| Message ID | 20240904-imx-se-if-v7-0-5afd2ab74264@nxp.com |
|---|---|
| Headers | show |
| Series | Changes in v7: | expand |
On Wed, Sep 04, 2024 at 04:21:16PM +0530, Pankaj Gupta wrote: Can you fix subject "[PATCH v7 0/5] Changes in v7"? I remember someone already complain this in previous version. Frank > 5/5 > - struct se_clbk_handle, is added with a member struct se_if_device_ctx *dev_ctx. > - func call to ele_miscdev_msg_rcv() & ele_miscdev_msg_send(), are removed. > - func se_ioctl_cmd_snd_rcv_rsp_handler(), is modified to remove the func call to ele_miscdev_msg_rcv() & ele_miscdev_msg_send() > - func se_ioctl_cmd_snd_rcv_rsp_handler is callig func ele_msg_send_rcv(), instead. > - Mutext "se_cmd_if_lock", handling is removed from this patch. > - func ele_miscdev_msg_send() is replaced with func ele_msg_send(), in fops_write. > - func ele_miscdev_msg_rcv() is replaced with func ele_msg_rcv(), in fops_read. > - fops_open is modified to create the new dev_ctx instance (using func init_device_context()), which is not registered as miscdev. > - Only one dev_ctx is registered as miscdev and its reference is stored in the struct se_if_priv, as priv_dev_ctx. > - Separate func cleanup_se_shared_mem() & func init_se_shared_mem(), for shared memory handling part of struct dev_ctx. > - Input param for func(s) ele_msg_rcv(), ele_msg_send() & ele_msg_send_rcv(), is replaced from struct se_if_priv to struct se_if_device_ctx. > > 4/5 > - A new structure is defined name struct "se_clbk_handle", to contain members processed in mailbox call-back function. > - "struct se_if_priv" is modified to contain the two structures of "se_clbk_handle" - waiting_rsp_clbk_hdl & cmd_receiver_clbk_hdl. > - func ele_msg_rcv() is modified to take a new additional input reference param "struct se_clbk_handle *se_clbk_hdl". > - func ele_msg_send() is modified to take a new additional input tx_msg_sz. > - func ele_msg_send_rcv(), is modified to take 2 more inputs - tx_msg_sz & exp_rx_msg_sz. > - func se_val_rsp_hdr_n_status(), is modified to take input of rx_msg buffer, instead of header value, as input param. > - each caller of the func ele_msg_send_rcv(), is sending these two additional input params. > - func se_if_callback(), is modified to work on two structures of "se_clbk_handle" - waiting_rsp_clbk_hdl & cmd_receiver_clbk_hdl. > - Variable "max_dev_ctx", is removed from info & priv struture, as well its usage. > - New member variable "se_img_file_to_load", is added to structure "priv". > - Other member variables - rx_msg(ptr), rx_msg_sz, completion done & list of dev_ctxs, is removed from priv struture, along with their usage. > - func se_resume(), updated to wakeup the two "wq", part of "struct se_clbk_handle": priv->waiting_rsp_clbk_hdl & priv->cmd_receiver_clbk_hdl. > > 3/5 > - Node name is changed from senclave-firmware@0 to "secure-enclave" > > 2/5 > - Node name is changed to "secure-enclave". > > - Link to v6: https://lore.kernel.org/r/20240722-imx-se-if-v6-0-ee26a87b824a@nxp.com > > v6: firmware: imx: driver for NXP secure-enclave > > 5/5 > - replaced scope_gaurd with gaurd. > > 4/5 > - replaced scope_gaurd with gaurd. > - remove reading the regs property from dtb. > - Added NULL check for priv data fetched from device, as a sanity check, for ele_base_msg apis) > > 3/5 > - replace firmware with senclave-firmware. > > 2/5 > - replace firmware with senclave-firmware. > - drop description for mbox > - Replaced "items:" with maxItems:1 for "memory-region" > - Replaced "items:" with maxItems:1 for "sram" > - remove regs property. > - remove "$nodename" > > - Link to v5: https://lore.kernel.org/r/20240712-imx-se-if-v5-0-66a79903a872@nxp.com > > Changes in v5: > > 2/5 > - updated the description of mboxes > - updated the description & items for mbox-names. > - updated the description of memory-region > - move "additional properties: false" after allOf block. > - removed other example except one. > > 4/5 > - Corrected the indentation in Kconfig. > - info members:mbox_tx_name & mbox_rx_name, are replaced with macros. > > 5/5 > - Replaced "for secure enclaves", with "for secure enclaves" > - Replaced "user space" with "userspace". > - End the line "[include]<linux/firmware/imx/ele_mu_ioctl.h>" with a period. > > - Link to v4: https://lore.kernel.org/r/20240705-imx-se-if-v4-0-52d000e18a1d@nxp.com > > Changes in v4: > > 1/5 > a. Removed - from EdgeLock Enclave. > > b. Removed , after "Each of the above feature," > > c. replace "can exists" with "can exist". > > d. > -messaging units(MU) per SE. Each co-existing 'se' can have one or multiple exclusive > -MU(s), dedicated to itself. None of the MU is shared between two SEs. > +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive > +MUs, dedicated to itself. None of the MU is shared between two SEs. > Communication of the MU is realized using the Linux mailbox driver. > > e. > -All those SE interfaces 'se-if' that is/are dedicated to a particular SE, will be > -enumerated and provisioned under the very single 'SE' node. > +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has > +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' > +that is/are dedicated to a particular SE will be enumerated and provisioned using the > +single compatible node("fsl,imx95-se"). > > f. Removed ",". Replaced for "Each 'se-if'," with "Each se-if'. > > g. removed "," > - This layer is responsible for ensuring the communication protocol, that is defined > + This layer is responsible for ensuring the communication protocol that is defined > > h. removed "-" > - - FW can handle one command-message at a time. > + - FW can handle one command message at a time. > > i. > - Using these multiple device contexts, that are getting multiplexed over a single MU, > - user-space application(s) can call fops like write/read to send the command-message, > - and read back the command-response-message to/from Firmware. > - fops like read & write uses the above defined service layer API(s) to communicate with > + Using these multiple device contexts that are getting multiplexed over a single MU, > + userspace application(s) can call fops like write/read to send the command message, > + and read back the command response message to/from Firmware. > + fops like read & write use the above defined service layer API(s) to communicate with > Firmware. > > j. Uppercase for word "Linux". > > 2/5 > a. Rephrased the description to remove list of phandles. > > b. Moved required before allOf: > +required: > + - compatible > + - reg > + - mboxes > + - mbox-names > + > +additionalProperties: false > + > allOf: > > c. replaced not: required: with properties: <property-name>: false. > # memory-region > - not: > - required: > - - memory-region > + properties: > + memory-region: false > > # sram > - else: > - not: > - required: > - - sram > > d. Reduced examples. keeping example of i.MX95. > e. node-name is changed to "firmware@<hex>" > > 3/5 > - node name changed to "firmware@<hex>". > > 4/5 > - used sizeof(*s_info) > - return early, rather than doing goto exit, in ele_get_info(). > - Use upper_32_bits() and lower_32_bits() > - use rx_msg here instead of priv->rx_msg > - Moved the status check to validate_rsp_hdr. Rename the function to "se_val_rsp_hdr_n_status" > - typecasting removed header = (struct se_msg_hdr *) msg; > - Converted the API name with prefix imx_ele_* or imx_se_*, to ele_* and se_*, respectively. > - Removed the functions definition & declaration for: free_phybuf_mem_pool() & get_phybuf_mem_pool() > - removed the mbox_free_channel() calls from clean-up. > - Flag "priv->flags" is removed. > - Converted the int se_if_probe_cleanup() to void se_if_probe_cleanup(). > - Replaced NULL initialization of structure members: priv->cmd_receiver_dev & priv->waiting_rsp_dev , with comments. > - Removed the function's declaration get_phy_buf_mem_pool1 > > 5/5 > Changes to Documentation/ABI/testing/se-cdev. > a. Removed "-" from "secure-enclave" and "file-descriptor". > > b. Removed "-" from "shared-library" > > c. Replaced "get" with "getting". > > d. Added description for the new IOCTL "send command and receive command response" > > e. Replaced "wakeup_intruptible" with "wait_event_interruptible" > > f. Removed ";" > > g. Removd "," from "mailbox_lock," > > h. Replaced "free" with "frees" > > i. In mailbox callback function, checking the buffer size before > copying. > > - Link to v3: https://lore.kernel.org/r/20240617-imx-se-if-v3-0-a7d28dea5c4a@nxp.com > > Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave > > Hardware interface of the NXP Secure Enclave HW IP(s) like EdgeLock Enclave, > V2X, SHE etc, is based on the Messaging Unit module that enables processing > elements like ARMv8 core, RISC V core, within the SoC to communicate and > coordinate by passing messages (e.g., data, status and control) through > these interfaces. > > The NXP i.MX secure enclaves hardware interface kernel driver, is specifically > targeted for use between application core and NXP secure-enclave(s) HW. It allows > to send/receive messages to/from the secure-enclave. > > Patch-set adds the kernel driver for communication interface to secure-enclave, > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave, > both from: > - User-Space Applications via character driver. > - Kernel-space, used by kernel management layers like DM-Crypt. > > To: Jonathan Corbet <corbet@lwn.net> > To: Rob Herring <robh+dt@kernel.org> > To: Conor Dooley <conor+dt@kernel.org> > To: Shawn Guo <shawnguo@kernel.org> > To: Sascha Hauer <s.hauer@pengutronix.de> > To: Pengutronix Kernel Team <kernel@pengutronix.de> > To: Fabio Estevam <festevam@gmail.com> > To: Rob Herring <robh@kernel.org> > Cc: linux-doc@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: devicetree@vger.kernel.org > Cc: imx@lists.linux.dev > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> > > Changes in v3: > 5/5: > - Initialize tx_msg with NULL. > - memdup_user() returns an error pointer, not NULL. correct it by adding check for err_ptr. > - new IOCTL is added to send & recieve the message. > - replaced the while loop till list is empty, with list_for_each_entry. > - replaced __list_del_entry, with list_del. > - Removed the dev_err message from copy to user. > - Removed the casting of void *. > - corrected the typcasting in copy to user. > - removed un-necessary goto statement. > - Removed dead code for clean-up of memory. > - Removed un-mapping of secured memory > - Passing se_if_priv structure to init_device_context. > - Updated the below check to replace io.length with round_up(io.length). > if (shared_mem->size < shared_mem->pos|| io.length >= shared_mem->size - shared_mem->pos) > - Created a function to cleanup the list of shared memory buffers. > - Used list_for_each_entry_safe(). created a separate functions: se_dev_ctx_cpy_out_data() & se_dev_ctx_shared_mem_cleanup() > > 4/5 > - Changed the compatible string to replace "-ele", to "-se". > - Declaration of imx_se_node_info, is done as const in the whole file > - Remove the unused macros from ele_base_msg.h > - Remove the function declaration get_phy_buf_mem_pool1, from the header file. > - Replace the use of dmam_alloc_coherent to dma_alloc_coherent > - Check for function pointer, before calling the fucntion pointer in imx_fetch_se_soc_info > - Removed the unused flag for SE_MU_IO_FLAGS_USE_SEC_MEM. > - Removed the unused macros WORD_SZ > - instead of struct device *dev, struct se_if_priv *priv, is used as argument to the funtions:se_save_imem_state, se_restore_imem_state, imx_fetch_se_soc_info > - Removed ret from validate_rsp_hdr. > - changed the prefix of the funtion: plat_add_msg_crc and plat_fill_cmd_msg_hdr. > - indentation correction for info structures. > - remove the check for priv not null from se_if_probe_cleanup > - Removed the casting of void *. > - se_load_firmware function is corrected for not freeing the buffer when allocation fails. > - Checking if get_imx_se_node_info() can return NULL, in se_if_probe() > - imem.size has type u32. return value from se_save_imem_state() will be assigned to imem.size in case of success only. > - removed the flag un-setting in case of failure. priv->flags &= (~RESERVED_DMA_POOL); > - removed the function call for devm_of_platform_populate(dev); > - Checking for not-NULL, before calling the funtion pointer se_fetch_soc_info. > - Removed the checking for reserved memory flag, before freeing up the reserved memory, in se_probe_if_cleanup. > > 3/5 > - Changed the compatible string to replace "-ele", to "-se". > > 2/5 > - to fix the warning error, replaced the "-ele" & "-v2x" in compatible string, to "-se". > - Added an example for ele@0 for compatible string "fsl,imx95-se" > > Changes in v2: > > 4/4 > - Split this patch into two: 1. base driver & 2. Miscdev > - Initialize the return variable "err" as 0, before calling 'return err', in the file ele_common.c > - Fix the usage of un-iniitialized pointer variable, by initializing them with NULL, in ele_base_msg.c. > - Fix initializing the ret variable, to return the correct error code in case of issue. > - replaced dmam_alloc_coherent with dma_alloc_coherent. > - Replace the use of ELE_GET_INFO_READ_SZ, with sizeof(soc_info). > - Replaced -1 with -EPERM > - Removed the safety check on func-input param, in ele_get_info(). > - fix the assigning data[1] with lower 32 address, rather than zero, for ele_fw_authenticate API. > - Correctly initializing the function's return error code, for file ele_base_msg.c. > - replaced 'return' with 'goto'. > - Use length in bytes. > - Corrected the structure se_msg_hdr. > - Moved setting of rx_msg to priv, into the function imx_ele_msg_send_rcv > - Will add lockdep_assert_held, to receive path, in v2. > - corrected the spacing at "ret = validate_rsp_hdr" > - FIELD_GET() used for RES_STATUS > - Re-write the structure soc_info, matching the information provided in response to this api. > - The "|" goes to the end of the previous line. > - Moved the locking and unlocking of the command lock to the caller of the function. > - removed the safety check for device private data. > - Structure memory reference, used to read message header. > - In the interrupt call back function, remove assigning waiting_rsp_dev to NULL, in case of response message rcv from FW. > - do while removed. > - replaced BIT(1) for RESERVED_DMA_POOL, to BIT(0) > - The backslash is removed while assigning the file name with absolute path to structure variable.fw_name_in_rfs =. > - Update the 'if' condition by removing "idx < 0". > - mbox_request_channel_byname() uses a "char" for the name not a u8. Corrected. > - devm managed resources, are not cleaned now, in function se_probe_if_cleanup > - Used dev_err_probe(). > - Used %pe to print error string. > - remove "__maybe_unused" for "struct platform_device *enum_plat_dev __maybe_unused;" > - used FIELD_GET(), for RES_STATUS. Removed the use of MSG_TAG, MSG_COMMAND, MSG_SIZE, MSG_VER. > - Depricated the used of member of struct se_if_priv, bool no_dev_ctx_used; > - Moved the text explaing the synchronization logic via mutexes, from patch 1/4 to se_ctrl.h. > - removed the type casting of info_list = (struct imx_se_node_info_list *) device_get_match_data(dev->parent); > - Used static variable priv->soc_rev in the se_ctrl.c, replaced the following condition: if (info_list->soc_rev) to if (priv->soc_rev) for checking if this flow is already executed or not. > - imx_fetch_soc_info will return failure if the get_info function fails. > - Removed devm_free from imx_fetch_soc_info too. > > 3/3 > - Made changes to move all the properties to parent node, without any child node. > > 2/4 > - Use Hex pattern string. > - Move the properties to parent node, with no child node. > - Add i.MX95-ele to compatible nodes to fix the warning "/example-2/v2x: failed to match any schema with compatible: ['fsl,imx95-v2x']" > > 1/1 > - Corrected the spelling from creats to creates. > - drop the braces around the plural 's' for interfaces > - written se in upper case SE. > - Replace "multiple message(s)" with messages. > - Removed too much details about locks. > > Testing > - make CHECK_DTBS=y freescale/imx8ulp-evk.dtb; > - make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j8 dt_binding_check DT_SCHEMA_FILES=fsl,imx-se.yaml > - make C=1 CHECK=scripts/coccicheck drivers/firmware/imx/*.* W=1 > r.txt > - ./scripts/checkpatch.pl --git <>..HEAD > - Tested the Image and .dtb, on the i.MX8ULP. > > Reference > - Link to v1: https://lore.kernel.org/r/20240510-imx-se-if-v1-0-27c5a674916d@nxp.com > - Link to v2: https://lore.kernel.org/r/20240523-imx-se-if-v2-0-5a6fd189a539@nxp.com > > --- > Pankaj Gupta (5): > Documentation/firmware: add imx/se to other_interfaces > dt-bindings: arm: fsl: add imx-se-fw binding doc > arm64: dts: imx8ulp-evk: add nxp secure enclave firmware > firmware: imx: add driver for NXP EdgeLock Enclave > firmware: imx: adds miscdev > > Documentation/ABI/testing/se-cdev | 43 + > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91 ++ > .../driver-api/firmware/other_interfaces.rst | 121 ++ > arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 +- > arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 13 +- > drivers/firmware/imx/Kconfig | 12 + > drivers/firmware/imx/Makefile | 2 + > drivers/firmware/imx/ele_base_msg.c | 286 +++++ > drivers/firmware/imx/ele_base_msg.h | 95 ++ > drivers/firmware/imx/ele_common.c | 318 +++++ > drivers/firmware/imx/ele_common.h | 51 + > drivers/firmware/imx/se_ctrl.c | 1305 ++++++++++++++++++++ > drivers/firmware/imx/se_ctrl.h | 151 +++ > include/linux/firmware/imx/se_api.h | 14 + > include/uapi/linux/se_ioctl.h | 94 ++ > 15 files changed, 2610 insertions(+), 3 deletions(-) > --- > base-commit: b63ff26648537a5600cf79bd62f916792c53e015 > change-id: 20240507-imx-se-if-a40055093dc6 > > Best regards, > -- > Pankaj Gupta <pankaj.gupta@nxp.com> >
On Wed, Sep 04, 2024 at 04:21:20PM +0530, Pankaj Gupta wrote: > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE), > are embedded in the SoC to support the features like HSM, SHE & V2X, > using message based communication interface. > > The secure enclave FW communicates on a dedicated messaging unit(MU) > based interface(s) with application core, where kernel is running. > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93. > > This patch adds the driver for communication interface to secure-enclave, > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock > Enclave (ELE) from Kernel-space, used by kernel management layers like > - DM-Crypt. > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> > --- > drivers/firmware/imx/Kconfig | 12 + > drivers/firmware/imx/Makefile | 2 + > drivers/firmware/imx/ele_base_msg.c | 286 ++++++++++++++++++++ > drivers/firmware/imx/ele_base_msg.h | 95 +++++++ > drivers/firmware/imx/ele_common.c | 306 +++++++++++++++++++++ > drivers/firmware/imx/ele_common.h | 51 ++++ > drivers/firmware/imx/se_ctrl.c | 515 ++++++++++++++++++++++++++++++++++++ > drivers/firmware/imx/se_ctrl.h | 99 +++++++ > include/linux/firmware/imx/se_api.h | 14 + > 9 files changed, 1380 insertions(+) > > diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig > index 183613f82a11..0f6877a24f0b 100644 > --- a/drivers/firmware/imx/Kconfig > +++ b/drivers/firmware/imx/Kconfig > @@ -22,3 +22,15 @@ config IMX_SCU > > This driver manages the IPC interface between host CPU and the > SCU firmware running on M4. > + > +config IMX_SEC_ENCLAVE > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver." > + depends on IMX_MBOX && ARCH_MXC && ARM64 > + default m if ARCH_MXC > + > + help > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called: > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93), > + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging > + Unit. This driver exposes these interfaces via a set of file descriptors > + allowing to configure shared memory, send and receive messages. > diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile > index 8f9f04a513a8..aa9033e0e9e3 100644 > --- a/drivers/firmware/imx/Makefile > +++ b/drivers/firmware/imx/Makefile > @@ -1,3 +1,5 @@ > # SPDX-License-Identifier: GPL-2.0 > obj-$(CONFIG_IMX_DSP) += imx-dsp.o > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o > diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c > new file mode 100644 > index 000000000000..e3e570a25e85 > --- /dev/null > +++ b/drivers/firmware/imx/ele_base_msg.c > @@ -0,0 +1,286 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright 2024 NXP > + */ > + > +#include <linux/types.h> > + > +#include <linux/completion.h> > +#include <linux/dma-mapping.h> > +#include <linux/genalloc.h> > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > + > +int ele_get_info(struct device *dev, struct ele_dev_info *s_info) > +{ > + struct se_if_priv *priv = dev_get_drvdata(dev); > + struct se_api_msg *tx_msg __free(kfree) = NULL; > + struct se_api_msg *rx_msg __free(kfree) = NULL; > + dma_addr_t get_info_addr = 0; > + u32 *get_info_data = NULL; > + int ret = 0; > + > + if (!priv) { > + ret = -EINVAL; > + return ret; > + } > + > + memset(s_info, 0x0, sizeof(*s_info)); > + > + if (priv->mem_pool) > + get_info_data = gen_pool_dma_alloc(priv->mem_pool, > + ELE_GET_INFO_BUFF_SZ, > + &get_info_addr); > + else > + get_info_data = dma_alloc_coherent(dev, > + ELE_GET_INFO_BUFF_SZ, > + &get_info_addr, > + GFP_KERNEL); > + if (!get_info_data) { > + ret = -ENOMEM; > + dev_dbg(dev, > + "%s: Failed to allocate get_info_addr.\n", > + __func__); > + return ret; > + } > + > + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ, GFP_KERNEL); > + if (!tx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ, GFP_KERNEL); > + if (!rx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + ret = se_fill_cmd_msg_hdr(priv, > + (struct se_msg_hdr *)&tx_msg->header, > + ELE_GET_INFO_REQ, > + ELE_GET_INFO_REQ_MSG_SZ, > + true); > + if (ret) > + goto exit; > + > + tx_msg->data[0] = upper_32_bits(get_info_addr); > + tx_msg->data[1] = lower_32_bits(get_info_addr); > + tx_msg->data[2] = sizeof(*s_info); > + ret = ele_msg_send_rcv(priv, > + tx_msg, > + ELE_GET_INFO_REQ_MSG_SZ, > + rx_msg, > + ELE_GET_INFO_RSP_MSG_SZ); > + if (ret < 0) > + goto exit; > + > + ret = se_val_rsp_hdr_n_status(priv, > + rx_msg, > + ELE_GET_INFO_REQ, > + ELE_GET_INFO_RSP_MSG_SZ, > + true); > + > + memcpy(s_info, get_info_data, sizeof(*s_info)); > + priv->imem.state = s_info->d_addn_info.imem_state; > + > +exit: > + if (priv->mem_pool) > + gen_pool_free(priv->mem_pool, > + (u64) get_info_data, > + ELE_GET_INFO_BUFF_SZ); > + else > + dma_free_coherent(dev, > + ELE_GET_INFO_BUFF_SZ, > + get_info_data, > + get_info_addr); > + > + return ret; > +} > + > +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 *serial_num) > +{ > + struct ele_dev_info s_info = {0}; > + int err = 0; Nit: needn't set err to 0 if following set it unconditional err = ele_get_info(dev, &s_info); Frank > + > + err = ele_get_info(dev, &s_info); > + if (err < 0) { > + dev_err(dev, "Error"); > + return err; > + } > + > + if (soc_rev) > + *soc_rev = s_info.d_info.soc_rev; > + if (serial_num) > + *serial_num = GET_SERIAL_NUM_FROM_UID(s_info.d_info.uid, MAX_UID_SIZE >> 2); > + > + return err; > +} > + > +int ele_ping(struct device *dev) > +{ > + struct se_if_priv *priv = dev_get_drvdata(dev); > + struct se_api_msg *tx_msg __free(kfree) = NULL; > + struct se_api_msg *rx_msg __free(kfree) = NULL; > + int ret = 0; > + > + if (!priv) { > + ret = -EINVAL; > + goto exit; > + } > + > + tx_msg = kzalloc(ELE_PING_REQ_SZ, GFP_KERNEL); > + if (!tx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + rx_msg = kzalloc(ELE_PING_RSP_SZ, GFP_KERNEL); > + if (!rx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + ret = se_fill_cmd_msg_hdr(priv, > + (struct se_msg_hdr *)&tx_msg->header, > + ELE_PING_REQ, ELE_PING_REQ_SZ, true); > + if (ret) { > + dev_err(dev, "Error: se_fill_cmd_msg_hdr failed.\n"); > + goto exit; > + } > + > + ret = ele_msg_send_rcv(priv, > + tx_msg, > + ELE_PING_REQ_SZ, > + rx_msg, > + ELE_PING_RSP_SZ); > + if (ret) > + goto exit; > + > + ret = se_val_rsp_hdr_n_status(priv, > + rx_msg, > + ELE_PING_REQ, > + ELE_PING_RSP_SZ, > + true); > +exit: > + return ret; > +} > + > +int ele_service_swap(struct device *dev, > + phys_addr_t addr, > + u32 addr_size, u16 flag) > +{ > + struct se_if_priv *priv = dev_get_drvdata(dev); > + struct se_api_msg *tx_msg __free(kfree) = NULL; > + struct se_api_msg *rx_msg __free(kfree) = NULL; > + int ret = 0; > + > + if (!priv) { > + ret = -EINVAL; > + goto exit; > + } > + > + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ, GFP_KERNEL); > + if (!tx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ, GFP_KERNEL); > + if (!rx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + ret = se_fill_cmd_msg_hdr(priv, > + (struct se_msg_hdr *)&tx_msg->header, > + ELE_SERVICE_SWAP_REQ, > + ELE_SERVICE_SWAP_REQ_MSG_SZ, true); > + if (ret) > + goto exit; > + > + tx_msg->data[0] = flag; > + tx_msg->data[1] = addr_size; > + tx_msg->data[2] = ELE_NONE_VAL; > + tx_msg->data[3] = lower_32_bits(addr); > + tx_msg->data[4] = se_add_msg_crc((uint32_t *)&tx_msg[0], > + ELE_SERVICE_SWAP_REQ_MSG_SZ); > + ret = ele_msg_send_rcv(priv, > + tx_msg, > + ELE_SERVICE_SWAP_REQ_MSG_SZ, > + rx_msg, > + ELE_SERVICE_SWAP_RSP_MSG_SZ); > + if (ret < 0) > + goto exit; > + > + ret = se_val_rsp_hdr_n_status(priv, > + rx_msg, > + ELE_SERVICE_SWAP_REQ, > + ELE_SERVICE_SWAP_RSP_MSG_SZ, > + true); > + if (ret) > + goto exit; > + > + if (flag == ELE_IMEM_EXPORT) > + ret = rx_msg->data[1]; > + else > + ret = 0; > + > +exit: > + > + return ret; > +} > + > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr) > +{ > + struct se_if_priv *priv = dev_get_drvdata(dev); > + struct se_api_msg *tx_msg __free(kfree) = NULL; > + struct se_api_msg *rx_msg __free(kfree) = NULL; > + int ret = 0; > + > + if (!priv) { > + ret = -EINVAL; > + goto exit; > + } > + > + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ, GFP_KERNEL); > + if (!tx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ, GFP_KERNEL); > + if (!rx_msg) { > + ret = -ENOMEM; > + goto exit; > + } > + > + ret = se_fill_cmd_msg_hdr(priv, > + (struct se_msg_hdr *)&tx_msg->header, > + ELE_FW_AUTH_REQ, > + ELE_FW_AUTH_REQ_SZ, > + true); > + if (ret) > + goto exit; > + > + tx_msg->data[1] = upper_32_bits(addr); > + tx_msg->data[0] = lower_32_bits(addr); > + tx_msg->data[2] = addr; > + > + ret = ele_msg_send_rcv(priv, > + tx_msg, > + ELE_FW_AUTH_REQ_SZ, > + rx_msg, > + ELE_FW_AUTH_RSP_MSG_SZ); > + if (ret < 0) > + goto exit; > + > + ret = se_val_rsp_hdr_n_status(priv, > + rx_msg, > + ELE_FW_AUTH_REQ, > + ELE_FW_AUTH_RSP_MSG_SZ, > + true); > +exit: > + return ret; > +} > diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h > new file mode 100644 > index 000000000000..88ccfce8c8f7 > --- /dev/null > +++ b/drivers/firmware/imx/ele_base_msg.h > @@ -0,0 +1,95 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Copyright 2024 NXP > + * > + * Header file for the EdgeLock Enclave Base API(s). > + */ > + > +#ifndef ELE_BASE_MSG_H > +#define ELE_BASE_MSG_H > + > +#include <linux/device.h> > +#include <linux/types.h> > + > +#define WORD_SZ 4 > +#define ELE_NONE_VAL 0x0 > + > +#define ELE_GET_INFO_REQ 0xDA > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10 > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08 > + > +#define DEFAULT_IMX_SOC_VER 0xA000 > +#define SOC_VER_MASK 0xFFFF0000 > +#define SOC_ID_MASK 0x0000FFFF > + > +#define MAX_UID_SIZE (16) > +#define DEV_GETINFO_ROM_PATCH_SHA_SZ (32) > +#define DEV_GETINFO_FW_SHA_SZ (32) > +#define DEV_GETINFO_OEM_SRKH_SZ (64) > +#define DEV_GETINFO_MIN_VER_MASK 0xFF > +#define DEV_GETINFO_MAJ_VER_MASK 0xFF00 > +#define ELE_DEV_INFO_EXTRA_SZ 0x60 > + > +struct dev_info { > + uint8_t cmd; > + uint8_t ver; > + uint16_t length; > + uint16_t soc_id; > + uint16_t soc_rev; > + uint16_t lmda_val; > + uint8_t ssm_state; > + uint8_t dev_atts_api_ver; > + uint8_t uid[MAX_UID_SIZE]; > + uint8_t sha_rom_patch[DEV_GETINFO_ROM_PATCH_SHA_SZ]; > + uint8_t sha_fw[DEV_GETINFO_FW_SHA_SZ]; > +}; > + > +struct dev_addn_info { > + uint8_t oem_srkh[DEV_GETINFO_OEM_SRKH_SZ]; > + uint8_t trng_state; > + uint8_t csal_state; > + uint8_t imem_state; > + uint8_t reserved2; > +}; > + > +struct ele_dev_info { > + struct dev_info d_info; > + struct dev_addn_info d_addn_info; > +}; > + > +#define ELE_GET_INFO_BUFF_SZ (sizeof(struct ele_dev_info) \ > + + ELE_DEV_INFO_EXTRA_SZ) > + > +#define GET_SERIAL_NUM_FROM_UID(x, uid_word_sz) \ > + (((u64)(((u32 *)(x))[(uid_word_sz) - 1]) << 32) | ((u32 *)(x))[0]) > + > +#define ELE_DEBUG_DUMP_REQ 0x21 > +#define ELE_DEBUG_DUMP_RSP_SZ 0x14 > + > +#define ELE_PING_REQ 0x01 > +#define ELE_PING_REQ_SZ 0x04 > +#define ELE_PING_RSP_SZ 0x08 > + > +#define ELE_SERVICE_SWAP_REQ 0xDF > +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18 > +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C > +#define ELE_IMEM_SIZE 0x10000 > +#define ELE_IMEM_STATE_OK 0xCA > +#define ELE_IMEM_STATE_BAD 0xFE > +#define ELE_IMEM_STATE_WORD 0x27 > +#define ELE_IMEM_STATE_MASK 0x00ff0000 > +#define ELE_IMEM_EXPORT 0x1 > +#define ELE_IMEM_IMPORT 0x2 > + > +#define ELE_FW_AUTH_REQ 0x02 > +#define ELE_FW_AUTH_REQ_SZ 0x10 > +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08 > + > +int ele_get_info(struct device *dev, struct ele_dev_info *s_info); > +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 *serial_num); > +int ele_ping(struct device *dev); > +int ele_service_swap(struct device *dev, > + phys_addr_t addr, > + u32 addr_size, u16 flag); > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr); > +#endif > diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c > new file mode 100644 > index 000000000000..a06d7015d3f1 > --- /dev/null > +++ b/drivers/firmware/imx/ele_common.c > @@ -0,0 +1,306 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright 2024 NXP > + */ > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > + > +u32 se_add_msg_crc(u32 *msg, u32 msg_len) > +{ > + u32 nb_words = msg_len / (u32)sizeof(u32); > + u32 crc = 0; > + u32 i; > + > + for (i = 0; i < nb_words - 1; i++) > + crc ^= *(msg + i); > + > + return crc; > +} > + > +int ele_msg_rcv(struct se_if_priv *priv, > + struct se_clbk_handle *se_clbk_hdl) > +{ > + int err = 0; > + > + err = wait_event_interruptible(se_clbk_hdl->wq, > + atomic_read(&se_clbk_hdl->pending_hdr) != 0); > + if (err < 0) > + dev_err(priv->dev, > + "Err[0x%x]:Interrupted by signal.\n", > + err); > + else > + err = se_clbk_hdl->rx_msg_sz; > + > + atomic_dec(&se_clbk_hdl->pending_hdr); > + > + return err; > +} > + > +int ele_msg_send(struct se_if_priv *priv, > + void *tx_msg, > + int tx_msg_sz) > +{ > + struct se_msg_hdr *header; > + int err; > + > + header = tx_msg; > + > + /* > + * Check that the size passed as argument matches the size > + * carried in the message. > + */ > + if (header->size << 2 != tx_msg_sz) { > + err = -EINVAL; > + dev_err(priv->dev, > + "User buf hdr: 0x%x, sz mismatced with input-sz (%d != %d).", > + *(u32 *)header, > + header->size << 2, tx_msg_sz); > + goto exit; > + } > + guard(mutex)(&priv->se_if_lock); > + > + err = mbox_send_message(priv->tx_chan, tx_msg); > + if (err < 0) { > + dev_err(priv->dev, "Error: mbox_send_message failure.\n"); > + return err; > + } > + err = tx_msg_sz; > + > +exit: > + return err; > +} > + > +/* API used for send/receive blocking call. */ > +int ele_msg_send_rcv(struct se_if_priv *priv, > + void *tx_msg, > + int tx_msg_sz, > + void *rx_msg, > + int exp_rx_msg_sz) > +{ > + int err; > + > + guard(mutex)(&priv->se_if_cmd_lock); > + > + priv->waiting_rsp_clbk_hdl.rx_msg_sz = exp_rx_msg_sz; > + priv->waiting_rsp_clbk_hdl.rx_msg = rx_msg; > + > + err = ele_msg_send(priv, tx_msg, tx_msg_sz); > + if (err < 0) > + goto exit; > + > + err = ele_msg_rcv(priv, &priv->waiting_rsp_clbk_hdl); > +exit: > + return err; > +} > + > +static bool exception_for_size(struct se_if_priv *priv, > + struct se_msg_hdr *header) > +{ > + /* List of API(s) that can be accepte variable length > + * response buffer. > + */ > + if (header->command == ELE_DEBUG_DUMP_REQ && > + header->ver == priv->base_api_ver && > + header->size >= 0 && > + header->size <= ELE_DEBUG_DUMP_RSP_SZ) > + return true; > + > + return false; > +} > + > +/* > + * Callback called by mailbox FW, when data is received. > + */ > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg) > +{ > + struct se_clbk_handle *se_clbk_hdl; > + struct device *dev = mbox_cl->dev; > + struct se_msg_hdr *header; > + struct se_if_priv *priv; > + u32 rx_msg_sz; > + > + priv = dev_get_drvdata(dev); > + > + /* The function can be called with NULL msg */ > + if (!msg) { > + dev_err(dev, "Message is invalid\n"); > + return; > + } > + > + header = msg; > + rx_msg_sz = header->size << 2; > + > + /* Incoming command: wake up the receiver if any. */ > + if (header->tag == priv->cmd_tag) { > + se_clbk_hdl = &priv->cmd_receiver_clbk_hdl; > + dev_dbg(dev, > + "Selecting cmd receiver for mesg header:0x%x.", > + *(u32 *) header); > + > + /* Pre-allocated buffer of MAX_NVM_MSG_LEN > + * as the NVM command are initiated by FW. > + * Size is revealed as part of this call function. > + */ > + if (rx_msg_sz > MAX_NVM_MSG_LEN) { > + dev_err(dev, > + "CMD-RCVER NVM: hdr(0x%x) with different sz(%d != %d).\n", > + *(u32 *) header, > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + > + se_clbk_hdl->rx_msg_sz = MAX_NVM_MSG_LEN; > + } > + se_clbk_hdl->rx_msg_sz = rx_msg_sz; > + > + } else if (header->tag == priv->rsp_tag) { > + se_clbk_hdl = &priv->waiting_rsp_clbk_hdl; > + dev_dbg(dev, > + "Selecting resp waiter for mesg header:0x%x.", > + *(u32 *) header); > + > + if (rx_msg_sz != se_clbk_hdl->rx_msg_sz > + && !exception_for_size(priv, header)) { > + dev_err(dev, > + "Rsp to CMD: hdr(0x%x) with different sz(%d != %d).\n", > + *(u32 *) header, > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + > + se_clbk_hdl->rx_msg_sz = min(rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + } > + } else { > + dev_err(dev, "Failed to select a device for message: %.8x\n", > + *((u32 *) header)); > + return; > + } > + > + memcpy(se_clbk_hdl->rx_msg, msg, se_clbk_hdl->rx_msg_sz); > + > + /* Allow user to read */ > + atomic_inc(&se_clbk_hdl->pending_hdr); > + > + wake_up_interruptible(&se_clbk_hdl->wq); > +} > + > +int se_val_rsp_hdr_n_status(struct se_if_priv *priv, > + struct se_api_msg *msg, > + uint8_t msg_id, > + uint8_t sz, > + bool is_base_api) > +{ > + u32 status; > + struct se_msg_hdr *header = &msg->header; > + > + if (header->tag != priv->rsp_tag) { > + dev_err(priv->dev, > + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)", > + msg_id, header->tag, priv->rsp_tag); > + return -EINVAL; > + } > + > + if (header->command != msg_id) { > + dev_err(priv->dev, > + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)", > + header->command, msg_id); > + return -EINVAL; > + } > + > + if (header->size != (sz >> 2)) { > + dev_err(priv->dev, > + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)", > + msg_id, header->size, (sz >> 2)); > + return -EINVAL; > + } > + > + if (is_base_api && (header->ver != priv->base_api_ver)) { > + dev_err(priv->dev, > + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)", > + msg_id, header->ver, priv->base_api_ver); > + return -EINVAL; > + } else if (!is_base_api && header->ver != priv->fw_api_ver) { > + dev_err(priv->dev, > + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)", > + msg_id, header->ver, priv->fw_api_ver); > + return -EINVAL; > + } > + > + status = RES_STATUS(msg->data[0]); > + if (status != priv->success_tag) { > + dev_err(priv->dev, "Command Id[%d], Response Failure = 0x%x", > + header->command, status); > + return -EPERM; > + } > + > + return 0; > +} > + > +int se_save_imem_state(struct se_if_priv *priv) > +{ > + int ret; > + > + /* EXPORT command will save encrypted IMEM to given address, > + * so later in resume, IMEM can be restored from the given > + * address. > + * > + * Size must be at least 64 kB. > + */ > + ret = ele_service_swap(priv->dev, > + priv->imem.phyaddr, > + ELE_IMEM_SIZE, > + ELE_IMEM_EXPORT); > + if (ret < 0) > + dev_err(priv->dev, "Failed to export IMEM\n"); > + else > + dev_info(priv->dev, > + "Exported %d bytes of encrypted IMEM\n", > + ret); > + > + return ret; > +} > + > +int se_restore_imem_state(struct se_if_priv *priv) > +{ > + struct ele_dev_info s_info; > + int ret; > + > + /* get info from ELE */ > + ret = ele_get_info(priv->dev, &s_info); > + if (ret) { > + dev_err(priv->dev, "Failed to get info from ELE.\n"); > + return ret; > + } > + > + /* Get IMEM state, if 0xFE then import IMEM */ > + if (s_info.d_addn_info.imem_state == ELE_IMEM_STATE_BAD) { > + /* IMPORT command will restore IMEM from the given > + * address, here size is the actual size returned by ELE > + * during the export operation > + */ > + ret = ele_service_swap(priv->dev, > + priv->imem.phyaddr, > + priv->imem.size, > + ELE_IMEM_IMPORT); > + if (ret) { > + dev_err(priv->dev, "Failed to import IMEM\n"); > + goto exit; > + } > + } else > + goto exit; > + > + /* After importing IMEM, check if IMEM state is equal to 0xCA > + * to ensure IMEM is fully loaded and > + * ELE functionality can be used. > + */ > + ret = ele_get_info(priv->dev, &s_info); > + if (ret) { > + dev_err(priv->dev, "Failed to get info from ELE.\n"); > + goto exit; > + } > + > + if (s_info.d_addn_info.imem_state == ELE_IMEM_STATE_OK) > + dev_info(priv->dev, "Successfully restored IMEM\n"); > + else > + dev_err(priv->dev, "Failed to restore IMEM\n"); > + > +exit: > + return ret; > +} > diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h > new file mode 100644 > index 000000000000..b05d62090337 > --- /dev/null > +++ b/drivers/firmware/imx/ele_common.h > @@ -0,0 +1,51 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Copyright 2024 NXP > + */ > + > + > +#ifndef __ELE_COMMON_H__ > +#define __ELE_COMMON_H__ > + > +#include "se_ctrl.h" > + > +#define ELE_SUCCESS_IND 0xD6 > + > +#define IMX_ELE_FW_DIR "imx/ele/" > + > +uint32_t se_add_msg_crc(uint32_t *msg, uint32_t msg_len); > +int ele_msg_rcv(struct se_if_priv *priv, > + struct se_clbk_handle *se_clbk_hdl); > +int ele_msg_send(struct se_if_priv *priv, > + void *tx_msg, > + int tx_msg_sz); > +int ele_msg_send_rcv(struct se_if_priv *priv, > + void *tx_msg, > + int tx_msg_sz, > + void *rx_msg, > + int exp_rx_msg_sz); > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg); > +int se_val_rsp_hdr_n_status(struct se_if_priv *priv, > + struct se_api_msg *msg, > + uint8_t msg_id, > + uint8_t sz, > + bool is_base_api); > + > +/* Fill a command message header with a given command ID and length in bytes. */ > +static inline int se_fill_cmd_msg_hdr(struct se_if_priv *priv, > + struct se_msg_hdr *hdr, > + u8 cmd, u32 len, > + bool is_base_api) > +{ > + hdr->tag = priv->cmd_tag; > + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver; > + hdr->command = cmd; > + hdr->size = len >> 2; > + > + return 0; > +} > + > +int se_save_imem_state(struct se_if_priv *priv); > +int se_restore_imem_state(struct se_if_priv *priv); > + > +#endif /*__ELE_COMMON_H__ */ > diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c > new file mode 100644 > index 000000000000..82b9fcf25535 > --- /dev/null > +++ b/drivers/firmware/imx/se_ctrl.c > @@ -0,0 +1,515 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright 2024 NXP > + */ > + > +#include <linux/completion.h> > +#include <linux/delay.h> > +#include <linux/dev_printk.h> > +#include <linux/dma-mapping.h> > +#include <linux/errno.h> > +#include <linux/export.h> > +#include <linux/firmware.h> > +#include <linux/firmware/imx/se_api.h> > +#include <linux/genalloc.h> > +#include <linux/init.h> > +#include <linux/io.h> > +#include <linux/miscdevice.h> > +#include <linux/mod_devicetable.h> > +#include <linux/module.h> > +#include <linux/of_platform.h> > +#include <linux/of_reserved_mem.h> > +#include <linux/platform_device.h> > +#include <linux/slab.h> > +#include <linux/string.h> > +#include <linux/sys_soc.h> > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > +#include "se_ctrl.h" > + > +#define RESERVED_DMA_POOL BIT(0) > +#define MBOX_TX_NAME "tx" > +#define MBOX_RX_NAME "rx" > + > +struct se_if_node_info { > + u8 se_if_id; > + u8 se_if_did; > + u8 cmd_tag; > + u8 rsp_tag; > + u8 success_tag; > + u8 base_api_ver; > + u8 fw_api_ver; > + u8 *se_name; > + u8 *pool_name; > + u8 *prim_fw_nm_in_rfs; > + u8 *seco_fw_nm_in_rfs; > + bool soc_register; > + bool reserved_dma_ranges; > + int (*se_fetch_soc_info)(struct device *dev, u16 *soc_rev, u64 *serial_num); > +}; > + > +struct se_if_node_info_list { > + u8 num_mu; > + u16 soc_id; > + struct se_if_node_info info[]; > +}; > + > +static const struct se_if_node_info_list imx8ulp_info = { > + .num_mu = 1, > + .soc_id = SOC_ID_OF_IMX8ULP, > + .info = { > + { > + .se_if_id = 2, > + .se_if_did = 7, > + .cmd_tag = 0x17, > + .rsp_tag = 0xe1, > + .success_tag = ELE_SUCCESS_IND, > + .base_api_ver = MESSAGING_VERSION_6, > + .fw_api_ver = MESSAGING_VERSION_7, > + .se_name = "hsm1", > + .pool_name = "sram", > + .prim_fw_nm_in_rfs = IMX_ELE_FW_DIR > + "mx8ulpa2-ahab-container.img", > + .seco_fw_nm_in_rfs = IMX_ELE_FW_DIR > + "mx8ulpa2ext-ahab-container.img", > + .soc_register = true, > + .reserved_dma_ranges = true, > + .se_fetch_soc_info = ele_fetch_soc_info, > + }, > + }, > +}; > + > +static const struct se_if_node_info_list imx93_info = { > + .num_mu = 1, > + .soc_id = SOC_ID_OF_IMX93, > + .info = { > + { > + .se_if_id = 2, > + .se_if_did = 3, > + .cmd_tag = 0x17, > + .rsp_tag = 0xe1, > + .success_tag = ELE_SUCCESS_IND, > + .base_api_ver = MESSAGING_VERSION_6, > + .fw_api_ver = MESSAGING_VERSION_7, > + .se_name = "hsm1", > + .reserved_dma_ranges = true, > + .soc_register = true, > + }, > + }, > +}; > + > +static const struct of_device_id se_match[] = { > + { .compatible = "fsl,imx8ulp-se", .data = (void *)&imx8ulp_info}, > + { .compatible = "fsl,imx93-se", .data = (void *)&imx93_info}, > + {}, > +}; > + > +static const struct se_if_node_info > + *get_se_if_node_info(const struct se_if_node_info_list *info_list, > + const u32 idx) > +{ > + return &info_list->info[idx]; > +} > + > +static int se_soc_info(struct se_if_priv *priv, > + const struct se_if_node_info_list *info_list) > +{ > + const struct se_if_node_info *info; > + struct soc_device_attribute *attr; > + struct soc_device *sdev; > + u64 serial_num; > + u16 soc_rev; > + int err = 0; > + > + info = priv->info; > + > + /* This function should be called once. > + * Check if the soc_rev is zero to continue. > + */ > + if (priv->soc_rev) > + return err; > + > + if (info->se_fetch_soc_info) { > + err = info->se_fetch_soc_info(priv->dev, &soc_rev, &serial_num); > + if (err < 0) { > + dev_err(priv->dev, "Failed to fetch SoC Info."); > + return err; > + } > + } else { > + dev_err(priv->dev, "Failed to fetch SoC revision."); > + if (info->soc_register) > + dev_err(priv->dev, "Failed to do SoC registration."); > + err = -EINVAL; > + return err; > + } > + > + priv->soc_rev = soc_rev; > + if (!info->soc_register) > + return 0; > + > + attr = devm_kzalloc(priv->dev, sizeof(*attr), GFP_KERNEL); > + if (!attr) > + return -ENOMEM; > + > + if (FIELD_GET(DEV_GETINFO_MIN_VER_MASK, soc_rev)) > + attr->revision = devm_kasprintf(priv->dev, GFP_KERNEL, "%x.%x", > + FIELD_GET(DEV_GETINFO_MIN_VER_MASK, > + soc_rev), > + FIELD_GET(DEV_GETINFO_MAJ_VER_MASK, > + soc_rev)); > + else > + attr->revision = devm_kasprintf(priv->dev, GFP_KERNEL, "%x", > + FIELD_GET(DEV_GETINFO_MAJ_VER_MASK, > + soc_rev)); > + > + switch (info_list->soc_id) { > + case SOC_ID_OF_IMX8ULP: > + attr->soc_id = devm_kasprintf(priv->dev, GFP_KERNEL, > + "i.MX8ULP"); > + break; > + case SOC_ID_OF_IMX93: > + attr->soc_id = devm_kasprintf(priv->dev, GFP_KERNEL, > + "i.MX93"); > + break; > + } > + > + err = of_property_read_string(of_root, "model", > + &attr->machine); > + if (err) > + return -EINVAL; > + > + attr->family = devm_kasprintf(priv->dev, GFP_KERNEL, "Freescale i.MX"); > + > + attr->serial_number > + = devm_kasprintf(priv->dev, GFP_KERNEL, "%016llX", serial_num); > + > + sdev = soc_device_register(attr); > + if (IS_ERR(sdev)) > + return PTR_ERR(sdev); > + > + return 0; > +} > + > +/* interface for managed res to free a mailbox channel */ > +static void if_mbox_free_channel(void *mbox_chan) > +{ > + mbox_free_channel(mbox_chan); > +} > + > +static int se_if_request_channel(struct device *dev, > + struct mbox_chan **chan, > + struct mbox_client *cl, > + const char *name) > +{ > + struct mbox_chan *t_chan; > + int ret = 0; > + > + t_chan = mbox_request_channel_byname(cl, name); > + if (IS_ERR(t_chan)) { > + ret = PTR_ERR(t_chan); > + return dev_err_probe(dev, ret, > + "Failed to request %s channel.", name); > + } > + > + ret = devm_add_action(dev, if_mbox_free_channel, t_chan); > + if (ret) { > + dev_err(dev, "failed to add devm removal of mbox %s\n", name); > + goto exit; > + } > + > + *chan = t_chan; > + > +exit: > + return ret; > +} > + > +static void se_if_probe_cleanup(struct platform_device *pdev) > +{ > + struct device *dev = &pdev->dev; > + struct se_if_priv *priv; > + > + priv = dev_get_drvdata(dev); > + > + /* In se_if_request_channel(), passed the clean-up functional > + * pointer reference as action to devm_add_action(). > + * No need to free the mbox channels here. > + */ > + > + /* free the buffer in se remove, previously allocated > + * in se probe to store encrypted IMEM > + */ > + if (priv->imem.buf) { > + dmam_free_coherent(dev, > + ELE_IMEM_SIZE, > + priv->imem.buf, > + priv->imem.phyaddr); > + priv->imem.buf = NULL; > + } > + > + /* No need to check, if reserved memory is allocated > + * before calling for its release. Or clearing the > + * un-set bit. > + */ > + of_reserved_mem_device_release(dev); > +} > + > +static void se_load_firmware(const struct firmware *fw, void *context) > +{ > + struct se_if_priv *priv = context; > + const struct se_if_node_info *info = priv->info; > + phys_addr_t se_fw_phyaddr; > + u8 *se_fw_buf; > + int ret; > + > + if (!fw) { > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES) > + dev_dbg(priv->dev, > + "External FW not found, using ROM FW.\n"); > + else { > + /*add a bit delay to wait for firmware priv released */ > + msleep(20); > + > + /* Load firmware one more time if timeout */ > + request_firmware_nowait(THIS_MODULE, > + FW_ACTION_UEVENT, priv->se_img_file_to_load, > + priv->dev, GFP_KERNEL, priv, > + se_load_firmware); > + priv->fw_fail++; > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n", > + priv->fw_fail); > + } > + > + return; > + } > + > + dev_info(priv->dev, "loading firmware %s\n", priv->se_img_file_to_load); > + > + /* allocate buffer to store the SE FW */ > + se_fw_buf = dma_alloc_coherent(priv->dev, fw->size, > + &se_fw_phyaddr, GFP_KERNEL); > + if (!se_fw_buf) > + goto exit; > + > + memcpy(se_fw_buf, fw->data, fw->size); > + ret = ele_fw_authenticate(priv->dev, se_fw_phyaddr); > + if (ret < 0) > + dev_err(priv->dev, > + "Error %pe: Authenticate & load SE firmware %s.\n", > + ERR_PTR(ret), > + priv->se_img_file_to_load); > + > + dma_free_coherent(priv->dev, > + fw->size, > + se_fw_buf, > + se_fw_phyaddr); > + > + if (priv->imem.state == ELE_IMEM_STATE_BAD && > + priv->se_img_file_to_load == info->prim_fw_nm_in_rfs) { > + priv->se_img_file_to_load = info->seco_fw_nm_in_rfs; > + request_firmware_nowait(THIS_MODULE, > + FW_ACTION_UEVENT, priv->se_img_file_to_load, > + priv->dev, GFP_KERNEL, priv, > + se_load_firmware); > + } > + > +exit: > + release_firmware(fw); > +} > + > +static int se_if_probe(struct platform_device *pdev) > +{ > + const struct se_if_node_info_list *info_list; > + const struct se_if_node_info *info; > + struct device *dev = &pdev->dev; > + struct se_if_priv *priv; > + u32 idx; > + int ret; > + > + idx = GET_IDX_FROM_DEV_NODE_NAME(dev->of_node); > + info_list = device_get_match_data(dev); > + if (idx >= info_list->num_mu) { > + dev_err(dev, > + "Incorrect node name :%s\n", > + dev->of_node->full_name); > + dev_err(dev, > + "%s@<index>, acceptable index range is 0..%d\n", > + dev->of_node->name, > + info_list->num_mu - 1); > + ret = -EINVAL; > + return ret; > + } > + > + info = get_se_if_node_info(info_list, idx); > + if (!info) { > + ret = -EINVAL; > + goto exit; > + } > + > + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); > + if (!priv) { > + ret = -ENOMEM; > + goto exit; > + } > + > + dev_set_drvdata(dev, priv); > + > + /* Mailbox client configuration */ > + priv->se_mb_cl.dev = dev; > + priv->se_mb_cl.tx_block = false; > + priv->se_mb_cl.knows_txdone = true; > + priv->se_mb_cl.rx_callback = se_if_rx_callback; > + > + ret = se_if_request_channel(dev, &priv->tx_chan, > + &priv->se_mb_cl, MBOX_TX_NAME); > + if (ret) > + goto exit; > + > + ret = se_if_request_channel(dev, &priv->rx_chan, > + &priv->se_mb_cl, MBOX_RX_NAME); > + if (ret) > + goto exit; > + > + priv->dev = dev; > + priv->info = info; > + > + mutex_init(&priv->se_if_lock); > + mutex_init(&priv->se_if_cmd_lock); > + > + atomic_set(&priv->waiting_rsp_clbk_hdl.pending_hdr, 0); > + init_waitqueue_head(&priv->waiting_rsp_clbk_hdl.wq); > + atomic_set(&priv->cmd_receiver_clbk_hdl.pending_hdr, 0); > + init_waitqueue_head(&priv->cmd_receiver_clbk_hdl.wq); > + > + priv->cmd_tag = info->cmd_tag; > + priv->rsp_tag = info->rsp_tag; > + if (info->pool_name) { > + priv->mem_pool = of_gen_pool_get(dev->of_node, > + info->pool_name, 0); > + if (!priv->mem_pool) { > + dev_err(dev, > + "Unable to get sram pool = %s\n", > + info->pool_name); > + return 0; > + } why return 0 here? suppose should be goto exit? > + } > + priv->success_tag = info->success_tag; > + priv->base_api_ver = info->base_api_ver; > + priv->fw_api_ver = info->fw_api_ver; > + spin_lock_init(&priv->lock); > + > + if (info->reserved_dma_ranges) { > + ret = of_reserved_mem_device_init(dev); > + if (ret) { > + dev_err(dev, > + "failed to init reserved memory region %d\n", > + ret); > + goto exit; > + } > + } > + > + ret = se_soc_info(priv, info_list); > + if (ret) { > + dev_err(dev, > + "failed[%pe] to fetch SoC Info\n", ERR_PTR(ret)); > + goto exit; > + } > + > + priv->se_img_file_to_load = info->seco_fw_nm_in_rfs; > + if (info->prim_fw_nm_in_rfs) { > + /* allocate buffer where SE store encrypted IMEM */ > + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE, > + &priv->imem.phyaddr, > + GFP_KERNEL); > + if (!priv->imem.buf) { > + dev_err(dev, > + "dmam-alloc-failed: To store encr-IMEM.\n"); > + ret = -ENOMEM; > + goto exit; > + } > + if (priv->imem.state == ELE_IMEM_STATE_BAD) > + priv->se_img_file_to_load = info->prim_fw_nm_in_rfs; > + } > + > + if (priv->se_img_file_to_load) { > + ret = request_firmware_nowait(THIS_MODULE, > + FW_ACTION_UEVENT, > + priv->se_img_file_to_load, > + dev, GFP_KERNEL, priv, > + se_load_firmware); > + if (ret) > + dev_warn(dev, "Failed to get firmware [%s].\n", > + priv->se_img_file_to_load); > + ret = 0; > + } > + > + dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n", > + info->se_name); > + return ret; > + > +exit: > + /* if execution control reaches here, if probe fails. > + * hence doing the cleanup > + */ > + se_if_probe_cleanup(pdev); Suggest use devm_add_action(, se_if_probe_cleanup, ); so all "goto exit" can change to return dev_err_probe(...); Frank > + > + return ret; > +} > + > +static int se_if_remove(struct platform_device *pdev) > +{ > + se_if_probe_cleanup(pdev); > + > + return 0; > +} > + > +static int se_suspend(struct device *dev) > +{ > + struct se_if_priv *priv = dev_get_drvdata(dev); > + const struct se_if_node_info *info = priv->info; > + int ret = 0; > + > + if (info && info->prim_fw_nm_in_rfs) { > + ret = se_save_imem_state(priv); > + if (ret < 0) > + goto exit; > + priv->imem.size = ret; > + } > +exit: > + return ret; > +} > + > +static int se_resume(struct device *dev) > +{ > + struct se_if_priv *priv = dev_get_drvdata(dev); > + const struct se_if_node_info *info = priv->info; > + > + wake_up_interruptible(&priv->waiting_rsp_clbk_hdl.wq); > + wake_up_interruptible(&priv->cmd_receiver_clbk_hdl.wq); > + > + if (info && info->prim_fw_nm_in_rfs) > + se_restore_imem_state(priv); > + > + return 0; > +} > + > +static const struct dev_pm_ops se_pm = { > + RUNTIME_PM_OPS(se_suspend, se_resume, NULL) > +}; > + > +static struct platform_driver se_driver = { > + .driver = { > + .name = "fsl-se-fw", > + .of_match_table = se_match, > + .pm = &se_pm, > + }, > + .probe = se_if_probe, > + .remove = se_if_remove, > +}; > +MODULE_DEVICE_TABLE(of, se_match); > + > +module_platform_driver(se_driver); > + > +MODULE_AUTHOR("Pankaj Gupta <pankaj.gupta@nxp.com>"); > +MODULE_DESCRIPTION("iMX Secure Enclave Driver."); > +MODULE_LICENSE("GPL"); > diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h > new file mode 100644 > index 000000000000..95050d3c7c88 > --- /dev/null > +++ b/drivers/firmware/imx/se_ctrl.h > @@ -0,0 +1,99 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Copyright 2024 NXP > + */ > + > +#ifndef SE_MU_H > +#define SE_MU_H > + > +#include <linux/miscdevice.h> > +#include <linux/semaphore.h> > +#include <linux/mailbox_client.h> > + > +#define MAX_FW_LOAD_RETRIES 50 > + > +#define RES_STATUS(x) FIELD_GET(0x000000ff, x) > +#define MAX_NVM_MSG_LEN (256) > +#define MESSAGING_VERSION_6 0x6 > +#define MESSAGING_VERSION_7 0x7 > +#define NODE_NAME "secure-enclave" > + > +#define GET_ASCII_TO_U8(diff, tens_chr, ones_chr) \ > + ((diff > 2) ? (((tens_chr - '0') * 10) + (ones_chr - '0')) :\ > + (tens_chr - '0')) > + > +#define GET_IDX_FROM_DEV_NODE_NAME(dev_of_node) \ > + ((strlen(dev_of_node->full_name) > strlen(NODE_NAME)) ?\ > + GET_ASCII_TO_U8((strlen(dev_of_node->full_name) - strlen(NODE_NAME)),\ > + dev_of_node->full_name[strlen(NODE_NAME) + 1], \ > + dev_of_node->full_name[strlen(NODE_NAME) + 2]) : 0) > + > +struct se_clbk_handle { > + wait_queue_head_t wq; > + atomic_t pending_hdr; > + u32 rx_msg_sz; > + /* Assignment of the rx_msg buffer to held till the > + * received content as part callback function, is copied. > + */ > + struct se_api_msg *rx_msg; > +}; > + > +struct se_imem_buf { > + u8 *buf; > + phys_addr_t phyaddr; > + u32 size; > + u32 state; > +}; > + > +/* Header of the messages exchange with the EdgeLock Enclave */ > +struct se_msg_hdr { > + u8 ver; > + u8 size; > + u8 command; > + u8 tag; > +} __packed; > + > +#define SE_MU_HDR_SZ 4 > + > +struct se_api_msg { > + struct se_msg_hdr header; > + u32 data[]; > +}; > + > +struct se_if_priv { > + struct se_clbk_handle cmd_receiver_clbk_hdl; > + /* Update to the waiting_rsp_dev, to be protected > + * under se_if_lock. > + */ > + struct se_clbk_handle waiting_rsp_clbk_hdl; > + /* > + * prevent parallel access to the se interface registers > + * e.g. a user trying to send a command while the other one is > + * sending a response. > + */ > + struct mutex se_if_lock; > + /* > + * prevent a command to be sent on the se interface while another one is > + * still processing. (response to a command is allowed) > + */ > + struct mutex se_if_cmd_lock; > + struct device *dev; > + struct gen_pool *mem_pool; > + u8 cmd_tag; > + u8 rsp_tag; > + u8 success_tag; > + u8 base_api_ver; > + u8 fw_api_ver; > + u32 fw_fail; > + u16 soc_rev; > + const void *info; > + > + struct mbox_client se_mb_cl; > + struct mbox_chan *tx_chan, *rx_chan; > + > + spinlock_t lock; > + struct se_imem_buf imem; > + u8 *se_img_file_to_load; > +}; > + > +#endif > diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h > new file mode 100644 > index 000000000000..c47f84906837 > --- /dev/null > +++ b/include/linux/firmware/imx/se_api.h > @@ -0,0 +1,14 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Copyright 2024 NXP > + */ > + > +#ifndef __SE_API_H__ > +#define __SE_API_H__ > + > +#include <linux/types.h> > + > +#define SOC_ID_OF_IMX8ULP 0x084D > +#define SOC_ID_OF_IMX93 0x9300 > + > +#endif /* __SE_API_H__ */ > > -- > 2.34.1 >
> > On Wed, Sep 04, 2024 at 04:21:16PM +0530, Pankaj Gupta wrote: > > Can you fix subject "[PATCH v7 0/5] Changes in v7"? I remember someone > already complain this in previous version. Thanks for pointing it out. Will ensure not to repeat it. > > Frank > > > 5/5 > > - struct se_clbk_handle, is added with a member struct se_if_device_ctx > *dev_ctx. > > - func call to ele_miscdev_msg_rcv() & ele_miscdev_msg_send(), are > removed. > > - func se_ioctl_cmd_snd_rcv_rsp_handler(), is modified to remove the > > func call to ele_miscdev_msg_rcv() & ele_miscdev_msg_send() > > - func se_ioctl_cmd_snd_rcv_rsp_handler is callig func ele_msg_send_rcv(), > instead. > > - Mutext "se_cmd_if_lock", handling is removed from this patch. > > - func ele_miscdev_msg_send() is replaced with func ele_msg_send(), in > fops_write. > > - func ele_miscdev_msg_rcv() is replaced with func ele_msg_rcv(), in > fops_read. > > - fops_open is modified to create the new dev_ctx instance (using func > init_device_context()), which is not registered as miscdev. > > - Only one dev_ctx is registered as miscdev and its reference is stored in the > struct se_if_priv, as priv_dev_ctx. > > - Separate func cleanup_se_shared_mem() & func init_se_shared_mem(), > for shared memory handling part of struct dev_ctx. > > - Input param for func(s) ele_msg_rcv(), ele_msg_send() & > ele_msg_send_rcv(), is replaced from struct se_if_priv to struct > se_if_device_ctx. > > > > 4/5 > > - A new structure is defined name struct "se_clbk_handle", to contain > members processed in mailbox call-back function. > > - "struct se_if_priv" is modified to contain the two structures of > "se_clbk_handle" - waiting_rsp_clbk_hdl & cmd_receiver_clbk_hdl. > > - func ele_msg_rcv() is modified to take a new additional input reference > param "struct se_clbk_handle *se_clbk_hdl". > > - func ele_msg_send() is modified to take a new additional input tx_msg_sz. > > - func ele_msg_send_rcv(), is modified to take 2 more inputs - tx_msg_sz & > exp_rx_msg_sz. > > - func se_val_rsp_hdr_n_status(), is modified to take input of rx_msg buffer, > instead of header value, as input param. > > - each caller of the func ele_msg_send_rcv(), is sending these two > additional input params. > > - func se_if_callback(), is modified to work on two structures of > "se_clbk_handle" - waiting_rsp_clbk_hdl & cmd_receiver_clbk_hdl. > > - Variable "max_dev_ctx", is removed from info & priv struture, as well its > usage. > > - New member variable "se_img_file_to_load", is added to structure "priv". > > - Other member variables - rx_msg(ptr), rx_msg_sz, completion done & list > of dev_ctxs, is removed from priv struture, along with their usage. > > - func se_resume(), updated to wakeup the two "wq", part of "struct > se_clbk_handle": priv->waiting_rsp_clbk_hdl & priv->cmd_receiver_clbk_hdl. > > > > 3/5 > > - Node name is changed from senclave-firmware@0 to "secure-enclave" > > > > 2/5 > > - Node name is changed to "secure-enclave". > > > > - Link to v6: > > https://lore.kernel.org/r/20240722-imx-se-if-v6-0-ee26a87b824a@nxp.com > > > > v6: firmware: imx: driver for NXP secure-enclave > > > > 5/5 > > - replaced scope_gaurd with gaurd. > > > > 4/5 > > - replaced scope_gaurd with gaurd. > > - remove reading the regs property from dtb. > > - Added NULL check for priv data fetched from device, as a sanity > > check, for ele_base_msg apis) > > > > 3/5 > > - replace firmware with senclave-firmware. > > > > 2/5 > > - replace firmware with senclave-firmware. > > - drop description for mbox > > - Replaced "items:" with maxItems:1 for "memory-region" > > - Replaced "items:" with maxItems:1 for "sram" > > - remove regs property. > > - remove "$nodename" > > > > - Link to v5: > > https://lore.kernel.org/r/20240712-imx-se-if-v5-0-66a79903a872@nxp.com > > > > Changes in v5: > > > > 2/5 > > - updated the description of mboxes > > - updated the description & items for mbox-names. > > - updated the description of memory-region > > - move "additional properties: false" after allOf block. > > - removed other example except one. > > > > 4/5 > > - Corrected the indentation in Kconfig. > > - info members:mbox_tx_name & mbox_rx_name, are replaced with > macros. > > > > 5/5 > > - Replaced "for secure enclaves", with "for secure enclaves" > > - Replaced "user space" with "userspace". > > - End the line "[include]<linux/firmware/imx/ele_mu_ioctl.h>" with a > period. > > > > - Link to v4: > > https://lore.kernel.org/r/20240705-imx-se-if-v4-0-52d000e18a1d@nxp.com > > > > Changes in v4: > > > > 1/5 > > a. Removed - from EdgeLock Enclave. > > > > b. Removed , after "Each of the above feature," > > > > c. replace "can exists" with "can exist". > > > > d. > > -messaging units(MU) per SE. Each co-existing 'se' can have one or > > multiple exclusive -MU(s), dedicated to itself. None of the MU is shared > between two SEs. > > +messaging units(MU) per SE. Each co-existing SE can have one or > > +multiple exclusive MUs, dedicated to itself. None of the MU is shared > between two SEs. > > Communication of the MU is realized using the Linux mailbox driver. > > > > e. > > -All those SE interfaces 'se-if' that is/are dedicated to a particular > > SE, will be -enumerated and provisioned under the very single 'SE' node. > > +Although MU(s) is/are not shared between SE(s). But for SoC like > > +i.MX95 which has multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) > and their interfaces 'se-if' > > +that is/are dedicated to a particular SE will be enumerated and > > +provisioned using the single compatible node("fsl,imx95-se"). > > > > f. Removed ",". Replaced for "Each 'se-if'," with "Each se-if'. > > > > g. removed "," > > - This layer is responsible for ensuring the communication protocol, > > that is defined > > + This layer is responsible for ensuring the communication protocol > > + that is defined > > > > h. removed "-" > > - - FW can handle one command-message at a time. > > + - FW can handle one command message at a time. > > > > i. > > - Using these multiple device contexts, that are getting multiplexed > > over a single MU, > > - user-space application(s) can call fops like write/read to send the > > command-message, > > - and read back the command-response-message to/from Firmware. > > - fops like read & write uses the above defined service layer API(s) > > to communicate with > > + Using these multiple device contexts that are getting multiplexed > > + over a single MU, userspace application(s) can call fops like > > + write/read to send the command message, and read back the command > response message to/from Firmware. > > + fops like read & write use the above defined service layer API(s) > > + to communicate with > > Firmware. > > > > j. Uppercase for word "Linux". > > > > 2/5 > > a. Rephrased the description to remove list of phandles. > > > > b. Moved required before allOf: > > +required: > > + - compatible > > + - reg > > + - mboxes > > + - mbox-names > > + > > +additionalProperties: false > > + > > allOf: > > > > c. replaced not: required: with properties: <property-name>: false. > > # memory-region > > - not: > > - required: > > - - memory-region > > + properties: > > + memory-region: false > > > > # sram > > - else: > > - not: > > - required: > > - - sram > > > > d. Reduced examples. keeping example of i.MX95. > > e. node-name is changed to "firmware@<hex>" > > > > 3/5 > > - node name changed to "firmware@<hex>". > > > > 4/5 > > - used sizeof(*s_info) > > - return early, rather than doing goto exit, in ele_get_info(). > > - Use upper_32_bits() and lower_32_bits() > > - use rx_msg here instead of priv->rx_msg > > - Moved the status check to validate_rsp_hdr. Rename the function to > "se_val_rsp_hdr_n_status" > > - typecasting removed header = (struct se_msg_hdr *) msg; > > - Converted the API name with prefix imx_ele_* or imx_se_*, to ele_* and > se_*, respectively. > > - Removed the functions definition & declaration for: > > free_phybuf_mem_pool() & get_phybuf_mem_pool() > > - removed the mbox_free_channel() calls from clean-up. > > - Flag "priv->flags" is removed. > > - Converted the int se_if_probe_cleanup() to void se_if_probe_cleanup(). > > - Replaced NULL initialization of structure members: priv- > >cmd_receiver_dev & priv->waiting_rsp_dev , with comments. > > - Removed the function's declaration get_phy_buf_mem_pool1 > > > > 5/5 > > Changes to Documentation/ABI/testing/se-cdev. > > a. Removed "-" from "secure-enclave" and "file-descriptor". > > > > b. Removed "-" from "shared-library" > > > > c. Replaced "get" with "getting". > > > > d. Added description for the new IOCTL "send command and receive > command response" > > > > e. Replaced "wakeup_intruptible" with "wait_event_interruptible" > > > > f. Removed ";" > > > > g. Removd "," from "mailbox_lock," > > > > h. Replaced "free" with "frees" > > > > i. In mailbox callback function, checking the buffer size before > > copying. > > > > - Link to v3: > > https://lore.kernel.org/r/20240617-imx-se-if-v3-0-a7d28dea5c4a@nxp.com > > > > Communication Interface to NXP secure-enclave HW IP like Edgelock > > Enclave > > > > Hardware interface of the NXP Secure Enclave HW IP(s) like EdgeLock > > Enclave, V2X, SHE etc, is based on the Messaging Unit module that > > enables processing elements like ARMv8 core, RISC V core, within the > > SoC to communicate and coordinate by passing messages (e.g., data, > > status and control) through these interfaces. > > > > The NXP i.MX secure enclaves hardware interface kernel driver, is > > specifically targeted for use between application core and NXP > > secure-enclave(s) HW. It allows to send/receive messages to/from the > secure-enclave. > > > > Patch-set adds the kernel driver for communication interface to > > secure-enclave, for exchanging messages with NXP secure enclave HW > > IP(s) like EdgeLock Enclave, both from: > > - User-Space Applications via character driver. > > - Kernel-space, used by kernel management layers like DM-Crypt. > > > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> > > > > Changes in v3: > > 5/5: > > - Initialize tx_msg with NULL. > > - memdup_user() returns an error pointer, not NULL. correct it by adding > check for err_ptr. > > - new IOCTL is added to send & recieve the message. > > - replaced the while loop till list is empty, with list_for_each_entry. > > - replaced __list_del_entry, with list_del. > > - Removed the dev_err message from copy to user. > > - Removed the casting of void *. > > - corrected the typcasting in copy to user. > > - removed un-necessary goto statement. > > - Removed dead code for clean-up of memory. > > - Removed un-mapping of secured memory > > - Passing se_if_priv structure to init_device_context. > > - Updated the below check to replace io.length with round_up(io.length). > > if (shared_mem->size < shared_mem->pos|| io.length >= > > shared_mem->size - shared_mem->pos) > > - Created a function to cleanup the list of shared memory buffers. > > - Used list_for_each_entry_safe(). created a separate functions: > > se_dev_ctx_cpy_out_data() & se_dev_ctx_shared_mem_cleanup() > > > > 4/5 > > - Changed the compatible string to replace "-ele", to "-se". > > - Declaration of imx_se_node_info, is done as const in the whole file > > - Remove the unused macros from ele_base_msg.h > > - Remove the function declaration get_phy_buf_mem_pool1, from the > header file. > > - Replace the use of dmam_alloc_coherent to dma_alloc_coherent > > - Check for function pointer, before calling the fucntion pointer in > > imx_fetch_se_soc_info > > - Removed the unused flag for SE_MU_IO_FLAGS_USE_SEC_MEM. > > - Removed the unused macros WORD_SZ > > - instead of struct device *dev, struct se_if_priv *priv, is used as > > argument to the funtions:se_save_imem_state, se_restore_imem_state, > > imx_fetch_se_soc_info > > - Removed ret from validate_rsp_hdr. > > - changed the prefix of the funtion: plat_add_msg_crc and > plat_fill_cmd_msg_hdr. > > - indentation correction for info structures. > > - remove the check for priv not null from se_if_probe_cleanup > > - Removed the casting of void *. > > - se_load_firmware function is corrected for not freeing the buffer when > allocation fails. > > - Checking if get_imx_se_node_info() can return NULL, in se_if_probe() > > - imem.size has type u32. return value from se_save_imem_state() will be > assigned to imem.size in case of success only. > > - removed the flag un-setting in case of failure. priv->flags &= > > (~RESERVED_DMA_POOL); > > - removed the function call for devm_of_platform_populate(dev); > > - Checking for not-NULL, before calling the funtion pointer > se_fetch_soc_info. > > - Removed the checking for reserved memory flag, before freeing up the > reserved memory, in se_probe_if_cleanup. > > > > 3/5 > > - Changed the compatible string to replace "-ele", to "-se". > > > > 2/5 > > - to fix the warning error, replaced the "-ele" & "-v2x" in compatible string, > to "-se". > > - Added an example for ele@0 for compatible string "fsl,imx95-se" > > > > Changes in v2: > > > > 4/4 > > - Split this patch into two: 1. base driver & 2. Miscdev > > - Initialize the return variable "err" as 0, before calling 'return > > err', in the file ele_common.c > > - Fix the usage of un-iniitialized pointer variable, by initializing them with > NULL, in ele_base_msg.c. > > - Fix initializing the ret variable, to return the correct error code in case of > issue. > > - replaced dmam_alloc_coherent with dma_alloc_coherent. > > - Replace the use of ELE_GET_INFO_READ_SZ, with sizeof(soc_info). > > - Replaced -1 with -EPERM > > - Removed the safety check on func-input param, in ele_get_info(). > > - fix the assigning data[1] with lower 32 address, rather than zero, for > ele_fw_authenticate API. > > - Correctly initializing the function's return error code, for file > ele_base_msg.c. > > - replaced 'return' with 'goto'. > > - Use length in bytes. > > - Corrected the structure se_msg_hdr. > > - Moved setting of rx_msg to priv, into the function > > imx_ele_msg_send_rcv > > - Will add lockdep_assert_held, to receive path, in v2. > > - corrected the spacing at "ret = validate_rsp_hdr" > > - FIELD_GET() used for RES_STATUS > > - Re-write the structure soc_info, matching the information provided in > response to this api. > > - The "|" goes to the end of the previous line. > > - Moved the locking and unlocking of the command lock to the caller of the > function. > > - removed the safety check for device private data. > > - Structure memory reference, used to read message header. > > - In the interrupt call back function, remove assigning waiting_rsp_dev to > NULL, in case of response message rcv from FW. > > - do while removed. > > - replaced BIT(1) for RESERVED_DMA_POOL, to BIT(0) > > - The backslash is removed while assigning the file name with absolute path > to structure variable.fw_name_in_rfs =. > > - Update the 'if' condition by removing "idx < 0". > > - mbox_request_channel_byname() uses a "char" for the name not a u8. > Corrected. > > - devm managed resources, are not cleaned now, in function > > se_probe_if_cleanup > > - Used dev_err_probe(). > > - Used %pe to print error string. > > - remove "__maybe_unused" for "struct platform_device *enum_plat_dev > __maybe_unused;" > > - used FIELD_GET(), for RES_STATUS. Removed the use of MSG_TAG, > MSG_COMMAND, MSG_SIZE, MSG_VER. > > - Depricated the used of member of struct se_if_priv, bool > > no_dev_ctx_used; > > - Moved the text explaing the synchronization logic via mutexes, from patch > 1/4 to se_ctrl.h. > > - removed the type casting of info_list = (struct > > imx_se_node_info_list *) device_get_match_data(dev->parent); > > - Used static variable priv->soc_rev in the se_ctrl.c, replaced the following > condition: if (info_list->soc_rev) to if (priv->soc_rev) for checking if this flow is > already executed or not. > > - imx_fetch_soc_info will return failure if the get_info function fails. > > - Removed devm_free from imx_fetch_soc_info too. > > > > 3/3 > > - Made changes to move all the properties to parent node, without any > child node. > > > > 2/4 > > - Use Hex pattern string. > > - Move the properties to parent node, with no child node. > > - Add i.MX95-ele to compatible nodes to fix the warning "/example-2/v2x: > failed to match any schema with compatible: ['fsl,imx95-v2x']" > > > > 1/1 > > - Corrected the spelling from creats to creates. > > - drop the braces around the plural 's' for interfaces > > - written se in upper case SE. > > - Replace "multiple message(s)" with messages. > > - Removed too much details about locks. > > > > Testing > > - make CHECK_DTBS=y freescale/imx8ulp-evk.dtb; > > - make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j8 > > dt_binding_check DT_SCHEMA_FILES=fsl,imx-se.yaml > > - make C=1 CHECK=scripts/coccicheck drivers/firmware/imx/*.* W=1 > > > r.txt > > - ./scripts/checkpatch.pl --git <>..HEAD > > - Tested the Image and .dtb, on the i.MX8ULP. > > > > Reference > > - Link to v1: > > https://lore.kernel.org/r/20240510-imx-se-if-v1-0-27c5a674916d@nxp.com > > - Link to v2: > > https://lore.kernel.org/r/20240523-imx-se-if-v2-0-5a6fd189a539@nxp.com > > > > --- > > Pankaj Gupta (5): > > Documentation/firmware: add imx/se to other_interfaces > > dt-bindings: arm: fsl: add imx-se-fw binding doc > > arm64: dts: imx8ulp-evk: add nxp secure enclave firmware > > firmware: imx: add driver for NXP EdgeLock Enclave > > firmware: imx: adds miscdev > > > > Documentation/ABI/testing/se-cdev | 43 + > > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91 ++ > > .../driver-api/firmware/other_interfaces.rst | 121 ++ > > arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 +- > > arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 13 +- > > drivers/firmware/imx/Kconfig | 12 + > > drivers/firmware/imx/Makefile | 2 + > > drivers/firmware/imx/ele_base_msg.c | 286 +++++ > > drivers/firmware/imx/ele_base_msg.h | 95 ++ > > drivers/firmware/imx/ele_common.c | 318 +++++ > > drivers/firmware/imx/ele_common.h | 51 + > > drivers/firmware/imx/se_ctrl.c | 1305 ++++++++++++++++++++ > > drivers/firmware/imx/se_ctrl.h | 151 +++ > > include/linux/firmware/imx/se_api.h | 14 + > > include/uapi/linux/se_ioctl.h | 94 ++ > > 15 files changed, 2610 insertions(+), 3 deletions(-) > > --- > > base-commit: b63ff26648537a5600cf79bd62f916792c53e015 > > change-id: 20240507-imx-se-if-a40055093dc6 > > > > Best regards, > > -- > > Pankaj Gupta <pankaj.gupta@nxp.com> > >
> On Wed, Sep 04, 2024 at 04:21:20PM +0530, Pankaj Gupta wrote: > > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE), are > > embedded in the SoC to support the features like HSM, SHE & V2X, using > > message based communication interface. > > > > The secure enclave FW communicates on a dedicated messaging unit(MU) > > based interface(s) with application core, where kernel is running. > > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93. > > > > This patch adds the driver for communication interface to > > secure-enclave, for exchanging messages with NXP secure enclave HW > > IP(s) like EdgeLock Enclave (ELE) from Kernel-space, used by kernel > > management layers like > > - DM-Crypt. > > > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> > > --- > > drivers/firmware/imx/Kconfig | 12 + > > drivers/firmware/imx/Makefile | 2 + > > drivers/firmware/imx/ele_base_msg.c | 286 ++++++++++++++++++++ > > drivers/firmware/imx/ele_base_msg.h | 95 +++++++ > > drivers/firmware/imx/ele_common.c | 306 +++++++++++++++++++++ > > drivers/firmware/imx/ele_common.h | 51 ++++ > > drivers/firmware/imx/se_ctrl.c | 515 > ++++++++++++++++++++++++++++++++++++ > > drivers/firmware/imx/se_ctrl.h | 99 +++++++ > > include/linux/firmware/imx/se_api.h | 14 + > > 9 files changed, 1380 insertions(+) > > > > diff --git a/drivers/firmware/imx/Kconfig > > b/drivers/firmware/imx/Kconfig index 183613f82a11..0f6877a24f0b 100644 > > --- a/drivers/firmware/imx/Kconfig > > +++ b/drivers/firmware/imx/Kconfig > > @@ -22,3 +22,15 @@ config IMX_SCU > > > > This driver manages the IPC interface between host CPU and the > > SCU firmware running on M4. > > + > > +config IMX_SEC_ENCLAVE > > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware > driver." > > + depends on IMX_MBOX && ARCH_MXC && ARM64 > > + default m if ARCH_MXC > > + > > + help > > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP > called: > > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93), > > + like base, HSM, V2X & SHE using the SAB protocol via the shared > Messaging > > + Unit. This driver exposes these interfaces via a set of file descriptors > > + allowing to configure shared memory, send and receive messages. > > diff --git a/drivers/firmware/imx/Makefile > > b/drivers/firmware/imx/Makefile index 8f9f04a513a8..aa9033e0e9e3 > > 100644 > > --- a/drivers/firmware/imx/Makefile > > +++ b/drivers/firmware/imx/Makefile > > @@ -1,3 +1,5 @@ > > # SPDX-License-Identifier: GPL-2.0 > > obj-$(CONFIG_IMX_DSP) += imx-dsp.o > > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o > rm.o imx-scu-soc.o > > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o > > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o > > diff --git a/drivers/firmware/imx/ele_base_msg.c > > b/drivers/firmware/imx/ele_base_msg.c > > new file mode 100644 > > index 000000000000..e3e570a25e85 > > --- /dev/null > > +++ b/drivers/firmware/imx/ele_base_msg.c > > @@ -0,0 +1,286 @@ > > +// SPDX-License-Identifier: GPL-2.0+ > > +/* > > + * Copyright 2024 NXP > > + */ > > + > > +#include <linux/types.h> > > + > > +#include <linux/completion.h> > > +#include <linux/dma-mapping.h> > > +#include <linux/genalloc.h> > > + > > +#include "ele_base_msg.h" > > +#include "ele_common.h" > > + > > +int ele_get_info(struct device *dev, struct ele_dev_info *s_info) { > > + struct se_if_priv *priv = dev_get_drvdata(dev); > > + struct se_api_msg *tx_msg __free(kfree) = NULL; > > + struct se_api_msg *rx_msg __free(kfree) = NULL; > > + dma_addr_t get_info_addr = 0; > > + u32 *get_info_data = NULL; > > + int ret = 0; > > + > > + if (!priv) { > > + ret = -EINVAL; > > + return ret; > > + } > > + > > + memset(s_info, 0x0, sizeof(*s_info)); > > + > > + if (priv->mem_pool) > > + get_info_data = gen_pool_dma_alloc(priv->mem_pool, > > + ELE_GET_INFO_BUFF_SZ, > > + &get_info_addr); > > + else > > + get_info_data = dma_alloc_coherent(dev, > > + ELE_GET_INFO_BUFF_SZ, > > + &get_info_addr, > > + GFP_KERNEL); > > + if (!get_info_data) { > > + ret = -ENOMEM; > > + dev_dbg(dev, > > + "%s: Failed to allocate get_info_addr.\n", > > + __func__); > > + return ret; > > + } > > + > > + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ, GFP_KERNEL); > > + if (!tx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ, GFP_KERNEL); > > + if (!rx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + ret = se_fill_cmd_msg_hdr(priv, > > + (struct se_msg_hdr *)&tx_msg->header, > > + ELE_GET_INFO_REQ, > > + ELE_GET_INFO_REQ_MSG_SZ, > > + true); > > + if (ret) > > + goto exit; > > + > > + tx_msg->data[0] = upper_32_bits(get_info_addr); > > + tx_msg->data[1] = lower_32_bits(get_info_addr); > > + tx_msg->data[2] = sizeof(*s_info); > > + ret = ele_msg_send_rcv(priv, > > + tx_msg, > > + ELE_GET_INFO_REQ_MSG_SZ, > > + rx_msg, > > + ELE_GET_INFO_RSP_MSG_SZ); > > + if (ret < 0) > > + goto exit; > > + > > + ret = se_val_rsp_hdr_n_status(priv, > > + rx_msg, > > + ELE_GET_INFO_REQ, > > + ELE_GET_INFO_RSP_MSG_SZ, > > + true); > > + > > + memcpy(s_info, get_info_data, sizeof(*s_info)); > > + priv->imem.state = s_info->d_addn_info.imem_state; > > + > > +exit: > > + if (priv->mem_pool) > > + gen_pool_free(priv->mem_pool, > > + (u64) get_info_data, > > + ELE_GET_INFO_BUFF_SZ); > > + else > > + dma_free_coherent(dev, > > + ELE_GET_INFO_BUFF_SZ, > > + get_info_data, > > + get_info_addr); > > + > > + return ret; > > +} > > + > > +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 > > +*serial_num) { > > + struct ele_dev_info s_info = {0}; > > + int err = 0; > > Nit: needn't set err to 0 if following set it unconditional Accepted. Will correct it in v8. > > err = ele_get_info(dev, &s_info); > > Frank > > > + > > + err = ele_get_info(dev, &s_info); > > + if (err < 0) { > > + dev_err(dev, "Error"); > > + return err; > > + } > > + > > + if (soc_rev) > > + *soc_rev = s_info.d_info.soc_rev; > > + if (serial_num) > > + *serial_num = > GET_SERIAL_NUM_FROM_UID(s_info.d_info.uid, > > +MAX_UID_SIZE >> 2); > > + > > + return err; > > +} > > + > > +int ele_ping(struct device *dev) > > +{ > > + struct se_if_priv *priv = dev_get_drvdata(dev); > > + struct se_api_msg *tx_msg __free(kfree) = NULL; > > + struct se_api_msg *rx_msg __free(kfree) = NULL; > > + int ret = 0; > > + > > + if (!priv) { > > + ret = -EINVAL; > > + goto exit; > > + } > > + > > + tx_msg = kzalloc(ELE_PING_REQ_SZ, GFP_KERNEL); > > + if (!tx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + rx_msg = kzalloc(ELE_PING_RSP_SZ, GFP_KERNEL); > > + if (!rx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + ret = se_fill_cmd_msg_hdr(priv, > > + (struct se_msg_hdr *)&tx_msg->header, > > + ELE_PING_REQ, ELE_PING_REQ_SZ, true); > > + if (ret) { > > + dev_err(dev, "Error: se_fill_cmd_msg_hdr failed.\n"); > > + goto exit; > > + } > > + > > + ret = ele_msg_send_rcv(priv, > > + tx_msg, > > + ELE_PING_REQ_SZ, > > + rx_msg, > > + ELE_PING_RSP_SZ); > > + if (ret) > > + goto exit; > > + > > + ret = se_val_rsp_hdr_n_status(priv, > > + rx_msg, > > + ELE_PING_REQ, > > + ELE_PING_RSP_SZ, > > + true); > > +exit: > > + return ret; > > +} > > + > > +int ele_service_swap(struct device *dev, > > + phys_addr_t addr, > > + u32 addr_size, u16 flag) > > +{ > > + struct se_if_priv *priv = dev_get_drvdata(dev); > > + struct se_api_msg *tx_msg __free(kfree) = NULL; > > + struct se_api_msg *rx_msg __free(kfree) = NULL; > > + int ret = 0; > > + > > + if (!priv) { > > + ret = -EINVAL; > > + goto exit; > > + } > > + > > + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ, GFP_KERNEL); > > + if (!tx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ, GFP_KERNEL); > > + if (!rx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + ret = se_fill_cmd_msg_hdr(priv, > > + (struct se_msg_hdr *)&tx_msg->header, > > + ELE_SERVICE_SWAP_REQ, > > + ELE_SERVICE_SWAP_REQ_MSG_SZ, true); > > + if (ret) > > + goto exit; > > + > > + tx_msg->data[0] = flag; > > + tx_msg->data[1] = addr_size; > > + tx_msg->data[2] = ELE_NONE_VAL; > > + tx_msg->data[3] = lower_32_bits(addr); > > + tx_msg->data[4] = se_add_msg_crc((uint32_t *)&tx_msg[0], > > + > ELE_SERVICE_SWAP_REQ_MSG_SZ); > > + ret = ele_msg_send_rcv(priv, > > + tx_msg, > > + ELE_SERVICE_SWAP_REQ_MSG_SZ, > > + rx_msg, > > + ELE_SERVICE_SWAP_RSP_MSG_SZ); > > + if (ret < 0) > > + goto exit; > > + > > + ret = se_val_rsp_hdr_n_status(priv, > > + rx_msg, > > + ELE_SERVICE_SWAP_REQ, > > + ELE_SERVICE_SWAP_RSP_MSG_SZ, > > + true); > > + if (ret) > > + goto exit; > > + > > + if (flag == ELE_IMEM_EXPORT) > > + ret = rx_msg->data[1]; > > + else > > + ret = 0; > > + > > +exit: > > + > > + return ret; > > +} > > + > > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr) { > > + struct se_if_priv *priv = dev_get_drvdata(dev); > > + struct se_api_msg *tx_msg __free(kfree) = NULL; > > + struct se_api_msg *rx_msg __free(kfree) = NULL; > > + int ret = 0; > > + > > + if (!priv) { > > + ret = -EINVAL; > > + goto exit; > > + } > > + > > + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ, GFP_KERNEL); > > + if (!tx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ, GFP_KERNEL); > > + if (!rx_msg) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + ret = se_fill_cmd_msg_hdr(priv, > > + (struct se_msg_hdr *)&tx_msg->header, > > + ELE_FW_AUTH_REQ, > > + ELE_FW_AUTH_REQ_SZ, > > + true); > > + if (ret) > > + goto exit; > > + > > + tx_msg->data[1] = upper_32_bits(addr); > > + tx_msg->data[0] = lower_32_bits(addr); > > + tx_msg->data[2] = addr; > > + > > + ret = ele_msg_send_rcv(priv, > > + tx_msg, > > + ELE_FW_AUTH_REQ_SZ, > > + rx_msg, > > + ELE_FW_AUTH_RSP_MSG_SZ); > > + if (ret < 0) > > + goto exit; > > + > > + ret = se_val_rsp_hdr_n_status(priv, > > + rx_msg, > > + ELE_FW_AUTH_REQ, > > + ELE_FW_AUTH_RSP_MSG_SZ, > > + true); > > +exit: > > + return ret; > > +} > > diff --git a/drivers/firmware/imx/ele_base_msg.h > > b/drivers/firmware/imx/ele_base_msg.h > > new file mode 100644 > > index 000000000000..88ccfce8c8f7 > > --- /dev/null > > +++ b/drivers/firmware/imx/ele_base_msg.h > > @@ -0,0 +1,95 @@ > > +/* SPDX-License-Identifier: GPL-2.0+ */ > > +/* > > + * Copyright 2024 NXP > > + * > > + * Header file for the EdgeLock Enclave Base API(s). > > + */ > > + > > +#ifndef ELE_BASE_MSG_H > > +#define ELE_BASE_MSG_H > > + > > +#include <linux/device.h> > > +#include <linux/types.h> > > + > > +#define WORD_SZ 4 > > +#define ELE_NONE_VAL 0x0 > > + > > +#define ELE_GET_INFO_REQ 0xDA > > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10 > > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08 > > + > > +#define DEFAULT_IMX_SOC_VER 0xA000 > > +#define SOC_VER_MASK 0xFFFF0000 > > +#define SOC_ID_MASK 0x0000FFFF > > + > > +#define MAX_UID_SIZE (16) > > +#define DEV_GETINFO_ROM_PATCH_SHA_SZ (32) > > +#define DEV_GETINFO_FW_SHA_SZ (32) > > +#define DEV_GETINFO_OEM_SRKH_SZ (64) > > +#define DEV_GETINFO_MIN_VER_MASK 0xFF > > +#define DEV_GETINFO_MAJ_VER_MASK 0xFF00 > > +#define ELE_DEV_INFO_EXTRA_SZ 0x60 > > + > > +struct dev_info { > > + uint8_t cmd; > > + uint8_t ver; > > + uint16_t length; > > + uint16_t soc_id; > > + uint16_t soc_rev; > > + uint16_t lmda_val; > > + uint8_t ssm_state; > > + uint8_t dev_atts_api_ver; > > + uint8_t uid[MAX_UID_SIZE]; > > + uint8_t sha_rom_patch[DEV_GETINFO_ROM_PATCH_SHA_SZ]; > > + uint8_t sha_fw[DEV_GETINFO_FW_SHA_SZ]; }; > > + > > +struct dev_addn_info { > > + uint8_t oem_srkh[DEV_GETINFO_OEM_SRKH_SZ]; > > + uint8_t trng_state; > > + uint8_t csal_state; > > + uint8_t imem_state; > > + uint8_t reserved2; > > +}; > > + > > +struct ele_dev_info { > > + struct dev_info d_info; > > + struct dev_addn_info d_addn_info; > > +}; > > + > > +#define ELE_GET_INFO_BUFF_SZ (sizeof(struct ele_dev_info) \ > > + + ELE_DEV_INFO_EXTRA_SZ) > > + > > +#define GET_SERIAL_NUM_FROM_UID(x, uid_word_sz) \ > > + (((u64)(((u32 *)(x))[(uid_word_sz) - 1]) << 32) | ((u32 *)(x))[0]) > > + > > +#define ELE_DEBUG_DUMP_REQ 0x21 > > +#define ELE_DEBUG_DUMP_RSP_SZ 0x14 > > + > > +#define ELE_PING_REQ 0x01 > > +#define ELE_PING_REQ_SZ 0x04 > > +#define ELE_PING_RSP_SZ 0x08 > > + > > +#define ELE_SERVICE_SWAP_REQ 0xDF > > +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18 > > +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C > > +#define ELE_IMEM_SIZE 0x10000 > > +#define ELE_IMEM_STATE_OK 0xCA > > +#define ELE_IMEM_STATE_BAD 0xFE > > +#define ELE_IMEM_STATE_WORD 0x27 > > +#define ELE_IMEM_STATE_MASK 0x00ff0000 > > +#define ELE_IMEM_EXPORT 0x1 > > +#define ELE_IMEM_IMPORT 0x2 > > + > > +#define ELE_FW_AUTH_REQ 0x02 > > +#define ELE_FW_AUTH_REQ_SZ 0x10 > > +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08 > > + > > +int ele_get_info(struct device *dev, struct ele_dev_info *s_info); > > +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 > > +*serial_num); int ele_ping(struct device *dev); int > > +ele_service_swap(struct device *dev, > > + phys_addr_t addr, > > + u32 addr_size, u16 flag); > > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr); #endif > > diff --git a/drivers/firmware/imx/ele_common.c > > b/drivers/firmware/imx/ele_common.c > > new file mode 100644 > > index 000000000000..a06d7015d3f1 > > --- /dev/null > > +++ b/drivers/firmware/imx/ele_common.c > > @@ -0,0 +1,306 @@ > > +// SPDX-License-Identifier: GPL-2.0+ > > +/* > > + * Copyright 2024 NXP > > + */ > > + > > +#include "ele_base_msg.h" > > +#include "ele_common.h" > > + > > +u32 se_add_msg_crc(u32 *msg, u32 msg_len) { > > + u32 nb_words = msg_len / (u32)sizeof(u32); > > + u32 crc = 0; > > + u32 i; > > + > > + for (i = 0; i < nb_words - 1; i++) > > + crc ^= *(msg + i); > > + > > + return crc; > > +} > > + > > +int ele_msg_rcv(struct se_if_priv *priv, > > + struct se_clbk_handle *se_clbk_hdl) { > > + int err = 0; > > + > > + err = wait_event_interruptible(se_clbk_hdl->wq, > > + atomic_read(&se_clbk_hdl- > >pending_hdr) != 0); > > + if (err < 0) > > + dev_err(priv->dev, > > + "Err[0x%x]:Interrupted by signal.\n", > > + err); > > + else > > + err = se_clbk_hdl->rx_msg_sz; > > + > > + atomic_dec(&se_clbk_hdl->pending_hdr); > > + > > + return err; > > +} > > + > > +int ele_msg_send(struct se_if_priv *priv, > > + void *tx_msg, > > + int tx_msg_sz) > > +{ > > + struct se_msg_hdr *header; > > + int err; > > + > > + header = tx_msg; > > + > > + /* > > + * Check that the size passed as argument matches the size > > + * carried in the message. > > + */ > > + if (header->size << 2 != tx_msg_sz) { > > + err = -EINVAL; > > + dev_err(priv->dev, > > + "User buf hdr: 0x%x, sz mismatced with input-sz > (%d != %d).", > > + *(u32 *)header, > > + header->size << 2, tx_msg_sz); > > + goto exit; > > + } > > + guard(mutex)(&priv->se_if_lock); > > + > > + err = mbox_send_message(priv->tx_chan, tx_msg); > > + if (err < 0) { > > + dev_err(priv->dev, "Error: mbox_send_message failure.\n"); > > + return err; > > + } > > + err = tx_msg_sz; > > + > > +exit: > > + return err; > > +} > > + > > +/* API used for send/receive blocking call. */ int > > +ele_msg_send_rcv(struct se_if_priv *priv, > > + void *tx_msg, > > + int tx_msg_sz, > > + void *rx_msg, > > + int exp_rx_msg_sz) > > +{ > > + int err; > > + > > + guard(mutex)(&priv->se_if_cmd_lock); > > + > > + priv->waiting_rsp_clbk_hdl.rx_msg_sz = exp_rx_msg_sz; > > + priv->waiting_rsp_clbk_hdl.rx_msg = rx_msg; > > + > > + err = ele_msg_send(priv, tx_msg, tx_msg_sz); > > + if (err < 0) > > + goto exit; > > + > > + err = ele_msg_rcv(priv, &priv->waiting_rsp_clbk_hdl); > > +exit: > > + return err; > > +} > > + > > +static bool exception_for_size(struct se_if_priv *priv, > > + struct se_msg_hdr *header) > > +{ > > + /* List of API(s) that can be accepte variable length > > + * response buffer. > > + */ > > + if (header->command == ELE_DEBUG_DUMP_REQ && > > + header->ver == priv->base_api_ver && > > + header->size >= 0 && > > + header->size <= ELE_DEBUG_DUMP_RSP_SZ) > > + return true; > > + > > + return false; > > +} > > + > > +/* > > + * Callback called by mailbox FW, when data is received. > > + */ > > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg) { > > + struct se_clbk_handle *se_clbk_hdl; > > + struct device *dev = mbox_cl->dev; > > + struct se_msg_hdr *header; > > + struct se_if_priv *priv; > > + u32 rx_msg_sz; > > + > > + priv = dev_get_drvdata(dev); > > + > > + /* The function can be called with NULL msg */ > > + if (!msg) { > > + dev_err(dev, "Message is invalid\n"); > > + return; > > + } > > + > > + header = msg; > > + rx_msg_sz = header->size << 2; > > + > > + /* Incoming command: wake up the receiver if any. */ > > + if (header->tag == priv->cmd_tag) { > > + se_clbk_hdl = &priv->cmd_receiver_clbk_hdl; > > + dev_dbg(dev, > > + "Selecting cmd receiver for mesg header:0x%x.", > > + *(u32 *) header); > > + > > + /* Pre-allocated buffer of MAX_NVM_MSG_LEN > > + * as the NVM command are initiated by FW. > > + * Size is revealed as part of this call function. > > + */ > > + if (rx_msg_sz > MAX_NVM_MSG_LEN) { > > + dev_err(dev, > > + "CMD-RCVER NVM: hdr(0x%x) with different > sz(%d != %d).\n", > > + *(u32 *) header, > > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > > + > > + se_clbk_hdl->rx_msg_sz = MAX_NVM_MSG_LEN; > > + } > > + se_clbk_hdl->rx_msg_sz = rx_msg_sz; > > + > > + } else if (header->tag == priv->rsp_tag) { > > + se_clbk_hdl = &priv->waiting_rsp_clbk_hdl; > > + dev_dbg(dev, > > + "Selecting resp waiter for mesg header:0x%x.", > > + *(u32 *) header); > > + > > + if (rx_msg_sz != se_clbk_hdl->rx_msg_sz > > + && !exception_for_size(priv, header)) { > > + dev_err(dev, > > + "Rsp to CMD: hdr(0x%x) with different > sz(%d != %d).\n", > > + *(u32 *) header, > > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > > + > > + se_clbk_hdl->rx_msg_sz = min(rx_msg_sz, > se_clbk_hdl->rx_msg_sz); > > + } > > + } else { > > + dev_err(dev, "Failed to select a device for message: %.8x\n", > > + *((u32 *) header)); > > + return; > > + } > > + > > + memcpy(se_clbk_hdl->rx_msg, msg, se_clbk_hdl->rx_msg_sz); > > + > > + /* Allow user to read */ > > + atomic_inc(&se_clbk_hdl->pending_hdr); > > + > > + wake_up_interruptible(&se_clbk_hdl->wq); > > +} > > + > > +int se_val_rsp_hdr_n_status(struct se_if_priv *priv, > > + struct se_api_msg *msg, > > + uint8_t msg_id, > > + uint8_t sz, > > + bool is_base_api) > > +{ > > + u32 status; > > + struct se_msg_hdr *header = &msg->header; > > + > > + if (header->tag != priv->rsp_tag) { > > + dev_err(priv->dev, > > + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != > 0x%x)", > > + msg_id, header->tag, priv->rsp_tag); > > + return -EINVAL; > > + } > > + > > + if (header->command != msg_id) { > > + dev_err(priv->dev, > > + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)", > > + header->command, msg_id); > > + return -EINVAL; > > + } > > + > > + if (header->size != (sz >> 2)) { > > + dev_err(priv->dev, > > + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != > 0x%x)", > > + msg_id, header->size, (sz >> 2)); > > + return -EINVAL; > > + } > > + > > + if (is_base_api && (header->ver != priv->base_api_ver)) { > > + dev_err(priv->dev, > > + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != > 0x%x)", > > + msg_id, header->ver, priv->base_api_ver); > > + return -EINVAL; > > + } else if (!is_base_api && header->ver != priv->fw_api_ver) { > > + dev_err(priv->dev, > > + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != > 0x%x)", > > + msg_id, header->ver, priv->fw_api_ver); > > + return -EINVAL; > > + } > > + > > + status = RES_STATUS(msg->data[0]); > > + if (status != priv->success_tag) { > > + dev_err(priv->dev, "Command Id[%d], Response Failure = > 0x%x", > > + header->command, status); > > + return -EPERM; > > + } > > + > > + return 0; > > +} > > + > > +int se_save_imem_state(struct se_if_priv *priv) { > > + int ret; > > + > > + /* EXPORT command will save encrypted IMEM to given address, > > + * so later in resume, IMEM can be restored from the given > > + * address. > > + * > > + * Size must be at least 64 kB. > > + */ > > + ret = ele_service_swap(priv->dev, > > + priv->imem.phyaddr, > > + ELE_IMEM_SIZE, > > + ELE_IMEM_EXPORT); > > + if (ret < 0) > > + dev_err(priv->dev, "Failed to export IMEM\n"); > > + else > > + dev_info(priv->dev, > > + "Exported %d bytes of encrypted IMEM\n", > > + ret); > > + > > + return ret; > > +} > > + > > +int se_restore_imem_state(struct se_if_priv *priv) { > > + struct ele_dev_info s_info; > > + int ret; > > + > > + /* get info from ELE */ > > + ret = ele_get_info(priv->dev, &s_info); > > + if (ret) { > > + dev_err(priv->dev, "Failed to get info from ELE.\n"); > > + return ret; > > + } > > + > > + /* Get IMEM state, if 0xFE then import IMEM */ > > + if (s_info.d_addn_info.imem_state == ELE_IMEM_STATE_BAD) { > > + /* IMPORT command will restore IMEM from the given > > + * address, here size is the actual size returned by ELE > > + * during the export operation > > + */ > > + ret = ele_service_swap(priv->dev, > > + priv->imem.phyaddr, > > + priv->imem.size, > > + ELE_IMEM_IMPORT); > > + if (ret) { > > + dev_err(priv->dev, "Failed to import IMEM\n"); > > + goto exit; > > + } > > + } else > > + goto exit; > > + > > + /* After importing IMEM, check if IMEM state is equal to 0xCA > > + * to ensure IMEM is fully loaded and > > + * ELE functionality can be used. > > + */ > > + ret = ele_get_info(priv->dev, &s_info); > > + if (ret) { > > + dev_err(priv->dev, "Failed to get info from ELE.\n"); > > + goto exit; > > + } > > + > > + if (s_info.d_addn_info.imem_state == ELE_IMEM_STATE_OK) > > + dev_info(priv->dev, "Successfully restored IMEM\n"); > > + else > > + dev_err(priv->dev, "Failed to restore IMEM\n"); > > + > > +exit: > > + return ret; > > +} > > diff --git a/drivers/firmware/imx/ele_common.h > > b/drivers/firmware/imx/ele_common.h > > new file mode 100644 > > index 000000000000..b05d62090337 > > --- /dev/null > > +++ b/drivers/firmware/imx/ele_common.h > > @@ -0,0 +1,51 @@ > > +/* SPDX-License-Identifier: GPL-2.0+ */ > > +/* > > + * Copyright 2024 NXP > > + */ > > + > > + > > +#ifndef __ELE_COMMON_H__ > > +#define __ELE_COMMON_H__ > > + > > +#include "se_ctrl.h" > > + > > +#define ELE_SUCCESS_IND 0xD6 > > + > > +#define IMX_ELE_FW_DIR "imx/ele/" > > + > > +uint32_t se_add_msg_crc(uint32_t *msg, uint32_t msg_len); int > > +ele_msg_rcv(struct se_if_priv *priv, > > + struct se_clbk_handle *se_clbk_hdl); int ele_msg_send(struct > > +se_if_priv *priv, > > + void *tx_msg, > > + int tx_msg_sz); > > +int ele_msg_send_rcv(struct se_if_priv *priv, > > + void *tx_msg, > > + int tx_msg_sz, > > + void *rx_msg, > > + int exp_rx_msg_sz); > > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg); int > > +se_val_rsp_hdr_n_status(struct se_if_priv *priv, > > + struct se_api_msg *msg, > > + uint8_t msg_id, > > + uint8_t sz, > > + bool is_base_api); > > + > > +/* Fill a command message header with a given command ID and length > > +in bytes. */ static inline int se_fill_cmd_msg_hdr(struct se_if_priv *priv, > > + struct se_msg_hdr *hdr, > > + u8 cmd, u32 len, > > + bool is_base_api) > > +{ > > + hdr->tag = priv->cmd_tag; > > + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver; > > + hdr->command = cmd; > > + hdr->size = len >> 2; > > + > > + return 0; > > +} > > + > > +int se_save_imem_state(struct se_if_priv *priv); int > > +se_restore_imem_state(struct se_if_priv *priv); > > + > > +#endif /*__ELE_COMMON_H__ */ > > diff --git a/drivers/firmware/imx/se_ctrl.c > > b/drivers/firmware/imx/se_ctrl.c new file mode 100644 index > > 000000000000..82b9fcf25535 > > --- /dev/null > > +++ b/drivers/firmware/imx/se_ctrl.c > > @@ -0,0 +1,515 @@ > > +// SPDX-License-Identifier: GPL-2.0+ > > +/* > > + * Copyright 2024 NXP > > + */ > > + > > +#include <linux/completion.h> > > +#include <linux/delay.h> > > +#include <linux/dev_printk.h> > > +#include <linux/dma-mapping.h> > > +#include <linux/errno.h> > > +#include <linux/export.h> > > +#include <linux/firmware.h> > > +#include <linux/firmware/imx/se_api.h> #include <linux/genalloc.h> > > +#include <linux/init.h> #include <linux/io.h> #include > > +<linux/miscdevice.h> #include <linux/mod_devicetable.h> #include > > +<linux/module.h> #include <linux/of_platform.h> #include > > +<linux/of_reserved_mem.h> #include <linux/platform_device.h> #include > > +<linux/slab.h> #include <linux/string.h> #include <linux/sys_soc.h> > > + > > +#include "ele_base_msg.h" > > +#include "ele_common.h" > > +#include "se_ctrl.h" > > + > > +#define RESERVED_DMA_POOL BIT(0) > > +#define MBOX_TX_NAME "tx" > > +#define MBOX_RX_NAME "rx" > > + > > +struct se_if_node_info { > > + u8 se_if_id; > > + u8 se_if_did; > > + u8 cmd_tag; > > + u8 rsp_tag; > > + u8 success_tag; > > + u8 base_api_ver; > > + u8 fw_api_ver; > > + u8 *se_name; > > + u8 *pool_name; > > + u8 *prim_fw_nm_in_rfs; > > + u8 *seco_fw_nm_in_rfs; > > + bool soc_register; > > + bool reserved_dma_ranges; > > + int (*se_fetch_soc_info)(struct device *dev, u16 *soc_rev, u64 > > +*serial_num); }; > > + > > +struct se_if_node_info_list { > > + u8 num_mu; > > + u16 soc_id; > > + struct se_if_node_info info[]; > > +}; > > + > > +static const struct se_if_node_info_list imx8ulp_info = { > > + .num_mu = 1, > > + .soc_id = SOC_ID_OF_IMX8ULP, > > + .info = { > > + { > > + .se_if_id = 2, > > + .se_if_did = 7, > > + .cmd_tag = 0x17, > > + .rsp_tag = 0xe1, > > + .success_tag = ELE_SUCCESS_IND, > > + .base_api_ver = MESSAGING_VERSION_6, > > + .fw_api_ver = MESSAGING_VERSION_7, > > + .se_name = "hsm1", > > + .pool_name = "sram", > > + .prim_fw_nm_in_rfs = IMX_ELE_FW_DIR > > + "mx8ulpa2-ahab- > container.img", > > + .seco_fw_nm_in_rfs = IMX_ELE_FW_DIR > > + "mx8ulpa2ext-ahab- > container.img", > > + .soc_register = true, > > + .reserved_dma_ranges = true, > > + .se_fetch_soc_info = ele_fetch_soc_info, > > + }, > > + }, > > +}; > > + > > +static const struct se_if_node_info_list imx93_info = { > > + .num_mu = 1, > > + .soc_id = SOC_ID_OF_IMX93, > > + .info = { > > + { > > + .se_if_id = 2, > > + .se_if_did = 3, > > + .cmd_tag = 0x17, > > + .rsp_tag = 0xe1, > > + .success_tag = ELE_SUCCESS_IND, > > + .base_api_ver = MESSAGING_VERSION_6, > > + .fw_api_ver = MESSAGING_VERSION_7, > > + .se_name = "hsm1", > > + .reserved_dma_ranges = true, > > + .soc_register = true, > > + }, > > + }, > > +}; > > + > > +static const struct of_device_id se_match[] = { > > + { .compatible = "fsl,imx8ulp-se", .data = (void *)&imx8ulp_info}, > > + { .compatible = "fsl,imx93-se", .data = (void *)&imx93_info}, > > + {}, > > +}; > > + > > +static const struct se_if_node_info > > + *get_se_if_node_info(const struct se_if_node_info_list *info_list, > > + const u32 idx) > > +{ > > + return &info_list->info[idx]; > > +} > > + > > +static int se_soc_info(struct se_if_priv *priv, > > + const struct se_if_node_info_list *info_list) { > > + const struct se_if_node_info *info; > > + struct soc_device_attribute *attr; > > + struct soc_device *sdev; > > + u64 serial_num; > > + u16 soc_rev; > > + int err = 0; > > + > > + info = priv->info; > > + > > + /* This function should be called once. > > + * Check if the soc_rev is zero to continue. > > + */ > > + if (priv->soc_rev) > > + return err; > > + > > + if (info->se_fetch_soc_info) { > > + err = info->se_fetch_soc_info(priv->dev, &soc_rev, > &serial_num); > > + if (err < 0) { > > + dev_err(priv->dev, "Failed to fetch SoC Info."); > > + return err; > > + } > > + } else { > > + dev_err(priv->dev, "Failed to fetch SoC revision."); > > + if (info->soc_register) > > + dev_err(priv->dev, "Failed to do SoC registration."); > > + err = -EINVAL; > > + return err; > > + } > > + > > + priv->soc_rev = soc_rev; > > + if (!info->soc_register) > > + return 0; > > + > > + attr = devm_kzalloc(priv->dev, sizeof(*attr), GFP_KERNEL); > > + if (!attr) > > + return -ENOMEM; > > + > > + if (FIELD_GET(DEV_GETINFO_MIN_VER_MASK, soc_rev)) > > + attr->revision = devm_kasprintf(priv->dev, GFP_KERNEL, > "%x.%x", > > + > FIELD_GET(DEV_GETINFO_MIN_VER_MASK, > > + soc_rev), > > + > FIELD_GET(DEV_GETINFO_MAJ_VER_MASK, > > + soc_rev)); > > + else > > + attr->revision = devm_kasprintf(priv->dev, GFP_KERNEL, "%x", > > + > FIELD_GET(DEV_GETINFO_MAJ_VER_MASK, > > + soc_rev)); > > + > > + switch (info_list->soc_id) { > > + case SOC_ID_OF_IMX8ULP: > > + attr->soc_id = devm_kasprintf(priv->dev, GFP_KERNEL, > > + "i.MX8ULP"); > > + break; > > + case SOC_ID_OF_IMX93: > > + attr->soc_id = devm_kasprintf(priv->dev, GFP_KERNEL, > > + "i.MX93"); > > + break; > > + } > > + > > + err = of_property_read_string(of_root, "model", > > + &attr->machine); > > + if (err) > > + return -EINVAL; > > + > > + attr->family = devm_kasprintf(priv->dev, GFP_KERNEL, "Freescale > > +i.MX"); > > + > > + attr->serial_number > > + = devm_kasprintf(priv->dev, GFP_KERNEL, "%016llX", > serial_num); > > + > > + sdev = soc_device_register(attr); > > + if (IS_ERR(sdev)) > > + return PTR_ERR(sdev); > > + > > + return 0; > > +} > > + > > +/* interface for managed res to free a mailbox channel */ static void > > +if_mbox_free_channel(void *mbox_chan) { > > + mbox_free_channel(mbox_chan); > > +} > > + > > +static int se_if_request_channel(struct device *dev, > > + struct mbox_chan **chan, > > + struct mbox_client *cl, > > + const char *name) > > +{ > > + struct mbox_chan *t_chan; > > + int ret = 0; > > + > > + t_chan = mbox_request_channel_byname(cl, name); > > + if (IS_ERR(t_chan)) { > > + ret = PTR_ERR(t_chan); > > + return dev_err_probe(dev, ret, > > + "Failed to request %s channel.", name); > > + } > > + > > + ret = devm_add_action(dev, if_mbox_free_channel, t_chan); > > + if (ret) { > > + dev_err(dev, "failed to add devm removal of mbox %s\n", > name); > > + goto exit; > > + } > > + > > + *chan = t_chan; > > + > > +exit: > > + return ret; > > +} > > + > > +static void se_if_probe_cleanup(struct platform_device *pdev) { > > + struct device *dev = &pdev->dev; > > + struct se_if_priv *priv; > > + > > + priv = dev_get_drvdata(dev); > > + > > + /* In se_if_request_channel(), passed the clean-up functional > > + * pointer reference as action to devm_add_action(). > > + * No need to free the mbox channels here. > > + */ > > + > > + /* free the buffer in se remove, previously allocated > > + * in se probe to store encrypted IMEM > > + */ > > + if (priv->imem.buf) { > > + dmam_free_coherent(dev, > > + ELE_IMEM_SIZE, > > + priv->imem.buf, > > + priv->imem.phyaddr); > > + priv->imem.buf = NULL; > > + } > > + > > + /* No need to check, if reserved memory is allocated > > + * before calling for its release. Or clearing the > > + * un-set bit. > > + */ > > + of_reserved_mem_device_release(dev); > > +} > > + > > +static void se_load_firmware(const struct firmware *fw, void > > +*context) { > > + struct se_if_priv *priv = context; > > + const struct se_if_node_info *info = priv->info; > > + phys_addr_t se_fw_phyaddr; > > + u8 *se_fw_buf; > > + int ret; > > + > > + if (!fw) { > > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES) > > + dev_dbg(priv->dev, > > + "External FW not found, using ROM FW.\n"); > > + else { > > + /*add a bit delay to wait for firmware priv released */ > > + msleep(20); > > + > > + /* Load firmware one more time if timeout */ > > + request_firmware_nowait(THIS_MODULE, > > + FW_ACTION_UEVENT, priv- > >se_img_file_to_load, > > + priv->dev, GFP_KERNEL, priv, > > + se_load_firmware); > > + priv->fw_fail++; > > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n", > > + priv->fw_fail); > > + } > > + > > + return; > > + } > > + > > + dev_info(priv->dev, "loading firmware %s\n", > > +priv->se_img_file_to_load); > > + > > + /* allocate buffer to store the SE FW */ > > + se_fw_buf = dma_alloc_coherent(priv->dev, fw->size, > > + &se_fw_phyaddr, GFP_KERNEL); > > + if (!se_fw_buf) > > + goto exit; > > + > > + memcpy(se_fw_buf, fw->data, fw->size); > > + ret = ele_fw_authenticate(priv->dev, se_fw_phyaddr); > > + if (ret < 0) > > + dev_err(priv->dev, > > + "Error %pe: Authenticate & load SE firmware %s.\n", > > + ERR_PTR(ret), > > + priv->se_img_file_to_load); > > + > > + dma_free_coherent(priv->dev, > > + fw->size, > > + se_fw_buf, > > + se_fw_phyaddr); > > + > > + if (priv->imem.state == ELE_IMEM_STATE_BAD && > > + priv->se_img_file_to_load == info->prim_fw_nm_in_rfs) { > > + priv->se_img_file_to_load = info->seco_fw_nm_in_rfs; > > + request_firmware_nowait(THIS_MODULE, > > + FW_ACTION_UEVENT, priv- > >se_img_file_to_load, > > + priv->dev, GFP_KERNEL, priv, > > + se_load_firmware); > > + } > > + > > +exit: > > + release_firmware(fw); > > +} > > + > > +static int se_if_probe(struct platform_device *pdev) { > > + const struct se_if_node_info_list *info_list; > > + const struct se_if_node_info *info; > > + struct device *dev = &pdev->dev; > > + struct se_if_priv *priv; > > + u32 idx; > > + int ret; > > + > > + idx = GET_IDX_FROM_DEV_NODE_NAME(dev->of_node); > > + info_list = device_get_match_data(dev); > > + if (idx >= info_list->num_mu) { > > + dev_err(dev, > > + "Incorrect node name :%s\n", > > + dev->of_node->full_name); > > + dev_err(dev, > > + "%s@<index>, acceptable index range is 0..%d\n", > > + dev->of_node->name, > > + info_list->num_mu - 1); > > + ret = -EINVAL; > > + return ret; > > + } > > + > > + info = get_se_if_node_info(info_list, idx); > > + if (!info) { > > + ret = -EINVAL; > > + goto exit; > > + } > > + > > + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); > > + if (!priv) { > > + ret = -ENOMEM; > > + goto exit; > > + } > > + > > + dev_set_drvdata(dev, priv); > > + > > + /* Mailbox client configuration */ > > + priv->se_mb_cl.dev = dev; > > + priv->se_mb_cl.tx_block = false; > > + priv->se_mb_cl.knows_txdone = true; > > + priv->se_mb_cl.rx_callback = se_if_rx_callback; > > + > > + ret = se_if_request_channel(dev, &priv->tx_chan, > > + &priv->se_mb_cl, MBOX_TX_NAME); > > + if (ret) > > + goto exit; > > + > > + ret = se_if_request_channel(dev, &priv->rx_chan, > > + &priv->se_mb_cl, MBOX_RX_NAME); > > + if (ret) > > + goto exit; > > + > > + priv->dev = dev; > > + priv->info = info; > > + > > + mutex_init(&priv->se_if_lock); > > + mutex_init(&priv->se_if_cmd_lock); > > + > > + atomic_set(&priv->waiting_rsp_clbk_hdl.pending_hdr, 0); > > + init_waitqueue_head(&priv->waiting_rsp_clbk_hdl.wq); > > + atomic_set(&priv->cmd_receiver_clbk_hdl.pending_hdr, 0); > > + init_waitqueue_head(&priv->cmd_receiver_clbk_hdl.wq); > > + > > + priv->cmd_tag = info->cmd_tag; > > + priv->rsp_tag = info->rsp_tag; > > + if (info->pool_name) { > > + priv->mem_pool = of_gen_pool_get(dev->of_node, > > + info->pool_name, 0); > > + if (!priv->mem_pool) { > > + dev_err(dev, > > + "Unable to get sram pool = %s\n", > > + info->pool_name); > > + return 0; > > + } > > why return 0 here? suppose should be goto exit? Accepted. Will correct in V8. > > > > + } > > + priv->success_tag = info->success_tag; > > + priv->base_api_ver = info->base_api_ver; > > + priv->fw_api_ver = info->fw_api_ver; > > + spin_lock_init(&priv->lock); > > + > > + if (info->reserved_dma_ranges) { > > + ret = of_reserved_mem_device_init(dev); > > + if (ret) { > > + dev_err(dev, > > + "failed to init reserved memory region %d\n", > > + ret); > > + goto exit; > > + } > > + } > > + > > + ret = se_soc_info(priv, info_list); > > + if (ret) { > > + dev_err(dev, > > + "failed[%pe] to fetch SoC Info\n", ERR_PTR(ret)); > > + goto exit; > > + } > > + > > + priv->se_img_file_to_load = info->seco_fw_nm_in_rfs; > > + if (info->prim_fw_nm_in_rfs) { > > + /* allocate buffer where SE store encrypted IMEM */ > > + priv->imem.buf = dmam_alloc_coherent(dev, > ELE_IMEM_SIZE, > > + &priv->imem.phyaddr, > > + GFP_KERNEL); > > + if (!priv->imem.buf) { > > + dev_err(dev, > > + "dmam-alloc-failed: To store encr-IMEM.\n"); > > + ret = -ENOMEM; > > + goto exit; > > + } > > + if (priv->imem.state == ELE_IMEM_STATE_BAD) > > + priv->se_img_file_to_load = info- > >prim_fw_nm_in_rfs; > > + } > > + > > + if (priv->se_img_file_to_load) { > > + ret = request_firmware_nowait(THIS_MODULE, > > + FW_ACTION_UEVENT, > > + priv->se_img_file_to_load, > > + dev, GFP_KERNEL, priv, > > + se_load_firmware); > > + if (ret) > > + dev_warn(dev, "Failed to get firmware [%s].\n", > > + priv->se_img_file_to_load); > > + ret = 0; > > + } > > + > > + dev_info(dev, "i.MX secure-enclave: %s interface to firmware, > configured.\n", > > + info->se_name); > > + return ret; > > + > > +exit: > > + /* if execution control reaches here, if probe fails. > > + * hence doing the cleanup > > + */ > > + se_if_probe_cleanup(pdev); > > > Suggest use devm_add_action(, se_if_probe_cleanup, ); so all "goto exit" > can change to > > return dev_err_probe(...); > > Frank > Accepted. Will correct in V8. > > + > > + return ret; > > +} > > + > > +static int se_if_remove(struct platform_device *pdev) { > > + se_if_probe_cleanup(pdev); > > + > > + return 0; > > +} > > + > > +static int se_suspend(struct device *dev) { > > + struct se_if_priv *priv = dev_get_drvdata(dev); > > + const struct se_if_node_info *info = priv->info; > > + int ret = 0; > > + > > + if (info && info->prim_fw_nm_in_rfs) { > > + ret = se_save_imem_state(priv); > > + if (ret < 0) > > + goto exit; > > + priv->imem.size = ret; > > + } > > +exit: > > + return ret; > > +} > > + > > +static int se_resume(struct device *dev) { > > + struct se_if_priv *priv = dev_get_drvdata(dev); > > + const struct se_if_node_info *info = priv->info; > > + > > + wake_up_interruptible(&priv->waiting_rsp_clbk_hdl.wq); > > + wake_up_interruptible(&priv->cmd_receiver_clbk_hdl.wq); > > + > > + if (info && info->prim_fw_nm_in_rfs) > > + se_restore_imem_state(priv); > > + > > + return 0; > > +} > > + > > +static const struct dev_pm_ops se_pm = { > > + RUNTIME_PM_OPS(se_suspend, se_resume, NULL) }; > > + > > +static struct platform_driver se_driver = { > > + .driver = { > > + .name = "fsl-se-fw", > > + .of_match_table = se_match, > > + .pm = &se_pm, > > + }, > > + .probe = se_if_probe, > > + .remove = se_if_remove, > > +}; > > +MODULE_DEVICE_TABLE(of, se_match); > > + > > +module_platform_driver(se_driver); > > + > > +MODULE_AUTHOR("Pankaj Gupta <pankaj.gupta@nxp.com>"); > > +MODULE_DESCRIPTION("iMX Secure Enclave Driver."); > > +MODULE_LICENSE("GPL"); > > diff --git a/drivers/firmware/imx/se_ctrl.h > > b/drivers/firmware/imx/se_ctrl.h new file mode 100644 index > > 000000000000..95050d3c7c88 > > --- /dev/null > > +++ b/drivers/firmware/imx/se_ctrl.h > > @@ -0,0 +1,99 @@ > > +/* SPDX-License-Identifier: GPL-2.0+ */ > > +/* > > + * Copyright 2024 NXP > > + */ > > + > > +#ifndef SE_MU_H > > +#define SE_MU_H > > + > > +#include <linux/miscdevice.h> > > +#include <linux/semaphore.h> > > +#include <linux/mailbox_client.h> > > + > > +#define MAX_FW_LOAD_RETRIES 50 > > + > > +#define RES_STATUS(x) FIELD_GET(0x000000ff, x) > > +#define MAX_NVM_MSG_LEN (256) > > +#define MESSAGING_VERSION_6 0x6 > > +#define MESSAGING_VERSION_7 0x7 > > +#define NODE_NAME "secure-enclave" > > + > > +#define GET_ASCII_TO_U8(diff, tens_chr, ones_chr) \ > > + ((diff > 2) ? (((tens_chr - '0') * 10) + (ones_chr - '0')) :\ > > + (tens_chr - '0')) > > + > > +#define GET_IDX_FROM_DEV_NODE_NAME(dev_of_node) \ > > + ((strlen(dev_of_node->full_name) > strlen(NODE_NAME)) ?\ > > + GET_ASCII_TO_U8((strlen(dev_of_node->full_name) - > strlen(NODE_NAME)),\ > > + dev_of_node- > >full_name[strlen(NODE_NAME) + 1], \ > > + dev_of_node- > >full_name[strlen(NODE_NAME) + 2]) : 0) > > + > > +struct se_clbk_handle { > > + wait_queue_head_t wq; > > + atomic_t pending_hdr; > > + u32 rx_msg_sz; > > + /* Assignment of the rx_msg buffer to held till the > > + * received content as part callback function, is copied. > > + */ > > + struct se_api_msg *rx_msg; > > +}; > > + > > +struct se_imem_buf { > > + u8 *buf; > > + phys_addr_t phyaddr; > > + u32 size; > > + u32 state; > > +}; > > + > > +/* Header of the messages exchange with the EdgeLock Enclave */ > > +struct se_msg_hdr { > > + u8 ver; > > + u8 size; > > + u8 command; > > + u8 tag; > > +} __packed; > > + > > +#define SE_MU_HDR_SZ 4 > > + > > +struct se_api_msg { > > + struct se_msg_hdr header; > > + u32 data[]; > > +}; > > + > > +struct se_if_priv { > > + struct se_clbk_handle cmd_receiver_clbk_hdl; > > + /* Update to the waiting_rsp_dev, to be protected > > + * under se_if_lock. > > + */ > > + struct se_clbk_handle waiting_rsp_clbk_hdl; > > + /* > > + * prevent parallel access to the se interface registers > > + * e.g. a user trying to send a command while the other one is > > + * sending a response. > > + */ > > + struct mutex se_if_lock; > > + /* > > + * prevent a command to be sent on the se interface while another > one is > > + * still processing. (response to a command is allowed) > > + */ > > + struct mutex se_if_cmd_lock; > > + struct device *dev; > > + struct gen_pool *mem_pool; > > + u8 cmd_tag; > > + u8 rsp_tag; > > + u8 success_tag; > > + u8 base_api_ver; > > + u8 fw_api_ver; > > + u32 fw_fail; > > + u16 soc_rev; > > + const void *info; > > + > > + struct mbox_client se_mb_cl; > > + struct mbox_chan *tx_chan, *rx_chan; > > + > > + spinlock_t lock; > > + struct se_imem_buf imem; > > + u8 *se_img_file_to_load; > > +}; > > + > > +#endif > > diff --git a/include/linux/firmware/imx/se_api.h > > b/include/linux/firmware/imx/se_api.h > > new file mode 100644 > > index 000000000000..c47f84906837 > > --- /dev/null > > +++ b/include/linux/firmware/imx/se_api.h > > @@ -0,0 +1,14 @@ > > +/* SPDX-License-Identifier: GPL-2.0+ */ > > +/* > > + * Copyright 2024 NXP > > + */ > > + > > +#ifndef __SE_API_H__ > > +#define __SE_API_H__ > > + > > +#include <linux/types.h> > > + > > +#define SOC_ID_OF_IMX8ULP 0x084D > > +#define SOC_ID_OF_IMX93 0x9300 > > + > > +#endif /* __SE_API_H__ */ > > > > -- > > 2.34.1 > >
On Wed, Sep 4, 2024 at 1:09 PM Pankaj Gupta <pankaj.gupta@nxp.com> wrote:
> Thanks for pointing it out. Will ensure not to repeat it.
