1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (C) 2024, STMicroelectronics 4 */ 5 6 #ifndef __DRIVERS_FIREWALL_DEVICE_H 7 #define __DRIVERS_FIREWALL_DEVICE_H 8 9 #include <stdint.h> 10 #include <tee_api.h> 11 #include <types_ext.h> 12 #include <util.h> 13 14 /* Opaque reference to firewall_controller */ 15 struct firewall_controller; 16 17 /** 18 * struct firewall_query - Information on a device's firewall. 19 * 20 * @ctrl: Pointer referencing a firewall controller of the device. It is opaque 21 * so a device cannot manipulate the controller's ops or access the controller's 22 * data 23 * @args: Firewall arguments that are implementation dependent 24 * @arg_count: Number of arguments 25 */ 26 struct firewall_query { 27 struct firewall_controller *ctrl; 28 uint32_t *args; 29 size_t arg_count; 30 }; 31 32 #ifdef CFG_DRIVERS_FIREWALL 33 /** 34 * firewall_dt_get_by_index() - Get the firewall configuration associated to a 35 * given index for a device node. 36 * 37 * @fdt: FDT to work on 38 * @node: Device node to read from 39 * @index: Index of the entry in the property 40 * @out_fw: Firewall query reference 41 * 42 * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match 43 * with a firewall controller or appropriate TEE_Result error code if an 44 * error occurred. 45 */ 46 TEE_Result firewall_dt_get_by_index(const void *fdt, int node, 47 unsigned int index, 48 struct firewall_query **out_fw); 49 50 /** 51 * firewall_dt_get_by_name() - Get the firewall configuration associated to a 52 * given name for a device node. 53 * 54 * @fdt: FDT to work on 55 * @node: Device node to read from 56 * @name: Name of the firewall configuration to search for 57 * @out_fw: Firewall query reference 58 * 59 * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match 60 * with a firewall controller or appropriate TEE_Result error code if an 61 * error occurred. 62 */ 63 TEE_Result firewall_dt_get_by_name(const void *fdt, int node, const char *name, 64 struct firewall_query **out_fw); 65 66 /** 67 * firewall_set_configuration() - Reconfigure the firewall controller associated 68 * to the given firewall configuration with it. 69 * 70 * @fw: Firewall query containing the configuration to set 71 */ 72 TEE_Result firewall_set_configuration(struct firewall_query *fw); 73 74 /** 75 * firewall_check_access() - Check if the access is authorized for a consumer 76 * and the given firewall configuration according to the settings of its 77 * firewall controller 78 * 79 * @fw: Firewall query containing the configuration to check against its 80 * firewall controller 81 */ 82 TEE_Result firewall_check_access(struct firewall_query *fw); 83 84 /** 85 * firewall_acquire_access() - Check if OP-TEE can access the consumer and 86 * acquire potential resources to allow the access 87 * 88 * @fw: Firewall query containing the configuration to check against its 89 * firewall controller 90 */ 91 TEE_Result firewall_acquire_access(struct firewall_query *fw); 92 93 /** 94 * firewall_check_memory_access() - Check if a consumer can access the memory 95 * address range, in read and/or write mode and given the firewall 96 * configuration, against a firewall controller 97 * 98 * @fw: Firewall query containing the configuration to check against its 99 * firewall controller 100 * @paddr: Physical base address of the memory range to check 101 * @size: Size of the memory range to check 102 * @read: If true, check rights for a read access 103 * @write: If true, check rights for a write access 104 */ 105 TEE_Result firewall_check_memory_access(struct firewall_query *fw, 106 paddr_t paddr, size_t size, bool read, 107 bool write); 108 109 /** 110 * firewall_acquire_memory_access() - Request OP-TEE access, in read and/or 111 * write mode, to the given memory address range against a firewall controller 112 * and acquire potential resources to allow the access 113 * 114 * @fw: Firewall query containing the configuration to check against its 115 * firewall controller 116 * @paddr: Physical base address of the memory range to check 117 * @size: Size of the memory range to check 118 * @read: Check rights for a read access 119 * @write: Check rights for a write access 120 */ 121 TEE_Result firewall_acquire_memory_access(struct firewall_query *fw, 122 paddr_t paddr, size_t size, bool read, 123 bool write); 124 125 /** 126 * firewall_release_access() - Release resources obtained by a call to 127 * firewall_acquire_access() 128 * 129 * @fw: Firewall query containing the configuration to release 130 */ 131 void firewall_release_access(struct firewall_query *fw); 132 133 /** 134 * firewall_release_memory_access() - Release resources obtained by a call to 135 * firewall_acquire_memory_access() 136 * 137 * @fw: Firewall configuration to release 138 * @paddr: Physical base address of the memory range to release 139 * @size: Size of the memory range to release 140 * @read: Release rights for read accesses 141 * @write: Release rights for write accesses 142 */ 143 void firewall_release_memory_access(struct firewall_query *fw, paddr_t paddr, 144 size_t size, bool read, bool write); 145 146 /** 147 * firewall_set_memory_configuration() - Reconfigure a memory range with 148 * the given firewall configuration 149 * 150 * @fw: Firewall query containing the configuration to set 151 * @paddr: Physical base address of the memory range 152 * @size: Size of the memory range 153 */ 154 TEE_Result firewall_set_memory_configuration(struct firewall_query *fw, 155 paddr_t paddr, size_t size); 156 157 /** 158 * firewall_put() - Release a firewall_query structure allocated by 159 * firewall_dt_get_by_index() or firewall_dt_get_by_name() 160 * 161 * @fw: Firewall query to put 162 */ 163 void firewall_put(struct firewall_query *fw); 164 165 #else /* CFG_DRIVERS_FIREWALL */ 166 167 static inline TEE_Result 168 firewall_dt_get_by_index(const void *fdt __unused, int node __unused, 169 unsigned int index __unused, 170 struct firewall_query **out_fw __unused) 171 { 172 return TEE_ERROR_NOT_IMPLEMENTED; 173 } 174 175 static inline TEE_Result 176 firewall_dt_get_by_name(const void *fdt __unused, int node __unused, 177 const char *name __unused, 178 struct firewall_query **out_fw __unused) 179 { 180 return TEE_ERROR_NOT_IMPLEMENTED; 181 } 182 183 static inline TEE_Result 184 firewall_check_access(struct firewall_query *fw __unused) 185 { 186 return TEE_ERROR_NOT_IMPLEMENTED; 187 } 188 189 static inline TEE_Result 190 firewall_acquire_access(struct firewall_query *fw __unused) 191 { 192 return TEE_ERROR_NOT_IMPLEMENTED; 193 } 194 195 static inline TEE_Result 196 firewall_check_memory_access(struct firewall_query *fw __unused, 197 paddr_t paddr __unused, size_t size __unused, 198 bool read __unused, bool write __unused) 199 { 200 return TEE_ERROR_NOT_IMPLEMENTED; 201 } 202 203 static inline TEE_Result 204 firewall_acquire_memory_access(struct firewall_query *fw __unused, 205 paddr_t paddr __unused, size_t size __unused, 206 bool read __unused, bool write __unused) 207 { 208 return TEE_ERROR_NOT_IMPLEMENTED; 209 } 210 211 static inline void 212 firewall_release_access(struct firewall_query *fw __unused) 213 { 214 } 215 216 static inline void 217 firewall_release_memory_access(struct firewall_query *fw __unused, 218 paddr_t paddr __unused, size_t size __unused, 219 bool read __unused, bool write __unused) 220 { 221 } 222 223 static inline TEE_Result 224 firewall_set_configuration(struct firewall_query *fw __unused) 225 { 226 return TEE_ERROR_NOT_IMPLEMENTED; 227 } 228 229 static inline TEE_Result 230 firewall_set_memory_configuration(struct firewall_query *fw __unused, 231 paddr_t paddr __unused, size_t size __unused) 232 { 233 return TEE_ERROR_NOT_IMPLEMENTED; 234 } 235 236 static inline void firewall_put(struct firewall_query *fw __unused) 237 { 238 } 239 240 #endif /* CFG_DRIVERS_FIREWALL */ 241 #endif /* __DRIVERS_FIREWALL_DEVICE_H */ 242