rtc: imxdi: add some background info about the states the machine can be in
Document the i.MX DryIce machine states. Signed-off-by: Juergen Borleis <jbe@pengutronix.de> Signed-off-by: Robert Schwebel <rsc@pengutronix.de> [rsc: got NDA clearance from Freescale] Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
This commit is contained in:
Juergen Borleis
Alexandre Belloni
parent
e30d31317b
commit
3ba3fab765
1 changed files with 43 additions and 0 deletions
|
|
@ -129,6 +129,49 @@ struct imxdi_dev {
|
|||
struct work_struct work;
|
||||
};
|
||||
|
||||
/* Some background:
|
||||
*
|
||||
* The DryIce unit is a complex security/tamper monitor device. To be able do
|
||||
* its job in a useful manner it runs a bigger statemachine to bring it into
|
||||
* security/tamper failure state and once again to bring it out of this state.
|
||||
*
|
||||
* This unit can be in one of three states:
|
||||
*
|
||||
* - "NON-VALID STATE"
|
||||
* always after the battery power was removed
|
||||
* - "FAILURE STATE"
|
||||
* if one of the enabled security events has happened
|
||||
* - "VALID STATE"
|
||||
* if the unit works as expected
|
||||
*
|
||||
* Everything stops when the unit enters the failure state including the RTC
|
||||
* counter (to be able to detect the time the security event happened).
|
||||
*
|
||||
* The following events (when enabled) let the DryIce unit enter the failure
|
||||
* state:
|
||||
*
|
||||
* - wire-mesh-tamper detect
|
||||
* - external tamper B detect
|
||||
* - external tamper A detect
|
||||
* - temperature tamper detect
|
||||
* - clock tamper detect
|
||||
* - voltage tamper detect
|
||||
* - RTC counter overflow
|
||||
* - monotonic counter overflow
|
||||
* - external boot
|
||||
*
|
||||
* If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
|
||||
* can only detect this state. In this case the unit is completely locked and
|
||||
* must force a second "SYSTEM POR" to bring the DryIce into the
|
||||
* "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
|
||||
* If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
|
||||
* a battery power cycle is required.
|
||||
*
|
||||
* In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
|
||||
* and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
|
||||
* task, we bring back this unit into life.
|
||||
*/
|
||||
|
||||
/*
|
||||
* enable a dryice interrupt
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in a new issue