[U-Boot] [PATCH v4 11/12] bootm: optee: Add mechanism to validate a bootable TEE image

Mon, 26 Feb 2018 04:43:35 -0800 

This patch makes it possible to verify the contents and location of an
a bootable TEE image in DRAM prior to handing off control to that image. If
image verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <[email protected]>
Cc: Harinarayan Bhatta <[email protected]>
Cc: Andrew F. Davis <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Kever Yang <[email protected]>
Cc: Philipp Tomsich <[email protected]>
Cc: Peng Fan <[email protected]>
Tested-by: Peng Fan <[email protected]>
---
 common/bootm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/common/bootm.c b/common/bootm.c
index adb1213..3246ceb 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -19,6 +19,7 @@
 #include <lzma/LzmaTypes.h>
 #include <lzma/LzmaDec.h>
 #include <lzma/LzmaTools.h>
+#include <tee/optee.h>
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif
@@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int 
argc,
        if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
                images.os.load = images.os.image_start;
                images.ep += images.os.load;
+       } else if (images.os.type == IH_TYPE_TEE_BOOTABLE) {
+               ret = optee_verify_bootm_image(images.os.image_start,
+                                              images.os.load,
+                                              images.os.image_len);
+               if (ret)
+                       return ret;
        }
 
        images.os.start = map_to_sysmem(os_hdr);
@@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int 
argc,
 {
        if (((images.os.type == IH_TYPE_KERNEL) ||
             (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
-            (images.os.type == IH_TYPE_MULTI)) &&
+            (images.os.type == IH_TYPE_MULTI) ||
+            (images.os.type == IH_TYPE_TEE_BOOTABLE)) &&
            (images.os.os == IH_OS_LINUX ||
                 images.os.os == IH_OS_VXWORKS))
                return bootm_find_images(flag, argc, argv);
@@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int 
flag, int argc,
                switch (image_get_type(hdr)) {
                case IH_TYPE_KERNEL:
                case IH_TYPE_KERNEL_NOLOAD:
+               case IH_TYPE_TEE_BOOTABLE:
                        *os_data = image_get_data(hdr);
                        *os_len = image_get_data_size(hdr);
                        break;
-- 
2.7.4

_______________________________________________
U-Boot mailing list
[email protected]
https://lists.denx.de/listinfo/u-boot

Reply via email to