linux/include/linux/mxc_scc2_driver.h File Reference
(Header file to use the SCC2 driver.)
More...
Detailed Description
(Header file to use the SCC2 driver.)
The SCC2 driver is available to other kernel modules directly. Secure Partition functionality is extended to users through the SHW API. Other functionality of the SCC2 is limited to kernel-space users.
With the exception of scc_monitor_security_failure(), all routines are 'synchronous', i.e. they will not return to their caller until the requested action is complete, or fails to complete. Some of these functions could take quite a while to perform, depending upon the request.
Routines are provided to:
- trigger a security-violation alarm - scc_set_sw_alarm()
- get configuration and version information - scc_get_configuration()
- zeroize memory - scc_zeroize_memories()
- Work with secure partitions: scc_allocate_partition() scc_engage_partition() scc_diminish_permissions() scc_release_partition()
- Encrypt or decrypt regions of data: scc_encrypt_region() scc_decrypt_region()
- monitor the Security Failure alarm - scc_monitor_security_failure()
- stop monitoring Security Failure alarm - scc_stop_monitoring_security_failure()
- write registers of the SCC - scc_write_register()
- read registers of the SCC - scc_read_register()
The SCC2 encrypts and decrypts using Triple DES with an internally stored key. When the SCC2 is in Secure mode, it uses its secret, unique-per-chip key. When it is in Non-Secure mode, it uses a default key. This ensures that secrets stay secret if the SCC2 is not in Secure mode.
Not all functions that could be provided in a 'high level' manner have been implemented. Among the missing are interfaces to the ASC/AIC components and the timer functions. These and other features must be accessed through scc_read_register() and scc_write_register(), using the #define
values provided.
Here is a glossary of acronyms used in the SCC2 driver documentation:
- CBC - Cipher Block Chaining. A method of performing a block cipher. Each block is encrypted using some part of the result of the previous block's encryption. It needs an 'initialization vector' to seed the operation.
- ECB - Electronic Code Book. A method of performing a block cipher. With a given key, a given block will always encrypt to the same value.
- DES - Data Encryption Standard. (8-byte) Block cipher algorithm which uses 56-bit keys. In SCC2, this key is constant and unique to the device. SCC uses the "triple DES" form of this algorithm.
- AIC - Algorithm Integrity Checker.
- ASC - Algorithm Sequence Checker.
- SMN - Security Monitor. The part of the SCC2 responsible for monitoring for security problems and notifying the CPU and other PISA components.
- SCM - Secure Memory. The part of the SCC2 which handles the cryptography.
- SCC - Security Controller. Central security mechanism for PISA.
- PISA - Platform-Independent Security Architecture.
Define Documentation
#define SCC_DRIVER_MAJOR_VERSION 2 |
Major Version of the driver. Used for scc_configuration->driver_major_version
#define SCC_DRIVER_MINOR_VERSION_0 0 |
Old Minor Version of the driver.
#define SCC_DRIVER_MINOR_VERSION_2 2 |
Minor Version of the driver. Used for scc_configuration->driver_minor_version