[U-Boot] [PATCH v5 1/2] spl: add support to booting with OP-TEE
OP-TEE is an open source trusted OS, in armv7, its loading and running are like this: loading: - SPL load both OP-TEE and U-Boot running: - SPL run into OP-TEE in secure mode; - OP-TEE run into U-Boot in non-secure mode;
To make code simple, it would be fine to use IH_OS_TEE for the os tyle in TPL(just like IH_OS_LINUX is using both in SPL and U-Boot).
Here is the diagram for SPL loading OP-TEE, IH_OS_TEE:(make u-boot.itb for SPL) Non-Secure Secure
BootROM | v SPL | v --------- OP-TEE | v U-Boot | V Linux For other two king of OP-TEE loading/booting, see commit message: 45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
More detail: https://github.com/OP-TEE/optee_os and search for 'boot arguments' for detail entry parameter in: core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang kever.yang@rock-chips.com Cc: Bryan O'Donoghue bryan.odonoghue@linaro.org ---
Changes in v5: - Split the patch out from rk3229 seris - Use IH_OS_TEE instead of IH_OS_OP-TEE
Changes in v4: - use NULL instead of '0' - add fdt_addr as arg2 of entry
Changes in v2: - Using new image type for op-tee
common/spl/Kconfig | 7 +++++++ common/spl/Makefile | 1 + common/spl/spl.c | 7 +++++++ common/spl/spl_optee.S | 12 ++++++++++++ include/spl.h | 13 +++++++++++++ 5 files changed, 40 insertions(+) create mode 100644 common/spl/spl_optee.S
diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 99c9053ab8..db1915fe5c 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -799,6 +799,13 @@ config SPL_AM33XX_ENABLE_RTC32K_OSC Enable access to the AM33xx RTC and select the external 32kHz clock source.
+config SPL_OPTEE + bool "Support OP-TEE Trusted OS" + depends on ARM + help + OP-TEE is an open source Trusted OS which is loaded by SPL. + More detail at: https://github.com/OP-TEE/optee_os + config TPL bool depends on SUPPORT_TPL diff --git a/common/spl/Makefile b/common/spl/Makefile index 814081feda..a130a5be4b 100644 --- a/common/spl/Makefile +++ b/common/spl/Makefile @@ -21,6 +21,7 @@ obj-$(CONFIG_$(SPL_TPL_)UBI) += spl_ubi.o obj-$(CONFIG_$(SPL_TPL_)NET_SUPPORT) += spl_net.o obj-$(CONFIG_$(SPL_TPL_)MMC_SUPPORT) += spl_mmc.o obj-$(CONFIG_$(SPL_TPL_)ATF) += spl_atf.o +obj-$(CONFIG_$(SPL_TPL_)OPTEE) += spl_optee.o obj-$(CONFIG_$(SPL_TPL_)USB_SUPPORT) += spl_usb.o obj-$(CONFIG_$(SPL_TPL_)FAT_SUPPORT) += spl_fat.o obj-$(CONFIG_$(SPL_TPL_)EXT_SUPPORT) += spl_ext.o diff --git a/common/spl/spl.c b/common/spl/spl.c index a1e7b9fa91..482f6e53ef 100644 --- a/common/spl/spl.c +++ b/common/spl/spl.c @@ -529,6 +529,13 @@ void board_init_r(gd_t *dummy1, ulong dummy2) spl_invoke_atf(&spl_image); break; #endif +#if CONFIG_IS_ENABLED(OPTEE) + case IH_OS_TEE: + debug("Jumping to U-Boot via OP-TEE\n"); + spl_optee_entry(NULL, NULL, spl_image.fdt_addr, + (void *)spl_image.entry_point); + break; +#endif #ifdef CONFIG_SPL_OS_BOOT case IH_OS_LINUX: debug("Jumping to Linux\n"); diff --git a/common/spl/spl_optee.S b/common/spl/spl_optee.S new file mode 100644 index 0000000000..86fc398546 --- /dev/null +++ b/common/spl/spl_optee.S @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2017 Rockchip Electronic Co.,Ltd + */ + +#include <linux/linkage.h> +#include <asm/assembler.h> + +ENTRY(spl_optee_entry) + ldr lr, =CONFIG_SYS_TEXT_BASE + mov pc, r3 +ENDPROC(spl_optee_entry) diff --git a/include/spl.h b/include/spl.h index 86287874e1..d9145ad6dc 100644 --- a/include/spl.h +++ b/include/spl.h @@ -288,6 +288,19 @@ int spl_mmc_load_image(struct spl_image_info *spl_image, */ void spl_invoke_atf(struct spl_image_info *spl_image);
+/** + * spl_optee_entry - entry function for optee + * + * args defind in op-tee project + * https://github.com/OP-TEE/optee_os/ + * core/arch/arm/kernel/generic_entry_a32.S + * @arg0: pagestore + * @arg1: (ARMv7 standard bootarg #1) + * @arg2: device tree address, (ARMv7 standard bootarg #2) + * @arg3: non-secure entry address (ARMv7 bootarg #0) + */ +void spl_optee_entry(void *arg0, void *arg1, void *arg2, void *arg3); + /** * board_return_to_bootrom - allow for boards to continue with the boot ROM *
We package U-Boot and OP-TEE into one itb file for SPL, so that we can support OP-TEE in SPL.
