Firewall TISCI Description¶
This chapter provides information on Firewall API’s provided by system firmware. There are three firewall API as listed below.
| TISCI Message ID | Message Name |
|---|---|
| 0x9000 | TISCI_MSG_SET_FWL_REGION. |
| 0x9001 | TISCI_MSG_GET_FWL_REGION. |
| 0x9002 | TISCI_MSG_CHANGE_FWL_OWNER. |
Background Information¶
Each firewall in the system is assigned an owner. Ownership is assigned using Host ID. Only a owner of a firewall can
- Configure the firewall permissions
- Query the firewall permissions
- Transfer the firewall ownership to another owner(host)
Initial Configuration¶
System firmware configures the firewalls in the following manner on startup.
- DMSC internal memories are firewalled. Firewall ownership is assigned to DMSC.
- Secure proxy and associated resources required for DMSC operation are firewalled. Firewall ownership is assigned to DMSC.
- All Navss resources not used by DMSC are firewalled and ownership of the firewalls is assigned to Resource Manager(RM). The intent is that RM programs the firewalls for Navss resources based on resource assignment in board configuration.
API Description¶
TISCI Message ID¶
TISCI_MSG_SET_FWL_REGION (0x9000U)
Message to set a firewall region configuration
struct tisci_msg_fwl_set_firewall_region_req
Request for configuring the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Common TI-SCI header |
| fwl_id | u16 | firewall ID in question. fwl_id is defined in the TRM. |
| region | u16 | Region or channel number to set config info This field is unused in case of a simple firewall and must be initialized to zero. In case of a region based firewall, this field indicates the region in question. (index starting from 0) In case of a channel based firewall, this field indicates the channel in question (index starting from 0) |
| n_permission_regs | u32 | Number of permission registers to set |
| control | u32 | Contents of the firewall CONTROL register to set |
| permissions | u32 | Contents of the firewall PERMISSION register to set |
| start_address | soc_phys_addr_t | Contents of the firewall START_ADDRESS register to set |
| end_address | soc_phys_addr_t | Contents of the firewall END_ADDRESS register to set |
struct tisci_msg_fwl_set_firewall_region_resp
Response for configuring the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Generic TISCI message header. ACK response indicates that firewall configuration is succesful. NACK response indicates that the configuration was not performed. |
TISCI Message ID¶
TISCI_MSG_GET_FWL_REGION (0x9001U)
Message to get a firewall region configuration
struct tisci_msg_fwl_get_firewall_region_req
Request for retrieving the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Generic TISCI message header. |
| fwl_id | u16 | firewall ID in question. fwl_id is defined in the TRM. |
| region | u16 | Region or channel number to set config info |
| n_permission_regs | u32 | Number of permission registers to retrieve |
This field is unused in case of a simple firewall and must be initialized to zero. In case of a region based firewall, this field indicates the region in question (index starting from 0). In case of a channel based firewall, this field indicates the channel in question (index starting from 0).
struct tisci_msg_fwl_get_firewall_region_resp
Response for retrieving the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Generic TISCI message header. A ACK response in the hdr indicates that the message was processed. successfully. A NACK response indicates failure to retrieve firewall permissions. |
| fwl_id | u16 | firewall ID in question. fwl_id is defined in the TRM. |
| region | u16 | Region or channel number to set config info This field is unused in case of a simple firewall and must be initialized to zero. In case of a region based firewall, this field indicates the region in question. (index starting from 0) In case of a channel based firewall, this field indicates the channel in question (index starting from 0) |
| n_permission_regs | u32 | Number of permission registers retrieved |
| control | u32 | Contents of the firewall CONTROL register |
| permissions | u32 | Contents of the firewall PERMISSION registers |
| start_address | soc_phys_addr_t | Contents of the firewall START_ADDRESS register This is not applicable for channelized firewalls. |
| end_address | soc_phys_addr_t | Contents of the firewall END_ADDRESS register This is not applicable for channelized firewalls. |
TISCI_MSG_CHANGE_FWL_OWNER - Change Firewall Owner¶
Usage:
| Message Type | Normal |
| Secure Queue Only? | No |
TISCI Message ID¶
TISCI_MSG_CHANGE_FWL_OWNER (0x9002U)
Message to change firewall region owner
struct tisci_msg_fwl_change_owner_info_req
Request for a change owner operation
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Common TI-SCI header |
| fwl_id | u16 | firewall ID in question |
| region | u16 | Region or channel number if applicable |
| owner_index | u8 | New owner index to transfer ownership to |
struct tisci_msg_fwl_change_owner_info_resp
Response for a change owner operation
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Common TI-SCI header ACK response indicates that change owner operation is succesful. NACK response indicates that change owner operation failed. |
| fwl_id | u16 | firewall ID specified in request |
| region | u16 | Region or channel number specified in request |
| owner_index | u8 | owner index specified in request |
| owner_privid | u8 | new owner priv-ID returned by DMSC. This field is currently initialized to zero by DMSC. |
| owner_permission_bits | u16 | new owner permission bits returned by DMSC. This field is currently initialized to zero by DMSC. |