From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0B17C433EF for ; Tue, 7 Sep 2021 23:59:49 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 14B38610C8 for ; Tue, 7 Sep 2021 23:59:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 14B38610C8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2494B832DB; Wed, 8 Sep 2021 01:59:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="LdELytZH"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 08FFE8329C; Wed, 8 Sep 2021 01:59:42 +0200 (CEST) Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 349B1817D3 for ; Wed, 8 Sep 2021 01:59:38 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-qv1-xf2b.google.com with SMTP id 62so217904qvb.11 for ; Tue, 07 Sep 2021 16:59:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=aoCGuC/rJ2CHQGrc6bA6H6mqyDgnFDVuc7Im7+QEmQk=; b=LdELytZHHSsySwJCfjo/j9eMvNEnahX9VfATd7to03Qc+B1OFSGpXYEYMBOAHRxYJt uMGtqwb5ugJO0HqJvrspTMp92fqtHDq4i51qHbvKihuZmp008u0vLWBe0pBqqzeYRQhX vbNu5pujjLTHnzWBoE/6MOg6ihQDCQM55Lo5OTH5EfUoSENGCFutJRc3cftik/5aVdzq R+ytklOmcD9rfRQkmnh/r6UFz8hx0K4ML7Oyy4ztUfYkEggPlNR2wRkMTbnhrRsA1TFV LKR8JSTFfowrpDRLjsHMLxi7rFHXMHlrqmJu8KvG2HrQQCvMV+Ek1iL77CGfknv7FHYj cG5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=aoCGuC/rJ2CHQGrc6bA6H6mqyDgnFDVuc7Im7+QEmQk=; b=kTAcffzZzCuU6HmWZElPlHeV/MaapvyGZRncp9hr/SpLyhFWCg9br/4Bg/7huA3IGF ARfCEhw0F7dNMUhweCbfULrKbYh4iGT0A49M9w2HHrk3LZcYobR5DZpDECQufxGkVwVQ n48RR76qhlRSNMJN15eDfzo6LOCdei9Y/sOz7meeJpesVcuInaofOaVduIvMLMf4HVVp 2WyX0C6u5XYypbw5lNQNuai7YE06PiunrwjQNq3oAbimjGBk3WqlnsGlBLX0oz475t7J RErNYBusvGoZt3rkkXwEM+308e29Hp9Oj0Jkb8bPiRexwnqwuAtRCZ72qipZcmni3EvG ZYZQ== X-Gm-Message-State: AOAM530azJCakHuzle1OZ6HX0SbQoN4ZSjn8gFLGcJKO9gDcEg7KGkKG vG+FUL2XWLw7KulLLnxwTyJNTQT528I= X-Google-Smtp-Source: ABdhPJyqU7kSDo3FAUnzILAy7yMyxG6Dk9ZDcdRYgaeBLQ5az5fJI85+vDfo+TFjypQhxez240zpxQ== X-Received: by 2002:a0c:aa55:: with SMTP id e21mr959492qvb.41.1631059176504; Tue, 07 Sep 2021 16:59:36 -0700 (PDT) Received: from nuclearis3.lan (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id d78sm460351qkg.92.2021.09.07.16.59.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Sep 2021 16:59:35 -0700 (PDT) From: Alexandru Gagniuc To: u-boot@lists.denx.de, uboot-stm32@st-md-mailman.stormreply.com, patrick.delaunay@foss.st.com Cc: Alexandru Gagniuc , patrice.chotard@foss.st.com, etienne.carriere@linaro.org Subject: [PATCH v2 00/11] stm32mp1: Support falcon mode with OP-TEE payloads Date: Tue, 7 Sep 2021 18:59:22 -0500 Message-Id: <20210907235933.2798330-1-mr.nuke.me@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean My goal when I started on this project a year ago was to get to linux userspace within a second from power on. Oh, and it had to be secure! Contrast that to the two minutes it took the STLinux demo to come up. It was obvious that the accepted way of running an FSBL, then SSBL was going to blow the time budget. There really wasn't a good solution, and traditional falcon mode with "spl export" command was not secure. I chose to use SPL with a FIT payload. We have to add certain logic to SPL, as well as some FDT modifications that would be normally done in u-boot. The boot flow is SPL -> OP-TEE -> Linux One of the major complaints of v1 was that we shouldn't be patching the devicetree with optee nodes in SPL. Instead, we should let OP-TEE add the required nodes. I tried it, found a huge boot time penalty, and decided against it. Another issue from v1 that I was unable to address is the MAC address. It was suggested to use the "nvmem-cells" FDT property to tell linux where in the OTP to read the MAC. Because of the way the linux BSEC driver is written, this would only work with TF-A, but fails with SPL. There is also the issue of how to make the optee/ library available to SPL. Patrick has a couple of patches up regarding the issue, so I have not touched it in this series. Changes since v1: - Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig instead of stm32mp1.h - Create a new defconfig for STM32MP in falcon mode - Rework board_fit_config_name_match() per Patrick's suggestions - Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios" - Only update shadow registers in SPL for BSEC .probe() Alexandru Gagniuc (11): spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig stm32mp1: Add support for baudrates higher than 115200 stm32mp1: Add support for falcon mode boot from SD card board: stm32mp1: Implement board_fit_config_name_match() for SPL fdt_support: Implement fdt_ethernet_set_macaddr() arm: stm32mp: bsec: Update OTP shadow registers in SPL arm: stm32mp: Factor out reading MAC address from OTP stm32mp1: spl: Configure MAC address when booting OP-TEE lib: Makefile: Make optee library available in SPL ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads README | 4 - arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 + arch/arm/mach-stm32mp/bsec.c | 4 +- arch/arm/mach-stm32mp/cpu.c | 59 ++++-- .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 + arch/arm/mach-stm32mp/spl.c | 3 + board/st/stm32mp1/spl.c | 53 +++++ common/fdt_support.c | 30 +++ common/spl/Kconfig | 11 ++ configs/am335x_boneblack_vboot_defconfig | 1 + configs/am335x_evm_defconfig | 1 + configs/am335x_igep003x_defconfig | 1 + configs/am335x_shc_defconfig | 1 + configs/am335x_shc_ict_defconfig | 1 + configs/am335x_shc_netboot_defconfig | 1 + configs/am335x_shc_sdboot_defconfig | 1 + configs/am335x_sl50_defconfig | 1 + configs/am3517_evm_defconfig | 1 + configs/am43xx_evm_defconfig | 1 + configs/am43xx_evm_rtconly_defconfig | 1 + configs/am43xx_evm_usbhost_boot_defconfig | 1 + configs/am57xx_evm_defconfig | 1 + configs/devkit8000_defconfig | 1 + configs/display5_defconfig | 1 + configs/display5_factory_defconfig | 1 + configs/dra7xx_evm_defconfig | 1 + configs/gwventana_emmc_defconfig | 1 + configs/gwventana_gw5904_defconfig | 1 + configs/gwventana_nand_defconfig | 1 + configs/igep00x0_defconfig | 1 + configs/imx6dl_mamoj_defconfig | 1 + configs/imx6q_logic_defconfig | 1 + configs/imx6qdl_icore_mipi_defconfig | 1 + configs/imx6qdl_icore_mmc_defconfig | 1 + configs/imx6qdl_icore_rqs_defconfig | 1 + configs/mccmon6_nor_defconfig | 1 + configs/omap35_logic_defconfig | 1 + configs/omap35_logic_somlv_defconfig | 1 + configs/omap3_logic_defconfig | 1 + configs/omap3_logic_somlv_defconfig | 1 + configs/omap4_panda_defconfig | 1 + configs/omap5_uevm_defconfig | 1 + configs/stm32mp15_falcon_defconfig | 181 ++++++++++++++++++ include/configs/brppt1.h | 1 - include/configs/devkit8000.h | 2 - include/configs/display5.h | 1 - include/configs/embestmx6boards.h | 1 - include/configs/gw_ventana.h | 1 - include/configs/imx6-engicam.h | 1 - include/configs/imx6_logic.h | 1 - include/configs/imx6dl-mamoj.h | 1 - include/configs/ls1043ardb.h | 1 - include/configs/mccmon6.h | 1 - include/configs/mx6sabreauto.h | 1 - include/configs/mx6sabresd.h | 1 - include/configs/pico-imx6.h | 1 - include/configs/pico-imx6ul.h | 1 - include/configs/pico-imx7d.h | 1 - include/configs/sama5d3_xplained.h | 1 - include/configs/stm32mp1.h | 4 + include/configs/tam3517-common.h | 1 - include/configs/ti_armv7_common.h | 1 - include/configs/vyasa-rk3288.h | 1 - include/configs/xea.h | 1 - include/configs/xilinx_zynqmp.h | 1 - include/configs/zynq-common.h | 1 - include/fdt_support.h | 17 ++ lib/Makefile | 2 +- scripts/config_whitelist.txt | 1 - 69 files changed, 386 insertions(+), 45 deletions(-) create mode 100644 configs/stm32mp15_falcon_defconfig -- 2.31.1