From 43df0a159df6ef4c627553915634cd3d961d4da8 Mon Sep 17 00:00:00 2001 From: Patrick Delaunay <patrick.delaunay@st.com> Date: Wed, 18 Mar 2020 09:22:49 +0100 Subject: [PATCH] stm32mp1: dynamically detect op-tee presence Activate OP-TEE driver for trusted and optee defconfig. This driver allows detection of TEE presence for boot from flash; CONFIG_STM32MP1_OPTEE is also removed. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com> --- arch/arm/mach-stm32mp/Kconfig | 10 ---------- arch/arm/mach-stm32mp/fdt.c | 4 +++- board/dhelectronics/dh_stm32mp1/board.c | 4 +--- board/st/common/stm32mp_mtdparts.c | 6 ++++-- board/st/stm32mp1/stm32mp1.c | 4 +--- configs/stm32mp15_optee_defconfig | 4 +++- configs/stm32mp15_trusted_defconfig | 3 +++ 7 files changed, 15 insertions(+), 20 deletions(-) diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index ba965e7b3b..314f284dcf 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -86,16 +86,6 @@ config TARGET_DH_STM32MP1_PDK2 endchoice -config STM32MP1_OPTEE - bool "Support trusted boot with TF-A and OP-TEE" - depends on TFABOOT - default n - help - Say Y here to enable boot with TF-A and OP-TEE - Trusted boot chain is : - BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32 - OP-TEE monitor provides ST SMC to access to secure resources - config SYS_TEXT_BASE default 0xC0100000 diff --git a/arch/arm/mach-stm32mp/fdt.c b/arch/arm/mach-stm32mp/fdt.c index ae82270e42..21b5f09728 100644 --- a/arch/arm/mach-stm32mp/fdt.c +++ b/arch/arm/mach-stm32mp/fdt.c @@ -5,6 +5,7 @@ #include <common.h> #include <fdt_support.h> +#include <tee.h> #include <asm/arch/sys_proto.h> #include <dt-bindings/pinctrl/stm32-pinfunc.h> #include <linux/io.h> @@ -322,7 +323,8 @@ int ft_system_setup(void *blob, bd_t *bd) "st,package", pkg, false); } - if (!CONFIG_IS_ENABLED(STM32MP1_OPTEE)) + if (!CONFIG_IS_ENABLED(OPTEE) || + !tee_find_device(NULL, NULL, NULL, NULL)) stm32_fdt_disable_optee(blob); return ret; diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c index 873fa86e53..ec1edd5c68 100644 --- a/board/dhelectronics/dh_stm32mp1/board.c +++ b/board/dhelectronics/dh_stm32mp1/board.c @@ -116,9 +116,7 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) - mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_TFABOOT)) + if (IS_ENABLED(CONFIG_TFABOOT)) mode = "trusted"; else mode = "basic"; diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c index d4c0a7db9f..2b6413be16 100644 --- a/board/st/common/stm32mp_mtdparts.c +++ b/board/st/common/stm32mp_mtdparts.c @@ -9,6 +9,7 @@ #include <env_internal.h> #include <mtd.h> #include <mtd_node.h> +#include <tee.h> #define MTDPARTS_LEN 256 #define MTDIDS_LEN 128 @@ -49,7 +50,7 @@ static void board_get_mtdparts(const char *dev, strncat(mtdparts, ",", MTDPARTS_LEN); } - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE) && tee) { + if (tee) { strncat(mtdparts, tee, MTDPARTS_LEN); strncat(mtdparts, ",", MTDPARTS_LEN); } @@ -72,7 +73,8 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) return; } - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE)) + if (CONFIG_IS_ENABLED(OPTEE) && + tee_find_device(NULL, NULL, NULL, NULL)) tee = true; memset(parts, 0, sizeof(parts)); diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 3ccb12d817..496ca56a14 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -87,9 +87,7 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) - mode = "trusted with OP-TEE"; - else if (IS_ENABLED(TFABOOT)) + if (IS_ENABLED(CONFIG_TFABOOT)) mode = "trusted"; else mode = "basic"; diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig index 443e2c40b7..d540664315 100644 --- a/configs/stm32mp15_optee_defconfig +++ b/configs/stm32mp15_optee_defconfig @@ -5,7 +5,6 @@ CONFIG_SYS_MALLOC_F_LEN=0x3000 CONFIG_ENV_OFFSET=0x280000 CONFIG_ENV_SECT_SIZE=0x40000 CONFIG_TARGET_ST_STM32MP15x=y -CONFIG_STM32MP1_OPTEE=y CONFIG_ENV_OFFSET_REDUND=0x2C0000 CONFIG_DISTRO_DEFAULTS=y CONFIG_FIT=y @@ -114,6 +113,9 @@ CONFIG_SPI=y CONFIG_DM_SPI=y CONFIG_STM32_QSPI=y CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set CONFIG_USB=y CONFIG_DM_USB=y CONFIG_DM_USB_GADGET=y diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig index 33f6926fa9..637b1f0d70 100644 --- a/configs/stm32mp15_trusted_defconfig +++ b/configs/stm32mp15_trusted_defconfig @@ -110,6 +110,9 @@ CONFIG_SPI=y CONFIG_DM_SPI=y CONFIG_STM32_QSPI=y CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set CONFIG_USB=y CONFIG_DM_USB=y CONFIG_DM_USB_GADGET=y -- 2.39.5