[PATCH v3 0/5] stm32mp1: handle TF-A boot with FIP

Patrick Delaunay patrick.delaunay at foss.st.com
Mon Jul 26 11:21:33 CEST 2021


In next TF-A version the stm32mp1 platform will support the Firmware
Image Package (FIP) [1], a container filled with:
- the U-Boot binary = u-boot-nodtb.bin
- the U-Boot device tree = u-boot.dtb
- the Secure OS (OP-TEE) or the secure monitor (SP_MIN)

Upstream is in progress on TF-A side ([3] but reviews don't yet start).

Each part of the FIP is loaded by TF-A BL2 and U-Boot
is executed with its device tree address as parameter (nt_fw_dtb = r2
introduced by commit 4ac345220afa ("board: stm32mp1: use FDT address
provided by TF-A at boot time")

This FIP container simplifies the OP-TEE management (same number of partition
with or without OP-TEE, OP-TEE dynamically updates the U-Boot device tree
to add the required OP-TEE nodes) and allow support of generic TF-A
features as PKI [2].

This serie allows to generate U-Boot configured for the TF-A BL2 image
types:
- STM32IMAGE: stm32mp15_trusted_defconfig (current behavior)
- FIP: stm32mp15_defconfig (NEW)

The FIP will be the STMicroelectronics recommended image type for
STM32MP15x and the STM32IMAGE support should be marked deprecated in a
future TF-A release.

To prepare this migration, the serie move all the specific code or
device tree nodes for TF-A load of STM32IMAGE under compilation
flag CONFIG_STM32MP15x_STM32IMAGE.

This V3 serie of [4] is rebased on top for u-boot-stm32/master.

I just update documentation after [5] message to clarify TF-A
compilation step.

[1] 4.11. Firmware Image Package (FIP)
fiphttps://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html
stm32mp1: handle TF-A boot with FIP
[2] Authentication Framework & Chain of Trust
https://trustedfirmware-a.readthedocs.io/en/latest/design/auth-framework.html

[3] TF-A Serie proposal : FIP and FCONF for STM32MP1
https://github.com/Yann-lms/arm-trusted-firmware/commits/fip_fconf

[4] stm32mp1: handle TF-A boot with FIP
http://patchwork.ozlabs.org/project/uboot/list/?series=253677&state=*

[5] U-BOOT 2021.07 and STM32MP15x issues for Trusted Boot Chain
https://lists.denx.de/pipermail/u-boot/2021-July/455750.html


Changes in v3:
- add reference for STM32 WIKI, TF-A and OP-TEE
- add information about TF-A compilation and clarify the output files

Changes in v2:
- synchronize defconfig with latest change
- fix one typo: s/ enought / enough

Patrick Delaunay (5):
  arm: stm32mp: add config for STM32IMAGE support
  arm: stm32mp: handle the OP-TEE nodes in DT with FIP support
  arm: stm32mp: add defconfig for trusted boot with FIP
  doc: st: stm32mp1: Add FIP support for trusted boot
  stm32mp1: stm32prog: remove stm32prog_get_tee_partitions with FIP

 arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi      |   9 +-
 arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi      |   9 +-
 arch/arm/mach-stm32mp/Kconfig                 |   7 +
 .../cmd_stm32prog/cmd_stm32prog.c             |   2 +
 .../mach-stm32mp/cmd_stm32prog/stm32prog.c    |   4 +
 .../mach-stm32mp/cmd_stm32prog/stm32prog.h    |   2 +
 arch/arm/mach-stm32mp/config.mk               |   2 +-
 arch/arm/mach-stm32mp/fdt.c                   |  11 +-
 .../arm/mach-stm32mp/include/mach/stm32prog.h |   2 +
 board/st/common/Kconfig                       |  21 +-
 board/st/common/stm32mp_mtdparts.c            |  31 +-
 board/st/stm32mp1/MAINTAINERS                 |   1 +
 board/st/stm32mp1/stm32mp1.c                  |  10 +-
 configs/stm32mp15_defconfig                   | 158 +++++++++
 configs/stm32mp15_trusted_defconfig           |   1 +
 doc/board/st/stm32mp1.rst                     | 328 +++++++++++++-----
 16 files changed, 481 insertions(+), 117 deletions(-)
 create mode 100644 configs/stm32mp15_defconfig

-- 
2.25.1



More information about the U-Boot mailing list