@@ -93,16 +93,6 @@ config STM32MP1_TRUSTED
BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32
TF-A monitor provides proprietary SMC to manage secure devices
-config STM32MP1_OPTEE
- bool "Support trusted boot with TF-A and OP-TEE"
- depends on STM32MP1_TRUSTED
- default n
- help
- Say Y here to enable boot with TF-A and OP-TEE
- Trusted boot chain is :
- BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32
- OP-TEE monitor provides ST SMC to access to secure resources
-
config SYS_TEXT_BASE
default 0xC0100000
@@ -5,6 +5,7 @@
#include <common.h>
#include <fdt_support.h>
+#include <tee.h>
#include <asm/arch/sys_proto.h>
#include <dt-bindings/pinctrl/stm32-pinfunc.h>
#include <linux/io.h>
@@ -322,7 +323,8 @@ int ft_system_setup(void *blob, bd_t *bd)
"st,package", pkg, false);
}
- if (!CONFIG_IS_ENABLED(STM32MP1_OPTEE))
+ if (!CONFIG_IS_ENABLED(OPTEE) ||
+ !tee_find_device(NULL, NULL, NULL, NULL))
stm32_fdt_disable_optee(blob);
return ret;
@@ -117,9 +117,7 @@ int checkboard(void)
const char *fdt_compat;
int fdt_compat_len;
- if (IS_ENABLED(CONFIG_STM32MP1_OPTEE))
- mode = "trusted with OP-TEE";
- else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
+ if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
mode = "trusted";
else
mode = "basic";
@@ -9,6 +9,7 @@
#include <env_internal.h>
#include <mtd.h>
#include <mtd_node.h>
+#include <tee.h>
#define MTDPARTS_LEN 256
#define MTDIDS_LEN 128
@@ -49,7 +50,7 @@ static void board_get_mtdparts(const char *dev,
strncat(mtdparts, ",", MTDPARTS_LEN);
}
- if (CONFIG_IS_ENABLED(STM32MP1_OPTEE) && tee) {
+ if (tee) {
strncat(mtdparts, tee, MTDPARTS_LEN);
strncat(mtdparts, ",", MTDPARTS_LEN);
}
@@ -72,7 +73,8 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts)
return;
}
- if (CONFIG_IS_ENABLED(STM32MP1_OPTEE))
+ if (CONFIG_IS_ENABLED(OPTEE) &&
+ tee_find_device(NULL, NULL, NULL, NULL))
tee = true;
memset(parts, 0, sizeof(parts));
@@ -87,9 +87,7 @@ int checkboard(void)
const char *fdt_compat;
int fdt_compat_len;
- if (IS_ENABLED(CONFIG_STM32MP1_OPTEE))
- mode = "trusted with OP-TEE";
- else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED))
+ if (CONFIG_IS_ENABLED(STM32MP1_TRUSTED))
mode = "trusted";
else
mode = "basic";
@@ -4,7 +4,6 @@ CONFIG_SYS_MALLOC_F_LEN=0x3000
CONFIG_ENV_SECT_SIZE=0x40000
CONFIG_ENV_OFFSET=0x280000
CONFIG_TARGET_ST_STM32MP15x=y
-CONFIG_STM32MP1_OPTEE=y
CONFIG_ENV_OFFSET_REDUND=0x2C0000
CONFIG_DISTRO_DEFAULTS=y
CONFIG_FIT=y
@@ -111,6 +110,9 @@ CONFIG_SPI=y
CONFIG_DM_SPI=y
CONFIG_STM32_QSPI=y
CONFIG_STM32_SPI=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+# CONFIG_OPTEE_TA_AVB is not set
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_DM_USB_GADGET=y
@@ -110,6 +110,9 @@ CONFIG_SPI=y
CONFIG_DM_SPI=y
CONFIG_STM32_QSPI=y
CONFIG_STM32_SPI=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+# CONFIG_OPTEE_TA_AVB is not set
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_DM_USB_GADGET=y
Activate OP-TEE driver for trusted and optee defconfig. This driver allows detection of TEE presence for boot from flash; CONFIG_STM32MP1_OPTEE is also removed. Signed-off-by: Patrick Delaunay <patrick.delaunay at st.com> --- arch/arm/mach-stm32mp/Kconfig | 10 ---------- arch/arm/mach-stm32mp/fdt.c | 4 +++- board/dhelectronics/dh_stm32mp1/board.c | 4 +--- board/st/common/stm32mp_mtdparts.c | 6 ++++-- board/st/stm32mp1/stm32mp1.c | 4 +--- configs/stm32mp15_optee_defconfig | 4 +++- configs/stm32mp15_trusted_defconfig | 3 +++ 7 files changed, 15 insertions(+), 20 deletions(-)