ARM: add optee early loading function

Add a OP-TEE early loading function which expects a pointer to a valid
tee binary and the device tree. OP-TEE will then be started and barebox
will continue to run in normal mode.

The function start_optee_early should be used in a boards lowlevel.c
file. Ensure that barebox has been relocated and a proper c environment
has been setup beforehand. Depending on the OP-TEE configuration, the
fdt will be modified. If the internal barebox device tree is passed,
OP-TEE will overwrite barebox PBL memory during this modification. Copy
the fdt to a save memory location beforehand to avoid a corruption of
barebox PBL memory.

This also moves the OP-TEE Kconfig symbols into a separate menu.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

7 files changed, 83 insertions, 24 deletions

diff --git a/arch/arm/include/asm/barebox-arm.h b/arch/arm/include/asm/barebox-arm.h
index 8b2ecd9ab2..599852d644 100644
--- a/arch/arm/include/asm/barebox-arm.h
+++ b/arch/arm/include/asm/barebox-arm.h
@@ -119,7 +119,7 @@ void *barebox_arm_boot_dtb(void);
 static inline unsigned long arm_mem_stack_top(unsigned long membase,
 					      unsigned long endmem)
 {
-	if (IS_ENABLED(CONFIG_BOOTM_OPTEE))
+	if (IS_ENABLED(CONFIG_BOOTM_OPTEE) || IS_ENABLED(CONFIG_PBL_OPTEE))
 		endmem -= OPTEE_SIZE;
 
 	return endmem - SZ_64K;
diff --git a/arch/arm/lib32/Makefile b/arch/arm/lib32/Makefile
index cfcf3bc8f1..597bc07905 100644
--- a/arch/arm/lib32/Makefile
+++ b/arch/arm/lib32/Makefile
@@ -30,3 +30,5 @@ pbl-y	+= ashldi3.o
 pbl-y	+= div0.o
 
 obj-pbl-y	+= setjmp.o
+
+pbl-$(CONFIG_PBL_OPTEE)	+= optee-early.o
diff --git a/arch/arm/lib32/optee-early.c b/arch/arm/lib32/optee-early.c
new file mode 100644
index 0000000000..197325b8a0
--- /dev/null
+++ b/arch/arm/lib32/optee-early.c
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * optee-early.c - start OP-TEE during PBL
+ *
+ * Copyright (c) 2019 Rouven Czerwinski <r.czerwinski@pengutronix.de>, Pengutronix
+ *
+ */
+#include <asm/cache.h>
+#include <asm/setjmp.h>
+#include <tee/optee.h>
+#include <debug_ll.h>
+
+static jmp_buf tee_buf;
+
+int start_optee_early(void *fdt, void *tee)
+{
+	void (*tee_start)(void *r0, void *r1, void *r2);
+	struct optee_header *hdr;
+	int ret;
+
+	hdr = tee;
+	ret = optee_verify_header(hdr);
+	if (ret < 0)
+		return ret;
+
+	memcpy((void *)hdr->init_load_addr_lo, tee + sizeof(*hdr), hdr->init_size);
+	tee_start = (void *) hdr->init_load_addr_lo;
+
+	/* We use setjmp/longjmp here because OP-TEE clobbers most registers */
+	ret = setjmp(tee_buf);
+	if (ret == 0) {
+		sync_caches_for_execution();
+		tee_start(0, 0, fdt);
+		longjmp(tee_buf, 1);
+	}
+
+	return 0;
+}
diff --git a/common/Kconfig b/common/Kconfig
index f9ef9bd83b..9c7228aa22 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -643,27 +643,6 @@ config BOOTM_FORCE_SIGNED_IMAGES
 	  are refused to boot. Effectively this means only FIT images can be booted
 	  since they are the only supported image type that support signing.
 
