Add TZC400 device tree bindings + configure STM32 TZC400 using the device tree on stm32mp1 platforms #7064
Conversation
|
Hi @GseoC , may I know why the permissions are embedded in Another way is to embed them into &tzc400 {
- memory-region = <&optee_framebuffer>;
+ memory-region = <&optee_framebuffer DT_TZC_REGION_S_RDWR 0>;
};Any special consideration for this ? Thanks! |
Hi @gagachang, I cannot do this because the memory-region dt-bindings file states that the content of the property is a phandle array : memory region YAML. Each phandle is a /reserved-memory child node assigned to the device. For now I have to use a proprietary property- but I hope that I'll be able to soon use a generic one that is a variant of |
|
Hi @GseoC , Thanks for information!
I am trying to understand the
I saw your #7066. Is + &etzpc {
+ st,decprot =
+ <&etzpc DECPROT(STM32MP1_ETZPC_USART1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_SPI6_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_I2C4_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_I2C6_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_RNG1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_HASH1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_CRYP1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_DDRCTRL_ID, DECPROT_NS_R_S_W, DECPROT_LOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_DDRPHYC_ID, DECPROT_NS_R_S_W, DECPROT_LOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_STGENC_ID, DECPROT_S_RW, DECPROT_LOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_BKPSRAM_ID, DECPROT_S_RW, DECPROT_LOCK)>,
+ <&etzpc DECPROT(STM32MP1_ETZPC_IWDG1_ID, DECPROT_S_RW, DECPROT_LOCK)>;
+ }; |
The As for the firewall configuration, for now, there's no way to describe a firewall controller configuration with a generic property. Hence my effort on the above linux patch.
The |
(STM32 use-case) For our platforms, we may need to perform some firewall operations before using a peripheral to be able to access it. See in |
|
Thank you @GseoC ! |
|
|
||
| #define TZC_REGION_NSEC_ALL_ACCESS_RDWR \ | ||
| (TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | \ | ||
| TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) | \ |
There was a problem hiding this comment.
Could you use the same order as for lines 10 to 20?
Good to hear that we share that need, it makes more sense to find a proper generic solution. @gagachang, I'll send another version of the other linux patch soon. Do you want to be put as To/CC of the patch so you can give your opinion or state that you may be interested in it? |
Sure! Please CC that patch to my email: |
|
Comments addressed. |
|
Comments addressed |
|
@etienne-lms, any more comments? |
| if (reg_exclude->base == reg->region.base && | ||
| reg_exclude->top == reg->region.top) { | ||
| /* Remove this entry */ | ||
| SLIST_REMOVE(&nsec_region_list, reg, tzc_region_non_sec, link); |
There was a problem hiding this comment.
I'm changing to SLIST_FOREACH_SAFE above then.
There was a problem hiding this comment.
Actually sorry, there's no need as the free occurs outside the loop. I'm reverting this change
|
Comments addressed and squashed |
There was a problem hiding this comment.
Reviewed-by: Etienne Carriere <[email protected]> with below comment addressed. Other checkpatch reports are false positive related to trace message instruction exceeding 80char/line.
The other CI test errors are due to https://xenbits.xen.org/git-http/xen.git not responding. Likely a temporary issue in Xen repositories server.
| { | ||
| TEE_Result res = TEE_SUCCESS; | ||
| unsigned int index = 0; | ||
| index = tzc_dev->nb_reg_used; |
There was a problem hiding this comment.
Reported by checkpatch:
unsigned int index = 0;
+
index = tzc_dev->nb_reg_used;or
unsigned int index = tzc_dev->nb_reg_used;
For added flexibility, the TZC400 configuration could be set through the device tree. Add macros to be able to do so. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add stm32 specific peripheral IDs for the TZC400 configuration. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add the TZC400 node in the stm32mp151 SoC device tree file and default enable it. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add the usage of device tree memory regions defined to configure the TZC400 firewall controller. Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Add support for the TZC400 configuration for the optee_framebuffer memory region on the stm32mp135f-dk board Signed-off-by: Gatien Chevallier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
|
Comment addressed and tags applied, thanks |
This P-R adds a device tree binding file to be able to describe the TZC400 memory regions with their firewall attributes configuration in the device tree.
Refactor the stm32 platform TZC400 driver to support this feature and add the DT configuration of a memory region on the stm32mp135f-dk platform.
Note: I tried to make a generic TZC400 binding file so that it can be used by other platforms, let me know what you think of it. These "bindings" are more like macros to be used in the DT.