Hi,
This series introduces secure proxies meant for usage with bootloaders
and firmware components in the SoC for all K3 SoCs. AM64x SoC is an odd
case here as the single instance of secure proxy is dual use for both
ROM and general purpose. All other SoCs have independent instances that
is used for firmware and bootloader communication.
Nitin had posted [1] to address one of the SoCs (AM62), I am cleaning
that patch a bit in this series.
Nishanth Menon (6):
arm64: dts: ti: k3-am62a-main: Add sa3_secproxy
arm64: dts: ti: k3-am65-mcu: Add mcu_secproxy
arm64: dts: ti: k3-j7200-mcu: Add mcu_secproxy
arm64: dts: ti: k3-j721e-mcu: Add mcu_secproxy
arm64: dts: ti: k3-j721s2-mcu-wakeup: Add sa3_secproxy and
mcu_sec_proxy
arm64: dts: ti: k3-j784s4-mcu-wakeup: Add sa3_secproxy and
mcu_sec_proxy
Nitin Yadav (1):
arm64: dts: ti: k3-am62-main: Add sa3_secproxy
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 15 ++++++++++
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 15 ++++++++++
arch/arm64/boot/dts/ti/k3-am65-mcu.dtsi | 15 ++++++++++
.../boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 15 ++++++++++
.../boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 15 ++++++++++
.../boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 30 +++++++++++++++++++
.../boot/dts/ti/k3-j784s4-mcu-wakeup.dtsi | 30 +++++++++++++++++++
7 files changed, 135 insertions(+)
[1] https://lore.kernel.org/all/[email protected]/
--
2.40.0
From: Nitin Yadav <[email protected]>
Security Management Subsystem(SMS) has it's own unique secure
proxy as part of Security Accelerator (SA3) module. This is used
for communicating with ROM and for special usecases such as HSM
operations. This is in addition to the one in the main domain DMSS
subsystem that is used for general purpose communication.
Describe the node for use with bootloaders and firmware that require
this communication path which uses interrupts to corresponding micro
controller interrupt controller. Mark the node as disabled since this
instance does not have interrupts routed to the main processor by
default for a complete description of the node.
Signed-off-by: Nitin Yadav <[email protected]>
[[email protected]: Update commit message, minor updates]
Signed-off-by: Nishanth Menon <[email protected]>
---
Just rolling it up as part of all SoC changes. changes since v2:
* Relocated the secure_proxy node (next to sa3 crypto)
* Renamed the node, followed the binding for reg-names
* Disabled the node to indicate incomplete non-MPU node (with comments)
* Updated commit message to indicate the rationale
V2: https://lore.kernel.org/all/[email protected]/
V1: https://lore.kernel.org/all/20230515143250.jxwwgse24lrcqouc@grunge/
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi
index b3e4857bbbe4..bf3e054c72ce 100644
--- a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi
@@ -184,6 +184,21 @@ crypto: crypto@40900000 {
dma-names = "tx", "rx1", "rx2";
};
+ secure_proxy_sa3: mailbox@43600000 {
+ compatible = "ti,am654-secure-proxy";
+ #mbox-cells = <1>;
+ reg-names = "target_data", "rt", "scfg";
+ reg = <0x00 0x43600000 0x00 0x10000>,
+ <0x00 0x44880000 0x00 0x20000>,
+ <0x00 0x44860000 0x00 0x20000>;
+ /*
+ * Marked Disabled:
+ * Node is incomplete as it is meant for bootloaders and
+ * firmware on non-MPU processors
+ */
+ status = "disabled";
+ };
+
main_pmx0: pinctrl@f4000 {
compatible = "pinctrl-single";
reg = <0x00 0xf4000 0x00 0x2ac>;
--
2.40.0
MCU domain has it's own secure proxy for communicating with ROM and
for R5 micro controller firmware operations. This is in addition to
the one in the main domain NAVSS subsystem that is used for general
purpose communication.
Describe the node for use with bootloaders and firmware that require
this communication path which uses interrupts to corresponding micro
controller interrupt controller. Mark the node as disabled since this
instance does not have interrupts routed to the main processor by
default for a complete description of the node.
Signed-off-by: Nishanth Menon <[email protected]>
---
New patch
arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi b/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi
index 6237e1f3a477..4ea95ed5d12c 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi
@@ -296,6 +296,21 @@ mcu_udmap: dma-controller@285c0000 {
};
};
+ secure_proxy_mcu: mailbox@2a480000 {
+ compatible = "ti,am654-secure-proxy";
+ #mbox-cells = <1>;
+ reg-names = "target_data", "rt", "scfg";
+ reg = <0x0 0x2a480000 0x0 0x80000>,
+ <0x0 0x2a380000 0x0 0x80000>,
+ <0x0 0x2a400000 0x0 0x80000>;
+ /*
+ * Marked Disabled:
+ * Node is incomplete as it is meant for bootloaders and
+ * firmware on non-MPU processors
+ */
+ status = "disabled";
+ };
+
mcu_cpsw: ethernet@46000000 {
compatible = "ti,j721e-cpsw-nuss";
#address-cells = <2>;
--
2.40.0
MCU domain has it's own secure proxy for communicating with ROM and
for R5 micro controller firmware operations. This is in addition to
the one in the main domain NAVSS subsystem that is used for general
purpose communication.
Describe the node for use with bootloaders and firmware that require
this communication path which uses interrupts to corresponding micro
controller interrupt controller. Mark the node as disabled since this
instance does not have interrupts routed to the main processor by
default for a complete description of the node.
Signed-off-by: Nishanth Menon <[email protected]>
---
New patch
arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi b/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
index 674e695ef844..dff23b258240 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
@@ -209,6 +209,21 @@ mcu_udmap: dma-controller@285c0000 {
};
};
+ secure_proxy_mcu: mailbox@2a480000 {
+ compatible = "ti,am654-secure-proxy";
+ #mbox-cells = <1>;
+ reg-names = "target_data", "rt", "scfg";
+ reg = <0x0 0x2a480000 0x0 0x80000>,
+ <0x0 0x2a380000 0x0 0x80000>,
+ <0x0 0x2a400000 0x0 0x80000>;
+ /*
+ * Marked Disabled:
+ * Node is incomplete as it is meant for bootloaders and
+ * firmware on non-MPU processors
+ */
+ status = "disabled";
+ };
+
mcu_cpsw: ethernet@46000000 {
compatible = "ti,j721e-cpsw-nuss";
#address-cells = <2>;
--
2.40.0
Security Management Subsystem(SMS) has it's own unique secure
proxy as part of Security Accelerator (SA3) module. This is used
for communicating with ROM and for special usecases such as HSM
operations. This is in addition to the one in the main domain DMSS
subsystem that is used for general purpose communication.
Describe the node for use with bootloaders and firmware that require
this communication path which uses interrupts to corresponding micro
controller interrupt controller. Mark the node as disabled since this
instance does not have interrupts routed to the main processor by
default for a complete description of the node.
Signed-off-by: Nishanth Menon <[email protected]>
---
New patch
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi
index 393a1a40b68b..e2b429d123b7 100644
--- a/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-am62a-main.dtsi
@@ -169,6 +169,21 @@ k3_reset: reset-controller {
};
};
+ secure_proxy_sa3: mailbox@43600000 {
+ compatible = "ti,am654-secure-proxy";
+ #mbox-cells = <1>;
+ reg-names = "target_data", "rt", "scfg";
+ reg = <0x00 0x43600000 0x00 0x10000>,
+ <0x00 0x44880000 0x00 0x20000>,
+ <0x00 0x44860000 0x00 0x20000>;
+ /*
+ * Marked Disabled:
+ * Node is incomplete as it is meant for bootloaders and
+ * firmware on non-MPU processors
+ */
+ status = "disabled";
+ };
+
main_pmx0: pinctrl@f4000 {
compatible = "pinctrl-single";
reg = <0x00 0xf4000 0x00 0x2ac>;
--
2.40.0
Hi Nishanth
On 5/30/2023 10:28 PM, Nishanth Menon wrote:
> MCU domain has it's own secure proxy for communicating with ROM and
> for R5 micro controller firmware operations. This is in addition to
> the one in the main domain NAVSS subsystem that is used for general
> purpose communication.
>
> Describe the node for use with bootloaders and firmware that require
> this communication path which uses interrupts to corresponding micro
> controller interrupt controller. Mark the node as disabled since this
> instance does not have interrupts routed to the main processor by
> default for a complete description of the node.
>
> Signed-off-by: Nishanth Menon <[email protected]>
> ---
> New patch
>
> arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi b/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
> index 674e695ef844..dff23b258240 100644
> --- a/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
> +++ b/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
> @@ -209,6 +209,21 @@ mcu_udmap: dma-controller@285c0000 {
> };
> };
>
> + secure_proxy_mcu: mailbox@2a480000 {
I think, we should start name as mailbox@2a380000
> + compatible = "ti,am654-secure-proxy";
> + #mbox-cells = <1>;
> + reg-names = "target_data", "rt", "scfg";
> + reg = <0x0 0x2a480000 0x0 0x80000>,
> + <0x0 0x2a380000 0x0 0x80000>,
> + <0x0 0x2a400000 0x0 0x80000>;
I think, we should have increasing order for reg. Unless there is some
strong reason to keep in this way.
> + /*
> + * Marked Disabled:
> + * Node is incomplete as it is meant for bootloaders and
> + * firmware on non-MPU processors
> + */
> + status = "disabled";
> + };
> +
> mcu_cpsw: ethernet@46000000 {
> compatible = "ti,j721e-cpsw-nuss";
> #address-cells = <2>;
On 22:37-20230531, Kumar, Udit wrote:
[...]
> > + secure_proxy_mcu: mailbox@2a480000 {
> I think, we should start name as? mailbox@2a380000
> > + compatible = "ti,am654-secure-proxy";
> > + #mbox-cells = <1>;
> > + reg-names = "target_data", "rt", "scfg";
> > + reg = <0x0 0x2a480000 0x0 0x80000>,
> > + <0x0 0x2a380000 0x0 0x80000>,
> > + <0x0 0x2a400000 0x0 0x80000>;
>
> I think, we should have increasing order for reg. Unless there is some
> strong reason to keep in this way.
Binding is defined this way - the items section in the binding
enforces the order. As a result the first reg entry(target_data)
address causes the node name.
--
Regards,
Nishanth Menon
Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D
On 5/31/2023 11:09 PM, Nishanth Menon wrote:
> On 22:37-20230531, Kumar, Udit wrote:
> [...]
>>> + secure_proxy_mcu: mailbox@2a480000 {
>> I think, we should start name as mailbox@2a380000
>>> + compatible = "ti,am654-secure-proxy";
>>> + #mbox-cells = <1>;
>>> + reg-names = "target_data", "rt", "scfg";
>>> + reg = <0x0 0x2a480000 0x0 0x80000>,
>>> + <0x0 0x2a380000 0x0 0x80000>,
>>> + <0x0 0x2a400000 0x0 0x80000>;
>> I think, we should have increasing order for reg. Unless there is some
>> strong reason to keep in this way.
> Binding is defined this way - the items section in the binding
> enforces the order. As a result the first reg entry(target_data)
> address causes the node name.
Ok thanks, u boot defined in other way but i don't see problem post sync,
As u-boot driver is getting node address based upon name instead of index.
Reviewed-by: Udit Kumar <[email protected]>
Hi Nishanth Menon,
On Tue, 30 May 2023 11:58:53 -0500, Nishanth Menon wrote:
> This series introduces secure proxies meant for usage with bootloaders
> and firmware components in the SoC for all K3 SoCs. AM64x SoC is an odd
> case here as the single instance of secure proxy is dual use for both
> ROM and general purpose. All other SoCs have independent instances that
> is used for firmware and bootloader communication.
>
> Nitin had posted [1] to address one of the SoCs (AM62), I am cleaning
> that patch a bit in this series.
>
> [...]
I have applied the following to branch ti-k3-dts-next on [1].
Thank you!
[1/7] arm64: dts: ti: k3-am62-main: Add sa3_secproxy
commit: 7450aa5153af55a0c63785a6917e35a989a4fdf5
[2/7] arm64: dts: ti: k3-am62a-main: Add sa3_secproxy
commit: f7d3b11cacd1fc9596444e89209b80800d20ea22
[3/7] arm64: dts: ti: k3-am65-mcu: Add mcu_secproxy
commit: 84debc33b529cae428f29b1eb21ccc05c8b47a16
[4/7] arm64: dts: ti: k3-j7200-mcu: Add mcu_secproxy
commit: c4e43f5aef9731c480789dcb044d261f894a102e
[5/7] arm64: dts: ti: k3-j721e-mcu: Add mcu_secproxy
commit: 753904da7072646666fa17a5030ef2be871a385a
[6/7] arm64: dts: ti: k3-j721s2-mcu-wakeup: Add sa3_secproxy and mcu_sec_proxy
commit: 77f622cb8633c020a78cfb8b7d3d73ba3eaf0a44
[7/7] arm64: dts: ti: k3-j784s4-mcu-wakeup: Add sa3_secproxy and mcu_sec_proxy
commit: 389ad7111ddd99a05c75bc7d4f480a0526761d06
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent up the chain during
the next merge window (or sooner if it is a relevant bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux.git
--
Vignesh