Merge tag 'stm32-bus-firewall-for-v6.10-1' of git://git./linux/kernel/git/atorgue/stm32 into soc/drivers
STM32 Firewall bus for v6.10, round 1
Highlights:
---------
Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x
platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers
register to the framework to offer firewall services such as access
granting.
This series of patches is a new approach on the previous STM32 system
bus, history is available here:
https://lore.kernel.org/lkml/
20230127164040.
1047583/
The need for such framework arises from the fact that there are now
multiple hardware firewalls implemented across multiple products.
Drivers are shared between different products, using the same code.
When it comes to firewalls, the purpose mostly stays the same: Protect
hardware resources. But the implementation differs, and there are
multiple types of firewalls: peripheral, memory, ...
Some hardware firewall controllers such as the RIFSC implemented on
STM32MP2x platforms may require to take ownership of a resource before
being able to use it, hence the requirement for firewall services to
take/release the ownership of such resources.
On the other hand, hardware firewall configurations are becoming
more and more complex. These mecanisms prevent platform crashes
or other firewall-related incoveniences by denying access to some
resources.
The stm32 firewall framework offers an API that is defined in
firewall controllers drivers to best fit the specificity of each
firewall.
For every peripherals protected by either the ETZPC or the RIFSC, the
firewall framework checks the firewall controlelr registers to see if
the peripheral's access is granted to the Linux kernel. If not, the
peripheral is configured as secure, the node is marked populated,
so that the driver is not probed for that device.
The firewall framework relies on the access-controller device tree
binding. It is used by peripherals to reference a domain access
controller. In this case a firewall controller. The bus uses the ID
referenced by the access-controller property to know where to look
in the firewall to get the security configuration for the peripheral.
This allows a device tree description rather than a hardcoded peripheral
table in the bus driver.
The STM32 ETZPC device is responsible for filtering accesses based on
security level, or co-processor isolation for any resource connected
to it.
The RIFSC is responsible for filtering accesses based on Compartment
ID / security level / privilege level for any resource connected to
it.
* tag 'stm32-bus-firewall-for-v6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32:
bus: stm32_firewall: fix off by one in stm32_firewall_get_firewall()
bus: etzpc: introduce ETZPC firewall controller driver
bus: rifsc: introduce RIFSC firewall controller driver
of: property: fw_devlink: Add support for "access-controller"
firewall: introduce stm32_firewall framework
dt-bindings: bus: document ETZPC
dt-bindings: bus: document RIFSC
dt-bindings: treewide: add access-controllers description
dt-bindings: document generic access controllers
Link: https://lore.kernel.org/r/7dc64226-5429-4ab7-a8c8-6053b12e3cf5@foss.st.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
git.samba.org / sfrench / cifs-2.6.git / commit