[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM4PR0401MB24013282D99065A19AFC626F92280@AM4PR0401MB2401.eurprd04.prod.outlook.com>
Date: Mon, 7 Sep 2020 09:49:51 +0000
From: "Franck Lenormand (OSS)" <franck.lenormand@....nxp.com>
To: Shawn Guo <shawnguo@...nel.org>,
"Franck Lenormand (OSS)" <franck.lenormand@....nxp.com>,
Arnd Bergmann <arnd@...db.de>
CC: "s.hauer@...gutronix.de" <s.hauer@...gutronix.de>,
"festevam@...il.com" <festevam@...il.com>,
"kernel@...gutronix.de" <kernel@...gutronix.de>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
dl-linux-imx <linux-imx@....com>,
Aisheng Dong <aisheng.dong@....com>,
Abel Vesa <abel.vesa@....com>,
Anson Huang <anson.huang@....com>,
"linux@...pel-privat.de" <linux@...pel-privat.de>,
Leonard Crestez <leonard.crestez@....com>,
Daniel Baluta <daniel.baluta@....com>,
Joakim Zhang <qiangqing.zhang@....com>,
Peng Fan <peng.fan@....com>
Subject: RE: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver
Regards,
Franck LENORMAND, STEC Engineer
-----Original Message-----
From: Shawn Guo <shawnguo@...nel.org>
Sent: Wednesday, August 19, 2020 3:32 PM
To: Franck Lenormand (OSS) <franck.lenormand@....nxp.com>; Arnd Bergmann <arnd@...db.de>
Cc: s.hauer@...gutronix.de; festevam@...il.com; kernel@...gutronix.de; linux-kernel@...r.kernel.org; linux-arm-kernel@...ts.infradead.org; dl-linux-imx <linux-imx@....com>; Aisheng Dong <aisheng.dong@....com>; Abel Vesa <abel.vesa@....com>; Anson Huang <anson.huang@....com>; linux@...pel-privat.de; Leonard Crestez <leonard.crestez@....com>; Daniel Baluta <daniel.baluta@....com>; Joakim Zhang <qiangqing.zhang@....com>; Peng Fan <peng.fan@....com>
Subject: Re: [PATCH v2 5/5] soc: imx8: Add the SC SECVIO driver
On Tue, Jul 21, 2020 at 05:20:35PM +0200, franck.lenormand@....nxp.com wrote:
> From: Franck LENORMAND <franck.lenormand@....nxp.com>
>
> The SNVS is a hardware component in the imx8 SoC. One of its function
> is to detect hardware attacks, in which case it creates a SECurity
> VIOlation.
>
> This patch adds the support for the reception of these secvio and
> report it to the audit framework.
>
> It also gives the possibility to perform custom processing when a
> secvio is detected.
>
> Signed-off-by: Franck LENORMAND <franck.lenormand@....nxp.com>
> Reported-by: kernel test robot <lkp@...el.com>
> ---
> drivers/soc/imx/Kconfig | 10 +
> drivers/soc/imx/Makefile | 1 +
> drivers/soc/imx/secvio/Kconfig | 10 +
> drivers/soc/imx/secvio/Makefile | 3 +
> drivers/soc/imx/secvio/imx-secvio-audit.c | 39 ++
> drivers/soc/imx/secvio/imx-secvio-debugfs.c | 379 ++++++++++++
> drivers/soc/imx/secvio/imx-secvio-sc-int.h | 84 +++
> drivers/soc/imx/secvio/imx-secvio-sc.c | 858 ++++++++++++++++++++++++++++
> include/soc/imx/imx-secvio-sc.h | 177 ++++++
> 9 files changed, 1561 insertions(+)
> create mode 100644 drivers/soc/imx/secvio/Kconfig create mode 100644
> drivers/soc/imx/secvio/Makefile create mode 100644
> drivers/soc/imx/secvio/imx-secvio-audit.c
> create mode 100644 drivers/soc/imx/secvio/imx-secvio-debugfs.c
> create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc-int.h
> create mode 100644 drivers/soc/imx/secvio/imx-secvio-sc.c
> create mode 100644 include/soc/imx/imx-secvio-sc.h
Hi Arnd,
Do we have any subsystem to accommodate this driver? Or 'soc' is just the right place for it?
[FL:] I was not able to find other devices which detects hardware intrusions so it seemed to be the best place for the driver.
Shawn
>
> diff --git a/drivers/soc/imx/Kconfig b/drivers/soc/imx/Kconfig index
> a9370f4..6c1bc78 100644
> --- a/drivers/soc/imx/Kconfig
> +++ b/drivers/soc/imx/Kconfig
> @@ -19,4 +19,14 @@ config SOC_IMX8M
> support, it will provide the SoC info like SoC family,
> ID and revision etc.
>
> +config SECVIO_SC
> + tristate "NXP SC secvio support"
> + depends on IMX_SCU
> + help
> + If you say yes here you get support for the NXP SNVS security
> + violation module. It includes the possibility to read information
> + related to security violations and tampers. It also gives the
> + possibility to register user callbacks when a security violation
> + occurs.
> +
> endmenu
> diff --git a/drivers/soc/imx/Makefile b/drivers/soc/imx/Makefile index
> 078dc91..c91a499 100644
> --- a/drivers/soc/imx/Makefile
> +++ b/drivers/soc/imx/Makefile
> @@ -5,3 +5,4 @@ endif
> obj-$(CONFIG_HAVE_IMX_GPC) += gpc.o
> obj-$(CONFIG_IMX_GPCV2_PM_DOMAINS) += gpcv2.o
> obj-$(CONFIG_SOC_IMX8M) += soc-imx8m.o
> +obj-${CONFIG_SECVIO_SC} += secvio/
> diff --git a/drivers/soc/imx/secvio/Kconfig
> b/drivers/soc/imx/secvio/Kconfig new file mode 100644 index
> 0000000..dcfaea5
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/Kconfig
> @@ -0,0 +1,10 @@
> +config SECVIO_SC
> + tristate "NXP SC secvio support"
> + depends on IMX_SCU
> + help
> + If you say yes here you get support for the NXP SNVS security
> + violation module. It includes the possibility to read information
> + related to security violations and tampers. It also gives the
> + possibility to register user callbacks when a security violation
> + occurs.
> +
> diff --git a/drivers/soc/imx/secvio/Makefile
> b/drivers/soc/imx/secvio/Makefile new file mode 100644 index
> 0000000..d5a89ba
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/Makefile
> @@ -0,0 +1,3 @@
> +obj-y += imx-secvio-sc.o
> +obj-$(CONFIG_DEBUG_FS) += imx-secvio-debugfs.o
> +obj-$(CONFIG_AUDIT) += imx-secvio-audit.o
> diff --git a/drivers/soc/imx/secvio/imx-secvio-audit.c
> b/drivers/soc/imx/secvio/imx-secvio-audit.c
> new file mode 100644
> index 0000000..dc96e16
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/imx-secvio-audit.c
> @@ -0,0 +1,39 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2019-2020 NXP
> + */
> +
> +#include <linux/audit.h>
> +
> +#include <soc/imx/imx-secvio-sc.h>
> +
> +/**
> + * report_to_audit_notify() - Report secvio and tamper status to
> +audit FW
> + *
> + * This function can be chained in a notifier list
> + *
> + * @nb: notifier block
> + * @status: error code
> + * @notif_info: Pointer on secvio_sc_notifier_info structure
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
> + void *notif_info)
> +{
> + struct audit_buffer *ab;
> + struct secvio_sc_notifier_info *info = notif_info;
> +
> + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_INTEGRITY_RULE);
> + if (!ab)
> + return -ENOMEM;
> +
> + audit_log_format(ab, " hpsvs=0x%.08x lps=0x%.08x lptds=0x%.08x",
> + info->hpsvs, info->lps, info->lptds);
> + audit_log_task_info(ab);
> + audit_log_end(ab);
> +
> + return 0;
> +}
> diff --git a/drivers/soc/imx/secvio/imx-secvio-debugfs.c
> b/drivers/soc/imx/secvio/imx-secvio-debugfs.c
> new file mode 100644
> index 0000000..bcbd77a
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/imx-secvio-debugfs.c
> @@ -0,0 +1,379 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2019-2020 NXP
> + */
> +
> +/*
> + * The module exposes 3 files in debugfs:
> + * - secvio/info:
> + * * Read: It returns the value of the fuses and SNVS registers which are
> + * readable and related to secvio and tampers
> + * * Write: A write of the format "<hex id> [<hex value 0> <hex value 1>
> + * <hex value 2> <hex value 3> <hex value 4>](<nb values>)"
> + * will write the SNVS register having the provided id with the
> + * values provided (cf SECO documentation)
> + * - secvio/enable: State of the IRQ
> + * - secvio/check: Check the state of the security violation and tampers
> + * and calls notifier
> + * - secvio/clear: Clear the state of all secvio and tampers */
> +
> +#include <linux/kernel.h>
> +#include <linux/device.h>
> +#include <linux/debugfs.h>
> +#include <linux/uaccess.h>
> +#include <linux/nvmem-consumer.h>
> +
> +#include <linux/firmware/imx/svc/misc.h> #include
> +<linux/firmware/imx/svc/seco.h>
> +
> +#include <soc/imx/imx-secvio-sc.h>
> +#include "imx-secvio-sc-int.h"
> +
> +/**
> + * fuse_reader() - Read a set of fuse
> + *
> + * @dev: secvio device
> + * @id: offset of the fuse
> + * @value: array of values read
> + * @mul: number of fuse to read
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int fuse_reader(struct device *dev, u32 id, u32 *value, u8
> +mul) {
> + struct imx_secvio_sc_data *data = dev_get_drvdata(dev);
> + u32 size_to_read = mul * sizeof(u32);
> + int ret;
> +
> + ret = nvmem_device_read(data->nvmem, id, size_to_read, value);
> + if (ret < 0) {
> + dev_err(data->dev, "Failed to read fuse %d: %d\n", id, ret);
> + return ret;
> + }
> +
> + if (ret != size_to_read) {
> + dev_err(data->dev, "Read only %d instead of %d\n", ret,
> + size_to_read);
> + return -ENOMEM;
> + }
> +
> + return 0;
> +}
> +
> +/**
> + * snvs_reader() - Read a set of SNVS register
> + *
> + * @dev: secvio device
> + * @id: offset of the register
> + * @value: array of values read
> + * @mul: number of registers to read
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int snvs_reader(struct device *dev, u32 id, u32 *value, u8
> +mul) {
> + int ret;
> + u32 *v1, *v2, *v3, *v4, *v5;
> +
> + v1 = NULL;
> + v2 = NULL;
> + v3 = NULL;
> + v4 = NULL;
> + v5 = NULL;
> +
> + switch (mul) {
> + case 5:
> + v5 = &value[4];
> + fallthrough;
> + case 4:
> + v4 = &value[3];
> + fallthrough;
> + case 3:
> + v3 = &value[2];
> + fallthrough;
> + case 2:
> + v2 = &value[1];
> + fallthrough;
> + case 1:
> + v1 = &value[0];
> + break;
> + default:
> + return -EINVAL;
> + }
> +
> + ret = call_secvio_config(dev, id, SECVIO_CONFIG_READ, v1, v2, v3, v4,
> + v5, mul);
> + if (ret < 0)
> + dev_err(dev, "Failed to read snvs reg %d: %d\n", id, ret);
> +
> + return ret;
> +}
> +
> +/**
> + * snvs_dgo_reader() - Read a set of DGO register
> + *
> + * @dev: secvio device
> + * @id: offset of the register
> + * @value: array of values read
> + * @mul: number of registers to read
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int snvs_dgo_reader(struct device *dev, u32 id, u32 *value, u8
> +mul) {
> + struct imx_secvio_sc_data *data = dev_get_drvdata(dev);
> + int ret;
> +
> + /* We check that we only have 1 register to read */
> + if (mul != 1)
> + return -EINVAL;
> +
> + ret = imx_sc_seco_secvio_dgo_config(data->ipc_handle, id,
> + SECVIO_CONFIG_READ, value);
> + if (ret)
> + dev_err(dev, "Failed to read snvs dgo reg %d: %d\n", id, ret);
> +
> + return ret;
> +}
> +
> +static const struct imx_secvio_info_entry {
> + int (*reader)(struct device *dev, u32 id, u32 *value, u8 mul);
> + const char *type;
> + const char *name;
> + u32 id;
> + u8 mul;
> +} gs_imx_secvio_info_list[] = {
> + {fuse_reader, "fuse", "trim", 30, 1},
> + {fuse_reader, "fuse", "trim2", 31, 1},
> + {fuse_reader, "fuse", "ctrim1", 260, 1},
> + {fuse_reader, "fuse", "ctrim2", 261, 1},
> + {fuse_reader, "fuse", "ctrim3", 262, 1},
> + {fuse_reader, "fuse", "ctrim4", 263, 1},
> + {fuse_reader, "fuse", "OSC_CAP", 768, 1},
> +
> + {snvs_reader, "snvs", "HPLR", 0x0, 1},
> + {snvs_reader, "snvs", "LPLR", 0x34, 1},
> + {snvs_reader, "snvs", "HPSICR", 0xc, 1},
> + {snvs_reader, "snvs", "HPSVCR", 0x10, 1},
> + {snvs_reader, "snvs", "HPSVS", 0x18, 1},
> + {snvs_reader, "snvs", "LPSVC", 0x40, 1},
> + {snvs_reader, "snvs", "LPTDC", 0x48, 2},
> + {snvs_reader, "snvs", "LPSR", 0x4c, 1},
> + {snvs_reader, "snvs", "LPTDS", 0xa4, 1},
> + {snvs_reader, "snvs", "LPTGFC", 0x44, 3},
> + {snvs_reader, "snvs", "LPATCTL", 0xe0, 1},
> + {snvs_reader, "snvs", "LPATCLK", 0xe4, 1},
> + {snvs_reader, "snvs", "LPATRC1", 0xe8, 2},
> + {snvs_reader, "snvs", "LPMKC", 0x3c, 1},
> + {snvs_reader, "snvs", "LPSMC", 0x5c, 2},
> + {snvs_reader, "snvs", "LPPGD", 0x64, 1},
> + {snvs_reader, "snvs", "HPVID", 0xf8, 2},
> +
> + {snvs_dgo_reader, "dgo", "Offset", 0x0, 1},
> + {snvs_dgo_reader, "dgo", "PUP/PD", 0x10, 1},
> + {snvs_dgo_reader, "dgo", "Anatest", 0x20, 1},
> + {snvs_dgo_reader, "dgo", "T trim", 0x30, 1},
> + {snvs_dgo_reader, "dgo", "Misc", 0x40, 1},
> + {snvs_dgo_reader, "dgo", "Vmon", 0x50, 1},
> +};
> +
> +struct imx_secvio_sc_info_seq_data {
> + struct device *dev;
> + const struct imx_secvio_info_entry *list;
> + int size;
> +};
> +
> +/**
> + * imx_secvio_sc_info_seq_start() - Start sequence
> + *
> + * @m: seq file
> + * @pos: position in the sequence
> + *
> + * Return pointer on position
> + */
> +static void *imx_secvio_sc_info_seq_start(struct seq_file *m, loff_t
> +*pos) {
> + struct imx_secvio_sc_info_seq_data *data = m->private;
> +
> + /* Check we are not out of bound */
> + if (*pos >= data->size)
> + return NULL;
> +
> + return (void *)pos;
> +}
> +
> +/**
> + * imx_secvio_sc_info_seq_next() - Iterate sequence
> + *
> + * @m: seq file
> + * @v: pointer
> + * @pos: position in the sequence
> + *
> + * Return pointer on position
> + */
> +static void *imx_secvio_sc_info_seq_next(struct seq_file *m, void *v,
> +loff_t *pos) {
> + /* Increment the counter */
> + ++*pos;
> +
> + /* call the start function which will check the index */
> + return imx_secvio_sc_info_seq_start(m, pos); }
> +
> +/**
> + * imx_secvio_sc_info_seq_stop() - Stop sequence
> + *
> + * @m: seq file
> + * @v: pointer
> + */
> +static void imx_secvio_sc_info_seq_stop(struct seq_file *m, void *v)
> +{ }
> +
> +/**
> + * imx_secvio_sc_info_seq_show() - Show the item in the sequence
> + *
> + * @m: seq file
> + * @v: pointer
> + * @pos: position in the sequence
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int imx_secvio_sc_info_seq_show(struct seq_file *m, void *v) {
> + struct imx_secvio_sc_info_seq_data *data = m->private;
> + const struct imx_secvio_info_entry *e;
> + int ret;
> + u32 vals[5];
> + int idx;
> +
> + idx = *(loff_t *)v;
> + e = &data->list[idx];
> +
> + /* Read the values */
> + ret = e->reader(data->dev, e->id, (u32 *)&vals, e->mul);
> + if (ret) {
> + dev_err(data->dev, "Fail to read %s %s (idx %d)\n", e->type,
> + e->name, e->id);
> + return 0;
> + }
> +
> + seq_printf(m, "%5s/%-10s(%.3d):", e->type, e->name, e->id);
> +
> + /* Loop over the values */
> + for (idx = 0; idx < e->mul; idx++)
> + seq_printf(m, " %.8x", vals[idx]);
> +
> + seq_puts(m, "\n");
> +
> + return 0;
> +}
> +
> +static const struct seq_operations imx_secvio_sc_info_seq_ops = {
> + .start = imx_secvio_sc_info_seq_start,
> + .next = imx_secvio_sc_info_seq_next,
> + .stop = imx_secvio_sc_info_seq_stop,
> + .show = imx_secvio_sc_info_seq_show, };
> +
> +/**
> + * imx_secvio_sc_info_open() - Store node info for ioctl
> + *
> + * @inode: inode
> + * @file: file used to perform the ioctl
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int imx_secvio_sc_info_open(struct inode *inode, struct file
> +*file) {
> + struct imx_secvio_sc_info_seq_data *data;
> +
> + data = __seq_open_private(file, &imx_secvio_sc_info_seq_ops, sizeof(*data));
> + if (!data)
> + return -ENOMEM;
> +
> + data->dev = inode->i_private;
> + data->list = gs_imx_secvio_info_list;
> + data->size = ARRAY_SIZE(gs_imx_secvio_info_list);
> +
> + return 0;
> +}
> +
> +static const struct file_operations imx_secvio_sc_info_ops = {
> + .owner = THIS_MODULE,
> + .open = imx_secvio_sc_info_open,
> + .read = seq_read,
> + .llseek = seq_lseek,
> + .release = seq_release_private,
> +};
> +
> +/**
> + * if_debugfs_remove_recursive() - Wrapper for
> +debugfs_remove_recursive
> + *
> + * Can be used with devm
> + *
> + * @dentry: directory entry
> + */
> +static void if_debugfs_remove_recursive(void *dentry) {
> + debugfs_remove_recursive(dentry);
> +}
> +
> +/**
> + * imx_secvio_sc_debugfs() - Create the debugfs
> + *
> + * @dev: secvio device
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +int imx_secvio_sc_debugfs(struct device *dev) {
> + struct imx_secvio_sc_data *data = dev_get_drvdata(dev);
> + struct dentry *dir;
> + int ret = 0;
> +
> + /* Create a folder */
> + dir = debugfs_create_dir(dev_name(dev), NULL);
> + if (IS_ERR(dir)) {
> + dev_err(dev, "Failed to create dfs dir\n");
> + ret = PTR_ERR(dir);
> + goto exit;
> + }
> + data->dfs = dir;
> +
> + ret = devm_add_action(dev, if_debugfs_remove_recursive, data->dfs);
> + if (ret) {
> + dev_err(dev, "Failed to add managed action to disable IRQ\n");
> + goto remove_fs;
> + }
> +
> + /* Create the file to read info and write to reg */
> + dir = debugfs_create_file("info", 0x666, data->dfs, dev,
> + &imx_secvio_sc_info_ops);
> + if (IS_ERR(dir)) {
> + dev_err(dev, "Failed to add info to debugfs\n");
> + ret = PTR_ERR(dir);
> + goto exit;
> + }
> +
> + goto exit;
> +
> +remove_fs:
> + debugfs_remove_recursive(data->dfs);
> +
> +exit:
> + return ret;
> +}
> diff --git a/drivers/soc/imx/secvio/imx-secvio-sc-int.h
> b/drivers/soc/imx/secvio/imx-secvio-sc-int.h
> new file mode 100644
> index 0000000..54de7fa
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/imx-secvio-sc-int.h
> @@ -0,0 +1,84 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2019-2020 NXP
> + */
> +
> +#ifndef SECVIO_SC_H
> +#define SECVIO_SC_H
> +
> +/* Includes */
> +#include <linux/kernel.h>
> +#include <linux/notifier.h>
> +#include <linux/semaphore.h>
> +#include <linux/nvmem-consumer.h>
> +#include <linux/miscdevice.h>
> +
> +/* Access for sc_seco_secvio_config API */ #define SECVIO_CONFIG_READ
> +0 #define SECVIO_CONFIG_WRITE 1
> +
> +/* Internal Structure */
> +struct imx_secvio_sc_data {
> + struct device *dev;
> +
> + struct imx_sc_ipc *ipc_handle;
> +
> + struct notifier_block irq_nb;
> + struct notifier_block report_nb;
> + struct notifier_block audit_nb;
> +
> + struct nvmem_device *nvmem;
> +
> + struct miscdevice miscdev;
> +
> +#ifdef CONFIG_DEBUG_FS
> + struct dentry *dfs;
> +#endif
> +
> + u32 version;
> +};
> +
> +/**
> + * call_secvio_config() - Wrapper for imx_sc_seco_secvio_config()
> + *
> + * @dev: secvio device
> + * @id: ID of the register, ie the offset of the first register of
> +the set
> + * @access: Write (1) or Read (0) the registers
> + * @data0: Data for the first register
> + * @data1: Data for the second register
> + * @data2: Data for the third register
> + * @data3: Data for the fourth register
> + * @data4: Data for the fifth register
> + * @size: Number of register to configure
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +int call_secvio_config(struct device *dev, u8 id, u8 access, u32 *data0,
> + u32 *data1, u32 *data2, u32 *data3, u32 *data4, u8 size);
> +
> +#ifdef CONFIG_DEBUG_FS
> +extern
> +int imx_secvio_sc_debugfs(struct device *dev); #else static inline
> +int imx_secvio_sc_debugfs(struct device *dev) {
> + return 0;
> +}
> +#endif /* CONFIG_DEBUG_FS */
> +
> +#ifdef CONFIG_AUDIT
> +int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
> + void *notif_info);
> +#else /* CONFIG_AUDIT */
> +static inline
> +int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
> + void *notif_info)
> +{
> + return 0;
> +}
> +#endif /* CONFIG_AUDIT */
> +
> +#endif /* SECVIO_SC_H */
> diff --git a/drivers/soc/imx/secvio/imx-secvio-sc.c
> b/drivers/soc/imx/secvio/imx-secvio-sc.c
> new file mode 100644
> index 0000000..1e0d6aa
> --- /dev/null
> +++ b/drivers/soc/imx/secvio/imx-secvio-sc.c
> @@ -0,0 +1,858 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2019-2020 NXP
> + */
> +
> +/*
> + * The SoC of the i.MX8 family contains a hardware block called SNVS
> + * (Secure Non-Volatile Storage).
> + *
> + * The i.MX8 (QM/QXP/DXL) SoC contains the (SNVS) block. This
> + * block can detect specific hardware attacks. Due to the presence of
> +the SECO,
> + * this block can only be accessible using the SCFW API.
> + *
> + * This module interacts with the SCU which relays request to/from
> +the SNVS block
> + * to detect if security violation occurred.
> + *
> + * The module exports an API to add processing when a SV is detected:
> + * - register_imx_secvio_sc_notifier
> + * - unregister_imx_secvio_sc_notifier
> + * - imx_secvio_sc_check_state
> + * - int_imx_secvio_sc_clear_state
> + * - imx_secvio_sc_enable_irq
> + * - imx_secvio_sc_disable_irq
> + */
> +
> +#include <linux/kernel.h>
> +#include <linux/device.h>
> +#include <linux/notifier.h>
> +#include <linux/module.h>
> +#include <linux/fs.h>
> +#include <linux/uaccess.h>
> +#include <linux/of_device.h>
> +#include <linux/platform_device.h>
> +#include <linux/nvmem-consumer.h>
> +#include <linux/miscdevice.h>
> +
> +#include <linux/firmware/imx/ipc.h>
> +#include <linux/firmware/imx/sci.h>
> +#include <linux/firmware/imx/svc/seco.h> #include
> +<linux/firmware/imx/svc/rm.h> #include
> +<dt-bindings/firmware/imx/rsrc.h>
> +
> +#include <soc/imx/imx-secvio-sc.h>
> +#include "imx-secvio-sc-int.h"
> +
> +/* Definitions */
> +static int int_imx_secvio_sc_enable_irq(struct device *dev); static
> +int int_imx_secvio_sc_disable_irq(struct device *dev);
> +
> +/* Reference on the driver_device */
> +static struct device *gs_imx_secvio_sc_dev;
> +
> +/* Register IDs for sc_seco_secvio_config API */ #define HPSVS_ID
> +0x18 #define LPS_ID 0x4c #define LPTDS_ID 0xa4 #define HPVIDR_ID 0xf8
> +
> +#define SECO_MINOR_VERSION_SUPPORT_SECVIO_TAMPER 0x53 #define
> +SECO_VERSION_MINOR_MASK GENMASK(15, 0)
> +
> +/* Notifier list for new CB */
> +static BLOCKING_NOTIFIER_HEAD(imx_secvio_sc_notifier_chain);
> +
> +/**
> + * register_imx_secvio_sc_notifier() - Add function to secvio call
> +chain
> + *
> + * @nb: notifier block of the function to add
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +int register_imx_secvio_sc_notifier(struct notifier_block *nb) {
> + return blocking_notifier_chain_register(&imx_secvio_sc_notifier_chain,
> + nb);
> +}
> +EXPORT_SYMBOL(register_imx_secvio_sc_notifier);
> +
> +/**
> + * unregister_imx_secvio_sc_notifier() - Remove function to secvio
> +call chain
> + *
> + * @nb: notifier block of the function to add
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +int unregister_imx_secvio_sc_notifier(struct notifier_block *nb) {
> + return blocking_notifier_chain_unregister(&imx_secvio_sc_notifier_chain,
> + nb);
> +}
> +EXPORT_SYMBOL(unregister_imx_secvio_sc_notifier);
> +
> +/**
> + * if_imx_scu_irq_register_notifier() - Wrapper for
> +imx_scu_irq_register_notifier
> + *
> + * Can be used for devm actions
> + *
> + * @nb: notifier block of the function to add */ static void
> +if_unregister_imx_secvio_sc_notifier(void *nb) {
> + unregister_imx_secvio_sc_notifier(nb);
> +}
> +
> +/**
> + * imx_secvio_sc_notifier_call_chain() - Call secvio notifier chain
> + *
> + * @info: The structure containing the info to pass to notified
> +functions
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static
> +int imx_secvio_sc_notifier_call_chain(struct secvio_sc_notifier_info
> +*info) {
> + return blocking_notifier_call_chain(&imx_secvio_sc_notifier_chain, 0,
> + (void *)info);
> +}
> +
> +int call_secvio_config(struct device *dev, u8 id, u8 access, u32 *data0,
> + u32 *data1, u32 *data2, u32 *data3, u32 *data4, u8 size) {
> + int ret = 0;
> + struct imx_secvio_sc_data *data;
> +
> + data = dev_get_drvdata(dev);
> +
> + ret = imx_sc_seco_secvio_config(data->ipc_handle, id, access, data0,
> + data1, data2, data3, data4, size);
> + if (ret)
> + dev_err(dev, "Fail %s secvio config %d",
> + ((access) ? "write" : "read"), ret);
> +
> + return ret;
> +}
> +
> +/**
> + * int_imx_secvio_sc_get_state() - Get the state of secvio and tamper
> + *
> + * @dev: secvio device
> + * @info: The structure to use to store the status
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int int_imx_secvio_sc_get_state(struct device *dev,
> + struct secvio_sc_notifier_info *info) {
> + struct secvio_sc_notifier_info _info = {0};
> + struct secvio_sc_notifier_info *p_info;
> + int ret = 0, ret2 = 0;
> +
> + p_info = info ? info : &_info;
> +
> + /* Read secvio status */
> + ret = call_secvio_config(dev, HPSVS_ID, SECVIO_CONFIG_READ,
> + &p_info->hpsvs, NULL, NULL, NULL, NULL, 1);
> + if (ret) {
> + ret2 = ret;
> + dev_warn(dev, "Cannot read secvio status: %d\n", ret);
> + }
> + p_info->hpsvs &= HPSVS__ALL_SV__MASK;
> +
> + /* Read tampers status */
> + ret = call_secvio_config(dev, LPS_ID, SECVIO_CONFIG_READ,
> + &p_info->lps, NULL, NULL, NULL, NULL, 1);
> + if (ret) {
> + ret2 = ret;
> + dev_warn(dev, "Cannot read tamper 1 status: %d\n", ret);
> + }
> + p_info->lps &= LPS__ALL_TP__MASK;
> +
> + ret = call_secvio_config(dev, LPTDS_ID, SECVIO_CONFIG_READ,
> + &p_info->lptds, NULL, NULL, NULL, NULL, 1);
> + if (ret) {
> + ret2 = ret;
> + dev_warn(dev, "Cannot read tamper 2 status: %d\n", ret);
> + }
> + p_info->lptds &= LPTDS__ALL_TP__MASK;
> +
> + dev_dbg(dev, "Status: %.8x, %.8x, %.8x\n", p_info->hpsvs,
> + p_info->lps, p_info->lptds);
> +
> + return ret2;
> +}
> +
> +/**
> + * imx_secvio_sc_get_state() - Wrapper for
> +int_imx_secvio_sc_get_state
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +inline int imx_secvio_sc_get_state(struct secvio_sc_notifier_info
> +*info) {
> + if (!gs_imx_secvio_sc_dev)
> + return -EOPNOTSUPP;
> +
> + return int_imx_secvio_sc_get_state(gs_imx_secvio_sc_dev, info); }
> +EXPORT_SYMBOL(imx_secvio_sc_get_state);
> +
> +/**
> + * int_imx_secvio_sc_check_state() - Get the state and call chain of
> +notifier
> + * if there is a status
> + *
> + * @dev: secvio device
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int int_imx_secvio_sc_check_state(struct device *dev) {
> + struct secvio_sc_notifier_info info = {0};
> + int ret = 0;
> +
> + ret = int_imx_secvio_sc_get_state(dev, &info);
> + if (ret) {
> + dev_err(dev, "Failed to get secvio state\n");
> + goto exit;
> + }
> +
> + /* Call chain of CB registered to this module if status detected */
> + if (info.hpsvs || info.lps || info.lptds)
> + if (imx_secvio_sc_notifier_call_chain(&info))
> + dev_warn(dev,
> + "Issues when calling the notifier chain\n");
> +
> +exit:
> + return ret;
> +}
> +
> +/**
> + * imx_secvio_sc_check_state() - Wrapper for
> +int_imx_secvio_sc_check_state
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +inline int imx_secvio_sc_check_state(void) {
> + if (!gs_imx_secvio_sc_dev)
> + return -EOPNOTSUPP;
> +
> + return int_imx_secvio_sc_check_state(gs_imx_secvio_sc_dev);
> +}
> +EXPORT_SYMBOL(imx_secvio_sc_check_state);
> +
> +/**
> + * imx_secvio_sc_notify() - Process event from SCU
> + *
> + * If the event is secvio we check the state, then
> + * re-enable the IRQ which has been disabled by SCU
> + *
> + * @nb: secvio device
> + * @event: The id of the IRQ received in a group
> + * @group: The group of the IRQ
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int imx_secvio_sc_notify(struct notifier_block *nb,
> + unsigned long event, void *group) {
> + struct imx_secvio_sc_data *data =
> + container_of(nb, struct imx_secvio_sc_data,
> + irq_nb);
> + struct device *dev = data->dev;
> + int ret = 0;
> +
> + /* Filter event for us */
> + if (!((event & IMX_SC_IRQ_SECVIO) &&
> + (*(u8 *)group == IMX_SC_IRQ_GROUP_WAKE)))
> + goto exit;
> +
> + dev_warn(dev, "secvio security violation detected\n");
> +
> + ret = int_imx_secvio_sc_check_state(dev);
> +
> + /* Re-enable interrupt */
> + ret = int_imx_secvio_sc_enable_irq(dev);
> + if (ret)
> + dev_err(dev, "Failed to enable IRQ\n");
> +
> +exit:
> + return ret;
> +}
> +
> +/**
> + * int_imx_secvio_sc_clear_state() - Clear secvio and tamper state
> + *
> + * @dev: secvio device
> + * @hpsvs: high power security violation status to clear
> + * @lps: low power status to clear
> + * @lptds: low power tamper detector status to clear
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int int_imx_secvio_sc_clear_state(struct device *dev, u32 hpsvs, u32 lps,
> + u32 lptds)
> +{
> + int ret = 0;
> +
> + ret = call_secvio_config(dev, HPSVS_ID, SECVIO_CONFIG_WRITE, &hpsvs,
> + NULL, NULL, NULL, NULL, 1);
> + if (ret) {
> + dev_err(dev, "Cannot clear secvio status: %d\n", ret);
> + goto exit;
> + }
> +
> + ret = call_secvio_config(dev, LPS_ID, SECVIO_CONFIG_WRITE, &lps, NULL,
> + NULL, NULL, NULL, 1);
> + if (ret) {
> + dev_err(dev, "Cannot clear tamper 1 status: %d\n", ret);
> + goto exit;
> + }
> +
> + ret = call_secvio_config(dev, LPTDS_ID, SECVIO_CONFIG_WRITE, &lptds,
> + NULL, NULL, NULL, NULL, 1);
> + if (ret) {
> + dev_err(dev, "Cannot clear tamper 2 status: %d\n", ret);
> + goto exit;
> + }
> +
> +exit:
> + return ret;
> +}
> +
> +/**
> + * imx_secvio_sc_clear_state() - Wrapper for
> +imx_secvio_sc_clear_state
> + *
> + * @hpsvs: high power security violation status to clear
> + * @lps: low power status to clear
> + * @lptds: low power tamper detector status to clear
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +inline int imx_secvio_sc_clear_state(u32 hpsvs, u32 lps, u32 lptds) {
> + if (!gs_imx_secvio_sc_dev)
> + return -EOPNOTSUPP;
> +
> + return int_imx_secvio_sc_clear_state(gs_imx_secvio_sc_dev, hpsvs, lps,
> + lptds);
> +}
> +EXPORT_SYMBOL(imx_secvio_sc_clear_state);
> +
> +/**
> + * report_to_user_notify() - Print to console the status
> + *
> + * @nb: notifier block
> + * @status: error code
> + * @notif_info: Pointer on structure containing the status of the
> +secvio and
> + * tampers
> + *
> + * Return:
> + * 0 - OK
> + */
> +static int report_to_user_notify(struct notifier_block *nb,
> + unsigned long status, void *notif_info) {
> + struct secvio_sc_notifier_info *info = notif_info;
> + struct imx_secvio_sc_data *data =
> + container_of(nb, struct imx_secvio_sc_data,
> + report_nb);
> + struct device *dev = data->dev;
> +
> + /* Information about the security violation */
> + if (info->hpsvs & HPSVS__LP_SEC_VIO__MASK)
> + dev_info(dev, "SNVS secvio: LPSV\n");
> + if (info->hpsvs & HPSVS__SW_LPSV__MASK)
> + dev_info(dev, "SNVS secvio: SW LPSV\n");
> + if (info->hpsvs & HPSVS__SW_FSV__MASK)
> + dev_info(dev, "SNVS secvio: SW FSV\n");
> + if (info->hpsvs & HPSVS__SW_SV__MASK)
> + dev_info(dev, "SNVS secvio: SW SV\n");
> + if (info->hpsvs & HPSVS__SV5__MASK)
> + dev_info(dev, "SNVS secvio: SV 5\n");
> + if (info->hpsvs & HPSVS__SV4__MASK)
> + dev_info(dev, "SNVS secvio: SV 4\n");
> + if (info->hpsvs & HPSVS__SV3__MASK)
> + dev_info(dev, "SNVS secvio: SV 3\n");
> + if (info->hpsvs & HPSVS__SV2__MASK)
> + dev_info(dev, "SNVS secvio: SV 2\n");
> + if (info->hpsvs & HPSVS__SV1__MASK)
> + dev_info(dev, "SNVS secvio: SV 1\n");
> + if (info->hpsvs & HPSVS__SV0__MASK)
> + dev_info(dev, "SNVS secvio: SV 0\n");
> +
> + /* Information about the tampers */
> + if (info->lps & LPS__ESVD__MASK)
> + dev_info(dev, "SNVS tamper: External SV\n");
> + if (info->lps & LPS__ET2D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 2\n");
> + if (info->lps & LPS__ET1D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 1\n");
> + if (info->lps & LPS__WMT2D__MASK)
> + dev_info(dev, "SNVS tamper: Wire Mesh 2\n");
> + if (info->lps & LPS__WMT1D__MASK)
> + dev_info(dev, "SNVS tamper: Wire Mesh 1\n");
> + if (info->lps & LPS__VTD__MASK)
> + dev_info(dev, "SNVS tamper: Voltage\n");
> + if (info->lps & LPS__TTD__MASK)
> + dev_info(dev, "SNVS tamper: Temperature\n");
> + if (info->lps & LPS__CTD__MASK)
> + dev_info(dev, "SNVS tamper: Clock\n");
> + if (info->lps & LPS__PGD__MASK)
> + dev_info(dev, "SNVS tamper: Power Glitch\n");
> + if (info->lps & LPS__MCR__MASK)
> + dev_info(dev, "SNVS tamper: Monotonic Counter rollover\n");
> + if (info->lps & LPS__SRTCR__MASK)
> + dev_info(dev, "SNVS tamper: Secure RTC rollover\n");
> + if (info->lps & LPS__LPTA__MASK)
> + dev_info(dev, "SNVS tamper: Time alarm\n");
> +
> + if (info->lptds & LPTDS__ET10D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 10\n");
> + if (info->lptds & LPTDS__ET9D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 9\n");
> + if (info->lptds & LPTDS__ET8D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 8\n");
> + if (info->lptds & LPTDS__ET7D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 7\n");
> + if (info->lptds & LPTDS__ET6D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 6\n");
> + if (info->lptds & LPTDS__ET5D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 5\n");
> + if (info->lptds & LPTDS__ET4D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 4\n");
> + if (info->lptds & LPTDS__ET3D__MASK)
> + dev_info(dev, "SNVS tamper: Tamper 3\n");
> +
> + return 0;
> +}
> +
> +/**
> + * int_imx_secvio_sc_enable_irq() - Enable the secvio IRQ in SCU
> + *
> + * @dev: secvio device
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int int_imx_secvio_sc_enable_irq(struct device *dev) {
> + int ret = 0, ret2;
> + u32 irq_status;
> + struct imx_secvio_sc_data *data;
> +
> + data = dev_get_drvdata(dev);
> +
> + /* Enable the IRQ */
> + ret = imx_scu_irq_group_enable(IMX_SC_IRQ_GROUP_WAKE, IMX_SC_IRQ_SECVIO,
> + true);
> + if (ret) {
> + dev_err(dev, "Cannot enable SCU IRQ: %d\n", ret);
> + goto exit;
> + }
> +
> + /* Enable interrupt */
> + ret = imx_sc_seco_secvio_enable(data->ipc_handle);
> + if (ret) {
> + dev_err(dev, "Cannot enable SNVS irq: %d\n", ret);
> + goto exit;
> + };
> +
> + /* Unmask interrupt */
> + ret = imx_scu_irq_get_status(IMX_SC_IRQ_GROUP_WAKE, &irq_status);
> + if (ret) {
> + dev_err(dev, "Cannot unmask irq: %d\n", ret);
> + goto exit;
> + };
> +
> +exit:
> + if (ret) {
> + ret2 = int_imx_secvio_sc_disable_irq(dev);
> + if (ret2)
> + dev_warn(dev, "Failed to disable the IRQ\n");
> + }
> +
> + return ret;
> +}
> +
> +/**
> + * int_imx_secvio_sc_disable_irq() - Disable secvio IRQ
> + *
> + * @dev: secvio device
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int int_imx_secvio_sc_disable_irq(struct device *dev) {
> + int ret = 0;
> + struct imx_secvio_sc_data *data;
> +
> + data = dev_get_drvdata(dev);
> +
> + /* Disable the IRQ */
> + ret = imx_scu_irq_group_enable(IMX_SC_IRQ_GROUP_WAKE, IMX_SC_IRQ_SECVIO,
> + false);
> + if (ret) {
> + dev_err(dev, "Cannot disable SCU IRQ: %d\n", ret);
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> +/**
> + * if_imx_secvio_sc_disable_irq() - Wrapper for
> +int_imx_secvio_sc_disable_irq
> + *
> + * Can be used with devm
> + *
> + * @dev: secvio device
> + */
> +static void if_imx_secvio_sc_disable_irq(void *dev) {
> + int_imx_secvio_sc_disable_irq(dev);
> +}
> +
> +/**
> + * imx_secvio_sc_open() - Store node info for ioctl
> + *
> + * @node: inode
> + * @file: file used to perform the ioctl
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int imx_secvio_sc_open(struct inode *node, struct file *filp)
> +{
> + filp->private_data = node->i_private;
> +
> + return 0;
> +}
> +
> +/**
> + * imx_secvio_sc_ioctl() - IOCTL handler for the driver
> + *
> + * @file: file used to perform the ioctl
> + * @cmd: command to perform
> + * @arg: Pointer on structure with info for the command
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static long imx_secvio_sc_ioctl(struct file *file, unsigned int cmd,
> +unsigned long arg) {
> + struct device *dev = file->private_data;
> + struct secvio_sc_notifier_info info;
> + int ret;
> +
> + switch (cmd) {
> + case IMX_SECVIO_SC_GET_STATE:
> + ret = int_imx_secvio_sc_get_state(dev, &info);
> + if (ret) {
> + dev_err(dev, "Fail to get state\n");
> + goto exit;
> + }
> +
> + ret = copy_to_user((void *)arg, &info, sizeof(info));
> + if (ret) {
> + dev_err(dev, "Fail to copy info to user\n");
> + ret = -EFAULT;
> + goto exit;
> + }
> + break;
> + case IMX_SECVIO_SC_CHECK_STATE:
> + ret = int_imx_secvio_sc_check_state(dev);
> + if (ret) {
> + dev_err(dev, "Fail to check state\n");
> + goto exit;
> + }
> + break;
> + case IMX_SECVIO_SC_CLEAR_STATE:
> + ret = copy_from_user(&info, (void *)arg, sizeof(info));
> + if (ret) {
> + dev_err(dev, "Fail to copy info from user\n");
> + ret = -EFAULT;
> + goto exit;
> + }
> +
> + ret = int_imx_secvio_sc_clear_state(dev, info.hpsvs, info.lps,
> + info.lptds);
> + if (ret) {
> + dev_err(dev, "Fail to clear state\n");
> + goto exit;
> + }
> + break;
> + default:
> + ret = -ENOIOCTLCMD;
> + }
> +
> +exit:
> + return ret;
> +}
> +
> +const static struct file_operations imx_secvio_sc_fops = {
> + .owner = THIS_MODULE,
> + .open = imx_secvio_sc_open,
> + .unlocked_ioctl = imx_secvio_sc_ioctl, };
> +
> +static void if_misc_deregister(void *miscdevice) {
> + misc_deregister(miscdevice);
> +}
> +
> +static void reset_global_dev(void *dev) {
> + gs_imx_secvio_sc_dev = NULL;
> +}
> +
> +/**
> + * imx_secvio_sc_setup() - Configure the driver
> + *
> + * @dev: secvio device
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int imx_secvio_sc_setup(struct device *dev) {
> + struct imx_secvio_sc_data *data;
> + u32 seco_version = 0;
> + bool own_secvio;
> + u32 irq_status;
> + int ret = 0;
> +
> + if (!devres_open_group(dev, NULL, GFP_KERNEL)) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Allocate private data */
> + data = devm_kzalloc(dev, sizeof(*data), GFP_KERNEL);
> + if (!data) {
> + ret = -ENOMEM;
> + dev_err(dev, "Failed to allocate mem for data\n");
> + goto clean;
> + }
> +
> + data->dev = dev;
> +
> + dev_set_drvdata(dev, data);
> +
> + data->nvmem = devm_nvmem_device_get(dev, NULL);
> + if (IS_ERR(data->nvmem)) {
> + ret = PTR_ERR(data->nvmem);
> + if (ret != -EPROBE_DEFER)
> + dev_err(dev, "Failed to retrieve nvmem\n");
> +
> + goto clean;
> + }
> +
> + /* Get a handle */
> + ret = imx_scu_get_handle(&data->ipc_handle);
> + if (ret) {
> + dev_err(dev, "cannot get handle to scu: %d\n", ret);
> + goto clean;
> + };
> +
> + /* Check the version of the SECO */
> + ret = imx_sc_seco_build_info(data->ipc_handle, &seco_version, NULL);
> + if (ret) {
> + dev_err(dev, "Failed to get seco version\n");
> + goto clean;
> + }
> +
> + if ((seco_version & SECO_VERSION_MINOR_MASK) <
> + SECO_MINOR_VERSION_SUPPORT_SECVIO_TAMPER) {
> + dev_err(dev, "SECO version %.8x doesn't support all secvio\n",
> + seco_version);
> + ret = -EOPNOTSUPP;
> + goto clean;
> + }
> +
> + /* Init debug FS */
> + ret = imx_secvio_sc_debugfs(dev);
> + if (ret) {
> + dev_err(dev, "Failed to set debugfs\n");
> + goto clean;
> + }
> +
> + /* Check we own the SECVIO */
> + ret = imx_sc_rm_is_resource_owned(data->ipc_handle, IMX_SC_R_SECVIO);
> + if (ret < 0) {
> + dev_err(dev, "Failed to retrieve secvio ownership\n");
> + goto clean;
> + }
> +
> + own_secvio = ret > 0;
> + if (!own_secvio) {
> + dev_err(dev, "Secvio resource is not owned\n");
> + ret = -EPERM;
> + goto clean;
> + }
> +
> + /* Check IRQ exists and enable it */
> + ret = imx_scu_irq_get_status(IMX_SC_IRQ_GROUP_WAKE, &irq_status);
> + if (ret) {
> + dev_err(dev, "Cannot get IRQ state: %d\n", ret);
> + goto clean;
> + }
> +
> + ret = int_imx_secvio_sc_enable_irq(dev);
> + if (ret) {
> + dev_err(dev, "Failed to enable IRQ\n");
> + goto clean;
> + }
> +
> + ret = devm_add_action_or_reset(dev, if_imx_secvio_sc_disable_irq, dev);
> + if (ret) {
> + dev_err(dev, "Failed to add managed action to disable IRQ\n");
> + goto clean;
> + }
> +
> + /* Register the notifier for IRQ from SNVS */
> + data->irq_nb.notifier_call = imx_secvio_sc_notify;
> + ret = imx_scu_irq_register_notifier(&data->irq_nb);
> + if (ret) {
> + dev_err(dev, "Failed to register IRQ notification handler\n");
> + goto clean;
> + }
> +
> + ret = devm_add_action_or_reset(dev, if_unregister_imx_secvio_sc_notifier,
> + &data->irq_nb);
> + if (ret) {
> + dev_err(dev, "Failed to add action to remove irq notify\n");
> + goto clean;
> + }
> +
> + /* Register the notification for reporting to user */
> + data->report_nb.notifier_call = report_to_user_notify;
> + ret = register_imx_secvio_sc_notifier(&data->report_nb);
> + if (ret) {
> + dev_err(dev, "Failed to register report notify handler\n");
> + goto clean;
> + }
> +
> + ret = devm_add_action_or_reset(dev, if_unregister_imx_secvio_sc_notifier,
> + &data->report_nb);
> + if (ret) {
> + dev_err(dev, "Failed to add action to remove report notify\n");
> + goto clean;
> + }
> +
> + /* Register the notification to report to audit FW */
> + data->audit_nb.notifier_call = report_to_audit_notify;
> + ret = register_imx_secvio_sc_notifier(&data->audit_nb);
> + if (ret) {
> + dev_err(dev, "Failed to register report audit handler\n");
> + goto clean;
> + }
> +
> + ret = devm_add_action(dev, if_unregister_imx_secvio_sc_notifier,
> + &data->audit_nb);
> + if (ret) {
> + dev_err(dev, "Failed to add action to remove audit notif\n");
> + goto clean;
> + }
> +
> + /* Register misc device for IOCTL */
> + data->miscdev.name = devm_kstrdup(dev, "secvio-sc", GFP_KERNEL);
> + data->miscdev.minor = MISC_DYNAMIC_MINOR;
> + data->miscdev.fops = &imx_secvio_sc_fops;
> + data->miscdev.parent = dev;
> + ret = misc_register(&data->miscdev);
> + if (ret) {
> + dev_err(dev, "failed to register misc device\n");
> + goto exit;
> + }
> +
> + ret = devm_add_action_or_reset(dev, if_misc_deregister, &data->miscdev);
> + if (ret) {
> + dev_err(dev, "Failed to add action to unregister miscdev\n");
> + goto clean;
> + }
> +
> + gs_imx_secvio_sc_dev = dev;
> + ret = devm_add_action_or_reset(dev, reset_global_dev, dev);
> + if (ret) {
> + dev_err(dev, "Failed to add action to disable global dev\n");
> + goto clean;
> + }
> +
> + /* Process current state of the secvio and tampers */
> + int_imx_secvio_sc_check_state(dev);
> +
> + devres_remove_group(dev, NULL);
> +
> + goto exit;
> +
> +clean:
> + devres_release_group(dev, NULL);
> +
> +exit:
> + return ret;
> +}
> +
> +/**
> + * imx_secvio_sc_probe() - Probe the driver
> + *
> + * @pdev: platform device
> + *
> + * Return:
> + * 0 - OK
> + * < 0 - error.
> + */
> +static int imx_secvio_sc_probe(struct platform_device *pdev) {
> + int ret;
> + struct device *dev = &pdev->dev;
> +
> + ret = imx_secvio_sc_setup(dev);
> + if (ret && ret != -EPROBE_DEFER)
> + dev_err(dev, "Failed to setup\n");
> +
> + return ret;
> +}
> +
> +static const struct of_device_id imx_secvio_sc_dt_ids[] = {
> + { .compatible = "fsl,imx-sc-secvio", },
> + { /* sentinel */ }
> +};
> +MODULE_DEVICE_TABLE(of, imx_secvio_sc_dt_ids);
> +
> +static struct platform_driver imx_secvio_sc_driver = {
> + .driver = {
> + .owner = THIS_MODULE,
> + .name = "imx-secvio-sc",
> + .of_match_table = imx_secvio_sc_dt_ids,
> + },
> + .probe = imx_secvio_sc_probe,
> +};
> +module_platform_driver(imx_secvio_sc_driver);
> +
> +MODULE_AUTHOR("Franck LENORMAND <franck.lenormand@....com>");
> +MODULE_DESCRIPTION("NXP i.MX driver to handle SNVS secvio irq sent by
> +SCFW"); MODULE_LICENSE("GPL");
> diff --git a/include/soc/imx/imx-secvio-sc.h
> b/include/soc/imx/imx-secvio-sc.h new file mode 100644 index
> 0000000..a26e2ff
> --- /dev/null
> +++ b/include/soc/imx/imx-secvio-sc.h
> @@ -0,0 +1,177 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2019-2020 NXP
> + */
> +
> +#ifndef _MISC_IMX_SECVIO_SC_H_
> +#define _MISC_IMX_SECVIO_SC_H_
> +
> +#include <linux/kernel.h>
> +#include <linux/notifier.h>
> +
> +/* Bitmask of the security violation status bit in the HPSVS register
> +*/ #define HPSVS__LP_SEC_VIO__MASK BIT(31)
> +#define HPSVS__SW_LPSV__MASK BIT(15)
> +#define HPSVS__SW_FSV__MASK BIT(14)
> +#define HPSVS__SW_SV__MASK BIT(13)
> +#define HPSVS__SV5__MASK BIT(5)
> +#define HPSVS__SV4__MASK BIT(4)
> +#define HPSVS__SV3__MASK BIT(3)
> +#define HPSVS__SV2__MASK BIT(2)
> +#define HPSVS__SV1__MASK BIT(1)
> +#define HPSVS__SV0__MASK BIT(0)
> +
> +/* Bitmask of all security violation status bit in the HPSVS register
> +*/ #define HPSVS__ALL_SV__MASK (HPSVS__LP_SEC_VIO__MASK | \
> + HPSVS__SW_LPSV__MASK | \
> + HPSVS__SW_FSV__MASK | \
> + HPSVS__SW_SV__MASK | \
> + HPSVS__SV5__MASK | \
> + HPSVS__SV4__MASK | \
> + HPSVS__SV3__MASK | \
> + HPSVS__SV2__MASK | \
> + HPSVS__SV1__MASK | \
> + HPSVS__SV0__MASK)
> +
> +/*
> + * Bitmask of the security violation and tampers status bit in the
> +LPS register */ #define LPS__ESVD__MASK BIT(16) #define
> +LPS__ET2D__MASK BIT(10) #define LPS__ET1D__MASK BIT(9) #define
> +LPS__WMT2D__MASK BIT(8) #define LPS__WMT1D__MASK BIT(7)
> +#define LPS__VTD__MASK BIT(6)
> +#define LPS__TTD__MASK BIT(5)
> +#define LPS__CTD__MASK BIT(4)
> +#define LPS__PGD__MASK BIT(3)
> +#define LPS__MCR__MASK BIT(2)
> +#define LPS__SRTCR__MASK BIT(1)
> +#define LPS__LPTA__MASK BIT(0)
> +
> +/*
> + * Bitmask of all security violation and tampers status bit in the LPS register
> + */
> +#define LPS__ALL_TP__MASK (LPS__ESVD__MASK | \
> + LPS__ET2D__MASK | \
> + LPS__ET1D__MASK | \
> + LPS__WMT2D__MASK | \
> + LPS__WMT1D__MASK | \
> + LPS__VTD__MASK | \
> + LPS__TTD__MASK | \
> + LPS__CTD__MASK | \
> + LPS__PGD__MASK | \
> + LPS__MCR__MASK | \
> + LPS__SRTCR__MASK | \
> + LPS__LPTA__MASK)
> +
> +/*
> + * Bitmask of the security violation and tampers status bit in the LPTDS
> + * register
> + */
> +#define LPTDS__ET10D__MASK BIT(7)
> +#define LPTDS__ET9D__MASK BIT(6)
> +#define LPTDS__ET8D__MASK BIT(5)
> +#define LPTDS__ET7D__MASK BIT(4)
> +#define LPTDS__ET6D__MASK BIT(3)
> +#define LPTDS__ET5D__MASK BIT(2)
> +#define LPTDS__ET4D__MASK BIT(1)
> +#define LPTDS__ET3D__MASK BIT(0)
> +
> +/*
> + * Bitmask of all security violation and tampers status bit in the LPTDS
> + * register
> + */
> +#define LPTDS__ALL_TP__MASK (LPTDS__ET10D__MASK | \
> + LPTDS__ET9D__MASK | \
> + LPTDS__ET8D__MASK | \
> + LPTDS__ET7D__MASK | \
> + LPTDS__ET6D__MASK | \
> + LPTDS__ET5D__MASK | \
> + LPTDS__ET4D__MASK | \
> + LPTDS__ET3D__MASK)
> +
> +/**
> + * struct secvio_sc_notifier_info - Information about the status of the SNVS
> + * @hpsvs: status from register HPSVS
> + * @lps: status from register LPS
> + * @lptds: status from register LPTDS
> + */
> +struct secvio_sc_notifier_info {
> + u32 hpsvs;
> + u32 lps;
> + u32 lptds;
> +};
> +
> +/**
> + * register_imx_secvio_sc_notifier() - Register a notifier
> + *
> + * @nb: The notifier block structure
> + *
> + * Register a function to notify to the imx-secvio-sc module. The function
> + * will be notified when a check of the state of the SNVS happens: called by
> + * a user or triggered by an interruption form the SNVS.
> + *
> + * The struct secvio_sc_notifier_info is passed as data to the notifier.
> + *
> + * Return: 0 in case of success
> + */
> +int register_imx_secvio_sc_notifier(struct notifier_block *nb);
> +
> +/**
> + * unregister_imx_secvio_sc_notifier() - Unregister a notifier
> + *
> + * @nb: The notifier block structure
> + *
> + * Return: 0 in case of success
> + */
> +int unregister_imx_secvio_sc_notifier(struct notifier_block *nb);
> +
> +/**
> + * imx_secvio_sc_get_state() - Get the state of the SNVS
> + *
> + * @info: The structure containing the state of the SNVS
> + *
> + * Return: 0 in case of success
> + */
> +int imx_secvio_sc_get_state(struct secvio_sc_notifier_info *info);
> +
> +/**
> + * imx_secvio_sc_check_state() - Check the state of the SNVS
> + *
> + * If a security violation or a tamper is detected, the list of notifier
> + * (registered using register_imx_secvio_sc_notifier() ) will be called
> + *
> + * Return: 0 in case of success
> + */
> +int imx_secvio_sc_check_state(void);
> +
> +/**
> + * imx_secvio_sc_clear_state() - Clear the state of the SNVS
> + *
> + * @hpsvs: Value to write to HPSVS register
> + * @lps: Value to write to LPS register
> + * @lptds: Value to write to LPTDSregister
> + *
> + * The function will write the value provided to the corresponding register
> + * which will clear the status of the bits set.
> + *
> + * Return: 0 in case of success
> + */
> +int imx_secvio_sc_clear_state(u32 hpsvs, u32 lps, u32 lptds);
> +
> +/* Commands of the ioctl interface */
> +enum ioctl_cmd_t {
> + GET_STATE,
> + CHECK_STATE,
> + CLEAR_STATE,
> +};
> +
> +/* Definition for the ioctl interface */
> +#define IMX_SECVIO_SC_GET_STATE _IOR('S', GET_STATE, \
> + struct secvio_sc_notifier_info)
> +#define IMX_SECVIO_SC_CHECK_STATE _IO('S', CHECK_STATE)
> +#define IMX_SECVIO_SC_CLEAR_STATE _IOW('S', CLEAR_STATE, \
> + struct secvio_sc_notifier_info)
> +
> +#endif /* _MISC_IMX_SECVIO_SC_H_ */
> --
> 2.7.4
>
Powered by blists - more mailing lists