| ===================================================================== |
| SEC 4 Device Tree Binding |
| Copyright (C) 2008-2011 Freescale Semiconductor Inc. |
| Copyright 2017 NXP |
| |
| CONTENTS |
| -Overview |
| -SEC 4 Node |
| -Job Ring Node |
| -Run Time Integrity Check (RTIC) Node |
| -Run Time Integrity Check (RTIC) Memory Node |
| -Secure Non-Volatile Storage (SNVS) Node |
| -Secure Non-Volatile Storage (SNVS) Low Power (LP) RTC Node |
| -CAAM Secure Memory Storage Interface |
| -Full Example |
| |
| NOTE: the SEC 4 is also known as Freescale's Cryptographic Accelerator |
| Accelerator and Assurance Module (CAAM). |
| |
| ===================================================================== |
| Overview |
| |
| DESCRIPTION |
| |
| SEC 4 h/w can process requests from 2 types of sources. |
| 1. DPAA Queue Interface (HW interface between Queue Manager & SEC 4). |
| 2. Job Rings (HW interface between cores & SEC 4 registers). |
| |
| High Speed Data Path Configuration: |
| |
| HW interface between QM & SEC 4 and also BM & SEC 4, on DPAA-enabled parts |
| such as the P4080. The number of simultaneous dequeues the QI can make is |
| equal to the number of Descriptor Controller (DECO) engines in a particular |
| SEC version. E.g., the SEC 4.0 in the P4080 has 5 DECOs and can thus |
| dequeue from 5 subportals simultaneously. |
| |
| Job Ring Data Path Configuration: |
| |
| Each JR is located on a separate 4k page, they may (or may not) be made visible |
| in the memory partition devoted to a particular core. The P4080 has 4 JRs, so |
| up to 4 JRs can be configured; and all 4 JRs process requests in parallel. |
| |
| ===================================================================== |
| SEC 4 Node |
| |
| Description |
| |
| Node defines the base address of the SEC 4 block. |
| This block specifies the address range of all global |
| configuration registers for the SEC 4 block. It |
| also receives interrupts from the Run Time Integrity Check |
| (RTIC) function within the SEC 4 block. |
| |
| PROPERTIES |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0" |
| |
| - fsl,sec-era |
| Usage: optional |
| Value type: <u32> |
| Definition: A standard property. Define the 'ERA' of the SEC |
| device. |
| |
| - #address-cells |
| Usage: required |
| Value type: <u32> |
| Definition: A standard property. Defines the number of cells |
| for representing physical addresses in child nodes. |
| |
| - #size-cells |
| Usage: required |
| Value type: <u32> |
| Definition: A standard property. Defines the number of cells |
| for representing the size of physical addresses in |
| child nodes. |
| |
| - reg |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the physical |
| address and length of the SEC4 configuration registers. |
| registers |
| |
| - ranges |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the physical address |
| range of the SEC 4.0 register space (-SNVS not included). A |
| triplet that includes the child address, parent address, & |
| length. |
| |
| - interrupts |
| Usage: required |
| Value type: <prop_encoded-array> |
| Definition: Specifies the interrupts generated by this |
| device. The value of the interrupts property |
| consists of one interrupt specifier. The format |
| of the specifier is defined by the binding document |
| describing the node's interrupt parent. |
| |
| - interrupt-parent |
| Usage: (required if interrupt property is defined) |
| Value type: <phandle> |
| Definition: A single <phandle> value that points |
| to the interrupt parent to which the child domain |
| is being mapped. |
| |
| - clocks |
| Usage: required if SEC 4.0 requires explicit enablement of clocks |
| Value type: <prop_encoded-array> |
| Definition: A list of phandle and clock specifier pairs describing |
| the clocks required for enabling and disabling SEC 4.0. |
| |
| - clock-names |
| Usage: required if SEC 4.0 requires explicit enablement of clocks |
| Value type: <string> |
| Definition: A list of clock name strings in the same order as the |
| clocks property. |
| |
| - first-jr-index |
| Usage: required only for i.MX8QM and i.MX8QXP |
| Value type: <u32> |
| Definition: Specifies the first job ring index assigned to kernel |
| to read aliased register since CAAM page 0 is not accessible. |
| |
| Note: All other standard properties (see the ePAPR) are allowed |
| but are optional. |
| |
| |
| EXAMPLE |
| crypto@300000 { |
| compatible = "fsl,sec-v4.0"; |
| fsl,sec-era = <2>; |
| #address-cells = <1>; |
| #size-cells = <1>; |
| reg = <0x300000 0x10000>; |
