Re: [PATCH 1/7] dt-bindings: soc: st: document the RISAB firewall peripheral

[Gatien CHEVALLIER]

On 2/13/26 16:06, Krzysztof Kozlowski wrote:
> On 10/02/2026 10:55, Gatien CHEVALLIER wrote:
> > > > +  memory-region:
> > > > +    minItems: 1
> > > > +    maxItems: 32
> > > > +    description:
> > > > +      Phandle to nodes describing memory regions to be configured in the RISAB
> > > > +      by the trusted domain of at least a RISAB page size.
> > > > +      These regions cannot overlap. A zone must be within st,mem-map range and
> > > > +      can be represented by one or more pages.
> > > > +
> > > > +  st,mem-map:
> > > > +    $ref: /schemas/types.yaml#/definitions/uint32-array
> > > > +    description: Memory address range covered by the RISAB.
> > > > +    items:
> > > > +      - description: Memory range base address
> > > > +      - description: Memory range size
> > >
> > > Why do you need this property if you have memory-region already? This
> > > also should be part of <reg>, although this mixing with memory-region is
> > > anyway confusing.
> >
> > The RISAB is a memory firewall peripheral covering internal RAMs. It is
> > possible to configure multiple memory regions within these RAMs (done by
> > the Trusted Domain) with security, privilege and compartment isolation.
> > This peripheral allow 4kBytes page granularity. Each page can hold
> > different access rights, with 32 pages at most (hence the maxItems: 32).
> > That is some information that can be added to the documentation.
> >
> > Moreover, when a region is delegated to a non-secure privileged
> > component, this component can configure the privilege level necessary to
> > access the region.
> >
> > This property gives me the opportunity to get the memory range covered
> > by the RISAB. "reg" here is used to access the actual RISAB registers
> > holding the configuration.
>
> Looks awfully like memory regions still :/

IIUC the memory-region property references memory regions within
a reserved memory. Which is not really what I want to describe
here as I want to get the boundaries of the whole range. The
memory-region property would be used by the Trusted Domain / kernel
to get each regions (or only one that represents the whole range) of the
internal RAM to apply desired access rights to them / use them.

Describing the memory range using a reserved memory would make the
kernel exclude this memory range from the normal usage, no?

I think declaring a "boundaries" memory region with no usage for the
kernel wouldn't make sense. The kernel may not be able to access the
whole memory range.

> > > > +
> > > > +  st,srwiad:
> > > > +    description:
> > > > +      When set, the trusted domain configures the RISAB to allow secure
> > > > +      read/write data accesses to non-secure blocks and pages. Secure execute
> > > > +      remains illegal.
> > > > +    type: boolean
> > >
> > > Shouldn't this be a property of given block from memory-regions, not
> > > entire RISAB?
> >
> > It is a global setting for the whole RISAB (in RISAB_CR register) so I
> > think it's fine keeping it at RISAB level.
>
> And in the next version of your IP? It really feels like description of
> memory region, not the entire device.

Then I would expect it to be part of the page-based configuration and
this property could be constrained to current platforms. Is that fine?

Best regards,
Gatien

> Best regards,
> Krzysztof