1. Article purpose[edit source]
This section details the TF-M stage (Trusted Firmware-M).
It explains how to configure and build TF-M in STM32 MPU context, describes the build process from sources, and shows how to deploy it on your target.
2. Source code access and build process[edit source]
2.1. Prerequisites[edit source]
Please
2.2. Install sources[edit source]
2.2.1. From the Developer package[edit source]
Not available in developer package...
2.2.2. Official source tree[edit source]
Download the source code from the official Trusted Firmware-A git repository.
git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
For a full-featured software, go to STMicroelectronics github:
git clone https://github.com/STMicroelectronics/trusted-firmware-m.git git clone https://github.com/STMicroelectronics/tf-m-tests.git
2.2.3. Distribution Package[edit source]
Not possible to build TF-M inside distribution package.
2.3. Build process[edit source]
2.3.1. TF-M Build flags[edit source]
Generic build flags for TF-A are described in the Build Options page of the official TF-A documentation[1].
Generic build flags for STM32 MPU platforms can be found in the build instruction chapter in docs/plat/st/stm32mpus.rst .
Specific STM32MP1 series platform flags can be found in the build instruction chapter of the official TF-A documentation [2].
Specific STM32MP2 series platform flags can be found in the build instruction chapter in docs/plat/st/stm32mp2.rst .
Other optional flags:
- CONFIG_STM32MP25X_REVA (only for STM32MP2 series): Set this flag to 1 if the STM32MP2 chip is a revision A. Default: 0 (chip revision B)
- STM32MP1_OPTEE_IN_SYSRAM (only for STM32MP15x lines ): To put OP-TEE pager in SYSRAM. Default: 0 (OP-TEE is in DDR)
- STM32MP_FORCE_MTD_START_OFFSET = <value>: overrides the default start offset to read FIP on MTD devices (need to be aligned with FlashLayout).
2.4. Build command[edit source]
2.4.1. Build command details[edit source]
For example, default build command for STM32MP25 EV1 board is:
cmake -S <SRC_DIRECTORY> -B <BUILD_DIRECTORY> \ -DTFM_PLATFORM=stm/stm32mp257f_ev1 \ -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \ -DTFM_PROFILE=profile_small \ -DCMAKE_BUILD_TYPE=debug \ -DNS=OFF
Example mp25 ev1 board in profile medium:
cmake -S . -B build \ -DTFM_PLATFORM=stm/stm32mp257f_ev1 \ -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \ -DTFM_PROFILE=profile_medium \ -DCMAKE_BUILD_TYPE=debug \ -DNS=OFF
2.4.2. OSTL device tree for STM32MP2 series[edit source]
For STM32MP257F-EV1 Evaluation board , ST provides OSTL device tree configurations in a dedicated git repository: tf-a/stm32mp257f-ev1-ca35tdcid-ostl.dts . You can use the git submodule
command:
git submodule add https://github.com/STMicroelectronics/dt-stm32mp fdts/external-dt make PLAT=stm32mp2 DTB_FILE_NAME=stm32mp257f-ev1-ca35tdcid-ostl.dtb STM32MP_SDMMC=1 \ SPD=opteed STM32MP_DDR4_TYPE=1
or git clone
command with TFA_EXTERNAL_DT:
git clone https://github.com/STMicroelectronics/dt-stm32mp ${DT_PATH} make PLAT=stm32mp2 DTB_FILE_NAME=stm32mp257f-ev1-ca35tdcid-ostl.dtb STM32MP_SDMMC=1 \ SPD=opteed STM32MP_DDR4_TYPE=1 TFA_EXTERNAL_DT=${DT_PATH}/tf-a
Here DT_PATH can be chosen to whatever you wish, but it must not be a relative path, for example:
export DT_PATH=`pwd`/../dt-stm32mp
2.5. Final image[edit source]
The final image is available for Flash memory or SDCard update in the corresponding folder:
<BUILD_PLAT>/tf-a-<board>.stm32 Ex: build/stm32mp1/release/tf-a-stm32mp157c-ev1.stm32