[PATCH 0/9] Add new OPTEE bootm support to u-boot

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 0/9] Add new OPTEE bootm support to u-boot

Bryan O'Donoghue-3
This series adds a new OPTEE bootable image type to u-boot, which is
directly bootable with the bootm command.

There is already a TEE image type but, in this case the TEE firmware is
loaded into RAM, jumped into and then back out of. This image type is a
directly bootable image as described here :
http://mrvan.github.io/optee-imx6ul

Instead of reusing the Linux bootable image type instead a new image type
is defined, which allows us to perform additional image verification, prior
to handing off control via bootm.

OPTEE images get linked to a specific address at compile time and must be
loaded to this address too. This series extends out mkimage with a new
image type that allows the OPTEE binary link location to be validated
against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
prior to proceeding through the bootm phase.

Once applied you can generate a bootable OPTEE image like this

mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee

That image can then be booted directly by bootm. bootm will verify the
header contents of the OPTEE binary against the DRAM area carved out in
u-boot. If the defined DRAM area does not match the link address specified
we refuse to boot.

Kever - I'd like to suggest that your OPTEE SPL image takes a different
image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
image type has versus a directly bootable bootm image.

Bryan O'Donoghue (9):
  optee: Add lib entries for sharing OPTEE code across ports
  optee: Add CONFIG_OPTEE_TZDRAM_SIZE
  optee: Make OPTEE_TZDRAM_BASE a mandatory define
  optee: Add optee_image_get_entry_point()
  optee: Add optee_image_get_load_addr()
  tools: mkimage: add optee image type
  optee: Add optee_verify_bootm_image()
  optee: Improve error printout
  bootm: optee: Add mechanism to validate an OPTEE image before boot

 common/bootm.c        | 11 +++++++-
 common/image.c        |  1 +
 include/image.h       |  1 +
 include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
 lib/Kconfig           |  1 +
 lib/Makefile          |  1 +
 lib/optee/Kconfig     | 16 ++++++++++++
 lib/optee/Makefile    |  7 ++++++
 lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/default_image.c | 25 ++++++++++++++-----
 10 files changed, 166 insertions(+), 7 deletions(-)
 create mode 100644 lib/optee/Kconfig
 create mode 100644 lib/optee/Makefile
 create mode 100644 lib/optee/optee.c

--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/9] optee: Add lib entries for sharing OPTEE code across ports

Bryan O'Donoghue-3
This patch adds code to lib to enable sharing of useful OPTEE code between
board-ports and architectures. The code on lib/optee/optee.c comes from the
TI omap2 port. Eventually the OMAP2 code will be patched to include the
shared code. The intention here is to add more useful OPTEE specific code
as more functionality gets added.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 include/tee/optee.h | 16 ++++++++++++++++
 lib/Kconfig         |  1 +
 lib/Makefile        |  1 +
 lib/optee/Kconfig   |  8 ++++++++
 lib/optee/Makefile  |  7 +++++++
 lib/optee/optee.c   | 35 +++++++++++++++++++++++++++++++++++
 6 files changed, 68 insertions(+)
 create mode 100644 lib/optee/Kconfig
 create mode 100644 lib/optee/Makefile
 create mode 100644 lib/optee/optee.c

diff --git a/include/tee/optee.h b/include/tee/optee.h
index 9ab0d08..8943afb 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -10,6 +10,8 @@
 #ifndef _OPTEE_H
 #define _OPTEE_H
 
+#include <linux/errno.h>
+
 #define OPTEE_MAGIC             0x4554504f
 #define OPTEE_VERSION           1
 #define OPTEE_ARCH_ARM32        0
@@ -27,4 +29,18 @@ struct optee_header {
  uint32_t paged_size;
 };
 
+#if defined(CONFIG_OPTEE)
+int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
+       unsigned long tzdram_len, unsigned long image_len);
+#else
+static inline int optee_verify_image(struct optee_header *hdr,
+     unsigned long tzdram_start,
+     unsigned long tzdram_len,
+     unsigned long image_len)
+{
+ return -EPERM;
+}
+
+#endif
+
 #endif /* _OPTEE_H */
diff --git a/lib/Kconfig b/lib/Kconfig
index f447c53..5742fb7 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -278,5 +278,6 @@ endmenu
 
 source lib/efi/Kconfig
 source lib/efi_loader/Kconfig
+source lib/optee/Kconfig
 
 endmenu
diff --git a/lib/Makefile b/lib/Makefile
index 8cd779f..46813b6 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/
 obj-$(CONFIG_OF_LIVE) += of_live.o
 obj-$(CONFIG_CMD_DHRYSTONE) += dhry/
 obj-$(CONFIG_ARCH_AT91) += at91/
+obj-$(CONFIG_OPTEE) += optee/
 