| ranges = <0 0x300000 0x10000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <92 2>; |
| clocks = <&clks IMX6QDL_CLK_CAAM_MEM>, |
| <&clks IMX6QDL_CLK_CAAM_ACLK>, |
| <&clks IMX6QDL_CLK_CAAM_IPG>, |
| <&clks IMX6QDL_CLK_EIM_SLOW>; |
| clock-names = "mem", "aclk", "ipg", "emi_slow"; |
| }; |
| |
| ===================================================================== |
| SEC 4 Page 0 |
| |
| Description |
| |
| Most of CAAM's configuration registers are accessible in block0 |
| of CAAM's register space. These registers are intended to be |
| accessed by specially privileged software (e.g. boot software, |
| hypervisor, secure operating system). |
| |
| PROPERTIES |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0-ctrl". |
| |
| - reg |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the physical |
| address and length of the SEC4 configuration registers. |
| |
| - secure-status |
| Usage: required |
| Value type: <string> |
| Definition: Must include "okay". |
| |
| - status |
| Usage: required |
| Value type: <string> |
| Definition: Must include "disabled". |
| |
| EXAMPLE |
| sec_ctrl: ctrl@0 { |
| /* CAAM Page 0 only accessible */ |
| /* by secure world */ |
| compatible = "fsl,sec-v4.0-ctrl"; |
| reg = <0x2100000 0x1000>; |
| secure-status = "okay"; |
| status = "disabled"; |
| }; |
| |
| ===================================================================== |
| Job Ring (JR) Node |
| |
| Child of the crypto node defines data processing interface to SEC 4 |
| across the peripheral bus for purposes of processing |
| cryptographic descriptors. The specified address |
| range can be made visible to one (or more) cores. |
| The interrupt defined for this node is controlled within |
| the address range of this node. |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0-job-ring" |
| |
| - reg |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: Specifies a two JR parameters: an offset from |
| the parent physical address and the length the JR registers. |
| |
| - fsl,liodn |
| Usage: optional-but-recommended |
| Value type: <prop-encoded-array> |
| Definition: |
| Specifies the LIODN to be used in conjunction with |
| the ppid-to-liodn table that specifies the PPID to LIODN mapping. |
| Needed if the PAMU is used. Value is a 12 bit value |
| where value is a LIODN ID for this JR. This property is |
| normally set by boot firmware. |
| |
| - interrupts |
| Usage: required |
| Value type: <prop_encoded-array> |
| Definition: Specifies the interrupts generated by this |
| device. The value of the interrupts property |
| consists of one interrupt specifier. The format |
| of the specifier is defined by the binding document |
| describing the node's interrupt parent. |
| |
| - interrupt-parent |
| Usage: (required if interrupt property is defined) |
| Value type: <phandle> |
| Definition: A single <phandle> value that points |
| to the interrupt parent to which the child domain |
| is being mapped. |
| |
| EXAMPLE |
| jr@1000 { |
| compatible = "fsl,sec-v4.0-job-ring"; |
| reg = <0x1000 0x1000>; |
| fsl,liodn = <0x081>; |
| interrupt-parent = <&mpic>; |
| interrupts = <88 2>; |
| }; |
| |
| |
| ===================================================================== |
| Run Time Integrity Check (RTIC) Node |
| |
| Child node of the crypto node. Defines a register space that |
| contains up to 5 sets of addresses and their lengths (sizes) that |
| will be checked at run time. After an initial hash result is |
| calculated, these addresses are checked by HW to monitor any |
| change. If any memory is modified, a Security Violation is |
| triggered (see SNVS definition). |
| |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0-rtic". |
| |
| - #address-cells |
| Usage: required |
| Value type: <u32> |
| Definition: A standard property. Defines the number of cells |
| for representing physical addresses in child nodes. Must |
| have a value of 1. |
| |
| - #size-cells |
| Usage: required |
| Value type: <u32> |
| Definition: A standard property. Defines the number of cells |
| for representing the size of physical addresses in |
| child nodes. Must have a value of 1. |
| |
| - reg |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies a two parameters: |
| an offset from the parent physical address and the length |
| the SEC4 registers. |
| |
| - ranges |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the physical address |
| range of the SEC 4 register space (-SNVS not included). A |
| triplet that includes the child address, parent address, & |
| length. |
| |
| EXAMPLE |
| rtic@6000 { |
| compatible = "fsl,sec-v4.0-rtic"; |
| #address-cells = <1>; |
