soc: st: add RISAB dump debug driver.

[PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

Posted by Gatien Chevallier 1 day, 1 hour ago

Add documentation on the RISAB peripheral that is a memory firewall on
the stm32mp2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
---
 .../bindings/soc/st/st,stm32mp25-risab.yaml        | 74 ++++++++++++++++++++++
 MAINTAINERS                                        |  5 ++
 2 files changed, 79 insertions(+)

diff --git a/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml b/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml
new file mode 100644
index 000000000000..d05a683c594d
--- /dev/null
+++ b/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml
@@ -0,0 +1,74 @@
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/soc/st/st,stm32mp25-risab.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: STM32 Resource isolation peripheral unit for address space protection
+       (block-based)
+
+maintainers:
+  - Gatien Chevallier <gatien.chevallier@foss.st.com>
+
+description:
+  The RIF (resource isolation framework) is a comprehensive set of hardware
+  blocks designed to enforce and manage isolation of STM32 hardware resources,
+  like memory and peripherals. The RISAB peripheral is part of the RIF and is
+  used to protect internal RAMs by applying access rights per RISAB fixed-size
+  page. Through RISAB registers, a trusted domain, or the domain to whom the
+  page configuration has been delegated, assigns memory pages to one or more
+  security domains (secure, privilege, compartment).
+
+properties:
+  compatible:
+    const: st,stm32mp25-risab
+
+  reg:
+    maxItems: 1
+
+  clocks:
+    items:
+      - description: RISAB bus clock
+
+  memory-region:
+    minItems: 1
+    maxItems: 32
+    description:
+      Phandle to nodes describing memory regions to be configured in the RISAB
+      by the trusted domain of at least a RISAB page size.
+      These regions cannot overlap. A zone must be within st,mem-map range and
+      can be represented by one or more pages.
+
+  st,mem-map:
+    $ref: /schemas/types.yaml#/definitions/uint32-array
+    description: Memory address range covered by the RISAB.
+    items:
+      - description: Memory range base address
+      - description: Memory range size
+
+  st,srwiad:
+    description:
+      When set, the trusted domain configures the RISAB to allow secure
+      read/write data accesses to non-secure blocks and pages. Secure execute
+      remains illegal.
+    type: boolean
+
+required:
+  - compatible
+  - reg
+  - clocks
+  - st,mem-map
+
+additionalProperties: false
+
+examples:
+  - |
+    #include <dt-bindings/clock/st,stm32mp25-rcc.h>
+
+    risab1: risab@420f0000 {
+        compatible = "st,stm32mp25-risab";
+        reg = <0x420f0000 0x1000>;
+        clocks = <&rcc CK_ICN_LS_MCU>;
+        st,mem-map = <0xa000000 0x20000>;
+        st,srwiad;
+    };
diff --git a/MAINTAINERS b/MAINTAINERS
index e08767323763..b9a1276e94a9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -25092,6 +25092,11 @@ F:	Documentation/arch/arm/stm32/stm32-dma-mdma-chaining.rst
 F:	Documentation/devicetree/bindings/dma/stm32/
 F:	drivers/dma/stm32/
 
+STM32 SoC FIREWALL DRIVERS
+M:	Gatien Chevallier <gatien.chevallier@foss.st.com>
+S:	Maintained
+F:	Documentation/devicetree/bindings/soc/st/*risa*
+
 STM32 TIMER/LPTIMER DRIVERS
 M:	Fabrice Gasnier <fabrice.gasnier@foss.st.com>
 S:	Maintained

-- 
2.43.0

Re: [PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

Posted by Krzysztof Kozlowski 8 hours ago

On 09/02/2026 15:59, Gatien Chevallier wrote:
> Add documentation on the RISAB peripheral that is a memory firewall on

What is RISAB? It's in capitals, so some sort of acronym?

> the stm32mp2x platforms.
> 
> Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
> ---
>  .../bindings/soc/st/st,stm32mp25-risab.yaml        | 74 ++++++++++++++++++++++

soc is not a dumping ground. Find suitable subsystem for it.


>  MAINTAINERS                                        |  5 ++
>  2 files changed, 79 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml b/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml
> new file mode 100644
> index 000000000000..d05a683c594d
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml
> @@ -0,0 +1,74 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/soc/st/st,stm32mp25-risab.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: STM32 Resource isolation peripheral unit for address space protection
> +       (block-based)

So maybe here would be RISAB explanation... Use proper capital lettes in
the title (e.g. AP or Chicago style, I don't think we do any preference
or consistency, especially that most of us including myself don't even
know the difference).

