From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: distrokit@pengutronix.de
Subject: Re: [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13
Date: Wed, 3 Apr 2024 13:50:07 +0200 [thread overview]
Message-ID: <Zg1Cb67Su-NIoENg@pengutronix.de> (raw)
In-Reply-To: <20240403103924.3168404-6-a.fatoum@pengutronix.de>
On Wed, Apr 03, 2024 at 12:39:21PM +0200, Ahmad Fatoum wrote:
> For the STM32MP13, ST decided that everyone should be using OP-TEE as
> System Control and Management Interface (SCMI) provider and the kernel
> driver for the reset and clock control (RCC) peripheral will talk to
> the SCMI provider. Therefore let's enable OP-TEE, so we can make use of
> this.
>
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Link: https://lore.pengutronix.de/20240315211240.3016716-10-a.fatoum@pengutronix.de
> Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
> ---
> v1 -> v2:
> - disable unused options CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n
> (mol)
> - add bsp.ref exceptions for potentially useful debugging options
> ---
> configs/bsp.ref | 11 +++++++++++
> configs/platform-v7a/platformconfig | 7 ++++++-
> 2 files changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/configs/bsp.ref b/configs/bsp.ref
> index 56e83b160eb3..79fbbbb9272b 100644
> --- a/configs/bsp.ref
> +++ b/configs/bsp.ref
> @@ -33,6 +33,17 @@ kernel_initrd:
> value: True
> - value: False
>
> +optee_disabled_features:
> + description: |
> + OP-TEE is used as secure monitor on STM32MP13x providing power
> + management and clock/reset control support. We don't use it as
> + part of a trusted boot setup, so we prefer debuggability over
> + reduction of the attack surface.
> + present:
> + - CFG_DEBUG_INFO
> + - CFG_ENABLE_EMBEDDED_TESTS
> + - CFG_TEE_CORE_TA_TRACE
Can you add a condition to limit this to STM32MP13x or at least ARMv7?
Is there something in the optee config we can match for this?
Conditions for overrides like this mean, that the override is ignored, so
exactly what we want here.
Michael
> +
> rootfs_unused_libraries:
> description: |
> - libatomic is needed on mips and rpi1 by libcrypto, but for simplicity ship it on all platforms
> diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
> index 2efae02cb241..f9c095916c22 100644
> --- a/configs/platform-v7a/platformconfig
> +++ b/configs/platform-v7a/platformconfig
> @@ -199,7 +199,10 @@ PTXCONF_BAREBOX_ARCH_STRING="arm"
> PTXCONF_BOOTLOADER=y
> # PTXCONF_GRUB is not set
> # PTXCONF_HOST_MXS_UTILS is not set
> -# PTXCONF_OPTEE is not set
> +PTXCONF_OPTEE=y
> +PTXCONF_OPTEE_PLATFORM="stm32mp1"
> +PTXCONF_OPTEE_PLATFORM_FLAVOUR="135F_DK"
> +PTXCONF_OPTEE_CFG="CFG_TEE_CORE_LOG_LEVEL=2 CFG_WITH_PAGER=n CFG_GP_SOCKETS=n CFG_TA_MBEDTLS_SELF_TEST=n"
> PTXCONF_TF_A=y
> PTXCONF_TF_A_URL="https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot"
> PTXCONF_TF_A_VERSION="v2.10"
> @@ -349,7 +352,9 @@ PTXCONF_HOST_SYSTEM_PYTHON3_PYPROJECT_HOOKS=y
> PTXCONF_HOST_SYSTEM_PYTHON3_TOMLI=y
> PTXCONF_HOST_SYSTEM_PYTHON3_WHEEL=y
> PTXCONF_HOST_SYSTEM_PYTHON3=y
> +PTXCONF_HOST_SYSTEM_PYTHON3_CRYPTOGRAPHY=y
> PTXCONF_HOST_SYSTEM_PYTHON3_SETUPTOOLS=y
> +PTXCONF_HOST_SYSTEM_PYTHON3_PYELFTOOLS=y
> PTXCONF_HOST_UTIL_LINUX=y
> PTXCONF_HOST_ZLIB=y
> PTXCONF_HOST_TF_A=y
> --
> 2.39.2
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2024-04-03 11:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 10:39 [DistroKit] [PATCH v2 0/8] add STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 1/8] v7a: bootstate: remove unused environment partitions Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 2/8] v7a: barebox: rpi4: fix rpi4 bootstate definition Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 3/8] v7a: images: stm32mp: use barebox-environment partition type UUID Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 4/8] v7a: barebox: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 5/8] v7a: build OP-TEE for STM32MP13 Ahmad Fatoum
2024-04-03 11:50 ` Michael Olbrich [this message]
2024-04-03 10:39 ` [DistroKit] [PATCH v2 6/8] v7a: stm32mp: add TF-A recipe " Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 7/8] v7a: kernel: enable STM32MP135F-DK support Ahmad Fatoum
2024-04-03 10:39 ` [DistroKit] [PATCH v2 8/8] v7a: stm32mp: add image recipe for STM32MP135F-DK Ahmad Fatoum
2024-04-03 11:54 ` Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zg1Cb67Su-NIoENg@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=distrokit@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox