linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
  • * Re: [PATCH v3 00/11] Introduce STM32 Firewall framework
       [not found] <20230726083810.232100-1-gatien.chevallier@foss.st.com>
       [not found] ` <20230726083810.232100-3-gatien.chevallier@foss.st.com>
@ 2023-09-25 15:39 ` Gatien CHEVALLIER
  1 sibling, 0 replies; 2+ messages in thread
From: Gatien CHEVALLIER @ 2023-09-25 15:39 UTC (permalink / raw)
  To: Oleksii_Moisieiev, gregkh, herbert, davem, robh+dt,
	krzysztof.kozlowski+dt, conor+dt, alexandre.torgue, vkoul, jic23,
	olivier.moysan, arnaud.pouliquen, mchehab, fabrice.gasnier,
	andi.shyti, ulf.hansson, edumazet, kuba, pabeni, hugues.fruchet,
	lee, will, catalin.marinas, arnd, richardcochran, Frank Rowand
  Cc: linux-crypto, devicetree, linux-stm32, linux-arm-kernel,
	linux-kernel, dmaengine, linux-i2c, linux-iio, alsa-devel,
	linux-media, linux-mmc, netdev, linux-phy, linux-serial,
	linux-spi, linux-usb

Hello all,

Since the "feature-domains" bindings lacks precision (maybe some
renaming for better clarity on its purpose), I will send v4 with a
vendor binding so the generic one better discussed and enriched with
other contributor examples.

This will avoid mixing several patch set.

