1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, 2019, Linaro Limited 4 * Copyright (c) 2020, Arm Limited. 5 */ 6 7 /* 8 * Security properties of REE-FS TAs 9 * ================================= 10 * 11 * Authentication only 12 * ------------------- 13 * 14 * Required security properties: 15 * 1. Authentication and non-repudiation of a TA to Service Provider (SP). 16 * 2. Integrity of a TA. 17 * 18 * To satisfy (1) and (2), SP needs to sign TA and OP-TEE core needs to verify 19 * the signature using SP public key with computed hash of the TA. 20 * 21 * Authentication along with Confidentiality 22 * ----------------------------------------- 23 * 24 * Required security properties: 25 * 1. Authentication and non-repudiation of a TA to Service Provider (SP). 26 * 2. Confidentiality of a TA. 27 * 3. Integrity of an encrypted TA blob. 28 * 29 * To satisfy (1), SP needs to sign plain TA and OP-TEE core needs to verify the 30 * signature using SP public key with computed hash of the TA. 31 * 32 * To satisfy (2) and (3), SP needs to do authenticated encryption of TA and 33 * OP-TEE core needs to do authenticated decryption of TA to retrieve its 34 * contents. Here encryption provides the confidentiality of TA and MAC tag 35 * provides the integrity of encrypted TA blob. 36 */ 37 38 #include <assert.h> 39 #include <crypto/crypto.h> 40 #include <initcall.h> 41 #include <kernel/thread.h> 42 #include <kernel/ts_store.h> 43 #include <mm/core_memprot.h> 44 #include <mm/tee_mm.h> 45 #include <mm/mobj.h> 46 #include <optee_rpc_cmd.h> 47 #include <signed_hdr.h> 48 #include <stdlib.h> 49 #include <string.h> 50 #include <tee_api_defines_extensions.h> 51 #include <tee_api_types.h> 52 #include <tee/tee_pobj.h> 53 #include <tee/tee_svc_storage.h> 54 #include <tee/tee_ta_enc_manager.h> 55 #include <tee/uuid.h> 56 #include <utee_defines.h> 57 58 struct ree_fs_ta_handle { 59 struct shdr *nw_ta; /* Non-secure (shared memory) */ 60 size_t nw_ta_size; 61 struct mobj *mobj; 62 size_t offs; 63 struct shdr *shdr; /* Verified secure copy of @nw_ta's signed header */ 64 void *hash_ctx; 65 void *enc_ctx; 66 struct shdr_bootstrap_ta *bs_hdr; 67 struct shdr_encrypted_ta *ehdr; 68 }; 69 70 struct ta_ver_db_hdr { 71 uint32_t db_version; 72 uint32_t nb_entries; 73 }; 74 75 static const char ta_ver_db_obj_id[] = "ta_ver.db"; 76 static struct mutex ta_ver_db_mutex = MUTEX_INITIALIZER; 77 78 /* 79 * Load a TA via RPC with UUID defined by input param @uuid. The virtual 80 * address of the raw TA binary is received in out parameter @ta. 81 */ 82 static TEE_Result rpc_load(const TEE_UUID *uuid, struct shdr **ta, 83 size_t *ta_size, struct mobj **mobj) 84 { 85 TEE_Result res; 86 struct thread_param params[2]; 87 88 if (!uuid || !ta || !mobj || !ta_size) 89 return TEE_ERROR_BAD_PARAMETERS; 90 91 memset(params, 0, sizeof(params)); 92 params[0].attr = THREAD_PARAM_ATTR_VALUE_IN; 93 tee_uuid_to_octets((void *)¶ms[0].u.value, uuid); 94 params[1].attr = THREAD_PARAM_ATTR_MEMREF_OUT; 95 96 res = thread_rpc_cmd(OPTEE_RPC_CMD_LOAD_TA, 2, params); 97 if (res != TEE_SUCCESS) 98 return res; 99 100 *mobj = thread_rpc_alloc_payload(params[1].u.memref.size); 101 if (!*mobj) 102 return TEE_ERROR_OUT_OF_MEMORY; 103 104 if ((*mobj)->size < params[1].u.memref.size) { 105 res = TEE_ERROR_SHORT_BUFFER; 106 goto exit; 107 } 108 109 *ta = mobj_get_va(*mobj, 0); 110 /* We don't expect NULL as thread_rpc_alloc_payload() was successful */ 111 assert(*ta); 112 *ta_size = params[1].u.memref.size; 113 114 params[0].attr = THREAD_PARAM_ATTR_VALUE_IN; 115 tee_uuid_to_octets((void *)¶ms[0].u.value, uuid); 116 params[1].attr = THREAD_PARAM_ATTR_MEMREF_OUT; 117 params[1].u.memref.offs = 0; 118 params[1].u.memref.mobj = *mobj; 119 120 res = thread_rpc_cmd(OPTEE_RPC_CMD_LOAD_TA, 2, params); 121 exit: 122 if (res != TEE_SUCCESS) 123 thread_rpc_free_payload(*mobj); 124 125 return res; 126 } 127 128 static TEE_Result ree_fs_ta_open(const TEE_UUID *uuid, 129 struct ts_store_handle **h) 130 { 131 struct ree_fs_ta_handle *handle; 132 struct shdr *shdr = NULL; 133 struct mobj *mobj = NULL; 134 void *hash_ctx = NULL; 135 struct shdr *ta = NULL; 136 size_t ta_size = 0; 137 TEE_Result res; 138 size_t offs; 139 struct shdr_bootstrap_ta *bs_hdr = NULL; 140 struct shdr_encrypted_ta *ehdr = NULL; 141 142 handle = calloc(1, sizeof(*handle)); 143 if (!handle) 144 return TEE_ERROR_OUT_OF_MEMORY; 145 146 /* Request TA from tee-supplicant */ 147 res = rpc_load(uuid, &ta, &ta_size, &mobj); 148 if (res != TEE_SUCCESS) 149 goto error; 150 151 /* Make secure copy of signed header */ 152 shdr = shdr_alloc_and_copy(ta, ta_size); 153 if (!shdr) { 154 res = TEE_ERROR_SECURITY; 155 goto error_free_payload; 156 } 157 158 /* Validate header signature */ 159 res = shdr_verify_signature(shdr); 160 if (res != TEE_SUCCESS) 161 goto error_free_payload; 162 if (shdr->img_type != SHDR_TA && shdr->img_type != SHDR_BOOTSTRAP_TA && 163 shdr->img_type != SHDR_ENCRYPTED_TA) { 164 res = TEE_ERROR_SECURITY; 165 goto error_free_payload; 166 } 167 168 /* 169 * Initialize a hash context and run the algorithm over the signed 170 * header (less the final file hash and its signature of course) 171 */ 172 res = crypto_hash_alloc_ctx(&hash_ctx, 173 TEE_DIGEST_HASH_TO_ALGO(shdr->algo)); 174 if (res != TEE_SUCCESS) 175 goto error_free_payload; 176 res = crypto_hash_init(hash_ctx); 177 if (res != TEE_SUCCESS) 178 goto error_free_hash; 179 res = crypto_hash_update(hash_ctx, (uint8_t *)shdr, sizeof(*shdr)); 180 if (res != TEE_SUCCESS) 181 goto error_free_hash; 182 offs = SHDR_GET_SIZE(shdr); 183 184 if (shdr->img_type == SHDR_BOOTSTRAP_TA || 185 shdr->img_type == SHDR_ENCRYPTED_TA) { 186 TEE_UUID bs_uuid; 187 188 if (ta_size < SHDR_GET_SIZE(shdr) + sizeof(*bs_hdr)) { 189 res = TEE_ERROR_SECURITY; 190 goto error_free_hash; 191 } 192 193 bs_hdr = malloc(sizeof(*bs_hdr)); 194 if (!bs_hdr) { 195 res = TEE_ERROR_OUT_OF_MEMORY; 196 goto error_free_hash; 197 } 198 199 memcpy(bs_hdr, (uint8_t *)ta + offs, sizeof(*bs_hdr)); 200 201 /* 202 * There's a check later that the UUID embedded inside the 203 * ELF is matching, but since we now have easy access to 204 * the expected uuid of the TA we check it a bit earlier 205 * here. 206 */ 207 tee_uuid_from_octets(&bs_uuid, bs_hdr->uuid); 208 if (memcmp(&bs_uuid, uuid, sizeof(TEE_UUID))) { 209 res = TEE_ERROR_SECURITY; 210 goto error_free_hash; 211 } 212 213 res = crypto_hash_update(hash_ctx, (uint8_t *)bs_hdr, 214 sizeof(*bs_hdr)); 215 if (res != TEE_SUCCESS) 216 goto error_free_hash; 217 offs += sizeof(*bs_hdr); 218 handle->bs_hdr = bs_hdr; 219 } 220 221 if (shdr->img_type == SHDR_ENCRYPTED_TA) { 222 struct shdr_encrypted_ta img_ehdr; 223 224 if (ta_size < SHDR_GET_SIZE(shdr) + 225 sizeof(struct shdr_bootstrap_ta) + sizeof(img_ehdr)) { 226 res = TEE_ERROR_SECURITY; 227 goto error_free_hash; 228 } 229 230 memcpy(&img_ehdr, ((uint8_t *)ta + offs), sizeof(img_ehdr)); 231 232 ehdr = malloc(SHDR_ENC_GET_SIZE(&img_ehdr)); 233 if (!ehdr) { 234 res = TEE_ERROR_OUT_OF_MEMORY; 235 goto error_free_hash; 236 } 237 238 memcpy(ehdr, ((uint8_t *)ta + offs), 239 SHDR_ENC_GET_SIZE(&img_ehdr)); 240 241 res = crypto_hash_update(hash_ctx, (uint8_t *)ehdr, 242 SHDR_ENC_GET_SIZE(ehdr)); 243 if (res != TEE_SUCCESS) 244 goto error_free_hash; 245 246 res = tee_ta_decrypt_init(&handle->enc_ctx, ehdr, 247 shdr->img_size); 248 if (res != TEE_SUCCESS) 249 goto error_free_hash; 250 251 offs += SHDR_ENC_GET_SIZE(ehdr); 252 handle->ehdr = ehdr; 253 } 254 255 if (ta_size != offs + shdr->img_size) { 256 res = TEE_ERROR_SECURITY; 257 goto error_free_hash; 258 } 259 260 handle->nw_ta = ta; 261 handle->nw_ta_size = ta_size; 262 handle->offs = offs; 263 handle->hash_ctx = hash_ctx; 264 handle->shdr = shdr; 265 handle->mobj = mobj; 266 *h = (struct ts_store_handle *)handle; 267 return TEE_SUCCESS; 268 269 error_free_hash: 270 crypto_hash_free_ctx(hash_ctx); 271 error_free_payload: 272 thread_rpc_free_payload(mobj); 273 error: 274 free(ehdr); 275 free(bs_hdr); 276 shdr_free(shdr); 277 free(handle); 278 return res; 279 } 280 281 static TEE_Result ree_fs_ta_get_size(const struct ts_store_handle *h, 282 size_t *size) 283 { 284 struct ree_fs_ta_handle *handle = (struct ree_fs_ta_handle *)h; 285 286 *size = handle->shdr->img_size; 287 return TEE_SUCCESS; 288 } 289 290 static TEE_Result ree_fs_ta_get_tag(const struct ts_store_handle *h, 291 uint8_t *tag, unsigned int *tag_len) 292 { 293 struct ree_fs_ta_handle *handle = (struct ree_fs_ta_handle *)h; 294 295 if (!tag || *tag_len < handle->shdr->hash_size) { 296 *tag_len = handle->shdr->hash_size; 297 return TEE_ERROR_SHORT_BUFFER; 298 } 299 *tag_len = handle->shdr->hash_size; 300 301 memcpy(tag, SHDR_GET_HASH(handle->shdr), handle->shdr->hash_size); 302 303 return TEE_SUCCESS; 304 } 305 306 static TEE_Result check_digest(struct ree_fs_ta_handle *h) 307 { 308 void *digest = NULL; 309 TEE_Result res; 310 311 digest = malloc(h->shdr->hash_size); 312 if (!digest) 313 return TEE_ERROR_OUT_OF_MEMORY; 314 res = crypto_hash_final(h->hash_ctx, digest, h->shdr->hash_size); 315 if (res != TEE_SUCCESS) { 316 res = TEE_ERROR_SECURITY; 317 goto out; 318 } 319 if (memcmp(digest, SHDR_GET_HASH(h->shdr), h->shdr->hash_size)) 320 res = TEE_ERROR_SECURITY; 321 out: 322 free(digest); 323 return res; 324 } 325 326 static TEE_Result check_update_version(struct shdr_bootstrap_ta *hdr) 327 { 328 struct shdr_bootstrap_ta hdr_entry = { }; 329 const struct tee_file_operations *ops = NULL; 330 struct tee_file_handle *fh = NULL; 331 TEE_Result res = TEE_SUCCESS; 332 bool entry_found = false; 333 size_t len = 0; 334 unsigned int i = 0; 335 struct ta_ver_db_hdr db_hdr = { }; 336 struct tee_pobj pobj = { 337 .obj_id = (void *)ta_ver_db_obj_id, 338 .obj_id_len = sizeof(ta_ver_db_obj_id) 339 }; 340 341 ops = tee_svc_storage_file_ops(TEE_STORAGE_PRIVATE); 342 if (!ops) 343 return TEE_SUCCESS; /* Compiled with no secure storage */ 344 345 mutex_lock(&ta_ver_db_mutex); 346 347 res = ops->open(&pobj, NULL, &fh); 348 if (res != TEE_SUCCESS && res != TEE_ERROR_ITEM_NOT_FOUND) 349 goto out; 350 351 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 352 res = ops->create(&pobj, false, NULL, 0, NULL, 0, NULL, 0, &fh); 353 if (res != TEE_SUCCESS) 354 goto out; 355 356 res = ops->write(fh, 0, &db_hdr, sizeof(db_hdr)); 357 if (res != TEE_SUCCESS) 358 goto out; 359 } else { 360 len = sizeof(db_hdr); 361 362 res = ops->read(fh, 0, &db_hdr, &len); 363 if (res != TEE_SUCCESS) { 364 goto out; 365 } else if (len != sizeof(db_hdr)) { 366 res = TEE_ERROR_BAD_STATE; 367 goto out; 368 } 369 } 370 371 for (i = 0; i < db_hdr.nb_entries; i++) { 372 len = sizeof(hdr_entry); 373 374 res = ops->read(fh, sizeof(db_hdr) + (i * len), &hdr_entry, 375 &len); 376 if (res != TEE_SUCCESS) { 377 goto out; 378 } else if (len != sizeof(hdr_entry)) { 379 res = TEE_ERROR_BAD_STATE; 380 goto out; 381 } 382 383 if (!memcmp(hdr->uuid, hdr_entry.uuid, sizeof(TEE_UUID))) { 384 entry_found = true; 385 break; 386 } 387 } 388 389 if (entry_found) { 390 if (hdr_entry.ta_version > hdr->ta_version) { 391 res = TEE_ERROR_ACCESS_CONFLICT; 392 goto out; 393 } else if (hdr_entry.ta_version < hdr->ta_version) { 394 len = sizeof(*hdr); 395 res = ops->write(fh, sizeof(db_hdr) + (i * len), hdr, 396 len); 397 if (res != TEE_SUCCESS) 398 goto out; 399 } 400 } else { 401 len = sizeof(*hdr); 402 res = ops->write(fh, sizeof(db_hdr) + (db_hdr.nb_entries * len), 403 hdr, len); 404 if (res != TEE_SUCCESS) 405 goto out; 406 407 db_hdr.nb_entries++; 408 res = ops->write(fh, 0, &db_hdr, sizeof(db_hdr)); 409 if (res != TEE_SUCCESS) 410 goto out; 411 } 412 413 out: 414 ops->close(&fh); 415 mutex_unlock(&ta_ver_db_mutex); 416 return res; 417 } 418 419 static TEE_Result ree_fs_ta_read(struct ts_store_handle *h, void *data, 420 size_t len) 421 { 422 struct ree_fs_ta_handle *handle = (struct ree_fs_ta_handle *)h; 423 424 uint8_t *src = (uint8_t *)handle->nw_ta + handle->offs; 425 size_t next_offs = 0; 426 uint8_t *dst = src; 427 TEE_Result res = TEE_SUCCESS; 428 429 if (ADD_OVERFLOW(handle->offs, len, &next_offs) || 