[U-Boot] [PATCH v4 07/12] tools: mkimage: add tee-bootable image type

Bryan O'Donoghue bryan.odonoghue at linaro.org
Mon Feb 26 12:36:01 UTC 2018 

This patch adds support for bootable TEE images to mkimage. Currently
there is a (Trusted Execution Environment) TEE image type, the TEE image
type is installed to a memory location control is passed to the TEE and
then the TEE returns to u-boot.

flow #0:
BootROM -> u-boot -> tee -> u-boot -> onwards

For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7
the boot flow is

flow #1:
BootROM -> u-boot -> optee -> kernel

This patch adds a new image type to mkimage -  IH_TYPE_TEE_BOOTABLE to
reflect this TEE boot flow and to facilitate additional OPTEE specific
verification of that image type - prior to handing control to that image.

The new image type enables us to more easily generate and validate a
bootable OPTEE image also, for example instead of generating an OPTEE image
like this:

mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c100000 -d
./out/arm-plat-imx/core/tee.bin uTee

we can instead generate images like this:
mkimage -A arm -T tee-bootable -C none -d ./out/arm-plat-imx/core/tee.bin
uTee.optee

That OPTEE image then will have a specific image type that bootm can
automatically identify and consequently perform additional optee-header
checks on.

Subsequent patches add logic to perform those optee-specific changes prior
to handing over control as described in flow #1 above.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
Cc: Harinarayan Bhatta <harinarayan at ti.com>
Cc: Andrew F. Davis <afd at ti.com>
Cc: Tom Rini <trini at konsulko.com>
Cc: Kever Yang <kever.yang at rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>
Cc: Peng Fan <peng.fan at nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
Tested-by: Peng Fan <peng.fan at nxp.com>
---
 common/image.c        |  1 +
 include/image.h       |  1 +
 tools/default_image.c | 25 +++++++++++++++++++------
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/common/image.c b/common/image.c
index e9609cd..e7785ce 100644
--- a/common/image.c
+++ b/common/image.c
@@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = {
 	{       IH_TYPE_TEE,        "tee",        "Trusted Execution Environment Image",},
 	{	IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" },
 	{       IH_TYPE_PMMC,        "pmmc",        "TI Power Management Micro-Controller Firmware",},
+	{       IH_TYPE_TEE_BOOTABLE, "tee-bootable", "Trusted Execution Environment Bootable Image",},
 	{	-1,		    "",		  "",			},
 };
 
diff --git a/include/image.h b/include/image.h
index a2372de..d2c47ef 100644
--- a/include/image.h
+++ b/include/image.h
@@ -272,6 +272,7 @@ enum {
 	IH_TYPE_TEE,            /* Trusted Execution Environment (TEE) OS Image */
 	IH_TYPE_FIRMWARE_IVT,		/* Firmware Image with HABv4 IVT */
 	IH_TYPE_PMMC,            /* TI Power Management Micro-Controller Firmware */
+	IH_TYPE_TEE_BOOTABLE,		/* TEE Bootable Image */
 
 	IH_TYPE_COUNT,			/* Number of image types */
 };
diff --git a/tools/default_image.c b/tools/default_image.c
index 4e5568e..fc0b0c0 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -18,6 +18,7 @@
 #include "mkimage.h"
 
 #include <image.h>
+#include <tee/optee.h>
 #include <u-boot/crc.h>
 
 static image_header_t header;
@@ -25,7 +26,8 @@ static image_header_t header;
 static int image_check_image_types(uint8_t type)
 {
 	if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) ||
-	    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT))
+	    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) ||
+	    (type == IH_TYPE_TEE_BOOTABLE))
 		return EXIT_SUCCESS;
 	else
 		return EXIT_FAILURE;
@@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 	uint32_t checksum;
 	time_t time;
 	uint32_t imagesize;
+	uint32_t ep;
+	uint32_t addr;
 
 	image_header_t * hdr = (image_header_t *)ptr;
 
@@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 			sbuf->st_size - sizeof(image_header_t));
 
 	time = imagetool_get_source_date(params, sbuf->st_mtime);
-	if (params->type == IH_TYPE_FIRMWARE_IVT)
+	ep = params->ep;
+	addr = params->addr;
+	imagesize = sbuf->st_size - sizeof(image_header_t);
+
+	switch (params->type) {
+	case IH_TYPE_FIRMWARE_IVT:
 		/* Add size of CSF minus IVT */
 		imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
-	else
-		imagesize = sbuf->st_size - sizeof(image_header_t);
+		break;
+	case IH_TYPE_TEE_BOOTABLE:
+		addr = optee_image_get_load_addr(hdr);
+		ep = optee_image_get_entry_point(hdr);
+		break;
+	}
 
 	/* Build new header */
 	image_set_magic(hdr, IH_MAGIC);
 	image_set_time(hdr, time);
 	image_set_size(hdr, imagesize);
-	image_set_load(hdr, params->addr);
-	image_set_ep(hdr, params->ep);
+	image_set_load(hdr, addr);
+	image_set_ep(hdr, ep);
 	image_set_dcrc(hdr, checksum);
 	image_set_os(hdr, params->os);
 	image_set_arch(hdr, params->arch);
-- 
2.7.4

More information about the U-Boot mailing list