Signed-off-by: Kever Yang kever.yang@rock-chips.com Acked-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com Reviewed-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com ---
Changes in v5: - use 'tee' instead of 'op-tee' as os type
Changes in v4: None Changes in v2: - Make the its as common file used for all armv7 with op-tee
arch/arm/mach-rockchip/fit_spl_optee.its | 50 ++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 arch/arm/mach-rockchip/fit_spl_optee.its
diff --git a/arch/arm/mach-rockchip/fit_spl_optee.its b/arch/arm/mach-rockchip/fit_spl_optee.its new file mode 100644 index 0000000000..9be4b3c8d2 --- /dev/null +++ b/arch/arm/mach-rockchip/fit_spl_optee.its @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2017 Rockchip Electronic Co.,Ltd + * + * Simple U-boot fit source file containing U-Boot, dtb and optee + */ + +/dts-v1/; + +/ { + description = "Simple image with OP-TEE support"; + #address-cells = <1>; + + images { + uboot@1 { + description = "U-Boot"; + data = /incbin/("../../../u-boot-nodtb.bin"); + type = "standalone"; + os = "U-Boot"; + arch = "arm"; + compression = "none"; + load = <0x61000000>; + }; + optee@1 { + description = "OP-TEE"; + data = /incbin/("../../../tee.bin"); + type = "firmware"; + arch = "arm"; + os = "tee"; + compression = "none"; + load = <0x68400000>; + entry = <0x68400000>; + }; + fdt@1 { + description = "dtb"; + data = /incbin/("../../../u-boot.dtb"); + type = "flat_dt"; + compression = "none"; + }; + }; + + configurations { + default = "conf@1"; + conf@1 { + description = "Rockchip armv7 with OP-TEE"; + firmware = "optee@1"; + loadables = "uboot@1"; + fdt = "fdt@1"; + }; + }; +};
We package U-Boot and OP-TEE into one itb file for SPL, so that we can support OP-TEE in SPL.
Signed-off-by: Kever Yang kever.yang@rock-chips.com Acked-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com Reviewed-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com
Changes in v5:
- use 'tee' instead of 'op-tee' as os type
Changes in v4: None Changes in v2:
- Make the its as common file used for all armv7 with op-tee
arch/arm/mach-rockchip/fit_spl_optee.its | 50 ++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 arch/arm/mach-rockchip/fit_spl_optee.its
Applied to u-boot-rockchip, thanks!
OP-TEE is an open source trusted OS, in armv7, its loading and running are like this: loading:
- SPL load both OP-TEE and U-Boot
running:
- SPL run into OP-TEE in secure mode;
- OP-TEE run into U-Boot in non-secure mode;
To make code simple, it would be fine to use IH_OS_TEE for the os tyle in TPL(just like IH_OS_LINUX is using both in SPL and U-Boot).
Here is the diagram for SPL loading OP-TEE, IH_OS_TEE:(make u-boot.itb for SPL) Non-Secure Secure
BootROM | v SPL | v --------- OP-TEE | v U-Boot | V LinuxFor other two king of OP-TEE loading/booting, see commit message: 45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
More detail: https://github.com/OP-TEE/optee_os and search for 'boot arguments' for detail entry parameter in: core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang kever.yang@rock-chips.com Cc: Bryan O'Donoghue bryan.odonoghue@linaro.org
Changes in v5:
- Split the patch out from rk3229 seris
- Use IH_OS_TEE instead of IH_OS_OP-TEE
Changes in v4:
- use NULL instead of '0'
- add fdt_addr as arg2 of entry
Changes in v2:
- Using new image type for op-tee
common/spl/Kconfig | 7 +++++++ common/spl/Makefile | 1 + common/spl/spl.c | 7 +++++++ common/spl/spl_optee.S | 12 ++++++++++++ include/spl.h | 13 +++++++++++++ 5 files changed, 40 insertions(+) create mode 100644 common/spl/spl_optee.S
Reviewed-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com
OP-TEE is an open source trusted OS, in armv7, its loading and running are like this: loading:
- SPL load both OP-TEE and U-Boot
running:
- SPL run into OP-TEE in secure mode;
- OP-TEE run into U-Boot in non-secure mode;
To make code simple, it would be fine to use IH_OS_TEE for the os tyle in TPL(just like IH_OS_LINUX is using both in SPL and U-Boot).
Here is the diagram for SPL loading OP-TEE, IH_OS_TEE:(make u-boot.itb for SPL) Non-Secure Secure
BootROM | v SPL | v --------- OP-TEE | v U-Boot | V LinuxFor other two king of OP-TEE loading/booting, see commit message: 45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
More detail: https://github.com/OP-TEE/optee_os and search for 'boot arguments' for detail entry parameter in: core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang kever.yang@rock-chips.com Cc: Bryan O'Donoghue bryan.odonoghue@linaro.org Reviewed-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com
Changes in v5:
- Split the patch out from rk3229 seris
- Use IH_OS_TEE instead of IH_OS_OP-TEE
Changes in v4:
- use NULL instead of '0'
- add fdt_addr as arg2 of entry
Changes in v2:
- Using new image type for op-tee
common/spl/Kconfig | 7 +++++++ common/spl/Makefile | 1 + common/spl/spl.c | 7 +++++++ common/spl/spl_optee.S | 12 ++++++++++++ include/spl.h | 13 +++++++++++++ 5 files changed, 40 insertions(+) create mode 100644 common/spl/spl_optee.S
Applied to u-boot-rockchip, thanks!
participants (2)
-
Kever Yang -
Philipp Tomsich