| /linux/Documentation/devicetree/bindings/arm/ |
| H A D | secure.txt | 1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
|
| /linux/Documentation/arch/powerpc/ |
| H A D | ultravisor.rst | 15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
63 the VM it is returning to is secure.
73 **Secure Mode MSR Settings**
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
104 * The hardware does not allow anything that is not running secure to
105 access secure memory. This means that the Hypervisor cannot access
110 * I/O systems are not allowed to directly address secure memory. This
[all …]
|
| /linux/Documentation/devicetree/bindings/arm/amlogic/ |
| H A D | amlogic,meson-gx-ao-secure.yaml | 5 $id: http://devicetree.org/schemas/arm/amlogic/amlogic,meson-gx-ao-secure.yaml#
15 secure firmware.
22 const: amlogic,meson-gx-ao-secure
30 - const: amlogic,meson-gx-ao-secure
34 - amlogic,a4-ao-secure
35 - amlogic,c3-ao-secure
36 - amlogic,s4-ao-secure
37 - amlogic,t7-ao-secure
38 - const: amlogic,meson-gx-ao-secure
58 ao-secure@140 {
[all …]
|
| /linux/arch/arm/common/ |
| H A D | secure_cntvoff.S | 5 * Initialization of CNTVOFF register from secure mode
15 * CNTVOFF has to be initialized either from non-secure Hypervisor
16 * mode or secure Monitor mode with SCR.NS==1. If TrustZone is enabled
17 * then it should be handled by the secure code. The CPU must implement
21 mrc p15, 0, r1, c1, c1, 0 /* Get Secure Config */
23 mcr p15, 0, r0, c1, c1, 0 /* Set Non Secure bit */
28 mcr p15, 0, r1, c1, c1, 0 /* Set Secure bit */
|
| /linux/Documentation/devicetree/bindings/mailbox/ |
| H A D | ti,secure-proxy.yaml | 4 $id: http://devicetree.org/schemas/mailbox/ti,secure-proxy.yaml#
7 title: Texas Instruments' Secure Proxy
13 The Texas Instruments' secure proxy is a mailbox controller that has
25 const: ti,am654-secure-proxy
30 Contains the secure proxy thread ID used for the specific transfer path.
48 secure proxy thread in the form 'rx_<PID>'.
54 Contains the interrupt information for the Rx interrupt path for secure
71 compatible = "ti,am654-secure-proxy";
|
| /linux/arch/s390/include/uapi/asm/ |
| H A D | pkey.h | 23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
89 /* Struct to hold a CCA AES secure key blob */
91 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
121 * Generate CCA AES secure key.
127 struct pkey_seckey seckey; /* out: the secure key blob */
133 * Construct CCA AES secure key from clear key value
140 struct pkey_seckey seckey; /* out: the secure key blob */
146 * Fabricate AES protected key from a CCA AES secure key
151 struct pkey_seckey seckey; /* in: the secure key blob */
170 * Verification Pattern provided inside a CCA AES secure key.
[all …]
|
| /linux/arch/arm/mach-omap2/ |
| H A D | omap-secure.h | 3 * omap-secure.h: OMAP Secure infrastructure header.
23 /* Secure HAL API flags */
30 /* Maximum Secure memory storage size */
35 /* Secure low power HAL API index */
41 /* Secure Monitor mode APIs */
52 /* Secure PPA(Primary Protected Application) APIs */
60 /* Secure RX-51 PPA (Primary Protected Application) APIs */
|
| H A D | omap-smc.S | 3 * OMAP34xx and OMAP44xx secure APIs file.
15 * This is common routine to manage secure monitor API
16 * used to modify the PL310 secure registers.
36 * Low level common routine for secure HAL and PPA APIs.
48 mov r12, #0x00 @ Secure Service ID
59 * Low level common routine for secure HAL and PPA APIs via smc #1
60 * r0 - @service_id: Secure Service ID
67 mov r12, r0 @ Copy the secure service ID
|
| H A D | omap-secure.c | 3 * OMAP Secure API infrastructure.
23 #include "omap-secure.h"
50 * omap_secure_dispatcher - Routine to dispatch low power secure
55 * @arg1, arg2, arg3 args4: Parameters passed to secure API
77 * Secure API needs physical address in omap_secure_dispatcher()
95 WARN(res.a0, "Secure function call 0x%08x failed\n", fn); in omap_smccc_smc()
110 /* Allocate the memory to save secure ram */
143 * rx51_secure_dispatcher: Routine to dispatch secure PPA API calls
148 * @arg1, arg2, arg3 args4: Parameters passed to secure API
168 * Secure API needs physical address in rx51_secure_dispatcher()
[all …]
|
| /linux/include/linux/firmware/intel/ |
| H A D | stratix10-smc.h | 13 * This file defines the Secure Monitor Call (SMC) message protocol used for
14 * service layer driver in normal world (EL1) to communicate with secure
15 * monitor software in Secure Monitor Exception Level 3 (EL3).
17 * This file is shared with secure firmware (FW) which is out of kernel tree.
21 * value. The operation of the secure monitor is determined by the parameter
31 * STD call starts a operation which can be preempted by a non-secure
54 * Secure monitor software doesn't recognize the request.
57 * Secure monitor software accepts the service client's request.
60 * Secure monitor software is still processing service client's request.
63 * Secure monitor software reject the service client's request.
[all …]
|
| /linux/Documentation/devicetree/bindings/arm/samsung/ |
| H A D | samsung-secure-firmware.yaml | 4 $id: http://devicetree.org/schemas/arm/samsung/samsung-secure-firmware.yaml#
7 title: Samsung Exynos Secure Firmware
15 - const: samsung,secure-firmware
19 Address of non-secure SYSRAM used for communication with firmware.
31 compatible = "samsung,secure-firmware";
|
| /linux/arch/arm/mach-bcm/ |
| H A D | bcm_kona_smc.c | 52 pr_info("Kona Secure API initialized\n"); in bcm_kona_smc_init()
60 * Only core 0 can run the secure monitor code. If an "smc" request
67 * cache and interrupt handling while the secure monitor executes.
76 * First, the secure monitor call itself (regardless of the specific
132 /* Flush caches for input data passed to Secure Monitor */ in __bcm_kona_smc()
135 /* Trap into Secure Monitor and record the request result */ in __bcm_kona_smc()
152 * Due to a limitation of the secure monitor, we must use the SMP in bcm_kona_smc()
153 * infrastructure to forward all secure monitor calls to Core 0. in bcm_kona_smc()
|
| /linux/Documentation/tee/ |
| H A D | amd-tee.rst | 8 TEE environment is provided by AMD Secure Processor.
10 The AMD Secure Processor (formerly called Platform Security Processor or PSP)
21 User space (Kernel space) | AMD Secure Processor (PSP)
44 At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the
47 the secure processor and return results to AMD-TEE driver. The interface
48 between AMD-TEE driver and AMD Secure Processor driver can be found in [1].
64 AMD-TEE Trusted OS is the firmware running on AMD Secure Processor.
79 talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening
|
| H A D | op-tee.rst | 23 separate secure co-processor.
36 User space Kernel Secure world
56 RPC (Remote Procedure Call) are requests from secure world to kernel driver
74 There are two kinds of notifications that secure world can use to make
79 2. Asynchronous notifications delivered with a combination of a non-secure
80 edge-triggered interrupt and a fast call from the non-secure interrupt
84 this is only usable when secure world is entered with a yielding call via
85 ``OPTEE_SMC_CALL_WITH_ARG``. This excludes such notifications from secure
88 An asynchronous notification is delivered via a non-secure edge-triggered
98 building block for OP-TEE OS in secure world to implement the top half and
|
| /linux/Documentation/devicetree/bindings/firmware/ |
| H A D | intel,stratix10-svc.yaml | 15 processor system (HPS) and Secure Device Manager (SDM). When the FPGA is
21 communication with SDM, only the secure world of software (EL3, Exception
29 driver also manages secure monitor call (SMC) to communicate with secure monitor
41 secure service layer.
55 communicate with the secure device manager.
|
| /linux/drivers/gpu/drm/amd/amdgpu/ |
| H A D | amdgpu_securedisplay.c | 55 dev_err(psp->adev->dev, "Secure display: Generic Failure."); in psp_securedisplay_parse_resp_status()
58 dev_err(psp->adev->dev, "Secure display: Invalid Parameter."); in psp_securedisplay_parse_resp_status()
61 dev_err(psp->adev->dev, "Secure display: Null Pointer."); in psp_securedisplay_parse_resp_status()
64 dev_err(psp->adev->dev, "Secure display: Failed to write to I2C."); in psp_securedisplay_parse_resp_status()
67 dev_err(psp->adev->dev, "Secure display: Failed to Read DIO Scratch Register."); in psp_securedisplay_parse_resp_status()
70 dev_err(psp->adev->dev, "Secure display: Failed to Read CRC"); in psp_securedisplay_parse_resp_status()
73 dev_err(psp->adev->dev, "Secure display: Failed to initialize I2C."); in psp_securedisplay_parse_resp_status()
76 dev_err(psp->adev->dev, "Secure display: Failed to parse status: %d\n", status); in psp_securedisplay_parse_resp_status()
|
| H A D | ta_secureDisplay_if.h | 27 /** Secure Display related enumerations */
31 * Secure Display Command ID
45 * Secure Display status returns in shared buffer status
73 * communication to Secure Display TA is functional.
92 /** Input/output structures for Secure Display commands */
163 * Secure display command which is shared buffer memory
167 … status; /**< +4 Bytes Status code returned by the secure display TA */
|
| /linux/drivers/firmware/efi/libstub/ |
| H A D | secureboot.c | 3 * Secure boot handling.
26 * Determine whether we're in secure boot mode.
38 efi_err("Could not determine UEFI Secure Boot status.\n"); in efi_get_secureboot()
53 /* If it fails, we don't care why. Default to secure */ in efi_get_secureboot()
60 efi_info("UEFI Secure Boot is enabled.\n"); in efi_get_secureboot()
|
| /linux/drivers/tee/optee/ |
| H A D | optee_rpc_cmd.h | 31 * Notification from/to secure world.
33 * If secure world needs to wait for something, for instance a mutex, it
34 * does a notification wait request instead of spinning in secure world.
35 * Conversely can a synchronous notification can be sent when a secure
39 * which instead is sent via a non-secure interrupt.
71 /* Memory that can be shared with a non-secure user space application */
73 /* Memory only shared with non-secure kernel */
|
| /linux/drivers/firmware/ |
| H A D | Kconfig | 149 and manages secure monitor call to communicate with secure monitor
150 software at secure monitor exception level.
241 bool "Trusted Foundations secure monitor support"
245 the market) are booted with the Trusted Foundations secure monitor
246 active, requiring some core operations to be performed by the secure
249 This option allows the kernel to invoke the secure monitor whenever
257 tristate "Turris Mox rWTM secure firmware driver"
264 This driver communicates with the firmware on the Cortex-M3 secure
281 key (each Turris Mox has an ECDSA private key generated in the secure
|
| /linux/Documentation/gpu/nova/core/ |
| H A D | devinit.rst | 19 FWSEC ucode. It is launched by FWSEC, which runs on the GSP in 'heavy-secure' mode, while
20 devinit runs on the PMU in 'light-secure' mode.
44 heavy-secure mode.
48 asserted by the FWSEC running on the GSP in heavy-secure mode.
59 masks. Some registers are only accessible after secure firmware (FWSEC) lowers the
60 privilege level to allow CPU (LS/low-secure) access. This is the case, for example,
|
| /linux/Documentation/devicetree/bindings/nvmem/ |
| H A D | st,stm32-romem.yaml | 40 st,non-secure-otp:
42 This property explicits a factory programmed area that both secure
43 and non-secure worlds can access. It is needed when, by default, the
44 related area can only be reached by the secure world.
69 st,non-secure-otp;
|
| /linux/arch/x86/kernel/apic/ |
| H A D | x2apic_savic.c | 3 * AMD Secure AVIC Support (SEV-SNP Guests)
50 * When Secure AVIC is enabled, RDMSR/WRMSR of the APIC registers
118 pr_err("Error reading unknown Secure AVIC reg offset 0x%x\n", reg); in savic_read()
126 * On WRMSR to APIC_SELF_IPI register by the guest, Secure AVIC hardware
240 pr_err("Error writing unknown Secure AVIC reg offset 0x%x\n", reg); in savic_write()
335 /* Disable Secure AVIC */ in savic_teardown()
347 * Before Secure AVIC is enabled, APIC MSR reads are intercepted. in savic_setup()
356 * present when the vCPU is running in order for Secure AVIC to in savic_setup()
378 pr_err("Secure AVIC enabled in non x2APIC mode\n"); in savic_probe()
392 .name = "secure avic x2apic",
|
| /linux/Documentation/virt/kvm/s390/ |
| H A D | s390-pv.rst | 20 The Ultravisor will secure and decrypt the guest's boot memory
70 The control structures associated with SIE provide the Secure
72 Secure Interception General Register Save Area. Guest GRs and most of
75 GRs are put into / retrieved from the Secure Interception General
88 The Secure Instruction Data Area contains instruction storage
99 There are two types of SIE secure instruction intercepts: the normal
100 and the notification type. Normal secure instruction intercepts will
|
| /linux/Documentation/devicetree/bindings/iommu/ |
| H A D | qcom,iommu.yaml | 16 to non-secure vs secure interrupt line.
52 qcom,iommu-secure-id:
55 The SCM secure ID of the IOMMU instance.
116 qcom,iommu-secure-id = <17>;
|