[U-Boot] [PATCH v3 0/9] Add new OPTEE bootm support to u-boot
v3:
- Rework printout to be added at the end as opposed to churn over three separate patches - Andrew
- Reword patch 006 to better explain the thinking behind new image type - Andrew
v2: - Added CONFIG_OPTEE_TZDRAM_BASE instead of #ifndef OPTEE_TZDRAM_BASE as an error. - Tom Rini
- Added Tested-by: Peng Fan peng.fan@nxp.com - as indicated
- Added better explanation text to patch 6/9 "tools: mkimage: add optee image type"
- Fixed some checkpatch warnings in optee.c
v1: This series adds a new OPTEE bootable image type to u-boot, which is directly bootable with the bootm command.
There is already a TEE image type but, in this case the TEE firmware is loaded into RAM, jumped into and then back out of. This image type is a directly bootable image as described here : http://mrvan.github.io/optee-imx6ul
Instead of reusing the Linux bootable image type instead a new image type is defined, which allows us to perform additional image verification, prior to handing off control via bootm.
OPTEE images get linked to a specific address at compile time and must be loaded to this address too. This series extends out mkimage with a new image type that allows the OPTEE binary link location to be validated against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively prior to proceeding through the bootm phase.
Once applied you can generate a bootable OPTEE image like this
mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
That image can then be booted directly by bootm. bootm will verify the header contents of the OPTEE binary against the DRAM area carved out in u-boot. If the defined DRAM area does not match the link address specified we refuse to boot.
Kever - I'd like to suggest that your OPTEE SPL image takes a different image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your image type has versus a directly bootable bootm image.
Bryan O'Donoghue (9): optee: Add lib entries for sharing OPTEE code across ports optee: Add CONFIG_OPTEE_TZDRAM_SIZE optee: Add CONFIG_OPTEE_TZDRAM_BASE optee: Add optee_image_get_entry_point() optee: Add optee_image_get_load_addr() tools: mkimage: add optee image type optee: Add optee_verify_bootm_image() optee: Add error printout bootm: optee: Add mechanism to validate an OPTEE image before boot
common/bootm.c | 11 ++++++++- common/image.c | 1 + include/image.h | 1 + include/tee/optee.h | 41 ++++++++++++++++++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 24 +++++++++++++++++++ lib/optee/Makefile | 7 ++++++ lib/optee/optee.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++ tools/default_image.c | 25 ++++++++++++++----- 10 files changed, 171 insertions(+), 7 deletions(-) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c
This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 31 +++++++++++++++++++++++++++++++ 6 files changed, 64 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c
diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H
+#include <linux/errno.h> + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; };
+#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 00ac650..2077f9c 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -288,5 +288,6 @@ endmenu
source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig
endmenu diff --git a/lib/Makefile b/lib/Makefile index 8cd779f..46813b6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/
obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue bryan.odonoghue@linaro.org + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <tee/optee.h> + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +}
OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up.
Further patches will use TZDRAM size with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2e406fe..41c0ab7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,3 +6,11 @@ config OPTEE enable an OPTEE specific bootm command that will perform additional OPTEE specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x3000000 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime.
OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default address of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM address specified in the OPTEE build and the TZDRAM address specified in U-Boot match-up.
Further patches will use TZDRAM address with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com --- lib/optee/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 41c0ab7..a3b7332 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -14,3 +14,11 @@ config OPTEE_TZDRAM_SIZE help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. + +config OPTEE_TZDRAM_BASE + hex "Base address of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x9d000000 + help + The base address of pre-allocated Trust Zone DRAM for + the OPTEE runtime.
Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes.
We may need to extend this out later on but for now (2^32)-1 should be fine.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- include/tee/optee.h | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; };
+static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len);
This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- include/tee/optee.h | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; }
+static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len);
This patch adds support for bootable OPTEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location control is passed to the TEE and then the TEE returns to u-boot.
flow #0: BootROM -> u-boot -> tee -> u-boot -> onwards
For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7 the boot flow is
flow #1: BootROM -> u-boot -> optee -> kernel
This patch adds a new image type to mkimage - IH_TYPE_OPTEE to reflect this TEE boot flow and to facilitate additional OPTEE specific verification of that image type - prior to handing control to that image.
The new image type enables us to more easily generate and validate a bootable OPTEE image also, for example instead of generating an OPTEE image like this:
mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d ./out/arm-plat-imx/core/tee.bin uTee
we can instead generate images like this: mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
That OPTEE image then will have a specific image type that bootm can automatically identify and consequently perform additional optee-header checks on.
Subsequent patches add logic to perform those optee-specific changes prior to handing over control as described in flow #1 above.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Link: http://mrvan.github.io/optee-imx6ul Tested-by: Peng Fan peng.fan@nxp.com --- common/image.c | 1 + include/image.h | 1 + tools/default_image.c | 25 +++++++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/common/image.c b/common/image.c index e9609cd..14e738b 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC, "pmmc", "TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_OPTEE, "optee", "OPTEE Boot Image",}, { -1, "", "", }, };
diff --git a/include/image.h b/include/image.h index b2b23a9..0b72d28 100644 --- a/include/image.h +++ b/include/image.h @@ -272,6 +272,7 @@ enum { IH_TYPE_TEE, /* Trusted Execution Environment OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */ + IH_TYPE_OPTEE, /* OPTEE Boot Image */
IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..5653933 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h"
#include <image.h> +#include <tee/optee.h> #include <u-boot/crc.h>
static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_OPTEE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr;
image_header_t * hdr = (image_header_t *)ptr;
@@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t));
time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_OPTEE: + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + break; + }
/* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch);
This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- include/tee/optee.h | 13 +++++++++++++ lib/optee/optee.c | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+)
diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr,
#endif
+#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 2cc16d7..365c078 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,3 +29,23 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + return ret; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + ret = -EINVAL; + + return ret; +}
When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- lib/optee/optee.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 365c078..78a15e8 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -8,6 +8,12 @@ #include <common.h> #include <tee/optee.h>
+#define optee_hdr_err_msg \ + "OPTEE verification error:" \ + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \ + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \ + "\n\tuimage params 0x%08lx-0x%08lx\n" + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { @@ -42,10 +48,19 @@ int optee_verify_bootm_image(unsigned long image_addr,
ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); if (ret) - return ret; + goto error;
- if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { ret = -EINVAL; + goto error; + } + + return ret; +error: + printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len);
return ret; }
This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Harinarayan Bhatta harinarayan@ti.com Cc: Andrew F. Davis afd@ti.com Cc: Tom Rini trini@konsulko.com Cc: Kever Yang kever.yang@rock-chips.com Cc: Philipp Tomsich philipp.tomsich@theobroma-systems.com Cc: Peng Fan peng.fan@nxp.com Tested-by: Peng Fan peng.fan@nxp.com --- common/bootm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/common/bootm.c b/common/bootm.c index adb1213..d528844 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include <lzma/LzmaTypes.h> #include <lzma/LzmaDec.h> #include <lzma/LzmaTools.h> +#include <tee/optee.h> #if defined(CONFIG_CMD_USB) #include <usb.h> #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; }
images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || - (images.os.type == IH_TYPE_MULTI)) && + (images.os.type == IH_TYPE_MULTI) || + (images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break;
participants (1)
-
Bryan O'Donoghue