fix(plat/st): apply security at the end of BL2

Now that the DDR is mapped secured, the security settings (TZC400 firewall) have to be applied at the end of BL2 for the OP-TEE case. This is required to avoid checskum computation error on U-Boot binary, for which MMU and TZC400 would not be aligned. Change-Id: I4a364f7117960e8fae1b579f341b9f140b766ea6 Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
author: Yann Gautier <yann.gautier@foss.st.com> 2021-08-16 11:58:01 +0200
committer: Yann Gautier <yann.gautier@foss.st.com> 2021-08-17 09:10:51 +0200
commit: 99080bd1273331007f0b2d6f64fed51ac6861bcd (patch)
tree: 7e3002a2eabc4e0a91cf146b9fb30be2ae4c4925
parent: 391828923fdd846ebc41745b72343b2a0b6a7204 (diff)
download: arm-trusted-firmware-99080bd1273331007f0b2d6f64fed51ac6861bcd.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 3e179fbbf..b4c42fc06 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -153,8 +153,6 @@ void bl2_platform_setup(void)
 
 #ifdef AARCH32_SP_OPTEE
 	INFO("BL2 runs OP-TEE setup\n");
-	/* Initialize tzc400 after DDR initialization */
-	stm32mp1_security_setup();
 #else
 	INFO("BL2 runs SP_MIN setup\n");
 #endif
@@ -384,4 +382,9 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
 
 	return err;
 }
+
+void bl2_el3_plat_prepare_exit(void)
+{
+	stm32mp1_security_setup();
+}
 #endif
author	Yann Gautier <yann.gautier@foss.st.com>	2021-08-16 11:58:01 +0200
committer	Yann Gautier <yann.gautier@foss.st.com>	2021-08-17 09:10:51 +0200
commit	99080bd1273331007f0b2d6f64fed51ac6861bcd (patch)
tree	7e3002a2eabc4e0a91cf146b9fb30be2ae4c4925
parent	391828923fdd846ebc41745b72343b2a0b6a7204 (diff)
download	arm-trusted-firmware-99080bd1273331007f0b2d6f64fed51ac6861bcd.tar.gz