Home
last modified time | relevance | path

Searched +full:secure +full:- +full:only (Results 1 – 25 of 1008) sorted by relevance

12345678910>>...41

/openbmc/linux/Documentation/devicetree/bindings/arm/
H A Dsecure.txt1 * ARM Secure world bindings
4 "Normal" and "Secure". Most devicetree consumers (including the Linux
6 world or the Secure world. However some devicetree consumers are
8 visible only in the Secure address space, only in the Normal address
10 virtual machine which boots Secure firmware and wants to tell the
13 The general principle of the naming scheme for Secure world bindings
14 is that any property that needs a different value in the Secure world
15 can be supported by prefixing the property name with "secure-". So for
16 instance "secure-foo" would override "foo". For property names with
17 a vendor prefix, the Secure variant of "vendor,foo" would be
[all …]
/openbmc/u-boot/doc/
H A DREADME.ti-secure1 README on how boot images are created for secure TI devices
4 Secure TI devices require a boot image that is authenticated by ROM
7 a secure device from TI, the initial public software image must be signed
11 from Texas Instruments. The tools used to generate boot images for secure
12 devices are part of a secure development package (SECDEV) that can be
17 The secure development package is access controlled due to NDA and export
22 Booting of U-Boot SPL
25 When CONFIG_TI_SECURE_DEVICE is set, the U-Boot SPL build process
31 warning is issued during the build to indicate that a final secure
36 ${TI_SECURE_DEV_PKG}/scripts/create-boot-image.sh
[all …]
/openbmc/linux/Documentation/powerpc/
H A Dultravisor.rst1 .. SPDX-License-Identifier: GPL-2.0
15 POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips
16 (PVR=0x004e1203) or greater will be PEF-capable. A new ISA release
25 +------------------+
29 +------------------+
31 +------------------+
33 +------------------+
35 +------------------+
38 VMs in the system. SVMs are protected while at rest and can only be
56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process
[all …]
/openbmc/qemu/hw/intc/
H A Darmv7m_nvic.c4 * Copyright (c) 2006-2007 CodeSourcery.
20 #include "hw/qdev-properties.h"
24 #include "target/arm/cpu-features.h"
25 #include "exec/exec-all.h"
33 * the num-irq property counts the number of external IRQ lines
44 * for (i = 1; i < s->num_irq; i++) to avoid the unused slot 0.
56 #define NVIC_MAX_IRQ (NVIC_MAX_VECTORS - NVIC_FIRST_IRQ)
62 /* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */
71 if (qemu_irq_is_connected(s->sysresetreq)) { in signal_sysresetreq()
72 qemu_irq_pulse(s->sysresetreq); in signal_sysresetreq()
[all …]
H A Darm_gicv3_dist.c19 * Secure interrupts:
20 * 0b00: no access (NS accesses to bits for Secure interrupts will RAZ/WI)
26 * Given a (multiple-of-32) interrupt number, these mask functions return
37 uint64_t raw_nsacr = s->gicd_nsacr[irq / 16 + 1]; in mask_nsacr_ge1()
39 raw_nsacr = raw_nsacr << 32 | s->gicd_nsacr[irq / 16]; in mask_nsacr_ge1()
47 uint64_t raw_nsacr = s->gicd_nsacr[irq / 16 + 1]; in mask_nsacr_ge2()
49 raw_nsacr = raw_nsacr << 32 | s->gicd_nsacr[irq / 16]; in mask_nsacr_ge2()
62 /* Return a 32-bit mask which should be applied for this set of 32 in mask_group_and_nsacr()
64 * combination of attrs.secure, GICD_GROUPR and GICD_NSACR. in mask_group_and_nsacr()
68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in mask_group_and_nsacr()
[all …]
/openbmc/qemu/include/hw/intc/
H A Darmv7m_nvic.h13 #include "target/arm/cpu-qom.h"
27 /* Exception priorities can range from -3 to 255; only the unmodifiable
47 * a Secure and a NonSecure version of the exception and its state):
50 * they may be configurable to target either Secure or NonSecure state.
51 * We store the secure exception state in sec_vectors[] for the banked
52 * exceptions, and otherwise use only vectors[] (including for exceptions
53 * like SecureFault that unconditionally target Secure state).
54 * Entries in sec_vectors[] for non-banked exception numbers are unused.
66 * - vectpending
67 * - vectpending_is_secure
[all …]
/openbmc/linux/arch/s390/include/uapi/asm/
H A Dpkey.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
83 /* Struct to hold a CCA AES secure key blob */
85 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
115 * Generate CCA AES secure key.
121 struct pkey_seckey seckey; /* out: the secure key blob */
126 * Construct CCA AES secure key from clear key value
133 struct pkey_seckey seckey; /* out: the secure key blob */
138 * Fabricate AES protected key from a CCA AES secure key
143 struct pkey_seckey seckey; /* in: the secure key blob */
[all …]
/openbmc/linux/Documentation/devicetree/bindings/nvmem/
H A Dst,stm32-romem.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/st,stm32-romem.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: STMicroelectronics STM32 Factory-programmed data
10 This represents STM32 Factory-programmed read only non-volatile area: locked
11 flash, OTP, read-only HW regs... This contains various information such as:
16 - Fabrice Gasnier <fabrice.gasnier@foss.st.com>
19 - $ref: nvmem.yaml#
24 - st,stm32f4-otp
[all …]
/openbmc/u-boot/arch/arm/cpu/armv8/
H A DKconfig8 The default exception vector table is only used for the crash
15 bool "Enable multiple CPUs to enter into U-Boot"
21 CPUECTLR_EL1.SMPEN bit before U-Boot.
36 bool "Support spin-table enable method"
39 Say Y here to support "spin-table" enable method for booting Linux.
42 - Specify enable-method = "spin-table" in each CPU node in the
44 - Bring secondary CPUs into U-Boot proper in a board specific
49 U-Boot automatically does:
50 - Set "cpu-release-addr" property of each CPU node
52 - Reserve the code for the spin-table and the release address
[all …]
H A Dexception_level.c1 // SPDX-License-Identifier: GPL-2.0+
3 * Switch to non-secure mode
16 * entry_non_secure() - entry point when switching to non-secure mode
18 * When switching to non-secure mode switch_to_non_secure_mode() calls this
27 debug("Reached non-secure mode\n"); in entry_non_secure()
34 * switch_to_non_secure_mode() - switch to non-secure mode
36 * Exception level EL3 is meant to be used by the secure monitor only (ARM
/openbmc/u-boot/arch/arm/cpu/
H A Du-boot.lds1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * Copyright (c) 2004-2008 Texas Instruments
12 OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
22 * If CONFIG_ARMV7_SECURE_BASE is true, secure code will not
23 * bundle with u-boot, and code offsets are fixed. Secure zone
24 * only needs to be copied from the loading address to
26 * address for secure code.
28 * If CONFIG_ARMV7_SECURE_BASE is undefined, the secure zone will
29 * be included in u-boot address space, and some absolute address
30 * were used in secure code. The absolute addresses of the secure
[all …]
/openbmc/qemu/target/arm/tcg/
H A Dm_helper.c6 * SPDX-License-Identifier: GPL-2.0-or-later
12 #include "cpu-features.h"
14 #include "exec/helper-proto.h"
15 #include "qemu/main-loop.h"
18 #include "exec/exec-all.h"
19 #include "exec/page-protection.h"
22 #include "semihosting/common-semi.h"
31 /* Only APSR is actually writable */ in v7m_msr_xpsr()
62 uint32_t arm_v7m_mrs_control(CPUARMState *env, uint32_t secure) in arm_v7m_mrs_control() argument
64 uint32_t value = env->v7m.control[secure]; in arm_v7m_mrs_control()
[all …]
/openbmc/linux/arch/arm/mach-omap2/
H A Domap-secure.c1 // SPDX-License-Identifier: GPL-2.0-only
3 * OMAP Secure API infrastructure.
11 #include <linux/arm-smccc.h>
23 #include "omap-secure.h"
39 * We only check that the OP-TEE node is present and available. The in omap_optee_init_check()
40 * OP-TEE kernel driver is not needed for the type of interaction made in omap_optee_init_check()
41 * with OP-TEE here so the driver's status is not checked. in omap_optee_init_check()
50 * omap_sec_dispatcher: Routine to dispatch low power secure
55 * @arg1, arg2, arg3 args4: Parameters passed to secure API
57 * Return the non-zero error value on failure.
[all …]
H A Domap-secure.h1 /* SPDX-License-Identifier: GPL-2.0-only */
3 * omap-secure.h: OMAP Secure infrastructure header.
23 /* Secure HAL API flags */
30 /* Maximum Secure memory storage size */
35 /* Secure low power HAL API index */
41 /* Secure Monitor mode APIs */
52 /* Secure PPA(Primary Protected Application) APIs */
60 /* Secure RX-51 PPA (Primary Protected Application) APIs */
/openbmc/linux/drivers/s390/crypto/
H A Dzcrypt_ccamisc.h1 /* SPDX-License-Identifier: GPL-2.0+ */
17 #define TOKTYPE_NON_CCA 0x00 /* Non-CCA key token */
41 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
81 /* AES-128 512 640 */
82 /* AES-192 576 640 */
83 /* AES-256 640 640 */
97 /* inside view of an CCA secure ECC private key */
107 u8 htype; /* hash method, 0x02 for SHA-256 */
133 * Simple check if the token is a valid CCA secure AES data key
141 * Simple check if the token is a valid CCA secure AES cipher key
[all …]
/openbmc/linux/arch/arm/mach-bcm/
H A Dbcm_kona_smc.c1 // SPDX-License-Identifier: GPL-2.0-only
25 {.compatible = "brcm,kona-smc"},
26 {.compatible = "bcm,kona-smc"}, /* deprecated name */
40 return -ENODEV; in bcm_kona_smc_init()
45 return -EINVAL; in bcm_kona_smc_init()
49 return -ENOMEM; in bcm_kona_smc_init()
52 pr_info("Kona Secure API initialized\n"); in bcm_kona_smc_init()
60 * Only core 0 can run the secure monitor code. If an "smc" request
67 * cache and interrupt handling while the secure monitor executes.
69 * Parameters to the "smc" request are passed in r4-r6 as follows:
[all …]
/openbmc/linux/include/uapi/linux/
H A Dnfc.h33 * enum nfc_commands - supported nfc commands
62 * a device. LTO must be set before the link is up otherwise -EINPROGRESS
65 * If one of the passed parameters is wrong none is set and -EINVAL is
67 * @NFC_CMD_ENABLE_SE: Enable the physical link to a specific secure element.
68 * Once enabled a secure element will handle card emulation mode, i.e.
69 * starting a poll from a device which has a secure element enabled means
71 * @NFC_CMD_DISABLE_SE: Disable the physical link to a specific secure element.
74 * @NFC_EVENT_SE_ADDED: Event emitted when a new secure element is discovered.
77 * @NFC_EVENT_SE_REMOVED: Event emitted when a secure element is removed from
79 * @NFC_EVENT_SE_CONNECTIVITY: This event is emitted whenever a secure element
[all …]
/openbmc/openbmc/meta-arm/meta-arm-bsp/documentation/corstone1000/
H A Dsoftware-architecture.rst2 # Copyright (c) 2022-2024, Arm Limited.
4 # SPDX-License-Identifier: MIT
12 Arm Corstone-1000
15 Arm Corstone-1000 is a reference solution for IoT devices. It is part of
19 Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
21 More information on the Corstone-1000 subsystem product and design can be
23 `Arm Corstone-1000 Software`_ and `Arm Corstone-1000 Technical Overview`_.
28 present in the user-guide document.
34 The software architecture of Corstone-1000 platform is a reference
36 framework to build secure IoT devices.
[all …]
/openbmc/linux/drivers/tee/optee/
H A Doptee_rpc_cmd.h1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright (c) 2016-2021, Linaro Limited
12 * Only the commands handled by the kernel driver are defined here.
14 * RPC communication with tee-supplicant is reversed compared to normal
23 * 1970-01-01 00:00:00 +0000 (UTC).
31 * Notification from/to secure world.
33 * If secure world needs to wait for something, for instance a mutex, it
34 * does a notification wait request instead of spinning in secure world.
35 * Conversely can a synchronous notification can be sent when a secure
39 * which instead is sent via a non-secure interrupt.
[all …]
H A Doptee_smc.h1 /* SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) */
3 * Copyright (c) 2015-2021, Linaro Limited
8 #include <linux/arm-smccc.h>
28 * Normal cached memory (write-back), shareable for SMP systems and not
36 * 32-bit registers.
44 * 384fb3e0-e7f8-11e3-af63-0002a5d5c51b.
75 * Used by non-secure world to figure out which Trusted OS is installed.
78 * Returns UUID in a0-4 in the same way as OPTEE_SMC_CALLS_UID
88 * Used by non-secure world to figure out which version of the Trusted OS
92 * Returns revision in a0-1 in the same way as OPTEE_SMC_CALLS_REVISION
[all …]
/openbmc/u-boot/arch/arm/cpu/armv7/
H A DKconfig13 bool "Enable support for booting in non-secure mode" if EXPERT
16 ---help---
17 Say Y here to enable support for booting in non-secure / SVC mode.
20 bool "Boot in secure mode by default" if EXPERT
23 ---help---
24 Say Y here to boot in secure mode by default even if non-secure mode
26 suppport booting in non-secure mode. Only set this if you need it.
27 This can be overridden at run-time by setting the bootm_boot_mode env.
34 ---help---
35 Say Y here to boot in hypervisor (HYP) mode when booting non-secure.
[all …]
/openbmc/linux/Documentation/ABI/testing/
H A Dsysfs-secvar5 secureboot, thereby secure variables. It exposes interface
6 for reading/writing the secure variables
11 Description: This directory lists all the secure variables that are supported
22 and is expected to be "ibm,edk2-compat-v1".
26 has the form "ibm,plpks-sb-v<version>", or
27 "ibm,plpks-sb-unknown" if there is no SB_VERSION variable.
32 Description: Each secure variable is represented as a directory named as
46 Description: A read-only file containing the value of the variable. The size
52 Description: A write-only file that is used to submit the new value for the
59 Description: This optional directory contains read-only config attributes as
[all …]
/openbmc/linux/Documentation/devicetree/bindings/mailbox/
H A Dti,secure-proxy.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/mailbox/ti,secure-proxy.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: Texas Instruments' Secure Proxy
10 - Nishanth Menon <nm@ti.com>
13 The Texas Instruments' secure proxy is a mailbox controller that has
16 called "threads" or "proxies" - each instance is unidirectional and is
22 pattern: "^mailbox@[0-9a-f]+$"
25 const: ti,am654-secure-proxy
[all …]
/openbmc/u-boot/drivers/tee/optee/
H A Doptee_smc.h1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright (c) 2015-2018, Linaro Limited
9 #include <linux/arm-smccc.h>
14 * https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/include/sm/optee_smc.h
35 * Normal cached memory (write-back), shareable for SMP systems and not
43 * 32-bit registers.
51 * 65cb6b93-af0c-4617-8ed6-644a8d1140f8
82 * Used by non-secure world to figure out which Trusted OS is installed.
85 * Returns UUID in a0-4 in the same way as OPTEE_SMC_CALLS_UID
95 * Used by non-secure world to figure out which version of the Trusted OS
[all …]
/openbmc/linux/Documentation/virt/kvm/s390/
H A Ds390-pv.rst1 .. SPDX-License-Identifier: GPL-2.0
8 -------
15 Each guest starts in non-protected mode and then may make a request to
20 The Ultravisor will secure and decrypt the guest's boot memory
33 -------------------
46 safeguarding; they can only be injected for instructions that have
54 -------------------------------
64 ---------------------
70 The control structures associated with SIE provide the Secure
72 Secure Interception General Register Save Area. Guest GRs and most of
[all …]

12345678910>>...41