u-boot.git/lib/optee, branch v2020.04 Unnamed repository; edit this file 'description' to name the repository. optee: Replace uninitialized return variable by proper one. 2020-01-30T18:30:35+00:00 Christoph Müllner christoph.muellner@theobroma-systems.com 2020-01-26T22:20:54+00:00 0f97e923d4921a057e1a7bbfac170cadefde5624 As hinted by GCC 9, there is a return statement that returns an uninitialized variable in optee_copy_firmware_node(). This patch addresses this. Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com> Reviewed-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> 
As hinted by GCC 9, there is a return statement that returns
an uninitialized variable in optee_copy_firmware_node().
This patch addresses this.

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
common: Move the image globals into image.h 2020-01-17T19:02:35+00:00 Simon Glass sjg@chromium.org 2019-12-28T17:45:03+00:00 8e8ccfe1aa1a3ea0cb88b4438c7a687fcf8632a1 These three globals relate to image handling. Move them to the image header file. Signed-off-by: Simon Glass <sjg@chromium.org> 
These three globals relate to image handling. Move them to the image
header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: fdt: copy possible optee nodes to a loaded devicetree 2019-11-14T13:09:34+00:00 Heiko Stuebner heiko.stuebner@theobroma-systems.com 2019-10-23T14:46:40+00:00 6ccb05eae01b660b0585accf338302af1069f419 The loading convention for optee or any other tee on arm64 is as bl32 parameter to the trusted-firmware. So TF-A gets invoked with the TEE as bl32 and main u-boot as bl33. Once it has done its startup TF-A jumps into the bl32 for the TEE startup, returns to TF-A and then jumps to bl33. All of them get passed a devicetree as parameter and all components often get loaded from a FIT image. OP-TEE will create additional nodes in that devicetree namely a firmware node and possibly multiple reserved-memory nodes. While this devicetree is used in main u-boot, in most cases it won't be the one passed to the actual kernel. Instead most boot commands will load a new devicetree from somewhere like mass storage of the network, so if that happens u-boot should transfer the optee nodes to that new devicetree. To make that happen introduce optee_copy_fdt_nodes() called from the dt setup function in image-fdt which after checking for the optee presence in the u-boot dt will make sure a optee node is present in the kernel dt and transfer any reserved-memory regions it can find. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> 
The loading convention for optee or any other tee on arm64 is as bl32
parameter to the trusted-firmware. So TF-A gets invoked with the TEE as
bl32 and main u-boot as bl33. Once it has done its startup TF-A jumps
into the bl32 for the TEE startup, returns to TF-A and then jumps to bl33.

All of them get passed a devicetree as parameter and all components often
get loaded from a FIT image.

OP-TEE will create additional nodes in that devicetree namely a firmware
node and possibly multiple reserved-memory nodes.

While this devicetree is used in main u-boot, in most cases it won't be
the one passed to the actual kernel. Instead most boot commands will load
a new devicetree from somewhere like mass storage of the network, so if
that happens u-boot should transfer the optee nodes to that new devicetree.

To make that happen introduce optee_copy_fdt_nodes() called from the dt
setup function in image-fdt which after checking for the optee presence
in the u-boot dt will make sure a optee node is present in the kernel dt
and transfer any reserved-memory regions it can find.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
optee: Make TZDRAM config options contingent on CONFIG_OPTEE 2019-07-19T13:12:07+00:00 Bryan O'Donoghue bryan.odonoghue@linaro.org 2019-05-04T00:08:23+00:00 7e7cc90e33f556f047b469e48a41fc5c130df2d8 Commit c7b3a7ee5351 ("optee: adjust dependencies and default values for dram") makes the TZDRAM defines for OPTEE show up for all configs as a side-effect. While not harmful its not what we really want. This patch makes the following defines contingent on CONFIG_OPTEE=y CONFIG_OPTEE_TZDRAM_BASE CONFIG_OPTEE_TZDRAM_SIZE Rightly, if you don't have CONFIG_OPTEE=y you don't care about the above two defines. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Rui Miguel Silva <rui.silva@linaro.org> Acked-by: Rui Miguel Silva <rui.silva@linaro.org> 
Commit c7b3a7ee5351 ("optee: adjust dependencies and default values for
dram") makes the TZDRAM defines for OPTEE show up for all configs as a
side-effect. While not harmful its not what we really want.

This patch makes the following defines contingent on CONFIG_OPTEE=y

CONFIG_OPTEE_TZDRAM_BASE
CONFIG_OPTEE_TZDRAM_SIZE

Rightly, if you don't have CONFIG_OPTEE=y you don't care about the above
two defines.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Acked-by: Rui Miguel Silva <rui.silva@linaro.org>
optee: adjust dependencies and default values for dram 2018-10-22T12:37:28+00:00 Rui Miguel Silva rui.silva@linaro.org 2018-09-05T10:56:06+00:00 c7b3a7ee53512380a80a029e8a993ff470ff5b61 We may have, the not yet considered, scenario where OPTEE is loaded before u-boot and *not* by u-boot, e.g, the boot flow using the ARM Trusted Firmware (ATF), where in the 32bit flow is: BootRom->ATF(BL2)->Optee(BL32)->u-boot(BL33) In this case we need still to reserve the memory used by optee, to avoid for example to realocate ourself to the same address at the end of DRAM. So, we change here the dependencies on the OPTEE lib and we set the default size and base of TZRAM to zero. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Ryan Harkin <ryan.harkin@linaro.org> Cc: u-boot@lists.denx.de 
We may have, the not yet considered, scenario where OPTEE is loaded before
u-boot and *not* by u-boot, e.g, the boot flow using the ARM Trusted
Firmware (ATF), where in the 32bit flow is:
BootRom->ATF(BL2)->Optee(BL32)->u-boot(BL33)

In this case we need still to reserve the memory used by optee, to avoid
for example to realocate ourself to the same address at the end of DRAM.
So, we change here the dependencies on the OPTEE lib and we set the default
size and base of TZRAM to zero.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Ryan Harkin <ryan.harkin@linaro.org>
Cc: u-boot@lists.denx.de
SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07T13:34:12+00:00 Tom Rini trini@konsulko.com 2018-05-06T21:58:06+00:00 83d290c56fab2d38cd1ab4c4cc7099559c1d5046 When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
bootm: optee: Add a bootm command for type IH_OS_TEE 2018-03-19T20:14:25+00:00 Bryan O'Donoghue bryan.odonoghue@linaro.org 2018-03-13T16:50:36+00:00 c225e7cf54fcad44902488f0d07bf362a477adf8 This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Andrew F. Davis <afd@ti.com> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com> 
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
optee: Add error printout 2018-03-19T20:14:25+00:00 Bryan O'Donoghue bryan.odonoghue@linaro.org 2018-03-13T16:50:34+00:00 6ffc4200457e0616d51f3a7219bbd486d564a4e6 When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com> Tested-by: Peng Fan <peng.fan@nxp.com> 
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
optee: Add optee_verify_bootm_image() 2018-03-19T20:14:24+00:00 Bryan O'Donoghue bryan.odonoghue@linaro.org 2018-03-13T16:50:33+00:00 c5a6e8bd00cc7257541a904682206bdc0be2bab4 This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com> 
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
optee: Add CONFIG_OPTEE_LOAD_ADDR 2018-03-19T20:14:24+00:00 Bryan O'Donoghue bryan.odonoghue@linaro.org 2018-03-13T16:50:30+00:00 f25006b96e9f6b9b8688ec8e4bc8a87dc1f1479d CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE binary into memory prior to handing off control to OPTEE. We need to pull this value out of u-boot in order to produce an IMX IVT/CSF signed pair for the purposes of secure boot. The best way to do that is to have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg. Adding new CONFIG entires to u-boot should be kconfig driven so this patch does just that. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org> 
CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE
binary into memory prior to handing off control to OPTEE.

We need to pull this value out of u-boot in order to produce an IMX IVT/CSF
signed pair for the purposes of secure boot. The best way to do that is to
have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg.

Adding new CONFIG entires to u-boot should be kconfig driven so this patch
does just that.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>