() is a tautology. A more logical name is
imx_hab_is_enabled().
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: F
performance impact with dcache switched off so
this fix is relatively pain-free.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
The size of the IVT header should be defined in hab.h move it there now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <al
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.
Signed-off-by: Bryan O'Donoghue <bryan.odo
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org&
ory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven
on the alternative BootROM API.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sv
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam
in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
.
The first step is fixing the return type in authenticate_image() so do that
now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <al
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
in the NXP documents to
perform prior to hab_rvt_authenticate_image
- hab_rvt_failsafe is a useful function to set the board into BootROM
USB recovery mode.
Bryan O'Donoghue (23):
arm: imx: hab: Make authenticate_image return int
arm: imx: hab: Fix authenticate_image result code
arm: imx: hab
: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot
authentication")
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.
.
The first step is fixing the return type in authenticate_image() so do that
now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <al
The current code disjoins an entire block of code on hab_entry pass/fail
resulting in a large chunk of authenticate_image being offset to the right.
Fix this by checking hab_entry() pass/failure and exiting the function
directly if in an error state.
Signed-off-by: Bryan O'Donoghue <bryan.odo
There is no need to export these functions and data structures externally.
Make them all static now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.co
.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenf...@gmail.com>
Cc:
in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
The size of the IVT header should be defined in hab.h move it there now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <al
performance impact with dcache switched off so
this fix is relatively pain-free.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
This patch enables printout of the IVT entry, dcd and csf data fields.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: F
ory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven
ux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert A
it now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenf...@
ce invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic
on the alternative BootROM API.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sv
There is no need to call is_enabled() twice in authenticate_image - it does
nothing but add an additional layer of indentation.
We can check for is_enabled() at the start of the function and return the
result code directly.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: S
and perform that check as directed.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfel
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de
() is a tautology. A more logical name is
imx_hab_is_enabled().
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.
Signed-off-by: Bryan O'Donoghue <bryan.odo
I'm trying to build mx6sabreauto which uses the SPL framework and I'm
getting the following build error:
arch/arm/mach-imx/hab.c: In function 'imx_hab_authenticate_image':
arch/arm/mach-imx/hab.c:514:6: warning: implicit declaration of
function 'verify_ivt_header'
On 03/01/18 01:25, Breno Matheus Lima wrote:
Hi Bryan,
2018-01-02 14:43 GMT-02:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>:
The i.MX6 has some pretty explicit code associated with informing the IROM
about flushing caches during authenticate_image().
Looking at various
This set of patches makes a version of u-boot that is bootable as BL33 in a
chainloded set of images in the following sequence.
BootROM -> ATF (loads a FIP) -> OPTEE -> u-boot -> Linux.
Since the OPTEE image enables TrustZone u-boot no longer has access to
certain low-level functions. In order
o reserve the memory used by optee, to avoid
for example to realocate ourself to the same address at the end of DRAM.
So, we change here the dependencies on the OPTEE lib and we set the default
size and base of TZRAM to zero.
Signed-off-by: Rui Miguel Silva
Signed-off-by: Bryan O'Donoghue
Cc: Fabi
the permission for that.
So, if the config option to skip low level init is set disable also timer,
board and csu initialization.
Signed-off-by: Rui Miguel Silva
Signed-off-by: Bryan O'Donoghue
Cc: Stefano Babic
Cc: Fabio Estevam
Cc: Albert Aribaud
Cc: Peng Fan
Cc: u-boot@lists.denx.de
---
arch
From: Rui Miguel Silva
Add default configuration to run u-boot as BL33 in the ARM Trusted Firmware
boot flow for AArch32 case.
Signed-off-by: Rui Miguel Silva
Signed-off-by: Bryan O'Donoghue
Cc: Fabio Estevam
Cc: Simon Glass
Cc: Maxime Ripard
Cc: Lukasz Majewski
Cc: Tuomas Tynkkynen
Cc
Miguel Silva
Signed-off-by: Bryan O'Donoghue
Cc: Fabio Estevam
Cc: u-boot@lists.denx.de
---
include/configs/warp7.h | 11 +++
1 file changed, 11 insertions(+)
diff --git a/include/configs/warp7.h b/include/configs/warp7.h
index 1b656a5aaf..a391dfb5c1 100644
--- a/include/configs/warp7
data.size - imximage_ivt_offset -
- imximage_csf_size);
+ (uint32_t)(fhdr_v2->csf - fhdr_v2->self));
printf("DCD Blocks: 0x0091 0x%08x 0x%08x\n",
offs, be16_to_cpu(dcdlen));
}
Good
-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenf...@gmail.com>
Cc:
() is a tautology. A more logical name is
imx_hab_is_enabled().
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam
This patch enables printout of the IVT entry, dcd and csf data fields.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenf...@gmail.com>
Cc:
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u
ce invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
There is no need to export these functions and data structures externally.
Make them all static now.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.co
. Returning a pass status for authenticate_image() calls anyway
A previous patch removed the necessity to call into imx_hab_is_enabled()
twice. This patch ensures the reliance on authenticate_image() returning
zero is maintained.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Sug
ory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sven
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: F
ux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert A
and perform that check as directed.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfel
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org&
on the alternative BootROM API.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Stefano Babic <sba...@denx.de>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Albert Aribaud <albert.u.b...@aribaud.net>
Cc: Sven Ebenfeld <sv
On 18/01/18 01:31, Kever Yang wrote:
I don't think we can reuse IH_TYPE_TEEļ¼ it use a optee.img type create
by mkimage and it seem use more then one cpu.
Don't really understand what you mean by using more than one CPU - can
you give an example in the code ?
---
bod
hecks on.
Subsequent patches add logic to perform those optee-specific changes prior
to handing over control as described in flow #1 above.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com&g
s to a non-TrustZone context. Linux then simply has to detect or be
told to skip RNG initialisation.
This change is safe both for the OPTEE/TrustZone boot path and the regular
non-OPTEE/TrustZone boot path.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fa
skip
HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.com>
Cc: Alex Porosanu <alexandru.poros...@nxp.com>
Cc: Ruchika Gupta <ruc
Add a helper function for extracting the least significant 32 bits from the
OPTEE entry point address, which will be good enough to load OPTEE binaries
up to (2^32)-1 bytes.
We may need to extend this out later on but for now (2^32)-1 should be
fine.
Signed-off-by: Bryan O'Donoghue <bryan.odo
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <
This patch adds optee_image_get_load_addr() a helper function used to
calculate the load-address of an OPTEE image based on the lower
entry-point address given in the OPTEE header.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
SPL image takes a different
image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
image type has versus a directly bootable bootm image.
Bryan O'Donoghue (9):
optee: Add lib entries for sharing OPTEE code across ports
optee: Add CONFIG_OPTEE_TZDRAM_SIZE
optee: Add CONFIG_OPTEE_TZD
as more functionality gets added.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Toms
prior to trying to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Toms
to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Tomsich <phil
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.
Signed-off-by: Bryan O'Donoghue
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.co
/TEE CAAM driver to
solve and is out of scope of this patchset.
[1] Thanks for all of your help BTW - Peng, there's no way this would be
working without you giving direction on how.
Bryan O'Donoghue (2):
drivers/crypto/fsl: assign job-rings to non-TrustZone
warp7 : run sec_init for CAAM RNG
On 22/01/18 14:46, Andrew F. Davis wrote:
As I understand it, that's a board-specific method, which wants to
install a TEE (jump into a TEE and return to u-boot), whereas the aim
with this patch-set is to chain-load and boot via TEE - OPTEE in this case.
This is not board-specific, this is
On 10/03/18 01:10, Breno Matheus Lima wrote:
Hi Bryan,
2018-03-09 10:07 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>:
commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior
to calling HAB authenticate function.") makes the DCD field being N
On 12/03/18 16:33, Breno Matheus Lima wrote:
The purpose of hab_rvt_authenticate_image() API function is to
authenticate additional boot images in a post-ROM stage, initial boot
images are supposed to be authenticate only once by the initial ROM
code. The HAB implementation in older devices
on which the device was fabricated/SJC
CHALLENGE/ Unique ID
10:0
- FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID
The 64 bits of data generate a unique serial number per-chip.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fabio.este..
0xf42400d300d4-0:0
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Reviewed-by: Rui Miguel Silva <rui.si...@linaro.org>
Reviewed-by: Ryan Harkin <ryan.har...@linaro.org>
---
board/warp7/warp7.c | 12
1 fi
environment, hopefully its useful and
acceptable to others.
Bryan O'Donoghue (2):
warp7: usb: Introduce a get method for serial number
warp7: usb: Set u-boot serial# based on OTP value
board/warp7/warp7.c | 65 +
1 file changed, 65 insertions
On 13/03/18 13:25, Fabio Estevam wrote:
+static int warp7_get_serialid(u64 *id)
Maybe you could turn place this function in a common location as it
may be useful for others.
Ah, looking for a place to stick this as shared code I've found
something which already does what this patch does
hopefully its useful and
acceptable to others.
Bryan O'Donoghue (3):
imx: mx7: Fix CONFIG_SERIAL_TAG compilation
imx: mx7: Add comment to describe OTP TESTER registers
warp7: Set u-boot serial# based on OTP value
arch/arm/mach-imx/mx7/soc.c | 22 ++
board/war
Currently when we define CONFIG_SERIAL_TAG we will barf with a failure to
define "struct tag_serialnr".
This structure is defined in , this patch includes
to fix.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fabio.este...@nxp.com&
ad.
With this patch in place the USB mass storage device will appear in
/dev/disk/by-id with a unique name based on the OTP value. For example
/dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d301d4-0:0
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <f
Unique ID
10:0
- FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID
The 64 bits of data generate a unique serial number per-chip.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng@nxp.co
n then be booted directly by bootm. bootm will verify the
header contents of the OPTEE binary against the DRAM area carved out in
u-boot. If the defined DRAM area does not match the link address specified
we refuse to boot.
Kever - I'd like to suggest that your OPTEE SPL image takes a different
image ty
SPL
|
v
U-Boot -->
<- OP-TEE
|
V
Linux
IH_TYPE_TEE: (mkimage -T tee)
Non-Secure Secure
BootROM
|
-
|
v
SPL --->
<- OP-TEE
|
v
U-Boot
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.co
This patch adds optee_image_get_load_addr() a helper function used to
calculate the load-address of an OPTEE image based on the lower
entry-point address given in the OPTEE header.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.
Signed-off-by: Bryan O'Donoghue
as more functionality gets added.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Toms
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Suggested-by: Andrew F.
to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Tomsich <phil
prior to trying to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Toms
Add a helper function for extracting the least significant 32 bits from the
OPTEE entry point address, which will be good enough to load OPTEE binaries
up to (2^32)-1 bytes.
We may need to extend this out later on but for now (2^32)-1 should be
fine.
Signed-off-by: Bryan O'Donoghue <bryan.odo
CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg.
Adding new CONFIG entires to u-boot should be kconfig driven so this patch
does just that.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Reviewed-by: Ryan Harkin <ryan.har...@linaro.org>
---
lib/optee/Kconfig | 6 ++
1 file changed,
as more functionality gets added.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Harinarayan Bhatta <harinara...@ti.com>
Cc: Andrew F. Davis <a...@ti.com>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Philipp Toms
area does not match the link address specified
we refuse to boot.
Kever - I'd like to suggest that your OPTEE SPL image takes a different
image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your
image type has versus a directly bootable bootm image.
Bryan O'Donoghue (10):
optee: Add lib e
Add a helper function for extracting the least significant 32 bits from the
OPTEE entry point address, which will be good enough to load OPTEE binaries
up to (2^32)-1 bytes.
We may need to extend this out later on but for now (2^32)-1 should be
fine.
Signed-off-by: Bryan O'Donoghue <bryan.odo
201 - 300 of 574 matches
Mail list logo