Change config not directly linked to CONFIG_DISTRO_DEFAULTS. Allow to deactivate CONFIG_SYS_MTDPARTS_RUNTIME when CONFIG_MTDPARTS_DEFAULT is defined in defconfig.

Signed-off-by: Patrick Delaunay patrick.delaunay@st.com ---

include/configs/stm32mp1.h | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h index 1d385e0..6626be7 100644 --- a/include/configs/stm32mp1.h +++ b/include/configs/stm32mp1.h @@ -77,6 +77,10 @@ /*MMC SD*/ #define CONFIG_SYS_MMC_MAX_DEVICE 3

+/* NAND support */ +#define CONFIG_SYS_NAND_ONFI_DETECTION +#define CONFIG_SYS_MAX_NAND_DEVICE 1 + /* Ethernet need */ #ifdef CONFIG_DWC_ETH_QOS #define CONFIG_SYS_NONCACHED_MEMORY (1 * SZ_1M) /* 1M */ @@ -85,15 +89,15 @@ #define CONFIG_SYS_AUTOLOAD "no" #endif

+/* Dynamic MTD partition support */ +#define CONFIG_SYS_MTDPARTS_RUNTIME + /*****************************************************************************/ #ifdef CONFIG_DISTRO_DEFAULTS /*****************************************************************************/

#if !defined(CONFIG_SPL_BUILD)

-/* NAND support */ -#define CONFIG_SYS_NAND_ONFI_DETECTION -#define CONFIG_SYS_MAX_NAND_DEVICE 1 #define BOOT_TARGET_DEVICES(func) \ func(MMC, mmc, 1) \ func(MMC, mmc, 0) \ @@ -121,14 +125,15 @@

#include <config_distro_bootcmd.h>

-#if defined(CONFIG_STM32_QSPI) || defined(CONFIG_NAND_STM32_FMC) -#define CONFIG_SYS_MTDPARTS_RUNTIME -#endif - #define STM32MP_MTDPARTS \ "mtdparts_nor0=256k(fsbl1),256k(fsbl2),2m(ssbl),256k(u-boot-env),-(nor_user)\0" \ "mtdparts_nand0=2m(fsbl),2m(ssbl1),2m(ssbl2),-(UBI)\0"

+#ifndef CONFIG_SYS_MTDPARTS_RUNTIME +#undef STM32MP_MTDPARTS +#define STM32MP_MTDPARTS +#endif + /* * memory layout for 32M uncompressed/compressed kernel, * 1M fdt, 1M script, 1M pxe and 1M for splashimage

Add support of Trusted boot chain with OP-TEE - reserved 32MB at the end of the DDR for OP-TEE

Signed-off-by: Patrick Delaunay patrick.delaunay@st.com ---

arch/arm/mach-stm32mp/Kconfig | 12 ++++- board/st/stm32mp1/MAINTAINERS | 1 + board/st/stm32mp1/README | 29 ++++++++--- board/st/stm32mp1/stm32mp1.c | 4 +- configs/stm32mp15_optee_defconfig | 103 ++++++++++++++++++++++++++++++++++++++ include/configs/stm32mp1.h | 13 +++++ 6 files changed, 153 insertions(+), 9 deletions(-) create mode 100644 configs/stm32mp15_optee_defconfig

diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index d9ad6b4..a00c8ab 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -62,7 +62,17 @@ config STM32MP1_TRUSTED Say Y here to enable boot with TF-A Trusted boot chain is : BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 - TF-A monitor provides proprietary smc to manage secure devices + TF-A monitor provides proprietary SMC to manage secure devices + +config STM32MP1_OPTEE + bool "Support trusted boot with TF-A and OP-TEE" + depends on STM32MP1_TRUSTED + default n + help + Say Y here to enable boot with TF-A and OP-TEE + Trusted boot chain is : + BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32 + OP-TEE monitor provides ST SMC to access to secure resources

