mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-09 14:50:19 +00:00
STM32 Firewall bus for v6.10, round 1
Highlights: --------- Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers register to the framework to offer firewall services such as access granting. This series of patches is a new approach on the previous STM32 system bus, history is available here: https://lore.kernel.org/lkml/20230127164040.1047583/ The need for such framework arises from the fact that there are now multiple hardware firewalls implemented across multiple products. Drivers are shared between different products, using the same code. When it comes to firewalls, the purpose mostly stays the same: Protect hardware resources. But the implementation differs, and there are multiple types of firewalls: peripheral, memory, ... Some hardware firewall controllers such as the RIFSC implemented on STM32MP2x platforms may require to take ownership of a resource before being able to use it, hence the requirement for firewall services to take/release the ownership of such resources. On the other hand, hardware firewall configurations are becoming more and more complex. These mecanisms prevent platform crashes or other firewall-related incoveniences by denying access to some resources. The stm32 firewall framework offers an API that is defined in firewall controllers drivers to best fit the specificity of each firewall. For every peripherals protected by either the ETZPC or the RIFSC, the firewall framework checks the firewall controlelr registers to see if the peripheral's access is granted to the Linux kernel. If not, the peripheral is configured as secure, the node is marked populated, so that the driver is not probed for that device. The firewall framework relies on the access-controller device tree binding. It is used by peripherals to reference a domain access controller. In this case a firewall controller. The bus uses the ID referenced by the access-controller property to know where to look in the firewall to get the security configuration for the peripheral. This allows a device tree description rather than a hardcoded peripheral table in the bus driver. The STM32 ETZPC device is responsible for filtering accesses based on security level, or co-processor isolation for any resource connected to it. The RIFSC is responsible for filtering accesses based on Compartment ID / security level / privilege level for any resource connected to it. -----BEGIN PGP SIGNATURE----- iQJRBAABCgA7FiEEctl9+nxzUSUqdELdf5rJavIecIUFAmYqUUkdHGFsZXhhbmRy ZS50b3JndWVAZm9zcy5zdC5jb20ACgkQf5rJavIecIWolxAAqUHuLzXyrsCGfPG9 L5J8dUIeRk6lsQgO62EtS/hsUL5NhlwSiShtNilGw0t2TDCj0LpSMccwDjHoC1DE 9ks6aj0lO4dBl/d6fQm+4Vn85KiKfKYXW3J9w+6ZtG7pRly9jbmlrELqBIbL+MjU /mmPdKM5y/l9KO6vxiua+EtDdd0pZksZLFtms23VoiFgkQ+2heoJ297QGfrWwxzv UZg/UnWpQYB10dp93WL97vTdBZR4iUwEJNcip7xM65iBwSkuc9Y3gz0TZTO0ivZJ BRsNc/9BJYEV3kNxRJGyf7JeufsaG3meHVxw9sOYi2hMe75pDAANYxvsCYt6NHjL i+zugtcM5v//Ksw+HbD1rvRuhEWjFUotCeXJb+RaiY0Sy3HVlKG0WJm2Ybgzlbf+ vahskAHJxG0NFhPVpktQ/+gh8IU8Gy0PwyErdihhWKCiYBp8xHxW7IF7JtqlXQQS KQ4r0Ez/fgGmLQqDobskE+OgaFIuI5QrjH7S/VvxYh0xxZOBK89EmxK7pO3fki0v EFcTE/82HWfJo/bRCoq2Yzrh2omjR9ICsxDtVe4nILzjhaLChBz5lITyRO+/+Lr3 6u/oO09tlQYEK4YzH2Kw0xGtpY7Xfmm4wC+zDTRXKBM3Vp1IoTchHssLS4nZbScq ZHJHRPMCX98FdVH3BLX7OSexJys= =/Cu0 -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmYwAI4ACgkQYKtH/8kJ UicByw//VzXycIdrOzZeInbrhs0D/7pmb31U1NaAwtK3Y90lxBi5AlB4MKUrM+oq x/cxqmmW1RsBc2m1iEuJWkqXS+XJHGptHKAHUqVhI9bIuBZqmGddvcP93Ml9egcN OL/Kd/OS4Q07EYc/Md6XrRBo2zJcHT57jGH8fKBmX4eAKfPYo7xgbq5k/0LoCq/i cgfQdKeDsR6tTrHyJI0p/+EgS5uglUnIJBm1aLDk883UKH4/EQSR+dpvYsogBcbd UnH78QeUymCOYzWylHJHeWFgDnn9NiJy/oCQx7wMc6PVUhcd0l1FXvM7XUeDy7iW aNJpgYU8cTx9IYPGBbZJ13NX0+X4QACKpDjJZG90/y4Q4YEn5l/Di9rmv4HYhZgr gwYD4EHewKB3PVtmCCUQpurSblshoo9bPWEaR3NFD1mSu46Jb11/zgIQ4oBagixV MjiaaP3+Rpz1X0Zo5HSq9F0k4A/SddOo2zjMn3af/77nENsR3yEmPWgL20T+nv9P deJ/LqE6mGVFI0c4E2K03Y85wldN6xXyhvCEqlHtK2X4l5JMe+0Vnak+VICZ0jQw K/ihBRbifMH7g4GQUjpJUoUAvoyeSJ2jhMF8QV7bk76b6HeRFRYKOpQLnj29v/nd MF2rKJwFYqJDF3d2a90I3E8c7huKnqWHQWinKu2Y2NkmH/tqtcI= =mgY+ -----END PGP SIGNATURE----- Merge tag 'stm32-bus-firewall-for-v6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32 into soc/drivers STM32 Firewall bus for v6.10, round 1 Highlights: --------- Introduce STM32 Firewall framework for STM32MP1x and STM32MP2x platforms. STM32MP1x(ETZPC) and STM32MP2x(RIFSC) Firewall controllers register to the framework to offer firewall services such as access granting. This series of patches is a new approach on the previous STM32 system bus, history is available here: https://lore.kernel.org/lkml/20230127164040.1047583/ The need for such framework arises from the fact that there are now multiple hardware firewalls implemented across multiple products. Drivers are shared between different products, using the same code. When it comes to firewalls, the purpose mostly stays the same: Protect hardware resources. But the implementation differs, and there are multiple types of firewalls: peripheral, memory, ... Some hardware firewall controllers such as the RIFSC implemented on STM32MP2x platforms may require to take ownership of a resource before being able to use it, hence the requirement for firewall services to take/release the ownership of such resources. On the other hand, hardware firewall configurations are becoming more and more complex. These mecanisms prevent platform crashes or other firewall-related incoveniences by denying access to some resources. The stm32 firewall framework offers an API that is defined in firewall controllers drivers to best fit the specificity of each firewall. For every peripherals protected by either the ETZPC or the RIFSC, the firewall framework checks the firewall controlelr registers to see if the peripheral's access is granted to the Linux kernel. If not, the peripheral is configured as secure, the node is marked populated, so that the driver is not probed for that device. The firewall framework relies on the access-controller device tree binding. It is used by peripherals to reference a domain access controller. In this case a firewall controller. The bus uses the ID referenced by the access-controller property to know where to look in the firewall to get the security configuration for the peripheral. This allows a device tree description rather than a hardcoded peripheral table in the bus driver. The STM32 ETZPC device is responsible for filtering accesses based on security level, or co-processor isolation for any resource connected to it. The RIFSC is responsible for filtering accesses based on Compartment ID / security level / privilege level for any resource connected to it. * tag 'stm32-bus-firewall-for-v6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32: bus: stm32_firewall: fix off by one in stm32_firewall_get_firewall() bus: etzpc: introduce ETZPC firewall controller driver bus: rifsc: introduce RIFSC firewall controller driver of: property: fw_devlink: Add support for "access-controller" firewall: introduce stm32_firewall framework dt-bindings: bus: document ETZPC dt-bindings: bus: document RIFSC dt-bindings: treewide: add access-controllers description dt-bindings: document generic access controllers Link: https://lore.kernel.org/r/7dc64226-5429-4ab7-a8c8-6053b12e3cf5@foss.st.com Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This commit is contained in:
commit
46671fd3e3
@ -0,0 +1,84 @@
|
||||
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
|
||||
%YAML 1.2
|
||||
---
|
||||
$id: http://devicetree.org/schemas/access-controllers/access-controllers.yaml#
|
||||
$schema: http://devicetree.org/meta-schemas/core.yaml#
|
||||
|
||||
title: Generic Domain Access Controllers
|
||||
|
||||
maintainers:
|
||||
- Oleksii Moisieiev <oleksii_moisieiev@epam.com>
|
||||
|
||||
description: |+
|
||||
Common access controllers properties
|
||||
|
||||
Access controllers are in charge of stating which of the hardware blocks under
|
||||
their responsibility (their domain) can be accesssed by which compartment. A
|
||||
compartment can be a cluster of CPUs (or coprocessors), a range of addresses
|
||||
or a group of hardware blocks. An access controller's domain is the set of
|
||||
resources covered by the access controller.
|
||||
|
||||
This device tree binding can be used to bind devices to their access
|
||||
controller provided by access-controllers property. In this case, the device
|
||||
is a consumer and the access controller is the provider.
|
||||
|
||||
An access controller can be represented by any node in the device tree and
|
||||
can provide one or more configuration parameters, needed to control parameters
|
||||
of the consumer device. A consumer node can refer to the provider by phandle
|
||||
and a set of phandle arguments, specified by '#access-controller-cells'
|
||||
property in the access controller node.
|
||||
|
||||
Access controllers are typically used to set/read the permissions of a
|
||||
hardware block and grant access to it. Any of which depends on the access
|
||||
controller. The capabilities of each access controller are defined by the
|
||||
binding of the access controller device.
|
||||
|
||||
Each node can be a consumer for the several access controllers.
|
||||
|
||||
# always select the core schema
|
||||
select: true
|
||||
|
||||
properties:
|
||||
"#access-controller-cells":
|
||||
description:
|
||||
Number of cells in an access-controllers specifier;
|
||||
Can be any value as specified by device tree binding documentation
|
||||
of a particular provider. The node is an access controller.
|
||||
|
||||
access-controller-names:
|
||||
$ref: /schemas/types.yaml#/definitions/string-array
|
||||
description:
|
||||
A list of access-controllers names, sorted in the same order as
|
||||
access-controllers entries. Consumer drivers will use
|
||||
access-controller-names to match with existing access-controllers entries.
|
||||
|
||||
access-controllers:
|
||||
$ref: /schemas/types.yaml#/definitions/phandle-array
|
||||
description:
|
||||
A list of access controller specifiers, as defined by the
|
||||
bindings of the access-controllers provider.
|
||||
|
||||
additionalProperties: true
|
||||
|
||||
examples:
|
||||
- |
|
||||
clock_controller: access-controllers@50000 {
|
||||
reg = <0x50000 0x400>;
|
||||
#access-controller-cells = <2>;
|
||||
};
|
||||
|
||||
bus_controller: bus@60000 {
|
||||
reg = <0x60000 0x10000>;
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
ranges;
|
||||
#access-controller-cells = <3>;
|
||||
|
||||
uart4: serial@60100 {
|
||||
reg = <0x60100 0x400>;
|
||||
clocks = <&clk_serial>;
|
||||
access-controllers = <&clock_controller 1 2>,
|
||||
<&bus_controller 1 3 5>;
|
||||
access-controller-names = "clock", "bus";
|
||||
};
|
||||
};
|
96
Documentation/devicetree/bindings/bus/st,stm32-etzpc.yaml
Normal file
96
Documentation/devicetree/bindings/bus/st,stm32-etzpc.yaml
Normal file
@ -0,0 +1,96 @@
|
||||
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
|
||||
%YAML 1.2
|
||||
---
|
||||
$id: http://devicetree.org/schemas/bus/st,stm32-etzpc.yaml#
|
||||
$schema: http://devicetree.org/meta-schemas/core.yaml#
|
||||
|
||||
title: STM32 Extended TrustZone protection controller
|
||||
|
||||
description: |
|
||||
The ETZPC configures TrustZone security in a SoC having bus masters and
|
||||
devices with programmable-security attributes (securable resources).
|
||||
|
||||
maintainers:
|
||||
- Gatien Chevallier <gatien.chevallier@foss.st.com>
|
||||
|
||||
select:
|
||||
properties:
|
||||
compatible:
|
||||
contains:
|
||||
const: st,stm32-etzpc
|
||||
required:
|
||||
- compatible
|
||||
|
||||
properties:
|
||||
compatible:
|
||||
items:
|
||||
- const: st,stm32-etzpc
|
||||
- const: simple-bus
|
||||
|
||||
reg:
|
||||
maxItems: 1
|
||||
|
||||
"#address-cells":
|
||||
const: 1
|
||||
|
||||
"#size-cells":
|
||||
const: 1
|
||||
|
||||
ranges: true
|
||||
|
||||
"#access-controller-cells":
|
||||
const: 1
|
||||
description:
|
||||
Contains the firewall ID associated to the peripheral.
|
||||
|
||||
patternProperties:
|
||||
"^.*@[0-9a-f]+$":
|
||||
description: Peripherals
|
||||
type: object
|
||||
|
||||
additionalProperties: true
|
||||
|
||||
required:
|
||||
- access-controllers
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
- "#address-cells"
|
||||
- "#size-cells"
|
||||
- "#access-controller-cells"
|
||||
- ranges
|
||||
|
||||
additionalProperties: false
|
||||
|
||||
examples:
|
||||
- |
|
||||
// In this example, the usart2 device refers to rifsc as its access
|
||||
// controller.
|
||||
// Access rights are verified before creating devices.
|
||||
|
||||
#include <dt-bindings/interrupt-controller/arm-gic.h>
|
||||
#include <dt-bindings/clock/stm32mp13-clks.h>
|
||||
#include <dt-bindings/reset/stm32mp13-resets.h>
|
||||
|
||||
etzpc: bus@5c007000 {
|
||||
compatible = "st,stm32-etzpc", "simple-bus";
|
||||
reg = <0x5c007000 0x400>;
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
#access-controller-cells = <1>;
|
||||
ranges;
|
||||
|
||||
usart2: serial@4c001000 {
|
||||
compatible = "st,stm32h7-uart";
|
||||
reg = <0x4c001000 0x400>;
|
||||
interrupts-extended = <&exti 27 IRQ_TYPE_LEVEL_HIGH>;
|
||||
clocks = <&rcc USART2_K>;
|
||||
resets = <&rcc USART2_R>;
|
||||
wakeup-source;
|
||||
dmas = <&dmamux1 43 0x400 0x5>,
|
||||
<&dmamux1 44 0x400 0x1>;
|
||||
dma-names = "rx", "tx";
|
||||
access-controllers = <&etzpc 17>;
|
||||
};
|
||||
};
|
105
Documentation/devicetree/bindings/bus/st,stm32mp25-rifsc.yaml
Normal file
105
Documentation/devicetree/bindings/bus/st,stm32mp25-rifsc.yaml
Normal file
@ -0,0 +1,105 @@
|
||||
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
|
||||
%YAML 1.2
|
||||
---
|
||||
$id: http://devicetree.org/schemas/bus/st,stm32mp25-rifsc.yaml#
|
||||
$schema: http://devicetree.org/meta-schemas/core.yaml#
|
||||
|
||||
title: STM32 Resource isolation framework security controller
|
||||
|
||||
maintainers:
|
||||
- Gatien Chevallier <gatien.chevallier@foss.st.com>
|
||||
|
||||
description: |
|
||||
Resource isolation framework (RIF) is a comprehensive set of hardware blocks
|
||||
designed to enforce and manage isolation of STM32 hardware resources like
|
||||
memory and peripherals.
|
||||
|
||||
The RIFSC (RIF security controller) is composed of three sets of registers,
|
||||
each managing a specific set of hardware resources:
|
||||
- RISC registers associated with RISUP logic (resource isolation device unit
|
||||
for peripherals), assign all non-RIF aware peripherals to zero, one or
|
||||
any security domains (secure, privilege, compartment).
|
||||
- RIMC registers: associated with RIMU logic (resource isolation master
|
||||
unit), assign all non RIF-aware bus master to one security domain by
|
||||
setting secure, privileged and compartment information on the system bus.
|
||||
Alternatively, the RISUP logic controlling the device port access to a
|
||||
peripheral can assign target bus attributes to this peripheral master port
|
||||
(supported attribute: CID).
|
||||
- RISC registers associated with RISAL logic (resource isolation device unit
|
||||
for address space - Lite version), assign address space subregions to one
|
||||
security domains (secure, privilege, compartment).
|
||||
|
||||
select:
|
||||
properties:
|
||||
compatible:
|
||||
contains:
|
||||
const: st,stm32mp25-rifsc
|
||||
required:
|
||||
- compatible
|
||||
|
||||
properties:
|
||||
compatible:
|
||||
items:
|
||||
- const: st,stm32mp25-rifsc
|
||||
- const: simple-bus
|
||||
|
||||
reg:
|
||||
maxItems: 1
|
||||
|
||||
"#address-cells":
|
||||
const: 1
|
||||
|
||||
"#size-cells":
|
||||
const: 1
|
||||
|
||||
ranges: true
|
||||
|
||||
"#access-controller-cells":
|
||||
const: 1
|
||||
description:
|
||||
Contains the firewall ID associated to the peripheral.
|
||||
|
||||
patternProperties:
|
||||
"^.*@[0-9a-f]+$":
|
||||
description: Peripherals
|
||||
type: object
|
||||
|
||||
additionalProperties: true
|
||||
|
||||
required:
|
||||
- access-controllers
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
- "#address-cells"
|
||||
- "#size-cells"
|
||||
- "#access-controller-cells"
|
||||
- ranges
|
||||
|
||||
additionalProperties: false
|
||||
|
||||
examples:
|
||||
- |
|
||||
// In this example, the usart2 device refers to rifsc as its domain
|
||||
// controller.
|
||||
// Access rights are verified before creating devices.
|
||||
|
||||
#include <dt-bindings/interrupt-controller/arm-gic.h>
|
||||
|
||||
rifsc: bus@42080000 {
|
||||
compatible = "st,stm32mp25-rifsc", "simple-bus";
|
||||
reg = <0x42080000 0x1000>;
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
#access-controller-cells = <1>;
|
||||
ranges;
|
||||
|
||||
usart2: serial@400e0000 {
|
||||
compatible = "st,stm32h7-uart";
|
||||
reg = <0x400e0000 0x400>;
|
||||
interrupts = <GIC_SPI 115 IRQ_TYPE_LEVEL_HIGH>;
|
||||
clocks = <&ck_flexgen_08>;
|
||||
access-controllers = <&rifsc 32>;
|
||||
};
|
||||
};
|
@ -46,6 +46,10 @@ properties:
|
||||
power-domains:
|
||||
maxItems: 1
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -51,6 +51,10 @@ properties:
|
||||
power-domains:
|
||||
maxItems: 1
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -82,6 +82,10 @@ properties:
|
||||
description: if defined, it indicates that the controller
|
||||
supports memory-to-memory transfer
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -28,6 +28,10 @@ properties:
|
||||
resets:
|
||||
maxItems: 1
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -127,6 +127,10 @@ properties:
|
||||
|
||||
wakeup-source: true
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -93,6 +93,10 @@ properties:
|
||||
'#size-cells':
|
||||
const: 0
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
allOf:
|
||||
- if:
|
||||
properties:
|
||||
|
@ -59,6 +59,10 @@ properties:
|
||||
If not, SPI CLKOUT frequency will not be accurate.
|
||||
maximum: 20000000
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -45,6 +45,10 @@ properties:
|
||||
'#size-cells':
|
||||
const: 0
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
additionalProperties: false
|
||||
|
||||
required:
|
||||
|
@ -29,6 +29,10 @@ properties:
|
||||
- const: cec
|
||||
- const: hdmi-cec
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -36,6 +36,10 @@ properties:
|
||||
resets:
|
||||
maxItems: 1
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
port:
|
||||
$ref: /schemas/graph.yaml#/$defs/port-base
|
||||
unevaluatedProperties: false
|
||||
|
@ -50,6 +50,10 @@ properties:
|
||||
Reflects the memory layout with four integer values per bank. Format:
|
||||
<bank-number> 0 <address of the bank> <size>
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
patternProperties:
|
||||
"^.*@[0-4],[a-f0-9]+$":
|
||||
additionalProperties: true
|
||||
|
@ -44,6 +44,10 @@ properties:
|
||||
|
||||
wakeup-source: true
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
pwm:
|
||||
type: object
|
||||
additionalProperties: false
|
||||
|
@ -67,6 +67,10 @@ properties:
|
||||
"#size-cells":
|
||||
const: 0
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
pwm:
|
||||
type: object
|
||||
additionalProperties: false
|
||||
|
@ -79,6 +79,10 @@ properties:
|
||||
- const: rx
|
||||
- const: tx
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
power-domains: true
|
||||
|
||||
resets:
|
||||
|
@ -118,6 +118,10 @@ properties:
|
||||
phys:
|
||||
maxItems: 1
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -93,6 +93,10 @@ properties:
|
||||
select RCC clock instead of ETH_REF_CLK.
|
||||
type: boolean
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- clocks
|
||||
|
@ -55,6 +55,10 @@ properties:
|
||||
description: number of clock cells for ck_usbo_48m consumer
|
||||
const: 0
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
# Required child nodes:
|
||||
|
||||
patternProperties:
|
||||
|
@ -30,6 +30,10 @@ properties:
|
||||
vdda-supply:
|
||||
description: phandle to the vdda input analog voltage.
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -37,6 +37,10 @@ properties:
|
||||
description: If set, the RNG configuration in RNG_CR, RNG_HTCR and
|
||||
RNG_NSCR will be locked.
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -73,6 +73,10 @@ properties:
|
||||
enum: [1, 2, 4, 8, 12, 14, 16]
|
||||
default: 8
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
allOf:
|
||||
- $ref: rs485.yaml#
|
||||
- $ref: serial.yaml#
|
||||
|
@ -65,6 +65,10 @@ properties:
|
||||
$ref: audio-graph-port.yaml#
|
||||
unevaluatedProperties: false
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- "#sound-dai-cells"
|
||||
|
@ -48,6 +48,10 @@ properties:
|
||||
clock-names:
|
||||
maxItems: 3
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -50,6 +50,10 @@ properties:
|
||||
resets:
|
||||
maxItems: 1
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- "#sound-dai-cells"
|
||||
|
@ -46,6 +46,10 @@ properties:
|
||||
- const: tx
|
||||
- const: rx
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -52,6 +52,10 @@ properties:
|
||||
- const: rx
|
||||
- const: tx
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
required:
|
||||
- compatible
|
||||
- reg
|
||||
|
@ -172,6 +172,10 @@ properties:
|
||||
|
||||
tpl-support: true
|
||||
|
||||
access-controllers:
|
||||
minItems: 1
|
||||
maxItems: 2
|
||||
|
||||
dependencies:
|
||||
port: [ usb-role-switch ]
|
||||
role-switch-default-mode: [ usb-role-switch ]
|
||||
|
@ -20850,6 +20850,13 @@ T: git git://linuxtv.org/media_tree.git
|
||||
F: Documentation/devicetree/bindings/media/i2c/st,st-mipid02.yaml
|
||||
F: drivers/media/i2c/st-mipid02.c
|
||||
|
||||
ST STM32 FIREWALL
|
||||
M: Gatien Chevallier <gatien.chevallier@foss.st.com>
|
||||
S: Maintained
|
||||
F: drivers/bus/stm32_etzpc.c
|
||||
F: drivers/bus/stm32_firewall.c
|
||||
F: drivers/bus/stm32_rifsc.c
|
||||
|
||||
ST STM32 I2C/SMBUS DRIVER
|
||||
M: Pierre-Yves MORDRET <pierre-yves.mordret@foss.st.com>
|
||||
M: Alain Volmat <alain.volmat@foss.st.com>
|
||||
|
@ -12,6 +12,7 @@ menuconfig ARCH_STM32
|
||||
select PINCTRL
|
||||
select RESET_CONTROLLER
|
||||
select STM32_EXTI
|
||||
select STM32_FIREWALL
|
||||
help
|
||||
Support for STMicroelectronics STM32 processors.
|
||||
|
||||
|
@ -305,6 +305,7 @@ config ARCH_STM32
|
||||
select ARM_SMC_MBOX
|
||||
select ARM_SCMI_PROTOCOL
|
||||
select COMMON_CLK_SCMI
|
||||
select STM32_FIREWALL
|
||||
help
|
||||
This enables support for ARMv8 based STMicroelectronics
|
||||
STM32 family, including:
|
||||
|
@ -163,6 +163,16 @@ config QCOM_SSC_BLOCK_BUS
|
||||
i2c/spi/uart controllers, a hexagon core, and a clock controller
|
||||
which provides clocks for the above.
|
||||
|
||||
config STM32_FIREWALL
|
||||
bool "STM32 Firewall framework"
|
||||
depends on (ARCH_STM32 || COMPILE_TEST) && OF
|
||||
select OF_DYNAMIC
|
||||
help
|
||||
Say y to enable STM32 firewall framework and its services. Firewall
|
||||
controllers will be able to register to the framework. Access for
|
||||
hardware resources linked to a firewall controller can be requested
|
||||
through this STM32 framework.
|
||||
|
||||
config SUN50I_DE2_BUS
|
||||
bool "Allwinner A64 DE2 Bus Driver"
|
||||
default ARM64
|
||||
|
@ -26,6 +26,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o
|
||||
obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o
|
||||
obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o
|
||||
obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o
|
||||
obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o stm32_rifsc.o stm32_etzpc.o
|
||||
obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o
|
||||
obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
|
||||
obj-$(CONFIG_OF) += simple-pm-bus.o
|
||||
|
141
drivers/bus/stm32_etzpc.c
Normal file
141
drivers/bus/stm32_etzpc.c
Normal file
@ -0,0 +1,141 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* Copyright (C) 2023, STMicroelectronics - All Rights Reserved
|
||||
*/
|
||||
|
||||
#include <linux/bitfield.h>
|
||||
#include <linux/bits.h>
|
||||
#include <linux/device.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/of.h>
|
||||
#include <linux/of_platform.h>
|
||||
#include <linux/platform_device.h>
|
||||
#include <linux/types.h>
|
||||
|
||||
#include "stm32_firewall.h"
|
||||
|
||||
/*
|
||||
* ETZPC registers
|
||||
*/
|
||||
#define ETZPC_DECPROT 0x10
|
||||
#define ETZPC_HWCFGR 0x3F0
|
||||
|
||||
/*
|
||||
* HWCFGR register
|
||||
*/
|
||||
#define ETZPC_HWCFGR_NUM_TZMA GENMASK(7, 0)
|
||||
#define ETZPC_HWCFGR_NUM_PER_SEC GENMASK(15, 8)
|
||||
#define ETZPC_HWCFGR_NUM_AHB_SEC GENMASK(23, 16)
|
||||
#define ETZPC_HWCFGR_CHUNKS1N4 GENMASK(31, 24)
|
||||
|
||||
/*
|
||||
* ETZPC miscellaneous
|
||||
*/
|
||||
#define ETZPC_PROT_MASK GENMASK(1, 0)
|
||||
#define ETZPC_PROT_A7NS 0x3
|
||||
#define ETZPC_DECPROT_SHIFT 1
|
||||
|
||||
#define IDS_PER_DECPROT_REGS 16
|
||||
|
||||
static int stm32_etzpc_grant_access(struct stm32_firewall_controller *ctrl, u32 firewall_id)
|
||||
{
|
||||
u32 offset, reg_offset, sec_val;
|
||||
|
||||
if (firewall_id >= ctrl->max_entries) {
|
||||
dev_err(ctrl->dev, "Invalid sys bus ID %u", firewall_id);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* Check access configuration, 16 peripherals per register */
|
||||
reg_offset = ETZPC_DECPROT + 0x4 * (firewall_id / IDS_PER_DECPROT_REGS);
|
||||
offset = (firewall_id % IDS_PER_DECPROT_REGS) << ETZPC_DECPROT_SHIFT;
|
||||
|
||||
/* Verify peripheral is non-secure and attributed to cortex A7 */
|
||||
sec_val = (readl(ctrl->mmio + reg_offset) >> offset) & ETZPC_PROT_MASK;
|
||||
if (sec_val != ETZPC_PROT_A7NS) {
|
||||
dev_dbg(ctrl->dev, "Invalid bus configuration: reg_offset %#x, value %d\n",
|
||||
reg_offset, sec_val);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void stm32_etzpc_release_access(struct stm32_firewall_controller *ctrl __maybe_unused,
|
||||
u32 firewall_id __maybe_unused)
|
||||
{
|
||||
}
|
||||
|
||||
static int stm32_etzpc_probe(struct platform_device *pdev)
|
||||
{
|
||||
struct stm32_firewall_controller *etzpc_controller;
|
||||
struct device_node *np = pdev->dev.of_node;
|
||||
u32 nb_per, nb_master;
|
||||
struct resource *res;
|
||||
void __iomem *mmio;
|
||||
int rc;
|
||||
|
||||
etzpc_controller = devm_kzalloc(&pdev->dev, sizeof(*etzpc_controller), GFP_KERNEL);
|
||||
if (!etzpc_controller)
|
||||
return -ENOMEM;
|
||||
|
||||
mmio = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
|
||||
if (IS_ERR(mmio))
|
||||
return PTR_ERR(mmio);
|
||||
|
||||
etzpc_controller->dev = &pdev->dev;
|
||||
etzpc_controller->mmio = mmio;
|
||||
etzpc_controller->name = dev_driver_string(etzpc_controller->dev);
|
||||
etzpc_controller->type = STM32_PERIPHERAL_FIREWALL | STM32_MEMORY_FIREWALL;
|
||||
etzpc_controller->grant_access = stm32_etzpc_grant_access;
|
||||
etzpc_controller->release_access = stm32_etzpc_release_access;
|
||||
|
||||
/* Get number of etzpc entries*/
|
||||
nb_per = FIELD_GET(ETZPC_HWCFGR_NUM_PER_SEC,
|
||||
readl(etzpc_controller->mmio + ETZPC_HWCFGR));
|
||||
nb_master = FIELD_GET(ETZPC_HWCFGR_NUM_AHB_SEC,
|
||||
readl(etzpc_controller->mmio + ETZPC_HWCFGR));
|
||||
etzpc_controller->max_entries = nb_per + nb_master;
|
||||
|
||||
platform_set_drvdata(pdev, etzpc_controller);
|
||||
|
||||
rc = stm32_firewall_controller_register(etzpc_controller);
|
||||
if (rc) {
|
||||
dev_err(etzpc_controller->dev, "Couldn't register as a firewall controller: %d",
|
||||
rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
rc = stm32_firewall_populate_bus(etzpc_controller);
|
||||
if (rc) {
|
||||
dev_err(etzpc_controller->dev, "Couldn't populate ETZPC bus: %d",
|
||||
rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Populate all allowed nodes */
|
||||
return of_platform_populate(np, NULL, NULL, &pdev->dev);
|
||||
}
|
||||
|
||||
static const struct of_device_id stm32_etzpc_of_match[] = {
|
||||
{ .compatible = "st,stm32-etzpc" },
|
||||
{}
|
||||
};
|
||||
MODULE_DEVICE_TABLE(of, stm32_etzpc_of_match);
|
||||
|
||||
static struct platform_driver stm32_etzpc_driver = {
|
||||
.probe = stm32_etzpc_probe,
|
||||
.driver = {
|
||||
.name = "stm32-etzpc",
|
||||
.of_match_table = stm32_etzpc_of_match,
|
||||
},
|
||||
};
|
||||
module_platform_driver(stm32_etzpc_driver);
|
||||
|
||||
MODULE_AUTHOR("Gatien Chevallier <gatien.chevallier@foss.st.com>");
|
||||
MODULE_DESCRIPTION("STMicroelectronics ETZPC driver");
|
||||
MODULE_LICENSE("GPL");
|
294
drivers/bus/stm32_firewall.c
Normal file
294
drivers/bus/stm32_firewall.c
Normal file
@ -0,0 +1,294 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* Copyright (C) 2023, STMicroelectronics - All Rights Reserved
|
||||
*/
|
||||
|
||||
#include <linux/bitfield.h>
|
||||
#include <linux/bits.h>
|
||||
#include <linux/bus/stm32_firewall_device.h>
|
||||
#include <linux/device.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/of.h>
|
||||
#include <linux/of_platform.h>
|
||||
#include <linux/platform_device.h>
|
||||
#include <linux/types.h>
|
||||
#include <linux/slab.h>
|
||||
|
||||
#include "stm32_firewall.h"
|
||||
|
||||
/* Corresponds to STM32_FIREWALL_MAX_EXTRA_ARGS + firewall ID */
|
||||
#define STM32_FIREWALL_MAX_ARGS (STM32_FIREWALL_MAX_EXTRA_ARGS + 1)
|
||||
|
||||
static LIST_HEAD(firewall_controller_list);
|
||||
static DEFINE_MUTEX(firewall_controller_list_lock);
|
||||
|
||||
/* Firewall device API */
|
||||
|
||||
int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall,
|
||||
unsigned int nb_firewall)
|
||||
{
|
||||
struct stm32_firewall_controller *ctrl;
|
||||
struct of_phandle_iterator it;
|
||||
unsigned int i, j = 0;
|
||||
int err;
|
||||
|
||||
if (!firewall || !nb_firewall)
|
||||
return -EINVAL;
|
||||
|
||||
/* Parse property with phandle parsed out */
|
||||
of_for_each_phandle(&it, err, np, "access-controllers", "#access-controller-cells", 0) {
|
||||
struct of_phandle_args provider_args;
|
||||
struct device_node *provider = it.node;
|
||||
const char *fw_entry;
|
||||
bool match = false;
|
||||
|
||||
if (err) {
|
||||
pr_err("Unable to get access-controllers property for node %s\n, err: %d",
|
||||
np->full_name, err);
|
||||
of_node_put(provider);
|
||||
return err;
|
||||
}
|
||||
|
||||
if (j >= nb_firewall) {
|
||||
pr_err("Too many firewall controllers");
|
||||
of_node_put(provider);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
provider_args.args_count = of_phandle_iterator_args(&it, provider_args.args,
|
||||
STM32_FIREWALL_MAX_ARGS);
|
||||
|
||||
/* Check if the parsed phandle corresponds to a registered firewall controller */
|
||||
mutex_lock(&firewall_controller_list_lock);
|
||||
list_for_each_entry(ctrl, &firewall_controller_list, entry) {
|
||||
if (ctrl->dev->of_node->phandle == it.phandle) {
|
||||
match = true;
|
||||
firewall[j].firewall_ctrl = ctrl;
|
||||
break;
|
||||
}
|
||||
}
|
||||
mutex_unlock(&firewall_controller_list_lock);
|
||||
|
||||
if (!match) {
|
||||
firewall[j].firewall_ctrl = NULL;
|
||||
pr_err("No firewall controller registered for %s\n", np->full_name);
|
||||
of_node_put(provider);
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
err = of_property_read_string_index(np, "access-controller-names", j, &fw_entry);
|
||||
if (err == 0)
|
||||
firewall[j].entry = fw_entry;
|
||||
|
||||
/* Handle the case when there are no arguments given along with the phandle */
|
||||
if (provider_args.args_count < 0 ||
|
||||
provider_args.args_count > STM32_FIREWALL_MAX_ARGS) {
|
||||
of_node_put(provider);
|
||||
return -EINVAL;
|
||||
} else if (provider_args.args_count == 0) {
|
||||
firewall[j].extra_args_size = 0;
|
||||
firewall[j].firewall_id = U32_MAX;
|
||||
j++;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* The firewall ID is always the first argument */
|
||||
firewall[j].firewall_id = provider_args.args[0];
|
||||
|
||||
/* Extra args start at the second argument */
|
||||
for (i = 0; i < provider_args.args_count - 1; i++)
|
||||
firewall[j].extra_args[i] = provider_args.args[i + 1];
|
||||
|
||||
/* Remove the firewall ID arg that is not an extra argument */
|
||||
firewall[j].extra_args_size = provider_args.args_count - 1;
|
||||
|
||||
j++;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_get_firewall);
|
||||
|
||||
int stm32_firewall_grant_access(struct stm32_firewall *firewall)
|
||||
{
|
||||
struct stm32_firewall_controller *firewall_controller;
|
||||
|
||||
if (!firewall || firewall->firewall_id == U32_MAX)
|
||||
return -EINVAL;
|
||||
|
||||
firewall_controller = firewall->firewall_ctrl;
|
||||
|
||||
if (!firewall_controller)
|
||||
return -ENODEV;
|
||||
|
||||
return firewall_controller->grant_access(firewall_controller, firewall->firewall_id);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_grant_access);
|
||||
|
||||
int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
|
||||
{
|
||||
struct stm32_firewall_controller *firewall_controller;
|
||||
|
||||
if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX)
|
||||
return -EINVAL;
|
||||
|
||||
firewall_controller = firewall->firewall_ctrl;
|
||||
|
||||
if (!firewall_controller)
|
||||
return -ENODEV;
|
||||
|
||||
return firewall_controller->grant_access(firewall_controller, subsystem_id);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_grant_access_by_id);
|
||||
|
||||
void stm32_firewall_release_access(struct stm32_firewall *firewall)
|
||||
{
|
||||
struct stm32_firewall_controller *firewall_controller;
|
||||
|
||||
if (!firewall || firewall->firewall_id == U32_MAX) {
|
||||
pr_debug("Incorrect arguments when releasing a firewall access\n");
|
||||
return;
|
||||
}
|
||||
|
||||
firewall_controller = firewall->firewall_ctrl;
|
||||
|
||||
if (!firewall_controller) {
|
||||
pr_debug("No firewall controller to release\n");
|
||||
return;
|
||||
}
|
||||
|
||||
firewall_controller->release_access(firewall_controller, firewall->firewall_id);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_release_access);
|
||||
|
||||
void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
|
||||
{
|
||||
struct stm32_firewall_controller *firewall_controller;
|
||||
|
||||
if (!firewall || subsystem_id == U32_MAX || firewall->firewall_id == U32_MAX) {
|
||||
pr_debug("Incorrect arguments when releasing a firewall access");
|
||||
return;
|
||||
}
|
||||
|
||||
firewall_controller = firewall->firewall_ctrl;
|
||||
|
||||
if (!firewall_controller) {
|
||||
pr_debug("No firewall controller to release");
|
||||
return;
|
||||
}
|
||||
|
||||
firewall_controller->release_access(firewall_controller, subsystem_id);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_release_access_by_id);
|
||||
|
||||
/* Firewall controller API */
|
||||
|
||||
int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller)
|
||||
{
|
||||
struct stm32_firewall_controller *ctrl;
|
||||
|
||||
if (!firewall_controller)
|
||||
return -ENODEV;
|
||||
|
||||
pr_info("Registering %s firewall controller\n", firewall_controller->name);
|
||||
|
||||
mutex_lock(&firewall_controller_list_lock);
|
||||
list_for_each_entry(ctrl, &firewall_controller_list, entry) {
|
||||
if (ctrl == firewall_controller) {
|
||||
pr_debug("%s firewall controller already registered\n",
|
||||
firewall_controller->name);
|
||||
mutex_unlock(&firewall_controller_list_lock);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
list_add_tail(&firewall_controller->entry, &firewall_controller_list);
|
||||
mutex_unlock(&firewall_controller_list_lock);
|
||||
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_controller_register);
|
||||
|
||||
void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller)
|
||||
{
|
||||
struct stm32_firewall_controller *ctrl;
|
||||
bool controller_removed = false;
|
||||
|
||||
if (!firewall_controller) {
|
||||
pr_debug("Null reference while unregistering firewall controller\n");
|
||||
return;
|
||||
}
|
||||
|
||||
mutex_lock(&firewall_controller_list_lock);
|
||||
list_for_each_entry(ctrl, &firewall_controller_list, entry) {
|
||||
if (ctrl == firewall_controller) {
|
||||
controller_removed = true;
|
||||
list_del_init(&ctrl->entry);
|
||||
break;
|
||||
}
|
||||
}
|
||||
mutex_unlock(&firewall_controller_list_lock);
|
||||
|
||||
if (!controller_removed)
|
||||
pr_debug("There was no firewall controller named %s to unregister\n",
|
||||
firewall_controller->name);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_controller_unregister);
|
||||
|
||||
int stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller)
|
||||
{
|
||||
struct stm32_firewall *firewalls;
|
||||
struct device_node *child;
|
||||
struct device *parent;
|
||||
unsigned int i;
|
||||
int len;
|
||||
int err;
|
||||
|
||||
parent = firewall_controller->dev;
|
||||
|
||||
dev_dbg(parent, "Populating %s system bus\n", dev_name(firewall_controller->dev));
|
||||
|
||||
for_each_available_child_of_node(dev_of_node(parent), child) {
|
||||
/* The access-controllers property is mandatory for firewall bus devices */
|
||||
len = of_count_phandle_with_args(child, "access-controllers",
|
||||
"#access-controller-cells");
|
||||
if (len <= 0) {
|
||||
of_node_put(child);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
firewalls = kcalloc(len, sizeof(*firewalls), GFP_KERNEL);
|
||||
if (!firewalls) {
|
||||
of_node_put(child);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
err = stm32_firewall_get_firewall(child, firewalls, (unsigned int)len);
|
||||
if (err) {
|
||||
kfree(firewalls);
|
||||
of_node_put(child);
|
||||
return err;
|
||||
}
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
if (firewall_controller->grant_access(firewall_controller,
|
||||
firewalls[i].firewall_id)) {
|
||||
/*
|
||||
* Peripheral access not allowed or not defined.
|
||||
* Mark the node as populated so platform bus won't probe it
|
||||
*/
|
||||
of_detach_node(child);
|
||||
dev_err(parent, "%s: Device driver will not be probed\n",
|
||||
child->full_name);
|
||||
}
|
||||
}
|
||||
|
||||
kfree(firewalls);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(stm32_firewall_populate_bus);
|
83
drivers/bus/stm32_firewall.h
Normal file
83
drivers/bus/stm32_firewall.h
Normal file
@ -0,0 +1,83 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
/*
|
||||
* Copyright (C) 2023, STMicroelectronics - All Rights Reserved
|
||||
*/
|
||||
|
||||
#ifndef _STM32_FIREWALL_H
|
||||
#define _STM32_FIREWALL_H
|
||||
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/of.h>
|
||||
#include <linux/platform_device.h>
|
||||
#include <linux/types.h>
|
||||
|
||||
/**
|
||||
* STM32_PERIPHERAL_FIREWALL: This type of firewall protects peripherals
|
||||
* STM32_MEMORY_FIREWALL: This type of firewall protects memories/subsets of memory
|
||||
* zones
|
||||
* STM32_NOTYPE_FIREWALL: Undefined firewall type
|
||||
*/
|
||||
|
||||
#define STM32_PERIPHERAL_FIREWALL BIT(1)
|
||||
#define STM32_MEMORY_FIREWALL BIT(2)
|
||||
#define STM32_NOTYPE_FIREWALL BIT(3)
|
||||
|
||||
/**
|
||||
* struct stm32_firewall_controller - Information on firewall controller supplying services
|
||||
*
|
||||
* @name: Name of the firewall controller
|
||||
* @dev: Device reference of the firewall controller
|
||||
* @mmio: Base address of the firewall controller
|
||||
* @entry: List entry of the firewall controller list
|
||||
* @type: Type of firewall
|
||||
* @max_entries: Number of entries covered by the firewall
|
||||
* @grant_access: Callback used to grant access for a device access against a
|
||||
* firewall controller
|
||||
* @release_access: Callback used to release resources taken by a device when access was
|
||||
* granted
|
||||
* @grant_memory_range_access: Callback used to grant access for a device to a given memory region
|
||||
*/
|
||||
struct stm32_firewall_controller {
|
||||
const char *name;
|
||||
struct device *dev;
|
||||
void __iomem *mmio;
|
||||
struct list_head entry;
|
||||
unsigned int type;
|
||||
unsigned int max_entries;
|
||||
|
||||
int (*grant_access)(struct stm32_firewall_controller *ctrl, u32 id);
|
||||
void (*release_access)(struct stm32_firewall_controller *ctrl, u32 id);
|
||||
int (*grant_memory_range_access)(struct stm32_firewall_controller *ctrl, phys_addr_t paddr,
|
||||
size_t size);
|
||||
};
|
||||
|
||||
/**
|
||||
* stm32_firewall_controller_register - Register a firewall controller to the STM32 firewall
|
||||
* framework
|
||||
* @firewall_controller: Firewall controller to register
|
||||
*
|
||||
* Returns 0 in case of success or -ENODEV if no controller was given.
|
||||
*/
|
||||
int stm32_firewall_controller_register(struct stm32_firewall_controller *firewall_controller);
|
||||
|
||||
/**
|
||||
* stm32_firewall_controller_unregister - Unregister a firewall controller from the STM32
|
||||
* firewall framework
|
||||
* @firewall_controller: Firewall controller to unregister
|
||||
*/
|
||||
void stm32_firewall_controller_unregister(struct stm32_firewall_controller *firewall_controller);
|
||||
|
||||
/**
|
||||
* stm32_firewall_populate_bus - Populate device tree nodes that have a correct firewall
|
||||
* configuration. This is used at boot-time only, as a sanity check
|
||||
* between device tree and firewalls hardware configurations to
|
||||
* prevent a kernel crash when a device driver is not granted access
|
||||
*
|
||||
* @firewall_controller: Firewall controller which nodes will be populated or not
|
||||
*
|
||||
* Returns 0 in case of success or appropriate errno code if error occurred.
|
||||
*/
|
||||
int stm32_firewall_populate_bus(struct stm32_firewall_controller *firewall_controller);
|
||||
|
||||
#endif /* _STM32_FIREWALL_H */
|
252
drivers/bus/stm32_rifsc.c
Normal file
252
drivers/bus/stm32_rifsc.c
Normal file
@ -0,0 +1,252 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* Copyright (C) 2023, STMicroelectronics - All Rights Reserved
|
||||
*/
|
||||
|
||||
#include <linux/bitfield.h>
|
||||
#include <linux/bits.h>
|
||||
#include <linux/device.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/of.h>
|
||||
#include <linux/of_platform.h>
|
||||
#include <linux/platform_device.h>
|
||||
#include <linux/types.h>
|
||||
|
||||
#include "stm32_firewall.h"
|
||||
|
||||
/*
|
||||
* RIFSC offset register
|
||||
*/
|
||||
#define RIFSC_RISC_SECCFGR0 0x10
|
||||
#define RIFSC_RISC_PRIVCFGR0 0x30
|
||||
#define RIFSC_RISC_PER0_CIDCFGR 0x100
|
||||
#define RIFSC_RISC_PER0_SEMCR 0x104
|
||||
#define RIFSC_RISC_HWCFGR2 0xFEC
|
||||
|
||||
/*
|
||||
* SEMCR register
|
||||
*/
|
||||
#define SEMCR_MUTEX BIT(0)
|
||||
|
||||
/*
|
||||
* HWCFGR2 register
|
||||
*/
|
||||
#define HWCFGR2_CONF1_MASK GENMASK(15, 0)
|
||||
#define HWCFGR2_CONF2_MASK GENMASK(23, 16)
|
||||
#define HWCFGR2_CONF3_MASK GENMASK(31, 24)
|
||||
|
||||
/*
|
||||
* RIFSC miscellaneous
|
||||
*/
|
||||
#define RIFSC_RISC_CFEN_MASK BIT(0)
|
||||
#define RIFSC_RISC_SEM_EN_MASK BIT(1)
|
||||
#define RIFSC_RISC_SCID_MASK GENMASK(6, 4)
|
||||
#define RIFSC_RISC_SEML_SHIFT 16
|
||||
#define RIFSC_RISC_SEMWL_MASK GENMASK(23, 16)
|
||||
#define RIFSC_RISC_PER_ID_MASK GENMASK(31, 24)
|
||||
|
||||
#define RIFSC_RISC_PERx_CID_MASK (RIFSC_RISC_CFEN_MASK | \
|
||||
RIFSC_RISC_SEM_EN_MASK | \
|
||||
RIFSC_RISC_SCID_MASK | \
|
||||
RIFSC_RISC_SEMWL_MASK)
|
||||
|
||||
#define IDS_PER_RISC_SEC_PRIV_REGS 32
|
||||
|
||||
/* RIF miscellaneous */
|
||||
/*
|
||||
* CIDCFGR register fields
|
||||
*/
|
||||
#define CIDCFGR_CFEN BIT(0)
|
||||
#define CIDCFGR_SEMEN BIT(1)
|
||||
#define CIDCFGR_SEMWL(x) BIT(RIFSC_RISC_SEML_SHIFT + (x))
|
||||
|
||||
#define SEMWL_SHIFT 16
|
||||
|
||||
/* Compartiment IDs */
|
||||
#define RIF_CID0 0x0
|
||||
#define RIF_CID1 0x1
|
||||
|
||||
static bool stm32_rifsc_is_semaphore_available(void __iomem *addr)
|
||||
{
|
||||
return !(readl(addr) & SEMCR_MUTEX);
|
||||
}
|
||||
|
||||
static int stm32_rif_acquire_semaphore(struct stm32_firewall_controller *stm32_firewall_controller,
|
||||
int id)
|
||||
{
|
||||
void __iomem *addr = stm32_firewall_controller->mmio + RIFSC_RISC_PER0_SEMCR + 0x8 * id;
|
||||
|
||||
writel(SEMCR_MUTEX, addr);
|
||||
|
||||
/* Check that CID1 has the semaphore */
|
||||
if (stm32_rifsc_is_semaphore_available(addr) ||
|
||||
FIELD_GET(RIFSC_RISC_SCID_MASK, readl(addr)) != RIF_CID1)
|
||||
return -EACCES;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void stm32_rif_release_semaphore(struct stm32_firewall_controller *stm32_firewall_controller,
|
||||
int id)
|
||||
{
|
||||
void __iomem *addr = stm32_firewall_controller->mmio + RIFSC_RISC_PER0_SEMCR + 0x8 * id;
|
||||
|
||||
if (stm32_rifsc_is_semaphore_available(addr))
|
||||
return;
|
||||
|
||||
writel(SEMCR_MUTEX, addr);
|
||||
|
||||
/* Ok if another compartment takes the semaphore before the check */
|
||||
WARN_ON(!stm32_rifsc_is_semaphore_available(addr) &&
|
||||
FIELD_GET(RIFSC_RISC_SCID_MASK, readl(addr)) == RIF_CID1);
|
||||
}
|
||||
|
||||
static int stm32_rifsc_grant_access(struct stm32_firewall_controller *ctrl, u32 firewall_id)
|
||||
{
|
||||
struct stm32_firewall_controller *rifsc_controller = ctrl;
|
||||
u32 reg_offset, reg_id, sec_reg_value, cid_reg_value;
|
||||
int rc;
|
||||
|
||||
if (firewall_id >= rifsc_controller->max_entries) {
|
||||
dev_err(rifsc_controller->dev, "Invalid sys bus ID %u", firewall_id);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/*
|
||||
* RIFSC_RISC_PRIVCFGRx and RIFSC_RISC_SECCFGRx both handle configuration access for
|
||||
* 32 peripherals. On the other hand, there is one _RIFSC_RISC_PERx_CIDCFGR register
|
||||
* per peripheral
|
||||
*/
|
||||
reg_id = firewall_id / IDS_PER_RISC_SEC_PRIV_REGS;
|
||||
reg_offset = firewall_id % IDS_PER_RISC_SEC_PRIV_REGS;
|
||||
sec_reg_value = readl(rifsc_controller->mmio + RIFSC_RISC_SECCFGR0 + 0x4 * reg_id);
|
||||
cid_reg_value = readl(rifsc_controller->mmio + RIFSC_RISC_PER0_CIDCFGR + 0x8 * firewall_id);
|
||||
|
||||
/* First check conditions for semaphore mode, which doesn't take into account static CID. */
|
||||
if ((cid_reg_value & CIDCFGR_SEMEN) && (cid_reg_value & CIDCFGR_CFEN)) {
|
||||
if (cid_reg_value & BIT(RIF_CID1 + SEMWL_SHIFT)) {
|
||||
/* Static CID is irrelevant if semaphore mode */
|
||||
goto skip_cid_check;
|
||||
} else {
|
||||
dev_dbg(rifsc_controller->dev,
|
||||
"Invalid bus semaphore configuration: index %d\n", firewall_id);
|
||||
return -EACCES;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Skip CID check if CID filtering isn't enabled or filtering is enabled on CID0, which
|
||||
* corresponds to whatever CID.
|
||||
*/
|
||||
if (!(cid_reg_value & CIDCFGR_CFEN) ||
|
||||
FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) == RIF_CID0)
|
||||
goto skip_cid_check;
|
||||
|
||||
/* Coherency check with the CID configuration */
|
||||
if (FIELD_GET(RIFSC_RISC_SCID_MASK, cid_reg_value) != RIF_CID1) {
|
||||
dev_dbg(rifsc_controller->dev, "Invalid CID configuration for peripheral: %d\n",
|
||||
firewall_id);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
skip_cid_check:
|
||||
/* Check security configuration */
|
||||
if (sec_reg_value & BIT(reg_offset)) {
|
||||
dev_dbg(rifsc_controller->dev,
|
||||
"Invalid security configuration for peripheral: %d\n", firewall_id);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/*
|
||||
* If the peripheral is in semaphore mode, take the semaphore so that
|
||||
* the CID1 has the ownership.
|
||||
*/
|
||||
if ((cid_reg_value & CIDCFGR_SEMEN) && (cid_reg_value & CIDCFGR_CFEN)) {
|
||||
rc = stm32_rif_acquire_semaphore(rifsc_controller, firewall_id);
|
||||
if (rc) {
|
||||
dev_err(rifsc_controller->dev,
|
||||
"Couldn't acquire semaphore for peripheral: %d\n", firewall_id);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void stm32_rifsc_release_access(struct stm32_firewall_controller *ctrl, u32 firewall_id)
|
||||
{
|
||||
stm32_rif_release_semaphore(ctrl, firewall_id);
|
||||
}
|
||||
|
||||
static int stm32_rifsc_probe(struct platform_device *pdev)
|
||||
{
|
||||
struct stm32_firewall_controller *rifsc_controller;
|
||||
struct device_node *np = pdev->dev.of_node;
|
||||
u32 nb_risup, nb_rimu, nb_risal;
|
||||
struct resource *res;
|
||||
void __iomem *mmio;
|
||||
int rc;
|
||||
|
||||
rifsc_controller = devm_kzalloc(&pdev->dev, sizeof(*rifsc_controller), GFP_KERNEL);
|
||||
if (!rifsc_controller)
|
||||
return -ENOMEM;
|
||||
|
||||
mmio = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
|
||||
if (IS_ERR(mmio))
|
||||
return PTR_ERR(mmio);
|
||||
|
||||
rifsc_controller->dev = &pdev->dev;
|
||||
rifsc_controller->mmio = mmio;
|
||||
rifsc_controller->name = dev_driver_string(rifsc_controller->dev);
|
||||
rifsc_controller->type = STM32_PERIPHERAL_FIREWALL | STM32_MEMORY_FIREWALL;
|
||||
rifsc_controller->grant_access = stm32_rifsc_grant_access;
|
||||
rifsc_controller->release_access = stm32_rifsc_release_access;
|
||||
|
||||
/* Get number of RIFSC entries*/
|
||||
nb_risup = readl(rifsc_controller->mmio + RIFSC_RISC_HWCFGR2) & HWCFGR2_CONF1_MASK;
|
||||
nb_rimu = readl(rifsc_controller->mmio + RIFSC_RISC_HWCFGR2) & HWCFGR2_CONF2_MASK;
|
||||
nb_risal = readl(rifsc_controller->mmio + RIFSC_RISC_HWCFGR2) & HWCFGR2_CONF3_MASK;
|
||||
rifsc_controller->max_entries = nb_risup + nb_rimu + nb_risal;
|
||||
|
||||
platform_set_drvdata(pdev, rifsc_controller);
|
||||
|
||||
rc = stm32_firewall_controller_register(rifsc_controller);
|
||||
if (rc) {
|
||||
dev_err(rifsc_controller->dev, "Couldn't register as a firewall controller: %d",
|
||||
rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
rc = stm32_firewall_populate_bus(rifsc_controller);
|
||||
if (rc) {
|
||||
dev_err(rifsc_controller->dev, "Couldn't populate RIFSC bus: %d",
|
||||
rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Populate all allowed nodes */
|
||||
return of_platform_populate(np, NULL, NULL, &pdev->dev);
|
||||
}
|
||||
|
||||
static const struct of_device_id stm32_rifsc_of_match[] = {
|
||||
{ .compatible = "st,stm32mp25-rifsc" },
|
||||
{}
|
||||
};
|
||||
MODULE_DEVICE_TABLE(of, stm32_rifsc_of_match);
|
||||
|
||||
static struct platform_driver stm32_rifsc_driver = {
|
||||
.probe = stm32_rifsc_probe,
|
||||
.driver = {
|
||||
.name = "stm32-rifsc",
|
||||
.of_match_table = stm32_rifsc_of_match,
|
||||
},
|
||||
};
|
||||
module_platform_driver(stm32_rifsc_driver);
|
||||
|
||||
MODULE_AUTHOR("Gatien Chevallier <gatien.chevallier@foss.st.com>");
|
||||
MODULE_DESCRIPTION("STMicroelectronics RIFSC driver");
|
||||
MODULE_LICENSE("GPL");
|
@ -1252,6 +1252,7 @@ DEFINE_SIMPLE_PROP(backlight, "backlight", NULL)
|
||||
DEFINE_SIMPLE_PROP(panel, "panel", NULL)
|
||||
DEFINE_SIMPLE_PROP(msi_parent, "msi-parent", "#msi-cells")
|
||||
DEFINE_SIMPLE_PROP(post_init_providers, "post-init-providers", NULL)
|
||||
DEFINE_SIMPLE_PROP(access_controllers, "access-controllers", "#access-controller-cells")
|
||||
DEFINE_SUFFIX_PROP(regulators, "-supply", NULL)
|
||||
DEFINE_SUFFIX_PROP(gpio, "-gpio", "#gpio-cells")
|
||||
|
||||
@ -1359,6 +1360,7 @@ static const struct supplier_bindings of_supplier_bindings[] = {
|
||||
{ .parse_prop = parse_msi_parent, },
|
||||
{ .parse_prop = parse_gpio_compat, },
|
||||
{ .parse_prop = parse_interrupts, },
|
||||
{ .parse_prop = parse_access_controllers, },
|
||||
{ .parse_prop = parse_regulators, },
|
||||
{ .parse_prop = parse_gpio, },
|
||||
{ .parse_prop = parse_gpios, },
|
||||
|
142
include/linux/bus/stm32_firewall_device.h
Normal file
142
include/linux/bus/stm32_firewall_device.h
Normal file
@ -0,0 +1,142 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
/*
|
||||
* Copyright (C) 2023, STMicroelectronics - All Rights Reserved
|
||||
*/
|
||||
|
||||
#ifndef STM32_FIREWALL_DEVICE_H
|
||||
#define STM32_FIREWALL_DEVICE_H
|
||||
|
||||
#include <linux/of.h>
|
||||
#include <linux/platform_device.h>
|
||||
#include <linux/types.h>
|
||||
|
||||
#define STM32_FIREWALL_MAX_EXTRA_ARGS 5
|
||||
|
||||
/* Opaque reference to stm32_firewall_controller */
|
||||
struct stm32_firewall_controller;
|
||||
|
||||
/**
|
||||
* struct stm32_firewall - Information on a device's firewall. Each device can have more than one
|
||||
* firewall.
|
||||
*
|
||||
* @firewall_ctrl: Pointer referencing a firewall controller of the device. It is
|
||||
* opaque so a device cannot manipulate the controller's ops or access
|
||||
* the controller's data
|
||||
* @extra_args: Extra arguments that are implementation dependent
|
||||
* @entry: Name of the firewall entry
|
||||
* @extra_args_size: Number of extra arguments
|
||||
* @firewall_id: Firewall ID associated the device for this firewall controller
|
||||
*/
|
||||
struct stm32_firewall {
|
||||
struct stm32_firewall_controller *firewall_ctrl;
|
||||
u32 extra_args[STM32_FIREWALL_MAX_EXTRA_ARGS];
|
||||
const char *entry;
|
||||
size_t extra_args_size;
|
||||
u32 firewall_id;
|
||||
};
|
||||
|
||||
#if IS_ENABLED(CONFIG_STM32_FIREWALL)
|
||||
/**
|
||||
* stm32_firewall_get_firewall - Get the firewall(s) associated to given device.
|
||||
* The firewall controller reference is always the first argument
|
||||
* of each of the access-controller property entries.
|
||||
* The firewall ID is always the second argument of each of the
|
||||
* access-controller property entries.
|
||||
* If there's no argument linked to the phandle, then the firewall ID
|
||||
* field is set to U32_MAX, which is an invalid ID.
|
||||
*
|
||||
* @np: Device node to parse
|
||||
* @firewall: Array of firewall references
|
||||
* @nb_firewall: Number of firewall references to get. Must be at least 1.
|
||||
*
|
||||
* Returns 0 on success, -ENODEV if there's no match with a firewall controller or appropriate errno
|
||||
* code if error occurred.
|
||||
*/
|
||||
int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall,
|
||||
unsigned int nb_firewall);
|
||||
|
||||
/**
|
||||
* stm32_firewall_grant_access - Request firewall access rights and grant access.
|
||||
*
|
||||
* @firewall: Firewall reference containing the ID to check against its firewall
|
||||
* controller
|
||||
*
|
||||
* Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
|
||||
* appropriate errno code if error occurred
|
||||
*/
|
||||
int stm32_firewall_grant_access(struct stm32_firewall *firewall);
|
||||
|
||||
/**
|
||||
* stm32_firewall_release_access - Release access granted from a call to
|
||||
* stm32_firewall_grant_access().
|
||||
*
|
||||
* @firewall: Firewall reference containing the ID to check against its firewall
|
||||
* controller
|
||||
*/
|
||||
void stm32_firewall_release_access(struct stm32_firewall *firewall);
|
||||
|
||||
/**
|
||||
* stm32_firewall_grant_access_by_id - Request firewall access rights of a given device
|
||||
* based on a specific firewall ID
|
||||
*
|
||||
* Warnings:
|
||||
* There is no way to ensure that the given ID will correspond to the firewall referenced in the
|
||||
* device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
|
||||
* function must be used with caution.
|
||||
* This function should be used for subsystem resources that do not have the same firewall ID
|
||||
* as their parent.
|
||||
* U32_MAX is an invalid ID.
|
||||
*
|
||||
* @firewall: Firewall reference containing the firewall controller
|
||||
* @subsystem_id: Firewall ID of the subsystem resource
|
||||
*
|
||||
* Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
|
||||
* appropriate errno code if error occurred
|
||||
*/
|
||||
int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
|
||||
|
||||
/**
|
||||
* stm32_firewall_release_access_by_id - Release access granted from a call to
|
||||
* stm32_firewall_grant_access_by_id().
|
||||
*
|
||||
* Warnings:
|
||||
* There is no way to ensure that the given ID will correspond to the firewall referenced in the
|
||||
* device node if the ID did not come from stm32_firewall_get_firewall(). In that case, this
|
||||
* function must be used with caution.
|
||||
* This function should be used for subsystem resources that do not have the same firewall ID
|
||||
* as their parent.
|
||||
* U32_MAX is an invalid ID.
|
||||
*
|
||||
* @firewall: Firewall reference containing the firewall controller
|
||||
* @subsystem_id: Firewall ID of the subsystem resource
|
||||
*/
|
||||
void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id);
|
||||
|
||||
#else /* CONFIG_STM32_FIREWALL */
|
||||
|
||||
int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall,
|
||||
unsigned int nb_firewall);
|
||||
{
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
int stm32_firewall_grant_access(struct stm32_firewall *firewall)
|
||||
{
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
void stm32_firewall_release_access(struct stm32_firewall *firewall)
|
||||
{
|
||||
}
|
||||
|
||||
int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
|
||||
{
|
||||
return -ENODEV;
|
||||
}
|
||||
|
||||
void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id)
|
||||
{
|
||||
}
|
||||
|
||||
#endif /* CONFIG_STM32_FIREWALL */
|
||||
#endif /* STM32_FIREWALL_DEVICE_H */
|
Loading…
x
Reference in New Issue
Block a user