All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot
Date: Fri, 12 Jan 2018 14:52:24 +0000	[thread overview]
Message-ID: <1515768744-25246-10-git-send-email-bryan.odonoghue@linaro.org> (raw)
In-Reply-To: <1515768744-25246-1-git-send-email-bryan.odonoghue@linaro.org>

This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
---
 common/bootm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/common/bootm.c b/common/bootm.c
index 9493a30..38c1b0a 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -19,6 +19,7 @@
 #include <lzma/LzmaTypes.h>
 #include <lzma/LzmaDec.h>
 #include <lzma/LzmaTools.h>
+#include <tee/optee.h>
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif
@@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
 	if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
 		images.os.load = images.os.image_start;
 		images.ep += images.os.load;
+	} else if (images.os.type == IH_TYPE_OPTEE) {
+		ret = optee_verify_bootm_image(images.os.image_start,
+					       images.os.load,
+					       images.os.image_len);
+		if (ret)
+			return ret;
 	}
 
 	images.os.start = map_to_sysmem(os_hdr);
@@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 {
 	if (((images.os.type == IH_TYPE_KERNEL) ||
 	     (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
-	     (images.os.type == IH_TYPE_MULTI)) &&
+	     (images.os.type == IH_TYPE_MULTI) ||
+	     (images.os.type == IH_TYPE_OPTEE)) &&
 	    (images.os.os == IH_OS_LINUX ||
 		 images.os.os == IH_OS_VXWORKS))
 		return bootm_find_images(flag, argc, argv);
@@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 		switch (image_get_type(hdr)) {
 		case IH_TYPE_KERNEL:
 		case IH_TYPE_KERNEL_NOLOAD:
+		case IH_TYPE_OPTEE:
 			*os_data = image_get_data(hdr);
 			*os_len = image_get_data_size(hdr);
 			break;
-- 
2.7.4

  parent reply	other threads:[~2018-01-12 14:52 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-12 14:52 [U-Boot] [PATCH 0/9] Add new OPTEE bootm support to u-boot Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 1/9] optee: Add lib entries for sharing OPTEE code across ports Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 3/9] optee: Make OPTEE_TZDRAM_BASE a mandatory define Bryan O'Donoghue
2018-01-12 16:23   ` Tom Rini
2018-01-12 14:52 ` [U-Boot] [PATCH 4/9] optee: Add optee_image_get_entry_point() Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 5/9] optee: Add optee_image_get_load_addr() Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 6/9] tools: mkimage: add optee image type Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 7/9] optee: Add optee_verify_bootm_image() Bryan O'Donoghue
2018-01-12 14:52 ` [U-Boot] [PATCH 8/9] optee: Improve error printout Bryan O'Donoghue
2018-01-12 14:52 ` Bryan O'Donoghue [this message]
2018-01-15  4:00 ` [U-Boot] [PATCH 0/9] Add new OPTEE bootm support to u-boot Peng Fan
2018-01-15  4:39 ` Kever Yang
2018-01-15 10:24   ` Dr. Philipp Tomsich
2018-01-15 10:29     ` Dr. Philipp Tomsich
2018-01-15 12:03       ` Peng Fan
2018-01-15 13:26         ` Dr. Philipp Tomsich
2018-01-15 14:01         ` Bryan O'Donoghue

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1515768744-25246-10-git-send-email-bryan.odonoghue@linaro.org \
    --to=bryan.odonoghue@linaro.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.