1. Article purpose[edit source]
The article aims to help to rebase an STM32 MPU project on a new ecosystem release by focusing on main changes impacts.
2. Scope of this article[edit source]
This article provides some details for main changes between STM32 MPU ecosystem release v3.1.0 and new STM32 MPU ecosystem release v4.0.0 to help for migrating your project.
3. Impacted domains[edit source]
3.1. Yocto build environment for Distribution Package[edit source]
Yocto layers/recipes to update for new Kirkstone version. Follow scripts available in OpenEmbedded-Core layer to help user:
- ./layers/openembedded-core/scripts/contrib/convert-overrides.py
- ./layers/openembedded-core/scripts/contrib/convert-spdx-licenses.py
- ./layers/openembedded-core/scripts/contrib/convert-srcuri.py
- ./layers/openembedded-core/scripts/contrib/convert-variable-renames.py
- (see Yocto Kirkstone release note[1] for more information)
3.2. Hardware configuration[edit source]
Check device tree files for STMP32 MPU board:
Linux Kernel: between Linux kernel v5.15-stm32mp-r1 (v5.15.24) and previous Linux kernel v5.10-stm32mp-r2 (v5.10.61)
U-Boot: between U-Boot v2021.10-stm32mp-r1 and previous U-Boot v2020.10-stm32mp-r2
OP-TEE: between OP-TEE 3.16.0-stm32mp-r1 and previous OP-TEE 3.12.0-stm32mp-r2
- New STM32MP135x-DK Discovery kit
- Update device tree to use a bus controller configuration to manage secure/non secure IP
- Remove secure-status
- Remove unused nodes in OP-TEE
- Define GPIO secure configuration in device tree
- I2C compatible update for STM32MP15 lines to manage non secure PMIC in OP-TEE (st,stm32mp15-i2c-non-secure)
- Remove nvmem_layout bindings
TF-A: between TF-A v2.6-stm32mp-r1 and previous TF-A v2.4-stm32mp-r2
3.3. System configuration[edit source]
- FIP only on STM32 MPU ecosystem release v4.0.0 . NoFIP is no more supported
- FOTA (memory mapping if activated and GPT UUID partition fixed). If no FOTA activated, no change at driver level. Impact on flashlayout.
- Memory mapping update linked to OP-TEE
3.4. Boot stages[edit source]
BL2
- BL2 more hardcoded and less configurable
- Remove STM32 image management (parsing and authentication)
- Introduce PSA_FWU support: Fix specific UUID for GPT partitions when used
- Update the NAND core driver to allow external memory usage for temporary buffer
SP-MIN boot chain deprecated replaced by OP-TEE.
3.5. Security[edit source]
- Rework firewall control management: use bus controller to add device tree node to probe list
- TZC400 configuration managed in OP-TEE
- Calibration binding updated: Use a dedicated binding for the calibration, out from RCC node
- Remove proprietary SMC access replaced by SCMI access or dedicated PTA.
- Move RNG to secure RNG by default
- Remove SCMI channel 1 (unused) and rename SCMI0 to SCMI
- New BSEC PTA for OTP management
- New Introduce Trusted UI framework
- New SCMI performance for STM32MP13 lines
- New Use clock framework to manage clocks
- Remove SCMI channel 1 (unused) and rename SCMI0 to SCMI
3.6. User space and applications[edit source]
New "weston" user now required for "wayland", which avoid executing some application with root profile for security reasons
- su -l weston -c "<command>" could be used to specify the user profile
which mainly impacts Graphic and Audio frameworks usage.
4. References[edit source]