On Mon, Apr 8, 2024 at 3:44 AM Alexandre TORGUE alexandre.torgue@foss.st.com wrote:
Hi Gatien,
On 1/5/24 14:03, Gatien Chevallier wrote:
Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers register to the framework to offer firewall services such as access granting.
This series of patches is a new approach on the previous STM32 system bus, history is available here: https://lore.kernel.org/lkml/20230127164040.1047583/
The need for such framework arises from the fact that there are now multiple hardware firewalls implemented across multiple products. Drivers are shared between different products, using the same code. When it comes to firewalls, the purpose mostly stays the same: Protect hardware resources. But the implementation differs, and there are multiple types of firewalls: peripheral, memory, ...
Some hardware firewall controllers such as the RIFSC implemented on STM32MP2x platforms may require to take ownership of a resource before being able to use it, hence the requirement for firewall services to take/release the ownership of such resources.
On the other hand, hardware firewall configurations are becoming more and more complex. These mecanisms prevent platform crashes or other firewall-related incoveniences by denying access to some resources.
The stm32 firewall framework offers an API that is defined in firewall controllers drivers to best fit the specificity of each firewall.
For every peripherals protected by either the ETZPC or the RIFSC, the firewall framework checks the firewall controlelr registers to see if the peripheral's access is granted to the Linux kernel. If not, the peripheral is configured as secure, the node is marked populated, so that the driver is not probed for that device.
The firewall framework relies on the access-controller device tree binding. It is used by peripherals to reference a domain access controller. In this case a firewall controller. The bus uses the ID referenced by the access-controller property to know where to look in the firewall to get the security configuration for the peripheral. This allows a device tree description rather than a hardcoded peripheral table in the bus driver.
The STM32 ETZPC device is responsible for filtering accesses based on security level, or co-processor isolation for any resource connected to it.
The RIFSC is responsible for filtering accesses based on Compartment ID / security level / privilege level for any resource connected to it.
STM32MP13/15/25 SoC device tree files are updated in this series to implement this mecanism.
...
After minor cosmetic fixes, series applied on stm32-next. Seen with Arnd: it will be part on my next PR and will come through arm-soc tree.
And there's some new warnings in next with it:
1 venc@480e0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' 1 vdec@480d0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+'
Rob