@@ -10,6 +10,8 @@
#ifndef _OPTEE_H
#define _OPTEE_H
+#include <linux/errno.h>
+
#define OPTEE_MAGIC 0x4554504f
#define OPTEE_VERSION 1
#define OPTEE_ARCH_ARM32 0
@@ -27,4 +29,18 @@ struct optee_header {
uint32_t paged_size;
};
+#if defined(CONFIG_OPTEE)
+int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
+ unsigned long tzdram_len, unsigned long image_len);
+#else
+static inline int optee_verify_image(struct optee_header *hdr,
+ unsigned long tzdram_start,
+ unsigned long tzdram_len,
+ unsigned long image_len)
+{
+ return -EPERM;
+}
+
+#endif
+
#endif /* _OPTEE_H */
@@ -310,5 +310,6 @@ endmenu
source lib/efi/Kconfig
source lib/efi_loader/Kconfig
+source lib/optee/Kconfig
endmenu
@@ -18,6 +18,7 @@ obj-$(CONFIG_FIT) += libfdt/
obj-$(CONFIG_OF_LIVE) += of_live.o
obj-$(CONFIG_CMD_DHRYSTONE) += dhry/
obj-$(CONFIG_ARCH_AT91) += at91/
+obj-$(CONFIG_OPTEE) += optee/
obj-$(CONFIG_AES) += aes.o
obj-y += charset.o
new file mode 100644
@@ -0,0 +1,8 @@
+config OPTEE
+ bool "Support OPTEE images"
+ help
+ U-Boot can be configured to boot OPTEE images.
+ Selecting this option will enable shared OPTEE library code and
+ enable an OPTEE specific bootm command that will perform additional
+ OPTEE specific checks before booting an OPTEE image created with
+ mkimage.
new file mode 100644
@@ -0,0 +1,7 @@
+#
+# (C) Copyright 2017 Linaro
+#
+# SPDX-License-Identifier: GPL-2.0+
+#
+
+obj-$(CONFIG_OPTEE) += optee.o
new file mode 100644
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2017 Linaro
+ * Bryan O'Donoghue <bryan.odonoghue@linaro.org>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <tee/optee.h>
+
+int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
+ unsigned long tzdram_len, unsigned long image_len)
+{
+ unsigned long tzdram_end = tzdram_start + tzdram_len;
+ uint32_t tee_file_size;
+
+ tee_file_size = hdr->init_size + hdr->paged_size +
+ sizeof(struct optee_header);
+
+ if (hdr->magic != OPTEE_MAGIC ||
+ hdr->version != OPTEE_VERSION ||
+ hdr->init_load_addr_hi > tzdram_end ||
+ hdr->init_load_addr_lo < tzdram_start ||
+ tee_file_size > tzdram_len ||
+ tee_file_size != image_len ||
+ (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) {
+ return -EINVAL;
+ }
+
+ return 0;
+}