> +
> +maintainers:
> +  - Gatien Chevallier <gatien.chevallier@foss.st.com>
> +
> +description:
> +  The RIF (resource isolation framework) is a comprehensive set of hardware
> +  blocks designed to enforce and manage isolation of STM32 hardware resources,
> +  like memory and peripherals. The RISAB peripheral is part of the RIF and is
> +  used to protect internal RAMs by applying access rights per RISAB fixed-size
> +  page. Through RISAB registers, a trusted domain, or the domain to whom the
> +  page configuration has been delegated, assigns memory pages to one or more
> +  security domains (secure, privilege, compartment).
> +
> +properties:
> +  compatible:
> +    const: st,stm32mp25-risab
> +
> +  reg:
> +    maxItems: 1
> +
> +  clocks:
> +    items:
> +      - description: RISAB bus clock
> +
> +  memory-region:
> +    minItems: 1
> +    maxItems: 32
> +    description:
> +      Phandle to nodes describing memory regions to be configured in the RISAB
> +      by the trusted domain of at least a RISAB page size.
> +      These regions cannot overlap. A zone must be within st,mem-map range and
> +      can be represented by one or more pages.
> +
> +  st,mem-map:
> +    $ref: /schemas/types.yaml#/definitions/uint32-array
> +    description: Memory address range covered by the RISAB.
> +    items:
> +      - description: Memory range base address
> +      - description: Memory range size

Why do you need this property if you have memory-region already? This
also should be part of <reg>, although this mixing with memory-region is
anyway confusing.

> +
> +  st,srwiad:
> +    description:
> +      When set, the trusted domain configures the RISAB to allow secure
> +      read/write data accesses to non-secure blocks and pages. Secure execute
> +      remains illegal.
> +    type: boolean

Shouldn't this be a property of given block from memory-regions, not
entire RISAB?

> +
> +required:
> +  - compatible
> +  - reg
> +  - clocks
> +  - st,mem-map
> +
> +additionalProperties: false
> +
> +examples:
> +  - |
> +    #include <dt-bindings/clock/st,stm32mp25-rcc.h>
> +
> +    risab1: risab@420f0000 {

Drop unused label.

> +        compatible = "st,stm32mp25-risab";
> +        reg = <0x420f0000 0x1000>;
> +        clocks = <&rcc CK_ICN_LS_MCU>;
> +        st,mem-map = <0xa000000 0x20000>;
> +        st,srwiad;
> +    };
> diff --git a/MAINTAINERS b/MAINTAINERS
> index e08767323763..b9a1276e94a9 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -25092,6 +25092,11 @@ F:	Documentation/arch/arm/stm32/stm32-dma-mdma-chaining.rst
>  F:	Documentation/devicetree/bindings/dma/stm32/
>  F:	drivers/dma/stm32/
>  
> +STM32 SoC FIREWALL DRIVERS

s/SoC/SOC/


Best regards,
Krzysztof

Re: [PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

Posted by Gatien CHEVALLIER 6 hours ago


On 2/10/26 08:57, Krzysztof Kozlowski wrote:
> On 09/02/2026 15:59, Gatien Chevallier wrote:
>> Add documentation on the RISAB peripheral that is a memory firewall on
> 
> What is RISAB? It's in capitals, so some sort of acronym?
> 

I'll add a small description as well in the commit message to justify
the acronym.

>> the stm32mp2x platforms.
>>
>> Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
>> ---
>>   .../bindings/soc/st/st,stm32mp25-risab.yaml        | 74 ++++++++++++++++++++++
> 
> soc is not a dumping ground. Find suitable subsystem for it.
> 

Considering the RISAB filters bus accesses, I guess its place
is next to the RIFSC in drivers/bus. Plus, all stm32 firewalls
would be located at the same spot.

> 
>>   MAINTAINERS                                        |  5 ++
>>   2 files changed, 79 insertions(+)
>>
>> diff --git a/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml b/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml
>> new file mode 100644
>> index 000000000000..d05a683c594d
>> --- /dev/null
>> +++ b/Documentation/devicetree/bindings/soc/st/st,stm32mp25-risab.yaml
>> @@ -0,0 +1,74 @@
>> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
>> +%YAML 1.2
>> +---
>> +$id: http://devicetree.org/schemas/soc/st/st,stm32mp25-risab.yaml#
>> +$schema: http://devicetree.org/meta-schemas/core.yaml#
>> +
>> +title: STM32 Resource isolation peripheral unit for address space protection
>> +       (block-based)
> 
> So maybe here would be RISAB explanation... Use proper capital lettes in
> the title (e.g. AP or Chicago style, I don't think we do any preference
> or consistency, especially that most of us including myself don't even
> know the difference).
> 

It is the non-acronym version. Very well, I will change that for V2.

