diff options
| author | Ye Li <ye.li@nxp.com> | 2017-12-05 01:16:08 -0600 |
|---|---|---|
| committer | Ye Li <ye.li@nxp.com> | 2020-04-26 23:25:57 -0700 |
| commit | 2a73f1ace10b3261485c8903741e92dca7b92ca5 (patch) | |
| tree | a5ee21af2a73b257283c3fe5a6a6d78c0f554d57 /cmd | |
| parent | fd1ef4006a3edb02654ec9df49dfcd67ea04bdf0 (diff) | |
MLK-17086 bootm: Add authentication to optee image
When IMX_OPTEE is enabled for secure boot, update bootm to authenticate the optee
image and the kernel zImage before booting into optee.
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit d3bee08f12f1d41c83c47773aec6cfa28056694a)
(cherry picked from commit 3825c3fedbbe59fdf8c4f59f10221823a5fc6f03)
(cherry picked from commit a09dca5eff735ef8ef46313de09cfa0f3b4cf189)
(cherry picked from commit c83877f5ad9385279c5db3d6ab78ed103d45d1d5)
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/bootm.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/cmd/bootm.c b/cmd/bootm.c index 99442eca8d..03ea3b8998 100644 --- a/cmd/bootm.c +++ b/cmd/bootm.c @@ -127,6 +127,41 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) extern int authenticate_image( uint32_t ddr_start, uint32_t raw_image_size); +#ifdef CONFIG_IMX_OPTEE + ulong tee_addr = 0; + int ret; + ulong zi_start, zi_end; + + tee_addr = env_get_ulong("tee_addr", 16, tee_addr); + if (!tee_addr) { + printf("Not valid tee_addr, Please check\n"); + return 1; + } + + switch (genimg_get_format((const void *)tee_addr)) { + case IMAGE_FORMAT_LEGACY: + if (authenticate_image(tee_addr, + image_get_image_size((image_header_t *)tee_addr)) != 0) { + printf("Authenticate uImage Fail, Please check\n"); + return 1; + } + break; + default: + printf("Not valid image format for Authentication, Please check\n"); + return 1; + }; + + ret = bootz_setup(image_load_addr, &zi_start, &zi_end); + if (ret != 0) + return 1; + + if (authenticate_image(image_load_addr, zi_end - zi_start) != 0) { + printf("Authenticate zImage Fail, Please check\n"); + return 1; + } + +#else + switch (genimg_get_format((const void *)image_load_addr)) { #if defined(CONFIG_LEGACY_IMAGE_FORMAT) case IMAGE_FORMAT_LEGACY: @@ -147,6 +182,7 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return 1; } #endif +#endif return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START | BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | |