These patch series introduce a generic rng driver for Trustzone
based kernel driver which would like to communicate with ATF
SIP services.
Patch #1 initials SMC fid table for Mediatek SIP interfaces and
adds HWRNG related SMC call.
Patch #2..3 adds mtk-sec-rng kernel driver for Trustzone based SoCs.
For MediaTek SoCs on ARMv8 with TrustZone enabled, peripherals like
entropy sources is not accessible from normal world (linux) and
rather accessible from secure world (ATF/TEE) only. This driver aims
to provide a generic interface to ATF rng service.
changes since v1:
- rename mt67xx-rng to mtk-sec-rng since all MediaTek ARMv8 SoCs
can reuse this driver.
- refine coding style and unnecessary check.
changes since v2:
- remove unused comments.
- remove redundant variable.
changes since v3:
- add dt-bindings for MediaTek rng with TrustZone enabled
- revise HWRNG SMC call fid
Neal Liu (3):
soc: mediatek: add SMC fid table for SIP interface
dt-bindings: rng: add bindings for MediaTek ARMv8 SoCs
hwrng: add mtk-sec-rng driver
.../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++
drivers/char/hw_random/Kconfig | 16 +++
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/mtk-sec-rng.c | 97 +++++++++++++++++++
include/linux/soc/mediatek/mtk_sip_svc.h | 33 +++++++
5 files changed, 157 insertions(+)
create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
create mode 100644 drivers/char/hw_random/mtk-sec-rng.c
create mode 100644 include/linux/soc/mediatek/mtk_sip_svc.h
--
2.18.0
Document the binding used by the MediaTek ARMv8 SoCs random
number generator with TrustZone enabled.
Signed-off-by: Neal Liu <[email protected]>
---
.../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++++++++++
1 file changed, 10 insertions(+)
create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
diff --git a/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
new file mode 100644
index 0000000..c04ce15
--- /dev/null
+++ b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
@@ -0,0 +1,10 @@
+MediaTek random number generator with TrustZone enabled
+
+Required properties:
+- compatible : Should be "mediatek,mtk-sec-rng"
+
+Example:
+
+hwrng: hwrng {
+ compatible = "mediatek,mtk-sec-rng";
+}
--
1.7.9.5
1. Add a header file to provide SIP interface to ATF
2. Add hwrng SMC fid
Signed-off-by: Neal Liu <[email protected]>
---
include/linux/soc/mediatek/mtk_sip_svc.h | 33 ++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
create mode 100644 include/linux/soc/mediatek/mtk_sip_svc.h
diff --git a/include/linux/soc/mediatek/mtk_sip_svc.h b/include/linux/soc/mediatek/mtk_sip_svc.h
new file mode 100644
index 0000000..8cc8b5c
--- /dev/null
+++ b/include/linux/soc/mediatek/mtk_sip_svc.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (c) 2019 MediaTek Inc.
+ */
+
+#ifndef _MTK_SECURE_API_H_
+#define _MTK_SECURE_API_H_
+
+#include <linux/kernel.h>
+
+/* Error Code */
+#define SIP_SVC_E_SUCCESS 0
+#define SIP_SVC_E_NOT_SUPPORTED -1
+#define SIP_SVC_E_INVALID_PARAMS -2
+#define SIP_SVC_E_INVALID_RANGE -3
+#define SIP_SVC_E_PERMISSION_DENY -4
+
+#ifdef CONFIG_ARM64
+#define MTK_SIP_SMC_AARCH_BIT BIT(30)
+#else
+#define MTK_SIP_SMC_AARCH_BIT 0
+#endif
+
+/*******************************************************************************
+ * Defines for Mediatek runtime services func ids
+ ******************************************************************************/
+
+/* Security related SMC call */
+/* HWRNG */
+#define MTK_SIP_KERNEL_GET_RND \
+ (0x8200026A | MTK_SIP_SMC_AARCH_BIT)
+
+#endif /* _MTK_SECURE_API_H_ */
--
1.7.9.5
On Mon, Jun 24, 2019 at 03:24:11PM +0800, Neal Liu wrote:
> Document the binding used by the MediaTek ARMv8 SoCs random
> number generator with TrustZone enabled.
>
> Signed-off-by: Neal Liu <[email protected]>
> ---
> .../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++++++++++
> 1 file changed, 10 insertions(+)
> create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
>
> diff --git a/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> new file mode 100644
> index 0000000..c04ce15
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> @@ -0,0 +1,10 @@
> +MediaTek random number generator with TrustZone enabled
> +
> +Required properties:
> +- compatible : Should be "mediatek,mtk-sec-rng"
What's the interface to access this?
A node with a 'compatible' and nothing else is a sign of something that
a parent device should instantiate and doesn't need to be in DT. IOW,
what do complete bindings for firmware functions look like?
> +
> +Example:
> +
> +hwrng: hwrng {
> + compatible = "mediatek,mtk-sec-rng";
> +}
> --
> 1.7.9.5
>
Dear Rob,
You can check my driver for detail:
http://patchwork.kernel.org/patch/11012475/ or patchset 3/3
This driver is registered as hardware random number generator, and
combines with rng-core.
We want to add one rng hw based on the dts. Is this proper or do you
have other suggestion to meet this requirement?
Thanks
On Tue, 2019-07-23 at 01:13 +0800, Rob Herring wrote:
> On Mon, Jun 24, 2019 at 03:24:11PM +0800, Neal Liu wrote:
> > Document the binding used by the MediaTek ARMv8 SoCs random
> > number generator with TrustZone enabled.
> >
> > Signed-off-by: Neal Liu <[email protected]>
> > ---
> > .../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> > create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> >
> > diff --git a/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > new file mode 100644
> > index 0000000..c04ce15
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > @@ -0,0 +1,10 @@
> > +MediaTek random number generator with TrustZone enabled
> > +
> > +Required properties:
> > +- compatible : Should be "mediatek,mtk-sec-rng"
>
> What's the interface to access this?
>
> A node with a 'compatible' and nothing else is a sign of something that
> a parent device should instantiate and doesn't need to be in DT. IOW,
> what do complete bindings for firmware functions look like?
>
> > +
> > +Example:
> > +
> > +hwrng: hwrng {
> > + compatible = "mediatek,mtk-sec-rng";
> > +}
> > --
> > 1.7.9.5
> >
>
> _______________________________________________
> Linux-mediatek mailing list
> [email protected]
> http://lists.infradead.org/mailman/listinfo/linux-mediatek
On Mon, Jul 22, 2019 at 8:21 PM Neal Liu <[email protected]> wrote:
>
Please don't top post to lists.
> Dear Rob,
> You can check my driver for detail:
> http://patchwork.kernel.org/patch/11012475/ or patchset 3/3
I could, or you could just answer my question.
>
> This driver is registered as hardware random number generator, and
> combines with rng-core.
> We want to add one rng hw based on the dts. Is this proper or do you
> have other suggestion to meet this requirement?
It depends. There doesn't appear to be any resource configuration, so
why does it need to be in DT. DT is not the only way instantiate
drivers.
Rob
>
> Thanks
>
>
> On Tue, 2019-07-23 at 01:13 +0800, Rob Herring wrote:
> > On Mon, Jun 24, 2019 at 03:24:11PM +0800, Neal Liu wrote:
> > > Document the binding used by the MediaTek ARMv8 SoCs random
> > > number generator with TrustZone enabled.
> > >
> > > Signed-off-by: Neal Liu <[email protected]>
> > > ---
> > > .../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++++++++++
> > > 1 file changed, 10 insertions(+)
> > > create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > >
> > > diff --git a/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > new file mode 100644
> > > index 0000000..c04ce15
> > > --- /dev/null
> > > +++ b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > @@ -0,0 +1,10 @@
> > > +MediaTek random number generator with TrustZone enabled
> > > +
> > > +Required properties:
> > > +- compatible : Should be "mediatek,mtk-sec-rng"
> >
> > What's the interface to access this?
> >
> > A node with a 'compatible' and nothing else is a sign of something that
> > a parent device should instantiate and doesn't need to be in DT. IOW,
> > what do complete bindings for firmware functions look like?
> >
> > > +
> > > +Example:
> > > +
> > > +hwrng: hwrng {
> > > + compatible = "mediatek,mtk-sec-rng";
> > > +}
> > > --
> > > 1.7.9.5
> > >
> >
> > _______________________________________________
> > Linux-mediatek mailing list
> > [email protected]
> > http://lists.infradead.org/mailman/listinfo/linux-mediatek
>
>
On Tue, 2019-07-23 at 08:35 -0600, Rob Herring wrote:
> On Mon, Jul 22, 2019 at 8:21 PM Neal Liu <[email protected]> wrote:
> >
>
> Please don't top post to lists.
>
> > Dear Rob,
> > You can check my driver for detail:
> > http://patchwork.kernel.org/patch/11012475/ or patchset 3/3
>
> I could, or you could just answer my question.
>
> >
> > This driver is registered as hardware random number generator, and
> > combines with rng-core.
> > We want to add one rng hw based on the dts. Is this proper or do you
> > have other suggestion to meet this requirement?
>
> It depends. There doesn't appear to be any resource configuration, so
> why does it need to be in DT. DT is not the only way instantiate
> drivers.
>
> Rob
This hwrng is only supported on some chipsets. It needs DT to identify
which platform is supported or not. Is there any better idea to meet
this requirement?
Neal
> >
> > Thanks
> >
> >
> > On Tue, 2019-07-23 at 01:13 +0800, Rob Herring wrote:
> > > On Mon, Jun 24, 2019 at 03:24:11PM +0800, Neal Liu wrote:
> > > > Document the binding used by the MediaTek ARMv8 SoCs random
> > > > number generator with TrustZone enabled.
> > > >
> > > > Signed-off-by: Neal Liu <[email protected]>
> > > > ---
> > > > .../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++++++++++
> > > > 1 file changed, 10 insertions(+)
> > > > create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > >
> > > > diff --git a/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > > new file mode 100644
> > > > index 0000000..c04ce15
> > > > --- /dev/null
> > > > +++ b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > > @@ -0,0 +1,10 @@
> > > > +MediaTek random number generator with TrustZone enabled
> > > > +
> > > > +Required properties:
> > > > +- compatible : Should be "mediatek,mtk-sec-rng"
> > >
> > > What's the interface to access this?
> > >
> > > A node with a 'compatible' and nothing else is a sign of something that
> > > a parent device should instantiate and doesn't need to be in DT. IOW,
> > > what do complete bindings for firmware functions look like?
> > >
> > > > +
> > > > +Example:
> > > > +
> > > > +hwrng: hwrng {
> > > > + compatible = "mediatek,mtk-sec-rng";
> > > > +}
> > > > --
> > > > 1.7.9.5
> > > >
> > >
> > > _______________________________________________
> > > Linux-mediatek mailing list
> > > [email protected]
> > > http://lists.infradead.org/mailman/listinfo/linux-mediatek
> >
> >
Dear Matthias, Rob, Mark,
Just gentle ping.
Thanks
> On Mon, 2019-06-24 at 15:24 +0800, Neal Liu wrote:
> > These patch series introduce a generic rng driver for Trustzone
> > based kernel driver which would like to communicate with ATF
> > SIP services.
> >
> > Patch #1 initials SMC fid table for Mediatek SIP interfaces and
> > adds HWRNG related SMC call.
> >
> > Patch #2..3 adds mtk-sec-rng kernel driver for Trustzone based SoCs.
> > For MediaTek SoCs on ARMv8 with TrustZone enabled, peripherals like
> > entropy sources is not accessible from normal world (linux) and
> > rather accessible from secure world (ATF/TEE) only. This driver aims
> > to provide a generic interface to ATF rng service.
> >
> >
> > changes since v1:
> > - rename mt67xx-rng to mtk-sec-rng since all MediaTek ARMv8 SoCs
> > can reuse this driver.
> > - refine coding style and unnecessary check.
> >
> > changes since v2:
> > - remove unused comments.
> > - remove redundant variable.
> >
> > changes since v3:
> > - add dt-bindings for MediaTek rng with TrustZone enabled
> > - revise HWRNG SMC call fid
> >
> >
> > Neal Liu (3):
> > soc: mediatek: add SMC fid table for SIP interface
> > dt-bindings: rng: add bindings for MediaTek ARMv8 SoCs
> > hwrng: add mtk-sec-rng driver
> >
> > .../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++
> > drivers/char/hw_random/Kconfig | 16 +++
> > drivers/char/hw_random/Makefile | 1 +
> > drivers/char/hw_random/mtk-sec-rng.c | 97 +++++++++++++++++++
> > include/linux/soc/mediatek/mtk_sip_svc.h | 33 +++++++
> > 5 files changed, 157 insertions(+)
> > create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > create mode 100644 drivers/char/hw_random/mtk-sec-rng.c
> > create mode 100644 include/linux/soc/mediatek/mtk_sip_svc.h
> >
>
On Tue, 2019-07-23 at 22:35 +0800, Rob Herring wrote:
> On Mon, Jul 22, 2019 at 8:21 PM Neal Liu <[email protected]> wrote:
> >
>
> Please don't top post to lists.
>
> > Dear Rob,
> > You can check my driver for detail:
> > http://patchwork.kernel.org/patch/11012475/ or patchset 3/3
>
> I could, or you could just answer my question.
>
> >
> > This driver is registered as hardware random number generator, and
> > combines with rng-core.
> > We want to add one rng hw based on the dts. Is this proper or do you
> > have other suggestion to meet this requirement?
>
> It depends. There doesn't appear to be any resource configuration, so
> why does it need to be in DT. DT is not the only way instantiate
> drivers.
>
> Rob
>
We would like to consult more about this patch.
We cannot figure out what method should be used instead of DT.
The interface to access firmware is "smc" and firmware function only
exists on certain platforms.
Some DT has similar way, like:
http://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts#L470
firmware {
optee {
compatible = "linaro,optee-tz";
method = "smc";
};
};
Is there any way to instantiate driver on certain platforms without DT?
Could you give us some examples?
Thanks
> >
> > Thanks
> >
> >
> > On Tue, 2019-07-23 at 01:13 +0800, Rob Herring wrote:
> > > On Mon, Jun 24, 2019 at 03:24:11PM +0800, Neal Liu wrote:
> > > > Document the binding used by the MediaTek ARMv8 SoCs random
> > > > number generator with TrustZone enabled.
> > > >
> > > > Signed-off-by: Neal Liu <[email protected]>
> > > > ---
> > > > .../devicetree/bindings/rng/mtk-sec-rng.txt | 10 ++++++++++
> > > > 1 file changed, 10 insertions(+)
> > > > create mode 100644 Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > >
> > > > diff --git a/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > > new file mode 100644
> > > > index 0000000..c04ce15
> > > > --- /dev/null
> > > > +++ b/Documentation/devicetree/bindings/rng/mtk-sec-rng.txt
> > > > @@ -0,0 +1,10 @@
> > > > +MediaTek random number generator with TrustZone enabled
> > > > +
> > > > +Required properties:
> > > > +- compatible : Should be "mediatek,mtk-sec-rng"
> > >
> > > What's the interface to access this?
> > >
> > > A node with a 'compatible' and nothing else is a sign of something that
> > > a parent device should instantiate and doesn't need to be in DT. IOW,
> > > what do complete bindings for firmware functions look like?
> > >
> > > > +
> > > > +Example:
> > > > +
> > > > +hwrng: hwrng {
> > > > + compatible = "mediatek,mtk-sec-rng";
> > > > +}
> > > > --
> > > > 1.7.9.5
> > > >
> > >
> > > _______________________________________________
> > > Linux-mediatek mailing list
> > > [email protected]
> > > http://lists.infradead.org/mailman/listinfo/linux-mediatek
> >
> >