config SYS_TEXT_BASE prompt "U-Boot base address" diff --git a/board/st/stm32mp1/MAINTAINERS b/board/st/stm32mp1/MAINTAINERS index 0a2eddb..3bf4c21 100644 --- a/board/st/stm32mp1/MAINTAINERS +++ b/board/st/stm32mp1/MAINTAINERS @@ -5,5 +5,6 @@ S: Maintained F: arch/arm/dts/stm32mp157* F: board/st/stm32mp1 F: configs/stm32mp15_basic_defconfig +F: configs/stm32mp15_optee_defconfig F: configs/stm32mp15_trusted_defconfig F: include/configs/stm32mp1.h diff --git a/board/st/stm32mp1/README b/board/st/stm32mp1/README index b0c8325..583d92e 100644 --- a/board/st/stm32mp1/README +++ b/board/st/stm32mp1/README @@ -47,7 +47,7 @@ BootRom => FSBL in SYSRAM => SSBL in DDR => OS (Linux Kernel) with FSBL = First Stage Bootloader SSBL = Second Stage Bootloader

-2 boot configurations are supported: +3 boot configurations are supported:

1) The "Trusted" boot chain (defconfig_file : stm32mp15_trusted_defconfig) BootRom => FSBL = Trusted Firmware-A (TF-A) => SSBL = U-Boot @@ -56,7 +56,15 @@ with FSBL = First Stage Bootloader U-Boot is running in normal world and uses TF-A monitor to access to secure resources

-2) The "Basic" boot chain (defconfig_file : stm32mp15_basic_defconfig) +2) The "Trusted" boot chain with OP-TEE + (defconfig_file : stm32mp15_optee_defconfig) + BootRom => FSBL = Trusted Firmware-A (TF-A) => SSBL = U-Boot + TF-A performs a full initialization of Secure peripherals and installs OP-TEE + from specific partitions (teeh, teed, teex). + U-Boot is running in normal world and uses OP-TEE monitor to access + to secure resources. + +3) The "Basic" boot chain (defconfig_file : stm32mp15_basic_defconfig) BootRom => FSBL = U-Boot SPL => SSBL = U-Boot SPL has limited security initialisation U-Boot is running in secure mode and provide a secure monitor to the kernel @@ -109,6 +117,7 @@ the supported device trees for stm32mp157 are:

for example: use one output directory for each configuration # export KBUILD_OUTPUT=stm32mp15_trusted + # export KBUILD_OUTPUT=stm32mp15_optee # export KBUILD_OUTPUT=stm32mp15_basic

4. Configure U-Boot: @@ -116,6 +125,7 @@ the supported device trees for stm32mp157 are: # make <defconfig_file>

- For trusted boot mode : "stm32mp15_trusted_defconfig" + - For trusted with OP-TEE boot mode : "stm32mp15_optee_defconfig" - For basic boot mode: "stm32mp15_basic_defconfig"

5. Configure the device-tree and build the U-Boot image: @@ -129,20 +139,25 @@ the supported device trees for stm32mp157 are: # make stm32mp15_trusted_defconfig # make DEVICE_TREE=stm32mp157c-ev1 all

- b) basic boot on ev1 + b) trusted with OP-TEE boot on dk2 + # export KBUILD_OUTPUT=stm32mp15_optee + # make stm32mp15_optee_defconfig + # make DEVICE_TREE=stm32mp157c-dk2 all + + c) basic boot on ev1 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig # make DEVICE_TREE=stm32mp157c-ev1 all

- c) basic boot on ed1 + d) basic boot on ed1 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig # make DEVICE_TREE=stm32mp157c-ed1 all

- d) basic boot on dk2 + e) basic boot on dk1 # export KBUILD_OUTPUT=stm32mp15_basic # make stm32mp15_basic_defconfig - # make DEVICE_TREE=stm32mp157c-dk2 all + # make DEVICE_TREE=stm32mp157a-dk1 all

d) basic boot on avenger96 # export KBUILD_OUTPUT=stm32mp15_basic @@ -157,7 +172,7 @@ the supported device trees for stm32mp157 are: So in the output directory (selected by KBUILD_OUTPUT), you can found the needed files:

- a) For Trusted boot + a) For Trusted boot (with or without OP-TEE) + FSBL = tf-a.stm32 (provided by TF-A compilation) + SSBL = u-boot.stm32

diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 7769293..d62d180 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -76,7 +76,9 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len;

- if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) + mode = "trusted with OP-TEE"; + else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) mode = "trusted"; else mode = "basic"; diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig new file mode 100644 index 0000000..f3e4ea6 --- /dev/null +++ b/configs/stm32mp15_optee_defconfig @@ -0,0 +1,103 @@ +CONFIG_ARM=y +CONFIG_ARCH_STM32MP=y +CONFIG_SYS_MALLOC_F_LEN=0x3000 +CONFIG_TARGET_STM32MP1=y +CONFIG_STM32MP1_OPTEE=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_BOOTCOMMAND="run bootcmd_stm32mp" +CONFIG_SYS_PROMPT="STM32MP> " +# CONFIG_CMD_BOOTD is not set +# CONFIG_CMD_ELF is not set +# CONFIG_CMD_IMI is not set +# CONFIG_CMD_XIMG is not set +# CONFIG_CMD_EXPORTENV is not set +# CONFIG_CMD_IMPORTENV is not set +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_ADC=y +CONFIG_CMD_CLK=y +CONFIG_CMD_DFU=y +CONFIG_CMD_FUSE=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_USB=y +CONFIG_CMD_USB_MASS_STORAGE=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_TIME=y +CONFIG_CMD_TIMER=y +CONFIG_CMD_PMIC=y +CONFIG_CMD_REGULATOR=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_MTDPARTS=y +CONFIG_CMD_UBI=y +CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-ev1" +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_EXT4=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_ENV_IS_IN_UBI=y +CONFIG_ENV_EXT4_INTERFACE="mmc" +CONFIG_ENV_EXT4_DEVICE_AND_PART="0:auto" +CONFIG_ENV_EXT4_FILE="/uboot.env" +CONFIG_ENV_UBI_PART="UBI" +CONFIG_ENV_UBI_VOLUME="uboot_config" +CONFIG_STM32_ADC=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0xC0000000 +CONFIG_FASTBOOT_BUF_SIZE=0x02000000 +CONFIG_FASTBOOT_USB_DEV=1 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=1 +CONFIG_DM_HWSPINLOCK=y +CONFIG_HWSPINLOCK_STM32=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_STM32F7=y +CONFIG_LED=y +CONFIG_LED_GPIO=y +CONFIG_DM_MMC=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_STM32_SDMMC2=y +CONFIG_MTD=y +CONFIG_NAND=y +CONFIG_NAND_STM32_FMC2=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_BAR=y +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_WINBOND=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_SPI_FLASH_MTD=y +CONFIG_DM_ETH=y +CONFIG_DWC_ETH_QOS=y +CONFIG_PHY=y +CONFIG_PHY_STM32_USBPHYC=y +CONFIG_PINCONF=y +CONFIG_PINCTRL_STMFX=y +CONFIG_DM_PMIC=y +CONFIG_PMIC_STPMIC1=y +CONFIG_DM_REGULATOR_FIXED=y +CONFIG_DM_REGULATOR_GPIO=y +CONFIG_DM_REGULATOR_STM32_VREFBUF=y +CONFIG_DM_REGULATOR_STPMIC1=y +CONFIG_SERIAL_RX_BUFFER=y +CONFIG_STM32_SERIAL=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_STM32_QSPI=y +CONFIG_STM32_SPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_GENERIC=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="STMicroelectronics" +CONFIG_USB_GADGET_VENDOR_NUM=0x0483 +CONFIG_USB_GADGET_PRODUCT_NUM=0x5720 +CONFIG_USB_GADGET_DWC2_OTG=y diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h index 6626be7..d4805c2 100644 --- a/include/configs/stm32mp1.h +++ b/include/configs/stm32mp1.h @@ -28,6 +28,10 @@ #define CONFIG_SYS_SDRAM_BASE STM32_DDR_BASE #define CONFIG_SYS_INIT_SP_ADDR CONFIG_SYS_TEXT_BASE

+#ifdef CONFIG_STM32MP1_OPTEE +#define CONFIG_SYS_MEM_TOP_HIDE SZ_32M +#endif /* CONFIG_STM32MP1_OPTEE */ + /* * Console I/O buffer size */ @@ -125,10 +129,19 @@

