From patchwork Tue Mar 13 16:50:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885284 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="i99BL84v"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 40119F3qLDz9sTH for ; Wed, 14 Mar 2018 03:52:01 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E774FC21D4A; Tue, 13 Mar 2018 16:51:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 008C5C21DDC; Tue, 13 Mar 2018 16:50:44 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id BFF8EC21C8B; Tue, 13 Mar 2018 16:50:43 +0000 (UTC) Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) by lists.denx.de (Postfix) with ESMTPS id 55A4EC21BE5 for ; Tue, 13 Mar 2018 16:50:43 +0000 (UTC) Received: by mail-wr0-f195.google.com with SMTP id f14so763117wre.8 for ; Tue, 13 Mar 2018 09:50:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Lzxdlo82gHbbDckSk9ZPGjw6g4zxoV7d0gNuIaKRog4=; b=i99BL84vX5scWFCTuSxT/uBwTfrFGxZFbwtJWEdRseB/iYJvz7m1TuC8RKnVKFitHr fjTf/M/8Hn7avmZ7R4h2AfM4tSVVbYtUzBzBKnqnX2O1cNNOYPvH15jd/ISxCyqm1ZOb ShC2oS2CbbSEsXPifwZkZs4eM3BgoKYfCLBu4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Lzxdlo82gHbbDckSk9ZPGjw6g4zxoV7d0gNuIaKRog4=; b=SXcwfBYaC51GQrN80gwQBTlo9P3r9EX7dRxFBh4Tr0OSwDPKV/pQEVxJd8G0GgZM01 PDtBM/Zg2t7AJ0h1pBOtGTkRKPLioD1EElSTT+lPpmC0ShVr70Jst5zkECsD1ar1AQ25 viBAlMpF3llYb/O4O0uB4P1HbIqZgRXSdR283lckfhIh9uSfwkydg+limRrmZLnB57o+ AfthAhEysMdosbYRpRpmcjbTNGHV3kazTFyxvUlAYu30zsArcLJpgW0EHFTN0b2wPU49 RgpDx0dxrw8tzDEjlXPgw5If8XCJIVCkSlnKckKJOG7W1hOY7dDR33xM28x+yk1j88Xv aegg== X-Gm-Message-State: AElRT7EIe6KlGRwqXIUXtXcpEMALG9ArIhg0/AVgGtH3OpDVvQHVu4hW ZniRSW2UUfE7Gy5CrG41RthajV7DO6s= X-Google-Smtp-Source: AG47ELvTi5d3XbO8U0M7icwlSbGLLZYPCDUCmAvN/kyz2ewen2Sde8s24DHaimrB6ZfYECHlEHWkFQ== X-Received: by 10.80.147.21 with SMTP id m21mr1584790eda.175.1520959842770; Tue, 13 Mar 2018 09:50:42 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:42 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:27 +0000 Message-Id: <1520959836-16105-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 01/10] optee: Add lib entries for sharing OPTEE code across ports X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 31 +++++++++++++++++++++++++++++++ 6 files changed, 64 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 4fd41c4..a4029a6 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -310,5 +310,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 0db41c1..35da570 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -18,6 +18,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +} From patchwork Tue Mar 13 16:50:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885288 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Ho1ro5ye"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011Bx3jtGz9sDX for ; Wed, 14 Mar 2018 03:53:29 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 2E6A0C21C8B; Tue, 13 Mar 2018 16:51:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E9AD3C21E13; Tue, 13 Mar 2018 16:50:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E6409C21E1E; Tue, 13 Mar 2018 16:50:47 +0000 (UTC) Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) by lists.denx.de (Postfix) with ESMTPS id 5D7EFC21D4A for ; Tue, 13 Mar 2018 16:50:44 +0000 (UTC) Received: by mail-wr0-f193.google.com with SMTP id o1so742370wro.10 for ; Tue, 13 Mar 2018 09:50:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=YNK1Wntmes7j8la0QK0jKrehDGZdNJdBUpWJaSzYxl0=; b=Ho1ro5yevrPJgjzwtHvyeXOXuTfa6H5dcoriT6wZ9695ISVGJf7KS+WLS7+RA31Ond lQqsV9hLiTb33Qt7/hK7iSSWDdJH5ZQL60H9FdBbK/mMd+58KrDHXmGZQWDEZijuIfuF D4ax9jyqHtvanRmQALChquWrzj4pk83ILaLa0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=YNK1Wntmes7j8la0QK0jKrehDGZdNJdBUpWJaSzYxl0=; b=oz8rLFyjK+nZMCPVW24lFRNStu2HLEdlJ+JhNQ2fMb53iMUnPbUfOwKQ+fnsjmIJWS