From: Sumit Garg <sumit.garg@kernel.org>
To: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Cc: Bjorn Andersson <andersson@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Jens Wiklander <jens.wiklander@linaro.org>,
Rob Herring <robh+dt@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
linux-stm32@st-md-mailman.stormreply.com,
linux-arm-kernel@lists.infradead.org,
linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org,
op-tee@lists.trustedfirmware.org, devicetree@vger.kernel.org
Subject: Re: [PATCH v19 4/6] dt-bindings: remoteproc: Add compatibility for TEE support
Date: Tue, 16 Sep 2025 14:44:49 +0530 [thread overview]
Message-ID: <aMkqifHSdlCs4VjA@sumit-X1> (raw)
In-Reply-To: <20250625094028.758016-5-arnaud.pouliquen@foss.st.com>
Hi Arnaud,
First of all apologies for such a late review comment as previously I
wasn't CCed or involved in the review of this patch-set. In case any of
my following comments have been discussed in the past then feel free to
point me at relevant discussions.
On Wed, Jun 25, 2025 at 11:40:26AM +0200, Arnaud Pouliquen wrote:
> The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration
> where the Cortex-M4 firmware is loaded by the Trusted Execution Environment
> (TEE).
Having a DT based compatible for a TEE service to me just feels like it
is redundant here. I can see you have also used a TEE bus based device
too but that is not being properly used. I know subsystems like
remoteproc, SCMI and others heavily rely on DT to hardcode properties of
system firmware which are rather better to be discovered dynamically.
So I have an open question for you and the remoteproc subsystem
maintainers being:
Is it feasible to rather leverage the benefits of a fully discoverable
TEE bus rather than relying on platform bus/ DT to hardcode firmware
properties?
>
> For instance, this compatible is used in both the Linux and OP-TEE device
> trees:
> - In OP-TEE, a node is defined in the device tree with the
> "st,stm32mp1-m4-tee" compatible to support signed remoteproc firmware.
> Based on DT properties, the OP-TEE remoteproc framework is initiated to
> expose a trusted application service to authenticate and load the remote
> processor firmware provided by the Linux remoteproc framework, as well
> as to start and stop the remote processor.
> - In Linux, when the compatibility is set, the Cortex-M resets should not
> be declared in the device tree. In such a configuration, the reset is
> managed by the OP-TEE remoteproc driver and is no longer accessible from
> the Linux kernel.
>
> Associated with this new compatible, add the "st,proc-id" property to
> identify the remote processor. This ID is used to define a unique ID,
> common between Linux, U-Boot, and OP-TEE, to identify a coprocessor.
This "st,proc-id" is just one such property which can rather be directly
probed from the TEE/OP-TEE service rather than hardcoding it in DT here.
I think the same will apply to other properties as well.
-Sumit
> This ID will be used in requests to the OP-TEE remoteproc Trusted
> Application to specify the remote processor.
>
> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
> Reviewed-by: Rob Herring (Arm) <robh@kernel.org>
> ---
> .../bindings/remoteproc/st,stm32-rproc.yaml | 58 ++++++++++++++++---
> 1 file changed, 50 insertions(+), 8 deletions(-)
>
> diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> index 843679c557e7..58da07e536fc 100644
> --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> @@ -16,7 +16,12 @@ maintainers:
>
> properties:
> compatible:
> - const: st,stm32mp1-m4
> + enum:
> + - st,stm32mp1-m4
> + - st,stm32mp1-m4-tee
> + description:
> + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by non-secure context
> + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by secure context
>
> reg:
> description:
> @@ -43,6 +48,10 @@ properties:
> - description: The offset of the hold boot setting register
> - description: The field mask of the hold boot
>
> + st,proc-id:
> + description: remote processor identifier
> + $ref: /schemas/types.yaml#/definitions/uint32
> +
> st,syscfg-tz:
> deprecated: true
> description:
> @@ -146,21 +155,43 @@ properties:
> required:
> - compatible
> - reg
> - - resets
>
> allOf:
> - if:
> properties:
> - reset-names:
> - not:
> - contains:
> - const: hold_boot
> + compatible:
> + contains:
> + const: st,stm32mp1-m4
> then:
> + if:
> + properties:
> + reset-names:
> + not:
> + contains:
> + const: hold_boot
> + then:
> + required:
> + - st,syscfg-holdboot
> + else:
> + properties:
> + st,syscfg-holdboot: false
> + required:
> + - reset-names
> required:
> - - st,syscfg-holdboot
> - else:
> + - resets
> +
> + - if:
> + properties:
> + compatible:
> + contains:
> + const: st,stm32mp1-m4-tee
> + then:
> properties:
> st,syscfg-holdboot: false
> + reset-names: false
> + resets: false
> + required:
> + - st,proc-id
>
> additionalProperties: false
>
> @@ -192,5 +223,16 @@ examples:
> st,syscfg-rsc-tbl = <&tamp 0x144 0xFFFFFFFF>;
> st,syscfg-m4-state = <&tamp 0x148 0xFFFFFFFF>;
> };
> + - |
> + #include <dt-bindings/reset/stm32mp1-resets.h>
> + m4@10000000 {
> + compatible = "st,stm32mp1-m4-tee";
> + reg = <0x10000000 0x40000>,
> + <0x30000000 0x40000>,
> + <0x38000000 0x10000>;
> + st,proc-id = <0>;
> + st,syscfg-rsc-tbl = <&tamp 0x144 0xFFFFFFFF>;
> + st,syscfg-m4-state = <&tamp 0x148 0xFFFFFFFF>;
> + };
>
> ...
> --
> 2.25.1
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Sumit Garg via OP-TEE <op-tee@lists.trustedfirmware.org>
To: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Cc: Bjorn Andersson <andersson@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Rob Herring <robh+dt@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
linux-stm32@st-md-mailman.stormreply.com,
linux-arm-kernel@lists.infradead.org,
linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org,
op-tee@lists.trustedfirmware.org, devicetree@vger.kernel.org
Subject: Re: [PATCH v19 4/6] dt-bindings: remoteproc: Add compatibility for TEE support
Date: Tue, 16 Sep 2025 14:44:49 +0530 [thread overview]
Message-ID: <aMkqifHSdlCs4VjA@sumit-X1> (raw)
In-Reply-To: <20250625094028.758016-5-arnaud.pouliquen@foss.st.com>
Hi Arnaud,
First of all apologies for such a late review comment as previously I
wasn't CCed or involved in the review of this patch-set. In case any of
my following comments have been discussed in the past then feel free to
point me at relevant discussions.
On Wed, Jun 25, 2025 at 11:40:26AM +0200, Arnaud Pouliquen wrote:
> The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration
> where the Cortex-M4 firmware is loaded by the Trusted Execution Environment
> (TEE).
Having a DT based compatible for a TEE service to me just feels like it
is redundant here. I can see you have also used a TEE bus based device
too but that is not being properly used. I know subsystems like
remoteproc, SCMI and others heavily rely on DT to hardcode properties of
system firmware which are rather better to be discovered dynamically.
So I have an open question for you and the remoteproc subsystem
maintainers being:
Is it feasible to rather leverage the benefits of a fully discoverable
TEE bus rather than relying on platform bus/ DT to hardcode firmware
properties?
>
> For instance, this compatible is used in both the Linux and OP-TEE device
> trees:
> - In OP-TEE, a node is defined in the device tree with the
> "st,stm32mp1-m4-tee" compatible to support signed remoteproc firmware.
> Based on DT properties, the OP-TEE remoteproc framework is initiated to
> expose a trusted application service to authenticate and load the remote
> processor firmware provided by the Linux remoteproc framework, as well
> as to start and stop the remote processor.
