From patchwork Fri Jan 12 14:52:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859983 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="IKE5s3JK"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5My6Tsmz9sNw for ; Sat, 13 Jan 2018 01:53:18 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 89161C22289; Fri, 12 Jan 2018 14:53:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 00B36C22259; Fri, 12 Jan 2018 14:52:31 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0E485C21EE5; Fri, 12 Jan 2018 14:52:28 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 814FCC21C40 for ; Fri, 12 Jan 2018 14:52:27 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id v123so3176158wmd.5 for ; Fri, 12 Jan 2018 06:52:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=N7I4PVpqtvVU9VIdfSAsKFLf8JnTxbMXgLL8HfKeuVw=; b=IKE5s3JKWohUixj3pg1h+Ss7b5ZVkaqYSutloDcfbCTife25aUS+xGbS7d78SXCn5n CNIJwDtFWdINA2qfxxLkp9DCNwjeFKhkDjfJK5u7TfzmLjV7gep5pe027AxnaReq+Xrb FSmnHzR62QqGh+HgmgkM4gT/VP9UUXcylMjdY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=N7I4PVpqtvVU9VIdfSAsKFLf8JnTxbMXgLL8HfKeuVw=; b=rx5qght3MCnVoBFuij9CRpoVLYSl3EUW6FQE9TBkW1heOlHs4c2NDdKbRzNoZEDNrL H/FCtjfsdAOS5fqx4NLDbZecBF/O0LIizbBq0VdIJtV5puDnnWAdwQrmXIGAYV5aBiqC 8uMG0MBouVxhPOJxVmVJ5FtfiRGYVutDn4WqcAsUH3tS2VxSuUmJXaxoHD0ccKNKVg7q 66X10u8CQT8TnTxZzeyC5ZHDwWVzDaYO7pQGodQebbb529cHSc6DLtG0uMZ2PZx4GLU2 TbRFxllCrh3GdeGLsDN6S1p8rnyv7QD2lmj7/FzZTdP3FTGZ040QSXfL7xesGsHMCLpF LDbg== X-Gm-Message-State: AKwxyteJREkDOXH0/UCx9FqpmfBpXIy8d4N890gl6gTS3ls/bolg3C+q g95le4+2kkHg3JZi1lxkszgFemp5IRI= X-Google-Smtp-Source: ACJfBoupCOsZxmvENYHi06H93vOBdNwdMWCZ3vn0GQobl/6l4KzyJ2eTP2cjsd6h1ilvJy/x4BbeAQ== X-Received: by 10.80.181.15 with SMTP id y15mr12126902edd.29.1515768746984; Fri, 12 Jan 2018 06:52:26 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:26 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:16 +0000 Message-Id: <1515768744-25246-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 1/9] optee: Add lib entries for sharing OPTEE code across ports X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 35 +++++++++++++++++++++++++++++++++++ 6 files changed, 68 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index f447c53..5742fb7 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -278,5 +278,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 8cd779f..46813b6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..a6c856a --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if ((hdr->magic != OPTEE_MAGIC) || + (hdr->version != OPTEE_VERSION) || + (hdr->init_load_addr_hi > tzdram_end) || + (hdr->init_load_addr_lo < tzdram_start) || + (tee_file_size > tzdram_len) || + (tee_file_size != image_len) || + ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) { + printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " + "header lo=0x%08x hi=0x%08x size=0x%08x\n", + tzdram_start, tzdram_end, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, tee_file_size); + return -EINVAL; + } + + return 0; +} From patchwork Fri Jan 12 14:52:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859986 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YiQ3R0RG"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5P41m6Wz9sNw for ; Sat, 13 Jan 2018 01:54:16 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id D943CC2225B; Fri, 12 Jan 2018 14:53:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C9A6CC2222F; Fri, 12 Jan 2018 14:52:38 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 661E6C22235; Fri, 12 Jan 2018 14:52:32 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id CCC92C221F7 for ; Fri, 12 Jan 2018 14:52:28 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id x4so2726237wmc.0 for ; Fri, 12 Jan 2018 06:52:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=aYXdTCzKXseYVtYT78tukm7Z4v5wv7U0jYUlqgBVXhA=; b=YiQ3R0RG4ARoo8XF7EBR3Q9NzPfSBpwdbds6ZQGW3OItuM2FKeBJNUMe4mGyqMF6LS vhYZgbpRpWSl903a66jUWYYxej+qL/EuVfONg9+eretUelrxOx6owGjbYg/TZckbrQyS C6eH8DuvdDSXtZw/wL4lg+nUV0GFfuSeR8h/M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=aYXdTCzKXseYVtYT78tukm7Z4v5wv7U0jYUlqgBVXhA=; b=aaoJyHG0+C7XoQdtT8U10qGzuL46U16RPmA1/z7JhtIrYinw9b67YaC0/hsbDfWZfe ElYxfhRw1arXBJM/XrRRtmu/hTFx7QlOsgSVspBSQkT8XPnKo4SS+hstZezQE57J5mLC 5KGwV9j7FJrRi4+0I8gHBYeoyjgJ/S5dKaFNQj2XO9GhOu6q/CIT6c0qVabfTqMvJHWK YcNHnBJPJmIxklitMmWMpDIemx0N0/oB8Q19Fwy2QdlmUFvtTwZpVD05h3tsZ33nLqkt z66M2ahsfEHiVAVYwDtX5zM4sDjgOV0n1T9HI1ptFLzU9w6Flc0TZWNpGOTfBp+Rqh2B NHrA== X-Gm-Message-State: AKwxytdhlZAb6H4ISSqUm7wRUFqZ190xIplLgGyegYffx58Kog1Ruitf 6CZoXBOzvXk0tv/rR9wohUAXtujsNNo= X-Google-Smtp-Source: ACJfBovZyFjZPf86Q0csIhZs89a4By0WQCkRHZXifExg2Xx5lIFBdOkWAqD3shOR/Z96cEyI9hu16Q== X-Received: by 10.80.246.133 with SMTP id d5mr16866686edn.93.1515768748313; Fri, 12 Jan 2018 06:52:28 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:27 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:17 +0000 Message-Id: <1515768744-25246-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up. Further patches will use TZDRAM size and other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2e406fe..41c0ab7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,3 +6,11 @@ config OPTEE enable an OPTEE specific bootm command that will perform additional OPTEE specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x3000000 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. From patchwork Fri Jan 12 14:52:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859997 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="S2EU+6up"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5Yk73HXz9sNw for ; Sat, 13 Jan 2018 02:01:46 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 95875C2228B; Fri, 12 Jan 2018 14:59:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EB591C22287; Fri, 12 Jan 2018 14:52:57 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B67F4C22264; Fri, 12 Jan 2018 14:52:33 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id E0C2AC2223F for ; Fri, 12 Jan 2018 14:52:29 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id x4so2726307wmc.0 for ; Fri, 12 Jan 2018 06:52:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Q5wpH14sEGqzVnSzmLVUCgKcD/HmFjiL28cBIHj/5cg=; b=S2EU+6up78SVb2RNxrpw/phU9tJy8Vzx2BhCrbLf0NjhmXw8QEflQBYc8vs0wZ2+fe D3i10LHkpeIeqAIaEizCK69QJkMJgK3ld+LHCJPgn6e5Otz4bgy14u4JCdUiZlF3JGdX rgtNx49wrldMx2XOQQ4RRk7Nr5aakasnzRz6A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Q5wpH14sEGqzVnSzmLVUCgKcD/HmFjiL28cBIHj/5cg=; b=WXUrNSo/qMcBWWcME9bCxdzE8XPo136npP28yggKZXJGajQYV6K9IZJBxGKMqQwAZl b9bGzpiO9lKXet5PnbWrKI3JB1KfI4svJlRtbnUW8HyDxWBgkp8ywS9dK8LwWTpwjL2l 7vN+P/s5817bEW6N+mN8JNG+I/Tt9OeQAK8uhq0szi9NEv/NJWhp30pK4GOXDbO59Dnd 5dAlyphwe28Q+Y21PSa4anucmwmP7b7kuy2V+bmRqyzHBwqRRC0JiVB/zuF2NfI2V2KK J0f8u9W5FE4DU5CuClkHLgrptA1GwmdFr0r/pOv4jiiRWjH8Yt0IhDNcbeWTmEA5CGA3 DwwA== X-Gm-Message-State: AKwxyteGcW9l6bj/Su2T7I8ulnTFBdiTQRqhBLqSch6Hvkr49ZBUkywY 5/uWR3ea07EnYedHgq38Ym+8bulsmhM= X-Google-Smtp-Source: ACJfBos3QAJAK9baal7xZIMtsCukHtmAzfo7I+tFzyao63EGN5ebEK4vUq7G/6MQ0hFREH9p8T9AUg== X-Received: by 10.80.177.67 with SMTP id l3mr12795991edd.267.1515768749386; Fri, 12 Jan 2018 06:52:29 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:28 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:18 +0000 Message-Id: <1515768744-25246-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 3/9] optee: Make OPTEE_TZDRAM_BASE a mandatory define X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes OTPEE_TZDRAM_BASE a mandatory parameter. Subsequent patches will ensure that the region between OTPEE_TZDRAM_BASE and (OTPEE_TZDRAM_BASE + CONFIG_OPTEE_TZDRAM_SIZE) match the information given in the OPTEE header before handing off control to the OPTEE image when booting OPTEE directly via bootm. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/optee.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index a6c856a..6e55027 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -5,9 +5,14 @@ * SPDX-License-Identifier: GPL-2.0+ */ +#include #include #include +#ifndef OPTEE_TZDRAM_BASE +#error "OPTEE_TZDRAM_BASE not defined" +#endif + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { From patchwork Fri Jan 12 14:52:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859993 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Ir4N0lD+"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5Xs086Cz9t3H for ; Sat, 13 Jan 2018 02:01:00 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 8E33BC2224E; Fri, 12 Jan 2018 14:59:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8F794C2228D; Fri, 12 Jan 2018 14:52:59 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4AA5BC22261; Fri, 12 Jan 2018 14:52:34 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id D4292C22254 for ; Fri, 12 Jan 2018 14:52:30 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id i11so12291632wmf.4 for ; Fri, 12 Jan 2018 06:52:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4CR7G1kWHXAAr9VrTmFzsY6BTwMtYOZ2oY13f23vvlM=; b=Ir4N0lD+W8f6Xdl5gO7gj7AZNRiVfkMaZK2r9rJvRpYeOo4MoZqEIkId/MHmP7wVkt gj5UnzfTO8LJ6rachRcA12D7i8XSDApD8FHXfb613iYlMeo7r4Om+phDo3LX2eWiBXLf g16V6wP83SCpGhLurY3rDPUH7ph7qd9E7V7eA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4CR7G1kWHXAAr9VrTmFzsY6BTwMtYOZ2oY13f23vvlM=; b=CMjBfxzhAK+KxwzRAPR9/IA7ZulLwJ6b0q+bscPSqe4h1VpvcEN1xYSBCwGrAKKjq6 ivtjT2dhBR7NkCKL79GUeBhNYcQfcAMYHltSnwu6M3z7vs4Vvy8TboMN7ERJ62sx2BV0 JbzZ1Rhxh+1ylxWDxLOG6iEtD9MEMw8B5cPhjCF9CWlCNmj8FGjEzQWufamSArHsguet PP/ncwaCY34exJkj4Mn8OkHtQoc6YbuE6HAbSZC1RVJnmh8SiTydWAGc7y9Cw8zH5VYr YMgz2Iqsaf1PUZDorxYxDpbEaUe1QzbyeZgVyx9JG/enaE1XdW16CBKJSuT0kjpCpXwl mWvQ== X-Gm-Message-State: AKwxytcvCGIC5xdBx6dcg93e+GF2UZ+NIsFZbOCnEzdCZbWoWp5SrFmf gyxM6ltyVTn6l/LJ3h8tJAQjQRyoCbg= X-Google-Smtp-Source: ACJfBou31dGxL0ZPzOAnIF+4X0VIkjd7QxrFGxq3WQghjuiiY1OWyFmyvmBkmDpsSwIhkmMyG7/2QQ== X-Received: by 10.80.152.68 with SMTP id h4mr2452525edb.23.1515768750338; Fri, 12 Jan 2018 06:52:30 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:29 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:19 +0000 Message-Id: <1515768744-25246-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 4/9] optee: Add optee_image_get_entry_point() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Fri Jan 12 14:52:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859987 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dOQ7x61a"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5TC3QRVz9t3G for ; Sat, 13 Jan 2018 01:57:51 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 141D1C2225E; Fri, 12 Jan 2018 14:57:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EDD67C2226A; Fri, 12 Jan 2018 14:52:45 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 941AEC22271; Fri, 12 Jan 2018 14:52:35 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id C951CC2224B for ; Fri, 12 Jan 2018 14:52:31 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g1so12589306wmg.2 for ; Fri, 12 Jan 2018 06:52:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=LslhfyvRD0hlsaw/gphME8XZqPOst2lOMiZF+85gVc8=; b=dOQ7x61azDcfuA9scRFzkXTHiqxznvF5yYa9zrIrz8a6u8/dKwpa9wfPWhJY/XjIeB CmCtTYSTyWr8UN/DNZwv/aaz0BJu44aQf2b22zRnkAJcazZbROkScf8tvrL9ZpDxCpSW 3IaUb7D7yWPSXvkAo8EdlxRQud542Y+NPEBWw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=LslhfyvRD0hlsaw/gphME8XZqPOst2lOMiZF+85gVc8=; b=g6iHnafTvpQRij8Efh3rShqpM4+s79BJgYX6lxT8qShFzWzDVxoHjolndIQfiYODAh I2LW2JUaez4H2xf+GJ/xTp6Z31CLzuJeqqgn2ARJ0/lwGJOj/YsSVq0BZ4HpaozRFUKp zAOUnyya9X9Z3tE24Ve+uOOGjpZIivyhZFGAZQb2zGMF5QmUdEb4I3MrYmRKP+OUTNnz EQgW+FuTjqJiflXOVFzjDoRpLUJZn5gYEXwwiVnCFNJXDbEx0MlcBaDcgVLA6xm+8ocD St15FMeGMeW58TwC3eIl1Q5bvqgAHiHlYFaoK4UO4HF07MGlVkxqAdJe3YXBvmXuQNdS Kb7w== X-Gm-Message-State: AKGB3mKDrBgt7QcFXyaF8JVrHSgR8bUP1l4nMTarfLk4PviPmyM+SsnC Bj7Qp/yi4jLY1/TGGzDCfJsSzoUB1B0= X-Google-Smtp-Source: ACJfBou+GBn1nQfMB6NNMbH+naM1g22jc8YpG3ST4Nmvu501WuP6Ruwv72epciDLK+piFL+PNkaYLA== X-Received: by 10.80.174.67 with SMTP id c61mr35969921edd.121.1515768751324; Fri, 12 Jan 2018 06:52:31 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:30 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:20 +0000 Message-Id: <1515768744-25246-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 5/9] optee: Add optee_image_get_load_addr() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; } +static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Fri Jan 12 14:52:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859988 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="kkF71uf9"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5VQ6KdTz9sNw for ; Sat, 13 Jan 2018 01:58:53 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 91FA4C2223F; Fri, 12 Jan 2018 14:58:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id ED8DDC22283; Fri, 12 Jan 2018 14:52:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0B04AC22271; Fri, 12 Jan 2018 14:52:36 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id C0861C22261 for ; Fri, 12 Jan 2018 14:52:32 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id i11so12291809wmf.4 for ; Fri, 12 Jan 2018 06:52:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+AjnYS7CO+0XC96Z5+Mx+PyqTRgnT5RevNQ3wB8+yLE=; b=kkF71uf9DeBw/889VAPNwfsVNlG7yMOuZ0xUIfGdxZtXJcYQbkrW0tboYaJohtU0Df zjCNZxc0w10qrh7YuHnYMBiRXuTMlvk0RWBx6NT+mGzUhO0ZFI9vwxgw//QfOiGf+J1R kSuP6inH1VXgxRnGas0dyUYxDeU0OTfPHZDmk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+AjnYS7CO+0XC96Z5+Mx+PyqTRgnT5RevNQ3wB8+yLE=; b=o9mqsUB4kQmHAWZWZ3qEJ/9FibcIViEFr4WbOTNHQP5RLiKSVIm5U+jDDszIxVPrBZ b9IN2m4Ivq2G3TyaAgPrhiPfvqveFOXmxHrEh+FK4eq+jjNFiGqnUrA2Sbk8Fq5m9viY 7VKO1kHE+78yBhwvYqPGC5+UilCtRirlNpxKGpcd2POCHIMrYmb7gUivtjJ58JRBMQ3l jUQAJWj6EYfimkOl8WvK5Yqqou5u9LEi1BSFF4rCGSVP5gl8ofHiCX8C5JEc2k708XIg Y3l+XS3Yli8hWhkHrEFxFMuMHLv9S09FTad+RvujWyEP2V9/5TiAyTtYGNXWId1qqWom AwEg== X-Gm-Message-State: AKwxytcnxbGkpdfYFhZmLKHb/WUJnlhHXL/33iQivG44hpYRuA8HPK5b dQKVlUOvaCbZi/Fucf9axD+0TldXUp8= X-Google-Smtp-Source: ACJfBos2RIrpXgxkF14ampuydnwc28llOdPav7l2r4K/tFb46wq80+fdGCC2AJGR+laknU82eGzsmQ== X-Received: by 10.80.246.133 with SMTP id d5mr16866953edn.93.1515768752271; Fri, 12 Jan 2018 06:52:32 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:31 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:21 +0000 Message-Id: <1515768744-25246-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 6/9] tools: mkimage: add optee image type X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds support for bootable OPTEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location with u-boot continuing to own the boot process whereas the OPTEE image type defined here is a bootable image, which typically wants to live at a defined location in memory. Defining a new image type allows us to pull out the load address and entry point defined in the OPTEE header and having a separate image type lays the foundation for a subsequent patch to validate the OPTEE memory defined in a board-port matches the link location specified in the OPTEE bootable image. example usage: mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 25 +++++++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/common/image.c b/common/image.c index 4bcf6b3..381ef07 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC, "pmmc", "TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_OPTEE, "optee", "OPTEE Boot Image",}, { -1, "", "", }, }; diff --git a/include/image.h b/include/image.h index a128a62..9175624 100644 --- a/include/image.h +++ b/include/image.h @@ -271,6 +271,7 @@ enum { IH_TYPE_TEE, /* Trusted Execution Environment OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ + IH_TYPE_OPTEE, /* OPTEE Boot Image */ IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..5653933 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_OPTEE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_OPTEE: + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + break; + } /* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch); From patchwork Fri Jan 12 14:52:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859990 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="b/fvc6Xj"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5XG6q8Fz9sNw for ; Sat, 13 Jan 2018 02:00:30 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 9E6B4C22277; Fri, 12 Jan 2018 14:58:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D9D2AC2226D; Fri, 12 Jan 2018 14:52:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6BC7FC22277; Fri, 12 Jan 2018 14:52:37 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id DA90AC22250 for ; Fri, 12 Jan 2018 14:52:33 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id g75so12723299wme.0 for ; Fri, 12 Jan 2018 06:52:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0ucIUJGgY8p4jAHMKel7XlEPhJpmx9MAQOllS3lTJ78=; b=b/fvc6Xjgrg3IJbFEkJjHCWWzLw+I0ul7SJwmm9yge/m2a8w6A77m6kTg6FAMJbvPl 2SMDHvQA/ZfPD9T9wZ+jnPN4DY1nQj4zhKC/sK9oCvVYkW6YldIWPhXckFGz25cgkhap DHZRKfeYzB7Q/t4yY5cWB2JuQHS7A9w4BeGoY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0ucIUJGgY8p4jAHMKel7XlEPhJpmx9MAQOllS3lTJ78=; b=P8f2F9WHIRE++3tKnaityNyTChDBVFRCc8NSrEC3BDp043yl/Tiqpf7tF5aSz6qVGo