(stm32) drivers: firewall: add RISAB internal memory firewall controller #7063
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @etienne-lms, can you take a look at this series please? |
etienne-lms
reviewed
Oct 22, 2024
|
Comments addressed |
etienne-lms
reviewed
Oct 24, 2024
| }; | ||
|
|
||
| &bsec_mirror { | ||
| st,protreg = <RISABPROT(RIF_DDCID_DIS, RIF_UNUSED, RIF_SEC, RIF_NPRIV, RIF_CFDIS, RIF_UNUSED, RIF_UNUSED, RIF_UNUSED)>; |
|
Comments addressed |
etienne-lms
reviewed
Oct 25, 2024
|
Squashed |
etienne-lms
reviewed
Oct 28, 2024
There was a problem hiding this comment.
Reviewed-by: Etienne Carriere <[email protected]> with minor comment addressed.
core/drivers/firewall/stm32_risab.c
Outdated
|
|
||
| static void clear_iac_regs(struct stm32_risab_pdata *risab_d) | ||
| { | ||
| io_setbits32(risab_base(risab_d) + _RISAB_IACR, GENMASK_32(1, 0)); |
There was a problem hiding this comment.
For consistency, I suggest to replace GENMASK_32(1, 0) with _RISAB_IACR_CAEF | _RISAB_IACR_IAEF
or define the mask above:
/* RISAB_IACR bitfields */
#define _RISAB_IACR_CAEF BIT(0)
#define _RISAB_IACR_IAEF BIT(1)
+#define _RISAB_IACR_MASK (_RISAB_IACR_CAEF |
+ _RISAB_IACR_IAEF)
Adds support for the VDERAM configuration that is present in SYSCFG. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add RISAB1/2 base addresses in platform configuration. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add stm32mp25 specific RISAB device tree bindings. This file contains device tree contains helpers and RISABPROT macro that is used to define the RIF configuration for a RISAB region. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
This driver implements the RISAB driver. Through RISAB registers, a trusted compartment, or the compartment to which the page configuration has been delegated, configures the firewall attributes necessary to access a page. Each RISAB is dedicated to a internal memory and can cover 128KBytes of data, separated in 32 pages of 4 KBytes, containing 8 blocks each. It is possible to align a RISAB secure and privilege regions allocations with an ARM Cortex M, which defines in its address space configurable regions with a 256Bytes granularity. The configuration would be 512Bytes block-based in order to align the two. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Default enable RISAB driver for platform stm32mp2. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add the RISAB1/2/3/4/5/6 and default enable all of them except for the RISAB6 that protects the VDERAM. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add the internal memory layout and RIF configuration for the stm32mp257f-ev1 platform. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Firewall controllers are present on every variant of stm32mp25 SoCs. Therefore, move the inclusion of their dt-bindings at SoC level. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
…lers When firewall controllers drivers that implements firewall framework support are embedded such as RISAB or RIFSC, then CFG_DRIVERS_FIREWALL should be forced enabled. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
|
Comment addressed and tags applied, thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This P-R adds support for the RISAB firewall controller that is responsible for filtering accessing to internal memories.
Each RISAB is dedicated to a internal memory and can cover 128KBytes of data, separated in 32 pages of 4 KBytes, containing 8 blocks each.
Through RISAB registers, a trusted compartment, or the compartment to which the page configuration has been delegated, configures the firewall attributes necessary to access a page.
The driver is plugged to the firewall framework