>> +
>> +maintainers:
>> +  - Gatien Chevallier <gatien.chevallier@foss.st.com>
>> +
>> +description:
>> +  The RIF (resource isolation framework) is a comprehensive set of hardware
>> +  blocks designed to enforce and manage isolation of STM32 hardware resources,
>> +  like memory and peripherals. The RISAB peripheral is part of the RIF and is
>> +  used to protect internal RAMs by applying access rights per RISAB fixed-size
>> +  page. Through RISAB registers, a trusted domain, or the domain to whom the
>> +  page configuration has been delegated, assigns memory pages to one or more
>> +  security domains (secure, privilege, compartment).
>> +
>> +properties:
>> +  compatible:
>> +    const: st,stm32mp25-risab
>> +
>> +  reg:
>> +    maxItems: 1
>> +
>> +  clocks:
>> +    items:
>> +      - description: RISAB bus clock
>> +
>> +  memory-region:
>> +    minItems: 1
>> +    maxItems: 32
>> +    description:
>> +      Phandle to nodes describing memory regions to be configured in the RISAB
>> +      by the trusted domain of at least a RISAB page size.
>> +      These regions cannot overlap. A zone must be within st,mem-map range and
>> +      can be represented by one or more pages.
>> +
>> +  st,mem-map:
>> +    $ref: /schemas/types.yaml#/definitions/uint32-array
>> +    description: Memory address range covered by the RISAB.
>> +    items:
>> +      - description: Memory range base address
>> +      - description: Memory range size
> 
> Why do you need this property if you have memory-region already? This
> also should be part of <reg>, although this mixing with memory-region is
> anyway confusing.
> 

The RISAB is a memory firewall peripheral covering internal RAMs. It is
possible to configure multiple memory regions within these RAMs (done by
the Trusted Domain) with security, privilege and compartment isolation.
This peripheral allow 4kBytes page granularity. Each page can hold
different access rights, with 32 pages at most (hence the maxItems: 32).
That is some information that can be added to the documentation.

Moreover, when a region is delegated to a non-secure privileged
component, this component can configure the privilege level necessary to
access the region.

This property gives me the opportunity to get the memory range covered
by the RISAB. "reg" here is used to access the actual RISAB registers
holding the configuration.

>> +
>> +  st,srwiad:
>> +    description:
>> +      When set, the trusted domain configures the RISAB to allow secure
>> +      read/write data accesses to non-secure blocks and pages. Secure execute
>> +      remains illegal.
>> +    type: boolean
> 
> Shouldn't this be a property of given block from memory-regions, not
> entire RISAB?
> 

It is a global setting for the whole RISAB (in RISAB_CR register) so I
think it's fine keeping it at RISAB level.

>> +
>> +required:
>> +  - compatible
>> +  - reg
>> +  - clocks
>> +  - st,mem-map
>> +
>> +additionalProperties: false
>> +
>> +examples:
>> +  - |
>> +    #include <dt-bindings/clock/st,stm32mp25-rcc.h>
>> +
>> +    risab1: risab@420f0000 {
> 
> Drop unused label.
> 

Ack

Thanks,
Gatien

>> +        compatible = "st,stm32mp25-risab";
>> +        reg = <0x420f0000 0x1000>;
>> +        clocks = <&rcc CK_ICN_LS_MCU>;
>> +        st,mem-map = <0xa000000 0x20000>;
>> +        st,srwiad;
>> +    };
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index e08767323763..b9a1276e94a9 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -25092,6 +25092,11 @@ F:	Documentation/arch/arm/stm32/stm32-dma-mdma-chaining.rst
>>   F:	Documentation/devicetree/bindings/dma/stm32/
>>   F:	drivers/dma/stm32/
>>   
>> +STM32 SoC FIREWALL DRIVERS
> 
> s/SoC/SOC/
> 
> 
> Best regards,
> Krzysztof

[PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral
[PATCH 2/7] soc: st: add RISAB dump debug driver
[PATCH 3/7] arm64: dts: st: add RISAB1/2/3/4/5/6 nodes to stm32mp251.dtsi
[PATCH 4/7] arm64: dts: st: add RISAB1/2/3/4/5/6 nodes to stm32mp231.dtsi
[PATCH 5/7] arm64: dts: st: enable all RISAB instances on the stm32mp257f-ev1 board
[PATCH 6/7] arm64: dts: st: enable all RISAB instances on the stm32mp257f-dk board
[PATCH 7/7] arm64: dts: st: enable all RISAB instances on the stm32mp235f-dk board