[PATCH v3 0/5] stm32mp1: handle TF-A boot with FIP
Patrick Delaunay
patrick.delaunay at foss.st.com
Mon Jul 26 11:21:33 CEST 2021
In next TF-A version the stm32mp1 platform will support the Firmware
Image Package (FIP) [1], a container filled with:
- the U-Boot binary = u-boot-nodtb.bin
- the U-Boot device tree = u-boot.dtb
- the Secure OS (OP-TEE) or the secure monitor (SP_MIN)
Upstream is in progress on TF-A side ([3] but reviews don't yet start).
Each part of the FIP is loaded by TF-A BL2 and U-Boot
is executed with its device tree address as parameter (nt_fw_dtb = r2
introduced by commit 4ac345220afa ("board: stm32mp1: use FDT address
provided by TF-A at boot time")
This FIP container simplifies the OP-TEE management (same number of partition
with or without OP-TEE, OP-TEE dynamically updates the U-Boot device tree
to add the required OP-TEE nodes) and allow support of generic TF-A
features as PKI [2].
This serie allows to generate U-Boot configured for the TF-A BL2 image
types:
- STM32IMAGE: stm32mp15_trusted_defconfig (current behavior)
- FIP: stm32mp15_defconfig (NEW)
The FIP will be the STMicroelectronics recommended image type for
STM32MP15x and the STM32IMAGE support should be marked deprecated in a
future TF-A release.
To prepare this migration, the serie move all the specific code or
device tree nodes for TF-A load of STM32IMAGE under compilation
flag CONFIG_STM32MP15x_STM32IMAGE.
This V3 serie of [4] is rebased on top for u-boot-stm32/master.
I just update documentation after [5] message to clarify TF-A
compilation step.
[1] 4.11. Firmware Image Package (FIP)
fiphttps://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html
stm32mp1: handle TF-A boot with FIP
[2] Authentication Framework & Chain of Trust
https://trustedfirmware-a.readthedocs.io/en/latest/design/auth-framework.html
[3] TF-A Serie proposal : FIP and FCONF for STM32MP1
https://github.com/Yann-lms/arm-trusted-firmware/commits/fip_fconf
[4] stm32mp1: handle TF-A boot with FIP
http://patchwork.ozlabs.org/project/uboot/list/?series=253677&state=*
[5] U-BOOT 2021.07 and STM32MP15x issues for Trusted Boot Chain
https://lists.denx.de/pipermail/u-boot/2021-July/455750.html
Changes in v3:
- add reference for STM32 WIKI, TF-A and OP-TEE
- add information about TF-A compilation and clarify the output files
Changes in v2:
- synchronize defconfig with latest change
- fix one typo: s/ enought / enough
Patrick Delaunay (5):
arm: stm32mp: add config for STM32IMAGE support
arm: stm32mp: handle the OP-TEE nodes in DT with FIP support
arm: stm32mp: add defconfig for trusted boot with FIP
doc: st: stm32mp1: Add FIP support for trusted boot
stm32mp1: stm32prog: remove stm32prog_get_tee_partitions with FIP
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 9 +-
arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9 +-
arch/arm/mach-stm32mp/Kconfig | 7 +
.../cmd_stm32prog/cmd_stm32prog.c | 2 +
.../mach-stm32mp/cmd_stm32prog/stm32prog.c | 4 +
.../mach-stm32mp/cmd_stm32prog/stm32prog.h | 2 +
arch/arm/mach-stm32mp/config.mk | 2 +-
arch/arm/mach-stm32mp/fdt.c | 11 +-
.../arm/mach-stm32mp/include/mach/stm32prog.h | 2 +
board/st/common/Kconfig | 21 +-
board/st/common/stm32mp_mtdparts.c | 31 +-
board/st/stm32mp1/MAINTAINERS | 1 +
board/st/stm32mp1/stm32mp1.c | 10 +-
configs/stm32mp15_defconfig | 158 +++++++++
configs/stm32mp15_trusted_defconfig | 1 +
doc/board/st/stm32mp1.rst | 328 +++++++++++++-----
16 files changed, 481 insertions(+), 117 deletions(-)
create mode 100644 configs/stm32mp15_defconfig
--
2.25.1
More information about the U-Boot
mailing list