All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 0/9] Add new OPTEE bootm support to u-boot
Date: Fri, 12 Jan 2018 14:52:15 +0000	[thread overview]
Message-ID: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org> (raw)

This series adds a new OPTEE bootable image type to u-boot, which is
directly bootable with the bootm command.

There is already a TEE image type but, in this case the TEE firmware is
loaded into RAM, jumped into and then back out of. This image type is a
directly bootable image as described here :
http://mrvan.github.io/optee-imx6ul

Instead of reusing the Linux bootable image type instead a new image type
is defined, which allows us to perform additional image verification, prior
to handing off control via bootm.

OPTEE images get linked to a specific address at compile time and must be
loaded to this address too. This series extends out mkimage with a new
image type that allows the OPTEE binary link location to be validated
against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
prior to proceeding through the bootm phase.

Once applied you can generate a bootable OPTEE image like this

mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee

That image can then be booted directly by bootm. bootm will verify the
header contents of the OPTEE binary against the DRAM area carved out in
u-boot. If the defined DRAM area does not match the link address specified
we refuse to boot.

Kever - I'd like to suggest that your OPTEE SPL image takes a different
image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
image type has versus a directly bootable bootm image.

Bryan O'Donoghue (9):
  optee: Add lib entries for sharing OPTEE code across ports
  optee: Add CONFIG_OPTEE_TZDRAM_SIZE
  optee: Make OPTEE_TZDRAM_BASE a mandatory define
  optee: Add optee_image_get_entry_point()
  optee: Add optee_image_get_load_addr()
  tools: mkimage: add optee image type
  optee: Add optee_verify_bootm_image()
  optee: Improve error printout
  bootm: optee: Add mechanism to validate an OPTEE image before boot

 common/bootm.c        | 11 +++++++-
 common/image.c        |  1 +
 include/image.h       |  1 +
 include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
 lib/Kconfig           |  1 +
 lib/Makefile          |  1 +
 lib/optee/Kconfig     | 16 ++++++++++++
 lib/optee/Makefile    |  7 ++++++
 lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/default_image.c | 25 ++++++++++++++-----
 10 files changed, 166 insertions(+), 7 deletions(-)
 create mode 100644 lib/optee/Kconfig
 create mode 100644 lib/optee/Makefile
 create mode 100644 lib/optee/optee.c

-- 
2.7.4

             reply	other threads:[~2018-01-12 14:52 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-12 14:52 Bryan O'Donoghue [this message]
2018-01-12 14:52 ` [U-Boot] [PATCH 1/9] optee: Add lib entries for sharing OPTEE code across ports Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 3/9] optee: Make OPTEE_TZDRAM_BASE a mandatory define Bryan O'Donoghue
2018-01-12 16:23   ` Tom Rini
2018-01-12 14:52 ` [U-Boot] [PATCH 4/9] optee: Add optee_image_get_entry_point() Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 5/9] optee: Add optee_image_get_load_addr() Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 6/9] tools: mkimage: add optee image type Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 7/9] optee: Add optee_verify_bootm_image() Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 8/9] optee: Improve error printout Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot Bryan O'Donoghue
2018-01-15  4:00 ` [U-Boot] [PATCH 0/9] Add new OPTEE bootm support to u-boot Peng Fan
2018-01-15  4:39 ` Kever Yang
2018-01-15 10:24   ` Dr. Philipp Tomsich
2018-01-15 10:29     ` Dr. Philipp Tomsich
2018-01-15 12:03       ` Peng Fan
2018-01-15 13:26         ` Dr. Philipp Tomsich
2018-01-15 14:01         ` Bryan O'Donoghue

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org \
    --to=bryan.odonoghue@linaro.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.