diff options
| author | Ye Li <ye.li@nxp.com> | 2017-12-05 01:16:08 -0600 |
|---|---|---|
| committer | Ye Li <ye.li@nxp.com> | 2022-04-06 15:58:45 +0800 |
| commit | fc3c40e338b5e661dd63c8cd7d4f84e0c4c6bf70 (patch) | |
| tree | 800a47afcacdd4922d942b145906df22550b434a /cmd | |
| parent | 56aa5cd1f05a18f9c3dac5861b02e7c05a78430d (diff) | |
MLK-17086 bootm: Add authentication to optee image
When IMX_OPTEE is enabled for secure boot, update bootm to authenticate the optee
image and the kernel zImage before booting into optee.
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit d3bee08f12f1d41c83c47773aec6cfa28056694a)
(cherry picked from commit 3825c3fedbbe59fdf8c4f59f10221823a5fc6f03)
(cherry picked from commit a09dca5eff735ef8ef46313de09cfa0f3b4cf189)
(cherry picked from commit c83877f5ad9385279c5db3d6ab78ed103d45d1d5)
(cherry picked from commit 0e492bffc2b4cc804e8db6c035bf9dd08fae6a95)
(cherry picked from commit 77f0447b4fa51ff2807f4b4508bcbfe72982e802)
(cherry picked from commit f07032ce3d65137d873d9ae05d520bcaaf223ead)
(cherry picked from commit ea808b54604e698086371a0b89234ba1f208d487)
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/bootm.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/cmd/bootm.c b/cmd/bootm.c index a56c729e55..0c5585b123 100644 --- a/cmd/bootm.c +++ b/cmd/bootm.c @@ -129,6 +129,41 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) extern int authenticate_image( uint32_t ddr_start, uint32_t raw_image_size); +#ifdef CONFIG_IMX_OPTEE + ulong tee_addr = 0; + int ret; + ulong zi_start, zi_end; + + tee_addr = env_get_ulong("tee_addr", 16, tee_addr); + if (!tee_addr) { + printf("Not valid tee_addr, Please check\n"); + return 1; + } + + switch (genimg_get_format((const void *)tee_addr)) { + case IMAGE_FORMAT_LEGACY: + if (authenticate_image(tee_addr, + image_get_image_size((image_header_t *)tee_addr)) != 0) { + printf("Authenticate uImage Fail, Please check\n"); + return 1; + } + break; + default: + printf("Not valid image format for Authentication, Please check\n"); + return 1; + }; + + ret = bootz_setup(image_load_addr, &zi_start, &zi_end); + if (ret != 0) + return 1; + + if (authenticate_image(image_load_addr, zi_end - zi_start) != 0) { + printf("Authenticate zImage Fail, Please check\n"); + return 1; + } + +#else + switch (genimg_get_format((const void *)image_load_addr)) { #if defined(CONFIG_LEGACY_IMAGE_FORMAT) case IMAGE_FORMAT_LEGACY: @@ -149,6 +184,7 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) return 1; } #endif +#endif return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START | BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | |