| Message ID | 20200401090730.1.I8afbe46ade3ac297f6508f03fbcc643a260f54f7@changeid |
|---|---|
| State | Accepted |
| Commit | 654706be84322b27ae9524c8def7dda4a71763cf |
| Headers | show |
| Series | configs: stm32mp1: replace STM32MP1_TRUSTED by TFABOOT | expand |
Hi Patrick On 4/1/20 9:07 AM, Patrick Delaunay wrote: > Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp > specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT > introduced by the commit 535d76a12150 ("armv8: layerscape: Add TFABOOT > support"). > This config CONFIG_TFABOOT is activated for the trusted boot chain, > when U-Boot is loaded by TF-A. > > Signed-off-by: Patrick Delaunay <patrick.delaunay at st.com> > --- > > arch/arm/Kconfig | 1 + > arch/arm/mach-stm32mp/Kconfig | 21 ++++++--------------- > arch/arm/mach-stm32mp/bsec.c | 18 +++++++++--------- > arch/arm/mach-stm32mp/cpu.c | 10 +++++----- > board/dhelectronics/dh_stm32mp1/board.c | 4 ++-- > board/st/stm32mp1/stm32mp1.c | 4 ++-- > configs/stm32mp15_optee_defconfig | 1 + > configs/stm32mp15_trusted_defconfig | 1 + > drivers/clk/clk_stm32mp1.c | 2 +- > drivers/ram/stm32mp1/stm32mp1_ram.c | 2 +- > include/configs/stm32mp1.h | 2 +- > 11 files changed, 30 insertions(+), 36 deletions(-) > > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig > index 5d367888d8..54ff4557d4 100644 > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -1583,6 +1583,7 @@ config ARCH_STI > config ARCH_STM32MP > bool "Support STMicroelectronics STM32MP Socs with cortex A" > select ARCH_MISC_INIT > + select ARCH_SUPPORT_TFABOOT > select BOARD_LATE_INIT > select CLK > select DM > diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig > index e4d621dee8..e42e9e2e82 100644 > --- a/arch/arm/mach-stm32mp/Kconfig > +++ b/arch/arm/mach-stm32mp/Kconfig > @@ -35,9 +35,10 @@ config ENV_SIZE > > config STM32MP15x > bool "Support STMicroelectronics STM32MP15x Soc" > - select ARCH_SUPPORT_PSCI if !STM32MP1_TRUSTED > + select ARCH_SUPPORT_PSCI if !TFABOOT > + select ARM_SMCCC if TFABOOT > select CPU_V7A > - select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED > + select CPU_V7_HAS_NONSEC if !TFABOOT > select CPU_V7_HAS_VIRT > select OF_BOARD_SETUP > select PINCTRL_STM32 > @@ -45,8 +46,8 @@ config STM32MP15x > select STM32_RESET > select STM32_SERIAL > select SYS_ARCH_TIMER > - imply SYSRESET_PSCI if STM32MP1_TRUSTED > - imply SYSRESET_SYSCON if !STM32MP1_TRUSTED > + imply SYSRESET_PSCI if TFABOOT > + imply SYSRESET_SYSCON if !TFABOOT > help > support of STMicroelectronics SOC STM32MP15x family > STM32MP157, STM32MP153 or STM32MP151 > @@ -83,19 +84,9 @@ config TARGET_DH_STM32MP1_PDK2 > > endchoice > > -config STM32MP1_TRUSTED > - bool "Support trusted boot with TF-A" > - default y if !SPL > - select ARM_SMCCC > - help > - Say Y here to enable boot with TF-A > - Trusted boot chain is : > - BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 > - TF-A monitor provides proprietary SMC to manage secure devices > - > config STM32MP1_OPTEE > bool "Support trusted boot with TF-A and OP-TEE" > - depends on STM32MP1_TRUSTED > + depends on TFABOOT > default n > help > Say Y here to enable boot with TF-A and OP-TEE > diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c > index 3b923f088e..0d5850b4a9 100644 > --- a/arch/arm/mach-stm32mp/bsec.c > +++ b/arch/arm/mach-stm32mp/bsec.c > @@ -68,7 +68,7 @@ static bool bsec_read_lock(u32 address, u32 otp) > return !!(readl(address + bank) & bit); > } > > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > /** > * bsec_check_error() - Check status of one otp > * @base: base address of bsec IP > @@ -273,7 +273,7 @@ static int bsec_program_otp(long base, u32 val, u32 otp) > > return ret; > } > -#endif /* CONFIG_STM32MP1_TRUSTED */ > +#endif /* CONFIG_TFABOOT */ > > /* BSEC MISC driver *******************************************************/ > struct stm32mp_bsec_platdata { > @@ -282,7 +282,7 @@ struct stm32mp_bsec_platdata { > > static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp) > { > -#ifdef CONFIG_STM32MP1_TRUSTED > +#ifdef CONFIG_TFABOOT > return stm32_smc(STM32_SMC_BSEC, > STM32_SMC_READ_OTP, > otp, 0, val); > @@ -313,7 +313,7 @@ static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp) > > static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp) > { > -#ifdef CONFIG_STM32MP1_TRUSTED > +#ifdef CONFIG_TFABOOT > return stm32_smc(STM32_SMC_BSEC, > STM32_SMC_READ_SHADOW, > otp, 0, val); > @@ -336,7 +336,7 @@ static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp) > > static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp) > { > -#ifdef CONFIG_STM32MP1_TRUSTED > +#ifdef CONFIG_TFABOOT > return stm32_smc_exec(STM32_SMC_BSEC, > STM32_SMC_PROG_OTP, > otp, val); > @@ -349,7 +349,7 @@ static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp) > > static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp) > { > -#ifdef CONFIG_STM32MP1_TRUSTED > +#ifdef CONFIG_TFABOOT > return stm32_smc_exec(STM32_SMC_BSEC, > STM32_SMC_WRITE_SHADOW, > otp, val); > @@ -362,7 +362,7 @@ static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp) > > static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp) > { > -#ifdef CONFIG_STM32MP1_TRUSTED > +#ifdef CONFIG_TFABOOT > if (val == 1) > return stm32_smc_exec(STM32_SMC_BSEC, > STM32_SMC_WRLOCK_OTP, > @@ -473,7 +473,7 @@ static int stm32mp_bsec_ofdata_to_platdata(struct udevice *dev) > return 0; > } > > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > static int stm32mp_bsec_probe(struct udevice *dev) > { > int otp; > @@ -500,7 +500,7 @@ U_BOOT_DRIVER(stm32mp_bsec) = { > .ofdata_to_platdata = stm32mp_bsec_ofdata_to_platdata, > .platdata_auto_alloc_size = sizeof(struct stm32mp_bsec_platdata), > .ops = &stm32mp_bsec_ops, > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > .probe = stm32mp_bsec_probe, > #endif > }; > diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c > index 9aa5794334..74d03fa7dd 100644 > --- a/arch/arm/mach-stm32mp/cpu.c > +++ b/arch/arm/mach-stm32mp/cpu.c > @@ -76,7 +76,7 @@ > #define PKG_MASK GENMASK(2, 0) > > #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > static void security_init(void) > { > /* Disable the backup domain write protection */ > @@ -136,7 +136,7 @@ static void security_init(void) > writel(BIT(0), RCC_MP_AHB5ENSETR); > writel(0x0, GPIOZ_SECCFGR); > } > -#endif /* CONFIG_STM32MP1_TRUSTED */ > +#endif /* CONFIG_TFABOOT */ > > /* > * Debug init > @@ -150,7 +150,7 @@ static void dbgmcu_init(void) > } > #endif /* !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) */ > > -#if !defined(CONFIG_STM32MP1_TRUSTED) && \ > +#if !defined(CONFIG_TFABOOT) && \ > (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) > /* get bootmode from ROM code boot context: saved in TAMP register */ > static void update_bootmode(void) > @@ -198,7 +198,7 @@ int arch_cpu_init(void) > > #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) > dbgmcu_init(); > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > security_init(); > update_bootmode(); > #endif > @@ -214,7 +214,7 @@ int arch_cpu_init(void) > if ((boot_mode & TAMP_BOOT_DEVICE_MASK) == BOOT_SERIAL_UART) > gd->flags |= GD_FLG_SILENT | GD_FLG_DISABLE_CONSOLE; > #if defined(CONFIG_DEBUG_UART) && \ > - !defined(CONFIG_STM32MP1_TRUSTED) && \ > + !defined(CONFIG_TFABOOT) && \ > (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) > else > debug_uart_init(); > diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c > index b663696983..c39a4b193c 100644 > --- a/board/dhelectronics/dh_stm32mp1/board.c > +++ b/board/dhelectronics/dh_stm32mp1/board.c > @@ -119,7 +119,7 @@ int checkboard(void) > > if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) > mode = "trusted with OP-TEE"; > - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) > + else if (IS_ENABLED(CONFIG_TFABOOT)) > mode = "trusted"; > else > mode = "basic"; > @@ -284,7 +284,7 @@ static void __maybe_unused led_error_blink(u32 nb_blink) > > static void sysconf_init(void) > { > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > u8 *syscfg; > #ifdef CONFIG_DM_REGULATOR > struct udevice *pwr_dev; > diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c > index 07f5344ec9..6c884028d3 100644 > --- a/board/st/stm32mp1/stm32mp1.c > +++ b/board/st/stm32mp1/stm32mp1.c > @@ -92,7 +92,7 @@ int checkboard(void) > > if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) > mode = "trusted with OP-TEE"; > - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) > + else if (IS_ENABLED(TFABOOT)) > mode = "trusted"; > else > mode = "basic"; > @@ -462,7 +462,7 @@ static int board_check_usb_power(void) > > static void sysconf_init(void) > { > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > u8 *syscfg; > #ifdef CONFIG_DM_REGULATOR > struct udevice *pwr_dev; > diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig > index 298611776d..6c17bd9b20 100644 > --- a/configs/stm32mp15_optee_defconfig > +++ b/configs/stm32mp15_optee_defconfig > @@ -1,5 +1,6 @@ > CONFIG_ARM=y > CONFIG_ARCH_STM32MP=y > +CONFIG_TFABOOT=y > CONFIG_SYS_MALLOC_F_LEN=0x3000 > CONFIG_ENV_SECT_SIZE=0x40000 > CONFIG_ENV_OFFSET=0x280000 > diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig > index 6928e9a65c..7592f6fcc4 100644 > --- a/configs/stm32mp15_trusted_defconfig > +++ b/configs/stm32mp15_trusted_defconfig > @@ -1,5 +1,6 @@ > CONFIG_ARM=y > CONFIG_ARCH_STM32MP=y > +CONFIG_TFABOOT=y > CONFIG_SYS_MALLOC_F_LEN=0x3000 > CONFIG_ENV_SECT_SIZE=0x40000 > CONFIG_ENV_OFFSET=0x280000 > diff --git a/drivers/clk/clk_stm32mp1.c b/drivers/clk/clk_stm32mp1.c > index 52bd8e96f3..50df8425bf 100644 > --- a/drivers/clk/clk_stm32mp1.c > +++ b/drivers/clk/clk_stm32mp1.c > @@ -19,7 +19,7 @@ > > DECLARE_GLOBAL_DATA_PTR; > > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) > /* activate clock tree initialization in the driver */ > #define STM32MP1_CLOCK_TREE_INIT > diff --git a/drivers/ram/stm32mp1/stm32mp1_ram.c b/drivers/ram/stm32mp1/stm32mp1_ram.c > index b1e593f86b..7b1adc5b24 100644 > --- a/drivers/ram/stm32mp1/stm32mp1_ram.c > +++ b/drivers/ram/stm32mp1/stm32mp1_ram.c > @@ -177,7 +177,7 @@ static int stm32mp1_ddr_probe(struct udevice *dev) > > priv->info.base = STM32_DDR_BASE; > > -#if !defined(CONFIG_STM32MP1_TRUSTED) && \ > +#if !defined(CONFIG_TFABOOT) && \ > (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) > priv->info.size = 0; > return stm32mp1_ddr_setup(dev); > diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h > index 42717c167e..2ba4fb1305 100644 > --- a/include/configs/stm32mp1.h > +++ b/include/configs/stm32mp1.h > @@ -10,7 +10,7 @@ > #include <linux/sizes.h> > #include <asm/arch/stm32.h> > > -#ifndef CONFIG_STM32MP1_TRUSTED > +#ifndef CONFIG_TFABOOT > /* PSCI support */ > #define CONFIG_ARMV7_PSCI_1_0 > #define CONFIG_ARMV7_SECURE_BASE STM32_SYSRAM_BASE Reviewed-by: Patrice Chotard <patrice.chotard at st.com> Thanks
Hi On 4/1/20 9:46 AM, Patrice CHOTARD wrote: > Hi Patrick > > On 4/1/20 9:07 AM, Patrick Delaunay wrote: >> Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp >> specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT >> introduced by the commit 535d76a12150 ("armv8: layerscape: Add TFABOOT >> support"). >> This config CONFIG_TFABOOT is activated for the trusted boot chain, >> when U-Boot is loaded by TF-A. >> >> Signed-off-by: Patrick Delaunay <patrick.delaunay at st.com> >> --- Applied to u-boot-stm/next Thanks Patrice >> >> arch/arm/Kconfig | 1 + >> arch/arm/mach-stm32mp/Kconfig | 21 ++++++--------------- >> arch/arm/mach-stm32mp/bsec.c | 18 +++++++++--------- >> arch/arm/mach-stm32mp/cpu.c | 10 +++++----- >> board/dhelectronics/dh_stm32mp1/board.c | 4 ++-- >> board/st/stm32mp1/stm32mp1.c | 4 ++-- >> configs/stm32mp15_optee_defconfig | 1 + >> configs/stm32mp15_trusted_defconfig | 1 + >> drivers/clk/clk_stm32mp1.c | 2 +- >> drivers/ram/stm32mp1/stm32mp1_ram.c | 2 +- >> include/configs/stm32mp1.h | 2 +- >> 11 files changed, 30 insertions(+), 36 deletions(-) >> >> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig >> index 5d367888d8..54ff4557d4 100644 >> --- a/arch/arm/Kconfig >> +++ b/arch/arm/Kconfig >> @@ -1583,6 +1583,7 @@ config ARCH_STI >> config ARCH_STM32MP >> bool "Support STMicroelectronics STM32MP Socs with cortex A" >> select ARCH_MISC_INIT >> + select ARCH_SUPPORT_TFABOOT >> select BOARD_LATE_INIT >> select CLK >> select DM >> diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig >> index e4d621dee8..e42e9e2e82 100644 >> --- a/arch/arm/mach-stm32mp/Kconfig >> +++ b/arch/arm/mach-stm32mp/Kconfig >> @@ -35,9 +35,10 @@ config ENV_SIZE >> >> config STM32MP15x >> bool "Support STMicroelectronics STM32MP15x Soc" >> - select ARCH_SUPPORT_PSCI if !STM32MP1_TRUSTED >> + select ARCH_SUPPORT_PSCI if !TFABOOT >> + select ARM_SMCCC if TFABOOT >> select CPU_V7A >> - select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED >> + select CPU_V7_HAS_NONSEC if !TFABOOT >> select CPU_V7_HAS_VIRT >> select OF_BOARD_SETUP >> select PINCTRL_STM32 >> @@ -45,8 +46,8 @@ config STM32MP15x >> select STM32_RESET >> select STM32_SERIAL >> select SYS_ARCH_TIMER >> - imply SYSRESET_PSCI if STM32MP1_TRUSTED >> - imply SYSRESET_SYSCON if !STM32MP1_TRUSTED >> + imply SYSRESET_PSCI if TFABOOT >> + imply SYSRESET_SYSCON if !TFABOOT >> help >> support of STMicroelectronics SOC STM32MP15x family >> STM32MP157, STM32MP153 or STM32MP151 >> @@ -83,19 +84,9 @@ config TARGET_DH_STM32MP1_PDK2 >> >> endchoice >> >> -config STM32MP1_TRUSTED >> - bool "Support trusted boot with TF-A" >> - default y if !SPL >> - select ARM_SMCCC >> - help >> - Say Y here to enable boot with TF-A >> - Trusted boot chain is : >> - BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 >> - TF-A monitor provides proprietary SMC to manage secure devices >> - >> config STM32MP1_OPTEE >> bool "Support trusted boot with TF-A and OP-TEE" >> - depends on STM32MP1_TRUSTED >> + depends on TFABOOT >> default n >> help >> Say Y here to enable boot with TF-A and OP-TEE >> diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c >> index 3b923f088e..0d5850b4a9 100644 >> --- a/arch/arm/mach-stm32mp/bsec.c >> +++ b/arch/arm/mach-stm32mp/bsec.c >> @@ -68,7 +68,7 @@ static bool bsec_read_lock(u32 address, u32 otp) >> return !!(readl(address + bank) & bit); >> } >> >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> /** >> * bsec_check_error() - Check status of one otp >> * @base: base address of bsec IP >> @@ -273,7 +273,7 @@ static int bsec_program_otp(long base, u32 val, u32 otp) >> >> return ret; >> } >> -#endif /* CONFIG_STM32MP1_TRUSTED */ >> +#endif /* CONFIG_TFABOOT */ >> >> /* BSEC MISC driver *******************************************************/ >> struct stm32mp_bsec_platdata { >> @@ -282,7 +282,7 @@ struct stm32mp_bsec_platdata { >> >> static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp) >> { >> -#ifdef CONFIG_STM32MP1_TRUSTED >> +#ifdef CONFIG_TFABOOT >> return stm32_smc(STM32_SMC_BSEC, >> STM32_SMC_READ_OTP, >> otp, 0, val); >> @@ -313,7 +313,7 @@ static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp) >> >> static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp) >> { >> -#ifdef CONFIG_STM32MP1_TRUSTED >> +#ifdef CONFIG_TFABOOT >> return stm32_smc(STM32_SMC_BSEC, >> STM32_SMC_READ_SHADOW, >> otp, 0, val); >> @@ -336,7 +336,7 @@ static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp) >> >> static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp) >> { >> -#ifdef CONFIG_STM32MP1_TRUSTED >> +#ifdef CONFIG_TFABOOT >> return stm32_smc_exec(STM32_SMC_BSEC, >> STM32_SMC_PROG_OTP, >> otp, val); >> @@ -349,7 +349,7 @@ static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp) >> >> static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp) >> { >> -#ifdef CONFIG_STM32MP1_TRUSTED >> +#ifdef CONFIG_TFABOOT >> return stm32_smc_exec(STM32_SMC_BSEC, >> STM32_SMC_WRITE_SHADOW, >> otp, val); >> @@ -362,7 +362,7 @@ static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp) >> >> static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp) >> { >> -#ifdef CONFIG_STM32MP1_TRUSTED >> +#ifdef CONFIG_TFABOOT >> if (val == 1) >> return stm32_smc_exec(STM32_SMC_BSEC, >> STM32_SMC_WRLOCK_OTP, >> @@ -473,7 +473,7 @@ static int stm32mp_bsec_ofdata_to_platdata(struct udevice *dev) >> return 0; >> } >> >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> static int stm32mp_bsec_probe(struct udevice *dev) >> { >> int otp; >> @@ -500,7 +500,7 @@ U_BOOT_DRIVER(stm32mp_bsec) = { >> .ofdata_to_platdata = stm32mp_bsec_ofdata_to_platdata, >> .platdata_auto_alloc_size = sizeof(struct stm32mp_bsec_platdata), >> .ops = &stm32mp_bsec_ops, >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> .probe = stm32mp_bsec_probe, >> #endif >> }; >> diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c >> index 9aa5794334..74d03fa7dd 100644 >> --- a/arch/arm/mach-stm32mp/cpu.c >> +++ b/arch/arm/mach-stm32mp/cpu.c >> @@ -76,7 +76,7 @@ >> #define PKG_MASK GENMASK(2, 0) >> >> #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> static void security_init(void) >> { >> /* Disable the backup domain write protection */ >> @@ -136,7 +136,7 @@ static void security_init(void) >> writel(BIT(0), RCC_MP_AHB5ENSETR); >> writel(0x0, GPIOZ_SECCFGR); >> } >> -#endif /* CONFIG_STM32MP1_TRUSTED */ >> +#endif /* CONFIG_TFABOOT */ >> >> /* >> * Debug init >> @@ -150,7 +150,7 @@ static void dbgmcu_init(void) >> } >> #endif /* !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) */ >> >> -#if !defined(CONFIG_STM32MP1_TRUSTED) && \ >> +#if !defined(CONFIG_TFABOOT) && \ >> (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) >> /* get bootmode from ROM code boot context: saved in TAMP register */ >> static void update_bootmode(void) >> @@ -198,7 +198,7 @@ int arch_cpu_init(void) >> >> #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) >> dbgmcu_init(); >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> security_init(); >> update_bootmode(); >> #endif >> @@ -214,7 +214,7 @@ int arch_cpu_init(void) >> if ((boot_mode & TAMP_BOOT_DEVICE_MASK) == BOOT_SERIAL_UART) >> gd->flags |= GD_FLG_SILENT | GD_FLG_DISABLE_CONSOLE; >> #if defined(CONFIG_DEBUG_UART) && \ >> - !defined(CONFIG_STM32MP1_TRUSTED) && \ >> + !defined(CONFIG_TFABOOT) && \ >> (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) >> else >> debug_uart_init(); >> diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c >> index b663696983..c39a4b193c 100644 >> --- a/board/dhelectronics/dh_stm32mp1/board.c >> +++ b/board/dhelectronics/dh_stm32mp1/board.c >> @@ -119,7 +119,7 @@ int checkboard(void) >> >> if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) >> mode = "trusted with OP-TEE"; >> - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) >> + else if (IS_ENABLED(CONFIG_TFABOOT)) >> mode = "trusted"; >> else >> mode = "basic"; >> @@ -284,7 +284,7 @@ static void __maybe_unused led_error_blink(u32 nb_blink) >> >> static void sysconf_init(void) >> { >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> u8 *syscfg; >> #ifdef CONFIG_DM_REGULATOR >> struct udevice *pwr_dev; >> diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c >> index 07f5344ec9..6c884028d3 100644 >> --- a/board/st/stm32mp1/stm32mp1.c >> +++ b/board/st/stm32mp1/stm32mp1.c >> @@ -92,7 +92,7 @@ int checkboard(void) >> >> if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) >> mode = "trusted with OP-TEE"; >> - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) >> + else if (IS_ENABLED(TFABOOT)) >> mode = "trusted"; >> else >> mode = "basic"; >> @@ -462,7 +462,7 @@ static int board_check_usb_power(void) >> >> static void sysconf_init(void) >> { >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> u8 *syscfg; >> #ifdef CONFIG_DM_REGULATOR >> struct udevice *pwr_dev; >> diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig >> index 298611776d..6c17bd9b20 100644 >> --- a/configs/stm32mp15_optee_defconfig >> +++ b/configs/stm32mp15_optee_defconfig >> @@ -1,5 +1,6 @@ >> CONFIG_ARM=y >> CONFIG_ARCH_STM32MP=y >> +CONFIG_TFABOOT=y >> CONFIG_SYS_MALLOC_F_LEN=0x3000 >> CONFIG_ENV_SECT_SIZE=0x40000 >> CONFIG_ENV_OFFSET=0x280000 >> diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig >> index 6928e9a65c..7592f6fcc4 100644 >> --- a/configs/stm32mp15_trusted_defconfig >> +++ b/configs/stm32mp15_trusted_defconfig >> @@ -1,5 +1,6 @@ >> CONFIG_ARM=y >> CONFIG_ARCH_STM32MP=y >> +CONFIG_TFABOOT=y >> CONFIG_SYS_MALLOC_F_LEN=0x3000 >> CONFIG_ENV_SECT_SIZE=0x40000 >> CONFIG_ENV_OFFSET=0x280000 >> diff --git a/drivers/clk/clk_stm32mp1.c b/drivers/clk/clk_stm32mp1.c >> index 52bd8e96f3..50df8425bf 100644 >> --- a/drivers/clk/clk_stm32mp1.c >> +++ b/drivers/clk/clk_stm32mp1.c >> @@ -19,7 +19,7 @@ >> >> DECLARE_GLOBAL_DATA_PTR; >> >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) >> /* activate clock tree initialization in the driver */ >> #define STM32MP1_CLOCK_TREE_INIT >> diff --git a/drivers/ram/stm32mp1/stm32mp1_ram.c b/drivers/ram/stm32mp1/stm32mp1_ram.c >> index b1e593f86b..7b1adc5b24 100644 >> --- a/drivers/ram/stm32mp1/stm32mp1_ram.c >> +++ b/drivers/ram/stm32mp1/stm32mp1_ram.c >> @@ -177,7 +177,7 @@ static int stm32mp1_ddr_probe(struct udevice *dev) >> >> priv->info.base = STM32_DDR_BASE; >> >> -#if !defined(CONFIG_STM32MP1_TRUSTED) && \ >> +#if !defined(CONFIG_TFABOOT) && \ >> (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) >> priv->info.size = 0; >> return stm32mp1_ddr_setup(dev); >> diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h >> index 42717c167e..2ba4fb1305 100644 >> --- a/include/configs/stm32mp1.h >> +++ b/include/configs/stm32mp1.h >> @@ -10,7 +10,7 @@ >> #include <linux/sizes.h> >> #include <asm/arch/stm32.h> >> >> -#ifndef CONFIG_STM32MP1_TRUSTED >> +#ifndef CONFIG_TFABOOT >> /* PSCI support */ >> #define CONFIG_ARMV7_PSCI_1_0 >> #define CONFIG_ARMV7_SECURE_BASE STM32_SYSRAM_BASE > Reviewed-by: Patrice Chotard <patrice.chotard at st.com> > > Thanks > _______________________________________________ > Uboot-stm32 mailing list > Uboot-stm32 at st-md-mailman.stormreply.com > https://st-md-mailman.stormreply.com/mailman/listinfo/uboot-stm32
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 5d367888d8..54ff4557d4 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1583,6 +1583,7 @@ config ARCH_STI config ARCH_STM32MP bool "Support STMicroelectronics STM32MP Socs with cortex A" select ARCH_MISC_INIT + select ARCH_SUPPORT_TFABOOT select BOARD_LATE_INIT select CLK select DM diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index e4d621dee8..e42e9e2e82 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -35,9 +35,10 @@ config ENV_SIZE config STM32MP15x bool "Support STMicroelectronics STM32MP15x Soc" - select ARCH_SUPPORT_PSCI if !STM32MP1_TRUSTED + select ARCH_SUPPORT_PSCI if !TFABOOT + select ARM_SMCCC if TFABOOT select CPU_V7A - select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED + select CPU_V7_HAS_NONSEC if !TFABOOT select CPU_V7_HAS_VIRT select OF_BOARD_SETUP select PINCTRL_STM32 @@ -45,8 +46,8 @@ config STM32MP15x select STM32_RESET select STM32_SERIAL select SYS_ARCH_TIMER - imply SYSRESET_PSCI if STM32MP1_TRUSTED - imply SYSRESET_SYSCON if !STM32MP1_TRUSTED + imply SYSRESET_PSCI if TFABOOT + imply SYSRESET_SYSCON if !TFABOOT help support of STMicroelectronics SOC STM32MP15x family STM32MP157, STM32MP153 or STM32MP151 @@ -83,19 +84,9 @@ config TARGET_DH_STM32MP1_PDK2 endchoice -config STM32MP1_TRUSTED - bool "Support trusted boot with TF-A" - default y if !SPL - select ARM_SMCCC - help - Say Y here to enable boot with TF-A - Trusted boot chain is : - BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 - TF-A monitor provides proprietary SMC to manage secure devices - config STM32MP1_OPTEE bool "Support trusted boot with TF-A and OP-TEE" - depends on STM32MP1_TRUSTED + depends on TFABOOT default n help Say Y here to enable boot with TF-A and OP-TEE diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c index 3b923f088e..0d5850b4a9 100644 --- a/arch/arm/mach-stm32mp/bsec.c +++ b/arch/arm/mach-stm32mp/bsec.c @@ -68,7 +68,7 @@ static bool bsec_read_lock(u32 address, u32 otp) return !!