Firewall TISCI Description¶
This chapter provides information on Firewall API’s provided by system firmware. There are three firewall API as listed below.
| TISCI Message ID | Message Name | Available in GP | Available in HS-FS |
|---|---|---|---|
| 0x9000 | TISCI_MSG_SET_FWL_REGION | Yes | Yes |
| 0x9001 | TISCI_MSG_GET_FWL_REGION | Yes | Yes |
| 0x9002 | TISCI_MSG_CHANGE_FWL_OWNER | Yes | Yes |
Background Information¶
Each firewall in the system is assigned an owner. Ownership is assigned using Host ID. Only a owner of a firewall can
- Configure the firewall permissions
- Query the firewall permissions
- Transfer the firewall ownership to another owner(host)
Note
For additional firewall information, checkout the Firewall FAQ.
Initial Configuration¶
System firmware configures the firewalls in the following manner on startup.
- DMSC/TIFS internal memories are firewalled. Firewall ownership is assigned to DMSC/TIFS.
- Secure proxy and associated resources required for DMSC/TIFS operation are firewalled. Firewall ownership is assigned to DMSC/TIFS.
- Navss/DMSS resources not used by DMSC/TIFS are firewalled and ownership of the firewalls is assigned to Resource Manager(RM). The intent is that RM programs the firewalls for Navss/DMSS resources based on resource assignment in board configuration.
API Description¶
TISCI Message ID¶
TISCI_MSG_SET_FWL_REGION (0x9000U)
Message to set a firewall region configuration
struct tisci_msg_fwl_set_firewall_region_req
Request for configuring the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Common TI-SCI header |
| fwl_id | u16 | firewall ID in question. fwl_id is defined in the TRM. |
| region | u16 | Region or channel number to set config info. This field is unused in case of a simple firewall and must be initialized to zero. In case of a region based firewall, this field indicates the region in question. (index starting from 0) In case of a channel based firewall, this field indicates the channel in question (index starting from 0) |
| n_permission_regs | u32 | Number of permission registers to set |
| control | u32 | Contents of the firewall CONTROL register to set |
| permissions | u32 | Contents of the firewall PERMISSION register to set |
| start_address | soc_phys_addr_t | Contents of the firewall START_ADDRESS register to set. The address is restricted to 44-bit; otherwise, it returns failure. |
| end_address | soc_phys_addr_t | Contents of the firewall END_ADDRESS register to set. The address is restricted to 44-bit; otherwise, it returns failure. |
struct tisci_msg_fwl_set_firewall_region_resp
Response for configuring the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Generic TISCI message header. ACK response indicates that firewall configuration is succesful. NACK response indicates that the configuration was not performed. |
Note
To enable debug permission for a region, explicitly set the the debug bit in the permissions field of firewall set request
TISCI Message ID¶
TISCI_MSG_GET_FWL_REGION (0x9001U)
Message to get a firewall region configuration
struct tisci_msg_fwl_get_firewall_region_req
Request for retrieving the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Generic TISCI message header. |
| fwl_id | u16 | firewall ID in question. fwl_id is defined in the TRM. |
| region | u16 | Region or channel number to get config info. This field is unused in case of a simple firewall and must be initialized to zero. In case of a region based firewall, this field indicates the region in question (index starting from 0). In case of a channel based firewall, this field indicates the channel in question (index starting from 0). |
| n_permission_regs | u32 | Number of permission registers to retrieve |
struct tisci_msg_fwl_get_firewall_region_resp
Response for retrieving the firewall permissions.
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Generic TISCI message header. An ACK response in the hdr indicates that the message was processed successfully. A NACK response indicates failure to retrieve firewall permissions. |
| fwl_id | u16 | firewall ID requested in the request message. fwl_id is defined in the TRM. |
| region | u16 | Region or channel number to get config info. This field is unused in case of a simple firewall and must be initialized to zero. In case of a region based firewall, this field indicates the region in question. (index starting from 0) In case of a channel based firewall, this field indicates the channel in question (index starting from 0) |
| n_permission_regs | u32 | Number of permission registers retrieved. n_permission_regs is overwritten with number of priv-id slots. If priv-id slots is greater than n_permission_regs then it returns the correct value. |
| control | u32 | Contents of the firewall CONTROL register |
| permissions | u32 | Contents of the firewall PERMISSION registers. Valid values match the n_permission_regs returned values. |
| start_address | soc_phys_addr_t | Contents of the firewall START_ADDRESS register This is not applicable for channelized firewalls. The returned address is restricted to 44-bit. |
| end_address | soc_phys_addr_t | Contents of the firewall END_ADDRESS register This is not applicable for channelized firewalls. The returned address is restricted to 44-bit. |
TISCI_MSG_CHANGE_FWL_OWNER - Change Firewall Owner¶
Usage:
| Message Type | Normal |
| Secure Queue Only? | No |
TISCI Message ID¶
TISCI_MSG_CHANGE_FWL_OWNER (0x9002U)
Message to change firewall region owner
struct tisci_msg_fwl_change_owner_info_req
Request for a change owner operation
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Common TI-SCI header |
| fwl_id | u16 | firewall ID in question |
| region | u16 | Region or channel number if applicable |
| owner_index | u8 | New owner index to transfer ownership to |
struct tisci_msg_fwl_change_owner_info_resp
Response for a change owner operation
| Parameter | Type | Description |
|---|---|---|
| hdr | struct tisci_header | Common TI-SCI header ACK response indicates that change owner operation is succesful. NACK response indicates that change owner operation failed. |
| fwl_id | u16 | firewall ID specified in request |
| region | u16 | Region or channel number specified in request |
| owner_index | u8 | owner index specified in request |
| owner_privid | u8 | new owner priv-ID returned by DMSC. This field is currently initialized to zero by DMSC. |
| owner_permission_bits | u16 | new owner permission bits returned by DMSC. This field is currently initialized to zero by DMSC. |