[U-Boot] [PATCH v4 11/12] bootm: optee: Add mechanism to validate a bootable TEE image

Bryan O'Donoghue bryan.odonoghue at linaro.org
Mon Feb 26 12:36:05 UTC 2018 

This patch makes it possible to verify the contents and location of an
a bootable TEE image in DRAM prior to handing off control to that image. If
image verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
Cc: Harinarayan Bhatta <harinarayan at ti.com>
Cc: Andrew F. Davis <afd at ti.com>
Cc: Tom Rini <trini at konsulko.com>
Cc: Kever Yang <kever.yang at rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>
Cc: Peng Fan <peng.fan at nxp.com>
Tested-by: Peng Fan <peng.fan at nxp.com>
---
 common/bootm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/common/bootm.c b/common/bootm.c
index adb1213..3246ceb 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -19,6 +19,7 @@
 #include <lzma/LzmaTypes.h>
 #include <lzma/LzmaDec.h>
 #include <lzma/LzmaTools.h>
+#include <tee/optee.h>
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif
@@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
 	if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
 		images.os.load = images.os.image_start;
 		images.ep += images.os.load;
+	} else if (images.os.type == IH_TYPE_TEE_BOOTABLE) {
+		ret = optee_verify_bootm_image(images.os.image_start,
+					       images.os.load,
+					       images.os.image_len);
+		if (ret)
+			return ret;
 	}
 
 	images.os.start = map_to_sysmem(os_hdr);
@@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 {
 	if (((images.os.type == IH_TYPE_KERNEL) ||
 	     (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
-	     (images.os.type == IH_TYPE_MULTI)) &&
+	     (images.os.type == IH_TYPE_MULTI) ||
+	     (images.os.type == IH_TYPE_TEE_BOOTABLE)) &&
 	    (images.os.os == IH_OS_LINUX ||
 		 images.os.os == IH_OS_VXWORKS))
 		return bootm_find_images(flag, argc, argv);
@@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 		switch (image_get_type(hdr)) {
 		case IH_TYPE_KERNEL:
 		case IH_TYPE_KERNEL_NOLOAD:
+		case IH_TYPE_TEE_BOOTABLE:
 			*os_data = image_get_data(hdr);
 			*os_len = image_get_data_size(hdr);
 			break;
-- 
2.7.4

More information about the U-Boot mailing list