stm32mp1: add trusted boot with TF-A
Add support of trusted boot, using TF-A as first stage bootloader,
The boot sequence is
BootRom >=> TF-A.stm32 (clock & DDR) >=> U-Boot.stm32
The TF-A monitor provides secure monitor with support of SMC
- proprietary to manage secure devices (BSEC for example)
- PSCI for power
The same device tree is used for STMicroelectronics boards with
basic boot and with trusted boot.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig
index 8a929fa..3101d80 100644
--- a/arch/arm/mach-stm32mp/Kconfig
+++ b/arch/arm/mach-stm32mp/Kconfig
@@ -25,19 +25,30 @@
config TARGET_STM32MP1
bool "Support stm32mp1xx"
- select ARCH_SUPPORT_PSCI
+ select ARCH_SUPPORT_PSCI if !STM32MP1_TRUSTED
select CPU_V7A
- select CPU_V7_HAS_NONSEC
+ select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED
select CPU_V7_HAS_VIRT
select PINCTRL_STM32
select STM32_RCC
select STM32_RESET
select SYS_ARCH_TIMER
- select SYSRESET_SYSCON
+ imply SYSRESET_PSCI if STM32MP1_TRUSTED
+ imply SYSRESET_SYSCON if !STM32MP1_TRUSTED
help
target STMicroelectronics SOC STM32MP1 family
STMicroelectronics MPU with core ARMv7
+config STM32MP1_TRUSTED
+ bool "Support trusted boot with TF-A"
+ default y if !SPL
+ select ARM_SMCCC
+ help
+ Say Y here to enable boot with TF-A
+ Trusted boot chain is :
+ BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32
+ TF-A monitor provides proprietary smc to manage secure devices
+
config SYS_TEXT_BASE
prompt "U-Boot base address"
default 0xC0100000
diff --git a/arch/arm/mach-stm32mp/config.mk b/arch/arm/mach-stm32mp/config.mk
index f371aac..403af2a 100644
--- a/arch/arm/mach-stm32mp/config.mk
+++ b/arch/arm/mach-stm32mp/config.mk
@@ -3,7 +3,20 @@
# Copyright (C) 2018, STMicroelectronics - All Rights Reserved
#
-ALL-$(CONFIG_SPL_BUILD) += u-boot-spl.stm32
+ifndef CONFIG_SPL
+ALL-y += u-boot.stm32
+else
+ifdef CONFIG_SPL_BUILD
+ALL-y += u-boot-spl.stm32
+endif
+endif
+
+MKIMAGEFLAGS_u-boot.stm32 = -T stm32image -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_TEXT_BASE)
+
+u-boot.stm32: MKIMAGEOUTPUT = u-boot.stm32.log
+
+u-boot.stm32: u-boot.bin FORCE
+ $(call if_changed,mkimage)
MKIMAGEFLAGS_u-boot-spl.stm32 = -T stm32image -a $(CONFIG_SPL_TEXT_BASE) -e $(CONFIG_SPL_TEXT_BASE)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index b893358..b96720f 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -59,6 +59,7 @@
#define BSEC_OTP_MAC 57
#if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)
+#ifndef CONFIG_STM32MP1_TRUSTED
static void security_init(void)
{
/* Disable the backup domain write protection */
@@ -114,6 +115,7 @@
*/
writel(0x0, TAMP_CR1);
}
+#endif /* CONFIG_STM32MP1_TRUSTED */
/*
* Debug init
@@ -130,7 +132,8 @@
static u32 get_bootmode(void)
{
u32 boot_mode;
-#if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)
+#if !defined(CONFIG_STM32MP1_TRUSTED) && \
+ (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD))
u32 bootrom_itf = readl(BOOTROM_PARAM_ADDR);
u32 bootrom_device, bootrom_instance;
@@ -167,9 +170,10 @@
#if !defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)
dbgmcu_init();
-
+#ifndef CONFIG_STM32MP1_TRUSTED
security_init();
#endif
+#endif
/* get bootmode from BootRom context: saved in TAMP register */
boot_mode = get_bootmode();
@@ -177,6 +181,7 @@
if ((boot_mode & TAMP_BOOT_DEVICE_MASK) == BOOT_SERIAL_UART)
gd->flags |= GD_FLG_SILENT | GD_FLG_DISABLE_CONSOLE;
#if defined(CONFIG_DEBUG_UART) && \
+ !defined(CONFIG_STM32MP1_TRUSTED) && \
(!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD))
else
debug_uart_init();