From patchwork Mon Feb 26 12:36:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 877828
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=linaro.org header.i=@linaro.org
	header.b="HkSy5m9N"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3zqhJx4Mtmz9s2h
	for <incoming@patchwork.ozlabs.org>;
	Mon, 26 Feb 2018 23:41:21 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id F2432C22104; Mon, 26 Feb 2018 12:39:15 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id D130CC22101;
	Mon, 26 Feb 2018 12:36:47 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id B32E8C220F4; Mon, 26 Feb 2018 12:36:21 +0000 (UTC)
Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com
	[74.125.82.66])
	by lists.denx.de (Postfix) with ESMTPS id 42810C22101
	for <u-boot@lists.denx.de>; Mon, 26 Feb 2018 12:36:17 +0000 (UTC)
Received: by mail-wm0-f66.google.com with SMTP id x7so14585725wmc.0
	for <u-boot@lists.denx.de>; Mon, 26 Feb 2018 04:36:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Sg/9G2VKYyJgNZJcoPcYPp5JqeuDxM5e98iOS84+4X8=;
	b=HkSy5m9NOBlDADWKXpkvbxshL5BZCzMfncROS0WnZlrjjVGcfuCTz7GuLPywfsWHCA
	2BcAPZFJoK2GyvUl17SoO1HlDMBA6OwOXs2HAfL9aUfPMgRt3vQIB1SRvSk9YxuJgcDI
	NY0YODkG5hrDTSvaAYB3V36TvoppN3TstjtZg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Sg/9G2VKYyJgNZJcoPcYPp5JqeuDxM5e98iOS84+4X8=;
	b=QTp0VIrbhsKM0rRcuonWHR/7sTnvxpP9rnxkvWQRZ/jf2vdI1bbrOh7Mwcpp8UMju9
	E7CeRnCQTUpKSfE+g1mBo77rshJzYM3Av9ZyNKrYdp9gc/+/xJ1YkYc7q8Gy09cS2HVQ
	qoO2om7hKXcesHUyRJ8/OZOyh7g73P+GKCoV+7hxuzHydXcyeVmOmnAXAowQknXz568H
	8+py5eWMHSgIYbsA5D6MYoWpOhkBMwlcsDsaZzmtzbeU6mGvYr9/Mqvsks1pofO/0oxM
	PKA54vj5Bp+Wk5u0qnegpa4PCL0MG3Am+zrUbRlkwThrUv5sWUbg9TKH/FwIw7OCeken
	79Jg==
X-Gm-Message-State: APf1xPAf5rfrbZk0sxqlWCeDGLiZ9EjGQu3rj3qAGYqCMuGaT/CryMDB
	RWyw0M9rIBj2X6VYy3k2c8QPrKEaqvs=
X-Google-Smtp-Source: 
 AH8x225R51ucvQptQyBK538jxA1MeObgiO3HWkgw2GQLQlWv8Kf2/DDH+CJWoAJG8+d0CeDOc6KZ+g==
X-Received: by 10.80.141.19 with SMTP id s19mr14387042eds.234.1519648576562;
	Mon, 26 Feb 2018 04:36:16 -0800 (PST)
Received: from localhost.localdomain ([109.255.42.2])
	by smtp.gmail.com with ESMTPSA id
	f6sm2493967edn.45.2018.02.26.04.36.15
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 26 Feb 2018 04:36:16 -0800 (PST)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com,
	kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com,
	peng.fan@nxp.com
Date: Mon, 26 Feb 2018 12:36:01 +0000
Message-Id: <1519648566-12061-8-git-send-email-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org>
References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org>
Subject: [U-Boot] [PATCH v4 07/12] tools: mkimage: add tee-bootable image
	type
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

This patch adds support for bootable TEE images to mkimage. Currently
there is a (Trusted Execution Environment) TEE image type, the TEE image
type is installed to a memory location control is passed to the TEE and
then the TEE returns to u-boot.

flow #0:
BootROM -> u-boot -> tee -> u-boot -> onwards

For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7
the boot flow is

flow #1:
BootROM -> u-boot -> optee -> kernel

This patch adds a new image type to mkimage -  IH_TYPE_TEE_BOOTABLE to
reflect this TEE boot flow and to facilitate additional OPTEE specific
verification of that image type - prior to handing control to that image.

The new image type enables us to more easily generate and validate a
bootable OPTEE image also, for example instead of generating an OPTEE image
like this:

mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d
./out/arm-plat-imx/core/tee.bin uTee

we can instead generate images like this:
mkimage -A arm -T tee-bootable -C none -d ./out/arm-plat-imx/core/tee.bin
uTee.optee

That OPTEE image then will have a specific image type that bootm can
automatically identify and consequently perform additional optee-header
checks on.

Subsequent patches add logic to perform those optee-specific changes prior
to handing over control as described in flow #1 above.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
Tested-by: Peng Fan <peng.fan@nxp.com>
---
 common/image.c        |  1 +
 include/image.h       |  1 +
 tools/default_image.c | 25 +++++++++++++++++++------
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/common/image.c b/common/image.c
index e9609cd..e7785ce 100644
--- a/common/image.c
+++ b/common/image.c
@@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = {
 	{       IH_TYPE_TEE,        "tee",        "Trusted Execution Environment Image",},
 	{	IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" },
 	{       IH_TYPE_PMMC,        "pmmc",        "TI Power Management Micro-Controller Firmware",},
+	{       IH_TYPE_TEE_BOOTABLE, "tee-bootable", "Trusted Execution Environment Bootable Image",},
 	{	-1,		    "",		  "",			},
 };
 
diff --git a/include/image.h b/include/image.h
index a2372de..d2c47ef 100644
--- a/include/image.h
+++ b/include/image.h
@@ -272,6 +272,7 @@ enum {
 	IH_TYPE_TEE,            /* Trusted Execution Environment (TEE) OS Image */
 	IH_TYPE_FIRMWARE_IVT,		/* Firmware Image with HABv4 IVT */
 	IH_TYPE_PMMC,            /* TI Power Management Micro-Controller Firmware */
+	IH_TYPE_TEE_BOOTABLE,		/* TEE Bootable Image */
 
 	IH_TYPE_COUNT,			/* Number of image types */
 };
diff --git a/tools/default_image.c b/tools/default_image.c
index 4e5568e..fc0b0c0 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -18,6 +18,7 @@
 #include "mkimage.h"
 
 #include <image.h>
+#include <tee/optee.h>
 #include <u-boot/crc.h>
 
 static image_header_t header;
@@ -25,7 +26,8 @@ static image_header_t header;
 static int image_check_image_types(uint8_t type)
 {
 	if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) ||
-	    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT))
+	    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) ||
+	    (type == IH_TYPE_TEE_BOOTABLE))
 		return EXIT_SUCCESS;
 	else
 		return EXIT_FAILURE;
@@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 	uint32_t checksum;
 	time_t time;
 	uint32_t imagesize;
+	uint32_t ep;
+	uint32_t addr;
 
 	image_header_t * hdr = (image_header_t *)ptr;
 
@@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 			sbuf->st_size - sizeof(image_header_t));
 
 	time = imagetool_get_source_date(params, sbuf->st_mtime);
-	if (params->type == IH_TYPE_FIRMWARE_IVT)
+	ep = params->ep;
+	addr = params->addr;
+	imagesize = sbuf->st_size - sizeof(image_header_t);
+
+	switch (params->type) {
+	case IH_TYPE_FIRMWARE_IVT:
 		/* Add size of CSF minus IVT */
 		imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
-	else
-		imagesize = sbuf->st_size - sizeof(image_header_t);
+		break;
+	case IH_TYPE_TEE_BOOTABLE:
+		addr = optee_image_get_load_addr(hdr);
+		ep = optee_image_get_entry_point(hdr);
+		break;
+	}
 
 	/* Build new header */
 	image_set_magic(hdr, IH_MAGIC);
 	image_set_time(hdr, time);
 	image_set_size(hdr, imagesize);
-	image_set_load(hdr, params->addr);
-	image_set_ep(hdr, params->ep);
+	image_set_load(hdr, addr);
+	image_set_ep(hdr, ep);
 	image_set_dcrc(hdr, checksum);
 	image_set_os(hdr, params->os);
 	image_set_arch(hdr, params->arch);