| Message ID | 20240509-secvio-v1-0-90fbe2baeda2@nxp.com |
|---|---|
| Headers | show |
| Series | soc: imx: secvio: Add secvio support | expand |
On 09/05/2024 02:45, Vabhav Sharma wrote: > The tampers are security feature available on i.MX products and > managed by SNVS block.The tamper goal is to detect the variation > of hardware or physical parameters, which can indicate an attack. > > The SNVS, which provides secure non-volatile storage, allows to > detect some hardware attacks against the SoC.They are connected > to the security-violation ports, which send an alert when an > out-of-range value is detected. > > This detection is done by: > -Analog tampers: measure analogic values > - External clock frequency. > - Temperature. > - Voltage. > > - Digital tampers: > - External tamper > - Other detectors: > - Secure real-time counter rollover tamper. > - Monotonic counter rollover tamper. > - Power supply glitch tamper. > > The on-chip sensors for voltage, temperature, and clock frequency > indicate if tamper scenarios may be present. These sensors generate an > out-of-range signal that causes a security violation to clear the > authentication and storage keys and to block access to sensitive > information. > > Add linux module secvio driver to handle security violation interrupt. > > The "imx-secvio-sc" module is designed to report security violations > and tamper triggering to the user. > > The functionalities of the module are accessible via the "debugfs" > kernel.The folder containing the interface files for the module is > "<kernel_debugfs>/secvio/". > > Get status > Reading from the "info" file will return the status of security: > - Fuse related to security tampers. > - SNVS readable registers. > - DGO registers. > > Signed-off-by: Vabhav Sharma <vabhav.sharma@nxp.com> > --- > Vabhav Sharma (4): > dt-bindings: firmware: secvio: Add device tree bindings > firmware: imx: Add SC APIs required for secvio module > soc: imx: secvio: Add support for SNVS secvio and tamper via SCFW > arm64: dts: imx8q: Add node for Security Violation Please version your patches correctly and provide changelog. I wrote about b4 already, which solves this as well. What changed here? Best regards, Krzysztof
> -----Original Message----- > From: Krzysztof Kozlowski <krzk@kernel.org> > Sent: Thursday, May 9, 2024 11:21 AM > To: Vabhav Sharma <vabhav.sharma@nxp.com>; Rob Herring > <robh@kernel.org>; Krzysztof Kozlowski <krzk+dt@kernel.org>; Conor Dooley > <conor+dt@kernel.org>; Franck Lenormand <franck.lenormand@nxp.com>; > Aisheng Dong <aisheng.dong@nxp.com>; Shawn Guo > <shawnguo@kernel.org>; Sascha Hauer <s.hauer@pengutronix.de>; > Pengutronix Kernel Team <kernel@pengutronix.de>; Fabio Estevam > <festevam@gmail.com>; Peng Fan <peng.fan@nxp.com> > Cc: devicetree@vger.kernel.org; linux-kernel@vger.kernel.org; > imx@lists.linux.dev; linux-arm-kernel@lists.infradead.org; Varun Sethi > <V.Sethi@nxp.com>; Silvano Di Ninno <silvano.dininno@nxp.com>; Pankaj > Gupta <pankaj.gupta@nxp.com>; Frank Li <frank.li@nxp.com>; Daniel Baluta > <daniel.baluta@nxp.com>; Iuliana Prodan <iuliana.prodan@nxp.com>; Horia > Geanta <horia.geanta@nxp.com> > Subject: [EXT] Re: [PATCH 0/4] soc: imx: secvio: Add secvio support > > Caution: This is an external email. Please take care when clicking links or > opening attachments. When in doubt, report the message using the 'Report > this email' button > > > On 09/05/2024 02:45, Vabhav Sharma wrote: > > The tampers are security feature available on i.MX products and > > managed by SNVS block.The tamper goal is to detect the variation of > > hardware or physical parameters, which can indicate an attack. > > > > The SNVS, which provides secure non-volatile storage, allows to detect > > some hardware attacks against the SoC.They are connected to the > > security-violation ports, which send an alert when an out-of-range > > value is detected. > > > > This detection is done by: > > -Analog tampers: measure analogic values > > - External clock frequency. > > - Temperature. > > - Voltage. > > > > - Digital tampers: > > - External tamper > > - Other detectors: > > - Secure real-time counter rollover tamper. > > - Monotonic counter rollover