diff options
Diffstat (limited to 'common')
-rw-r--r-- | common/Kconfig | 54 | ||||
-rw-r--r-- | common/Makefile | 2 | ||||
-rw-r--r-- | common/optee.c | 23 |
3 files changed, 58 insertions, 21 deletions
diff --git a/common/Kconfig b/common/Kconfig index 82bbdb3145..02ef3631e0 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -640,27 +640,6 @@ config BOOTM_FORCE_SIGNED_IMAGES are refused to boot. Effectively this means only FIT images can be booted since they are the only supported image type that support signing. -config BOOTM_OPTEE - bool - prompt "support booting OP-TEE" - depends on BOOTM && ARM - help - OP-TEE is a trusted execution environment (TEE). With this option - enabled barebox supports starting optee_os as part of the bootm command. - Instead of the kernel bootm starts the optee_os binary which then starts - the kernel in nonsecure mode. Pass the optee_os binary with the -t option - or in the global.bootm.tee variable. - -config BOOTM_OPTEE_SIZE - hex - default 0x02000000 - prompt "OP-TEE Memory Size" - depends on BOOTM_OPTEE - help - Size to reserve in main memory for OP-TEE. - Can be smaller than the actual size used by OP-TEE, this is used to prevent - barebox from allocating memory in this area. - config BLSPEC depends on FLEXIBLE_BOOTARGS depends on !SHELL_NONE @@ -1001,6 +980,39 @@ config MACHINE_ID Note: if no hashable information is available no machine id will be passed to the kernel. +menu "OP-TEE loading" + +config OPTEE_SIZE + hex + default 0x02000000 + prompt "OP-TEE Memory Size" + depends on BOOTM_OPTEE || PBL_OPTEE + help + Size to reserve in main memory for OP-TEE. + Can be smaller than the actual size used by OP-TEE, this is used to prevent + barebox from allocating memory in this area. + +config BOOTM_OPTEE + bool + prompt "support booting OP-TEE" + depends on BOOTM && ARM + help + OP-TEE is a trusted execution environment (TEE). With this option + enabled barebox supports starting optee_os as part of the bootm command. + Instead of the kernel bootm starts the optee_os binary which then starts + the kernel in nonsecure mode. Pass the optee_os binary with the -t option + or in the global.bootm.tee variable. + +config PBL_OPTEE + bool "Enable OP-TEE early start" + depends on ARM + depends on !THUMB2_BAREBOX + help + Allows starting OP-TEE during lowlevel initialization of the PBL. + Requires explicit support in the boards lowlevel file. + +endmenu + endmenu menu "Debugging" diff --git a/common/Makefile b/common/Makefile index 11c91dd016..84463b4d48 100644 --- a/common/Makefile +++ b/common/Makefile @@ -67,6 +67,8 @@ obj-$(CONFIG_BAREBOX_UPDATE_IMX_NAND_FCB) += imx-bbu-nand-fcb.o obj-$(CONFIG_BOOT) += boot.o obj-$(CONFIG_SERIAL_DEV_BUS) += serdev.o obj-$(CONFIG_USBGADGET_START) += usbgadget.o +pbl-$(CONFIG_PBL_OPTEE) += optee.o +obj-$(CONFIG_BOOTM_OPTEE) += optee.o ifdef CONFIG_PASSWORD diff --git a/common/optee.c b/common/optee.c new file mode 100644 index 0000000000..d542dde118 --- /dev/null +++ b/common/optee.c @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0 + +#define pr_fmt(fmt) "optee: " fmt + +#include <tee/optee.h> +#include <printk.h> +#include <asm-generic/errno.h> + +int optee_verify_header(struct optee_header *hdr) +{ + if (hdr->magic != OPTEE_MAGIC) { + pr_err("Invalid header magic 0x%08x, expected 0x%08x\n", + hdr->magic, OPTEE_MAGIC); + return -EINVAL; + } + + if (hdr->arch != OPTEE_ARCH_ARM32 || hdr->init_load_addr_hi) { + pr_err("Only 32bit supported\n"); + return -EINVAL; + } + + return 0; +} |