[U-Boot] [PATCH v3 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot
Bryan O'Donoghue
bryan.odonoghue at linaro.org
Tue Jan 23 20:42:00 UTC 2018
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
Cc: Harinarayan Bhatta <harinarayan at ti.com>
Cc: Andrew F. Davis <afd at ti.com>
Cc: Tom Rini <trini at konsulko.com>
Cc: Kever Yang <kever.yang at rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>
Cc: Peng Fan <peng.fan at nxp.com>
Tested-by: Peng Fan <peng.fan at nxp.com>
---
common/bootm.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/common/bootm.c b/common/bootm.c
index adb1213..d528844 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -19,6 +19,7 @@
#include <lzma/LzmaTypes.h>
#include <lzma/LzmaDec.h>
#include <lzma/LzmaTools.h>
+#include <tee/optee.h>
#if defined(CONFIG_CMD_USB)
#include <usb.h>
#endif
@@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
images.os.load = images.os.image_start;
images.ep += images.os.load;
+ } else if (images.os.type == IH_TYPE_OPTEE) {
+ ret = optee_verify_bootm_image(images.os.image_start,
+ images.os.load,
+ images.os.image_len);
+ if (ret)
+ return ret;
}
images.os.start = map_to_sysmem(os_hdr);
@@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
{
if (((images.os.type == IH_TYPE_KERNEL) ||
(images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
- (images.os.type == IH_TYPE_MULTI)) &&
+ (images.os.type == IH_TYPE_MULTI) ||
+ (images.os.type == IH_TYPE_OPTEE)) &&
(images.os.os == IH_OS_LINUX ||
images.os.os == IH_OS_VXWORKS))
return bootm_find_images(flag, argc, argv);
@@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
switch (image_get_type(hdr)) {
case IH_TYPE_KERNEL:
case IH_TYPE_KERNEL_NOLOAD:
+ case IH_TYPE_OPTEE:
*os_data = image_get_data(hdr);
*os_len = image_get_data_size(hdr);
break;
--
2.7.4
More information about the U-Boot
mailing list