Difference between revisions of "How to configure TF-A SP-MIN"

== {{ApplicableFor
|MPUs list=STM32MP15x
|MPUs checklist=STM32MP13x, STM32MP15x
}}
== Article purpose ==
This section details the TF-A SP-MIN (BL32) component.
It explains how to use it in STM32 MPU runtime context, the build process from sources, and how to deploy it on your target.<br>


== Overview ==
TF-A SP-MIN is a secure partition that can be used for the ST boot chain.<br>

This secure partition is executed in monitor mode. It is a secure implementation for limited services:
* PSCI
* SCMI
* SiP services

For a more complete secure implementation, choose [[OP-TEE_overview|OP-TEE OS]].<br>


{{Warning | TF-A SP-MIN images must be embedded in the [[How to configure TF-A FIP|FIP binary]] that is loaded by [[TF-A BL2 overview|TF-A BL2]] and can be automatically authentified.}}

== Configuration ==
TF-A SP-MIN is based on device tree configuration.<br>

Its device tree (called TOS_FW_CONFIG) is also loaded by the [[TF-A BL2 overview|TF-A BL2]] and its load address is passed to SP-MIN as second argument.
It allows the SP-MIN code to remain generic and adapt the board compatibility based on the device tree.

== Memory layout ==
SP-MIN binary (bl32.bin) is embedded in the FIP binary and identified as ''tos-fw''.<br>

The SP-MIN device tree is also embedded in the FIP and identified as ''tos-fw-config''.<br>


The SP-MIN is built with the '''PIE''' option which makes the code executable from a configurable address.
The load addresses for SP-MIN and the device tree is configurable thanks to [[TF-A_overview#FCONF|TF-A firmware configuration framework]].
If required, the load address can be independently changed by modifying the [[How to configure TF-A FW CONFIG|firmware configuration file]].

== Source code access and build process ==
Cross compilation of TF-A SP-MIN is only required if it has to be modified.<br>

Refer to [[Cross-compile with OpenSTLinux SDK|Setup Cross compile environment]].

If changes have been made, rebuild TF-A (SP-MIN) and update the [[How to configure TF-A FIP|FIP]]. Update the associated FIP partitions of your boot device with this new image.<br>


The build process creates a TF-A SP-MIN image and its device tree.

=== Install sources ===
==== From the Developer package ====
The Developer Package contains OpenSTLinux and TF-A sources:
[[STM32MP1_Developer_Package#Installing the TF-A|TF-A Installation]]

==== Official source tree ====
Download source code from the official Trusted Firmware-A git repository.
  {{PC$}} git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git

{{Warning|The STM32MP1 platform is not yet fully upstreamed. Depending on the version used, some features may not be available.}}<br>

For a full-featured software, go to STMicroelectronics github:
  {{PC$}} git clone https://github.com/STMicroelectronics/arm-trusted-firmware.git

{{InternalInfo |
Development source tree:
Download source code from the internal git
  {{PC$}} git clone ssh://gerrit.st.com:29418/mpu/oe/st/tf-a.git
}}

==== Distribution Package ====
It is possible to use the distribution package to download and rebuid [[How_to_cross-compile_with_the_Distribution_Package#Modifying_the_TF-A|TF-A SP-MIN]]

==== Build Process ====
===== TF-A Build flags =====
Here is the list of the mandatory flags that need to be specified to complete the SP-MIN build:
* ARM_ARCH_MAJOR=7: the major version of Arm Architecture to target (STM32MP1 is based no an Arm v7 architecture)
* ARCH=aarch32: specifies aarch32 architecture to be built
* PLAT=stm32mp1: builds an STM32MP1 platform
* DTB_FILE_NAME=<fdt file name>.dtb: this flag must be defined to build the proper target and include the correct DTB file into the final file 
* AARCH32_SP=sp_min: selects SP-MIN as secure partition

Optional flags:
* BUILD_PLAT=<folder>: custom output folder name (default is build/<debug/release>/)
* DEBUG{{=}}1: adds debug information in all binaries
* V{{=}}1: prints verbose compilation traces

{{InternalInfo |
* STM32MP_FPGA{{=}}1: includes specific FPGA code (not compatible with board)
* STM32MP1_TEST{{=}}1: enables tests
This TEST flag allows:
* TODO 
}}

==== Build command ====
{{Warning|The DTB_FILE_NAME flag and the AARCH32_SP{{=}}sp_min must be set to select the correct board configuration.<br>

The device tree file for the target must be located in {{CodeSource | TF-A | fdts}}  folder (<board>.dts)}}

First add your own environment flags:
  {{PC$}} unset LDFLAGS;
  {{PC$}} unset CFLAGS;

Then compile the TF-A SP-MIN (BL32).<br>


===== STM32MP15 =====
The default build command for STM32MP15 is:
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min \
          DTB_FILE_NAME=<board>.dtb bl32 dtbs

Here is the build command for the stm32mp157c-ev1 board:
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32=sp_min \
          DTB_FILE_NAME=stm32mp157c-ev1.dtb bl32 dtbs

==== Final image ====
Final images are available for updating the FIP binary (including the associated [[How to configure TF-A FW CONFIG|firmware configuration file]]):<pre>
<BUILD_PLAT>/bl32.bin<BUILD_PLAT>/fdts/<board>.dtb<BUILD_PLAT>/fdts/<board>-fw-config.dtb
Ex:
build/release/bl32.bin
build/release/fdts/stm32mp157c-ev1.dtb
build/release/fdts/stm32mp157c-ev1-fw-config.dtb</pre>


=== Updating the software ===
SP_MIN binary and its associated firmware are part of the [[How to configure TF-A FIP|FIP binary]].<br>

The next step to deploy the SP-MIN firmware is to update the FIP binary following the '''[[How to configure TF-A FIP#Updating_TF-A_SP-MIN|FIP update process]]'''.

=== Extra tips ===
When generating the SP-MIN, it is also possible in a single line to generate the associated FIP with the following command.<br>

Example for STM32MP15 platform:
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min \
          DTB_FILE_NAME=<board_name>.dtb BL33=<u-boot_path>/u-boot-nodtb.bin \
          BL33_CFG=<u-boot_path>/u-boot.dtb bl32 dtbs '''fip'''
<noinclude>

[[Category:Trusted Firmware-A (SP-MIN)| 02]]
{{PublicationRequestId|19291|2120-03-10}}</noinclude>