[U-Boot,v6,10/10] bootm: optee: Add a bootm command for type IH_OS_TEE

Message ID 1520959836-16105-11-git-send-email-bryan.odonoghue@linaro.org
State Accepted
Commit c225e7cf54fcad44902488f0d07bf362a477adf8
Delegated to: Tom Rini
Headers show
Series
  • Add new OPTEE bootm support to u-boot
Related show

Commit Message

Bryan O'Donoghue March 13, 2018, 4:50 p.m.
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
---
 common/bootm_os.c | 32 ++++++++++++++++++++++++++++++++
 lib/optee/Kconfig |  9 +++++++++
 2 files changed, 41 insertions(+)

Comments

Tom Rini March 19, 2018, 10:37 p.m. | #1
On Tue, Mar 13, 2018 at 04:50:36PM +0000, Bryan O'Donoghue wrote:

> This patch makes it possible to verify the contents and location of an
> OPTEE image in DRAM prior to handing off control to that image. If image
> verification fails we won't try to boot any further.
> 
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> Suggested-by: Andrew F. Davis <afd@ti.com>
> Cc: Harinarayan Bhatta <harinarayan@ti.com>
> Cc: Andrew F. Davis <afd@ti.com>
> Cc: Tom Rini <trini@konsulko.com>
> Cc: Kever Yang <kever.yang@rock-chips.com>
> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
> Cc: Peng Fan <peng.fan@nxp.com>

Applied to u-boot/master, thanks!

Patch

diff --git a/common/bootm_os.c b/common/bootm_os.c
index 5e6b177..b84a8e2 100644
--- a/common/bootm_os.c
+++ b/common/bootm_os.c
@@ -11,6 +11,7 @@ 
 #include <linux/libfdt.h>
 #include <malloc.h>
 #include <vxworks.h>
+#include <tee/optee.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -433,6 +434,34 @@  static int do_bootm_openrtos(int flag, int argc, char * const argv[],
 }
 #endif
 
+#ifdef CONFIG_BOOTM_OPTEE
+static int do_bootm_tee(int flag, int argc, char * const argv[],
+			bootm_headers_t *images)
+{
+	int ret;
+
+	/* Verify OS type */
+	if (images->os.os != IH_OS_TEE) {
+		return 1;
+	};
+
+	/* Validate OPTEE header */
+	ret = optee_verify_bootm_image(images->os.image_start,
+				       images->os.load,
+				       images->os.image_len);
+	if (ret)
+		return ret;
+
+	/* Locate FDT etc */
+	ret = bootm_find_images(flag, argc, argv);
+	if (ret)
+		return ret;
+
+	/* From here we can run the regular linux boot path */
+	return do_bootm_linux(flag, argc, argv, images);
+}
+#endif
+
 static boot_os_fn *boot_os[] = {
 	[IH_OS_U_BOOT] = do_bootm_standalone,
 #ifdef CONFIG_BOOTM_LINUX
@@ -466,6 +495,9 @@  static boot_os_fn *boot_os[] = {
 #ifdef CONFIG_BOOTM_OPENRTOS
 	[IH_OS_OPENRTOS] = do_bootm_openrtos,
 #endif
+#ifdef CONFIG_BOOTM_OPTEE
+	[IH_OS_TEE] = do_bootm_tee,
+#endif
 };
 
 /* Allow for arch specific config before we boot */
diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig
index cc73ec3..1e5ab45 100644
--- a/lib/optee/Kconfig
+++ b/lib/optee/Kconfig
@@ -28,3 +28,12 @@  config OPTEE_TZDRAM_BASE
 	help
 	  The base address of pre-allocated Trust Zone DRAM for
 	  the OPTEE runtime.
+
+config BOOTM_OPTEE
+	bool "Support OPTEE bootm command"
+	select BOOTM_LINUX
+	default n
+	help
+	  Select this command to enable chain-loading of a Linux kernel
+	  via an OPTEE firmware.
+	  The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case.