From patchwork Mon Feb 26 12:35:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129631 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp153039lja; Mon, 26 Feb 2018 04:36:52 -0800 (PST) X-Google-Smtp-Source: AH8x226r+VxV+RrzS04ajkZ8va35CdvDPIiBzBhIcBg1Xk5YYM+mbv+nHvWyB8vAEPAi6OehLmFA X-Received: by 10.80.145.251 with SMTP id h56mr14802139eda.68.1519648612214; Mon, 26 Feb 2018 04:36:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648612; cv=none; d=google.com; s=arc-20160816; b=T7tuKPXDWQteb6OE3lzESJJ2vy8ydRgL7WF7RV0m3SiTCtkGdKODrh2wyuCHEBera1 s0mrNeUL7/6d0pcOHAj1uWv+/KOxiNV8CKc3ud0wMq8aaQZXn3NoT1drsMg31ail6IDn oZSpoykXge2Sug1itUaCkH8pNR+SGMKFOozO7Za5+UVt1pLoG7pwwWMGtpm0wrCEpDSS Mgjmr6NXh/B5nBhmblAeYV/pa2SIRSZ2czW0s6AP+jGC72MHzu/UgSvFq9ZD4wvI1iuc pHAQc+e/gu4g+MecFxQ7n0hIdHQ90r4Djufgw4df9B6GT9D8oKOSAObpn8g9b6AzKH2Z suqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=nHcEAqKeTAi2gJb2IvPfVpY43ixMvhSXGiaul2z3CHk=; b=G5I5W0u2ZDrGZ3RUoALjMFyAipZ0zAmp5g61ygX5FPe9K2yf04up1kmIiMIWMfqX7I VZekg2aIXOUjICfjCpUjvQP3qOmqsxhzFVgzxCYFU0odp6OACZkQvsisfkumFUIoVE9D GOBD5dgeDhzhF2xefi+pjmXn5J10qq1lcF9D0NZvg2WaG7HtCqC2s7EUAb/PFB7kqZt6 0X/UUZ4z+lKnwWqhOBXnZ3fk3n/cA3nMCJWtGgkPv0lkJRLBQTHZXOl2SHESEOlmFfFn Mh3aIHTPFgTT9Mpk9sxUgjklIeZFEUpmge3JEsfRUk6izftg75FVwjzIf8JGjgsAe+69 J4WA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=Npss7vc+; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id w56si5517791edc.97.2018.02.26.04.36.51; Mon, 26 Feb 2018 04:36:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=Npss7vc+; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id BDA7DC2210D; Mon, 26 Feb 2018 12:36:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id AD5D3C220EA; Mon, 26 Feb 2018 12:36:12 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 187BFC2202B; Mon, 26 Feb 2018 12:36:11 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 85D03C21DED for ; Mon, 26 Feb 2018 12:36:10 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id a20so16796037wmd.1 for ; Mon, 26 Feb 2018 04:36:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=gSYqsvPvU29dc5lv859k7rBX2d1MSQQaU6BLz0ewhp0=; b=Npss7vc+bsiJhzsZn/bHU4rZUhB4foMGW1GUbZfFU7j6HFEPKp23m6M/Od0NzgvEI+ AMKKXQ8bGIXPsfYiyoNxh1Mz1hdak3t8KBYQJ6AIbGs5lEZ26vY/FtQcMtLpxe41vWS4 eSrdKgJoYi+mxLftlXrlcyViFZHtRwI8IXdJ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=gSYqsvPvU29dc5lv859k7rBX2d1MSQQaU6BLz0ewhp0=; b=rQPUHJgu3jvyw1CSLRzUMkXpeCGnr4PY1gWiyuAHrkoAcG8jvYJ512YHXyHTn1DLoh MQ2K7J0wWpSxfS+kHDL7jI5cbJvO5ESWzUYF4qBxgO2O8RaF9IV3kUYlqVxEL9zt4YXV gQLnwSchV0kGvVRahmhEooAL7Cqo1dUVvFNWqgzDZwfQIM4cQVs+iFULwwaGONi1tQz0 32ZUn4T/wI+A4oTfV2bgRJd08KhqYjZsfIXKxnqx4Ov5S4ElJ/4//dKP8ha8wZibl92E rG29LrJ1Vrs8cpD5dXB6Vo436B1aomtyf67QtSazO6wf222ODcSuSYDBWsSRkMKTowcJ jkEw== X-Gm-Message-State: APf1xPCo8YJOOgRC5D1gk4ouBFQSLAuKzePAI4TVnkhZhn9GH0xt95xg sbZqWBWVY6VEPlBkKHTzXpyZvjvxIW8= X-Received: by 10.80.135.230 with SMTP id 35mr14726331edz.1.1519648569896; Mon, 26 Feb 2018 04:36:09 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:09 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:35:55 +0000 Message-Id: <1519648566-12061-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 01/12] optee: Add lib entries for sharing OPTEE code across ports X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 7 +++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 31 +++++++++++++++++++++++++++++++ 6 files changed, 63 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 4fd41c4..a4029a6 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -310,5 +310,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 0db41c1..35da570 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -18,6 +18,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..ed6405f --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,7 @@ +config OPTEE + bool "Support OPTEE images" + help + Selecting this option enables the OPTEE library code and + an OPTEE specific bootm command that will perform additional + OPTEE-specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +} From patchwork Mon Feb 26 12:35:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129632 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp153852lja; Mon, 26 Feb 2018 04:37:52 -0800 (PST) X-Google-Smtp-Source: AH8x2241E+F7O3YVd2e2/U0t60GnmtlZZ9oWf+uZ4/5bEm2O36suVFfNwQJzkdkzYjeb35Os0/eS X-Received: by 10.80.148.39 with SMTP id p36mr14187642eda.311.1519648671942; Mon, 26 Feb 2018 04:37:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648671; cv=none; d=google.com; s=arc-20160816; b=mHdXyrrWONBFkVXWC1WpNuF1hwerte0meYEuVbaOlDIwbgdoaNlqKXQbdEbdOIPC0g IdpHdEclOMWVt14uSUcTZRZC6f5oG5fX+7Ah/nZN/eRUqBeZNlSX3XLYQzbIwoU7IU8/ fUBUGRTkvJJHnuMFQmW/h3BdIod1ZRuw42OIBvMn8Q2Srh1waTZ4kxLNBcxHdLAlmU5I m+EJMWbLB4nAXqIp/JM25/IXKeoCqp3UMy8oT1XcDELLfc0UNJkHn3zK+nXtUu+XKBtI SbFK5oFC0RYHJr+B5Qljf8wqMFrwarsUArV5+WBkKOqOfKPYa16Tq8gnP803tITjCOkX 33+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=cIZdz8B0WXIKoUKRxyEDHuThYrzTtLlcFne8tnOspqs=; b=OSkywjOWoDCLuq2JslzRphOarzy8VpHeBnW1pKDdTcdefEvKLrIC0/AiBwcv/YjQkb vxW1NXpnB4gQ/lbFkTU14G4jZZYX/P0OwImdloaY8GiCMnJrozyJ2Uy9K6kH2ovWF5Qv gR4O23C/AKgU+OKmFJQAuBiWolSU4VpeT2RkT7Bv38ZRBbAWN9GZhcITGvHL3pi7hb3q 9drp80ui9HYQ3cqN82snm3unOdkrlEd339RNpQN3C0fj7HOgMzBxjL4XRtRXuewxj+Ji NiyKU3GkjfJk8/NOmpCQjM+FbsxYyDAegmYWiGcx9XvmkaZkJPBRTY3wdaeknb7Obtxq 1t4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=RK6MrvFX; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id k7si9703735edk.442.2018.02.26.04.37.51; Mon, 26 Feb 2018 04:37:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=RK6MrvFX; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 7AAA0C21F48; Mon, 26 Feb 2018 12:36:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 7BCB8C22104; Mon, 26 Feb 2018 12:36:24 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5E62BC220D9; Mon, 26 Feb 2018 12:36:15 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id BAC3FC220C8 for ; Mon, 26 Feb 2018 12:36:11 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id 188so16354111wme.1 for ; Mon, 26 Feb 2018 04:36:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=U1oVCZcP+E9ak6cDI/I5pIHs3pX5vUp5MGDMbfUiFbQ=; b=RK6MrvFXrWmOxpq1WQ6BvUiEblDCVmG4kBm7JgVbVJC/7XQivVC9mRZOIwS1fQp9h4 q/BfaJD7Dm/ELxF8Bdmzy2uvSPeBH/XuNviEwlVM7RblPb1KR3F8VkkXt4cMB/4OoAAJ Wxa1zVpvTd9jPW6IGTk/vofPP901MtikzY+4w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=U1oVCZcP+E9ak6cDI/I5pIHs3pX5vUp5MGDMbfUiFbQ=; b=Tw7rcXUmQyKWPFZbXYhQFkvVSa2re3APuQiK8t/Rt6wksu6dyTNb/akOyAW3ctHyV0 zzlAFqZ4/KfD8iTpGl7JcE0Grg1DJ7l8UDluM1mjJxVy7LIcn2UCCUjQP4tlFRM8p51+ nW1GEjV7wP808UP1zI08KYY/aggMAK+EwNCqLBLTObNLAqgwGd6SFO2u93PK3VvPIHTI rAcgWWBAyRAiIyUKSD7ojlJXvSzGqkh8mPge2I2dqDD7Kv5Q0mvinMiQ+RNDHbTSzy9b V6IagYCgWCMT54o9TBENFyNPujVP0vPndYFdA51qf7lpB/46LmeNYyp54nZpIV7b4tC2 9Nig== X-Gm-Message-State: APf1xPARvnEOHDyZc6lHu4VR27MQYoB37Yzb6lGmgPQmvyy6KXA/6BLm hXmqKMaIPCq43+U6oPhcPWioO+Qzuog= X-Received: by 10.80.139.2 with SMTP id l2mr14267652edl.14.1519648571113; Mon, 26 Feb 2018 04:36:11 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:10 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:35:56 +0000 Message-Id: <1519648566-12061-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 02/12] optee: Add CONFIG_OPTEE_TZDRAM_SIZE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up. Further patches will use TZDRAM size with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index ed6405f..2ca7be7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -5,3 +5,11 @@ config OPTEE an OPTEE specific bootm command that will perform additional OPTEE-specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x3000000 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. From patchwork Mon Feb 26 12:35:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129633 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp153869lja; Mon, 26 Feb 2018 04:37:52 -0800 (PST) X-Google-Smtp-Source: AH8x224ILDIZ54nIckhXJvts/J1UF2buZCQCgj9I5e1JRRSWHmPx0wSOY3Hy3emIsLOpPBdvgaaS X-Received: by 10.80.145.76 with SMTP id f12mr14564296eda.23.1519648672882; Mon, 26 Feb 2018 04:37:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648672; cv=none; d=google.com; s=arc-20160816; b=JqKPFUEmfTOGfDe9B7ksUoVuArarPjlDCH92k+uHNYxoo4NGnKbmTovu2279U6Ld9m cwuem1+nfgDeFfcMoLEDih8xr5n73xcgRMFMqj4YNMNZmB0RM5Zp2QWf5Eq2W+wqVsBZ IyyXuRxRwDKeJurpwB5h0XQyfhgrVuY+VqeaI+au3PLuc3/+B7z6A3H0FeGJETehTK3G NlLMxR9qolFmJXVMrwVMgHIB+P5BzAqypOh4KX7wPG4xryrAy1FaDsrZFK1baxTsCBw4 WuWKSaQ6hGDN43BQvtI0BQEWD5yL1xSNjS47WF5J6YIA2Xwf7KLFs6JUX/QWoQvXTgSj T99Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=uU6KL/kl7tqPzMMMPb8Lk9DtIJzgj/57REjhzX/urL4=; b=q5kIXNoimhN1YPsgwgnXvINXs3oJo3OB491J02P50UJ5M2skDDoRXXAqGuHlOb1MJc hnCsdmMvoGK+e/4TQZx71kmGphjsluT7SbC0UGrcOG5Ay8843sELMC5GqySeSNssWV40 jCv1y16Qu9yPHmINpXdAxTntlsv2OiLYnvY2RHXCrSshT/xxaY/SYHJXyejwJt66IZ7t YeXeo75SwEhSW/nNYgc78kMDkSz9X7Dzh9hrq1fQglwn7N292A0UPMdwrMES+nqhtlfR Cu91DXEnnHFRJiFPkfpgY8oXnMGrAFNQSwOHbXSRffx+DUH2FEmbKVolfh7WBos2rbgA wU4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=E2pCyrjm; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id l17si6140441edf.465.2018.02.26.04.37.52; Mon, 26 Feb 2018 04:37:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=E2pCyrjm; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 70851C220FC; Mon, 26 Feb 2018 12:37:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6FD22C22108; Mon, 26 Feb 2018 12:36:25 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 856DCC22100; Mon, 26 Feb 2018 12:36:18 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id A9931C220D8 for ; Mon, 26 Feb 2018 12:36:12 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id w128so11160945wmw.0 for ; Mon, 26 Feb 2018 04:36:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=/pD+xsWkk1mzR0w8Yj15R0YvITOa33DACjzsp+TtxP0=; b=E2pCyrjmF+EiBGuQ1J6HhKZTy9svmDWoMaRcSPWj7HsoLp2F8KCCb7rqA6TNpk4TVu /QJLSezRbXNS7118hy/Pe/K85V/f2vbMCeUqTLdKjcX5mcuABVSLS5Ig1j+w9WyMeRRF aep+31FEAERgHfd1pQ+dA2K+Brl4eYphk0Qrg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=/pD+xsWkk1mzR0w8Yj15R0YvITOa33DACjzsp+TtxP0=; b=aoCEbzOmmc/a5qub4V2IinzOk1XD92oNg+FlBnSk2ofe+fP4HAWftQZU/veh7AMzkQ 8y1OVG7vyFTe7Ho3xyglfa7ayUTDtSShfmzU9+IEk0jeX9O/wNBYdbQ6LtCQtS6rYDBY FTH5xKsePSv27nF9ggDETvF5S2ZvnlTJTGLBb0ANhKAsB336Sqi6fxd4UMqwTflwkzI5 GSK0xaE+WSwDVnJYWHdO+rXwGl37RUjhMjWxJjsKfEH31K18g1wN5GPt873v20+dnFOb hrm+nD9a8XDBFcW7t61dfY6RZFAMITmb6i9518GlZpdr8mAsFgUZd2IkFAviF5zvjvI6 LpUg== X-Gm-Message-State: APf1xPDLgQFwYdC9ekG6FioVCfyngvxpdi2ZjHcvUr6A9FSBuK0oFlgv iUX9TxRp9dYCus0XfZyO0dabzQOTkMs= X-Received: by 10.80.146.206 with SMTP id l14mr14064156eda.54.1519648572101; Mon, 26 Feb 2018 04:36:12 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:11 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:35:57 +0000 Message-Id: <1519648566-12061-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 03/12] optee: Add CONFIG_OPTEE_TZDRAM_BASE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default address of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM address specified in the OPTEE build and the TZDRAM address specified in U-Boot match-up. Further patches will use TZDRAM address with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2ca7be7..9e9ef39 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -13,3 +13,11 @@ config OPTEE_TZDRAM_SIZE help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. + +config OPTEE_TZDRAM_BASE + hex "Base address of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x9d000000 + help + The base address of pre-allocated Trust Zone DRAM for + the OPTEE runtime. From patchwork Mon Feb 26 12:35:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129634 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp155906lja; Mon, 26 Feb 2018 04:40:33 -0800 (PST) X-Google-Smtp-Source: AH8x227tIe9ajvUB6/U8vjai1Oo47WKnv/xiIY9C8qKPIaIf/M718Yq+74hA6yFbbs9ATWewp0Hi X-Received: by 10.80.214.158 with SMTP id r30mr14239846edi.288.1519648833336; Mon, 26 Feb 2018 04:40:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648833; cv=none; d=google.com; s=arc-20160816; b=E289ULLTxAhJlJjGBbVsrpdzV3YhlwY3b6RlopxYdYAVWiXpKWH+sX1+LH2K5WxMVT +tAdBocC6X0Pt7Kjr5Bjhw9VbvzDjjrVgQRJIo/EQ5alxjKD5Pp2mUhsU4gmzyk1I9Ay wqUuI1zBiuG3ZcYgj048SG1qTnjsMMD+d5vJhbxj9mKReiYdXAOCERt9MXeenTry8BEC 5d4Xl80ZmdcN6NpCAl6Ta7xJZVt5P3WOA6F1LwP6mIx+m9ld0xgOiM3lHXyEL9UyAhQk W9+VnoJaeAJ6pY5rjJNxN84ArBo73kw4cZAaGZ9w/Xx0wY56tP1B2eyI8epMPgye79GC h94g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=4CcwC7FBgW8X30HcQeHFFZHS6A58CAZ3P784+gQMGDU=; b=QYfVFFXoEbn0UzkEGZhxOeya9SyyNUXcYjX8HU+XgZ5e3A3Kn0+7nJ/V5IpR5ZLrS8 u64ZWzoGrDpIs8/3jcpWmFVWfDzNlqjsXjxSNA8NGn2pSzepNiEczh7puboJJy7/d5IT vHbsDKCxn7ahYR/dhqymNkjFZNWgW5i/evQtFe/8cjX+cZCJDwSSNlKx0M1i4Hk53pC8 E67oyqHZO3GhUwfe2hYGrKFZkmVvtzADZif1JHaJt7i7OpX5BGjz/olKwjQxCiQcWLzz 1V91D49BSzyp9Tz0gOATpDgCyBwPG1pCJKR7a65kW7pzG14hFmSGvLFITJZkvNDgcZPi