From 5b4c80284d8af76385475b25b9a7ec7297004c73 Mon Sep 17 00:00:00 2001 From: Patrick Delaunay Date: Mon, 26 Jul 2021 11:21:37 +0200 Subject: [PATCH] doc: st: stm32mp1: Add FIP support for trusted boot TF-A for STM32MP15 now supports the FIP: it is a packaging format which includes the secure monitor, u-boot-nodtb.bin and u-boot.dtb This FIP file is loaded by FSBL = TF-A BL2. This patch updates the board documentation to use this FIP file and no more u-boot.stm32 (with STM32 image header) which is no more generated. Signed-off-by: Patrick Delaunay Reviewed-by: Patrice Chotard --- doc/board/st/stm32mp1.rst | 326 +++++++++++++++++++++++++++----------- 1 file changed, 231 insertions(+), 95 deletions(-) diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst index f0c2b09b98..42bb94148d 100644 --- a/doc/board/st/stm32mp1.rst +++ b/doc/board/st/stm32mp1.rst @@ -6,6 +6,8 @@ STM32MP15x boards This is a quick instruction for setup STM32MP15x boards. +Futher information can be found in STMicrolectronics STM32 WIKI_. + Supported devices ----------------- @@ -60,7 +62,7 @@ Currently the following boards are supported: Boot Sequences -------------- -3 boot configurations are supported with: +2 boot configurations are supported with: +----------+------------------------+-------------------------+--------------+ | **ROM** | **FSBL** | **SSBL** | **OS** | @@ -70,32 +72,37 @@ Boot Sequences | | embedded RAM | DDR | +----------+------------------------+-------------------------+--------------+ -The **Trusted** boot chain -`````````````````````````` +The **Trusted** boot chain with TF-A_ +````````````````````````````````````` -defconfig_file : stm32mp15_trusted_defconfig +defconfig_file : + + **stm32mp15_defconfig** (for TF-A_ with FIP support) + + **stm32mp15_trusted_defconfig** (for TF-A_ without FIP support) - +-------------+-------------------------+------------+-------+ - | ROM code | FSBL | SSBL | OS | - + +-------------------------+------------+-------+ - | |Trusted Firmware-A (TF-A)| U-Boot | Linux | - +-------------+-------------------------+------------+-------+ - | TrustZone |secure monitor | - +-------------+-------------------------+------------+-------+ + +-------------+--------------------------+------------+-------+ + | ROM code | FSBL | SSBL | OS | + + +--------------------------+------------+-------+ + | |Trusted Firmware-A (TF-A_)| U-Boot | Linux | + +-------------+--------------------------+------------+-------+ + | TrustZone |secure monitor = SPMin or OP-TEE_ | + +-------------+--------------------------+------------+-------+ -TF-A performs a full initialization of Secure peripherals and installs a -secure monitor, BL32: +TF-A_ and OP-TEE_ are 2 separate projects, with their git repository; +they are compiled separately. - * SPMin provided by TF-A or - * OP-TEE from specific partitions (teeh, teed, teex). +TF-A_ (BL2) initialize the DDR and loads the next stage binaries from a FIP file: + + BL32: a secure monitor BL32 = SPMin provided by TF-A_ or OP-TEE_ : + performs a full initialization of Secure peripherals and provides service + to normal world + + BL33: a non-trusted firmware = U-Boot, running in normal world and uses + the secure monitor to access to secure resources. + + HW_CONFIG: The hardware configuration file = the U-Boot device tree -U-Boot is running in normal world and uses the secure monitor to access -to secure resources. +The **Basic** boot chain with SPL +````````````````````````````````` -The **Basic** boot chain -```````````````````````` - -defconfig_file : stm32mp15_basic_defconfig +defconfig_file : + + **stm32mp15_basic_defconfig** +-------------+------------+------------+-------+ | ROM code | FSBL | SSBL | OS | @@ -105,7 +112,7 @@ defconfig_file : stm32mp15_basic_defconfig | TrustZone | | PSCI from U-Boot | +-------------+------------+------------+-------+ -SPL has limited security initialization +SPL has limited security initialization. U-Boot is running in secure mode and provide a secure monitor to the kernel with only PSCI support (Power State Coordination Interface defined by ARM). @@ -163,12 +170,13 @@ Build Procedure for example: use one output directory for each configuration:: + # export KBUILD_OUTPUT=stm32mp15 # export KBUILD_OUTPUT=stm32mp15_trusted # export KBUILD_OUTPUT=stm32mp15_basic you can build outside of code directory:: - # export KBUILD_OUTPUT=../build/stm32mp15_trusted + # export KBUILD_OUTPUT=../build/stm32mp15 4. Configure U-Boot:: @@ -176,7 +184,8 @@ Build Procedure with : - - For **trusted** boot mode : **stm32mp15_trusted_defconfig** + - For **trusted** boot mode : **stm32mp15_defconfig** or + stm32mp15_trusted_defconfig - For basic boot mode: stm32mp15_basic_defconfig 5. Configure the device-tree and build the U-Boot image:: @@ -185,13 +194,13 @@ Build Procedure Examples: - a) trusted boot on ev1:: + a) trusted boot with FIP on ev1:: - # export KBUILD_OUTPUT=stm32mp15_trusted - # make stm32mp15_trusted_defconfig + # export KBUILD_OUTPUT=stm32mp15 + # make stm32mp15_defconfig # make DEVICE_TREE=stm32mp157c-ev1 all - b) trusted with OP-TEE boot on dk2:: + b) trusted boot without FIP on dk2:: # export KBUILD_OUTPUT=stm32mp15_trusted # make stm32mp15_trusted_defconfig @@ -221,24 +230,74 @@ Build Procedure # make stm32mp15_basic_defconfig # make DEVICE_TREE=stm32mp15xx-dhcor-avenger96 all -6. Output files - - BootRom and TF-A expect binaries with STM32 image header - SPL expects file with U-Boot uImage header +6. U-Boot Output files So in the output directory (selected by KBUILD_OUTPUT), - you can found the needed files: + you can found the needed U-Boot files: - - For **Trusted** boot (with or without OP-TEE) + - stm32mp15_defconfig = **u-boot-nodtb.bin** and **u-boot.dtb** - - FSBL = **tf-a.stm32** (provided by TF-A compilation) - - SSBL = **u-boot.stm32** + - stm32mp15_trusted_defconfig = u-boot.stm32 - - For Basic boot + - stm32mp15_basic_defconfig + + - FSBL = spl/u-boot-spl.stm32 + + - SSBL = u-boot.img (without CONFIG_SPL_LOAD_FIT) or + u-boot.itb (with CONFIG_SPL_LOAD_FIT=y) + +7. TF-A_ compilation + + This step is required only for **Trusted** boot (stm32mp15_defconfig and + stm32mp15_trusted_defconfig); see OP-TEE_ and TF-A_ documentation for build + commands. + + - For TF-A_ with FIP support: **stm32mp15_defconfig** + + - with OP-TEE_ support, compile the OP-TEE to generate the binary included + in FIP + + - after TF-A compilation, the used files are: + + - TF-A_ BL2 => FSBL = **tf-a.stm32** + + - FIP => **fip.bin** + + FIP file includes the 2 files given in arguments of TF-A_ compilation: + + - BL33=u-boot-nodtb.bin + - BL33_CFG=u-boot.dtb + + You can also update a existing FIP after U-boot compilation with fiptool, + a tool provided by TF-A_:: + + # fiptool update --nt-fw u-boot-nodtb.bin --hw-config u-boot.dtb fip-stm32mp157c-ev1.bin + + - For TF-A_ without FIP support : **stm32mp15_trusted_defconfig** + SPMin is used and the used files are: + + - FSBL = **tf-a.stm32** (provided by TF-A_ compilation, contening BL2 and + BL32 = SPMin) + + - SSBL = **u-boot.stm32** used instead of fip.bin in next chapters + +8. The bootloaders files + ++ The **ROM code** expects FSBL binaries with STM32 image header = + tf-a.stm32 or u-boot-spl.stm32 + +According the FSBL / the boot mode: + ++ **TF-A** expect a FIP binary = fip.bin, including the OS monitor (SPMin or + OP-TEE_) and the U-Boot binary + device tree + + or, without FIP support, binaries with STM32 image header: U-Boot + = u-boot.stm32 and eventually OP-TEE files (tee-header.stm32, tee-pageable.stm32, + tee-pager.stm32) + ++ **SPL** expects SSBL = U-Boot with uImage header = u-boot.img + or FIT = u-boot.itb. - - FSBL = spl/u-boot-spl.stm32 - - SSBL = u-boot.img (without CONFIG_SPL_LOAD_FIT) or - u-boot.itb (with CONFIG_SPL_LOAD_FIT=y) Switch Setting for Boot Mode ---------------------------- @@ -299,51 +358,96 @@ Prepare an SD card The minimal requirements for STMP32MP15x boot up to U-Boot are: - GPT partitioning (with gdisk or with sgdisk) -- 2 fsbl partitions, named fsbl1 and fsbl2, size at least 256KiB -- one ssbl partition for U-Boot +- 2 fsbl partitions, named "fsbl1" and "fsbl2", size at least 256KiB +- one partition named "fip" for FIP or U-Boot (TF-A_ search the "fip" + partition and SPL search the 3th partition, because + CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3) + +The 2 fsbl partitions have the same content and are present to guarantee a +fail-safe update of FSBL; fsbl2 can be omitted if this ROM code feature is +not required. + +Without FIP support in TF-A_, the 3rd partition "fip" for u-boot.stm32 must +be named "ssbl". Then the minimal GPT partition is: - +-------+--------+---------+-------------+ - | *Num* | *Name* | *Size* | *Content* | - +=======+========+=========+=============+ - | 1 | fsbl1 | 256 KiB | TF-A or SPL | - +-------+--------+---------+-------------+ - | 2 | fsbl2 | 256 KiB | TF-A or SPL | - +-------+--------+---------+-------------+ - | 3 | ssbl | enought | U-Boot | - +-------+--------+---------+-------------+ - | 4 | | | Rootfs | - +-------+--------+---------+-------------+ +For TF-A_ with FIP support: -Add a 4th partition (Rootfs) marked bootable with a file extlinux.conf + +-------+--------+---------+------------------------+ + | *Num* | *Name* | *Size* | *Content* | + +=======+========+=========+========================+ + | 1 | fsbl1 | 256 KiB | TF-A_ BL2 (tf-a.stm32) | + +-------+--------+---------+------------------------+ + | 2 | fsbl2 | 256 KiB | TF-A_ BL2 (tf-a.stm32) | + +-------+--------+---------+------------------------+ + | 3 | fip | 4MB | fip.bin | + +-------+--------+---------+------------------------+ + | 4 | | | Rootfs | + +-------+--------+---------+------------------------+ + +or: + + +-------+--------+---------+------------------------+------------------------+ + | *Num* | *Name* | *Size* | *Trusted boot content* | *Basic boot content* | + +=======+========+=========+========================+========================+ + | 1 | fsbl1 | 256 KiB | TF-A_ BL2 (tf-a.stm32) | SPL (u-boot-spl.stm32) | + +-------+--------+---------+------------------------+------------------------+ + | 2 | fsbl2 | 256 KiB | TF-A_ BL2 (tf-a.stm32) | SPL (u-boot-spl.stm32) | + +-------+--------+---------+------------------------+------------------------+ + | 3 | ssbl | 2MB | U-Boot (u-boot.stm32) | U-Boot (u-boot.img) | + +-------+--------+---------+------------------------+------------------------+ + | 4 | | | Rootfs | + +-------+--------+---------+------------------------+------------------------+ + +And the 4th partition (Rootfs) is marked bootable with a file extlinux.conf following the Generic Distribution feature (doc/README.distro for use). +The size of fip or ssbl partition must be enough for the associated binary file, +4MB and 2MB are default values. + According the used card reader select the correct block device -(for example /dev/sdx or /dev/mmcblk0). +(for example /dev/sdx or /dev/mmcblk0), in the next example, it is /dev/mmcblk0 -In the next example, it is /dev/mmcblk0 - -For example: with gpt table with 128 entries +For example: a) remove previous formatting:: # sgdisk -o /dev/ -b) create minimal image:: +b) create minimal image for FIP + + For FIP support in TF-A_:: + + # sgdisk --resize-table=128 -a 1 \ + -n 1:34:545 -c 1:fsbl1 \ + -n 2:546:1057 -c 2:fsbl2 \ + -n 3:1058:9249 -c 3:fip \ + -n 4:9250: -c 4:rootfs -A 4:set:2 \ + -p /dev/ + + With gpt table with 128 entries an the partition 4 marked bootable (bit 2). + + For basic boot mode or without FIP support in TF-A_:: # sgdisk --resize-table=128 -a 1 \ -n 1:34:545 -c 1:fsbl1 \ -n 2:546:1057 -c 2:fsbl2 \ -n 3:1058:5153 -c 3:ssbl \ - -n 4:5154: -c 4:rootfs \ + -n 4:5154: -c 4:rootfs -A 4:set:2 \ -p /dev/ - With other partition for kernel one partition rootfs for kernel. - c) copy the FSBL (2 times) and SSBL file on the correct partition. in this example in partition 1 to 3 + for trusted boot: :: + + # dd if=tf-a.stm32 of=/dev/mmcblk0p1 + # dd if=tf-a.stm32 of=/dev/mmcblk0p2 + # dd if=fip.bin of=/dev/mmcblk0p3 + OR + dd if=u-boot.stm32 of=/dev/mmcblk0p3 # Without FIT support + for basic boot mode : = /dev/mmcblk0:: # dd if=u-boot-spl.stm32 of=/dev/mmcblk0p1 @@ -352,12 +456,6 @@ c) copy the FSBL (2 times) and SSBL file on the correct partition. OR dd if=u-boot.itb of=/dev/mmcblk0p3 # With CONFIG_SPL_LOAD_FIT=y - for trusted boot mode: :: - - # dd if=tf-a.stm32 of=/dev/mmcblk0p1 - # dd if=tf-a.stm32 of=/dev/mmcblk0p2 - # dd if=u-boot.stm32 of=/dev/mmcblk0p3 - To boot from SD card, select BootPinMode = 1 0 1 and reset. Prepare eMMC @@ -366,34 +464,41 @@ Prepare eMMC You can use U-Boot to copy binary in eMMC. In the next example, you need to boot from SD card and the images -(u-boot-spl.stm32, u-boot.img for systems without CONFIG_SPL_LOAD_FIT -or u-boot.itb for systems with CONFIG_SPL_LOAD_FIT=y) are presents on -SD card (mmc 0) in ext4 partition 4 (bootfs). +(tf-a.stm32, fip.bin / u-boot-spl.stm32, u-boot.img for systems without +CONFIG_SPL_LOAD_FIT or u-boot.itb for systems with CONFIG_SPL_LOAD_FIT=y) are +presents on SD card (mmc 0) in ext4 partition 4 (bootfs) To boot from SD card, select BootPinMode = 1 0 1 and reset. Then you update the eMMC with the next U-Boot command : a) prepare GPT on eMMC, - example with 2 partitions, bootfs and roots:: + example with 3 partitions, fip, bootfs and roots:: - # setenv emmc_part "name=ssbl,size=2MiB;name=bootfs,type=linux,bootable,size=64MiB;name=rootfs,type=linux,size=512" + # setenv emmc_part "name=fip,size=4MiB;name=bootfs,type=linux,bootable,size=64MiB;name=rootfs,type=linux,size=512" # gpt write mmc 1 ${emmc_part} -b) copy SPL on eMMC on firts boot partition +b) copy FSBL, TF-A_ or SPL, on first eMMC boot partition (SPL max size is 256kB, with LBA 512, 0x200):: + # ext4load mmc 0:4 0xC0000000 tf-a.stm32 + or # ext4load mmc 0:4 0xC0000000 u-boot-spl.stm32 + # mmc dev 1 # mmc partconf 1 1 1 1 # mmc write ${fileaddr} 0 200 # mmc partconf 1 1 1 0 -c) copy U-Boot in first GPT partition of eMMC:: +c) copy SSBL, FIP or U-Boot binary, in first GPT partition of eMMC:: + # ext4load mmc 0:4 0xC0000000 fip.bin + or # ext4load mmc 0:4 0xC0000000 u-boot.img # Without CONFIG_SPL_LOAD_FIT - OR - ext4load mmc 0:4 0xC0000000 u-boot.itb # With CONFIG_SPL_LOAD_FIT=y + or + # ext4load mmc 0:4 0xC0000000 u-boot.itb # With CONFIG_SPL_LOAD_FIT=y + + # mmc dev 1 # part start mmc 1 1 partstart # mmc write ${fileaddr} ${partstart} ${filesize} @@ -495,7 +600,8 @@ b) Automatically by using FIT feature and generic DISTRO bootcmd see examples in the board stm32mp1 directory: fit_copro_kernel_dtb.its - Generate FIT including kernel + device tree + M4 firmware with cfg with M4 boot:: + Generate FIT including kernel + device tree + M4 firmware with cfg with M4 + boot:: $> mkimage -f fit_copro_kernel_dtb.its fit_copro_kernel_dtb.itb @@ -517,7 +623,7 @@ The dfu mode is started by the command:: STM32MP> dfu 0 -On EV1 board, booting from SD card, without OP-TEE:: +On EV1 board, booting from SD card, without OP-TEE_:: STM32MP> dfu 0 list DFU alt settings list: @@ -526,14 +632,14 @@ On EV1 board, booting from SD card, without OP-TEE:: dev: RAM alt: 2 name: uramdisk.image.gz layout: RAM_ADDR dev: eMMC alt: 3 name: mmc0_fsbl1 layout: RAW_ADDR dev: eMMC alt: 4 name: mmc0_fsbl2 layout: RAW_ADDR - dev: eMMC alt: 5 name: mmc0_ssbl layout: RAW_ADDR + dev: eMMC alt: 5 name: mmc0_fip layout: RAW_ADDR dev: eMMC alt: 6 name: mmc0_bootfs layout: RAW_ADDR dev: eMMC alt: 7 name: mmc0_vendorfs layout: RAW_ADDR dev: eMMC alt: 8 name: mmc0_rootfs layout: RAW_ADDR dev: eMMC alt: 9 name: mmc0_userfs layout: RAW_ADDR dev: eMMC alt: 10 name: mmc1_boot1 layout: RAW_ADDR dev: eMMC alt: 11 name: mmc1_boot2 layout: RAW_ADDR - dev: eMMC alt: 12 name: mmc1_ssbl layout: RAW_ADDR + dev: eMMC alt: 12 name: mmc1_fip layout: RAW_ADDR dev: eMMC alt: 13 name: mmc1_bootfs layout: RAW_ADDR dev: eMMC alt: 14 name: mmc1_vendorfs layout: RAW_ADDR dev: eMMC alt: 15 name: mmc1_rootfs layout: RAW_ADDR @@ -554,14 +660,14 @@ All the supported device are exported for dfu-util tool:: Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=15, name="mmc1_rootfs", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=14, name="mmc1_vendorfs", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=13, name="mmc1_bootfs", serial="002700333338511934383330" - Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=12, name="mmc1_ssbl", serial="002700333338511934383330" + Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=12, name="mmc1_fip", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=11, name="mmc1_boot2", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=10, name="mmc1_boot1", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=9, name="mmc0_userfs", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=8, name="mmc0_rootfs", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=7, name="mmc0_vendorfs", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=6, name="mmc0_bootfs", serial="002700333338511934383330" - Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=5, name="mmc0_ssbl", serial="002700333338511934383330" + Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=5, name="mmc0_fip", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=4, name="mmc0_fsbl2", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=3, name="mmc0_fsbl1", serial="002700333338511934383330" Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=2, name="uramdisk.image.gz", serial="002700333338511934383330" @@ -572,9 +678,9 @@ You can update the boot device: - SD card (mmc0) :: - $> dfu-util -d 0483:5720 -a 3 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 4 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 5 -D u-boot-stm32mp157c-ev1-trusted.img + $> dfu-util -d 0483:5720 -a 3 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 4 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 5 -D fip-stm32mp157c-ev1.bin $> dfu-util -d 0483:5720 -a 6 -D st-image-bootfs-openstlinux-weston-stm32mp1.ext4 $> dfu-util -d 0483:5720 -a 7 -D st-image-vendorfs-openstlinux-weston-stm32mp1.ext4 $> dfu-util -d 0483:5720 -a 8 -D st-image-weston-openstlinux-weston-stm32mp1.ext4 @@ -582,9 +688,9 @@ You can update the boot device: - EMMC (mmc1):: - $> dfu-util -d 0483:5720 -a 10 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 11 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 12 -D u-boot-stm32mp157c-ev1-trusted.img + $> dfu-util -d 0483:5720 -a 10 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 11 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 12 -D fip-stm32mp157c-ev1.bin $> dfu-util -d 0483:5720 -a 13 -D st-image-bootfs-openstlinux-weston-stm32mp1.ext4 $> dfu-util -d 0483:5720 -a 14 -D st-image-vendorfs-openstlinux-weston-stm32mp1.ext4 $> dfu-util -d 0483:5720 -a 15 -D st-image-weston-openstlinux-weston-stm32mp1.ext4 @@ -601,14 +707,44 @@ only the MTD partition on the boot devices are available, for example: - NOR (nor0 = alt 20) & NAND (nand0 = alt 26) :: - $> dfu-util -d 0483:5720 -a 21 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 23 -D u-boot-stm32mp157c-ev1-trusted.img + $> dfu-util -d 0483:5720 -a 21 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 23 -D fip-stm32mp157c-ev1.bin $> dfu-util -d 0483:5720 -a 27 -D st-image-weston-openstlinux-weston-stm32mp1_nand_4_256_multivolume.ubi - NAND (nand0 = alt 21):: - $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1-trusted.stm32 - $> dfu-util -d 0483:5720 -a 23 -D u-boot-stm32mp157c-ev1-trusted.img - $> dfu-util -d 0483:5720 -a 24 -D u-boot-stm32mp157c-ev1-trusted.img + $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1.stm32 + $> dfu-util -d 0483:5720 -a 23 -D fip-stm32mp157c-ev1.bin + $> dfu-util -d 0483:5720 -a 24 -D fip-stm32mp157c-ev1.bin $> dfu-util -d 0483:5720 -a 25 -D st-image-weston-openstlinux-weston-stm32mp1_nand_4_256_multivolume.ubi + +References +---------- + +.. _WIKI: + +STM32 Arm® Cortex®-based MPUs user guide + + + https://wiki.st.com/ + + https://wiki.st.com/stm32mpu/wiki/Main_Page + +.. _TF-A: + +TF-A = The Trusted Firmware-A project provides a reference implementation of +secure world software for Armv7-A and Armv8-A class processors + + + https://www.trustedfirmware.org/projects/tf-a/ + + https://trustedfirmware-a.readthedocs.io/en/latest/ + + https://trustedfirmware-a.readthedocs.io/en/latest/plat/stm32mp1.html + + https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/ + +.. _OP-TEE: + +OP-TEE = an open source Trusted Execution Environment (TEE) implementing the +Arm TrustZone technology + + + https://www.op-tee.org/ + + https://optee.readthedocs.io/en/latest/ + + https://optee.readthedocs.io/en/latest/building/devices/stm32mp1.html + + https://github.com/OP-TEE/optee_os \ No newline at end of file