- Last edited 8 months ago ago
How to configure TF-A SP-MIN
- 1 Article purpose
- 2 Overview
- 3 Configuration
- 4 Memory layout
- 5 Source code access and build process
1 Article purpose
This section details the TF-A SP-MIN (BL32) component.
It explains how to use it in STM32 MPU runtime context, the build process from sources, and how to deploy it on your target.
TF-A SP-MIN is a secure partition that can be used for the ST boot chain.
This secure partition is executed in monitor mode. It is a secure implementation for limited services:
- SiP services
For a more complete secure implementation, choose OP-TEE OS.
TF-A SP-MIN is based on device tree configuration.
Its device tree (called TOS_FW_CONFIG) is also loaded by the TF-A BL2 and its load address is passed to SP-MIN as second argument. It allows the SP-MIN code to remain generic and adapt the board compatibility based on the device tree.
4 Memory layout
SP-MIN binary (bl32.bin) is embedded in the FIP binary and identified as tos-fw.
The SP-MIN device tree is also embedded in the FIP and identified as tos-fw-config.
The SP-MIN is built with the PIE option which makes the code executable from a configurable address. The load addresses for SP-MIN and the device tree is configurable thanks to TF-A firmware configuration framework. If required, the load address can be independently changed by modifying the firmware configuration file.
5 Source code access and build process
Cross compilation of TF-A SP-MIN is only required if it has to be modified.
Refer to Setup Cross compile environment.
If changes have been made, rebuild TF-A (SP-MIN) and update the FIP. Update the associated FIP partitions of your boot device with this new image.
The build process creates a TF-A SP-MIN image and its device tree.
5.1 Install sources
5.1.1 From the Developer package
The Developer Package contains OpenSTLinux and TF-A sources: TF-A Installation
5.1.2 Official source tree
Download source code from the official Trusted Firmware-A git repository.
For a full-featured software, go to STMicroelectronics github:
5.1.3 Distribution Package
It is possible to use the distribution package to download and rebuid TF-A SP-MIN
5.1.4 Build Process
22.214.171.124 TF-A Build flags
Here is the list of the mandatory flags that need to be specified to complete the SP-MIN build:
- ARM_ARCH_MAJOR=7: the major version of Arm Architecture to target (STM32MP1 is based no an Arm v7 architecture)
- ARCH=aarch32: specifies aarch32 architecture to be built
- PLAT=stm32mp1: builds an STM32MP1 platform
- DTB_FILE_NAME=<fdt file name>.dtb: this flag must be defined to build the proper target and include the correct DTB file into the final file
- AARCH32_SP=sp_min: selects SP-MIN as secure partition
- BUILD_PLAT=<folder>: custom output folder name (default is build/<debug/release>/)
- DEBUG=1: adds debug information in all binaries
- V=1: prints verbose compilation traces
5.1.5 Build command
First add your own environment flags:
unset LDFLAGS; unset CFLAGS;
Then compile the TF-A SP-MIN (BL32).
The default build command for STM32MP15 is:
make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min \ DTB_FILE_NAME=<board>.dtb bl32 dtbs
Here is the build command for the stm32mp157c-ev1 board:
make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32=sp_min \ DTB_FILE_NAME=stm32mp157c-ev1.dtb bl32 dtbs
5.1.6 Final image
Final images are available for updating the FIP binary (including the associated firmware configuration file):
<BUILD_PLAT>/bl32.bin <BUILD_PLAT>/fdts/<board>.dtb <BUILD_PLAT>/fdts/<board>-fw-config.dtb Ex: build/release/bl32.bin build/release/fdts/stm32mp157c-ev1.dtb build/release/fdts/stm32mp157c-ev1-fw-config.dtb
5.2 Updating the software
5.3 Extra tips
When generating the SP-MIN, it is also possible in a single line to generate the associated FIP with the following command.
Example for STM32MP15 platform:
make ARM_ARCH_MAJOR=7 ARCH=aarch32 PLAT=stm32mp1 AARCH32_SP=sp_min \ DTB_FILE_NAME=<board_name>.dtb BL33=<u-boot_path>/u-boot-nodtb.bin \ BL33_CFG=<u-boot_path>/u-boot.dtb bl32 dtbs fip