/openbmc/linux/Documentation/devicetree/bindings/crypto/ |
H A D | inside-secure-safexcel.txt | 1 Inside Secure SafeXcel cryptographic engine 4 - compatible: Should be "inside-secure,safexcel-eip197b", 5 "inside-secure,safexcel-eip197d" or 6 "inside-secure,safexcel-eip97ies". 7 - reg: Base physical address of the engine and length of memory mapped region. 8 - interrupts: Interrupt numbers for the rings and engine. 9 - interrupt-names: Should be "ring0", "ring1", "ring2", "ring3", "eip", "mem". 12 - clocks: Reference to the crypto engine clocks, the second clock is 14 - clock-names: mandatory if there is a second clock, in this case the 21 - "inside-secure,safexcel-eip197" is equivalent to [all …]
|
/openbmc/linux/drivers/nfc/microread/ |
H A D | Kconfig | 1 # SPDX-License-Identifier: GPL-2.0-only 6 This module contains the main code for Inside Secure microread 11 tristate "Inside Secure Microread device support (I2C)" 16 Inside microread chipsets. Select this if your platform is using 23 tristate "Inside Secure Microread device support (MEI)" 28 Inside microread chipsets. Select this if your microread chipset
|
H A D | mei.c | 1 // SPDX-License-Identifier: GPL-2.0 5 * HCI based Driver for Inside Secure microread NFC Chip 28 return -ENOMEM; in microread_mei_probe() 32 &phy->hdev); in microread_mei_probe() 46 microread_remove(phy->hdev); in microread_mei_remove()
|
/openbmc/linux/Documentation/devicetree/bindings/rng/ |
H A D | omap_rng.yaml | 1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 3 --- 5 $schema: http://devicetree.org/meta-schemas/core.yaml# 7 title: OMAP SoC and Inside-Secure HWRNG Module 10 - Jayesh Choudhary <j-choudhary@ti.com> 15 - ti,omap2-rng 16 - ti,omap4-rng 17 - inside-secure,safexcel-eip76 33 - description: EIP150 gateable clock 34 - description: Main gateable clock [all …]
|
/openbmc/qemu/docs/system/devices/ |
H A D | canokey.rst | 4 ------------ 6 CanoKey [1]_ is an open-source secure key with supports of 8 * U2F / FIDO2 with Ed25519 and HMAC-secret 10 * PIV (NIST SP 800-73-4) 14 All these platform-independent features are in canokey-core [3]_. 21 * (virt-card) CanoKey USB/IP 22 * (virt-card) CanoKey FunctionFS 24 In QEMU, yet another CanoKey virt-card is implemented. 28 the guest OS can use all the functionalities of a secure key as if 33 * libcanokey-qemu supports debugging output thus developers can [all …]
|
/openbmc/linux/drivers/s390/crypto/ |
H A D | zcrypt_ccamisc.h | 1 /* SPDX-License-Identifier: GPL-2.0+ */ 17 #define TOKTYPE_NON_CCA 0x00 /* Non-CCA key token */ 41 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */ 57 /* inside view of a variable length symmetric cipher AES key token */ 81 /* AES-128 512 640 */ 82 /* AES-192 576 640 */ 83 /* AES-256 640 640 */ 97 /* inside view of an CCA secure ECC private key */ 107 u8 htype; /* hash method, 0x02 for SHA-256 */ 133 * Simple check if the token is a valid CCA secure AES data key [all …]
|
H A D | zcrypt_ep11misc.h | 1 /* SPDX-License-Identifier: GPL-2.0+ */ 29 /* inside view of an EP11 secure key blob */ 50 return (kb->version == EP11_STRUCT_MAGIC); in is_ep11_keyblob() 115 * Generate (random) EP11 AES secure key. 121 * Generate EP11 AES secure key with given clear key value. 129 * - apqn is online and is in fact an EP11 apqn 130 * - if cardnr is not FFFF only apqns with this cardnr 131 * - if domain is not FFFF only apqns with this domainnr 132 * - if minhwtype > 0 only apqns with hwtype >= minhwtype 133 * - if minapi > 0 only apqns with API_ord_nr >= minapi [all …]
|
/openbmc/linux/Documentation/devicetree/bindings/arm/tegra/ |
H A D | nvidia,tegra194-cbb.yaml | 1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 3 --- 4 $id: http://devicetree.org/schemas/arm/tegra/nvidia,tegra194-cbb.yaml# 5 $schema: http://devicetree.org/meta-schemas/core.yaml# 10 - Sumit Gupta <sumitg@nvidia.com> 15 multiple hierarchical sub-NOCs (Network-on-Chip) and connects various 19 by the NOCs inside the CBB. NOCs reporting errors are cluster NOCs 20 "AON-NOC, SCE-NOC, RCE-NOC, BPMP-NOC, CV-NOC" and "CBB Central NOC" 28 - For CCPLEX (CPU Complex) initiator, the driver sets ERD bit. So, the 31 - For other initiators, the ERD is disabled. So, the access issuing [all …]
|
/openbmc/linux/drivers/crypto/inside-secure/ |
H A D | safexcel.c | 1 // SPDX-License-Identifier: GPL-2.0 5 * Antoine Tenart <antoine.tenart@free-electrons.com> 10 #include <linux/dma-mapping.h> 45 writel(0, priv->base + EIP197_FLUE_IFC_LUT(i)); in eip197_trc_cache_setupvirt() 51 for (i = 0; i < priv->config.rings; i++) { in eip197_trc_cache_setupvirt() 52 writel(0, priv->base + EIP197_FLUE_CACHEBASE_LO(i)); in eip197_trc_cache_setupvirt() 53 writel(0, priv->base + EIP197_FLUE_CACHEBASE_HI(i)); in eip197_trc_cache_setupvirt() 55 priv->base + EIP197_FLUE_CONFIG(i)); in eip197_trc_cache_setupvirt() 57 writel(0, priv->base + EIP197_FLUE_OFFSETS); in eip197_trc_cache_setupvirt() 58 writel(0, priv->base + EIP197_FLUE_ARC4_OFFSET); in eip197_trc_cache_setupvirt() [all …]
|
/openbmc/qemu/docs/system/ppc/ |
H A D | pseries.rst | 5 The Power machine para-virtualized environment described by the Linux on Power 18 - POWER7, POWER7+ 19 - POWER8, POWER8NVL 20 - POWER9 21 - Power10 22 - Power11 23 - Support for POWER5+ also exists, works with correct kernel/userspace 25 - XICS (POWER8) 26 - XIVE (Supported by below:) 27 - POWER9 [all …]
|
/openbmc/openbmc/poky/meta/classes-recipe/ |
H A D | uki.bbclass | 4 # to be loaded with UEFI firmware and systemd-boot on target HW. 5 # TPM PCR pre-calculation is not supported since systemd-measure tooling 10 # https://uapi-group.org/specifications/specs/unified_kernel_image/ 14 # - UEFI stub 15 # The linux kernel can generate a UEFI stub, however the one from systemd-boot can fetch 18 # - kernel 19 # - initramfs 20 # - kernel command line 21 # - uname -r kernel version 22 # - /etc/os-release to create a boot menu with version details [all …]
|
/openbmc/linux/arch/x86/kvm/ |
H A D | Kconfig | 1 # SPDX-License-Identifier: GPL-2.0 14 operating systems inside virtual machines (guests). 22 tristate "Kernel-based Virtual Machine (KVM) support" 67 bool "Compile KVM with -Werror" 76 Add -Werror to the build flags for KVM. 88 will be called kvm-intel. 106 Provides support for KVM on AMD processors equipped with the AMD-V 110 will be called kvm-amd. 114 bool "AMD Secure Encrypted Virtualization (SEV) support" 119 with Encrypted State (SEV-ES) on AMD processors. [all …]
|
/openbmc/phosphor-dbus-interfaces/yaml/com/ibm/Dump/Entry/ |
H A D | SBE.interface.yaml | 4 Self Boot Engine(SBE) is a microcontroller that sits inside the processor to 5 initialize it to start the booting and also acts as a secure channel for 16 - name: ErrorLogId 21 The value should be a 32-bit unsigned integer. 23 - name: FailingUnitId 28 value should be a 32-bit unsigned integer.
|
/openbmc/qemu/docs/system/i386/ |
H A D | amd-memory-encryption.rst | 1 AMD Secure Encrypted Virtualization (SEV) 4 Secure Encrypted Virtualization (SEV) is a feature found on AMD processors. 6 SEV is an extension to the AMD-V architecture which supports running encrypted 15 AMD secure processor (AMD-SP), which is present in AMD SOCs. Firmware running 16 inside the AMD-SP provides commands to support a common VM lifecycle. This 21 Secure Encrypted Virtualization - Encrypted State (SEV-ES) builds on the SEV 28 Launching (SEV and SEV-ES) 29 -------------------------- 38 For a SEV-ES guest, the ``LAUNCH_UPDATE_VMSA`` command is also used to encrypt the 43 its public Diffie-Hellman key (PDH) and session parameters. These inputs [all …]
|
/openbmc/linux/drivers/crypto/ |
H A D | Kconfig | 1 # SPDX-License-Identifier: GPL-2.0-only 39 called padlock-aes. 53 called padlock-sha. 61 Say 'Y' here to use the AMD Geode LX processor on-board AES 65 will be called geode-aes. 106 Please note that creation of protected keys from secure keys 131 and uses triple-DES to generate secure random numbers like the 132 ANSI X9.17 standard. User-space programs access the 133 pseudo-random-number device through the char device /dev/prandom. 149 sub-units. One set provides the Modular Arithmetic Unit, [all …]
|
H A D | Makefile | 1 # SPDX-License-Identifier: GPL-2.0 2 obj-$(CONFIG_CRYPTO_DEV_ALLWINNER) += allwinner/ 3 obj-$(CONFIG_CRYPTO_DEV_ASPEED) += aspeed/ 4 obj-$(CONFIG_CRYPTO_DEV_ATMEL_AES) += atmel-aes.o 5 obj-$(CONFIG_CRYPTO_DEV_ATMEL_SHA) += atmel-sha.o 6 obj-$(CONFIG_CRYPTO_DEV_ATMEL_TDES) += atmel-tdes.o 7 # __init ordering requires atmel-i2c being before atmel-ecc and atmel-sha204a. 8 obj-$(CONFIG_CRYPTO_DEV_ATMEL_I2C) += atmel-i2c.o 9 obj-$(CONFIG_CRYPTO_DEV_ATMEL_ECC) += atmel-ecc.o 10 obj-$(CONFIG_CRYPTO_DEV_ATMEL_SHA204A) += atmel-sha204a.o [all …]
|
/openbmc/linux/Documentation/arch/arm/ |
H A D | tcm.rst | 2 ARM TCM (Tightly-Coupled Memory) handling in Linux 7 Some ARM SoCs have a so-called TCM (Tightly-Coupled Memory). 8 This is usually just a few (4-64) KiB of RAM inside the ARM 11 Due to being embedded inside the CPU, the TCM has a 12 Harvard-architecture, so there is an ITCM (instruction TCM) 24 determine if ITCM (bits 1-0) and/or DTCM (bit 17-16) is present 47 be able to lock and hide one of the banks for use by the secure 52 - FIQ and other interrupt handlers that need deterministic 55 - Idle loops where all external RAM is set to self-refresh 56 retention mode, so only on-chip RAM is accessible by [all …]
|
/openbmc/linux/Documentation/devicetree/bindings/mfd/ |
H A D | nxp,bbnsm.yaml | 1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 3 --- 5 $schema: http://devicetree.org/meta-schemas/core.yaml# 7 title: NXP Battery-Backed Non-Secure Module 10 - Jacky Bai <ping.bai@nxp.com> 13 NXP BBNSM serves as non-volatile logic and storage for the system. 17 significant 32 bits of the real-time counter match the value in the 19 The ON/OFF logic inside the BBNSM allows for connecting directly to 26 - enum: 27 - nxp,imx93-bbnsm [all …]
|
/openbmc/linux/arch/s390/include/uapi/asm/ |
H A D | pkey.h | 1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */ 83 /* Struct to hold a CCA AES secure key blob */ 85 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */ 115 * Generate CCA AES secure key. 121 struct pkey_seckey seckey; /* out: the secure key blob */ 126 * Construct CCA AES secure key from clear key value 133 struct pkey_seckey seckey; /* out: the secure key blob */ 138 * Fabricate AES protected key from a CCA AES secure key 143 struct pkey_seckey seckey; /* in: the secure key blob */ [all …]
