Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ccmp15/ccmp25: update Cortex-M signed firmware support 

Update secure boot support for Cortex-M processors by refreshing the patch set
and dropping patches already integrated, aligning the implementation with ST
release openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18.

https://onedigi.atlassian.net/browse/DEL-10022

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2026-03-20 12:44:13 +01:00
parent 6e5e6b9dc2
commit ab4a2d558b
8 changed files with 16 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp/0001-ARM-dts-ccmp15-add-signed-firmware-support-for-RPROC.patch
View File

@ -1,5 +1,5 @@
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Mon, 3 Nov 2025 23:00:27 +0100
Date: Wed, 18 Mar 2026 22:07:56 +0100
Subject: [PATCH] ARM: dts: ccmp15: add signed firmware support for RPROC
Enable the Cortex-M4 inter-processor communication node so remoteproc can
@ -9,24 +9,19 @@ https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
core/arch/arm/dts/ccmp15-dvk.dtsi | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
core/arch/arm/dts/ccmp15-dvk.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/arch/arm/dts/ccmp15-dvk.dtsi b/core/arch/arm/dts/ccmp15-dvk.dtsi
index 7ea04b659..53533bd36 100644
index ff7ee6504..ea88e3e1e 100644
--- a/core/arch/arm/dts/ccmp15-dvk.dtsi
+++ b/core/arch/arm/dts/ccmp15-dvk.dtsi
@@ -263,9 +263,12 @@
@@ -259,7 +259,7 @@
&m4_rproc {
memory-region = <&retram>, <&mcusram1>, <&mcusram2>, <&mcusram3>;
mboxes = <&ipcc 0>, <&ipcc 1>, <&ipcc 2>, <&ipcc 3>;
mbox-names = "vq0", "vq1", "shutdown", "detach";
+ resets = <&rcc MCU_R>, <&rcc MCU_HOLD_BOOT_R>;
+ reset-names = "mcu_rst", "hold_boot";
+ #reset-cells = <1>;
interrupt-parent = <&exti>;
interrupts = <68 1>;
- status = "disabled";
+ status = "okay";
};
&mcusram1 {

55
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp/0002-Revert-drivers-remoteproc-stm32mp15-check-Cortex-M-i.patch
View File

@ -1,55 +0,0 @@
From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Date: Wed, 7 Jan 2026 14:10:13 +0100
Subject: [PATCH] Revert "drivers: remoteproc: stm32mp15: check Cortex-M
isolation"
This reverts commit b9f1c0820783436d45646fa50a62702f85d8fd62.
The MCKPROT is a system configuration that protects MCUSS clocks.
This must not be managed in remoteproc, as some peripherals use PLL3
as the parent clock.
Some SCMI services must first be implemented to manage the MCUSS clocks
before allowing the enabling of MCKPROT.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Change-Id: I78214e4c482c3947fa36c0bde7cd2fe2eee133d4
---
core/drivers/remoteproc/stm32_remoteproc.c | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/core/drivers/remoteproc/stm32_remoteproc.c b/core/drivers/remoteproc/stm32_remoteproc.c
index c99a47fe3..914474035 100644
--- a/core/drivers/remoteproc/stm32_remoteproc.c
+++ b/core/drivers/remoteproc/stm32_remoteproc.c
@@ -8,9 +8,6 @@
#include <drivers/firewall_device.h>
#include <drivers/rstctrl.h>
#include <drivers/stm32_remoteproc.h>
-#ifdef CFG_STM32MP15
-#include <drivers/stm32mp1_rcc.h>
-#endif
#include <keep.h>
#include <kernel/cache_helpers.h>
#include <kernel/dt_driver.h>
@@ -904,19 +901,6 @@ static TEE_Result stm32_rproc_probe(const void *fdt, int node,
stm32_rproc_a35ss_cfg(rproc);
#endif
-#ifdef CFG_STM32MP15
- if (!rproc->cdata->ns_loading) {
- if (!stm32_rcc_is_secure()) {
- if (IS_ENABLED(CFG_INSECURE))
- IMSG("WARNING: insecure rproc support regarding RCC hardening");
- else
- panic("RCC secure hardening issue");
- } else {
- stm32_rcc_set_mckprot(true);
- }
- }
-#endif
-
if (!rproc->cdata->ns_loading)
SLIST_INSERT_HEAD(&rproc_list, rproc, link);

38
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp/0003-drivers-firewall-stm32_etzpc-remove-trace-when-rcc-m.patch
View File

@ -1,38 +0,0 @@
From: Patrick Delaunay <patrick.delaunay@foss.st.com>
Date: Thu, 8 Jan 2026 10:20:20 +0100
Subject: [PATCH] drivers: firewall: stm32_etzpc: remove trace when rcc mckprot
is not activated
The RCC MCKPROT is deactivated even for remoteproc with secure loading
embedded in the platform, so stm32_rcc_is_mckprot always returns false
and a WARNING traces are displayed.
I/TC: WARNING: RCC tzen:1 mckprot:0, insecure ETZPC hardening
81:ETZPC_DECPROT_MCU_ISOLATION
This patch temporarily removes this trace in OpenSTLinux V6.X
as mckprot is not managed.
NOT_UPSTREAMABLE only avoid warning message.
https://onedigi.atlassian.net/browse/DEL-9920
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: If8cbec0bc2d5ad65b2f5e716c561f9598728d4e0
---
core/drivers/firewall/stm32_etzpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/drivers/firewall/stm32_etzpc.c b/core/drivers/firewall/stm32_etzpc.c
index 257bcd76e..9d588b1c3 100644
--- a/core/drivers/firewall/stm32_etzpc.c
+++ b/core/drivers/firewall/stm32_etzpc.c
@@ -184,7 +184,7 @@ sanitize_decprot_config(uint32_t decprot_id __maybe_unused,
}
break;
case ETZPC_DECPROT_MCU_ISOLATION:
- if (!stm32_rcc_is_secure() || !stm32_rcc_is_mckprot()) {
+ if (!stm32_rcc_is_secure()) {
IMSG("WARNING: RCC tzen:%u mckprot:%u, insecure ETZPC hardening %"PRIu32":%s",
stm32_rcc_is_secure(), stm32_rcc_is_mckprot(),
decprot_id, etzpc_decprot_strings[attr]);

4
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend
View File

@ -21,9 +21,7 @@ SRC_URI = " \
"
SRC_URI:append:ccmp15 = " \
${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1' , 'file://0001-ARM-dts-ccmp15-add-signed-firmware-support-for-RPROC.patch \
file://0002-Revert-drivers-remoteproc-stm32mp15-check-Cortex-M-i.patch \
file://0003-drivers-firewall-stm32_etzpc-remove-trace-when-rcc-m.patch', '', d)} \
${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1' , 'file://0001-ARM-dts-ccmp15-add-signed-firmware-support-for-RPROC.patch', '', d)} \
"
SRC_URI:append:ccmp25 = " \

6
meta-digi-arm/recipes-bsp/u-boot/u-boot-dey/ccmp25-dvk/0001-ARM-dts-ccmp25-add-signed-firmware-support-for-RPROC.patch
View File

@ -1,5 +1,5 @@
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Thu, 30 Oct 2025 14:35:29 +0100
Date: Wed, 18 Mar 2026 15:26:07 +0100
Subject: [PATCH] ARM: dts: ccmp25: add signed firmware support for RPROC
Declare only the shared memory used for inter-processor communication
@ -14,7 +14,7 @@ Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/arch/arm/dts/ccmp25.dtsi b/arch/arm/dts/ccmp25.dtsi
index 913eac366b9..51b65f2408a 100644
index cdbc26efabc..b0a91cb0180 100644
--- a/arch/arm/dts/ccmp25.dtsi
+++ b/arch/arm/dts/ccmp25.dtsi
@@ -246,11 +246,8 @@
@ -25,7 +25,7 @@ index 913eac366b9..51b65f2408a 100644
- <&ipc_shmem_1>, <&vdev0vring0>,
- <&vdev0vring1>, <&vdev0buffer>,
- <&cm33_sram2>;
- st,syscfg-nsvtor = <&a35ss_syscfg 0xa8 0xffffff80>;
- st,syscfg-nsvtor = <&a35ss_syscfg 0x20a8 0xffffff80>;
+ compatible = "st,stm32mp2-m33-tee";
+ memory-region = <&vdev0vring0>, <&vdev0vring1>, <&vdev0buffer>, <&ipc_shmem_1>;
status = "okay";

217
meta-digi-arm/recipes-kernel/linux/linux-dey/ccmp1/0002-remoteproc-stm32_rproc-make-reset-and-hold-boot-opti.patch
View File

@ -1,217 +0,0 @@
From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Date: Wed, 7 Jan 2026 14:56:36 +0100
Subject: [PATCH] remoteproc: stm32_rproc: make reset and hold boot optional
As specified in the bindings, the "mcu_rst" and "hold_boot" resets are
optional. They are needed only in the following topologies:
- stm32mp15: when the device tree defines the compatible "st,stm32mp1-m4"
- stm32mp2x A35 cold boot: when the device tree defines the compatible
"st,stm32mp2-m33"
This commit splits the management of the "mcu_rst" and "hold_boot" resets
per series:
- Migrates reset management code from stm32_rproc_parse_dt() to the
stm32_rproc_get_m4_reset() function
- Creates `stm32_rproc_get_m33_reset()` function to manage M33 resets
- No legacy property support needed
- "mcu_rst" and "hold_boot" are optional
Additionally, the get_reset() ops is called only for "st,stm32mp2-m33"
or "st,stm32mp2-m4" compatibles, when `ddata->trproc` is NULL.
https://onedigi.atlassian.net/browse/DEL-9920
Change-Id: Iddf5c28882eac4e051fec10367439f5991cdcaf1
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
---
drivers/remoteproc/stm32_rproc.c | 129 ++++++++++++++++++++-----------
1 file changed, 82 insertions(+), 47 deletions(-)
diff --git a/drivers/remoteproc/stm32_rproc.c b/drivers/remoteproc/stm32_rproc.c
index d21f22164814..46390045a63d 100644
--- a/drivers/remoteproc/stm32_rproc.c
+++ b/drivers/remoteproc/stm32_rproc.c
@@ -83,6 +83,7 @@ struct stm32_rproc_mem {
struct stm32_rproc_data {
int proc_id;
int (*get_info)(struct rproc *rproc);
+ int (*get_reset)(struct rproc *rproc);
};
struct stm32_mbox {
@@ -997,24 +998,6 @@ static int stm32_rproc_get_m33_info(struct rproc *rproc)
return 0;
}
-static const struct stm32_rproc_data stm32_rproc_stm32pm15 = {
- .proc_id = STM32_MP1_M4_PROC_ID,
- .get_info = stm32_rproc_get_m4_info,
-};
-
-static const struct stm32_rproc_data stm32_rproc_stm32pm25 = {
- .proc_id = STM32_MP2_M33_PROC_ID,
- .get_info = stm32_rproc_get_m33_info,
-};
-
-static const struct of_device_id stm32_rproc_match[] = {
- {.compatible = "st,stm32mp1-m4", .data = &stm32_rproc_stm32pm15},
- {.compatible = "st,stm32mp1-m4-tee", .data = &stm32_rproc_stm32pm15},
- {.compatible = "st,stm32mp2-m33", .data = &stm32_rproc_stm32pm25},
- {.compatible = "st,stm32mp2-m33-tee", .data = &stm32_rproc_stm32pm25},
- {},
-};
-MODULE_DEVICE_TABLE(of, stm32_rproc_match);
static int stm32_rproc_get_syscon(struct device_node *np, const char *prop,
struct stm32_syscon *syscon)
@@ -1038,42 +1021,29 @@ static int stm32_rproc_get_syscon(struct device_node *np, const char *prop,
return err;
}
-static int stm32_rproc_parse_dt(struct platform_device *pdev,
- struct stm32_rproc *ddata, bool *auto_boot)
+static int stm32_rproc_get_m4_reset(struct rproc *rproc)
{
- struct device *dev = &pdev->dev;
+ struct stm32_rproc *ddata = rproc->priv;
+ struct device *dev = rproc->dev.parent;
struct device_node *np = dev->of_node;
struct stm32_syscon tz;
unsigned int tzen;
- int err, irq;
-
- irq = platform_get_irq(pdev, 0);
- if (irq == -EPROBE_DEFER)
- return dev_err_probe(dev, irq, "failed to get interrupt\n");
-
- if (irq > 0) {
- err = devm_request_irq(dev, irq, stm32_rproc_wdg, 0,
- dev_name(dev), pdev);
- if (err)
- return dev_err_probe(dev, err,
- "failed to request wdg irq\n");
-
- ddata->wdg_irq = irq;
-
- if (of_property_read_bool(np, "wakeup-source"))
- ddata->wdg_wake_up = 1;
-
- dev_info(dev, "wdg irq registered\n");
- }
