[PATCH 06/11] stm32mp1: dynamically detect op-tee presence

Patrick Delaunay patrick.delaunay at st.com
Wed Mar 18 09:22:49 CET 2020 

Activate OP-TEE driver for trusted and optee defconfig.

This driver allows detection of TEE presence for boot from flash;
CONFIG_STM32MP1_OPTEE is also removed.

Signed-off-by: Patrick Delaunay <patrick.delaunay at st.com>
---

 arch/arm/mach-stm32mp/Kconfig           | 10 ----------
 arch/arm/mach-stm32mp/fdt.c             |  4 +++-
 board/dhelectronics/dh_stm32mp1/board.c |  4 +---
 board/st/common/stm32mp_mtdparts.c      |  6 ++++--
 board/st/stm32mp1/stm32mp1.c            |  4 +---
 configs/stm32mp15_optee_defconfig       |  4 +++-
 configs/stm32mp15_trusted_defconfig     |  3 +++
 7 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig
index 96153693a7..1a5545b98d 100644
--- a/arch/arm/mach-stm32mp/Kconfig
+++ b/arch/arm/mach-stm32mp/Kconfig
@@ -93,16 +93,6 @@ config STM32MP1_TRUSTED
 		BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32
 		TF-A monitor provides proprietary SMC to manage secure devices
 
-config STM32MP1_OPTEE
-	bool "Support trusted boot with TF-A and OP-TEE"
-	depends on STM32MP1_TRUSTED
-	default n
-	help
-		Say Y here to enable boot with TF-A and OP-TEE
-		Trusted boot chain is :
-		BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32
-		OP-TEE monitor provides ST SMC to access to secure resources
-
 config SYS_TEXT_BASE
 	default 0xC0100000
 
diff --git a/arch/arm/mach-stm32mp/fdt.c b/arch/arm/mach-stm32mp/fdt.c
index ae82270e42..21b5f09728 100644
--- a/arch/arm/mach-stm32mp/fdt.c
+++ b/arch/arm/mach-stm32mp/fdt.c
@@ -5,6 +5,7 @@
 
 #include <common.h>
 #include <fdt_support.h>
+#include <tee.h>
 #include <asm/arch/sys_proto.h>
 #include <dt-bindings/pinctrl/stm32-pinfunc.h>
 #include <linux/io.h>
@@ -322,7 +323,8 @@ int ft_system_setup(void *blob, bd_t *bd)
 				       "st,package", pkg, false);
 	}
 
-	if (!CONFIG_IS_ENABLED(STM32MP1_OPTEE))
+	if (!CONFIG_IS_ENABLED(OPTEE) ||
+	    !tee_find_device(NULL, NULL, NULL, NULL))
 		stm32_fdt_disable_optee(blob);
 
 	return ret;
diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c
index bd6540a2aa..ea51b92282 100644
--- a/board/dhelectronics/dh_stm32mp1/board.c
+++ b/board/dhelectronics/dh_stm32mp1/board.c
@@ -117,9 +117,7 @@ int checkboard(void)
 	const char *fdt_compat;
 	int fdt_compat_len;
 
-	if (IS_ENABLED(CONFIG_STM32MP1_OPTEE))
-		mode = "trusted with OP-TEE";
-	else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
+	if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
 		mode = "trusted";
 	else
 		mode = "basic";
diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c
index d4c0a7db9f..2b6413be16 100644
--- a/board/st/common/stm32mp_mtdparts.c
+++ b/board/st/common/stm32mp_mtdparts.c
@@ -9,6 +9,7 @@
 #include <env_internal.h>
 #include <mtd.h>
 #include <mtd_node.h>
+#include <tee.h>
 
 #define MTDPARTS_LEN		256
 #define MTDIDS_LEN		128
@@ -49,7 +50,7 @@ static void board_get_mtdparts(const char *dev,
 		strncat(mtdparts, ",", MTDPARTS_LEN);
 	}
 
-	if (CONFIG_IS_ENABLED(STM32MP1_OPTEE) && tee) {
+	if (tee) {
 		strncat(mtdparts, tee, MTDPARTS_LEN);
 		strncat(mtdparts, ",", MTDPARTS_LEN);
 	}
@@ -72,7 +73,8 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
 		return;
 	}
 
-	if (CONFIG_IS_ENABLED(STM32MP1_OPTEE))
+	if (CONFIG_IS_ENABLED(OPTEE) &&
+	    tee_find_device(NULL, NULL, NULL, NULL))
 		tee = true;
 
 	memset(parts, 0, sizeof(parts));
diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c
index 2ab3b5cc9a..14c56a0f24 100644
--- a/board/st/stm32mp1/stm32mp1.c
+++ b/board/st/stm32mp1/stm32mp1.c
@@ -87,9 +87,7 @@ int checkboard(void)
 	const char *fdt_compat;
 	int fdt_compat_len;
 
-	if (IS_ENABLED(CONFIG_STM32MP1_OPTEE))
-		mode = "trusted with OP-TEE";
-	else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
+	if (CONFIG_IS_ENABLED(STM32MP1_TRUSTED))
 		mode = "trusted";
 	else
 		mode = "basic";
diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig
index 317cd55862..f0d524d344 100644
--- a/configs/stm32mp15_optee_defconfig
+++ b/configs/stm32mp15_optee_defconfig
@@ -4,7 +4,6 @@ CONFIG_SYS_MALLOC_F_LEN=0x3000
 CONFIG_ENV_SECT_SIZE=0x40000
 CONFIG_ENV_OFFSET=0x280000
 CONFIG_TARGET_ST_STM32MP15x=y
-CONFIG_STM32MP1_OPTEE=y
 CONFIG_ENV_OFFSET_REDUND=0x2C0000
 CONFIG_DISTRO_DEFAULTS=y
 CONFIG_FIT=y
@@ -111,6 +110,9 @@ CONFIG_SPI=y
 CONFIG_DM_SPI=y
 CONFIG_STM32_QSPI=y
 CONFIG_STM32_SPI=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+# CONFIG_OPTEE_TA_AVB is not set
 CONFIG_USB=y
 CONFIG_DM_USB=y
 CONFIG_DM_USB_GADGET=y
diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig
index 73cbe6c7d6..f0d524d344 100644
--- a/configs/stm32mp15_trusted_defconfig
+++ b/configs/stm32mp15_trusted_defconfig
@@ -110,6 +110,9 @@ CONFIG_SPI=y
 CONFIG_DM_SPI=y
 CONFIG_STM32_QSPI=y
 CONFIG_STM32_SPI=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+# CONFIG_OPTEE_TA_AVB is not set
 CONFIG_USB=y
 CONFIG_DM_USB=y
 CONFIG_DM_USB_GADGET=y
-- 
2.17.1

More information about the U-Boot mailing list