1*7d0873ebSEmmanuel Vadot# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2*7d0873ebSEmmanuel Vadot%YAML 1.2 3*7d0873ebSEmmanuel Vadot--- 4*7d0873ebSEmmanuel Vadot$id: http://devicetree.org/schemas/bus/st,stm32mp25-rifsc.yaml# 5*7d0873ebSEmmanuel Vadot$schema: http://devicetree.org/meta-schemas/core.yaml# 6*7d0873ebSEmmanuel Vadot 7*7d0873ebSEmmanuel Vadottitle: STM32 Resource isolation framework security controller 8*7d0873ebSEmmanuel Vadot 9*7d0873ebSEmmanuel Vadotmaintainers: 10*7d0873ebSEmmanuel Vadot - Gatien Chevallier <gatien.chevallier@foss.st.com> 11*7d0873ebSEmmanuel Vadot 12*7d0873ebSEmmanuel Vadotdescription: | 13*7d0873ebSEmmanuel Vadot Resource isolation framework (RIF) is a comprehensive set of hardware blocks 14*7d0873ebSEmmanuel Vadot designed to enforce and manage isolation of STM32 hardware resources like 15*7d0873ebSEmmanuel Vadot memory and peripherals. 16*7d0873ebSEmmanuel Vadot 17*7d0873ebSEmmanuel Vadot The RIFSC (RIF security controller) is composed of three sets of registers, 18*7d0873ebSEmmanuel Vadot each managing a specific set of hardware resources: 19*7d0873ebSEmmanuel Vadot - RISC registers associated with RISUP logic (resource isolation device unit 20*7d0873ebSEmmanuel Vadot for peripherals), assign all non-RIF aware peripherals to zero, one or 21*7d0873ebSEmmanuel Vadot any security domains (secure, privilege, compartment). 22*7d0873ebSEmmanuel Vadot - RIMC registers: associated with RIMU logic (resource isolation master 23*7d0873ebSEmmanuel Vadot unit), assign all non RIF-aware bus master to one security domain by 24*7d0873ebSEmmanuel Vadot setting secure, privileged and compartment information on the system bus. 25*7d0873ebSEmmanuel Vadot Alternatively, the RISUP logic controlling the device port access to a 26*7d0873ebSEmmanuel Vadot peripheral can assign target bus attributes to this peripheral master port 27*7d0873ebSEmmanuel Vadot (supported attribute: CID). 28*7d0873ebSEmmanuel Vadot - RISC registers associated with RISAL logic (resource isolation device unit 29*7d0873ebSEmmanuel Vadot for address space - Lite version), assign address space subregions to one 30*7d0873ebSEmmanuel Vadot security domains (secure, privilege, compartment). 31*7d0873ebSEmmanuel Vadot 32*7d0873ebSEmmanuel Vadotselect: 33*7d0873ebSEmmanuel Vadot properties: 34*7d0873ebSEmmanuel Vadot compatible: 35*7d0873ebSEmmanuel Vadot contains: 36*7d0873ebSEmmanuel Vadot const: st,stm32mp25-rifsc 37*7d0873ebSEmmanuel Vadot required: 38*7d0873ebSEmmanuel Vadot - compatible 39*7d0873ebSEmmanuel Vadot 40*7d0873ebSEmmanuel Vadotproperties: 41*7d0873ebSEmmanuel Vadot compatible: 42*7d0873ebSEmmanuel Vadot items: 43*7d0873ebSEmmanuel Vadot - const: st,stm32mp25-rifsc 44*7d0873ebSEmmanuel Vadot - const: simple-bus 45*7d0873ebSEmmanuel Vadot 46*7d0873ebSEmmanuel Vadot reg: 47*7d0873ebSEmmanuel Vadot maxItems: 1 48*7d0873ebSEmmanuel Vadot 49*7d0873ebSEmmanuel Vadot "#address-cells": 50*7d0873ebSEmmanuel Vadot const: 1 51*7d0873ebSEmmanuel Vadot 52*7d0873ebSEmmanuel Vadot "#size-cells": 53*7d0873ebSEmmanuel Vadot const: 1 54*7d0873ebSEmmanuel Vadot 55*7d0873ebSEmmanuel Vadot ranges: true 56*7d0873ebSEmmanuel Vadot 57*7d0873ebSEmmanuel Vadot "#access-controller-cells": 58*7d0873ebSEmmanuel Vadot const: 1 59*7d0873ebSEmmanuel Vadot description: 60*7d0873ebSEmmanuel Vadot Contains the firewall ID associated to the peripheral. 61*7d0873ebSEmmanuel Vadot 62*7d0873ebSEmmanuel VadotpatternProperties: 63*7d0873ebSEmmanuel Vadot "^.*@[0-9a-f]+$": 64*7d0873ebSEmmanuel Vadot description: Peripherals 65*7d0873ebSEmmanuel Vadot type: object 66*7d0873ebSEmmanuel Vadot 67*7d0873ebSEmmanuel Vadot additionalProperties: true 68*7d0873ebSEmmanuel Vadot 69*7d0873ebSEmmanuel Vadot required: 70*7d0873ebSEmmanuel Vadot - access-controllers 71*7d0873ebSEmmanuel Vadot 72*7d0873ebSEmmanuel Vadotrequired: 73*7d0873ebSEmmanuel Vadot - compatible 74*7d0873ebSEmmanuel Vadot - reg 75*7d0873ebSEmmanuel Vadot - "#address-cells" 76*7d0873ebSEmmanuel Vadot - "#size-cells" 77*7d0873ebSEmmanuel Vadot - "#access-controller-cells" 78*7d0873ebSEmmanuel Vadot - ranges 79*7d0873ebSEmmanuel Vadot 80*7d0873ebSEmmanuel VadotadditionalProperties: false 81*7d0873ebSEmmanuel Vadot 82*7d0873ebSEmmanuel Vadotexamples: 83*7d0873ebSEmmanuel Vadot - | 84*7d0873ebSEmmanuel Vadot // In this example, the usart2 device refers to rifsc as its domain 85*7d0873ebSEmmanuel Vadot // controller. 86*7d0873ebSEmmanuel Vadot // Access rights are verified before creating devices. 87*7d0873ebSEmmanuel Vadot 88*7d0873ebSEmmanuel Vadot #include <dt-bindings/interrupt-controller/arm-gic.h> 89*7d0873ebSEmmanuel Vadot 90*7d0873ebSEmmanuel Vadot rifsc: bus@42080000 { 91*7d0873ebSEmmanuel Vadot compatible = "st,stm32mp25-rifsc", "simple-bus"; 92*7d0873ebSEmmanuel Vadot reg = <0x42080000 0x1000>; 93*7d0873ebSEmmanuel Vadot #address-cells = <1>; 94*7d0873ebSEmmanuel Vadot #size-cells = <1>; 95*7d0873ebSEmmanuel Vadot #access-controller-cells = <1>; 96*7d0873ebSEmmanuel Vadot ranges; 97*7d0873ebSEmmanuel Vadot 98*7d0873ebSEmmanuel Vadot usart2: serial@400e0000 { 99*7d0873ebSEmmanuel Vadot compatible = "st,stm32h7-uart"; 100*7d0873ebSEmmanuel Vadot reg = <0x400e0000 0x400>; 101*7d0873ebSEmmanuel Vadot interrupts = <GIC_SPI 115 IRQ_TYPE_LEVEL_HIGH>; 102*7d0873ebSEmmanuel Vadot clocks = <&ck_flexgen_08>; 103*7d0873ebSEmmanuel Vadot access-controllers = <&rifsc 32>; 104*7d0873ebSEmmanuel Vadot }; 105*7d0873ebSEmmanuel Vadot }; 106