Staging: sep: Upstream revision 3 of the security processor kernel driver

Upstream revision 3 of the security processor kernel driver;
now located in drivers/staging

This revision adds an initial TODO file

This driver no longer requires to have the firmware compiled in
it with the CONFIG_EXTRA_FIRMWARE configuration option.

Furthermore, we now have the right to distribute the firmware
binaries.

This is the Linux kernel driver for the Security Processor, which is
a hardware device the provides cryptographic, secure storage, and
key management services.

Please be aware that this patch does not contain any encryption
algorithm. It only transports data to and from user space
applications to the security processor.

Signed-off-by: Mark Allyn <mark.a.allyn@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

11 files changed, 5769 insertions, 0 deletions

diff --git a/drivers/staging/Kconfig b/drivers/staging/Kconfig
index 979de8fb32c..2860bd5704f 100644
--- a/drivers/staging/Kconfig
+++ b/drivers/staging/Kconfig
@@ -135,5 +135,7 @@ source "drivers/staging/hv/Kconfig"
 
 source "drivers/staging/vme/Kconfig"
 
+source "drivers/staging/sep/Kconfig"
+
 endif # !STAGING_EXCLUDE_BUILD
 endif # STAGING
diff --git a/drivers/staging/Makefile b/drivers/staging/Makefile
index c80d05006dc..ce6523c02f9 100644
--- a/drivers/staging/Makefile
+++ b/drivers/staging/Makefile
@@ -49,3 +49,4 @@ obj-$(CONFIG_USB_CPC)		+= cpc-usb/
 obj-$(CONFIG_FB_UDL)		+= udlfb/
 obj-$(CONFIG_HYPERV)		+= hv/
 obj-$(CONFIG_VME_BUS)		+= vme/
+obj-$(CONFIG_DX_SEP)		+= sep/
diff --git a/drivers/staging/sep/Kconfig b/drivers/staging/sep/Kconfig
new file mode 100644
index 00000000000..1a4514d3a7a
--- /dev/null
+++ b/drivers/staging/sep/Kconfig
@@ -0,0 +1,9 @@
+config DX_SEP
+	tristate "Discretix SEP driver"
+	depends on MRST
+	default y
+	help
+	  Discretix SEP driver
+
+	  If unsure say M. The compiled module will be
+	  called sep_driver.ko
diff --git a/drivers/staging/sep/Makefile b/drivers/staging/sep/Makefile
new file mode 100644
index 00000000000..e2528e80e28
--- /dev/null
+++ b/drivers/staging/sep/Makefile
@@ -0,0 +1,3 @@
+EXTRA_CFLAGS += -DLITTLE__ENDIAN -DDX_CC5_SEP_PLAT -DCRYS_NO_EXT_IF_MODE_SUPPORT
+obj-$(CONFIG_DX_SEP) := sep_driver.o
+sep_driver-objs := sep_main_mod.o sep_ext_with_pci_driver.o
diff --git a/drivers/staging/sep/TODO b/drivers/staging/sep/TODO
new file mode 100644
index 00000000000..ff0e931dab6
--- /dev/null
+++ b/drivers/staging/sep/TODO
@@ -0,0 +1,8 @@
+Todo's so far (from Alan Cox)
+- Fix firmware loading
+- Get firmware into firmware git tree
+- Review and tidy each algorithm function
+- Check whether it can be plugged into any of the kernel crypto API
+  interfaces
+- Do something about the magic shared memory interface and replace it
+  with something saner (in Linux terms)
diff --git a/drivers/staging/sep/sep_driver_api.h b/drivers/staging/sep/sep_driver_api.h
new file mode 100644
index 00000000000..6a3be5dbfff
--- /dev/null
+++ b/drivers/staging/sep/sep_driver_api.h
@@ -0,0 +1,545 @@
+/*
+ *
+ *  sep_driver_api.h - Security Processor Driver api definitions
+ *
+ *  Copyright(c) 2009 Intel Corporation. All rights reserved.
+ *  Copyright(c) 2009 Discretix. All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the Free
+ *  Software Foundation; either version 2 of the License, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ *  more details.
+ *
+ *  You should have received a copy of the GNU General Public License along with
+ *  this program; if not, write to the Free Software Foundation, Inc., 59
+ *  Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ *  CONTACTS:
+ *
+ *  Mark Allyn		mark.a.allyn@intel.com
+ *
+ *  CHANGES:
+ *
+ *  2009.06.26	Initial publish
+ *
+ */
+
+#ifndef __SEP_DRIVER_API_H__
+#define __SEP_DRIVER_API_H__
+
+
+
+/*----------------------------------------------------------------
+  IOCTL command defines
+  -----------------------------------------------------------------*/
+
+/* magic number 1 of the sep IOCTL command */
+#define SEP_IOC_MAGIC_NUMBER                           's'
+
+/* sends interrupt to sep that message is ready */
+#define SEP_IOCSENDSEPCOMMAND                 _IO(SEP_IOC_MAGIC_NUMBER , 0)
+
+/* sends interrupt to sep that message is ready */
+#define SEP_IOCSENDSEPRPLYCOMMAND             _IO(SEP_IOC_MAGIC_NUMBER , 1)
+
+/* allocate memory in data pool */
+#define SEP_IOCALLOCDATAPOLL                  _IO(SEP_IOC_MAGIC_NUMBER , 2)
+
+/* write to pre-allocated  memory in data pool */
+#define SEP_IOCWRITEDATAPOLL                  _IO(SEP_IOC_MAGIC_NUMBER , 3)
+
+/* read from  pre-allocated  memory in data pool */
+#define SEP_IOCREADDATAPOLL                   _IO(SEP_IOC_MAGIC_NUMBER , 4)
+
+/* create sym dma lli tables */
+#define SEP_IOCCREATESYMDMATABLE              _IO(SEP_IOC_MAGIC_NUMBER , 5)
+
+/* create flow dma lli tables */
+#define SEP_IOCCREATEFLOWDMATABLE             _IO(SEP_IOC_MAGIC_NUMBER , 6)
+
+/* free dynamic data aalocated during table creation */
+#define SEP_IOCFREEDMATABLEDATA                _IO(SEP_IOC_MAGIC_NUMBER , 7)
+
+/* get the static pool area addersses (physical and virtual) */
+#define SEP_IOCGETSTATICPOOLADDR               _IO(SEP_IOC_MAGIC_NUMBER , 8)
+
+/* set flow id command */
+#define SEP_IOCSETFLOWID                       _IO(SEP_IOC_MAGIC_NUMBER , 9)
+
+/* add tables to the dynamic flow */
+#define SEP_IOCADDFLOWTABLE                    _IO(SEP_IOC_MAGIC_NUMBER , 10)
+
+/* add flow add tables message */
+#define SEP_IOCADDFLOWMESSAGE                  _IO(SEP_IOC_MAGIC_NUMBER , 11)
+
+/* start sep command */
+#define SEP_IOCSEPSTART                        _IO(SEP_IOC_MAGIC_NUMBER , 12)
+
+/* init sep command */
+#define SEP_IOCSEPINIT                         _IO(SEP_IOC_MAGIC_NUMBER , 13)
+
+/* set non blocking mode */
+#define SEP_IOCSETAPIMODE                      _IO(SEP_IOC_MAGIC_NUMBER , 14)
+
+/* end transaction command */
+#define SEP_IOCENDTRANSACTION                  _IO(SEP_IOC_MAGIC_NUMBER , 15)
+
+/* reallocate cache and resident */
+#define SEP_IOCREALLOCCACHERES                 _IO(SEP_IOC_MAGIC_NUMBER , 16)
+
+/* get the offset of the address starting from the beginnnig of the map area */
+#define SEP_IOCGETMAPPEDADDROFFSET             _IO(SEP_IOC_MAGIC_NUMBER , 17)
+
+/* get time address and value */
+#define SEP_IOCGETIME                          _IO(SEP_IOC_MAGIC_NUMBER , 19)
+
+/*-------------------------------------------
+    TYPEDEFS
+----------------------------------------------*/
+
+/*
+  init command struct
+*/
+struct sep_driver_init_t {
+  /* start of the 1G of the host memory address that SEP can access */
+  unsigned long   message_addr;
+
+  /* start address of resident */
+  unsigned long   message_size_in_words;
+
+};
+
+
+/*
+  realloc cache resident command
+*/
+struct sep_driver_realloc_cache_resident_t {
+  /* base address */
+  unsigned long   base_addr;
+
+  /* current cache address */
+  unsigned long   cache_addr;
+
+  /* cache size in bytes*/
+  unsigned long   cache_size_in_bytes;
+
+  /* current resident address */
+  unsigned long   resident_addr;
+
+  /* resident size in bytes*/
+  unsigned long   resident_size_in_bytes;
+
+  /* new cache address */
+  unsigned long   new_cache_addr;
+
+  /* new resident address */
+  unsigned long   new_resident_addr;
+
+  /* new resident address */
+  unsigned long   new_shared_area_addr;
+
+  /* new base address */
+  unsigned long   new_base_addr;
+};
+
+/*
+  set api mode command struct
+*/
+struct sep_driver_set_api_mode_t {
+  /* mode to set - 1 - blocking, 0 - non-blocking */
+  unsigned long   mode;
+};
+
+struct sep_driver_alloc_t {
+  /* virtual address of allocated space */
+  unsigned long offset;
+
+  /* physical address of allocated space */
+  unsigned long phys_address;
+
+  /* number of bytes to allocate */
+  unsigned long num_bytes;
+};
+
+/*
+ */
+struct sep_driver_write_t {
+  /* application space address */
+  unsigned long app_address;
+
+  /* address of the data pool */
+  unsigned long datapool_address;
+
+  /* number of bytes to write */
+  unsigned long num_bytes;
+};
+
+/*
+ */
+struct sep_driver_read_t {
+  /* application space address */
+  unsigned long app_address;
+
+  /* address of the data pool */
+  unsigned long datapool_address;
+
+  /* number of bytes to read */
+  unsigned long num_bytes;
+};
+
+/*
+*/
+struct sep_driver_build_sync_table_t {
+  /* address value of the data in */
+  unsigned long  app_in_address;
+
+  /* size of data in */
+  unsigned long  data_in_size;
+
+  /* address of the data out */
+  unsigned long  app_out_address;
+
+  /* the size of the block of the operation - if needed,
+  every table will be modulo this parameter */
+  unsigned long  block_size;
+
+  /* the physical address of the first input DMA table */
+  unsigned long  in_table_address;
+
+  /* number of entries in the first input DMA table */
+  unsigned long  in_table_num_entries;
+
+  /* the physical address of the first output DMA table */
+  unsigned long  out_table_address;
+
+  /* number of entries in the first output DMA table */
+  unsigned long  out_table_num_entries;
+
+  /* data in the first input table */
+  unsigned long  table_data_size;
+
+  /* distinct user/kernel layout */
+  bool isKernelVirtualAddress;
+
+};
+
+/*
+*/
+struct sep_driver_build_flow_table_t {
+  /* flow type */
+  unsigned long  flow_type;
+
+  /* flag for input output */
+  unsigned long  input_output_flag;
+
+  /* address value of the data in */
+  unsigned long  virt_buff_data_addr;
+
+  /* size of data in */
+  unsigned long  num_virtual_buffers;
+
+  /* the physical address of the first input DMA table */
+  unsigned long  first_table_addr;
+
+  /* number of entries in the first input DMA table */
+  unsigned long  first_table_num_entries;
+
+  /* data in the first input table */
+  unsigned long  first_table_data_size;
+
+  /* distinct user/kernel layout */
+  bool isKernelVirtualAddress;
+};
+
+
+struct sep_driver_add_flow_table_t {
+  /* flow id  */
+  unsigned long  flow_id;
+
+  /* flag for input output */
+  unsigned long  inputOutputFlag;
+
+  /* address value of the data in */
+  unsigned long  virt_buff_data_addr;
+
+  /* size of data in */
+  unsigned long  num_virtual_buffers;
+
+  /* address of the first table */
+  unsigned long  first_table_addr;
+
+  /* number of entries in the first table */
+  unsigned long  first_table_num_entries;
+
+  /* data size of the first table */
+  unsigned long  first_table_data_size;
+
+  /* distinct user/kernel layout */
+  bool isKernelVirtualAddress;
+
+};
+
+/*
+  command struct for set flow id
+*/
+struct sep_driver_set_flow_id_t {
+  /* flow id to set */
+  unsigned long  flow_id;
+};
+
+
+/* command struct for add tables message */
+struct sep_driver_add_message_t {
+  /* flow id to set */
+  unsigned long   flow_id;
+
+  /* message size in bytes */
+  unsigned long   message_size_in_bytes;
+
+  /* address of the message */
+  unsigned long   message_address;
+};
+
+/* command struct for static pool addresses  */
+struct sep_driver_static_pool_addr_t {
+  /* physical address of the static pool */
+  unsigned long   physical_static_address;
+
+  /* virtual address of the static pool */
+  unsigned long   virtual_static_address;
+};
+
+/* command struct for getiing offset of the physical address from
+	the start of the mapped area  */
+struct sep_driver_get_mapped_offset_t {
+  /* physical address of the static pool */
+  unsigned long   physical_address;
+
+  /* virtual address of the static pool */
+  unsigned long   offset;
+};
+
+/* command struct for getting time value and address */
+struct sep_driver_get_time_t {
+  /* physical address of stored time */
+  unsigned long   time_physical_address;
+
+  /* value of the stored time */
+  unsigned long   time_value;
+};
+
+
+/*
+  structure that represent one entry in the DMA LLI table
+*/
+struct sep_lli_entry_t {
+  /* physical address */
+  unsigned long  physical_address;
+
+  /* block size */
+  unsigned long  block_size;
+};
+
+/*
+  structure that reperesents data needed for lli table construction
+*/
+struct sep_lli_prepare_table_data_t {
+  /* pointer to the memory where the first lli entry to be built */
+  struct sep_lli_entry_t  *lli_entry_ptr;
+
+  /* pointer to the array of lli entries from which the table is to be built */
+  struct sep_lli_entry_t  *lli_array_ptr;
+
+  /* number of elements in lli array */
+  int               lli_array_size;
+
+  /* number of entries in the created table */
+  int               num_table_entries;
+
+  /* number of array entries processed during table creation */
+  int               num_array_entries_processed;
+
+  /* the totatl data size in the created table */
+  int               lli_table_total_data_size;
+};
+
+/*
+  structure that represent tone table - it is not used in code, jkust
+  to show what table looks like
+*/
+struct sep_lli_table_t {
+  /* number of pages mapped in this tables. If 0 - means that the table
+  is not defined (used as a valid flag)*/
+  unsigned long num_pages;
+  /*
+    pointer to array of page pointers that represent the mapping of the
+    virtual buffer defined by the table to the physical memory. If this
+    pointer is NULL, it means that the table is not defined
+    (used as a valid flag)
+  */
+  struct page  **table_page_array_ptr;
+
+  /* maximum flow entries in table */
+  struct sep_lli_entry_t lli_entries[SEP_DRIVER_MAX_FLOW_NUM_ENTRIES_IN_TABLE];
+};
+
+
+/*
+  structure for keeping the mapping of the virtual buffer into physical pages
+*/
+struct sep_flow_buffer_data {
+  /* pointer to the array of page structs pointers to the pages of the
+	virtual buffer */
+  struct page   **page_array_ptr;
+
+  /* number of pages taken by the virtual buffer */
+  unsigned long   num_pages;
+
+  /* this flag signals if this page_array is the last one among many that were
+	sent in one setting to SEP */
+  unsigned long   last_page_array_flag;
+};
+
+/*
+  struct that keeps all the data for one flow
+*/
+struct sep_flow_context_t {
+  /*
+	work struct for handling the flow done interrupt in the workqueue
+	this structure must be in the first place, since it will be used
+	forcasting to the containing flow context
+  */
+  struct work_struct      flow_wq;
+
+  /* flow id */
+  unsigned long           flow_id;
+
+  /* additional input tables exists */
+  unsigned long           input_tables_flag;
+
+  /* additional output tables exists */
+  unsigned long           output_tables_flag;
+
+  /*  data of the first input file */
+  struct sep_lli_entry_t         first_input_table;
+
+  /* data of the first output table */
+  struct sep_lli_entry_t         first_output_table;
+
+  /* last input table data */
+  struct sep_lli_entry_t         last_input_table;
+
+  /* last output table data */
+  struct sep_lli_entry_t         last_output_table;
+
+  /* first list of table */
+  struct sep_lli_entry_t         input_tables_in_process;
+
+  /* output table in process (in sep) */
+  struct sep_lli_entry_t         output_tables_in_process;
+
+  /* size of messages in bytes */
+  unsigned long           message_size_in_bytes;
+
+  /* message */
+  unsigned char           message[SEP_MAX_ADD_MESSAGE_LENGTH_IN_BYTES];
+};
+
+
+
+/*
+  this function locks SEP by locking the semaphore
+*/
+int sep_lock(void);
+
+/*
+  this function unlocks SEP
+*/
+void sep_unlock(void);
+
+/*
+	this function returns the address of the message shared area
+*/
+void sep_map_shared_area(unsigned long *mappedAddr_ptr);
+
+
+/*
+	this function returns the address of the message shared area
+*/
+void sep_send_msg_rdy_cmd(void);
+
+
+/*
+	This function releases all the application virtual
