2024-05-10 13:30:12

by Pankaj Gupta

[permalink] [raw]
Subject: [PATCH 0/4] Communication Interface to NXP secure-enclave HW IP like Edgelock Enclave

Hardware interface of the NXP Secure Enclave HW IP(s) like EdgeLock Enclave,
V2X, SHE etc, is based on the Messaging Unit module that enables processing
elements like ARMv8 core, RISC V core, within the SoC to communicate and
coordinate by passing messages (e.g., data, status and control) through
these interfaces.

The NXP i.MX secure enclaves hardware interface kernel driver, is specifically
targeted for use between application core and NXP secure-enclave(s) HW. It allows
to send/receive messages to/from the secure-enclave.

Patch-set adds the kernel driver for communication interface to secure-enclave,
for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
both from:
- User-Space Applications via character driver.
- Kernel-space, used by kernel management layers like DM-Crypt.

Signed-off-by: Pankaj Gupta <[email protected]>
---
Pankaj Gupta (4):
Documentation/firmware: add imx/se to other_interfaces
dt-bindings: arm: fsl: add imx-se-fw binding doc
arm64: dts: imx8ulp-evk: add nxp secure enclave firmware
firmware: imx: add driver for NXP EdgeLock Enclave

Documentation/ABI/testing/se-cdev | 42 +
.../devicetree/bindings/firmware/fsl,imx-se.yaml | 186 +++
.../driver-api/firmware/other_interfaces.rst | 126 ++
arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 +-
arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 18 +-
drivers/firmware/imx/Kconfig | 12 +
drivers/firmware/imx/Makefile | 2 +
drivers/firmware/imx/ele_base_msg.c | 287 +++++
drivers/firmware/imx/ele_base_msg.h | 70 +
drivers/firmware/imx/ele_common.c | 341 +++++
drivers/firmware/imx/ele_common.h | 43 +
drivers/firmware/imx/se_ctrl.c | 1339 ++++++++++++++++++++
drivers/firmware/imx/se_ctrl.h | 151 +++
include/linux/firmware/imx/se_api.h | 14 +
include/uapi/linux/se_ioctl.h | 88 ++
15 files changed, 2733 insertions(+), 3 deletions(-)
---
base-commit: e8f897f4afef0031fe618a8e94127a0934896aba
change-id: 20240507-imx-se-if-a40055093dc6

Best regards,
--
Pankaj Gupta <[email protected]>



2024-05-10 13:30:47

by Pankaj Gupta

[permalink] [raw]
Subject: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc

The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
creates an embedded secure enclave within the SoC boundary to enable
features like:
- HSM
- SHE
- V2X

Secure-Enclave(s) communication interface are typically via message
unit, i.e., based on mailbox linux kernel driver. This driver enables
communication ensuring well defined message sequence protocol between
Application Core and enclave's firmware.

Driver configures multiple misc-device on the MU, for multiple
user-space applications, to be able to communicate over single MU.

It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.

Signed-off-by: Pankaj Gupta <[email protected]>
---
.../devicetree/bindings/firmware/fsl,imx-se.yaml | 186 +++++++++++++++++++++
1 file changed, 186 insertions(+)

diff --git a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
new file mode 100644
index 000000000000..a858ef6965cb
--- /dev/null
+++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
@@ -0,0 +1,186 @@
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
+
+maintainers:
+ - Pankaj Gupta <[email protected]>
+
+description: |
+ NXP's SoC may contain one or multiple embedded secure-enclave HW
+ IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
+ enables features like
+ - Hardware Security Module (HSM),
+ - Security Hardware Extension (SHE), and
+ - Vehicular to Anything (V2X)
+
+ Communication interface to the secure-enclaves is based on the
+ messaging unit(s).
+
+properties:
+ '#address-cells':
+ const: 1
+
+ '#size-cells':
+ const: 0
+
+ compatible:
+ enum:
+ - fsl,imx8ulp-ele
+ - fsl,imx93-ele
+
+patternProperties:
+ "^[0-9a-z]*-if@[0-9]+$":
+ type: object
+ description:
+ Communication interface to secure-enclave node, that defines hardware
+ properties to required to establish the communication. There can be
+ multiple interfaces to the same secure-enclave. Each interface is
+ enumerated with reg property. It optionally defines properties
+ depending on the compatible string and interface enum identifier.
+
+ properties:
+ reg:
+ maxItems: 1
+ description: Identifier of the communication interface to secure-enclave.
+
+ mboxes:
+ description: contain a list of phandles to mailboxes.
+ items:
+ - description: Specify the mailbox used to send message to se firmware
+ - description: Specify the mailbox used to receive message from se firmware
+
+ mbox-names:
+ items:
+ - const: tx
+ - const: rx
+ - const: txdb
+ - const: rxdb
+ minItems: 2
+
+ memory-region:
+ description: contains a list of phandles to reserved external memory.
+ items:
+ - description: It is used by secure-enclave firmware. It is an optional
+ property based on compatible and identifier to communication interface.
+ (see bindings/reserved-memory/reserved-memory.txt)
+
+ sram:
+ description: contains a list of phandles to sram.
+ $ref: /schemas/types.yaml#/definitions/phandle-array
+ items:
+ - description: Phandle to the device SRAM. It is an optional property
+ based on compatible and identifier to communication interface.
+
+ required:
+ - reg
+ - mboxes
+ - mbox-names
+
+allOf:
+ # memory-region
+ - if:
+ properties:
+ compatible:
+ contains:
+ enum:
+ - fsl,imx8ulp-ele
+ - fsl,imx93-ele
+ then:
+ patternProperties:
+ "^[0-9a-z]*-if@[0-9]+$":
+ allOf:
+ - if:
+ properties:
+ reg:
+ items:
+ - enum:
+ - 0
+ then:
+ required:
+ - memory-region
+ else:
+ not:
+ required:
+ - memory-region
+ # sram
+ - if:
+ properties:
+ compatible:
+ contains:
+ enum:
+ - fsl,imx8ulp-ele
+ then:
+ patternProperties:
+ "^[0-9a-z]*-if@[0-9]+$":
+ allOf:
+ - if:
+ properties:
+ reg:
+ items:
+ - enum:
+ - 0
+ then:
+ required:
+ - sram
+ else:
+ not:
+ required:
+ - sram
+
+additionalProperties: false
+
+examples:
+ - |
+ ele {
+ compatible = "fsl,imx8ulp-ele";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ ele-if@0 {
+ reg = <0x0>;
+ mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+ mbox-names = "tx", "rx";
+ sram = <&sram0>;
+ memory-region = <&ele_reserved>;
+ };
+ };
+ - |
+ ele {
+ compatible = "fsl,imx93-ele";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ ele-if@0 {
+ reg = <0x0>;
+ mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+ mbox-names = "tx", "rx";
+ memory-region = <&ele_reserved>;
+ };
+ };
+ - |
+ v2x {
+ compatible = "fsl,imx95-v2x";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ v2x-if@0 {
+ reg = <0x0>;
+ mboxes = <&v2x_mu 0 0>, <&v2x_mu 1 0>;
+ mbox-names = "tx", "rx";
+ };
+ v2x-if@1 {
+ reg = <0x1>;
+ mboxes = <&v2x_mu6 0 0>, <&v2x_mu6 1 0>;
+ mbox-names = "txdb", "rxdb";
+ };
+ v2x-if@2 {
+ reg = <0x2>;
+ mboxes = <&v2x_mu7 0 0>, <&v2x_mu7 1 0>;
+ mbox-names = "tx", "rx";
+ };
+ };
+...

--
2.34.1


2024-05-10 13:31:04

by Pankaj Gupta

[permalink] [raw]
Subject: [PATCH 3/4] arm64: dts: imx8ulp-evk: add nxp secure enclave firmware

Add support for NXP secure enclave called EdgeLock Enclave
firmware (se-fw) for imx8ulp-evk.

EdgeLock Enclave has a hardware limitation of restricted access to DDR
address: 0x80000000 to 0xAFFFFFFF, so reserve 1MB of DDR memory region
from 0x80000000.

Signed-off-by: Pankaj Gupta <[email protected]>
---
arch/arm64/boot/dts/freescale/imx8ulp-evk.dts | 17 ++++++++++++++++-
arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 18 ++++++++++++++++--
2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts b/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts
index 69dd8e31027c..bac08297ef68 100644
--- a/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts
+++ b/arch/arm64/boot/dts/freescale/imx8ulp-evk.dts
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
/*
- * Copyright 2021 NXP
+ * Copyright 2021, 2024 NXP
*/

/dts-v1/;
@@ -19,6 +19,17 @@ memory@80000000 {
device_type = "memory";
reg = <0x0 0x80000000 0 0x80000000>;
};
+ reserved-memory {
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+
+ ele_reserved: ele-reserved@90000000 {
+ compatible = "shared-dma-pool";
+ reg = <0 0x90000000 0 0x100000>;
+ no-map;
+ };
+ };

reserved-memory {
#address-cells = <2>;
@@ -146,6 +157,10 @@ &usdhc0 {
status = "okay";
};

+&ele_if0 {
+ memory-region = <&ele_reserved>;
+};
+
&fec {
pinctrl-names = "default", "sleep";
pinctrl-0 = <&pinctrl_enet>;
diff --git a/arch/arm64/boot/dts/freescale/imx8ulp.dtsi b/arch/arm64/boot/dts/freescale/imx8ulp.dtsi
index c4a0082f30d3..fc00f05fa166 100644
--- a/arch/arm64/boot/dts/freescale/imx8ulp.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8ulp.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
/*
- * Copyright 2021 NXP
+ * Copyright 2021, 2024 NXP
*/

#include <dt-bindings/clock/imx8ulp-clock.h>
@@ -152,7 +152,7 @@ sosc: clock-sosc {
#clock-cells = <0>;
};

- sram@2201f000 {
+ sram0: sram@2201f000 {
compatible = "mmio-sram";
reg = <0x0 0x2201f000 0x0 0x1000>;

@@ -184,6 +184,20 @@ scmi_sensor: protocol@15 {
#thermal-sensor-cells = <1>;
};
};
+
+ ele {
+ compatible = "fsl,imx8ulp-ele";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ ele_if0: ele-if@0 {
+ reg = <0x0>;
+ mbox-names = "tx", "rx";
+ mboxes = <&s4muap 0 0>,
+ <&s4muap 1 0>;
+ sram = <&sram0>;
+ };
+ };
};

cm33: remoteproc-cm33 {

--
2.34.1


2024-05-10 13:31:09

by Pankaj Gupta

[permalink] [raw]
Subject: [PATCH 1/4] Documentation/firmware: add imx/se to other_interfaces

Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s)
that contains the NXP hardware IP(s) for secure-enclaves(se) like:
- NXP EdgeLock Enclave on i.MX93 & i.MX8ULP

Signed-off-by: Pankaj Gupta <[email protected]>
---
.../driver-api/firmware/other_interfaces.rst | 126 +++++++++++++++++++++
1 file changed, 126 insertions(+)

diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst
index 06ac89adaafb..c18c2d3e6e08 100644
--- a/Documentation/driver-api/firmware/other_interfaces.rst
+++ b/Documentation/driver-api/firmware/other_interfaces.rst
@@ -49,3 +49,129 @@ of the requests on to a secure monitor (EL3).

.. kernel-doc:: drivers/firmware/stratix10-svc.c
:export:
+
+NXP Secure Enclave Firmware Interface
+=====================================
+
+Introduction
+------------
+The NXP's i.MX HW IP like EdgeLock-Enclave, V2X etc., creats an embedded secure
+enclave within the SoC boundary to enable features like
+ - Hardware Security Module (HSM)
+ - Security Hardware Extension (SHE)
+ - Vehicular to Anything (V2X)
+
+Each of the above feature, is enabled through dedicated NXP H/W IP on the SoC.
+On a single SoC, multiple hardware IP (or can say more than one secure enclave)
+can exists.
+
+NXP SoC(s) enabled with the such secure enclave(se) IP(s) are:
+i.MX93, i.MX8ULP
+
+To communicate with one or more co-existing 'se'(s) on SoC, there is/are dedicated
+messaging units(MU) per 'se'. Each co-existing 'se' can have one or multiple exclusive
+MU(s), dedicated to itself. None of the MU is shared between two se(s).
+Communication of the MU is realized using the Linux mailbox driver.
+
+NXP Secure Enclave(SE) Interface
+--------------------------------
+All those SE interface(s) 'se-if(s)' that is/are dedicated to a particular 'se', will be
+enumerated and provisioned under the very single 'se' node.
+
+Each 'se-if', comprise of twp layers:
+- (C_DEV Layer) User-Space software-access interface.
+- (Service Layer) OS-level software-access interface.
+
+ +--------------------------------------------+
+ | Character Device(C_DEV) |
+ | |
+ | +---------+ +---------+ +---------+ |
+ | | misc #1 | | misc #2 | ... | misc #n | |
+ | | dev | | dev | | dev | |
+ | +---------+ +---------+ +---------+ |
+ | +-------------------------+ |
+ | | Misc. Dev Synchr. Logic | |
+ | +-------------------------+ |
+ | |
+ +--------------------------------------------+
+
+ +--------------------------------------------+
+ | Service Layer |
+ | |
+ | +-----------------------------+ |
+ | | Message Serialization Logic | |
+ | +-----------------------------+ |
+ | +---------------+ |
+ | | imx-mailbox | |
+ | | mailbox.c | |
+ | +---------------+ |
+ | |
+ +--------------------------------------------+
+
+- service layer:
+ This layer is responsible for ensuring the communication protocol, that is defined
+ for communication with firmware.
+
+ FW Communication protocol ensures two things:
+ - Serializing the multiple message(s) to be sent over an MU.
+ A mutex locks instance "mu_lock" is instantiated per MU. It is taken to ensure
+ one message is sent over MU at a time. The lock "mu_lock" is unlocked, post sending
+ the message using the mbox api(s) exposed by mailbox kernel driver.
+
+ - FW can handle one command-message at a time.
+ Second command-message must wait till first command message is completely processed.
+ Hence, another mutex lock instance "mu_cmd_lock" is instantiated per MU. It is taken
+ to ensure one command-message is sent at a time, towards FW. This lock is not unlocked,
+ for the next command-message, till previous command message is processed completely.
+
+- c_dev:
+ This layer offers character device contexts, created as '/dev/<se>_mux_chx'.
+ Using these multiple device contexts, that are getting multiplexed over a single MU,
+ user-space application(s) can call fops like write/read to send the command-message,
+ and read back the command-response-message to/from Firmware.
+ fops like read & write uses the above defined service layer API(s) to communicate with
+ Firmware.
+
+ Misc-device(/dev/<se>_mux_chn) synchronization protocol:
+
+ Non-Secure + Secure
+ |
+ |
+ +---------+ +-------------+ |
+ | se_fw.c +<---->+imx-mailbox.c| |
+ | | | mailbox.c +<-->+------+ +------+
+ +---+-----+ +-------------+ | MU X +<-->+ ELE |
+ | +------+ +------+
+ +----------------+ |
+ | | |
+ v v |
+ logical logical |
+ receiver waiter |
+ + + |
+ | | |
+ | | |
+ | +----+------+ |
+ | | | |
+ | | | |
+ device_ctx device_ctx device_ctx |
+ |
+ User 0 User 1 User Y |
+ +------+ +------+ +------+ |
+ |misc.c| |misc.c| |misc.c| |
+ kernel space +------+ +------+ +------+ |
+ |
+ +------------------------------------------------------ |
+ | | | |
+ userspace /dev/ele_muXch0 | | |
+ /dev/ele_muXch1 | |
+ /dev/ele_muXchY |
+ |
+
+When a user sends a command to the firmware, it registers its device_ctx
+as waiter of a response from firmware.
+
+Enclave's Firmware owns the storage management, over linux filesystem.
+For this c_dev provisions a dedicated slave device called "receiver".
+
+.. kernel-doc:: drivers/firmware/imx/se_fw.c
+ :export:

--
2.34.1


2024-05-10 13:31:21

by Pankaj Gupta

[permalink] [raw]
Subject: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
are embedded in the SoC to support the features like HSM, SHE & V2X,
using message based communication interface.

The secure enclave FW communicates on a dedicated messaging unit(MU)
based interface(s) with application core, where kernel is running.
It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.

This patch adds the driver for communication interface to secure-enclave,
for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
both from:
- User-Space Applications via character driver.
- Kernel-space, used by kernel management layers like DM-Crypt.

ABI documentation for the NXP secure-enclave driver.

User-space library using this driver:
- i.MX Secure Enclave library:
-- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
- i.MX Secure Middle-Ware:
-- URL: https://github.com/nxp-imx/imx-smw.git

Signed-off-by: Pankaj Gupta <[email protected]>
---
Documentation/ABI/testing/se-cdev | 42 ++
drivers/firmware/imx/Kconfig | 12 +
drivers/firmware/imx/Makefile | 2 +
drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
drivers/firmware/imx/ele_base_msg.h | 70 ++
drivers/firmware/imx/ele_common.c | 341 +++++++++
drivers/firmware/imx/ele_common.h | 43 ++
drivers/firmware/imx/se_ctrl.c | 1339 +++++++++++++++++++++++++++++++++++
drivers/firmware/imx/se_ctrl.h | 151 ++++
include/linux/firmware/imx/se_api.h | 14 +
include/uapi/linux/se_ioctl.h | 88 +++
11 files changed, 2389 insertions(+)

diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
new file mode 100644
index 000000000000..699525af6b86
--- /dev/null
+++ b/Documentation/ABI/testing/se-cdev
@@ -0,0 +1,42 @@
+What: /dev/<se>_mu[0-9]+_ch[0-9]+
+Date: May 2024
+KernelVersion: 6.8
+Contact: [email protected], [email protected]
+Description:
+ NXP offers multiple hardware IP(s) for secure-enclaves like EdgeLock-
+ Enclave(ELE), SECO. The character device file-descriptors
+ /dev/<se>_mu*_ch* are the interface between user-space NXP's secure-
+ enclave shared-library and the kernel driver.
+
+ The ioctl(2)-based ABI is defined and documented in
+ [include]<linux/firmware/imx/ele_mu_ioctl.h>
+ ioctl(s) are used primarily for:
+ - shared memory management
+ - allocation of I/O buffers
+ - get mu info
+ - setting a dev-ctx as receiver that is slave to fw
+ - get SoC info
+
+ The following file operations are supported:
+
+ open(2)
+ Currently the only useful flags are O_RDWR.
+
+ read(2)
+ Every read() from the opened character device context is waiting on
+ wakeup_intruptible, that gets set by the registered mailbox callback
+ function; indicating a message received from the firmware on message-
+ unit.
+
+ write(2)
+ Every write() to the opened character device context needs to acquire
+ mailbox_lock, before sending message on to the message unit.
+
+ close(2)
+ Stops and free up the I/O contexts that was associated
+ with the file descriptor.
+
+Users: https://github.com/nxp-imx/imx-secure-enclave.git,
+ https://github.com/nxp-imx/imx-smw.git
+ crypto/skcipher,
+ drivers/nvmem/imx-ocotp-ele.c
diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
index 183613f82a11..56bdca9bd917 100644
--- a/drivers/firmware/imx/Kconfig
+++ b/drivers/firmware/imx/Kconfig
@@ -22,3 +22,15 @@ config IMX_SCU

This driver manages the IPC interface between host CPU and the
SCU firmware running on M4.
+
+config IMX_SEC_ENCLAVE
+ tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
+ depends on IMX_MBOX && ARCH_MXC && ARM64
+ default m if ARCH_MXC
+
+ help
+ It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
+ - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
+ like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
+ Unit. This driver exposes these interfaces via a set of file descriptors
+ allowing to configure shared memory, send and receive messages.
diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
index 8f9f04a513a8..aa9033e0e9e3 100644
--- a/drivers/firmware/imx/Makefile
+++ b/drivers/firmware/imx/Makefile
@@ -1,3 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_IMX_DSP) += imx-dsp.o
obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
+sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
+obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
new file mode 100644
index 000000000000..0463f26d93c7
--- /dev/null
+++ b/drivers/firmware/imx/ele_base_msg.c
@@ -0,0 +1,287 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2024 NXP
+ */
+
+#include <linux/types.h>
+#include <linux/completion.h>
+#include <linux/dma-mapping.h>
+
+#include "ele_base_msg.h"
+#include "ele_common.h"
+
+int ele_get_info(struct device *dev, struct soc_info *s_info)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree);
+ struct se_api_msg *rx_msg __free(kfree);
+ phys_addr_t get_info_addr;
+ u32 *get_info_data;
+ u32 status;
+ int ret;
+
+ if (!priv || !s_info)
+ goto exit;
+
+ memset(s_info, 0x0, sizeof(*s_info));
+
+ if (priv->mem_pool_name)
+ get_info_data = get_phy_buf_mem_pool(dev,
+ priv->mem_pool_name,
+ &get_info_addr,
+ ELE_GET_INFO_BUFF_SZ);
+ else
+ get_info_data = dmam_alloc_coherent(dev,
+ ELE_GET_INFO_BUFF_SZ,
+ &get_info_addr,
+ GFP_KERNEL);
+ if (!get_info_data) {
+ ret = -ENOMEM;
+ dev_err(dev,
+ "%s: Failed to allocate get_info_addr.\n",
+ __func__);
+ goto exit;
+ }
+
+ tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ ret = plat_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_GET_INFO_REQ,
+ ELE_GET_INFO_REQ_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ tx_msg->data[0] = upper_32_bits(get_info_addr);
+ tx_msg->data[1] = lower_32_bits(get_info_addr);
+ tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
+ priv->rx_msg = rx_msg;
+ ret = imx_ele_msg_send_rcv(priv, tx_msg);
+ if (ret < 0)
+ goto exit;
+
+ ret = validate_rsp_hdr(priv,
+ priv->rx_msg->header,
+ ELE_GET_INFO_REQ,
+ ELE_GET_INFO_RSP_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ status = RES_STATUS(priv->rx_msg->data[0]);
+ if (status != priv->success_tag) {
+ dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
+ ELE_GET_INFO_REQ, status);
+ ret = -1;
+ }
+
+ s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
+ & ELE_IMEM_STATE_MASK) >> 16;
+ s_info->major_ver = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
+ & SOC_VER_MASK) >> 24;
+ s_info->minor_ver = ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
+ & SOC_VER_MASK) >> 16) & 0xFF;
+ s_info->soc_rev = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
+ & SOC_VER_MASK) >> 16;
+ s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
+ & SOC_ID_MASK;
+ s_info->serial_num
+ = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] << 32
+ | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
+exit:
+ if (get_info_addr) {
+ if (priv->mem_pool_name)
+ free_phybuf_mem_pool(dev, priv->mem_pool_name,
+ get_info_data, ELE_GET_INFO_BUFF_SZ);
+ else
+ dmam_free_coherent(dev,
+ ELE_GET_INFO_BUFF_SZ,
+ get_info_data,
+ get_info_addr);
+ }
+
+ return ret;
+}
+
+int ele_ping(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree);
+ struct se_api_msg *rx_msg __free(kfree);
+ u32 status;
+ int ret;
+
+ tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ ret = plat_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_PING_REQ, ELE_PING_REQ_SZ,
+ true);
+ if (ret) {
+ dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
+ goto exit;
+ }
+
+ priv->rx_msg = rx_msg;
+ ret = imx_ele_msg_send_rcv(priv, tx_msg);
+ if (ret)
+ goto exit;
+
+ ret = validate_rsp_hdr(priv,
+ priv->rx_msg->header,
+ ELE_PING_REQ,
+ ELE_PING_RSP_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ status = RES_STATUS(priv->rx_msg->data[0]);
+ if (status != priv->success_tag) {
+ dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
+ ELE_PING_REQ, status);
+ ret = -1;
+ }
+exit:
+ return ret;
+}
+
+int ele_service_swap(struct device *dev,
+ phys_addr_t addr,
+ u32 addr_size, u16 flag)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree);
+ struct se_api_msg *rx_msg __free(kfree);
+ u32 status;
+ int ret;
+
+ tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ ret = plat_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_SERVICE_SWAP_REQ,
+ ELE_SERVICE_SWAP_REQ_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ tx_msg->data[0] = flag;
+ tx_msg->data[1] = addr_size;
+ tx_msg->data[2] = ELE_NONE_VAL;
+ tx_msg->data[3] = lower_32_bits(addr);
+ tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
+ ELE_SERVICE_SWAP_REQ_MSG_SZ);
+ priv->rx_msg = rx_msg;
+ ret = imx_ele_msg_send_rcv(priv, tx_msg);
+ if (ret < 0)
+ goto exit;
+
+ ret = validate_rsp_hdr(priv,
+ priv->rx_msg->header,
+ ELE_SERVICE_SWAP_REQ,
+ ELE_SERVICE_SWAP_RSP_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ status = RES_STATUS(priv->rx_msg->data[0]);
+ if (status != priv->success_tag) {
+ dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
+ ELE_SERVICE_SWAP_REQ, status);
+ ret = -1;
+ } else {
+ if (flag == ELE_IMEM_EXPORT)
+ ret = priv->rx_msg->data[1];
+ else
+ ret = 0;
+ }
+exit:
+
+ return ret;
+}
+
+int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct se_api_msg *tx_msg __free(kfree);
+ struct se_api_msg *rx_msg __free(kfree);
+ u32 status;
+ int ret;
+
+ tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
+ if (!tx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
+ if (!rx_msg) {
+ ret = -ENOMEM;
+ return ret;
+ }
+ ret = plat_fill_cmd_msg_hdr(priv,
+ (struct se_msg_hdr *)&tx_msg->header,
+ ELE_FW_AUTH_REQ,
+ ELE_FW_AUTH_REQ_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ tx_msg->data[0] = addr;
+ tx_msg->data[1] = 0x0;
+ tx_msg->data[2] = addr;
+
+ priv->rx_msg = rx_msg;
+ ret = imx_ele_msg_send_rcv(priv, tx_msg);
+ if (ret < 0)
+ goto exit;
+
+ ret = validate_rsp_hdr(priv,
+ priv->rx_msg->header,
+ ELE_FW_AUTH_REQ,
+ ELE_FW_AUTH_RSP_MSG_SZ,
+ true);
+ if (ret)
+ goto exit;
+
+ status = RES_STATUS(priv->rx_msg->data[0]);
+ if (status != priv->success_tag) {
+ dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
+ ELE_FW_AUTH_REQ, status);
+ ret = -1;
+ }
+exit:
+
+ return ret;
+}
diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h
new file mode 100644
index 000000000000..3b3d2bf04a84
--- /dev/null
+++ b/drivers/firmware/imx/ele_base_msg.h
@@ -0,0 +1,70 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ *
+ * Header file for the EdgeLock Enclave Base API(s).
+ */
+
+#ifndef ELE_BASE_MSG_H
+#define ELE_BASE_MSG_H
+
+#include <linux/device.h>
+#include <linux/types.h>
+
+#define WORD_SZ 4
+#define ELE_NONE_VAL 0x0
+
+#define ELE_SUCCESS_IND 0xD6
+
+#define ELE_GET_INFO_REQ 0xDA
+#define ELE_GET_INFO_REQ_MSG_SZ 0x10
+#define ELE_GET_INFO_RSP_MSG_SZ 0x08
+
+#define ELE_GET_INFO_BUFF_SZ 0x100
+#define ELE_GET_INFO_READ_SZ 0xA0
+
+#define DEFAULT_IMX_SOC_VER 0xA0
+#define SOC_VER_MASK 0xFFFF0000
+#define SOC_ID_MASK 0x0000FFFF
+struct soc_info {
+ u32 imem_state;
+ u8 major_ver;
+ u8 minor_ver;
+ u16 soc_id;
+ u16 soc_rev;
+ u64 serial_num;
+};
+
+#define GET_INFO_SOC_INFO_WORD_OFFSET 1
+#define GET_INFO_UUID_WORD_OFFSET 3
+#define GET_INFO_SL_NUM_MSB_WORD_OFF \
+ (GET_INFO_UUID_WORD_OFFSET + 3)
+#define GET_INFO_SL_NUM_LSB_WORD_OFF \
+ (GET_INFO_UUID_WORD_OFFSET + 0)
+
+#define ELE_PING_REQ 0x01
+#define ELE_PING_REQ_SZ 0x04
+#define ELE_PING_RSP_SZ 0x08
+
+#define ELE_SERVICE_SWAP_REQ 0xDF
+#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
+#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
+#define ELE_IMEM_SIZE 0x10000
+#define ELE_IMEM_STATE_OK 0xCA
+#define ELE_IMEM_STATE_BAD 0xFE
+#define ELE_IMEM_STATE_WORD 0x27
+#define ELE_IMEM_STATE_MASK 0x00ff0000
+#define ELE_IMEM_EXPORT 0x1
+#define ELE_IMEM_IMPORT 0x2
+
+#define ELE_FW_AUTH_REQ 0x02
+#define ELE_FW_AUTH_REQ_SZ 0x10
+#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
+
+int ele_get_info(struct device *dev, struct soc_info *s_info);
+int ele_ping(struct device *dev);
+int ele_service_swap(struct device *dev,
+ phys_addr_t addr,
+ u32 addr_size, u16 flag);
+int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
+#endif
diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
new file mode 100644
index 000000000000..dcf7f9034653
--- /dev/null
+++ b/drivers/firmware/imx/ele_common.c
@@ -0,0 +1,341 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2024 NXP
+ */
+
+#include "ele_base_msg.h"
+#include "ele_common.h"
+
+u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
+{
+ u32 nb_words = msg_len / (u32)sizeof(u32);
+ u32 crc = 0;
+ u32 i;
+
+ for (i = 0; i < nb_words - 1; i++)
+ crc ^= *(msg + i);
+
+ return crc;
+}
+
+int imx_ele_msg_rcv(struct se_if_priv *priv)
+{
+ u32 wait;
+ int err;
+
+ wait = msecs_to_jiffies(1000);
+ if (!wait_for_completion_timeout(&priv->done, wait)) {
+ dev_err(priv->dev,
+ "Error: wait_for_completion timed out.\n");
+ err = -ETIMEDOUT;
+ }
+
+ mutex_unlock(&priv->se_if_cmd_lock);
+ priv->no_dev_ctx_used = false;
+
+ return err;
+}
+
+int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
+{
+ bool is_cmd_lock_tobe_taken = false;
+ int err;
+
+ if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
+ is_cmd_lock_tobe_taken = true;
+ mutex_lock(&priv->se_if_cmd_lock);
+ }
+ scoped_guard(mutex, &priv->se_if_lock);
+
+ err = mbox_send_message(priv->tx_chan, mssg);
+ if (err < 0) {
+ dev_err(priv->dev, "Error: mbox_send_message failure.\n");
+ if (is_cmd_lock_tobe_taken)
+ mutex_unlock(&priv->se_if_cmd_lock);
+ return err;
+ }
+ err = 0;
+
+ return err;
+}
+
+int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
+{
+ int err;
+
+ priv->no_dev_ctx_used = true;
+ err = imx_ele_msg_send(priv, mssg);
+ if (err)
+ goto exit;
+
+ err = imx_ele_msg_rcv(priv);
+
+exit:
+ return err;
+}
+
+int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
+{
+ struct se_msg_hdr header = {0};
+ int err;
+
+ err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
+ if (err)
+ dev_err(dev_ctx->dev,
+ "%s: Err[0x%x]:Interrupted by signal.\n",
+ dev_ctx->miscdev.name, err);
+
+ header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
+
+ if (header.tag == dev_ctx->priv->rsp_tag)
+ mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
+
+ return err;
+}
+
+int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
+ void *tx_msg, int tx_msg_sz)
+{
+ struct se_if_priv *priv = dev_ctx->priv;
+ struct se_msg_hdr header = {0};
+ int err;
+
+ header = *((struct se_msg_hdr *) tx_msg);
+
+ /*
+ * Check that the size passed as argument matches the size
+ * carried in the message.
+ */
+ err = header.size << 2;
+
+ if (err != tx_msg_sz) {
+ err = -EINVAL;
+ dev_err(priv->dev,
+ "%s: User buffer too small\n",
+ dev_ctx->miscdev.name);
+ goto exit;
+ }
+ /* Check the message is valid according to tags */
+ if (header.tag == priv->cmd_tag)
+ priv->waiting_rsp_dev = dev_ctx;
+ else if (header.tag == priv->rsp_tag) {
+ /* Check the device context can send the command */
+ if (dev_ctx != priv->cmd_receiver_dev) {
+ dev_err(priv->dev,
+ "%s: Channel not configured to send resp to FW.",
+ dev_ctx->miscdev.name);
+ err = -EPERM;
+ goto exit;
+ }
+ } else {
+ dev_err(priv->dev,
+ "%s: The message does not have a valid TAG\n",
+ dev_ctx->miscdev.name);
+ err = -EINVAL;
+ goto exit;
+ }
+ err = imx_ele_msg_send(priv, tx_msg);
+exit:
+ return err;
+}
+
+/*
+ * Callback called by mailbox FW, when data is received.
+ */
+void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
+{
+ struct device *dev = mbox_cl->dev;
+ struct se_if_device_ctx *dev_ctx;
+ struct se_api_msg *rx_msg;
+ bool is_response = false;
+ struct se_if_priv *priv;
+ struct se_msg_hdr header;
+
+ priv = dev_get_drvdata(dev);
+ if (!priv) {
+ dev_err(dev, "SE-MU Priv data is NULL;");
+ return;
+ }
+
+ /* The function can be called with NULL msg */
+ if (!msg) {
+ dev_err(dev, "Message is invalid\n");
+ return;
+ }
+
+ header.tag = ((u8 *)msg)[TAG_OFFSET];
+ header.command = ((u8 *)msg)[CMD_OFFSET];
+ header.size = ((u8 *)msg)[SZ_OFFSET];
+ header.ver = ((u8 *)msg)[VER_OFFSET];
+
+ /* Incoming command: wake up the receiver if any. */
+ if (header.tag == priv->cmd_tag) {
+ dev_dbg(dev, "Selecting cmd receiver\n");
+ dev_ctx = priv->cmd_receiver_dev;
+ } else if (header.tag == priv->rsp_tag) {
+ if (priv->waiting_rsp_dev) {
+ dev_dbg(dev, "Selecting rsp waiter\n");
+ dev_ctx = priv->waiting_rsp_dev;
+ is_response = true;
+ } else {
+ /*
+ * Reading the EdgeLock Enclave response
+ * to the command, sent by other
+ * linux kernel services.
+ */
+ spin_lock(&priv->lock);
+ memcpy(&priv->rx_msg, msg, header.size << 2);
+
+ complete(&priv->done);
+ spin_unlock(&priv->lock);
+ return;
+ }
+ } else {
+ dev_err(dev, "Failed to select a device for message: %.8x\n",
+ *((u32 *) &header));
+ return;
+ }
+ /* Init reception */
+ rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
+ if (rx_msg)
+ memcpy(rx_msg, msg, header.size << 2);
+
+ dev_ctx->temp_resp = (u32 *)rx_msg;
+ dev_ctx->temp_resp_size = header.size;
+
+ /* Allow user to read */
+ dev_ctx->pending_hdr = 1;
+ wake_up_interruptible(&dev_ctx->wq);
+
+ if (is_response)
+ priv->waiting_rsp_dev = NULL;
+}
+
+int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
+ uint8_t msg_id, uint8_t sz, bool is_base_api)
+{
+ int ret = -EINVAL;
+ u32 size;
+ u32 cmd;
+ u32 tag;
+ u32 ver;
+
+ tag = MSG_TAG(header);
+ cmd = MSG_COMMAND(header);
+ size = MSG_SIZE(header);
+ ver = MSG_VER(header);
+
+ do {
+ if (tag != priv->rsp_tag) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
+ msg_id, tag, priv->rsp_tag);
+ break;
+ }
+
+ if (cmd != msg_id) {
+ dev_err(priv->dev,
+ "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
+ cmd, msg_id);
+ break;
+ }
+
+ if (size != (sz >> 2)) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
+ msg_id, size, (sz >> 2));
+ break;
+ }
+
+ if (is_base_api && (ver != priv->base_api_ver)) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)",
+ msg_id, ver, priv->base_api_ver);
+ break;
+ } else if (!is_base_api && ver != priv->fw_api_ver) {
+ dev_err(priv->dev,
+ "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
+ msg_id, ver, priv->fw_api_ver);
+ break;
+ }
+
+ ret = 0;
+
+ } while (false);
+
+ return ret;
+}
+
+int se_save_imem_state(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ int ret;
+
+ /* EXPORT command will save encrypted IMEM to given address,
+ * so later in resume, IMEM can be restored from the given
+ * address.
+ *
+ * Size must be at least 64 kB.
+ */
+ ret = ele_service_swap(dev,
+ priv->imem.phyaddr,
+ ELE_IMEM_SIZE,
+ ELE_IMEM_EXPORT);
+ if (ret < 0)
+ dev_err(dev, "Failed to export IMEM\n");
+ else
+ dev_info(dev,
+ "Exported %d bytes of encrypted IMEM\n",
+ ret);
+
+ return ret;
+}
+
+int se_restore_imem_state(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct soc_info s_info;
+ int ret;
+
+ /* get info from ELE */
+ ret = ele_get_info(dev, &s_info);
+ if (ret) {
+ dev_err(dev, "Failed to get info from ELE.\n");
+ return ret;
+ }
+
+ /* Get IMEM state, if 0xFE then import IMEM */
+ if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
+ /* IMPORT command will restore IMEM from the given
+ * address, here size is the actual size returned by ELE
+ * during the export operation
+ */
+ ret = ele_service_swap(dev,
+ priv->imem.phyaddr,
+ priv->imem.size,
+ ELE_IMEM_IMPORT);
+ if (ret) {
+ dev_err(dev, "Failed to import IMEM\n");
+ goto exit;
+ }
+ } else
+ goto exit;
+
+ /* After importing IMEM, check if IMEM state is equal to 0xCA
+ * to ensure IMEM is fully loaded and
+ * ELE functionality can be used.
+ */
+ ret = ele_get_info(dev, &s_info);
+ if (ret) {
+ dev_err(dev, "Failed to get info from ELE.\n");
+ goto exit;
+ }
+
+ if (s_info.imem_state == ELE_IMEM_STATE_OK)
+ dev_info(dev, "Successfully restored IMEM\n");
+ else
+ dev_err(dev, "Failed to restore IMEM\n");
+
+exit:
+ return ret;
+}
diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
new file mode 100644
index 000000000000..6e3a2114bb56
--- /dev/null
+++ b/drivers/firmware/imx/ele_common.h
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ */
+
+
+#ifndef __ELE_COMMON_H__
+#define __ELE_COMMON_H__
+
+#include "se_ctrl.h"
+
+#define IMX_ELE_FW_DIR "imx/ele/"
+
+uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
+int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
+int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
+ void *tx_msg, int tx_msg_sz);
+int imx_ele_msg_rcv(struct se_if_priv *priv);
+int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
+int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
+void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
+int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
+ u8 msg_id, u8 sz, bool is_base_api);
+
+/* Fill a command message header with a given command ID and length in bytes. */
+static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
+ struct se_msg_hdr *hdr,
+ u8 cmd,
+ u32 len,
+ bool is_base_api)
+{
+ hdr->tag = priv->cmd_tag;
+ hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
+ hdr->command = cmd;
+ hdr->size = len >> 2;
+
+ return 0;
+}
+
+int se_save_imem_state(struct device *dev);
+int se_restore_imem_state(struct device *dev);
+
+#endif /*__ELE_COMMON_H__ */
diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
new file mode 100644
index 000000000000..11c5eaa7353f
--- /dev/null
+++ b/drivers/firmware/imx/se_ctrl.c
@@ -0,0 +1,1339 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2024 NXP
+ */
+
+#include <linux/completion.h>
+#include <linux/delay.h>
+#include <linux/dev_printk.h>
+#include <linux/dma-mapping.h>
+#include <linux/errno.h>
+#include <linux/export.h>
+#include <linux/firmware.h>
+#include <linux/firmware/imx/se_api.h>
+#include <linux/genalloc.h>
+#include <linux/init.h>
+#include <linux/io.h>
+#include <linux/miscdevice.h>
+#include <linux/mod_devicetable.h>
+#include <linux/module.h>
+#include <linux/of_platform.h>
+#include <linux/of_reserved_mem.h>
+#include <linux/platform_device.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/sys_soc.h>
+#include <uapi/linux/se_ioctl.h>
+
+#include "ele_base_msg.h"
+#include "ele_common.h"
+#include "se_ctrl.h"
+
+#define RESERVED_DMA_POOL BIT(1)
+
+struct imx_se_node_info {
+ u8 se_if_id;
+ u8 se_if_did;
+ u8 max_dev_ctx;
+ u8 cmd_tag;
+ u8 rsp_tag;
+ u8 success_tag;
+ u8 base_api_ver;
+ u8 fw_api_ver;
+ u8 *se_name;
+ u8 *mbox_tx_name;
+ u8 *mbox_rx_name;
+ u8 *pool_name;
+ u8 *fw_name_in_rfs;
+ bool soc_register;
+ bool reserved_dma_ranges;
+ bool imem_mgmt;
+};
+
+struct imx_se_node_info_list {
+ u8 num_mu;
+ u16 soc_id;
+ u16 soc_rev;
+ struct imx_se_node_info info[];
+};
+
+static const struct imx_se_node_info_list imx8ulp_info = {
+ .num_mu = 1,
+ .soc_id = SOC_ID_OF_IMX8ULP,
+ .info = {
+ {
+ .se_if_id = 2,
+ .se_if_did = 7,
+ .max_dev_ctx = 4,
+ .cmd_tag = 0x17,
+ .rsp_tag = 0xe1,
+ .success_tag = 0xd6,
+ .base_api_ver = MESSAGING_VERSION_6,
+ .fw_api_ver = MESSAGING_VERSION_7,
+ .se_name = "hsm1",
+ .mbox_tx_name = "tx",
+ .mbox_rx_name = "rx",
+ .pool_name = "sram",
+ .fw_name_in_rfs = IMX_ELE_FW_DIR\
+ "mx8ulpa2ext-ahab-container.img",
+ .soc_register = true,
+ .reserved_dma_ranges = true,
+ .imem_mgmt = true,
+ },
+ },
+};
+
+static const struct imx_se_node_info_list imx93_info = {
+ .num_mu = 1,
+ .soc_id = SOC_ID_OF_IMX93,
+ .info = {
+ {
+ .se_if_id = 2,
+ .se_if_did = 3,
+ .max_dev_ctx = 4,
+ .cmd_tag = 0x17,
+ .rsp_tag = 0xe1,
+ .success_tag = 0xd6,
+ .base_api_ver = MESSAGING_VERSION_6,
+ .fw_api_ver = MESSAGING_VERSION_7,
+ .se_name = "hsm1",
+ .mbox_tx_name = "tx",
+ .mbox_rx_name = "rx",
+ .reserved_dma_ranges = true,
+ .imem_mgmt = true,
+ .soc_register = true,
+ },
+ },
+};
+
+static const struct of_device_id se_match[] = {
+ { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
+ { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
+ {},
+};
+
+static struct imx_se_node_info
+ *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
+ const u32 idx)
+{
+ if (idx < 0 || idx > info_list->num_mu)
+ return NULL;
+
+ return &info_list->info[idx];
+}
+
+void *get_phy_buf_mem_pool(struct device *dev,
+ u8 *mem_pool_name,
+ dma_addr_t *buf,
+ u32 size)
+{
+ struct device_node *of_node = dev->of_node;
+ struct gen_pool *mem_pool;
+
+ mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
+ if (!mem_pool) {
+ dev_err(dev,
+ "Unable to get sram pool = %s\n",
+ mem_pool_name);
+ return 0;
+ }
+
+ return gen_pool_dma_alloc(mem_pool, size, buf);
+}
+
+void free_phybuf_mem_pool(struct device *dev,
+ u8 *mem_pool_name,
+ u32 *buf,
+ u32 size)
+{
+ struct device_node *of_node = dev->of_node;
+ struct gen_pool *mem_pool;
+
+ mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
+ if (!mem_pool)
+ dev_err(dev,
+ "%s: Failed: Unable to get sram pool.\n",
+ __func__);
+
+ gen_pool_free(mem_pool, (u64)buf, size);
+}
+
+static int imx_fetch_soc_info(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ struct imx_se_node_info_list *info_list;
+ const struct imx_se_node_info *info;
+ struct soc_device_attribute *attr;
+ struct soc_device *sdev;
+ struct soc_info s_info;
+ int err = 0;
+
+ info = priv->info;
+ info_list = (struct imx_se_node_info_list *)
+ device_get_match_data(dev->parent);
+ if (info_list->soc_rev)
+ return err;
+
+ err = ele_get_info(dev, &s_info);
+ if (err)
+ s_info.major_ver = DEFAULT_IMX_SOC_VER;
+
+ info_list->soc_rev = s_info.soc_rev;
+
+ if (!info->soc_register)
+ return 0;
+
+ attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
+ if (!attr)
+ return -ENOMEM;
+
+ if (s_info.minor_ver)
+ attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
+ s_info.major_ver,
+ s_info.minor_ver);
+ else
+ attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
+ s_info.major_ver);
+
+ switch (s_info.soc_id) {
+ case SOC_ID_OF_IMX8ULP:
+ attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
+ "i.MX8ULP");
+ break;
+ case SOC_ID_OF_IMX93:
+ attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
+ "i.MX93");
+ break;
+ }
+
+ err = of_property_read_string(of_root, "model",
+ &attr->machine);
+ if (err) {
+ devm_kfree(dev, attr);
+ return -EINVAL;
+ }
+ attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
+
+ attr->serial_number
+ = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
+
+ sdev = soc_device_register(attr);
+ if (IS_ERR(sdev)) {
+ devm_kfree(dev, attr->soc_id);
+ devm_kfree(dev, attr->serial_number);
+ devm_kfree(dev, attr->revision);
+ devm_kfree(dev, attr->family);
+ devm_kfree(dev, attr->machine);
+ devm_kfree(dev, attr);
+ return PTR_ERR(sdev);
+ }
+
+ return 0;
+}
+
+/*
+ * File operations for user-space
+ */
+
+/* Write a message to the MU. */
+static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
+ size_t size, loff_t *ppos)
+{
+ struct se_api_msg *tx_msg __free(kfree);
+ struct se_if_device_ctx *dev_ctx;
+ struct se_if_priv *priv;
+ int err;
+
+ dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ priv = dev_ctx->priv;
+ dev_dbg(priv->dev,
+ "%s: write from buf (%p)%zu, ppos=%lld\n",
+ dev_ctx->miscdev.name,
+ buf, size, ((ppos) ? *ppos : 0));
+
+ if (down_interruptible(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ if (dev_ctx->status != MU_OPENED) {
+ err = -EINVAL;
+ goto exit;
+ }
+
+ if (size < SE_MU_HDR_SZ) {
+ dev_err(priv->dev,
+ "%s: User buffer too small(%zu < %d)\n",
+ dev_ctx->miscdev.name,
+ size, SE_MU_HDR_SZ);
+ err = -ENOSPC;
+ goto exit;
+ }
+
+ tx_msg = memdup_user((void __user *)ppos, size);
+ if (!tx_msg) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ /* Copy data to buffer */
+ if (copy_from_user(tx_msg, buf, size)) {
+ err = -EFAULT;
+ dev_err(priv->dev,
+ "%s: Fail copy message from user\n",
+ dev_ctx->miscdev.name);
+ goto exit;
+ }
+
+ print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
+ tx_msg, size, false);
+
+ err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return err;
+}
+
+/*
+ * Read a message from the MU.
+ * Blocking until a message is available.
+ */
+static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
+ size_t size, loff_t *ppos)
+{
+ struct se_if_device_ctx *dev_ctx;
+ struct se_buf_desc *b_desc;
+ struct se_if_priv *priv;
+ u32 size_to_copy;
+ int err;
+
+ dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ priv = dev_ctx->priv;
+ dev_dbg(priv->dev,
+ "%s: read to buf %p(%zu), ppos=%lld\n",
+ dev_ctx->miscdev.name,
+ buf, size, ((ppos) ? *ppos : 0));
+
+ if (down_interruptible(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ if (dev_ctx->status != MU_OPENED) {
+ err = -EINVAL;
+ goto exit;
+ }
+
+ err = imx_ele_miscdev_msg_rcv(dev_ctx);
+ if (err)
+ goto exit;
+
+ /* Buffer containing the message from FW, is
+ * allocated in callback function.
+ * Check if buffer allocation failed.
+ */
+ if (!dev_ctx->temp_resp) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ dev_dbg(priv->dev,
+ "%s: %s %s\n",
+ dev_ctx->miscdev.name,
+ __func__,
+ "message received, start transmit to user");
+
+ /*
+ * Check that the size passed as argument is larger than
+ * the one carried in the message.
+ */
+ size_to_copy = dev_ctx->temp_resp_size << 2;
+ if (size_to_copy > size) {
+ dev_dbg(priv->dev,
+ "%s: User buffer too small (%zu < %d)\n",
+ dev_ctx->miscdev.name,
+ size, size_to_copy);
+ size_to_copy = size;
+ }
+
+ /*
+ * We may need to copy the output data to user before
+ * delivering the completion message.
+ */
+ while (!list_empty(&dev_ctx->pending_out)) {
+ b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
+ struct se_buf_desc,
+ link);
+ if (!b_desc)
+ continue;
+
+ if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
+
+ dev_dbg(priv->dev,
+ "%s: Copy output data to user\n",
+ dev_ctx->miscdev.name);
+ if (copy_to_user(b_desc->usr_buf_ptr,
+ b_desc->shared_buf_ptr,
+ b_desc->size)) {
+ dev_err(priv->dev,
+ "%s: Failure copying output data to user.",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+ }
+
+ if (b_desc->shared_buf_ptr)
+ memset(b_desc->shared_buf_ptr, 0, b_desc->size);
+
+ __list_del_entry(&b_desc->link);
+ kfree(b_desc);
+ }
+
+ /* Copy data from the buffer */
+ print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
+ dev_ctx->temp_resp, size_to_copy, false);
+ if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
+ dev_err(priv->dev,
+ "%s: Failed to copy to user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ err = size_to_copy;
+ kfree(dev_ctx->temp_resp);
+
+ /* free memory allocated on the shared buffers. */
+ dev_ctx->secure_mem.pos = 0;
+ dev_ctx->non_secure_mem.pos = 0;
+
+ dev_ctx->pending_hdr = 0;
+
+exit:
+ /*
+ * Clean the used Shared Memory space,
+ * whether its Input Data copied from user buffers, or
+ * Data received from FW.
+ */
+ while (!list_empty(&dev_ctx->pending_in) ||
+ !list_empty(&dev_ctx->pending_out)) {
+ if (!list_empty(&dev_ctx->pending_in))
+ b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
+ struct se_buf_desc,
+ link);
+ else
+ b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
+ struct se_buf_desc,
+ link);
+
+ if (!b_desc)
+ continue;
+
+ if (b_desc->shared_buf_ptr)
+ memset(b_desc->shared_buf_ptr, 0, b_desc->size);
+
+ __list_del_entry(&b_desc->link);
+ kfree(b_desc);
+ }
+
+ up(&dev_ctx->fops_lock);
+ return err;
+}
+
+/* Give access to EdgeLock Enclave, to the memory we want to share */
+static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
+ u64 addr, u32 len)
+{
+ /* Assuming EdgeLock Enclave has access to all the memory regions */
+ int ret = 0;
+
+ if (ret) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Fail find memreg\n", dev_ctx->miscdev.name);
+ goto exit;
+ }
+
+ if (ret) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Fail set permission for resource\n",
+ dev_ctx->miscdev.name);
+ goto exit;
+ }
+
+exit:
+ return ret;
+}
+
+static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
+ struct imx_se_node_info *if_node_info;
+ struct se_ioctl_get_if_info info;
+ int err = 0;
+
+ if_node_info = (struct imx_se_node_info *)priv->info;
+
+ info.se_if_id = if_node_info->se_if_id;
+ info.interrupt_idx = 0;
+ info.tz = 0;
+ info.did = if_node_info->se_if_did;
+ info.cmd_tag = if_node_info->cmd_tag;
+ info.rsp_tag = if_node_info->rsp_tag;
+ info.success_tag = if_node_info->success_tag;
+ info.base_api_ver = if_node_info->base_api_ver;
+ info.fw_api_ver = if_node_info->fw_api_ver;
+
+ dev_dbg(priv->dev,
+ "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
+ dev_ctx->miscdev.name,
+ info.se_if_id, info.interrupt_idx, info.tz, info.did);
+
+ if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy mu info to user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+exit:
+ return err;
+}
+
+/*
+ * Copy a buffer of data to/from the user and return the address to use in
+ * messages
+ */
+static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ struct se_ioctl_setup_iobuf io = {0};
+ struct se_shared_mem *shared_mem;
+ struct se_buf_desc *b_desc;
+ int err = 0;
+ u32 pos;
+
+ if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed copy iobuf config from user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ dev_dbg(dev_ctx->priv->dev,
+ "%s: io [buf: %p(%d) flag: %x]\n",
+ dev_ctx->miscdev.name,
+ io.user_buf, io.length, io.flags);
+
+ if (io.length == 0 || !io.user_buf) {
+ /*
+ * Accept NULL pointers since some buffers are optional
+ * in FW commands. In this case we should return 0 as
+ * pointer to be embedded into the message.
+ * Skip all data copy part of code below.
+ */
+ io.ele_addr = 0;
+ goto copy;
+ }
+
+ /* Select the shared memory to be used for this buffer. */
+ if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
+ /* App requires to use secure memory for this buffer.*/
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed allocate SEC MEM memory\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ } else {
+ /* No specific requirement for this buffer. */
+ shared_mem = &dev_ctx->non_secure_mem;
+ }
+
+ /* Check there is enough space in the shared memory. */
+ if (shared_mem->size < shared_mem->pos
+ || io.length >= shared_mem->size - shared_mem->pos) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Not enough space in shared memory\n",
+ dev_ctx->miscdev.name);
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ /* Allocate space in shared memory. 8 bytes aligned. */
+ pos = shared_mem->pos;
+ shared_mem->pos += round_up(io.length, 8u);
+ io.ele_addr = (u64)shared_mem->dma_addr + pos;
+
+ if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
+ !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
+ /*Add base address to get full address.*/
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed allocate SEC MEM memory\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ memset(shared_mem->ptr + pos, 0, io.length);
+ if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
+ (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
+ /*
+ * buffer is input:
+ * copy data from user space to this allocated buffer.
+ */
+ if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
+ io.length)) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed copy data to shared memory\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+ }
+
+ b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
+ if (!b_desc) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+copy:
+ /* Provide the EdgeLock Enclave address to user space only if success.*/
+ if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy iobuff setup to user\n",
+ dev_ctx->miscdev.name);
+ kfree(b_desc);
+ err = -EFAULT;
+ goto exit;
+ }
+
+ if (b_desc) {
+ b_desc->shared_buf_ptr = shared_mem->ptr + pos;
+ b_desc->usr_buf_ptr = io.user_buf;
+ b_desc->size = io.length;
+
+ if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
+ /*
+ * buffer is input:
+ * add an entry in the "pending input buffers" list so
+ * that copied data can be cleaned from shared memory
+ * later.
+ */
+ list_add_tail(&b_desc->link, &dev_ctx->pending_in);
+ } else {
+ /*
+ * buffer is output:
+ * add an entry in the "pending out buffers" list so data
+ * can be copied to user space when receiving Secure-Enclave
+ * response.
+ */
+ list_add_tail(&b_desc->link, &dev_ctx->pending_out);
+ }
+ }
+
+exit:
+ return err;
+}
+
+/* IOCTL to provide SoC information */
+static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
+ u64 arg)
+{
+ struct imx_se_node_info_list *info_list;
+ struct se_ioctl_get_soc_info soc_info;
+ int err = -EINVAL;
+
+ info_list = (struct imx_se_node_info_list *)
+ device_get_match_data(dev_ctx->priv->dev->parent);
+ if (!info_list)
+ goto exit;
+
+ soc_info.soc_id = info_list->soc_id;
+ soc_info.soc_rev = info_list->soc_rev;
+
+ err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
+ if (err) {
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to copy soc info to user\n",
+ dev_ctx->miscdev.name);
+ err = -EFAULT;
+ goto exit;
+ }
+
+exit:
+ return err;
+}
+
+/* Open a character device. */
+static int se_if_fops_open(struct inode *nd, struct file *fp)
+{
+ struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ int err;
+
+ /* Avoid race if opened at the same time */
+ if (down_trylock(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ /* Authorize only 1 instance. */
+ if (dev_ctx->status != MU_FREE) {
+ err = -EBUSY;
+ goto exit;
+ }
+
+ /*
+ * Allocate some memory for data exchanges with S40x.
+ * This will be used for data not requiring secure memory.
+ */
+ dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
+ MAX_DATA_SIZE_PER_USER,
+ &dev_ctx->non_secure_mem.dma_addr,
+ GFP_KERNEL);
+ if (!dev_ctx->non_secure_mem.ptr) {
+ err = -ENOMEM;
+ goto exit;
+ }
+
+ err = se_if_setup_se_mem_access(dev_ctx,
+ dev_ctx->non_secure_mem.dma_addr,
+ MAX_DATA_SIZE_PER_USER);
+ if (err) {
+ err = -EPERM;
+ dev_err(dev_ctx->priv->dev,
+ "%s: Failed to share access to shared memory\n",
+ dev_ctx->miscdev.name);
+ goto free_coherent;
+ }
+
+ dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
+ dev_ctx->non_secure_mem.pos = 0;
+ dev_ctx->status = MU_OPENED;
+
+ dev_ctx->pending_hdr = 0;
+
+ goto exit;
+
+free_coherent:
+ dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
+ dev_ctx->non_secure_mem.ptr,
+ dev_ctx->non_secure_mem.dma_addr);
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return err;
+}
+
+/* Close a character device. */
+static int se_if_fops_close(struct inode *nd, struct file *fp)
+{
+ struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ struct se_if_priv *priv = dev_ctx->priv;
+ struct se_buf_desc *b_desc;
+
+ /* Avoid race if closed at the same time */
+ if (down_trylock(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ /* The device context has not been opened */
+ if (dev_ctx->status != MU_OPENED)
+ goto exit;
+
+ /* check if this device was registered as command receiver. */
+ if (priv->cmd_receiver_dev == dev_ctx)
+ priv->cmd_receiver_dev = NULL;
+
+ /* check if this device was registered as waiting response. */
+ if (priv->waiting_rsp_dev == dev_ctx) {
+ priv->waiting_rsp_dev = NULL;
+ mutex_unlock(&priv->se_if_cmd_lock);
+ }
+
+ /* Unmap secure memory shared buffer. */
+ if (dev_ctx->secure_mem.ptr)
+ devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
+
+ dev_ctx->secure_mem.ptr = NULL;
+ dev_ctx->secure_mem.dma_addr = 0;
+ dev_ctx->secure_mem.size = 0;
+ dev_ctx->secure_mem.pos = 0;
+
+ /* Free non-secure shared buffer. */
+ dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
+ dev_ctx->non_secure_mem.ptr,
+ dev_ctx->non_secure_mem.dma_addr);
+
+ dev_ctx->non_secure_mem.ptr = NULL;
+ dev_ctx->non_secure_mem.dma_addr = 0;
+ dev_ctx->non_secure_mem.size = 0;
+ dev_ctx->non_secure_mem.pos = 0;
+
+ while (!list_empty(&dev_ctx->pending_in) ||
+ !list_empty(&dev_ctx->pending_out)) {
+ if (!list_empty(&dev_ctx->pending_in))
+ b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
+ struct se_buf_desc,
+ link);
+ else
+ b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
+ struct se_buf_desc,
+ link);
+
+ if (!b_desc)
+ continue;
+
+ if (b_desc->shared_buf_ptr)
+ memset(b_desc->shared_buf_ptr, 0, b_desc->size);
+
+ __list_del_entry(&b_desc->link);
+ devm_kfree(dev_ctx->dev, b_desc);
+ }
+
+ dev_ctx->status = MU_FREE;
+
+exit:
+ up(&dev_ctx->fops_lock);
+ return 0;
+}
+
+/* IOCTL entry point of a character device */
+static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
+//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
+{
+ struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
+ struct se_if_device_ctx,
+ miscdev);
+ struct se_if_priv *se_if_priv = dev_ctx->priv;
+ int err = -EINVAL;
+
+ /* Prevent race during change of device context */
+ if (down_interruptible(&dev_ctx->fops_lock))
+ return -EBUSY;
+
+ switch (cmd) {
+ case SE_IOCTL_ENABLE_CMD_RCV:
+ if (!se_if_priv->cmd_receiver_dev) {
+ se_if_priv->cmd_receiver_dev = dev_ctx;
+ err = 0;
+ }
+ break;
+ case SE_IOCTL_GET_MU_INFO:
+ err = se_ioctl_get_mu_info(dev_ctx, arg);
+ break;
+ case SE_IOCTL_SETUP_IOBUF:
+ err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
+ break;
+ case SE_IOCTL_GET_SOC_INFO:
+ err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
+ break;
+
+ default:
+ err = -EINVAL;
+ dev_dbg(se_if_priv->dev,
+ "%s: IOCTL %.8x not supported\n",
+ dev_ctx->miscdev.name,
+ cmd);
+ }
+
+ up(&dev_ctx->fops_lock);
+ return (long)err;
+}
+
+/* Char driver setup */
+static const struct file_operations se_if_fops = {
+ .open = se_if_fops_open,
+ .owner = THIS_MODULE,
+ .release = se_if_fops_close,
+ .unlocked_ioctl = se_ioctl,
+ .read = se_if_fops_read,
+ .write = se_if_fops_write,
+};
+
+/* interface for managed res to free a mailbox channel */
+static void if_mbox_free_channel(void *mbox_chan)
+{
+ mbox_free_channel(mbox_chan);
+}
+
+/* interface for managed res to unregister a character device */
+static void if_misc_deregister(void *miscdevice)
+{
+ misc_deregister(miscdevice);
+}
+
+static int se_if_request_channel(struct device *dev,
+ struct mbox_chan **chan,
+ struct mbox_client *cl,
+ const u8 *name)
+{
+ struct mbox_chan *t_chan;
+ int ret = 0;
+
+ t_chan = mbox_request_channel_byname(cl, name);
+ if (IS_ERR(t_chan)) {
+ ret = PTR_ERR(t_chan);
+ if (ret != -EPROBE_DEFER)
+ dev_err(dev,
+ "Failed to request chan %s ret %d\n", name,
+ ret);
+ goto exit;
+ }
+
+ ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
+ if (ret) {
+ dev_err(dev, "failed to add devm removal of mbox %s\n", name);
+ goto exit;
+ }
+
+ *chan = t_chan;
+
+exit:
+ return ret;
+}
+
+static int se_probe_if_cleanup(struct platform_device *pdev)
+{
+ struct device *dev = &pdev->dev;
+ struct se_if_priv *priv;
+ int ret = 0;
+ int i;
+
+ priv = dev_get_drvdata(dev);
+ if (!priv) {
+ ret = 0;
+ dev_dbg(dev, "SE-MU Priv data is NULL;");
+ return ret;
+ }
+
+ if (priv->tx_chan)
+ mbox_free_channel(priv->tx_chan);
+ if (priv->rx_chan)
+ mbox_free_channel(priv->rx_chan);
+
+ /* free the buffer in se remove, previously allocated
+ * in se probe to store encrypted IMEM
+ */
+ if (priv->imem.buf) {
+ dmam_free_coherent(dev,
+ ELE_IMEM_SIZE,
+ priv->imem.buf,
+ priv->imem.phyaddr);
+ priv->imem.buf = NULL;
+ }
+
+ if (priv->ctxs) {
+ for (i = 0; i < priv->max_dev_ctx; i++) {
+ if (priv->ctxs[i]) {
+ devm_remove_action(dev,
+ if_misc_deregister,
+ &priv->ctxs[i]->miscdev);
+ misc_deregister(&priv->ctxs[i]->miscdev);
+ devm_kfree(dev, priv->ctxs[i]);
+ }
+ }
+ devm_kfree(dev, priv->ctxs);
+ }
+
+ if (priv->flags & RESERVED_DMA_POOL) {
+ of_reserved_mem_device_release(dev);
+ priv->flags &= (~RESERVED_DMA_POOL);
+ }
+
+ devm_kfree(dev, priv);
+ of_node_put(dev->of_node);
+ of_platform_device_destroy(dev, NULL);
+
+ return ret;
+}
+
+static int se_probe_cleanup(struct platform_device *pdev)
+{
+ struct device *dev = &pdev->dev;
+ struct device_node *if_dn;
+
+ /* Enumerate se-interface device nodes. */
+ for_each_child_of_node(dev->of_node, if_dn) {
+ struct platform_device *if_pdev
+ = of_find_device_by_node(if_dn);
+ if (se_probe_if_cleanup(if_pdev))
+ dev_err(dev,
+ "Failed to clean-up child node probe.\n");
+ }
+
+ return 0;
+}
+
+static int init_device_context(struct device *dev)
+{
+ const struct imx_se_node_info *info;
+ struct se_if_device_ctx *dev_ctx;
+ struct se_if_priv *priv;
+ u8 *devname;
+ int ret = 0;
+ int i;
+
+ priv = dev_get_drvdata(dev);
+
+ if (!priv) {
+ ret = -EINVAL;
+ dev_err(dev, "Invalid SE-MU Priv data");
+ return ret;
+ }
+ info = priv->info;
+
+ priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
+ GFP_KERNEL);
+
+ if (!priv->ctxs) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ /* Create users */
+ for (i = 0; i < priv->max_dev_ctx; i++) {
+ dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
+ if (!dev_ctx) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ dev_ctx->dev = dev;
+ dev_ctx->status = MU_FREE;
+ dev_ctx->priv = priv;
+
+ priv->ctxs[i] = dev_ctx;
+
+ /* Default value invalid for an header. */
+ init_waitqueue_head(&dev_ctx->wq);
+
+ INIT_LIST_HEAD(&dev_ctx->pending_out);
+ INIT_LIST_HEAD(&dev_ctx->pending_in);
+ sema_init(&dev_ctx->fops_lock, 1);
+
+ devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
+ info->se_name, i);
+ if (!devname) {
+ ret = -ENOMEM;
+ return ret;
+ }
+
+ dev_ctx->miscdev.name = devname;
+ dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
+ dev_ctx->miscdev.fops = &se_if_fops;
+ dev_ctx->miscdev.parent = dev;
+ ret = misc_register(&dev_ctx->miscdev);
+ if (ret) {
+ dev_err(dev, "failed to register misc device %d\n",
+ ret);
+ return ret;
+ }
+
+ ret = devm_add_action(dev, if_misc_deregister,
+ &dev_ctx->miscdev);
+ if (ret) {
+ dev_err(dev,
+ "failed[%d] to add action to the misc-dev\n",
+ ret);
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
+static void se_load_firmware(const struct firmware *fw, void *context)
+{
+ struct se_if_priv *priv = (struct se_if_priv *) context;
+ const struct imx_se_node_info *info = priv->info;
+ const u8 *se_fw_name = info->fw_name_in_rfs;
+ phys_addr_t se_fw_phyaddr;
+ u8 *se_fw_buf;
+
+ if (!fw) {
+ if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
+ dev_dbg(priv->dev,
+ "External FW not found, using ROM FW.\n");
+ else {
+ /*add a bit delay to wait for firmware priv released */
+ msleep(20);
+
+ /* Load firmware one more time if timeout */
+ request_firmware_nowait(THIS_MODULE,
+ FW_ACTION_UEVENT, info->fw_name_in_rfs,
+ priv->dev, GFP_KERNEL, priv,
+ se_load_firmware);
+ priv->fw_fail++;
+ dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
+ priv->fw_fail);
+ }
+
+ return;
+ }
+
+ /* allocate buffer to store the SE FW */
+ se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
+ &se_fw_phyaddr,
+ GFP_KERNEL);
+ if (!se_fw_buf) {
+ dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
+ goto exit;
+ }
+
+ memcpy(se_fw_buf, fw->data, fw->size);
+
+ if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
+ dev_err(priv->dev,
+ "Failed to authenticate & load SE firmware %s.\n",
+ se_fw_name);
+
+exit:
+ dmam_free_coherent(priv->dev,
+ fw->size,
+ se_fw_buf,
+ se_fw_phyaddr);
+
+ release_firmware(fw);
+}
+
+static int se_if_probe(struct platform_device *pdev)
+{
+ struct imx_se_node_info_list *info_list;
+ struct device *dev = &pdev->dev;
+ struct imx_se_node_info *info;
+ struct se_if_priv *priv;
+ u32 idx;
+ int ret;
+
+ if (of_property_read_u32(dev->of_node, "reg", &idx)) {
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ info_list = (struct imx_se_node_info_list *)
+ device_get_match_data(dev->parent);
+ info = get_imx_se_node_info(info_list, idx);
+
+ priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
+ if (!priv) {
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ dev_set_drvdata(dev, priv);
+
+ /* Mailbox client configuration */
+ priv->se_mb_cl.dev = dev;
+ priv->se_mb_cl.tx_block = false;
+ priv->se_mb_cl.knows_txdone = true;
+ priv->se_mb_cl.rx_callback = se_if_rx_callback;
+
+ ret = se_if_request_channel(dev, &priv->tx_chan,
+ &priv->se_mb_cl, info->mbox_tx_name);
+ if (ret) {
+ if (ret == -EPROBE_DEFER)
+ dev_err(dev, "Mailbox tx channel, is not ready.\n");
+ else
+ dev_err(dev, "Failed to request tx channel\n");
+
+ goto exit;
+ }
+
+ ret = se_if_request_channel(dev, &priv->rx_chan,
+ &priv->se_mb_cl, info->mbox_rx_name);
+ if (ret) {
+ if (ret == -EPROBE_DEFER)
+ dev_err(dev, "Mailbox rx channel, is not ready.\n");
+ else
+ dev_dbg(dev, "Failed to request rx channel\n");
+
+ goto exit;
+ }
+
+ priv->dev = dev;
+ priv->info = info;
+
+ /* Initialize the mutex. */
+ mutex_init(&priv->se_if_lock);
+ mutex_init(&priv->se_if_cmd_lock);
+
+ priv->cmd_receiver_dev = NULL;
+ priv->waiting_rsp_dev = NULL;
+ priv->max_dev_ctx = info->max_dev_ctx;
+ priv->cmd_tag = info->cmd_tag;
+ priv->rsp_tag = info->rsp_tag;
+ priv->mem_pool_name = info->pool_name;
+ priv->success_tag = info->success_tag;
+ priv->base_api_ver = info->base_api_ver;
+ priv->fw_api_ver = info->fw_api_ver;
+
+ init_completion(&priv->done);
+ spin_lock_init(&priv->lock);
+
+ if (info->reserved_dma_ranges) {
+ ret = of_reserved_mem_device_init(dev);
+ if (ret) {
+ dev_err(dev,
+ "failed to init reserved memory region %d\n",
+ ret);
+ priv->flags &= (~RESERVED_DMA_POOL);
+ goto exit;
+ }
+ priv->flags |= RESERVED_DMA_POOL;
+ }
+
+ if (info->fw_name_in_rfs) {
+ ret = request_firmware_nowait(THIS_MODULE,
+ FW_ACTION_UEVENT,
+ info->fw_name_in_rfs,
+ dev, GFP_KERNEL, priv,
+ se_load_firmware);
+ if (ret)
+ dev_warn(dev, "Failed to get firmware [%s].\n",
+ info->fw_name_in_rfs);
+ }
+
+ ret = imx_fetch_soc_info(dev);
+ if (ret) {
+ dev_err(dev,
+ "failed[%d] to fetch SoC Info\n", ret);
+ goto exit;
+ }
+
+ if (info->imem_mgmt) {
+ /* allocate buffer where SE store encrypted IMEM */
+ priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
+ &priv->imem.phyaddr,
+ GFP_KERNEL);
+ if (!priv->imem.buf) {
+ dev_err(dev,
+ "dmam-alloc-failed: To store encr-IMEM.\n");
+ ret = -ENOMEM;
+ goto exit;
+ }
+ }
+
+ if (info->max_dev_ctx) {
+ ret = init_device_context(dev);
+ if (ret) {
+ dev_err(dev,
+ "Failed[0x%x] to create device contexts.\n",
+ ret);
+ goto exit;
+ }
+ }
+
+ dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
+ info->se_name);
+ return devm_of_platform_populate(dev);
+
+exit:
+ /* if execution control reaches here, if probe fails.
+ * hence doing the cleanup
+ */
+ if (se_probe_if_cleanup(pdev))
+ dev_err(dev,
+ "Failed to clean-up the child node probe.\n");
+
+ return ret;
+}
+
+static int se_probe(struct platform_device *pdev)
+{
+ struct device_node *enum_dev_node;
+ struct device *dev = &pdev->dev;
+ int enum_count;
+ int ret;
+
+ enum_count = of_get_child_count(dev->of_node);
+ if (!enum_count) {
+ ret = -EINVAL;
+ dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
+ return ret;
+ }
+
+ for_each_child_of_node(dev->of_node, enum_dev_node) {
+ struct platform_device *enum_plat_dev __maybe_unused;
+
+ if (!of_device_is_available(enum_dev_node))
+ continue;
+
+ enum_plat_dev = of_platform_device_create(enum_dev_node,
+ NULL,
+ dev);
+ if (!enum_plat_dev) {
+ ret = -EINVAL;
+ of_node_put(enum_dev_node);
+ dev_err(dev,
+ "Failed to create enumerated platform device.");
+ break;
+ }
+
+ ret = se_if_probe(enum_plat_dev);
+ }
+ return ret;
+}
+
+static int se_remove(struct platform_device *pdev)
+{
+ if (se_probe_cleanup(pdev))
+ dev_err(&pdev->dev,
+ "i.MX Secure Enclave is not cleanly un-probed.");
+
+ return 0;
+}
+
+static int se_suspend(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ const struct imx_se_node_info *info
+ = priv->info;
+
+ if (info && info->imem_mgmt)
+ priv->imem.size = se_save_imem_state(dev);
+
+ return 0;
+}
+
+static int se_resume(struct device *dev)
+{
+ struct se_if_priv *priv = dev_get_drvdata(dev);
+ const struct imx_se_node_info *info
+ = priv->info;
+ int i;
+
+ for (i = 0; i < priv->max_dev_ctx; i++)
+ wake_up_interruptible(&priv->ctxs[i]->wq);
+
+ if (info && info->imem_mgmt)
+ se_restore_imem_state(dev);
+
+ return 0;
+}
+
+static const struct dev_pm_ops se_pm = {
+ RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
+};
+
+static struct platform_driver se_driver = {
+ .driver = {
+ .name = "fsl-se-fw",
+ .of_match_table = se_match,
+ .pm = &se_pm,
+ },
+ .probe = se_probe,
+ .remove = se_remove,
+};
+MODULE_DEVICE_TABLE(of, se_match);
+
+module_platform_driver(se_driver);
+
+MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
+MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
+MODULE_LICENSE("GPL");
diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
new file mode 100644
index 000000000000..76e1ce77c52f
--- /dev/null
+++ b/drivers/firmware/imx/se_ctrl.h
@@ -0,0 +1,151 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ */
+
+#ifndef SE_MU_H
+#define SE_MU_H
+
+#include <linux/miscdevice.h>
+#include <linux/semaphore.h>
+#include <linux/mailbox_client.h>
+
+#define MAX_FW_LOAD_RETRIES 50
+
+#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
+#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
+#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
+#define MSG_VER(x) ((x) & 0x000000ff)
+#define RES_STATUS(x) ((x) & 0x000000ff)
+#define MAX_DATA_SIZE_PER_USER (65 * 1024)
+#define S4_DEFAULT_MUAP_INDEX (2)
+#define S4_MUAP_DEFAULT_MAX_USERS (4)
+#define MESSAGING_VERSION_6 0x6
+#define MESSAGING_VERSION_7 0x7
+
+#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
+#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
+
+#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
+#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
+
+struct se_imem_buf {
+ u8 *buf;
+ phys_addr_t phyaddr;
+ u32 size;
+};
+
+struct se_buf_desc {
+ u8 *shared_buf_ptr;
+ u8 *usr_buf_ptr;
+ u32 size;
+ struct list_head link;
+};
+
+/* Status of a char device */
+enum se_if_dev_ctx_status_t {
+ MU_FREE,
+ MU_OPENED
+};
+
+struct se_shared_mem {
+ dma_addr_t dma_addr;
+ u32 size;
+ u32 pos;
+ u8 *ptr;
+};
+
+/* Private struct for each char device instance. */
+struct se_if_device_ctx {
+ struct device *dev;
+ struct se_if_priv *priv;
+ struct miscdevice miscdev;
+
+ enum se_if_dev_ctx_status_t status;
+ wait_queue_head_t wq;
+ struct semaphore fops_lock;
+
+ u32 pending_hdr;
+ struct list_head pending_in;
+ struct list_head pending_out;
+
+ struct se_shared_mem secure_mem;
+ struct se_shared_mem non_secure_mem;
+
+ u32 *temp_resp;
+ u32 temp_resp_size;
+ struct notifier_block se_notify;
+};
+
+/* Header of the messages exchange with the EdgeLock Enclave */
+struct se_msg_hdr {
+ u8 ver;
+ u8 size;
+ u8 command;
+ u8 tag;
+} __packed;
+
+#define SE_MU_HDR_SZ 4
+#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
+#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
+#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
+#define VER_OFFSET (SE_MU_HDR_SZ - 4)
+
+struct se_api_msg {
+ u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
+ u32 *data;
+};
+
+struct se_if_priv {
+ struct se_if_device_ctx *cmd_receiver_dev;
+ struct se_if_device_ctx *waiting_rsp_dev;
+ bool no_dev_ctx_used;
+ /*
+ * prevent parallel access to the se interface registers
+ * e.g. a user trying to send a command while the other one is
+ * sending a response.
+ */
+ struct mutex se_if_lock;
+ /*
+ * prevent a command to be sent on the se interface while another one is
+ * still processing. (response to a command is allowed)
+ */
+ struct mutex se_if_cmd_lock;
+ struct device *dev;
+ u8 *mem_pool_name;
+ u8 cmd_tag;
+ u8 rsp_tag;
+ u8 success_tag;
+ u8 base_api_ver;
+ u8 fw_api_ver;
+ u32 fw_fail;
+ const void *info;
+
+ struct mbox_client se_mb_cl;
+ struct mbox_chan *tx_chan, *rx_chan;
+ struct se_api_msg *rx_msg;
+ struct completion done;
+ spinlock_t lock;
+ /*
+ * Flag to retain the state of initialization done at
+ * the time of se-mu probe.
+ */
+ uint32_t flags;
+ u8 max_dev_ctx;
+ struct se_if_device_ctx **ctxs;
+ struct se_imem_buf imem;
+};
+
+void *get_phy_buf_mem_pool(struct device *dev,
+ u8 *mem_pool_name,
+ dma_addr_t *buf,
+ u32 size);
+phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
+ u8 *mem_pool_name,
+ u32 **buf,
+ u32 size);
+void free_phybuf_mem_pool(struct device *dev,
+ u8 *mem_pool_name,
+ u32 *buf,
+ u32 size);
+#endif
diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h
new file mode 100644
index 000000000000..c47f84906837
--- /dev/null
+++ b/include/linux/firmware/imx/se_api.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright 2024 NXP
+ */
+
+#ifndef __SE_API_H__
+#define __SE_API_H__
+
+#include <linux/types.h>
+
+#define SOC_ID_OF_IMX8ULP 0x084D
+#define SOC_ID_OF_IMX93 0x9300
+
+#endif /* __SE_API_H__ */
diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
new file mode 100644
index 000000000000..f68a36e9da2c
--- /dev/null
+++ b/include/uapi/linux/se_ioctl.h
@@ -0,0 +1,88 @@
+/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause*/
+/*
+ * Copyright 2024 NXP
+ */
+
+#ifndef SE_IOCTL_H
+#define SE_IOCTL_H
+
+/* IOCTL definitions. */
+
+struct se_ioctl_setup_iobuf {
+ u8 *user_buf;
+ u32 length;
+ u32 flags;
+ u64 ele_addr;
+};
+
+struct se_ioctl_shared_mem_cfg {
+ u32 base_offset;
+ u32 size;
+};
+
+struct se_ioctl_get_if_info {
+ u8 se_if_id;
+ u8 interrupt_idx;
+ u8 tz;
+ u8 did;
+ u8 cmd_tag;
+ u8 rsp_tag;
+ u8 success_tag;
+ u8 base_api_ver;
+ u8 fw_api_ver;
+};
+
+struct se_ioctl_signed_message {
+ u8 *message;
+ u32 msg_size;
+ u32 error_code;
+};
+
+struct se_ioctl_get_soc_info {
+ u16 soc_id;
+ u16 soc_rev;
+};
+
+/* IO Buffer Flags */
+#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
+#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
+#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
+#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
+#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
+
+/* IOCTLS */
+#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
+
+/*
+ * ioctl to designated the current fd as logical-reciever.
+ * This is ioctl is send when the nvm-daemon, a slave to the
+ * firmware is started by the user.
+ */
+#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
+
+/*
+ * ioctl to get the buffer allocated from the memory, which is shared
+ * between kernel and FW.
+ * Post allocation, the kernel tagged the allocated memory with:
+ * Output
+ * Input
+ * Input-Output
+ * Short address
+ * Secure-memory
+ */
+#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
+ struct se_ioctl_setup_iobuf)
+
+/*
+ * ioctl to get the mu information, that is used to exchange message
+ * with FW, from user-spaced.
+ */
+#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
+ struct se_ioctl_get_if_info)
+/*
+ * ioctl to get SoC Info from user-space.
+ */
+#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
+ struct se_ioctl_get_soc_info)
+
+#endif

--
2.34.1


2024-05-10 14:22:59

by Rob Herring (Arm)

[permalink] [raw]
Subject: Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc


On Fri, 10 May 2024 18:57:28 +0530, Pankaj Gupta wrote:
> The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> creates an embedded secure enclave within the SoC boundary to enable
> features like:
> - HSM
> - SHE
> - V2X
>
> Secure-Enclave(s) communication interface are typically via message
> unit, i.e., based on mailbox linux kernel driver. This driver enables
> communication ensuring well defined message sequence protocol between
> Application Core and enclave's firmware.
>
> Driver configures multiple misc-device on the MU, for multiple
> user-space applications, to be able to communicate over single MU.
>
> It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> .../devicetree/bindings/firmware/fsl,imx-se.yaml | 186 +++++++++++++++++++++
> 1 file changed, 186 insertions(+)
>

My bot found errors running 'make dt_binding_check' on your patch:

yamllint warnings/errors:

dtschema/dtc warnings/errors:
Documentation/devicetree/bindings/firmware/fsl,imx-se.example.dtb: /example-2/v2x: failed to match any schema with compatible: ['fsl,imx95-v2x']

doc reference errors (make refcheckdocs):

See https://patchwork.ozlabs.org/project/devicetree-bindings/patch/[email protected]

The base for the series is generally the latest rc1. A different dependency
should be noted in *this* patch.

If you already ran 'make dt_binding_check' and didn't see the above
error(s), then make sure 'yamllint' is installed and dt-schema is up to
date:

pip3 install dtschema --upgrade

Please check and re-submit after running the above command yourself. Note
that DT_SCHEMA_FILES can be set to your schema file to speed up checking
your schema. However, it must be unset to test all examples with your schema.


2024-05-10 16:48:12

by Frank Li

[permalink] [raw]
Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

On Fri, May 10, 2024 at 06:57:30PM +0530, Pankaj Gupta wrote:
> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> are embedded in the SoC to support the features like HSM, SHE & V2X,
> using message based communication interface.
>
> The secure enclave FW communicates on a dedicated messaging unit(MU)
> based interface(s) with application core, where kernel is running.
> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
>
> This patch adds the driver for communication interface to secure-enclave,
> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
> both from:
> - User-Space Applications via character driver.
> - Kernel-space, used by kernel management layers like DM-Crypt.
>
> ABI documentation for the NXP secure-enclave driver.
>
> User-space library using this driver:
> - i.MX Secure Enclave library:
> -- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
> - i.MX Secure Middle-Ware:
> -- URL: https://github.com/nxp-imx/imx-smw.git
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> Documentation/ABI/testing/se-cdev | 42 ++
> drivers/firmware/imx/Kconfig | 12 +
> drivers/firmware/imx/Makefile | 2 +
> drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> drivers/firmware/imx/ele_base_msg.h | 70 ++
> drivers/firmware/imx/ele_common.c | 341 +++++++++
> drivers/firmware/imx/ele_common.h | 43 ++
> drivers/firmware/imx/se_ctrl.c | 1339 +++++++++++++++++++++++++++++++++++
> drivers/firmware/imx/se_ctrl.h | 151 ++++
> include/linux/firmware/imx/se_api.h | 14 +
> include/uapi/linux/se_ioctl.h | 88 +++
> 11 files changed, 2389 insertions(+)
>
> diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
> new file mode 100644
> index 000000000000..699525af6b86
> --- /dev/null
> +++ b/Documentation/ABI/testing/se-cdev
> @@ -0,0 +1,42 @@
> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> +Date: May 2024
> +KernelVersion: 6.8
> +Contact: [email protected], [email protected]
> +Description:
> + NXP offers multiple hardware IP(s) for secure-enclaves like EdgeLock-
> + Enclave(ELE), SECO. The character device file-descriptors
> + /dev/<se>_mu*_ch* are the interface between user-space NXP's secure-
> + enclave shared-library and the kernel driver.
> +
> + The ioctl(2)-based ABI is defined and documented in
> + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> + ioctl(s) are used primarily for:
> + - shared memory management
> + - allocation of I/O buffers
> + - get mu info
> + - setting a dev-ctx as receiver that is slave to fw
> + - get SoC info
> +
> + The following file operations are supported:
> +
> + open(2)
> + Currently the only useful flags are O_RDWR.
> +
> + read(2)
> + Every read() from the opened character device context is waiting on
> + wakeup_intruptible, that gets set by the registered mailbox callback
> + function; indicating a message received from the firmware on message-
> + unit.
> +
> + write(2)
> + Every write() to the opened character device context needs to acquire
> + mailbox_lock, before sending message on to the message unit.
> +
> + close(2)
> + Stops and free up the I/O contexts that was associated
> + with the file descriptor.
> +
> +Users: https://github.com/nxp-imx/imx-secure-enclave.git,
> + https://github.com/nxp-imx/imx-smw.git
> + crypto/skcipher,
> + drivers/nvmem/imx-ocotp-ele.c
> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> index 183613f82a11..56bdca9bd917 100644
> --- a/drivers/firmware/imx/Kconfig
> +++ b/drivers/firmware/imx/Kconfig
> @@ -22,3 +22,15 @@ config IMX_SCU
>
> This driver manages the IPC interface between host CPU and the
> SCU firmware running on M4.
> +
> +config IMX_SEC_ENCLAVE
> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
> + depends on IMX_MBOX && ARCH_MXC && ARM64
> + default m if ARCH_MXC
> +
> + help
> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
> + Unit. This driver exposes these interfaces via a set of file descriptors
> + allowing to configure shared memory, send and receive messages.
> diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
> index 8f9f04a513a8..aa9033e0e9e3 100644
> --- a/drivers/firmware/imx/Makefile
> +++ b/drivers/firmware/imx/Makefile
> @@ -1,3 +1,5 @@
> # SPDX-License-Identifier: GPL-2.0
> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
> new file mode 100644
> index 000000000000..0463f26d93c7
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.c
> @@ -0,0 +1,287 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/types.h>
> +#include <linux/completion.h>
> +#include <linux/dma-mapping.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + phys_addr_t get_info_addr;
> + u32 *get_info_data;
> + u32 status;
> + int ret;
> +
> + if (!priv || !s_info)
> + goto exit;
> +
> + memset(s_info, 0x0, sizeof(*s_info));
> +
> + if (priv->mem_pool_name)
> + get_info_data = get_phy_buf_mem_pool(dev,
> + priv->mem_pool_name,
> + &get_info_addr,
> + ELE_GET_INFO_BUFF_SZ);
> + else
> + get_info_data = dmam_alloc_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + &get_info_addr,
> + GFP_KERNEL);
> + if (!get_info_data) {
> + ret = -ENOMEM;
> + dev_err(dev,
> + "%s: Failed to allocate get_info_addr.\n",
> + __func__);
> + goto exit;
> + }
> +
> + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = upper_32_bits(get_info_addr);
> + tx_msg->data[1] = lower_32_bits(get_info_addr);
> + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_GET_INFO_REQ, status);
> + ret = -1;
> + }
> +
> + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> + & ELE_IMEM_STATE_MASK) >> 16;
> + s_info->major_ver = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 24;
> + s_info->minor_ver = ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16) & 0xFF;
> + s_info->soc_rev = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16;
> + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_ID_MASK;
> + s_info->serial_num
> + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] << 32
> + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> +exit:
> + if (get_info_addr) {
> + if (priv->mem_pool_name)
> + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> + get_info_data, ELE_GET_INFO_BUFF_SZ);
> + else
> + dmam_free_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + get_info_data,
> + get_info_addr);
> + }
> +
> + return ret;
> +}
> +
> +int ele_ping(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);

If you want __free(kfree) it should be

struct se_api_msg *tx_msg __free(kfree) = NULL;
struct se_api_msg *rx_msg __free(kfree) = NULL;

Or

struct se_api_msg *tx_msg __free(kfree) = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL)
struct se_api_msg *rx_msg __free(kfree) = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL)

otherwise when
if (!tx_msg) {
return ret;

^^ when go here, rx_msg is random value. So kfree(rx_msg) will
access random address.

}

> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;


return -ENOMEM

Frank

> + }
> +
> + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_PING_REQ, ELE_PING_REQ_SZ,
> + true);
> + if (ret) {
> + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> + goto exit;
> + }
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_PING_REQ,
> + ELE_PING_RSP_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_PING_REQ, status);
> + ret = -1;
> + }
> +exit:
> + return ret;
> +}
> +
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = flag;
> + tx_msg->data[1] = addr_size;
> + tx_msg->data[2] = ELE_NONE_VAL;
> + tx_msg->data[3] = lower_32_bits(addr);
> + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_SERVICE_SWAP_REQ, status);
> + ret = -1;
> + } else {
> + if (flag == ELE_IMEM_EXPORT)
> + ret = priv->rx_msg->data[1];
> + else
> + ret = 0;
> + }
> +exit:
> +
> + return ret;
> +}
> +
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_REQ_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = addr;
> + tx_msg->data[1] = 0x0;
> + tx_msg->data[2] = addr;
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_FW_AUTH_REQ, status);
> + ret = -1;
> + }
> +exit:
> +
> + return ret;
> +}
> diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h
> new file mode 100644
> index 000000000000..3b3d2bf04a84
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.h
> @@ -0,0 +1,70 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + *
> + * Header file for the EdgeLock Enclave Base API(s).
> + */
> +
> +#ifndef ELE_BASE_MSG_H
> +#define ELE_BASE_MSG_H
> +
> +#include <linux/device.h>
> +#include <linux/types.h>
> +
> +#define WORD_SZ 4
> +#define ELE_NONE_VAL 0x0
> +
> +#define ELE_SUCCESS_IND 0xD6
> +
> +#define ELE_GET_INFO_REQ 0xDA
> +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> +
> +#define ELE_GET_INFO_BUFF_SZ 0x100
> +#define ELE_GET_INFO_READ_SZ 0xA0
> +
> +#define DEFAULT_IMX_SOC_VER 0xA0
> +#define SOC_VER_MASK 0xFFFF0000
> +#define SOC_ID_MASK 0x0000FFFF
> +struct soc_info {
> + u32 imem_state;
> + u8 major_ver;
> + u8 minor_ver;
> + u16 soc_id;
> + u16 soc_rev;
> + u64 serial_num;
> +};
> +
> +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> +#define GET_INFO_UUID_WORD_OFFSET 3
> +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> + (GET_INFO_UUID_WORD_OFFSET + 3)
> +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> + (GET_INFO_UUID_WORD_OFFSET + 0)
> +
> +#define ELE_PING_REQ 0x01
> +#define ELE_PING_REQ_SZ 0x04
> +#define ELE_PING_RSP_SZ 0x08
> +
> +#define ELE_SERVICE_SWAP_REQ 0xDF
> +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> +#define ELE_IMEM_SIZE 0x10000
> +#define ELE_IMEM_STATE_OK 0xCA
> +#define ELE_IMEM_STATE_BAD 0xFE
> +#define ELE_IMEM_STATE_WORD 0x27
> +#define ELE_IMEM_STATE_MASK 0x00ff0000
> +#define ELE_IMEM_EXPORT 0x1
> +#define ELE_IMEM_IMPORT 0x2
> +
> +#define ELE_FW_AUTH_REQ 0x02
> +#define ELE_FW_AUTH_REQ_SZ 0x10
> +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info);
> +int ele_ping(struct device *dev);
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag);
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> +#endif
> diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
> new file mode 100644
> index 000000000000..dcf7f9034653
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_common.c
> @@ -0,0 +1,341 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> +{
> + u32 nb_words = msg_len / (u32)sizeof(u32);
> + u32 crc = 0;
> + u32 i;
> +
> + for (i = 0; i < nb_words - 1; i++)
> + crc ^= *(msg + i);
> +
> + return crc;
> +}
> +
> +int imx_ele_msg_rcv(struct se_if_priv *priv)
> +{
> + u32 wait;
> + int err;
> +
> + wait = msecs_to_jiffies(1000);
> + if (!wait_for_completion_timeout(&priv->done, wait)) {
> + dev_err(priv->dev,
> + "Error: wait_for_completion timed out.\n");
> + err = -ETIMEDOUT;
> + }
> +
> + mutex_unlock(&priv->se_if_cmd_lock);
> + priv->no_dev_ctx_used = false;
> +
> + return err;
> +}
> +
> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> +{
> + bool is_cmd_lock_tobe_taken = false;
> + int err;
> +
> + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> + is_cmd_lock_tobe_taken = true;
> + mutex_lock(&priv->se_if_cmd_lock);
> + }
> + scoped_guard(mutex, &priv->se_if_lock);
> +
> + err = mbox_send_message(priv->tx_chan, mssg);
> + if (err < 0) {
> + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> + if (is_cmd_lock_tobe_taken)
> + mutex_unlock(&priv->se_if_cmd_lock);
> + return err;
> + }
> + err = 0;
> +
> + return err;
> +}
> +
> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> +{
> + int err;
> +
> + priv->no_dev_ctx_used = true;
> + err = imx_ele_msg_send(priv, mssg);
> + if (err)
> + goto exit;
> +
> + err = imx_ele_msg_rcv(priv);
> +
> +exit:
> + return err;
> +}
> +
> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> +{
> + struct se_msg_hdr header = {0};
> + int err;
> +
> + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
> + if (err)
> + dev_err(dev_ctx->dev,
> + "%s: Err[0x%x]:Interrupted by signal.\n",
> + dev_ctx->miscdev.name, err);
> +
> + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> +
> + if (header.tag == dev_ctx->priv->rsp_tag)
> + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> +
> + return err;
> +}
> +
> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz)
> +{
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_msg_hdr header = {0};
> + int err;
> +
> + header = *((struct se_msg_hdr *) tx_msg);
> +
> + /*
> + * Check that the size passed as argument matches the size
> + * carried in the message.
> + */
> + err = header.size << 2;
> +
> + if (err != tx_msg_sz) {
> + err = -EINVAL;
> + dev_err(priv->dev,
> + "%s: User buffer too small\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> + /* Check the message is valid according to tags */
> + if (header.tag == priv->cmd_tag)
> + priv->waiting_rsp_dev = dev_ctx;
> + else if (header.tag == priv->rsp_tag) {
> + /* Check the device context can send the command */
> + if (dev_ctx != priv->cmd_receiver_dev) {
> + dev_err(priv->dev,
> + "%s: Channel not configured to send resp to FW.",
> + dev_ctx->miscdev.name);
> + err = -EPERM;
> + goto exit;
> + }
> + } else {
> + dev_err(priv->dev,
> + "%s: The message does not have a valid TAG\n",
> + dev_ctx->miscdev.name);
> + err = -EINVAL;
> + goto exit;
> + }
> + err = imx_ele_msg_send(priv, tx_msg);
> +exit:
> + return err;
> +}
> +
> +/*
> + * Callback called by mailbox FW, when data is received.
> + */
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> +{
> + struct device *dev = mbox_cl->dev;
> + struct se_if_device_ctx *dev_ctx;
> + struct se_api_msg *rx_msg;
> + bool is_response = false;
> + struct se_if_priv *priv;
> + struct se_msg_hdr header;
> +
> + priv = dev_get_drvdata(dev);
> + if (!priv) {
> + dev_err(dev, "SE-MU Priv data is NULL;");
> + return;
> + }
> +
> + /* The function can be called with NULL msg */
> + if (!msg) {
> + dev_err(dev, "Message is invalid\n");
> + return;
> + }
> +
> + header.tag = ((u8 *)msg)[TAG_OFFSET];
> + header.command = ((u8 *)msg)[CMD_OFFSET];
> + header.size = ((u8 *)msg)[SZ_OFFSET];
> + header.ver = ((u8 *)msg)[VER_OFFSET];
> +
> + /* Incoming command: wake up the receiver if any. */
> + if (header.tag == priv->cmd_tag) {
> + dev_dbg(dev, "Selecting cmd receiver\n");
> + dev_ctx = priv->cmd_receiver_dev;
> + } else if (header.tag == priv->rsp_tag) {
> + if (priv->waiting_rsp_dev) {
> + dev_dbg(dev, "Selecting rsp waiter\n");
> + dev_ctx = priv->waiting_rsp_dev;
> + is_response = true;
> + } else {
> + /*
> + * Reading the EdgeLock Enclave response
> + * to the command, sent by other
> + * linux kernel services.
> + */
> + spin_lock(&priv->lock);
> + memcpy(&priv->rx_msg, msg, header.size << 2);
> +
> + complete(&priv->done);
> + spin_unlock(&priv->lock);
> + return;
> + }
> + } else {
> + dev_err(dev, "Failed to select a device for message: %.8x\n",
> + *((u32 *) &header));
> + return;
> + }
> + /* Init reception */
> + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> + if (rx_msg)
> + memcpy(rx_msg, msg, header.size << 2);
> +
> + dev_ctx->temp_resp = (u32 *)rx_msg;
> + dev_ctx->temp_resp_size = header.size;
> +
> + /* Allow user to read */
> + dev_ctx->pending_hdr = 1;
> + wake_up_interruptible(&dev_ctx->wq);
> +
> + if (is_response)
> + priv->waiting_rsp_dev = NULL;
> +}
> +
> +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> + uint8_t msg_id, uint8_t sz, bool is_base_api)
> +{
> + int ret = -EINVAL;
> + u32 size;
> + u32 cmd;
> + u32 tag;
> + u32 ver;
> +
> + tag = MSG_TAG(header);
> + cmd = MSG_COMMAND(header);
> + size = MSG_SIZE(header);
> + ver = MSG_VER(header);
> +
> + do {
> + if (tag != priv->rsp_tag) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
> + msg_id, tag, priv->rsp_tag);
> + break;
> + }
> +
> + if (cmd != msg_id) {
> + dev_err(priv->dev,
> + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
> + cmd, msg_id);
> + break;
> + }
> +
> + if (size != (sz >> 2)) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
> + msg_id, size, (sz >> 2));
> + break;
> + }
> +
> + if (is_base_api && (ver != priv->base_api_ver)) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)",
> + msg_id, ver, priv->base_api_ver);
> + break;
> + } else if (!is_base_api && ver != priv->fw_api_ver) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
> + msg_id, ver, priv->fw_api_ver);
> + break;
> + }
> +
> + ret = 0;
> +
> + } while (false);
> +
> + return ret;
> +}
> +
> +int se_save_imem_state(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + int ret;
> +
> + /* EXPORT command will save encrypted IMEM to given address,
> + * so later in resume, IMEM can be restored from the given
> + * address.
> + *
> + * Size must be at least 64 kB.
> + */
> + ret = ele_service_swap(dev,
> + priv->imem.phyaddr,
> + ELE_IMEM_SIZE,
> + ELE_IMEM_EXPORT);
> + if (ret < 0)
> + dev_err(dev, "Failed to export IMEM\n");
> + else
> + dev_info(dev,
> + "Exported %d bytes of encrypted IMEM\n",
> + ret);
> +
> + return ret;
> +}
> +
> +int se_restore_imem_state(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct soc_info s_info;
> + int ret;
> +
> + /* get info from ELE */
> + ret = ele_get_info(dev, &s_info);
> + if (ret) {
> + dev_err(dev, "Failed to get info from ELE.\n");
> + return ret;
> + }
> +
> + /* Get IMEM state, if 0xFE then import IMEM */
> + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> + /* IMPORT command will restore IMEM from the given
> + * address, here size is the actual size returned by ELE
> + * during the export operation
> + */
> + ret = ele_service_swap(dev,
> + priv->imem.phyaddr,
> + priv->imem.size,
> + ELE_IMEM_IMPORT);
> + if (ret) {
> + dev_err(dev, "Failed to import IMEM\n");
> + goto exit;
> + }
> + } else
> + goto exit;
> +
> + /* After importing IMEM, check if IMEM state is equal to 0xCA
> + * to ensure IMEM is fully loaded and
> + * ELE functionality can be used.
> + */
> + ret = ele_get_info(dev, &s_info);
> + if (ret) {
> + dev_err(dev, "Failed to get info from ELE.\n");
> + goto exit;
> + }
> +
> + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> + dev_info(dev, "Successfully restored IMEM\n");
> + else
> + dev_err(dev, "Failed to restore IMEM\n");
> +
> +exit:
> + return ret;
> +}
> diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
> new file mode 100644
> index 000000000000..6e3a2114bb56
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_common.h
> @@ -0,0 +1,43 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +
> +#ifndef __ELE_COMMON_H__
> +#define __ELE_COMMON_H__
> +
> +#include "se_ctrl.h"
> +
> +#define IMX_ELE_FW_DIR "imx/ele/"
> +
> +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz);
> +int imx_ele_msg_rcv(struct se_if_priv *priv);
> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> + u8 msg_id, u8 sz, bool is_base_api);
> +
> +/* Fill a command message header with a given command ID and length in bytes. */
> +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> + struct se_msg_hdr *hdr,
> + u8 cmd,
> + u32 len,
> + bool is_base_api)
> +{
> + hdr->tag = priv->cmd_tag;
> + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> + hdr->command = cmd;
> + hdr->size = len >> 2;
> +
> + return 0;
> +}
> +
> +int se_save_imem_state(struct device *dev);
> +int se_restore_imem_state(struct device *dev);
> +
> +#endif /*__ELE_COMMON_H__ */
> diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
> new file mode 100644
> index 000000000000..11c5eaa7353f
> --- /dev/null
> +++ b/drivers/firmware/imx/se_ctrl.c
> @@ -0,0 +1,1339 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/completion.h>
> +#include <linux/delay.h>
> +#include <linux/dev_printk.h>
> +#include <linux/dma-mapping.h>
> +#include <linux/errno.h>
> +#include <linux/export.h>
> +#include <linux/firmware.h>
> +#include <linux/firmware/imx/se_api.h>
> +#include <linux/genalloc.h>
> +#include <linux/init.h>
> +#include <linux/io.h>
> +#include <linux/miscdevice.h>
> +#include <linux/mod_devicetable.h>
> +#include <linux/module.h>
> +#include <linux/of_platform.h>
> +#include <linux/of_reserved_mem.h>
> +#include <linux/platform_device.h>
> +#include <linux/slab.h>
> +#include <linux/string.h>
> +#include <linux/sys_soc.h>
> +#include <uapi/linux/se_ioctl.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +#include "se_ctrl.h"
> +
> +#define RESERVED_DMA_POOL BIT(1)
> +
> +struct imx_se_node_info {
> + u8 se_if_id;
> + u8 se_if_did;
> + u8 max_dev_ctx;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> + u8 *se_name;
> + u8 *mbox_tx_name;
> + u8 *mbox_rx_name;
> + u8 *pool_name;
> + u8 *fw_name_in_rfs;
> + bool soc_register;
> + bool reserved_dma_ranges;
> + bool imem_mgmt;
> +};
> +
> +struct imx_se_node_info_list {
> + u8 num_mu;
> + u16 soc_id;
> + u16 soc_rev;
> + struct imx_se_node_info info[];
> +};
> +
> +static const struct imx_se_node_info_list imx8ulp_info = {
> + .num_mu = 1,
> + .soc_id = SOC_ID_OF_IMX8ULP,
> + .info = {
> + {
> + .se_if_id = 2,
> + .se_if_did = 7,
> + .max_dev_ctx = 4,
> + .cmd_tag = 0x17,
> + .rsp_tag = 0xe1,
> + .success_tag = 0xd6,
> + .base_api_ver = MESSAGING_VERSION_6,
> + .fw_api_ver = MESSAGING_VERSION_7,
> + .se_name = "hsm1",
> + .mbox_tx_name = "tx",
> + .mbox_rx_name = "rx",
> + .pool_name = "sram",
> + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> + "mx8ulpa2ext-ahab-container.img",
> + .soc_register = true,
> + .reserved_dma_ranges = true,
> + .imem_mgmt = true,
> + },
> + },
> +};
> +
> +static const struct imx_se_node_info_list imx93_info = {
> + .num_mu = 1,
> + .soc_id = SOC_ID_OF_IMX93,
> + .info = {
> + {
> + .se_if_id = 2,
> + .se_if_did = 3,
> + .max_dev_ctx = 4,
> + .cmd_tag = 0x17,
> + .rsp_tag = 0xe1,
> + .success_tag = 0xd6,
> + .base_api_ver = MESSAGING_VERSION_6,
> + .fw_api_ver = MESSAGING_VERSION_7,
> + .se_name = "hsm1",
> + .mbox_tx_name = "tx",
> + .mbox_rx_name = "rx",
> + .reserved_dma_ranges = true,
> + .imem_mgmt = true,
> + .soc_register = true,
> + },
> + },
> +};
> +
> +static const struct of_device_id se_match[] = {
> + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
> + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> + {},
> +};
> +
> +static struct imx_se_node_info
> + *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
> + const u32 idx)
> +{
> + if (idx < 0 || idx > info_list->num_mu)
> + return NULL;
> +
> + return &info_list->info[idx];
> +}
> +
> +void *get_phy_buf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + dma_addr_t *buf,
> + u32 size)
> +{
> + struct device_node *of_node = dev->of_node;
> + struct gen_pool *mem_pool;
> +
> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> + if (!mem_pool) {
> + dev_err(dev,
> + "Unable to get sram pool = %s\n",
> + mem_pool_name);
> + return 0;
> + }
> +
> + return gen_pool_dma_alloc(mem_pool, size, buf);
> +}
> +
> +void free_phybuf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + u32 *buf,
> + u32 size)
> +{
> + struct device_node *of_node = dev->of_node;
> + struct gen_pool *mem_pool;
> +
> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> + if (!mem_pool)
> + dev_err(dev,
> + "%s: Failed: Unable to get sram pool.\n",
> + __func__);
> +
> + gen_pool_free(mem_pool, (u64)buf, size);
> +}
> +
> +static int imx_fetch_soc_info(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct imx_se_node_info_list *info_list;
> + const struct imx_se_node_info *info;
> + struct soc_device_attribute *attr;
> + struct soc_device *sdev;
> + struct soc_info s_info;
> + int err = 0;
> +
> + info = priv->info;
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev->parent);
> + if (info_list->soc_rev)
> + return err;
> +
> + err = ele_get_info(dev, &s_info);
> + if (err)
> + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> +
> + info_list->soc_rev = s_info.soc_rev;
> +
> + if (!info->soc_register)
> + return 0;
> +
> + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> + if (!attr)
> + return -ENOMEM;
> +
> + if (s_info.minor_ver)
> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> + s_info.major_ver,
> + s_info.minor_ver);
> + else
> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> + s_info.major_ver);
> +
> + switch (s_info.soc_id) {
> + case SOC_ID_OF_IMX8ULP:
> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> + "i.MX8ULP");
> + break;
> + case SOC_ID_OF_IMX93:
> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> + "i.MX93");
> + break;
> + }
> +
> + err = of_property_read_string(of_root, "model",
> + &attr->machine);
> + if (err) {
> + devm_kfree(dev, attr);
> + return -EINVAL;
> + }
> + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> +
> + attr->serial_number
> + = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
> +
> + sdev = soc_device_register(attr);
> + if (IS_ERR(sdev)) {
> + devm_kfree(dev, attr->soc_id);
> + devm_kfree(dev, attr->serial_number);
> + devm_kfree(dev, attr->revision);
> + devm_kfree(dev, attr->family);
> + devm_kfree(dev, attr->machine);
> + devm_kfree(dev, attr);
> + return PTR_ERR(sdev);
> + }
> +
> + return 0;
> +}
> +
> +/*
> + * File operations for user-space
> + */
> +
> +/* Write a message to the MU. */
> +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_if_device_ctx *dev_ctx;
> + struct se_if_priv *priv;
> + int err;
> +
> + dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + priv = dev_ctx->priv;
> + dev_dbg(priv->dev,
> + "%s: write from buf (%p)%zu, ppos=%lld\n",
> + dev_ctx->miscdev.name,
> + buf, size, ((ppos) ? *ppos : 0));
> +
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + if (dev_ctx->status != MU_OPENED) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + if (size < SE_MU_HDR_SZ) {
> + dev_err(priv->dev,
> + "%s: User buffer too small(%zu < %d)\n",
> + dev_ctx->miscdev.name,
> + size, SE_MU_HDR_SZ);
> + err = -ENOSPC;
> + goto exit;
> + }
> +
> + tx_msg = memdup_user((void __user *)ppos, size);
> + if (!tx_msg) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Copy data to buffer */
> + if (copy_from_user(tx_msg, buf, size)) {
> + err = -EFAULT;
> + dev_err(priv->dev,
> + "%s: Fail copy message from user\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> + tx_msg, size, false);
> +
> + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/*
> + * Read a message from the MU.
> + * Blocking until a message is available.
> + */
> +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + struct se_if_device_ctx *dev_ctx;
> + struct se_buf_desc *b_desc;
> + struct se_if_priv *priv;
> + u32 size_to_copy;
> + int err;
> +
> + dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + priv = dev_ctx->priv;
> + dev_dbg(priv->dev,
> + "%s: read to buf %p(%zu), ppos=%lld\n",
> + dev_ctx->miscdev.name,
> + buf, size, ((ppos) ? *ppos : 0));
> +
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + if (dev_ctx->status != MU_OPENED) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> + if (err)
> + goto exit;
> +
> + /* Buffer containing the message from FW, is
> + * allocated in callback function.
> + * Check if buffer allocation failed.
> + */
> + if (!dev_ctx->temp_resp) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + dev_dbg(priv->dev,
> + "%s: %s %s\n",
> + dev_ctx->miscdev.name,
> + __func__,
> + "message received, start transmit to user");
> +
> + /*
> + * Check that the size passed as argument is larger than
> + * the one carried in the message.
> + */
> + size_to_copy = dev_ctx->temp_resp_size << 2;
> + if (size_to_copy > size) {
> + dev_dbg(priv->dev,
> + "%s: User buffer too small (%zu < %d)\n",
> + dev_ctx->miscdev.name,
> + size, size_to_copy);
> + size_to_copy = size;
> + }
> +
> + /*
> + * We may need to copy the output data to user before
> + * delivering the completion message.
> + */
> + while (!list_empty(&dev_ctx->pending_out)) {
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> +
> + dev_dbg(priv->dev,
> + "%s: Copy output data to user\n",
> + dev_ctx->miscdev.name);
> + if (copy_to_user(b_desc->usr_buf_ptr,
> + b_desc->shared_buf_ptr,
> + b_desc->size)) {
> + dev_err(priv->dev,
> + "%s: Failure copying output data to user.",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> + }
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + kfree(b_desc);
> + }
> +
> + /* Copy data from the buffer */
> + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> + dev_ctx->temp_resp, size_to_copy, false);
> + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> + dev_err(priv->dev,
> + "%s: Failed to copy to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + err = size_to_copy;
> + kfree(dev_ctx->temp_resp);
> +
> + /* free memory allocated on the shared buffers. */
> + dev_ctx->secure_mem.pos = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + dev_ctx->pending_hdr = 0;
> +
> +exit:
> + /*
> + * Clean the used Shared Memory space,
> + * whether its Input Data copied from user buffers, or
> + * Data received from FW.
> + */
> + while (!list_empty(&dev_ctx->pending_in) ||
> + !list_empty(&dev_ctx->pending_out)) {
> + if (!list_empty(&dev_ctx->pending_in))
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> + struct se_buf_desc,
> + link);
> + else
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> +
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + kfree(b_desc);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/* Give access to EdgeLock Enclave, to the memory we want to share */
> +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> + u64 addr, u32 len)
> +{
> + /* Assuming EdgeLock Enclave has access to all the memory regions */
> + int ret = 0;
> +
> + if (ret) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> + if (ret) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Fail set permission for resource\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> +exit:
> + return ret;
> +}
> +
> +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> + struct imx_se_node_info *if_node_info;
> + struct se_ioctl_get_if_info info;
> + int err = 0;
> +
> + if_node_info = (struct imx_se_node_info *)priv->info;
> +
> + info.se_if_id = if_node_info->se_if_id;
> + info.interrupt_idx = 0;
> + info.tz = 0;
> + info.did = if_node_info->se_if_did;
> + info.cmd_tag = if_node_info->cmd_tag;
> + info.rsp_tag = if_node_info->rsp_tag;
> + info.success_tag = if_node_info->success_tag;
> + info.base_api_ver = if_node_info->base_api_ver;
> + info.fw_api_ver = if_node_info->fw_api_ver;
> +
> + dev_dbg(priv->dev,
> + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> + dev_ctx->miscdev.name,
> + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> +
> + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy mu info to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/*
> + * Copy a buffer of data to/from the user and return the address to use in
> + * messages
> + */
> +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_ioctl_setup_iobuf io = {0};
> + struct se_shared_mem *shared_mem;
> + struct se_buf_desc *b_desc;
> + int err = 0;
> + u32 pos;
> +
> + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed copy iobuf config from user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + dev_dbg(dev_ctx->priv->dev,
> + "%s: io [buf: %p(%d) flag: %x]\n",
> + dev_ctx->miscdev.name,
> + io.user_buf, io.length, io.flags);
> +
> + if (io.length == 0 || !io.user_buf) {
> + /*
> + * Accept NULL pointers since some buffers are optional
> + * in FW commands. In this case we should return 0 as
> + * pointer to be embedded into the message.
> + * Skip all data copy part of code below.
> + */
> + io.ele_addr = 0;
> + goto copy;
> + }
> +
> + /* Select the shared memory to be used for this buffer. */
> + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> + /* App requires to use secure memory for this buffer.*/
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed allocate SEC MEM memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + } else {
> + /* No specific requirement for this buffer. */
> + shared_mem = &dev_ctx->non_secure_mem;
> + }
> +
> + /* Check there is enough space in the shared memory. */
> + if (shared_mem->size < shared_mem->pos
> + || io.length >= shared_mem->size - shared_mem->pos) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Not enough space in shared memory\n",
> + dev_ctx->miscdev.name);
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Allocate space in shared memory. 8 bytes aligned. */
> + pos = shared_mem->pos;
> + shared_mem->pos += round_up(io.length, 8u);
> + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> +
> + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> + /*Add base address to get full address.*/
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed allocate SEC MEM memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + memset(shared_mem->ptr + pos, 0, io.length);
> + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> + /*
> + * buffer is input:
> + * copy data from user space to this allocated buffer.
> + */
> + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> + io.length)) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed copy data to shared memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> + }
> +
> + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> + if (!b_desc) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> +copy:
> + /* Provide the EdgeLock Enclave address to user space only if success.*/
> + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy iobuff setup to user\n",
> + dev_ctx->miscdev.name);
> + kfree(b_desc);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + if (b_desc) {
> + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> + b_desc->usr_buf_ptr = io.user_buf;
> + b_desc->size = io.length;
> +
> + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> + /*
> + * buffer is input:
> + * add an entry in the "pending input buffers" list so
> + * that copied data can be cleaned from shared memory
> + * later.
> + */
> + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> + } else {
> + /*
> + * buffer is output:
> + * add an entry in the "pending out buffers" list so data
> + * can be copied to user space when receiving Secure-Enclave
> + * response.
> + */
> + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> + }
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/* IOCTL to provide SoC information */
> +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct imx_se_node_info_list *info_list;
> + struct se_ioctl_get_soc_info soc_info;
> + int err = -EINVAL;
> +
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev_ctx->priv->dev->parent);
> + if (!info_list)
> + goto exit;
> +
> + soc_info.soc_id = info_list->soc_id;
> + soc_info.soc_rev = info_list->soc_rev;
> +
> + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> + if (err) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy soc info to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/* Open a character device. */
> +static int se_if_fops_open(struct inode *nd, struct file *fp)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + int err;
> +
> + /* Avoid race if opened at the same time */
> + if (down_trylock(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + /* Authorize only 1 instance. */
> + if (dev_ctx->status != MU_FREE) {
> + err = -EBUSY;
> + goto exit;
> + }
> +
> + /*
> + * Allocate some memory for data exchanges with S40x.
> + * This will be used for data not requiring secure memory.
> + */
> + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
> + MAX_DATA_SIZE_PER_USER,
> + &dev_ctx->non_secure_mem.dma_addr,
> + GFP_KERNEL);
> + if (!dev_ctx->non_secure_mem.ptr) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + err = se_if_setup_se_mem_access(dev_ctx,
> + dev_ctx->non_secure_mem.dma_addr,
> + MAX_DATA_SIZE_PER_USER);
> + if (err) {
> + err = -EPERM;
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to share access to shared memory\n",
> + dev_ctx->miscdev.name);
> + goto free_coherent;
> + }
> +
> + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> + dev_ctx->non_secure_mem.pos = 0;
> + dev_ctx->status = MU_OPENED;
> +
> + dev_ctx->pending_hdr = 0;
> +
> + goto exit;
> +
> +free_coherent:
> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> + dev_ctx->non_secure_mem.ptr,
> + dev_ctx->non_secure_mem.dma_addr);
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/* Close a character device. */
> +static int se_if_fops_close(struct inode *nd, struct file *fp)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_buf_desc *b_desc;
> +
> + /* Avoid race if closed at the same time */
> + if (down_trylock(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + /* The device context has not been opened */
> + if (dev_ctx->status != MU_OPENED)
> + goto exit;
> +
> + /* check if this device was registered as command receiver. */
> + if (priv->cmd_receiver_dev == dev_ctx)
> + priv->cmd_receiver_dev = NULL;
> +
> + /* check if this device was registered as waiting response. */
> + if (priv->waiting_rsp_dev == dev_ctx) {
> + priv->waiting_rsp_dev = NULL;
> + mutex_unlock(&priv->se_if_cmd_lock);
> + }
> +
> + /* Unmap secure memory shared buffer. */
> + if (dev_ctx->secure_mem.ptr)
> + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> +
> + dev_ctx->secure_mem.ptr = NULL;
> + dev_ctx->secure_mem.dma_addr = 0;
> + dev_ctx->secure_mem.size = 0;
> + dev_ctx->secure_mem.pos = 0;
> +
> + /* Free non-secure shared buffer. */
> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> + dev_ctx->non_secure_mem.ptr,
> + dev_ctx->non_secure_mem.dma_addr);
> +
> + dev_ctx->non_secure_mem.ptr = NULL;
> + dev_ctx->non_secure_mem.dma_addr = 0;
> + dev_ctx->non_secure_mem.size = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + while (!list_empty(&dev_ctx->pending_in) ||
> + !list_empty(&dev_ctx->pending_out)) {
> + if (!list_empty(&dev_ctx->pending_in))
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> + struct se_buf_desc,
> + link);
> + else
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> +
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + devm_kfree(dev_ctx->dev, b_desc);
> + }
> +
> + dev_ctx->status = MU_FREE;
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return 0;
> +}
> +
> +/* IOCTL entry point of a character device */
> +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *se_if_priv = dev_ctx->priv;
> + int err = -EINVAL;
> +
> + /* Prevent race during change of device context */
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + switch (cmd) {
> + case SE_IOCTL_ENABLE_CMD_RCV:
> + if (!se_if_priv->cmd_receiver_dev) {
> + se_if_priv->cmd_receiver_dev = dev_ctx;
> + err = 0;
> + }
> + break;
> + case SE_IOCTL_GET_MU_INFO:
> + err = se_ioctl_get_mu_info(dev_ctx, arg);
> + break;
> + case SE_IOCTL_SETUP_IOBUF:
> + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> + break;
> + case SE_IOCTL_GET_SOC_INFO:
> + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> + break;
> +
> + default:
> + err = -EINVAL;
> + dev_dbg(se_if_priv->dev,
> + "%s: IOCTL %.8x not supported\n",
> + dev_ctx->miscdev.name,
> + cmd);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return (long)err;
> +}
> +
> +/* Char driver setup */
> +static const struct file_operations se_if_fops = {
> + .open = se_if_fops_open,
> + .owner = THIS_MODULE,
> + .release = se_if_fops_close,
> + .unlocked_ioctl = se_ioctl,
> + .read = se_if_fops_read,
> + .write = se_if_fops_write,
> +};
> +
> +/* interface for managed res to free a mailbox channel */
> +static void if_mbox_free_channel(void *mbox_chan)
> +{
> + mbox_free_channel(mbox_chan);
> +}
> +
> +/* interface for managed res to unregister a character device */
> +static void if_misc_deregister(void *miscdevice)
> +{
> + misc_deregister(miscdevice);
> +}
> +
> +static int se_if_request_channel(struct device *dev,
> + struct mbox_chan **chan,
> + struct mbox_client *cl,
> + const u8 *name)
> +{
> + struct mbox_chan *t_chan;
> + int ret = 0;
> +
> + t_chan = mbox_request_channel_byname(cl, name);
> + if (IS_ERR(t_chan)) {
> + ret = PTR_ERR(t_chan);
> + if (ret != -EPROBE_DEFER)
> + dev_err(dev,
> + "Failed to request chan %s ret %d\n", name,
> + ret);
> + goto exit;
> + }
> +
> + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> + if (ret) {
> + dev_err(dev, "failed to add devm removal of mbox %s\n", name);
> + goto exit;
> + }
> +
> + *chan = t_chan;
> +
> +exit:
> + return ret;
> +}
> +
> +static int se_probe_if_cleanup(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct se_if_priv *priv;
> + int ret = 0;
> + int i;
> +
> + priv = dev_get_drvdata(dev);
> + if (!priv) {
> + ret = 0;
> + dev_dbg(dev, "SE-MU Priv data is NULL;");
> + return ret;
> + }
> +
> + if (priv->tx_chan)
> + mbox_free_channel(priv->tx_chan);
> + if (priv->rx_chan)
> + mbox_free_channel(priv->rx_chan);
> +
> + /* free the buffer in se remove, previously allocated
> + * in se probe to store encrypted IMEM
> + */
> + if (priv->imem.buf) {
> + dmam_free_coherent(dev,
> + ELE_IMEM_SIZE,
> + priv->imem.buf,
> + priv->imem.phyaddr);
> + priv->imem.buf = NULL;
> + }
> +
> + if (priv->ctxs) {
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + if (priv->ctxs[i]) {
> + devm_remove_action(dev,
> + if_misc_deregister,
> + &priv->ctxs[i]->miscdev);
> + misc_deregister(&priv->ctxs[i]->miscdev);
> + devm_kfree(dev, priv->ctxs[i]);
> + }
> + }
> + devm_kfree(dev, priv->ctxs);
> + }
> +
> + if (priv->flags & RESERVED_DMA_POOL) {
> + of_reserved_mem_device_release(dev);
> + priv->flags &= (~RESERVED_DMA_POOL);
> + }
> +
> + devm_kfree(dev, priv);
> + of_node_put(dev->of_node);
> + of_platform_device_destroy(dev, NULL);
> +
> + return ret;
> +}
> +
> +static int se_probe_cleanup(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct device_node *if_dn;
> +
> + /* Enumerate se-interface device nodes. */
> + for_each_child_of_node(dev->of_node, if_dn) {
> + struct platform_device *if_pdev
> + = of_find_device_by_node(if_dn);
> + if (se_probe_if_cleanup(if_pdev))
> + dev_err(dev,
> + "Failed to clean-up child node probe.\n");
> + }
> +
> + return 0;
> +}
> +
> +static int init_device_context(struct device *dev)
> +{
> + const struct imx_se_node_info *info;
> + struct se_if_device_ctx *dev_ctx;
> + struct se_if_priv *priv;
> + u8 *devname;
> + int ret = 0;
> + int i;
> +
> + priv = dev_get_drvdata(dev);
> +
> + if (!priv) {
> + ret = -EINVAL;
> + dev_err(dev, "Invalid SE-MU Priv data");
> + return ret;
> + }
> + info = priv->info;
> +
> + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> + GFP_KERNEL);
> +
> + if (!priv->ctxs) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + /* Create users */
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> + if (!dev_ctx) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->dev = dev;
> + dev_ctx->status = MU_FREE;
> + dev_ctx->priv = priv;
> +
> + priv->ctxs[i] = dev_ctx;
> +
> + /* Default value invalid for an header. */
> + init_waitqueue_head(&dev_ctx->wq);
> +
> + INIT_LIST_HEAD(&dev_ctx->pending_out);
> + INIT_LIST_HEAD(&dev_ctx->pending_in);
> + sema_init(&dev_ctx->fops_lock, 1);
> +
> + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> + info->se_name, i);
> + if (!devname) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->miscdev.name = devname;
> + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> + dev_ctx->miscdev.fops = &se_if_fops;
> + dev_ctx->miscdev.parent = dev;
> + ret = misc_register(&dev_ctx->miscdev);
> + if (ret) {
> + dev_err(dev, "failed to register misc device %d\n",
> + ret);
> + return ret;
> + }
> +
> + ret = devm_add_action(dev, if_misc_deregister,
> + &dev_ctx->miscdev);
> + if (ret) {
> + dev_err(dev,
> + "failed[%d] to add action to the misc-dev\n",
> + ret);
> + return ret;
> + }
> + }
> +
> + return ret;
> +}
> +
> +static void se_load_firmware(const struct firmware *fw, void *context)
> +{
> + struct se_if_priv *priv = (struct se_if_priv *) context;
> + const struct imx_se_node_info *info = priv->info;
> + const u8 *se_fw_name = info->fw_name_in_rfs;
> + phys_addr_t se_fw_phyaddr;
> + u8 *se_fw_buf;
> +
> + if (!fw) {
> + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> + dev_dbg(priv->dev,
> + "External FW not found, using ROM FW.\n");
> + else {
> + /*add a bit delay to wait for firmware priv released */
> + msleep(20);
> +
> + /* Load firmware one more time if timeout */
> + request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT, info->fw_name_in_rfs,
> + priv->dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + priv->fw_fail++;
> + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> + priv->fw_fail);
> + }
> +
> + return;
> + }
> +
> + /* allocate buffer to store the SE FW */
> + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> + &se_fw_phyaddr,
> + GFP_KERNEL);
> + if (!se_fw_buf) {
> + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> + goto exit;
> + }
> +
> + memcpy(se_fw_buf, fw->data, fw->size);
> +
> + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> + dev_err(priv->dev,
> + "Failed to authenticate & load SE firmware %s.\n",
> + se_fw_name);
> +
> +exit:
> + dmam_free_coherent(priv->dev,
> + fw->size,
> + se_fw_buf,
> + se_fw_phyaddr);
> +
> + release_firmware(fw);
> +}
> +
> +static int se_if_probe(struct platform_device *pdev)
> +{
> + struct imx_se_node_info_list *info_list;
> + struct device *dev = &pdev->dev;
> + struct imx_se_node_info *info;
> + struct se_if_priv *priv;
> + u32 idx;
> + int ret;
> +
> + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> + ret = -EINVAL;
> + goto exit;
> + }
> +
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev->parent);
> + info = get_imx_se_node_info(info_list, idx);
> +
> + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> + if (!priv) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> +
> + dev_set_drvdata(dev, priv);
> +
> + /* Mailbox client configuration */
> + priv->se_mb_cl.dev = dev;
> + priv->se_mb_cl.tx_block = false;
> + priv->se_mb_cl.knows_txdone = true;
> + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> +
> + ret = se_if_request_channel(dev, &priv->tx_chan,
> + &priv->se_mb_cl, info->mbox_tx_name);
> + if (ret) {
> + if (ret == -EPROBE_DEFER)
> + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> + else
> + dev_err(dev, "Failed to request tx channel\n");
> +
> + goto exit;
> + }
> +
> + ret = se_if_request_channel(dev, &priv->rx_chan,
> + &priv->se_mb_cl, info->mbox_rx_name);
> + if (ret) {
> + if (ret == -EPROBE_DEFER)
> + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> + else
> + dev_dbg(dev, "Failed to request rx channel\n");
> +
> + goto exit;
> + }
> +
> + priv->dev = dev;
> + priv->info = info;
> +
> + /* Initialize the mutex. */
> + mutex_init(&priv->se_if_lock);
> + mutex_init(&priv->se_if_cmd_lock);
> +
> + priv->cmd_receiver_dev = NULL;
> + priv->waiting_rsp_dev = NULL;
> + priv->max_dev_ctx = info->max_dev_ctx;
> + priv->cmd_tag = info->cmd_tag;
> + priv->rsp_tag = info->rsp_tag;
> + priv->mem_pool_name = info->pool_name;
> + priv->success_tag = info->success_tag;
> + priv->base_api_ver = info->base_api_ver;
> + priv->fw_api_ver = info->fw_api_ver;
> +
> + init_completion(&priv->done);
> + spin_lock_init(&priv->lock);
> +
> + if (info->reserved_dma_ranges) {
> + ret = of_reserved_mem_device_init(dev);
> + if (ret) {
> + dev_err(dev,
> + "failed to init reserved memory region %d\n",
> + ret);
> + priv->flags &= (~RESERVED_DMA_POOL);
> + goto exit;
> + }
> + priv->flags |= RESERVED_DMA_POOL;
> + }
> +
> + if (info->fw_name_in_rfs) {
> + ret = request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT,
> + info->fw_name_in_rfs,
> + dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + if (ret)
> + dev_warn(dev, "Failed to get firmware [%s].\n",
> + info->fw_name_in_rfs);
> + }
> +
> + ret = imx_fetch_soc_info(dev);
> + if (ret) {
> + dev_err(dev,
> + "failed[%d] to fetch SoC Info\n", ret);
> + goto exit;
> + }
> +
> + if (info->imem_mgmt) {
> + /* allocate buffer where SE store encrypted IMEM */
> + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
> + &priv->imem.phyaddr,
> + GFP_KERNEL);
> + if (!priv->imem.buf) {
> + dev_err(dev,
> + "dmam-alloc-failed: To store encr-IMEM.\n");
> + ret = -ENOMEM;
> + goto exit;
> + }
> + }
> +
> + if (info->max_dev_ctx) {
> + ret = init_device_context(dev);
> + if (ret) {
> + dev_err(dev,
> + "Failed[0x%x] to create device contexts.\n",
> + ret);
> + goto exit;
> + }
> + }
> +
> + dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
> + info->se_name);
> + return devm_of_platform_populate(dev);
> +
> +exit:
> + /* if execution control reaches here, if probe fails.
> + * hence doing the cleanup
> + */
> + if (se_probe_if_cleanup(pdev))
> + dev_err(dev,
> + "Failed to clean-up the child node probe.\n");
> +
> + return ret;
> +}
> +
> +static int se_probe(struct platform_device *pdev)
> +{
> + struct device_node *enum_dev_node;
> + struct device *dev = &pdev->dev;
> + int enum_count;
> + int ret;
> +
> + enum_count = of_get_child_count(dev->of_node);
> + if (!enum_count) {
> + ret = -EINVAL;
> + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> + return ret;
> + }
> +
> + for_each_child_of_node(dev->of_node, enum_dev_node) {
> + struct platform_device *enum_plat_dev __maybe_unused;
> +
> + if (!of_device_is_available(enum_dev_node))
> + continue;
> +
> + enum_plat_dev = of_platform_device_create(enum_dev_node,
> + NULL,
> + dev);
> + if (!enum_plat_dev) {
> + ret = -EINVAL;
> + of_node_put(enum_dev_node);
> + dev_err(dev,
> + "Failed to create enumerated platform device.");
> + break;
> + }
> +
> + ret = se_if_probe(enum_plat_dev);
> + }
> + return ret;
> +}
> +
> +static int se_remove(struct platform_device *pdev)
> +{
> + if (se_probe_cleanup(pdev))
> + dev_err(&pdev->dev,
> + "i.MX Secure Enclave is not cleanly un-probed.");
> +
> + return 0;
> +}
> +
> +static int se_suspend(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + const struct imx_se_node_info *info
> + = priv->info;
> +
> + if (info && info->imem_mgmt)
> + priv->imem.size = se_save_imem_state(dev);
> +
> + return 0;
> +}
> +
> +static int se_resume(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + const struct imx_se_node_info *info
> + = priv->info;
> + int i;
> +
> + for (i = 0; i < priv->max_dev_ctx; i++)
> + wake_up_interruptible(&priv->ctxs[i]->wq);
> +
> + if (info && info->imem_mgmt)
> + se_restore_imem_state(dev);
> +
> + return 0;
> +}
> +
> +static const struct dev_pm_ops se_pm = {
> + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> +};
> +
> +static struct platform_driver se_driver = {
> + .driver = {
> + .name = "fsl-se-fw",
> + .of_match_table = se_match,
> + .pm = &se_pm,
> + },
> + .probe = se_probe,
> + .remove = se_remove,
> +};
> +MODULE_DEVICE_TABLE(of, se_match);
> +
> +module_platform_driver(se_driver);
> +
> +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> +MODULE_LICENSE("GPL");
> diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
> new file mode 100644
> index 000000000000..76e1ce77c52f
> --- /dev/null
> +++ b/drivers/firmware/imx/se_ctrl.h
> @@ -0,0 +1,151 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef SE_MU_H
> +#define SE_MU_H
> +
> +#include <linux/miscdevice.h>
> +#include <linux/semaphore.h>
> +#include <linux/mailbox_client.h>
> +
> +#define MAX_FW_LOAD_RETRIES 50
> +
> +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> +#define MSG_VER(x) ((x) & 0x000000ff)
> +#define RES_STATUS(x) ((x) & 0x000000ff)
> +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> +#define S4_DEFAULT_MUAP_INDEX (2)
> +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> +#define MESSAGING_VERSION_6 0x6
> +#define MESSAGING_VERSION_7 0x7
> +
> +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> +
> +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> +
> +struct se_imem_buf {
> + u8 *buf;
> + phys_addr_t phyaddr;
> + u32 size;
> +};
> +
> +struct se_buf_desc {
> + u8 *shared_buf_ptr;
> + u8 *usr_buf_ptr;
> + u32 size;
> + struct list_head link;
> +};
> +
> +/* Status of a char device */
> +enum se_if_dev_ctx_status_t {
> + MU_FREE,
> + MU_OPENED
> +};
> +
> +struct se_shared_mem {
> + dma_addr_t dma_addr;
> + u32 size;
> + u32 pos;
> + u8 *ptr;
> +};
> +
> +/* Private struct for each char device instance. */
> +struct se_if_device_ctx {
> + struct device *dev;
> + struct se_if_priv *priv;
> + struct miscdevice miscdev;
> +
> + enum se_if_dev_ctx_status_t status;
> + wait_queue_head_t wq;
> + struct semaphore fops_lock;
> +
> + u32 pending_hdr;
> + struct list_head pending_in;
> + struct list_head pending_out;
> +
> + struct se_shared_mem secure_mem;
> + struct se_shared_mem non_secure_mem;
> +
> + u32 *temp_resp;
> + u32 temp_resp_size;
> + struct notifier_block se_notify;
> +};
> +
> +/* Header of the messages exchange with the EdgeLock Enclave */
> +struct se_msg_hdr {
> + u8 ver;
> + u8 size;
> + u8 command;
> + u8 tag;
> +} __packed;
> +
> +#define SE_MU_HDR_SZ 4
> +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> +
> +struct se_api_msg {
> + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> + u32 *data;
> +};
> +
> +struct se_if_priv {
> + struct se_if_device_ctx *cmd_receiver_dev;
> + struct se_if_device_ctx *waiting_rsp_dev;
> + bool no_dev_ctx_used;
> + /*
> + * prevent parallel access to the se interface registers
> + * e.g. a user trying to send a command while the other one is
> + * sending a response.
> + */
> + struct mutex se_if_lock;
> + /*
> + * prevent a command to be sent on the se interface while another one is
> + * still processing. (response to a command is allowed)
> + */
> + struct mutex se_if_cmd_lock;
> + struct device *dev;
> + u8 *mem_pool_name;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> + u32 fw_fail;
> + const void *info;
> +
> + struct mbox_client se_mb_cl;
> + struct mbox_chan *tx_chan, *rx_chan;
> + struct se_api_msg *rx_msg;
> + struct completion done;
> + spinlock_t lock;
> + /*
> + * Flag to retain the state of initialization done at
> + * the time of se-mu probe.
> + */
> + uint32_t flags;
> + u8 max_dev_ctx;
> + struct se_if_device_ctx **ctxs;
> + struct se_imem_buf imem;
> +};
> +
> +void *get_phy_buf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + dma_addr_t *buf,
> + u32 size);
> +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> + u8 *mem_pool_name,
> + u32 **buf,
> + u32 size);
> +void free_phybuf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + u32 *buf,
> + u32 size);
> +#endif
> diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h
> new file mode 100644
> index 000000000000..c47f84906837
> --- /dev/null
> +++ b/include/linux/firmware/imx/se_api.h
> @@ -0,0 +1,14 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef __SE_API_H__
> +#define __SE_API_H__
> +
> +#include <linux/types.h>
> +
> +#define SOC_ID_OF_IMX8ULP 0x084D
> +#define SOC_ID_OF_IMX93 0x9300
> +
> +#endif /* __SE_API_H__ */
> diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> new file mode 100644
> index 000000000000..f68a36e9da2c
> --- /dev/null
> +++ b/include/uapi/linux/se_ioctl.h
> @@ -0,0 +1,88 @@
> +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause*/
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef SE_IOCTL_H
> +#define SE_IOCTL_H
> +
> +/* IOCTL definitions. */
> +
> +struct se_ioctl_setup_iobuf {
> + u8 *user_buf;
> + u32 length;
> + u32 flags;
> + u64 ele_addr;
> +};
> +
> +struct se_ioctl_shared_mem_cfg {
> + u32 base_offset;
> + u32 size;
> +};
> +
> +struct se_ioctl_get_if_info {
> + u8 se_if_id;
> + u8 interrupt_idx;
> + u8 tz;
> + u8 did;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> +};
> +
> +struct se_ioctl_signed_message {
> + u8 *message;
> + u32 msg_size;
> + u32 error_code;
> +};
> +
> +struct se_ioctl_get_soc_info {
> + u16 soc_id;
> + u16 soc_rev;
> +};
> +
> +/* IO Buffer Flags */
> +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> +
> +/* IOCTLS */
> +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> +
> +/*
> + * ioctl to designated the current fd as logical-reciever.
> + * This is ioctl is send when the nvm-daemon, a slave to the
> + * firmware is started by the user.
> + */
> +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> +
> +/*
> + * ioctl to get the buffer allocated from the memory, which is shared
> + * between kernel and FW.
> + * Post allocation, the kernel tagged the allocated memory with:
> + * Output
> + * Input
> + * Input-Output
> + * Short address
> + * Secure-memory
> + */
> +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> + struct se_ioctl_setup_iobuf)
> +
> +/*
> + * ioctl to get the mu information, that is used to exchange message
> + * with FW, from user-spaced.
> + */
> +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> + struct se_ioctl_get_if_info)
> +/*
> + * ioctl to get SoC Info from user-space.
> + */
> +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> + struct se_ioctl_get_soc_info)
> +
> +#endif
>
> --
> 2.34.1
>

2024-05-10 19:40:42

by Amit Singh Tomar

[permalink] [raw]
Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

Hi,
>
> ----------------------------------------------------------------------
> On Fri, May 10, 2024 at 06:57:30PM +0530, Pankaj Gupta wrote:
>> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
>> are embedded in the SoC to support the features like HSM, SHE & V2X,
>> using message based communication interface.
>>
>> The secure enclave FW communicates on a dedicated messaging unit(MU)
>> based interface(s) with application core, where kernel is running.
>> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
>>
>> This patch adds the driver for communication interface to secure-enclave,
>> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
>> both from:
>> - User-Space Applications via character driver.
>> - Kernel-space, used by kernel management layers like DM-Crypt.
>>
>> ABI documentation for the NXP secure-enclave driver.
>>
>> User-space library using this driver:
>> - i.MX Secure Enclave library:
>> -- URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=eKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgCpca6smAwvwFycf&s=IfKbvjSfdUcqz-WEWdhbj1_TnqGryOffX1dV0T5Rf_A&e= ,
>> - i.MX Secure Middle-Ware:
>> -- URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=eKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgCpca6smAwvwFycf&s=LLz2plXTM1AS-zJ1HlZRKiBE8GmRJBduR_0dnOuFjRo&e=
>>
>> Signed-off-by: Pankaj Gupta <[email protected]>
>> ---
>> Documentation/ABI/testing/se-cdev | 42 ++
>> drivers/firmware/imx/Kconfig | 12 +
>> drivers/firmware/imx/Makefile | 2 +
>> drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
>> drivers/firmware/imx/ele_base_msg.h | 70 ++
>> drivers/firmware/imx/ele_common.c | 341 +++++++++
>> drivers/firmware/imx/ele_common.h | 43 ++
>> drivers/firmware/imx/se_ctrl.c | 1339 +++++++++++++++++++++++++++++++++++
>> drivers/firmware/imx/se_ctrl.h | 151 ++++
>> include/linux/firmware/imx/se_api.h | 14 +
>> include/uapi/linux/se_ioctl.h | 88 +++
>> 11 files changed, 2389 insertions(+)
>>
>> diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
>> new file mode 100644
>> index 000000000000..699525af6b86
>> --- /dev/null
>> +++ b/Documentation/ABI/testing/se-cdev
>> @@ -0,0 +1,42 @@
>> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
>> +Date: May 2024
>> +KernelVersion: 6.8
>> +Contact: [email protected], [email protected]
>> +Description:
>> + NXP offers multiple hardware IP(s) for secure-enclaves like EdgeLock-
>> + Enclave(ELE), SECO. The character device file-descriptors
>> + /dev/<se>_mu*_ch* are the interface between user-space NXP's secure-
>> + enclave shared-library and the kernel driver.
>> +
>> + The ioctl(2)-based ABI is defined and documented in
>> + [include]<linux/firmware/imx/ele_mu_ioctl.h>
>> + ioctl(s) are used primarily for:
>> + - shared memory management
>> + - allocation of I/O buffers
>> + - get mu info
>> + - setting a dev-ctx as receiver that is slave to fw
>> + - get SoC info
>> +
>> + The following file operations are supported:
>> +
>> + open(2)
>> + Currently the only useful flags are O_RDWR.
>> +
>> + read(2)
>> + Every read() from the opened character device context is waiting on
>> + wakeup_intruptible, that gets set by the registered mailbox callback
>> + function; indicating a message received from the firmware on message-
>> + unit.
>> +
>> + write(2)
>> + Every write() to the opened character device context needs to acquire
>> + mailbox_lock, before sending message on to the message unit.
>> +
>> + close(2)
>> + Stops and free up the I/O contexts that was associated
>> + with the file descriptor.
>> +
>> +Users: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=eKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgCpca6smAwvwFycf&s=IfKbvjSfdUcqz-WEWdhbj1_TnqGryOffX1dV0T5Rf_A&e= ,
>> + https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=eKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgCpca6smAwvwFycf&s=LLz2plXTM1AS-zJ1HlZRKiBE8GmRJBduR_0dnOuFjRo&e=
>> + crypto/skcipher,
>> + drivers/nvmem/imx-ocotp-ele.c
>> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
>> index 183613f82a11..56bdca9bd917 100644
>> --- a/drivers/firmware/imx/Kconfig
>> +++ b/drivers/firmware/imx/Kconfig
>> @@ -22,3 +22,15 @@ config IMX_SCU
>>
>> This driver manages the IPC interface between host CPU and the
>> SCU firmware running on M4.
>> +
>> +config IMX_SEC_ENCLAVE
>> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
>> + depends on IMX_MBOX && ARCH_MXC && ARM64
>> + default m if ARCH_MXC
>> +
>> + help
>> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
>> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
>> + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
>> + Unit. This driver exposes these interfaces via a set of file descriptors
>> + allowing to configure shared memory, send and receive messages.
>> diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
>> index 8f9f04a513a8..aa9033e0e9e3 100644
>> --- a/drivers/firmware/imx/Makefile
>> +++ b/drivers/firmware/imx/Makefile
>> @@ -1,3 +1,5 @@
>> # SPDX-License-Identifier: GPL-2.0
>> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
>> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
>> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
>> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
>> diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
>> new file mode 100644
>> index 000000000000..0463f26d93c7
>> --- /dev/null
>> +++ b/drivers/firmware/imx/ele_base_msg.c
>> @@ -0,0 +1,287 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +#include <linux/types.h>
>> +#include <linux/completion.h>
>> +#include <linux/dma-mapping.h>
>> +
>> +#include "ele_base_msg.h"
>> +#include "ele_common.h"
>> +
>> +int ele_get_info(struct device *dev, struct soc_info *s_info)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + struct se_api_msg *tx_msg __free(kfree);
>> + struct se_api_msg *rx_msg __free(kfree);
>> + phys_addr_t get_info_addr;
>> + u32 *get_info_data;
>> + u32 status;
>> + int ret;
>> +
>> + if (!priv || !s_info)
>> + goto exit;
>> +
>> + memset(s_info, 0x0, sizeof(*s_info));
>> +
>> + if (priv->mem_pool_name)
>> + get_info_data = get_phy_buf_mem_pool(dev,
>> + priv->mem_pool_name,
>> + &get_info_addr,
>> + ELE_GET_INFO_BUFF_SZ);
>> + else
>> + get_info_data = dmam_alloc_coherent(dev,
>> + ELE_GET_INFO_BUFF_SZ,
>> + &get_info_addr,
>> + GFP_KERNEL);
>> + if (!get_info_data) {
>> + ret = -ENOMEM;
>> + dev_err(dev,
>> + "%s: Failed to allocate get_info_addr.\n",
>> + __func__);
>> + goto exit;
>> + }
>> +
>> + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
>> + if (!tx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
It seems like you intended to use goto exit; instead of returning
directly from here. This would ensure that you can free the buffer
allocated with get_phy_buf_mem_pool in case of an allocation failure.
>> + }
>> +
>> + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
>> + if (!rx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + ret = plat_fill_cmd_msg_hdr(priv,
>> + (struct se_msg_hdr *)&tx_msg->header,
>> + ELE_GET_INFO_REQ,
>> + ELE_GET_INFO_REQ_MSG_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + tx_msg->data[0] = upper_32_bits(get_info_addr);
>> + tx_msg->data[1] = lower_32_bits(get_info_addr);
>> + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
>> + priv->rx_msg = rx_msg;
>> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
>> + if (ret < 0)
>> + goto exit;
>> +
>> + ret = validate_rsp_hdr(priv,
>> + priv->rx_msg->header,
>> + ELE_GET_INFO_REQ,
>> + ELE_GET_INFO_RSP_MSG_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + status = RES_STATUS(priv->rx_msg->data[0]);
>> + if (status != priv->success_tag) {
>> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
>> + ELE_GET_INFO_REQ, status);
>> + ret = -1;
>> + }
>> +
>> + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
>> + & ELE_IMEM_STATE_MASK) >> 16;
>> + s_info->major_ver = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
>> + & SOC_VER_MASK) >> 24;
>> + s_info->minor_ver = ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
>> + & SOC_VER_MASK) >> 16) & 0xFF;
>> + s_info->soc_rev = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
>> + & SOC_VER_MASK) >> 16;
>> + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
>> + & SOC_ID_MASK;
>> + s_info->serial_num
>> + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] << 32
>> + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
>> +exit:
>> + if (get_info_addr) {
>> + if (priv->mem_pool_name)
>> + free_phybuf_mem_pool(dev, priv->mem_pool_name,
>> + get_info_data, ELE_GET_INFO_BUFF_SZ);
>> + else
>> + dmam_free_coherent(dev,
>> + ELE_GET_INFO_BUFF_SZ,
>> + get_info_data,
>> + get_info_addr);
>> + }
>> +
>> + return ret;
>> +}
>> +
>> +int ele_ping(struct device *dev)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + struct se_api_msg *tx_msg __free(kfree);
>> + struct se_api_msg *rx_msg __free(kfree);
>
> If you want __free(kfree) it should be
>
> struct se_api_msg *tx_msg __free(kfree) = NULL;
> struct se_api_msg *rx_msg __free(kfree) = NULL;
>
> Or
>
> struct se_api_msg *tx_msg __free(kfree) = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL)
> struct se_api_msg *rx_msg __free(kfree) = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL)
>
> otherwise when
> if (!tx_msg) {
> return ret;
>
> ^^ when go here, rx_msg is random value. So kfree(rx_msg) will
> access random address.
>
> }
>
>> + u32 status;
>> + int ret;
>> +
>> + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
>> + if (!tx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>
>
> return -ENOMEM
>
> Frank
>
>> + }
>> +
>> + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
>> + if (!rx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + ret = plat_fill_cmd_msg_hdr(priv,
>> + (struct se_msg_hdr *)&tx_msg->header,
>> + ELE_PING_REQ, ELE_PING_REQ_SZ,
>> + true);
>> + if (ret) {
>> + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
>> + goto exit;
>> + }
>> +
>> + priv->rx_msg = rx_msg;
>> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
>> + if (ret)
>> + goto exit;
>> +
>> + ret = validate_rsp_hdr(priv,
>> + priv->rx_msg->header,
>> + ELE_PING_REQ,
>> + ELE_PING_RSP_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + status = RES_STATUS(priv->rx_msg->data[0]);
>> + if (status != priv->success_tag) {
>> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
>> + ELE_PING_REQ, status);
>> + ret = -1;
>> + }
>> +exit:
>> + return ret;
>> +}
>> +
>> +int ele_service_swap(struct device *dev,
>> + phys_addr_t addr,
>> + u32 addr_size, u16 flag)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + struct se_api_msg *tx_msg __free(kfree);
>> + struct se_api_msg *rx_msg __free(kfree);
>> + u32 status;
>> + int ret;
>> +
>> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2, GFP_KERNEL);
>> + if (!tx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
>> + if (!rx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + ret = plat_fill_cmd_msg_hdr(priv,
>> + (struct se_msg_hdr *)&tx_msg->header,
>> + ELE_SERVICE_SWAP_REQ,
>> + ELE_SERVICE_SWAP_REQ_MSG_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + tx_msg->data[0] = flag;
>> + tx_msg->data[1] = addr_size;
>> + tx_msg->data[2] = ELE_NONE_VAL;
>> + tx_msg->data[3] = lower_32_bits(addr);
>> + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
>> + ELE_SERVICE_SWAP_REQ_MSG_SZ);
>> + priv->rx_msg = rx_msg;
>> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
>> + if (ret < 0)
>> + goto exit;
>> +
>> + ret = validate_rsp_hdr(priv,
>> + priv->rx_msg->header,
>> + ELE_SERVICE_SWAP_REQ,
>> + ELE_SERVICE_SWAP_RSP_MSG_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + status = RES_STATUS(priv->rx_msg->data[0]);
>> + if (status != priv->success_tag) {
>> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
>> + ELE_SERVICE_SWAP_REQ, status);
>> + ret = -1;
>> + } else {
>> + if (flag == ELE_IMEM_EXPORT)
>> + ret = priv->rx_msg->data[1];
>> + else
>> + ret = 0;
>> + }
>> +exit:
>> +
>> + return ret;
>> +}
>> +
>> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + struct se_api_msg *tx_msg __free(kfree);
>> + struct se_api_msg *rx_msg __free(kfree);
>> + u32 status;
>> + int ret;
>> +
>> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
>> + if (!tx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
>> + if (!rx_msg) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> + ret = plat_fill_cmd_msg_hdr(priv,
>> + (struct se_msg_hdr *)&tx_msg->header,
>> + ELE_FW_AUTH_REQ,
>> + ELE_FW_AUTH_REQ_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + tx_msg->data[0] = addr;
>> + tx_msg->data[1] = 0x0;
>> + tx_msg->data[2] = addr;
>> +
>> + priv->rx_msg = rx_msg;
>> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
>> + if (ret < 0)
>> + goto exit;
>> +
>> + ret = validate_rsp_hdr(priv,
>> + priv->rx_msg->header,
>> + ELE_FW_AUTH_REQ,
>> + ELE_FW_AUTH_RSP_MSG_SZ,
>> + true);
>> + if (ret)
>> + goto exit;
>> +
>> + status = RES_STATUS(priv->rx_msg->data[0]);
>> + if (status != priv->success_tag) {
>> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
>> + ELE_FW_AUTH_REQ, status);
>> + ret = -1;
>> + }
>> +exit:
>> +
>> + return ret;
>> +}
>> diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h
>> new file mode 100644
>> index 000000000000..3b3d2bf04a84
>> --- /dev/null
>> +++ b/drivers/firmware/imx/ele_base_msg.h
>> @@ -0,0 +1,70 @@
>> +/* SPDX-License-Identifier: GPL-2.0+ */
>> +/*
>> + * Copyright 2024 NXP
>> + *
>> + * Header file for the EdgeLock Enclave Base API(s).
>> + */
>> +
>> +#ifndef ELE_BASE_MSG_H
>> +#define ELE_BASE_MSG_H
>> +
>> +#include <linux/device.h>
>> +#include <linux/types.h>
>> +
>> +#define WORD_SZ 4
>> +#define ELE_NONE_VAL 0x0
>> +
>> +#define ELE_SUCCESS_IND 0xD6
>> +
>> +#define ELE_GET_INFO_REQ 0xDA
>> +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
>> +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
>> +
>> +#define ELE_GET_INFO_BUFF_SZ 0x100
>> +#define ELE_GET_INFO_READ_SZ 0xA0
>> +
>> +#define DEFAULT_IMX_SOC_VER 0xA0
>> +#define SOC_VER_MASK 0xFFFF0000
>> +#define SOC_ID_MASK 0x0000FFFF
>> +struct soc_info {
>> + u32 imem_state;
>> + u8 major_ver;
>> + u8 minor_ver;
>> + u16 soc_id;
>> + u16 soc_rev;
>> + u64 serial_num;
>> +};
>> +
>> +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
>> +#define GET_INFO_UUID_WORD_OFFSET 3
>> +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
>> + (GET_INFO_UUID_WORD_OFFSET + 3)
>> +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
>> + (GET_INFO_UUID_WORD_OFFSET + 0)
>> +
>> +#define ELE_PING_REQ 0x01
>> +#define ELE_PING_REQ_SZ 0x04
>> +#define ELE_PING_RSP_SZ 0x08
>> +
>> +#define ELE_SERVICE_SWAP_REQ 0xDF
>> +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
>> +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
>> +#define ELE_IMEM_SIZE 0x10000
>> +#define ELE_IMEM_STATE_OK 0xCA
>> +#define ELE_IMEM_STATE_BAD 0xFE
>> +#define ELE_IMEM_STATE_WORD 0x27
>> +#define ELE_IMEM_STATE_MASK 0x00ff0000
>> +#define ELE_IMEM_EXPORT 0x1
>> +#define ELE_IMEM_IMPORT 0x2
>> +
>> +#define ELE_FW_AUTH_REQ 0x02
>> +#define ELE_FW_AUTH_REQ_SZ 0x10
>> +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
>> +
>> +int ele_get_info(struct device *dev, struct soc_info *s_info);
>> +int ele_ping(struct device *dev);
>> +int ele_service_swap(struct device *dev,
>> + phys_addr_t addr,
>> + u32 addr_size, u16 flag);
>> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
>> +#endif
>> diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
>> new file mode 100644
>> index 000000000000..dcf7f9034653
>> --- /dev/null
>> +++ b/drivers/firmware/imx/ele_common.c
>> @@ -0,0 +1,341 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +#include "ele_base_msg.h"
>> +#include "ele_common.h"
>> +
>> +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
>> +{
>> + u32 nb_words = msg_len / (u32)sizeof(u32);
>> + u32 crc = 0;
>> + u32 i;
>> +
>> + for (i = 0; i < nb_words - 1; i++)
>> + crc ^= *(msg + i);
>> +
>> + return crc;
>> +}
>> +
>> +int imx_ele_msg_rcv(struct se_if_priv *priv)
>> +{
>> + u32 wait;
>> + int err;
>> +
>> + wait = msecs_to_jiffies(1000);
>> + if (!wait_for_completion_timeout(&priv->done, wait)) {
>> + dev_err(priv->dev,
>> + "Error: wait_for_completion timed out.\n");
>> + err = -ETIMEDOUT;
>> + }
>> +
>> + mutex_unlock(&priv->se_if_cmd_lock);
>> + priv->no_dev_ctx_used = false;
>> +
>> + return err;
>> +}
>> +
>> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
>> +{
>> + bool is_cmd_lock_tobe_taken = false;
>> + int err;
>> +
>> + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
>> + is_cmd_lock_tobe_taken = true;
>> + mutex_lock(&priv->se_if_cmd_lock);
>> + }
>> + scoped_guard(mutex, &priv->se_if_lock);
>> +
>> + err = mbox_send_message(priv->tx_chan, mssg);
>> + if (err < 0) {
>> + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
>> + if (is_cmd_lock_tobe_taken)
>> + mutex_unlock(&priv->se_if_cmd_lock);
>> + return err;
>> + }
>> + err = 0;
>> +
>> + return err;
>> +}
>> +
>> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
>> +{
>> + int err;
>> +
>> + priv->no_dev_ctx_used = true;
>> + err = imx_ele_msg_send(priv, mssg);
>> + if (err)
>> + goto exit;
>> +
>> + err = imx_ele_msg_rcv(priv);
>> +
>> +exit:
>> + return err;
>> +}
>> +
>> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
>> +{
>> + struct se_msg_hdr header = {0};
>> + int err;
>> +
>> + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
>> + if (err)
>> + dev_err(dev_ctx->dev,
>> + "%s: Err[0x%x]:Interrupted by signal.\n",
>> + dev_ctx->miscdev.name, err);
>> +
>> + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
>> +
>> + if (header.tag == dev_ctx->priv->rsp_tag)
>> + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
>> +
>> + return err;
>> +}
>> +
>> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
>> + void *tx_msg, int tx_msg_sz)
>> +{
>> + struct se_if_priv *priv = dev_ctx->priv;
>> + struct se_msg_hdr header = {0};
>> + int err;
>> +
>> + header = *((struct se_msg_hdr *) tx_msg);
>> +
>> + /*
>> + * Check that the size passed as argument matches the size
>> + * carried in the message.
>> + */
>> + err = header.size << 2;
>> +
>> + if (err != tx_msg_sz) {
>> + err = -EINVAL;
>> + dev_err(priv->dev,
>> + "%s: User buffer too small\n",
>> + dev_ctx->miscdev.name);
>> + goto exit;
>> + }
>> + /* Check the message is valid according to tags */
>> + if (header.tag == priv->cmd_tag)
>> + priv->waiting_rsp_dev = dev_ctx;
>> + else if (header.tag == priv->rsp_tag) {
>> + /* Check the device context can send the command */
>> + if (dev_ctx != priv->cmd_receiver_dev) {
>> + dev_err(priv->dev,
>> + "%s: Channel not configured to send resp to FW.",
>> + dev_ctx->miscdev.name);
>> + err = -EPERM;
>> + goto exit;
>> + }
>> + } else {
>> + dev_err(priv->dev,
>> + "%s: The message does not have a valid TAG\n",
>> + dev_ctx->miscdev.name);
>> + err = -EINVAL;
>> + goto exit;
>> + }
>> + err = imx_ele_msg_send(priv, tx_msg);
>> +exit:
>> + return err;
>> +}
>> +
>> +/*
>> + * Callback called by mailbox FW, when data is received.
>> + */
>> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
>> +{
>> + struct device *dev = mbox_cl->dev;
>> + struct se_if_device_ctx *dev_ctx;
>> + struct se_api_msg *rx_msg;
>> + bool is_response = false;
>> + struct se_if_priv *priv;
>> + struct se_msg_hdr header;
>> +
>> + priv = dev_get_drvdata(dev);
>> + if (!priv) {
>> + dev_err(dev, "SE-MU Priv data is NULL;");
>> + return;
>> + }
>> +
>> + /* The function can be called with NULL msg */
>> + if (!msg) {
>> + dev_err(dev, "Message is invalid\n");
>> + return;
>> + }
>> +
>> + header.tag = ((u8 *)msg)[TAG_OFFSET];
>> + header.command = ((u8 *)msg)[CMD_OFFSET];
>> + header.size = ((u8 *)msg)[SZ_OFFSET];
>> + header.ver = ((u8 *)msg)[VER_OFFSET];
>> +
>> + /* Incoming command: wake up the receiver if any. */
>> + if (header.tag == priv->cmd_tag) {
>> + dev_dbg(dev, "Selecting cmd receiver\n");
>> + dev_ctx = priv->cmd_receiver_dev;
>> + } else if (header.tag == priv->rsp_tag) {
>> + if (priv->waiting_rsp_dev) {
>> + dev_dbg(dev, "Selecting rsp waiter\n");
>> + dev_ctx = priv->waiting_rsp_dev;
>> + is_response = true;
>> + } else {
>> + /*
>> + * Reading the EdgeLock Enclave response
>> + * to the command, sent by other
>> + * linux kernel services.
>> + */
>> + spin_lock(&priv->lock);
>> + memcpy(&priv->rx_msg, msg, header.size << 2);
>> +
>> + complete(&priv->done);
>> + spin_unlock(&priv->lock);
>> + return;
>> + }
>> + } else {
>> + dev_err(dev, "Failed to select a device for message: %.8x\n",
>> + *((u32 *) &header));
>> + return;
>> + }
>> + /* Init reception */
>> + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
>> + if (rx_msg)
>> + memcpy(rx_msg, msg, header.size << 2);
>> +
>> + dev_ctx->temp_resp = (u32 *)rx_msg;
>> + dev_ctx->temp_resp_size = header.size;
>> +
>> + /* Allow user to read */
>> + dev_ctx->pending_hdr = 1;
>> + wake_up_interruptible(&dev_ctx->wq);
>> +
>> + if (is_response)
>> + priv->waiting_rsp_dev = NULL;
>> +}
>> +
>> +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
>> + uint8_t msg_id, uint8_t sz, bool is_base_api)
>> +{
>> + int ret = -EINVAL;
>> + u32 size;
>> + u32 cmd;
>> + u32 tag;
>> + u32 ver;
>> +
>> + tag = MSG_TAG(header);
>> + cmd = MSG_COMMAND(header);
>> + size = MSG_SIZE(header);
>> + ver = MSG_VER(header);
>> +
>> + do {
>> + if (tag != priv->rsp_tag) {
>> + dev_err(priv->dev,
>> + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
>> + msg_id, tag, priv->rsp_tag);
>> + break;
>> + }
>> +
>> + if (cmd != msg_id) {
>> + dev_err(priv->dev,
>> + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
>> + cmd, msg_id);
>> + break;
>> + }
>> +
>> + if (size != (sz >> 2)) {
>> + dev_err(priv->dev,
>> + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
>> + msg_id, size, (sz >> 2));
>> + break;
>> + }
>> +
>> + if (is_base_api && (ver != priv->base_api_ver)) {
>> + dev_err(priv->dev,
>> + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)",
>> + msg_id, ver, priv->base_api_ver);
>> + break;
>> + } else if (!is_base_api && ver != priv->fw_api_ver) {
>> + dev_err(priv->dev,
>> + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
>> + msg_id, ver, priv->fw_api_ver);
>> + break;
>> + }
>> +
>> + ret = 0;
>> +
>> + } while (false);
>> +
>> + return ret;
>> +}
>> +
>> +int se_save_imem_state(struct device *dev)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + int ret;
>> +
>> + /* EXPORT command will save encrypted IMEM to given address,
>> + * so later in resume, IMEM can be restored from the given
>> + * address.
>> + *
>> + * Size must be at least 64 kB.
>> + */
>> + ret = ele_service_swap(dev,
>> + priv->imem.phyaddr,
>> + ELE_IMEM_SIZE,
>> + ELE_IMEM_EXPORT);
>> + if (ret < 0)
>> + dev_err(dev, "Failed to export IMEM\n");
>> + else
>> + dev_info(dev,
>> + "Exported %d bytes of encrypted IMEM\n",
>> + ret);
>> +
>> + return ret;
>> +}
>> +
>> +int se_restore_imem_state(struct device *dev)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + struct soc_info s_info;
>> + int ret;
>> +
>> + /* get info from ELE */
>> + ret = ele_get_info(dev, &s_info);
>> + if (ret) {
>> + dev_err(dev, "Failed to get info from ELE.\n");
>> + return ret;
>> + }
>> +
>> + /* Get IMEM state, if 0xFE then import IMEM */
>> + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
>> + /* IMPORT command will restore IMEM from the given
>> + * address, here size is the actual size returned by ELE
>> + * during the export operation
>> + */
>> + ret = ele_service_swap(dev,
>> + priv->imem.phyaddr,
>> + priv->imem.size,
>> + ELE_IMEM_IMPORT);
>> + if (ret) {
>> + dev_err(dev, "Failed to import IMEM\n");
>> + goto exit;
>> + }
>> + } else
>> + goto exit;
>> +
>> + /* After importing IMEM, check if IMEM state is equal to 0xCA
>> + * to ensure IMEM is fully loaded and
>> + * ELE functionality can be used.
>> + */
>> + ret = ele_get_info(dev, &s_info);
>> + if (ret) {
>> + dev_err(dev, "Failed to get info from ELE.\n");
>> + goto exit;
>> + }
>> +
>> + if (s_info.imem_state == ELE_IMEM_STATE_OK)
>> + dev_info(dev, "Successfully restored IMEM\n");
>> + else
>> + dev_err(dev, "Failed to restore IMEM\n");
>> +
>> +exit:
>> + return ret;
>> +}
>> diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
>> new file mode 100644
>> index 000000000000..6e3a2114bb56
>> --- /dev/null
>> +++ b/drivers/firmware/imx/ele_common.h
>> @@ -0,0 +1,43 @@
>> +/* SPDX-License-Identifier: GPL-2.0+ */
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +
>> +#ifndef __ELE_COMMON_H__
>> +#define __ELE_COMMON_H__
>> +
>> +#include "se_ctrl.h"
>> +
>> +#define IMX_ELE_FW_DIR "imx/ele/"
>> +
>> +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
>> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
>> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
>> + void *tx_msg, int tx_msg_sz);
>> +int imx_ele_msg_rcv(struct se_if_priv *priv);
>> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
>> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
>> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
>> +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
>> + u8 msg_id, u8 sz, bool is_base_api);
>> +
>> +/* Fill a command message header with a given command ID and length in bytes. */
>> +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
>> + struct se_msg_hdr *hdr,
>> + u8 cmd,
>> + u32 len,
>> + bool is_base_api)
>> +{
>> + hdr->tag = priv->cmd_tag;
>> + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
>> + hdr->command = cmd;
>> + hdr->size = len >> 2;
>> +
>> + return 0;
>> +}
>> +
>> +int se_save_imem_state(struct device *dev);
>> +int se_restore_imem_state(struct device *dev);
>> +
>> +#endif /*__ELE_COMMON_H__ */
>> diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
>> new file mode 100644
>> index 000000000000..11c5eaa7353f
>> --- /dev/null
>> +++ b/drivers/firmware/imx/se_ctrl.c
>> @@ -0,0 +1,1339 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +#include <linux/completion.h>
>> +#include <linux/delay.h>
>> +#include <linux/dev_printk.h>
>> +#include <linux/dma-mapping.h>
>> +#include <linux/errno.h>
>> +#include <linux/export.h>
>> +#include <linux/firmware.h>
>> +#include <linux/firmware/imx/se_api.h>
>> +#include <linux/genalloc.h>
>> +#include <linux/init.h>
>> +#include <linux/io.h>
>> +#include <linux/miscdevice.h>
>> +#include <linux/mod_devicetable.h>
>> +#include <linux/module.h>
>> +#include <linux/of_platform.h>
>> +#include <linux/of_reserved_mem.h>
>> +#include <linux/platform_device.h>
>> +#include <linux/slab.h>
>> +#include <linux/string.h>
>> +#include <linux/sys_soc.h>
>> +#include <uapi/linux/se_ioctl.h>
>> +
>> +#include "ele_base_msg.h"
>> +#include "ele_common.h"
>> +#include "se_ctrl.h"
>> +
>> +#define RESERVED_DMA_POOL BIT(1)
>> +
>> +struct imx_se_node_info {
>> + u8 se_if_id;
>> + u8 se_if_did;
>> + u8 max_dev_ctx;
>> + u8 cmd_tag;
>> + u8 rsp_tag;
>> + u8 success_tag;
>> + u8 base_api_ver;
>> + u8 fw_api_ver;
>> + u8 *se_name;
>> + u8 *mbox_tx_name;
>> + u8 *mbox_rx_name;
>> + u8 *pool_name;
>> + u8 *fw_name_in_rfs;
>> + bool soc_register;
>> + bool reserved_dma_ranges;
>> + bool imem_mgmt;
>> +};
>> +
>> +struct imx_se_node_info_list {
>> + u8 num_mu;
>> + u16 soc_id;
>> + u16 soc_rev;
>> + struct imx_se_node_info info[];
>> +};
>> +
>> +static const struct imx_se_node_info_list imx8ulp_info = {
>> + .num_mu = 1,
>> + .soc_id = SOC_ID_OF_IMX8ULP,
>> + .info = {
>> + {
>> + .se_if_id = 2,
>> + .se_if_did = 7,
>> + .max_dev_ctx = 4,
>> + .cmd_tag = 0x17,
>> + .rsp_tag = 0xe1,
>> + .success_tag = 0xd6,
>> + .base_api_ver = MESSAGING_VERSION_6,
>> + .fw_api_ver = MESSAGING_VERSION_7,
>> + .se_name = "hsm1",
>> + .mbox_tx_name = "tx",
>> + .mbox_rx_name = "rx",
>> + .pool_name = "sram",
>> + .fw_name_in_rfs = IMX_ELE_FW_DIR\
>> + "mx8ulpa2ext-ahab-container.img",
>> + .soc_register = true,
>> + .reserved_dma_ranges = true,
>> + .imem_mgmt = true,
>> + },
>> + },
>> +};
>> +
>> +static const struct imx_se_node_info_list imx93_info = {
>> + .num_mu = 1,
>> + .soc_id = SOC_ID_OF_IMX93,
>> + .info = {
>> + {
>> + .se_if_id = 2,
>> + .se_if_did = 3,
>> + .max_dev_ctx = 4,
>> + .cmd_tag = 0x17,
>> + .rsp_tag = 0xe1,
>> + .success_tag = 0xd6,
>> + .base_api_ver = MESSAGING_VERSION_6,
>> + .fw_api_ver = MESSAGING_VERSION_7,
>> + .se_name = "hsm1",
>> + .mbox_tx_name = "tx",
>> + .mbox_rx_name = "rx",
>> + .reserved_dma_ranges = true,
>> + .imem_mgmt = true,
>> + .soc_register = true,
>> + },
>> + },
>> +};
>> +
>> +static const struct of_device_id se_match[] = {
>> + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
>> + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
>> + {},
>> +};
>> +
>> +static struct imx_se_node_info
>> + *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
>> + const u32 idx)
>> +{
>> + if (idx < 0 || idx > info_list->num_mu)
>> + return NULL;
>> +
>> + return &info_list->info[idx];
>> +}
>> +
>> +void *get_phy_buf_mem_pool(struct device *dev,
>> + u8 *mem_pool_name,
>> + dma_addr_t *buf,
>> + u32 size)
>> +{
>> + struct device_node *of_node = dev->of_node;
>> + struct gen_pool *mem_pool;
>> +
>> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
>> + if (!mem_pool) {
>> + dev_err(dev,
>> + "Unable to get sram pool = %s\n",
>> + mem_pool_name);
>> + return 0;
>> + }
>> +
>> + return gen_pool_dma_alloc(mem_pool, size, buf);
>> +}
>> +
>> +void free_phybuf_mem_pool(struct device *dev,
>> + u8 *mem_pool_name,
>> + u32 *buf,
>> + u32 size)
>> +{
>> + struct device_node *of_node = dev->of_node;
>> + struct gen_pool *mem_pool;
>> +
>> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
>> + if (!mem_pool)
>> + dev_err(dev,
>> + "%s: Failed: Unable to get sram pool.\n",
>> + __func__);
>> +
>> + gen_pool_free(mem_pool, (u64)buf, size);
>> +}
>> +
>> +static int imx_fetch_soc_info(struct device *dev)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + struct imx_se_node_info_list *info_list;
>> + const struct imx_se_node_info *info;
>> + struct soc_device_attribute *attr;
>> + struct soc_device *sdev;
>> + struct soc_info s_info;
>> + int err = 0;
>> +
>> + info = priv->info;
>> + info_list = (struct imx_se_node_info_list *)
>> + device_get_match_data(dev->parent);
>> + if (info_list->soc_rev)
>> + return err;
>> +
>> + err = ele_get_info(dev, &s_info);
>> + if (err)
>> + s_info.major_ver = DEFAULT_IMX_SOC_VER;
>> +
>> + info_list->soc_rev = s_info.soc_rev;
>> +
>> + if (!info->soc_register)
>> + return 0;
>> +
>> + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
>> + if (!attr)
>> + return -ENOMEM;
>> +
>> + if (s_info.minor_ver)
>> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
>> + s_info.major_ver,
>> + s_info.minor_ver);
>> + else
>> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
>> + s_info.major_ver);
>> +
>> + switch (s_info.soc_id) {
>> + case SOC_ID_OF_IMX8ULP:
>> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
>> + "i.MX8ULP");
>> + break;
>> + case SOC_ID_OF_IMX93:
>> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
>> + "i.MX93");
>> + break;
>> + }
>> +
>> + err = of_property_read_string(of_root, "model",
>> + &attr->machine);
>> + if (err) {
>> + devm_kfree(dev, attr);
>> + return -EINVAL;
>> + }
>> + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
>> +
>> + attr->serial_number
>> + = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
>> +
>> + sdev = soc_device_register(attr);
>> + if (IS_ERR(sdev)) {
>> + devm_kfree(dev, attr->soc_id);
>> + devm_kfree(dev, attr->serial_number);
>> + devm_kfree(dev, attr->revision);
>> + devm_kfree(dev, attr->family);
>> + devm_kfree(dev, attr->machine);
>> + devm_kfree(dev, attr);
>> + return PTR_ERR(sdev);
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +/*
>> + * File operations for user-space
>> + */
>> +
>> +/* Write a message to the MU. */
>> +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
>> + size_t size, loff_t *ppos)
>> +{
>> + struct se_api_msg *tx_msg __free(kfree);
>> + struct se_if_device_ctx *dev_ctx;
>> + struct se_if_priv *priv;
>> + int err;
>> +
>> + dev_ctx = container_of(fp->private_data,
>> + struct se_if_device_ctx,
>> + miscdev);
>> + priv = dev_ctx->priv;
>> + dev_dbg(priv->dev,
>> + "%s: write from buf (%p)%zu, ppos=%lld\n",
>> + dev_ctx->miscdev.name,
>> + buf, size, ((ppos) ? *ppos : 0));
>> +
>> + if (down_interruptible(&dev_ctx->fops_lock))
>> + return -EBUSY;
>> +
>> + if (dev_ctx->status != MU_OPENED) {
>> + err = -EINVAL;
>> + goto exit;
>> + }
>> +
>> + if (size < SE_MU_HDR_SZ) {
>> + dev_err(priv->dev,
>> + "%s: User buffer too small(%zu < %d)\n",
>> + dev_ctx->miscdev.name,
>> + size, SE_MU_HDR_SZ);
>> + err = -ENOSPC;
>> + goto exit;
>> + }
>> +
>> + tx_msg = memdup_user((void __user *)ppos, size);
>> + if (!tx_msg) {
>> + err = -ENOMEM;
>> + goto exit;
>> + }
>> +
>> + /* Copy data to buffer */
>> + if (copy_from_user(tx_msg, buf, size)) {
>> + err = -EFAULT;
>> + dev_err(priv->dev,
>> + "%s: Fail copy message from user\n",
>> + dev_ctx->miscdev.name);
>> + goto exit;
>> + }
>> +
>> + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
>> + tx_msg, size, false);
>> +
>> + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
>> +
>> +exit:
>> + up(&dev_ctx->fops_lock);
>> + return err;
>> +}
>> +
>> +/*
>> + * Read a message from the MU.
>> + * Blocking until a message is available.
>> + */
>> +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
>> + size_t size, loff_t *ppos)
>> +{
>> + struct se_if_device_ctx *dev_ctx;
>> + struct se_buf_desc *b_desc;
>> + struct se_if_priv *priv;
>> + u32 size_to_copy;
>> + int err;
>> +
>> + dev_ctx = container_of(fp->private_data,
>> + struct se_if_device_ctx,
>> + miscdev);
>> + priv = dev_ctx->priv;
>> + dev_dbg(priv->dev,
>> + "%s: read to buf %p(%zu), ppos=%lld\n",
>> + dev_ctx->miscdev.name,
>> + buf, size, ((ppos) ? *ppos : 0));
>> +
>> + if (down_interruptible(&dev_ctx->fops_lock))
>> + return -EBUSY;
>> +
>> + if (dev_ctx->status != MU_OPENED) {
>> + err = -EINVAL;
>> + goto exit;
>> + }
>> +
>> + err = imx_ele_miscdev_msg_rcv(dev_ctx);
>> + if (err)
>> + goto exit;
>> +
>> + /* Buffer containing the message from FW, is
>> + * allocated in callback function.
>> + * Check if buffer allocation failed.
>> + */
>> + if (!dev_ctx->temp_resp) {
>> + err = -ENOMEM;
>> + goto exit;
>> + }
>> +
>> + dev_dbg(priv->dev,
>> + "%s: %s %s\n",
>> + dev_ctx->miscdev.name,
>> + __func__,
>> + "message received, start transmit to user");
>> +
>> + /*
>> + * Check that the size passed as argument is larger than
>> + * the one carried in the message.
>> + */
>> + size_to_copy = dev_ctx->temp_resp_size << 2;
>> + if (size_to_copy > size) {
>> + dev_dbg(priv->dev,
>> + "%s: User buffer too small (%zu < %d)\n",
>> + dev_ctx->miscdev.name,
>> + size, size_to_copy);
>> + size_to_copy = size;
>> + }
>> +
>> + /*
>> + * We may need to copy the output data to user before
>> + * delivering the completion message.
>> + */
>> + while (!list_empty(&dev_ctx->pending_out)) {
>> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
>> + struct se_buf_desc,
>> + link);
>> + if (!b_desc)
>> + continue;
>> +
>> + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
>> +
>> + dev_dbg(priv->dev,
>> + "%s: Copy output data to user\n",
>> + dev_ctx->miscdev.name);
>> + if (copy_to_user(b_desc->usr_buf_ptr,
>> + b_desc->shared_buf_ptr,
>> + b_desc->size)) {
>> + dev_err(priv->dev,
>> + "%s: Failure copying output data to user.",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> + }
>> +
>> + if (b_desc->shared_buf_ptr)
>> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
>> +
>> + __list_del_entry(&b_desc->link);
>> + kfree(b_desc);
>> + }
>> +
>> + /* Copy data from the buffer */
>> + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
>> + dev_ctx->temp_resp, size_to_copy, false);
>> + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
>> + dev_err(priv->dev,
>> + "%s: Failed to copy to user\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> +
>> + err = size_to_copy;
>> + kfree(dev_ctx->temp_resp);
>> +
>> + /* free memory allocated on the shared buffers. */
>> + dev_ctx->secure_mem.pos = 0;
>> + dev_ctx->non_secure_mem.pos = 0;
>> +
>> + dev_ctx->pending_hdr = 0;
>> +
>> +exit:
>> + /*
>> + * Clean the used Shared Memory space,
>> + * whether its Input Data copied from user buffers, or
>> + * Data received from FW.
>> + */
>> + while (!list_empty(&dev_ctx->pending_in) ||
>> + !list_empty(&dev_ctx->pending_out)) {
>> + if (!list_empty(&dev_ctx->pending_in))
>> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
>> + struct se_buf_desc,
>> + link);
>> + else
>> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
>> + struct se_buf_desc,
>> + link);
>> +
>> + if (!b_desc)
>> + continue;
>> +
>> + if (b_desc->shared_buf_ptr)
>> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
>> +
>> + __list_del_entry(&b_desc->link);
>> + kfree(b_desc);
>> + }
>> +
>> + up(&dev_ctx->fops_lock);
>> + return err;
>> +}
>> +
>> +/* Give access to EdgeLock Enclave, to the memory we want to share */
>> +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
>> + u64 addr, u32 len)
>> +{
>> + /* Assuming EdgeLock Enclave has access to all the memory regions */
>> + int ret = 0;
>> +
>> + if (ret) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
>> + goto exit;
>> + }
>> +
>> + if (ret) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Fail set permission for resource\n",
>> + dev_ctx->miscdev.name);
>> + goto exit;
>> + }
>> +
>> +exit:
>> + return ret;
>> +}
>> +
>> +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
>> + u64 arg)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
>> + struct imx_se_node_info *if_node_info;
>> + struct se_ioctl_get_if_info info;
>> + int err = 0;
>> +
>> + if_node_info = (struct imx_se_node_info *)priv->info;
>> +
>> + info.se_if_id = if_node_info->se_if_id;
>> + info.interrupt_idx = 0;
>> + info.tz = 0;
>> + info.did = if_node_info->se_if_did;
>> + info.cmd_tag = if_node_info->cmd_tag;
>> + info.rsp_tag = if_node_info->rsp_tag;
>> + info.success_tag = if_node_info->success_tag;
>> + info.base_api_ver = if_node_info->base_api_ver;
>> + info.fw_api_ver = if_node_info->fw_api_ver;
>> +
>> + dev_dbg(priv->dev,
>> + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
>> + dev_ctx->miscdev.name,
>> + info.se_if_id, info.interrupt_idx, info.tz, info.did);
>> +
>> + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed to copy mu info to user\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> +
>> +exit:
>> + return err;
>> +}
>> +
>> +/*
>> + * Copy a buffer of data to/from the user and return the address to use in
>> + * messages
>> + */
>> +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
>> + u64 arg)
>> +{
>> + struct se_ioctl_setup_iobuf io = {0};
>> + struct se_shared_mem *shared_mem;
>> + struct se_buf_desc *b_desc;
>> + int err = 0;
>> + u32 pos;
>> +
>> + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed copy iobuf config from user\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> +
>> + dev_dbg(dev_ctx->priv->dev,
>> + "%s: io [buf: %p(%d) flag: %x]\n",
>> + dev_ctx->miscdev.name,
>> + io.user_buf, io.length, io.flags);
>> +
>> + if (io.length == 0 || !io.user_buf) {
>> + /*
>> + * Accept NULL pointers since some buffers are optional
>> + * in FW commands. In this case we should return 0 as
>> + * pointer to be embedded into the message.
>> + * Skip all data copy part of code below.
>> + */
>> + io.ele_addr = 0;
>> + goto copy;
>> + }
>> +
>> + /* Select the shared memory to be used for this buffer. */
>> + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
>> + /* App requires to use secure memory for this buffer.*/
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed allocate SEC MEM memory\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + } else {
>> + /* No specific requirement for this buffer. */
>> + shared_mem = &dev_ctx->non_secure_mem;
>> + }
>> +
>> + /* Check there is enough space in the shared memory. */
>> + if (shared_mem->size < shared_mem->pos
>> + || io.length >= shared_mem->size - shared_mem->pos) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Not enough space in shared memory\n",
>> + dev_ctx->miscdev.name);
>> + err = -ENOMEM;
>> + goto exit;
>> + }
>> +
>> + /* Allocate space in shared memory. 8 bytes aligned. */
>> + pos = shared_mem->pos;
>> + shared_mem->pos += round_up(io.length, 8u);
>> + io.ele_addr = (u64)shared_mem->dma_addr + pos;
>> +
>> + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
>> + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
>> + /*Add base address to get full address.*/
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed allocate SEC MEM memory\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> +
>> + memset(shared_mem->ptr + pos, 0, io.length);
>> + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
>> + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
>> + /*
>> + * buffer is input:
>> + * copy data from user space to this allocated buffer.
>> + */
>> + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
>> + io.length)) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed copy data to shared memory\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> + }
>> +
>> + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
>> + if (!b_desc) {
>> + err = -ENOMEM;
>> + goto exit;
>> + }
>> +
>> +copy:
>> + /* Provide the EdgeLock Enclave address to user space only if success.*/
>> + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed to copy iobuff setup to user\n",
>> + dev_ctx->miscdev.name);
>> + kfree(b_desc);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> +
>> + if (b_desc) {
>> + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
>> + b_desc->usr_buf_ptr = io.user_buf;
>> + b_desc->size = io.length;
>> +
>> + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
>> + /*
>> + * buffer is input:
>> + * add an entry in the "pending input buffers" list so
>> + * that copied data can be cleaned from shared memory
>> + * later.
>> + */
>> + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
>> + } else {
>> + /*
>> + * buffer is output:
>> + * add an entry in the "pending out buffers" list so data
>> + * can be copied to user space when receiving Secure-Enclave
>> + * response.
>> + */
>> + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
>> + }
>> + }
>> +
>> +exit:
>> + return err;
>> +}
>> +
>> +/* IOCTL to provide SoC information */
>> +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
>> + u64 arg)
>> +{
>> + struct imx_se_node_info_list *info_list;
>> + struct se_ioctl_get_soc_info soc_info;
>> + int err = -EINVAL;
>> +
>> + info_list = (struct imx_se_node_info_list *)
>> + device_get_match_data(dev_ctx->priv->dev->parent);
>> + if (!info_list)
>> + goto exit;
>> +
>> + soc_info.soc_id = info_list->soc_id;
>> + soc_info.soc_rev = info_list->soc_rev;
>> +
>> + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
>> + if (err) {
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed to copy soc info to user\n",
>> + dev_ctx->miscdev.name);
>> + err = -EFAULT;
>> + goto exit;
>> + }
>> +
>> +exit:
>> + return err;
>> +}
>> +
>> +/* Open a character device. */
>> +static int se_if_fops_open(struct inode *nd, struct file *fp)
>> +{
>> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
>> + struct se_if_device_ctx,
>> + miscdev);
>> + int err;
>> +
>> + /* Avoid race if opened at the same time */
>> + if (down_trylock(&dev_ctx->fops_lock))
>> + return -EBUSY;
>> +
>> + /* Authorize only 1 instance. */
>> + if (dev_ctx->status != MU_FREE) {
>> + err = -EBUSY;
>> + goto exit;
>> + }
>> +
>> + /*
>> + * Allocate some memory for data exchanges with S40x.
>> + * This will be used for data not requiring secure memory.
>> + */
>> + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
>> + MAX_DATA_SIZE_PER_USER,
>> + &dev_ctx->non_secure_mem.dma_addr,
>> + GFP_KERNEL);
>> + if (!dev_ctx->non_secure_mem.ptr) {
>> + err = -ENOMEM;
>> + goto exit;
>> + }
>> +
>> + err = se_if_setup_se_mem_access(dev_ctx,
>> + dev_ctx->non_secure_mem.dma_addr,
>> + MAX_DATA_SIZE_PER_USER);
>> + if (err) {
>> + err = -EPERM;
>> + dev_err(dev_ctx->priv->dev,
>> + "%s: Failed to share access to shared memory\n",
>> + dev_ctx->miscdev.name);
>> + goto free_coherent;
>> + }
>> +
>> + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
>> + dev_ctx->non_secure_mem.pos = 0;
>> + dev_ctx->status = MU_OPENED;
>> +
>> + dev_ctx->pending_hdr = 0;
>> +
>> + goto exit;
>> +
>> +free_coherent:
>> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
>> + dev_ctx->non_secure_mem.ptr,
>> + dev_ctx->non_secure_mem.dma_addr);
>> +
>> +exit:
>> + up(&dev_ctx->fops_lock);
>> + return err;
>> +}
>> +
>> +/* Close a character device. */
>> +static int se_if_fops_close(struct inode *nd, struct file *fp)
>> +{
>> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
>> + struct se_if_device_ctx,
>> + miscdev);
>> + struct se_if_priv *priv = dev_ctx->priv;
>> + struct se_buf_desc *b_desc;
>> +
>> + /* Avoid race if closed at the same time */
>> + if (down_trylock(&dev_ctx->fops_lock))
>> + return -EBUSY;
>> +
>> + /* The device context has not been opened */
>> + if (dev_ctx->status != MU_OPENED)
>> + goto exit;
>> +
>> + /* check if this device was registered as command receiver. */
>> + if (priv->cmd_receiver_dev == dev_ctx)
>> + priv->cmd_receiver_dev = NULL;
>> +
>> + /* check if this device was registered as waiting response. */
>> + if (priv->waiting_rsp_dev == dev_ctx) {
>> + priv->waiting_rsp_dev = NULL;
>> + mutex_unlock(&priv->se_if_cmd_lock);
>> + }
>> +
>> + /* Unmap secure memory shared buffer. */
>> + if (dev_ctx->secure_mem.ptr)
>> + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
>> +
>> + dev_ctx->secure_mem.ptr = NULL;
>> + dev_ctx->secure_mem.dma_addr = 0;
>> + dev_ctx->secure_mem.size = 0;
>> + dev_ctx->secure_mem.pos = 0;
>> +
>> + /* Free non-secure shared buffer. */
>> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
>> + dev_ctx->non_secure_mem.ptr,
>> + dev_ctx->non_secure_mem.dma_addr);
>> +
>> + dev_ctx->non_secure_mem.ptr = NULL;
>> + dev_ctx->non_secure_mem.dma_addr = 0;
>> + dev_ctx->non_secure_mem.size = 0;
>> + dev_ctx->non_secure_mem.pos = 0;
>> +
>> + while (!list_empty(&dev_ctx->pending_in) ||
>> + !list_empty(&dev_ctx->pending_out)) {
>> + if (!list_empty(&dev_ctx->pending_in))
>> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
>> + struct se_buf_desc,
>> + link);
>> + else
>> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
>> + struct se_buf_desc,
>> + link);
>> +
>> + if (!b_desc)
>> + continue;
>> +
>> + if (b_desc->shared_buf_ptr)
>> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
>> +
>> + __list_del_entry(&b_desc->link);
>> + devm_kfree(dev_ctx->dev, b_desc);
>> + }
>> +
>> + dev_ctx->status = MU_FREE;
>> +
>> +exit:
>> + up(&dev_ctx->fops_lock);
>> + return 0;
>> +}
>> +
>> +/* IOCTL entry point of a character device */
>> +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
>> +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
>> +{
>> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
>> + struct se_if_device_ctx,
>> + miscdev);
>> + struct se_if_priv *se_if_priv = dev_ctx->priv;
>> + int err = -EINVAL;
>> +
>> + /* Prevent race during change of device context */
>> + if (down_interruptible(&dev_ctx->fops_lock))
>> + return -EBUSY;
>> +
>> + switch (cmd) {
>> + case SE_IOCTL_ENABLE_CMD_RCV:
>> + if (!se_if_priv->cmd_receiver_dev) {
>> + se_if_priv->cmd_receiver_dev = dev_ctx;
>> + err = 0;
>> + }
>> + break;
>> + case SE_IOCTL_GET_MU_INFO:
>> + err = se_ioctl_get_mu_info(dev_ctx, arg);
>> + break;
>> + case SE_IOCTL_SETUP_IOBUF:
>> + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
>> + break;
>> + case SE_IOCTL_GET_SOC_INFO:
>> + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
>> + break;
>> +
>> + default:
>> + err = -EINVAL;
>> + dev_dbg(se_if_priv->dev,
>> + "%s: IOCTL %.8x not supported\n",
>> + dev_ctx->miscdev.name,
>> + cmd);
>> + }
>> +
>> + up(&dev_ctx->fops_lock);
>> + return (long)err;
>> +}
>> +
>> +/* Char driver setup */
>> +static const struct file_operations se_if_fops = {
>> + .open = se_if_fops_open,
>> + .owner = THIS_MODULE,
>> + .release = se_if_fops_close,
>> + .unlocked_ioctl = se_ioctl,
>> + .read = se_if_fops_read,
>> + .write = se_if_fops_write,
>> +};
>> +
>> +/* interface for managed res to free a mailbox channel */
>> +static void if_mbox_free_channel(void *mbox_chan)
>> +{
>> + mbox_free_channel(mbox_chan);
>> +}
>> +
>> +/* interface for managed res to unregister a character device */
>> +static void if_misc_deregister(void *miscdevice)
>> +{
>> + misc_deregister(miscdevice);
>> +}
>> +
>> +static int se_if_request_channel(struct device *dev,
>> + struct mbox_chan **chan,
>> + struct mbox_client *cl,
>> + const u8 *name)
>> +{
>> + struct mbox_chan *t_chan;
>> + int ret = 0;
>> +
>> + t_chan = mbox_request_channel_byname(cl, name);
>> + if (IS_ERR(t_chan)) {
>> + ret = PTR_ERR(t_chan);
>> + if (ret != -EPROBE_DEFER)
>> + dev_err(dev,
>> + "Failed to request chan %s ret %d\n", name,
>> + ret);
>> + goto exit;
>> + }
>> +
>> + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
>> + if (ret) {
>> + dev_err(dev, "failed to add devm removal of mbox %s\n", name);
>> + goto exit;
>> + }
>> +
>> + *chan = t_chan;
>> +
>> +exit:
>> + return ret;
>> +}
>> +
>> +static int se_probe_if_cleanup(struct platform_device *pdev)
>> +{
>> + struct device *dev = &pdev->dev;
>> + struct se_if_priv *priv;
>> + int ret = 0;
>> + int i;
>> +
>> + priv = dev_get_drvdata(dev);
>> + if (!priv) {
>> + ret = 0;
>> + dev_dbg(dev, "SE-MU Priv data is NULL;");
>> + return ret;
>> + }
>> +
>> + if (priv->tx_chan)
>> + mbox_free_channel(priv->tx_chan);
>> + if (priv->rx_chan)
>> + mbox_free_channel(priv->rx_chan);
>> +
>> + /* free the buffer in se remove, previously allocated
>> + * in se probe to store encrypted IMEM
>> + */
>> + if (priv->imem.buf) {
>> + dmam_free_coherent(dev,
>> + ELE_IMEM_SIZE,
>> + priv->imem.buf,
>> + priv->imem.phyaddr);
>> + priv->imem.buf = NULL;
>> + }
>> +
>> + if (priv->ctxs) {
>> + for (i = 0; i < priv->max_dev_ctx; i++) {
>> + if (priv->ctxs[i]) {
>> + devm_remove_action(dev,
>> + if_misc_deregister,
>> + &priv->ctxs[i]->miscdev);
>> + misc_deregister(&priv->ctxs[i]->miscdev);
>> + devm_kfree(dev, priv->ctxs[i]);
>> + }
>> + }
>> + devm_kfree(dev, priv->ctxs);
>> + }
>> +
>> + if (priv->flags & RESERVED_DMA_POOL) {
>> + of_reserved_mem_device_release(dev);
>> + priv->flags &= (~RESERVED_DMA_POOL);
>> + }
>> +
>> + devm_kfree(dev, priv);
>> + of_node_put(dev->of_node);
>> + of_platform_device_destroy(dev, NULL);
>> +
>> + return ret;
>> +}
>> +
>> +static int se_probe_cleanup(struct platform_device *pdev)
>> +{
>> + struct device *dev = &pdev->dev;
>> + struct device_node *if_dn;
>> +
>> + /* Enumerate se-interface device nodes. */
>> + for_each_child_of_node(dev->of_node, if_dn) {
>> + struct platform_device *if_pdev
>> + = of_find_device_by_node(if_dn);
>> + if (se_probe_if_cleanup(if_pdev))
>> + dev_err(dev,
>> + "Failed to clean-up child node probe.\n");
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +static int init_device_context(struct device *dev)
>> +{
>> + const struct imx_se_node_info *info;
>> + struct se_if_device_ctx *dev_ctx;
>> + struct se_if_priv *priv;
>> + u8 *devname;
>> + int ret = 0;
>> + int i;
>> +
>> + priv = dev_get_drvdata(dev);
>> +
>> + if (!priv) {
>> + ret = -EINVAL;
>> + dev_err(dev, "Invalid SE-MU Priv data");
>> + return ret;
>> + }
>> + info = priv->info;
>> +
>> + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
>> + GFP_KERNEL);
>> +
>> + if (!priv->ctxs) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + /* Create users */
>> + for (i = 0; i < priv->max_dev_ctx; i++) {
>> + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
>> + if (!dev_ctx) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + dev_ctx->dev = dev;
>> + dev_ctx->status = MU_FREE;
>> + dev_ctx->priv = priv;
>> +
>> + priv->ctxs[i] = dev_ctx;
>> +
>> + /* Default value invalid for an header. */
>> + init_waitqueue_head(&dev_ctx->wq);
>> +
>> + INIT_LIST_HEAD(&dev_ctx->pending_out);
>> + INIT_LIST_HEAD(&dev_ctx->pending_in);
>> + sema_init(&dev_ctx->fops_lock, 1);
>> +
>> + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
>> + info->se_name, i);
>> + if (!devname) {
>> + ret = -ENOMEM;
>> + return ret;
>> + }
>> +
>> + dev_ctx->miscdev.name = devname;
>> + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
>> + dev_ctx->miscdev.fops = &se_if_fops;
>> + dev_ctx->miscdev.parent = dev;
>> + ret = misc_register(&dev_ctx->miscdev);
>> + if (ret) {
>> + dev_err(dev, "failed to register misc device %d\n",
>> + ret);
>> + return ret;
>> + }
>> +
>> + ret = devm_add_action(dev, if_misc_deregister,
>> + &dev_ctx->miscdev);
>> + if (ret) {
>> + dev_err(dev,
>> + "failed[%d] to add action to the misc-dev\n",
>> + ret);
>> + return ret;
>> + }
>> + }
>> +
>> + return ret;
>> +}
>> +
>> +static void se_load_firmware(const struct firmware *fw, void *context)
>> +{
>> + struct se_if_priv *priv = (struct se_if_priv *) context;
>> + const struct imx_se_node_info *info = priv->info;
>> + const u8 *se_fw_name = info->fw_name_in_rfs;
>> + phys_addr_t se_fw_phyaddr;
>> + u8 *se_fw_buf;
>> +
>> + if (!fw) {
>> + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
>> + dev_dbg(priv->dev,
>> + "External FW not found, using ROM FW.\n");
>> + else {
>> + /*add a bit delay to wait for firmware priv released */
>> + msleep(20);
>> +
>> + /* Load firmware one more time if timeout */
>> + request_firmware_nowait(THIS_MODULE,
>> + FW_ACTION_UEVENT, info->fw_name_in_rfs,
>> + priv->dev, GFP_KERNEL, priv,
>> + se_load_firmware);
>> + priv->fw_fail++;
>> + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
>> + priv->fw_fail);
>> + }
>> +
>> + return;
>> + }
>> +
>> + /* allocate buffer to store the SE FW */
>> + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
>> + &se_fw_phyaddr,
>> + GFP_KERNEL);
>> + if (!se_fw_buf) {
>> + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
>> + goto exit;
>> + }
>> +
>> + memcpy(se_fw_buf, fw->data, fw->size);
>> +
>> + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
>> + dev_err(priv->dev,
>> + "Failed to authenticate & load SE firmware %s.\n",
>> + se_fw_name);
>> +
>> +exit:
>> + dmam_free_coherent(priv->dev,
>> + fw->size,
>> + se_fw_buf,
>> + se_fw_phyaddr);
>> +
>> + release_firmware(fw);
>> +}
>> +
>> +static int se_if_probe(struct platform_device *pdev)
>> +{
>> + struct imx_se_node_info_list *info_list;
>> + struct device *dev = &pdev->dev;
>> + struct imx_se_node_info *info;
>> + struct se_if_priv *priv;
>> + u32 idx;
>> + int ret;
>> +
>> + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
>> + ret = -EINVAL;
>> + goto exit;
>> + }
>> +
>> + info_list = (struct imx_se_node_info_list *)
>> + device_get_match_data(dev->parent);
>> + info = get_imx_se_node_info(info_list, idx);
>> +
>> + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
>> + if (!priv) {
>> + ret = -ENOMEM;
>> + goto exit;
>> + }
>> +
>> + dev_set_drvdata(dev, priv);
>> +
>> + /* Mailbox client configuration */
>> + priv->se_mb_cl.dev = dev;
>> + priv->se_mb_cl.tx_block = false;
>> + priv->se_mb_cl.knows_txdone = true;
>> + priv->se_mb_cl.rx_callback = se_if_rx_callback;
>> +
>> + ret = se_if_request_channel(dev, &priv->tx_chan,
>> + &priv->se_mb_cl, info->mbox_tx_name);
>> + if (ret) {
>> + if (ret == -EPROBE_DEFER)
>> + dev_err(dev, "Mailbox tx channel, is not ready.\n");
>> + else
>> + dev_err(dev, "Failed to request tx channel\n");
>> +
>> + goto exit;
>> + }
>> +
>> + ret = se_if_request_channel(dev, &priv->rx_chan,
>> + &priv->se_mb_cl, info->mbox_rx_name);
>> + if (ret) {
>> + if (ret == -EPROBE_DEFER)
>> + dev_err(dev, "Mailbox rx channel, is not ready.\n");
>> + else
>> + dev_dbg(dev, "Failed to request rx channel\n");
>> +
>> + goto exit;
>> + }
>> +
>> + priv->dev = dev;
>> + priv->info = info;
>> +
>> + /* Initialize the mutex. */
>> + mutex_init(&priv->se_if_lock);
>> + mutex_init(&priv->se_if_cmd_lock);
>> +
>> + priv->cmd_receiver_dev = NULL;
>> + priv->waiting_rsp_dev = NULL;
>> + priv->max_dev_ctx = info->max_dev_ctx;
>> + priv->cmd_tag = info->cmd_tag;
>> + priv->rsp_tag = info->rsp_tag;
>> + priv->mem_pool_name = info->pool_name;
>> + priv->success_tag = info->success_tag;
>> + priv->base_api_ver = info->base_api_ver;
>> + priv->fw_api_ver = info->fw_api_ver;
>> +
>> + init_completion(&priv->done);
>> + spin_lock_init(&priv->lock);
>> +
>> + if (info->reserved_dma_ranges) {
>> + ret = of_reserved_mem_device_init(dev);
>> + if (ret) {
>> + dev_err(dev,
>> + "failed to init reserved memory region %d\n",
>> + ret);
>> + priv->flags &= (~RESERVED_DMA_POOL);
>> + goto exit;
>> + }
>> + priv->flags |= RESERVED_DMA_POOL;
>> + }
>> +
>> + if (info->fw_name_in_rfs) {
>> + ret = request_firmware_nowait(THIS_MODULE,
>> + FW_ACTION_UEVENT,
>> + info->fw_name_in_rfs,
>> + dev, GFP_KERNEL, priv,
>> + se_load_firmware);
>> + if (ret)
>> + dev_warn(dev, "Failed to get firmware [%s].\n",
>> + info->fw_name_in_rfs);
>> + }
>> +
>> + ret = imx_fetch_soc_info(dev);
>> + if (ret) {
>> + dev_err(dev,
>> + "failed[%d] to fetch SoC Info\n", ret);
>> + goto exit;
>> + }
>> +
>> + if (info->imem_mgmt) {
>> + /* allocate buffer where SE store encrypted IMEM */
>> + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
>> + &priv->imem.phyaddr,
>> + GFP_KERNEL);
>> + if (!priv->imem.buf) {
>> + dev_err(dev,
>> + "dmam-alloc-failed: To store encr-IMEM.\n");
>> + ret = -ENOMEM;
>> + goto exit;
>> + }
>> + }
>> +
>> + if (info->max_dev_ctx) {
>> + ret = init_device_context(dev);
>> + if (ret) {
>> + dev_err(dev,
>> + "Failed[0x%x] to create device contexts.\n",
>> + ret);
>> + goto exit;
>> + }
>> + }
>> +
>> + dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
>> + info->se_name);
>> + return devm_of_platform_populate(dev);
>> +
>> +exit:
>> + /* if execution control reaches here, if probe fails.
>> + * hence doing the cleanup
>> + */
>> + if (se_probe_if_cleanup(pdev))
>> + dev_err(dev,
>> + "Failed to clean-up the child node probe.\n");
>> +
>> + return ret;
>> +}
>> +
>> +static int se_probe(struct platform_device *pdev)
>> +{
>> + struct device_node *enum_dev_node;
>> + struct device *dev = &pdev->dev;
>> + int enum_count;
>> + int ret;
>> +
>> + enum_count = of_get_child_count(dev->of_node);
>> + if (!enum_count) {
>> + ret = -EINVAL;
>> + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
>> + return ret;
>> + }
>> +
>> + for_each_child_of_node(dev->of_node, enum_dev_node) {
>> + struct platform_device *enum_plat_dev __maybe_unused;
>> +
>> + if (!of_device_is_available(enum_dev_node))
>> + continue;
>> +
>> + enum_plat_dev = of_platform_device_create(enum_dev_node,
>> + NULL,
>> + dev);
>> + if (!enum_plat_dev) {
>> + ret = -EINVAL;
>> + of_node_put(enum_dev_node);
>> + dev_err(dev,
>> + "Failed to create enumerated platform device.");
>> + break;
>> + }
>> +
>> + ret = se_if_probe(enum_plat_dev);
>> + }
>> + return ret;
>> +}
>> +
>> +static int se_remove(struct platform_device *pdev)
>> +{
>> + if (se_probe_cleanup(pdev))
>> + dev_err(&pdev->dev,
>> + "i.MX Secure Enclave is not cleanly un-probed.");
>> +
>> + return 0;
>> +}
>> +
>> +static int se_suspend(struct device *dev)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + const struct imx_se_node_info *info
>> + = priv->info;
>> +
>> + if (info && info->imem_mgmt)
>> + priv->imem.size = se_save_imem_state(dev);
>> +
>> + return 0;
>> +}
>> +
>> +static int se_resume(struct device *dev)
>> +{
>> + struct se_if_priv *priv = dev_get_drvdata(dev);
>> + const struct imx_se_node_info *info
>> + = priv->info;
>> + int i;
>> +
>> + for (i = 0; i < priv->max_dev_ctx; i++)
>> + wake_up_interruptible(&priv->ctxs[i]->wq);
>> +
>> + if (info && info->imem_mgmt)
>> + se_restore_imem_state(dev);
>> +
>> + return 0;
>> +}
>> +
>> +static const struct dev_pm_ops se_pm = {
>> + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
>> +};
>> +
>> +static struct platform_driver se_driver = {
>> + .driver = {
>> + .name = "fsl-se-fw",
>> + .of_match_table = se_match,
>> + .pm = &se_pm,
>> + },
>> + .probe = se_probe,
>> + .remove = se_remove,
>> +};
>> +MODULE_DEVICE_TABLE(of, se_match);
>> +
>> +module_platform_driver(se_driver);
>> +
>> +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
>> +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
>> +MODULE_LICENSE("GPL");
>> diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
>> new file mode 100644
>> index 000000000000..76e1ce77c52f
>> --- /dev/null
>> +++ b/drivers/firmware/imx/se_ctrl.h
>> @@ -0,0 +1,151 @@
>> +/* SPDX-License-Identifier: GPL-2.0+ */
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +#ifndef SE_MU_H
>> +#define SE_MU_H
>> +
>> +#include <linux/miscdevice.h>
>> +#include <linux/semaphore.h>
>> +#include <linux/mailbox_client.h>
>> +
>> +#define MAX_FW_LOAD_RETRIES 50
>> +
>> +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
>> +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
>> +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
>> +#define MSG_VER(x) ((x) & 0x000000ff)
>> +#define RES_STATUS(x) ((x) & 0x000000ff)
>> +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
>> +#define S4_DEFAULT_MUAP_INDEX (2)
>> +#define S4_MUAP_DEFAULT_MAX_USERS (4)
>> +#define MESSAGING_VERSION_6 0x6
>> +#define MESSAGING_VERSION_7 0x7
>> +
>> +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
>> +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
>> +
>> +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
>> +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
>> +
>> +struct se_imem_buf {
>> + u8 *buf;
>> + phys_addr_t phyaddr;
>> + u32 size;
>> +};
>> +
>> +struct se_buf_desc {
>> + u8 *shared_buf_ptr;
>> + u8 *usr_buf_ptr;
>> + u32 size;
>> + struct list_head link;
>> +};
>> +
>> +/* Status of a char device */
>> +enum se_if_dev_ctx_status_t {
>> + MU_FREE,
>> + MU_OPENED
>> +};
>> +
>> +struct se_shared_mem {
>> + dma_addr_t dma_addr;
>> + u32 size;
>> + u32 pos;
>> + u8 *ptr;
>> +};
>> +
>> +/* Private struct for each char device instance. */
>> +struct se_if_device_ctx {
>> + struct device *dev;
>> + struct se_if_priv *priv;
>> + struct miscdevice miscdev;
>> +
>> + enum se_if_dev_ctx_status_t status;
>> + wait_queue_head_t wq;
>> + struct semaphore fops_lock;
>> +
>> + u32 pending_hdr;
>> + struct list_head pending_in;
>> + struct list_head pending_out;
>> +
>> + struct se_shared_mem secure_mem;
>> + struct se_shared_mem non_secure_mem;
>> +
>> + u32 *temp_resp;
>> + u32 temp_resp_size;
>> + struct notifier_block se_notify;
>> +};
>> +
>> +/* Header of the messages exchange with the EdgeLock Enclave */
>> +struct se_msg_hdr {
>> + u8 ver;
>> + u8 size;
>> + u8 command;
>> + u8 tag;
>> +} __packed;
>> +
>> +#define SE_MU_HDR_SZ 4
>> +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
>> +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
>> +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
>> +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
>> +
>> +struct se_api_msg {
>> + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
>> + u32 *data;
>> +};
>> +
>> +struct se_if_priv {
>> + struct se_if_device_ctx *cmd_receiver_dev;
>> + struct se_if_device_ctx *waiting_rsp_dev;
>> + bool no_dev_ctx_used;
>> + /*
>> + * prevent parallel access to the se interface registers
>> + * e.g. a user trying to send a command while the other one is
>> + * sending a response.
>> + */
>> + struct mutex se_if_lock;
>> + /*
>> + * prevent a command to be sent on the se interface while another one is
>> + * still processing. (response to a command is allowed)
>> + */
>> + struct mutex se_if_cmd_lock;
>> + struct device *dev;
>> + u8 *mem_pool_name;
>> + u8 cmd_tag;
>> + u8 rsp_tag;
>> + u8 success_tag;
>> + u8 base_api_ver;
>> + u8 fw_api_ver;
>> + u32 fw_fail;
>> + const void *info;
>> +
>> + struct mbox_client se_mb_cl;
>> + struct mbox_chan *tx_chan, *rx_chan;
>> + struct se_api_msg *rx_msg;
>> + struct completion done;
>> + spinlock_t lock;
>> + /*
>> + * Flag to retain the state of initialization done at
>> + * the time of se-mu probe.
>> + */
>> + uint32_t flags;
>> + u8 max_dev_ctx;
>> + struct se_if_device_ctx **ctxs;
>> + struct se_imem_buf imem;
>> +};
>> +
>> +void *get_phy_buf_mem_pool(struct device *dev,
>> + u8 *mem_pool_name,
>> + dma_addr_t *buf,
>> + u32 size);
>> +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
>> + u8 *mem_pool_name,
>> + u32 **buf,
>> + u32 size);
>> +void free_phybuf_mem_pool(struct device *dev,
>> + u8 *mem_pool_name,
>> + u32 *buf,
>> + u32 size);
>> +#endif
>> diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h
>> new file mode 100644
>> index 000000000000..c47f84906837
>> --- /dev/null
>> +++ b/include/linux/firmware/imx/se_api.h
>> @@ -0,0 +1,14 @@
>> +/* SPDX-License-Identifier: GPL-2.0+ */
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +#ifndef __SE_API_H__
>> +#define __SE_API_H__
>> +
>> +#include <linux/types.h>
>> +
>> +#define SOC_ID_OF_IMX8ULP 0x084D
>> +#define SOC_ID_OF_IMX93 0x9300
>> +
>> +#endif /* __SE_API_H__ */
>> diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
>> new file mode 100644
>> index 000000000000..f68a36e9da2c
>> --- /dev/null
>> +++ b/include/uapi/linux/se_ioctl.h
>> @@ -0,0 +1,88 @@
>> +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause*/
>> +/*
>> + * Copyright 2024 NXP
>> + */
>> +
>> +#ifndef SE_IOCTL_H
>> +#define SE_IOCTL_H
>> +
>> +/* IOCTL definitions. */
>> +
>> +struct se_ioctl_setup_iobuf {
>> + u8 *user_buf;
>> + u32 length;
>> + u32 flags;
>> + u64 ele_addr;
>> +};
>> +
>> +struct se_ioctl_shared_mem_cfg {
>> + u32 base_offset;
>> + u32 size;
>> +};
>> +
>> +struct se_ioctl_get_if_info {
>> + u8 se_if_id;
>> + u8 interrupt_idx;
>> + u8 tz;
>> + u8 did;
>> + u8 cmd_tag;
>> + u8 rsp_tag;
>> + u8 success_tag;
>> + u8 base_api_ver;
>> + u8 fw_api_ver;
>> +};
>> +
>> +struct se_ioctl_signed_message {
>> + u8 *message;
>> + u32 msg_size;
>> + u32 error_code;
>> +};
>> +
>> +struct se_ioctl_get_soc_info {
>> + u16 soc_id;
>> + u16 soc_rev;
>> +};
>> +
>> +/* IO Buffer Flags */
>> +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
>> +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
>> +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
>> +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
>> +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
>> +
>> +/* IOCTLS */
>> +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
>> +
>> +/*
>> + * ioctl to designated the current fd as logical-reciever.
>> + * This is ioctl is send when the nvm-daemon, a slave to the
>> + * firmware is started by the user.
>> + */
>> +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
>> +
>> +/*
>> + * ioctl to get the buffer allocated from the memory, which is shared
>> + * between kernel and FW.
>> + * Post allocation, the kernel tagged the allocated memory with:
>> + * Output
>> + * Input
>> + * Input-Output
>> + * Short address
>> + * Secure-memory
>> + */
>> +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
>> + struct se_ioctl_setup_iobuf)
>> +
>> +/*
>> + * ioctl to get the mu information, that is used to exchange message
>> + * with FW, from user-spaced.
>> + */
>> +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
>> + struct se_ioctl_get_if_info)
>> +/*
>> + * ioctl to get SoC Info from user-space.
>> + */
>> +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
>> + struct se_ioctl_get_soc_info)
>> +
>> +#endif
>>
>> --
>> 2.34.1
>>
>
> _______________________________________________
> linux-arm-kernel mailing list
> [email protected]
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.infradead.org_mailman_listinfo_linux-2Darm-2Dkernel&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=eKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgCpca6smAwvwFycf&s=187NgAc1LvHOnaB90o76OtTVe5J2eG-Y6Xgp05PQpBY&e=


