Difference between revisions of "STM32MP15 TF-A"

[unchecked revision] [quality revision]
m
m (Reverted edits by Lionel Debieve (talk) to last revision by Yann Gautier)
(Tag: Rollback)
 

1 Article Purpose[edit]

This section details the process used to build TF-A from sources and to deploy it on your target.
The build example is based on the OpenSTLinux environment:

  • Developer Package
  • Distribution Package

2 Overview[edit]

TF-A is the FSBL for the ST trusted boot chain. It must be configured or updated depending on your platform.

Cross compilation of TF-A is only required if it is to be modified. By default, in the Starter Package, the TF-A image is named: tf-<board>-trusted.stm32.
If changes are made, you must rebuild TF-A and update all the FSBL partitions of your boot device with this new image. A second FSBL image is used as a backup image.

The build process creates a full STM32 image that can be used for Flash integrating a specific header.
This trusted firmware-A image contains a device tree, a BL2 and a BL32 stage.
These binaries are built in a single step during the build process.

Atf.stm32.png


3 Developer Package[edit]

3.1 Install sources[edit]

The Developer Package contains OpenSTLinux and TF-A sources: TF-A Installation

3.2 Official source tree[edit]

Download source code from the official Trusted Firmware-A github.

 
 git clone https://github.com/ARM-software/arm-trusted-firmware.git

Warning white.png Warning
The STM32MP1 platform is not yet fully upstreamed. Depending on the version used, some features may not be available.


For a full feature software, a STMicroelectronics github is available:

 
 git clone https://github.com/STMicroelectronics/arm-trusted-firmware.git


3.3 Build Process[edit]

3.3.1 Initialize the cross compile environment[edit]

Setup Cross compile environment

3.3.2 TF-A Build flags[edit]

A Makefile is provided with the developer package that includes the mandatory flags to build the Trusted Firmware-A for STM32MP15.

Mandatory flags:

  • ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
  • ARCH=aarch32: specify aarch32 architecture to be built
  • PLAT=stm32mp1: builds an stm32mp1 platform
  • DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file
  • AARCH32_SP=<monitor>
    • sp_min: builds the BL32 secure monitor if required
    • optee: do not include BL32 and prepare BL2 for optee-specific load.
  • The boot device(s) you use, one (or more) of:
    • STM32MP_EMMC=1
    • STM32MP_SDMMC=1
    • STM32MP_RAW_NAND=1
    • STM32MP_SPI_NAND=1
    • STM32MP_SPI_NOR=1
  • Or a programming interface (you cannot use AARCH32_SP=optee with those flags):
    • STM32MP_UART_PROGRAMMER=1
    • STM32MP_USB_PROGRAMMER=1


Optional flags:

  • DEBUG=1: add debug information in all binaries
  • V=1: print verbose compilation traces


3.4 Build command[edit]

From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target. It automatically sets the proper configuration for the TF-A build.

 
 make -f Makefile.sdk TF_A_CONFIG=trusted TFA_DEVICETREE=<board>

The latest version of the helper file is also available in GitHub: README_HOWTO.txt .

Warning white.png Warning
The DTB_FILE_NAME flag must be set to select the correct board configuration.

The device tree file for the target must be located in fdts folder (<board>.dts)

If no Makefile.sdk exists, you must add your own environment flags:

 
 unset LDFLAGS;
  unset CFLAGS;

Then you will have to compile 2 TF-A binaries: one for flash programming (USB or UART), one for device boot (SD-card, eMMC, SPI-NOR, SPI-NAND or parallel NAND (through FMC)):

 
 make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min DTB_FILE_NAME=<board>.dtb STM32MP_UART_PROGRAMMER=1 STM32MP_USB_PROGRAMMER=1
  make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min DTB_FILE_NAME=<board>.dtb STM32MP_EMMC=1 STM32MP_SDMMC=1 STM32MP_RAW_NAND=1 STM32MP_SPI_NAND=1 STM32MP_SPI_NOR=1

It is advised to remove from the command line the devices you do not use to boot, to ensure that the built binary will fit in the SYSRAM on startup.

3.5 Final image[edit]

Final image is available for Flash or SD card update in the corresponding folder:

build/<target>/<debug|release>/tf-a-<target>.stm32
Ex:
build/stm32mp1/debug/tf-a-stm32mp157c-ev1.stm32

4 Distribution Package[edit]

For an OpenSTLinux distribution, the TF-A image is built in release mode by default. The yocto recipe can be found in:

meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_<version>.bb

If you want to modify the TF-A code source, use the following steps starting from an already downloaded and built OpenSTLinux distribution.

4.1 Access sources[edit]

You can use devtool to access the source.

 
 cd <baseline root directory>
  devtool modify tf-a-stm32mp sources/boot/tf-a

By going to the sources/boot/tf-a folder, you can manage and modify the TF-A sources. To rebuild it, go back to the build-<distribution> folder and launch the TF-A recipe:

 
 bitbake tf-a-stm32mp

The final image is deployed in the image default output folder.

5 Update software on board[edit]

5.1 Partitioning of binaries[edit]

The TF-A build provides a binary named tf-a-stm32mp157c-<board>.stm32 that MUST be copied to a dedicated partition named "fsblX" (X depends on the number of needed backups in the Flash).

Warning white.png Warning
TF-A must be located in the first partition of your boot device.

You can just update the first partition for a simple test, but all backup partitions must contain the same image at the end.

5.2 Update via SDCARD[edit]

If you use an SD card, you can simply update TF-A using the dd command on your host.
Plug your SD card into the computer and copy the binary to the dedicated partition; on an SDCard/USB disk the "fsbl1" partition is partition 1:

 - SDCARD: /dev/mmcblkXp1 (where X is the instance number)
 - SDCARD via USB reader: /dev/sdX1 (where X is the instance number)
  • Linux
 
 dd if=<tf-a file> of=/dev/<device partition> bs=1M conv=fdatasync
Info white.png Information
To find the partition associated to a specific label, just plug the

SDCARD/USB disk into your PC and call the following command:

 
 ls -l /dev/disk/by-partlabel/
 total 0
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 bootfs -> ../../mmcblk0p4
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl1 -> ../../mmcblk0p1          ➔ FSBL1 (TF-A)
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl2 -> ../../mmcblk0p2          ➔ FSBL2 (TF-A backup – same content as FSBL)
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 rootfs -> ../../mmcblk0p5
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 ssbl -> ../../mmcblk0p3           ➔ SSBL (U-Boot)
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 userfs -> ../../mmcblk0p6


  • Windows

CoreUtils [1] that includes the dd command is available for Windows.

5.3 Update via USB mass storage on U-boot[edit]

See How to use USB mass storage in U-Boot

Follow the previous section to put tf-a-<board>.stm32 onto SDCard/USB disk

5.4 Update your boot device via STM32CubeProgrammer[edit]

Refer to the STM32CubeProgrammer documentation to update your target.

6 Secure secret provisioning[edit]

A specific TF-A build is required to manage SSP.

A dedicated branch (named <version>-stm32mp-ssp) is delivered on top of the official TF-A release that contains the specific Makefile for the TF-A SSP.
The TF-A SSP is a subset part of the TF-A that only includes:

  • BL2 device tree
  • BL2 image with limited support to the serial link device.

6.1 Developer Package[edit]

6.1.1 Install sources[edit]

The Developer Package contains OpenSTLinux and TF-A-SSP sources: TF-A-SSP Installation

Warning white.png Warning
The SSP is a specific ST feature and will never be upstreamed.

6.1.2 Additional Flags[edit]

Mandatory flags to build the TF-A SSP are:

  • STM32MP_SSP=1

For the serial link storage

  • STM32MP_UART_PROGRAMMER=1
  • STM32MP_USB_PROGRAMMER=1

6.1.3 Build command[edit]

 
 make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 DTB_FILE_NAME=<board>.dtb STM32MP_SSP=1 STM32MP_UART_PROGRAMMER=1 STM32MP_USB_PROGRAMMER=1

6.1.4 Final image[edit]

Final image is available in the corresponding folder:

build/<target>/<debug|release>/tf-a-ssp-<target>.stm32
Ex:
build/stm32mp1/debug/tf-a-ssp-stm32mp157c-ev1.stm32

6.2 Distribution Package[edit]

For an OpenSTLinux distribution, the TF-A SSP image is not built in release mode by default. The yocto recipe can be found in:

meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp-ssp_<version>.bb

If you want to modify the TF-A SSP code source, use the following steps starting from an already downloaded and built OpenSTLinux distribution.

6.2.1 Access sources[edit]

You can use devtool to access the source.

 
 cd <baseline root directory>
  devtool modify tf-a-stm32mp-ssp sources/boot/tf-a_ssp

By going to the sources/boot/tf-a_ssp folder, you can manage and modify the TF-A sources. To rebuild it, go back to the build-<distribution> folder and launch the TF-A recipe:

 
 bitbake tf-a-stm32mp-ssp

The final image is deployed in the image default output folder.


{{EcosystemFlow/Warning|flow=Next}} 
==== Article Purpose ==
This section details the process used to build TF-A from sources and to deploy it on your target.<br>

The build example is based on the OpenSTLinux environment:
* Developer Package
* Distribution Package

== Overview ==
TF-A is the FSBL for the ST trusted boot chain. It must be configured or updated depending on your platform.<br>
<br>

Cross compilation of TF-A is only required if it is to be modified. By default, in the Starter Package, the TF-A image is named: tf-<board>-trusted.stm32.<br>

If changes are made, you must rebuild TF-A and update all the FSBL partitions of your boot device with this new image. A second FSBL image is used as a backup image.<br>


The build process creates a full STM32 image that can be used for Flash integrating a specific [[STM32MP15 secure boot#STM32_Header|header]].<br>

This trusted firmware-A image contains a device tree, a BL2 and a BL32 stage.<br>

These binaries are built in a single step during the build process.
[[File:Atf.stm32.png|300px|center|link=]]<br>


== Developer Package ==
=== Install sources ===
The Developer Package contains OpenSTLinux and TF-A sources:
[[STM32MP1_Developer_Package#Installing the TF-A|TF-A Installation]]

=== Official source tree ===
Download source code from the official Trusted Firmware-A github.
  {{PC$}} git clone https://github.com/ARM-software/arm-trusted-firmware.git

{{Warning|The STM32MP1 platform is not yet fully upstreamed. Depending on the version used, some features may not be available.}}<br>

For a full feature software, a STMicroelectronics github is available:
  {{PC$}} git clone https://github.com/STMicroelectronics/arm-trusted-firmware.git

{{InternalInfo |
Development source tree:
Download source code from the internal git
  {{PC$}} git clone ssh://gerrit.st.com:29418/mpu/oe/st/tf-a.git
}}

=== Build Process ===
==== Initialize the cross compile environment ====
[[Cross-compile with OpenSTLinux SDK|Setup Cross compile environment]]

==== TF-A Build flags ====
A Makefile is provided with the developer package that includes the mandatory flags to build the Trusted Firmware-A for STM32MP15.

Mandatory flags:
* ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
* ARCH=aarch32: specify aarch32 architecture to be built
* PLAT=stm32mp1: builds an stm32mp1 platform
* DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file 
* AARCH32_SP=<monitor>

** sp_min: builds the BL32 secure monitor if required
** optee: do not include BL32 and prepare BL2 for optee-specific load.
* The boot device(s) you use, one (or more) of:
** STM32MP_EMMC=1
** STM32MP_SDMMC=1
** STM32MP_RAW_NAND=1
** STM32MP_SPI_NAND=1
** STM32MP_SPI_NOR=1
* Or a programming interface (you cannot use AARCH32_SP=optee with those flags):
** STM32MP_UART_PROGRAMMER=1
** STM32MP_USB_PROGRAMMER=1

Optional flags:
* DEBUG{{=}}1: add debug information in all binaries
* V{{=}}1: print verbose compilation traces
{{InternalInfo |
* STM32MP_FPGA{{=}}1: include FPGA specific code (not compatible with board)
* STM32MP1_TEST{{=}}1: enable specific SMC for test purposes (mandatory for validation)
}}

=== Build command ==={{InternalInfo | 
Started from V3.0.0, we use the FIP management. Build commands are changing.
Each part of TF-A must be independently built :
* BL2 generation (depends on selected storage) <pre>

make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_sdmmc DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_SDMMC=1
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_emmc DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_EMMC=1
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_raw_nand DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_RAW_NAND=1
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_spi_nor DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_SPI_NOR=1
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_spi_nand DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_SPI_NAND=1</pre>

Programmer support<pre>

make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_usb DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_USB_PROGRAMMER=1
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_uart DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_UART_PROGRAMMER=1</pre>


* FIP generation
** With SP_MIN as BL32<pre>

make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min BUILD_PLAT=build/fip/stm32mp157c-ev1 DTB_FILE_NAME=stm32mp157c-ev1.dtb fip BL33=<path_to_uboot>/u-boot-nodtb.bin BL33_CFG=<path_to_uboot>/u-boot.dtb FIP_NAME=fip.bin</pre>

OUTPUT:
fip.bin
Debug: bl32.elf

** With OP_TEE as BL32<pre>

make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=optee BL33=<path_to_uboot>/u-boot.bin BL33_CFG=<path_to_uboot>/u-boot.dtb BL32=<path_to_optee>/tee-header_v2.bin BL32_EXTRA1=<path_to_optee>/tee-pager_v2.bin BL32_EXTRA2=<path_to_optee>/tee-pageable_v2.bin fip FIP_NAME=fip-optee.bin BUILD_PLAT=build/fip_optee/stm32mp157c-ev1 DTB_FILE_NAME=stm32mp157c-ev1.dtb</pre>

}}From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target.
It automatically sets the proper configuration for the TF-A build.<br>

  {{PC$}} make -f Makefile.sdk TF_A_CONFIG=trusted TFA_DEVICETREE=<board>

The latest version of the helper file is also available in GitHub:  {{CodeSource | meta-st-stm32mp | recipes-bsp/trusted-firmware-a/tf-a-stm32mp/README.HOW_TO.txt | README_HOWTO.txt}}.

{{Warning|The DTB_FILE_NAME flag must be set to select the correct board configuration.<br>

The device tree file for the target must be located in fdts folder (<board>.dts)}}

If no Makefile.sdk exists, you must add your own environment flags:
  {{PC$}} unset LDFLAGS;
  {{PC$}} unset CFLAGS;

Then you will have to compile 2 TF-A binaries: one for flash programming (USB or UART), one for device boot (SD-card, eMMC, SPI-NOR, SPI-NAND or parallel NAND (through FMC)):
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min DTB_FILE_NAME=<board>.dtb STM32MP_UART_PROGRAMMER=1 STM32MP_USB_PROGRAMMER=1
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min DTB_FILE_NAME=<board>.dtb STM32MP_EMMC=1 STM32MP_SDMMC=1 STM32MP_RAW_NAND=1 STM32MP_SPI_NAND=1 STM32MP_SPI_NOR=1

It is advised to remove from the command line the devices you do not use to boot, to ensure that the built binary will fit in the SYSRAM on startup.

=== Final image ===
Final image is available for Flash or SD card update in the corresponding folder:<pre>

build/<target>/<debug|release>/tf-a-<target>.stm32
Ex:
build/stm32mp1/debug/tf-a-stm32mp157c-ev1.stm32</pre>


== Distribution Package ==
For an OpenSTLinux distribution, the TF-A image is built in release mode by default. The yocto recipe can be found in:<br>
<pre>

meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_<version>.bb</pre>

If you want to modify the TF-A code source, use the following steps starting from an already downloaded and built OpenSTLinux distribution.

=== Access sources ===
You can use [[OpenEmbedded_-_devtool|devtool]] to access the source.
  {{PC$}} cd <baseline root directory>

  {{PC$}} devtool modify tf-a-stm32mp sources/boot/tf-a

By going to the sources/boot/tf-a folder, you can manage and modify the TF-A sources.
To rebuild it, go back to the build-<distribution> folder and launch the TF-A recipe:
  {{PC$}} bitbake tf-a-stm32mp

The final image is deployed in the image default output folder.

== Update software on board ==
=== Partitioning of binaries ===
The TF-A build provides a binary named tf-a-stm32mp157c-<board>.stm32 that MUST be copied to a dedicated partition named "fsblX" (X depends on the number of needed backups in the Flash).

{{Warning|TF-A must be located in the first partition of your boot device.<br>

You can just update the first partition for a simple test, but all backup partitions must contain the same image at the end.
}}

=== Update via SDCARD ===
If you use an SD card, you can simply update TF-A using the dd command on your host.<br>
{{InternalInfo | 
Starting from V3.0.0, the layout change, fip partition must exist on your sdcard. It replaces the previous ssbl part.
You can create it from a flashlayout or just update a previous sdcard with gdisk:
Ex:
  {{PC$}} gdisk /dev/mmcblk0
  c
  3
  fip
  w

  {{PC$}} ls -l /dev/disk/by-partlabel/
  total 0
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 bootfs -> ../../mmcblk0p4
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl1 -> ../../mmcblk0p1          ➔ FSBL1 (TF-A)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl2 -> ../../mmcblk0p2          ➔ FSBL2 (TF-A backup – same content as FSBL)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fip -> ../../mmcblk0p3              ➔ FIP Image
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 rootfs -> ../../mmcblk0p5
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 userfs -> ../../mmcblk0p6

  {{PC$}} dd if{{=}}<tf-a BL2 STM32 file> of{{=}}/dev/<device partition> bs{{=}}1M conv{{=}}fdatasync ➔ Partition 1 and 2
  {{PC$}} dd if{{=}}<FIP Image> of{{=}}/dev/<device partition> bs{{=}}1M conv{{=}}fdatasync ➔ Partition 3
}}Plug your SD card into the computer and copy the binary to the dedicated partition; on an SDCard/USB disk the "fsbl1" partition is partition 1:
  - SDCARD: /dev/mmcblkXp1 (where X is the instance number)
  - SDCARD via USB reader: /dev/sdX1 (where X is the instance number)
* Linux
  {{PC$}} dd if=<tf-a file> of=/dev/<device partition> bs=1M conv=fdatasync

{{Info| To find the partition associated to a specific label, just plug the
SDCARD/USB disk into your PC and call the following command:

  {{PC$}} ls -l /dev/disk/by-partlabel/
  total 0
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 bootfs -> ../../mmcblk0p4
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl1 -> ../../mmcblk0p1          ➔ FSBL1 (TF-A)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl2 -> ../../mmcblk0p2          ➔ FSBL2 (TF-A backup – same content as FSBL)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 rootfs -> ../../mmcblk0p5
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 ssbl -> ../../mmcblk0p3           ➔ SSBL (U-Boot)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 userfs -> ../../mmcblk0p6
}}<br>

* Windows
CoreUtils <ref>http://gnuwin32.sourceforge.net/packages/coreutils.htm</ref> that includes the dd command is available for Windows.

=== Update via USB mass storage on U-boot ===
See [[How to use USB mass storage in U-Boot]]

Follow the previous section to put tf-a-<board>.stm32 onto SDCard/USB disk

=== Update your boot device via STM32CubeProgrammer ===
Refer to the [[STM32CubeProgrammer]] documentation to update your target.

== Secure secret provisioning ==
A specific TF-A build is required to manage SSP. 

A dedicated branch (named '''<version>-stm32mp-ssp''') is delivered on top of the official TF-A release that contains the specific Makefile for the TF-A SSP.<br>

The TF-A SSP is a subset part of the TF-A that only includes:
* BL2 device tree
* BL2 image with limited support to the serial link device.

=== Developer Package ===
==== Install sources ====
The Developer Package contains OpenSTLinux and TF-A-SSP sources:
[[STM32MP1_Developer_Package#Installing the TF-A-SSP|TF-A-SSP Installation]]

{{Warning|The SSP is a specific ST feature and will never be upstreamed.}}

==== Additional Flags ====
Mandatory flags to build the TF-A SSP are:
* '''STM32MP_SSP=1'''
For the serial link storage
* STM32MP_UART_PROGRAMMER=1
* STM32MP_USB_PROGRAMMER=1

==== Build command ====
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 DTB_FILE_NAME=<board>.dtb STM32MP_SSP=1 STM32MP_UART_PROGRAMMER=1 STM32MP_USB_PROGRAMMER=1

==== Final image ====
Final image is available in the corresponding folder:<pre>

build/<target>/<debug|release>/tf-a-ssp-<target>.stm32
Ex:
build/stm32mp1/debug/tf-a-ssp-stm32mp157c-ev1.stm32</pre>


=== Distribution Package ===
For an OpenSTLinux distribution, the TF-A SSP image is '''not''' built in release mode by default. The yocto recipe can be found in:<br>
<pre>

meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp-ssp_<version>.bb</pre>

If you want to modify the TF-A SSP code source, use the following steps starting from an already downloaded and built OpenSTLinux distribution.

==== Access sources ====
You can use [[OpenEmbedded_-_devtool|devtool]] to access the source.
  {{PC$}} cd <baseline root directory>

  {{PC$}} devtool modify tf-a-stm32mp-ssp sources/boot/tf-a_ssp

By going to the sources/boot/tf-a_ssp folder, you can manage and modify the TF-A sources.
To rebuild it, go back to the build-<distribution> folder and launch the TF-A recipe:
  {{PC$}} bitbake tf-a-stm32mp-ssp

The final image is deployed in the image default output folder.
<noinclude>

{{PublicationRequestId | 12345 | 2018-10-10 | PhilipS}}
[[Category:Trusted Firmware-A (TF-A)| 02]]
[[Category:Trusted Firmware-A (SP-MIN)| 02]]</noinclude>
Line 1: Line 1:
{{EcosystemFlow/Warning|flow=Next}}
 
 
== Article Purpose ==
 
== Article Purpose ==
 
This section details the process used to build TF-A from sources and to deploy it on your target.<br>
 
This section details the process used to build TF-A from sources and to deploy it on your target.<br>
Line 74: Line 73:
   
 
=== Build command ===
 
=== Build command ===
{{InternalInfo |
 
Started from V3.0.0, we use the FIP management. Build commands are changing.
 
Each part of TF-A must be independently built :
 
* BL2 generation (depends on selected storage)
 
<pre>
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_sdmmc DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_SDMMC=1
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_emmc DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_EMMC=1
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_raw_nand DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_RAW_NAND=1
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_spi_nor DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_SPI_NOR=1
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_spi_nand DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_SPI_NAND=1
 
</pre>
 
Programmer support
 
<pre>
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_usb DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_USB_PROGRAMMER=1
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 BUILD_PLAT=build/stm32mp157c-ev1_bl2_uart DTB_FILE_NAME=stm32mp157c-ev1.dtb STM32MP_UART_PROGRAMMER=1
 
</pre>
 
 
* FIP generation
 
** With SP_MIN as BL32
 
<pre>
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min BUILD_PLAT=build/fip/stm32mp157c-ev1 DTB_FILE_NAME=stm32mp157c-ev1.dtb fip BL33=<path_to_uboot>/u-boot-nodtb.bin BL33_CFG=<path_to_uboot>/u-boot.dtb FIP_NAME=fip.bin
 
</pre>
 
OUTPUT:
 
fip.bin
 
Debug: bl32.elf
 
 
** With OP_TEE as BL32
 
<pre>
 
make -j4 ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=optee BL33=<path_to_uboot>/u-boot.bin BL33_CFG=<path_to_uboot>/u-boot.dtb BL32=<path_to_optee>/tee-header_v2.bin BL32_EXTRA1=<path_to_optee>/tee-pager_v2.bin BL32_EXTRA2=<path_to_optee>/tee-pageable_v2.bin fip FIP_NAME=fip-optee.bin BUILD_PLAT=build/fip_optee/stm32mp157c-ev1 DTB_FILE_NAME=stm32mp157c-ev1.dtb
 
</pre>
 
}}
 
 
From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target.
 
From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target.
 
It automatically sets the proper configuration for the TF-A build.<br>
 
It automatically sets the proper configuration for the TF-A build.<br>
Line 159: Line 127:
 
=== Update via SDCARD ===
 
=== Update via SDCARD ===
 
If you use an SD card, you can simply update TF-A using the dd command on your host.<br>
 
If you use an SD card, you can simply update TF-A using the dd command on your host.<br>
{{InternalInfo |
 
Starting from V3.0.0, the layout change, fip partition must exist on your sdcard. It replaces the previous ssbl part.
 
You can create it from a flashlayout or just update a previous sdcard with gdisk:
 
Ex:
 
  {{PC$}} gdisk /dev/mmcblk0
 
  c
 
  3
 
  fip
 
  w
 
 
  {{PC$}} ls -l /dev/disk/by-partlabel/
 
  total 0
 
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 bootfs -> ../../mmcblk0p4
 
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl1 -> ../../mmcblk0p1          ➔ FSBL1 (TF-A)
 
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl2 -> ../../mmcblk0p2          ➔ FSBL2 (TF-A backup – same content as FSBL)
 
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fip -> ../../mmcblk0p3              ➔ FIP Image
 
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 rootfs -> ../../mmcblk0p5
 
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 userfs -> ../../mmcblk0p6
 
 
  {{PC$}} dd if{{=}}<tf-a BL2 STM32 file> of{{=}}/dev/<device partition> bs{{=}}1M conv{{=}}fdatasync ➔ Partition 1 and 2
 
  {{PC$}} dd if{{=}}<FIP Image> of{{=}}/dev/<device partition> bs{{=}}1M conv{{=}}fdatasync ➔ Partition 3
 
}}
 
 
Plug your SD card into the computer and copy the binary to the dedicated partition; on an SDCard/USB disk the "fsbl1" partition is partition 1:
 
Plug your SD card into the computer and copy the binary to the dedicated partition; on an SDCard/USB disk the "fsbl1" partition is partition 1:
 
   - SDCARD: /dev/mmcblkXp1 (where X is the instance number)
 
   - SDCARD: /dev/mmcblkXp1 (where X is the instance number)