1. Article purpose[edit source]
This section details the TF-M stage (Trusted Firmware-M).
It explains how to configure and build TF-M in STM32 MPU context, describes the build process from sources, and shows how to deploy it on your target.
2. Source code access and build process[edit source]
2.1. Cross compilation[edit source]
Cross compilation of TF-M is only required if it needs to be modified.
Refer to Setup Cross compile environment.
The build process creates an STM32 image. This binary is built in a single step during the build process.
2.2. Install sources[edit source]
2.2.1. From the Developer package[edit source]
Not available in developer package...
2.2.2. Official source tree[edit source]
Download the source code from the official Trusted Firmware-A git repository.
git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
For a full-featured software, go to STMicroelectronics github:
git clone https://github.com/STMicroelectronics/arm-trusted-firmware.git
2.2.3. Distribution Package[edit source]
It is possible to use the distribution package to download and rebuid TF-A BL2
2.3. Build process[edit source]
2.3.1. TF-M Build flags[edit source]
Generic build flags for TF-A are described in the Build Options page of the official TF-A documentation[1].
Generic build flags for STM32 MPU platforms can be found in the build instruction chapter in docs/plat/st/stm32mpus.rst .
Specific STM32MP1 series platform flags can be found in the build instruction chapter of the official TF-A documentation [2].
Specific STM32MP2 series platform flags can be found in the build instruction chapter in docs/plat/st/stm32mp2.rst .
Other optional flags:
- CONFIG_STM32MP25X_REVA (only for STM32MP2 series): Set this flag to 1 if the STM32MP2 chip is a revision A. Default: 0 (chip revision B)
- STM32MP1_OPTEE_IN_SYSRAM (only for STM32MP15x lines
): To put OP-TEE pager in SYSRAM. Default: 0 (OP-TEE is in DDR) - STM32MP_FORCE_MTD_START_OFFSET = <value>: overrides the default start offset to read FIP on MTD devices (need to be aligned with FlashLayout).
2.4. Build command[edit source]
2.4.1. Build command details[edit source]
The BL2 generation depends on the selected storage device. By default, only one storage device is supported.
:
Then compile the TF-A BL2.
For example, default build command for STM32MP15 is:
make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 \
<Selected storage> STM32MP15=1 DTB_FILE_NAME=<board_name>.dtb
Example with sdcard:
make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 STM32MP_SDMMC=1 \ STM32MP15=1 DTB_FILE_NAME=stm32mp157c-ev1.dtb
Replace STM32MP_SDMMC with the chosen device.
Example for STM32MP2 series:
make PLAT=stm32mp2 DTB_FILE_NAME=stm32mp257f-ev1.dtb STM32MP_SDMMC=1 \
SPD=opteed STM32MP_DDR4_TYPE=1
2.4.2. OSTL device tree for STM32MP2 series[edit source]
For STM32MP257F-EV1 Evaluation board 
, ST provides OSTL device tree configurations in a dedicated git repository: tf-a/stm32mp257f-ev1-ca35tdcid-ostl.dts . You can use the git submodule command:
git submodule add https://github.com/STMicroelectronics/dt-stm32mp fdts/external-dt make PLAT=stm32mp2 DTB_FILE_NAME=stm32mp257f-ev1-ca35tdcid-ostl.dtb STM32MP_SDMMC=1 \ SPD=opteed STM32MP_DDR4_TYPE=1
or git clone command with TFA_EXTERNAL_DT:
git clone https://github.com/STMicroelectronics/dt-stm32mp ${DT_PATH} make PLAT=stm32mp2 DTB_FILE_NAME=stm32mp257f-ev1-ca35tdcid-ostl.dtb STM32MP_SDMMC=1 \ SPD=opteed STM32MP_DDR4_TYPE=1 TFA_EXTERNAL_DT=${DT_PATH}/tf-a
Here DT_PATH can be chosen to whatever you wish, but it must not be a relative path, for example:
export DT_PATH=`pwd`/../dt-stm32mp
2.5. Final image[edit source]
The final image is available for Flash memory or SDCard update in the corresponding folder:
<BUILD_PLAT>/tf-a-<board>.stm32 Ex: build/stm32mp1/release/tf-a-stm32mp157c-ev1.stm32