Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • early-display
  • variant-emmc-nvme-boot
  • 2023-01-25
  • v3
  • variant-emmc-nvme-boot
  • 2020-06-01
7 results

omap_sec_common.h

Blame
    • Forked from Reform / reform-boundary-uboot
    Source project has a limited visibility.
    • Harinarayan Bhatta's avatar
      57de1ea5
      arm: omap5: Add TEE loading support · 57de1ea5
      Harinarayan Bhatta authored 
      
secure_tee_install is used to install and initialize a secure TEE OS such as
Linaro OP-TEE into the secure world. This function takes in the address
where the signed TEE image is loaded as an argument. The signed TEE image
consists of a header (struct tee_header), TEE code+data followed by the
signature generated using image signing tool from TI security development
package (SECDEV). Refer to README.ti-secure for more information.

This function uses 2 new secure APIs.

1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
   memory for TEE must be reserved before calling this function. This API
   needs arguments filled into struct ppa_tee_load_info. The TEE image is
   authenticated and if there are no errors, the control passes to the TEE
   entry point.

2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
   a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
   successfully loaded (on core 0) and transfers control to the same TEE
   entry point.

The code at TEE entry point is expected perform OS initialization steps
and return back to non-secure world (U-Boot).

Signed-off-by: default avatarHarinarayan Bhatta <harinarayan@ti.com>
Signed-off-by: default avatarAndrew F. Davis <afd@ti.com>
Reviewed-by: default avatarTom Rini <trini@konsulko.com>
      57de1ea5
      History
      arm: omap5: Add TEE loading support
      Harinarayan Bhatta authored 
      
secure_tee_install is used to install and initialize a secure TEE OS such as
Linaro OP-TEE into the secure world. This function takes in the address
where the signed TEE image is loaded as an argument. The signed TEE image
consists of a header (struct tee_header), TEE code+data followed by the
signature generated using image signing tool from TI security development
package (SECDEV). Refer to README.ti-secure for more information.

This function uses 2 new secure APIs.

1. PPA_SERV_HAL_TEE_LOAD_MASTER - Must be called on CPU Core 0. Protected
   memory for TEE must be reserved before calling this function. This API
   needs arguments filled into struct ppa_tee_load_info. The TEE image is
   authenticated and if there are no errors, the control passes to the TEE
   entry point.

2. PPA_SERV_HAL_TEE_LOAD_SLAVE - Called on other CPU cores only after
   a TEE_LOAD_MASTER call. Takes no arguments. Checks if TEE was
   successfully loaded (on core 0) and transfers control to the same TEE
   entry point.

The code at TEE entry point is expected perform OS initialization steps
and return back to non-secure world (U-Boot).

Signed-off-by: default avatarHarinarayan Bhatta <harinarayan@ti.com>
Signed-off-by: default avatarAndrew F. Davis <afd@ti.com>
Reviewed-by: default avatarTom Rini <trini@konsulko.com>