 obj-$(CONFIG_AES) += aes.o
 obj-y += charset.o
diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig
new file mode 100644
index 0000000..2e406fe
--- /dev/null
+++ b/lib/optee/Kconfig
@@ -0,0 +1,8 @@
+config OPTEE
+ bool "Support OPTEE images"
+ help
+  U-Boot can be configured to boot OPTEE images.
+  Selecting this option will enable shared OPTEE library code and
+          enable an OPTEE specific bootm command that will perform additional
+          OPTEE specific checks before booting an OPTEE image created with
+          mkimage.
diff --git a/lib/optee/Makefile b/lib/optee/Makefile
new file mode 100644
index 0000000..03e832f
--- /dev/null
+++ b/lib/optee/Makefile
@@ -0,0 +1,7 @@
+#
+# (C) Copyright 2017 Linaro
+#
+# SPDX-License-Identifier: GPL-2.0+
+#
+
+obj-$(CONFIG_OPTEE) += optee.o
diff --git a/lib/optee/optee.c b/lib/optee/optee.c
new file mode 100644
index 0000000..a6c856a
--- /dev/null
+++ b/lib/optee/optee.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2017 Linaro
+ * Bryan O'Donoghue <[hidden email]>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <tee/optee.h>
+
+int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
+       unsigned long tzdram_len, unsigned long image_len)
+{
+ unsigned long tzdram_end = tzdram_start + tzdram_len;
+ uint32_t tee_file_size;
+
+ tee_file_size = hdr->init_size + hdr->paged_size +
+ sizeof(struct optee_header);
+
+ if ((hdr->magic != OPTEE_MAGIC) ||
+    (hdr->version != OPTEE_VERSION) ||
+    (hdr->init_load_addr_hi > tzdram_end) ||
+    (hdr->init_load_addr_lo < tzdram_start) ||
+    (tee_file_size > tzdram_len) ||
+    (tee_file_size != image_len) ||
+    ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) {
+ printf("OPTEE verification error tzdram 0x%08lx-0x%08lx "
+       "header lo=0x%08x hi=0x%08x size=0x%08x\n",
+       tzdram_start, tzdram_end, hdr->init_load_addr_lo,
+       hdr->init_load_addr_hi, tee_file_size);
+ return -EINVAL;
+ }
+
+ return 0;
+}
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM
that a board-port can over-ride. The region that U-Boot sets aside for the
OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
size specified in the OPTEE build and the TZDRAM size specified in U-Boot
match-up.

Further patches will use TZDRAM size and other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 lib/optee/Kconfig | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig
index 2e406fe..41c0ab7 100644
--- a/lib/optee/Kconfig
+++ b/lib/optee/Kconfig
@@ -6,3 +6,11 @@ config OPTEE
           enable an OPTEE specific bootm command that will perform additional
           OPTEE specific checks before booting an OPTEE image created with
           mkimage.
+
+config OPTEE_TZDRAM_SIZE
+ hex "Amount of Trust-Zone RAM for the OPTEE image"
+ depends on OPTEE
+ default 0x3000000
+ help
+  The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE
+  runtime.
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 3/9] optee: Make OPTEE_TZDRAM_BASE a mandatory define

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch makes OTPEE_TZDRAM_BASE a mandatory parameter.
Subsequent patches will ensure that the region between
OTPEE_TZDRAM_BASE and (OTPEE_TZDRAM_BASE +
CONFIG_OPTEE_TZDRAM_SIZE) match the information given in the OPTEE header
before handing off control to the OPTEE image when booting OPTEE directly
via bootm.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 lib/optee/optee.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index a6c856a..6e55027 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -5,9 +5,14 @@
  * SPDX-License-Identifier: GPL-2.0+
  */
 
+#include <config.h>
 #include <common.h>
 #include <tee/optee.h>
 
+#ifndef OPTEE_TZDRAM_BASE
+#error "OPTEE_TZDRAM_BASE not defined"
+#endif
+
 int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
        unsigned long tzdram_len, unsigned long image_len)
 {
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 4/9] optee: Add optee_image_get_entry_point()

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
Add a helper function for extracting the least significant 32 bits from the
OPTEE entry point address, which will be good enough to load OPTEE binaries
up to (2^32)-1 bytes.

We may need to extend this out later on but for now (2^32)-1 should be
fine.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 include/tee/optee.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/tee/optee.h b/include/tee/optee.h
index 8943afb..eb328d3 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -29,6 +29,13 @@ struct optee_header {
  uint32_t paged_size;
 };
 
+static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr)
+{
+ struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1);
+
+ return optee_hdr->init_load_addr_lo;
+}
+
 #if defined(CONFIG_OPTEE)
 int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
        unsigned long tzdram_len, unsigned long image_len);
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 5/9] optee: Add optee_image_get_load_addr()

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch adds optee_image_get_load_addr() a helper function used to
calculate the load-address of an OPTEE image based on the lower
entry-point address given in the OPTEE header.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 include/tee/optee.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/tee/optee.h b/include/tee/optee.h
index eb328d3..e782cb0 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr)
  return optee_hdr->init_load_addr_lo;
 }
 
+static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr)
+{
+ return optee_image_get_entry_point(hdr) - sizeof(struct optee_header);
+}
+
 #if defined(CONFIG_OPTEE)
 int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
        unsigned long tzdram_len, unsigned long image_len);
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 6/9] tools: mkimage: add optee image type

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch adds support for bootable OPTEE images to mkimage. Currently
there is a (Trusted Execution Environment) TEE image type, the TEE image
type is installed to a memory location with u-boot continuing to own the
boot process whereas the OPTEE image type defined here is a bootable image,
which typically wants to live at a defined location in memory. Defining a
new image type allows us to pull out the load address and entry point
defined in the OPTEE header and having a separate image type lays the
foundation for a subsequent patch to validate the OPTEE memory defined in a
board-port matches the link location specified in the OPTEE bootable
image.

example usage:

mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin
uTee.optee

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 common/image.c        |  1 +
 include/image.h       |  1 +
 tools/default_image.c | 25 +++++++++++++++++++------
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/common/image.c b/common/image.c
index 4bcf6b3..381ef07 100644
--- a/common/image.c
+++ b/common/image.c
@@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = {
  {       IH_TYPE_TEE,        "tee",        "Trusted Execution Environment Image",},
  { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" },
  {       IH_TYPE_PMMC,        "pmmc",        "TI Power Management Micro-Controller Firmware",},
+ {       IH_TYPE_OPTEE,       "optee",     "OPTEE Boot Image",},
  { -1,    "",  "", },
 };
 
diff --git a/include/image.h b/include/image.h
index a128a62..9175624 100644
--- a/include/image.h
+++ b/include/image.h
@@ -271,6 +271,7 @@ enum {
  IH_TYPE_TEE,            /* Trusted Execution Environment OS Image */
  IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */
  IH_TYPE_PMMC,            /* TI Power Management Micro-Controller Firmware */
+ IH_TYPE_OPTEE, /* OPTEE Boot Image */
 
  IH_TYPE_COUNT, /* Number of image types */
 };
diff --git a/tools/default_image.c b/tools/default_image.c
index 4e5568e..5653933 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -18,6 +18,7 @@
 #include "mkimage.h"
 
 #include <image.h>
+#include <tee/optee.h>
 #include <u-boot/crc.h>
 
 static image_header_t header;
@@ -25,7 +26,8 @@ static image_header_t header;
 static int image_check_image_types(uint8_t type)
 {
  if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) ||
-    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT))
+    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) ||
+    (type == IH_TYPE_OPTEE))
  return EXIT_SUCCESS;
  else
  return EXIT_FAILURE;
@@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
  uint32_t checksum;
  time_t time;
  uint32_t imagesize;
+ uint32_t ep;
+ uint32_t addr;
 
  image_header_t * hdr = (image_header_t *)ptr;
 
@@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
  sbuf->st_size - sizeof(image_header_t));
 
  time = imagetool_get_source_date(params, sbuf->st_mtime);
- if (params->type == IH_TYPE_FIRMWARE_IVT)
+ ep = params->ep;
+ addr = params->addr;
+ imagesize = sbuf->st_size - sizeof(image_header_t);
+
+ switch (params->type) {
+ case IH_TYPE_FIRMWARE_IVT:
  /* Add size of CSF minus IVT */
  imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
- else
- imagesize = sbuf->st_size - sizeof(image_header_t);
+ break;
+ case IH_TYPE_OPTEE:
+ addr = optee_image_get_load_addr(hdr);
+ ep = optee_image_get_entry_point(hdr);
+ break;
+ }
 
  /* Build new header */
  image_set_magic(hdr, IH_MAGIC);
  image_set_time(hdr, time);
  image_set_size(hdr, imagesize);
- image_set_load(hdr, params->addr);
- image_set_ep(hdr, params->ep);
+ image_set_load(hdr, addr);
+ image_set_ep(hdr, ep);
  image_set_dcrc(hdr, checksum);
  image_set_os(hdr, params->os);
  image_set_arch(hdr, params->arch);
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 7/9] optee: Add optee_verify_bootm_image()

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 include/tee/optee.h | 13 +++++++++++++
 lib/optee/optee.c   | 35 +++++++++++++++++++++++++++++++----
 2 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/include/tee/optee.h b/include/tee/optee.h
index e782cb0..4b9e94c 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr,
 
 #endif
 
+#if defined(CONFIG_OPTEE)
+int optee_verify_bootm_image(unsigned long image_addr,
+     unsigned long image_load_addr,
+     unsigned long image_len);
+#else
+static inline int optee_verify_bootm_image(unsigned long image_addr,
+   unsigned long image_load_addr,
+   unsigned long image_len)
+{
+ return -EPERM;
+}
+#endif
+
 #endif /* _OPTEE_H */
diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 6e55027..36358f1 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -29,12 +29,39 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
     (tee_file_size > tzdram_len) ||
     (tee_file_size != image_len) ||
     ((hdr->init_load_addr_lo + tee_file_size) > tzdram_end)) {
- printf("OPTEE verification error tzdram 0x%08lx-0x%08lx "
-       "header lo=0x%08x hi=0x%08x size=0x%08x\n",
-       tzdram_start, tzdram_end, hdr->init_load_addr_lo,
-       hdr->init_load_addr_hi, tee_file_size);
  return -EINVAL;
  }
 
  return 0;
 }
+
+int optee_verify_bootm_image(unsigned long image_addr,
+     unsigned long image_load_addr,
+     unsigned long image_len)
+{
+ struct optee_header *hdr = (struct optee_header *)image_addr;
+ unsigned long tzdram_start = OPTEE_TZDRAM_BASE;
+ unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE;
+
+ int ret;
+
+ ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len);
+ if (ret)
+ goto error;
+
+ if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) {
+ ret = -EINVAL;
+ goto error;
+ }
+
+ return ret;
+error:
+ printf("OPTEE verification error tzdram 0x%08lx-0x%08lx "
+       "header 0x%08x-0x%08x size=0x%08lx arch=0x%08x"
+       "uimage params 0x%08lx-0x%08lx\n",
+       tzdram_start, tzdram_start + tzdram_len, hdr->init_load_addr_lo,
+       hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr,
+       image_load_addr + image_len);
+
+ return ret;
+}
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 8/9] optee: Improve error printout

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
When encountering an error in OPTEE verification print out the address of
the header and image.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 lib/optee/optee.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 36358f1..8c4e7fe 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -56,10 +56,12 @@ int optee_verify_bootm_image(unsigned long image_addr,
 
  return ret;
 error:
- printf("OPTEE verification error tzdram 0x%08lx-0x%08lx "
-       "header 0x%08x-0x%08x size=0x%08lx arch=0x%08x"
-       "uimage params 0x%08lx-0x%08lx\n",
-       tzdram_start, tzdram_start + tzdram_len, hdr->init_load_addr_lo,
+ printf("OPTEE verification error:"
+       "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx "
+       "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x"
+       "\n\tuimage params 0x%08lx-0x%08lx\n",
+       hdr, image_addr, hdr->magic, tzdram_start,
+       tzdram_start + tzdram_len, hdr->init_load_addr_lo,
        hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr,
        image_load_addr + image_len);
 
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Harinarayan Bhatta <[hidden email]>
Cc: Andrew F. Davis <[hidden email]>
Cc: Tom Rini <[hidden email]>
Cc: Kever Yang <[hidden email]>
Cc: Philipp Tomsich <[hidden email]>
Cc: Peng Fan <[hidden email]>
---
 common/bootm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/common/bootm.c b/common/bootm.c
index 9493a30..38c1b0a 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -19,6 +19,7 @@
 #include <lzma/LzmaTypes.h>
 #include <lzma/LzmaDec.h>
 #include <lzma/LzmaTools.h>
+#include <tee/optee.h>
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif
@@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
  if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
  images.os.load = images.os.image_start;
  images.ep += images.os.load;
+ } else if (images.os.type == IH_TYPE_OPTEE) {
+ ret = optee_verify_bootm_image(images.os.image_start,
+       images.os.load,
+       images.os.image_len);
+ if (ret)
+ return ret;
  }
 
  images.os.start = map_to_sysmem(os_hdr);
@@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 {
  if (((images.os.type == IH_TYPE_KERNEL) ||
      (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
-     (images.os.type == IH_TYPE_MULTI)) &&
+     (images.os.type == IH_TYPE_MULTI) ||
+     (images.os.type == IH_TYPE_OPTEE)) &&
     (images.os.os == IH_OS_LINUX ||
  images.os.os == IH_OS_VXWORKS))
  return bootm_find_images(flag, argc, argv);
@@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
  switch (image_get_type(hdr)) {
  case IH_TYPE_KERNEL:
  case IH_TYPE_KERNEL_NOLOAD:
+ case IH_TYPE_OPTEE:
  *os_data = image_get_data(hdr);
  *os_len = image_get_data_size(hdr);
  break;
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 3/9] optee: Make OPTEE_TZDRAM_BASE a mandatory define

Tom Rini-4
In reply to this post by Bryan O'Donoghue-3
On Fri, Jan 12, 2018 at 02:52:18PM +0000, Bryan O'Donoghue wrote:

> This patch makes OTPEE_TZDRAM_BASE a mandatory parameter.
> Subsequent patches will ensure that the region between
> OTPEE_TZDRAM_BASE and (OTPEE_TZDRAM_BASE +
> CONFIG_OPTEE_TZDRAM_SIZE) match the information given in the OPTEE header
> before handing off control to the OPTEE image when booting OPTEE directly
> via bootm.
>
> Signed-off-by: Bryan O'Donoghue <[hidden email]>
> Cc: Harinarayan Bhatta <[hidden email]>
> Cc: Andrew F. Davis <[hidden email]>
> Cc: Tom Rini <[hidden email]>
> Cc: Kever Yang <[hidden email]>
> Cc: Philipp Tomsich <[hidden email]>
> Cc: Peng Fan <[hidden email]>
> ---
>  lib/optee/optee.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/lib/optee/optee.c b/lib/optee/optee.c
> index a6c856a..6e55027 100644
> --- a/lib/optee/optee.c
> +++ b/lib/optee/optee.c
> @@ -5,9 +5,14 @@
>   * SPDX-License-Identifier: GPL-2.0+
>   */
>  
> +#include <config.h>
>  #include <common.h>
>  #include <tee/optee.h>
>  
> +#ifndef OPTEE_TZDRAM_BASE
> +#error "OPTEE_TZDRAM_BASE not defined"
> +#endif
> +
>  int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
>         unsigned long tzdram_len, unsigned long image_len)
>  {
I'm not a fan of adding #error's like this.  Since this is a static
value,it should be in Kconfig (with appropriate depends) or defined in a
consistent location (asm/arch/optee.h ?) and it should be obvious from
the code that uses the value that you need to have this value be
provided and how to determine what the valid and correct value is.
Thanks!

--
Tom

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Peng Fan
In reply to this post by Bryan O'Donoghue-3
Hi Bryan,
On Fri, Jan 12, 2018 at 02:52:15PM +0000, Bryan O'Donoghue wrote:

>This series adds a new OPTEE bootable image type to u-boot, which is
>directly bootable with the bootm command.
>
>There is already a TEE image type but, in this case the TEE firmware is
>loaded into RAM, jumped into and then back out of. This image type is a
>directly bootable image as described here :
>http://mrvan.github.io/optee-imx6ul
>
>Instead of reusing the Linux bootable image type instead a new image type
>is defined, which allows us to perform additional image verification, prior
>to handing off control via bootm.
>
>OPTEE images get linked to a specific address at compile time and must be
>loaded to this address too. This series extends out mkimage with a new
>image type that allows the OPTEE binary link location to be validated
>against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
>prior to proceeding through the bootm phase.
>
>Once applied you can generate a bootable OPTEE image like this
>
>mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
>
>That image can then be booted directly by bootm. bootm will verify the
>header contents of the OPTEE binary against the DRAM area carved out in
>u-boot. If the defined DRAM area does not match the link address specified
>we refuse to boot.
>
>Kever - I'd like to suggest that your OPTEE SPL image takes a different
>image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
>image type has versus a directly bootable bootm image.
>
>Bryan O'Donoghue (9):
>  optee: Add lib entries for sharing OPTEE code across ports
>  optee: Add CONFIG_OPTEE_TZDRAM_SIZE
>  optee: Make OPTEE_TZDRAM_BASE a mandatory define
>  optee: Add optee_image_get_entry_point()
>  optee: Add optee_image_get_load_addr()
>  tools: mkimage: add optee image type
>  optee: Add optee_verify_bootm_image()
>  optee: Improve error printout
>  bootm: optee: Add mechanism to validate an OPTEE image before boot
>
> common/bootm.c        | 11 +++++++-
> common/image.c        |  1 +
> include/image.h       |  1 +
> include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
> lib/Kconfig           |  1 +
> lib/Makefile          |  1 +
> lib/optee/Kconfig     | 16 ++++++++++++
> lib/optee/Makefile    |  7 ++++++
> lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
> tools/default_image.c | 25 ++++++++++++++-----
> 10 files changed, 166 insertions(+), 7 deletions(-)
> create mode 100644 lib/optee/Kconfig
> create mode 100644 lib/optee/Makefile
> create mode 100644 lib/optee/optee.c

Thanks for patchset. I gave a test on i.MX7D-SDB and it works well.

Tested-by: Peng Fan <[hidden email]>

>
>--
>2.7.4
>
>_______________________________________________
>U-Boot mailing list
>[hidden email]
>https://lists.denx.de/listinfo/u-boot

--
_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Kever Yang
In reply to this post by Bryan O'Donoghue-3
Hi Bryan,

On 01/12/2018 10:52 PM, Bryan O'Donoghue wrote:
> This series adds a new OPTEE bootable image type to u-boot, which is
> directly bootable with the bootm command.
>
> There is already a TEE image type but, in this case the TEE firmware is
> loaded into RAM, jumped into and then back out of.

This is how OP-TEE upstream designed flow, isn't it?
> This image type is a
> directly bootable image as described here :
> http://mrvan.github.io/optee-imx6ul

Still not clear about the detail flow you are using :( I don't
understand why
we need to support OP-TEE in bootm.
Do you make U-Boot working in secure word?

>
> Instead of reusing the Linux bootable image type instead a new image type
> is defined, which allows us to perform additional image verification, prior
> to handing off control via bootm.
>
> OPTEE images get linked to a specific address at compile time and must be
> loaded to this address too. This series extends out mkimage with a new
> image type that allows the OPTEE binary link location to be validated
> against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
> prior to proceeding through the bootm phase.
>
> Once applied you can generate a bootable OPTEE image like this
>
> mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
>
> That image can then be booted directly by bootm. bootm will verify the
> header contents of the OPTEE binary against the DRAM area carved out in
> u-boot. If the defined DRAM area does not match the link address specified
> we refuse to boot.
>
> Kever - I'd like to suggest that your OPTEE SPL image takes a different
> image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
> image type has versus a directly bootable bootm image.

Well, I think we can decide after everything is clear.

Thanks,
-Kever

>
> Bryan O'Donoghue (9):
>    optee: Add lib entries for sharing OPTEE code across ports
>    optee: Add CONFIG_OPTEE_TZDRAM_SIZE
>    optee: Make OPTEE_TZDRAM_BASE a mandatory define
>    optee: Add optee_image_get_entry_point()
>    optee: Add optee_image_get_load_addr()
>    tools: mkimage: add optee image type
>    optee: Add optee_verify_bootm_image()
>    optee: Improve error printout
>    bootm: optee: Add mechanism to validate an OPTEE image before boot
>
>   common/bootm.c        | 11 +++++++-
>   common/image.c        |  1 +
>   include/image.h       |  1 +
>   include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
>   lib/Kconfig           |  1 +
>   lib/Makefile          |  1 +
>   lib/optee/Kconfig     | 16 ++++++++++++
>   lib/optee/Makefile    |  7 ++++++
>   lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
>   tools/default_image.c | 25 ++++++++++++++-----
>   10 files changed, 166 insertions(+), 7 deletions(-)
>   create mode 100644 lib/optee/Kconfig
>   create mode 100644 lib/optee/Makefile
>   create mode 100644 lib/optee/optee.c
>


_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Philipp Tomsich

> On 15 Jan 2018, at 05:39, Kever Yang <[hidden email]> wrote:
>
> Hi Bryan,
>
> On 01/12/2018 10:52 PM, Bryan O'Donoghue wrote:
>> This series adds a new OPTEE bootable image type to u-boot, which is
>> directly bootable with the bootm command.
>>
>> There is already a TEE image type but, in this case the TEE firmware is
>> loaded into RAM, jumped into and then back out of.
>
> This is how OP-TEE upstream designed flow, isn't it?
>> This image type is a
>> directly bootable image as described here :
>> http://mrvan.github.io/optee-imx6ul
>
> Still not clear about the detail flow you are using :( I don't understand why
> we need to support OP-TEE in bootm.
> Do you make U-Boot working in secure word?

I would also prefer if we could leave the secure world prior to executing the
full U-Boot… it reduces the attack surface and will be similar to what we do
on ARMv8 with ATF.

>>
>> Instead of reusing the Linux bootable image type instead a new image type
>> is defined, which allows us to perform additional image verification, prior
>> to handing off control via bootm.
>>
>> OPTEE images get linked to a specific address at compile time and must be
>> loaded to this address too. This series extends out mkimage with a new
>> image type that allows the OPTEE binary link location to be validated
>> against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
>> prior to proceeding through the bootm phase.
>>
>> Once applied you can generate a bootable OPTEE image like this
>>
>> mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
>>
>> That image can then be booted directly by bootm. bootm will verify the
>> header contents of the OPTEE binary against the DRAM area carved out in
>> u-boot. If the defined DRAM area does not match the link address specified
>> we refuse to boot.
>>
>> Kever - I'd like to suggest that your OPTEE SPL image takes a different
>> image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
>> image type has versus a directly bootable bootm image.
>
> Well, I think we can decide after everything is clear.
>
> Thanks,
> -Kever
>>
>> Bryan O'Donoghue (9):
>>   optee: Add lib entries for sharing OPTEE code across ports
>>   optee: Add CONFIG_OPTEE_TZDRAM_SIZE
>>   optee: Make OPTEE_TZDRAM_BASE a mandatory define
>>   optee: Add optee_image_get_entry_point()
>>   optee: Add optee_image_get_load_addr()
>>   tools: mkimage: add optee image type
>>   optee: Add optee_verify_bootm_image()
>>   optee: Improve error printout
>>   bootm: optee: Add mechanism to validate an OPTEE image before boot
>>
>>  common/bootm.c        | 11 +++++++-
>>  common/image.c        |  1 +
>>  include/image.h       |  1 +
>>  include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
>>  lib/Kconfig           |  1 +
>>  lib/Makefile          |  1 +
>>  lib/optee/Kconfig     | 16 ++++++++++++
>>  lib/optee/Makefile    |  7 ++++++
>>  lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
>>  tools/default_image.c | 25 ++++++++++++++-----
>>  10 files changed, 166 insertions(+), 7 deletions(-)
>>  create mode 100644 lib/optee/Kconfig
>>  create mode 100644 lib/optee/Makefile
>>  create mode 100644 lib/optee/optee.c
>>
>
>

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Philipp Tomsich

> On 15 Jan 2018, at 11:24, Dr. Philipp Tomsich <[hidden email]> wrote:
>
>>
>> On 15 Jan 2018, at 05:39, Kever Yang <[hidden email]> wrote:
>>
>> Hi Bryan,
>>
>> On 01/12/2018 10:52 PM, Bryan O'Donoghue wrote:
>>> This series adds a new OPTEE bootable image type to u-boot, which is
>>> directly bootable with the bootm command.
>>>
>>> There is already a TEE image type but, in this case the TEE firmware is
>>> loaded into RAM, jumped into and then back out of.
>>
>> This is how OP-TEE upstream designed flow, isn't it?
>>> This image type is a
>>> directly bootable image as described here :
>>> http://mrvan.github.io/optee-imx6ul
>>
>> Still not clear about the detail flow you are using :( I don't understand why
>> we need to support OP-TEE in bootm.
>> Do you make U-Boot working in secure word?
>
> I would also prefer if we could leave the secure world prior to executing the
> full U-Boot… it reduces the attack surface and will be similar to what we do
> on ARMv8 with ATF.

I forgot to mention that Falcon-mode w/ OPTEE will only be possible if the
OPTEE is loaded from SPL.

As I would like to avoid having two different ways to load an OPTEE within
U-Boot, this seems to also bias the “default boot sequence” towards inserting
OPTEE between SPL and the OS-stage (whether this is IH_OS_U_BOOT,
IH_OS_LINUX or something else).

Regards,
Philipp.

>
>>>
>>> Instead of reusing the Linux bootable image type instead a new image type
>>> is defined, which allows us to perform additional image verification, prior
>>> to handing off control via bootm.
>>>
>>> OPTEE images get linked to a specific address at compile time and must be
>>> loaded to this address too. This series extends out mkimage with a new
>>> image type that allows the OPTEE binary link location to be validated
>>> against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
>>> prior to proceeding through the bootm phase.
>>>
>>> Once applied you can generate a bootable OPTEE image like this
>>>
>>> mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
>>>
>>> That image can then be booted directly by bootm. bootm will verify the
>>> header contents of the OPTEE binary against the DRAM area carved out in
>>> u-boot. If the defined DRAM area does not match the link address specified
>>> we refuse to boot.
>>>
>>> Kever - I'd like to suggest that your OPTEE SPL image takes a different
>>> image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
>>> image type has versus a directly bootable bootm image.
>>
>> Well, I think we can decide after everything is clear.
>>
>> Thanks,
>> -Kever
>>>
>>> Bryan O'Donoghue (9):
>>>  optee: Add lib entries for sharing OPTEE code across ports
>>>  optee: Add CONFIG_OPTEE_TZDRAM_SIZE
>>>  optee: Make OPTEE_TZDRAM_BASE a mandatory define
>>>  optee: Add optee_image_get_entry_point()
>>>  optee: Add optee_image_get_load_addr()
>>>  tools: mkimage: add optee image type
>>>  optee: Add optee_verify_bootm_image()
>>>  optee: Improve error printout
>>>  bootm: optee: Add mechanism to validate an OPTEE image before boot
>>>
>>> common/bootm.c        | 11 +++++++-
>>> common/image.c        |  1 +
>>> include/image.h       |  1 +
>>> include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
>>> lib/Kconfig           |  1 +
>>> lib/Makefile          |  1 +
>>> lib/optee/Kconfig     | 16 ++++++++++++
>>> lib/optee/Makefile    |  7 ++++++
>>> lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
>>> tools/default_image.c | 25 ++++++++++++++-----
>>> 10 files changed, 166 insertions(+), 7 deletions(-)
>>> create mode 100644 lib/optee/Kconfig
>>> create mode 100644 lib/optee/Makefile
>>> create mode 100644 lib/optee/optee.c

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Peng Fan
On Mon, Jan 15, 2018 at 11:29:41AM +0100, Dr. Philipp Tomsich wrote:

>
>> On 15 Jan 2018, at 11:24, Dr. Philipp Tomsich <[hidden email]> wrote:
>>
>>>
>>> On 15 Jan 2018, at 05:39, Kever Yang <[hidden email]> wrote:
>>>
>>> Hi Bryan,
>>>
>>> On 01/12/2018 10:52 PM, Bryan O'Donoghue wrote:
>>>> This series adds a new OPTEE bootable image type to u-boot, which is
>>>> directly bootable with the bootm command.
>>>>
>>>> There is already a TEE image type but, in this case the TEE firmware is
>>>> loaded into RAM, jumped into and then back out of.
>>>
>>> This is how OP-TEE upstream designed flow, isn't it?
>>>> This image type is a
>>>> directly bootable image as described here :
>>>> http://mrvan.github.io/optee-imx6ul
>>>
>>> Still not clear about the detail flow you are using :( I don't understand why
>>> we need to support OP-TEE in bootm.
>>> Do you make U-Boot working in secure word?
>>
>> I would also prefer if we could leave the secure world prior to executing the
>> full U-Boot??? it reduces the attack surface and will be similar to what we do
>> on ARMv8 with ATF.
>
>I forgot to mention that Falcon-mode w/ OPTEE will only be possible if the
>OPTEE is loaded from SPL.

Falcon-mode is a good feature, but not everyone use Falcon-mode.

>
>As I would like to avoid having two different ways to load an OPTEE within
>U-Boot, this seems to also bias the ???default boot sequence??? towards inserting
>OPTEE between SPL and the OS-stage (whether this is IH_OS_U_BOOT,
>IH_OS_LINUX or something else).


Providing the bootm way gives developer a choice for those that does not
support SPL.  We have been using bootm to boot optee for long time.

Thanks,
Peng

>
>Regards,
>Philipp.
>
>>
>>>>
>>>> Instead of reusing the Linux bootable image type instead a new image type
>>>> is defined, which allows us to perform additional image verification, prior
>>>> to handing off control via bootm.
>>>>
>>>> OPTEE images get linked to a specific address at compile time and must be
>>>> loaded to this address too. This series extends out mkimage with a new
>>>> image type that allows the OPTEE binary link location to be validated
>>>> against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
>>>> prior to proceeding through the bootm phase.
>>>>
>>>> Once applied you can generate a bootable OPTEE image like this
>>>>
>>>> mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
>>>>
>>>> That image can then be booted directly by bootm. bootm will verify the
>>>> header contents of the OPTEE binary against the DRAM area carved out in
>>>> u-boot. If the defined DRAM area does not match the link address specified
>>>> we refuse to boot.
>>>>
>>>> Kever - I'd like to suggest that your OPTEE SPL image takes a different
>>>> image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
>>>> image type has versus a directly bootable bootm image.
>>>
>>> Well, I think we can decide after everything is clear.
>>>
>>> Thanks,
>>> -Kever
>>>>
>>>> Bryan O'Donoghue (9):
>>>>  optee: Add lib entries for sharing OPTEE code across ports
>>>>  optee: Add CONFIG_OPTEE_TZDRAM_SIZE
>>>>  optee: Make OPTEE_TZDRAM_BASE a mandatory define
>>>>  optee: Add optee_image_get_entry_point()
>>>>  optee: Add optee_image_get_load_addr()
>>>>  tools: mkimage: add optee image type
>>>>  optee: Add optee_verify_bootm_image()
>>>>  optee: Improve error printout
>>>>  bootm: optee: Add mechanism to validate an OPTEE image before boot
>>>>
>>>> common/bootm.c        | 11 +++++++-
>>>> common/image.c        |  1 +
>>>> include/image.h       |  1 +
>>>> include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
>>>> lib/Kconfig           |  1 +
>>>> lib/Makefile          |  1 +
>>>> lib/optee/Kconfig     | 16 ++++++++++++
>>>> lib/optee/Makefile    |  7 ++++++
>>>> lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
>>>> tools/default_image.c | 25 ++++++++++++++-----
>>>> 10 files changed, 166 insertions(+), 7 deletions(-)
>>>> create mode 100644 lib/optee/Kconfig
>>>> create mode 100644 lib/optee/Makefile
>>>> create mode 100644 lib/optee/optee.c
>
>_______________________________________________
>U-Boot mailing list
>[hidden email]
>https://lists.denx.de/listinfo/u-boot

--
_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Philipp Tomsich

> On 15 Jan 2018, at 13:03, Peng Fan <[hidden email]> wrote:
>
> On Mon, Jan 15, 2018 at 11:29:41AM +0100, Dr. Philipp Tomsich wrote:
>>
>>> On 15 Jan 2018, at 11:24, Dr. Philipp Tomsich <[hidden email]> wrote:
>>>
>>>>
>>>> On 15 Jan 2018, at 05:39, Kever Yang <[hidden email]> wrote:
>>>>
>>>> Hi Bryan,
>>>>
>>>> On 01/12/2018 10:52 PM, Bryan O'Donoghue wrote:
>>>>> This series adds a new OPTEE bootable image type to u-boot, which is
>>>>> directly bootable with the bootm command.
>>>>>
>>>>> There is already a TEE image type but, in this case the TEE firmware is
>>>>> loaded into RAM, jumped into and then back out of.
>>>>
>>>> This is how OP-TEE upstream designed flow, isn't it?
>>>>> This image type is a
>>>>> directly bootable image as described here :
>>>>> http://mrvan.github.io/optee-imx6ul
>>>>
>>>> Still not clear about the detail flow you are using :( I don't understand why
>>>> we need to support OP-TEE in bootm.
>>>> Do you make U-Boot working in secure word?
>>>
>>> I would also prefer if we could leave the secure world prior to executing the
>>> full U-Boot??? it reduces the attack surface and will be similar to what we do
>>> on ARMv8 with ATF.
>>
>> I forgot to mention that Falcon-mode w/ OPTEE will only be possible if the
>> OPTEE is loaded from SPL.
>
> Falcon-mode is a good feature, but not everyone use Falcon-mode.
>
>>
>> As I would like to avoid having two different ways to load an OPTEE within
>> U-Boot, this seems to also bias the ???default boot sequence??? towards inserting
>> OPTEE between SPL and the OS-stage (whether this is IH_OS_U_BOOT,
>> IH_OS_LINUX or something else).
>
>
> Providing the bootm way gives developer a choice for those that does not
> support SPL.  We have been using bootm to boot optee for long time.

Interesting to hear. Could you provide some additional feedback on how you
boot these boards today (e.g. how is U-Boot loaded, if there is no SPL; is
U-Boot running in secure mode, as we seem to have inferred from the earlier
conversation)?

>
> Thanks,
> Peng
>
>>
>> Regards,
>> Philipp.
>>
>>>
>>>>>
>>>>> Instead of reusing the Linux bootable image type instead a new image type
>>>>> is defined, which allows us to perform additional image verification, prior
>>>>> to handing off control via bootm.
>>>>>
>>>>> OPTEE images get linked to a specific address at compile time and must be
>>>>> loaded to this address too. This series extends out mkimage with a new
>>>>> image type that allows the OPTEE binary link location to be validated
>>>>> against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively
>>>>> prior to proceeding through the bootm phase.
>>>>>
>>>>> Once applied you can generate a bootable OPTEE image like this
>>>>>
>>>>> mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee
>>>>>
>>>>> That image can then be booted directly by bootm. bootm will verify the
>>>>> header contents of the OPTEE binary against the DRAM area carved out in
>>>>> u-boot. If the defined DRAM area does not match the link address specified
>>>>> we refuse to boot.
>>>>>
>>>>> Kever - I'd like to suggest that your OPTEE SPL image takes a different
>>>>> image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
>>>>> image type has versus a directly bootable bootm image.
>>>>
>>>> Well, I think we can decide after everything is clear.
>>>>
>>>> Thanks,
>>>> -Kever
>>>>>
>>>>> Bryan O'Donoghue (9):
>>>>> optee: Add lib entries for sharing OPTEE code across ports
>>>>> optee: Add CONFIG_OPTEE_TZDRAM_SIZE
>>>>> optee: Make OPTEE_TZDRAM_BASE a mandatory define
>>>>> optee: Add optee_image_get_entry_point()
>>>>> optee: Add optee_image_get_load_addr()
>>>>> tools: mkimage: add optee image type
>>>>> optee: Add optee_verify_bootm_image()
>>>>> optee: Improve error printout
>>>>> bootm: optee: Add mechanism to validate an OPTEE image before boot
>>>>>
>>>>> common/bootm.c        | 11 +++++++-
>>>>> common/image.c        |  1 +
>>>>> include/image.h       |  1 +
>>>>> include/tee/optee.h   | 41 ++++++++++++++++++++++++++++++
>>>>> lib/Kconfig           |  1 +
>>>>> lib/Makefile          |  1 +
>>>>> lib/optee/Kconfig     | 16 ++++++++++++
>>>>> lib/optee/Makefile    |  7 ++++++
>>>>> lib/optee/optee.c     | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>> tools/default_image.c | 25 ++++++++++++++-----
>>>>> 10 files changed, 166 insertions(+), 7 deletions(-)
>>>>> create mode 100644 lib/optee/Kconfig
>>>>> create mode 100644 lib/optee/Makefile
>>>>> create mode 100644 lib/optee/optee.c
>>
>> _______________________________________________
>> U-Boot mailing list
>> [hidden email] <mailto:[hidden email]>
>> https://lists.denx.de/listinfo/u-boot <https://lists.denx.de/listinfo/u-boot>
>
> --

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/9] Add new OPTEE bootm support to u-boot

Bryan O'Donoghue-3
In reply to this post by Peng Fan


On 15/01/18 12:03, Peng Fan wrote:
> Providing the bootm way gives developer a choice for those that does not
> support SPL.  We have been using bootm to boot optee for long time.
>
> Thanks,
> Peng

Philipp,

My understanding is that bootm is the preferred armv7 method..

In principle we should be able to support both the SPL and bootm methods.
_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot