Commit 3ba3fab7 authored by Juergen Borleis's avatar Juergen Borleis Committed by Alexandre Belloni

rtc: imxdi: add some background info about the states the machine can be in

Document the i.MX DryIce machine states.
Signed-off-by: default avatarJuergen Borleis <jbe@pengutronix.de>
Signed-off-by: default avatarRobert Schwebel <rsc@pengutronix.de>
[rsc: got NDA clearance from Freescale]
Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
parent e30d3131
...@@ -129,6 +129,49 @@ struct imxdi_dev { ...@@ -129,6 +129,49 @@ struct imxdi_dev {
struct work_struct work; struct work_struct work;
}; };
/* Some background:
*
* The DryIce unit is a complex security/tamper monitor device. To be able do
* its job in a useful manner it runs a bigger statemachine to bring it into
* security/tamper failure state and once again to bring it out of this state.
*
* This unit can be in one of three states:
*
* - "NON-VALID STATE"
* always after the battery power was removed
* - "FAILURE STATE"
* if one of the enabled security events has happened
* - "VALID STATE"
* if the unit works as expected
*
* Everything stops when the unit enters the failure state including the RTC
* counter (to be able to detect the time the security event happened).
*
* The following events (when enabled) let the DryIce unit enter the failure
* state:
*
* - wire-mesh-tamper detect
* - external tamper B detect
* - external tamper A detect
* - temperature tamper detect
* - clock tamper detect
* - voltage tamper detect
* - RTC counter overflow
* - monotonic counter overflow
* - external boot
*
* If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
* can only detect this state. In this case the unit is completely locked and
* must force a second "SYSTEM POR" to bring the DryIce into the
* "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
* If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
* a battery power cycle is required.
*
* In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
* and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
* task, we bring back this unit into life.
*/
/* /*
* enable a dryice interrupt * enable a dryice interrupt
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment