From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 03 Apr 2024 13:50:15 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rrz8B-0062pI-22 for lore@lore.pengutronix.de; Wed, 03 Apr 2024 13:50:15 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rrz8B-0001Zp-52; Wed, 03 Apr 2024 13:50:15 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rrz84-0001YA-FR; Wed, 03 Apr 2024 13:50:08 +0200 Received: from [2a0a:edc0:2:b01:1d::c5] (helo=pty.whiteo.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rrz84-00AAQ2-32; Wed, 03 Apr 2024 13:50:08 +0200 Received: from mol by pty.whiteo.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1rrz84-00CQdh-02; Wed, 03 Apr 2024 13:50:08 +0200 Date: Wed, 3 Apr 2024 13:50:07 +0200 From: Michael Olbrich To: Ahmad Fatoum Message-ID: Mail-Followup-To: Ahmad Fatoum , distrokit@pengutronix.de References: <20240403103924.3168404-1-a.fatoum@pengutronix.de> <20240403103924.3168404-6-a.fatoum@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240403103924.3168404-6-a.fatoum@pengutronix.de> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: distrokit@pengutronix.de Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Wed, Apr 03, 2024 at 12:39:21PM +0200, Ahmad Fatoum wrote: > For the STM32MP13, ST decided that everyone should be using OP-TEE as > System Control and Management Interface (SCMI) provider and the kernel > driver for the reset and clock control (RCC) peripheral will talk to > the SCMI provider. Therefore let's enable OP-TEE, so we can make use of > this. > > Signed-off-by: Ahmad Fatoum > Link: https://lore.pengutronix.de/20240315211240.3016716-10-a.fatoum@pengutronix.de > Signed-off-by: Robert Schwebel > --- > v1 -> v2: > - disable unused options CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n > (mol) > - add bsp.ref exceptions for potentially useful debugging options > --- > configs/bsp.ref | 11 +++++++++++ > configs/platform-v7a/platformconfig | 7 ++++++- > 2 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/configs/bsp.ref b/configs/bsp.ref > index 56e83b160eb3..79fbbbb9272b 100644 > --- a/configs/bsp.ref > +++ b/configs/bsp.ref > @@ -33,6 +33,17 @@ kernel_initrd: > value: True > - value: False > > +optee_disabled_features: > + description: | > + OP-TEE is used as secure monitor on STM32MP13x providing power > + management and clock/reset control support. We don't use it as > + part of a trusted boot setup, so we prefer debuggability over > + reduction of the attack surface. > + present: > + - CFG_DEBUG_INFO > + - CFG_ENABLE_EMBEDDED_TESTS > + - CFG_TEE_CORE_TA_TRACE Can you add a condition to limit this to STM32MP13x or at least ARMv7? Is there something in the optee config we can match for this? Conditions for overrides like this mean, that the override is ignored, so exactly what we want here. Michael > + > rootfs_unused_libraries: > description: | > - libatomic is needed on mips and rpi1 by libcrypto, but for simplicity ship it on all platforms > diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig > index 2efae02cb241..f9c095916c22 100644 > --- a/configs/platform-v7a/platformconfig > +++ b/configs/platform-v7a/platformconfig > @@ -199,7 +199,10 @@ PTXCONF_BAREBOX_ARCH_STRING="arm" > PTXCONF_BOOTLOADER=y > # PTXCONF_GRUB is not set > # PTXCONF_HOST_MXS_UTILS is not set > -# PTXCONF_OPTEE is not set > +PTXCONF_OPTEE=y > +PTXCONF_OPTEE_PLATFORM="stm32mp1" > +PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK" > +PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n" > PTXCONF_TF_A=y > PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot" > PTXCONF_TF_A_VERSION="v2.10" > @@ -349,7 +352,9 @@ PTXCONF_HOST_SYSTEM_PYTHON3_PYPROJECT_HOOKS=y > PTXCONF_HOST_SYSTEM_PYTHON3_TOMLI=y > PTXCONF_HOST_SYSTEM_PYTHON3_WHEEL=y > PTXCONF_HOST_SYSTEM_PYTHON3=y > +PTXCONF_HOST_SYSTEM_PYTHON3_CRYPTOGRAPHY=y > PTXCONF_HOST_SYSTEM_PYTHON3_SETUPTOOLS=y > +PTXCONF_HOST_SYSTEM_PYTHON3_PYELFTOOLS=y > PTXCONF_HOST_UTIL_LINUX=y > PTXCONF_HOST_ZLIB=y > PTXCONF_HOST_TF_A=y > -- > 2.39.2 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |