[U-Boot] [PATCH v2 7/9] optee: Add optee_verify_bootm_image()

Bryan O'Donoghue bryan.odonoghue at linaro.org
Fri Jan 19 19:43:24 UTC 2018 

This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
Cc: Harinarayan Bhatta <harinarayan at ti.com>
Cc: Andrew F. Davis <afd at ti.com>
Cc: Tom Rini <trini at konsulko.com>
Cc: Kever Yang <kever.yang at rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>
Cc: Peng Fan <peng.fan at nxp.com>
Tested-by: Peng Fan <peng.fan at nxp.com>
---
 include/tee/optee.h | 13 +++++++++++++
 lib/optee/optee.c   | 34 ++++++++++++++++++++++++++++++----
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/include/tee/optee.h b/include/tee/optee.h
index e782cb0..4b9e94c 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr,
 
 #endif
 
+#if defined(CONFIG_OPTEE)
+int optee_verify_bootm_image(unsigned long image_addr,
+			     unsigned long image_load_addr,
+			     unsigned long image_len);
+#else
+static inline int optee_verify_bootm_image(unsigned long image_addr,
+					   unsigned long image_load_addr,
+					   unsigned long image_len)
+{
+	return -EPERM;
+}
+#endif
+
 #endif /* _OPTEE_H */
diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 64ceacd..e28627d 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -9,7 +9,8 @@
 #include <tee/optee.h>
 
 #define optee_hdr_err_msg "OPTEE verification error tzdram 0x%08lx-0x%08lx " \
-			   "header lo=0x%08x hi=0x%08x size=0x%08x\n"
+			  "header 0x%08x-0x%08x size=0x%08lx arch=0x%08x" \
+			  "uimage params 0x%08lx-0x%08lx\n"
 
 int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
 		       unsigned long tzdram_len, unsigned long image_len)
@@ -27,11 +28,36 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
 	    tee_file_size > tzdram_len ||
 	    tee_file_size != image_len ||
 	    (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) {
-		printf(optee_hdr_err_msg, tzdram_start, tzdram_end,
-		       hdr->init_load_addr_lo, hdr->init_load_addr_hi,
-		       tee_file_size);
 		return -EINVAL;
 	}
 
 	return 0;
 }
+
+int optee_verify_bootm_image(unsigned long image_addr,
+			     unsigned long image_load_addr,
+			     unsigned long image_len)
+{
+	struct optee_header *hdr = (struct optee_header *)image_addr;
+	unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE;
+	unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE;
+
+	int ret;
+
+	ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len);
+	if (ret)
+		goto error;
+
+	if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) {
+		ret = -EINVAL;
+		goto error;
+	}
+
+	return ret;
+error:
+	printf(optee_hdr_err_msg, tzdram_start, tzdram_start + tzdram_len,
+	       hdr->init_load_addr_lo, hdr->init_load_addr_hi, image_len,
+	       hdr->arch, image_load_addr, image_load_addr + image_len);
+
+	return ret;
+}
-- 
2.7.4

More information about the U-Boot mailing list