To help automate the loading of custom image types we add the ability to define custom handlers for the loadable section types. When we find a compatible type while loading a "loadable" image from a FIT image we run its associated handlers to perform any additional steps needed for loading this image.

Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- common/image.c | 33 +++++++++++++++++++++++++++++++++ doc/uImage.FIT/source_file_format.txt | 4 +++- include/image.h | 30 ++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/common/image.c b/common/image.c index 7604494..2aac90d 100644 --- a/common/image.c +++ b/common/image.c @@ -1389,6 +1389,23 @@ int boot_get_fpga(int argc, char * const argv[], bootm_headers_t *images, } #endif

+static void fit_loadable_process(uint8_t img_type, + ulong img_data, + ulong img_len) +{ + int i; + const unsigned int count = + ll_entry_count(struct fit_loadable_tbl, fit_loadable); + struct fit_loadable_tbl *fit_loadable_handler = + ll_entry_start(struct fit_loadable_tbl, fit_loadable); + /* For each loadable handler */ + for (i = 0; i < count; i++, fit_loadable_handler++) + /* matching this type */ + if (fit_loadable_handler->type == img_type) + /* call that handler with this image data */ + fit_loadable_handler->handler(img_data, img_len); +} + int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images, uint8_t arch, const ulong *ld_start, ulong * const ld_len) { @@ -1407,6 +1424,7 @@ int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images, int conf_noffset; int fit_img_result; const char *uname; + uint8_t img_type;

/* Check to see if the images struct has a FIT configuration */ if (!genimg_has_config(images)) { @@ -1447,6 +1465,21 @@ int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images, /* Something went wrong! */ return fit_img_result; } + + fit_img_result = fit_image_get_node(buf, uname); + if (fit_img_result < 0) { + /* Something went wrong! */ + return fit_img_result; + } + fit_img_result = fit_image_get_type(buf, + fit_img_result, + &img_type); + if (fit_img_result < 0) { + /* Something went wrong! */ + return fit_img_result; + } + + fit_loadable_process(img_type, img_data, img_len); } break; default: diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt index 91aa89a..afff301 100644 --- a/doc/uImage.FIT/source_file_format.txt +++ b/doc/uImage.FIT/source_file_format.txt @@ -256,7 +256,9 @@ o config@1 (component image node of a "fpga type"). - loadables : Unit name containing a list of additional binaries to be loaded at their given locations. "loadables" is a comma-separated list - of strings. U-Boot will load each binary at its given start-address. + of strings. U-Boot will load each binary at its given start-address and + may optionaly invoke additional post-processing steps on this binary based + on its component image node type.

The FDT blob is required to properly boot FDT based kernel, so the minimal configuration for 2.6 FDT kernel is (kernel, fdt) pair. diff --git a/include/image.h b/include/image.h index 8131595..b96b8eb 100644 --- a/include/image.h +++ b/include/image.h @@ -1271,4 +1271,34 @@ int board_fit_config_name_match(const char *name); void board_fit_image_post_process(void **p_image, size_t *p_size); #endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */

+/** + * Mapping of image types to function handlers to be invoked on the associated + * loaded images + * + * @type: Type of image, I.E. IH_TYPE_* + * @handler: Function to call on loaded image + */ +struct fit_loadable_tbl { + int type; + /** + * handler() - Process a loaded image + * + * @data: Pointer to start of loaded image data + * @size: Size of loaded image data + */ + void (*handler)(ulong data, size_t size); +}; + +/* + * Define a FIT loadable image type handler + * + * _type is a valid uimage_type ID as defined in the "Image Type" enum above + * _handler is the handler function to call after this image type is loaded + */ +#define U_BOOT_FIT_LOADABLE_HANDLER(_type, _handler) \ + ll_entry_declare(struct fit_loadable_tbl, _function, fit_loadable) = { \ + .type = _type, \ + .handler = _handler, \ + } + #endif /* __IMAGE_H__ */

Add a new image type representing Trusted Execution Environment (TEE) image types. For example, an OP-TEE OS binary image.

Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org --- common/image.c | 1 + include/image.h | 1 + 2 files changed, 2 insertions(+)

diff --git a/common/image.c b/common/image.c index 2aac90d..bd07e86 100644 --- a/common/image.c +++ b/common/image.c @@ -165,6 +165,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_ZYNQIMAGE, "zynqimage", "Xilinx Zynq Boot Image" }, { IH_TYPE_ZYNQMPIMAGE, "zynqmpimage", "Xilinx ZynqMP Boot Image" }, { IH_TYPE_FPGA, "fpga", "FPGA Image" }, + { IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",}, { -1, "", "", }, };

diff --git a/include/image.h b/include/image.h index b96b8eb..575f592 100644 --- a/include/image.h +++ b/include/image.h @@ -279,6 +279,7 @@ enum { IH_TYPE_ZYNQMPIMAGE, /* Xilinx ZynqMP Boot Image */ IH_TYPE_FPGA, /* FPGA Image */ IH_TYPE_VYBRIDIMAGE, /* VYBRID .vyb Image */ + IH_TYPE_TEE, /* Trusted Execution Environment OS Image */

IH_TYPE_COUNT, /* Number of image types */ };

From: Harinarayan Bhatta harinarayan@ti.com

On DRA7xx platform, CPU Core 1 is not used in u-boot. However, in some cases it is need to make secure API calls from Core 1. This patch adds an assembly function to make a secure (SMC) call from CPU Core #1.

Signed-off-by: Harinarayan Bhatta harinarayan@ti.com Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Tom Rini trini@konsulko.com --- arch/arm/include/asm/omap_common.h | 1 + arch/arm/mach-omap2/omap5/Makefile | 1 + arch/arm/mach-omap2/omap5/sec_entry_cpu1.S | 123 +++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 arch/arm/mach-omap2/omap5/sec_entry_cpu1.S

diff --git a/arch/arm/include/asm/omap_common.h b/arch/arm/include/asm/omap_common.h index 605c549..290a190 100644 --- a/arch/arm/include/asm/omap_common.h +++ b/arch/arm/include/asm/omap_common.h @@ -632,6 +632,7 @@ void omap_smc1(u32 service, u32 val); * security (HS) device variants by doing a specially-formed smc entry. */ u32 omap_smc_sec(u32 service, u32 proc_id, u32 flag, u32 *params); +u32 omap_smc_sec_cpu1(u32 service, u32 proc_id, u32 flag, u32 *params);

void enable_edma3_clocks(void); void disable_edma3_clocks(void); diff --git a/arch/arm/mach-omap2/omap5/Makefile b/arch/arm/mach-omap2/omap5/Makefile index 0212df7..af17a3d 100644 --- a/arch/arm/mach-omap2/omap5/Makefile +++ b/arch/arm/mach-omap2/omap5/Makefile @@ -15,3 +15,4 @@ obj-y += abb.o obj-y += fdt.o obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o obj-$(CONFIG_TI_SECURE_DEVICE) += sec-fxns.o +obj-$(CONFIG_DRA7XX) += sec_entry_cpu1.o diff --git a/arch/arm/mach-omap2/omap5/sec_entry_cpu1.S b/arch/arm/mach-omap2/omap5/sec_entry_cpu1.S new file mode 100644 index 0000000..c2a35ee --- /dev/null +++ b/arch/arm/mach-omap2/omap5/sec_entry_cpu1.S @@ -0,0 +1,123 @@ +/* + * Secure entry function for CPU Core #1 + * + * (C) Copyright 2016 + * Texas Instruments, <www.ti.com> + * + * Author : + * Harinarayan Bhatta harinarayan@ti.com + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <config.h> +#include <asm/arch/omap.h> +#include <asm/omap_common.h> +#include <linux/linkage.h> + +.arch_extension sec + +#if !defined(CONFIG_SYS_DCACHE_OFF) +.global flush_dcache_range +#endif + +#define AUX_CORE_BOOT_0 0x48281800 +#define AUX_CORE_BOOT_1 0x48281804 + +#ifdef CONFIG_DRA7XX +/* DRA7xx ROM code function "startup_BootSlave". This function is where CPU1 + * waits on WFE, polling on AUX_CORE_BOOT_x registers. + * This address is same for J6 and J6 Eco. + */ +#define ROM_FXN_STARTUP_BOOTSLAVE 0x00038a64 +#endif + +/* Assembly core where CPU1 is woken up into + * No need to save-restore registers, does not use stack. + */ +LENTRY(cpu1_entry) + ldr r4, =omap_smc_sec_cpu1_args + ldm r4, {r0,r1,r2,r3} @ Retrieve args + + mov r6, #0xFF @ Indicate new Task call + mov r12, #0x00 @ Secure Service ID in R12 + + dsb + dmb + smc 0 @ SMC #0 to enter monitor mode + + b .Lend @ exit at end of the service execution + nop + + @ In case of IRQ happening in Secure, then ARM will branch here. + @ At that moment, IRQ will be pending and ARM will jump to Non Secure + @ IRQ handler + mov r12, #0xFE + + dsb + dmb + smc 0 @ SMC #0 to enter monitor mode + +.Lend: + ldr r4, =omap_smc_sec_cpu1_args + str r0, [r4, #0x10] @ save return value + ldr r4, =AUX_CORE_BOOT_0 + mov r5, #0x0 + str r5, [r4] + ldr r4, =ROM_FXN_STARTUP_BOOTSLAVE + sev @ Tell CPU0 we are done + bx r4 @ Jump back to ROM +END(cpu1_entry) + +/* + * u32 omap_smc_sec_cpu1(u32 service, u32 proc_id, u32 flag, u32 *params); + * + * Makes a secure ROM/PPA call on CPU Core #1 on supported platforms. + * Assumes that CPU #1 is waiting in ROM code and not yet woken up or used by + * u-boot. + */ +ENTRY(omap_smc_sec_cpu1) + push {r4, r5, lr} + ldr r4, =omap_smc_sec_cpu1_args + stm r4, {r0,r1,r2,r3} @ Save args to memory +#if !defined(CONFIG_SYS_DCACHE_OFF) + mov r0, r4 + mov r1, #CONFIG_SYS_CACHELINE_SIZE + add r1, r0, r1 @ dcache is not enabled on CPU1, so + blx flush_dcache_range @ flush the cache on args buffer +#endif + ldr r4, =AUX_CORE_BOOT_1 + ldr r5, =cpu1_entry + str r5, [r4] @ Setup CPU1 entry function + ldr r4, =AUX_CORE_BOOT_0 + mov r5, #0x10 + str r5, [r4] @ Tell ROM to exit while loop + sev @ Wake up CPU1 +.Lwait: + wfe @ Wait for CPU1 to finish + nop + ldr r5, [r4] @ Check if CPU1 is done + cmp r5, #0 + bne .Lwait + + ldr r4, =omap_smc_sec_cpu1_args + ldr r0, [r4, #0x10] @ Retrieve return value + pop {r4, r5, pc} +ENDPROC(omap_smc_sec_cpu1) + +/* + * Buffer to save function arguments and return value for omap_smc_sec_cpu1 + */ +.section .data +omap_smc_sec_cpu1_args: +#if !defined(CONFIG_SYS_DCACHE_OFF) + .balign CONFIG_SYS_CACHELINE_SIZE + .rept CONFIG_SYS_CACHELINE_SIZE/4 + .word 0 + .endr +#else + .rept 5 + .word 0 + .endr +#endif +END(omap_smc_sec_cpu1_args)

From: Harinarayan Bhatta harinarayan@ti.com

secure_tee_install is used to install and initialize a secure TEE OS such as Linaro OP-TEE into the secure world. This function takes in the address where the signed TEE image is loaded as an argument. The signed TEE image consists of a header (struct tee_header), TEE code+data followed by the signature generated using image signing tool from TI security development package (SECDEV). Refer to README.ti-secure for more information.

This function uses 2 new secure APIs.

1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected memory for TEE must be reserved before calling this function. This API needs arguments filled into struct ppa_tee_load_info. The TEE image is authenticated and if there are no errors, the control passes to the TEE entry point.

2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was successfully loaded (on core 0) and transfers control to the same TEE entry point.

The code at TEE entry point is expected perform OS initialization steps and return back to non-secure world (U-Boot).

Signed-off-by: Harinarayan Bhatta harinarayan@ti.com Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/include/asm/omap_sec_common.h | 6 ++ arch/arm/mach-omap2/omap5/sec-fxns.c | 108 +++++++++++++++++++++++++++++++++ include/tee/optee.h | 30 +++++++++ 3 files changed, 144 insertions(+) create mode 100644 include/tee/optee.h

diff --git a/arch/arm/include/asm/omap_sec_common.h b/arch/arm/include/asm/omap_sec_common.h index 4bde93f..79f1fbd 100644 --- a/arch/arm/include/asm/omap_sec_common.h +++ b/arch/arm/include/asm/omap_sec_common.h @@ -51,4 +51,10 @@ int secure_emif_reserve(void); */ int secure_emif_firewall_lock(void);

+/* + * Invoke a secure HAL API to authenticate and install a Trusted Execution + * Environment (TEE) image. + */ +int secure_tee_install(u32 tee_image); + #endif /* _OMAP_SEC_COMMON_H_ */ diff --git a/arch/arm/mach-omap2/omap5/sec-fxns.c b/arch/arm/mach-omap2/omap5/sec-fxns.c index 33d4ea4..7fab575 100644 --- a/arch/arm/mach-omap2/omap5/sec-fxns.c +++ b/arch/arm/mach-omap2/omap5/sec-fxns.c @@ -19,13 +19,30 @@ #include <asm/omap_sec_common.h> #include <asm/spl.h> #include <spl.h> +#include <asm/cache.h> +#include <mapmem.h> +#include <tee/optee.h>

/* Index for signature PPA-based TI HAL APIs */ #define PPA_HAL_SERVICES_START_INDEX (0x200) +#define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23) +#define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24) #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25) #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26) #define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27)

+int tee_loaded = 0; + +/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */ +struct ppa_tee_load_info { + u32 tee_sec_mem_start; /* Physical start address reserved for TEE */ + u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */ + u32 tee_cert_start; /* Address where signed TEE binary is loaded */ + u32 tee_cert_size; /* Size of TEE certificate (signed binary) */ + u32 tee_jump_addr; /* Address to jump to start TEE execution */ + u32 tee_arg0; /* argument to TEE jump function, in r0 */ +}; + static u32 get_sec_mem_start(void) { u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START; @@ -124,3 +141,94 @@ int secure_emif_firewall_lock(void)

return result; } + +static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN); + +int secure_tee_install(u32 addr) +{ + struct optee_header *hdr; + void *loadptr; + u32 tee_file_size; + u32 sec_mem_start = get_sec_mem_start(); + const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; + u32 *smc_cpu1_params; + u32 ret; + + /* If there is no protected region, there is no place to put the TEE */ + if (size == 0) { + printf("Error loading TEE, no protected memory region available\n"); + return -ENOBUFS; + } + + hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header)); + /* 280 bytes = size of signature */ + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header) + 280; + + if ((hdr->magic != OPTEE_MAGIC) || + (hdr->version != OPTEE_VERSION) || + (hdr->init_load_addr_hi != 0) || + (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) || + (tee_file_size > size) || + ((hdr->init_load_addr_lo + tee_file_size - 1) > + (sec_mem_start + size - 1))) { + printf("Error in TEE header. Check load address and sizes\n"); + unmap_sysmem(hdr); + return CMD_RET_FAILURE; + } + + tee_info.tee_sec_mem_start = sec_mem_start; + tee_info.tee_sec_mem_size = size; + tee_info.tee_jump_addr = hdr->init_load_addr_lo; + tee_info.tee_cert_start = addr; + tee_info.tee_cert_size = tee_file_size; + tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr; + unmap_sysmem(hdr); + loadptr = map_sysmem(addr, tee_file_size); + + debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start); + debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size); + debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr); + debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start); + debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size); + debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0); + debug("tee_file_size = %d\n", tee_file_size); + +#if !defined(CONFIG_SYS_DCACHE_OFF) + flush_dcache_range( + rounddown((u32)loadptr, ARCH_DMA_MINALIGN), + roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN)); + + flush_dcache_range((u32)&tee_info, (u32)&tee_info + + roundup(sizeof(tee_info), ARCH_DMA_MINALIGN)); +#endif + unmap_sysmem(loadptr); + + ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info); + if (ret) { + printf("TEE_LOAD_MASTER Failed\n"); + return ret; + } + printf("TEE_LOAD_MASTER Done\n"); + + if (!is_dra72x()) { + /* Reuse the tee_info buffer for SMC params */ + smc_cpu1_params = (u32 *)&tee_info; + smc_cpu1_params[0] = 0; +#if !defined(CONFIG_SYS_DCACHE_OFF) + flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params + + roundup(sizeof(u32), ARCH_DMA_MINALIGN)); +#endif + ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0, + smc_cpu1_params); + if (ret) { + printf("TEE_LOAD_SLAVE Failed\n"); + return ret; + } + printf("TEE_LOAD_SLAVE Done\n"); + } + + tee_loaded = 1; + + return 0; +} diff --git a/include/tee/optee.h b/include/tee/optee.h new file mode 100644 index 0000000..9ab0d08 --- /dev/null +++ b/include/tee/optee.h @@ -0,0 +1,30 @@ +/* + * OP-TEE related definitions + * + * (C) Copyright 2016 Linaro Limited + * Andrew F. Davis andrew.davis@linaro.org + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#ifndef _OPTEE_H +#define _OPTEE_H + +#define OPTEE_MAGIC 0x4554504f +#define OPTEE_VERSION 1 +#define OPTEE_ARCH_ARM32 0 +#define OPTEE_ARCH_ARM64 1 + +struct optee_header { + uint32_t magic; + uint8_t version; + uint8_t arch; + uint16_t flags; + uint32_t init_size; + uint32_t init_load_addr_hi; + uint32_t init_load_addr_lo; + uint32_t init_mem_usage; + uint32_t paged_size; +}; + +#endif /* _OPTEE_H */

Populate the corresponding TEE image processing call to be performed during FIT loadable processing.

Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Simon Glass sjg@chromium.org Reviewed-by: Tom Rini trini@konsulko.com --- board/ti/dra7xx/evm.c | 7 +++++++ 1 file changed, 7 insertions(+)

diff --git a/board/ti/dra7xx/evm.c b/board/ti/dra7xx/evm.c index 3c16846..3bb895c 100644 --- a/board/ti/dra7xx/evm.c +++ b/board/ti/dra7xx/evm.c @@ -848,4 +848,11 @@ void board_fit_image_post_process(void **p_image, size_t *p_size) { secure_boot_verify_image(p_image, p_size); } + +void board_tee_image_process(ulong tee_image, size_t tee_size) +{ + secure_tee_install((u32)tee_image); +} + +U_BOOT_FIT_LOADABLE_HANDLER(IH_TYPE_TEE, board_tee_image_process); #endif

Populate the corresponding TEE image processing call to be performed during FIT loadable processing.

Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Tom Rini trini@konsulko.com --- board/ti/am57xx/board.c | 7 +++++++ 1 file changed, 7 insertions(+)

diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c index f3e3f0b..1895a30 100644 --- a/board/ti/am57xx/board.c +++ b/board/ti/am57xx/board.c @@ -739,4 +739,11 @@ void board_fit_image_post_process(void **p_image, size_t *p_size) { secure_boot_verify_image(p_image, p_size); } + +void board_tee_image_process(ulong tee_image, size_t tee_size) +{ + secure_tee_install((u32)tee_image); +} + +U_BOOT_FIT_LOADABLE_HANDLER(IH_TYPE_TEE, board_tee_image_process); #endif