[U-Boot] [PATCH v2 4/6] arm: omap5: Add TEE loading support

[Tom Rini <trini@konsulko.com>]

On Tue, Nov 29, 2016 at 02:51:11PM -0600, Andrew F. Davis wrote:
> On 11/29/2016 02:18 PM, Tom Rini wrote:
> > On Tue, Nov 29, 2016 at 01:03:37PM -0600, Andrew F. Davis wrote:
> > 
> >> From: Harinarayan Bhatta <harinarayan@ti.com>
> >>
> >> secure_tee_install is used to install and initialize a secure TEE OS such as
> >> Linaro OP-TEE into the secure world. This function takes in the address
> >> where the signed TEE image is loaded as an argument. The signed TEE image
> >> consists of a header (struct tee_header), TEE code+data followed by the
> >> signature generated using image signing tool from TI security development
> >> package (SECDEV). Refer to README.ti-secure for more information.
> >>
> >> This function uses 2 new secure APIs.
> >>
> >> 1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
> >>    memory for TEE must be reserved before calling this function. This API
> >>    needs arguments filled into struct ppa_tee_load_info. The TEE image is
> >>    authenticated and if there are no errors, the control passes to the TEE
> >>    entry point.
> >>
> >> 2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
> >>    a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
> >>    successfully loaded (on core 0) and transfers control to the same TEE
> >>    entry point.
> >>
> >> The code at TEE entry point is expected perform OS initialization steps
> >> and return back to non-secure world (U-Boot).
> >>
> >> Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
> >> Signed-off-by: Andrew F. Davis <afd@ti.com>
> > [snip]
> >> +/* TEE header (From OPTEE) */
> >> +struct tee_header {
> >> +	u32 magic;
> >> +	u8 version;
> >> +	u8 arch;
> >> +	u16 flags;
> >> +	u32 init_size;
> >> +	u32 loadaddr_hi;
> >> +	u32 loadaddr_lo;
> >> +	u32 init_mem_usage;
> >> +	u32 paged_size;
> >> +};
> > 
> > This, and anything else that's OPTEE specific should go in a more
> > generically visible header as others will be doing OPTEE stuff too.
> > 
> 
> Any preference on location, include/tee/optee.h?

Sure.

> > [snip]
> >> +	if ((hdr->magic != 0x4554504f) ||
> > 
> > This too probably belongs in the generic OPTEE header.
> > 
> >> +	/* The return value is ignored. If something went wrong, the function
> >> +	 * would probably not return at all
> >> +	 */
> >> +	(void)secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
> > 
> > "probably".  We must save and check the return value all the same.
> > 
> 
> Will check.

OK, thanks.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161129/a3ebae18/attachment.sig>