doc: st: stm32mp1: Add FIP support for trusted boot

TF-A for STM32MP15 now supports the FIP: it is a packaging format which includes the secure monitor, u-boot-nodtb.bin and u-boot.dtb This FIP file is loaded by FSBL = TF-A BL2. This patch updates the board documentation to use this FIP file and no more u-boot.stm32 (with STM32 image header) which is no more generated. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-26 11:21:37 +02:00 · 2021-07-26 11:21:37 +02:00 · 5b4c80284d
commit 5b4c80284d
parent b73e8bf453
1 changed files with 231 additions and 95 deletions
--- a/doc/board/st/stm32mp1.rst
+++ b/doc/board/st/stm32mp1.rst
@ -6,6 +6,8 @@ STM32MP15x boards
 This is a quick instruction for setup STM32MP15x boards.
 Futher information can be found in STMicrolectronics STM32 WIKI_.
 Supported devices
 -----------------
@ -60,7 +62,7 @@ Currently the following boards are supported:
 Boot Sequences
 --------------
-3 boot configurations are supported with:
+2 boot configurations are supported with:
 +----------+------------------------+-------------------------+--------------+
 | **ROM**  | **FSBL**               | **SSBL**                | **OS**       |
@ -70,32 +72,37 @@ Boot Sequences
 |          | embedded RAM           | DDR                                    |
 +----------+------------------------+-------------------------+--------------+
-The **Trusted** boot chain
+The **Trusted** boot chain with TF-A_
-``````````````````````````
+`````````````````````````````````````
-defconfig_file : stm32mp15_trusted_defconfig
+defconfig_file :
   + **stm32mp15_defconfig** (for TF-A_ with FIP support)
   + **stm32mp15_trusted_defconfig** (for TF-A_ without FIP support)
-    +-------------+-------------------------+------------+-------+
+    +-------------+--------------------------+------------+-------+
    |  ROM code   | FSBL                     | SSBL       | OS    |
-    +             +-------------------------+------------+-------+
+    +             +--------------------------+------------+-------+
-    |             |Trusted Firmware-A (TF-A)| U-Boot     | Linux |
+    |             |Trusted Firmware-A (TF-A_)| U-Boot     | Linux |
-    +-------------+-------------------------+------------+-------+
+    +-------------+--------------------------+------------+-------+
-    | TrustZone   |secure monitor                                |
+    | TrustZone   |secure monitor = SPMin or OP-TEE_              |
-    +-------------+-------------------------+------------+-------+
+    +-------------+--------------------------+------------+-------+
-TF-A performs a full initialization of Secure peripherals and installs a
+TF-A_ and OP-TEE_ are 2 separate projects, with their git repository;
-secure monitor, BL32:
+they are compiled separately.
-  * SPMin provided by TF-A or
+TF-A_ (BL2) initialize the DDR and loads the next stage binaries from a FIP file:
-  * OP-TEE from specific partitions (teeh, teed, teex).
+   + BL32: a secure monitor BL32 = SPMin provided by TF-A_ or OP-TEE_ :
     performs a full initialization of Secure peripherals and provides service
     to normal world
   + BL33: a non-trusted firmware = U-Boot, running in normal world and uses
     the secure monitor to access to secure resources.
   + HW_CONFIG: The hardware configuration file = the U-Boot device tree
-U-Boot is running in normal world and uses the secure monitor to access
+The **Basic** boot chain with SPL
-to secure resources.
+`````````````````````````````````
-The **Basic** boot chain
+defconfig_file :
-````````````````````````
+   + **stm32mp15_basic_defconfig**
 defconfig_file : stm32mp15_basic_defconfig
    +-------------+------------+------------+-------+
    |  ROM code   | FSBL       | SSBL       | OS    |
@ -105,7 +112,7 @@ defconfig_file : stm32mp15_basic_defconfig
    | TrustZone   |            | PSCI from U-Boot   |
    +-------------+------------+------------+-------+
-SPL has limited security initialization
+SPL has limited security initialization.
 U-Boot is running in secure mode and provide a secure monitor to the kernel
 with only PSCI support (Power State Coordination Interface defined by ARM).
