[PATCH v2 00/11] stm32mp1: Support falcon mode with OP-TEE payloads

Patrick DELAUNAY patrick.delaunay at foss.st.com
Mon Oct 4 17:04:54 CEST 2021 

Hi Alexandru

On 9/8/21 1:59 AM, Alexandru Gagniuc wrote:
> My goal when I started on this project a year ago was to get to linux
> userspace within a second from power on. Oh, and it had to be secure!
> Contrast that to the two minutes it took the STLinux demo to come up.
>
> It was obvious that the accepted way of running an FSBL, then SSBL was
> going to blow the time budget. There really wasn't a good solution,
> and traditional falcon mode with "spl export" command was not secure.
>
> I chose to use SPL with a FIT payload. We have to add certain logic to
> SPL, as well as some FDT modifications that would be normally done in
> u-boot. The boot flow is
>
> 	SPL -> OP-TEE -> Linux
>
>
> One of the major complaints of v1 was that we shouldn't be patching
> the devicetree with optee nodes in SPL. Instead, we should let OP-TEE
> add the required nodes. I tried it, found a huge boot time penalty,
> and decided against it.
>
> Another issue from v1 that I was unable to address is the MAC address.
> It was suggested to use the "nvmem-cells" FDT property to tell linux
> where in the OTP to read the MAC. Because of the way the linux BSEC
> driver is written, this would only work with TF-A, but fails with SPL.
>
> There is also the issue of how to make the optee/ library available to
> SPL. Patrick has a couple of patches up regarding the issue, so I have
> not touched it in this series.
>
>
> Changes since v1:
>      - Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig instead of stm32mp1.h
>      - Create a new defconfig for STM32MP in falcon mode
>      - Rework board_fit_config_name_match() per Patrick's suggestions
>      - Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios"
>      - Only update shadow registers in SPL for BSEC .probe()
>
> Alexandru Gagniuc (11):
>    spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig

=> OK

>    stm32mp1: Add support for baudrates higher than 115200
=> OK
>    stm32mp1: Add support for falcon mode boot from SD card


=> some remarks


>    board: stm32mp1:  Implement board_fit_config_name_match() for SPL
=> OK


For the next commit of the serie....


I am not a specialist of falcon mode but I think all the next commit 
should be removed if the falcon mode is correctly managed


see the command "spl export" in doc/README.falcon

arch/arm/cpu/armv8/fsl-layerscape/doc/README.falcon:19:


=> the fixup is done one time and saved in U-Boot proper (first boot ?) 
before to activate the Falcon mode

see also CONFIG_SYS_SPL_ARGS_ADDR usage in ls1043a

and in :

void board_init_r(gd_t *dummy1, ulong dummy2)
{

....

case IH_OS_LINUX:
debug("Jumping to Linux\n");
#ifdefined(CONFIG_SYS_SPL_ARGS_ADDR)
spl_fixup_fdt((void*)CONFIG_SYS_SPL_ARGS_ADDR);
#endif


=>jump_to_image_linux use the address spl_image->arg = 
CONFIG_SYS_SPL_ARGS_ADDR

For me U-boot must saved the device tree get from FIT with the needed 
fixup in
CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR .. 
CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS

=> loaded by SPL in CONFIG_SYS_SPL_ARGS_ADDR in mmc_load_image_raw_os()

       and this FDT is used to start Linux in falscon mode with 
spl_image.arg (at least when OP-TEE is not present)


I am working of suport on all my working branch (WIP)

https://github.com/u-boot/u-boot/compare/master...patrickdelaunay:spl_optee_W2140