ieixHDIqxd23TSD/BRIOCfKbAjB9tHN/T6LsRyeHYtxB6bOnidv9kuWveZLk6gbc+JYV S/bxKrSaoUOI2P6d3NbUj14shBnIC5Sor0iWTNzt7xQchMytF6QXzfgC9sRKebQkEBEZ YUqc/LJcaX/Ovmb1moI8qUI8pYIQLXZ9CleEKCOlU/4VpEOaBeEkjHsfLfdzAcKc6y0D jD4nJxPcgfgyT4+l1501CR64m0XO8zWrCBL43kDaT6gPALfkK9HrdD1tG0If4uUy9s3+ Udzg== X-Gm-Message-State: AElRT7GK3js72AoImumI6WJ4E58nsSac+UQCaXUMWnZlR8m4LKKScKXS R/wrzBBp2ciFR+Gi1JiI5v0NnX0hSFE= X-Google-Smtp-Source: AG47ELtqauszbJgzOOJKVhzfLQAuU5G6rNESz4np16s51Qr+0KQm/a0XKed7XLKdWHi7BUbQCqNfTQ== X-Received: by 10.80.186.81 with SMTP id 17mr1596481eds.107.1520959843847; Tue, 13 Mar 2018 09:50:43 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:43 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:28 +0000 Message-Id: <1520959836-16105-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 02/10] optee: Add CONFIG_OPTEE_TZDRAM_SIZE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up. Further patches will use TZDRAM size with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2e406fe..41c0ab7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,3 +6,11 @@ config OPTEE enable an OPTEE specific bootm command that will perform additional OPTEE specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x3000000 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. From patchwork Tue Mar 13 16:50:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885291 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZcnDFSTa"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011Dc1MCdz9sTG for ; Wed, 14 Mar 2018 03:54:56 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id DA7CEC21E08; Tue, 13 Mar 2018 16:52:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 006F6C21E0B; Tue, 13 Mar 2018 16:50:58 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8A32FC21DFF; Tue, 13 Mar 2018 16:50:51 +0000 (UTC) Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) by lists.denx.de (Postfix) with ESMTPS id A1EA5C21DFF for ; Tue, 13 Mar 2018 16:50:45 +0000 (UTC) Received: by mail-wr0-f195.google.com with SMTP id k3so769300wrg.6 for ; Tue, 13 Mar 2018 09:50:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=JqMardwNHUiMRBwjh6/JFvFB6M2jc+0V4mjRrdamGCA=; b=ZcnDFSTalB6pde0gAbcRaXyWY3JvsWQdDKM4x456DSJx04Wke+imbwiPbX+Pc9PGTG 7bsI3p+p4urhSXB4palwRgo2HFoQCyxGgCKypj5QgxIjvLKEVVz03/5jsaic9+2J6k/U 7DCFuu0pooT2Tzljv00x7kntAmATIr02JD4BY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=JqMardwNHUiMRBwjh6/JFvFB6M2jc+0V4mjRrdamGCA=; b=BirOeRLym34vRm2rJBsUaZ9aNtXEh6uEFl5aKt0AR9RdKwuJTUR0eMOVN+tV+6rhYD 819MGSmAXI8WV3mMbDPWlekzsehnsnQplV+vfRqBBoWYjAVSUKSwR4qF6dcUjqQC2vLh q05YePIifAMA/99vvKt6rGBCN/EUh0SCH1K87WsLWxrpidQtJkLgoImejmJM3pQ+ji8F rv5ScHggCHd2pg6dK4cbql0BiqZGu9Qkj7cckAgVad2gl+U1ESHaoBQZPmz1HRjIjG42 DOrDFiPbDYtJ9adilXLat34EdIWyCaUJSZrCGQ2ilPzbmL2thojQm1gFjuPNtYB/8HRF 2HFQ== X-Gm-Message-State: AElRT7FmY+zapgayrSNjf6knqtVHnX4KT2d4shP5rvnm7QKZs5SYUKZ3 tCN/p8MWrB4SuMxI2sU3BVh5QQCiFGs= X-Google-Smtp-Source: AG47ELspKtUAqBBJcb21F2LrlB1UCJhx6TbxthuGnfxGGEmpSmBKNk2JsXqXeLLTblYvsq+v566xwQ== X-Received: by 10.80.201.76 with SMTP id p12mr1592940edh.199.1520959845116; Tue, 13 Mar 2018 09:50:45 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:44 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:29 +0000 Message-Id: <1520959836-16105-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 03/10] optee: Add CONFIG_OPTEE_TZDRAM_BASE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default address of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM address specified in the OPTEE build and the TZDRAM address specified in U-Boot match-up. Further patches will use TZDRAM address with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 41c0ab7..a3b7332 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -14,3 +14,11 @@ config OPTEE_TZDRAM_SIZE help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. + +config OPTEE_TZDRAM_BASE + hex "Base address of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x9d000000 + help + The base address of pre-allocated Trust Zone DRAM for + the OPTEE runtime. From patchwork Tue Mar 13 16:50:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885287 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="DUcQVVh4"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011Bp2Svqz9sDX for ; Wed, 14 Mar 2018 03:53:22 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E8E3AC21E1E; Tue, 13 Mar 2018 16:51:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 07505C21E3A; Tue, 13 Mar 2018 16:50:58 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C2CB0C21E38; Tue, 13 Mar 2018 16:50:52 +0000 (UTC) Received: from mail-wr0-f196.google.com (mail-wr0-f196.google.com [209.85.128.196]) by lists.denx.de (Postfix) with ESMTPS id 2372DC21DD3 for ; Tue, 13 Mar 2018 16:50:48 +0000 (UTC) Received: by mail-wr0-f196.google.com with SMTP id r8so836612wrg.0 for ; Tue, 13 Mar 2018 09:50:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=gofIoIyd6njEV/Ghcjl9yXszp/sNxHv0hZ0QSMrCCkw=; b=DUcQVVh4UYPy/ILPg8CDwe7oKUp2VX5JGDlwfLWYdDB1+vz54P7Hs/EzMbe3IXFSwK 9YW3N9lO3plbNmWk7gbdXmTdpS6Cuw7ZW0235imLq8LQO6fFLLGeL9DjQWFD2UB7cJDn 09xPE2WGSYOtkc9BDjNDpPMcbMuiXy+v8JcJc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=gofIoIyd6njEV/Ghcjl9yXszp/sNxHv0hZ0QSMrCCkw=; b=QRaa+WvYinkjrZvezpD9sK1IrrdT3FCxOVI9EBs9AqSFUJ+u28qc2Kt5ISBAJwqUTh wB6CoImTuLY68EbZ99eQDKNwNriz8z8mY8HLmKVKzKWHnXV+2TR7L28cJH19ddW2vz/Y yp/q2Dw9Fq7NUqbu0V3zva18cFn5kE+ipPdAtbEpy1x0FVDnSmIruvs4Fg4FlQMTCsmm X58DZnBsoaoq93jbHZE/TS+q5HFbBZRA1jqDHMcJ+W2BVSnF2RHzHlGlqQ4Ld5c5DSW4 pD4nR8B+b0Wx3IA8GVUINp626vfU4WL0XwGAhMPtAmsShFepbOHmeSdkkOIOXuBQemPy yM8A== X-Gm-Message-State: AElRT7G+up/ERAbjw7wuWtPHaLAuDSc/nvzHp60BwGznoIhkbTDt/ouP SgSiLc82ljKeazL5he3qjcLps6GVOtI= X-Google-Smtp-Source: AG47ELuovQwydJX/eNwtZZWFDuFry/saU5jiRONRYvx4JZep6GGScM/pMACkuHQqpybj5FNodx1nfA== X-Received: by 10.80.143.99 with SMTP id 90mr1575653edy.65.1520959847567; Tue, 13 Mar 2018 09:50:47 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:46 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:30 +0000 Message-Id: <1520959836-16105-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v6 04/10] optee: Add CONFIG_OPTEE_LOAD_ADDR X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE binary into memory prior to handing off control to OPTEE. We need to pull this value out of u-boot in order to produce an IMX IVT/CSF signed pair for the purposes of secure boot. The best way to do that is to have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg. Adding new CONFIG entires to u-boot should be kconfig driven so this patch does just that. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- lib/optee/Kconfig | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index a3b7332..cc73ec3 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -7,6 +7,12 @@ config OPTEE OPTEE specific checks before booting an OPTEE image created with mkimage. +config OPTEE_LOAD_ADDR + hex "OPTEE load address" + default 0x00000000 + help + The load address of the bootable OPTEE binary. + config OPTEE_TZDRAM_SIZE hex "Amount of Trust-Zone RAM for the OPTEE image" depends on OPTEE From patchwork Tue Mar 13 16:50:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885297 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JGKZt0my"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011Fv4FMWz9sTX for ; Wed, 14 Mar 2018 03:56:02 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 45DE0C21E2B; Tue, 13 Mar 2018 16:52:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EEC04C21DD3; Tue, 13 Mar 2018 16:51:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6A6FEC21D72; Tue, 13 Mar 2018 16:50:54 +0000 (UTC) Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) by lists.denx.de (Postfix) with ESMTPS id 1BA1EC21C8B for ; Tue, 13 Mar 2018 16:50:49 +0000 (UTC) Received: by mail-wr0-f193.google.com with SMTP id d10so808251wrf.3 for ; Tue, 13 Mar 2018 09:50:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HehyfLwBiGL7w0M1GQgZW2L7CjFJl409qccQ+xCD/gQ=; b=JGKZt0myK1JWf9Nrv6qUxZjmgM0U5FmG/pzcFRSghIhlGt4NJCohP9R3ppo2lMR49N NH4nHHzzlF9zVZtNwcIg4PeNUp9Win8pALG9rcSTTkly0oKdt28EXmIenCze49PNpSjj l/CENyQi4EoOrUckg4W4+VrYYyakthXeVyPkc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HehyfLwBiGL7w0M1GQgZW2L7CjFJl409qccQ+xCD/gQ=; b=FXAkDR1dv5SHSLq0OXCb8Daib6WGPVw+v8ofqWd2465jIYxv8jZxL2CuZVskEAqoRU AZ+Z2wGT7TJiZw8Ipyh3rU06QnJI1F8dQJoV4JTG3Ovzw/oSkEPImH9lto03hTaHrcM6 mYU3cAjsqEJor6jBFHjSY4hcRRh2nzq7RPKIiJiBSHBJBnWkVOqqWdwRDf57zSeldJMT 49SAf8Iju7fExCcPhUIKAWSoQNJy4NkpRgTZvhW/3PXB6pweADAoZlQPCp2nt5ToNjZh pK8mZZ7o8b4X6nzWMPkI7LeDiT/oTUStVSgdhCmWPREl9nY5DdMI87pnC/DVKatHf17j y98A== X-Gm-Message-State: AElRT7HfaqS2DQ1PZQGRo4sSIbCly4dKIPZX4I/XHCF05kKFpg9+d4aT MmZXPe2PpKwr3kR1ydee+F9+Ymj9AV0= X-Google-Smtp-Source: AG47ELu8Thx8/7/x41wP24c1ZJkK+JmFD3jPo3m1ytmPTUuHXp9G2HDWhnAhgnBDb2/8R+U+M3K2Cw== X-Received: by 10.80.213.150 with SMTP id v22mr1622777edi.58.1520959848606; Tue, 13 Mar 2018 09:50:48 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:48 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:31 +0000 Message-Id: <1520959836-16105-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 05/10] optee: Add optee_image_get_entry_point() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Tue Mar 13 16:50:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885294 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HTWtLs1n"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011FC4nbHz9sTH for ; Wed, 14 Mar 2018 03:55:27 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 5081EC21DB6; Tue, 13 Mar 2018 16:53:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 51125C21DFF; Tue, 13 Mar 2018 16:51:12 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C1E0DC21DFF; Tue, 13 Mar 2018 16:50:54 +0000 (UTC) Received: from mail-wr0-f194.google.com (mail-wr0-f194.google.com [209.85.128.194]) by lists.denx.de (Postfix) with ESMTPS id 701D3C21DB6 for ; Tue, 13 Mar 2018 16:50:50 +0000 (UTC) Received: by mail-wr0-f194.google.com with SMTP id v65so733533wrc.11 for ; Tue, 13 Mar 2018 09:50:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jd7TJ8ToMThI42VzCdFxxuucXAuvkiPJC/i5sG6S6nU=; b=HTWtLs1n6iwMLzulW+KiKUk3KLpdkPy3dVs3fT13dDmogORClbCJatO5KmY85b7WyX qC1JAxCWtj8584LcMqkb6QDKVL0nuzaAhfqS5fKOXzKH3BAtuncObqaGIrx9tzghjVTu sx+ZIR16FICizmQvX/5pGO8MEIDDuVTs3jodg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jd7TJ8ToMThI42VzCdFxxuucXAuvkiPJC/i5sG6S6nU=; b=RWO4Zi6mpd+Act4Om9bEvZvXgB4zvsV5CQ9q7Cil/olQPA3uK7YI9m0XuscRjdSK79 jkD7Bw3IJlAqpwp/TIf5CtozNQXheZMTQP0GKpjSG/uW3ukSqWjQZuiRtEgpCviyqHu3 oFIS2vZM1CcwMS0O872QCDdNHhKVHRYEasnS3kS6/a0dOT1u5qT7fhsvUEc6xOIrjx3C WxjCiX38U4M9BwZNDmEN6n2KJwbxY7C9njM3g3cDhHRPter9HI1MEghoTSRLF6dSdqTX Noon3CuN/IZX5Rn2ghnmyij29Csum2UsWqHY38X3CjJVqvSSDDD+BV9vMN9v9ZvtaN+d HGWQ== X-Gm-Message-State: AElRT7GNvTTV5RFbUPVhxdpD9V2ntKUxqovo/QjjrcJ9jn4sBMncYBZs wKzfEhyXLw/R39VgxKlC56vc4eHONjU= X-Google-Smtp-Source: AG47ELvJWhHTdNBvtOQL22UibHoIaqabhuqS5OHV2nY2Pe/BaiQtFxu6zuBXJOnBd3lBOLsxkQh4ag== X-Received: by 10.80.247.195 with SMTP id i3mr1589886edn.121.1520959849996; Tue, 13 Mar 2018 09:50:49 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:49 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:32 +0000 Message-Id: <1520959836-16105-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 06/10] optee: Add optee_image_get_load_addr() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; } +static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Tue Mar 13 16:50:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885298 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="OaWf3ya4"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011HV3814z9sTG for ; Wed, 14 Mar 2018 03:57:26 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 1DD63C21E12; Tue, 13 Mar 2018 16:53:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 1C244C21E12; Tue, 13 Mar 2018 16:51:16 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5479EC21DEC; Tue, 13 Mar 2018 16:50:56 +0000 (UTC) Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) by lists.denx.de (Postfix) with ESMTPS id AEAD3C21DE8 for ; Tue, 13 Mar 2018 16:50:51 +0000 (UTC) Received: by mail-wr0-f193.google.com with SMTP id r8so837212wrg.0 for ; Tue, 13 Mar 2018 09:50:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=uemXRx5/51OFiTMXaXUhm55yC4L3W9Zkd6/DsEMMGy8=; b=OaWf3ya4neAxom3Uo0erpKEtr6k3jndiSfeGoHDsqeYqmak4720d7LV60oTU4YpK0y CO2/FUn+WpCriB1lW5jDiwxEpheCVjYDd1sw2Nh0Awp1V6macz5uZ0DaCd2/gktWTjVs noSZxx4Xxe9hMtWFuhFqrqN+72AhksbIA3R+g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=uemXRx5/51OFiTMXaXUhm55yC4L3W9Zkd6/DsEMMGy8=; b=bvTwemfoWJ/lTrWQUltju0KVEfMHz4oyQTKWOpg0IWLrYMK1/n/zRHCPrmRYzcmkOX 8/9D13lYnjqSV4ueaFZJDPQ+5B2Rfm8uGTLRnd9HNTZFl7WJY6Bhx4ewlJUVwzeTP8wq NvCM91H3xiPRjdVBzpUldwZjHW6HJviL5Q20B/aHozWdAkVrTIg1DHix2tGlwmShHKil ucktF5pa3WzSmMRPPgZYtahuP6Fl/QtZOfhEzoAHzFUlk6ioTxynbCUzPCYF6JXdxbtC NnXrJVj2cu0PFqeMDAKEED6dZltUXYFFA9OC+zeq/Uiif/+OJhpSl1rKT5R+qFk3E1M2 ZX4w== X-Gm-Message-State: AElRT7GT7sIk7aCKKNNbRTn9NXvs1KqadsmMDVmx+jqAYaawsQMFuedk 7XX0aISwFwIkS+rowFPml0mwzMjczMQ= X-Google-Smtp-Source: AG47ELtr3xJPtFOVk9uyZKCWakerHkpE9+pcfJTY4urajPKOMYvwqf9TszxQurofeb0U8sxhAQNVKQ== X-Received: by 10.80.137.83 with SMTP id f19mr1534363edf.206.1520959851247; Tue, 13 Mar 2018 09:50:51 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:50 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:33 +0000 Message-Id: <1520959836-16105-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 07/10] optee: Add optee_verify_bootm_image() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 13 +++++++++++++ lib/optee/optee.c | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 2cc16d7..365c078 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,3 +29,23 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + return ret; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + ret = -EINVAL; + + return ret; +} From patchwork Tue Mar 13 16:50:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885293 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="CF1Ptu88"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011FC27z1z9sTG for ; Wed, 14 Mar 2018 03:55:27 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id C75A1C21E1D; Tue, 13 Mar 2018 16:52:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 101B2C21E44; Tue, 13 Mar 2018 16:51:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5E5D1C21E49; Tue, 13 Mar 2018 16:50:57 +0000 (UTC) Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) by lists.denx.de (Postfix) with ESMTPS id 025F7C21E2F for ; Tue, 13 Mar 2018 16:50:53 +0000 (UTC) Received: by mail-wr0-f193.google.com with SMTP id m4so773773wrb.7 for ; Tue, 13 Mar 2018 09:50:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=9l4y29YT9GA9C87v2s0KMfjVt7b/wQv5HyUsRKb+Koc=; b=CF1Ptu88gr9T3MP4GQWcBM1ZcAsXQz54VK5GTP3KMTmVS1QbGI9cO+QmZtJKZ7TvWr An1mgQfAKi8/kaChMC0mfTk+5yY6fpW5e/7qeOVq2Jqy6/C/AagbN7GkhSL38sHmsP4r 0MSiV94w3c7KwLTQNBUvqQfkIMUDD7e/rMhyg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9l4y29YT9GA9C87v2s0KMfjVt7b/wQv5HyUsRKb+Koc=; b=E4gwoxQaml+10xplvqNDt0h8kPGiJstFI5OU1Vjh6gR4YfiPSfmnxaNEfQy1rcB+pN Sxn/d/vAsorCBeMFEgjg44129RcEadMeb2wDpj5ZIG948Rqbq1zCyznCyMUe+n0M1H+H T6SL1PqZVUfRd5jFbSLnF8cGNwTrPnGRgoH/2GmjmAG7i9qG+UKdj388kQe2+QlBNG/5 ZOgPShQ+s/d8HDEOghiBRqf4v6hKGwU70vFN40rdSbAzxn1HTA2+6mrpMTqiaxCMbH0Z Rssro2QLv8xPjq/Ppmf3ujEiyCvKRdT3015RvkDFBqX1Gy2YsnHc9MwqQsHiV/+l0slN Kulg== X-Gm-Message-State: AElRT7FB865WyKrpMdxgLVhiKBuhioFs2+2EZSws4NuRfyIY8n9gKd8A zIl3zK5C8tNTccjuUbbHg1knfxvlWlQ= X-Google-Smtp-Source: AG47ELuZUmk8R8NDrOTOcROd1ghrPNq/0p5WPHqDd/ZQsn01ctRuTw22YnQnkCxCe3Uthi99s4roHA== X-Received: by 10.80.164.82 with SMTP id v18mr1538741edb.115.1520959852504; Tue, 13 Mar 2018 09:50:52 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:51 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:34 +0000 Message-Id: <1520959836-16105-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 08/10] optee: Add error printout X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/optee.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 365c078..78a15e8 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -8,6 +8,12 @@ #include #include +#define optee_hdr_err_msg \ + "OPTEE verification error:" \ + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \ + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \ + "\n\tuimage params 0x%08lx-0x%08lx\n" + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { @@ -42,10 +48,19 @@ int optee_verify_bootm_image(unsigned long image_addr, ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); if (ret) - return ret; + goto error; - if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { ret = -EINVAL; + goto error; + } + + return ret; +error: + printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); return ret; } From patchwork Tue Mar 13 16:50:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885292 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="G87Lyahf"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011Dz3sQRz9sRG for ; Wed, 14 Mar 2018 03:55:15 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 331EBC21DB6; Tue, 13 Mar 2018 16:53:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 22A0BC21DB6; Tue, 13 Mar 2018 16:51:18 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9BDAEC21E3B; Tue, 13 Mar 2018 16:50:58 +0000 (UTC) Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) by lists.denx.de (Postfix) with ESMTPS id 5BC33C21E02 for ; Tue, 13 Mar 2018 16:50:54 +0000 (UTC) Received: by mail-wr0-f195.google.com with SMTP id n12so812584wra.2 for ; Tue, 13 Mar 2018 09:50:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1Xeau/pafFYygWJPzlvvGX1TfjvwM2oL9f2/MJ5tLUQ=; b=G87LyahfHIAgVaEEUjlt8UfP6xSivkq+Q3Ij9PgQ/XyXXQhWiBiFs/XXrYwx2yDG3t 7Hs2fr8VBL3K4GpkuN2roGvTZk87zSCmNXqUEGSyTlcq5fXcS+WeJB/GVjkCrP+LL+di MWVJ2AGcBid364FKktEvuhf3JK1EFsWXKuMus= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1Xeau/pafFYygWJPzlvvGX1TfjvwM2oL9f2/MJ5tLUQ=; b=Qk8V/gvPPtjGG3jXWEFO76QDzP/ktNUXyrCPtz9bRRqq6/sjbjICc48KRAvocoEThd Cm2rS8+cO5UNWuZc4tzLF/ltXup2vPZxox7PEO5qZa7ghnF/sRvoVHNHBEXGIOobsUTt o5tFZiX8u/p6ozl2IhXQV2Z9oI5L6Gc6RT+ZC3F8lvUc/oQakk86HFhp7FlsNEyk8Scn BsX5gjJPIVwTd3vFGEcZFw5ROioCjOMKezTvppMZBRtkzMKNrHHFVccip+m3RKC12kuS EV4D8Q8lKCXBciFXtSYAma2evooHvUw/RaIcvY1dJP2txzzcIkX++RbdU6RChF5C96hI lz5A== X-Gm-Message-State: AElRT7FkaHgeBfN8L0lBYT5gRUx4ks1e7tDtSvuPgkDf/PEWXCPULz4s IIQnvDpemBAhUA2CsLAltPcbsNipVBY= X-Google-Smtp-Source: AG47ELuvBRRiQAy0H0AXTrVLC49K5wRetof1k5rihqUO1NcFrFFhEACRF5LcQAVo3+SvlMAyRVtgjw== X-Received: by 10.80.154.130 with SMTP id p2mr1572288edb.211.1520959853769; Tue, 13 Mar 2018 09:50:53 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:53 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:35 +0000 Message-Id: <1520959836-16105-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 09/10] image: Add IH_OS_TEE for TEE chain-load boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds a new type IH_OS_TEE. This new OS type will be used for chain-loading to Linux via a TEE. With this patch in-place you can generate a bootable OPTEE image like this: mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee where "tee.bin" is the input binary prefixed with an OPTEE header and uTee.optee is the output prefixed with a u-boot wrapper header. This image type "-T kernel -O tee" is differentiated from the existing IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow control returns to u-boot) whereas for the new IH_OS_TEE control passes to the OPTEE firmware and the firmware chainloads onto Linux. Andrew Davis gave the following ASCII diagram: IH_OS_TEE: (mkimage -T kernel -O tee) Non-Secure Secure BootROM | ------------- | v SPL | v U-Boot ------> <----- OP-TEE | V Linux IH_TYPE_TEE: (mkimage -T tee) Non-Secure Secure BootROM | ------------- | v SPL -------> <----- OP-TEE | v U-Boot | V Linux Signed-off-by: Bryan O'Donoghue Suggested-by: Andrew F. Davis Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Link: http://mrvan.github.io/optee-imx6ul --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 15 +++++++++++++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/common/image.c b/common/image.c index 14be3ca..61e3d25 100644 --- a/common/image.c +++ b/common/image.c @@ -100,6 +100,7 @@ static const table_entry_t uimage_os[] = { { IH_OS_OSE, "ose", "Enea OSE", }, { IH_OS_PLAN9, "plan9", "Plan 9", }, { IH_OS_RTEMS, "rtems", "RTEMS", }, + { IH_OS_TEE, "tee", "Trusted Execution Environment" }, { IH_OS_U_BOOT, "u-boot", "U-Boot", }, { IH_OS_VXWORKS, "vxworks", "VxWorks", }, #if defined(CONFIG_CMD_ELF) || defined(USE_HOSTCC) diff --git a/include/image.h b/include/image.h index dbdaecb..a0a530d 100644 --- a/include/image.h +++ b/include/image.h @@ -153,6 +153,7 @@ enum { IH_OS_PLAN9, /* Plan 9 */ IH_OS_OPENRTOS, /* OpenRTOS */ IH_OS_ARM_TRUSTED_FIRMWARE, /* ARM Trusted Firmware */ + IH_OS_TEE, /* Trusted Execution Environment */ IH_OS_COUNT, }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..c67f66b 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -90,6 +91,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +102,26 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); + ep = params->ep; + addr = params->addr; + if (params->type == IH_TYPE_FIRMWARE_IVT) /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; else imagesize = sbuf->st_size - sizeof(image_header_t); + if (params->os == IH_OS_TEE) { + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + } + /* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch); From patchwork Tue Mar 13 16:50:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 885299 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="excbl+Mc"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4011Hy3hMlz9sTH for ; Wed, 14 Mar 2018 03:57:50 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 14169C21E12; Tue, 13 Mar 2018 16:54:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 64106C21E6C; Tue, 13 Mar 2018 16:51:26 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C9A1CC21DF9; Tue, 13 Mar 2018 16:50:59 +0000 (UTC) Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) by lists.denx.de (Postfix) with ESMTPS id 459F0C21E08 for ; Tue, 13 Mar 2018 16:50:55 +0000 (UTC) Received: by mail-wr0-f193.google.com with SMTP id l8so797424wrg.5 for ; Tue, 13 Mar 2018 09:50:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Gz0kemg1q++IJnGVn0xjNSFvoHvWf2ZJx7Qiuf0Cyzw=; b=excbl+Mc4iOkRiMekY061MxCtmR6sYZ0B5oalO30MnXnIfsKcC2IFgJ6ANMqfHoqT8 98PWLJR5RrPo6JLE39D27lBNBUPyJvh+IuK6WNhk7U5D9gNC1vbmTB7VSvhq52UysVOi iadu1RYz2wM5/OTWTUCQLP9PYpQ9ubAxNOnpw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Gz0kemg1q++IJnGVn0xjNSFvoHvWf2ZJx7Qiuf0Cyzw=; b=DnWQuREdeNtD+kWpzdjr0mi9IbBq6QZfBXgwd2vRiLguyHHVedLMFpdABwicCu8Amp jrkRzMrEtXXQF7xg2gj7AyAyB+DVJHenawnl6UwcD9ebQPoy1wsQWvwyTOT/gQe9n7vx IxglikPp315z11XYXNHgAvzT3P55RxeA9/uM4kKycleThH1B5k1neIv4A4pgM1EySqM/ FOiD3sFA89li3kmlujHQ/V3R704lYR1qlhWdRqXnc6dL+iJzgzveMtaTxFb8Nr+SY/QP oDoBYaFekz93mfEFqGonAyF+Q1QAYuAYqTLL3uEM2eD7tHymoMKZfKA1j9uhUjYzN2vv izvg== X-Gm-Message-State: AElRT7HxQENcISQtHeWUPQaRZfm49V/++TGsn0pCpcy5bCXPZ0LpOv33 gKd2eEhYbG/+xCsDShOG3ZsX9k4/wWE= X-Google-Smtp-Source: AG47ELucktZ/o24Yu8DBoifX9s5r9zxhK50WWQEvyeMqIz3yWmijiW1pOvK508BM7FaNwgUa9wHqqw== X-Received: by 10.80.147.21 with SMTP id m21mr1585379eda.175.1520959854777; Tue, 13 Mar 2018 09:50:54 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 33sm476671edz.37.2018.03.13.09.50.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 09:50:54 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, trini@konsulko.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Tue, 13 Mar 2018 16:50:36 +0000 Message-Id: <1520959836-16105-11-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta Subject: [U-Boot] [PATCH v6 10/10] bootm: optee: Add a bootm command for type IH_OS_TEE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Suggested-by: Andrew F. Davis Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- common/bootm_os.c | 32 ++++++++++++++++++++++++++++++++ lib/optee/Kconfig | 9 +++++++++ 2 files changed, 41 insertions(+) diff --git a/common/bootm_os.c b/common/bootm_os.c index 5e6b177..b84a8e2 100644 --- a/common/bootm_os.c +++ b/common/bootm_os.c @@ -11,6 +11,7 @@ #include #include #include +#include DECLARE_GLOBAL_DATA_PTR; @@ -433,6 +434,34 @@ static int do_bootm_openrtos(int flag, int argc, char * const argv[], } #endif +#ifdef CONFIG_BOOTM_OPTEE +static int do_bootm_tee(int flag, int argc, char * const argv[], + bootm_headers_t *images) +{ + int ret; + + /* Verify OS type */ + if (images->os.os != IH_OS_TEE) { + return 1; + }; + + /* Validate OPTEE header */ + ret = optee_verify_bootm_image(images->os.image_start, + images->os.load, + images->os.image_len); + if (ret) + return ret; + + /* Locate FDT etc */ + ret = bootm_find_images(flag, argc, argv); + if (ret) + return ret; + + /* From here we can run the regular linux boot path */ + return do_bootm_linux(flag, argc, argv, images); +} +#endif + static boot_os_fn *boot_os[] = { [IH_OS_U_BOOT] = do_bootm_standalone, #ifdef CONFIG_BOOTM_LINUX @@ -466,6 +495,9 @@ static boot_os_fn *boot_os[] = { #ifdef CONFIG_BOOTM_OPENRTOS [IH_OS_OPENRTOS] = do_bootm_openrtos, #endif +#ifdef CONFIG_BOOTM_OPTEE + [IH_OS_TEE] = do_bootm_tee, +#endif }; /* Allow for arch specific config before we boot */ diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index cc73ec3..1e5ab45 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -28,3 +28,12 @@ config OPTEE_TZDRAM_BASE help The base address of pre-allocated Trust Zone DRAM for the OPTEE runtime. + +config BOOTM_OPTEE + bool "Support OPTEE bootm command" + select BOOTM_LINUX + default n + help + Select this command to enable chain-loading of a Linux kernel + via an OPTEE firmware. + The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case.