430 next_offs > handle->nw_ta_size) 431 return TEE_ERROR_BAD_PARAMETERS; 432 433 if (handle->shdr->img_type == SHDR_ENCRYPTED_TA) { 434 if (data) { 435 dst = data; /* Hash secure buffer */ 436 res = tee_ta_decrypt_update(handle->enc_ctx, dst, src, 437 len); 438 if (res != TEE_SUCCESS) 439 return TEE_ERROR_SECURITY; 440 } else { 441 size_t num_bytes = 0; 442 size_t b_size = MIN(1024U, len); 443 uint8_t *b = malloc(b_size); 444 445 if (!b) 446 return TEE_ERROR_OUT_OF_MEMORY; 447 448 dst = NULL; 449 while (num_bytes < len) { 450 size_t n = MIN(b_size, len - num_bytes); 451 452 res = tee_ta_decrypt_update(handle->enc_ctx, b, 453 src + num_bytes, n); 454 if (res) 455 break; 456 num_bytes += n; 457 458 res = crypto_hash_update(handle->hash_ctx, b, 459 n); 460 if (res) 461 break; 462 } 463 464 free(b); 465 if (res != TEE_SUCCESS) 466 return TEE_ERROR_SECURITY; 467 } 468 } else if (data) { 469 dst = data; /* Hash secure buffer (shm might be modified) */ 470 memcpy(dst, src, len); 471 } 472 473 if (dst) { 474 res = crypto_hash_update(handle->hash_ctx, dst, len); 475 if (res != TEE_SUCCESS) 476 return TEE_ERROR_SECURITY; 477 } 478 479 handle->offs = next_offs; 480 if (handle->offs == handle->nw_ta_size) { 481 if (handle->shdr->img_type == SHDR_ENCRYPTED_TA) { 482 /* 483 * Last read: time to finalize authenticated 484 * decryption. 485 */ 486 res = tee_ta_decrypt_final(handle->enc_ctx, 487 handle->ehdr, NULL, NULL, 0); 488 if (res != TEE_SUCCESS) 489 return TEE_ERROR_SECURITY; 490 } 491 /* 492 * Last read: time to check if our digest matches the expected 493 * one (from the signed header) 494 */ 495 res = check_digest(handle); 496 if (res != TEE_SUCCESS) 497 return res; 498 499 if (handle->bs_hdr) 500 res = check_update_version(handle->bs_hdr); 501 } 502 return res; 503 } 504 505 static void ree_fs_ta_close(struct ts_store_handle *h) 506 { 507 struct ree_fs_ta_handle *handle = (struct ree_fs_ta_handle *)h; 508 509 if (!handle) 510 return; 511 thread_rpc_free_payload(handle->mobj); 512 crypto_hash_free_ctx(handle->hash_ctx); 513 free(handle->shdr); 514 free(handle->ehdr); 515 free(handle->bs_hdr); 516 free(handle); 517 } 518 519 #ifndef CFG_REE_FS_TA_BUFFERED 520 REGISTER_TA_STORE(9) = { 521 .description = "REE", 522 .open = ree_fs_ta_open, 523 .get_size = ree_fs_ta_get_size, 524 .get_tag = ree_fs_ta_get_tag, 525 .read = ree_fs_ta_read, 526 .close = ree_fs_ta_close, 527 }; 528 #endif 529 530 #ifdef CFG_REE_FS_TA_BUFFERED 531 532 /* 533 * This is a wrapper around the "REE FS" TA store. 534 * The whole TA/library is read into a temporary buffer during .open(). This 535 * allows the binary to be authenticated before any data is read and processed 536 * by the upper layer (ELF loader). 