+	buffer physical pages, that were previously locked
+*/
+int sep_free_dma_pages(struct page **page_array_ptr,
+			unsigned long num_pages,
+			unsigned long dirtyFlag);
+
+/*
+	This function creates the input and output dma tables for
+	symmetric operations (AES/DES) according to the block size
+	from LLI arays
+*/
+int sep_construct_dma_tables_from_lli(
+					struct sep_lli_entry_t *lli_in_array,
+					unsigned long     sep_in_lli_entries,
+					struct sep_lli_entry_t *lli_out_array,
+					unsigned long     sep_out_lli_entries,
+					unsigned long     block_size,
+					unsigned long    *lli_table_in_ptr,
+					unsigned long    *lli_table_out_ptr,
+					unsigned long    *in_num_entries_ptr,
+					unsigned long    *out_num_entries_ptr,
+					unsigned long    *table_data_size_ptr);
+
+/*
+	This function builds input and output DMA tables for synhronic symmetric
+	operations (AES, DES) It also checks that each table is of the modular
+	block size
+*/
+int sep_prepare_input_output_dma_table(unsigned long   app_virt_in_addr,
+				unsigned long   app_virt_out_addr,
+				unsigned long   data_size,
+				unsigned long   block_size,
+				unsigned long  *lli_table_in_ptr,
+				unsigned long  *lli_table_out_ptr,
+				unsigned long  *in_num_entries_ptr,
+				unsigned long  *out_num_entries_ptr,
+				unsigned long  *table_data_size_ptr,
+				bool            isKernelVirtualAddress);
+
+/*
+	This function prepares only input DMA table for synhronic symmetric
+	operations (HASH)
+*/
+int sep_prepare_input_dma_table(unsigned long   app_virt_addr,
+				unsigned long   data_size,
+				unsigned long   block_size,
+				unsigned long  *lli_table_ptr,
+				unsigned long  *num_entries_ptr,
+				unsigned long  *table_data_size_ptr,
+				bool            isKernelVirtualAddress);
+
+/* this functions frees all the resources that were allocated for the building
+	of the LLI DMA tables */
+void sep_free_dma_resources(void);
+
+
+/* poll(suspend) , until reply from sep */
+void sep_driver_poll(void);
+
+/*
+	this function handles the request for freeing dma table for
+	synhronic actions
+*/
+int sep_free_dma_table_data_handler(void);
+
+
+#endif
diff --git a/drivers/staging/sep/sep_driver_config.h b/drivers/staging/sep/sep_driver_config.h
new file mode 100644
index 00000000000..a796c4970a0
--- /dev/null
+++ b/drivers/staging/sep/sep_driver_config.h
@@ -0,0 +1,305 @@
+/*
+ *
+ *  sep_driver_config.h - Security Processor Driver configuration
+ *
+ *  Copyright(c) 2009 Intel Corporation. All rights reserved.
+ *  Copyright(c) 2009 Discretix. All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the Free
+ *  Software Foundation; either version 2 of the License, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ *  more details.
+ *
+ *  You should have received a copy of the GNU General Public License along with
+ *  this program; if not, write to the Free Software Foundation, Inc., 59
+ *  Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ *  CONTACTS:
+ *
+ *  Mark Allyn		mark.a.allyn@intel.com
+ *
+ *  CHANGES:
+ *
+ *  2009.06.26	Initial publish
+ *
+ */
+
+#ifndef __SEP_DRIVER_CONFIG_H__
+#define __SEP_DRIVER_CONFIG_H__
+
+
+/*--------------------------------------
+  DRIVER CONFIGURATION FLAGS
+  -------------------------------------*/
+
+/* if flag is on , then the driver is running in polling and
+	not interrupt mode */
+#define SEP_DRIVER_POLLING_MODE                         1
+
+/* flag which defines if the shared area address should be
+	reconfiged (send to SEP anew) during init of the driver */
+#define SEP_DRIVER_RECONFIG_MESSAGE_AREA                0
+
+/* the mode for running on the ARM1172 Evaluation platform (flag is 1) */
+#define SEP_DRIVER_ARM_DEBUG_MODE                       0
+
+/*-------------------------------------------
+	INTERNAL DATA CONFIGURATION
+	-------------------------------------------*/
+
+/* flag for the input array */
+#define SEP_DRIVER_IN_FLAG                              0
+
+/* flag for output array */
+#define SEP_DRIVER_OUT_FLAG                             1
+
+/* maximum number of entries in one LLI tables */
+#define SEP_DRIVER_ENTRIES_PER_TABLE_IN_SEP             8
+
+
+/*--------------------------------------------------------
+	SHARED AREA  memory total size is 36K
+	it is divided is following:
+
+	SHARED_MESSAGE_AREA                     8K         }
+									}
+	STATIC_POOL_AREA                        4K         } MAPPED AREA ( 24 K)
+									}
+	DATA_POOL_AREA                          12K        }
+
+	SYNCHRONIC_DMA_TABLES_AREA              5K
+
+	FLOW_DMA_TABLES_AREA                    4K
+
+	SYSTEM_MEMORY_AREA                      3k
+
+	SYSTEM_MEMORY total size is 3k
+	it is divided as following:
+
+	TIME_MEMORY_AREA                     8B
+-----------------------------------------------------------*/
+
+
+
+/*
+	the maximum length of the message - the rest of the message shared
+	area will be dedicated to the dma lli tables
+*/
+#define SEP_DRIVER_MAX_MESSAGE_SIZE_IN_BYTES                  (8 * 1024)
+
+/* the size of the message shared area in pages */
+#define SEP_DRIVER_MESSAGE_SHARED_AREA_SIZE_IN_BYTES          (8 * 1024)
+
+/* the size of the data pool static area in pages */
+#define SEP_DRIVER_STATIC_AREA_SIZE_IN_BYTES                  (4 * 1024)
+
+/* the size of the data pool shared area size in pages */
+#define SEP_DRIVER_DATA_POOL_SHARED_AREA_SIZE_IN_BYTES        (12 * 1024)
+
+/* the size of the message shared area in pages */
+#define SEP_DRIVER_SYNCHRONIC_DMA_TABLES_AREA_SIZE_IN_BYTES   (1024 * 5)
+
+
+/* the size of the data pool shared area size in pages */
+#define SEP_DRIVER_FLOW_DMA_TABLES_AREA_SIZE_IN_BYTES         (1024 * 4)
+
+/* system data (time, caller id etc') pool */
+#define SEP_DRIVER_SYSTEM_DATA_MEMORY_SIZE_IN_BYTES           100
+
+
+/* area size that is mapped  - we map the MESSAGE AREA, STATIC POOL and
+	DATA POOL areas. area must be module 4k */
+#define SEP_DRIVER_MMMAP_AREA_SIZE                            (1024 * 24)
+
+
+/*-----------------------------------------------
+	offsets of the areas starting from the shared area start address
+*/
+
+/* message area offset */
+#define SEP_DRIVER_MESSAGE_AREA_OFFSET_IN_BYTES               0
+
+/* static pool area offset */
+#define SEP_DRIVER_STATIC_AREA_OFFSET_IN_BYTES \
+		(SEP_DRIVER_MESSAGE_SHARED_AREA_SIZE_IN_BYTES)
+
+/* data pool area offset */
+#define SEP_DRIVER_DATA_POOL_AREA_OFFSET_IN_BYTES \
+	(SEP_DRIVER_STATIC_AREA_OFFSET_IN_BYTES + \
+	SEP_DRIVER_STATIC_AREA_SIZE_IN_BYTES)
+
+/* synhronic dma tables area offset */
+#define SEP_DRIVER_SYNCHRONIC_DMA_TABLES_AREA_OFFSET_IN_BYTES \
+	(SEP_DRIVER_DATA_POOL_AREA_OFFSET_IN_BYTES + \
+	SEP_DRIVER_DATA_POOL_SHARED_AREA_SIZE_IN_BYTES)
+
+/* sep driver flow dma tables area offset */
+#define SEP_DRIVER_FLOW_DMA_TABLES_AREA_OFFSET_IN_BYTES \
+	(SEP_DRIVER_SYNCHRONIC_DMA_TABLES_AREA_OFFSET_IN_BYTES + \
+	SEP_DRIVER_SYNCHRONIC_DMA_TABLES_AREA_SIZE_IN_BYTES)
+
+/* system memory offset in bytes */
+#define SEP_DRIVER_SYSTEM_DATA_MEMORY_OFFSET_IN_BYTES \
+	(SEP_DRIVER_FLOW_DMA_TABLES_AREA_OFFSET_IN_BYTES + \
+	SEP_DRIVER_FLOW_DMA_TABLES_AREA_SIZE_IN_BYTES)
+
+/* offset of the time area */
+#define SEP_DRIVER_SYSTEM_TIME_MEMORY_OFFSET_IN_BYTES \
+	(SEP_DRIVER_SYSTEM_DATA_MEMORY_OFFSET_IN_BYTES)
+
+
+
+/* start physical address of the SEP registers memory in HOST */
+#define SEP_IO_MEM_REGION_START_ADDRESS                       0x80000000
+
+/* size of the SEP registers memory region  in HOST (for now 100 registers) */
+#define SEP_IO_MEM_REGION_SIZE                                (2 * 0x100000)
+
+/* define the number of IRQ for SEP interrupts */
+#define SEP_DIRVER_IRQ_NUM                                    1
+
+/* maximum number of add buffers */
+#define SEP_MAX_NUM_ADD_BUFFERS                               100
+
+/* number of flows */
+#define SEP_DRIVER_NUM_FLOWS                                  4
+
+/* maximum number of entries in flow table */
+#define SEP_DRIVER_MAX_FLOW_NUM_ENTRIES_IN_TABLE              25
+
+/* offset of the num entries in the block length entry of the LLI */
+#define SEP_NUM_ENTRIES_OFFSET_IN_BITS                        24
+
+/* offset of the interrupt flag in the block length entry of the LLI */
+#define SEP_INT_FLAG_OFFSET_IN_BITS                           31
+
+/* mask for extracting data size from LLI */
+#define SEP_TABLE_DATA_SIZE_MASK                              0xFFFFFF
+
+/* mask for entries after being shifted left */
+#define SEP_NUM_ENTRIES_MASK                                  0x7F
+
+/* default flow id */
+#define SEP_FREE_FLOW_ID                                      0xFFFFFFFF
+
+/* temp flow id used during cretiong of new flow until receiving
+	real flow id from sep */
+#define SEP_TEMP_FLOW_ID                   (SEP_DRIVER_NUM_FLOWS + 1)
+
+/* maximum add buffers message length in bytes */
+#define SEP_MAX_ADD_MESSAGE_LENGTH_IN_BYTES                   (7 * 4)
+
+/* maximum number of concurrent virtual buffers */
+#define SEP_MAX_VIRT_BUFFERS_CONCURRENT                       100
+
+/* the token that defines the start of time address */
+#define SEP_TIME_VAL_TOKEN                                    0x12345678
+/* DEBUG LEVEL MASKS */
+#define SEP_DEBUG_LEVEL_BASIC       0x1
+
+#define SEP_DEBUG_LEVEL_REGISTERS   0x2
+
+#define SEP_DEBUG_LEVEL_EXTENDED    0x4
+
+
+/* FUNCTIONAL MACROS */
+
+/* debug macro without paramaters */
+#define DEBUG_PRINT_0(DEBUG_LEVEL , info) \
+do { \
+	if (DEBUG_LEVEL & sepDebug) \
+		printk(KERN_WARNING info); \
+} while (0)
+
+/* debug macro with 1 paramater */
+#define DEBUG_PRINT_1(DEBUG_LEVEL , info , param1) \
+do { \
+	if (DEBUG_LEVEL & sepDebug) \
+		printk(KERN_WARNING info, param1); \
+} while (0)
+
+/* debug macro with 2 paramaters */
+#define DEBUG_PRINT_2(DEBUG_LEVEL, info, param1, param2) \
+do { \
+	if (DEBUG_LEVEL & sepDebug) \
+		printk(KERN_WARNING info , param1, param2); \
+} while (0)
+
+/* debug macro with 3 paramaters */
+#define DEBUG_PRINT_3(DEBUG_LEVEL, info, param1, param2, param3) \
+do { \
+	if (DEBUG_LEVEL & sepDebug) \
+		printk(KERN_WARNING info , param1, param2 , param3); \
+} while (0)
+
+/* debug macro with 4 paramaters */
+#define DEBUG_PRINT_4(DEBUG_LEVEL, info, param1, param2, param3, param4) \
+do { \
+	if (DEBUG_LEVEL & sepDebug) \
+		printk(KERN_WARNING info, param1, param2, param3, param4); \
+} while (0)
+
+#if 0
+/* write register macro with option for debug print */
+#define SEP_WRITE_REGISTER(address, value) \
+do { \
+	if (sepDebug & SEP_DEBUG_LEVEL_REGISTERS) \
+		printk(KERN_WARNING "Write Register: address %lu value %lu\n", \
+		(unsigned long)(address), (unsigned long)(value)); \
+	writel((value), (void *)(address)); \
+} while (0)
+
+/* read register macro with option for debug print */
+#define SEP_READ_REGISTER(address , value) \
+do { \
+	(value) = readl((void *)(address)); \
+	if (sepDebug & SEP_DEBUG_LEVEL_REGISTERS) \
+		printk(KERN_WARNING "Read Register: address %lu value %lu\n", \
+		(address), (value)); \
+} while (0)
+#else
+
+#if 1
+
+#define SEP_WRITE_REGISTER(address, value)  writel((value), (void *)(address))
+#define SEP_READ_REGISTER(address, value)  (value) = readl((void *)(address))
+#endif
+
+#endif
+
+#if 0
+#define SEP_WRITE_ROM(address, value)  writel((value), (void *)(address))
+
+#define SEP_WRITE_REGISTER(address, value) \
+do { \
+	unsigned long i; \
+	for (i = 0; i < 1000; i++); \
+		writel((value), (void *)(address)); \
+} while (0)
+
+
+#define SEP_READ_REGISTER(address , value) \
+do { \
+	unsigned long i; \
+	for (i = 0; i < 1000; i++); \
+		(value) = readl((void *) (address)); \
+} while (0)
+
+#endif
+
+/* wait for SRAM write complete(indirect write */
+#define SEP_WAIT_SRAM_WRITE_COMPLETE() \
+do { \
+	unsigned long  reg_val; \
+	do { \
+		SEP_READ_REGISTER(g_sep_reg_base_address + \
+		HW_SRAM_DATA_READY_REG_ADDR, (reg_val)); \
+	} while (!(reg_val & 0x1)); \
+} while (0)
+
+#endif
diff --git a/drivers/staging/sep/sep_driver_ext_api.h b/drivers/staging/sep/sep_driver_ext_api.h
new file mode 100644
index 00000000000..3bc3b4de99c
--- /dev/null
+++ b/drivers/staging/sep/sep_driver_ext_api.h
@@ -0,0 +1,106 @@
+/*
+ *
+ *  sep_driver_ext_api.h - Security Processor Driver external api definitions
+ *
+ *  Copyright(c) 2009 Intel Corporation. All rights reserved.
+ *  Copyright(c) 2009 Discretix. All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the Free
+ *  Software Foundation; either version 2 of the License, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ *  more details.
+ *
+ *  You should have received a copy of the GNU General Public License along with
+ *  this program; if not, write to the Free Software Foundation, Inc., 59
+ *  Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ *  CONTACTS:
+ *
+ *  Mark Allyn		mark.a.allyn@intel.com
+ *
+ *  CHANGES:
+ *
+ *  2009.06.26	Initial publish
+ *
+ */
+
+#ifndef __SEP_DRIVER_EXT_API_H__
+#define __SEP_DRIVER_EXT_API_H__
+
+
+/* shared variables */
+extern int sepDebug;
+
+extern unsigned long g_sep_reg_base_address;
+
+/*
+this function loads the ROM code in SEP (needed only in the debug mode on FPGA)
+*/
+void sep_load_rom_code(void);
+
+/*
+This functions locks the area of the resident and cache sep code (if possible)
+*/
+void sep_lock_cache_resident_area(void);
+
+/*
+This functions copies the cache and resident from their source location into
+destination memory, which is external to Linux VM and is given as physical
+address
+*/
+int sep_copy_cache_resident_to_area(unsigned long   src_cache_addr,
+				unsigned long   cache_size_in_bytes,
+				unsigned long   src_resident_addr,
+				unsigned long   resident_size_in_bytes,
+				unsigned long  *dst_new_cache_addr_ptr,
+				unsigned long  *dst_new_resident_addr_ptr);
+
+/*
+This functions maps and allocates the shared area on the external
+RAM (device) The input is shared_area_size - the size of the memory
+to allocate. The outputs are kernel_shared_area_addr_ptr - the kerenl
+address of the mapped and allocated shared area, and
+phys_shared_area_addr_ptr - the physical address of the shared area
+*/
+int sep_map_and_alloc_shared_area(unsigned long   shared_area_size,
+				unsigned long  *kernel_shared_area_addr_ptr,
+				unsigned long  *phys_shared_area_addr_ptr);
+
+/*
+This functions unmaps and deallocates the shared area on the  external
+RAM (device) The input is shared_area_size - the size of the memory to
+deallocate,kernel_shared_area_addr_ptr - the kernel address of the
+mapped and allocated shared area,phys_shared_area_addr_ptr - the physical
+address of the shared area
+*/
+void sep_unmap_and_free_shared_area(unsigned long   shared_area_size,
+				unsigned long   kernel_shared_area_addr,
+				unsigned long   phys_shared_area_addr);
+
+
+/*
+This functions returns the physical address inside shared area according
+to the virtual address. It can be either on the externa RAM device
+(ioremapped), or on the system RAM
+*/
+unsigned long sep_shared_area_virt_to_phys(unsigned long virt_address);
+
+/*
+This functions returns the vitrual address inside shared area according
+to the physical address. It can be either on the externa RAM device
+(ioremapped), or on the system RAM This implementation is for the external RAM
+*/
+unsigned long sep_shared_area_phys_to_virt(unsigned long phys_address);
+
+/*
+This function registers th driver to the device
+subsystem (either PCI, USB, etc)
+*/
+int sep_register_driver_to_device(void);
+
+#endif /*__SEP_DRIVER_EXT_API_H__*/
diff --git a/drivers/staging/sep/sep_driver_hw_defs.h b/drivers/staging/sep/sep_driver_hw_defs.h
new file mode 100644
index 00000000000..df831be2645
--- /dev/null
+++ b/drivers/staging/sep/sep_driver_