diff options
author | Ye Li <ye.li@nxp.com> | 2017-12-05 01:16:08 -0600 |
---|---|---|
committer | Ye Li <ye.li@nxp.com> | 2018-04-27 06:14:56 -0700 |
commit | 3825c3fedbbe59fdf8c4f59f10221823a5fc6f03 (patch) | |
tree | 9bee9cf3a29731174b276c59c2828824e253e27f | |
parent | 829ddc53f60cd56102af35b73c21187de7edb97f (diff) |
MLK-17086 bootm: Add authentication to optee image
When IMX_OPTEE is enabled for secure boot, update bootm to authenticate the optee
image and the kernel zImage before booting into optee.
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit d3bee08f12f1d41c83c47773aec6cfa28056694a)
-rw-r--r-- | cmd/bootm.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/cmd/bootm.c b/cmd/bootm.c index 679ae5d5df..fc31920069 100644 --- a/cmd/bootm.c +++ b/cmd/bootm.c @@ -127,6 +127,41 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) extern int authenticate_image( uint32_t ddr_start, uint32_t raw_image_size); +#ifdef CONFIG_IMX_OPTEE + ulong tee_addr = 0; + int ret; + ulong zi_start, zi_end; + + tee_addr = getenv_ulong("tee_addr", 16, tee_addr); + if (!tee_addr) { + printf("Not valid tee_addr, Please check\n"); + return 1; + } + + switch (genimg_get_format((const void *)tee_addr)) { + case IMAGE_FORMAT_LEGACY: + if (authenticate_image(tee_addr, + image_get_image_size((image_header_t *)tee_addr)) != 0) { + printf("Authenticate uImage Fail, Please check\n"); + return 1; + } + break; + default: + printf("Not valid image format for Authentication, Please check\n"); + return 1; + }; + + ret = bootz_setup(load_addr, &zi_start, &zi_end); + if (ret != 0) + return 1; + + if (authenticate_image(load_addr, zi_end - zi_start) != 0) { + printf("Authenticate zImage Fail, Please check\n"); + return 1; + } + +#else + switch (genimg_get_format((const void *)load_addr)) { #if defined(CONFIG_IMAGE_FORMAT_LEGACY) case IMAGE_FORMAT_LEGACY: @@ -147,6 +182,7 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return 1; } #endif +#endif return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START | BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | |