[PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

Gatien CHEVALLIER gatien.chevallier at foss.st.com
Tue Feb 17 05:12:29 PST 2026 


On 2/13/26 16:06, Krzysztof Kozlowski wrote:
> On 10/02/2026 10:55, Gatien CHEVALLIER wrote:
>>>> +  memory-region:
>>>> +    minItems: 1
>>>> +    maxItems: 32
>>>> +    description:
>>>> +      Phandle to nodes describing memory regions to be configured in the RISAB
>>>> +      by the trusted domain of at least a RISAB page size.
>>>> +      These regions cannot overlap. A zone must be within st,mem-map range and
>>>> +      can be represented by one or more pages.
>>>> +
>>>> +  st,mem-map:
>>>> +    $ref: /schemas/types.yaml#/definitions/uint32-array
>>>> +    description: Memory address range covered by the RISAB.
>>>> +    items:
>>>> +      - description: Memory range base address
>>>> +      - description: Memory range size
>>>
>>> Why do you need this property if you have memory-region already? This
>>> also should be part of <reg>, although this mixing with memory-region is
>>> anyway confusing.
>>>
>>
>> The RISAB is a memory firewall peripheral covering internal RAMs. It is
>> possible to configure multiple memory regions within these RAMs (done by
>> the Trusted Domain) with security, privilege and compartment isolation.
>> This peripheral allow 4kBytes page granularity. Each page can hold
>> different access rights, with 32 pages at most (hence the maxItems: 32).
>> That is some information that can be added to the documentation.
>>
>> Moreover, when a region is delegated to a non-secure privileged
>> component, this component can configure the privilege level necessary to
>> access the region.
>>
>> This property gives me the opportunity to get the memory range covered
>> by the RISAB. "reg" here is used to access the actual RISAB registers
>> holding the configuration.
> 
> Looks awfully like memory regions still :/
> 

IIUC the memory-region property references memory regions within
a reserved memory. Which is not really what I want to describe
here as I want to get the boundaries of the whole range. The
memory-region property would be used by the Trusted Domain / kernel
to get each regions (or only one that represents the whole range) of the
internal RAM to apply desired access rights to them / use them.

Describing the memory range using a reserved memory would make the
kernel exclude this memory range from the normal usage, no?

I think declaring a "boundaries" memory region with no usage for the
kernel wouldn't make sense. The kernel may not be able to access the
whole memory range.

>>
>>>> +
>>>> +  st,srwiad:
>>>> +    description:
>>>> +      When set, the trusted domain configures the RISAB to allow secure
>>>> +      read/write data accesses to non-secure blocks and pages. Secure execute
>>>> +      remains illegal.
>>>> +    type: boolean
>>>
>>> Shouldn't this be a property of given block from memory-regions, not
>>> entire RISAB?
>>>
>>
>> It is a global setting for the whole RISAB (in RISAB_CR register) so I
>> think it's fine keeping it at RISAB level.
> 
> And in the next version of your IP? It really feels like description of
> memory region, not the entire device.
> 

Then I would expect it to be part of the page-based configuration and
this property could be constrained to current platforms. Is that fine?

Best regards,
Gatien

> 
> Best regards,
> Krzysztof

More information about the linux-arm-kernel mailing list