1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3 * Copyright (C) 2024, STMicroelectronics
4 */
5
6 #ifndef __DRIVERS_FIREWALL_DEVICE_H
7 #define __DRIVERS_FIREWALL_DEVICE_H
8
9 #include <stdint.h>
10 #include <tee_api.h>
11 #include <types_ext.h>
12 #include <util.h>
13
14 /* Opaque reference to firewall_controller */
15 struct firewall_controller;
16
17 /**
18 * struct firewall_query - Information on a device's firewall.
19 *
20 * @ctrl: Pointer referencing a firewall controller of the device. It is opaque
21 * so a device cannot manipulate the controller's ops or access the controller's
22 * data
23 * @args: Firewall arguments that are implementation dependent
24 * @arg_count: Number of arguments
25 */
26 struct firewall_query {
27 struct firewall_controller *ctrl;
28 uint32_t *args;
29 size_t arg_count;
30 };
31
32 #ifdef CFG_DRIVERS_FIREWALL
33 /**
34 * firewall_dt_get_by_index() - Get the firewall configuration associated to a
35 * given index for a device node.
36 *
37 * @fdt: FDT to work on
38 * @node: Device node to read from
39 * @index: Index of the entry in the property
40 * @out_fw: Firewall query reference
41 *
42 * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match
43 * with a firewall controller or appropriate TEE_Result error code if an
44 * error occurred.
45 */
46 TEE_Result firewall_dt_get_by_index(const void *fdt, int node,
47 unsigned int index,
48 struct firewall_query **out_fw);
49
50 /**
51 * firewall_dt_get_by_name() - Get the firewall configuration associated to a
52 * given name for a device node.
53 *
54 * @fdt: FDT to work on
55 * @node: Device node to read from
56 * @name: Name of the firewall configuration to search for
57 * @out_fw: Firewall query reference
58 *
59 * Returns TEE_SUCCESS on success, TEE_ERROR_ITEM_NOT_FOUND if there's no match
60 * with a firewall controller or appropriate TEE_Result error code if an
61 * error occurred.
62 */
63 TEE_Result firewall_dt_get_by_name(const void *fdt, int node, const char *name,
64 struct firewall_query **out_fw);
65
66 /**
67 * firewall_set_configuration() - Reconfigure the firewall controller associated
68 * to the given firewall configuration with it.
69 *
70 * @fw: Firewall query containing the configuration to set
71 */
72 TEE_Result firewall_set_configuration(struct firewall_query *fw);
73
74 /**
75 * firewall_check_access() - Check if the access is authorized for a consumer
76 * and the given firewall configuration according to the settings of its
77 * firewall controller
78 *
79 * @fw: Firewall query containing the configuration to check against its
80 * firewall controller
81 */
82 TEE_Result firewall_check_access(struct firewall_query *fw);
83
84 /**
85 * firewall_acquire_access() - Check if OP-TEE can access the consumer and
86 * acquire potential resources to allow the access
87 *
88 * @fw: Firewall query containing the configuration to check against its
89 * firewall controller
90 */
91 TEE_Result firewall_acquire_access(struct firewall_query *fw);
92
93 /**
94 * firewall_check_memory_access() - Check if a consumer can access the memory
95 * address range, in read and/or write mode and given the firewall
96 * configuration, against a firewall controller
97 *
98 * @fw: Firewall query containing the configuration to check against its
99 * firewall controller
100 * @paddr: Physical base address of the memory range to check
101 * @size: Size of the memory range to check
102 * @read: If true, check rights for a read access
103 * @write: If true, check rights for a write access
104 */
105 TEE_Result firewall_check_memory_access(struct firewall_query *fw,
106 paddr_t paddr, size_t size, bool read,
107 bool write);
108
109 /**
110 * firewall_acquire_memory_access() - Request OP-TEE access, in read and/or
111 * write mode, to the given memory address range against a firewall controller
112 * and acquire potential resources to allow the access
113 *
114 * @fw: Firewall query containing the configuration to check against its
115 * firewall controller
116 * @paddr: Physical base address of the memory range to check
117 * @size: Size of the memory range to check
118 * @read: Check rights for a read access
119 * @write: Check rights for a write access
120 */
121 TEE_Result firewall_acquire_memory_access(struct firewall_query *fw,
122 paddr_t paddr, size_t size, bool read,
123 bool write);
124
125 /**
126 * firewall_release_access() - Release resources obtained by a call to
127 * firewall_acquire_access()
128 *
129 * @fw: Firewall query containing the configuration to release
130 */
131 void firewall_release_access(struct firewall_query *fw);
132
133 /**
134 * firewall_release_memory_access() - Release resources obtained by a call to
135 * firewall_acquire_memory_access()
136 *
137 * @fw: Firewall configuration to release
138 * @paddr: Physical base address of the memory range to release
139 * @size: Size of the memory range to release
140 * @read: Release rights for read accesses
141 * @write: Release rights for write accesses
142 */
143 void firewall_release_memory_access(struct firewall_query *fw, paddr_t paddr,
144 size_t size, bool read, bool write);
145
146 /**
147 * firewall_set_memory_configuration() - Reconfigure a memory range with
148 * the given firewall configuration
149 *
150 * @fw: Firewall query containing the configuration to set
151 * @paddr: Physical base address of the memory range
152 * @size: Size of the memory range
153 */
154 TEE_Result firewall_set_memory_configuration(struct firewall_query *fw,
155 paddr_t paddr, size_t size);
156
157 /**
158 * firewall_put() - Release a firewall_query structure allocated by
159 * firewall_dt_get_by_index() or firewall_dt_get_by_name()
160 *
161 * @fw: Firewall query to put
162 */
163 void firewall_put(struct firewall_query *fw);
164
165 #else /* CFG_DRIVERS_FIREWALL */
166
167 static inline TEE_Result
firewall_dt_get_by_index(const void * fdt __unused,int node __unused,unsigned int index __unused,struct firewall_query ** out_fw __unused)168 firewall_dt_get_by_index(const void *fdt __unused, int node __unused,
169 unsigned int index __unused,
170 struct firewall_query **out_fw __unused)
171 {
172 return TEE_ERROR_NOT_IMPLEMENTED;
173 }
174
175 static inline TEE_Result
firewall_dt_get_by_name(const void * fdt __unused,int node __unused,const char * name __unused,struct firewall_query ** out_fw __unused)176 firewall_dt_get_by_name(const void *fdt __unused, int node __unused,
177 const char *name __unused,
178 struct firewall_query **out_fw __unused)
179 {
180 return TEE_ERROR_NOT_IMPLEMENTED;
181 }
182
183 static inline TEE_Result
firewall_check_access(struct firewall_query * fw __unused)184 firewall_check_access(struct firewall_query *fw __unused)
185 {
186 return TEE_ERROR_NOT_IMPLEMENTED;
187 }
188
189 static inline TEE_Result
firewall_acquire_access(struct firewall_query * fw __unused)190 firewall_acquire_access(struct firewall_query *fw __unused)
191 {
192 return TEE_ERROR_NOT_IMPLEMENTED;
193 }
194
195 static inline TEE_Result
firewall_check_memory_access(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused,bool read __unused,bool write __unused)196 firewall_check_memory_access(struct firewall_query *fw __unused,
197 paddr_t paddr __unused, size_t size __unused,
198 bool read __unused, bool write __unused)
199 {
200 return TEE_ERROR_NOT_IMPLEMENTED;
201 }
202
203 static inline TEE_Result
firewall_acquire_memory_access(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused,bool read __unused,bool write __unused)204 firewall_acquire_memory_access(struct firewall_query *fw __unused,
205 paddr_t paddr __unused, size_t size __unused,
206 bool read __unused, bool write __unused)
207 {
208 return TEE_ERROR_NOT_IMPLEMENTED;
209 }
210
211 static inline void
firewall_release_access(struct firewall_query * fw __unused)212 firewall_release_access(struct firewall_query *fw __unused)
213 {
214 }
215
216 static inline void
firewall_release_memory_access(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused,bool read __unused,bool write __unused)217 firewall_release_memory_access(struct firewall_query *fw __unused,
218 paddr_t paddr __unused, size_t size __unused,
219 bool read __unused, bool write __unused)
220 {
221 }
222
223 static inline TEE_Result
firewall_set_configuration(struct firewall_query * fw __unused)224 firewall_set_configuration(struct firewall_query *fw __unused)
225 {
226 return TEE_ERROR_NOT_IMPLEMENTED;
227 }
228
229 static inline TEE_Result
firewall_set_memory_configuration(struct firewall_query * fw __unused,paddr_t paddr __unused,size_t size __unused)230 firewall_set_memory_configuration(struct firewall_query *fw __unused,
231 paddr_t paddr __unused, size_t size __unused)
232 {
233 return TEE_ERROR_NOT_IMPLEMENTED;
234 }
235
firewall_put(struct firewall_query * fw __unused)236 static inline void firewall_put(struct firewall_query *fw __unused)
237 {
238 }
239
240 #endif /* CFG_DRIVERS_FIREWALL */
241 #endif /* __DRIVERS_FIREWALL_DEVICE_H */
242