| /kernel/linux/linux-5.10/Documentation/devicetree/bindings/arm/ |
| D | secure.txt | 1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
|
| /kernel/linux/linux-6.6/Documentation/devicetree/bindings/arm/ |
| D | secure.txt | 1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
|
| /kernel/linux/linux-5.10/Documentation/powerpc/ |
| D | ultravisor.rst | 15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
63 the VM it is returning to is secure.
73 **Secure Mode MSR Settings**
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
104 * The hardware does not allow anything that is not running secure to
105 access secure memory. This means that the Hypervisor cannot access
110 * I/O systems are not allowed to directly address secure memory. This
[all …]
|
| /kernel/linux/linux-6.6/Documentation/powerpc/ |
| D | ultravisor.rst | 15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
63 the VM it is returning to is secure.
73 **Secure Mode MSR Settings**
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
104 * The hardware does not allow anything that is not running secure to
105 access secure memory. This means that the Hypervisor cannot access
110 * I/O systems are not allowed to directly address secure memory. This
[all …]
|
| /kernel/linux/linux-5.10/arch/powerpc/kvm/ |
| D | book3s_hv_uvmem.c | 3 * Secure pages management: Migration of pages between normal and secure
10 * A pseries guest can be run as secure guest on Ultravisor-enabled
13 * hypervisor (HV) and secure memory managed by Ultravisor (UV).
18 * Private ZONE_DEVICE memory equal to the amount of secure memory
19 * available in the platform for running secure guests is hotplugged.
20 * Whenever a page belonging to the guest becomes secure, a page from this
21 * private device memory is used to represent and track that secure page
36 * UV(secure) and vice versa. So the serialization points are around
40 * fault path as page-out can occur when HV faults on accessing secure
44 * by HV touching secure pages is very very low. If an when UV supports
[all …]
|
| /kernel/linux/linux-6.6/arch/powerpc/kvm/ |
| D | book3s_hv_uvmem.c | 3 * Secure pages management: Migration of pages between normal and secure
10 * A pseries guest can be run as secure guest on Ultravisor-enabled
13 * hypervisor (HV) and secure memory managed by Ultravisor (UV).
18 * Private ZONE_DEVICE memory equal to the amount of secure memory
19 * available in the platform for running secure guests is hotplugged.
20 * Whenever a page belonging to the guest becomes secure, a page from this
21 * private device memory is used to represent and track that secure page
36 * UV(secure) and vice versa. So the serialization points are around
40 * fault path as page-out can occur when HV faults on accessing secure
44 * by HV touching secure pages is very very low. If an when UV supports
[all …]
|
| /kernel/linux/linux-6.6/Documentation/devicetree/bindings/crypto/ |
| D | inside-secure-safexcel.txt | 1 Inside Secure SafeXcel cryptographic engine
4 - compatible: Should be "inside-secure,safexcel-eip197b",
5 "inside-secure,safexcel-eip197d" or
6 "inside-secure,safexcel-eip97ies".
21 - "inside-secure,safexcel-eip197" is equivalent to
22 "inside-secure,safexcel-eip197b".
23 - "inside-secure,safexcel-eip97" is equivalent to
24 "inside-secure,safexcel-eip97ies".
29 compatible = "inside-secure,safexcel-eip197b";
|
| /kernel/linux/linux-5.10/Documentation/devicetree/bindings/crypto/ |
| D | inside-secure-safexcel.txt | 1 Inside Secure SafeXcel cryptographic engine
4 - compatible: Should be "inside-secure,safexcel-eip197b",
5 "inside-secure,safexcel-eip197d" or
6 "inside-secure,safexcel-eip97ies".
21 - "inside-secure,safexcel-eip197" is equivalent to
22 "inside-secure,safexcel-eip197b".
23 - "inside-secure,safexcel-eip97" is equivalent to
24 "inside-secure,safexcel-eip97ies".
29 compatible = "inside-secure,safexcel-eip197b";
|
| /kernel/linux/linux-5.10/Documentation/devicetree/bindings/iommu/ |
| D | qcom,iommu.txt | 6 to non-secure vs secure interrupt line.
31 - qcom,iommu-secure-id : secure-id.