NvpmUCYOQTleYgOIWno3JFf0q2H0dCcfIrAd/TKHlH6PyI89zfpUvJbCet79q6OfWF1h rC1aZtUiB4GWQKWqBQFLmL5f4xXPH6Zwoj+aJlykvaJUz/0HkZ1XjBbOf2bBxDIpyHKt yurtcx8nt0nybE5nTG45I0EwCE+JCG4xudQe5cVVnTExo12q1+8bUL3bN4w+SiR5oJWi xcz/blB2h+HiVXLdsuA2wDpYg7UN50mpSEuCsZLTBVW2YPYEumKHmPK5y1zgoYXiogy1 +5QQ== X-Gm-Message-State: AKwxyteE1BM5H3+tF9eeW8TXU7PpmxeleEEIeKoP72xOMdbZ50q+lser dUeCUNZsb4vfLG0g3KVgF+BKdKb+aDc= X-Google-Smtp-Source: ACJfBosFKV10ftRZsQjrnnCJzMggA3eRorfVLHkVZ0MOlEBkInV7rTeReK6tDBKnLClPab8qo0Fuig== X-Received: by 10.80.145.154 with SMTP id g26mr1679810eda.297.1515768753328; Fri, 12 Jan 2018 06:52:33 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:32 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:22 +0000 Message-Id: <1515768744-25246-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 7/9] optee: Add optee_verify_bootm_image() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 13 +++++++++++++ lib/optee/optee.c | 35 +++++++++++++++++++++++++++++++---- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 6e55027..36358f1 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,12 +29,39 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, (tee_file_size > tzdram_len) || (tee_file_size != image_len) || ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) { - printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " - "header lo=0x%08x hi=0x%08x size=0x%08x\n", - tzdram_start, tzdram_end, hdr->init_load_addr_lo, - hdr->init_load_addr_hi, tee_file_size); return -EINVAL; } return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + goto error; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { + ret = -EINVAL; + goto error; + } + + return ret; +error: + printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " + "header 0x%08x-0x%08x size=0x%08lx arch=0x%08x" + "uimage params 0x%08lx-0x%08lx\n", + tzdram_start, tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); + + return ret; +} From patchwork Fri Jan 12 14:52:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859989 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="VzNF/vAv"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5Vv6JNtz9sNw for ; Sat, 13 Jan 2018 01:59:19 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 8833CC21DC1; Fri, 12 Jan 2018 14:58:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id BEDB9C2227B; Fri, 12 Jan 2018 14:52:56 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 237F3C221C3; Fri, 12 Jan 2018 14:52:38 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id E3098C21EE5 for ; Fri, 12 Jan 2018 14:52:34 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id t8so12586083wmc.3 for ; Fri, 12 Jan 2018 06:52:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=p0eKO2Jm3VtHXGDoyvoV0e7QbLvZOpM/J/pCm1Ft/MA=; b=VzNF/vAvKiHtEYzSHWmx4V6I4QwKi4OxtYqBccAqTLyB7GPJ1faQirwWrRZ8PrxE13 7/FKNNdh4AzbnF/vKQ1k5h7knnwtbOuhIhklS8h6BBnRFVnNkgj+xg58ArXjJnUIhyC0 Psxcea2POKu11oy7hd9tPCluFgwUmRlc0feWM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=p0eKO2Jm3VtHXGDoyvoV0e7QbLvZOpM/J/pCm1Ft/MA=; b=K/t0W7Yo1rMdRj4Rns96s/7fiykSUCax3e41pDvEuaeblczdkSZ+ojZMC4OIE3N2SR ASCJXy+y19ZGyVIP9NaHV79hZR4fLQK3fulBTnPHEyMG41sg/q667HU0CW5FI2zw+Y74 pxzjhXuSzcCCSqpQWB3wfugqUAfOI1MyAEYPIDn7k9fimArSEky1tpW8pedGkXHEH7Q9 7DVSTVpwHjQ8V7IyxCcp1rt8o4kE9HKaCiYkeeT4Bgz31MWm6EWcaIWn0cFPsfkt4vQc iDbBpxFy4LbfjkcsCzv36cs6iTHeIFhYikPY5RAcmfFScdNZH/l8xeMCaGxUDcTsCWeM Gk3Q== X-Gm-Message-State: AKGB3mKXYwDkE9ALAQ7HGvnNeUoyEoE87QkfIfFW6EzPQ+K+gNtv7N7c fDNyylU5LTPtxvsmlO0uiyEhWHmQ7Y4= X-Google-Smtp-Source: ACJfBotX30o2bKwxL5rwlVKI7hKDWNJJ1485m+D24mK1RvZ62JKV4Vez0OVo9XvuK8rqenLNdMZUFw== X-Received: by 10.80.180.236 with SMTP id x41mr37104633edd.241.1515768754429; Fri, 12 Jan 2018 06:52:34 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:33 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:23 +0000 Message-Id: <1515768744-25246-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 8/9] optee: Improve error printout X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" When encountering an error in OPTEE verification print out the address of the header and image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/optee.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 36358f1..8c4e7fe 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -56,10 +56,12 @@ int optee_verify_bootm_image(unsigned long image_addr, return ret; error: - printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " - "header 0x%08x-0x%08x size=0x%08lx arch=0x%08x" - "uimage params 0x%08lx-0x%08lx\n", - tzdram_start, tzdram_start + tzdram_len, hdr->init_load_addr_lo, + printf("OPTEE verification error:" + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" + "\n\tuimage params 0x%08lx-0x%08lx\n", + hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, image_load_addr + image_len); From patchwork Fri Jan 12 14:52:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859991 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bT718AK6"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ5Xd42Bsz9sNw for ; Sat, 13 Jan 2018 02:00:49 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 40002C22285; Fri, 12 Jan 2018 14:59:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5E37CC22264; Fri, 12 Jan 2018 14:53:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 06514C22235; Fri, 12 Jan 2018 14:52:39 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id E42ECC22254 for ; Fri, 12 Jan 2018 14:52:35 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so12449047wme.0 for ; Fri, 12 Jan 2018 06:52:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J2uJEHxPZIbU+Nkj8LkePrwbhrJoGvTWxpQOxN7f7yI=; b=bT718AK6sMofjnRxrCoetqZO2QicC/0yHbiF/4BnE8ALBwV8QyrjUkALGE+Jyo7fBa N8h2vPWxUwEw+GPH35YAeRQ0aD0U8RcTaxknl435LGnYXyh2dmQjhN/mo9rk7U0U3ivH lFnM/Gzphoupq9Pwvq40SZYPZ9eASpsFEMhNY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J2uJEHxPZIbU+Nkj8LkePrwbhrJoGvTWxpQOxN7f7yI=; b=Z+snuFaebx95ITci+T1dhLx5DOsPNdpQHWm/qALxjRUNmPPd9bL3TkRvWL+kAsF6ru 770buFVohycMpfUbKRPeuSpPKyt3zYY4/kcCotYyFhLykciVmOLcWnUX68topqHGkbMp 166zAKuAV6iRuwXpG0v0z6jkQyXKhZNGZkAB/kywUrMS/QJbBUlECc+7wcgHnktpQSJs Koq16rR66TUG1PU5+Qzan9wMX6Vr2ajiWkfLB6DEaLFFT2p2YjaAVRcKnvceO+bYtA1q x7vLTPY5iP04ItyUjbmd9ACV6wNHG0+HcXsYS1RZ96Eu90zFPtbFMWj3RYr72JXkVwet xlPA== X-Gm-Message-State: AKGB3mIuRdoz9pfGWIsWRey7XvlyRZnNIjPazUQis6MWmoZYez44oBI/ S/xKhjC7oQ3gQWeNg4rLXqEWPGopAUQ= X-Google-Smtp-Source: ACJfBotyhSsEJMIwEgfFxPz2Etznxl85GFpqNJayay3mullbOAEONpejrNv5lGsjJKyCzeKg8wBH7w== X-Received: by 10.80.135.8 with SMTP id i8mr35226004edb.87.1515768755451; Fri, 12 Jan 2018 06:52:35 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:34 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:24 +0000 Message-Id: <1515768744-25246-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index 9493a30..38c1b0a 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break;