148a1cce4SGatien Chevallier /* SPDX-License-Identifier: BSD-2-Clause */
248a1cce4SGatien Chevallier /*
348a1cce4SGatien Chevallier * Copyright (C) 2024, STMicroelectronics
448a1cce4SGatien Chevallier */
548a1cce4SGatien Chevallier
648a1cce4SGatien Chevallier #ifndef __DRIVERS_FIREWALL_DEVICE_H
748a1cce4SGatien Chevallier #define __DRIVERS_FIREWALL_DEVICE_H
848a1cce4SGatien Chevallier
948a1cce4SGatien Chevallier #include <stdint.h>
1048a1cce4SGatien Chevallier #include <tee_api.h>
1148a1cce4SGatien Chevallier #include <types_ext.h>
1248a1cce4SGatien Chevallier #include <util.h>
1348a1cce4SGatien Chevallier
1448a1cce4SGatien Chevallier /* Opaque reference to firewall_controller */
1548a1cce4SGatien Chevallier struct firewall_controller;
1648a1cce4SGatien Chevallier
1748a1cce4SGatien Chevallier /**
1848a1cce4SGatien Chevallier * struct firewall_query - Information on a device's firewall.
1948a1cce4SGatien Chevallier *
2048a1cce4SGatien Chevallier * @ctrl: Pointer referencing a firewall controller of the device. It is opaque
2148a1cce4SGatien Chevallier * so a device cannot manipulate the controller's ops or access the controller's
2248a1cce4SGatien Chevallier * data
2348a1cce4SGatien Chevallier * @args: Firewall arguments that are implementation dependent
2448a1cce4SGatien Chevallier * @arg_count: Number of arguments
2548a1cce4SGatien Chevallier */
2648a1cce4SGatien Chevallier struct firewall_query {
2748a1cce4SGatien Chevallier struct firewall_controller *ctrl;
2848a1cce4SGatien Chevallier uint32_t *args;
2948a1cce4SGatien Chevallier size_t arg_count;
3048a1cce4SGatien Chevallier };
3148a1cce4SGatien Chevallier
3248a1cce4SGatien Chevallier #ifdef CFG_DRIVERS_FIREWALL
3348a1cce4SGatien Chevallier /**
3448a1cce4SGatien Chevallier * firewall_dt_get_by_index() - Get the firewall configuration associated to a
3548a1cce4SGatien Chevallier * given index for a device node.
3648a1cce4SGatien Chevallier *
3748a1cce4SGatien Chevallier * @fdt: FDT to work on
3848a1cce4SGatien Chevallier * @node: Device node to read from
3948a1cce4SGatien Chevallier * @index: Index of the entry in the property
4048a1cce4SGatien Chevallier * @out_fw: Firewall query reference
4148a1cce4SGatien Chevallier *
4248a1cce4SGatien Chevallier * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match
4348a1cce4SGatien Chevallier * with a firewall controller or appropriate TEE_Result error code if an
4448a1cce4SGatien Chevallier * error occurred.
4548a1cce4SGatien Chevallier */
4648a1cce4SGatien Chevallier TEE_Result firewall_dt_get_by_index(const void *fdt, int node,
4748a1cce4SGatien Chevallier unsigned int index,
4848a1cce4SGatien Chevallier struct firewall_query **out_fw);
4948a1cce4SGatien Chevallier
5048a1cce4SGatien Chevallier /**
5148a1cce4SGatien Chevallier * firewall_dt_get_by_name() - Get the firewall configuration associated to a
5248a1cce4SGatien Chevallier * given name for a device node.
5348a1cce4SGatien Chevallier *
5448a1cce4SGatien Chevallier * @fdt: FDT to work on
5548a1cce4SGatien Chevallier * @node: Device node to read from
5648a1cce4SGatien Chevallier * @name: Name of the firewall configuration to search for
5748a1cce4SGatien Chevallier * @out_fw: Firewall query reference
5848a1cce4SGatien Chevallier *
5948a1cce4SGatien Chevallier * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match
6048a1cce4SGatien Chevallier * with a firewall controller or appropriate TEE_Result error code if an
6148a1cce4SGatien Chevallier * error occurred.
6248a1cce4SGatien Chevallier */
6348a1cce4SGatien Chevallier TEE_Result firewall_dt_get_by_name(const void *fdt, int node, const char *name,
6448a1cce4SGatien Chevallier struct firewall_query **out_fw);
6548a1cce4SGatien Chevallier
6648a1cce4SGatien Chevallier /**
6748a1cce4SGatien Chevallier * firewall_set_configuration() - Reconfigure the firewall controller associated
6848a1cce4SGatien Chevallier * to the given firewall configuration with it.
6948a1cce4SGatien Chevallier *
7048a1cce4SGatien Chevallier * @fw: Firewall query containing the configuration to set
7148a1cce4SGatien Chevallier */
7248a1cce4SGatien Chevallier TEE_Result firewall_set_configuration(struct firewall_query *fw);
7348a1cce4SGatien Chevallier
7448a1cce4SGatien Chevallier /**
7548a1cce4SGatien Chevallier * firewall_check_access() - Check if the access is authorized for a consumer
7648a1cce4SGatien Chevallier * and the given firewall configuration according to the settings of its
7748a1cce4SGatien Chevallier * firewall controller
7848a1cce4SGatien Chevallier *
7948a1cce4SGatien Chevallier * @fw: Firewall query containing the configuration to check against its
8048a1cce4SGatien Chevallier * firewall controller
8148a1cce4SGatien Chevallier */
8248a1cce4SGatien Chevallier TEE_Result firewall_check_access(struct firewall_query *fw);
8348a1cce4SGatien Chevallier
8448a1cce4SGatien Chevallier /**
8548a1cce4SGatien Chevallier * firewall_acquire_access() - Check if OP-TEE can access the consumer and
8648a1cce4SGatien Chevallier * acquire potential resources to allow the access
8748a1cce4SGatien Chevallier *
8848a1cce4SGatien Chevallier * @fw: Firewall query containing the configuration to check against its
8948a1cce4SGatien Chevallier * firewall controller
9048a1cce4SGatien Chevallier */
9148a1cce4SGatien Chevallier TEE_Result firewall_acquire_access(struct firewall_query *fw);
9248a1cce4SGatien Chevallier
9348a1cce4SGatien Chevallier /**
9448a1cce4SGatien Chevallier * firewall_check_memory_access() - Check if a consumer can access the memory
9548a1cce4SGatien Chevallier * address range, in read and/or write mode and given the firewall
9648a1cce4SGatien Chevallier * configuration, against a firewall controller
9748a1cce4SGatien Chevallier *
9848a1cce4SGatien Chevallier * @fw: Firewall query containing the configuration to check against its
9948a1cce4SGatien Chevallier * firewall controller
10048a1cce4SGatien Chevallier * @paddr: Physical base address of the memory range to check
10148a1cce4SGatien Chevallier * @size: Size of the memory range to check
10248a1cce4SGatien Chevallier * @read: If true, check rights for a read access
10348a1cce4SGatien Chevallier * @write: If true, check rights for a write access
10448a1cce4SGatien Chevallier */
10548a1cce4SGatien Chevallier TEE_Result firewall_check_memory_access(struct firewall_query *fw,
10648a1cce4SGatien Chevallier paddr_t paddr, size_t size, bool read,
10748a1cce4SGatien Chevallier bool write);
10848a1cce4SGatien Chevallier
10948a1cce4SGatien Chevallier /**
11048a1cce4SGatien Chevallier * firewall_acquire_memory_access() - Request OP-TEE access, in read and/or
11148a1cce4SGatien Chevallier * write mode, to the given memory address range against a firewall controller
11248a1cce4SGatien Chevallier * and acquire potential resources to allow the access
11348a1cce4SGatien Chevallier *
11448a1cce4SGatien Chevallier * @fw: Firewall query containing the configuration to check against its
11548a1cce4SGatien Chevallier * firewall controller
11648a1cce4SGatien Chevallier * @paddr: Physical base address of the memory range to check
11748a1cce4SGatien Chevallier * @size: Size of the memory range to check
11848a1cce4SGatien Chevallier * @read: Check rights for a read access
11948a1cce4SGatien Chevallier * @write: Check rights for a write access
12048a1cce4SGatien Chevallier */
12148a1cce4SGatien Chevallier TEE_Result firewall_acquire_memory_access(struct firewall_query *fw,
12248a1cce4SGatien Chevallier paddr_t paddr, size_t size, bool read,
12348a1cce4SGatien Chevallier bool write);
12448a1cce4SGatien Chevallier
12548a1cce4SGatien Chevallier /**
12648a1cce4SGatien Chevallier * firewall_release_access() - Release resources obtained by a call to
12748a1cce4SGatien Chevallier * firewall_acquire_access()
12848a1cce4SGatien Chevallier *
12948a1cce4SGatien Chevallier * @fw: Firewall query containing the configuration to release
13048a1cce4SGatien Chevallier */
13148a1cce4SGatien Chevallier void firewall_release_access(struct firewall_query *fw);
13248a1cce4SGatien Chevallier
13348a1cce4SGatien Chevallier /**
13448a1cce4SGatien Chevallier * firewall_release_memory_access() - Release resources obtained by a call to
13548a1cce4SGatien Chevallier * firewall_acquire_memory_access()
13648a1cce4SGatien Chevallier *
13748a1cce4SGatien Chevallier * @fw: Firewall configuration to release
13848a1cce4SGatien Chevallier * @paddr: Physical base address of the memory range to release
13948a1cce4SGatien Chevallier * @size: Size of the memory range to release
14048a1cce4SGatien Chevallier * @read: Release rights for read accesses
14148a1cce4SGatien Chevallier * @write: Release rights for write accesses
14248a1cce4SGatien Chevallier */
14348a1cce4SGatien Chevallier void firewall_release_memory_access(struct firewall_query *fw, paddr_t paddr,
14448a1cce4SGatien Chevallier size_t size, bool read, bool write);
14548a1cce4SGatien Chevallier
14648a1cce4SGatien Chevallier /**
147*d6b3f5f4SGatien Chevallier * firewall_set_memory_configuration() - Reconfigure a memory range with
148*d6b3f5f4SGatien Chevallier * the given firewall configuration
149*d6b3f5f4SGatien Chevallier *
150*d6b3f5f4SGatien Chevallier * @fw: Firewall query containing the configuration to set
151*d6b3f5f4SGatien Chevallier * @paddr: Physical base address of the memory range
152*d6b3f5f4SGatien Chevallier * @size: Size of the memory range
153*d6b3f5f4SGatien Chevallier */
154*d6b3f5f4SGatien Chevallier TEE_Result firewall_set_memory_configuration(struct firewall_query *fw,
155*d6b3f5f4SGatien Chevallier paddr_t paddr, size_t size);
156*d6b3f5f4SGatien Chevallier
157*d6b3f5f4SGatien Chevallier /**
15848a1cce4SGatien Chevallier * firewall_put() - Release a firewall_query structure allocated by
15948a1cce4SGatien Chevallier * firewall_dt_get_by_index() or firewall_dt_get_by_name()
16048a1cce4SGatien Chevallier *
16148a1cce4SGatien Chevallier * @fw: Firewall query to put
16248a1cce4SGatien Chevallier */
16348a1cce4SGatien Chevallier void firewall_put(struct firewall_query *fw);
16448a1cce4SGatien Chevallier
16548a1cce4SGatien Chevallier #else /* CFG_DRIVERS_FIREWALL */
16648a1cce4SGatien Chevallier
16748a1cce4SGatien Chevallier static inline TEE_Result
firewall_dt_get_by_index(const void * fdt __unused,int node __unused,unsigned int index __unused,struct firewall_query ** out_fw __unused)16848a1cce4SGatien Chevallier firewall_dt_get_by_index(const void *fdt __unused, int node __unused,
16948a1cce4SGatien Chevallier unsigned int index __unused,
17048a1cce4SGatien Chevallier struct firewall_query **out_fw __unused)
17148a1cce4SGatien Chevallier {
17248a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
17348a1cce4SGatien Chevallier }
17448a1cce4SGatien Chevallier
17548a1cce4SGatien Chevallier static inline TEE_Result
firewall_dt_get_by_name(const void * fdt __unused,int node __unused,const char * name __unused,struct firewall_query ** out_fw __unused)17648a1cce4SGatien Chevallier firewall_dt_get_by_name(const void *fdt __unused, int node __unused,
17748a1cce4SGatien Chevallier const char *name __unused,
17848a1cce4SGatien Chevallier struct firewall_query **out_fw __unused)
17948a1cce4SGatien Chevallier {
18048a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
18148a1cce4SGatien Chevallier }
18248a1cce4SGatien Chevallier
18348a1cce4SGatien Chevallier static inline TEE_Result
firewall_check_access(struct firewall_query * fw __unused)18448a1cce4SGatien Chevallier firewall_check_access(struct firewall_query *fw __unused)
18548a1cce4SGatien Chevallier {
18648a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
18748a1cce4SGatien Chevallier }
18848a1cce4SGatien Chevallier
18948a1cce4SGatien Chevallier static inline TEE_Result
firewall_acquire_access(struct firewall_query * fw __unused)19048a1cce4SGatien Chevallier firewall_acquire_access(struct firewall_query *fw __unused)
19148a1cce4SGatien Chevallier {
19248a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
19348a1cce4SGatien Chevallier }
19448a1cce4SGatien Chevallier
19548a1cce4SGatien Chevallier static inline TEE_Result
firewall_check_memory_access(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused,bool read __unused,bool write __unused)19648a1cce4SGatien Chevallier firewall_check_memory_access(struct firewall_query *fw __unused,
19748a1cce4SGatien Chevallier paddr_t paddr __unused, size_t size __unused,
19848a1cce4SGatien Chevallier bool read __unused, bool write __unused)
19948a1cce4SGatien Chevallier {
20048a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
20148a1cce4SGatien Chevallier }
20248a1cce4SGatien Chevallier
20348a1cce4SGatien Chevallier static inline TEE_Result
firewall_acquire_memory_access(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused,bool read __unused,bool write __unused)20448a1cce4SGatien Chevallier firewall_acquire_memory_access(struct firewall_query *fw __unused,
20548a1cce4SGatien Chevallier paddr_t paddr __unused, size_t size __unused,
20648a1cce4SGatien Chevallier bool read __unused, bool write __unused)
20748a1cce4SGatien Chevallier {
20848a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
20948a1cce4SGatien Chevallier }
21048a1cce4SGatien Chevallier
21148a1cce4SGatien Chevallier static inline void
firewall_release_access(struct firewall_query * fw __unused)21248a1cce4SGatien Chevallier firewall_release_access(struct firewall_query *fw __unused)
21348a1cce4SGatien Chevallier {
21448a1cce4SGatien Chevallier }
21548a1cce4SGatien Chevallier
21648a1cce4SGatien Chevallier static inline void
firewall_release_memory_access(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused,bool read __unused,bool write __unused)21748a1cce4SGatien Chevallier firewall_release_memory_access(struct firewall_query *fw __unused,
21848a1cce4SGatien Chevallier paddr_t paddr __unused, size_t size __unused,
21948a1cce4SGatien Chevallier bool read __unused, bool write __unused)
22048a1cce4SGatien Chevallier {
22148a1cce4SGatien Chevallier }
22248a1cce4SGatien Chevallier
22348a1cce4SGatien Chevallier static inline TEE_Result
firewall_set_configuration(struct firewall_query * fw __unused)22448a1cce4SGatien Chevallier firewall_set_configuration(struct firewall_query *fw __unused)
22548a1cce4SGatien Chevallier {
22648a1cce4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
22748a1cce4SGatien Chevallier }
22848a1cce4SGatien Chevallier
229*d6b3f5f4SGatien Chevallier static inline TEE_Result
firewall_set_memory_configuration(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused)230*d6b3f5f4SGatien Chevallier firewall_set_memory_configuration(struct firewall_query *fw __unused,
231*d6b3f5f4SGatien Chevallier paddr_t paddr __unused, size_t size __unused)
232*d6b3f5f4SGatien Chevallier {
233*d6b3f5f4SGatien Chevallier return TEE_ERROR_NOT_IMPLEMENTED;
234*d6b3f5f4SGatien Chevallier }
235*d6b3f5f4SGatien Chevallier
firewall_put(struct firewall_query * fw __unused)23648a1cce4SGatien Chevallier static inline void firewall_put(struct firewall_query *fw __unused)
23748a1cce4SGatien Chevallier {
23848a1cce4SGatien Chevallier }
23948a1cce4SGatien Chevallier
24048a1cce4SGatien Chevallier #endif /* CFG_DRIVERS_FIREWALL */
24148a1cce4SGatien Chevallier #endif /* __DRIVERS_FIREWALL_DEVICE_H */
242