[U-Boot] [PATCH v2 0/6] Add FIT loadable custom processing

[U-Boot] [PATCH v2 0/6] Add FIT loadable custom processing

[Andrew F. Davis]

Hello all,

To see the background on this see here[0].

As Simon suggested we are now using a linker list to keep any and all TEE
specific code out of common files as, unlike kernel, dtb, and ramdisk
TEE images may not be used by needed by all users.

The last 4 patches in this series are an example of how one can now add a
handler for an image type for their platform.

Thanks,
Andrew

[0] http://lists.denx.de/pipermail/u-boot/2016-November/272614.html

Changes from v1:
 - Added some additional documentation
 - Last 4 patches are now the compleate working TEE loading solution for
     our DRA7xx/AM57xx platforms, not just an example

Andrew F. Davis (4):
  image: Add FIT image loadable section custom processing
  image: Add Trusted Execution Environment image type
  board: ti: dra7xx: add FIT image TEE processing
  board: ti: am57xx: add FIT image TEE processing

Harinarayan Bhatta (2):
  arm: omap5: add function to make an SMC call on cpu1
  arm: omap5: Add TEE loading support

 arch/arm/include/asm/omap_common.h         |   1 +
 arch/arm/include/asm/omap_sec_common.h     |   6 ++
 arch/arm/mach-omap2/omap5/Makefile         |   1 +
 arch/arm/mach-omap2/omap5/sec-fxns.c       | 114 ++++++++++++++++++++++++++
 arch/arm/mach-omap2/omap5/sec_entry_cpu1.S | 123 +++++++++++++++++++++++++++++
 board/ti/am57xx/board.c                    |   7 ++
 board/ti/dra7xx/evm.c                      |   7 ++
 common/image.c                             |  34 ++++++++
 doc/uImage.FIT/source_file_format.txt      |   4 +-
 include/image.h                            |  31 ++++++++
 10 files changed, 327 insertions(+), 1 deletion(-)
 create mode 100644 arch/arm/mach-omap2/omap5/sec_entry_cpu1.S

-- 
2.10.2

[U-Boot] [PATCH v2 1/6] image: Add FIT image loadable section custom processing

[Andrew F. Davis]

To help automate the loading of custom image types we add the ability
to define custom handlers for the loadable section types. When we find
a compatible type while loading a "loadable" image from a FIT image we
run its associated handlers to perform any additional steps needed for
loading this image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/image.c                        | 33 +++++++++++++++++++++++++++++++++
 doc/uImage.FIT/source_file_format.txt |  4 +++-
 include/image.h                       | 30 ++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/common/image.c b/common/image.c
index 7604494..2aac90d 100644
--- a/common/image.c
+++ b/common/image.c
@@ -1389,6 +1389,23 @@ int boot_get_fpga(int argc, char * const argv[], bootm_headers_t *images,
 }
 #endif
 
+static void fit_loadable_process(uint8_t img_type,
+				 ulong img_data,
+				 ulong img_len)
+{
+	int i;
+	const unsigned int count =
+			ll_entry_count(struct fit_loadable_tbl, fit_loadable);
+	struct fit_loadable_tbl *fit_loadable_handler =
+			ll_entry_start(struct fit_loadable_tbl, fit_loadable);
+	/* For each loadable handler */
+	for (i = 0; i < count; i++, fit_loadable_handler++)
+		/* matching this type */
+		if (fit_loadable_handler->type == img_type)
+			/* call that handler with this image data */
+			fit_loadable_handler->handler(img_data, img_len);
+}
+
 int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images,
 		uint8_t arch, const ulong *ld_start, ulong * const ld_len)
 {
@@ -1407,6 +1424,7 @@ int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images,
 	int conf_noffset;
 	int fit_img_result;
 	const char *uname;
+	uint8_t img_type;
 
 	/* Check to see if the images struct has a FIT configuration */
 	if (!genimg_has_config(images)) {
@@ -1447,6 +1465,21 @@ int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images,
 				/* Something went wrong! */
 				return fit_img_result;
 			}
+
+			fit_img_result = fit_image_get_node(buf, uname);
+			if (fit_img_result < 0) {
+				/* Something went wrong! */
+				return fit_img_result;
+			}
+			fit_img_result = fit_image_get_type(buf,
+							    fit_img_result,
+							    &img_type);
+			if (fit_img_result < 0) {
+				/* Something went wrong! */
+				return fit_img_result;
+			}
+
+			fit_loadable_process(img_type, img_data, img_len);
 		}
 		break;
 	default:
diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt
index 91aa89a..afff301 100644
--- a/doc/uImage.FIT/source_file_format.txt
+++ b/doc/uImage.FIT/source_file_format.txt
@@ -256,7 +256,9 @@ o config at 1
     (component image node of a "fpga type").
   - loadables : Unit name containing a list of additional binaries to be
     loaded at their given locations.  "loadables" is a comma-separated list
-    of strings. U-Boot will load each binary at its given start-address.
+    of strings. U-Boot will load each binary@its given start-address and
+    may optionaly invoke additional post-processing steps on this binary based
+    on its component image node type.
 
 The FDT blob is required to properly boot FDT based kernel, so the minimal
 configuration for 2.6 FDT kernel is (kernel, fdt) pair.
diff --git a/include/image.h b/include/image.h
index 8131595..b96b8eb 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1271,4 +1271,34 @@ int board_fit_config_name_match(const char *name);
 void board_fit_image_post_process(void **p_image, size_t *p_size);
 #endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */
 
+/**
+ * Mapping of image types to function handlers to be invoked on the associated
+ * loaded images
+ *
+ * @type: Type of image, I.E. IH_TYPE_*
+ * @handler: Function to call on loaded image
+ */
+struct fit_loadable_tbl {
+	int type;
+	/**
+	 * handler() - Process a loaded image
+	 *
+	 * @data: Pointer to start of loaded image data
+	 * @size: Size of loaded image data
+	 */
+	void (*handler)(ulong data, size_t size);
+};
+
+/*
+ * Define a FIT loadable image type handler
+ *
+ * _type is a valid uimage_type ID as defined in the "Image Type" enum above
+ * _handler is the handler function to call after this image type is loaded
+ */
+#define U_BOOT_FIT_LOADABLE_HANDLER(_type, _handler) \
+	ll_entry_declare(struct fit_loadable_tbl, _function, fit_loadable) = { \
+		.type = _type, \
+		.handler = _handler, \
+	}
+
 #endif	/* __IMAGE_H__ */
-- 
2.10.2

[U-Boot] [PATCH v2 2/6] image: Add Trusted Execution Environment image type

[Andrew F. Davis]

Add a new image type representing Trusted Execution Environment (TEE)
image types. For example, an OP-TEE OS binary image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/image.c  | 1 +
 include/image.h | 1 +
 2 files changed, 2 insertions(+)

diff --git a/common/image.c b/common/image.c
index 2aac90d..bd07e86 100644
--- a/common/image.c
+++ b/common/image.c
@@ -165,6 +165,7 @@ static const table_entry_t uimage_type[] = {
 	{	IH_TYPE_ZYNQIMAGE,  "zynqimage",  "Xilinx Zynq Boot Image" },
 	{	IH_TYPE_ZYNQMPIMAGE, "zynqmpimage", "Xilinx ZynqMP Boot Image" },
 	{	IH_TYPE_FPGA,       "fpga",       "FPGA Image" },
+	{       IH_TYPE_TEE,        "tee",        "Trusted Execution Environment Image",},
 	{	-1,		    "",		  "",			},
 };
 
diff --git a/include/image.h b/include/image.h
index b96b8eb..575f592 100644
--- a/include/image.h
+++ b/include/image.h
@@ -279,6 +279,7 @@ enum {
 	IH_TYPE_ZYNQMPIMAGE,		/* Xilinx ZynqMP Boot Image */
 	IH_TYPE_FPGA,			/* FPGA Image */
 	IH_TYPE_VYBRIDIMAGE,	/* VYBRID .vyb Image */
+	IH_TYPE_TEE,            /* Trusted Execution Environment OS Image */
 
 	IH_TYPE_COUNT,			/* Number of image types */
 };
-- 
2.10.2

[U-Boot] [PATCH v2 3/6] arm: omap5: add function to make an SMC call on cpu1

[Andrew F. Davis]

From: Harinarayan Bhatta <harinarayan@ti.com>

On DRA7xx platform, CPU Core 1 is not used in u-boot. However, in some
cases it is need to make secure API calls from Core 1. This patch adds
an assembly function to make a secure (SMC) call from CPU Core #1.

Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/include/asm/omap_common.h         |   1 +
 arch/arm/mach-omap2/omap5/Makefile         |   1 +
 arch/arm/mach-omap2/omap5/sec_entry_cpu1.S | 123 +++++++++++++++++++++++++++++
 3 files changed, 125 insertions(+)
 create mode 100644 arch/arm/mach-omap2/omap5/sec_entry_cpu1.S

diff --git a/arch/arm/include/asm/omap_common.h b/arch/arm/include/asm/omap_common.h
index 605c549..290a190 100644
--- a/arch/arm/include/asm/omap_common.h
+++ b/arch/arm/include/asm/omap_common.h
@@ -632,6 +632,7 @@ void omap_smc1(u32 service, u32 val);
  * security (HS) device variants by doing a specially-formed smc entry.
  */
 u32 omap_smc_sec(u32 service, u32 proc_id, u32 flag, u32 *params);
+u32 omap_smc_sec_cpu1(u32 service, u32 proc_id, u32 flag, u32 *params);
 
 void enable_edma3_clocks(void);
 void disable_edma3_clocks(void);
diff --git a/arch/arm/mach-omap2/omap5/Makefile b/arch/arm/mach-omap2/omap5/Makefile
index 0212df7..af17a3d 100644
--- a/arch/arm/mach-omap2/omap5/Makefile
+++ b/arch/arm/mach-omap2/omap5/Makefile
@@ -15,3 +15,4 @@ obj-y	+= abb.o
 obj-y	+= fdt.o
 obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o
 obj-$(CONFIG_TI_SECURE_DEVICE) += sec-fxns.o
+obj-$(CONFIG_DRA7XX) += sec_entry_cpu1.o
diff --git a/arch/arm/mach-omap2/omap5/sec_entry_cpu1.S b/arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
new file mode 100644
index 0000000..c2a35ee
--- /dev/null
+++ b/arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
@@ -0,0 +1,123 @@
+/*
+ * Secure entry function for CPU Core #1
+ *
+ * (C) Copyright 2016
+ * Texas Instruments, <www.ti.com>
+ *
+ * Author :
+ *	Harinarayan Bhatta <harinarayan@ti.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <config.h>
+#include <asm/arch/omap.h>
+#include <asm/omap_common.h>
+#include <linux/linkage.h>
+
+.arch_extension sec
+
+#if !defined(CONFIG_SYS_DCACHE_OFF)
+.global flush_dcache_range
+#endif
+
+#define AUX_CORE_BOOT_0		0x48281800
+#define AUX_CORE_BOOT_1		0x48281804
+
+#ifdef CONFIG_DRA7XX
+/* DRA7xx ROM code function "startup_BootSlave". This function is where CPU1
+ * waits on WFE, polling on AUX_CORE_BOOT_x registers.
+ * This address is same for J6 and J6 Eco.
+ */
+#define ROM_FXN_STARTUP_BOOTSLAVE     0x00038a64
+#endif
+
+/* Assembly core where CPU1 is woken up into
+ * No need to save-restore registers, does not use stack.
+ */
+LENTRY(cpu1_entry)
+	ldr	r4, =omap_smc_sec_cpu1_args
+	ldm	r4, {r0,r1,r2,r3}	@ Retrieve args
+
+	mov	r6, #0xFF	@ Indicate new Task call
+	mov	r12, #0x00	@ Secure Service ID in R12
+
+	dsb
+	dmb
+	smc	0		@ SMC #0 to enter monitor mode
+
+	b	.Lend		@ exit at end of the service execution
+	nop
+
+	@ In case of IRQ happening in Secure, then ARM will branch here.
+	@ At that moment, IRQ will be pending and ARM will jump to Non Secure
+	@ IRQ handler
+	mov	r12, #0xFE
+
+	dsb
+	dmb
+	smc	0		@ SMC #0 to enter monitor mode
+
+.Lend:
+	ldr	r4, =omap_smc_sec_cpu1_args
+	str	r0, [r4, #0x10]		@ save return value
+	ldr	r4, =AUX_CORE_BOOT_0
+	mov	r5, #0x0
+	str	r5, [r4]
+	ldr	r4, =ROM_FXN_STARTUP_BOOTSLAVE
+	sev				@ Tell CPU0 we are done
+	bx	r4			@ Jump back to ROM
+END(cpu1_entry)
+
+/*
+ * u32 omap_smc_sec_cpu1(u32 service, u32 proc_id, u32 flag, u32 *params);
+ *
+ * Makes a secure ROM/PPA call on CPU Core #1 on supported platforms.
+ * Assumes that CPU #1 is waiting in ROM code and not yet woken up or used by
+ * u-boot.
+ */
+ENTRY(omap_smc_sec_cpu1)
+	push	{r4, r5, lr}
+	ldr	r4, =omap_smc_sec_cpu1_args
+	stm	r4, {r0,r1,r2,r3}	@ Save args to memory
+#if !defined(CONFIG_SYS_DCACHE_OFF)
+	mov	r0, r4
+	mov	r1, #CONFIG_SYS_CACHELINE_SIZE
+	add	r1, r0, r1		@ dcache is not enabled on CPU1, so
+	blx	flush_dcache_range	@ flush the cache on args buffer
+#endif
+	ldr	r4, =AUX_CORE_BOOT_1
+	ldr	r5, =cpu1_entry
+	str	r5, [r4]		@ Setup CPU1 entry function
+	ldr	r4, =AUX_CORE_BOOT_0
+	mov	r5, #0x10
+	str	r5, [r4]		@ Tell ROM to exit while loop
+	sev				@ Wake up CPU1
+.Lwait:
+	wfe				@ Wait for CPU1 to finish
+	nop
+	ldr	r5, [r4]		@ Check if CPU1 is done
+	cmp	r5, #0
+	bne	.Lwait
+
+	ldr	r4, =omap_smc_sec_cpu1_args
+	ldr	r0, [r4, #0x10]         @ Retrieve return value
+	pop	{r4, r5, pc}
+ENDPROC(omap_smc_sec_cpu1)
+
+/*
+ * Buffer to save function arguments and return value for omap_smc_sec_cpu1
+ */
+.section .data
+omap_smc_sec_cpu1_args:
+#if !defined(CONFIG_SYS_DCACHE_OFF)
+	.balign CONFIG_SYS_CACHELINE_SIZE
+	.rept  CONFIG_SYS_CACHELINE_SIZE/4
+	.word 0
+	.endr
+#else
+	.rept 5
+	.word 0
+	.endr
+#endif
+END(omap_smc_sec_cpu1_args)
-- 
2.10.2

[U-Boot] [PATCH v2 4/6] arm: omap5: Add TEE loading support

[Andrew F. Davis]

From: Harinarayan Bhatta <harinarayan@ti.com>

secure_tee_install is used to install and initialize a secure TEE OS such as
Linaro OP-TEE into the secure world. This function takes in the address
where the signed TEE image is loaded as an argument. The signed TEE image
consists of a header (struct tee_header), TEE code+data followed by the
signature generated using image signing tool from TI security development
package (SECDEV). Refer to README.ti-secure for more information.

This function uses 2 new secure APIs.

1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
   memory for TEE must be reserved before calling this function. This API
   needs arguments filled into struct ppa_tee_load_info. The TEE image is
   authenticated and if there are no errors, the control passes to the TEE
   entry point.

2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
   a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
   successfully loaded (on core 0) and transfers control to the same TEE
   entry point.

The code at TEE entry point is expected perform OS initialization steps
and return back to non-secure world (U-Boot).

Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/include/asm/omap_sec_common.h |   6 ++
 arch/arm/mach-omap2/omap5/sec-fxns.c   | 114 +++++++++++++++++++++++++++++++++
 2 files changed, 120 insertions(+)

diff --git a/arch/arm/include/asm/omap_sec_common.h b/arch/arm/include/asm/omap_sec_common.h
index 4bde93f..79f1fbd 100644
--- a/arch/arm/include/asm/omap_sec_common.h
+++ b/arch/arm/include/asm/omap_sec_common.h
@@ -51,4 +51,10 @@ int secure_emif_reserve(void);
  */
 int secure_emif_firewall_lock(void);
 
+/*
+ * Invoke a secure HAL API to authenticate and install a Trusted Execution
+ * Environment (TEE) image.
+ */
+int secure_tee_install(u32 tee_image);
+
 #endif /* _OMAP_SEC_COMMON_H_ */
diff --git a/arch/arm/mach-omap2/omap5/sec-fxns.c b/arch/arm/mach-omap2/omap5/sec-fxns.c
index 33d4ea4..6f1f0ac 100644
--- a/arch/arm/mach-omap2/omap5/sec-fxns.c
+++ b/arch/arm/mach-omap2/omap5/sec-fxns.c
@@ -19,13 +19,42 @@
 #include <asm/omap_sec_common.h>
 #include <asm/spl.h>
 #include <spl.h>
+#include <asm/cache.h>
+#include <mapmem.h>
 
 /* Index for signature PPA-based TI HAL APIs */
 #define PPA_HAL_SERVICES_START_INDEX        (0x200)
+#define PPA_SERV_HAL_TEE_LOAD_MASTER        (PPA_HAL_SERVICES_START_INDEX + 23)
+#define PPA_SERV_HAL_TEE_LOAD_SLAVE         (PPA_HAL_SERVICES_START_INDEX + 24)
 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION   (PPA_HAL_SERVICES_START_INDEX + 26)
 #define PPA_SERV_HAL_LOCK_EMIF_FW           (PPA_HAL_SERVICES_START_INDEX + 27)
 
+int tee_loaded = 0;
+
+/* TEE header (From OPTEE) */
+struct tee_header {
+	u32 magic;
+	u8 version;
+	u8 arch;
+	u16 flags;
+	u32 init_size;
+	u32 loadaddr_hi;
+	u32 loadaddr_lo;
+	u32 init_mem_usage;
+	u32 paged_size;
+};
+
+/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
+struct ppa_tee_load_info {
+	u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
+	u32 tee_sec_mem_size;  /* Size of the memory reserved for TEE */
+	u32 tee_cert_start;    /* Address where signed TEE binary is loaded */
+	u32 tee_cert_size;     /* Size of TEE certificate (signed binary) */
+	u32 tee_jump_addr;     /* Address to jump to start TEE execution */
+	u32 tee_arg0;          /* argument to TEE jump function, in r0 */
+};
+
 static u32 get_sec_mem_start(void)
 {
 	u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
@@ -124,3 +153,88 @@ int secure_emif_firewall_lock(void)
 
