Re: [PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

[Krzysztof Kozlowski]

On 10/02/2026 10:55, Gatien CHEVALLIER wrote:
>>> +  memory-region:
>>> +    minItems: 1
>>> +    maxItems: 32
>>> +    description:
>>> +      Phandle to nodes describing memory regions to be configured in the RISAB
>>> +      by the trusted domain of at least a RISAB page size.
>>> +      These regions cannot overlap. A zone must be within st,mem-map range and
>>> +      can be represented by one or more pages.
>>> +
>>> +  st,mem-map:
>>> +    $ref: /schemas/types.yaml#/definitions/uint32-array
>>> +    description: Memory address range covered by the RISAB.
>>> +    items:
>>> +      - description: Memory range base address
>>> +      - description: Memory range size
>>
>> Why do you need this property if you have memory-region already? This
>> also should be part of <reg>, although this mixing with memory-region is
>> anyway confusing.
>>
> 
> The RISAB is a memory firewall peripheral covering internal RAMs. It is
> possible to configure multiple memory regions within these RAMs (done by
> the Trusted Domain) with security, privilege and compartment isolation.
> This peripheral allow 4kBytes page granularity. Each page can hold
> different access rights, with 32 pages at most (hence the maxItems: 32).
> That is some information that can be added to the documentation.
> 
> Moreover, when a region is delegated to a non-secure privileged
> component, this component can configure the privilege level necessary to
> access the region.
> 
> This property gives me the opportunity to get the memory range covered
> by the RISAB. "reg" here is used to access the actual RISAB registers
> holding the configuration.

Looks awfully like memory regions still :/

> 
>>> +
>>> +  st,srwiad:
>>> +    description:
>>> +      When set, the trusted domain configures the RISAB to allow secure
>>> +      read/write data accesses to non-secure blocks and pages. Secure execute
>>> +      remains illegal.
>>> +    type: boolean
>>
>> Shouldn't this be a property of given block from memory-regions, not
>> entire RISAB?
>>
> 
> It is a global setting for the whole RISAB (in RISAB_CR register) so I
> think it's fine keeping it at RISAB level.

And in the next version of your IP? It really feels like description of
memory region, not the entire device.


Best regards,
Krzysztof