PCT Configuration for SE Server#
This topic applies only to Linux platforms.
The following section describes only the SE Server PCT configuration parameters that are to be updated when a new IVC queue is to be added.
In PCT, Guest OS specific configuration parameters are part of guest_conf structure.
Within the guest_conf structure, SE Server configuration parameters for a particular
Guest OS are stored in se_cfg structure for SE Server. The ivc_conf array and
ivc_conf_count parameter in se_cfg structure are to be updated when adding a new IVC
queue. ivc_conf is an array of struct se_server_ivc_conf, which specifies configuration
parameters associated with every IVC queue.
ivc_conf_count is the count of entries in ivc_conf array. If new IVC queues are
added or removed from ivc_conf, then ivc_conf_count must be updated accordingly.
Currently, the number of IVC queues per VM for SE Server is restricted to
75 (PCT_MAX_NUM_VM_SE_IVCQS) and the overall IVC queue count for SE Server is restricted
to 75.
The table below briefly describes each of the configuration parameters in
se_server_ivc_conf and the supported values for that parameter.
For Thor#
Field |
Description |
Supported values |
|---|---|---|
ivc_queue_id |
Unique ID of channel for communicating between Guest OS and SE Server. |
Valid range is 0-999 |
engine_id |
Engine to be used for processing IVC queue requests. |
SE_ENGINE_SHA
SE_ENGINE_AES0
SE_ENGINE_AES1
GCSE1_ENGINE_SHA
GCSE1_ENGINE_AES0
GCSE1_ENGINE_AES1
GCSE2_ENGINE_SHA
GCSE2_ENGINE_AES0
GCSE2_ENGINE_AES1
|
ivc_queue_service_priority |
IVC queue service priority.
For SE Engines, requests are prioritized using high/low priority Host1x channels.
|
SE_IVCQ_PRIORITY_LOW,
SE_IVCQ_PRIORITY_HIGH
|
max_buf_size |
Maximum supported input buffer size. |
1 to (16MB - 1) |
gcmdec_buf_size |
Unused field |
NA |
se_sid |
Stream ID used for mapping Guest OS buffers that can be read/updated by SE hardware |
NA |
gpcdma_sid |
Unused field |
NA |
is_for_pl |
Flag to indicate if IVC queue is only to be used for Partition Loader to SE Server communication. |
0: IVC queue is used by VSE driver
non-zero: IVC queue is used only by PL
|
mempool_id |
Unused field |
NA |
mempool_size |
Unused field |
NA |
scc_status |
Enable/Disable Side Channel Countermeasures for SE Engines. |
SE_SCC_EN
SE_SCC_DIS
|
For Orin#
Field |
Description |
Supported values |
|---|---|---|
ivc_queue_id |
Unique ID of channel for communicating between Guest OS and SE Server. |
Valid range is 0-999 |
engine_id |
Engine to be used for processing IVC queue requests. |
SE_ENGINE_SHA
SE_ENGINE_AES0
SE_ENGINE_AES1
TSEC_ENGINE
|
ivc_queue_service_priority |
IVC queue service priority.
There are two different priority sets: one for SE engines and the other for TSEC engine.
For SE Engines, requests are prioritized using high/low priority Host1x channels.
For TSEC engine, request are prioritized using high/low priority software queues in TSEC Firmware.
|
For SE Engines:
SE_IVCQ_PRIORITY_LOW
SE_IVCQ_PRIORITY_HIGH
For TSEC Engine:
TSEC_IVCQ_PRIORITY_LOW
TSEC_IVCQ_PRIORITY_HIGH
|
max_buf_size |
Maximum supported input buffer size. |
For SE Engines: 1B to (16MB - 1)
For TSEC Engine: 1B to (64KB - 1)
|
gcmdec_buf_size |
Maximum supported input buffer size for GCM decryption.
For GP-SE Server, GCM decryption can be supported using mempool or GPCDMA.
Whether mempool is used or GPCDMA is used is determined based on whether the input
buffer size is greater than or lesser than the mempool size.
If the input buffer size is greater than the mempool size, then GPCDMA is used; otherwise mempool is used.
|
0: No GCM decrypt support
1 < gcmdec_buf_size <= 5MB: GCM decryption is supported
|
se_sid |
Stream ID used for mapping Guest OS buffers that can be read/updated by SE/TSEC hardware |
1 to 126 |
gpcdma_sid |
Stream ID used for mapping Guest OS buffer(s) that can be read/updated by GPCDMA
for GCM decryption.
Applicable only for SE AES Engines.
|
1 to 126 |
is_for_pl |
Flag to indicate if IVC queue is only to be used for Partition Loader to SE Server communication. |
0: IVC queue is used by VSE driver
non-zero: IVC queue is only used by PL
|
mempool_id |
Unique ID of mempool to share GCM decrypt ciphertext/plaintext between
SE Server and Guest OS.
Unused if GCM decryption is not be supported.
Applicable only for SE AES Engines.
|
0 to 999 |
mempool_size |
Size of the mempool to share GCM decrypt ciphertext/plaintext between
SE Server and Guest OS.
Mempool size must be less than or equal to gcmdec_buf_size.
Applicable only for SE AES Engines.
|
0: Mempool usage is not supported.
0 < mempool_size <= 64KB: Mempool usage is supported.
|
scc_status |
Enable/Disable Side Channel Countermeasures for SE Engines.
Applicable only for SE Engines.
|
SE_SCC_EN
SE_SCC_DIS
|