stm32mp1: add trusted boot with TF-A
Add support of trusted boot, using TF-A as first stage bootloader,
The boot sequence is
BootRom >=> TF-A.stm32 (clock & DDR) >=> U-Boot.stm32
The TF-A monitor provides secure monitor with support of SMC
- proprietary to manage secure devices (BSEC for example)
- PSCI for power
The same device tree is used for STMicroelectronics boards with
basic boot and with trusted boot.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig
index 8a929fa..3101d80 100644
--- a/arch/arm/mach-stm32mp/Kconfig
+++ b/arch/arm/mach-stm32mp/Kconfig
@@ -25,19 +25,30 @@
config TARGET_STM32MP1
bool "Support stm32mp1xx"
- select ARCH_SUPPORT_PSCI
+ select ARCH_SUPPORT_PSCI if !STM32MP1_TRUSTED
select CPU_V7A
- select CPU_V7_HAS_NONSEC
+ select CPU_V7_HAS_NONSEC if !STM32MP1_TRUSTED
select CPU_V7_HAS_VIRT
select PINCTRL_STM32
select STM32_RCC
select STM32_RESET
select SYS_ARCH_TIMER
- select SYSRESET_SYSCON
+ imply SYSRESET_PSCI if STM32MP1_TRUSTED
+ imply SYSRESET_SYSCON if !STM32MP1_TRUSTED
help
target STMicroelectronics SOC STM32MP1 family
STMicroelectronics MPU with core ARMv7
+config STM32MP1_TRUSTED
+ bool "Support trusted boot with TF-A"
+ default y if !SPL
+ select ARM_SMCCC
+ help
+ Say Y here to enable boot with TF-A
+ Trusted boot chain is :
+ BootRom => TF-A.stm32 (clock & DDR) => U-Boot.stm32
+ TF-A monitor provides proprietary smc to manage secure devices
+
config SYS_TEXT_BASE
prompt "U-Boot base address"
default 0xC0100000