#include <config_distro_bootcmd.h>

+#ifdef CONFIG_STM32MP1_OPTEE +/* with OPTEE: define specific MTD partitions = teeh, teed, teex */ +#define STM32MP_MTDPARTS \ + "mtdparts_nor0=256k(fsbl1),256k(fsbl2),2m(ssbl),256k(u-boot-env),256k(teeh),256k(teed),256k(teex),-(nor_user)\0" \ + "mtdparts_nand0=2m(fsbl),2m(ssbl1),2m(ssbl2),512k(teeh),512k(teed),512k(teex),-(UBI)\0" + +#else /* CONFIG_STM32MP1_OPTEE */ #define STM32MP_MTDPARTS \ "mtdparts_nor0=256k(fsbl1),256k(fsbl2),2m(ssbl),256k(u-boot-env),-(nor_user)\0" \ "mtdparts_nand0=2m(fsbl),2m(ssbl1),2m(ssbl2),-(UBI)\0"

+#endif /* CONFIG_STM32MP1_OPTEE */ + #ifndef CONFIG_SYS_MTDPARTS_RUNTIME #undef STM32MP_MTDPARTS #define STM32MP_MTDPARTS

Update kernel MTD partition in device tree with U-Boot information.

Signed-off-by: Patrick Delaunay patrick.delaunay@st.com ---

arch/arm/mach-stm32mp/Kconfig | 1 + board/st/stm32mp1/stm32mp1.c | 18 ++++++++++++++++++ configs/stm32mp15_basic_defconfig | 1 + configs/stm32mp15_optee_defconfig | 1 + configs/stm32mp15_trusted_defconfig | 1 + 5 files changed, 22 insertions(+)

diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index a00c8ab..50594c6 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -38,6 +38,7 @@ config TARGET_STM32MP1 select CPU_V7A select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED select CPU_V7_HAS_VIRT + select OF_BOARD_SETUP select PINCTRL_STM32 select STM32_RCC select STM32_RESET diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index d62d180..475af25 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -13,6 +13,8 @@ #include <i2c.h> #include <led.h> #include <misc.h> +#include <mtd.h> +#include <mtd_node.h> #include <phy.h> #include <reset.h> #include <syscon.h> @@ -21,6 +23,7 @@ #include <asm/gpio.h> #include <asm/arch/stm32.h> #include <asm/arch/sys_proto.h> +#include <jffs2/load_kernel.h> #include <power/regulator.h> #include <usb/dwc2_udc.h>

@@ -747,3 +750,18 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) debug("%s:mtdids=%s & mtdparts=%s\n", __func__, ids, parts); } #endif + +#if defined(CONFIG_OF_BOARD_SETUP) +int ft_board_setup(void *blob, bd_t *bd) +{ +#ifdef CONFIG_FDT_FIXUP_PARTITIONS + struct node_info nodes[] = { + { "st,stm32f469-qspi", MTD_DEV_TYPE_NOR, }, + { "st,stm32mp15-fmc2", MTD_DEV_TYPE_NAND, }, + }; + fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes)); +#endif + + return 0; +} +#endif diff --git a/configs/stm32mp15_basic_defconfig b/configs/stm32mp15_basic_defconfig index 4aa184f..f2fb254 100644 --- a/configs/stm32mp15_basic_defconfig +++ b/configs/stm32mp15_basic_defconfig @@ -112,3 +112,4 @@ CONFIG_USB_GADGET_PRODUCT_NUM=0x5720 CONFIG_USB_GADGET_DWC2_OTG=y CONFIG_WDT=y CONFIG_WDT_STM32MP=y +CONFIG_FDT_FIXUP_PARTITIONS=y diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig index f3e4ea6..f63c122 100644 --- a/configs/stm32mp15_optee_defconfig +++ b/configs/stm32mp15_optee_defconfig @@ -101,3 +101,4 @@ CONFIG_USB_GADGET_MANUFACTURER="STMicroelectronics" CONFIG_USB_GADGET_VENDOR_NUM=0x0483 CONFIG_USB_GADGET_PRODUCT_NUM=0x5720 CONFIG_USB_GADGET_DWC2_OTG=y +CONFIG_FDT_FIXUP_PARTITIONS=y diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig index 5fe9477..94c610b 100644 --- a/configs/stm32mp15_trusted_defconfig +++ b/configs/stm32mp15_trusted_defconfig @@ -102,3 +102,4 @@ CONFIG_USB_GADGET_PRODUCT_NUM=0x5720 CONFIG_USB_GADGET_DWC2_OTG=y CONFIG_WDT=y CONFIG_WDT_STM32MP=y +CONFIG_FDT_FIXUP_PARTITIONS=y