/openbmc/qemu/hw/intc/ |
H A D | armv7m_nvic.c | 166 static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure) in nvic_gprio_mask() argument 168 return ~0U << (s->prigroup[secure] + 1); in nvic_gprio_mask() 394 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure) in armv7m_nvic_neg_prio_requested() argument 404 if (s->cpu->env.v7m.faultmask[secure]) { in armv7m_nvic_neg_prio_requested() 408 if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active : in armv7m_nvic_neg_prio_requested() 414 exc_targets_secure(s, ARMV7M_EXCP_NMI) == secure) { in armv7m_nvic_neg_prio_requested() 435 static void set_prio(NVICState *s, unsigned irq, bool secure, uint8_t prio) in set_prio() argument 442 if (secure) { in set_prio() 449 trace_nvic_set_prio(irq, secure, prio); in set_prio() 456 static int get_prio(NVICState *s, unsigned irq, bool secure) in get_prio() argument [all …]
|
H A D | arm_gicv3_dist.c | 68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in mask_group_and_nsacr() 210 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_read_ipriorityr() 232 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_write_ipriorityr() 252 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_read_irouter() 274 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_write_irouter() 383 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_readl() 450 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in gicd_readl() 529 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicd_readl() 555 if ((s->gicd_ctlr & GICD_CTLR_DS) || !attrs.secure) { in gicd_readl() 624 if (attrs.secure) { in gicd_writel() [all …]
|
/openbmc/linux/Documentation/devicetree/bindings/arm/ |
H A D | secure.txt | 15 can be supported by prefixing the property name with "secure-". So for 16 instance "secure-foo" would override "foo". For property names with 18 "vendor,secure-foo". If there is no "secure-" property then the Secure 21 validly have "secure-" versions; this list will be enlarged on a 26 still be processed unmodified by existing Non-secure software (and in 32 secure- bindings only need to be used where both the Secure and Normal 38 - secure-status : specifies whether the device is present and usable 39 in the secure world. The combination of this with "status" allows 41 specified. If "secure-status" is not specified it defaults to the 47 secure-status = "okay"; /* visible in both */ [all …]
|
/openbmc/qemu/target/arm/tcg/ |
H A D | m_helper.c | 62 uint32_t arm_v7m_mrs_control(CPUARMState *env, uint32_t secure) in arm_v7m_mrs_control() argument 64 uint32_t value = env->v7m.control[secure]; in arm_v7m_mrs_control() 66 if (!secure) { in arm_v7m_mrs_control() 221 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_write() local 247 env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK; in v7m_stack_write() 251 env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; in v7m_stack_write() 254 exc_secure = secure; in v7m_stack_write() 309 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_read() local 326 env->v7m.cfsr[secure] |= R_V7M_CFSR_MUNSTKERR_MASK; in v7m_stack_read() 328 exc_secure = secure; in v7m_stack_read() [all …]
|
/openbmc/u-boot/doc/ |
H A D | README.ti-secure | 1 README on how boot images are created for secure TI devices 7 a secure device from TI, the initial public software image must be signed 11 from Texas Instruments. The tools used to generate boot images for secure 12 devices are part of a secure development package (SECDEV) that can be 17 The secure development package is access controlled due to NDA and export 31 warning is issued during the build to indicate that a final secure 38 This is called as part of the SPL/u-boot build process. As the secure 39 boot image formats and requirements differ between secure SOC from TI, 44 package for creating a bootable SPL image for secure TI devices. 65 <OUTPUT_FILE> is the full path and filename of the final secure [all …]
|
/openbmc/qemu/include/hw/intc/ |
H A D | armv7m_nvic.h | 99 void armv7m_nvic_set_pending(NVICState *s, int irq, bool secure); 112 void armv7m_nvic_set_pending_derived(NVICState *s, int irq, bool secure); 124 void armv7m_nvic_set_pending_lazyfp(NVICState *s, int irq, bool secure); 160 int armv7m_nvic_complete_irq(NVICState *s, int irq, bool secure); 174 bool armv7m_nvic_get_ready_status(NVICState *s, int irq, bool secure); 193 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure); 195 static inline bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure) in armv7m_nvic_neg_prio_requested() argument
|
/openbmc/linux/Documentation/devicetree/bindings/crypto/ |
H A D | inside-secure-safexcel.txt | 4 - compatible: Should be "inside-secure,safexcel-eip197b", 5 "inside-secure,safexcel-eip197d" or 6 "inside-secure,safexcel-eip97ies". 21 - "inside-secure,safexcel-eip197" is equivalent to 22 "inside-secure,safexcel-eip197b". 23 - "inside-secure,safexcel-eip97" is equivalent to 24 "inside-secure,safexcel-eip97ies". 29 compatible = "inside-secure,safexcel-eip197b";
|
/openbmc/u-boot/arch/arm/cpu/armv7/ |
H A D | Kconfig | 13 bool "Enable support for booting in non-secure mode" if EXPERT 17 Say Y here to enable support for booting in non-secure / SVC mode. 20 bool "Boot in secure mode by default" if EXPERT 24 Say Y here to boot in secure mode by default even if non-secure mode 26 suppport booting in non-secure mode. Only set this if you need it. 35 Say Y here to boot in hypervisor (HYP) mode when booting non-secure.
|
/openbmc/linux/Documentation/powerpc/ |
H A D | ultravisor.rst | 56 process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process 57 is in secure mode, MSR(s)=0 process is in normal mode. 63 the VM it is returning to is secure. 101 * Memory is partitioned into secure and normal memory. Only processes 102 that are running in secure mode can access secure memory. 104 * The hardware does not allow anything that is not running secure to 105 access secure memory. This means that the Hypervisor cannot access 110 * I/O systems are not allowed to directly address secure memory. This 117 * When a process is running in secure mode all hypercalls 120 * When a process is in secure mode all interrupts go to the [all …]
|
/openbmc/u-boot/arch/arm/cpu/ |
H A D | u-boot.lds | 22 * If CONFIG_ARMV7_SECURE_BASE is true, secure code will not 26 * address for secure code. 28 * If CONFIG_ARMV7_SECURE_BASE is undefined, the secure zone will 30 * were used in secure code. The absolute addresses of the secure 70 /* Align the secure section only if we're going to use it in situ */ 122 "Error: secure section exceeds secure memory size"); 127 /* Reset VMA but don't allocate space if we have secure SRAM */
|
/openbmc/u-boot/arch/arm/mach-omap2/ |
H A D | utils.c | 56 const char *secure; in omap_set_fastboot_secure() local 61 secure = "EMU"; in omap_set_fastboot_secure() 64 secure = "HS"; in omap_set_fastboot_secure() 67 secure = "GP"; in omap_set_fastboot_secure() 70 secure = NULL; in omap_set_fastboot_secure() 74 env_set("fastboot.secure", secure); in omap_set_fastboot_secure()
|
/openbmc/linux/drivers/gpu/drm/amd/amdgpu/ |
H A D | amdgpu_ib.c | 139 bool secure, init_shadow; in amdgpu_ib_schedule() local 246 secure = false; in amdgpu_ib_schedule() 248 secure = ib->flags & AMDGPU_IB_FLAGS_SECURE; in amdgpu_ib_schedule() 249 amdgpu_ring_emit_frame_cntl(ring, true, secure); in amdgpu_ib_schedule() 256 if (secure != !!(ib->flags & AMDGPU_IB_FLAGS_SECURE)) { in amdgpu_ib_schedule() 257 amdgpu_ring_emit_frame_cntl(ring, false, secure); in amdgpu_ib_schedule() 258 secure = !secure; in amdgpu_ib_schedule() 259 amdgpu_ring_emit_frame_cntl(ring, true, secure); in amdgpu_ib_schedule() 268 amdgpu_ring_emit_frame_cntl(ring, false, secure); in amdgpu_ib_schedule()
|
/openbmc/u-boot/arch/arm/cpu/armv8/ |
H A D | Kconfig | 55 menu "ARMv8 secure monitor firmware" 57 bool "Enable ARMv8 secure monitor firmware framework support" 61 This framework is aimed at making secure monitor firmware load 65 - Address of secure firmware. 66 - Address to hold the return address from secure firmware. 69 - The target exception level that secure monitor firmware will 73 bool "Enable ARMv8 secure monitor firmware framework support for SPL" 80 bool "PSCI implementation in secure monitor firmware" 83 This config enables the ARMv8 PSCI implementation in secure monitor 88 bool "ARMv8 secure monitor firmware ERET address byteorder swap" [all …]
|
/openbmc/qemu/docs/system/devices/ |
H A D | canokey.rst | 6 CanoKey [1]_ is an open-source secure key with supports of 28 the guest OS can use all the functionalities of a secure key as if 34 inspect what happens inside a secure key 41 * For developers on software with secure key support (e.g. FIDO2, OpenPGP), 42 they can see what happens inside the secure key 43 * For secure key developers, USB packets between guest OS and CanoKey 47 on code coping with secure key. 110 of a secure key while the latter provides platform-dependent functions: 113 If you want to trace what happens inside the secure key, when compiling
|
/openbmc/u-boot/board/xilinx/zynqmp/ |
H A D | Kconfig | 11 Enable ZynqMP specific commands like "zynqmp secure" 12 which is used for zynqmp secure image verification. 13 The secure image is a xilinx specific BOOT.BIN with
