* [PATCH 0/1] bootm: Allow loading OP-TEE from FIT image
@ 2020-09-15 13:36 Albert Schwarzkopf
2020-09-15 13:36 ` [PATCH 1/1] " Albert Schwarzkopf
0 siblings, 1 reply; 3+ messages in thread
From: Albert Schwarzkopf @ 2020-09-15 13:36 UTC (permalink / raw)
To: barebox
This allows loading OP-TEE binaries from FIT images. The main benefit
from this approach comes from the fact that FIT images can be signed
and therefore it can be ensured that the TEE binary is not malicious.
A shortened .its file to make use of this patch might look like this:
images {
...
tee@1 {
description = "OP-TEE trusted OS";
data = /incbin/("...");
type = "tee";
arch = "arm";
compression = "none";
hash@1 {
algo = "sha256";
};
};
};
configurations {
default = "config-1";
config-1 {
description = "...";
kernel = "kernel@1";
fdt = "fdt@1;
tee = "tee@1";
signature-1 {
algo = "sha256,rsa4096";
key-name-hint = "FIT-4096";
sign-images = "kernel", "fdt", "tee";
};
}
Best regards,
Albert
Albert Schwarzkopf (1):
bootm: Allow loading OP-TEE from FIT image
arch/arm/lib32/bootm.c | 44 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 39 insertions(+), 5 deletions(-)
--
2.17.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] bootm: Allow loading OP-TEE from FIT image
2020-09-15 13:36 [PATCH 0/1] bootm: Allow loading OP-TEE from FIT image Albert Schwarzkopf
@ 2020-09-15 13:36 ` Albert Schwarzkopf
2020-09-18 9:42 ` Sascha Hauer
0 siblings, 1 reply; 3+ messages in thread
From: Albert Schwarzkopf @ 2020-09-15 13:36 UTC (permalink / raw)
To: barebox
Currently, TEE binaries can only be loaded if CONFIG_BOOTM_FORCE_SIGNED_IMAGES
is not set. No signature check is being performed on them.
Allow loading OP-TEE from FIT images. Therefore, now it's possible
to ensure that only trusted OP-TEE binaries will be loaded by using
signed FIT images.
Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
---
arch/arm/lib32/bootm.c | 44 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 39 insertions(+), 5 deletions(-)
diff --git a/arch/arm/lib32/bootm.c b/arch/arm/lib32/bootm.c
index 971ebee8a..c33ecc2ad 100644
--- a/arch/arm/lib32/bootm.c
+++ b/arch/arm/lib32/bootm.c
@@ -20,7 +20,7 @@
#include <restart.h>
#include <globalvar.h>
#include <tee/optee.h>
-
+#include <image-fit.h>
#include <asm/byteorder.h>
#include <asm/setup.h>
#include <asm/barebox-arm.h>
@@ -166,6 +166,34 @@ static int optee_verify_header_request_region(struct image_data *data, struct op
return ret;
}
+static int bootm_load_tee_from_fit(struct image_data *data)
+{
+ int ret = 0;
+ struct optee_header hdr;
+
+ if (data->os_fit &&
+ fit_has_image(data->os_fit, data->fit_config, "tee")) {
+ const void *tee;
+ unsigned long tee_size;
+
+ ret = fit_open_image(data->os_fit, data->fit_config, "tee",
+ &tee, &tee_size);
+ if (ret) {
+ pr_err("Error opening tee fit image: %s\n", strerror(-ret));
+ return ret;
+ }
+ memcpy(&hdr, tee, sizeof(hdr));
+ if (optee_verify_header_request_region(data, &hdr) < 0) {
+ pr_err("%s", strerror(errno));
+ ret = -errno;
+ goto out;
+ }
+ memcpy((void *)data->tee_res->start, tee + sizeof(hdr), hdr.init_size);
+ printf("Read optee image to %pa, size 0x%08x\n", (void *)data->tee_res->start, hdr.init_size);
+ }
+out:
+ return ret;
+}
static int bootm_load_tee_from_file(struct image_data *data)
{
int fd, ret;
@@ -262,10 +290,16 @@ static int __do_bootm_linux(struct image_data *data, unsigned long free_mem,
return ret;
}
- if (IS_ENABLED(CONFIG_BOOTM_OPTEE) && data->tee_file) {
- ret = bootm_load_tee_from_file(data);
- if (ret)
- return ret;
+ if (IS_ENABLED(CONFIG_BOOTM_OPTEE)) {
+ if (data->tee_file && !IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) {
+ ret = bootm_load_tee_from_file(data);
+ if (ret)
+ return ret;
+ } else if (IS_ENABLED(CONFIG_FITIMAGE)) {
+ ret = bootm_load_tee_from_fit(data);
+ if (ret)
+ return ret;
+ }
}
--
2.17.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] bootm: Allow loading OP-TEE from FIT image
2020-09-15 13:36 ` [PATCH 1/1] " Albert Schwarzkopf
@ 2020-09-18 9:42 ` Sascha Hauer
0 siblings, 0 replies; 3+ messages in thread
From: Sascha Hauer @ 2020-09-18 9:42 UTC (permalink / raw)
To: Albert Schwarzkopf; +Cc: barebox
On Tue, Sep 15, 2020 at 03:36:30PM +0200, Albert Schwarzkopf wrote:
> Currently, TEE binaries can only be loaded if CONFIG_BOOTM_FORCE_SIGNED_IMAGES
> is not set. No signature check is being performed on them.
>
> Allow loading OP-TEE from FIT images. Therefore, now it's possible
> to ensure that only trusted OP-TEE binaries will be loaded by using
> signed FIT images.
>
> Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
> ---
> arch/arm/lib32/bootm.c | 44 +++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 39 insertions(+), 5 deletions(-)
Applied, thanks
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-18 9:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 13:36 [PATCH 0/1] bootm: Allow loading OP-TEE from FIT image Albert Schwarzkopf
2020-09-15 13:36 ` [PATCH 1/1] " Albert Schwarzkopf
2020-09-18 9:42 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox