22 Oct, 2018
1 commit
-
We may have, the not yet considered, scenario where OPTEE is loaded before
u-boot and *not* by u-boot, e.g, the boot flow using the ARM Trusted
Firmware (ATF), where in the 32bit flow is:
BootRom->ATF(BL2)->Optee(BL32)->u-boot(BL33)In this case we need still to reserve the memory used by optee, to avoid
for example to realocate ourself to the same address at the end of DRAM.
So, we change here the dependencies on the OPTEE lib and we set the default
size and base of TZRAM to zero.Signed-off-by: Rui Miguel Silva
Signed-off-by: Bryan O'Donoghue
Cc: Fabio Estevam
Cc: Ryan Harkin
Cc: u-boot@lists.denx.de
07 May, 2018
1 commit
-
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.Signed-off-by: Tom Rini
20 Mar, 2018
7 commits
-
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.Signed-off-by: Bryan O'Donoghue
Suggested-by: Andrew F. Davis
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan -
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan
Tested-by: Peng Fan -
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan -
CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE
binary into memory prior to handing off control to OPTEE.We need to pull this value out of u-boot in order to produce an IMX IVT/CSF
signed pair for the purposes of secure boot. The best way to do that is to
have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg.Adding new CONFIG entires to u-boot should be kconfig driven so this patch
does just that.Signed-off-by: Bryan O'Donoghue
Reviewed-by: Ryan Harkin -
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default address of TrustZone
DRAM that a board-port can over-ride. The region that U-Boot sets aside for
the OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
address specified in the OPTEE build and the TZDRAM address specified in
U-Boot match-up.Further patches will use TZDRAM address with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich -
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM
that a board-port can over-ride. The region that U-Boot sets aside for the
OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
size specified in the OPTEE build and the TZDRAM size specified in U-Boot
match-up.Further patches will use TZDRAM size with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan
Tested-by: Peng Fan -
This patch adds code to lib to enable sharing of useful OPTEE code between
board-ports and architectures. The code on lib/optee/optee.c comes from the
TI omap2 port. Eventually the OMAP2 code will be patched to include the
shared code. The intention here is to add more useful OPTEE specific code
as more functionality gets added.Signed-off-by: Bryan O'Donoghue
Cc: Harinarayan Bhatta
Cc: Andrew F. Davis
Cc: Tom Rini
Cc: Kever Yang
Cc: Philipp Tomsich
Cc: Peng Fan
Tested-by: Peng Fan