wh5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=KukQ4guJ; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id h10si555548edh.7.2018.02.26.04.40.33; Mon, 26 Feb 2018 04:40:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=KukQ4guJ; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id CF799C22100; Mon, 26 Feb 2018 12:37:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8C155C22102; Mon, 26 Feb 2018 12:36:35 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id EC04CC21DED; Mon, 26 Feb 2018 12:36:18 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id DA27DC220F0 for ; Mon, 26 Feb 2018 12:36:13 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id t6so8593494wmt.5 for ; Mon, 26 Feb 2018 04:36:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HehyfLwBiGL7w0M1GQgZW2L7CjFJl409qccQ+xCD/gQ=; b=KukQ4guJccVM/Ob/cj+2A9ybZX/590G7H6l1gy1mIiPUoLHu9hfFTGtcEQMWGnFWVb DjmxOwzVLvXpJGhK55rYbuDfpT+phOWNyI2rmKt3YljyIENKFULPamelFXeFtu0TnxoG BWEbjfvCJAYooJMGXqXNFyiAM+KK8FFaXcwOM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HehyfLwBiGL7w0M1GQgZW2L7CjFJl409qccQ+xCD/gQ=; b=iNWDXwZANtw6E1+Mb39RyCs8RjACO+/GpUa45ioWypgirCjLMYwPQAgKroqfNNrn7C fM4qQYiYaAhrRQ9zWIhnNXd94Cy7y6rSzRvfygisIRVPCeDHfCHQsuV0fZE2QwSxdeK1 XFwMILqI7l/ixPDzbi+61zWhwGdhGgeBmyZX5KUCxvph6OLPhqThTMx0vzjDGHHaNU7j CoSiVAtQ/u5PJRxPsb6UT5MwPjoyJwpMMuVzLJ+qX0cQpmmsZnweD/wFFEyeldiZf7io kwrzWYTZsED4BhB2hGrfZX2dClQe4F81ECU7jVYN/VBf8b31HF88RjrNURYPzZ3VGY/3 1NJg== X-Gm-Message-State: APf1xPDb4vgpPaqZdyrx2j8WJ1ptBl3ge9PIrpX0XQi0XyYuDJiTT3SQ l+PNfO4txaTbRUgZX84apk9CPCkx4nA= X-Received: by 10.80.184.58 with SMTP id j55mr14517360ede.45.1519648573254; Mon, 26 Feb 2018 04:36:13 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:12 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:35:58 +0000 Message-Id: <1519648566-12061-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 04/12] optee: Add optee_image_get_entry_point() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Mon Feb 26 12:35:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129641 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp158950lja; Mon, 26 Feb 2018 04:44:16 -0800 (PST) X-Google-Smtp-Source: AH8x225h5HBX2rAB9DSb0sOuPVMCazISBvElj9hMpL/35bTomSGrpn9TgetD8pbBAM87iczIzZk+ X-Received: by 10.80.189.131 with SMTP id y3mr14568604edh.122.1519649056182; Mon, 26 Feb 2018 04:44:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519649056; cv=none; d=google.com; s=arc-20160816; b=0HMWXT5tqsO7qs8WmIOUlajxubamGKm2nzoz9/1pSQr9lU3yor5lMIt5OqoOxAOG9B 7KUOT4BahnNWclfzzeTc6lEggk5INVzEzkLEjFtU1wtBxZwQfnAwaGdDSGRePZUVDr2H oWuy0TfyV7ZzCD+LGSJappoOGZ0fGyPjlJeCHGGhcZQ/bdIqp1T1E7Hg2fX38bs0gFWO 9wy9iA7fTVkJeWEXQL2Vc6hECDi7L5k9Rn0hQ2HmgsoJ+P0XurHvgBfqt0xF9PiQDreK H0p3TUchoy8r4XC9CILa9Asl4gVggTYY24nzYZxAeEZ+Glp353k1FEKRNs6/bCUWbTjF dRBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=QaYroxNd3askNKowPokMN25W/t4qBXmwlbEd13MrC2M=; b=tXPJgw9Ghs6TrImS2stUPn4Mwe1mLUiWZwziAO8kToW7ZMyPOnsrkVwkez4QyT6oRE PvNM48xPi4Tw1GXgu2QNyZq1fBqKd9iDdkgW19apTPnbTuh9Y3M3lfzy/DlRDnaTp8aK Acra2WwlFd6dCoifW740vZkuO/zhfCqwU9r6zr4MVUAk/5A8JO08G3vfmgzKfXalDvqg P2siEjka4yEN4Kfa7CFLBOzvi3SGoiokzHmbAiDUUdKpGbDm+UKpRggwuWxg8H8FuGqU pSknQf8ErnpLki9OxvzTXm2FL2u9ippUdRe2iovT1qhiZ35k705FLji3Intpiy8Cwn5W ScEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=G/nKu8yi; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id 59si177722edy.483.2018.02.26.04.44.15; Mon, 26 Feb 2018 04:44:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=G/nKu8yi; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id A85AFC2211B; Mon, 26 Feb 2018 12:38:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id DE27EC220EB; Mon, 26 Feb 2018 12:36:43 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 78A8DC220CA; Mon, 26 Feb 2018 12:36:19 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id C8B5EC220D9 for ; Mon, 26 Feb 2018 12:36:14 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id q83so17192154wme.5 for ; Mon, 26 Feb 2018 04:36:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jd7TJ8ToMThI42VzCdFxxuucXAuvkiPJC/i5sG6S6nU=; b=G/nKu8yi1sQoGT1oSx7EzwjpW++O0Zeh5Q1l60QBceIQ/R5RXv63ZQFgr5VBAFtyf0 Tnea1yNMislIbNbcSm9XyJqRvD1/Jla9w/Alba8FBoUGCV30orPc58MzcCRazbJexPno IYve0Pf8c1vbq5cHJrpcSq/asWoDhaUVfcF6A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jd7TJ8ToMThI42VzCdFxxuucXAuvkiPJC/i5sG6S6nU=; b=T/pmSj0JJaxBsp0p8obSRuWJ+4Zmf6TiO7v0stPlDMb6J4teuRM+rO+aP3g3r3a6eh pL+lkZA6ELqp8QO8+rnSfRpb+qU4z9x+Hn5ziGH/hR1OkEjBvS5ylJ0pQ5LoBuC6UyFP OlbOKEIwBftLCnJbkdJNtljYzDBSWO5MXWEeII9Duc6FSRP4Vjh2cnUwBofr/NQDn0CJ m5SpS+JsQA9RxMAtJQQp4X4GQfOPhj+1sam+uwtc0w40qASbkuqWF6zn5oNahNu1Z3wu bqKxOIEv9p0xHBMJY1bIfQajmeZVXOHP2RZ/w2VMdztU8eiJr9nJZ6Ee2x+sfYDMuke9 /d+A== X-Gm-Message-State: APf1xPBw6a0VfS9AV5uPfRVjYnsCzwPXp5mSNHRgsUziV3rmqbjGqRVS HXWV1ckMRVbvJOeWkU1NnawwaNAjyTY= X-Received: by 10.80.195.137 with SMTP id h9mr6150444edf.232.1519648574256; Mon, 26 Feb 2018 04:36:14 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:13 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:35:59 +0000 Message-Id: <1519648566-12061-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 05/12] optee: Add optee_image_get_load_addr() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; } +static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); From patchwork Mon Feb 26 12:36:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129637 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp156394lja; Mon, 26 Feb 2018 04:41:11 -0800 (PST) X-Google-Smtp-Source: AH8x22721qP8okK7QNwo01rnwgtcNAr0L5hxys8Gp5VZub2J9FROvabd99+XEhXMrBW2vEL1UNaU X-Received: by 10.80.147.227 with SMTP id o90mr13913136eda.99.1519648870960; Mon, 26 Feb 2018 04:41:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648870; cv=none; d=google.com; s=arc-20160816; b=p2M+IGogt8LrjsaJjLo795IQngn5Vk/M/sZtOK/blaV0Uo7gz79XbQkLx5Qsqb6eq6 eWXMxCyNIeacrBLETO3RUJZ7Pd8wIyoHWIEOqJR2wtLNNAog9AoLoWYrGzX1ZJIOCQwV OzDNMVPN782ijKZ3voBr+QzgHIVzuAa9VL+x7MkkIAtSZSpacgDIrgJNOZj/5u7h3zWF Lkq/qIB78R3qZC/W2UpQ+JnTISH3xXwjTS/BkRTLnHNxpCLGr2Mo/V0vLjNWHlXc8pY1 FNS/dXCc3Fu0GldJy0jVFrrlVAWR+efifjZlj7y/rHN4ftihd6o4oDAFJQJ4PMz3qOPB HiXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=W2Z5n6X72Ga+ki7Jc9+Thiq3/PNSaCmJJDaGUeC/uiA=; b=t6cwirSaKehkG3FvGuPolbAq/MrSarr2s++y+8Qh6G+jhgBsSrfYM74PemD2q5f0IP 39x5D3hMk0DRs0rLklBetdoFvGFQKQXS1iZ9ZqqedPayiyyPn+v3UFECiefbHPNhBnzY R0A7tzYememBTEJ7lYl9I4j6y4J3cAMh3oC/FRLeJfbWtf96/wDaT/TFZ2Vwi+3adGYa mA0uKYXy2xgpSOsia7RcUeL5OpvlEkOxE26OLWFZkgFehzBABWS5uA4bWxbrgMuXqZyU dRZFRlOq4C0UlxZ/PE/rQAxY1yLRP2cuamLOLsO4bS/jueDte2Y7eyTCqPBt03BpGRA2 IzNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=jGQvqIvl; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id 30si1361314eds.58.2018.02.26.04.41.10; Mon, 26 Feb 2018 04:41:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=jGQvqIvl; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 89BD8C21DED; Mon, 26 Feb 2018 12:37:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 77BF4C220FF; Mon, 26 Feb 2018 12:36:34 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A4FB9C21F8F; Mon, 26 Feb 2018 12:36:20 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 2BDDEC220E6 for ; Mon, 26 Feb 2018 12:36:16 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id w128so11161274wmw.0 for ; Mon, 26 Feb 2018 04:36:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IT7JUUvnHmpVXkKoSS3EmQGwRKrJZoLj+uWFA9j+PFU=; b=jGQvqIvlELHcXhNRaVVxaiNZtytpXk74W6wlViolxM5JjeD1RLLSjleG+2rIO8NHcT cc8uD6H+OuiKRCGpLxwcpNZbbDKdggLB4rlFU+Gg4fTIBBIs/ILIa4p2ZKVSY+wRPGnC 9c13+RhAR02oxH5KvEJlCWEmB/6AEZRYCkGA0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IT7JUUvnHmpVXkKoSS3EmQGwRKrJZoLj+uWFA9j+PFU=; b=rlNdsOFUsVffx/9AvXKS0nShLBsdYIS2Sj05o5Dr1kd0qZea+1f1NwDhTItN60qXcZ S2sQtpk3QmRfs3xIi6JsQYahH1MnRLO3oLvKb70BuAeuguYNZw4hEby2WvrQhDOoeOz7 9pYSvPJtHsEGMraee7V+UEan55sdy5tSV8ujQcjECRYSdxPl9ZIUt9erXNKrtWI9aBhP jgmisKqhLfok0hzPU9szJj/J6JBVLS2YTBuLWl/K52NgvQtIDg3lJnWHeicD1DViTvoM GW9nlBqMKjbDllj8HTW7eXkPIUQfkWB/k3+NdLlQ2b7K1cwuHiZV8JZyF5iQnet9+TGI dH3Q== X-Gm-Message-State: APf1xPCt/wIj1RzAxk6JKOUAIYPiurtk17f6PCr18tutQcgkeq+yKqjR 05rgzJgvAeiyN/PQo7qbab6WevUvS+Q= X-Received: by 10.80.164.144 with SMTP id w16mr14759537edb.197.1519648575564; Mon, 26 Feb 2018 04:36:15 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:14 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:00 +0000 Message-Id: <1519648566-12061-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 06/12] image: Update comment for IH_TYPE_TEE X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add "(TEE)" to the name of the existing TEE in the comment adjacent to its definition. Later patches reuse the TEE name so introduce the reduced TLA acronym properly here. Signed-off-by: Bryan O'Donoghue --- include/image.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/image.h b/include/image.h index 325b014..a2372de 100644 --- a/include/image.h +++ b/include/image.h @@ -269,7 +269,7 @@ enum { IH_TYPE_ZYNQMPIMAGE, /* Xilinx ZynqMP Boot Image */ IH_TYPE_FPGA, /* FPGA Image */ IH_TYPE_VYBRIDIMAGE, /* VYBRID .vyb Image */ - IH_TYPE_TEE, /* Trusted Execution Environment OS Image */ + IH_TYPE_TEE, /* Trusted Execution Environment (TEE) OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ From patchwork Mon Feb 26 12:36:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129638 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp156825lja; Mon, 26 Feb 2018 04:41:43 -0800 (PST) X-Google-Smtp-Source: AH8x226sz9Q0BjgkcxdMYxtm1XfXBe1k2kQxmCYAfxgwUPniOU5b6LiIMWjrA35KG5nHM4uqU5ST X-Received: by 10.80.180.16 with SMTP id b16mr14683245edh.111.1519648903480; Mon, 26 Feb 2018 04:41:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648903; cv=none; d=google.com; s=arc-20160816; b=HCHdEtRVJnbwQjzwhZKsN/hV5o0ElMdIx4/g1DrVGouJoxrAwOswkyofnbjRoBsncn ceaFRc7P/Fgd/NfYljUfamilWs0uuNJXrrFpR7pkZz7yKHUXem70qDERSzKONEqGGtmV FtmxSpQ6KUtYSmNawBkL72J5sXq8hDjT7GQ//hS+Ua/6s6vQVNxh326xulvWYKk6t6WD doDfpEhVkUmDn4tgRrBdf/sPZ2nJLjhmZmLMMn4tRwqfsO+CfnJhMW7L4oKoaZN9X5Fa MGbb1Zc+PCymeFYiz1dTP+KtS7lE25RESAbwKtWbYzH0C7kWf3CBpGDVuYrwfrdy4dP9 sCGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=kk8qoawcLbQ1+1nUAgsCY1u8JTASPHO9qONbaTVhvnc=; b=vILnQeb2nNTefwQiboDUsaMdtjCqmFIEKhm/t2cf/VILsE6Wetl6q1y0zAupcloR4g WmCfYFyaWwNhG2s6JjqgPkOE+wrCQN7aykUlZLC5r5nmZRjre97iN+xR4wNXCdNFiBdg xbbQoDQQHyJUWga/ULoZZ2IGQG4R6WJss7yy0qAJkQcKh/c+AxVaBzLnJFuhkhb2pGR+ u9uMs582U/eEq8MwEWDr1ZtQQmykBEQClYJLUZFUGPcZmfvrRnfwJu1PVZcMn2ER/Suj NbRgExo4G1D1EbZ3o8FLymkGoSgCV9opEIAUqlsI2b2JpO9h+WMfI7yWz9nZYF1hn7uJ 19zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=HkSy5m9N; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id g14si7360923edj.31.2018.02.26.04.41.43; Mon, 26 Feb 2018 04:41:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=HkSy5m9N; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 1CF3FC22113; Mon, 26 Feb 2018 12:39:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D130CC22101; Mon, 26 Feb 2018 12:36:47 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B32E8C220F4; Mon, 26 Feb 2018 12:36:21 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 42810C22101 for ; Mon, 26 Feb 2018 12:36:17 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id x7so14585725wmc.0 for ; Mon, 26 Feb 2018 04:36:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Sg/9G2VKYyJgNZJcoPcYPp5JqeuDxM5e98iOS84+4X8=; b=HkSy5m9NOBlDADWKXpkvbxshL5BZCzMfncROS0WnZlrjjVGcfuCTz7GuLPywfsWHCA 2BcAPZFJoK2GyvUl17SoO1HlDMBA6OwOXs2HAfL9aUfPMgRt3vQIB1SRvSk9YxuJgcDI NY0YODkG5hrDTSvaAYB3V36TvoppN3TstjtZg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Sg/9G2VKYyJgNZJcoPcYPp5JqeuDxM5e98iOS84+4X8=; b=QTp0VIrbhsKM0rRcuonWHR/7sTnvxpP9rnxkvWQRZ/jf2vdI1bbrOh7Mwcpp8UMju9 E7CeRnCQTUpKSfE+g1mBo77rshJzYM3Av9ZyNKrYdp9gc/+/xJ1YkYc7q8Gy09cS2HVQ qoO2om7hKXcesHUyRJ8/OZOyh7g73P+GKCoV+7hxuzHydXcyeVmOmnAXAowQknXz568H 8+py5eWMHSgIYbsA5D6MYoWpOhkBMwlcsDsaZzmtzbeU6mGvYr9/Mqvsks1pofO/0oxM PKA54vj5Bp+Wk5u0qnegpa4PCL0MG3Am+zrUbRlkwThrUv5sWUbg9TKH/FwIw7OCeken 79Jg== X-Gm-Message-State: APf1xPAf5rfrbZk0sxqlWCeDGLiZ9EjGQu3rj3qAGYqCMuGaT/CryMDB RWyw0M9rIBj2X6VYy3k2c8QPrKEaqvs= X-Received: by 10.80.141.19 with SMTP id s19mr14387042eds.234.1519648576562; Mon, 26 Feb 2018 04:36:16 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:16 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:01 +0000 Message-Id: <1519648566-12061-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 07/12] tools: mkimage: add tee-bootable image type X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds support for bootable TEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location control is passed to the TEE and then the TEE returns to u-boot. flow #0: BootROM -> u-boot -> tee -> u-boot -> onwards For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7 the boot flow is flow #1: BootROM -> u-boot -> optee -> kernel This patch adds a new image type to mkimage - IH_TYPE_TEE_BOOTABLE to reflect this TEE boot flow and to facilitate additional OPTEE specific verification of that image type - prior to handing control to that image. The new image type enables us to more easily generate and validate a bootable OPTEE image also, for example instead of generating an OPTEE image like this: mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d ./out/arm-plat-imx/core/tee.bin uTee we can instead generate images like this: mkimage -A arm -T tee-bootable -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That OPTEE image then will have a specific image type that bootm can automatically identify and consequently perform additional optee-header checks on. Subsequent patches add logic to perform those optee-specific changes prior to handing over control as described in flow #1 above. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Link: http://mrvan.github.io/optee-imx6ul Tested-by: Peng Fan --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 25 +++++++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/common/image.c b/common/image.c index e9609cd..e7785ce 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC, "pmmc", "TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_TEE_BOOTABLE, "tee-bootable", "Trusted Execution Environment Bootable Image",}, { -1, "", "", }, }; diff --git a/include/image.h b/include/image.h index a2372de..d2c47ef 100644 --- a/include/image.h +++ b/include/image.h @@ -272,6 +272,7 @@ enum { IH_TYPE_TEE, /* Trusted Execution Environment (TEE) OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ + IH_TYPE_TEE_BOOTABLE, /* TEE Bootable Image */ IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..fc0b0c0 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_TEE_BOOTABLE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_TEE_BOOTABLE: + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + break; + } /* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch); From patchwork Mon Feb 26 12:36:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129635 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp155926lja; Mon, 26 Feb 2018 04:40:34 -0800 (PST) X-Google-Smtp-Source: AH8x2242WM/uE4DVXinbRloiV+M0DQqdbaOz2pBU3usO5oCw0YfasdGmgVDyB9Jz+bvWFFcpH7ez X-Received: by 10.80.138.155 with SMTP id j27mr14522306edj.36.1519648834522; Mon, 26 Feb 2018 04:40:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648834; cv=none; d=google.com; s=arc-20160816; b=D2NuTJqBULLDdqY0RMcgPTDBjQGlct6wm4lxDzvTpz63T+mMubIy8eykbAr8+BRQCI t+fOvbvS9oXt/sIYsSXkEjf03NUoN7VgmXwYGJm7UicPStKnwHCFzMH6Gy0vVRK3+B3Z kloDFz6Pw91QTfPD7CIEa64dAGj3E/uVK+jfuCRZ4QeUQFM8I5biVW6u+11G+xJgJR1R 8rLcHt6e+kKzMQne29AdSbKPGHfmgNB5CikjYIm8AE5X2Lt3Q83VKIOUZKsZcg9RQ7jw j3tHywaG4WGFK13HlRR/0/nU6rs89mhebxQjjIQQeBuoqB51XOBHY4NzIySdFXc2FYMF 1tiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=IOhCpKUxlMdJLmyNPrad3DPqKOB3Nb0VMRA9nhscV24=; b=mNhFS4MXyUnBo5YfZud0UCSoFwYoKg5CeCx9dEJIEMT+Oltp9QomGRoOyRuGJj36wQ +2U2nOPqkqL325u2M4tubmIT4F7Dq/qMYJPaPfxoLOLhD6JwsuwM3Lo/e+cXKSpxmXdm OEsY4vUUgsl8LA5urhX4U4JKdWIAI0wGb6//ehvvZUIWCh3wK5ey8ndQ0N2AnBhI+lL4 BxVv7Wj3WvqIGyvN0ROxiT0+vkx6lSkJsTinsGgljcjvMGQFd3srcIFFeaO+j0DGAFgZ Lf7AGLgQe5JgTBOziapmDQZCVaVGr91vzNNvb5UNAWiWALCUozg2PtqTt5X6ERBTOM/2 b+bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=TDXZyAHE; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id r28si1824744edl.492.2018.02.26.04.40.34; Mon, 26 Feb 2018 04:40:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=TDXZyAHE; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 1018DC220F4; Mon, 26 Feb 2018 12:38:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 79920C22112; Mon, 26 Feb 2018 12:36:36 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A48B8C220CA; Mon, 26 Feb 2018 12:36:22 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 646FCC22103 for ; Mon, 26 Feb 2018 12:36:18 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id q83so17192506wme.5 for ; Mon, 26 Feb 2018 04:36:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=W3AP2W1OHSTh2kv4tdR0iX93prvD95Tb8ryWy9QonmA=; b=TDXZyAHEw0pw/PsOF7EpyJ3CoKqdQdX93F6E/iNQfiH7IKzKL+k2yPsvocAQXVmYIS GnbAuyF4goACNmQql24n+Xj8wsHtn/0RP2I7ewxJia5HTe7R0ojYfEO7nKKPGX0bOjL9 u/Kl4JQnX63NsAGUdeMA27o+X1+Btp+QHIMmg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=W3AP2W1OHSTh2kv4tdR0iX93prvD95Tb8ryWy9QonmA=; b=TUlgcp8L3Q1sbJfLMHMt/GrzTwSSWftbrAUVS2TL/0Cgr69Yjkwj3ZPe5aoE7j2usB 1KrmYxzHeTCQvXTT6ZSS1HZiDgcJYleKgWBUS9IfU7+Tefcik42vZm4M40pqYDgwhjQl QPNcL3LZ0ruxwfppPR+JTKn46yZDe771Q6MVCASj6eeZ+tGGK/rrzKJZtUCIakx4dnPC AwrmDaL2rv/ufRxNkY4/5CUN8r4h6A1A5yXHDIgEfy0sUeRCX6AA4fEHRCZmB8kkIAC3 +SPiLaImh7ZtBkO3BxY1jnOA4Ah2LtwOOkRPoqUU+gxOy6/WLuhgXbOKCEfwPAr+I9FI +pvQ== X-Gm-Message-State: APf1xPD04HLbHfo4np2FXYhXOiW5rJGDtPPR5VuiQ6d0adUPLmrDjEBI L63BuNvkJMjnDp37dZbRUP1FeAXFbNA= X-Received: by 10.80.133.200 with SMTP id q8mr14307717edh.286.1519648577649; Mon, 26 Feb 2018 04:36:17 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:17 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:02 +0000 Message-Id: <1519648566-12061-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 08/12] doc: TEE: Add documentation describing TEE in u-boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds a brief description of TEE in u-boot. It gives a basic introduction, description of image generation with mkimage plus the various ways u-boot can install or chainload a TEE. Methods covered in this patch are - tee-standalone This is method where u-boot loads a TEE into an area of DRAM or SRAM hands off control to a ROM callback or jumps into the TEE intself and then once the TEE is installed, returns control to u-boot. - tee-bootable This is the method where u-boot chain-loads the TEE. In this case once u-boot hands off control to the TEE execution does not return to u-boot. Subsequent methods of performing a TEE boot with u-boot may be added over time, for example "tee-combo" is being discussed. Signed-off-by: Bryan O'Donoghue --- doc/README.trusted-execution-environment | 123 +++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 doc/README.trusted-execution-environment diff --git a/doc/README.trusted-execution-environment b/doc/README.trusted-execution-environment new file mode 100644 index 0000000..12bf615 --- /dev/null +++ b/doc/README.trusted-execution-environment @@ -0,0 +1,123 @@ +Trusted Execution Environment +============================= + +Overview +-------- +Trusted Execution Environment (TEE) specifies a secure mode of execution of a +processor. The TEE provides an isolted environment that runs in parallel to the +rich execution environment meaning an environment such as a Linux based +operating system. + +TEE may provide access to crypto keys or other pieces of secure silicon that are +not available to the rich execution environment or TEE implementations may +reside in secure sections of memory only accessible when running in a TEE +context. + +The TEE specification is available here: +https://www.globalplatform.org/specificationsdevice.asp + +In u-boot currently all TEE versions supported are based on the Open Portable +Trusted Execution Environment project. OP-TEE is an open source implementation +of a TEE. + +See https://www.op-tee.org/ for more details. + +Supported TEE methods +--------------------- + +In u-boot there are two means of installing a TEE + +- Installing a TEE (tee-standalone) + + In this case u-boot is responsible for loading the TEE into memory, jumping + into the TEE and subsequently handling return of control back to u-boot. + + u-boot then is responsible to load and boot a kernel and DTB in the normal + way. + + BootROM/SPL + | + v + u-boot ----> + TEE + u-boot <---- + | + v + Linux + +- Chainloading via a TEE (tee-bootable) + + In this case u-boot is responsible for loading the TEE into memory and handing + control to the TEE. The TEE then will enter into secure mode boot-strap itself + and hand control onto a subsequent boot stage - typically a Linux kernel. + + When chain-loading in this way u-boot is reponsible for loading bootscripts, + Kernel, DTB etc into memory. + + BootROM/SPL + | + v + u-boot + | + v + TEE + | + v + Linux + +Creating a TEE image with mkimage +--------------------------------- + +- "tee" (tee-standalone) + + To identify this type of image to u-boot you should use mkimage like this: + + mkimage -A arm -T tee -C none -d tee-image.bin uTee-standalone + +- "tee-bootable" + + mkimage -A arm -T tee-bootable -C none -d tee.bin uTee-bootable + +Booting the image types +----------------------- + +- tee-standalone + + For a standalone TEE image you should create or reuse an existing board-port + and install the TEE into memory in the appropriate way for your architecture. + + Some TEE implementations may reside in a special SRAM area or have special + ROM callbacks in order to setup the TEE correctly. + + eg: + board/company/board_name.c + + void board_tee_image_process(ulong tee_image, size_t tee_size) + { + /* Install TEE into memory as approrpiate here */ + } + + U_BOOT_FIT_LOADABLE_HANDLER(IH_TYPE_TEE, board_tee_image_process); + +- tee-bootable + + For a bootable TEE image you need to load the TEE into an appropriate address + in DRAM. + + Once done use the bootm command to execute the image. + + eg: + => ext4load mmc 0:1 /lib/firmware/uTee-bootable 0x84000000 + => bootm 0x84000000 + + ## Booting kernel from Legacy Image at 84000000 ... + Image Name: + Image Type: ARM Linux Trusted Execution Environment Bootable Image (uncompressed) + Data Size: 249844 Bytes = 244 KiB + Load Address: 9dffffe4 + Entry Point: 9e000000 + Verifying Checksum ... OK + ## Flattened Device Tree blob at 83000000 + Booting using the fdt blob at 0x83000000 + Loading Trusted Execution Environment Bootable Image ... OK + Using Device Tree in place at 83000000, end 83009b4d From patchwork Mon Feb 26 12:36:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129640 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp158340lja; Mon, 26 Feb 2018 04:43:30 -0800 (PST) X-Google-Smtp-Source: AH8x226my+MuCTg5dbrLYSlRcfDdCWOYNogwxavYNIsQfkI49IcK5kpifXcnqMQN9Fa8vnGUH3QL X-Received: by 10.80.138.212 with SMTP id k20mr13931851edk.181.1519649010256; Mon, 26 Feb 2018 04:43:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519649010; cv=none; d=google.com; s=arc-20160816; b=oL0zaEQb815Kgyia2q0KGww44HPaa5snAgKqnbxRcr5tL9Lm7IxwLwLW54fmbh9nW3 kZls2YrChJqF8uj1NXuzaIZxZtqfSwFReJj44gry75CNlipvE4WqiwUY95nz6OxjmVSM v98RZyBb6VVT1G2i/wFoLwT3e0eugM/HWEnUEwkbmZmxJxCpoAwKhld5CFQ5udSMCK3K c7Z5dWTA8pbeD0/7yZRY6mgjv+mllubTfubBUd0cLnpcegkVivxuTy6scPKEXeaBlxVs qzgH69o4bkixK9MBZOPcmtag4VbhI9r5cqi+ZhX6Z85ngq1jsD1hM6TZumkh5fTYONtA QJMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=imD/FFmxIm1O3FKS1inZ6TLvL5Dw7B1dklNfuNVp+RY=; b=HH7b5rDi5PoclozvSN3O7AvutpVLz1VGR7MLyIJTiVAJjqTbvFFDt1ZBdI3FxX2Dpf xGnZTvU7MYjZH5BPvMvldUG3H0m1rMzWv+j3G4xpxJD4rqrV836BPU1Rr9a53WhIjQtR epdmf/Pbd1sKdvv5r4CL2sxmDbVo5T/fGFX3HBOm/+yiF89mSIfHCoyWcVizyajATlYU U+VoH2Efg5zP6Sjb46GvNlrOze11yuzIsoxzV727P3TjV8oFOtFB4IBXvfgv7wiAID9Q pm2spAGTfN6lHHcnwZFu5QNd8fPcWklbC3i0KaIMLBNJcPmFi47ax0iTUb79iOmc7lv1 7JKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hygTe9wa; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id s12si649361edb.5.2018.02.26.04.43.30; Mon, 26 Feb 2018 04:43:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hygTe9wa; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id D091BC22102; Mon, 26 Feb 2018 12:38:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8FF13C2211A; Mon, 26 Feb 2018 12:36:41 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 883BCC2210F; Mon, 26 Feb 2018 12:36:23 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 4418AC22102 for ; Mon, 26 Feb 2018 12:36:19 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id h21so17136678wmd.1 for ; Mon, 26 Feb 2018 04:36:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Sebbz03t3iaTy+2et9QKnZ7ab4Axd/fkQ6N9N9AZVPk=; b=hygTe9wa4Zp+7Dl5E/zdMVliHr+V68cR1mco+i8R02xqpacrHfy7jKYTMlQX6H5oS7 /QibBuX+BhK38Dibh7GTGSvpfQwM/dQ73OMdB2P9lYj2pDQt5odzj9M3++wlgT+rAlgw 8LvbKc9MER8MHLBVh8lt9AgQ54tgRzXuCWscw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Sebbz03t3iaTy+2et9QKnZ7ab4Axd/fkQ6N9N9AZVPk=; b=ZjWq/gBCf3qh8J5poNMj/wPuE99sRK5Q0VqGF4w9z7uJ9SXcx5STrZ4K/AmsxbUna9 V3sKzA0Dx+XliFL3RAJw8F4YHj2d1jwor58ju3hRulaHT7PAYYv+k/dpyhSiO4gCYU5p 7xYIPWqg3FaNJJq1QMWRe79dfM+4K3qycpy2H3wVoFFCx3LCjIBSmbG8w5Px/jJf9pO9 3Itikg6lIDv4+NEmxsrxhLVYFoScN9Yepr0jyETYtgy19grNpQ2dW7PXxF2m2ORF+Ofh 4LGeJtUl97n8f+uNOVkE/64NeRBAmIzrGT4OJFPMAZ/JqBtwXSTkjhQz+tfaDpDB0nWW d5ww== X-Gm-Message-State: APf1xPDOKh0a1migJph24+MMzxEeYPpc13vN94pLR7EujIDwyQFXvYYG osWzGfwy/1zX39W3U5ZMPmf3gWNyDms= X-Received: by 10.80.157.203 with SMTP id l11mr14026565edk.200.1519648578685; Mon, 26 Feb 2018 04:36:18 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:18 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:03 +0000 Message-Id: <1519648566-12061-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 09/12] optee: Add optee_verify_bootm_image() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 13 +++++++++++++ lib/optee/optee.c | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 2cc16d7..365c078 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,3 +29,23 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + return ret; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + ret = -EINVAL; + + return ret; +} From patchwork Mon Feb 26 12:36:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129642 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp160051lja; Mon, 26 Feb 2018 04:45:41 -0800 (PST) X-Google-Smtp-Source: AH8x225GyDI4DDT03bCAtrliSwrNAgk0RBOvDjj3wayRnZHZq4VCF8S5tHG2Rl9FoYRoaiDyhnKG X-Received: by 10.80.177.210 with SMTP id n18mr14462982edd.108.1519649141416; Mon, 26 Feb 2018 04:45:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519649141; cv=none; d=google.com; s=arc-20160816; b=1BMt7C8vF6E+dlK4D7bOK9Aj26eEPtQxaYjMr0Z+XQYQflR+CSrcYJCeONBzDbN8pk 4vbzBc1GiikishlRK7jELQC88Dc+nrTboY4L1hrfo/PcjBjdrfddeBEt9V9gVHhydwVg LD/oXkC8RfW11VIgc9mrbYO3/1cmEAf9eobGr/XTIVvgNnpicWrYT/pq0XnF5tVF179Z TQM0XE7SMpccl0XlH2IBgQsrNvO3WjbaEbSvUXXGr/V8YAyRy74J7Tk676rksU0AVs4P 7WhuUGYs+zOUkIssZM37+1pc5VHmL2jH7HaHiyjNlBV8KCZvPrlPAY9gpPhXly2bwQzF nX5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=k2G4x2/VptXi91LLzWj2/3r5duQgFPomWnrH9Y5Gw18=; b=zTuFpeeUWopZh2n/vLJoCSj6Fq0fjwCQwVrtrwNHsDkCw93QY6r39rFenEu/s93VZ5 n8AbB/c6P6sIzibYQHsyMtpUbmbGeCqXZatJb7caJuf6+FPNsgXvtGMHO4G9XiPzIeW9 YSfnePcl0D4nNZ0uf5Xz8N++NOj8ifbq/g7LDdio9KgR1C2VVA6a6flwT5e2Q+3y6/lD LmGiaFsOfkYe3cQ3HkmoLin3el3kMpHBz07PNOHaFlwIysiTl7s6gIz71fVY9OmdbMLb gfZUKE3bAwprCBl0kFZklHm5zGl/86PZ0iTKUJPrUtIpeBgJpxEA3OmHclbcLLzvlgjJ kwFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hOXEmnOf; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id g31si8339100edd.241.2018.02.26.04.45.41; Mon, 26 Feb 2018 04:45:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hOXEmnOf; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 12D8EC220EA; Mon, 26 Feb 2018 12:39:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id A8393C22128; Mon, 26 Feb 2018 12:37:18 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 88933C220E6; Mon, 26 Feb 2018 12:36:24 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 4E833C220E3 for ; Mon, 26 Feb 2018 12:36:20 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id w128so11161647wmw.0 for ; Mon, 26 Feb 2018 04:36:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=9l4y29YT9GA9C87v2s0KMfjVt7b/wQv5HyUsRKb+Koc=; b=hOXEmnOfxsEoL3jpSMo4k8sPxTTR0/Imv9/THuMs1ZEU+8rKMi/Cn4lHZA4BnMRK65 fN+iyuT+oi1JRf4vZJI0iNWJAn0X7bHVjipoAeN2kvDq3jADG+Sv5IXqGD9/IpuEtQWI TgxkVTMwYwul1f4v71hAdObqyCQMgs/XlL5OI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9l4y29YT9GA9C87v2s0KMfjVt7b/wQv5HyUsRKb+Koc=; b=SoA5vwKgAMGsMn+PWpvORvltAEKyDlwQ7gyahQ1fsnnCFQUvYsPV5Os4bqRj7mb5Ki KgZ+Ri+6u/4EwzzW8sskR/clhO69UXHTshsCF9BrCXgYwJQl8wwjJtetjFG/THxNicag F+25UUEMtfYwYCms3E6ysyeRghuF8OMEZSby61QLm0anxrJPWxStj8RV1r6bphzbKOJ0 2+RNTbbhBp68g5W/9ujx9LFLh3wZCRLR9KFqv9e7aAwzqdqfiRzkbeebVgeoq1Ti4I0N B7k1tNmhZ7P+b7ml4X6B2COEFlScNIyBPO62mskmjYug/Smog1xj4r7+2x8Gmm+W5h07 w7/Q== X-Gm-Message-State: APf1xPC8Kp2gHOrDtC7vMRGPkwf0EplHqNP5FECqNYhHGpOCWBtOmBsd nIL1T5RzXoXiuU1YYrajMpZOqMrZ5Zw= X-Received: by 10.80.241.25 with SMTP id w25mr14410266edl.62.1519648579730; Mon, 26 Feb 2018 04:36:19 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:19 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:04 +0000 Message-Id: <1519648566-12061-11-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 10/12] optee: Add error printout X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/optee.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 365c078..78a15e8 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -8,6 +8,12 @@ #include #include +#define optee_hdr_err_msg \ + "OPTEE verification error:" \ + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \ + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \ + "\n\tuimage params 0x%08lx-0x%08lx\n" + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { @@ -42,10 +48,19 @@ int optee_verify_bootm_image(unsigned long image_addr, ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); if (ret) - return ret; + goto error; - if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { ret = -EINVAL; + goto error; + } + + return ret; +error: + printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); return ret; } From patchwork Mon Feb 26 12:36:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129636 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp156005lja; Mon, 26 Feb 2018 04:40:40 -0800 (PST) X-Google-Smtp-Source: AG47ELugGWLAPbB+ILU8xUW3835gy59iwrHsK6DYq9lQ2KNFzcEbyZQAUOqv1VPYVneGHDYSEFnw X-Received: by 10.80.222.77 with SMTP id a13mr10502789edl.176.1519648840293; Mon, 26 Feb 2018 04:40:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648840; cv=none; d=google.com; s=arc-20160816; b=sqha/esmEJ79XqxvHnhcglmIBQFxci83cxeSjG5cHMRoxx59ZLfJsnDM4OkrLvSIdw O5bbAsV9rx8bhBFurD/pbb450Y6qG8ahqkqBpkSSw3Wne8ztoDwWlprncIJuJifTzsOi mATNq58fUHh5eccVd4wHsnTWbBLOp4jX8/lLrOsm4NNV0dDcCZFW/fZ95LHT2fT2orZ5 A7rbw3egGm1V6NfifswOLKznaqSrzYPm5qGSYZQzIyoA2odT1N2Vi74Z0MwN4k2qmDxf b3IOrltrAsUUb0ygAUpdIXZKAlHx5v7c+1R+Hr/kjcS+zTLPP9vAY+Gr8rcu3BdaXNbY wQxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=ex13RZzct18N40wXo6DGvzO6oijfoSlboEUjXG44mMQ=; b=OThu6gPNPrEinVBUlysFTBZcB1GUB4xe4r3EtLu18Lk27uNrI1RSgThRgoPTF+jD0y 3bB7UWoSODWqDQ237INY+BbqWSKrZeGxMC6qjUM8SkuqAcDHbviseGwhui32V5iKmf6B Dobwg7At4fKu7c7sRp3FID854E4my/F7JZAAcSOqhGdh1+cu3ofy0n1aM5hAJ2kh32kH gLdKrW5VE7ySraPOt9Bo7trKDbZxAS+Y7+boLZn/QWws6HJbAGJJ1Ai8iIL9T+VUdZ/1 uzoDwFYJ7T8BvbRQemSmgDQCDWjHeSJqk4kk8rP/6IEd0wuZtr7b6qsCYd2I+JimxYXG HSlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=N5lQOWKX; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id q6si9226324edc.17.2018.02.26.04.40.40; Mon, 26 Feb 2018 04:40:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=N5lQOWKX; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id BF0A1C220F7; Mon, 26 Feb 2018 12:40:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E3082C22122; Mon, 26 Feb 2018 12:37:27 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4BC30C22118; Mon, 