From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F1D5C432BE for ; Thu, 26 Aug 2021 21:47:23 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8EE2A60F4A for ; Thu, 26 Aug 2021 21:47:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8EE2A60F4A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 22DFA8322D; Thu, 26 Aug 2021 23:47:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="WApsSl84"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 26E188322E; Thu, 26 Aug 2021 23:47:18 +0200 (CEST) Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 042AB82A01 for ; Thu, 26 Aug 2021 23:47:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-oi1-x22d.google.com with SMTP id bi4so2872766oib.9 for ; Thu, 26 Aug 2021 14:47:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=OCYrdjSzYR/azChZ5fF66G4to93y2tmsHlGqWTK7eRA=; b=WApsSl84E5GSwqKu+PcLeBoSXQBxrdLlooCn7vWMdIcZd69Y/MdkZpiSafRVVb4s7X 43ZEOIdhbyCAJb0G1faKS7nvhK3oBIoziAMiG2a4zaNg/q4iLKOX9qOyTQhUP5aLFxLe Fq+UtLgCnHzpA34k40asuffySKmndGheq1Unxy+EC16CYl5/MWyalAmWdulqBgAQDxKT +2LD43L7JQAfpURMi4xDRdOMWZUxYpd0BoAQm5CtXtjhuMJ9a0gMtabHeqFHxdY5FOla YK9uCDyJq4iFoLcd+PxYKu5MPhAjlN8kFapU5ZZ7kyjsaDujFzrq+dpCkhUDpLhJOf1i NeMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=OCYrdjSzYR/azChZ5fF66G4to93y2tmsHlGqWTK7eRA=; b=lyh8Oa3MnrKUfFpkVTmU2OnYPqJiz1w3dseur6JE1JcN+uK+FHvQTZKcSqFY5k2Kd7 bmMVyxLL/6m+fMhiHqmhtCzzQTflc3q3q8d2PxfLP+kWI0WS/pNoKT3Iv+AF4KEr0pYJ efxxlw5dcvPM8sttOwwByYej9/ksiGmKcMvvWPHwYulGFcExkM7Wfp7ak2s93iQ/HdQT IHFHmP8UjJ8m+ASRcZhQQ2bvdyGDALGyD4UrsNvodDqRjv4Nzq9piaX8XFkx/JblBT9r KPX4Zis8K9R0sOr5DF4uNzbSCd/TE8Wjp34AUGRqj/eHK/cA9fZoYHneytwePZHQEd1h QZqw== X-Gm-Message-State: AOAM533QeGc1SkAxtRix21Nisz4XhESVOKMkMneKe+W5qJbTerzOyYv6 WXY6HQICx35vRmGIRVW8fsw= X-Google-Smtp-Source: ABdhPJw6Sr5bzzsQ+Dnu8PqwOCUgqMl5OMzsbwnsh7WbRVXBzOJgGR36vmlp44NoMVG+LH65UF83XQ== X-Received: by 2002:aca:3090:: with SMTP id w138mr4105834oiw.173.1630014430562; Thu, 26 Aug 2021 14:47:10 -0700 (PDT) Received: from nuclearis3.lan (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id j70sm863749otj.38.2021.08.26.14.47.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Aug 2021 14:47:10 -0700 (PDT) From: Alexandru Gagniuc To: patrick.delaunay@foss.st.com, u-boot@lists.denx.de Cc: marex@denx.de, Alexandru Gagniuc Subject: [RFC PATCH] stm32mp1: Replace STM32IMAGE config with TFABOOT_FIP Date: Thu, 26 Aug 2021 16:47:05 -0500 Message-Id: <20210826214705.255294-1-mr.nuke.me@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <966fc974-8331-aeac-ba15-5b2ab19c0eaf@gmail.com> References: <966fc974-8331-aeac-ba15-5b2ab19c0eaf@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Hi Patrick, I proposing a better fix fir the issues I outlined earlier, I made a classification of the currently supported boot modes. 1) BL1 -> SPL -> u-boot 2) BL1 -> SPL -> OP-TEE --------------------------------------------------------------------- | 3) BL1 -> TF-A -> u-boot | | 4) BL1 -> TF-A -> OP-TEE | | _________________________________________________________________ | || 5) BL1 -> TF-A -> FIP container || || CONFIG_TFABOOT_FIP || ||_________________________________________________________________|| | | | CONFIG_TFABOOT | --------------------------------------------------------------------- Here, I'm looking at FIP as a new boot mode. In order to avoid breakage, any changes to support FIP it should naturally be done only to this new path. This proposal contains several changes, but I've squashed them into one for ease of discussion. This better matches the boot mode classification above. This config mixes boot path (2) with paths (3) and (4), and thus is contrary to our goal of making changes only to the new FIP path. Because it mixes and matches SPL assumptions with TF-A assumptions, I've had a hard time figuting it out. I suspect it would be just as confusing for others in the future. I've had issues with tee_find_device() in the past when using SPL as the FSBL. As u-boot was running in secure mode and did not have a handler, it would result in a CPU exception and crash. The second argument against this is that stm32mp1 is the only platform to call tee_find_device() with the intent of detecting the presence of OP-TEE. Have there been issues with not callinf this in the past, or was this more of a "seems nice to have" ? "stm32mp15_defconfig" implies that would be the correct configuraion for STM32MP1. New contributor chooses this config, tries to run SPL + u-boot, which is what u-boot user expects is the default. Things likely fail miserably. A lot of u-boot users don't know what FIP is. It's an extra concept that is not strictly necessary in u-boot. So I think this name is vague, as it doesn't really describe what is going on. If we change it to "stm32mp15_tfaboot_fip_defconfig", then it very accurately describes the boot scenario, and avoids the confusion above. We're setting CONFIG_MTDPARTS_xxx based on TFABOOT_FIP_CONTAINER now, so I don't think we need any ifdefs here. This part needs the most scrutiny, as I don't have a way to test if I've broken anything. --- arch/arm/Kconfig | 14 +++++++ arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 7 ++-- arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9 ++--- arch/arm/mach-stm32mp/Kconfig | 7 ---- .../cmd_stm32prog/cmd_stm32prog.c | 2 - .../mach-stm32mp/cmd_stm32prog/stm32prog.c | 4 -- .../mach-stm32mp/cmd_stm32prog/stm32prog.h | 2 - arch/arm/mach-stm32mp/config.mk | 2 +- arch/arm/mach-stm32mp/fdt.c | 37 ------------------- .../arm/mach-stm32mp/include/mach/stm32prog.h | 2 - board/st/common/Kconfig | 20 +++++----- board/st/common/stm32mp_mtdparts.c | 18 --------- board/st/stm32mp1/stm32mp1.c | 6 +-- ...config => stm32mp15_tfaboot_fip_defconfig} | 1 + configs/stm32mp15_trusted_defconfig | 1 - 15 files changed, 35 insertions(+), 97 deletions(-) rename configs/{stm32mp15_defconfig => stm32mp15_tfaboot_fip_defconfig} (99%) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index d692139199..4c6f7ab3de 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1905,6 +1905,20 @@ config TFABOOT Enabling this option will make a U-Boot binary that is relying on other firmware layers to provide secure functionality. +config TFABOOT_FIP_CONTAINER + bool "Support for booting from TF-A inside a FIP container" + depends on TFABOOT + default n + help + TF-A has its own container format, named FIP (not to be confused with + FIT). When u-boot is started from a FIP, it sometimes needs to make + different assumptions than it would with a non-FIP boot. Although + those could be resolved with dynamic devicetree patching, TF-A is + either can't patch devicetrees, or is unwilling to do so. + Enabling this option will tell u-boot platform code that it is okay + to assume U-Boot will be started from a FIP container, even if such + assumptions would break things in a more normal setting. + config TI_SECURE_DEVICE bool "HS Device Type Support" depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3 diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi index 0101962ea5..54424e398f 100644 --- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi +++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi @@ -15,18 +15,18 @@ config { u-boot,boot-led = "heartbeat"; u-boot,error-led = "error"; - u-boot,mmc-env-partition = "fip"; + u-boot,mmc-env-partition = "fip1"; st,adc_usb_pd = <&adc1 18>, <&adc1 19>; st,fastboot-gpios = <&gpioa 13 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; st,stm32prog-gpios = <&gpioa 14 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; }; -#ifdef CONFIG_STM32MP15x_STM32IMAGE +#ifdef CONFIG_TFABOOT_FIP_CONTAINER config { u-boot,mmc-env-partition = "ssbl"; }; +#endif - /* only needed for boot with TF-A, witout FIP support */ firmware { optee { compatible = "linaro,optee-tz"; @@ -43,7 +43,6 @@ u-boot,dm-spl; }; }; -#endif led { red { diff --git a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi index 32777384c6..184774df58 100644 --- a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi +++ b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi @@ -15,17 +15,17 @@ config { u-boot,boot-led = "heartbeat"; u-boot,error-led = "error"; - u-boot,mmc-env-partition = "fip"; + u-boot,mmc-env-partition = "ssbl"; st,fastboot-gpios = <&gpioa 13 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; st,stm32prog-gpios = <&gpioa 14 (GPIO_ACTIVE_LOW | GPIO_PULL_UP)>; }; -#ifdef CONFIG_STM32MP15x_STM32IMAGE +#ifdef CONFIG_TFABOOT_FIP_CONTAINER config { - u-boot,mmc-env-partition = "ssbl"; + u-boot,mmc-env-partition = "fip"; }; +#endif - /* only needed for boot with TF-A, witout FIP support */ firmware { optee { compatible = "linaro,optee-tz"; @@ -39,7 +39,6 @@ no-map; }; }; -#endif led { red { diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index 5d7eca649a..4c1eeef165 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -56,13 +56,6 @@ config STM32MP15x dual core A7 for STM32MP157/3, monocore for STM32MP151 target all the STMicroelectronics board with SOC STM32MP1 family -config STM32MP15x_STM32IMAGE - bool "Support STM32 image for generated U-Boot image" - depends on STM32MP15x && TFABOOT - help - Support of STM32 image generation for SOC STM32MP15x - for TF-A boot when FIP container is not used - choice prompt "STM32MP15x board select" optional diff --git a/arch/arm/mach-stm32mp/cmd_stm32prog/cmd_stm32prog.c b/arch/arm/mach-stm32mp/cmd_stm32prog/cmd_stm32prog.c index 41452b5a29..be53a52977 100644 --- a/arch/arm/mach-stm32mp/cmd_stm32prog/cmd_stm32prog.c +++ b/arch/arm/mach-stm32mp/cmd_stm32prog/cmd_stm32prog.c @@ -185,7 +185,6 @@ U_BOOT_CMD(stm32prog, 5, 0, do_stm32prog, " = size of flashlayout (optional for image with STM32 header)\n" ); -#ifdef CONFIG_STM32MP15x_STM32IMAGE bool stm32prog_get_tee_partitions(void) { if (stm32prog_data) @@ -193,7 +192,6 @@ bool stm32prog_get_tee_partitions(void) return false; } -#endif bool stm32prog_get_fsbl_nor(void) { diff --git a/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.c b/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.c index 3b6ca4e773..26fe8b654a 100644 --- a/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.c +++ b/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.c @@ -824,9 +824,7 @@ static int treat_partition_list(struct stm32prog_data *data) INIT_LIST_HEAD(&data->dev[j].part_list); } -#ifdef CONFIG_STM32MP15x_STM32IMAGE data->tee_detected = false; -#endif data->fsbl_nor_detected = false; for (i = 0; i < data->part_nb; i++) { part = &data->part_array[i]; @@ -880,12 +878,10 @@ static int treat_partition_list(struct stm32prog_data *data) /* fallthrough */ case STM32PROG_NAND: case STM32PROG_SPI_NAND: -#ifdef CONFIG_STM32MP15x_STM32IMAGE if (!data->tee_detected && !strncmp(part->name, "tee", 3)) data->tee_detected = true; break; -#endif default: break; } diff --git a/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.h b/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.h index 240c5c44bc..9d58cf0e2d 100644 --- a/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.h +++ b/arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.h @@ -122,9 +122,7 @@ struct stm32prog_data { struct stm32prog_dev_t dev[STM32PROG_MAX_DEV]; /* array of device */ int part_nb; /* nb of partition */ struct stm32prog_part_t *part_array; /* array of partition */ -#ifdef CONFIG_STM32MP15x_STM32IMAGE bool tee_detected; -#endif bool fsbl_nor_detected; /* command internal information */ diff --git a/arch/arm/mach-stm32mp/config.mk b/arch/arm/mach-stm32mp/config.mk index f7f5b77c41..c30bf482f7 100644 --- a/arch/arm/mach-stm32mp/config.mk +++ b/arch/arm/mach-stm32mp/config.mk @@ -4,7 +4,7 @@ # ifndef CONFIG_SPL -INPUTS-$(CONFIG_STM32MP15x_STM32IMAGE) += u-boot.stm32 +INPUTS-y += u-boot.stm32 else ifdef CONFIG_SPL_BUILD INPUTS-y += u-boot-spl.stm32 diff --git a/arch/arm/mach-stm32mp/fdt.c b/arch/arm/mach-stm32mp/fdt.c index a19e954cf7..8c729e1f32 100644 --- a/arch/arm/mach-stm32mp/fdt.c +++ b/arch/arm/mach-stm32mp/fdt.c @@ -224,30 +224,6 @@ static void stm32_fdt_disable(void *fdt, int offset, u32 addr, string, addr, name); } -static void stm32_fdt_disable_optee(void *blob) -{ - int off, node; - - /* Delete "optee" firmware node */ - off = fdt_node_offset_by_compatible(blob, -1, "linaro,optee-tz"); - if (off >= 0 && fdtdec_get_is_enabled(blob, off)) - fdt_del_node(blob, off); - - /* Delete "optee@..." reserved-memory node */ - off = fdt_path_offset(blob, "/reserved-memory/"); - if (off < 0) - return; - for (node = fdt_first_subnode(blob, off); - node >= 0; - node = fdt_next_subnode(blob, node)) { - if (strncmp(fdt_get_name(blob, node, NULL), "optee@", 6)) - continue; - - if (fdt_del_node(blob, node)) - printf("Failed to remove optee reserved-memory node\n"); - } -} - /* * This function is called right before the kernel is booted. "blob" is the * device tree that will be passed to the kernel. @@ -332,18 +308,5 @@ int ft_system_setup(void *blob, struct bd_info *bd) "st,package", pkg, false); } - /* - * TEMP: remove OP-TEE nodes in kernel device tree - * copied from U-Boot device tree by optee_copy_fdt_nodes - * when OP-TEE is not detected (probe failed) - * these OP-TEE nodes are present in -u-boot.dtsi - * under CONFIG_STM32MP15x_STM32IMAGE only for compatibility - * when FIP is not used by TF-A - */ - if (CONFIG_IS_ENABLED(STM32MP15x_STM32IMAGE) && - CONFIG_IS_ENABLED(OPTEE) && - !tee_find_device(NULL, NULL, NULL, NULL)) - stm32_fdt_disable_optee(blob); - return ret; } diff --git a/arch/arm/mach-stm32mp/include/mach/stm32prog.h b/arch/arm/mach-stm32mp/include/mach/stm32prog.h index 99be4e1d65..c080b9cc42 100644 --- a/arch/arm/mach-stm32mp/include/mach/stm32prog.h +++ b/arch/arm/mach-stm32mp/include/mach/stm32prog.h @@ -11,8 +11,6 @@ int stm32prog_read_medium_virt(struct dfu_entity *dfu, u64 offset, void *buf, long *len); int stm32prog_get_medium_size_virt(struct dfu_entity *dfu, u64 *size); -#ifdef CONFIG_STM32MP15x_STM32IMAGE bool stm32prog_get_tee_partitions(void); -#endif bool stm32prog_get_fsbl_nor(void); diff --git a/board/st/common/Kconfig b/board/st/common/Kconfig index 2f57118bb2..0bb8e808aa 100644 --- a/board/st/common/Kconfig +++ b/board/st/common/Kconfig @@ -8,9 +8,8 @@ config CMD_STBOARD config MTDPARTS_NAND0_BOOT string "mtd boot partitions for nand0" - default "2m(fsbl),2m(ssbl1),2m(ssbl2)" if STM32MP15x_STM32IMAGE || \ - !TFABOOT - default "2m(fsbl),4m(fip1),4m(fip2)" + default "2m(fsbl),2m(ssbl1),2m(ssbl2)" + default "2m(fsbl),4m(fip1),4m(fip2)" if TFABOOT_FIP_CONTAINER depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the partitions of nand0 used to build mtparts dynamically @@ -23,7 +22,7 @@ config MTDPARTS_NAND0_BOOT config MTDPARTS_NAND0_TEE string "mtd tee partitions for nand0" default "512k(teeh),512k(teed),512k(teex)" - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the tee partitions added in mtparts dynamically when tee is supported with boot from nand0. @@ -32,9 +31,8 @@ config MTDPARTS_NAND0_TEE config MTDPARTS_NOR0_BOOT string "mtd boot partitions for nor0" - default "256k(fsbl1),256k(fsbl2),2m(ssbl),512k(u-boot-env)" if STM32MP15x_STM32IMAGE || \ - !TFABOOT - default "256k(fsbl1),256k(fsbl2),4m(fip),512k(u-boot-env)" + default "256k(fsbl1),256k(fsbl2),2m(ssbl),512k(u-boot-env)" + default "256k(fsbl1),256k(fsbl2),4m(fip),512k(u-boot-env)" if TFABOOT_FIP_CONTAINER depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the partitions of nand0 used to build mtparts dynamically @@ -46,15 +44,15 @@ config MTDPARTS_NOR0_BOOT config MTDPARTS_NOR0_TEE string "mtd tee partitions for nor0" default "256k(teeh),512k(teed),256k(teex)" - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the tee partitions added in mtparts dynamically when tee is supported with boot from nor0. config MTDPARTS_SPINAND0_BOOT string "mtd boot partitions for spi-nand0" - default "2m(fsbl),2m(ssbl1),2m(ssbl2)" if STM32MP15x_STM32IMAGE || !TFABOOT - default "2m(fsbl),4m(fip1),4m(fip2)" + default "2m(fsbl),2m(ssbl1),2m(ssbl2)" + default "2m(fsbl),4m(fip1),4m(fip2)" if TFABOOT_FIP_CONTAINER depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the partitions of nand0 used to build mtparts dynamically @@ -66,7 +64,7 @@ config MTDPARTS_SPINAND0_BOOT config MTDPARTS_SPINAND0_TEE string "mtd tee partitions for spi-nand0" default "512k(teeh),512k(teed),512k(teex)" - depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP && STM32MP15x_STM32IMAGE + depends on SYS_MTDPARTS_RUNTIME && ARCH_STM32MP help This define the tee partitions added in mtparts dynamically when tee is supported with boot from spi-nand0, diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c index 8b636d62fa..dea5d506a1 100644 --- a/board/st/common/stm32mp_mtdparts.c +++ b/board/st/common/stm32mp_mtdparts.c @@ -11,9 +11,7 @@ #include #include #include -#ifdef CONFIG_STM32MP15x_STM32IMAGE #include -#endif #include #include #include @@ -33,9 +31,7 @@ static void board_set_mtdparts(const char *dev, char *mtdids, char *mtdparts, const char *boot, -#ifdef CONFIG_STM32MP15x_STM32IMAGE const char *tee, -#endif const char *user) { /* mtdids: "=, ...." */ @@ -59,12 +55,10 @@ static void board_set_mtdparts(const char *dev, strncat(mtdparts, ",", MTDPARTS_LEN); } -#ifdef CONFIG_STM32MP15x_STM32IMAGE if (tee) { strncat(mtdparts, tee, MTDPARTS_LEN); strncat(mtdparts, ",", MTDPARTS_LEN); } -#endif strncat(mtdparts, user, MTDPARTS_LEN); } @@ -77,9 +71,7 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) static char ids[MTDIDS_LEN + 1]; static bool mtd_initialized; bool nor, nand, spinand, serial; -#ifdef CONFIG_STM32MP15x_STM32IMAGE bool tee = false; -#endif if (mtd_initialized) { *mtdids = ids; @@ -97,9 +89,7 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) case BOOT_SERIAL_USB: serial = true; if (CONFIG_IS_ENABLED(CMD_STM32PROG)) { -#ifdef CONFIG_STM32MP15x_STM32IMAGE tee = stm32prog_get_tee_partitions(); -#endif nor = stm32prog_get_fsbl_nor(); } nand = true; @@ -118,11 +108,9 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) break; } -#ifdef CONFIG_STM32MP15x_STM32IMAGE if (!serial && CONFIG_IS_ENABLED(OPTEE) && tee_find_device(NULL, NULL, NULL, NULL)) tee = true; -#endif memset(parts, 0, sizeof(parts)); memset(ids, 0, sizeof(ids)); @@ -139,9 +127,7 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) if (!IS_ERR_OR_NULL(mtd)) { board_set_mtdparts("nand0", ids, parts, CONFIG_MTDPARTS_NAND0_BOOT, -#ifdef CONFIG_STM32MP15x_STM32IMAGE !nor && tee ? CONFIG_MTDPARTS_NAND0_TEE : NULL, -#endif "-(UBI)"); put_mtd_device(mtd); } @@ -152,9 +138,7 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) if (!IS_ERR_OR_NULL(mtd)) { board_set_mtdparts("spi-nand0", ids, parts, CONFIG_MTDPARTS_SPINAND0_BOOT, -#ifdef CONFIG_STM32MP15x_STM32IMAGE !nor && tee ? CONFIG_MTDPARTS_SPINAND0_TEE : NULL, -#endif "-(UBI)"); put_mtd_device(mtd); } @@ -164,9 +148,7 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) if (!uclass_get_device(UCLASS_SPI_FLASH, 0, &dev)) { board_set_mtdparts("nor0", ids, parts, CONFIG_MTDPARTS_NOR0_BOOT, -#ifdef CONFIG_STM32MP15x_STM32IMAGE tee ? CONFIG_MTDPARTS_NOR0_TEE : NULL, -#endif "-(nor_user)"); } } diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 032f08d795..583f923d29 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -106,10 +106,10 @@ int checkboard(void) int fdt_compat_len; if (IS_ENABLED(CONFIG_TFABOOT)) { - if (IS_ENABLED(CONFIG_STM32MP15x_STM32IMAGE)) - mode = "trusted - stm32image"; - else + if (IS_ENABLED(CONFIG_TFABOOT_FIP_CONTAINER)) mode = "trusted"; + else + mode = "trusted - stm32image"; } else { mode = "basic"; } diff --git a/configs/stm32mp15_defconfig b/configs/stm32mp15_tfaboot_fip_defconfig similarity index 99% rename from configs/stm32mp15_defconfig rename to configs/stm32mp15_tfaboot_fip_defconfig index e725b916b9..f7ef511e9c 100644 --- a/configs/stm32mp15_defconfig +++ b/configs/stm32mp15_tfaboot_fip_defconfig @@ -1,6 +1,7 @@ CONFIG_ARM=y CONFIG_ARCH_STM32MP=y CONFIG_TFABOOT=y +CONFIG_TFABOOT_FIP_CONTAINER=y CONFIG_SYS_MALLOC_F_LEN=0x3000 CONFIG_SYS_MEMTEST_START=0xc0000000 CONFIG_SYS_MEMTEST_END=0xc4000000 diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig index 2e2f0c76ca..1671cb24f5 100644 --- a/configs/stm32mp15_trusted_defconfig +++ b/configs/stm32mp15_trusted_defconfig @@ -7,7 +7,6 @@ CONFIG_SYS_MEMTEST_END=0xc4000000 CONFIG_ENV_OFFSET=0x280000 CONFIG_ENV_SECT_SIZE=0x40000 CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-ev1" -CONFIG_STM32MP15x_STM32IMAGE=y CONFIG_TARGET_ST_STM32MP15x=y CONFIG_CMD_STM32KEY=y CONFIG_CMD_STM32PROG=y -- 2.31.1