From patchwork Fri Jan 12 14:52:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 124352 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2150866qgn; Fri, 12 Jan 2018 06:53:15 -0800 (PST) X-Google-Smtp-Source: ACJfBos12M51lAmttdg7goiRkyViPqTYx9kTMrPHQL4gdr9Grcm78Pj87/Ek7143iNtqhPW7lyN3 X-Received: by 10.80.151.204 with SMTP id f12mr35853596edb.243.1515768795303; Fri, 12 Jan 2018 06:53:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515768795; cv=none; d=google.com; s=arc-20160816; b=DIzC6FfKHwUCB/vGvg5+OAf+74mq/A+BjH5zXvapcC1rX3rxBEpwODbjt/renDa20R doRDZTMqzUc9iTlw6LU0mABgzB3S961/liRpdbl96/ILmHLk4QTKflaq0k6eXXkFEYj/ UhUT2k4gXaCpVzywRSZGmW/ngJncsoyzUqaiAuvmoBeIdyLeyNX1Udo9elivIFTEnsNX ETtBqY3P06oJSmU/YNPBgkeqe+XBZdyjrixMcZPknpTzeikefdDBMri8oSge6R6UaKHd tr1yjQbyGN5WaqvrSrRGBDoHqz7I4Kdq5YMPCldRQaThiRPkbbZp09MmVLlysp90s1sx kytQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=Ihd0md/fLQ6OTS+zaABdnPcciq5tpDtN3Nyzad3Org4=; b=E/B2A2cPmgwXM6H09qArPUwhVDR1cf0X7ry0PTKVEDSD+HEPUe5emBBaVwG8b/fk+G jxL/mUvqCm83y3u5MZ5V/sM3l0ROSlbXLGfdS+YQMNwVKfk6BUd+5byMWV8oZR/wgInA aKvOiU3tl5D2VzkEpDuuNBOcAhJ4Vju2KUS0p+HLoKb6gAMdjYu8OU7iwfQYqfXJiHh8 LLVL0yXDiFJjn3yHCpofWQDyoxOcWXC9jeBxy0UueusBAIRUBflKCaNXGLzLS393rQs2 ZeEXv/1eu4NtScUM3KDEyrld1f36GVfsaonXUwWYOBd1lFojfduqzBKT83p8EYNlAqgF 3yqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=IKE5s3JK; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id p92si3874010edp.379.2018.01.12.06.53.15; Fri, 12 Jan 2018 06:53:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=IKE5s3JK; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id C5F78C22276; Fri, 12 Jan 2018 14:53:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 00B36C22259; Fri, 12 Jan 2018 14:52:31 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0E485C21EE5; Fri, 12 Jan 2018 14:52:28 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 814FCC21C40 for ; Fri, 12 Jan 2018 14:52:27 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id v123so3176158wmd.5 for ; Fri, 12 Jan 2018 06:52:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=N7I4PVpqtvVU9VIdfSAsKFLf8JnTxbMXgLL8HfKeuVw=; b=IKE5s3JKWohUixj3pg1h+Ss7b5ZVkaqYSutloDcfbCTife25aUS+xGbS7d78SXCn5n CNIJwDtFWdINA2qfxxLkp9DCNwjeFKhkDjfJK5u7TfzmLjV7gep5pe027AxnaReq+Xrb FSmnHzR62QqGh+HgmgkM4gT/VP9UUXcylMjdY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=N7I4PVpqtvVU9VIdfSAsKFLf8JnTxbMXgLL8HfKeuVw=; b=rx5qght3MCnVoBFuij9CRpoVLYSl3EUW6FQE9TBkW1heOlHs4c2NDdKbRzNoZEDNrL H/FCtjfsdAOS5fqx4NLDbZecBF/O0LIizbBq0VdIJtV5puDnnWAdwQrmXIGAYV5aBiqC 8uMG0MBouVxhPOJxVmVJ5FtfiRGYVutDn4WqcAsUH3tS2VxSuUmJXaxoHD0ccKNKVg7q 66X10u8CQT8TnTxZzeyC5ZHDwWVzDaYO7pQGodQebbb529cHSc6DLtG0uMZ2PZx4GLU2 TbRFxllCrh3GdeGLsDN6S1p8rnyv7QD2lmj7/FzZTdP3FTGZ040QSXfL7xesGsHMCLpF LDbg== X-Gm-Message-State: AKwxyteJREkDOXH0/UCx9FqpmfBpXIy8d4N890gl6gTS3ls/bolg3C+q g95le4+2kkHg3JZi1lxkszgFemp5IRI= X-Received: by 10.80.181.15 with SMTP id y15mr12126902edd.29.1515768746984; Fri, 12 Jan 2018 06:52:26 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:26 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:16 +0000 Message-Id: <1515768744-25246-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 1/9] optee: Add lib entries for sharing OPTEE code across ports X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 35 +++++++++++++++++++++++++++++++++++ 6 files changed, 68 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index f447c53..5742fb7 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -278,5 +278,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 8cd779f..46813b6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..a6c856a --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if ((hdr->magic != OPTEE_MAGIC) || + (hdr->version != OPTEE_VERSION) || + (hdr->init_load_addr_hi > tzdram_end) || + (hdr->init_load_addr_lo < tzdram_start) || + (tee_file_size > tzdram_len) || + (tee_file_size != image_len) || + ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) { + printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " + "header lo=0x%08x hi=0x%08x size=0x%08x\n", + tzdram_start, tzdram_end, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, tee_file_size); + return -EINVAL; + } + + return 0; +}