diff options
author | Horia Geantă <horia.geanta@nxp.com> | 2019-09-29 22:42:19 +0300 |
---|---|---|
committer | Dong Aisheng <aisheng.dong@nxp.com> | 2019-11-25 16:08:15 +0800 |
commit | 33738b5dcd2873f0cf8c69481079c190f9bda0d5 (patch) | |
tree | 09f19b93f6a21b12e3c49a210f089c9fa042976d /arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi | |
parent | 41ff3c14e44fae62998a3edb7006e233c62f5366 (diff) |
MLKU-62-1 arm64: dts: imx8qm/imx8qxp: add security subsystem
Security subsystem includes:
-caam crypto engine
-secure memory
Notes:
1. caam has 4 job rings, however only last 2 rings are accessible
from the kernel.
2. Controller DT node is added in the same power domain as the JR2
(1st jr showing in DT).
This is needed since controller driver (ctrl.c) needs first jr
(JR2 in this case) "powered", so it can access its register page
(which has some aliases for registers located in controller page,
page that is not accesible from the kernel).
Adding controller DT node to the power domain leads to SCU f/w
being instructed to "power up" JR2.
What actually happens is that:
-XRDC2 is programmed to provide access to JR2 register page
-SECO f/w is instructed to update JR2DID_LS and possibly
JR2DID_MS[USE_OUT].
USE_OUT details from Security RM:
"JRaDID_MS contains a USE_OUT field that enables a second set of ICID
and DID values.
When USE_OUT=1, this Job Ring's *data* write transactions will assert
TrustZone Non-SecureWorld, along with the OUT_DID and OUT_ICID values
from JRSDID_LS.
All other bus transactions, including all reads, descriptor write-backs
and job completion status writes will assert the PRIM_ICID, PRIM_ICID and
not PRIM_TZ values from JRaDID_MS.
When USE_OUT=0, all bus transactions performed on behalf of this Job Ring
will use the PRIM_ICID, PRIM_ICID and not PRIM_TZ values from JRSDID_MS."
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Diffstat (limited to 'arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi')
-rw-r--r-- | arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi new file mode 100644 index 000000000000..e11a3dcb275a --- /dev/null +++ b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2019 NXP + */ + +#include <dt-bindings/firmware/imx/rsrc.h> + +security_subsys: bus@31400000 { + compatible = "simple-bus"; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x31400000 0x0 0x31400000 0xc00000>; + + crypto: crypto@31400000 { + compatible = "fsl,sec-v4.0"; + reg = <0x31400000 0x400000>; + interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0 0x31400000 0x400000>; + fsl,sec-era = <9>; + power-domains = <&pd IMX_SC_R_CAAM_JR2>; + power-domain-names = "jr"; + + sec_jr2: jr2@30000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd IMX_SC_R_CAAM_JR2>; + power-domain-names = "jr"; + }; + + sec_jr3: jr3@40000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd IMX_SC_R_CAAM_JR3>; + power-domain-names = "jr"; + }; + }; + + caam_sm: caam-sm@31800000 { + compatible = "fsl,imx6q-caam-sm"; + reg = <0x31800000 0x10000>; + }; +}; |