Home
last modified time | relevance | path

Searched full:secure (Results 1 – 25 of 1713) sorted by relevance

12345678910>>...69

/openbmc/linux/Documentation/devicetree/bindings/arm/
H A Dsecure.txt1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
/openbmc/u-boot/doc/
H A DREADME.ti-secure1 README on how boot images are created for secure TI devices
4 Secure TI devices require a boot image that is authenticated by ROM
7 a secure device from TI, the initial public software image must be signed
11 from Texas Instruments. The tools used to generate boot images for secure
12 devices are part of a secure development package (SECDEV) that can be
17 The secure development package is access controlled due to NDA and export
31 warning is issued during the build to indicate that a final secure
38 This is called as part of the SPL/u-boot build process. As the secure
39 boot image formats and requirements differ between secure SOC from TI,
44 package for creating a bootable SPL image for secure TI devices.
[all …]
/openbmc/openbmc/meta-arm/meta-arm-bsp/documentation/corstone1000/
H A Dsoftware-architecture.rst36 framework to build secure IoT devices.
39 different types of systems: Secure Enclave, Host and External System.
48 The Secure Enclave System, provides PSA Root of Trust (RoT) and
51 secure flash. Software running on the Secure Enclave is isolated via
52 hardware for enhanced security. Communication with the Secure Encalve
54 On system power on, the Secure Enclave boots first. Its software
57 Secure Enclave follows Firmware Framework for M class
62 the TrustZone technology that allows secure and non-secure security
66 The Host Subsystem is taken out of reset by the Secure Enclave system
68 FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
[all …]
/openbmc/qemu/include/hw/intc/
H A Darmv7m_nvic.h47 * a Secure and a NonSecure version of the exception and its state):
50 * they may be configurable to target either Secure or NonSecure state.
51 * We store the secure exception state in sec_vectors[] for the banked
53 * like SecureFault that unconditionally target Secure state).
72 /* true if vectpending is a banked secure exception, ie it is in
91 * @secure: false for non-banked exceptions or for the nonsecure
92 * version of a banked exception, true for the secure version of a banked
96 * if @secure is true and @irq does not specify one of the fixed set
99 void armv7m_nvic_set_pending(NVICState *s, int irq, bool secure);
104 * @secure: false for non-banked exceptions or for the nonsecure
[all …]
/openbmc/bmcweb/redfish-core/schema/dmtf/json-schema/
H A DSecureBoot.v1_1_2.json60 "description": "This action resets the UEFI Secure Boot keys.",
61Secure Boot key databases. The `ResetAllKeysToDefault` value shall reset all UEFI Secure Boot key…
65 … "description": "The type of reset or delete to perform on the UEFI Secure Boot databases.",
66 …parameter shall specify the type of reset or delete to perform on the UEFI Secure Boot databases.",
104 …"DeleteAllKeys": "Delete the contents of all UEFI Secure Boot key databases, including the PK key …
105 …"DeletePK": "Delete the contents of the PK UEFI Secure Boot database. This puts the system in Set…
106 …"ResetAllKeysToDefault": "Reset the contents of all UEFI Secure Boot key databases, including the …
112 …he `SecureBoot` schema contains UEFI Secure Boot information and represents properties for managin…
113 …"longDescription": "This resource contains UEFI Secure Boot information for a Redfish implementati…
179 "description": "The UEFI Secure Boot state during the current boot cycle.",
[all …]
H A DSecureBootDatabase.v1_0_3.json60 … "description": "This action is used to reset the UEFI Secure Boot keys of this database.",
61Secure Boot key database. The `ResetAllKeysToDefault` value shall reset this UEFI Secure Boot key…
65 … "description": "The type of reset or delete to perform on this UEFI Secure Boot database.",
66 …parameter shall specify the type of reset or delete to perform on this UEFI Secure Boot database.",
103 "DeleteAllKeys": "Delete the contents of this UEFI Secure Boot key database.",
104 …"ResetAllKeysToDefault": "Reset the contents of this UEFI Secure Boot key database to the default …
110 …"description": "The `SecureBootDatabase` schema describes a UEFI Secure Boot database used to stor…
111 …"longDescription": "This resource shall be used to represent a UEFI Secure Boot database for a Red…
146 …cription": "A link to the collection of certificates contained in this UEFI Secure Boot database.",
151 … "description": "This property contains the name of the UEFI Secure Boot database.",
[all …]
/openbmc/u-boot/arch/arm/include/asm/
H A Domap_sec_common.h14 * Invoke secure ROM API on high-security (HS) device variants. It formats
21 * Invoke a secure ROM API on high-secure (HS) device variants that can be used
22 * to verify a secure blob by authenticating and optionally decrypting it. The
24 * into the blob during the signing/encryption step when the secure blob was
30 * Return the start of secure reserved RAM, if a default start address has
36 * Invoke a secure HAL API that allows configuration of the external memory
44 * Invoke a secure HAL API on high-secure (HS) device variants that reserves a
45 * region of external memory for secure world use, and protects it using memory
47 * memory that will be used for a secure world OS/TEE.
52 * Invoke a secure HAL API to lock the external memory firewall configurations.
[all …]
/openbmc/linux/Documentation/powerpc/
H A Dultravisor.rst15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
57 is in secure mode, MSR(s)=0 process is in normal mode.
63 the VM it is returning to is secure.
73 **Secure Mode MSR Settings**
101 * Memory is partitioned into secure and normal memory. Only processes
102 that are running in secure mode can access secure memory.
104 * The hardware does not allow anything that is not running secure to
105 access secure memory. This means that the Hypervisor cannot access
110 * I/O systems are not allowed to directly address secure memory. This
[all …]
/openbmc/qemu/hw/intc/
H A Darmv7m_nvic.c62 /* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */
166 static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure) in nvic_gprio_mask() argument
168 return ~0U << (s->prigroup[secure] + 1); in nvic_gprio_mask()
173 /* Return true if this non-banked exception targets Secure state. */ in exc_targets_secure()
208 * secure state or not. in exc_group_prio()
240 * - secure exception takes precedence in nvic_recompute_state_secure()
301 * would be even worse, so we retain a separate non-secure-only in nvic_recompute_state()
394 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure) in armv7m_nvic_neg_prio_requested() argument
404 if (s->cpu->env.v7m.faultmask[secure]) { in armv7m_nvic_neg_prio_requested()
408 if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active : in armv7m_nvic_neg_prio_requested()
[all …]
/openbmc/u-boot/arch/arm/cpu/armv7/
H A Dexception_level.c3 * Switch to non-secure mode
8 * secure mode before booting an operating system.
14 #include <asm/secure.h>
18 * entry_non_secure() - entry point when switching to non-secure mode
20 * When switching to non-secure mode switch_to_non_secure_mode() calls this
29 debug("Reached non-secure mode\n"); in entry_non_secure()
36 * switch_to_non_secure_mode() - switch to non-secure mode
38 * Operating systems may expect to run in non-secure mode. Here we check if
39 * we are running in secure mode and switch to non-secure mode if necessary.
H A Dvirt-v7.c6 * Routines to transition ARMv7 processors from secure into non-secure state
7 * and from non-secure SVC into HYP mode
15 #include <asm/secure.h>
102 * according to the spec one should not tinker with it in secure state in armv7_init_nonsec()
103 * in SVC mode. Do not try to read it once in non-secure state, in armv7_init_nonsec()
119 * from non-secure state. The first 32 interrupts are private per in armv7_init_nonsec()
128 * Relocate secure section before any cpu runs in secure ram. in armv7_init_nonsec()
129 * smp_kick_all_cpus may enable other cores and runs into secure in armv7_init_nonsec()
130 * ram, so need to relocate secure section before enabling other in armv7_init_nonsec()
H A DKconfig13 bool "Enable support for booting in non-secure mode" if EXPERT
17 Say Y here to enable support for booting in non-secure / SVC mode.
20 bool "Boot in secure mode by default" if EXPERT
24 Say Y here to boot in secure mode by default even if non-secure mode
26 suppport booting in non-secure mode. Only set this if you need it.
35 Say Y here to boot in hypervisor (HYP) mode when booting non-secure.
/openbmc/u-boot/arch/arm/include/asm/arch-imx8/sci/svc/rm/
H A Dapi.h26 #define SC_RM_SPA_ASSERT 2U /* Assert (force to be secure/privileged) */
27 #define SC_RM_SPA_NEGATE 3U /* Negate (force to be non-secure/user) */
31 #define SC_RM_PERM_SEC_R 1U /* Secure RO */
32 #define SC_RM_PERM_SECPRIV_RW 2U /* Secure privilege R/W */
33 #define SC_RM_PERM_SEC_RW 3U /* Secure R/W */
34 #define SC_RM_PERM_NSPRIV_R 4U /* Secure R/W, non-secure privilege RO */
35 #define SC_RM_PERM_NS_R 5U /* Secure R/W, non-secure RO */
36 #define SC_RM_PERM_NSPRIV_RW 6U /* Secure R/W, non-secure privilege R/W */
/openbmc/u-boot/drivers/crypto/fsl/
H A DKconfig13 Enable Freescale Secure Boot and Trusted Architecture
18 Secure boot and trust architecture compatible version 2
23 Secure boot and trust architecture compatible version 4
28 Secure boot and trust architecture compatible version 5
33 Secure boot and trust architecture compatible version 6
36 bool "Big-endian access to Freescale Secure Boot"
39 int "Freescale Secure Boot compatibility"
47 bool "Little-endian access to Freescale Secure Boot"
/openbmc/linux/Documentation/devicetree/bindings/crypto/
H A Dinside-secure-safexcel.txt1 Inside Secure SafeXcel cryptographic engine
4 - compatible: Should be "inside-secure,safexcel-eip197b",
5 "inside-secure,safexcel-eip197d" or
6 "inside-secure,safexcel-eip97ies".
21 - "inside-secure,safexcel-eip197" is equivalent to
22 "inside-secure,safexcel-eip197b".
23 - "inside-secure,safexcel-eip97" is equivalent to
24 "inside-secure,safexcel-eip97ies".
29 compatible = "inside-secure,safexcel-eip197b";
/openbmc/linux/arch/powerpc/kvm/
H A Dbook3s_hv_uvmem.c3 * Secure pages management: Migration of pages between normal and secure
10 * A pseries guest can be run as secure guest on Ultravisor-enabled
13 * hypervisor (HV) and secure memory managed by Ultravisor (UV).
18 * Private ZONE_DEVICE memory equal to the amount of secure memory
19 * available in the platform for running secure guests is hotplugged.
20 * Whenever a page belonging to the guest becomes secure, a page from this
21 * private device memory is used to represent and track that secure page
36 * UV(secure) and vice versa. So the serialization points are around
40 * fault path as page-out can occur when HV faults on accessing secure
44 * by HV touching secure pages is very very low. If an when UV supports
[all …]
/openbmc/u-boot/arch/arm/cpu/armv8/
H A DKconfig55 menu "ARMv8 secure monitor firmware"
57 bool "Enable ARMv8 secure monitor firmware framework support"
61 This framework is aimed at making secure monitor firmware load
65 - Address of secure firmware.
66 - Address to hold the return address from secure firmware.
67 - Secure firmware FIT image related information.
69 - The target exception level that secure monitor firmware will
73 bool "Enable ARMv8 secure monitor firmware framework support for SPL"
80 bool "PSCI implementation in secure monitor firmware"
83 This config enables the ARMv8 PSCI implementation in secure monitor
[all …]
/openbmc/qemu/target/arm/tcg/
H A Dm_helper.c62 uint32_t arm_v7m_mrs_control(CPUARMState *env, uint32_t secure) in arm_v7m_mrs_control() argument
64 uint32_t value = env->v7m.control[secure]; in arm_v7m_mrs_control()
66 if (!secure) { in arm_v7m_mrs_control()
221 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_write() local
247 env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK; in v7m_stack_write()
251 env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; in v7m_stack_write()
254 exc_secure = secure; in v7m_stack_write()
309 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_read() local
326 env->v7m.cfsr[secure] |= R_V7M_CFSR_MUNSTKERR_MASK; in v7m_stack_read()
328 exc_secure = secure; in v7m_stack_read()
[all …]
/openbmc/bmcweb/redfish-core/schema/dmtf/csdl/
H A DSecureBoot_v1.xml37 …he `SecureBoot` schema contains UEFI Secure Boot information and represents properties for managin…
38 …<Annotation Term="OData.LongDescription" String="This resource contains UEFI Secure Boot informati…
47 …<Annotation Term="OData.Description" String="Secure Boot can be updated to enable or disable the s…
65 … <Annotation Term="OData.Description" String="This action resets the UEFI Secure Boot keys."/>
66Secure Boot key databases. The `ResetAllKeysToDefault` value shall reset all UEFI Secure Boot key…
69 …a.Description" String="The type of reset or delete to perform on the UEFI Secure Boot databases."/>
70 …arameter shall specify the type of reset or delete to perform on the UEFI Secure Boot databases."/>
82 …<Annotation Term="OData.Description" String="An indication of whether UEFI Secure Boot is enabled.…
83 …a.LongDescription" String="This property shall indicate whether the UEFI Secure Boot takes effect …
87 …<Annotation Term="OData.Description" String="The UEFI Secure Boot state during the current boot cy…
[all …]
/openbmc/u-boot/cmd/
H A Dotp_info.h33 { 0, 1, 0, "Disable Secure Boot" },
34 { 0, 1, 1, "Enable Secure Boot" },
152 { 0, 1, 0, "Disable Secure Boot" },
153 { 0, 1, 1, "Enable Secure Boot" },
283 { 0, 1, 1, 0, "Disable Secure Boot" },
284 { 0, 1, 1, 1, "Enable Secure Boot" },
287 { 0, 4, 1, 0, "Secure Region ECC disable" },
288 { 0, 4, 1, 1, "Secure Region ECC enable" },
291 { 0, 6, 1, 0, "Do not ignore Secure Boot hardware strap" },
292 { 0, 6, 1, 1, "Ignore Secure Boot hardware strap" },
[all …]
/openbmc/linux/arch/arm/common/
H A Dsecure_cntvoff.S5 * Initialization of CNTVOFF register from secure mode
15 * CNTVOFF has to be initialized either from non-secure Hypervisor
16 * mode or secure Monitor mode with SCR.NS==1. If TrustZone is enabled
17 * then it should be handled by the secure code. The CPU must implement
21 mrc p15, 0, r1, c1, c1, 0 /* Get Secure Config */
23 mcr p15, 0, r0, c1, c1, 0 /* Set Non Secure bit */
28 mcr p15, 0, r1, c1, c1, 0 /* Set Secure bit */
/openbmc/linux/Documentation/devicetree/bindings/mailbox/
H A Dti,secure-proxy.yaml4 $id: http://devicetree.org/schemas/mailbox/ti,secure-proxy.yaml#
7 title: Texas Instruments' Secure Proxy
13 The Texas Instruments' secure proxy is a mailbox controller that has
25 const: ti,am654-secure-proxy
30 Contains the secure proxy thread ID used for the specific transfer path.
48 secure proxy thread in the form 'rx_<PID>'.
54 Contains the interrupt information for the Rx interrupt path for secure
71 compatible = "ti,am654-secure-proxy";
/openbmc/u-boot/drivers/misc/
H A Dfsl_sec_mon.c27 * If initial state is check or Non-Secure, then set the Software in set_sec_mon_state_non_sec()
28 * Security Violation Bit and transition to Non-Secure State. in set_sec_mon_state_non_sec()
31 printf("SEC_MON state transitioning to Non Secure.\n"); in set_sec_mon_state_non_sec()
34 /* polling loop till SEC_MON is in Non Secure state */ in set_sec_mon_state_non_sec()
53 * If initial state is Trusted, Secure or Soft-Fail, then first set in set_sec_mon_state_non_sec()
83 * If SSM Soft Fail to Non-Secure State Transition in set_sec_mon_state_non_sec()
85 * transition to Non-Secure State. in set_sec_mon_state_non_sec()
89 printf("SEC_MON state transitioning to Non Secure.\n"); in set_sec_mon_state_non_sec()
92 /* polling loop till SEC_MON is in Non Secure*/ in set_sec_mon_state_non_sec()
111 printf("SEC_MON already in Non Secure state.\n"); in set_sec_mon_state_non_sec()
/openbmc/openbmc/meta-ibm/recipes-bsp/u-boot/u-boot-aspeed-sdk/p10bmc/
H A Dibm.json40 "Enable Secure Boot": false,
42 "Secure Region ECC enable": false,
44 "Ignore Secure Boot hardware strap": false,
45 "Secure Boot Mode": "Mode_2",
47 "Secure crypto RSA length": "RSA4096",
51 "Secure Region size": "0x0",
52 "Write Protect: Secure Region": true,
62 "Secure boot header offset": "0x0",
70 "Erase signature data after secure boot check": false,
71 "Erase RSA public key after secure boot check": false,
[all …]
/openbmc/openbmc/meta-arm/meta-arm/lib/oeqa/runtime/cases/
H A Duefi_secureboot.py11 Validate Secure Boot is Enabled
16 # Validate Secure Boot is enabled by checking
19 # identifier for the Secure Boot UEFI variable. By checking the value of
22 # whether Secure Boot is enabled or not. This variable is set by the
23 # UEFI firmware to indicate the current Secure Boot state. If the
24 # variable is set to a value of '0x1' (or '1'), it indicates that Secure
26 # it indicates that Secure Boot is disabled.

12345678910>>...69