Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/devicetree/bindings/arm/secure.txt 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) * ARM Secure world bindings
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) ARM CPUs with TrustZone support have two distinct address spaces,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) "Normal" and "Secure". Most devicetree consumers (including the Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) kernel) are not TrustZone aware and run entirely in either the Normal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) world or the Secure world. However some devicetree consumers are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) TrustZone aware and need to be able to determine whether devices are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) visible only in the Secure address space, only in the Normal address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) space, or visible in both. (One example of that situation would be a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) virtual machine which boots Secure firmware and wants to tell the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) firmware about the layout of the machine via devicetree.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) The general principle of the naming scheme for Secure world bindings
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) is that any property that needs a different value in the Secure world
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) can be supported by prefixing the property name with "secure-". So for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) instance "secure-foo" would override "foo". For property names with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) a vendor prefix, the Secure variant of "vendor,foo" would be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) "vendor,secure-foo". If there is no "secure-" property then the Secure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) world value is the same as specified for the Normal world by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) non-prefixed property. However, only the properties listed below may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) validly have "secure-" versions; this list will be enlarged on a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) case-by-case basis.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) Defining the bindings in this way means that a device tree which has
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) been annotated to indicate the presence of Secure-only devices can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) still be processed unmodified by existing Non-secure software (and in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) particular by the kernel).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) Note that it is still valid for bindings intended for purely Secure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) world consumers (like kernels that run entirely in Secure) to simply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) describe the view of Secure world using the standard bindings. These
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) secure- bindings only need to be used where both the Secure and Normal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) world views need to be described in a single device tree.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) Valid Secure world properties
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) -----------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) - secure-status : specifies whether the device is present and usable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)   in the secure world. The combination of this with "status" allows
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)   the various possible combinations of device visibility to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)   specified. If "secure-status" is not specified it defaults to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)   same value as "status"; if "status" is not specified either then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)   both default to "okay". This means the following combinations are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)   possible:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)    /* Neither specified: default to visible in both S and NS */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)    secure-status = "okay";                          /* visible in both */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)    status = "okay";                                 /* visible in both */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)    status = "okay"; secure-status = "okay";         /* visible in both */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)    secure-status = "disabled";                      /* NS-only */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)    status = "okay"; secure-status = "disabled";     /* NS-only */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)    status = "disabled"; secure-status = "okay";     /* S-only */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)    status = "disabled";                             /* disabled in both */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)    status = "disabled"; secure-status = "disabled"; /* disabled in both */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) The secure-chosen node
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) ----------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) Similar to the /chosen node which serves as a place for passing data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) between firmware and the operating system, the /secure-chosen node may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) be used to pass data to the Secure OS. Only the properties defined
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) below may appear in the /secure-chosen node.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) - stdout-path : specifies the device to be used by the Secure OS for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65)   its console output. The syntax is the same as for /chosen/stdout-path.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66)   If the /secure-chosen node exists but the stdout-path property is not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)   present, the Secure OS should not perform any console output. If
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)   /secure-chosen does not exist, the Secure OS should use the value of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)   /chosen/stdout-path instead (that is, use the same device as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)   Normal world OS).
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.