|
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-devtools/android-tools/android-tools/core/ |
H A D | 0008-adb-Allow-adbd-to-be-ran-as-root.patch | 17 int secure = 0; 21 /* run adbd in secure mode if ro.secure is set and
|
/openbmc/qemu/roms/ |
H A D | edk2-build.config | 49 [build.ovmf.i386.secure] 50 desc = ovmf build (32-bit, secure boot) 57 cpy1 = FV/OVMF_CODE.fd edk2-i386-secure-code.fd 71 [build.ovmf.x86_64.secure] 72 desc = ovmf build (64-bit, secure boot) 79 cpy1 = FV/OVMF_CODE.fd edk2-x86_64-secure-code.fd
|
/openbmc/openbmc/meta-arm/meta-arm/recipes-security/trusted-services/files/ |
H A D | 0001-Allow-configuring-flash-image-files-compile-time.patch | 28 +#define FILE_BLK_FILE_NAME "secure-flash.img" 38 - file_block_store_factory_set_filename("secure-flash.img"); 55 +set(FILE_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.") 67 +#define SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" 77 - "secure-flash.img", 94 +set(SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image fil…
|
/openbmc/openbmc/meta-arm/meta-arm-bsp/documentation/corstone1000/ |
H A D | software-architecture.rst | 36 framework to build secure IoT devices. 51 secure flash. Software running on the Secure Enclave is isolated via 62 the TrustZone technology that allows secure and non-secure security 69 (`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and 70 linux (`linux repo`_) in the non-secure world. The communication between 71 non-secure and the secure world is performed via FF-A messages. 152 secure and non-secure software. 175 by the secure enclave's BL2 (MCUBoot) before starting TF-A. 194 For UEFI Secure Boot, authenticated variables can be accessed from the secure flash. 202 Corstone-1000 is unique in providing a secure environment to run a secure [all …]
|
/openbmc/u-boot/board/xilinx/zynq/ |
H A D | Kconfig | 22 bool "Enable zynq rsa command for loading secure images" 27 Enabling this will support zynq secure image verification. 28 The secure image is a xilinx specific BOOT.BIN with
|
/openbmc/u-boot/doc/device-tree-bindings/mailbox/ |
H A D | k3-secure-proxy.txt | 12 - compatible: Shall be: "ti,am654-secure-proxy" 14 scfg - Map the secure configuration region 23 compatible = "ti,am654-secure-proxy";
|
/openbmc/linux/arch/arm/mach-omap2/ |
H A D | Makefile | 16 secure-common = omap-smc.o omap-secure.o 19 obj-$(CONFIG_ARCH_OMAP3) += $(omap-2-3-common) $(hwmod-common) $(secure-common) 20 obj-$(CONFIG_ARCH_OMAP4) += $(secure-common) 21 obj-$(CONFIG_SOC_AM33XX) += $(secure-common) 22 obj-$(CONFIG_SOC_OMAP5) += $(secure-common) 23 obj-$(CONFIG_SOC_AM43XX) += $(secure-common) 24 obj-$(CONFIG_SOC_DRA7XX) += $(secure-common)
|
/openbmc/qemu/hw/arm/ |
H A D | xlnx-zcu102.c | 35 bool secure; member 51 return s->secure; in OBJECT_DECLARE_SIMPLE_TYPE() 58 s->secure = value; in zcu102_set_secure() 85 if (!s->secure) { in zcu102_modify_dtb() 154 object_property_set_bool(OBJECT(&s->soc), "secure", s->secure, in xlnx_zcu102_init() 256 s->secure = false; in xlnx_zcu102_machine_instance_init()
|
/openbmc/openbmc/meta-arm/meta-arm/recipes-security/trusted-services/ |
H A D | ts-sp-fwu_git.bb | 26 # Deploy the secure flash image. 28 cp -v ${S}/components/media/disk/disk_images/multi_location_fw.img ${DEPLOYDIR}/secure-flash.img 32 …ING_BLK_FILE_NAME:STRING=${@oe.path.relative('${TMPDIR}', '${DEPLOY_DIR_IMAGE}')}/secure-flash.img"
|
/openbmc/linux/fs/ |
H A D | anon_inodes.c | 82 bool secure) in __anon_inode_getfile() argument 90 if (secure) { in __anon_inode_getfile() 184 bool secure) in __anon_inode_getfd() argument 195 secure); in __anon_inode_getfd()
|