+ int err = 0;
ddata->rst = devm_reset_control_get_optional(dev, "mcu_rst");
if (!ddata->rst) {
/* Try legacy fallback method: get it by index */
ddata->rst = devm_reset_control_get_by_index(dev, 0);
}
- if (IS_ERR(ddata->rst))
- return dev_err_probe(dev, PTR_ERR(ddata->rst),
- "failed to get mcu_reset\n");
+ if (IS_ERR(ddata->rst)) {
+ if (PTR_ERR(ddata->rst) != -ENOENT)
+ return dev_err_probe(dev, PTR_ERR(ddata->rst),
+ "failed to get mcu_reset\n");
+ ddata->rst = NULL;
+ }
+
+ if (!ddata->rst)
+ return 0;
/*
* Three ways to manage the hold boot
@@ -1085,11 +1055,10 @@ static int stm32_rproc_parse_dt(struct platform_device *pdev,
* - default(no SCMI, no SMC): the hold boot is managed as a syscon register
* The DT "reset-mames" property is optional, "st,syscfg-holdboot" is required
*/
-
ddata->hold_boot_rst = devm_reset_control_get_optional(dev, "hold_boot");
if (IS_ERR(ddata->hold_boot_rst))
return dev_err_probe(dev, PTR_ERR(ddata->hold_boot_rst),
- "failed to get hold_boot reset\n");
+ "failed to get hold_boot reset\n");
if (!ddata->hold_boot_rst && IS_ENABLED(CONFIG_HAVE_ARM_SMCCC)) {
/* Manage the MCU_BOOT using SMC call */
@@ -1108,6 +1077,72 @@ static int stm32_rproc_parse_dt(struct platform_device *pdev,
/* Default: hold boot manage it through the syscon controller */
err = stm32_rproc_get_syscon(np, "st,syscfg-holdboot",
&ddata->hold_boot);
+ }
+
+ return err;
+}
+
+static int stm32_rproc_get_m33_reset(struct rproc *rproc)
+{
+ struct stm32_rproc *ddata = rproc->priv;
+ struct device *dev = rproc->dev.parent;
+
+ ddata->rst = devm_reset_control_get_optional(dev, "mcu_rst");
+ ddata->hold_boot_rst = devm_reset_control_get_optional(dev, "hold_boot");
+
+ return 0;
+}
+
+static const struct stm32_rproc_data stm32_rproc_stm32pm15 = {
+ .proc_id = STM32_MP1_M4_PROC_ID,
+ .get_info = stm32_rproc_get_m4_info,
+ .get_reset = stm32_rproc_get_m4_reset,
+};
+
+static const struct stm32_rproc_data stm32_rproc_stm32pm25 = {
+ .proc_id = STM32_MP2_M33_PROC_ID,
+ .get_info = stm32_rproc_get_m33_info,
+ .get_reset = stm32_rproc_get_m33_reset,
+};
+
+static const struct of_device_id stm32_rproc_match[] = {
+ {.compatible = "st,stm32mp1-m4", .data = &stm32_rproc_stm32pm15},
+ {.compatible = "st,stm32mp1-m4-tee", .data = &stm32_rproc_stm32pm15},
+ {.compatible = "st,stm32mp2-m33", .data = &stm32_rproc_stm32pm25},
+ {.compatible = "st,stm32mp2-m33-tee", .data = &stm32_rproc_stm32pm25},
+ {},
+};
+MODULE_DEVICE_TABLE(of, stm32_rproc_match);
+
+static int stm32_rproc_parse_dt(struct platform_device *pdev,
+ struct rproc *rproc, bool *auto_boot)
+{
+ struct device *dev = &pdev->dev;
+ struct device_node *np = dev->of_node;
+ struct stm32_rproc *ddata = rproc->priv;
+ int err, irq;
+
+ irq = platform_get_irq(pdev, 0);
+ if (irq == -EPROBE_DEFER)
+ return dev_err_probe(dev, irq, "failed to get interrupt\n");
+
+ if (irq > 0) {
+ err = devm_request_irq(dev, irq, stm32_rproc_wdg, 0,
+ dev_name(dev), pdev);
+ if (err)
+ return dev_err_probe(dev, err,
+ "failed to request wdg irq\n");
+
+ ddata->wdg_irq = irq;
+
+ if (of_property_read_bool(np, "wakeup-source"))
+ ddata->wdg_wake_up = 1;
+
+ dev_info(dev, "wdg irq registered\n");
+ }
+
+ if (!ddata->trproc) {
+ err = ddata->desc->get_reset(rproc);
if (err) {
dev_err(dev, "failed to get hold boot\n");
return err;
@@ -1231,7 +1266,7 @@ static int stm32_rproc_probe(struct platform_device *pdev)
ddata->desc = desc;
ddata->trproc = trproc;
- ret = stm32_rproc_parse_dt(pdev, ddata, &rproc->auto_boot);
+ ret = stm32_rproc_parse_dt(pdev, rproc, &rproc->auto_boot);
if (ret)
goto free_rproc;

6
meta-digi-arm/recipes-kernel/linux/linux-dey/ccmp2/0001-ARM64-dts-ccmp25-add-signed-firmware-support-for-RPR.patch
View File

@ -1,5 +1,5 @@
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Thu, 30 Oct 2025 14:15:14 +0100
Date: Wed, 18 Mar 2026 15:30:31 +0100
Subject: [PATCH] ARM64: dts: ccmp25: add signed firmware support for RPROC
Declare only the shared memory used for inter-processor communication
@ -14,7 +14,7 @@ Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/boot/dts/digi/ccmp25.dtsi b/arch/arm64/boot/dts/digi/ccmp25.dtsi
index 153726203533..89f5bf75fd9f 100644
index 0940797f47fa..444ebc920187 100644
--- a/arch/arm64/boot/dts/digi/ccmp25.dtsi
+++ b/arch/arm64/boot/dts/digi/ccmp25.dtsi
@@ -346,11 +346,8 @@ &m0_rproc {
@ -25,7 +25,7 @@ index 153726203533..89f5bf75fd9f 100644
- <&ipc_shmem_1>, <&vdev0vring0>,
- <&vdev0vring1>, <&vdev0buffer>,
- <&cm33_sram2>;
- st,syscfg-nsvtor = <&a35ss_syscfg 0xa8 0xffffff80>;
- st,syscfg-nsvtor = <&a35ss_syscfg 0x20a8 0xffffff80>;
+ compatible = "st,stm32mp2-m33-tee";
+ memory-region = <&vdev0vring0>, <&vdev0vring1>, <&vdev0buffer>, <&ipc_shmem_1>;
status = "okay";

3
meta-digi-arm/recipes-kernel/linux/linux-dey_6.6.bb
View File

@ -23,8 +23,7 @@ SRC_URI:append = " \
"
SRC_URI:append:ccmp15 = " \
${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1' , 'file://0001-ARM-dts-ccmp15-add-signed-firmware-support-for-RPROC.patch \
file://0002-remoteproc-stm32_rproc-make-reset-and-hold-boot-opti.patch', '', d)} \
${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1' , 'file://0001-ARM-dts-ccmp15-add-signed-firmware-support-for-RPROC.patch', '', d)} \
"
SRC_URI:append:ccmp25 = " \