| /openbmc/qemu/hw/intc/ |
| H A D | armv7m_nvic.c | 166 static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure) in nvic_gprio_mask() argument
168 return ~0U << (s->prigroup[secure] + 1); in nvic_gprio_mask()
394 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure) in armv7m_nvic_neg_prio_requested() argument
404 if (s->cpu->env.v7m.faultmask[secure]) { in armv7m_nvic_neg_prio_requested()
408 if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active : in armv7m_nvic_neg_prio_requested()
414 exc_targets_secure(s, ARMV7M_EXCP_NMI) == secure) { in armv7m_nvic_neg_prio_requested()
435 static void set_prio(NVICState *s, unsigned irq, bool secure, uint8_t prio) in set_prio() argument
442 if (secure) { in set_prio()
449 trace_nvic_set_prio(irq, secure, prio); in set_prio()
456 static int get_prio(NVICState *s, unsigned irq, bool secure) in get_prio() argument
[all …]
|
| H A D | arm_gicv3_dist.c | 68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in mask_group_and_nsacr()
210 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_read_ipriorityr()
232 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_write_ipriorityr()
252 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_read_irouter()
274 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_write_irouter()
383 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_readl()
450 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_readl()
529 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicd_readl()
555 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicd_readl()
624 if (attrs.secure) { in gicd_writel()
[all …]
|
| H A D | arm_gicv3_redist.c | 24 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in mask_group()
211 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_read_ipriorityr()
229 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_write_ipriorityr()
385 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_readl()
440 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicr_readl()
450 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicr_readl()
540 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_writel()
601 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicr_writel()
611 if ((cs->gic->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicr_writel()
755 size, attrs.secure); in gicv3_redist_read()
[all …]
|
| /openbmc/qemu/target/arm/tcg/ |
| H A D | m_helper.c | 61 uint32_t arm_v7m_mrs_control(CPUARMState *env, uint32_t secure) in arm_v7m_mrs_control() argument
63 uint32_t value = env->v7m.control[secure]; in arm_v7m_mrs_control()
65 if (!secure) { in arm_v7m_mrs_control()
220 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_write() local
246 env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK; in v7m_stack_write()
250 env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; in v7m_stack_write()
253 exc_secure = secure; in v7m_stack_write()
308 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_read() local
325 env->v7m.cfsr[secure] |= R_V7M_CFSR_MUNSTKERR_MASK; in v7m_stack_read()
327 exc_secure = secure; in v7m_stack_read()
[all …]
|
| /openbmc/qemu/include/hw/intc/ |
| H A D | armv7m_nvic.h | 99 void armv7m_nvic_set_pending(NVICState *s, int irq, bool secure);
112 void armv7m_nvic_set_pending_derived(NVICState *s, int irq, bool secure);
124 void armv7m_nvic_set_pending_lazyfp(NVICState *s, int irq, bool secure);
160 int armv7m_nvic_complete_irq(NVICState *s, int irq, bool secure);
174 bool armv7m_nvic_get_ready_status(NVICState *s, int irq, bool secure);
192 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure);
|
| /openbmc/u-boot/doc/ |
| H A D | README.ti-secure | 1 README on how boot images are created for secure TI devices
7 a secure device from TI, the initial public software image must be signed
11 from Texas Instruments. The tools used to generate boot images for secure
12 devices are part of a secure development package (SECDEV) that can be
17 The secure development package is access controlled due to NDA and export
31 warning is issued during the build to indicate that a final secure
38 This is called as part of the SPL/u-boot build process. As the secure
39 boot image formats and requirements differ between secure SOC from TI,
44 package for creating a bootable SPL image for secure TI devices.
65 <OUTPUT_FILE> is the full path and filename of the final secure
[all …]
|
| /openbmc/u-boot/arch/arm/cpu/armv7/ |
| H A D | Kconfig | 13 bool "Enable support for booting in non-secure mode" if EXPERT
17 Say Y here to enable support for booting in non-secure / SVC mode.
20 bool "Boot in secure mode by default" if EXPERT
24 Say Y here to boot in secure mode by default even if non-secure mode
26 suppport booting in non-secure mode. Only set this if you need it.
35 Say Y here to boot in hypervisor (HYP) mode when booting non-secure.
|
| /openbmc/u-boot/arch/arm/mach-omap2/ |
| H A D | utils.c | 56 const char *secure; in omap_set_fastboot_secure() local
61 secure = "EMU"; in omap_set_fastboot_secure()
64 secure = "HS"; in omap_set_fastboot_secure()
67 secure = "GP"; in omap_set_fastboot_secure()
70 secure = NULL; in omap_set_fastboot_secure()
74 env_set("fastboot.secure", secure); in omap_set_fastboot_secure()
|
| /openbmc/u-boot/arch/arm/cpu/ |
| H A D | u-boot.lds | 22 * If CONFIG_ARMV7_SECURE_BASE is true, secure code will not
26 * address for secure code.
28 * If CONFIG_ARMV7_SECURE_BASE is undefined, the secure zone will
30 * were used in secure code. The absolute addresses of the secure
70 /* Align the secure section only if we're going to use it in situ */
122 "Error: secure section exceeds secure memory size");
127 /* Reset VMA but don't allocate space if we have secure SRAM */
|
| /openbmc/u-boot/board/xilinx/zynqmp/ |
| H A D | Kconfig | 11 Enable ZynqMP specific commands like "zynqmp secure"
12 which is used for zynqmp secure image verification.
13 The secure image is a xilinx specific BOOT.BIN with
|
| /openbmc/openbmc/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools/core/ |
| H A D | 0008-adb-Allow-adbd-to-be-ran-as-root.patch | 17 int secure = 0;
21 /* run adbd in secure mode if ro.secure is set and
|
| /openbmc/u-boot/board/xilinx/zynq/ |
| H A D | Kconfig | 22 bool "Enable zynq rsa command for loading secure images"
27 Enabling this will support zynq secure image verification.
28 The secure image is a xilinx specific BOOT.BIN with
|
| /openbmc/u-boot/doc/device-tree-bindings/mailbox/ |
| H A D | k3-secure-proxy.txt | 12 - compatible: Shall be: "ti,am654-secure-proxy"
14 scfg - Map the secure configuration region
23 compatible = "ti,am654-secure-proxy";
|
| /openbmc/qemu/docs/system/devices/ |
| H A D | canokey.rst | 6 CanoKey [1]_ is an open-source secure key with supports of
28 the guest OS can use all the functionalities of a secure key as if
34 inspect what happens inside a secure key
41 * For developers on software with secure key support (e.g. FIDO2, OpenPGP),
42 they can see what happens inside the secure key
43 * For secure key developers, USB packets between guest OS and CanoKey
47 on code coping with secure key.
110 of a secure key while the latter provides platform-dependent functions:
113 If you want to trace what happens inside the secure key, when compiling
|
| /openbmc/u-boot/arch/arm/cpu/armv8/ |
| H A D | Kconfig | 55 menu "ARMv8 secure monitor firmware"
57 bool "Enable ARMv8 secure monitor firmware framework support"
61 This framework is aimed at making secure monitor firmware load
65 - Address of secure firmware.
66 - Address to hold the return address from secure firmware.
69 - The target exception level that secure monitor firmware will
73 bool "Enable ARMv8 secure monitor firmware framework support for SPL"
80 bool "PSCI implementation in secure monitor firmware"
83 This config enables the ARMv8 PSCI implementation in secure monitor
88 bool "ARMv8 secure monitor firmware ERET address byteorder swap"
[all …]
|
| /openbmc/qemu/roms/ |
| H A D | edk2-build.config | 49 [build.ovmf.i386.secure]
50 desc = ovmf build (32-bit, secure boot)
57 cpy1 = FV/OVMF_CODE.fd edk2-i386-secure-code.fd
71 [build.ovmf.x86_64.secure]
72 desc = ovmf build (64-bit, secure boot)
79 cpy1 = FV/OVMF_CODE.fd edk2-x86_64-secure-code.fd
|
| /openbmc/openbmc/meta-arm/meta-arm/recipes-security/trusted-services/files/ |
| H A D | 0001-Allow-configuring-flash-image-files-compile-time.patch | 28 +#define FILE_BLK_FILE_NAME "secure-flash.img"
38 - file_block_store_factory_set_filename("secure-flash.img");
55 +set(FILE_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.")
67 +#define SEMIHOSTING_BLK_FILE_NAME "secure-flash.img"
77 - "secure-flash.img",
94 +set(SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image fil…
|
| /openbmc/openbmc/meta-arm/meta-arm/recipes-security/trusted-services/ |
| H A D | ts-sp-fwu_git.bb | 26 # Deploy the secure flash image.
28 cp -v ${S}/components/media/disk/disk_images/multi_location_fw.img ${DEPLOYDIR}/secure-flash.img
32 …ING_BLK_FILE_NAME:STRING=${@oe.path.relative('${TMPDIR}', '${DEPLOY_DIR_IMAGE}')}/secure-flash.img"
|
| /openbmc/qemu/pc-bios/descriptors/ |
| H A D | meson.build | 3 '50-edk2-i386-secure.json',
4 '50-edk2-x86_64-secure.json',
|
| /openbmc/qemu/hw/arm/ |
| H A D | xlnx-zcu102.c | 35 bool secure; member
51 return s->secure; in OBJECT_DECLARE_SIMPLE_TYPE()
58 s->secure = value; in zcu102_set_secure()
85 if (!s->secure) { in zcu102_modify_dtb()
154 object_property_set_bool(OBJECT(&s->soc), "secure", s->secure, in xlnx_zcu102_init()
256 s->secure = false; in xlnx_zcu102_machine_instance_init()
|
| H A D | vexpress.c | 184 bool secure; member
213 qemu_irq *pic, bool secure, bool virt) in init_cpus() argument
224 if (!secure) { in init_cpus()
299 vms->secure, vms->virt); in a9_daughterboard_init()
383 0x2c000000, pic, vms->secure, vms->virt); in a15_daughterboard_init()
721 daughterboard->bootinfo.secure_boot = vms->secure; in vexpress_common_init()
729 return vms->secure; in vexpress_get_secure()
736 vms->secure = value; in vexpress_set_secure()
758 vms->secure = true; in vexpress_instance_init()
|
| /openbmc/openbmc/meta-arm/meta-arm-bsp/documentation/corstone1000/ |
| H A D | software-architecture.rst | 36 framework to build secure IoT devices.
51 secure flash. Software running on the Secure Enclave is isolated via
62 the TrustZone technology that allows secure and non-secure security
69 (`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and
70 linux (`linux repo`_) in the non-secure world. The communication between
71 non-secure and the secure world is performed via FF-A messages.
152 secure and non-secure software.
175 by the secure enclave's BL2 (MCUBoot) before starting TF-A.
194 For UEFI Secure Boot, authenticated variables can be accessed from the secure flash.
202 Corstone-1000 is unique in providing a secure environment to run a secure
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-networking/recipes-kernel/wireguard/ |
| H A D | wireguard.inc | 2 DESCRIPTION = "WireGuard is a secure network tunnel, operating at layer 3, \
5 TLS-based solutions like OpenVPN, while being more secure, more performant, \
|
| /openbmc/u-boot/board/freescale/ls1043ardb/ |
| H A D | Kconfig | 17 bool "Enable secure address for PSCI image"
21 PSCI image can be re-located to secure RAM.
|
| /openbmc/openbmc/poky/documentation/dev-manual/ |
| H A D | securing-images.rst | 25 it comes to making an image secure. Consequently, this section provides
27 your image more secure.
40 There are general considerations that help you create more secure images.
42 more secure:
82 - Enable hardware support for secure boot functionality when your
89 your build output more secure. The security flags are in the
108 system to make your images more secure:
153 The Yocto Project provides tools for making your image more secure. You
|