bootm: optee: Add a bootm command for type IH_OS_TEE

This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
This commit is contained in:
Bryan O'Donoghue 2018-03-13 16:50:36 +00:00 committed by Tom Rini
parent 45b55712d4
commit c225e7cf54
2 changed files with 41 additions and 0 deletions

View File

@ -11,6 +11,7 @@
#include <linux/libfdt.h>
#include <malloc.h>
#include <vxworks.h>
#include <tee/optee.h>
DECLARE_GLOBAL_DATA_PTR;
@ -433,6 +434,34 @@ static int do_bootm_openrtos(int flag, int argc, char * const argv[],
}
#endif
#ifdef CONFIG_BOOTM_OPTEE
static int do_bootm_tee(int flag, int argc, char * const argv[],
bootm_headers_t *images)
{
int ret;
/* Verify OS type */
if (images->os.os != IH_OS_TEE) {
return 1;
};
/* Validate OPTEE header */
ret = optee_verify_bootm_image(images->os.image_start,
images->os.load,
images->os.image_len);
if (ret)
return ret;
/* Locate FDT etc */
ret = bootm_find_images(flag, argc, argv);
if (ret)
return ret;
/* From here we can run the regular linux boot path */
return do_bootm_linux(flag, argc, argv, images);
}
#endif
static boot_os_fn *boot_os[] = {
[IH_OS_U_BOOT] = do_bootm_standalone,
#ifdef CONFIG_BOOTM_LINUX
@ -466,6 +495,9 @@ static boot_os_fn *boot_os[] = {
#ifdef CONFIG_BOOTM_OPENRTOS
[IH_OS_OPENRTOS] = do_bootm_openrtos,
#endif
#ifdef CONFIG_BOOTM_OPTEE
[IH_OS_TEE] = do_bootm_tee,
#endif
};
/* Allow for arch specific config before we boot */

View File

@ -28,3 +28,12 @@ config OPTEE_TZDRAM_BASE
help
The base address of pre-allocated Trust Zone DRAM for
the OPTEE runtime.
config BOOTM_OPTEE
bool "Support OPTEE bootm command"
select BOOTM_LINUX
default n
help
Select this command to enable chain-loading of a Linux kernel
via an OPTEE firmware.
The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case.