From 7ae22d72781de76b3c23b018a3fccc172e9875de Mon Sep 17 00:00:00 2001 From: Patrick Delaunay Date: Wed, 12 Feb 2020 19:37:38 +0100 Subject: arm: stm32mp: bsec: add permanent lock support in bsec driver Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver. The write access only available for Trusted boot mode, based on new SMC STM32_SMC_WRLOCK_OTP. With the fuse command, the permanent lock status is accessed with 0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program divided by u32 size), for example: Read lock status of fuse 57 (0x39) STM32MP> fuse sense 0 0x10000039 1 Sensing bank 0: Word 0x10000039: 00000000 Set permanent lock of fuse 57 (0x39) STM32MP> fuse prog 0 0x10000039 1 Sensing bank 0: Word 0x10000039: 00000000 WARNING: the OTP lock is updated only after reboot WARING: Programming lock or fuses is an irreversible operation! This may brick your system. Signed-off-by: Patrick Delaunay Acked-by: Patrice Chotard --- doc/board/st/stm32mp1.rst | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) (limited to 'doc') diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst index 1640bf910ec..ee42af6579d 100644 --- a/doc/board/st/stm32mp1.rst +++ b/doc/board/st/stm32mp1.rst @@ -416,20 +416,26 @@ For STMicroelectonics board, it is retrieved in STM32MP15x OTP : - OTP_58[15:0] = MAC_ADDR[47:32] To program a MAC address on virgin OTP words above, you can use the fuse command -on bank 0 to access to internal OTP: +on bank 0 to access to internal OTP and lock them: Prerequisite: check if a MAC address isn't yet programmed in OTP -1) check OTP: their value must be equal to 0 +1) check OTP: their value must be equal to 0:: - STM32MP> fuse sense 0 57 2 - Sensing bank 0: - Word 0x00000039: 00000000 00000000 + STM32MP> fuse sense 0 57 2 + Sensing bank 0: + Word 0x00000039: 00000000 00000000 + +2) check environment variable:: + + STM32MP> env print ethaddr + ## Error: "ethaddr" not defined -2) check environment variable +3) check lock status of fuse 57 & 58 (at 0x39, 0=unlocked, 1=locked):: - STM32MP> env print ethaddr - ## Error: "ethaddr" not defined + STM32MP> fuse sense 0 0x10000039 2 + Sensing bank 0: + Word 0x10000039: 00000000 00000000 Example to set mac address "12:34:56:78:9a:bc" @@ -443,11 +449,19 @@ Example to set mac address "12:34:56:78:9a:bc" Sensing bank 0: Word 0x00000039: 78563412 0000bc9a -3) next REBOOT, in the trace:: +3) Lock OTP:: + + STM32MP> fuse prog 0 0x10000039 1 1 + + STM32MP> fuse sense 0 0x10000039 2 + Sensing bank 0: + Word 0x10000039: 00000001 00000001 + +4) next REBOOT, in the trace:: ### Setting environment from OTP MAC address = "12:34:56:78:9a:bc" -4) check env update:: +5) check env update:: STM32MP> env print ethaddr ethaddr=12:34:56:78:9a:bc -- cgit v1.2.3 From 050fed8a974790f553b580f8e2cdb26181f875c1 Mon Sep 17 00:00:00 2001 From: Patrick Delaunay Date: Wed, 26 Feb 2020 11:26:43 +0100 Subject: stm32mp1: add 800 MHz profile support The STM32MP1 series is available in 3 different lines which are pin-to-pin compatible: - STM32MP157: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz, 3D GPU, DSI display interface and CAN FD - STM32MP153: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz and CAN FD - STM32MP151: Single Cortex-A7 core, Cortex-M4 core @ 209 MHz Each line comes with a security option (cryptography & secure boot) & a Cortex-A frequency option : - A : Cortex-A7 @ 650 MHz - C : Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz - D : Cortex-A7 @ 800 MHz - F : Secure Boot + HW Crypto + Cortex-A7 @ 800 MHz This patch adds the support of STM32MP15xD and STM32MP15xF in U-Boot. Signed-off-by: Patrick Delaunay Acked-by: Patrice Chotard --- doc/board/st/stm32mp1.rst | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc') diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst index ee42af6579d..b7a0fbfd035 100644 --- a/doc/board/st/stm32mp1.rst +++ b/doc/board/st/stm32mp1.rst @@ -25,6 +25,14 @@ It features: - Standard connectivity, widely inherited from the STM32 MCU family - Comprehensive security support +Each line comes with a security option (cryptography & secure boot) and +a Cortex-A frequency option: + + - A : Cortex-A7 @ 650 MHz + - C : Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz + - D : Cortex-A7 @ 800 MHz + - F : Secure Boot + HW Crypto + Cortex-A7 @ 800 MHz + Everything is supported in Linux but U-Boot is limited to: 1. UART -- cgit v1.2.3 From 9368bdfebde16368cdb642adbb12f9c871c94d63 Mon Sep 17 00:00:00 2001 From: Patrick Delaunay Date: Fri, 6 Mar 2020 11:14:11 +0100 Subject: ram: stm32mp1: the property st, phy-cal becomes optional This parameter "st,phy-cal" becomes optional and when it is absent the built-in PHY calibration is done. It is the case in the helper dtsi file "stm32mp15-ddr.dtsi" except if DDR_PHY_CAL_SKIP is defined. This patch also impact the ddr interactive mode - the registers of the param 'phy.cal' are initialized to 0 when "st,phy-cal" is not present in device tree (default behavior when DDR_PHY_CAL_SKIP is not activated) - the info 'cal' field can be use to change the calibration behavior - cal=1 => use param phy.cal to initialize the PHY, built-in training is skipped - cal=0 => param phy.cal is absent, built-in training is used (default) Signed-off-by: Patrick Delaunay Acked-by: Patrice Chotard --- doc/device-tree-bindings/memory-controllers/st,stm32mp1-ddr.txt | 2 ++ 1 file changed, 2 insertions(+) (limited to 'doc') diff --git a/doc/device-tree-bindings/memory-controllers/st,stm32mp1-ddr.txt b/doc/device-tree-bindings/memory-controllers/st,stm32mp1-ddr.txt index ee708ce92c7..ac6a7df4327 100644 --- a/doc/device-tree-bindings/memory-controllers/st,stm32mp1-ddr.txt +++ b/doc/device-tree-bindings/memory-controllers/st,stm32mp1-ddr.txt @@ -129,6 +129,8 @@ phyc attributes: MR3 - st,phy-cal : phy cal depending of calibration or tuning of DDR + This parameter is optional; when it is absent the built-in PHY + calibration is done. for STM32MP15x: 12 values are requested in this order DX0DLLCR DX0DQTR -- cgit v1.2.3