37 - "qcom,msm-iommu-v1-ns" : non-secure context bank
38 - "qcom,msm-iommu-v1-sec" : secure context bank
46 for routing of context bank irq's to secure vs non-
47 secure lines. (Ie. if the iommu contains secure
63 qcom,iommu-secure-id = <17>;
89 qcom,iommu-secure-id = <18>;
|
| /kernel/linux/linux-5.10/arch/arm/common/ |
| D | secure_cntvoff.S | 5 * Initialization of CNTVOFF register from secure mode
15 * CNTVOFF has to be initialized either from non-secure Hypervisor
16 * mode or secure Monitor mode with SCR.NS==1. If TrustZone is enabled
17 * then it should be handled by the secure code. The CPU must implement
21 mrc p15, 0, r1, c1, c1, 0 /* Get Secure Config */
23 mcr p15, 0, r0, c1, c1, 0 /* Set Non Secure bit */
28 mcr p15, 0, r1, c1, c1, 0 /* Set Secure bit */
|
| /kernel/linux/linux-6.6/arch/arm/common/ |
| D | secure_cntvoff.S | 5 * Initialization of CNTVOFF register from secure mode
15 * CNTVOFF has to be initialized either from non-secure Hypervisor
16 * mode or secure Monitor mode with SCR.NS==1. If TrustZone is enabled
17 * then it should be handled by the secure code. The CPU must implement
21 mrc p15, 0, r1, c1, c1, 0 /* Get Secure Config */
23 mcr p15, 0, r0, c1, c1, 0 /* Set Non Secure bit */
28 mcr p15, 0, r1, c1, c1, 0 /* Set Secure bit */
|
| /kernel/linux/linux-6.6/Documentation/devicetree/bindings/mailbox/ |
| D | ti,secure-proxy.yaml | 4 $id: http://devicetree.org/schemas/mailbox/ti,secure-proxy.yaml#
7 title: Texas Instruments' Secure Proxy
13 The Texas Instruments' secure proxy is a mailbox controller that has
25 const: ti,am654-secure-proxy
30 Contains the secure proxy thread ID used for the specific transfer path.
48 secure proxy thread in the form 'rx_<PID>'.
54 Contains the interrupt information for the Rx interrupt path for secure
71 compatible = "ti,am654-secure-proxy";
|
| /kernel/linux/linux-5.10/include/net/ |
| D | macsec.h | 103 * struct macsec_rx_sa - receive secure association
108 * @ssci: short secure channel identifier
137 * struct macsec_rx_sc - receive secure channel
138 * @sci: secure channel identifier for this SC
140 * @sa: array of secure associations
154 * struct macsec_tx_sa - transmit secure association
159 * @ssci: short secure channel identifier
177 * struct macsec_tx_sc - transmit secure channel
184 * @sa: array of secure associations
201 * @n_rx_sc: number of receive secure channels configured on this SecY
[all …]
|
| /kernel/linux/linux-6.6/arch/arm/mach-omap2/ |
| D | omap-secure.h | 3 * omap-secure.h: OMAP Secure infrastructure header.
23 /* Secure HAL API flags */
30 /* Maximum Secure memory storage size */
35 /* Secure low power HAL API index */
41 /* Secure Monitor mode APIs */
52 /* Secure PPA(Primary Protected Application) APIs */
60 /* Secure RX-51 PPA (Primary Protected Application) APIs */
|
| D | omap-smc.S | 3 * OMAP34xx and OMAP44xx secure APIs file.
15 * This is common routine to manage secure monitor API
16 * used to modify the PL310 secure registers.
36 * Low level common routine for secure HAL and PPA APIs.
48 mov r12, #0x00 @ Secure Service ID
59 * Low level common routine for secure HAL and PPA APIs via smc #1
60 * r0 - @service_id: Secure Service ID
67 mov r12, r0 @ Copy the secure service ID
|
| /kernel/linux/linux-6.6/drivers/tee/optee/ |
| D | optee_smc.h | 75 * Used by non-secure world to figure out which Trusted OS is installed.
88 * Used by non-secure world to figure out which version of the Trusted OS
142 * 2. Non-secure interrupts should not be masked
206 * Returns the Secure/Non-secure shared memory config.
238 * Exchanges capabilities between normal world and secure world
248 * a1 bitfield of secure world capabilities OPTEE_SMC_SEC_CAP_*
249 * a2 The maximum secure world notification number
258 * a1 bitfield of secure world capabilities OPTEE_SMC_SEC_CAP_*
263 /* Secure world has reserved shared memory for normal world to use */
265 /* Secure world can communicate via previously unregistered shared memory */
[all …]
|
| /kernel/linux/linux-5.10/arch/arm/mach-omap2/ |
| D | omap-secure.h | 3 * omap-secure.h: OMAP Secure infrastructure header.
23 /* Secure HAL API flags */
30 /* Maximum Secure memory storage size */
35 /* Secure low power HAL API index */
41 /* Secure Monitor mode APIs */
52 /* Secure PPA(Primary Protected Application) APIs */
60 /* Secure RX-51 PPA (Primary Protected Application) APIs */
|
| D | omap-smc.S | 3 * OMAP34xx and OMAP44xx secure APIs file.
15 * This is common routine to manage secure monitor API
16 * used to modify the PL310 secure registers.
