31 Jan, 2020
1 commit
-
As hinted by GCC 9, there is a return statement that returns
an uninitialized variable in optee_copy_firmware_node().
This patch addresses this.Signed-off-by: Christoph Müllner
Reviewed-by: Heiko Stuebner
18 Jan, 2020
1 commit
-
These three globals relate to image handling. Move them to the image
header file.Signed-off-by: Simon Glass
14 Nov, 2019
1 commit
-
The loading convention for optee or any other tee on arm64 is as bl32
parameter to the trusted-firmware. So TF-A gets invoked with the TEE as
bl32 and main u-boot as bl33. Once it has done its startup TF-A jumps
into the bl32 for the TEE startup, returns to TF-A and then jumps to bl33.All of them get passed a devicetree as parameter and all components often
get loaded from a FIT image.OP-TEE will create additional nodes in that devicetree namely a firmware
node and possibly multiple reserved-memory nodes.While this devicetree is used in main u-boot, in most cases it won't be
the one passed to the actual kernel. Instead most boot commands will load
a new devicetree from somewhere like mass storage of the network, so if
that happens u-boot should transfer the optee nodes to that new devicetree.To make that happen introduce optee_copy_fdt_nodes() called from the dt
setup function in image-fdt which after checking for the optee presence
in the u-boot dt will make sure a optee node is present in the kernel dt
and transfer any reserved-memory regions it can find.Signed-off-by: Heiko Stuebner
Reviewed-by: Jens Wiklander
19 Jul, 2019
1 commit
-
Commit c7b3a7ee5351 ("optee: adjust dependencies and default values for
dram") makes the TZDRAM defines for OPTEE show up for all configs as a
side-effect. While not harmful its not what we really want.This patch makes the following defines contingent on CONFIG_OPTEE=y
CONFIG_OPTEE_TZDRAM_BASE
CONFIG_OPTEE_TZDRAM_SIZERightly, if you don't have CONFIG_OPTEE=y you don't care about the above
two defines.Signed-off-by: Bryan O'Donoghue
Cc: Rui Miguel Silva
Acked-by: Rui Miguel Silva
22 Oct, 2018
1 commit
-
We may have, the not yet considered, scenario where OPTEE is loaded before
u-boot and *not* by u-boot, e.g, the boot flow using the ARM Trusted
Firmware (ATF), where in the 32bit flow is:
BootRom->ATF(BL2)->Optee(BL32)->u-boot(BL33)In this case we need still to reserve the memory used by optee, to avoid
for example to realocate ourself to the same address at the end of DRAM.
So, we change here the dependencies on the OPTEE lib and we set the default
size and base of TZRAM to zero.Signed-off-by: Rui Miguel Silva
Signed-off-by: Bryan O'Donoghue
Cc: Fabio Estevam
Cc: Ryan Harkin
Cc: u-boot@lists.denx.de
07 May, 2018
1 commit
-
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.Signed-off-by: Tom Rini
20 Mar, 2018
7 commits
-
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.Signed-off-by: Bryan O'Donoghue
Suggested-by: Andrew F. Davis
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan -
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan
Tested-by: Peng Fan -
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan -
CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE
binary into memory prior to handing off control to OPTEE.We need to pull this value out of u-boot in order to produce an IMX IVT/CSF
signed pair for the purposes of secure boot. The best way to do that is to
have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg.Adding new CONFIG entires to u-boot should be kconfig driven so this patch
does just that.Signed-off-by: Bryan O'Donoghue
Reviewed-by: Ryan Harkin -
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default address of TrustZone
DRAM that a board-port can over-ride. The region that U-Boot sets aside for
the OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
address specified in the OPTEE build and the TZDRAM address specified in
U-Boot match-up.Further patches will use TZDRAM address with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich -
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM
that a board-port can over-ride. The region that U-Boot sets aside for the
OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
size specified in the OPTEE build and the TZDRAM size specified in U-Boot
match-up.Further patches will use TZDRAM size with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan
Tested-by: Peng Fan -
This patch adds code to lib to enable sharing of useful OPTEE code between
board-ports and architectures. The code on lib/optee/optee.c comes from the
TI omap2 port. Eventually the OMAP2 code will be patched to include the
shared code. The intention here is to add more useful OPTEE specific code
as more functionality gets added.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan
Tested-by: Peng Fan