This patch adds support for bootable TEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location control is passed to the TEE and then the TEE returns to u-boot.
flow #0: BootROM -> u-boot -> tee -> u-boot -> onwards
For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7 the boot flow is
flow #1: BootROM -> u-boot -> optee -> kernel
This patch adds a new image type to mkimage - IH_TYPE_TEE_BOOTABLE to reflect this TEE boot flow and to facilitate additional OPTEE specific verification of that image type - prior to handing control to that image.
The new image type enables us to more easily generate and validate a bootable OPTEE image also, for example instead of generating an OPTEE image like this:
mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d ./out/arm-plat-imx/core/tee.bin uTee
we can instead generate images like this: mkimage -A arm -T tee-bootable -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
That OPTEE image then will have a specific image type that bootm can automatically identify and consequently perform additional optee-header checks on.
Subsequent patches add logic to perform those optee-specific changes prior to handing over control as described in flow #1 above.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Link: http://mrvan.github.io/optee-imx6ul Tested-by: Peng Fan peng.fan@nxp.com --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 25 +++++++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/common/image.c b/common/image.c index e9609cd..e7785ce 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC, "pmmc", "TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_TEE_BOOTABLE, "tee-bootable", "Trusted Execution Environment Bootable Image",}, { -1, "", "", }, };
diff --git a/include/image.h b/include/image.h index a2372de..d2c47ef 100644 --- a/include/image.h +++ b/include/image.h @@ -272,6 +272,7 @@ enum { IH_TYPE_TEE, /* Trusted Execution Environment (TEE) OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ + IH_TYPE_TEE_BOOTABLE, /* TEE Bootable Image */
IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..fc0b0c0 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h"
#include <image.h> +#include <tee/optee.h> #include <u-boot/crc.h>
static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_TEE_BOOTABLE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr;
image_header_t * hdr = (image_header_t *)ptr;
@@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t));
time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_TEE_BOOTABLE: + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + break; + }
/* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch);