From patchwork Fri Jan 12 14:52:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859991 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bT718AK6"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5Xd42Bsz9sNw for ; Sat, 13 Jan 2018 02:00:49 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 40002C22285; Fri, 12 Jan 2018 14:59:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5E37CC22264; Fri, 12 Jan 2018 14:53:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 06514C22235; Fri, 12 Jan 2018 14:52:39 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id E42ECC22254 for ; Fri, 12 Jan 2018 14:52:35 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so12449047wme.0 for ; Fri, 12 Jan 2018 06:52:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J2uJEHxPZIbU+Nkj8LkePrwbhrJoGvTWxpQOxN7f7yI=; b=bT718AK6sMofjnRxrCoetqZO2QicC/0yHbiF/4BnE8ALBwV8QyrjUkALGE+Jyo7fBa N8h2vPWxUwEw+GPH35YAeRQ0aD0U8RcTaxknl435LGnYXyh2dmQjhN/mo9rk7U0U3ivH lFnM/Gzphoupq9Pwvq40SZYPZ9eASpsFEMhNY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J2uJEHxPZIbU+Nkj8LkePrwbhrJoGvTWxpQOxN7f7yI=; b=Z+snuFaebx95ITci+T1dhLx5DOsPNdpQHWm/qALxjRUNmPPd9bL3TkRvWL+kAsF6ru 770buFVohycMpfUbKRPeuSpPKyt3zYY4/kcCotYyFhLykciVmOLcWnUX68topqHGkbMp 166zAKuAV6iRuwXpG0v0z6jkQyXKhZNGZkAB/kywUrMS/QJbBUlECc+7wcgHnktpQSJs Koq16rR66TUG1PU5+Qzan9wMX6Vr2ajiWkfLB6DEaLFFT2p2YjaAVRcKnvceO+bYtA1q x7vLTPY5iP04ItyUjbmd9ACV6wNHG0+HcXsYS1RZ96Eu90zFPtbFMWj3RYr72JXkVwet xlPA== X-Gm-Message-State: AKGB3mIuRdoz9pfGWIsWRey7XvlyRZnNIjPazUQis6MWmoZYez44oBI/ S/xKhjC7oQ3gQWeNg4rLXqEWPGopAUQ= X-Google-Smtp-Source: ACJfBotyhSsEJMIwEgfFxPz2Etznxl85GFpqNJayay3mullbOAEONpejrNv5lGsjJKyCzeKg8wBH7w== X-Received: by 10.80.135.8 with SMTP id i8mr35226004edb.87.1515768755451; Fri, 12 Jan 2018 06:52:35 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:34 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:24 +0000 Message-Id: <1515768744-25246-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index 9493a30..38c1b0a 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break;