dts: stm32: remove activation of RTC nodes at board level

Remove unnecessary activation of RTC in stm32mp15xxdkx.dtsi and
stm32mp135f-dk.dts.
RTC node is default enabled in stm32mp131.dtsi and stm32

dts: stm32: remove activation of RTC nodes at board level

Remove unnecessary activation of RTC in stm32mp15xxdkx.dtsi and
stm32mp135f-dk.dts.
RTC node is default enabled in stm32mp131.dtsi and stm32mp151.dtsi.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: disable stm32mp15 SD switch regulator node

SD switch regulator is not used by OP-TEE on STM32MP15 based boards
hence disable this node in the OP-TEE secure device tree for boards
DHCOR A

dts: stm32: disable stm32mp15 SD switch regulator node

SD switch regulator is not used by OP-TEE on STM32MP15 based boards
hence disable this node in the OP-TEE secure device tree for boards
DHCOR Avenger96 (stm32mp15xx-dhcor-avenger96.dtsi) ST ED1/EV1
(stm32mp157c-ed1.dts).

This change fixes a issue related to the integration of stm32_gpio
driver as a firewall controller, which is highlighted by ab error trace
message like:

E/TC:0 0 stm32_gpio_get_dt:837 node regulator-sd_switch requests secure GPIO F14 that cannot be secured
E/TC:0 0 Panic

Fixes: 4675225ed84f ("drivers: stm32_gpio: check secure state of consumed GPIOs")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

dts: stm32: add the ETZPC configuration table for stm32mp1x boards

Add the tables defining the ETZPC firewall controller configuration
that will be set at boot time on stm32mp1x boards.

Signed-off-

dts: stm32: add the ETZPC configuration table for stm32mp1x boards

Add the tables defining the ETZPC firewall controller configuration
that will be set at boot time on stm32mp1x boards.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Johann Neuhauser <jneuhauser@dh-electronics.com>

show more ...

dts: stm32: use st,stm32mp15-i2c-non-secure compatible for the I2C4

Use st,stm32mp15-i2c-non-secure compatible for the I2C4 as it is
currently non-secure on stm32mp15 dkx and evx platforms.

Signed-

dts: stm32: use st,stm32mp15-i2c-non-secure compatible for the I2C4

Use st,stm32mp15-i2c-non-secure compatible for the I2C4 as it is
currently non-secure on stm32mp15 dkx and evx platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: add stm32mp15*-scmi.dts files for when RCC is secure

For legacy reason and compatibility with existing platforms embedding
OP-TEE with RCC secure hardening being disabled, introduce -scmi.dts f

dts: add stm32mp15*-scmi.dts files for when RCC is secure

For legacy reason and compatibility with existing platforms embedding
OP-TEE with RCC secure hardening being disabled, introduce -scmi.dts for
the 4 ST boards STM32MP15x: DK1, DK2, ED1 and EV1 where we enable RCC
security require non-secure world to use SCMI resources. Add platform
flavors 157x_XXX_SCMI to ease DTS selection.

stm32mp15*-<board>.dts applies an insecure RCC configuration.
stm32mp15*-<board>-scmi.dts applies the secure RCC configuration.
This better reflects the configurations supported in the Linux kernel
and U-Boot source trees.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: update m4_rproc to support the remoteproc OP-TEE framework

Update device tree to support the load of the remoteproc firmware
by OP-TEE.
- declare m_ipc_shm memory region that can contain

dts: stm32: update m4_rproc to support the remoteproc OP-TEE framework

Update device tree to support the load of the remoteproc firmware
by OP-TEE.
- declare m_ipc_shm memory region that can contain the remote processor
resource table and trace buffer,
- update reset to align declaration with the Linux devicetree

