U-BOOT 2021.07 and STM32MP15x issues for Trusted Boot Chain

gianluca gianlucarenzi at eurek.it
Thu Jul 22 10:01:56 CEST 2021 

Hello list,
I was wondering what I am doing wrong following the procedure explained 
in the doc/board/st/stm32mp1.rst documentation file.

I am using the latest git version (the Makefile says 2021.07).

My goal is to run from sdcard in trusted boot chain (TrustZone secure 
monitor) the evaluation kit STM32MP157C-DK2.

The procedure says:

> The **Trusted** boot chain
> ``````````````````````````
> 
> defconfig_file : stm32mp15_trusted_defconfig
> 
>     +-------------+-------------------------+------------+-------+
>     |  ROM code   | FSBL                    | SSBL       | OS    |
>     +             +-------------------------+------------+-------+
>     |             |Trusted Firmware-A (TF-A)| U-Boot     | Linux |
>     +-------------+-------------------------+------------+-------+
>     | TrustZone   |secure monitor                                |
>     +-------------+-------------------------+------------+-------+
> 
> TF-A performs a full initialization of Secure peripherals and installs a
> secure monitor, BL32:
> 
>   * SPMin provided by TF-A or
>   * OP-TEE from specific partitions (teeh, teed, teex).
> 
> U-Boot is running in normal world and uses the secure monitor to access
> to secure resources.

As far as I understand there is only a single first-stage-boot-loader 
(FSBL) and a second-stage-boot-loader (SSBL), otherwise in the *Basic 
Boot Chain* I have FSBL1 and FSBL2 _and_ a SSBL.


> Build Procedure
> ---------------
> 
> 1. Install the required tools for U-Boot
> 
>    * install package needed in U-Boot makefile
>      (libssl-dev, swig, libpython-dev...)
> 
>    * install ARMv7 toolchain for 32bit Cortex-A (from Linaro,
>      from SDK for STM32MP15x, or any crosstoolchains from your distribution)
>      (you can use any gcc cross compiler compatible with U-Boot)
> 

Done. I am in a Debian Buster DevelWorkstation, so everything is coming 
from the official repos.

At the moment the arm toolchain is: > arm-linux-gnueabihf-gcc -v
> Using built-in specs.
> COLLECT_GCC=arm-linux-gnueabihf-gcc
> COLLECT_LTO_WRAPPER=/usr/lib/gcc-cross/arm-linux-gnueabihf/8/lto-wrapper
> Target: arm-linux-gnueabihf
> Configured with: ../src/configure -v --with-pkgversion='Debian 8.3.0-2' --with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-8 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-libitm --disable-libquadmath --disable-libquadmath-support --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-multiarch --disable-sjlj-exceptions --with-arch=armv7-a --with-fpu=vfpv3-d16 --with-float=hard --with-mode=thumb --disable-werror --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=arm-linux-gnueabihf --program-prefix=arm-linux-gnueabihf- --includedir=/usr/arm-linux-gnueabihf/include
> Thread model: posix
> gcc version 8.3.0 (Debian 8.3.0-2) 


> 2. Set the cross compiler::
> 
>     # export CROSS_COMPILE=/path/to/toolchain/arm-linux-gnueabi-

export CROSS_COMPILE=arm-linux-gnueabihf-

> 
> 3. Select the output directory (optional)::
> 
>    # export KBUILD_OUTPUT=/path/to/output
> 
>    for example: use one output directory for each configuration::
> 
>    # export KBUILD_OUTPUT=stm32mp15_trusted

export KBUILD_OUTPUT=stm32mp15_trusted

> 4. Configure U-Boot::
> 
>    # make <defconfig_file>
> 
>    with <defconfig_file>:
> 
>    - For **trusted** boot mode : **stm32mp15_trusted_defconfig**

make stm32mp15_trusted_defconfig

make[1]: Entering directory 
'/home/gianluca/Progetti-GIT/stm32mp1-debian/bootrom/downloads/u-boot-2021.07/stm32mp15_trusted'
   HOSTCC  scripts/basic/fixdep
   GEN     Makefile
   HOSTCC  scripts/kconfig/conf.o
   YACC    scripts/kconfig/zconf.tab.c
   LEX     scripts/kconfig/zconf.lex.c
   HOSTCC  scripts/kconfig/zconf.tab.o
   HOSTLD  scripts/kconfig/conf
#
# configuration written to .config
#
make[1]: Leaving directory 
'/home/gianluca/Progetti-GIT/stm32mp1-debian/bootrom/downloads/u-boot-2021.07/stm32mp15_trusted'

> 
> 5. Configure the device-tree and build the U-Boot image::
> 
>    # make DEVICE_TREE=<name> all
> 

make DEVICE_TREE=stm32mp157c-dk2 all
make[1]: Entering directory 
'/home/gianluca/Progetti-GIT/stm32mp1-debian/bootrom/downloads/u-boot-2021.07/stm32mp15_trusted'
   GEN     Makefile
scripts/kconfig/conf  --syncconfig Kconfig
   UPD     include/config.h
   CFG     u-boot.cfg
   GEN     include/autoconf.mk
   GEN     include/autoconf.mk.dep
   CFGCHK  u-boot.cfg
   UPD     include/config/uboot.release
   Using .. as source for U-Boot
   GEN     Makefile
   UPD     include/generated/version_autogenerated.h
   UPD     include/generated/timestamp_autogenerated.h
   UPD     include/generated/dt.h
   ...
   ...
   ...
   CC      net/tftp.o
   AR      net/built-in.o
   LDS     u-boot.lds
   LD      u-boot
   OBJCOPY u-boot-nodtb.bin
   DTC     arch/arm/dts/stm32mp157a-dk1.dtb
   DTC     arch/arm/dts/stm32mp157a-avenger96.dtb
   DTC     arch/arm/dts/stm32mp157a-icore-stm32mp1-ctouch2.dtb
   DTC     arch/arm/dts/stm32mp157a-icore-stm32mp1-edimm2.2.dtb
   DTC     arch/arm/dts/stm32mp157a-microgea-stm32mp1-microdev2.0.dtb
   DTC     arch/arm/dts/stm32mp157a-microgea-stm32mp1-microdev2.0-of7.dtb
   DTC     arch/arm/dts/stm32mp157c-dk2.dtb
   DTC     arch/arm/dts/stm32mp157c-ed1.dtb
   DTC     arch/arm/dts/stm32mp157c-ev1.dtb
   DTC     arch/arm/dts/stm32mp157c-odyssey.dtb
   DTC     arch/arm/dts/stm32mp15xx-dhcom-drc02.dtb
   DTC     arch/arm/dts/stm32mp15xx-dhcom-pdk2.dtb
   DTC     arch/arm/dts/stm32mp15xx-dhcom-picoitx.dtb
   DTC     arch/arm/dts/stm32mp15xx-dhcor-avenger96.dtb
   SHIPPED dts/dt.dtb
   CAT     u-boot-dtb.bin
   COPY    u-boot.bin
   MKIMAGE u-boot.stm32
   OBJCOPY u-boot.srec
   SYM     u-boot.sym
   COPY    u-boot.dtb
make[1]: Leaving directory 
'/home/gianluca/Progetti-GIT/stm32mp1-debian/bootrom/downloads/u-boot-2021.07/stm32mp15_trusted'

> 
> 6. Output files
> 
>    BootRom and TF-A expect binaries with STM32 image header
>    SPL expects file with U-Boot uImage header
> 
>    So in the output directory (selected by KBUILD_OUTPUT),
>    you can found the needed files:
> 
>   - For **Trusted** boot (with or without OP-TEE)
> 
>      - FSBL = **tf-a.stm32** (provided by TF-A compilation)
>      - SSBL = **u-boot.stm32**

No tf-a.stm32 for TrustZone Boot but only the u-boot.stm32 file.

> 
>   - For Basic boot
> 
>      - FSBL = spl/u-boot-spl.stm32
>      - SSBL = u-boot.img

find . -name 'tf-a.stm32'

find . -name '*tf-a*'

find . -name '*tfa*'
./include/config/tfaboot.h
./include/config/arch/support/tfaboot.h

Where is the tf-a.stm32?????

Something missing by my side???


Regards,
Gianluca Renzi
-- 
Eurek s.r.l.                          |
Electronic Engineering                | http://www.eurek.it
via Celletta 8/B, 40026 Imola, Italy  | Phone: +39-(0)542-609120
p.iva 00690621206 - c.f. 04020030377  | Fax:   +39-(0)542-609212

More information about the U-Boot mailing list