Difference between revisions of "STM32MP15 TF-A"

[quality revision] [quality revision]
m (Final image)
 
m
 

Template:ArticleMainWriter Template:ArticleApprovedVersion

1 Article Purpose[edit]

This section details the process used to build TF-A from sources and to deploy it on your target.
The build example is based on the OpenSTLinux environment:

  • Developer Package
  • Distribution Package

2 Overview[edit]

TF-A is the FSBL for the ST trusted boot chain. It must be configured or updated depending on your platform.

Cross compilation of TF-A is only required if it is to be modified. By default, in the Starter Package, the TF-A image is named: tf-<board>-trusted.stm32.
In changes are made, you must rebuild TF-A and update all the FSBL partitions of your boot device with this new image. A second FSBL image is used as a backup image.

The build process creates a full STM32 image that can be used for Flash integrating a specific header.
This trusted firmware-A image contains a device tree, a BL2 and a BL32 stage.
These binaries are built in a single step during the build process.

Atf.stm32.png


3 Developer Package[edit]

3.1 Install sources[edit]

The Developer Package contains OpenSTLinux and TF-A sources: TF-A Installation

3.2 Official source tree[edit]

Warning.png The STM32MP1 platform is not yet fully upstreamed. So features are not available from this repository

Download source code from the official github

 
PC $> git clone https://github.com/ARM-software/arm-trusted-firmware.git


3.3 Build Process[edit]

3.3.1 Initialise the cross compile environment[edit]

Setup Cross compile environment

3.3.2 TF-A Build flags[edit]

For ecosystem release ≥ v1.2.0 More info.png
Mandatory flags:

  • ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
  • ARCH=aarch32: specify aarch32 architecture to be built
  • PLAT=stm32mp1: builds an stm32mp1 platform
  • DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file
  • AARCH32_SP=<monitor>
    • sp_min: builds the BL32 secure monitor if required
    • optee: do not include BL32 and prepare BL2 for optee-specific load which also requires to build with the 'STM32MP_BOOT_ONLY=1' option.

Optional flags:

  • STM32MP_BOOT_ONLY=1: Build all storage driver supports except serial (no stm32_programmer support). Required for OP-TEE mode.
  • STM32MP_FLASHLOADER_ONLY=1: Build only serial link driver support (UART/USB) and stm32_programmer support.
  • DEBUG=1: add debug information in all binaries
  • V=1: print verbose compilation traces


For ecosystem release v1.1.0 More info.png

Mandatory flags:

  • ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
  • ARCH=aarch32: specify aarch32 architecture to be built
  • PLAT=stm32mp1: builds an stm32mp1 platform
  • DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file
  • AARCH32_SP=<monitor>
    • sp_min: builds the BL32 secure monitor if required
AARCH32_SP=
    • optee: do not include BL32 and prepare BL2 for optee-specific load

Optional flags:

  • DEBUG=1: add debug information in all binaries
  • V=1: print verbose compilation traces

3.4 Build command[edit]

From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target. It automatically sets the proper configuration for the TF-A build.

 
PC $> make -f Makefile.sdk DTBTF_FILEA_NAME=CONFIG=trusted TFA_DEVICETREE=stm32mp157c-<board>.dtb

The latest version of the helper file is also available in this user guide: README.HOW_TO.txt.

Warning.png The DTB_FILE_NAME flag must be set to select the correct board configuration.

The device tree file for the target must be located in fdts folder (stm32mp157c-<board>.dts)

If no Makefile.sdk exists, you must add your own environment flags:

 
PC $> unset LDFLAGS;
 PC $> unset CFLAGS;
 PC $> make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min DTB_FILE_NAME=stm32mp157c-<board>.dtb

3.5 Final image[edit]

Final image is available for Flash or SD card update in the corresponding folder:

build/<target>/<debug|release>/tf-a-<target>.stm32
Ex:
build/stm32mp1/debug/tf-a-stm32mp157c-ev1.stm32

4 Distribution Package[edit]

For an OpenSTLinux distribution, the TF-A image is built in release mode by default. The yocto recipe can be found in:

meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_<version>.bb

If you want to modify the TF-A code source, use the following steps starting from an already downloaded and built OpenSTLinux distribution.

4.1 Access sources[edit]

You can use devtool to access the source. devtool

 
PC $> cd <baseline root directory>
 PC $> devtool modify tf-a-stm32mp sources/boot/tf-a

By going to the sources/boot/tf-a folder, you can manage and modify the TF-A sources. To rebuild it, go back to the build-<distribution> folder and launch the TF-A recipe:

 
PC $> bitbake tf-a-stm32mp

The final image is deployed in the image default output folder.

5 Update software on board[edit]

5.1 Partitioning of binaries[edit]

The TF-A build provides a binary named tf-a-stm32mp157c-<board>.stm32 that MUST be copied to a dedicated partition named "fsblX" (X depends of needed backup).

Warning.png TF-A must be located in the first partition of your boot device.

You can just update the first partition for a simple test, but all backup partitions must contain the same image at the end.

5.2 Update via SDCARD[edit]

If you use an SD card, you can simply update TF-A using the dd command on your host.
Plug your SD card into the computer and copy the binary to the dedicated partition; on an SDCard/USB disk the "fsbl1" partition is partition 1:

 - SDCARD: /dev/mmcblkXp1 (where X is the instance number)
 - SDCARD via USB reader: /dev/sdX1 (where X is the instance number)
  • Linux
 
PC $> dd if=<tf-a file> of=/dev/<device partition> bs=1M conv=fdatasync
Info.png To find the partition associated to a specific label, just plug the

SDCARD/USB disk into your PC and call the following command:

 
PC $> ls -l /dev/disk/by-partlabel/
 total 0
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 bootfs -> ../../mmcblk0p4
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl1 -> ../../mmcblk0p1          ➔ FSBL1 (TF-A)
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl2 -> ../../mmcblk0p2          ➔ FSBL2 (TF-A backup – same content as FSBL)
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 rootfs -> ../../mmcblk0p5
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 ssbl -> ../../mmcblk0p3           ➔ SSBL (U-Boot)
 lrwxrwxrwx 1 root root 10 Jan 17 17:38 userfs -> ../../mmcblk0p6
  • Windows

There is an existing dd for Windows that makes binary copying possible.

5.3 Update via USB mass storage on U-boot[edit]

See How to use USB mass storage in U-Boot

Follow the previous section to put tf-a-<board>.stm32 onto SDCard/USB disk

5.4 Update your boot device (including SD card on the target)[edit]

Refer to the STM32CubeProgrammer documentation to update your target.



<noinclude>

{{ArticleMainWriter | LionelD}}
{{ArticleApprovedVersion | LionelD | YannG, NicolasLB | No previous approved version | PhilipS - 10Oct'18 - 9177 | 29Oct'18}}
[[Category:Trusted Firmware-A (TF-A)| 02]]
</noinclude>

== == Article Purpose ==
This section details the process used to build TF-A from sources and to deploy it on your target.<br>

The build example is based on the OpenSTLinux environment:
* Developer Package
* Distribution Package

== Overview ==
TF-A is the FSBL for the ST trusted boot chain. It must be configured or updated depending on your platform.<br>
<br>

Cross compilation of TF-A is only required if it is to be modified. By default, in the Starter Package, the TF-A image is named: tf-<board>-trusted.stm32.<br>

In changes are made, you must rebuild TF-A and update all the FSBL partitions of your boot device with this new image. A second FSBL image is used as a backup image.<br>


The build process creates a full STM32 image that can be used for Flash integrating a specific [[STM32MP15 secure boot#STM32_Header|header]].<br>

This trusted firmware-A image contains a device tree, a BL2 and a BL32 stage.<br>

These binaries are built in a single step during the build process.
[[File:Atf.stm32.png|300px|center|link=]]<br>


== Developer Package ==
=== Install sources ===
The Developer Package contains OpenSTLinux and TF-A sources:
[[STM32MP1_Developer_Package#Installing the TF-A|TF-A Installation]]

=== Official source tree ===
{{Warning|The STM32MP1 platform is not yet fully upstreamed. So features are not available from this repository}}
Download source code from the official github
  {{PC$}} git clone https://github.com/ARM-software/arm-trusted-firmware.git

{{InternalInfo |=== Development source tree ===:Download source code from the internal git
  {{PC$}} git clone ssh://gerrit.st.com:29418/mpu/oe/st/tf-a.git
}}

=== Build Process ===
==== Initialise the cross compile environment ====
[[Cross-compile with OpenSTLinux SDK|Setup Cross compile environment]]

==== TF-A Build flags ===='''For {{EcosystemRelease | revision=1.2.0 | range=and after}}'''<br>
Mandatory flags:
* ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
* ARCH=aarch32: specify aarch32 architecture to be built
* PLAT=stm32mp1: builds an stm32mp1 platform
* DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file Optional flags:
* AARCH32_SP=* AARCH32_SP=<monitor>

** sp_min: builds the BL32 secure monitor if required
** optee: do not include BL32 and prepare BL2 for optee-specific load which also requires to build with the 'STM32MP_BOOT_ONLY{{=}}1' option.

Optional flags:
* STM32MP_BOOT_ONLY{{=}}1: Build all storage driver supports except serial (no stm32_programmer support). Required for OP-TEE mode.
* STM32MP_FLASHLOADER_ONLY{{=}}1: Build only serial link driver support (UART/USB) and stm32_programmer support.
* DEBUG{{=}}1: add debug information in all binaries
* V{{=}}1: print verbose compilation traces
{{InternalInfo |
* STM32MP_FPGA{{=}}1: include FPGA specific code (not compatible with board)
* STM32MP1_TEST{{=}}1: enable specific SMC for test purposes (mandatory for validation)
}}
<div class="mw-collapsible mw-collapsed">

'''For {{EcosystemRelease | revision=1.1.0}}'''<div class="mw-collapsible-content">

Mandatory flags:
* ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
* ARCH=aarch32: specify aarch32 architecture to be built
* PLAT=stm32mp1: builds an stm32mp1 platform
* DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file 
* AARCH32_SP=<monitor>

** sp_min: builds the BL32 secure monitor if required
* AARCH32_SP=* optee: do not include BL32 and prepare BL2 for optee-specific load

Optional flags:* DEBUG{{=}}1: add debug information in all binaries
* V{{=}}1: print verbose compilation traces
{{InternalInfo |
* STM32MP_FPGA{{=}}1: include FPGA specific code (not compatible with board)
* STM32MP1_TEST{{=}}1: enable specific SMC for test purposes (mandatory for validation)
}}</div></div>

=== Build command ===
From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target.
It automatically sets the proper configuration for the TF-A build.<br>

  {{PC$}} make -f Makefile.sdk DTB_FILE_NAME=stm32mp157c-<board>.dtbTF_A_CONFIG=trusted TFA_DEVICETREE=stm32mp157c-<board>

The latest version of the helper file is also available in this user guide: [[media:TF-A.README.HOW_TO.txt|README.HOW_TO.txt]].

{{Warning|The DTB_FILE_NAME flag must be set to select the correct board configuration.<br>

The device tree file for the target must be located in fdts folder (stm32mp157c-<board>.dts)}}

If no Makefile.sdk exists, you must add your own environment flags:
  {{PC$}} unset LDFLAGS;
  {{PC$}} unset CFLAGS;
  {{PC$}} make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min DTB_FILE_NAME=stm32mp157c-<board>.dtb

=== Final image ===
Final image is available for Flash or SD card update in the corresponding folder:<pre>

build/<target>/<debug|release>/tf-a-<target>.stm32
Ex:
build/stm32mp1/debug/tf-a-stm32mp157c-ev1.stm32</pre>


== Distribution Package ==
For an OpenSTLinux distribution, the TF-A image is built in release mode by default. The yocto recipe can be found in:<br>
<pre>

meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_<version>.bb</pre>

If you want to modify the TF-A code source, use the following steps starting from an already downloaded and built OpenSTLinux distribution.

=== Access sources ===
You can use devtool to access the source. [[OpenEmbedded_-_devtool|devtool]][[OpenEmbedded_-_devtool|devtool]] to access the source.{{PC$}} cd <baseline root directory>

  {{PC$}} devtool modify tf-a-stm32mp sources/boot/tf-a

By going to the sources/boot/tf-a folder, you can manage and modify the TF-A sources.
To rebuild it, go back to the build-<distribution> folder and launch the TF-A recipe:
  {{PC$}} bitbake tf-a-stm32mp

The final image is deployed in the image default output folder.

== Update software on board ==
=== Partitioning of binaries ===
The TF-A build provides a binary named tf-a-stm32mp157c-<board>.stm32 that MUST be copied to a dedicated partition named "fsblX" (X depends of needed backup).

{{Warning|TF-A must be located in the first partition of your boot device.<br>

You can just update the first partition for a simple test, but all backup partitions must contain the same image at the end.
}}

=== Update via SDCARD ===
If you use an SD card, you can simply update TF-A using the dd command on your host.<br>

Plug your SD card into the computer and copy the binary to the dedicated partition; on an SDCard/USB disk the "fsbl1" partition is partition 1:
  - SDCARD: /dev/mmcblkXp1 (where X is the instance number)
  - SDCARD via USB reader: /dev/sdX1 (where X is the instance number)
* Linux
  {{PC$}} dd if=<tf-a file> of=/dev/<device partition> bs=1M conv=fdatasync

{{Info| To find the partition associated to a specific label, just plug the
SDCARD/USB disk into your PC and call the following command:

  {{PC$}} ls -l /dev/disk/by-partlabel/
  total 0
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 bootfs -> ../../mmcblk0p4
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl1 -> ../../mmcblk0p1          ➔ FSBL1 (TF-A)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 fsbl2 -> ../../mmcblk0p2          ➔ FSBL2 (TF-A backup – same content as FSBL)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 rootfs -> ../../mmcblk0p5
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 ssbl -> ../../mmcblk0p3           ➔ SSBL (U-Boot)
  lrwxrwxrwx 1 root root 10 Jan 17 17:38 userfs -> ../../mmcblk0p6
}}

* Windows
There is an existing dd for Windows that makes binary copying possible.

=== Update via USB mass storage on U-boot ===
See [[How to use USB mass storage in U-Boot]]

Follow the previous section to put tf-a-<board>.stm32 onto SDCard/USB disk

=== Update your boot device (including SD card on the target) ===
Refer to the [[STM32CubeProgrammer]] documentation to update your target.

<noinclude>

{{PublicationRequestId | 12345 | 2018-10-10 | PhilipS}}
[[Category:Trusted Firmware-A (TF-A)| 02]]</noinclude>
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
<noinclude>
+
== Article Purpose ==
{{ArticleMainWriter | LionelD}}
 
{{ArticleApprovedVersion | LionelD | YannG, NicolasLB | No previous approved version | PhilipS - 10Oct'18 - 9177 | 29Oct'18}}
 
[[Category:Trusted Firmware-A (TF-A)| 02]]
 
 
 
</noinclude>
 
== Purpose ==
 
 
This section details the process used to build TF-A from sources and to deploy it on your target.<br>
 
This section details the process used to build TF-A from sources and to deploy it on your target.<br>
 
The build example is based on the OpenSTLinux environment:
 
The build example is based on the OpenSTLinux environment:
Line 35: Line 29:
   
 
{{InternalInfo |
 
{{InternalInfo |
=== Development source tree ===
+
Development source tree:
 
Download source code from the internal git
 
Download source code from the internal git
 
   {{PC$}} git clone ssh://gerrit.st.com:29418/mpu/oe/st/tf-a.git
 
   {{PC$}} git clone ssh://gerrit.st.com:29418/mpu/oe/st/tf-a.git
Line 45: Line 39:
   
 
==== TF-A Build flags ====
 
==== TF-A Build flags ====
  +
'''For {{EcosystemRelease | revision=1.2.0 | range=and after}}'''<br>
 
Mandatory flags:
 
Mandatory flags:
 
* ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
 
* ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
Line 50: Line 45:
 
* PLAT=stm32mp1: builds an stm32mp1 platform
 
* PLAT=stm32mp1: builds an stm32mp1 platform
 
* DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file  
 
* DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file  
  +
* AARCH32_SP=<monitor>
  +
** sp_min: builds the BL32 secure monitor if required
  +
** optee: do not include BL32 and prepare BL2 for optee-specific load which also requires to build with the 'STM32MP_BOOT_ONLY{{=}}1' option.
  +
 
Optional flags:
 
Optional flags:
* AARCH32_SP=sp_min: builds the BL32 secure monitor if required
+
* STM32MP_BOOT_ONLY{{=}}1: Build all storage driver supports except serial (no stm32_programmer support). Required for OP-TEE mode.
* AARCH32_SP=optee: do not include BL32 and prepare BL2 for optee-specific load
+
* STM32MP_FLASHLOADER_ONLY{{=}}1: Build only serial link driver support (UART/USB) and stm32_programmer support.
 
* DEBUG{{=}}1: add debug information in all binaries
 
* DEBUG{{=}}1: add debug information in all binaries
 
* V{{=}}1: print verbose compilation traces
 
* V{{=}}1: print verbose compilation traces
Line 60: Line 59:
 
}}
 
}}
   
  +
<div class="mw-collapsible mw-collapsed">
  +
'''For {{EcosystemRelease | revision=1.1.0}}'''
  +
<div class="mw-collapsible-content">
  +
Mandatory flags:
  +
* ARM_ARCH_MAJOR=7: the major version of ARM Architecture to target (STM32MP15 is ARMv7 architecture based)
  +
* ARCH=aarch32: specify aarch32 architecture to be built
  +
* PLAT=stm32mp1: builds an stm32mp1 platform
  +
* DTB_FILE_NAME=<fdt file name>.dtb: this must be defined to build the proper target and include the correct DTB file into the final file
  +
* AARCH32_SP=<monitor>
  +
** sp_min: builds the BL32 secure monitor if required
  +
** optee: do not include BL32 and prepare BL2 for optee-specific load
  +
  +
Optional flags:
  +
* DEBUG{{=}}1: add debug information in all binaries
  +
* V{{=}}1: print verbose compilation traces
  +
{{InternalInfo |
  +
* STM32MP_FPGA{{=}}1: include FPGA specific code (not compatible with board)
  +
* STM32MP1_TEST{{=}}1: enable specific SMC for test purposes (mandatory for validation)
  +
}}
  +
</div></div>
 
=== Build command ===
 
=== Build command ===
 
From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target.
 
From the Developer Package tarball, a Makefile.sdk is present and must be used to build the target.
 
It automatically sets the proper configuration for the TF-A build.<br>
 
It automatically sets the proper configuration for the TF-A build.<br>
   {{PC$}} make -f Makefile.sdk DTB_FILE_NAME=stm32mp157c-<board>.dtb
+
   {{PC$}} make -f Makefile.sdk TF_A_CONFIG=trusted TFA_DEVICETREE=stm32mp157c-<board>
 
The latest version of the helper file is also available in this user guide: [[media:TF-A.README.HOW_TO.txt|README.HOW_TO.txt]].
 
The latest version of the helper file is also available in this user guide: [[media:TF-A.README.HOW_TO.txt|README.HOW_TO.txt]].
   
Line 90: Line 109:
   
 
=== Access sources ===
 
=== Access sources ===
You can use devtool to access the source. [[OpenEmbedded_-_devtool|devtool]]
+
You can use [[OpenEmbedded_-_devtool|devtool]] to access the source.
 
   {{PC$}} cd <baseline root directory>
 
   {{PC$}} cd <baseline root directory>
 
   {{PC$}} devtool modify tf-a-stm32mp sources/boot/tf-a
 
   {{PC$}} devtool modify tf-a-stm32mp sources/boot/tf-a
Line 139: Line 158:
 
=== Update your boot device (including SD card on the target) ===
 
=== Update your boot device (including SD card on the target) ===
 
Refer to the [[STM32CubeProgrammer]] documentation to update your target.
 
Refer to the [[STM32CubeProgrammer]] documentation to update your target.
  +
  +
<noinclude>
  +
{{PublicationRequestId | 12345 | 2018-10-10 | PhilipS}}
  +
[[Category:Trusted Firmware-A (TF-A)| 02]]
  +
</noinclude>

Attachments

Discussions