This corrects the MISRA violation C2012-12.1:
The precedence of operators within expressions should be made explicit.
This is done either by adding parentheses, or by creating dedicated
variables to ease readability.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I5e3f191ee38eca7ef634bd7542e615ab625271f6
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add the decryption support for STM32MP1 binaries.
Decryption is limited to the BL32 loaded images.
Limitation: STM32MP15 doesn't support the feature.
Change-Id: I96800bac7b22109f8471eb2953fc0dc269fc4fd1
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining the standard image ID in
order to decrease requested size in BL2 binary.
Authentication will use mbedTLS library for parsing certificate
configured with a platform configuration.
Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.
Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the crypto library for STM32MP1 to use STM32 hardware
accelerators.
Change-Id: I0bbb941001242a6fdc47514ab3efe07b12249285
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
* changes:
feat(stm32mp1): add early console in SP_min
feat(st): properly manage early console
feat(st-uart): manage STM32MP_RECONFIGURE_CONSOLE
docs(st): introduce STM32MP_RECONFIGURE_CONSOLE
feat(st): add trace for early console
fix(stm32mp1): enable crash console in FIQ handler
feat(st-uart): add initialization with the device tree
refactor(stm32mp1): move DT_UART_COMPAT in include file
feat(stm32mp1): configure the serial boot load address
fix(stm32mp1): update the FIP load address for serial boot
refactor(st): configure baudrate for UART programmer
refactor(st-uart): compute the over sampling dynamically
Since patch on libc refactoring, there is a compilation error with
STM32MP_USB_PROGRAMMER=1:
plat/st/common/stm32cubeprogrammer_usb.c:81:35: error:
implicit declaration of function 'strnlen'
[-Werror=implicit-function-declaration]
length += strnlen((char *)&dfu->buffer[GET_PHASE_LEN],
The string.h header file should be included.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I1fbb2d9714cbc0d0640cb5e3c5ae8201dbfbe14e
The new flag STM32MP_RECONFIGURE_CONSOLE is managed in platform.mk.
It is used in stm32mp_setup_early_console() when calling
plat_crash_console_init(). This call is also under:
"#if defined(IMAGE_BL2)"
as this crash console init shouldn't be done by default in BL32.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ib6b89db83d80095b662a2016e18ceb3fa8668435
When the early console is configured with STM32MP_EARLY_CONSOLE,
display a message indicating it is enabled.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iafdfa5afef27eba823d707841853a8a46de0b42d
Add the possibility to configure the UART baudrate; reused the
console configuration, defined in STM32MP_UART_BAUDRATE.
The default value remains 115200.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ifcf2b36e8ac929265405bc88e824ee78be3b5bbb
The parameter over_sampling of stm32_uart_init_s is not required
as it can be computed dynamically from clock rate of the serial
device and the requested baudrate.
Oversampling by 8 is allowed only for higher speed
(up to clock_rate / 8) to reduce the maximum receiver tolerance
to clock deviation.
This patch update the driver, the serial init struct and the
only user, the stm32cubeprogrammer over uart support.
Change-Id: I422731089730a288defeb7fa49886db65d0902b2
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
When putting FIP binary in eMMC boot partition (with STM32MP_EMMC_BOOT),
the FIP max size should be precised. If it is not, an assert fails in
io_block driver, as cur->size will be zero.
For this length, we then use the size of the eMMC boot partition minus
STM32MP_EMMC_BOOT_FIP_OFFSET.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I48b7635cff64f52d4b337a4c8c3becd9a0be72e8
This flag allows switching to High-Speed mode on SD-cards.
The gain is ~44ms when using SP_min, and ~55ms with OP-TEE.
Change-Id: Ic396c6a14201580b5e5627e6174b85b437b87cae
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Modify the function to retrieve the FIP partition looking
the UUID type define for FIP. If not defined, compatibility
used to find the FIP partition by name.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: I76634dea891f51d913a549fb9a077cf7284d5cb2
Introduce a functionality for saving/restoring boot auth status
and partition used for booting (FSBL partition on which the boot
was successful).
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Change-Id: I4d7f153b70dfc49dad8c1c3fa71111a350caf1ee
STM32MP_EMMC_BOOT allowed placing SSBL into the eMMC boot
partition along with FSBL. This allows atomic update of both
FSBL and SSBL at the same time. Previously, this was only
possible for the FSBL, as the eMMC layout expected by TF-A
had a single SSBL GPT partition in the eMMC user area.
TEE binaries remained in dedicated GPT partitions whether
STM32MP_EMMC_BOOT was on or off.
The new FIP format collects SSBL and TEE partitions into
a single binary placed into a GPT partition.
Extend STM32MP_EMMC_BOOT, so eMMC-booted TF-A first uses
a FIP image placed at offset 256K into the active eMMC boot
partition. If no FIP magic is detected at that offset or if
STM32MP_EMMC_BOOT is disabled, the GPT on the eMMC user area
will be consulted as before.
This allows power fail-safe update of all firmware using the
built-in eMMC boot selector mechanism, provided it fits into
the boot partition - SZ_256K. SZ_256K was chosen because it's
the same offset used with the legacy format and because it's
the size of the on-chip SRAM, where the STM32MP15x BootROM
loads TF-A into. As such, TF-A may not exceed this size limit
for existing SoCs.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Id7bec45652b3a289ca632d38d4b51316c5efdf8d
This issue is triggered when enabling -Wmissing-prototypes:
plat/st/common/bl2_io_storage.c:114:5: warning: no previous prototype
for 'open_fip' [-Wmissing-prototypes]
114 | int open_fip(const uintptr_t spec)
| ^~~~~~~~
plat/st/common/bl2_io_storage.c:119:5: warning: no previous prototype
for 'open_storage' [-Wmissing-prototypes]
119 | int open_storage(const uintptr_t spec)
| ^~~~~~~~~~~~
Add missing stm32mp_io_storage.h header include, where those functions
prototypes are defined.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2af69fadfc4780553f41b338cd93b731210672a6
The get_bl_mem_params_node() function could return NULL. Add asserts to
check the return value is not NULL.
This corrects coverity issues:
pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "pager_mem_params", which is known to be "NULL".
paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "paged_mem_params", which is known to be "NULL".
tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "tos_fw_mem_params", which is known to be "NULL".
Do the same for other occurrences of get_bl_mem_params_node() return not
checked, in the functions plat_get_bl_image_load_info() and
bl2_plat_handle_pre_image_load().
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I79165b1628fcee3da330f2db4ee5e1dafcb1b21f
If we reboot 3 times in trial mode, BL2 will select previous boot image.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I82b423cc84f0471fdb6fa7c393fc5fe411d25c06
Simplify the DT parsing by removing the parsing of the nvmem layout node
with "st,stm32-nvmem-layout" compatible.
The expected OTP NAME can directly be found in a sub-node named
NAME@ADDRESS of the BSEC node, the NVMEM provider node.
This patch also removes this specific binding introduced for TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ic703385fad1bec5bef1cee583fbe9fbbf6aea216
The stm32mp_dt.c file does not need anything from DDR header files.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibfe23204d68ee2e863cd2eda3d725baa830b729a
When trying to boot from an SD card with STM32MP_EMMC_BOOT enabled,
booting fails with:
ERROR: Got unexpected value for active boot partition, 0
ASSERT: plat/st/common/bl2_stm32_io_storage.c:285
because SD cards don't provide a boot partition. So only try reading
from such a partition when booting from eMMC.
Fixes: 214c8a8d08 ("feat(plat/st): add STM32MP_EMMC_BOOT option")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Change-Id: I354b737a3ae3ea577e83dfeb7096df22275d852d
Add the possibility to configure console UART baudrate, it can be passed
as a command line parameter with STM32MP_UART_BAUDRATE. The default value
remains 115200.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I000df70c10b2b4dac1449556596f9820c36cf243
Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad
* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number
The "ngpios" property is deprecated and may be removed.
Use the "gpio-ranges" property where the last parameter of that
property is the number of available pins within that range.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I28295412c7cb1246fc753cff0d447b6fdcdc4c0f
STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695
Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platform services.
String definitions replace hard-coded values, they are used to call
this new function.
Change-Id: I81213e4a9ad08fddadc2c97b064ae057a4c79561
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Remove stm32mp_incr_shrefcnt(), stm32mp_decr_shrefcnt(),
stm32mp_incr_refcnt() and stm32mp_decr_refcnt() that are unused.
The file is then just removed.
Change-Id: I09ee23c02317df5d8f71cbc355d3ed4a67ce2749
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
With the FWU Multi Bank update feature, the platform can boot from one
of multiple banks(partitions). Pass the value of bank from which the
platform has booted as boot index to the Update Agent. The Update
Agent will match this boot index value against the active_index field
in the metadata, and update the metadata if there is a mismatch.
Fow now, the mechanism to pass the boot index is platform specific. On
the STM32MP1 platform, the boot index value is passed through a
memorey mapped TAMP register on the SoC.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I0aa665ff9c1db95be8ae19ed8de6d866587d6850
Add support for reading the FWU metadata partition. The metadata
partition stores information on the current active bank along with
information on all the FWU updatable images on the platform. This
information is then used to identify the image to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I66bc5ac718c21a49c504e698b5b1f5c4daed2d08
With the FWU multi bank boot feature enabled, the platform can boot
from one of the multiple banks(partitions) containing the firmware
images. The bank whose firmware components are to be booted is read
from the FWU metadata structure -- the image to be booted is thus
derived by reading the metadata.
Read the metadata and set the image spec of the corresponding image
type to point to the partition from which the image is to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I3dfdc7e9202859e917ec4e1f7d1855aad42c6b70
Add GUID's for identifying the firmware image type. With the FWU
multi bank boot feature enabled, these GUID values are used to
identify the firmware image to be booted. This is done by matching
GUID values of images in the io policy table with the Image GUID value
that is read from the FWU metadata structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: Id9751f02f95fc48ef68e4e3f9f0ddbf6d6319d3c
With the FWU multi bank feature enabled, the identification of
firmware image type is done using the image type GUID instead of
binary_type field.
Add GUID values for the FIP image which can be updated through
the FWU firmware update feature. The GUID values are used in
identifying the firmware images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: If7d9356aa8d2bb3fbcbc87100e6972f1a1862921
This allows reducing MMU tables, and as there is nothing after ROM code
in memory mapping, this has no impact.
Change-Id: If51facb96a523770465cb06eb1ab400f75d26db3
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
As the UART is already initialized, no need to check for UART clock
or reset in next BL. An issue can appear if the next BL device tree
(e.g HW_CONFIG) doesn't use the same clocks or resets (like SCMI ones).
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I044ef2386abe2d3dba5a53c3685440d64ca50a4f
Use regulator framework to get CPU and VDD power supplies.
Change-Id: Ice745fb21ff10e71ef811e747165499c2e19253e
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Protect the UART instance used for serial boot
with UART used for console.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ieee1557b34e7baa81594c3fbf0513191737027bf
Use stm32mp_uart_console_setup() in SP_min setup.
Adapt the function stm32mp_uart_console_setup() for BL32 (no reset, add
CONSOLE_FLAG_RUNTIME under DEBUG.
Change-Id: Ib2d35c8d285dafb680aa218872ad679cbf43d0ed
Signed-off-by: Yann Gautier <yann.gautier@st.com>
To ease console configuration, a dedicated function is created:
stm32mp_uart_console_setup(). The code will also be common for the
different BLs.
Change-Id: Idf3cad756f125ca2313cf30b1311637a9df8f27f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add function stm32_get_boot_interface to get the current boot interface
from information saved in the TAMP register.
Change-Id: I23af43c68eeaebe4c45920a57d739117aea3fbb1
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The function stm32_save_boot_interface()is moved to stm32mp1_private.c
file. The files stm32mp1_context.{c,h} are removed.
As return is always 0, change the function to return void.
Call it earlier, to be able to use it when configuring console.
Change-Id: I8986e1257dc8e8708eab044a51ea1f2426b16597
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add set_gpio_reset_cfg() to set a pin in its reset configuration:
analog, no-pull, speed low, and its secure configuration, thanks to
stm32_gpio_is_secure_at_reset().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I7b73c3636859f97fcc57f81cf68b42efc727922e
Handle boot from UART with STM32CubeProgammer based on mmap io
for STM32MP15.
Depends-On: Iba84e8dfd67b9f30416efb0f6778e48ba1f75dad
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ibd719dd46a11da78633728675ef6639635b6cf67
Add a file to support the STMicroelectronics tool STM32CubeProgrammer
over UART in BL2 for STM32MP15x platform.
This tools is based on protocol defined in AN5275,
"USB DFU/USART protocols used in STM32MP1 Series bootloaders"
based on STM32 MCU protocols (AN3155, "USART protocol used
in the STM32 bootloader").
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I956c95d8de0a94d1eb8e61f043651dae7b838170
