diff options
| author | Patrick Delaunay <patrick.delaunay@st.com> | 2019-07-02 13:26:06 +0200 |
|---|---|---|
| committer | Patrick Delaunay <patrick.delaunay@st.com> | 2019-07-12 11:50:52 +0200 |
| commit | 152c84bce9bee4ef839074347ca00df3f47afd00 (patch) | |
| tree | 24991d57c08f203ed9c069b277d6b9480e572717 /board/st | |
| parent | c840c29472f1bb4fcf3e178cccd0dc213773782d (diff) | |
stm32mp1: add configuration op-tee
Add support of Trusted boot chain with OP-TEE
- reserved 32MB at the end of the DDR for OP-TEE
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Diffstat (limited to 'board/st')
| -rw-r--r-- | board/st/stm32mp1/MAINTAINERS | 1 | ||||
| -rw-r--r-- | board/st/stm32mp1/README | 31 | ||||
| -rw-r--r-- | board/st/stm32mp1/stm32mp1.c | 4 |
3 files changed, 27 insertions, 9 deletions
diff --git a/board/st/stm32mp1/MAINTAINERS b/board/st/stm32mp1/MAINTAINERS index 0a2eddbe03..3bf4c21b60 100644 --- a/board/st/stm32mp1/MAINTAINERS +++ b/board/st/stm32mp1/MAINTAINERS @@ -5,5 +5,6 @@ S: Maintained F: arch/arm/dts/stm32mp157* F: board/st/stm32mp1 F: configs/stm32mp15_basic_defconfig +F: configs/stm32mp15_optee_defconfig F: configs/stm32mp15_trusted_defconfig F: include/configs/stm32mp1.h diff --git a/board/st/stm32mp1/README b/board/st/stm32mp1/README index dc36a21bda..428357cfa0 100644 --- a/board/st/stm32mp1/README +++ b/board/st/stm32mp1/README @@ -51,7 +51,7 @@ BootRom => FSBL in SYSRAM => SSBL in DDR => OS (Linux Kernel) with FSBL = First Stage Bootloader SSBL = Second Stage Bootloader -2 boot configurations are supported: +3 boot configurations are supported: 1) The "Trusted" boot chain (defconfig_file : stm32mp15_trusted_defconfig) BootRom => FSBL = Trusted Firmware-A (TF-A) => SSBL = U-Boot @@ -60,7 +60,15 @@ with FSBL = First Stage Bootloader U-Boot is running in normal world and uses TF-A monitor to access to secure resources. -2) The "Basic" boot chain (defconfig_file : stm32mp15_basic_defconfig) +2) The "Trusted" boot chain with OP-TEE + (defconfig_file : stm32mp15_optee_defconfig) + BootRom => FSBL = Trusted Firmware-A (TF-A) => SSBL = U-Boot + TF-A performs a full initialization of Secure peripherals and installs OP-TEE + from specific partitions (teeh, teed, teex). + U-Boot is running in normal world and uses OP-TEE monitor to access + to secure resources. + +3) The "Basic" boot chain (defconfig_file : stm32mp15_basic_defconfig) BootRom => FSBL = U-Boot SPL => SSBL = U-Boot SPL has limited security initialisation U-Boot is running in secure mode and provide a secure monitor to the kernel @@ -113,6 +121,7 @@ the supported device trees for stm32mp157 are: for example: use one output directory for each configuration # export KBUILD_OUTPUT=stm32mp15_trusted + # export KBUILD_OUTPUT=stm32mp15_optee # export KBUILD_OUTPUT=stm32mp15_basic you can build outside of code directory: @@ -123,6 +132,7 @@ the supported device trees for stm32mp157 are: # make <defconfig_file> - For trusted boot mode : "stm32mp15_trusted_defconfig" + - For trusted with OP-TEE boot mode : "stm32mp15_optee_defconfig" - For basic boot mode: "stm32mp15_basic_defconfig" 5. Configure the device-tree and build the U-Boot image: @@ -136,22 +146,27 @@ the supported device trees for stm32mp157 are: # make stm32mp15_trusted_defconfig # make DEVICE_TREE=stm32mp157c-ev1 all - b) basic boot on ev1 + b) trusted with OP-TEE boot on dk2 + # export KBUILD_OUTPUT=stm32mp15_optee + # make stm32mp15_optee_defconfig + # make DEVICE_TREE=stm32mp157c-dk2 all + + c) basic boot on ev1 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig # make DEVICE_TREE=stm32mp157c-ev1 all - c) basic boot on ed1 + d) basic boot on ed1 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig # make DEVICE_TREE=stm32mp157c-ed1 all - d) basic boot on dk2 + e) basic boot on dk1 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig - # make DEVICE_TREE=stm32mp157c-dk2 all + # make DEVICE_TREE=stm32mp157a-dk1 all - d) basic boot on avenger96 + f) basic boot on avenger96 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig # make DEVICE_TREE=stm32mp157a-avenger96 all @@ -164,7 +179,7 @@ the supported device trees for stm32mp157 are: So in the output directory (selected by KBUILD_OUTPUT), you can found the needed files: - a) For Trusted boot + a) For Trusted boot (with or without OP-TEE) + FSBL = tf-a.stm32 (provided by TF-A compilation) + SSBL = u-boot.stm32 diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index e4d1723220..40adf3a992 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -76,7 +76,9 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) + mode = "trusted with OP-TEE"; + else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) mode = "trusted"; else mode = "basic"; |