[Uboot-stm32] [PATCH] configs: stm32mp1: replace STM32MP1_TRUSTED by TFABOOT
Patrice CHOTARD
patrice.chotard at st.com
Wed Apr 15 09:29:45 CEST 2020
Hi
On 4/1/20 9:46 AM, Patrice CHOTARD wrote:
> Hi Patrick
>
> On 4/1/20 9:07 AM, Patrick Delaunay wrote:
>> Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp
>> specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT
>> introduced by the commit 535d76a12150 ("armv8: layerscape: Add TFABOOT
>> support").
>> This config CONFIG_TFABOOT is activated for the trusted boot chain,
>> when U-Boot is loaded by TF-A.
>>
>> Signed-off-by: Patrick Delaunay <patrick.delaunay at st.com>
>> ---
Applied to u-boot-stm/next
Thanks
Patrice
>>
>> arch/arm/Kconfig | 1 +
>> arch/arm/mach-stm32mp/Kconfig | 21 ++++++---------------
>> arch/arm/mach-stm32mp/bsec.c | 18 +++++++++---------
>> arch/arm/mach-stm32mp/cpu.c | 10 +++++-----
>> board/dhelectronics/dh_stm32mp1/board.c | 4 ++--
>> board/st/stm32mp1/stm32mp1.c | 4 ++--
>> configs/stm32mp15_optee_defconfig | 1 +
>> configs/stm32mp15_trusted_defconfig | 1 +
>> drivers/clk/clk_stm32mp1.c | 2 +-
>> drivers/ram/stm32mp1/stm32mp1_ram.c | 2 +-
>> include/configs/stm32mp1.h | 2 +-
>> 11 files changed, 30 insertions(+), 36 deletions(-)
>>
>> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
>> index 5d367888d8..54ff4557d4 100644
>> --- a/arch/arm/Kconfig
>> +++ b/arch/arm/Kconfig
>> @@ -1583,6 +1583,7 @@ config ARCH_STI
>> config ARCH_STM32MP
>> bool "Support STMicroelectronics STM32MP Socs with cortex A"
>> select ARCH_MISC_INIT
>> + select ARCH_SUPPORT_TFABOOT
>> select BOARD_LATE_INIT
>> select CLK
>> select DM
>> diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig
>> index e4d621dee8..e42e9e2e82 100644
>> --- a/arch/arm/mach-stm32mp/Kconfig
>> +++ b/arch/arm/mach-stm32mp/Kconfig
>> @@ -35,9 +35,10 @@ config ENV_SIZE
>>
>> config STM32MP15x
>> bool "Support STMicroelectronics STM32MP15x Soc"
>> - select ARCH_SUPPORT_PSCI if !STM32MP1_TRUSTED
>> + select ARCH_SUPPORT_PSCI if !TFABOOT
>> + select ARM_SMCCC if TFABOOT
>> select CPU_V7A
>> - select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED
>> + select CPU_V7_HAS_NONSEC if !TFABOOT
>> select CPU_V7_HAS_VIRT
>> select OF_BOARD_SETUP
>> select PINCTRL_STM32
>> @@ -45,8 +46,8 @@ config STM32MP15x
>> select STM32_RESET
>> select STM32_SERIAL
>> select SYS_ARCH_TIMER
>> - imply SYSRESET_PSCI if STM32MP1_TRUSTED
>> - imply SYSRESET_SYSCON if !STM32MP1_TRUSTED
>> + imply SYSRESET_PSCI if TFABOOT
>> + imply SYSRESET_SYSCON if !TFABOOT
>> help
>> support of STMicroelectronics SOC STM32MP15x family
>> STM32MP157, STM32MP153 or STM32MP151
>> @@ -83,19 +84,9 @@ config TARGET_DH_STM32MP1_PDK2
>>
>> endchoice
>>
>> -config STM32MP1_TRUSTED
>> - bool "Support trusted boot with TF-A"
>> - default y if !SPL
>> - select ARM_SMCCC
>> - help
>> - Say Y here to enable boot with TF-A
>> - Trusted boot chain is :
>> - BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32
>> - TF-A monitor provides proprietary SMC to manage secure devices
>> -
>> config STM32MP1_OPTEE
>> bool "Support trusted boot with TF-A and OP-TEE"
>> - depends on STM32MP1_TRUSTED
>> + depends on TFABOOT
>> default n
>> help
>> Say Y here to enable boot with TF-A and OP-TEE
>> diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c
>> index 3b923f088e..0d5850b4a9 100644
>> --- a/arch/arm/mach-stm32mp/bsec.c
>> +++ b/arch/arm/mach-stm32mp/bsec.c
>> @@ -68,7 +68,7 @@ static bool bsec_read_lock(u32 address, u32 otp)
>> return !!(readl(address + bank) & bit);
>> }
>>
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> /**
>> * bsec_check_error() - Check status of one otp
>> * @base: base address of bsec IP
>> @@ -273,7 +273,7 @@ static int bsec_program_otp(long base, u32 val, u32 otp)
>>
>> return ret;
>> }
>> -#endif /* CONFIG_STM32MP1_TRUSTED */
>> +#endif /* CONFIG_TFABOOT */
>>
>> /* BSEC MISC driver *******************************************************/
>> struct stm32mp_bsec_platdata {
>> @@ -282,7 +282,7 @@ struct stm32mp_bsec_platdata {
>>
>> static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp)
>> {
>> -#ifdef CONFIG_STM32MP1_TRUSTED
>> +#ifdef CONFIG_TFABOOT
>> return stm32_smc(STM32_SMC_BSEC,
>> STM32_SMC_READ_OTP,
>> otp, 0, val);
>> @@ -313,7 +313,7 @@ static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp)
>>
>> static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp)
>> {
>> -#ifdef CONFIG_STM32MP1_TRUSTED
>> +#ifdef CONFIG_TFABOOT
>> return stm32_smc(STM32_SMC_BSEC,
>> STM32_SMC_READ_SHADOW,
>> otp, 0, val);
>> @@ -336,7 +336,7 @@ static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp)
>>
>> static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp)
>> {
>> -#ifdef CONFIG_STM32MP1_TRUSTED
>> +#ifdef CONFIG_TFABOOT
>> return stm32_smc_exec(STM32_SMC_BSEC,
>> STM32_SMC_PROG_OTP,
>> otp, val);
>> @@ -349,7 +349,7 @@ static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp)
>>
>> static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp)
>> {
>> -#ifdef CONFIG_STM32MP1_TRUSTED
>> +#ifdef CONFIG_TFABOOT
>> return stm32_smc_exec(STM32_SMC_BSEC,
>> STM32_SMC_WRITE_SHADOW,
>> otp, val);
>> @@ -362,7 +362,7 @@ static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp)
>>
>> static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
>> {
>> -#ifdef CONFIG_STM32MP1_TRUSTED
>> +#ifdef CONFIG_TFABOOT
>> if (val == 1)
>> return stm32_smc_exec(STM32_SMC_BSEC,
>> STM32_SMC_WRLOCK_OTP,
>> @@ -473,7 +473,7 @@ static int stm32mp_bsec_ofdata_to_platdata(struct udevice *dev)
>> return 0;
>> }
>>
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> static int stm32mp_bsec_probe(struct udevice *dev)
>> {
>> int otp;
>> @@ -500,7 +500,7 @@ U_BOOT_DRIVER(stm32mp_bsec) = {
>> .ofdata_to_platdata = stm32mp_bsec_ofdata_to_platdata,
>> .platdata_auto_alloc_size = sizeof(struct stm32mp_bsec_platdata),
>> .ops = &stm32mp_bsec_ops,
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> .probe = stm32mp_bsec_probe,
>> #endif
>> };
>> diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
>> index 9aa5794334..74d03fa7dd 100644
>> --- a/arch/arm/mach-stm32mp/cpu.c
>> +++ b/arch/arm/mach-stm32mp/cpu.c
>> @@ -76,7 +76,7 @@
>> #define PKG_MASK GENMASK(2, 0)
>>
>> #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> static void security_init(void)
>> {
>> /* Disable the backup domain write protection */
>> @@ -136,7 +136,7 @@ static void security_init(void)
>> writel(BIT(0), RCC_MP_AHB5ENSETR);
>> writel(0x0, GPIOZ_SECCFGR);
>> }
>> -#endif /* CONFIG_STM32MP1_TRUSTED */
>> +#endif /* CONFIG_TFABOOT */
>>
>> /*
>> * Debug init
>> @@ -150,7 +150,7 @@ static void dbgmcu_init(void)
>> }
>> #endif /* !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) */
>>
>> -#if !defined(CONFIG_STM32MP1_TRUSTED) && \
>> +#if !defined(CONFIG_TFABOOT) && \
>> (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD))
>> /* get bootmode from ROM code boot context: saved in TAMP register */
>> static void update_bootmode(void)
>> @@ -198,7 +198,7 @@ int arch_cpu_init(void)
>>
>> #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)
>> dbgmcu_init();
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> security_init();
>> update_bootmode();
>> #endif
>> @@ -214,7 +214,7 @@ int arch_cpu_init(void)
>> if ((boot_mode & TAMP_BOOT_DEVICE_MASK) == BOOT_SERIAL_UART)
>> gd->flags |= GD_FLG_SILENT | GD_FLG_DISABLE_CONSOLE;
>> #if defined(CONFIG_DEBUG_UART) && \
>> - !defined(CONFIG_STM32MP1_TRUSTED) && \
>> + !defined(CONFIG_TFABOOT) && \
>> (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD))
>> else
>> debug_uart_init();
>> diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c
>> index b663696983..c39a4b193c 100644
>> --- a/board/dhelectronics/dh_stm32mp1/board.c
>> +++ b/board/dhelectronics/dh_stm32mp1/board.c
>> @@ -119,7 +119,7 @@ int checkboard(void)
>>
>> if (IS_ENABLED(CONFIG_STM32MP1_OPTEE))
>> mode = "trusted with OP-TEE";
>> - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
>> + else if (IS_ENABLED(CONFIG_TFABOOT))
>> mode = "trusted";
>> else
>> mode = "basic";
>> @@ -284,7 +284,7 @@ static void __maybe_unused led_error_blink(u32 nb_blink)
>>
>> static void sysconf_init(void)
>> {
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> u8 *syscfg;
>> #ifdef CONFIG_DM_REGULATOR
>> struct udevice *pwr_dev;
>> diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c
>> index 07f5344ec9..6c884028d3 100644
>> --- a/board/st/stm32mp1/stm32mp1.c
>> +++ b/board/st/stm32mp1/stm32mp1.c
>> @@ -92,7 +92,7 @@ int checkboard(void)
>>
>> if (IS_ENABLED(CONFIG_STM32MP1_OPTEE))
>> mode = "trusted with OP-TEE";
>> - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
>> + else if (IS_ENABLED(TFABOOT))
>> mode = "trusted";
>> else
>> mode = "basic";
>> @@ -462,7 +462,7 @@ static int board_check_usb_power(void)
>>
>> static void sysconf_init(void)
>> {
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> u8 *syscfg;
>> #ifdef CONFIG_DM_REGULATOR
>> struct udevice *pwr_dev;
>> diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig
>> index 298611776d..6c17bd9b20 100644
>> --- a/configs/stm32mp15_optee_defconfig
>> +++ b/configs/stm32mp15_optee_defconfig
>> @@ -1,5 +1,6 @@
>> CONFIG_ARM=y
>> CONFIG_ARCH_STM32MP=y
>> +CONFIG_TFABOOT=y
>> CONFIG_SYS_MALLOC_F_LEN=0x3000
>> CONFIG_ENV_SECT_SIZE=0x40000
>> CONFIG_ENV_OFFSET=0x280000
>> diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig
>> index 6928e9a65c..7592f6fcc4 100644
>> --- a/configs/stm32mp15_trusted_defconfig
>> +++ b/configs/stm32mp15_trusted_defconfig
>> @@ -1,5 +1,6 @@
>> CONFIG_ARM=y
>> CONFIG_ARCH_STM32MP=y
>> +CONFIG_TFABOOT=y
>> CONFIG_SYS_MALLOC_F_LEN=0x3000
>> CONFIG_ENV_SECT_SIZE=0x40000
>> CONFIG_ENV_OFFSET=0x280000
>> diff --git a/drivers/clk/clk_stm32mp1.c b/drivers/clk/clk_stm32mp1.c
>> index 52bd8e96f3..50df8425bf 100644
>> --- a/drivers/clk/clk_stm32mp1.c
>> +++ b/drivers/clk/clk_stm32mp1.c
>> @@ -19,7 +19,7 @@
>>
>> DECLARE_GLOBAL_DATA_PTR;
>>
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)
>> /* activate clock tree initialization in the driver */
>> #define STM32MP1_CLOCK_TREE_INIT
>> diff --git a/drivers/ram/stm32mp1/stm32mp1_ram.c b/drivers/ram/stm32mp1/stm32mp1_ram.c
>> index b1e593f86b..7b1adc5b24 100644
>> --- a/drivers/ram/stm32mp1/stm32mp1_ram.c
>> +++ b/drivers/ram/stm32mp1/stm32mp1_ram.c
>> @@ -177,7 +177,7 @@ static int stm32mp1_ddr_probe(struct udevice *dev)
>>
>> priv->info.base = STM32_DDR_BASE;
>>
>> -#if !defined(CONFIG_STM32MP1_TRUSTED) && \
>> +#if !defined(CONFIG_TFABOOT) && \
>> (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD))
>> priv->info.size = 0;
>> return stm32mp1_ddr_setup(dev);
>> diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h
>> index 42717c167e..2ba4fb1305 100644
>> --- a/include/configs/stm32mp1.h
>> +++ b/include/configs/stm32mp1.h
>> @@ -10,7 +10,7 @@
>> #include <linux/sizes.h>
>> #include <asm/arch/stm32.h>
>>
>> -#ifndef CONFIG_STM32MP1_TRUSTED
>> +#ifndef CONFIG_TFABOOT
>> /* PSCI support */
>> #define CONFIG_ARMV7_PSCI_1_0
>> #define CONFIG_ARMV7_SECURE_BASE STM32_SYSRAM_BASE
> Reviewed-by: Patrice Chotard <patrice.chotard at st.com>
>
> Thanks
> _______________________________________________
> Uboot-stm32 mailing list
> Uboot-stm32 at st-md-mailman.stormreply.com
> https://st-md-mailman.stormreply.com/mailman/listinfo/uboot-stm32
More information about the U-Boot
mailing list