From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: distrokit@pengutronix.de
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13
Date: Wed, 3 Apr 2024 12:39:21 +0200 [thread overview]
Message-ID: <20240403103924.3168404-6-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20240403103924.3168404-1-a.fatoum@pengutronix.de>
For the STM32MP13, ST decided that everyone should be using OP-TEE as
System Control and Management Interface (SCMI) provider and the kernel
driver for the reset and clock control (RCC) peripheral will talk to
the SCMI provider. Therefore let's enable OP-TEE, so we can make use of
this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.pengutronix.de/20240315211240.3016716-10-a.fatoum@pengutronix.de
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
v1 -> v2:
- disable unused options CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n
(mol)
- add bsp.ref exceptions for potentially useful debugging options
---
configs/bsp.ref | 11 +++++++++++
configs/platform-v7a/platformconfig | 7 ++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/configs/bsp.ref b/configs/bsp.ref
index 56e83b160eb3..79fbbbb9272b 100644
--- a/configs/bsp.ref
+++ b/configs/bsp.ref
@@ -33,6 +33,17 @@ kernel_initrd:
value: True
- value: False
+optee_disabled_features:
+ description: |
+ OP-TEE is used as secure monitor on STM32MP13x providing power
+ management and clock/reset control support. We don't use it as
+ part of a trusted boot setup, so we prefer debuggability over
+ reduction of the attack surface.
+ present:
+ - CFG_DEBUG_INFO
+ - CFG_ENABLE_EMBEDDED_TESTS
+ - CFG_TEE_CORE_TA_TRACE
+
rootfs_unused_libraries:
description: |
- libatomic is needed on mips and rpi1 by libcrypto, but for simplicity ship it on all platforms
diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index 2efae02cb241..f9c095916c22 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -199,7 +199,10 @@ PTXCONF_BAREBOX_ARCH_STRING="arm"
PTXCONF_BOOTLOADER=y
# PTXCONF_GRUB is not set
# PTXCONF_HOST_MXS_UTILS is not set
-# PTXCONF_OPTEE is not set
+PTXCONF_OPTEE=y
+PTXCONF_OPTEE_PLATFORM="stm32mp1"
+PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
+PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
PTXCONF_TF_A=y
PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
PTXCONF_TF_A_VERSION="v2.10"
@@ -349,7 +352,9 @@ PTXCONF_HOST_SYSTEM_PYTHON3_PYPROJECT_HOOKS=y
PTXCONF_HOST_SYSTEM_PYTHON3_TOMLI=y
PTXCONF_HOST_SYSTEM_PYTHON3_WHEEL=y
PTXCONF_HOST_SYSTEM_PYTHON3=y
+PTXCONF_HOST_SYSTEM_PYTHON3_CRYPTOGRAPHY=y
PTXCONF_HOST_SYSTEM_PYTHON3_SETUPTOOLS=y
+PTXCONF_HOST_SYSTEM_PYTHON3_PYELFTOOLS=y
PTXCONF_HOST_UTIL_LINUX=y
PTXCONF_HOST_ZLIB=y
PTXCONF_HOST_TF_A=y
--
2.39.2
next prev parent reply other threads:[~2024-04-03 10:39 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 4/8] v7a: barebox: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` Ahmad Fatoum [this message]
2024-04-03 11:50 ` [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 Michael Olbrich
2024-04-03 10:39 ` [DistroKit] [PATCH v2 6/8] v7a: stm32mp: add TF-A recipe " Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 7/8] v7a: kernel: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
2024-04-03 11:54 ` Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240403103924.3168404-6-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=distrokit@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox