From patchwork Fri Jan 19 19:43:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 125216 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp443216ljf; Fri, 19 Jan 2018 11:44:57 -0800 (PST) X-Google-Smtp-Source: AH8x225h5gI+Wsn4+u9hzNVcntH06BS+RGol8lxXNmB6W07e8hvA3GT64wCO1uZHKjqf0UoUI8bw X-Received: by 10.80.143.38 with SMTP id 35mr25656edy.183.1516391097411; Fri, 19 Jan 2018 11:44:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516391097; cv=none; d=google.com; s=arc-20160816; b=pEmtGJXyGXZXU+RU3cMg6GJLTF2gRHL0h0m/ILifhlMDZQ+/xxXImcp4wp0olMvqD6 sZU5nm/k8cTIKsfVUx81g63A63aFq54lmQYuF8vsc3cQI+gg1f9k4n8H6GsqlCoTMHMk yWHoJysgvB/kzejOoIHQqZ8flSErpgywjvTKNLTUvFQ7fzV+J6ev9BsIR6G1i9zmPDhe K6+QHeaAkt2nPlQ02nxYUwJbZT7EJCly5rOFSYnzfSNDYgUU8nyQq3bB0engrELMuE0a ca47MeHGkI+F8oVU3JSozV/K3VijGuX9D7zZ9cB/3FMUQGi2KRx07c8xUT4ENEQ6DUOI 5x9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=8Tk0aN3HAsHwB9FH29RmRU7VgtWxF1PYlntj1O03GNQ=; b=cUvjwu0/FSYk6gS/gkyaz5pvbKe6XQS/UfEbQ04GSb0KYHnQ5hSnTt7pckDxdcIEQD om75DlY+OdheoteMK7gHfcnUmtUENA1OmX64Kdvz/5a2QjW4F6lsWPawtls7aEvh8XTQ PH5Y5NRkHaOYRxhemV3t1oT0YY4ew/KcFiEmIdQxdysPX5M/myU9wz9j5sAfHSpqfKUx 4XyDgYKElyyWsp0jkdvZ5wragXWmHvNNm7YGwfeL5xNEXKHgjwJd3rq7QAHLVxOMkrW5 noVlHdcM8o9R6mPfFseQn0w5lKhdft2/2+YarME6WdwM+gpDg2y9d2qRMct+W01oNAqW cAIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=M+ANSlYr; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id p53si7323376eda.70.2018.01.19.11.44.57; Fri, 19 Jan 2018 11:44:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=M+ANSlYr; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id E4FFAC21FAF; Fri, 19 Jan 2018 19:43:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 56633C21F45; Fri, 19 Jan 2018 19:43:33 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 177BBC21D64; Fri, 19 Jan 2018 19:43:32 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 743C5C21DDF for ; Fri, 19 Jan 2018 19:43:31 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id 143so5468697wma.5 for ; Fri, 19 Jan 2018 11:43:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WrkOFdTDPKEwG2JA6qQGKJbAWNIFWKAauqL9Z+CzZkM=; b=M+ANSlYrdSXwK0oqTsWI50x6y6arJ7wu5YCJWu4YngDZA2/p4yFcWBTxtgX/U+rVqW 4NVa4XoU4kOqTkO6U/nm5O9/6ljPFqooiHtQUh5E9ZB7Mbh57Gkq3q6e7ffee/dnkMyw vMY398T/Dl6uc6nQSqvHqf6tCDwRhxg7zEH3M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WrkOFdTDPKEwG2JA6qQGKJbAWNIFWKAauqL9Z+CzZkM=; b=Q+RmwwS2cbBkj4OKJ5s6YRFIhzpTkVU5pZ/8GmGXkZEOJotZ58JhhuPc8ueYOvdlOt oxacizRJSIpGx3DbEbxfBeJTWspYa8p4Oz8tCgA+oSziLOd3zMS+Y+HDLGBPG+fNivKT J1EKO0S2+njXhOHxIgYSLcLPCBSCUJg0uN42rGg/hX/es9LNBesCYken2DJfUuEK27eY 6+B3DVltzYkmF65cDsHsk/jF6rGgA3gnkpIJiXUvWotyCGaiW9ZQy3VbWmTwmlwP+rfW IHYjCh5r0KikQ39MD9pjx35TNxxv7NhF0lVm8M9XGl80sFNhsfeaeZdUbZTBYkKTwulG rTtA== X-Gm-Message-State: AKwxytd7zMrUqlf4bwgLsF7NGEqxkfnbsB+M0OypP90LAZaZhSRpTbpd VJESp1GApl9ud74ng4iNi+uh4tldiZQ= X-Received: by 10.80.196.3 with SMTP id v3mr50336edf.232.1516391010894; Fri, 19 Jan 2018 11:43:30 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id p6sm5936051edh.68.2018.01.19.11.43.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 19 Jan 2018 11:43:30 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, trini@konsulko.com Date: Fri, 19 Jan 2018 19:43:18 +0000 Message-Id: <1516391006-22483-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516391006-22483-1-git-send-email-bryan.odonoghue@linaro.org> References: <1516391006-22483-1-git-send-email-bryan.odonoghue@linaro.org> Cc: harinarayan@ti.com Subject: [U-Boot] [PATCH v2 1/9] optee: Add lib entries for sharing OPTEE code across ports X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 16 ++++++++++++++++ lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 8 ++++++++ lib/optee/Makefile | 7 +++++++ lib/optee/optee.c | 37 +++++++++++++++++++++++++++++++++++++ 6 files changed, 70 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef _OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM32 0 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, + unsigned long tzdram_start, + unsigned long tzdram_len, + unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 00ac650..2077f9c 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -288,5 +288,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 8cd779f..46813b6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 0000000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 0000000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 0000000..64ceacd --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include + +#define optee_hdr_err_msg "OPTEE verification error tzdram 0x%08lx-0x%08lx " \ + "header lo=0x%08x hi=0x%08x size=0x%08x\n" + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + printf(optee_hdr_err_msg, tzdram_start, tzdram_end, + hdr->init_load_addr_lo, hdr->init_load_addr_hi, + tee_file_size); + return -EINVAL; + } + + return 0; +}