From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2170C07E96 for ; Thu, 8 Jul 2021 09:18:00 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1643561958 for ; Thu, 8 Jul 2021 09:18:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1643561958 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=foss.st.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 642B783152; Thu, 8 Jul 2021 11:17:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=foss.st.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foss.st.com header.i=@foss.st.com header.b="XW9+RRu0"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 62D1A8314E; Thu, 8 Jul 2021 11:17:55 +0200 (CEST) Received: from mx07-00178001.pphosted.com (mx07-00178001.pphosted.com [185.132.182.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D785382F9E for ; Thu, 8 Jul 2021 11:17:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=foss.st.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=prvs=182386853b=patrick.delaunay@foss.st.com Received: from pps.filterd (m0046668.ppops.net [127.0.0.1]) by mx07-00178001.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1689DfkZ027985; Thu, 8 Jul 2021 11:17:50 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foss.st.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=selector1; bh=1gfsJTk/zyilYfl+/j/fBANxqLWIQFrmVOcMWZh84v0=; b=XW9+RRu0WHHvO+WPwgZVyRN0gjlEaLHJParsM1oU3OcZJ9QFJvil58VPf9semm4yvlVE 6+x6r0DSzsX2VuhCYfV938pYxgmRrlOD5p682Kh9BR5CzaXF6IfZZJHPkLhpsP5P2FDi /las2/vYX+WNHZLrsZr+lHwK8shtcBt+OKdenxoR3hHjGdQlw460lObp73y7tK0N+DMJ fARhs7sdJsmjP5pZLgRN6eiQfac4Fhg9Zv+/bAqYs1Z2W56AyX3vGGUgWaWidCo623Ea hS8BkITaN00/aAQNXRzs2H7nQQkYsWTn6Iekgt9PYRS+cdwMqS4eLhr/cRNhDVB6U6IR oA== Received: from beta.dmz-eu.st.com (beta.dmz-eu.st.com [164.129.1.35]) by mx07-00178001.pphosted.com with ESMTP id 39nqk0jf68-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 08 Jul 2021 11:17:50 +0200 Received: from euls16034.sgp.st.com (euls16034.sgp.st.com [10.75.44.20]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 6D2C210002A; Thu, 8 Jul 2021 11:17:49 +0200 (CEST) Received: from Webmail-eu.st.com (sfhdag2node3.st.com [10.75.127.6]) by euls16034.sgp.st.com (STMicroelectronics) with ESMTP id 55161218132; Thu, 8 Jul 2021 11:17:49 +0200 (CEST) Received: from localhost (10.75.127.48) by SFHDAG2NODE3.st.com (10.75.127.6) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 8 Jul 2021 11:17:48 +0200 From: Patrick Delaunay To: CC: Yann GAUTIER , Patrick Delaunay , Bin Meng , Patrice Chotard , Simon Glass , Tom Rini , U-Boot STM32 Subject: [PATCH 0/5] stm32mp1: handle TF-A boot with FIP Date: Thu, 8 Jul 2021 11:17:42 +0200 Message-ID: <20210708091747.317500-1-patrick.delaunay@foss.st.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.75.127.48] X-ClientProxiedBy: SFHDAG2NODE1.st.com (10.75.127.4) To SFHDAG2NODE3.st.com (10.75.127.6) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-08_04:2021-07-06, 2021-07-08 signatures=0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean In next TF-A version the stm32mp1 platform will support the Firmware Image Package (FIP) [1], a container filled with: - the U-Boot binary = u-boot-nodtb.bin - the U-Boot device tree = u-boot.dtb - the Secure OS (OP-TEE) or the secure monitor (SP_MIN) Upstream is in progress on TF-A side. Each part of the FIP is loaded by TF-A BL2 and U-Boot is executed with its device tree address as parameter (nt_fw_dtb = r2 introduced by commit 4ac345220afa ("board: stm32mp1: use FDT address provided by TF-A at boot time") This FIP container simplifies the OP-TEE management (same number of partition with or without OP-TEE, OP-TEE dynamically updates the U-Boot device tree to add the required OP-TEE nodes) and allow support of generic TF-A features as PKI [2]. This serie allows to generate U-Boot configured for the TF-A BL2 image types: - STM32IMAGE: stm32mp15_trusted_defconfig (current behavior) - FIP: stm32mp15_defconfig (NEW) The FIP will be the STMicroelectronics recommended image type for STM32MP15x and the STM32IMAGE support should be marked deprecated in a future TF-A release or even removed. To prepare this migration, the serie move all the specific code or device tree nodes for TF-A load of STM32IMAGE under compilation flag CONFIG_STM32MP15x_STM32IMAGE. [1] 4.11. Firmware Image Package (FIP) fiphttps://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html [2] Authentication Framework & Chain of Trust https://trustedfirmware-a.readthedocs.io/en/latest/design/auth-framework.html Patrick Delaunay (5): arm: stm32mp: add config for STM32IMAGE support arm: stm32mp: handle the OP-TEE nodes in DT with FIP support arm: stm32mp: add defconfig for trusted boot with FIP doc: st: stm32mp1: Add FIP support for trusted boot stm32mp1: stm32prog: remove stm32prog_get_tee_partitions with FIP arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 9 +- arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9 +- arch/arm/mach-stm32mp/Kconfig | 7 + .../cmd_stm32prog/cmd_stm32prog.c | 2 + .../mach-stm32mp/cmd_stm32prog/stm32prog.c | 4 + .../mach-stm32mp/cmd_stm32prog/stm32prog.h | 2 + arch/arm/mach-stm32mp/config.mk | 2 +- arch/arm/mach-stm32mp/fdt.c | 11 +- .../arm/mach-stm32mp/include/mach/stm32prog.h | 2 + board/st/common/Kconfig | 21 ++- board/st/common/stm32mp_mtdparts.c | 31 +++- board/st/stm32mp1/MAINTAINERS | 1 + board/st/stm32mp1/stm32mp1.c | 10 +- configs/stm32mp15_defconfig | 157 +++++++++++++++++ configs/stm32mp15_trusted_defconfig | 1 + doc/board/st/stm32mp1.rst | 166 ++++++++++-------- 16 files changed, 345 insertions(+), 90 deletions(-) create mode 100644 configs/stm32mp15_defconfig -- 2.25.1