From patchwork Tue Jan 23 20:42:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 125595 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp1996989ljf; Tue, 23 Jan 2018 12:50:36 -0800 (PST) X-Google-Smtp-Source: AH8x224cogP5d6SFpLaBRGrexez5xd4PahcFY6rfFxQhIIMKJ53o+lenq/LqYQ1MT/OA447232SL X-Received: by 10.80.134.132 with SMTP id r4mr21366562eda.250.1516740636658; Tue, 23 Jan 2018 12:50:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516740636; cv=none; d=google.com; s=arc-20160816; b=ha+c18+o349uYwXyNG3Tmghp8GrHIbcbZlEa0IuowtqjJshtkZ00YTSxG7WDOOUfy/ Dm65Bn2GOZb2rNBqErsBq1N1edsyi/EY78cinVpJPvXJA/ytJdRYv1FR6zBCRz0YK1Fm s21oKE6JwRGPYPJKT2Gd7xZpCwDlayYqR5DXG7VwdbJ5zc5iJAUUGNbl3sJjxGwH5sPz 18U8PD1mA9pZtllPijwyl/upUwC4+Ew4WeO74KSWDbWFc9hYAhvTbu6tRX/mhVcXC+lC Bwe/ekEUU4RsKxuJQkTgAxC/VFR+Yv9q8SmoZWOmj/u/ooVclTJBxteSSaYAXvJhr+dS WkJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=QFzOjjw6Ls0OcJzw5JuhqTbQjg8RHaD1PzgICbRrVMo=; b=N/sSmQ6wlu9vw3TmqICjhk/4BU/49fTtZzWwQksB7/i3DT2lsKxI8wdVOWCmfnnaK9 NM3ZVksP2j9GGYqqtRhFr4zXZiVG+aUi5ovtCD8cifPj6pSAzXMwcTH39mQ/dRc3BUpP b1NRlcl3uWcMz3ERN/TukKuQiEeh/UABLjzq/SsAvXnMccVZ48gngP7gQqc3ljo1uzoH 8fXcLHEAFWllS5+EziU7UEALd0MJMgKJf3FdLHlqPLH8F14KhBR+qRzndn8ZPzIzKH2H AsKGh2IfBEiXTbF3d7CCTEU4hk7K3dMSG0mCu3vVeuQKH7ccOwj6T0Q0Ah7W5EBxJyLg nwMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ioDqTrXV; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id w23si204254edd.51.2018.01.23.12.50.36; Tue, 23 Jan 2018 12:50:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ioDqTrXV; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 4E029C21E3B; Tue, 23 Jan 2018 20:49:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 52912C220EC; Tue, 23 Jan 2018 20:42:39 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5BBF5C2217E; Tue, 23 Jan 2018 20:42:34 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 3A894C22111 for ; Tue, 23 Jan 2018 20:42:13 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id x4so23627631wmc.0 for ; Tue, 23 Jan 2018 12:42:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VfQzZRzM3DQYXdLJBCX//TaVWV5MboWeZdKPbCHr1qE=; b=ioDqTrXVEyzukAhpse+1nKQrVnEReJhXg0VtAwDKJGmhC5YnySpIIQ9oRxtENAzBoe YpNsdN0PDbLfCmVu31ypVYF2gCREUiPhid9sh3cI14EnP81ytJ82WxoebABT8xwVMLdg ITlSODsRSCiV4PJ/yIP/J4v7uPqSqp/o+n36Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VfQzZRzM3DQYXdLJBCX//TaVWV5MboWeZdKPbCHr1qE=; b=JkWiwnDBZBpFRXLaPRzk8s1s8t370yTYvs/al6lmracdW4RDtq3GUpsTd1pSBxQlyw Rnj9VesVCdoGp15gBeaKuNDM3Gx44BS1XHVhCVOOXzJZhW56LC6nsXsF9JHzds2ViCV/ DQuhIuKaG3ofiIML/oCaF3aoqlPS0AKI9lKqYzzZxwDjL7P+1zm7QuVEgPm7+8KYPuPZ isF7lTMhxVCzBISQ65GMCQv8KZztO0GcnA1aAo1NEmKY8ILCL137PM0c8u2R1dd//YJm 9kZPxcmR5rr7LpQrdzQNnR/anPrZx+q07hZFOrxQrWIlhJyE3K2+DGT45RXD9t/Ohifr LQ/g== X-Gm-Message-State: AKwxytd0UpqIneTZcSYdSGEkXQ5rKHEAEkJlZOxT8nfRpA6cy07akXDX uCN46D9xa3z/NHdj6WZFu90Wlc5MPJM= X-Received: by 10.80.159.175 with SMTP id c44mr21178171edf.136.1516740132578; Tue, 23 Jan 2018 12:42:12 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id k12sm12400896edl.86.2018.01.23.12.42.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Jan 2018 12:42:11 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Tue, 23 Jan 2018 20:42:00 +0000 Message-Id: <1516740120-948-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516740120-948-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v3 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index adb1213..d528844 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break;