MLK-11922 i.mx6: Linux 3.14.28 CAAM & SNVS enabled by default.

JTAG, DS-5 attachment causes exceptions Added properties to device tree, in order to enable and disable alarms. The following are the available alarms: -JTAG active -WatchDOG 2 reset -Internal Boot -External Tamper Detection pad (Vipul: Fixed merge conflicts) TODO: checkpatch warnings Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com>
2025-09-03 10:33:11 +02:00 · 2015-11-18 08:10:26 -06:00 · 2015-11-18 08:10:26 -06:00 · 9d9ca7a03e
commit 9d9ca7a03e
parent e31b264218
5 changed files with 56 additions and 15 deletions
--- a/arch/arm/boot/dts/imx6qdl.dtsi
+++ b/arch/arm/boot/dts/imx6qdl.dtsi
@ -168,6 +168,10 @@
 			compatible = "fsl,imx6q-caam-secvio";
 			interrupts = <0 20 0x04>;
 			secvio_src = <0x8000001d>;
+			jtag-tamper = "disabled";
+			watchdog-tamper = "enabled";
+			internal-boot-tamper = "enabled";
+			external-pin-tamper = "disabled";
 		};

 		gpmi: gpmi-nand@112000 {
--- a/arch/arm/boot/dts/imx6sx.dtsi
+++ b/arch/arm/boot/dts/imx6sx.dtsi
@ -290,6 +290,10 @@
 			compatible = "fsl,imx6q-caam-secvio";
 			interrupts = <0 20 0x04>;
 			secvio_src = <0x8000001d>;
+			jtag-tamper = "disabled";
+			watchdog-tamper = "enabled";
+			internal-boot-tamper = "enabled";
+			external-pin-tamper = "disabled";
 		};

 		gpu3d: gpu3d@01800000 {
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@ -226,12 +226,16 @@

 		caam_sm: caam-sm@00100000 {
 			compatible = "fsl,imx7d-caam-sm", "fsl,imx6q-caam-sm";
-			reg = <0x00100000 0x8000>;
+			reg = <0x00100000 0x3fff>;
 		};

 		irq_sec_vio: caam_secvio {
 			compatible = "fsl,imx7d-caam-secvio", "fsl,imx6q-caam-secvio";
 			interrupts = <GIC_SPI 20 IRQ_TYPE_LEVEL_HIGH>;
+			jtag-tamper = "disabled";
+			watchdog-tamper = "enabled";
+			internal-boot-tamper = "enabled";
+			external-pin-tamper = "disabled";
 		};

 		gpmi: gpmi-nand@1806000 {
--- a/arch/arm/boot/dts/imx7d.dtsi
+++ b/arch/arm/boot/dts/imx7d.dtsi
@ -114,6 +114,10 @@
 		irq_sec_vio: caam_secvio {
 			compatible = "fsl,imx7d-caam-secvio", "fsl,imx6q-caam-secvio";
 			interrupts = <GIC_SPI 20 IRQ_TYPE_LEVEL_HIGH>;
+			jtag-tamper = "disabled";
+			watchdog-tamper = "enabled";
+			internal-boot-tamper = "enabled";
+			external-pin-tamper = "disabled";
 		};

 		pmu {
--- a/drivers/crypto/caam/secvio.c
+++ b/drivers/crypto/caam/secvio.c
@ -1,7 +1,7 @@

 /*
 * SNVS Security Violation Handler
- * Copyright (C) 2012-2015 Freescale Semiconductor, Inc., All Rights Reserved
+ * Copyright (C) 2012-2016 Freescale Semiconductor, Inc., All Rights Reserved
 */

 #include "compat.h"
@ -205,6 +205,8 @@ static int snvs_secvio_probe(struct platform_device *pdev)
 	struct snvs_full __iomem *snvsregs;
 	int i, error;
 	u32 hpstate;
+	const void *jtd, *wtd, *itd, *etd;
+	u32 td_en;

 	svpriv = kzalloc(sizeof(struct snvs_secvio_drv_private), GFP_KERNEL);
 	if (!svpriv)
@ -227,6 +229,34 @@ static int snvs_secvio_probe(struct platform_device *pdev)
 		return -EINVAL;
 	}

+	jtd = of_get_property(npirq, "jtag-tamper", NULL);
+	wtd = of_get_property(npirq, "watchdog-tamper", NULL);
+	itd = of_get_property(npirq, "internal-boot-tamper", NULL);
+	etd = of_get_property(npirq, "external-pin-tamper", NULL);
+	if (!jtd | !wtd | !itd | !etd ) {
+		dev_err(svdev, "can't identify tamper alarm configuration\n");
+		kfree(svpriv);
+		return -EINVAL;
+	}
+
+	/*
+	 * Configure all sources  according to device tree property.
+	 * If the property is enabled then the source is ser as
+	 * fatal violations except LP section,
+	 * source #5 (typically used as an external tamper detect), and
+	 * source #3 (typically unused). Whenever the transition to
+	 * secure mode has occurred, these will now be "fatal" violations
+	 */
+	td_en = HP_SECVIO_INTEN_SRC0;
+	if (!strcmp(jtd, "enabled"))
+		td_en |= HP_SECVIO_INTEN_SRC1;
+	if (!strcmp(wtd, "enabled"))
+		td_en |= HP_SECVIO_INTEN_SRC2;
+	if (!strcmp(itd, "enabled"))
+		td_en |= HP_SECVIO_INTEN_SRC4;
+	if (!strcmp(etd, "enabled"))
+		td_en |= HP_SECVIO_INTEN_SRC5;
+
 	snvsregs = of_iomap(np, 0);
 	if (!snvsregs) {
 		dev_err(svdev, "register mapping failed\n");
@ -240,6 +270,10 @@ static int snvs_secvio_probe(struct platform_device *pdev)
 		svpriv->clk = NULL;
 	}

+	/* Write the Secvio Enable Config the SVCR */
+	wr_reg32(&svpriv->svregs->hp.secvio_ctl, td_en);
+	wr_reg32(&svpriv->svregs->hp.secvio_intcfg, td_en);
+
 	 /* Device data set up. Now init interrupt source descriptions */
 	for (i = 0; i < MAX_SECVIO_SOURCES; i++) {
 		svpriv->intsrc[i].intname = violation_src_name[i];
@ -262,15 +296,6 @@ static int snvs_secvio_probe(struct platform_device *pdev)
 	}

 	clk_prepare_enable(svpriv->clk);
-	/*
-	 * Configure all sources as fatal violations except LP section,
-	 * source #5 (typically used as an external tamper detect), and
-	 * source #3 (typically unused). Whenever the transition to
-	 * secure mode has occurred, these will now be "fatal" violations
-	 */
-	wr_reg32(&svpriv->svregs->hp.secvio_intcfg,
-		 HP_SECVIO_INTEN_SRC4 | HP_SECVIO_INTEN_SRC2 |
-		 HP_SECVIO_INTEN_SRC1 | HP_SECVIO_INTEN_SRC0);

 	hpstate = (rd_reg32(&svpriv->svregs->hp.status) &
 			    HP_STATUS_SSM_ST_MASK) >> HP_STATUS_SSM_ST_SHIFT;