From: Sascha Hauer <s.hauer@pengutronix.de>
To: BAREBOX <barebox@lists.infradead.org>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH v2 13/14] ARM: i.MX: Webasto ccbv2: fix barebox chainloading with OP-TEE enabled
Date: Mon, 30 Jun 2025 09:45:55 +0200 [thread overview]
Message-ID: <20250630-arm-optee-early-helper-v2-13-c8cce3ae42b0@pengutronix.de> (raw)
In-Reply-To: <20250630-arm-optee-early-helper-v2-0-c8cce3ae42b0@pengutronix.de>
When barebox starts we have to guess if we have to start OP-TEE or not.
The current detection works by checking if the first stage passed us a
device tree pointer. This is not robust and might have security issues
[1], so replace that with the check with imx6_can_access_tzasc(). If we
can access the TZASC then we are the first stage and configure it and
start OP-TEE, otherwise assume that we are chainloaded and continue
without starting OP-TEE.
Chainloading barebox with OP-TEE enabled contained several bugs, so it
never actually worked. This patch fixes them.
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/boards/webasto-ccbv2/lowlevel.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/arch/arm/boards/webasto-ccbv2/lowlevel.c b/arch/arm/boards/webasto-ccbv2/lowlevel.c
index 7a198bd801d41e61e6ab4b3c284948154b61d1ca..c25f8a9cb3ce58742576aa05193f1cf730e2e2c7 100644
--- a/arch/arm/boards/webasto-ccbv2/lowlevel.c
+++ b/arch/arm/boards/webasto-ccbv2/lowlevel.c
@@ -13,6 +13,7 @@
#include <mach/imx/iomux-mx6ul.h>
#include <asm/cache.h>
#include <tee/optee.h>
+#include <mach/imx/tzasc.h>
#include "ccbv2.h"
@@ -31,28 +32,21 @@ static void configure_uart(void)
}
-static void noinline start_ccbv2(u32 r0, unsigned long mem_size, char *fdt)
+static void noinline start_ccbv2(unsigned long mem_size, char *fdt)
{
int tee_size;
void *tee;
- /* Enable normal/secure r/w for TZC380 region0 */
- writel(0xf0000000, 0x021D0108);
-
configure_uart();
/*
- * Chainloading barebox will pass a device tree within the RAM in r0,
- * skip OP-TEE early loading in this case
+ * Skip loading barebox when we are chainloaded. We can detect that by detecting
+ * if we can access the TZASC.
*/
- if(IS_ENABLED(CONFIG_FIRMWARE_CCBV2_OPTEE)
- && !(r0 > MX6_MMDC_P0_BASE_ADDR
- && r0 < MX6_MMDC_P0_BASE_ADDR + mem_size)) {
+ if (IS_ENABLED(CONFIG_FIRMWARE_TQMA6UL_OPTEE) && imx6_can_access_tzasc()) {
get_builtin_firmware(ccbv2_optee_bin, &tee, &tee_size);
- memset((void *)OPTEE_OVERLAY_LOCATION, 0, 0x1000);
-
- start_optee_early(NULL, tee);
+ imx6ul_start_optee_early(NULL, tee, (void *)OPTEE_OVERLAY_LOCATION, 0x1000);
}
imx6ul_barebox_entry(fdt);
@@ -70,7 +64,7 @@ ENTRY_FUNCTION(start_imx6ul_ccbv2_256m, r0, r1, r2)
setup_c();
barrier();
- start_ccbv2(r0, SZ_256M, __dtb_z_imx6ul_webasto_ccbv2_start);
+ start_ccbv2(SZ_256M, __dtb_z_imx6ul_webasto_ccbv2_start);
}
ENTRY_FUNCTION(start_imx6ul_ccbv2_512m, r0, r1, r2)
@@ -83,7 +77,7 @@ ENTRY_FUNCTION(start_imx6ul_ccbv2_512m, r0, r1, r2)
setup_c();
barrier();
- start_ccbv2(r0, SZ_512M, __dtb_z_imx6ul_webasto_ccbv2_start);
+ start_ccbv2(SZ_512M, __dtb_z_imx6ul_webasto_ccbv2_start);
}
extern char __dtb_z_imx6ul_webasto_marvel_start[];
@@ -97,5 +91,5 @@ ENTRY_FUNCTION(start_imx6ul_marvel, r0, r1, r2)
setup_c();
barrier();
- start_ccbv2(r0, SZ_512M, __dtb_z_imx6ul_webasto_marvel_start);
+ start_ccbv2(SZ_512M, __dtb_z_imx6ul_webasto_marvel_start);
}
--
2.39.5
next prev parent reply other threads:[~2025-06-30 8:06 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-30 7:45 [PATCH v2 00/14] i.MX6 TZASC and OP-TEE early helpers Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 01/14] pbl: add panic_no_stacktrace() Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 02/14] arch: Allow data_abort_mask() in PBL Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 03/14] ARM: add exception handling support for PBL Sascha Hauer
2025-06-30 8:54 ` Marco Felsch
2025-06-30 7:45 ` [PATCH v2 04/14] ARM: i.MX6QDL: add imxcfg helper to configure the TZASC1/2 Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 05/14] ARM: i.MX6Q: add imx6_get_mmdc_sdram_size Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 06/14] ARM: i.MX: add config symbol for TZASC Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 07/14] ARM: mach-imx: tzasc: add region configure helpers Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 08/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_early_ns_region1() Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 09/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_is_bypassed() Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 10/14] ARM: i.MX: add imx6_can_access_tzasc() Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 11/14] ARM: optee-early: add mx6_start_optee_early helper Sascha Hauer
2025-06-30 7:45 ` [PATCH v2 12/14] ARM: i.MX: tqma6ulx: fix barebox chainloading with OP-TEE enabled Sascha Hauer
2025-06-30 7:45 ` Sascha Hauer [this message]
2025-06-30 7:45 ` [PATCH v2 14/14] ARM: i.MX: tqma6ulx: use ENTRY_FUNCTION_WITHSTACK Sascha Hauer
2025-07-02 6:13 ` [PATCH v2 00/14] i.MX6 TZASC and OP-TEE early helpers Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250630-arm-optee-early-helper-v2-13-c8cce3ae42b0@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox