All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v6 00/10] Add new OPTEE bootm support to u-boot
Date: Tue, 13 Mar 2018 16:50:26 +0000	[thread overview]
Message-ID: <1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org> (raw)

v6:
- Fix CONFIG_BOOTM_TEE
  Manually editing .config file meant this disparity was missed.
  "Those whom the gods wish to destroy they first make mad"

v5:

This patchset now works by making a bootable OPTEE image

mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee

The concept is the same as the earlier version of this patchset except
instead of "mkimage -T tee" we do "mkimage -T kernel -O tee". Andrew
suggested this and it is technically feasible.

So here is the revised patchset.

- Converted IH_TYPE_OPTEE to IH_OS_TEE - Andrew

- Removed Tested-by: for Peng Fan on patches with churn as a result

- Added patch for CONFIG_OPTEE_ADDR
  This CONFIG entry will be used in an upcoming set of patch for the
  board I'm working with.

v4:
- New type "optee" renamed to "tee-bootable". We discussed making the
  namespace here more logical and obvious in another thread.

  Kever may or may not end up adding "tee-combo".

  This patchset will result in
  "tee" and "tee-bootable" being valid names. Since "tee" is an existing
  image type the name will be maintained. - Tom

- Added doc/README.trusted-execution-environment
  This gives a brief introduction on TEE plus some links to the spec and
  the op-tee website.

  In then lays out the difference between these two types
  "tee" (tee-standalone)
  "tee-bootable"

  - Bryan, Philipp

- Small change made to comment on existing TEE - Bryan

- Reworded the Kconfig option "OPTEE"
  Makes a little bit more sense to me re-reading now - Bryan

- Add patch to define CONFIG_OPTEE_LOAD_ADDR
  An upcoming set of patches for a board will make use of this define in an
  OPTEE context.

v3:

- Rework printout to be added at the end as opposed to churn over three
  separate patches - Andrew

- Reword patch 006 to better explain the thinking behind new image type
  - Andrew

v2:
- Added CONFIG_OPTEE_TZDRAM_BASE instead of #ifndef OPTEE_TZDRAM_BASE
  as an error. - Tom Rini

- Added Tested-by: Peng Fan <peng.fan@nxp.com> - as indicated

- Added better explanation text to patch 6/9
  "tools: mkimage: add optee image type"

- Fixed some checkpatch warnings in optee.c

v1:
This series adds a new OPTEE bootable image type to u-boot, which is
directly bootable with the bootm command.

There is already a TEE image type but, in this case the TEE firmware is
loaded into RAM, jumped into and then back out of. This image type is a
directly bootable image as described here :
http://mrvan.github.io/optee-imx6ul

Instead of reusing the Linux bootable image type instead a new image type
is defined, which allows us to perform additional image verification, prior
to handing off control via bootm.

OPTEE images get linked to a specific address at compile time and must be
loaded to this address too. This series extends out mkimage with a new
image type that allows the OPTEE binary link location to be validated
against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
prior to proceeding through the bootm phase.

Once applied you can generate a bootable OPTEE image like this

mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee

That image can then be booted directly by bootm. bootm will verify the
header contents of the OPTEE binary against the DRAM area carved out in
u-boot. If the defined DRAM area does not match the link address specified
we refuse to boot.

Kever - I'd like to suggest that your OPTEE SPL image takes a different
image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
image type has versus a directly bootable bootm image.


Bryan O'Donoghue (10):
  optee: Add lib entries for sharing OPTEE code across ports
  optee: Add CONFIG_OPTEE_TZDRAM_SIZE
  optee: Add CONFIG_OPTEE_TZDRAM_BASE
  optee: Add CONFIG_OPTEE_LOAD_ADDR
  optee: Add optee_image_get_entry_point()
  optee: Add optee_image_get_load_addr()
  optee: Add optee_verify_bootm_image()
  optee: Add error printout
  image: Add IH_OS_TEE for TEE chain-load boot
  bootm: optee: Add a bootm command for type IH_OS_TEE

 common/bootm_os.c     | 32 +++++++++++++++++++++++++
 common/image.c        |  1 +
 include/image.h       |  1 +
 include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++++
 lib/Kconfig           |  1 +
 lib/Makefile          |  1 +
 lib/optee/Kconfig     | 39 ++++++++++++++++++++++++++++++
 lib/optee/Makefile    |  7 ++++++
 lib/optee/optee.c     | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/default_image.c | 15 ++++++++++--
 10 files changed, 202 insertions(+), 2 deletions(-)
 create mode 100644 lib/optee/Kconfig
 create mode 100644 lib/optee/Makefile
 create mode 100644 lib/optee/optee.c

-- 
2.7.4

             reply	other threads:[~2018-03-13 16:50 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-13 16:50 Bryan O'Donoghue [this message]
2018-03-13 16:50 ` [U-Boot] [PATCH v6 01/10] optee: Add lib entries for sharing OPTEE code across ports Bryan O'Donoghue
2018-03-19 22:36   ` [U-Boot] [U-Boot, v6, " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 02/10] optee: Add CONFIG_OPTEE_TZDRAM_SIZE Bryan O'Donoghue
2018-03-19 22:36   ` [U-Boot] [U-Boot,v6,02/10] " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 03/10] optee: Add CONFIG_OPTEE_TZDRAM_BASE Bryan O'Donoghue
2018-03-19 22:36   ` [U-Boot] [U-Boot,v6,03/10] " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 04/10] optee: Add CONFIG_OPTEE_LOAD_ADDR Bryan O'Donoghue
2018-03-19 22:36   ` [U-Boot] [U-Boot,v6,04/10] " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 05/10] optee: Add optee_image_get_entry_point() Bryan O'Donoghue
2018-03-19 22:37   ` [U-Boot] [U-Boot, v6, " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 06/10] optee: Add optee_image_get_load_addr() Bryan O'Donoghue
2018-03-19 22:37   ` [U-Boot] [U-Boot, v6, " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 07/10] optee: Add optee_verify_bootm_image() Bryan O'Donoghue
2018-03-19 22:37   ` [U-Boot] [U-Boot, v6, " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 08/10] optee: Add error printout Bryan O'Donoghue
2018-03-19 22:37   ` [U-Boot] [U-Boot,v6,08/10] " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 09/10] image: Add IH_OS_TEE for TEE chain-load boot Bryan O'Donoghue
2018-03-19 22:37   ` [U-Boot] [U-Boot, v6, " Tom Rini
2018-03-13 16:50 ` [U-Boot] [PATCH v6 10/10] bootm: optee: Add a bootm command for type IH_OS_TEE Bryan O'Donoghue
2018-03-19 22:37   ` [U-Boot] [U-Boot, v6, " Tom Rini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1520959836-16105-1-git-send-email-bryan.odonoghue@linaro.org \
    --to=bryan.odonoghue@linaro.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.