* [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support
@ 2024-04-03 10:39 Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
                   ` (7 more replies)
  0 siblings, 8 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit
This series contains the patches that were part of v1[1], but didn't
make it into next as well as some new patches noticed during testing and
incorporating feedback.
Changelogs within each patch.
[1]: https://lore.ptxdist.org/distrokit/ZfdEEPMbZzz3B_HR@pengutronix.de/T/#t
Ahmad Fatoum (8):
  v7a: bootstate: remove unused environment partitions
  v7a: barebox: rpi4: fix rpi4 bootstate definition
  v7a: images: stm32mp: use barebox-environment partition type UUID
  v7a: barebox: enable STM32MP135F-DK support
  v7a: build OP-TEE for STM32MP13
  v7a: stm32mp: add TF-A recipe for STM32MP13
  v7a: kernel: enable STM32MP135F-DK support
  v7a: stm32mp: add image recipe for STM32MP135F-DK
 configs/bsp.ref                               |  11 ++
 configs/platform-v7a/barebox-stm32mp.config   |  24 +++-
 .../platform-v7a/barebox-stm32mp.config.diff  |  22 +++-
 .../config/images/stm32mp-optee.config        |  61 ++++++++++
 .../platform-v7a/config/images/stm32mp.config |   1 +
 configs/platform-v7a/dts/bootstate.dtsi       |  19 ++-
 configs/platform-v7a/kernelconfig             |   8 +-
 configs/platform-v7a/platformconfig           |  11 +-
 .../platforms/image-stm32mp135f-dk.in         |  13 +++
 .../platform-v7a/platforms/tf-a-stm32mp13.in  |  12 ++
 .../platform-v7a/rules/barebox-stm32mp.make   |   3 +-
 .../rules/image-stm32mp135f-dk.make           |  34 ++++++
 .../platform-v7a/rules/tf-a-stm32mp13.make    | 110 ++++++++++++++++++
 13 files changed, 310 insertions(+), 19 deletions(-)
 create mode 100644 configs/platform-v7a/config/images/stm32mp-optee.config
 create mode 100644 configs/platform-v7a/platforms/image-stm32mp135f-dk.in
 create mode 100644 configs/platform-v7a/platforms/tf-a-stm32mp13.in
 create mode 100644 configs/platform-v7a/rules/image-stm32mp135f-dk.make
 create mode 100644 configs/platform-v7a/rules/tf-a-stm32mp13.make
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition Ahmad Fatoum
                   ` (6 subsequent siblings)
  7 siblings, 0 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
Both BeagleBone Black and Raspberry Pi boot from a FAT partition
containing barebox. barebox will use same FAT partition for storage of
its environment, so the specified raw partition remains unused and can
be dropped.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v1 -> v2:
  - new patch
---
 configs/platform-v7a/dts/bootstate.dtsi | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/configs/platform-v7a/dts/bootstate.dtsi b/configs/platform-v7a/dts/bootstate.dtsi
index cd24d74d4aea..26b3bccef578 100644
--- a/configs/platform-v7a/dts/bootstate.dtsi
+++ b/configs/platform-v7a/dts/bootstate.dtsi
@@ -25,12 +25,9 @@
 
                barebox: partition@0 {
                        label = "barebox";
-                       reg = <0x0 0x0 0x0 0xc000>;
-               };
-               environment: partition@c0000 {
-                       label = "barebox-environment";
-                       reg = <0x0 0xc0000 0x0 0x20000>;
+                       reg = <0x0 0x0 0x0 0xe0000>;
                };
+
                backend_state_mmc1: partition@e0000 {
                        label = "state";
                        reg = <0x0 0xe0000 0x0 0x20000>;
@@ -69,11 +66,6 @@
 		label = "barebox-state";
 		reg = <0x100000 0x100000>;
 	};
-
-	partition@200000 {
-		label = "barebox-environment";
-		reg = <0x200000 0x100000>;
-	};
 };
 #endif
 
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID Ahmad Fatoum
                   ` (5 subsequent siblings)
  7 siblings, 0 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
Unlike earlier Raspberry Pi variants, the SD-Card the Raspberry Pi 4
boots from isn't handled by the sdhost controller, but by the new emmc2
controller instead. Add an #ifdef to fix barebox state probe.
Fixes: 2e0af7e3846c ("v7a: barebox: define state for all supported board variants")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v1 -> v2:
  - new patch
While barebox works, booting Linux on the Raspberry Pi 4 gives SD
errors. Fixing this is a separate endeavour though.
---
 configs/platform-v7a/dts/bootstate.dtsi | 4 ++++
 1 file changed, 4 insertions(+)
diff --git a/configs/platform-v7a/dts/bootstate.dtsi b/configs/platform-v7a/dts/bootstate.dtsi
index 26b3bccef578..081ec804509b 100644
--- a/configs/platform-v7a/dts/bootstate.dtsi
+++ b/configs/platform-v7a/dts/bootstate.dtsi
@@ -58,7 +58,11 @@
 	};
 };
 
+#ifdef bcm2711_rpi_4_dts
+&emmc2 {
+#else
 &sdhost {
+#endif
 	#address-cells = <1>;
 	#size-cells = <1>;
 
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 4/8] v7a: barebox: enable STM32MP135F-DK support Ahmad Fatoum
                   ` (4 subsequent siblings)
  7 siblings, 0 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
Starting with commit 9f868f78bc54 ("environment: use barebox environment from
GPT partitions"), barebox can look up its environment by partition type
UUID on GPT-partitioned media. To prepare making use of this in the
future, ensure that our GPT barebox partition has the correct type UUID.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v1 -> v2:
  - new patch
---
 configs/platform-v7a/config/images/stm32mp.config | 1 +
 1 file changed, 1 insertion(+)
diff --git a/configs/platform-v7a/config/images/stm32mp.config b/configs/platform-v7a/config/images/stm32mp.config
index f75d6adc054a..45d3c00c9a90 100644
--- a/configs/platform-v7a/config/images/stm32mp.config
+++ b/configs/platform-v7a/config/images/stm32mp.config
@@ -20,6 +20,7 @@ image @IMAGE@ {
 	}
 
 	partition barebox-environment {
+		partition-type-uuid = "6c3737f2-07f8-45d1-ad45-15d260aab24d"
 		size = 1M
 	}
 	partition barebox-state {
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 4/8] v7a: barebox: enable STM32MP135F-DK support
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
                   ` (2 preceding siblings ...)
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 Ahmad Fatoum
                   ` (3 subsequent siblings)
  7 siblings, 0 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
barebox has had support for the STM32MP135F-DK for a while, but only
recently was it extended to support the full shtick of talking to OP-TEE
to control clocks and resets. As the barebox version we have in DistroKit
supports this, let's enable building support for the development kit.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-9-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v1 -> v2:
  - no change
---
 configs/platform-v7a/barebox-stm32mp.config   | 24 ++++++++++++++++---
 .../platform-v7a/barebox-stm32mp.config.diff  | 22 ++++++++++++++++-
 configs/platform-v7a/dts/bootstate.dtsi       |  3 ++-
 .../platform-v7a/rules/barebox-stm32mp.make   |  3 ++-
 4 files changed, 46 insertions(+), 6 deletions(-)
diff --git a/configs/platform-v7a/barebox-stm32mp.config b/configs/platform-v7a/barebox-stm32mp.config
index ba40c44bdb74..f2e61e7165c1 100644
--- a/configs/platform-v7a/barebox-stm32mp.config
+++ b/configs/platform-v7a/barebox-stm32mp.config
@@ -47,8 +47,9 @@ CONFIG_CPU_32v7=y
 #
 # CONFIG_BOOT_ENDIANNESS_SWITCH is not set
 CONFIG_ARCH_NR_GPIO=416
+CONFIG_ARCH_STM32MP13=y
 CONFIG_ARCH_STM32MP157=y
-# CONFIG_MACH_STM32MP13XX_DK is not set
+CONFIG_MACH_STM32MP13XX_DK=y
 CONFIG_MACH_STM32MP15XX_DKX=y
 CONFIG_MACH_LXA_MC1=y
 # CONFIG_MACH_SEEED_ODYSSEY is not set
@@ -216,6 +217,9 @@ CONFIG_EXTERNAL_DTS_FRAGMENTS="${PTXDIST_PLATFORMCONFIGDIR}/dts/bootstate.dtsi"
 #
 # OP-TEE loading
 #
+CONFIG_HAVE_OPTEE=y
+CONFIG_OPTEE_SIZE=0x03000000
+CONFIG_OPTEE_SHM_SIZE=0x400000
 # CONFIG_BOOTM_OPTEE is not set
 # end of OP-TEE loading
 
@@ -633,7 +637,9 @@ CONFIG_HAVE_CLK=y
 CONFIG_CLKDEV_LOOKUP=y
 CONFIG_COMMON_CLK=y
 CONFIG_COMMON_CLK_OF_PROVIDER=y
+CONFIG_COMMON_CLK_STM32MP135=y
 CONFIG_COMMON_CLK_STM32MP157=y
+CONFIG_COMMON_CLK_SCMI=y
 CONFIG_COMMON_CLK_GPIO=y
 
 #
@@ -715,6 +721,7 @@ CONFIG_PWM=y
 CONFIG_PWM_STM32=y
 CONFIG_HWRNG=y
 CONFIG_HWRNG_STM32=y
+CONFIG_HW_RANDOM_OPTEE=y
 
 #
 # DMA support
@@ -752,6 +759,7 @@ CONFIG_NVMEM=y
 # CONFIG_NVMEM_SNVS_LPGPR is not set
 CONFIG_STM32_BSEC=y
 CONFIG_STM32_BSEC_WRITE=y
+CONFIG_STM32_BSEC_OPTEE_TA=y
 
 #
 # Bus devices
@@ -764,6 +772,7 @@ CONFIG_REGULATOR_STM32_PWR=y
 CONFIG_REGULATOR_STM32_VREFBUF=y
 CONFIG_REGULATOR_STPMIC1=y
 # CONFIG_REGULATOR_ANATOP is not set
+CONFIG_REGULATOR_ARM_SCMI=y
 
 #
 # Remoteproc drivers
@@ -776,6 +785,7 @@ CONFIG_ARCH_HAS_RESET_CONTROLLER=y
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_SIMPLE=y
 # CONFIG_RESET_IMX7 is not set
+CONFIG_RESET_SCMI=y
 # CONFIG_RTC_CLASS is not set
 
 #
@@ -786,7 +796,13 @@ CONFIG_RESET_SIMPLE=y
 #
 # ARM System Control and Management Interface Protocol
 #
-# CONFIG_ARM_SCMI_PROTOCOL is not set
+CONFIG_ARM_SCMI_PROTOCOL=y
+CONFIG_ARM_SCMI_HAVE_TRANSPORT=y
+CONFIG_ARM_SCMI_HAVE_SHMEM=y
+CONFIG_ARM_SCMI_HAVE_MSG=y
+CONFIG_ARM_SCMI_TRANSPORT_OPTEE=y
+CONFIG_ARM_SCMI_TRANSPORT_SMC=y
+# CONFIG_ARM_SCMI_POWER_DOMAIN is not set
 # end of ARM System Control and Management Interface Protocol
 # end of Firmware Drivers
 
@@ -851,7 +867,8 @@ CONFIG_STM32_FMC2_EBI=y
 CONFIG_RESET_STM32=y
 # CONFIG_VIRTIO_MENU is not set
 # CONFIG_MAILBOX is not set
-# CONFIG_TEE is not set
+CONFIG_TEE=y
+CONFIG_OPTEE=y
 # end of Drivers
 
 #
@@ -936,6 +953,7 @@ CONFIG_NLS=y
 CONFIG_ARCH_HAS_STACK_DUMP=y
 CONFIG_ARCH_HAS_DATA_ABORT_MASK=y
 CONFIG_ARCH_HAS_ZERO_PAGE=y
+CONFIG_IDR=y
 # end of Library routines
 
 #
diff --git a/configs/platform-v7a/barebox-stm32mp.config.diff b/configs/platform-v7a/barebox-stm32mp.config.diff
index eddcb3a5ef5b..5f8844e02d88 100644
--- a/configs/platform-v7a/barebox-stm32mp.config.diff
+++ b/configs/platform-v7a/barebox-stm32mp.config.diff
@@ -3,6 +3,7 @@
 CONFIG_ARCH_HAS_RESET_CONTROLLER=y
 CONFIG_ARCH_NR_GPIO=416
 CONFIG_ARCH_STM32=y
+CONFIG_ARCH_STM32MP13=y
 CONFIG_ARCH_STM32MP157=y
 CONFIG_ARCH_STM32MP=y
 # CONFIG_ARCH_TEXT_BASE is undefined
@@ -11,6 +12,13 @@ CONFIG_ARM_BOARD_APPEND_ATAG=y
 # CONFIG_ARM_BOARD_PREPEND_ATAG is not set
 CONFIG_ARM_PSCI_CLIENT=y
 CONFIG_ARM_PSCI_OF=y
+CONFIG_ARM_SCMI_HAVE_MSG=y
+CONFIG_ARM_SCMI_HAVE_SHMEM=y
+CONFIG_ARM_SCMI_HAVE_TRANSPORT=y
+# CONFIG_ARM_SCMI_POWER_DOMAIN is not set
+CONFIG_ARM_SCMI_PROTOCOL=y
+CONFIG_ARM_SCMI_TRANSPORT_OPTEE=y
+CONFIG_ARM_SCMI_TRANSPORT_SMC=y
 # CONFIG_ARM_SECURE_MONITOR is undefined
 CONFIG_AT803X_PHY=y
 # CONFIG_BOARD_ARM_GENERIC_DT is not set
@@ -30,6 +38,8 @@ CONFIG_CMD_POWEROFF=y
 # CONFIG_CMD_PWM is not set
 # CONFIG_CMD_SPI is undefined
 # CONFIG_CMD_STACKSMASH is not set
+CONFIG_COMMON_CLK_SCMI=y
+CONFIG_COMMON_CLK_STM32MP135=y
 CONFIG_COMMON_CLK_STM32MP157=y
 CONFIG_COMPILE_LOGLEVEL=6
 # CONFIG_CONSOLE_ACTIVATE_FIRST is not set
@@ -52,11 +62,14 @@ CONFIG_EEPROM_AT24=y
 CONFIG_GENERIC_PHY=y
 # CONFIG_GPIO_74164 is undefined
 # CONFIG_GPIO_RASPBERRYPI_EXP is undefined
+CONFIG_HAVE_OPTEE=y
 CONFIG_HWRNG_STM32=y
+CONFIG_HW_RANDOM_OPTEE=y
 # CONFIG_I2C_ALGOBIT is undefined
 # CONFIG_I2C_BCM283X is undefined
 # CONFIG_I2C_GPIO is not set
 CONFIG_I2C_STM32=y
+CONFIG_IDR=y
 CONFIG_LED_PWM=y
 # CONFIG_LED_TRIGGERS is not set
 # CONFIG_LIBFDT is undefined
@@ -71,7 +84,7 @@ CONFIG_MACH_LXA_MC1=y
 # CONFIG_MACH_RPI_CM3 is undefined
 # CONFIG_MACH_RPI_COMMON is undefined
 # CONFIG_MACH_SEEED_ODYSSEY is not set
-# CONFIG_MACH_STM32MP13XX_DK is not set
+CONFIG_MACH_STM32MP13XX_DK=y
 CONFIG_MACH_STM32MP15XX_DKX=y
 CONFIG_MACH_STM32MP15X_EV1=y
 # CONFIG_MCI_BCM283X is undefined
@@ -108,6 +121,9 @@ CONFIG_NVMEM=y
 # CONFIG_NVMEM_REBOOT_MODE is not set
 # CONFIG_NVMEM_RMEM is not set
 # CONFIG_NVMEM_SNVS_LPGPR is not set
+CONFIG_OPTEE=y
+CONFIG_OPTEE_SHM_SIZE=0x400000
+CONFIG_OPTEE_SIZE=0x03000000
 # CONFIG_PARTITION_DISK_EFI_GPT_COMPARE is not set
 # CONFIG_PARTITION_DISK_EFI_GPT_NO_FORCE is not set
 CONFIG_PBL_CONSOLE=y
@@ -122,6 +138,7 @@ CONFIG_PWM_STM32=y
 CONFIG_REGMAP_FORMATTED=y
 CONFIG_REGMAP_I2C=y
 # CONFIG_REGULATOR_ANATOP is not set
+CONFIG_REGULATOR_ARM_SCMI=y
 # CONFIG_REGULATOR_BCM283X is undefined
 CONFIG_REGULATOR_FIXED=y
 CONFIG_REGULATOR_STM32_PWR=y
@@ -130,6 +147,7 @@ CONFIG_REGULATOR_STPMIC1=y
 CONFIG_REMOTEPROC=y
 CONFIG_RESET_CONTROLLER=y
 # CONFIG_RESET_IMX7 is not set
+CONFIG_RESET_SCMI=y
 CONFIG_RESET_SIMPLE=y
 CONFIG_RESET_STM32=y
 # CONFIG_SPI is not set
@@ -139,6 +157,7 @@ CONFIG_STACKPROTECTOR=y
 CONFIG_STACKPROTECTOR_STRONG=y
 CONFIG_STACK_GUARD_PAGE=y
 CONFIG_STM32_BSEC=y
+CONFIG_STM32_BSEC_OPTEE_TA=y
 CONFIG_STM32_BSEC_WRITE=y
 CONFIG_STM32_FMC2_EBI=y
 CONFIG_STM32_IMAGE=y
@@ -146,6 +165,7 @@ CONFIG_STM32_IWDG_WATCHDOG=y
 CONFIG_STM32_REMOTEPROC=y
 # CONFIG_STPMIC1_WATCHDOG is not set
 # CONFIG_SYSCON_REBOOT_MODE is not set
+CONFIG_TEE=y
 CONFIG_THUMB2_BAREBOX=y
 CONFIG_USB_DWC2=y
 CONFIG_USB_DWC2_GADGET=y
diff --git a/configs/platform-v7a/dts/bootstate.dtsi b/configs/platform-v7a/dts/bootstate.dtsi
index 081ec804509b..c0cade1e705b 100644
--- a/configs/platform-v7a/dts/bootstate.dtsi
+++ b/configs/platform-v7a/dts/bootstate.dtsi
@@ -103,7 +103,8 @@
 /** STM32MP1 ******************************************************************/
 #if defined(stm32mp157c_lxa_mc1_dts) || \
     defined(stm32mp157c_dk2_dts) || \
-    defined(stm32mp157c_ev1_dts)
+    defined(stm32mp157c_ev1_dts) || \
+    defined(stm32mp135f_dk_dts)
 / {
 	aliases {
 		state = &state_mmc0;
diff --git a/configs/platform-v7a/rules/barebox-stm32mp.make b/configs/platform-v7a/rules/barebox-stm32mp.make
index 5e4772565f1e..e39d7c12dbc9 100644
--- a/configs/platform-v7a/rules/barebox-stm32mp.make
+++ b/configs/platform-v7a/rules/barebox-stm32mp.make
@@ -50,7 +50,8 @@ BAREBOX_STM32MP_IMAGES := \
 BAREBOX_STM32MP_FIP_DTBS := \
 	stm32mp157c-dk2.dtb \
 	stm32mp157c-ev1.dtb \
-	stm32mp157c-lxa-mc1.dtb
+	stm32mp157c-lxa-mc1.dtb \
+	stm32mp135f-dk.dtb
 
 BAREBOX_STM32MP_IMAGES := $(addprefix $(BAREBOX_STM32MP_BUILD_DIR)/,$(BAREBOX_STM32MP_IMAGES))
 BAREBOX_STM32MP_FIP_DTBS := \
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
                   ` (3 preceding siblings ...)
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 4/8] v7a: barebox: enable STM32MP135F-DK support Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 11:50   ` Michael Olbrich
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 6/8] v7a: stm32mp: add TF-A recipe " Ahmad Fatoum
                   ` (2 subsequent siblings)
  7 siblings, 1 reply; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
For the STM32MP13, ST decided that everyone should be using OP-TEE as
System Control and Management Interface (SCMI) provider and the kernel
driver for the reset and clock control (RCC) peripheral will talk to
the SCMI provider. Therefore let's enable OP-TEE, so we can make use of
this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-10-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v1 -> v2:
  - disable unused options CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n
    (mol)
  - add bsp.ref exceptions for potentially useful debugging options
---
 configs/bsp.ref                     | 11 +++++++++++
 configs/platform-v7a/platformconfig |  7 ++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/configs/bsp.ref b/configs/bsp.ref
index 56e83b160eb3..79fbbbb9272b 100644
--- a/configs/bsp.ref
+++ b/configs/bsp.ref
@@ -33,6 +33,17 @@ kernel_initrd:
       value: True
     - value: False
 
+optee_disabled_features:
+  description: |
+    OP-TEE is used as secure monitor on STM32MP13x providing power
+    management and clock/reset control support. We don't use it as
+    part of a trusted boot setup, so we prefer debuggability over
+    reduction of the attack surface.
+  present:
+    - CFG_DEBUG_INFO
+    - CFG_ENABLE_EMBEDDED_TESTS
+    - CFG_TEE_CORE_TA_TRACE
+
 rootfs_unused_libraries:
   description: |
     - libatomic is needed on mips and rpi1 by libcrypto, but for simplicity ship it on all platforms
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index 2efae02cb241..f9c095916c22 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -199,7 +199,10 @@ PTXCONF_BAREBOX_ARCH_STRING="arm"
 PTXCONF_BOOTLOADER=y
 # PTXCONF_GRUB is not set
 # PTXCONF_HOST_MXS_UTILS is not set
-# PTXCONF_OPTEE is not set
+PTXCONF_OPTEE=y
+PTXCONF_OPTEE_PLATFORM="stm32mp1"
+PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
+PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
 PTXCONF_TF_A=y
 PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
 PTXCONF_TF_A_VERSION="v2.10"
@@ -349,7 +352,9 @@ PTXCONF_HOST_SYSTEM_PYTHON3_PYPROJECT_HOOKS=y
 PTXCONF_HOST_SYSTEM_PYTHON3_TOMLI=y
 PTXCONF_HOST_SYSTEM_PYTHON3_WHEEL=y
 PTXCONF_HOST_SYSTEM_PYTHON3=y
+PTXCONF_HOST_SYSTEM_PYTHON3_CRYPTOGRAPHY=y
 PTXCONF_HOST_SYSTEM_PYTHON3_SETUPTOOLS=y
+PTXCONF_HOST_SYSTEM_PYTHON3_PYELFTOOLS=y
 PTXCONF_HOST_UTIL_LINUX=y
 PTXCONF_HOST_ZLIB=y
 PTXCONF_HOST_TF_A=y
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 6/8] v7a: stm32mp: add TF-A recipe for STM32MP13
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
                   ` (4 preceding siblings ...)
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 7/8] v7a: kernel: enable STM32MP135F-DK support Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
  7 siblings, 0 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
We have two ways of doing multi-image builds with TF-A:
  - STM32MP15-specific: Multiple device trees can be supplied and TF-A
    is built once and linked with each DT in turn. This was contributed
    to TF-A for DistroKit purposes, but ST broke the compatibility for
    STM32MP13, which requires to be built separately.
  - PTXdist-specific: The PTXdist rule can built multiple platforms in
    different build directories. This requires however that the options
    used are the same, except for platform. We unfortunately need to
    change the option between our two TF-A build though.
Therefore, let's duplicate the upstream TF-A rule for the STM32MP13 and
configure it for use with OP-TEE.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-11-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v1 -> v2:
  - no change
---
 configs/platform-v7a/platformconfig           |   1 +
 .../platform-v7a/platforms/tf-a-stm32mp13.in  |  12 ++
 .../platform-v7a/rules/tf-a-stm32mp13.make    | 110 ++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 configs/platform-v7a/platforms/tf-a-stm32mp13.in
 create mode 100644 configs/platform-v7a/rules/tf-a-stm32mp13.make
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index f9c095916c22..ab9e5b2e6671 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -203,6 +203,7 @@ PTXCONF_OPTEE=y
 PTXCONF_OPTEE_PLATFORM="stm32mp1"
 PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
 PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
+# PTXCONF_TF_A_STM32MP13 is not set
 PTXCONF_TF_A=y
 PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
 PTXCONF_TF_A_VERSION="v2.10"
diff --git a/configs/platform-v7a/platforms/tf-a-stm32mp13.in b/configs/platform-v7a/platforms/tf-a-stm32mp13.in
new file mode 100644
index 000000000000..0dd58041ec19
--- /dev/null
+++ b/configs/platform-v7a/platforms/tf-a-stm32mp13.in
@@ -0,0 +1,12 @@
+## SECTION=bootloader
+
+menuconfig TF_A_STM32MP13
+	select BOOTLOADER
+	select HOST_DTC
+	prompt "ARM Trusted Firmware-A for STM32MP13 with OP-TEE"
+	depends on ARCH_ARM
+	bool
+	help
+	  ARM Trusted Firmware-A for STM32MP13 series SoCs with OP-TEE enabled.
+	  Currently, these can't be built in the same build as the
+	  STM32MP15 with SP_min.
diff --git a/configs/platform-v7a/rules/tf-a-stm32mp13.make b/configs/platform-v7a/rules/tf-a-stm32mp13.make
new file mode 100644
index 000000000000..36feb25e6e76
--- /dev/null
+++ b/configs/platform-v7a/rules/tf-a-stm32mp13.make
@@ -0,0 +1,110 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2018 by Rouven Czerwinski <r.czerwinski@pengutronix.de>
+#               2019 by Ahmad Fatoum <a.fatoum@pengutronix.de>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_TF_A_STM32MP13) += tf-a-stm32mp13
+
+#
+# Paths and names
+#
+TF_A_STM32MP13_VERSION	:= $(call ptx/config-version, PTXCONF_TF_A)
+TF_A_STM32MP13_MD5	:= $(call ptx/config-md5, PTXCONF_TF_A)
+TF_A_STM32MP13		:= tf-a-stm32mp13-$(TF_A_STM32MP13_VERSION)
+TF_A_STM32MP13_SUFFIX	:= tar.gz
+TF_A_STM32MP13_URL	:= https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/$(TF_A_STM32MP13_VERSION).$(TF_A_STM32MP13_SUFFIX)
+TF_A_STM32MP13_SOURCE	:= $(SRCDIR)/$(TF_A_STM32MP13).$(TF_A_STM32MP13_SUFFIX)
+TF_A_STM32MP13_DIR	:= $(BUILDDIR)/$(TF_A_STM32MP13)
+TF_A_STM32MP13_BUILDDIR	:= $(TF_A_STM32MP13_DIR)/build
+TF_A_STM32MP13_BUILD_OOT	:= YES
+TF_A_STM32MP13_LICENSE	:= BSD-3-Clause AND BSD-2-Clause \
+		   AND (GPL-2.0-or-later OR BSD-2-Clause) \
+		   AND (NCSA OR MIT) \
+		   AND Zlib \
+		   AND (GPL-2.0-or-later OR BSD-3-Clause)
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+TF_A_STM32MP13_PLATFORMS		:= stm32mp1
+TF_A_STM32MP13_ARTIFACTS		:= tf-a-*.stm32 fdts/*-fw-config.dtb
+
+TF_A_STM32MP13_WRAPPER_BLACKLIST	:= \
+	$(PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST)
+
+TF_A_STM32MP13_PATH	:= PATH=$(CROSS_PATH)
+TF_A_STM32MP13_MAKE_OPT	:= \
+	-C $(TF_A_STM32MP13_DIR) \
+	CROSS_COMPILE=$(BOOTLOADER_CROSS_COMPILE) \
+	HOSTCC=$(HOSTCC) \
+	ARCH=aarch32 \
+	ARM_ARCH_MAJOR=7 \
+	BUILD_STRING=$(TF_A_STM32MP13_VERSION) \
+	DTB_FILE_NAME='stm32mp135f-dk.dtb' \
+	STM32MP_EMMC=1 STM32MP_SDMMC=1 \
+	STM32MP_RAW_NAND=1 STM32MP_SPI_NAND=1 STM32MP_SPI_NOR=1 \
+	STM32MP_USB_PROGRAMMER=1 \
+	AARCH32_SP=optee \
+	all
+
+TF_A_STM32MP13_CONF_TOOL	:= NO
+
+# ----------------------------------------------------------------------------
+# Compile
+# ----------------------------------------------------------------------------
+
+TF_A_STM32MP13_MAKE_ENV	:= $(CROSS_ENV)
+
+$(STATEDIR)/tf-a-stm32mp13.compile:
+	@$(call targetinfo)
+
+	@$(foreach plat, $(TF_A_STM32MP13_PLATFORMS), \
+		$(call compile, TF_A_STM32MP13, \
+		$(TF_A_STM32MP13_MAKE_OPT) PLAT=$(plat))$(ptx/nl))
+
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Install
+# ----------------------------------------------------------------------------
+
+tf-a-stm32mp13/inst_plat = $(foreach artifact, \
+	$(foreach pattern, $(TF_A_STM32MP13_ARTIFACTS), \
+	$(wildcard $(TF_A_STM32MP13_BUILDDIR)/$(1)/$(if $(filter DEBUG=1,TF_A_STM32MP13_MAKE_OPT),debug,release)/$(pattern))), \
+	install -v -D -m 644 $(artifact) \
+		$(2)/$(1)-$(notdir $(artifact))$(ptx/nl))
+
+tf-a-stm32mp13/inst_bins = $(foreach plat, $(TF_A_STM32MP13_PLATFORMS), $(call tf-a-stm32mp13/inst_plat,$(plat),$(1)))
+
+$(STATEDIR)/tf-a-stm32mp13.install:
+	@$(call targetinfo)
+	@$(call tf-a-stm32mp13/inst_bins,$(TF_A_STM32MP13_PKGDIR)/usr/lib/firmware)
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/tf-a-stm32mp13.targetinstall:
+	@$(call targetinfo)
+	@$(call tf-a-stm32mp13/inst_bins,$(IMAGEDIR))
+	@$(call touch)
+
+# ----------------------------------------------------------------------------
+# Clean
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/tf-a-stm32mp13.clean:
+	@$(call targetinfo)
+	@rm -vf $(addprefix $(IMAGEDIR)/, $(notdir $(TF_A_STM32MP13_ARTIFACTS_SRC)))
+	@$(call clean_pkg, TF_A_STM32MP13)
+
+# vim: syntax=make
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 7/8] v7a: kernel: enable STM32MP135F-DK support
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
                   ` (5 preceding siblings ...)
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 6/8] v7a: stm32mp: add TF-A recipe " Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
  7 siblings, 0 replies; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
The STM32MP13 shared many kernel config options with the STM32MP15, but
it requires some additional options to support SCMI-over-OP-TEE. Enable
these options as well as support for OTP-over-OPTEE and rng-over-OPTEE.
With the SCMI options enabled, it's possible to boot the STM32MP135F-DK,
so enable build of its device tree for inclusion into the image in the
follow-up commit.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-12-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v1 -> v2:
  - no change
---
 configs/platform-v7a/kernelconfig   | 8 +++++++-
 configs/platform-v7a/platformconfig | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/configs/platform-v7a/kernelconfig b/configs/platform-v7a/kernelconfig
index 9087a8ae37a2..fb6d2fa8b526 100644
--- a/configs/platform-v7a/kernelconfig
+++ b/configs/platform-v7a/kernelconfig
@@ -1248,7 +1248,9 @@ CONFIG_ARM_SCMI_PROTOCOL=y
 # CONFIG_ARM_SCMI_RAW_MODE_SUPPORT is not set
 CONFIG_ARM_SCMI_HAVE_TRANSPORT=y
 CONFIG_ARM_SCMI_HAVE_SHMEM=y
+CONFIG_ARM_SCMI_HAVE_MSG=y
 CONFIG_ARM_SCMI_TRANSPORT_MAILBOX=y
+CONFIG_ARM_SCMI_TRANSPORT_OPTEE=y
 CONFIG_ARM_SCMI_TRANSPORT_SMC=y
 # CONFIG_ARM_SCMI_TRANSPORT_SMC_ATOMIC_ENABLE is not set
 # CONFIG_ARM_SCMI_TRANSPORT_VIRTIO is not set
@@ -1931,6 +1933,7 @@ CONFIG_HW_RANDOM_IPROC_RNG200=y
 CONFIG_HW_RANDOM_OMAP=y
 CONFIG_HW_RANDOM_VIRTIO=y
 CONFIG_HW_RANDOM_STM32=y
+CONFIG_HW_RANDOM_OPTEE=y
 # CONFIG_HW_RANDOM_CCTRNG is not set
 # CONFIG_HW_RANDOM_XIPHERA is not set
 # CONFIG_HW_RANDOM_ARM_SMCCC_TRNG is not set
@@ -3106,6 +3109,7 @@ CONFIG_RTC_I2C_AND_SPI=y
 # CONFIG_RTC_DRV_M48T59 is not set
 # CONFIG_RTC_DRV_MSM6242 is not set
 # CONFIG_RTC_DRV_RP5C01 is not set
+# CONFIG_RTC_DRV_OPTEE is not set
 # CONFIG_RTC_DRV_ZYNQMP is not set
 
 #
@@ -3578,6 +3582,7 @@ CONFIG_NVMEM_IMX_OCOTP_ELE=y
 # CONFIG_NVMEM_MICROCHIP_OTPC is not set
 CONFIG_NVMEM_RMEM=y
 # CONFIG_NVMEM_SNVS_LPGPR is not set
+CONFIG_NVMEM_STM32_BSEC_OPTEE_TA=y
 CONFIG_NVMEM_STM32_ROMEM=y
 # CONFIG_NVMEM_U_BOOT_ENV is not set
 
@@ -3590,7 +3595,8 @@ CONFIG_NVMEM_STM32_ROMEM=y
 
 # CONFIG_FPGA is not set
 # CONFIG_FSI is not set
-# CONFIG_TEE is not set
+CONFIG_TEE=y
+CONFIG_OPTEE=y
 CONFIG_MULTIPLEXER=y
 
 #
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index ab9e5b2e6671..cef14be54d87 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -138,7 +138,7 @@ PTXCONF_KERNEL_IMAGE_Z=y
 PTXCONF_KERNEL_IMAGE="zImage"
 PTXCONF_KERNEL_DTB=y
 PTXCONF_KERNEL_DTS_PATH="${PTXDIST_PLATFORMCONFIG_SUBDIR}/dts:${KERNEL_DIR}/arch/${GENERIC_KERNEL_ARCH}/boot/dts"
-PTXCONF_KERNEL_DTS="ti/omap/am335x-bone.dts ti/omap/am335x-boneblack.dts arm/vexpress-v2p-ca9.dts broadcom/bcm2836-rpi-2-b.dts nxp/imx/imx6q-sabrelite.dts nxp/imx/imx6sx-udoo-neo-full.dts nxp/imx/imx6dl-riotboard.dts nxp/imx/imx6q-nitrogen6x.dts nxp/imx/imx6qp-nitrogen6_max.dts broadcom/bcm2837-rpi-3-b.dts broadcom/bcm2837-rpi-cm3-io3.dts broadcom/bcm2711-rpi-4-b.dts broadcom/bcm2711-rpi-400.dts st/stm32mp157c-dk2.dts st/stm32mp157c-ev1.dts st/stm32mp157c-lxa-mc1.dts microchip/at91-sama5d27_som1_ek.dts at91-sama5d27_giantboard.dts at91-sama5d4_wifx_l1.dts"
+PTXCONF_KERNEL_DTS="ti/omap/am335x-bone.dts ti/omap/am335x-boneblack.dts arm/vexpress-v2p-ca9.dts broadcom/bcm2836-rpi-2-b.dts nxp/imx/imx6q-sabrelite.dts nxp/imx/imx6sx-udoo-neo-full.dts nxp/imx/imx6dl-riotboard.dts nxp/imx/imx6q-nitrogen6x.dts nxp/imx/imx6qp-nitrogen6_max.dts broadcom/bcm2837-rpi-3-b.dts broadcom/bcm2837-rpi-cm3-io3.dts broadcom/bcm2711-rpi-4-b.dts broadcom/bcm2711-rpi-400.dts st/stm32mp157c-dk2.dts st/stm32mp157c-ev1.dts st/stm32mp157c-lxa-mc1.dts st/stm32mp135f-dk.dts microchip/at91-sama5d27_som1_ek.dts at91-sama5d27_giantboard.dts at91-sama5d4_wifx_l1.dts"
 # PTXCONF_KERNEL_DTBO is not set
 # PTXCONF_KERNEL_CODE_SIGNING is not set
 # PTXCONF_KERNEL_ZSTD is not set
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK
  2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
                   ` (6 preceding siblings ...)
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 7/8] v7a: kernel: enable STM32MP135F-DK support Ahmad Fatoum
@ 2024-04-03 10:39 ` Ahmad Fatoum
  2024-04-03 11:54   ` Michael Olbrich
  7 siblings, 1 reply; 11+ messages in thread
From: Ahmad Fatoum @ 2024-04-03 10:39 UTC (permalink / raw)
  To: distrokit; +Cc: Ahmad Fatoum
Now, that we have TF-A, OP-TEE, barebox and kernel in-place, let's build
an image that combines all of them that can be booted by writing to the
SD-Card of the STM32MP135F-DK.
Notably missing is Ethernet support as that's not mainline yet.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-13-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v1 -> v2:
  - use barebox environment partition type GUID
---
 .../config/images/stm32mp-optee.config        | 61 +++++++++++++++++++
 configs/platform-v7a/platformconfig           |  3 +-
 .../platforms/image-stm32mp135f-dk.in         | 13 ++++
 .../rules/image-stm32mp135f-dk.make           | 34 +++++++++++
 4 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 configs/platform-v7a/config/images/stm32mp-optee.config
 create mode 100644 configs/platform-v7a/platforms/image-stm32mp135f-dk.in
 create mode 100644 configs/platform-v7a/rules/image-stm32mp135f-dk.make
diff --git a/configs/platform-v7a/config/images/stm32mp-optee.config b/configs/platform-v7a/config/images/stm32mp-optee.config
new file mode 100644
index 000000000000..c1be91eb49d8
--- /dev/null
+++ b/configs/platform-v7a/config/images/stm32mp-optee.config
@@ -0,0 +1,61 @@
+image @IMAGE@ {
+	hdimage {
+		align = 1M
+		partition-table-type = gpt
+		gpt-no-backup = true
+	}
+
+	/* below three partitions are unused when booting from eMMC boot partition */
+	partition fsbl1 {
+		image = "stm32mp1-tf-a-@STM32MP_BOARD@.stm32"
+		size = 256K
+	}
+	partition fsbl2 {
+		image = "stm32mp1-tf-a-@STM32MP_BOARD@.stm32"
+		size = 256K
+	}
+	partition fip {
+		image = "@STM32MP_BOARD@.fip"
+		size = 2M
+	}
+
+	partition barebox-environment {
+		partition-type-uuid = "6c3737f2-07f8-45d1-ad45-15d260aab24d"
+		size = 1M
+	}
+	partition barebox-state {
+		partition-type-uuid = "4778ed65-bf42-45fa-9c5b-287a1dc4aab1"
+		size = 1M
+	}
+	partition root-A {
+		partition-type-uuid = 69dad710-2ce4-4e3c-b16c-21a1d49abed3 # root-arm
+		image = root.ext2
+	}
+}
+
+image @STM32MP_BOARD@-emmcboot.img {
+	hdimage {
+		partition-table = false
+	}
+
+	partition fsbl {
+		image = "stm32mp1-tf-a-@STM32MP_BOARD@.stm32"
+		size = 256K
+	}
+
+	partition fip {
+		image = "@STM32MP_BOARD@.fip"
+		offset = 256K
+	}
+}
+
+image @STM32MP_BOARD@.fip {
+	fip {
+		fw-config = "stm32mp1-@STM32MP_BOARD@-fw-config.dtb"
+		hw-config = "@STM32MP_BOARD@.dtb-bb"
+		nt-fw = "barebox-stm32mp-generic-bl33.img"
+		tos-fw = { "tee-header_v2.bin", "tee-pager_v2.bin", "tee-pageable_v2.bin" }
+	}
+	size = 2M
+}
+/* vim: set tabstop=8 noexpandtab : */
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index cef14be54d87..9fc6b59c5285 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -203,7 +203,7 @@ PTXCONF_OPTEE=y
 PTXCONF_OPTEE_PLATFORM="stm32mp1"
 PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
 PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
-# PTXCONF_TF_A_STM32MP13 is not set
+PTXCONF_TF_A_STM32MP13=y
 PTXCONF_TF_A=y
 PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
 PTXCONF_TF_A_VERSION="v2.10"
@@ -293,6 +293,7 @@ PTXCONF_IMAGE_RPI2=y
 PTXCONF_IMAGE_SABRELITE=y
 PTXCONF_IMAGE_SAMA5D27_GIANTBOARD=y
 PTXCONF_IMAGE_SAMA5D27_SOM1_EK=y
+PTXCONF_IMAGE_STM32MP135F_DK=y
 PTXCONF_IMAGE_STM32MP157C_DK2=y
 PTXCONF_IMAGE_STM32MP157C_EV1=y
 PTXCONF_IMAGE_UDOO_NEO=y
diff --git a/configs/platform-v7a/platforms/image-stm32mp135f-dk.in b/configs/platform-v7a/platforms/image-stm32mp135f-dk.in
new file mode 100644
index 000000000000..4b06817a7dfc
--- /dev/null
+++ b/configs/platform-v7a/platforms/image-stm32mp135f-dk.in
@@ -0,0 +1,13 @@
+## SECTION=image
+
+config IMAGE_STM32MP135F_DK
+	tristate
+	select HOST_GENIMAGE
+	select HOST_TF_A
+	select IMAGE_ROOT_EXT
+	select TF_A_STM32MP13
+	select OPTEE
+	select BAREBOX_STM32MP
+	prompt "Generate images/stm32mp135f-dk.hdimg"
+	help
+	  Generate GPT image for the STM32MP135F-DK
diff --git a/configs/platform-v7a/rules/image-stm32mp135f-dk.make b/configs/platform-v7a/rules/image-stm32mp135f-dk.make
new file mode 100644
index 000000000000..c7fefb2f0432
--- /dev/null
+++ b/configs/platform-v7a/rules/image-stm32mp135f-dk.make
@@ -0,0 +1,34 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2017 by Sascha Hauer <s.hauer@pengutronix.de>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+IMAGE_PACKAGES-$(PTXCONF_IMAGE_STM32MP135F_DK) += image-stm32mp135f-dk
+
+IMAGE_STM32MP135F_DK_ENV := STM32MP_BOARD=stm32mp135f-dk
+
+#
+# Paths and names
+#
+IMAGE_STM32MP135F_DK		:= image-stm32mp135f-dk
+IMAGE_STM32MP135F_DK_DIR	:= $(BUILDDIR)/$(IMAGE_STM32MP135F_DK)
+IMAGE_STM32MP135F_DK_IMAGE	:= $(IMAGEDIR)/stm32mp135f-dk.hdimg
+IMAGE_STM32MP135F_DK_FILES	:= $(IMAGEDIR)/root.tgz
+IMAGE_STM32MP135F_DK_CONFIG	:= stm32mp-optee.config
+
+# ----------------------------------------------------------------------------
+# Image
+# ----------------------------------------------------------------------------
+
+$(IMAGE_STM32MP135F_DK_IMAGE):
+	@$(call targetinfo)
+	@$(call image/genimage, IMAGE_STM32MP135F_DK)
+	@$(call finish)
+
+# vim: syntax=make
-- 
2.39.2
^ permalink raw reply	[flat|nested] 11+ messages in thread
* Re: [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 Ahmad Fatoum
@ 2024-04-03 11:50   ` Michael Olbrich
  0 siblings, 0 replies; 11+ messages in thread
From: Michael Olbrich @ 2024-04-03 11:50 UTC (permalink / raw)
  To: Ahmad Fatoum; +Cc: distrokit
On Wed, Apr 03, 2024 at 12:39:21PM +0200, Ahmad Fatoum wrote:
> For the STM32MP13, ST decided that everyone should be using OP-TEE as
> System Control and Management Interface (SCMI) provider and the kernel
> driver for the reset and clock control (RCC) peripheral will talk to
> the SCMI provider. Therefore let's enable OP-TEE, so we can make use of
> this.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Link: https://lore.pengutronix.de/20240315211240.3016716-10-a.fatoum@pengutronix.de
> Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
> ---
> v1 -> v2:
>   - disable unused options CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n
>     (mol)
>   - add bsp.ref exceptions for potentially useful debugging options
> ---
>  configs/bsp.ref                     | 11 +++++++++++
>  configs/platform-v7a/platformconfig |  7 ++++++-
>  2 files changed, 17 insertions(+), 1 deletion(-)
> 
> diff --git a/configs/bsp.ref b/configs/bsp.ref
> index 56e83b160eb3..79fbbbb9272b 100644
> --- a/configs/bsp.ref
> +++ b/configs/bsp.ref
> @@ -33,6 +33,17 @@ kernel_initrd:
>        value: True
>      - value: False
>  
> +optee_disabled_features:
> +  description: |
> +    OP-TEE is used as secure monitor on STM32MP13x providing power
> +    management and clock/reset control support. We don't use it as
> +    part of a trusted boot setup, so we prefer debuggability over
> +    reduction of the attack surface.
> +  present:
> +    - CFG_DEBUG_INFO
> +    - CFG_ENABLE_EMBEDDED_TESTS
> +    - CFG_TEE_CORE_TA_TRACE
Can you add a condition to limit this to STM32MP13x or at least ARMv7?
Is there something in the optee config we can match for this?
Conditions for overrides like this mean, that the override is ignored, so
exactly what we want here.
Michael
> +
>  rootfs_unused_libraries:
>    description: |
>      - libatomic is needed on mips and rpi1 by libcrypto, but for simplicity ship it on all platforms
> diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
> index 2efae02cb241..f9c095916c22 100644
> --- a/configs/platform-v7a/platformconfig
> +++ b/configs/platform-v7a/platformconfig
> @@ -199,7 +199,10 @@ PTXCONF_BAREBOX_ARCH_STRING="arm"
>  PTXCONF_BOOTLOADER=y
>  # PTXCONF_GRUB is not set
>  # PTXCONF_HOST_MXS_UTILS is not set
> -# PTXCONF_OPTEE is not set
> +PTXCONF_OPTEE=y
> +PTXCONF_OPTEE_PLATFORM="stm32mp1"
> +PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
> +PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
>  PTXCONF_TF_A=y
>  PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
>  PTXCONF_TF_A_VERSION="v2.10"
> @@ -349,7 +352,9 @@ PTXCONF_HOST_SYSTEM_PYTHON3_PYPROJECT_HOOKS=y
>  PTXCONF_HOST_SYSTEM_PYTHON3_TOMLI=y
>  PTXCONF_HOST_SYSTEM_PYTHON3_WHEEL=y
>  PTXCONF_HOST_SYSTEM_PYTHON3=y
> +PTXCONF_HOST_SYSTEM_PYTHON3_CRYPTOGRAPHY=y
>  PTXCONF_HOST_SYSTEM_PYTHON3_SETUPTOOLS=y
> +PTXCONF_HOST_SYSTEM_PYTHON3_PYELFTOOLS=y
>  PTXCONF_HOST_UTIL_LINUX=y
>  PTXCONF_HOST_ZLIB=y
>  PTXCONF_HOST_TF_A=y
> -- 
> 2.39.2
> 
> 
> 
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
^ permalink raw reply	[flat|nested] 11+ messages in thread
* Re: [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK
  2024-04-03 10:39 ` [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
@ 2024-04-03 11:54   ` Michael Olbrich
  0 siblings, 0 replies; 11+ messages in thread
From: Michael Olbrich @ 2024-04-03 11:54 UTC (permalink / raw)
  To: Ahmad Fatoum; +Cc: distrokit
On Wed, Apr 03, 2024 at 12:39:24PM +0200, Ahmad Fatoum wrote:
> Now, that we have TF-A, OP-TEE, barebox and kernel in-place, let's build
> an image that combines all of them that can be booted by writing to the
> SD-Card of the STM32MP135F-DK.
> 
> Notably missing is Ethernet support as that's not mainline yet.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Link: https://lore.pengutronix.de/20240315211240.3016716-13-a.fatoum@pengutronix.de
> Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
> ---
> v1 -> v2:
>   - use barebox environment partition type GUID
> ---
>  .../config/images/stm32mp-optee.config        | 61 +++++++++++++++++++
>  configs/platform-v7a/platformconfig           |  3 +-
>  .../platforms/image-stm32mp135f-dk.in         | 13 ++++
>  .../rules/image-stm32mp135f-dk.make           | 34 +++++++++++
>  4 files changed, 110 insertions(+), 1 deletion(-)
>  create mode 100644 configs/platform-v7a/config/images/stm32mp-optee.config
>  create mode 100644 configs/platform-v7a/platforms/image-stm32mp135f-dk.in
>  create mode 100644 configs/platform-v7a/rules/image-stm32mp135f-dk.make
> 
> diff --git a/configs/platform-v7a/config/images/stm32mp-optee.config b/configs/platform-v7a/config/images/stm32mp-optee.config
> new file mode 100644
> index 000000000000..c1be91eb49d8
> --- /dev/null
> +++ b/configs/platform-v7a/config/images/stm32mp-optee.config
> @@ -0,0 +1,61 @@
> +image @IMAGE@ {
> +	hdimage {
> +		align = 1M
> +		partition-table-type = gpt
> +		gpt-no-backup = true
> +	}
> +
> +	/* below three partitions are unused when booting from eMMC boot partition */
> +	partition fsbl1 {
> +		image = "stm32mp1-tf-a-@STM32MP_BOARD@.stm32"
> +		size = 256K
> +	}
> +	partition fsbl2 {
> +		image = "stm32mp1-tf-a-@STM32MP_BOARD@.stm32"
> +		size = 256K
> +	}
> +	partition fip {
> +		image = "@STM32MP_BOARD@.fip"
> +		size = 2M
> +	}
> +
> +	partition barebox-environment {
> +		partition-type-uuid = "6c3737f2-07f8-45d1-ad45-15d260aab24d"
> +		size = 1M
> +	}
> +	partition barebox-state {
> +		partition-type-uuid = "4778ed65-bf42-45fa-9c5b-287a1dc4aab1"
I think genimage should be new enough to use
		partition-type-uuid = "barebox-state"
> +		size = 1M
> +	}
> +	partition root-A {
> +		partition-type-uuid = 69dad710-2ce4-4e3c-b16c-21a1d49abed3 # root-arm
		partition-type-uuid = "root-arm"
And please be consistent with quoting.
Michael
> +		image = root.ext2
> +	}
> +}
> +
> +image @STM32MP_BOARD@-emmcboot.img {
> +	hdimage {
> +		partition-table = false
> +	}
> +
> +	partition fsbl {
> +		image = "stm32mp1-tf-a-@STM32MP_BOARD@.stm32"
> +		size = 256K
> +	}
> +
> +	partition fip {
> +		image = "@STM32MP_BOARD@.fip"
> +		offset = 256K
> +	}
> +}
> +
> +image @STM32MP_BOARD@.fip {
> +	fip {
> +		fw-config = "stm32mp1-@STM32MP_BOARD@-fw-config.dtb"
> +		hw-config = "@STM32MP_BOARD@.dtb-bb"
> +		nt-fw = "barebox-stm32mp-generic-bl33.img"
> +		tos-fw = { "tee-header_v2.bin", "tee-pager_v2.bin", "tee-pageable_v2.bin" }
> +	}
> +	size = 2M
> +}
> +/* vim: set tabstop=8 noexpandtab : */
> diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
> index cef14be54d87..9fc6b59c5285 100644
> --- a/configs/platform-v7a/platformconfig
> +++ b/configs/platform-v7a/platformconfig
> @@ -203,7 +203,7 @@ PTXCONF_OPTEE=y
>  PTXCONF_OPTEE_PLATFORM="stm32mp1"
>  PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
>  PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
> -# PTXCONF_TF_A_STM32MP13 is not set
> +PTXCONF_TF_A_STM32MP13=y
>  PTXCONF_TF_A=y
>  PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
>  PTXCONF_TF_A_VERSION="v2.10"
> @@ -293,6 +293,7 @@ PTXCONF_IMAGE_RPI2=y
>  PTXCONF_IMAGE_SABRELITE=y
>  PTXCONF_IMAGE_SAMA5D27_GIANTBOARD=y
>  PTXCONF_IMAGE_SAMA5D27_SOM1_EK=y
> +PTXCONF_IMAGE_STM32MP135F_DK=y
>  PTXCONF_IMAGE_STM32MP157C_DK2=y
>  PTXCONF_IMAGE_STM32MP157C_EV1=y
>  PTXCONF_IMAGE_UDOO_NEO=y
> diff --git a/configs/platform-v7a/platforms/image-stm32mp135f-dk.in b/configs/platform-v7a/platforms/image-stm32mp135f-dk.in
> new file mode 100644
> index 000000000000..4b06817a7dfc
> --- /dev/null
> +++ b/configs/platform-v7a/platforms/image-stm32mp135f-dk.in
> @@ -0,0 +1,13 @@
> +## SECTION=image
> +
> +config IMAGE_STM32MP135F_DK
> +	tristate
> +	select HOST_GENIMAGE
> +	select HOST_TF_A
> +	select IMAGE_ROOT_EXT
> +	select TF_A_STM32MP13
> +	select OPTEE
> +	select BAREBOX_STM32MP
> +	prompt "Generate images/stm32mp135f-dk.hdimg"
> +	help
> +	  Generate GPT image for the STM32MP135F-DK
> diff --git a/configs/platform-v7a/rules/image-stm32mp135f-dk.make b/configs/platform-v7a/rules/image-stm32mp135f-dk.make
> new file mode 100644
> index 000000000000..c7fefb2f0432
> --- /dev/null
> +++ b/configs/platform-v7a/rules/image-stm32mp135f-dk.make
> @@ -0,0 +1,34 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2017 by Sascha Hauer <s.hauer@pengutronix.de>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +IMAGE_PACKAGES-$(PTXCONF_IMAGE_STM32MP135F_DK) += image-stm32mp135f-dk
> +
> +IMAGE_STM32MP135F_DK_ENV := STM32MP_BOARD=stm32mp135f-dk
> +
> +#
> +# Paths and names
> +#
> +IMAGE_STM32MP135F_DK		:= image-stm32mp135f-dk
> +IMAGE_STM32MP135F_DK_DIR	:= $(BUILDDIR)/$(IMAGE_STM32MP135F_DK)
> +IMAGE_STM32MP135F_DK_IMAGE	:= $(IMAGEDIR)/stm32mp135f-dk.hdimg
> +IMAGE_STM32MP135F_DK_FILES	:= $(IMAGEDIR)/root.tgz
> +IMAGE_STM32MP135F_DK_CONFIG	:= stm32mp-optee.config
> +
> +# ----------------------------------------------------------------------------
> +# Image
> +# ----------------------------------------------------------------------------
> +
> +$(IMAGE_STM32MP135F_DK_IMAGE):
> +	@$(call targetinfo)
> +	@$(call image/genimage, IMAGE_STM32MP135F_DK)
> +	@$(call finish)
> +
> +# vim: syntax=make
> -- 
> 2.39.2
> 
> 
> 
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
^ permalink raw reply	[flat|nested] 11+ messages in thread
end of thread, other threads:[~2024-04-03 11:54 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 4/8] v7a: barebox: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 Ahmad Fatoum
2024-04-03 11:50   ` Michael Olbrich
2024-04-03 10:39 ` [DistroKit] [PATCH v2 6/8] v7a: stm32mp: add TF-A recipe " Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 7/8] v7a: kernel: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
2024-04-03 11:54   ` Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox