IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Highlights:
---------
Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x
platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers
register to the framework to offer firewall services such as access
granting.
This series of patches is a new approach on the previous STM32 system
bus, history is available here:
https://lore.kernel.org/lkml/20230127164040.1047583/
The need for such framework arises from the fact that there are now
multiple hardware firewalls implemented across multiple products.
Drivers are shared between different products, using the same code.
When it comes to firewalls, the purpose mostly stays the same: Protect
hardware resources. But the implementation differs, and there are
multiple types of firewalls: peripheral, memory, ...
Some hardware firewall controllers such as the RIFSC implemented on
STM32MP2x platforms may require to take ownership of a resource before
being able to use it, hence the requirement for firewall services to
take/release the ownership of such resources.
On the other hand, hardware firewall configurations are becoming
more and more complex. These mecanisms prevent platform crashes
or other firewall-related incoveniences by denying access to some
resources.
The stm32 firewall framework offers an API that is defined in
firewall controllers drivers to best fit the specificity of each
firewall.
For every peripherals protected by either the ETZPC or the RIFSC, the
firewall framework checks the firewall controlelr registers to see if
the peripheral's access is granted to the Linux kernel. If not, the
peripheral is configured as secure, the node is marked populated,
so that the driver is not probed for that device.
The firewall framework relies on the access-controller device tree
binding. It is used by peripherals to reference a domain access
controller. In this case a firewall controller. The bus uses the ID
referenced by the access-controller property to know where to look
in the firewall to get the security configuration for the peripheral.
This allows a device tree description rather than a hardcoded peripheral
table in the bus driver.
The STM32 ETZPC device is responsible for filtering accesses based on
security level, or co-processor isolation for any resource connected
to it.
The RIFSC is responsible for filtering accesses based on Compartment
ID / security level / privilege level for any resource connected to
it.
-----BEGIN PGP SIGNATURE-----
iQJRBAABCgA7FiEEctl9+nxzUSUqdELdf5rJavIecIUFAmYqUUkdHGFsZXhhbmRy
ZS50b3JndWVAZm9zcy5zdC5jb20ACgkQf5rJavIecIWolxAAqUHuLzXyrsCGfPG9
L5J8dUIeRk6lsQgO62EtS/hsUL5NhlwSiShtNilGw0t2TDCj0LpSMccwDjHoC1DE
9ks6aj0lO4dBl/d6fQm+4Vn85KiKfKYXW3J9w+6ZtG7pRly9jbmlrELqBIbL+MjU
/mmPdKM5y/l9KO6vxiua+EtDdd0pZksZLFtms23VoiFgkQ+2heoJ297QGfrWwxzv
UZg/UnWpQYB10dp93WL97vTdBZR4iUwEJNcip7xM65iBwSkuc9Y3gz0TZTO0ivZJ
BRsNc/9BJYEV3kNxRJGyf7JeufsaG3meHVxw9sOYi2hMe75pDAANYxvsCYt6NHjL
i+zugtcM5v//Ksw+HbD1rvRuhEWjFUotCeXJb+RaiY0Sy3HVlKG0WJm2Ybgzlbf+
vahskAHJxG0NFhPVpktQ/+gh8IU8Gy0PwyErdihhWKCiYBp8xHxW7IF7JtqlXQQS
KQ4r0Ez/fgGmLQqDobskE+OgaFIuI5QrjH7S/VvxYh0xxZOBK89EmxK7pO3fki0v
EFcTE/82HWfJo/bRCoq2Yzrh2omjR9ICsxDtVe4nILzjhaLChBz5lITyRO+/+Lr3
6u/oO09tlQYEK4YzH2Kw0xGtpY7Xfmm4wC+zDTRXKBM3Vp1IoTchHssLS4nZbScq
ZHJHRPMCX98FdVH3BLX7OSexJys=
=/Cu0
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmYwAI4ACgkQYKtH/8kJ
UicByw//VzXycIdrOzZeInbrhs0D/7pmb31U1NaAwtK3Y90lxBi5AlB4MKUrM+oq
x/cxqmmW1RsBc2m1iEuJWkqXS+XJHGptHKAHUqVhI9bIuBZqmGddvcP93Ml9egcN
OL/Kd/OS4Q07EYc/Md6XrRBo2zJcHT57jGH8fKBmX4eAKfPYo7xgbq5k/0LoCq/i
cgfQdKeDsR6tTrHyJI0p/+EgS5uglUnIJBm1aLDk883UKH4/EQSR+dpvYsogBcbd
UnH78QeUymCOYzWylHJHeWFgDnn9NiJy/oCQx7wMc6PVUhcd0l1FXvM7XUeDy7iW
aNJpgYU8cTx9IYPGBbZJ13NX0+X4QACKpDjJZG90/y4Q4YEn5l/Di9rmv4HYhZgr
gwYD4EHewKB3PVtmCCUQpurSblshoo9bPWEaR3NFD1mSu46Jb11/zgIQ4oBagixV
MjiaaP3+Rpz1X0Zo5HSq9F0k4A/SddOo2zjMn3af/77nENsR3yEmPWgL20T+nv9P
deJ/LqE6mGVFI0c4E2K03Y85wldN6xXyhvCEqlHtK2X4l5JMe+0Vnak+VICZ0jQw
K/ihBRbifMH7g4GQUjpJUoUAvoyeSJ2jhMF8QV7bk76b6HeRFRYKOpQLnj29v/nd
MF2rKJwFYqJDF3d2a90I3E8c7huKnqWHQWinKu2Y2NkmH/tqtcI=
=mgY+
-----END PGP SIGNATURE-----
Merge tag 'stm32-bus-firewall-for-v6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32 into soc/drivers
STM32 Firewall bus for v6.10, round 1
Highlights:
---------
Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x
platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers
register to the framework to offer firewall services such as access
granting.
This series of patches is a new approach on the previous STM32 system
bus, history is available here:
https://lore.kernel.org/lkml/20230127164040.1047583/
The need for such framework arises from the fact that there are now
multiple hardware firewalls implemented across multiple products.
Drivers are shared between different products, using the same code.
When it comes to firewalls, the purpose mostly stays the same: Protect
hardware resources. But the implementation differs, and there are
multiple types of firewalls: peripheral, memory, ...
Some hardware firewall controllers such as the RIFSC implemented on
STM32MP2x platforms may require to take ownership of a resource before
being able to use it, hence the requirement for firewall services to
take/release the ownership of such resources.
On the other hand, hardware firewall configurations are becoming
more and more complex. These mecanisms prevent platform crashes
or other firewall-related incoveniences by denying access to some
resources.
The stm32 firewall framework offers an API that is defined in
firewall controllers drivers to best fit the specificity of each
firewall.
For every peripherals protected by either the ETZPC or the RIFSC, the
firewall framework checks the firewall controlelr registers to see if
the peripheral's access is granted to the Linux kernel. If not, the
peripheral is configured as secure, the node is marked populated,
so that the driver is not probed for that device.
The firewall framework relies on the access-controller device tree
binding. It is used by peripherals to reference a domain access
controller. In this case a firewall controller. The bus uses the ID
referenced by the access-controller property to know where to look
in the firewall to get the security configuration for the peripheral.
This allows a device tree description rather than a hardcoded peripheral
table in the bus driver.
The STM32 ETZPC device is responsible for filtering accesses based on
security level, or co-processor isolation for any resource connected
to it.
The RIFSC is responsible for filtering accesses based on Compartment
ID / security level / privilege level for any resource connected to
it.
* tag 'stm32-bus-firewall-for-v6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32:
bus: stm32_firewall: fix off by one in stm32_firewall_get_firewall()
bus: etzpc: introduce ETZPC firewall controller driver
bus: rifsc: introduce RIFSC firewall controller driver
of: property: fw_devlink: Add support for "access-controller"
firewall: introduce stm32_firewall framework
dt-bindings: bus: document ETZPC
dt-bindings: bus: document RIFSC
dt-bindings: treewide: add access-controllers description
dt-bindings: document generic access controllers
Link: https://lore.kernel.org/r/7dc64226-5429-4ab7-a8c8-6053b12e3cf5@foss.st.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
46671fd3e3