[v6,09/10] image: Add IH_OS_TEE for TEE chain-load boot

Message ID 1520959836-16105-10-git-send-email-bryan.odonoghue@linaro.org
State Accepted
Commit 45b55712d45150a810950aae84355e54c945cfcb
Headers show
Series
  • Add new OPTEE bootm support to u-boot
Related show

Commit Message

Bryan O'Donoghue March 13, 2018, 4:50 p.m.
This patch adds a new type IH_OS_TEE. This new OS type will be used for
chain-loading to Linux via a TEE.

With this patch in-place you can generate a bootable OPTEE image like this:

mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee

where "tee.bin" is the input binary prefixed with an OPTEE header and
uTee.optee is the output prefixed with a u-boot wrapper header.

This image type "-T kernel -O tee" is differentiated from the existing
IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow
control returns to u-boot) whereas for the new IH_OS_TEE control passes to
the OPTEE firmware and the firmware chainloads onto Linux.

Andrew Davis gave the following ASCII diagram:

IH_OS_TEE: (mkimage -T kernel -O tee)
Non-Secure       Secure

                 BootROM
                   |
      -------------
     |
     v
    SPL
     |
     v
   U-Boot ------>
          <-----  OP-TEE
      |
      V
    Linux

IH_TYPE_TEE: (mkimage -T tee)
Non-Secure       Secure

                 BootROM
                   |
      -------------
     |
     v
    SPL ------->
         <-----  OP-TEE
     |
     v
   U-Boot
      |
      V
    Linux

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
---
 common/image.c        |  1 +
 include/image.h       |  1 +
 tools/default_image.c | 15 +++++++++++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

Comments

Tom Rini March 19, 2018, 10:37 p.m. | #1
On Tue, Mar 13, 2018 at 04:50:35PM +0000, Bryan O'Donoghue wrote:

> This patch adds a new type IH_OS_TEE. This new OS type will be used for

> chain-loading to Linux via a TEE.

> 

> With this patch in-place you can generate a bootable OPTEE image like this:

> 

> mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee

> 

> where "tee.bin" is the input binary prefixed with an OPTEE header and

> uTee.optee is the output prefixed with a u-boot wrapper header.

> 

> This image type "-T kernel -O tee" is differentiated from the existing

> IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow

> control returns to u-boot) whereas for the new IH_OS_TEE control passes to

> the OPTEE firmware and the firmware chainloads onto Linux.

> 

> Andrew Davis gave the following ASCII diagram:

> 

> IH_OS_TEE: (mkimage -T kernel -O tee)

> Non-Secure       Secure

> 

>                  BootROM

>                    |

>       -------------

>      |

>      v

>     SPL

>      |

>      v

>    U-Boot ------>

>           <-----  OP-TEE

>       |

>       V

>     Linux

> 

> IH_TYPE_TEE: (mkimage -T tee)

> Non-Secure       Secure

> 

>                  BootROM

>                    |

>       -------------

>      |

>      v

>     SPL ------->

>          <-----  OP-TEE

>      |

>      v

>    U-Boot

>       |

>       V

>     Linux

> 

> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

> Suggested-by: Andrew F. Davis <afd@ti.com>

> Cc: Harinarayan Bhatta <harinarayan@ti.com>

> Cc: Andrew F. Davis <afd@ti.com>

> Cc: Tom Rini <trini@konsulko.com>

> Cc: Kever Yang <kever.yang@rock-chips.com>

> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>

> Cc: Peng Fan <peng.fan@nxp.com>

> Link: http://mrvan.github.io/optee-imx6ul


Applied to u-boot/master, thanks!

-- 
Tom

Patch

diff --git a/common/image.c b/common/image.c
index 14be3ca..61e3d25 100644
--- a/common/image.c
+++ b/common/image.c
@@ -100,6 +100,7 @@  static const table_entry_t uimage_os[] = {
 	{	IH_OS_OSE,	"ose",		"Enea OSE",		},
 	{	IH_OS_PLAN9,	"plan9",	"Plan 9",		},
 	{	IH_OS_RTEMS,	"rtems",	"RTEMS",		},
+	{	IH_OS_TEE,	"tee",		"Trusted Execution Environment" },
 	{	IH_OS_U_BOOT,	"u-boot",	"U-Boot",		},
 	{	IH_OS_VXWORKS,	"vxworks",	"VxWorks",		},
 #if defined(CONFIG_CMD_ELF) || defined(USE_HOSTCC)
diff --git a/include/image.h b/include/image.h
index dbdaecb..a0a530d 100644
--- a/include/image.h
+++ b/include/image.h
@@ -153,6 +153,7 @@  enum {
 	IH_OS_PLAN9,			/* Plan 9	*/
 	IH_OS_OPENRTOS,		/* OpenRTOS	*/
 	IH_OS_ARM_TRUSTED_FIRMWARE,     /* ARM Trusted Firmware */
+	IH_OS_TEE,			/* Trusted Execution Environment */
 
 	IH_OS_COUNT,
 };
diff --git a/tools/default_image.c b/tools/default_image.c
index 4e5568e..c67f66b 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -18,6 +18,7 @@ 
 #include "mkimage.h"
 
 #include <image.h>
+#include <tee/optee.h>
 #include <u-boot/crc.h>
 
 static image_header_t header;
@@ -90,6 +91,8 @@  static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 	uint32_t checksum;
 	time_t time;
 	uint32_t imagesize;
+	uint32_t ep;
+	uint32_t addr;
 
 	image_header_t * hdr = (image_header_t *)ptr;
 
@@ -99,18 +102,26 @@  static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 			sbuf->st_size - sizeof(image_header_t));
 
 	time = imagetool_get_source_date(params, sbuf->st_mtime);
+	ep = params->ep;
+	addr = params->addr;
+
 	if (params->type == IH_TYPE_FIRMWARE_IVT)
 		/* Add size of CSF minus IVT */
 		imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
 	else
 		imagesize = sbuf->st_size - sizeof(image_header_t);
 
+	if (params->os == IH_OS_TEE) {
+		addr = optee_image_get_load_addr(hdr);
+		ep = optee_image_get_entry_point(hdr);
+	}
+
 	/* Build new header */
 	image_set_magic(hdr, IH_MAGIC);
 	image_set_time(hdr, time);
 	image_set_size(hdr, imagesize);
-	image_set_load(hdr, params->addr);
-	image_set_ep(hdr, params->ep);
+	image_set_load(hdr, addr);
+	image_set_ep(hdr, ep);
 	image_set_dcrc(hdr, checksum);
 	image_set_os(hdr, params->os);
 	image_set_arch(hdr, params->arch);