Core: Add a firewall framework + stm32 use case #6816
Commits on May 14, 2024
-
core: firewall: add firewall framework
Add a generic firewall controller framework. The goal of this framework is to offer access control and configuration APIs, that are implemented in the firewall controllers drivers, to the firewall consumers. This framework requires an embedded device tree. A firewall controller is an access controller [1]. It should register itself as a provider to the framework. Firewall controllers have the possibility to populate their bus according to defined firewall accesses defined in the "access-controllers" property in each of the device's node. Any device that consumes one or more firewall should refer it/them in their "access-controllers" property. Arguments can be passed along with the phandle of the firewall controller(s). Link: https://patchwork.kernel.org/project/linux-media/patch/20240105130404.301172-2-gatien.chevallier@foss.st.com/ [1] Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
-
dt-bindings: add platform specific ETZPC bindings
Define ETZPC bindings for STM32MP15 and STM32MP13 and add these header files into the stm32mp_dt_bindings helper. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
-
dts: stm32: add the ETZPC configuration table for stm32mp1x boards
Add the default tables defining the firewall configuration that will be set at boot time. STGENC and IWDG1 are set to secure on stm32mp157x-scmi boards, non-secure otherwise. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
-
drivers: stm32_etzpc: update driver to set ETZPC configuration from DT
Remove old implementation where the ETZPC configuration was a hard coded table in the shared resources file and use the device tree to get it. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
-
dts: stm32: define ETZPC as an access controller for stm32mp15 boards
ETZPC is a firewall controller. Add the access-controllers property to all ETZPC sub-nodes. Also add the "simple-bus" compatible for backward compatibility and "#access-controllers-cells" to the ETZPC node. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: Iae9e4f96e9cad26ef69038b41ba72f7155003cfc
-
dts: stm32: define ETZPC as an access controller for stm32mp13 boards
ETZPC is a firewall controller. Add the access-controllers property to all ETZPC sub-nodes. Also add the "simple-bus" compatible for backward compatibility and "#access-controllers-cells" to the ETZPC node. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
-
plat-stm32mp1: default enable CFG_DRIVERS_FIREWALL
Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable the support of the firewall framework. On this platform, only the ETZPC is a firewall controller for now. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
-
drivers: stm32_etzpc: new driver to use firewall API
Implement stm32_etzpc.c driver in the firewall driver directory. Use the new firewall API to populate the firewall bus and register the ETZPC as a firewall provider. The ETZPC driver register the following ops: -set_conf -check_access -acquire_access -acquire_memory_access Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.