From patchwork Wed Mar 18 08:22:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Delaunay X-Patchwork-Id: 243765 List-Id: U-Boot discussion From: patrick.delaunay at st.com (Patrick Delaunay) Date: Wed, 18 Mar 2020 09:22:49 +0100 Subject: [PATCH 06/11] stm32mp1: dynamically detect op-tee presence In-Reply-To: <20200318082254.7522-1-patrick.delaunay@st.com> References: <20200318082254.7522-1-patrick.delaunay@st.com> Message-ID: <20200318092245.6.I546d9b8b998328eacc805b3da6bf6e0b0e799fda@changeid> Activate OP-TEE driver for trusted and optee defconfig. This driver allows detection of TEE presence for boot from flash; CONFIG_STM32MP1_OPTEE is also removed. Signed-off-by: Patrick Delaunay --- arch/arm/mach-stm32mp/Kconfig | 10 ---------- arch/arm/mach-stm32mp/fdt.c | 4 +++- board/dhelectronics/dh_stm32mp1/board.c | 4 +--- board/st/common/stm32mp_mtdparts.c | 6 ++++-- board/st/stm32mp1/stm32mp1.c | 4 +--- configs/stm32mp15_optee_defconfig | 4 +++- configs/stm32mp15_trusted_defconfig | 3 +++ 7 files changed, 15 insertions(+), 20 deletions(-) diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index 96153693a7..1a5545b98d 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -93,16 +93,6 @@ config STM32MP1_TRUSTED BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 TF-A monitor provides proprietary SMC to manage secure devices -config STM32MP1_OPTEE - bool "Support trusted boot with TF-A and OP-TEE" - depends on STM32MP1_TRUSTED - default n - help - Say Y here to enable boot with TF-A and OP-TEE - Trusted boot chain is : - BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32 - OP-TEE monitor provides ST SMC to access to secure resources - config SYS_TEXT_BASE default 0xC0100000 diff --git a/arch/arm/mach-stm32mp/fdt.c b/arch/arm/mach-stm32mp/fdt.c index ae82270e42..21b5f09728 100644 --- a/arch/arm/mach-stm32mp/fdt.c +++ b/arch/arm/mach-stm32mp/fdt.c @@ -5,6 +5,7 @@ #include #include +#include #include #include #include @@ -322,7 +323,8 @@ int ft_system_setup(void *blob, bd_t *bd) "st,package", pkg, false); } - if (!CONFIG_IS_ENABLED(STM32MP1_OPTEE)) + if (!CONFIG_IS_ENABLED(OPTEE) || + !tee_find_device(NULL, NULL, NULL, NULL)) stm32_fdt_disable_optee(blob); return ret; diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c index bd6540a2aa..ea51b92282 100644 --- a/board/dhelectronics/dh_stm32mp1/board.c +++ b/board/dhelectronics/dh_stm32mp1/board.c @@ -117,9 +117,7 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) - mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) mode = "trusted"; else mode = "basic"; diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c index d4c0a7db9f..2b6413be16 100644 --- a/board/st/common/stm32mp_mtdparts.c +++ b/board/st/common/stm32mp_mtdparts.c @@ -9,6 +9,7 @@ #include #include #include +#include #define MTDPARTS_LEN 256 #define MTDIDS_LEN 128 @@ -49,7 +50,7 @@ static void board_get_mtdparts(const char *dev, strncat(mtdparts, ",", MTDPARTS_LEN); } - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE) && tee) { + if (tee) { strncat(mtdparts, tee, MTDPARTS_LEN); strncat(mtdparts, ",", MTDPARTS_LEN); } @@ -72,7 +73,8 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) return; } - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE)) + if (CONFIG_IS_ENABLED(OPTEE) && + tee_find_device(NULL, NULL, NULL, NULL)) tee = true; memset(parts, 0, sizeof(parts)); diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 2ab3b5cc9a..14c56a0f24 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -87,9 +87,7 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) - mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + if (CONFIG_IS_ENABLED(STM32MP1_TRUSTED)) mode = "trusted"; else mode = "basic"; diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig index 317cd55862..f0d524d344 100644 --- a/configs/stm32mp15_optee_defconfig +++ b/configs/stm32mp15_optee_defconfig @@ -4,7 +4,6 @@ CONFIG_SYS_MALLOC_F_LEN=0x3000 CONFIG_ENV_SECT_SIZE=0x40000 CONFIG_ENV_OFFSET=0x280000 CONFIG_TARGET_ST_STM32MP15x=y -CONFIG_STM32MP1_OPTEE=y CONFIG_ENV_OFFSET_REDUND=0x2C0000 CONFIG_DISTRO_DEFAULTS=y CONFIG_FIT=y @@ -111,6 +110,9 @@ CONFIG_SPI=y CONFIG_DM_SPI=y CONFIG_STM32_QSPI=y CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set CONFIG_USB=y CONFIG_DM_USB=y CONFIG_DM_USB_GADGET=y diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig index 73cbe6c7d6..f0d524d344 100644 --- a/configs/stm32mp15_trusted_defconfig +++ b/configs/stm32mp15_trusted_defconfig @@ -110,6 +110,9 @@ CONFIG_SPI=y CONFIG_DM_SPI=y CONFIG_STM32_QSPI=y CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set CONFIG_USB=y CONFIG_DM_USB=y CONFIG_DM_USB_GADGET=y