 	return result;
 }
+
+static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
+
+int secure_tee_install(u32 addr)
+{
+	struct tee_header *hdr;
+	void *loadptr;
+	u32 tee_file_size;
+	u32 sec_mem_start = get_sec_mem_start();
+	const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
+	u32 *smc_cpu1_params;
+
+	/* If there is no protected region, there is no place to put the TEE */
+	if (size == 0) {
+		printf("Error loading TEE, no protected memory region available\n");
+		return -ENOBUFS;
+	}
+
+	hdr = (struct tee_header *)map_sysmem(addr, sizeof(struct tee_header));
+	/* 280 bytes = size of signature */
+	tee_file_size = hdr->init_size + hdr->paged_size +
+		sizeof(struct tee_header) + 280;
+
+	if ((hdr->magic != 0x4554504f) ||
+	    (hdr->version != 1) ||
+	    (hdr->loadaddr_hi != 0) ||
+	    (hdr->loadaddr_lo < (sec_mem_start + sizeof(struct tee_header))) ||
+	    (tee_file_size > size) ||
+	    ((hdr->loadaddr_lo + tee_file_size - 1) >
+	     (sec_mem_start + size - 1))) {
+		printf("Error in TEE header. Check load address and sizes\n");
+		unmap_sysmem(hdr);
+		return CMD_RET_FAILURE;
+	}
+
+	tee_info.tee_sec_mem_start = sec_mem_start;
+	tee_info.tee_sec_mem_size = size;
+	tee_info.tee_jump_addr = hdr->loadaddr_lo;
+	tee_info.tee_cert_start = addr;
+	tee_info.tee_cert_size = tee_file_size;
+	tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
+	unmap_sysmem(hdr);
+	loadptr = map_sysmem(addr, tee_file_size);
+
+	debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
+	debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
+	debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
+	debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
+	debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
+	debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
+	debug("tee_file_size = %d\n", tee_file_size);
+
+#if !defined(CONFIG_SYS_DCACHE_OFF)
+	flush_dcache_range(
+		rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
+		roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
+
+	flush_dcache_range((u32)&tee_info, (u32)&tee_info +
+			roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
+#endif
+	unmap_sysmem(loadptr);
+
+	/* The return value is ignored. If something went wrong, the function
+	 * would probably not return at all
+	 */
+	(void)secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
+	printf("TEE_LOAD_MASTER Done\n");
+
+	if (!is_dra72x()) {
+		/* Reuse the tee_info buffer for SMC params */
+		smc_cpu1_params = (u32 *)&tee_info;
+		smc_cpu1_params[0] = 0;
+#if !defined(CONFIG_SYS_DCACHE_OFF)
+		flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
+				roundup(sizeof(u32), ARCH_DMA_MINALIGN));
+#endif
+		(void)omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
+				smc_cpu1_params);
+		printf("TEE_LOAD_SLAVE Done\n");
+	}
+
+	tee_loaded = 1;
+
+	return 0;
+}
-- 
2.10.2

[U-Boot] [PATCH v2 5/6] board: ti: dra7xx: add FIT image TEE processing

[Andrew F. Davis]

Populate the corresponding TEE image processing call to be
performed during FIT loadable processing.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 board/ti/dra7xx/evm.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/board/ti/dra7xx/evm.c b/board/ti/dra7xx/evm.c
index 3c16846..3bb895c 100644
--- a/board/ti/dra7xx/evm.c
+++ b/board/ti/dra7xx/evm.c
@@ -848,4 +848,11 @@ void board_fit_image_post_process(void **p_image, size_t *p_size)
 {
 	secure_boot_verify_image(p_image, p_size);
 }
+
+void board_tee_image_process(ulong tee_image, size_t tee_size)
+{
+	secure_tee_install((u32)tee_image);
+}
+
+U_BOOT_FIT_LOADABLE_HANDLER(IH_TYPE_TEE, board_tee_image_process);
 #endif
-- 
2.10.2

[U-Boot] [PATCH v2 6/6] board: ti: am57xx: add FIT image TEE processing

[Andrew F. Davis]

Populate the corresponding TEE image processing call to be
performed during FIT loadable processing.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 board/ti/am57xx/board.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c
index f3e3f0b..1895a30 100644
--- a/board/ti/am57xx/board.c
+++ b/board/ti/am57xx/board.c
@@ -739,4 +739,11 @@ void board_fit_image_post_process(void **p_image, size_t *p_size)
 {
 	secure_boot_verify_image(p_image, p_size);
 }
+
+void board_tee_image_process(ulong tee_image, size_t tee_size)
+{
+	secure_tee_install((u32)tee_image);
+}
+
+U_BOOT_FIT_LOADABLE_HANDLER(IH_TYPE_TEE, board_tee_image_process);
 #endif
-- 
2.10.2

[U-Boot] [PATCH v2 3/6] arm: omap5: add function to make an SMC call on cpu1

[Tom Rini]

On Tue, Nov 29, 2016 at 01:03:36PM -0600, Andrew F. Davis wrote:

> From: Harinarayan Bhatta <harinarayan@ti.com>
> 
> On DRA7xx platform, CPU Core 1 is not used in u-boot. However, in some
> cases it is need to make secure API calls from Core 1. This patch adds
> an assembly function to make a secure (SMC) call from CPU Core #1.
> 
> Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161129/fe7bc014/attachment.sig>

[U-Boot] [PATCH v2 5/6] board: ti: dra7xx: add FIT image TEE processing

[Tom Rini]

On Tue, Nov 29, 2016 at 01:03:38PM -0600, Andrew F. Davis wrote:

> Populate the corresponding TEE image processing call to be
> performed during FIT loadable processing.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161129/5a718529/attachment.sig>

[U-Boot] [PATCH v2 4/6] arm: omap5: Add TEE loading support

[Tom Rini]

On Tue, Nov 29, 2016 at 01:03:37PM -0600, Andrew F. Davis wrote:

> From: Harinarayan Bhatta <harinarayan@ti.com>
> 
> secure_tee_install is used to install and initialize a secure TEE OS such as
> Linaro OP-TEE into the secure world. This function takes in the address
> where the signed TEE image is loaded as an argument. The signed TEE image
> consists of a header (struct tee_header), TEE code+data followed by the
> signature generated using image signing tool from TI security development
> package (SECDEV). Refer to README.ti-secure for more information.
> 
> This function uses 2 new secure APIs.
> 
> 1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
>    memory for TEE must be reserved before calling this function. This API
>    needs arguments filled into struct ppa_tee_load_info. The TEE image is
>    authenticated and if there are no errors, the control passes to the TEE
>    entry point.
> 
> 2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
>    a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
>    successfully loaded (on core 0) and transfers control to the same TEE
>    entry point.
> 
> The code at TEE entry point is expected perform OS initialization steps
> and return back to non-secure world (U-Boot).
> 
> Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
> Signed-off-by: Andrew F. Davis <afd@ti.com>
[snip]
> +/* TEE header (From OPTEE) */
> +struct tee_header {
> +	u32 magic;
> +	u8 version;
> +	u8 arch;
> +	u16 flags;
> +	u32 init_size;
> +	u32 loadaddr_hi;
> +	u32 loadaddr_lo;
> +	u32 init_mem_usage;
> +	u32 paged_size;
> +};

This, and anything else that's OPTEE specific should go in a more
generically visible header as others will be doing OPTEE stuff too.

[snip]
> +	if ((hdr->magic != 0x4554504f) ||

This too probably belongs in the generic OPTEE header.

> +	/* The return value is ignored. If something went wrong, the function
> +	 * would probably not return at all
> +	 */
> +	(void)secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);

"probably".  We must save and check the return value all the same.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161129/b756993e/attachment.sig>

[U-Boot] [PATCH v2 6/6] board: ti: am57xx: add FIT image TEE processing

[Tom Rini]

On Tue, Nov 29, 2016 at 01:03:39PM -0600, Andrew F. Davis wrote:

> Populate the corresponding TEE image processing call to be
> performed during FIT loadable processing.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161129/ec2b0d3d/attachment.sig>

[U-Boot] [PATCH v2 4/6] arm: omap5: Add TEE loading support

[Andrew F. Davis]

On 11/29/2016 02:18 PM, Tom Rini wrote:
> On Tue, Nov 29, 2016 at 01:03:37PM -0600, Andrew F. Davis wrote:
> 
>> From: Harinarayan Bhatta <harinarayan@ti.com>
>>
>> secure_tee_install is used to install and initialize a secure TEE OS such as
>> Linaro OP-TEE into the secure world. This function takes in the address
>> where the signed TEE image is loaded as an argument. The signed TEE image
>> consists of a header (struct tee_header), TEE code+data followed by the
>> signature generated using image signing tool from TI security development
>> package (SECDEV). Refer to README.ti-secure for more information.
>>
>> This function uses 2 new secure APIs.
>>
>> 1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
>>    memory for TEE must be reserved before calling this function. This API
>>    needs arguments filled into struct ppa_tee_load_info. The TEE image is
>>    authenticated and if there are no errors, the control passes to the TEE
>>    entry point.
>>
>> 2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
>>    a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
>>    successfully loaded (on core 0) and transfers control to the same TEE
>>    entry point.
>>
>> The code at TEE entry point is expected perform OS initialization steps
>> and return back to non-secure world (U-Boot).
>>
>> Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
> [snip]
>> +/* TEE header (From OPTEE) */
>> +struct tee_header {
>> +	u32 magic;
>> +	u8 version;
>> +	u8 arch;
>> +	u16 flags;
>> +	u32 init_size;
>> +	u32 loadaddr_hi;
>> +	u32 loadaddr_lo;
>> +	u32 init_mem_usage;
>> +	u32 paged_size;
>> +};
> 
> This, and anything else that's OPTEE specific should go in a more
> generically visible header as others will be doing OPTEE stuff too.
> 

Any preference on location, include/tee/optee.h?

> [snip]
>> +	if ((hdr->magic != 0x4554504f) ||
> 
> This too probably belongs in the generic OPTEE header.
> 
>> +	/* The return value is ignored. If something went wrong, the function
>> +	 * would probably not return at all
>> +	 */
>> +	(void)secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
> 
> "probably".  We must save and check the return value all the same.
> 

Will check.

Thanks,
Andrew

[U-Boot] [PATCH v2 4/6] arm: omap5: Add TEE loading support

[Tom Rini]

On Tue, Nov 29, 2016 at 02:51:11PM -0600, Andrew F. Davis wrote:
> On 11/29/2016 02:18 PM, Tom Rini wrote:
> > On Tue, Nov 29, 2016 at 01:03:37PM -0600, Andrew F. Davis wrote:
> > 
> >> From: Harinarayan Bhatta <harinarayan@ti.com>
> >>
> >> secure_tee_install is used to install and initialize a secure TEE OS such as
> >> Linaro OP-TEE into the secure world. This function takes in the address
> >> where the signed TEE image is loaded as an argument. The signed TEE image
> >> consists of a header (struct tee_header), TEE code+data followed by the
> >> signature generated using image signing tool from TI security development
> >> package (SECDEV). Refer to README.ti-secure for more information.
> >>
> >> This function uses 2 new secure APIs.
> >>
> >> 1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
> >>    memory for TEE must be reserved before calling this function. This API
> >>    needs arguments filled into struct ppa_tee_load_info. The TEE image is
> >>    authenticated and if there are no errors, the control passes to the TEE
> >>    entry point.
> >>
> >> 2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
> >>    a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
> >>    successfully loaded (on core 0) and transfers control to the same TEE
> >>    entry point.
> >>
> >> The code at TEE entry point is expected perform OS initialization steps
> >> and return back to non-secure world (U-Boot).
> >>
> >> Signed-off-by: Harinarayan Bhatta <harinarayan@ti.com>
> >> Signed-off-by: Andrew F. Davis <afd@ti.com>
> > [snip]
> >> +/* TEE header (From OPTEE) */
> >> +struct tee_header {
> >> +	u32 magic;
> >> +	u8 version;
> >> +	u8 arch;
> >> +	u16 flags;
> >> +	u32 init_size;
> >> +	u32 loadaddr_hi;
> >> +	u32 loadaddr_lo;
> >> +	u32 init_mem_usage;
> >> +	u32 paged_size;
> >> +};
> > 
> > This, and anything else that's OPTEE specific should go in a more
> > generically visible header as others will be doing OPTEE stuff too.
> > 
> 
> Any preference on location, include/tee/optee.h?

Sure.

> > [snip]
> >> +	if ((hdr->magic != 0x4554504f) ||
> > 
> > This too probably belongs in the generic OPTEE header.
> > 
> >> +	/* The return value is ignored. If something went wrong, the function
> >> +	 * would probably not return at all
> >> +	 */
> >> +	(void)secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
> > 
> > "probably".  We must save and check the return value all the same.
> > 
> 
> Will check.

OK, thanks.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161129/a3ebae18/attachment.sig>