Re: [PATCH 2/4] dt-bindings: remoteproc: add compatibility for TEE support

From: Arnaud POULIQUEN
Date: Wed Jan 17 2024 - 02:45:33 EST




On 1/16/24 20:21, Rob Herring wrote:
> On Mon, Jan 15, 2024 at 02:52:47PM +0100, Arnaud Pouliquen wrote:
>> The "st,stm32mp1-m4-tee" compatible is utilized in a system configuration
>> where the Cortex-M4 firmware is loaded by the Trusted execution Environment
>> (TEE).
>> This compatible is used in both the Linux and OP-TEE device-tree.
>> - In OP-TEE, a node is defined in the device tree with the
>> st,stm32mp1-m4-tee to support signed remoteproc firmware.
>> Based on DT properties, OP-TEE authenticates, loads, starts, and stops
>> the firmware.
>> - On Linux, when the compatibility is set, the Cortex-M resets should not
>> be declared in the device tree.
>>
>> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@xxxxxxxxxxx>
>> ---
>> .../bindings/remoteproc/st,stm32-rproc.yaml | 53 +++++++++++++++----
>> 1 file changed, 44 insertions(+), 9 deletions(-)
>>
>> diff --git a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> index 370af61d8f28..9fdfa30eff20 100644
>> --- a/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> +++ b/Documentation/devicetree/bindings/remoteproc/st,stm32-rproc.yaml
>> @@ -16,7 +16,12 @@ maintainers:
>>
>> properties:
>> compatible:
>> - const: st,stm32mp1-m4
>> + enum:
>> + - st,stm32mp1-m4
>> + - st,stm32mp1-m4-tee
>> + description:
>> + Use "st,stm32mp1-m4" for the Cortex-M4 coprocessor management by Linux
>
> What if other OSs want to manage the M4?

Right, for instance this compatibles are also used by U-boot. I will change
"by Linux" by "by non secure context"


>
>> + Use "st,stm32mp1-m4-tee" for the Cortex-M4 coprocessor management by secure context
>>
>> reg:
>> description:
>> @@ -142,21 +147,41 @@ properties:
>> required:
>> - compatible
>> - reg
>> - - resets
>>
>> allOf:
>> - if:
>> properties:
>> - reset-names:
>> - not:
>> - contains:
>> - const: hold_boot
>> + compatible:
>> + contains:
>> + const: st,stm32mp1-m4
>> + then:
>> + if:
>> + properties:
>> + reset-names:
>> + not:
>> + contains:
>> + const: hold_boot
>> + then:
>> + required:
>> + - st,syscfg-holdboot
>> + - resets
>> + else:
>> + properties:
>> + st,syscfg-holdboot: false
>> + required:
>> + - reset-names
>
> Looks like a new required property.

I just realize that it does not make sense. We execute this
only if "reset-names" contains "hold_boot".
I will remove it

Thanks!
Arnaud

>
>> + - resets
>> +
>> + - if:
>> + properties:
>> + compatible:
>> + contains:
>> + const: st,stm32mp1-m4-tee
>> then:
>> - required:
>> - - st,syscfg-holdboot
>> - else:
>> properties:
>> st,syscfg-holdboot: false
>> + reset-names: false
>> + resets: false
>>
>> additionalProperties: false
>>
>> @@ -188,5 +213,15 @@ examples:
>> st,syscfg-rsc-tbl = <&tamp 0x144 0xFFFFFFFF>;
>> st,syscfg-m4-state = <&tamp 0x148 0xFFFFFFFF>;
>> };
>> + - |
>> + #include <dt-bindings/reset/stm32mp1-resets.h>
>> + m4@10000000 {
>> + compatible = "st,stm32mp1-m4-tee";
>> + reg = <0x10000000 0x40000>,
>> + <0x30000000 0x40000>,
>> + <0x38000000 0x10000>;
>> + st,syscfg-rsc-tbl = <&tamp 0x144 0xFFFFFFFF>;
>> + st,syscfg-m4-state = <&tamp 0x148 0xFFFFFFFF>;
>> + };
>>
>> ...
>> --
>> 2.25.1
>>