>    fdt_support: Implement fdt_ethernet_set_macaddr()
>    arm: stm32mp: bsec: Update OTP shadow registers in SPL
>    arm: stm32mp: Factor out reading MAC address from OTP
>    stm32mp1: spl: Configure MAC address when booting OP-TEE
>    lib: Makefile: Make optee library available in SPL
>    ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb
>    stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads
>
>   README                                        |   4 -
>   arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi      |   3 +
>   arch/arm/mach-stm32mp/bsec.c                  |   4 +-
>   arch/arm/mach-stm32mp/cpu.c                   |  59 ++++--
>   .../arm/mach-stm32mp/include/mach/sys_proto.h |   3 +
>   arch/arm/mach-stm32mp/spl.c                   |   3 +
>   board/st/stm32mp1/spl.c                       |  53 +++++
>   common/fdt_support.c                          |  30 +++
>   common/spl/Kconfig                            |  11 ++
>   configs/am335x_boneblack_vboot_defconfig      |   1 +
>   configs/am335x_evm_defconfig                  |   1 +
>   configs/am335x_igep003x_defconfig             |   1 +
>   configs/am335x_shc_defconfig                  |   1 +
>   configs/am335x_shc_ict_defconfig              |   1 +
>   configs/am335x_shc_netboot_defconfig          |   1 +
>   configs/am335x_shc_sdboot_defconfig           |   1 +
>   configs/am335x_sl50_defconfig                 |   1 +
>   configs/am3517_evm_defconfig                  |   1 +
>   configs/am43xx_evm_defconfig                  |   1 +
>   configs/am43xx_evm_rtconly_defconfig          |   1 +
>   configs/am43xx_evm_usbhost_boot_defconfig     |   1 +
>   configs/am57xx_evm_defconfig                  |   1 +
>   configs/devkit8000_defconfig                  |   1 +
>   configs/display5_defconfig                    |   1 +
>   configs/display5_factory_defconfig            |   1 +
>   configs/dra7xx_evm_defconfig                  |   1 +
>   configs/gwventana_emmc_defconfig              |   1 +
>   configs/gwventana_gw5904_defconfig            |   1 +
>   configs/gwventana_nand_defconfig              |   1 +
>   configs/igep00x0_defconfig                    |   1 +
>   configs/imx6dl_mamoj_defconfig                |   1 +
>   configs/imx6q_logic_defconfig                 |   1 +
>   configs/imx6qdl_icore_mipi_defconfig          |   1 +
>   configs/imx6qdl_icore_mmc_defconfig           |   1 +
>   configs/imx6qdl_icore_rqs_defconfig           |   1 +
>   configs/mccmon6_nor_defconfig                 |   1 +
>   configs/omap35_logic_defconfig                |   1 +
>   configs/omap35_logic_somlv_defconfig          |   1 +
>   configs/omap3_logic_defconfig                 |   1 +
>   configs/omap3_logic_somlv_defconfig           |   1 +
>   configs/omap4_panda_defconfig                 |   1 +
>   configs/omap5_uevm_defconfig                  |   1 +
>   configs/stm32mp15_falcon_defconfig            | 181 ++++++++++++++++++
>   include/configs/brppt1.h                      |   1 -
>   include/configs/devkit8000.h                  |   2 -
>   include/configs/display5.h                    |   1 -
>   include/configs/embestmx6boards.h             |   1 -
>   include/configs/gw_ventana.h                  |   1 -
>   include/configs/imx6-engicam.h                |   1 -
>   include/configs/imx6_logic.h                  |   1 -
>   include/configs/imx6dl-mamoj.h                |   1 -
>   include/configs/ls1043ardb.h                  |   1 -
>   include/configs/mccmon6.h                     |   1 -
>   include/configs/mx6sabreauto.h                |   1 -
>   include/configs/mx6sabresd.h                  |   1 -
>   include/configs/pico-imx6.h                   |   1 -
>   include/configs/pico-imx6ul.h                 |   1 -
>   include/configs/pico-imx7d.h                  |   1 -
>   include/configs/sama5d3_xplained.h            |   1 -
>   include/configs/stm32mp1.h                    |   4 +
>   include/configs/tam3517-common.h              |   1 -
>   include/configs/ti_armv7_common.h             |   1 -
>   include/configs/vyasa-rk3288.h                |   1 -
>   include/configs/xea.h                         |   1 -
>   include/configs/xilinx_zynqmp.h               |   1 -
>   include/configs/zynq-common.h                 |   1 -
>   include/fdt_support.h                         |  17 ++
>   lib/Makefile                                  |   2 +-
>   scripts/config_whitelist.txt                  |   1 -
>   69 files changed, 386 insertions(+), 45 deletions(-)
>   create mode 100644 configs/stm32mp15_falcon_defconfig
>
regards

Patrick

More information about the U-Boot mailing list