From: Sascha Hauer <s.hauer@pengutronix.de>
To: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Jonathan Corbet <corbet@lwn.net>,
Rob Herring <robh+dt@kernel.org>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Conor Dooley <conor+dt@kernel.org>,
Shawn Guo <shawnguo@kernel.org>,
Pengutronix Kernel Team <kernel@pengutronix.de>,
Fabio Estevam <festevam@gmail.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
devicetree@vger.kernel.org, imx@lists.linux.dev,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/4] Documentation/firmware: add imx/se to other_interfaces
Date: Mon, 13 May 2024 09:30:07 +0200 [thread overview]
Message-ID: <ZkHBf9o522w0E2jR@pengutronix.de> (raw)
In-Reply-To: <20240510-imx-se-if-v1-1-27c5a674916d@nxp.com>
On Fri, May 10, 2024 at 06:57:27PM +0530, Pankaj Gupta wrote:
> Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s)
> that contains the NXP hardware IP(s) for secure-enclaves(se) like:
> - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP
>
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> ---
> .../driver-api/firmware/other_interfaces.rst | 126 +++++++++++++++++++++
> 1 file changed, 126 insertions(+)
>
> diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst
> index 06ac89adaafb..c18c2d3e6e08 100644
> --- a/Documentation/driver-api/firmware/other_interfaces.rst
> +++ b/Documentation/driver-api/firmware/other_interfaces.rst
> @@ -49,3 +49,129 @@ of the requests on to a secure monitor (EL3).
>
> .. kernel-doc:: drivers/firmware/stratix10-svc.c
> :export:
> +
> +NXP Secure Enclave Firmware Interface
> +=====================================
> +
> +Introduction
> +------------
> +The NXP's i.MX HW IP like EdgeLock-Enclave, V2X etc., creats an embedded secure
s/creats/creates/
> +enclave within the SoC boundary to enable features like
> + - Hardware Security Module (HSM)
> + - Security Hardware Extension (SHE)
> + - Vehicular to Anything (V2X)
> +
> +Each of the above feature, is enabled through dedicated NXP H/W IP on the SoC.
> +On a single SoC, multiple hardware IP (or can say more than one secure enclave)
> +can exists.
> +
> +NXP SoC(s) enabled with the such secure enclave(se) IP(s) are:
There are already multiple NXP SoCs with a secure enclave, so you can
drop the braces around the plural 's'.
With (se) you refer to the acronym SE for secure enclave, right? If so,
please write it in uppercase letters.
> +i.MX93, i.MX8ULP
> +
> +To communicate with one or more co-existing 'se'(s) on SoC, there is/are dedicated
> +messaging units(MU) per 'se'. Each co-existing 'se' can have one or multiple exclusive
> +MU(s), dedicated to itself. None of the MU is shared between two se(s).
between to SEs (the plural 's' is not optional here)
> +Communication of the MU is realized using the Linux mailbox driver.
> +
> +NXP Secure Enclave(SE) Interface
> +--------------------------------
> +All those SE interface(s) 'se-if(s)' that is/are dedicated to a particular 'se', will be
interfaces (no 's' in braces).
Please use uppercase letters consistently for 'SE'
> +enumerated and provisioned under the very single 'se' node.
> +
> +Each 'se-if', comprise of twp layers:
> +- (C_DEV Layer) User-Space software-access interface.
> +- (Service Layer) OS-level software-access interface.
> +
> + +--------------------------------------------+
> + | Character Device(C_DEV) |
> + | |
> + | +---------+ +---------+ +---------+ |
> + | | misc #1 | | misc #2 | ... | misc #n | |
> + | | dev | | dev | | dev | |
> + | +---------+ +---------+ +---------+ |
> + | +-------------------------+ |
> + | | Misc. Dev Synchr. Logic | |
> + | +-------------------------+ |
> + | |
> + +--------------------------------------------+
> +
> + +--------------------------------------------+
> + | Service Layer |
> + | |
> + | +-----------------------------+ |
> + | | Message Serialization Logic | |
> + | +-----------------------------+ |
> + | +---------------+ |
> + | | imx-mailbox | |
> + | | mailbox.c | |
> + | +---------------+ |
> + | |
> + +--------------------------------------------+
> +
> +- service layer:
> + This layer is responsible for ensuring the communication protocol, that is defined
> + for communication with firmware.
> +
> + FW Communication protocol ensures two things:
> + - Serializing the multiple message(s) to be sent over an MU.
Just "Serializing the messages to be sent over an MU"
> + A mutex locks instance "mu_lock" is instantiated per MU. It is taken to ensure
> + one message is sent over MU at a time. The lock "mu_lock" is unlocked, post sending
> + the message using the mbox api(s) exposed by mailbox kernel driver.
> +
> + - FW can handle one command-message at a time.
> + Second command-message must wait till first command message is completely processed.
> + Hence, another mutex lock instance "mu_cmd_lock" is instantiated per MU. It is taken
> + to ensure one command-message is sent at a time, towards FW. This lock is not unlocked,
> + for the next command-message, till previous command message is processed completely.
I don't think such implementation details belong here. They are easily
changed in the code with the documentation update being forgotten. I'd
just leave the bullet points here and add the detailed description as
comments to the code.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2024-05-13 7:30 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 13:27 [PATCH 0/4] Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave Pankaj Gupta
2024-05-10 13:27 ` [PATCH 1/4] Documentation/firmware: add imx/se to other_interfaces Pankaj Gupta
2024-05-13 7:30 ` Sascha Hauer [this message]
2024-05-14 10:03 ` [EXT] " Pankaj Gupta
2024-05-10 13:27 ` [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc Pankaj Gupta
2024-05-10 14:22 ` Rob Herring (Arm)
2024-05-10 20:09 ` Rob Herring
2024-05-13 15:36 ` [EXT] " Pankaj Gupta
2024-05-21 12:17 ` Pankaj Gupta
2024-05-10 13:27 ` [PATCH 3/4] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware Pankaj Gupta
2024-05-10 13:27 ` [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave Pankaj Gupta
2024-05-10 16:41 ` Frank Li
2024-05-10 19:39 ` Amit Singh Tomar
2024-05-13 9:16 ` [EXT] " Pankaj Gupta
2024-05-13 9:12 ` Pankaj Gupta
2024-05-11 5:30 ` kernel test robot
2024-05-11 7:14 ` kernel test robot
2024-05-13 8:21 ` Sascha Hauer
2024-05-13 11:30 ` [EXT] " Pankaj Gupta
2024-05-13 10:54 ` Marc Kleine-Budde
2024-05-17 11:24 ` [EXT] " Pankaj Gupta
2024-05-20 11:02 ` Marc Kleine-Budde
2024-05-21 11:57 ` Pankaj Gupta
2024-05-21 12:27 ` Marc Kleine-Budde
2024-05-22 10:46 ` Pankaj Gupta
2024-05-22 11:10 ` Marc Kleine-Budde
2024-05-22 12:53 ` Pankaj Gupta
2024-05-16 4:47 ` Amit Singh Tomar
2024-05-16 4:52 ` [EXT] " Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZkHBf9o522w0E2jR@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=conor+dt@kernel.org \
--cc=corbet@lwn.net \
--cc=devicetree@vger.kernel.org \
--cc=festevam@gmail.com \
--cc=imx@lists.linux.dev \
--cc=kernel@pengutronix.de \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pankaj.gupta@nxp.com \
--cc=robh+dt@kernel.org \
--cc=shawnguo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).