Hi Patrick,
On 8/31/21 12:24 PM, Patrick DELAUNAY wrote:
Hi,
On 8/26/21 11:42 PM, Alexandru Gagniuc wrote:
OP-TEE does not take a devicetree for its own use. However, it does
pass the devicetree to the normal world OS. In most cases that will
be some other devicetree-bearing platform, such as linux.
As in other cases where there's an OPTEE payload (e.g. BOOTM_OPTEE),
it is required to copy the optee nodes to he target's FDT. Do this as
part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com>
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c..94fbb45cf9 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -19,6 +19,7 @@
#include <asm/arch/sys_proto.h>
#include <mach/tzc.h>
#include <linux/libfdt.h>
+#include <tee/optee.h>
u32 spl_boot_device(void)
{
@@ -182,6 +183,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
stm32_fdt_setup_mac_addr(fdt);
+ optee_copy_fdt_nodes(fdt);
stm32_init_tzc_for_optee();
}
NAK the OP-TEE nodes are ADDED by the OP-TEE firmware in the unsecure
device tree (when CFG_DT is activated)
before to jump to the kernel (that remove the need to have DT
allignement with U-Boot SPL device tree)
=> SPL should not copy the OP-TEE nodes in next stage DT
reference in optee_os = core/arch/arm/kernel/boot.c: add_optee_dt_node()
add_optee_dt_node() <= update_external_dt() <= paged_init_primary()
It is the expected configuration for OP-TEE on STM32MP15 platform.
I agree that if a component modifies the platform, it should be
responsible for updating the devicetree. Two issues though
1. Consistency
The STM32IMAGE boot path expects u-boot to add the optee nodes, while
the FIP path expects OP-TEE to add the nodes. Which one do we stick to?
2. Memory access
I don't understand is how OP-TEE would get past the TZC.
If we look at optee_os => plat-0stm32mp1/plat_tzc400:
"Early boot stage is in charge of configuring memory regions"
The following memory has been set up by SPL (or TF-A for that matter):
Nonsec: c0000000->ddffffff
Sec: de000000->dfdfffff
SHMEM: dfe00000->dfffffff
The external DTB will be in the nonsec region, which OP-TEE allegedly
can't access. So how would this get patched?
Alex