From patchwork Fri Jan 12 14:52:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 124359 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2158552qgn; Fri, 12 Jan 2018 07:00:54 -0800 (PST) X-Google-Smtp-Source: ACJfBoubC5bLtvm87uSyPb6mpd8zAvik4Gn/54aBHoy/DjUVVatgFPzgmMwdKSHpawtVR2byaKwH X-Received: by 10.80.181.93 with SMTP id z29mr2753972edd.223.1515769254196; Fri, 12 Jan 2018 07:00:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515769254; cv=none; d=google.com; s=arc-20160816; b=GmHKqxjJTwCAvZ6zt/FiyIL1vIc34a15L/++w9/RxrPeiGmnQ1NfFOgswxv7LL5BV5 xq20PCkor4NDM/Kpy8O8BSeXCK2HXI3Mp0SPiXZ51NCX5YcjEZz4qnzkrI4obSSVsCzu Y2K9vj7D6t8+Z14uhRYUtFYQtR5t8kTYdGK8mnz23dDLGnebgFP88r+U1UkbeLm3BEG0 rgXPMxVX+fOD56U/nn1q9H7956avLy7NCnikJippvZSLtERBD1qkCKP+7N5qRkdgqznG 0j2ONAoj7u3kQUTdJYU8M6slEICjO0au8FRlOwhc2+HvzAEVho8x8C05Z3rnod04UPvD k+HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=D2BHxVi7SPLRaDC1bdJJYdYnYgDfqFmFE14aRQygRdE=; b=zW4lEZHuKG9RRhz0KkptKdG8Whiw6BXKzY2hB0qKlOtzfkX1n1pfHVRALgRIGTgxKE EkcBgeC91xNDf32MVdayd+H61RswwrutL8jgQgFW95AgaYGK7Bshj0Ob1oBpzCRn+zeK 5rgZNl/WaganfnjYEoC7QkKoPCSMArwFR0vGst11g0nGjXNaciS+fSuIAJ821iovQapy n/B6/z+rbSNHKyS+RGe7B7YyovIVEjNg/FFvuBkJPqGckAim/tGwKU/lCm16FhjAF74I 3RkOmV3WUaooG6rqd9x06Lzv9InP6Q2tAcszgR1VurcpNIKhCVER0+qmBGyMPy3ibf3s vulQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=bT718AK6; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id n20si2067210edb.407.2018.01.12.07.00.53; Fri, 12 Jan 2018 07:00:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=bT718AK6; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id CEE33C2224D; Fri, 12 Jan 2018 14:59:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5E37CC22264; Fri, 12 Jan 2018 14:53:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 06514C22235; Fri, 12 Jan 2018 14:52:39 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id E42ECC22254 for ; Fri, 12 Jan 2018 14:52:35 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so12449047wme.0 for ; Fri, 12 Jan 2018 06:52:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J2uJEHxPZIbU+Nkj8LkePrwbhrJoGvTWxpQOxN7f7yI=; b=bT718AK6sMofjnRxrCoetqZO2QicC/0yHbiF/4BnE8ALBwV8QyrjUkALGE+Jyo7fBa N8h2vPWxUwEw+GPH35YAeRQ0aD0U8RcTaxknl435LGnYXyh2dmQjhN/mo9rk7U0U3ivH lFnM/Gzphoupq9Pwvq40SZYPZ9eASpsFEMhNY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J2uJEHxPZIbU+Nkj8LkePrwbhrJoGvTWxpQOxN7f7yI=; b=Z+snuFaebx95ITci+T1dhLx5DOsPNdpQHWm/qALxjRUNmPPd9bL3TkRvWL+kAsF6ru 770buFVohycMpfUbKRPeuSpPKyt3zYY4/kcCotYyFhLykciVmOLcWnUX68topqHGkbMp 166zAKuAV6iRuwXpG0v0z6jkQyXKhZNGZkAB/kywUrMS/QJbBUlECc+7wcgHnktpQSJs Koq16rR66TUG1PU5+Qzan9wMX6Vr2ajiWkfLB6DEaLFFT2p2YjaAVRcKnvceO+bYtA1q x7vLTPY5iP04ItyUjbmd9ACV6wNHG0+HcXsYS1RZ96Eu90zFPtbFMWj3RYr72JXkVwet xlPA== X-Gm-Message-State: AKGB3mIuRdoz9pfGWIsWRey7XvlyRZnNIjPazUQis6MWmoZYez44oBI/ S/xKhjC7oQ3gQWeNg4rLXqEWPGopAUQ= X-Received: by 10.80.135.8 with SMTP id i8mr35226004edb.87.1515768755451; Fri, 12 Jan 2018 06:52:35 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:34 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:24 +0000 Message-Id: <1515768744-25246-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index 9493a30..38c1b0a 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break;