From patchwork Mon Feb 26 12:36:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129638 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp156825lja; Mon, 26 Feb 2018 04:41:43 -0800 (PST) X-Google-Smtp-Source: AH8x226sz9Q0BjgkcxdMYxtm1XfXBe1k2kQxmCYAfxgwUPniOU5b6LiIMWjrA35KG5nHM4uqU5ST X-Received: by 10.80.180.16 with SMTP id b16mr14683245edh.111.1519648903480; Mon, 26 Feb 2018 04:41:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648903; cv=none; d=google.com; s=arc-20160816; b=HCHdEtRVJnbwQjzwhZKsN/hV5o0ElMdIx4/g1DrVGouJoxrAwOswkyofnbjRoBsncn ceaFRc7P/Fgd/NfYljUfamilWs0uuNJXrrFpR7pkZz7yKHUXem70qDERSzKONEqGGtmV FtmxSpQ6KUtYSmNawBkL72J5sXq8hDjT7GQ//hS+Ua/6s6vQVNxh326xulvWYKk6t6WD doDfpEhVkUmDn4tgRrBdf/sPZ2nJLjhmZmLMMn4tRwqfsO+CfnJhMW7L4oKoaZN9X5Fa MGbb1Zc+PCymeFYiz1dTP+KtS7lE25RESAbwKtWbYzH0C7kWf3CBpGDVuYrwfrdy4dP9 sCGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=kk8qoawcLbQ1+1nUAgsCY1u8JTASPHO9qONbaTVhvnc=; b=vILnQeb2nNTefwQiboDUsaMdtjCqmFIEKhm/t2cf/VILsE6Wetl6q1y0zAupcloR4g WmCfYFyaWwNhG2s6JjqgPkOE+wrCQN7aykUlZLC5r5nmZRjre97iN+xR4wNXCdNFiBdg xbbQoDQQHyJUWga/ULoZZ2IGQG4R6WJss7yy0qAJkQcKh/c+AxVaBzLnJFuhkhb2pGR+ u9uMs582U/eEq8MwEWDr1ZtQQmykBEQClYJLUZFUGPcZmfvrRnfwJu1PVZcMn2ER/Suj NbRgExo4G1D1EbZ3o8FLymkGoSgCV9opEIAUqlsI2b2JpO9h+WMfI7yWz9nZYF1hn7uJ 19zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=HkSy5m9N; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id g14si7360923edj.31.2018.02.26.04.41.43; Mon, 26 Feb 2018 04:41:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=HkSy5m9N; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 1CF3FC22113; Mon, 26 Feb 2018 12:39:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D130CC22101; Mon, 26 Feb 2018 12:36:47 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B32E8C220F4; Mon, 26 Feb 2018 12:36:21 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 42810C22101 for ; Mon, 26 Feb 2018 12:36:17 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id x7so14585725wmc.0 for ; Mon, 26 Feb 2018 04:36:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Sg/9G2VKYyJgNZJcoPcYPp5JqeuDxM5e98iOS84+4X8=; b=HkSy5m9NOBlDADWKXpkvbxshL5BZCzMfncROS0WnZlrjjVGcfuCTz7GuLPywfsWHCA 2BcAPZFJoK2GyvUl17SoO1HlDMBA6OwOXs2HAfL9aUfPMgRt3vQIB1SRvSk9YxuJgcDI NY0YODkG5hrDTSvaAYB3V36TvoppN3TstjtZg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Sg/9G2VKYyJgNZJcoPcYPp5JqeuDxM5e98iOS84+4X8=; b=QTp0VIrbhsKM0rRcuonWHR/7sTnvxpP9rnxkvWQRZ/jf2vdI1bbrOh7Mwcpp8UMju9 E7CeRnCQTUpKSfE+g1mBo77rshJzYM3Av9ZyNKrYdp9gc/+/xJ1YkYc7q8Gy09cS2HVQ qoO2om7hKXcesHUyRJ8/OZOyh7g73P+GKCoV+7hxuzHydXcyeVmOmnAXAowQknXz568H 8+py5eWMHSgIYbsA5D6MYoWpOhkBMwlcsDsaZzmtzbeU6mGvYr9/Mqvsks1pofO/0oxM PKA54vj5Bp+Wk5u0qnegpa4PCL0MG3Am+zrUbRlkwThrUv5sWUbg9TKH/FwIw7OCeken 79Jg== X-Gm-Message-State: APf1xPAf5rfrbZk0sxqlWCeDGLiZ9EjGQu3rj3qAGYqCMuGaT/CryMDB RWyw0M9rIBj2X6VYy3k2c8QPrKEaqvs= X-Received: by 10.80.141.19 with SMTP id s19mr14387042eds.234.1519648576562; Mon, 26 Feb 2018 04:36:16 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:16 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:01 +0000 Message-Id: <1519648566-12061-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 07/12] tools: mkimage: add tee-bootable image type X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds support for bootable TEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location control is passed to the TEE and then the TEE returns to u-boot. flow #0: BootROM -> u-boot -> tee -> u-boot -> onwards For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7 the boot flow is flow #1: BootROM -> u-boot -> optee -> kernel This patch adds a new image type to mkimage - IH_TYPE_TEE_BOOTABLE to reflect this TEE boot flow and to facilitate additional OPTEE specific verification of that image type - prior to handing control to that image. The new image type enables us to more easily generate and validate a bootable OPTEE image also, for example instead of generating an OPTEE image like this: mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d ./out/arm-plat-imx/core/tee.bin uTee we can instead generate images like this: mkimage -A arm -T tee-bootable -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That OPTEE image then will have a specific image type that bootm can automatically identify and consequently perform additional optee-header checks on. Subsequent patches add logic to perform those optee-specific changes prior to handing over control as described in flow #1 above. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Link: http://mrvan.github.io/optee-imx6ul Tested-by: Peng Fan --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 25 +++++++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/common/image.c b/common/image.c index e9609cd..e7785ce 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC, "pmmc", "TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_TEE_BOOTABLE, "tee-bootable", "Trusted Execution Environment Bootable Image",}, { -1, "", "", }, }; diff --git a/include/image.h b/include/image.h index a2372de..d2c47ef 100644 --- a/include/image.h +++ b/include/image.h @@ -272,6 +272,7 @@ enum { IH_TYPE_TEE, /* Trusted Execution Environment (TEE) OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ + IH_TYPE_TEE_BOOTABLE, /* TEE Bootable Image */ IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..fc0b0c0 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_TEE_BOOTABLE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_TEE_BOOTABLE: + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + break; + } /* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch);