xref: /optee_os/core/include/drivers/firewall_device.h (revision 1868eb206733e931b6c6c2d85d55e646bc8a2496) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (C) 2024, STMicroelectronics
4  */
5 
6 #ifndef __DRIVERS_FIREWALL_DEVICE_H
7 #define __DRIVERS_FIREWALL_DEVICE_H
8 
9 #include <stdint.h>
10 #include <tee_api.h>
11 #include <types_ext.h>
12 #include <util.h>
13 
14 /* Opaque reference to firewall_controller */
15 struct firewall_controller;
16 
17 /**
18  * struct firewall_query - Information on a device's firewall.
19  *
20  * @ctrl: Pointer referencing a firewall controller of the device. It is opaque
21  * so a device cannot manipulate the controller's ops or access the controller's
22  * data
23  * @args: Firewall arguments that are implementation dependent
24  * @arg_count: Number of arguments
25  */
26 struct firewall_query {
27 	struct firewall_controller *ctrl;
28 	uint32_t *args;
29 	size_t arg_count;
30 };
31 
32 #ifdef CFG_DRIVERS_FIREWALL
33 /**
34  * firewall_dt_get_by_index() - Get the firewall configuration associated to a
35  * given index for a device node.
36  *
37  * @fdt: FDT to work on
38  * @node: Device node to read from
39  * @index: Index of the entry in the property
40  * @out_fw: Firewall query reference
41  *
42  * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match
43  * with a firewall controller or appropriate TEE_Result error code if an
44  * error occurred.
45  */
46 TEE_Result firewall_dt_get_by_index(const void *fdt, int node,
47 				    unsigned int index,
48 				    struct firewall_query **out_fw);
49 
50 /**
51  * firewall_dt_get_by_name() - Get the firewall configuration associated to a
52  * given name for a device node.
53  *
54  * @fdt: FDT to work on
55  * @node: Device node to read from
56  * @name: Name of the firewall configuration to search for
57  * @out_fw: Firewall query reference
58  *
59  * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match
60  * with a firewall controller or appropriate TEE_Result error code if an
61  * error occurred.
62  */
63 TEE_Result firewall_dt_get_by_name(const void *fdt, int node, const char *name,
64 				   struct firewall_query **out_fw);
65 
66 /**
67  * firewall_set_configuration() - Reconfigure the firewall controller associated
68  * to the given firewall configuration with it.
69  *
70  * @fw:	Firewall query containing the configuration to set
71  */
72 TEE_Result firewall_set_configuration(struct firewall_query *fw);
73 
74 /**
75  * firewall_check_access() - Check if the access is authorized for a consumer
76  * and the given firewall configuration according to the settings of its
77  * firewall controller
78  *
79  * @fw:	Firewall query containing the configuration to check against its
80  * firewall controller
81  */
82 TEE_Result firewall_check_access(struct firewall_query *fw);
83 
84 /**
85  * firewall_acquire_access() - Check if OP-TEE can access the consumer and
86  * acquire potential resources to allow the access
87  *
88  * @fw:	Firewall query containing the configuration to check against its
89  * firewall controller
90  */
91 TEE_Result firewall_acquire_access(struct firewall_query *fw);
92 
93 /**
94  * firewall_check_memory_access() - Check if a consumer can access the memory
95  * address range, in read and/or write mode and given the firewall
96  * configuration, against a firewall controller
97  *
98  * @fw: Firewall query containing the configuration to check against its
99  * firewall controller
100  * @paddr: Physical base address of the memory range to check
101  * @size: Size of the memory range to check
102  * @read: If true, check rights for a read access
103  * @write: If true, check rights for a write access
104  */
105 TEE_Result firewall_check_memory_access(struct firewall_query *fw,
106 					paddr_t paddr, size_t size, bool read,
107 					bool write);
108 
109 /**
110  * firewall_acquire_memory_access() - Request OP-TEE access, in read and/or
111  * write mode, to the given memory address range against a firewall controller
112  * and acquire potential resources to allow the access
113  *
114  * @fw: Firewall query containing the configuration to check against its
115  * firewall controller
116  * @paddr: Physical base address of the memory range to check
117  * @size: Size of the memory range to check
118  * @read: Check rights for a read access
119  * @write: Check rights for a write access
120  */
121 TEE_Result firewall_acquire_memory_access(struct firewall_query *fw,
122 					  paddr_t paddr, size_t size, bool read,
123 					  bool write);
124 
125 /**
126  * firewall_release_access() - Release resources obtained by a call to
127  * firewall_acquire_access()
128  *
129  * @fw:	Firewall query containing the configuration to release
130  */
131 void firewall_release_access(struct firewall_query *fw);
132 
133 /**
134  * firewall_release_memory_access() - Release resources obtained by a call to
135  * firewall_acquire_memory_access()
136  *
137  * @fw:	Firewall configuration to release
138  * @paddr: Physical base address of the memory range to release
139  * @size: Size of the memory range to release
140  * @read: Release rights for read accesses
141  * @write: Release rights for write accesses
142  */
143 void firewall_release_memory_access(struct firewall_query *fw, paddr_t paddr,
144 				    size_t size, bool read, bool write);
145 
146 /**
147  * firewall_put() - Release a firewall_query structure allocated by
148  * firewall_dt_get_by_index() or firewall_dt_get_by_name()
149  *
150  * @fw:	Firewall query to put
151  */
152 void firewall_put(struct firewall_query *fw);
153 
154 #else /* CFG_DRIVERS_FIREWALL */
155 
156 static inline TEE_Result
157 firewall_dt_get_by_index(const void *fdt __unused, int node __unused,
158 			 unsigned int index __unused,
159 			 struct firewall_query **out_fw __unused)
160 {
161 	return TEE_ERROR_NOT_IMPLEMENTED;
162 }
163 
164 static inline TEE_Result
165 firewall_dt_get_by_name(const void *fdt __unused, int node __unused,
166 			const char *name __unused,
167 			struct firewall_query **out_fw __unused)
168 {
169 	return TEE_ERROR_NOT_IMPLEMENTED;
170 }
171 
172 static inline TEE_Result
173 firewall_check_access(struct firewall_query *fw __unused)
174 {
175 	return TEE_ERROR_NOT_IMPLEMENTED;
176 }
177 
178 static inline TEE_Result
179 firewall_acquire_access(struct firewall_query *fw __unused)
180 {
181 	return TEE_ERROR_NOT_IMPLEMENTED;
182 }
183 
184 static inline TEE_Result
185 firewall_check_memory_access(struct firewall_query *fw __unused,
186 			     paddr_t paddr __unused, size_t size __unused,
187 			     bool read __unused, bool write __unused)
188 {
189 	return TEE_ERROR_NOT_IMPLEMENTED;
190 }
191 
192 static inline TEE_Result
193 firewall_acquire_memory_access(struct firewall_query *fw __unused,
194 			       paddr_t paddr __unused, size_t size __unused,
195 			       bool read __unused, bool write __unused)
196 {
197 	return TEE_ERROR_NOT_IMPLEMENTED;
198 }
199 
200 static inline void
201 firewall_release_access(struct firewall_query *fw __unused)
202 {
203 }
204 
205 static inline void
206 firewall_release_memory_access(struct firewall_query *fw __unused,
207 			       paddr_t paddr __unused, size_t size __unused,
208 			       bool read __unused, bool write __unused)
209 {
210 }
211 
212 static inline TEE_Result
213 firewall_set_configuration(struct firewall_query *fw __unused)
214 {
215 	return TEE_ERROR_NOT_IMPLEMENTED;
216 }
217 
218 static inline void firewall_put(struct firewall_query *fw __unused)
219 {
220 }
221 
222 #endif /* CFG_DRIVERS_FIREWALL */
223 #endif /* __DRIVERS_FIREWALL_DEVICE_H */
224