537 */ 538 539 struct buf_ree_fs_ta_handle { 540 struct ts_store_handle *h; /* Note: a REE FS TA store handle */ 541 size_t ta_size; 542 tee_mm_entry_t *mm; 543 uint8_t *buf; 544 size_t offs; 545 uint8_t *tag; 546 unsigned int tag_len; 547 }; 548 549 static TEE_Result buf_ta_open(const TEE_UUID *uuid, 550 struct ts_store_handle **h) 551 { 552 struct buf_ree_fs_ta_handle *handle = NULL; 553 TEE_Result res = TEE_SUCCESS; 554 555 handle = calloc(1, sizeof(*handle)); 556 if (!handle) 557 return TEE_ERROR_OUT_OF_MEMORY; 558 res = ree_fs_ta_open(uuid, &handle->h); 559 if (res) 560 goto err2; 561 res = ree_fs_ta_get_size(handle->h, &handle->ta_size); 562 if (res) 563 goto err; 564 565 res = ree_fs_ta_get_tag(handle->h, NULL, &handle->tag_len); 566 if (res != TEE_ERROR_SHORT_BUFFER) { 567 res = TEE_ERROR_GENERIC; 568 goto err; 569 } 570 handle->tag = malloc(handle->tag_len); 571 if (!handle->tag) { 572 res = TEE_ERROR_OUT_OF_MEMORY; 573 goto err; 574 } 575 res = ree_fs_ta_get_tag(handle->h, handle->tag, &handle->tag_len); 576 if (res) 577 goto err; 578 579 handle->mm = tee_mm_alloc(&tee_mm_sec_ddr, handle->ta_size); 580 if (!handle->mm) { 581 res = TEE_ERROR_OUT_OF_MEMORY; 582 goto err; 583 } 584 handle->buf = phys_to_virt(tee_mm_get_smem(handle->mm), 585 MEM_AREA_TA_RAM); 586 if (!handle->buf) { 587 res = TEE_ERROR_OUT_OF_MEMORY; 588 goto err; 589 } 590 res = ree_fs_ta_read(handle->h, handle->buf, handle->ta_size); 591 if (res) 592 goto err; 593 *h = (struct ts_store_handle *)handle; 594 err: 595 ree_fs_ta_close(handle->h); 596 err2: 597 if (res) { 598 tee_mm_free(handle->mm); 599 free(handle->tag); 600 free(handle); 601 } 602 return res; 603 } 604 605 static TEE_Result buf_ta_get_size(const struct ts_store_handle *h, 606 size_t *size) 607 { 608 struct buf_ree_fs_ta_handle *handle = (struct buf_ree_fs_ta_handle *)h; 609 610 *size = handle->ta_size; 611 return TEE_SUCCESS; 612 } 613 614 static TEE_Result buf_ta_read(struct ts_store_handle *h, void *data, 615 size_t len) 616 { 617 struct buf_ree_fs_ta_handle *handle = (struct buf_ree_fs_ta_handle *)h; 618 uint8_t *src = handle->buf + handle->offs; 619 size_t next_offs = 0; 620 621 if (ADD_OVERFLOW(handle->offs, len, &next_offs) || 622 next_offs > handle->ta_size) 623 return TEE_ERROR_BAD_PARAMETERS; 624 625 if (data) 626 memcpy(data, src, len); 627 handle->offs = next_offs; 628 return TEE_SUCCESS; 629 } 630 631 static TEE_Result buf_ta_get_tag(const struct ts_store_handle *h, 632 uint8_t *tag, unsigned int *tag_len) 633 { 634 struct buf_ree_fs_ta_handle *handle = (struct buf_ree_fs_ta_handle *)h; 635 636 *tag_len = handle->tag_len; 637 if (!tag || *tag_len < handle->tag_len) 638 return TEE_ERROR_SHORT_BUFFER; 639 640 memcpy(tag, handle->tag, handle->tag_len); 641 642 return TEE_SUCCESS; 643 } 644 645 static void buf_ta_close(struct ts_store_handle *h) 646 { 647 struct buf_ree_fs_ta_handle *handle = (struct buf_ree_fs_ta_handle *)h; 648 649 if (!handle) 650 return; 651 tee_mm_free(handle->mm); 652 free(handle->tag); 653 free(handle); 654 } 655 656 REGISTER_TA_STORE(9) = { 657 .description = "REE [buffered]", 658 .open = buf_ta_open, 659 .get_size = buf_ta_get_size, 660 .get_tag = buf_ta_get_tag, 661 .read = buf_ta_read, 662 .close = buf_ta_close, 663 }; 664 665 #endif /* CFG_REE_FS_TA_BUFFERED */ 666