Message ID | 20240105130404.301172-1-gatien.chevallier@foss.st.com |
---|---|
Headers | show |
Series | Introduce STM32 Firewall framework | expand |
Hi Gatien, On 1/5/24 14:03, Gatien Chevallier wrote: > Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x > platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers > register to the framework to offer firewall services such as access > granting. > > This series of patches is a new approach on the previous STM32 system > bus, history is available here: > https://lore.kernel.org/lkml/20230127164040.1047583/ > > The need for such framework arises from the fact that there are now > multiple hardware firewalls implemented across multiple products. > Drivers are shared between different products, using the same code. > When it comes to firewalls, the purpose mostly stays the same: Protect > hardware resources. But the implementation differs, and there are > multiple types of firewalls: peripheral, memory, ... > > Some hardware firewall controllers such as the RIFSC implemented on > STM32MP2x platforms may require to take ownership of a resource before > being able to use it, hence the requirement for firewall services to > take/release the ownership of such resources. > > On the other hand, hardware firewall configurations are becoming > more and more complex. These mecanisms prevent platform crashes > or other firewall-related incoveniences by denying access to some > resources. > > The stm32 firewall framework offers an API that is defined in > firewall controllers drivers to best fit the specificity of each > firewall. > > For every peripherals protected by either the ETZPC or the RIFSC, the > firewall framework checks the firewall controlelr registers to see if > the peripheral's access is granted to the Linux kernel. If not, the > peripheral is configured as secure, the node is marked populated, > so that the driver is not probed for that device. > > The firewall framework relies on the access-controller device tree > binding. It is used by peripherals to reference a domain access > controller. In this case a firewall controller. The bus uses the ID > referenced by the access-controller property to know where to look > in the firewall to get the security configuration for the peripheral. > This allows a device tree description rather than a hardcoded peripheral > table in the bus driver. > > The STM32 ETZPC device is responsible for filtering accesses based on > security level, or co-processor isolation for any resource connected > to it. > > The RIFSC is responsible for filtering accesses based on Compartment > ID / security level / privilege level for any resource connected to > it. > > STM32MP13/15/25 SoC device tree files are updated in this series to > implement this mecanism. > ... After minor cosmetic fixes, series applied on stm32-next. Seen with Arnd: it will be part on my next PR and will come through arm-soc tree. Thanks Alex
On Mon, Apr 8, 2024 at 3:44 AM Alexandre TORGUE <alexandre.torgue@foss.st.com> wrote: > > Hi Gatien, > > On 1/5/24 14:03, Gatien Chevallier wrote: > > Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x > > platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers > > register to the framework to offer firewall services such as access > > granting. > > > > This series of patches is a new approach on the previous STM32 system > > bus, history is available here: > > https://lore.kernel.org/lkml/20230127164040.1047583/ > > > > The need for such framework arises from the fact that there are now > > multiple hardware firewalls implemented across multiple products. > > Drivers are shared between different products, using the same code. > > When it comes to firewalls, the purpose mostly stays the same: Protect > > hardware resources. But the implementation differs, and there are > > multiple types of firewalls: peripheral, memory, ... > > > > Some hardware firewall controllers such as the RIFSC implemented on > > STM32MP2x platforms may require to take ownership of a resource before > > being able to use it, hence the requirement for firewall services to > > take/release the ownership of such resources. > > > > On the other hand, hardware firewall configurations are becoming > > more and more complex. These mecanisms prevent platform crashes > > or other firewall-related incoveniences by denying access to some > > resources. > > > > The stm32 firewall framework offers an API that is defined in > > firewall controllers drivers to best fit the specificity of each > > firewall. > > > > For every peripherals protected by either the ETZPC or the RIFSC, the > > firewall framework checks the firewall controlelr registers to see if > > the peripheral's access is granted to the Linux kernel. If not, the > > peripheral is configured as secure, the node is marked populated, > > so that the driver is not probed for that device. > > > > The firewall framework relies on the access-controller device tree > > binding. It is used by peripherals to reference a domain access > > controller. In this case a firewall controller. The bus uses the ID > > referenced by the access-controller property to know where to look > > in the firewall to get the security configuration for the peripheral. > > This allows a device tree description rather than a hardcoded peripheral > > table in the bus driver. > > > > The STM32 ETZPC device is responsible for filtering accesses based on > > security level, or co-processor isolation for any resource connected > > to it. > > > > The RIFSC is responsible for filtering accesses based on Compartment > > ID / security level / privilege level for any resource connected to > > it. > > > > STM32MP13/15/25 SoC device tree files are updated in this series to > > implement this mecanism. > > > > ... > > After minor cosmetic fixes, series applied on stm32-next. > Seen with Arnd: it will be part on my next PR and will come through > arm-soc tree. And there's some new warnings in next with it: 1 venc@480e0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' 1 vdec@480d0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' Rob