core/tee/tee_rpmb_fs.c

1bb92983SJerome Forissier// SPDX-License-Identifier: BSD-2-Clause
b0104773SPascal Brand/*
b0104773SPascal Brand * Copyright (c) 2014, STMicroelectronics International N.V.
b0104773SPascal Brand */
b0104773SPascal Brand
0c96a71dSJerome Forissier#include <assert.h>
85076371SEtienne Carriere#include <config.h>
e1770e71SJens Wiklander#include <crypto/crypto.h>
9cc10bc9SJens Wiklander#include <kernel/huk_subkey.h>
142d5af2SVolodymyr Babchuk#include <kernel/misc.h>
142d5af2SVolodymyr Babchuk#include <kernel/msg_param.h>
0c96a71dSJerome Forissier#include <kernel/mutex.h>
d13278b8SEtienne Carriere#include <kernel/panic.h>
b2215adfSJens Wiklander#include <kernel/tee_common.h>
0c96a71dSJerome Forissier#include <kernel/tee_common_otp.h>
b2215adfSJens Wiklander#include <kernel/tee_misc.h>
0c96a71dSJerome Forissier#include <kernel/thread.h>
b2284b11SJens Wiklander#include <kernel/user_access.h>
64c6d291SEtienne Carriere#include <mempool.h>
0c96a71dSJerome Forissier#include <mm/core_memprot.h>
142d5af2SVolodymyr Babchuk#include <mm/mobj.h>
b0104773SPascal Brand#include <mm/tee_mm.h>
6009538cSJens Wiklander#include <optee_rpc_cmd.h>
b0104773SPascal Brand#include <stdlib.h>
a8a78b85SJerome Forissier#include <string_ext.h>
b2215adfSJens Wiklander#include <string.h>
a8a78b85SJerome Forissier#include <sys/queue.h>
*dc2cf47aSEtienne Carriere#include <string_ext.h>
add06171SJerome Forissier#include <tee/tee_fs.h>
add06171SJerome Forissier#include <tee/tee_fs_key_manager.h>
b2215adfSJens Wiklander#include <tee/tee_pobj.h>
b2215adfSJens Wiklander#include <tee/tee_svc_storage.h>
0c96a71dSJerome Forissier#include <trace.h>
0c96a71dSJerome Forissier#include <util.h>
c3e8a2d9SJerome Forissier
b0104773SPascal Brand#define RPMB_STORAGE_START_ADDRESS      0
b0104773SPascal Brand#define RPMB_FS_FAT_START_ADDRESS       512
b0104773SPascal Brand#define RPMB_BLOCK_SIZE_SHIFT           8
8d22c45dSPeifu Jiang#define RPMB_CID_PRV_OFFSET             9
8d22c45dSPeifu Jiang#define RPMB_CID_CRC_OFFSET             15
b0104773SPascal Brand
b0104773SPascal Brand#define RPMB_FS_MAGIC                   0x52504D42
a8a78b85SJerome Forissier#define FS_VERSION                      2
b0104773SPascal Brand
b0104773SPascal Brand#define FILE_IS_ACTIVE                  (1u << 0)
b0104773SPascal Brand#define FILE_IS_LAST_ENTRY              (1u << 1)
b0104773SPascal Brand
0c96a71dSJerome Forissier#define TEE_RPMB_FS_FILENAME_LENGTH 224
0c96a71dSJerome Forissier
64c6d291SEtienne Carriere#define TMP_BLOCK_SIZE			4096U
64c6d291SEtienne Carriere
a8fb1651SJens Wiklander#define RPMB_MAX_RETRIES		10
a8fb1651SJens Wiklander
b0104773SPascal Brand/**
5f68d784SManuel Huber * Utilized when caching is enabled, i.e., when CFG_RPMB_FS_CACHE_ENTRIES > 0.
5f68d784SManuel Huber * Cache size + the number of entries that are repeatedly read in and buffered
5f68d784SManuel Huber * once the cache is full.
5f68d784SManuel Huber */
5f68d784SManuel Huber#define RPMB_BUF_MAX_ENTRIES (CFG_RPMB_FS_CACHE_ENTRIES + \
5f68d784SManuel Huber			      CFG_RPMB_FS_RD_ENTRIES)
5f68d784SManuel Huber
5f68d784SManuel Huber/**
b0104773SPascal Brand * FS parameters: Information often used by internal functions.
b0104773SPascal Brand * fat_start_address will be set by rpmb_fs_setup().
b0104773SPascal Brand * rpmb_fs_parameters can be read by any other function.
b0104773SPascal Brand */
b0104773SPascal Brandstruct rpmb_fs_parameters {
b0104773SPascal Brand	uint32_t fat_start_address;
a8a78b85SJerome Forissier	uint32_t max_rpmb_address;
b0104773SPascal Brand};
b0104773SPascal Brand
b0104773SPascal Brand/**
b0104773SPascal Brand * File entry for a single file in a RPMB_FS partition.
b0104773SPascal Brand */
b0104773SPascal Brandstruct rpmb_fat_entry {
b0104773SPascal Brand	uint32_t start_address;
b0104773SPascal Brand	uint32_t data_size;
b0104773SPascal Brand	uint32_t flags;
e92de4caSJerome Forissier	uint32_t unused;
9e84c17eSJerome Forissier	uint8_t fek[TEE_FS_KM_FEK_SIZE];
a8a78b85SJerome Forissier	char filename[TEE_RPMB_FS_FILENAME_LENGTH];
b0104773SPascal Brand};
b0104773SPascal Brand
b0104773SPascal Brand/**
5f68d784SManuel Huber * Structure that describes buffered/cached FAT FS entries in RPMB storage.
5f68d784SManuel Huber * This structure is used in functions traversing the FAT FS.
5f68d784SManuel Huber */
5f68d784SManuel Huberstruct rpmb_fat_entry_dir {
5f68d784SManuel Huber	/*
5f68d784SManuel Huber	 * Buffer storing the FAT FS entries read in from RPMB storage. It
5f68d784SManuel Huber	 * includes the optional cache entries (CFG_RPMB_FS_CACHE_ENTRIES)
5f68d784SManuel Huber	 * and entries temporary read for current FAT FS traversal
5f68d784SManuel Huber	 * (CFG_RPMB_FS_RD_ENTRIES) when not found from cached entries.
5f68d784SManuel Huber	 */
5f68d784SManuel Huber	struct rpmb_fat_entry *rpmb_fat_entry_buf;
5f68d784SManuel Huber	/* Current index of FAT FS entry to read from buffer. */
5f68d784SManuel Huber	uint32_t idx_curr;
5f68d784SManuel Huber	/* Total number of FAT FS entries in buffer. */
5f68d784SManuel Huber	uint32_t num_buffered;
5f68d784SManuel Huber	/* Total number of FAT FS entries read during traversal. */
5f68d784SManuel Huber	uint32_t num_total_read;
5f68d784SManuel Huber	/* Indicates that last FAT FS entry was read. */
5f68d784SManuel Huber	bool last_reached;
5f68d784SManuel Huber};
5f68d784SManuel Huber
5f68d784SManuel Huber/**
b0104773SPascal Brand * FAT entry context with reference to a FAT entry and its
b0104773SPascal Brand * location in RPMB.
b0104773SPascal Brand */
a8a78b85SJerome Forissierstruct rpmb_file_handle {
b0104773SPascal Brand	struct rpmb_fat_entry fat_entry;
b399f70bSJens Wiklander	const TEE_UUID *uuid;
a8a78b85SJerome Forissier	char filename[TEE_RPMB_FS_FILENAME_LENGTH];
0c96a71dSJerome Forissier	/* Address for current entry in RPMB */
b0104773SPascal Brand	uint32_t rpmb_fat_address;
b0104773SPascal Brand};
b0104773SPascal Brand
b0104773SPascal Brand/**
b0104773SPascal Brand * RPMB_FS partition data
b0104773SPascal Brand */
b0104773SPascal Brandstruct rpmb_fs_partition {
b0104773SPascal Brand	uint32_t rpmb_fs_magic;
b0104773SPascal Brand	uint32_t fs_version;
b0104773SPascal Brand	uint32_t write_counter;
b0104773SPascal Brand	uint32_t fat_start_address;
b0104773SPascal Brand	/* Do not use reserved[] for other purpose than partition data. */
b0104773SPascal Brand	uint8_t reserved[112];
b0104773SPascal Brand};
b0104773SPascal Brand
a8a78b85SJerome Forissier/**
b2215adfSJens Wiklander * A node in a list of directory entries.
a8a78b85SJerome Forissier */
a8a78b85SJerome Forissierstruct tee_rpmb_fs_dirent {
a8a78b85SJerome Forissier	struct tee_fs_dirent entry;
a8a78b85SJerome Forissier	SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link;
a8a78b85SJerome Forissier};
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier/**
a8a78b85SJerome Forissier * The RPMB directory representation. It contains a queue of
a8a78b85SJerome Forissier * RPMB directory entries: 'next'.
a8a78b85SJerome Forissier * The current pointer points to the last directory entry
a8a78b85SJerome Forissier * returned by readdir().
a8a78b85SJerome Forissier */
a8a78b85SJerome Forissierstruct tee_fs_dir {
a8a78b85SJerome Forissier	struct tee_rpmb_fs_dirent *current;
0c96a71dSJerome Forissier	/* */
a8a78b85SJerome Forissier	SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next;
a8a78b85SJerome Forissier};
a8a78b85SJerome Forissier
b0104773SPascal Brandstatic struct rpmb_fs_parameters *fs_par;
5f68d784SManuel Huberstatic struct rpmb_fat_entry_dir *fat_entry_dir;
b0104773SPascal Brand
0c96a71dSJerome Forissier/*
0c96a71dSJerome Forissier * Lower interface to RPMB device
0c96a71dSJerome Forissier */
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define RPMB_DATA_OFFSET            (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE)
0c96a71dSJerome Forissier#define RPMB_MAC_PROTECT_DATA_SIZE  (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET)
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM          0x0001
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ    0x0002
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE           0x0003
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ            0x0004
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_REQ_RESULT_READ               0x0005
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM         0x0100
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ   0x0200
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE          0x0300
0c96a71dSJerome Forissier#define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ           0x0400
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define RPMB_STUFF_DATA_SIZE                        196
0c96a71dSJerome Forissier#define RPMB_KEY_MAC_SIZE                           32
0c96a71dSJerome Forissier#define RPMB_DATA_SIZE                              256
0c96a71dSJerome Forissier#define RPMB_NONCE_SIZE                             16
0c96a71dSJerome Forissier#define RPMB_DATA_FRAME_SIZE                        512
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define RPMB_RESULT_OK                              0x00
0c96a71dSJerome Forissier#define RPMB_RESULT_GENERAL_FAILURE                 0x01
0c96a71dSJerome Forissier#define RPMB_RESULT_AUTH_FAILURE                    0x02
0c96a71dSJerome Forissier#define RPMB_RESULT_COUNTER_FAILURE                 0x03
0c96a71dSJerome Forissier#define RPMB_RESULT_ADDRESS_FAILURE                 0x04
0c96a71dSJerome Forissier#define RPMB_RESULT_WRITE_FAILURE                   0x05
0c96a71dSJerome Forissier#define RPMB_RESULT_READ_FAILURE                    0x06
0c96a71dSJerome Forissier#define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED         0x07
0c96a71dSJerome Forissier#define RPMB_RESULT_MASK                            0x3F
0c96a71dSJerome Forissier#define RPMB_RESULT_WR_CNT_EXPIRED                  0x80
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/* RPMB internal commands */
0c96a71dSJerome Forissier#define RPMB_CMD_DATA_REQ      0x00
0c96a71dSJerome Forissier#define RPMB_CMD_GET_DEV_INFO  0x01
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define RPMB_SIZE_SINGLE (128 * 1024)
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/* Error codes for get_dev_info request/response. */
0c96a71dSJerome Forissier#define RPMB_CMD_GET_DEV_INFO_RET_OK     0x00
0c96a71dSJerome Forissier#define RPMB_CMD_GET_DEV_INFO_RET_ERROR  0x01
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstruct rpmb_data_frame {
0c96a71dSJerome Forissier	uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE];
0c96a71dSJerome Forissier	uint8_t key_mac[RPMB_KEY_MAC_SIZE];
0c96a71dSJerome Forissier	uint8_t data[RPMB_DATA_SIZE];
0c96a71dSJerome Forissier	uint8_t nonce[RPMB_NONCE_SIZE];
0c96a71dSJerome Forissier	uint8_t write_counter[4];
0c96a71dSJerome Forissier	uint8_t address[2];
0c96a71dSJerome Forissier	uint8_t block_count[2];
0c96a71dSJerome Forissier	uint8_t op_result[2];
0c96a71dSJerome Forissier	uint8_t msg_type[2];
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstruct rpmb_req {
0c96a71dSJerome Forissier	uint16_t cmd;
0c96a71dSJerome Forissier	uint16_t dev_id;
0c96a71dSJerome Forissier	uint16_t block_count;
0c96a71dSJerome Forissier	/* variable length of data */
0c96a71dSJerome Forissier	/* uint8_t data[]; REMOVED! */
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define TEE_RPMB_REQ_DATA(req) \
0c96a71dSJerome Forissier		((void *)((struct rpmb_req *)(req) + 1))
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstruct rpmb_raw_data {
0c96a71dSJerome Forissier	uint16_t msg_type;
0c96a71dSJerome Forissier	uint16_t *op_result;
0c96a71dSJerome Forissier	uint16_t *block_count;
0c96a71dSJerome Forissier	uint16_t *blk_idx;
0c96a71dSJerome Forissier	uint32_t *write_counter;
0c96a71dSJerome Forissier	uint8_t *nonce;
0c96a71dSJerome Forissier	uint8_t *key_mac;
0c96a71dSJerome Forissier	uint8_t *data;
0c96a71dSJerome Forissier	/* data length to read or write */
0c96a71dSJerome Forissier	uint32_t len;
0c96a71dSJerome Forissier	/* Byte address offset in the first block involved */
0c96a71dSJerome Forissier	uint8_t byte_offset;
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#define RPMB_EMMC_CID_SIZE 16
0c96a71dSJerome Forissierstruct rpmb_dev_info {
0c96a71dSJerome Forissier	uint8_t cid[RPMB_EMMC_CID_SIZE];
0c96a71dSJerome Forissier	/* EXT CSD-slice 168 "RPMB Size" */
0c96a71dSJerome Forissier	uint8_t rpmb_size_mult;
0c96a71dSJerome Forissier	/* EXT CSD-slice 222 "Reliable Write Sector Count" */
0c96a71dSJerome Forissier	uint8_t rel_wr_sec_c;
0c96a71dSJerome Forissier	/* Check the ret code and accept the data only if it is OK. */
0c96a71dSJerome Forissier	uint8_t ret_code;
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/*
0c96a71dSJerome Forissier * Struct for rpmb context data.
0c96a71dSJerome Forissier *
0c96a71dSJerome Forissier * @key              RPMB key.
0c96a71dSJerome Forissier * @cid              eMMC card ID.
0c96a71dSJerome Forissier * @wr_cnt           Current write counter.
0c96a71dSJerome Forissier * @max_blk_idx      The highest block index supported by current device.
0c96a71dSJerome Forissier * @rel_wr_blkcnt    Max number of data blocks for each reliable write.
0c96a71dSJerome Forissier * @dev_id           Device ID of the eMMC device.
0c96a71dSJerome Forissier * @wr_cnt_synced    Flag indicating if write counter is synced to RPMB.
0c96a71dSJerome Forissier * @key_derived      Flag indicating if key has been generated.
0c96a71dSJerome Forissier * @key_verified     Flag indicating the key generated is verified ok.
0c96a71dSJerome Forissier * @dev_info_synced  Flag indicating if dev info has been retrieved from RPMB.
8dfdf392SJens Wiklander * @legacy_operation Flag indicating if the legacy interface is used.
8dfdf392SJens Wiklander * @reinit           Flag indicating if the device needs to be found again
e94194d4SJens Wiklander * @shm_type         Indicates type of shared memory to allocate
0c96a71dSJerome Forissier */
0c96a71dSJerome Forissierstruct tee_rpmb_ctx {
0c96a71dSJerome Forissier	uint8_t key[RPMB_KEY_MAC_SIZE];
0c96a71dSJerome Forissier	uint8_t cid[RPMB_EMMC_CID_SIZE];
0c96a71dSJerome Forissier	uint32_t wr_cnt;
0c96a71dSJerome Forissier	uint16_t max_blk_idx;
0c96a71dSJerome Forissier	uint16_t rel_wr_blkcnt;
0c96a71dSJerome Forissier	uint16_t dev_id;
0c96a71dSJerome Forissier	bool wr_cnt_synced;
0c96a71dSJerome Forissier	bool key_derived;
0c96a71dSJerome Forissier	bool key_verified;
0c96a71dSJerome Forissier	bool dev_info_synced;
8dfdf392SJens Wiklander	bool legacy_operation;
8dfdf392SJens Wiklander	bool reinit;
e94194d4SJens Wiklander	enum thread_shm_type shm_type;
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic struct tee_rpmb_ctx *rpmb_ctx;
0c96a71dSJerome Forissier
a8fb1651SJens Wiklander/* If set to true, don't try to access RPMB until rebooted */
a8fb1651SJens Wiklanderstatic bool rpmb_dead;
a8fb1651SJens Wiklander
0c96a71dSJerome Forissier/*
0c96a71dSJerome Forissier * Mutex to serialize the operations exported by this file.
0c96a71dSJerome Forissier * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with
0c96a71dSJerome Forissier * different IDs.
0c96a71dSJerome Forissier */
0c96a71dSJerome Forissierstatic struct mutex rpmb_mutex = MUTEX_INITIALIZER;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#ifdef CFG_RPMB_TESTKEY
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = {
0c96a71dSJerome Forissier	0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F,
0c96a71dSJerome Forissier	0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61,
0c96a71dSJerome Forissier	0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2,
0c96a71dSJerome Forissier	0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_key_gen(uint8_t *key, uint32_t len)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_SUCCESS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!key || RPMB_KEY_MAC_SIZE != len) {
0c96a71dSJerome Forissier		res = TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier		goto out;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	DMSG("RPMB: Using test key");
0c96a71dSJerome Forissier	memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierout:
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#else /* !CFG_RPMB_TESTKEY */
0c96a71dSJerome Forissier
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_key_gen(uint8_t *key, uint32_t len)
0c96a71dSJerome Forissier{
8d22c45dSPeifu Jiang	uint8_t message[RPMB_EMMC_CID_SIZE];
0c96a71dSJerome Forissier
9cc10bc9SJens Wiklander	if (!key || RPMB_KEY_MAC_SIZE != len)
9cc10bc9SJens Wiklander		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	IMSG("RPMB: Using generated key");
0c96a71dSJerome Forissier
8d22c45dSPeifu Jiang	/*
8d22c45dSPeifu Jiang	 * PRV/CRC would be changed when doing eMMC FFU
8d22c45dSPeifu Jiang	 * The following fields should be masked off when deriving RPMB key
8d22c45dSPeifu Jiang	 *
8d22c45dSPeifu Jiang	 * CID [55: 48]: PRV (Product revision)
8d22c45dSPeifu Jiang	 * CID [07: 01]: CRC (CRC7 checksum)
8d22c45dSPeifu Jiang	 * CID [00]: not used
8d22c45dSPeifu Jiang	 */
8d22c45dSPeifu Jiang	memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE);
8d22c45dSPeifu Jiang	memset(message + RPMB_CID_PRV_OFFSET, 0, 1);
8d22c45dSPeifu Jiang	memset(message + RPMB_CID_CRC_OFFSET, 0, 1);
9cc10bc9SJens Wiklander	return huk_subkey_derive(HUK_SUBKEY_RPMB, message, sizeof(message),
9cc10bc9SJens Wiklander				 key, len);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier#endif /* !CFG_RPMB_TESTKEY */
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic void u32_to_bytes(uint32_t u32, uint8_t *bytes)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	*bytes = (uint8_t) (u32 >> 24);
0c96a71dSJerome Forissier	*(bytes + 1) = (uint8_t) (u32 >> 16);
0c96a71dSJerome Forissier	*(bytes + 2) = (uint8_t) (u32 >> 8);
0c96a71dSJerome Forissier	*(bytes + 3) = (uint8_t) u32;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic void bytes_to_u32(uint8_t *bytes, uint32_t *u32)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	*u32 = (uint32_t) ((*(bytes) << 24) +
0c96a71dSJerome Forissier			   (*(bytes + 1) << 16) +
0c96a71dSJerome Forissier			   (*(bytes + 2) << 8) + (*(bytes + 3)));
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic void u16_to_bytes(uint16_t u16, uint8_t *bytes)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	*bytes = (uint8_t) (u16 >> 8);
0c96a71dSJerome Forissier	*(bytes + 1) = (uint8_t) u16;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic void bytes_to_u16(uint8_t *bytes, uint16_t *u16)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	*u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1));
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
fcd00ceaSVictor Chongstatic void get_op_result_bits(uint8_t *bytes, uint8_t *res)
fcd00ceaSVictor Chong{
fcd00ceaSVictor Chong	*res = *(bytes + 1) & RPMB_RESULT_MASK;
fcd00ceaSVictor Chong}
fcd00ceaSVictor Chong
0c96a71dSJerome Forissierstatic TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize,
0c96a71dSJerome Forissier				    uint8_t *key, uint32_t keysize,
0c96a71dSJerome Forissier				    struct rpmb_data_frame *datafrms,
0c96a71dSJerome Forissier				    uint16_t blkcnt)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	int i;
82ef73bcSJens Wiklander	void *ctx = NULL;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!mac || !key || !datafrms)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
82ef73bcSJens Wiklander	res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256);
82ef73bcSJens Wiklander	if (res)
82ef73bcSJens Wiklander		return res;
0c96a71dSJerome Forissier
c69bc615SJens Wiklander	res = crypto_mac_init(ctx, key, keysize);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	for (i = 0; i < blkcnt; i++) {
c69bc615SJens Wiklander		res = crypto_mac_update(ctx, datafrms[i].data,
0c96a71dSJerome Forissier					RPMB_MAC_PROTECT_DATA_SIZE);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
c69bc615SJens Wiklander	res = crypto_mac_final(ctx, mac, macsize);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = TEE_SUCCESS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierfunc_exit:
c69bc615SJens Wiklander	crypto_mac_free_ctx(ctx);
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstruct tee_rpmb_mem {
e94194d4SJens Wiklander	struct mobj *mobj;
0c96a71dSJerome Forissier	size_t req_size;
8dfdf392SJens Wiklander	size_t resp_offs;
0c96a71dSJerome Forissier	size_t resp_size;
8dfdf392SJens Wiklander	struct rpmb_req *req_hdr;
8dfdf392SJens Wiklander	struct rpmb_data_frame *req_data;
8dfdf392SJens Wiklander	struct rpmb_data_frame *resp_data;
0c96a71dSJerome Forissier};
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size,
8dfdf392SJens Wiklander				 struct tee_rpmb_mem *mem)
0c96a71dSJerome Forissier{
8dfdf392SJens Wiklander	size_t req_s = 0;
8dfdf392SJens Wiklander	size_t resp_s = 0;
e94194d4SJens Wiklander	struct mobj *mobj = NULL;
e94194d4SJens Wiklander	void *va = NULL;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!mem)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	if (rpmb_ctx->legacy_operation)
8dfdf392SJens Wiklander		req_size += sizeof(struct rpmb_req);
8dfdf392SJens Wiklander	req_s = ROUNDUP(req_size, SMALL_PAGE_SIZE);
8dfdf392SJens Wiklander	resp_s = ROUNDUP(resp_size, SMALL_PAGE_SIZE);
e94194d4SJens Wiklander	va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_RPMB,
e94194d4SJens Wiklander					rpmb_ctx->shm_type, req_s + resp_s,
e94194d4SJens Wiklander					&mobj);
e94194d4SJens Wiklander	if (!va)
e94194d4SJens Wiklander		return TEE_ERROR_OUT_OF_MEMORY;
142d5af2SVolodymyr Babchuk
e94194d4SJens Wiklander	*mem = (struct tee_rpmb_mem){
e94194d4SJens Wiklander		.mobj = mobj,
e94194d4SJens Wiklander		.req_size = req_size,
8dfdf392SJens Wiklander		.resp_offs = req_s,
e94194d4SJens Wiklander		.resp_size = resp_size,
e94194d4SJens Wiklander	};
142d5af2SVolodymyr Babchuk
8dfdf392SJens Wiklander	if (rpmb_ctx->legacy_operation) {
8dfdf392SJens Wiklander		mem->req_hdr = mobj_get_va(mem->mobj, 0, req_s);
8dfdf392SJens Wiklander		if (!mem->req_hdr)
8dfdf392SJens Wiklander			return TEE_ERROR_GENERIC;
8dfdf392SJens Wiklander		mem->req_data = (void *)(mem->req_hdr + 1);
8dfdf392SJens Wiklander	} else {
8dfdf392SJens Wiklander		mem->req_data = mobj_get_va(mem->mobj, 0, req_s);
8dfdf392SJens Wiklander		if (!mem->req_data)
8dfdf392SJens Wiklander			return TEE_ERROR_GENERIC;
8dfdf392SJens Wiklander	}
8dfdf392SJens Wiklander	mem->resp_data = mobj_get_va(mem->mobj, req_s, resp_s);
8dfdf392SJens Wiklander	if (!mem->resp_data)
e94194d4SJens Wiklander		return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier
e94194d4SJens Wiklander	return TEE_SUCCESS;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem)
0c96a71dSJerome Forissier{
13eb4e3cSJens Wiklander	struct thread_param params[2] = {
e94194d4SJens Wiklander		[0] = THREAD_PARAM_MEMREF(IN, mem->mobj, 0, mem->req_size),
8dfdf392SJens Wiklander		[1] = THREAD_PARAM_MEMREF(OUT, mem->mobj, mem->resp_offs,
13eb4e3cSJens Wiklander					  mem->resp_size),
13eb4e3cSJens Wiklander	};
8dfdf392SJens Wiklander	uint32_t cmd = OPTEE_RPC_CMD_RPMB_FRAMES;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	if (rpmb_ctx->legacy_operation)
8dfdf392SJens Wiklander		cmd = OPTEE_RPC_CMD_RPMB;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	return thread_rpc_cmd(cmd, 2, params);
8dfdf392SJens Wiklander}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklanderstatic TEE_Result rpmb_probe_reset(void)
8dfdf392SJens Wiklander{
8dfdf392SJens Wiklander	struct thread_param params[1] = {
8dfdf392SJens Wiklander		[0] = THREAD_PARAM_VALUE(OUT, 0, 0, 0),
8dfdf392SJens Wiklander	};
8dfdf392SJens Wiklander	TEE_Result res = TEE_SUCCESS;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	res = thread_rpc_cmd(OPTEE_RPC_CMD_RPMB_PROBE_RESET, 1, params);
8dfdf392SJens Wiklander	if (res)
8dfdf392SJens Wiklander		return res;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	rpmb_ctx->legacy_operation = false;
8dfdf392SJens Wiklander	rpmb_ctx->dev_id = 0;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	switch (params[0].u.value.a) {
8dfdf392SJens Wiklander	case OPTEE_RPC_SHM_TYPE_APPL:
8dfdf392SJens Wiklander		rpmb_ctx->shm_type = THREAD_SHM_TYPE_APPLICATION;
8dfdf392SJens Wiklander		return TEE_SUCCESS;
8dfdf392SJens Wiklander	case OPTEE_RPC_SHM_TYPE_KERNEL:
8dfdf392SJens Wiklander		rpmb_ctx->shm_type = THREAD_SHM_TYPE_KERNEL_PRIVATE;
8dfdf392SJens Wiklander		return TEE_SUCCESS;
8dfdf392SJens Wiklander	default:
8dfdf392SJens Wiklander		return TEE_ERROR_GENERIC;
8dfdf392SJens Wiklander	}
8dfdf392SJens Wiklander}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklanderstatic TEE_Result rpmb_probe_next(struct rpmb_dev_info *dev_info)
8dfdf392SJens Wiklander{
8dfdf392SJens Wiklander	struct thread_param params[2] = { };
8dfdf392SJens Wiklander	TEE_Result res = TEE_SUCCESS;
8dfdf392SJens Wiklander	struct mobj *mobj = NULL;
8dfdf392SJens Wiklander	void *va = NULL;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	va = thread_rpc_shm_cache_alloc(THREAD_SHM_CACHE_USER_RPMB,
8dfdf392SJens Wiklander					THREAD_SHM_TYPE_KERNEL_PRIVATE,
8dfdf392SJens Wiklander					sizeof(dev_info->cid), &mobj);
8dfdf392SJens Wiklander	if (!va)
8dfdf392SJens Wiklander		return TEE_ERROR_OUT_OF_MEMORY;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	do {
8dfdf392SJens Wiklander		params[0] = THREAD_PARAM_VALUE(OUT, 0, 0, 0);
8dfdf392SJens Wiklander		params[1] = THREAD_PARAM_MEMREF(OUT, mobj, 0,
8dfdf392SJens Wiklander						sizeof(dev_info->cid));
8dfdf392SJens Wiklander		res = thread_rpc_cmd(OPTEE_RPC_CMD_RPMB_PROBE_NEXT, 2, params);
8dfdf392SJens Wiklander		/*
8dfdf392SJens Wiklander		 * If the ID buffer is too small, perhaps it's a new kind
8dfdf392SJens Wiklander		 * of RPMB device that we don't know how to communicate
8dfdf392SJens Wiklander		 * with, let's ignore it for now.
8dfdf392SJens Wiklander		 */
8dfdf392SJens Wiklander	} while (res == TEE_ERROR_SHORT_BUFFER);
8dfdf392SJens Wiklander	if (res)
8dfdf392SJens Wiklander		return res;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (params[0].u.value.a != OPTEE_RPC_RPMB_EMMC)
8dfdf392SJens Wiklander		return TEE_ERROR_NOT_SUPPORTED;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	*dev_info = (struct rpmb_dev_info){
8dfdf392SJens Wiklander		.rpmb_size_mult = params[0].u.value.b,
8dfdf392SJens Wiklander		.rel_wr_sec_c = params[0].u.value.c,
8dfdf392SJens Wiklander		.ret_code = RPMB_CMD_GET_DEV_INFO_RET_OK,
8dfdf392SJens Wiklander	};
8dfdf392SJens Wiklander	memcpy(dev_info->cid, va, sizeof(dev_info->cid));
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	return TEE_SUCCESS;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic bool is_zero(const uint8_t *buf, size_t size)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	size_t i;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	for (i = 0; i < size; i++)
0c96a71dSJerome Forissier		if (buf[i])
0c96a71dSJerome Forissier			return false;
0c96a71dSJerome Forissier	return true;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result encrypt_block(uint8_t *out, const uint8_t *in,
b399f70bSJens Wiklander				uint16_t blk_idx, const uint8_t *fek,
b399f70bSJens Wiklander				const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
b399f70bSJens Wiklander	return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE,
0c4e1284SJens Wiklander				  blk_idx, fek, TEE_MODE_ENCRYPT);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result decrypt_block(uint8_t *out, const uint8_t *in,
b399f70bSJens Wiklander				uint16_t blk_idx, const uint8_t *fek,
b399f70bSJens Wiklander				const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
b399f70bSJens Wiklander	return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE,
0c4e1284SJens Wiklander				  blk_idx, fek, TEE_MODE_DECRYPT);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/* Decrypt/copy at most one block of data */
0c96a71dSJerome Forissierstatic TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm,
0c96a71dSJerome Forissier			  size_t size, size_t offset,
b399f70bSJens Wiklander			  uint16_t blk_idx __maybe_unused, const uint8_t *fek,
b399f70bSJens Wiklander			  const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	uint8_t *tmp __maybe_unused;
a1bc38c8SRobin van der Gracht	TEE_Result res = TEE_SUCCESS;
0c96a71dSJerome Forissier
d13278b8SEtienne Carriere
d13278b8SEtienne Carriere	if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE))
8c9d9445SEtienne Carriere		panic("invalid size or offset");
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!fek) {
0c96a71dSJerome Forissier		/* Block is not encrypted (not a file data block) */
0c96a71dSJerome Forissier		memcpy(out, frm->data + offset, size);
0c96a71dSJerome Forissier	} else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) {
8dceff9bSJens Wiklander		/* The file was created with encryption disabled */
0c96a71dSJerome Forissier		return TEE_ERROR_SECURITY;
0c96a71dSJerome Forissier	} else {
0c96a71dSJerome Forissier		/* Block is encrypted */
0c96a71dSJerome Forissier		if (size < RPMB_DATA_SIZE) {
0c96a71dSJerome Forissier			/*
0c96a71dSJerome Forissier			 * Since output buffer is not large enough to hold one
0c96a71dSJerome Forissier			 * block we must allocate a temporary buffer.
0c96a71dSJerome Forissier			 */
0c96a71dSJerome Forissier			tmp = malloc(RPMB_DATA_SIZE);
0c96a71dSJerome Forissier			if (!tmp)
0c96a71dSJerome Forissier				return TEE_ERROR_OUT_OF_MEMORY;
a1bc38c8SRobin van der Gracht			res = decrypt_block(tmp, frm->data, blk_idx, fek, uuid);
a1bc38c8SRobin van der Gracht			if (res == TEE_SUCCESS)
0c96a71dSJerome Forissier				memcpy(out, tmp + offset, size);
0c96a71dSJerome Forissier			free(tmp);
0c96a71dSJerome Forissier		} else {
a1bc38c8SRobin van der Gracht			res = decrypt_block(out, frm->data, blk_idx, fek, uuid);
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
a1bc38c8SRobin van der Gracht	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
8dfdf392SJens Wiklanderstatic TEE_Result tee_rpmb_req_pack(struct rpmb_req *req_hdr,
8dfdf392SJens Wiklander				    struct rpmb_data_frame *req_data,
0c96a71dSJerome Forissier				    struct rpmb_raw_data *rawdata,
3be2f85aSJens Wiklander				    uint16_t nbr_frms,
b399f70bSJens Wiklander				    const uint8_t *fek, const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	int i;
0c96a71dSJerome Forissier	struct rpmb_data_frame *datafrm;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	if (!req_data || !rawdata || !nbr_frms)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/*
0c96a71dSJerome Forissier	 * Check write blockcount is not bigger than reliable write
0c96a71dSJerome Forissier	 * blockcount.
0c96a71dSJerome Forissier	 */
0c96a71dSJerome Forissier	if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) &&
0c96a71dSJerome Forissier	    (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) {
0c96a71dSJerome Forissier		DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms,
0c96a71dSJerome Forissier		     rpmb_ctx->rel_wr_blkcnt);
0c96a71dSJerome Forissier		return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	if (req_hdr) {
8dfdf392SJens Wiklander		req_hdr->cmd = RPMB_CMD_DATA_REQ;
8dfdf392SJens Wiklander		req_hdr->dev_id = rpmb_ctx->dev_id;
8dfdf392SJens Wiklander	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Allocate memory for construct all data packets and calculate MAC. */
0c96a71dSJerome Forissier	datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE);
0c96a71dSJerome Forissier	if (!datafrm)
0c96a71dSJerome Forissier		return TEE_ERROR_OUT_OF_MEMORY;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	for (i = 0; i < nbr_frms; i++) {
0c96a71dSJerome Forissier		u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		if (rawdata->block_count)
0c96a71dSJerome Forissier			u16_to_bytes(*rawdata->block_count,
0c96a71dSJerome Forissier				     datafrm[i].block_count);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		if (rawdata->blk_idx) {
0c96a71dSJerome Forissier			/* Check the block index is within range. */
3b11b1d2SJerome Forissier			if ((*rawdata->blk_idx + nbr_frms - 1) >
0c96a71dSJerome Forissier			    rpmb_ctx->max_blk_idx) {
0c96a71dSJerome Forissier				res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier				goto func_exit;
0c96a71dSJerome Forissier			}
0c96a71dSJerome Forissier			u16_to_bytes(*rawdata->blk_idx, datafrm[i].address);
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		if (rawdata->write_counter)
0c96a71dSJerome Forissier			u32_to_bytes(*rawdata->write_counter,
0c96a71dSJerome Forissier				     datafrm[i].write_counter);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		if (rawdata->nonce)
0c96a71dSJerome Forissier			memcpy(datafrm[i].nonce, rawdata->nonce,
0c96a71dSJerome Forissier			       RPMB_NONCE_SIZE);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		if (rawdata->data) {
8f51d0a4SStefan Schmidt			if (fek) {
8f51d0a4SStefan Schmidt				res = encrypt_block(datafrm[i].data,
8f51d0a4SStefan Schmidt						    rawdata->data +
8f51d0a4SStefan Schmidt						    (i * RPMB_DATA_SIZE),
8f51d0a4SStefan Schmidt						    *rawdata->blk_idx + i,
8f51d0a4SStefan Schmidt						    fek, uuid);
8f51d0a4SStefan Schmidt				if (res != TEE_SUCCESS)
8f51d0a4SStefan Schmidt					goto func_exit;
8f51d0a4SStefan Schmidt			} else {
0c96a71dSJerome Forissier				memcpy(datafrm[i].data,
0c96a71dSJerome Forissier				       rawdata->data + (i * RPMB_DATA_SIZE),
0c96a71dSJerome Forissier				       RPMB_DATA_SIZE);
0c96a71dSJerome Forissier			}
0c96a71dSJerome Forissier		}
8f51d0a4SStefan Schmidt	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (rawdata->key_mac) {
0c96a71dSJerome Forissier		if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) {
0c96a71dSJerome Forissier			res =
0c96a71dSJerome Forissier			    tee_rpmb_mac_calc(rawdata->key_mac,
0c96a71dSJerome Forissier					      RPMB_KEY_MAC_SIZE, rpmb_ctx->key,
0c96a71dSJerome Forissier					      RPMB_KEY_MAC_SIZE, datafrm,
0c96a71dSJerome Forissier					      nbr_frms);
0c96a71dSJerome Forissier			if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier				goto func_exit;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier		memcpy(datafrm[nbr_frms - 1].key_mac,
0c96a71dSJerome Forissier		       rawdata->key_mac, RPMB_KEY_MAC_SIZE);
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	memcpy(req_data, datafrm, nbr_frms * RPMB_DATA_FRAME_SIZE);
0c96a71dSJerome Forissier
85076371SEtienne Carriere	if (IS_ENABLED(CFG_RPMB_FS_DEBUG_DATA)) {
0c96a71dSJerome Forissier		for (i = 0; i < nbr_frms; i++) {
0c96a71dSJerome Forissier			DMSG("Dumping data frame %d:", i);
0c96a71dSJerome Forissier			DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE,
0c96a71dSJerome Forissier				 512 - RPMB_STUFF_DATA_SIZE);
0c96a71dSJerome Forissier		}
85076371SEtienne Carriere	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = TEE_SUCCESS;
0c96a71dSJerome Forissierfunc_exit:
0c96a71dSJerome Forissier	free(datafrm);
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata,
0c96a71dSJerome Forissier				       struct rpmb_data_frame *frm,
b399f70bSJens Wiklander				       const uint8_t *fek, const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res;
0c96a71dSJerome Forissier	uint8_t *data;
0c96a71dSJerome Forissier	uint16_t idx;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE,
0c96a71dSJerome Forissier				rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	data = rawdata->data;
0c96a71dSJerome Forissier	bytes_to_u16(frm->address, &idx);
0c96a71dSJerome Forissier
b399f70bSJens Wiklander	res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek,
b399f70bSJens Wiklander		      uuid);
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm,
0c96a71dSJerome Forissier					     struct rpmb_raw_data *rawdata,
0c96a71dSJerome Forissier					     uint16_t nbr_frms,
0c96a71dSJerome Forissier					     struct rpmb_data_frame *lastfrm,
b399f70bSJens Wiklander					     const uint8_t *fek,
b399f70bSJens Wiklander					     const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	int i;
82ef73bcSJens Wiklander	void *ctx = NULL;
0c96a71dSJerome Forissier	uint16_t offset;
0c96a71dSJerome Forissier	uint32_t size;
0c96a71dSJerome Forissier	uint8_t *data;
0c96a71dSJerome Forissier	uint16_t start_idx;
0c96a71dSJerome Forissier	struct rpmb_data_frame localfrm;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!datafrm || !rawdata || !nbr_frms || !lastfrm)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (nbr_frms == 1)
b399f70bSJens Wiklander		return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* nbr_frms > 1 */
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	data = rawdata->data;
0c96a71dSJerome Forissier
82ef73bcSJens Wiklander	res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256);
82ef73bcSJens Wiklander	if (res)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
c69bc615SJens Wiklander	res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/*
0c96a71dSJerome Forissier	 * Note: JEDEC JESD84-B51: "In every packet the address is the start
0c96a71dSJerome Forissier	 * address of the full access (not address of the individual half a
0c96a71dSJerome Forissier	 * sector)"
0c96a71dSJerome Forissier	 */
0c96a71dSJerome Forissier	bytes_to_u16(lastfrm->address, &start_idx);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	for (i = 0; i < (nbr_frms - 1); i++) {
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		/*
0c96a71dSJerome Forissier		 * By working on a local copy of the RPMB frame, we ensure that
0c96a71dSJerome Forissier		 * the data can not be modified after the MAC is computed but
0c96a71dSJerome Forissier		 * before the payload is decrypted/copied to the output buffer.
0c96a71dSJerome Forissier		 */
0c96a71dSJerome Forissier		memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE);
0c96a71dSJerome Forissier
c69bc615SJens Wiklander		res = crypto_mac_update(ctx, localfrm.data,
0c96a71dSJerome Forissier					RPMB_MAC_PROTECT_DATA_SIZE);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		if (i == 0) {
0c96a71dSJerome Forissier			/* First block */
0c96a71dSJerome Forissier			offset = rawdata->byte_offset;
0c96a71dSJerome Forissier			size = RPMB_DATA_SIZE - offset;
0c96a71dSJerome Forissier		} else {
0c96a71dSJerome Forissier			/* Middle blocks */
0c96a71dSJerome Forissier			size = RPMB_DATA_SIZE;
0c96a71dSJerome Forissier			offset = 0;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		res = decrypt(data, &localfrm, size, offset, start_idx + i,
b399f70bSJens Wiklander			      fek, uuid);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		data += size;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Last block */
0c96a71dSJerome Forissier	size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE;
0c96a71dSJerome Forissier	if (size == 0)
0c96a71dSJerome Forissier		size = RPMB_DATA_SIZE;
b399f70bSJens Wiklander	res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek,
b399f70bSJens Wiklander		      uuid);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Update MAC against the last block */
c69bc615SJens Wiklander	res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
c69bc615SJens Wiklander	res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = TEE_SUCCESS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierfunc_exit:
c69bc615SJens Wiklander	crypto_mac_free_ctx(ctx);
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm,
0c96a71dSJerome Forissier					      struct rpmb_raw_data *rawdata,
b399f70bSJens Wiklander					      uint16_t nbr_frms,
b399f70bSJens Wiklander					      const uint8_t *fek,
b399f70bSJens Wiklander					      const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	uint16_t msg_type;
0c96a71dSJerome Forissier	uint32_t wr_cnt;
0c96a71dSJerome Forissier	uint16_t blk_idx;
fcd00ceaSVictor Chong	uint8_t op_result;
0c96a71dSJerome Forissier	struct rpmb_data_frame lastfrm;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!datafrm || !rawdata || !nbr_frms)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
85076371SEtienne Carriere	if (IS_ENABLED(CFG_RPMB_FS_DEBUG_DATA)) {
85076371SEtienne Carriere		size_t i = 0;
85076371SEtienne Carriere
85076371SEtienne Carriere		for (i = 0; i < nbr_frms; i++) {
85076371SEtienne Carriere			DMSG("Dumping data frame %zu:", i);
0c96a71dSJerome Forissier			DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE,
0c96a71dSJerome Forissier				 512 - RPMB_STUFF_DATA_SIZE);
0c96a71dSJerome Forissier		}
85076371SEtienne Carriere	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Make sure the last data packet can't be modified once verified */
0c96a71dSJerome Forissier	memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Handle operation result and translate to TEEC error code. */
fcd00ceaSVictor Chong	get_op_result_bits(lastfrm.op_result, &op_result);
c340ba4bSVictor Chong	if (op_result == RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED)
c340ba4bSVictor Chong		return TEE_ERROR_ITEM_NOT_FOUND;
0c96a71dSJerome Forissier	if (op_result != RPMB_RESULT_OK)
0c96a71dSJerome Forissier		return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Check the response msg_type. */
0c96a71dSJerome Forissier	bytes_to_u16(lastfrm.msg_type, &msg_type);
0c96a71dSJerome Forissier	if (msg_type != rawdata->msg_type) {
0c96a71dSJerome Forissier		DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type,
0c96a71dSJerome Forissier		     rawdata->msg_type);
0c96a71dSJerome Forissier		return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (rawdata->blk_idx) {
0c96a71dSJerome Forissier		bytes_to_u16(lastfrm.address, &blk_idx);
0c96a71dSJerome Forissier		if (blk_idx != *rawdata->blk_idx) {
0c96a71dSJerome Forissier			DMSG("Unexpected block index");
0c96a71dSJerome Forissier			return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (rawdata->write_counter) {
0c96a71dSJerome Forissier		wr_cnt = *rawdata->write_counter;
0c96a71dSJerome Forissier		bytes_to_u32(lastfrm.write_counter, rawdata->write_counter);
0c96a71dSJerome Forissier		if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) {
0c96a71dSJerome Forissier			/* Verify the write counter is incremented by 1 */
0c96a71dSJerome Forissier			if (*rawdata->write_counter != wr_cnt + 1) {
0c96a71dSJerome Forissier				DMSG("Counter mismatched (0x%04x/0x%04x)",
0c96a71dSJerome Forissier				     *rawdata->write_counter, wr_cnt + 1);
0c96a71dSJerome Forissier				return TEE_ERROR_SECURITY;
0c96a71dSJerome Forissier			}
0c96a71dSJerome Forissier			rpmb_ctx->wr_cnt++;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (rawdata->nonce) {
0c96a71dSJerome Forissier		if (buf_compare_ct(rawdata->nonce, lastfrm.nonce,
0c96a71dSJerome Forissier				   RPMB_NONCE_SIZE) != 0) {
0c96a71dSJerome Forissier			DMSG("Nonce mismatched");
0c96a71dSJerome Forissier			return TEE_ERROR_SECURITY;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (rawdata->key_mac) {
0c96a71dSJerome Forissier		if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) {
0c96a71dSJerome Forissier			if (!rawdata->data)
0c96a71dSJerome Forissier				return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier			res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata,
0c96a71dSJerome Forissier							 nbr_frms, &lastfrm,
b399f70bSJens Wiklander							 fek, uuid);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier			if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier				return res;
0c96a71dSJerome Forissier		} else {
0c96a71dSJerome Forissier			/*
0c96a71dSJerome Forissier			 * There should be only one data frame for
0c96a71dSJerome Forissier			 * other msg types.
0c96a71dSJerome Forissier			 */
0c96a71dSJerome Forissier			if (nbr_frms != 1)
0c96a71dSJerome Forissier				return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier			res = tee_rpmb_mac_calc(rawdata->key_mac,
0c96a71dSJerome Forissier						RPMB_KEY_MAC_SIZE,
0c96a71dSJerome Forissier						rpmb_ctx->key,
0c96a71dSJerome Forissier						RPMB_KEY_MAC_SIZE,
0c96a71dSJerome Forissier						&lastfrm, 1);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier			if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier				return res;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier
48e10604SJerome Forissier		if (consttime_memcmp(rawdata->key_mac,
0c96a71dSJerome Forissier				     (datafrm + nbr_frms - 1)->key_mac,
0c96a71dSJerome Forissier				     RPMB_KEY_MAC_SIZE) != 0) {
0c96a71dSJerome Forissier			DMSG("MAC mismatched:");
85076371SEtienne Carriere			if (IS_ENABLED(CFG_RPMB_FS_DEBUG_DATA))
85076371SEtienne Carriere				DHEXDUMP(rawdata->key_mac, RPMB_KEY_MAC_SIZE);
85076371SEtienne Carriere
0c96a71dSJerome Forissier			return TEE_ERROR_SECURITY;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	return TEE_SUCCESS;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_get_dev_info(struct rpmb_dev_info *dev_info)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	struct tee_rpmb_mem mem;
0c96a71dSJerome Forissier	struct rpmb_dev_info *di;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	if (!dev_info || !rpmb_ctx->legacy_operation)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	res = tee_rpmb_alloc(0, sizeof(struct rpmb_dev_info), &mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	mem.req_hdr->cmd = RPMB_CMD_GET_DEV_INFO;
3be2f85aSJens Wiklander	mem.req_hdr->dev_id = rpmb_ctx->dev_id;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	di = (struct rpmb_dev_info *)mem.resp_data;
0c96a71dSJerome Forissier	di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = tee_rpmb_invoke(&mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	*dev_info = *di;
8dfdf392SJens Wiklander	if (dev_info->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK)
e94194d4SJens Wiklander		return TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier
85076371SEtienne Carriere	if (IS_ENABLED(CFG_RPMB_FS_DEBUG_DATA)) {
0c96a71dSJerome Forissier		DMSG("Dumping dev_info:");
0c96a71dSJerome Forissier		DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info));
85076371SEtienne Carriere	}
0c96a71dSJerome Forissier
e94194d4SJens Wiklander	return TEE_SUCCESS;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
8dfdf392SJens Wiklanderstatic TEE_Result tee_rpmb_init_read_wr_cnt(uint32_t *wr_cnt)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	struct tee_rpmb_mem mem;
0c96a71dSJerome Forissier	uint16_t msg_type;
0c96a71dSJerome Forissier	uint8_t nonce[RPMB_NONCE_SIZE];
0c96a71dSJerome Forissier	uint8_t hmac[RPMB_KEY_MAC_SIZE];
0c96a71dSJerome Forissier	struct rpmb_raw_data rawdata;
8dfdf392SJens Wiklander	uint16_t op_result = 0;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!wr_cnt)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	res = tee_rpmb_alloc(RPMB_DATA_FRAME_SIZE, RPMB_DATA_FRAME_SIZE, &mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
36a063efSJens Wiklander	res = crypto_rng_read(nonce, RPMB_NONCE_SIZE);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data));
0c96a71dSJerome Forissier	rawdata.msg_type = msg_type;
0c96a71dSJerome Forissier	rawdata.nonce = nonce;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	res = tee_rpmb_req_pack(mem.req_hdr, mem.req_data, &rawdata, 1, NULL,
8dfdf392SJens Wiklander				NULL);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = tee_rpmb_invoke(&mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data));
0c96a71dSJerome Forissier	rawdata.msg_type = msg_type;
8dfdf392SJens Wiklander	rawdata.op_result = &op_result;
0c96a71dSJerome Forissier	rawdata.write_counter = wr_cnt;
0c96a71dSJerome Forissier	rawdata.nonce = nonce;
0c96a71dSJerome Forissier	rawdata.key_mac = hmac;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	return tee_rpmb_resp_unpack_verify(mem.resp_data, &rawdata, 1, NULL,
8dfdf392SJens Wiklander					   NULL);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
ed1993b7SJerome Forissier#ifdef CFG_RPMB_WRITE_KEY
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_write_key(void)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	struct tee_rpmb_mem mem = { 0 };
0c96a71dSJerome Forissier	uint16_t msg_type;
0c96a71dSJerome Forissier	struct rpmb_raw_data rawdata;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	res = tee_rpmb_alloc(RPMB_DATA_FRAME_SIZE, RPMB_DATA_FRAME_SIZE, &mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data));
0c96a71dSJerome Forissier	rawdata.msg_type = msg_type;
0c96a71dSJerome Forissier	rawdata.key_mac = rpmb_ctx->key;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	res = tee_rpmb_req_pack(mem.req_hdr, mem.req_data, &rawdata, 1, NULL,
8dfdf392SJens Wiklander				NULL);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = tee_rpmb_invoke(&mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data));
0c96a71dSJerome Forissier	rawdata.msg_type = msg_type;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	return tee_rpmb_resp_unpack_verify(mem.resp_data, &rawdata, 1, NULL,
8dfdf392SJens Wiklander					   NULL);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_write_and_verify_key(void)
ed1993b7SJerome Forissier{
ed1993b7SJerome Forissier	TEE_Result res;
ed1993b7SJerome Forissier
db498484SJens Wiklander	if (!plat_rpmb_key_is_ready()) {
b1042535SRouven Czerwinski		DMSG("RPMB INIT: platform indicates RPMB key is not ready");
b1042535SRouven Czerwinski		return TEE_ERROR_BAD_STATE;
b1042535SRouven Czerwinski	}
b1042535SRouven Czerwinski
e9ae33c4SVictor Chong	DMSG("RPMB INIT: Writing Key value:");
e9ae33c4SVictor Chong	DHEXDUMP(rpmb_ctx->key, RPMB_KEY_MAC_SIZE);
e9ae33c4SVictor Chong
3be2f85aSJens Wiklander	res = tee_rpmb_write_key();
ed1993b7SJerome Forissier	if (res == TEE_SUCCESS) {
ed1993b7SJerome Forissier		DMSG("RPMB INIT: Verifying Key");
8dfdf392SJens Wiklander		res = tee_rpmb_init_read_wr_cnt(&rpmb_ctx->wr_cnt);
ed1993b7SJerome Forissier	}
ed1993b7SJerome Forissier	return res;
ed1993b7SJerome Forissier}
ed1993b7SJerome Forissier#else
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_write_and_verify_key(void)
ed1993b7SJerome Forissier{
c340ba4bSVictor Chong	DMSG("RPMB INIT: CFG_RPMB_WRITE_KEY is not set");
90827a1eSJudy Wang	return TEE_ERROR_STORAGE_NOT_AVAILABLE;
ed1993b7SJerome Forissier}
ed1993b7SJerome Forissier#endif
ed1993b7SJerome Forissier
8dfdf392SJens Wiklanderstatic TEE_Result rpmb_set_dev_info(const struct rpmb_dev_info *dev_info)
8dfdf392SJens Wiklander{
8dfdf392SJens Wiklander	uint32_t nblocks = 0;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	DMSG("RPMB: Syncing device information");
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	DMSG("RPMB: RPMB size is %"PRIu8"*128 KB", dev_info->rpmb_size_mult);
8dfdf392SJens Wiklander	DMSG("RPMB: Reliable Write Sector Count is %"PRIu8,
8dfdf392SJens Wiklander	     dev_info->rel_wr_sec_c);
8dfdf392SJens Wiklander	DMSG("RPMB: CID");
8dfdf392SJens Wiklander	DHEXDUMP(dev_info->cid, sizeof(dev_info->cid));
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (!dev_info->rpmb_size_mult)
8dfdf392SJens Wiklander		return TEE_ERROR_GENERIC;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (MUL_OVERFLOW(dev_info->rpmb_size_mult,
8dfdf392SJens Wiklander			 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE, &nblocks) ||
8dfdf392SJens Wiklander	    SUB_OVERFLOW(nblocks, 1, &rpmb_ctx->max_blk_idx))
8dfdf392SJens Wiklander		return TEE_ERROR_BAD_PARAMETERS;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	memcpy(rpmb_ctx->cid, dev_info->cid, RPMB_EMMC_CID_SIZE);
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (IS_ENABLED(RPMB_DRIVER_MULTIPLE_WRITE_FIXED))
8dfdf392SJens Wiklander		rpmb_ctx->rel_wr_blkcnt = dev_info->rel_wr_sec_c * 2;
8dfdf392SJens Wiklander	else
8dfdf392SJens Wiklander		rpmb_ctx->rel_wr_blkcnt = 1;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	return TEE_SUCCESS;
8dfdf392SJens Wiklander}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklanderstatic TEE_Result legacy_rpmb_init(void)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_SUCCESS;
5695e448SSadiq Hussain	struct rpmb_dev_info dev_info = { };
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	DMSG("Trying legacy RPMB init");
8dfdf392SJens Wiklander	rpmb_ctx->legacy_operation = true;
3be2f85aSJens Wiklander	rpmb_ctx->dev_id = CFG_RPMB_FS_DEV_ID;
e94194d4SJens Wiklander	rpmb_ctx->shm_type = THREAD_SHM_TYPE_APPLICATION;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!rpmb_ctx->dev_info_synced) {
0c96a71dSJerome Forissier		dev_info.rpmb_size_mult = 0;
0c96a71dSJerome Forissier		dev_info.rel_wr_sec_c = 0;
3be2f85aSJens Wiklander		res = tee_rpmb_get_dev_info(&dev_info);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
8dfdf392SJens Wiklander			return res;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander		res = rpmb_set_dev_info(&dev_info);
8dfdf392SJens Wiklander		if (res)
8dfdf392SJens Wiklander			return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		rpmb_ctx->dev_info_synced = true;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!rpmb_ctx->key_derived) {
0c96a71dSJerome Forissier		DMSG("RPMB INIT: Deriving key");
0c96a71dSJerome Forissier
3be2f85aSJens Wiklander		res = tee_rpmb_key_gen(rpmb_ctx->key, RPMB_KEY_MAC_SIZE);
ce925809SVictor Chong		if (res != TEE_SUCCESS) {
ce925809SVictor Chong			EMSG("RPMB INIT: Deriving key failed with error 0x%x",
ce925809SVictor Chong				res);
8dfdf392SJens Wiklander			return res;
ce925809SVictor Chong		}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		rpmb_ctx->key_derived = true;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/* Perform a write counter read to verify if the key is ok. */
0c96a71dSJerome Forissier	if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) {
0c96a71dSJerome Forissier		DMSG("RPMB INIT: Verifying Key");
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander		res = tee_rpmb_init_read_wr_cnt(&rpmb_ctx->wr_cnt);
8dfdf392SJens Wiklander		if (res == TEE_SUCCESS) {
8dfdf392SJens Wiklander			DMSG("Found working RPMB device");
8dfdf392SJens Wiklander			rpmb_ctx->key_verified = true;
8dfdf392SJens Wiklander			rpmb_ctx->wr_cnt_synced = true;
8dfdf392SJens Wiklander		} else if (res == TEE_ERROR_ITEM_NOT_FOUND &&
c340ba4bSVictor Chong			   !rpmb_ctx->key_verified) {
0c96a71dSJerome Forissier			/*
0c96a71dSJerome Forissier			 * Need to write the key here and verify it.
0c96a71dSJerome Forissier			 */
c340ba4bSVictor Chong			DMSG("RPMB INIT: Auth key not yet written");
3be2f85aSJens Wiklander			res = tee_rpmb_write_and_verify_key();
8dfdf392SJens Wiklander		} else {
8dfdf392SJens Wiklander			EMSG("Verify key failed! %#"PRIx32, res);
c340ba4bSVictor Chong			EMSG("Make sure key here matches device key");
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander/* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */
8dfdf392SJens Wiklanderstatic TEE_Result tee_rpmb_init(void)
8dfdf392SJens Wiklander{
8dfdf392SJens Wiklander	TEE_Result res = TEE_SUCCESS;
8dfdf392SJens Wiklander	struct rpmb_dev_info dev_info = { };
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (rpmb_dead)
8dfdf392SJens Wiklander		return TEE_ERROR_COMMUNICATION;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (!rpmb_ctx) {
8dfdf392SJens Wiklander		rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx));
8dfdf392SJens Wiklander		if (!rpmb_ctx)
8dfdf392SJens Wiklander			return TEE_ERROR_OUT_OF_MEMORY;
8dfdf392SJens Wiklander	}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (rpmb_ctx->reinit) {
8dfdf392SJens Wiklander		if (!rpmb_ctx->key_verified) {
8dfdf392SJens Wiklander			rpmb_ctx->wr_cnt_synced = false;
8dfdf392SJens Wiklander			rpmb_ctx->key_derived = false;
8dfdf392SJens Wiklander			rpmb_ctx->dev_info_synced = false;
8dfdf392SJens Wiklander			rpmb_ctx->reinit = false;
8dfdf392SJens Wiklander			goto next;
8dfdf392SJens Wiklander		}
8dfdf392SJens Wiklander		res = rpmb_probe_reset();
8dfdf392SJens Wiklander		if (res) {
96e8f740SEtienne Carriere			if (res != TEE_ERROR_NOT_SUPPORTED &&
96e8f740SEtienne Carriere			    res != TEE_ERROR_NOT_IMPLEMENTED)
8dfdf392SJens Wiklander				return res;
8dfdf392SJens Wiklander			return legacy_rpmb_init();
8dfdf392SJens Wiklander		}
8dfdf392SJens Wiklander		while (true) {
8dfdf392SJens Wiklander			res = rpmb_probe_next(&dev_info);
8dfdf392SJens Wiklander			if (res) {
8dfdf392SJens Wiklander				DMSG("rpmb_probe_next error %#"PRIx32, res);
8dfdf392SJens Wiklander				return res;
8dfdf392SJens Wiklander			}
8dfdf392SJens Wiklander			if (!memcmp(rpmb_ctx->cid, dev_info.cid,
8dfdf392SJens Wiklander				    RPMB_EMMC_CID_SIZE)) {
8dfdf392SJens Wiklander				rpmb_ctx->reinit = false;
8dfdf392SJens Wiklander				return TEE_SUCCESS;
8dfdf392SJens Wiklander			}
8dfdf392SJens Wiklander		}
8dfdf392SJens Wiklander	}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	if (rpmb_ctx->key_verified)
8dfdf392SJens Wiklander		return TEE_SUCCESS;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklandernext:
8dfdf392SJens Wiklander	if (IS_ENABLED(CFG_RPMB_WRITE_KEY))
8dfdf392SJens Wiklander		return legacy_rpmb_init();
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	res = rpmb_probe_reset();
8dfdf392SJens Wiklander	if (res) {
96e8f740SEtienne Carriere		if (res != TEE_ERROR_NOT_SUPPORTED &&
96e8f740SEtienne Carriere		    res != TEE_ERROR_NOT_IMPLEMENTED)
8dfdf392SJens Wiklander			return res;
8dfdf392SJens Wiklander		return legacy_rpmb_init();
8dfdf392SJens Wiklander	}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	while (true) {
8dfdf392SJens Wiklander		res = rpmb_probe_next(&dev_info);
8dfdf392SJens Wiklander		if (res) {
8dfdf392SJens Wiklander			DMSG("rpmb_probe_next error %#"PRIx32, res);
8dfdf392SJens Wiklander			return res;
8dfdf392SJens Wiklander		}
8dfdf392SJens Wiklander		res = rpmb_set_dev_info(&dev_info);
8dfdf392SJens Wiklander		if (res) {
8dfdf392SJens Wiklander			DMSG("Invalid device info, looking for another device");
8dfdf392SJens Wiklander			continue;
8dfdf392SJens Wiklander		}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander		res = tee_rpmb_key_gen(rpmb_ctx->key, RPMB_KEY_MAC_SIZE);
8dfdf392SJens Wiklander		if (res)
8dfdf392SJens Wiklander			return res;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander		res = tee_rpmb_init_read_wr_cnt(&rpmb_ctx->wr_cnt);
8dfdf392SJens Wiklander		if (res)
8dfdf392SJens Wiklander			continue;
8dfdf392SJens Wiklander		break;
8dfdf392SJens Wiklander	}
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	DMSG("Found working RPMB device");
8dfdf392SJens Wiklander	rpmb_ctx->key_verified = true;
8dfdf392SJens Wiklander	rpmb_ctx->wr_cnt_synced = true;
8dfdf392SJens Wiklander
8dfdf392SJens Wiklander	return TEE_SUCCESS;
8dfdf392SJens Wiklander}
8dfdf392SJens Wiklander
8dfdf392SJens WiklanderTEE_Result tee_rpmb_reinit(void)
8dfdf392SJens Wiklander{
8dfdf392SJens Wiklander	if (rpmb_ctx)
8dfdf392SJens Wiklander		rpmb_ctx->reinit = true;
8dfdf392SJens Wiklander	return tee_rpmb_init();
8dfdf392SJens Wiklander}
8dfdf392SJens Wiklander
a7e22cf5SLijianhui (Airbak)/*
a7e22cf5SLijianhui (Airbak) * Read RPMB data in bytes.
a7e22cf5SLijianhui (Airbak) *
a7e22cf5SLijianhui (Airbak) * @addr       Byte address of data.
a7e22cf5SLijianhui (Airbak) * @data       Pointer to the data.
a7e22cf5SLijianhui (Airbak) * @len        Size of data in bytes.
a7e22cf5SLijianhui (Airbak) * @fek        Encrypted File Encryption Key or NULL.
a7e22cf5SLijianhui (Airbak) */
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_read(uint32_t addr, uint8_t *data,
b399f70bSJens Wiklander				uint32_t len, const uint8_t *fek,
b399f70bSJens Wiklander				const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	struct tee_rpmb_mem mem = { 0 };
0c96a71dSJerome Forissier	uint16_t msg_type;
0c96a71dSJerome Forissier	uint8_t nonce[RPMB_NONCE_SIZE];
0c96a71dSJerome Forissier	uint8_t hmac[RPMB_KEY_MAC_SIZE];
0c96a71dSJerome Forissier	struct rpmb_raw_data rawdata;
0c96a71dSJerome Forissier	uint16_t blk_idx;
0c96a71dSJerome Forissier	uint16_t blkcnt;
0c96a71dSJerome Forissier	uint8_t byte_offset;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!data || !len)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	blk_idx = addr / RPMB_DATA_SIZE;
0c96a71dSJerome Forissier	byte_offset = addr % RPMB_DATA_SIZE;
0c96a71dSJerome Forissier
ea81076fSJerome Forissier	if (len + byte_offset + RPMB_DATA_SIZE < RPMB_DATA_SIZE) {
ea81076fSJerome Forissier		/* Overflow */
ea81076fSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
ea81076fSJerome Forissier	}
04e46975SEtienne Carriere	blkcnt = ROUNDUP_DIV(len + byte_offset, RPMB_DATA_SIZE);
3be2f85aSJens Wiklander	res = tee_rpmb_init();
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	res = tee_rpmb_alloc(RPMB_DATA_FRAME_SIZE,
8dfdf392SJens Wiklander			     RPMB_DATA_FRAME_SIZE * blkcnt, &mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ;
36a063efSJens Wiklander	res = crypto_rng_read(nonce, RPMB_NONCE_SIZE);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data));
0c96a71dSJerome Forissier	rawdata.msg_type = msg_type;
0c96a71dSJerome Forissier	rawdata.nonce = nonce;
0c96a71dSJerome Forissier	rawdata.blk_idx = &blk_idx;
8dfdf392SJens Wiklander	res = tee_rpmb_req_pack(mem.req_hdr, mem.req_data, &rawdata, 1, NULL,
8dfdf392SJens Wiklander				NULL);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	if (mem.req_hdr)
8dfdf392SJens Wiklander		mem.req_hdr->block_count = blkcnt;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""),
0c96a71dSJerome Forissier	     blk_idx);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = tee_rpmb_invoke(&mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
e94194d4SJens Wiklander		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data));
0c96a71dSJerome Forissier	rawdata.msg_type = msg_type;
0c96a71dSJerome Forissier	rawdata.block_count = &blkcnt;
0c96a71dSJerome Forissier	rawdata.blk_idx = &blk_idx;
0c96a71dSJerome Forissier	rawdata.nonce = nonce;
0c96a71dSJerome Forissier	rawdata.key_mac = hmac;
0c96a71dSJerome Forissier	rawdata.data = data;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	rawdata.len = len;
0c96a71dSJerome Forissier	rawdata.byte_offset = byte_offset;
0c96a71dSJerome Forissier
8dfdf392SJens Wiklander	return tee_rpmb_resp_unpack_verify(mem.resp_data, &rawdata, blkcnt,
8dfdf392SJens Wiklander					   fek, uuid);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
3be2f85aSJens Wiklanderstatic TEE_Result write_req(uint16_t blk_idx,
a8fb1651SJens Wiklander			    const void *data_blks, uint16_t blkcnt,
a8fb1651SJens Wiklander			    const uint8_t *fek, const TEE_UUID *uuid,
8dfdf392SJens Wiklander			    struct tee_rpmb_mem *mem)
a8fb1651SJens Wiklander{
a8fb1651SJens Wiklander	TEE_Result res = TEE_SUCCESS;
a8fb1651SJens Wiklander	uint8_t hmac[RPMB_KEY_MAC_SIZE] = { };
a8fb1651SJens Wiklander	uint32_t wr_cnt = rpmb_ctx->wr_cnt;
a8fb1651SJens Wiklander	struct rpmb_raw_data rawdata = { };
a8fb1651SJens Wiklander	size_t retry_count = 0;
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander	while (true) {
8dfdf392SJens Wiklander		if (mem->req_hdr)
8dfdf392SJens Wiklander			memset(mem->req_hdr, 0, mem->req_size);
8dfdf392SJens Wiklander		else
8dfdf392SJens Wiklander			memset(mem->req_data, 0, mem->req_size);
8dfdf392SJens Wiklander		memset(mem->resp_data, 0, mem->resp_size);
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander		memset(&rawdata, 0, sizeof(struct rpmb_raw_data));
a8fb1651SJens Wiklander		rawdata.msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE;
a8fb1651SJens Wiklander		rawdata.block_count = &blkcnt;
a8fb1651SJens Wiklander		rawdata.blk_idx = &blk_idx;
a8fb1651SJens Wiklander		rawdata.write_counter = &wr_cnt;
a8fb1651SJens Wiklander		rawdata.key_mac = hmac;
a8fb1651SJens Wiklander		rawdata.data = (uint8_t *)data_blks;
a8fb1651SJens Wiklander
8dfdf392SJens Wiklander		res = tee_rpmb_req_pack(mem->req_hdr, mem->req_data, &rawdata,
8dfdf392SJens Wiklander					blkcnt, fek, uuid);
a8fb1651SJens Wiklander		if (res) {
a8fb1651SJens Wiklander			/*
a8fb1651SJens Wiklander			 * If we haven't tried to send a request yet we can
a8fb1651SJens Wiklander			 * allow a failure here since there's no chance of
a8fb1651SJens Wiklander			 * an intercepted request with a valid write
a8fb1651SJens Wiklander			 * counter.
a8fb1651SJens Wiklander			 */
a8fb1651SJens Wiklander			if (!retry_count)
a8fb1651SJens Wiklander				return res;
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander			retry_count++;
a8fb1651SJens Wiklander			if (retry_count >= RPMB_MAX_RETRIES)
a8fb1651SJens Wiklander				goto out_of_retries;
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander			DMSG("Request pack failed, retrying %zu", retry_count);
a8fb1651SJens Wiklander			continue;
a8fb1651SJens Wiklander		}
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander		res = tee_rpmb_invoke(mem);
a8fb1651SJens Wiklander		if (res != TEE_SUCCESS) {
a8fb1651SJens Wiklander			retry_count++;
a8fb1651SJens Wiklander			if (retry_count >= RPMB_MAX_RETRIES)
a8fb1651SJens Wiklander				goto out_of_retries;
a8fb1651SJens Wiklander			/*
a8fb1651SJens Wiklander			 * To force wr_cnt sync next time, as it might get
a8fb1651SJens Wiklander			 * out of sync due to inconsistent operation result!
a8fb1651SJens Wiklander			 */
a8fb1651SJens Wiklander			rpmb_ctx->wr_cnt_synced = false;
a8fb1651SJens Wiklander			DMSG("Write invoke failed, retrying %zu", retry_count);
a8fb1651SJens Wiklander			continue;
a8fb1651SJens Wiklander		}
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander		memset(&rawdata, 0, sizeof(struct rpmb_raw_data));
a8fb1651SJens Wiklander		rawdata.msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE;
a8fb1651SJens Wiklander		rawdata.block_count = &blkcnt;
a8fb1651SJens Wiklander		rawdata.blk_idx = &blk_idx;
a8fb1651SJens Wiklander		rawdata.write_counter = &wr_cnt;
a8fb1651SJens Wiklander		rawdata.key_mac = hmac;
a8fb1651SJens Wiklander
8dfdf392SJens Wiklander		res = tee_rpmb_resp_unpack_verify(mem->resp_data, &rawdata, 1,
8dfdf392SJens Wiklander						  NULL, NULL);
a8fb1651SJens Wiklander		if (res != TEE_SUCCESS) {
a8fb1651SJens Wiklander			retry_count++;
a8fb1651SJens Wiklander			if (retry_count >= RPMB_MAX_RETRIES)
a8fb1651SJens Wiklander				goto out_of_retries;
a8fb1651SJens Wiklander			/*
a8fb1651SJens Wiklander			 * To force wr_cnt sync next time, as it might get
a8fb1651SJens Wiklander			 * out of sync due to inconsistent operation result!
a8fb1651SJens Wiklander			 */
a8fb1651SJens Wiklander			rpmb_ctx->wr_cnt_synced = false;
a8fb1651SJens Wiklander			DMSG("Write resp unpack verify failed, retrying %zu",
a8fb1651SJens Wiklander			     retry_count);
a8fb1651SJens Wiklander			continue;
a8fb1651SJens Wiklander		}
a8fb1651SJens Wiklander
a8fb1651SJens Wiklander		return TEE_SUCCESS;
a8fb1651SJens Wiklander	}
a8fb1651SJens Wiklander
a8fb1651SJens Wiklanderout_of_retries:
a8fb1651SJens Wiklander	rpmb_dead = true;
a8fb1651SJens Wiklander	/*
a8fb1651SJens Wiklander	 * We're using this error code to cause an eventuall calling TA to
a8fb1651SJens Wiklander	 * panic since we don't know if the data to be written has been
a8fb1651SJens Wiklander	 * committed to storage or not.
a8fb1651SJens Wiklander	 */
a8fb1651SJens Wiklander	return TEE_ERROR_COMMUNICATION;
a8fb1651SJens Wiklander}
a8fb1651SJens Wiklander
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_write_blk(uint16_t blk_idx,
0c96a71dSJerome Forissier				     const uint8_t *data_blks, uint16_t blkcnt,
b399f70bSJens Wiklander				     const uint8_t *fek, const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res;
0c96a71dSJerome Forissier	struct tee_rpmb_mem mem;
0c96a71dSJerome Forissier	uint32_t req_size;
0c96a71dSJerome Forissier	uint32_t nbr_writes;
0c96a71dSJerome Forissier	uint16_t tmp_blkcnt;
0c96a71dSJerome Forissier	uint16_t tmp_blk_idx;
0c96a71dSJerome Forissier	uint16_t i;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""),
0c96a71dSJerome Forissier	     blk_idx);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!data_blks || !blkcnt)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
3be2f85aSJens Wiklander	res = tee_rpmb_init();
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	/*
0c96a71dSJerome Forissier	 * We need to split data when block count
0c96a71dSJerome Forissier	 * is bigger than reliable block write count.
0c96a71dSJerome Forissier	 */
8dfdf392SJens Wiklander	req_size = RPMB_DATA_FRAME_SIZE * MIN(blkcnt, rpmb_ctx->rel_wr_blkcnt);
8dfdf392SJens Wiklander	res = tee_rpmb_alloc(req_size, RPMB_DATA_FRAME_SIZE, &mem);
0c96a71dSJerome Forissier	if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier		return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt;
0c96a71dSJerome Forissier	if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0)
0c96a71dSJerome Forissier		nbr_writes += 1;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt;
0c96a71dSJerome Forissier	tmp_blk_idx = blk_idx;
0c96a71dSJerome Forissier	for (i = 0; i < nbr_writes; i++) {
a8fb1651SJens Wiklander		size_t offs = i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE;
a8fb1651SJens Wiklander
0c96a71dSJerome Forissier		/*
0c96a71dSJerome Forissier		 * To handle the last write of block count which is
0c96a71dSJerome Forissier		 * equal or smaller than reliable write block count.
0c96a71dSJerome Forissier		 */
0c96a71dSJerome Forissier		if (i == nbr_writes - 1)
0c96a71dSJerome Forissier			tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt *
0c96a71dSJerome Forissier			    (nbr_writes - 1);
0c96a71dSJerome Forissier
3be2f85aSJens Wiklander		res = write_req(tmp_blk_idx, data_blks + offs,
8dfdf392SJens Wiklander				tmp_blkcnt, fek, uuid, &mem);
a8fb1651SJens Wiklander		if (res)
e94194d4SJens Wiklander			return res;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		tmp_blk_idx += tmp_blkcnt;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
e94194d4SJens Wiklander	return TEE_SUCCESS;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
3be2f85aSJens Wiklanderstatic bool tee_rpmb_write_is_atomic(uint32_t addr, uint32_t len)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	uint8_t byte_offset = addr % RPMB_DATA_SIZE;
04e46975SEtienne Carriere	uint16_t blkcnt = ROUNDUP_DIV(len + byte_offset, RPMB_DATA_SIZE);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	return (blkcnt <= rpmb_ctx->rel_wr_blkcnt);
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/*
0c96a71dSJerome Forissier * Write RPMB data in bytes.
0c96a71dSJerome Forissier *
0c96a71dSJerome Forissier * @addr       Byte address of data.
0c96a71dSJerome Forissier * @data       Pointer to the data.
0c96a71dSJerome Forissier * @len        Size of data in bytes.
fde4a756SJerome Forissier * @fek        Encrypted File Encryption Key or NULL.
0c96a71dSJerome Forissier */
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_write(uint32_t addr,
0c96a71dSJerome Forissier				 const uint8_t *data, uint32_t len,
b399f70bSJens Wiklander				 const uint8_t *fek, const TEE_UUID *uuid)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	uint8_t *data_tmp = NULL;
0c96a71dSJerome Forissier	uint16_t blk_idx;
0c96a71dSJerome Forissier	uint16_t blkcnt;
0c96a71dSJerome Forissier	uint8_t byte_offset;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	blk_idx = addr / RPMB_DATA_SIZE;
0c96a71dSJerome Forissier	byte_offset = addr % RPMB_DATA_SIZE;
0c96a71dSJerome Forissier
04e46975SEtienne Carriere	blkcnt = ROUNDUP_DIV(len + byte_offset, RPMB_DATA_SIZE);
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) {
3be2f85aSJens Wiklander		res = tee_rpmb_write_blk(blk_idx, data, blkcnt, fek, uuid);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier	} else {
0c96a71dSJerome Forissier		data_tmp = calloc(blkcnt, RPMB_DATA_SIZE);
0c96a71dSJerome Forissier		if (!data_tmp) {
0c96a71dSJerome Forissier			res = TEE_ERROR_OUT_OF_MEMORY;
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier		}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		/* Read the complete blocks */
3be2f85aSJens Wiklander		res = tee_rpmb_read(blk_idx * RPMB_DATA_SIZE, data_tmp,
b399f70bSJens Wiklander				    blkcnt * RPMB_DATA_SIZE, fek, uuid);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier		/* Partial update of the data blocks */
0c96a71dSJerome Forissier		memcpy(data_tmp + byte_offset, data, len);
0c96a71dSJerome Forissier
3be2f85aSJens Wiklander		res = tee_rpmb_write_blk(blk_idx, data_tmp, blkcnt, fek, uuid);
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	res = TEE_SUCCESS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierfunc_exit:
0c96a71dSJerome Forissier	free(data_tmp);
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/*
0c96a71dSJerome Forissier * Read the RPMB max block.
0c96a71dSJerome Forissier *
0c96a71dSJerome Forissier * @counter    Pointer to receive the max block.
0c96a71dSJerome Forissier */
3be2f85aSJens Wiklanderstatic TEE_Result tee_rpmb_get_max_block(uint32_t *max_block)
0c96a71dSJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res = TEE_SUCCESS;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	if (!max_block)
0c96a71dSJerome Forissier		return TEE_ERROR_BAD_PARAMETERS;
0c96a71dSJerome Forissier
a8fb1651SJens Wiklander	if (rpmb_dead)
a8fb1651SJens Wiklander		return TEE_ERROR_COMMUNICATION;
a8fb1651SJens Wiklander
0c96a71dSJerome Forissier	if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) {
3be2f85aSJens Wiklander		res = tee_rpmb_init();
0c96a71dSJerome Forissier		if (res != TEE_SUCCESS)
0c96a71dSJerome Forissier			goto func_exit;
0c96a71dSJerome Forissier	}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier	*max_block = rpmb_ctx->max_blk_idx;
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierfunc_exit:
0c96a71dSJerome Forissier	return res;
0c96a71dSJerome Forissier}
0c96a71dSJerome Forissier
0c96a71dSJerome Forissier/*
0c96a71dSJerome Forissier * End of lower interface to RPMB device
0c96a71dSJerome Forissier */
0c96a71dSJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result get_fat_start_address(uint32_t *addr);
5f68d784SManuel Huberstatic TEE_Result rpmb_fs_setup(void);
0c96a71dSJerome Forissier
5f68d784SManuel Huber/**
5f68d784SManuel Huber * fat_entry_dir_free: Free the FAT entry dir.
5f68d784SManuel Huber */
5f68d784SManuel Huberstatic void fat_entry_dir_free(void)
5f68d784SManuel Huber{
5f68d784SManuel Huber	if (fat_entry_dir) {
5f68d784SManuel Huber		free(fat_entry_dir->rpmb_fat_entry_buf);
5f68d784SManuel Huber		free(fat_entry_dir);
5f68d784SManuel Huber		fat_entry_dir = NULL;
5f68d784SManuel Huber	}
5f68d784SManuel Huber}
5f68d784SManuel Huber
5f68d784SManuel Huber/**
5f68d784SManuel Huber * fat_entry_dir_init: Initialize the FAT FS entry buffer/cache
5f68d784SManuel Huber * This function must be called before reading FAT FS entries using the
5f68d784SManuel Huber * function fat_entry_dir_get_next. This initializes the buffer/cache with the
5f68d784SManuel Huber * first FAT FS entries.
5f68d784SManuel Huber */
5f68d784SManuel Huberstatic TEE_Result fat_entry_dir_init(void)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
5f68d784SManuel Huber	struct rpmb_fat_entry *fe = NULL;
5f68d784SManuel Huber	uint32_t fat_address = 0;
5f68d784SManuel Huber	uint32_t num_elems_read = 0;
5f68d784SManuel Huber
5f68d784SManuel Huber	if (fat_entry_dir)
5f68d784SManuel Huber		return TEE_SUCCESS;
5f68d784SManuel Huber
5f68d784SManuel Huber	res = rpmb_fs_setup();
5f68d784SManuel Huber	if (res)
5f68d784SManuel Huber		return res;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	res = get_fat_start_address(&fat_address);
5f68d784SManuel Huber	if (res)
5f68d784SManuel Huber		return res;
a8a78b85SJerome Forissier
5f68d784SManuel Huber	fat_entry_dir = calloc(1, sizeof(struct rpmb_fat_entry_dir));
5f68d784SManuel Huber	if (!fat_entry_dir)
5f68d784SManuel Huber		return TEE_ERROR_OUT_OF_MEMORY;
5f68d784SManuel Huber
5f68d784SManuel Huber	/*
5f68d784SManuel Huber	 * If caching is enabled, read in up to the maximum cache size, but
5f68d784SManuel Huber	 * never more than the single read in size. Otherwise, read in as many
5f68d784SManuel Huber	 * entries fit into the temporary buffer.
5f68d784SManuel Huber	 */
5f68d784SManuel Huber	if (CFG_RPMB_FS_CACHE_ENTRIES)
5f68d784SManuel Huber		num_elems_read = MIN(CFG_RPMB_FS_CACHE_ENTRIES,
5f68d784SManuel Huber				     CFG_RPMB_FS_RD_ENTRIES);
5f68d784SManuel Huber	else
5f68d784SManuel Huber		num_elems_read = CFG_RPMB_FS_RD_ENTRIES;
5f68d784SManuel Huber
5f68d784SManuel Huber	/*
5f68d784SManuel Huber	 * Allocate memory for the FAT FS entries to read in.
5f68d784SManuel Huber	 */
5f68d784SManuel Huber	fe = calloc(num_elems_read, sizeof(struct rpmb_fat_entry));
5f68d784SManuel Huber	if (!fe) {
a8a78b85SJerome Forissier		res = TEE_ERROR_OUT_OF_MEMORY;
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
3be2f85aSJens Wiklander	res = tee_rpmb_read(fat_address, (uint8_t *)fe,
5f68d784SManuel Huber			    num_elems_read * sizeof(*fe), NULL, NULL);
5f68d784SManuel Huber	if (res)
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier
5f68d784SManuel Huber	fat_entry_dir->rpmb_fat_entry_buf = fe;
a8a78b85SJerome Forissier
5f68d784SManuel Huber	/*
5f68d784SManuel Huber	 * We use this variable when getting next entries from the buffer/cache
5f68d784SManuel Huber	 * to see whether we have to read in more entries from storage.
5f68d784SManuel Huber	 */
5f68d784SManuel Huber	fat_entry_dir->num_buffered = num_elems_read;
a8a78b85SJerome Forissier
5f68d784SManuel Huber	return TEE_SUCCESS;
a8a78b85SJerome Forissierout:
5f68d784SManuel Huber	fat_entry_dir_free();
5f68d784SManuel Huber	free(fe);
5f68d784SManuel Huber	return res;
5f68d784SManuel Huber}
5f68d784SManuel Huber
5f68d784SManuel Huber/**
5f68d784SManuel Huber * fat_entry_dir_deinit: If caching is enabled, free the temporary buffer for
5f68d784SManuel Huber * FAT FS entries in case the cache was too small. Keep the elements in the
5f68d784SManuel Huber * cache. Reset the counter variables to start the next traversal from fresh
5f68d784SManuel Huber * from the first cached entry. If caching is disabled, just free the
5f68d784SManuel Huber * temporary buffer by calling fat_entry_dir_free and return.
5f68d784SManuel Huber */
5f68d784SManuel Huberstatic void fat_entry_dir_deinit(void)
5f68d784SManuel Huber{
5f68d784SManuel Huber	struct rpmb_fat_entry *fe = NULL;
5f68d784SManuel Huber
5f68d784SManuel Huber	if (!fat_entry_dir)
5f68d784SManuel Huber		return;
5f68d784SManuel Huber
5f68d784SManuel Huber	if (!CFG_RPMB_FS_CACHE_ENTRIES) {
5f68d784SManuel Huber		fat_entry_dir_free();
5f68d784SManuel Huber		return;
5f68d784SManuel Huber	}
5f68d784SManuel Huber
5f68d784SManuel Huber	fe = fat_entry_dir->rpmb_fat_entry_buf;
5f68d784SManuel Huber	fat_entry_dir->idx_curr = 0;
5f68d784SManuel Huber	fat_entry_dir->num_total_read = 0;
5f68d784SManuel Huber	fat_entry_dir->last_reached = false;
5f68d784SManuel Huber
5f68d784SManuel Huber	if (fat_entry_dir->num_buffered > CFG_RPMB_FS_CACHE_ENTRIES) {
5f68d784SManuel Huber		fat_entry_dir->num_buffered = CFG_RPMB_FS_CACHE_ENTRIES;
5f68d784SManuel Huber
5f68d784SManuel Huber		fe = realloc(fe, fat_entry_dir->num_buffered * sizeof(*fe));
5f68d784SManuel Huber
5f68d784SManuel Huber		/*
5f68d784SManuel Huber		 * In case realloc fails, we are on the safe side if we destroy
5f68d784SManuel Huber		 * the whole structure. Upon the next init, the cache has to be
5f68d784SManuel Huber		 * re-established, but this case should not happen in practice.
5f68d784SManuel Huber		 */
5f68d784SManuel Huber		if (!fe)
5f68d784SManuel Huber			fat_entry_dir_free();
5f68d784SManuel Huber		else
5f68d784SManuel Huber			fat_entry_dir->rpmb_fat_entry_buf = fe;
5f68d784SManuel Huber	}
5f68d784SManuel Huber}
5f68d784SManuel Huber
5f68d784SManuel Huber/**
5f68d784SManuel Huber * fat_entry_dir_update: Updates a persisted FAT FS entry in the cache.
5f68d784SManuel Huber * This function updates the FAT entry fat_entry that was written to address
5f68d784SManuel Huber * fat_address onto RPMB storage in the cache.
5f68d784SManuel Huber */
5f68d784SManuel Huberstatic TEE_Result __maybe_unused fat_entry_dir_update
5f68d784SManuel Huber					(struct rpmb_fat_entry *fat_entry,
5f68d784SManuel Huber					 uint32_t fat_address)
5f68d784SManuel Huber{
5f68d784SManuel Huber	uint32_t fat_entry_buf_idx = 0;
5f68d784SManuel Huber	/* Use a temp var to avoid compiler warning if caching disabled. */
5f68d784SManuel Huber	uint32_t max_cache_entries = CFG_RPMB_FS_CACHE_ENTRIES;
5f68d784SManuel Huber
be041efcSNeil Shipp	assert(!((fat_address - RPMB_FS_FAT_START_ADDRESS) %
be041efcSNeil Shipp	       sizeof(struct rpmb_fat_entry)));
5f68d784SManuel Huber
5f68d784SManuel Huber	/* Nothing to update if the cache is not initialized. */
5f68d784SManuel Huber	if (!fat_entry_dir)
5f68d784SManuel Huber		return TEE_SUCCESS;
5f68d784SManuel Huber
5f68d784SManuel Huber	fat_entry_buf_idx = (fat_address - RPMB_FS_FAT_START_ADDRESS) /
5f68d784SManuel Huber			     sizeof(struct rpmb_fat_entry);
5f68d784SManuel Huber
5f68d784SManuel Huber	/* Only need to write if index points to an entry in cache. */
3b354b19SNeil Shipp	if (fat_entry_buf_idx < fat_entry_dir->num_buffered &&
3b354b19SNeil Shipp	    fat_entry_buf_idx < max_cache_entries) {
5f68d784SManuel Huber		memcpy(fat_entry_dir->rpmb_fat_entry_buf + fat_entry_buf_idx,
5f68d784SManuel Huber		       fat_entry, sizeof(struct rpmb_fat_entry));
5f68d784SManuel Huber	}
5f68d784SManuel Huber
5f68d784SManuel Huber	return TEE_SUCCESS;
5f68d784SManuel Huber}
5f68d784SManuel Huber
5f68d784SManuel Huber/**
5f68d784SManuel Huber * fat_entry_dir_get_next: Get next FAT FS entry.
5f68d784SManuel Huber * Read either from cache/buffer, or by reading from RPMB storage if the
5f68d784SManuel Huber * elements in the buffer/cache are fully read. When reading in from RPMB
5f68d784SManuel Huber * storage, the buffer is overwritten in case caching is disabled.
5f68d784SManuel Huber * In case caching is enabled, the cache is either further filled, or a
5f68d784SManuel Huber * temporary buffer populated if the cache is already full.
5f68d784SManuel Huber * The FAT FS entry is written to fat_entry. The respective address in RPMB
5f68d784SManuel Huber * storage is written to fat_address, if not NULL. When the last FAT FS entry
5f68d784SManuel Huber * was previously read, the function indicates this case by writing a NULL
5f68d784SManuel Huber * pointer to fat_entry.
5f68d784SManuel Huber * Returns a value different TEE_SUCCESS if the next FAT FS entry could not be
5f68d784SManuel Huber * retrieved.
5f68d784SManuel Huber */
5f68d784SManuel Huberstatic TEE_Result fat_entry_dir_get_next(struct rpmb_fat_entry **fat_entry,
5f68d784SManuel Huber					 uint32_t *fat_address)
5f68d784SManuel Huber{
5f68d784SManuel Huber	TEE_Result res = TEE_ERROR_GENERIC;
5f68d784SManuel Huber	struct rpmb_fat_entry *fe = NULL;
5f68d784SManuel Huber	uint32_t num_elems_read = 0;
5f68d784SManuel Huber	uint32_t fat_address_local = 0;
5f68d784SManuel Huber
5f68d784SManuel Huber	assert(fat_entry_dir && fat_entry);
5f68d784SManuel Huber
5f68d784SManuel Huber	/* Don't read further if we previously read the last FAT FS entry. */
5f68d784SManuel Huber	if (fat_entry_dir->last_reached) {
5f68d784SManuel Huber		*fat_entry = NULL;
5f68d784SManuel Huber		return TEE_SUCCESS;
5f68d784SManuel Huber	}
5f68d784SManuel Huber
5f68d784SManuel Huber	fe = fat_entry_dir->rpmb_fat_entry_buf;
5f68d784SManuel Huber
5f68d784SManuel Huber	/* Determine address of FAT FS entry in RPMB storage. */
5f68d784SManuel Huber	fat_address_local = RPMB_FS_FAT_START_ADDRESS +
5f68d784SManuel Huber			(fat_entry_dir->num_total_read *
5f68d784SManuel Huber			sizeof(struct rpmb_fat_entry));
5f68d784SManuel Huber
5f68d784SManuel Huber	/*
5f68d784SManuel Huber	 * We've read all so-far buffered elements, so we need to
5f68d784SManuel Huber	 * read in more entries from RPMB storage.
5f68d784SManuel Huber	 */
5f68d784SManuel Huber	if (fat_entry_dir->idx_curr >= fat_entry_dir->num_buffered) {
5f68d784SManuel Huber		/*
5f68d784SManuel Huber		 * This is the case where we do not cache entries, so just read
5f68d784SManuel Huber		 * in next set of FAT FS entries into the buffer.
5f68d784SManuel Huber		 * Goto the end of the when statement if that is done.
5f68d784SManuel Huber		 */
5f68d784SManuel Huber		if (!CFG_RPMB_FS_CACHE_ENTRIES) {
5f68d784SManuel Huber			num_elems_read = CFG_RPMB_FS_RD_ENTRIES;
5f68d784SManuel Huber			fat_entry_dir->idx_curr = 0;
5f68d784SManuel Huber
3be2f85aSJens Wiklander			res = tee_rpmb_read(fat_address_local, (uint8_t *)fe,
5f68d784SManuel Huber					    num_elems_read * sizeof(*fe), NULL,
5f68d784SManuel Huber					    NULL);
5f68d784SManuel Huber			if (res)
5f68d784SManuel Huber				return res;
5f68d784SManuel Huber			goto post_read_in;
5f68d784SManuel Huber		}
5f68d784SManuel Huber
5f68d784SManuel Huber		/*
5f68d784SManuel Huber		 * We cache FAT FS entries, and the buffer is not completely
5f68d784SManuel Huber		 * filled. Further keep on extending the buffer up to its max
5f68d784SManuel Huber		 * size by reading in from RPMB.
5f68d784SManuel Huber		 */
5f68d784SManuel Huber		if (fat_entry_dir->num_total_read < RPMB_BUF_MAX_ENTRIES) {
5f68d784SManuel Huber			/*
5f68d784SManuel Huber			 * Read at most as many elements as fit in the buffer
5f68d784SManuel Huber			 * and no more than the defined number of entries to
5f68d784SManuel Huber			 * read in at once.
5f68d784SManuel Huber			 */
5f68d784SManuel Huber			num_elems_read = MIN(RPMB_BUF_MAX_ENTRIES -
5f68d784SManuel Huber					     fat_entry_dir->num_total_read,
5f68d784SManuel Huber					     (uint32_t)CFG_RPMB_FS_RD_ENTRIES);
5f68d784SManuel Huber
5f68d784SManuel Huber			/*
5f68d784SManuel Huber			 * Expand the buffer to fit in the additional entries.
5f68d784SManuel Huber			 */
5f68d784SManuel Huber			fe = realloc(fe,
5f68d784SManuel Huber				     (fat_entry_dir->num_buffered +
5f68d784SManuel Huber				      num_elems_read) * sizeof(*fe));
5f68d784SManuel Huber			if (!fe)
5f68d784SManuel Huber				return TEE_ERROR_OUT_OF_MEMORY;
5f68d784SManuel Huber
5f68d784SManuel Huber			fat_entry_dir->rpmb_fat_entry_buf = fe;
5f68d784SManuel Huber
5f68d784SManuel Huber			/* Read in to the next free slot in the buffer/cache. */
3be2f85aSJens Wiklander			res = tee_rpmb_read(fat_address_local,
5f68d784SManuel Huber					    (uint8_t *)(fe +
5f68d784SManuel Huber					    fat_entry_dir->num_total_read),
5f68d784SManuel Huber					    num_elems_read * sizeof(*fe),
5f68d784SManuel Huber					    NULL, NULL);
5f68d784SManuel Huber			if (res)
5f68d784SManuel Huber				return res;
5f68d784SManuel Huber
5f68d784SManuel Huber			fat_entry_dir->num_buffered += num_elems_read;
5f68d784SManuel Huber		} else {
5f68d784SManuel Huber			/*
5f68d784SManuel Huber			 * This happens when we have read as many elements as
5f68d784SManuel Huber			 * can possibly fit into the buffer.
5f68d784SManuel Huber			 * As the first part of the buffer serves as our cache,
5f68d784SManuel Huber			 * we only overwrite the last part that serves as our
5f68d784SManuel Huber			 * temporary buffer used to iteratively read in entries
5f68d784SManuel Huber			 * when the cache is full. Read in the temporary buffer
5f68d784SManuel Huber			 * maximum size.
5f68d784SManuel Huber			 */
5f68d784SManuel Huber			num_elems_read = CFG_RPMB_FS_RD_ENTRIES;
5f68d784SManuel Huber			/* Reset index to beginning of the temporary buffer. */
5f68d784SManuel Huber			fat_entry_dir->idx_curr = CFG_RPMB_FS_CACHE_ENTRIES;
5f68d784SManuel Huber
5f68d784SManuel Huber			/* Read in elements after the end of the cache. */
3be2f85aSJens Wiklander			res = tee_rpmb_read(fat_address_local,
5f68d784SManuel Huber					    (uint8_t *)(fe +
5f68d784SManuel Huber					    fat_entry_dir->idx_curr),
5f68d784SManuel Huber					    num_elems_read * sizeof(*fe),
5f68d784SManuel Huber					    NULL, NULL);
5f68d784SManuel Huber			if (res)
5f68d784SManuel Huber				return res;
5f68d784SManuel Huber		}
5f68d784SManuel Huber	}
5f68d784SManuel Huber
5f68d784SManuel Huberpost_read_in:
5f68d784SManuel Huber	if (fat_address)
5f68d784SManuel Huber		*fat_address = fat_address_local;
5f68d784SManuel Huber
5f68d784SManuel Huber	*fat_entry = fe + fat_entry_dir->idx_curr;
5f68d784SManuel Huber
5f68d784SManuel Huber	fat_entry_dir->idx_curr++;
5f68d784SManuel Huber	fat_entry_dir->num_total_read++;
5f68d784SManuel Huber
5f68d784SManuel Huber	/*
5f68d784SManuel Huber	 * Indicate last entry was read.
5f68d784SManuel Huber	 * Ensures we return a zero value for fat_entry on next invocation.
5f68d784SManuel Huber	 */
5f68d784SManuel Huber	if ((*fat_entry)->flags & FILE_IS_LAST_ENTRY)
5f68d784SManuel Huber		fat_entry_dir->last_reached = true;
5f68d784SManuel Huber
5f68d784SManuel Huber	return TEE_SUCCESS;
5f68d784SManuel Huber}
5f68d784SManuel Huber
5f68d784SManuel Huber#if (TRACE_LEVEL >= TRACE_FLOW)
5f68d784SManuel Huberstatic void dump_fat(void)
5f68d784SManuel Huber{
e762809bSGianguido Sorà	TEE_Result res = TEE_ERROR_SECURITY;
5f68d784SManuel Huber	struct rpmb_fat_entry *fe = NULL;
5f68d784SManuel Huber
ce9a20c1SJerome Forissier	if (!fs_par)
ce9a20c1SJerome Forissier		return;
ce9a20c1SJerome Forissier
5f68d784SManuel Huber	if (fat_entry_dir_init())
5f68d784SManuel Huber		return;
5f68d784SManuel Huber
5f68d784SManuel Huber	while (true) {
5f68d784SManuel Huber		res = fat_entry_dir_get_next(&fe, NULL);
5f68d784SManuel Huber		if (res || !fe)
5f68d784SManuel Huber			break;
5f68d784SManuel Huber
5f68d784SManuel Huber		FMSG("flags %#"PRIx32", size %"PRIu32", address %#"PRIx32
5f68d784SManuel Huber		     ", filename '%s'",
5f68d784SManuel Huber		     fe->flags, fe->data_size, fe->start_address, fe->filename);
5f68d784SManuel Huber	}
5f68d784SManuel Huber
5f68d784SManuel Huber	fat_entry_dir_deinit();
a8a78b85SJerome Forissier}
213777fdSManuel Huber#else
213777fdSManuel Huberstatic void dump_fat(void)
213777fdSManuel Huber{
213777fdSManuel Huber}
213777fdSManuel Huber#endif
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier#if (TRACE_LEVEL >= TRACE_DEBUG)
a8a78b85SJerome Forissierstatic void dump_fh(struct rpmb_file_handle *fh)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	DMSG("fh->filename=%s", fh->filename);
a8a78b85SJerome Forissier	DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address);
a8a78b85SJerome Forissier	DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address);
a8a78b85SJerome Forissier	DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size);
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier#else
a8a78b85SJerome Forissierstatic void dump_fh(struct rpmb_file_handle *fh __unused)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier#endif
a8a78b85SJerome Forissier
34ab2802SJerome Forissier/* "/TA_uuid/object_id" or "/TA_uuid/.object_id" */
34ab2802SJerome Forissierstatic TEE_Result create_filename(void *buf, size_t blen, struct tee_pobj *po,
34ab2802SJerome Forissier				  bool transient)
34ab2802SJerome Forissier{
34ab2802SJerome Forissier	uint8_t *file = buf;
34ab2802SJerome Forissier	uint32_t pos = 0;
34ab2802SJerome Forissier	uint32_t hslen = 1 /* Leading slash */
34ab2802SJerome Forissier			+ TEE_B2HS_HSBUF_SIZE(sizeof(TEE_UUID) + po->obj_id_len)
34ab2802SJerome Forissier			+ 1; /* Intermediate slash */
34ab2802SJerome Forissier
34ab2802SJerome Forissier	/* +1 for the '.' (temporary persistent object) */
34ab2802SJerome Forissier	if (transient)
34ab2802SJerome Forissier		hslen++;
34ab2802SJerome Forissier
34ab2802SJerome Forissier	if (blen < hslen)
34ab2802SJerome Forissier		return TEE_ERROR_SHORT_BUFFER;
34ab2802SJerome Forissier
34ab2802SJerome Forissier	file[pos++] = '/';
34ab2802SJerome Forissier	pos += tee_b2hs((uint8_t *)&po->uuid, &file[pos],
34ab2802SJerome Forissier			sizeof(TEE_UUID), hslen);
34ab2802SJerome Forissier	file[pos++] = '/';
34ab2802SJerome Forissier
34ab2802SJerome Forissier	if (transient)
34ab2802SJerome Forissier		file[pos++] = '.';
34ab2802SJerome Forissier
34ab2802SJerome Forissier	tee_b2hs(po->obj_id, file + pos, po->obj_id_len, hslen - pos);
34ab2802SJerome Forissier
34ab2802SJerome Forissier	return TEE_SUCCESS;
34ab2802SJerome Forissier}
34ab2802SJerome Forissier
34ab2802SJerome Forissier/* "/TA_uuid" */
34ab2802SJerome Forissierstatic TEE_Result create_dirname(void *buf, size_t blen, const TEE_UUID *uuid)
34ab2802SJerome Forissier{
34ab2802SJerome Forissier	uint8_t *dir = buf;
34ab2802SJerome Forissier	uint32_t hslen = TEE_B2HS_HSBUF_SIZE(sizeof(TEE_UUID)) + 1;
34ab2802SJerome Forissier
34ab2802SJerome Forissier	if (blen < hslen)
34ab2802SJerome Forissier		return TEE_ERROR_SHORT_BUFFER;
34ab2802SJerome Forissier
34ab2802SJerome Forissier	dir[0] = '/';
34ab2802SJerome Forissier	tee_b2hs((uint8_t *)uuid, dir + 1, sizeof(TEE_UUID), hslen);
34ab2802SJerome Forissier
34ab2802SJerome Forissier	return TEE_SUCCESS;
34ab2802SJerome Forissier}
34ab2802SJerome Forissier
b2215adfSJens Wiklanderstatic struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po,
b2215adfSJens Wiklander						  bool temporary)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	struct rpmb_file_handle *fh = NULL;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	fh = calloc(1, sizeof(struct rpmb_file_handle));
a8a78b85SJerome Forissier	if (!fh)
b0104773SPascal Brand		return NULL;
b0104773SPascal Brand
b2215adfSJens Wiklander	if (po)
34ab2802SJerome Forissier		create_filename(fh->filename, sizeof(fh->filename), po,
b2215adfSJens Wiklander				temporary);
b0104773SPascal Brand
b0104773SPascal Brand	return fh;
b0104773SPascal Brand}
b0104773SPascal Brand
b0104773SPascal Brand/**
b0104773SPascal Brand * write_fat_entry: Store info in a fat_entry to RPMB.
b0104773SPascal Brand */
e92de4caSJerome Forissierstatic TEE_Result write_fat_entry(struct rpmb_file_handle *fh)
b0104773SPascal Brand{
b0104773SPascal Brand	TEE_Result res = TEE_ERROR_GENERIC;
b0104773SPascal Brand
b0104773SPascal Brand	/* Protect partition data. */
b0104773SPascal Brand	if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) {
b0104773SPascal Brand		res = TEE_ERROR_ACCESS_CONFLICT;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
b0104773SPascal Brand	if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) {
b0104773SPascal Brand		res = TEE_ERROR_BAD_PARAMETERS;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
3be2f85aSJens Wiklander	res = tee_rpmb_write(fh->rpmb_fat_address, (uint8_t *)&fh->fat_entry,
b399f70bSJens Wiklander			     sizeof(struct rpmb_fat_entry), NULL, NULL);
b0104773SPascal Brand
a8a78b85SJerome Forissier	dump_fat();
a8a78b85SJerome Forissier
5f68d784SManuel Huber	/* If caching enabled, update a successfully written entry in cache. */
5f68d784SManuel Huber	if (CFG_RPMB_FS_CACHE_ENTRIES && !res)
5f68d784SManuel Huber		res = fat_entry_dir_update(&fh->fat_entry,
5f68d784SManuel Huber					   fh->rpmb_fat_address);
5f68d784SManuel Huber
b0104773SPascal Brandout:
b0104773SPascal Brand	return res;
b0104773SPascal Brand}
b0104773SPascal Brand
b0104773SPascal Brand/**
5f68d784SManuel Huber * rpmb_fs_setup: Setup RPMB FS.
b0104773SPascal Brand * Set initial partition and FS values and write to RPMB.
b0104773SPascal Brand * Store frequently used data in RAM.
b0104773SPascal Brand */
b0104773SPascal Brandstatic TEE_Result rpmb_fs_setup(void)
b0104773SPascal Brand{
b0104773SPascal Brand	TEE_Result res = TEE_ERROR_GENERIC;
b0104773SPascal Brand	struct rpmb_fs_partition *partition_data = NULL;
a8a78b85SJerome Forissier	struct rpmb_file_handle *fh = NULL;
a8a78b85SJerome Forissier	uint32_t max_rpmb_block = 0;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	if (fs_par) {
a8a78b85SJerome Forissier		res = TEE_SUCCESS;
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
3be2f85aSJens Wiklander	res = tee_rpmb_get_max_block(&max_rpmb_block);
a8a78b85SJerome Forissier	if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier		goto out;
b0104773SPascal Brand
a8fb1651SJens Wiklander	/*
a8fb1651SJens Wiklander	 * We're going to read a full block in order to have a full block
a8fb1651SJens Wiklander	 * for the dummy write below.
a8fb1651SJens Wiklander	 */
a8fb1651SJens Wiklander	COMPILE_TIME_ASSERT(sizeof(struct rpmb_fs_partition) <=
a8fb1651SJens Wiklander			    RPMB_DATA_SIZE);
a8fb1651SJens Wiklander	partition_data = calloc(1, RPMB_DATA_SIZE);
a8a78b85SJerome Forissier	if (!partition_data) {
b0104773SPascal Brand		res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
3be2f85aSJens Wiklander	res = tee_rpmb_read(RPMB_STORAGE_START_ADDRESS,
a8fb1651SJens Wiklander			    (uint8_t *)partition_data, RPMB_DATA_SIZE,
a8fb1651SJens Wiklander			    NULL, NULL);
a8fb1651SJens Wiklander	if (res != TEE_SUCCESS)
a8fb1651SJens Wiklander		goto out;
a8fb1651SJens Wiklander	/*
a8fb1651SJens Wiklander	 * Perform a write in order to increase the write counter. This
a8fb1651SJens Wiklander	 * prevents late usage (replay attack) of a previously blocked
a8fb1651SJens Wiklander	 * request with a valid write counter value.
a8fb1651SJens Wiklander	 */
3be2f85aSJens Wiklander	res = tee_rpmb_write(RPMB_STORAGE_START_ADDRESS,
a8fb1651SJens Wiklander			     (uint8_t *)partition_data, RPMB_DATA_SIZE,
a8fb1651SJens Wiklander			     NULL, NULL);
a8fb1651SJens Wiklander	if (res != TEE_SUCCESS)
a8fb1651SJens Wiklander		goto out;
a8fb1651SJens Wiklander	/*
a8fb1651SJens Wiklander	 * We're reading again in case a stale request was committed
a8fb1651SJens Wiklander	 * instead of the one issued above. If this succeeds we're in sync
a8fb1651SJens Wiklander	 * with the RPMB block since there are no other possible stale
a8fb1651SJens Wiklander	 * blocks with valid write counters available.
a8fb1651SJens Wiklander	 */
3be2f85aSJens Wiklander	res = tee_rpmb_read(RPMB_STORAGE_START_ADDRESS,
b0104773SPascal Brand			    (uint8_t *)partition_data,
b399f70bSJens Wiklander			    sizeof(struct rpmb_fs_partition), NULL, NULL);
b0104773SPascal Brand	if (res != TEE_SUCCESS)
b0104773SPascal Brand		goto out;
b0104773SPascal Brand
a8a78b85SJerome Forissier#ifndef CFG_RPMB_RESET_FAT
b0104773SPascal Brand	if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) {
b0104773SPascal Brand		if (partition_data->fs_version == FS_VERSION) {
b0104773SPascal Brand			res = TEE_SUCCESS;
b0104773SPascal Brand			goto store_fs_par;
b0104773SPascal Brand		} else {
c3d1e005SVictor Chong			EMSG("Wrong software is in use.");
b0104773SPascal Brand			res = TEE_ERROR_ACCESS_DENIED;
b0104773SPascal Brand			goto out;
b0104773SPascal Brand		}
b0104773SPascal Brand	}
a8a78b85SJerome Forissier#else
a8a78b85SJerome Forissier	EMSG("**** Clearing Storage ****");
a8a78b85SJerome Forissier#endif
b0104773SPascal Brand
b0104773SPascal Brand	/* Setup new partition data. */
b0104773SPascal Brand	partition_data->rpmb_fs_magic = RPMB_FS_MAGIC;
b0104773SPascal Brand	partition_data->fs_version = FS_VERSION;
b0104773SPascal Brand	partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS;
b0104773SPascal Brand
b0104773SPascal Brand	/* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */
b2215adfSJens Wiklander	fh = alloc_file_handle(NULL, false);
a8a78b85SJerome Forissier	if (!fh) {
b0104773SPascal Brand		res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand	fh->fat_entry.flags = FILE_IS_LAST_ENTRY;
b0104773SPascal Brand	fh->rpmb_fat_address = partition_data->fat_start_address;
b0104773SPascal Brand
b0104773SPascal Brand	/* Write init FAT entry and partition data to RPMB. */
e92de4caSJerome Forissier	res = write_fat_entry(fh);
b0104773SPascal Brand	if (res != TEE_SUCCESS)
b0104773SPascal Brand		goto out;
b0104773SPascal Brand
3be2f85aSJens Wiklander	res = tee_rpmb_write(RPMB_STORAGE_START_ADDRESS,
b0104773SPascal Brand			     (uint8_t *)partition_data,
b399f70bSJens Wiklander			     sizeof(struct rpmb_fs_partition), NULL, NULL);
b0104773SPascal Brand
a8a78b85SJerome Forissier#ifndef CFG_RPMB_RESET_FAT
b0104773SPascal Brandstore_fs_par:
a8a78b85SJerome Forissier#endif
a8a78b85SJerome Forissier
b0104773SPascal Brand	/* Store FAT start address. */
b0104773SPascal Brand	fs_par = calloc(1, sizeof(struct rpmb_fs_parameters));
a8a78b85SJerome Forissier	if (!fs_par) {
b0104773SPascal Brand		res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
b0104773SPascal Brand	fs_par->fat_start_address = partition_data->fat_start_address;
a8a78b85SJerome Forissier	fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	dump_fat();
b0104773SPascal Brand
b0104773SPascal Brandout:
b0104773SPascal Brand	free(fh);
b0104773SPascal Brand	free(partition_data);
b0104773SPascal Brand	return res;
b0104773SPascal Brand}
b0104773SPascal Brand
b0104773SPascal Brand/**
b0104773SPascal Brand * get_fat_start_address:
b0104773SPascal Brand * FAT start_address from fs_par.
b0104773SPascal Brand */
b0104773SPascal Brandstatic TEE_Result get_fat_start_address(uint32_t *addr)
b0104773SPascal Brand{
a8a78b85SJerome Forissier	if (!fs_par)
a8a78b85SJerome Forissier		return TEE_ERROR_NO_DATA;
b0104773SPascal Brand
b0104773SPascal Brand	*addr = fs_par->fat_start_address;
b0104773SPascal Brand
a8a78b85SJerome Forissier	return TEE_SUCCESS;
b0104773SPascal Brand}
b0104773SPascal Brand
b0104773SPascal Brand/**
b0104773SPascal Brand * read_fat: Read FAT entries
b0104773SPascal Brand * Return matching FAT entry for read, rm rename and stat.
b0104773SPascal Brand * Build up memory pool and return matching entry for write operation.
b0104773SPascal Brand * "Last FAT entry" can be returned during write.
b0104773SPascal Brand */
a8a78b85SJerome Forissierstatic TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p)
b0104773SPascal Brand{
b0104773SPascal Brand	TEE_Result res = TEE_ERROR_GENERIC;
b0104773SPascal Brand	tee_mm_entry_t *mm = NULL;
5f68d784SManuel Huber	struct rpmb_fat_entry *fe = NULL;
b0104773SPascal Brand	uint32_t fat_address;
b0104773SPascal Brand	bool entry_found = false;
a8a78b85SJerome Forissier	bool expand_fat = false;
a8a78b85SJerome Forissier	struct rpmb_file_handle last_fh;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	DMSG("fat_address %d", fh->rpmb_fat_address);
b0104773SPascal Brand
5f68d784SManuel Huber	res = fat_entry_dir_init();
5f68d784SManuel Huber	if (res)
b0104773SPascal Brand		goto out;
b0104773SPascal Brand
a8a78b85SJerome Forissier	/*
a8a78b85SJerome Forissier	 * The pool is used to represent the current RPMB layout. To find
a8a78b85SJerome Forissier	 * a slot for the file tee_mm_alloc is called on the pool. Thus
a8a78b85SJerome Forissier	 * if it is not NULL the entire FAT must be traversed to fill in
a8a78b85SJerome Forissier	 * the pool.
a8a78b85SJerome Forissier	 */
5f68d784SManuel Huber	while (true) {
5f68d784SManuel Huber		res = fat_entry_dir_get_next(&fe, &fat_address);
5f68d784SManuel Huber		if (res || !fe)
5f68d784SManuel Huber			break;
b0104773SPascal Brand
b0104773SPascal Brand		/*
b0104773SPascal Brand		 * Look for an entry, matching filenames. (read, rm,
b0104773SPascal Brand		 * rename and stat.). Only store first filename match.
b0104773SPascal Brand		 */
66d685f1SPeikan Tsai		if ((!strcmp(fh->filename, fe->filename)) &&
5f68d784SManuel Huber		    (fe->flags & FILE_IS_ACTIVE) && !entry_found) {
b0104773SPascal Brand			entry_found = true;
b0104773SPascal Brand			fh->rpmb_fat_address = fat_address;
5f68d784SManuel Huber			memcpy(&fh->fat_entry, fe, sizeof(*fe));
a8a78b85SJerome Forissier			if (!p)
b0104773SPascal Brand				break;
b0104773SPascal Brand		}
b0104773SPascal Brand
b0104773SPascal Brand		/* Add existing files to memory pool. (write) */
a8a78b85SJerome Forissier		if (p) {
5f68d784SManuel Huber			if ((fe->flags & FILE_IS_ACTIVE) && fe->data_size > 0) {
a8a78b85SJerome Forissier
5f68d784SManuel Huber				mm = tee_mm_alloc2(p, fe->start_address,
5f68d784SManuel Huber						   fe->data_size);
a8a78b85SJerome Forissier				if (!mm) {
b0104773SPascal Brand					res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand					goto out;
b0104773SPascal Brand				}
b0104773SPascal Brand			}
b0104773SPascal Brand
b0104773SPascal Brand			/* Unused FAT entries can be reused (write) */
5f68d784SManuel Huber			if (((fe->flags & FILE_IS_ACTIVE) == 0) &&
5f68d784SManuel Huber			    fh->rpmb_fat_address == 0) {
b0104773SPascal Brand				fh->rpmb_fat_address = fat_address;
5f68d784SManuel Huber				memcpy(&fh->fat_entry, fe,
b0104773SPascal Brand				       sizeof(struct rpmb_fat_entry));
b0104773SPascal Brand			}
b0104773SPascal Brand
5f68d784SManuel Huber			if (((fe->flags & FILE_IS_LAST_ENTRY) != 0) &&
5f68d784SManuel Huber			    fh->rpmb_fat_address == fat_address) {
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier				/*
a8a78b85SJerome Forissier				 * If the last entry was reached and was chosen
a8a78b85SJerome Forissier				 * by the previous check, then the FAT needs to
a8a78b85SJerome Forissier				 * be expanded.
a8a78b85SJerome Forissier				 * fh->rpmb_fat_address is the address chosen
a8a78b85SJerome Forissier				 * to store the files FAT entry and fat_address
a8a78b85SJerome Forissier				 * is the current FAT entry address being
a8a78b85SJerome Forissier				 * compared.
a8a78b85SJerome Forissier				 */
a8a78b85SJerome Forissier				expand_fat = true;
b0104773SPascal Brand			}
b0104773SPascal Brand		}
b0104773SPascal Brand	}
b0104773SPascal Brand
5f68d784SManuel Huber	if (res)
5f68d784SManuel Huber		goto out;
a8a78b85SJerome Forissier	/*
a8a78b85SJerome Forissier	 * Represent the FAT table in the pool.
a8a78b85SJerome Forissier	 */
a8a78b85SJerome Forissier	if (p) {
a8a78b85SJerome Forissier		/*
a8a78b85SJerome Forissier		 * Since fat_address is the start of the last entry it needs to
a8a78b85SJerome Forissier		 * be moved up by an entry.
a8a78b85SJerome Forissier		 */
a8a78b85SJerome Forissier		fat_address += sizeof(struct rpmb_fat_entry);
a8a78b85SJerome Forissier
b0104773SPascal Brand		/* Make room for yet a FAT entry and add to memory pool. */
a8a78b85SJerome Forissier		if (expand_fat)
a8a78b85SJerome Forissier			fat_address += sizeof(struct rpmb_fat_entry);
a8a78b85SJerome Forissier
b0104773SPascal Brand		mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address);
a8a78b85SJerome Forissier		if (!mm) {
b0104773SPascal Brand			res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand			goto out;
b0104773SPascal Brand		}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier		if (expand_fat) {
a8a78b85SJerome Forissier			/*
a8a78b85SJerome Forissier			 * Point fat_address to the beginning of the new
a8a78b85SJerome Forissier			 * entry.
a8a78b85SJerome Forissier			 */
a8a78b85SJerome Forissier			fat_address -= sizeof(struct rpmb_fat_entry);
a8a78b85SJerome Forissier			memset(&last_fh, 0, sizeof(last_fh));
a8a78b85SJerome Forissier			last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY;
a8a78b85SJerome Forissier			last_fh.rpmb_fat_address = fat_address;
e92de4caSJerome Forissier			res = write_fat_entry(&last_fh);
a8a78b85SJerome Forissier			if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier				goto out;
a8a78b85SJerome Forissier		}
b0104773SPascal Brand	}
b0104773SPascal Brand
66d685f1SPeikan Tsai	if (!fh->rpmb_fat_address)
8d5259f7SJens Wiklander		res = TEE_ERROR_ITEM_NOT_FOUND;
b0104773SPascal Brand
b0104773SPascal Brandout:
5f68d784SManuel Huber	fat_entry_dir_deinit();
b0104773SPascal Brand	return res;
b0104773SPascal Brand}
b0104773SPascal Brand
0c4e1284SJens Wiklanderstatic TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid)
9e84c17eSJerome Forissier{
9e84c17eSJerome Forissier	TEE_Result res;
9e84c17eSJerome Forissier
9e84c17eSJerome Forissieragain:
0c4e1284SJens Wiklander	res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek));
9e84c17eSJerome Forissier	if (res != TEE_SUCCESS)
9e84c17eSJerome Forissier		return res;
9e84c17eSJerome Forissier
9e84c17eSJerome Forissier	if (is_zero(fe->fek, sizeof(fe->fek)))
9e84c17eSJerome Forissier		goto again;
9e84c17eSJerome Forissier
9e84c17eSJerome Forissier	return res;
9e84c17eSJerome Forissier}
9e84c17eSJerome Forissier
078f18f8SJens Wiklanderstatic TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh,
078f18f8SJens Wiklander					const TEE_UUID *uuid, bool create)
b0104773SPascal Brand{
a8a78b85SJerome Forissier	tee_mm_pool_t p;
a8a78b85SJerome Forissier	bool pool_result;
d9f0ee43Sjames.jiang	paddr_size_t pool_sz = 0;
b0104773SPascal Brand	TEE_Result res = TEE_ERROR_GENERIC;
b0104773SPascal Brand
a8a78b85SJerome Forissier	/* We need to do setup in order to make sure fs_par is filled in */
a8a78b85SJerome Forissier	res = rpmb_fs_setup();
a8a78b85SJerome Forissier	if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier
b399f70bSJens Wiklander	fh->uuid = uuid;
b86c18ecSJens Wiklander	if (create) {
a8a78b85SJerome Forissier		/* Upper memory allocation must be used for RPMB_FS. */
d9f0ee43Sjames.jiang		pool_sz = fs_par->max_rpmb_address - RPMB_STORAGE_START_ADDRESS;
a8a78b85SJerome Forissier		pool_result = tee_mm_init(&p,
a8a78b85SJerome Forissier					  RPMB_STORAGE_START_ADDRESS,
d9f0ee43Sjames.jiang					  pool_sz,
a8a78b85SJerome Forissier					  RPMB_BLOCK_SIZE_SHIFT,
a8a78b85SJerome Forissier					  TEE_MM_POOL_HI_ALLOC);
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier		if (!pool_result) {
a8a78b85SJerome Forissier			res = TEE_ERROR_OUT_OF_MEMORY;
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier		}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier		res = read_fat(fh, &p);
a8a78b85SJerome Forissier		tee_mm_final(&p);
a8a78b85SJerome Forissier		if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier	} else {
a8a78b85SJerome Forissier		res = read_fat(fh, NULL);
a8a78b85SJerome Forissier		if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	/*
a8a78b85SJerome Forissier	 * If this is opened with create and the entry found was not active
a8a78b85SJerome Forissier	 * then this is a new file and the FAT entry must be written
a8a78b85SJerome Forissier	 */
b86c18ecSJens Wiklander	if (create) {
a8a78b85SJerome Forissier		if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) {
a8a78b85SJerome Forissier			memset(&fh->fat_entry, 0,
a8a78b85SJerome Forissier				sizeof(struct rpmb_fat_entry));
b2215adfSJens Wiklander			memcpy(fh->fat_entry.filename, fh->filename,
b2215adfSJens Wiklander				strlen(fh->filename));
a8a78b85SJerome Forissier			/* Start address and size are 0 */
a8a78b85SJerome Forissier			fh->fat_entry.flags = FILE_IS_ACTIVE;
a8a78b85SJerome Forissier
078f18f8SJens Wiklander			res = generate_fek(&fh->fat_entry, uuid);
b86c18ecSJens Wiklander			if (res != TEE_SUCCESS)
9e84c17eSJerome Forissier				goto out;
9e84c17eSJerome Forissier			DMSG("GENERATE FEK key: %p",
9e84c17eSJerome Forissier			     (void *)fh->fat_entry.fek);
9e84c17eSJerome Forissier			DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek));
9e84c17eSJerome Forissier
e92de4caSJerome Forissier			res = write_fat_entry(fh);
b86c18ecSJens Wiklander			if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier				goto out;
a8a78b85SJerome Forissier		}
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	res = TEE_SUCCESS;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissierout:
b86c18ecSJens Wiklander	return res;
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
b86c18ecSJens Wiklanderstatic void rpmb_fs_close(struct tee_file_handle **tfh)
a8a78b85SJerome Forissier{
b86c18ecSJens Wiklander	struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	free(fh);
b86c18ecSJens Wiklander	*tfh = NULL;
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
879237aeSJens Wiklanderstatic TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos,
b2284b11SJens Wiklander			       void *buf_core, void *buf_user, size_t *len)
a8a78b85SJerome Forissier{
0c96a71dSJerome Forissier	TEE_Result res;
b86c18ecSJens Wiklander	struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh;
b86c18ecSJens Wiklander	size_t size = *len;
a8a78b85SJerome Forissier
b2284b11SJens Wiklander	/* One of buf_core and buf_user must be NULL */
b2284b11SJens Wiklander	assert(!buf_core || !buf_user);
b2284b11SJens Wiklander
a8a78b85SJerome Forissier	if (!size)
b86c18ecSJens Wiklander		return TEE_SUCCESS;
a8a78b85SJerome Forissier
a7e22cf5SLijianhui (Airbak)	mutex_lock(&rpmb_mutex);
a7e22cf5SLijianhui (Airbak)
a8a78b85SJerome Forissier	dump_fh(fh);
a8a78b85SJerome Forissier
b0104773SPascal Brand	res = read_fat(fh, NULL);
b86c18ecSJens Wiklander	if (res != TEE_SUCCESS)
b0104773SPascal Brand		goto out;
b0104773SPascal Brand
879237aeSJens Wiklander	if (pos >= fh->fat_entry.data_size) {
b86c18ecSJens Wiklander		*len = 0;
b5d2d36bSJerome Forissier		goto out;
b5d2d36bSJerome Forissier	}
b5d2d36bSJerome Forissier
879237aeSJens Wiklander	size = MIN(size, fh->fat_entry.data_size - pos);
b5d2d36bSJerome Forissier	if (size) {
b2284b11SJens Wiklander		if (buf_core) {
3be2f85aSJens Wiklander			res = tee_rpmb_read(fh->fat_entry.start_address + pos,
b2284b11SJens Wiklander					    buf_core, size, fh->fat_entry.fek,
b2284b11SJens Wiklander					    fh->uuid);
b86c18ecSJens Wiklander			if (res != TEE_SUCCESS)
b0104773SPascal Brand				goto out;
b2284b11SJens Wiklander		} else if (buf_user) {
b2284b11SJens Wiklander			uint32_t f = TEE_MEMORY_ACCESS_WRITE;
b2284b11SJens Wiklander
b2284b11SJens Wiklander			res = check_user_access(f, buf_user, size);
b2284b11SJens Wiklander			if (res)
b2284b11SJens Wiklander				goto out;
b2284b11SJens Wiklander			enter_user_access();
3be2f85aSJens Wiklander			res = tee_rpmb_read(fh->fat_entry.start_address + pos,
b2284b11SJens Wiklander					    buf_user, size, fh->fat_entry.fek,
b2284b11SJens Wiklander					    fh->uuid);
b2284b11SJens Wiklander			exit_user_access();
b2284b11SJens Wiklander			if (res)
b2284b11SJens Wiklander				goto out;
b2284b11SJens Wiklander		}
b0104773SPascal Brand	}
b86c18ecSJens Wiklander	*len = size;
b0104773SPascal Brand
b0104773SPascal Brandout:
a7e22cf5SLijianhui (Airbak)	mutex_unlock(&rpmb_mutex);
b86c18ecSJens Wiklander	return res;
b0104773SPascal Brand}
b0104773SPascal Brand
64c6d291SEtienne Carrierestatic TEE_Result update_write_helper(struct rpmb_file_handle *fh,
64c6d291SEtienne Carriere				      size_t pos, const void *buf,
64c6d291SEtienne Carriere				      size_t size, uintptr_t new_fat,
64c6d291SEtienne Carriere				      size_t new_size)
64c6d291SEtienne Carriere{
64c6d291SEtienne Carriere	uintptr_t old_fat = fh->fat_entry.start_address;
64c6d291SEtienne Carriere	size_t old_size = fh->fat_entry.data_size;
64c6d291SEtienne Carriere	const uint8_t *rem_buf = buf;
64c6d291SEtienne Carriere	size_t rem_size = size;
64c6d291SEtienne Carriere	uint8_t *blk_buf = NULL;
64c6d291SEtienne Carriere	size_t blk_offset = 0;
64c6d291SEtienne Carriere	size_t blk_size = 0;
64c6d291SEtienne Carriere	TEE_Result res = TEE_SUCCESS;
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere	blk_buf = mempool_alloc(mempool_default, TMP_BLOCK_SIZE);
64c6d291SEtienne Carriere	if (!blk_buf)
64c6d291SEtienne Carriere		return TEE_ERROR_OUT_OF_MEMORY;
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere	while (blk_offset < new_size) {
cd799689SEtienne Carriere		uint8_t *copy_dst = blk_buf;
cd799689SEtienne Carriere		size_t copy_size = 0;
cd799689SEtienne Carriere		size_t rd_size = 0;
cd799689SEtienne Carriere
64c6d291SEtienne Carriere		blk_size = MIN(TMP_BLOCK_SIZE, new_size - blk_offset);
d53897cdSJens Wiklander		memset(blk_buf, 0, blk_size);
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere		/* Possibly read old RPMB data in temporary buffer */
64c6d291SEtienne Carriere		if (blk_offset < pos && blk_offset < old_size) {
cd799689SEtienne Carriere			rd_size = MIN(blk_size, old_size - blk_offset);
64c6d291SEtienne Carriere
3be2f85aSJens Wiklander			res = tee_rpmb_read(old_fat + blk_offset, blk_buf,
64c6d291SEtienne Carriere					    rd_size, fh->fat_entry.fek,
64c6d291SEtienne Carriere					    fh->uuid);
64c6d291SEtienne Carriere			if (res != TEE_SUCCESS)
64c6d291SEtienne Carriere				break;
64c6d291SEtienne Carriere		}
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere		/* Possibly update data in temporary buffer */
64c6d291SEtienne Carriere		if ((blk_offset + TMP_BLOCK_SIZE > pos) &&
64c6d291SEtienne Carriere		    (blk_offset < pos + size)) {
cd799689SEtienne Carriere			size_t offset = 0;
cd799689SEtienne Carriere
cd799689SEtienne Carriere			copy_dst = blk_buf;
cd799689SEtienne Carriere			copy_size = TMP_BLOCK_SIZE;
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere			if (blk_offset < pos) {
cd799689SEtienne Carriere				offset = pos - blk_offset;
64c6d291SEtienne Carriere
cd799689SEtienne Carriere				copy_dst += offset;
64c6d291SEtienne Carriere				copy_size -= offset;
64c6d291SEtienne Carriere			}
64c6d291SEtienne Carriere			copy_size = MIN(copy_size, rem_size);
64c6d291SEtienne Carriere
cd799689SEtienne Carriere			memcpy(copy_dst, rem_buf, copy_size);
64c6d291SEtienne Carriere			rem_buf += copy_size;
64c6d291SEtienne Carriere			rem_size -= copy_size;
64c6d291SEtienne Carriere		}
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere		/* Write temporary buffer to new RPMB destination */
3be2f85aSJens Wiklander		res = tee_rpmb_write(new_fat + blk_offset, blk_buf, blk_size,
64c6d291SEtienne Carriere				     fh->fat_entry.fek, fh->uuid);
64c6d291SEtienne Carriere		if (res != TEE_SUCCESS)
64c6d291SEtienne Carriere			break;
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere		blk_offset += blk_size;
64c6d291SEtienne Carriere	}
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere	mempool_free(mempool_default, blk_buf);
64c6d291SEtienne Carriere
64c6d291SEtienne Carriere	return res;
64c6d291SEtienne Carriere}
64c6d291SEtienne Carriere
078f18f8SJens Wiklanderstatic TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh,
73ea1cdeSJens Wiklander					  size_t pos, const void *buf,
73ea1cdeSJens Wiklander					  size_t size)
b0104773SPascal Brand{
64c6d291SEtienne Carriere	TEE_Result res = TEE_ERROR_GENERIC;
64c6d291SEtienne Carriere	tee_mm_pool_t p = { };
a8a78b85SJerome Forissier	bool pool_result = false;
64c6d291SEtienne Carriere	size_t end = 0;
64c6d291SEtienne Carriere	uint32_t start_addr = 0;
d9f0ee43Sjames.jiang	paddr_size_t pool_sz = 0;
b0104773SPascal Brand
a8a78b85SJerome Forissier	if (!size)
b86c18ecSJens Wiklander		return TEE_SUCCESS;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	if (!fs_par) {
a8a78b85SJerome Forissier		res = TEE_ERROR_GENERIC;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
a8a78b85SJerome Forissier	dump_fh(fh);
b0104773SPascal Brand
b0104773SPascal Brand	/* Upper memory allocation must be used for RPMB_FS. */
d9f0ee43Sjames.jiang	pool_sz = fs_par->max_rpmb_address - RPMB_STORAGE_START_ADDRESS;
a8a78b85SJerome Forissier	pool_result = tee_mm_init(&p,
a8a78b85SJerome Forissier				  RPMB_STORAGE_START_ADDRESS,
d9f0ee43Sjames.jiang				  pool_sz,
a8a78b85SJerome Forissier				  RPMB_BLOCK_SIZE_SHIFT,
a8a78b85SJerome Forissier				  TEE_MM_POOL_HI_ALLOC);
a8a78b85SJerome Forissier	if (!pool_result) {
b0104773SPascal Brand		res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
b0104773SPascal Brand	res = read_fat(fh, &p);
b0104773SPascal Brand	if (res != TEE_SUCCESS)
b0104773SPascal Brand		goto out;
b0104773SPascal Brand
d13278b8SEtienne Carriere	if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY)
8c9d9445SEtienne Carriere		panic("invalid last entry flag");
a8a78b85SJerome Forissier
ea81076fSJerome Forissier	if (ADD_OVERFLOW(pos, size, &end)) {
ea81076fSJerome Forissier		res = TEE_ERROR_BAD_PARAMETERS;
ea81076fSJerome Forissier		goto out;
ea81076fSJerome Forissier	}
ea81076fSJerome Forissier	if (ADD_OVERFLOW(fh->fat_entry.start_address, pos, &start_addr)) {
ea81076fSJerome Forissier		res = TEE_ERROR_BAD_PARAMETERS;
ea81076fSJerome Forissier		goto out;
ea81076fSJerome Forissier	}
a8a78b85SJerome Forissier
188f5aa5SJerome Forissier	if (end <= fh->fat_entry.data_size &&
3be2f85aSJens Wiklander	    tee_rpmb_write_is_atomic(start_addr, size)) {
188f5aa5SJerome Forissier
188f5aa5SJerome Forissier		DMSG("Updating data in-place");
3be2f85aSJens Wiklander		res = tee_rpmb_write(start_addr, buf,
b399f70bSJens Wiklander				     size, fh->fat_entry.fek, fh->uuid);
a8a78b85SJerome Forissier	} else {
188f5aa5SJerome Forissier		/*
188f5aa5SJerome Forissier		 * File must be extended, or update cannot be atomic: allocate,
188f5aa5SJerome Forissier		 * read, update, write.
188f5aa5SJerome Forissier		 */
64c6d291SEtienne Carriere		size_t new_size = MAX(end, fh->fat_entry.data_size);
64c6d291SEtienne Carriere		tee_mm_entry_t *mm = tee_mm_alloc(&p, new_size);
64c6d291SEtienne Carriere		uintptr_t new_fat_entry = 0;
a8a78b85SJerome Forissier
188f5aa5SJerome Forissier		DMSG("Need to re-allocate");
3c534211SStefan Schmidt		if (!mm) {
3c534211SStefan Schmidt			DMSG("RPMB: No space left");
3c534211SStefan Schmidt			res = TEE_ERROR_STORAGE_NO_SPACE;
3c534211SStefan Schmidt			goto out;
3c534211SStefan Schmidt		}
b0104773SPascal Brand
64c6d291SEtienne Carriere		new_fat_entry = tee_mm_get_smem(mm);
b0104773SPascal Brand
64c6d291SEtienne Carriere		res = update_write_helper(fh, pos, buf, size,
64c6d291SEtienne Carriere					  new_fat_entry, new_size);
64c6d291SEtienne Carriere		if (res == TEE_SUCCESS) {
64c6d291SEtienne Carriere			fh->fat_entry.data_size = new_size;
64c6d291SEtienne Carriere			fh->fat_entry.start_address = new_fat_entry;
b0104773SPascal Brand
e92de4caSJerome Forissier			res = write_fat_entry(fh);
64c6d291SEtienne Carriere		}
a8a78b85SJerome Forissier	}
b0104773SPascal Brand
b0104773SPascal Brandout:
a8a78b85SJerome Forissier	if (pool_result)
b0104773SPascal Brand		tee_mm_final(&p);
b0104773SPascal Brand
b86c18ecSJens Wiklander	return res;
b0104773SPascal Brand}
b0104773SPascal Brand
73ea1cdeSJens Wiklanderstatic TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos,
b2284b11SJens Wiklander				const void *buf_core, const void *buf_user,
b2284b11SJens Wiklander				size_t size)
73ea1cdeSJens Wiklander{
b2284b11SJens Wiklander	TEE_Result res = TEE_SUCCESS;
b2284b11SJens Wiklander
b2284b11SJens Wiklander	/* One of buf_core and buf_user must be NULL */
b2284b11SJens Wiklander	assert(!buf_core || !buf_user);
b2284b11SJens Wiklander
b2284b11SJens Wiklander	if (!size)
b2284b11SJens Wiklander		return TEE_SUCCESS;
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	mutex_lock(&rpmb_mutex);
b2284b11SJens Wiklander	if (buf_core) {
b2284b11SJens Wiklander		res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh,
b2284b11SJens Wiklander					      pos, buf_core, size);
b2284b11SJens Wiklander	} else if (buf_user) {
b2284b11SJens Wiklander		uint32_t f = TEE_MEMORY_ACCESS_READ;
b2284b11SJens Wiklander
b2284b11SJens Wiklander		res = check_user_access(f, buf_user, size);
b2284b11SJens Wiklander		if (res)
b2284b11SJens Wiklander			goto out;
b2284b11SJens Wiklander		enter_user_access();
b2284b11SJens Wiklander		res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh,
b2284b11SJens Wiklander					      pos, buf_user, size);
b2284b11SJens Wiklander		exit_user_access();
b2284b11SJens Wiklander	}
b2284b11SJens Wiklanderout:
73ea1cdeSJens Wiklander	mutex_unlock(&rpmb_mutex);
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	return res;
73ea1cdeSJens Wiklander}
73ea1cdeSJens Wiklander
078f18f8SJens Wiklanderstatic TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh)
b0104773SPascal Brand{
078f18f8SJens Wiklander	TEE_Result res;
b0104773SPascal Brand
b0104773SPascal Brand	res = read_fat(fh, NULL);
078f18f8SJens Wiklander	if (res)
078f18f8SJens Wiklander		return res;
b0104773SPascal Brand
b0104773SPascal Brand	/* Clear this file entry. */
b0104773SPascal Brand	memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry));
e92de4caSJerome Forissier	return write_fat_entry(fh);
b0104773SPascal Brand}
b0104773SPascal Brand
73ea1cdeSJens Wiklanderstatic TEE_Result rpmb_fs_remove(struct tee_pobj *po)
73ea1cdeSJens Wiklander{
73ea1cdeSJens Wiklander	TEE_Result res;
078f18f8SJens Wiklander	struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	if (!fh)
078f18f8SJens Wiklander		return TEE_ERROR_OUT_OF_MEMORY;
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	mutex_lock(&rpmb_mutex);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	res = rpmb_fs_remove_internal(fh);
078f18f8SJens Wiklander
73ea1cdeSJens Wiklander	mutex_unlock(&rpmb_mutex);
73ea1cdeSJens Wiklander
078f18f8SJens Wiklander	free(fh);
73ea1cdeSJens Wiklander	return res;
73ea1cdeSJens Wiklander}
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklanderstatic  TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old,
73ea1cdeSJens Wiklander					   struct tee_pobj *new,
822203a8SJens Wiklander					   bool overwrite)
b0104773SPascal Brand{
b0104773SPascal Brand	TEE_Result res = TEE_ERROR_GENERIC;
a8a78b85SJerome Forissier	struct rpmb_file_handle *fh_old = NULL;
a8a78b85SJerome Forissier	struct rpmb_file_handle *fh_new = NULL;
b0104773SPascal Brand
b2215adfSJens Wiklander	if (!old) {
b0104773SPascal Brand		res = TEE_ERROR_BAD_PARAMETERS;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
b2215adfSJens Wiklander	if (new)
b2215adfSJens Wiklander		fh_old = alloc_file_handle(old, old->temporary);
b2215adfSJens Wiklander	else
b2215adfSJens Wiklander		fh_old = alloc_file_handle(old, true);
a8a78b85SJerome Forissier	if (!fh_old) {
b0104773SPascal Brand		res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
b2215adfSJens Wiklander	if (new)
b2215adfSJens Wiklander		fh_new = alloc_file_handle(new, new->temporary);
b2215adfSJens Wiklander	else
b2215adfSJens Wiklander		fh_new = alloc_file_handle(old, false);
a8a78b85SJerome Forissier	if (!fh_new) {
b0104773SPascal Brand		res = TEE_ERROR_OUT_OF_MEMORY;
b0104773SPascal Brand		goto out;
b0104773SPascal Brand	}
b0104773SPascal Brand
b0104773SPascal Brand	res = read_fat(fh_old, NULL);
b0104773SPascal Brand	if (res != TEE_SUCCESS)
b0104773SPascal Brand		goto out;
b0104773SPascal Brand
b0104773SPascal Brand	res = read_fat(fh_new, NULL);
b0104773SPascal Brand	if (res == TEE_SUCCESS) {
822203a8SJens Wiklander		if (!overwrite) {
ae54853cSEtienne Carriere			res = TEE_ERROR_ACCESS_CONFLICT;
b0104773SPascal Brand			goto out;
b0104773SPascal Brand		}
b0104773SPascal Brand
822203a8SJens Wiklander		/* Clear this file entry. */
822203a8SJens Wiklander		memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry));
e92de4caSJerome Forissier		res = write_fat_entry(fh_new);
822203a8SJens Wiklander		if (res != TEE_SUCCESS)
822203a8SJens Wiklander			goto out;
822203a8SJens Wiklander	}
822203a8SJens Wiklander
a8a78b85SJerome Forissier	memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH);
b2215adfSJens Wiklander	memcpy(fh_old->fat_entry.filename, fh_new->filename,
b2215adfSJens Wiklander	       strlen(fh_new->filename));
b0104773SPascal Brand
e92de4caSJerome Forissier	res = write_fat_entry(fh_old);
b0104773SPascal Brand
b0104773SPascal Brandout:
b0104773SPascal Brand	free(fh_old);
b0104773SPascal Brand	free(fh_new);
b0104773SPascal Brand
b86c18ecSJens Wiklander	return res;
b0104773SPascal Brand}
b0104773SPascal Brand
73ea1cdeSJens Wiklanderstatic  TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new,
73ea1cdeSJens Wiklander				  bool overwrite)
73ea1cdeSJens Wiklander{
73ea1cdeSJens Wiklander	TEE_Result res;
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	mutex_lock(&rpmb_mutex);
73ea1cdeSJens Wiklander	res = rpmb_fs_rename_internal(old, new, overwrite);
73ea1cdeSJens Wiklander	mutex_unlock(&rpmb_mutex);
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	return res;
73ea1cdeSJens Wiklander}
73ea1cdeSJens Wiklander
b86c18ecSJens Wiklanderstatic TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length)
a8a78b85SJerome Forissier{
b86c18ecSJens Wiklander	struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh;
a8a78b85SJerome Forissier	tee_mm_pool_t p;
a8a78b85SJerome Forissier	bool pool_result = false;
a8a78b85SJerome Forissier	tee_mm_entry_t *mm;
a8a78b85SJerome Forissier	uint32_t newsize;
a8a78b85SJerome Forissier	uint8_t *newbuf = NULL;
a8a78b85SJerome Forissier	uintptr_t newaddr;
a8a78b85SJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
d9f0ee43Sjames.jiang	paddr_size_t pool_sz = 0;
a8a78b85SJerome Forissier
a7e22cf5SLijianhui (Airbak)	mutex_lock(&rpmb_mutex);
a7e22cf5SLijianhui (Airbak)
b86c18ecSJens Wiklander	if (length > INT32_MAX) {
a8a78b85SJerome Forissier		res = TEE_ERROR_BAD_PARAMETERS;
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier	newsize = length;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	res = read_fat(fh, NULL);
a8a78b85SJerome Forissier	if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	if (newsize > fh->fat_entry.data_size) {
a8a78b85SJerome Forissier		/* Extend file */
a8a78b85SJerome Forissier
d9f0ee43Sjames.jiang		pool_sz = fs_par->max_rpmb_address - RPMB_STORAGE_START_ADDRESS;
a8a78b85SJerome Forissier		pool_result = tee_mm_init(&p,
a8a78b85SJerome Forissier					  RPMB_STORAGE_START_ADDRESS,
d9f0ee43Sjames.jiang					  pool_sz,
a8a78b85SJerome Forissier					  RPMB_BLOCK_SIZE_SHIFT,
a8a78b85SJerome Forissier					  TEE_MM_POOL_HI_ALLOC);
a8a78b85SJerome Forissier		if (!pool_result) {
a8a78b85SJerome Forissier			res = TEE_ERROR_OUT_OF_MEMORY;
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier		}
a8a78b85SJerome Forissier		res = read_fat(fh, &p);
a8a78b85SJerome Forissier		if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier		mm = tee_mm_alloc(&p, newsize);
05c5cd2eSVolodymyr Babchuk		newbuf = calloc(1, newsize);
a8a78b85SJerome Forissier		if (!mm || !newbuf) {
a8a78b85SJerome Forissier			res = TEE_ERROR_OUT_OF_MEMORY;
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier		}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier		if (fh->fat_entry.data_size) {
3be2f85aSJens Wiklander			res = tee_rpmb_read(fh->fat_entry.start_address,
9e84c17eSJerome Forissier					    newbuf, fh->fat_entry.data_size,
b399f70bSJens Wiklander					    fh->fat_entry.fek, fh->uuid);
a8a78b85SJerome Forissier			if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier				goto out;
a8a78b85SJerome Forissier		}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier		newaddr = tee_mm_get_smem(mm);
3be2f85aSJens Wiklander		res = tee_rpmb_write(newaddr, newbuf,
b399f70bSJens Wiklander				     newsize, fh->fat_entry.fek, fh->uuid);
a8a78b85SJerome Forissier		if (res != TEE_SUCCESS)
a8a78b85SJerome Forissier			goto out;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	} else {
a8a78b85SJerome Forissier		/* Don't change file location */
a8a78b85SJerome Forissier		newaddr = fh->fat_entry.start_address;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	/* fh->pos is unchanged */
a8a78b85SJerome Forissier	fh->fat_entry.data_size = newsize;
a8a78b85SJerome Forissier	fh->fat_entry.start_address = newaddr;
e92de4caSJerome Forissier	res = write_fat_entry(fh);
a8a78b85SJerome Forissier
a8a78b85SJerome Forissierout:
a7e22cf5SLijianhui (Airbak)	mutex_unlock(&rpmb_mutex);
a8a78b85SJerome Forissier	if (pool_result)
a8a78b85SJerome Forissier		tee_mm_final(&p);
a8a78b85SJerome Forissier	if (newbuf)
a8a78b85SJerome Forissier		free(newbuf);
a8a78b85SJerome Forissier
b86c18ecSJens Wiklander	return res;
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
0c96a71dSJerome Forissierstatic void rpmb_fs_dir_free(struct tee_fs_dir *dir)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	struct tee_rpmb_fs_dirent *e;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	if (!dir)
a8a78b85SJerome Forissier		return;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	free(dir->current);
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	while ((e = SIMPLEQ_FIRST(&dir->next))) {
a8a78b85SJerome Forissier		SIMPLEQ_REMOVE_HEAD(&dir->next, link);
a8a78b85SJerome Forissier		free(e);
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
0c96a71dSJerome Forissierstatic TEE_Result rpmb_fs_dir_populate(const char *path,
0c96a71dSJerome Forissier				       struct tee_fs_dir *dir)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	struct tee_rpmb_fs_dirent *current = NULL;
5f68d784SManuel Huber	struct rpmb_fat_entry *fe = NULL;
a8a78b85SJerome Forissier	uint32_t fat_address;
a8a78b85SJerome Forissier	uint32_t filelen;
a8a78b85SJerome Forissier	char *filename;
a8a78b85SJerome Forissier	bool matched;
a8a78b85SJerome Forissier	struct tee_rpmb_fs_dirent *next = NULL;
a8a78b85SJerome Forissier	uint32_t pathlen;
a8a78b85SJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
a8a78b85SJerome Forissier	char temp;
a8a78b85SJerome Forissier
a7e22cf5SLijianhui (Airbak)	mutex_lock(&rpmb_mutex);
a7e22cf5SLijianhui (Airbak)
5f68d784SManuel Huber	res = fat_entry_dir_init();
5f68d784SManuel Huber	if (res)
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	pathlen = strlen(path);
a8a78b85SJerome Forissier
5f68d784SManuel Huber	while (true) {
5f68d784SManuel Huber		res = fat_entry_dir_get_next(&fe, &fat_address);
5f68d784SManuel Huber		if (res || !fe)
5f68d784SManuel Huber			break;
5f68d784SManuel Huber
5f68d784SManuel Huber		filename = fe->filename;
5f68d784SManuel Huber		if (fe->flags & FILE_IS_ACTIVE) {
a8a78b85SJerome Forissier			matched = false;
a8a78b85SJerome Forissier			filelen = strlen(filename);
a8a78b85SJerome Forissier			if (filelen > pathlen) {
a8a78b85SJerome Forissier				temp = filename[pathlen];
a8a78b85SJerome Forissier				filename[pathlen] = '\0';
a8a78b85SJerome Forissier				if (strcmp(filename, path) == 0)
a8a78b85SJerome Forissier					matched = true;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier				filename[pathlen] = temp;
a8a78b85SJerome Forissier			}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier			if (matched) {
a8a78b85SJerome Forissier				next = malloc(sizeof(*next));
a8a78b85SJerome Forissier				if (!next) {
a8a78b85SJerome Forissier					res = TEE_ERROR_OUT_OF_MEMORY;
a8a78b85SJerome Forissier					goto out;
a8a78b85SJerome Forissier				}
a8a78b85SJerome Forissier
5f68d784SManuel Huber				next->entry.oidlen = tee_hs2b((uint8_t *)
5f68d784SManuel Huber						&filename[pathlen],
b2215adfSJens Wiklander						next->entry.oid,
b2215adfSJens Wiklander						filelen - pathlen,
b2215adfSJens Wiklander						sizeof(next->entry.oid));
b2215adfSJens Wiklander				if (next->entry.oidlen) {
b2215adfSJens Wiklander					SIMPLEQ_INSERT_TAIL(&dir->next,
b2215adfSJens Wiklander							    next, link);
a8a78b85SJerome Forissier					current = next;
b2215adfSJens Wiklander				} else {
b2215adfSJens Wiklander					free(next);
b2215adfSJens Wiklander					next = NULL;
b2215adfSJens Wiklander				}
5f68d784SManuel Huber			}
a8a78b85SJerome Forissier		}
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
5f68d784SManuel Huber	if (res)
5f68d784SManuel Huber		goto out;
a8a78b85SJerome Forissier
b86c18ecSJens Wiklander	if (current)
a8a78b85SJerome Forissier		res = TEE_SUCCESS;
b86c18ecSJens Wiklander	else
b86c18ecSJens Wiklander		res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */
a8a78b85SJerome Forissier
a8a78b85SJerome Forissierout:
5f68d784SManuel Huber	fat_entry_dir_deinit();
b565152eSEtienne Carriere	mutex_unlock(&rpmb_mutex);
5f68d784SManuel Huber	if (res)
0c96a71dSJerome Forissier		rpmb_fs_dir_free(dir);
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	return res;
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
b2215adfSJens Wiklanderstatic TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	uint32_t len;
a8a78b85SJerome Forissier	char path_local[TEE_RPMB_FS_FILENAME_LENGTH];
a8a78b85SJerome Forissier	TEE_Result res = TEE_ERROR_GENERIC;
0c96a71dSJerome Forissier	struct tee_fs_dir *rpmb_dir = NULL;
a8a78b85SJerome Forissier
b2215adfSJens Wiklander	if (!uuid || !dir) {
a8a78b85SJerome Forissier		res = TEE_ERROR_BAD_PARAMETERS;
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	memset(path_local, 0, sizeof(path_local));
34ab2802SJerome Forissier	if (create_dirname(path_local, sizeof(path_local) - 1, uuid)) {
b2215adfSJens Wiklander		res = TEE_ERROR_BAD_PARAMETERS;
b2215adfSJens Wiklander		goto out;
b2215adfSJens Wiklander	}
b2215adfSJens Wiklander	len = strlen(path_local);
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	/* Add a slash to correctly match the full directory name. */
a8a78b85SJerome Forissier	if (path_local[len - 1] != '/')
a8a78b85SJerome Forissier		path_local[len] = '/';
a8a78b85SJerome Forissier
0c96a71dSJerome Forissier	rpmb_dir = calloc(1, sizeof(*rpmb_dir));
a8a78b85SJerome Forissier	if (!rpmb_dir) {
a8a78b85SJerome Forissier		res = TEE_ERROR_OUT_OF_MEMORY;
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier	SIMPLEQ_INIT(&rpmb_dir->next);
a8a78b85SJerome Forissier
0c96a71dSJerome Forissier	res = rpmb_fs_dir_populate(path_local, rpmb_dir);
a8a78b85SJerome Forissier	if (res != TEE_SUCCESS) {
a8a78b85SJerome Forissier		free(rpmb_dir);
a8a78b85SJerome Forissier		rpmb_dir = NULL;
a8a78b85SJerome Forissier		goto out;
a8a78b85SJerome Forissier	}
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	*dir = rpmb_dir;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissierout:
a8a78b85SJerome Forissier	return res;
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
b86c18ecSJens Wiklanderstatic TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir,
b86c18ecSJens Wiklander				  struct tee_fs_dirent **ent)
a8a78b85SJerome Forissier{
a8a78b85SJerome Forissier	if (!dir)
b86c18ecSJens Wiklander		return TEE_ERROR_GENERIC;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	free(dir->current);
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	dir->current = SIMPLEQ_FIRST(&dir->next);
a8a78b85SJerome Forissier	if (!dir->current)
b86c18ecSJens Wiklander		return TEE_ERROR_ITEM_NOT_FOUND;
a8a78b85SJerome Forissier
a8a78b85SJerome Forissier	SIMPLEQ_REMOVE_HEAD(&dir->next, link);
a8a78b85SJerome Forissier
b86c18ecSJens Wiklander	*ent = &dir->current->entry;
b86c18ecSJens Wiklander	return TEE_SUCCESS;
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
b86c18ecSJens Wiklanderstatic void rpmb_fs_closedir(struct tee_fs_dir *dir)
a8a78b85SJerome Forissier{
b86c18ecSJens Wiklander	if (dir) {
0c96a71dSJerome Forissier		rpmb_fs_dir_free(dir);
a8a78b85SJerome Forissier		free(dir);
b86c18ecSJens Wiklander	}
a8a78b85SJerome Forissier}
a8a78b85SJerome Forissier
d5fe340fSJens Wiklanderstatic TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size,
078f18f8SJens Wiklander			       struct tee_file_handle **ret_fh)
c3e8a2d9SJerome Forissier{
73ea1cdeSJens Wiklander	TEE_Result res;
078f18f8SJens Wiklander	struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	if (!fh)
078f18f8SJens Wiklander		return TEE_ERROR_OUT_OF_MEMORY;
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	mutex_lock(&rpmb_mutex);
d5fe340fSJens Wiklander
078f18f8SJens Wiklander	res = rpmb_fs_open_internal(fh, &po->uuid, false);
078f18f8SJens Wiklander	if (!res && size)
078f18f8SJens Wiklander		*size = fh->fat_entry.data_size;
078f18f8SJens Wiklander
73ea1cdeSJens Wiklander	mutex_unlock(&rpmb_mutex);
73ea1cdeSJens Wiklander
078f18f8SJens Wiklander	if (res)
078f18f8SJens Wiklander		free(fh);
078f18f8SJens Wiklander	else
078f18f8SJens Wiklander		*ret_fh = (struct tee_file_handle *)fh;
078f18f8SJens Wiklander
73ea1cdeSJens Wiklander	return res;
c3e8a2d9SJerome Forissier}
c3e8a2d9SJerome Forissier
73ea1cdeSJens Wiklanderstatic TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite,
73ea1cdeSJens Wiklander				 const void *head, size_t head_size,
73ea1cdeSJens Wiklander				 const void *attr, size_t attr_size,
b2284b11SJens Wiklander				 const void *data_core, const void *data_user,
b2284b11SJens Wiklander				 size_t data_size,
078f18f8SJens Wiklander				 struct tee_file_handle **ret_fh)
b86c18ecSJens Wiklander{
73ea1cdeSJens Wiklander	TEE_Result res;
73ea1cdeSJens Wiklander	size_t pos = 0;
078f18f8SJens Wiklander	struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary);
73ea1cdeSJens Wiklander
b2284b11SJens Wiklander	/* One of data_core and data_user must be NULL */
b2284b11SJens Wiklander	assert(!data_core || !data_user);
b2284b11SJens Wiklander
078f18f8SJens Wiklander	if (!fh)
078f18f8SJens Wiklander		return TEE_ERROR_OUT_OF_MEMORY;
078f18f8SJens Wiklander
73ea1cdeSJens Wiklander	mutex_lock(&rpmb_mutex);
078f18f8SJens Wiklander	res = rpmb_fs_open_internal(fh, &po->uuid, true);
73ea1cdeSJens Wiklander	if (res)
73ea1cdeSJens Wiklander		goto out;
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	if (head && head_size) {
078f18f8SJens Wiklander		res = rpmb_fs_write_primitive(fh, pos, head, head_size);
73ea1cdeSJens Wiklander		if (res)
73ea1cdeSJens Wiklander			goto out;
73ea1cdeSJens Wiklander		pos += head_size;
73ea1cdeSJens Wiklander	}
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	if (attr && attr_size) {
078f18f8SJens Wiklander		res = rpmb_fs_write_primitive(fh, pos, attr, attr_size);
73ea1cdeSJens Wiklander		if (res)
73ea1cdeSJens Wiklander			goto out;
73ea1cdeSJens Wiklander		pos += attr_size;
73ea1cdeSJens Wiklander	}
73ea1cdeSJens Wiklander
b2284b11SJens Wiklander	if (data_size) {
b2284b11SJens Wiklander		if (data_core) {
b2284b11SJens Wiklander			res = rpmb_fs_write_primitive(fh, pos, data_core,
b2284b11SJens Wiklander						      data_size);
73ea1cdeSJens Wiklander			if (res)
73ea1cdeSJens Wiklander				goto out;
b2284b11SJens Wiklander		} else if (data_user) {
b2284b11SJens Wiklander			uint32_t f = TEE_MEMORY_ACCESS_READ |
b2284b11SJens Wiklander				     TEE_MEMORY_ACCESS_ANY_OWNER;
b2284b11SJens Wiklander
b2284b11SJens Wiklander			res = check_user_access(f, data_user, data_size);
b2284b11SJens Wiklander			if (res)
b2284b11SJens Wiklander				goto out;
b2284b11SJens Wiklander			enter_user_access();
b2284b11SJens Wiklander			res = rpmb_fs_write_primitive(fh, pos, data_user,
b2284b11SJens Wiklander						      data_size);
b2284b11SJens Wiklander			exit_user_access();
b2284b11SJens Wiklander			if (res)
b2284b11SJens Wiklander				goto out;
b2284b11SJens Wiklander		}
73ea1cdeSJens Wiklander	}
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	if (po->temporary) {
73ea1cdeSJens Wiklander		/*
73ea1cdeSJens Wiklander		 * If it's a temporary filename (which it normally is)
73ea1cdeSJens Wiklander		 * rename into the final filename now that the file is
73ea1cdeSJens Wiklander		 * fully initialized.
73ea1cdeSJens Wiklander		 */
73ea1cdeSJens Wiklander		po->temporary = false;
73ea1cdeSJens Wiklander		res = rpmb_fs_rename_internal(po, NULL, overwrite);
73ea1cdeSJens Wiklander		if (res) {
73ea1cdeSJens Wiklander			po->temporary = true;
73ea1cdeSJens Wiklander			goto out;
73ea1cdeSJens Wiklander		}
73ea1cdeSJens Wiklander		/* Update file handle after rename. */
34ab2802SJerome Forissier		create_filename(fh->filename, sizeof(fh->filename), po, false);
73ea1cdeSJens Wiklander	}
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklanderout:
078f18f8SJens Wiklander	if (res) {
078f18f8SJens Wiklander		rpmb_fs_remove_internal(fh);
078f18f8SJens Wiklander		free(fh);
078f18f8SJens Wiklander	} else {
078f18f8SJens Wiklander		*ret_fh = (struct tee_file_handle *)fh;
73ea1cdeSJens Wiklander	}
73ea1cdeSJens Wiklander	mutex_unlock(&rpmb_mutex);
73ea1cdeSJens Wiklander
73ea1cdeSJens Wiklander	return res;
0c96a71dSJerome Forissier}
c3e8a2d9SJerome Forissier
b44708c1SJerome Forissierconst struct tee_file_operations rpmb_fs_ops = {
b0311ad8SJens Wiklander	.open = rpmb_fs_open,
b0311ad8SJens Wiklander	.create = rpmb_fs_create,
b0311ad8SJens Wiklander	.close = rpmb_fs_close,
b0311ad8SJens Wiklander	.read = rpmb_fs_read,
b0311ad8SJens Wiklander	.write = rpmb_fs_write,
b0311ad8SJens Wiklander	.truncate = rpmb_fs_truncate,
b0311ad8SJens Wiklander	.rename = rpmb_fs_rename,
b0311ad8SJens Wiklander	.remove = rpmb_fs_remove,
b0311ad8SJens Wiklander	.opendir = rpmb_fs_opendir,
b0311ad8SJens Wiklander	.closedir = rpmb_fs_closedir,
b0311ad8SJens Wiklander	.readdir = rpmb_fs_readdir,
c3e8a2d9SJerome Forissier};
078f18f8SJens Wiklander
078f18f8SJens WiklanderTEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create,
078f18f8SJens Wiklander				struct tee_file_handle **ret_fh)
078f18f8SJens Wiklander{
078f18f8SJens Wiklander	TEE_Result res;
078f18f8SJens Wiklander	struct rpmb_file_handle *fh = calloc(1, sizeof(*fh));
b399f70bSJens Wiklander	static const TEE_UUID uuid = { 0 };
078f18f8SJens Wiklander
078f18f8SJens Wiklander	if (!fh)
078f18f8SJens Wiklander		return TEE_ERROR_OUT_OF_MEMORY;
078f18f8SJens Wiklander
078f18f8SJens Wiklander	snprintf(fh->filename, sizeof(fh->filename), "/%s", fname);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	mutex_lock(&rpmb_mutex);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	res = rpmb_fs_open_internal(fh, &uuid, create);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	mutex_unlock(&rpmb_mutex);
078f18f8SJens Wiklander
078f18f8SJens Wiklander	if (res) {
078f18f8SJens Wiklander		if (create)
078f18f8SJens Wiklander			rpmb_fs_remove_internal(fh);
078f18f8SJens Wiklander		free(fh);
078f18f8SJens Wiklander	} else {
078f18f8SJens Wiklander		*ret_fh = (struct tee_file_handle *)fh;
078f18f8SJens Wiklander	}
078f18f8SJens Wiklander
078f18f8SJens Wiklander	return res;
078f18f8SJens Wiklander}
b1042535SRouven Czerwinski
b1042535SRouven Czerwinskibool __weak plat_rpmb_key_is_ready(void)
b1042535SRouven Czerwinski{
b1042535SRouven Czerwinski	return true;
b1042535SRouven Czerwinski}
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere#ifdef CFG_WITH_STATS
*dc2cf47aSEtienne CarriereTEE_Result rpmb_mem_stats(struct pta_stats_alloc *stats, bool reset)
*dc2cf47aSEtienne Carriere{
*dc2cf47aSEtienne Carriere	TEE_Result res = TEE_ERROR_GENERIC;
*dc2cf47aSEtienne Carriere	struct rpmb_fat_entry *fe = NULL;
*dc2cf47aSEtienne Carriere	tee_mm_entry_t *mm = NULL;
*dc2cf47aSEtienne Carriere	tee_mm_pool_t pool = { };
*dc2cf47aSEtienne Carriere	bool pool_result = false;
*dc2cf47aSEtienne Carriere	paddr_size_t pool_sz = 0;
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	mutex_lock(&rpmb_mutex);
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	res = rpmb_fs_setup();
*dc2cf47aSEtienne Carriere	if (res)
*dc2cf47aSEtienne Carriere		goto out;
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	pool_sz = fs_par->max_rpmb_address - RPMB_STORAGE_START_ADDRESS;
*dc2cf47aSEtienne Carriere	pool_result = tee_mm_init(&pool, RPMB_STORAGE_START_ADDRESS,
*dc2cf47aSEtienne Carriere				  pool_sz, RPMB_BLOCK_SIZE_SHIFT,
*dc2cf47aSEtienne Carriere				  TEE_MM_POOL_HI_ALLOC);
*dc2cf47aSEtienne Carriere	if (!pool_result) {
*dc2cf47aSEtienne Carriere		res = TEE_ERROR_OUT_OF_MEMORY;
*dc2cf47aSEtienne Carriere		goto out;
*dc2cf47aSEtienne Carriere	}
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	res = fat_entry_dir_init();
*dc2cf47aSEtienne Carriere	if (res)
*dc2cf47aSEtienne Carriere		goto out;
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	/*
*dc2cf47aSEtienne Carriere	 * The pool is used to represent the current RPMB layout. To find
*dc2cf47aSEtienne Carriere	 * a slot for the file tee_mm_alloc is called on the pool. Thus
*dc2cf47aSEtienne Carriere	 * if it is not NULL the entire FAT must be traversed to fill in
*dc2cf47aSEtienne Carriere	 * the pool.
*dc2cf47aSEtienne Carriere	 */
*dc2cf47aSEtienne Carriere	while (true) {
*dc2cf47aSEtienne Carriere		res = fat_entry_dir_get_next(&fe, NULL);
*dc2cf47aSEtienne Carriere		if (res || !fe)
*dc2cf47aSEtienne Carriere			break;
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere		if (!(fe->flags & FILE_IS_ACTIVE) || !fe->data_size)
*dc2cf47aSEtienne Carriere			continue;
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere		mm = tee_mm_alloc2(&pool, fe->start_address, fe->data_size);
*dc2cf47aSEtienne Carriere		if (!mm) {
*dc2cf47aSEtienne Carriere			res = TEE_ERROR_GENERIC;
*dc2cf47aSEtienne Carriere			break;
*dc2cf47aSEtienne Carriere		}
*dc2cf47aSEtienne Carriere	}
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	fat_entry_dir_deinit();
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriereout:
*dc2cf47aSEtienne Carriere	mutex_unlock(&rpmb_mutex);
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	if (!res)
*dc2cf47aSEtienne Carriere		tee_mm_get_pool_stats(&pool, stats, reset);
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	tee_mm_final(&pool);
*dc2cf47aSEtienne Carriere
*dc2cf47aSEtienne Carriere	return res;
*dc2cf47aSEtienne Carriere}
*dc2cf47aSEtienne Carriere#endif /*CFG_WITH_STATS*/