Commits
Horia Geantă committed 33738b5dcd2
MLKU-62-1 arm64: dts: imx8qm/imx8qxp: add security subsystem Security subsystem includes: -caam crypto engine -secure memory Notes: 1. caam has 4 job rings, however only last 2 rings are accessible from the kernel. 2. Controller DT node is added in the same power domain as the JR2 (1st jr showing in DT). This is needed since controller driver (ctrl.c) needs first jr (JR2 in this case) "powered", so it can access its register page (which has some aliases for registers located in controller page, page that is not accesible from the kernel). Adding controller DT node to the power domain leads to SCU f/w being instructed to "power up" JR2. What actually happens is that: -XRDC2 is programmed to provide access to JR2 register page -SECO f/w is instructed to update JR2DID_LS and possibly JR2DID_MS[USE_OUT]. USE_OUT details from Security RM: "JRaDID_MS contains a USE_OUT field that enables a second set of ICID and DID values. When USE_OUT=1, this Job Ring's *data* write transactions will assert TrustZone Non-SecureWorld, along with the OUT_DID and OUT_ICID values from JRSDID_LS. All other bus transactions, including all reads, descriptor write-backs and job completion status writes will assert the PRIM_ICID, PRIM_ICID and not PRIM_TZ values from JRaDID_MS. When USE_OUT=0, all bus transactions performed on behalf of this Job Ring will use the PRIM_ICID, PRIM_ICID and not PRIM_TZ values from JRSDID_MS." Signed-off-by: Horia Geantă <horia.geanta@nxp.com>