Please trim your replies.
Your email had 341 lines and your response was on a single line.
Please remove unneeded noise in your replies.
On Wed, Sep 04, 2024 at 04:21:20PM +0530, Pankaj Gupta wrote: > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE), > are embedded in the SoC to support the features like HSM, SHE & V2X, > using message based communication interface. > > The secure enclave FW communicates on a dedicated messaging unit(MU) > based interface(s) with application core, where kernel is running. > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93. > > This patch adds the driver for communication interface to secure-enclave, > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock > Enclave (ELE) from Kernel-space, used by kernel management layers like > - DM-Crypt. > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> > --- > drivers/firmware/imx/Kconfig | 12 + > drivers/firmware/imx/Makefile | 2 + > drivers/firmware/imx/ele_base_msg.c | 286 ++++++++++++++++++++ > drivers/firmware/imx/ele_base_msg.h | 95 +++++++ > drivers/firmware/imx/ele_common.c | 306 +++++++++++++++++++++ > drivers/firmware/imx/ele_common.h | 51 ++++ > drivers/firmware/imx/se_ctrl.c | 515 ++++++++++++++++++++++++++++++++++++ > drivers/firmware/imx/se_ctrl.h | 99 +++++++ > include/linux/firmware/imx/se_api.h | 14 + > 9 files changed, 1380 insertions(+) > > diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig > index 183613f82a11..0f6877a24f0b 100644 > --- a/drivers/firmware/imx/Kconfig > +++ b/drivers/firmware/imx/Kconfig > @@ -22,3 +22,15 @@ config IMX_SCU > > This driver manages the IPC interface between host CPU and the > SCU firmware running on M4. > + > +config IMX_SEC_ENCLAVE > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver." > + depends on IMX_MBOX && ARCH_MXC && ARM64 > + default m if ARCH_MXC > + > + help > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called: > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93), > + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging > + Unit. This driver exposes these interfaces via a set of file descriptors > + allowing to configure shared memory, send and receive messages. > diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile > index 8f9f04a513a8..aa9033e0e9e3 100644 > --- a/drivers/firmware/imx/Makefile > +++ b/drivers/firmware/imx/Makefile > @@ -1,3 +1,5 @@ > # SPDX-License-Identifier: GPL-2.0 > obj-$(CONFIG_IMX_DSP) += imx-dsp.o > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o > diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c > new file mode 100644 > index 000000000000..e3e570a25e85 > --- /dev/null > +++ b/drivers/firmware/imx/ele_base_msg.c > @@ -0,0 +1,286 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright 2024 NXP > + */ > + > +#include <linux/types.h> > + > +#include <linux/completion.h> > +#include <linux/dma-mapping.h> > +#include <linux/genalloc.h> > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > + > +int ele_get_info(struct device *dev, struct ele_dev_info *s_info) I repeat once again: The context pointer argument should be struct se_if_priv *. Do not expect foreign code to pass in a struct device * here from which you blindly expect that it's the right one. > +int ele_fetch_soc_info(struct device *dev, u16 *soc_rev, u64 *serial_num) Also here and all the other functions in this file. > + * > + * Header file for the EdgeLock Enclave Base API(s). > + */ > + > +#ifndef ELE_BASE_MSG_H > +#define ELE_BASE_MSG_H > + > +#include <linux/device.h> > +#include <linux/types.h> > + > +#define WORD_SZ i4 Unused. > +#define ELE_NONE_VAL 0x0 > + > +#define ELE_GET_INFO_REQ 0xDA > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10 > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08 > + > +#define DEFAULT_IMX_SOC_VER 0xA000 Unused > +#define SOC_VER_MASK 0xFFFF0000 Unused > +int ele_msg_send(struct se_if_priv *priv, > + void *tx_msg, > + int tx_msg_sz) > +{ > + struct se_msg_hdr *header; > + int err; > + > + header = tx_msg; > + > + /* > + * Check that the size passed as argument matches the size > + * carried in the message. > + */ > + if (header->size << 2 != tx_msg_sz) { > + err = -EINVAL; > + dev_err(priv->dev, > + "User buf hdr: 0x%x, sz mismatced with input-sz (%d != %d).", > + *(u32 *)header, > + header->size << 2, tx_msg_sz); > + goto exit; > + } > + guard(mutex)(&priv->se_if_lock); Drop this mutex. All it does is to protect mbox_send_message() which already has its own locking. > + > + err = mbox_send_message(priv->tx_chan, tx_msg); > + if (err < 0) { > + dev_err(priv->dev, "Error: mbox_send_message failure.\n"); > + return err; > + } > + err = tx_msg_sz; > + > +exit: > + return err; > +} > + > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg) > +{ > + struct se_clbk_handle *se_clbk_hdl; > + struct device *dev = mbox_cl->dev; > + struct se_msg_hdr *header; > + struct se_if_priv *priv; > + u32 rx_msg_sz; > + > + priv = dev_get_drvdata(dev); > + > + /* The function can be called with NULL msg */ You already identified this as a possible case... > + if (!msg) { > + dev_err(dev, "Message is invalid\n"); ...so why print an error message here? > + return; > + } > + > + header = msg; > + rx_msg_sz = header->size << 2; > + > + /* Incoming command: wake up the receiver if any. */ > + if (header->tag == priv->cmd_tag) { > + se_clbk_hdl = &priv->cmd_receiver_clbk_hdl; > + dev_dbg(dev, > + "Selecting cmd receiver for mesg header:0x%x.", > + *(u32 *) header); > + > + /* Pre-allocated buffer of MAX_NVM_MSG_LEN > + * as the NVM command are initiated by FW. > + * Size is revealed as part of this call function. > + */ > + if (rx_msg_sz > MAX_NVM_MSG_LEN) { > + dev_err(dev, > + "CMD-RCVER NVM: hdr(0x%x) with different sz(%d != %d).\n", > + *(u32 *) header, > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + > + se_clbk_hdl->rx_msg_sz = MAX_NVM_MSG_LEN; > + } > + se_clbk_hdl->rx_msg_sz = rx_msg_sz; > + > + } else if (header->tag == priv->rsp_tag) { > + se_clbk_hdl = &priv->waiting_rsp_clbk_hdl; > + dev_dbg(dev, > + "Selecting resp waiter for mesg header:0x%x.", > + *(u32 *) header); > + > + if (rx_msg_sz != se_clbk_hdl->rx_msg_sz > + && !exception_for_size(priv, header)) { > + dev_err(dev, > + "Rsp to CMD: hdr(0x%x) with different sz(%d != %d).\n", > + *(u32 *) header, > + rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + > + se_clbk_hdl->rx_msg_sz = min(rx_msg_sz, se_clbk_hdl->rx_msg_sz); > + } > + } else { > + dev_err(dev, "Failed to select a device for message: %.8x\n", > + *((u32 *) header)); > + return; > + } > + > + memcpy(se_clbk_hdl->rx_msg, msg, se_clbk_hdl->rx_msg_sz); > + > + /* Allow user to read */ > + atomic_inc(&se_clbk_hdl->pending_hdr); > + > + wake_up_interruptible(&se_clbk_hdl->wq); You are rebuilding a completion here, why not use a completion then? > +#include <linux/mod_devicetable.h> > +#include <linux/module.h> > +#include <linux/of_platform.h> > +#include <linux/of_reserved_mem.h> > +#include <linux/platform_device.h> > +#include <linux/slab.h> > +#include <linux/string.h> > +#include <linux/sys_soc.h> > + > +#include "ele_base_msg.h" > +#include "ele_common.h" > +#include "se_ctrl.h" > + > +#define RESERVED_DMA_POOL BIT(0) Unused > +static void se_load_firmware(const struct firmware *fw, void *context) > +{ > + struct se_if_priv *priv = context; > + const struct se_if_node_info *info = priv->info; > + phys_addr_t se_fw_phyaddr; > + u8 *se_fw_buf; > + int ret; > + > + if (!fw) { > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES) > + dev_dbg(priv->dev, > + "External FW not found, using ROM FW.\n"); > + else { > + /*add a bit delay to wait for firmware priv released */ > + msleep(20); > + > + /* Load firmware one more time if timeout */ > + request_firmware_nowait(THIS_MODULE, > + FW_ACTION_UEVENT, priv->se_img_file_to_load, > + priv->dev, GFP_KERNEL, priv, > + se_load_firmware); > + priv->fw_fail++; > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n", > + priv->fw_fail); > + } > + > + return; > + } Are you continuously trying to load the firmware here in the hope that the rootfs is mounted before your retry counter exceeds? Don't do this. Sascha
On Wed, Sep 04, 2024 at 04:21:21PM +0530, Pankaj Gupta wrote: > Adds the driver for communication interface to secure-enclave, > for exchanging messages with NXP secure enclave HW IP(s) like > EdgeLock Enclave from: > - User-Space Applications via character driver. > > ABI documentation for the NXP secure-enclave driver. > > User-space library using this driver: > - i.MX Secure Enclave library: > -- URL: https://github.com/nxp-imx/imx-secure-enclave.git, > - i.MX Secure Middle-Ware: > -- URL: https://github.com/nxp-imx/imx-smw.git > > Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> > --- > Documentation/ABI/testing/se-cdev | 43 ++ > drivers/firmware/imx/ele_base_msg.c | 8 +- > drivers/firmware/imx/ele_common.c | 36 +- > drivers/firmware/imx/ele_common.h | 6 +- > drivers/firmware/imx/se_ctrl.c | 790 ++++++++++++++++++++++++++++++++++++ > drivers/firmware/imx/se_ctrl.h | 52 +++ > include/uapi/linux/se_ioctl.h | 94 +++++ > 7 files changed, 1010 insertions(+), 19 deletions(-) > > diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c > index e3e570a25e85..ae200ce64100 100644 > --- a/drivers/firmware/imx/ele_base_msg.c > +++ b/drivers/firmware/imx/ele_base_msg.c > @@ -68,7 +68,7 @@ int ele_get_info(struct device *dev, struct ele_dev_info *s_info) > tx_msg->data[0] = upper_32_bits(get_info_addr); > tx_msg->data[1] = lower_32_bits(get_info_addr); > tx_msg->data[2] = sizeof(*s_info); > - ret = ele_msg_send_rcv(priv, > + ret = ele_msg_send_rcv(priv->priv_dev_ctx, > tx_msg, > ELE_GET_INFO_REQ_MSG_SZ, > rx_msg, > @@ -150,7 +150,7 @@ int ele_ping(struct device *dev) > goto exit; > } > > - ret = ele_msg_send_rcv(priv, > + ret = ele_msg_send_rcv(priv->priv_dev_ctx, > tx_msg, > ELE_PING_REQ_SZ, > rx_msg, > @@ -206,7 +206,7 @@ int ele_service_swap(struct device *dev, > tx_msg->data[3] = lower_32_bits(addr); > tx_msg->data[4] = se_add_msg_crc((uint32_t *)&tx_msg[0], > ELE_SERVICE_SWAP_REQ_MSG_SZ); > - ret = ele_msg_send_rcv(priv, > + ret = ele_msg_send_rcv(priv->priv_dev_ctx, > tx_msg, > ELE_SERVICE_SWAP_REQ_MSG_SZ, > rx_msg, > @@ -268,7 +268,7 @@ int ele_fw_authenticate(struct device *dev, phys_addr_t addr) > tx_msg->data[0] = lower_32_bits(addr); > tx_msg->data[2] = addr; > > - ret = ele_msg_send_rcv(priv, > + ret = ele_msg_send_rcv(priv->priv_dev_ctx, > tx_msg, > ELE_FW_AUTH_REQ_SZ, > rx_msg, > diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c > index a06d7015d3f1..9114c3594567 100644 > --- a/drivers/firmware/imx/ele_common.c > +++ b/drivers/firmware/imx/ele_common.c > @@ -18,16 +18,18 @@ u32 se_add_msg_crc(u32 *msg, u32 msg_len) > return crc; > } > > -int ele_msg_rcv(struct se_if_priv *priv, > +int ele_msg_rcv(struct se_if_device_ctx *dev_ctx, > struct se_clbk_handle *se_clbk_hdl) > { > + struct se_if_priv *priv = dev_ctx->priv; > int err = 0; > > err = wait_event_interruptible(se_clbk_hdl->wq, > atomic_read(&se_clbk_hdl->pending_hdr) != 0); > if (err < 0) > dev_err(priv->dev, > - "Err[0x%x]:Interrupted by signal.\n", > + "%s: Err[0x%x]:Interrupted by signal.\n", > + se_clbk_hdl->dev_ctx->devname, > err); > else > err = se_clbk_hdl->rx_msg_sz; > @@ -37,10 +39,11 @@ int ele_msg_rcv(struct se_if_priv *priv, > return err; > } > > -int ele_msg_send(struct se_if_priv *priv, > +int ele_msg_send(struct se_if_device_ctx *dev_ctx, > void *tx_msg, > int tx_msg_sz) > { > + struct se_if_priv *priv = dev_ctx->priv; > struct se_msg_hdr *header; > int err; > > @@ -53,7 +56,8 @@ int ele_msg_send(struct se_if_priv *priv, > if (header->size << 2 != tx_msg_sz) { > err = -EINVAL; > dev_err(priv->dev, > - "User buf hdr: 0x%x, sz mismatced with input-sz (%d != %d).", > + "%s: User buf hdr: 0x%x, sz mismatced with input-sz (%d != %d).", > + dev_ctx->devname, > *(u32 *)header, > header->size << 2, tx_msg_sz); > goto exit; > @@ -62,7 +66,9 @@ int ele_msg_send(struct se_if_priv *priv, > > err = mbox_send_message(priv->tx_chan, tx_msg); > if (err < 0) { > - dev_err(priv->dev, "Error: mbox_send_message failure.\n"); > + dev_err(priv->dev, > + "%s: Error: mbox_send_message failure.", > + dev_ctx->devname); > return err; > } > err = tx_msg_sz; > @@ -72,24 +78,26 @@ int ele_msg_send(struct se_if_priv *priv, > } > > /* API used for send/receive blocking call. */ > -int ele_msg_send_rcv(struct se_if_priv *priv, > +int ele_msg_send_rcv(struct se_if_device_ctx *dev_ctx, You are heavily patching a file you introduced just in the last patch. It seems you have messed up while rebasing. Please cleanup. > +static int se_ioctl_cmd_snd_rcv_rsp_handler(struct se_if_device_ctx *dev_ctx, > + u64 arg) > +{ > + struct se_if_priv *priv = dev_ctx->priv; > + struct se_ioctl_cmd_snd_rcv_rsp_info cmd_snd_rcv_rsp_info; > + struct se_api_msg *tx_msg __free(kfree) = NULL; > + struct se_api_msg *rx_msg __free(kfree) = NULL; > + int err = 0; > + > + if (down_interruptible(&dev_ctx->fops_lock)) > + return -EBUSY; > + > + if (dev_ctx->status != SE_IF_CTX_OPENED) { > + err = -EINVAL; > + goto exit; > + } You don't need this. Just trust Linux that it won't call your ioctl/read/write ops when the device is not opened. > + > + if (copy_from_user(&cmd_snd_rcv_rsp_info, (u8 *)arg, > + sizeof(cmd_snd_rcv_rsp_info))) { > + dev_err(dev_ctx->priv->dev, You have priv as a variable already, please use it throughout this function. > +static ssize_t se_if_fops_read(struct file *fp, char __user *buf, > + size_t size, loff_t *ppos) > +{ > + struct se_if_device_ctx *dev_ctx = fp->private_data; > + struct se_if_priv *priv = dev_ctx->priv; > + int err; > + > + dev_dbg(priv->dev, > + "%s: read to buf %p(%zu), ppos=%lld\n", > + dev_ctx->miscdev.name, > + buf, size, ((ppos) ? *ppos : 0)); > + > + if (down_interruptible(&dev_ctx->fops_lock)) > + return -EBUSY; > + > + if (dev_ctx->status != SE_IF_CTX_OPENED) { > + err = -EINVAL; > + goto exit; > + } > + > + if (dev_ctx != priv->cmd_receiver_clbk_hdl.dev_ctx) { > + err = -EINVAL; > + goto exit; > + } > + > + err = ele_msg_rcv(dev_ctx, &priv->cmd_receiver_clbk_hdl); > + if (err < 0) { > + dev_err(dev_ctx->priv->dev, > + "%s: Err[0x%x]:Interrupted by signal.\n", > + dev_ctx->devname, err); > + dev_err(dev_ctx->priv->dev, > + "Current active dev-ctx count = %d.\n", > + dev_ctx->priv->active_devctx_count); active_devctx_count is never used except for printing this message. I don't think it provides meaningful information for userspace. Just dorp it. > + dma_free_coherent(priv->dev, MAX_DATA_SIZE_PER_USER, > + se_shared_mem_mgmt->non_secure_mem.ptr, > + se_shared_mem_mgmt->non_secure_mem.dma_addr); > + > + se_shared_mem_mgmt->non_secure_mem.ptr = NULL; > + se_shared_mem_mgmt->non_secure_mem.dma_addr = 0; > + se_shared_mem_mgmt->non_secure_mem.size = 0; > + se_shared_mem_mgmt->non_secure_mem.pos = 0; > +} > + > +/* Need to copy the output data to user-device context. > + */ > +int se_dev_ctx_cpy_out_data(struct se_shared_mem_mgmt_info *se_shared_mem_mgmt) Only used in this file. Make it static. > +{ > + struct se_if_device_ctx *dev_ctx = container_of(se_shared_mem_mgmt, > + typeof(*dev_ctx), > + se_shared_mem_mgmt); This function is only ever called like: se_dev_ctx_cpy_out_data(&dev_ctx->se_shared_mem_mgmt); Instead of this back and forth you could pass a struct se_if_device_ctx * directly. > +static int add_b_desc_to_pending_list(void *shared_ptr_with_pos, > + struct se_ioctl_setup_iobuf *io, > + struct se_shared_mem_mgmt_info *se_shared_mem_mgmt) > +{ > + struct se_buf_desc *b_desc = NULL; > + > + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL); > + if (!b_desc) > + return -ENOMEM; > + > + if (b_desc) { b_desc is not NULL here. > + b_desc->shared_buf_ptr = shared_ptr_with_pos; > + b_desc->usr_buf_ptr = io->user_buf; > + b_desc->size = io->length; > + > + if (io->flags & SE_IO_BUF_FLAGS_IS_INPUT) { > + /* > + * buffer is input: > + * add an entry in the "pending input buffers" list so > + * that copied data can be cleaned from shared memory > + * later. > + */ > + list_add_tail(&b_desc->link, &se_shared_mem_mgmt->pending_in); > + } else { > + /* > + * buffer is output: > + * add an entry in the "pending out buffers" list so data > + * can be copied to user space when receiving Secure-Enclave > + * response. > + */ > + list_add_tail(&b_desc->link, &se_shared_mem_mgmt->pending_out); > + } > + } > + > + > + return 0; > +} > + > +/* Open a character device. */ > +static int se_if_fops_open(struct inode *nd, struct file *fp) > +{ > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data, > + struct se_if_device_ctx, > + miscdev); > + struct se_if_priv *priv = dev_ctx->priv; > + int err = 0; > + > + priv->dev_ctx_mono_count++; > + err = init_device_context(priv, > + priv->dev_ctx_mono_count ? > + priv->dev_ctx_mono_count > + : priv->dev_ctx_mono_count++, priv->dev_ctx_mono_count won't be 0 here as you just increased it. > + &dev_ctx); > + if (err) { > + dev_err(priv->dev, > + "Failed[0x%x] to create device contexts.\n", > + err); > + goto exit; > + } > + > + dev_ctx->status = SE_IF_CTX_OPENED; > + > + fp->private_data = dev_ctx; > + > +exit: > + up(&dev_ctx->fops_lock); You never acquired this semaphore which is likely not what you want. > + return err; > +} > + > +/* Close a character device. */ > +static int se_if_fops_close(struct inode *nd, struct file *fp) > +{ > + struct se_if_device_ctx *dev_ctx = fp->private_data; > + struct se_if_priv *priv = dev_ctx->priv; > + > + /* Avoid race if closed at the same time */ > + if (down_trylock(&dev_ctx->fops_lock)) > + return -EBUSY; > + > + /* The device context has not been opened */ > + if (dev_ctx->status != SE_IF_CTX_OPENED) > + goto exit; > + > + /* check if this device was registered as command receiver. */ > + if (priv->cmd_receiver_clbk_hdl.dev_ctx == dev_ctx) { This is racy. priv->cmd_receiver_clbk_hdl can be accessed by multiple tasks without locking. > + priv->cmd_receiver_clbk_hdl.dev_ctx = NULL; > + kfree(priv->cmd_receiver_clbk_hdl.rx_msg); > + priv->cmd_receiver_clbk_hdl.rx_msg = NULL; > + atomic_set(&priv->cmd_receiver_clbk_hdl.pending_hdr, 0); > + } > + > + /* check if this device was registered as waiting response. */ > + if (priv->waiting_rsp_clbk_hdl.dev_ctx == dev_ctx) { > + priv->waiting_rsp_clbk_hdl.dev_ctx = NULL; > + mutex_unlock(&priv->se_if_cmd_lock); This mutex will never be locked here. > + } > + > + se_dev_ctx_shared_mem_cleanup(&dev_ctx->se_shared_mem_mgmt); > + cleanup_se_shared_mem(&dev_ctx->se_shared_mem_mgmt); > + dev_ctx->status = SE_IF_CTX_FREE; > + > + priv->active_devctx_count--; > + list_del(&dev_ctx->link); > +exit: > + up(&dev_ctx->fops_lock); > + kfree(dev_ctx->devname); > + kfree(dev_ctx); > + > + return 0; > +} > + > static void se_if_probe_cleanup(struct platform_device *pdev) > { > + struct se_if_device_ctx *dev_ctx, *t_dev_ctx; > struct device *dev = &pdev->dev; > struct se_if_priv *priv; > > @@ -247,6 +939,14 @@ static void se_if_probe_cleanup(struct platform_device *pdev) > priv->imem.buf = NULL; > } > > + list_for_each_entry_safe(dev_ctx, t_dev_ctx, &priv->dev_ctx_list, link) { > + list_del(&dev_ctx->link); > + priv->active_devctx_count--; > + } The only place where this list is ever iterated over is here. active_devctx_count is never used except for printing a message (see other comment). Just drop this list. > + > + devm_remove_action(dev, if_misc_deregister, &priv->priv_dev_ctx->miscdev); > + misc_deregister(&priv->priv_dev_ctx->miscdev); > + > /* No need to check, if reserved memory is allocated > * before calling for its release. Or clearing the > * un-set bit. > @@ -254,6 +954,87 @@ static void se_if_probe_cleanup(struct platform_device *pdev) > of_reserved_mem_device_release(dev); > } > > +int init_device_context(struct se_if_priv *priv, int ch_id, > + struct se_if_device_ctx **new_dev_ctx) > +{ static. > + const struct se_if_node_info *info = priv->info; > + struct se_if_device_ctx *dev_ctx; > + int ret = 0; > + > + if (ch_id) > + dev_ctx = kzalloc(sizeof(*dev_ctx), GFP_KERNEL); > + else > + dev_ctx = devm_kzalloc(priv->dev, sizeof(*dev_ctx), GFP_KERNEL); > + > + if (!dev_ctx) { > + ret = -ENOMEM; > + return ret; > + } > + > + dev_ctx->status = SE_IF_CTX_FREE; > + dev_ctx->priv = priv; > + > + if (ch_id) > + dev_ctx->devname = kasprintf(GFP_KERNEL, "%s_ch%d", > + info->se_name, ch_id); > + else > + dev_ctx->devname = devm_kasprintf(priv->dev, > + GFP_KERNEL, "%s_ch%d", > + info->se_name, ch_id); > + if (!dev_ctx->devname) { > + ret = -ENOMEM; > + if (ch_id) > + kfree(dev_ctx); > + > + return ret; > + } > + > + sema_init(&dev_ctx->fops_lock, 1); This semaphore only counts up to one in your code which basically makes it a mutex. Just use a mutex instead. > +/* Private struct for each char device instance. */ > +struct se_if_device_ctx { > + struct se_if_priv *priv; > + struct miscdevice miscdev; > + const char *devname; > + > + enum se_if_dev_ctx_status_t status; > + struct semaphore fops_lock; > + > + struct se_shared_mem_mgmt_info se_shared_mem_mgmt; > + struct notifier_block se_notify; se_notify is never used. Sascha
5/5 - struct se_clbk_handle, is added with a member struct se_if_device_ctx *dev_ctx. - func call to ele_miscdev_msg_rcv() & ele_miscdev_msg_send(), are removed. - func se_ioctl_cmd_snd_rcv_rsp_handler(), is modified to remove the func call to ele_miscdev_msg_rcv() & ele_miscdev_msg_send() - func se_ioctl_cmd_snd_rcv_rsp_handler is callig func ele_msg_send_rcv(), instead. - Mutext "se_cmd_if_lock", handling is removed from this patch. - func ele_miscdev_msg_send() is replaced with func ele_msg_send(), in fops_write. - func ele_miscdev_msg_rcv() is replaced with func ele_msg_rcv(), in fops_read. - fops_open is modified to create the new dev_ctx instance (using func init_device_context()), which is not registered as miscdev. - Only one dev_ctx is registered as miscdev and its reference is stored in the struct se_if_priv, as priv_dev_ctx. - Separate func cleanup_se_shared_mem() & func init_se_shared_mem(), for shared memory handling part of struct dev_ctx. - Input param for func(s) ele_msg_rcv(), ele_msg_send() & ele_msg_send_rcv(), is replaced from struct se_if_priv to struct se_if_device_ctx. 4/5 - A new structure is defined name struct "se_clbk_handle", to contain members processed in mailbox call-back function. - "struct se_if_priv" is modified to contain the two structures of "se_clbk_handle" - waiting_rsp_clbk_hdl & cmd_receiver_clbk_hdl. - func ele_msg_rcv() is modified to take a new additional input reference param "struct se_clbk_handle *se_clbk_hdl". - func ele_msg_send() is modified to take a new additional input tx_msg_sz. - func ele_msg_send_rcv(), is modified to take 2 more inputs - tx_msg_sz & exp_rx_msg_sz. - func se_val_rsp_hdr_n_status(), is modified to take input of rx_msg buffer, instead of header value, as input param. - each caller of the func ele_msg_send_rcv(), is sending these two additional input params. - func se_if_callback(), is modified to work on two structures of "se_clbk_handle" - waiting_rsp_clbk_hdl & cmd_receiver_clbk_hdl. - Variable "max_dev_ctx", is removed from info & priv struture, as well its usage. - New member variable "se_img_file_to_load", is added to structure "priv". - Other member variables - rx_msg(ptr), rx_msg_sz, completion done & list of dev_ctxs, is removed from priv struture, along with their usage. - func se_resume(), updated to wakeup the two "wq", part of "struct se_clbk_handle": priv->waiting_rsp_clbk_hdl & priv->cmd_receiver_clbk_hdl. 3/5 - Node name is changed from senclave-firmware@0 to "secure-enclave" 2/5 - Node name is changed to "secure-enclave". - Link to v6: https://lore.kernel.org/r/20240722-imx-se-if-v6-0-ee26a87b824a@nxp.com v6: firmware: imx: driver for NXP secure-enclave 5/5 - replaced scope_gaurd with gaurd. 4/5 - replaced scope_gaurd with gaurd. - remove reading the regs property from dtb. - Added NULL check for priv data fetched from device, as a sanity check, for ele_base_msg apis) 3/5 - replace firmware with senclave-firmware. 2/5 - replace firmware with senclave-firmware. - drop description for mbox - Replaced "items:" with maxItems:1 for "memory-region" - Replaced "items:" with maxItems:1 for "sram" - remove regs property. - remove "$nodename" - Link to v5: https://lore.kernel.org/r/20240712-imx-se-if-v5-0-66a79903a872@nxp.com Changes in v5: 2/5 - updated the description of mboxes - updated the description & items for mbox-names. - updated the description of memory-region - move "additional properties: false" after allOf block. - removed other example except one. 4/5 - Corrected the indentation in Kconfig. - info members:mbox_tx_name & mbox_rx_name, are replaced with macros. 5/5 - Replaced "for secure enclaves", with "for secure enclaves" - Replaced "user space" with "userspace". - End the line "[include]<linux/firmware/imx/ele_mu_ioctl.h>" with a period. - Link to v4: https://lore.kernel.org/r/20240705-imx-se-if-v4-0-52d000e18a1d@nxp.com Changes in v4: 1/5 a. Removed - from EdgeLock Enclave. b. Removed , after "Each of the above feature," c. replace "can exists" with "can exist". d. -messaging units(MU) per SE. Each co-existing 'se' can have one or multiple exclusive -MU(s), dedicated to itself. None of the MU is shared between two SEs. +messaging units(MU) per SE. Each co-existing SE can have one or multiple exclusive +MUs, dedicated to itself. None of the MU is shared between two SEs. Communication of the MU is realized using the Linux mailbox driver. e. -All those SE interfaces 'se-if' that is/are dedicated to a particular SE, will be -enumerated and provisioned under the very single 'SE' node. +Although MU(s) is/are not shared between SE(s). But for SoC like i.MX95 which has +multiple SE(s) like HSM, V2X-HSM, V2X-SHE; all the SE(s) and their interfaces 'se-if' +that is/are dedicated to a particular SE will be enumerated and provisioned using the +single compatible node("fsl,imx95-se"). f. Removed ",". Replaced for "Each 'se-if'," with "Each se-if'. g. removed "," - This layer is responsible for ensuring the communication protocol, that is defined + This layer is responsible for ensuring the communication protocol that is defined h. removed "-" - - FW can handle one command-message at a time. + - FW can handle one command message at a time. i. - Using these multiple device contexts, that are getting multiplexed over a single MU, - user-space application(s) can call fops like write/read to send the command-message, - and read back the command-response-message to/from Firmware. - fops like read & write uses the above defined service layer API(s) to communicate with + Using these multiple device contexts that are getting multiplexed over a single MU, + userspace application(s) can call fops like write/read to send the command message, + and read back the command response message to/from Firmware. + fops like read & write use the above defined service layer API(s) to communicate with Firmware. j. Uppercase for word "Linux". 2/5 a. Rephrased the description to remove list of phandles. b. Moved required before allOf: +required: + - compatible + - reg + - mboxes + - mbox-names + +additionalProperties: false + allOf: c. replaced not: required: with properties: <property-name>: false. # memory-region - not: - required: - - memory-region + properties: + memory-region: false # sram - else: - not: - required: - - sram d. Reduced examples. keeping example of i.MX95. e. node-name is changed to "firmware@<hex>" 3/5 - node name changed to "firmware@<hex>". 4/5 - used sizeof(*s_info) - return early, rather than doing goto exit, in ele_get_info(). - Use upper_32_bits() and lower_32_bits() - use rx_msg here instead of priv->rx_msg - Moved the status check to validate_rsp_hdr. Rename the function to "se_val_rsp_hdr_n_status" - typecasting removed header = (struct se_msg_hdr *) msg; - Converted the API name with prefix imx_ele_* or imx_se_*, to ele_* and se_*, respectively. - Removed the functions definition & declaration for: free_phybuf_mem_pool() & get_phybuf_mem_pool() - removed the mbox_free_channel() calls from clean-up. - Flag "priv->flags" is removed. - Converted the int se_if_probe_cleanup() to void se_if_probe_cleanup(). - Replaced NULL initialization of structure members: priv->cmd_receiver_dev & priv->waiting_rsp_dev , with comments. - Removed the function's declaration get_phy_buf_mem_pool1 5/5 Changes to Documentation/ABI/testing/se-cdev. a. Removed "-" from "secure-enclave" and "file-descriptor". b. Removed "-" from "shared-library" c. Replaced "get" with "getting". d. Added description for the new IOCTL "send command and receive command response" e. Replaced "wakeup_intruptible" with "wait_event_interruptible" f. Removed ";" g. Removd "," from "mailbox_lock," h. Replaced "free" with "frees" i. In mailbox callback function, checking the buffer size before copying. - Link to v3: https://lore.kernel.org/r/20240617-imx-se-if-v3-0-a7d28dea5c4a@nxp.com Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave Hardware interface of the NXP Secure Enclave HW IP(s) like EdgeLock Enclave, V2X, SHE etc, is based on the Messaging Unit module that enables processing elements like ARMv8 core, RISC V core, within the SoC to communicate and coordinate by passing messages (e.g., data, status and control) through these interfaces. The NXP i.MX secure enclaves hardware interface kernel driver, is specifically targeted for use between application core and NXP secure-enclave(s) HW. It allows to send/receive messages to/from the secure-enclave. Patch-set adds the kernel driver for communication interface to secure-enclave, for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave, both from: - User-Space Applications via character driver. - Kernel-space, used by kernel management layers like DM-Crypt. To: Jonathan Corbet <corbet@lwn.net> To: Rob Herring <robh+dt@kernel.org> To: Conor Dooley <conor+dt@kernel.org> To: Shawn Guo <shawnguo@kernel.org> To: Sascha Hauer <s.hauer@pengutronix.de> To: Pengutronix Kernel Team <kernel@pengutronix.de> To: Fabio Estevam <festevam@gmail.com> To: Rob Herring <robh@kernel.org> Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Cc: imx@lists.linux.dev Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Changes in v3: 5/5: - Initialize tx_msg with NULL. - memdup_user() returns an error pointer, not NULL. correct it by adding check for err_ptr. - new IOCTL is added to send & recieve the message. - replaced the while loop till list is empty, with list_for_each_entry. - replaced __list_del_entry, with list_del. - Removed the dev_err message from copy to user. - Removed the casting of void *. - corrected the typcasting in copy to user. - removed un-necessary goto statement. - Removed dead code for clean-up of memory. - Removed un-mapping of secured memory - Passing se_if_priv structure to init_device_context. - Updated the below check to replace io.length with round_up(io.length). if (shared_mem->size < shared_mem->pos|| io.length >= shared_mem->size - shared_mem->pos) - Created a function to cleanup the list of shared memory buffers. - Used list_for_each_entry_safe(). created a separate functions: se_dev_ctx_cpy_out_data() & se_dev_ctx_shared_mem_cleanup() 4/5 - Changed the compatible string to replace "-ele", to "-se". - Declaration of imx_se_node_info, is done as const in the whole file - Remove the unused macros from ele_base_msg.h - Remove the function declaration get_phy_buf_mem_pool1, from the header file. - Replace the use of dmam_alloc_coherent to dma_alloc_coherent - Check for function pointer, before calling the fucntion pointer in imx_fetch_se_soc_info - Removed the unused flag for SE_MU_IO_FLAGS_USE_SEC_MEM. - Removed the unused macros WORD_SZ - instead of struct device *dev, struct se_if_priv *priv, is used as argument to the funtions:se_save_imem_state, se_restore_imem_state, imx_fetch_se_soc_info - Removed ret from validate_rsp_hdr. - changed the prefix of the funtion: plat_add_msg_crc and plat_fill_cmd_msg_hdr. - indentation correction for info structures. - remove the check for priv not null from se_if_probe_cleanup - Removed the casting of void *. - se_load_firmware function is corrected for not freeing the buffer when allocation fails. - Checking if get_imx_se_node_info() can return NULL, in se_if_probe() - imem.size has type u32. return value from se_save_imem_state() will be assigned to imem.size in case of success only. - removed the flag un-setting in case of failure. priv->flags &= (~RESERVED_DMA_POOL); - removed the function call for devm_of_platform_populate(dev); - Checking for not-NULL, before calling the funtion pointer se_fetch_soc_info. - Removed the checking for reserved memory flag, before freeing up the reserved memory, in se_probe_if_cleanup. 3/5 - Changed the compatible string to replace "-ele", to "-se". 2/5 - to fix the warning error, replaced the "-ele" & "-v2x" in compatible string, to "-se". - Added an example for ele@0 for compatible string "fsl,imx95-se" Changes in v2: 4/4 - Split this patch into two: 1. base driver & 2. Miscdev - Initialize the return variable "err" as 0, before calling 'return err', in the file ele_common.c - Fix the usage of un-iniitialized pointer variable, by initializing them with NULL, in ele_base_msg.c. - Fix initializing the ret variable, to return the correct error code in case of issue. - replaced dmam_alloc_coherent with dma_alloc_coherent. - Replace the use of ELE_GET_INFO_READ_SZ, with sizeof(soc_info). - Replaced -1 with -EPERM - Removed the safety check on func-input param, in ele_get_info(). - fix the assigning data[1] with lower 32 address, rather than zero, for ele_fw_authenticate API. - Correctly initializing the function's return error code, for file ele_base_msg.c. - replaced 'return' with 'goto'. - Use length in bytes. - Corrected the structure se_msg_hdr. - Moved setting of rx_msg to priv, into the function imx_ele_msg_send_rcv - Will add lockdep_assert_held, to receive path, in v2. - corrected the spacing at "ret = validate_rsp_hdr" - FIELD_GET() used for RES_STATUS - Re-write the structure soc_info, matching the information provided in response to this api. - The "|" goes to the end of the previous line. - Moved the locking and unlocking of the command lock to the caller of the function. - removed the safety check for device private data. - Structure memory reference, used to read message header. - In the interrupt call back function, remove assigning waiting_rsp_dev to NULL, in case of response message rcv from FW. - do while removed. - replaced BIT(1) for RESERVED_DMA_POOL, to BIT(0) - The backslash is removed while assigning the file name with absolute path to structure variable.fw_name_in_rfs =. - Update the 'if' condition by removing "idx < 0". - mbox_request_channel_byname() uses a "char" for the name not a u8. Corrected. - devm managed resources, are not cleaned now, in function se_probe_if_cleanup - Used dev_err_probe(). - Used %pe to print error string. - remove "__maybe_unused" for "struct platform_device *enum_plat_dev __maybe_unused;" - used FIELD_GET(), for RES_STATUS. Removed the use of MSG_TAG, MSG_COMMAND, MSG_SIZE, MSG_VER. - Depricated the used of member of struct se_if_priv, bool no_dev_ctx_used; - Moved the text explaing the synchronization logic via mutexes, from patch 1/4 to se_ctrl.h. - removed the type casting of info_list = (struct imx_se_node_info_list *) device_get_match_data(dev->parent); - Used static variable priv->soc_rev in the se_ctrl.c, replaced the following condition: if (info_list->soc_rev) to if (priv->soc_rev) for checking if this flow is already executed or not. - imx_fetch_soc_info will return failure if the get_info function fails. - Removed devm_free from imx_fetch_soc_info too. 3/3 - Made changes to move all the properties to parent node, without any child node. 2/4 - Use Hex pattern string. - Move the properties to parent node, with no child node. - Add i.MX95-ele to compatible nodes to fix the warning "/example-2/v2x: failed to match any schema with compatible: ['fsl,imx95-v2x']" 1/1 - Corrected the spelling from creats to creates. - drop the braces around the plural 's' for interfaces - written se in upper case SE. - Replace "multiple message(s)" with messages. - Removed too much details about locks. Testing - make CHECK_DTBS=y freescale/imx8ulp-evk.dtb; - make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j8 dt_binding_check DT_SCHEMA_FILES=fsl,imx-se.yaml - make C=1 CHECK=scripts/coccicheck drivers/firmware/imx/*.* W=1 > r.txt - ./scripts/checkpatch.pl --git <>..HEAD - Tested the Image and .dtb, on the i.MX8ULP. Reference - Link to v1: https://lore.kernel.org/r/20240510-imx-se-if-v1-0-27c5a674916d@nxp.com - Link to v2: https://lore.kernel.org/r/20240523-imx-se-if-v2-0-5a6fd189a539@nxp.com --- Pankaj Gupta (5): Documentation/firmware: add imx/se to other_interfaces dt-bindings: arm: fsl: add imx-se-fw binding doc arm64: dts: imx8ulp-evk: add nxp secure enclave firmware firmware: imx: add driver for NXP EdgeLock Enclave firmware: imx: adds miscdev Documentation/ABI/testing/se-cdev | 43 + .../devicetree/bindings/firmware/fsl,imx-se.yaml | 91 ++ .../driver-api/firmware/other_interfaces.rst | 121 ++ arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 +- arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 13 +- drivers/firmware/imx/Kconfig | 12 + drivers/firmware/imx/Makefile | 2 + drivers/firmware/imx/ele_base_msg.c | 286 +++++ drivers/firmware/imx/ele_base_msg.h | 95 ++ drivers/firmware/imx/ele_common.c | 318 +++++ drivers/firmware/imx/ele_common.h | 51 + drivers/firmware/imx/se_ctrl.c | 1305 ++++++++++++++++++++ drivers/firmware/imx/se_ctrl.h | 151 +++ include/linux/firmware/imx/se_api.h | 14 + include/uapi/linux/se_ioctl.h | 94 ++ 15 files changed, 2610 insertions(+), 3 deletions(-) --- base-commit: b63ff26648537a5600cf79bd62f916792c53e015 change-id: 20240507-imx-se-if-a40055093dc6 Best regards,