This is a further continuation with a new approach to the topic discussed in [1] regarding the enablement of Secure Peripheral Image Loader support on Qualcomm SoCs when Linux runs at EL2.
A few months ago, we also discussed the challenges at Linaro Connect 2025 [2] related to enabling remoteproc when Linux is running at EL2. [1] https://lore.kernel.org/lkml/20241004212359.2263502-1-quic_mo...@quicinc.com/ [2] https://resources.linaro.org/en/resource/sF8jXifdb9V1mUefdbfafa Below, is the summary of the discussion. Qualcomm is working to enable remote processors on the SA8775p SoC with a Linux host running at EL2. In doing so, it has encountered several challenges related to how the remoteproc framework is handled when Linux runs at EL1. One of the main challenges arises from differences in how IOMMU translation is currently managed on SoCs running the Qualcomm EL2 hypervisor (QHEE), where IOMMU translation for any device is entirely owned by the hypervisor. Additionally, the firmware for remote processors does not contain a resource table, which would typically include the necessary IOMMU configuration settings. Qualcomm SoCs running with QHEE (EL2) have been utilizing the Peripheral Authentication Service (PAS) from TrustZone (TZ) firmware to securely authenticate and reset remote processors via a single SMC call, _auth_and_reset_. This call is first trapped by QHEE, which then invokes TZ for authentication. Once authentication is complete, the call returns to QHEE, which sets up the IOMMU translation scheme for the remote processors and subsequently brings them out of reset. The design of the Qualcomm EL2 hypervisor dictates that the Linux host OS running at EL1 is not permitted to configure IOMMU translation for remote processors, and only a single-stage translation is configured. To make the remote processor bring-up (PAS) sequence hypervisor-independent, the auth_and_reset SMC call is now handled entirely by TZ. However, the issue of IOMMU configuration remains unresolved, for example a scenario, when KVM host at EL2 has no knowledge of the remote processors’ IOMMU settings. This is being addressed by overlaying the IOMMU properties when the SoC runs a Linux host at EL2. SMC call is being provided from the TrustZone firmware to retrieve the resource table for a given subsystem. There are also remote processors—such as those for video, camera, and graphics—that do not use the remoteproc framework to manage their lifecycle. Instead, they rely on the Qualcomm PAS service to authenticate their firmware. These processors also need to be brought out of reset when Linux is running at EL2. The client drivers for these processors use the MDT loader function to load and authenticate firmware. Similar to the Qualcomm remoteproc PAS driver, they also need to retrieve the resource table, create a shared memory bridge (shmbridge), and map the resources before bringing the processors out of reset. This series has dependency on below patch for creating SHMbridge over carveout memory. https://lore.kernel.org/lkml/20250812-qcom-tee-using-tee-ss-without-mem-obj-v7-7-ce7a1a774...@oss.qualcomm.com/ Series is tested on SA8775p which is now called Lemans IOT platform and the series does not addresses DMA problem discussed at [2] which is future scope of the series. Changes in v2: https://lore.kernel.org/lkml/20241004212359.2263502-1-quic_mo...@quicinc.com/ - A lot has changed from the V1 and a fresh look would be preferred. - Removed approach where device tree contain devmem resources in remoteproc node. - SHMbridge need to created for both carveout and metadata memory shared to TZ in a new way. - Now, resource table would be given by SMC call which need to mapped along with carveout before triggering _auth_and_reset_. - IOMMU properties need to be added to firmware devices tree node when Linux control IOMMU. Mukesh Ojha (11): firmware: qcom_scm: Introduce PAS context initialization helper soc: qcom: mdtloader: Add context aware qcom_mdt_pas_load() helper firmware: qcom_scm: Add a prep version of auth_and_reset function firmware: qcom_scm: Simplify qcom_scm_pas_init_image() firmware: qcom_scm: Add shmbridge support to pas_init/release function remoteproc: Move resource table data structure to its own header firmware: qcom_scm: Add qcom_scm_pas_get_rsc_table() to get resource table soc: qcom: mdt_loader: Add helper functions to map and unmap resources remoteproc: pas: Extend parse_fw callback to parse resource table remoteproc: qcom: pas: Enable Secure PAS support with IOMMU managed by Linux media: iris: Enable Secure PAS support with IOMMU managed by Linux drivers/firmware/qcom/qcom_scm.c | 360 ++++++++++++++++-- drivers/firmware/qcom/qcom_scm.h | 1 + drivers/media/platform/qcom/iris/iris_core.c | 9 +- drivers/media/platform/qcom/iris/iris_core.h | 6 + .../media/platform/qcom/iris/iris_firmware.c | 156 +++++++- .../media/platform/qcom/iris/iris_firmware.h | 2 + drivers/remoteproc/qcom_q6v5_pas.c | 147 +++++-- drivers/soc/qcom/mdt_loader.c | 199 +++++++++- include/linux/firmware/qcom/qcom_scm.h | 27 +- include/linux/remoteproc.h | 269 +------------ include/linux/rsc_table.h | 306 +++++++++++++++ include/linux/soc/qcom/mdt_loader.h | 41 +- 12 files changed, 1144 insertions(+), 379 deletions(-) create mode 100644 include/linux/rsc_table.h -- 2.50.1
