diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-05-22 10:05:17 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-06-07 08:42:05 +0200 |
| commit | e30340886fcbac1d2c03fbea4ee41ffa9464fb11 (patch) | |
| tree | d6aec9dde274cafbdce1c8beca4699c05fd17f98 /common/Kconfig | |
| parent | ab06d72a6ef8939831b8c0b1c412d9a11fc06889 (diff) | |
| download | barebox-e30340886fcbac1d2c03fbea4ee41ffa9464fb11.tar.gz barebox-e30340886fcbac1d2c03fbea4ee41ffa9464fb11.tar.xz | |
ARM: Initial OP-TEE support
This adds initial support for OP-TEE, see https://www.op-tee.org/
barebox starts in secure mode as usual. When booting a kernel
the bootm code also loads the optee_os binary. Instead of jumping
into the kernel barebox jumps into the optee_os binary and puts
the kernel execution address into the lr register. OP-TEE then
jumps into the kernel in nonsecure mode.
The optee_os binary is passed with the -t option to bootm or
with global.bootm.tee.
Optionally OP-TEE can be compiled into barebox using the builtin firmware
feature. Enable the Kconfig option and place or link your tee binary as
optee.bin into the firmware directory.
The amount of SDRAM which is kept free for OP-TEE is configurable.
This patch was tested on a i.MX6 Nitrogen6x board.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common/Kconfig')
| -rw-r--r-- | common/Kconfig | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/common/Kconfig b/common/Kconfig index 7832df5c55..899d224750 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -643,6 +643,27 @@ config BOOTM_FORCE_SIGNED_IMAGES are refused to boot. Effectively this means only FIT images can be booted since they are the only supported image type that support signing. +config BOOTM_OPTEE + bool + prompt "support booting OP-TEE" + depends on BOOTM && ARM + help + OP-TEE is a trusted execution environment (TEE). With this option + enabled barebox supports starting optee_os as part of the bootm command. + Instead of the kernel bootm starts the optee_os binary which then starts + the kernel in nonsecure mode. Pass the optee_os binary with the -t option + or in the global.bootm.tee variable. + +config BOOTM_OPTEE_SIZE + hex + default 0x02000000 + prompt "OP-TEE Memory Size" + depends on BOOTM_OPTEE + help + Size to reserve in main memory for OP-TEE. + Can be smaller than the actual size used by OP-TEE, this is used to prevent + barebox from allocating memory in this area. + config BLSPEC depends on FLEXIBLE_BOOTARGS depends on !SHELL_NONE |