[PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

Krzysztof Kozlowski krzk at kernel.org
Tue Feb 17 12:06:00 PST 2026 

On 17/02/2026 14:12, Gatien CHEVALLIER wrote:
> 
> 
> On 2/13/26 16:06, Krzysztof Kozlowski wrote:
>> On 10/02/2026 10:55, Gatien CHEVALLIER wrote:
>>>>> +  memory-region:
>>>>> +    minItems: 1
>>>>> +    maxItems: 32
>>>>> +    description:
>>>>> +      Phandle to nodes describing memory regions to be configured in the RISAB
>>>>> +      by the trusted domain of at least a RISAB page size.
>>>>> +      These regions cannot overlap. A zone must be within st,mem-map range and
>>>>> +      can be represented by one or more pages.
>>>>> +
>>>>> +  st,mem-map:
>>>>> +    $ref: /schemas/types.yaml#/definitions/uint32-array
>>>>> +    description: Memory address range covered by the RISAB.
>>>>> +    items:
>>>>> +      - description: Memory range base address
>>>>> +      - description: Memory range size
>>>>
>>>> Why do you need this property if you have memory-region already? This
>>>> also should be part of <reg>, although this mixing with memory-region is
>>>> anyway confusing.
>>>>
>>>
>>> The RISAB is a memory firewall peripheral covering internal RAMs. It is
>>> possible to configure multiple memory regions within these RAMs (done by
>>> the Trusted Domain) with security, privilege and compartment isolation.
>>> This peripheral allow 4kBytes page granularity. Each page can hold
>>> different access rights, with 32 pages at most (hence the maxItems: 32).
>>> That is some information that can be added to the documentation.
>>>
>>> Moreover, when a region is delegated to a non-secure privileged
>>> component, this component can configure the privilege level necessary to
>>> access the region.
>>>
>>> This property gives me the opportunity to get the memory range covered
>>> by the RISAB. "reg" here is used to access the actual RISAB registers
>>> holding the configuration.
>>
>> Looks awfully like memory regions still :/
>>
> 
> IIUC the memory-region property references memory regions within
> a reserved memory. Which is not really what I want to describe
> here as I want to get the boundaries of the whole range. The
> memory-region property would be used by the Trusted Domain / kernel
> to get each regions (or only one that represents the whole range) of the
> internal RAM to apply desired access rights to them / use them.
> 
> Describing the memory range using a reserved memory would make the
> kernel exclude this memory range from the normal usage, no?

In general yes, but also depends on the use case/drivers/purpose. I do
not understand why would you mark some memory for generic use by kernel
(so not reserved for specific purpose) and still configure it somehow
for trusted firmware to allow secure read/write access.

If you mark some part of memory as a meaning for TF for secure access,
you already claim it is not a generic memory. Otherwise TF just writes
all over malloced() pages?

> 
> I think declaring a "boundaries" memory region with no usage for the
> kernel wouldn't make sense. The kernel may not be able to access the
> whole memory range.

I don't understand that. reserved-memory is for cases with "no usage for
the kernel", so it would perfectly make sense.

Look what your description said:

"used to protect internal RAMs by applying access"

and

" a trusted domain, or the domain to whom the page configuration has
been delegated,"

so how it is not a dedicated, special memory delegated to specific
devices and/or TF?

Best regards,
Krzysztof

More information about the linux-arm-kernel mailing list