Message ID | 20200318092245.6.I546d9b8b998328eacc805b3da6bf6e0b0e799fda@changeid |
---|---|
State | Accepted |
Delegated to: | Patrick Delaunay |
Headers | show |
Series | stm32mp1: migrate MTD and DFU configuration in Kconfig | expand |
Hi On 3/18/20 9:22 AM, Patrick Delaunay wrote: > Activate OP-TEE driver for trusted and optee defconfig. > > This driver allows detection of TEE presence for boot from flash; > CONFIG_STM32MP1_OPTEE is also removed. > > Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> > --- > > arch/arm/mach-stm32mp/Kconfig | 10 ---------- > arch/arm/mach-stm32mp/fdt.c | 4 +++- > board/dhelectronics/dh_stm32mp1/board.c | 4 +--- > board/st/common/stm32mp_mtdparts.c | 6 ++++-- > board/st/stm32mp1/stm32mp1.c | 4 +--- > configs/stm32mp15_optee_defconfig | 4 +++- > configs/stm32mp15_trusted_defconfig | 3 +++ > 7 files changed, 15 insertions(+), 20 deletions(-) > > diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig > index 96153693a7..1a5545b98d 100644 > --- a/arch/arm/mach-stm32mp/Kconfig > +++ b/arch/arm/mach-stm32mp/Kconfig > @@ -93,16 +93,6 @@ config STM32MP1_TRUSTED > BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 > TF-A monitor provides proprietary SMC to manage secure devices > > -config STM32MP1_OPTEE > - bool "Support trusted boot with TF-A and OP-TEE" > - depends on STM32MP1_TRUSTED > - default n > - help > - Say Y here to enable boot with TF-A and OP-TEE > - Trusted boot chain is : > - BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32 > - OP-TEE monitor provides ST SMC to access to secure resources > - > config SYS_TEXT_BASE > default 0xC0100000 > > diff --git a/arch/arm/mach-stm32mp/fdt.c b/arch/arm/mach-stm32mp/fdt.c > index ae82270e42..21b5f09728 100644 > --- a/arch/arm/mach-stm32mp/fdt.c > +++ b/arch/arm/mach-stm32mp/fdt.c > @@ -5,6 +5,7 @@ > > #include <common.h> > #include <fdt_support.h> > +#include <tee.h> > #include <asm/arch/sys_proto.h> > #include <dt-bindings/pinctrl/stm32-pinfunc.h> > #include <linux/io.h> > @@ -322,7 +323,8 @@ int ft_system_setup(void *blob, bd_t *bd) > "st,package", pkg, false); > } > > - if (!CONFIG_IS_ENABLED(STM32MP1_OPTEE)) > + if (!CONFIG_IS_ENABLED(OPTEE) || > + !tee_find_device(NULL, NULL, NULL, NULL)) > stm32_fdt_disable_optee(blob); > > return ret; > diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c > index bd6540a2aa..ea51b92282 100644 > --- a/board/dhelectronics/dh_stm32mp1/board.c > +++ b/board/dhelectronics/dh_stm32mp1/board.c > @@ -117,9 +117,7 @@ int checkboard(void) > const char *fdt_compat; > int fdt_compat_len; > > - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) > - mode = "trusted with OP-TEE"; > - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) > + if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) > mode = "trusted"; > else > mode = "basic"; > diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c > index d4c0a7db9f..2b6413be16 100644 > --- a/board/st/common/stm32mp_mtdparts.c > +++ b/board/st/common/stm32mp_mtdparts.c > @@ -9,6 +9,7 @@ > #include <env_internal.h> > #include <mtd.h> > #include <mtd_node.h> > +#include <tee.h> > > #define MTDPARTS_LEN 256 > #define MTDIDS_LEN 128 > @@ -49,7 +50,7 @@ static void board_get_mtdparts(const char *dev, > strncat(mtdparts, ",", MTDPARTS_LEN); > } > > - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE) && tee) { > + if (tee) { > strncat(mtdparts, tee, MTDPARTS_LEN); > strncat(mtdparts, ",", MTDPARTS_LEN); > } > @@ -72,7 +73,8 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) > return; > } > > - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE)) > + if (CONFIG_IS_ENABLED(OPTEE) && > + tee_find_device(NULL, NULL, NULL, NULL)) > tee = true; > > memset(parts, 0, sizeof(parts)); > diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c > index 2ab3b5cc9a..14c56a0f24 100644 > --- a/board/st/stm32mp1/stm32mp1.c > +++ b/board/st/stm32mp1/stm32mp1.c > @@ -87,9 +87,7 @@ int checkboard(void) > const char *fdt_compat; > int fdt_compat_len; > > - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) > - mode = "trusted with OP-TEE"; > - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) > + if (CONFIG_IS_ENABLED(STM32MP1_TRUSTED)) > mode = "trusted"; > else > mode = "basic"; > diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig > index 317cd55862..f0d524d344 100644 > --- a/configs/stm32mp15_optee_defconfig > +++ b/configs/stm32mp15_optee_defconfig > @@ -4,7 +4,6 @@ CONFIG_SYS_MALLOC_F_LEN=0x3000 > CONFIG_ENV_SECT_SIZE=0x40000 > CONFIG_ENV_OFFSET=0x280000 > CONFIG_TARGET_ST_STM32MP15x=y > -CONFIG_STM32MP1_OPTEE=y > CONFIG_ENV_OFFSET_REDUND=0x2C0000 > CONFIG_DISTRO_DEFAULTS=y > CONFIG_FIT=y > @@ -111,6 +110,9 @@ CONFIG_SPI=y > CONFIG_DM_SPI=y > CONFIG_STM32_QSPI=y > CONFIG_STM32_SPI=y > +CONFIG_TEE=y > +CONFIG_OPTEE=y > +# CONFIG_OPTEE_TA_AVB is not set > CONFIG_USB=y > CONFIG_DM_USB=y > CONFIG_DM_USB_GADGET=y > diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig > index 73cbe6c7d6..f0d524d344 100644 > --- a/configs/stm32mp15_trusted_defconfig > +++ b/configs/stm32mp15_trusted_defconfig > @@ -110,6 +110,9 @@ CONFIG_SPI=y > CONFIG_DM_SPI=y > CONFIG_STM32_QSPI=y > CONFIG_STM32_SPI=y > +CONFIG_TEE=y > +CONFIG_OPTEE=y > +# CONFIG_OPTEE_TA_AVB is not set > CONFIG_USB=y > CONFIG_DM_USB=y > CONFIG_DM_USB_GADGET=y Reviewed-by: Patrice Chotard <patrice.chotard@st.com> Patrice
diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index 96153693a7..1a5545b98d 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -93,16 +93,6 @@ config STM32MP1_TRUSTED BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32 TF-A monitor provides proprietary SMC to manage secure devices -config STM32MP1_OPTEE - bool "Support trusted boot with TF-A and OP-TEE" - depends on STM32MP1_TRUSTED - default n - help - Say Y here to enable boot with TF-A and OP-TEE - Trusted boot chain is : - BootRom => TF-A.stm32 (clock & DDR) => OP-TEE => U-Boot.stm32 - OP-TEE monitor provides ST SMC to access to secure resources - config SYS_TEXT_BASE default 0xC0100000 diff --git a/arch/arm/mach-stm32mp/fdt.c b/arch/arm/mach-stm32mp/fdt.c index ae82270e42..21b5f09728 100644 --- a/arch/arm/mach-stm32mp/fdt.c +++ b/arch/arm/mach-stm32mp/fdt.c @@ -5,6 +5,7 @@ #include <common.h> #include <fdt_support.h> +#include <tee.h> #include <asm/arch/sys_proto.h> #include <dt-bindings/pinctrl/stm32-pinfunc.h> #include <linux/io.h> @@ -322,7 +323,8 @@ int ft_system_setup(void *blob, bd_t *bd) "st,package", pkg, false); } - if (!CONFIG_IS_ENABLED(STM32MP1_OPTEE)) + if (!CONFIG_IS_ENABLED(OPTEE) || + !tee_find_device(NULL, NULL, NULL, NULL)) stm32_fdt_disable_optee(blob); return ret; diff --git a/board/dhelectronics/dh_stm32mp1/board.c b/board/dhelectronics/dh_stm32mp1/board.c index bd6540a2aa..ea51b92282 100644 --- a/board/dhelectronics/dh_stm32mp1/board.c +++ b/board/dhelectronics/dh_stm32mp1/board.c @@ -117,9 +117,7 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) - mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) mode = "trusted"; else mode = "basic"; diff --git a/board/st/common/stm32mp_mtdparts.c b/board/st/common/stm32mp_mtdparts.c index d4c0a7db9f..2b6413be16 100644 --- a/board/st/common/stm32mp_mtdparts.c +++ b/board/st/common/stm32mp_mtdparts.c @@ -9,6 +9,7 @@ #include <env_internal.h> #include <mtd.h> #include <mtd_node.h> +#include <tee.h> #define MTDPARTS_LEN 256 #define MTDIDS_LEN 128 @@ -49,7 +50,7 @@ static void board_get_mtdparts(const char *dev, strncat(mtdparts, ",", MTDPARTS_LEN); } - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE) && tee) { + if (tee) { strncat(mtdparts, tee, MTDPARTS_LEN); strncat(mtdparts, ",", MTDPARTS_LEN); } @@ -72,7 +73,8 @@ void board_mtdparts_default(const char **mtdids, const char **mtdparts) return; } - if (CONFIG_IS_ENABLED(STM32MP1_OPTEE)) + if (CONFIG_IS_ENABLED(OPTEE) && + tee_find_device(NULL, NULL, NULL, NULL)) tee = true; memset(parts, 0, sizeof(parts)); diff --git a/board/st/stm32mp1/stm32mp1.c b/board/st/stm32mp1/stm32mp1.c index 2ab3b5cc9a..14c56a0f24 100644 --- a/board/st/stm32mp1/stm32mp1.c +++ b/board/st/stm32mp1/stm32mp1.c @@ -87,9 +87,7 @@ int checkboard(void) const char *fdt_compat; int fdt_compat_len; - if (IS_ENABLED(CONFIG_STM32MP1_OPTEE)) - mode = "trusted with OP-TEE"; - else if (IS_ENABLED(CONFIG_STM32MP1_TRUSTED)) + if (CONFIG_IS_ENABLED(STM32MP1_TRUSTED)) mode = "trusted"; else mode = "basic"; diff --git a/configs/stm32mp15_optee_defconfig b/configs/stm32mp15_optee_defconfig index 317cd55862..f0d524d344 100644 --- a/configs/stm32mp15_optee_defconfig +++ b/configs/stm32mp15_optee_defconfig @@ -4,7 +4,6 @@ CONFIG_SYS_MALLOC_F_LEN=0x3000 CONFIG_ENV_SECT_SIZE=0x40000 CONFIG_ENV_OFFSET=0x280000 CONFIG_TARGET_ST_STM32MP15x=y -CONFIG_STM32MP1_OPTEE=y CONFIG_ENV_OFFSET_REDUND=0x2C0000 CONFIG_DISTRO_DEFAULTS=y CONFIG_FIT=y @@ -111,6 +110,9 @@ CONFIG_SPI=y CONFIG_DM_SPI=y CONFIG_STM32_QSPI=y CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set CONFIG_USB=y CONFIG_DM_USB=y CONFIG_DM_USB_GADGET=y diff --git a/configs/stm32mp15_trusted_defconfig b/configs/stm32mp15_trusted_defconfig index 73cbe6c7d6..f0d524d344 100644 --- a/configs/stm32mp15_trusted_defconfig +++ b/configs/stm32mp15_trusted_defconfig @@ -110,6 +110,9 @@ CONFIG_SPI=y CONFIG_DM_SPI=y CONFIG_STM32_QSPI=y CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set CONFIG_USB=y CONFIG_DM_USB=y CONFIG_DM_USB_GADGET=y
Activate OP-TEE driver for trusted and optee defconfig. This driver allows detection of TEE presence for boot from flash; CONFIG_STM32MP1_OPTEE is also removed. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> --- arch/arm/mach-stm32mp/Kconfig | 10 ---------- arch/arm/mach-stm32mp/fdt.c | 4 +++- board/dhelectronics/dh_stm32mp1/board.c | 4 +--- board/st/common/stm32mp_mtdparts.c | 6 ++++-- board/st/stm32mp1/stm32mp1.c | 4 +--- configs/stm32mp15_optee_defconfig | 4 +++- configs/stm32mp15_trusted_defconfig | 3 +++ 7 files changed, 15 insertions(+), 20 deletions(-)