xref: /optee_os/core/include/drivers/firewall.h (revision d6b3f5f4a8e1f6aade6e5532076b23cc042f603f) 
148a1cce4SGatien Chevallier /* SPDX-License-Identifier: BSD-2-Clause */
248a1cce4SGatien Chevallier /*
348a1cce4SGatien Chevallier  * Copyright (C) 2024, STMicroelectronics
448a1cce4SGatien Chevallier  */
548a1cce4SGatien Chevallier 
648a1cce4SGatien Chevallier #ifndef __DRIVERS_FIREWALL_H
748a1cce4SGatien Chevallier #define __DRIVERS_FIREWALL_H
848a1cce4SGatien Chevallier 
948a1cce4SGatien Chevallier #include <compiler.h>
1048a1cce4SGatien Chevallier #include <drivers/firewall_device.h>
1148a1cce4SGatien Chevallier #include <mm/core_memprot.h>
1248a1cce4SGatien Chevallier #include <stdbool.h>
1348a1cce4SGatien Chevallier #include <stddef.h>
1448a1cce4SGatien Chevallier #include <tee_api_defines.h>
1548a1cce4SGatien Chevallier #include <types_ext.h>
1648a1cce4SGatien Chevallier 
1748a1cce4SGatien Chevallier struct firewall_controller_ops;
1848a1cce4SGatien Chevallier 
1948a1cce4SGatien Chevallier /**
2048a1cce4SGatien Chevallier  * struct firewall_controller - Firewall controller supplying services
2148a1cce4SGatien Chevallier  *
2248a1cce4SGatien Chevallier  * @ops: Operation handlers
2348a1cce4SGatien Chevallier  * @name: Name of the firewall controller
2448a1cce4SGatien Chevallier  * @base: Base address of the firewall controller
2548a1cce4SGatien Chevallier  * @priv: Private data of the firewall controller
2648a1cce4SGatien Chevallier  */
2748a1cce4SGatien Chevallier struct firewall_controller {
2848a1cce4SGatien Chevallier 	const struct firewall_controller_ops *ops;
2948a1cce4SGatien Chevallier 	const char *name;
3048a1cce4SGatien Chevallier 	struct io_pa_va *base;
3148a1cce4SGatien Chevallier 	void *priv;
3248a1cce4SGatien Chevallier };
3348a1cce4SGatien Chevallier 
3448a1cce4SGatien Chevallier /**
3548a1cce4SGatien Chevallier  * struct firewall_controller_ops - Firewall controller operation handlers
3648a1cce4SGatien Chevallier  *
3748a1cce4SGatien Chevallier  * @set_conf: Callback used to set given firewall configuration
3848a1cce4SGatien Chevallier  * @check_access: Callback used to check access for a consumer on a resource
3948a1cce4SGatien Chevallier  * against a firewall controller
4048a1cce4SGatien Chevallier  * @acquire_access: Callback used to acquire access for OP-TEE on a resource
4148a1cce4SGatien Chevallier  * against a firewall controller
4248a1cce4SGatien Chevallier  * @release_access: Callback used to release resources taken by a consumer when
4348a1cce4SGatien Chevallier  * the access was acquired with @acquire_access
4448a1cce4SGatien Chevallier  * @check_memory_access: Callback used to check access for a consumer to a
4548a1cce4SGatien Chevallier  * memory range covered by a firewall controller, for read and/or write accesses
4648a1cce4SGatien Chevallier  * @acquire_memory_access: Callback used to acquire access for OP-TEE to a
4748a1cce4SGatien Chevallier  * memory range covered by a firewall controller, for read and/or write accesses
4848a1cce4SGatien Chevallier  * @release_memory_access: Callback used to release resources taken by a
4948a1cce4SGatien Chevallier  * consumer when the memory access was acquired with @acquire_memory_access
50*d6b3f5f4SGatien Chevallier  * @set_memory_conf: Callback to set access rights to a physical memory range
5148a1cce4SGatien Chevallier  */
5248a1cce4SGatien Chevallier struct firewall_controller_ops {
5348a1cce4SGatien Chevallier 	TEE_Result (*set_conf)(struct firewall_query *conf);
5448a1cce4SGatien Chevallier 	TEE_Result (*check_access)(struct firewall_query *conf);
5548a1cce4SGatien Chevallier 	TEE_Result (*acquire_access)(struct firewall_query *conf);
5648a1cce4SGatien Chevallier 	void (*release_access)(struct firewall_query *conf);
5748a1cce4SGatien Chevallier 	TEE_Result (*check_memory_access)(struct firewall_query *fw,
5848a1cce4SGatien Chevallier 					  paddr_t paddr, size_t size,
5948a1cce4SGatien Chevallier 					  bool read, bool write);
6048a1cce4SGatien Chevallier 	TEE_Result (*acquire_memory_access)(struct firewall_query *fw,
6148a1cce4SGatien Chevallier 					    paddr_t paddr, size_t size,
6248a1cce4SGatien Chevallier 					    bool read, bool write);
6348a1cce4SGatien Chevallier 	void (*release_memory_access)(struct firewall_query *fw,
6448a1cce4SGatien Chevallier 				      paddr_t paddr, size_t size, bool read,
6548a1cce4SGatien Chevallier 				      bool write);
66*d6b3f5f4SGatien Chevallier 	TEE_Result (*set_memory_conf)(struct firewall_query *fw, paddr_t paddr,
67*d6b3f5f4SGatien Chevallier 				      size_t size);
6848a1cce4SGatien Chevallier };
6948a1cce4SGatien Chevallier 
7048a1cce4SGatien Chevallier #ifdef CFG_DRIVERS_FIREWALL
7148a1cce4SGatien Chevallier /**
7248a1cce4SGatien Chevallier  * firewall_dt_controller_register() - Register a firewall controller to the
7348a1cce4SGatien Chevallier  * firewall framework
7448a1cce4SGatien Chevallier  * @fdt: FDT to work on
7548a1cce4SGatien Chevallier  * @node: DT node of the controller
7648a1cce4SGatien Chevallier  * @ctrl: Firewall controller to register
7748a1cce4SGatien Chevallier  */
7848a1cce4SGatien Chevallier TEE_Result firewall_dt_controller_register(const void *fdt, int node,
7948a1cce4SGatien Chevallier 					   struct firewall_controller *ctrl);
8048a1cce4SGatien Chevallier 
8148a1cce4SGatien Chevallier #else /* CFG_DRIVERS_FIREWALL */
8248a1cce4SGatien Chevallier 
8348a1cce4SGatien Chevallier static inline TEE_Result
firewall_dt_controller_register(const void * fdt __unused,int node __unused,struct firewall_controller * ctrl __unused)8448a1cce4SGatien Chevallier firewall_dt_controller_register(const void *fdt __unused, int node __unused,
8548a1cce4SGatien Chevallier 				struct firewall_controller *ctrl __unused)
8648a1cce4SGatien Chevallier {
8748a1cce4SGatien Chevallier 	return TEE_ERROR_NOT_IMPLEMENTED;
8848a1cce4SGatien Chevallier }
8948a1cce4SGatien Chevallier #endif /* CFG_DRIVERS_FIREWALL */
9048a1cce4SGatien Chevallier #endif /* __DRIVERS_FIREWALL_H */
91