> - In Linux, when the compatibility is set, the Cortex-M resets should not
> be declared in the device tree. In such a configuration, the reset is
> managed by the OP-TEE remoteproc driver and is no longer accessible from
> the Linux kernel.
>
> Associated with this new compatible, add the "st,proc-id" property to
> identify the remote processor. This ID is used to define a unique ID,
> common between Linux, U-Boot, and OP-TEE, to identify a coprocessor.
This "st,proc-id" is just one such property which can rather be directly
probed from the TEE/OP-TEE service rather than hardcoding it in DT here.
I think the same will apply to other properties as well.
-Sumit
> This ID will be used in requests to the OP-TEE remoteproc Trusted
> Application to specify the remote processor.
>
> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
> Reviewed-by: Rob Herring (Arm) <robh@kernel.org>
> ---
> .../bindings/remoteproc/st,stm32-rproc.yaml | 58 ++++++++++++++++---
> 1 file changed, 50 insertions(+), 8 deletions(-)
>
> diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> index 843679c557e7..58da07e536fc 100644
> --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> @@ -16,7 +16,12 @@ maintainers:
>
> properties:
> compatible:
> - const: st,stm32mp1-m4
> + enum:
> + - st,stm32mp1-m4
> + - st,stm32mp1-m4-tee
> + description:
> + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by non-secure context
> + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by secure context
>
> reg:
> description:
> @@ -43,6 +48,10 @@ properties:
> - description: The offset of the hold boot setting register
> - description: The field mask of the hold boot
>
> + st,proc-id:
> + description: remote processor identifier
> + $ref: /schemas/types.yaml#/definitions/uint32
> +
> st,syscfg-tz:
> deprecated: true
> description:
> @@ -146,21 +155,43 @@ properties:
> required:
> - compatible
> - reg
> - - resets
>
> allOf:
> - if:
> properties:
> - reset-names:
> - not:
> - contains:
> - const: hold_boot
> + compatible:
> + contains:
> + const: st,stm32mp1-m4
> then:
> + if:
> + properties:
> + reset-names:
> + not:
> + contains:
> + const: hold_boot
> + then:
> + required:
> + - st,syscfg-holdboot
> + else:
> + properties:
> + st,syscfg-holdboot: false
> + required:
> + - reset-names
> required:
> - - st,syscfg-holdboot
> - else:
> + - resets
> +
> + - if:
> + properties:
> + compatible:
> + contains:
> + const: st,stm32mp1-m4-tee
> + then:
> properties:
> st,syscfg-holdboot: false
> + reset-names: false
> + resets: false
> + required:
> + - st,proc-id
>
> additionalProperties: false
>
> @@ -192,5 +223,16 @@ examples:
> st,syscfg-rsc-tbl = <&tamp 0x144 0xFFFFFFFF>;
> st,syscfg-m4-state = <&tamp 0x148 0xFFFFFFFF>;
> };
> + - |
> + #include <dt-bindings/reset/stm32mp1-resets.h>
> + m4@10000000 {
> + compatible = "st,stm32mp1-m4-tee";
> + reg = <0x10000000 0x40000>,
> + <0x30000000 0x40000>,
> + <0x38000000 0x10000>;
> + st,proc-id = <0>;
> + st,syscfg-rsc-tbl = <&tamp 0x144 0xFFFFFFFF>;
> + st,syscfg-m4-state = <&tamp 0x148 0xFFFFFFFF>;
> + };
>
> ...
> --
> 2.25.1
>
>
next prev parent reply other threads:[~2025-09-16 9:15 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-25 9:40 [PATCH v19 0/6] Introduction of a remoteproc tee to load signed firmware Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-06-25 9:40 ` [PATCH v19 1/6] remoteproc: core: Introduce rproc_pa_to_va helper Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-06-25 9:40 ` [PATCH v19 2/6] remoteproc: Add TEE support Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-07-31 10:25 ` Harshal Dev
2025-07-31 10:25 ` Harshal Dev
2025-08-01 7:23 ` Arnaud POULIQUEN
2025-08-01 7:23 ` Arnaud POULIQUEN
2025-08-04 9:26 ` Harshal Dev
2025-08-04 9:26 ` Harshal Dev
2025-08-11 14:11 ` Sumit Garg
2025-08-11 14:11 ` Sumit Garg via OP-TEE
2025-08-14 10:47 ` Harshal Dev
2025-08-14 10:47 ` Harshal Dev
2025-08-18 5:07 ` Sumit Garg
2025-08-18 5:07 ` Sumit Garg via OP-TEE
2025-08-13 16:42 ` Abdellatif El Khlifi
2025-08-13 16:42 ` Abdellatif El Khlifi
2025-08-14 7:17 ` Sumit Garg
2025-08-14 7:17 ` Sumit Garg via OP-TEE
2025-06-25 9:40 ` [PATCH v19 3/6] remoteproc: Introduce optional release_fw operation Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-07-31 10:27 ` Harshal Dev
2025-06-25 9:40 ` [PATCH v19 4/6] dt-bindings: remoteproc: Add compatibility for TEE support Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-09-16 9:14 ` Sumit Garg [this message]
2025-09-16 9:14 ` Sumit Garg via OP-TEE
2025-09-16 13:26 ` Arnaud POULIQUEN
2025-09-16 13:26 ` Arnaud POULIQUEN
2025-09-17 10:08 ` Sumit Garg
2025-09-17 10:08 ` Sumit Garg via OP-TEE
2025-09-17 13:47 ` Arnaud POULIQUEN
2025-09-17 13:47 ` Arnaud POULIQUEN
2025-09-19 6:46 ` Sumit Garg
2025-09-19 6:46 ` Sumit Garg via OP-TEE
2025-09-22 8:57 ` Arnaud POULIQUEN
2025-09-22 8:57 ` Arnaud POULIQUEN
2025-10-07 13:50 ` [Linux-stm32] " Arnaud POULIQUEN
2025-10-07 13:50 ` Arnaud POULIQUEN
2025-10-08 16:38 ` Mathieu Poirier
2025-10-08 16:38 ` Mathieu Poirier
2025-10-10 5:58 ` Sumit Garg
2025-10-10 5:58 ` Sumit Garg via OP-TEE
2025-10-10 5:44 ` Sumit Garg
2025-10-10 5:44 ` Sumit Garg via OP-TEE
2025-10-10 10:04 ` Arnaud POULIQUEN
2025-10-10 10:04 ` Arnaud POULIQUEN
2025-10-11 22:49 ` Sumit Garg
2025-10-11 22:49 ` Sumit Garg via OP-TEE
2025-10-13 9:46 ` Arnaud POULIQUEN
2025-10-13 9:46 ` Arnaud POULIQUEN
2025-06-25 9:40 ` [PATCH v19 5/6] remoteproc: stm32: Create sub-functions to request shutdown and release Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-06-25 9:40 ` [PATCH v19 6/6] remoteproc: stm32: Add support of an OP-TEE TA to load the firmware Arnaud Pouliquen
2025-06-25 9:40 ` Arnaud Pouliquen
2025-09-12 16:03 ` [PATCH v19 0/6] Introduction of a remoteproc tee to load signed firmware Arnaud POULIQUEN
2025-09-12 16:03 ` Arnaud POULIQUEN
2025-09-15 16:44 ` Mathieu Poirier
2025-09-15 16:44 ` Mathieu Poirier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMkqifHSdlCs4VjA@sumit-X1 \
--to=sumit.garg@kernel.org \
--cc=andersson@kernel.org \
--cc=arnaud.pouliquen@foss.st.com \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=jens.wiklander@linaro.org \
--cc=krzk+dt@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-remoteproc@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=mathieu.poirier@linaro.org \
--cc=op-tee@lists.trustedfirmware.org \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.