Hi Patrick,
On Thu, 8 Jul 2021 at 03:17, Patrick Delaunay patrick.delaunay@foss.st.com wrote:
In next TF-A version the stm32mp1 platform will support the Firmware Image Package (FIP) [1], a container filled with:
- the U-Boot binary = u-boot-nodtb.bin
- the U-Boot device tree = u-boot.dtb
- the Secure OS (OP-TEE) or the secure monitor (SP_MIN)
That sounds like a job for FIT?
Upstream is in progress on TF-A side.
Each part of the FIP is loaded by TF-A BL2 and U-Boot is executed with its device tree address as parameter (nt_fw_dtb = r2 introduced by commit 4ac345220afa ("board: stm32mp1: use FDT address provided by TF-A at boot time")
This FIP container simplifies the OP-TEE management (same number of partition with or without OP-TEE, OP-TEE dynamically updates the U-Boot device tree to add the required OP-TEE nodes) and allow support of generic TF-A features as PKI [2].
This serie allows to generate U-Boot configured for the TF-A BL2 image types:
- STM32IMAGE: stm32mp15_trusted_defconfig (current behavior)
- FIP: stm32mp15_defconfig (NEW)
The FIP will be the STMicroelectronics recommended image type for STM32MP15x and the STM32IMAGE support should be marked deprecated in a future TF-A release or even removed.
To prepare this migration, the serie move all the specific code or device tree nodes for TF-A load of STM32IMAGE under compilation flag CONFIG_STM32MP15x_STM32IMAGE.
[1] 4.11. Firmware Image Package (FIP) fiphttps://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.ht...
[2] Authentication Framework & Chain of Trust https://trustedfirmware-a.readthedocs.io/en/latest/design/auth-framework.htm...
Regards, Simon