[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL_JsqJTiBK3qzdMzL-ZuARosKGqnf_PjyCj13_H=V415y9sHQ@mail.gmail.com>
Date: Tue, 9 Apr 2024 12:13:48 -0500
From: Rob Herring <robh+dt@...nel.org>
To: Alexandre TORGUE <alexandre.torgue@...s.st.com>
Cc: Gatien Chevallier <gatien.chevallier@...s.st.com>, Oleksii_Moisieiev@...m.com,
gregkh@...uxfoundation.org, herbert@...dor.apana.org.au, davem@...emloft.net,
krzysztof.kozlowski+dt@...aro.org, conor+dt@...nel.org, vkoul@...nel.org,
jic23@...nel.org, olivier.moysan@...s.st.com, arnaud.pouliquen@...s.st.com,
mchehab@...nel.org, fabrice.gasnier@...s.st.com, andi.shyti@...nel.org,
ulf.hansson@...aro.org, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, hugues.fruchet@...s.st.com, lee@...nel.org,
will@...nel.org, catalin.marinas@....com, arnd@...nel.org,
richardcochran@...il.com, Frank Rowand <frowand.list@...il.com>, peng.fan@....nxp.com,
lars@...afoo.de, rcsekar@...sung.com, wg@...ndegger.com, mkl@...gutronix.de,
linux-crypto@...r.kernel.org, devicetree@...r.kernel.org,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
dmaengine@...r.kernel.org, linux-i2c@...r.kernel.org,
linux-iio@...r.kernel.org, alsa-devel@...a-project.org,
linux-media@...r.kernel.org, linux-mmc@...r.kernel.org,
netdev@...r.kernel.org, linux-phy@...ts.infradead.org,
linux-serial@...r.kernel.org, linux-spi@...r.kernel.org,
linux-usb@...r.kernel.org
Subject: Re: [PATCH v9 00/13] Introduce STM32 Firewall framework
On Mon, Apr 8, 2024 at 3:44 AM Alexandre TORGUE
<alexandre.torgue@...s.st.com> wrote:
>
> Hi Gatien,
>
> On 1/5/24 14:03, Gatien Chevallier wrote:
> > Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x
> > platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers
> > register to the framework to offer firewall services such as access
> > granting.
> >
> > This series of patches is a new approach on the previous STM32 system
> > bus, history is available here:
> > https://lore.kernel.org/lkml/20230127164040.1047583/
> >
> > The need for such framework arises from the fact that there are now
> > multiple hardware firewalls implemented across multiple products.
> > Drivers are shared between different products, using the same code.
> > When it comes to firewalls, the purpose mostly stays the same: Protect
> > hardware resources. But the implementation differs, and there are
> > multiple types of firewalls: peripheral, memory, ...
> >
> > Some hardware firewall controllers such as the RIFSC implemented on
> > STM32MP2x platforms may require to take ownership of a resource before
> > being able to use it, hence the requirement for firewall services to
> > take/release the ownership of such resources.
> >
> > On the other hand, hardware firewall configurations are becoming
> > more and more complex. These mecanisms prevent platform crashes
> > or other firewall-related incoveniences by denying access to some
> > resources.
> >
> > The stm32 firewall framework offers an API that is defined in
> > firewall controllers drivers to best fit the specificity of each
> > firewall.
> >
> > For every peripherals protected by either the ETZPC or the RIFSC, the
> > firewall framework checks the firewall controlelr registers to see if
> > the peripheral's access is granted to the Linux kernel. If not, the
> > peripheral is configured as secure, the node is marked populated,
> > so that the driver is not probed for that device.
> >
> > The firewall framework relies on the access-controller device tree
> > binding. It is used by peripherals to reference a domain access
> > controller. In this case a firewall controller. The bus uses the ID
> > referenced by the access-controller property to know where to look
> > in the firewall to get the security configuration for the peripheral.
> > This allows a device tree description rather than a hardcoded peripheral
> > table in the bus driver.
> >
> > The STM32 ETZPC device is responsible for filtering accesses based on
> > security level, or co-processor isolation for any resource connected
> > to it.
> >
> > The RIFSC is responsible for filtering accesses based on Compartment
> > ID / security level / privilege level for any resource connected to
> > it.
> >
> > STM32MP13/15/25 SoC device tree files are updated in this series to
> > implement this mecanism.
> >
>
> ...
>
> After minor cosmetic fixes, series applied on stm32-next.
> Seen with Arnd: it will be part on my next PR and will come through
> arm-soc tree.
And there's some new warnings in next with it:
1 venc@...e0000: 'access-controllers' does not match any of the
regexes: 'pinctrl-[0-9]+'
1 vdec@...d0000: 'access-controllers' does not match any of the
regexes: 'pinctrl-[0-9]+'
Rob
Powered by blists - more mailing lists