@ -163,12 +170,13 @@ Build Procedure
   for example: use one output directory for each configuration::
   # export KBUILD_OUTPUT=stm32mp15
   # export KBUILD_OUTPUT=stm32mp15_trusted
   # export KBUILD_OUTPUT=stm32mp15_basic
   you can build outside of code directory::
-   # export KBUILD_OUTPUT=../build/stm32mp15_trusted
+   # export KBUILD_OUTPUT=../build/stm32mp15
 4. Configure U-Boot::
@ -176,7 +184,8 @@ Build Procedure
   with <defconfig_file>:
-   - For **trusted** boot mode : **stm32mp15_trusted_defconfig**
+   - For **trusted** boot mode : **stm32mp15_defconfig** or
     stm32mp15_trusted_defconfig
   - For basic boot mode: stm32mp15_basic_defconfig
 5. Configure the device-tree and build the U-Boot image::
@ -185,13 +194,13 @@ Build Procedure
   Examples:
-  a) trusted boot on ev1::
+  a) trusted boot with FIP on ev1::
-     # export KBUILD_OUTPUT=stm32mp15_trusted
+     # export KBUILD_OUTPUT=stm32mp15
-     # make stm32mp15_trusted_defconfig
+     # make stm32mp15_defconfig
     # make DEVICE_TREE=stm32mp157c-ev1 all
-  b) trusted with OP-TEE boot on dk2::
+  b) trusted boot without FIP on dk2::
      # export KBUILD_OUTPUT=stm32mp15_trusted
      # make stm32mp15_trusted_defconfig
@ -221,25 +230,75 @@ Build Procedure
     # make stm32mp15_basic_defconfig
     # make DEVICE_TREE=stm32mp15xx-dhcor-avenger96 all
-6. Output files
+6. U-Boot Output files
   BootRom and TF-A expect binaries with STM32 image header
   SPL expects file with U-Boot uImage header
   So in the output directory (selected by KBUILD_OUTPUT),
-   you can found the needed files:
+   you can found the needed U-Boot files:
-  - For **Trusted** boot (with or without OP-TEE)
+     - stm32mp15_defconfig = **u-boot-nodtb.bin** and **u-boot.dtb**
-     - FSBL = **tf-a.stm32** (provided by TF-A compilation)
+     - stm32mp15_trusted_defconfig = u-boot.stm32
     - SSBL = **u-boot.stm32**
-  - For Basic boot
+     - stm32mp15_basic_defconfig
       - FSBL = spl/u-boot-spl.stm32
       - SSBL = u-boot.img (without CONFIG_SPL_LOAD_FIT) or
                u-boot.itb (with CONFIG_SPL_LOAD_FIT=y)
 7. TF-A_ compilation
   This step is required only for **Trusted** boot (stm32mp15_defconfig and
   stm32mp15_trusted_defconfig); see OP-TEE_ and TF-A_ documentation for build
   commands.
   - For TF-A_ with FIP support: **stm32mp15_defconfig**
     - with OP-TEE_ support, compile the OP-TEE to generate the binary included
       in FIP
     - after TF-A compilation, the used  files are:
       - TF-A_ BL2 => FSBL = **tf-a.stm32**
       - FIP => **fip.bin**
         FIP file includes the 2 files given in arguments of TF-A_ compilation:
        - BL33=u-boot-nodtb.bin
        - BL33_CFG=u-boot.dtb
     You can also update a existing FIP after U-boot compilation with fiptool,
     a tool provided by TF-A_::
     # fiptool update --nt-fw u-boot-nodtb.bin --hw-config u-boot.dtb fip-stm32mp157c-ev1.bin
   - For TF-A_ without FIP support : **stm32mp15_trusted_defconfig**
     SPMin is used and the used files are:
       - FSBL = **tf-a.stm32** (provided by TF-A_ compilation, contening BL2 and
         BL32 = SPMin)
       - SSBL = **u-boot.stm32** used instead of fip.bin in next chapters
 8. The bootloaders files
 + The **ROM code** expects FSBL binaries with STM32 image header =
  tf-a.stm32 or u-boot-spl.stm32
 According the FSBL / the boot mode:
 + **TF-A** expect a FIP binary = fip.bin, including the OS monitor (SPMin or
  OP-TEE_) and the U-Boot binary + device tree
  or, without FIP support, binaries with STM32 image header: U-Boot
  = u-boot.stm32 and eventually  OP-TEE files (tee-header.stm32, tee-pageable.stm32,
  tee-pager.stm32)
 + **SPL** expects SSBL = U-Boot with uImage header = u-boot.img
  or FIT = u-boot.itb.
 Switch Setting for Boot Mode
 ----------------------------
@ -299,51 +358,96 @@ Prepare an SD card
 The minimal requirements for STMP32MP15x boot up to U-Boot are:
 - GPT partitioning (with gdisk or with sgdisk)
- 2 fsbl partitions, named fsbl1 and fsbl2, size at least 256KiB
+- 2 fsbl partitions, named "fsbl1" and "fsbl2", size at least 256KiB
- one ssbl partition for U-Boot
+- one partition named "fip" for FIP or U-Boot (TF-A_ search the "fip"
  partition and SPL search the 3th partition, because
  CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3)
 The 2 fsbl partitions have the same content and are present to guarantee a
 fail-safe update of FSBL; fsbl2 can be omitted if this ROM code feature is
 not required.
 Without FIP support in TF-A_, the 3rd partition "fip" for u-boot.stm32 must
 be named "ssbl".
 Then the minimal GPT partition is:
-  +-------+--------+---------+-------------+
+For TF-A_ with FIP support:
  | *Num* | *Name* | *Size*  | *Content*   |
  +=======+========+=========+=============+
  | 1     | fsbl1  | 256 KiB | TF-A or SPL |
  +-------+--------+---------+-------------+
  | 2     | fsbl2  | 256 KiB | TF-A or SPL |
  +-------+--------+---------+-------------+
  | 3     | ssbl   | enought | U-Boot      |
  +-------+--------+---------+-------------+
  | 4     | <any>  | <any>   | Rootfs      |
  +-------+--------+---------+-------------+
-Add a 4th partition (Rootfs) marked bootable with a file extlinux.conf
+  +-------+--------+---------+------------------------+
  | *Num* | *Name* | *Size*  | *Content*              |
  +=======+========+=========+========================+
  | 1     | fsbl1  | 256 KiB | TF-A_ BL2 (tf-a.stm32) |
  +-------+--------+---------+------------------------+
  | 2     | fsbl2  | 256 KiB | TF-A_ BL2 (tf-a.stm32) |
  +-------+--------+---------+------------------------+
  | 3     | fip    | 4MB     | fip.bin                |
  +-------+--------+---------+------------------------+
  | 4     | <any>  | <any>   | Rootfs                 |
  +-------+--------+---------+------------------------+
 or:
  +-------+--------+---------+------------------------+------------------------+
  | *Num* | *Name* | *Size*  | *Trusted boot content* | *Basic boot content*   |
  +=======+========+=========+========================+========================+
  | 1     | fsbl1  | 256 KiB | TF-A_ BL2 (tf-a.stm32) | SPL (u-boot-spl.stm32) |
  +-------+--------+---------+------------------------+------------------------+
  | 2     | fsbl2  | 256 KiB | TF-A_ BL2 (tf-a.stm32) | SPL (u-boot-spl.stm32) |
  +-------+--------+---------+------------------------+------------------------+
  | 3     | ssbl   | 2MB     | U-Boot (u-boot.stm32)  | U-Boot (u-boot.img)    |
  +-------+--------+---------+------------------------+------------------------+
  | 4     | <any>  | <any>   | Rootfs                                          |
  +-------+--------+---------+------------------------+------------------------+
 And the 4th partition (Rootfs) is marked bootable with a file extlinux.conf
 following the Generic Distribution feature (doc/README.distro for use).
 The size of fip or ssbl partition must be enough for the associated binary file,
 4MB and 2MB are default values.
 According the used card reader select the correct block device
-(for example /dev/sdx or /dev/mmcblk0).
+(for example /dev/sdx or /dev/mmcblk0), in the next example, it is /dev/mmcblk0
-In the next example, it is /dev/mmcblk0
+For example:
 For example: with gpt table with 128 entries
 a) remove previous formatting::
     # sgdisk -o /dev/<SD card dev>
-b) create minimal image::
+b) create minimal image for FIP
   For FIP support in TF-A_::
    # sgdisk --resize-table=128 -a 1 \
    -n 1:34:545		-c 1:fsbl1 \
    -n 2:546:1057		-c 2:fsbl2 \
    -n 3:1058:9249		-c 3:fip \
    -n 4:9250:			-c 4:rootfs -A 4:set:2 \
    -p /dev/<SD card dev>
   With gpt table with 128 entries an the partition 4 marked bootable (bit 2).
   For basic boot mode or without FIP support in TF-A_::
    # sgdisk --resize-table=128 -a 1 \
    -n 1:34:545		-c 1:fsbl1 \
    -n 2:546:1057		-c 2:fsbl2 \
    -n 3:1058:5153		-c 3:ssbl \
-    -n 4:5154:		    -c 4:rootfs \
+    -n 4:5154:		    -c 4:rootfs -A 4:set:2 \
    -p /dev/<SD card dev>
  With other partition for kernel one partition rootfs for kernel.
 c) copy the FSBL (2 times) and SSBL file on the correct partition.
   in this example in partition 1 to 3
   for trusted boot: ::
    # dd if=tf-a.stm32 of=/dev/mmcblk0p1
    # dd if=tf-a.stm32 of=/dev/mmcblk0p2
    # dd if=fip.bin of=/dev/mmcblk0p3
      OR
      dd if=u-boot.stm32 of=/dev/mmcblk0p3 # Without FIT support
   for basic boot mode : <SD card dev> = /dev/mmcblk0::
    # dd if=u-boot-spl.stm32 of=/dev/mmcblk0p1
@ -352,12 +456,6 @@ c) copy the FSBL (2 times) and SSBL file on the correct partition.
      OR
      dd if=u-boot.itb of=/dev/mmcblk0p3 # With CONFIG_SPL_LOAD_FIT=y
   for trusted boot mode: ::
    # dd if=tf-a.stm32 of=/dev/mmcblk0p1
    # dd if=tf-a.stm32 of=/dev/mmcblk0p2
    # dd if=u-boot.stm32 of=/dev/mmcblk0p3
 To boot from SD card, select BootPinMode = 1 0 1 and reset.
 Prepare eMMC
@ -366,34 +464,41 @@ Prepare eMMC
 You can use U-Boot to copy binary in eMMC.
 In the next example, you need to boot from SD card and the images
-(u-boot-spl.stm32, u-boot.img for systems without CONFIG_SPL_LOAD_FIT
+(tf-a.stm32, fip.bin / u-boot-spl.stm32, u-boot.img for systems without
-or u-boot.itb for systems with CONFIG_SPL_LOAD_FIT=y) are presents on
+CONFIG_SPL_LOAD_FIT or u-boot.itb for systems with CONFIG_SPL_LOAD_FIT=y) are
-SD card (mmc 0) in ext4 partition 4 (bootfs).
+presents on SD card (mmc 0) in ext4 partition 4 (bootfs)
 To boot from SD card, select BootPinMode = 1 0 1 and reset.
 Then you update the eMMC with the next U-Boot command :
 a) prepare GPT on eMMC,
-   example with 2 partitions, bootfs and roots::
+   example with 3 partitions, fip, bootfs and roots::
-    # setenv emmc_part "name=ssbl,size=2MiB;name=bootfs,type=linux,bootable,size=64MiB;name=rootfs,type=linux,size=512"
+    # setenv emmc_part "name=fip,size=4MiB;name=bootfs,type=linux,bootable,size=64MiB;name=rootfs,type=linux,size=512"
    # gpt write mmc 1 ${emmc_part}
-b) copy SPL on eMMC on firts boot partition
+b) copy FSBL, TF-A_ or SPL, on first eMMC boot partition
   (SPL max size is 256kB, with LBA 512, 0x200)::
    # ext4load mmc 0:4 0xC0000000 tf-a.stm32
    or
    # ext4load mmc 0:4 0xC0000000 u-boot-spl.stm32
    # mmc dev 1
    # mmc partconf 1 1 1 1
    # mmc write ${fileaddr} 0 200
    # mmc partconf 1 1 1 0
-c) copy U-Boot in first GPT partition of eMMC::
+c) copy SSBL, FIP or U-Boot binary, in first GPT partition of eMMC::
    # ext4load mmc 0:4 0xC0000000 fip.bin
    or
    # ext4load mmc 0:4 0xC0000000 u-boot.img # Without CONFIG_SPL_LOAD_FIT
-      OR
+    or
-      ext4load mmc 0:4 0xC0000000 u-boot.itb # With CONFIG_SPL_LOAD_FIT=y
+    # ext4load mmc 0:4 0xC0000000 u-boot.itb # With CONFIG_SPL_LOAD_FIT=y
    # mmc dev 1
    # part start mmc 1 1 partstart
    # mmc write ${fileaddr} ${partstart} ${filesize}
@ -495,7 +600,8 @@ b) Automatically by using FIT feature and generic DISTRO bootcmd
   see examples in the board stm32mp1 directory: fit_copro_kernel_dtb.its
-   Generate FIT including kernel + device tree + M4 firmware with cfg with M4 boot::
+   Generate FIT including kernel + device tree + M4 firmware with cfg with M4
   boot::
   $> mkimage -f fit_copro_kernel_dtb.its fit_copro_kernel_dtb.itb
@ -517,7 +623,7 @@ The dfu mode is started by the command::
  STM32MP> dfu 0
-On EV1 board, booting from SD card, without OP-TEE::
+On EV1 board, booting from SD card, without OP-TEE_::
  STM32MP> dfu 0 list
  DFU alt settings list:
@ -526,14 +632,14 @@ On EV1 board, booting from SD card, without OP-TEE::
  dev: RAM alt: 2 name: uramdisk.image.gz layout: RAM_ADDR
  dev: eMMC alt: 3 name: mmc0_fsbl1 layout: RAW_ADDR
  dev: eMMC alt: 4 name: mmc0_fsbl2 layout: RAW_ADDR
-  dev: eMMC alt: 5 name: mmc0_ssbl layout: RAW_ADDR
+  dev: eMMC alt: 5 name: mmc0_fip layout: RAW_ADDR
  dev: eMMC alt: 6 name: mmc0_bootfs layout: RAW_ADDR
  dev: eMMC alt: 7 name: mmc0_vendorfs layout: RAW_ADDR
  dev: eMMC alt: 8 name: mmc0_rootfs layout: RAW_ADDR
  dev: eMMC alt: 9 name: mmc0_userfs layout: RAW_ADDR
  dev: eMMC alt: 10 name: mmc1_boot1 layout: RAW_ADDR
  dev: eMMC alt: 11 name: mmc1_boot2 layout: RAW_ADDR
-  dev: eMMC alt: 12 name: mmc1_ssbl layout: RAW_ADDR
+  dev: eMMC alt: 12 name: mmc1_fip layout: RAW_ADDR
  dev: eMMC alt: 13 name: mmc1_bootfs layout: RAW_ADDR
  dev: eMMC alt: 14 name: mmc1_vendorfs layout: RAW_ADDR
  dev: eMMC alt: 15 name: mmc1_rootfs layout: RAW_ADDR
@ -554,14 +660,14 @@ All the supported device are exported for dfu-util tool::
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=15, name="mmc1_rootfs", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=14, name="mmc1_vendorfs", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=13, name="mmc1_bootfs", serial="002700333338511934383330"
-  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=12, name="mmc1_ssbl", serial="002700333338511934383330"
+  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=12, name="mmc1_fip", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=11, name="mmc1_boot2", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=10, name="mmc1_boot1", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=9, name="mmc0_userfs", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=8, name="mmc0_rootfs", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=7, name="mmc0_vendorfs", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=6, name="mmc0_bootfs", serial="002700333338511934383330"
-  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=5, name="mmc0_ssbl", serial="002700333338511934383330"
+  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=5, name="mmc0_fip", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=4, name="mmc0_fsbl2", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=3, name="mmc0_fsbl1", serial="002700333338511934383330"
  Found DFU: [0483:df11] ver=9999, devnum=99, cfg=1, intf=0, alt=2, name="uramdisk.image.gz", serial="002700333338511934383330"
@ -572,9 +678,9 @@ You can update the boot device:
 - SD card (mmc0) ::
-  $> dfu-util -d 0483:5720 -a 3 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 3 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 4 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 4 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 5 -D u-boot-stm32mp157c-ev1-trusted.img
+  $> dfu-util -d 0483:5720 -a 5 -D fip-stm32mp157c-ev1.bin
  $> dfu-util -d 0483:5720 -a 6 -D st-image-bootfs-openstlinux-weston-stm32mp1.ext4
  $> dfu-util -d 0483:5720 -a 7 -D st-image-vendorfs-openstlinux-weston-stm32mp1.ext4
  $> dfu-util -d 0483:5720 -a 8 -D st-image-weston-openstlinux-weston-stm32mp1.ext4
@ -582,9 +688,9 @@ You can update the boot device:
 - EMMC (mmc1)::
-  $> dfu-util -d 0483:5720 -a 10 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 10 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 11 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 11 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 12 -D u-boot-stm32mp157c-ev1-trusted.img
+  $> dfu-util -d 0483:5720 -a 12 -D fip-stm32mp157c-ev1.bin
  $> dfu-util -d 0483:5720 -a 13 -D st-image-bootfs-openstlinux-weston-stm32mp1.ext4
  $> dfu-util -d 0483:5720 -a 14 -D st-image-vendorfs-openstlinux-weston-stm32mp1.ext4
  $> dfu-util -d 0483:5720 -a 15 -D st-image-weston-openstlinux-weston-stm32mp1.ext4
@ -601,14 +707,44 @@ only the MTD partition on the boot devices are available, for example:
 - NOR (nor0 = alt 20) & NAND (nand0 = alt 26) ::
-  $> dfu-util -d 0483:5720 -a 21 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 21 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 23 -D u-boot-stm32mp157c-ev1-trusted.img
+  $> dfu-util -d 0483:5720 -a 23 -D fip-stm32mp157c-ev1.bin
  $> dfu-util -d 0483:5720 -a 27 -D st-image-weston-openstlinux-weston-stm32mp1_nand_4_256_multivolume.ubi
 - NAND (nand0 = alt 21)::
-  $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1-trusted.stm32
+  $> dfu-util -d 0483:5720 -a 22 -D tf-a-stm32mp157c-ev1.stm32
-  $> dfu-util -d 0483:5720 -a 23 -D u-boot-stm32mp157c-ev1-trusted.img
+  $> dfu-util -d 0483:5720 -a 23 -D fip-stm32mp157c-ev1.bin
-  $> dfu-util -d 0483:5720 -a 24 -D u-boot-stm32mp157c-ev1-trusted.img
+  $> dfu-util -d 0483:5720 -a 24 -D fip-stm32mp157c-ev1.bin
  $> dfu-util -d 0483:5720 -a 25 -D st-image-weston-openstlinux-weston-stm32mp1_nand_4_256_multivolume.ubi
 References
 ----------
 .. _WIKI:
 STM32 Arm® Cortex®-based MPUs user guide
  + https://wiki.st.com/
  + https://wiki.st.com/stm32mpu/wiki/Main_Page
 .. _TF-A:
 TF-A = The Trusted Firmware-A project provides a reference implementation of
 secure world software for Armv7-A and Armv8-A class processors
  + https://www.trustedfirmware.org/projects/tf-a/
  + https://trustedfirmware-a.readthedocs.io/en/latest/
  + https://trustedfirmware-a.readthedocs.io/en/latest/plat/stm32mp1.html
  + https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/
 .. _OP-TEE:
 OP-TEE = an open source Trusted Execution Environment (TEE) implementing the
 Arm TrustZone technology
  + https://www.op-tee.org/
  + https://optee.readthedocs.io/en/latest/
  + https://optee.readthedocs.io/en/latest/building/devices/stm32mp1.html
  + https://github.com/OP-TEE/optee_os