From patchwork Fri Mar 9 16:55:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 883800 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="H3Dc4KqH"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zyYZ73rK1z9s9h for ; Sat, 10 Mar 2018 04:01:35 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 3C873C21DA2; Fri, 9 Mar 2018 16:58:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D8497C21E02; Fri, 9 Mar 2018 16:56:01 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8C332C21DE8; Fri, 9 Mar 2018 16:55:50 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 8CBE2C21E16 for ; Fri, 9 Mar 2018 16:55:45 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id z81so5077302wmb.4 for ; Fri, 09 Mar 2018 08:55:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=d5KjfEUORjyISKTpuQcNlTyiwnPfxFREMPPYPXtco5M=; b=H3Dc4KqH3mc00vytpNon1of1avr39M3PxfN+SKUS4n5L198DrV71RlSs8VHZfNP5mr OYzSjG4dOl+K+s4Zye27c580H+7529rcndG5NgCLyVUduEVTuNXW5tLskCmaslxzh6H9 0yKlQ94Xm9HHst5a7SPKUrS+VNTwtQfoqRIWA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=d5KjfEUORjyISKTpuQcNlTyiwnPfxFREMPPYPXtco5M=; b=JMGd5LTR43WulqC8mSl3OYpvqUtiUDhX+0AcrYpXMUls7q+ZCZMeznYw2r1/ANdvOS hXI+n2X1AF+QSiQ8lsADhYP3g7YYnb43tX15g73pPuBy6k5Q08cJIczOnee/VSmov47N coDdOg6+HUlt9xDik1pDrfCSY/3ZqCJuqbv/GN0UzjN28Re4YUW5c1jaHrArry78uhYX 902Qn+LDnXKb7X3bwHQct5U+mVFd4l2FG6PYTzVoIjb4cbQ25NQGXndGDH1mXYxqcSge vYWYRRaBfIOEkjeeNOyJrD0ZG8++v5Itw8O9UDkybuqoJAmzdVvHyHNLUDXuu61eAlwu /zKQ== X-Gm-Message-State: APf1xPBNQd5YEO9q7YThc7iMn0P6d2zpQkuXyca+J4+efcRYJrGIv/Mi +qKODV4vUBf+Cp1MaHOu1lyFbkd33Ws= X-Google-Smtp-Source: AG47ELs46l18PQEvFlMFGDCRHYp5m7dbarL+SeusXMWbVCwlUu7GyP3rHP0NNkI1uz3ehHVW1HIXyw== X-Received: by 10.80.182.71 with SMTP id c7mr38338074ede.57.1520614545005; Fri, 09 Mar 2018 08:55:45 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id e40sm960335ede.15.2018.03.09.08.55.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Mar 2018 08:55:44 -0800 (PST) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Fri, 9 Mar 2018 16:55:31 +0000 Message-Id: <1520614531-2164-11-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520614531-2164-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520614531-2164-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v5 10/10] bootm: optee: Add a bootm command for type IH_OS_TEE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Suggested-by: Andrew F. Davis Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- common/bootm_os.c | 32 ++++++++++++++++++++++++++++++++ lib/optee/Kconfig | 9 +++++++++ 2 files changed, 41 insertions(+) diff --git a/common/bootm_os.c b/common/bootm_os.c index 5e6b177..cddf98e 100644 --- a/common/bootm_os.c +++ b/common/bootm_os.c @@ -11,6 +11,7 @@ #include #include #include +#include DECLARE_GLOBAL_DATA_PTR; @@ -433,6 +434,34 @@ static int do_bootm_openrtos(int flag, int argc, char * const argv[], } #endif +#ifdef CONFIG_BOOTM_TEE +static int do_bootm_tee(int flag, int argc, char * const argv[], + bootm_headers_t *images) +{ + int ret; + + /* Verify OS type */ + if (images->os.os != IH_OS_TEE) { + return 1; + }; + + /* Validate TEE header */ + ret = optee_verify_bootm_image(images->os.image_start, + images->os.load, + images->os.image_len); + if (ret) + return ret; + + /* Locate FDT etc */ + ret = bootm_find_images(flag, argc, argv); + if (ret) + return ret; + + /* From here we can run the regular linux boot path */ + return do_bootm_linux(flag, argc, argv, images); +} +#endif + static boot_os_fn *boot_os[] = { [IH_OS_U_BOOT] = do_bootm_standalone, #ifdef CONFIG_BOOTM_LINUX @@ -466,6 +495,9 @@ static boot_os_fn *boot_os[] = { #ifdef CONFIG_BOOTM_OPENRTOS [IH_OS_OPENRTOS] = do_bootm_openrtos, #endif +#ifdef CONFIG_BOOTM_TEE + [IH_OS_TEE] = do_bootm_tee, +#endif }; /* Allow for arch specific config before we boot */ diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index cc73ec3..1e5ab45 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -28,3 +28,12 @@ config OPTEE_TZDRAM_BASE help The base address of pre-allocated Trust Zone DRAM for the OPTEE runtime. + +config BOOTM_OPTEE + bool "Support OPTEE bootm command" + select BOOTM_LINUX + default n + help + Select this command to enable chain-loading of a Linux kernel + via an OPTEE firmware. + The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case.