/qemu/include/hw/intc/ |
H A D | armv7m_nvic.h | 47 * a Secure and a NonSecure version of the exception and its state): 50 * they may be configurable to target either Secure or NonSecure state. 51 * We store the secure exception state in sec_vectors[] for the banked 53 * like SecureFault that unconditionally target Secure state). 72 /* true if vectpending is a banked secure exception, ie it is in 91 * @secure: false for non-banked exceptions or for the nonsecure 92 * version of a banked exception, true for the secure version of a banked 96 * if @secure is true and @irq does not specify one of the fixed set 99 void armv7m_nvic_set_pending(NVICState *s, int irq, bool secure); 104 * @secure: false for non-banked exceptions or for the nonsecure [all …]
|
/qemu/hw/intc/ |
H A D | armv7m_nvic.c | 62 /* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */ 166 static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure) in nvic_gprio_mask() argument 168 return ~0U << (s->prigroup[secure] + 1); in nvic_gprio_mask() 173 /* Return true if this non-banked exception targets Secure state. */ in exc_targets_secure() 208 * secure state or not. in exc_group_prio() 240 * - secure exception takes precedence in nvic_recompute_state_secure() 301 * would be even worse, so we retain a separate non-secure-only in nvic_recompute_state() 394 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure) in armv7m_nvic_neg_prio_requested() argument 404 if (s->cpu->env.v7m.faultmask[secure]) { in armv7m_nvic_neg_prio_requested() 408 if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active : in armv7m_nvic_neg_prio_requested() [all …]
|
H A D | arm_gicv3_dist.c | 19 * Secure interrupts: 20 * 0b00: no access (NS accesses to bits for Secure interrupts will RAZ/WI) 64 * combination of attrs.secure, GICD_GROUPR and GICD_NSACR. in mask_group_and_nsacr() 68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in mask_group_and_nsacr() 69 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI in mask_group_and_nsacr() 101 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_write_bitmap_reg() 124 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_write_set_bitmap_reg() 148 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_write_clear_bitmap_reg() 172 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_read_bitmap_reg() 199 * honouring security state (these are RAZ/WI for Group 0 or Secure in gicd_read_ipriorityr() [all …]
|
H A D | arm_gic.c | 82 return !gic_is_vcpu(cpu) && s->security_extn && !attrs.secure; in gic_cpu_ns_access() 431 * behaves in the same way as a secure access to a GIC with them. in gic_get_current_pending_irq() 433 bool secure = !gic_cpu_ns_access(s, cpu, attrs); in gic_get_current_pending_irq() local 435 if (group == 0 && !secure) { in gic_get_current_pending_irq() 436 /* Group0 interrupts hidden from Non-secure access */ in gic_get_current_pending_irq() 439 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { in gic_get_current_pending_irq() 440 /* Group1 interrupts only seen by Secure access if in gic_get_current_pending_irq() 667 if (s->security_extn && !attrs.secure) { in gic_dist_set_priority() 669 return; /* Ignore Non-secure access of Group0 IRQ */ in gic_dist_set_priority() 671 val = 0x80 | (val >> 1); /* Non-secure view */ in gic_dist_set_priority() [all …]
|
H A D | trace-events | 176 …nt64_t data, unsigned size, bool secure) "GICv3 distributor read: offset 0x%" PRIx64 " data 0x%" P… 177 …read(uint64_t offset, unsigned size, bool secure) "GICv3 distributor read: offset 0x%" PRIx64 " si… 178 …t64_t data, unsigned size, bool secure) "GICv3 distributor write: offset 0x%" PRIx64 " data 0x%" P… 179 …t64_t data, unsigned size, bool secure) "GICv3 distributor write: offset 0x%" PRIx64 " data 0x%" P… 183 …_t data, unsigned size, bool secure) "GICv3 redistributor 0x%x read: offset 0x%" PRIx64 " data 0x%… 184 …, uint64_t offset, unsigned size, bool secure) "GICv3 redistributor 0x%x read: offset 0x%" PRIx64 … 185 …_t data, unsigned size, bool secure) "GICv3 redistributor 0x%x write: offset 0x%" PRIx64 " data 0x… 186 …_t data, unsigned size, bool secure) "GICv3 redistributor 0x%x write: offset 0x%" PRIx64 " data 0x… 233 nvic_set_prio(int irq, bool secure, uint8_t prio) "NVIC set irq %d secure-bank %d priority %d" 237 …vic_set_pending(int irq, bool secure, bool targets_secure, bool derived, int en, int prio) "NVIC s… [all …]
|
H A D | arm_gicv3_redist.c | 21 * combination of attrs.secure and GICR_GROUPR. (GICR_NSACR does in mask_group() 24 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in mask_group() 25 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI */ in mask_group() 124 /* LPIs and vLPIs are always non-secure Grp1 interrupts */ in update_for_one_lpi() 204 * honouring security state (these are RAZ/WI for Group 0 or Secure in gicr_read_ipriorityr() 211 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_read_ipriorityr() 213 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ in gicr_read_ipriorityr() 226 * honouring security state (these are RAZ/WI for Group 0 or Secure in gicr_write_ipriorityr() 229 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_write_ipriorityr() 231 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ in gicr_write_ipriorityr() [all …]
|
/qemu/target/arm/tcg/ |
H A D | m_helper.c | 61 uint32_t arm_v7m_mrs_control(CPUARMState *env, uint32_t secure) in arm_v7m_mrs_control() argument 63 uint32_t value = env->v7m.control[secure]; in arm_v7m_mrs_control() 65 if (!secure) { in arm_v7m_mrs_control() 220 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_write() local 246 env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK; in v7m_stack_write() 250 env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; in v7m_stack_write() 253 exc_secure = secure; in v7m_stack_write() 308 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_read() local 325 env->v7m.cfsr[secure] |= R_V7M_CFSR_MUNSTKERR_MASK; in v7m_stack_read() 327 exc_secure = secure; in v7m_stack_read() [all …]
|
/qemu/docs/system/devices/ |
H A D | canokey.rst | 6 CanoKey [1]_ is an open-source secure key with supports of 28 the guest OS can use all the functionalities of a secure key as if 34 inspect what happens inside a secure key 41 * For developers on software with secure key support (e.g. FIDO2, OpenPGP), 42 they can see what happens inside the secure key 43 * For secure key developers, USB packets between guest OS and CanoKey 47 on code coping with secure key. 110 of a secure key while the latter provides platform-dependent functions: 113 If you want to trace what happens inside the secure key, when compiling
|
/qemu/target/arm/ |
H A D | cpu-qom.h | 43 /* For M profile, some registers are banked secure vs non-secure; 45 * is the non-secure copy and the second is the secure copy. 49 * accessed via env->registerfield[env->v7m.secure] (whether the security
|
H A D | ptw.c | 32 * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, 39 * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, 50 * stage 1 is Secure; in that case the only possibilities for 51 * the ptw read are Secure and NonSecure, and the in_ptw_idx 168 * Secure IPA or a NonSecure IPA, which we know from whether this is 170 * If this is the Secure EL1&0 regime we need to check the NSW and SW bits. 182 * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do in ptw_idx_for_stage_2() 309 .secure = true, in granule_protection_check() 374 * GPC Priority 2: Secure, Realm or Root address exceeds PPS. in granule_protection_check() 534 * The only exception is when stage 1 is Secure; in that case in S2_security_space() [all …]
|
/qemu/hw/misc/ |
H A D | tz-msc.c | 63 * MemTxAttrs indicating a secure transaction, or allow it with 64 * MemTxAttrs indicating a non-secure transaction. 91 * whether bus master is configured as Secure or NonSecure in tz_msc_check() 102 /* Access to Secure region by Secure bus master: OK */ in tz_msc_check() 106 /* Attempted access to Secure region by NS bus master: block */ in tz_msc_check() 139 attrs.secure = 1; in tz_msc_read() 143 attrs.secure = 0; in tz_msc_read() 181 attrs.secure = 1; in tz_msc_write() 185 attrs.secure = 0; in tz_msc_write()
|
H A D | tz-mpc.c | 24 /* Our IOMMU has two IOMMU indexes, one for secure transactions and one for 25 * non-secure transactions. 147 if (!attrs.secure && offset < A_PIDR4) { in tz_mpc_reg_read() 240 if (!attrs.secure && offset < A_PIDR4) { in tz_mpc_reg_write() 377 ~attrs.secure); in tz_mpc_handle_block() 398 trace_tz_mpc_mem_blocked_read(addr, size, attrs.secure); in tz_mpc_mem_blocked_read() 410 trace_tz_mpc_mem_blocked_write(addr, value, size, attrs.secure); in tz_mpc_mem_blocked_write() 442 * If the LUT cfg_ns bit is 1, only non-secure transactions in tz_mpc_translate() 443 * may pass. If the bit is 0, only secure transactions may pass. in tz_mpc_translate() 457 /* We treat unspecified attributes like secure. Transactions with in tz_mpc_attrs_to_index() [all …]
|
H A D | a9scu.c | 32 case 0x0c: /* Invalidate All Registers In Secure State */ in a9_scu_read() 39 case 0x54: /* SCU Non-secure Access Control Register */ in a9_scu_read() 62 case 0x0c: /* Invalidate All Registers In Secure State */ in a9_scu_write() 70 case 0x54: /* SCU Non-secure Access Control Register */ in a9_scu_write()
|
/qemu/hw/arm/ |
H A D | xlnx-zcu102.c | 35 bool secure; member 51 return s->secure; in OBJECT_DECLARE_SIMPLE_TYPE() 58 s->secure = value; in zcu102_set_secure() 85 if (!s->secure) { in zcu102_modify_dtb() 154 object_property_set_bool(OBJECT(&s->soc), "secure", s->secure, in xlnx_zcu102_init() 255 /* Default to secure mode being disabled */ in xlnx_zcu102_machine_instance_init() 256 s->secure = false; in xlnx_zcu102_machine_instance_init() 286 object_class_property_add_bool(oc, "secure", zcu102_get_secure, in xlnx_zcu102_machine_class_init() 288 object_class_property_set_description(oc, "secure", in xlnx_zcu102_machine_class_init()
|
H A D | armv7m.c | 139 if (attrs.secure) { in v7m_sysreg_ns_write() 141 attrs.secure = 0; in v7m_sysreg_ns_write() 159 if (attrs.secure) { in v7m_sysreg_ns_read() 161 attrs.secure = 0; in v7m_sysreg_ns_read() 188 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0); in v7m_systick_write() 201 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0); in v7m_systick_read() 267 * We can't initialize the secure systick here, as we don't know in armv7m_instance_init() 340 * MPU regions for Secure vs NonSecure. QEMU's CPU implementation doesn't in armv7m_realize() 406 * NonSecure alias SCS; secure accesses to this behave like NS accesses in armv7m_realize() 407 * to the main SCS range, and non-secure accesses (including when in armv7m_realize() [all …]
|
/qemu/pc-bios/descriptors/ |
H A D | 50-edk2-i386-secure.json | 2 "description": "UEFI firmware for i386, with Secure Boot and SMM", 9 "filename": "@DATADIR@/edk2-i386-secure-code.fd", 28 "secure-boot",
|
H A D | 50-edk2-x86_64-secure.json | 2 "description": "UEFI firmware for x86_64, with Secure Boot and SMM", 9 "filename": "@DATADIR@/edk2-x86_64-secure-code.fd", 29 "secure-boot",
|
/qemu/include/hw/arm/ |
H A D | boot.h | 64 * control whether Linux is booted as secure(true) or non-secure(false). 126 * If set, the board specific loader/setup blob will be run from secure 128 * changing to non-secure state if implementing a non-secure boot, 129 * including setting up EL3/Secure registers such as the NSACR as 130 * required by the Linux booting ABI before the switch to non-secure. 183 /* Write a secure board setup routine with a dummy handler for SMCs */
|
H A D | armv7m.h | 51 * + Property "init-svtor": secure VTOR reset value (forwarded to CPU object) 52 * + Property "init-nsvtor": non-secure VTOR reset value (forwarded to CPU object) 56 * + Property "mpu-ns-regions": number of Non-Secure MPU regions (forwarded 59 * + Property "mpu-s-regions": number of Secure MPU regions (default is
|
/qemu/roms/ |
H A D | edk2-build.config | 49 [build.ovmf.i386.secure] 50 desc = ovmf build (32-bit, secure boot) 57 cpy1 = FV/OVMF_CODE.fd edk2-i386-secure-code.fd 71 [build.ovmf.x86_64.secure] 72 desc = ovmf build (64-bit, secure boot) 79 cpy1 = FV/OVMF_CODE.fd edk2-x86_64-secure-code.fd
|
/qemu/include/exec/ |
H A D | memattrs.h | 20 * bus (such as the ARM Secure/NonSecure bit). We define them 27 * ARM/AMBA: TrustZone Secure access 30 unsigned int secure:1; member 32 * ARM: ArmSecuritySpace. This partially overlaps secure, but it is
|
/qemu/include/hw/misc/ |
H A D | tz-msc.h | 19 * a DMA controller) and allows secure software to configure it to either 35 * treated as nonsecure, or 0 for secure 43 * addresses should be treated as secure and which as non-secure.
|
/qemu/include/hw/watchdog/ |
H A D | cmsdk-apb-watchdog.h | 25 * (For instance the IoTKit does this with the non-secure watchdog, so that 26 * secure code can control whether non-secure code can perform a system
|
/qemu/docs/interop/ |
H A D | firmware.json | 135 # @amd-sev: The firmware supports running under AMD Secure Encrypted 141 # @amd-sev-es: The firmware supports running under AMD Secure Encrypted 147 # @amd-sev-snp: The firmware supports running under AMD Secure Encrypted 148 # Virtualization - Secure Nested Paging, as specified in the 157 # the firmware binary has the UEFI Secure Boot 171 # both @secure-boot and @requires-smm, then write 175 # driver=cfi.pflash01,property=secure,value=on". 190 # @secure-boot: The firmware implements the software interfaces for UEFI 191 # Secure Boot, as defined in the UEFI specification. Note 193 # kernel privileges can undermine the security of Secure [all …]
|
/qemu/include/standard-headers/linux/ |
H A D | virtio_blk.h | 43 #define VIRTIO_BLK_F_SECURE_ERASE 16 /* Secure Erase is supported */ 127 * The maximum secure erase sectors (in 512-byte sectors) for 132 * The maximum number of secure erase segments in a 133 * secure erase command. 136 /* Secure erase commands must be aligned to this number of sectors. */ 183 /* Secure erase command */
|