首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

rtc: imxdi: add some background info about the states the machine can be in

Document the i.MX DryIce machine states.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Robert Schwebel <rsc@pengutronix.de>
[rsc: got NDA clearance from Freescale]
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Juergen Borleis 10 年之前
父节点
e30d31317b
当前提交
3ba3fab765
共有 1 个文件被更改,包括 43 次插入0 次删除
分列视图 显示文件统计
  1. 43 0
      drivers/rtc/rtc-imxdi.c

+ 43 - 0
drivers/rtc/rtc-imxdi.c
查看文件 

@@ -129,6 +129,49 @@ struct imxdi_dev {
 
 	struct work_struct work;
 
 };
 
 
+/* Some background:
 
+ *
 
+ * The DryIce unit is a complex security/tamper monitor device. To be able do
 
+ * its job in a useful manner it runs a bigger statemachine to bring it into
 
+ * security/tamper failure state and once again to bring it out of this state.
 
+ *
 
+ * This unit can be in one of three states:
 
+ *
 
+ * - "NON-VALID STATE"
 
+ *   always after the battery power was removed
 
+ * - "FAILURE STATE"
 
+ *   if one of the enabled security events has happened
 
+ * - "VALID STATE"
 
+ *   if the unit works as expected
 
+ *
 
+ * Everything stops when the unit enters the failure state including the RTC
 
+ * counter (to be able to detect the time the security event happened).
 
+ *
 
+ * The following events (when enabled) let the DryIce unit enter the failure
 
+ * state:
 
+ *
 
+ * - wire-mesh-tamper detect
 
+ * - external tamper B detect
 
+ * - external tamper A detect
 
+ * - temperature tamper detect
 
+ * - clock tamper detect
 
+ * - voltage tamper detect
 
+ * - RTC counter overflow
 
+ * - monotonic counter overflow
 
+ * - external boot
 
+ *
 
+ * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
 
+ * can only detect this state. In this case the unit is completely locked and
 
+ * must force a second "SYSTEM POR" to bring the DryIce into the
 
+ * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
 
+ * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
 
+ * a battery power cycle is required.
 
+ *
 
+ * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
 
+ * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
 
+ * task, we bring back this unit into life.
 
+ */
 
+
 
 /*
 
  * enable a dryice interrupt
 
  */