Best regards,
Gatien

On 7/26/23 10:37, Gatien Chevallier wrote:
> Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x
> platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers
> register to the framework to offer firewall services such as access
> granting.
> 
> This series of patches is a new approach on the previous STM32 system
> bus, history is available here:
> https://lore.kernel.org/lkml/20230127164040.1047583/
> 
> The need for such framework arises from the fact that there are now
> multiple hardware firewalls implemented across multiple products.
> Drivers are shared between different products, using the same code.
> When it comes to firewalls, the purpose mostly stays the same: Protect
> hardware resources. But the implementation differs, and there are
> multiple types of firewalls: peripheral, memory, ...
> 
> Some hardware firewall controllers such as the RIFSC implemented on
> STM32MP2x platforms may require to take ownership of a resource before
> being able to use it, hence the requirement for firewall services to
> take/release the ownership of such resources.
> 
> On the other hand, hardware firewall configurations are becoming
> more and more complex. These mecanisms prevent platform crashes
> or other firewall-related incoveniences by denying access to some
> resources.
> 
> The stm32 firewall framework offers an API that is defined in
> firewall controllers drivers to best fit the specificity of each
> firewall.
> 
> For every peripherals protected by either the ETZPC or the RIFSC, the
> firewall framework checks the firewall controlelr registers to see if
> the peripheral's access is granted to the Linux kernel. If not, the
> peripheral is configured as secure, the node is marked populated,
> so that the driver is not probed for that device.
> 
> The firewall framework relies on the feature-domain-controller device
> tree bindings: https://lore.kernel.org/lkml/0c0a82bb-18ae-d057-562b.
> It is used by peripherals to reference a domain controller, in this
> case a firewall feature domain. The bus uses the ID referenced by
> the feature-domains property to know where to look in the firewall
> to get the security configuration for the peripheral. This allows
> a device tree description rather than a hardcoded peripheral table
> in the bus driver.
> 
> The STM32 ETZPC device is responsible for filtering accesses based on
> security level, or co-processor isolation for any resource connected
> to it.
> 
> The RIFSC is responsible for filtering accesses based on Compartment
> ID / security level / privilege level for any resource connected to
> it.
> 
> STM32MP13/15/25 SoC device tree files are updated in this series to
> implement this mecanism.
> 
> Changes in V2:
> 
> 	generic:
> 		- Add fw_devlink dependency for "feature-domains"
> 		  property.
> 
> 	bindings:
> 		- Corrected YAMLS errors highlighted by Rob's robot
> 		- Firewall controllers YAMLs no longer define the
> 		  maxItems for the "feature-domains" property
> 		- Renamed st,stm32-rifsc.yaml to
> 		  st,stm32mp25-rifsc.yaml
> 		- Fix examples in YAML files
> 		- Change feature-domains maxItems to 2 in firewall
> 		  consumer files as there should not be more than
> 		  2 entries for now
> 		- Declare "feature-domain-names" as an optional
> 		  property for firewall controllers child nodes.
> 		- Add missing "feature-domains" property declaration
> 		  in bosch,m_can.yaml and st,stm32-cryp.yaml files
> 
> 	firewall framework:
> 		- Support multiple entries for "feature-domains"
> 		  property
> 		- Better handle the device-tree parsing using
> 		  phandle+args APIs
> 		- Remove "resource firewall" type
> 		- Add a field for the name of the firewall entry
> 		- Fix licenses
> 	
> 	RIFSC:
> 		- Add controller name
> 		- Driver is now a module_platform_driver
> 		- Fix license
> 
> 	ETZPC:
> 		- Add controller name
> 		- Driver is now a module_platform_driver
> 		- Fix license
> 
> 	Device trees:
> 		- Fix rifsc node name
> 		- Move the "ranges" property under the
> 		  "feature-domains" one
> 
> Changes in V3:
> 
> 	Change incorrect ordering for bindings commits leading
> 	to an error while running
> 	"make DT_CHECKER_FLAGS=-m dt_binding_check"
> 
> Oleksii Moisieiev (1):
>    dt-bindings: Document common device controller bindings
> 
> Gatien Chevallier (10):
>    dt-bindings: treewide: add feature-domains description
>    dt-bindings: bus: document RIFSC
>    dt-bindings: bus: document ETZPC
>    firewall: introduce stm32_firewall framework
>    of: property: fw_devlink: Add support for "feature-domains"
>    bus: rifsc: introduce RIFSC firewall controller driver
>    arm64: dts: st: add RIFSC as a domain controller for STM32MP25x boards
>    bus: etzpc: introduce ETZPC firewall controller driver
>    ARM: dts: stm32: add ETZPC as a system bus for STM32MP15x boards
>    ARM: dts: stm32: add ETZPC as a system bus for STM32MP13x boards
> 
>   .../bindings/bus/st,stm32-etzpc.yaml          |   96 +
>   .../bindings/bus/st,stm32mp25-rifsc.yaml      |  105 +
>   .../bindings/crypto/st,stm32-cryp.yaml        |    4 +
>   .../bindings/crypto/st,stm32-hash.yaml        |    4 +
>   .../devicetree/bindings/dma/st,stm32-dma.yaml |    4 +
>   .../bindings/dma/st,stm32-dmamux.yaml         |    4 +
>   .../feature-domain-controller.yaml            |   84 +
>   .../devicetree/bindings/i2c/st,stm32-i2c.yaml |    4 +
>   .../bindings/iio/adc/st,stm32-adc.yaml        |    4 +
>   .../bindings/iio/adc/st,stm32-dfsdm-adc.yaml  |    4 +
>   .../bindings/iio/dac/st,stm32-dac.yaml        |    4 +
>   .../bindings/media/cec/st,stm32-cec.yaml      |    4 +
>   .../bindings/media/st,stm32-dcmi.yaml         |    4 +
>   .../memory-controllers/st,stm32-fmc2-ebi.yaml |    4 +
>   .../bindings/mfd/st,stm32-lptimer.yaml        |    4 +
>   .../bindings/mfd/st,stm32-timers.yaml         |    5 +
>   .../devicetree/bindings/mmc/arm,pl18x.yaml    |    4 +
>   .../bindings/net/can/bosch,m_can.yaml         |    4 +
>   .../devicetree/bindings/net/stm32-dwmac.yaml  |    4 +
>   .../bindings/phy/phy-stm32-usbphyc.yaml       |    4 +
>   .../bindings/regulator/st,stm32-vrefbuf.yaml  |    4 +
>   .../devicetree/bindings/rng/st,stm32-rng.yaml |    4 +
>   .../bindings/serial/st,stm32-uart.yaml        |    4 +
>   .../bindings/sound/st,stm32-i2s.yaml          |    4 +
>   .../bindings/sound/st,stm32-sai.yaml          |    4 +
>   .../bindings/sound/st,stm32-spdifrx.yaml      |    4 +
>   .../bindings/spi/st,stm32-qspi.yaml           |    4 +
>   .../devicetree/bindings/spi/st,stm32-spi.yaml |    4 +
>   .../devicetree/bindings/usb/dwc2.yaml         |    4 +
>   MAINTAINERS                                   |    7 +
>   arch/arm/boot/dts/st/stm32mp131.dtsi          | 1027 +++---
>   arch/arm/boot/dts/st/stm32mp133.dtsi          |   51 +-
>   arch/arm/boot/dts/st/stm32mp13xc.dtsi         |   19 +-
>   arch/arm/boot/dts/st/stm32mp13xf.dtsi         |   19 +-
>   arch/arm/boot/dts/st/stm32mp151.dtsi          | 2757 +++++++++--------
>   arch/arm/boot/dts/st/stm32mp153.dtsi          |   52 +-
>   arch/arm/boot/dts/st/stm32mp15xc.dtsi         |   19 +-
>   arch/arm64/Kconfig.platforms                  |    1 +
>   arch/arm64/boot/dts/st/stm32mp251.dtsi        |    7 +-
>   drivers/bus/Kconfig                           |    9 +
>   drivers/bus/Makefile                          |    1 +
>   drivers/bus/stm32_etzpc.c                     |  141 +
>   drivers/bus/stm32_firewall.c                  |  288 ++
>   drivers/bus/stm32_firewall.h                  |   83 +
>   drivers/bus/stm32_rifsc.c                     |  252 ++
>   drivers/of/property.c                         |    2 +
>   include/linux/bus/stm32_firewall_device.h     |  140 +
>   47 files changed, 3346 insertions(+), 1919 deletions(-)
>   create mode 100644 Documentation/devicetree/bindings/bus/st,stm32-etzpc.yaml
>   create mode 100644 Documentation/devicetree/bindings/bus/st,stm32mp25-rifsc.yaml
>   create mode 100644 Documentation/devicetree/bindings/feature-controllers/feature-domain-controller.yaml
>   create mode 100644 drivers/bus/stm32_etzpc.c
>   create mode 100644 drivers/bus/stm32_firewall.c
>   create mode 100644 drivers/bus/stm32_firewall.h
>   create mode 100644 drivers/bus/stm32_rifsc.c
>   create mode 100644 include/linux/bus/stm32_firewall_device.h
> 

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 2+ messages in thread
    • end of thread, other threads:[~2023-09-25 15:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20230726083810.232100-1-gatien.chevallier@foss.st.com>
     [not found] ` <20230726083810.232100-3-gatien.chevallier@foss.st.com>
2023-07-29 11:16   ` [PATCH v3 02/11] dt-bindings: treewide: add feature-domains description Jonathan Cameron
2023-09-25 15:39 ` [PATCH v3 00/11] Introduce STM32 Firewall framework Gatien CHEVALLIER

    This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).