Registered User m (Reverted edits by Registered User (-) to last revision by Registered User) Tag: Rollback |
Registered User Tag: 2017 source edit |
||
| (58 intermediate revisions by 9 users not shown) | |||
| Line 1: | Line 1: | ||
<noinclude>{{ApplicableFor | |||
|MPUs list=STM32MP13x, STM32MP15x, STM32MP21x, STM32MP23x, STM32MP25x | |||
|MPUs checklist=STM32MP13x, STM32MP15x, STM32MP21x, STM32MP23x, STM32MP25x | |||
}}</noinclude> | |||
== Article purpose == | == Article purpose == | ||
The purpose of this article is to explain how to configure the [[BSEC internal peripheral|BSEC]] using the [[Device tree|device tree]] mechanism, relying on the bindings documentation, that is the description of the required and optional device-tree properties. | |||
== DT bindings documentation == | == DT bindings documentation == | ||
| Line 8: | Line 11: | ||
Generic information about NVMEM is available in the [[NVMEM_overview#Device_tree_configuration|NVMEM overview]]. | Generic information about NVMEM is available in the [[NVMEM_overview#Device_tree_configuration|NVMEM overview]]. | ||
The | The device tree binding documents for [[BSEC internal peripheral|BSEC]] are stored either in the given applicable components listed below, or in the Linux kernel repository: | ||
* | * TF-A BL2: | ||
* Linux<sup>®</sup> BSEC | ** {{CodeSource | TF-A | docs/devicetree/bindings/soc/st,stm32-romem.txt}} | ||
* | * OP-TEE: | ||
** STM32 BSEC device tree bindings: {{CodeSource | OP-TEE_OS | documentation/devicetree/bindings/nvmem/st,stm32-romem.yaml}} | |||
* U-Boot, Linux<sup>®</sup> OS: | |||
** STM32 BSEC device tree bindings: {{CodeSource | Linux kernel | Documentation/devicetree/bindings/nvmem/st,stm32-romem.yaml}} | |||
** generic NVMEM devicetree bindings: {{CodeSource | Linux kernel | Documentation/devicetree/bindings/nvmem/nvmem.yaml}}, {{CodeSource | Linux kernel | Documentation/devicetree/bindings/nvmem/nvmem-consumer.yaml}} | |||
== DT configuration == | == DT configuration == | ||
This hardware description is a combination of the '''STM32 microprocessor''' device tree files (''.dtsi'' extension) and '''board''' device tree files (''.dts'' extension). See the [[Device tree]] for an explanation of the device-tree file | This hardware description is a combination of the '''STM32 microprocessor''' device tree files (''.dtsi'' extension) and '''board''' device tree files (''.dts'' extension). See the [[Device tree]] for an explanation of the device-tree file organization. | ||
'''STM32CubeMX''' can be used to generate the board device tree. Refer to [[#How_to_configure_the_DT_using_STM32CubeMX|How to configure the DT using STM32CubeMX]] for more details. | '''STM32CubeMX''' can be used to generate the board device tree. Refer to [[#How_to_configure_the_DT_using_STM32CubeMX|How to configure the DT using STM32CubeMX]] for more details. | ||
=== DT configuration (STM32 level) === | === DT configuration (STM32/SoC level) === | ||
The | The [[BSEC_internal_peripheral|BSEC]] node and [[NVMEM_overview#Device_tree_configuration|NVMEM]] node are located in the [[STM32 MPU device_tree#Device tree structure|device tree file]] for the software components, supporting the peripheral and listed in the above [[#DT bindings documentation|DT bindings documentation]] paragraph. | ||
{{Warning|This device tree part is related to STM32 microprocessors. It must be kept as is, without being modified by the end-user.}} | |||
=== DT configuration (board level) === | |||
The objective of this chapter is to explain how to enable and configure the [[BSEC_internal_peripheral|BSEC]] DT nodes for a board. | |||
Peripheral configuration should be done in specific board device tree files (board dts file). | |||
==== BSEC node append ==== | |||
==== | The board definition in the device tree may include some additional board-specific OTP declarations, for example to add a NVMEM data cell: | ||
The board definition in the device tree may include some additional board-specific OTP declarations: | |||
&bsec { | &bsec { | ||
calib@20 { | |||
reg = <0x20 0x2>; | |||
}; | |||
board_id: board_id@ec { | board_id: board_id@ec { | ||
reg = <0xec 0x4>; | reg = <0xec 0x4>; | ||
st,non-secure-otp; | {{highlightParam|st,non-secure-otp}}; | ||
}; | |||
oem_enc_key@170 { | |||
reg = <0x170 0x10>; | |||
{{highlightParam|st,non-secure-otp-provisioning}}; | |||
}; | }; | ||
}; | }; | ||
On {{MicroprocessorDevice | device=1}}, only lower OTPs (OTP 0 to 31) are accessible by the non-secure world by default. | |||
On {{MicroprocessorDevice | device=2}}, lower and middle OTPs (OTP 0 to 255) are accessible by the non-secure world. | |||
[[STM32 MPU OP-TEE_overview|OP-TEE]] needs to manage exceptions in [[OP-TEE_OTP_overview|BSEC PTA]] to allow some upper OTPs to be accessed by the non-secure world, through secure world services for very specific needs as described in {{CodeSource | OP-TEE_OS | documentation/devicetree/bindings/nvmem/st,stm32-romem.yaml}}. | |||
= | {{Warning| Upper (and middle on {{MicroprocessorDevice | device=2}}) OTP 32-bit length words are ECC-protected. To avoid an invalid ECC, computed after a second write operation, these 64 upper OTPs should be be permanent write locked when they are programmed.}} | ||
This exceptions are defined by the OTP declaration in the secure world device tree with a 32-bit length granularity (that is, 4 bytes): | |||
* using the {{highlightParam|st,non-secure-otp}} property to allow a read/write (only supported by {{MicroprocessorDevice | device=1}}) | |||
* using the {{highlightParam|st,non-secure-otp-provisioning}} property to allow a write until the first programmed value or permanent lock; used for secrets used by secure world but provisioned by the non-secured world. | |||
See example {{CodeSource | OP-TEE_OS | core/arch/arm/dts/stm32mp135f-dk.dts}}. | |||
==How to configure the DT using STM32CubeMX== | ==How to configure the DT using STM32CubeMX== | ||
The [[STM32CubeMX]] tool can be used to configure the STM32MPU device and get the corresponding [[Device_tree# | The [[STM32CubeMX]] tool can be used to configure the STM32MPU device and get the corresponding [[Device_tree#STM32_MPU|platform configuration device tree]] files.<br /> | ||
STM32CubeMX may not support all the properties described in | STM32CubeMX may not support all the properties described in DT binding files listed in the above [[#DT bindings documentation|DT bindings documentation]] paragraph. If so, the tool inserts '''user sections''' in the generated device tree. These sections can then be edited to add some properties, and they are preserved from one generation to another. Refer to [[STM32CubeMX]] user manual for further information. | ||
==References== | ==References== | ||
| Line 163: | Line 77: | ||
<noinclude> | <noinclude> | ||
[[Category:Device tree configuration]] | [[Category:Device tree configuration]] | ||
[[Category: | [[Category:OP-TEE Persistent storage]] | ||
{{ArticleBasedOnModel | Peripheral or framework device tree configuration model}} | {{ArticleBasedOnModel | Peripheral or framework device tree configuration model}} | ||
{{PublicationRequestId | 15044 | 2020-02-21 | 13613 (PhilipS - 2019-10-09))}} | {{PublicationRequestId | 15044 | 2020-02-21 | 13613 (PhilipS - 2019-10-09))}} | ||
</noinclude> | </noinclude> | ||
Latest revision as of 13:39, 9 May 2025
1. Article purpose[edit | edit source]
The purpose of this article is to explain how to configure the BSEC using the device tree mechanism, relying on the bindings documentation, that is the description of the required and optional device-tree properties.
2. DT bindings documentation[edit | edit source]
Generic information about NVMEM is available in the NVMEM overview.
The device tree binding documents for BSEC are stored either in the given applicable components listed below, or in the Linux kernel repository:
- TF-A BL2:
- OP-TEE:
- STM32 BSEC device tree bindings: documentation/devicetree/bindings/nvmem/st,stm32-romem.yaml
- U-Boot, Linux® OS:
- STM32 BSEC device tree bindings: Documentation/devicetree/bindings/nvmem/st,stm32-romem.yaml
- generic NVMEM devicetree bindings: Documentation/devicetree/bindings/nvmem/nvmem.yaml , Documentation/devicetree/bindings/nvmem/nvmem-consumer.yaml
3. DT configuration[edit | edit source]
This hardware description is a combination of the STM32 microprocessor device tree files (.dtsi extension) and board device tree files (.dts extension). See the Device tree for an explanation of the device-tree file organization.
STM32CubeMX can be used to generate the board device tree. Refer to How to configure the DT using STM32CubeMX for more details.
3.1. DT configuration (STM32/SoC level)[edit | edit source]
The BSEC node and NVMEM node are located in the device tree file for the software components, supporting the peripheral and listed in the above DT bindings documentation paragraph.
|
This device tree part is related to STM32 microprocessors. It must be kept as is, without being modified by the end-user. |
3.2. DT configuration (board level)[edit | edit source]
The objective of this chapter is to explain how to enable and configure the BSEC DT nodes for a board.
Peripheral configuration should be done in specific board device tree files (board dts file).
3.2.1. BSEC node append[edit | edit source]
The board definition in the device tree may include some additional board-specific OTP declarations, for example to add a NVMEM data cell:
&bsec { calib@20 { reg = <0x20 0x2>; }; board_id: board_id@ec { reg = <0xec 0x4>; st,non-secure-otp; }; oem_enc_key@170 { reg = <0x170 0x10>; st,non-secure-otp-provisioning; }; };
On STM32MP1 series, only lower OTPs (OTP 0 to 31) are accessible by the non-secure world by default.
On STM32MP2 series, lower and middle OTPs (OTP 0 to 255) are accessible by the non-secure world.
OP-TEE needs to manage exceptions in BSEC PTA to allow some upper OTPs to be accessed by the non-secure world, through secure world services for very specific needs as described in documentation/devicetree/bindings/nvmem/st,stm32-romem.yaml .
|
|
Upper (and middle on STM32MP2 series) OTP 32-bit length words are ECC-protected. To avoid an invalid ECC, computed after a second write operation, these 64 upper OTPs should be be permanent write locked when they are programmed. |
This exceptions are defined by the OTP declaration in the secure world device tree with a 32-bit length granularity (that is, 4 bytes):
- using the st,non-secure-otp property to allow a read/write (only supported by STM32MP1 series)
- using the st,non-secure-otp-provisioning property to allow a write until the first programmed value or permanent lock; used for secrets used by secure world but provisioned by the non-secured world.
See example core/arch/arm/dts/stm32mp135f-dk.dts .
4. How to configure the DT using STM32CubeMX[edit | edit source]
The STM32CubeMX tool can be used to configure the STM32MPU device and get the corresponding platform configuration device tree files.
STM32CubeMX may not support all the properties described in DT binding files listed in the above DT bindings documentation paragraph. If so, the tool inserts user sections in the generated device tree. These sections can then be edited to add some properties, and they are preserved from one generation to another. Refer to STM32CubeMX user manual for further information.
5. References[edit | edit source]
Please refer to the following links for additional information: