From patchwork Fri Jan 12 14:52:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 124356 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2156766qgn; Fri, 12 Jan 2018 06:59:23 -0800 (PST) X-Google-Smtp-Source: ACJfBov/btUGKr27UWNlOe8nJkyWQPLNv9aXjDYSPdVivISRXTpaQJc6Vrfx/D6r9PSpcQr/RdXl X-Received: by 10.80.146.182 with SMTP id k51mr8219383eda.110.1515769163214; Fri, 12 Jan 2018 06:59:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515769163; cv=none; d=google.com; s=arc-20160816; b=EbsD+Kr0KCryf4fERk9MJZoueLwO5s0ZKbRB+x0zhgxnrE20f6XSDt1qHyRECg0GK4 iRvJLkFBzwrvchX5bnMV8nBAPBXiCJ0anzMtD8yuc/2JZ2fDi+R6HF1FLZcLsLaw4LVv Is4WMkXngIFTyi/lWLaMF23GzfzyGhkd8MmGjaOZG6eM/9lePZIVZ0EO4pjDtX93ctAm uz3FI3tRDSUmNbNEAq8UcU+rY6A9QaLA7LBZ3bvY38NHoyq2kRrdGDD3Ut7MXXOBi4IW a7MHdvXqtKPJ/veWXM9xvlbVr3YiH5uAbE34pJEn+K7k2hvrmBIN9ZeCdH/GTAyZWGD1 q1rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=G+vVo1wXgiDDxseIrVnXhzoSkpIaG/Tzjhj9izxBfvg=; b=K4WWf140GKVvIINlhunDz0P2lmDAz3uY2kYZSc7sb181su4oLkHOtksy3ArCjLXSdX rGPzAb5Vez6v9xtjanltzpyb/0nViES05u0Lx4RVSHqF9xoSdZcYvQ+7AwP/G9WZ3gOc iz/At1L84ZMj4oK0k0fxk00xovEFeS+kPRxNJdmbUSIDwnw/uzSRtqymTEtZdzurRZcd aVAwdK7Shpu+mGK3Wu1kPRorxEHnlAMlY1xq+CT3uZ/pJbtWFN6ltyjFVW/qiexObLVK DNj7RX8JcAd/NbXFHBO6DkzOkQvtCSFnFBM7tV2GejBvjmp59rKAysbUO3g8dlGCg2gz 5USg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=b/fvc6Xj; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id h12si3126056edh.7.2018.01.12.06.59.22; Fri, 12 Jan 2018 06:59:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=b/fvc6Xj; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id D1248C21EE5; Fri, 12 Jan 2018 14:58:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D9D2AC2226D; Fri, 12 Jan 2018 14:52:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6BC7FC22277; Fri, 12 Jan 2018 14:52:37 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id DA90AC22250 for ; Fri, 12 Jan 2018 14:52:33 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id g75so12723299wme.0 for ; Fri, 12 Jan 2018 06:52:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0ucIUJGgY8p4jAHMKel7XlEPhJpmx9MAQOllS3lTJ78=; b=b/fvc6Xjgrg3IJbFEkJjHCWWzLw+I0ul7SJwmm9yge/m2a8w6A77m6kTg6FAMJbvPl 2SMDHvQA/ZfPD9T9wZ+jnPN4DY1nQj4zhKC/sK9oCvVYkW6YldIWPhXckFGz25cgkhap DHZRKfeYzB7Q/t4yY5cWB2JuQHS7A9w4BeGoY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0ucIUJGgY8p4jAHMKel7XlEPhJpmx9MAQOllS3lTJ78=; b=P8f2F9WHIRE++3tKnaityNyTChDBVFRCc8NSrEC3BDp043yl/Tiqpf7tF5aSz6qVGo NvpmUCYOQTleYgOIWno3JFf0q2H0dCcfIrAd/TKHlH6PyI89zfpUvJbCet79q6OfWF1h rC1aZtUiB4GWQKWqBQFLmL5f4xXPH6Zwoj+aJlykvaJUz/0HkZ1XjBbOf2bBxDIpyHKt yurtcx8nt0nybE5nTG45I0EwCE+JCG4xudQe5cVVnTExo12q1+8bUL3bN4w+SiR5oJWi xcz/blB2h+HiVXLdsuA2wDpYg7UN50mpSEuCsZLTBVW2YPYEumKHmPK5y1zgoYXiogy1 +5QQ== X-Gm-Message-State: AKwxyteE1BM5H3+tF9eeW8TXU7PpmxeleEEIeKoP72xOMdbZ50q+lser dUeCUNZsb4vfLG0g3KVgF+BKdKb+aDc= X-Received: by 10.80.145.154 with SMTP id g26mr1679810eda.297.1515768753328; Fri, 12 Jan 2018 06:52:33 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id d20sm1318629ede.16.2018.01.12.06.52.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 06:52:32 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Fri, 12 Jan 2018 14:52:22 +0000 Message-Id: <1515768744-25246-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> Cc: trini@konsulko.com, harinarayan@ti.com Subject: [U-Boot] [PATCH 7/9] optee: Add optee_verify_bootm_image() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 13 +++++++++++++ lib/optee/optee.c | 35 +++++++++++++++++++++++++++++++---- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 6e55027..36358f1 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,12 +29,39 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, (tee_file_size > tzdram_len) || (tee_file_size != image_len) || ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) { - printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " - "header lo=0x%08x hi=0x%08x size=0x%08x\n", - tzdram_start, tzdram_end, hdr->init_load_addr_lo, - hdr->init_load_addr_hi, tee_file_size); return -EINVAL; } return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + goto error; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { + ret = -EINVAL; + goto error; + } + + return ret; +error: + printf("OPTEE verification error tzdram 0x%08lx-0x%08lx " + "header 0x%08x-0x%08x size=0x%08lx arch=0x%08x" + "uimage params 0x%08lx-0x%08lx\n", + tzdram_start, tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); + + return ret; +}