| /Linux-v5.4/Documentation/devicetree/bindings/arm/ |
| D | secure.txt | 1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
|
| /Linux-v5.4/Documentation/powerpc/ |
| D | ultravisor.rst | 15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
63 the VM it is returning to is secure.
73 **Secure Mode MSR Settings**
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
104 * The hardware does not allow anything that is not running secure to
105 access secure memory. This means that the Hypervisor cannot access
110 * I/O systems are not allowed to directly address secure memory. This
[all …]
|
| /Linux-v5.4/Documentation/devicetree/bindings/crypto/ |
| D | inside-secure-safexcel.txt | 1 Inside Secure SafeXcel cryptographic engine
4 - compatible: Should be "inside-secure,safexcel-eip197b",
5 "inside-secure,safexcel-eip197d" or
6 "inside-secure,safexcel-eip97ies".
21 - "inside-secure,safexcel-eip197" is equivalent to
22 "inside-secure,safexcel-eip197b".
23 - "inside-secure,safexcel-eip97" is equivalent to
24 "inside-secure,safexcel-eip97ies".
29 compatible = "inside-secure,safexcel-eip197b";
|
| /Linux-v5.4/Documentation/devicetree/bindings/iommu/ |
| D | qcom,iommu.txt | 6 to non-secure vs secure interrupt line.
31 - qcom,iommu-secure-id : secure-id.
37 - "qcom,msm-iommu-v1-ns" : non-secure context bank
38 - "qcom,msm-iommu-v1-sec" : secure context bank
46 for routing of context bank irq's to secure vs non-
47 secure lines. (Ie. if the iommu contains secure
63 qcom,iommu-secure-id = <17>;
89 qcom,iommu-secure-id = <18>;
|
| /Linux-v5.4/arch/arm/common/ |
| D | secure_cntvoff.S | 5 * Initialization of CNTVOFF register from secure mode
15 * CNTVOFF has to be initialized either from non-secure Hypervisor
16 * mode or secure Monitor mode with SCR.NS==1. If TrustZone is enabled
17 * then it should be handled by the secure code. The CPU must implement
21 mrc p15, 0, r1, c1, c1, 0 /* Get Secure Config */
23 mcr p15, 0, r0, c1, c1, 0 /* Set Non Secure bit */
28 mcr p15, 0, r1, c1, c1, 0 /* Set Secure bit */
|
| /Linux-v5.4/arch/arm/mach-omap2/ |
| D | omap-secure.h | 3 * omap-secure.h: OMAP Secure infrastructure header.
21 /* Secure HAL API flags */
28 /* Maximum Secure memory storage size */
33 /* Secure low power HAL API index */
39 /* Secure Monitor mode APIs */
50 /* Secure PPA(Primary Protected Application) APIs */
54 /* Secure RX-51 PPA (Primary Protected Application) APIs */
|
| D | omap-smc.S | 3 * OMAP34xx and OMAP44xx secure APIs file.
15 * This is common routine to manage secure monitor API
16 * used to modify the PL310 secure registers.
36 * Low level common routine for secure HAL and PPA APIs.
48 mov r12, #0x00 @ Secure Service ID
59 * Low level common routine for secure HAL and PPA APIs via smc #1
60 * r0 - @service_id: Secure Service ID
67 mov r12, r0 @ Copy the secure service ID
|
| D | omap-secure.c | 3 * OMAP Secure API infrastructure.
19 #include "omap-secure.h"
24 * omap_sec_dispatcher: Routine to dispatch low power secure
29 * @arg1, arg2, arg3 args4: Parameters passed to secure API
46 * Secure API needs physical address in omap_secure_dispatcher()
56 /* Allocate the memory to save secure ram */
94 * rx51_secure_dispatcher: Routine to dispatch secure PPA API calls
99 * @arg1, arg2, arg3 args4: Parameters passed to secure API
119 * Secure API needs physical address in rx51_secure_dispatcher()
|
| /Linux-v5.4/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ |
| D | base.c | 24 * Secure boot is the process by which NVIDIA-signed firmware is loaded into
31 * - Non-secure (NS). In this mode, functionality is similar to Falcon
38 * - Heavy Secure (HS). In this mode, the microprocessor is a black box - it's
42 * (The loading process involves tagging the IMEM block as secure, writing the
46 * - Light Secure (LS). In this mode, the microprocessor has more privileges
52 * Secure boot consists in temporarily switching a HS-capable falcon (typically
54 * load them, and switch managed falcons into LS mode. Once secure boot
57 * Secure boot requires a write-protected memory region (WPR) which can only be
58 * written by the secure falcon. On dGPU, the driver sets up the WPR region in
62 * The secure boot process takes place as follows:
[all …]
|
| D | acr_r361.h | 30 * @signature: 16B signature for secure code. 0s if no secure code
34 * @non_sec_code_off: offset from code_dma_base where the non-secure code is
37 * @sec_code_off: offset from code_dma_base where the secure code is
39 * @sec_code_size: offset from code_dma_base where the secure code is
|
| /Linux-v5.4/drivers/tee/optee/ |
| D | optee_smc.h | 75 * Used by non-secure world to figure out which Trusted OS is installed.
88 * Used by non-secure world to figure out which version of the Trusted OS
155 * Returns the Secure/Non-secure shared memory config.
187 * Exchanges capabilities between normal world and secure world
197 * a1 bitfield of secure world capabilities OPTEE_SMC_SEC_CAP_*
202 * a1 bitfield of secure world capabilities OPTEE_SMC_SEC_CAP_*
207 /* Secure world has reserved shared memory for normal world to use */
209 /* Secure world can communicate via previously unregistered shared memory */
213 * Secure world supports commands "register/unregister shared memory",
214 * secure world accepts command buffers located in any parts of non-secure RAM
[all …]
|
| D | optee_msg.h | 13 * with an instance of OP-TEE running in secure world.
18 * 3. Requests from secure world, Remote Procedure Call (RPC), handled by
40 * Meta parameter to be absorbed by the Secure OS and not passed
107 * Secure and normal world communicates pointers as physical address
108 * instead of the virtual address. This is because secure and normal world
112 * structure to secure world.
135 * Value parameters are passed unchecked between normal and secure world.
246 * Used by non-secure world to figure out which Trusted OS is installed.
261 * Used by non-secure world to figure out which version of the Trusted OS
271 * Do a secure call with struct optee_msg_arg as argument
[all …]
|
| D | call.c | 26 * We're preparing to make a call to secure world. In case we can't in optee_cq_wait_init()
27 * allocate a thread in secure world we'll end up waiting in in optee_cq_wait_init()
30 * Normally if there's no contention in secure world the call will in optee_cq_wait_init()
37 * guarantees that we don't lose a completion if secure world in optee_cq_wait_init()
78 * We're done with the call to secure world. The thread in secure in optee_cq_wait_final()
92 * was just done with its call to secure world. Since yet another in optee_cq_wait_final()
93 * thread now is available in secure world wake up another eventual in optee_cq_wait_final()
116 * optee_do_call_with_arg() - Do an SMC to OP-TEE in secure world
118 * @parg: physical address of message to pass to secure world
120 * Does and SMC to OP-TEE in secure world and handles eventual resulting
[all …]
|
| /Linux-v5.4/Documentation/devicetree/bindings/arm/amlogic/ |
| D | amlogic,meson-gx-ao-secure.yaml | 5 $id: "http://devicetree.org/schemas/arm/amlogic/amlogic,meson-gx-ao-secure.yaml#"
15 secure firmware.
22 const: amlogic,meson-gx-ao-secure
29 - const: amlogic,meson-gx-ao-secure
48 ao-secure@140 {
49 compatible = "amlogic,meson-gx-ao-secure", "syscon";
|
| /Linux-v5.4/include/uapi/linux/ |
| D | nfc.h | 67 * @NFC_CMD_ENABLE_SE: Enable the physical link to a specific secure element.
68 * Once enabled a secure element will handle card emulation mode, i.e.
69 * starting a poll from a device which has a secure element enabled means
71 * @NFC_CMD_DISABLE_SE: Disable the physical link to a specific secure element.
74 * @NFC_EVENT_SE_ADDED: Event emitted when a new secure element is discovered.
77 * @NFC_EVENT_SE_REMOVED: Event emitted when a secure element is removed from
79 * @NFC_EVENT_SE_CONNECTIVITY: This event is emitted whenever a secure element
87 * @NFC_CMD_GET_SE: Dump all discovered secure elements from an NFC controller.
88 * @NFC_CMD_SE_IO: Send/Receive APDUs to/from the selected secure element.
154 * @NFC_ATTR_SE: Available Secure Elements
[all …]
|
| /Linux-v5.4/arch/s390/include/uapi/asm/ |
| D | pkey.h | 23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
72 /* Struct to hold a CCA AES secure key blob */
74 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
90 * Generate CCA AES secure key.
96 struct pkey_seckey seckey; /* out: the secure key blob */
101 * Construct CCA AES secure key from clear key value
108 struct pkey_seckey seckey; /* out: the secure key blob */
113 * Fabricate AES protected key from a CCA AES secure key
118 struct pkey_seckey seckey; /* in: the secure key blob */
135 * Verification Pattern provided inside a CCA AES secure key.
[all …]
|
| /Linux-v5.4/include/linux/firmware/intel/ |
| D | stratix10-smc.h | 13 * This file defines the Secure Monitor Call (SMC) message protocol used for
14 * service layer driver in normal world (EL1) to communicate with secure
15 * monitor software in Secure Monitor Exception Level 3 (EL3).
17 * This file is shared with secure firmware (FW) which is out of kernel tree.
21 * value. The operation of the secure monitor is determined by the parameter
31 * STD call starts a operation which can be preempted by a non-secure
54 * Secure monitor software doesn't recognize the request.
58 * In case of FPGA configuration write operation, it means secure monitor
62 * In case of FPGA configuration write operation, it means secure monitor
109 * to secure world.
[all …]
|
| /Linux-v5.4/arch/arm/crypto/ |
| D | Kconfig | 17 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
27 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
37 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
46 SHA-256 secure hash standard (DFIPS 180-2) implemented
54 SHA-256 secure hash standard (DFIPS 180-2) implemented
62 SHA-512 secure hash standard (DFIPS 180-2) implemented
88 Use a faster and more secure NEON based implementation of AES in CBC,
|
| /Linux-v5.4/Documentation/devicetree/bindings/rng/ |
| D | omap_rng.txt | 1 OMAP SoC and Inside-Secure HWRNG Module
9 - "inside-secure,safexcel-eip76" for SoCs with EIP76 IP block
14 Used for "ti,omap4-rng" and "inside-secure,safexcel-eip76"
16 "inside-secure,safexcel-eip76" compatible, the second clock is
34 compatible = "inside-secure,safexcel-eip76";
|
| /Linux-v5.4/Documentation/devicetree/bindings/firmware/meson/ |
| D | meson_sm.txt | 1 * Amlogic Secure Monitor
3 In the Amlogic SoCs the Secure Monitor code is used to provide access to the
6 Required properties for the secure monitor node:
12 sm: secure-monitor {
|
| /Linux-v5.4/arch/arm/mach-bcm/ |
| D | bcm_kona_smc.c | 74 pr_info("Kona Secure API initialized\n"); in bcm_kona_smc_init()
82 * Only core 0 can run the secure monitor code. If an "smc" request
89 * cache and interrupt handling while the secure monitor executes.
98 * First, the secure monitor call itself (regardless of the specific
154 /* Flush caches for input data passed to Secure Monitor */ in __bcm_kona_smc()
157 /* Trap into Secure Monitor and record the request result */ in __bcm_kona_smc()
174 * Due to a limitation of the secure monitor, we must use the SMP in bcm_kona_smc()
175 * infrastructure to forward all secure monitor calls to Core 0. in bcm_kona_smc()
|
| /Linux-v5.4/Documentation/devicetree/bindings/firmware/ |
| D | intel,stratix10-svc.txt | 4 processor system (HPS) and Secure Device Manager (SDM). When the FPGA is
10 communication with SDM, only the secure world of software (EL3, Exception
18 driver also manages secure monitor call (SMC) to communicate with secure monitor
28 smc - Secure Monitor Call
|
| /Linux-v5.4/drivers/s390/crypto/ |
| D | zcrypt_ccamisc.h | 39 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
106 * Simple check if the token is a valid CCA secure AES data key
114 * Simple check if the token is a valid CCA secure AES cipher key
125 * Generate (random) CCA AES DATA secure key.
130 * Generate CCA AES DATA secure key with given clear key value.
136 * Derive proteced key from an CCA AES DATA secure key.
143 * Generate (random) CCA AES CIPHER secure key.
149 * Derive proteced key from CCA AES cipher secure key.
155 * Build CCA AES CIPHER secure key with a given clear key value.
170 * Verification Pattern provided inside a secure key.
|
| /Linux-v5.4/drivers/firmware/efi/libstub/ |
| D | secureboot.c | 3 * Secure boot handling.
30 * Determine whether we're in secure boot mode.
68 /* If it fails, we don't care why. Default to secure */ in efi_get_secureboot()
75 pr_efi(sys_table_arg, "UEFI Secure Boot is enabled.\n"); in efi_get_secureboot()
79 pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n"); in efi_get_secureboot()
|
| /Linux-v5.4/Documentation/devicetree/bindings/sram/ |
| D | samsung-sram.txt | 9 declaration. These nodes are of two types depending upon secure or
10 non-secure execution environment.
14 "samsung,exynos4210-sysram" : for Secure SYSRAM
15 "samsung,exynos4210-sysram-ns" : for Non-secure SYSRAM
|