tamper. > > - Power supply glitch tamper. > > > > The on-chip sensors for voltage, temperature, and clock frequency > > indicate if tamper scenarios may be present. These sensors generate an > > out-of-range signal that causes a security violation to clear the > > authentication and storage keys and to block access to sensitive > > information. > > > > Add linux module secvio driver to handle security violation interrupt. > > > > The "imx-secvio-sc" module is designed to report security violations > > and tamper triggering to the user. > > > > The functionalities of the module are accessible via the "debugfs" > > kernel.The folder containing the interface files for the module is > > "<kernel_debugfs>/secvio/". > > > > Get status > > Reading from the "info" file will return the status of security: > > - Fuse related to security tampers. > > - SNVS readable registers. > > - DGO registers. > > > > Signed-off-by: Vabhav Sharma <vabhav.sharma@nxp.com> > > --- > > Vabhav Sharma (4): > > dt-bindings: firmware: secvio: Add device tree bindings > > firmware: imx: Add SC APIs required for secvio module > > soc: imx: secvio: Add support for SNVS secvio and tamper via SCFW > > arm64: dts: imx8q: Add node for Security Violation > > Please version your patches correctly and provide changelog. Sure, I will update the changelog for v1 and v2. > > I wrote about b4 already, which solves this as well. Ok, I used it, will provide details for changelog in next version > > What changed here? As highlighted by you, Used b4 script to auto add all maintainer/reviewer. > > Best regards, > Krzysztof
The tampers are security feature available on i.MX products and managed by SNVS block.The tamper goal is to detect the variation of hardware or physical parameters, which can indicate an attack. The SNVS, which provides secure non-volatile storage, allows to detect some hardware attacks against the SoC.They are connected to the security-violation ports, which send an alert when an out-of-range value is detected. This detection is done by: -Analog tampers: measure analogic values - External clock frequency. - Temperature. - Voltage. - Digital tampers: - External tamper - Other detectors: - Secure real-time counter rollover tamper. - Monotonic counter rollover tamper. - Power supply glitch tamper. The on-chip sensors for voltage, temperature, and clock frequency indicate if tamper scenarios may be present. These sensors generate an out-of-range signal that causes a security violation to clear the authentication and storage keys and to block access to sensitive information. Add linux module secvio driver to handle security violation interrupt. The "imx-secvio-sc" module is designed to report security violations and tamper triggering to the user. The functionalities of the module are accessible via the "debugfs" kernel.The folder containing the interface files for the module is "<kernel_debugfs>/secvio/". Get status Reading from the "info" file will return the status of security: - Fuse related to security tampers. - SNVS readable registers. - DGO registers. Signed-off-by: Vabhav Sharma <vabhav.sharma@nxp.com> --- Vabhav Sharma (4): dt-bindings: firmware: secvio: Add device tree bindings firmware: imx: Add SC APIs required for secvio module soc: imx: secvio: Add support for SNVS secvio and tamper via SCFW arm64: dts: imx8q: Add node for Security Violation .../bindings/arm/freescale/fsl,scu-secvio.yaml | 35 ++ .../devicetree/bindings/firmware/fsl,scu.yaml | 10 + arch/arm64/boot/dts/freescale/imx8qxp.dtsi | 5 + drivers/firmware/imx/Makefile | 2 +- drivers/firmware/imx/imx-scu.c | 4 +- drivers/firmware/imx/seco.c | 216 ++++++++ drivers/soc/imx/Kconfig | 11 + drivers/soc/imx/Makefile | 1 + drivers/soc/imx/secvio/Makefile | 2 + drivers/soc/imx/secvio/imx-secvio-debugfs.c | 274 ++++++++++ drivers/soc/imx/secvio/imx-secvio-sc.c | 595 +++++++++++++++++++++ include/linux/firmware/imx/ipc.h | 1 + include/linux/firmware/imx/sci.h | 4 + include/linux/firmware/imx/svc/seco.h | 69 +++ include/soc/imx/imx-secvio-sc.h | 216 ++++++++ 15 files changed, 1443 insertions(+), 2 deletions(-) --- base-commit: 93a39e4766083050ca0ecd6a3548093a3b9eb60c change-id: 20240508-secvio-8acfa2838385 Best regards,