From nobody Tue Dec 16 19:43:00 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B770D14884C; Mon, 15 Dec 2025 06:35:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765780528; cv=none; b=a+H9Zm4EooCuY2KyZrhxLhV7aA20YkJcGhyXmZGG/1lh8lUp9ZTryLPPi6dnSvdC4kLDTPZzH87tIrEz0BKViEEa+aYxfgbroCks2yALJwMtx9Qqz8jSkJl+Jo5UiLUPzaq31mdeC9KGHo+uLw0gOfKpovelL7vm6Zur9yG7r6s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765780528; c=relaxed/simple; bh=dx66ViePdpCuN8MqDJW3/fe4f4y/6KcT5fNx5SuOuYA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=YV/gnsLN1tnNvzAdeo9qxkosY9mBC9RgVttR0jHpAK1SIqQlhiHPq8pQfBLM8t4/VudvJ2DSvRnFyG3jWRJIWQCRpHKdPiGveg4epNgeaueVYydP8m3dFDb4ryLTE81m3WrQgaVmOMG7HjDesxWfXbHx1vZmJrLvgzzM9cl+ob8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UFcrhJs3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UFcrhJs3" Received: by smtp.kernel.org (Postfix) with ESMTPS id 70979C19425; Mon, 15 Dec 2025 06:35:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765780528; bh=dx66ViePdpCuN8MqDJW3/fe4f4y/6KcT5fNx5SuOuYA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=UFcrhJs3UbqkPxGmae9xHD/CHVvj41ZE8nPxrvOSOFl6vbqAiPNuaqIyYiDsVSMpS ECnYz+uEzgNDJ8apFP3PgfMEQI1ej6pWoUKBjepySwwZP9E/vPSHqWubFIS4xToIKb gSeDOJKs6I2WLFJpMhImzofMsjXQcjFFP1pDZbVgF9luMGrEv/nqcDUtH2zTbzwZNF yB7etSFZHuYvdEKORuApADxAsHRjKGnQib9uW3jt+q8gKIZYGLDFDxlbK7w8HTcK4H 2jUXzI+D3ExyEtE3USf3TBGl48ye2vyGvarRIzdoMwikzLeFwEGgALiih//X0uf/Dz jU8/FF8mYeOSQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62966D5B16C; Mon, 15 Dec 2025 06:35:28 +0000 (UTC) From: George Moussalem via B4 Relay Date: Mon, 15 Dec 2025 10:35:08 +0400 Subject: [PATCH v7 3/8] remoteproc: qcom: add hexagon based WCSS secure PIL driver Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251215-ipq5018-wifi-v7-3-ec4adba941b5@outlook.com> References: <20251215-ipq5018-wifi-v7-0-ec4adba941b5@outlook.com> In-Reply-To: <20251215-ipq5018-wifi-v7-0-ec4adba941b5@outlook.com> To: Bjorn Andersson , Konrad Dybcio , Mathieu Poirier , Rob Herring , Krzysztof Kozlowski , Conor Dooley , Manikanta Mylavarapu , Jassi Brar Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-remoteproc@vger.kernel.org, devicetree@vger.kernel.org, Vignesh Viswanathan , Gokul Sriram Palanisamy , George Moussalem X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1765780526; l=15057; i=george.moussalem@outlook.com; s=20250321; h=from:subject:message-id; bh=eVGDRLiVkWlYZi9xHIZEfPHMIzsKU5hiKUaCoDXNlhk=; b=EBP+dD+4/xklUfWokF2V6oToH92bycqGbbHVOiUDXMBGziGM4UnEWEC8Ob26d7j+uwmgSC4f3 PI6LCk5aq/DAxKzfLwtEX8jRewTxjZe4rD0mzcurmKoJYjApsZIv8sK X-Developer-Key: i=george.moussalem@outlook.com; a=ed25519; pk=/PuRTSI9iYiHwcc6Nrde8qF4ZDhJBlUgpHdhsIjnqIk= X-Endpoint-Received: by B4 Relay for george.moussalem@outlook.com/20250321 with auth_id=364 X-Original-From: George Moussalem Reply-To: george.moussalem@outlook.com From: Vignesh Viswanathan Add support to bring up hexagon based WCSS using secure PIL. All IPQxxxx SoCs support secure Peripheral Image Loading (PIL). Secure PIL image is signed firmware image which only trusted software such as TrustZone (TZ) can authenticate and load. Linux kernel will send a Peripheral Authentication Service (PAS) request to TZ to authenticate and load the PIL images. This change also introduces secure firmware authentication using Trusted Management Engine-Lite (TME-L) which is supported on IPQ5424 SoC. This driver uses mailbox based PAS request to TME-L for image authentication if supported, else it will fallback to use SCM call based PAS request to TZ. In order to avoid overloading the existing WCSS driver or PAS driver, we came up with this new PAS based IPQ WCSS driver. Signed-off-by: Vignesh Viswanathan Signed-off-by: Manikanta Mylavarapu Signed-off-by: Gokul Sriram Palanisamy Signed-off-by: George Moussalem --- drivers/remoteproc/Kconfig | 19 ++ drivers/remoteproc/Makefile | 1 + drivers/remoteproc/qcom_q6v5_wcss_sec.c | 397 ++++++++++++++++++++++++++++= ++++ include/linux/remoteproc.h | 2 + 4 files changed, 419 insertions(+) diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig index 48a0d3a69ed08057716f1e7ea950899f60bbe0cf..eaa427e4e9eca48b853fe064830= 4e67649878d8e 100644 --- a/drivers/remoteproc/Kconfig +++ b/drivers/remoteproc/Kconfig @@ -254,6 +254,25 @@ config QCOM_Q6V5_WCSS Hexagon V5 based WCSS remote processors on e.g. IPQ8074. This is a non-TrustZone wireless subsystem. =20 +config QCOM_Q6V5_WCSS_SEC + tristate "Qualcomm Hexagon based WCSS Secure Peripheral Image Loader" + depends on OF && ARCH_QCOM + depends on QCOM_SMEM + depends on RPMSG_QCOM_GLINK_SMEM || RPMSG_QCOM_GLINK_SMEM=3Dn + depends on RPMSG_QCOM_GLINK || RPMSG_QCOM_GLINK=3Dn + select QCOM_MDT_LOADER + select QCOM_PIL_INFO + select QCOM_Q6V5_COMMON + select QCOM_RPROC_COMMON + select QCOM_SCM + help + Say y here to support the Qualcomm Secure Peripheral Image Loader + for the Hexagon based remote processors on e.g. IPQ5332. + + This is TrustZone wireless subsystem. The firmware is + verified and booted with the help of the Peripheral Authentication + System (PAS) in TrustZone. + config QCOM_SYSMON tristate "Qualcomm sysmon driver" depends on RPMSG diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile index 1c7598b8475d6057a3e044b41e3515103b7aa9f1..08705ef62bceb8b683a9419a5a8= b027cbe2433c5 100644 --- a/drivers/remoteproc/Makefile +++ b/drivers/remoteproc/Makefile @@ -28,6 +28,7 @@ obj-$(CONFIG_QCOM_Q6V5_ADSP) +=3D qcom_q6v5_adsp.o obj-$(CONFIG_QCOM_Q6V5_MSS) +=3D qcom_q6v5_mss.o obj-$(CONFIG_QCOM_Q6V5_PAS) +=3D qcom_q6v5_pas.o obj-$(CONFIG_QCOM_Q6V5_WCSS) +=3D qcom_q6v5_wcss.o +obj-$(CONFIG_QCOM_Q6V5_WCSS_SEC) +=3D qcom_q6v5_wcss_sec.o obj-$(CONFIG_QCOM_SYSMON) +=3D qcom_sysmon.o obj-$(CONFIG_QCOM_WCNSS_PIL) +=3D qcom_wcnss_pil.o qcom_wcnss_pil-y +=3D qcom_wcnss.o diff --git a/drivers/remoteproc/qcom_q6v5_wcss_sec.c b/drivers/remoteproc/q= com_q6v5_wcss_sec.c new file mode 100644 index 0000000000000000000000000000000000000000..7bd45b4fd917e896f8df085c5ff= 2c87fa005e354 --- /dev/null +++ b/drivers/remoteproc/qcom_q6v5_wcss_sec.c @@ -0,0 +1,397 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2016-2018 Linaro Ltd. + * Copyright (C) 2014 Sony Mobile Communications AB + * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2024-2025 Qualcomm Innovation Center, Inc. All rights res= erved. + */ +#include +#include +#include +#include +#include +#include +#include +#include + +#include "qcom_common.h" +#include "qcom_q6v5.h" +#include "qcom_pil_info.h" + +#define WCSS_CRASH_REASON 421 + +#define WCSS_PAS_ID 0x6 +#define MPD_WCSS_PAS_ID 0xd + +#define Q6_WAIT_TIMEOUT (5 * HZ) + +struct wcss_sec { + struct device *dev; + struct qcom_rproc_glink glink_subdev; + struct qcom_rproc_ssr ssr_subdev; + struct qcom_q6v5 q6; + phys_addr_t mem_phys; + phys_addr_t mem_reloc; + void *mem_region; + size_t mem_size; + const struct wcss_data *desc; + + struct mbox_client mbox_client; + struct mbox_chan *mbox_chan; + void *metadata; + size_t metadata_len; +}; + +struct wcss_data { + u32 pasid; + const char *ss_name; + bool auto_boot; + bool use_tmelcom; +}; + +static int wcss_sec_start(struct rproc *rproc) +{ + struct wcss_sec *wcss =3D rproc->priv; + struct device *dev =3D wcss->dev; + int ret; + + ret =3D qcom_q6v5_prepare(&wcss->q6); + if (ret) + return ret; + + if (wcss->desc->use_tmelcom) { + struct tmel_sec_auth tsa; + struct tmel_qmp_msg tqm; + + tsa.data =3D wcss->metadata; + tsa.size =3D wcss->metadata_len; + tsa.pas_id =3D wcss->desc->pasid; + tqm.msg =3D &tsa; + tqm.msg_id =3D TMEL_MSG_UID_SECBOOT_SEC_AUTH; + + ret =3D mbox_send_message(wcss->mbox_chan, (void *)&tqm); + if (ret < 0) { + dev_err(dev, "Failed to send message via mailbox\n"); + goto unprepare; + } + } else { + ret =3D qcom_scm_pas_auth_and_reset(wcss->desc->pasid); + if (ret) { + dev_err(dev, "wcss_reset failed\n"); + goto unprepare; + } + } + + ret =3D qcom_q6v5_wait_for_start(&wcss->q6, Q6_WAIT_TIMEOUT); + if (ret =3D=3D -ETIMEDOUT) + dev_err(dev, "start timed out\n"); + +unprepare: + qcom_q6v5_unprepare(&wcss->q6); + + return ret; +} + +static int wcss_sec_stop(struct rproc *rproc) +{ + struct wcss_sec *wcss =3D rproc->priv; + struct device *dev =3D wcss->dev; + int ret; + + if (wcss->desc->use_tmelcom) { + struct tmel_sec_auth tsa =3D {0}; + struct tmel_qmp_msg tqm; + + tsa.pas_id =3D wcss->desc->pasid; + tqm.msg =3D &tsa; + tqm.msg_id =3D TMEL_MSG_UID_SECBOOT_SS_TEAR_DOWN; + + mbox_send_message(wcss->mbox_chan, (void *)&tqm); + } else { + ret =3D qcom_scm_pas_shutdown(wcss->desc->pasid); + if (ret) { + dev_err(dev, "not able to shutdown\n"); + return ret; + } + } + + qcom_q6v5_unprepare(&wcss->q6); + + return 0; +} + +static void *wcss_sec_da_to_va(struct rproc *rproc, u64 da, size_t len, + bool *is_iomem) +{ + struct wcss_sec *wcss =3D rproc->priv; + int offset; + + offset =3D da - wcss->mem_reloc; + if (offset < 0 || offset + len > wcss->mem_size) + return NULL; + + return wcss->mem_region + offset; +} + +static int wcss_sec_load(struct rproc *rproc, const struct firmware *fw) +{ + struct wcss_sec *wcss =3D rproc->priv; + struct device *dev =3D wcss->dev; + int ret; + + if (wcss->desc->use_tmelcom) { + wcss->metadata =3D qcom_mdt_read_metadata(fw, &wcss->metadata_len, + rproc->firmware, wcss->dev); + if (IS_ERR(wcss->metadata)) { + ret =3D PTR_ERR(wcss->metadata); + dev_err(wcss->dev, "error %d reading firmware %s metadata\n", + ret, rproc->firmware); + return ret; + } + + ret =3D qcom_mdt_load_no_init(wcss->dev, fw, rproc->firmware, wcss->desc= ->pasid, + wcss->mem_region, wcss->mem_phys, wcss->mem_size, + &wcss->mem_reloc); + if (ret) { + kfree(wcss->metadata); + return ret; + } + } else { + ret =3D qcom_mdt_load(dev, fw, rproc->firmware, wcss->desc->pasid, wcss-= >mem_region, + wcss->mem_phys, wcss->mem_size, &wcss->mem_reloc); + if (ret) + return ret; + } + + qcom_pil_info_store("wcss", wcss->mem_phys, wcss->mem_size); + + return 0; +} + +static unsigned long wcss_sec_panic(struct rproc *rproc) +{ + struct wcss_sec *wcss =3D rproc->priv; + + return qcom_q6v5_panic(&wcss->q6); +} + +static void wcss_sec_copy_segment(struct rproc *rproc, + struct rproc_dump_segment *segment, + void *dest, size_t offset, size_t size) +{ + struct wcss_sec *wcss =3D rproc->priv; + struct device *dev =3D wcss->dev; + + if (!segment->io_ptr) + segment->io_ptr =3D ioremap_wc(segment->da, segment->size); + + if (!segment->io_ptr) { + dev_err(dev, "Failed to ioremap segment %pad size 0x%zx\n", + &segment->da, segment->size); + return; + } + + if (offset + size < segment->size) { + memcpy(dest, segment->io_ptr + offset, size); + } else { + iounmap(segment->io_ptr); + segment->io_ptr =3D NULL; + } +} + +static int wcss_sec_dump_segments(struct rproc *rproc, + const struct firmware *fw) +{ + struct device *dev =3D rproc->dev.parent; + struct reserved_mem *rmem =3D NULL; + struct device_node *node; + int num_segs, index; + int ret; + + /* + * Parse through additional reserved memory regions for the rproc + * and add them to the coredump segments + */ + num_segs =3D of_count_phandle_with_args(dev->of_node, + "memory-region", NULL); + for (index =3D 0; index < num_segs; index++) { + node =3D of_parse_phandle(dev->of_node, + "memory-region", index); + if (!node) + return -EINVAL; + + rmem =3D of_reserved_mem_lookup(node); + of_node_put(node); + if (!rmem) { + dev_err(dev, "unable to acquire memory-region index %d num_segs %d\n", + index, num_segs); + return -EINVAL; + } + + dev_dbg(dev, "Adding segment 0x%pa size 0x%pa", + &rmem->base, &rmem->size); + ret =3D rproc_coredump_add_custom_segment(rproc, + rmem->base, + rmem->size, + wcss_sec_copy_segment, + NULL); + if (ret) + return ret; + } + + return 0; +} + +static const struct rproc_ops wcss_sec_ops =3D { + .start =3D wcss_sec_start, + .stop =3D wcss_sec_stop, + .da_to_va =3D wcss_sec_da_to_va, + .load =3D wcss_sec_load, + .get_boot_addr =3D rproc_elf_get_boot_addr, + .panic =3D wcss_sec_panic, + .parse_fw =3D wcss_sec_dump_segments, +}; + +static int wcss_sec_alloc_memory_region(struct wcss_sec *wcss) +{ + struct device *dev =3D wcss->dev; + struct resource res; + int ret; + + ret =3D of_reserved_mem_region_to_resource(dev->of_node, 0, &res); + if (ret) { + dev_err(dev, "unable to acquire memory-region resource\n"); + return ret; + } + + wcss->mem_phys =3D res.start; + wcss->mem_reloc =3D res.start; + wcss->mem_size =3D resource_size(&res); + wcss->mem_region =3D devm_ioremap_resource_wc(dev, &res); + if (!wcss->mem_region) { + dev_err(dev, "unable to map memory region: %pR\n", &res); + return -ENOMEM; + } + + return 0; +} + +static int wcss_sec_probe(struct platform_device *pdev) +{ + const struct wcss_data *desc =3D of_device_get_match_data(&pdev->dev); + const char *fw_name =3D NULL; + struct wcss_sec *wcss; + struct clk *sleep_clk; + struct clk *int_clk; + struct rproc *rproc; + int ret; + + ret =3D of_property_read_string(pdev->dev.of_node, "firmware-name", + &fw_name); + if (ret < 0) + return ret; + + rproc =3D devm_rproc_alloc(&pdev->dev, desc->ss_name, &wcss_sec_ops, + fw_name, sizeof(*wcss)); + if (!rproc) { + dev_err(&pdev->dev, "failed to allocate rproc\n"); + return -ENOMEM; + } + + wcss =3D rproc->priv; + wcss->dev =3D &pdev->dev; + wcss->desc =3D desc; + + ret =3D wcss_sec_alloc_memory_region(wcss); + if (ret) + return ret; + + sleep_clk =3D devm_clk_get_optional_enabled(&pdev->dev, "sleep"); + if (IS_ERR(sleep_clk)) + return dev_err_probe(&pdev->dev, PTR_ERR(sleep_clk), + "Failed to get sleep clock\n"); + + int_clk =3D devm_clk_get_optional_enabled(&pdev->dev, "interconnect"); + if (IS_ERR(int_clk)) + return dev_err_probe(&pdev->dev, PTR_ERR(int_clk), + "Failed to get interconnect clock\n"); + + ret =3D qcom_q6v5_init(&wcss->q6, pdev, rproc, + WCSS_CRASH_REASON, NULL, NULL); + if (ret) + return ret; + + qcom_add_glink_subdev(rproc, &wcss->glink_subdev, desc->ss_name); + qcom_add_ssr_subdev(rproc, &wcss->ssr_subdev, desc->ss_name); + + rproc->auto_boot =3D false; + rproc->dump_conf =3D RPROC_COREDUMP_INLINE; + rproc_coredump_set_elf_info(rproc, ELFCLASS32, EM_NONE); + + if (desc->use_tmelcom) { + wcss->mbox_client.dev =3D wcss->dev; + wcss->mbox_client.knows_txdone =3D true; + wcss->mbox_client.tx_block =3D true; + wcss->mbox_chan =3D mbox_request_channel(&wcss->mbox_client, 0); + if (IS_ERR_OR_NULL(wcss->mbox_chan)) + return dev_err_probe(wcss->dev, PTR_ERR(wcss->mbox_chan), + "mbox chan for IPC is missing\n"); + } + + ret =3D devm_rproc_add(&pdev->dev, rproc); + if (ret) + return ret; + + platform_set_drvdata(pdev, rproc); + + return 0; +} + +static void wcss_sec_remove(struct platform_device *pdev) +{ + struct rproc *rproc =3D platform_get_drvdata(pdev); + struct wcss_sec *wcss =3D rproc->priv; + + mbox_free_channel(wcss->mbox_chan); + qcom_remove_glink_subdev(rproc, &wcss->glink_subdev); + qcom_remove_ssr_subdev(rproc, &wcss->ssr_subdev); + qcom_q6v5_deinit(&wcss->q6); +} + +static const struct wcss_data wcss_sec_ipq5332_res_init =3D { + .pasid =3D MPD_WCSS_PAS_ID, + .ss_name =3D "q6wcss", +}; + +static const struct wcss_data wcss_sec_ipq5424_res_init =3D { + .pasid =3D MPD_WCSS_PAS_ID, + .ss_name =3D "q6wcss", + .use_tmelcom =3D true, +}; + +static const struct wcss_data wcss_sec_ipq9574_res_init =3D { + .pasid =3D WCSS_PAS_ID, + .ss_name =3D "q6wcss", +}; + +static const struct of_device_id wcss_sec_of_match[] =3D { + { .compatible =3D "qcom,ipq5018-wcss-sec-pil", .data =3D &wcss_sec_ipq533= 2_res_init }, + { .compatible =3D "qcom,ipq5332-wcss-sec-pil", .data =3D &wcss_sec_ipq533= 2_res_init }, + { .compatible =3D "qcom,ipq5424-wcss-sec-pil", .data =3D &wcss_sec_ipq542= 4_res_init }, + { .compatible =3D "qcom,ipq9574-wcss-sec-pil", .data =3D &wcss_sec_ipq957= 4_res_init }, + { }, +}; +MODULE_DEVICE_TABLE(of, wcss_sec_of_match); + +static struct platform_driver wcss_sec_driver =3D { + .probe =3D wcss_sec_probe, + .remove =3D wcss_sec_remove, + .driver =3D { + .name =3D "qcom-wcss-secure-pil", + .of_match_table =3D wcss_sec_of_match, + }, +}; +module_platform_driver(wcss_sec_driver); + +MODULE_DESCRIPTION("Hexagon WCSS Secure Peripheral Image Loader"); +MODULE_LICENSE("GPL"); diff --git a/include/linux/remoteproc.h b/include/linux/remoteproc.h index b4795698d8c2a4e80ccafbe632436c4dfb636a1e..7b2159853345eec3d787f08413f= f086bbc59ae91 100644 --- a/include/linux/remoteproc.h +++ b/include/linux/remoteproc.h @@ -472,6 +472,7 @@ enum rproc_dump_mechanism { * @node: list node related to the rproc segment list * @da: device address of the segment * @size: size of the segment + * @io_ptr: ptr to store the ioremapped dump segment * @priv: private data associated with the dump_segment * @dump: custom dump function to fill device memory segment associated * with coredump @@ -483,6 +484,7 @@ struct rproc_dump_segment { dma_addr_t da; size_t size; =20 + void *io_ptr; void *priv; void (*dump)(struct rproc *rproc, struct rproc_dump_segment *segment, void *dest, size_t offset, size_t size); --=20 2.52.0