From: Ye Li <ye.li@nxp.com>
Date: Tue, 5 Dec 2017 07:16:08 +0000 (-0600)
Subject: MLK-17086 bootm: Add authentication to optee image
X-Git-Tag: rel_imx_5.10.35_2.0.0-somdevices.0~530
X-Git-Url: https://git.somdevices.com/?a=commitdiff_plain;h=f07032ce3d65137d873d9ae05d520bcaaf223ead;p=u-boot.git

MLK-17086 bootm: Add authentication to optee image

When IMX_OPTEE is enabled for secure boot, update bootm to authenticate the optee
image and the kernel zImage before booting into optee.

Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit d3bee08f12f1d41c83c47773aec6cfa28056694a)
(cherry picked from commit 3825c3fedbbe59fdf8c4f59f10221823a5fc6f03)
(cherry picked from commit a09dca5eff735ef8ef46313de09cfa0f3b4cf189)
(cherry picked from commit c83877f5ad9385279c5db3d6ab78ed103d45d1d5)
(cherry picked from commit 0e492bffc2b4cc804e8db6c035bf9dd08fae6a95)
(cherry picked from commit 77f0447b4fa51ff2807f4b4508bcbfe72982e802)
---

diff --git a/cmd/bootm.c b/cmd/bootm.c
index 3d91640ea1..93604453f9 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -129,6 +129,41 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 	extern int authenticate_image(
 			uint32_t ddr_start, uint32_t raw_image_size);
 
+#ifdef CONFIG_IMX_OPTEE
+	ulong tee_addr = 0;
+	int ret;
+	ulong zi_start, zi_end;
+
+	tee_addr = env_get_ulong("tee_addr", 16, tee_addr);
+	if (!tee_addr) {
+		printf("Not valid tee_addr, Please check\n");
+		return 1;
+	}
+
+	switch (genimg_get_format((const void *)tee_addr)) {
+	case IMAGE_FORMAT_LEGACY:
+		if (authenticate_image(tee_addr,
+		       image_get_image_size((image_header_t *)tee_addr)) != 0) {
+		       printf("Authenticate uImage Fail, Please check\n");
+		       return 1;
+		}
+		break;
+	default:
+		printf("Not valid image format for Authentication, Please check\n");
+		return 1;
+	};
+
+	ret = bootz_setup(image_load_addr, &zi_start, &zi_end);
+	if (ret != 0)
+		return 1;
+
+	if (authenticate_image(image_load_addr, zi_end - zi_start) != 0) {
+		printf("Authenticate zImage Fail, Please check\n");
+		return 1;
+	}
+
+#else
+
 	switch (genimg_get_format((const void *)image_load_addr)) {
 #if defined(CONFIG_LEGACY_IMAGE_FORMAT)
 	case IMAGE_FORMAT_LEGACY:
@@ -148,6 +183,7 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 		printf("Not valid image format for Authentication, Please check\n");
 		return 1;
 	}
+#endif
 #endif
 
 	return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START |