1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (C) 2024, STMicroelectronics 4 */ 5 6 #ifndef __DRIVERS_FIREWALL_H 7 #define __DRIVERS_FIREWALL_H 8 9 #include <compiler.h> 10 #include <drivers/firewall_device.h> 11 #include <mm/core_memprot.h> 12 #include <stdbool.h> 13 #include <stddef.h> 14 #include <tee_api_defines.h> 15 #include <types_ext.h> 16 17 struct firewall_controller_ops; 18 19 /** 20 * struct firewall_controller - Firewall controller supplying services 21 * 22 * @ops: Operation handlers 23 * @name: Name of the firewall controller 24 * @base: Base address of the firewall controller 25 * @priv: Private data of the firewall controller 26 */ 27 struct firewall_controller { 28 const struct firewall_controller_ops *ops; 29 const char *name; 30 struct io_pa_va *base; 31 void *priv; 32 }; 33 34 /** 35 * struct firewall_controller_ops - Firewall controller operation handlers 36 * 37 * @set_conf: Callback used to set given firewall configuration 38 * @check_access: Callback used to check access for a consumer on a resource 39 * against a firewall controller 40 * @acquire_access: Callback used to acquire access for OP-TEE on a resource 41 * against a firewall controller 42 * @release_access: Callback used to release resources taken by a consumer when 43 * the access was acquired with @acquire_access 44 * @check_memory_access: Callback used to check access for a consumer to a 45 * memory range covered by a firewall controller, for read and/or write accesses 46 * @acquire_memory_access: Callback used to acquire access for OP-TEE to a 47 * memory range covered by a firewall controller, for read and/or write accesses 48 * @release_memory_access: Callback used to release resources taken by a 49 * consumer when the memory access was acquired with @acquire_memory_access 50 */ 51 struct firewall_controller_ops { 52 TEE_Result (*set_conf)(struct firewall_query *conf); 53 TEE_Result (*check_access)(struct firewall_query *conf); 54 TEE_Result (*acquire_access)(struct firewall_query *conf); 55 void (*release_access)(struct firewall_query *conf); 56 TEE_Result (*check_memory_access)(struct firewall_query *fw, 57 paddr_t paddr, size_t size, 58 bool read, bool write); 59 TEE_Result (*acquire_memory_access)(struct firewall_query *fw, 60 paddr_t paddr, size_t size, 61 bool read, bool write); 62 void (*release_memory_access)(struct firewall_query *fw, 63 paddr_t paddr, size_t size, bool read, 64 bool write); 65 }; 66 67 #ifdef CFG_DRIVERS_FIREWALL 68 /** 69 * firewall_dt_controller_register() - Register a firewall controller to the 70 * firewall framework 71 * @fdt: FDT to work on 72 * @node: DT node of the controller 73 * @ctrl: Firewall controller to register 74 */ 75 TEE_Result firewall_dt_controller_register(const void *fdt, int node, 76 struct firewall_controller *ctrl); 77 78 /** 79 * firewall_dt_probe_bus() - Add bus device tree subnodes that are accessible by 80 * OP-TEE to the driver probe list. This is used at boot time only, as a sanity 81 * check between device tree and firewalls hardware configurations to prevent 82 * undesired accesses when access to a device is not authorized. This function 83 * tries to acquire access to every resource entries listed in the 84 * access-controllers property of each of the subnodes. It panics if it fails 85 * to do so. 86 * 87 * @fdt: FDT to work on 88 * @node: Firewall controller node 89 * @ctrl:Firewall controller which subnodes will be populated or not 90 */ 91 TEE_Result firewall_dt_probe_bus(const void *fdt, int node, 92 struct firewall_controller *ctrl); 93 94 #else /* CFG_DRIVERS_FIREWALL */ 95 96 static inline TEE_Result 97 firewall_dt_controller_register(const void *fdt __unused, int node __unused, 98 struct firewall_controller *ctrl __unused) 99 { 100 return TEE_ERROR_NOT_IMPLEMENTED; 101 } 102 103 static inline TEE_Result 104 firewall_dt_probe_bus(const void *fdt __unused, int node __unused, 105 struct firewall_controller *ctrl __unused) 106 { 107 return TEE_ERROR_NOT_IMPLEMENTED; 108 } 109 #endif /* CFG_DRIVERS_FIREWALL */ 110 #endif /* __DRIVERS_FIREWALL_H */ 111