drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Che

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configur

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configuration
has been delegated, configures the firewall attributes necessary to
access a page.

Each RISAB is dedicated to a internal memory and can cover 128KBytes of
data, separated in 32 pages of 4 KBytes, containing 8 blocks each.

It is possible to align a RISAB secure and privilege regions
allocations with an ARM Cortex M, which defines in its address space
configurable regions with a 256Bytes granularity. The configuration
would be 512Bytes block-based in order to align the two.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32_risaf driver

Add the stm32_risaf driver to handle all RISAFs instances on a SoC.
Through RISAF registers, a trusted domain application, or the application
to whom the co

drivers: firewall: add stm32_risaf driver

Add the stm32_risaf driver to handle all RISAFs instances on a SoC.
Through RISAF registers, a trusted domain application, or the application
to whom the configuration has been delegated, assigns memory regions to
one or more security domains (secure, privilege, compartment).
RISAF4 includes the DDR memory cipher engine (DDRMCE) feature.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon such event, the platform panics as it is an
undesired event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallie

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: firewall: add firewall framework

Add a generic firewall controller framework. The goal of this framework
is to offer access control and configuration APIs, that are implemented
in the firewall

core: firewall: add firewall framework

Add a generic firewall controller framework. The goal of this framework
is to offer access control and configuration APIs, that are implemented
in the firewall controllers drivers, to the firewall consumers. This
framework requires an embedded device tree.

A firewall controller is an access controller [1]. It should register
itself as a provider to the framework. Firewall controllers have the
possibility to populate their bus according to defined firewall accesses
defined in the "access-controllers" property in each of the device's
node.

Any device that consumes one or more firewall should refer it/them in
their "access-controllers" property. Arguments can be passed along with
the phandle of the firewall controller(s).

Link: https://patchwork.kernel.org/project/linux-media/patch/20240105130404.301172-2-gatien.chevallier@foss.st.com/ [1]
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add stm32 RIFSC support

Add the RIFSC new driver support.

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed

drivers: add stm32 RIFSC support

Add the RIFSC new driver support.

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed of:

-RISC registers(slave peripherals) with RISUP(Resource Isolation
Slave Unit for Peripherals) OR RISAL(Resource Isolation Slave Unit
for Address space - Lite) logics.
-RIMC registers(Non RIF-Aware masters counterpart) with RIMU
(Resource Isolation Master Unit) logic. It is possible for a master to
inherit from its slave port(RISUP) configuration.

This driver parses the RIFSC device tree configuration and applies
it to put the firewall in place. Therefore, the device tree is
mandatory.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32_rif driver for common RIF features

The resource isolation framework (RIF) is a comprehensive set of
hardware blocks designed to enforce and manage the isolation of
STM32

drivers: firewall: add stm32_rif driver for common RIF features

The resource isolation framework (RIF) is a comprehensive set of
hardware blocks designed to enforce and manage the isolation of
STM32MP25xx hardware resources, like memories and peripherals.

The RIF manages security and privilege levels as well as compartment
filtering. Each compartment is identified by a Compartment ID (CID).

Therefore, the access filtering can be, depending on the case:
• restricted to none, one or more than one CID
• secure-only, non-secure only, or both
• privileged-only or privileged/unprivileged
• read-only, write-only, or read/write

Add a firewall driver folder that contains firewall drivers.
This RIF driver contains generic features shared between all drivers
managing RIF configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...