On 2/21/26 2:18 AM, Tao Tang wrote:
Arm SMMUv3 uses a SEC_SID (StreamID Security state) to determine the
security state of the programming interface that controls a transaction.
The architecture explicitly states that the association between a device
and its SEC_SID is a system-defined property, not something derived from
the physical address space.
We need a way to represent this system-defined SEC_SID for PCI devices
if we want to implement SMMU's Secure state. So that SMMUv3 can select
the correct register bank and configuration when handling their streams.
This patch adds a new char *sec_sid field to PCIDevice, together with
a "sec-sid" QOM property. The property is intended to carry the
platform-defined SEC_SID for the device; for now only Non-secure and
Secure security states are supported.
Future RME-DA/TDISP work will use the PCIe TDISP/DTI protocol to model
Realm and Non-secure streams, instead of extending this static field.
In practice, it's not yet clear how will get this TDISP T-bit, since
it's part of encrypted payload. So far, we are detecting config fetch
and dynamically switching a given device to a new sec_sid accordingly.
Thus, we *might* end up reusing this field eventually.
All that said, for now, and in the context of this series, it's
definitely a static property.
Signed-off-by: Tao Tang <[email protected]>
---
hw/pci/pci.c | 7 +++++++
include/hw/pci/pci_device.h | 3 +++
2 files changed, 10 insertions(+)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 90d6d71efdc..aca0509f705 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -98,6 +98,13 @@ static const Property pci_props[] = {
DEFINE_PROP_STRING("sriov-pf", PCIDevice, sriov_pf),
DEFINE_PROP_BIT("x-pcie-ext-tag", PCIDevice, cap_present,
QEMU_PCIE_EXT_TAG_BITNR, true),
+
+ /*
+ * System-defined, statically configured SEC_SID for this PCI device, used
+ * by Arm SMMU. Only support "non-secure" and "secure" security states.
+ */
+ DEFINE_PROP_STRING("sec-sid", PCIDevice, sec_sid),
+
{ .name = "busnr", .info = &prop_pci_busnr },
};
diff --git a/include/hw/pci/pci_device.h b/include/hw/pci/pci_device.h
index 88ccea50113..47ed4a13e40 100644
--- a/include/hw/pci/pci_device.h
+++ b/include/hw/pci/pci_device.h
@@ -184,6 +184,9 @@ struct PCIDevice {
uint32_t max_bounce_buffer_size;
char *sriov_pf;
+
+ /* Arm SMMU SEC_SID */
+ char *sec_sid;
};
static inline int pci_intx(PCIDevice *pci_dev)
Reviewed-by: Pierrick Bouvier <[email protected]>
