image: Add IH_OS_TEE for TEE chain-load boot
This patch adds a new type IH_OS_TEE. This new OS type will be used for
chain-loading to Linux via a TEE.
With this patch in-place you can generate a bootable OPTEE image like this:
mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee
where "tee.bin" is the input binary prefixed with an OPTEE header and
uTee.optee is the output prefixed with a u-boot wrapper header.
This image type "-T kernel -O tee" is differentiated from the existing
IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow
control returns to u-boot) whereas for the new IH_OS_TEE control passes to
the OPTEE firmware and the firmware chainloads onto Linux.
Andrew Davis gave the following ASCII diagram:
IH_OS_TEE: (mkimage -T kernel -O tee)
Non-Secure Secure
BootROM
|
-------------
|
v
SPL
|
v
U-Boot ------>
<----- OP-TEE
|
V
Linux
IH_TYPE_TEE: (mkimage -T tee)
Non-Secure Secure
BootROM
|
-------------
|
v
SPL ------->
<----- OP-TEE
|
v
U-Boot
|
V
Linux
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
diff --git a/common/image.c b/common/image.c
index 9e850c0..f5278a0 100644
--- a/common/image.c
+++ b/common/image.c
@@ -100,6 +100,7 @@
{ IH_OS_OSE, "ose", "Enea OSE", },
{ IH_OS_PLAN9, "plan9", "Plan 9", },
{ IH_OS_RTEMS, "rtems", "RTEMS", },
+ { IH_OS_TEE, "tee", "Trusted Execution Environment" },
{ IH_OS_U_BOOT, "u-boot", "U-Boot", },
{ IH_OS_VXWORKS, "vxworks", "VxWorks", },
#if defined(CONFIG_CMD_ELF) || defined(USE_HOSTCC)
diff --git a/include/image.h b/include/image.h
index 4c278c7..621abf6 100644
--- a/include/image.h
+++ b/include/image.h
@@ -153,6 +153,7 @@
IH_OS_PLAN9, /* Plan 9 */
IH_OS_OPENRTOS, /* OpenRTOS */
IH_OS_ARM_TRUSTED_FIRMWARE, /* ARM Trusted Firmware */
+ IH_OS_TEE, /* Trusted Execution Environment */
IH_OS_COUNT,
};
diff --git a/tools/default_image.c b/tools/default_image.c
index 4e5568e..c67f66b 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -18,6 +18,7 @@
#include "mkimage.h"
#include <image.h>
+#include <tee/optee.h>
#include <u-boot/crc.h>
static image_header_t header;
@@ -90,6 +91,8 @@
uint32_t checksum;
time_t time;
uint32_t imagesize;
+ uint32_t ep;
+ uint32_t addr;
image_header_t * hdr = (image_header_t *)ptr;
@@ -99,18 +102,26 @@
sbuf->st_size - sizeof(image_header_t));
time = imagetool_get_source_date(params, sbuf->st_mtime);
+ ep = params->ep;
+ addr = params->addr;
+
if (params->type == IH_TYPE_FIRMWARE_IVT)
/* Add size of CSF minus IVT */
imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
else
imagesize = sbuf->st_size - sizeof(image_header_t);
+ if (params->os == IH_OS_TEE) {
+ addr = optee_image_get_load_addr(hdr);
+ ep = optee_image_get_entry_point(hdr);
+ }
+
/* Build new header */
image_set_magic(hdr, IH_MAGIC);
image_set_time(hdr, time);
image_set_size(hdr, imagesize);
- image_set_load(hdr, params->addr);
- image_set_ep(hdr, params->ep);
+ image_set_load(hdr, addr);
+ image_set_ep(hdr, ep);
image_set_dcrc(hdr, checksum);
image_set_os(hdr, params->os);
image_set_arch(hdr, params->arch);