Home
last modified time | relevance | path

Searched +full:secure +full:- +full:only (Results 1 – 25 of 560) sorted by relevance

12345678910>>...23

/linux/Documentation/devicetree/bindings/arm/
H A Dsecure.txt1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
/linux/Documentation/arch/powerpc/
H A Dultravisor.rst1 .. SPDX-License-Identifier: GPL-2.0
15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
16 (PVR=0x004e1203) or greater will be PEF-capable. A new ISA release
25 +------------------+
29 +------------------+
31 +------------------+
33 +------------------+
35 +------------------+
38 VMs in the system. SVMs are protected while at rest and can only be
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
[all …]
/linux/arch/s390/include/uapi/asm/
H A Dpkey.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
89 /* Struct to hold a CCA AES secure key blob */
91 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
121 * Generate CCA AES secure key.
127 struct pkey_seckey seckey; /* out: the secure key blob */
133 * Construct CCA AES secure key from clear key value
140 struct pkey_seckey seckey; /* out: the secure key blob */
146 * Fabricate AES protected key from a CCA AES secure key
151 struct pkey_seckey seckey; /* in: the secure key blob */
[all …]
/linux/arch/arm/mach-omap2/
H A Domap-secure.c1 // SPDX-License-Identifier: GPL-2.0-only
3 * OMAP Secure API infrastructure.
11 #include <linux/arm-smccc.h>
23 #include "omap-secure.h"
39 * We only check that the OP-TEE node is present and available. The in omap_optee_init_check()
40 * OP-TEE kernel driver is not needed for the type of interaction made in omap_optee_init_check()
41 * with OP-TEE here so the driver's status is not checked. in omap_optee_init_check()
50 * omap_secure_dispatcher - Routine to dispatch low power secure
55 * @arg1, arg2, arg3 args4: Parameters passed to secure API
57 * Return the non-zero error value on failure.
[all …]
H A Domap-secure.h1 /* SPDX-License-Identifier: GPL-2.0-only */
3 * omap-secure.h: OMAP Secure infrastructure header.
23 /* Secure HAL API flags */
30 /* Maximum Secure memory storage size */
35 /* Secure low power HAL API index */
41 /* Secure Monitor mode APIs */
52 /* Secure PPA(Primary Protected Application) APIs */
60 /* Secure RX-51 PPA (Primary Protected Application) APIs */
H A Domap-smc.S1 /* SPDX-License-Identifier: GPL-2.0-only */
3 * OMAP34xx and OMAP44xx secure APIs file.
15 * This is common routine to manage secure monitor API
16 * used to modify the PL310 secure registers.
23 .arch armv7-a
26 stmfd sp!, {r2-r12, lr}
31 ldmfd sp!, {r2-r12, pc}
36 * Low level common routine for secure HAL and PPA APIs.
43 stmfd sp!, {r4-r12, lr}
48 mov r12, #0x00 @ Secure Service ID
[all …]
/linux/Documentation/devicetree/bindings/nvmem/
H A Dst,stm32-romem.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/st,stm32-romem.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: STMicroelectronics STM32 Factory-programmed data
10 This represents STM32 Factory-programmed read only non-volatile area: locked
11 flash, OTP, read-only HW regs... This contains various information such as:
16 - Fabrice Gasnier <fabrice.gasnier@foss.st.com>
19 - $ref: nvmem.yaml#
20 - $ref: nvmem-deprecated-cells.yaml#
[all …]
H A Damlogic,meson-gxbb-efuse.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/amlogic,meson-gxbb-efuse.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 - Neil Armstrong <neil.armstrong@linaro.org>
13 - $ref: nvmem.yaml#
14 - $ref: nvmem-deprecated-cells.yaml#
19 - const: amlogic,meson-gxbb-efuse
20 - items:
21 - const: amlogic,meson-gx-efuse
[all …]
H A Dqcom,sec-qfprom.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/qcom,sec-qfprom.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: Qualcomm Technologies Inc, Secure QFPROM Efuse
10 - Komal Bajaj <quic_kbajaj@quicinc.com>
14 protected from non-secure access. In such situations, the OS have to use
15 secure calls to read the region.
18 - $ref: nvmem.yaml#
19 - $ref: nvmem-deprecated-cells.yaml#
[all …]
/linux/arch/arm/mach-bcm/
H A Dbcm_kona_smc.c1 // SPDX-License-Identifier: GPL-2.0-only
25 {.compatible = "brcm,kona-smc"},
26 {.compatible = "bcm,kona-smc"}, /* deprecated name */
40 return -ENODEV; in bcm_kona_smc_init()
45 return -EINVAL; in bcm_kona_smc_init()
49 return -ENOMEM; in bcm_kona_smc_init()
52 pr_info("Kona Secure API initialized\n"); in bcm_kona_smc_init()
60 * Only core 0 can run the secure monitor code. If an "smc" request
67 * cache and interrupt handling while the secure monitor executes.
69 * Parameters to the "smc" request are passed in r4-r6 as follows:
[all …]
/linux/Documentation/ABI/testing/
H A Dsysfs-secvar5 secureboot, thereby secure variables. It exposes interface
6 for reading/writing the secure variables
11 Description: This directory lists all the secure variables that are supported
22 and is expected to be "ibm,edk2-compat-v1".
27 format string takes the form "ibm,plpks-sb-v<version>" in the
30 the form "ibm,plpks-sb-v0", indicating that the key management
36 Description: Each secure variable is represented as a directory named as
41 Only secvars relevant to the key management mode are exposed.
42 Only in the dynamic key management mode should the user have
43 access (read and write) to the secure boot secvars db, dbx,
[all …]
/linux/Documentation/devicetree/bindings/mailbox/
H A Dti,secure-proxy.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/mailbox/ti,secure-proxy.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: Texas Instruments' Secure Proxy
10 - Nishanth Menon <nm@ti.com>
13 The Texas Instruments' secure proxy is a mailbox controller that has
16 called "threads" or "proxies" - each instance is unidirectional and is
22 pattern: "^mailbox@[0-9a-f]+$"
25 const: ti,am654-secure-proxy
[all …]
/linux/Documentation/devicetree/bindings/firmware/
H A Dintel,stratix10-svc.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/firmware/intel,stratix10-svc.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 - Dinh Nguyen <dinguyen@kernel.org>
11 - Mahesh Rao <mahesh.rao@altera.com>
14 Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard
15 processor system (HPS) and Secure Device Manager (SDM). When the FPGA is
21 communication with SDM, only the secure world of software (EL3, Exception
29 driver also manages secure monitor call (SMC) to communicate with secure monitor
[all …]
/linux/drivers/tee/optee/
H A Doptee_rpc_cmd.h1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright (c) 2016-2021, Linaro Limited
12 * Only the commands handled by the kernel driver are defined here.
14 * RPC communication with tee-supplicant is reversed compared to normal
23 * 1970-01-01 00:00:00 +0000 (UTC).
31 * Notification from/to secure world.
33 * If secure world needs to wait for something, for instance a mutex, it
34 * does a notification wait request instead of spinning in secure world.
35 * Conversely can a synchronous notification can be sent when a secure
39 * which instead is sent via a non-secure interrupt.
[all …]
/linux/Documentation/virt/kvm/s390/
H A Ds390-pv.rst1 .. SPDX-License-Identifier: GPL-2.0
8 -------
15 Each guest starts in non-protected mode and then may make a request to
20 The Ultravisor will secure and decrypt the guest's boot memory
33 -------------------
46 safeguarding; they can only be injected for instructions that have
54 -------------------------------
64 ---------------------
70 The control structures associated with SIE provide the Secure
72 Secure Interception General Register Save Area. Guest GRs and most of
[all …]
/linux/Documentation/userspace-api/
H A Dcheck_exec.rst1 .. SPDX-License-Identifier: GPL-2.0
12 `samples/check-exec/inc.c`_ example.
36 Passing the ``AT_EXECVE_CHECK`` flag to :manpage:`execveat(2)` only performs a
41 Programs should always perform this check to apply kernel-level checks against
45 should only be enforced according to ``SECBIT_EXEC_RESTRICT_FILE`` or
54 In a secure environment, libraries and any executable dependencies should also
57 For such secure execution environment to make sense, only trusted code should
60 To avoid race conditions leading to time-of-check to time-of-use issues,
67 When ``SECBIT_EXEC_RESTRICT_FILE`` is set, a process should only interpret or
71 This secure bit may be set by user session managers, service managers,
[all …]
/linux/Documentation/tee/
H A Dop-tee.rst1 .. SPDX-License-Identifier: GPL-2.0
4 OP-TEE (Open Portable Trusted Execution Environment)
7 The OP-TEE driver handles OP-TEE [1] based TEEs. Currently it is only the ARM
8 TrustZone based OP-TEE solution that is supported.
10 Lowest level of communication with OP-TEE builds on ARM SMC Calling
11 Convention (SMCCC) [2], which is the foundation for OP-TEE's SMC interface
12 [3] used internally by the driver. Stacked on top of that is OP-TEE Message
15 OP-TEE SMC interface provides the basic functions required by SMCCC and some
16 additional functions specific for OP-TEE. The most interesting functions are:
18 - OPTEE_SMC_FUNCID_CALLS_UID (part of SMCCC) returns the version information
[all …]
H A Damd-tee.rst1 .. SPDX-License-Identifier: GPL-2.0
4 AMD-TEE (AMD's Trusted Execution Environment)
7 The AMD-TEE driver handles the communication with AMD's TEE environment. The
8 TEE environment is provided by AMD Secure Processor.
10 The AMD Secure Processor (formerly called Platform Security Processor or PSP)
12 software-based Trusted Execution Environment (TEE) designed to enable
13 third-party Trusted Applications. This feature is currently enabled only for
16 The following picture shows a high level overview of AMD-TEE::
21 User space (Kernel space) | AMD Secure Processor (PSP)
24 +--------+ | +-------------+
[all …]
/linux/arch/arm/mach-exynos/
H A Dfirmware.c1 // SPDX-License-Identifier: GPL-2.0
16 #include <asm/hardware/cache-l2x0.h>
62 * because Exynos3250 removes WFE in secure mode. in exynos_cpu_boot()
72 * But, Exynos4212 has only one secondary CPU so second parameter in exynos_cpu_boot()
73 * isn't used for informing secure firmware about CPU id. in exynos_cpu_boot()
87 return -ENODEV; in exynos_set_cpu_boot_addr()
92 * Almost all Exynos-series of SoCs that run in secure mode don't need in exynos_set_cpu_boot_addr()
93 * additional offset for every CPU, with Exynos4412 being the only in exynos_set_cpu_boot_addr()
108 return -ENODEV; in exynos_get_cpu_boot_addr()
191 exynos_smc(SMC_CMD_L2X0SETUP1, regs->tag_latency, regs->data_latency, in exynos_l2_configure()
[all …]
/linux/Documentation/gpu/nova/core/
H A Ddevinit.rst1 .. SPDX-License-Identifier: GPL-2.0
6 The devinit process is complex and subject to change. This document provides a high-level
18 nova-core driver is even loaded. On an Ampere GPU, the devinit ucode is separate from the
19 FWSEC ucode. It is launched by FWSEC, which runs on the GSP in 'heavy-secure' mode, while
20 devinit runs on the PMU in 'light-secure' mode.
23 ------------------------
28 3. Clock and PLL (Phase-Locked Loop) configuration
31 Low-level Firmware Initialization Flow
32 --------------------------------------
37 These low-level GPU firmware components are typically:
[all …]
/linux/drivers/vfio/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
3 tristate "VFIO Non-Privileged userspace driver framework"
11 VFIO provides a framework for secure userspace device drivers.
12 See Documentation/driver-api/vfio.rst for more details.
25 to set up secure DMA context for device access. This interface does
64 bool "VFIO No-IOMMU support"
68 Only with an IOMMU can userspace access to DMA capable devices be
69 considered secure. VFIO No-IOMMU mode enables IOMMU groups for
70 devices without IOMMU backing for the purpose of re-using the VFIO
71 infrastructure in a non-secure mode. Use of this mode will result
[all …]
/linux/drivers/gpu/drm/amd/amdgpu/
H A Damdgpu_securedisplay.c39 * 1:Query whether TA is responding used only for validation pupose
55 dev_err(psp->adev->dev, "Secure display: Generic Failure."); in psp_securedisplay_parse_resp_status()
58 dev_err(psp->adev->dev, "Secure display: Invalid Parameter."); in psp_securedisplay_parse_resp_status()
61 dev_err(psp->adev->dev, "Secure display: Null Pointer."); in psp_securedisplay_parse_resp_status()
64 dev_err(psp->adev->dev, "Secure display: Failed to write to I2C."); in psp_securedisplay_parse_resp_status()
67 dev_err(psp->adev->dev, "Secure display: Failed to Read DIO Scratch Register."); in psp_securedisplay_parse_resp_status()
70 dev_err(psp->adev->dev, "Secure display: Failed to Read CRC"); in psp_securedisplay_parse_resp_status()
73 dev_err(psp->adev->dev, "Secure display: Failed to initialize I2C."); in psp_securedisplay_parse_resp_status()
76 dev_err(psp->adev->dev, "Secure display: Failed to parse status: %d\n", status); in psp_securedisplay_parse_resp_status()
83 *cmd = (struct ta_securedisplay_cmd *)psp->securedisplay_context.context.mem_context.shared_buf; in psp_prep_securedisplay_cmd_buf()
[all …]
/linux/Documentation/devicetree/bindings/iommu/
H A Dqcom,iommu.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 - Konrad Dybcio <konradybcio@kernel.org>
13 Qualcomm "B" family devices which are not compatible with arm-smmu have
16 to non-secure vs secure interrupt line.
21 - items:
22 - enum:
23 - qcom,msm8916-iommu
24 - qcom,msm8917-iommu
[all …]
/linux/drivers/firmware/qcom/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
4 # see Documentation/kbuild/kconfig-language.rst.
29 Use the generic allocator mode. The memory is page-aligned, non-cachable
49 Various Qualcomm SoCs have a Secure Execution Environment (SEE) running
62 bool "Qualcomm SEE UEFI Secure App client driver"
67 Instead, these need to be accessed via the UEFI Secure Application
68 (uefisecapp), residing in the Secure Execution Environment (SEE).
72 provide user-space with access to EFI variables via efivarfs.
/linux/include/uapi/linux/
H A Dvirtio_blk.h37 #define VIRTIO_BLK_F_RO 5 /* Disk is read-only */
43 #define VIRTIO_BLK_F_SECURE_ERASE 16 /* Secure Erase is supported */
61 /* The capacity (in 512-byte sectors). */
91 /* number of vqs, only available when VIRTIO_BLK_F_MQ is set */
96 * The maximum discard sectors (in 512-byte sectors) for
110 * The maximum number of write zeroes sectors (in 512-byte sectors) in
129 * The maximum secure erase sectors (in 512-byte sectors) for
134 * The maximum number of secure erase segments in a
135 * secure erase command.
138 /* Secure erase commands must be aligned to this number of sectors. */
[all …]

12345678910>>...23