[PATCH v3 00/13] stm32mp1: Support falcon mode with OP-TEE payloads
Alexandru Gagniuc
mr.nuke.me at gmail.com
Fri Oct 8 21:56:42 CEST 2021
The goal of this project is to to get to linux userspace within a
second from power on, and be secure! This is my last full-time day on
this project, so I don't expect to do a v4.
I chose to use SPL with a FIT payload. We have to add certain logic to
SPL, as well as some FDT modifications that would be normally done in
u-boot. The boot flow is
SPL -> OP-TEE -> Linux
Patrick suggested more changes, but I decided against the following:
I) Use SPL_OPTEE_IMAGE in mach-stm32mp Kconfig selection
I explained in more detail in another email why this is a bad idea.
II) Don't use USER2 button for falcon mode.
This already exists as "fastboot-gpios", but I wasn't supposed to use
it. So I aliased it as "falcon-gpios", but I'm again not supposed to
use it because it aliases an existing GPIO. This makes absolutely no
sense to me. I need a GPIO for this. This is America! I paid for the
button, I intend to use the button! [*]
III) Use env_get_yesno("boot_os") to select falcon mode
I like this idea, but I feel it is part of the OS/SPL communication
mechanism, which is beyond the scope of this series.
IV) Use if (serial_getc() == 'c') in spl_start_uboot()
I don't like the idea of doing serial input in SPL.
V) Move SYS_MMCSD_RAW_MODE_ARGS_* to Kconfig
The boot flow herein does not use the ARGS partition. It would
destroy the security model to allow an external unsigned devicetree.
I don't want to encourage others to use it, and I don't want to waste
time with it. I hope the args partition just fizzles away into
nothingness.
VI) What the heck is "spl export"
"spl export" is the u-boot (not SPL) command used to patch the
devicetree and save it to the args partition mentioned above. This
series avoids "spl export" because:
it's a poor security choice (explained above).
VII) Wait what? How does the devicetree work? Huh?
A complete kernel devicetree is obtained using two methods:
a) FDT patching done by SPL to the FIT devicetree
b) devicetree overlays from the FIT
Both (a) and (b) can be signed. In my specific use case, the bootargs
are applied as a devicetree overlay. It's super effective.
[*] This is meant to be humorous
Changes since v2:
- Drop armv7_boot_nonsec() hack
- Introduce CONFIG_SPL_FALCON_BOOT_MMCSD
- Remove superfluous spl_start_uboot() symbol
Changes since v1:
- Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig instead of stm32mp1.h
- Create a new defconfig for STM32MP in falcon mode
- Rework board_fit_config_name_match() per Patrick's suggestions
- Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios"
- Only update shadow registers in SPL for BSEC .probe()
Alexandru Gagniuc (13):
spl: Untagle spl_start_uboot() from spl_mmc.c
spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
stm32mp1: Add support for baudrates higher than 115200
stm32mp1: Add support for falcon mode boot from SD card
board: stm32mp1: Implement board_fit_config_name_match() for SPL
fdt_support: Implement fdt_ethernet_set_macaddr()
arm: stm32mp: bsec: Update OTP shadow registers in SPL
arm: stm32mp: Factor out reading MAC address from OTP
stm32mp1: spl: Configure MAC address when booting OP-TEE
lib: Makefile: Make optee library available in SPL
ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb
stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads
ARM: dts: stm32mp: dts: Don't remove OPTEE nodes for DK2 boards
README | 4 -
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 6 +-
arch/arm/mach-stm32mp/bsec.c | 4 +-
arch/arm/mach-stm32mp/cpu.c | 59 ++++--
.../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +
arch/arm/mach-stm32mp/spl.c | 3 +
board/st/stm32mp1/spl.c | 43 ++++
common/fdt_support.c | 30 +++
common/spl/Kconfig | 16 ++
common/spl/spl.c | 10 +-
common/spl/spl_mmc.c | 6 +-
configs/am335x_boneblack_vboot_defconfig | 2 +
configs/am335x_evm_defconfig | 2 +
configs/am335x_igep003x_defconfig | 2 +
configs/am335x_shc_defconfig | 2 +
configs/am335x_shc_ict_defconfig | 2 +
configs/am335x_shc_netboot_defconfig | 2 +
configs/am335x_shc_sdboot_defconfig | 2 +
configs/am335x_sl50_defconfig | 2 +
configs/am3517_evm_defconfig | 2 +
configs/am43xx_evm_defconfig | 2 +
configs/am43xx_evm_rtconly_defconfig | 2 +
configs/am43xx_evm_usbhost_boot_defconfig | 2 +
configs/am57xx_evm_defconfig | 2 +
configs/devkit8000_defconfig | 2 +
configs/display5_defconfig | 2 +
configs/display5_factory_defconfig | 2 +
configs/dra7xx_evm_defconfig | 2 +
configs/gwventana_emmc_defconfig | 2 +
configs/gwventana_gw5904_defconfig | 2 +
configs/gwventana_nand_defconfig | 2 +
configs/igep00x0_defconfig | 2 +
configs/imx6dl_mamoj_defconfig | 2 +
configs/imx6q_logic_defconfig | 2 +
configs/omap35_logic_defconfig | 2 +
configs/omap35_logic_somlv_defconfig | 2 +
configs/omap3_logic_defconfig | 2 +
configs/omap3_logic_somlv_defconfig | 2 +
configs/omap4_panda_defconfig | 2 +
configs/omap5_uevm_defconfig | 2 +
configs/stm32mp15_falcon_defconfig | 183 ++++++++++++++++++
include/configs/brppt1.h | 1 -
include/configs/devkit8000.h | 2 -
include/configs/display5.h | 1 -
include/configs/embestmx6boards.h | 1 -
include/configs/gw_ventana.h | 1 -
include/configs/imx6-engicam.h | 1 -
include/configs/imx6_logic.h | 1 -
include/configs/imx6dl-mamoj.h | 1 -
include/configs/ls1043ardb.h | 1 -
include/configs/mccmon6.h | 1 -
include/configs/mx6sabreauto.h | 1 -
include/configs/mx6sabresd.h | 1 -
include/configs/pico-imx6.h | 1 -
include/configs/pico-imx6ul.h | 1 -
include/configs/pico-imx7d.h | 1 -
include/configs/sama5d3_xplained.h | 1 -
include/configs/stm32mp1.h | 4 +
include/configs/tam3517-common.h | 1 -
include/configs/ti_armv7_common.h | 1 -
include/configs/vyasa-rk3288.h | 1 -
include/configs/xea.h | 1 -
include/configs/xilinx_zynqmp.h | 1 -
include/configs/zynq-common.h | 1 -
include/fdt_support.h | 17 ++
lib/Makefile | 2 +-
scripts/config_whitelist.txt | 1 -
67 files changed, 415 insertions(+), 57 deletions(-)
create mode 100644 configs/stm32mp15_falcon_defconfig
--
2.31.1
More information about the U-Boot
mailing list