Message ID | 20240105130404.301172-1-gatien.chevallier@foss.st.com |
---|---|
Headers | show |
Series | Introduce STM32 Firewall framework | expand |
On Mon, Apr 8, 2024 at 3:44 AM Alexandre TORGUE <alexandre.torgue@foss.st.com> wrote: > > Hi Gatien, > > On 1/5/24 14:03, Gatien Chevallier wrote: > > Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x > > platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers > > register to the framework to offer firewall services such as access > > granting. > > > > This series of patches is a new approach on the previous STM32 system > > bus, history is available here: > > https://lore.kernel.org/lkml/20230127164040.1047583/ > > > > The need for such framework arises from the fact that there are now > > multiple hardware firewalls implemented across multiple products. > > Drivers are shared between different products, using the same code. > > When it comes to firewalls, the purpose mostly stays the same: Protect > > hardware resources. But the implementation differs, and there are > > multiple types of firewalls: peripheral, memory, ... > > > > Some hardware firewall controllers such as the RIFSC implemented on > > STM32MP2x platforms may require to take ownership of a resource before > > being able to use it, hence the requirement for firewall services to > > take/release the ownership of such resources. > > > > On the other hand, hardware firewall configurations are becoming > > more and more complex. These mecanisms prevent platform crashes > > or other firewall-related incoveniences by denying access to some > > resources. > > > > The stm32 firewall framework offers an API that is defined in > > firewall controllers drivers to best fit the specificity of each > > firewall. > > > > For every peripherals protected by either the ETZPC or the RIFSC, the > > firewall framework checks the firewall controlelr registers to see if > > the peripheral's access is granted to the Linux kernel. If not, the > > peripheral is configured as secure, the node is marked populated, > > so that the driver is not probed for that device. > > > > The firewall framework relies on the access-controller device tree > > binding. It is used by peripherals to reference a domain access > > controller. In this case a firewall controller. The bus uses the ID > > referenced by the access-controller property to know where to look > > in the firewall to get the security configuration for the peripheral. > > This allows a device tree description rather than a hardcoded peripheral > > table in the bus driver. > > > > The STM32 ETZPC device is responsible for filtering accesses based on > > security level, or co-processor isolation for any resource connected > > to it. > > > > The RIFSC is responsible for filtering accesses based on Compartment > > ID / security level / privilege level for any resource connected to > > it. > > > > STM32MP13/15/25 SoC device tree files are updated in this series to > > implement this mecanism. > > > > ... > > After minor cosmetic fixes, series applied on stm32-next. > Seen with Arnd: it will be part on my next PR and will come through > arm-soc tree. And there's some new warnings in next with it: 1 venc@480e0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' 1 vdec@480d0000: 'access-controllers' does not match any of the regexes: 'pinctrl-[0-9]+' Rob
Hi Rob On 4/9/24 19:13, Rob Herring wrote: > On Mon, Apr 8, 2024 at 3:44 AM Alexandre TORGUE > <alexandre.torgue@foss.st.com> wrote: >> >> Hi Gatien, >> >> On 1/5/24 14:03, Gatien Chevallier wrote: >>> Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x >>> platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers >>> register to the framework to offer firewall services such as access >>> granting. >>> >>> This series of patches is a new approach on the previous STM32 system >>> bus, history is available here: >>> https://lore.kernel.org/lkml/20230127164040.1047583/ >>> >>> The need for such framework arises from the fact that there are now >>> multiple hardware firewalls implemented across multiple products. >>> Drivers are shared between different products, using the same code. >>> When it comes to firewalls, the purpose mostly stays the same: Protect >>> hardware resources. But the implementation differs, and there are >>> multiple types of firewalls: peripheral, memory, ... >>> >>> Some hardware firewall controllers such as the RIFSC implemented on >>> STM32MP2x platforms may require to take ownership of a resource before >>> being able to use it, hence the requirement for firewall services to >>> take/release the ownership of such resources. >>> >>> On the other hand, hardware firewall configurations are becoming >>> more and more complex. These mecanisms prevent platform crashes >>> or other firewall-related incoveniences by denying access to some >>> resources. >>> >>> The stm32 firewall framework offers an API that is defined in >>> firewall controllers drivers to best fit the specificity of each >>> firewall. >>> >>> For every peripherals protected by either the ETZPC or the RIFSC, the >>> firewall framework checks the firewall controlelr registers to see if >>> the peripheral's access is granted to the Linux kernel. If not, the >>> peripheral is configured as secure, the node is marked populated, >>> so that the driver is not probed for that device. >>> >>> The firewall framework relies on the access-controller device tree >>> binding. It is used by peripherals to reference a domain access >>> controller. In this case a firewall controller. The bus uses the ID >>> referenced by the access-controller property to know where to look >>> in the firewall to get the security configuration for the peripheral. >>> This allows a device tree description rather than a hardcoded peripheral >>> table in the bus driver. >>> >>> The STM32 ETZPC device is responsible for filtering accesses based on >>> security level, or co-processor isolation for any resource connected >>> to it. >>> >>> The RIFSC is responsible for filtering accesses based on Compartment >>> ID / security level / privilege level for any resource connected to >>> it. >>> >>> STM32MP13/15/25 SoC device tree files are updated in this series to >>> implement this mecanism. >>> >> >> ... >> >> After minor cosmetic fixes, series applied on stm32-next. >> Seen with Arnd: it will be part on my next PR and will come through >> arm-soc tree. > > And there's some new warnings in next with it: > > 1 venc@480e0000: 'access-controllers' does not match any of the > regexes: 'pinctrl-[0-9]+' > 1 vdec@480d0000: 'access-controllers' does not match any of the > regexes: 'pinctrl-[0-9]+' Yes I noticed it to my colleague. YAML update has been sent for VEND/VDENC. https://lore.kernel.org/lkml/171276671618.403884.13818480350194550959.robh@kernel.org/T/ As soon as it is acked I could merge it in my tree. Alex > > Rob