From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: distrokit@pengutronix.de
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [DistroKit] [PATCH v3 5/8] v7a: build OP-TEE for STM32MP13
Date: Wed, 3 Apr 2024 18:48:12 +0200 [thread overview]
Message-ID: <20240403164815.3929378-6-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20240403164815.3929378-1-a.fatoum@pengutronix.de>
For the STM32MP13, ST decided that everyone should be using OP-TEE as
System Control and Management Interface (SCMI) provider and the kernel
driver for the reset and clock control (RCC) peripheral will talk to
the SCMI provider. Therefore let's enable OP-TEE, so we can make use of
this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-10-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v2 -> v3:
- add CFG_STM32MP13 as precondition to reason override (mol)
v1 -> v2:
- disable unused options CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n
(mol)
- add bsp.ref exceptions for potentially useful debugging options
---
configs/bsp.ref | 12 ++++++++++++
configs/platform-v7a/platformconfig | 7 ++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/configs/bsp.ref b/configs/bsp.ref
index 56e83b160eb3..fe2e2b4d60f5 100644
--- a/configs/bsp.ref
+++ b/configs/bsp.ref
@@ -33,6 +33,18 @@ kernel_initrd:
value: True
- value: False
+optee_disabled_features:
+ description: |
+ OP-TEE is used as secure monitor on STM32MP13x providing power
+ management and clock/reset control support. We don't use it as
+ part of a trusted boot setup, so we prefer debuggability over
+ reduction of the attack surface.
+ condition: kconfig.OPTEEConfig()['CFG_STM32MP13']
+ present:
+ - CFG_DEBUG_INFO
+ - CFG_ENABLE_EMBEDDED_TESTS
+ - CFG_TEE_CORE_TA_TRACE
+
rootfs_unused_libraries:
description: |
- libatomic is needed on mips and rpi1 by libcrypto, but for simplicity ship it on all platforms
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index 2efae02cb241..f9c095916c22 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -199,7 +199,10 @@ PTXCONF_BAREBOX_ARCH_STRING="arm"
PTXCONF_BOOTLOADER=y
# PTXCONF_GRUB is not set
# PTXCONF_HOST_MXS_UTILS is not set
-# PTXCONF_OPTEE is not set
+PTXCONF_OPTEE=y
+PTXCONF_OPTEE_PLATFORM="stm32mp1"
+PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
+PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
PTXCONF_TF_A=y
PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
PTXCONF_TF_A_VERSION="v2.10"
@@ -349,7 +352,9 @@ PTXCONF_HOST_SYSTEM_PYTHON3_PYPROJECT_HOOKS=y
PTXCONF_HOST_SYSTEM_PYTHON3_TOMLI=y
PTXCONF_HOST_SYSTEM_PYTHON3_WHEEL=y
PTXCONF_HOST_SYSTEM_PYTHON3=y
+PTXCONF_HOST_SYSTEM_PYTHON3_CRYPTOGRAPHY=y
PTXCONF_HOST_SYSTEM_PYTHON3_SETUPTOOLS=y
+PTXCONF_HOST_SYSTEM_PYTHON3_PYELFTOOLS=y
PTXCONF_HOST_UTIL_LINUX=y
PTXCONF_HOST_ZLIB=y
PTXCONF_HOST_TF_A=y
--
2.39.2
next prev parent reply other threads:[~2024-04-03 16:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 16:48 [DistroKit] [PATCH v3 0/8] add STM32MP135F-DK support Ahmad Fatoum
2024-04-03 16:48 ` [DistroKit] [PATCH v3 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
2024-04-03 16:48 ` [DistroKit] [PATCH v3 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition Ahmad Fatoum
2024-04-03 16:48 ` [DistroKit] [PATCH v3 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID Ahmad Fatoum
2024-04-03 16:48 ` [DistroKit] [PATCH v3 4/8] v7a: barebox: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 16:48 ` Ahmad Fatoum [this message]
2024-04-03 16:48 ` [DistroKit] [PATCH v3 6/8] v7a: stm32mp: add TF-A recipe for STM32MP13 Ahmad Fatoum
2024-04-03 16:48 ` [DistroKit] [PATCH v3 7/8] v7a: kernel: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 16:48 ` [DistroKit] [PATCH v3 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
2024-04-22 14:25 ` [DistroKit] [PATCH v3 0/8] add STM32MP135F-DK support Robert Schwebel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240403164815.3929378-6-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=distrokit@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox