linux/drivers/mxc/security/scc2_driver.c File Reference

Functions

scc_config_tscc_get_configuration (void)
scc_return_t scc_zeroize_memories (void)
void scc_set_sw_alarm (void)
scc_return_t scc_monitor_security_failure (void callback_func(void))
void scc_stop_monitoring_security_failure (void callback_func(void))
scc_return_t scc_read_register (int register_offset, uint32_t *value)
scc_return_t scc_write_register (int register_offset, uint32_t value)
 OS_DEV_ISR (scc_irq)
static int offset_within_smn (uint32_t register_offset)
static int offset_within_scm (uint32_t register_offset)

Variables

static struct platform_driver mxcscc_driver

Detailed Description

This is the driver code for the Security Controller version 2 (SCC2). It's interaction with the Linux kernel is from calls to scc_init() when the driver is loaded, and scc_cleanup() should the driver be unloaded. The driver uses locking and (task-sleep/task-wakeup) functions from the kernel. It also registers itself to handle the interrupt line(s) from the SCC. New to this version of the driver is an interface providing access to the secure partitions. This is in turn exposed to the API user through the fsl_shw_smalloc() series of functions. Other drivers in the kernel may use the remaining API functions to get at the services of the SCC. The main service provided is the Secure Memory, which allows encoding and decoding of secrets with a per-chip secret key.

The SCC is single-threaded, and so is this module. When the scc_crypt() routine is called, it will lock out other accesses to the function. If another task is already in the module, the subsequent caller will spin on a lock waiting for the other access to finish.

Note that long crypto operations could cause a task to spin for a while, preventing other kernel work (other than interrupt processing) to get done.

The external (kernel module) interface is through the following functions:

All other functions are internal to the driver.


Function Documentation

static int offset_within_scm ( uint32_t  register_offset  )  [inline, static]

Check that the offset is with the bounds of the SCM register set.

Parameters:
[in] register_offset Register offset of SCM
Returns:
1 if true, 0 if false (not within SCM)
static int offset_within_smn ( uint32_t  register_offset  )  [inline, static]

Check that the offset is with the bounds of the SMN register set.

Parameters:
[in] register_offset register offset of SMN.
Returns:
1 if true, 0 if false (not within SMN)
OS_DEV_ISR ( scc_irq   ) 

This is the interrupt handler for the SCC.

This function checks the SMN Status register to see whether it generated the interrupt, then it checks the SCM Status register to see whether it needs attention.

If an SMN Interrupt is active, then the SCC state set to failure, and scc_perform_callbacks() is invoked to notify any interested parties.

The SCM Interrupt should be masked, as this driver uses polling to determine when the SCM has completed a crypto or zeroing operation. Therefore, if the interrupt is active, the driver will just clear the interrupt and (re)mask.

References IRQ_RETVAL, os_dev_get_irq, os_dev_isr_return, SCC_READ_REGISTER, scc_update_state(), SCC_WRITE_REGISTER, SCM_INTERRUPT_CTRL, SCM_INTERRUPT_CTRL_CLEAR_INTERRUPT, SCM_INTERRUPT_CTRL_MASK_INTERRUPTS, SCM_STATUS, SMN_COMMAND, SMN_COMMAND_CLEAR_INTERRUPT, and SMN_STATUS_SMN_STATUS_IRQ.

scc_config_t* scc_get_configuration ( void   ) 

Retrieve configuration information from the SCC.

This function always succeeds.

Returns:
A pointer to the configuration information. This is a pointer to static memory and must not be freed. The values never change, and the return value will never be null.

References scc_availability, scc_init(), and SCC_STATUS_INITIAL.

scc_return_t scc_monitor_security_failure ( void   callback_funcvoid  ) 

This routine will register a function to be called should a Security Failure be signalled by the SCC (Security Monitor).

The callback function may be called from interrupt level, it may be called from some process' task. It should therefore not take a long time to perform its operation, and it may not sleep.

Parameters:
callback_func Function pointer to routine which will receive notification of the security failure.
Returns:
0 if function was successfully registered, non-zero on failure. See scc_return_t.

References os_lock_save_context, os_unlock_restore_context, scc_availability, scc_callbacks, scc_callbacks_lock, scc_init(), and SCC_STATUS_INITIAL.

scc_return_t scc_read_register ( int  register_offset,
uint32_t *  value 
)

Read value from an SCC register. The offset will be checked for validity (range) as well as whether it is accessible (e.g. not busy, not in failed state) at the time of the call.

Parameters:
[in] register_offset The (byte) offset within the SCC block of the register to be queried. See SCM Registers and SMN Registers.
[out] value Pointer to where value from the register should be placed.
Returns:
0 if OK, non-zero on error. See scc_return_t.

References check_register_accessible(), check_register_offset(), scc_availability, scc_init(), SCC_READ_REGISTER, SCC_STATUS_INITIAL, SCC_STATUS_UNIMPLEMENTED, and scc_update_state().

void scc_set_sw_alarm ( void   ) 

Signal a software alarm to the SCC. This will take the SCC and other PISA parts out of Secure mode and into Security Failure mode. The SCC will stay in failed mode until a reboot.

References scc_availability, scc_init(), scc_perform_callbacks(), SCC_STATUS_FAILED, SCC_STATUS_INITIAL, SCC_STATUS_OK, scc_update_state(), SCC_WRITE_REGISTER, and SMN_COMMAND_SET_SOFTWARE_ALARM.

void scc_stop_monitoring_security_failure ( void   callback_funcvoid  ) 

This routine will deregister a function previously registered with scc_monitor_security_failure().

Parameters:
callback_func Function pointer to routine previously registered with scc_stop_monitoring_security_failure().

References os_lock_save_context, os_unlock_restore_context, scc_availability, scc_callbacks, scc_callbacks_lock, scc_init(), and SCC_STATUS_INITIAL.

scc_return_t scc_write_register ( int  register_offset,
uint32_t  value 
)

Write a new value into an SCC register. The offset will be checked for validity (range) as well as whether it is accessible (e.g. not busy, not in failed state) at the time of the call.

Parameters:
[in] register_offset The (byte) offset within the SCC block of the register to be modified. See SCM Registers and SMN Registers.
[in] value The value to store into the register.
Returns:
0 if OK, non-zero on error. See scc_return_t.

References check_register_accessible(), check_register_offset(), scc_availability, scc_init(), SCC_READ_REGISTER, SCC_STATUS_INITIAL, SCC_STATUS_UNIMPLEMENTED, scc_update_state(), and SCC_WRITE_REGISTER.

scc_return_t scc_zeroize_memories ( void   ) 

Zeroize Red and Black memories of the SCC. This will start the Zeroizing process. The routine will return when the memories have zeroized or failed to do so. The driver will poll waiting for this to occur, so this routine must not be called from interrupt level. Some future version of driver may elect instead to sleep.

Returns:
0 or error if initialization fails.

Variable Documentation

struct platform_driver mxcscc_driver [static]
Initial value:
 {
        .driver = {
                   .name = SCC_DRIVER_NAME,
                   },
        .probe = scc_dev_probe,
        .remove = scc_dev_remove,
        .suspend = scc_suspend,
        .resume = scc_resume,
}

Linux Driver definition

footer
©  Freescale Semiconductor, Inc., 2007.  All rights reserved.
Freescale Confidential Proprietary
NDA Required
doxygen