|
/openbmc/linux/arch/nios2/include/asm/ |
H A D | thread_info.h | 2 * NiosII low-level thread information 31 * - this struct should fit entirely inside of one cache line 32 * - this struct shares the supervisor stack pages 33 * - if the contents of this structure are changed, the assembly constants 62 return (struct thread_info *)(sp & ~(THREAD_SIZE - 1)); in current_thread_info() 68 * - these are process state flags that various assembly files may need to 70 * - pending work-to-be-done flags are in LSW 71 * - other flags in MSW 78 #define TIF_SECCOMP 5 /* secure computing */
|
/openbmc/u-boot/doc/imx/habv4/ |
H A D | introduction_habv4.txt | 2 + i.MX Secure and Encrypted Boot using HABv4 + 6 ---------------- 9 (HAB) feature in the on-chip ROM. The ROM is responsible for loading the 10 initial program image (U-Boot) from the boot media and HAB enables the ROM 17 Step-by-step guides are available under doc/imx/habv4/guides/ directory, 21 1.1 The HABv4 Secure Boot Architecture 22 --------------------------------------- 24 The HABv4 secure boot feature uses digital signatures to prevent unauthorized 36 The diagram below illustrate the secure boot process overview: 39 +----------+ +----------+ [all …]
|
/openbmc/linux/Documentation/arch/x86/ |
H A D | amd-memory-encryption.rst | 1 .. SPDX-License-Identifier: GPL-2.0 7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are 19 memory. Private memory is encrypted with the guest-specific key, while shared 37 as private. All the DMA operations inside the guest must be performed on shared 39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware 78 - Supported: 81 - Enabled: 84 - Active: 87 kernel is non-zero). 99 Secure Nested Paging (SNP) [all …]
|
/openbmc/linux/arch/s390/include/asm/ |
H A D | thread_info.h | 1 /* SPDX-License-Identifier: GPL-2.0 */ 13 #include <asm/asm-offsets.h> 27 #define STACK_INIT_OFFSET (THREAD_SIZE - STACK_FRAME_OVERHEAD - __PT_SIZE) 35 * - this struct should fit entirely inside of one cache line 36 * - this struct shares the supervisor stack pages 37 * - if the contents of this structure are changed, the assembly constants must also be changed 67 #define TIF_UPROBE 3 /* breakpointed or single-stepping */ 85 #define TIF_SECCOMP 26 /* secure computing */
|
/openbmc/linux/arch/microblaze/include/asm/ |
H A D | thread_info.h | 1 /* SPDX-License-Identifier: GPL-2.0 */ 22 * - this struct should fit entirely inside of one cache line 23 * - this struct shares the supervisor stack pages 24 * - if the contents of this structure are changed, the assembly constants 38 /* non-volatile registers */ 62 unsigned long status; /* thread-synchronous flags */ 85 return (struct thread_info *)(sp & ~(THREAD_SIZE-1)); in current_thread_info() 93 * - these are process state flags that various assembly files may 95 * - pending work-to-be-done flags are in LSW 96 * - other flags in MSW [all …]
|
/openbmc/linux/arch/xtensa/include/asm/ |
H A D | thread_info.h | 2 * include/asm-xtensa/thread_info.h 8 * Copyright (C) 2001 - 2005 Tensilica Inc. 25 * - this struct should fit entirely inside of one cache line 26 * - this struct shares the supervisor stack pages 27 * - if the contents of this structure are changed, the assembly constants 51 unsigned long status; /* thread-synchronous flags */ 65 * If i-th bit is set then coprocessor state is loaded into the 113 * - these are process state flags that various assembly files may need to access 125 #define TIF_SECCOMP 10 /* secure computing */ 143 #define THREAD_SIZE_ORDER (KERNEL_STACK_SHIFT - PAGE_SHIFT)
|