bootm: optee: Add a bootm command for type IH_OS_TEE

This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Andrew F. Davis <afd@ti.com> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com>

bootm: optee: Add a bootm command for type IH_OS_TEE
This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Andrew F. Davis <afd@ti.com> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com>
Bryan O'Donoghue · Tom Rini
1 parent 45b55712d4
Showing 2 changed files with 41 additions and 0 deletions Side-by-side Diff
common/bootm_os.c
lib/optee/Kconfig
@@ -11,6 +11,7 @@
 #include <linux/libfdt.h>
 #include <malloc.h>
 #include <vxworks.h>
+#include <tee/optee.h>
  
 DECLARE_GLOBAL_DATA_PTR;
  
@@ -433,6 +434,34 @@
 }
 #endif
  
+#ifdef CONFIG_BOOTM_OPTEE
+static int do_bootm_tee(int flag, int argc, char * const argv[],
+			bootm_headers_t *images)
+{
+	int ret;
+
+	/* Verify OS type */
+	if (images->os.os != IH_OS_TEE) {
+		return 1;
+	};
+
+	/* Validate OPTEE header */
+	ret = optee_verify_bootm_image(images->os.image_start,
+				       images->os.load,
+				       images->os.image_len);
+	if (ret)
+		return ret;
+
+	/* Locate FDT etc */
+	ret = bootm_find_images(flag, argc, argv);
+	if (ret)
+		return ret;
+
+	/* From here we can run the regular linux boot path */
+	return do_bootm_linux(flag, argc, argv, images);
+}
+#endif
+
 static boot_os_fn *boot_os[] = {
 	[IH_OS_U_BOOT] = do_bootm_standalone,
 #ifdef CONFIG_BOOTM_LINUX
@@ -465,6 +494,9 @@
 #endif
 #ifdef CONFIG_BOOTM_OPENRTOS
 	[IH_OS_OPENRTOS] = do_bootm_openrtos,
+#endif
+#ifdef CONFIG_BOOTM_OPTEE
+	[IH_OS_TEE] = do_bootm_tee,
 #endif
 };
  
@@ -28,4 +28,13 @@
 	help
 	  The base address of pre-allocated Trust Zone DRAM for
 	  the OPTEE runtime.
+
+config BOOTM_OPTEE
+	bool "Support OPTEE bootm command"
+	select BOOTM_LINUX
+	default n
+	help
+	  Select this command to enable chain-loading of a Linux kernel
+	  via an OPTEE firmware.
+	  The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case.
...	...	@@ -11,6 +11,7 @@
11	11	#include <linux/libfdt.h>
12	12	#include <malloc.h>
13	13	#include <vxworks.h>
	14	+#include <tee/optee.h>
14	15
15	16	DECLARE_GLOBAL_DATA_PTR;
16	17
...	...	@@ -433,6 +434,34 @@
433	434	}
434	435	#endif
435	436
	437	+#ifdef CONFIG_BOOTM_OPTEE
	438	+static int do_bootm_tee(int flag, int argc, char * const argv[],
	439	+ bootm_headers_t *images)
	440	+{
	441	+ int ret;
	442	+
	443	+ /* Verify OS type */
	444	+ if (images->os.os != IH_OS_TEE) {
	445	+ return 1;
	446	+ };
	447	+
	448	+ /* Validate OPTEE header */
	449	+ ret = optee_verify_bootm_image(images->os.image_start,
	450	+ images->os.load,
	451	+ images->os.image_len);
	452	+ if (ret)
	453	+ return ret;
	454	+
	455	+ /* Locate FDT etc */
	456	+ ret = bootm_find_images(flag, argc, argv);
	457	+ if (ret)
	458	+ return ret;
	459	+
	460	+ /* From here we can run the regular linux boot path */
	461	+ return do_bootm_linux(flag, argc, argv, images);
	462	+}
	463	+#endif
	464	+
436	465	static boot_os_fn *boot_os[] = {
437	466	[IH_OS_U_BOOT] = do_bootm_standalone,
438	467	#ifdef CONFIG_BOOTM_LINUX
...	...	@@ -465,6 +494,9 @@
465	494	#endif
466	495	#ifdef CONFIG_BOOTM_OPENRTOS
467	496	[IH_OS_OPENRTOS] = do_bootm_openrtos,
	497	+#endif
	498	+#ifdef CONFIG_BOOTM_OPTEE
	499	+ [IH_OS_TEE] = do_bootm_tee,
468	500	#endif
469	501	};
470	502
...	...	@@ -28,4 +28,13 @@
28	28	help
29	29	The base address of pre-allocated Trust Zone DRAM for
30	30	the OPTEE runtime.
	31	+
	32	+config BOOTM_OPTEE
	33	+ bool "Support OPTEE bootm command"
	34	+ select BOOTM_LINUX
	35	+ default n
	36	+ help
	37	+ Select this command to enable chain-loading of a Linux kernel
	38	+ via an OPTEE firmware.
	39	+ The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case.