On Mon, Apr 8, 2024 at 3:44 AM Alexandre TORGUE <alexandre.torgue@xxxxxxxxxxx> wrote: > > Hi Gatien, > > On 1/5/24 14:03, Gatien Chevallier wrote: > > Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x > > platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers > > register to the framework to offer firewall services such as access > > granting. > > > > This series of patches is a new approach on the previous STM32 system > > bus, history is available here: > > https://lore.kernel.org/lkml/20230127164040.1047583/ > > > > The need for such framework arises from the fact that there are now > > multiple hardware firewalls implemented across multiple products. > > Drivers are shared between different products, using the same code. > > When it comes to firewalls, the purpose mostly stays the same: Protect > > hardware resources. But the implementation differs, and there are > > multiple types of firewalls: peripheral, memory, ... > > > > Some hardware firewall controllers such as the RIFSC implemented on > > STM32MP2x platforms may require to take ownership of a resource before > > being able to use it, hence the requirement for firewall services to > > take/release the ownership of such resources. > > > > On the other hand, hardware firewall configurations are becoming > > more and more complex. These mecanisms prevent platform crashes > > or other firewall-related incoveniences by denying access to some > > resources. > > > > The stm32 firewall framework offers an API that is defined in > > firewall controllers drivers to best fit the specificity of each > > firewall. > > > > For every peripherals protected by either the ETZPC or the RIFSC, the > > firewall framework checks the firewall controlelr registers to see if > > the peripheral's access is granted to the Linux kernel. If not, the > > peripheral is configured as secure, the node is marked populated, > > so that the driver is not probed for that device. > > > > The firewall framework relies on the access-controller device tree > > binding. It is used by peripherals to reference a domain access > > controller. In this case a firewall controller. The bus uses the ID > > referenced by the access-controller property to know where to look > > in the firewall to get the security configuration for the peripheral. > > This allows a device tree description rather than a hardcoded peripheral > > table in the bus driver. > > > > The STM32 ETZPC device is responsible for filtering accesses based on > > security level, or co-processor isolation for any resource connected > > to it. > > > > The RIFSC is responsible for filtering accesses based on Compartment > > ID / security level / privilege level for any resource connected to > > it. > > > > STM32MP13/15/25 SoC device tree files are updated in this series to > > implement this mecanism. > > > > ... > > After minor cosmetic fixes, series applied on stm32-next. > Seen with Arnd: it will be part on my next PR and will come through > arm-soc tree. And there's some new warnings in next with it: 1 venc@480e0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' 1 vdec@480d0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' Rob
Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
- From: Rob Herring <robh+dt@xxxxxxxxxx>
- Date: Tue, 9 Apr 2024 12:13:48 -0500
- Cc: Gatien Chevallier <gatien.chevallier@xxxxxxxxxxx>, Oleksii_Moisieiev@xxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, herbert@xxxxxxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx, krzysztof.kozlowski+dt@xxxxxxxxxx, conor+dt@xxxxxxxxxx, vkoul@xxxxxxxxxx, jic23@xxxxxxxxxx, olivier.moysan@xxxxxxxxxxx, arnaud.pouliquen@xxxxxxxxxxx, mchehab@xxxxxxxxxx, fabrice.gasnier@xxxxxxxxxxx, andi.shyti@xxxxxxxxxx, ulf.hansson@xxxxxxxxxx, edumazet@xxxxxxxxxx, kuba@xxxxxxxxxx, pabeni@xxxxxxxxxx, hugues.fruchet@xxxxxxxxxxx, lee@xxxxxxxxxx, will@xxxxxxxxxx, catalin.marinas@xxxxxxx, arnd@xxxxxxxxxx, richardcochran@xxxxxxxxx, Frank Rowand <frowand.list@xxxxxxxxx>, peng.fan@xxxxxxxxxxx, lars@xxxxxxxxxx, rcsekar@xxxxxxxxxxx, wg@xxxxxxxxxxxxxx, mkl@xxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, devicetree@xxxxxxxxxxxxxxx, linux-stm32@xxxxxxxxxxxxxxxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, dmaengine@xxxxxxxxxxxxxxx, linux-i2c@xxxxxxxxxxxxxxx, linux-iio@xxxxxxxxxxxxxxx, alsa-devel@xxxxxxxxxxxxxxxx, linux-media@xxxxxxxxxxxxxxx, linux-mmc@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, linux-phy@xxxxxxxxxxxxxxxxxxx, linux-serial@xxxxxxxxxxxxxxx, linux-spi@xxxxxxxxxxxxxxx, linux-usb@xxxxxxxxxxxxxxx
- In-reply-to: <61608010-fbce-46c6-a83d-94c04d0f000d@foss.st.com>
- References: <20240105130404.301172-1-gatien.chevallier@foss.st.com> <61608010-fbce-46c6-a83d-94c04d0f000d@foss.st.com>
- Follow-Ups:
- Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
- From: Alexandre TORGUE
- Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
- References:
- [PATCH v9 00/13] Introduce STM32 Firewall framework
- From: Gatien Chevallier
- Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
- From: Alexandre TORGUE
- [PATCH v9 00/13] Introduce STM32 Firewall framework
- Prev by Date: Re: [PATCH v2 05/11] spi: cadence-qspi: add FIFO depth detection quirk
- Next by Date: [PATCH] spi: omap2-mcspi: Ensure that CS is correctly asserted when switching from MULTI mode to SINGLE mode
- Previous by thread: Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
- Next by thread: Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
- Index(es):
 |