Re: [PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support
On 1/16/24 20:21, Rob Herring wrote: > On Mon, Jan 15, 2024 at 02:52:47PM +0100, Arnaud Pouliquen wrote: >> The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration >> where the Cortex-M4 firmware is loaded by the Trusted execution Environment >> (TEE). >> This compatible is used in both the Linux and OP-TEE device-tree. >> - In OP-TEE, a node is defined in the device tree with the >> st,stm32mp1-m4-tee to support signed remoteproc firmware. >> Based on DT properties, OP-TEE authenticates, loads, starts, and stops >> the firmware. >> - On Linux, when the compatibility is set, the Cortex-M resets should not >> be declared in the device tree. >> >> Signed-off-by: Arnaud Pouliquen >> --- >> .../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++ >> 1 file changed, 44 insertions(+), 9 deletions(-) >> >> diff --git >> a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml >> b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml >> index 370af61d8f28..9fdfa30eff20 100644 >> --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml >> +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml >> @@ -16,7 +16,12 @@ maintainers: >> >> properties: >>compatible: >> -const: st,stm32mp1-m4 >> +enum: >> + - st,stm32mp1-m4 >> + - st,stm32mp1-m4-tee >> +description: >> + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux > > What if other OSs want to manage the M4? Right, for instance this compatibles are also used by U-boot. I will change "by Linux" by "by non secure context" > >> + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by >> secure context >> >>reg: >> description: >> @@ -142,21 +147,41 @@ properties: >> required: >>- compatible >>- reg >> - - resets >> >> allOf: >>- if: >>properties: >> -reset-names: >> - not: >> -contains: >> - const: hold_boot >> +compatible: >> + contains: >> +const: st,stm32mp1-m4 >> +then: >> + if: >> +properties: >> + reset-names: >> +not: >> + contains: >> +const: hold_boot >> + then: >> +required: >> + - st,syscfg-holdboot >> + - resets >> + else: >> +properties: >> + st,syscfg-holdboot: false >> +required: >> + - reset-names > > Looks like a new required property. I just realize that it does not make sense. We execute this only if "reset-names" contains "hold_boot". I will remove it Thanks! Arnaud > >> + - resets >> + >> + - if: >> + properties: >> +compatible: >> + contains: >> +const: st,stm32mp1-m4-tee >> then: >> - required: >> -- st,syscfg-holdboot >> -else: >>properties: >> st,syscfg-holdboot: false >> +reset-names: false >> +resets: false >> >> additionalProperties: false >> >> @@ -188,5 +213,15 @@ examples: >>st,syscfg-rsc-tbl = < 0x144 0x>; >>st,syscfg-m4-state = < 0x148 0x>; >> }; >> + - | >> +#include >> +m4@1000 { >> + compatible = "st,stm32mp1-m4-tee"; >> + reg = <0x1000 0x4>, >> +<0x3000 0x4>, >> +<0x3800 0x1>; >> + st,syscfg-rsc-tbl = < 0x144 0x>; >> + st,syscfg-m4-state = < 0x148 0x>; >> +}; >> >> ... >> -- >> 2.25.1 >>
Re: [PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support
On Mon, Jan 15, 2024 at 02:52:47PM +0100, Arnaud Pouliquen wrote: > The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration > where the Cortex-M4 firmware is loaded by the Trusted execution Environment > (TEE). > This compatible is used in both the Linux and OP-TEE device-tree. > - In OP-TEE, a node is defined in the device tree with the > st,stm32mp1-m4-tee to support signed remoteproc firmware. > Based on DT properties, OP-TEE authenticates, loads, starts, and stops > the firmware. > - On Linux, when the compatibility is set, the Cortex-M resets should not > be declared in the device tree. > > Signed-off-by: Arnaud Pouliquen > --- > .../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++ > 1 file changed, 44 insertions(+), 9 deletions(-) > > diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml > b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml > index 370af61d8f28..9fdfa30eff20 100644 > --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml > +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml > @@ -16,7 +16,12 @@ maintainers: > > properties: >compatible: > -const: st,stm32mp1-m4 > +enum: > + - st,stm32mp1-m4 > + - st,stm32mp1-m4-tee > +description: > + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux What if other OSs want to manage the M4? > + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by > secure context > >reg: > description: > @@ -142,21 +147,41 @@ properties: > required: >- compatible >- reg > - - resets > > allOf: >- if: >properties: > -reset-names: > - not: > -contains: > - const: hold_boot > +compatible: > + contains: > +const: st,stm32mp1-m4 > +then: > + if: > +properties: > + reset-names: > +not: > + contains: > +const: hold_boot > + then: > +required: > + - st,syscfg-holdboot > + - resets > + else: > +properties: > + st,syscfg-holdboot: false > +required: > + - reset-names Looks like a new required property. > + - resets > + > + - if: > + properties: > +compatible: > + contains: > +const: st,stm32mp1-m4-tee > then: > - required: > -- st,syscfg-holdboot > -else: >properties: > st,syscfg-holdboot: false > +reset-names: false > +resets: false > > additionalProperties: false > > @@ -188,5 +213,15 @@ examples: >st,syscfg-rsc-tbl = < 0x144 0x>; >st,syscfg-m4-state = < 0x148 0x>; > }; > + - | > +#include > +m4@1000 { > + compatible = "st,stm32mp1-m4-tee"; > + reg = <0x1000 0x4>, > +<0x3000 0x4>, > +<0x3800 0x1>; > + st,syscfg-rsc-tbl = < 0x144 0x>; > + st,syscfg-m4-state = < 0x148 0x>; > +}; > > ... > -- > 2.25.1 >
[PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support
The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration where the Cortex-M4 firmware is loaded by the Trusted execution Environment (TEE). This compatible is used in both the Linux and OP-TEE device-tree. - In OP-TEE, a node is defined in the device tree with the st,stm32mp1-m4-tee to support signed remoteproc firmware. Based on DT properties, OP-TEE authenticates, loads, starts, and stops the firmware. - On Linux, when the compatibility is set, the Cortex-M resets should not be declared in the device tree. Signed-off-by: Arnaud Pouliquen --- .../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml index 370af61d8f28..9fdfa30eff20 100644 --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml @@ -16,7 +16,12 @@ maintainers: properties: compatible: -const: st,stm32mp1-m4 +enum: + - st,stm32mp1-m4 + - st,stm32mp1-m4-tee +description: + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by secure context reg: description: @@ -142,21 +147,41 @@ properties: required: - compatible - reg - - resets allOf: - if: properties: -reset-names: - not: -contains: - const: hold_boot +compatible: + contains: +const: st,stm32mp1-m4 +then: + if: +properties: + reset-names: +not: + contains: +const: hold_boot + then: +required: + - st,syscfg-holdboot + - resets + else: +properties: + st,syscfg-holdboot: false +required: + - reset-names + - resets + + - if: + properties: +compatible: + contains: +const: st,stm32mp1-m4-tee then: - required: -- st,syscfg-holdboot -else: properties: st,syscfg-holdboot: false +reset-names: false +resets: false additionalProperties: false @@ -188,5 +213,15 @@ examples: st,syscfg-rsc-tbl = < 0x144 0x>; st,syscfg-m4-state = < 0x148 0x>; }; + - | +#include +m4@1000 { + compatible = "st,stm32mp1-m4-tee"; + reg = <0x1000 0x4>, +<0x3000 0x4>, +<0x3800 0x1>; + st,syscfg-rsc-tbl = < 0x144 0x>; + st,syscfg-m4-state = < 0x148 0x>; +}; ... -- 2.25.1