From: Patrick Delaunay Date: Mon, 26 Jul 2021 09:21:36 +0000 (+0200) Subject: arm: stm32mp: add defconfig for trusted boot with FIP X-Git-Tag: v2025.01-rc5-pxa1908~1746^2~11 X-Git-Url: http://git.dujemihanovic.xyz/img/%7B%7B%20.RelPermalink%20%7D%7D?a=commitdiff_plain;h=b73e8bf453f809164874cd16dbdba4a8d346f830;p=u-boot.git arm: stm32mp: add defconfig for trusted boot with FIP Add TF-A FIP support for trusted boot on STM32MP15x, when STM32MP15x_STM32IMAGE is not activated. With FIP support the SSBL partition is named "fip" and its size is 4MB, so the ENV partition name in device tree (for SD card or eMMC) or offset in defconfig (CONFIG_ENV_OFFSET / CONFIG_ENV_OFFSET_REDUND) need to be modified. With FIP the TEE MTD partitions are removed because the OP-TEE binray are included in the FIP containers. Signed-off-by: Patrick Delaunay Reviewed-by: Patrice Chotard --- diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi index ace51f9de6..0101962ea5 100644 --- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi +++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi @@ -15,13 +15,17 @@ config { u-boot,boot-led = "heartbeat"; u-boot,error-led = "error"; - u-boot,mmc-env-partition = "ssbl"; + u-boot,mmc-env-partition = "fip"; st,adc_usb_pd = <&adc1 18>, <&adc1 19>; st,fastboot-gpios = <&gpioa 13 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; st,stm32prog-gpios = <&gpioa 14 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; }; #ifdef CONFIG_STM32MP15x_STM32IMAGE + config { + u-boot,mmc-env-partition = "ssbl"; + }; + /* only needed for boot with TF-A, witout FIP support */ firmware { optee { diff --git a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi index b23dae3be4..32777384c6 100644 --- a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi +++ b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi @@ -15,12 +15,16 @@ config { u-boot,boot-led = "heartbeat"; u-boot,error-led = "error"; - u-boot,mmc-env-partition = "ssbl"; + u-boot,mmc-env-partition = "fip"; st,fastboot-gpios = <&gpioa 13 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; st,stm32prog-gpios = <&gpioa 14 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; }; #ifdef CONFIG_STM32MP15x_STM32IMAGE + config { + u-boot,mmc-env-partition = "ssbl"; + }; + /* only needed for boot with TF-A, witout FIP support */ firmware { optee { diff --git a/board/st/common/Kconfig b/board/st/common/Kconfig index ddcf33a122..2f57118bb2 100644 --- a/board/st/common/Kconfig +++ b/board/st/common/Kconfig @@ -8,18 +8,22 @@ config CMD_STBOARD config MTDPARTS_NAND0_BOOT string "mtd boot partitions for nand0" - default "2m(fsbl),2m(ssbl1),2m(ssbl2)" + default "2m(fsbl),2m(ssbl1),2m(ssbl2)" if STM32MP15x_STM32IMAGE || \ + !TFABOOT + default "2m(fsbl),4m(fip1),4m(fip2)" depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the partitions of nand0 used to build mtparts dynamically for boot from nand0. Each partition need to be aligned with the device erase block size, 512KB is the max size for the NAND supported by stm32mp1 platform. + The fsbl partition support multiple copy of the same binary, one by + erase block. config MTDPARTS_NAND0_TEE string "mtd tee partitions for nand0" default "512k(teeh),512k(teed),512k(teex)" - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE help This define the tee partitions added in mtparts dynamically when tee is supported with boot from nand0. @@ -28,7 +32,9 @@ config MTDPARTS_NAND0_TEE config MTDPARTS_NOR0_BOOT string "mtd boot partitions for nor0" - default "256k(fsbl1),256k(fsbl2),2m(ssbl),512k(u-boot-env)" + default "256k(fsbl1),256k(fsbl2),2m(ssbl),512k(u-boot-env)" if STM32MP15x_STM32IMAGE || \ + !TFABOOT + default "256k(fsbl1),256k(fsbl2),4m(fip),512k(u-boot-env)" depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the partitions of nand0 used to build mtparts dynamically @@ -40,24 +46,27 @@ config MTDPARTS_NOR0_BOOT config MTDPARTS_NOR0_TEE string "mtd tee partitions for nor0" default "256k(teeh),512k(teed),256k(teex)" - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE help This define the tee partitions added in mtparts dynamically when tee is supported with boot from nor0. config MTDPARTS_SPINAND0_BOOT string "mtd boot partitions for spi-nand0" - default "2m(fsbl),2m(ssbl1),2m(ssbl2)" + default "2m(fsbl),2m(ssbl1),2m(ssbl2)" if STM32MP15x_STM32IMAGE || !TFABOOT + default "2m(fsbl),4m(fip1),4m(fip2)" depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the partitions of nand0 used to build mtparts dynamically for boot from spi-nand0, 512KB is the max size for the NAND supported by stm32mp1 platform. + The fsbl partition support multiple copy of the same binary, one by + erase block. config MTDPARTS_SPINAND0_TEE string "mtd tee partitions for spi-nand0" default "512k(teeh),512k(teed),512k(teex)" - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE help This define the tee partitions added in mtparts dynamically when tee is supported with boot from spi-nand0, diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c index f074fc189d..8b636d62fa 100644 --- a/board/st/common/stm32mp_mtdparts.c +++ b/board/st/common/stm32mp_mtdparts.c @@ -11,7 +11,9 @@ #include #include #include +#ifdef CONFIG_STM32MP15x_STM32IMAGE #include +#endif #include #include #include @@ -31,7 +33,9 @@ static void board_set_mtdparts(const char *dev, char *mtdids, char *mtdparts, const char *boot, +#ifdef CONFIG_STM32MP15x_STM32IMAGE const char *tee, +#endif const char *user) { /* mtdids: "=, ...." */ @@ -55,10 +59,12 @@ static void board_set_mtdparts(const char *dev, strncat(mtdparts, ",", MTDPARTS_LEN); } +#ifdef CONFIG_STM32MP15x_STM32IMAGE if (tee) { strncat(mtdparts, tee, MTDPARTS_LEN); strncat(mtdparts, ",", MTDPARTS_LEN); } +#endif strncat(mtdparts, user, MTDPARTS_LEN); } @@ -70,7 +76,10 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) static char parts[3 * MTDPARTS_LEN + 1]; static char ids[MTDIDS_LEN + 1]; static bool mtd_initialized; - bool tee, nor, nand, spinand, serial; + bool nor, nand, spinand, serial; +#ifdef CONFIG_STM32MP15x_STM32IMAGE + bool tee = false; +#endif if (mtd_initialized) { *mtdids = ids; @@ -78,7 +87,6 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) return; } - tee = false; nor = false; nand = false; spinand = false; @@ -89,7 +97,9 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) case BOOT_SERIAL_USB: serial = true; if (CONFIG_IS_ENABLED(CMD_STM32PROG)) { +#ifdef CONFIG_STM32MP15x_STM32IMAGE tee = stm32prog_get_tee_partitions(); +#endif nor = stm32prog_get_fsbl_nor(); } nand = true; @@ -108,9 +118,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) break; } +#ifdef CONFIG_STM32MP15x_STM32IMAGE if (!serial && CONFIG_IS_ENABLED(OPTEE) && tee_find_device(NULL, NULL, NULL, NULL)) tee = true; +#endif memset(parts, 0, sizeof(parts)); memset(ids, 0, sizeof(ids)); @@ -125,10 +137,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) if (nand) { mtd = get_mtd_device_nm("nand0"); if (!IS_ERR_OR_NULL(mtd)) { - const char *mtd_tee = CONFIG_MTDPARTS_NAND0_TEE; board_set_mtdparts("nand0", ids, parts, CONFIG_MTDPARTS_NAND0_BOOT, - !nor && tee ? mtd_tee : NULL, +#ifdef CONFIG_STM32MP15x_STM32IMAGE + !nor && tee ? CONFIG_MTDPARTS_NAND0_TEE : NULL, +#endif "-(UBI)"); put_mtd_device(mtd); } @@ -137,10 +150,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) if (spinand) { mtd = get_mtd_device_nm("spi-nand0"); if (!IS_ERR_OR_NULL(mtd)) { - const char *mtd_tee = CONFIG_MTDPARTS_SPINAND0_TEE; board_set_mtdparts("spi-nand0", ids, parts, CONFIG_MTDPARTS_SPINAND0_BOOT, - !nor && tee ? mtd_tee : NULL, +#ifdef CONFIG_STM32MP15x_STM32IMAGE + !nor && tee ? CONFIG_MTDPARTS_SPINAND0_TEE : NULL, +#endif "-(UBI)"); put_mtd_device(mtd); } @@ -148,10 +162,11 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) if (nor) { if (!uclass_get_device(UCLASS_SPI_FLASH, 0, &dev)) { - const char *mtd_tee = CONFIG_MTDPARTS_NOR0_TEE; board_set_mtdparts("nor0", ids, parts, CONFIG_MTDPARTS_NOR0_BOOT, - tee ? mtd_tee : NULL, +#ifdef CONFIG_STM32MP15x_STM32IMAGE + tee ? CONFIG_MTDPARTS_NOR0_TEE : NULL, +#endif "-(nor_user)"); } } diff --git a/board/st/stm32mp1/MAINTAINERS b/board/st/stm32mp1/MAINTAINERS index fe8fc6f484..0e6d80fb45 100644 --- a/board/st/stm32mp1/MAINTAINERS +++ b/board/st/stm32mp1/MAINTAINERS @@ -5,6 +5,7 @@ T: git https://source.denx.de/u-boot/custodians/u-boot-stm.git S: Maintained F: arch/arm/dts/stm32mp15* F: board/st/stm32mp1/ +F: configs/stm32mp15_defconfig F: configs/stm32mp15_basic_defconfig F: configs/stm32mp15_trusted_defconfig F: include/configs/stm32mp1.h diff --git a/configs/stm32mp15_defconfig b/configs/stm32mp15_defconfig new file mode 100644 index 0000000000..b11da7dc9f --- /dev/null +++ b/configs/stm32mp15_defconfig @@ -0,0 +1,158 @@ +CONFIG_ARM=y +CONFIG_ARCH_STM32MP=y +CONFIG_TFABOOT=y +CONFIG_SYS_MALLOC_F_LEN=0x3000 +CONFIG_SYS_MEMTEST_START=0xc0000000 +CONFIG_SYS_MEMTEST_END=0xc4000000 +CONFIG_ENV_OFFSET=0x480000 +CONFIG_ENV_SECT_SIZE=0x40000 +CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-ev1" +CONFIG_TARGET_ST_STM32MP15x=y +CONFIG_CMD_STM32KEY=y +CONFIG_CMD_STM32PROG=y +CONFIG_ENV_OFFSET_REDUND=0x4C0000 +CONFIG_TYPEC_STUSB160X=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_BOOTDELAY=1 +CONFIG_BOOTCOMMAND="run bootcmd_stm32mp" +CONFIG_SYS_PROMPT="STM32MP> " +CONFIG_CMD_ADTIMG=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_NVEDIT_EFI=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_UNZIP=y +CONFIG_CMD_ADC=y +CONFIG_CMD_CLK=y +CONFIG_CMD_DFU=y +CONFIG_CMD_FUSE=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_REMOTEPROC=y +CONFIG_CMD_SPI=y +CONFIG_CMD_USB=y +CONFIG_CMD_USB_MASS_STORAGE=y +CONFIG_CMD_BMP=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EFIDEBUG=y +CONFIG_CMD_TIME=y +CONFIG_CMD_RNG=y +CONFIG_CMD_TIMER=y +CONFIG_CMD_PMIC=y +CONFIG_CMD_REGULATOR=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_MTDPARTS=y +CONFIG_CMD_LOG=y +CONFIG_CMD_UBI=y +CONFIG_OF_LIVE=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_MMC=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_ENV_IS_IN_UBI=y +CONFIG_SYS_REDUNDAND_ENVIRONMENT=y +CONFIG_ENV_UBI_PART="UBI" +CONFIG_ENV_UBI_VOLUME="uboot_config" +CONFIG_ENV_UBI_VOLUME_REDUND="uboot_config_r" +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SYS_MMC_ENV_DEV=-1 +CONFIG_STM32_ADC=y +CONFIG_CLK_SCMI=y +CONFIG_SET_DFU_ALT_INFO=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0xC0000000 +CONFIG_FASTBOOT_BUF_SIZE=0x02000000 +CONFIG_FASTBOOT_USB_DEV=1 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=1 +CONFIG_FASTBOOT_MMC_BOOT_SUPPORT=y +CONFIG_FASTBOOT_MMC_BOOT1_NAME="mmc1boot0" +CONFIG_FASTBOOT_MMC_BOOT2_NAME="mmc1boot1" +CONFIG_FASTBOOT_MMC_USER_SUPPORT=y +CONFIG_FASTBOOT_MMC_USER_NAME="mmc1" +CONFIG_FASTBOOT_CMD_OEM_FORMAT=y +CONFIG_FASTBOOT_CMD_OEM_PARTCONF=y +CONFIG_FASTBOOT_CMD_OEM_BOOTBUS=y +CONFIG_GPIO_HOG=y +CONFIG_DM_HWSPINLOCK=y +CONFIG_HWSPINLOCK_STM32=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_STM32F7=y +CONFIG_LED=y +CONFIG_LED_GPIO=y +CONFIG_DM_MAILBOX=y +CONFIG_STM32_IPCC=y +CONFIG_STM32_FMC2_EBI=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_STM32_SDMMC2=y +CONFIG_MTD=y +CONFIG_DM_MTD=y +CONFIG_SYS_MTDPARTS_RUNTIME=y +CONFIG_MTD_RAW_NAND=y +CONFIG_NAND_STM32_FMC2=y +CONFIG_MTD_SPI_NAND=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_WINBOND=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_SPI_FLASH_MTD=y +CONFIG_PHY_REALTEK=y +CONFIG_DM_ETH=y +CONFIG_DWC_ETH_QOS=y +CONFIG_PHY=y +CONFIG_PHY_STM32_USBPHYC=y +CONFIG_PINCONF=y +CONFIG_PINCTRL_STMFX=y +CONFIG_DM_PMIC=y +CONFIG_PMIC_STPMIC1=y +CONFIG_DM_REGULATOR=y +CONFIG_DM_REGULATOR_FIXED=y +CONFIG_DM_REGULATOR_GPIO=y +CONFIG_DM_REGULATOR_STM32_VREFBUF=y +CONFIG_DM_REGULATOR_STPMIC1=y +CONFIG_REMOTEPROC_STM32_COPRO=y +CONFIG_RESET_SCMI=y +CONFIG_DM_RNG=y +CONFIG_RNG_STM32MP1=y +CONFIG_DM_RTC=y +CONFIG_RTC_STM32=y +CONFIG_SERIAL_RX_BUFFER=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_STM32_QSPI=y +CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_GENERIC=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="STMicroelectronics" +CONFIG_USB_GADGET_VENDOR_NUM=0x0483 +CONFIG_USB_GADGET_PRODUCT_NUM=0x5720 +CONFIG_USB_GADGET_DWC2_OTG=y +CONFIG_DM_VIDEO=y +CONFIG_BACKLIGHT_GPIO=y +CONFIG_VIDEO_LCD_ORISETECH_OTM8009A=y +CONFIG_VIDEO_LCD_RAYDIUM_RM68200=y +CONFIG_VIDEO_STM32=y +CONFIG_VIDEO_STM32_DSI=y +CONFIG_VIDEO_STM32_MAX_XRES=1280 +CONFIG_VIDEO_STM32_MAX_YRES=800 +CONFIG_VIDEO_BMP_RLE8=y +CONFIG_BMP_16BPP=y +CONFIG_BMP_24BPP=y +CONFIG_BMP_32BPP=y +CONFIG_WDT=y +CONFIG_WDT_STM32MP=y +CONFIG_ERRNO_STR=y +CONFIG_FDT_FIXUP_PARTITIONS=y +# CONFIG_LMB_USE_MAX_REGIONS is not set +CONFIG_LMB_MEMORY_REGIONS=2 +CONFIG_LMB_RESERVED_REGIONS=16