_mp_sign(sc_ipc_t ipc, sc_faddr_t msg_addr, uint16_t msg_size, sc_faddr_t dst_addr, uint16_t dst_size); @@ -458,6 +553,12 @@ void sc_seco_build_info(sc_ipc_t ipc, uint32_t *version, * @param[out] uid_h pointer to return UID (upper 32 bits) * * @return Returns and error code (SC_ERR_NONE = success). + * + * Return errors codes: + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section */ sc_err_t sc_seco_chip_info(sc_ipc_t ipc, uint16_t *lc, uint16_t *monotonic, uint32_t *uid_l, uint32_t *uid_h); @@ -471,11 +572,14 @@ sc_err_t sc_seco_chip_info(sc_ipc_t ipc, uint16_t *lc, * @return Returns and error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * Note \a addr must be a pointer to a signed message block. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_enable_debug(sc_ipc_t ipc, sc_faddr_t addr); @@ -488,6 +592,12 @@ sc_err_t sc_seco_enable_debug(sc_ipc_t ipc, sc_faddr_t addr); * * @return Returns an error code (SC_ERR_NONE = success). * + * Return errors codes: + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section + * * Read of \a idx 0 captures events from SECO. Loop starting * with 0 until an error is returned to dump all events. */ @@ -510,11 +620,14 @@ sc_err_t sc_seco_get_event(sc_ipc_t ipc, uint8_t idx, * @return Returns and error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * Note \a addr must be a pointer to a signed message block. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_fuse_write(sc_ipc_t ipc, sc_faddr_t addr); @@ -527,11 +640,14 @@ sc_err_t sc_seco_fuse_write(sc_ipc_t ipc, sc_faddr_t addr); * @return Returns and error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * Note \a addr must be a pointer to a signed message block. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_patch(sc_ipc_t ipc, sc_faddr_t addr); @@ -544,15 +660,116 @@ sc_err_t sc_seco_patch(sc_ipc_t ipc, sc_faddr_t addr); * @return Returns and error code (SC_ERR_NONE = success). * * Return errors codes: - * - SC_ERR_UNAVAILABLE if SECO not available + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section * * The RNG is started automatically after all CPUs are booted. This * function can be used to start earlier and to check the status. * - * See the Security Reference Manual (SRM) for more info. + * See the <em>SECO API Reference Guide</em> for more info. */ sc_err_t sc_seco_start_rng(sc_ipc_t ipc, sc_seco_rng_stat_t *status); +/*! + * This function sends a generic signed message to the + * SECO SHE/HSM components. + * + * @param[in] ipc IPC handle + * @param[in] addr address of message block + * + * @return Returns and error code (SC_ERR_NONE = success). + * + * Return errors codes: + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section + * + * Note \a addr must be a pointer to a signed message block. + * + * See the <em>SECO API Reference Guide</em> for more info. + */ +sc_err_t sc_seco_sab_msg(sc_ipc_t ipc, sc_faddr_t addr); + +/*! + * This function is used to enable security violation and tamper interrupts. + * These are then reported using the IRQ service via the SC_IRQ_SECVIO + * interrupt. Note it is automatically enabled at boot. + * + * @param[in] ipc IPC handle + * + * @return Returns and error code (SC_ERR_NONE = success). + * + * Return errors codes: + * - SC_ERR_NOACCESS if caller does not own SC_R_SECVIO, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section + * + * The security violation interrupt is self-masking. Once it is cleared in + * the SNVS it must be re-enabled using this function. + */ +sc_err_t sc_seco_secvio_enable(sc_ipc_t ipc); + +/*! + * This function is used to read/write SNVS security violation + * and tamper registers. + * + * @param[in] ipc IPC handle + * @param[in] id register ID + * @param[in] access 0=read, 1=write + * @param[in] data0 pointer to data to read or write + * @param[in] data1 pointer to data to read or write + * @param[in] data2 pointer to data to read or write + * @param[in] data3 pointer to data to read or write + * @param[in] data4 pointer to data to read or write + * @param[in] size number of valid data words + * + * @return Returns and error code (SC_ERR_NONE = success). + * + * Return errors codes: + * - SC_ERR_NOACCESS if caller does not own SC_R_SECVIO, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section + * + * Unused data words can be passed a NULL pointer. + * + * See AHAB_MANAGE_SNVS_REQ in the <em>SECO API Reference Guide</em> for + * more info. + */ +sc_err_t sc_seco_secvio_config(sc_ipc_t ipc, uint8_t id, uint8_t access, + uint32_t *data0, uint32_t *data1, uint32_t *data2, uint32_t *data3, + uint32_t *data4, uint8_t size); + +/*! + * This function is used to read/write SNVS security violation + * and tamper DGO registers. + * + * @param[in] ipc IPC handle + * @param[in] id regsiter ID + * @param[in] access 0=read, 1=write + * @param[in] data pointer to data to read or write + * + * @return Returns and error code (SC_ERR_NONE = success). + * + * Return errors codes: + * - SC_ERR_NOACCESS if caller does not own SC_R_SECVIO, + * - SC_ERR_UNAVAILABLE if SECO not available, + * - SC_ERR_IPC if SECO response has bad header tag or size, + * - SC_ERR_VERSION if SECO response has bad version, + * - Others, see the [Security Service Detailed Description](\ref seco_err) section + * + * See AHAB_MANAGE_SNVS_DGO_REQ in the <em>SECO API Reference Guide</em> + * for more info. + */ +sc_err_t sc_seco_secvio_dgo_config(sc_ipc_t ipc, uint8_t id, + uint8_t access, uint32_t *data); + /* @} */ #endif /* SC_SECO_API_H */ diff --git a/arch/arm/include/asm/mach-imx/sci/svc/timer/api.h b/arch/arm/include/asm/mach-imx/sci/svc/timer/api.h index bd1ccbd5bf..844ae96893 100644 --- a/arch/arm/include/asm/mach-imx/sci/svc/timer/api.h +++ b/arch/arm/include/asm/mach-imx/sci/svc/timer/api.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -9,7 +9,7 @@ * Header file containing the public API for the System Controller (SC) * Timer function. * - * @addtogroup TIMER_SVC (SVC) Timer Service + * @addtogroup TIMER_SVC TIMER: Timer Service * * Module for the Timer service. This includes support for the watchdog, RTC, * and system counter. Note every resource partition has a watchdog it can @@ -61,7 +61,7 @@ typedef uint32_t sc_timer_wdog_time_t; /* Functions */ /*! - * @name Wathdog Functions + * @name Watchdog Functions * @{ */ @@ -104,8 +104,15 @@ sc_err_t sc_timer_set_wdog_pre_timeout(sc_ipc_t ipc, * * @return Returns an error code (SC_ERR_NONE = success). * + * Return errors: + * - SC_ERR_NOACCESS if caller's partition is not isolated + * * If \a lock is set then the watchdog cannot be stopped or the timeout * period changed. + * + * If the calling partition is not isolated then the wdog cannot be used. + * This is always the case if a non-secure partition is running on the same + * CPU as a secure partition (e.g. Linux under TZ). See sc_rm_partition_alloc(). */ sc_err_t sc_timer_start_wdog(sc_ipc_t ipc, sc_bool_t lock); @@ -293,11 +300,11 @@ sc_err_t sc_timer_cancel_rtc_alarm(sc_ipc_t ipc); * calibration. * * @param[in] ipc IPC handle - * @param[in] count calbration count (-16 to 15) + * @param[in] count calibration count (-16 to 15) * * The calibration value is a 5-bit value including the sign bit, which is * implemented in 2's complement. It is added or subtracted from the RTC on - * a perdiodic basis, once per 32768 cycles of the RTC clock. + * a periodic basis, once per 32768 cycles of the RTC clock. * * @return Returns an error code (SC_ERR_NONE = success). */ diff --git a/arch/arm/include/asm/mach-imx/sci/types.h b/arch/arm/include/asm/mach-imx/sci/types.h index bc5462504e..3cfefde362 100644 --- a/arch/arm/include/asm/mach-imx/sci/types.h +++ b/arch/arm/include/asm/mach-imx/sci/types.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP * * SPDX-License-Identifier: GPL-2.0+ */ @@ -18,8 +18,6 @@ /* Defines */ -#define SCFW_API_VERSION 100U - /*! * @name Defines for common frequencies */ @@ -40,6 +38,7 @@ #define SC_83MHZ 83333333U /*!< 83MHz */ #define SC_84MHZ 84375000U /*!< 84.37MHz */ #define SC_100MHZ 100000000U /*!< 100MHz */ +#define SC_114MHZ 114000000U /*!< 114MHz */ #define SC_125MHZ 125000000U /*!< 125MHz */ #define SC_133MHZ 133333333U /*!< 133MHz */ #define SC_135MHZ 135000000U /*!< 135MHz */ @@ -60,6 +59,7 @@ #define SC_372MHZ 372000000U /*!< 372MHz */ #define SC_375MHZ 375000000U /*!< 375MHz */ #define SC_400MHZ 400000000U /*!< 400MHz */ +#define SC_465MHZ 465000000U /*!< 465MHz */ #define SC_500MHZ 500000000U /*!< 500MHz */ #define SC_594MHZ 594000000U /*!< 594MHz */ #define SC_625MHZ 625000000U /*!< 625MHz */ @@ -95,6 +95,7 @@ #define SC_1500MHZ 1500000000U /*!< 1.5GHz */ #define SC_1600MHZ 1600000000U /*!< 1.6GHz */ #define SC_1800MHZ 1800000000U /*!< 1.8GHz */ +#define SC_1860MHZ 1860000000U /*!< 1.86GHz */ #define SC_2000MHZ 2000000000U /*!< 2.0GHz */ #define SC_2112MHZ 2112000000U /*!< 2.12GHz */ /*@}*/ @@ -113,6 +114,7 @@ #define SC_144MHZ 144000000U /*!< 144MHz */ #define SC_192MHZ 192000000U /*!< 192MHz */ #define SC_211MHZ 211200000U /*!< 211.2MHz */ +#define SC_228MHZ 228000000U /*!< 233MHz */ #define SC_240MHZ 240000000U /*!< 240MHz */ #define SC_264MHZ 264000000U /*!< 264MHz */ #define SC_352MHZ 352000000U /*!< 352MHz */ @@ -120,11 +122,13 @@ #define SC_384MHZ 384000000U /*!< 384MHz */ #define SC_396MHZ 396000000U /*!< 396MHz */ #define SC_432MHZ 432000000U /*!< 432MHz */ +#define SC_456MHZ 456000000U /*!< 466MHz */ #define SC_480MHZ 480000000U /*!< 480MHz */ #define SC_600MHZ 600000000U /*!< 600MHz */ #define SC_744MHZ 744000000U /*!< 744MHz */ #define SC_792MHZ 792000000U /*!< 792MHz */ #define SC_864MHZ 864000000U /*!< 864MHz */ +#define SC_912MHZ 912000000U /*!< 912MHz */ #define SC_960MHZ 960000000U /*!< 960MHz */ #define SC_1056MHZ 1056000000U /*!< 1056MHz */ #define SC_1104MHZ 1104000000U /*!< 1104MHz */ @@ -208,12 +212,12 @@ #define SC_R_PERF 23U #define SC_R_USB_1_PHY 24U #define SC_R_DC_0_WARP 25U -#define SC_R_UNUSED7 26U -#define SC_R_UNUSED8 27U +#define SC_R_V2X_MU_0 26U +#define SC_R_V2X_MU_1 27U #define SC_R_DC_0_VIDEO0 28U #define SC_R_DC_0_VIDEO1 29U #define SC_R_DC_0_FRAC0 30U -#define SC_R_UNUSED6 31U +#define SC_R_V2X_MU_2 31U #define SC_R_DC_0 32U #define SC_R_GPU_2_PID0 33U #define SC_R_DC_0_PLL_0 34U @@ -222,11 +226,11 @@ #define SC_R_DC_1_BLIT1 37U #define SC_R_DC_1_BLIT2 38U #define SC_R_DC_1_BLIT_OUT 39U -#define SC_R_UNUSED9 40U -#define SC_R_UNUSED10 41U +#define SC_R_V2X_MU_3 40U +#define SC_R_V2X_MU_4 41U #define SC_R_DC_1_WARP 42U -#define SC_R_UNUSED11 43U -#define SC_R_UNUSED12 44U +#define SC_R_TBU_CTL 43U +#define SC_R_SECVIO 44U #define SC_R_DC_1_VIDEO0 45U #define SC_R_DC_1_VIDEO1 46U #define SC_R_DC_1_FRAC0 47U @@ -322,10 +326,10 @@ #define SC_R_DMA_1_CH29 137U #define SC_R_DMA_1_CH30 138U #define SC_R_DMA_1_CH31 139U -#define SC_R_UNUSED1 140U -#define SC_R_UNUSED2 141U -#define SC_R_UNUSED3 142U -#define SC_R_UNUSED4 143U +#define SC_R_V2X_PID0 140U +#define SC_R_V2X_PID1 141U +#define SC_R_V2X_PID2 142U +#define SC_R_V2X_PID3 143U #define SC_R_GPU_0_PID0 144U #define SC_R_GPU_0_PID1 145U #define SC_R_GPU_0_PID2 146U @@ -472,8 +476,8 @@ #define SC_R_M4_0_UART 287U #define SC_R_M4_0_I2C 288U #define SC_R_M4_0_INTMUX 289U -#define SC_R_UNUSED15 290U -#define SC_R_UNUSED16 291U +#define SC_R_ENET_0_A0 290U +#define SC_R_ENET_0_A1 291U #define SC_R_M4_0_MU_0B 292U #define SC_R_M4_0_MU_0A0 293U #define SC_R_M4_0_MU_0A1 294U @@ -548,12 +552,12 @@ #define SC_R_VPU_PID5 363U #define SC_R_VPU_PID6 364U #define SC_R_VPU_PID7 365U -#define SC_R_VPU_UART 366U -#define SC_R_VPUCORE 367U -#define SC_R_VPUCORE_0 368U -#define SC_R_VPUCORE_1 369U -#define SC_R_VPUCORE_2 370U -#define SC_R_VPUCORE_3 371U +#define SC_R_ENET_0_A2 366U +#define SC_R_ENET_1_A0 367U +#define SC_R_ENET_1_A1 368U +#define SC_R_ENET_1_A2 369U +#define SC_R_ENET_1_A3 370U +#define SC_R_ENET_1_A4 371U #define SC_R_DMA_4_CH0 372U #define SC_R_DMA_4_CH1 373U #define SC_R_DMA_4_CH2 374U @@ -799,7 +803,9 @@ #define SC_C_IPG_STOP_MODE 53U #define SC_C_IPG_STOP_ACK 54U #define SC_C_SYNC_CTRL 55U -#define SC_C_LAST 56U +#define SC_C_OFS_AUDIO_ALT 56U +#define SC_C_DSP_BYP 57U +#define SC_C_LAST 58U #define SC_P_ALL ((sc_pad_t) UINT16_MAX) /*!< All pads */ |