In next TF-A version the stm32mp1 platform will support the Firmware
Image Package (FIP) [1], a container filled with:
- the U-Boot binary = u-boot-nodtb.bin
- the U-Boot device tree = u-boot.dtb
- the Secure OS (OP-TEE) or the secure monitor (SP_MIN)
Upstream is in progress on TF-A side.
Each part of the FIP is loaded by TF-A BL2 and U-Boot
is executed with its device tree address as parameter (nt_fw_dtb = r2
introduced by commit 4ac345220afa ("board: stm32mp1: use FDT address
provided by TF-A at boot time")
This FIP container simplifies the OP-TEE management (same number of partition
with or without OP-TEE, OP-TEE dynamically updates the U-Boot device tree
to add the required OP-TEE nodes) and allow support of generic TF-A
features as PKI [2].
This serie allows to generate U-Boot configured for the TF-A BL2 image
types:
- STM32IMAGE: stm32mp15_trusted_defconfig (current behavior)
- FIP: stm32mp15_defconfig (NEW)
The FIP will be the STMicroelectronics recommended image type for
STM32MP15x and the STM32IMAGE support should be marked deprecated in a
future TF-A release or even removed.
To prepare this migration, the serie move all the specific code or
device tree nodes for TF-A load of STM32IMAGE under compilation
flag CONFIG_STM32MP15x_STM32IMAGE.
[1] 4.11. Firmware Image Package (FIP)
fiphttps://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html
[2] Authentication Framework & Chain of Trust
https://trustedfirmware-a.readthedocs.io/en/latest/design/auth-framework.html
Patrick Delaunay (5):
arm: stm32mp: add config for STM32IMAGE support
arm: stm32mp: handle the OP-TEE nodes in DT with FIP support
arm: stm32mp: add defconfig for trusted boot with FIP
doc: st: stm32mp1: Add FIP support for trusted boot
stm32mp1: stm32prog: remove stm32prog_get_tee_partitions with FIP
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 9 +-
arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9 +-
arch/arm/mach-stm32mp/Kconfig | 7 +
.../cmd_stm32prog/cmd_stm32prog.c | 2 +
.../mach-stm32mp/cmd_stm32prog/stm32prog.c | 4 +
.../mach-stm32mp/cmd_stm32prog/stm32prog.h | 2 +
arch/arm/mach-stm32mp/config.mk | 2 +-
arch/arm/mach-stm32mp/fdt.c | 11 +-
.../arm/mach-stm32mp/include/mach/stm32prog.h | 2 +
board/st/common/Kconfig | 21 ++-
board/st/common/stm32mp_mtdparts.c | 31 +++-
board/st/stm32mp1/MAINTAINERS | 1 +
board/st/stm32mp1/stm32mp1.c | 10 +-
configs/stm32mp15_defconfig | 157 +++++++++++++++++
configs/stm32mp15_trusted_defconfig | 1 +
doc/board/st/stm32mp1.rst | 166 ++++++++++--------
16 files changed, 345 insertions(+), 90 deletions(-)
create mode 100644 configs/stm32mp15_defconfig
--
2.25.1