36 * Low level common routine for secure HAL and PPA APIs.
48 mov r12, #0x00 @ Secure Service ID
59 * Low level common routine for secure HAL and PPA APIs via smc #1
60 * r0 - @service_id: Secure Service ID
67 mov r12, r0 @ Copy the secure service ID
|
| /kernel/linux/linux-5.10/drivers/tee/optee/ |
| D | optee_smc.h | 75 * Used by non-secure world to figure out which Trusted OS is installed.
88 * Used by non-secure world to figure out which version of the Trusted OS
155 * Returns the Secure/Non-secure shared memory config.
187 * Exchanges capabilities between normal world and secure world
197 * a1 bitfield of secure world capabilities OPTEE_SMC_SEC_CAP_*
202 * a1 bitfield of secure world capabilities OPTEE_SMC_SEC_CAP_*
207 /* Secure world has reserved shared memory for normal world to use */
209 /* Secure world can communicate via previously unregistered shared memory */
213 * Secure world supports commands "register/unregister shared memory",
214 * secure world accepts command buffers located in any parts of non-secure RAM
[all …]
|
| /kernel/linux/linux-5.10/arch/s390/include/uapi/asm/ |
| D | pkey.h | 23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
78 /* Struct to hold a CCA AES secure key blob */
80 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
110 * Generate CCA AES secure key.
116 struct pkey_seckey seckey; /* out: the secure key blob */
121 * Construct CCA AES secure key from clear key value
128 struct pkey_seckey seckey; /* out: the secure key blob */
133 * Fabricate AES protected key from a CCA AES secure key
138 struct pkey_seckey seckey; /* in: the secure key blob */
155 * Verification Pattern provided inside a CCA AES secure key.
[all …]
|
| /kernel/linux/linux-6.6/arch/s390/include/uapi/asm/ |
| D | pkey.h | 23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
83 /* Struct to hold a CCA AES secure key blob */
85 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
115 * Generate CCA AES secure key.
121 struct pkey_seckey seckey; /* out: the secure key blob */
126 * Construct CCA AES secure key from clear key value
133 struct pkey_seckey seckey; /* out: the secure key blob */
138 * Fabricate AES protected key from a CCA AES secure key
143 struct pkey_seckey seckey; /* in: the secure key blob */
160 * Verification Pattern provided inside a CCA AES secure key.
[all …]
|
| /kernel/linux/linux-6.6/include/net/ |
| D | macsec.h | 119 * struct macsec_rx_sa - receive secure association
124 * @ssci: short secure channel identifier
153 * struct macsec_rx_sc - receive secure channel
154 * @sci: secure channel identifier for this SC
156 * @sa: array of secure associations
170 * struct macsec_tx_sa - transmit secure association
175 * @ssci: short secure channel identifier
193 * struct macsec_tx_sc - transmit secure channel
200 * @sa: array of secure associations
219 * @n_rx_sc: number of receive secure channels configured on this SecY
[all …]
|
| /kernel/linux/linux-5.10/Documentation/devicetree/bindings/arm/amlogic/ |
| D | amlogic,meson-gx-ao-secure.yaml | 5 $id: "http://devicetree.org/schemas/arm/amlogic/amlogic,meson-gx-ao-secure.yaml#"
15 secure firmware.
22 const: amlogic,meson-gx-ao-secure
29 - const: amlogic,meson-gx-ao-secure
50 ao-secure@140 {
51 compatible = "amlogic,meson-gx-ao-secure", "syscon";
|
| /kernel/linux/linux-6.6/Documentation/devicetree/bindings/arm/amlogic/ |
| D | amlogic,meson-gx-ao-secure.yaml | 5 $id: http://devicetree.org/schemas/arm/amlogic/amlogic,meson-gx-ao-secure.yaml#
15 secure firmware.
22 const: amlogic,meson-gx-ao-secure
29 - const: amlogic,meson-gx-ao-secure
50 ao-secure@140 {
51 compatible = "amlogic,meson-gx-ao-secure", "syscon";
|
| /kernel/linux/linux-5.10/include/linux/firmware/intel/ |
| D | stratix10-smc.h | 13 * This file defines the Secure Monitor Call (SMC) message protocol used for
14 * service layer driver in normal world (EL1) to communicate with secure
15 * monitor software in Secure Monitor Exception Level 3 (EL3).
17 * This file is shared with secure firmware (FW) which is out of kernel tree.
21 * value. The operation of the secure monitor is determined by the parameter
31 * STD call starts a operation which can be preempted by a non-secure
54 * Secure monitor software doesn't recognize the request.
57 * Secure monitor software accepts the service client's request.
60 * Secure monitor software is still processing service client's request.
63 * Secure monitor software reject the service client's request.
[all …]
|