(readl(address + bank) & bit); } -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT /** * bsec_check_error() - Check status of one otp * @base: base address of bsec IP @@ -273,7 +273,7 @@ static int bsec_program_otp(long base, u32 val, u32 otp) return ret; } -#endif /* CONFIG_STM32MP1_TRUSTED */ +#endif /* CONFIG_TFABOOT */ /* BSEC MISC driver *******************************************************/ struct stm32mp_bsec_platdata { @@ -282,7 +282,7 @@ struct stm32mp_bsec_platdata { static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp) { -#ifdef CONFIG_STM32MP1_TRUSTED +#ifdef CONFIG_TFABOOT return stm32_smc(STM32_SMC_BSEC, STM32_SMC_READ_OTP, otp, 0, val); @@ -313,7 +313,7 @@ static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp) static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp) { -#ifdef CONFIG_STM32MP1_TRUSTED +#ifdef CONFIG_TFABOOT return stm32_smc(STM32_SMC_BSEC, STM32_SMC_READ_SHADOW, otp, 0, val); @@ -336,7 +336,7 @@ static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp) static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp) { -#ifdef CONFIG_STM32MP1_TRUSTED +#ifdef CONFIG_TFABOOT return stm32_smc_exec(STM32_SMC_BSEC, STM32_SMC_PROG_OTP, otp, val); @@ -349,7 +349,7 @@ static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp) static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp) { -#ifdef CONFIG_STM32MP1_TRUSTED +#ifdef CONFIG_TFABOOT return stm32_smc_exec(STM32_SMC_BSEC, STM32_SMC_WRITE_SHADOW, otp, val); @@ -362,7 +362,7 @@ static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp) static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp) { -#ifdef CONFIG_STM32MP1_TRUSTED +#ifdef CONFIG_TFABOOT if (val == 1) return stm32_smc_exec(STM32_SMC_BSEC, STM32_SMC_WRLOCK_OTP, @@ -473,7 +473,7 @@ static int stm32mp_bsec_ofdata_to_platdata(struct udevice *dev) return 0; } -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT static int stm32mp_bsec_probe(struct udevice *dev) { int otp; @@ -500,7 +500,7 @@ U_BOOT_DRIVER(stm32mp_bsec) = { .ofdata_to_platdata = stm32mp_bsec_ofdata_to_platdata, .platdata_auto_alloc_size = sizeof(struct stm32mp_bsec_platdata), .ops = &stm32mp_bsec_ops, -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT .probe = stm32mp_bsec_probe, #endif }; diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c index 9aa5794334..74d03fa7dd 100644 --- a/arch/arm/mach-stm32mp/cpu.c +++ b/arch/arm/mach-stm32mp/cpu.c @@ -76,7 +76,7 @@ #define PKG_MASK GENMASK(2, 0) #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT static void security_init(void) { /* Disable the backup domain write protection */ @@ -136,7 +136,7 @@ static void security_init(void) writel(BIT(0), RCC_MP_AHB5ENSETR); writel(0x0, GPIOZ_SECCFGR); } -#endif /* CONFIG_STM32MP1_TRUSTED */ +#endif /* CONFIG_TFABOOT */ /* * Debug init @@ -150,7 +150,7 @@ static void dbgmcu_init(void) } #endif /* !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) */ -#if !defined(CONFIG_STM32MP1_TRUSTED) && \ +#if !defined(CONFIG_TFABOOT) && \ (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) /* get bootmode from ROM code boot context: saved in TAMP register */ static void update_bootmode(void) @@ -198,7 +198,7 @@ int arch_cpu_init(void) #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) dbgmcu_init(); -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT security_init(); update_bootmode(); #endif @@ -214,7 +214,7 @@ int arch_cpu_init(void) if ((boot_mode & TAMP_BOOT_DEVICE_MASK) == BOOT_SERIAL_UART) gd->flags |= GD_FLG_SILENT | GD_FLG_DISABLE_CONSOLE; #if defined(CONFIG_DEBUG_UART) && \ - !defined(CONFIG_STM32MP1_TRUSTED) && \ + !defined(CONFIG_TFABOOT) && \ (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) else debug_uart_init(); diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c index b663696983..c39a4b193c 100644 --- a/board/dhelectronics/dh_stm32mp1/board.c +++ b/board/dhelectronics/dh_stm32mp1/board.c @@ -119,7 +119,7 @@ int checkboard(void) if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + else if (IS_ENABLED(CONFIG_TFABOOT)) mode = "trusted"; else mode = "basic"; @@ -284,7 +284,7 @@ static void __maybe_unused led_error_blink(u32 nb_blink) static void sysconf_init(void) { -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT u8 *syscfg; #ifdef CONFIG_DM_REGULATOR struct udevice *pwr_dev; diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 07f5344ec9..6c884028d3 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -92,7 +92,7 @@ int checkboard(void) if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + else if (IS_ENABLED(TFABOOT)) mode = "trusted"; else mode = "basic"; @@ -462,7 +462,7 @@ static int board_check_usb_power(void) static void sysconf_init(void) { -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT u8 *syscfg; #ifdef CONFIG_DM_REGULATOR struct udevice *pwr_dev; diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig index 298611776d..6c17bd9b20 100644 --- a/configs/stm32mp15_optee_defconfig +++ b/configs/stm32mp15_optee_defconfig @@ -1,5 +1,6 @@ CONFIG_ARM=y CONFIG_ARCH_STM32MP=y +CONFIG_TFABOOT=y CONFIG_SYS_MALLOC_F_LEN=0x3000 CONFIG_ENV_SECT_SIZE=0x40000 CONFIG_ENV_OFFSET=0x280000 diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig index 6928e9a65c..7592f6fcc4 100644 --- a/configs/stm32mp15_trusted_defconfig +++ b/configs/stm32mp15_trusted_defconfig @@ -1,5 +1,6 @@ CONFIG_ARM=y CONFIG_ARCH_STM32MP=y +CONFIG_TFABOOT=y CONFIG_SYS_MALLOC_F_LEN=0x3000 CONFIG_ENV_SECT_SIZE=0x40000 CONFIG_ENV_OFFSET=0x280000 diff --git a/drivers/clk/clk_stm32mp1.c b/drivers/clk/clk_stm32mp1.c index 52bd8e96f3..50df8425bf 100644 --- a/drivers/clk/clk_stm32mp1.c +++ b/drivers/clk/clk_stm32mp1.c @@ -19,7 +19,7 @@ DECLARE_GLOBAL_DATA_PTR; -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT #if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD) /* activate clock tree initialization in the driver */ #define STM32MP1_CLOCK_TREE_INIT diff --git a/drivers/ram/stm32mp1/stm32mp1_ram.c b/drivers/ram/stm32mp1/stm32mp1_ram.c index b1e593f86b..7b1adc5b24 100644 --- a/drivers/ram/stm32mp1/stm32mp1_ram.c +++ b/drivers/ram/stm32mp1/stm32mp1_ram.c @@ -177,7 +177,7 @@ static int stm32mp1_ddr_probe(struct udevice *dev) priv->info.base = STM32_DDR_BASE; -#if !defined(CONFIG_STM32MP1_TRUSTED) && \ +#if !defined(CONFIG_TFABOOT) && \ (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) priv->info.size = 0; return stm32mp1_ddr_setup(dev); diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h index 42717c167e..2ba4fb1305 100644 --- a/include/configs/stm32mp1.h +++ b/include/configs/stm32mp1.h @@ -10,7 +10,7 @@ #include <linux/sizes.h> #include <asm/arch/stm32.h> -#ifndef CONFIG_STM32MP1_TRUSTED +#ifndef CONFIG_TFABOOT /* PSCI support */ #define CONFIG_ARMV7_PSCI_1_0 #define CONFIG_ARMV7_SECURE_BASE STM32_SYSRAM_BASE
Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT introduced by the commit 535d76a12150 ("armv8: layerscape: Add TFABOOT support"). This config CONFIG_TFABOOT is activated for the trusted boot chain, when U-Boot is loaded by TF-A. Signed-off-by: Patrick Delaunay <patrick.delaunay at st.com> --- arch/arm/Kconfig | 1 + arch/arm/mach-stm32mp/Kconfig | 21 ++++++--------------- arch/arm/mach-stm32mp/bsec.c | 18 +++++++++--------- arch/arm/mach-stm32mp/cpu.c | 10 +++++----- board/dhelectronics/dh_stm32mp1/board.c | 4 ++-- board/st/stm32mp1/stm32mp1.c | 4 ++-- configs/stm32mp15_optee_defconfig | 1 + configs/stm32mp15_trusted_defconfig | 1 + drivers/clk/clk_stm32mp1.c | 2 +- drivers/ram/stm32mp1/stm32mp1_ram.c | 2 +- include/configs/stm32mp1.h | 2 +- 11 files changed, 30 insertions(+), 36 deletions(-)