xref: /optee_os/core/include/drivers/firewall.h (revision fc9ea0db8ddf8150754aac716691616c7e3f404a) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (C) 2024, STMicroelectronics
4  */
5 
6 #ifndef __DRIVERS_FIREWALL_H
7 #define __DRIVERS_FIREWALL_H
8 
9 #include <compiler.h>
10 #include <drivers/firewall_device.h>
11 #include <mm/core_memprot.h>
12 #include <stdbool.h>
13 #include <stddef.h>
14 #include <tee_api_defines.h>
15 #include <types_ext.h>
16 
17 struct firewall_controller_ops;
18 
19 /**
20  * struct firewall_controller - Firewall controller supplying services
21  *
22  * @ops: Operation handlers
23  * @name: Name of the firewall controller
24  * @base: Base address of the firewall controller
25  * @priv: Private data of the firewall controller
26  */
27 struct firewall_controller {
28 	const struct firewall_controller_ops *ops;
29 	const char *name;
30 	struct io_pa_va *base;
31 	void *priv;
32 };
33 
34 /**
35  * struct firewall_controller_ops - Firewall controller operation handlers
36  *
37  * @set_conf: Callback used to set given firewall configuration
38  * @check_access: Callback used to check access for a consumer on a resource
39  * against a firewall controller
40  * @acquire_access: Callback used to acquire access for OP-TEE on a resource
41  * against a firewall controller
42  * @release_access: Callback used to release resources taken by a consumer when
43  * the access was acquired with @acquire_access
44  * @check_memory_access: Callback used to check access for a consumer to a
45  * memory range covered by a firewall controller, for read and/or write accesses
46  * @acquire_memory_access: Callback used to acquire access for OP-TEE to a
47  * memory range covered by a firewall controller, for read and/or write accesses
48  * @release_memory_access: Callback used to release resources taken by a
49  * consumer when the memory access was acquired with @acquire_memory_access
50  */
51 struct firewall_controller_ops {
52 	TEE_Result (*set_conf)(struct firewall_query *conf);
53 	TEE_Result (*check_access)(struct firewall_query *conf);
54 	TEE_Result (*acquire_access)(struct firewall_query *conf);
55 	void (*release_access)(struct firewall_query *conf);
56 	TEE_Result (*check_memory_access)(struct firewall_query *fw,
57 					  paddr_t paddr, size_t size,
58 					  bool read, bool write);
59 	TEE_Result (*acquire_memory_access)(struct firewall_query *fw,
60 					    paddr_t paddr, size_t size,
61 					    bool read, bool write);
62 	void (*release_memory_access)(struct firewall_query *fw,
63 				      paddr_t paddr, size_t size, bool read,
64 				      bool write);
65 };
66 
67 #ifdef CFG_DRIVERS_FIREWALL
68 /**
69  * firewall_dt_controller_register() - Register a firewall controller to the
70  * firewall framework
71  * @fdt: FDT to work on
72  * @node: DT node of the controller
73  * @ctrl: Firewall controller to register
74  */
75 TEE_Result firewall_dt_controller_register(const void *fdt, int node,
76 					   struct firewall_controller *ctrl);
77 
78 #else /* CFG_DRIVERS_FIREWALL */
79 
80 static inline TEE_Result
81 firewall_dt_controller_register(const void *fdt __unused, int node __unused,
82 				struct firewall_controller *ctrl __unused)
83 {
84 	return TEE_ERROR_NOT_IMPLEMENTED;
85 }
86 #endif /* CFG_DRIVERS_FIREWALL */
87 #endif /* __DRIVERS_FIREWALL_H */
88