From patchwork Tue Jan 23 20:41:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865028 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XmBomCOh"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0cV0B6wz9s82 for ; Wed, 24 Jan 2018 07:43:05 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id AD6A8C22177; Tue, 23 Jan 2018 20:42:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C4B8AC22114; Tue, 23 Jan 2018 20:42:06 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 202C3C21E65; Tue, 23 Jan 2018 20:42:04 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 9F0D0C21C51 for ; Tue, 23 Jan 2018 20:42:03 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id v71so4470732wmv.2 for ; Tue, 23 Jan 2018 12:42:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mq2x97of2VAHB4zGwZvHJss122SOJ8tl4fM4NvU4R8k=; b=XmBomCOhPqOSbHNti9Z6I5sATKdhDWxqxvXgIMz0raBptcdTJei+rZ7S9O+oHEFKoy dLHxD3vH5QrksmXdvpa+P6u6xvzDJdbKq9mAPTtHO8iDwqCQIna5oU9wPsozROdKEdOF e2ciC+M8vIHIZICOLdXTYqaMuc0Z0vamYZr6A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mq2x97of2VAHB4zGwZvHJss122SOJ8tl4fM4NvU4R8k=; b=LXGpjbcbEqRsfJz18S+GQgUUSLmyDaAeGdZLwJC+02dCVLn6h7JlAqZuWXwz/nq/UP YZQH0IWDU2TVrTJNGXdmy9ne5etzseSZl8iMTw93q5tWF0SPDeoqfudfbaMzRtsjIWwj lBUv5ZIt4Fa91iwtTgyrMpL+R6yP+sOXljuBXzGgmKmSZgxsO2aFixkX7itlkJ6bhzG1 kyom/gdX+m8n8adVU+aqexIiNwbhBvIDNQLSkbm52gxhr5V6cDA1xe11VqCVSOlwmyGV xS9Si9LgglvniDgg2rhanL8G17YjmJQG5gi7mPY7HvKPG4mRAsjtBAIItnBcAd1sApgV ZZ2w== X-Gm-Message-State: AKwxytckbn2o2n1PGhm8btomWaSBmMjs8BTZcZnCRMFCgrIlAjux5GU+ a76KtrUpufPZr8bIWT9RSPlJDK0DtOY= X-Google-Smtp-Source: AH8x224m1upvB1ZK7XHhE7N/NeKLQ/NIx7AgdyriZhNvH7MsfS+K66qaEP3lpIDc14SZeUtrXUufgQ== X-Received: by 10.80.200.139 with SMTP id d11mr20988813edh.199.1516740123127; Tue, 23 Jan 2018 12:42:03 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:02 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:52 +0000 Message-Id: <1516740120-948-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 1/9] optee: Add lib entries for sharing OPTEE code across ports X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 31 +++++++++++++++++++++++++++++++ 6 files changed, 64 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 00ac650..2077f9c 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -288,5 +288,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 8cd779f..46813b6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +} From patchwork Tue Jan 23 20:41:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865030 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="N9p+B2h9"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0k45qZ1z9s9Y for ; Wed, 24 Jan 2018 07:47:56 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 5FFB1C21F53; Tue, 23 Jan 2018 20:47:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id AD31AC22176; Tue, 23 Jan 2018 20:42:18 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C4BE9C22167; Tue, 23 Jan 2018 20:42:08 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id ED8A2C21EE5 for ; Tue, 23 Jan 2018 20:42:04 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id j21so15083458wmh.1 for ; Tue, 23 Jan 2018 12:42:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=YNK1Wntmes7j8la0QK0jKrehDGZdNJdBUpWJaSzYxl0=; b=N9p+B2h9LvbFv5YQ9dBEtV9q7A/1zOg0q0rBSk1Q5JpjYDEUudZs8mkXcvzPfvpVJN rAQooGtDsSngQaXaKrvXlyqpHx/uQzk7gTp9um+tvqCh7mBPIvSeUMt9+VB0t9kI/jsl 3A5YXWXdkrnxkUfYn+ETPOdmho81tedC7RfgQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=YNK1Wntmes7j8la0QK0jKrehDGZdNJdBUpWJaSzYxl0=; b=kT50GtgcEzLF7VaLykv+KwKT7yAWhXUOO426V84P/SXF8+pA9ZbCZ80XbTSL6Mt0Ov gz8XuschGjE6/mS8lJ+gzjd5D8U0S2qTl4noToTK89rOEPxoEzrukSeXklQyZNFOqlyb DLDcMrYv/iLo0YkSisd412bAx1CCzplrQIoMXwC/aaba6UxsGJ3EAP7PJW0jEdpcLVfM R/QDIbj4Myx3EtFBqfKn/TjQR18SIr2V0n2Xo/6ANM5y5kSPeX59a48Goo2blpC7yDG6 Xkw2lT6/8ln9Kk2xHSb2vJ0fB193pyGI5VPpjDajxEVK9gmb3TltchEiAESuxXnWElk7 lXMQ== X-Gm-Message-State: AKwxyteGZITTuHtLO9usjvAuyWptHoCgYVXARuEtVvJFqoVoJmL29t8k mDV3hEO2jv7nCBEnfTNcXBlqjiEM5m0= X-Google-Smtp-Source: AH8x2265aKV0o1LvTgPk6rJ9yd2D/ClJqj7JL+zUYtsBbBdhIH1Ix6X6MULQE5DIod78A4Jj/nOzKA== X-Received: by 10.80.155.90 with SMTP id a26mr20954367edj.290.1516740124396; Tue, 23 Jan 2018 12:42:04 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:03 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:53 +0000 Message-Id: <1516740120-948-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up. Further patches will use TZDRAM size with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2e406fe..41c0ab7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,3 +6,11 @@ config OPTEE enable an OPTEE specific bootm command that will perform additional OPTEE specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x3000000 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. From patchwork Tue Jan 23 20:41:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865029 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="SFFqcCow"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0hr1xMmz9s82 for ; Wed, 24 Jan 2018 07:46:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E1619C21F10; Tue, 23 Jan 2018 20:46:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id A5820C2215F; Tue, 23 Jan 2018 20:42:12 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2B218C21EBD; Tue, 23 Jan 2018 20:42:09 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 144D8C21F10 for ; Tue, 23 Jan 2018 20:42:06 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id v71so4470898wmv.2 for ; Tue, 23 Jan 2018 12:42:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=D3sScOBXVrDfJK8H51bDHqCJRdkVs9+Z4uICV0VXhv0=; b=SFFqcCowd21OSm9Q2Z7cw/ki70lj5CPOvsf6hpqI0FKU0tYLk0SmGvDPjMZS/7b0dy SRLsNAvLsNvkrqMZSLbvTSERPWkNRtj9C+5Dxy5f77cdiHUvvcofKEGahtvOfozAFaKA Wq3BcAzeO0OhJx1cMQBSGiEJQrO7dGHpl7CUM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=D3sScOBXVrDfJK8H51bDHqCJRdkVs9+Z4uICV0VXhv0=; b=HUMcvFYw8MOb/5QMWKQTojs5PGXLu+miTDc5cHXHS6IbWJbg3zVXObFBzkepaQlD/i b2dIfYPwRBZXLlYgHGdnOjuTe8FMSHxaPJpI6cUlfOyGpjXUiatvX+Poov7XighaF1qj Ol1FRE0eSxNP2nvmFWINI5fOeGidBiLeuie+NjDYGll8/VUaAvqRpVcfJ+k68FYTxRUe kkMpeevGtR5U5/tgCleS97DzGzqWX+rwSPKUQI8lINGqT7Xf8dkYE55iz01ZvKwOwMoH PrrRRQ5YfPFHK+P4hKXeWHaJUnd4GVmg+KNaTORtOiVTf7W25j4xLy/QF9WfoNg/oocX rajA== X-Gm-Message-State: AKwxytfbwjvesRUQEj23aJ8k+qKvicuZpuJazC918R6BZ+4wqewLQpTX 1PKfH4R9mUlVvF12nKzEswpF+yqc4bo= X-Google-Smtp-Source: AH8x226vtMbs9lGzxj9dFG5HWcPt1jwtLE092Rv7MUQxREgmw06hMSBiPfCwfaD2mKjRSa4dnrA4fw== X-Received: by 10.80.170.69 with SMTP id p5mr21541590edc.10.1516740125444; Tue, 23 Jan 2018 12:42:05 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:04 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:54 +0000 Message-Id: <1516740120-948-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 3/9] optee: Add CONFIG_OPTEE_TZDRAM_BASE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default address of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM address specified in the OPTEE build and the TZDRAM address specified in U-Boot match-up. Further patches will use TZDRAM address with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 41c0ab7..a3b7332 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -14,3 +14,11 @@ config OPTEE_TZDRAM_SIZE help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. + +config OPTEE_TZDRAM_BASE + hex "Base address of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x9d000000 + help + The base address of pre-allocated Trust Zone DRAM for + the OPTEE runtime. From patchwork Tue Jan 23 20:41:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865031 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="UJoyebHN"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0lJ2MMDz9s82 for ; Wed, 24 Jan 2018 07:49:00 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id EDAF0C21C51; Tue, 23 Jan 2018 20:47:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 72E78C2215A; Tue, 23 Jan 2018 20:42:21 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 7DAB0C22153; Tue, 23 Jan 2018 20:42:10 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id F2DC1C21EE3 for ; Tue, 23 Jan 2018 20:42:06 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g1so4344172wmg.2 for ; Tue, 23 Jan 2018 12:42:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HehyfLwBiGL7w0M1GQgZW2L7CjFJl409qccQ+xCD/gQ=; b=UJoyebHNghzbybRljl+Cq7+f8/RMcc1Qdmbe/p8Zh3eQbk6neWHYSqmbEcLGQ0n3r1 YugAC9/9nIgrQxHkyGaZm5l5MtOc+ENhEkHqDoofrlFHZOqghJAAdVuzszb3Gxy8Pm4/ 5ihFbZVodCS1Zoidje0q7jJ5eZ6mSYDFwqm6E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HehyfLwBiGL7w0M1GQgZW2L7CjFJl409qccQ+xCD/gQ=; b=Q3E79fTOSgy5SBcW7ZEz2YpxQR7d/lCVoTAmUuaAf4PqroQcr6iDzI8tRsaeY5fA4U j1inhKGDnFHXt6dIqgA0CnExNN4QAyMLXl/QifiR1JsxyZC/qhM4o4+XWVEWJnBH6kjo zSlZMTr5lNO0Ly6DNt4wU84Gk/jPoUbz92Xj3GjPpzgPhOB+5K3L5rqRyJvzx/ZtOPvg kuWyzo47p/3/BvEEQsrwxBxkhNjc/6ioNQAz+bve59ktdxqKL0ZBIeOEB33tetIt9oCm zqcD7K8RdK9mnaWFXIpwmZ3K17JfzE5xi/5GMHc4NskqfHxCXKrc+bPV5IAexrMr+yrz AT/g== X-Gm-Message-State: AKwxytcmG/Ri4yYooPcXnLUa8SQkXxcanMc3G5GpeRsxp0tIx6vfnmat 9b12qDi+sFygYSIc33Gorzb+dpHr5l0= X-Google-Smtp-Source: AH8x225RR9y1BVx8u96To82GTwWqaunkgpoAsN6kzEGIof7uJ6qOhGlyM4M8t90rJnZ21E8tn6PCWw== X-Received: by 10.80.182.203 with SMTP id f11mr20777521ede.157.1516740126486; Tue, 23 Jan 2018 12:42:06 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:05 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:55 +0000 Message-Id: <1516740120-948-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 4/9] optee: Add optee_image_get_entry_point() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Tue Jan 23 20:41:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865033 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="eS61+qIH"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0n12XrYz9sBW for ; Wed, 24 Jan 2018 07:50:29 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 07896C21F10; Tue, 23 Jan 2018 20:48:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 2F4F8C22174; Tue, 23 Jan 2018 20:42:25 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2B717C22174; Tue, 23 Jan 2018 20:42:11 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 079DCC21E8B for ; Tue, 23 Jan 2018 20:42:08 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id j21so15083615wmh.1 for ; Tue, 23 Jan 2018 12:42:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jd7TJ8ToMThI42VzCdFxxuucXAuvkiPJC/i5sG6S6nU=; b=eS61+qIHPhZBSVeolTgs6DJCE2CE323G9NaJXWzCJj2BklJ0jAjzryQ7iAHMLNJkif kildMst/uq6u6Q0UHpev63R55VTUgkCabcr5cGynP1HLFrTunrS/h6b2ZTo2HSTDTMuS I6p6QQ+NMxEFIbLzI+HQhIXTLKMzaNR0JiXcs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jd7TJ8ToMThI42VzCdFxxuucXAuvkiPJC/i5sG6S6nU=; b=DZzFP3gPaqXyV51tuLXjtPS1gScEoBgz7+SZ/YILjCF7U0C3OnVJKt7raGh6/In6yL wUpVOv/xHpYTTo40c6YawSZf+aelfh+0hlxz2c3VxTx3SwanSL4oHFBEuWyog/oSoC9k Msi32vD21K6iRVeW7pZI/W/JPVC7owN2GdicPGjD1rVaX14urIwBqbxUh6/2KVi7Z8PX de7jsaOFSOhQCD+tSMOm4OpjUCqJOiY1CwtGMR1d/ecA+uD/LH33uiSk9NELS7O6XCxa Xh9RQFrxujdurd/qAdvZIL1OFtpnyObSnFhsTcvseAucmMH4dNDv5CXLbp1iEuvxcetg XePQ== X-Gm-Message-State: AKwxytem98LaVm3oCPaVzf0rpMQT25vPNAJehjfioIs1kQAWDDd2GSD4 yR2z3YLgTw+VU109tKvtgLBp7PBGNqc= X-Google-Smtp-Source: AH8x226dmVM06qw4sqSZ/fbsc3QqIL6sYQ7moldz/Ks/FoMZUQI6hLTGOFKP4RPXdHG/O+EPNFCh6w== X-Received: by 10.80.147.72 with SMTP id n8mr20968726eda.189.1516740127536; Tue, 23 Jan 2018 12:42:07 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:06 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:56 +0000 Message-Id: <1516740120-948-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 5/9] optee: Add optee_image_get_load_addr() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; } +static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Tue Jan 23 20:41:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865032 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dzD6+3ey"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0lb5jkWz9s82 for ; Wed, 24 Jan 2018 07:49:14 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id A0F8CC2216C; Tue, 23 Jan 2018 20:47:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 44C70C22179; Tue, 23 Jan 2018 20:42:22 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6C8B3C22160; Tue, 23 Jan 2018 20:42:13 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 8BE98C21EE5 for ; Tue, 23 Jan 2018 20:42:09 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g1so4344387wmg.2 for ; Tue, 23 Jan 2018 12:42:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nZLw3mP/xgWiSiLqJ0KItknB7hCpsJZZRf40m9E2M/8=; b=dzD6+3eyVxB+S4G2ctczVaCJh07F5WhnMdmi4tD/GM/+tvrXeopdOpzq8aS0g+qJCk OTG0RekLtX/HFdOzD8gZKsKyIql9ZzMHhEDsf2/XVJFxUVSKrkHFO45mttGoq6YyGY+T CB+sYsZjYsiM4nw2DUSJ46gp8XQmArAEsNa1U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nZLw3mP/xgWiSiLqJ0KItknB7hCpsJZZRf40m9E2M/8=; b=DBUMBT4t5WP2prHdOAxym9g+p1EyA7eBy/XLhch/BHyrXDktgzHZVc+7gU+wReB+K5 DD3/a27Tx9ZH6IzIF+X6qB3XRuP3Hzv72OtsDX5OIaq+bxF0Jc3GsaGPM0iouNuEEgl2 rRTdvwbMHC2B6waWUacVeT3dWZhxDHt1vCjE9NeC8SXT4ELSNoVMKoIs9MVfuBu4qO+q GNwaByxTYj1ovAmhH+/3K07J33gS4vV8ZtdBzRpg5Yyc7v3/IDor5NkoAqEVHs8+W/o7 +RYGlVL+Jk8G5fulKR7RQr0gsQHymATQOCbPBuSlb7kb3tg+LlGVRTOaFAK6ky6SgCPX xgFg== X-Gm-Message-State: AKwxyteFZ+3nTq/WV9PldmNvkkLMKq67HbEC4b9A+TRr05TYHhck2eAx bK3oVLN5mmikIOLYw7kZ6lku9G4rNvA= X-Google-Smtp-Source: AH8x225lZWyXaEHwUBBPy+xHRxvugRf47uN1oaHnG2gl8itpp06xaX3wICjoleC3Ec7tOWvmXkp0FA== X-Received: by 10.80.142.25 with SMTP id 25mr5132360edw.127.1516740128744; Tue, 23 Jan 2018 12:42:08 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:08 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:57 +0000 Message-Id: <1516740120-948-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 6/9] tools: mkimage: add optee image type X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds support for bootable OPTEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location control is passed to the TEE and then the TEE returns to u-boot. flow #0: BootROM -> u-boot -> tee -> u-boot -> onwards For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7 the boot flow is flow #1: BootROM -> u-boot -> optee -> kernel This patch adds a new image type to mkimage - IH_TYPE_OPTEE to reflect this TEE boot flow and to facilitate additional OPTEE specific verification of that image type - prior to handing control to that image. The new image type enables us to more easily generate and validate a bootable OPTEE image also, for example instead of generating an OPTEE image like this: mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d ./out/arm-plat-imx/core/tee.bin uTee we can instead generate images like this: mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That OPTEE image then will have a specific image type that bootm can automatically identify and consequently perform additional optee-header checks on. Subsequent patches add logic to perform those optee-specific changes prior to handing over control as described in flow #1 above. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Link: http://mrvan.github.io/optee-imx6ul Tested-by: Peng Fan --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 25 +++++++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/common/image.c b/common/image.c index e9609cd..14e738b 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC, "pmmc", "TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_OPTEE, "optee", "OPTEE Boot Image",}, { -1, "", "", }, }; diff --git a/include/image.h b/include/image.h index b2b23a9..0b72d28 100644 --- a/include/image.h +++ b/include/image.h @@ -272,6 +272,7 @@ enum { IH_TYPE_TEE, /* Trusted Execution Environment OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ + IH_TYPE_OPTEE, /* OPTEE Boot Image */ IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..5653933 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_OPTEE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_OPTEE: + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + break; + } /* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch); From patchwork Tue Jan 23 20:41:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865036 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="SAUUU9pA"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0pL0Gyqz9s7F for ; Wed, 24 Jan 2018 07:51:37 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id B4C7AC2214C; Tue, 23 Jan 2018 20:48:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EEBC5C22160; Tue, 23 Jan 2018 20:42:27 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 65EADC2214A; Tue, 23 Jan 2018 20:42:21 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id A22C1C2212C for ; Tue, 23 Jan 2018 20:42:10 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id t74so4370536wme.3 for ; Tue, 23 Jan 2018 12:42:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Sebbz03t3iaTy+2et9QKnZ7ab4Axd/fkQ6N9N9AZVPk=; b=SAUUU9pAkZJpe8nEyfyM87zUcDcq6PIADDZQAqoExHeAwWhxPoeXvGdQGJ8JIw2Anb R3bRY3wh4PAa8xXoKz3cVmqcJElMndg/L7acmACM/ZiNNJ3S80YdM+rbY3BLRrAAWT+J cguhHjCvfkKpyXOTMxaWPJjXBaB7uGfoL0wJk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Sebbz03t3iaTy+2et9QKnZ7ab4Axd/fkQ6N9N9AZVPk=; b=YnYIWlEfwUkwa9tOim2fZ1ONlJ1Aps/d555QyRthspsr5lecNyZL/+87xx0q9yLZo6 1J5i9GWZO8tr1Ljwjyy2riV+2LjAuq59z8sJCzDIT8HqptjP3YjgR7tomqC8dAUVa1u4 BsNyUGFUGHFlDEPxAiyuV+CgVNDwheCtfemvo9KdwE9VQpsQaUS2FLWUze3Ow/fy1vON c7Q/lMf3fPzRdMgC4L2ukI9IOdAevEG5rJPxnJNOQJ3hml8tYI0ic12bUBOV3/+RXpXe 48qgT2D94sQtQCydaMrbSWV18vzJPmw8iqUSFKf61OMe5y0XeGJjoCrOtdSsX2g8bhvp 6p0g== X-Gm-Message-State: AKwxytf/7NFlICXsK7iUkFHtoysaAwcNcvAKkh2eaUssri4srLTH8qaF +ZYslJP2bY+heURPQCBey7EBbnAkKy0= X-Google-Smtp-Source: AH8x227n7GqgPS15hgCkSvme9OHaCd/YAJuhBGYd4X+LZK9Pm+8b3oFric6RTGKwGGSs2BnTThW9Dg== X-Received: by 10.80.146.240 with SMTP id l45mr20659029eda.125.1516740130079; Tue, 23 Jan 2018 12:42:10 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:09 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:58 +0000 Message-Id: <1516740120-948-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 7/9] optee: Add optee_verify_bootm_image() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 13 +++++++++++++ lib/optee/optee.c | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 2cc16d7..365c078 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,3 +29,23 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + return ret; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + ret = -EINVAL; + + return ret; +} From patchwork Tue Jan 23 20:41:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865035 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="LxL2XJAp"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0nM1fNdz9s82 for ; Wed, 24 Jan 2018 07:50:47 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id D7D9BC21F0A; Tue, 23 Jan 2018 20:48:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id B0A12C2214E; Tue, 23 Jan 2018 20:42:36 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3D1D0C2217F; Tue, 23 Jan 2018 20:42:34 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id A8315C220EC for ; Tue, 23 Jan 2018 20:42:11 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id 143so4326144wma.5 for ; Tue, 23 Jan 2018 12:42:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=9l4y29YT9GA9C87v2s0KMfjVt7b/wQv5HyUsRKb+Koc=; b=LxL2XJApdITdh9c7JEk4mFzi9ajBpB0Y7QuByqIGiqFf53mL9ZAaSnEcQdHiUk2TOr mfJuj8WEGw1fdzNFsgOvXPWntVsy45Cs8I7ocUZSPWLbHUVxMdMdjm4XEPAuJAhriesT MdKvC6O8zJmUc5/IXIkghJVR9gb4o9UtQEJTk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9l4y29YT9GA9C87v2s0KMfjVt7b/wQv5HyUsRKb+Koc=; b=YhKaFrNk0zoKi795c2HT3IKFwqlDBgDvCI3CEtDIRuxvBm9D6vD68ZTbPgZxSqlFok Vcq+bfoahWSSpKXjxMSI/VkXFWgdSTqhYg0Bqol6kSuxZfZeIAxGi3BQvg4pGk+QZvt7 f+YYz/HhN8vSQ3XnYEEkvHEc4X1ctJ9otsb2gfS1PAGlNTnlk+Dlt+TxMKCXxq+7t+eJ M8jyFp2FPc+zhpdjclm6W2QpnxkO9UBI1PfmvS9tz9HDn0X/O9WNKCypp7BsIQ3Ua/pr BSCAx5TodwSebewtCLYokBzHSmMmgrfb3ptMW8vD0ij0rfRzZCAXSOhJ3jRy+hrwaR6T c0MQ== X-Gm-Message-State: AKwxytf+V3uUC+CEKaIFGPkw5kfw7kSqoGOuZZGfSSGRERyiPRHF0pHt Lmn0xT5+iNGgzmFW8m91NFxo5QfqQ5c= X-Google-Smtp-Source: AH8x226Pt/cFvaIjCqx0AED7aRfB6akpDmZWk5O8pr6VzEapH23t+BUe7D+hvVZm5pV9ItYsKy3W/Q== X-Received: by 10.80.153.150 with SMTP id m22mr21299249edb.303.1516740131177; Tue, 23 Jan 2018 12:42:11 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:10 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:41:59 +0000 Message-Id: <1516740120-948-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 8/9] optee: Add error printout X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/optee.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 365c078..78a15e8 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -8,6 +8,12 @@ #include #include +#define optee_hdr_err_msg \ + "OPTEE verification error:" \ + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \ + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \ + "\n\tuimage params 0x%08lx-0x%08lx\n" + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { @@ -42,10 +48,19 @@ int optee_verify_bootm_image(unsigned long image_addr, ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); if (ret) - return ret; + goto error; - if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { ret = -EINVAL; + goto error; + } + + return ret; +error: + printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); return ret; } From patchwork Tue Jan 23 20:42:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 865034 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ioDqTrXV"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zR0nL61PFz9s9Y for ; Wed, 24 Jan 2018 07:50:46 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 90A08C21E8B; Tue, 23 Jan 2018 20:49:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 52912C220EC; Tue, 23 Jan 2018 20:42:39 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5BBF5C2217E; Tue, 23 Jan 2018 20:42:34 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 3A894C22111 for ; Tue, 23 Jan 2018 20:42:13 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id x4so23627631wmc.0 for ; Tue, 23 Jan 2018 12:42:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VfQzZRzM3DQYXdLJBCX//TaVWV5MboWeZdKPbCHr1qE=; b=ioDqTrXVEyzukAhpse+1nKQrVnEReJhXg0VtAwDKJGmhC5YnySpIIQ9oRxtENAzBoe YpNsdN0PDbLfCmVu31ypVYF2gCREUiPhid9sh3cI14EnP81ytJ82WxoebABT8xwVMLdg ITlSODsRSCiV4PJ/yIP/J4v7uPqSqp/o+n36Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VfQzZRzM3DQYXdLJBCX//TaVWV5MboWeZdKPbCHr1qE=; b=JkWiwnDBZBpFRXLaPRzk8s1s8t370yTYvs/al6lmracdW4RDtq3GUpsTd1pSBxQlyw Rnj9VesVCdoGp15gBeaKuNDM3Gx44BS1XHVhCVOOXzJZhW56LC6nsXsF9JHzds2ViCV/ DQuhIuKaG3ofiIML/oCaF3aoqlPS0AKI9lKqYzzZxwDjL7P+1zm7QuVEgPm7+8KYPuPZ isF7lTMhxVCzBISQ65GMCQv8KZztO0GcnA1aAo1NEmKY8ILCL137PM0c8u2R1dd//YJm 9kZPxcmR5rr7LpQrdzQNnR/anPrZx+q07hZFOrxQrWIlhJyE3K2+DGT45RXD9t/Ohifr LQ/g== X-Gm-Message-State: AKwxytd0UpqIneTZcSYdSGEkXQ5rKHEAEkJlZOxT8nfRpA6cy07akXDX uCN46D9xa3z/NHdj6WZFu90Wlc5MPJM= X-Google-Smtp-Source: AH8x2270GhN/WXVD0qC9646CWcxllumb0i7AoNdljeFD8pXTjhJK7lULE536MzbdvzOb9HQTcuZcAg== X-Received: by 10.80.159.175 with SMTP id c44mr21178171edf.136.1516740132578; Tue, 23 Jan 2018 12:42:12 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:11 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:42:00 +0000 Message-Id: <1516740120-948-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index adb1213..d528844 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break;