456 lines
14 KiB
Plaintext
456 lines
14 KiB
Plaintext
=====================================================================
|
|
SEC 4 Device Tree Binding
|
|
Copyright (C) 2008-2011 Freescale Semiconductor Inc.
|
|
|
|
CONTENTS
|
|
-Overview
|
|
-SEC 4 Node
|
|
-Job Ring Node
|
|
-Run Time Integrity Check (RTIC) Node
|
|
-Run Time Integrity Check (RTIC) Memory Node
|
|
-Secure Non-Volatile Storage (SNVS) Node
|
|
-Secure Non-Volatile Storage (SNVS) Low Power (LP) RTC Node
|
|
-Full Example
|
|
|
|
NOTE: the SEC 4 is also known as Freescale's Cryptographic Accelerator
|
|
Accelerator and Assurance Module (CAAM).
|
|
|
|
=====================================================================
|
|
Overview
|
|
|
|
DESCRIPTION
|
|
|
|
SEC 4 h/w can process requests from 2 types of sources.
|
|
1. DPAA Queue Interface (HW interface between Queue Manager & SEC 4).
|
|
2. Job Rings (HW interface between cores & SEC 4 registers).
|
|
|
|
High Speed Data Path Configuration:
|
|
|
|
HW interface between QM & SEC 4 and also BM & SEC 4, on DPAA-enabled parts
|
|
such as the P4080. The number of simultaneous dequeues the QI can make is
|
|
equal to the number of Descriptor Controller (DECO) engines in a particular
|
|
SEC version. E.g., the SEC 4.0 in the P4080 has 5 DECOs and can thus
|
|
dequeue from 5 subportals simultaneously.
|
|
|
|
Job Ring Data Path Configuration:
|
|
|
|
Each JR is located on a separate 4k page, they may (or may not) be made visible
|
|
in the memory partition devoted to a particular core. The P4080 has 4 JRs, so
|
|
up to 4 JRs can be configured; and all 4 JRs process requests in parallel.
|
|
|
|
=====================================================================
|
|
SEC 4 Node
|
|
|
|
Description
|
|
|
|
Node defines the base address of the SEC 4 block.
|
|
This block specifies the address range of all global
|
|
configuration registers for the SEC 4 block. It
|
|
also receives interrupts from the Run Time Integrity Check
|
|
(RTIC) function within the SEC 4 block.
|
|
|
|
PROPERTIES
|
|
|
|
- compatible
|
|
Usage: required
|
|
Value type: <string>
|
|
Definition: Must include "fsl,sec-v4.0"
|
|
|
|
- fsl,sec-era
|
|
Usage: optional
|
|
Value type: <u32>
|
|
Definition: A standard property. Define the 'ERA' of the SEC
|
|
device.
|
|
|
|
- #address-cells
|
|
Usage: required
|
|
Value type: <u32>
|
|
Definition: A standard property. Defines the number of cells
|
|
for representing physical addresses in child nodes.
|
|
|
|
- #size-cells
|
|
Usage: required
|
|
Value type: <u32>
|
|
Definition: A standard property. Defines the number of cells
|
|
for representing the size of physical addresses in
|
|
child nodes.
|
|
|
|
- reg
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies the physical
|
|
address and length of the SEC4 configuration registers.
|
|
registers
|
|
|
|
- ranges
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies the physical address
|
|
range of the SEC 4.0 register space (-SNVS not included). A
|
|
triplet that includes the child address, parent address, &
|
|
length.
|
|
|
|
- interrupts
|
|
Usage: required
|
|
Value type: <prop_encoded-array>
|
|
Definition: Specifies the interrupts generated by this
|
|
device. The value of the interrupts property
|
|
consists of one interrupt specifier. The format
|
|
of the specifier is defined by the binding document
|
|
describing the node's interrupt parent.
|
|
|
|
- interrupt-parent
|
|
Usage: (required if interrupt property is defined)
|
|
Value type: <phandle>
|
|
Definition: A single <phandle> value that points
|
|
to the interrupt parent to which the child domain
|
|
is being mapped.
