| /qemu/include/hw/intc/ |
| H A D | armv7m_nvic.h | 47 * a Secure and a NonSecure version of the exception and its state):
50 * they may be configurable to target either Secure or NonSecure state.
51 * We store the secure exception state in sec_vectors[] for the banked
53 * like SecureFault that unconditionally target Secure state).
72 /* true if vectpending is a banked secure exception, ie it is in
91 * @secure: false for non-banked exceptions or for the nonsecure
92 * version of a banked exception, true for the secure version of a banked
96 * if @secure is true and @irq does not specify one of the fixed set
99 void armv7m_nvic_set_pending(NVICState *s, int irq, bool secure);
104 * @secure: false for non-banked exceptions or for the nonsecure
[all …]
|
| /qemu/hw/intc/ |
| H A D | armv7m_nvic.c | 62 /* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */
166 static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure) in nvic_gprio_mask() argument
168 return ~0U << (s->prigroup[secure] + 1); in nvic_gprio_mask()
173 /* Return true if this non-banked exception targets Secure state. */ in exc_targets_secure()
208 * secure state or not. in exc_group_prio()
240 * - secure exception takes precedence in nvic_recompute_state_secure()
301 * would be even worse, so we retain a separate non-secure-only in nvic_recompute_state()
394 bool armv7m_nvic_neg_prio_requested(NVICState *s, bool secure) in armv7m_nvic_neg_prio_requested() argument
404 if (s->cpu->env.v7m.faultmask[secure]) { in armv7m_nvic_neg_prio_requested()
408 if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active : in armv7m_nvic_neg_prio_requested()
[all …]
|
| H A D | arm_gicv3_dist.c | 19 * Secure interrupts:
20 * 0b00: no access (NS accesses to bits for Secure interrupts will RAZ/WI)
64 * combination of attrs.secure, GICD_GROUPR and GICD_NSACR. in mask_group_and_nsacr()
68 if (!attrs.secure && !(s->gicd_ctlr & GICD_CTLR_DS)) { in mask_group_and_nsacr()
69 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI in mask_group_and_nsacr()
101 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_write_bitmap_reg()
124 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_write_set_bitmap_reg()
148 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_write_clear_bitmap_reg()
172 * Bits corresponding to Group 0 or Secure Group 1 interrupts RAZ/WI. in gicd_read_bitmap_reg()
199 * honouring security state (these are RAZ/WI for Group 0 or Secure in gicd_read_ipriorityr()
[all …]
|
| H A D | arm_gic.c | 82 return !gic_is_vcpu(cpu) && s->security_extn && !attrs.secure; in gic_cpu_ns_access()
431 * behaves in the same way as a secure access to a GIC with them. in gic_get_current_pending_irq()
433 bool secure = !gic_cpu_ns_access(s, cpu, attrs); in gic_get_current_pending_irq() local
435 if (group == 0 && !secure) { in gic_get_current_pending_irq()
436 /* Group0 interrupts hidden from Non-secure access */ in gic_get_current_pending_irq()
439 if (group == 1 && secure && !(s->cpu_ctlr[cpu] & GICC_CTLR_ACK_CTL)) { in gic_get_current_pending_irq()
440 /* Group1 interrupts only seen by Secure access if in gic_get_current_pending_irq()
667 if (s->security_extn && !attrs.secure) { in gic_dist_set_priority()
669 return; /* Ignore Non-secure access of Group0 IRQ */ in gic_dist_set_priority()
671 val = 0x80 | (val >> 1); /* Non-secure view */ in gic_dist_set_priority()
[all …]
|
| H A D | trace-events | 176 …nt64_t data, unsigned size, bool secure) "GICv3 distributor read: offset 0x%" PRIx64 " data 0x%" P…
177 …read(uint64_t offset, unsigned size, bool secure) "GICv3 distributor read: offset 0x%" PRIx64 " si…
178 …t64_t data, unsigned size, bool secure) "GICv3 distributor write: offset 0x%" PRIx64 " data 0x%" P…
179 …t64_t data, unsigned size, bool secure) "GICv3 distributor write: offset 0x%" PRIx64 " data 0x%" P…
183 …_t data, unsigned size, bool secure) "GICv3 redistributor 0x%x read: offset 0x%" PRIx64 " data 0x%…
184 …, uint64_t offset, unsigned size, bool secure) "GICv3 redistributor 0x%x read: offset 0x%" PRIx64 …
185 …_t data, unsigned size, bool secure) "GICv3 redistributor 0x%x write: offset 0x%" PRIx64 " data 0x…
186 …_t data, unsigned size, bool secure) "GICv3 redistributor 0x%x write: offset 0x%" PRIx64 " data 0x…
233 nvic_set_prio(int irq, bool secure, uint8_t prio) "NVIC set irq %d secure-bank %d priority %d"
237 …vic_set_pending(int irq, bool secure, bool targets_secure, bool derived, int en, int prio) "NVIC s…
[all …]
|
| H A D | arm_gicv3_redist.c | 21 * combination of attrs.secure and GICR_GROUPR. (GICR_NSACR does in mask_group()
24 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in mask_group()
25 /* bits for Group 0 or Secure Group 1 interrupts are RAZ/WI */ in mask_group()
124 /* LPIs and vLPIs are always non-secure Grp1 interrupts */ in update_for_one_lpi()
204 * honouring security state (these are RAZ/WI for Group 0 or Secure in gicr_read_ipriorityr()
211 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_read_ipriorityr()
213 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ in gicr_read_ipriorityr()
226 * honouring security state (these are RAZ/WI for Group 0 or Secure in gicr_write_ipriorityr()
229 if (!attrs.secure && !(cs->gic->gicd_ctlr & GICD_CTLR_DS)) { in gicr_write_ipriorityr()
231 /* Fields for Group 0 or Secure Group 1 interrupts are RAZ/WI */ in gicr_write_ipriorityr()
[all …]
|
| /qemu/target/arm/tcg/ |
| H A D | m_helper.c | 61 uint32_t arm_v7m_mrs_control(CPUARMState *env, uint32_t secure) in arm_v7m_mrs_control() argument
63 uint32_t value = env->v7m.control[secure]; in arm_v7m_mrs_control()
65 if (!secure) { in arm_v7m_mrs_control()
220 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_write() local
246 env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK; in v7m_stack_write()
250 env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; in v7m_stack_write()
253 exc_secure = secure; in v7m_stack_write()
308 bool secure = mmu_idx & ARM_MMU_IDX_M_S; in v7m_stack_read() local
325 env->v7m.cfsr[secure] |= R_V7M_CFSR_MUNSTKERR_MASK; in v7m_stack_read()
327 exc_secure = secure; in v7m_stack_read()
[all …]
|
| /qemu/docs/system/devices/ |
| H A D | canokey.rst | 6 CanoKey [1]_ is an open-source secure key with supports of
28 the guest OS can use all the functionalities of a secure key as if
34 inspect what happens inside a secure key
41 * For developers on software with secure key support (e.g. FIDO2, OpenPGP),
42 they can see what happens inside the secure key
43 * For secure key developers, USB packets between guest OS and CanoKey
47 on code coping with secure key.
110 of a secure key while the latter provides platform-dependent functions:
113 If you want to trace what happens inside the secure key, when compiling
|
| /qemu/target/arm/ |
| H A D | cpu-qom.h | 43 /* For M profile, some registers are banked secure vs non-secure;
45 * is the non-secure copy and the second is the secure copy.
49 * accessed via env->registerfield[env->v7m.secure] (whether the security
|
| H A D | ptw.c | 32 * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
39 * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit,
50 * stage 1 is Secure; in that case the only possibilities for
51 * the ptw read are Secure and NonSecure, and the in_ptw_idx
168 * Secure IPA or a NonSecure IPA, which we know from whether this is
170 * If this is the Secure EL1&0 regime we need to check the NSW and SW bits.
182 * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do in ptw_idx_for_stage_2()
309 .secure = true, in granule_protection_check()
374 * GPC Priority 2: Secure, Realm or Root address exceeds PPS. in granule_protection_check()
534 * The only exception is when stage 1 is Secure; in that case in S2_security_space()
[all …]
|
| /qemu/hw/misc/ |
| H A D | tz-msc.c | 63 * MemTxAttrs indicating a secure transaction, or allow it with
64 * MemTxAttrs indicating a non-secure transaction.
91 * whether bus master is configured as Secure or NonSecure in tz_msc_check()
102 /* Access to Secure region by Secure bus master: OK */ in tz_msc_check()
106 /* Attempted access to Secure region by NS bus master: block */ in tz_msc_check()
139 attrs.secure = 1; in tz_msc_read()
143 attrs.secure = 0; in tz_msc_read()
181 attrs.secure = 1; in tz_msc_write()
185 attrs.secure = 0; in tz_msc_write()
|
| H A D | tz-mpc.c | 24 /* Our IOMMU has two IOMMU indexes, one for secure transactions and one for
25 * non-secure transactions.
147 if (!attrs.secure && offset < A_PIDR4) { in tz_mpc_reg_read()
240 if (!attrs.secure && offset < A_PIDR4) { in tz_mpc_reg_write()
377 ~attrs.secure); in tz_mpc_handle_block()
398 trace_tz_mpc_mem_blocked_read(addr, size, attrs.secure); in tz_mpc_mem_blocked_read()
410 trace_tz_mpc_mem_blocked_write(addr, value, size, attrs.secure); in tz_mpc_mem_blocked_write()
442 * If the LUT cfg_ns bit is 1, only non-secure transactions in tz_mpc_translate()
443 * may pass. If the bit is 0, only secure transactions may pass. in tz_mpc_translate()
457 /* We treat unspecified attributes like secure. Transactions with in tz_mpc_attrs_to_index()
[all …]
|
| H A D | a9scu.c | 32 case 0x0c: /* Invalidate All Registers In Secure State */ in a9_scu_read()
39 case 0x54: /* SCU Non-secure Access Control Register */ in a9_scu_read()
62 case 0x0c: /* Invalidate All Registers In Secure State */ in a9_scu_write()
70 case 0x54: /* SCU Non-secure Access Control Register */ in a9_scu_write()
|
| /qemu/hw/arm/ |
| H A D | xlnx-zcu102.c | 35 bool secure; member
51 return s->secure; in OBJECT_DECLARE_SIMPLE_TYPE()
58 s->secure = value; in zcu102_set_secure()
85 if (!s->secure) { in zcu102_modify_dtb()
154 object_property_set_bool(OBJECT(&s->soc), "secure", s->secure, in xlnx_zcu102_init()
255 /* Default to secure mode being disabled */ in xlnx_zcu102_machine_instance_init()
256 s->secure = false; in xlnx_zcu102_machine_instance_init()
286 object_class_property_add_bool(oc, "secure", zcu102_get_secure, in xlnx_zcu102_machine_class_init()
288 object_class_property_set_description(oc, "secure", in xlnx_zcu102_machine_class_init()
|
| H A D | armv7m.c | 139 if (attrs.secure) { in v7m_sysreg_ns_write()
141 attrs.secure = 0; in v7m_sysreg_ns_write()
159 if (attrs.secure) { in v7m_sysreg_ns_read()
161 attrs.secure = 0; in v7m_sysreg_ns_read()
188 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0); in v7m_systick_write()
201 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0); in v7m_systick_read()
267 * We can't initialize the secure systick here, as we don't know in armv7m_instance_init()
340 * MPU regions for Secure vs NonSecure. QEMU's CPU implementation doesn't in armv7m_realize()
406 * NonSecure alias SCS; secure accesses to this behave like NS accesses in armv7m_realize()
407 * to the main SCS range, and non-secure accesses (including when in armv7m_realize()
[all …]
|
| /qemu/pc-bios/descriptors/ |
| H A D | 50-edk2-i386-secure.json | 2 "description": "UEFI firmware for i386, with Secure Boot and SMM",
9 "filename": "@DATADIR@/edk2-i386-secure-code.fd",
28 "secure-boot",
|
| H A D | 50-edk2-x86_64-secure.json | 2 "description": "UEFI firmware for x86_64, with Secure Boot and SMM",
9 "filename": "@DATADIR@/edk2-x86_64-secure-code.fd",
29 "secure-boot",
|
| /qemu/include/hw/arm/ |
| H A D | boot.h | 64 * control whether Linux is booted as secure(true) or non-secure(false).
126 * If set, the board specific loader/setup blob will be run from secure
128 * changing to non-secure state if implementing a non-secure boot,
129 * including setting up EL3/Secure registers such as the NSACR as
130 * required by the Linux booting ABI before the switch to non-secure.
183 /* Write a secure board setup routine with a dummy handler for SMCs */
|
| H A D | armv7m.h | 51 * + Property "init-svtor": secure VTOR reset value (forwarded to CPU object)
52 * + Property "init-nsvtor": non-secure VTOR reset value (forwarded to CPU object)
56 * + Property "mpu-ns-regions": number of Non-Secure MPU regions (forwarded
59 * + Property "mpu-s-regions": number of Secure MPU regions (default is
|
| /qemu/roms/ |
| H A D | edk2-build.config | 49 [build.ovmf.i386.secure]
50 desc = ovmf build (32-bit, secure boot)
57 cpy1 = FV/OVMF_CODE.fd edk2-i386-secure-code.fd
71 [build.ovmf.x86_64.secure]
72 desc = ovmf build (64-bit, secure boot)
79 cpy1 = FV/OVMF_CODE.fd edk2-x86_64-secure-code.fd
|
| /qemu/include/exec/ |
| H A D | memattrs.h | 20 * bus (such as the ARM Secure/NonSecure bit). We define them
27 * ARM/AMBA: TrustZone Secure access
30 unsigned int secure:1; member
32 * ARM: ArmSecuritySpace. This partially overlaps secure, but it is
|
| /qemu/include/hw/misc/ |
| H A D | tz-msc.h | 19 * a DMA controller) and allows secure software to configure it to either
35 * treated as nonsecure, or 0 for secure
43 * addresses should be treated as secure and which as non-secure.
|
| /qemu/include/hw/watchdog/ |
| H A D | cmsdk-apb-watchdog.h | 25 * (For instance the IoTKit does this with the non-secure watchdog, so that
26 * secure code can control whether non-secure code can perform a system
|
| /qemu/docs/interop/ |
| H A D | firmware.json | 135 # @amd-sev: The firmware supports running under AMD Secure Encrypted
141 # @amd-sev-es: The firmware supports running under AMD Secure Encrypted
147 # @amd-sev-snp: The firmware supports running under AMD Secure Encrypted
148 # Virtualization - Secure Nested Paging, as specified in the
157 # the firmware binary has the UEFI Secure Boot
171 # both @secure-boot and @requires-smm, then write
175 # driver=cfi.pflash01,property=secure,value=on".
190 # @secure-boot: The firmware implements the software interfaces for UEFI
191 # Secure Boot, as defined in the UEFI specification. Note
193 # kernel privileges can undermine the security of Secure
[all …]
|
| /qemu/include/standard-headers/linux/ |
| H A D | virtio_blk.h | 43 #define VIRTIO_BLK_F_SECURE_ERASE 16 /* Secure Erase is supported */
127 * The maximum secure erase sectors (in 512-byte sectors) for
132 * The maximum number of secure erase segments in a
133 * secure erase command.
136 /* Secure erase commands must be aligned to this number of sectors. */
183 /* Secure erase command */
|