[Modifications] drivers: stm32_etzpc: new driver to use firewall API

Remove check_memory_access() as there is no use for it and the
implementation was incorrect

Modify stm32_etzpc_configure() so that the DECPROT macro is reused as the
access-controllers second parameter.

Modify stm32_etzpc_check_access() to take into account the new format of
the second parameter and to correct the checking rules.

Add etzpc_decprot_strings that is embedded when TRACE_LEVEL >= TRACE_DEBUG
to print clear about the attributes of the firewall configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

core/drivers/firewall/stm32_etzpc.c

@@ -118,6 +118,15 @@ struct etzpc_device {
 	unsigned int lock;
 };
 
+#if TRACE_LEVEL >= TRACE_DEBUG
+static const char *const etzpc_decprot_strings[] = {
+	"ETZPC_DECPROT_S_RW",
+	"ETZPC_DECPROT_NS_R_S_W",
+	"ETZPC_DECPROT_MCU_ISOLATION",
+	"ETZPC_DECPROT_NS_RW",
+};
+#endif
+
 static uint32_t etzpc_lock(struct etzpc_device *dev)
 {
 	return may_spin_lock(&dev->lock);
@@ -170,7 +179,8 @@ static void etzpc_do_configure_decprot(struct etzpc_device *etzpc_dev,
 
 	assert(valid_decprot_id(etzpc_dev, decprot_id));
 
-	FMSG("ID : %"PRIu32", CONF %d", decprot_id, attr);
+	DMSG("ID : %"PRIu32", CONF %s", decprot_id,
+	     etzpc_decprot_strings[attr]);
 
 	exceptions = etzpc_lock(etzpc_dev);
 
@@ -344,18 +354,33 @@ static TEE_Result stm32_etzpc_check_access(struct firewall_query *firewall)
 	 * Peripheral configuration, we assume the configuration is as
 	 * follows:
 	 * firewall->args[0]: Firewall ID
-	 * firewall->args[1]: tzpc_decprot_attributes to check
+	 * firewall->args[1]: DECPROT macro to extract etzpc_decprot_attributes
+	 *		      from
 	 */
-	if (firewall->args[1] >= ETZPC_DECPROT_MAX)
-		return TEE_ERROR_BAD_PARAMETERS;
 	id = firewall->args[0];
-	attr_req = firewall->args[1];
+	attr_req = etzpc_binding2decprot((firewall->args[1] >>
+					  ETZPC_MODE_SHIFT) & ETZPC_MODE_MASK);
 
 	if (id < etzpc_dev->ddata->num_per_sec) {
 		attr = etzpc_do_get_decprot(etzpc_dev, id);
-		DMSG("Check access %"PRIu32" - attr %d - requested %d", id,
-		     attr, attr_req);
-		if (attr == attr_req)
+		DMSG("Check access %"PRIu32" - attr %s - requested %s", id,
+		     etzpc_decprot_strings[attr],
+		     etzpc_decprot_strings[attr_req]);
+
+		/*
+		 * Access authorized if the attributes requested match the
+		 * current configuration, or if the requester is secure and
+		 * the device is not MCU isolated, or if the requester is
+		 * non-secure and the device is not MCU isolated and not secure
+		 */
+		if (attr == attr_req ||
+		    ((attr_req == ETZPC_DECPROT_S_RW ||
+		      attr_req == ETZPC_DECPROT_NS_R_S_W) && attr !=
+		     ETZPC_DECPROT_MCU_ISOLATION) ||
+		    ((attr_req == ETZPC_DECPROT_NS_RW ||
+		      attr_req == ETZPC_DECPROT_NS_R_S_W) && attr !=
+		     ETZPC_DECPROT_MCU_ISOLATION && attr !=
+		     ETZPC_DECPROT_S_RW))
 			return TEE_SUCCESS;
 		else
 			return TEE_ERROR_ACCESS_DENIED;
@@ -386,47 +411,6 @@ static TEE_Result stm32_etzpc_acquire_access(struct firewall_query *firewall)
 	return TEE_SUCCESS;
 }
 
-static TEE_Result
-stm32_etzpc_check_memory_access(struct firewall_query *firewall, paddr_t paddr,
-				size_t size, bool read, bool write)
-{
-	struct etzpc_device *etzpc_dev = firewall->firewall_ctrl->priv;
-	enum etzpc_decprot_attributes attr_req = ETZPC_DECPROT_MAX;
-	paddr_t tzma_base = 0;
-	size_t tzma_size = 0;
-	size_t prot_size = 0;
-	uint32_t id = 0;
-
-	if (!firewall || firewall->arg_count != 2)
-		return TEE_ERROR_BAD_PARAMETERS;
-
-	id = firewall->args[0];
-	attr_req = firewall->args[1];
-	if (!(id == ETZPC_TZMA0_ID || id == ETZPC_TZMA1_ID))
-		return TEE_ERROR_BAD_PARAMETERS;
-
-	tzma_base = id == ETZPC_TZMA0_ID ? ROM_BASE : SYSRAM_BASE;
-	tzma_size = id == ETZPC_TZMA0_ID ? ROM_SIZE : SYSRAM_SIZE;
-	prot_size = etzpc_do_get_tzma(etzpc_dev, id == ETZPC_TZMA0_ID ? 0 : 1) *
-		    SMALL_PAGE_SIZE;
-
-	DMSG("Checking access for TZMA%u, secured from %"PRIxPA" to %"PRIxPA,
-	     id == ETZPC_TZMA0_ID ? 0 : 1, tzma_base, tzma_base + prot_size);
-
-	if (core_is_buffer_inside(paddr, size, tzma_base, prot_size) &&
-	    (attr_req == ETZPC_DECPROT_S_RW ||
-	     (attr_req == ETZPC_DECPROT_NS_R_S_W && write)))
-		return TEE_SUCCESS;
-
-	if (core_is_buffer_inside(paddr, size, tzma_base + prot_size,
-				  tzma_size - prot_size) &&
-	    (attr_req == ETZPC_DECPROT_NS_RW ||
-	     (attr_req == ETZPC_DECPROT_NS_R_S_W && read)))
-		return TEE_SUCCESS;
-
-	return TEE_ERROR_ACCESS_DENIED;
-}
-
 static TEE_Result
 stm32_etzpc_acquire_memory_access(struct firewall_query *firewall,
 				  paddr_t paddr, size_t size,
@@ -472,24 +456,27 @@ static TEE_Result stm32_etzpc_configure(struct firewall_query *firewall)
 	FMSG("Setting firewall configuration for peripheral ID: %u", id);
 
 	if (id < etzpc_dev->ddata->num_per_sec) {
+		uint32_t mode = 0;
+
 		/*
 		 * Peripheral configuration, we assume the configuration is as
 		 * follows:
 		 * firewall->args[0]: Firewall ID
-		 * firewall->args[1]: One of etzpc_decprot_attributes
+		 * firewall->args[1]: Firewall configuration to apply
 		 */
 
-		attr = firewall->args[1];
-
-		if (firewall->args[1] >= ETZPC_DECPROT_MAX)
-			return TEE_ERROR_BAD_PARAMETERS;
+		mode = (firewall->args[1] >> ETZPC_MODE_SHIFT) &
+		       ETZPC_MODE_MASK;
+		attr = etzpc_binding2decprot(mode);
 
 		if (is_decprot_locked(etzpc_dev, id)) {
 			EMSG("Peripheral configuration locked");
 			return TEE_ERROR_ACCESS_DENIED;
 		}
 
 		etzpc_do_configure_decprot(etzpc_dev, id, attr);
+		if (firewall->args[1] & ETZPC_LOCK_MASK)
+			etzpc_do_lock_decprot(etzpc_dev, id);
 
 		return TEE_SUCCESS;
 	} else if (id == ETZPC_TZMA0_ID || id == ETZPC_TZMA1_ID) {
@@ -518,6 +505,8 @@ static TEE_Result stm32_etzpc_configure(struct firewall_query *firewall)
 			return TEE_ERROR_BAD_PARAMETERS;
 		}
 
+		assert(IS_ALIGNED(firewall->args[1], SMALL_PAGE_SIZE));
+
 		if (is_tzma_locked(etzpc_dev, tzma_id)) {
 			EMSG("TZMA configuration locked");
 			return TEE_ERROR_ACCESS_DENIED;
@@ -659,7 +648,6 @@ static const struct firewall_controller_ops firewall_ops = {
 	.set_conf = stm32_etzpc_configure,
 	.check_access = stm32_etzpc_check_access,
 	.acquire_access = stm32_etzpc_acquire_access,
-	.check_memory_access = stm32_etzpc_check_memory_access,
 	.acquire_memory_access = stm32_etzpc_acquire_memory_access,
 };