|
|
|
|
Note: All other standard properties (see the ePAPR) are allowed
|
|
but are optional.
|
|
|
|
|
|
EXAMPLE
|
|
crypto@300000 {
|
|
compatible = "fsl,sec-v4.0";
|
|
fsl,sec-era = <2>;
|
|
#address-cells = <1>;
|
|
#size-cells = <1>;
|
|
reg = <0x300000 0x10000>;
|
|
ranges = <0 0x300000 0x10000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <92 2>;
|
|
};
|
|
|
|
=====================================================================
|
|
Job Ring (JR) Node
|
|
|
|
Child of the crypto node defines data processing interface to SEC 4
|
|
across the peripheral bus for purposes of processing
|
|
cryptographic descriptors. The specified address
|
|
range can be made visible to one (or more) cores.
|
|
The interrupt defined for this node is controlled within
|
|
the address range of this node.
|
|
|
|
- compatible
|
|
Usage: required
|
|
Value type: <string>
|
|
Definition: Must include "fsl,sec-v4.0-job-ring"
|
|
|
|
- reg
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: Specifies a two JR parameters: an offset from
|
|
the parent physical address and the length the JR registers.
|
|
|
|
- fsl,liodn
|
|
Usage: optional-but-recommended
|
|
Value type: <prop-encoded-array>
|
|
Definition:
|
|
Specifies the LIODN to be used in conjunction with
|
|
the ppid-to-liodn table that specifies the PPID to LIODN mapping.
|
|
Needed if the PAMU is used. Value is a 12 bit value
|
|
where value is a LIODN ID for this JR. This property is
|
|
normally set by boot firmware.
|
|
|
|
- interrupts
|
|
Usage: required
|
|
Value type: <prop_encoded-array>
|
|
Definition: Specifies the interrupts generated by this
|
|
device. The value of the interrupts property
|
|
consists of one interrupt specifier. The format
|
|
of the specifier is defined by the binding document
|
|
describing the node's interrupt parent.
|
|
|
|
- interrupt-parent
|
|
Usage: (required if interrupt property is defined)
|
|
Value type: <phandle>
|
|
Definition: A single <phandle> value that points
|
|
to the interrupt parent to which the child domain
|
|
is being mapped.
|
|
|
|
EXAMPLE
|
|
jr@1000 {
|
|
compatible = "fsl,sec-v4.0-job-ring";
|
|
reg = <0x1000 0x1000>;
|
|
fsl,liodn = <0x081>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <88 2>;
|
|
};
|
|
|
|
|
|
=====================================================================
|
|
Run Time Integrity Check (RTIC) Node
|
|
|
|
Child node of the crypto node. Defines a register space that
|
|
contains up to 5 sets of addresses and their lengths (sizes) that
|
|
will be checked at run time. After an initial hash result is
|
|
calculated, these addresses are checked by HW to monitor any
|
|
change. If any memory is modified, a Security Violation is
|
|
triggered (see SNVS definition).
|
|
|
|
|
|
- compatible
|
|
Usage: required
|
|
Value type: <string>
|
|
Definition: Must include "fsl,sec-v4.0-rtic".
|
|
|
|
- #address-cells
|
|
Usage: required
|
|
Value type: <u32>
|
|
Definition: A standard property. Defines the number of cells
|
|
for representing physical addresses in child nodes. Must
|
|
have a value of 1.
|
|
|
|
- #size-cells
|
|
Usage: required
|
|
Value type: <u32>
|
|
Definition: A standard property. Defines the number of cells
|
|
for representing the size of physical addresses in
|
|
child nodes. Must have a value of 1.
|
|
|
|
- reg
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies a two parameters:
|
|
an offset from the parent physical address and the length
|
|
the SEC4 registers.
|
|
|
|
- ranges
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies the physical address
|
|
range of the SEC 4 register space (-SNVS not included). A
|
|
triplet that includes the child address, parent address, &
|
|
length.
|
|
|
|
EXAMPLE
|
|
rtic@6000 {
|
|
compatible = "fsl,sec-v4.0-rtic";
|
|
#address-cells = <1>;
|
|
#size-cells = <1>;
|
|
reg = <0x6000 0x100>;
|
|
ranges = <0x0 0x6100 0xe00>;
|
|
};
|
|
|
|
=====================================================================
|
|
Run Time Integrity Check (RTIC) Memory Node
|
|
A child node that defines individual RTIC memory regions that are used to
|
|
perform run-time integrity check of memory areas that should not modified.
|
|
The node defines a register that contains the memory address &
|
|
length (combined) and a second register that contains the hash result
|
|
in big endian format.
|
|
|
|
- compatible
|
|
Usage: required
|
|
Value type: <string>
|
|
Definition: Must include "fsl,sec-v4.0-rtic-memory".
|
|
|
|
- reg
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies two parameters:
|
|
an offset from the parent physical address and the length:
|
|
|
|
1. The location of the RTIC memory address & length registers.
|
|
2. The location RTIC hash result.
|
|
|
|
- fsl,rtic-region
|
|
Usage: optional-but-recommended
|
|
Value type: <prop-encoded-array>
|
|
Definition:
|
|
Specifies the HW address (36 bit address) for this region
|
|
followed by the length of the HW partition to be checked;
|
|
the address is represented as a 64 bit quantity followed
|
|
by a 32 bit length.
|
|
|
|
- fsl,liodn
|
|
Usage: optional-but-recommended
|
|
Value type: <prop-encoded-array>
|
|
Definition:
|
|
Specifies the LIODN to be used in conjunction with
|
|
the ppid-to-liodn table that specifies the PPID to LIODN
|
|
mapping. Needed if the PAMU is used. Value is a 12 bit value
|
|
where value is a LIODN ID for this RTIC memory region. This
|
|
property is normally set by boot firmware.
|
|
|
|
EXAMPLE
|
|
rtic-a@0 {
|
|
compatible = "fsl,sec-v4.0-rtic-memory";
|
|
reg = <0x00 0x20 0x100 0x80>;
|
|
fsl,liodn = <0x03c>;
|
|
fsl,rtic-region = <0x12345678 0x12345678 0x12345678>;
|
|
};
|
|
|
|
=====================================================================
|
|
Secure Non-Volatile Storage (SNVS) Node
|
|
|
|
Node defines address range and the associated
|
|
interrupt for the SNVS function. This function
|
|
monitors security state information & reports
|
|
security violations.
|
|
|
|
- compatible
|
|
Usage: required
|
|
Value type: <string>
|
|
Definition: Must include "fsl,sec-v4.0-mon".
|
|
|
|
- reg
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies the physical
|
|
address and length of the SEC4 configuration
|
|
registers.
|
|
|
|
- #address-cells
|
|
Usage: required
|
|
Value type: <u32>
|
|
Definition: A standard property. Defines the number of cells
|
|
for representing physical addresses in child nodes. Must
|
|
have a value of 1.
|
|
|
|
- #size-cells
|
|
Usage: required
|
|
Value type: <u32>
|
|
Definition: A standard property. Defines the number of cells
|
|
for representing the size of physical addresses in
|
|
child nodes. Must have a value of 1.
|
|
|
|
- ranges
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies the physical address
|
|
range of the SNVS register space. A triplet that includes
|
|
the child address, parent address, & length.
|
|
|
|
- interrupts
|
|
Usage: required
|
|
Value type: <prop_encoded-array>
|
|
Definition: Specifies the interrupts generated by this
|
|
device. The value of the interrupts property
|
|
consists of one interrupt specifier. The format
|
|
of the specifier is defined by the binding document
|
|
describing the node's interrupt parent.
|
|
|
|
- interrupt-parent
|
|
Usage: (required if interrupt property is defined)
|
|
Value type: <phandle>
|
|
Definition: A single <phandle> value that points
|
|
to the interrupt parent to which the child domain
|
|
is being mapped.
|
|
|
|
EXAMPLE
|
|
sec_mon@314000 {
|
|
compatible = "fsl,sec-v4.0-mon";
|
|
reg = <0x314000 0x1000>;
|
|
ranges = <0 0x314000 0x1000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <93 2>;
|
|
};
|
|
|
|
=====================================================================
|
|
Secure Non-Volatile Storage (SNVS) Low Power (LP) RTC Node
|
|
|
|
A SNVS child node that defines SNVS LP RTC.
|
|
|
|
- compatible
|
|
Usage: required
|
|
Value type: <string>
|
|
Definition: Must include "fsl,sec-v4.0-mon-rtc-lp".
|
|
|
|
- reg
|
|
Usage: required
|
|
Value type: <prop-encoded-array>
|
|
Definition: A standard property. Specifies the physical
|
|
address and length of the SNVS LP configuration registers.
|
|
|
|
EXAMPLE
|
|
sec_mon_rtc_lp@314000 {
|
|
compatible = "fsl,sec-v4.0-mon-rtc-lp";
|
|
reg = <0x34 0x58>;
|
|
};
|
|
|
|
=====================================================================
|
|
FULL EXAMPLE
|
|
|
|
crypto: crypto@300000 {
|
|
compatible = "fsl,sec-v4.0";
|
|
#address-cells = <1>;
|
|
#size-cells = <1>;
|
|
reg = <0x300000 0x10000>;
|
|
ranges = <0 0x300000 0x10000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <92 2>;
|
|
|
|
sec_jr0: jr@1000 {
|
|
compatible = "fsl,sec-v4.0-job-ring";
|
|
reg = <0x1000 0x1000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <88 2>;
|
|
};
|
|
|
|
sec_jr1: jr@2000 {
|
|
compatible = "fsl,sec-v4.0-job-ring";
|
|
reg = <0x2000 0x1000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <89 2>;
|
|
};
|
|
|
|
sec_jr2: jr@3000 {
|
|
compatible = "fsl,sec-v4.0-job-ring";
|
|
reg = <0x3000 0x1000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <90 2>;
|
|
};
|
|
|
|
sec_jr3: jr@4000 {
|
|
compatible = "fsl,sec-v4.0-job-ring";
|
|
reg = <0x4000 0x1000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <91 2>;
|
|
};
|
|
|
|
rtic@6000 {
|
|
compatible = "fsl,sec-v4.0-rtic";
|
|
#address-cells = <1>;
|
|
#size-cells = <1>;
|
|
reg = <0x6000 0x100>;
|
|
ranges = <0x0 0x6100 0xe00>;
|
|
|
|
rtic_a: rtic-a@0 {
|
|
compatible = "fsl,sec-v4.0-rtic-memory";
|
|
reg = <0x00 0x20 0x100 0x80>;
|
|
};
|
|
|
|
rtic_b: rtic-b@20 {
|
|
compatible = "fsl,sec-v4.0-rtic-memory";
|
|
reg = <0x20 0x20 0x200 0x80>;
|
|
};
|
|
|
|
rtic_c: rtic-c@40 {
|
|
compatible = "fsl,sec-v4.0-rtic-memory";
|
|
reg = <0x40 0x20 0x300 0x80>;
|
|
};
|
|
|
|
rtic_d: rtic-d@60 {
|
|
compatible = "fsl,sec-v4.0-rtic-memory";
|
|
reg = <0x60 0x20 0x500 0x80>;
|
|
};
|
|
};
|
|
};
|
|
|
|
sec_mon: sec_mon@314000 {
|
|
compatible = "fsl,sec-v4.0-mon";
|
|
reg = <0x314000 0x1000>;
|
|
ranges = <0 0x314000 0x1000>;
|
|
interrupt-parent = <&mpic>;
|
|
interrupts = <93 2>;
|
|
|
|
sec_mon_rtc_lp@34 {
|
|
compatible = "fsl,sec-v4.0-mon-rtc-lp";
|
|
reg = <0x34 0x58>;
|
|
};
|
|
};
|
|
|
|
=====================================================================
|