To enable the load of the coprocessor firmware by OP-TEE, user have
to update the m4_rproc node compatible property:
-"st,stm32mp1-m4": the load is managed by Linux or U-boot,
-"st,stm32mp1-m4-tee": the load is managed by OP-TEE.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

dts: stm32mp15: disable non-secure IWDG2 on ST boards

Disable non-secure IWDG2 watchdog device in ST boards stm32mp157a-dk1,
stm32mp157c-dk2, stm32mp157c-ed1 and stm32mp157c-ev1. This watchdog is
fu

dts: stm32mp15: disable non-secure IWDG2 on ST boards

Disable non-secure IWDG2 watchdog device in ST boards stm32mp157a-dk1,
stm32mp157c-dk2, stm32mp157c-ed1 and stm32mp157c-ev1. This watchdog is
fully under control of the non-secure world and OP-TEE is not expected
to interfere with it.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp15: enable secure IWDG1 on ST boards

Enable IWDG1 watchdog device in ST boards stm32mp157a-dk1,
stm32mp157c-dk2, stm32mp157c-ed1 and stm32mp157c-ev1.

Reviewed-by: Gatien Chevallier <gat

dts: stm32mp15: enable secure IWDG1 on ST boards

Enable IWDG1 watchdog device in ST boards stm32mp157a-dk1,
stm32mp157c-dk2, stm32mp157c-ed1 and stm32mp157c-ev1.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp15: harden RCC secure configuration on ST boards

Enable STM32MP15 RCC secure hardening configuration on ST boards
(DK1, DK2, ED1 and EV1) to assign SoC clocks, reset controllers
and PWR

dts: stm32mp15: harden RCC secure configuration on ST boards

Enable STM32MP15 RCC secure hardening configuration on ST boards
(DK1, DK2, ED1 and EV1) to assign SoC clocks, reset controllers
and PWR regulators to OP-TEE secure world.

This change removes setting of &rcc node status property from
stm32mp157a-dk1.dts, stm32mp157c-dk2.dts as the property is
set from stm32mp15xx-dkx.dtsi that is included from the 2 former
DTS files.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp15: USBPHY regulator is always-on on ST boards

Sets property regulator-always-on on USB-PHY regulator supply for
ST boards DK1/DK2/ED1/EV1.

This fixes an issue in the commit that integr

dts: stm32mp15: USBPHY regulator is always-on on ST boards

Sets property regulator-always-on on USB-PHY regulator supply for
ST boards DK1/DK2/ED1/EV1.

This fixes an issue in the commit that integrated the regulator
framework in stm32mp1 scmi_server. On the mentioned boards, the
PWR USB3.3V regulator, exposed through SCMI to Linux/U-Boot, is
supplied by a PMIC regulator (named vdd_usb). The PMIC is connected
on an I2C bus currently assigned to non-secure world as used by mainline
Linux kernel and U-Boot for these boards. Therefore, OP-TEE can
access the PMIC at boot time to enable that PMIC regulator but not
at runtime as it could conflict with Linux kernel/U-Boot accesses on
that bus. Setting that PMIC regulator always-on on OP-TEE side
prevents OP-TEE from accessing the I2C bus to disable PMIC vdd_usb
regulator at runtime when Linux or U-Boot disable the PWR USB-3.3V
regulator using PWR regulator service exposed through SMCI.

On these boards, Linux and U-Boot are not expected to disable this
PMIC regulator. If so, the effect would be that SCMI requests to
enable to enable PWR USB-3.3V would simply return a failure code
and Linux/U-Boot USB stack to not be functional. OP-TEE core itself
does not use any USB resources on these platforms.

A ideal solution would be to assign that I2C bus to OP-TEE
(harden its secure configuration) but mainline Linux and U-Boot
packages are not yet ready for this due to legacy configuration
of these components for the devices connected on these boards. This
will come once mainline Linux kernel and U-Boot are ready.

Fixes: 23e200628dad ("plat-stm32mp1: scmi_server: use registered regulators")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add OTP index for HUK on stm32mp15 platform

Add the OTP index on stm32mp15 platform to indicate where to find the
previously provisioned HUK.

Signed-off-by: Nicolas Toromanoff <nicolas.

dts: stm32: add OTP index for HUK on stm32mp15 platform

Add the OTP index on stm32mp15 platform to indicate where to find the
previously provisioned HUK.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas BOURGOIN <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: reorder node in ST stm32mp15 board DTS files

Fixes node ordering in stm32mp15 DTS files where nodes shall be listed
in the alphabetical order of the node phandle labels.

Acked-by: Jerom

dts: stm32: reorder node in ST stm32mp15 board DTS files

Fixes node ordering in stm32mp15 DTS files where nodes shall be listed
in the alphabetical order of the node phandle labels.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: disable unused nodes in ST stm32mp15 boards DTS files

Disables nodes not consumed by OP-TEE for ST boards based on stm32mp15
devices.

Acked-by: Jerome Forissier <jerome.forissier@linaro

dts: stm32: disable unused nodes in ST stm32mp15 boards DTS files

Disables nodes not consumed by OP-TEE for ST boards based on stm32mp15
devices.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32mp15: bump to Linux v5.19-rc6 dts files
Synchronize with stm32mp15 dts(i) files from Linux v5.19-rc6.

Changes made to imported dts(i) files:
- stm32mp151.dtsi: add ETZPC node, declare PSCI

dts: stm32mp15: bump to Linux v5.19-rc6 dts files
Synchronize with stm32mp15 dts(i) files from Linux v5.19-rc6.

Changes made to imported dts(i) files:
- stm32mp151.dtsi: add ETZPC node, declare PSCI v1.0.
- stm32mp151.dtsi: add iwdg1 node as before
- stm32mp151.dtsi: add iwdg2 interrupt definition
- stm32mp151.dtsi: add tamp node clocks definition
- stm32mp151.dtsi: keep pin-controller{,-z} node names
- stm32mp157a-dk1.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: drop cryp1 okay status
- stm32mp157c-ed1.dts (included by ev1): disable RCC secure-status.
- stm32mp157c-ed1.dts: (included by ev1): drop cryp1 okay status
- Remove resources related to input DT bindings using explicit inline
comments as those are under Linux kernel GPLv2 licensing model.

This update is required to add a new board based on Linux 5.19-rc6
dts file.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32mp1: add IWDG1/2 watchdogs support

Add the IWDG1 and IWDG2 watchdog support in stm32mp15 SoCs and define
the watchdog timeout configuration.

On ED1/EV1/DK1/DK2 boards, IWDG1 is default di

dts: stm32mp1: add IWDG1/2 watchdogs support

Add the IWDG1 and IWDG2 watchdog support in stm32mp15 SoCs and define
the watchdog timeout configuration.

On ED1/EV1/DK1/DK2 boards, IWDG1 is default disabled while IWDG2 is
enabled and assigned to non-secure world. Despite IWDG2 is assigned
to non-secure world, TEE may need to kick the watchdog during
transitions when non-secure is not able to do so as some power
management transitions.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

dts: stm32mp1: disable CRYP1 device

Don't enable CRYP1 support in OP-TEE core from ST boards supporting
stm32mp1 platform to comply with the upstream boards DTS files since
v5.11 [1] in Linux kernel

dts: stm32mp1: disable CRYP1 device

Don't enable CRYP1 support in OP-TEE core from ST boards supporting
stm32mp1 platform to comply with the upstream boards DTS files since
v5.11 [1] in Linux kernel that enables CRYP1 in non-secure world.

Link: [1] https://github.com/torvalds/linux/commit/b6aa35c7393680ee0a1286ca3b3237fd106ef896
Fixes: 5e64ae6796b7 ("crypto: stm32: use CRYP IP for CIPHER algorithms")
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: enable CRYPTO HW if available

Compile crypto framework and use CRYP1 ip if available.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere

plat-stm32mp1: enable CRYPTO HW if available

Compile crypto framework and use CRYP1 ip if available.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARM: dts: stm32mp15: secure-status from RCC node

Remove specific secure-status property from RCC clock/reset device
node in the DT since useless now that RCC secure hardening configuration
is driven

ARM: dts: stm32mp15: secure-status from RCC node

Remove specific secure-status property from RCC clock/reset device
node in the DT since useless now that RCC secure hardening configuration
is driven from the node compatible property, not from status/secure-status
state.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dts: stm32mp1: non-secure can access MAC address and board ID OTPs

Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DT

dts: stm32mp1: non-secure can access MAC address and board ID OTPs

Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DTS files
since non-secure world is allowed to access these OTPs despite they
are located in the upper BSEC words (secure) area.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dts: stm32mp1: bump to Linux kernel v5.6.10 DTS files

Synchronize with STM32MP15 DTS files from Linux kernel v5.6.10.

Changes made on DTS/DTSI file from Linux kernel v5.6.10:
- stm32mp151.dtsi: add

dts: stm32mp1: bump to Linux kernel v5.6.10 DTS files

Synchronize with STM32MP15 DTS files from Linux kernel v5.6.10.

Changes made on DTS/DTSI file from Linux kernel v5.6.10:
- stm32mp151.dtsi: add ETZPC node, declare PSCI v1.0.
- stm32mp157a-dk1.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: disable RCC secure-status.
- stm32mp157c-ed1.dts (included by ev1): disable RCC secure-status.
- Remove resources related to input DT bindings using explicit inline
comments as those are under Linux kernel GPLv2 licensing model.

ETZPC node useless in non-secure Linux kernel but needed by secure
world.

RCC node remains disabled for the secure side so that RCC TZ
hardening is disabled since mainline Linux kernel and U-Boot
do not support SCMI clocks and reset domains. IWDG1, ETZPC, STGEN
and CRYP1 devices are described to ease their later integration.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dts: stm32mp1: default disable RCC secure hardening

This change disables security hardening of the RCC hardware interface
of ST boards. This allows one to use the upstream Linux kernel 5.2
in which

dts: stm32mp1: default disable RCC secure hardening

This change disables security hardening of the RCC hardware interface
of ST boards. This allows one to use the upstream Linux kernel 5.2
in which stm32mp1 platforms do not yet support hardened secure RCC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: update DTS files to Linux kernel 5.2-rc1

Synchronize stm32mp1 DTS files with those published in Linux kernel
source tree at commit a188339ca5a3 ("Linux 5.2-rc1").

This change updates plat

stm32mp1: update DTS files to Linux kernel 5.2-rc1

Synchronize stm32mp1 DTS files with those published in Linux kernel
source tree at commit a188339ca5a3 ("Linux 5.2-rc1").

This change updates platforms EV1 and ED1 and introduces DK1 and DK2
known as DiscoveryKit board. It also introduces stpmic1 bindings header
file needed for platform DTS files compilation.

Among other changes, this commit introduces STPMIC1 and BSEC description
nodes. STPMIC1 defines regulators. BSEC describes fuses and uses the
status / secure-status to define fuse access scope in the scope of BSEC
support.

This change strictly dumps Linux kernel DTS files into OP-TEE but
regarding stm32mp157c.dtsi for which the OP-TEE DTS file adds node
for the ETZPC device which is mandated by OP-TEE but not defined in
non-secure Linux kernel scope.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: device tree platform description

This change introduces the device tree source files describing boards
EV1 and ED1 and the related bindings.

The stm32mp1 DTS files and bindings header fil

stm32mp1: device tree platform description

This change introduces the device tree source files describing boards
EV1 and ED1 and the related bindings.

The stm32mp1 DTS files and bindings header files are dumped from
latest Linux kernel (v4.19). Bindings documentation is not stored in
OP-TEE OS source tree, one shall refer to the bindings documentation
from latest Linux kernel source tree.

Note that license terms where changed for binding header file gpio.h
to release them under dual 2-Clause DSB/GPLv2.0 instead of GPLv2.0 as
release in the Linux kernel.

Platform relies on DT source file (CFG_EMBED_DTB_SOURCE_FILE) to
distinguish between the platform flavors for the few configuration
directive that are static and cannot be provided only through FDT.

Default configuration locates the secure DDR area (TZDRAM) from
the base address of the last 32MBytes of the DDR over 30Mbyte.
The last 2MBytes of the DDR are the OP-TEE static shared memory.

Many contributors not listed below.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...