@@ -10,6 +10,8 @@
#ifndef _OPTEE_H
#define _OPTEE_H
+#include <linux/errno.h>
+
#define OPTEE_MAGIC 0x4554504f
#define OPTEE_VERSION 1
#define OPTEE_ARCH_ARM32 0
@@ -27,4 +29,18 @@ struct optee_header {
uint32_t paged_size;
};
+#if defined(CONFIG_OPTEE)
+int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
+ unsigned long tzdram_len, unsigned long image_len);
+#else
+static inline int optee_verify_image(struct optee_header *hdr,
+ unsigned long tzdram_start,
+ unsigned long tzdram_len,
+ unsigned long image_len)
+{
+ return -EPERM;
+}
+
+#endif
+
#endif /* _OPTEE_H */
@@ -278,5 +278,6 @@ endmenu
source lib/efi/Kconfig
source lib/efi_loader/Kconfig
+source lib/optee/Kconfig
endmenu
@@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/
obj-$(CONFIG_OF_LIVE) += of_live.o
obj-$(CONFIG_CMD_DHRYSTONE) += dhry/
obj-$(CONFIG_ARCH_AT91) += at91/
+obj-$(CONFIG_OPTEE) += optee/
obj-$(CONFIG_AES) += aes.o
obj-y += charset.o
new file mode 100644
@@ -0,0 +1,8 @@
+config OPTEE
+ bool "Support OPTEE images"
+ help
+ U-Boot can be configured to boot OPTEE images.
+ Selecting this option will enable shared OPTEE library code and
+ enable an OPTEE specific bootm command that will perform additional
+ OPTEE specific checks before booting an OPTEE image created with
+ mkimage.
new file mode 100644
@@ -0,0 +1,7 @@
+#
+# (C) Copyright 2017 Linaro
+#
+# SPDX-License-Identifier: GPL-2.0+
+#
+
+obj-$(CONFIG_OPTEE) += optee.o
new file mode 100644
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2017 Linaro
+ * Bryan O'Donoghue <bryan.odonoghue@linaro.org>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <tee/optee.h>
+
+int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
+ unsigned long tzdram_len, unsigned long image_len)
+{
+ unsigned long tzdram_end = tzdram_start + tzdram_len;
+ uint32_t tee_file_size;
+
+ tee_file_size = hdr->init_size + hdr->paged_size +
+ sizeof(struct optee_header);
+
+ if ((hdr->magic != OPTEE_MAGIC) ||
+ (hdr->version != OPTEE_VERSION) ||
+ (hdr->init_load_addr_hi > tzdram_end) ||
+ (hdr->init_load_addr_lo < tzdram_start) ||
+ (tee_file_size > tzdram_len) ||
+ (tee_file_size != image_len) ||
+ ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) {
+ printf("OPTEE verification error tzdram 0x%08lx-0x%08lx "
+ "header lo=0x%08x hi=0x%08x size=0x%08x\n",
+ tzdram_start, tzdram_end, hdr->init_load_addr_lo,
+ hdr->init_load_addr_hi, tee_file_size);
+ return -EINVAL;
+ }
+
+ return 0;
+}
This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com> --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 35 +++++++++++++++++++++++++++++++++++ 6 files changed, 68 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c