stm32mp1: WITH_RPMB_TEST=y enables RPMB secure storage Add build config switch WITH_RPMB_TEST=y|n for stm32mp1 platforms for when RPMB support shall be enabled. This configuration switch is intended by test purpose and enables CFG_RPMB_TESTKEY and CFG_REE_FS_ALLOW_RESET. This means the eMMC device's RPMB partition should be programmed with OP-TEE's RPMB test key. Refer to OP-TEE OS config switch CFG_RPMB_WRITE_KEY for programming the RPMB key in the eMMC device. Refer to OP-TEE OS config switch CFG_RPMB_RESET_FAT to reset the RPMB secure storage content. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

commit: b7970d0897fcf2920056696c2883379fa7f2b534 [log] [tgz]
author: Etienne Carriere <etienne.carriere@foss.st.com> Tue Sep 20 18:45:50 2022 +0200
committer: Jérôme Forissier <jerome@forissier.org> Mon Dec 04 11:21:21 2023 +0100
tree: 89e8a776a16609c63ffc7b902dfb1eaadfa7a0df
parent: d26e97e152c2f158eebe07b73fbe94c684ed3d0f [diff] [blame]
diff --git a/stm32mp1.mk b/stm32mp1.mk
index 5056ccc..dacfb40 100644
--- a/stm32mp1.mk
+++ b/stm32mp1.mk

@@ -36,6 +36,7 @@
 STM32MP1_DTS_BASENAME	= stm32mp157c-ev1
 STM32MP1_DTS_LINUX 	?= $(STM32MP1_DTS_BASENAME)-scmi
 STM32MP1_DTS_U_BOOT 	?= $(STM32MP1_DTS_BASENAME)-scmi
+CFG_RPMB_FS_DEV_ID	= 1
 else ifeq ($(PLATFORM),stm32mp1-157C_ED1)
 BREXT_FLAVOR		= STM32MP157C-ED1
 STM32MP1_DTS_BASENAME	= stm32mp157c-ed1
@@ -53,6 +54,13 @@
 STM32MP1_DTS_U_BOOT ?= $(STM32MP1_DTS_BASENAME)
 STM32MP1_DEFCONFIG_U_BOOT ?= stm32mp15_defconfig
 
+# When enabled WITH_RPMB_TEST enables RPMB secure storage test configuration.
+# The configuraiton enables OP-TEE RPMB test key (CFG_RPMB_TESTKEY=y)
+# and CFG_REE_FS_ALLOW_RESET to allow testing with an empty REE_FS secure
+# storage content wihtout needing to reset the full RPMB_FS secure storage.
+# This configuration switch is intended to platforms with an eMMC device.
+WITH_RPMB_TEST ?= n
+
 ################################################################################
 # Binary images names
 ################################################################################
@@ -94,6 +102,14 @@
 ################################################################################
 # OP-TEE OS
 ################################################################################
+ifeq ($(WITH_RPMB_TEST),y)
+CFG_RPMB_FS_DEV_ID ?= 1
+OPTEE_OS_COMMON_FLAGS += \
+		CFG_RPMB_FS_DEV_ID=$(CFG_RPMB_FS_DEV_ID) \
+		CFG_RPMB_FS=y \
+		CFG_RPMB_TESTKEY=y \
+		CFG_REE_FS_ALLOW_RESET=y
+endif # WITH_RPMB_TEST
 
 # Provide scp-firmware source tree path in case CFG_SCMI_SERVER is enabled
 OPTEE_OS_COMMON_FLAGS += CFG_SCP_FIRMWARE=$(SCPFW_PATH)
@@ -204,6 +220,13 @@
 BR2_ROOTFS_POST_SCRIPT_ARGS="$(BREXT_GENIMAGE_CONFIG) $(BINARIES_PATH) $(BREXT_BOOTFS_OVERLAY)"
 BR2_ROOTFS_POST_IMAGE_SCRIPT=$(BREXT_BOARD_PATH)/post-image.sh
 
+ifeq ($(WITH_RPMB_TEST),y)
+# Use S30optee init.d script that runs tee-supplicant as root
+BR2_ROOTFS_OVERLAY=$(BREXT_BOARD_PATH)/overlay-$(BREXT_FLAVOR)-rpmb
+# Disable RPMB emulation in tee-supplicant
+BR2_PACKAGE_OPTEE_CLIENT_EXT_RPMB_EMU=n
+endif # WITH_RPMB_TEST
+
 # TF-A, Linux kernel, U-Boot and OP-TEE OS/Client/... are not built from their
 # related Buildroot native package.
 BR2_TARGET_ARM_TRUSTED_FIRMWARE=n
commit	b7970d0897fcf2920056696c2883379fa7f2b534	[log] [tgz]
author	Etienne Carriere <etienne.carriere@foss.st.com>	Tue Sep 20 18:45:50 2022 +0200
committer	Jérôme Forissier <jerome@forissier.org>	Mon Dec 04 11:21:21 2023 +0100
tree	89e8a776a16609c63ffc7b902dfb1eaadfa7a0df
parent	d26e97e152c2f158eebe07b73fbe94c684ed3d0f [diff] [blame]