2024-05-10 20:09:14

by Rob Herring (Arm)

[permalink] [raw]
Subject: Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc

On Fri, May 10, 2024 at 06:57:28PM +0530, Pankaj Gupta wrote:
> The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> creates an embedded secure enclave within the SoC boundary to enable
> features like:
> - HSM
> - SHE
> - V2X
>
> Secure-Enclave(s) communication interface are typically via message
> unit, i.e., based on mailbox linux kernel driver. This driver enables
> communication ensuring well defined message sequence protocol between
> Application Core and enclave's firmware.
>
> Driver configures multiple misc-device on the MU, for multiple
> user-space applications, to be able to communicate over single MU.
>
> It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> .../devicetree/bindings/firmware/fsl,imx-se.yaml | 186 +++++++++++++++++++++
> 1 file changed, 186 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> new file mode 100644
> index 000000000000..a858ef6965cb
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> @@ -0,0 +1,186 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/firmware/fsl,imx-se.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> +
> +maintainers:
> + - Pankaj Gupta <[email protected]>
> +
> +description: |
> + NXP's SoC may contain one or multiple embedded secure-enclave HW
> + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> + enables features like
> + - Hardware Security Module (HSM),
> + - Security Hardware Extension (SHE), and
> + - Vehicular to Anything (V2X)
> +
> + Communication interface to the secure-enclaves is based on the
> + messaging unit(s).
> +
> +properties:
> + '#address-cells':
> + const: 1
> +
> + '#size-cells':
> + const: 0
> +
> + compatible:
> + enum:
> + - fsl,imx8ulp-ele
> + - fsl,imx93-ele

You basically have 0 properties in the parent node. What's the point of
it? Either just get rid of it and define the child nodes independently
or make the parent contain all the resources.

> +
> +patternProperties:
> + "^[0-9a-z]*-if@[0-9]+$":

unit-addresses are hex.

> + type: object
> + description:
> + Communication interface to secure-enclave node, that defines hardware
> + properties to required to establish the communication. There can be
> + multiple interfaces to the same secure-enclave. Each interface is
> + enumerated with reg property. It optionally defines properties
> + depending on the compatible string and interface enum identifier.
> +
> + properties:
> + reg:
> + maxItems: 1
> + description: Identifier of the communication interface to secure-enclave.

What are the identifiers based on? Is the value significant to s/w? Kind
of looks like you just made up indices.

How many child nodes do you have? Is it fixed per SoC?

> +
> + mboxes:
> + description: contain a list of phandles to mailboxes.
> + items:
> + - description: Specify the mailbox used to send message to se firmware
> + - description: Specify the mailbox used to receive message from se firmware
> +
> + mbox-names:
> + items:
> + - const: tx
> + - const: rx
> + - const: txdb
> + - const: rxdb
> + minItems: 2
> +
> + memory-region:
> + description: contains a list of phandles to reserved external memory.
> + items:
> + - description: It is used by secure-enclave firmware. It is an optional
> + property based on compatible and identifier to communication interface.
> + (see bindings/reserved-memory/reserved-memory.txt)
> +
> + sram:
> + description: contains a list of phandles to sram.
> + $ref: /schemas/types.yaml#/definitions/phandle-array
> + items:
> + - description: Phandle to the device SRAM. It is an optional property
> + based on compatible and identifier to communication interface.
> +
> + required:
> + - reg
> + - mboxes
> + - mbox-names
> +
> +allOf:
> + # memory-region
> + - if:
> + properties:
> + compatible:
> + contains:
> + enum:
> + - fsl,imx8ulp-ele
> + - fsl,imx93-ele

What else would they contain? Those are the only compatibles defined
here.

> + then:
> + patternProperties:
> + "^[0-9a-z]*-if@[0-9]+$":
> + allOf:
> + - if:

These conditionals are hard to follow. Probably a sign some of this
needs to be separate or simplified.

> + properties:
> + reg:
> + items:
> + - enum:
> + - 0
> + then:
> + required:
> + - memory-region
> + else:
> + not:
> + required:
> + - memory-region
> + # sram
> + - if:
> + properties:
> + compatible:
> + contains:
> + enum:
> + - fsl,imx8ulp-ele
> + then:
> + patternProperties:
> + "^[0-9a-z]*-if@[0-9]+$":
> + allOf:
> + - if:
> + properties:
> + reg:
> + items:
> + - enum:
> + - 0
> + then:
> + required:
> + - sram
> + else:
> + not:
> + required:
> + - sram
> +
> +additionalProperties: false

2024-05-11 05:31:06

by kernel test robot

[permalink] [raw]
Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

Hi Pankaj,

kernel test robot noticed the following build errors:

[auto build test ERROR on e8f897f4afef0031fe618a8e94127a0934896aba]

url: https://github.com/intel-lab-lkp/linux/commits/Pankaj-Gupta/Documentation-firmware-add-imx-se-to-other_interfaces/20240510-213210
base: e8f897f4afef0031fe618a8e94127a0934896aba
patch link: https://lore.kernel.org/r/20240510-imx-se-if-v1-4-27c5a674916d%40nxp.com
patch subject: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave
config: x86_64-buildonly-randconfig-005-20240511 (https://download.01.org/0day-ci/archive/20240511/[email protected]/config)
compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240511/[email protected]/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/

All errors (new ones prefixed by >>):

In file included from <built-in>:1:
>> ./usr/include/linux/se_ioctl.h:12:2: error: unknown type name 'u8'
12 | u8 *user_buf;
| ^
>> ./usr/include/linux/se_ioctl.h:13:2: error: unknown type name 'u32'
13 | u32 length;
| ^
./usr/include/linux/se_ioctl.h:14:2: error: unknown type name 'u32'
14 | u32 flags;
| ^
>> ./usr/include/linux/se_ioctl.h:15:2: error: unknown type name 'u64'
15 | u64 ele_addr;
| ^
./usr/include/linux/se_ioctl.h:19:2: error: unknown type name 'u32'
19 | u32 base_offset;
| ^
./usr/include/linux/se_ioctl.h:20:2: error: unknown type name 'u32'
20 | u32 size;
| ^
./usr/include/linux/se_ioctl.h:24:2: error: unknown type name 'u8'
24 | u8 se_if_id;
| ^
./usr/include/linux/se_ioctl.h:25:2: error: unknown type name 'u8'
25 | u8 interrupt_idx;
| ^
./usr/include/linux/se_ioctl.h:26:2: error: unknown type name 'u8'
26 | u8 tz;
| ^
./usr/include/linux/se_ioctl.h:27:2: error: unknown type name 'u8'
27 | u8 did;
| ^
./usr/include/linux/se_ioctl.h:28:2: error: unknown type name 'u8'
28 | u8 cmd_tag;
| ^
./usr/include/linux/se_ioctl.h:29:2: error: unknown type name 'u8'
29 | u8 rsp_tag;
| ^
./usr/include/linux/se_ioctl.h:30:2: error: unknown type name 'u8'
30 | u8 success_tag;
| ^
./usr/include/linux/se_ioctl.h:31:2: error: unknown type name 'u8'
31 | u8 base_api_ver;
| ^
./usr/include/linux/se_ioctl.h:32:2: error: unknown type name 'u8'
32 | u8 fw_api_ver;
| ^
./usr/include/linux/se_ioctl.h:36:2: error: unknown type name 'u8'
36 | u8 *message;
| ^
./usr/include/linux/se_ioctl.h:37:2: error: unknown type name 'u32'
37 | u32 msg_size;
| ^
./usr/include/linux/se_ioctl.h:38:2: error: unknown type name 'u32'
38 | u32 error_code;
| ^
>> ./usr/include/linux/se_ioctl.h:42:2: error: unknown type name 'u16'
42 | u16 soc_id;
| ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

2024-05-11 07:16:13

by kernel test robot

[permalink] [raw]
Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

Hi Pankaj,

kernel test robot noticed the following build warnings:

[auto build test WARNING on e8f897f4afef0031fe618a8e94127a0934896aba]

url: https://github.com/intel-lab-lkp/linux/commits/Pankaj-Gupta/Documentation-firmware-add-imx-se-to-other_interfaces/20240510-213210
base: e8f897f4afef0031fe618a8e94127a0934896aba
patch link: https://lore.kernel.org/r/20240510-imx-se-if-v1-4-27c5a674916d%40nxp.com
patch subject: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave
config: arm64-allmodconfig (https://download.01.org/0day-ci/archive/20240511/[email protected]/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project b910bebc300dafb30569cecc3017b446ea8eafa0)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240511/[email protected]/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/

All warnings (new ones prefixed by >>):

>> drivers/firmware/imx/ele_common.c:27:6: warning: variable 'err' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
27 | if (!wait_for_completion_timeout(&priv->done, wait)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/firmware/imx/ele_common.c:36:9: note: uninitialized use occurs here
36 | return err;
| ^~~
drivers/firmware/imx/ele_common.c:27:2: note: remove the 'if' if its condition is always true
27 | if (!wait_for_completion_timeout(&priv->done, wait)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/firmware/imx/ele_common.c:24:9: note: initialize the variable 'err' to silence this warning
24 | int err;
| ^
| = 0
1 warning generated.
--
In file included from drivers/firmware/imx/ele_base_msg.c:8:
In file included from include/linux/dma-mapping.h:11:
In file included from include/linux/scatterlist.h:8:
In file included from include/linux/mm.h:2188:
include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
509 | item];
| ~~~~
include/linux/vmstat.h:515:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
515 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
516 | NR_VM_NUMA_EVENT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~~
include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion]
522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_"
| ~~~~~~~~~~~ ^ ~~~
include/linux/vmstat.h:527:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
527 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
528 | NR_VM_NUMA_EVENT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~~
include/linux/vmstat.h:536:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
536 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
537 | NR_VM_NUMA_EVENT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~~
>> drivers/firmware/imx/ele_base_msg.c:23:6: warning: variable 'ret' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
23 | if (!priv || !s_info)
| ^~~~~~~~~~~~~~~~
drivers/firmware/imx/ele_base_msg.c:114:9: note: uninitialized use occurs here
114 | return ret;
| ^~~
drivers/firmware/imx/ele_base_msg.c:23:2: note: remove the 'if' if its condition is always false
23 | if (!priv || !s_info)
| ^~~~~~~~~~~~~~~~~~~~~
24 | goto exit;
| ~~~~~~~~~
>> drivers/firmware/imx/ele_base_msg.c:23:6: warning: variable 'ret' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
23 | if (!priv || !s_info)
| ^~~~~
drivers/firmware/imx/ele_base_msg.c:114:9: note: uninitialized use occurs here
114 | return ret;
| ^~~
drivers/firmware/imx/ele_base_msg.c:23:6: note: remove the '||' if its condition is always false
23 | if (!priv || !s_info)
| ^~~~~~~~
drivers/firmware/imx/ele_base_msg.c:21:9: note: initialize the variable 'ret' to silence this warning
21 | int ret;
| ^
| = 0
>> drivers/firmware/imx/ele_base_msg.c:23:6: warning: variable 'get_info_addr' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
23 | if (!priv || !s_info)
| ^~~~~~~~~~~~~~~~
drivers/firmware/imx/ele_base_msg.c:103:6: note: uninitialized use occurs here
103 | if (get_info_addr) {
| ^~~~~~~~~~~~~
drivers/firmware/imx/ele_base_msg.c:23:2: note: remove the 'if' if its condition is always false
23 | if (!priv || !s_info)
| ^~~~~~~~~~~~~~~~~~~~~
24 | goto exit;
| ~~~~~~~~~
>> drivers/firmware/imx/ele_base_msg.c:23:6: warning: variable 'get_info_addr' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
23 | if (!priv || !s_info)
| ^~~~~
drivers/firmware/imx/ele_base_msg.c:103:6: note: uninitialized use occurs here
103 | if (get_info_addr) {
| ^~~~~~~~~~~~~
drivers/firmware/imx/ele_base_msg.c:23:6: note: remove the '||' if its condition is always false
23 | if (!priv || !s_info)
| ^~~~~~~~
drivers/firmware/imx/ele_base_msg.c:18:27: note: initialize the variable 'get_info_addr' to silence this warning
18 | phys_addr_t get_info_addr;
| ^
| = 0
9 warnings generated.


vim +27 drivers/firmware/imx/ele_common.c

20
21 int imx_ele_msg_rcv(struct se_if_priv *priv)
22 {
23 u32 wait;
24 int err;
25
26 wait = msecs_to_jiffies(1000);
> 27 if (!wait_for_completion_timeout(&priv->done, wait)) {
28 dev_err(priv->dev,
29 "Error: wait_for_completion timed out.\n");
30 err = -ETIMEDOUT;
31 }
32
33 mutex_unlock(&priv->se_if_cmd_lock);
34 priv->no_dev_ctx_used = false;
35
36 return err;
37 }
38

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

2024-05-13 07:30:39

by Sascha Hauer

[permalink] [raw]
Subject: Re: [PATCH 1/4] Documentation/firmware: add imx/se to other_interfaces

On Fri, May 10, 2024 at 06:57:27PM +0530, Pankaj Gupta wrote:
> Documents i.MX SoC's Service layer and C_DEV driver for selected SoC(s)
> that contains the NXP hardware IP(s) for secure-enclaves(se) like:
> - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> .../driver-api/firmware/other_interfaces.rst | 126 +++++++++++++++++++++
> 1 file changed, 126 insertions(+)
>
> diff --git a/Documentation/driver-api/firmware/other_interfaces.rst b/Documentation/driver-api/firmware/other_interfaces.rst
> index 06ac89adaafb..c18c2d3e6e08 100644
> --- a/Documentation/driver-api/firmware/other_interfaces.rst
> +++ b/Documentation/driver-api/firmware/other_interfaces.rst
> @@ -49,3 +49,129 @@ of the requests on to a secure monitor (EL3).
>
> .. kernel-doc:: drivers/firmware/stratix10-svc.c
> :export:
> +
> +NXP Secure Enclave Firmware Interface
> +=====================================
> +
> +Introduction
> +------------
> +The NXP's i.MX HW IP like EdgeLock-Enclave, V2X etc., creats an embedded secure

s/creats/creates/

> +enclave within the SoC boundary to enable features like
> + - Hardware Security Module (HSM)
> + - Security Hardware Extension (SHE)
> + - Vehicular to Anything (V2X)
> +
> +Each of the above feature, is enabled through dedicated NXP H/W IP on the SoC.
> +On a single SoC, multiple hardware IP (or can say more than one secure enclave)
> +can exists.
> +
> +NXP SoC(s) enabled with the such secure enclave(se) IP(s) are:

There are already multiple NXP SoCs with a secure enclave, so you can
drop the braces around the plural 's'.

With (se) you refer to the acronym SE for secure enclave, right? If so,
please write it in uppercase letters.

> +i.MX93, i.MX8ULP
> +
> +To communicate with one or more co-existing 'se'(s) on SoC, there is/are dedicated
> +messaging units(MU) per 'se'. Each co-existing 'se' can have one or multiple exclusive
> +MU(s), dedicated to itself. None of the MU is shared between two se(s).

between to SEs (the plural 's' is not optional here)

> +Communication of the MU is realized using the Linux mailbox driver.
> +
> +NXP Secure Enclave(SE) Interface
> +--------------------------------
> +All those SE interface(s) 'se-if(s)' that is/are dedicated to a particular 'se', will be

interfaces (no 's' in braces).

Please use uppercase letters consistently for 'SE'

> +enumerated and provisioned under the very single 'se' node.
> +
> +Each 'se-if', comprise of twp layers:
> +- (C_DEV Layer) User-Space software-access interface.
> +- (Service Layer) OS-level software-access interface.
> +
> + +--------------------------------------------+
> + | Character Device(C_DEV) |
> + | |
> + | +---------+ +---------+ +---------+ |
> + | | misc #1 | | misc #2 | ... | misc #n | |
> + | | dev | | dev | | dev | |
> + | +---------+ +---------+ +---------+ |
> + | +-------------------------+ |
> + | | Misc. Dev Synchr. Logic | |
> + | +-------------------------+ |
> + | |
> + +--------------------------------------------+
> +
> + +--------------------------------------------+
> + | Service Layer |
> + | |
> + | +-----------------------------+ |
> + | | Message Serialization Logic | |
> + | +-----------------------------+ |
> + | +---------------+ |
> + | | imx-mailbox | |
> + | | mailbox.c | |
> + | +---------------+ |
> + | |
> + +--------------------------------------------+
> +
> +- service layer:
> + This layer is responsible for ensuring the communication protocol, that is defined
> + for communication with firmware.
> +
> + FW Communication protocol ensures two things:
> + - Serializing the multiple message(s) to be sent over an MU.

Just "Serializing the messages to be sent over an MU"

> + A mutex locks instance "mu_lock" is instantiated per MU. It is taken to ensure
> + one message is sent over MU at a time. The lock "mu_lock" is unlocked, post sending
> + the message using the mbox api(s) exposed by mailbox kernel driver.
> +
> + - FW can handle one command-message at a time.
> + Second command-message must wait till first command message is completely processed.
> + Hence, another mutex lock instance "mu_cmd_lock" is instantiated per MU. It is taken
> + to ensure one command-message is sent at a time, towards FW. This lock is not unlocked,
> + for the next command-message, till previous command message is processed completely.

I don't think such implementation details belong here. They are easily
changed in the code with the documentation update being forgotten. I'd
just leave the bullet points here and add the detailed description as
comments to the code.

Sascha

--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

2024-05-13 08:21:55

by Sascha Hauer

[permalink] [raw]
Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

On Fri, May 10, 2024 at 06:57:30PM +0530, Pankaj Gupta wrote:
> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> are embedded in the SoC to support the features like HSM, SHE & V2X,
> using message based communication interface.
>
> The secure enclave FW communicates on a dedicated messaging unit(MU)
> based interface(s) with application core, where kernel is running.
> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
>
> This patch adds the driver for communication interface to secure-enclave,
> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
> both from:
> - User-Space Applications via character driver.
> - Kernel-space, used by kernel management layers like DM-Crypt.
>
> ABI documentation for the NXP secure-enclave driver.

Several review comments inside, but stopping here. I just found v7 of
this series. Could it be that you have resent an older version of this
series instead of the new one??

Sascha

>
> User-space library using this driver:
> - i.MX Secure Enclave library:
> -- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
> - i.MX Secure Middle-Ware:
> -- URL: https://github.com/nxp-imx/imx-smw.git
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> Documentation/ABI/testing/se-cdev | 42 ++
> drivers/firmware/imx/Kconfig | 12 +
> drivers/firmware/imx/Makefile | 2 +
> drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> drivers/firmware/imx/ele_base_msg.h | 70 ++
> drivers/firmware/imx/ele_common.c | 341 +++++++++
> drivers/firmware/imx/ele_common.h | 43 ++
> drivers/firmware/imx/se_ctrl.c | 1339 +++++++++++++++++++++++++++++++++++
> drivers/firmware/imx/se_ctrl.h | 151 ++++
> include/linux/firmware/imx/se_api.h | 14 +
> include/uapi/linux/se_ioctl.h | 88 +++
> 11 files changed, 2389 insertions(+)
>
> diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
> new file mode 100644
> index 000000000000..699525af6b86
> --- /dev/null
> +++ b/Documentation/ABI/testing/se-cdev
> @@ -0,0 +1,42 @@
> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> +Date: May 2024
> +KernelVersion: 6.8
> +Contact: [email protected], [email protected]
> +Description:
> + NXP offers multiple hardware IP(s) for secure-enclaves like EdgeLock-
> + Enclave(ELE), SECO. The character device file-descriptors
> + /dev/<se>_mu*_ch* are the interface between user-space NXP's secure-
> + enclave shared-library and the kernel driver.
> +
> + The ioctl(2)-based ABI is defined and documented in
> + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> + ioctl(s) are used primarily for:
> + - shared memory management
> + - allocation of I/O buffers
> + - get mu info
> + - setting a dev-ctx as receiver that is slave to fw
> + - get SoC info
> +
> + The following file operations are supported:
> +
> + open(2)
> + Currently the only useful flags are O_RDWR.
> +
> + read(2)
> + Every read() from the opened character device context is waiting on
> + wakeup_intruptible, that gets set by the registered mailbox callback
> + function; indicating a message received from the firmware on message-
> + unit.
> +
> + write(2)
> + Every write() to the opened character device context needs to acquire
> + mailbox_lock, before sending message on to the message unit.
> +
> + close(2)
> + Stops and free up the I/O contexts that was associated
> + with the file descriptor.
> +
> +Users: https://github.com/nxp-imx/imx-secure-enclave.git,
> + https://github.com/nxp-imx/imx-smw.git
> + crypto/skcipher,
> + drivers/nvmem/imx-ocotp-ele.c
> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> index 183613f82a11..56bdca9bd917 100644
> --- a/drivers/firmware/imx/Kconfig
> +++ b/drivers/firmware/imx/Kconfig
> @@ -22,3 +22,15 @@ config IMX_SCU
>
> This driver manages the IPC interface between host CPU and the
> SCU firmware running on M4.
> +
> +config IMX_SEC_ENCLAVE
> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
> + depends on IMX_MBOX && ARCH_MXC && ARM64
> + default m if ARCH_MXC
> +
> + help
> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
> + Unit. This driver exposes these interfaces via a set of file descriptors
> + allowing to configure shared memory, send and receive messages.
> diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
> index 8f9f04a513a8..aa9033e0e9e3 100644
> --- a/drivers/firmware/imx/Makefile
> +++ b/drivers/firmware/imx/Makefile
> @@ -1,3 +1,5 @@
> # SPDX-License-Identifier: GPL-2.0
> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
> new file mode 100644
> index 000000000000..0463f26d93c7
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.c
> @@ -0,0 +1,287 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/types.h>
> +#include <linux/completion.h>
> +#include <linux/dma-mapping.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + phys_addr_t get_info_addr;
> + u32 *get_info_data;
> + u32 status;
> + int ret;
> +
> + if (!priv || !s_info)
> + goto exit;

ret and get_info_addr are used uninitialized when jumping to the exit
label from here.

> +
> + memset(s_info, 0x0, sizeof(*s_info));
> +
> + if (priv->mem_pool_name)
> + get_info_data = get_phy_buf_mem_pool(dev,
> + priv->mem_pool_name,
> + &get_info_addr,
> + ELE_GET_INFO_BUFF_SZ);
> + else
> + get_info_data = dmam_alloc_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + &get_info_addr,
> + GFP_KERNEL);
> + if (!get_info_data) {
> + ret = -ENOMEM;
> + dev_err(dev,
> + "%s: Failed to allocate get_info_addr.\n",
> + __func__);
> + goto exit;
> + }
> +
> + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = upper_32_bits(get_info_addr);

How can this work without triggering a NULL pointer exception? struct se_api_msg
is declared as:

struct se_api_msg {
u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
u32 *data;
};

The memory for tx_msg is kzalloced above, so *data is a NULL pointer.

> + tx_msg->data[1] = lower_32_bits(get_info_addr);
> + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_GET_INFO_REQ, status);
> + ret = -1;

Callers seem to expect an error code. Do you intend to return -EPERM
here?

> + }
> +
> + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> + & ELE_IMEM_STATE_MASK) >> 16;
> + s_info->major_ver = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 24;
> + s_info->minor_ver = ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16) & 0xFF;
> + s_info->soc_rev = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16;
> + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_ID_MASK;
> + s_info->serial_num
> + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] << 32
> + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> +exit:
> + if (get_info_addr) {
> + if (priv->mem_pool_name)
> + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> + get_info_data, ELE_GET_INFO_BUFF_SZ);
> + else
> + dmam_free_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + get_info_data,
> + get_info_addr);
> + }
> +
> + return ret;
> +}
> +
> +int ele_ping(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_PING_REQ, ELE_PING_REQ_SZ,
> + true);
> + if (ret) {
> + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> + goto exit;
> + }
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_PING_REQ,
> + ELE_PING_RSP_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_PING_REQ, status);
> + ret = -1;
> + }
> +exit:
> + return ret;
> +}
> +
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = flag;
> + tx_msg->data[1] = addr_size;
> + tx_msg->data[2] = ELE_NONE_VAL;
> + tx_msg->data[3] = lower_32_bits(addr);
> + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_SERVICE_SWAP_REQ, status);
> + ret = -1;
> + } else {
> + if (flag == ELE_IMEM_EXPORT)
> + ret = priv->rx_msg->data[1];
> + else
> + ret = 0;
> + }
> +exit:
> +
> + return ret;
> +}
> +
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_REQ_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = addr;
> + tx_msg->data[1] = 0x0;
> + tx_msg->data[2] = addr;

Has this been tested? According to the documentation data[0] shall
contain the upper 32bit of the address and data[1] shall contain the
lower 32bit of the address. There is no data[2] for this call.


--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

2024-05-13 09:13:15

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Frank Li <[email protected]>
> Sent: Friday, May 10, 2024 10:11 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave
>
> On Fri, May 10, 2024 at 06:57:30PM +0530, Pankaj Gupta wrote:
> > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> > are embedded in the SoC to support the features like HSM, SHE & V2X,
> > using message based communication interface.
> >
> > The secure enclave FW communicates on a dedicated messaging unit(MU)
> > based interface(s) with application core, where kernel is running.
> > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
> >
> > This patch adds the driver for communication interface to secure-enclave,
> > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
> Enclave,
> > both from:
> > - User-Space Applications via character driver.
> > - Kernel-space, used by kernel management layers like DM-Crypt.
> >
> > ABI documentation for the NXP secure-enclave driver.
> >
> > User-space library using this driver:
> > - i.MX Secure Enclave library:
> > -- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
> > - i.MX Secure Middle-Ware:
> > -- URL: https://github.com/nxp-imx/imx-smw.git
> >
> > Signed-off-by: Pankaj Gupta <[email protected]>
> > ---
> > Documentation/ABI/testing/se-cdev | 42 ++
> > drivers/firmware/imx/Kconfig | 12 +
> > drivers/firmware/imx/Makefile | 2 +
> > drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> > drivers/firmware/imx/ele_base_msg.h | 70 ++
> > drivers/firmware/imx/ele_common.c | 341 +++++++++
> > drivers/firmware/imx/ele_common.h | 43 ++
> > drivers/firmware/imx/se_ctrl.c | 1339
> +++++++++++++++++++++++++++++++++++
> > drivers/firmware/imx/se_ctrl.h | 151 ++++
> > include/linux/firmware/imx/se_api.h | 14 +
> > include/uapi/linux/se_ioctl.h | 88 +++
> > 11 files changed, 2389 insertions(+)
> >
> > diff --git a/Documentation/ABI/testing/se-cdev
> b/Documentation/ABI/testing/se-cdev
> > new file mode 100644
> > index 000000000000..699525af6b86
> > --- /dev/null
> > +++ b/Documentation/ABI/testing/se-cdev
> > @@ -0,0 +1,42 @@
> > +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> > +Date: May 2024
> > +KernelVersion: 6.8
> > +Contact: [email protected], [email protected]
> > +Description:
> > + NXP offers multiple hardware IP(s) for secure-enclaves like
> EdgeLock-
> > + Enclave(ELE), SECO. The character device file-descriptors
> > + /dev/<se>_mu*_ch* are the interface between user-space
> NXP's secure-
> > + enclave shared-library and the kernel driver.
> > +
> > + The ioctl(2)-based ABI is defined and documented in
> > + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> > + ioctl(s) are used primarily for:
> > + - shared memory management
> > + - allocation of I/O buffers
> > + - get mu info
> > + - setting a dev-ctx as receiver that is slave to fw
> > + - get SoC info
> > +
> > + The following file operations are supported:
> > +
> > + open(2)
> > + Currently the only useful flags are O_RDWR.
> > +
> > + read(2)
> > + Every read() from the opened character device context is
> waiting on
> > + wakeup_intruptible, that gets set by the registered mailbox
> callback
> > + function; indicating a message received from the firmware
> on message-
> > + unit.
> > +
> > + write(2)
> > + Every write() to the opened character device context needs
> to acquire
> > + mailbox_lock, before sending message on to the message
> unit.
> > +
> > + close(2)
> > + Stops and free up the I/O contexts that was associated
> > + with the file descriptor.
> > +
> > +Users: https://github.com/nxp-imx/imx-secure-enclave.git,
> > + https://github.com/nxp-imx/imx-smw.git
> > + crypto/skcipher,
> > + drivers/nvmem/imx-ocotp-ele.c
> > diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> > index 183613f82a11..56bdca9bd917 100644
> > --- a/drivers/firmware/imx/Kconfig
> > +++ b/drivers/firmware/imx/Kconfig
> > @@ -22,3 +22,15 @@ config IMX_SCU
> >
> > This driver manages the IPC interface between host CPU and the
> > SCU firmware running on M4.
> > +
> > +config IMX_SEC_ENCLAVE
> > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware
> driver."
> > + depends on IMX_MBOX && ARCH_MXC && ARM64
> > + default m if ARCH_MXC
> > +
> > + help
> > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP
> called:
> > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> > + like base, HSM, V2X & SHE using the SAB protocol via the shared
> Messaging
> > + Unit. This driver exposes these interfaces via a set of file descriptors
> > + allowing to configure shared memory, send and receive messages.
> > diff --git a/drivers/firmware/imx/Makefile
> b/drivers/firmware/imx/Makefile
> > index 8f9f04a513a8..aa9033e0e9e3 100644
> > --- a/drivers/firmware/imx/Makefile
> > +++ b/drivers/firmware/imx/Makefile
> > @@ -1,3 +1,5 @@
> > # SPDX-License-Identifier: GPL-2.0
> > obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o
> rm.o imx-scu-soc.o
> > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> > diff --git a/drivers/firmware/imx/ele_base_msg.c
> b/drivers/firmware/imx/ele_base_msg.c
> > new file mode 100644
> > index 000000000000..0463f26d93c7
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.c
> > @@ -0,0 +1,287 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/types.h>
> > +#include <linux/completion.h>
> > +#include <linux/dma-mapping.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + phys_addr_t get_info_addr;
> > + u32 *get_info_data;
> > + u32 status;
> > + int ret;
> > +
> > + if (!priv || !s_info)
> > + goto exit;
> > +
> > + memset(s_info, 0x0, sizeof(*s_info));
> > +
> > + if (priv->mem_pool_name)
> > + get_info_data = get_phy_buf_mem_pool(dev,
> > + priv->mem_pool_name,
> > + &get_info_addr,
> > + ELE_GET_INFO_BUFF_SZ);
> > + else
> > + get_info_data = dmam_alloc_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + &get_info_addr,
> > + GFP_KERNEL);
> > + if (!get_info_data) {
> > + ret = -ENOMEM;
> > + dev_err(dev,
> > + "%s: Failed to allocate get_info_addr.\n",
> > + __func__);
> > + goto exit;
> > + }
> > +
> > + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = upper_32_bits(get_info_addr);
> > + tx_msg->data[1] = lower_32_bits(get_info_addr);
> > + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_GET_INFO_REQ, status);
> > + ret = -1;
> > + }
> > +
> > + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> > + & ELE_IMEM_STATE_MASK) >> 16;
> > + s_info->major_ver =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 24;
> > + s_info->minor_ver =
> ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16) & 0xFF;
> > + s_info->soc_rev =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16;
> > + s_info->soc_id =
> get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_ID_MASK;
> > + s_info->serial_num
> > + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF]
> << 32
> > + |
> get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> > +exit:
> > + if (get_info_addr) {
> > + if (priv->mem_pool_name)
> > + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> > + get_info_data,
> ELE_GET_INFO_BUFF_SZ);
> > + else
> > + dmam_free_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + get_info_data,
> > + get_info_addr);
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +int ele_ping(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
>
> If you want __free(kfree) it should be
>
> struct se_api_msg *tx_msg __free(kfree) = NULL;
> struct se_api_msg *rx_msg __free(kfree) = NULL;
>
> Or

Accepted.

>
> struct se_api_msg *tx_msg __free(kfree) = kzalloc(ELE_PING_REQ_SZ << 2,
> GFP_KERNEL)
> struct se_api_msg *rx_msg __free(kfree) = kzalloc(ELE_PING_RSP_SZ << 2,
> GFP_KERNEL)
>
> otherwise when
> if (!tx_msg) {
> return ret;
>
> ^^ when go here, rx_msg is random value. So kfree(rx_msg) will
> access random address.

Understood.
>
> }
>
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
>
>
> return -ENOMEM
>
> Frank
Accepted.
>
> > + }
> > +
> > + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_PING_REQ, ELE_PING_REQ_SZ,
> > + true);
> > + if (ret) {
> > + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> > + goto exit;
> > + }
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_PING_REQ,
> > + ELE_PING_RSP_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_PING_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > + return ret;
> > +}
> > +
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2,
> GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2,
> GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = flag;
> > + tx_msg->data[1] = addr_size;
> > + tx_msg->data[2] = ELE_NONE_VAL;
> > + tx_msg->data[3] = lower_32_bits(addr);
> > + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> > +
> ELE_SERVICE_SWAP_REQ_MSG_SZ);
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_SERVICE_SWAP_REQ, status);
> > + ret = -1;
> > + } else {
> > + if (flag == ELE_IMEM_EXPORT)
> > + ret = priv->rx_msg->data[1];
> > + else
> > + ret = 0;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > +
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_REQ_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = addr;
> > + tx_msg->data[1] = 0x0;
> > + tx_msg->data[2] = addr;
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_FW_AUTH_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > diff --git a/drivers/firmware/imx/ele_base_msg.h
> b/drivers/firmware/imx/ele_base_msg.h
> > new file mode 100644
> > index 000000000000..3b3d2bf04a84
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.h
> > @@ -0,0 +1,70 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + *
> > + * Header file for the EdgeLock Enclave Base API(s).
> > + */
> > +
> > +#ifndef ELE_BASE_MSG_H
> > +#define ELE_BASE_MSG_H
> > +
> > +#include <linux/device.h>
> > +#include <linux/types.h>
> > +
> > +#define WORD_SZ 4
> > +#define ELE_NONE_VAL 0x0
> > +
> > +#define ELE_SUCCESS_IND 0xD6
> > +
> > +#define ELE_GET_INFO_REQ 0xDA
> > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> > +
> > +#define ELE_GET_INFO_BUFF_SZ 0x100
> > +#define ELE_GET_INFO_READ_SZ 0xA0
> > +
> > +#define DEFAULT_IMX_SOC_VER 0xA0
> > +#define SOC_VER_MASK 0xFFFF0000
> > +#define SOC_ID_MASK 0x0000FFFF
> > +struct soc_info {
> > + u32 imem_state;
> > + u8 major_ver;
> > + u8 minor_ver;
> > + u16 soc_id;
> > + u16 soc_rev;
> > + u64 serial_num;
> > +};
> > +
> > +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> > +#define GET_INFO_UUID_WORD_OFFSET 3
> > +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> > + (GET_INFO_UUID_WORD_OFFSET + 3)
> > +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> > + (GET_INFO_UUID_WORD_OFFSET + 0)
> > +
> > +#define ELE_PING_REQ 0x01
> > +#define ELE_PING_REQ_SZ 0x04
> > +#define ELE_PING_RSP_SZ 0x08
> > +
> > +#define ELE_SERVICE_SWAP_REQ 0xDF
> > +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> > +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> > +#define ELE_IMEM_SIZE 0x10000
> > +#define ELE_IMEM_STATE_OK 0xCA
> > +#define ELE_IMEM_STATE_BAD 0xFE
> > +#define ELE_IMEM_STATE_WORD 0x27
> > +#define ELE_IMEM_STATE_MASK 0x00ff0000
> > +#define ELE_IMEM_EXPORT 0x1
> > +#define ELE_IMEM_IMPORT 0x2
> > +
> > +#define ELE_FW_AUTH_REQ 0x02
> > +#define ELE_FW_AUTH_REQ_SZ 0x10
> > +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info);
> > +int ele_ping(struct device *dev);
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag);
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> > +#endif
> > diff --git a/drivers/firmware/imx/ele_common.c
> b/drivers/firmware/imx/ele_common.c
> > new file mode 100644
> > index 000000000000..dcf7f9034653
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_common.c
> > @@ -0,0 +1,341 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> > +{
> > + u32 nb_words = msg_len / (u32)sizeof(u32);
> > + u32 crc = 0;
> > + u32 i;
> > +
> > + for (i = 0; i < nb_words - 1; i++)
> > + crc ^= *(msg + i);
> > +
> > + return crc;
> > +}
> > +
> > +int imx_ele_msg_rcv(struct se_if_priv *priv)
> > +{
> > + u32 wait;
> > + int err;
> > +
> > + wait = msecs_to_jiffies(1000);
> > + if (!wait_for_completion_timeout(&priv->done, wait)) {
> > + dev_err(priv->dev,
> > + "Error: wait_for_completion timed out.\n");
> > + err = -ETIMEDOUT;
> > + }
> > +
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + priv->no_dev_ctx_used = false;
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> > +{
> > + bool is_cmd_lock_tobe_taken = false;
> > + int err;
> > +
> > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > + is_cmd_lock_tobe_taken = true;
> > + mutex_lock(&priv->se_if_cmd_lock);
> > + }
> > + scoped_guard(mutex, &priv->se_if_lock);
> > +
> > + err = mbox_send_message(priv->tx_chan, mssg);
> > + if (err < 0) {
> > + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> > + if (is_cmd_lock_tobe_taken)
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + return err;
> > + }
> > + err = 0;
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> > +{
> > + int err;
> > +
> > + priv->no_dev_ctx_used = true;
> > + err = imx_ele_msg_send(priv, mssg);
> > + if (err)
> > + goto exit;
> > +
> > + err = imx_ele_msg_rcv(priv);
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> > +{
> > + struct se_msg_hdr header = {0};
> > + int err;
> > +
> > + err = wait_event_interruptible(dev_ctx->wq, dev_ctx-
> >pending_hdr != 0);
> > + if (err)
> > + dev_err(dev_ctx->dev,
> > + "%s: Err[0x%x]:Interrupted by signal.\n",
> > + dev_ctx->miscdev.name, err);
> > +
> > + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> > +
> > + if (header.tag == dev_ctx->priv->rsp_tag)
> > + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz)
> > +{
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_msg_hdr header = {0};
> > + int err;
> > +
> > + header = *((struct se_msg_hdr *) tx_msg);
> > +
> > + /*
> > + * Check that the size passed as argument matches the size
> > + * carried in the message.
> > + */
> > + err = header.size << 2;
> > +
> > + if (err != tx_msg_sz) {
> > + err = -EINVAL;
> > + dev_err(priv->dev,
> > + "%s: User buffer too small\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > + /* Check the message is valid according to tags */
> > + if (header.tag == priv->cmd_tag)
> > + priv->waiting_rsp_dev = dev_ctx;
> > + else if (header.tag == priv->rsp_tag) {
> > + /* Check the device context can send the command */
> > + if (dev_ctx != priv->cmd_receiver_dev) {
> > + dev_err(priv->dev,
> > + "%s: Channel not configured to send resp to
> FW.",
> > + dev_ctx->miscdev.name);
> > + err = -EPERM;
> > + goto exit;
> > + }
> > + } else {
> > + dev_err(priv->dev,
> > + "%s: The message does not have a valid TAG\n",
> > + dev_ctx->miscdev.name);
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > + err = imx_ele_msg_send(priv, tx_msg);
> > +exit:
> > + return err;
> > +}
> > +
> > +/*
> > + * Callback called by mailbox FW, when data is received.
> > + */
> > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> > +{
> > + struct device *dev = mbox_cl->dev;
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_api_msg *rx_msg;
> > + bool is_response = false;
> > + struct se_if_priv *priv;
> > + struct se_msg_hdr header;
> > +
> > + priv = dev_get_drvdata(dev);
> > + if (!priv) {
> > + dev_err(dev, "SE-MU Priv data is NULL;");
> > + return;
> > + }
> > +
> > + /* The function can be called with NULL msg */
> > + if (!msg) {
> > + dev_err(dev, "Message is invalid\n");
> > + return;
> > + }
> > +
> > + header.tag = ((u8 *)msg)[TAG_OFFSET];
> > + header.command = ((u8 *)msg)[CMD_OFFSET];
> > + header.size = ((u8 *)msg)[SZ_OFFSET];
> > + header.ver = ((u8 *)msg)[VER_OFFSET];
> > +
> > + /* Incoming command: wake up the receiver if any. */
> > + if (header.tag == priv->cmd_tag) {
> > + dev_dbg(dev, "Selecting cmd receiver\n");
> > + dev_ctx = priv->cmd_receiver_dev;
> > + } else if (header.tag == priv->rsp_tag) {
> > + if (priv->waiting_rsp_dev) {
> > + dev_dbg(dev, "Selecting rsp waiter\n");
> > + dev_ctx = priv->waiting_rsp_dev;
> > + is_response = true;
> > + } else {
> > + /*
> > + * Reading the EdgeLock Enclave response
> > + * to the command, sent by other
> > + * linux kernel services.
> > + */
> > + spin_lock(&priv->lock);
> > + memcpy(&priv->rx_msg, msg, header.size << 2);
> > +
> > + complete(&priv->done);
> > + spin_unlock(&priv->lock);
> > + return;
> > + }
> > + } else {
> > + dev_err(dev, "Failed to select a device for message: %.8x\n",
> > + *((u32 *) &header));
> > + return;
> > + }
> > + /* Init reception */
> > + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> > + if (rx_msg)
> > + memcpy(rx_msg, msg, header.size << 2);
> > +
> > + dev_ctx->temp_resp = (u32 *)rx_msg;
> > + dev_ctx->temp_resp_size = header.size;
> > +
> > + /* Allow user to read */
> > + dev_ctx->pending_hdr = 1;
> > + wake_up_interruptible(&dev_ctx->wq);
> > +
> > + if (is_response)
> > + priv->waiting_rsp_dev = NULL;
> > +}
> > +
> > +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> > + uint8_t msg_id, uint8_t sz, bool is_base_api)
> > +{
> > + int ret = -EINVAL;
> > + u32 size;
> > + u32 cmd;
> > + u32 tag;
> > + u32 ver;
> > +
> > + tag = MSG_TAG(header);
> > + cmd = MSG_COMMAND(header);
> > + size = MSG_SIZE(header);
> > + ver = MSG_VER(header);
> > +
> > + do {
> > + if (tag != priv->rsp_tag) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Resp tag mismatch.
> (0x%x != 0x%x)",
> > + msg_id, tag, priv->rsp_tag);
> > + break;
> > + }
> > +
> > + if (cmd != msg_id) {
> > + dev_err(priv->dev,
> > + "MSG Header: Cmd id mismatch. (0x%x !=
> 0x%x)",
> > + cmd, msg_id);
> > + break;
> > + }
> > +
> > + if (size != (sz >> 2)) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Cmd size mismatch.
> (0x%x != 0x%x)",
> > + msg_id, size, (sz >> 2));
> > + break;
> > + }
> > +
> > + if (is_base_api && (ver != priv->base_api_ver)) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Base API Vers mismatch.
> (0x%x != 0x%x)",
> > + msg_id, ver, priv->base_api_ver);
> > + break;
> > + } else if (!is_base_api && ver != priv->fw_api_ver) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: FW API Vers mismatch.
> (0x%x != 0x%x)",
> > + msg_id, ver, priv->fw_api_ver);
> > + break;
> > + }
> > +
> > + ret = 0;
> > +
> > + } while (false);
> > +
> > + return ret;
> > +}
> > +
> > +int se_save_imem_state(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + int ret;
> > +
> > + /* EXPORT command will save encrypted IMEM to given address,
> > + * so later in resume, IMEM can be restored from the given
> > + * address.
> > + *
> > + * Size must be at least 64 kB.
> > + */
> > + ret = ele_service_swap(dev,
> > + priv->imem.phyaddr,
> > + ELE_IMEM_SIZE,
> > + ELE_IMEM_EXPORT);
> > + if (ret < 0)
> > + dev_err(dev, "Failed to export IMEM\n");
> > + else
> > + dev_info(dev,
> > + "Exported %d bytes of encrypted IMEM\n",
> > + ret);
> > +
> > + return ret;
> > +}
> > +
> > +int se_restore_imem_state(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct soc_info s_info;
> > + int ret;
> > +
> > + /* get info from ELE */
> > + ret = ele_get_info(dev, &s_info);
> > + if (ret) {
> > + dev_err(dev, "Failed to get info from ELE.\n");
> > + return ret;
> > + }
> > +
> > + /* Get IMEM state, if 0xFE then import IMEM */
> > + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> > + /* IMPORT command will restore IMEM from the given
> > + * address, here size is the actual size returned by ELE
> > + * during the export operation
> > + */
> > + ret = ele_service_swap(dev,
> > + priv->imem.phyaddr,
> > + priv->imem.size,
> > + ELE_IMEM_IMPORT);
> > + if (ret) {
> > + dev_err(dev, "Failed to import IMEM\n");
> > + goto exit;
> > + }
> > + } else
> > + goto exit;
> > +
> > + /* After importing IMEM, check if IMEM state is equal to 0xCA
> > + * to ensure IMEM is fully loaded and
> > + * ELE functionality can be used.
> > + */
> > + ret = ele_get_info(dev, &s_info);
> > + if (ret) {
> > + dev_err(dev, "Failed to get info from ELE.\n");
> > + goto exit;
> > + }
> > +
> > + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> > + dev_info(dev, "Successfully restored IMEM\n");
> > + else
> > + dev_err(dev, "Failed to restore IMEM\n");
> > +
> > +exit:
> > + return ret;
> > +}
> > diff --git a/drivers/firmware/imx/ele_common.h
> b/drivers/firmware/imx/ele_common.h
> > new file mode 100644
> > index 000000000000..6e3a2114bb56
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_common.h
> > @@ -0,0 +1,43 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +
> > +#ifndef __ELE_COMMON_H__
> > +#define __ELE_COMMON_H__
> > +
> > +#include "se_ctrl.h"
> > +
> > +#define IMX_ELE_FW_DIR "imx/ele/"
> > +
> > +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> > +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz);
> > +int imx_ele_msg_rcv(struct se_if_priv *priv);
> > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> > +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> > +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> > + u8 msg_id, u8 sz, bool is_base_api);
> > +
> > +/* Fill a command message header with a given command ID and length in
> bytes. */
> > +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> > + struct se_msg_hdr *hdr,
> > + u8 cmd,
> > + u32 len,
> > + bool is_base_api)
> > +{
> > + hdr->tag = priv->cmd_tag;
> > + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> > + hdr->command = cmd;
> > + hdr->size = len >> 2;
> > +
> > + return 0;
> > +}
> > +
> > +int se_save_imem_state(struct device *dev);
> > +int se_restore_imem_state(struct device *dev);
> > +
> > +#endif /*__ELE_COMMON_H__ */
> > diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
> > new file mode 100644
> > index 000000000000..11c5eaa7353f
> > --- /dev/null
> > +++ b/drivers/firmware/imx/se_ctrl.c
> > @@ -0,0 +1,1339 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/completion.h>
> > +#include <linux/delay.h>
> > +#include <linux/dev_printk.h>
> > +#include <linux/dma-mapping.h>
> > +#include <linux/errno.h>
> > +#include <linux/export.h>
> > +#include <linux/firmware.h>
> > +#include <linux/firmware/imx/se_api.h>
> > +#include <linux/genalloc.h>
> > +#include <linux/init.h>
> > +#include <linux/io.h>
> > +#include <linux/miscdevice.h>
> > +#include <linux/mod_devicetable.h>
> > +#include <linux/module.h>
> > +#include <linux/of_platform.h>
> > +#include <linux/of_reserved_mem.h>
> > +#include <linux/platform_device.h>
> > +#include <linux/slab.h>
> > +#include <linux/string.h>
> > +#include <linux/sys_soc.h>
> > +#include <uapi/linux/se_ioctl.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +#include "se_ctrl.h"
> > +
> > +#define RESERVED_DMA_POOL BIT(1)
> > +
> > +struct imx_se_node_info {
> > + u8 se_if_id;
> > + u8 se_if_did;
> > + u8 max_dev_ctx;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > + u8 *se_name;
> > + u8 *mbox_tx_name;
> > + u8 *mbox_rx_name;
> > + u8 *pool_name;
> > + u8 *fw_name_in_rfs;
> > + bool soc_register;
> > + bool reserved_dma_ranges;
> > + bool imem_mgmt;
> > +};
> > +
> > +struct imx_se_node_info_list {
> > + u8 num_mu;
> > + u16 soc_id;
> > + u16 soc_rev;
> > + struct imx_se_node_info info[];
> > +};
> > +
> > +static const struct imx_se_node_info_list imx8ulp_info = {
> > + .num_mu = 1,
> > + .soc_id = SOC_ID_OF_IMX8ULP,
> > + .info = {
> > + {
> > + .se_if_id = 2,
> > + .se_if_did = 7,
> > + .max_dev_ctx = 4,
> > + .cmd_tag = 0x17,
> > + .rsp_tag = 0xe1,
> > + .success_tag = 0xd6,
> > + .base_api_ver = MESSAGING_VERSION_6,
> > + .fw_api_ver = MESSAGING_VERSION_7,
> > + .se_name = "hsm1",
> > + .mbox_tx_name = "tx",
> > + .mbox_rx_name = "rx",
> > + .pool_name = "sram",
> > + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> > + "mx8ulpa2ext-ahab-
> container.img",
> > + .soc_register = true,
> > + .reserved_dma_ranges = true,
> > + .imem_mgmt = true,
> > + },
> > + },
> > +};
> > +
> > +static const struct imx_se_node_info_list imx93_info = {
> > + .num_mu = 1,
> > + .soc_id = SOC_ID_OF_IMX93,
> > + .info = {
> > + {
> > + .se_if_id = 2,
> > + .se_if_did = 3,
> > + .max_dev_ctx = 4,
> > + .cmd_tag = 0x17,
> > + .rsp_tag = 0xe1,
> > + .success_tag = 0xd6,
> > + .base_api_ver = MESSAGING_VERSION_6,
> > + .fw_api_ver = MESSAGING_VERSION_7,
> > + .se_name = "hsm1",
> > + .mbox_tx_name = "tx",
> > + .mbox_rx_name = "rx",
> > + .reserved_dma_ranges = true,
> > + .imem_mgmt = true,
> > + .soc_register = true,
> > + },
> > + },
> > +};
> > +
> > +static const struct of_device_id se_match[] = {
> > + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
> > + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> > + {},
> > +};
> > +
> > +static struct imx_se_node_info
> > + *get_imx_se_node_info(struct imx_se_node_info_list
> *info_list,
> > + const u32 idx)
> > +{
> > + if (idx < 0 || idx > info_list->num_mu)
> > + return NULL;
> > +
> > + return &info_list->info[idx];
> > +}
> > +
> > +void *get_phy_buf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + dma_addr_t *buf,
> > + u32 size)
> > +{
> > + struct device_node *of_node = dev->of_node;
> > + struct gen_pool *mem_pool;
> > +
> > + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> > + if (!mem_pool) {
> > + dev_err(dev,
> > + "Unable to get sram pool = %s\n",
> > + mem_pool_name);
> > + return 0;
> > + }
> > +
> > + return gen_pool_dma_alloc(mem_pool, size, buf);
> > +}
> > +
> > +void free_phybuf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 *buf,
> > + u32 size)
> > +{
> > + struct device_node *of_node = dev->of_node;
> > + struct gen_pool *mem_pool;
> > +
> > + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> > + if (!mem_pool)
> > + dev_err(dev,
> > + "%s: Failed: Unable to get sram pool.\n",
> > + __func__);
> > +
> > + gen_pool_free(mem_pool, (u64)buf, size);
> > +}
> > +
> > +static int imx_fetch_soc_info(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct imx_se_node_info_list *info_list;
> > + const struct imx_se_node_info *info;
> > + struct soc_device_attribute *attr;
> > + struct soc_device *sdev;
> > + struct soc_info s_info;
> > + int err = 0;
> > +
> > + info = priv->info;
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev->parent);
> > + if (info_list->soc_rev)
> > + return err;
> > +
> > + err = ele_get_info(dev, &s_info);
> > + if (err)
> > + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> > +
> > + info_list->soc_rev = s_info.soc_rev;
> > +
> > + if (!info->soc_register)
> > + return 0;
> > +
> > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > + if (!attr)
> > + return -ENOMEM;
> > +
> > + if (s_info.minor_ver)
> > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> > + s_info.major_ver,
> > + s_info.minor_ver);
> > + else
> > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> > + s_info.major_ver);
> > +
> > + switch (s_info.soc_id) {
> > + case SOC_ID_OF_IMX8ULP:
> > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > + "i.MX8ULP");
> > + break;
> > + case SOC_ID_OF_IMX93:
> > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > + "i.MX93");
> > + break;
> > + }
> > +
> > + err = of_property_read_string(of_root, "model",
> > + &attr->machine);
> > + if (err) {
> > + devm_kfree(dev, attr);
> > + return -EINVAL;
> > + }
> > + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> > +
> > + attr->serial_number
> > + = devm_kasprintf(dev, GFP_KERNEL, "%016llX",
> s_info.serial_num);
> > +
> > + sdev = soc_device_register(attr);
> > + if (IS_ERR(sdev)) {
> > + devm_kfree(dev, attr->soc_id);
> > + devm_kfree(dev, attr->serial_number);
> > + devm_kfree(dev, attr->revision);
> > + devm_kfree(dev, attr->family);
> > + devm_kfree(dev, attr->machine);
> > + devm_kfree(dev, attr);
> > + return PTR_ERR(sdev);
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +/*
> > + * File operations for user-space
> > + */
> > +
> > +/* Write a message to the MU. */
> > +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_if_priv *priv;
> > + int err;
> > +
> > + dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + priv = dev_ctx->priv;
> > + dev_dbg(priv->dev,
> > + "%s: write from buf (%p)%zu, ppos=%lld\n",
> > + dev_ctx->miscdev.name,
> > + buf, size, ((ppos) ? *ppos : 0));
> > +
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + if (dev_ctx->status != MU_OPENED) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + if (size < SE_MU_HDR_SZ) {
> > + dev_err(priv->dev,
> > + "%s: User buffer too small(%zu < %d)\n",
> > + dev_ctx->miscdev.name,
> > + size, SE_MU_HDR_SZ);
> > + err = -ENOSPC;
> > + goto exit;
> > + }
> > +
> > + tx_msg = memdup_user((void __user *)ppos, size);
> > + if (!tx_msg) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + /* Copy data to buffer */
> > + if (copy_from_user(tx_msg, buf, size)) {
> > + err = -EFAULT;
> > + dev_err(priv->dev,
> > + "%s: Fail copy message from user\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + tx_msg, size, false);
> > +
> > + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/*
> > + * Read a message from the MU.
> > + * Blocking until a message is available.
> > + */
> > +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_buf_desc *b_desc;
> > + struct se_if_priv *priv;
> > + u32 size_to_copy;
> > + int err;
> > +
> > + dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + priv = dev_ctx->priv;
> > + dev_dbg(priv->dev,
> > + "%s: read to buf %p(%zu), ppos=%lld\n",
> > + dev_ctx->miscdev.name,
> > + buf, size, ((ppos) ? *ppos : 0));
> > +
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + if (dev_ctx->status != MU_OPENED) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> > + if (err)
> > + goto exit;
> > +
> > + /* Buffer containing the message from FW, is
> > + * allocated in callback function.
> > + * Check if buffer allocation failed.
> > + */
> > + if (!dev_ctx->temp_resp) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + dev_dbg(priv->dev,
> > + "%s: %s %s\n",
> > + dev_ctx->miscdev.name,
> > + __func__,
> > + "message received, start transmit to user");
> > +
> > + /*
> > + * Check that the size passed as argument is larger than
> > + * the one carried in the message.
> > + */
> > + size_to_copy = dev_ctx->temp_resp_size << 2;
> > + if (size_to_copy > size) {
> > + dev_dbg(priv->dev,
> > + "%s: User buffer too small (%zu < %d)\n",
> > + dev_ctx->miscdev.name,
> > + size, size_to_copy);
> > + size_to_copy = size;
> > + }
> > +
> > + /*
> > + * We may need to copy the output data to user before
> > + * delivering the completion message.
> > + */
> > + while (!list_empty(&dev_ctx->pending_out)) {
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> > + struct se_buf_desc,
> > + link);
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> > +
> > + dev_dbg(priv->dev,
> > + "%s: Copy output data to user\n",
> > + dev_ctx->miscdev.name);
> > + if (copy_to_user(b_desc->usr_buf_ptr,
> > + b_desc->shared_buf_ptr,
> > + b_desc->size)) {
> > + dev_err(priv->dev,
> > + "%s: Failure copying output data to
> user.",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > + }
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + kfree(b_desc);
> > + }
> > +
> > + /* Copy data from the buffer */
> > + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + dev_ctx->temp_resp, size_to_copy, false);
> > + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> > + dev_err(priv->dev,
> > + "%s: Failed to copy to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + err = size_to_copy;
> > + kfree(dev_ctx->temp_resp);
> > +
> > + /* free memory allocated on the shared buffers. */
> > + dev_ctx->secure_mem.pos = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + dev_ctx->pending_hdr = 0;
> > +
> > +exit:
> > + /*
> > + * Clean the used Shared Memory space,
> > + * whether its Input Data copied from user buffers, or
> > + * Data received from FW.
> > + */
> > + while (!list_empty(&dev_ctx->pending_in) ||
> > + !list_empty(&dev_ctx->pending_out)) {
> > + if (!list_empty(&dev_ctx->pending_in))
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_in,
> > + struct se_buf_desc,
> > + link);
> > + else
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_out,
> > + struct se_buf_desc,
> > + link);
> > +
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + kfree(b_desc);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/* Give access to EdgeLock Enclave, to the memory we want to share */
> > +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> > + u64 addr, u32 len)
> > +{
> > + /* Assuming EdgeLock Enclave has access to all the memory regions
> */
> > + int ret = 0;
> > +
> > + if (ret) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > + if (ret) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Fail set permission for resource\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return ret;
> > +}
> > +
> > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > + struct imx_se_node_info *if_node_info;
> > + struct se_ioctl_get_if_info info;
> > + int err = 0;
> > +
> > + if_node_info = (struct imx_se_node_info *)priv->info;
> > +
> > + info.se_if_id = if_node_info->se_if_id;
> > + info.interrupt_idx = 0;
> > + info.tz = 0;
> > + info.did = if_node_info->se_if_did;
> > + info.cmd_tag = if_node_info->cmd_tag;
> > + info.rsp_tag = if_node_info->rsp_tag;
> > + info.success_tag = if_node_info->success_tag;
> > + info.base_api_ver = if_node_info->base_api_ver;
> > + info.fw_api_ver = if_node_info->fw_api_ver;
> > +
> > + dev_dbg(priv->dev,
> > + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> > + dev_ctx->miscdev.name,
> > + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> > +
> > + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy mu info to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/*
> > + * Copy a buffer of data to/from the user and return the address to use in
> > + * messages
> > + */
> > +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct se_ioctl_setup_iobuf io = {0};
> > + struct se_shared_mem *shared_mem;
> > + struct se_buf_desc *b_desc;
> > + int err = 0;
> > + u32 pos;
> > +
> > + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed copy iobuf config from user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + dev_dbg(dev_ctx->priv->dev,
> > + "%s: io [buf: %p(%d) flag: %x]\n",
> > + dev_ctx->miscdev.name,
> > + io.user_buf, io.length, io.flags);
> > +
> > + if (io.length == 0 || !io.user_buf) {
> > + /*
> > + * Accept NULL pointers since some buffers are optional
> > + * in FW commands. In this case we should return 0 as
> > + * pointer to be embedded into the message.
> > + * Skip all data copy part of code below.
> > + */
> > + io.ele_addr = 0;
> > + goto copy;
> > + }
> > +
> > + /* Select the shared memory to be used for this buffer. */
> > + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> > + /* App requires to use secure memory for this buffer.*/
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed allocate SEC MEM memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + } else {
> > + /* No specific requirement for this buffer. */
> > + shared_mem = &dev_ctx->non_secure_mem;
> > + }
> > +
> > + /* Check there is enough space in the shared memory. */
> > + if (shared_mem->size < shared_mem->pos
> > + || io.length >= shared_mem->size - shared_mem-
> >pos) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Not enough space in shared memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + /* Allocate space in shared memory. 8 bytes aligned. */
> > + pos = shared_mem->pos;
> > + shared_mem->pos += round_up(io.length, 8u);
> > + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> > +
> > + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> > + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> > + /*Add base address to get full address.*/
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed allocate SEC MEM memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + memset(shared_mem->ptr + pos, 0, io.length);
> > + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> > + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> > + /*
> > + * buffer is input:
> > + * copy data from user space to this allocated buffer.
> > + */
> > + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> > + io.length)) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed copy data to shared memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > + }
> > +
> > + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> > + if (!b_desc) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > +copy:
> > + /* Provide the EdgeLock Enclave address to user space only if
> success.*/
> > + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy iobuff setup to user\n",
> > + dev_ctx->miscdev.name);
> > + kfree(b_desc);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + if (b_desc) {
> > + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> > + b_desc->usr_buf_ptr = io.user_buf;
> > + b_desc->size = io.length;
> > +
> > + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> > + /*
> > + * buffer is input:
> > + * add an entry in the "pending input buffers" list so
> > + * that copied data can be cleaned from shared
> memory
> > + * later.
> > + */
> > + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> > + } else {
> > + /*
> > + * buffer is output:
> > + * add an entry in the "pending out buffers" list so
> data
> > + * can be copied to user space when receiving Secure-
> Enclave
> > + * response.
> > + */
> > + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> > + }
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/* IOCTL to provide SoC information */
> > +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct imx_se_node_info_list *info_list;
> > + struct se_ioctl_get_soc_info soc_info;
> > + int err = -EINVAL;
> > +
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev_ctx->priv->dev-
> >parent);
> > + if (!info_list)
> > + goto exit;
> > +
> > + soc_info.soc_id = info_list->soc_id;
> > + soc_info.soc_rev = info_list->soc_rev;
> > +
> > + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> > + if (err) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy soc info to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/* Open a character device. */
> > +static int se_if_fops_open(struct inode *nd, struct file *fp)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct
> se_if_device_ctx,
> > + miscdev);
> > + int err;
> > +
> > + /* Avoid race if opened at the same time */
> > + if (down_trylock(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + /* Authorize only 1 instance. */
> > + if (dev_ctx->status != MU_FREE) {
> > + err = -EBUSY;
> > + goto exit;
> > + }
> > +
> > + /*
> > + * Allocate some memory for data exchanges with S40x.
> > + * This will be used for data not requiring secure memory.
> > + */
> > + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx-
> >dev,
> > + MAX_DATA_SIZE_PER_USER,
> > + &dev_ctx-
> >non_secure_mem.dma_addr,
> > + GFP_KERNEL);
> > + if (!dev_ctx->non_secure_mem.ptr) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + err = se_if_setup_se_mem_access(dev_ctx,
> > + dev_ctx-
> >non_secure_mem.dma_addr,
> > + MAX_DATA_SIZE_PER_USER);
> > + if (err) {
> > + err = -EPERM;
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to share access to shared memory\n",
> > + dev_ctx->miscdev.name);
> > + goto free_coherent;
> > + }
> > +
> > + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> > + dev_ctx->non_secure_mem.pos = 0;
> > + dev_ctx->status = MU_OPENED;
> > +
> > + dev_ctx->pending_hdr = 0;
> > +
> > + goto exit;
> > +
> > +free_coherent:
> > + dmam_free_coherent(dev_ctx->priv->dev,
> MAX_DATA_SIZE_PER_USER,
> > + dev_ctx->non_secure_mem.ptr,
> > + dev_ctx->non_secure_mem.dma_addr);
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/* Close a character device. */
> > +static int se_if_fops_close(struct inode *nd, struct file *fp)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct
> se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_buf_desc *b_desc;
> > +
> > + /* Avoid race if closed at the same time */
> > + if (down_trylock(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + /* The device context has not been opened */
> > + if (dev_ctx->status != MU_OPENED)
> > + goto exit;
> > +
> > + /* check if this device was registered as command receiver. */
> > + if (priv->cmd_receiver_dev == dev_ctx)
> > + priv->cmd_receiver_dev = NULL;
> > +
> > + /* check if this device was registered as waiting response. */
> > + if (priv->waiting_rsp_dev == dev_ctx) {
> > + priv->waiting_rsp_dev = NULL;
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + }
> > +
> > + /* Unmap secure memory shared buffer. */
> > + if (dev_ctx->secure_mem.ptr)
> > + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> > +
> > + dev_ctx->secure_mem.ptr = NULL;
> > + dev_ctx->secure_mem.dma_addr = 0;
> > + dev_ctx->secure_mem.size = 0;
> > + dev_ctx->secure_mem.pos = 0;
> > +
> > + /* Free non-secure shared buffer. */
> > + dmam_free_coherent(dev_ctx->priv->dev,
> MAX_DATA_SIZE_PER_USER,
> > + dev_ctx->non_secure_mem.ptr,
> > + dev_ctx->non_secure_mem.dma_addr);
> > +
> > + dev_ctx->non_secure_mem.ptr = NULL;
> > + dev_ctx->non_secure_mem.dma_addr = 0;
> > + dev_ctx->non_secure_mem.size = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + while (!list_empty(&dev_ctx->pending_in) ||
> > + !list_empty(&dev_ctx->pending_out)) {
> > + if (!list_empty(&dev_ctx->pending_in))
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_in,
> > + struct se_buf_desc,
> > + link);
> > + else
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_out,
> > + struct se_buf_desc,
> > + link);
> > +
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + devm_kfree(dev_ctx->dev, b_desc);
> > + }
> > +
> > + dev_ctx->status = MU_FREE;
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return 0;
> > +}
> > +
> > +/* IOCTL entry point of a character device */
> > +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> > +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct
> se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *se_if_priv = dev_ctx->priv;
> > + int err = -EINVAL;
> > +
> > + /* Prevent race during change of device context */
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + switch (cmd) {
> > + case SE_IOCTL_ENABLE_CMD_RCV:
> > + if (!se_if_priv->cmd_receiver_dev) {
> > + se_if_priv->cmd_receiver_dev = dev_ctx;
> > + err = 0;
> > + }
> > + break;
> > + case SE_IOCTL_GET_MU_INFO:
> > + err = se_ioctl_get_mu_info(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_SETUP_IOBUF:
> > + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_GET_SOC_INFO:
> > + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> > + break;
> > +
> > + default:
> > + err = -EINVAL;
> > + dev_dbg(se_if_priv->dev,
> > + "%s: IOCTL %.8x not supported\n",
> > + dev_ctx->miscdev.name,
> > + cmd);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return (long)err;
> > +}
> > +
> > +/* Char driver setup */
> > +static const struct file_operations se_if_fops = {
> > + .open = se_if_fops_open,
> > + .owner = THIS_MODULE,
> > + .release = se_if_fops_close,
> > + .unlocked_ioctl = se_ioctl,
> > + .read = se_if_fops_read,
> > + .write = se_if_fops_write,
> > +};
> > +
> > +/* interface for managed res to free a mailbox channel */
> > +static void if_mbox_free_channel(void *mbox_chan)
> > +{
> > + mbox_free_channel(mbox_chan);
> > +}
> > +
> > +/* interface for managed res to unregister a character device */
> > +static void if_misc_deregister(void *miscdevice)
> > +{
> > + misc_deregister(miscdevice);
> > +}
> > +
> > +static int se_if_request_channel(struct device *dev,
> > + struct mbox_chan **chan,
> > + struct mbox_client *cl,
> > + const u8 *name)
> > +{
> > + struct mbox_chan *t_chan;
> > + int ret = 0;
> > +
> > + t_chan = mbox_request_channel_byname(cl, name);
> > + if (IS_ERR(t_chan)) {
> > + ret = PTR_ERR(t_chan);
> > + if (ret != -EPROBE_DEFER)
> > + dev_err(dev,
> > + "Failed to request chan %s ret %d\n", name,
> > + ret);
> > + goto exit;
> > + }
> > +
> > + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> > + if (ret) {
> > + dev_err(dev, "failed to add devm removal of mbox %s\n",
> name);
> > + goto exit;
> > + }
> > +
> > + *chan = t_chan;
> > +
> > +exit:
> > + return ret;
> > +}
> > +
> > +static int se_probe_if_cleanup(struct platform_device *pdev)
> > +{
> > + struct device *dev = &pdev->dev;
> > + struct se_if_priv *priv;
> > + int ret = 0;
> > + int i;
> > +
> > + priv = dev_get_drvdata(dev);
> > + if (!priv) {
> > + ret = 0;
> > + dev_dbg(dev, "SE-MU Priv data is NULL;");
> > + return ret;
> > + }
> > +
> > + if (priv->tx_chan)
> > + mbox_free_channel(priv->tx_chan);
> > + if (priv->rx_chan)
> > + mbox_free_channel(priv->rx_chan);
> > +
> > + /* free the buffer in se remove, previously allocated
> > + * in se probe to store encrypted IMEM
> > + */
> > + if (priv->imem.buf) {
> > + dmam_free_coherent(dev,
> > + ELE_IMEM_SIZE,
> > + priv->imem.buf,
> > + priv->imem.phyaddr);
> > + priv->imem.buf = NULL;
> > + }
> > +
> > + if (priv->ctxs) {
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + if (priv->ctxs[i]) {
> > + devm_remove_action(dev,
> > + if_misc_deregister,
> > + &priv->ctxs[i]->miscdev);
> > + misc_deregister(&priv->ctxs[i]->miscdev);
> > + devm_kfree(dev, priv->ctxs[i]);
> > + }
> > + }
> > + devm_kfree(dev, priv->ctxs);
> > + }
> > +
> > + if (priv->flags & RESERVED_DMA_POOL) {
> > + of_reserved_mem_device_release(dev);
> > + priv->flags &= (~RESERVED_DMA_POOL);
> > + }
> > +
> > + devm_kfree(dev, priv);
> > + of_node_put(dev->of_node);
> > + of_platform_device_destroy(dev, NULL);
> > +
> > + return ret;
> > +}
> > +
> > +static int se_probe_cleanup(struct platform_device *pdev)
> > +{
> > + struct device *dev = &pdev->dev;
> > + struct device_node *if_dn;
> > +
> > + /* Enumerate se-interface device nodes. */
> > + for_each_child_of_node(dev->of_node, if_dn) {
> > + struct platform_device *if_pdev
> > + = of_find_device_by_node(if_dn);
> > + if (se_probe_if_cleanup(if_pdev))
> > + dev_err(dev,
> > + "Failed to clean-up child node probe.\n");
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int init_device_context(struct device *dev)
> > +{
> > + const struct imx_se_node_info *info;
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_if_priv *priv;
> > + u8 *devname;
> > + int ret = 0;
> > + int i;
> > +
> > + priv = dev_get_drvdata(dev);
> > +
> > + if (!priv) {
> > + ret = -EINVAL;
> > + dev_err(dev, "Invalid SE-MU Priv data");
> > + return ret;
> > + }
> > + info = priv->info;
> > +
> > + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> > + GFP_KERNEL);
> > +
> > + if (!priv->ctxs) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + /* Create users */
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> > + if (!dev_ctx) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->dev = dev;
> > + dev_ctx->status = MU_FREE;
> > + dev_ctx->priv = priv;
> > +
> > + priv->ctxs[i] = dev_ctx;
> > +
> > + /* Default value invalid for an header. */
> > + init_waitqueue_head(&dev_ctx->wq);
> > +
> > + INIT_LIST_HEAD(&dev_ctx->pending_out);
> > + INIT_LIST_HEAD(&dev_ctx->pending_in);
> > + sema_init(&dev_ctx->fops_lock, 1);
> > +
> > + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> > + info->se_name, i);
> > + if (!devname) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->miscdev.name = devname;
> > + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> > + dev_ctx->miscdev.fops = &se_if_fops;
> > + dev_ctx->miscdev.parent = dev;
> > + ret = misc_register(&dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(dev, "failed to register misc device %d\n",
> > + ret);
> > + return ret;
> > + }
> > +
> > + ret = devm_add_action(dev, if_misc_deregister,
> > + &dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed[%d] to add action to the misc-dev\n",
> > + ret);
> > + return ret;
> > + }
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +static void se_load_firmware(const struct firmware *fw, void *context)
> > +{
> > + struct se_if_priv *priv = (struct se_if_priv *) context;
> > + const struct imx_se_node_info *info = priv->info;
> > + const u8 *se_fw_name = info->fw_name_in_rfs;
> > + phys_addr_t se_fw_phyaddr;
> > + u8 *se_fw_buf;
> > +
> > + if (!fw) {
> > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> > + dev_dbg(priv->dev,
> > + "External FW not found, using ROM FW.\n");
> > + else {
> > + /*add a bit delay to wait for firmware priv released */
> > + msleep(20);
> > +
> > + /* Load firmware one more time if timeout */
> > + request_firmware_nowait(THIS_MODULE,
> > + FW_ACTION_UEVENT, info-
> >fw_name_in_rfs,
> > + priv->dev, GFP_KERNEL, priv,
> > + se_load_firmware);
> > + priv->fw_fail++;
> > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> > + priv->fw_fail);
> > + }
> > +
> > + return;
> > + }
> > +
> > + /* allocate buffer to store the SE FW */
> > + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> > + &se_fw_phyaddr,
> > + GFP_KERNEL);
> > + if (!se_fw_buf) {
> > + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> > + goto exit;
> > + }
> > +
> > + memcpy(se_fw_buf, fw->data, fw->size);
> > +
> > + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> > + dev_err(priv->dev,
> > + "Failed to authenticate & load SE firmware %s.\n",
> > + se_fw_name);
> > +
> > +exit:
> > + dmam_free_coherent(priv->dev,
> > + fw->size,
> > + se_fw_buf,
> > + se_fw_phyaddr);
> > +
> > + release_firmware(fw);
> > +}
> > +
> > +static int se_if_probe(struct platform_device *pdev)
> > +{
> > + struct imx_se_node_info_list *info_list;
> > + struct device *dev = &pdev->dev;
> > + struct imx_se_node_info *info;
> > + struct se_if_priv *priv;
> > + u32 idx;
> > + int ret;
> > +
> > + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev->parent);
> > + info = get_imx_se_node_info(info_list, idx);
> > +
> > + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> > + if (!priv) {
> > + ret = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + dev_set_drvdata(dev, priv);
> > +
> > + /* Mailbox client configuration */
> > + priv->se_mb_cl.dev = dev;
> > + priv->se_mb_cl.tx_block = false;
> > + priv->se_mb_cl.knows_txdone = true;
> > + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> > +
> > + ret = se_if_request_channel(dev, &priv->tx_chan,
> > + &priv->se_mb_cl, info->mbox_tx_name);
> > + if (ret) {
> > + if (ret == -EPROBE_DEFER)
> > + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> > + else
> > + dev_err(dev, "Failed to request tx channel\n");
> > +
> > + goto exit;
> > + }
> > +
> > + ret = se_if_request_channel(dev, &priv->rx_chan,
> > + &priv->se_mb_cl, info->mbox_rx_name);
> > + if (ret) {
> > + if (ret == -EPROBE_DEFER)
> > + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> > + else
> > + dev_dbg(dev, "Failed to request rx channel\n");
> > +
> > + goto exit;
> > + }
> > +
> > + priv->dev = dev;
> > + priv->info = info;
> > +
> > + /* Initialize the mutex. */
> > + mutex_init(&priv->se_if_lock);
> > + mutex_init(&priv->se_if_cmd_lock);
> > +
> > + priv->cmd_receiver_dev = NULL;
> > + priv->waiting_rsp_dev = NULL;
> > + priv->max_dev_ctx = info->max_dev_ctx;
> > + priv->cmd_tag = info->cmd_tag;
> > + priv->rsp_tag = info->rsp_tag;
> > + priv->mem_pool_name = info->pool_name;
> > + priv->success_tag = info->success_tag;
> > + priv->base_api_ver = info->base_api_ver;
> > + priv->fw_api_ver = info->fw_api_ver;
> > +
> > + init_completion(&priv->done);
> > + spin_lock_init(&priv->lock);
> > +
> > + if (info->reserved_dma_ranges) {
> > + ret = of_reserved_mem_device_init(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed to init reserved memory region %d\n",
> > + ret);
> > + priv->flags &= (~RESERVED_DMA_POOL);
> > + goto exit;
> > + }
> > + priv->flags |= RESERVED_DMA_POOL;
> > + }
> > +
> > + if (info->fw_name_in_rfs) {
> > + ret = request_firmware_nowait(THIS_MODULE,
> > + FW_ACTION_UEVENT,
> > + info->fw_name_in_rfs,
> > + dev, GFP_KERNEL, priv,
> > + se_load_firmware);
> > + if (ret)
> > + dev_warn(dev, "Failed to get firmware [%s].\n",
> > + info->fw_name_in_rfs);
> > + }
> > +
> > + ret = imx_fetch_soc_info(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed[%d] to fetch SoC Info\n", ret);
> > + goto exit;
> > + }
> > +
> > + if (info->imem_mgmt) {
> > + /* allocate buffer where SE store encrypted IMEM */
> > + priv->imem.buf = dmam_alloc_coherent(dev,
> ELE_IMEM_SIZE,
> > + &priv->imem.phyaddr,
> > + GFP_KERNEL);
> > + if (!priv->imem.buf) {
> > + dev_err(dev,
> > + "dmam-alloc-failed: To store encr-IMEM.\n");
> > + ret = -ENOMEM;
> > + goto exit;
> > + }
> > + }
> > +
> > + if (info->max_dev_ctx) {
> > + ret = init_device_context(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "Failed[0x%x] to create device contexts.\n",
> > + ret);
> > + goto exit;
> > + }
> > + }
> > +
> > + dev_info(dev, "i.MX secure-enclave: %s interface to firmware,
> configured.\n",
> > + info->se_name);
> > + return devm_of_platform_populate(dev);
> > +
> > +exit:
> > + /* if execution control reaches here, if probe fails.
> > + * hence doing the cleanup
> > + */
> > + if (se_probe_if_cleanup(pdev))
> > + dev_err(dev,
> > + "Failed to clean-up the child node probe.\n");
> > +
> > + return ret;
> > +}
> > +
> > +static int se_probe(struct platform_device *pdev)
> > +{
> > + struct device_node *enum_dev_node;
> > + struct device *dev = &pdev->dev;
> > + int enum_count;
> > + int ret;
> > +
> > + enum_count = of_get_child_count(dev->of_node);
> > + if (!enum_count) {
> > + ret = -EINVAL;
> > + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> > + return ret;
> > + }
> > +
> > + for_each_child_of_node(dev->of_node, enum_dev_node) {
> > + struct platform_device *enum_plat_dev __maybe_unused;
> > +
> > + if (!of_device_is_available(enum_dev_node))
> > + continue;
> > +
> > + enum_plat_dev =
> of_platform_device_create(enum_dev_node,
> > + NULL,
> > + dev);
> > + if (!enum_plat_dev) {
> > + ret = -EINVAL;
> > + of_node_put(enum_dev_node);
> > + dev_err(dev,
> > + "Failed to create enumerated platform
> device.");
> > + break;
> > + }
> > +
> > + ret = se_if_probe(enum_plat_dev);
> > + }
> > + return ret;
> > +}
> > +
> > +static int se_remove(struct platform_device *pdev)
> > +{
> > + if (se_probe_cleanup(pdev))
> > + dev_err(&pdev->dev,
> > + "i.MX Secure Enclave is not cleanly un-probed.");
> > +
> > + return 0;
> > +}
> > +
> > +static int se_suspend(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + const struct imx_se_node_info *info
> > + = priv->info;
> > +
> > + if (info && info->imem_mgmt)
> > + priv->imem.size = se_save_imem_state(dev);
> > +
> > + return 0;
> > +}
> > +
> > +static int se_resume(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + const struct imx_se_node_info *info
> > + = priv->info;
> > + int i;
> > +
> > + for (i = 0; i < priv->max_dev_ctx; i++)
> > + wake_up_interruptible(&priv->ctxs[i]->wq);
> > +
> > + if (info && info->imem_mgmt)
> > + se_restore_imem_state(dev);
> > +
> > + return 0;
> > +}
> > +
> > +static const struct dev_pm_ops se_pm = {
> > + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> > +};
> > +
> > +static struct platform_driver se_driver = {
> > + .driver = {
> > + .name = "fsl-se-fw",
> > + .of_match_table = se_match,
> > + .pm = &se_pm,
> > + },
> > + .probe = se_probe,
> > + .remove = se_remove,
> > +};
> > +MODULE_DEVICE_TABLE(of, se_match);
> > +
> > +module_platform_driver(se_driver);
> > +
> > +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> > +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> > +MODULE_LICENSE("GPL");
> > diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
> > new file mode 100644
> > index 000000000000..76e1ce77c52f
> > --- /dev/null
> > +++ b/drivers/firmware/imx/se_ctrl.h
> > @@ -0,0 +1,151 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef SE_MU_H
> > +#define SE_MU_H
> > +
> > +#include <linux/miscdevice.h>
> > +#include <linux/semaphore.h>
> > +#include <linux/mailbox_client.h>
> > +
> > +#define MAX_FW_LOAD_RETRIES 50
> > +
> > +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> > +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> > +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> > +#define MSG_VER(x) ((x) & 0x000000ff)
> > +#define RES_STATUS(x) ((x) & 0x000000ff)
> > +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> > +#define S4_DEFAULT_MUAP_INDEX (2)
> > +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> > +#define MESSAGING_VERSION_6 0x6
> > +#define MESSAGING_VERSION_7 0x7
> > +
> > +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> > +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> > +
> > +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> > +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> > +
> > +struct se_imem_buf {
> > + u8 *buf;
> > + phys_addr_t phyaddr;
> > + u32 size;
> > +};
> > +
> > +struct se_buf_desc {
> > + u8 *shared_buf_ptr;
> > + u8 *usr_buf_ptr;
> > + u32 size;
> > + struct list_head link;
> > +};
> > +
> > +/* Status of a char device */
> > +enum se_if_dev_ctx_status_t {
> > + MU_FREE,
> > + MU_OPENED
> > +};
> > +
> > +struct se_shared_mem {
> > + dma_addr_t dma_addr;
> > + u32 size;
> > + u32 pos;
> > + u8 *ptr;
> > +};
> > +
> > +/* Private struct for each char device instance. */
> > +struct se_if_device_ctx {
> > + struct device *dev;
> > + struct se_if_priv *priv;
> > + struct miscdevice miscdev;
> > +
> > + enum se_if_dev_ctx_status_t status;
> > + wait_queue_head_t wq;
> > + struct semaphore fops_lock;
> > +
> > + u32 pending_hdr;
> > + struct list_head pending_in;
> > + struct list_head pending_out;
> > +
> > + struct se_shared_mem secure_mem;
> > + struct se_shared_mem non_secure_mem;
> > +
> > + u32 *temp_resp;
> > + u32 temp_resp_size;
> > + struct notifier_block se_notify;
> > +};
> > +
> > +/* Header of the messages exchange with the EdgeLock Enclave */
> > +struct se_msg_hdr {
> > + u8 ver;
> > + u8 size;
> > + u8 command;
> > + u8 tag;
> > +} __packed;
> > +
> > +#define SE_MU_HDR_SZ 4
> > +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> > +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> > +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> > +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> > +
> > +struct se_api_msg {
> > + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> > + u32 *data;
> > +};
> > +
> > +struct se_if_priv {
> > + struct se_if_device_ctx *cmd_receiver_dev;
> > + struct se_if_device_ctx *waiting_rsp_dev;
> > + bool no_dev_ctx_used;
> > + /*
> > + * prevent parallel access to the se interface registers
> > + * e.g. a user trying to send a command while the other one is
> > + * sending a response.
> > + */
> > + struct mutex se_if_lock;
> > + /*
> > + * prevent a command to be sent on the se interface while another
> one is
> > + * still processing. (response to a command is allowed)
> > + */
> > + struct mutex se_if_cmd_lock;
> > + struct device *dev;
> > + u8 *mem_pool_name;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > + u32 fw_fail;
> > + const void *info;
> > +
> > + struct mbox_client se_mb_cl;
> > + struct mbox_chan *tx_chan, *rx_chan;
> > + struct se_api_msg *rx_msg;
> > + struct completion done;
> > + spinlock_t lock;
> > + /*
> > + * Flag to retain the state of initialization done at
> > + * the time of se-mu probe.
> > + */
> > + uint32_t flags;
> > + u8 max_dev_ctx;
> > + struct se_if_device_ctx **ctxs;
> > + struct se_imem_buf imem;
> > +};
> > +
> > +void *get_phy_buf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + dma_addr_t *buf,
> > + u32 size);
> > +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 **buf,
> > + u32 size);
> > +void free_phybuf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 *buf,
> > + u32 size);
> > +#endif
> > diff --git a/include/linux/firmware/imx/se_api.h
> b/include/linux/firmware/imx/se_api.h
> > new file mode 100644
> > index 000000000000..c47f84906837
> > --- /dev/null
> > +++ b/include/linux/firmware/imx/se_api.h
> > @@ -0,0 +1,14 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef __SE_API_H__
> > +#define __SE_API_H__
> > +
> > +#include <linux/types.h>
> > +
> > +#define SOC_ID_OF_IMX8ULP 0x084D
> > +#define SOC_ID_OF_IMX93 0x9300
> > +
> > +#endif /* __SE_API_H__ */
> > diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> > new file mode 100644
> > index 000000000000..f68a36e9da2c
> > --- /dev/null
> > +++ b/include/uapi/linux/se_ioctl.h
> > @@ -0,0 +1,88 @@
> > +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-
> Clause*/
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef SE_IOCTL_H
> > +#define SE_IOCTL_H
> > +
> > +/* IOCTL definitions. */
> > +
> > +struct se_ioctl_setup_iobuf {
> > + u8 *user_buf;
> > + u32 length;
> > + u32 flags;
> > + u64 ele_addr;
> > +};
> > +
> > +struct se_ioctl_shared_mem_cfg {
> > + u32 base_offset;
> > + u32 size;
> > +};
> > +
> > +struct se_ioctl_get_if_info {
> > + u8 se_if_id;
> > + u8 interrupt_idx;
> > + u8 tz;
> > + u8 did;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > +};
> > +
> > +struct se_ioctl_signed_message {
> > + u8 *message;
> > + u32 msg_size;
> > + u32 error_code;
> > +};
> > +
> > +struct se_ioctl_get_soc_info {
> > + u16 soc_id;
> > + u16 soc_rev;
> > +};
> > +
> > +/* IO Buffer Flags */
> > +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> > +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> > +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> > +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> > +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> > +
> > +/* IOCTLS */
> > +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> > +
> > +/*
> > + * ioctl to designated the current fd as logical-reciever.
> > + * This is ioctl is send when the nvm-daemon, a slave to the
> > + * firmware is started by the user.
> > + */
> > +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> > +
> > +/*
> > + * ioctl to get the buffer allocated from the memory, which is shared
> > + * between kernel and FW.
> > + * Post allocation, the kernel tagged the allocated memory with:
> > + * Output
> > + * Input
> > + * Input-Output
> > + * Short address
> > + * Secure-memory
> > + */
> > +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> > + struct se_ioctl_setup_iobuf)
> > +
> > +/*
> > + * ioctl to get the mu information, that is used to exchange message
> > + * with FW, from user-spaced.
> > + */
> > +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> > + struct se_ioctl_get_if_info)
> > +/*
> > + * ioctl to get SoC Info from user-space.
> > + */
> > +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> > + struct se_ioctl_get_soc_info)
> > +
> > +#endif
> >
> > --
> > 2.34.1
> >

2024-05-13 09:16:44

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Amit Singh Tomar <[email protected]>
> Sent: Saturday, May 11, 2024 1:09 AM
> To: Frank Li <[email protected]>; Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock
> Enclave
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> Hi,
> >
> > ----------------------------------------------------------------------
> > On Fri, May 10, 2024 at 06:57:30PM +0530, Pankaj Gupta wrote:
> >> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> >> are embedded in the SoC to support the features like HSM, SHE & V2X,
> >> using message based communication interface.
> >>
> >> The secure enclave FW communicates on a dedicated messaging unit(MU)
> >> based interface(s) with application core, where kernel is running.
> >> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
> >>
> >> This patch adds the driver for communication interface to secure-enclave,
> >> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
> Enclave,
> >> both from:
> >> - User-Space Applications via character driver.
> >> - Kernel-space, used by kernel management layers like DM-Crypt.
> >>
> >> ABI documentation for the NXP secure-enclave driver.
> >>
> >> User-space library using this driver:
> >> - i.MX Secure Enclave library:
> >> -- URL:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3
> DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DeKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgC
> pca6smAwvwFycf%26s%3DIfKbvjSfdUcqz-
> WEWdhbj1_TnqGryOffX1dV0T5Rf_A%26e%3D&data=05%7C02%7Cpankaj.gu
> pta%40nxp.com%7C111dd89e61f149b5f7e708dc71290348%7C686ea1d3bc2
> b4c6fa92cd99c5c301635%7C0%7C0%7C638509668202231639%7CUnknown
> %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
> wiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=FEt3DR2WBF3v8fNgnliJhVB10
> MCCkaf8KYGmLz3fk3A%3D&reserved=0 ,
> >> - i.MX Secure Middle-Ware:
> >> -- URL:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-
> 2Dsmw.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3DV
> _GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DeKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgC
> pca6smAwvwFycf%26s%3DLLz2plXTM1AS-
> zJ1HlZRKiBE8GmRJBduR_0dnOuFjRo%26e%3D&data=05%7C02%7Cpankaj.gu
> pta%40nxp.com%7C111dd89e61f149b5f7e708dc71290348%7C686ea1d3bc2
> b4c6fa92cd99c5c301635%7C0%7C0%7C638509668202240209%7CUnknown
> %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
> wiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=YOBEbhRl7XJeLu%2BdaznovR
> 4lDrbyoOlmxUP9BiYZ330%3D&reserved=0
> >>
> >> Signed-off-by: Pankaj Gupta <[email protected]>
> >> ---
> >> Documentation/ABI/testing/se-cdev | 42 ++
> >> drivers/firmware/imx/Kconfig | 12 +
> >> drivers/firmware/imx/Makefile | 2 +
> >> drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> >> drivers/firmware/imx/ele_base_msg.h | 70 ++
> >> drivers/firmware/imx/ele_common.c | 341 +++++++++
> >> drivers/firmware/imx/ele_common.h | 43 ++
> >> drivers/firmware/imx/se_ctrl.c | 1339
> +++++++++++++++++++++++++++++++++++
> >> drivers/firmware/imx/se_ctrl.h | 151 ++++
> >> include/linux/firmware/imx/se_api.h | 14 +
> >> include/uapi/linux/se_ioctl.h | 88 +++
> >> 11 files changed, 2389 insertions(+)
> >>
> >> diff --git a/Documentation/ABI/testing/se-cdev
> b/Documentation/ABI/testing/se-cdev
> >> new file mode 100644
> >> index 000000000000..699525af6b86
> >> --- /dev/null
> >> +++ b/Documentation/ABI/testing/se-cdev
> >> @@ -0,0 +1,42 @@
> >> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> >> +Date: May 2024
> >> +KernelVersion: 6.8
> >> +Contact: [email protected], [email protected]
> >> +Description:
> >> + NXP offers multiple hardware IP(s) for secure-enclaves like
> EdgeLock-
> >> + Enclave(ELE), SECO. The character device file-descriptors
> >> + /dev/<se>_mu*_ch* are the interface between user-space NXP's
> secure-
> >> + enclave shared-library and the kernel driver.
> >> +
> >> + The ioctl(2)-based ABI is defined and documented in
> >> + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> >> + ioctl(s) are used primarily for:
> >> + - shared memory management
> >> + - allocation of I/O buffers
> >> + - get mu info
> >> + - setting a dev-ctx as receiver that is slave to fw
> >> + - get SoC info
> >> +
> >> + The following file operations are supported:
> >> +
> >> + open(2)
> >> + Currently the only useful flags are O_RDWR.
> >> +
> >> + read(2)
> >> + Every read() from the opened character device context is waiting
> on
> >> + wakeup_intruptible, that gets set by the registered mailbox
> callback
> >> + function; indicating a message received from the firmware on
> message-
> >> + unit.
> >> +
> >> + write(2)
> >> + Every write() to the opened character device context needs to
> acquire
> >> + mailbox_lock, before sending message on to the message unit.
> >> +
> >> + close(2)
> >> + Stops and free up the I/O contexts that was associated
> >> + with the file descriptor.
> >> +
> >> +Users:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3
> DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DeKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgC
> pca6smAwvwFycf%26s%3DIfKbvjSfdUcqz-
> WEWdhbj1_TnqGryOffX1dV0T5Rf_A%26e%3D&data=05%7C02%7Cpankaj.gu
> pta%40nxp.com%7C111dd89e61f149b5f7e708dc71290348%7C686ea1d3bc2
> b4c6fa92cd99c5c301635%7C0%7C0%7C638509668202246211%7CUnknown
> %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
> wiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5Cpw4sCLsKzv%2FRiikt2aA4d
> ILonYXeFzcnMo4UugdQ4%3D&reserved=0 ,
> >> +
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-
> 2Dsmw.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3DV
> _GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DeKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgC
> pca6smAwvwFycf%26s%3DLLz2plXTM1AS-
> zJ1HlZRKiBE8GmRJBduR_0dnOuFjRo%26e%3D&data=05%7C02%7Cpankaj.gu
> pta%40nxp.com%7C111dd89e61f149b5f7e708dc71290348%7C686ea1d3bc2
> b4c6fa92cd99c5c301635%7C0%7C0%7C638509668202250817%7CUnknown
> %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
> wiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m5NZLmshBmqnnbb2U%2Bm
> cMYYbv7LS8X%2ByzMVTs%2BI7tkI%3D&reserved=0
> >> + crypto/skcipher,
> >> + drivers/nvmem/imx-ocotp-ele.c
> >> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> >> index 183613f82a11..56bdca9bd917 100644
> >> --- a/drivers/firmware/imx/Kconfig
> >> +++ b/drivers/firmware/imx/Kconfig
> >> @@ -22,3 +22,15 @@ config IMX_SCU
> >>
> >> This driver manages the IPC interface between host CPU and the
> >> SCU firmware running on M4.
> >> +
> >> +config IMX_SEC_ENCLAVE
> >> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware
> driver."
> >> + depends on IMX_MBOX && ARCH_MXC && ARM64
> >> + default m if ARCH_MXC
> >> +
> >> + help
> >> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP
> called:
> >> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> >> + like base, HSM, V2X & SHE using the SAB protocol via the shared
> Messaging
> >> + Unit. This driver exposes these interfaces via a set of file descriptors
> >> + allowing to configure shared memory, send and receive messages.
> >> diff --git a/drivers/firmware/imx/Makefile
> b/drivers/firmware/imx/Makefile
> >> index 8f9f04a513a8..aa9033e0e9e3 100644
> >> --- a/drivers/firmware/imx/Makefile
> >> +++ b/drivers/firmware/imx/Makefile
> >> @@ -1,3 +1,5 @@
> >> # SPDX-License-Identifier: GPL-2.0
> >> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> >> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irqo rm.o
> imx-scu-soc.o
> >> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> >> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> >> diff --git a/drivers/firmware/imx/ele_base_msg.c
> b/drivers/firmware/imx/ele_base_msg.c
> >> new file mode 100644
> >> index 000000000000..0463f26d93c7
> >> --- /dev/null
> >> +++ b/drivers/firmware/imx/ele_base_msg.c
> >> @@ -0,0 +1,287 @@
> >> +// SPDX-License-Identifier: GPL-2.0+
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +#include <linux/types.h>
> >> +#include <linux/completion.h>
> >> +#include <linux/dma-mapping.h>
> >> +
> >> +#include "ele_base_msg.h"
> >> +#include "ele_common.h"
> >> +
> >> +int ele_get_info(struct device *dev, struct soc_info *s_info)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + struct se_api_msg *tx_msg __free(kfree);
> >> + struct se_api_msg *rx_msg __free(kfree);
> >> + phys_addr_t get_info_addr;
> >> + u32 *get_info_data;
> >> + u32 status;
> >> + int ret;
> >> +
> >> + if (!priv || !s_info)
> >> + goto exit;
> >> +
> >> + memset(s_info, 0x0, sizeof(*s_info));
> >> +
> >> + if (priv->mem_pool_name)
> >> + get_info_data = get_phy_buf_mem_pool(dev,
> >> + priv->mem_pool_name,
> >> + &get_info_addr,
> >> + ELE_GET_INFO_BUFF_SZ);
> >> + else
> >> + get_info_data = dmam_alloc_coherent(dev,
> >> + ELE_GET_INFO_BUFF_SZ,
> >> + &get_info_addr,
> >> + GFP_KERNEL);
> >> + if (!get_info_data) {
> >> + ret = -ENOMEM;
> >> + dev_err(dev,
> >> + "%s: Failed to allocate get_info_addr.\n",
> >> + __func__);
> >> + goto exit;
> >> + }
> >> +
> >> + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> >> + if (!tx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> It seems like you intended to use goto exit; instead of returning
> directly from here. This would ensure that you can free the buffer
> allocated with get_phy_buf_mem_pool in case of an allocation failure.


Accepted.

> >> + }
> >> +
> >> + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> >> + if (!rx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
Will correct here as well.

> >> +
> >> + ret = plat_fill_cmd_msg_hdr(priv,
> >> + (struct se_msg_hdr *)&tx_msg->header,
> >> + ELE_GET_INFO_REQ,
> >> + ELE_GET_INFO_REQ_MSG_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + tx_msg->data[0] = upper_32_bits(get_info_addr);
> >> + tx_msg->data[1] = lower_32_bits(get_info_addr);
> >> + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> >> + priv->rx_msg = rx_msg;
> >> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> >> + if (ret < 0)
> >> + goto exit;
> >> +
> >> + ret = validate_rsp_hdr(priv,
> >> + priv->rx_msg->header,
> >> + ELE_GET_INFO_REQ,
> >> + ELE_GET_INFO_RSP_MSG_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + status = RES_STATUS(priv->rx_msg->data[0]);
> >> + if (status != priv->success_tag) {
> >> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> >> + ELE_GET_INFO_REQ, status);
> >> + ret = -1;
> >> + }
> >> +
> >> + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> >> + & ELE_IMEM_STATE_MASK) >> 16;
> >> + s_info->major_ver =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> >> + & SOC_VER_MASK) >> 24;
> >> + s_info->minor_ver =
> ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> >> + & SOC_VER_MASK) >> 16) & 0xFF;
> >> + s_info->soc_rev =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> >> + & SOC_VER_MASK) >> 16;
> >> + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> >> + & SOC_ID_MASK;
> >> + s_info->serial_num
> >> + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] <<
> 32
> >> + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> >> +exit:
> >> + if (get_info_addr) {
> >> + if (priv->mem_pool_name)
> >> + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> >> + get_info_data, ELE_GET_INFO_BUFF_SZ);
> >> + else
> >> + dmam_free_coherent(dev,
> >> + ELE_GET_INFO_BUFF_SZ,
> >> + get_info_data,
> >> + get_info_addr);
> >> + }
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +int ele_ping(struct device *dev)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + struct se_api_msg *tx_msg __free(kfree);
> >> + struct se_api_msg *rx_msg __free(kfree);
> >
> > If you want __free(kfree) it should be
> >
> > struct se_api_msg *tx_msg __free(kfree) = NULL;
> > struct se_api_msg *rx_msg __free(kfree) = NULL;
> >
> > Or
> >
> > struct se_api_msg *tx_msg __free(kfree) = kzalloc(ELE_PING_REQ_SZ << 2,
> GFP_KERNEL)
> > struct se_api_msg *rx_msg __free(kfree) = kzalloc(ELE_PING_RSP_SZ << 2,
> GFP_KERNEL)
> >
> > otherwise when
> > if (!tx_msg) {
> > return ret;
> >
> > ^^ when go here, rx_msg is random value. So kfree(rx_msg) will
> > access random address.
> >
> > }
> >
> >> + u32 status;
> >> + int ret;
> >> +
> >> + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> >> + if (!tx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >
> >
> > return -ENOMEM
> >
> > Frank
> >
> >> + }
> >> +
> >> + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> >> + if (!rx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + ret = plat_fill_cmd_msg_hdr(priv,
> >> + (struct se_msg_hdr *)&tx_msg->header,
> >> + ELE_PING_REQ, ELE_PING_REQ_SZ,
> >> + true);
> >> + if (ret) {
> >> + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> >> + goto exit;
> >> + }
> >> +
> >> + priv->rx_msg = rx_msg;
> >> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + ret = validate_rsp_hdr(priv,
> >> + priv->rx_msg->header,
> >> + ELE_PING_REQ,
> >> + ELE_PING_RSP_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + status = RES_STATUS(priv->rx_msg->data[0]);
> >> + if (status != priv->success_tag) {
> >> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> >> + ELE_PING_REQ, status);
> >> + ret = -1;
> >> + }
> >> +exit:
> >> + return ret;
> >> +}
> >> +
> >> +int ele_service_swap(struct device *dev,
> >> + phys_addr_t addr,
> >> + u32 addr_size, u16 flag)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + struct se_api_msg *tx_msg __free(kfree);
> >> + struct se_api_msg *rx_msg __free(kfree);
> >> + u32 status;
> >> + int ret;
> >> +
> >> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2,
> GFP_KERNEL);
> >> + if (!tx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2,
> GFP_KERNEL);
> >> + if (!rx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + ret = plat_fill_cmd_msg_hdr(priv,
> >> + (struct se_msg_hdr *)&tx_msg->header,
> >> + ELE_SERVICE_SWAP_REQ,
> >> + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + tx_msg->data[0] = flag;
> >> + tx_msg->data[1] = addr_size;
> >> + tx_msg->data[2] = ELE_NONE_VAL;
> >> + tx_msg->data[3] = lower_32_bits(addr);
> >> + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> >> + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> >> + priv->rx_msg = rx_msg;
> >> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> >> + if (ret < 0)
> >> + goto exit;
> >> +
> >> + ret = validate_rsp_hdr(priv,
> >> + priv->rx_msg->header,
> >> + ELE_SERVICE_SWAP_REQ,
> >> + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + status = RES_STATUS(priv->rx_msg->data[0]);
> >> + if (status != priv->success_tag) {
> >> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> >> + ELE_SERVICE_SWAP_REQ, status);
> >> + ret = -1;
> >> + } else {
> >> + if (flag == ELE_IMEM_EXPORT)
> >> + ret = priv->rx_msg->data[1];
> >> + else
> >> + ret = 0;
> >> + }
> >> +exit:
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + struct se_api_msg *tx_msg __free(kfree);
> >> + struct se_api_msg *rx_msg __free(kfree);
> >> + u32 status;
> >> + int ret;
> >> +
> >> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> >> + if (!tx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> >> + if (!rx_msg) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> + ret = plat_fill_cmd_msg_hdr(priv,
> >> + (struct se_msg_hdr *)&tx_msg->header,
> >> + ELE_FW_AUTH_REQ,
> >> + ELE_FW_AUTH_REQ_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + tx_msg->data[0] = addr;
> >> + tx_msg->data[1] = 0x0;
> >> + tx_msg->data[2] = addr;
> >> +
> >> + priv->rx_msg = rx_msg;
> >> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> >> + if (ret < 0)
> >> + goto exit;
> >> +
> >> + ret = validate_rsp_hdr(priv,
> >> + priv->rx_msg->header,
> >> + ELE_FW_AUTH_REQ,
> >> + ELE_FW_AUTH_RSP_MSG_SZ,
> >> + true);
> >> + if (ret)
> >> + goto exit;
> >> +
> >> + status = RES_STATUS(priv->rx_msg->data[0]);
> >> + if (status != priv->success_tag) {
> >> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> >> + ELE_FW_AUTH_REQ, status);
> >> + ret = -1;
> >> + }
> >> +exit:
> >> +
> >> + return ret;
> >> +}
> >> diff --git a/drivers/firmware/imx/ele_base_msg.h
> b/drivers/firmware/imx/ele_base_msg.h
> >> new file mode 100644
> >> index 000000000000..3b3d2bf04a84
> >> --- /dev/null
> >> +++ b/drivers/firmware/imx/ele_base_msg.h
> >> @@ -0,0 +1,70 @@
> >> +/* SPDX-License-Identifier: GPL-2.0+ */
> >> +/*
> >> + * Copyright 2024 NXP
> >> + *
> >> + * Header file for the EdgeLock Enclave Base API(s).
> >> + */
> >> +
> >> +#ifndef ELE_BASE_MSG_H
> >> +#define ELE_BASE_MSG_H
> >> +
> >> +#include <linux/device.h>
> >> +#include <linux/types.h>
> >> +
> >> +#define WORD_SZ 4
> >> +#define ELE_NONE_VAL 0x0
> >> +
> >> +#define ELE_SUCCESS_IND 0xD6
> >> +
> >> +#define ELE_GET_INFO_REQ 0xDA
> >> +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> >> +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> >> +
> >> +#define ELE_GET_INFO_BUFF_SZ 0x100
> >> +#define ELE_GET_INFO_READ_SZ 0xA0
> >> +
> >> +#define DEFAULT_IMX_SOC_VER 0xA0
> >> +#define SOC_VER_MASK 0xFFFF0000
> >> +#define SOC_ID_MASK 0x0000FFFF
> >> +struct soc_info {
> >> + u32 imem_state;
> >> + u8 major_ver;
> >> + u8 minor_ver;
> >> + u16 soc_id;
> >> + u16 soc_rev;
> >> + u64 serial_num;
> >> +};
> >> +
> >> +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> >> +#define GET_INFO_UUID_WORD_OFFSET 3
> >> +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> >> + (GET_INFO_UUID_WORD_OFFSET + 3)
> >> +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> >> + (GET_INFO_UUID_WORD_OFFSET + 0)
> >> +
> >> +#define ELE_PING_REQ 0x01
> >> +#define ELE_PING_REQ_SZ 0x04
> >> +#define ELE_PING_RSP_SZ 0x08
> >> +
> >> +#define ELE_SERVICE_SWAP_REQ 0xDF
> >> +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> >> +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> >> +#define ELE_IMEM_SIZE 0x10000
> >> +#define ELE_IMEM_STATE_OK 0xCA
> >> +#define ELE_IMEM_STATE_BAD 0xFE
> >> +#define ELE_IMEM_STATE_WORD 0x27
> >> +#define ELE_IMEM_STATE_MASK 0x00ff0000
> >> +#define ELE_IMEM_EXPORT 0x1
> >> +#define ELE_IMEM_IMPORT 0x2
> >> +
> >> +#define ELE_FW_AUTH_REQ 0x02
> >> +#define ELE_FW_AUTH_REQ_SZ 0x10
> >> +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> >> +
> >> +int ele_get_info(struct device *dev, struct soc_info *s_info);
> >> +int ele_ping(struct device *dev);
> >> +int ele_service_swap(struct device *dev,
> >> + phys_addr_t addr,
> >> + u32 addr_size, u16 flag);
> >> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> >> +#endif
> >> diff --git a/drivers/firmware/imx/ele_common.c
> b/drivers/firmware/imx/ele_common.c
> >> new file mode 100644
> >> index 000000000000..dcf7f9034653
> >> --- /dev/null
> >> +++ b/drivers/firmware/imx/ele_common.c
> >> @@ -0,0 +1,341 @@
> >> +// SPDX-License-Identifier: GPL-2.0+
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +#include "ele_base_msg.h"
> >> +#include "ele_common.h"
> >> +
> >> +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> >> +{
> >> + u32 nb_words = msg_len / (u32)sizeof(u32);
> >> + u32 crc = 0;
> >> + u32 i;
> >> +
> >> + for (i = 0; i < nb_words - 1; i++)
> >> + crc ^= *(msg + i);
> >> +
> >> + return crc;
> >> +}
> >> +
> >> +int imx_ele_msg_rcv(struct se_if_priv *priv)
> >> +{
> >> + u32 wait;
> >> + int err;
> >> +
> >> + wait = msecs_to_jiffies(1000);
> >> + if (!wait_for_completion_timeout(&priv->done, wait)) {
> >> + dev_err(priv->dev,
> >> + "Error: wait_for_completion timed out.\n");
> >> + err = -ETIMEDOUT;
> >> + }
> >> +
> >> + mutex_unlock(&priv->se_if_cmd_lock);
> >> + priv->no_dev_ctx_used = false;
> >> +
> >> + return err;
> >> +}
> >> +
> >> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> >> +{
> >> + bool is_cmd_lock_tobe_taken = false;
> >> + int err;
> >> +
> >> + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> >> + is_cmd_lock_tobe_taken = true;
> >> + mutex_lock(&priv->se_if_cmd_lock);
> >> + }
> >> + scoped_guard(mutex, &priv->se_if_lock);
> >> +
> >> + err = mbox_send_message(priv->tx_chan, mssg);
> >> + if (err < 0) {
> >> + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> >> + if (is_cmd_lock_tobe_taken)
> >> + mutex_unlock(&priv->se_if_cmd_lock);
> >> + return err;
> >> + }
> >> + err = 0;
> >> +
> >> + return err;
> >> +}
> >> +
> >> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> >> +{
> >> + int err;
> >> +
> >> + priv->no_dev_ctx_used = true;
> >> + err = imx_ele_msg_send(priv, mssg);
> >> + if (err)
> >> + goto exit;
> >> +
> >> + err = imx_ele_msg_rcv(priv);
> >> +
> >> +exit:
> >> + return err;
> >> +}
> >> +
> >> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> >> +{
> >> + struct se_msg_hdr header = {0};
> >> + int err;
> >> +
> >> + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr !=
> 0);
> >> + if (err)
> >> + dev_err(dev_ctx->dev,
> >> + "%s: Err[0x%x]:Interrupted by signal.\n",
> >> + dev_ctx->miscdev.name, err);
> >> +
> >> + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> >> +
> >> + if (header.tag == dev_ctx->priv->rsp_tag)
> >> + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> >> +
> >> + return err;
> >> +}
> >> +
> >> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> >> + void *tx_msg, int tx_msg_sz)
> >> +{
> >> + struct se_if_priv *priv = dev_ctx->priv;
> >> + struct se_msg_hdr header = {0};
> >> + int err;
> >> +
> >> + header = *((struct se_msg_hdr *) tx_msg);
> >> +
> >> + /*
> >> + * Check that the size passed as argument matches the size
> >> + * carried in the message.
> >> + */
> >> + err = header.size << 2;
> >> +
> >> + if (err != tx_msg_sz) {
> >> + err = -EINVAL;
> >> + dev_err(priv->dev,
> >> + "%s: User buffer too small\n",
> >> + dev_ctx->miscdev.name);
> >> + goto exit;
> >> + }
> >> + /* Check the message is valid according to tags */
> >> + if (header.tag == priv->cmd_tag)
> >> + priv->waiting_rsp_dev = dev_ctx;
> >> + else if (header.tag == priv->rsp_tag) {
> >> + /* Check the device context can send the command */
> >> + if (dev_ctx != priv->cmd_receiver_dev) {
> >> + dev_err(priv->dev,
> >> + "%s: Channel not configured to send resp to FW.",
> >> + dev_ctx->miscdev.name);
> >> + err = -EPERM;
> >> + goto exit;
> >> + }
> >> + } else {
> >> + dev_err(priv->dev,
> >> + "%s: The message does not have a valid TAG\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EINVAL;
> >> + goto exit;
> >> + }
> >> + err = imx_ele_msg_send(priv, tx_msg);
> >> +exit:
> >> + return err;
> >> +}
> >> +
> >> +/*
> >> + * Callback called by mailbox FW, when data is received.
> >> + */
> >> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> >> +{
> >> + struct device *dev = mbox_cl->dev;
> >> + struct se_if_device_ctx *dev_ctx;
> >> + struct se_api_msg *rx_msg;
> >> + bool is_response = false;
> >> + struct se_if_priv *priv;
> >> + struct se_msg_hdr header;
> >> +
> >> + priv = dev_get_drvdata(dev);
> >> + if (!priv) {
> >> + dev_err(dev, "SE-MU Priv data is NULL;");
> >> + return;
> >> + }
> >> +
> >> + /* The function can be called with NULL msg */
> >> + if (!msg) {
> >> + dev_err(dev, "Message is invalid\n");
> >> + return;
> >> + }
> >> +
> >> + header.tag = ((u8 *)msg)[TAG_OFFSET];
> >> + header.command = ((u8 *)msg)[CMD_OFFSET];
> >> + header.size = ((u8 *)msg)[SZ_OFFSET];
> >> + header.ver = ((u8 *)msg)[VER_OFFSET];
> >> +
> >> + /* Incoming command: wake up the receiver if any. */
> >> + if (header.tag == priv->cmd_tag) {
> >> + dev_dbg(dev, "Selecting cmd receiver\n");
> >> + dev_ctx = priv->cmd_receiver_dev;
> >> + } else if (header.tag == priv->rsp_tag) {
> >> + if (priv->waiting_rsp_dev) {
> >> + dev_dbg(dev, "Selecting rsp waiter\n");
> >> + dev_ctx = priv->waiting_rsp_dev;
> >> + is_response = true;
> >> + } else {
> >> + /*
> >> + * Reading the EdgeLock Enclave response
> >> + * to the command, sent by other
> >> + * linux kernel services.
> >> + */
> >> + spin_lock(&priv->lock);
> >> + memcpy(&priv->rx_msg, msg, header.size << 2);
> >> +
> >> + complete(&priv->done);
> >> + spin_unlock(&priv->lock);
> >> + return;
> >> + }
> >> + } else {
> >> + dev_err(dev, "Failed to select a device for message: %.8x\n",
> >> + *((u32 *) &header));
> >> + return;
> >> + }
> >> + /* Init reception */
> >> + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> >> + if (rx_msg)
> >> + memcpy(rx_msg, msg, header.size << 2);
> >> +
> >> + dev_ctx->temp_resp = (u32 *)rx_msg;
> >> + dev_ctx->temp_resp_size = header.size;
> >> +
> >> + /* Allow user to read */
> >> + dev_ctx->pending_hdr = 1;
> >> + wake_up_interruptible(&dev_ctx->wq);
> >> +
> >> + if (is_response)
> >> + priv->waiting_rsp_dev = NULL;
> >> +}
> >> +
> >> +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> >> + uint8_t msg_id, uint8_t sz, bool is_base_api)
> >> +{
> >> + int ret = -EINVAL;
> >> + u32 size;
> >> + u32 cmd;
> >> + u32 tag;
> >> + u32 ver;
> >> +
> >> + tag = MSG_TAG(header);
> >> + cmd = MSG_COMMAND(header);
> >> + size = MSG_SIZE(header);
> >> + ver = MSG_VER(header);
> >> +
> >> + do {
> >> + if (tag != priv->rsp_tag) {
> >> + dev_err(priv->dev,
> >> + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
> >> + msg_id, tag, priv->rsp_tag);
> >> + break;
> >> + }
> >> +
> >> + if (cmd != msg_id) {
> >> + dev_err(priv->dev,
> >> + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
> >> + cmd, msg_id);
> >> + break;
> >> + }
> >> +
> >> + if (size != (sz >> 2)) {
> >> + dev_err(priv->dev,
> >> + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
> >> + msg_id, size, (sz >> 2));
> >> + break;
> >> + }
> >> +
> >> + if (is_base_api && (ver != priv->base_api_ver)) {
> >> + dev_err(priv->dev,
> >> + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x !=
> 0x%x)",
> >> + msg_id, ver, priv->base_api_ver);
> >> + break;
> >> + } else if (!is_base_api && ver != priv->fw_api_ver) {
> >> + dev_err(priv->dev,
> >> + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
> >> + msg_id, ver, priv->fw_api_ver);
> >> + break;
> >> + }
> >> +
> >> + ret = 0;
> >> +
> >> + } while (false);
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +int se_save_imem_state(struct device *dev)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + int ret;
> >> +
> >> + /* EXPORT command will save encrypted IMEM to given address,
> >> + * so later in resume, IMEM can be restored from the given
> >> + * address.
> >> + *
> >> + * Size must be at least 64 kB.
> >> + */
> >> + ret = ele_service_swap(dev,
> >> + priv->imem.phyaddr,
> >> + ELE_IMEM_SIZE,
> >> + ELE_IMEM_EXPORT);
> >> + if (ret < 0)
> >> + dev_err(dev, "Failed to export IMEM\n");
> >> + else
> >> + dev_info(dev,
> >> + "Exported %d bytes of encrypted IMEM\n",
> >> + ret);
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +int se_restore_imem_state(struct device *dev)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + struct soc_info s_info;
> >> + int ret;
> >> +
> >> + /* get info from ELE */
> >> + ret = ele_get_info(dev, &s_info);
> >> + if (ret) {
> >> + dev_err(dev, "Failed to get info from ELE.\n");
> >> + return ret;
> >> + }
> >> +
> >> + /* Get IMEM state, if 0xFE then import IMEM */
> >> + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> >> + /* IMPORT command will restore IMEM from the given
> >> + * address, here size is the actual size returned by ELE
> >> + * during the export operation
> >> + */
> >> + ret = ele_service_swap(dev,
> >> + priv->imem.phyaddr,
> >> + priv->imem.size,
> >> + ELE_IMEM_IMPORT);
> >> + if (ret) {
> >> + dev_err(dev, "Failed to import IMEM\n");
> >> + goto exit;
> >> + }
> >> + } else
> >> + goto exit;
> >> +
> >> + /* After importing IMEM, check if IMEM state is equal to 0xCA
> >> + * to ensure IMEM is fully loaded and
> >> + * ELE functionality can be used.
> >> + */
> >> + ret = ele_get_info(dev, &s_info);
> >> + if (ret) {
> >> + dev_err(dev, "Failed to get info from ELE.\n");
> >> + goto exit;
> >> + }
> >> +
> >> + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> >> + dev_info(dev, "Successfully restored IMEM\n");
> >> + else
> >> + dev_err(dev, "Failed to restore IMEM\n");
> >> +
> >> +exit:
> >> + return ret;
> >> +}
> >> diff --git a/drivers/firmware/imx/ele_common.h
> b/drivers/firmware/imx/ele_common.h
> >> new file mode 100644
> >> index 000000000000..6e3a2114bb56
> >> --- /dev/null
> >> +++ b/drivers/firmware/imx/ele_common.h
> >> @@ -0,0 +1,43 @@
> >> +/* SPDX-License-Identifier: GPL-2.0+ */
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +
> >> +#ifndef __ELE_COMMON_H__
> >> +#define __ELE_COMMON_H__
> >> +
> >> +#include "se_ctrl.h"
> >> +
> >> +#define IMX_ELE_FW_DIR "imx/ele/"
> >> +
> >> +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> >> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> >> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> >> + void *tx_msg, int tx_msg_sz);
> >> +int imx_ele_msg_rcv(struct se_if_priv *priv);
> >> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> >> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> >> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> >> +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> >> + u8 msg_id, u8 sz, bool is_base_api);
> >> +
> >> +/* Fill a command message header with a given command ID and length
> in bytes. */
> >> +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> >> + struct se_msg_hdr *hdr,
> >> + u8 cmd,
> >> + u32 len,
> >> + bool is_base_api)
> >> +{
> >> + hdr->tag = priv->cmd_tag;
> >> + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> >> + hdr->command = cmd;
> >> + hdr->size = len >> 2;
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +int se_save_imem_state(struct device *dev);
> >> +int se_restore_imem_state(struct device *dev);
> >> +
> >> +#endif /*__ELE_COMMON_H__ */
> >> diff --git a/drivers/firmware/imx/se_ctrl.c
> b/drivers/firmware/imx/se_ctrl.c
> >> new file mode 100644
> >> index 000000000000..11c5eaa7353f
> >> --- /dev/null
> >> +++ b/drivers/firmware/imx/se_ctrl.c
> >> @@ -0,0 +1,1339 @@
> >> +// SPDX-License-Identifier: GPL-2.0+
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +#include <linux/completion.h>
> >> +#include <linux/delay.h>
> >> +#include <linux/dev_printk.h>
> >> +#include <linux/dma-mapping.h>
> >> +#include <linux/errno.h>
> >> +#include <linux/export.h>
> >> +#include <linux/firmware.h>
> >> +#include <linux/firmware/imx/se_api.h>
> >> +#include <linux/genalloc.h>
> >> +#include <linux/init.h>
> >> +#include <linux/io.h>
> >> +#include <linux/miscdevice.h>
> >> +#include <linux/mod_devicetable.h>
> >> +#include <linux/module.h>
> >> +#include <linux/of_platform.h>
> >> +#include <linux/of_reserved_mem.h>
> >> +#include <linux/platform_device.h>
> >> +#include <linux/slab.h>
> >> +#include <linux/string.h>
> >> +#include <linux/sys_soc.h>
> >> +#include <uapi/linux/se_ioctl.h>
> >> +
> >> +#include "ele_base_msg.h"
> >> +#include "ele_common.h"
> >> +#include "se_ctrl.h"
> >> +
> >> +#define RESERVED_DMA_POOL BIT(1)
> >> +
> >> +struct imx_se_node_info {
> >> + u8 se_if_id;
> >> + u8 se_if_did;
> >> + u8 max_dev_ctx;
> >> + u8 cmd_tag;
> >> + u8 rsp_tag;
> >> + u8 success_tag;
> >> + u8 base_api_ver;
> >> + u8 fw_api_ver;
> >> + u8 *se_name;
> >> + u8 *mbox_tx_name;
> >> + u8 *mbox_rx_name;
> >> + u8 *pool_name;
> >> + u8 *fw_name_in_rfs;
> >> + bool soc_register;
> >> + bool reserved_dma_ranges;
> >> + bool imem_mgmt;
> >> +};
> >> +
> >> +struct imx_se_node_info_list {
> >> + u8 num_mu;
> >> + u16 soc_id;
> >> + u16 soc_rev;
> >> + struct imx_se_node_info info[];
> >> +};
> >> +
> >> +static const struct imx_se_node_info_list imx8ulp_info = {
> >> + .num_mu = 1,
> >> + .soc_id = SOC_ID_OF_IMX8ULP,
> >> + .info = {
> >> + {
> >> + .se_if_id = 2,
> >> + .se_if_did = 7,
> >> + .max_dev_ctx = 4,
> >> + .cmd_tag = 0x17,
> >> + .rsp_tag = 0xe1,
> >> + .success_tag = 0xd6,
> >> + .base_api_ver = MESSAGING_VERSION_6,
> >> + .fw_api_ver = MESSAGING_VERSION_7,
> >> + .se_name = "hsm1",
> >> + .mbox_tx_name = "tx",
> >> + .mbox_rx_name = "rx",
> >> + .pool_name = "sram",
> >> + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> >> + "mx8ulpa2ext-ahab-container.img",
> >> + .soc_register = true,
> >> + .reserved_dma_ranges = true,
> >> + .imem_mgmt = true,
> >> + },
> >> + },
> >> +};
> >> +
> >> +static const struct imx_se_node_info_list imx93_info = {
> >> + .num_mu = 1,
> >> + .soc_id = SOC_ID_OF_IMX93,
> >> + .info = {
> >> + {
> >> + .se_if_id = 2,
> >> + .se_if_did = 3,
> >> + .max_dev_ctx = 4,
> >> + .cmd_tag = 0x17,
> >> + .rsp_tag = 0xe1,
> >> + .success_tag = 0xd6,
> >> + .base_api_ver = MESSAGING_VERSION_6,
> >> + .fw_api_ver = MESSAGING_VERSION_7,
> >> + .se_name = "hsm1",
> >> + .mbox_tx_name = "tx",
> >> + .mbox_rx_name = "rx",
> >> + .reserved_dma_ranges = true,
> >> + .imem_mgmt = true,
> >> + .soc_register = true,
> >> + },
> >> + },
> >> +};
> >> +
> >> +static const struct of_device_id se_match[] = {
> >> + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
> >> + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> >> + {},
> >> +};
> >> +
> >> +static struct imx_se_node_info
> >> + *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
> >> + const u32 idx)
> >> +{
> >> + if (idx < 0 || idx > info_list->num_mu)
> >> + return NULL;
> >> +
> >> + return &info_list->info[idx];
> >> +}
> >> +
> >> +void *get_phy_buf_mem_pool(struct device *dev,
> >> + u8 *mem_pool_name,
> >> + dma_addr_t *buf,
> >> + u32 size)
> >> +{
> >> + struct device_node *of_node = dev->of_node;
> >> + struct gen_pool *mem_pool;
> >> +
> >> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> >> + if (!mem_pool) {
> >> + dev_err(dev,
> >> + "Unable to get sram pool = %s\n",
> >> + mem_pool_name);
> >> + return 0;
> >> + }
> >> +
> >> + return gen_pool_dma_alloc(mem_pool, size, buf);
> >> +}
> >> +
> >> +void free_phybuf_mem_pool(struct device *dev,
> >> + u8 *mem_pool_name,
> >> + u32 *buf,
> >> + u32 size)
> >> +{
> >> + struct device_node *of_node = dev->of_node;
> >> + struct gen_pool *mem_pool;
> >> +
> >> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> >> + if (!mem_pool)
> >> + dev_err(dev,
> >> + "%s: Failed: Unable to get sram pool.\n",
> >> + __func__);
> >> +
> >> + gen_pool_free(mem_pool, (u64)buf, size);
> >> +}
> >> +
> >> +static int imx_fetch_soc_info(struct device *dev)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + struct imx_se_node_info_list *info_list;
> >> + const struct imx_se_node_info *info;
> >> + struct soc_device_attribute *attr;
> >> + struct soc_device *sdev;
> >> + struct soc_info s_info;
> >> + int err = 0;
> >> +
> >> + info = priv->info;
> >> + info_list = (struct imx_se_node_info_list *)
> >> + device_get_match_data(dev->parent);
> >> + if (info_list->soc_rev)
> >> + return err;
> >> +
> >> + err = ele_get_info(dev, &s_info);
> >> + if (err)
> >> + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> >> +
> >> + info_list->soc_rev = s_info.soc_rev;
> >> +
> >> + if (!info->soc_register)
> >> + return 0;
> >> +
> >> + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> >> + if (!attr)
> >> + return -ENOMEM;
> >> +
> >> + if (s_info.minor_ver)
> >> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> >> + s_info.major_ver,
> >> + s_info.minor_ver);
> >> + else
> >> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> >> + s_info.major_ver);
> >> +
> >> + switch (s_info.soc_id) {
> >> + case SOC_ID_OF_IMX8ULP:
> >> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> >> + "i.MX8ULP");
> >> + break;
> >> + case SOC_ID_OF_IMX93:
> >> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> >> + "i.MX93");
> >> + break;
> >> + }
> >> +
> >> + err = of_property_read_string(of_root, "model",
> >> + &attr->machine);
> >> + if (err) {
> >> + devm_kfree(dev, attr);
> >> + return -EINVAL;
> >> + }
> >> + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> >> +
> >> + attr->serial_number
> >> + = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
> >> +
> >> + sdev = soc_device_register(attr);
> >> + if (IS_ERR(sdev)) {
> >> + devm_kfree(dev, attr->soc_id);
> >> + devm_kfree(dev, attr->serial_number);
> >> + devm_kfree(dev, attr->revision);
> >> + devm_kfree(dev, attr->family);
> >> + devm_kfree(dev, attr->machine);
> >> + devm_kfree(dev, attr);
> >> + return PTR_ERR(sdev);
> >> + }
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +/*
> >> + * File operations for user-space
> >> + */
> >> +
> >> +/* Write a message to the MU. */
> >> +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> >> + size_t size, loff_t *ppos)
> >> +{
> >> + struct se_api_msg *tx_msg __free(kfree);
> >> + struct se_if_device_ctx *dev_ctx;
> >> + struct se_if_priv *priv;
> >> + int err;
> >> +
> >> + dev_ctx = container_of(fp->private_data,
> >> + struct se_if_device_ctx,
> >> + miscdev);
> >> + priv = dev_ctx->priv;
> >> + dev_dbg(priv->dev,
> >> + "%s: write from buf (%p)%zu, ppos=%lld\n",
> >> + dev_ctx->miscdev.name,
> >> + buf, size, ((ppos) ? *ppos : 0));
> >> +
> >> + if (down_interruptible(&dev_ctx->fops_lock))
> >> + return -EBUSY;
> >> +
> >> + if (dev_ctx->status != MU_OPENED) {
> >> + err = -EINVAL;
> >> + goto exit;
> >> + }
> >> +
> >> + if (size < SE_MU_HDR_SZ) {
> >> + dev_err(priv->dev,
> >> + "%s: User buffer too small(%zu < %d)\n",
> >> + dev_ctx->miscdev.name,
> >> + size, SE_MU_HDR_SZ);
> >> + err = -ENOSPC;
> >> + goto exit;
> >> + }
> >> +
> >> + tx_msg = memdup_user((void __user *)ppos, size);
> >> + if (!tx_msg) {
> >> + err = -ENOMEM;
> >> + goto exit;
> >> + }
> >> +
> >> + /* Copy data to buffer */
> >> + if (copy_from_user(tx_msg, buf, size)) {
> >> + err = -EFAULT;
> >> + dev_err(priv->dev,
> >> + "%s: Fail copy message from user\n",
> >> + dev_ctx->miscdev.name);
> >> + goto exit;
> >> + }
> >> +
> >> + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> >> + tx_msg, size, false);
> >> +
> >> + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> >> +
> >> +exit:
> >> + up(&dev_ctx->fops_lock);
> >> + return err;
> >> +}
> >> +
> >> +/*
> >> + * Read a message from the MU.
> >> + * Blocking until a message is available.
> >> + */
> >> +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> >> + size_t size, loff_t *ppos)
> >> +{
> >> + struct se_if_device_ctx *dev_ctx;
> >> + struct se_buf_desc *b_desc;
> >> + struct se_if_priv *priv;
> >> + u32 size_to_copy;
> >> + int err;
> >> +
> >> + dev_ctx = container_of(fp->private_data,
> >> + struct se_if_device_ctx,
> >> + miscdev);
> >> + priv = dev_ctx->priv;
> >> + dev_dbg(priv->dev,
> >> + "%s: read to buf %p(%zu), ppos=%lld\n",
> >> + dev_ctx->miscdev.name,
> >> + buf, size, ((ppos) ? *ppos : 0));
> >> +
> >> + if (down_interruptible(&dev_ctx->fops_lock))
> >> + return -EBUSY;
> >> +
> >> + if (dev_ctx->status != MU_OPENED) {
> >> + err = -EINVAL;
> >> + goto exit;
> >> + }
> >> +
> >> + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> >> + if (err)
> >> + goto exit;
> >> +
> >> + /* Buffer containing the message from FW, is
> >> + * allocated in callback function.
> >> + * Check if buffer allocation failed.
> >> + */
> >> + if (!dev_ctx->temp_resp) {
> >> + err = -ENOMEM;
> >> + goto exit;
> >> + }
> >> +
> >> + dev_dbg(priv->dev,
> >> + "%s: %s %s\n",
> >> + dev_ctx->miscdev.name,
> >> + __func__,
> >> + "message received, start transmit to user");
> >> +
> >> + /*
> >> + * Check that the size passed as argument is larger than
> >> + * the one carried in the message.
> >> + */
> >> + size_to_copy = dev_ctx->temp_resp_size << 2;
> >> + if (size_to_copy > size) {
> >> + dev_dbg(priv->dev,
> >> + "%s: User buffer too small (%zu < %d)\n",
> >> + dev_ctx->miscdev.name,
> >> + size, size_to_copy);
> >> + size_to_copy = size;
> >> + }
> >> +
> >> + /*
> >> + * We may need to copy the output data to user before
> >> + * delivering the completion message.
> >> + */
> >> + while (!list_empty(&dev_ctx->pending_out)) {
> >> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> >> + struct se_buf_desc,
> >> + link);
> >> + if (!b_desc)
> >> + continue;
> >> +
> >> + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> >> +
> >> + dev_dbg(priv->dev,
> >> + "%s: Copy output data to user\n",
> >> + dev_ctx->miscdev.name);
> >> + if (copy_to_user(b_desc->usr_buf_ptr,
> >> + b_desc->shared_buf_ptr,
> >> + b_desc->size)) {
> >> + dev_err(priv->dev,
> >> + "%s: Failure copying output data to user.",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> + }
> >> +
> >> + if (b_desc->shared_buf_ptr)
> >> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> >> +
> >> + __list_del_entry(&b_desc->link);
> >> + kfree(b_desc);
> >> + }
> >> +
> >> + /* Copy data from the buffer */
> >> + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> >> + dev_ctx->temp_resp, size_to_copy, false);
> >> + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> >> + dev_err(priv->dev,
> >> + "%s: Failed to copy to user\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> +
> >> + err = size_to_copy;
> >> + kfree(dev_ctx->temp_resp);
> >> +
> >> + /* free memory allocated on the shared buffers. */
> >> + dev_ctx->secure_mem.pos = 0;
> >> + dev_ctx->non_secure_mem.pos = 0;
> >> +
> >> + dev_ctx->pending_hdr = 0;
> >> +
> >> +exit:
> >> + /*
> >> + * Clean the used Shared Memory space,
> >> + * whether its Input Data copied from user buffers, or
> >> + * Data received from FW.
> >> + */
> >> + while (!list_empty(&dev_ctx->pending_in) ||
> >> + !list_empty(&dev_ctx->pending_out)) {
> >> + if (!list_empty(&dev_ctx->pending_in))
> >> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> >> + struct se_buf_desc,
> >> + link);
> >> + else
> >> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> >> + struct se_buf_desc,
> >> + link);
> >> +
> >> + if (!b_desc)
> >> + continue;
> >> +
> >> + if (b_desc->shared_buf_ptr)
> >> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> >> +
> >> + __list_del_entry(&b_desc->link);
> >> + kfree(b_desc);
> >> + }
> >> +
> >> + up(&dev_ctx->fops_lock);
> >> + return err;
> >> +}
> >> +
> >> +/* Give access to EdgeLock Enclave, to the memory we want to share */
> >> +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> >> + u64 addr, u32 len)
> >> +{
> >> + /* Assuming EdgeLock Enclave has access to all the memory regions */
> >> + int ret = 0;
> >> +
> >> + if (ret) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> >> + goto exit;
> >> + }
> >> +
> >> + if (ret) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Fail set permission for resource\n",
> >> + dev_ctx->miscdev.name);
> >> + goto exit;
> >> + }
> >> +
> >> +exit:
> >> + return ret;
> >> +}
> >> +
> >> +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> >> + u64 arg)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> >> + struct imx_se_node_info *if_node_info;
> >> + struct se_ioctl_get_if_info info;
> >> + int err = 0;
> >> +
> >> + if_node_info = (struct imx_se_node_info *)priv->info;
> >> +
> >> + info.se_if_id = if_node_info->se_if_id;
> >> + info.interrupt_idx = 0;
> >> + info.tz = 0;
> >> + info.did = if_node_info->se_if_did;
> >> + info.cmd_tag = if_node_info->cmd_tag;
> >> + info.rsp_tag = if_node_info->rsp_tag;
> >> + info.success_tag = if_node_info->success_tag;
> >> + info.base_api_ver = if_node_info->base_api_ver;
> >> + info.fw_api_ver = if_node_info->fw_api_ver;
> >> +
> >> + dev_dbg(priv->dev,
> >> + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> >> + dev_ctx->miscdev.name,
> >> + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> >> +
> >> + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed to copy mu info to user\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> +
> >> +exit:
> >> + return err;
> >> +}
> >> +
> >> +/*
> >> + * Copy a buffer of data to/from the user and return the address to use in
> >> + * messages
> >> + */
> >> +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> >> + u64 arg)
> >> +{
> >> + struct se_ioctl_setup_iobuf io = {0};
> >> + struct se_shared_mem *shared_mem;
> >> + struct se_buf_desc *b_desc;
> >> + int err = 0;
> >> + u32 pos;
> >> +
> >> + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed copy iobuf config from user\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> +
> >> + dev_dbg(dev_ctx->priv->dev,
> >> + "%s: io [buf: %p(%d) flag: %x]\n",
> >> + dev_ctx->miscdev.name,
> >> + io.user_buf, io.length, io.flags);
> >> +
> >> + if (io.length == 0 || !io.user_buf) {
> >> + /*
> >> + * Accept NULL pointers since some buffers are optional
> >> + * in FW commands. In this case we should return 0 as
> >> + * pointer to be embedded into the message.
> >> + * Skip all data copy part of code below.
> >> + */
> >> + io.ele_addr = 0;
> >> + goto copy;
> >> + }
> >> +
> >> + /* Select the shared memory to be used for this buffer. */
> >> + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> >> + /* App requires to use secure memory for this buffer.*/
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed allocate SEC MEM memory\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + } else {
> >> + /* No specific requirement for this buffer. */
> >> + shared_mem = &dev_ctx->non_secure_mem;
> >> + }
> >> +
> >> + /* Check there is enough space in the shared memory. */
> >> + if (shared_mem->size < shared_mem->pos
> >> + || io.length >= shared_mem->size - shared_mem->pos) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Not enough space in shared memory\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -ENOMEM;
> >> + goto exit;
> >> + }
> >> +
> >> + /* Allocate space in shared memory. 8 bytes aligned. */
> >> + pos = shared_mem->pos;
> >> + shared_mem->pos += round_up(io.length, 8u);
> >> + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> >> +
> >> + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> >> + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> >> + /*Add base address to get full address.*/
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed allocate SEC MEM memory\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> +
> >> + memset(shared_mem->ptr + pos, 0, io.length);
> >> + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> >> + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> >> + /*
> >> + * buffer is input:
> >> + * copy data from user space to this allocated buffer.
> >> + */
> >> + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> >> + io.length)) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed copy data to shared memory\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> + }
> >> +
> >> + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> >> + if (!b_desc) {
> >> + err = -ENOMEM;
> >> + goto exit;
> >> + }
> >> +
> >> +copy:
> >> + /* Provide the EdgeLock Enclave address to user space only if
> success.*/
> >> + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed to copy iobuff setup to user\n",
> >> + dev_ctx->miscdev.name);
> >> + kfree(b_desc);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> +
> >> + if (b_desc) {
> >> + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> >> + b_desc->usr_buf_ptr = io.user_buf;
> >> + b_desc->size = io.length;
> >> +
> >> + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> >> + /*
> >> + * buffer is input:
> >> + * add an entry in the "pending input buffers" list so
> >> + * that copied data can be cleaned from shared memory
> >> + * later.
> >> + */
> >> + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> >> + } else {
> >> + /*
> >> + * buffer is output:
> >> + * add an entry in the "pending out buffers" list so data
> >> + * can be copied to user space when receiving Secure-Enclave
> >> + * response.
> >> + */
> >> + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> >> + }
> >> + }
> >> +
> >> +exit:
> >> + return err;
> >> +}
> >> +
> >> +/* IOCTL to provide SoC information */
> >> +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx
> *dev_ctx,
> >> + u64 arg)
> >> +{
> >> + struct imx_se_node_info_list *info_list;
> >> + struct se_ioctl_get_soc_info soc_info;
> >> + int err = -EINVAL;
> >> +
> >> + info_list = (struct imx_se_node_info_list *)
> >> + device_get_match_data(dev_ctx->priv->dev->parent);
> >> + if (!info_list)
> >> + goto exit;
> >> +
> >> + soc_info.soc_id = info_list->soc_id;
> >> + soc_info.soc_rev = info_list->soc_rev;
> >> +
> >> + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> >> + if (err) {
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed to copy soc info to user\n",
> >> + dev_ctx->miscdev.name);
> >> + err = -EFAULT;
> >> + goto exit;
> >> + }
> >> +
> >> +exit:
> >> + return err;
> >> +}
> >> +
> >> +/* Open a character device. */
> >> +static int se_if_fops_open(struct inode *nd, struct file *fp)
> >> +{
> >> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> >> + struct se_if_device_ctx,
> >> + miscdev);
> >> + int err;
> >> +
> >> + /* Avoid race if opened at the same time */
> >> + if (down_trylock(&dev_ctx->fops_lock))
> >> + return -EBUSY;
> >> +
> >> + /* Authorize only 1 instance. */
> >> + if (dev_ctx->status != MU_FREE) {
> >> + err = -EBUSY;
> >> + goto exit;
> >> + }
> >> +
> >> + /*
> >> + * Allocate some memory for data exchanges with S40x.
> >> + * This will be used for data not requiring secure memory.
> >> + */
> >> + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
> >> + MAX_DATA_SIZE_PER_USER,
> >> + &dev_ctx->non_secure_mem.dma_addr,
> >> + GFP_KERNEL);
> >> + if (!dev_ctx->non_secure_mem.ptr) {
> >> + err = -ENOMEM;
> >> + goto exit;
> >> + }
> >> +
> >> + err = se_if_setup_se_mem_access(dev_ctx,
> >> + dev_ctx->non_secure_mem.dma_addr,
> >> + MAX_DATA_SIZE_PER_USER);
> >> + if (err) {
> >> + err = -EPERM;
> >> + dev_err(dev_ctx->priv->dev,
> >> + "%s: Failed to share access to shared memory\n",
> >> + dev_ctx->miscdev.name);
> >> + goto free_coherent;
> >> + }
> >> +
> >> + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> >> + dev_ctx->non_secure_mem.pos = 0;
> >> + dev_ctx->status = MU_OPENED;
> >> +
> >> + dev_ctx->pending_hdr = 0;
> >> +
> >> + goto exit;
> >> +
> >> +free_coherent:
> >> + dmam_free_coherent(dev_ctx->priv->dev,
> MAX_DATA_SIZE_PER_USER,
> >> + dev_ctx->non_secure_mem.ptr,
> >> + dev_ctx->non_secure_mem.dma_addr);
> >> +
> >> +exit:
> >> + up(&dev_ctx->fops_lock);
> >> + return err;
> >> +}
> >> +
> >> +/* Close a character device. */
> >> +static int se_if_fops_close(struct inode *nd, struct file *fp)
> >> +{
> >> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> >> + struct se_if_device_ctx,
> >> + miscdev);
> >> + struct se_if_priv *priv = dev_ctx->priv;
> >> + struct se_buf_desc *b_desc;
> >> +
> >> + /* Avoid race if closed at the same time */
> >> + if (down_trylock(&dev_ctx->fops_lock))
> >> + return -EBUSY;
> >> +
> >> + /* The device context has not been opened */
> >> + if (dev_ctx->status != MU_OPENED)
> >> + goto exit;
> >> +
> >> + /* check if this device was registered as command receiver. */
> >> + if (priv->cmd_receiver_dev == dev_ctx)
> >> + priv->cmd_receiver_dev = NULL;
> >> +
> >> + /* check if this device was registered as waiting response. */
> >> + if (priv->waiting_rsp_dev == dev_ctx) {
> >> + priv->waiting_rsp_dev = NULL;
> >> + mutex_unlock(&priv->se_if_cmd_lock);
> >> + }
> >> +
> >> + /* Unmap secure memory shared buffer. */
> >> + if (dev_ctx->secure_mem.ptr)
> >> + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> >> +
> >> + dev_ctx->secure_mem.ptr = NULL;
> >> + dev_ctx->secure_mem.dma_addr = 0;
> >> + dev_ctx->secure_mem.size = 0;
> >> + dev_ctx->secure_mem.pos = 0;
> >> +
> >> + /* Free non-secure shared buffer. */
> >> + dmam_free_coherent(dev_ctx->priv->dev,
> MAX_DATA_SIZE_PER_USER,
> >> + dev_ctx->non_secure_mem.ptr,
> >> + dev_ctx->non_secure_mem.dma_addr);
> >> +
> >> + dev_ctx->non_secure_mem.ptr = NULL;
> >> + dev_ctx->non_secure_mem.dma_addr = 0;
> >> + dev_ctx->non_secure_mem.size = 0;
> >> + dev_ctx->non_secure_mem.pos = 0;
> >> +
> >> + while (!list_empty(&dev_ctx->pending_in) ||
> >> + !list_empty(&dev_ctx->pending_out)) {
> >> + if (!list_empty(&dev_ctx->pending_in))
> >> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> >> + struct se_buf_desc,
> >> + link);
> >> + else
> >> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> >> + struct se_buf_desc,
> >> + link);
> >> +
> >> + if (!b_desc)
> >> + continue;
> >> +
> >> + if (b_desc->shared_buf_ptr)
> >> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> >> +
> >> + __list_del_entry(&b_desc->link);
> >> + devm_kfree(dev_ctx->dev, b_desc);
> >> + }
> >> +
> >> + dev_ctx->status = MU_FREE;
> >> +
> >> +exit:
> >> + up(&dev_ctx->fops_lock);
> >> + return 0;
> >> +}
> >> +
> >> +/* IOCTL entry point of a character device */
> >> +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> >> +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> >> +{
> >> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> >> + struct se_if_device_ctx,
> >> + miscdev);
> >> + struct se_if_priv *se_if_priv = dev_ctx->priv;
> >> + int err = -EINVAL;
> >> +
> >> + /* Prevent race during change of device context */
> >> + if (down_interruptible(&dev_ctx->fops_lock))
> >> + return -EBUSY;
> >> +
> >> + switch (cmd) {
> >> + case SE_IOCTL_ENABLE_CMD_RCV:
> >> + if (!se_if_priv->cmd_receiver_dev) {
> >> + se_if_priv->cmd_receiver_dev = dev_ctx;
> >> + err = 0;
> >> + }
> >> + break;
> >> + case SE_IOCTL_GET_MU_INFO:
> >> + err = se_ioctl_get_mu_info(dev_ctx, arg);
> >> + break;
> >> + case SE_IOCTL_SETUP_IOBUF:
> >> + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> >> + break;
> >> + case SE_IOCTL_GET_SOC_INFO:
> >> + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> >> + break;
> >> +
> >> + default:
> >> + err = -EINVAL;
> >> + dev_dbg(se_if_priv->dev,
> >> + "%s: IOCTL %.8x not supported\n",
> >> + dev_ctx->miscdev.name,
> >> + cmd);
> >> + }
> >> +
> >> + up(&dev_ctx->fops_lock);
> >> + return (long)err;
> >> +}
> >> +
> >> +/* Char driver setup */
> >> +static const struct file_operations se_if_fops = {
> >> + .open = se_if_fops_open,
> >> + .owner = THIS_MODULE,
> >> + .release = se_if_fops_close,
> >> + .unlocked_ioctl = se_ioctl,
> >> + .read = se_if_fops_read,
> >> + .write = se_if_fops_write,
> >> +};
> >> +
> >> +/* interface for managed res to free a mailbox channel */
> >> +static void if_mbox_free_channel(void *mbox_chan)
> >> +{
> >> + mbox_free_channel(mbox_chan);
> >> +}
> >> +
> >> +/* interface for managed res to unregister a character device */
> >> +static void if_misc_deregister(void *miscdevice)
> >> +{
> >> + misc_deregister(miscdevice);
> >> +}
> >> +
> >> +static int se_if_request_channel(struct device *dev,
> >> + struct mbox_chan **chan,
> >> + struct mbox_client *cl,
> >> + const u8 *name)
> >> +{
> >> + struct mbox_chan *t_chan;
> >> + int ret = 0;
> >> +
> >> + t_chan = mbox_request_channel_byname(cl, name);
> >> + if (IS_ERR(t_chan)) {
> >> + ret = PTR_ERR(t_chan);
> >> + if (ret != -EPROBE_DEFER)
> >> + dev_err(dev,
> >> + "Failed to request chan %s ret %d\n", name,
> >> + ret);
> >> + goto exit;
> >> + }
> >> +
> >> + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> >> + if (ret) {
> >> + dev_err(dev, "failed to add devm removal of mbox %s\n", name);
> >> + goto exit;
> >> + }
> >> +
> >> + *chan = t_chan;
> >> +
> >> +exit:
> >> + return ret;
> >> +}
> >> +
> >> +static int se_probe_if_cleanup(struct platform_device *pdev)
> >> +{
> >> + struct device *dev = &pdev->dev;
> >> + struct se_if_priv *priv;
> >> + int ret = 0;
> >> + int i;
> >> +
> >> + priv = dev_get_drvdata(dev);
> >> + if (!priv) {
> >> + ret = 0;
> >> + dev_dbg(dev, "SE-MU Priv data is NULL;");
> >> + return ret;
> >> + }
> >> +
> >> + if (priv->tx_chan)
> >> + mbox_free_channel(priv->tx_chan);
> >> + if (priv->rx_chan)
> >> + mbox_free_channel(priv->rx_chan);
> >> +
> >> + /* free the buffer in se remove, previously allocated
> >> + * in se probe to store encrypted IMEM
> >> + */
> >> + if (priv->imem.buf) {
> >> + dmam_free_coherent(dev,
> >> + ELE_IMEM_SIZE,
> >> + priv->imem.buf,
> >> + priv->imem.phyaddr);
> >> + priv->imem.buf = NULL;
> >> + }
> >> +
> >> + if (priv->ctxs) {
> >> + for (i = 0; i < priv->max_dev_ctx; i++) {
> >> + if (priv->ctxs[i]) {
> >> + devm_remove_action(dev,
> >> + if_misc_deregister,
> >> + &priv->ctxs[i]->miscdev);
> >> + misc_deregister(&priv->ctxs[i]->miscdev);
> >> + devm_kfree(dev, priv->ctxs[i]);
> >> + }
> >> + }
> >> + devm_kfree(dev, priv->ctxs);
> >> + }
> >> +
> >> + if (priv->flags & RESERVED_DMA_POOL) {
> >> + of_reserved_mem_device_release(dev);
> >> + priv->flags &= (~RESERVED_DMA_POOL);
> >> + }
> >> +
> >> + devm_kfree(dev, priv);
> >> + of_node_put(dev->of_node);
> >> + of_platform_device_destroy(dev, NULL);
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +static int se_probe_cleanup(struct platform_device *pdev)
> >> +{
> >> + struct device *dev = &pdev->dev;
> >> + struct device_node *if_dn;
> >> +
> >> + /* Enumerate se-interface device nodes. */
> >> + for_each_child_of_node(dev->of_node, if_dn) {
> >> + struct platform_device *if_pdev
> >> + = of_find_device_by_node(if_dn);
> >> + if (se_probe_if_cleanup(if_pdev))
> >> + dev_err(dev,
> >> + "Failed to clean-up child node probe.\n");
> >> + }
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +static int init_device_context(struct device *dev)
> >> +{
> >> + const struct imx_se_node_info *info;
> >> + struct se_if_device_ctx *dev_ctx;
> >> + struct se_if_priv *priv;
> >> + u8 *devname;
> >> + int ret = 0;
> >> + int i;
> >> +
> >> + priv = dev_get_drvdata(dev);
> >> +
> >> + if (!priv) {
> >> + ret = -EINVAL;
> >> + dev_err(dev, "Invalid SE-MU Priv data");
> >> + return ret;
> >> + }
> >> + info = priv->info;
> >> +
> >> + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> >> + GFP_KERNEL);
> >> +
> >> + if (!priv->ctxs) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + /* Create users */
> >> + for (i = 0; i < priv->max_dev_ctx; i++) {
> >> + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> >> + if (!dev_ctx) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + dev_ctx->dev = dev;
> >> + dev_ctx->status = MU_FREE;
> >> + dev_ctx->priv = priv;
> >> +
> >> + priv->ctxs[i] = dev_ctx;
> >> +
> >> + /* Default value invalid for an header. */
> >> + init_waitqueue_head(&dev_ctx->wq);
> >> +
> >> + INIT_LIST_HEAD(&dev_ctx->pending_out);
> >> + INIT_LIST_HEAD(&dev_ctx->pending_in);
> >> + sema_init(&dev_ctx->fops_lock, 1);
> >> +
> >> + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> >> + info->se_name, i);
> >> + if (!devname) {
> >> + ret = -ENOMEM;
> >> + return ret;
> >> + }
> >> +
> >> + dev_ctx->miscdev.name = devname;
> >> + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> >> + dev_ctx->miscdev.fops = &se_if_fops;
> >> + dev_ctx->miscdev.parent = dev;
> >> + ret = misc_register(&dev_ctx->miscdev);
> >> + if (ret) {
> >> + dev_err(dev, "failed to register misc device %d\n",
> >> + ret);
> >> + return ret;
> >> + }
> >> +
> >> + ret = devm_add_action(dev, if_misc_deregister,
> >> + &dev_ctx->miscdev);
> >> + if (ret) {
> >> + dev_err(dev,
> >> + "failed[%d] to add action to the misc-dev\n",
> >> + ret);
> >> + return ret;
> >> + }
> >> + }
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +static void se_load_firmware(const struct firmware *fw, void *context)
> >> +{
> >> + struct se_if_priv *priv = (struct se_if_priv *) context;
> >> + const struct imx_se_node_info *info = priv->info;
> >> + const u8 *se_fw_name = info->fw_name_in_rfs;
> >> + phys_addr_t se_fw_phyaddr;
> >> + u8 *se_fw_buf;
> >> +
> >> + if (!fw) {
> >> + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> >> + dev_dbg(priv->dev,
> >> + "External FW not found, using ROM FW.\n");
> >> + else {
> >> + /*add a bit delay to wait for firmware priv released */
> >> + msleep(20);
> >> +
> >> + /* Load firmware one more time if timeout */
> >> + request_firmware_nowait(THIS_MODULE,
> >> + FW_ACTION_UEVENT, info->fw_name_in_rfs,
> >> + priv->dev, GFP_KERNEL, priv,
> >> + se_load_firmware);
> >> + priv->fw_fail++;
> >> + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> >> + priv->fw_fail);
> >> + }
> >> +
> >> + return;
> >> + }
> >> +
> >> + /* allocate buffer to store the SE FW */
> >> + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> >> + &se_fw_phyaddr,
> >> + GFP_KERNEL);
> >> + if (!se_fw_buf) {
> >> + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> >> + goto exit;
> >> + }
> >> +
> >> + memcpy(se_fw_buf, fw->data, fw->size);
> >> +
> >> + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> >> + dev_err(priv->dev,
> >> + "Failed to authenticate & load SE firmware %s.\n",
> >> + se_fw_name);
> >> +
> >> +exit:
> >> + dmam_free_coherent(priv->dev,
> >> + fw->size,
> >> + se_fw_buf,
> >> + se_fw_phyaddr);
> >> +
> >> + release_firmware(fw);
> >> +}
> >> +
> >> +static int se_if_probe(struct platform_device *pdev)
> >> +{
> >> + struct imx_se_node_info_list *info_list;
> >> + struct device *dev = &pdev->dev;
> >> + struct imx_se_node_info *info;
> >> + struct se_if_priv *priv;
> >> + u32 idx;
> >> + int ret;
> >> +
> >> + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> >> + ret = -EINVAL;
> >> + goto exit;
> >> + }
> >> +
> >> + info_list = (struct imx_se_node_info_list *)
> >> + device_get_match_data(dev->parent);
> >> + info = get_imx_se_node_info(info_list, idx);
> >> +
> >> + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> >> + if (!priv) {
> >> + ret = -ENOMEM;
> >> + goto exit;
> >> + }
> >> +
> >> + dev_set_drvdata(dev, priv);
> >> +
> >> + /* Mailbox client configuration */
> >> + priv->se_mb_cl.dev = dev;
> >> + priv->se_mb_cl.tx_block = false;
> >> + priv->se_mb_cl.knows_txdone = true;
> >> + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> >> +
> >> + ret = se_if_request_channel(dev, &priv->tx_chan,
> >> + &priv->se_mb_cl, info->mbox_tx_name);
> >> + if (ret) {
> >> + if (ret == -EPROBE_DEFER)
> >> + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> >> + else
> >> + dev_err(dev, "Failed to request tx channel\n");
> >> +
> >> + goto exit;
> >> + }
> >> +
> >> + ret = se_if_request_channel(dev, &priv->rx_chan,
> >> + &priv->se_mb_cl, info->mbox_rx_name);
> >> + if (ret) {
> >> + if (ret == -EPROBE_DEFER)
> >> + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> >> + else
> >> + dev_dbg(dev, "Failed to request rx channel\n");
> >> +
> >> + goto exit;
> >> + }
> >> +
> >> + priv->dev = dev;
> >> + priv->info = info;
> >> +
> >> + /* Initialize the mutex. */
> >> + mutex_init(&priv->se_if_lock);
> >> + mutex_init(&priv->se_if_cmd_lock);
> >> +
> >> + priv->cmd_receiver_dev = NULL;
> >> + priv->waiting_rsp_dev = NULL;
> >> + priv->max_dev_ctx = info->max_dev_ctx;
> >> + priv->cmd_tag = info->cmd_tag;
> >> + priv->rsp_tag = info->rsp_tag;
> >> + priv->mem_pool_name = info->pool_name;
> >> + priv->success_tag = info->success_tag;
> >> + priv->base_api_ver = info->base_api_ver;
> >> + priv->fw_api_ver = info->fw_api_ver;
> >> +
> >> + init_completion(&priv->done);
> >> + spin_lock_init(&priv->lock);
> >> +
> >> + if (info->reserved_dma_ranges) {
> >> + ret = of_reserved_mem_device_init(dev);
> >> + if (ret) {
> >> + dev_err(dev,
> >> + "failed to init reserved memory region %d\n",
> >> + ret);
> >> + priv->flags &= (~RESERVED_DMA_POOL);
> >> + goto exit;
> >> + }
> >> + priv->flags |= RESERVED_DMA_POOL;
> >> + }
> >> +
> >> + if (info->fw_name_in_rfs) {
> >> + ret = request_firmware_nowait(THIS_MODULE,
> >> + FW_ACTION_UEVENT,
> >> + info->fw_name_in_rfs,
> >> + dev, GFP_KERNEL, priv,
> >> + se_load_firmware);
> >> + if (ret)
> >> + dev_warn(dev, "Failed to get firmware [%s].\n",
> >> + info->fw_name_in_rfs);
> >> + }
> >> +
> >> + ret = imx_fetch_soc_info(dev);
> >> + if (ret) {
> >> + dev_err(dev,
> >> + "failed[%d] to fetch SoC Info\n", ret);
> >> + goto exit;
> >> + }
> >> +
> >> + if (info->imem_mgmt) {
> >> + /* allocate buffer where SE store encrypted IMEM */
> >> + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
> >> + &priv->imem.phyaddr,
> >> + GFP_KERNEL);
> >> + if (!priv->imem.buf) {
> >> + dev_err(dev,
> >> + "dmam-alloc-failed: To store encr-IMEM.\n");
> >> + ret = -ENOMEM;
> >> + goto exit;
> >> + }
> >> + }
> >> +
> >> + if (info->max_dev_ctx) {
> >> + ret = init_device_context(dev);
> >> + if (ret) {
> >> + dev_err(dev,
> >> + "Failed[0x%x] to create device contexts.\n",
> >> + ret);
> >> + goto exit;
> >> + }
> >> + }
> >> +
> >> + dev_info(dev, "i.MX secure-enclave: %s interface to firmware,
> configured.\n",
> >> + info->se_name);
> >> + return devm_of_platform_populate(dev);
> >> +
> >> +exit:
> >> + /* if execution control reaches here, if probe fails.
> >> + * hence doing the cleanup
> >> + */
> >> + if (se_probe_if_cleanup(pdev))
> >> + dev_err(dev,
> >> + "Failed to clean-up the child node probe.\n");
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +static int se_probe(struct platform_device *pdev)
> >> +{
> >> + struct device_node *enum_dev_node;
> >> + struct device *dev = &pdev->dev;
> >> + int enum_count;
> >> + int ret;
> >> +
> >> + enum_count = of_get_child_count(dev->of_node);
> >> + if (!enum_count) {
> >> + ret = -EINVAL;
> >> + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> >> + return ret;
> >> + }
> >> +
> >> + for_each_child_of_node(dev->of_node, enum_dev_node) {
> >> + struct platform_device *enum_plat_dev __maybe_unused;
> >> +
> >> + if (!of_device_is_available(enum_dev_node))
> >> + continue;
> >> +
> >> + enum_plat_dev = of_platform_device_create(enum_dev_node,
> >> + NULL,
> >> + dev);
> >> + if (!enum_plat_dev) {
> >> + ret = -EINVAL;
> >> + of_node_put(enum_dev_node);
> >> + dev_err(dev,
> >> + "Failed to create enumerated platform device.");
> >> + break;
> >> + }
> >> +
> >> + ret = se_if_probe(enum_plat_dev);
> >> + }
> >> + return ret;
> >> +}
> >> +
> >> +static int se_remove(struct platform_device *pdev)
> >> +{
> >> + if (se_probe_cleanup(pdev))
> >> + dev_err(&pdev->dev,
> >> + "i.MX Secure Enclave is not cleanly un-probed.");
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +static int se_suspend(struct device *dev)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + const struct imx_se_node_info *info
> >> + = priv->info;
> >> +
> >> + if (info && info->imem_mgmt)
> >> + priv->imem.size = se_save_imem_state(dev);
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +static int se_resume(struct device *dev)
> >> +{
> >> + struct se_if_priv *priv = dev_get_drvdata(dev);
> >> + const struct imx_se_node_info *info
> >> + = priv->info;
> >> + int i;
> >> +
> >> + for (i = 0; i < priv->max_dev_ctx; i++)
> >> + wake_up_interruptible(&priv->ctxs[i]->wq);
> >> +
> >> + if (info && info->imem_mgmt)
> >> + se_restore_imem_state(dev);
> >> +
> >> + return 0;
> >> +}
> >> +
> >> +static const struct dev_pm_ops se_pm = {
> >> + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> >> +};
> >> +
> >> +static struct platform_driver se_driver = {
> >> + .driver = {
> >> + .name = "fsl-se-fw",
> >> + .of_match_table = se_match,
> >> + .pm = &se_pm,
> >> + },
> >> + .probe = se_probe,
> >> + .remove = se_remove,
> >> +};
> >> +MODULE_DEVICE_TABLE(of, se_match);
> >> +
> >> +module_platform_driver(se_driver);
> >> +
> >> +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> >> +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> >> +MODULE_LICENSE("GPL");
> >> diff --git a/drivers/firmware/imx/se_ctrl.h
> b/drivers/firmware/imx/se_ctrl.h
> >> new file mode 100644
> >> index 000000000000..76e1ce77c52f
> >> --- /dev/null
> >> +++ b/drivers/firmware/imx/se_ctrl.h
> >> @@ -0,0 +1,151 @@
> >> +/* SPDX-License-Identifier: GPL-2.0+ */
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +#ifndef SE_MU_H
> >> +#define SE_MU_H
> >> +
> >> +#include <linux/miscdevice.h>
> >> +#include <linux/semaphore.h>
> >> +#include <linux/mailbox_client.h>
> >> +
> >> +#define MAX_FW_LOAD_RETRIES 50
> >> +
> >> +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> >> +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> >> +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> >> +#define MSG_VER(x) ((x) & 0x000000ff)
> >> +#define RES_STATUS(x) ((x) & 0x000000ff)
> >> +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> >> +#define S4_DEFAULT_MUAP_INDEX (2)
> >> +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> >> +#define MESSAGING_VERSION_6 0x6
> >> +#define MESSAGING_VERSION_7 0x7
> >> +
> >> +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> >> +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> >> +
> >> +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> >> +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> >> +
> >> +struct se_imem_buf {
> >> + u8 *buf;
> >> + phys_addr_t phyaddr;
> >> + u32 size;
> >> +};
> >> +
> >> +struct se_buf_desc {
> >> + u8 *shared_buf_ptr;
> >> + u8 *usr_buf_ptr;
> >> + u32 size;
> >> + struct list_head link;
> >> +};
> >> +
> >> +/* Status of a char device */
> >> +enum se_if_dev_ctx_status_t {
> >> + MU_FREE,
> >> + MU_OPENED
> >> +};
> >> +
> >> +struct se_shared_mem {
> >> + dma_addr_t dma_addr;
> >> + u32 size;
> >> + u32 pos;
> >> + u8 *ptr;
> >> +};
> >> +
> >> +/* Private struct for each char device instance. */
> >> +struct se_if_device_ctx {
> >> + struct device *dev;
> >> + struct se_if_priv *priv;
> >> + struct miscdevice miscdev;
> >> +
> >> + enum se_if_dev_ctx_status_t status;
> >> + wait_queue_head_t wq;
> >> + struct semaphore fops_lock;
> >> +
> >> + u32 pending_hdr;
> >> + struct list_head pending_in;
> >> + struct list_head pending_out;
> >> +
> >> + struct se_shared_mem secure_mem;
> >> + struct se_shared_mem non_secure_mem;
> >> +
> >> + u32 *temp_resp;
> >> + u32 temp_resp_size;
> >> + struct notifier_block se_notify;
> >> +};
> >> +
> >> +/* Header of the messages exchange with the EdgeLock Enclave */
> >> +struct se_msg_hdr {
> >> + u8 ver;
> >> + u8 size;
> >> + u8 command;
> >> + u8 tag;
> >> +} __packed;
> >> +
> >> +#define SE_MU_HDR_SZ 4
> >> +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> >> +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> >> +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> >> +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> >> +
> >> +struct se_api_msg {
> >> + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> >> + u32 *data;
> >> +};
> >> +
> >> +struct se_if_priv {
> >> + struct se_if_device_ctx *cmd_receiver_dev;
> >> + struct se_if_device_ctx *waiting_rsp_dev;
> >> + bool no_dev_ctx_used;
> >> + /*
> >> + * prevent parallel access to the se interface registers
> >> + * e.g. a user trying to send a command while the other one is
> >> + * sending a response.
> >> + */
> >> + struct mutex se_if_lock;
> >> + /*
> >> + * prevent a command to be sent on the se interface while another one
> is
> >> + * still processing. (response to a command is allowed)
> >> + */
> >> + struct mutex se_if_cmd_lock;
> >> + struct device *dev;
> >> + u8 *mem_pool_name;
> >> + u8 cmd_tag;
> >> + u8 rsp_tag;
> >> + u8 success_tag;
> >> + u8 base_api_ver;
> >> + u8 fw_api_ver;
> >> + u32 fw_fail;
> >> + const void *info;
> >> +
> >> + struct mbox_client se_mb_cl;
> >> + struct mbox_chan *tx_chan, *rx_chan;
> >> + struct se_api_msg *rx_msg;
> >> + struct completion done;
> >> + spinlock_t lock;
> >> + /*
> >> + * Flag to retain the state of initialization done at
> >> + * the time of se-mu probe.
> >> + */
> >> + uint32_t flags;
> >> + u8 max_dev_ctx;
> >> + struct se_if_device_ctx **ctxs;
> >> + struct se_imem_buf imem;
> >> +};
> >> +
> >> +void *get_phy_buf_mem_pool(struct device *dev,
> >> + u8 *mem_pool_name,
> >> + dma_addr_t *buf,
> >> + u32 size);
> >> +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> >> + u8 *mem_pool_name,
> >> + u32 **buf,
> >> + u32 size);
> >> +void free_phybuf_mem_pool(struct device *dev,
> >> + u8 *mem_pool_name,
> >> + u32 *buf,
> >> + u32 size);
> >> +#endif
> >> diff --git a/include/linux/firmware/imx/se_api.h
> b/include/linux/firmware/imx/se_api.h
> >> new file mode 100644
> >> index 000000000000..c47f84906837
> >> --- /dev/null
> >> +++ b/include/linux/firmware/imx/se_api.h
> >> @@ -0,0 +1,14 @@
> >> +/* SPDX-License-Identifier: GPL-2.0+ */
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +#ifndef __SE_API_H__
> >> +#define __SE_API_H__
> >> +
> >> +#include <linux/types.h>
> >> +
> >> +#define SOC_ID_OF_IMX8ULP 0x084D
> >> +#define SOC_ID_OF_IMX93 0x9300
> >> +
> >> +#endif /* __SE_API_H__ */
> >> diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> >> new file mode 100644
> >> index 000000000000..f68a36e9da2c
> >> --- /dev/null
> >> +++ b/include/uapi/linux/se_ioctl.h
> >> @@ -0,0 +1,88 @@
> >> +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-
> Clause*/
> >> +/*
> >> + * Copyright 2024 NXP
> >> + */
> >> +
> >> +#ifndef SE_IOCTL_H
> >> +#define SE_IOCTL_H
> >> +
> >> +/* IOCTL definitions. */
> >> +
> >> +struct se_ioctl_setup_iobuf {
> >> + u8 *user_buf;
> >> + u32 length;
> >> + u32 flags;
> >> + u64 ele_addr;
> >> +};
> >> +
> >> +struct se_ioctl_shared_mem_cfg {
> >> + u32 base_offset;
> >> + u32 size;
> >> +};
> >> +
> >> +struct se_ioctl_get_if_info {
> >> + u8 se_if_id;
> >> + u8 interrupt_idx;
> >> + u8 tz;
> >> + u8 did;
> >> + u8 cmd_tag;
> >> + u8 rsp_tag;
> >> + u8 success_tag;
> >> + u8 base_api_ver;
> >> + u8 fw_api_ver;
> >> +};
> >> +
> >> +struct se_ioctl_signed_message {
> >> + u8 *message;
> >> + u32 msg_size;
> >> + u32 error_code;
> >> +};
> >> +
> >> +struct se_ioctl_get_soc_info {
> >> + u16 soc_id;
> >> + u16 soc_rev;
> >> +};
> >> +
> >> +/* IO Buffer Flags */
> >> +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> >> +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> >> +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> >> +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> >> +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> >> +
> >> +/* IOCTLS */
> >> +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> >> +
> >> +/*
> >> + * ioctl to designated the current fd as logical-reciever.
> >> + * This is ioctl is send when the nvm-daemon, a slave to the
> >> + * firmware is started by the user.
> >> + */
> >> +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> >> +
> >> +/*
> >> + * ioctl to get the buffer allocated from the memory, which is shared
> >> + * between kernel and FW.
> >> + * Post allocation, the kernel tagged the allocated memory with:
> >> + * Output
> >> + * Input
> >> + * Input-Output
> >> + * Short address
> >> + * Secure-memory
> >> + */
> >> +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> >> + struct se_ioctl_setup_iobuf)
> >> +
> >> +/*
> >> + * ioctl to get the mu information, that is used to exchange message
> >> + * with FW, from user-spaced.
> >> + */
> >> +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> >> + struct se_ioctl_get_if_info)
> >> +/*
> >> + * ioctl to get SoC Info from user-space.
> >> + */
> >> +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> >> + struct se_ioctl_get_soc_info)
> >> +
> >> +#endif
> >>
> >> --
> >> 2.34.1
> >>
> >
> > _______________________________________________
> > linux-arm-kernel mailing list
> > [email protected]
> >
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-
> 3A__lists.infradead.org_mailman_listinfo_linux-2Darm-
> 2Dkernel%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3DV_
> GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DeKFfdy51aVVEAe4I9Lk2CN77y_4Hxf2pI_9fv5pVWLo9DwQNgC
> pca6smAwvwFycf%26s%3D187NgAc1LvHOnaB90o76OtTVe5J2eG-
> Y6Xgp05PQpBY%26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C1
> 11dd89e61f149b5f7e708dc71290348%7C686ea1d3bc2b4c6fa92cd99c5c3016
> 35%7C0%7C0%7C638509668202255142%7CUnknown%7CTWFpbGZsb3d8eyJ
> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%
> 7C0%7C%7C%7C&sdata=sgoXx408lERnChy2nfitsuD8MiGHh%2FN2gTk9cdzqd
> 9w%3D&reserved=0


2024-05-13 10:55:02

by Marc Kleine-Budde

[permalink] [raw]
Subject: Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

On 10.05.2024 18:57:30, Pankaj Gupta wrote:
> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> are embedded in the SoC to support the features like HSM, SHE & V2X,
> using message based communication interface.
>
> The secure enclave FW communicates on a dedicated messaging unit(MU)
> based interface(s) with application core, where kernel is running.
> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
>
> This patch adds the driver for communication interface to secure-enclave,
> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
> both from:
> - User-Space Applications via character driver.
> - Kernel-space, used by kernel management layers like DM-Crypt.
>
> ABI documentation for the NXP secure-enclave driver.

Can you add the user space misc dev in a different patch?

>
> User-space library using this driver:
> - i.MX Secure Enclave library:
> -- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
> - i.MX Secure Middle-Ware:
> -- URL: https://github.com/nxp-imx/imx-smw.git
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> Documentation/ABI/testing/se-cdev | 42 ++
> drivers/firmware/imx/Kconfig | 12 +
> drivers/firmware/imx/Makefile | 2 +
> drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> drivers/firmware/imx/ele_base_msg.h | 70 ++
> drivers/firmware/imx/ele_common.c | 341 +++++++++
> drivers/firmware/imx/ele_common.h | 43 ++
> drivers/firmware/imx/se_ctrl.c | 1339 +++++++++++++++++++++++++++++++++++
> drivers/firmware/imx/se_ctrl.h | 151 ++++
> include/linux/firmware/imx/se_api.h | 14 +
> include/uapi/linux/se_ioctl.h | 88 +++
> 11 files changed, 2389 insertions(+)
>
> diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
> new file mode 100644
> index 000000000000..699525af6b86
> --- /dev/null
> +++ b/Documentation/ABI/testing/se-cdev
> @@ -0,0 +1,42 @@
> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> +Date: May 2024
> +KernelVersion: 6.8
> +Contact: [email protected], [email protected]
> +Description:
> + NXP offers multiple hardware IP(s) for secure-enclaves like EdgeLock-
> + Enclave(ELE), SECO. The character device file-descriptors
> + /dev/<se>_mu*_ch* are the interface between user-space NXP's secure-
> + enclave shared-library and the kernel driver.
> +
> + The ioctl(2)-based ABI is defined and documented in
> + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> + ioctl(s) are used primarily for:
> + - shared memory management
> + - allocation of I/O buffers
> + - get mu info
> + - setting a dev-ctx as receiver that is slave to fw
> + - get SoC info
> +
> + The following file operations are supported:
> +
> + open(2)
> + Currently the only useful flags are O_RDWR.
> +
> + read(2)
> + Every read() from the opened character device context is waiting on
> + wakeup_intruptible, that gets set by the registered mailbox callback
> + function; indicating a message received from the firmware on message-
> + unit.
> +
> + write(2)
> + Every write() to the opened character device context needs to acquire
> + mailbox_lock, before sending message on to the message unit.
> +
> + close(2)
> + Stops and free up the I/O contexts that was associated
> + with the file descriptor.
> +
> +Users: https://github.com/nxp-imx/imx-secure-enclave.git,
> + https://github.com/nxp-imx/imx-smw.git
> + crypto/skcipher,
> + drivers/nvmem/imx-ocotp-ele.c
> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> index 183613f82a11..56bdca9bd917 100644
> --- a/drivers/firmware/imx/Kconfig
> +++ b/drivers/firmware/imx/Kconfig
> @@ -22,3 +22,15 @@ config IMX_SCU
>
> This driver manages the IPC interface between host CPU and the
> SCU firmware running on M4.
> +
> +config IMX_SEC_ENCLAVE
> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
> + depends on IMX_MBOX && ARCH_MXC && ARM64
> + default m if ARCH_MXC
> +
> + help
> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
> + Unit. This driver exposes these interfaces via a set of file descriptors
> + allowing to configure shared memory, send and receive messages.
> diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
> index 8f9f04a513a8..aa9033e0e9e3 100644
> --- a/drivers/firmware/imx/Makefile
> +++ b/drivers/firmware/imx/Makefile
> @@ -1,3 +1,5 @@
> # SPDX-License-Identifier: GPL-2.0
> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
> new file mode 100644
> index 000000000000..0463f26d93c7
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.c
> @@ -0,0 +1,287 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/types.h>
> +#include <linux/completion.h>
> +#include <linux/dma-mapping.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + phys_addr_t get_info_addr;
> + u32 *get_info_data;
> + u32 status;
> + int ret;
> +
> + if (!priv || !s_info)
> + goto exit;

You should code properly, so that this doesn't happen, your cleanup is
broken, it will work on uninitialized data, as Sascha already mentioned.

> +
> + memset(s_info, 0x0, sizeof(*s_info));
> +
> + if (priv->mem_pool_name)
> + get_info_data = get_phy_buf_mem_pool(dev,
> + priv->mem_pool_name,
> + &get_info_addr,
> + ELE_GET_INFO_BUFF_SZ);
> + else
> + get_info_data = dmam_alloc_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + &get_info_addr,
> + GFP_KERNEL);

It's better style to move the init of the dma memory into the probe
function.

> + if (!get_info_data) {
> + ret = -ENOMEM;
> + dev_err(dev,
> + "%s: Failed to allocate get_info_addr.\n",
> + __func__);
> + goto exit;
> + }
> +
> + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
^^^^^^^^^^^^^^^^^^^^^^^

Is ELE_GET_INFO_REQ_MSG_SZ is in multiple of u32?

> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_REQ_MSG_SZ,

Here you feed in ELE_GET_INFO_REQ_MSG_SZ and in plat_fill_cmd_msg_hdr()
you use "len >> 2". This look quite strange to me. Better use length in
bytes everywhere.

> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = upper_32_bits(get_info_addr);
> + tx_msg->data[1] = lower_32_bits(get_info_addr);
> + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;

Can you use a proper struct for this. Sascha has already commented on
the null pointer here.

> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);

This API looks strange, why put the tx_msg as a parameter the rx_msg
into the private struct?

> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
^^
single space
> + priv->rx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);

use FIELD_GET()

> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_GET_INFO_REQ, status);
> + ret = -1;
> + }
> +
> + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> + & ELE_IMEM_STATE_MASK) >> 16;

can you use a struct for get_info_data and use FIELD_GET() (if needed)

> + s_info->major_ver = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 24;
> + s_info->minor_ver = ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16) & 0xFF;
> + s_info->soc_rev = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16;
> + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_ID_MASK;
> + s_info->serial_num
> + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] << 32
> + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];

The "|" goes to the end of the previous line.

> +exit:
> + if (get_info_addr) {
> + if (priv->mem_pool_name)
> + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> + get_info_data, ELE_GET_INFO_BUFF_SZ);
> + else
> + dmam_free_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + get_info_data,
> + get_info_addr);
> + }
> +
> + return ret;
> +}
> +
> +int ele_ping(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_PING_REQ, ELE_PING_REQ_SZ,
> + true);
> + if (ret) {
> + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> + goto exit;
> + }
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_PING_REQ,
> + ELE_PING_RSP_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_PING_REQ, status);
> + ret = -1;
> + }
> +exit:
> + return ret;
> +}
> +
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = flag;
> + tx_msg->data[1] = addr_size;
> + tx_msg->data[2] = ELE_NONE_VAL;
> + tx_msg->data[3] = lower_32_bits(addr);
> + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_SERVICE_SWAP_REQ, status);
> + ret = -1;
> + } else {
> + if (flag == ELE_IMEM_EXPORT)
> + ret = priv->rx_msg->data[1];
> + else
> + ret = 0;
> + }
> +exit:
> +
> + return ret;
> +}
> +
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_REQ_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = addr;
> + tx_msg->data[1] = 0x0;
> + tx_msg->data[2] = addr;
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_FW_AUTH_REQ, status);
> + ret = -1;
> + }
> +exit:
> +
> + return ret;
> +}
> diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h
> new file mode 100644
> index 000000000000..3b3d2bf04a84
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.h
> @@ -0,0 +1,70 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + *
> + * Header file for the EdgeLock Enclave Base API(s).
> + */
> +
> +#ifndef ELE_BASE_MSG_H
> +#define ELE_BASE_MSG_H
> +
> +#include <linux/device.h>
> +#include <linux/types.h>
> +
> +#define WORD_SZ 4
> +#define ELE_NONE_VAL 0x0
> +
> +#define ELE_SUCCESS_IND 0xD6
> +
> +#define ELE_GET_INFO_REQ 0xDA
> +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> +
> +#define ELE_GET_INFO_BUFF_SZ 0x100
> +#define ELE_GET_INFO_READ_SZ 0xA0
> +
> +#define DEFAULT_IMX_SOC_VER 0xA0
> +#define SOC_VER_MASK 0xFFFF0000
> +#define SOC_ID_MASK 0x0000FFFF
> +struct soc_info {
> + u32 imem_state;
> + u8 major_ver;
> + u8 minor_ver;
> + u16 soc_id;
> + u16 soc_rev;
> + u64 serial_num;
> +};
> +
> +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> +#define GET_INFO_UUID_WORD_OFFSET 3
> +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> + (GET_INFO_UUID_WORD_OFFSET + 3)
> +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> + (GET_INFO_UUID_WORD_OFFSET + 0)
> +
> +#define ELE_PING_REQ 0x01
> +#define ELE_PING_REQ_SZ 0x04
> +#define ELE_PING_RSP_SZ 0x08
> +
> +#define ELE_SERVICE_SWAP_REQ 0xDF
> +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> +#define ELE_IMEM_SIZE 0x10000
> +#define ELE_IMEM_STATE_OK 0xCA
> +#define ELE_IMEM_STATE_BAD 0xFE
> +#define ELE_IMEM_STATE_WORD 0x27
> +#define ELE_IMEM_STATE_MASK 0x00ff0000
> +#define ELE_IMEM_EXPORT 0x1
> +#define ELE_IMEM_IMPORT 0x2
> +
> +#define ELE_FW_AUTH_REQ 0x02
> +#define ELE_FW_AUTH_REQ_SZ 0x10
> +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info);
> +int ele_ping(struct device *dev);
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag);
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> +#endif
> diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
> new file mode 100644
> index 000000000000..dcf7f9034653
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_common.c
> @@ -0,0 +1,341 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> +{
> + u32 nb_words = msg_len / (u32)sizeof(u32);
> + u32 crc = 0;
> + u32 i;
> +
> + for (i = 0; i < nb_words - 1; i++)
> + crc ^= *(msg + i);
> +
> + return crc;
> +}
> +
> +int imx_ele_msg_rcv(struct se_if_priv *priv)
> +{
> + u32 wait;
> + int err;
> +
> + wait = msecs_to_jiffies(1000);
> + if (!wait_for_completion_timeout(&priv->done, wait)) {
> + dev_err(priv->dev,
> + "Error: wait_for_completion timed out.\n");
> + err = -ETIMEDOUT;
> + }
> +
> + mutex_unlock(&priv->se_if_cmd_lock);
> + priv->no_dev_ctx_used = false;
> +
> + return err;
> +}
> +
> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> +{
> + bool is_cmd_lock_tobe_taken = false;
> + int err;
> +
> + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> + is_cmd_lock_tobe_taken = true;
> + mutex_lock(&priv->se_if_cmd_lock);
> + }
> + scoped_guard(mutex, &priv->se_if_lock);
> +
> + err = mbox_send_message(priv->tx_chan, mssg);
> + if (err < 0) {
> + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> + if (is_cmd_lock_tobe_taken)
> + mutex_unlock(&priv->se_if_cmd_lock);

Only dropping the lock in case of failure doesn't look right to me. It
seems you should better move the lock to the callers of this function.

> + return err;
> + }
> + err = 0;
> +
> + return err;
> +}
> +
> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> +{
> + int err;
> +
> + priv->no_dev_ctx_used = true;
> + err = imx_ele_msg_send(priv, mssg);
> + if (err)
> + goto exit;
> +
> + err = imx_ele_msg_rcv(priv);
> +
> +exit:
> + return err;
> +}
> +
> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> +{
> + struct se_msg_hdr header = {0};
> + int err;
> +
> + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
> + if (err)
> + dev_err(dev_ctx->dev,
> + "%s: Err[0x%x]:Interrupted by signal.\n",
> + dev_ctx->miscdev.name, err);
> +
> + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> +
> + if (header.tag == dev_ctx->priv->rsp_tag)
> + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> +
> + return err;
> +}
> +
> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz)
> +{
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_msg_hdr header = {0};
> + int err;
> +
> + header = *((struct se_msg_hdr *) tx_msg);
> +
> + /*
> + * Check that the size passed as argument matches the size
> + * carried in the message.
> + */
> + err = header.size << 2;
> +
> + if (err != tx_msg_sz) {
> + err = -EINVAL;
> + dev_err(priv->dev,
> + "%s: User buffer too small\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> + /* Check the message is valid according to tags */
> + if (header.tag == priv->cmd_tag)
> + priv->waiting_rsp_dev = dev_ctx;
> + else if (header.tag == priv->rsp_tag) {
> + /* Check the device context can send the command */
> + if (dev_ctx != priv->cmd_receiver_dev) {
> + dev_err(priv->dev,
> + "%s: Channel not configured to send resp to FW.",
> + dev_ctx->miscdev.name);
> + err = -EPERM;
> + goto exit;
> + }
> + } else {
> + dev_err(priv->dev,
> + "%s: The message does not have a valid TAG\n",
> + dev_ctx->miscdev.name);
> + err = -EINVAL;
> + goto exit;
> + }
> + err = imx_ele_msg_send(priv, tx_msg);
> +exit:
> + return err;
> +}
> +
> +/*
> + * Callback called by mailbox FW, when data is received.
> + */
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> +{
> + struct device *dev = mbox_cl->dev;
> + struct se_if_device_ctx *dev_ctx;
> + struct se_api_msg *rx_msg;
> + bool is_response = false;
> + struct se_if_priv *priv;
> + struct se_msg_hdr header;
> +
> + priv = dev_get_drvdata(dev);
> + if (!priv) {
> + dev_err(dev, "SE-MU Priv data is NULL;");
> + return;
> + }

If you code you probe and cleanup functions correctly, this should not
happen.

> +
> + /* The function can be called with NULL msg */
> + if (!msg) {
> + dev_err(dev, "Message is invalid\n");
> + return;
> + }
> +
> + header.tag = ((u8 *)msg)[TAG_OFFSET];
> + header.command = ((u8 *)msg)[CMD_OFFSET];
> + header.size = ((u8 *)msg)[SZ_OFFSET];
> + header.ver = ((u8 *)msg)[VER_OFFSET];

Use a proper struct and FIELD_GET() if needed

> +
> + /* Incoming command: wake up the receiver if any. */
> + if (header.tag == priv->cmd_tag) {
> + dev_dbg(dev, "Selecting cmd receiver\n");
> + dev_ctx = priv->cmd_receiver_dev;
> + } else if (header.tag == priv->rsp_tag) {
> + if (priv->waiting_rsp_dev) {
> + dev_dbg(dev, "Selecting rsp waiter\n");
> + dev_ctx = priv->waiting_rsp_dev;
> + is_response = true;
> + } else {
> + /*
> + * Reading the EdgeLock Enclave response
> + * to the command, sent by other
> + * linux kernel services.
> + */
> + spin_lock(&priv->lock);
> + memcpy(&priv->rx_msg, msg, header.size << 2);
> +
> + complete(&priv->done);
> + spin_unlock(&priv->lock);
> + return;
> + }
> + } else {
> + dev_err(dev, "Failed to select a device for message: %.8x\n",
> + *((u32 *) &header));
> + return;
> + }
> + /* Init reception */
> + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> + if (rx_msg)
> + memcpy(rx_msg, msg, header.size << 2);
> +
> + dev_ctx->temp_resp = (u32 *)rx_msg;
> + dev_ctx->temp_resp_size = header.size;
> +
> + /* Allow user to read */
> + dev_ctx->pending_hdr = 1;
> + wake_up_interruptible(&dev_ctx->wq);
> +
> + if (is_response)
> + priv->waiting_rsp_dev = NULL;

This looks racy to me.

> +}
> +
> +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> + uint8_t msg_id, uint8_t sz, bool is_base_api)
> +{
> + int ret = -EINVAL;
> + u32 size;
> + u32 cmd;
> + u32 tag;
> + u32 ver;
> +
> + tag = MSG_TAG(header);
> + cmd = MSG_COMMAND(header);
> + size = MSG_SIZE(header);
> + ver = MSG_VER(header);
> +
> + do {

using a do-while loop is uncommong coding style, Why not use return
instead?

> + if (tag != priv->rsp_tag) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
> + msg_id, tag, priv->rsp_tag);
> + break;
> + }
> +
> + if (cmd != msg_id) {
> + dev_err(priv->dev,
> + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
> + cmd, msg_id);
> + break;
> + }
> +
> + if (size != (sz >> 2)) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
> + msg_id, size, (sz >> 2));
> + break;
> + }
> +
> + if (is_base_api && (ver != priv->base_api_ver)) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)",
> + msg_id, ver, priv->base_api_ver);
> + break;
> + } else if (!is_base_api && ver != priv->fw_api_ver) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
> + msg_id, ver, priv->fw_api_ver);
> + break;
> + }
> +
> + ret = 0;
> +
> + } while (false);
> +
> + return ret;
> +}
> +
> +int se_save_imem_state(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + int ret;
> +
> + /* EXPORT command will save encrypted IMEM to given address,
> + * so later in resume, IMEM can be restored from the given
> + * address.
> + *
> + * Size must be at least 64 kB.
> + */
> + ret = ele_service_swap(dev,
> + priv->imem.phyaddr,
> + ELE_IMEM_SIZE,
> + ELE_IMEM_EXPORT);
> + if (ret < 0)
> + dev_err(dev, "Failed to export IMEM\n");
> + else
> + dev_info(dev,
> + "Exported %d bytes of encrypted IMEM\n",
> + ret);
> +
> + return ret;
> +}
> +
> +int se_restore_imem_state(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct soc_info s_info;
> + int ret;
> +
> + /* get info from ELE */
> + ret = ele_get_info(dev, &s_info);
> + if (ret) {
> + dev_err(dev, "Failed to get info from ELE.\n");
> + return ret;
> + }
> +
> + /* Get IMEM state, if 0xFE then import IMEM */
> + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> + /* IMPORT command will restore IMEM from the given
> + * address, here size is the actual size returned by ELE
> + * during the export operation
> + */
> + ret = ele_service_swap(dev,
> + priv->imem.phyaddr,
> + priv->imem.size,
> + ELE_IMEM_IMPORT);
> + if (ret) {
> + dev_err(dev, "Failed to import IMEM\n");
> + goto exit;
> + }
> + } else
> + goto exit;
> +
> + /* After importing IMEM, check if IMEM state is equal to 0xCA
> + * to ensure IMEM is fully loaded and
> + * ELE functionality can be used.
> + */
> + ret = ele_get_info(dev, &s_info);
> + if (ret) {
> + dev_err(dev, "Failed to get info from ELE.\n");
> + goto exit;
> + }
> +
> + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> + dev_info(dev, "Successfully restored IMEM\n");
> + else
> + dev_err(dev, "Failed to restore IMEM\n");
> +
> +exit:
> + return ret;
> +}
> diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
> new file mode 100644
> index 000000000000..6e3a2114bb56
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_common.h
> @@ -0,0 +1,43 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +
> +#ifndef __ELE_COMMON_H__
> +#define __ELE_COMMON_H__
> +
> +#include "se_ctrl.h"
> +
> +#define IMX_ELE_FW_DIR "imx/ele/"
> +
> +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz);
> +int imx_ele_msg_rcv(struct se_if_priv *priv);
> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> + u8 msg_id, u8 sz, bool is_base_api);
> +
> +/* Fill a command message header with a given command ID and length in bytes. */
> +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> + struct se_msg_hdr *hdr,
> + u8 cmd,
> + u32 len,
> + bool is_base_api)
> +{
> + hdr->tag = priv->cmd_tag;
> + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> + hdr->command = cmd;
> + hdr->size = len >> 2;
> +
> + return 0;
> +}
> +
> +int se_save_imem_state(struct device *dev);
> +int se_restore_imem_state(struct device *dev);
> +
> +#endif /*__ELE_COMMON_H__ */
> diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
> new file mode 100644
> index 000000000000..11c5eaa7353f
> --- /dev/null
> +++ b/drivers/firmware/imx/se_ctrl.c
> @@ -0,0 +1,1339 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/completion.h>
> +#include <linux/delay.h>
> +#include <linux/dev_printk.h>
> +#include <linux/dma-mapping.h>
> +#include <linux/errno.h>
> +#include <linux/export.h>
> +#include <linux/firmware.h>
> +#include <linux/firmware/imx/se_api.h>
> +#include <linux/genalloc.h>
> +#include <linux/init.h>
> +#include <linux/io.h>
> +#include <linux/miscdevice.h>
> +#include <linux/mod_devicetable.h>
> +#include <linux/module.h>
> +#include <linux/of_platform.h>
> +#include <linux/of_reserved_mem.h>
> +#include <linux/platform_device.h>
> +#include <linux/slab.h>
> +#include <linux/string.h>
> +#include <linux/sys_soc.h>
> +#include <uapi/linux/se_ioctl.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +#include "se_ctrl.h"
> +
> +#define RESERVED_DMA_POOL BIT(1)

BIT(0)?

> +
> +struct imx_se_node_info {
> + u8 se_if_id;
> + u8 se_if_did;
> + u8 max_dev_ctx;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> + u8 *se_name;
> + u8 *mbox_tx_name;
> + u8 *mbox_rx_name;
> + u8 *pool_name;
> + u8 *fw_name_in_rfs;
> + bool soc_register;
> + bool reserved_dma_ranges;
> + bool imem_mgmt;
> +};
> +
> +struct imx_se_node_info_list {
> + u8 num_mu;
> + u16 soc_id;
> + u16 soc_rev;
> + struct imx_se_node_info info[];
> +};
> +
> +static const struct imx_se_node_info_list imx8ulp_info = {
> + .num_mu = 1,
> + .soc_id = SOC_ID_OF_IMX8ULP,
> + .info = {
> + {
> + .se_if_id = 2,
> + .se_if_did = 7,
> + .max_dev_ctx = 4,
> + .cmd_tag = 0x17,
> + .rsp_tag = 0xe1,
> + .success_tag = 0xd6,
> + .base_api_ver = MESSAGING_VERSION_6,
> + .fw_api_ver = MESSAGING_VERSION_7,
> + .se_name = "hsm1",
> + .mbox_tx_name = "tx",
> + .mbox_rx_name = "rx",
> + .pool_name = "sram",
> + .fw_name_in_rfs = IMX_ELE_FW_DIR\
^
not needed
> + "mx8ulpa2ext-ahab-container.img",
> + .soc_register = true,
> + .reserved_dma_ranges = true,
> + .imem_mgmt = true,
> + },
> + },
> +};
> +
> +static const struct imx_se_node_info_list imx93_info = {
> + .num_mu = 1,
> + .soc_id = SOC_ID_OF_IMX93,
> + .info = {
> + {
> + .se_if_id = 2,
> + .se_if_did = 3,
> + .max_dev_ctx = 4,
> + .cmd_tag = 0x17,
> + .rsp_tag = 0xe1,
> + .success_tag = 0xd6,
> + .base_api_ver = MESSAGING_VERSION_6,
> + .fw_api_ver = MESSAGING_VERSION_7,
> + .se_name = "hsm1",
> + .mbox_tx_name = "tx",
> + .mbox_rx_name = "rx",
> + .reserved_dma_ranges = true,
> + .imem_mgmt = true,
> + .soc_register = true,
> + },
> + },


Some (most?) members of these structs are the same. Why do you have this
abstraction if it's not needed right now?

> +};
> +
> +static const struct of_device_id se_match[] = {
> + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
^^^^^^^^ cast not needed
> + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> + {},
> +};
> +
> +static struct imx_se_node_info
> + *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
> + const u32 idx)
> +{
> + if (idx < 0 || idx > info_list->num_mu)

u32 cannot be < 0

> + return NULL;
> +
> + return &info_list->info[idx];
> +}
> +
> +void *get_phy_buf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + dma_addr_t *buf,
> + u32 size)
> +{
> + struct device_node *of_node = dev->of_node;
> + struct gen_pool *mem_pool;
> +
> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> + if (!mem_pool) {
> + dev_err(dev,
> + "Unable to get sram pool = %s\n",
> + mem_pool_name);
> + return 0;
> + }
> +
> + return gen_pool_dma_alloc(mem_pool, size, buf);
> +}
> +
> +void free_phybuf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + u32 *buf,
> + u32 size)
> +{
> + struct device_node *of_node = dev->of_node;
> + struct gen_pool *mem_pool;
> +
> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> + if (!mem_pool)
> + dev_err(dev,
> + "%s: Failed: Unable to get sram pool.\n",
> + __func__);
> +
> + gen_pool_free(mem_pool, (u64)buf, size);
> +}
> +
> +static int imx_fetch_soc_info(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct imx_se_node_info_list *info_list;
> + const struct imx_se_node_info *info;
> + struct soc_device_attribute *attr;
> + struct soc_device *sdev;
> + struct soc_info s_info;
> + int err = 0;
> +
> + info = priv->info;
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev->parent);

I think cast is not needed.

> + if (info_list->soc_rev)
> + return err;

What does this check do? You'll only get data you put in the info_list
in the first place.

> +
> + err = ele_get_info(dev, &s_info);
> + if (err)
> + s_info.major_ver = DEFAULT_IMX_SOC_VER;

Why continue here in case of error?

> +
> + info_list->soc_rev = s_info.soc_rev;
> +
> + if (!info->soc_register)
> + return 0;
> +
> + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> + if (!attr)
> + return -ENOMEM;
> +
> + if (s_info.minor_ver)
> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> + s_info.major_ver,
> + s_info.minor_ver);
> + else
> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> + s_info.major_ver);
> +
> + switch (s_info.soc_id) {
> + case SOC_ID_OF_IMX8ULP:
> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> + "i.MX8ULP");
> + break;
> + case SOC_ID_OF_IMX93:
> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> + "i.MX93");
> + break;
> + }
> +
> + err = of_property_read_string(of_root, "model",
> + &attr->machine);
> + if (err) {
> + devm_kfree(dev, attr);

Why do you do a manual cleanup of devm managed resources? Same applies
to the other devm managed resources, too.

> + return -EINVAL;
> + }
> + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> +
> + attr->serial_number
> + = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
> +
> + sdev = soc_device_register(attr);
> + if (IS_ERR(sdev)) {
> + devm_kfree(dev, attr->soc_id);
> + devm_kfree(dev, attr->serial_number);
> + devm_kfree(dev, attr->revision);
> + devm_kfree(dev, attr->family);
> + devm_kfree(dev, attr->machine);
> + devm_kfree(dev, attr);
> + return PTR_ERR(sdev);
> + }
> +
> + return 0;
> +}
> +
> +/*
> + * File operations for user-space
> + */
> +
> +/* Write a message to the MU. */
> +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_if_device_ctx *dev_ctx;
> + struct se_if_priv *priv;
> + int err;
> +
> + dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + priv = dev_ctx->priv;
> + dev_dbg(priv->dev,
> + "%s: write from buf (%p)%zu, ppos=%lld\n",
> + dev_ctx->miscdev.name,
> + buf, size, ((ppos) ? *ppos : 0));
> +
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + if (dev_ctx->status != MU_OPENED) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + if (size < SE_MU_HDR_SZ) {
> + dev_err(priv->dev,
> + "%s: User buffer too small(%zu < %d)\n",
> + dev_ctx->miscdev.name,
> + size, SE_MU_HDR_SZ);
> + err = -ENOSPC;
> + goto exit;
> + }
> +
> + tx_msg = memdup_user((void __user *)ppos, size);
> + if (!tx_msg) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Copy data to buffer */
> + if (copy_from_user(tx_msg, buf, size)) {
> + err = -EFAULT;
> + dev_err(priv->dev,
> + "%s: Fail copy message from user\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> + tx_msg, size, false);
> +
> + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/*
> + * Read a message from the MU.
> + * Blocking until a message is available.
> + */
> +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + struct se_if_device_ctx *dev_ctx;
> + struct se_buf_desc *b_desc;
> + struct se_if_priv *priv;
> + u32 size_to_copy;
> + int err;
> +
> + dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + priv = dev_ctx->priv;
> + dev_dbg(priv->dev,
> + "%s: read to buf %p(%zu), ppos=%lld\n",
> + dev_ctx->miscdev.name,
> + buf, size, ((ppos) ? *ppos : 0));
> +
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + if (dev_ctx->status != MU_OPENED) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> + if (err)
> + goto exit;
> +
> + /* Buffer containing the message from FW, is
> + * allocated in callback function.
> + * Check if buffer allocation failed.
> + */
> + if (!dev_ctx->temp_resp) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + dev_dbg(priv->dev,
> + "%s: %s %s\n",
> + dev_ctx->miscdev.name,
> + __func__,
> + "message received, start transmit to user");
> +
> + /*
> + * Check that the size passed as argument is larger than
> + * the one carried in the message.
> + */
> + size_to_copy = dev_ctx->temp_resp_size << 2;
> + if (size_to_copy > size) {
> + dev_dbg(priv->dev,
> + "%s: User buffer too small (%zu < %d)\n",
> + dev_ctx->miscdev.name,
> + size, size_to_copy);
> + size_to_copy = size;
> + }
> +
> + /*
> + * We may need to copy the output data to user before
> + * delivering the completion message.
> + */
> + while (!list_empty(&dev_ctx->pending_out)) {
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> +
> + dev_dbg(priv->dev,
> + "%s: Copy output data to user\n",
> + dev_ctx->miscdev.name);
> + if (copy_to_user(b_desc->usr_buf_ptr,
> + b_desc->shared_buf_ptr,
> + b_desc->size)) {
> + dev_err(priv->dev,
> + "%s: Failure copying output data to user.",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> + }
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + kfree(b_desc);
> + }
> +
> + /* Copy data from the buffer */
> + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> + dev_ctx->temp_resp, size_to_copy, false);
> + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> + dev_err(priv->dev,
> + "%s: Failed to copy to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + err = size_to_copy;
> + kfree(dev_ctx->temp_resp);
> +
> + /* free memory allocated on the shared buffers. */
> + dev_ctx->secure_mem.pos = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + dev_ctx->pending_hdr = 0;
> +
> +exit:
> + /*
> + * Clean the used Shared Memory space,
> + * whether its Input Data copied from user buffers, or
> + * Data received from FW.
> + */
> + while (!list_empty(&dev_ctx->pending_in) ||
> + !list_empty(&dev_ctx->pending_out)) {
> + if (!list_empty(&dev_ctx->pending_in))
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> + struct se_buf_desc,
> + link);
> + else
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> +
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + kfree(b_desc);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/* Give access to EdgeLock Enclave, to the memory we want to share */
> +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> + u64 addr, u32 len)
> +{
> + /* Assuming EdgeLock Enclave has access to all the memory regions */
> + int ret = 0;
> +
> + if (ret) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> + if (ret) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Fail set permission for resource\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> +exit:
> + return ret;
> +}
> +
> +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> + struct imx_se_node_info *if_node_info;
> + struct se_ioctl_get_if_info info;
> + int err = 0;
> +
> + if_node_info = (struct imx_se_node_info *)priv->info;
> +
> + info.se_if_id = if_node_info->se_if_id;
> + info.interrupt_idx = 0;
> + info.tz = 0;
> + info.did = if_node_info->se_if_did;
> + info.cmd_tag = if_node_info->cmd_tag;
> + info.rsp_tag = if_node_info->rsp_tag;
> + info.success_tag = if_node_info->success_tag;
> + info.base_api_ver = if_node_info->base_api_ver;
> + info.fw_api_ver = if_node_info->fw_api_ver;
> +
> + dev_dbg(priv->dev,
> + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> + dev_ctx->miscdev.name,
> + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> +
> + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy mu info to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/*
> + * Copy a buffer of data to/from the user and return the address to use in
> + * messages
> + */
> +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_ioctl_setup_iobuf io = {0};
> + struct se_shared_mem *shared_mem;
> + struct se_buf_desc *b_desc;
> + int err = 0;
> + u32 pos;
> +
> + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed copy iobuf config from user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + dev_dbg(dev_ctx->priv->dev,
> + "%s: io [buf: %p(%d) flag: %x]\n",
> + dev_ctx->miscdev.name,
> + io.user_buf, io.length, io.flags);
> +
> + if (io.length == 0 || !io.user_buf) {
> + /*
> + * Accept NULL pointers since some buffers are optional
> + * in FW commands. In this case we should return 0 as
> + * pointer to be embedded into the message.
> + * Skip all data copy part of code below.
> + */
> + io.ele_addr = 0;
> + goto copy;
> + }
> +
> + /* Select the shared memory to be used for this buffer. */
> + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> + /* App requires to use secure memory for this buffer.*/
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed allocate SEC MEM memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + } else {
> + /* No specific requirement for this buffer. */
> + shared_mem = &dev_ctx->non_secure_mem;
> + }
> +
> + /* Check there is enough space in the shared memory. */
> + if (shared_mem->size < shared_mem->pos
> + || io.length >= shared_mem->size - shared_mem->pos) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Not enough space in shared memory\n",
> + dev_ctx->miscdev.name);
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Allocate space in shared memory. 8 bytes aligned. */
> + pos = shared_mem->pos;
> + shared_mem->pos += round_up(io.length, 8u);
> + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> +
> + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> + /*Add base address to get full address.*/
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed allocate SEC MEM memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + memset(shared_mem->ptr + pos, 0, io.length);
> + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> + /*
> + * buffer is input:
> + * copy data from user space to this allocated buffer.
> + */
> + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> + io.length)) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed copy data to shared memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> + }
> +
> + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> + if (!b_desc) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> +copy:
> + /* Provide the EdgeLock Enclave address to user space only if success.*/
> + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy iobuff setup to user\n",
> + dev_ctx->miscdev.name);
> + kfree(b_desc);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + if (b_desc) {
> + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> + b_desc->usr_buf_ptr = io.user_buf;
> + b_desc->size = io.length;
> +
> + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> + /*
> + * buffer is input:
> + * add an entry in the "pending input buffers" list so
> + * that copied data can be cleaned from shared memory
> + * later.
> + */
> + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> + } else {
> + /*
> + * buffer is output:
> + * add an entry in the "pending out buffers" list so data
> + * can be copied to user space when receiving Secure-Enclave
> + * response.
> + */
> + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> + }
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/* IOCTL to provide SoC information */
> +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct imx_se_node_info_list *info_list;
> + struct se_ioctl_get_soc_info soc_info;
> + int err = -EINVAL;
> +
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev_ctx->priv->dev->parent);
> + if (!info_list)
> + goto exit;
> +
> + soc_info.soc_id = info_list->soc_id;
> + soc_info.soc_rev = info_list->soc_rev;
> +
> + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> + if (err) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy soc info to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/* Open a character device. */
> +static int se_if_fops_open(struct inode *nd, struct file *fp)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + int err;
> +
> + /* Avoid race if opened at the same time */
> + if (down_trylock(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + /* Authorize only 1 instance. */
> + if (dev_ctx->status != MU_FREE) {
> + err = -EBUSY;
> + goto exit;
> + }
> +
> + /*
> + * Allocate some memory for data exchanges with S40x.
> + * This will be used for data not requiring secure memory.
> + */
> + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
> + MAX_DATA_SIZE_PER_USER,
> + &dev_ctx->non_secure_mem.dma_addr,
> + GFP_KERNEL);
> + if (!dev_ctx->non_secure_mem.ptr) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + err = se_if_setup_se_mem_access(dev_ctx,
> + dev_ctx->non_secure_mem.dma_addr,
> + MAX_DATA_SIZE_PER_USER);
> + if (err) {
> + err = -EPERM;
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to share access to shared memory\n",
> + dev_ctx->miscdev.name);
> + goto free_coherent;
> + }
> +
> + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> + dev_ctx->non_secure_mem.pos = 0;
> + dev_ctx->status = MU_OPENED;
> +
> + dev_ctx->pending_hdr = 0;
> +
> + goto exit;
> +
> +free_coherent:
> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> + dev_ctx->non_secure_mem.ptr,
> + dev_ctx->non_secure_mem.dma_addr);
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/* Close a character device. */
> +static int se_if_fops_close(struct inode *nd, struct file *fp)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_buf_desc *b_desc;
> +
> + /* Avoid race if closed at the same time */
> + if (down_trylock(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + /* The device context has not been opened */
> + if (dev_ctx->status != MU_OPENED)
> + goto exit;
> +
> + /* check if this device was registered as command receiver. */
> + if (priv->cmd_receiver_dev == dev_ctx)
> + priv->cmd_receiver_dev = NULL;
> +
> + /* check if this device was registered as waiting response. */
> + if (priv->waiting_rsp_dev == dev_ctx) {
> + priv->waiting_rsp_dev = NULL;
> + mutex_unlock(&priv->se_if_cmd_lock);
> + }
> +
> + /* Unmap secure memory shared buffer. */
> + if (dev_ctx->secure_mem.ptr)
> + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> +
> + dev_ctx->secure_mem.ptr = NULL;
> + dev_ctx->secure_mem.dma_addr = 0;
> + dev_ctx->secure_mem.size = 0;
> + dev_ctx->secure_mem.pos = 0;
> +
> + /* Free non-secure shared buffer. */
> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> + dev_ctx->non_secure_mem.ptr,
> + dev_ctx->non_secure_mem.dma_addr);
> +
> + dev_ctx->non_secure_mem.ptr = NULL;
> + dev_ctx->non_secure_mem.dma_addr = 0;
> + dev_ctx->non_secure_mem.size = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + while (!list_empty(&dev_ctx->pending_in) ||
> + !list_empty(&dev_ctx->pending_out)) {
> + if (!list_empty(&dev_ctx->pending_in))
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> + struct se_buf_desc,
> + link);
> + else
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> +
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + devm_kfree(dev_ctx->dev, b_desc);
> + }
> +
> + dev_ctx->status = MU_FREE;
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return 0;
> +}
> +
> +/* IOCTL entry point of a character device */
> +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *se_if_priv = dev_ctx->priv;
> + int err = -EINVAL;
> +
> + /* Prevent race during change of device context */
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + switch (cmd) {
> + case SE_IOCTL_ENABLE_CMD_RCV:
> + if (!se_if_priv->cmd_receiver_dev) {
> + se_if_priv->cmd_receiver_dev = dev_ctx;
> + err = 0;
> + }
> + break;
> + case SE_IOCTL_GET_MU_INFO:
> + err = se_ioctl_get_mu_info(dev_ctx, arg);
> + break;
> + case SE_IOCTL_SETUP_IOBUF:
> + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> + break;
> + case SE_IOCTL_GET_SOC_INFO:
> + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> + break;
> +
> + default:
> + err = -EINVAL;
> + dev_dbg(se_if_priv->dev,
> + "%s: IOCTL %.8x not supported\n",
> + dev_ctx->miscdev.name,
> + cmd);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return (long)err;
> +}
> +
> +/* Char driver setup */
> +static const struct file_operations se_if_fops = {
> + .open = se_if_fops_open,
> + .owner = THIS_MODULE,
> + .release = se_if_fops_close,
> + .unlocked_ioctl = se_ioctl,
> + .read = se_if_fops_read,
> + .write = se_if_fops_write,
> +};
> +
> +/* interface for managed res to free a mailbox channel */
> +static void if_mbox_free_channel(void *mbox_chan)
> +{
> + mbox_free_channel(mbox_chan);
> +}
> +
> +/* interface for managed res to unregister a character device */
> +static void if_misc_deregister(void *miscdevice)
> +{
> + misc_deregister(miscdevice);
> +}
> +
> +static int se_if_request_channel(struct device *dev,
> + struct mbox_chan **chan,
> + struct mbox_client *cl,
> + const u8 *name)
^^

mbox_request_channel_byname() uses a "char" for the name not a u8.

> +{
> + struct mbox_chan *t_chan;
> + int ret = 0;
> +
> + t_chan = mbox_request_channel_byname(cl, name);
> + if (IS_ERR(t_chan)) {
> + ret = PTR_ERR(t_chan);
> + if (ret != -EPROBE_DEFER)
> + dev_err(dev,
> + "Failed to request chan %s ret %d\n", name,
> + ret);
> + goto exit;
> + }
> +
> + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> + if (ret) {
> + dev_err(dev, "failed to add devm removal of mbox %s\n", name);
> + goto exit;
> + }
> +
> + *chan = t_chan;
> +
> +exit:
> + return ret;
> +}
> +
> +static int se_probe_if_cleanup(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct se_if_priv *priv;
> + int ret = 0;
> + int i;
> +
> + priv = dev_get_drvdata(dev);
> + if (!priv) {
> + ret = 0;
> + dev_dbg(dev, "SE-MU Priv data is NULL;");
> + return ret;
> + }
> +
> + if (priv->tx_chan)
> + mbox_free_channel(priv->tx_chan);
> + if (priv->rx_chan)
> + mbox_free_channel(priv->rx_chan);
> +
> + /* free the buffer in se remove, previously allocated
> + * in se probe to store encrypted IMEM
> + */
> + if (priv->imem.buf) {
> + dmam_free_coherent(dev,
> + ELE_IMEM_SIZE,
> + priv->imem.buf,
> + priv->imem.phyaddr);
> + priv->imem.buf = NULL;
> + }

Why cleanup devm managed resources?

> +
> + if (priv->ctxs) {
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + if (priv->ctxs[i]) {
> + devm_remove_action(dev,
> + if_misc_deregister,
> + &priv->ctxs[i]->miscdev);
> + misc_deregister(&priv->ctxs[i]->miscdev);
> + devm_kfree(dev, priv->ctxs[i]);
> + }
> + }
> + devm_kfree(dev, priv->ctxs);
> + }
> +
> + if (priv->flags & RESERVED_DMA_POOL) {
> + of_reserved_mem_device_release(dev);
> + priv->flags &= (~RESERVED_DMA_POOL);
> + }
> +
> + devm_kfree(dev, priv);
> + of_node_put(dev->of_node);
> + of_platform_device_destroy(dev, NULL);
> +
> + return ret;
> +}
> +
> +static int se_probe_cleanup(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct device_node *if_dn;
> +
> + /* Enumerate se-interface device nodes. */
> + for_each_child_of_node(dev->of_node, if_dn) {
> + struct platform_device *if_pdev
> + = of_find_device_by_node(if_dn);
> + if (se_probe_if_cleanup(if_pdev))
> + dev_err(dev,
> + "Failed to clean-up child node probe.\n");
> + }
> +
> + return 0;
> +}
> +
> +static int init_device_context(struct device *dev)
> +{
> + const struct imx_se_node_info *info;
> + struct se_if_device_ctx *dev_ctx;
> + struct se_if_priv *priv;
> + u8 *devname;
> + int ret = 0;
> + int i;
> +
> + priv = dev_get_drvdata(dev);
> +
> + if (!priv) {
> + ret = -EINVAL;
> + dev_err(dev, "Invalid SE-MU Priv data");
> + return ret;
> + }
> + info = priv->info;
> +
> + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> + GFP_KERNEL);
> +
> + if (!priv->ctxs) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + /* Create users */
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> + if (!dev_ctx) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->dev = dev;
> + dev_ctx->status = MU_FREE;
> + dev_ctx->priv = priv;
> +
> + priv->ctxs[i] = dev_ctx;
> +
> + /* Default value invalid for an header. */
> + init_waitqueue_head(&dev_ctx->wq);
> +
> + INIT_LIST_HEAD(&dev_ctx->pending_out);
> + INIT_LIST_HEAD(&dev_ctx->pending_in);
> + sema_init(&dev_ctx->fops_lock, 1);
> +
> + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> + info->se_name, i);
> + if (!devname) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->miscdev.name = devname;
> + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> + dev_ctx->miscdev.fops = &se_if_fops;
> + dev_ctx->miscdev.parent = dev;
> + ret = misc_register(&dev_ctx->miscdev);
> + if (ret) {
> + dev_err(dev, "failed to register misc device %d\n",
> + ret);
> + return ret;
> + }
> +
> + ret = devm_add_action(dev, if_misc_deregister,
> + &dev_ctx->miscdev);
> + if (ret) {
> + dev_err(dev,
> + "failed[%d] to add action to the misc-dev\n",
> + ret);
> + return ret;
> + }
> + }
> +
> + return ret;
> +}
> +
> +static void se_load_firmware(const struct firmware *fw, void *context)
> +{
> + struct se_if_priv *priv = (struct se_if_priv *) context;
> + const struct imx_se_node_info *info = priv->info;
> + const u8 *se_fw_name = info->fw_name_in_rfs;
> + phys_addr_t se_fw_phyaddr;
> + u8 *se_fw_buf;
> +
> + if (!fw) {
> + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> + dev_dbg(priv->dev,
> + "External FW not found, using ROM FW.\n");
> + else {
> + /*add a bit delay to wait for firmware priv released */
> + msleep(20);
> +
> + /* Load firmware one more time if timeout */
> + request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT, info->fw_name_in_rfs,
> + priv->dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + priv->fw_fail++;
> + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> + priv->fw_fail);
> + }
> +
> + return;
> + }
> +
> + /* allocate buffer to store the SE FW */
> + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> + &se_fw_phyaddr,
> + GFP_KERNEL);
> + if (!se_fw_buf) {
> + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> + goto exit;
> + }
> +
> + memcpy(se_fw_buf, fw->data, fw->size);
> +
> + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> + dev_err(priv->dev,
> + "Failed to authenticate & load SE firmware %s.\n",
> + se_fw_name);
> +
> +exit:
> + dmam_free_coherent(priv->dev,
> + fw->size,
> + se_fw_buf,
> + se_fw_phyaddr);
> +
> + release_firmware(fw);
> +}
> +
> +static int se_if_probe(struct platform_device *pdev)
> +{
> + struct imx_se_node_info_list *info_list;
> + struct device *dev = &pdev->dev;
> + struct imx_se_node_info *info;
> + struct se_if_priv *priv;
> + u32 idx;
> + int ret;
> +
> + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> + ret = -EINVAL;
> + goto exit;
> + }
> +
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev->parent);
> + info = get_imx_se_node_info(info_list, idx);
> +
> + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> + if (!priv) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> +
> + dev_set_drvdata(dev, priv);
> +
> + /* Mailbox client configuration */
> + priv->se_mb_cl.dev = dev;
> + priv->se_mb_cl.tx_block = false;
> + priv->se_mb_cl.knows_txdone = true;
> + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> +
> + ret = se_if_request_channel(dev, &priv->tx_chan,
> + &priv->se_mb_cl, info->mbox_tx_name);
> + if (ret) {
> + if (ret == -EPROBE_DEFER)

Don't test for -EPROBE_DEFER, use dev_err_probe().

> + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> + else
> + dev_err(dev, "Failed to request tx channel\n");
> +
> + goto exit;
> + }
> +
> + ret = se_if_request_channel(dev, &priv->rx_chan,
> + &priv->se_mb_cl, info->mbox_rx_name);
> + if (ret) {
> + if (ret == -EPROBE_DEFER)
> + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> + else
> + dev_dbg(dev, "Failed to request rx channel\n");
> +
> + goto exit;
> + }
> +
> + priv->dev = dev;
> + priv->info = info;
> +
> + /* Initialize the mutex. */
> + mutex_init(&priv->se_if_lock);
> + mutex_init(&priv->se_if_cmd_lock);
> +
> + priv->cmd_receiver_dev = NULL;
> + priv->waiting_rsp_dev = NULL;
> + priv->max_dev_ctx = info->max_dev_ctx;
> + priv->cmd_tag = info->cmd_tag;
> + priv->rsp_tag = info->rsp_tag;
> + priv->mem_pool_name = info->pool_name;
> + priv->success_tag = info->success_tag;
> + priv->base_api_ver = info->base_api_ver;
> + priv->fw_api_ver = info->fw_api_ver;
> +
> + init_completion(&priv->done);
> + spin_lock_init(&priv->lock);
> +
> + if (info->reserved_dma_ranges) {
> + ret = of_reserved_mem_device_init(dev);
> + if (ret) {
> + dev_err(dev,
> + "failed to init reserved memory region %d\n",
> + ret);
> + priv->flags &= (~RESERVED_DMA_POOL);
> + goto exit;
> + }
> + priv->flags |= RESERVED_DMA_POOL;
> + }
> +
> + if (info->fw_name_in_rfs) {
> + ret = request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT,
> + info->fw_name_in_rfs,
> + dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + if (ret)
> + dev_warn(dev, "Failed to get firmware [%s].\n",
> + info->fw_name_in_rfs);
> + }
> +
> + ret = imx_fetch_soc_info(dev);
> + if (ret) {
> + dev_err(dev,
> + "failed[%d] to fetch SoC Info\n", ret);

Use %pe to print error values

> + goto exit;
> + }
> +
> + if (info->imem_mgmt) {
> + /* allocate buffer where SE store encrypted IMEM */
> + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
> + &priv->imem.phyaddr,
> + GFP_KERNEL);
> + if (!priv->imem.buf) {
> + dev_err(dev,
> + "dmam-alloc-failed: To store encr-IMEM.\n");
> + ret = -ENOMEM;
> + goto exit;
> + }
> + }
> +
> + if (info->max_dev_ctx) {
> + ret = init_device_context(dev);
> + if (ret) {
> + dev_err(dev,
> + "Failed[0x%x] to create device contexts.\n",
> + ret);
> + goto exit;
> + }
> + }
> +
> + dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
> + info->se_name);
> + return devm_of_platform_populate(dev);
> +
> +exit:
> + /* if execution control reaches here, if probe fails.
> + * hence doing the cleanup
> + */
> + if (se_probe_if_cleanup(pdev))
> + dev_err(dev,
> + "Failed to clean-up the child node probe.\n");
> +
> + return ret;
> +}
> +
> +static int se_probe(struct platform_device *pdev)
> +{
> + struct device_node *enum_dev_node;
> + struct device *dev = &pdev->dev;
> + int enum_count;
> + int ret;
> +
> + enum_count = of_get_child_count(dev->of_node);
> + if (!enum_count) {
> + ret = -EINVAL;
> + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> + return ret;
> + }
> +
> + for_each_child_of_node(dev->of_node, enum_dev_node) {
> + struct platform_device *enum_plat_dev __maybe_unused;

Why is this __maybe_unused?

> +
> + if (!of_device_is_available(enum_dev_node))
> + continue;
> +
> + enum_plat_dev = of_platform_device_create(enum_dev_node,
> + NULL,
> + dev);
> + if (!enum_plat_dev) {
> + ret = -EINVAL;
> + of_node_put(enum_dev_node);
> + dev_err(dev,
> + "Failed to create enumerated platform device.");
> + break;
> + }
> +
> + ret = se_if_probe(enum_plat_dev);
> + }
> + return ret;
> +}
> +
> +static int se_remove(struct platform_device *pdev)
> +{
> + if (se_probe_cleanup(pdev))
> + dev_err(&pdev->dev,
> + "i.MX Secure Enclave is not cleanly un-probed.");
> +
> + return 0;
> +}
> +
> +static int se_suspend(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + const struct imx_se_node_info *info
> + = priv->info;
> +
> + if (info && info->imem_mgmt)
> + priv->imem.size = se_save_imem_state(dev);
> +
> + return 0;
> +}
> +
> +static int se_resume(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + const struct imx_se_node_info *info
> + = priv->info;
> + int i;
> +
> + for (i = 0; i < priv->max_dev_ctx; i++)
> + wake_up_interruptible(&priv->ctxs[i]->wq);
> +
> + if (info && info->imem_mgmt)
> + se_restore_imem_state(dev);
> +
> + return 0;
> +}
> +
> +static const struct dev_pm_ops se_pm = {
> + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> +};
> +
> +static struct platform_driver se_driver = {
> + .driver = {
> + .name = "fsl-se-fw",
> + .of_match_table = se_match,
> + .pm = &se_pm,
> + },
> + .probe = se_probe,
> + .remove = se_remove,
> +};
> +MODULE_DEVICE_TABLE(of, se_match);
> +
> +module_platform_driver(se_driver);
> +
> +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> +MODULE_LICENSE("GPL");
> diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
> new file mode 100644
> index 000000000000..76e1ce77c52f
> --- /dev/null
> +++ b/drivers/firmware/imx/se_ctrl.h
> @@ -0,0 +1,151 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef SE_MU_H
> +#define SE_MU_H
> +
> +#include <linux/miscdevice.h>
> +#include <linux/semaphore.h>
> +#include <linux/mailbox_client.h>
> +
> +#define MAX_FW_LOAD_RETRIES 50
> +
> +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> +#define MSG_VER(x) ((x) & 0x000000ff)
> +#define RES_STATUS(x) ((x) & 0x000000ff)

please use FIELD_GET(), FIELD_PREP() for these

> +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> +#define S4_DEFAULT_MUAP_INDEX (2)
> +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> +#define MESSAGING_VERSION_6 0x6
> +#define MESSAGING_VERSION_7 0x7
> +
> +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> +
> +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> +
> +struct se_imem_buf {
> + u8 *buf;
> + phys_addr_t phyaddr;
> + u32 size;
> +};
> +
> +struct se_buf_desc {
> + u8 *shared_buf_ptr;
> + u8 *usr_buf_ptr;
> + u32 size;
> + struct list_head link;
> +};
> +
> +/* Status of a char device */
> +enum se_if_dev_ctx_status_t {
> + MU_FREE,
> + MU_OPENED
> +};
> +
> +struct se_shared_mem {
> + dma_addr_t dma_addr;
> + u32 size;
> + u32 pos;
> + u8 *ptr;
> +};
> +
> +/* Private struct for each char device instance. */
> +struct se_if_device_ctx {
> + struct device *dev;
> + struct se_if_priv *priv;
> + struct miscdevice miscdev;
> +
> + enum se_if_dev_ctx_status_t status;
> + wait_queue_head_t wq;
> + struct semaphore fops_lock;
> +
> + u32 pending_hdr;
> + struct list_head pending_in;
> + struct list_head pending_out;
> +
> + struct se_shared_mem secure_mem;
> + struct se_shared_mem non_secure_mem;
> +
> + u32 *temp_resp;
> + u32 temp_resp_size;
> + struct notifier_block se_notify;
> +};
> +
> +/* Header of the messages exchange with the EdgeLock Enclave */
> +struct se_msg_hdr {
> + u8 ver;
> + u8 size;
> + u8 command;
> + u8 tag;
> +} __packed;
> +
> +#define SE_MU_HDR_SZ 4
> +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> +
> +struct se_api_msg {
> + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> + u32 *data;
> +};
> +
> +struct se_if_priv {
> + struct se_if_device_ctx *cmd_receiver_dev;
> + struct se_if_device_ctx *waiting_rsp_dev;
> + bool no_dev_ctx_used;

What does no_dev_ctx_used do?

> + /*
> + * prevent parallel access to the se interface registers
> + * e.g. a user trying to send a command while the other one is
> + * sending a response.
> + */
> + struct mutex se_if_lock;
> + /*
> + * prevent a command to be sent on the se interface while another one is
> + * still processing. (response to a command is allowed)
> + */
> + struct mutex se_if_cmd_lock;

Please explain why you need 2 mutexes here?

> + struct device *dev;
> + u8 *mem_pool_name;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> + u32 fw_fail;
> + const void *info;
> +
> + struct mbox_client se_mb_cl;
> + struct mbox_chan *tx_chan, *rx_chan;
> + struct se_api_msg *rx_msg;
> + struct completion done;
> + spinlock_t lock;
> + /*
> + * Flag to retain the state of initialization done at
> + * the time of se-mu probe.
> + */
> + uint32_t flags;
> + u8 max_dev_ctx;
> + struct se_if_device_ctx **ctxs;
> + struct se_imem_buf imem;
> +};
> +
> +void *get_phy_buf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + dma_addr_t *buf,
> + u32 size);
> +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> + u8 *mem_pool_name,
> + u32 **buf,
> + u32 size);
> +void free_phybuf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + u32 *buf,
> + u32 size);
> +#endif
> diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h
> new file mode 100644
> index 000000000000..c47f84906837
> --- /dev/null
> +++ b/include/linux/firmware/imx/se_api.h
> @@ -0,0 +1,14 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef __SE_API_H__
> +#define __SE_API_H__
> +
> +#include <linux/types.h>
> +
> +#define SOC_ID_OF_IMX8ULP 0x084D
> +#define SOC_ID_OF_IMX93 0x9300
> +
> +#endif /* __SE_API_H__ */
> diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> new file mode 100644
> index 000000000000..f68a36e9da2c
> --- /dev/null
> +++ b/include/uapi/linux/se_ioctl.h
> @@ -0,0 +1,88 @@
> +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause*/
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef SE_IOCTL_H
> +#define SE_IOCTL_H
> +
> +/* IOCTL definitions. */
> +
> +struct se_ioctl_setup_iobuf {
> + u8 *user_buf;
> + u32 length;
> + u32 flags;
> + u64 ele_addr;
> +};
> +
> +struct se_ioctl_shared_mem_cfg {
> + u32 base_offset;
> + u32 size;
> +};
> +
> +struct se_ioctl_get_if_info {
> + u8 se_if_id;
> + u8 interrupt_idx;
> + u8 tz;
> + u8 did;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> +};
> +
> +struct se_ioctl_signed_message {
> + u8 *message;
> + u32 msg_size;
> + u32 error_code;
> +};
> +
> +struct se_ioctl_get_soc_info {
> + u16 soc_id;
> + u16 soc_rev;
> +};
> +
> +/* IO Buffer Flags */
> +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> +
> +/* IOCTLS */
> +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> +
> +/*
> + * ioctl to designated the current fd as logical-reciever.
> + * This is ioctl is send when the nvm-daemon, a slave to the
> + * firmware is started by the user.
> + */
> +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> +
> +/*
> + * ioctl to get the buffer allocated from the memory, which is shared
> + * between kernel and FW.
> + * Post allocation, the kernel tagged the allocated memory with:
> + * Output
> + * Input
> + * Input-Output
> + * Short address
> + * Secure-memory
> + */
> +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> + struct se_ioctl_setup_iobuf)
> +
> +/*
> + * ioctl to get the mu information, that is used to exchange message
> + * with FW, from user-spaced.
> + */
> +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> + struct se_ioctl_get_if_info)
> +/*
> + * ioctl to get SoC Info from user-space.
> + */
> +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> + struct se_ioctl_get_soc_info)
> +
> +#endif
>
> --
> 2.34.1
>

regards,
Marc

--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung Nürnberg | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |


Attachments:
(No filename) (70.69 kB)
signature.asc (499.00 B)
Download all attachments

2024-05-13 11:31:20

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Sascha Hauer <[email protected]>
> Sent: Monday, May 13, 2024 1:52 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Pengutronix
> Kernel Team <[email protected]>; Fabio Estevam
> <[email protected]>; [email protected]; linux-
> [email protected]; [email protected]; [email protected];
> [email protected]
> Subject: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock
> Enclave
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> On Fri, May 10, 2024 at 06:57:30PM +0530, Pankaj Gupta wrote:
> > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE), are
> > embedded in the SoC to support the features like HSM, SHE & V2X, using
> > message based communication interface.
> >
> > The secure enclave FW communicates on a dedicated messaging unit(MU)
> > based interface(s) with application core, where kernel is running.
> > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
> >
> > This patch adds the driver for communication interface to
> > secure-enclave, for exchanging messages with NXP secure enclave HW
> > IP(s) like EdgeLock Enclave, both from:
> > - User-Space Applications via character driver.
> > - Kernel-space, used by kernel management layers like DM-Crypt.
> >
> > ABI documentation for the NXP secure-enclave driver.
>
> Several review comments inside, but stopping here. I just found v7 of this
> series. Could it be that you have resent an older version of this series instead
> of the new one??
>
> Sascha

No. It is the newer one.
>
> >
> > User-space library using this driver:
> > - i.MX Secure Enclave library:
> > -- URL:
> > https://gith/
> > ub.com%2Fnxp-imx%2Fimx-secure-
> enclave.git&data=05%7C02%7Cpankaj.gupta%
> >
> 40nxp.com%7C5b0ab58761f6472c092208dc7325b2cd%7C686ea1d3bc2b4c6f
> a92cd99
> >
> c5c301635%7C0%7C0%7C638511852968769687%7CUnknown%7CTWFpbGZ
> sb3d8eyJWIjo
> >
> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0
> %7C%7C%
> >
> 7C&sdata=5NVV%2FQQQ6sg0UlTrPa5EeSD68JaDfRxCaCQa7LU%2FPS4%3D&r
> eserved=0
> > ,
> > - i.MX Secure Middle-Ware:
> > -- URL:
> > https://gith/
> > ub.com%2Fnxp-imx%2Fimx-
> smw.git&data=05%7C02%7Cpankaj.gupta%40nxp.com%7
> >
> C5b0ab58761f6472c092208dc7325b2cd%7C686ea1d3bc2b4c6fa92cd99c5c3
> 01635%7
> >
> C0%7C0%7C638511852968778134%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMD
> >
> AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sd
> ata=yk
> > cJAdYUUt2wvhRlAaN5EUmdqMmXqPq6srHkbSAqf1A%3D&reserved=0
> >
> > Signed-off-by: Pankaj Gupta <[email protected]>
> > ---
> > Documentation/ABI/testing/se-cdev | 42 ++
> > drivers/firmware/imx/Kconfig | 12 +
> > drivers/firmware/imx/Makefile | 2 +
> > drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> > drivers/firmware/imx/ele_base_msg.h | 70 ++
> > drivers/firmware/imx/ele_common.c | 341 +++++++++
> > drivers/firmware/imx/ele_common.h | 43 ++
> > drivers/firmware/imx/se_ctrl.c | 1339
> +++++++++++++++++++++++++++++++++++
> > drivers/firmware/imx/se_ctrl.h | 151 ++++
> > include/linux/firmware/imx/se_api.h | 14 +
> > include/uapi/linux/se_ioctl.h | 88 +++
> > 11 files changed, 2389 insertions(+)
> >
> > diff --git a/Documentation/ABI/testing/se-cdev
> > b/Documentation/ABI/testing/se-cdev
> > new file mode 100644
> > index 000000000000..699525af6b86
> > --- /dev/null
> > +++ b/Documentation/ABI/testing/se-cdev
> > @@ -0,0 +1,42 @@
> > +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> > +Date: May 2024
> > +KernelVersion: 6.8
> > +Contact: [email protected], [email protected]
> > +Description:
> > + NXP offers multiple hardware IP(s) for secure-enclaves like
> EdgeLock-
> > + Enclave(ELE), SECO. The character device file-descriptors
> > + /dev/<se>_mu*_ch* are the interface between user-space NXP's
> secure-
> > + enclave shared-library and the kernel driver.
> > +
> > + The ioctl(2)-based ABI is defined and documented in
> > + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> > + ioctl(s) are used primarily for:
> > + - shared memory management
> > + - allocation of I/O buffers
> > + - get mu info
> > + - setting a dev-ctx as receiver that is slave to fw
> > + - get SoC info
> > +
> > + The following file operations are supported:
> > +
> > + open(2)
> > + Currently the only useful flags are O_RDWR.
> > +
> > + read(2)
> > + Every read() from the opened character device context is waiting
> on
> > + wakeup_intruptible, that gets set by the registered mailbox
> callback
> > + function; indicating a message received from the firmware on
> message-
> > + unit.
> > +
> > + write(2)
> > + Every write() to the opened character device context needs to
> acquire
> > + mailbox_lock, before sending message on to the message unit.
> > +
> > + close(2)
> > + Stops and free up the I/O contexts that was associated
> > + with the file descriptor.
> > +
> > +Users:
> https://github/.
> com%2Fnxp-imx%2Fimx-secure-
> enclave.git&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5b0ab58761f64
> 72c092208dc7325b2cd%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0
> %7C638511852968783734%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C
> %7C&sdata=J0Ms9EmUe4pt2x199%2B6wydndbbzYlqg7XjWWgNOuwx8%3D
> &reserved=0,
> > +
> https://github/.
> com%2Fnxp-imx%2Fimx-
> smw.git&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5b0ab58761f6472
> c092208dc7325b2cd%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%
> 7C638511852968788026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA
> wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%
> 7C&sdata=Lgk3Hasd5ZbkztPDnhfAel5Ivd1aLZZy26K4KB97rSw%3D&reserved=
> 0
> > + crypto/skcipher,
> > + drivers/nvmem/imx-ocotp-ele.c
> > diff --git a/drivers/firmware/imx/Kconfig
> > b/drivers/firmware/imx/Kconfig index 183613f82a11..56bdca9bd917
> 100644
> > --- a/drivers/firmware/imx/Kconfig
> > +++ b/drivers/firmware/imx/Kconfig
> > @@ -22,3 +22,15 @@ config IMX_SCU
> >
> > This driver manages the IPC interface between host CPU and the
> > SCU firmware running on M4.
> > +
> > +config IMX_SEC_ENCLAVE
> > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware
> driver."
> > + depends on IMX_MBOX && ARCH_MXC && ARM64
> > + default m if ARCH_MXC
> > +
> > + help
> > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP
> called:
> > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> > + like base, HSM, V2X & SHE using the SAB protocol via the shared
> Messaging
> > + Unit. This driver exposes these interfaces via a set of file descriptors
> > + allowing to configure shared memory, send and receive messages.
> > diff --git a/drivers/firmware/imx/Makefile
> > b/drivers/firmware/imx/Makefile index 8f9f04a513a8..aa9033e0e9e3
> > 100644
> > --- a/drivers/firmware/imx/Makefile
> > +++ b/drivers/firmware/imx/Makefile
> > @@ -1,3 +1,5 @@
> > # SPDX-License-Identifier: GPL-2.0
> > obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irqo rm.o
> imx-scu-soc.o
> > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> > diff --git a/drivers/firmware/imx/ele_base_msg.c
> > b/drivers/firmware/imx/ele_base_msg.c
> > new file mode 100644
> > index 000000000000..0463f26d93c7
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.c
> > @@ -0,0 +1,287 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/types.h>
> > +#include <linux/completion.h>
> > +#include <linux/dma-mapping.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info) {
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + phys_addr_t get_info_addr;
> > + u32 *get_info_data;
> > + u32 status;
> > + int ret;
> > +
> > + if (!priv || !s_info)
> > + goto exit;
>
> ret and get_info_addr are used uninitialized when jumping to the exit label
> from here.
>
Will fix it in V2.

> > +
> > + memset(s_info, 0x0, sizeof(*s_info));
> > +
> > + if (priv->mem_pool_name)
> > + get_info_data = get_phy_buf_mem_pool(dev,
> > + priv->mem_pool_name,
> > + &get_info_addr,
> > + ELE_GET_INFO_BUFF_SZ);
> > + else
> > + get_info_data = dmam_alloc_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + &get_info_addr,
> > + GFP_KERNEL);
> > + if (!get_info_data) {
> > + ret = -ENOMEM;
> > + dev_err(dev,
> > + "%s: Failed to allocate get_info_addr.\n",
> > + __func__);
> > + goto exit;
> > + }
> > +
> > + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = upper_32_bits(get_info_addr);
>
> How can this work without triggering a NULL pointer exception? struct
> se_api_msg is declared as:
>
> struct se_api_msg {
> u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> u32 *data;
> };
>
> The memory for tx_msg is kzalloced above, so *data is a NULL pointer.

Buffer for tx_msg is allocated for " ELE_GET_INFO_REQ_MSG_SZ".
- First 32bit of this buffer will points to header, and
- From second 32 bit, it will be accessed as data.

Will replace u32* with u32 data[].

>
> > + tx_msg->data[1] = lower_32_bits(get_info_addr);
> > + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_GET_INFO_REQ, status);
> > + ret = -1;
>
> Callers seem to expect an error code. Do you intend to return -EPERM here?

Accepted will. Intended error was to have "Operation failed.", instead of "Operation not permitted".
I think this is the closest.
Will Replace -1 with -EPERM.

>
> > + }
> > +
> > + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> > + & ELE_IMEM_STATE_MASK) >> 16;
> > + s_info->major_ver =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 24;
> > + s_info->minor_ver =
> ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16) & 0xFF;
> > + s_info->soc_rev =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16;
> > + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_ID_MASK;
> > + s_info->serial_num
> > + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] <<
> 32
> > + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> > +exit:
> > + if (get_info_addr) {
> > + if (priv->mem_pool_name)
> > + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> > + get_info_data, ELE_GET_INFO_BUFF_SZ);
> > + else
> > + dmam_free_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + get_info_data,
> > + get_info_addr);
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +int ele_ping(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_PING_REQ, ELE_PING_REQ_SZ,
> > + true);
> > + if (ret) {
> > + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> > + goto exit;
> > + }
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_PING_REQ,
> > + ELE_PING_RSP_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_PING_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > + return ret;
> > +}
> > +
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag) {
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2,
> GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = flag;
> > + tx_msg->data[1] = addr_size;
> > + tx_msg->data[2] = ELE_NONE_VAL;
> > + tx_msg->data[3] = lower_32_bits(addr);
> > + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> > + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_SERVICE_SWAP_REQ, status);
> > + ret = -1;
> > + } else {
> > + if (flag == ELE_IMEM_EXPORT)
> > + ret = priv->rx_msg->data[1];
> > + else
> > + ret = 0;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > +
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr) {
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_REQ_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = addr;
> > + tx_msg->data[1] = 0x0;
> > + tx_msg->data[2] = addr;
>
> Has this been tested?

Yes, it is tested.
This API is invoked while loading the secondary ELE firmware on i.MX8ULP.
If this API fails, then secondary FW loading failed. The tests that I ran before submitting this patch-set, will fail too.

> According to the documentation data[0] shall contain
> the upper 32bit of the address and data[1] shall contain the lower 32bit of the
> address.
Data[1] is for address extension, which is not used by i.MX8ULP.
Accepted and will correct it in v2.

>There is no data[2] for this call.
Not sure which document are you referring, but it is very much valid. This message is a 4 word message request.
Kindly re-check.

data[0], is the address of start of Container Header, that must be accessible to ELE FW.
data[2], is actual address deduced from the array of the images part of container.

In the current case, both are same.

>
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 |
> http://www.pe/
> ngutronix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C5b0ab58
> 761f6472c092208dc7325b2cd%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C
> 0%7C0%7C638511852968792139%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%
> 7C%7C%7C&sdata=hsZ%2B5pasElgn8fbcsSa81yEYT%2BHLKWiymdIlz47w9Uo
> %3D&reserved=0 |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

2024-05-13 15:36:58

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc



> -----Original Message-----
> From: Rob Herring <[email protected]>
> Sent: Saturday, May 11, 2024 1:39 AM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Krzysztof Kozlowski
> <[email protected]>; Conor Dooley <[email protected]>;
> Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding
> doc
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> On Fri, May 10, 2024 at 06:57:28PM +0530, Pankaj Gupta wrote:
> > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X etc.,
> > creates an embedded secure enclave within the SoC boundary to enable
> > features like:
> > - HSM
> > - SHE
> > - V2X
> >
> > Secure-Enclave(s) communication interface are typically via message
> > unit, i.e., based on mailbox linux kernel driver. This driver enables
> > communication ensuring well defined message sequence protocol between
> > Application Core and enclave's firmware.
> >
> > Driver configures multiple misc-device on the MU, for multiple
> > user-space applications, to be able to communicate over single MU.
> >
> > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> >
> > Signed-off-by: Pankaj Gupta <[email protected]>
> > ---
> > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 186
> +++++++++++++++++++++
> > 1 file changed, 186 insertions(+)
> >
> > diff --git
> > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > new file mode 100644
> > index 000000000000..a858ef6965cb
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > @@ -0,0 +1,186 @@
> > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2
> > +---
> > +$id:
> > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdevi
> > +cetree.org%2Fschemas%2Ffirmware%2Ffsl%2Cimx-
> se.yaml%23&data=05%7C02%7
> >
> +Cpankaj.gupta%40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C
> 686ea1d3
> >
> +bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638509685520936926%7CUnkn
> own%7CTWF
> >
> +pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
> VCI6
> >
> +Mn0%3D%7C0%7C%7C%7C&sdata=Rwof3k3K1OWimcI5ApRMiyvD%2FPXgk
> b%2BRWrvx76J
> > +YBtw%3D&reserved=0
> > +$schema:
> > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdevi
> > +cetree.org%2Fmeta-
> schemas%2Fcore.yaml%23&data=05%7C02%7Cpankaj.gupta%
> >
> +40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C686ea1d3bc2b4c
> 6fa92cd9
> >
> +9c5c301635%7C0%7C0%7C638509685520944809%7CUnknown%7CTWFpb
> GZsb3d8eyJWI
> >
> +joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> C0%7C%
> >
> +7C%7C&sdata=aile3WnYE69fuJHvAOXQARlqLV9roZDuDK63fCj2ZTE%3D&res
> erved=0
> > +
> > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > +
> > +maintainers:
> > + - Pankaj Gupta <[email protected]>
> > +
> > +description: |
> > + NXP's SoC may contain one or multiple embedded secure-enclave HW
> > + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > + enables features like
> > + - Hardware Security Module (HSM),
> > + - Security Hardware Extension (SHE), and
> > + - Vehicular to Anything (V2X)
> > +
> > + Communication interface to the secure-enclaves is based on the
> > + messaging unit(s).
> > +
> > +properties:
> > + '#address-cells':
> > + const: 1
> > +
> > + '#size-cells':
> > + const: 0
> > +
> > + compatible:
> > + enum:
> > + - fsl,imx8ulp-ele
> > + - fsl,imx93-ele
>
> You basically have 0 properties in the parent node. What's the point of it?
> Either just get rid of it and define the child nodes independently or make the
> parent contain all the resources.
>
> > +
> > +patternProperties:
> > + "^[0-9a-z]*-if@[0-9]+$":
>
> unit-addresses are hex.
Accepted.

>
> > + type: object
> > + description:
> > + Communication interface to secure-enclave node, that defines
> hardware
> > + properties to required to establish the communication. There can be
> > + multiple interfaces to the same secure-enclave. Each interface is
> > + enumerated with reg property. It optionally defines properties
> > + depending on the compatible string and interface enum identifier.
> > +
> > + properties:
> > + reg:
> > + maxItems: 1
> > + description: Identifier of the communication interface to secure-
> enclave.
>
> What are the identifiers based on?
Identifier is used to identify a particular secure enclave interface, within the multiple secure enclave interfaces under same compatible string.

Secure enclave interface is the combination of:
- messaging unit (hardware), and
- memory constraint applicable to a particular interface.

> Is the value significant to s/w? Kind of looks like you just made up indices.

For the below example:
v2x {
compatible = "fsl,imx95-v2x";
#address-cells = <1>;
#size-cells = <0>;

v2x-if@0 { // if it is not @0, then what identifier to be used to identify a particular node.
reg = <0x0>;
mboxes = <&v2x_mu 0 0>, <&v2x_mu 1 0>;
mbox-names = "tx", "rx";
};
v2x-if@1 {
reg = <0x1>;
mboxes = <&v2x_mu6 0 0>, <&v2x_mu6 1 0>;
mbox-names = "txdb", "rxdb";
};
v2x-if@2 {
reg = <0x2>;
mboxes = <&v2x_mu7 0 0>, <&v2x_mu7 1 0>;
mbox-names = "tx", "rx";
};
};
s/w needs to differentiate one node from another node, for the same compatible string for the SoC.

>
> How many child nodes do you have? Is it fixed per SoC?
It is fixed for a particular SoC.
While number of child nodes varies from one SoC to another SoC.

>
> > +
> > + mboxes:
> > + description: contain a list of phandles to mailboxes.
> > + items:
> > + - description: Specify the mailbox used to send message to se
> firmware
> > + - description: Specify the mailbox used to receive message
> > + from se firmware
> > +
> > + mbox-names:
> > + items:
> > + - const: tx
> > + - const: rx
> > + - const: txdb
> > + - const: rxdb
> > + minItems: 2
> > +
> > + memory-region:
> > + description: contains a list of phandles to reserved external memory.
> > + items:
> > + - description: It is used by secure-enclave firmware. It is an optional
> > + property based on compatible and identifier to communication
> interface.
> > + (see bindings/reserved-memory/reserved-memory.txt)
> > +
> > + sram:
> > + description: contains a list of phandles to sram.
> > + $ref: /schemas/types.yaml#/definitions/phandle-array
> > + items:
> > + - description: Phandle to the device SRAM. It is an optional property
> > + based on compatible and identifier to communication interface.
> > +
> > + required:
> > + - reg
> > + - mboxes
> > + - mbox-names
> > +
> > +allOf:
> > + # memory-region
> > + - if:
> > + properties:
> > + compatible:
> > + contains:
> > + enum:
> > + - fsl,imx8ulp-ele
> > + - fsl,imx93-ele
>
> What else would they contain? Those are the only compatibles defined here.

It will have multiple child nodes, but fixed number of child node for a particular SoC.

>
> > + then:
> > + patternProperties:
> > + "^[0-9a-z]*-if@[0-9]+$":
> > + allOf:
> > + - if:
>
> These conditionals are hard to follow. Probably a sign some of this needs to be
> separate or simplified.
I am ready to separate and simplify.
Please help by sharing an example on how to go about this change.
Probably an example that helps me understand your point and then will start to work on this comment.
It is highly appreciated. Thanks.

>
> > + properties:
> > + reg:
> > + items:
> > + - enum:
> > + - 0
> > + then:
> > + required:
> > + - memory-region
> > + else:
> > + not:
> > + required:
> > + - memory-region
> > + # sram
> > + - if:
> > + properties:
> > + compatible:
> > + contains:
> > + enum:
> > + - fsl,imx8ulp-ele
> > + then:
> > + patternProperties:
> > + "^[0-9a-z]*-if@[0-9]+$":
> > + allOf:
> > + - if:
> > + properties:
> > + reg:
> > + items:
> > + - enum:
> > + - 0
> > + then:
> > + required:
> > + - sram
> > + else:
> > + not:
> > + required:
> > + - sram
> > +
> > +additionalProperties: false

2024-05-14 10:39:25

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] Re: [PATCH 1/4] Documentation/firmware: add imx/se to other_interfaces



> -----Original Message-----
> From: Sascha Hauer <[email protected]>
> Sent: Monday, May 13, 2024 1:00 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Pengutronix
> Kernel Team <[email protected]>; Fabio Estevam
> <[email protected]>; [email protected]; linux-
> [email protected]; [email protected]; [email protected];
> [email protected]
> Subject: [EXT] Re: [PATCH 1/4] Documentation/firmware: add imx/se to
> other_interfaces
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> On Fri, May 10, 2024 at 06:57:27PM +0530, Pankaj Gupta wrote:
> > Documents i.MX SoC's Service layer and C_DEV driver for selected
> > SoC(s) that contains the NXP hardware IP(s) for secure-enclaves(se) like:
> > - NXP EdgeLock Enclave on i.MX93 & i.MX8ULP
> >
> > Signed-off-by: Pankaj Gupta <[email protected]>
> > ---
> > .../driver-api/firmware/other_interfaces.rst | 126
> +++++++++++++++++++++
> > 1 file changed, 126 insertions(+)
> >
> > diff --git a/Documentation/driver-api/firmware/other_interfaces.rst
> > b/Documentation/driver-api/firmware/other_interfaces.rst
> > index 06ac89adaafb..c18c2d3e6e08 100644
> > --- a/Documentation/driver-api/firmware/other_interfaces.rst
> > +++ b/Documentation/driver-api/firmware/other_interfaces.rst
> > @@ -49,3 +49,129 @@ of the requests on to a secure monitor (EL3).
> >
> > .. kernel-doc:: drivers/firmware/stratix10-svc.c
> > :export:
> > +
> > +NXP Secure Enclave Firmware Interface
> > +=====================================
> > +
> > +Introduction
> > +------------
> > +The NXP's i.MX HW IP like EdgeLock-Enclave, V2X etc., creats an
> > +embedded secure
>
> s/creats/creates/
Accepted.

>
> > +enclave within the SoC boundary to enable features like
> > + - Hardware Security Module (HSM)
> > + - Security Hardware Extension (SHE)
> > + - Vehicular to Anything (V2X)
> > +
> > +Each of the above feature, is enabled through dedicated NXP H/W IP on the
> SoC.
> > +On a single SoC, multiple hardware IP (or can say more than one
> > +secure enclave) can exists.
> > +
> > +NXP SoC(s) enabled with the such secure enclave(se) IP(s) are:
>
> There are already multiple NXP SoCs with a secure enclave, so you can drop
> the braces around the plural 's'.
Accepted.
>
> With (se) you refer to the acronym SE for secure enclave, right? If so, please
> write it in uppercase letters.

Accepted.
>
> > +i.MX93, i.MX8ULP
> > +
> > +To communicate with one or more co-existing 'se'(s) on SoC, there
> > +is/are dedicated messaging units(MU) per 'se'. Each co-existing 'se'
> > +can have one or multiple exclusive MU(s), dedicated to itself. None of the
> MU is shared between two se(s).
>
> between to SEs (the plural 's' is not optional here)
Accepted.

>
> > +Communication of the MU is realized using the Linux mailbox driver.
> > +
> > +NXP Secure Enclave(SE) Interface
> > +--------------------------------
> > +All those SE interface(s) 'se-if(s)' that is/are dedicated to a
> > +particular 'se', will be
>
> interfaces (no 's' in braces).
Accepted.

>
> Please use uppercase letters consistently for 'SE'
Accepted.

>
> > +enumerated and provisioned under the very single 'se' node.
> > +
> > +Each 'se-if', comprise of twp layers:
> > +- (C_DEV Layer) User-Space software-access interface.
> > +- (Service Layer) OS-level software-access interface.
> > +
> > + +--------------------------------------------+
> > + | Character Device(C_DEV) |
> > + | |
> > + | +---------+ +---------+ +---------+ |
> > + | | misc #1 | | misc #2 | ... | misc #n | |
> > + | | dev | | dev | | dev | |
> > + | +---------+ +---------+ +---------+ |
> > + | +-------------------------+ |
> > + | | Misc. Dev Synchr. Logic | |
> > + | +-------------------------+ |
> > + | |
> > + +--------------------------------------------+
> > +
> > + +--------------------------------------------+
> > + | Service Layer |
> > + | |
> > + | +-----------------------------+ |
> > + | | Message Serialization Logic | |
> > + | +-----------------------------+ |
> > + | +---------------+ |
> > + | | imx-mailbox | |
> > + | | mailbox.c | |
> > + | +---------------+ |
> > + | |
> > + +--------------------------------------------+
> > +
> > +- service layer:
> > + This layer is responsible for ensuring the communication protocol,
> > +that is defined
> > + for communication with firmware.
> > +
> > + FW Communication protocol ensures two things:
> > + - Serializing the multiple message(s) to be sent over an MU.
>
> Just "Serializing the messages to be sent over an MU"
Accepted.

>
> > + A mutex locks instance "mu_lock" is instantiated per MU. It is taken to
> ensure
> > + one message is sent over MU at a time. The lock "mu_lock" is unlocked,
> post sending
> > + the message using the mbox api(s) exposed by mailbox kernel driver.
> > +
> > + - FW can handle one command-message at a time.
> > + Second command-message must wait till first command message is
> completely processed.
> > + Hence, another mutex lock instance "mu_cmd_lock" is instantiated per
> MU. It is taken
> > + to ensure one command-message is sent at a time, towards FW. This lock
> is not unlocked,
> > + for the next command-message, till previous command message is
> processed completely.
>
> I don't think such implementation details belong here. They are easily
> changed in the code with the documentation update being forgotten. I'd just
> leave the bullet points here and add the detailed description as comments to
> the code.

Will re-visit and will try removing it.
>
> Sascha
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 |
> http://www.pe/
> ngutronix.de%2F&data=05%7C02%7Cpankaj.gupta%40nxp.com%7Ced22fbda
> 8a3143c2e6e708dc731e868e%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C
> 0%7C0%7C638511822140912745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%
> 7C%7C%7C&sdata=F4NbLNX37%2FB75Dv2q7e1DTRNaq6XZuAAMDdx9JFZ4U
> s%3D&reserved=0 |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

2024-05-16 04:48:46

by Amit Singh Tomar

[permalink] [raw]
Subject: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

> ----------------------------------------------------------------------
> NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> are embedded in the SoC to support the features like HSM, SHE & V2X,
> using message based communication interface.
>
> The secure enclave FW communicates on a dedicated messaging unit(MU)
> based interface(s) with application core, where kernel is running.
> It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
>
> This patch adds the driver for communication interface to secure-enclave,
> for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock Enclave,
> both from:
> - User-Space Applications via character driver.
> - Kernel-space, used by kernel management layers like DM-Crypt.
>
> ABI documentation for the NXP secure-enclave driver.
>
> User-space library using this driver:
> - i.MX Secure Enclave library:
> -- URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=lRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JKGr_OrCPlpaat&s=GFFpXM8z8-pliprvP1Xs1NsiJ8yEvE9xFQuUIGLYoe8&e= ,
> - i.MX Secure Middle-Ware:
> -- URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=lRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JKGr_OrCPlpaat&s=aCsO_lLG71KPvjVgXlx9Ly0Ed05XnSUJ4z-xxqxSze8&e=
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> Documentation/ABI/testing/se-cdev | 42 ++
> drivers/firmware/imx/Kconfig | 12 +
> drivers/firmware/imx/Makefile | 2 +
> drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> drivers/firmware/imx/ele_base_msg.h | 70 ++
> drivers/firmware/imx/ele_common.c | 341 +++++++++
> drivers/firmware/imx/ele_common.h | 43 ++
> drivers/firmware/imx/se_ctrl.c | 1339 +++++++++++++++++++++++++++++++++++
> drivers/firmware/imx/se_ctrl.h | 151 ++++
> include/linux/firmware/imx/se_api.h | 14 +
> include/uapi/linux/se_ioctl.h | 88 +++
> 11 files changed, 2389 insertions(+)
>
> diff --git a/Documentation/ABI/testing/se-cdev b/Documentation/ABI/testing/se-cdev
> new file mode 100644
> index 000000000000..699525af6b86
> --- /dev/null
> +++ b/Documentation/ABI/testing/se-cdev
> @@ -0,0 +1,42 @@
> +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> +Date: May 2024
> +KernelVersion: 6.8
> +Contact: [email protected], [email protected]
> +Description:
> + NXP offers multiple hardware IP(s) for secure-enclaves like EdgeLock-
> + Enclave(ELE), SECO. The character device file-descriptors
> + /dev/<se>_mu*_ch* are the interface between user-space NXP's secure-
> + enclave shared-library and the kernel driver.
> +
> + The ioctl(2)-based ABI is defined and documented in
> + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> + ioctl(s) are used primarily for:
> + - shared memory management
> + - allocation of I/O buffers
> + - get mu info
> + - setting a dev-ctx as receiver that is slave to fw
> + - get SoC info
> +
> + The following file operations are supported:
> +
> + open(2)
> + Currently the only useful flags are O_RDWR.
> +
> + read(2)
> + Every read() from the opened character device context is waiting on
> + wakeup_intruptible, that gets set by the registered mailbox callback
> + function; indicating a message received from the firmware on message-
> + unit.
> +
> + write(2)
> + Every write() to the opened character device context needs to acquire
> + mailbox_lock, before sending message on to the message unit.
> +
> + close(2)
> + Stops and free up the I/O contexts that was associated
> + with the file descriptor.
> +
> +Users: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsecure-2Denclave.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=lRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JKGr_OrCPlpaat&s=GFFpXM8z8-pliprvP1Xs1NsiJ8yEvE9xFQuUIGLYoe8&e= ,
> + https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nxp-2Dimx_imx-2Dsmw.git&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=V_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-JKU&m=lRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JKGr_OrCPlpaat&s=aCsO_lLG71KPvjVgXlx9Ly0Ed05XnSUJ4z-xxqxSze8&e=
> + crypto/skcipher,
> + drivers/nvmem/imx-ocotp-ele.c
> diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> index 183613f82a11..56bdca9bd917 100644
> --- a/drivers/firmware/imx/Kconfig
> +++ b/drivers/firmware/imx/Kconfig
> @@ -22,3 +22,15 @@ config IMX_SCU
>
> This driver manages the IPC interface between host CPU and the
> SCU firmware running on M4.
> +
> +config IMX_SEC_ENCLAVE
> + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware driver."
> + depends on IMX_MBOX && ARCH_MXC && ARM64
> + default m if ARCH_MXC
> +
> + help
> + It is possible to use APIs exposed by the iMX Secure Enclave HW IP called:
> + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> + like base, HSM, V2X & SHE using the SAB protocol via the shared Messaging
> + Unit. This driver exposes these interfaces via a set of file descriptors
> + allowing to configure shared memory, send and receive messages.
> diff --git a/drivers/firmware/imx/Makefile b/drivers/firmware/imx/Makefile
> index 8f9f04a513a8..aa9033e0e9e3 100644
> --- a/drivers/firmware/imx/Makefile
> +++ b/drivers/firmware/imx/Makefile
> @@ -1,3 +1,5 @@
> # SPDX-License-Identifier: GPL-2.0
> obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o rm.o imx-scu-soc.o
> +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> diff --git a/drivers/firmware/imx/ele_base_msg.c b/drivers/firmware/imx/ele_base_msg.c
> new file mode 100644
> index 000000000000..0463f26d93c7
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.c
> @@ -0,0 +1,287 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/types.h>
> +#include <linux/completion.h>
> +#include <linux/dma-mapping.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + phys_addr_t get_info_addr;
> + u32 *get_info_data;
> + u32 status;
> + int ret;
> +
> + if (!priv || !s_info)
> + goto exit;
> +
> + memset(s_info, 0x0, sizeof(*s_info));
> +
> + if (priv->mem_pool_name)
> + get_info_data = get_phy_buf_mem_pool(dev,
> + priv->mem_pool_name,
> + &get_info_addr,
> + ELE_GET_INFO_BUFF_SZ);
> + else
> + get_info_data = dmam_alloc_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + &get_info_addr,
> + GFP_KERNEL);
> + if (!get_info_data) {
> + ret = -ENOMEM;
> + dev_err(dev,
> + "%s: Failed to allocate get_info_addr.\n",
> + __func__);
> + goto exit;
> + }
> +
> + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = upper_32_bits(get_info_addr);
> + tx_msg->data[1] = lower_32_bits(get_info_addr);
> + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_GET_INFO_REQ,
> + ELE_GET_INFO_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_GET_INFO_REQ, status);
> + ret = -1;
> + }
> +
> + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> + & ELE_IMEM_STATE_MASK) >> 16;
> + s_info->major_ver = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 24;
> + s_info->minor_ver = ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16) & 0xFF;
> + s_info->soc_rev = (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_VER_MASK) >> 16;
> + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> + & SOC_ID_MASK;
> + s_info->serial_num
> + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] << 32
> + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> +exit:
> + if (get_info_addr) {
> + if (priv->mem_pool_name)
> + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> + get_info_data, ELE_GET_INFO_BUFF_SZ);
> + else
> + dmam_free_coherent(dev,
> + ELE_GET_INFO_BUFF_SZ,
> + get_info_data,
> + get_info_addr);
> + }
> +
> + return ret;
> +}
> +
> +int ele_ping(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_PING_REQ, ELE_PING_REQ_SZ,
> + true);
> + if (ret) {
> + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> + goto exit;
> + }
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_PING_REQ,
> + ELE_PING_RSP_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_PING_REQ, status);
> + ret = -1;
> + }
> +exit:
> + return ret;
> +}
> +
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = flag;
> + tx_msg->data[1] = addr_size;
> + tx_msg->data[2] = ELE_NONE_VAL;
> + tx_msg->data[3] = lower_32_bits(addr);
> + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_SERVICE_SWAP_REQ,
> + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_SERVICE_SWAP_REQ, status);
> + ret = -1;
> + } else {
> + if (flag == ELE_IMEM_EXPORT)
> + ret = priv->rx_msg->data[1];
> + else
> + ret = 0;
> + }
> +exit:
> +
> + return ret;
> +}
> +
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_api_msg *rx_msg __free(kfree);
> + u32 status;
> + int ret;
> +
> + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> + if (!tx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> + if (!rx_msg) {
> + ret = -ENOMEM;
> + return ret;
> + }
> + ret = plat_fill_cmd_msg_hdr(priv,
> + (struct se_msg_hdr *)&tx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_REQ_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + tx_msg->data[0] = addr;
> + tx_msg->data[1] = 0x0;
> + tx_msg->data[2] = addr;
> +
> + priv->rx_msg = rx_msg;
> + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> + if (ret < 0)
> + goto exit;
> +
> + ret = validate_rsp_hdr(priv,
> + priv->rx_msg->header,
> + ELE_FW_AUTH_REQ,
> + ELE_FW_AUTH_RSP_MSG_SZ,
> + true);
> + if (ret)
> + goto exit;
> +
> + status = RES_STATUS(priv->rx_msg->data[0]);
> + if (status != priv->success_tag) {
> + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> + ELE_FW_AUTH_REQ, status);
> + ret = -1;
> + }
> +exit:
> +
> + return ret;
> +}
> diff --git a/drivers/firmware/imx/ele_base_msg.h b/drivers/firmware/imx/ele_base_msg.h
> new file mode 100644
> index 000000000000..3b3d2bf04a84
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_base_msg.h
> @@ -0,0 +1,70 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + *
> + * Header file for the EdgeLock Enclave Base API(s).
> + */
> +
> +#ifndef ELE_BASE_MSG_H
> +#define ELE_BASE_MSG_H
> +
> +#include <linux/device.h>
> +#include <linux/types.h>
> +
> +#define WORD_SZ 4
> +#define ELE_NONE_VAL 0x0
> +
> +#define ELE_SUCCESS_IND 0xD6
> +
> +#define ELE_GET_INFO_REQ 0xDA
> +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> +
> +#define ELE_GET_INFO_BUFF_SZ 0x100
> +#define ELE_GET_INFO_READ_SZ 0xA0
> +
> +#define DEFAULT_IMX_SOC_VER 0xA0
> +#define SOC_VER_MASK 0xFFFF0000
> +#define SOC_ID_MASK 0x0000FFFF
> +struct soc_info {
> + u32 imem_state;
> + u8 major_ver;
> + u8 minor_ver;
> + u16 soc_id;
> + u16 soc_rev;
> + u64 serial_num;
> +};
> +
> +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> +#define GET_INFO_UUID_WORD_OFFSET 3
> +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> + (GET_INFO_UUID_WORD_OFFSET + 3)
> +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> + (GET_INFO_UUID_WORD_OFFSET + 0)
> +
> +#define ELE_PING_REQ 0x01
> +#define ELE_PING_REQ_SZ 0x04
> +#define ELE_PING_RSP_SZ 0x08
> +
> +#define ELE_SERVICE_SWAP_REQ 0xDF
> +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> +#define ELE_IMEM_SIZE 0x10000
> +#define ELE_IMEM_STATE_OK 0xCA
> +#define ELE_IMEM_STATE_BAD 0xFE
> +#define ELE_IMEM_STATE_WORD 0x27
> +#define ELE_IMEM_STATE_MASK 0x00ff0000
> +#define ELE_IMEM_EXPORT 0x1
> +#define ELE_IMEM_IMPORT 0x2
> +
> +#define ELE_FW_AUTH_REQ 0x02
> +#define ELE_FW_AUTH_REQ_SZ 0x10
> +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> +
> +int ele_get_info(struct device *dev, struct soc_info *s_info);
> +int ele_ping(struct device *dev);
> +int ele_service_swap(struct device *dev,
> + phys_addr_t addr,
> + u32 addr_size, u16 flag);
> +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> +#endif
> diff --git a/drivers/firmware/imx/ele_common.c b/drivers/firmware/imx/ele_common.c
> new file mode 100644
> index 000000000000..dcf7f9034653
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_common.c
> @@ -0,0 +1,341 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +
> +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> +{
> + u32 nb_words = msg_len / (u32)sizeof(u32);
> + u32 crc = 0;
> + u32 i;
> +
> + for (i = 0; i < nb_words - 1; i++)
> + crc ^= *(msg + i);
> +
> + return crc;
> +}
> +
> +int imx_ele_msg_rcv(struct se_if_priv *priv)
> +{
> + u32 wait;
> + int err;
> +
> + wait = msecs_to_jiffies(1000);
> + if (!wait_for_completion_timeout(&priv->done, wait)) {
> + dev_err(priv->dev,
> + "Error: wait_for_completion timed out.\n");
> + err = -ETIMEDOUT;
> + }
> +
> + mutex_unlock(&priv->se_if_cmd_lock);
> + priv->no_dev_ctx_used = false;
> +
> + return err;
> +}
> +
> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> +{
> + bool is_cmd_lock_tobe_taken = false;
> + int err;
> +
> + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> + is_cmd_lock_tobe_taken = true;
> + mutex_lock(&priv->se_if_cmd_lock);
> + }
> + scoped_guard(mutex, &priv->se_if_lock);
> +
> + err = mbox_send_message(priv->tx_chan, mssg);
> + if (err < 0) {
> + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> + if (is_cmd_lock_tobe_taken)
> + mutex_unlock(&priv->se_if_cmd_lock);
> + return err;
> + }
> + err = 0;

It looks odd, you can simply return 0 in the following statement.

> +
> + return err;
> +}
> +
> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> +{
> + int err;
> +
> + priv->no_dev_ctx_used = true;
> + err = imx_ele_msg_send(priv, mssg);
> + if (err)
> + goto exit;
> +
> + err = imx_ele_msg_rcv(priv);
> +
> +exit:
> + return err;
> +}
> +
> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> +{
> + struct se_msg_hdr header = {0};
> + int err;
> +
> + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr != 0);
> + if (err)
> + dev_err(dev_ctx->dev,
> + "%s: Err[0x%x]:Interrupted by signal.\n",
> + dev_ctx->miscdev.name, err);
> +
> + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> +
> + if (header.tag == dev_ctx->priv->rsp_tag)
> + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> +
> + return err;
> +}
> +
> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz)
> +{
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_msg_hdr header = {0};
> + int err;
> +
> + header = *((struct se_msg_hdr *) tx_msg);
> +
> + /*
> + * Check that the size passed as argument matches the size
> + * carried in the message.
> + */
> + err = header.size << 2;
> +
> + if (err != tx_msg_sz) {
> + err = -EINVAL;
> + dev_err(priv->dev,
> + "%s: User buffer too small\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> + /* Check the message is valid according to tags */
> + if (header.tag == priv->cmd_tag)
> + priv->waiting_rsp_dev = dev_ctx;
> + else if (header.tag == priv->rsp_tag) {
> + /* Check the device context can send the command */
> + if (dev_ctx != priv->cmd_receiver_dev) {
> + dev_err(priv->dev,
> + "%s: Channel not configured to send resp to FW.",
> + dev_ctx->miscdev.name);
> + err = -EPERM;
> + goto exit;
> + }
> + } else {
> + dev_err(priv->dev,
> + "%s: The message does not have a valid TAG\n",
> + dev_ctx->miscdev.name);
> + err = -EINVAL;
> + goto exit;
> + }
> + err = imx_ele_msg_send(priv, tx_msg);
> +exit:
> + return err;
> +}
> +
> +/*
> + * Callback called by mailbox FW, when data is received.
> + */
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> +{
> + struct device *dev = mbox_cl->dev;
> + struct se_if_device_ctx *dev_ctx;
> + struct se_api_msg *rx_msg;
> + bool is_response = false;
> + struct se_if_priv *priv;
> + struct se_msg_hdr header;
> +
> + priv = dev_get_drvdata(dev);
> + if (!priv) {
> + dev_err(dev, "SE-MU Priv data is NULL;");
> + return;
> + }
> +
> + /* The function can be called with NULL msg */
> + if (!msg) {
> + dev_err(dev, "Message is invalid\n");
> + return;
> + }
> +
> + header.tag = ((u8 *)msg)[TAG_OFFSET];
> + header.command = ((u8 *)msg)[CMD_OFFSET];
> + header.size = ((u8 *)msg)[SZ_OFFSET];
> + header.ver = ((u8 *)msg)[VER_OFFSET];
> +
> + /* Incoming command: wake up the receiver if any. */
> + if (header.tag == priv->cmd_tag) {
> + dev_dbg(dev, "Selecting cmd receiver\n");
> + dev_ctx = priv->cmd_receiver_dev;
> + } else if (header.tag == priv->rsp_tag) {
> + if (priv->waiting_rsp_dev) {
> + dev_dbg(dev, "Selecting rsp waiter\n");
> + dev_ctx = priv->waiting_rsp_dev;
> + is_response = true;
> + } else {
> + /*
> + * Reading the EdgeLock Enclave response
> + * to the command, sent by other
> + * linux kernel services.
> + */
> + spin_lock(&priv->lock);
> + memcpy(&priv->rx_msg, msg, header.size << 2);
> +
> + complete(&priv->done);
> + spin_unlock(&priv->lock);
> + return;
> + }
> + } else {
> + dev_err(dev, "Failed to select a device for message: %.8x\n",
> + *((u32 *) &header));
> + return;
> + }
> + /* Init reception */
> + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> + if (rx_msg)
> + memcpy(rx_msg, msg, header.size << 2);
> +
> + dev_ctx->temp_resp = (u32 *)rx_msg;
> + dev_ctx->temp_resp_size = header.size;
> +
> + /* Allow user to read */
> + dev_ctx->pending_hdr = 1;
> + wake_up_interruptible(&dev_ctx->wq);
> +
> + if (is_response)
> + priv->waiting_rsp_dev = NULL;
> +}
> +
> +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> + uint8_t msg_id, uint8_t sz, bool is_base_api)
> +{
> + int ret = -EINVAL;
> + u32 size;
> + u32 cmd;
> + u32 tag;
> + u32 ver;
> +
> + tag = MSG_TAG(header);
> + cmd = MSG_COMMAND(header);
> + size = MSG_SIZE(header);
> + ver = MSG_VER(header);
> +
> + do {
> + if (tag != priv->rsp_tag) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
> + msg_id, tag, priv->rsp_tag);
> + break;
> + }
> +
> + if (cmd != msg_id) {
> + dev_err(priv->dev,
> + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
> + cmd, msg_id);
> + break;
> + }
> +
> + if (size != (sz >> 2)) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
> + msg_id, size, (sz >> 2));
> + break;
> + }
> +
> + if (is_base_api && (ver != priv->base_api_ver)) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x != 0x%x)",
> + msg_id, ver, priv->base_api_ver);
> + break;
> + } else if (!is_base_api && ver != priv->fw_api_ver) {
> + dev_err(priv->dev,
> + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
> + msg_id, ver, priv->fw_api_ver);
> + break;
> + }
> +
> + ret = 0;
> +
> + } while (false);
> +
> + return ret;
> +}
> +
> +int se_save_imem_state(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + int ret;
> +
> + /* EXPORT command will save encrypted IMEM to given address,
> + * so later in resume, IMEM can be restored from the given
> + * address.
> + *
> + * Size must be at least 64 kB.
> + */
> + ret = ele_service_swap(dev,
> + priv->imem.phyaddr,
> + ELE_IMEM_SIZE,
> + ELE_IMEM_EXPORT);
> + if (ret < 0)
> + dev_err(dev, "Failed to export IMEM\n");
> + else
> + dev_info(dev,
> + "Exported %d bytes of encrypted IMEM\n",
> + ret);
> +
> + return ret;
> +}
> +
> +int se_restore_imem_state(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct soc_info s_info;
> + int ret;
> +
> + /* get info from ELE */
> + ret = ele_get_info(dev, &s_info);
> + if (ret) {
> + dev_err(dev, "Failed to get info from ELE.\n");
> + return ret;
> + }
> +
> + /* Get IMEM state, if 0xFE then import IMEM */
> + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> + /* IMPORT command will restore IMEM from the given
> + * address, here size is the actual size returned by ELE
> + * during the export operation
> + */
> + ret = ele_service_swap(dev,
> + priv->imem.phyaddr,
> + priv->imem.size,
> + ELE_IMEM_IMPORT);
> + if (ret) {
> + dev_err(dev, "Failed to import IMEM\n");
> + goto exit;
> + }
> + } else
> + goto exit;
> +
> + /* After importing IMEM, check if IMEM state is equal to 0xCA
> + * to ensure IMEM is fully loaded and
> + * ELE functionality can be used.
> + */
> + ret = ele_get_info(dev, &s_info);
> + if (ret) {
> + dev_err(dev, "Failed to get info from ELE.\n");
> + goto exit;
> + }
> +
> + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> + dev_info(dev, "Successfully restored IMEM\n");
> + else
> + dev_err(dev, "Failed to restore IMEM\n");
> +
> +exit:
> + return ret;
> +}
> diff --git a/drivers/firmware/imx/ele_common.h b/drivers/firmware/imx/ele_common.h
> new file mode 100644
> index 000000000000..6e3a2114bb56
> --- /dev/null
> +++ b/drivers/firmware/imx/ele_common.h
> @@ -0,0 +1,43 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +
> +#ifndef __ELE_COMMON_H__
> +#define __ELE_COMMON_H__
> +
> +#include "se_ctrl.h"
> +
> +#define IMX_ELE_FW_DIR "imx/ele/"
> +
> +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> + void *tx_msg, int tx_msg_sz);
> +int imx_ele_msg_rcv(struct se_if_priv *priv);
> +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> + u8 msg_id, u8 sz, bool is_base_api);
> +
> +/* Fill a command message header with a given command ID and length in bytes. */
> +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> + struct se_msg_hdr *hdr,
> + u8 cmd,
> + u32 len,
> + bool is_base_api)
> +{
> + hdr->tag = priv->cmd_tag;
> + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> + hdr->command = cmd;
> + hdr->size = len >> 2;
> +
> + return 0;
> +}
> +
> +int se_save_imem_state(struct device *dev);
> +int se_restore_imem_state(struct device *dev);
> +
> +#endif /*__ELE_COMMON_H__ */
> diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
> new file mode 100644
> index 000000000000..11c5eaa7353f
> --- /dev/null
> +++ b/drivers/firmware/imx/se_ctrl.c
> @@ -0,0 +1,1339 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#include <linux/completion.h>
> +#include <linux/delay.h>
> +#include <linux/dev_printk.h>
> +#include <linux/dma-mapping.h>
> +#include <linux/errno.h>
> +#include <linux/export.h>
> +#include <linux/firmware.h>
> +#include <linux/firmware/imx/se_api.h>
> +#include <linux/genalloc.h>
> +#include <linux/init.h>
> +#include <linux/io.h>
> +#include <linux/miscdevice.h>
> +#include <linux/mod_devicetable.h>
> +#include <linux/module.h>
> +#include <linux/of_platform.h>
> +#include <linux/of_reserved_mem.h>
> +#include <linux/platform_device.h>
> +#include <linux/slab.h>
> +#include <linux/string.h>
> +#include <linux/sys_soc.h>
> +#include <uapi/linux/se_ioctl.h>
> +
> +#include "ele_base_msg.h"
> +#include "ele_common.h"
> +#include "se_ctrl.h"
> +
> +#define RESERVED_DMA_POOL BIT(1)
> +
> +struct imx_se_node_info {
> + u8 se_if_id;
> + u8 se_if_did;
> + u8 max_dev_ctx;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> + u8 *se_name;
> + u8 *mbox_tx_name;
> + u8 *mbox_rx_name;
> + u8 *pool_name;
> + u8 *fw_name_in_rfs;
> + bool soc_register;
> + bool reserved_dma_ranges;
> + bool imem_mgmt;
> +};
> +
> +struct imx_se_node_info_list {
> + u8 num_mu;
> + u16 soc_id;
> + u16 soc_rev;
> + struct imx_se_node_info info[];
> +};
> +
> +static const struct imx_se_node_info_list imx8ulp_info = {
> + .num_mu = 1,
> + .soc_id = SOC_ID_OF_IMX8ULP,
> + .info = {
> + {
> + .se_if_id = 2,
> + .se_if_did = 7,
> + .max_dev_ctx = 4,
> + .cmd_tag = 0x17,
> + .rsp_tag = 0xe1,
> + .success_tag = 0xd6,
> + .base_api_ver = MESSAGING_VERSION_6,
> + .fw_api_ver = MESSAGING_VERSION_7,
> + .se_name = "hsm1",
> + .mbox_tx_name = "tx",
> + .mbox_rx_name = "rx",
> + .pool_name = "sram",
> + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> + "mx8ulpa2ext-ahab-container.img",
> + .soc_register = true,
> + .reserved_dma_ranges = true,
> + .imem_mgmt = true,
> + },
> + },
> +};
> +
> +static const struct imx_se_node_info_list imx93_info = {
> + .num_mu = 1,
> + .soc_id = SOC_ID_OF_IMX93,
> + .info = {
> + {
> + .se_if_id = 2,
> + .se_if_did = 3,
> + .max_dev_ctx = 4,
> + .cmd_tag = 0x17,
> + .rsp_tag = 0xe1,
> + .success_tag = 0xd6,
> + .base_api_ver = MESSAGING_VERSION_6,
> + .fw_api_ver = MESSAGING_VERSION_7,
> + .se_name = "hsm1",
> + .mbox_tx_name = "tx",
> + .mbox_rx_name = "rx",
> + .reserved_dma_ranges = true,
> + .imem_mgmt = true,
> + .soc_register = true,
> + },
> + },
> +};
> +
> +static const struct of_device_id se_match[] = {
> + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
> + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> + {},
> +};
> +
> +static struct imx_se_node_info
> + *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
> + const u32 idx)
> +{
> + if (idx < 0 || idx > info_list->num_mu)
> + return NULL;
> +
> + return &info_list->info[idx];
> +}
> +
> +void *get_phy_buf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + dma_addr_t *buf,
> + u32 size)
> +{
> + struct device_node *of_node = dev->of_node;
> + struct gen_pool *mem_pool;
> +
> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> + if (!mem_pool) {
> + dev_err(dev,
> + "Unable to get sram pool = %s\n",
> + mem_pool_name);
> + return 0;
> + }
> +
> + return gen_pool_dma_alloc(mem_pool, size, buf);
> +}
> +
> +void free_phybuf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + u32 *buf,
> + u32 size)
> +{
> + struct device_node *of_node = dev->of_node;
> + struct gen_pool *mem_pool;
> +
> + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> + if (!mem_pool)
> + dev_err(dev,
> + "%s: Failed: Unable to get sram pool.\n",
> + __func__);
> +
> + gen_pool_free(mem_pool, (u64)buf, size);
> +}
> +
> +static int imx_fetch_soc_info(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + struct imx_se_node_info_list *info_list;
> + const struct imx_se_node_info *info;
> + struct soc_device_attribute *attr;
> + struct soc_device *sdev;
> + struct soc_info s_info;
> + int err = 0;
> +
> + info = priv->info;
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev->parent);
> + if (info_list->soc_rev)
> + return err;
> +
> + err = ele_get_info(dev, &s_info);
> + if (err)
> + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> +
> + info_list->soc_rev = s_info.soc_rev;
> +
> + if (!info->soc_register)
> + return 0;
> +
> + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> + if (!attr)
> + return -ENOMEM;
> +
> + if (s_info.minor_ver)
> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> + s_info.major_ver,
> + s_info.minor_ver);
> + else
> + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> + s_info.major_ver);
> +
> + switch (s_info.soc_id) {
> + case SOC_ID_OF_IMX8ULP:
> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> + "i.MX8ULP");
> + break;
> + case SOC_ID_OF_IMX93:
> + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> + "i.MX93");
> + break;
> + }
> +
> + err = of_property_read_string(of_root, "model",
> + &attr->machine);
> + if (err) {
> + devm_kfree(dev, attr);
> + return -EINVAL;
> + }
> + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> +
> + attr->serial_number
> + = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
> +
> + sdev = soc_device_register(attr);
> + if (IS_ERR(sdev)) {
> + devm_kfree(dev, attr->soc_id);
> + devm_kfree(dev, attr->serial_number);
> + devm_kfree(dev, attr->revision);
> + devm_kfree(dev, attr->family);
> + devm_kfree(dev, attr->machine);
> + devm_kfree(dev, attr);
> + return PTR_ERR(sdev);
> + }
> +
> + return 0;
> +}
> +
> +/*
> + * File operations for user-space
> + */
> +
> +/* Write a message to the MU. */
> +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + struct se_api_msg *tx_msg __free(kfree);
> + struct se_if_device_ctx *dev_ctx;
> + struct se_if_priv *priv;
> + int err;
> +
> + dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + priv = dev_ctx->priv;
> + dev_dbg(priv->dev,
> + "%s: write from buf (%p)%zu, ppos=%lld\n",
> + dev_ctx->miscdev.name,
> + buf, size, ((ppos) ? *ppos : 0));
> +
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + if (dev_ctx->status != MU_OPENED) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + if (size < SE_MU_HDR_SZ) {
> + dev_err(priv->dev,
> + "%s: User buffer too small(%zu < %d)\n",
> + dev_ctx->miscdev.name,
> + size, SE_MU_HDR_SZ);
> + err = -ENOSPC;
> + goto exit;
> + }
> +
> + tx_msg = memdup_user((void __user *)ppos, size);
> + if (!tx_msg) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Copy data to buffer */
> + if (copy_from_user(tx_msg, buf, size)) {
> + err = -EFAULT;
> + dev_err(priv->dev,
> + "%s: Fail copy message from user\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> + tx_msg, size, false);
> +
> + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/*
> + * Read a message from the MU.
> + * Blocking until a message is available.
> + */
> +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> + size_t size, loff_t *ppos)
> +{
> + struct se_if_device_ctx *dev_ctx;
> + struct se_buf_desc *b_desc;
> + struct se_if_priv *priv;
> + u32 size_to_copy;
> + int err;
> +
> + dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + priv = dev_ctx->priv;
> + dev_dbg(priv->dev,
> + "%s: read to buf %p(%zu), ppos=%lld\n",
> + dev_ctx->miscdev.name,
> + buf, size, ((ppos) ? *ppos : 0));
> +
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + if (dev_ctx->status != MU_OPENED) {
> + err = -EINVAL;
> + goto exit;
> + }
> +
> + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> + if (err)
> + goto exit;
> +
> + /* Buffer containing the message from FW, is
> + * allocated in callback function.
> + * Check if buffer allocation failed.
> + */
> + if (!dev_ctx->temp_resp) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + dev_dbg(priv->dev,
> + "%s: %s %s\n",
> + dev_ctx->miscdev.name,
> + __func__,
> + "message received, start transmit to user");
> +
> + /*
> + * Check that the size passed as argument is larger than
> + * the one carried in the message.
> + */
> + size_to_copy = dev_ctx->temp_resp_size << 2;
> + if (size_to_copy > size) {
> + dev_dbg(priv->dev,
> + "%s: User buffer too small (%zu < %d)\n",
> + dev_ctx->miscdev.name,
> + size, size_to_copy);
> + size_to_copy = size;
> + }
> +
> + /*
> + * We may need to copy the output data to user before
> + * delivering the completion message.
> + */
> + while (!list_empty(&dev_ctx->pending_out)) {
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> +
> + dev_dbg(priv->dev,
> + "%s: Copy output data to user\n",
> + dev_ctx->miscdev.name);
> + if (copy_to_user(b_desc->usr_buf_ptr,
> + b_desc->shared_buf_ptr,
> + b_desc->size)) {
> + dev_err(priv->dev,
> + "%s: Failure copying output data to user.",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> + }
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + kfree(b_desc);
> + }
> +
> + /* Copy data from the buffer */
> + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> + dev_ctx->temp_resp, size_to_copy, false);
> + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> + dev_err(priv->dev,
> + "%s: Failed to copy to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + err = size_to_copy;
> + kfree(dev_ctx->temp_resp);
> +
> + /* free memory allocated on the shared buffers. */
> + dev_ctx->secure_mem.pos = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + dev_ctx->pending_hdr = 0;
> +
> +exit:
> + /*
> + * Clean the used Shared Memory space,
> + * whether its Input Data copied from user buffers, or
> + * Data received from FW.
> + */
> + while (!list_empty(&dev_ctx->pending_in) ||
> + !list_empty(&dev_ctx->pending_out)) {
> + if (!list_empty(&dev_ctx->pending_in))
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> + struct se_buf_desc,
> + link);
> + else
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> +
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + kfree(b_desc);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/* Give access to EdgeLock Enclave, to the memory we want to share */
> +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> + u64 addr, u32 len)
> +{
> + /* Assuming EdgeLock Enclave has access to all the memory regions */
> + int ret = 0;
> +
> + if (ret) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> + if (ret) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Fail set permission for resource\n",
> + dev_ctx->miscdev.name);
> + goto exit;
> + }
> +
> +exit:
> + return ret;
> +}
> +
> +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> + struct imx_se_node_info *if_node_info;
> + struct se_ioctl_get_if_info info;
> + int err = 0;
> +
> + if_node_info = (struct imx_se_node_info *)priv->info;
> +
> + info.se_if_id = if_node_info->se_if_id;
> + info.interrupt_idx = 0;
> + info.tz = 0;
> + info.did = if_node_info->se_if_did;
> + info.cmd_tag = if_node_info->cmd_tag;
> + info.rsp_tag = if_node_info->rsp_tag;
> + info.success_tag = if_node_info->success_tag;
> + info.base_api_ver = if_node_info->base_api_ver;
> + info.fw_api_ver = if_node_info->fw_api_ver;
> +
> + dev_dbg(priv->dev,
> + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> + dev_ctx->miscdev.name,
> + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> +
> + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy mu info to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/*
> + * Copy a buffer of data to/from the user and return the address to use in
> + * messages
> + */
> +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct se_ioctl_setup_iobuf io = {0};
> + struct se_shared_mem *shared_mem;
> + struct se_buf_desc *b_desc;
> + int err = 0;
> + u32 pos;
> +
> + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed copy iobuf config from user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + dev_dbg(dev_ctx->priv->dev,
> + "%s: io [buf: %p(%d) flag: %x]\n",
> + dev_ctx->miscdev.name,
> + io.user_buf, io.length, io.flags);
> +
> + if (io.length == 0 || !io.user_buf) {
> + /*
> + * Accept NULL pointers since some buffers are optional
> + * in FW commands. In this case we should return 0 as
> + * pointer to be embedded into the message.
> + * Skip all data copy part of code below.
> + */
> + io.ele_addr = 0;
> + goto copy;
> + }
> +
> + /* Select the shared memory to be used for this buffer. */
> + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> + /* App requires to use secure memory for this buffer.*/
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed allocate SEC MEM memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + } else {
> + /* No specific requirement for this buffer. */
> + shared_mem = &dev_ctx->non_secure_mem;
> + }
> +
> + /* Check there is enough space in the shared memory. */
> + if (shared_mem->size < shared_mem->pos
> + || io.length >= shared_mem->size - shared_mem->pos) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Not enough space in shared memory\n",
> + dev_ctx->miscdev.name);
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + /* Allocate space in shared memory. 8 bytes aligned. */
> + pos = shared_mem->pos;
> + shared_mem->pos += round_up(io.length, 8u);
> + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> +
> + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> + /*Add base address to get full address.*/
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed allocate SEC MEM memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + memset(shared_mem->ptr + pos, 0, io.length);
> + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> + /*
> + * buffer is input:
> + * copy data from user space to this allocated buffer.
> + */
> + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> + io.length)) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed copy data to shared memory\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> + }
> +
> + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> + if (!b_desc) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> +copy:
> + /* Provide the EdgeLock Enclave address to user space only if success.*/
> + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy iobuff setup to user\n",
> + dev_ctx->miscdev.name);
> + kfree(b_desc);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> + if (b_desc) {
> + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> + b_desc->usr_buf_ptr = io.user_buf;
> + b_desc->size = io.length;
> +
> + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> + /*
> + * buffer is input:
> + * add an entry in the "pending input buffers" list so
> + * that copied data can be cleaned from shared memory
> + * later.
> + */
> + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> + } else {
> + /*
> + * buffer is output:
> + * add an entry in the "pending out buffers" list so data
> + * can be copied to user space when receiving Secure-Enclave
> + * response.
> + */
> + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> + }
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/* IOCTL to provide SoC information */
> +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
> + u64 arg)
> +{
> + struct imx_se_node_info_list *info_list;
> + struct se_ioctl_get_soc_info soc_info;
> + int err = -EINVAL;
> +
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev_ctx->priv->dev->parent);
> + if (!info_list)
> + goto exit;
> +
> + soc_info.soc_id = info_list->soc_id;
> + soc_info.soc_rev = info_list->soc_rev;
> +
> + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> + if (err) {
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to copy soc info to user\n",
> + dev_ctx->miscdev.name);
> + err = -EFAULT;
> + goto exit;
> + }
> +
> +exit:
> + return err;
> +}
> +
> +/* Open a character device. */
> +static int se_if_fops_open(struct inode *nd, struct file *fp)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + int err;
> +
> + /* Avoid race if opened at the same time */
> + if (down_trylock(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + /* Authorize only 1 instance. */
> + if (dev_ctx->status != MU_FREE) {
> + err = -EBUSY;
> + goto exit;
> + }
> +
> + /*
> + * Allocate some memory for data exchanges with S40x.
> + * This will be used for data not requiring secure memory.
> + */
> + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
> + MAX_DATA_SIZE_PER_USER,
> + &dev_ctx->non_secure_mem.dma_addr,
> + GFP_KERNEL);
> + if (!dev_ctx->non_secure_mem.ptr) {
> + err = -ENOMEM;
> + goto exit;
> + }
> +
> + err = se_if_setup_se_mem_access(dev_ctx,
> + dev_ctx->non_secure_mem.dma_addr,
> + MAX_DATA_SIZE_PER_USER);
> + if (err) {
> + err = -EPERM;
> + dev_err(dev_ctx->priv->dev,
> + "%s: Failed to share access to shared memory\n",
> + dev_ctx->miscdev.name);
> + goto free_coherent;
> + }
> +
> + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> + dev_ctx->non_secure_mem.pos = 0;
> + dev_ctx->status = MU_OPENED;
> +
> + dev_ctx->pending_hdr = 0;
> +
> + goto exit;
> +
> +free_coherent:
> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> + dev_ctx->non_secure_mem.ptr,
> + dev_ctx->non_secure_mem.dma_addr);
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return err;
> +}
> +
> +/* Close a character device. */
> +static int se_if_fops_close(struct inode *nd, struct file *fp)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *priv = dev_ctx->priv;
> + struct se_buf_desc *b_desc;
> +
> + /* Avoid race if closed at the same time */
> + if (down_trylock(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + /* The device context has not been opened */
> + if (dev_ctx->status != MU_OPENED)
> + goto exit;
> +
> + /* check if this device was registered as command receiver. */
> + if (priv->cmd_receiver_dev == dev_ctx)
> + priv->cmd_receiver_dev = NULL;
> +
> + /* check if this device was registered as waiting response. */
> + if (priv->waiting_rsp_dev == dev_ctx) {
> + priv->waiting_rsp_dev = NULL;
> + mutex_unlock(&priv->se_if_cmd_lock);
> + }
> +
> + /* Unmap secure memory shared buffer. */
> + if (dev_ctx->secure_mem.ptr)
> + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> +
> + dev_ctx->secure_mem.ptr = NULL;
> + dev_ctx->secure_mem.dma_addr = 0;
> + dev_ctx->secure_mem.size = 0;
> + dev_ctx->secure_mem.pos = 0;
> +
> + /* Free non-secure shared buffer. */
> + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> + dev_ctx->non_secure_mem.ptr,
> + dev_ctx->non_secure_mem.dma_addr);
> +
> + dev_ctx->non_secure_mem.ptr = NULL;
> + dev_ctx->non_secure_mem.dma_addr = 0;
> + dev_ctx->non_secure_mem.size = 0;
> + dev_ctx->non_secure_mem.pos = 0;
> +
> + while (!list_empty(&dev_ctx->pending_in) ||
> + !list_empty(&dev_ctx->pending_out)) {
> + if (!list_empty(&dev_ctx->pending_in))
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> + struct se_buf_desc,
> + link);
> + else
> + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> + struct se_buf_desc,
> + link);
> +
> + if (!b_desc)
> + continue;
> +
> + if (b_desc->shared_buf_ptr)
> + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> +
> + __list_del_entry(&b_desc->link);
> + devm_kfree(dev_ctx->dev, b_desc);
> + }
> +
> + dev_ctx->status = MU_FREE;
> +
> +exit:
> + up(&dev_ctx->fops_lock);
> + return 0;
> +}
> +
> +/* IOCTL entry point of a character device */
> +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> +{
> + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> + struct se_if_device_ctx,
> + miscdev);
> + struct se_if_priv *se_if_priv = dev_ctx->priv;
> + int err = -EINVAL;
> +
> + /* Prevent race during change of device context */
> + if (down_interruptible(&dev_ctx->fops_lock))
> + return -EBUSY;
> +
> + switch (cmd) {
> + case SE_IOCTL_ENABLE_CMD_RCV:
> + if (!se_if_priv->cmd_receiver_dev) {
> + se_if_priv->cmd_receiver_dev = dev_ctx;
> + err = 0;
> + }
> + break;
> + case SE_IOCTL_GET_MU_INFO:
> + err = se_ioctl_get_mu_info(dev_ctx, arg);
> + break;
> + case SE_IOCTL_SETUP_IOBUF:
> + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> + break;
> + case SE_IOCTL_GET_SOC_INFO:
> + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> + break;
> +
> + default:
> + err = -EINVAL;
> + dev_dbg(se_if_priv->dev,
> + "%s: IOCTL %.8x not supported\n",
> + dev_ctx->miscdev.name,
> + cmd);
> + }
> +
> + up(&dev_ctx->fops_lock);
> + return (long)err;
> +}
> +
> +/* Char driver setup */
> +static const struct file_operations se_if_fops = {
> + .open = se_if_fops_open,
> + .owner = THIS_MODULE,
> + .release = se_if_fops_close,
> + .unlocked_ioctl = se_ioctl,
> + .read = se_if_fops_read,
> + .write = se_if_fops_write,
> +};
> +
> +/* interface for managed res to free a mailbox channel */
> +static void if_mbox_free_channel(void *mbox_chan)
> +{
> + mbox_free_channel(mbox_chan);
> +}
> +
> +/* interface for managed res to unregister a character device */
> +static void if_misc_deregister(void *miscdevice)
> +{
> + misc_deregister(miscdevice);
> +}
> +
> +static int se_if_request_channel(struct device *dev,
> + struct mbox_chan **chan,
> + struct mbox_client *cl,
> + const u8 *name)
> +{
> + struct mbox_chan *t_chan;
> + int ret = 0;
> +
> + t_chan = mbox_request_channel_byname(cl, name);
> + if (IS_ERR(t_chan)) {
> + ret = PTR_ERR(t_chan);
> + if (ret != -EPROBE_DEFER)
> + dev_err(dev,
> + "Failed to request chan %s ret %d\n", name,
> + ret);
> + goto exit;
> + }
> +
> + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> + if (ret) {
> + dev_err(dev, "failed to add devm removal of mbox %s\n", name);
> + goto exit;
> + }
> +
> + *chan = t_chan;
> +
> +exit:
> + return ret;
> +}
> +
> +static int se_probe_if_cleanup(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct se_if_priv *priv;
> + int ret = 0;
> + int i;
> +
> + priv = dev_get_drvdata(dev);
> + if (!priv) {
> + ret = 0;
> + dev_dbg(dev, "SE-MU Priv data is NULL;");
> + return ret;
> + }
> +
> + if (priv->tx_chan)
> + mbox_free_channel(priv->tx_chan);
> + if (priv->rx_chan)
> + mbox_free_channel(priv->rx_chan);
> +
> + /* free the buffer in se remove, previously allocated
> + * in se probe to store encrypted IMEM
> + */
> + if (priv->imem.buf) {
> + dmam_free_coherent(dev,
> + ELE_IMEM_SIZE,
> + priv->imem.buf,
> + priv->imem.phyaddr);
> + priv->imem.buf = NULL;
> + }
> +
> + if (priv->ctxs) {
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + if (priv->ctxs[i]) {
> + devm_remove_action(dev,
> + if_misc_deregister,
> + &priv->ctxs[i]->miscdev);
> + misc_deregister(&priv->ctxs[i]->miscdev);
> + devm_kfree(dev, priv->ctxs[i]);
> + }
> + }
> + devm_kfree(dev, priv->ctxs);
> + }
> +
> + if (priv->flags & RESERVED_DMA_POOL) {
> + of_reserved_mem_device_release(dev);
> + priv->flags &= (~RESERVED_DMA_POOL);
> + }
> +
> + devm_kfree(dev, priv);
> + of_node_put(dev->of_node);
> + of_platform_device_destroy(dev, NULL);
> +
> + return ret;
> +}
> +
> +static int se_probe_cleanup(struct platform_device *pdev)
> +{
> + struct device *dev = &pdev->dev;
> + struct device_node *if_dn;
> +
> + /* Enumerate se-interface device nodes. */
> + for_each_child_of_node(dev->of_node, if_dn) {
> + struct platform_device *if_pdev
> + = of_find_device_by_node(if_dn);
> + if (se_probe_if_cleanup(if_pdev))
> + dev_err(dev,
> + "Failed to clean-up child node probe.\n");
> + }
> +
> + return 0;
> +}
> +
> +static int init_device_context(struct device *dev)
> +{
> + const struct imx_se_node_info *info;
> + struct se_if_device_ctx *dev_ctx;
> + struct se_if_priv *priv;
> + u8 *devname;
> + int ret = 0;
> + int i;
> +
> + priv = dev_get_drvdata(dev);
> +
> + if (!priv) {
> + ret = -EINVAL;
> + dev_err(dev, "Invalid SE-MU Priv data");
> + return ret;
> + }
> + info = priv->info;
> +
> + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> + GFP_KERNEL);
> +
> + if (!priv->ctxs) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + /* Create users */
> + for (i = 0; i < priv->max_dev_ctx; i++) {
> + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> + if (!dev_ctx) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->dev = dev;
> + dev_ctx->status = MU_FREE;
> + dev_ctx->priv = priv;
> +
> + priv->ctxs[i] = dev_ctx;
> +
> + /* Default value invalid for an header. */
> + init_waitqueue_head(&dev_ctx->wq);
> +
> + INIT_LIST_HEAD(&dev_ctx->pending_out);
> + INIT_LIST_HEAD(&dev_ctx->pending_in);
> + sema_init(&dev_ctx->fops_lock, 1);
> +
> + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> + info->se_name, i);
> + if (!devname) {
> + ret = -ENOMEM;
> + return ret;
> + }
> +
> + dev_ctx->miscdev.name = devname;
> + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> + dev_ctx->miscdev.fops = &se_if_fops;
> + dev_ctx->miscdev.parent = dev;
> + ret = misc_register(&dev_ctx->miscdev);
> + if (ret) {
> + dev_err(dev, "failed to register misc device %d\n",
> + ret);
> + return ret;
> + }
> +
> + ret = devm_add_action(dev, if_misc_deregister,
> + &dev_ctx->miscdev);
> + if (ret) {
> + dev_err(dev,
> + "failed[%d] to add action to the misc-dev\n",
> + ret);
> + return ret;
> + }
> + }
> +
> + return ret;
> +}
> +
> +static void se_load_firmware(const struct firmware *fw, void *context)
> +{
> + struct se_if_priv *priv = (struct se_if_priv *) context;
> + const struct imx_se_node_info *info = priv->info;
> + const u8 *se_fw_name = info->fw_name_in_rfs;
> + phys_addr_t se_fw_phyaddr;
> + u8 *se_fw_buf;
> +
> + if (!fw) {
> + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> + dev_dbg(priv->dev,
> + "External FW not found, using ROM FW.\n");
> + else {
> + /*add a bit delay to wait for firmware priv released */
> + msleep(20);
> +
> + /* Load firmware one more time if timeout */
> + request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT, info->fw_name_in_rfs,
> + priv->dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + priv->fw_fail++;
> + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> + priv->fw_fail);
> + }
> +
> + return;
> + }
> +
> + /* allocate buffer to store the SE FW */
> + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> + &se_fw_phyaddr,
> + GFP_KERNEL);
> + if (!se_fw_buf) {
> + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> + goto exit;
> + }
> +
> + memcpy(se_fw_buf, fw->data, fw->size);
> +
> + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> + dev_err(priv->dev,
> + "Failed to authenticate & load SE firmware %s.\n",
> + se_fw_name);
> +
> +exit:
> + dmam_free_coherent(priv->dev,
> + fw->size,
> + se_fw_buf,
> + se_fw_phyaddr);
> +
> + release_firmware(fw);
> +}
> +
> +static int se_if_probe(struct platform_device *pdev)
> +{
> + struct imx_se_node_info_list *info_list;
> + struct device *dev = &pdev->dev;
> + struct imx_se_node_info *info;
> + struct se_if_priv *priv;
> + u32 idx;
> + int ret;
> +
> + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> + ret = -EINVAL;
> + goto exit;
> + }
> +
> + info_list = (struct imx_se_node_info_list *)
> + device_get_match_data(dev->parent);
> + info = get_imx_se_node_info(info_list, idx);
> +
> + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> + if (!priv) {
> + ret = -ENOMEM;
> + goto exit;
> + }
> +
> + dev_set_drvdata(dev, priv);
> +
> + /* Mailbox client configuration */
> + priv->se_mb_cl.dev = dev;
> + priv->se_mb_cl.tx_block = false;
> + priv->se_mb_cl.knows_txdone = true;
> + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> +
> + ret = se_if_request_channel(dev, &priv->tx_chan,
> + &priv->se_mb_cl, info->mbox_tx_name);
> + if (ret) {
> + if (ret == -EPROBE_DEFER)
> + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> + else
> + dev_err(dev, "Failed to request tx channel\n");
> +
> + goto exit;
> + }
> +
> + ret = se_if_request_channel(dev, &priv->rx_chan,
> + &priv->se_mb_cl, info->mbox_rx_name);
> + if (ret) {
> + if (ret == -EPROBE_DEFER)
> + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> + else
> + dev_dbg(dev, "Failed to request rx channel\n");
> +
> + goto exit;
> + }
> +
> + priv->dev = dev;
> + priv->info = info;
> +
> + /* Initialize the mutex. */
> + mutex_init(&priv->se_if_lock);
> + mutex_init(&priv->se_if_cmd_lock);
> +
> + priv->cmd_receiver_dev = NULL;
> + priv->waiting_rsp_dev = NULL;
> + priv->max_dev_ctx = info->max_dev_ctx;
> + priv->cmd_tag = info->cmd_tag;
> + priv->rsp_tag = info->rsp_tag;
> + priv->mem_pool_name = info->pool_name;
> + priv->success_tag = info->success_tag;
> + priv->base_api_ver = info->base_api_ver;
> + priv->fw_api_ver = info->fw_api_ver;
> +
> + init_completion(&priv->done);
> + spin_lock_init(&priv->lock);
> +
> + if (info->reserved_dma_ranges) {
> + ret = of_reserved_mem_device_init(dev);
> + if (ret) {
> + dev_err(dev,
> + "failed to init reserved memory region %d\n",
> + ret);
> + priv->flags &= (~RESERVED_DMA_POOL);
> + goto exit;
> + }
> + priv->flags |= RESERVED_DMA_POOL;
> + }
> +
> + if (info->fw_name_in_rfs) {
> + ret = request_firmware_nowait(THIS_MODULE,
> + FW_ACTION_UEVENT,
> + info->fw_name_in_rfs,
> + dev, GFP_KERNEL, priv,
> + se_load_firmware);
> + if (ret)
> + dev_warn(dev, "Failed to get firmware [%s].\n",
> + info->fw_name_in_rfs);
> + }
> +
> + ret = imx_fetch_soc_info(dev);
> + if (ret) {
> + dev_err(dev,
> + "failed[%d] to fetch SoC Info\n", ret);
> + goto exit;
> + }
> +
> + if (info->imem_mgmt) {
> + /* allocate buffer where SE store encrypted IMEM */
> + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
> + &priv->imem.phyaddr,
> + GFP_KERNEL);
> + if (!priv->imem.buf) {
> + dev_err(dev,
> + "dmam-alloc-failed: To store encr-IMEM.\n");
> + ret = -ENOMEM;
> + goto exit;
> + }
> + }
> +
> + if (info->max_dev_ctx) {
> + ret = init_device_context(dev);
> + if (ret) {
> + dev_err(dev,
> + "Failed[0x%x] to create device contexts.\n",
> + ret);
> + goto exit;
> + }
> + }
> +
> + dev_info(dev, "i.MX secure-enclave: %s interface to firmware, configured.\n",
> + info->se_name);
> + return devm_of_platform_populate(dev);
> +
> +exit:
> + /* if execution control reaches here, if probe fails.
> + * hence doing the cleanup
> + */
> + if (se_probe_if_cleanup(pdev))
> + dev_err(dev,
> + "Failed to clean-up the child node probe.\n");
> +
> + return ret;
> +}
> +
> +static int se_probe(struct platform_device *pdev)
> +{
> + struct device_node *enum_dev_node;
> + struct device *dev = &pdev->dev;
> + int enum_count;
> + int ret;
> +
> + enum_count = of_get_child_count(dev->of_node);
> + if (!enum_count) {
> + ret = -EINVAL;
> + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> + return ret;
> + }
> +
> + for_each_child_of_node(dev->of_node, enum_dev_node) {
> + struct platform_device *enum_plat_dev __maybe_unused;
> +
> + if (!of_device_is_available(enum_dev_node))
> + continue;
> +
> + enum_plat_dev = of_platform_device_create(enum_dev_node,
> + NULL,
> + dev);
> + if (!enum_plat_dev) {
> + ret = -EINVAL;
> + of_node_put(enum_dev_node);
> + dev_err(dev,
> + "Failed to create enumerated platform device.");
> + break;
> + }
> +
> + ret = se_if_probe(enum_plat_dev);
> + }
> + return ret;
> +}
> +
> +static int se_remove(struct platform_device *pdev)
> +{
> + if (se_probe_cleanup(pdev))
> + dev_err(&pdev->dev,
> + "i.MX Secure Enclave is not cleanly un-probed.");
> +
> + return 0;
> +}
> +
> +static int se_suspend(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + const struct imx_se_node_info *info
> + = priv->info;
> +
> + if (info && info->imem_mgmt)
> + priv->imem.size = se_save_imem_state(dev);
> +
> + return 0;
> +}
> +
> +static int se_resume(struct device *dev)
> +{
> + struct se_if_priv *priv = dev_get_drvdata(dev);
> + const struct imx_se_node_info *info
> + = priv->info;
> + int i;
> +
> + for (i = 0; i < priv->max_dev_ctx; i++)
> + wake_up_interruptible(&priv->ctxs[i]->wq);
> +
> + if (info && info->imem_mgmt)
> + se_restore_imem_state(dev);
> +
> + return 0;
> +}
> +
> +static const struct dev_pm_ops se_pm = {
> + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> +};
> +
> +static struct platform_driver se_driver = {
> + .driver = {
> + .name = "fsl-se-fw",
> + .of_match_table = se_match,
> + .pm = &se_pm,
> + },
> + .probe = se_probe,
> + .remove = se_remove,
> +};
> +MODULE_DEVICE_TABLE(of, se_match);
> +
> +module_platform_driver(se_driver);
> +
> +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> +MODULE_LICENSE("GPL");
> diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
> new file mode 100644
> index 000000000000..76e1ce77c52f
> --- /dev/null
> +++ b/drivers/firmware/imx/se_ctrl.h
> @@ -0,0 +1,151 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef SE_MU_H
> +#define SE_MU_H
> +
> +#include <linux/miscdevice.h>
> +#include <linux/semaphore.h>
> +#include <linux/mailbox_client.h>
> +
> +#define MAX_FW_LOAD_RETRIES 50
> +
> +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> +#define MSG_VER(x) ((x) & 0x000000ff)
> +#define RES_STATUS(x) ((x) & 0x000000ff)
> +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> +#define S4_DEFAULT_MUAP_INDEX (2)
> +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> +#define MESSAGING_VERSION_6 0x6
> +#define MESSAGING_VERSION_7 0x7
> +
> +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> +
> +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> +
> +struct se_imem_buf {
> + u8 *buf;
> + phys_addr_t phyaddr;
> + u32 size;
> +};
> +
> +struct se_buf_desc {
> + u8 *shared_buf_ptr;
> + u8 *usr_buf_ptr;
> + u32 size;
> + struct list_head link;
> +};
> +
> +/* Status of a char device */
> +enum se_if_dev_ctx_status_t {
> + MU_FREE,
> + MU_OPENED
> +};
> +
> +struct se_shared_mem {
> + dma_addr_t dma_addr;
> + u32 size;
> + u32 pos;
> + u8 *ptr;
> +};
> +
> +/* Private struct for each char device instance. */
> +struct se_if_device_ctx {
> + struct device *dev;
> + struct se_if_priv *priv;
> + struct miscdevice miscdev;
> +
> + enum se_if_dev_ctx_status_t status;
> + wait_queue_head_t wq;
> + struct semaphore fops_lock;
> +
> + u32 pending_hdr;
> + struct list_head pending_in;
> + struct list_head pending_out;
> +
> + struct se_shared_mem secure_mem;
> + struct se_shared_mem non_secure_mem;
> +
> + u32 *temp_resp;
> + u32 temp_resp_size;
> + struct notifier_block se_notify;
> +};
> +
> +/* Header of the messages exchange with the EdgeLock Enclave */
> +struct se_msg_hdr {
> + u8 ver;
> + u8 size;
> + u8 command;
> + u8 tag;
> +} __packed;
> +
> +#define SE_MU_HDR_SZ 4
> +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> +
> +struct se_api_msg {
> + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> + u32 *data;
> +};
> +
> +struct se_if_priv {
> + struct se_if_device_ctx *cmd_receiver_dev;
> + struct se_if_device_ctx *waiting_rsp_dev;
> + bool no_dev_ctx_used;
> + /*
> + * prevent parallel access to the se interface registers
> + * e.g. a user trying to send a command while the other one is
> + * sending a response.
> + */
> + struct mutex se_if_lock;
> + /*
> + * prevent a command to be sent on the se interface while another one is
> + * still processing. (response to a command is allowed)
> + */
> + struct mutex se_if_cmd_lock;
> + struct device *dev;
> + u8 *mem_pool_name;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> + u32 fw_fail;
> + const void *info;
> +
> + struct mbox_client se_mb_cl;
> + struct mbox_chan *tx_chan, *rx_chan;
> + struct se_api_msg *rx_msg;
> + struct completion done;
> + spinlock_t lock;
> + /*
> + * Flag to retain the state of initialization done at
> + * the time of se-mu probe.
> + */
> + uint32_t flags;
> + u8 max_dev_ctx;
> + struct se_if_device_ctx **ctxs;
> + struct se_imem_buf imem;
> +};
> +
> +void *get_phy_buf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + dma_addr_t *buf,
> + u32 size);
> +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> + u8 *mem_pool_name,
> + u32 **buf,
> + u32 size);
> +void free_phybuf_mem_pool(struct device *dev,
> + u8 *mem_pool_name,
> + u32 *buf,
> + u32 size);
> +#endif
> diff --git a/include/linux/firmware/imx/se_api.h b/include/linux/firmware/imx/se_api.h
> new file mode 100644
> index 000000000000..c47f84906837
> --- /dev/null
> +++ b/include/linux/firmware/imx/se_api.h
> @@ -0,0 +1,14 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef __SE_API_H__
> +#define __SE_API_H__
> +
> +#include <linux/types.h>
> +
> +#define SOC_ID_OF_IMX8ULP 0x084D
> +#define SOC_ID_OF_IMX93 0x9300
> +
> +#endif /* __SE_API_H__ */
> diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> new file mode 100644
> index 000000000000..f68a36e9da2c
> --- /dev/null
> +++ b/include/uapi/linux/se_ioctl.h
> @@ -0,0 +1,88 @@
> +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause*/
> +/*
> + * Copyright 2024 NXP
> + */
> +
> +#ifndef SE_IOCTL_H
> +#define SE_IOCTL_H
> +
> +/* IOCTL definitions. */
> +
> +struct se_ioctl_setup_iobuf {
> + u8 *user_buf;
> + u32 length;
> + u32 flags;
> + u64 ele_addr;
> +};
> +
> +struct se_ioctl_shared_mem_cfg {
> + u32 base_offset;
> + u32 size;
> +};
> +
> +struct se_ioctl_get_if_info {
> + u8 se_if_id;
> + u8 interrupt_idx;
> + u8 tz;
> + u8 did;
> + u8 cmd_tag;
> + u8 rsp_tag;
> + u8 success_tag;
> + u8 base_api_ver;
> + u8 fw_api_ver;
> +};
> +
> +struct se_ioctl_signed_message {
> + u8 *message;
> + u32 msg_size;
> + u32 error_code;
> +};
> +
> +struct se_ioctl_get_soc_info {
> + u16 soc_id;
> + u16 soc_rev;
> +};
> +
> +/* IO Buffer Flags */
> +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> +
> +/* IOCTLS */
> +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> +
> +/*
> + * ioctl to designated the current fd as logical-reciever.
> + * This is ioctl is send when the nvm-daemon, a slave to the
> + * firmware is started by the user.
> + */
> +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> +
> +/*
> + * ioctl to get the buffer allocated from the memory, which is shared
> + * between kernel and FW.
> + * Post allocation, the kernel tagged the allocated memory with:
> + * Output
> + * Input
> + * Input-Output
> + * Short address
> + * Secure-memory
> + */
> +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> + struct se_ioctl_setup_iobuf)
> +
> +/*
> + * ioctl to get the mu information, that is used to exchange message
> + * with FW, from user-spaced.
> + */
> +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> + struct se_ioctl_get_if_info)
> +/*
> + * ioctl to get SoC Info from user-space.
> + */
> +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> + struct se_ioctl_get_soc_info)
> +
> +#endif
>


2024-05-16 04:52:45

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Amit Singh Tomar <[email protected]>
> Sent: Thursday, May 16, 2024 10:18 AM
> To: Pankaj Gupta <[email protected]>; Jonathan Corbet
> <[email protected]>; Rob Herring <[email protected]>; Krzysztof Kozlowski
> <[email protected]>; Conor Dooley <[email protected]>;
> Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>
> Cc: [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: [EXT] [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock
> Enclave
>
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report
> this email' button
>
>
> > ----------------------------------------------------------------------
> > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> > are embedded in the SoC to support the features like HSM, SHE & V2X,
> > using message based communication interface.
> >
> > The secure enclave FW communicates on a dedicated messaging unit(MU)
> > based interface(s) with application core, where kernel is running.
> > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
> >
> > This patch adds the driver for communication interface to secure-enclave,
> > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
> Enclave,
> > both from:
> > - User-Space Applications via character driver.
> > - Kernel-space, used by kernel management layers like DM-Crypt.
> >
> > ABI documentation for the NXP secure-enclave driver.
> >
> > User-space library using this driver:
> > - i.MX Secure Enclave library:
> > -- URL:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3
> DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DlRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JK
> Gr_OrCPlpaat%26s%3DGFFpXM8z8-
> pliprvP1Xs1NsiJ8yEvE9xFQuUIGLYoe8%26e%3D&data=05%7C02%7Cpankaj.g
> upta%40nxp.com%7C416c8e43e7a2481741e008dc75636b25%7C686ea1d3b
> c2b4c6fa92cd99c5c301635%7C0%7C0%7C638514317087244086%7CUnkno
> wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
> aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5j5163PSPSKmQo%2BkFfD
> Rio%2Fleez0beSeLcppLrStC0Q%3D&reserved=0 ,
> > - i.MX Secure Middle-Ware:
> > -- URL:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-
> 2Dsmw.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3DV
> _GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DlRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JK
> Gr_OrCPlpaat%26s%3DaCsO_lLG71KPvjVgXlx9Ly0Ed05XnSUJ4z-
> xxqxSze8%26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C416c8e
> 43e7a2481741e008dc75636b25%7C686ea1d3bc2b4c6fa92cd99c5c301635%
> 7C0%7C0%7C638514317087252827%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0
> %7C%7C%7C&sdata=u6WyD94p8RRYMBUy6gsv0flZTTnz8LCkc0XbTU6FTt8%
> 3D&reserved=0
> >
> > Signed-off-by: Pankaj Gupta <[email protected]>
> > ---
> > Documentation/ABI/testing/se-cdev | 42 ++
> > drivers/firmware/imx/Kconfig | 12 +
> > drivers/firmware/imx/Makefile | 2 +
> > drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> > drivers/firmware/imx/ele_base_msg.h | 70 ++
> > drivers/firmware/imx/ele_common.c | 341 +++++++++
> > drivers/firmware/imx/ele_common.h | 43 ++
> > drivers/firmware/imx/se_ctrl.c | 1339
> +++++++++++++++++++++++++++++++++++
> > drivers/firmware/imx/se_ctrl.h | 151 ++++
> > include/linux/firmware/imx/se_api.h | 14 +
> > include/uapi/linux/se_ioctl.h | 88 +++
> > 11 files changed, 2389 insertions(+)
> >
> > diff --git a/Documentation/ABI/testing/se-cdev
> b/Documentation/ABI/testing/se-cdev
> > new file mode 100644
> > index 000000000000..699525af6b86
> > --- /dev/null
> > +++ b/Documentation/ABI/testing/se-cdev
> > @@ -0,0 +1,42 @@
> > +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> > +Date: May 2024
> > +KernelVersion: 6.8
> > +Contact: [email protected], [email protected]
> > +Description:
> > + NXP offers multiple hardware IP(s) for secure-enclaves like
> EdgeLock-
> > + Enclave(ELE), SECO. The character device file-descriptors
> > + /dev/<se>_mu*_ch* are the interface between user-space NXP's
> secure-
> > + enclave shared-library and the kernel driver.
> > +
> > + The ioctl(2)-based ABI is defined and documented in
> > + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> > + ioctl(s) are used primarily for:
> > + - shared memory management
> > + - allocation of I/O buffers
> > + - get mu info
> > + - setting a dev-ctx as receiver that is slave to fw
> > + - get SoC info
> > +
> > + The following file operations are supported:
> > +
> > + open(2)
> > + Currently the only useful flags are O_RDWR.
> > +
> > + read(2)
> > + Every read() from the opened character device context is waiting
> on
> > + wakeup_intruptible, that gets set by the registered mailbox
> callback
> > + function; indicating a message received from the firmware on
> message-
> > + unit.
> > +
> > + write(2)
> > + Every write() to the opened character device context needs to
> acquire
> > + mailbox_lock, before sending message on to the message unit.
> > +
> > + close(2)
> > + Stops and free up the I/O contexts that was associated
> > + with the file descriptor.
> > +
> > +Users:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-2Dsecure-
> 2Denclave.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3
> DV_GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DlRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JK
> Gr_OrCPlpaat%26s%3DGFFpXM8z8-
> pliprvP1Xs1NsiJ8yEvE9xFQuUIGLYoe8%26e%3D&data=05%7C02%7Cpankaj.g
> upta%40nxp.com%7C416c8e43e7a2481741e008dc75636b25%7C686ea1d3b
> c2b4c6fa92cd99c5c301635%7C0%7C0%7C638514317087258839%7CUnkno
> wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
> aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Ca5NSJ0QWvGQHdJ3xvtg
> BQKOY1Whgs0HqonsnCdZuQ4%3D&reserved=0 ,
> > +
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefe
> nse.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__github.com_nxp-
> 2Dimx_imx-
> 2Dsmw.git%26d%3DDwICAg%26c%3DnKjWec2b6R0mOyPaz7xtfQ%26r%3DV
> _GK7jRuCHDErm6txmgDK1-MbUihtnSQ3gPgB-A-
> JKU%26m%3DlRJFNDYT5J3dZTYPCtbQrN6ho5BaZc62rCnOKShFGK0aosnXA0JK
> Gr_OrCPlpaat%26s%3DaCsO_lLG71KPvjVgXlx9Ly0Ed05XnSUJ4z-
> xxqxSze8%26e%3D&data=05%7C02%7Cpankaj.gupta%40nxp.com%7C416c8e
> 43e7a2481741e008dc75636b25%7C686ea1d3bc2b4c6fa92cd99c5c301635%
> 7C0%7C0%7C638514317087264038%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0
> %7C%7C%7C&sdata=UGEFyRkAnlyWjATv3w6r%2Fy%2B1CXL2fGDMBk3jCL%2
> F%2BGNg%3D&reserved=0
> > + crypto/skcipher,
> > + drivers/nvmem/imx-ocotp-ele.c
> > diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> > index 183613f82a11..56bdca9bd917 100644
> > --- a/drivers/firmware/imx/Kconfig
> > +++ b/drivers/firmware/imx/Kconfig
> > @@ -22,3 +22,15 @@ config IMX_SCU
> >
> > This driver manages the IPC interface between host CPU and the
> > SCU firmware running on M4.
> > +
> > +config IMX_SEC_ENCLAVE
> > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware
> driver."
> > + depends on IMX_MBOX && ARCH_MXC && ARM64
> > + default m if ARCH_MXC
> > +
> > + help
> > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP
> called:
> > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> > + like base, HSM, V2X & SHE using the SAB protocol via the shared
> Messaging
> > + Unit. This driver exposes these interfaces via a set of file descriptors
> > + allowing to configure shared memory, send and receive messages.
> > diff --git a/drivers/firmware/imx/Makefile
> b/drivers/firmware/imx/Makefile
> > index 8f9f04a513a8..aa9033e0e9e3 100644
> > --- a/drivers/firmware/imx/Makefile
> > +++ b/drivers/firmware/imx/Makefile
> > @@ -1,3 +1,5 @@
> > # SPDX-License-Identifier: GPL-2.0
> > obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irqo rm.o
> imx-scu-soc.o
> > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> > diff --git a/drivers/firmware/imx/ele_base_msg.c
> b/drivers/firmware/imx/ele_base_msg.c
> > new file mode 100644
> > index 000000000000..0463f26d93c7
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.c
> > @@ -0,0 +1,287 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/types.h>
> > +#include <linux/completion.h>
> > +#include <linux/dma-mapping.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + phys_addr_t get_info_addr;
> > + u32 *get_info_data;
> > + u32 status;
> > + int ret;
> > +
> > + if (!priv || !s_info)
> > + goto exit;
> > +
> > + memset(s_info, 0x0, sizeof(*s_info));
> > +
> > + if (priv->mem_pool_name)
> > + get_info_data = get_phy_buf_mem_pool(dev,
> > + priv->mem_pool_name,
> > + &get_info_addr,
> > + ELE_GET_INFO_BUFF_SZ);
> > + else
> > + get_info_data = dmam_alloc_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + &get_info_addr,
> > + GFP_KERNEL);
> > + if (!get_info_data) {
> > + ret = -ENOMEM;
> > + dev_err(dev,
> > + "%s: Failed to allocate get_info_addr.\n",
> > + __func__);
> > + goto exit;
> > + }
> > +
> > + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = upper_32_bits(get_info_addr);
> > + tx_msg->data[1] = lower_32_bits(get_info_addr);
> > + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_GET_INFO_REQ, status);
> > + ret = -1;
> > + }
> > +
> > + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> > + & ELE_IMEM_STATE_MASK) >> 16;
> > + s_info->major_ver =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 24;
> > + s_info->minor_ver =
> ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16) & 0xFF;
> > + s_info->soc_rev =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16;
> > + s_info->soc_id = get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_ID_MASK;
> > + s_info->serial_num
> > + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF] <<
> 32
> > + | get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
> > +exit:
> > + if (get_info_addr) {
> > + if (priv->mem_pool_name)
> > + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> > + get_info_data, ELE_GET_INFO_BUFF_SZ);
> > + else
> > + dmam_free_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + get_info_data,
> > + get_info_addr);
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +int ele_ping(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_PING_REQ, ELE_PING_REQ_SZ,
> > + true);
> > + if (ret) {
> > + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> > + goto exit;
> > + }
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_PING_REQ,
> > + ELE_PING_RSP_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_PING_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > + return ret;
> > +}
> > +
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2,
> GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = flag;
> > + tx_msg->data[1] = addr_size;
> > + tx_msg->data[2] = ELE_NONE_VAL;
> > + tx_msg->data[3] = lower_32_bits(addr);
> > + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> > + ELE_SERVICE_SWAP_REQ_MSG_SZ);
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_SERVICE_SWAP_REQ, status);
> > + ret = -1;
> > + } else {
> > + if (flag == ELE_IMEM_EXPORT)
> > + ret = priv->rx_msg->data[1];
> > + else
> > + ret = 0;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > +
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_REQ_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = addr;
> > + tx_msg->data[1] = 0x0;
> > + tx_msg->data[2] = addr;
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_FW_AUTH_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > diff --git a/drivers/firmware/imx/ele_base_msg.h
> b/drivers/firmware/imx/ele_base_msg.h
> > new file mode 100644
> > index 000000000000..3b3d2bf04a84
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.h
> > @@ -0,0 +1,70 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + *
> > + * Header file for the EdgeLock Enclave Base API(s).
> > + */
> > +
> > +#ifndef ELE_BASE_MSG_H
> > +#define ELE_BASE_MSG_H
> > +
> > +#include <linux/device.h>
> > +#include <linux/types.h>
> > +
> > +#define WORD_SZ 4
> > +#define ELE_NONE_VAL 0x0
> > +
> > +#define ELE_SUCCESS_IND 0xD6
> > +
> > +#define ELE_GET_INFO_REQ 0xDA
> > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> > +
> > +#define ELE_GET_INFO_BUFF_SZ 0x100
> > +#define ELE_GET_INFO_READ_SZ 0xA0
> > +
> > +#define DEFAULT_IMX_SOC_VER 0xA0
> > +#define SOC_VER_MASK 0xFFFF0000
> > +#define SOC_ID_MASK 0x0000FFFF
> > +struct soc_info {
> > + u32 imem_state;
> > + u8 major_ver;
> > + u8 minor_ver;
> > + u16 soc_id;
> > + u16 soc_rev;
> > + u64 serial_num;
> > +};
> > +
> > +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> > +#define GET_INFO_UUID_WORD_OFFSET 3
> > +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> > + (GET_INFO_UUID_WORD_OFFSET + 3)
> > +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> > + (GET_INFO_UUID_WORD_OFFSET + 0)
> > +
> > +#define ELE_PING_REQ 0x01
> > +#define ELE_PING_REQ_SZ 0x04
> > +#define ELE_PING_RSP_SZ 0x08
> > +
> > +#define ELE_SERVICE_SWAP_REQ 0xDF
> > +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> > +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> > +#define ELE_IMEM_SIZE 0x10000
> > +#define ELE_IMEM_STATE_OK 0xCA
> > +#define ELE_IMEM_STATE_BAD 0xFE
> > +#define ELE_IMEM_STATE_WORD 0x27
> > +#define ELE_IMEM_STATE_MASK 0x00ff0000
> > +#define ELE_IMEM_EXPORT 0x1
> > +#define ELE_IMEM_IMPORT 0x2
> > +
> > +#define ELE_FW_AUTH_REQ 0x02
> > +#define ELE_FW_AUTH_REQ_SZ 0x10
> > +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info);
> > +int ele_ping(struct device *dev);
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag);
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> > +#endif
> > diff --git a/drivers/firmware/imx/ele_common.c
> b/drivers/firmware/imx/ele_common.c
> > new file mode 100644
> > index 000000000000..dcf7f9034653
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_common.c
> > @@ -0,0 +1,341 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> > +{
> > + u32 nb_words = msg_len / (u32)sizeof(u32);
> > + u32 crc = 0;
> > + u32 i;
> > +
> > + for (i = 0; i < nb_words - 1; i++)
> > + crc ^= *(msg + i);
> > +
> > + return crc;
> > +}
> > +
> > +int imx_ele_msg_rcv(struct se_if_priv *priv)
> > +{
> > + u32 wait;
> > + int err;
> > +
> > + wait = msecs_to_jiffies(1000);
> > + if (!wait_for_completion_timeout(&priv->done, wait)) {
> > + dev_err(priv->dev,
> > + "Error: wait_for_completion timed out.\n");
> > + err = -ETIMEDOUT;
> > + }
> > +
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + priv->no_dev_ctx_used = false;
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> > +{
> > + bool is_cmd_lock_tobe_taken = false;
> > + int err;
> > +
> > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > + is_cmd_lock_tobe_taken = true;
> > + mutex_lock(&priv->se_if_cmd_lock);
> > + }
> > + scoped_guard(mutex, &priv->se_if_lock);
> > +
> > + err = mbox_send_message(priv->tx_chan, mssg);
> > + if (err < 0) {
> > + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> > + if (is_cmd_lock_tobe_taken)
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + return err;
> > + }
> > + err = 0;
>
> It looks odd, you can simply return 0 in the following statement.
Accepted. Already corrected for v2.

>
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> > +{
> > + int err;
> > +
> > + priv->no_dev_ctx_used = true;
> > + err = imx_ele_msg_send(priv, mssg);
> > + if (err)
> > + goto exit;
> > +
> > + err = imx_ele_msg_rcv(priv);
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> > +{
> > + struct se_msg_hdr header = {0};
> > + int err;
> > +
> > + err = wait_event_interruptible(dev_ctx->wq, dev_ctx->pending_hdr !=
> 0);
> > + if (err)
> > + dev_err(dev_ctx->dev,
> > + "%s: Err[0x%x]:Interrupted by signal.\n",
> > + dev_ctx->miscdev.name, err);
> > +
> > + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> > +
> > + if (header.tag == dev_ctx->priv->rsp_tag)
> > + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz)
> > +{
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_msg_hdr header = {0};
> > + int err;
> > +
> > + header = *((struct se_msg_hdr *) tx_msg);
> > +
> > + /*
> > + * Check that the size passed as argument matches the size
> > + * carried in the message.
> > + */
> > + err = header.size << 2;
> > +
> > + if (err != tx_msg_sz) {
> > + err = -EINVAL;
> > + dev_err(priv->dev,
> > + "%s: User buffer too small\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > + /* Check the message is valid according to tags */
> > + if (header.tag == priv->cmd_tag)
> > + priv->waiting_rsp_dev = dev_ctx;
> > + else if (header.tag == priv->rsp_tag) {
> > + /* Check the device context can send the command */
> > + if (dev_ctx != priv->cmd_receiver_dev) {
> > + dev_err(priv->dev,
> > + "%s: Channel not configured to send resp to FW.",
> > + dev_ctx->miscdev.name);
> > + err = -EPERM;
> > + goto exit;
> > + }
> > + } else {
> > + dev_err(priv->dev,
> > + "%s: The message does not have a valid TAG\n",
> > + dev_ctx->miscdev.name);
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > + err = imx_ele_msg_send(priv, tx_msg);
> > +exit:
> > + return err;
> > +}
> > +
> > +/*
> > + * Callback called by mailbox FW, when data is received.
> > + */
> > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> > +{
> > + struct device *dev = mbox_cl->dev;
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_api_msg *rx_msg;
> > + bool is_response = false;
> > + struct se_if_priv *priv;
> > + struct se_msg_hdr header;
> > +
> > + priv = dev_get_drvdata(dev);
> > + if (!priv) {
> > + dev_err(dev, "SE-MU Priv data is NULL;");
> > + return;
> > + }
> > +
> > + /* The function can be called with NULL msg */
> > + if (!msg) {
> > + dev_err(dev, "Message is invalid\n");
> > + return;
> > + }
> > +
> > + header.tag = ((u8 *)msg)[TAG_OFFSET];
> > + header.command = ((u8 *)msg)[CMD_OFFSET];
> > + header.size = ((u8 *)msg)[SZ_OFFSET];
> > + header.ver = ((u8 *)msg)[VER_OFFSET];
> > +
> > + /* Incoming command: wake up the receiver if any. */
> > + if (header.tag == priv->cmd_tag) {
> > + dev_dbg(dev, "Selecting cmd receiver\n");
> > + dev_ctx = priv->cmd_receiver_dev;
> > + } else if (header.tag == priv->rsp_tag) {
> > + if (priv->waiting_rsp_dev) {
> > + dev_dbg(dev, "Selecting rsp waiter\n");
> > + dev_ctx = priv->waiting_rsp_dev;
> > + is_response = true;
> > + } else {
> > + /*
> > + * Reading the EdgeLock Enclave response
> > + * to the command, sent by other
> > + * linux kernel services.
> > + */
> > + spin_lock(&priv->lock);
> > + memcpy(&priv->rx_msg, msg, header.size << 2);
> > +
> > + complete(&priv->done);
> > + spin_unlock(&priv->lock);
> > + return;
> > + }
> > + } else {
> > + dev_err(dev, "Failed to select a device for message: %.8x\n",
> > + *((u32 *) &header));
> > + return;
> > + }
> > + /* Init reception */
> > + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> > + if (rx_msg)
> > + memcpy(rx_msg, msg, header.size << 2);
> > +
> > + dev_ctx->temp_resp = (u32 *)rx_msg;
> > + dev_ctx->temp_resp_size = header.size;
> > +
> > + /* Allow user to read */
> > + dev_ctx->pending_hdr = 1;
> > + wake_up_interruptible(&dev_ctx->wq);
> > +
> > + if (is_response)
> > + priv->waiting_rsp_dev = NULL;
> > +}
> > +
> > +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> > + uint8_t msg_id, uint8_t sz, bool is_base_api)
> > +{
> > + int ret = -EINVAL;
> > + u32 size;
> > + u32 cmd;
> > + u32 tag;
> > + u32 ver;
> > +
> > + tag = MSG_TAG(header);
> > + cmd = MSG_COMMAND(header);
> > + size = MSG_SIZE(header);
> > + ver = MSG_VER(header);
> > +
> > + do {
> > + if (tag != priv->rsp_tag) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Resp tag mismatch. (0x%x != 0x%x)",
> > + msg_id, tag, priv->rsp_tag);
> > + break;
> > + }
> > +
> > + if (cmd != msg_id) {
> > + dev_err(priv->dev,
> > + "MSG Header: Cmd id mismatch. (0x%x != 0x%x)",
> > + cmd, msg_id);
> > + break;
> > + }
> > +
> > + if (size != (sz >> 2)) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Cmd size mismatch. (0x%x != 0x%x)",
> > + msg_id, size, (sz >> 2));
> > + break;
> > + }
> > +
> > + if (is_base_api && (ver != priv->base_api_ver)) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Base API Vers mismatch. (0x%x !=
> 0x%x)",
> > + msg_id, ver, priv->base_api_ver);
> > + break;
> > + } else if (!is_base_api && ver != priv->fw_api_ver) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: FW API Vers mismatch. (0x%x != 0x%x)",
> > + msg_id, ver, priv->fw_api_ver);
> > + break;
> > + }
> > +
> > + ret = 0;
> > +
> > + } while (false);
> > +
> > + return ret;
> > +}
> > +
> > +int se_save_imem_state(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + int ret;
> > +
> > + /* EXPORT command will save encrypted IMEM to given address,
> > + * so later in resume, IMEM can be restored from the given
> > + * address.
> > + *
> > + * Size must be at least 64 kB.
> > + */
> > + ret = ele_service_swap(dev,
> > + priv->imem.phyaddr,
> > + ELE_IMEM_SIZE,
> > + ELE_IMEM_EXPORT);
> > + if (ret < 0)
> > + dev_err(dev, "Failed to export IMEM\n");
> > + else
> > + dev_info(dev,
> > + "Exported %d bytes of encrypted IMEM\n",
> > + ret);
> > +
> > + return ret;
> > +}
> > +
> > +int se_restore_imem_state(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct soc_info s_info;
> > + int ret;
> > +
> > + /* get info from ELE */
> > + ret = ele_get_info(dev, &s_info);
> > + if (ret) {
> > + dev_err(dev, "Failed to get info from ELE.\n");
> > + return ret;
> > + }
> > +
> > + /* Get IMEM state, if 0xFE then import IMEM */
> > + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> > + /* IMPORT command will restore IMEM from the given
> > + * address, here size is the actual size returned by ELE
> > + * during the export operation
> > + */
> > + ret = ele_service_swap(dev,
> > + priv->imem.phyaddr,
> > + priv->imem.size,
> > + ELE_IMEM_IMPORT);
> > + if (ret) {
> > + dev_err(dev, "Failed to import IMEM\n");
> > + goto exit;
> > + }
> > + } else
> > + goto exit;
> > +
> > + /* After importing IMEM, check if IMEM state is equal to 0xCA
> > + * to ensure IMEM is fully loaded and
> > + * ELE functionality can be used.
> > + */
> > + ret = ele_get_info(dev, &s_info);
> > + if (ret) {
> > + dev_err(dev, "Failed to get info from ELE.\n");
> > + goto exit;
> > + }
> > +
> > + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> > + dev_info(dev, "Successfully restored IMEM\n");
> > + else
> > + dev_err(dev, "Failed to restore IMEM\n");
> > +
> > +exit:
> > + return ret;
> > +}
> > diff --git a/drivers/firmware/imx/ele_common.h
> b/drivers/firmware/imx/ele_common.h
> > new file mode 100644
> > index 000000000000..6e3a2114bb56
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_common.h
> > @@ -0,0 +1,43 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +
> > +#ifndef __ELE_COMMON_H__
> > +#define __ELE_COMMON_H__
> > +
> > +#include "se_ctrl.h"
> > +
> > +#define IMX_ELE_FW_DIR "imx/ele/"
> > +
> > +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> > +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz);
> > +int imx_ele_msg_rcv(struct se_if_priv *priv);
> > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> > +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> > +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> > + u8 msg_id, u8 sz, bool is_base_api);
> > +
> > +/* Fill a command message header with a given command ID and length in
> bytes. */
> > +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> > + struct se_msg_hdr *hdr,
> > + u8 cmd,
> > + u32 len,
> > + bool is_base_api)
> > +{
> > + hdr->tag = priv->cmd_tag;
> > + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> > + hdr->command = cmd;
> > + hdr->size = len >> 2;
> > +
> > + return 0;
> > +}
> > +
> > +int se_save_imem_state(struct device *dev);
> > +int se_restore_imem_state(struct device *dev);
> > +
> > +#endif /*__ELE_COMMON_H__ */
> > diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
> > new file mode 100644
> > index 000000000000..11c5eaa7353f
> > --- /dev/null
> > +++ b/drivers/firmware/imx/se_ctrl.c
> > @@ -0,0 +1,1339 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/completion.h>
> > +#include <linux/delay.h>
> > +#include <linux/dev_printk.h>
> > +#include <linux/dma-mapping.h>
> > +#include <linux/errno.h>
> > +#include <linux/export.h>
> > +#include <linux/firmware.h>
> > +#include <linux/firmware/imx/se_api.h>
> > +#include <linux/genalloc.h>
> > +#include <linux/init.h>
> > +#include <linux/io.h>
> > +#include <linux/miscdevice.h>
> > +#include <linux/mod_devicetable.h>
> > +#include <linux/module.h>
> > +#include <linux/of_platform.h>
> > +#include <linux/of_reserved_mem.h>
> > +#include <linux/platform_device.h>
> > +#include <linux/slab.h>
> > +#include <linux/string.h>
> > +#include <linux/sys_soc.h>
> > +#include <uapi/linux/se_ioctl.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +#include "se_ctrl.h"
> > +
> > +#define RESERVED_DMA_POOL BIT(1)
> > +
> > +struct imx_se_node_info {
> > + u8 se_if_id;
> > + u8 se_if_did;
> > + u8 max_dev_ctx;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > + u8 *se_name;
> > + u8 *mbox_tx_name;
> > + u8 *mbox_rx_name;
> > + u8 *pool_name;
> > + u8 *fw_name_in_rfs;
> > + bool soc_register;
> > + bool reserved_dma_ranges;
> > + bool imem_mgmt;
> > +};
> > +
> > +struct imx_se_node_info_list {
> > + u8 num_mu;
> > + u16 soc_id;
> > + u16 soc_rev;
> > + struct imx_se_node_info info[];
> > +};
> > +
> > +static const struct imx_se_node_info_list imx8ulp_info = {
> > + .num_mu = 1,
> > + .soc_id = SOC_ID_OF_IMX8ULP,
> > + .info = {
> > + {
> > + .se_if_id = 2,
> > + .se_if_did = 7,
> > + .max_dev_ctx = 4,
> > + .cmd_tag = 0x17,
> > + .rsp_tag = 0xe1,
> > + .success_tag = 0xd6,
> > + .base_api_ver = MESSAGING_VERSION_6,
> > + .fw_api_ver = MESSAGING_VERSION_7,
> > + .se_name = "hsm1",
> > + .mbox_tx_name = "tx",
> > + .mbox_rx_name = "rx",
> > + .pool_name = "sram",
> > + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> > + "mx8ulpa2ext-ahab-container.img",
> > + .soc_register = true,
> > + .reserved_dma_ranges = true,
> > + .imem_mgmt = true,
> > + },
> > + },
> > +};
> > +
> > +static const struct imx_se_node_info_list imx93_info = {
> > + .num_mu = 1,
> > + .soc_id = SOC_ID_OF_IMX93,
> > + .info = {
> > + {
> > + .se_if_id = 2,
> > + .se_if_did = 3,
> > + .max_dev_ctx = 4,
> > + .cmd_tag = 0x17,
> > + .rsp_tag = 0xe1,
> > + .success_tag = 0xd6,
> > + .base_api_ver = MESSAGING_VERSION_6,
> > + .fw_api_ver = MESSAGING_VERSION_7,
> > + .se_name = "hsm1",
> > + .mbox_tx_name = "tx",
> > + .mbox_rx_name = "rx",
> > + .reserved_dma_ranges = true,
> > + .imem_mgmt = true,
> > + .soc_register = true,
> > + },
> > + },
> > +};
> > +
> > +static const struct of_device_id se_match[] = {
> > + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
> > + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> > + {},
> > +};
> > +
> > +static struct imx_se_node_info
> > + *get_imx_se_node_info(struct imx_se_node_info_list *info_list,
> > + const u32 idx)
> > +{
> > + if (idx < 0 || idx > info_list->num_mu)
> > + return NULL;
> > +
> > + return &info_list->info[idx];
> > +}
> > +
> > +void *get_phy_buf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + dma_addr_t *buf,
> > + u32 size)
> > +{
> > + struct device_node *of_node = dev->of_node;
> > + struct gen_pool *mem_pool;
> > +
> > + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> > + if (!mem_pool) {
> > + dev_err(dev,
> > + "Unable to get sram pool = %s\n",
> > + mem_pool_name);
> > + return 0;
> > + }
> > +
> > + return gen_pool_dma_alloc(mem_pool, size, buf);
> > +}
> > +
> > +void free_phybuf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 *buf,
> > + u32 size)
> > +{
> > + struct device_node *of_node = dev->of_node;
> > + struct gen_pool *mem_pool;
> > +
> > + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> > + if (!mem_pool)
> > + dev_err(dev,
> > + "%s: Failed: Unable to get sram pool.\n",
> > + __func__);
> > +
> > + gen_pool_free(mem_pool, (u64)buf, size);
> > +}
> > +
> > +static int imx_fetch_soc_info(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct imx_se_node_info_list *info_list;
> > + const struct imx_se_node_info *info;
> > + struct soc_device_attribute *attr;
> > + struct soc_device *sdev;
> > + struct soc_info s_info;
> > + int err = 0;
> > +
> > + info = priv->info;
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev->parent);
> > + if (info_list->soc_rev)
> > + return err;
> > +
> > + err = ele_get_info(dev, &s_info);
> > + if (err)
> > + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> > +
> > + info_list->soc_rev = s_info.soc_rev;
> > +
> > + if (!info->soc_register)
> > + return 0;
> > +
> > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > + if (!attr)
> > + return -ENOMEM;
> > +
> > + if (s_info.minor_ver)
> > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> > + s_info.major_ver,
> > + s_info.minor_ver);
> > + else
> > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> > + s_info.major_ver);
> > +
> > + switch (s_info.soc_id) {
> > + case SOC_ID_OF_IMX8ULP:
> > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > + "i.MX8ULP");
> > + break;
> > + case SOC_ID_OF_IMX93:
> > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > + "i.MX93");
> > + break;
> > + }
> > +
> > + err = of_property_read_string(of_root, "model",
> > + &attr->machine);
> > + if (err) {
> > + devm_kfree(dev, attr);
> > + return -EINVAL;
> > + }
> > + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> > +
> > + attr->serial_number
> > + = devm_kasprintf(dev, GFP_KERNEL, "%016llX", s_info.serial_num);
> > +
> > + sdev = soc_device_register(attr);
> > + if (IS_ERR(sdev)) {
> > + devm_kfree(dev, attr->soc_id);
> > + devm_kfree(dev, attr->serial_number);
> > + devm_kfree(dev, attr->revision);
> > + devm_kfree(dev, attr->family);
> > + devm_kfree(dev, attr->machine);
> > + devm_kfree(dev, attr);
> > + return PTR_ERR(sdev);
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +/*
> > + * File operations for user-space
> > + */
> > +
> > +/* Write a message to the MU. */
> > +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_if_priv *priv;
> > + int err;
> > +
> > + dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + priv = dev_ctx->priv;
> > + dev_dbg(priv->dev,
> > + "%s: write from buf (%p)%zu, ppos=%lld\n",
> > + dev_ctx->miscdev.name,
> > + buf, size, ((ppos) ? *ppos : 0));
> > +
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + if (dev_ctx->status != MU_OPENED) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + if (size < SE_MU_HDR_SZ) {
> > + dev_err(priv->dev,
> > + "%s: User buffer too small(%zu < %d)\n",
> > + dev_ctx->miscdev.name,
> > + size, SE_MU_HDR_SZ);
> > + err = -ENOSPC;
> > + goto exit;
> > + }
> > +
> > + tx_msg = memdup_user((void __user *)ppos, size);
> > + if (!tx_msg) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + /* Copy data to buffer */
> > + if (copy_from_user(tx_msg, buf, size)) {
> > + err = -EFAULT;
> > + dev_err(priv->dev,
> > + "%s: Fail copy message from user\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + tx_msg, size, false);
> > +
> > + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/*
> > + * Read a message from the MU.
> > + * Blocking until a message is available.
> > + */
> > +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_buf_desc *b_desc;
> > + struct se_if_priv *priv;
> > + u32 size_to_copy;
> > + int err;
> > +
> > + dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + priv = dev_ctx->priv;
> > + dev_dbg(priv->dev,
> > + "%s: read to buf %p(%zu), ppos=%lld\n",
> > + dev_ctx->miscdev.name,
> > + buf, size, ((ppos) ? *ppos : 0));
> > +
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + if (dev_ctx->status != MU_OPENED) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> > + if (err)
> > + goto exit;
> > +
> > + /* Buffer containing the message from FW, is
> > + * allocated in callback function.
> > + * Check if buffer allocation failed.
> > + */
> > + if (!dev_ctx->temp_resp) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + dev_dbg(priv->dev,
> > + "%s: %s %s\n",
> > + dev_ctx->miscdev.name,
> > + __func__,
> > + "message received, start transmit to user");
> > +
> > + /*
> > + * Check that the size passed as argument is larger than
> > + * the one carried in the message.
> > + */
> > + size_to_copy = dev_ctx->temp_resp_size << 2;
> > + if (size_to_copy > size) {
> > + dev_dbg(priv->dev,
> > + "%s: User buffer too small (%zu < %d)\n",
> > + dev_ctx->miscdev.name,
> > + size, size_to_copy);
> > + size_to_copy = size;
> > + }
> > +
> > + /*
> > + * We may need to copy the output data to user before
> > + * delivering the completion message.
> > + */
> > + while (!list_empty(&dev_ctx->pending_out)) {
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> > + struct se_buf_desc,
> > + link);
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> > +
> > + dev_dbg(priv->dev,
> > + "%s: Copy output data to user\n",
> > + dev_ctx->miscdev.name);
> > + if (copy_to_user(b_desc->usr_buf_ptr,
> > + b_desc->shared_buf_ptr,
> > + b_desc->size)) {
> > + dev_err(priv->dev,
> > + "%s: Failure copying output data to user.",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > + }
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + kfree(b_desc);
> > + }
> > +
> > + /* Copy data from the buffer */
> > + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + dev_ctx->temp_resp, size_to_copy, false);
> > + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> > + dev_err(priv->dev,
> > + "%s: Failed to copy to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + err = size_to_copy;
> > + kfree(dev_ctx->temp_resp);
> > +
> > + /* free memory allocated on the shared buffers. */
> > + dev_ctx->secure_mem.pos = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + dev_ctx->pending_hdr = 0;
> > +
> > +exit:
> > + /*
> > + * Clean the used Shared Memory space,
> > + * whether its Input Data copied from user buffers, or
> > + * Data received from FW.
> > + */
> > + while (!list_empty(&dev_ctx->pending_in) ||
> > + !list_empty(&dev_ctx->pending_out)) {
> > + if (!list_empty(&dev_ctx->pending_in))
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> > + struct se_buf_desc,
> > + link);
> > + else
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> > + struct se_buf_desc,
> > + link);
> > +
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + kfree(b_desc);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/* Give access to EdgeLock Enclave, to the memory we want to share */
> > +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> > + u64 addr, u32 len)
> > +{
> > + /* Assuming EdgeLock Enclave has access to all the memory regions */
> > + int ret = 0;
> > +
> > + if (ret) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > + if (ret) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Fail set permission for resource\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return ret;
> > +}
> > +
> > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > + struct imx_se_node_info *if_node_info;
> > + struct se_ioctl_get_if_info info;
> > + int err = 0;
> > +
> > + if_node_info = (struct imx_se_node_info *)priv->info;
> > +
> > + info.se_if_id = if_node_info->se_if_id;
> > + info.interrupt_idx = 0;
> > + info.tz = 0;
> > + info.did = if_node_info->se_if_did;
> > + info.cmd_tag = if_node_info->cmd_tag;
> > + info.rsp_tag = if_node_info->rsp_tag;
> > + info.success_tag = if_node_info->success_tag;
> > + info.base_api_ver = if_node_info->base_api_ver;
> > + info.fw_api_ver = if_node_info->fw_api_ver;
> > +
> > + dev_dbg(priv->dev,
> > + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> > + dev_ctx->miscdev.name,
> > + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> > +
> > + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy mu info to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/*
> > + * Copy a buffer of data to/from the user and return the address to use in
> > + * messages
> > + */
> > +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct se_ioctl_setup_iobuf io = {0};
> > + struct se_shared_mem *shared_mem;
> > + struct se_buf_desc *b_desc;
> > + int err = 0;
> > + u32 pos;
> > +
> > + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed copy iobuf config from user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + dev_dbg(dev_ctx->priv->dev,
> > + "%s: io [buf: %p(%d) flag: %x]\n",
> > + dev_ctx->miscdev.name,
> > + io.user_buf, io.length, io.flags);
> > +
> > + if (io.length == 0 || !io.user_buf) {
> > + /*
> > + * Accept NULL pointers since some buffers are optional
> > + * in FW commands. In this case we should return 0 as
> > + * pointer to be embedded into the message.
> > + * Skip all data copy part of code below.
> > + */
> > + io.ele_addr = 0;
> > + goto copy;
> > + }
> > +
> > + /* Select the shared memory to be used for this buffer. */
> > + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> > + /* App requires to use secure memory for this buffer.*/
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed allocate SEC MEM memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + } else {
> > + /* No specific requirement for this buffer. */
> > + shared_mem = &dev_ctx->non_secure_mem;
> > + }
> > +
> > + /* Check there is enough space in the shared memory. */
> > + if (shared_mem->size < shared_mem->pos
> > + || io.length >= shared_mem->size - shared_mem->pos) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Not enough space in shared memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + /* Allocate space in shared memory. 8 bytes aligned. */
> > + pos = shared_mem->pos;
> > + shared_mem->pos += round_up(io.length, 8u);
> > + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> > +
> > + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> > + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> > + /*Add base address to get full address.*/
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed allocate SEC MEM memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + memset(shared_mem->ptr + pos, 0, io.length);
> > + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> > + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> > + /*
> > + * buffer is input:
> > + * copy data from user space to this allocated buffer.
> > + */
> > + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> > + io.length)) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed copy data to shared memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > + }
> > +
> > + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> > + if (!b_desc) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > +copy:
> > + /* Provide the EdgeLock Enclave address to user space only if success.*/
> > + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy iobuff setup to user\n",
> > + dev_ctx->miscdev.name);
> > + kfree(b_desc);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + if (b_desc) {
> > + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> > + b_desc->usr_buf_ptr = io.user_buf;
> > + b_desc->size = io.length;
> > +
> > + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> > + /*
> > + * buffer is input:
> > + * add an entry in the "pending input buffers" list so
> > + * that copied data can be cleaned from shared memory
> > + * later.
> > + */
> > + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> > + } else {
> > + /*
> > + * buffer is output:
> > + * add an entry in the "pending out buffers" list so data
> > + * can be copied to user space when receiving Secure-Enclave
> > + * response.
> > + */
> > + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> > + }
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/* IOCTL to provide SoC information */
> > +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct imx_se_node_info_list *info_list;
> > + struct se_ioctl_get_soc_info soc_info;
> > + int err = -EINVAL;
> > +
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev_ctx->priv->dev->parent);
> > + if (!info_list)
> > + goto exit;
> > +
> > + soc_info.soc_id = info_list->soc_id;
> > + soc_info.soc_rev = info_list->soc_rev;
> > +
> > + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> > + if (err) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy soc info to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/* Open a character device. */
> > +static int se_if_fops_open(struct inode *nd, struct file *fp)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + int err;
> > +
> > + /* Avoid race if opened at the same time */
> > + if (down_trylock(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + /* Authorize only 1 instance. */
> > + if (dev_ctx->status != MU_FREE) {
> > + err = -EBUSY;
> > + goto exit;
> > + }
> > +
> > + /*
> > + * Allocate some memory for data exchanges with S40x.
> > + * This will be used for data not requiring secure memory.
> > + */
> > + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx->dev,
> > + MAX_DATA_SIZE_PER_USER,
> > + &dev_ctx->non_secure_mem.dma_addr,
> > + GFP_KERNEL);
> > + if (!dev_ctx->non_secure_mem.ptr) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + err = se_if_setup_se_mem_access(dev_ctx,
> > + dev_ctx->non_secure_mem.dma_addr,
> > + MAX_DATA_SIZE_PER_USER);
> > + if (err) {
> > + err = -EPERM;
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to share access to shared memory\n",
> > + dev_ctx->miscdev.name);
> > + goto free_coherent;
> > + }
> > +
> > + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> > + dev_ctx->non_secure_mem.pos = 0;
> > + dev_ctx->status = MU_OPENED;
> > +
> > + dev_ctx->pending_hdr = 0;
> > +
> > + goto exit;
> > +
> > +free_coherent:
> > + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> > + dev_ctx->non_secure_mem.ptr,
> > + dev_ctx->non_secure_mem.dma_addr);
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/* Close a character device. */
> > +static int se_if_fops_close(struct inode *nd, struct file *fp)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_buf_desc *b_desc;
> > +
> > + /* Avoid race if closed at the same time */
> > + if (down_trylock(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + /* The device context has not been opened */
> > + if (dev_ctx->status != MU_OPENED)
> > + goto exit;
> > +
> > + /* check if this device was registered as command receiver. */
> > + if (priv->cmd_receiver_dev == dev_ctx)
> > + priv->cmd_receiver_dev = NULL;
> > +
> > + /* check if this device was registered as waiting response. */
> > + if (priv->waiting_rsp_dev == dev_ctx) {
> > + priv->waiting_rsp_dev = NULL;
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + }
> > +
> > + /* Unmap secure memory shared buffer. */
> > + if (dev_ctx->secure_mem.ptr)
> > + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> > +
> > + dev_ctx->secure_mem.ptr = NULL;
> > + dev_ctx->secure_mem.dma_addr = 0;
> > + dev_ctx->secure_mem.size = 0;
> > + dev_ctx->secure_mem.pos = 0;
> > +
> > + /* Free non-secure shared buffer. */
> > + dmam_free_coherent(dev_ctx->priv->dev, MAX_DATA_SIZE_PER_USER,
> > + dev_ctx->non_secure_mem.ptr,
> > + dev_ctx->non_secure_mem.dma_addr);
> > +
> > + dev_ctx->non_secure_mem.ptr = NULL;
> > + dev_ctx->non_secure_mem.dma_addr = 0;
> > + dev_ctx->non_secure_mem.size = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + while (!list_empty(&dev_ctx->pending_in) ||
> > + !list_empty(&dev_ctx->pending_out)) {
> > + if (!list_empty(&dev_ctx->pending_in))
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_in,
> > + struct se_buf_desc,
> > + link);
> > + else
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> > + struct se_buf_desc,
> > + link);
> > +
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + devm_kfree(dev_ctx->dev, b_desc);
> > + }
> > +
> > + dev_ctx->status = MU_FREE;
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return 0;
> > +}
> > +
> > +/* IOCTL entry point of a character device */
> > +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> > +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *se_if_priv = dev_ctx->priv;
> > + int err = -EINVAL;
> > +
> > + /* Prevent race during change of device context */
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + switch (cmd) {
> > + case SE_IOCTL_ENABLE_CMD_RCV:
> > + if (!se_if_priv->cmd_receiver_dev) {
> > + se_if_priv->cmd_receiver_dev = dev_ctx;
> > + err = 0;
> > + }
> > + break;
> > + case SE_IOCTL_GET_MU_INFO:
> > + err = se_ioctl_get_mu_info(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_SETUP_IOBUF:
> > + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_GET_SOC_INFO:
> > + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> > + break;
> > +
> > + default:
> > + err = -EINVAL;
> > + dev_dbg(se_if_priv->dev,
> > + "%s: IOCTL %.8x not supported\n",
> > + dev_ctx->miscdev.name,
> > + cmd);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return (long)err;
> > +}
> > +
> > +/* Char driver setup */
> > +static const struct file_operations se_if_fops = {
> > + .open = se_if_fops_open,
> > + .owner = THIS_MODULE,
> > + .release = se_if_fops_close,
> > + .unlocked_ioctl = se_ioctl,
> > + .read = se_if_fops_read,
> > + .write = se_if_fops_write,
> > +};
> > +
> > +/* interface for managed res to free a mailbox channel */
> > +static void if_mbox_free_channel(void *mbox_chan)
> > +{
> > + mbox_free_channel(mbox_chan);
> > +}
> > +
> > +/* interface for managed res to unregister a character device */
> > +static void if_misc_deregister(void *miscdevice)
> > +{
> > + misc_deregister(miscdevice);
> > +}
> > +
> > +static int se_if_request_channel(struct device *dev,
> > + struct mbox_chan **chan,
> > + struct mbox_client *cl,
> > + const u8 *name)
> > +{
> > + struct mbox_chan *t_chan;
> > + int ret = 0;
> > +
> > + t_chan = mbox_request_channel_byname(cl, name);
> > + if (IS_ERR(t_chan)) {
> > + ret = PTR_ERR(t_chan);
> > + if (ret != -EPROBE_DEFER)
> > + dev_err(dev,
> > + "Failed to request chan %s ret %d\n", name,
> > + ret);
> > + goto exit;
> > + }
> > +
> > + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> > + if (ret) {
> > + dev_err(dev, "failed to add devm removal of mbox %s\n", name);
> > + goto exit;
> > + }
> > +
> > + *chan = t_chan;
> > +
> > +exit:
> > + return ret;
> > +}
> > +
> > +static int se_probe_if_cleanup(struct platform_device *pdev)
> > +{
> > + struct device *dev = &pdev->dev;
> > + struct se_if_priv *priv;
> > + int ret = 0;
> > + int i;
> > +
> > + priv = dev_get_drvdata(dev);
> > + if (!priv) {
> > + ret = 0;
> > + dev_dbg(dev, "SE-MU Priv data is NULL;");
> > + return ret;
> > + }
> > +
> > + if (priv->tx_chan)
> > + mbox_free_channel(priv->tx_chan);
> > + if (priv->rx_chan)
> > + mbox_free_channel(priv->rx_chan);
> > +
> > + /* free the buffer in se remove, previously allocated
> > + * in se probe to store encrypted IMEM
> > + */
> > + if (priv->imem.buf) {
> > + dmam_free_coherent(dev,
> > + ELE_IMEM_SIZE,
> > + priv->imem.buf,
> > + priv->imem.phyaddr);
> > + priv->imem.buf = NULL;
> > + }
> > +
> > + if (priv->ctxs) {
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + if (priv->ctxs[i]) {
> > + devm_remove_action(dev,
> > + if_misc_deregister,
> > + &priv->ctxs[i]->miscdev);
> > + misc_deregister(&priv->ctxs[i]->miscdev);
> > + devm_kfree(dev, priv->ctxs[i]);
> > + }
> > + }
> > + devm_kfree(dev, priv->ctxs);
> > + }
> > +
> > + if (priv->flags & RESERVED_DMA_POOL) {
> > + of_reserved_mem_device_release(dev);
> > + priv->flags &= (~RESERVED_DMA_POOL);
> > + }
> > +
> > + devm_kfree(dev, priv);
> > + of_node_put(dev->of_node);
> > + of_platform_device_destroy(dev, NULL);
> > +
> > + return ret;
> > +}
> > +
> > +static int se_probe_cleanup(struct platform_device *pdev)
> > +{
> > + struct device *dev = &pdev->dev;
> > + struct device_node *if_dn;
> > +
> > + /* Enumerate se-interface device nodes. */
> > + for_each_child_of_node(dev->of_node, if_dn) {
> > + struct platform_device *if_pdev
> > + = of_find_device_by_node(if_dn);
> > + if (se_probe_if_cleanup(if_pdev))
> > + dev_err(dev,
> > + "Failed to clean-up child node probe.\n");
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int init_device_context(struct device *dev)
> > +{
> > + const struct imx_se_node_info *info;
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_if_priv *priv;
> > + u8 *devname;
> > + int ret = 0;
> > + int i;
> > +
> > + priv = dev_get_drvdata(dev);
> > +
> > + if (!priv) {
> > + ret = -EINVAL;
> > + dev_err(dev, "Invalid SE-MU Priv data");
> > + return ret;
> > + }
> > + info = priv->info;
> > +
> > + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> > + GFP_KERNEL);
> > +
> > + if (!priv->ctxs) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + /* Create users */
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> > + if (!dev_ctx) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->dev = dev;
> > + dev_ctx->status = MU_FREE;
> > + dev_ctx->priv = priv;
> > +
> > + priv->ctxs[i] = dev_ctx;
> > +
> > + /* Default value invalid for an header. */
> > + init_waitqueue_head(&dev_ctx->wq);
> > +
> > + INIT_LIST_HEAD(&dev_ctx->pending_out);
> > + INIT_LIST_HEAD(&dev_ctx->pending_in);
> > + sema_init(&dev_ctx->fops_lock, 1);
> > +
> > + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> > + info->se_name, i);
> > + if (!devname) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->miscdev.name = devname;
> > + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> > + dev_ctx->miscdev.fops = &se_if_fops;
> > + dev_ctx->miscdev.parent = dev;
> > + ret = misc_register(&dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(dev, "failed to register misc device %d\n",
> > + ret);
> > + return ret;
> > + }
> > +
> > + ret = devm_add_action(dev, if_misc_deregister,
> > + &dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed[%d] to add action to the misc-dev\n",
> > + ret);
> > + return ret;
> > + }
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +static void se_load_firmware(const struct firmware *fw, void *context)
> > +{
> > + struct se_if_priv *priv = (struct se_if_priv *) context;
> > + const struct imx_se_node_info *info = priv->info;
> > + const u8 *se_fw_name = info->fw_name_in_rfs;
> > + phys_addr_t se_fw_phyaddr;
> > + u8 *se_fw_buf;
> > +
> > + if (!fw) {
> > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> > + dev_dbg(priv->dev,
> > + "External FW not found, using ROM FW.\n");
> > + else {
> > + /*add a bit delay to wait for firmware priv released */
> > + msleep(20);
> > +
> > + /* Load firmware one more time if timeout */
> > + request_firmware_nowait(THIS_MODULE,
> > + FW_ACTION_UEVENT, info->fw_name_in_rfs,
> > + priv->dev, GFP_KERNEL, priv,
> > + se_load_firmware);
> > + priv->fw_fail++;
> > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> > + priv->fw_fail);
> > + }
> > +
> > + return;
> > + }
> > +
> > + /* allocate buffer to store the SE FW */
> > + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> > + &se_fw_phyaddr,
> > + GFP_KERNEL);
> > + if (!se_fw_buf) {
> > + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> > + goto exit;
> > + }
> > +
> > + memcpy(se_fw_buf, fw->data, fw->size);
> > +
> > + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> > + dev_err(priv->dev,
> > + "Failed to authenticate & load SE firmware %s.\n",
> > + se_fw_name);
> > +
> > +exit:
> > + dmam_free_coherent(priv->dev,
> > + fw->size,
> > + se_fw_buf,
> > + se_fw_phyaddr);
> > +
> > + release_firmware(fw);
> > +}
> > +
> > +static int se_if_probe(struct platform_device *pdev)
> > +{
> > + struct imx_se_node_info_list *info_list;
> > + struct device *dev = &pdev->dev;
> > + struct imx_se_node_info *info;
> > + struct se_if_priv *priv;
> > + u32 idx;
> > + int ret;
> > +
> > + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev->parent);
> > + info = get_imx_se_node_info(info_list, idx);
> > +
> > + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> > + if (!priv) {
> > + ret = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + dev_set_drvdata(dev, priv);
> > +
> > + /* Mailbox client configuration */
> > + priv->se_mb_cl.dev = dev;
> > + priv->se_mb_cl.tx_block = false;
> > + priv->se_mb_cl.knows_txdone = true;
> > + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> > +
> > + ret = se_if_request_channel(dev, &priv->tx_chan,
> > + &priv->se_mb_cl, info->mbox_tx_name);
> > + if (ret) {
> > + if (ret == -EPROBE_DEFER)
> > + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> > + else
> > + dev_err(dev, "Failed to request tx channel\n");
> > +
> > + goto exit;
> > + }
> > +
> > + ret = se_if_request_channel(dev, &priv->rx_chan,
> > + &priv->se_mb_cl, info->mbox_rx_name);
> > + if (ret) {
> > + if (ret == -EPROBE_DEFER)
> > + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> > + else
> > + dev_dbg(dev, "Failed to request rx channel\n");
> > +
> > + goto exit;
> > + }
> > +
> > + priv->dev = dev;
> > + priv->info = info;
> > +
> > + /* Initialize the mutex. */
> > + mutex_init(&priv->se_if_lock);
> > + mutex_init(&priv->se_if_cmd_lock);
> > +
> > + priv->cmd_receiver_dev = NULL;
> > + priv->waiting_rsp_dev = NULL;
> > + priv->max_dev_ctx = info->max_dev_ctx;
> > + priv->cmd_tag = info->cmd_tag;
> > + priv->rsp_tag = info->rsp_tag;
> > + priv->mem_pool_name = info->pool_name;
> > + priv->success_tag = info->success_tag;
> > + priv->base_api_ver = info->base_api_ver;
> > + priv->fw_api_ver = info->fw_api_ver;
> > +
> > + init_completion(&priv->done);
> > + spin_lock_init(&priv->lock);
> > +
> > + if (info->reserved_dma_ranges) {
> > + ret = of_reserved_mem_device_init(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed to init reserved memory region %d\n",
> > + ret);
> > + priv->flags &= (~RESERVED_DMA_POOL);
> > + goto exit;
> > + }
> > + priv->flags |= RESERVED_DMA_POOL;
> > + }
> > +
> > + if (info->fw_name_in_rfs) {
> > + ret = request_firmware_nowait(THIS_MODULE,
> > + FW_ACTION_UEVENT,
> > + info->fw_name_in_rfs,
> > + dev, GFP_KERNEL, priv,
> > + se_load_firmware);
> > + if (ret)
> > + dev_warn(dev, "Failed to get firmware [%s].\n",
> > + info->fw_name_in_rfs);
> > + }
> > +
> > + ret = imx_fetch_soc_info(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed[%d] to fetch SoC Info\n", ret);
> > + goto exit;
> > + }
> > +
> > + if (info->imem_mgmt) {
> > + /* allocate buffer where SE store encrypted IMEM */
> > + priv->imem.buf = dmam_alloc_coherent(dev, ELE_IMEM_SIZE,
> > + &priv->imem.phyaddr,
> > + GFP_KERNEL);
> > + if (!priv->imem.buf) {
> > + dev_err(dev,
> > + "dmam-alloc-failed: To store encr-IMEM.\n");
> > + ret = -ENOMEM;
> > + goto exit;
> > + }
> > + }
> > +
> > + if (info->max_dev_ctx) {
> > + ret = init_device_context(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "Failed[0x%x] to create device contexts.\n",
> > + ret);
> > + goto exit;
> > + }
> > + }
> > +
> > + dev_info(dev, "i.MX secure-enclave: %s interface to firmware,
> configured.\n",
> > + info->se_name);
> > + return devm_of_platform_populate(dev);
> > +
> > +exit:
> > + /* if execution control reaches here, if probe fails.
> > + * hence doing the cleanup
> > + */
> > + if (se_probe_if_cleanup(pdev))
> > + dev_err(dev,
> > + "Failed to clean-up the child node probe.\n");
> > +
> > + return ret;
> > +}
> > +
> > +static int se_probe(struct platform_device *pdev)
> > +{
> > + struct device_node *enum_dev_node;
> > + struct device *dev = &pdev->dev;
> > + int enum_count;
> > + int ret;
> > +
> > + enum_count = of_get_child_count(dev->of_node);
> > + if (!enum_count) {
> > + ret = -EINVAL;
> > + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> > + return ret;
> > + }
> > +
> > + for_each_child_of_node(dev->of_node, enum_dev_node) {
> > + struct platform_device *enum_plat_dev __maybe_unused;
> > +
> > + if (!of_device_is_available(enum_dev_node))
> > + continue;
> > +
> > + enum_plat_dev = of_platform_device_create(enum_dev_node,
> > + NULL,
> > + dev);
> > + if (!enum_plat_dev) {
> > + ret = -EINVAL;
> > + of_node_put(enum_dev_node);
> > + dev_err(dev,
> > + "Failed to create enumerated platform device.");
> > + break;
> > + }
> > +
> > + ret = se_if_probe(enum_plat_dev);
> > + }
> > + return ret;
> > +}
> > +
> > +static int se_remove(struct platform_device *pdev)
> > +{
> > + if (se_probe_cleanup(pdev))
> > + dev_err(&pdev->dev,
> > + "i.MX Secure Enclave is not cleanly un-probed.");
> > +
> > + return 0;
> > +}
> > +
> > +static int se_suspend(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + const struct imx_se_node_info *info
> > + = priv->info;
> > +
> > + if (info && info->imem_mgmt)
> > + priv->imem.size = se_save_imem_state(dev);
> > +
> > + return 0;
> > +}
> > +
> > +static int se_resume(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + const struct imx_se_node_info *info
> > + = priv->info;
> > + int i;
> > +
> > + for (i = 0; i < priv->max_dev_ctx; i++)
> > + wake_up_interruptible(&priv->ctxs[i]->wq);
> > +
> > + if (info && info->imem_mgmt)
> > + se_restore_imem_state(dev);
> > +
> > + return 0;
> > +}
> > +
> > +static const struct dev_pm_ops se_pm = {
> > + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> > +};
> > +
> > +static struct platform_driver se_driver = {
> > + .driver = {
> > + .name = "fsl-se-fw",
> > + .of_match_table = se_match,
> > + .pm = &se_pm,
> > + },
> > + .probe = se_probe,
> > + .remove = se_remove,
> > +};
> > +MODULE_DEVICE_TABLE(of, se_match);
> > +
> > +module_platform_driver(se_driver);
> > +
> > +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> > +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> > +MODULE_LICENSE("GPL");
> > diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
> > new file mode 100644
> > index 000000000000..76e1ce77c52f
> > --- /dev/null
> > +++ b/drivers/firmware/imx/se_ctrl.h
> > @@ -0,0 +1,151 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef SE_MU_H
> > +#define SE_MU_H
> > +
> > +#include <linux/miscdevice.h>
> > +#include <linux/semaphore.h>
> > +#include <linux/mailbox_client.h>
> > +
> > +#define MAX_FW_LOAD_RETRIES 50
> > +
> > +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> > +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> > +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> > +#define MSG_VER(x) ((x) & 0x000000ff)
> > +#define RES_STATUS(x) ((x) & 0x000000ff)
> > +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> > +#define S4_DEFAULT_MUAP_INDEX (2)
> > +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> > +#define MESSAGING_VERSION_6 0x6
> > +#define MESSAGING_VERSION_7 0x7
> > +
> > +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> > +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> > +
> > +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> > +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> > +
> > +struct se_imem_buf {
> > + u8 *buf;
> > + phys_addr_t phyaddr;
> > + u32 size;
> > +};
> > +
> > +struct se_buf_desc {
> > + u8 *shared_buf_ptr;
> > + u8 *usr_buf_ptr;
> > + u32 size;
> > + struct list_head link;
> > +};
> > +
> > +/* Status of a char device */
> > +enum se_if_dev_ctx_status_t {
> > + MU_FREE,
> > + MU_OPENED
> > +};
> > +
> > +struct se_shared_mem {
> > + dma_addr_t dma_addr;
> > + u32 size;
> > + u32 pos;
> > + u8 *ptr;
> > +};
> > +
> > +/* Private struct for each char device instance. */
> > +struct se_if_device_ctx {
> > + struct device *dev;
> > + struct se_if_priv *priv;
> > + struct miscdevice miscdev;
> > +
> > + enum se_if_dev_ctx_status_t status;
> > + wait_queue_head_t wq;
> > + struct semaphore fops_lock;
> > +
> > + u32 pending_hdr;
> > + struct list_head pending_in;
> > + struct list_head pending_out;
> > +
> > + struct se_shared_mem secure_mem;
> > + struct se_shared_mem non_secure_mem;
> > +
> > + u32 *temp_resp;
> > + u32 temp_resp_size;
> > + struct notifier_block se_notify;
> > +};
> > +
> > +/* Header of the messages exchange with the EdgeLock Enclave */
> > +struct se_msg_hdr {
> > + u8 ver;
> > + u8 size;
> > + u8 command;
> > + u8 tag;
> > +} __packed;
> > +
> > +#define SE_MU_HDR_SZ 4
> > +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> > +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> > +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> > +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> > +
> > +struct se_api_msg {
> > + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> > + u32 *data;
> > +};
> > +
> > +struct se_if_priv {
> > + struct se_if_device_ctx *cmd_receiver_dev;
> > + struct se_if_device_ctx *waiting_rsp_dev;
> > + bool no_dev_ctx_used;
> > + /*
> > + * prevent parallel access to the se interface registers
> > + * e.g. a user trying to send a command while the other one is
> > + * sending a response.
> > + */
> > + struct mutex se_if_lock;
> > + /*
> > + * prevent a command to be sent on the se interface while another one
> is
> > + * still processing. (response to a command is allowed)
> > + */
> > + struct mutex se_if_cmd_lock;
> > + struct device *dev;
> > + u8 *mem_pool_name;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > + u32 fw_fail;
> > + const void *info;
> > +
> > + struct mbox_client se_mb_cl;
> > + struct mbox_chan *tx_chan, *rx_chan;
> > + struct se_api_msg *rx_msg;
> > + struct completion done;
> > + spinlock_t lock;
> > + /*
> > + * Flag to retain the state of initialization done at
> > + * the time of se-mu probe.
> > + */
> > + uint32_t flags;
> > + u8 max_dev_ctx;
> > + struct se_if_device_ctx **ctxs;
> > + struct se_imem_buf imem;
> > +};
> > +
> > +void *get_phy_buf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + dma_addr_t *buf,
> > + u32 size);
> > +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 **buf,
> > + u32 size);
> > +void free_phybuf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 *buf,
> > + u32 size);
> > +#endif
> > diff --git a/include/linux/firmware/imx/se_api.h
> b/include/linux/firmware/imx/se_api.h
> > new file mode 100644
> > index 000000000000..c47f84906837
> > --- /dev/null
> > +++ b/include/linux/firmware/imx/se_api.h
> > @@ -0,0 +1,14 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef __SE_API_H__
> > +#define __SE_API_H__
> > +
> > +#include <linux/types.h>
> > +
> > +#define SOC_ID_OF_IMX8ULP 0x084D
> > +#define SOC_ID_OF_IMX93 0x9300
> > +
> > +#endif /* __SE_API_H__ */
> > diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> > new file mode 100644
> > index 000000000000..f68a36e9da2c
> > --- /dev/null
> > +++ b/include/uapi/linux/se_ioctl.h
> > @@ -0,0 +1,88 @@
> > +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-
> Clause*/
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef SE_IOCTL_H
> > +#define SE_IOCTL_H
> > +
> > +/* IOCTL definitions. */
> > +
> > +struct se_ioctl_setup_iobuf {
> > + u8 *user_buf;
> > + u32 length;
> > + u32 flags;
> > + u64 ele_addr;
> > +};
> > +
> > +struct se_ioctl_shared_mem_cfg {
> > + u32 base_offset;
> > + u32 size;
> > +};
> > +
> > +struct se_ioctl_get_if_info {
> > + u8 se_if_id;
> > + u8 interrupt_idx;
> > + u8 tz;
> > + u8 did;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > +};
> > +
> > +struct se_ioctl_signed_message {
> > + u8 *message;
> > + u32 msg_size;
> > + u32 error_code;
> > +};
> > +
> > +struct se_ioctl_get_soc_info {
> > + u16 soc_id;
> > + u16 soc_rev;
> > +};
> > +
> > +/* IO Buffer Flags */
> > +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> > +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> > +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> > +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> > +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> > +
> > +/* IOCTLS */
> > +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> > +
> > +/*
> > + * ioctl to designated the current fd as logical-reciever.
> > + * This is ioctl is send when the nvm-daemon, a slave to the
> > + * firmware is started by the user.
> > + */
> > +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> > +
> > +/*
> > + * ioctl to get the buffer allocated from the memory, which is shared
> > + * between kernel and FW.
> > + * Post allocation, the kernel tagged the allocated memory with:
> > + * Output
> > + * Input
> > + * Input-Output
> > + * Short address
> > + * Secure-memory
> > + */
> > +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> > + struct se_ioctl_setup_iobuf)
> > +
> > +/*
> > + * ioctl to get the mu information, that is used to exchange message
> > + * with FW, from user-spaced.
> > + */
> > +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> > + struct se_ioctl_get_if_info)
> > +/*
> > + * ioctl to get SoC Info from user-space.
> > + */
> > +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> > + struct se_ioctl_get_soc_info)
> > +
> > +#endif
> >


2024-05-17 11:26:22

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Marc Kleine-Budde <[email protected]>
> Sent: Monday, May 13, 2024 4:24 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock
> Enclave
>
> On 10.05.2024 18:57:30, Pankaj Gupta wrote:
> > NXP hardware IP(s) for secure-enclaves like Edgelock Enclave(ELE),
> > are embedded in the SoC to support the features like HSM, SHE & V2X,
> > using message based communication interface.
> >
> > The secure enclave FW communicates on a dedicated messaging unit(MU)
> > based interface(s) with application core, where kernel is running.
> > It exists on specific i.MX processors. e.g. i.MX8ULP, i.MX93.
> >
> > This patch adds the driver for communication interface to secure-enclave,
> > for exchanging messages with NXP secure enclave HW IP(s) like EdgeLock
> Enclave,
> > both from:
> > - User-Space Applications via character driver.
> > - Kernel-space, used by kernel management layers like DM-Crypt.
> >
> > ABI documentation for the NXP secure-enclave driver.
>
> Can you add the user space misc dev in a different patch?

Looks feasible, Will try to do in v2.
>
> >
> > User-space library using this driver:
> > - i.MX Secure Enclave library:
> > -- URL: https://github.com/nxp-imx/imx-secure-enclave.git,
> > - i.MX Secure Middle-Ware:
> > -- URL: https://github.com/nxp-imx/imx-smw.git
> >
> > Signed-off-by: Pankaj Gupta <[email protected]>
> > ---
> > Documentation/ABI/testing/se-cdev | 42 ++
> > drivers/firmware/imx/Kconfig | 12 +
> > drivers/firmware/imx/Makefile | 2 +
> > drivers/firmware/imx/ele_base_msg.c | 287 ++++++++
> > drivers/firmware/imx/ele_base_msg.h | 70 ++
> > drivers/firmware/imx/ele_common.c | 341 +++++++++
> > drivers/firmware/imx/ele_common.h | 43 ++
> > drivers/firmware/imx/se_ctrl.c | 1339
> +++++++++++++++++++++++++++++++++++
> > drivers/firmware/imx/se_ctrl.h | 151 ++++
> > include/linux/firmware/imx/se_api.h | 14 +
> > include/uapi/linux/se_ioctl.h | 88 +++
> > 11 files changed, 2389 insertions(+)
> >
> > diff --git a/Documentation/ABI/testing/se-cdev
> b/Documentation/ABI/testing/se-cdev
> > new file mode 100644
> > index 000000000000..699525af6b86
> > --- /dev/null
> > +++ b/Documentation/ABI/testing/se-cdev
> > @@ -0,0 +1,42 @@
> > +What: /dev/<se>_mu[0-9]+_ch[0-9]+
> > +Date: May 2024
> > +KernelVersion: 6.8
> > +Contact: [email protected], [email protected]
> > +Description:
> > + NXP offers multiple hardware IP(s) for secure-enclaves like
> EdgeLock-
> > + Enclave(ELE), SECO. The character device file-descriptors
> > + /dev/<se>_mu*_ch* are the interface between user-space
> NXP's secure-
> > + enclave shared-library and the kernel driver.
> > +
> > + The ioctl(2)-based ABI is defined and documented in
> > + [include]<linux/firmware/imx/ele_mu_ioctl.h>
> > + ioctl(s) are used primarily for:
> > + - shared memory management
> > + - allocation of I/O buffers
> > + - get mu info
> > + - setting a dev-ctx as receiver that is slave to fw
> > + - get SoC info
> > +
> > + The following file operations are supported:
> > +
> > + open(2)
> > + Currently the only useful flags are O_RDWR.
> > +
> > + read(2)
> > + Every read() from the opened character device context is
> waiting on
> > + wakeup_intruptible, that gets set by the registered mailbox
> callback
> > + function; indicating a message received from the firmware
> on message-
> > + unit.
> > +
> > + write(2)
> > + Every write() to the opened character device context needs
> to acquire
> > + mailbox_lock, before sending message on to the message
> unit.
> > +
> > + close(2)
> > + Stops and free up the I/O contexts that was associated
> > + with the file descriptor.
> > +
> > +Users: https://github.com/nxp-imx/imx-secure-enclave.git,
> > + https://github.com/nxp-imx/imx-smw.git
> > + crypto/skcipher,
> > + drivers/nvmem/imx-ocotp-ele.c
> > diff --git a/drivers/firmware/imx/Kconfig b/drivers/firmware/imx/Kconfig
> > index 183613f82a11..56bdca9bd917 100644
> > --- a/drivers/firmware/imx/Kconfig
> > +++ b/drivers/firmware/imx/Kconfig
> > @@ -22,3 +22,15 @@ config IMX_SCU
> >
> > This driver manages the IPC interface between host CPU and the
> > SCU firmware running on M4.
> > +
> > +config IMX_SEC_ENCLAVE
> > + tristate "i.MX Embedded Secure Enclave - EdgeLock Enclave Firmware
> driver."
> > + depends on IMX_MBOX && ARCH_MXC && ARM64
> > + default m if ARCH_MXC
> > +
> > + help
> > + It is possible to use APIs exposed by the iMX Secure Enclave HW IP
> called:
> > + - EdgeLock Enclave Firmware (for i.MX8ULP, i.MX93),
> > + like base, HSM, V2X & SHE using the SAB protocol via the shared
> Messaging
> > + Unit. This driver exposes these interfaces via a set of file descriptors
> > + allowing to configure shared memory, send and receive messages.
> > diff --git a/drivers/firmware/imx/Makefile
> b/drivers/firmware/imx/Makefile
> > index 8f9f04a513a8..aa9033e0e9e3 100644
> > --- a/drivers/firmware/imx/Makefile
> > +++ b/drivers/firmware/imx/Makefile
> > @@ -1,3 +1,5 @@
> > # SPDX-License-Identifier: GPL-2.0
> > obj-$(CONFIG_IMX_DSP) += imx-dsp.o
> > obj-$(CONFIG_IMX_SCU) += imx-scu.o misc.o imx-scu-irq.o
> rm.o imx-scu-soc.o
> > +sec_enclave-objs = se_ctrl.o ele_common.o ele_base_msg.o
> > +obj-${CONFIG_IMX_SEC_ENCLAVE} += sec_enclave.o
> > diff --git a/drivers/firmware/imx/ele_base_msg.c
> b/drivers/firmware/imx/ele_base_msg.c
> > new file mode 100644
> > index 000000000000..0463f26d93c7
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.c
> > @@ -0,0 +1,287 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/types.h>
> > +#include <linux/completion.h>
> > +#include <linux/dma-mapping.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + phys_addr_t get_info_addr;
> > + u32 *get_info_data;
> > + u32 status;
> > + int ret;
> > +
> > + if (!priv || !s_info)
> > + goto exit;
>
> You should code properly, so that this doesn't happen, your cleanup is
> broken, it will work on uninitialized data, as Sascha already mentioned.

The API(s) part of this file will be later exported and might get used by driver/crypto/ele/*.c.
Still if you think, this check should be removed, I will do it in v2.

>
> > +
> > + memset(s_info, 0x0, sizeof(*s_info));
> > +
> > + if (priv->mem_pool_name)
> > + get_info_data = get_phy_buf_mem_pool(dev,
> > + priv->mem_pool_name,
> > + &get_info_addr,
> > + ELE_GET_INFO_BUFF_SZ);
> > + else
> > + get_info_data = dmam_alloc_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + &get_info_addr,
> > + GFP_KERNEL);
>
> It's better style to move the init of the dma memory into the probe
> function.

It is not DMA init. It is DMA allocation.
>
> > + if (!get_info_data) {
> > + ret = -ENOMEM;
> > + dev_err(dev,
> > + "%s: Failed to allocate get_info_addr.\n",
> > + __func__);
> > + goto exit;
> > + }
> > +
> > + tx_msg = kzalloc(ELE_GET_INFO_REQ_MSG_SZ << 2, GFP_KERNEL);
> ^^^^^^^^^^^^^^^^^^^^^^^
>
> Is ELE_GET_INFO_REQ_MSG_SZ is in multiple of u32?

Will be correct in v2.

>
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_GET_INFO_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_REQ_MSG_SZ,
>
> Here you feed in ELE_GET_INFO_REQ_MSG_SZ and in
> plat_fill_cmd_msg_hdr()
> you use "len >> 2". This look quite strange to me. Better use length in
> bytes everywhere.
>
Accepted.


> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = upper_32_bits(get_info_addr);
> > + tx_msg->data[1] = lower_32_bits(get_info_addr);
> > + tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
>
> Can you use a proper struct for this. Sascha has already commented on
> the null pointer here.
Will fix in v2.

>
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
>
> This API looks strange, why put the tx_msg as a parameter the rx_msg
> into the private struct?

The rx_msg is the populated in the interrupt context.
Hence, it kept as part of private structure; which is in-turn associated with mbox_client.

Though, in v2 moving the rx_msg setting to imx_ele_msg_send_rcv(priv, tx_msg, rx_msg);

>
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> ^^
> single space

Accepted.

> > + priv->rx_msg->header,
> > + ELE_GET_INFO_REQ,
> > + ELE_GET_INFO_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
>
> use FIELD_GET()

Accepted.

>
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_GET_INFO_REQ, status);
> > + ret = -1;
> > + }
> > +
> > + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> > + & ELE_IMEM_STATE_MASK) >> 16;
>
> can you use a struct for get_info_data and use FIELD_GET() (if needed)

Re-write the structure soc_info, matching the information provided in response to this api.
struct dev_info {
uint8_t cmd;
uint8_t ver;
uint16_t length;
uint16_t soc_id;
uint16_t soc_rev;
uint16_t lmda_val;
uint8_t ssm_state;
uint8_t dev_atts_api_ver;
uint8_t uid[MAX_UID_SIZE];
uint8_t sha_rom_patch[DEV_GETINFO_ROM_PATCH_SHA_SZ];
uint8_t sha_fw[DEV_GETINFO_FW_SHA_SZ];
};

struct dev_addn_info {
uint8_t oem_srkh[DEV_GETINFO_OEM_SRKH_SZ];
uint8_t trng_state;
uint8_t csal_state;
uint8_t imem_state;
uint8_t reserved2;
};

struct soc_info {
struct dev_info d_info;
struct dev_addn_info d_addn_info;
};

>
> > + s_info->major_ver =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 24;
> > + s_info->minor_ver =
> ((get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16) & 0xFF;
> > + s_info->soc_rev =
> (get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_VER_MASK) >> 16;
> > + s_info->soc_id =
> get_info_data[GET_INFO_SOC_INFO_WORD_OFFSET]
> > + & SOC_ID_MASK;
> > + s_info->serial_num
> > + = (u64)get_info_data[GET_INFO_SL_NUM_MSB_WORD_OFF]
> << 32
> > + |
> get_info_data[GET_INFO_SL_NUM_LSB_WORD_OFF];
>
> The "|" goes to the end of the previous line.

Accepted.
>
> > +exit:
> > + if (get_info_addr) {
> > + if (priv->mem_pool_name)
> > + free_phybuf_mem_pool(dev, priv->mem_pool_name,
> > + get_info_data,
> ELE_GET_INFO_BUFF_SZ);
> > + else
> > + dmam_free_coherent(dev,
> > + ELE_GET_INFO_BUFF_SZ,
> > + get_info_data,
> > + get_info_addr);
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +int ele_ping(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_PING_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_PING_RSP_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_PING_REQ, ELE_PING_REQ_SZ,
> > + true);
> > + if (ret) {
> > + dev_err(dev, "Error: plat_fill_cmd_msg_hdr failed.\n");
> > + goto exit;
> > + }
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_PING_REQ,
> > + ELE_PING_RSP_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_PING_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > + return ret;
> > +}
> > +
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_SERVICE_SWAP_REQ_MSG_SZ << 2,
> GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_SERVICE_SWAP_RSP_MSG_SZ << 2,
> GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_REQ_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = flag;
> > + tx_msg->data[1] = addr_size;
> > + tx_msg->data[2] = ELE_NONE_VAL;
> > + tx_msg->data[3] = lower_32_bits(addr);
> > + tx_msg->data[4] = plat_add_msg_crc((uint32_t *)&tx_msg[0],
> > +
> ELE_SERVICE_SWAP_REQ_MSG_SZ);
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_SERVICE_SWAP_REQ,
> > + ELE_SERVICE_SWAP_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_SERVICE_SWAP_REQ, status);
> > + ret = -1;
> > + } else {
> > + if (flag == ELE_IMEM_EXPORT)
> > + ret = priv->rx_msg->data[1];
> > + else
> > + ret = 0;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > +
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_api_msg *rx_msg __free(kfree);
> > + u32 status;
> > + int ret;
> > +
> > + tx_msg = kzalloc(ELE_FW_AUTH_REQ_SZ << 2, GFP_KERNEL);
> > + if (!tx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + rx_msg = kzalloc(ELE_FW_AUTH_RSP_MSG_SZ << 2, GFP_KERNEL);
> > + if (!rx_msg) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > + ret = plat_fill_cmd_msg_hdr(priv,
> > + (struct se_msg_hdr *)&tx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_REQ_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + tx_msg->data[0] = addr;
> > + tx_msg->data[1] = 0x0;
> > + tx_msg->data[2] = addr;
> > +
> > + priv->rx_msg = rx_msg;
> > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > + if (ret < 0)
> > + goto exit;
> > +
> > + ret = validate_rsp_hdr(priv,
> > + priv->rx_msg->header,
> > + ELE_FW_AUTH_REQ,
> > + ELE_FW_AUTH_RSP_MSG_SZ,
> > + true);
> > + if (ret)
> > + goto exit;
> > +
> > + status = RES_STATUS(priv->rx_msg->data[0]);
> > + if (status != priv->success_tag) {
> > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > + ELE_FW_AUTH_REQ, status);
> > + ret = -1;
> > + }
> > +exit:
> > +
> > + return ret;
> > +}
> > diff --git a/drivers/firmware/imx/ele_base_msg.h
> b/drivers/firmware/imx/ele_base_msg.h
> > new file mode 100644
> > index 000000000000..3b3d2bf04a84
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_base_msg.h
> > @@ -0,0 +1,70 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + *
> > + * Header file for the EdgeLock Enclave Base API(s).
> > + */
> > +
> > +#ifndef ELE_BASE_MSG_H
> > +#define ELE_BASE_MSG_H
> > +
> > +#include <linux/device.h>
> > +#include <linux/types.h>
> > +
> > +#define WORD_SZ 4
> > +#define ELE_NONE_VAL 0x0
> > +
> > +#define ELE_SUCCESS_IND 0xD6
> > +
> > +#define ELE_GET_INFO_REQ 0xDA
> > +#define ELE_GET_INFO_REQ_MSG_SZ 0x10
> > +#define ELE_GET_INFO_RSP_MSG_SZ 0x08
> > +
> > +#define ELE_GET_INFO_BUFF_SZ 0x100
> > +#define ELE_GET_INFO_READ_SZ 0xA0
> > +
> > +#define DEFAULT_IMX_SOC_VER 0xA0
> > +#define SOC_VER_MASK 0xFFFF0000
> > +#define SOC_ID_MASK 0x0000FFFF
> > +struct soc_info {
> > + u32 imem_state;
> > + u8 major_ver;
> > + u8 minor_ver;
> > + u16 soc_id;
> > + u16 soc_rev;
> > + u64 serial_num;
> > +};
> > +
> > +#define GET_INFO_SOC_INFO_WORD_OFFSET 1
> > +#define GET_INFO_UUID_WORD_OFFSET 3
> > +#define GET_INFO_SL_NUM_MSB_WORD_OFF \
> > + (GET_INFO_UUID_WORD_OFFSET + 3)
> > +#define GET_INFO_SL_NUM_LSB_WORD_OFF \
> > + (GET_INFO_UUID_WORD_OFFSET + 0)
> > +
> > +#define ELE_PING_REQ 0x01
> > +#define ELE_PING_REQ_SZ 0x04
> > +#define ELE_PING_RSP_SZ 0x08
> > +
> > +#define ELE_SERVICE_SWAP_REQ 0xDF
> > +#define ELE_SERVICE_SWAP_REQ_MSG_SZ 0x18
> > +#define ELE_SERVICE_SWAP_RSP_MSG_SZ 0x0C
> > +#define ELE_IMEM_SIZE 0x10000
> > +#define ELE_IMEM_STATE_OK 0xCA
> > +#define ELE_IMEM_STATE_BAD 0xFE
> > +#define ELE_IMEM_STATE_WORD 0x27
> > +#define ELE_IMEM_STATE_MASK 0x00ff0000
> > +#define ELE_IMEM_EXPORT 0x1
> > +#define ELE_IMEM_IMPORT 0x2
> > +
> > +#define ELE_FW_AUTH_REQ 0x02
> > +#define ELE_FW_AUTH_REQ_SZ 0x10
> > +#define ELE_FW_AUTH_RSP_MSG_SZ 0x08
> > +
> > +int ele_get_info(struct device *dev, struct soc_info *s_info);
> > +int ele_ping(struct device *dev);
> > +int ele_service_swap(struct device *dev,
> > + phys_addr_t addr,
> > + u32 addr_size, u16 flag);
> > +int ele_fw_authenticate(struct device *dev, phys_addr_t addr);
> > +#endif
> > diff --git a/drivers/firmware/imx/ele_common.c
> b/drivers/firmware/imx/ele_common.c
> > new file mode 100644
> > index 000000000000..dcf7f9034653
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_common.c
> > @@ -0,0 +1,341 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +
> > +u32 plat_add_msg_crc(u32 *msg, u32 msg_len)
> > +{
> > + u32 nb_words = msg_len / (u32)sizeof(u32);
> > + u32 crc = 0;
> > + u32 i;
> > +
> > + for (i = 0; i < nb_words - 1; i++)
> > + crc ^= *(msg + i);
> > +
> > + return crc;
> > +}
> > +
> > +int imx_ele_msg_rcv(struct se_if_priv *priv)
> > +{
> > + u32 wait;
> > + int err;
> > +
> > + wait = msecs_to_jiffies(1000);
> > + if (!wait_for_completion_timeout(&priv->done, wait)) {
> > + dev_err(priv->dev,
> > + "Error: wait_for_completion timed out.\n");
> > + err = -ETIMEDOUT;
> > + }
> > +
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + priv->no_dev_ctx_used = false;
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> > +{
> > + bool is_cmd_lock_tobe_taken = false;
> > + int err;
> > +
> > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > + is_cmd_lock_tobe_taken = true;
> > + mutex_lock(&priv->se_if_cmd_lock);
> > + }
> > + scoped_guard(mutex, &priv->se_if_lock);
> > +
> > + err = mbox_send_message(priv->tx_chan, mssg);
> > + if (err < 0) {
> > + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> > + if (is_cmd_lock_tobe_taken)
> > + mutex_unlock(&priv->se_if_cmd_lock);
>
> Only dropping the lock in case of failure doesn't look right to me.
The callers of this function, takes the execution flow to aborting the operation on getting return code < 0.
No next action is expected under this aborted operation. Unlocking the lock here is not an issue

> It seems you should better move the lock to the callers of this function.
Accepted, and moved to the caller of the function for:
- locking
- unlocking in case of error.

Unlocking in the read API, once response is successfully received and read.

>
> > + return err;
> > + }
> > + err = 0;
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg)
> > +{
> > + int err;
> > +
> > + priv->no_dev_ctx_used = true;
> > + err = imx_ele_msg_send(priv, mssg);
> > + if (err)
> > + goto exit;
> > +
> > + err = imx_ele_msg_rcv(priv);
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *dev_ctx)
> > +{
> > + struct se_msg_hdr header = {0};
> > + int err;
> > +
> > + err = wait_event_interruptible(dev_ctx->wq, dev_ctx-
> >pending_hdr != 0);
> > + if (err)
> > + dev_err(dev_ctx->dev,
> > + "%s: Err[0x%x]:Interrupted by signal.\n",
> > + dev_ctx->miscdev.name, err);
> > +
> > + header = *((struct se_msg_hdr *) (&dev_ctx->temp_resp[0]));
> > +
> > + if (header.tag == dev_ctx->priv->rsp_tag)
> > + mutex_unlock(&dev_ctx->priv->se_if_cmd_lock);
> > +
> > + return err;
> > +}
> > +
> > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz)
> > +{
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_msg_hdr header = {0};
> > + int err;
> > +
> > + header = *((struct se_msg_hdr *) tx_msg);
> > +
> > + /*
> > + * Check that the size passed as argument matches the size
> > + * carried in the message.
> > + */
> > + err = header.size << 2;
> > +
> > + if (err != tx_msg_sz) {
> > + err = -EINVAL;
> > + dev_err(priv->dev,
> > + "%s: User buffer too small\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > + /* Check the message is valid according to tags */
> > + if (header.tag == priv->cmd_tag)
> > + priv->waiting_rsp_dev = dev_ctx;
> > + else if (header.tag == priv->rsp_tag) {
> > + /* Check the device context can send the command */
> > + if (dev_ctx != priv->cmd_receiver_dev) {
> > + dev_err(priv->dev,
> > + "%s: Channel not configured to send resp to
> FW.",
> > + dev_ctx->miscdev.name);
> > + err = -EPERM;
> > + goto exit;
> > + }
> > + } else {
> > + dev_err(priv->dev,
> > + "%s: The message does not have a valid TAG\n",
> > + dev_ctx->miscdev.name);
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > + err = imx_ele_msg_send(priv, tx_msg);
> > +exit:
> > + return err;
> > +}
> > +
> > +/*
> > + * Callback called by mailbox FW, when data is received.
> > + */
> > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg)
> > +{
> > + struct device *dev = mbox_cl->dev;
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_api_msg *rx_msg;
> > + bool is_response = false;
> > + struct se_if_priv *priv;
> > + struct se_msg_hdr header;
> > +
> > + priv = dev_get_drvdata(dev);
> > + if (!priv) {
> > + dev_err(dev, "SE-MU Priv data is NULL;");
> > + return;
> > + }
>
> If you code you probe and cleanup functions correctly, this should not
> happen.

Ok, I will remove this code snippet.

>
> > +
> > + /* The function can be called with NULL msg */
> > + if (!msg) {
> > + dev_err(dev, "Message is invalid\n");
> > + return;
> > + }
> > +
> > + header.tag = ((u8 *)msg)[TAG_OFFSET];
> > + header.command = ((u8 *)msg)[CMD_OFFSET];
> > + header.size = ((u8 *)msg)[SZ_OFFSET];
> > + header.ver = ((u8 *)msg)[VER_OFFSET];
>
> Use a proper struct and FIELD_GET() if needed

Accepted. Correct by using structure pointer.


>
> > +
> > + /* Incoming command: wake up the receiver if any. */
> > + if (header.tag == priv->cmd_tag) {
> > + dev_dbg(dev, "Selecting cmd receiver\n");
> > + dev_ctx = priv->cmd_receiver_dev;
> > + } else if (header.tag == priv->rsp_tag) {
> > + if (priv->waiting_rsp_dev) {
> > + dev_dbg(dev, "Selecting rsp waiter\n");
> > + dev_ctx = priv->waiting_rsp_dev;
> > + is_response = true;
> > + } else {
> > + /*
> > + * Reading the EdgeLock Enclave response
> > + * to the command, sent by other
> > + * linux kernel services.
> > + */
> > + spin_lock(&priv->lock);
> > + memcpy(&priv->rx_msg, msg, header.size << 2);
> > +
> > + complete(&priv->done);
> > + spin_unlock(&priv->lock);
> > + return;
> > + }
> > + } else {
> > + dev_err(dev, "Failed to select a device for message: %.8x\n",
> > + *((u32 *) &header));
> > + return;
> > + }
> > + /* Init reception */
> > + rx_msg = kzalloc(header.size << 2, GFP_KERNEL);
> > + if (rx_msg)
> > + memcpy(rx_msg, msg, header.size << 2);
> > +
> > + dev_ctx->temp_resp = (u32 *)rx_msg;
> > + dev_ctx->temp_resp_size = header.size;
> > +
> > + /* Allow user to read */
> > + dev_ctx->pending_hdr = 1;
> > + wake_up_interruptible(&dev_ctx->wq);
> > +
> > + if (is_response)
> > + priv->waiting_rsp_dev = NULL;
>
> This looks racy to me.
It is not.
But will move it to the place before unlocking the command lock.

Accepted.

>
> > +}
> > +
> > +int validate_rsp_hdr(struct se_if_priv *priv, u32 header,
> > + uint8_t msg_id, uint8_t sz, bool is_base_api)
> > +{
> > + int ret = -EINVAL;
> > + u32 size;
> > + u32 cmd;
> > + u32 tag;
> > + u32 ver;
> > +
> > + tag = MSG_TAG(header);
> > + cmd = MSG_COMMAND(header);
> > + size = MSG_SIZE(header);
> > + ver = MSG_VER(header);
> > +
> > + do {
>
> using a do-while loop is uncommong coding style, Why not use return
> instead?
Corrected.

>
> > + if (tag != priv->rsp_tag) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Resp tag mismatch.
> (0x%x != 0x%x)",
> > + msg_id, tag, priv->rsp_tag);
> > + break;
> > + }
> > +
> > + if (cmd != msg_id) {
> > + dev_err(priv->dev,
> > + "MSG Header: Cmd id mismatch. (0x%x !=
> 0x%x)",
> > + cmd, msg_id);
> > + break;
> > + }
> > +
> > + if (size != (sz >> 2)) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Cmd size mismatch.
> (0x%x != 0x%x)",
> > + msg_id, size, (sz >> 2));
> > + break;
> > + }
> > +
> > + if (is_base_api && (ver != priv->base_api_ver)) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: Base API Vers mismatch.
> (0x%x != 0x%x)",
> > + msg_id, ver, priv->base_api_ver);
> > + break;
> > + } else if (!is_base_api && ver != priv->fw_api_ver) {
> > + dev_err(priv->dev,
> > + "MSG[0x%x] Hdr: FW API Vers mismatch.
> (0x%x != 0x%x)",
> > + msg_id, ver, priv->fw_api_ver);
> > + break;
> > + }
> > +
> > + ret = 0;
> > +
> > + } while (false);
> > +
> > + return ret;
> > +}
> > +
> > +int se_save_imem_state(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + int ret;
> > +
> > + /* EXPORT command will save encrypted IMEM to given address,
> > + * so later in resume, IMEM can be restored from the given
> > + * address.
> > + *
> > + * Size must be at least 64 kB.
> > + */
> > + ret = ele_service_swap(dev,
> > + priv->imem.phyaddr,
> > + ELE_IMEM_SIZE,
> > + ELE_IMEM_EXPORT);
> > + if (ret < 0)
> > + dev_err(dev, "Failed to export IMEM\n");
> > + else
> > + dev_info(dev,
> > + "Exported %d bytes of encrypted IMEM\n",
> > + ret);
> > +
> > + return ret;
> > +}
> > +
> > +int se_restore_imem_state(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct soc_info s_info;
> > + int ret;
> > +
> > + /* get info from ELE */
> > + ret = ele_get_info(dev, &s_info);
> > + if (ret) {
> > + dev_err(dev, "Failed to get info from ELE.\n");
> > + return ret;
> > + }
> > +
> > + /* Get IMEM state, if 0xFE then import IMEM */
> > + if (s_info.imem_state == ELE_IMEM_STATE_BAD) {
> > + /* IMPORT command will restore IMEM from the given
> > + * address, here size is the actual size returned by ELE
> > + * during the export operation
> > + */
> > + ret = ele_service_swap(dev,
> > + priv->imem.phyaddr,
> > + priv->imem.size,
> > + ELE_IMEM_IMPORT);
> > + if (ret) {
> > + dev_err(dev, "Failed to import IMEM\n");
> > + goto exit;
> > + }
> > + } else
> > + goto exit;
> > +
> > + /* After importing IMEM, check if IMEM state is equal to 0xCA
> > + * to ensure IMEM is fully loaded and
> > + * ELE functionality can be used.
> > + */
> > + ret = ele_get_info(dev, &s_info);
> > + if (ret) {
> > + dev_err(dev, "Failed to get info from ELE.\n");
> > + goto exit;
> > + }
> > +
> > + if (s_info.imem_state == ELE_IMEM_STATE_OK)
> > + dev_info(dev, "Successfully restored IMEM\n");
> > + else
> > + dev_err(dev, "Failed to restore IMEM\n");
> > +
> > +exit:
> > + return ret;
> > +}
> > diff --git a/drivers/firmware/imx/ele_common.h
> b/drivers/firmware/imx/ele_common.h
> > new file mode 100644
> > index 000000000000..6e3a2114bb56
> > --- /dev/null
> > +++ b/drivers/firmware/imx/ele_common.h
> > @@ -0,0 +1,43 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +
> > +#ifndef __ELE_COMMON_H__
> > +#define __ELE_COMMON_H__
> > +
> > +#include "se_ctrl.h"
> > +
> > +#define IMX_ELE_FW_DIR "imx/ele/"
> > +
> > +uint32_t plat_add_msg_crc(uint32_t *msg, uint32_t msg_len);
> > +int imx_ele_miscdev_msg_rcv(struct se_if_device_ctx *priv);
> > +int imx_ele_miscdev_msg_send(struct se_if_device_ctx *dev_ctx,
> > + void *tx_msg, int tx_msg_sz);
> > +int imx_ele_msg_rcv(struct se_if_priv *priv);
> > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg);
> > +int imx_ele_msg_send_rcv(struct se_if_priv *priv, void *mssg);
> > +void se_if_rx_callback(struct mbox_client *mbox_cl, void *msg);
> > +int validate_rsp_hdr(struct se_if_priv *priv, unsigned int header,
> > + u8 msg_id, u8 sz, bool is_base_api);
> > +
> > +/* Fill a command message header with a given command ID and length in
> bytes. */
> > +static inline int plat_fill_cmd_msg_hdr(struct se_if_priv *priv,
> > + struct se_msg_hdr *hdr,
> > + u8 cmd,
> > + u32 len,
> > + bool is_base_api)
> > +{
> > + hdr->tag = priv->cmd_tag;
> > + hdr->ver = (is_base_api) ? priv->base_api_ver : priv->fw_api_ver;
> > + hdr->command = cmd;
> > + hdr->size = len >> 2;
> > +
> > + return 0;
> > +}
> > +
> > +int se_save_imem_state(struct device *dev);
> > +int se_restore_imem_state(struct device *dev);
> > +
> > +#endif /*__ELE_COMMON_H__ */
> > diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
> > new file mode 100644
> > index 000000000000..11c5eaa7353f
> > --- /dev/null
> > +++ b/drivers/firmware/imx/se_ctrl.c
> > @@ -0,0 +1,1339 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#include <linux/completion.h>
> > +#include <linux/delay.h>
> > +#include <linux/dev_printk.h>
> > +#include <linux/dma-mapping.h>
> > +#include <linux/errno.h>
> > +#include <linux/export.h>
> > +#include <linux/firmware.h>
> > +#include <linux/firmware/imx/se_api.h>
> > +#include <linux/genalloc.h>
> > +#include <linux/init.h>
> > +#include <linux/io.h>
> > +#include <linux/miscdevice.h>
> > +#include <linux/mod_devicetable.h>
> > +#include <linux/module.h>
> > +#include <linux/of_platform.h>
> > +#include <linux/of_reserved_mem.h>
> > +#include <linux/platform_device.h>
> > +#include <linux/slab.h>
> > +#include <linux/string.h>
> > +#include <linux/sys_soc.h>
> > +#include <uapi/linux/se_ioctl.h>
> > +
> > +#include "ele_base_msg.h"
> > +#include "ele_common.h"
> > +#include "se_ctrl.h"
> > +
> > +#define RESERVED_DMA_POOL BIT(1)
>
> BIT(0)?

Accepted.

>
> > +
> > +struct imx_se_node_info {
> > + u8 se_if_id;
> > + u8 se_if_did;
> > + u8 max_dev_ctx;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > + u8 *se_name;
> > + u8 *mbox_tx_name;
> > + u8 *mbox_rx_name;
> > + u8 *pool_name;
> > + u8 *fw_name_in_rfs;
> > + bool soc_register;
> > + bool reserved_dma_ranges;
> > + bool imem_mgmt;
> > +};
> > +
> > +struct imx_se_node_info_list {
> > + u8 num_mu;
> > + u16 soc_id;
> > + u16 soc_rev;
> > + struct imx_se_node_info info[];
> > +};
> > +
> > +static const struct imx_se_node_info_list imx8ulp_info = {
> > + .num_mu = 1,
> > + .soc_id = SOC_ID_OF_IMX8ULP,
> > + .info = {
> > + {
> > + .se_if_id = 2,
> > + .se_if_did = 7,
> > + .max_dev_ctx = 4,
> > + .cmd_tag = 0x17,
> > + .rsp_tag = 0xe1,
> > + .success_tag = 0xd6,
> > + .base_api_ver = MESSAGING_VERSION_6,
> > + .fw_api_ver = MESSAGING_VERSION_7,
> > + .se_name = "hsm1",
> > + .mbox_tx_name = "tx",
> > + .mbox_rx_name = "rx",
> > + .pool_name = "sram",
> > + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> ^
> not needed

It is needed for i.MX8ULP, dual FW support.

> > + "mx8ulpa2ext-ahab- container.img",


> > + .soc_register = true,
> > + .reserved_dma_ranges = true,
> > + .imem_mgmt = true,
> > + },
> > + },
> > +};
> > +
> > +static const struct imx_se_node_info_list imx93_info = {
> > + .num_mu = 1,
> > + .soc_id = SOC_ID_OF_IMX93,
> > + .info = {
> > + {
> > + .se_if_id = 2,
> > + .se_if_did = 3,
> > + .max_dev_ctx = 4,
> > + .cmd_tag = 0x17,
> > + .rsp_tag = 0xe1,
> > + .success_tag = 0xd6,
> > + .base_api_ver = MESSAGING_VERSION_6,
> > + .fw_api_ver = MESSAGING_VERSION_7,
> > + .se_name = "hsm1",
> > + .mbox_tx_name = "tx",
> > + .mbox_rx_name = "rx",
> > + .reserved_dma_ranges = true,
> > + .imem_mgmt = true,
> > + .soc_register = true,
> > + },
> > + },
>
>
> Some (most?) members of these structs are the same. Why do you have this
> abstraction if it's not needed right now?
It is needed as the values is different for different NXP SoC compatible.
It will be needed for NXP i.MX95 platform, whose code will be next in pipeline.

>
> > +};
> > +
> > +static const struct of_device_id se_match[] = {
> > + { .compatible = "fsl,imx8ulp-ele", .data = (void *)&imx8ulp_info},
> ^^^^^^^^ cast not needed
> > + { .compatible = "fsl,imx93-ele", .data = (void *)&imx93_info},
> > + {},
> > +};
> > +
> > +static struct imx_se_node_info
> > + *get_imx_se_node_info(struct imx_se_node_info_list
> *info_list,
> > + const u32 idx)
> > +{
> > + if (idx < 0 || idx > info_list->num_mu)
>
> u32 cannot be < 0

Accepted. Corrected.

>
> > + return NULL;
> > +
> > + return &info_list->info[idx];
> > +}
> > +
> > +void *get_phy_buf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + dma_addr_t *buf,
> > + u32 size)
> > +{
> > + struct device_node *of_node = dev->of_node;
> > + struct gen_pool *mem_pool;
> > +
> > + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> > + if (!mem_pool) {
> > + dev_err(dev,
> > + "Unable to get sram pool = %s\n",
> > + mem_pool_name);
> > + return 0;
> > + }
> > +
> > + return gen_pool_dma_alloc(mem_pool, size, buf);
> > +}
> > +
> > +void free_phybuf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 *buf,
> > + u32 size)
> > +{
> > + struct device_node *of_node = dev->of_node;
> > + struct gen_pool *mem_pool;
> > +
> > + mem_pool = of_gen_pool_get(of_node, mem_pool_name, 0);
> > + if (!mem_pool)
> > + dev_err(dev,
> > + "%s: Failed: Unable to get sram pool.\n",
> > + __func__);
> > +
> > + gen_pool_free(mem_pool, (u64)buf, size);
> > +}
> > +
> > +static int imx_fetch_soc_info(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + struct imx_se_node_info_list *info_list;
> > + const struct imx_se_node_info *info;
> > + struct soc_device_attribute *attr;
> > + struct soc_device *sdev;
> > + struct soc_info s_info;
> > + int err = 0;
> > +
> > + info = priv->info;
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev->parent);
>
> I think cast is not needed.
It returns memory reference with const attribute.
SoC revision member of 'info_list', is required to be updated.
Thus type casted.

>
> > + if (info_list->soc_rev)
> > + return err;
>
> What does this check do? You'll only get data you put in the info_list
> in the first place.
info_list->soc_rev, is equal to zero for the first call to this function.
To return from this function if this function is already executed.

>
> > +
> > + err = ele_get_info(dev, &s_info);
> > + if (err)
> > + s_info.major_ver = DEFAULT_IMX_SOC_VER;
>
> Why continue here in case of error?
To continue with SoC registration for the default values (without fetching information from ELE).

>
> > +
> > + info_list->soc_rev = s_info.soc_rev;
> > +
> > + if (!info->soc_register)
> > + return 0;
> > +
> > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > + if (!attr)
> > + return -ENOMEM;
> > +
> > + if (s_info.minor_ver)
> > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> > + s_info.major_ver,
> > + s_info.minor_ver);
> > + else
> > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> > + s_info.major_ver);
> > +
> > + switch (s_info.soc_id) {
> > + case SOC_ID_OF_IMX8ULP:
> > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > + "i.MX8ULP");
> > + break;
> > + case SOC_ID_OF_IMX93:
> > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > + "i.MX93");
> > + break;
> > + }
> > +
> > + err = of_property_read_string(of_root, "model",
> > + &attr->machine);
> > + if (err) {
> > + devm_kfree(dev, attr);
>
> Why do you do a manual cleanup of devm managed resources? Same applies
> to the other devm managed resources, too.
>
Used devm managed memory, as this function is called as part probe.

Post device registration, this devm managed memory is un-necessarily blocked.
It is better to release it as part of clean-up, under this function only.

Other devm managed memory clean-up, under se_probe_cleanup, will be removed, as suggested.

> > + return -EINVAL;
> > + }
> > + attr->family = devm_kasprintf(dev, GFP_KERNEL, "Freescale i.MX");
> > +
> > + attr->serial_number
> > + = devm_kasprintf(dev, GFP_KERNEL, "%016llX",
> s_info.serial_num);
> > +
> > + sdev = soc_device_register(attr);
> > + if (IS_ERR(sdev)) {
> > + devm_kfree(dev, attr->soc_id);
> > + devm_kfree(dev, attr->serial_number);
> > + devm_kfree(dev, attr->revision);
> > + devm_kfree(dev, attr->family);
> > + devm_kfree(dev, attr->machine);
> > + devm_kfree(dev, attr);
> > + return PTR_ERR(sdev);
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +/*
> > + * File operations for user-space
> > + */
> > +
> > +/* Write a message to the MU. */
> > +static ssize_t se_if_fops_write(struct file *fp, const char __user *buf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct se_api_msg *tx_msg __free(kfree);
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_if_priv *priv;
> > + int err;
> > +
> > + dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + priv = dev_ctx->priv;
> > + dev_dbg(priv->dev,
> > + "%s: write from buf (%p)%zu, ppos=%lld\n",
> > + dev_ctx->miscdev.name,
> > + buf, size, ((ppos) ? *ppos : 0));
> > +
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + if (dev_ctx->status != MU_OPENED) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + if (size < SE_MU_HDR_SZ) {
> > + dev_err(priv->dev,
> > + "%s: User buffer too small(%zu < %d)\n",
> > + dev_ctx->miscdev.name,
> > + size, SE_MU_HDR_SZ);
> > + err = -ENOSPC;
> > + goto exit;
> > + }
> > +
> > + tx_msg = memdup_user((void __user *)ppos, size);
> > + if (!tx_msg) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + /* Copy data to buffer */
> > + if (copy_from_user(tx_msg, buf, size)) {
> > + err = -EFAULT;
> > + dev_err(priv->dev,
> > + "%s: Fail copy message from user\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > + print_hex_dump_debug("from user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + tx_msg, size, false);
> > +
> > + err = imx_ele_miscdev_msg_send(dev_ctx, tx_msg, size);
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/*
> > + * Read a message from the MU.
> > + * Blocking until a message is available.
> > + */
> > +static ssize_t se_if_fops_read(struct file *fp, char __user *buf,
> > + size_t size, loff_t *ppos)
> > +{
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_buf_desc *b_desc;
> > + struct se_if_priv *priv;
> > + u32 size_to_copy;
> > + int err;
> > +
> > + dev_ctx = container_of(fp->private_data,
> > + struct se_if_device_ctx,
> > + miscdev);
> > + priv = dev_ctx->priv;
> > + dev_dbg(priv->dev,
> > + "%s: read to buf %p(%zu), ppos=%lld\n",
> > + dev_ctx->miscdev.name,
> > + buf, size, ((ppos) ? *ppos : 0));
> > +
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + if (dev_ctx->status != MU_OPENED) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + err = imx_ele_miscdev_msg_rcv(dev_ctx);
> > + if (err)
> > + goto exit;
> > +
> > + /* Buffer containing the message from FW, is
> > + * allocated in callback function.
> > + * Check if buffer allocation failed.
> > + */
> > + if (!dev_ctx->temp_resp) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + dev_dbg(priv->dev,
> > + "%s: %s %s\n",
> > + dev_ctx->miscdev.name,
> > + __func__,
> > + "message received, start transmit to user");
> > +
> > + /*
> > + * Check that the size passed as argument is larger than
> > + * the one carried in the message.
> > + */
> > + size_to_copy = dev_ctx->temp_resp_size << 2;
> > + if (size_to_copy > size) {
> > + dev_dbg(priv->dev,
> > + "%s: User buffer too small (%zu < %d)\n",
> > + dev_ctx->miscdev.name,
> > + size, size_to_copy);
> > + size_to_copy = size;
> > + }
> > +
> > + /*
> > + * We may need to copy the output data to user before
> > + * delivering the completion message.
> > + */
> > + while (!list_empty(&dev_ctx->pending_out)) {
> > + b_desc = list_first_entry_or_null(&dev_ctx->pending_out,
> > + struct se_buf_desc,
> > + link);
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->usr_buf_ptr && b_desc->shared_buf_ptr) {
> > +
> > + dev_dbg(priv->dev,
> > + "%s: Copy output data to user\n",
> > + dev_ctx->miscdev.name);
> > + if (copy_to_user(b_desc->usr_buf_ptr,
> > + b_desc->shared_buf_ptr,
> > + b_desc->size)) {
> > + dev_err(priv->dev,
> > + "%s: Failure copying output data to
> user.",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > + }
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + kfree(b_desc);
> > + }
> > +
> > + /* Copy data from the buffer */
> > + print_hex_dump_debug("to user ", DUMP_PREFIX_OFFSET, 4, 4,
> > + dev_ctx->temp_resp, size_to_copy, false);
> > + if (copy_to_user(buf, dev_ctx->temp_resp, size_to_copy)) {
> > + dev_err(priv->dev,
> > + "%s: Failed to copy to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + err = size_to_copy;
> > + kfree(dev_ctx->temp_resp);
> > +
> > + /* free memory allocated on the shared buffers. */
> > + dev_ctx->secure_mem.pos = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + dev_ctx->pending_hdr = 0;
> > +
> > +exit:
> > + /*
> > + * Clean the used Shared Memory space,
> > + * whether its Input Data copied from user buffers, or
> > + * Data received from FW.
> > + */
> > + while (!list_empty(&dev_ctx->pending_in) ||
> > + !list_empty(&dev_ctx->pending_out)) {
> > + if (!list_empty(&dev_ctx->pending_in))
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_in,
> > + struct se_buf_desc,
> > + link);
> > + else
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_out,
> > + struct se_buf_desc,
> > + link);
> > +
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + kfree(b_desc);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/* Give access to EdgeLock Enclave, to the memory we want to share */
> > +static int se_if_setup_se_mem_access(struct se_if_device_ctx *dev_ctx,
> > + u64 addr, u32 len)
> > +{
> > + /* Assuming EdgeLock Enclave has access to all the memory regions
> */
> > + int ret = 0;
> > +
> > + if (ret) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Fail find memreg\n", dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > + if (ret) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Fail set permission for resource\n",
> > + dev_ctx->miscdev.name);
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return ret;
> > +}
> > +
> > +static int se_ioctl_get_mu_info(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev_ctx->dev);
> > + struct imx_se_node_info *if_node_info;
> > + struct se_ioctl_get_if_info info;
> > + int err = 0;
> > +
> > + if_node_info = (struct imx_se_node_info *)priv->info;
> > +
> > + info.se_if_id = if_node_info->se_if_id;
> > + info.interrupt_idx = 0;
> > + info.tz = 0;
> > + info.did = if_node_info->se_if_did;
> > + info.cmd_tag = if_node_info->cmd_tag;
> > + info.rsp_tag = if_node_info->rsp_tag;
> > + info.success_tag = if_node_info->success_tag;
> > + info.base_api_ver = if_node_info->base_api_ver;
> > + info.fw_api_ver = if_node_info->fw_api_ver;
> > +
> > + dev_dbg(priv->dev,
> > + "%s: info [se_if_id: %d, irq_idx: %d, tz: 0x%x, did: 0x%x]\n",
> > + dev_ctx->miscdev.name,
> > + info.se_if_id, info.interrupt_idx, info.tz, info.did);
> > +
> > + if (copy_to_user((u8 *)arg, &info, sizeof(info))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy mu info to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/*
> > + * Copy a buffer of data to/from the user and return the address to use in
> > + * messages
> > + */
> > +static int se_ioctl_setup_iobuf_handler(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct se_ioctl_setup_iobuf io = {0};
> > + struct se_shared_mem *shared_mem;
> > + struct se_buf_desc *b_desc;
> > + int err = 0;
> > + u32 pos;
> > +
> > + if (copy_from_user(&io, (u8 *)arg, sizeof(io))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed copy iobuf config from user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + dev_dbg(dev_ctx->priv->dev,
> > + "%s: io [buf: %p(%d) flag: %x]\n",
> > + dev_ctx->miscdev.name,
> > + io.user_buf, io.length, io.flags);
> > +
> > + if (io.length == 0 || !io.user_buf) {
> > + /*
> > + * Accept NULL pointers since some buffers are optional
> > + * in FW commands. In this case we should return 0 as
> > + * pointer to be embedded into the message.
> > + * Skip all data copy part of code below.
> > + */
> > + io.ele_addr = 0;
> > + goto copy;
> > + }
> > +
> > + /* Select the shared memory to be used for this buffer. */
> > + if (io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) {
> > + /* App requires to use secure memory for this buffer.*/
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed allocate SEC MEM memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + } else {
> > + /* No specific requirement for this buffer. */
> > + shared_mem = &dev_ctx->non_secure_mem;
> > + }
> > +
> > + /* Check there is enough space in the shared memory. */
> > + if (shared_mem->size < shared_mem->pos
> > + || io.length >= shared_mem->size - shared_mem-
> >pos) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Not enough space in shared memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + /* Allocate space in shared memory. 8 bytes aligned. */
> > + pos = shared_mem->pos;
> > + shared_mem->pos += round_up(io.length, 8u);
> > + io.ele_addr = (u64)shared_mem->dma_addr + pos;
> > +
> > + if ((io.flags & SE_MU_IO_FLAGS_USE_SEC_MEM) &&
> > + !(io.flags & SE_MU_IO_FLAGS_USE_SHORT_ADDR)) {
> > + /*Add base address to get full address.*/
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed allocate SEC MEM memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + memset(shared_mem->ptr + pos, 0, io.length);
> > + if ((io.flags & SE_IO_BUF_FLAGS_IS_INPUT) ||
> > + (io.flags & SE_IO_BUF_FLAGS_IS_IN_OUT)) {
> > + /*
> > + * buffer is input:
> > + * copy data from user space to this allocated buffer.
> > + */
> > + if (copy_from_user(shared_mem->ptr + pos, io.user_buf,
> > + io.length)) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed copy data to shared memory\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > + }
> > +
> > + b_desc = kzalloc(sizeof(*b_desc), GFP_KERNEL);
> > + if (!b_desc) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > +copy:
> > + /* Provide the EdgeLock Enclave address to user space only if
> success.*/
> > + if (copy_to_user((u8 *)arg, &io, sizeof(io))) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy iobuff setup to user\n",
> > + dev_ctx->miscdev.name);
> > + kfree(b_desc);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > + if (b_desc) {
> > + b_desc->shared_buf_ptr = shared_mem->ptr + pos;
> > + b_desc->usr_buf_ptr = io.user_buf;
> > + b_desc->size = io.length;
> > +
> > + if (io.flags & SE_IO_BUF_FLAGS_IS_INPUT) {
> > + /*
> > + * buffer is input:
> > + * add an entry in the "pending input buffers" list so
> > + * that copied data can be cleaned from shared
> memory
> > + * later.
> > + */
> > + list_add_tail(&b_desc->link, &dev_ctx->pending_in);
> > + } else {
> > + /*
> > + * buffer is output:
> > + * add an entry in the "pending out buffers" list so
> data
> > + * can be copied to user space when receiving Secure-
> Enclave
> > + * response.
> > + */
> > + list_add_tail(&b_desc->link, &dev_ctx->pending_out);
> > + }
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/* IOCTL to provide SoC information */
> > +static int se_ioctl_get_soc_info_handler(struct se_if_device_ctx *dev_ctx,
> > + u64 arg)
> > +{
> > + struct imx_se_node_info_list *info_list;
> > + struct se_ioctl_get_soc_info soc_info;
> > + int err = -EINVAL;
> > +
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev_ctx->priv->dev-
> >parent);
> > + if (!info_list)
> > + goto exit;
> > +
> > + soc_info.soc_id = info_list->soc_id;
> > + soc_info.soc_rev = info_list->soc_rev;
> > +
> > + err = (int)copy_to_user((u8 *)arg, (u8 *)(&soc_info), sizeof(soc_info));
> > + if (err) {
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to copy soc info to user\n",
> > + dev_ctx->miscdev.name);
> > + err = -EFAULT;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + return err;
> > +}
> > +
> > +/* Open a character device. */
> > +static int se_if_fops_open(struct inode *nd, struct file *fp)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct
> se_if_device_ctx,
> > + miscdev);
> > + int err;
> > +
> > + /* Avoid race if opened at the same time */
> > + if (down_trylock(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + /* Authorize only 1 instance. */
> > + if (dev_ctx->status != MU_FREE) {
> > + err = -EBUSY;
> > + goto exit;
> > + }
> > +
> > + /*
> > + * Allocate some memory for data exchanges with S40x.
> > + * This will be used for data not requiring secure memory.
> > + */
> > + dev_ctx->non_secure_mem.ptr = dmam_alloc_coherent(dev_ctx-
> >dev,
> > + MAX_DATA_SIZE_PER_USER,
> > + &dev_ctx-
> >non_secure_mem.dma_addr,
> > + GFP_KERNEL);
> > + if (!dev_ctx->non_secure_mem.ptr) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + err = se_if_setup_se_mem_access(dev_ctx,
> > + dev_ctx-
> >non_secure_mem.dma_addr,
> > + MAX_DATA_SIZE_PER_USER);
> > + if (err) {
> > + err = -EPERM;
> > + dev_err(dev_ctx->priv->dev,
> > + "%s: Failed to share access to shared memory\n",
> > + dev_ctx->miscdev.name);
> > + goto free_coherent;
> > + }
> > +
> > + dev_ctx->non_secure_mem.size = MAX_DATA_SIZE_PER_USER;
> > + dev_ctx->non_secure_mem.pos = 0;
> > + dev_ctx->status = MU_OPENED;
> > +
> > + dev_ctx->pending_hdr = 0;
> > +
> > + goto exit;
> > +
> > +free_coherent:
> > + dmam_free_coherent(dev_ctx->priv->dev,
> MAX_DATA_SIZE_PER_USER,
> > + dev_ctx->non_secure_mem.ptr,
> > + dev_ctx->non_secure_mem.dma_addr);
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return err;
> > +}
> > +
> > +/* Close a character device. */
> > +static int se_if_fops_close(struct inode *nd, struct file *fp)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct
> se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *priv = dev_ctx->priv;
> > + struct se_buf_desc *b_desc;
> > +
> > + /* Avoid race if closed at the same time */
> > + if (down_trylock(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + /* The device context has not been opened */
> > + if (dev_ctx->status != MU_OPENED)
> > + goto exit;
> > +
> > + /* check if this device was registered as command receiver. */
> > + if (priv->cmd_receiver_dev == dev_ctx)
> > + priv->cmd_receiver_dev = NULL;
> > +
> > + /* check if this device was registered as waiting response. */
> > + if (priv->waiting_rsp_dev == dev_ctx) {
> > + priv->waiting_rsp_dev = NULL;
> > + mutex_unlock(&priv->se_if_cmd_lock);
> > + }
> > +
> > + /* Unmap secure memory shared buffer. */
> > + if (dev_ctx->secure_mem.ptr)
> > + devm_iounmap(dev_ctx->dev, dev_ctx->secure_mem.ptr);
> > +
> > + dev_ctx->secure_mem.ptr = NULL;
> > + dev_ctx->secure_mem.dma_addr = 0;
> > + dev_ctx->secure_mem.size = 0;
> > + dev_ctx->secure_mem.pos = 0;
> > +
> > + /* Free non-secure shared buffer. */
> > + dmam_free_coherent(dev_ctx->priv->dev,
> MAX_DATA_SIZE_PER_USER,
> > + dev_ctx->non_secure_mem.ptr,
> > + dev_ctx->non_secure_mem.dma_addr);
> > +
> > + dev_ctx->non_secure_mem.ptr = NULL;
> > + dev_ctx->non_secure_mem.dma_addr = 0;
> > + dev_ctx->non_secure_mem.size = 0;
> > + dev_ctx->non_secure_mem.pos = 0;
> > +
> > + while (!list_empty(&dev_ctx->pending_in) ||
> > + !list_empty(&dev_ctx->pending_out)) {
> > + if (!list_empty(&dev_ctx->pending_in))
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_in,
> > + struct se_buf_desc,
> > + link);
> > + else
> > + b_desc = list_first_entry_or_null(&dev_ctx-
> >pending_out,
> > + struct se_buf_desc,
> > + link);
> > +
> > + if (!b_desc)
> > + continue;
> > +
> > + if (b_desc->shared_buf_ptr)
> > + memset(b_desc->shared_buf_ptr, 0, b_desc->size);
> > +
> > + __list_del_entry(&b_desc->link);
> > + devm_kfree(dev_ctx->dev, b_desc);
> > + }
> > +
> > + dev_ctx->status = MU_FREE;
> > +
> > +exit:
> > + up(&dev_ctx->fops_lock);
> > + return 0;
> > +}
> > +
> > +/* IOCTL entry point of a character device */
> > +static long se_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> > +//static long se_ioctl(struct file *fp, u32 cmd, u64 arg)
> > +{
> > + struct se_if_device_ctx *dev_ctx = container_of(fp->private_data,
> > + struct
> se_if_device_ctx,
> > + miscdev);
> > + struct se_if_priv *se_if_priv = dev_ctx->priv;
> > + int err = -EINVAL;
> > +
> > + /* Prevent race during change of device context */
> > + if (down_interruptible(&dev_ctx->fops_lock))
> > + return -EBUSY;
> > +
> > + switch (cmd) {
> > + case SE_IOCTL_ENABLE_CMD_RCV:
> > + if (!se_if_priv->cmd_receiver_dev) {
> > + se_if_priv->cmd_receiver_dev = dev_ctx;
> > + err = 0;
> > + }
> > + break;
> > + case SE_IOCTL_GET_MU_INFO:
> > + err = se_ioctl_get_mu_info(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_SETUP_IOBUF:
> > + err = se_ioctl_setup_iobuf_handler(dev_ctx, arg);
> > + break;
> > + case SE_IOCTL_GET_SOC_INFO:
> > + err = se_ioctl_get_soc_info_handler(dev_ctx, arg);
> > + break;
> > +
> > + default:
> > + err = -EINVAL;
> > + dev_dbg(se_if_priv->dev,
> > + "%s: IOCTL %.8x not supported\n",
> > + dev_ctx->miscdev.name,
> > + cmd);
> > + }
> > +
> > + up(&dev_ctx->fops_lock);
> > + return (long)err;
> > +}
> > +
> > +/* Char driver setup */
> > +static const struct file_operations se_if_fops = {
> > + .open = se_if_fops_open,
> > + .owner = THIS_MODULE,
> > + .release = se_if_fops_close,
> > + .unlocked_ioctl = se_ioctl,
> > + .read = se_if_fops_read,
> > + .write = se_if_fops_write,
> > +};
> > +
> > +/* interface for managed res to free a mailbox channel */
> > +static void if_mbox_free_channel(void *mbox_chan)
> > +{
> > + mbox_free_channel(mbox_chan);
> > +}
> > +
> > +/* interface for managed res to unregister a character device */
> > +static void if_misc_deregister(void *miscdevice)
> > +{
> > + misc_deregister(miscdevice);
> > +}
> > +
> > +static int se_if_request_channel(struct device *dev,
> > + struct mbox_chan **chan,
> > + struct mbox_client *cl,
> > + const u8 *name)
> ^^
>
> mbox_request_channel_byname() uses a "char" for the name not a u8.
>
Accepted.

> > +{
> > + struct mbox_chan *t_chan;
> > + int ret = 0;
> > +
> > + t_chan = mbox_request_channel_byname(cl, name);
> > + if (IS_ERR(t_chan)) {
> > + ret = PTR_ERR(t_chan);
> > + if (ret != -EPROBE_DEFER)
> > + dev_err(dev,
> > + "Failed to request chan %s ret %d\n", name,
> > + ret);
> > + goto exit;
> > + }
> > +
> > + ret = devm_add_action(dev, if_mbox_free_channel, t_chan);
> > + if (ret) {
> > + dev_err(dev, "failed to add devm removal of mbox %s\n",
> name);
> > + goto exit;
> > + }
> > +
> > + *chan = t_chan;
> > +
> > +exit:
> > + return ret;
> > +}
> > +
> > +static int se_probe_if_cleanup(struct platform_device *pdev)
> > +{
> > + struct device *dev = &pdev->dev;
> > + struct se_if_priv *priv;
> > + int ret = 0;
> > + int i;
> > +
> > + priv = dev_get_drvdata(dev);
> > + if (!priv) {
> > + ret = 0;
> > + dev_dbg(dev, "SE-MU Priv data is NULL;");
> > + return ret;
> > + }
> > +
> > + if (priv->tx_chan)
> > + mbox_free_channel(priv->tx_chan);
> > + if (priv->rx_chan)
> > + mbox_free_channel(priv->rx_chan);
> > +
> > + /* free the buffer in se remove, previously allocated
> > + * in se probe to store encrypted IMEM
> > + */
> > + if (priv->imem.buf) {
> > + dmam_free_coherent(dev,
> > + ELE_IMEM_SIZE,
> > + priv->imem.buf,
> > + priv->imem.phyaddr);
> > + priv->imem.buf = NULL;
> > + }
>
> Why cleanup devm managed resources?

Removed the below code:

>
> > +
> > + if (priv->ctxs) {
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + if (priv->ctxs[i]) {
> > + devm_remove_action(dev,
> > + if_misc_deregister,
> > + &priv->ctxs[i]->miscdev);
> > + misc_deregister(&priv->ctxs[i]->miscdev);
> > + devm_kfree(dev, priv->ctxs[i]);
Removed the above line.
> > + }
> > + }
> > + devm_kfree(dev, priv->ctxs);
Removed the above line.
> > + }
> > +
> > + if (priv->flags & RESERVED_DMA_POOL) {
> > + of_reserved_mem_device_release(dev);
> > + priv->flags &= (~RESERVED_DMA_POOL);
> > + }
> > +
> > + devm_kfree(dev, priv);
Removed the above line.
> > + of_node_put(dev->of_node);
> > + of_platform_device_destroy(dev, NULL);
> > +
> > + return ret;
> > +}
> > +
> > +static int se_probe_cleanup(struct platform_device *pdev)
> > +{
> > + struct device *dev = &pdev->dev;
> > + struct device_node *if_dn;
> > +
> > + /* Enumerate se-interface device nodes. */
> > + for_each_child_of_node(dev->of_node, if_dn) {
> > + struct platform_device *if_pdev
> > + = of_find_device_by_node(if_dn);
> > + if (se_probe_if_cleanup(if_pdev))
> > + dev_err(dev,
> > + "Failed to clean-up child node probe.\n");
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int init_device_context(struct device *dev)
> > +{
> > + const struct imx_se_node_info *info;
> > + struct se_if_device_ctx *dev_ctx;
> > + struct se_if_priv *priv;
> > + u8 *devname;
> > + int ret = 0;
> > + int i;
> > +
> > + priv = dev_get_drvdata(dev);
> > +
> > + if (!priv) {
> > + ret = -EINVAL;
> > + dev_err(dev, "Invalid SE-MU Priv data");
> > + return ret;
> > + }
> > + info = priv->info;
> > +
> > + priv->ctxs = devm_kzalloc(dev, sizeof(dev_ctx) * priv->max_dev_ctx,
> > + GFP_KERNEL);
> > +
> > + if (!priv->ctxs) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + /* Create users */
> > + for (i = 0; i < priv->max_dev_ctx; i++) {
> > + dev_ctx = devm_kzalloc(dev, sizeof(*dev_ctx), GFP_KERNEL);
> > + if (!dev_ctx) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->dev = dev;
> > + dev_ctx->status = MU_FREE;
> > + dev_ctx->priv = priv;
> > +
> > + priv->ctxs[i] = dev_ctx;
> > +
> > + /* Default value invalid for an header. */
> > + init_waitqueue_head(&dev_ctx->wq);
> > +
> > + INIT_LIST_HEAD(&dev_ctx->pending_out);
> > + INIT_LIST_HEAD(&dev_ctx->pending_in);
> > + sema_init(&dev_ctx->fops_lock, 1);
> > +
> > + devname = devm_kasprintf(dev, GFP_KERNEL, "%s_ch%d",
> > + info->se_name, i);
> > + if (!devname) {
> > + ret = -ENOMEM;
> > + return ret;
> > + }
> > +
> > + dev_ctx->miscdev.name = devname;
> > + dev_ctx->miscdev.minor = MISC_DYNAMIC_MINOR;
> > + dev_ctx->miscdev.fops = &se_if_fops;
> > + dev_ctx->miscdev.parent = dev;
> > + ret = misc_register(&dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(dev, "failed to register misc device %d\n",
> > + ret);
> > + return ret;
> > + }
> > +
> > + ret = devm_add_action(dev, if_misc_deregister,
> > + &dev_ctx->miscdev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed[%d] to add action to the misc-dev\n",
> > + ret);
> > + return ret;
> > + }
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +static void se_load_firmware(const struct firmware *fw, void *context)
> > +{
> > + struct se_if_priv *priv = (struct se_if_priv *) context;
> > + const struct imx_se_node_info *info = priv->info;
> > + const u8 *se_fw_name = info->fw_name_in_rfs;
> > + phys_addr_t se_fw_phyaddr;
> > + u8 *se_fw_buf;
> > +
> > + if (!fw) {
> > + if (priv->fw_fail > MAX_FW_LOAD_RETRIES)
> > + dev_dbg(priv->dev,
> > + "External FW not found, using ROM FW.\n");
> > + else {
> > + /*add a bit delay to wait for firmware priv released */
> > + msleep(20);
> > +
> > + /* Load firmware one more time if timeout */
> > + request_firmware_nowait(THIS_MODULE,
> > + FW_ACTION_UEVENT, info-
> >fw_name_in_rfs,
> > + priv->dev, GFP_KERNEL, priv,
> > + se_load_firmware);
> > + priv->fw_fail++;
> > + dev_dbg(priv->dev, "Value of retries = 0x%x.\n",
> > + priv->fw_fail);
> > + }
> > +
> > + return;
> > + }
> > +
> > + /* allocate buffer to store the SE FW */
> > + se_fw_buf = dmam_alloc_coherent(priv->dev, fw->size,
> > + &se_fw_phyaddr,
> > + GFP_KERNEL);
> > + if (!se_fw_buf) {
> > + dev_err(priv->dev, "Failed to alloc SE fw buffer memory\n");
> > + goto exit;
> > + }
> > +
> > + memcpy(se_fw_buf, fw->data, fw->size);
> > +
> > + if (ele_fw_authenticate(priv->dev, se_fw_phyaddr))
> > + dev_err(priv->dev,
> > + "Failed to authenticate & load SE firmware %s.\n",
> > + se_fw_name);
> > +
> > +exit:
> > + dmam_free_coherent(priv->dev,
> > + fw->size,
> > + se_fw_buf,
> > + se_fw_phyaddr);
> > +
> > + release_firmware(fw);
> > +}
> > +
> > +static int se_if_probe(struct platform_device *pdev)
> > +{
> > + struct imx_se_node_info_list *info_list;
> > + struct device *dev = &pdev->dev;
> > + struct imx_se_node_info *info;
> > + struct se_if_priv *priv;
> > + u32 idx;
> > + int ret;
> > +
> > + if (of_property_read_u32(dev->of_node, "reg", &idx)) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + info_list = (struct imx_se_node_info_list *)
> > + device_get_match_data(dev->parent);
> > + info = get_imx_se_node_info(info_list, idx);
> > +
> > + priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
> > + if (!priv) {
> > + ret = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + dev_set_drvdata(dev, priv);
> > +
> > + /* Mailbox client configuration */
> > + priv->se_mb_cl.dev = dev;
> > + priv->se_mb_cl.tx_block = false;
> > + priv->se_mb_cl.knows_txdone = true;
> > + priv->se_mb_cl.rx_callback = se_if_rx_callback;
> > +
> > + ret = se_if_request_channel(dev, &priv->tx_chan,
> > + &priv->se_mb_cl, info->mbox_tx_name);
> > + if (ret) {
> > + if (ret == -EPROBE_DEFER)
>
> Don't test for -EPROBE_DEFER, use dev_err_probe().
Accepted.
>
> > + dev_err(dev, "Mailbox tx channel, is not ready.\n");
> > + else
> > + dev_err(dev, "Failed to request tx channel\n");
> > +
> > + goto exit;
> > + }
> > +
> > + ret = se_if_request_channel(dev, &priv->rx_chan,
> > + &priv->se_mb_cl, info->mbox_rx_name);
> > + if (ret) {
> > + if (ret == -EPROBE_DEFER)
> > + dev_err(dev, "Mailbox rx channel, is not ready.\n");
> > + else
> > + dev_dbg(dev, "Failed to request rx channel\n");
> > +
> > + goto exit;
> > + }
> > +
> > + priv->dev = dev;
> > + priv->info = info;
> > +
> > + /* Initialize the mutex. */
> > + mutex_init(&priv->se_if_lock);
> > + mutex_init(&priv->se_if_cmd_lock);
> > +
> > + priv->cmd_receiver_dev = NULL;
> > + priv->waiting_rsp_dev = NULL;
> > + priv->max_dev_ctx = info->max_dev_ctx;
> > + priv->cmd_tag = info->cmd_tag;
> > + priv->rsp_tag = info->rsp_tag;
> > + priv->mem_pool_name = info->pool_name;
> > + priv->success_tag = info->success_tag;
> > + priv->base_api_ver = info->base_api_ver;
> > + priv->fw_api_ver = info->fw_api_ver;
> > +
> > + init_completion(&priv->done);
> > + spin_lock_init(&priv->lock);
> > +
> > + if (info->reserved_dma_ranges) {
> > + ret = of_reserved_mem_device_init(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed to init reserved memory region %d\n",
> > + ret);
> > + priv->flags &= (~RESERVED_DMA_POOL);
> > + goto exit;
> > + }
> > + priv->flags |= RESERVED_DMA_POOL;
> > + }
> > +
> > + if (info->fw_name_in_rfs) {
> > + ret = request_firmware_nowait(THIS_MODULE,
> > + FW_ACTION_UEVENT,
> > + info->fw_name_in_rfs,
> > + dev, GFP_KERNEL, priv,
> > + se_load_firmware);
> > + if (ret)
> > + dev_warn(dev, "Failed to get firmware [%s].\n",
> > + info->fw_name_in_rfs);
> > + }
> > +
> > + ret = imx_fetch_soc_info(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "failed[%d] to fetch SoC Info\n", ret);
>
> Use %pe to print error values
Accepted.

>
> > + goto exit;
> > + }
> > +
> > + if (info->imem_mgmt) {
> > + /* allocate buffer where SE store encrypted IMEM */
> > + priv->imem.buf = dmam_alloc_coherent(dev,
> ELE_IMEM_SIZE,
> > + &priv->imem.phyaddr,
> > + GFP_KERNEL);
> > + if (!priv->imem.buf) {
> > + dev_err(dev,
> > + "dmam-alloc-failed: To store encr-IMEM.\n");
> > + ret = -ENOMEM;
> > + goto exit;
> > + }
> > + }
> > +
> > + if (info->max_dev_ctx) {
> > + ret = init_device_context(dev);
> > + if (ret) {
> > + dev_err(dev,
> > + "Failed[0x%x] to create device contexts.\n",
> > + ret);
> > + goto exit;
> > + }
> > + }
> > +
> > + dev_info(dev, "i.MX secure-enclave: %s interface to firmware,
> configured.\n",
> > + info->se_name);
> > + return devm_of_platform_populate(dev);
> > +
> > +exit:
> > + /* if execution control reaches here, if probe fails.
> > + * hence doing the cleanup
> > + */
> > + if (se_probe_if_cleanup(pdev))
> > + dev_err(dev,
> > + "Failed to clean-up the child node probe.\n");
> > +
> > + return ret;
> > +}
> > +
> > +static int se_probe(struct platform_device *pdev)
> > +{
> > + struct device_node *enum_dev_node;
> > + struct device *dev = &pdev->dev;
> > + int enum_count;
> > + int ret;
> > +
> > + enum_count = of_get_child_count(dev->of_node);
> > + if (!enum_count) {
> > + ret = -EINVAL;
> > + dev_err(dev, "Zero Tx/Rx path MU nodes.\n");
> > + return ret;
> > + }
> > +
> > + for_each_child_of_node(dev->of_node, enum_dev_node) {
> > + struct platform_device *enum_plat_dev __maybe_unused;
>
> Why is this __maybe_unused?
Will correct in v2.

>
> > +
> > + if (!of_device_is_available(enum_dev_node))
> > + continue;
> > +
> > + enum_plat_dev =
> of_platform_device_create(enum_dev_node,
> > + NULL,
> > + dev);
> > + if (!enum_plat_dev) {
> > + ret = -EINVAL;
> > + of_node_put(enum_dev_node);
> > + dev_err(dev,
> > + "Failed to create enumerated platform
> device.");
> > + break;
> > + }
> > +
> > + ret = se_if_probe(enum_plat_dev);
> > + }
> > + return ret;
> > +}
> > +
> > +static int se_remove(struct platform_device *pdev)
> > +{
> > + if (se_probe_cleanup(pdev))
> > + dev_err(&pdev->dev,
> > + "i.MX Secure Enclave is not cleanly un-probed.");
> > +
> > + return 0;
> > +}
> > +
> > +static int se_suspend(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + const struct imx_se_node_info *info
> > + = priv->info;
> > +
> > + if (info && info->imem_mgmt)
> > + priv->imem.size = se_save_imem_state(dev);
> > +
> > + return 0;
> > +}
> > +
> > +static int se_resume(struct device *dev)
> > +{
> > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > + const struct imx_se_node_info *info
> > + = priv->info;
> > + int i;
> > +
> > + for (i = 0; i < priv->max_dev_ctx; i++)
> > + wake_up_interruptible(&priv->ctxs[i]->wq);
> > +
> > + if (info && info->imem_mgmt)
> > + se_restore_imem_state(dev);
> > +
> > + return 0;
> > +}
> > +
> > +static const struct dev_pm_ops se_pm = {
> > + RUNTIME_PM_OPS(se_suspend, se_resume, NULL)
> > +};
> > +
> > +static struct platform_driver se_driver = {
> > + .driver = {
> > + .name = "fsl-se-fw",
> > + .of_match_table = se_match,
> > + .pm = &se_pm,
> > + },
> > + .probe = se_probe,
> > + .remove = se_remove,
> > +};
> > +MODULE_DEVICE_TABLE(of, se_match);
> > +
> > +module_platform_driver(se_driver);
> > +
> > +MODULE_AUTHOR("Pankaj Gupta <[email protected]>");
> > +MODULE_DESCRIPTION("iMX Secure Enclave Driver.");
> > +MODULE_LICENSE("GPL");
> > diff --git a/drivers/firmware/imx/se_ctrl.h b/drivers/firmware/imx/se_ctrl.h
> > new file mode 100644
> > index 000000000000..76e1ce77c52f
> > --- /dev/null
> > +++ b/drivers/firmware/imx/se_ctrl.h
> > @@ -0,0 +1,151 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef SE_MU_H
> > +#define SE_MU_H
> > +
> > +#include <linux/miscdevice.h>
> > +#include <linux/semaphore.h>
> > +#include <linux/mailbox_client.h>
> > +
> > +#define MAX_FW_LOAD_RETRIES 50
> > +
> > +#define MSG_TAG(x) (((x) & 0xff000000) >> 24)
> > +#define MSG_COMMAND(x) (((x) & 0x00ff0000) >> 16)
> > +#define MSG_SIZE(x) (((x) & 0x0000ff00) >> 8)
> > +#define MSG_VER(x) ((x) & 0x000000ff)
> > +#define RES_STATUS(x) ((x) & 0x000000ff)
>
> please use FIELD_GET(), FIELD_PREP() for these
Accepted. Used FIELD_GET() for MSG_TAG, MSG_COMMAND, MSG_SIZE, MSG_VER, RES_STATUS

>
> > +#define MAX_DATA_SIZE_PER_USER (65 * 1024)
> > +#define S4_DEFAULT_MUAP_INDEX (2)
> > +#define S4_MUAP_DEFAULT_MAX_USERS (4)
> > +#define MESSAGING_VERSION_6 0x6
> > +#define MESSAGING_VERSION_7 0x7
> > +
> > +#define DEFAULT_MESSAGING_TAG_COMMAND (0x17u)
> > +#define DEFAULT_MESSAGING_TAG_RESPONSE (0xe1u)
> > +
> > +#define SE_MU_IO_FLAGS_USE_SEC_MEM (0x02u)
> > +#define SE_MU_IO_FLAGS_USE_SHORT_ADDR (0x04u)
> > +
> > +struct se_imem_buf {
> > + u8 *buf;
> > + phys_addr_t phyaddr;
> > + u32 size;
> > +};
> > +
> > +struct se_buf_desc {
> > + u8 *shared_buf_ptr;
> > + u8 *usr_buf_ptr;
> > + u32 size;
> > + struct list_head link;
> > +};
> > +
> > +/* Status of a char device */
> > +enum se_if_dev_ctx_status_t {
> > + MU_FREE,
> > + MU_OPENED
> > +};
> > +
> > +struct se_shared_mem {
> > + dma_addr_t dma_addr;
> > + u32 size;
> > + u32 pos;
> > + u8 *ptr;
> > +};
> > +
> > +/* Private struct for each char device instance. */
> > +struct se_if_device_ctx {
> > + struct device *dev;
> > + struct se_if_priv *priv;
> > + struct miscdevice miscdev;
> > +
> > + enum se_if_dev_ctx_status_t status;
> > + wait_queue_head_t wq;
> > + struct semaphore fops_lock;
> > +
> > + u32 pending_hdr;
> > + struct list_head pending_in;
> > + struct list_head pending_out;
> > +
> > + struct se_shared_mem secure_mem;
> > + struct se_shared_mem non_secure_mem;
> > +
> > + u32 *temp_resp;
> > + u32 temp_resp_size;
> > + struct notifier_block se_notify;
> > +};
> > +
> > +/* Header of the messages exchange with the EdgeLock Enclave */
> > +struct se_msg_hdr {
> > + u8 ver;
> > + u8 size;
> > + u8 command;
> > + u8 tag;
> > +} __packed;
> > +
> > +#define SE_MU_HDR_SZ 4
> > +#define TAG_OFFSET (SE_MU_HDR_SZ - 1)
> > +#define CMD_OFFSET (SE_MU_HDR_SZ - 2)
> > +#define SZ_OFFSET (SE_MU_HDR_SZ - 3)
> > +#define VER_OFFSET (SE_MU_HDR_SZ - 4)
> > +
> > +struct se_api_msg {
> > + u32 header; /* u8 Tag; u8 Command; u8 Size; u8 Ver; */
> > + u32 *data;
> > +};
> > +
> > +struct se_if_priv {
> > + struct se_if_device_ctx *cmd_receiver_dev;
> > + struct se_if_device_ctx *waiting_rsp_dev;
> > + bool no_dev_ctx_used;
>
> What does no_dev_ctx_used do?
It is used for deducing if this secure-enclave interface device used by kernel or user-space.
Use of this variable will be optimized & removed in v2.

>
> > + /*
> > + * prevent parallel access to the se interface registers
> > + * e.g. a user trying to send a command while the other one is
> > + * sending a response.
> > + */
> > + struct mutex se_if_lock;
> > + /*
> > + * prevent a command to be sent on the se interface while another
> one is
> > + * still processing. (response to a command is allowed)
> > + */
> > + struct mutex se_if_cmd_lock;
>
> Please explain why you need 2 mutexes here?
Moved the text from patch 1/4 to here.

>
> > + struct device *dev;
> > + u8 *mem_pool_name;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > + u32 fw_fail;
> > + const void *info;
> > +
> > + struct mbox_client se_mb_cl;
> > + struct mbox_chan *tx_chan, *rx_chan;
> > + struct se_api_msg *rx_msg;
> > + struct completion done;
> > + spinlock_t lock;
> > + /*
> > + * Flag to retain the state of initialization done at
> > + * the time of se-mu probe.
> > + */
> > + uint32_t flags;
> > + u8 max_dev_ctx;
> > + struct se_if_device_ctx **ctxs;
> > + struct se_imem_buf imem;
> > +};
> > +
> > +void *get_phy_buf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + dma_addr_t *buf,
> > + u32 size);
> > +phys_addr_t get_phy_buf_mem_pool1(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 **buf,
> > + u32 size);
> > +void free_phybuf_mem_pool(struct device *dev,
> > + u8 *mem_pool_name,
> > + u32 *buf,
> > + u32 size);
> > +#endif
> > diff --git a/include/linux/firmware/imx/se_api.h
> b/include/linux/firmware/imx/se_api.h
> > new file mode 100644
> > index 000000000000..c47f84906837
> > --- /dev/null
> > +++ b/include/linux/firmware/imx/se_api.h
> > @@ -0,0 +1,14 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef __SE_API_H__
> > +#define __SE_API_H__
> > +
> > +#include <linux/types.h>
> > +
> > +#define SOC_ID_OF_IMX8ULP 0x084D
> > +#define SOC_ID_OF_IMX93 0x9300
> > +
> > +#endif /* __SE_API_H__ */
> > diff --git a/include/uapi/linux/se_ioctl.h b/include/uapi/linux/se_ioctl.h
> > new file mode 100644
> > index 000000000000..f68a36e9da2c
> > --- /dev/null
> > +++ b/include/uapi/linux/se_ioctl.h
> > @@ -0,0 +1,88 @@
> > +/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR BSD-3-
> Clause*/
> > +/*
> > + * Copyright 2024 NXP
> > + */
> > +
> > +#ifndef SE_IOCTL_H
> > +#define SE_IOCTL_H
> > +
> > +/* IOCTL definitions. */
> > +
> > +struct se_ioctl_setup_iobuf {
> > + u8 *user_buf;
> > + u32 length;
> > + u32 flags;
> > + u64 ele_addr;
> > +};
> > +
> > +struct se_ioctl_shared_mem_cfg {
> > + u32 base_offset;
> > + u32 size;
> > +};
> > +
> > +struct se_ioctl_get_if_info {
> > + u8 se_if_id;
> > + u8 interrupt_idx;
> > + u8 tz;
> > + u8 did;
> > + u8 cmd_tag;
> > + u8 rsp_tag;
> > + u8 success_tag;
> > + u8 base_api_ver;
> > + u8 fw_api_ver;
> > +};
> > +
> > +struct se_ioctl_signed_message {
> > + u8 *message;
> > + u32 msg_size;
> > + u32 error_code;
> > +};
> > +
> > +struct se_ioctl_get_soc_info {
> > + u16 soc_id;
> > + u16 soc_rev;
> > +};
> > +
> > +/* IO Buffer Flags */
> > +#define SE_IO_BUF_FLAGS_IS_OUTPUT (0x00u)
> > +#define SE_IO_BUF_FLAGS_IS_INPUT (0x01u)
> > +#define SE_IO_BUF_FLAGS_USE_SEC_MEM (0x02u)
> > +#define SE_IO_BUF_FLAGS_USE_SHORT_ADDR (0x04u)
> > +#define SE_IO_BUF_FLAGS_IS_IN_OUT (0x10u)
> > +
> > +/* IOCTLS */
> > +#define SE_IOCTL 0x0A /* like MISC_MAJOR. */
> > +
> > +/*
> > + * ioctl to designated the current fd as logical-reciever.
> > + * This is ioctl is send when the nvm-daemon, a slave to the
> > + * firmware is started by the user.
> > + */
> > +#define SE_IOCTL_ENABLE_CMD_RCV _IO(SE_IOCTL, 0x01)
> > +
> > +/*
> > + * ioctl to get the buffer allocated from the memory, which is shared
> > + * between kernel and FW.
> > + * Post allocation, the kernel tagged the allocated memory with:
> > + * Output
> > + * Input
> > + * Input-Output
> > + * Short address
> > + * Secure-memory
> > + */
> > +#define SE_IOCTL_SETUP_IOBUF _IOWR(SE_IOCTL, 0x03, \
> > + struct se_ioctl_setup_iobuf)
> > +
> > +/*
> > + * ioctl to get the mu information, that is used to exchange message
> > + * with FW, from user-spaced.
> > + */
> > +#define SE_IOCTL_GET_MU_INFO _IOR(SE_IOCTL, 0x04, \
> > + struct se_ioctl_get_if_info)
> > +/*
> > + * ioctl to get SoC Info from user-space.
> > + */
> > +#define SE_IOCTL_GET_SOC_INFO _IOR(SE_IOCTL, 0x06, \
> > + struct se_ioctl_get_soc_info)
> > +
> > +#endif
> >
> > --
> > 2.34.1
> >
>
> regards,
> Marc
>
> --
> Pengutronix e.K. | Marc Kleine-Budde |
> Embedded Linux | https://www.pengutronix.de |
> Vertretung Nürnberg | Phone: +49-5121-206917-129 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |

2024-05-20 11:03:10

by Marc Kleine-Budde

[permalink] [raw]
Subject: Re: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

On 17.05.2024 11:24:46, Pankaj Gupta wrote:
> > > new file mode 100644
> > > index 000000000000..0463f26d93c7
> > > --- /dev/null
> > > +++ b/drivers/firmware/imx/ele_base_msg.c
> > > @@ -0,0 +1,287 @@
> > > +// SPDX-License-Identifier: GPL-2.0+
> > > +/*
> > > + * Copyright 2024 NXP
> > > + */
> > > +
> > > +#include <linux/types.h>
> > > +#include <linux/completion.h>
> > > +#include <linux/dma-mapping.h>
> > > +
> > > +#include "ele_base_msg.h"
> > > +#include "ele_common.h"
> > > +
> > > +int ele_get_info(struct device *dev, struct soc_info *s_info)
> > > +{
> > > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > > + struct se_api_msg *tx_msg __free(kfree);
> > > + struct se_api_msg *rx_msg __free(kfree);
> > > + phys_addr_t get_info_addr;
> > > + u32 *get_info_data;
> > > + u32 status;
> > > + int ret;
> > > +
> > > + if (!priv || !s_info)
> > > + goto exit;
> >
> > You should code properly, so that this doesn't happen, your cleanup is
> > broken, it will work on uninitialized data, as Sascha already mentioned.
>
> The API(s) part of this file will be later exported and might get used by driver/crypto/ele/*.c.
> Still if you think, this check should be removed, I will do it in v2.

It makes no sense to call these functions with NULL pointers, if you do
so, it's a mistake by the caller. If it's used by some other part of the
ele driver that should be coded properly.

> > > +
> > > + memset(s_info, 0x0, sizeof(*s_info));
> > > +
> > > + if (priv->mem_pool_name)
> > > + get_info_data = get_phy_buf_mem_pool(dev,
> > > + priv->mem_pool_name,
> > > + &get_info_addr,
> > > + ELE_GET_INFO_BUFF_SZ);
> > > + else
> > > + get_info_data = dmam_alloc_coherent(dev,
> > > + ELE_GET_INFO_BUFF_SZ,
> > > + &get_info_addr,
> > > + GFP_KERNEL);
> >
> > It's better style to move the init of the dma memory into the probe
> > function.
>
> It is not DMA init. It is DMA allocation.

It's better style to move the allocation of the dma memory into the
probe function.


[...]

> > > + priv->rx_msg = rx_msg;
> > > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> >
> > This API looks strange, why put the tx_msg as a parameter the rx_msg
> > into the private struct?
>
> The rx_msg is the populated in the interrupt context. Hence, it kept
> as part of private structure; which is in-turn associated with
> mbox_client.

These are implementation details, it just feels strange to pass one
parameter via an arguments and put the other in the private pointer.

> Though, in v2 moving the rx_msg setting to imx_ele_msg_send_rcv(priv,
> tx_msg, rx_msg);

fine

[...]

> > > + if (status != priv->success_tag) {
> > > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > > + ELE_GET_INFO_REQ, status);
> > > + ret = -1;
> > > + }
> > > +
> > > + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> > > + & ELE_IMEM_STATE_MASK) >> 16;
> >
> > can you use a struct for get_info_data and use FIELD_GET() (if needed)
>
> Re-write the structure soc_info, matching the information provided in
> response to this api.

Looks better. Please compile the driver and check with "pahole" that the
layout of these structures doesn't contain any unwanted padding.
Otherwise add "__packed" and if you can guarantee "__aligned(4)".

> struct dev_info {
> uint8_t cmd;
> uint8_t ver;
> uint16_t length;
> uint16_t soc_id;
> uint16_t soc_rev;
> uint16_t lmda_val;
> uint8_t ssm_state;
> uint8_t dev_atts_api_ver;
> uint8_t uid[MAX_UID_SIZE];
> uint8_t sha_rom_patch[DEV_GETINFO_ROM_PATCH_SHA_SZ];
> uint8_t sha_fw[DEV_GETINFO_FW_SHA_SZ];
> };
>
> struct dev_addn_info {
> uint8_t oem_srkh[DEV_GETINFO_OEM_SRKH_SZ];
> uint8_t trng_state;
> uint8_t csal_state;
> uint8_t imem_state;
> uint8_t reserved2;
> };
>
> struct soc_info {
> struct dev_info d_info;
> struct dev_addn_info d_addn_info;
> };

[...]

> > > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg)
> > > +{
> > > + bool is_cmd_lock_tobe_taken = false;
> > > + int err;
> > > +
> > > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > > + is_cmd_lock_tobe_taken = true;
> > > + mutex_lock(&priv->se_if_cmd_lock);
> > > + }
> > > + scoped_guard(mutex, &priv->se_if_lock);
> > > +
> > > + err = mbox_send_message(priv->tx_chan, mssg);
> > > + if (err < 0) {
> > > + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> > > + if (is_cmd_lock_tobe_taken)
> > > + mutex_unlock(&priv->se_if_cmd_lock);
> >
> > Only dropping the lock in case of failure doesn't look right to me.
>
> The callers of this function, takes the execution flow to aborting the
> operation on getting return code < 0. No next action is expected under
> this aborted operation. Unlocking the lock here is not an issue
>
> > It seems you should better move the lock to the callers of this function.
>
> Accepted, and moved to the caller of the function for:
> - locking
> - unlocking in case of error.
>
> Unlocking in the read API, once response is successfully received and
> read.

A better design would be: imx_ele_msg_rcv() imx_ele_msg_send() are
expected to be called locked. Add lockdep_assert_held() to these
function to document/check this.

The callers of imx_ele_msg_rcv() and imx_ele_msg_send() have to take
care of the locking.

[...]

> > > +static const struct imx_se_node_info_list imx8ulp_info = {
> > > + .num_mu = 1,
> > > + .soc_id = SOC_ID_OF_IMX8ULP,
> > > + .info = {
> > > + {
> > > + .se_if_id = 2,
> > > + .se_if_did = 7,
> > > + .max_dev_ctx = 4,
> > > + .cmd_tag = 0x17,
> > > + .rsp_tag = 0xe1,
> > > + .success_tag = 0xd6,
> > > + .base_api_ver = MESSAGING_VERSION_6,
> > > + .fw_api_ver = MESSAGING_VERSION_7,
> > > + .se_name = "hsm1",
> > > + .mbox_tx_name = "tx",
> > > + .mbox_rx_name = "rx",
> > > + .pool_name = "sram",
> > > + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> > ^
> > not needed
>
> It is needed for i.MX8ULP, dual FW support.

The backslash is not needed.

>
> > > + "mx8ulpa2ext-ahab- container.img",
>
>
> > > + .soc_register = true,
> > > + .reserved_dma_ranges = true,
> > > + .imem_mgmt = true,
> > > + },
> > > + },
> > > +};
> > > +
> > > +static const struct imx_se_node_info_list imx93_info = {
> > > + .num_mu = 1,
> > > + .soc_id = SOC_ID_OF_IMX93,
> > > + .info = {
> > > + {
> > > + .se_if_id = 2,
> > > + .se_if_did = 3,
> > > + .max_dev_ctx = 4,
> > > + .cmd_tag = 0x17,
> > > + .rsp_tag = 0xe1,
> > > + .success_tag = 0xd6,
> > > + .base_api_ver = MESSAGING_VERSION_6,
> > > + .fw_api_ver = MESSAGING_VERSION_7,
> > > + .se_name = "hsm1",
> > > + .mbox_tx_name = "tx",
> > > + .mbox_rx_name = "rx",
> > > + .reserved_dma_ranges = true,
> > > + .imem_mgmt = true,
> > > + .soc_register = true,
> > > + },
> > > + },
> >
> >
> > Some (most?) members of these structs are the same. Why do you have this
> > abstraction if it's not needed right now?
>
> It is needed as the values is different for different NXP SoC
> compatible. It will be needed for NXP i.MX95 platform, whose code will
> be next in pipeline.

How does the imx95 .info look like?

[...]

> > > +static int imx_fetch_soc_info(struct device *dev)
> > > +{
> > > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > > + struct imx_se_node_info_list *info_list;
> > > + const struct imx_se_node_info *info;
> > > + struct soc_device_attribute *attr;
> > > + struct soc_device *sdev;
> > > + struct soc_info s_info;
> > > + int err = 0;
> > > +
> > > + info = priv->info;
> > > + info_list = (struct imx_se_node_info_list *)
> > > + device_get_match_data(dev->parent);
> >
> > I think cast is not needed.
>
> It returns memory reference with const attribute. SoC revision member
> of 'info_list', is required to be updated. Thus type casted.

Have you considered that this memory is marked as const for a reason?
It's const, you cannot change it. Place any values that have to changed
into your priv.

> > > + if (info_list->soc_rev)
> > > + return err;
> >
> > What does this check do? You'll only get data you put in the info_list
> > in the first place.

> info_list->soc_rev, is equal to zero for the first call to this
> function. To return from this function if this function is already
> executed.

This looks wrong, see above.

> > > + err = ele_get_info(dev, &s_info);
> > > + if (err)
> > > + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> >
> > Why continue here in case of error?
>
> To continue with SoC registration for the default values (without
> fetching information from ELE).

Have you tested the driver that it will work, if this fails?

> > > +
> > > + info_list->soc_rev = s_info.soc_rev;
> > > +
> > > + if (!info->soc_register)
> > > + return 0;
> > > +
> > > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > > + if (!attr)
> > > + return -ENOMEM;
> > > +
> > > + if (s_info.minor_ver)
> > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> > > + s_info.major_ver,
> > > + s_info.minor_ver);
> > > + else
> > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> > > + s_info.major_ver);
> > > +
> > > + switch (s_info.soc_id) {
> > > + case SOC_ID_OF_IMX8ULP:
> > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > + "i.MX8ULP");
> > > + break;
> > > + case SOC_ID_OF_IMX93:
> > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > + "i.MX93");
> > > + break;
> > > + }
> > > +
> > > + err = of_property_read_string(of_root, "model",
> > > + &attr->machine);
> > > + if (err) {
> > > + devm_kfree(dev, attr);
> >
> > Why do you do a manual cleanup of devm managed resources? Same applies
> > to the other devm managed resources, too.
> >
> Used devm managed memory, as this function is called as part probe.
> Post device registration, this devm managed memory is un-necessarily
> blocked. It is better to release it as part of clean-up, under this
> function only.

Why do you allocate the memory with devm in the first place, if it's not
needed after probe?

> Other devm managed memory clean-up, under se_probe_cleanup, will be
> removed, as suggested.

regards,
Marc

--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung Nürnberg | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |


Attachments:
(No filename) (10.81 kB)
signature.asc (499.00 B)
Download all attachments

2024-05-21 11:57:38

by Pankaj Gupta

[permalink] [raw]
Subject: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Marc Kleine-Budde <[email protected]>
> Sent: Monday, May 20, 2024 4:32 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: Re: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP
> EdgeLock Enclave
>
> On 17.05.2024 11:24:46, Pankaj Gupta wrote:
> > > > new file mode 100644
> > > > index 000000000000..0463f26d93c7
> > > > --- /dev/null
> > > > +++ b/drivers/firmware/imx/ele_base_msg.c
> > > > @@ -0,0 +1,287 @@
> > > > +// SPDX-License-Identifier: GPL-2.0+
> > > > +/*
> > > > + * Copyright 2024 NXP
> > > > + */
> > > > +
> > > > +#include <linux/types.h>
> > > > +#include <linux/completion.h>
> > > > +#include <linux/dma-mapping.h>
> > > > +
> > > > +#include "ele_base_msg.h"
> > > > +#include "ele_common.h"
> > > > +
> > > > +int ele_get_info(struct device *dev, struct soc_info *s_info) {
> > > > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > > > + struct se_api_msg *tx_msg __free(kfree);
> > > > + struct se_api_msg *rx_msg __free(kfree);
> > > > + phys_addr_t get_info_addr;
> > > > + u32 *get_info_data;
> > > > + u32 status;
> > > > + int ret;
> > > > +
> > > > + if (!priv || !s_info)
> > > > + goto exit;
> > >
> > > You should code properly, so that this doesn't happen, your cleanup
> > > is broken, it will work on uninitialized data, as Sascha already mentioned.
> >
> > The API(s) part of this file will be later exported and might get used by
> driver/crypto/ele/*.c.
> > Still if you think, this check should be removed, I will do it in v2.
>
> It makes no sense to call these functions with NULL pointers, if you do so, it's
> a mistake by the caller. If it's used by some other part of the ele driver that
> should be coded properly.
>
Will remove this change in v2.

> > > > +
> > > > + memset(s_info, 0x0, sizeof(*s_info));
> > > > +
> > > > + if (priv->mem_pool_name)
> > > > + get_info_data = get_phy_buf_mem_pool(dev,
> > > > + priv->mem_pool_name,
> > > > + &get_info_addr,
> > > > + ELE_GET_INFO_BUFF_SZ);
> > > > + else
> > > > + get_info_data = dmam_alloc_coherent(dev,
> > > > + ELE_GET_INFO_BUFF_SZ,
> > > > + &get_info_addr,
> > > > + GFP_KERNEL);
> > >
> > > It's better style to move the init of the dma memory into the probe
> > > function.
> >
> > It is not DMA init. It is DMA allocation.
>
> It's better style to move the allocation of the dma memory into the probe
> function.
>
The buffer 'get_info_data', is allocated and freed within this function.
This API is called multiple times:
- as part of probe.
- as part of suspend/resume.

Why to keep the memory retained?

>
> [...]
>
> > > > + priv->rx_msg = rx_msg;
> > > > + ret = imx_ele_msg_send_rcv(priv, tx_msg);
> > >
> > > This API looks strange, why put the tx_msg as a parameter the rx_msg
> > > into the private struct?
> >
> > The rx_msg is the populated in the interrupt context. Hence, it kept
> > as part of private structure; which is in-turn associated with
> > mbox_client.
>
> These are implementation details, it just feels strange to pass one parameter
> via an arguments and put the other in the private pointer.
>
> > Though, in v2 moving the rx_msg setting to imx_ele_msg_send_rcv(priv,
> > tx_msg, rx_msg);
>
> fine
>
> [...]
>
> > > > + if (status != priv->success_tag) {
> > > > + dev_err(dev, "Command Id[%d], Response Failure = 0x%x",
> > > > + ELE_GET_INFO_REQ, status);
> > > > + ret = -1;
> > > > + }
> > > > +
> > > > + s_info->imem_state = (get_info_data[ELE_IMEM_STATE_WORD]
> > > > + & ELE_IMEM_STATE_MASK) >> 16;
> > >
> > > can you use a struct for get_info_data and use FIELD_GET() (if
> > > needed)
> >
> > Re-write the structure soc_info, matching the information provided in
> > response to this api.
>
> Looks better. Please compile the driver and check with "pahole" that the
> layout of these structures doesn't contain any unwanted padding.
> Otherwise add "__packed" and if you can guarantee "__aligned(4)".
>

Structure is copied from the already deployed user-space library.
Validated that each variable is printing correct value.
Even below code changes are done:
- tx_msg->data[2] = ELE_GET_INFO_READ_SZ;
+ tx_msg->data[2] = sizeof(struct soc_info);

> > struct dev_info {
> > uint8_t cmd;
> > uint8_t ver;
> > uint16_t length;
> > uint16_t soc_id;
> > uint16_t soc_rev;
> > uint16_t lmda_val;
> > uint8_t ssm_state;
> > uint8_t dev_atts_api_ver;
> > uint8_t uid[MAX_UID_SIZE];
> > uint8_t sha_rom_patch[DEV_GETINFO_ROM_PATCH_SHA_SZ];
> > uint8_t sha_fw[DEV_GETINFO_FW_SHA_SZ]; };
> >
> > struct dev_addn_info {
> > uint8_t oem_srkh[DEV_GETINFO_OEM_SRKH_SZ];
> > uint8_t trng_state;
> > uint8_t csal_state;
> > uint8_t imem_state;
> > uint8_t reserved2;
> > };
> >
> > struct soc_info {
> > struct dev_info d_info;
> > struct dev_addn_info d_addn_info; };
>
> [...]
>
> > > > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg) {
> > > > + bool is_cmd_lock_tobe_taken = false;
> > > > + int err;
> > > > +
> > > > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > > > + is_cmd_lock_tobe_taken = true;
> > > > + mutex_lock(&priv->se_if_cmd_lock);
> > > > + }
> > > > + scoped_guard(mutex, &priv->se_if_lock);
> > > > +
> > > > + err = mbox_send_message(priv->tx_chan, mssg);
> > > > + if (err < 0) {
> > > > + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> > > > + if (is_cmd_lock_tobe_taken)
> > > > + mutex_unlock(&priv->se_if_cmd_lock);
> > >
> > > Only dropping the lock in case of failure doesn't look right to me.
> >
> > The callers of this function, takes the execution flow to aborting the
> > operation on getting return code < 0. No next action is expected under
> > this aborted operation. Unlocking the lock here is not an issue
> >
> > > It seems you should better move the lock to the callers of this function.
> >
> > Accepted, and moved to the caller of the function for:
> > - locking
> > - unlocking in case of error.
> >
> > Unlocking in the read API, once response is successfully received and
> > read.
>
> A better design would be: imx_ele_msg_rcv() imx_ele_msg_send() are
> expected to be called locked. Add lockdep_assert_held() to these function to
> document/check this.
>
> The callers of imx_ele_msg_rcv() and imx_ele_msg_send() have to take care
> of the locking.
>
> [...]
>
The locking/unlocking of se_if_cmd_lock, is taken care by the callers only:
- imx_ele_msg_send_rcv calls both the functions:
--imx_ele_msg_send.
--imx_ele_msg_rcv.

But the lockdep_assert_held, cannot be added to imx_ele_msg_send, as its another caller function imx_ele_miscdev_msg_send calls if for sending:
--- command (here command lock is taken).
--- response to a command (here command lock is not taken).

Will add lockdep_assert_held, to receive path, in v2.

> > > > +static const struct imx_se_node_info_list imx8ulp_info = {
> > > > + .num_mu = 1,
> > > > + .soc_id = SOC_ID_OF_IMX8ULP,
> > > > + .info = {
> > > > + {
> > > > + .se_if_id = 2,
> > > > + .se_if_did = 7,
> > > > + .max_dev_ctx = 4,
> > > > + .cmd_tag = 0x17,
> > > > + .rsp_tag = 0xe1,
> > > > + .success_tag = 0xd6,
> > > > + .base_api_ver = MESSAGING_VERSION_6,
> > > > + .fw_api_ver = MESSAGING_VERSION_7,
> > > > + .se_name = "hsm1",
> > > > + .mbox_tx_name = "tx",
> > > > + .mbox_rx_name = "rx",
> > > > + .pool_name = "sram",
> > > > + .fw_name_in_rfs = IMX_ELE_FW_DIR\
> > > ^
> > > not
> > > needed
> >
> > It is needed for i.MX8ULP, dual FW support.
>
> The backslash is not needed.
Accepted. Will correct in v2.

>
> >
> > > > + "mx8ulpa2ext-ahab-
> container.img",
> >
> >
> > > > + .soc_register = true,
> > > > + .reserved_dma_ranges = true,
> > > > + .imem_mgmt = true,
> > > > + },
> > > > + },
> > > > +};
> > > > +
> > > > +static const struct imx_se_node_info_list imx93_info = {
> > > > + .num_mu = 1,
> > > > + .soc_id = SOC_ID_OF_IMX93,
> > > > + .info = {
> > > > + {
> > > > + .se_if_id = 2,
> > > > + .se_if_did = 3,
> > > > + .max_dev_ctx = 4,
> > > > + .cmd_tag = 0x17,
> > > > + .rsp_tag = 0xe1,
> > > > + .success_tag = 0xd6,
> > > > + .base_api_ver = MESSAGING_VERSION_6,
> > > > + .fw_api_ver = MESSAGING_VERSION_7,
> > > > + .se_name = "hsm1",
> > > > + .mbox_tx_name = "tx",
> > > > + .mbox_rx_name = "rx",
> > > > + .reserved_dma_ranges = true,
> > > > + .imem_mgmt = true,
> > > > + .soc_register = true,
> > > > + },
> > > > + },
> > >
> > >
> > > Some (most?) members of these structs are the same. Why do you have
> > > this abstraction if it's not needed right now?
> >
> > It is needed as the values is different for different NXP SoC
> > compatible. It will be needed for NXP i.MX95 platform, whose code will
> > be next in pipeline.
>
> How does the imx95 .info look like?
>
Copied from the internal repo.
static const struct imx_info_list imx95_info = {
.num_mu = 4,
.soc_id = SOC_ID_OF_IMX95,
.info = {
{
.socdev = false,
.mu_id = 2,
.mu_did = 3,
.max_dev_ctx = 4,
.cmd_tag = 0x17,
.rsp_tag = 0xe1,
.success_tag = 0xd6,
.base_api_ver = MESSAGING_VERSION_6,
.fw_api_ver = MESSAGING_VERSION_7,
.se_name = "hsm1",
.mbox_tx_name = "tx",
.mbox_rx_name = "rx",
.pool_name = NULL,
.reserved_dma_ranges = false,
.init_fw = true,
.v2x_state_check = true,
.start_rng = ele_start_rng,
.enable_ele_trng = true,
.imem_mgmt = false,
.mu_buff_size = 0,
.fw_name_in_rfs = NULL,
},
{
.socdev = false,
.mu_id = 0,
.mu_did = 0,
.max_dev_ctx = 0,
.cmd_tag = 0x17,
.rsp_tag = 0xe1,
.success_tag = 0xd6,
.base_api_ver = 0x2,
.fw_api_ver = 0x2,
.se_name = "v2x_dbg",
.pool_name = NULL,
.mbox_tx_name = "tx",
.mbox_rx_name = "rx",
.reserved_dma_ranges = false,
.init_fw = false,
.v2x_state_check = true,
.start_rng = v2x_start_rng,
.enable_ele_trng = false,
.imem_mgmt = false,
.mu_buff_size = 0,
.fw_name_in_rfs = NULL,
},
{
.socdev = false,
.mu_id = 4,
.mu_did = 0,
.max_dev_ctx = 4,
.cmd_tag = 0x18,
.rsp_tag = 0xe2,
.success_tag = 0xd6,
.base_api_ver = 0x2,
.fw_api_ver = 0x2,
.se_name = "v2x_sv0",
.pool_name = NULL,
.mbox_tx_name = "tx",
.mbox_rx_name = "rx",
.reserved_dma_ranges = false,
.init_fw = false,
.v2x_state_check = true,
.start_rng = NULL,
.enable_ele_trng = false,
.imem_mgmt = false,
.mu_buff_size = 16,
.fw_name_in_rfs = NULL,
},
{
.socdev = false,
.mu_id = 6,
.mu_did = 0,
.max_dev_ctx = 4,
.cmd_tag = 0x1a,
.rsp_tag = 0xe4,
.success_tag = 0xd6,
.base_api_ver = 0x2,
.fw_api_ver = 0x2,
.se_name = "v2x_she",
.pool_name = NULL,
.mbox_tx_name = "tx",
.mbox_rx_name = "rx",
.reserved_dma_ranges = false,
.init_fw = false,
.v2x_state_check = true,
.start_rng = NULL,
.enable_ele_trng = false,
.imem_mgmt = false,
.mu_buff_size = 16,
.fw_name_in_rfs = NULL,
},
{
.socdev = false,
.mu_id = 6,
.mu_did = 0,
.max_dev_ctx = 4,
.cmd_tag = 0x1a,
.rsp_tag = 0xe4,
.success_tag = 0xd6,
.base_api_ver = 0x2,
.fw_api_ver = 0x2,
.se_name = "v2x_she",
.pool_name = NULL,
.mbox_tx_name = "tx",
.mbox_rx_name = "rx",
.reserved_dma_ranges = false,
.init_fw = false,
.v2x_state_check = true,
.start_rng = NULL,
.enable_ele_trng = false,
.imem_mgmt = false,
.mu_buff_size = 256,
.fw_name_in_rfs = NULL,
},
}
};
>
> > > > +static int imx_fetch_soc_info(struct device *dev) {
> > > > + struct se_if_priv *priv = dev_get_drvdata(dev);
> > > > + struct imx_se_node_info_list *info_list;
> > > > + const struct imx_se_node_info *info;
> > > > + struct soc_device_attribute *attr;
> > > > + struct soc_device *sdev;
> > > > + struct soc_info s_info;
> > > > + int err = 0;
> > > > +
> > > > + info = priv->info;
> > > > + info_list = (struct imx_se_node_info_list *)
> > > > + device_get_match_data(dev->parent);
> > >
> > > I think cast is not needed.
> >
> > It returns memory reference with const attribute. SoC revision member
> > of 'info_list', is required to be updated. Thus type casted.
>
> Have you considered that this memory is marked as const for a reason?
> It's const, you cannot change it. Place any values that have to changed into
> your priv.

Created a static variable g_soc_rev in the se_ctrl.c.
Accepted and will correct it in v2.

>
> > > > + if (info_list->soc_rev)
> > > > + return err;
> > >
Will change the above condition to g_soc_rev.

> > > What does this check do? You'll only get data you put in the
> > > info_list in the first place.
>
> > info_list->soc_rev, is equal to zero for the first call to this
> > function. To return from this function if this function is already
> > executed.
>
> This looks wrong, see above.

Accepted and will correct it in v2.

>
> > > > + err = ele_get_info(dev, &s_info);
> > > > + if (err)
> > > > + s_info.major_ver = DEFAULT_IMX_SOC_VER;
> > >
> > > Why continue here in case of error?
> >
> > To continue with SoC registration for the default values (without
> > fetching information from ELE).
>
> Have you tested the driver that it will work, if this fails?
Tested in unit testing by making err equal to non-zero.
Showing soc revision and serial number are shown as zeros.

But, I agree with you to return failure. As there is no point continuing if the SE probe failed.
Earlier I was thinking to allow other modules depending on soc registration info, can work.

Accepted and will not continue in case of failure in V2.

>
> > > > +
> > > > + info_list->soc_rev = s_info.soc_rev;
> > > > +
> > > > + if (!info->soc_register)
> > > > + return 0;
> > > > +
> > > > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > > > + if (!attr)
> > > > + return -ENOMEM;
> > > > +
> > > > + if (s_info.minor_ver)
> > > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> > > > + s_info.major_ver,
> > > > + s_info.minor_ver);
> > > > + else
> > > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> > > > + s_info.major_ver);
> > > > +
> > > > + switch (s_info.soc_id) {
> > > > + case SOC_ID_OF_IMX8ULP:
> > > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > > + "i.MX8ULP");
> > > > + break;
> > > > + case SOC_ID_OF_IMX93:
> > > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > > + "i.MX93");
> > > > + break;
> > > > + }
> > > > +
> > > > + err = of_property_read_string(of_root, "model",
> > > > + &attr->machine);
> > > > + if (err) {
> > > > + devm_kfree(dev, attr);
> > >
> > > Why do you do a manual cleanup of devm managed resources? Same
> > > applies to the other devm managed resources, too.
> > >
> > Used devm managed memory, as this function is called as part probe.
> > Post device registration, this devm managed memory is un-necessarily
> > blocked. It is better to release it as part of clean-up, under this
> > function only.
>
> Why do you allocate the memory with devm in the first place, if it's not
> needed after probe?

Sorry to confuse you. Actually the devm_memory will be needed for the case of soc_registration.
Meaning, memory with devm, will be needed post probing as well.

If this function fails, the probing will fail too. It will be auto cleaned.

Accepted, will remove the devm_free in v2.

>
> > Other devm managed memory clean-up, under se_probe_cleanup, will be
> > removed, as suggested.
>
> regards,
> Marc
>
> --
> Pengutronix e.K. | Marc Kleine-Budde |
> Embedded Linux | https://www.pengutronix.de |
> Vertretung Nürnberg | Phone: +49-5121-206917-129 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |

2024-05-21 12:17:40

by Pankaj Gupta

[permalink] [raw]
Subject: RE: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding doc



> -----Original Message-----
> From: Pankaj Gupta
> Sent: Monday, May 13, 2024 9:07 PM
> To: Rob Herring <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Krzysztof Kozlowski
> <[email protected]>; Conor Dooley <[email protected]>;
> Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: RE: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw binding
> doc
>
>
>
> > -----Original Message-----
> > From: Rob Herring <[email protected]>
> > Sent: Saturday, May 11, 2024 1:39 AM
> > To: Pankaj Gupta <[email protected]>
> > Cc: Jonathan Corbet <[email protected]>; Krzysztof Kozlowski
> > <[email protected]>; Conor Dooley
> > <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> > <[email protected]>; Pengutronix Kernel Team
> > <[email protected]>; Fabio Estevam <[email protected]>; linux-
> > [email protected]; [email protected];
> > [email protected]; [email protected]; linux-arm-
> > [email protected]
> > Subject: [EXT] Re: [PATCH 2/4] dt-bindings: arm: fsl: add imx-se-fw
> > binding doc
> >
> > Caution: This is an external email. Please take care when clicking
> > links or opening attachments. When in doubt, report the message using
> > the 'Report this email' button
> >
> >
> > On Fri, May 10, 2024 at 06:57:28PM +0530, Pankaj Gupta wrote:
> > > The NXP security hardware IP(s) like: i.MX EdgeLock Enclave, V2X
> > > etc., creates an embedded secure enclave within the SoC boundary to
> > > enable features like:
> > > - HSM
> > > - SHE
> > > - V2X
> > >
> > > Secure-Enclave(s) communication interface are typically via message
> > > unit, i.e., based on mailbox linux kernel driver. This driver
> > > enables communication ensuring well defined message sequence
> > > protocol between Application Core and enclave's firmware.
> > >
> > > Driver configures multiple misc-device on the MU, for multiple
> > > user-space applications, to be able to communicate over single MU.
> > >
> > > It exists on some i.MX processors. e.g. i.MX8ULP, i.MX93 etc.
> > >
> > > Signed-off-by: Pankaj Gupta <[email protected]>
> > > ---
> > > .../devicetree/bindings/firmware/fsl,imx-se.yaml | 186
> > +++++++++++++++++++++
> > > 1 file changed, 186 insertions(+)
> > >
> > > diff --git
> > > a/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > new file mode 100644
> > > index 000000000000..a858ef6965cb
> > > --- /dev/null
> > > +++ b/Documentation/devicetree/bindings/firmware/fsl,imx-se.yaml
> > > @@ -0,0 +1,186 @@
> > > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) %YAML 1.2
> > > +---
> > > +$id:
> > > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fde
> > > +vi
> > > +cetree.org%2Fschemas%2Ffirmware%2Ffsl%2Cimx-
> > se.yaml%23&data=05%7C02%7
> > >
> >
> +Cpankaj.gupta%40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C
> > 686ea1d3
> > >
> >
> +bc2b4c6fa92cd99c5c301635%7C0%7C0%7C638509685520936926%7CUnkn
> > own%7CTWF
> > >
> >
> +pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX
> > VCI6
> > >
> >
> +Mn0%3D%7C0%7C%7C%7C&sdata=Rwof3k3K1OWimcI5ApRMiyvD%2FPXgk
> > b%2BRWrvx76J
> > > +YBtw%3D&reserved=0
> > > +$schema:
> > > +https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fde
> > > +vi
> > > +cetree.org%2Fmeta-
> > schemas%2Fcore.yaml%23&data=05%7C02%7Cpankaj.gupta%
> > >
> >
> +40nxp.com%7C2c17789530e9431069b308dc712d0e47%7C686ea1d3bc2b4c
> > 6fa92cd9
> > >
> >
> +9c5c301635%7C0%7C0%7C638509685520944809%7CUnknown%7CTWFpb
> > GZsb3d8eyJWI
> > >
> >
> +joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7
> > C0%7C%
> > >
> >
> +7C%7C&sdata=aile3WnYE69fuJHvAOXQARlqLV9roZDuDK63fCj2ZTE%3D&res
> > erved=0
> > > +
> > > +title: NXP i.MX HW Secure Enclave(s) EdgeLock Enclave
> > > +
> > > +maintainers:
> > > + - Pankaj Gupta <[email protected]>
> > > +
> > > +description: |
> > > + NXP's SoC may contain one or multiple embedded secure-enclave HW
> > > + IP(s) like i.MX EdgeLock Enclave, V2X etc. These NXP's HW IP(s)
> > > + enables features like
> > > + - Hardware Security Module (HSM),
> > > + - Security Hardware Extension (SHE), and
> > > + - Vehicular to Anything (V2X)
> > > +
> > > + Communication interface to the secure-enclaves is based on the
> > > + messaging unit(s).
> > > +
> > > +properties:
> > > + '#address-cells':
> > > + const: 1
> > > +
> > > + '#size-cells':
> > > + const: 0
> > > +
> > > + compatible:
> > > + enum:
> > > + - fsl,imx8ulp-ele
> > > + - fsl,imx93-ele
> >
> > You basically have 0 properties in the parent node. What's the point of it?
> > Either just get rid of it and define the child nodes independently or
> > make the parent contain all the resources.
> >

Making the parent contains all the properties:

+ ele-if@0 {
+ compatible = "fsl,imx8ulp-ele";
+ reg = <0x0>;
+ mbox-names = "tx", "rx";
+ mboxes = <&s4muap 0 0>, <&s4muap 1 0>;
+ sram = <&sram0>;
+ };

Will this be fine? Kindly suggest.
Thanks.

> > > +
> > > +patternProperties:
> > > + "^[0-9a-z]*-if@[0-9]+$":
> >
> > unit-addresses are hex.
> Accepted


>
> >
> > > + type: object
> > > + description:
> > > + Communication interface to secure-enclave node, that defines
> > hardware
> > > + properties to required to establish the communication. There can be
> > > + multiple interfaces to the same secure-enclave. Each interface is
> > > + enumerated with reg property. It optionally defines properties
> > > + depending on the compatible string and interface enum identifier.
> > > +
> > > + properties:
> > > + reg:
> > > + maxItems: 1
> > > + description: Identifier of the communication interface to
> > > + secure-
> > enclave.
> >
> > What are the identifiers based on?
> Identifier is used to identify a particular secure enclave interface, within the
> multiple secure enclave interfaces under same compatible string.
>
> Secure enclave interface is the combination of:
> - messaging unit (hardware), and
> - memory constraint applicable to a particular interface.
>
> > Is the value significant to s/w? Kind of looks like you just made up indices.
>
> For the below example:
> v2x {
> compatible = "fsl,imx95-v2x";
> #address-cells = <1>;
> #size-cells = <0>;
>
> v2x-if@0 { // if it is not @0, then what identifier to be used to identify a
> particular node.
> reg = <0x0>;
> mboxes = <&v2x_mu 0 0>, <&v2x_mu 1 0>;
> mbox-names = "tx", "rx";
> };
> v2x-if@1 {
> reg = <0x1>;
> mboxes = <&v2x_mu6 0 0>, <&v2x_mu6 1 0>;
> mbox-names = "txdb", "rxdb";
> };
> v2x-if@2 {
> reg = <0x2>;
> mboxes = <&v2x_mu7 0 0>, <&v2x_mu7 1 0>;
> mbox-names = "tx", "rx";
> };
> };
> s/w needs to differentiate one node from another node, for the same
> compatible string for the SoC.
>
> >
> > How many child nodes do you have? Is it fixed per SoC?
> It is fixed for a particular SoC.
> While number of child nodes varies from one SoC to another SoC.
>
> >
> > > +
> > > + mboxes:
> > > + description: contain a list of phandles to mailboxes.
> > > + items:
> > > + - description: Specify the mailbox used to send message
> > > + to se
> > firmware
> > > + - description: Specify the mailbox used to receive
> > > + message from se firmware
> > > +
> > > + mbox-names:
> > > + items:
> > > + - const: tx
> > > + - const: rx
> > > + - const: txdb
> > > + - const: rxdb
> > > + minItems: 2
> > > +
> > > + memory-region:
> > > + description: contains a list of phandles to reserved external memory.
> > > + items:
> > > + - description: It is used by secure-enclave firmware. It is an optional
> > > + property based on compatible and identifier to
> > > + communication
> > interface.
> > > + (see bindings/reserved-memory/reserved-memory.txt)
> > > +
> > > + sram:
> > > + description: contains a list of phandles to sram.
> > > + $ref: /schemas/types.yaml#/definitions/phandle-array
> > > + items:
> > > + - description: Phandle to the device SRAM. It is an optional property
> > > + based on compatible and identifier to communication interface.
> > > +
> > > + required:
> > > + - reg
> > > + - mboxes
> > > + - mbox-names
> > > +
> > > +allOf:
> > > + # memory-region
> > > + - if:
> > > + properties:
> > > + compatible:
> > > + contains:
> > > + enum:
> > > + - fsl,imx8ulp-ele
> > > + - fsl,imx93-ele
> >
> > What else would they contain? Those are the only compatibles defined here.
>
> It will have multiple child nodes, but fixed number of child node for a
> particular SoC.
>
> >
> > > + then:
> > > + patternProperties:
> > > + "^[0-9a-z]*-if@[0-9]+$":
> > > + allOf:
> > > + - if:
> >
> > These conditionals are hard to follow. Probably a sign some of this
> > needs to be separate or simplified.
> I am ready to separate and simplify.
> Please help by sharing an example on how to go about this change.
> Probably an example that helps me understand your point and then will start
> to work on this comment.
> It is highly appreciated. Thanks.
>
> >
> > > + properties:
> > > + reg:
> > > + items:
> > > + - enum:
> > > + - 0
> > > + then:
> > > + required:
> > > + - memory-region
> > > + else:
> > > + not:
> > > + required:
> > > + - memory-region # sram
> > > + - if:
> > > + properties:
> > > + compatible:
> > > + contains:
> > > + enum:
> > > + - fsl,imx8ulp-ele
> > > + then:
> > > + patternProperties:
> > > + "^[0-9a-z]*-if@[0-9]+$":
> > > + allOf:
> > > + - if:
> > > + properties:
> > > + reg:
> > > + items:
> > > + - enum:
> > > + - 0
> > > + then:
> > > + required:
> > > + - sram
> > > + else:
> > > + not:
> > > + required:
> > > + - sram
> > > +
> > > +additionalProperties: false

2024-05-22 07:48:18

by Marc Kleine-Budde

[permalink] [raw]
Subject: Re: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

On 21.05.2024 11:57:04, Pankaj Gupta wrote:
> > > > > +
> > > > > + memset(s_info, 0x0, sizeof(*s_info));
> > > > > +
> > > > > + if (priv->mem_pool_name)
> > > > > + get_info_data = get_phy_buf_mem_pool(dev,
> > > > > + priv->mem_pool_name,
> > > > > + &get_info_addr,
> > > > > + ELE_GET_INFO_BUFF_SZ);
> > > > > + else
> > > > > + get_info_data = dmam_alloc_coherent(dev,
> > > > > + ELE_GET_INFO_BUFF_SZ,
> > > > > + &get_info_addr,
> > > > > + GFP_KERNEL);
> > > >
> > > > It's better style to move the init of the dma memory into the probe
> > > > function.
> > >
> > > It is not DMA init. It is DMA allocation.
> >
> > It's better style to move the allocation of the dma memory into the probe
> > function.
> >
> The buffer 'get_info_data', is allocated and freed within this function.
> This API is called multiple times:
> - as part of probe.
> - as part of suspend/resume.
>
> Why to keep the memory retained?

I see. Then why do you allocate with dmam_alloc_coherent()?

[...]

> > > > > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg) {
> > > > > + bool is_cmd_lock_tobe_taken = false;
> > > > > + int err;
> > > > > +
> > > > > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > > > > + is_cmd_lock_tobe_taken = true;
> > > > > + mutex_lock(&priv->se_if_cmd_lock);
> > > > > + }
> > > > > + scoped_guard(mutex, &priv->se_if_lock);
> > > > > +
> > > > > + err = mbox_send_message(priv->tx_chan, mssg);
> > > > > + if (err < 0) {
> > > > > + dev_err(priv->dev, "Error: mbox_send_message failure.\n");
> > > > > + if (is_cmd_lock_tobe_taken)
> > > > > + mutex_unlock(&priv->se_if_cmd_lock);
> > > >
> > > > Only dropping the lock in case of failure doesn't look right to me.
> > >
> > > The callers of this function, takes the execution flow to aborting the
> > > operation on getting return code < 0. No next action is expected under
> > > this aborted operation. Unlocking the lock here is not an issue
> > >
> > > > It seems you should better move the lock to the callers of this function.
> > >
> > > Accepted, and moved to the caller of the function for:
> > > - locking
> > > - unlocking in case of error.
> > >
> > > Unlocking in the read API, once response is successfully received and
> > > read.
> >
> > A better design would be: imx_ele_msg_rcv() imx_ele_msg_send() are
> > expected to be called locked. Add lockdep_assert_held() to these function to
> > document/check this.
> >
> > The callers of imx_ele_msg_rcv() and imx_ele_msg_send() have to take care
> > of the locking.
> >
> > [...]
> >
> The locking/unlocking of se_if_cmd_lock, is taken care by the callers only:
> - imx_ele_msg_send_rcv calls both the functions:
> --imx_ele_msg_send.
> --imx_ele_msg_rcv.
>
> But the lockdep_assert_held, cannot be added to imx_ele_msg_send, as
> its another caller function imx_ele_miscdev_msg_send calls if for
> sending:
> --- command (here command lock is taken).
> --- response to a command (here command lock is not taken).

miscdev is another patch.

But why can't you use the same lock in imx_ele_miscdev_msg_send()?


> > > > > +static const struct imx_se_node_info_list imx93_info = {
> > > > > + .num_mu = 1,
> > > > > + .soc_id = SOC_ID_OF_IMX93,
> > > > > + .info = {
> > > > > + {
> > > > > + .se_if_id = 2,
> > > > > + .se_if_did = 3,
> > > > > + .max_dev_ctx = 4,
> > > > > + .cmd_tag = 0x17,
> > > > > + .rsp_tag = 0xe1,
> > > > > + .success_tag = 0xd6,
> > > > > + .base_api_ver = MESSAGING_VERSION_6,
> > > > > + .fw_api_ver = MESSAGING_VERSION_7,
> > > > > + .se_name = "hsm1",
> > > > > + .mbox_tx_name = "tx",
> > > > > + .mbox_rx_name = "rx",
> > > > > + .reserved_dma_ranges = true,
> > > > > + .imem_mgmt = true,
> > > > > + .soc_register = true,
> > > > > + },
> > > > > + },
> > > >
> > > >
> > > > Some (most?) members of these structs are the same. Why do you have
> > > > this abstraction if it's not needed right now?
> > >
> > > It is needed as the values is different for different NXP SoC
> > > compatible. It will be needed for NXP i.MX95 platform, whose code will
> > > be next in pipeline.
> >
> > How does the imx95 .info look like?
> >
> Copied from the internal repo.
> static const struct imx_info_list imx95_info = {
> .num_mu = 4,
> .soc_id = SOC_ID_OF_IMX95,
> .info = {
> {
> .socdev = false,
> .mu_id = 2,
> .mu_did = 3,
> .max_dev_ctx = 4,
> .cmd_tag = 0x17,
> .rsp_tag = 0xe1,
> .success_tag = 0xd6,
> .base_api_ver = MESSAGING_VERSION_6,
> .fw_api_ver = MESSAGING_VERSION_7,
> .se_name = "hsm1",
> .mbox_tx_name = "tx",
> .mbox_rx_name = "rx",
> .pool_name = NULL,
> .reserved_dma_ranges = false,
> .init_fw = true,
> .v2x_state_check = true,
> .start_rng = ele_start_rng,
> .enable_ele_trng = true,
> .imem_mgmt = false,
> .mu_buff_size = 0,
> .fw_name_in_rfs = NULL,
> },
> {
> .socdev = false,
> .mu_id = 0,
> .mu_did = 0,
> .max_dev_ctx = 0,
> .cmd_tag = 0x17,
> .rsp_tag = 0xe1,
> .success_tag = 0xd6,
> .base_api_ver = 0x2,
> .fw_api_ver = 0x2,
> .se_name = "v2x_dbg",
> .pool_name = NULL,
> .mbox_tx_name = "tx",
> .mbox_rx_name = "rx",
> .reserved_dma_ranges = false,
> .init_fw = false,
> .v2x_state_check = true,
> .start_rng = v2x_start_rng,
> .enable_ele_trng = false,
> .imem_mgmt = false,
> .mu_buff_size = 0,
> .fw_name_in_rfs = NULL,
> },
> {
> .socdev = false,
> .mu_id = 4,
> .mu_did = 0,
> .max_dev_ctx = 4,
> .cmd_tag = 0x18,
> .rsp_tag = 0xe2,
> .success_tag = 0xd6,
> .base_api_ver = 0x2,
> .fw_api_ver = 0x2,
> .se_name = "v2x_sv0",
> .pool_name = NULL,
> .mbox_tx_name = "tx",
> .mbox_rx_name = "rx",
> .reserved_dma_ranges = false,
> .init_fw = false,
> .v2x_state_check = true,
> .start_rng = NULL,
> .enable_ele_trng = false,
> .imem_mgmt = false,
> .mu_buff_size = 16,
> .fw_name_in_rfs = NULL,
> },
> {
> .socdev = false,
> .mu_id = 6,
> .mu_did = 0,
> .max_dev_ctx = 4,
> .cmd_tag = 0x1a,
> .rsp_tag = 0xe4,
> .success_tag = 0xd6,
> .base_api_ver = 0x2,
> .fw_api_ver = 0x2,
> .se_name = "v2x_she",
> .pool_name = NULL,
> .mbox_tx_name = "tx",
> .mbox_rx_name = "rx",
> .reserved_dma_ranges = false,
> .init_fw = false,
> .v2x_state_check = true,
> .start_rng = NULL,
> .enable_ele_trng = false,
> .imem_mgmt = false,
> .mu_buff_size = 16,
> .fw_name_in_rfs = NULL,
> },
> {
> .socdev = false,
> .mu_id = 6,
> .mu_did = 0,
> .max_dev_ctx = 4,
> .cmd_tag = 0x1a,
> .rsp_tag = 0xe4,
> .success_tag = 0xd6,
> .base_api_ver = 0x2,
> .fw_api_ver = 0x2,
> .se_name = "v2x_she",
> .pool_name = NULL,
> .mbox_tx_name = "tx",
> .mbox_rx_name = "rx",
> .reserved_dma_ranges = false,
> .init_fw = false,
> .v2x_state_check = true,
> .start_rng = NULL,
> .enable_ele_trng = false,
> .imem_mgmt = false,
> .mu_buff_size = 256,
> .fw_name_in_rfs = NULL,
> },
> }
> };

Just looking at _some_, the .cmd_tag, .rsp_tag and .success_tag look the
same for all SoCs.

[...]

> Created a static variable g_soc_rev in the se_ctrl.c.
> Accepted and will correct it in v2.
>
> >
> > > > > + if (info_list->soc_rev)
> > > > > + return err;
> > > >
> Will change the above condition to g_soc_rev.

"g_" as is global? Don't do that. Use your priv!

[...]

> > > > > +
> > > > > + info_list->soc_rev = s_info.soc_rev;
> > > > > +
> > > > > + if (!info->soc_register)
> > > > > + return 0;
> > > > > +
> > > > > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > > > > + if (!attr)
> > > > > + return -ENOMEM;
> > > > > +
> > > > > + if (s_info.minor_ver)
> > > > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x.%x",
> > > > > + s_info.major_ver,
> > > > > + s_info.minor_ver);
> > > > > + else
> > > > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL, "%x",
> > > > > + s_info.major_ver);
> > > > > +
> > > > > + switch (s_info.soc_id) {
> > > > > + case SOC_ID_OF_IMX8ULP:
> > > > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > > > + "i.MX8ULP");
> > > > > + break;
> > > > > + case SOC_ID_OF_IMX93:
> > > > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > > > + "i.MX93");
> > > > > + break;
> > > > > + }
> > > > > +
> > > > > + err = of_property_read_string(of_root, "model",
> > > > > + &attr->machine);
> > > > > + if (err) {
> > > > > + devm_kfree(dev, attr);
> > > >
> > > > Why do you do a manual cleanup of devm managed resources? Same
> > > > applies to the other devm managed resources, too.
> > > >
> > > Used devm managed memory, as this function is called as part probe.
> > > Post device registration, this devm managed memory is un-necessarily
> > > blocked. It is better to release it as part of clean-up, under this
> > > function only.
> >
> > Why do you allocate the memory with devm in the first place, if it's not
> > needed after probe?
>
> Sorry to confuse you. Actually the devm_memory will be needed for the case of soc_registration.
> Meaning, memory with devm, will be needed post probing as well.
>
> If this function fails, the probing will fail too. It will be auto cleaned.
>
> Accepted, will remove the devm_free in v2.

If you don't need the memory past probe() allocate with kzalloc() and
use kfree(). Only used managed resources for lifetimes beyond the probe
function.

Marc

--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung Nürnberg | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |


Attachments:
(No filename) (13.12 kB)
signature.asc (499.00 B)
Download all attachments

2024-05-22 10:46:25

by Pankaj Gupta

[permalink] [raw]
Subject: RE: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Marc Kleine-Budde <[email protected]>
> Sent: Tuesday, May 21, 2024 5:57 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: Re: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP
> EdgeLock Enclave
>
> On 21.05.2024 11:57:04, Pankaj Gupta wrote:
> > > > > > +
> > > > > > + memset(s_info, 0x0, sizeof(*s_info));
> > > > > > +
> > > > > > + if (priv->mem_pool_name)
> > > > > > + get_info_data = get_phy_buf_mem_pool(dev,
> > > > > > + priv-
> >mem_pool_name,
> > > > > > + &get_info_addr,
> > > > > > +
> ELE_GET_INFO_BUFF_SZ);
> > > > > > + else
> > > > > > + get_info_data = dmam_alloc_coherent(dev,
> > > > > > +
> ELE_GET_INFO_BUFF_SZ,
> > > > > > + &get_info_addr,
> > > > > > + GFP_KERNEL);
> > > > >
> > > > > It's better style to move the init of the dma memory into the
> > > > > probe function.
> > > >
> > > > It is not DMA init. It is DMA allocation.
> > >
> > > It's better style to move the allocation of the dma memory into the
> > > probe function.
> > >
> > The buffer 'get_info_data', is allocated and freed within this function.
> > This API is called multiple times:
> > - as part of probe.
> > - as part of suspend/resume.
> >
> > Why to keep the memory retained?
>
> I see. Then why do you allocate with dmam_alloc_coherent()?

Because this memory is written by Firmware. It should be either from SRAM
Or from reserved memory region, accessible to FW.

>
> [...]
>
> > > > > > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg) {
> > > > > > + bool is_cmd_lock_tobe_taken = false;
> > > > > > + int err;
> > > > > > +
> > > > > > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > > > > > + is_cmd_lock_tobe_taken = true;
> > > > > > + mutex_lock(&priv->se_if_cmd_lock);
> > > > > > + }
> > > > > > + scoped_guard(mutex, &priv->se_if_lock);
> > > > > > +
> > > > > > + err = mbox_send_message(priv->tx_chan, mssg);
> > > > > > + if (err < 0) {
> > > > > > + dev_err(priv->dev, "Error: mbox_send_message
> failure.\n");
> > > > > > + if (is_cmd_lock_tobe_taken)
> > > > > > + mutex_unlock(&priv->se_if_cmd_lock);
> > > > >
> > > > > Only dropping the lock in case of failure doesn't look right to me.
> > > >
> > > > The callers of this function, takes the execution flow to aborting
> > > > the operation on getting return code < 0. No next action is
> > > > expected under this aborted operation. Unlocking the lock here is
> > > > not an issue
> > > >
> > > > > It seems you should better move the lock to the callers of this function.
> > > >
> > > > Accepted, and moved to the caller of the function for:
> > > > - locking
> > > > - unlocking in case of error.
> > > >
> > > > Unlocking in the read API, once response is successfully received
> > > > and read.
> > >
> > > A better design would be: imx_ele_msg_rcv() imx_ele_msg_send() are
> > > expected to be called locked. Add lockdep_assert_held() to these
> > > function to document/check this.
> > >
> > > The callers of imx_ele_msg_rcv() and imx_ele_msg_send() have to take
> > > care of the locking.
> > >
> > > [...]
> > >
> > The locking/unlocking of se_if_cmd_lock, is taken care by the callers only:
> > - imx_ele_msg_send_rcv calls both the functions:
> > --imx_ele_msg_send.
> > --imx_ele_msg_rcv.
> >
> > But the lockdep_assert_held, cannot be added to imx_ele_msg_send, as
> > its another caller function imx_ele_miscdev_msg_send calls if for
> > sending:
> > --- command (here command lock is taken).
> > --- response to a command (here command lock is not taken).
>
> miscdev is another patch.
Will try to split it.

>
> But why can't you use the same lock in imx_ele_miscdev_msg_send()?
Using the same lock "se_if_cmd_lock", in imx_ele_miscdev_msg_send.
This function is called from fops_write. This lock is taken conditionally taken depending on the kind of message:

--- Message containing command (here command lock is taken).
--- Message containing response to a command (here command lock is not taken).

>
>
> > > > > > +static const struct imx_se_node_info_list imx93_info = {
> > > > > > + .num_mu = 1,
> > > > > > + .soc_id = SOC_ID_OF_IMX93,
> > > > > > + .info = {
> > > > > > + {
> > > > > > + .se_if_id = 2,
> > > > > > + .se_if_did = 3,
> > > > > > + .max_dev_ctx = 4,
> > > > > > + .cmd_tag = 0x17,
> > > > > > + .rsp_tag = 0xe1,
> > > > > > + .success_tag = 0xd6,
> > > > > > + .base_api_ver =
> MESSAGING_VERSION_6,
> > > > > > + .fw_api_ver =
> MESSAGING_VERSION_7,
> > > > > > + .se_name = "hsm1",
> > > > > > + .mbox_tx_name = "tx",
> > > > > > + .mbox_rx_name = "rx",
> > > > > > + .reserved_dma_ranges = true,
> > > > > > + .imem_mgmt = true,
> > > > > > + .soc_register = true,
> > > > > > + },
> > > > > > + },
> > > > >
> > > > >
> > > > > Some (most?) members of these structs are the same. Why do you
> > > > > have this abstraction if it's not needed right now?
> > > >
> > > > It is needed as the values is different for different NXP SoC
> > > > compatible. It will be needed for NXP i.MX95 platform, whose code
> > > > will be next in pipeline.
> > >
> > > How does the imx95 .info look like?
> > >
> > Copied from the internal repo.
> > static const struct imx_info_list imx95_info = {
> > .num_mu = 4,
> > .soc_id = SOC_ID_OF_IMX95,
> > .info = {
> > {
> > .socdev = false,
> > .mu_id = 2,
> > .mu_did = 3,
> > .max_dev_ctx = 4,
> > .cmd_tag = 0x17,
> > .rsp_tag = 0xe1,
> > .success_tag = 0xd6,
> > .base_api_ver = MESSAGING_VERSION_6,
> > .fw_api_ver = MESSAGING_VERSION_7,
> > .se_name = "hsm1",
> > .mbox_tx_name = "tx",
> > .mbox_rx_name = "rx",
> > .pool_name = NULL,
> > .reserved_dma_ranges = false,
> > .init_fw = true,
> > .v2x_state_check = true,
> > .start_rng = ele_start_rng,
> > .enable_ele_trng = true,
> > .imem_mgmt = false,
> > .mu_buff_size = 0,
> > .fw_name_in_rfs = NULL,
> > },
> > {
> > .socdev = false,
> > .mu_id = 0,
> > .mu_did = 0,
> > .max_dev_ctx = 0,
> > .cmd_tag = 0x17,
> > .rsp_tag = 0xe1,
> > .success_tag = 0xd6,
> > .base_api_ver = 0x2,
> > .fw_api_ver = 0x2,
> > .se_name = "v2x_dbg",
> > .pool_name = NULL,
> > .mbox_tx_name = "tx",
> > .mbox_rx_name = "rx",
> > .reserved_dma_ranges = false,
> > .init_fw = false,
> > .v2x_state_check = true,
> > .start_rng = v2x_start_rng,
> > .enable_ele_trng = false,
> > .imem_mgmt = false,
> > .mu_buff_size = 0,
> > .fw_name_in_rfs = NULL,
> > },
> > {
> > .socdev = false,
> > .mu_id = 4,
> > .mu_did = 0,
> > .max_dev_ctx = 4,
> > .cmd_tag = 0x18,
> > .rsp_tag = 0xe2,
> > .success_tag = 0xd6,
> > .base_api_ver = 0x2,
> > .fw_api_ver = 0x2,
> > .se_name = "v2x_sv0",
> > .pool_name = NULL,
> > .mbox_tx_name = "tx",
> > .mbox_rx_name = "rx",
> > .reserved_dma_ranges = false,
> > .init_fw = false,
> > .v2x_state_check = true,
> > .start_rng = NULL,
> > .enable_ele_trng = false,
> > .imem_mgmt = false,
> > .mu_buff_size = 16,
> > .fw_name_in_rfs = NULL,
> > },
> > {
> > .socdev = false,
> > .mu_id = 6,
> > .mu_did = 0,
> > .max_dev_ctx = 4,
> > .cmd_tag = 0x1a,
> > .rsp_tag = 0xe4,
> > .success_tag = 0xd6,
> > .base_api_ver = 0x2,
> > .fw_api_ver = 0x2,
> > .se_name = "v2x_she",
> > .pool_name = NULL,
> > .mbox_tx_name = "tx",
> > .mbox_rx_name = "rx",
> > .reserved_dma_ranges = false,
> > .init_fw = false,
> > .v2x_state_check = true,
> > .start_rng = NULL,
> > .enable_ele_trng = false,
> > .imem_mgmt = false,
> > .mu_buff_size = 16,
> > .fw_name_in_rfs = NULL,
> > },
> > {
> > .socdev = false,
> > .mu_id = 6,
> > .mu_did = 0,
> > .max_dev_ctx = 4,
> > .cmd_tag = 0x1a,
> > .rsp_tag = 0xe4,
> > .success_tag = 0xd6,
> > .base_api_ver = 0x2,
> > .fw_api_ver = 0x2,
> > .se_name = "v2x_she",
> > .pool_name = NULL,
> > .mbox_tx_name = "tx",
> > .mbox_rx_name = "rx",
> > .reserved_dma_ranges = false,
> > .init_fw = false,
> > .v2x_state_check = true,
> > .start_rng = NULL,
> > .enable_ele_trng = false,
> > .imem_mgmt = false,
> > .mu_buff_size = 256,
> > .fw_name_in_rfs = NULL,
> > },
> > }
> > };
>
> Just looking at _some_, the .cmd_tag, .rsp_tag and .success_tag look the
> same for all SoCs.
.cmd_tag & .rsp_tag is varying for each: .se_name = "v2x_dbg", .se_name = "v2x_she" and .se_name = "v2x_sv0",

.success_tag is going to be different for i.MX8DXL. It will be zero for i.MX8DXL, as compared to current 0xD6, for i.MX8ULP, 93, 95


>
> [...]
>
> > Created a static variable g_soc_rev in the se_ctrl.c.
> > Accepted and will correct it in v2.
> >
> > >
> > > > > > + if (info_list->soc_rev)
> > > > > > + return err;
> > > > >
> > Will change the above condition to g_soc_rev.
>
> "g_" as is global? Don't do that. Use your priv!
Yes, soc_rev can be put under priv.
It is proposed like this as it is used only once, that too in this file only.

Will do this in V2.
>
> [...]
>
> > > > > > +
> > > > > > + info_list->soc_rev = s_info.soc_rev;
> > > > > > +
> > > > > > + if (!info->soc_register)
> > > > > > + return 0;
> > > > > > +
> > > > > > + attr = devm_kzalloc(dev, sizeof(*attr), GFP_KERNEL);
> > > > > > + if (!attr)
> > > > > > + return -ENOMEM;
> > > > > > +
> > > > > > + if (s_info.minor_ver)
> > > > > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL,
> "%x.%x",
> > > > > > + s_info.major_ver,
> > > > > > + s_info.minor_ver);
> > > > > > + else
> > > > > > + attr->revision = devm_kasprintf(dev, GFP_KERNEL,
> "%x",
> > > > > > + s_info.major_ver);
> > > > > > +
> > > > > > + switch (s_info.soc_id) {
> > > > > > + case SOC_ID_OF_IMX8ULP:
> > > > > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > > > > + "i.MX8ULP");
> > > > > > + break;
> > > > > > + case SOC_ID_OF_IMX93:
> > > > > > + attr->soc_id = devm_kasprintf(dev, GFP_KERNEL,
> > > > > > + "i.MX93");
> > > > > > + break;
> > > > > > + }
> > > > > > +
> > > > > > + err = of_property_read_string(of_root, "model",
> > > > > > + &attr->machine);
> > > > > > + if (err) {
> > > > > > + devm_kfree(dev, attr);
> > > > >
> > > > > Why do you do a manual cleanup of devm managed resources? Same
> > > > > applies to the other devm managed resources, too.
> > > > >
> > > > Used devm managed memory, as this function is called as part probe.
> > > > Post device registration, this devm managed memory is
> > > > un-necessarily blocked. It is better to release it as part of
> > > > clean-up, under this function only.
> > >
> > > Why do you allocate the memory with devm in the first place, if it's
> > > not needed after probe?
> >
> > Sorry to confuse you. Actually the devm_memory will be needed for the case
> of soc_registration.
> > Meaning, memory with devm, will be needed post probing as well.
> >
> > If this function fails, the probing will fail too. It will be auto cleaned.
> >
> > Accepted, will remove the devm_free in v2.
>
> If you don't need the memory past probe() allocate with kzalloc() and use
> kfree(). Only used managed resources for lifetimes beyond the probe function.
>
Understood.

> Marc
>
> --
> Pengutronix e.K. | Marc Kleine-Budde |
> Embedded Linux | https://www.pengutronix.de |
> Vertretung Nürnberg | Phone: +49-5121-206917-129 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |

2024-05-22 11:15:03

by Marc Kleine-Budde

[permalink] [raw]
Subject: Re: RE: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave

On 22.05.2024 10:46:10, Pankaj Gupta wrote:
> > > > > > > +
> > > > > > > + memset(s_info, 0x0, sizeof(*s_info));
> > > > > > > +
> > > > > > > + if (priv->mem_pool_name)
> > > > > > > + get_info_data = get_phy_buf_mem_pool(dev,
> > > > > > > + priv-
> > >mem_pool_name,
> > > > > > > + &get_info_addr,
> > > > > > > +
> > ELE_GET_INFO_BUFF_SZ);
> > > > > > > + else
> > > > > > > + get_info_data = dmam_alloc_coherent(dev,
> > > > > > > +
> > ELE_GET_INFO_BUFF_SZ,
> > > > > > > + &get_info_addr,
> > > > > > > + GFP_KERNEL);
> > > > > >
> > > > > > It's better style to move the init of the dma memory into the
> > > > > > probe function.
> > > > >
> > > > > It is not DMA init. It is DMA allocation.
> > > >
> > > > It's better style to move the allocation of the dma memory into the
> > > > probe function.
> > > >
> > > The buffer 'get_info_data', is allocated and freed within this function.
> > > This API is called multiple times:
> > > - as part of probe.
> > > - as part of suspend/resume.
> > >
> > > Why to keep the memory retained?
> >
> > I see. Then why do you allocate with dmam_alloc_coherent()?
>
> Because this memory is written by Firmware. It should be either from SRAM
> Or from reserved memory region, accessible to FW.

It's about managed resources. Why don't you use dma_alloc_coherent()?

> > > > > > > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg) {
> > > > > > > + bool is_cmd_lock_tobe_taken = false;
> > > > > > > + int err;
> > > > > > > +
> > > > > > > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > > > > > > + is_cmd_lock_tobe_taken = true;
> > > > > > > + mutex_lock(&priv->se_if_cmd_lock);
> > > > > > > + }
> > > > > > > + scoped_guard(mutex, &priv->se_if_lock);
> > > > > > > +
> > > > > > > + err = mbox_send_message(priv->tx_chan, mssg);
> > > > > > > + if (err < 0) {
> > > > > > > + dev_err(priv->dev, "Error: mbox_send_message
> > failure.\n");
> > > > > > > + if (is_cmd_lock_tobe_taken)
> > > > > > > + mutex_unlock(&priv->se_if_cmd_lock);
> > > > > >
> > > > > > Only dropping the lock in case of failure doesn't look right to me.
> > > > >
> > > > > The callers of this function, takes the execution flow to aborting
> > > > > the operation on getting return code < 0. No next action is
> > > > > expected under this aborted operation. Unlocking the lock here is
> > > > > not an issue
> > > > >
> > > > > > It seems you should better move the lock to the callers of this function.
> > > > >
> > > > > Accepted, and moved to the caller of the function for:
> > > > > - locking
> > > > > - unlocking in case of error.
> > > > >
> > > > > Unlocking in the read API, once response is successfully received
> > > > > and read.
> > > >
> > > > A better design would be: imx_ele_msg_rcv() imx_ele_msg_send() are
> > > > expected to be called locked. Add lockdep_assert_held() to these
> > > > function to document/check this.
> > > >
> > > > The callers of imx_ele_msg_rcv() and imx_ele_msg_send() have to take
> > > > care of the locking.
> > > >
> > > > [...]
> > > >
> > > The locking/unlocking of se_if_cmd_lock, is taken care by the callers only:
> > > - imx_ele_msg_send_rcv calls both the functions:
> > > --imx_ele_msg_send.
> > > --imx_ele_msg_rcv.
> > >
> > > But the lockdep_assert_held, cannot be added to imx_ele_msg_send, as
> > > its another caller function imx_ele_miscdev_msg_send calls if for
> > > sending:
> > > --- command (here command lock is taken).
> > > --- response to a command (here command lock is not taken).
> >
> > miscdev is another patch.
> Will try to split it.
>
> >
> > But why can't you use the same lock in imx_ele_miscdev_msg_send()?
> Using the same lock "se_if_cmd_lock", in imx_ele_miscdev_msg_send.
> This function is called from fops_write. This lock is taken conditionally taken depending on the kind of message:
>
> --- Message containing command (here command lock is taken).
> --- Message containing response to a command (here command lock is not taken).

Let's design a proper the kernel internal interface first. For
simplicity reasons the misc dev should be out of scope first.

> > > > > > > +static const struct imx_se_node_info_list imx93_info = {
> > > > > > > + .num_mu = 1,
> > > > > > > + .soc_id = SOC_ID_OF_IMX93,
> > > > > > > + .info = {
> > > > > > > + {
> > > > > > > + .se_if_id = 2,
> > > > > > > + .se_if_did = 3,
> > > > > > > + .max_dev_ctx = 4,
> > > > > > > + .cmd_tag = 0x17,
> > > > > > > + .rsp_tag = 0xe1,
> > > > > > > + .success_tag = 0xd6,
> > > > > > > + .base_api_ver =
> > MESSAGING_VERSION_6,
> > > > > > > + .fw_api_ver =
> > MESSAGING_VERSION_7,
> > > > > > > + .se_name = "hsm1",
> > > > > > > + .mbox_tx_name = "tx",
> > > > > > > + .mbox_rx_name = "rx",
> > > > > > > + .reserved_dma_ranges = true,
> > > > > > > + .imem_mgmt = true,
> > > > > > > + .soc_register = true,
> > > > > > > + },
> > > > > > > + },
> > > > > >
> > > > > >
> > > > > > Some (most?) members of these structs are the same. Why do you
> > > > > > have this abstraction if it's not needed right now?
> > > > >
> > > > > It is needed as the values is different for different NXP SoC
> > > > > compatible. It will be needed for NXP i.MX95 platform, whose code
> > > > > will be next in pipeline.
> > > >
> > > > How does the imx95 .info look like?
> > > >
> > > Copied from the internal repo.
> > > static const struct imx_info_list imx95_info = {
> > > .num_mu = 4,
> > > .soc_id = SOC_ID_OF_IMX95,
> > > .info = {
> > > {
> > > .socdev = false,
> > > .mu_id = 2,
> > > .mu_did = 3,
> > > .max_dev_ctx = 4,
> > > .cmd_tag = 0x17,
> > > .rsp_tag = 0xe1,
> > > .success_tag = 0xd6,
> > > .base_api_ver = MESSAGING_VERSION_6,
> > > .fw_api_ver = MESSAGING_VERSION_7,
> > > .se_name = "hsm1",
> > > .mbox_tx_name = "tx",
> > > .mbox_rx_name = "rx",
> > > .pool_name = NULL,
> > > .reserved_dma_ranges = false,
> > > .init_fw = true,
> > > .v2x_state_check = true,
> > > .start_rng = ele_start_rng,
> > > .enable_ele_trng = true,
> > > .imem_mgmt = false,
> > > .mu_buff_size = 0,
> > > .fw_name_in_rfs = NULL,
> > > },
> > > {
> > > .socdev = false,
> > > .mu_id = 0,
> > > .mu_did = 0,
> > > .max_dev_ctx = 0,
> > > .cmd_tag = 0x17,
> > > .rsp_tag = 0xe1,
> > > .success_tag = 0xd6,
> > > .base_api_ver = 0x2,
> > > .fw_api_ver = 0x2,
> > > .se_name = "v2x_dbg",
> > > .pool_name = NULL,
> > > .mbox_tx_name = "tx",
> > > .mbox_rx_name = "rx",
> > > .reserved_dma_ranges = false,
> > > .init_fw = false,
> > > .v2x_state_check = true,
> > > .start_rng = v2x_start_rng,
> > > .enable_ele_trng = false,
> > > .imem_mgmt = false,
> > > .mu_buff_size = 0,
> > > .fw_name_in_rfs = NULL,
> > > },
> > > {
> > > .socdev = false,
> > > .mu_id = 4,
> > > .mu_did = 0,
> > > .max_dev_ctx = 4,
> > > .cmd_tag = 0x18,
> > > .rsp_tag = 0xe2,
> > > .success_tag = 0xd6,
> > > .base_api_ver = 0x2,
> > > .fw_api_ver = 0x2,
> > > .se_name = "v2x_sv0",
> > > .pool_name = NULL,
> > > .mbox_tx_name = "tx",
> > > .mbox_rx_name = "rx",
> > > .reserved_dma_ranges = false,
> > > .init_fw = false,
> > > .v2x_state_check = true,
> > > .start_rng = NULL,
> > > .enable_ele_trng = false,
> > > .imem_mgmt = false,
> > > .mu_buff_size = 16,
> > > .fw_name_in_rfs = NULL,
> > > },
> > > {
> > > .socdev = false,
> > > .mu_id = 6,
> > > .mu_did = 0,
> > > .max_dev_ctx = 4,
> > > .cmd_tag = 0x1a,
> > > .rsp_tag = 0xe4,
> > > .success_tag = 0xd6,
> > > .base_api_ver = 0x2,
> > > .fw_api_ver = 0x2,
> > > .se_name = "v2x_she",
> > > .pool_name = NULL,
> > > .mbox_tx_name = "tx",
> > > .mbox_rx_name = "rx",
> > > .reserved_dma_ranges = false,
> > > .init_fw = false,
> > > .v2x_state_check = true,
> > > .start_rng = NULL,
> > > .enable_ele_trng = false,
> > > .imem_mgmt = false,
> > > .mu_buff_size = 16,
> > > .fw_name_in_rfs = NULL,
> > > },
> > > {
> > > .socdev = false,
> > > .mu_id = 6,
> > > .mu_did = 0,
> > > .max_dev_ctx = 4,
> > > .cmd_tag = 0x1a,
> > > .rsp_tag = 0xe4,
> > > .success_tag = 0xd6,
> > > .base_api_ver = 0x2,
> > > .fw_api_ver = 0x2,
> > > .se_name = "v2x_she",
> > > .pool_name = NULL,
> > > .mbox_tx_name = "tx",
> > > .mbox_rx_name = "rx",
> > > .reserved_dma_ranges = false,
> > > .init_fw = false,
> > > .v2x_state_check = true,
> > > .start_rng = NULL,
> > > .enable_ele_trng = false,
> > > .imem_mgmt = false,
> > > .mu_buff_size = 256,
> > > .fw_name_in_rfs = NULL,
> > > },
> > > }
> > > };
> >
> > Just looking at _some_, the .cmd_tag, .rsp_tag and .success_tag look the
> > same for all SoCs.
> .cmd_tag & .rsp_tag is varying for each: .se_name = "v2x_dbg", .se_name = "v2x_she" and .se_name = "v2x_sv0",
>
> .success_tag is going to be different for i.MX8DXL. It will be zero for i.MX8DXL, as compared to current 0xD6, for i.MX8ULP, 93, 95
>
>
> >
> > [...]
> >
> > > Created a static variable g_soc_rev in the se_ctrl.c.
> > > Accepted and will correct it in v2.
> > >
> > > >
> > > > > > > + if (info_list->soc_rev)
> > > > > > > + return err;
> > > > > >
> > > Will change the above condition to g_soc_rev.
> >
> > "g_" as is global? Don't do that. Use your priv!
> Yes, soc_rev can be put under priv.
> It is proposed like this as it is used only once, that too in this file only.
>
> Will do this in V2.

If it's only used once, pass it via a function parameter. If you need it
past probe, put in priv.

Marc

--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung Nürnberg | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |


Attachments:
(No filename) (13.23 kB)
signature.asc (499.00 B)
Download all attachments

2024-05-22 12:53:23

by Pankaj Gupta

[permalink] [raw]
Subject: RE: RE: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for NXP EdgeLock Enclave



> -----Original Message-----
> From: Marc Kleine-Budde <[email protected]>
> Sent: Wednesday, May 22, 2024 4:41 PM
> To: Pankaj Gupta <[email protected]>
> Cc: Jonathan Corbet <[email protected]>; Rob Herring <[email protected]>;
> Krzysztof Kozlowski <[email protected]>; Conor Dooley
> <[email protected]>; Shawn Guo <[email protected]>; Sascha Hauer
> <[email protected]>; Pengutronix Kernel Team
> <[email protected]>; Fabio Estevam <[email protected]>; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; linux-arm-
> [email protected]
> Subject: Re: RE: RE: RE: [EXT] Re: [PATCH 4/4] firmware: imx: add driver for
> NXP EdgeLock Enclave
>
> On 22.05.2024 10:46:10, Pankaj Gupta wrote:
> > > > > > > > +
> > > > > > > > + memset(s_info, 0x0, sizeof(*s_info));
> > > > > > > > +
> > > > > > > > + if (priv->mem_pool_name)
> > > > > > > > + get_info_data = get_phy_buf_mem_pool(dev,
> > > > > > > > + priv-
> > > >mem_pool_name,
> > > > > > > > + &get_info_addr,
> > > > > > > > +
> > > ELE_GET_INFO_BUFF_SZ);
> > > > > > > > + else
> > > > > > > > + get_info_data = dmam_alloc_coherent(dev,
> > > > > > > > +
> > > ELE_GET_INFO_BUFF_SZ,
> > > > > > > > + &get_info_addr,
> > > > > > > > + GFP_KERNEL);
> > > > > > >
> > > > > > > It's better style to move the init of the dma memory into
> > > > > > > the probe function.
> > > > > >
> > > > > > It is not DMA init. It is DMA allocation.
> > > > >
> > > > > It's better style to move the allocation of the dma memory into
> > > > > the probe function.
> > > > >
> > > > The buffer 'get_info_data', is allocated and freed within this function.
> > > > This API is called multiple times:
> > > > - as part of probe.
> > > > - as part of suspend/resume.
> > > >
> > > > Why to keep the memory retained?
> > >
> > > I see. Then why do you allocate with dmam_alloc_coherent()?
> >
> > Because this memory is written by Firmware. It should be either from
> > SRAM Or from reserved memory region, accessible to FW.
>
> It's about managed resources. Why don't you use dma_alloc_coherent()?

Sorry to miss out the point, you trying to make.
Accepted. Will change it in v2.

>
> > > > > > > > +int imx_ele_msg_send(struct se_if_priv *priv, void *mssg) {
> > > > > > > > + bool is_cmd_lock_tobe_taken = false;
> > > > > > > > + int err;
> > > > > > > > +
> > > > > > > > + if (!priv->waiting_rsp_dev || priv->no_dev_ctx_used) {
> > > > > > > > + is_cmd_lock_tobe_taken = true;
> > > > > > > > + mutex_lock(&priv->se_if_cmd_lock);
> > > > > > > > + }
> > > > > > > > + scoped_guard(mutex, &priv->se_if_lock);
> > > > > > > > +
> > > > > > > > + err = mbox_send_message(priv->tx_chan, mssg);
> > > > > > > > + if (err < 0) {
> > > > > > > > + dev_err(priv->dev, "Error: mbox_send_message
> > > failure.\n");
> > > > > > > > + if (is_cmd_lock_tobe_taken)
> > > > > > > > + mutex_unlock(&priv->se_if_cmd_lock);
> > > > > > >
> > > > > > > Only dropping the lock in case of failure doesn't look right to me.
> > > > > >
> > > > > > The callers of this function, takes the execution flow to
> > > > > > aborting the operation on getting return code < 0. No next
> > > > > > action is expected under this aborted operation. Unlocking the
> > > > > > lock here is not an issue
> > > > > >
> > > > > > > It seems you should better move the lock to the callers of this
> function.
> > > > > >
> > > > > > Accepted, and moved to the caller of the function for:
> > > > > > - locking
> > > > > > - unlocking in case of error.
> > > > > >
> > > > > > Unlocking in the read API, once response is successfully
> > > > > > received and read.
> > > > >
> > > > > A better design would be: imx_ele_msg_rcv() imx_ele_msg_send()
> > > > > are expected to be called locked. Add lockdep_assert_held() to
> > > > > these function to document/check this.
> > > > >
> > > > > The callers of imx_ele_msg_rcv() and imx_ele_msg_send() have to
> > > > > take care of the locking.
> > > > >
> > > > > [...]
> > > > >
> > > > The locking/unlocking of se_if_cmd_lock, is taken care by the callers
> only:
> > > > - imx_ele_msg_send_rcv calls both the functions:
> > > > --imx_ele_msg_send.
> > > > --imx_ele_msg_rcv.
> > > >
> > > > But the lockdep_assert_held, cannot be added to imx_ele_msg_send,
> > > > as its another caller function imx_ele_miscdev_msg_send calls if
> > > > for
> > > > sending:
> > > > --- command (here command lock is taken).
> > > > --- response to a command (here command lock is not taken).
> > >
> > > miscdev is another patch.
> > Will try to split it.
> >
> > >
> > > But why can't you use the same lock in imx_ele_miscdev_msg_send()?
> > Using the same lock "se_if_cmd_lock", in imx_ele_miscdev_msg_send.
> > This function is called from fops_write. This lock is taken conditionally taken
> depending on the kind of message:
> >
> > --- Message containing command (here command lock is taken).
> > --- Message containing response to a command (here command lock is not
> taken).
>
> Let's design a proper the kernel internal interface first. For simplicity reasons
> the misc dev should be out of scope first

Ok, will split the patch.
In patch 4/5 the lockdep_assert_held will be added to imx_ele_msg_send, and in the patch 5/5, it will be removed or I need to create duplicate function without lockdep_assert_held.

>
> > > > > > > > +static const struct imx_se_node_info_list imx93_info = {
> > > > > > > > + .num_mu = 1,
> > > > > > > > + .soc_id = SOC_ID_OF_IMX93,
> > > > > > > > + .info = {
> > > > > > > > + {
> > > > > > > > + .se_if_id = 2,
> > > > > > > > + .se_if_did = 3,
> > > > > > > > + .max_dev_ctx = 4,
> > > > > > > > + .cmd_tag = 0x17,
> > > > > > > > + .rsp_tag = 0xe1,
> > > > > > > > + .success_tag = 0xd6,
> > > > > > > > + .base_api_ver =
> > > MESSAGING_VERSION_6,
> > > > > > > > + .fw_api_ver =
> > > MESSAGING_VERSION_7,
> > > > > > > > + .se_name = "hsm1",
> > > > > > > > + .mbox_tx_name = "tx",
> > > > > > > > + .mbox_rx_name = "rx",
> > > > > > > > + .reserved_dma_ranges = true,
> > > > > > > > + .imem_mgmt = true,
> > > > > > > > + .soc_register = true,
> > > > > > > > + },
> > > > > > > > + },
> > > > > > >
> > > > > > >
> > > > > > > Some (most?) members of these structs are the same. Why do
> > > > > > > you have this abstraction if it's not needed right now?
> > > > > >
> > > > > > It is needed as the values is different for different NXP SoC
> > > > > > compatible. It will be needed for NXP i.MX95 platform, whose
> > > > > > code will be next in pipeline.
> > > > >
> > > > > How does the imx95 .info look like?
> > > > >
> > > > Copied from the internal repo.
> > > > static const struct imx_info_list imx95_info = {
> > > > .num_mu = 4,
> > > > .soc_id = SOC_ID_OF_IMX95,
> > > > .info = {
> > > > {
> > > > .socdev = false,
> > > > .mu_id = 2,
> > > > .mu_did = 3,
> > > > .max_dev_ctx = 4,
> > > > .cmd_tag = 0x17,
> > > > .rsp_tag = 0xe1,
> > > > .success_tag = 0xd6,
> > > > .base_api_ver = MESSAGING_VERSION_6,
> > > > .fw_api_ver = MESSAGING_VERSION_7,
> > > > .se_name = "hsm1",
> > > > .mbox_tx_name = "tx",
> > > > .mbox_rx_name = "rx",
> > > > .pool_name = NULL,
> > > > .reserved_dma_ranges = false,
> > > > .init_fw = true,
> > > > .v2x_state_check = true,
> > > > .start_rng = ele_start_rng,
> > > > .enable_ele_trng = true,
> > > > .imem_mgmt = false,
> > > > .mu_buff_size = 0,
> > > > .fw_name_in_rfs = NULL,
> > > > },
> > > > {
> > > > .socdev = false,
> > > > .mu_id = 0,
> > > > .mu_did = 0,
> > > > .max_dev_ctx = 0,
> > > > .cmd_tag = 0x17,
> > > > .rsp_tag = 0xe1,
> > > > .success_tag = 0xd6,
> > > > .base_api_ver = 0x2,
> > > > .fw_api_ver = 0x2,
> > > > .se_name = "v2x_dbg",
> > > > .pool_name = NULL,
> > > > .mbox_tx_name = "tx",
> > > > .mbox_rx_name = "rx",
> > > > .reserved_dma_ranges = false,
> > > > .init_fw = false,
> > > > .v2x_state_check = true,
> > > > .start_rng = v2x_start_rng,
> > > > .enable_ele_trng = false,
> > > > .imem_mgmt = false,
> > > > .mu_buff_size = 0,
> > > > .fw_name_in_rfs = NULL,
> > > > },
> > > > {
> > > > .socdev = false,
> > > > .mu_id = 4,
> > > > .mu_did = 0,
> > > > .max_dev_ctx = 4,
> > > > .cmd_tag = 0x18,
> > > > .rsp_tag = 0xe2,
> > > > .success_tag = 0xd6,
> > > > .base_api_ver = 0x2,
> > > > .fw_api_ver = 0x2,
> > > > .se_name = "v2x_sv0",
> > > > .pool_name = NULL,
> > > > .mbox_tx_name = "tx",
> > > > .mbox_rx_name = "rx",
> > > > .reserved_dma_ranges = false,
> > > > .init_fw = false,
> > > > .v2x_state_check = true,
> > > > .start_rng = NULL,
> > > > .enable_ele_trng = false,
> > > > .imem_mgmt = false,
> > > > .mu_buff_size = 16,
> > > > .fw_name_in_rfs = NULL,
> > > > },
> > > > {
> > > > .socdev = false,
> > > > .mu_id = 6,
> > > > .mu_did = 0,
> > > > .max_dev_ctx = 4,
> > > > .cmd_tag = 0x1a,
> > > > .rsp_tag = 0xe4,
> > > > .success_tag = 0xd6,
> > > > .base_api_ver = 0x2,
> > > > .fw_api_ver = 0x2,
> > > > .se_name = "v2x_she",
> > > > .pool_name = NULL,
> > > > .mbox_tx_name = "tx",
> > > > .mbox_rx_name = "rx",
> > > > .reserved_dma_ranges = false,
> > > > .init_fw = false,
> > > > .v2x_state_check = true,
> > > > .start_rng = NULL,
> > > > .enable_ele_trng = false,
> > > > .imem_mgmt = false,
> > > > .mu_buff_size = 16,
> > > > .fw_name_in_rfs = NULL,
> > > > },
> > > > {
> > > > .socdev = false,
> > > > .mu_id = 6,
> > > > .mu_did = 0,
> > > > .max_dev_ctx = 4,
> > > > .cmd_tag = 0x1a,
> > > > .rsp_tag = 0xe4,
> > > > .success_tag = 0xd6,
> > > > .base_api_ver = 0x2,
> > > > .fw_api_ver = 0x2,
> > > > .se_name = "v2x_she",
> > > > .pool_name = NULL,
> > > > .mbox_tx_name = "tx",
> > > > .mbox_rx_name = "rx",
> > > > .reserved_dma_ranges = false,
> > > > .init_fw = false,
> > > > .v2x_state_check = true,
> > > > .start_rng = NULL,
> > > > .enable_ele_trng = false,
> > > > .imem_mgmt = false,
> > > > .mu_buff_size = 256,
> > > > .fw_name_in_rfs = NULL,
> > > > },
> > > > }
> > > > };
> > >
> > > Just looking at _some_, the .cmd_tag, .rsp_tag and .success_tag look
> > > the same for all SoCs.
> > .cmd_tag & .rsp_tag is varying for each: .se_name = "v2x_dbg",
> > .se_name = "v2x_she" and .se_name = "v2x_sv0",
> >
> > .success_tag is going to be different for i.MX8DXL. It will be zero
> > for i.MX8DXL, as compared to current 0xD6, for i.MX8ULP, 93, 95
> >
> >
> > >
> > > [...]
> > >
> > > > Created a static variable g_soc_rev in the se_ctrl.c.
> > > > Accepted and will correct it in v2.
> > > >
> > > > >
> > > > > > > > + if (info_list->soc_rev)
> > > > > > > > + return err;
> > > > > > >
> > > > Will change the above condition to g_soc_rev.
> > >
> > > "g_" as is global? Don't do that. Use your priv!
> > Yes, soc_rev can be put under priv.
> > It is proposed like this as it is used only once, that too in this file only.
> >
> > Will do this in V2.
>
> If it's only used once, pass it via a function parameter. If you need it past
> probe, put in priv.
>
Need it past probe.

> Marc
>
> --
> Pengutronix e.K. | Marc Kleine-Budde |
> Embedded Linux | https://www.pengutronix.de |
> Vertretung Nürnberg | Phone: +49-5121-206917-129 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |