Merge tag 'char-misc-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

		If a device is authorized automatically during boot its

		boot attribute is set to 1.

What: /sys/bus/thunderbolt/devices/.../domainX/iommu_dma_protection

Date:		Mar 2019

KernelVersion:	4.21

Contact:	thunderbolt-software@lists.01.org

Description:	This attribute tells whether the system uses IOMMU

		for DMA protection. Value of 1 means IOMMU is used 0 means

		it is not (DMA protection is solely based on Thunderbolt

		security levels).

What: /sys/bus/thunderbolt/devices/.../domainX/security

Date:		Sep 2017

KernelVersion:	4.13

the device without a key or write a new key and write 1 to the

``authorized`` file to get the new key stored on the device NVM.

DMA protection utilizing IOMMU

------------------------------

Recent systems from 2018 and forward with Thunderbolt ports may natively

support IOMMU. This means that Thunderbolt security is handled by an IOMMU

so connected devices cannot access memory regions outside of what is

allocated for them by drivers. When Linux is running on such system it

automatically enables IOMMU if not enabled by the user already. These

systems can be identified by reading ``1`` from

``/sys/bus/thunderbolt/devices/domainX/iommu_dma_protection`` attribute.

The driver does not do anything special in this case but because DMA

protection is handled by the IOMMU, security levels (if set) are

redundant. For this reason some systems ship with security level set to

``none``. Other systems have security level set to ``user`` in order to

support downgrade to older OS, so users who want to automatically

authorize devices when IOMMU DMA protection is enabled can use the

following ``udev`` rule::

  ACTION=="add", SUBSYSTEM=="thunderbolt", ATTRS{iommu_dma_protection}=="1", ATTR{authorized}=="0", ATTR{authorized}="1"

Upgrading NVM on Thunderbolt device or host

-------------------------------------------

Since most of the functionality is handled in firmware running on a

Intel Service Layer Driver for Stratix10 SoC

============================================

Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard

processor system (HPS) and Secure Device Manager (SDM). When the FPGA is

configured from HPS, there needs to be a way for HPS to notify SDM the

location and size of the configuration data. Then SDM will get the

configuration data from that location and perform the FPGA configuration.

To meet the whole system security needs and support virtual machine requesting

communication with SDM, only the secure world of software (EL3, Exception

Layer 3) can interface with SDM. All software entities running on other

exception layers must channel through the EL3 software whenever it needs

service from SDM.

Intel Stratix10 service layer driver, running at privileged exception level

(EL1, Exception Layer 1), interfaces with the service providers and provides

the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer

driver also manages secure monitor call (SMC) to communicate with secure monitor

code running in EL3.

Required properties:

-------------------

The svc node has the following mandatory properties, must be located under

the firmware node.

- compatible: "intel,stratix10-svc"

- method: smc or hvc

        smc - Secure Monitor Call

        hvc - Hypervisor Call

- memory-region:

	phandle to the reserved memory node. See

	Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt

	for details

Example:

-------

	reserved-memory {

                #address-cells = <2>;

                #size-cells = <2>;

                ranges;

                service_reserved: svcbuffer@0 {

                        compatible = "shared-dma-pool";

                        reg = <0x0 0x0 0x0 0x1000000>;

                        alignment = <0x1000>;

                        no-map;

                };

        };

	firmware {

		svc {

			compatible = "intel,stratix10-svc";

			method = "smc";

			memory-region = <&service_reserved>;

		};

	};

Intel Stratix10 SoC FPGA Manager

Required properties:

The fpga_mgr node has the following mandatory property, must be located under

firmware/svc node.

- compatible : should contain "intel,stratix10-soc-fpga-mgr"

Example:

	firmware {

		svc {

			fpga_mgr: fpga-mgr {

				compatible = "intel,stratix10-soc-fpga-mgr";

			};

		};

	};

* QEMU PVPANIC MMIO Configuration bindings

QEMU's emulation / virtualization targets provide the following PVPANIC

MMIO Configuration interface on the "virt" machine.

type:

- a read-write, 16-bit wide data register.

QEMU exposes the data register to guests as memory mapped registers.

Required properties:

- compatible: "qemu,pvpanic-mmio".

- reg: the MMIO region used by the device.

  * Bytes 0x0  Write panic event to the reg when guest OS panics.

  * Bytes 0x1  Reserved.

Example:

/ {

        #size-cells = <0x2>;

        #address-cells = <0x2>;

        pvpanic-mmio@9060000 {

                compatible = "qemu,pvpanic-mmio";

                reg = <0x0 0x9060000 0x0 0x2>;

        };

};