[PATCH v3 3/5] arm: stm32mp: add defconfig for trusted boot with FIP
Patrice CHOTARD
patrice.chotard at foss.st.com
Mon Aug 16 13:38:51 CEST 2021
HI Patrick
On 7/26/21 11:21 AM, Patrick Delaunay wrote:
> Add TF-A FIP support for trusted boot on STM32MP15x,
> when STM32MP15x_STM32IMAGE is not activated.
>
> With FIP support the SSBL partition is named "fip" and its size is 4MB,
> so the ENV partition name in device tree (for SD card or eMMC)
> or offset in defconfig (CONFIG_ENV_OFFSET / CONFIG_ENV_OFFSET_REDUND)
> need to be modified.
>
> With FIP the TEE MTD partitions are removed because the OP-TEE binray are
> included in the FIP containers.
>
> Signed-off-by: Patrick Delaunay <patrick.delaunay at foss.st.com>
> Reviewed-by: Patrice Chotard <patrice.chotard at foss.st.com>
> ---
>
> (no changes since v2)
>
> Changes in v2:
> - synchronize defconfig with latest change
>
> arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 6 +-
> arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 6 +-
> board/st/common/Kconfig | 21 ++-
> board/st/common/stm32mp_mtdparts.c | 31 +++--
> board/st/stm32mp1/MAINTAINERS | 1 +
> configs/stm32mp15_defconfig | 158 +++++++++++++++++++++++
> 6 files changed, 207 insertions(+), 16 deletions(-)
> create mode 100644 configs/stm32mp15_defconfig
>
> diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
> index 8b66dace37..460a14e8a9 100644
> --- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
> +++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
> @@ -15,13 +15,17 @@
> config {
> u-boot,boot-led = "heartbeat";
> u-boot,error-led = "error";
> - u-boot,mmc-env-partition = "ssbl";
> + u-boot,mmc-env-partition = "fip";
> st,adc_usb_pd = <&adc1 18>, <&adc1 19>;
> st,fastboot-gpios = <&gpioa 13 GPIO_ACTIVE_LOW>;
> st,stm32prog-gpios = <&gpioa 14 GPIO_ACTIVE_LOW>;
> };
>
> #ifdef CONFIG_STM32MP15x_STM32IMAGE
> + config {
> + u-boot,mmc-env-partition = "ssbl";
> + };
> +
> /* only needed for boot with TF-A, witout FIP support */
> firmware {
> optee {
> diff --git a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
> index e5a1cb7084..69eb285bf7 100644
> --- a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
> +++ b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
> @@ -15,12 +15,16 @@
> config {
> u-boot,boot-led = "heartbeat";
> u-boot,error-led = "error";
> - u-boot,mmc-env-partition = "ssbl";
> + u-boot,mmc-env-partition = "fip";
> st,fastboot-gpios = <&gpioa 13 GPIO_ACTIVE_LOW>;
> st,stm32prog-gpios = <&gpioa 14 GPIO_ACTIVE_LOW>;
> };
>
> #ifdef CONFIG_STM32MP15x_STM32IMAGE
> + config {
> + u-boot,mmc-env-partition = "ssbl";
> + };
> +
> /* only needed for boot with TF-A, witout FIP support */
> firmware {
> optee {
> diff --git a/board/st/common/Kconfig b/board/st/common/Kconfig
> index ddcf33a122..2f57118bb2 100644
> --- a/board/st/common/Kconfig
> +++ b/board/st/common/Kconfig
> @@ -8,18 +8,22 @@ config CMD_STBOARD
>
> config MTDPARTS_NAND0_BOOT
> string "mtd boot partitions for nand0"
> - default "2m(fsbl),2m(ssbl1),2m(ssbl2)"
> + default "2m(fsbl),2m(ssbl1),2m(ssbl2)" if STM32MP15x_STM32IMAGE || \
> + !TFABOOT
> + default "2m(fsbl),4m(fip1),4m(fip2)"
> depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP
> help
> This define the partitions of nand0 used to build mtparts dynamically
> for boot from nand0.
> Each partition need to be aligned with the device erase block size,
> 512KB is the max size for the NAND supported by stm32mp1 platform.
> + The fsbl partition support multiple copy of the same binary, one by
> + erase block.
>
> config MTDPARTS_NAND0_TEE
> string "mtd tee partitions for nand0"
> default "512k(teeh),512k(teed),512k(teex)"
> - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP
> + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE
> help
> This define the tee partitions added in mtparts dynamically
> when tee is supported with boot from nand0.
> @@ -28,7 +32,9 @@ config MTDPARTS_NAND0_TEE
>
> config MTDPARTS_NOR0_BOOT
> string "mtd boot partitions for nor0"
> - default "256k(fsbl1),256k(fsbl2),2m(ssbl),512k(u-boot-env)"
> + default "256k(fsbl1),256k(fsbl2),2m(ssbl),512k(u-boot-env)" if STM32MP15x_STM32IMAGE || \
> + !TFABOOT
> + default "256k(fsbl1),256k(fsbl2),4m(fip),512k(u-boot-env)"
> depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP
> help
> This define the partitions of nand0 used to build mtparts dynamically
> @@ -40,24 +46,27 @@ config MTDPARTS_NOR0_BOOT
> config MTDPARTS_NOR0_TEE
> string "mtd tee partitions for nor0"
> default "256k(teeh),512k(teed),256k(teex)"
> - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP
> + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE
> help
> This define the tee partitions added in mtparts dynamically
> when tee is supported with boot from nor0.
>
> config MTDPARTS_SPINAND0_BOOT
> string "mtd boot partitions for spi-nand0"
> - default "2m(fsbl),2m(ssbl1),2m(ssbl2)"
> + default "2m(fsbl),2m(ssbl1),2m(ssbl2)" if STM32MP15x_STM32IMAGE || !TFABOOT
> + default "2m(fsbl),4m(fip1),4m(fip2)"
> depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP
> help
> This define the partitions of nand0 used to build mtparts dynamically
> for boot from spi-nand0,
> 512KB is the max size for the NAND supported by stm32mp1 platform.
> + The fsbl partition support multiple copy of the same binary, one by
> + erase block.
>
> config MTDPARTS_SPINAND0_TEE
> string "mtd tee partitions for spi-nand0"
> default "512k(teeh),512k(teed),512k(teex)"
> - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP
> + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE
> help
> This define the tee partitions added in mtparts dynamically
> when tee is supported with boot from spi-nand0,
> diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c
> index f074fc189d..8b636d62fa 100644
> --- a/board/st/common/stm32mp_mtdparts.c
> +++ b/board/st/common/stm32mp_mtdparts.c
> @@ -11,7 +11,9 @@
> #include <log.h>
> #include <mtd.h>
> #include <mtd_node.h>
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> #include <tee.h>
> +#endif
> #include <asm/arch/stm32prog.h>
> #include <asm/arch/sys_proto.h>
> #include <asm/global_data.h>
> @@ -31,7 +33,9 @@ static void board_set_mtdparts(const char *dev,
> char *mtdids,
> char *mtdparts,
> const char *boot,
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> const char *tee,
> +#endif
> const char *user)
> {
> /* mtdids: "<dev>=<dev>, ...." */
> @@ -55,10 +59,12 @@ static void board_set_mtdparts(const char *dev,
> strncat(mtdparts, ",", MTDPARTS_LEN);
> }
>
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> if (tee) {
> strncat(mtdparts, tee, MTDPARTS_LEN);
> strncat(mtdparts, ",", MTDPARTS_LEN);
> }
> +#endif
>
> strncat(mtdparts, user, MTDPARTS_LEN);
> }
> @@ -70,7 +76,10 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
> static char parts[3 * MTDPARTS_LEN + 1];
> static char ids[MTDIDS_LEN + 1];
> static bool mtd_initialized;
> - bool tee, nor, nand, spinand, serial;
> + bool nor, nand, spinand, serial;
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> + bool tee = false;
> +#endif
>
> if (mtd_initialized) {
> *mtdids = ids;
> @@ -78,7 +87,6 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
> return;
> }
>
> - tee = false;
> nor = false;
> nand = false;
> spinand = false;
> @@ -89,7 +97,9 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
> case BOOT_SERIAL_USB:
> serial = true;
> if (CONFIG_IS_ENABLED(CMD_STM32PROG)) {
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> tee = stm32prog_get_tee_partitions();
> +#endif
> nor = stm32prog_get_fsbl_nor();
> }
> nand = true;
> @@ -108,9 +118,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
> break;
> }
>
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> if (!serial && CONFIG_IS_ENABLED(OPTEE) &&
> tee_find_device(NULL, NULL, NULL, NULL))
> tee = true;
> +#endif
>
> memset(parts, 0, sizeof(parts));
> memset(ids, 0, sizeof(ids));
> @@ -125,10 +137,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
> if (nand) {
> mtd = get_mtd_device_nm("nand0");
> if (!IS_ERR_OR_NULL(mtd)) {
> - const char *mtd_tee = CONFIG_MTDPARTS_NAND0_TEE;
> board_set_mtdparts("nand0", ids, parts,
> CONFIG_MTDPARTS_NAND0_BOOT,
> - !nor && tee ? mtd_tee : NULL,
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> + !nor && tee ? CONFIG_MTDPARTS_NAND0_TEE : NULL,
> +#endif
> "-(UBI)");
> put_mtd_device(mtd);
> }
> @@ -137,10 +150,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
> if (spinand) {
> mtd = get_mtd_device_nm("spi-nand0");
> if (!IS_ERR_OR_NULL(mtd)) {
> - const char *mtd_tee = CONFIG_MTDPARTS_SPINAND0_TEE;
> board_set_mtdparts("spi-nand0", ids, parts,
> CONFIG_MTDPARTS_SPINAND0_BOOT,
> - !nor && tee ? mtd_tee : NULL,
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> + !nor && tee ? CONFIG_MTDPARTS_SPINAND0_TEE : NULL,
> +#endif
> "-(UBI)");
> put_mtd_device(mtd);
> }
> @@ -148,10 +162,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
>
> if (nor) {
> if (!uclass_get_device(UCLASS_SPI_FLASH, 0, &dev)) {
> - const char *mtd_tee = CONFIG_MTDPARTS_NOR0_TEE;
> board_set_mtdparts("nor0", ids, parts,
> CONFIG_MTDPARTS_NOR0_BOOT,
> - tee ? mtd_tee : NULL,
> +#ifdef CONFIG_STM32MP15x_STM32IMAGE
> + tee ? CONFIG_MTDPARTS_NOR0_TEE : NULL,
> +#endif
> "-(nor_user)");
> }
> }
> diff --git a/board/st/stm32mp1/MAINTAINERS b/board/st/stm32mp1/MAINTAINERS
> index fe8fc6f484..0e6d80fb45 100644
> --- a/board/st/stm32mp1/MAINTAINERS
> +++ b/board/st/stm32mp1/MAINTAINERS
> @@ -5,6 +5,7 @@ T: git https://source.denx.de/u-boot/custodians/u-boot-stm.git
> S: Maintained
> F: arch/arm/dts/stm32mp15*
> F: board/st/stm32mp1/
> +F: configs/stm32mp15_defconfig
> F: configs/stm32mp15_basic_defconfig
> F: configs/stm32mp15_trusted_defconfig
> F: include/configs/stm32mp1.h
> diff --git a/configs/stm32mp15_defconfig b/configs/stm32mp15_defconfig
> new file mode 100644
> index 0000000000..b11da7dc9f
> --- /dev/null
> +++ b/configs/stm32mp15_defconfig
> @@ -0,0 +1,158 @@
> +CONFIG_ARM=y
> +CONFIG_ARCH_STM32MP=y
> +CONFIG_TFABOOT=y
> +CONFIG_SYS_MALLOC_F_LEN=0x3000
> +CONFIG_SYS_MEMTEST_START=0xc0000000
> +CONFIG_SYS_MEMTEST_END=0xc4000000
> +CONFIG_ENV_OFFSET=0x480000
> +CONFIG_ENV_SECT_SIZE=0x40000
> +CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-ev1"
> +CONFIG_TARGET_ST_STM32MP15x=y
> +CONFIG_CMD_STM32KEY=y
> +CONFIG_CMD_STM32PROG=y
> +CONFIG_ENV_OFFSET_REDUND=0x4C0000
> +CONFIG_TYPEC_STUSB160X=y
> +CONFIG_DISTRO_DEFAULTS=y
> +CONFIG_FIT=y
> +CONFIG_BOOTDELAY=1
> +CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
> +CONFIG_SYS_PROMPT="STM32MP> "
> +CONFIG_CMD_ADTIMG=y
> +CONFIG_CMD_ERASEENV=y
> +CONFIG_CMD_NVEDIT_EFI=y
> +CONFIG_CMD_MEMINFO=y
> +CONFIG_CMD_MEMTEST=y
> +CONFIG_CMD_UNZIP=y
> +CONFIG_CMD_ADC=y
> +CONFIG_CMD_CLK=y
> +CONFIG_CMD_DFU=y
> +CONFIG_CMD_FUSE=y
> +CONFIG_CMD_GPIO=y
> +CONFIG_CMD_I2C=y
> +CONFIG_CMD_MMC=y
> +CONFIG_CMD_REMOTEPROC=y
> +CONFIG_CMD_SPI=y
> +CONFIG_CMD_USB=y
> +CONFIG_CMD_USB_MASS_STORAGE=y
> +CONFIG_CMD_BMP=y
> +CONFIG_CMD_CACHE=y
> +CONFIG_CMD_EFIDEBUG=y
> +CONFIG_CMD_TIME=y
> +CONFIG_CMD_RNG=y
> +CONFIG_CMD_TIMER=y
> +CONFIG_CMD_PMIC=y
> +CONFIG_CMD_REGULATOR=y
> +CONFIG_CMD_EXT4_WRITE=y
> +CONFIG_CMD_MTDPARTS=y
> +CONFIG_CMD_LOG=y
> +CONFIG_CMD_UBI=y
> +CONFIG_OF_LIVE=y
> +CONFIG_ENV_IS_NOWHERE=y
> +CONFIG_ENV_IS_IN_MMC=y
> +CONFIG_ENV_IS_IN_SPI_FLASH=y
> +CONFIG_ENV_IS_IN_UBI=y
> +CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
> +CONFIG_ENV_UBI_PART="UBI"
> +CONFIG_ENV_UBI_VOLUME="uboot_config"
> +CONFIG_ENV_UBI_VOLUME_REDUND="uboot_config_r"
> +CONFIG_SYS_RELOC_GD_ENV_ADDR=y
> +CONFIG_SYS_MMC_ENV_DEV=-1
> +CONFIG_STM32_ADC=y
> +CONFIG_CLK_SCMI=y
> +CONFIG_SET_DFU_ALT_INFO=y
> +CONFIG_USB_FUNCTION_FASTBOOT=y
> +CONFIG_FASTBOOT_BUF_ADDR=0xC0000000
> +CONFIG_FASTBOOT_BUF_SIZE=0x02000000
> +CONFIG_FASTBOOT_USB_DEV=1
> +CONFIG_FASTBOOT_FLASH=y
> +CONFIG_FASTBOOT_FLASH_MMC_DEV=1
> +CONFIG_FASTBOOT_MMC_BOOT_SUPPORT=y
> +CONFIG_FASTBOOT_MMC_BOOT1_NAME="mmc1boot0"
> +CONFIG_FASTBOOT_MMC_BOOT2_NAME="mmc1boot1"
> +CONFIG_FASTBOOT_MMC_USER_SUPPORT=y
> +CONFIG_FASTBOOT_MMC_USER_NAME="mmc1"
> +CONFIG_FASTBOOT_CMD_OEM_FORMAT=y
> +CONFIG_FASTBOOT_CMD_OEM_PARTCONF=y
> +CONFIG_FASTBOOT_CMD_OEM_BOOTBUS=y
> +CONFIG_GPIO_HOG=y
> +CONFIG_DM_HWSPINLOCK=y
> +CONFIG_HWSPINLOCK_STM32=y
> +CONFIG_DM_I2C=y
> +CONFIG_SYS_I2C_STM32F7=y
> +CONFIG_LED=y
> +CONFIG_LED_GPIO=y
> +CONFIG_DM_MAILBOX=y
> +CONFIG_STM32_IPCC=y
> +CONFIG_STM32_FMC2_EBI=y
> +CONFIG_SUPPORT_EMMC_BOOT=y
> +CONFIG_STM32_SDMMC2=y
> +CONFIG_MTD=y
> +CONFIG_DM_MTD=y
> +CONFIG_SYS_MTDPARTS_RUNTIME=y
> +CONFIG_MTD_RAW_NAND=y
> +CONFIG_NAND_STM32_FMC2=y
> +CONFIG_MTD_SPI_NAND=y
> +CONFIG_DM_SPI_FLASH=y
> +CONFIG_SPI_FLASH_MACRONIX=y
> +CONFIG_SPI_FLASH_SPANSION=y
> +CONFIG_SPI_FLASH_STMICRO=y
> +CONFIG_SPI_FLASH_WINBOND=y
> +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
> +CONFIG_SPI_FLASH_MTD=y
> +CONFIG_PHY_REALTEK=y
> +CONFIG_DM_ETH=y
> +CONFIG_DWC_ETH_QOS=y
> +CONFIG_PHY=y
> +CONFIG_PHY_STM32_USBPHYC=y
> +CONFIG_PINCONF=y
> +CONFIG_PINCTRL_STMFX=y
> +CONFIG_DM_PMIC=y
> +CONFIG_PMIC_STPMIC1=y
> +CONFIG_DM_REGULATOR=y
> +CONFIG_DM_REGULATOR_FIXED=y
> +CONFIG_DM_REGULATOR_GPIO=y
> +CONFIG_DM_REGULATOR_STM32_VREFBUF=y
> +CONFIG_DM_REGULATOR_STPMIC1=y
> +CONFIG_REMOTEPROC_STM32_COPRO=y
> +CONFIG_RESET_SCMI=y
> +CONFIG_DM_RNG=y
> +CONFIG_RNG_STM32MP1=y
> +CONFIG_DM_RTC=y
> +CONFIG_RTC_STM32=y
> +CONFIG_SERIAL_RX_BUFFER=y
> +CONFIG_SPI=y
> +CONFIG_DM_SPI=y
> +CONFIG_STM32_QSPI=y
> +CONFIG_STM32_SPI=y
> +CONFIG_TEE=y
> +CONFIG_OPTEE=y
> +# CONFIG_OPTEE_TA_AVB is not set
> +CONFIG_USB=y
> +CONFIG_DM_USB=y
> +CONFIG_DM_USB_GADGET=y
> +CONFIG_USB_EHCI_HCD=y
> +CONFIG_USB_EHCI_GENERIC=y
> +CONFIG_USB_GADGET=y
> +CONFIG_USB_GADGET_MANUFACTURER="STMicroelectronics"
> +CONFIG_USB_GADGET_VENDOR_NUM=0x0483
> +CONFIG_USB_GADGET_PRODUCT_NUM=0x5720
> +CONFIG_USB_GADGET_DWC2_OTG=y
> +CONFIG_DM_VIDEO=y
> +CONFIG_BACKLIGHT_GPIO=y
> +CONFIG_VIDEO_LCD_ORISETECH_OTM8009A=y
> +CONFIG_VIDEO_LCD_RAYDIUM_RM68200=y
> +CONFIG_VIDEO_STM32=y
> +CONFIG_VIDEO_STM32_DSI=y
> +CONFIG_VIDEO_STM32_MAX_XRES=1280
> +CONFIG_VIDEO_STM32_MAX_YRES=800
> +CONFIG_VIDEO_BMP_RLE8=y
> +CONFIG_BMP_16BPP=y
> +CONFIG_BMP_24BPP=y
> +CONFIG_BMP_32BPP=y
> +CONFIG_WDT=y
> +CONFIG_WDT_STM32MP=y
> +CONFIG_ERRNO_STR=y
> +CONFIG_FDT_FIXUP_PARTITIONS=y
> +# CONFIG_LMB_USE_MAX_REGIONS is not set
> +CONFIG_LMB_MEMORY_REGIONS=2
> +CONFIG_LMB_RESERVED_REGIONS=16
>
Applied to u-boot-stm/master
Thanks
Patrice
More information about the U-Boot
mailing list