(三)正点原子STM32MP135移植——optee移植
一、概述
OP-TEE 是一个开源工程,完整的实现了一个可信执行环境。 主要包括 Secure world OS(optee_os)、normal world client(optee_client)、test suite(optee_test/xtest)以及 Linux 驱动部分。
OP-TEE 的全称是 Open-source Portable Trusted Execution Environment,其中 TEE(可信执行环境)是基于 trustzone 技术搭建的安全执行环境。该项目最初由意法半导体(ST)和爱立信发起,是一个专门的解决方案,后来由意法半导体拥有和维护。2014年,Linaro 开始与意法半导体合作,逐步将这个专有的 TEE 解决方案转换成一个开源的 TEE 解决方案。
ARM 公司提出的 trustzone 技术是用一根安全总线(称为 NS 位)来判断系统当前处于 secure world 还是 non-secure world 状态,状态的切换由 ATF(ARM Trusted Firmware)来完成。
二、编译官方代码
进入到optee的目录,里面有这几个文件
1.optee-os-stm32mp-3.19.0-stm32mp-r1-r0.tar.xz 源码压缩包
2.fonts.tar.gz 老实讲我不知道这是啥
3.Makefile.sdk
4.README.HOW_TO.txt 官方给的使用说明
5.series
6.0001-3.19.0-stm32mp-r1.patch 补丁
2.1 解压源码 、打补丁
/* 解压源码 */
tar xf optee-os-stm32mp-3.19.0-stm32mp-r1-r0.tar.xz
/* 进入源码目录 */
cd cd optee-os-stm32mp-3.19.0-stm32mp-r1/
/* 解压不知名文件 */
tar xf ../fonts.tar.gz
/* 打补丁 */
for p in `ls -1 ../*.patch`; do patch -p1 < $p; done2.2 修改Makefile.sdk
打开Makefile.sdk,把DEPLOYDIR目录改成这个:
DEPLOYDIR ?= $(SRC_PATH)/../../FIP_artifacts/optee
再把设备树改成这个:
CFG_EMBED_DTB_SOURCE_FILE ?= stm32mp135f-dk
2.3 配置编译环境
/* 加载环境 */
source /opt/st/stm32mp1/4.2.1-openstlinux-6.1-yocto-mickledore-mp1-v23.06.21/environment-setup-cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi
/* 配置环境变量 */
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts不要关了这个终端,它已经配置好了,关于这部分的配置,可以看上一篇关于TF-A的解释比较详细。
2.4 编译
make -f ../Makefile.sdk all最后提示我们:Missing u-boot-stm32mp135f-dk.dtb file in folder: '$FIP_DEPLOYDIR_UBOOT' or '$FIP_DEPLOYDIR_ROOT/u-boot'
没有关系,这是因为还没有编译u-boot,optee、TF-A、u-boot最后会一起打包的,忽视这个警告即可
三、移植
3.1 复制官方文件
/* 进入设备树目录 */
cd core/arch/arm/dts/
/* 复制文件 */
cp stm32mp13-pinctrl.dtsi stm32mp13-pinctrl-atk.dtsi
cp stm32mp135f-dk.dts stm32mp135-atk.dts打开stm32mp135-atk.dts文件,第一件事先把头文件修改了
// #include "stm32mp13-pinctrl.dtsi"
#include "stm32mp13-pinctrl-atk.dtsi"3.2 修改电源
这里和TF-A基本移植,删掉i2c4节点,然后增加我们自己的电源描述
首先找到i2c4这个节点,不要犹豫,把它全都删了,干干净净
&i2c4 {
pinctrl-names = "default";
pinctrl-0 = <&i2c4_pins_a>;
i2c-scl-rising-time-ns = <185>;
i2c-scl-falling-time-ns = <20>;
clock-frequency = <400000>;
status = "okay";
pmic: stpmic@33 {
compatible = "st,stpmic1";
reg = <0x33>;
status = "okay";
st,wakeup-pin-number = <1>;
st,notif-it-id = <0>;
regulators {
compatible = "st,stpmic1-regulators";
buck1-supply = <&vin>;
buck2-supply = <&vin>;
buck3-supply = <&vin>;
buck4-supply = <&vin>;
ldo1-supply = <&vin>;
ldo4-supply = <&vin>;
ldo5-supply = <&vin>;
ldo6-supply = <&vin>;
vref_ddr-supply = <&vin>;
pwr_sw1-supply = <&bst_out>;
pwr_sw2-supply = <&v3v3_ao>;
vddcpu: buck1 {
regulator-name = "vddcpu";
regulator-min-microvolt = <1250000>;
regulator-max-microvolt = <1350000>;
regulator-always-on;
regulator-over-current-protection;
lp-stop {
regulator-suspend-microvolt = <1250000>;
};
lplv-stop {
regulator-suspend-microvolt = <900000>;
};
lplv-stop2 {
regulator-off-in-suspend;
};
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
vdd_ddr: buck2 {
regulator-name = "vdd_ddr";
regulator-min-microvolt = <1350000>;
regulator-max-microvolt = <1350000>;
regulator-always-on;
regulator-over-current-protection;
standby-ddr-off {
regulator-off-in-suspend;
};
};
vdd: buck3 {
regulator-name = "vdd";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-always-on;
st,mask-reset;
regulator-over-current-protection;
};
vddcore: buck4 {
regulator-name = "vddcore";
regulator-min-microvolt = <1250000>;
regulator-max-microvolt = <1250000>;
regulator-always-on;
regulator-over-current-protection;
lplv-stop {
regulator-suspend-microvolt = <900000>;
};
lplv-stop2 {
regulator-suspend-microvolt = <900000>;
};
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
vdd_adc: ldo1 {
regulator-name = "vdd_adc";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
unused1: ldo2 {
regulator-name = "ldo2";
};
unused2: ldo3 {
regulator-name = "ldo3";
};
vdd_usb: ldo4 {
regulator-name = "vdd_usb";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
vdd_sd: ldo5 {
regulator-name = "vdd_sd";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-boot-on;
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
v1v8_periph: ldo6 {
regulator-name = "v1v8_periph";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
vref_ddr: vref_ddr {
regulator-name = "vref_ddr";
regulator-always-on;
standby-ddr-sr {
regulator-off-in-suspend;
};
standby-ddr-off {
regulator-off-in-suspend;
};
};
bst_out: boost {
regulator-name = "bst_out";
};
v3v3_sw: pwr_sw2 {
regulator-name = "v3v3_sw";
regulator-active-discharge = <1>;
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
};
};
};
};再找到scmi_regu节点,不要犹豫,删他个干净
&scmi_regu {
scmi_vddcpu: voltd-vddcpu {
reg = ;
voltd-supply = <&vddcpu>;
};
scmi_vdd: voltd-vdd {
reg = ;
voltd-supply = <&vdd>;
};
scmi_vddcore: voltd-vddcore {
reg = ;
voltd-supply = <&vddcore>;
};
scmi_vdd_adc: voltd-vdd_adc {
reg = ;
voltd-supply = <&vdd_adc>;
};
scmi_vdd_usb: voltd-vdd_usb {
reg = ;
voltd-supply = <&vdd_usb>;
};
scmi_vdd_sd: voltd-vdd_sd {
reg = ;
voltd-supply = <&vdd_sd>;
};
scmi_v1v8_periph: voltd-v1v8_periph {
reg = ;
voltd-supply = <&v1v8_periph>;
};
scmi_v3v3_sw: voltd-v3v3_sw {
reg = ;
voltd-supply = <&v3v3_sw>;
};
}; 然后再根节点下面,vin:vin节点后面或者随便哪里,添加我们的电源,至于哪个vin和v3v3_ao要不要应该无所谓把,笔者已经把它删了
vddcore: vddcore {
compatible = "regulator-fixed";
regulator-name = "vddcore";
regulator-min-microvolt = <1250000>;
regulator-max-microvolt = <1250000>;
regulator-off-in-suspend;
regulator-always-on;
};
vddcpu: vddcpu {
compatible = "regulator-fixed";
regulator-name = "vddcpu";
regulator-min-microvolt = <1350000>;
regulator-max-microvolt = <1350000>;
regulator-off-in-suspend;
regulator-always-on;
};
v3v3: v3v3 {
compatible = "regulator-fixed";
regulator-name = "v3v3";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-off-in-suspend;
regulator-always-on;
};
vdd: vdd {
compatible = "regulator-fixed";
regulator-name = "vdd";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-off-in-suspend;
regulator-always-on;
};
vdd_usb: vdd_usb {
compatible = "regulator-fixed";
regulator-name = "vdd_usb";
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-off-in-suspend;
regulator-always-on;
};3.3 删除其它
usart1节点、wakeup_pin_5、tamp节点、ltdc节点、gpiob、gpiod、gpioe、gpioi,
以及aliases节点下的serial1=&usart1。这些都可以删掉,不删掉应该也不大关系。然后根节点下model和compatible可以改成我们自己的板子的信息。
3.4 追加hse
在末尾追加一个节点
&clk_hse {
st,digbypass;
};3.5 stm32mp13-pinctrl-atk.dtsi
这个文件改不改都行,笔者直接不改也能跑,要改的话只剩一个usart4的就可以了
四、编译
先去Makefile.sdk里面,把设备树改成我们的板子
CFG_EMBED_DTB_SOURCE_FILE ?= stm32mp135-atk
还记得刚才打开没关闭的终端吗?如果关了,那就要重新设置环境变量了哦!回到2.3节的第二步,重新把环境变量设置好,然后编译
make -f ../Makefile.sdk all可以看到 FIP_artifacts/optee多了三个文件:
1.tee-header_v2-stm32mp135-atk.bin
2.tee-pageable_v2-stm32mp135-atk.bin
3.tee-pager_v2-stm32mp135-atk.bin