[U-Boot,9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot

Message ID 1515768744-25246-10-git-send-email-bryan.odonoghue@linaro.org
State Deferred
Delegated to: Tom Rini
Headers show
Series
  • Add new OPTEE bootm support to u-boot
Related show

Commit Message

Bryan O'Donoghue Jan. 12, 2018, 2:52 p.m.
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
---
 common/bootm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

Patch

diff --git a/common/bootm.c b/common/bootm.c
index 9493a30..38c1b0a 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -19,6 +19,7 @@ 
 #include <lzma/LzmaTypes.h>
 #include <lzma/LzmaDec.h>
 #include <lzma/LzmaTools.h>
+#include <tee/optee.h>
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif
@@ -201,6 +202,12 @@  static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
 	if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
 		images.os.load = images.os.image_start;
 		images.ep += images.os.load;
+	} else if (images.os.type == IH_TYPE_OPTEE) {
+		ret = optee_verify_bootm_image(images.os.image_start,
+					       images.os.load,
+					       images.os.image_len);
+		if (ret)
+			return ret;
 	}
 
 	images.os.start = map_to_sysmem(os_hdr);
@@ -275,7 +282,8 @@  static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 {
 	if (((images.os.type == IH_TYPE_KERNEL) ||
 	     (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
-	     (images.os.type == IH_TYPE_MULTI)) &&
+	     (images.os.type == IH_TYPE_MULTI) ||
+	     (images.os.type == IH_TYPE_OPTEE)) &&
 	    (images.os.os == IH_OS_LINUX ||
 		 images.os.os == IH_OS_VXWORKS))
 		return bootm_find_images(flag, argc, argv);
@@ -827,6 +835,7 @@  static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 		switch (image_get_type(hdr)) {
 		case IH_TYPE_KERNEL:
 		case IH_TYPE_KERNEL_NOLOAD:
+		case IH_TYPE_OPTEE:
 			*os_data = image_get_data(hdr);
 			*os_len = image_get_data_size(hdr);
 			break;