-config BOOTM_OPTEE
-	bool
-	prompt "support booting OP-TEE"
-	depends on BOOTM && ARM
-	help
-	  OP-TEE is a trusted execution environment (TEE). With this option
-	  enabled barebox supports starting optee_os as part of the bootm command.
-	  Instead of the kernel bootm starts the optee_os binary which then starts
-	  the kernel in nonsecure mode. Pass the optee_os binary with the -t option
-	  or in the global.bootm.tee variable.
-
-config BOOTM_OPTEE_SIZE
-	hex
-	default 0x02000000
-	prompt "OP-TEE Memory Size"
-	depends on BOOTM_OPTEE
-	help
-	  Size to reserve in main memory for OP-TEE.
-	  Can be smaller than the actual size used by OP-TEE, this is used to prevent
-	  barebox from allocating memory in this area.
-
 config BLSPEC
 	depends on FLEXIBLE_BOOTARGS
 	depends on !SHELL_NONE
@@ -1000,6 +979,39 @@ config MACHINE_ID
 	  Note: if no hashable information is available no machine id will be passed
 	  to the kernel.
 
+menu "OP-TEE loading"
+
+config OPTEE_SIZE
+	hex
+	default 0x02000000
+	prompt "OP-TEE Memory Size"
+	depends on BOOTM_OPTEE || PBL_OPTEE
+	help
+	  Size to reserve in main memory for OP-TEE.
+	  Can be smaller than the actual size used by OP-TEE, this is used to prevent
+	  barebox from allocating memory in this area.
+
+config BOOTM_OPTEE
+	bool
+	prompt "support booting OP-TEE"
+	depends on BOOTM && ARM
+	help
+	  OP-TEE is a trusted execution environment (TEE). With this option
+	  enabled barebox supports starting optee_os as part of the bootm command.
+	  Instead of the kernel bootm starts the optee_os binary which then starts
+	  the kernel in nonsecure mode. Pass the optee_os binary with the -t option
+	  or in the global.bootm.tee variable.
+
+config PBL_OPTEE
+	bool "Enable OP-TEE early start"
+	depends on ARM
+	depends on !THUMB2_BAREBOX
+	help
+	  Allows starting OP-TEE during lowlevel initialization of the PBL.
+	  Requires explicit support in the boards lowlevel file.
+
+endmenu
+
 endmenu
 
 menu "Debugging"
diff --git a/common/Makefile b/common/Makefile
index c86db71920..84463b4d48 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -67,6 +67,7 @@ obj-$(CONFIG_BAREBOX_UPDATE_IMX_NAND_FCB) += imx-bbu-nand-fcb.o
 obj-$(CONFIG_BOOT)		+= boot.o
 obj-$(CONFIG_SERIAL_DEV_BUS)	+= serdev.o
 obj-$(CONFIG_USBGADGET_START)	+= usbgadget.o
+pbl-$(CONFIG_PBL_OPTEE)		+= optee.o
 obj-$(CONFIG_BOOTM_OPTEE)	+= optee.o
 
 ifdef CONFIG_PASSWORD
diff --git a/include/asm-generic/memory_layout.h b/include/asm-generic/memory_layout.h
index 3f69664aa0..0d7ce3fe02 100644
--- a/include/asm-generic/memory_layout.h
+++ b/include/asm-generic/memory_layout.h
@@ -11,8 +11,8 @@
 #define MALLOC_BASE CONFIG_MALLOC_BASE
 #endif
 
-#ifdef CONFIG_BOOTM_OPTEE_SIZE
-#define OPTEE_SIZE CONFIG_BOOTM_OPTEE_SIZE
+#ifdef CONFIG_OPTEE_SIZE
+#define OPTEE_SIZE CONFIG_OPTEE_SIZE
 #else
 #define OPTEE_SIZE 0
 #endif
diff --git a/include/tee/optee.h b/include/tee/optee.h
index 9fb27fcec0..fa124236ba 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -32,4 +32,10 @@ struct optee_header {
 
 int optee_verify_header (struct optee_header *hdr);
 
+#ifdef __PBL__
+
+int start_optee_early(void* fdt, void* tee);
+
+#endif /* __PBL__ */
+
 #endif /* _OPTEE_H */