Removal of firewall_dt_probe_bus() and stm32mp25 firewall bus populate + RNG updates #7021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
etienne-lms
reviewed
Sep 30, 2024
There was a problem hiding this comment.
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> for commits
"drivers: firewall: remove firewall_dt_probe_bus()",
"dts: stm32: declare RIFSC as an access-controller on stm32mp2 platforms",
"drivers: stm32_rifsc: restrain access on non secure peripherals for OP-TEE",
"plat-stm32mp2: conf: default enable CFG_DRIVERS_FIREWALL"
Few minor comments for commits
"drivers: stm32_rng: update clock and power management" and
"drivers: stm32_rifsc: update RIFSC as a firewall controller".
It shouold be ok for me once addressed.
Remove firewall_dt_probe_bus() from the firewall framework as it seems unlikely that we can have a consensual implementation of this feature. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
RIFSC is a firewall controller. Add the access-controllers property to all RIFSC sub-nodes. Also add the "simple-bus" compatible for backward compatibility and "#access-controllers-cells" to the RIFSC node. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Use the new firewall API to populate the firewall bus and register the RIFSC as a firewall provider. While there, update device tree RIF macros and sort them in the correct files. Register bit-field macros should be present in the driver while device tree macros should be present in device tree bindings files. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
…P-TEE Implement a driver specific firewall bus probe that will only probe secure peripherals and implement firewall exceptions for which no firewall operations will be done when CFG_INSECURE is set. This allows, for example, to share a console with the non-secure world for development purposes. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable the support of the firewall framework. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Better handle clock and reset resources by implementing enable_rng_clock()/disable_rng_clock(). Do not implement a PM callback if OP-TEE runs with a software RNG. Finally, implement shared resource management only for stm32mp15x platforms as it is not used on other platforms. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Add the RNG node in the stm32mp251 SoC device tree file and default enable it. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
|
Comments addressed |
etienne-lms
reviewed
Sep 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remove firewall_dt_probe_bus() from the firewall framework as it seems unlikely that we can have a consensual implementation of this feature for every vendor.
This P-R adds the probing of peripherals under the RIFSC firewall bus. This means that from now on, access on peripherals when probing the RIFSC will be filtered to catch any firewall inconsistencies. In case the peripheral is shared between different context, the RIF semaphore is acquired, if available.
Also update the RNG to better handle the different platforms, pm and RCC resources.