summaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
Diffstat (limited to 'common')
-rw-r--r--common/Kconfig54
-rw-r--r--common/Makefile2
-rw-r--r--common/optee.c23
3 files changed, 58 insertions, 21 deletions
diff --git a/common/Kconfig b/common/Kconfig
index 82bbdb3145..02ef3631e0 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -640,27 +640,6 @@ config BOOTM_FORCE_SIGNED_IMAGES
are refused to boot. Effectively this means only FIT images can be booted
since they are the only supported image type that support signing.
-config BOOTM_OPTEE
- bool
- prompt "support booting OP-TEE"
- depends on BOOTM && ARM
- help
- OP-TEE is a trusted execution environment (TEE). With this option
- enabled barebox supports starting optee_os as part of the bootm command.
- Instead of the kernel bootm starts the optee_os binary which then starts
- the kernel in nonsecure mode. Pass the optee_os binary with the -t option
- or in the global.bootm.tee variable.
-
-config BOOTM_OPTEE_SIZE
- hex
- default 0x02000000
- prompt "OP-TEE Memory Size"
- depends on BOOTM_OPTEE
- help
- Size to reserve in main memory for OP-TEE.
- Can be smaller than the actual size used by OP-TEE, this is used to prevent
- barebox from allocating memory in this area.
-
config BLSPEC
depends on FLEXIBLE_BOOTARGS
depends on !SHELL_NONE
@@ -1001,6 +980,39 @@ config MACHINE_ID
Note: if no hashable information is available no machine id will be passed
to the kernel.
+menu "OP-TEE loading"
+
+config OPTEE_SIZE
+ hex
+ default 0x02000000
+ prompt "OP-TEE Memory Size"
+ depends on BOOTM_OPTEE || PBL_OPTEE
+ help
+ Size to reserve in main memory for OP-TEE.
+ Can be smaller than the actual size used by OP-TEE, this is used to prevent
+ barebox from allocating memory in this area.
+
+config BOOTM_OPTEE
+ bool
+ prompt "support booting OP-TEE"
+ depends on BOOTM && ARM
+ help
+ OP-TEE is a trusted execution environment (TEE). With this option
+ enabled barebox supports starting optee_os as part of the bootm command.
+ Instead of the kernel bootm starts the optee_os binary which then starts
+ the kernel in nonsecure mode. Pass the optee_os binary with the -t option
+ or in the global.bootm.tee variable.
+
+config PBL_OPTEE
+ bool "Enable OP-TEE early start"
+ depends on ARM
+ depends on !THUMB2_BAREBOX
+ help
+ Allows starting OP-TEE during lowlevel initialization of the PBL.
+ Requires explicit support in the boards lowlevel file.
+
+endmenu
+
endmenu
menu "Debugging"
diff --git a/common/Makefile b/common/Makefile
index 11c91dd016..84463b4d48 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -67,6 +67,8 @@ obj-$(CONFIG_BAREBOX_UPDATE_IMX_NAND_FCB) += imx-bbu-nand-fcb.o
obj-$(CONFIG_BOOT) += boot.o
obj-$(CONFIG_SERIAL_DEV_BUS) += serdev.o
obj-$(CONFIG_USBGADGET_START) += usbgadget.o
+pbl-$(CONFIG_PBL_OPTEE) += optee.o
+obj-$(CONFIG_BOOTM_OPTEE) += optee.o
ifdef CONFIG_PASSWORD
diff --git a/common/optee.c b/common/optee.c
new file mode 100644
index 0000000000..d542dde118
--- /dev/null
+++ b/common/optee.c
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#define pr_fmt(fmt) "optee: " fmt
+
+#include <tee/optee.h>
+#include <printk.h>
+#include <asm-generic/errno.h>
+
+int optee_verify_header(struct optee_header *hdr)
+{
+ if (hdr->magic != OPTEE_MAGIC) {
+ pr_err("Invalid header magic 0x%08x, expected 0x%08x\n",
+ hdr->magic, OPTEE_MAGIC);
+ return -EINVAL;
+ }
+
+ if (hdr->arch != OPTEE_ARCH_ARM32 || hdr->init_load_addr_hi) {
+ pr_err("Only 32bit supported\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}