Re: [PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support
On 1/16/24 20:21, Rob Herring wrote:
> On Mon, Jan 15, 2024 at 02:52:47PM +0100, Arnaud Pouliquen wrote:
>> The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration
>> where the Cortex-M4 firmware is loaded by the Trusted execution Environment
>> (TEE).
>> This compatible is used in both the Linux and OP-TEE device-tree.
>> - In OP-TEE, a node is defined in the device tree with the
>> st,stm32mp1-m4-tee to support signed remoteproc firmware.
>> Based on DT properties, OP-TEE authenticates, loads, starts, and stops
>> the firmware.
>> - On Linux, when the compatibility is set, the Cortex-M resets should not
>> be declared in the device tree.
>>
>> Signed-off-by: Arnaud Pouliquen
>> ---
>> .../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++
>> 1 file changed, 44 insertions(+), 9 deletions(-)
>>
>> diff --git
>> a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> index 370af61d8f28..9fdfa30eff20 100644
>> --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> @@ -16,7 +16,12 @@ maintainers:
>>
>> properties:
>>compatible:
>> -const: st,stm32mp1-m4
>> +enum:
>> + - st,stm32mp1-m4
>> + - st,stm32mp1-m4-tee
>> +description:
>> + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux
>
> What if other OSs want to manage the M4?
Right, for instance this compatibles are also used by U-boot. I will change
"by Linux" by "by non secure context"
>
>> + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by
>> secure context
>>
>>reg:
>> description:
>> @@ -142,21 +147,41 @@ properties:
>> required:
>>- compatible
>>- reg
>> - - resets
>>
>> allOf:
>>- if:
>>properties:
>> -reset-names:
>> - not:
>> -contains:
>> - const: hold_boot
>> +compatible:
>> + contains:
>> +const: st,stm32mp1-m4
>> +then:
>> + if:
>> +properties:
>> + reset-names:
>> +not:
>> + contains:
>> +const: hold_boot
>> + then:
>> +required:
>> + - st,syscfg-holdboot
>> + - resets
>> + else:
>> +properties:
>> + st,syscfg-holdboot: false
>> +required:
>> + - reset-names
>
> Looks like a new required property.
I just realize that it does not make sense. We execute this
only if "reset-names" contains "hold_boot".
I will remove it
Thanks!
Arnaud
>
>> + - resets
>> +
>> + - if:
>> + properties:
>> +compatible:
>> + contains:
>> +const: st,stm32mp1-m4-tee
>> then:
>> - required:
>> -- st,syscfg-holdboot
>> -else:
>>properties:
>> st,syscfg-holdboot: false
>> +reset-names: false
>> +resets: false
>>
>> additionalProperties: false
>>
>> @@ -188,5 +213,15 @@ examples:
>>st,syscfg-rsc-tbl = < 0x144 0x>;
>>st,syscfg-m4-state = < 0x148 0x>;
>> };
>> + - |
>> +#include
>> +m4@1000 {
>> + compatible = "st,stm32mp1-m4-tee";
>> + reg = <0x1000 0x4>,
>> +<0x3000 0x4>,
>> +<0x3800 0x1>;
>> + st,syscfg-rsc-tbl = < 0x144 0x>;
>> + st,syscfg-m4-state = < 0x148 0x>;
>> +};
>>
>> ...
>> --
>> 2.25.1
>>
Re: [PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support
On Mon, Jan 15, 2024 at 02:52:47PM +0100, Arnaud Pouliquen wrote:
> The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration
> where the Cortex-M4 firmware is loaded by the Trusted execution Environment
> (TEE).
> This compatible is used in both the Linux and OP-TEE device-tree.
> - In OP-TEE, a node is defined in the device tree with the
> st,stm32mp1-m4-tee to support signed remoteproc firmware.
> Based on DT properties, OP-TEE authenticates, loads, starts, and stops
> the firmware.
> - On Linux, when the compatibility is set, the Cortex-M resets should not
> be declared in the device tree.
>
> Signed-off-by: Arnaud Pouliquen
> ---
> .../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++
> 1 file changed, 44 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> index 370af61d8f28..9fdfa30eff20 100644
> --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
> @@ -16,7 +16,12 @@ maintainers:
>
> properties:
>compatible:
> -const: st,stm32mp1-m4
> +enum:
> + - st,stm32mp1-m4
> + - st,stm32mp1-m4-tee
> +description:
> + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux
What if other OSs want to manage the M4?
> + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by
> secure context
>
>reg:
> description:
> @@ -142,21 +147,41 @@ properties:
> required:
>- compatible
>- reg
> - - resets
>
> allOf:
>- if:
>properties:
> -reset-names:
> - not:
> -contains:
> - const: hold_boot
> +compatible:
> + contains:
> +const: st,stm32mp1-m4
> +then:
> + if:
> +properties:
> + reset-names:
> +not:
> + contains:
> +const: hold_boot
> + then:
> +required:
> + - st,syscfg-holdboot
> + - resets
> + else:
> +properties:
> + st,syscfg-holdboot: false
> +required:
> + - reset-names
Looks like a new required property.
> + - resets
> +
> + - if:
> + properties:
> +compatible:
> + contains:
> +const: st,stm32mp1-m4-tee
> then:
> - required:
> -- st,syscfg-holdboot
> -else:
>properties:
> st,syscfg-holdboot: false
> +reset-names: false
> +resets: false
>
> additionalProperties: false
>
> @@ -188,5 +213,15 @@ examples:
>st,syscfg-rsc-tbl = < 0x144 0x>;
>st,syscfg-m4-state = < 0x148 0x>;
> };
> + - |
> +#include
> +m4@1000 {
> + compatible = "st,stm32mp1-m4-tee";
> + reg = <0x1000 0x4>,
> +<0x3000 0x4>,
> +<0x3800 0x1>;
> + st,syscfg-rsc-tbl = < 0x144 0x>;
> + st,syscfg-m4-state = < 0x148 0x>;
> +};
>
> ...
> --
> 2.25.1
>
[PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support
The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration
where the Cortex-M4 firmware is loaded by the Trusted execution Environment
(TEE).
This compatible is used in both the Linux and OP-TEE device-tree.
- In OP-TEE, a node is defined in the device tree with the
st,stm32mp1-m4-tee to support signed remoteproc firmware.
Based on DT properties, OP-TEE authenticates, loads, starts, and stops
the firmware.
- On Linux, when the compatibility is set, the Cortex-M resets should not
be declared in the device tree.
Signed-off-by: Arnaud Pouliquen
---
.../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++
1 file changed, 44 insertions(+), 9 deletions(-)
diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
index 370af61d8f28..9fdfa30eff20 100644
--- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
+++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
@@ -16,7 +16,12 @@ maintainers:
properties:
compatible:
-const: st,stm32mp1-m4
+enum:
+ - st,stm32mp1-m4
+ - st,stm32mp1-m4-tee
+description:
+ Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux
+ Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by
secure context
reg:
description:
@@ -142,21 +147,41 @@ properties:
required:
- compatible
- reg
- - resets
allOf:
- if:
properties:
-reset-names:
- not:
-contains:
- const: hold_boot
+compatible:
+ contains:
+const: st,stm32mp1-m4
+then:
+ if:
+properties:
+ reset-names:
+not:
+ contains:
+const: hold_boot
+ then:
+required:
+ - st,syscfg-holdboot
+ - resets
+ else:
+properties:
+ st,syscfg-holdboot: false
+required:
+ - reset-names
+ - resets
+
+ - if:
+ properties:
+compatible:
+ contains:
+const: st,stm32mp1-m4-tee
then:
- required:
-- st,syscfg-holdboot
-else:
properties:
st,syscfg-holdboot: false
+reset-names: false
+resets: false
additionalProperties: false
@@ -188,5 +213,15 @@ examples:
st,syscfg-rsc-tbl = < 0x144 0x>;
st,syscfg-m4-state = < 0x148 0x>;
};
+ - |
+#include
+m4@1000 {
+ compatible = "st,stm32mp1-m4-tee";
+ reg = <0x1000 0x4>,
+<0x3000 0x4>,
+<0x3800 0x1>;
+ st,syscfg-rsc-tbl = < 0x144 0x>;
+ st,syscfg-m4-state = < 0x148 0x>;
+};
...
--
2.25.1