26 Feb 2018 12:36:25 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 5C4DFC220C5 for ; Mon, 26 Feb 2018 12:36:21 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id h21so17136887wmd.1 for ; Mon, 26 Feb 2018 04:36:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=9ZcMRc8SBntseoaIVMS6azZkIlMR4wH0szSTketBFIA=; b=N5lQOWKXT2ZxRgIgV4yas3Ob96y78a4Nr2WPpwv1unV8iTRxfIhIcqBO+/M1iJ8bZP nQL5+FgrZ9teGKAkTQ97UcsavFYWMAktFqaKlQIJNgO++9aVOVQ7eL5yHhVpdVfVEaPm fec9JO6ehKMbxOSYaA1ntg71Sqgsn1wTYiDv8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9ZcMRc8SBntseoaIVMS6azZkIlMR4wH0szSTketBFIA=; b=Dyyv72hm1HG6eThEwIbXsO9+DVYXZ1SzaTH2ewDZVy7w4ljQAIPHUFbvGBqFVcpX+7 gkjNJ+Df4cMzk+AQNge6hYEaZZ8mrdVu4AGs6BbyGsT5WX6dmp5fDbaQ13M0zbAFes2v G9NsfS9Vey8igLqX7gQ/flwYmGzQ9HAe9IRuY/Vt893DjcT790wqXMfqNk37/CEebORz 72I3YvUz5Etk6mJPIKNh6ujnGGmEOkw9F28B0/FsfFsPaePpgYQjNR2BobA27GE0YMAz jKT+tFyupnjY39UnBc0N5opgYQXCGtwJUufVFbpgkWL0rQplGRNd8wDjvolRgnV7qN5a jP7g== X-Gm-Message-State: APf1xPDjwNACwyPiDq4hGAqFougHJbDGG6NCvtrLdzF9H3Q2Nl4+WBkt /EU/R05dNS4IJaH3/qsOerAqUNz7MSU= X-Received: by 10.80.212.43 with SMTP id t43mr14397906edh.53.1519648580707; Mon, 26 Feb 2018 04:36:20 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:20 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:05 +0000 Message-Id: <1519648566-12061-12-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 11/12] bootm: optee: Add mechanism to validate a bootable TEE image X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch makes it possible to verify the contents and location of an a bootable TEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index adb1213..3246ceb 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_TEE_BOOTABLE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_TEE_BOOTABLE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_TEE_BOOTABLE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break; From patchwork Mon Feb 26 12:36:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 129639 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp158180lja; Mon, 26 Feb 2018 04:43:17 -0800 (PST) X-Google-Smtp-Source: AH8x225BCat+g87ZE6Ivve0DZJaxUDvG5bMGVs6eMyJ6CcmuTMXUTyF2tTHdGaYhcknWlQovKk/n X-Received: by 10.80.128.230 with SMTP id 93mr14495968edb.34.1519648997097; Mon, 26 Feb 2018 04:43:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519648997; cv=none; d=google.com; s=arc-20160816; b=gIDncI1vcRLSbpaj5lzsSoM1oyyi+7nevDF1eHgoJi4kcqjS/anMbruF/Nux/4MDMQ f6Re02xPosIKU2gOXWHDhDkTFjc8gfuD3izs/idjxQj2ugHCRG656wPVhch2rkyFq9MJ 9SWPaqAyVJm83qFaYG4wopJRiNzm8ZvCdWGOLI2Ul6HCQOieJQasN7/QL0zBsKpTyDWL eztzWtUHpPYtyySrnSj83QeAYad/FGY1tVK8BNfVecspVdF/Rm0leFCchTaN/9SarTb3 NNBn1gl/3ykOAG2xxmF+WqeQugsqvhz3PgS2M2VlCAvfbhh8O1Z/QUaVKLQwOxluL1jX ZVKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:arc-authentication-results; bh=p1pAchWVyVbA1szBnI1xVJMvL+CaWurua7lfYc/1SF0=; b=NeabDRCsoInVrpS87lQzZr4Eowm3+6gWTCP86ClIb2tTYw6rbb5pPZos11qnchvlNx UL937lP15BxeFaNCMyhlrhdFmMymHHuHGmiiJ5mmPSA09h+gkaO/zaXa78tkgeQEJbEI D/heRnkUJocm0DfWkXYlBMZ/AeQwfz7KXXeXCXSTYustVUpzg1hU4Urubr7ZrhByyR/u h0yZ/kWt4vj0JhuDEnTNcdSDAEzurU/m8VQHPc6piWpZuq5Juoq80aFcW6ej1DiYwSpM IXaEBkuHjPc5cx6JfArLT+wth6kdotvto2FMHBWsif8vGUiUaboYVr8pst5OWpe7YLpt 32qA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=h51nroT+; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id j21si4976589ede.121.2018.02.26.04.43.16; Mon, 26 Feb 2018 04:43:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=h51nroT+; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 8D453C2211B; Mon, 26 Feb 2018 12:39:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id F0518C21EE4; Mon, 26 Feb 2018 12:37:09 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 02443C220D8; Mon, 26 Feb 2018 12:36:26 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 61119C220F4 for ; Mon, 26 Feb 2018 12:36:22 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id t6so8594234wmt.5 for ; Mon, 26 Feb 2018 04:36:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=W/4Je4ARO5mSf+RxarhWjebS2NEnLLkxfVU6nx/2kTU=; b=h51nroT+zlaraZFMmvDSl0L44COlbLZOI0pNYywKbEysPMupOY2JNc6UXg+zapplJ2 z7uj7C/O1PllsBF6Bl+1du4aUtPLP8kPR6WH+DbhTbF5pldBoaTkoGqZQIj8oFU5FRcV D8g8vgWYcVmlP5gCFLNu1+11wdY+VAj/u+TJg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=W/4Je4ARO5mSf+RxarhWjebS2NEnLLkxfVU6nx/2kTU=; b=GQdWc36+QCtlbjC0abEc5v11ut12H6UHe8UVirw5OJjmHBZ/SjAroDSingAf/DWjsc t4aqWandlMJYywRYGBb2WU9cMjN5KAa1TBlqpmTDFeQyzn3fJS8LLzrKip5xdFE3O0+E SpB2v822MUqluJngA9GPAN6Js0iVzHBMpPB+/ZzqNS5m82lD+wyV+hI0Fwpg6nyjJjtb ib75PCsmJC8UPmg01xXNEhW6FjSFghkuuhdLpYJRCLBThQSnqovB+RzUbxVofqMGfINY 4A1h9m+A63mRRLuccPwqOKyAwO+ITf64AX5fWCtAztW9/wXt0RtXr41As8Py+XRaMQW4 z3Bg== X-Gm-Message-State: APf1xPCEr3UeK1ir5Ch/YJ0baaVcgvg5WVBcPZtEXogbO1g8M23rz2BX xxElSmDQNzjumDYdQl58PRJ0GL6Reno= X-Received: by 10.80.139.2 with SMTP id l2mr14268255edl.14.1519648581822; Mon, 26 Feb 2018 04:36:21 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id f6sm2493967edn.45.2018.02.26.04.36.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 04:36:21 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com, harinarayan@ti.com, afd@ti.com, kever.yang@rock-chips.com, philipp.tomsich@theobroma-systems.com, peng.fan@nxp.com Date: Mon, 26 Feb 2018 12:36:06 +0000 Message-Id: <1519648566-12061-13-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> References: <1519648566-12061-1-git-send-email-bryan.odonoghue@linaro.org> Subject: [U-Boot] [PATCH v4 12/12] optee: Add CONFIG_OPTEE_LOAD_ADDR X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE binary into memory prior to handing off control to OPTEE. We need to pull this value out of u-boot in order to produce an IMX IVT/CSF signed pair for the purposes of secure boot. The best way to do that is to have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg. Adding new CONFIG entires to u-boot should be kconfig driven so this patch does just that. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- lib/optee/Kconfig | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 9e9ef39..541f10a 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,6 +6,12 @@ config OPTEE OPTEE-specific checks before booting an OPTEE image created with mkimage. +config OPTEE_LOAD_ADDR + hex "OPTEE load address" + default 0x00000000 + help + The load address of the bootable OPTEE binary. + config OPTEE_TZDRAM_SIZE hex "Amount of Trust-Zone RAM for the OPTEE image" depends on OPTEE