| #size-cells = <1>; |
| reg = <0x6000 0x100>; |
| ranges = <0x0 0x6100 0xe00>; |
| }; |
| |
| ===================================================================== |
| Run Time Integrity Check (RTIC) Memory Node |
| A child node that defines individual RTIC memory regions that are used to |
| perform run-time integrity check of memory areas that should not modified. |
| The node defines a register that contains the memory address & |
| length (combined) and a second register that contains the hash result |
| in big endian format. |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0-rtic-memory". |
| |
| - reg |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies two parameters: |
| an offset from the parent physical address and the length: |
| |
| 1. The location of the RTIC memory address & length registers. |
| 2. The location RTIC hash result. |
| |
| - fsl,rtic-region |
| Usage: optional-but-recommended |
| Value type: <prop-encoded-array> |
| Definition: |
| Specifies the HW address (36 bit address) for this region |
| followed by the length of the HW partition to be checked; |
| the address is represented as a 64 bit quantity followed |
| by a 32 bit length. |
| |
| - fsl,liodn |
| Usage: optional-but-recommended |
| Value type: <prop-encoded-array> |
| Definition: |
| Specifies the LIODN to be used in conjunction with |
| the ppid-to-liodn table that specifies the PPID to LIODN |
| mapping. Needed if the PAMU is used. Value is a 12 bit value |
| where value is a LIODN ID for this RTIC memory region. This |
| property is normally set by boot firmware. |
| |
| EXAMPLE |
| rtic-a@0 { |
| compatible = "fsl,sec-v4.0-rtic-memory"; |
| reg = <0x00 0x20 0x100 0x80>; |
| fsl,liodn = <0x03c>; |
| fsl,rtic-region = <0x12345678 0x12345678 0x12345678>; |
| }; |
| |
| ===================================================================== |
| Secure Non-Volatile Storage (SNVS) Node |
| |
| Node defines address range and the associated |
| interrupt for the SNVS function. This function |
| monitors security state information & reports |
| security violations. This also included rtc, |
| system power off and ON/OFF key. |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0-mon" and "syscon". |
| |
| - reg |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the physical |
| address and length of the SEC4 configuration |
| registers. |
| |
| - #address-cells |
| Usage: required |
| Value type: <u32> |
| Definition: A standard property. Defines the number of cells |
| for representing physical addresses in child nodes. Must |
| have a value of 1. |
| |
| - #size-cells |
| Usage: required |
| Value type: <u32> |
| Definition: A standard property. Defines the number of cells |
| for representing the size of physical addresses in |
| child nodes. Must have a value of 1. |
| |
| - ranges |
| Usage: required |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the physical address |
| range of the SNVS register space. A triplet that includes |
| the child address, parent address, & length. |
| |
| - interrupts |
| Usage: optional |
| Value type: <prop_encoded-array> |
| Definition: Specifies the interrupts generated by this |
| device. The value of the interrupts property |
| consists of one interrupt specifier. The format |
| of the specifier is defined by the binding document |
| describing the node's interrupt parent. |
| |
| - interrupt-parent |
| Usage: (required if interrupt property is defined) |
| Value type: <phandle> |
| Definition: A single <phandle> value that points |
| to the interrupt parent to which the child domain |
| is being mapped. |
| |
| EXAMPLE |
| sec_mon@314000 { |
| compatible = "fsl,sec-v4.0-mon", "syscon"; |
| reg = <0x314000 0x1000>; |
| ranges = <0 0x314000 0x1000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <93 2>; |
| }; |
| |
| ===================================================================== |
| Secure Non-Volatile Storage (SNVS) Low Power (LP) RTC Node |
| |
| A SNVS child node that defines SNVS LP RTC. |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,sec-v4.0-mon-rtc-lp". |
| |
| - interrupts |
| Usage: required |
| Value type: <prop_encoded-array> |
| Definition: Specifies the interrupts generated by this |
| device. The value of the interrupts property |
| consists of one interrupt specifier. The format |
| of the specifier is defined by the binding document |
| describing the node's interrupt parent. |
| |
| - regmap |
| Usage: required |
| Value type: <phandle> |
| Definition: this is phandle to the register map node. |
| |
| - offset |
| Usage: option |
| value type: <u32> |
| Definition: LP register offset. default it is 0x34. |
| |
| - clocks |
| Usage: optional |
| Value type: <prop-encoded-array> |
| Definition: A standard property. Specifies the source clock for |
| snvs register access. If i.MX clk driver defines the clock node, |
| it needs user to specify the clocks in device tree for all modules |
| with snvs LP/HP registers access. The modules involved snvs LP/HP |
| registers access are snvs-power key, snvs-rtc, and caam. |
| |
| EXAMPLE |
| sec_mon_rtc_lp@1 { |
| compatible = "fsl,sec-v4.0-mon-rtc-lp"; |
| interrupts = <93 2>; |
| regmap = <&snvs>; |
| offset = <0x34>; |
| }; |
| |
| ===================================================================== |
| System ON/OFF key driver |
| |
| The snvs-pwrkey is designed to enable POWER key function which controlled |
| by SNVS ONOFF, the driver can report the status of POWER key and wakeup |
| system if pressed after system suspend. |
| |
| - compatible: |
| Usage: required |
| Value type: <string> |
| Definition: Mush include "fsl,sec-v4.0-pwrkey". |
| |
| - interrupts: |
| Usage: required |
| Value type: <prop_encoded-array> |
| Definition: The SNVS ON/OFF interrupt number to the CPU(s). |
| |
| - linux,keycode: |
| Usage: option |
| Value type: <int> |
| Definition: Keycode to emit, KEY_POWER by default. |
| |
| - wakeup-source: |
| Usage: option |
| Value type: <boo> |
| Definition: Button can wake-up the system. |
| |
| - regmap: |
| Usage: required: |
| Value type: <phandle> |
| Definition: this is phandle to the register map node. |
| |
| EXAMPLE: |
| snvs-pwrkey@0x020cc000 { |
| compatible = "fsl,sec-v4.0-pwrkey"; |
| regmap = <&snvs>; |
| interrupts = <0 4 0x4> |
| linux,keycode = <116>; /* KEY_POWER */ |
| wakeup-source; |
| }; |
| |
| ===================================================================== |
| CAAM Secure Memory Storage Interface |
| |
| A CAAM-SM child node that defines Secure Memory. |
| |
| - compatible |
| Usage: required |
| Value type: <string> |
| Definition: Must include "fsl,imx6q-caam-sm". |
| |
| - regmap |
| Usage: required |
| Value type: <phandle> |
| Definition: this is phandle to the register map node. |
| |
| EXAMPLE |
| caam_sm: caam-sm@31800000 { |
| compatible = "fsl,imx6q-caam-sm"; |
| reg = <0 0x31800000 0 0x1ffff>; |
| }; |
| |
| ===================================================================== |
| FULL EXAMPLE |
| |
| crypto: crypto@300000 { |
| compatible = "fsl,sec-v4.0"; |
| #address-cells = <1>; |
| #size-cells = <1>; |
| reg = <0x300000 0x10000>; |
| ranges = <0 0x300000 0x10000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <92 2>; |
| |
| sec_jr0: jr@1000 { |
| compatible = "fsl,sec-v4.0-job-ring"; |
| reg = <0x1000 0x1000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <88 2>; |
| }; |
| |
| sec_jr1: jr@2000 { |
| compatible = "fsl,sec-v4.0-job-ring"; |
| reg = <0x2000 0x1000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <89 2>; |
| }; |
| |
| sec_jr2: jr@3000 { |
| compatible = "fsl,sec-v4.0-job-ring"; |
| reg = <0x3000 0x1000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <90 2>; |
| }; |
| |
| sec_jr3: jr@4000 { |
| compatible = "fsl,sec-v4.0-job-ring"; |
| reg = <0x4000 0x1000>; |
| interrupt-parent = <&mpic>; |
| interrupts = <91 2>; |
| }; |
| |
| rtic@6000 { |
| compatible = "fsl,sec-v4.0-rtic"; |
| #address-cells = <1>; |
| #size-cells = <1>; |
| reg = <0x6000 0x100>; |
| ranges = <0x0 0x6100 0xe00>; |
| |
| rtic_a: rtic-a@0 { |
| compatible = "fsl,sec-v4.0-rtic-memory"; |
| reg = <0x00 0x20 0x100 0x80>; |
| }; |
| |
| rtic_b: rtic-b@20 { |
| compatible = "fsl,sec-v4.0-rtic-memory"; |
| reg = <0x20 0x20 0x200 0x80>; |
| }; |
| |
| rtic_c: rtic-c@40 { |
| compatible = "fsl,sec-v4.0-rtic-memory"; |
| reg = <0x40 0x20 0x300 0x80>; |
| }; |
| |
| rtic_d: rtic-d@60 { |
| compatible = "fsl,sec-v4.0-rtic-memory"; |
| reg = <0x60 0x20 0x500 0x80>; |
| }; |
| }; |
| }; |
| |
| sec_mon: sec_mon@314000 { |
| compatible = "fsl,sec-v4.0-mon"; |
| reg = <0x314000 0x1000>; |
| ranges = <0 0x314000 0x1000>; |
| |
| sec_mon_rtc_lp@34 { |
| compatible = "fsl,sec-v4.0-mon-rtc-lp"; |
| regmap = <&sec_mon>; |
| offset = <0x34>; |
| interrupts = <93 2>; |
| }; |
| |
| snvs-pwrkey@0x020cc000 { |
| compatible = "fsl,sec-v4.0-pwrkey"; |
| regmap = <&sec_mon>; |
| interrupts = <0 4 0x4>; |
| linux,keycode = <116>; /* KEY_POWER */ |
| wakeup-source; |
| }; |
| }; |
| |
| caam_sm: caam-sm@31800000 { |
| compatible = "fsl,imx6q-caam-sm"; |
| reg = <0 0x31800000 0 0x1ffff>; |
| }; |
| |
| ===================================================================== |