1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 #include <assert.h> 7 #include <crypto/crypto.h> 8 #include <kernel/huk_subkey.h> 9 #include <kernel/misc.h> 10 #include <kernel/msg_param.h> 11 #include <kernel/mutex.h> 12 #include <kernel/panic.h> 13 #include <kernel/tee_common.h> 14 #include <kernel/tee_common_otp.h> 15 #include <kernel/tee_misc.h> 16 #include <kernel/thread.h> 17 #include <mm/core_memprot.h> 18 #include <mm/mobj.h> 19 #include <mm/tee_mm.h> 20 #include <optee_rpc_cmd.h> 21 #include <stdlib.h> 22 #include <string_ext.h> 23 #include <string.h> 24 #include <sys/queue.h> 25 #include <tee/tee_fs.h> 26 #include <tee/tee_fs_key_manager.h> 27 #include <tee/tee_pobj.h> 28 #include <tee/tee_svc_storage.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #define RPMB_STORAGE_START_ADDRESS 0 33 #define RPMB_FS_FAT_START_ADDRESS 512 34 #define RPMB_BLOCK_SIZE_SHIFT 8 35 #define RPMB_CID_PRV_OFFSET 9 36 #define RPMB_CID_CRC_OFFSET 15 37 38 #define RPMB_FS_MAGIC 0x52504D42 39 #define FS_VERSION 2 40 41 #define FILE_IS_ACTIVE (1u << 0) 42 #define FILE_IS_LAST_ENTRY (1u << 1) 43 44 #define TEE_RPMB_FS_FILENAME_LENGTH 224 45 46 /** 47 * Utilized when caching is enabled, i.e., when CFG_RPMB_FS_CACHE_ENTRIES > 0. 48 * Cache size + the number of entries that are repeatedly read in and buffered 49 * once the cache is full. 50 */ 51 #define RPMB_BUF_MAX_ENTRIES (CFG_RPMB_FS_CACHE_ENTRIES + \ 52 CFG_RPMB_FS_RD_ENTRIES) 53 54 /** 55 * FS parameters: Information often used by internal functions. 56 * fat_start_address will be set by rpmb_fs_setup(). 57 * rpmb_fs_parameters can be read by any other function. 58 */ 59 struct rpmb_fs_parameters { 60 uint32_t fat_start_address; 61 uint32_t max_rpmb_address; 62 }; 63 64 /** 65 * File entry for a single file in a RPMB_FS partition. 66 */ 67 struct rpmb_fat_entry { 68 uint32_t start_address; 69 uint32_t data_size; 70 uint32_t flags; 71 uint32_t write_counter; 72 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 73 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 74 }; 75 76 /** 77 * Structure that describes buffered/cached FAT FS entries in RPMB storage. 78 * This structure is used in functions traversing the FAT FS. 79 */ 80 struct rpmb_fat_entry_dir { 81 /* 82 * Buffer storing the FAT FS entries read in from RPMB storage. It 83 * includes the optional cache entries (CFG_RPMB_FS_CACHE_ENTRIES) 84 * and entries temporary read for current FAT FS traversal 85 * (CFG_RPMB_FS_RD_ENTRIES) when not found from cached entries. 86 */ 87 struct rpmb_fat_entry *rpmb_fat_entry_buf; 88 /* Current index of FAT FS entry to read from buffer. */ 89 uint32_t idx_curr; 90 /* Total number of FAT FS entries in buffer. */ 91 uint32_t num_buffered; 92 /* Total number of FAT FS entries read during traversal. */ 93 uint32_t num_total_read; 94 /* Indicates that last FAT FS entry was read. */ 95 bool last_reached; 96 }; 97 98 /** 99 * FAT entry context with reference to a FAT entry and its 100 * location in RPMB. 101 */ 102 struct rpmb_file_handle { 103 struct rpmb_fat_entry fat_entry; 104 const TEE_UUID *uuid; 105 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 106 /* Address for current entry in RPMB */ 107 uint32_t rpmb_fat_address; 108 }; 109 110 /** 111 * RPMB_FS partition data 112 */ 113 struct rpmb_fs_partition { 114 uint32_t rpmb_fs_magic; 115 uint32_t fs_version; 116 uint32_t write_counter; 117 uint32_t fat_start_address; 118 /* Do not use reserved[] for other purpose than partition data. */ 119 uint8_t reserved[112]; 120 }; 121 122 /** 123 * A node in a list of directory entries. 124 */ 125 struct tee_rpmb_fs_dirent { 126 struct tee_fs_dirent entry; 127 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 128 }; 129 130 /** 131 * The RPMB directory representation. It contains a queue of 132 * RPMB directory entries: 'next'. 133 * The current pointer points to the last directory entry 134 * returned by readdir(). 135 */ 136 struct tee_fs_dir { 137 struct tee_rpmb_fs_dirent *current; 138 /* */ 139 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 140 }; 141 142 static struct rpmb_fs_parameters *fs_par; 143 static struct rpmb_fat_entry_dir *fat_entry_dir; 144 145 /* 146 * Lower interface to RPMB device 147 */ 148 149 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 150 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 151 152 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 153 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 154 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 155 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 156 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 157 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 158 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 159 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 160 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 161 162 #define RPMB_STUFF_DATA_SIZE 196 163 #define RPMB_KEY_MAC_SIZE 32 164 #define RPMB_DATA_SIZE 256 165 #define RPMB_NONCE_SIZE 16 166 #define RPMB_DATA_FRAME_SIZE 512 167 168 #define RPMB_RESULT_OK 0x00 169 #define RPMB_RESULT_GENERAL_FAILURE 0x01 170 #define RPMB_RESULT_AUTH_FAILURE 0x02 171 #define RPMB_RESULT_COUNTER_FAILURE 0x03 172 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 173 #define RPMB_RESULT_WRITE_FAILURE 0x05 174 #define RPMB_RESULT_READ_FAILURE 0x06 175 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 176 #define RPMB_RESULT_MASK 0x3F 177 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 178 179 /* RPMB internal commands */ 180 #define RPMB_CMD_DATA_REQ 0x00 181 #define RPMB_CMD_GET_DEV_INFO 0x01 182 183 #define RPMB_SIZE_SINGLE (128 * 1024) 184 185 /* Error codes for get_dev_info request/response. */ 186 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 187 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 188 189 struct rpmb_data_frame { 190 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 191 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 192 uint8_t data[RPMB_DATA_SIZE]; 193 uint8_t nonce[RPMB_NONCE_SIZE]; 194 uint8_t write_counter[4]; 195 uint8_t address[2]; 196 uint8_t block_count[2]; 197 uint8_t op_result[2]; 198 uint8_t msg_type[2]; 199 }; 200 201 struct rpmb_req { 202 uint16_t cmd; 203 uint16_t dev_id; 204 uint16_t block_count; 205 /* variable length of data */ 206 /* uint8_t data[]; REMOVED! */ 207 }; 208 209 #define TEE_RPMB_REQ_DATA(req) \ 210 ((void *)((struct rpmb_req *)(req) + 1)) 211 212 struct rpmb_raw_data { 213 uint16_t msg_type; 214 uint16_t *op_result; 215 uint16_t *block_count; 216 uint16_t *blk_idx; 217 uint32_t *write_counter; 218 uint8_t *nonce; 219 uint8_t *key_mac; 220 uint8_t *data; 221 /* data length to read or write */ 222 uint32_t len; 223 /* Byte address offset in the first block involved */ 224 uint8_t byte_offset; 225 }; 226 227 #define RPMB_EMMC_CID_SIZE 16 228 struct rpmb_dev_info { 229 uint8_t cid[RPMB_EMMC_CID_SIZE]; 230 /* EXT CSD-slice 168 "RPMB Size" */ 231 uint8_t rpmb_size_mult; 232 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 233 uint8_t rel_wr_sec_c; 234 /* Check the ret code and accept the data only if it is OK. */ 235 uint8_t ret_code; 236 }; 237 238 /* 239 * Struct for rpmb context data. 240 * 241 * @key RPMB key. 242 * @cid eMMC card ID. 243 * @wr_cnt Current write counter. 244 * @max_blk_idx The highest block index supported by current device. 245 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 246 * @dev_id Device ID of the eMMC device. 247 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 248 * @key_derived Flag indicating if key has been generated. 249 * @key_verified Flag indicating the key generated is verified ok. 250 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 251 */ 252 struct tee_rpmb_ctx { 253 uint8_t key[RPMB_KEY_MAC_SIZE]; 254 uint8_t cid[RPMB_EMMC_CID_SIZE]; 255 uint32_t wr_cnt; 256 uint16_t max_blk_idx; 257 uint16_t rel_wr_blkcnt; 258 uint16_t dev_id; 259 bool wr_cnt_synced; 260 bool key_derived; 261 bool key_verified; 262 bool dev_info_synced; 263 }; 264 265 static struct tee_rpmb_ctx *rpmb_ctx; 266 267 /* 268 * Mutex to serialize the operations exported by this file. 269 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 270 * different IDs. 271 */ 272 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 273 274 #ifdef CFG_RPMB_TESTKEY 275 276 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 277 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 278 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 279 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 280 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 281 }; 282 283 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 284 uint8_t *key, uint32_t len) 285 { 286 TEE_Result res = TEE_SUCCESS; 287 288 if (!key || RPMB_KEY_MAC_SIZE != len) { 289 res = TEE_ERROR_BAD_PARAMETERS; 290 goto out; 291 } 292 293 DMSG("RPMB: Using test key"); 294 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 295 296 out: 297 return res; 298 } 299 300 #else /* !CFG_RPMB_TESTKEY */ 301 302 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 303 uint8_t *key, uint32_t len) 304 { 305 uint8_t message[RPMB_EMMC_CID_SIZE]; 306 307 if (!key || RPMB_KEY_MAC_SIZE != len) 308 return TEE_ERROR_BAD_PARAMETERS; 309 310 IMSG("RPMB: Using generated key"); 311 312 /* 313 * PRV/CRC would be changed when doing eMMC FFU 314 * The following fields should be masked off when deriving RPMB key 315 * 316 * CID [55: 48]: PRV (Product revision) 317 * CID [07: 01]: CRC (CRC7 checksum) 318 * CID [00]: not used 319 */ 320 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 321 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 322 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 323 return huk_subkey_derive(HUK_SUBKEY_RPMB, message, sizeof(message), 324 key, len); 325 } 326 327 #endif /* !CFG_RPMB_TESTKEY */ 328 329 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 330 { 331 *bytes = (uint8_t) (u32 >> 24); 332 *(bytes + 1) = (uint8_t) (u32 >> 16); 333 *(bytes + 2) = (uint8_t) (u32 >> 8); 334 *(bytes + 3) = (uint8_t) u32; 335 } 336 337 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 338 { 339 *u32 = (uint32_t) ((*(bytes) << 24) + 340 (*(bytes + 1) << 16) + 341 (*(bytes + 2) << 8) + (*(bytes + 3))); 342 } 343 344 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 345 { 346 *bytes = (uint8_t) (u16 >> 8); 347 *(bytes + 1) = (uint8_t) u16; 348 } 349 350 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 351 { 352 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 353 } 354 355 static void get_op_result_bits(uint8_t *bytes, uint8_t *res) 356 { 357 *res = *(bytes + 1) & RPMB_RESULT_MASK; 358 } 359 360 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 361 uint8_t *key, uint32_t keysize, 362 struct rpmb_data_frame *datafrms, 363 uint16_t blkcnt) 364 { 365 TEE_Result res = TEE_ERROR_GENERIC; 366 int i; 367 void *ctx = NULL; 368 369 if (!mac || !key || !datafrms) 370 return TEE_ERROR_BAD_PARAMETERS; 371 372 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 373 if (res) 374 return res; 375 376 res = crypto_mac_init(ctx, key, keysize); 377 if (res != TEE_SUCCESS) 378 goto func_exit; 379 380 for (i = 0; i < blkcnt; i++) { 381 res = crypto_mac_update(ctx, datafrms[i].data, 382 RPMB_MAC_PROTECT_DATA_SIZE); 383 if (res != TEE_SUCCESS) 384 goto func_exit; 385 } 386 387 res = crypto_mac_final(ctx, mac, macsize); 388 if (res != TEE_SUCCESS) 389 goto func_exit; 390 391 res = TEE_SUCCESS; 392 393 func_exit: 394 crypto_mac_free_ctx(ctx); 395 return res; 396 } 397 398 struct tee_rpmb_mem { 399 struct mobj *phreq_mobj; 400 struct mobj *phresp_mobj; 401 size_t req_size; 402 size_t resp_size; 403 }; 404 405 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 406 { 407 if (!mem) 408 return; 409 410 if (mem->phreq_mobj) { 411 thread_rpc_free_payload(mem->phreq_mobj); 412 mem->phreq_mobj = NULL; 413 } 414 if (mem->phresp_mobj) { 415 thread_rpc_free_payload(mem->phresp_mobj); 416 mem->phresp_mobj = NULL; 417 } 418 } 419 420 421 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 422 struct tee_rpmb_mem *mem, void **req, void **resp) 423 { 424 TEE_Result res = TEE_SUCCESS; 425 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 426 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 427 428 if (!mem) 429 return TEE_ERROR_BAD_PARAMETERS; 430 431 memset(mem, 0, sizeof(*mem)); 432 433 mem->phreq_mobj = thread_rpc_alloc_payload(req_s); 434 mem->phresp_mobj = thread_rpc_alloc_payload(resp_s); 435 436 if (!mem->phreq_mobj || !mem->phresp_mobj) { 437 res = TEE_ERROR_OUT_OF_MEMORY; 438 goto out; 439 } 440 441 *req = mobj_get_va(mem->phreq_mobj, 0); 442 *resp = mobj_get_va(mem->phresp_mobj, 0); 443 if (!*req || !*resp) { 444 res = TEE_ERROR_GENERIC; 445 goto out; 446 } 447 448 mem->req_size = req_size; 449 mem->resp_size = resp_size; 450 451 out: 452 if (res != TEE_SUCCESS) 453 tee_rpmb_free(mem); 454 return res; 455 } 456 457 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 458 { 459 struct thread_param params[2] = { 460 [0] = THREAD_PARAM_MEMREF(IN, mem->phreq_mobj, 0, 461 mem->req_size), 462 [1] = THREAD_PARAM_MEMREF(OUT, mem->phresp_mobj, 0, 463 mem->resp_size), 464 }; 465 466 return thread_rpc_cmd(OPTEE_RPC_CMD_RPMB, 2, params); 467 } 468 469 static bool is_zero(const uint8_t *buf, size_t size) 470 { 471 size_t i; 472 473 for (i = 0; i < size; i++) 474 if (buf[i]) 475 return false; 476 return true; 477 } 478 479 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 480 uint16_t blk_idx, const uint8_t *fek, 481 const TEE_UUID *uuid) 482 { 483 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 484 blk_idx, fek, TEE_MODE_ENCRYPT); 485 } 486 487 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 488 uint16_t blk_idx, const uint8_t *fek, 489 const TEE_UUID *uuid) 490 { 491 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 492 blk_idx, fek, TEE_MODE_DECRYPT); 493 } 494 495 /* Decrypt/copy at most one block of data */ 496 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 497 size_t size, size_t offset, 498 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 499 const TEE_UUID *uuid) 500 { 501 uint8_t *tmp __maybe_unused; 502 503 504 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 505 panic("invalid size or offset"); 506 507 if (!fek) { 508 /* Block is not encrypted (not a file data block) */ 509 memcpy(out, frm->data + offset, size); 510 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 511 /* The file was created with encryption disabled */ 512 return TEE_ERROR_SECURITY; 513 } else { 514 /* Block is encrypted */ 515 if (size < RPMB_DATA_SIZE) { 516 /* 517 * Since output buffer is not large enough to hold one 518 * block we must allocate a temporary buffer. 519 */ 520 tmp = malloc(RPMB_DATA_SIZE); 521 if (!tmp) 522 return TEE_ERROR_OUT_OF_MEMORY; 523 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 524 memcpy(out, tmp + offset, size); 525 free(tmp); 526 } else { 527 decrypt_block(out, frm->data, blk_idx, fek, uuid); 528 } 529 } 530 531 return TEE_SUCCESS; 532 } 533 534 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 535 struct rpmb_raw_data *rawdata, 536 uint16_t nbr_frms, uint16_t dev_id, 537 const uint8_t *fek, const TEE_UUID *uuid) 538 { 539 TEE_Result res = TEE_ERROR_GENERIC; 540 int i; 541 struct rpmb_data_frame *datafrm; 542 543 if (!req || !rawdata || !nbr_frms) 544 return TEE_ERROR_BAD_PARAMETERS; 545 546 /* 547 * Check write blockcount is not bigger than reliable write 548 * blockcount. 549 */ 550 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 551 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 552 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 553 rpmb_ctx->rel_wr_blkcnt); 554 return TEE_ERROR_GENERIC; 555 } 556 557 req->cmd = RPMB_CMD_DATA_REQ; 558 req->dev_id = dev_id; 559 560 /* Allocate memory for construct all data packets and calculate MAC. */ 561 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 562 if (!datafrm) 563 return TEE_ERROR_OUT_OF_MEMORY; 564 565 for (i = 0; i < nbr_frms; i++) { 566 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 567 568 if (rawdata->block_count) 569 u16_to_bytes(*rawdata->block_count, 570 datafrm[i].block_count); 571 572 if (rawdata->blk_idx) { 573 /* Check the block index is within range. */ 574 if ((*rawdata->blk_idx + nbr_frms) > 575 rpmb_ctx->max_blk_idx) { 576 res = TEE_ERROR_GENERIC; 577 goto func_exit; 578 } 579 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 580 } 581 582 if (rawdata->write_counter) 583 u32_to_bytes(*rawdata->write_counter, 584 datafrm[i].write_counter); 585 586 if (rawdata->nonce) 587 memcpy(datafrm[i].nonce, rawdata->nonce, 588 RPMB_NONCE_SIZE); 589 590 if (rawdata->data) { 591 if (fek) 592 encrypt_block(datafrm[i].data, 593 rawdata->data + (i * RPMB_DATA_SIZE), 594 *rawdata->blk_idx + i, fek, uuid); 595 else 596 memcpy(datafrm[i].data, 597 rawdata->data + (i * RPMB_DATA_SIZE), 598 RPMB_DATA_SIZE); 599 } 600 } 601 602 if (rawdata->key_mac) { 603 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 604 res = 605 tee_rpmb_mac_calc(rawdata->key_mac, 606 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 607 RPMB_KEY_MAC_SIZE, datafrm, 608 nbr_frms); 609 if (res != TEE_SUCCESS) 610 goto func_exit; 611 } 612 memcpy(datafrm[nbr_frms - 1].key_mac, 613 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 614 } 615 616 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 617 nbr_frms * RPMB_DATA_FRAME_SIZE); 618 619 #ifdef CFG_RPMB_FS_DEBUG_DATA 620 for (i = 0; i < nbr_frms; i++) { 621 DMSG("Dumping data frame %d:", i); 622 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 623 512 - RPMB_STUFF_DATA_SIZE); 624 } 625 #endif 626 627 res = TEE_SUCCESS; 628 func_exit: 629 free(datafrm); 630 return res; 631 } 632 633 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 634 struct rpmb_data_frame *frm, 635 const uint8_t *fek, const TEE_UUID *uuid) 636 { 637 TEE_Result res; 638 uint8_t *data; 639 uint16_t idx; 640 641 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 642 return TEE_ERROR_BAD_PARAMETERS; 643 644 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 645 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 646 if (res != TEE_SUCCESS) 647 return res; 648 649 data = rawdata->data; 650 bytes_to_u16(frm->address, &idx); 651 652 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 653 uuid); 654 return res; 655 } 656 657 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 658 struct rpmb_raw_data *rawdata, 659 uint16_t nbr_frms, 660 struct rpmb_data_frame *lastfrm, 661 const uint8_t *fek, 662 const TEE_UUID *uuid) 663 { 664 TEE_Result res = TEE_ERROR_GENERIC; 665 int i; 666 void *ctx = NULL; 667 uint16_t offset; 668 uint32_t size; 669 uint8_t *data; 670 uint16_t start_idx; 671 struct rpmb_data_frame localfrm; 672 673 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 674 return TEE_ERROR_BAD_PARAMETERS; 675 676 if (nbr_frms == 1) 677 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 678 679 /* nbr_frms > 1 */ 680 681 data = rawdata->data; 682 683 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 684 if (res) 685 goto func_exit; 686 687 res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 688 if (res != TEE_SUCCESS) 689 goto func_exit; 690 691 /* 692 * Note: JEDEC JESD84-B51: "In every packet the address is the start 693 * address of the full access (not address of the individual half a 694 * sector)" 695 */ 696 bytes_to_u16(lastfrm->address, &start_idx); 697 698 for (i = 0; i < (nbr_frms - 1); i++) { 699 700 /* 701 * By working on a local copy of the RPMB frame, we ensure that 702 * the data can not be modified after the MAC is computed but 703 * before the payload is decrypted/copied to the output buffer. 704 */ 705 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 706 707 res = crypto_mac_update(ctx, localfrm.data, 708 RPMB_MAC_PROTECT_DATA_SIZE); 709 if (res != TEE_SUCCESS) 710 goto func_exit; 711 712 if (i == 0) { 713 /* First block */ 714 offset = rawdata->byte_offset; 715 size = RPMB_DATA_SIZE - offset; 716 } else { 717 /* Middle blocks */ 718 size = RPMB_DATA_SIZE; 719 offset = 0; 720 } 721 722 res = decrypt(data, &localfrm, size, offset, start_idx + i, 723 fek, uuid); 724 if (res != TEE_SUCCESS) 725 goto func_exit; 726 727 data += size; 728 } 729 730 /* Last block */ 731 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 732 if (size == 0) 733 size = RPMB_DATA_SIZE; 734 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 735 uuid); 736 if (res != TEE_SUCCESS) 737 goto func_exit; 738 739 /* Update MAC against the last block */ 740 res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE); 741 if (res != TEE_SUCCESS) 742 goto func_exit; 743 744 res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE); 745 if (res != TEE_SUCCESS) 746 goto func_exit; 747 748 res = TEE_SUCCESS; 749 750 func_exit: 751 crypto_mac_free_ctx(ctx); 752 return res; 753 } 754 755 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 756 struct rpmb_raw_data *rawdata, 757 uint16_t nbr_frms, 758 const uint8_t *fek, 759 const TEE_UUID *uuid) 760 { 761 TEE_Result res = TEE_ERROR_GENERIC; 762 uint16_t msg_type; 763 uint32_t wr_cnt; 764 uint16_t blk_idx; 765 uint8_t op_result; 766 struct rpmb_data_frame lastfrm; 767 768 if (!datafrm || !rawdata || !nbr_frms) 769 return TEE_ERROR_BAD_PARAMETERS; 770 771 #ifdef CFG_RPMB_FS_DEBUG_DATA 772 for (uint32_t i = 0; i < nbr_frms; i++) { 773 DMSG("Dumping data frame %d:", i); 774 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 775 512 - RPMB_STUFF_DATA_SIZE); 776 } 777 #endif 778 779 /* Make sure the last data packet can't be modified once verified */ 780 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 781 782 /* Handle operation result and translate to TEEC error code. */ 783 get_op_result_bits(lastfrm.op_result, &op_result); 784 if (op_result == RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED) 785 return TEE_ERROR_ITEM_NOT_FOUND; 786 if (op_result != RPMB_RESULT_OK) 787 return TEE_ERROR_GENERIC; 788 789 /* Check the response msg_type. */ 790 bytes_to_u16(lastfrm.msg_type, &msg_type); 791 if (msg_type != rawdata->msg_type) { 792 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 793 rawdata->msg_type); 794 return TEE_ERROR_GENERIC; 795 } 796 797 if (rawdata->blk_idx) { 798 bytes_to_u16(lastfrm.address, &blk_idx); 799 if (blk_idx != *rawdata->blk_idx) { 800 DMSG("Unexpected block index"); 801 return TEE_ERROR_GENERIC; 802 } 803 } 804 805 if (rawdata->write_counter) { 806 wr_cnt = *rawdata->write_counter; 807 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 808 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 809 /* Verify the write counter is incremented by 1 */ 810 if (*rawdata->write_counter != wr_cnt + 1) { 811 DMSG("Counter mismatched (0x%04x/0x%04x)", 812 *rawdata->write_counter, wr_cnt + 1); 813 return TEE_ERROR_SECURITY; 814 } 815 rpmb_ctx->wr_cnt++; 816 } 817 } 818 819 if (rawdata->nonce) { 820 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 821 RPMB_NONCE_SIZE) != 0) { 822 DMSG("Nonce mismatched"); 823 return TEE_ERROR_SECURITY; 824 } 825 } 826 827 if (rawdata->key_mac) { 828 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 829 if (!rawdata->data) 830 return TEE_ERROR_GENERIC; 831 832 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 833 nbr_frms, &lastfrm, 834 fek, uuid); 835 836 if (res != TEE_SUCCESS) 837 return res; 838 } else { 839 /* 840 * There should be only one data frame for 841 * other msg types. 842 */ 843 if (nbr_frms != 1) 844 return TEE_ERROR_GENERIC; 845 846 res = tee_rpmb_mac_calc(rawdata->key_mac, 847 RPMB_KEY_MAC_SIZE, 848 rpmb_ctx->key, 849 RPMB_KEY_MAC_SIZE, 850 &lastfrm, 1); 851 852 if (res != TEE_SUCCESS) 853 return res; 854 } 855 856 #ifndef CFG_RPMB_FS_NO_MAC 857 if (consttime_memcmp(rawdata->key_mac, 858 (datafrm + nbr_frms - 1)->key_mac, 859 RPMB_KEY_MAC_SIZE) != 0) { 860 DMSG("MAC mismatched:"); 861 #ifdef CFG_RPMB_FS_DEBUG_DATA 862 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 863 #endif 864 return TEE_ERROR_SECURITY; 865 } 866 #endif /* !CFG_RPMB_FS_NO_MAC */ 867 } 868 869 return TEE_SUCCESS; 870 } 871 872 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 873 struct rpmb_dev_info *dev_info) 874 { 875 TEE_Result res = TEE_ERROR_GENERIC; 876 struct tee_rpmb_mem mem; 877 struct rpmb_dev_info *di; 878 struct rpmb_req *req = NULL; 879 uint8_t *resp = NULL; 880 uint32_t req_size; 881 uint32_t resp_size; 882 883 if (!dev_info) 884 return TEE_ERROR_BAD_PARAMETERS; 885 886 req_size = sizeof(struct rpmb_req); 887 resp_size = sizeof(struct rpmb_dev_info); 888 res = tee_rpmb_alloc(req_size, resp_size, &mem, 889 (void *)&req, (void *)&resp); 890 if (res != TEE_SUCCESS) 891 goto func_exit; 892 893 req->cmd = RPMB_CMD_GET_DEV_INFO; 894 req->dev_id = dev_id; 895 896 di = (struct rpmb_dev_info *)resp; 897 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 898 899 res = tee_rpmb_invoke(&mem); 900 if (res != TEE_SUCCESS) 901 goto func_exit; 902 903 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 904 res = TEE_ERROR_GENERIC; 905 goto func_exit; 906 } 907 908 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 909 910 #ifdef CFG_RPMB_FS_DEBUG_DATA 911 DMSG("Dumping dev_info:"); 912 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 913 #endif 914 915 res = TEE_SUCCESS; 916 917 func_exit: 918 tee_rpmb_free(&mem); 919 return res; 920 } 921 922 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 923 uint32_t *wr_cnt, 924 uint16_t *op_result) 925 { 926 TEE_Result res = TEE_ERROR_GENERIC; 927 struct tee_rpmb_mem mem; 928 uint16_t msg_type; 929 uint8_t nonce[RPMB_NONCE_SIZE]; 930 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 931 struct rpmb_req *req = NULL; 932 struct rpmb_data_frame *resp = NULL; 933 struct rpmb_raw_data rawdata; 934 uint32_t req_size; 935 uint32_t resp_size; 936 937 if (!wr_cnt) 938 return TEE_ERROR_BAD_PARAMETERS; 939 940 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 941 resp_size = RPMB_DATA_FRAME_SIZE; 942 res = tee_rpmb_alloc(req_size, resp_size, &mem, 943 (void *)&req, (void *)&resp); 944 if (res != TEE_SUCCESS) 945 goto func_exit; 946 947 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 948 if (res != TEE_SUCCESS) 949 goto func_exit; 950 951 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 952 953 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 954 rawdata.msg_type = msg_type; 955 rawdata.nonce = nonce; 956 957 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 958 if (res != TEE_SUCCESS) 959 goto func_exit; 960 961 res = tee_rpmb_invoke(&mem); 962 if (res != TEE_SUCCESS) 963 goto func_exit; 964 965 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 966 967 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 968 rawdata.msg_type = msg_type; 969 rawdata.op_result = op_result; 970 rawdata.write_counter = wr_cnt; 971 rawdata.nonce = nonce; 972 rawdata.key_mac = hmac; 973 974 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 975 if (res != TEE_SUCCESS) 976 goto func_exit; 977 978 res = TEE_SUCCESS; 979 980 func_exit: 981 tee_rpmb_free(&mem); 982 return res; 983 } 984 985 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 986 { 987 uint16_t op_result = 0; 988 TEE_Result res = TEE_ERROR_GENERIC; 989 990 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 991 &op_result); 992 993 if (res == TEE_SUCCESS) { 994 rpmb_ctx->key_verified = true; 995 rpmb_ctx->wr_cnt_synced = true; 996 } else 997 EMSG("Verify key returning 0x%x", res); 998 return res; 999 } 1000 1001 #ifdef CFG_RPMB_WRITE_KEY 1002 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1003 { 1004 TEE_Result res = TEE_ERROR_GENERIC; 1005 struct tee_rpmb_mem mem = { 0 }; 1006 uint16_t msg_type; 1007 struct rpmb_req *req = NULL; 1008 struct rpmb_data_frame *resp = NULL; 1009 struct rpmb_raw_data rawdata; 1010 uint32_t req_size; 1011 uint32_t resp_size; 1012 1013 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1014 resp_size = RPMB_DATA_FRAME_SIZE; 1015 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1016 (void *)&req, (void *)&resp); 1017 if (res != TEE_SUCCESS) 1018 goto func_exit; 1019 1020 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1021 1022 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1023 rawdata.msg_type = msg_type; 1024 rawdata.key_mac = rpmb_ctx->key; 1025 1026 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1027 if (res != TEE_SUCCESS) 1028 goto func_exit; 1029 1030 res = tee_rpmb_invoke(&mem); 1031 if (res != TEE_SUCCESS) 1032 goto func_exit; 1033 1034 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1035 1036 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1037 rawdata.msg_type = msg_type; 1038 1039 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1040 if (res != TEE_SUCCESS) 1041 goto func_exit; 1042 1043 res = TEE_SUCCESS; 1044 1045 func_exit: 1046 tee_rpmb_free(&mem); 1047 return res; 1048 } 1049 1050 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1051 { 1052 TEE_Result res; 1053 1054 if (!plat_rpmb_key_is_ready()) { 1055 DMSG("RPMB INIT: platform indicates RPMB key is not ready"); 1056 return TEE_ERROR_BAD_STATE; 1057 } 1058 1059 DMSG("RPMB INIT: Writing Key value:"); 1060 DHEXDUMP(rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 1061 1062 res = tee_rpmb_write_key(dev_id); 1063 if (res == TEE_SUCCESS) { 1064 DMSG("RPMB INIT: Verifying Key"); 1065 res = tee_rpmb_verify_key_sync_counter(dev_id); 1066 } 1067 return res; 1068 } 1069 #else 1070 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1071 { 1072 DMSG("RPMB INIT: CFG_RPMB_WRITE_KEY is not set"); 1073 return TEE_ERROR_BAD_STATE; 1074 } 1075 #endif 1076 1077 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1078 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1079 { 1080 TEE_Result res = TEE_SUCCESS; 1081 struct rpmb_dev_info dev_info; 1082 uint32_t nblocks = 0; 1083 1084 if (!rpmb_ctx) { 1085 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1086 if (!rpmb_ctx) 1087 return TEE_ERROR_OUT_OF_MEMORY; 1088 } else if (rpmb_ctx->dev_id != dev_id) { 1089 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1090 } 1091 1092 rpmb_ctx->dev_id = dev_id; 1093 1094 if (!rpmb_ctx->dev_info_synced) { 1095 DMSG("RPMB: Syncing device information"); 1096 1097 dev_info.rpmb_size_mult = 0; 1098 dev_info.rel_wr_sec_c = 0; 1099 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1100 if (res != TEE_SUCCESS) 1101 goto func_exit; 1102 1103 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1104 DMSG("RPMB: Reliable Write Sector Count is %d", 1105 dev_info.rel_wr_sec_c); 1106 1107 if (dev_info.rpmb_size_mult == 0) { 1108 res = TEE_ERROR_GENERIC; 1109 goto func_exit; 1110 } 1111 1112 if (MUL_OVERFLOW(dev_info.rpmb_size_mult, 1113 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE, &nblocks) || 1114 SUB_OVERFLOW(nblocks, 1, &rpmb_ctx->max_blk_idx)) { 1115 res = TEE_ERROR_BAD_PARAMETERS; 1116 goto func_exit; 1117 } 1118 1119 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1120 1121 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1122 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1123 #else 1124 rpmb_ctx->rel_wr_blkcnt = 1; 1125 #endif 1126 1127 rpmb_ctx->dev_info_synced = true; 1128 } 1129 1130 if (!rpmb_ctx->key_derived) { 1131 DMSG("RPMB INIT: Deriving key"); 1132 1133 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1134 RPMB_KEY_MAC_SIZE); 1135 if (res != TEE_SUCCESS) { 1136 EMSG("RPMB INIT: Deriving key failed with error 0x%x", 1137 res); 1138 goto func_exit; 1139 } 1140 1141 rpmb_ctx->key_derived = true; 1142 } 1143 1144 /* Perform a write counter read to verify if the key is ok. */ 1145 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1146 DMSG("RPMB INIT: Verifying Key"); 1147 1148 res = tee_rpmb_verify_key_sync_counter(dev_id); 1149 if (res == TEE_ERROR_ITEM_NOT_FOUND && 1150 !rpmb_ctx->key_verified) { 1151 /* 1152 * Need to write the key here and verify it. 1153 */ 1154 DMSG("RPMB INIT: Auth key not yet written"); 1155 res = tee_rpmb_write_and_verify_key(dev_id); 1156 } else if (res != TEE_SUCCESS) { 1157 EMSG("Verify key failed!"); 1158 EMSG("Make sure key here matches device key"); 1159 } 1160 } 1161 1162 func_exit: 1163 return res; 1164 } 1165 1166 /* 1167 * Read RPMB data in bytes. 1168 * 1169 * @dev_id Device ID of the eMMC device. 1170 * @addr Byte address of data. 1171 * @data Pointer to the data. 1172 * @len Size of data in bytes. 1173 * @fek Encrypted File Encryption Key or NULL. 1174 */ 1175 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1176 uint32_t len, const uint8_t *fek, 1177 const TEE_UUID *uuid) 1178 { 1179 TEE_Result res = TEE_ERROR_GENERIC; 1180 struct tee_rpmb_mem mem = { 0 }; 1181 uint16_t msg_type; 1182 uint8_t nonce[RPMB_NONCE_SIZE]; 1183 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1184 struct rpmb_req *req = NULL; 1185 struct rpmb_data_frame *resp = NULL; 1186 struct rpmb_raw_data rawdata; 1187 uint32_t req_size; 1188 uint32_t resp_size; 1189 uint16_t blk_idx; 1190 uint16_t blkcnt; 1191 uint8_t byte_offset; 1192 1193 if (!data || !len) 1194 return TEE_ERROR_BAD_PARAMETERS; 1195 1196 blk_idx = addr / RPMB_DATA_SIZE; 1197 byte_offset = addr % RPMB_DATA_SIZE; 1198 1199 if (len + byte_offset + RPMB_DATA_SIZE < RPMB_DATA_SIZE) { 1200 /* Overflow */ 1201 return TEE_ERROR_BAD_PARAMETERS; 1202 } 1203 blkcnt = 1204 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1205 res = tee_rpmb_init(dev_id); 1206 if (res != TEE_SUCCESS) 1207 goto func_exit; 1208 1209 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1210 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1211 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1212 (void *)&req, (void *)&resp); 1213 if (res != TEE_SUCCESS) 1214 goto func_exit; 1215 1216 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1217 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1218 if (res != TEE_SUCCESS) 1219 goto func_exit; 1220 1221 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1222 rawdata.msg_type = msg_type; 1223 rawdata.nonce = nonce; 1224 rawdata.blk_idx = &blk_idx; 1225 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1226 if (res != TEE_SUCCESS) 1227 goto func_exit; 1228 1229 req->block_count = blkcnt; 1230 1231 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1232 blk_idx); 1233 1234 res = tee_rpmb_invoke(&mem); 1235 if (res != TEE_SUCCESS) 1236 goto func_exit; 1237 1238 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1239 1240 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1241 rawdata.msg_type = msg_type; 1242 rawdata.block_count = &blkcnt; 1243 rawdata.blk_idx = &blk_idx; 1244 rawdata.nonce = nonce; 1245 rawdata.key_mac = hmac; 1246 rawdata.data = data; 1247 1248 rawdata.len = len; 1249 rawdata.byte_offset = byte_offset; 1250 1251 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1252 if (res != TEE_SUCCESS) 1253 goto func_exit; 1254 1255 res = TEE_SUCCESS; 1256 1257 func_exit: 1258 tee_rpmb_free(&mem); 1259 return res; 1260 } 1261 1262 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1263 const uint8_t *data_blks, uint16_t blkcnt, 1264 const uint8_t *fek, const TEE_UUID *uuid) 1265 { 1266 TEE_Result res; 1267 struct tee_rpmb_mem mem; 1268 uint16_t msg_type; 1269 uint32_t wr_cnt; 1270 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1271 struct rpmb_req *req = NULL; 1272 struct rpmb_data_frame *resp = NULL; 1273 struct rpmb_raw_data rawdata; 1274 uint32_t req_size; 1275 uint32_t resp_size; 1276 uint32_t nbr_writes; 1277 uint16_t tmp_blkcnt; 1278 uint16_t tmp_blk_idx; 1279 uint16_t i; 1280 1281 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1282 blk_idx); 1283 1284 if (!data_blks || !blkcnt) 1285 return TEE_ERROR_BAD_PARAMETERS; 1286 1287 res = tee_rpmb_init(dev_id); 1288 if (res != TEE_SUCCESS) 1289 return res; 1290 1291 /* 1292 * We need to split data when block count 1293 * is bigger than reliable block write count. 1294 */ 1295 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1296 req_size = sizeof(struct rpmb_req) + 1297 RPMB_DATA_FRAME_SIZE * blkcnt; 1298 else 1299 req_size = sizeof(struct rpmb_req) + 1300 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1301 1302 resp_size = RPMB_DATA_FRAME_SIZE; 1303 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1304 (void *)&req, (void *)&resp); 1305 if (res != TEE_SUCCESS) 1306 return res; 1307 1308 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1309 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1310 nbr_writes += 1; 1311 1312 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1313 tmp_blk_idx = blk_idx; 1314 for (i = 0; i < nbr_writes; i++) { 1315 /* 1316 * To handle the last write of block count which is 1317 * equal or smaller than reliable write block count. 1318 */ 1319 if (i == nbr_writes - 1) 1320 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1321 (nbr_writes - 1); 1322 1323 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1324 wr_cnt = rpmb_ctx->wr_cnt; 1325 1326 memset(req, 0x00, req_size); 1327 memset(resp, 0x00, resp_size); 1328 1329 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1330 rawdata.msg_type = msg_type; 1331 rawdata.block_count = &tmp_blkcnt; 1332 rawdata.blk_idx = &tmp_blk_idx; 1333 rawdata.write_counter = &wr_cnt; 1334 rawdata.key_mac = hmac; 1335 rawdata.data = (uint8_t *)data_blks + 1336 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1337 1338 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1339 fek, uuid); 1340 if (res != TEE_SUCCESS) 1341 goto out; 1342 1343 res = tee_rpmb_invoke(&mem); 1344 if (res != TEE_SUCCESS) { 1345 /* 1346 * To force wr_cnt sync next time, as it might get 1347 * out of sync due to inconsistent operation result! 1348 */ 1349 rpmb_ctx->wr_cnt_synced = false; 1350 goto out; 1351 } 1352 1353 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1354 1355 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1356 rawdata.msg_type = msg_type; 1357 rawdata.block_count = &tmp_blkcnt; 1358 rawdata.blk_idx = &tmp_blk_idx; 1359 rawdata.write_counter = &wr_cnt; 1360 rawdata.key_mac = hmac; 1361 1362 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1363 NULL); 1364 if (res != TEE_SUCCESS) { 1365 /* 1366 * To force wr_cnt sync next time, as it might get 1367 * out of sync due to inconsistent operation result! 1368 */ 1369 rpmb_ctx->wr_cnt_synced = false; 1370 goto out; 1371 } 1372 1373 tmp_blk_idx += tmp_blkcnt; 1374 } 1375 1376 out: 1377 tee_rpmb_free(&mem); 1378 return res; 1379 } 1380 1381 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1382 uint32_t len) 1383 { 1384 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1385 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1386 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1387 1388 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1389 } 1390 1391 /* 1392 * Write RPMB data in bytes. 1393 * 1394 * @dev_id Device ID of the eMMC device. 1395 * @addr Byte address of data. 1396 * @data Pointer to the data. 1397 * @len Size of data in bytes. 1398 * @fek Encrypted File Encryption Key or NULL. 1399 */ 1400 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1401 const uint8_t *data, uint32_t len, 1402 const uint8_t *fek, const TEE_UUID *uuid) 1403 { 1404 TEE_Result res = TEE_ERROR_GENERIC; 1405 uint8_t *data_tmp = NULL; 1406 uint16_t blk_idx; 1407 uint16_t blkcnt; 1408 uint8_t byte_offset; 1409 1410 blk_idx = addr / RPMB_DATA_SIZE; 1411 byte_offset = addr % RPMB_DATA_SIZE; 1412 1413 blkcnt = 1414 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1415 1416 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1417 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1418 uuid); 1419 if (res != TEE_SUCCESS) 1420 goto func_exit; 1421 } else { 1422 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1423 if (!data_tmp) { 1424 res = TEE_ERROR_OUT_OF_MEMORY; 1425 goto func_exit; 1426 } 1427 1428 /* Read the complete blocks */ 1429 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1430 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1431 if (res != TEE_SUCCESS) 1432 goto func_exit; 1433 1434 /* Partial update of the data blocks */ 1435 memcpy(data_tmp + byte_offset, data, len); 1436 1437 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1438 fek, uuid); 1439 if (res != TEE_SUCCESS) 1440 goto func_exit; 1441 } 1442 1443 res = TEE_SUCCESS; 1444 1445 func_exit: 1446 free(data_tmp); 1447 return res; 1448 } 1449 1450 /* 1451 * Read the RPMB write counter. 1452 * 1453 * @dev_id Device ID of the eMMC device. 1454 * @counter Pointer to the counter. 1455 */ 1456 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1457 uint32_t *counter) 1458 { 1459 TEE_Result res = TEE_SUCCESS; 1460 1461 if (!counter) 1462 return TEE_ERROR_BAD_PARAMETERS; 1463 1464 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1465 res = tee_rpmb_init(dev_id); 1466 if (res != TEE_SUCCESS) 1467 goto func_exit; 1468 } 1469 1470 *counter = rpmb_ctx->wr_cnt; 1471 1472 func_exit: 1473 return res; 1474 } 1475 1476 /* 1477 * Read the RPMB max block. 1478 * 1479 * @dev_id Device ID of the eMMC device. 1480 * @counter Pointer to receive the max block. 1481 */ 1482 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1483 { 1484 TEE_Result res = TEE_SUCCESS; 1485 1486 if (!max_block) 1487 return TEE_ERROR_BAD_PARAMETERS; 1488 1489 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1490 res = tee_rpmb_init(dev_id); 1491 if (res != TEE_SUCCESS) 1492 goto func_exit; 1493 } 1494 1495 *max_block = rpmb_ctx->max_blk_idx; 1496 1497 func_exit: 1498 return res; 1499 } 1500 1501 /* 1502 * End of lower interface to RPMB device 1503 */ 1504 1505 static TEE_Result get_fat_start_address(uint32_t *addr); 1506 static TEE_Result rpmb_fs_setup(void); 1507 1508 /** 1509 * fat_entry_dir_free: Free the FAT entry dir. 1510 */ 1511 static void fat_entry_dir_free(void) 1512 { 1513 if (fat_entry_dir) { 1514 free(fat_entry_dir->rpmb_fat_entry_buf); 1515 free(fat_entry_dir); 1516 fat_entry_dir = NULL; 1517 } 1518 } 1519 1520 /** 1521 * fat_entry_dir_init: Initialize the FAT FS entry buffer/cache 1522 * This function must be called before reading FAT FS entries using the 1523 * function fat_entry_dir_get_next. This initializes the buffer/cache with the 1524 * first FAT FS entries. 1525 */ 1526 static TEE_Result fat_entry_dir_init(void) 1527 { 1528 TEE_Result res = TEE_ERROR_GENERIC; 1529 struct rpmb_fat_entry *fe = NULL; 1530 uint32_t fat_address = 0; 1531 uint32_t num_elems_read = 0; 1532 1533 if (fat_entry_dir) 1534 return TEE_SUCCESS; 1535 1536 res = rpmb_fs_setup(); 1537 if (res) 1538 return res; 1539 1540 res = get_fat_start_address(&fat_address); 1541 if (res) 1542 return res; 1543 1544 fat_entry_dir = calloc(1, sizeof(struct rpmb_fat_entry_dir)); 1545 if (!fat_entry_dir) 1546 return TEE_ERROR_OUT_OF_MEMORY; 1547 1548 /* 1549 * If caching is enabled, read in up to the maximum cache size, but 1550 * never more than the single read in size. Otherwise, read in as many 1551 * entries fit into the temporary buffer. 1552 */ 1553 if (CFG_RPMB_FS_CACHE_ENTRIES) 1554 num_elems_read = MIN(CFG_RPMB_FS_CACHE_ENTRIES, 1555 CFG_RPMB_FS_RD_ENTRIES); 1556 else 1557 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1558 1559 /* 1560 * Allocate memory for the FAT FS entries to read in. 1561 */ 1562 fe = calloc(num_elems_read, sizeof(struct rpmb_fat_entry)); 1563 if (!fe) { 1564 res = TEE_ERROR_OUT_OF_MEMORY; 1565 goto out; 1566 } 1567 1568 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, (uint8_t *)fe, 1569 num_elems_read * sizeof(*fe), NULL, NULL); 1570 if (res) 1571 goto out; 1572 1573 fat_entry_dir->rpmb_fat_entry_buf = fe; 1574 1575 /* 1576 * We use this variable when getting next entries from the buffer/cache 1577 * to see whether we have to read in more entries from storage. 1578 */ 1579 fat_entry_dir->num_buffered = num_elems_read; 1580 1581 return TEE_SUCCESS; 1582 out: 1583 fat_entry_dir_free(); 1584 free(fe); 1585 return res; 1586 } 1587 1588 /** 1589 * fat_entry_dir_deinit: If caching is enabled, free the temporary buffer for 1590 * FAT FS entries in case the cache was too small. Keep the elements in the 1591 * cache. Reset the counter variables to start the next traversal from fresh 1592 * from the first cached entry. If caching is disabled, just free the 1593 * temporary buffer by calling fat_entry_dir_free and return. 1594 */ 1595 static void fat_entry_dir_deinit(void) 1596 { 1597 struct rpmb_fat_entry *fe = NULL; 1598 1599 if (!fat_entry_dir) 1600 return; 1601 1602 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1603 fat_entry_dir_free(); 1604 return; 1605 } 1606 1607 fe = fat_entry_dir->rpmb_fat_entry_buf; 1608 fat_entry_dir->idx_curr = 0; 1609 fat_entry_dir->num_total_read = 0; 1610 fat_entry_dir->last_reached = false; 1611 1612 if (fat_entry_dir->num_buffered > CFG_RPMB_FS_CACHE_ENTRIES) { 1613 fat_entry_dir->num_buffered = CFG_RPMB_FS_CACHE_ENTRIES; 1614 1615 fe = realloc(fe, fat_entry_dir->num_buffered * sizeof(*fe)); 1616 1617 /* 1618 * In case realloc fails, we are on the safe side if we destroy 1619 * the whole structure. Upon the next init, the cache has to be 1620 * re-established, but this case should not happen in practice. 1621 */ 1622 if (!fe) 1623 fat_entry_dir_free(); 1624 else 1625 fat_entry_dir->rpmb_fat_entry_buf = fe; 1626 } 1627 } 1628 1629 /** 1630 * fat_entry_dir_update: Updates a persisted FAT FS entry in the cache. 1631 * This function updates the FAT entry fat_entry that was written to address 1632 * fat_address onto RPMB storage in the cache. 1633 */ 1634 static TEE_Result __maybe_unused fat_entry_dir_update 1635 (struct rpmb_fat_entry *fat_entry, 1636 uint32_t fat_address) 1637 { 1638 uint32_t fat_entry_buf_idx = 0; 1639 /* Use a temp var to avoid compiler warning if caching disabled. */ 1640 uint32_t max_cache_entries = CFG_RPMB_FS_CACHE_ENTRIES; 1641 1642 assert(!((fat_address - RPMB_FS_FAT_START_ADDRESS) % 1643 sizeof(struct rpmb_fat_entry))); 1644 1645 /* Nothing to update if the cache is not initialized. */ 1646 if (!fat_entry_dir) 1647 return TEE_SUCCESS; 1648 1649 fat_entry_buf_idx = (fat_address - RPMB_FS_FAT_START_ADDRESS) / 1650 sizeof(struct rpmb_fat_entry); 1651 1652 /* Only need to write if index points to an entry in cache. */ 1653 if (fat_entry_buf_idx < fat_entry_dir->num_buffered && 1654 fat_entry_buf_idx < max_cache_entries) { 1655 memcpy(fat_entry_dir->rpmb_fat_entry_buf + fat_entry_buf_idx, 1656 fat_entry, sizeof(struct rpmb_fat_entry)); 1657 } 1658 1659 return TEE_SUCCESS; 1660 } 1661 1662 /** 1663 * fat_entry_dir_get_next: Get next FAT FS entry. 1664 * Read either from cache/buffer, or by reading from RPMB storage if the 1665 * elements in the buffer/cache are fully read. When reading in from RPMB 1666 * storage, the buffer is overwritten in case caching is disabled. 1667 * In case caching is enabled, the cache is either further filled, or a 1668 * temporary buffer populated if the cache is already full. 1669 * The FAT FS entry is written to fat_entry. The respective address in RPMB 1670 * storage is written to fat_address, if not NULL. When the last FAT FS entry 1671 * was previously read, the function indicates this case by writing a NULL 1672 * pointer to fat_entry. 1673 * Returns a value different TEE_SUCCESS if the next FAT FS entry could not be 1674 * retrieved. 1675 */ 1676 static TEE_Result fat_entry_dir_get_next(struct rpmb_fat_entry **fat_entry, 1677 uint32_t *fat_address) 1678 { 1679 TEE_Result res = TEE_ERROR_GENERIC; 1680 struct rpmb_fat_entry *fe = NULL; 1681 uint32_t num_elems_read = 0; 1682 uint32_t fat_address_local = 0; 1683 1684 assert(fat_entry_dir && fat_entry); 1685 1686 /* Don't read further if we previously read the last FAT FS entry. */ 1687 if (fat_entry_dir->last_reached) { 1688 *fat_entry = NULL; 1689 return TEE_SUCCESS; 1690 } 1691 1692 fe = fat_entry_dir->rpmb_fat_entry_buf; 1693 1694 /* Determine address of FAT FS entry in RPMB storage. */ 1695 fat_address_local = RPMB_FS_FAT_START_ADDRESS + 1696 (fat_entry_dir->num_total_read * 1697 sizeof(struct rpmb_fat_entry)); 1698 1699 /* 1700 * We've read all so-far buffered elements, so we need to 1701 * read in more entries from RPMB storage. 1702 */ 1703 if (fat_entry_dir->idx_curr >= fat_entry_dir->num_buffered) { 1704 /* 1705 * This is the case where we do not cache entries, so just read 1706 * in next set of FAT FS entries into the buffer. 1707 * Goto the end of the when statement if that is done. 1708 */ 1709 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1710 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1711 fat_entry_dir->idx_curr = 0; 1712 1713 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1714 fat_address_local, (uint8_t *)fe, 1715 num_elems_read * sizeof(*fe), NULL, 1716 NULL); 1717 if (res) 1718 return res; 1719 goto post_read_in; 1720 } 1721 1722 /* 1723 * We cache FAT FS entries, and the buffer is not completely 1724 * filled. Further keep on extending the buffer up to its max 1725 * size by reading in from RPMB. 1726 */ 1727 if (fat_entry_dir->num_total_read < RPMB_BUF_MAX_ENTRIES) { 1728 /* 1729 * Read at most as many elements as fit in the buffer 1730 * and no more than the defined number of entries to 1731 * read in at once. 1732 */ 1733 num_elems_read = MIN(RPMB_BUF_MAX_ENTRIES - 1734 fat_entry_dir->num_total_read, 1735 (uint32_t)CFG_RPMB_FS_RD_ENTRIES); 1736 1737 /* 1738 * Expand the buffer to fit in the additional entries. 1739 */ 1740 fe = realloc(fe, 1741 (fat_entry_dir->num_buffered + 1742 num_elems_read) * sizeof(*fe)); 1743 if (!fe) 1744 return TEE_ERROR_OUT_OF_MEMORY; 1745 1746 fat_entry_dir->rpmb_fat_entry_buf = fe; 1747 1748 /* Read in to the next free slot in the buffer/cache. */ 1749 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1750 fat_address_local, 1751 (uint8_t *)(fe + 1752 fat_entry_dir->num_total_read), 1753 num_elems_read * sizeof(*fe), 1754 NULL, NULL); 1755 if (res) 1756 return res; 1757 1758 fat_entry_dir->num_buffered += num_elems_read; 1759 } else { 1760 /* 1761 * This happens when we have read as many elements as 1762 * can possibly fit into the buffer. 1763 * As the first part of the buffer serves as our cache, 1764 * we only overwrite the last part that serves as our 1765 * temporary buffer used to iteratively read in entries 1766 * when the cache is full. Read in the temporary buffer 1767 * maximum size. 1768 */ 1769 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1770 /* Reset index to beginning of the temporary buffer. */ 1771 fat_entry_dir->idx_curr = CFG_RPMB_FS_CACHE_ENTRIES; 1772 1773 /* Read in elements after the end of the cache. */ 1774 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1775 fat_address_local, 1776 (uint8_t *)(fe + 1777 fat_entry_dir->idx_curr), 1778 num_elems_read * sizeof(*fe), 1779 NULL, NULL); 1780 if (res) 1781 return res; 1782 } 1783 } 1784 1785 post_read_in: 1786 if (fat_address) 1787 *fat_address = fat_address_local; 1788 1789 *fat_entry = fe + fat_entry_dir->idx_curr; 1790 1791 fat_entry_dir->idx_curr++; 1792 fat_entry_dir->num_total_read++; 1793 1794 /* 1795 * Indicate last entry was read. 1796 * Ensures we return a zero value for fat_entry on next invocation. 1797 */ 1798 if ((*fat_entry)->flags & FILE_IS_LAST_ENTRY) 1799 fat_entry_dir->last_reached = true; 1800 1801 return TEE_SUCCESS; 1802 } 1803 1804 #if (TRACE_LEVEL >= TRACE_FLOW) 1805 static void dump_fat(void) 1806 { 1807 TEE_Result res = TEE_ERROR_SECURITY; 1808 struct rpmb_fat_entry *fe = NULL; 1809 1810 if (!fs_par) 1811 return; 1812 1813 if (fat_entry_dir_init()) 1814 return; 1815 1816 while (true) { 1817 res = fat_entry_dir_get_next(&fe, NULL); 1818 if (res || !fe) 1819 break; 1820 1821 FMSG("flags %#"PRIx32", size %"PRIu32", address %#"PRIx32 1822 ", filename '%s'", 1823 fe->flags, fe->data_size, fe->start_address, fe->filename); 1824 } 1825 1826 fat_entry_dir_deinit(); 1827 } 1828 #else 1829 static void dump_fat(void) 1830 { 1831 } 1832 #endif 1833 1834 #if (TRACE_LEVEL >= TRACE_DEBUG) 1835 static void dump_fh(struct rpmb_file_handle *fh) 1836 { 1837 DMSG("fh->filename=%s", fh->filename); 1838 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1839 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1840 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1841 } 1842 #else 1843 static void dump_fh(struct rpmb_file_handle *fh __unused) 1844 { 1845 } 1846 #endif 1847 1848 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1849 bool temporary) 1850 { 1851 struct rpmb_file_handle *fh = NULL; 1852 1853 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1854 if (!fh) 1855 return NULL; 1856 1857 if (po) 1858 tee_svc_storage_create_filename(fh->filename, 1859 sizeof(fh->filename), po, 1860 temporary); 1861 1862 return fh; 1863 } 1864 1865 /** 1866 * write_fat_entry: Store info in a fat_entry to RPMB. 1867 */ 1868 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1869 bool update_write_counter) 1870 { 1871 TEE_Result res = TEE_ERROR_GENERIC; 1872 1873 /* Protect partition data. */ 1874 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1875 res = TEE_ERROR_ACCESS_CONFLICT; 1876 goto out; 1877 } 1878 1879 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1880 res = TEE_ERROR_BAD_PARAMETERS; 1881 goto out; 1882 } 1883 1884 if (update_write_counter) { 1885 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1886 &fh->fat_entry.write_counter); 1887 if (res) 1888 goto out; 1889 } 1890 1891 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1892 (uint8_t *)&fh->fat_entry, 1893 sizeof(struct rpmb_fat_entry), NULL, NULL); 1894 1895 dump_fat(); 1896 1897 /* If caching enabled, update a successfully written entry in cache. */ 1898 if (CFG_RPMB_FS_CACHE_ENTRIES && !res) 1899 res = fat_entry_dir_update(&fh->fat_entry, 1900 fh->rpmb_fat_address); 1901 1902 out: 1903 return res; 1904 } 1905 1906 /** 1907 * rpmb_fs_setup: Setup RPMB FS. 1908 * Set initial partition and FS values and write to RPMB. 1909 * Store frequently used data in RAM. 1910 */ 1911 static TEE_Result rpmb_fs_setup(void) 1912 { 1913 TEE_Result res = TEE_ERROR_GENERIC; 1914 struct rpmb_fs_partition *partition_data = NULL; 1915 struct rpmb_file_handle *fh = NULL; 1916 uint32_t max_rpmb_block = 0; 1917 1918 if (fs_par) { 1919 res = TEE_SUCCESS; 1920 goto out; 1921 } 1922 1923 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1924 if (res != TEE_SUCCESS) 1925 goto out; 1926 1927 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1928 if (!partition_data) { 1929 res = TEE_ERROR_OUT_OF_MEMORY; 1930 goto out; 1931 } 1932 1933 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1934 (uint8_t *)partition_data, 1935 sizeof(struct rpmb_fs_partition), NULL, NULL); 1936 if (res != TEE_SUCCESS) 1937 goto out; 1938 1939 #ifndef CFG_RPMB_RESET_FAT 1940 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1941 if (partition_data->fs_version == FS_VERSION) { 1942 res = TEE_SUCCESS; 1943 goto store_fs_par; 1944 } else { 1945 EMSG("Wrong software is in use."); 1946 res = TEE_ERROR_ACCESS_DENIED; 1947 goto out; 1948 } 1949 } 1950 #else 1951 EMSG("**** Clearing Storage ****"); 1952 #endif 1953 1954 /* Setup new partition data. */ 1955 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1956 partition_data->fs_version = FS_VERSION; 1957 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1958 1959 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1960 fh = alloc_file_handle(NULL, false); 1961 if (!fh) { 1962 res = TEE_ERROR_OUT_OF_MEMORY; 1963 goto out; 1964 } 1965 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1966 fh->rpmb_fat_address = partition_data->fat_start_address; 1967 1968 /* Write init FAT entry and partition data to RPMB. */ 1969 res = write_fat_entry(fh, true); 1970 if (res != TEE_SUCCESS) 1971 goto out; 1972 1973 res = 1974 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1975 &partition_data->write_counter); 1976 if (res != TEE_SUCCESS) 1977 goto out; 1978 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1979 (uint8_t *)partition_data, 1980 sizeof(struct rpmb_fs_partition), NULL, NULL); 1981 1982 #ifndef CFG_RPMB_RESET_FAT 1983 store_fs_par: 1984 #endif 1985 1986 /* Store FAT start address. */ 1987 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1988 if (!fs_par) { 1989 res = TEE_ERROR_OUT_OF_MEMORY; 1990 goto out; 1991 } 1992 1993 fs_par->fat_start_address = partition_data->fat_start_address; 1994 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1995 1996 dump_fat(); 1997 1998 out: 1999 free(fh); 2000 free(partition_data); 2001 return res; 2002 } 2003 2004 /** 2005 * get_fat_start_address: 2006 * FAT start_address from fs_par. 2007 */ 2008 static TEE_Result get_fat_start_address(uint32_t *addr) 2009 { 2010 if (!fs_par) 2011 return TEE_ERROR_NO_DATA; 2012 2013 *addr = fs_par->fat_start_address; 2014 2015 return TEE_SUCCESS; 2016 } 2017 2018 /** 2019 * read_fat: Read FAT entries 2020 * Return matching FAT entry for read, rm rename and stat. 2021 * Build up memory pool and return matching entry for write operation. 2022 * "Last FAT entry" can be returned during write. 2023 */ 2024 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 2025 { 2026 TEE_Result res = TEE_ERROR_GENERIC; 2027 tee_mm_entry_t *mm = NULL; 2028 struct rpmb_fat_entry *fe = NULL; 2029 uint32_t fat_address; 2030 bool entry_found = false; 2031 bool expand_fat = false; 2032 struct rpmb_file_handle last_fh; 2033 2034 DMSG("fat_address %d", fh->rpmb_fat_address); 2035 2036 res = fat_entry_dir_init(); 2037 if (res) 2038 goto out; 2039 2040 /* 2041 * The pool is used to represent the current RPMB layout. To find 2042 * a slot for the file tee_mm_alloc is called on the pool. Thus 2043 * if it is not NULL the entire FAT must be traversed to fill in 2044 * the pool. 2045 */ 2046 while (true) { 2047 res = fat_entry_dir_get_next(&fe, &fat_address); 2048 if (res || !fe) 2049 break; 2050 2051 /* 2052 * Look for an entry, matching filenames. (read, rm, 2053 * rename and stat.). Only store first filename match. 2054 */ 2055 if ((!strcmp(fh->filename, fe->filename)) && 2056 (fe->flags & FILE_IS_ACTIVE) && !entry_found) { 2057 entry_found = true; 2058 fh->rpmb_fat_address = fat_address; 2059 memcpy(&fh->fat_entry, fe, sizeof(*fe)); 2060 if (!p) 2061 break; 2062 } 2063 2064 /* Add existing files to memory pool. (write) */ 2065 if (p) { 2066 if ((fe->flags & FILE_IS_ACTIVE) && fe->data_size > 0) { 2067 2068 mm = tee_mm_alloc2(p, fe->start_address, 2069 fe->data_size); 2070 if (!mm) { 2071 res = TEE_ERROR_OUT_OF_MEMORY; 2072 goto out; 2073 } 2074 } 2075 2076 /* Unused FAT entries can be reused (write) */ 2077 if (((fe->flags & FILE_IS_ACTIVE) == 0) && 2078 fh->rpmb_fat_address == 0) { 2079 fh->rpmb_fat_address = fat_address; 2080 memcpy(&fh->fat_entry, fe, 2081 sizeof(struct rpmb_fat_entry)); 2082 } 2083 2084 if (((fe->flags & FILE_IS_LAST_ENTRY) != 0) && 2085 fh->rpmb_fat_address == fat_address) { 2086 2087 /* 2088 * If the last entry was reached and was chosen 2089 * by the previous check, then the FAT needs to 2090 * be expanded. 2091 * fh->rpmb_fat_address is the address chosen 2092 * to store the files FAT entry and fat_address 2093 * is the current FAT entry address being 2094 * compared. 2095 */ 2096 expand_fat = true; 2097 } 2098 } 2099 } 2100 2101 if (res) 2102 goto out; 2103 /* 2104 * Represent the FAT table in the pool. 2105 */ 2106 if (p) { 2107 /* 2108 * Since fat_address is the start of the last entry it needs to 2109 * be moved up by an entry. 2110 */ 2111 fat_address += sizeof(struct rpmb_fat_entry); 2112 2113 /* Make room for yet a FAT entry and add to memory pool. */ 2114 if (expand_fat) 2115 fat_address += sizeof(struct rpmb_fat_entry); 2116 2117 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 2118 if (!mm) { 2119 res = TEE_ERROR_OUT_OF_MEMORY; 2120 goto out; 2121 } 2122 2123 if (expand_fat) { 2124 /* 2125 * Point fat_address to the beginning of the new 2126 * entry. 2127 */ 2128 fat_address -= sizeof(struct rpmb_fat_entry); 2129 memset(&last_fh, 0, sizeof(last_fh)); 2130 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 2131 last_fh.rpmb_fat_address = fat_address; 2132 res = write_fat_entry(&last_fh, true); 2133 if (res != TEE_SUCCESS) 2134 goto out; 2135 } 2136 } 2137 2138 if (!fh->rpmb_fat_address) 2139 res = TEE_ERROR_ITEM_NOT_FOUND; 2140 2141 out: 2142 fat_entry_dir_deinit(); 2143 return res; 2144 } 2145 2146 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 2147 { 2148 TEE_Result res; 2149 2150 again: 2151 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 2152 if (res != TEE_SUCCESS) 2153 return res; 2154 2155 if (is_zero(fe->fek, sizeof(fe->fek))) 2156 goto again; 2157 2158 return res; 2159 } 2160 2161 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 2162 const TEE_UUID *uuid, bool create) 2163 { 2164 tee_mm_pool_t p; 2165 bool pool_result; 2166 TEE_Result res = TEE_ERROR_GENERIC; 2167 2168 /* We need to do setup in order to make sure fs_par is filled in */ 2169 res = rpmb_fs_setup(); 2170 if (res != TEE_SUCCESS) 2171 goto out; 2172 2173 fh->uuid = uuid; 2174 if (create) { 2175 /* Upper memory allocation must be used for RPMB_FS. */ 2176 pool_result = tee_mm_init(&p, 2177 RPMB_STORAGE_START_ADDRESS, 2178 fs_par->max_rpmb_address, 2179 RPMB_BLOCK_SIZE_SHIFT, 2180 TEE_MM_POOL_HI_ALLOC); 2181 2182 if (!pool_result) { 2183 res = TEE_ERROR_OUT_OF_MEMORY; 2184 goto out; 2185 } 2186 2187 res = read_fat(fh, &p); 2188 tee_mm_final(&p); 2189 if (res != TEE_SUCCESS) 2190 goto out; 2191 } else { 2192 res = read_fat(fh, NULL); 2193 if (res != TEE_SUCCESS) 2194 goto out; 2195 } 2196 2197 /* 2198 * If this is opened with create and the entry found was not active 2199 * then this is a new file and the FAT entry must be written 2200 */ 2201 if (create) { 2202 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 2203 memset(&fh->fat_entry, 0, 2204 sizeof(struct rpmb_fat_entry)); 2205 memcpy(fh->fat_entry.filename, fh->filename, 2206 strlen(fh->filename)); 2207 /* Start address and size are 0 */ 2208 fh->fat_entry.flags = FILE_IS_ACTIVE; 2209 2210 res = generate_fek(&fh->fat_entry, uuid); 2211 if (res != TEE_SUCCESS) 2212 goto out; 2213 DMSG("GENERATE FEK key: %p", 2214 (void *)fh->fat_entry.fek); 2215 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 2216 2217 res = write_fat_entry(fh, true); 2218 if (res != TEE_SUCCESS) 2219 goto out; 2220 } 2221 } 2222 2223 res = TEE_SUCCESS; 2224 2225 out: 2226 return res; 2227 } 2228 2229 static void rpmb_fs_close(struct tee_file_handle **tfh) 2230 { 2231 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2232 2233 free(fh); 2234 *tfh = NULL; 2235 } 2236 2237 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 2238 void *buf, size_t *len) 2239 { 2240 TEE_Result res; 2241 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2242 size_t size = *len; 2243 2244 if (!size) 2245 return TEE_SUCCESS; 2246 2247 mutex_lock(&rpmb_mutex); 2248 2249 dump_fh(fh); 2250 2251 res = read_fat(fh, NULL); 2252 if (res != TEE_SUCCESS) 2253 goto out; 2254 2255 if (pos >= fh->fat_entry.data_size) { 2256 *len = 0; 2257 goto out; 2258 } 2259 2260 size = MIN(size, fh->fat_entry.data_size - pos); 2261 if (size) { 2262 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2263 fh->fat_entry.start_address + pos, buf, 2264 size, fh->fat_entry.fek, fh->uuid); 2265 if (res != TEE_SUCCESS) 2266 goto out; 2267 } 2268 *len = size; 2269 2270 out: 2271 mutex_unlock(&rpmb_mutex); 2272 return res; 2273 } 2274 2275 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 2276 size_t pos, const void *buf, 2277 size_t size) 2278 { 2279 TEE_Result res; 2280 tee_mm_pool_t p; 2281 bool pool_result = false; 2282 tee_mm_entry_t *mm; 2283 size_t end; 2284 size_t newsize; 2285 uint8_t *newbuf = NULL; 2286 uintptr_t newaddr; 2287 uint32_t start_addr; 2288 2289 if (!size) 2290 return TEE_SUCCESS; 2291 2292 if (!fs_par) { 2293 res = TEE_ERROR_GENERIC; 2294 goto out; 2295 } 2296 2297 dump_fh(fh); 2298 2299 /* Upper memory allocation must be used for RPMB_FS. */ 2300 pool_result = tee_mm_init(&p, 2301 RPMB_STORAGE_START_ADDRESS, 2302 fs_par->max_rpmb_address, 2303 RPMB_BLOCK_SIZE_SHIFT, 2304 TEE_MM_POOL_HI_ALLOC); 2305 if (!pool_result) { 2306 res = TEE_ERROR_OUT_OF_MEMORY; 2307 goto out; 2308 } 2309 2310 res = read_fat(fh, &p); 2311 if (res != TEE_SUCCESS) 2312 goto out; 2313 2314 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2315 panic("invalid last entry flag"); 2316 2317 if (ADD_OVERFLOW(pos, size, &end)) { 2318 res = TEE_ERROR_BAD_PARAMETERS; 2319 goto out; 2320 } 2321 if (ADD_OVERFLOW(fh->fat_entry.start_address, pos, &start_addr)) { 2322 res = TEE_ERROR_BAD_PARAMETERS; 2323 goto out; 2324 } 2325 2326 if (end <= fh->fat_entry.data_size && 2327 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2328 2329 DMSG("Updating data in-place"); 2330 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2331 size, fh->fat_entry.fek, fh->uuid); 2332 if (res != TEE_SUCCESS) 2333 goto out; 2334 } else { 2335 /* 2336 * File must be extended, or update cannot be atomic: allocate, 2337 * read, update, write. 2338 */ 2339 2340 DMSG("Need to re-allocate"); 2341 newsize = MAX(end, fh->fat_entry.data_size); 2342 mm = tee_mm_alloc(&p, newsize); 2343 newbuf = calloc(1, newsize); 2344 if (!mm || !newbuf) { 2345 res = TEE_ERROR_OUT_OF_MEMORY; 2346 goto out; 2347 } 2348 2349 if (fh->fat_entry.data_size) { 2350 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2351 fh->fat_entry.start_address, 2352 newbuf, fh->fat_entry.data_size, 2353 fh->fat_entry.fek, fh->uuid); 2354 if (res != TEE_SUCCESS) 2355 goto out; 2356 } 2357 2358 memcpy(newbuf + pos, buf, size); 2359 2360 newaddr = tee_mm_get_smem(mm); 2361 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2362 newsize, fh->fat_entry.fek, fh->uuid); 2363 if (res != TEE_SUCCESS) 2364 goto out; 2365 2366 fh->fat_entry.data_size = newsize; 2367 fh->fat_entry.start_address = newaddr; 2368 res = write_fat_entry(fh, true); 2369 if (res != TEE_SUCCESS) 2370 goto out; 2371 } 2372 2373 out: 2374 if (pool_result) 2375 tee_mm_final(&p); 2376 if (newbuf) 2377 free(newbuf); 2378 2379 return res; 2380 } 2381 2382 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2383 const void *buf, size_t size) 2384 { 2385 TEE_Result res; 2386 2387 mutex_lock(&rpmb_mutex); 2388 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2389 buf, size); 2390 mutex_unlock(&rpmb_mutex); 2391 2392 return res; 2393 } 2394 2395 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2396 { 2397 TEE_Result res; 2398 2399 res = read_fat(fh, NULL); 2400 if (res) 2401 return res; 2402 2403 /* Clear this file entry. */ 2404 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2405 return write_fat_entry(fh, false); 2406 } 2407 2408 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2409 { 2410 TEE_Result res; 2411 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2412 2413 if (!fh) 2414 return TEE_ERROR_OUT_OF_MEMORY; 2415 2416 mutex_lock(&rpmb_mutex); 2417 2418 res = rpmb_fs_remove_internal(fh); 2419 2420 mutex_unlock(&rpmb_mutex); 2421 2422 free(fh); 2423 return res; 2424 } 2425 2426 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2427 struct tee_pobj *new, 2428 bool overwrite) 2429 { 2430 TEE_Result res = TEE_ERROR_GENERIC; 2431 struct rpmb_file_handle *fh_old = NULL; 2432 struct rpmb_file_handle *fh_new = NULL; 2433 2434 if (!old) { 2435 res = TEE_ERROR_BAD_PARAMETERS; 2436 goto out; 2437 } 2438 2439 if (new) 2440 fh_old = alloc_file_handle(old, old->temporary); 2441 else 2442 fh_old = alloc_file_handle(old, true); 2443 if (!fh_old) { 2444 res = TEE_ERROR_OUT_OF_MEMORY; 2445 goto out; 2446 } 2447 2448 if (new) 2449 fh_new = alloc_file_handle(new, new->temporary); 2450 else 2451 fh_new = alloc_file_handle(old, false); 2452 if (!fh_new) { 2453 res = TEE_ERROR_OUT_OF_MEMORY; 2454 goto out; 2455 } 2456 2457 res = read_fat(fh_old, NULL); 2458 if (res != TEE_SUCCESS) 2459 goto out; 2460 2461 res = read_fat(fh_new, NULL); 2462 if (res == TEE_SUCCESS) { 2463 if (!overwrite) { 2464 res = TEE_ERROR_ACCESS_CONFLICT; 2465 goto out; 2466 } 2467 2468 /* Clear this file entry. */ 2469 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2470 res = write_fat_entry(fh_new, false); 2471 if (res != TEE_SUCCESS) 2472 goto out; 2473 } 2474 2475 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2476 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2477 strlen(fh_new->filename)); 2478 2479 res = write_fat_entry(fh_old, false); 2480 2481 out: 2482 free(fh_old); 2483 free(fh_new); 2484 2485 return res; 2486 } 2487 2488 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2489 bool overwrite) 2490 { 2491 TEE_Result res; 2492 2493 mutex_lock(&rpmb_mutex); 2494 res = rpmb_fs_rename_internal(old, new, overwrite); 2495 mutex_unlock(&rpmb_mutex); 2496 2497 return res; 2498 } 2499 2500 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2501 { 2502 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2503 tee_mm_pool_t p; 2504 bool pool_result = false; 2505 tee_mm_entry_t *mm; 2506 uint32_t newsize; 2507 uint8_t *newbuf = NULL; 2508 uintptr_t newaddr; 2509 TEE_Result res = TEE_ERROR_GENERIC; 2510 2511 mutex_lock(&rpmb_mutex); 2512 2513 if (length > INT32_MAX) { 2514 res = TEE_ERROR_BAD_PARAMETERS; 2515 goto out; 2516 } 2517 newsize = length; 2518 2519 res = read_fat(fh, NULL); 2520 if (res != TEE_SUCCESS) 2521 goto out; 2522 2523 if (newsize > fh->fat_entry.data_size) { 2524 /* Extend file */ 2525 2526 pool_result = tee_mm_init(&p, 2527 RPMB_STORAGE_START_ADDRESS, 2528 fs_par->max_rpmb_address, 2529 RPMB_BLOCK_SIZE_SHIFT, 2530 TEE_MM_POOL_HI_ALLOC); 2531 if (!pool_result) { 2532 res = TEE_ERROR_OUT_OF_MEMORY; 2533 goto out; 2534 } 2535 res = read_fat(fh, &p); 2536 if (res != TEE_SUCCESS) 2537 goto out; 2538 2539 mm = tee_mm_alloc(&p, newsize); 2540 newbuf = calloc(1, newsize); 2541 if (!mm || !newbuf) { 2542 res = TEE_ERROR_OUT_OF_MEMORY; 2543 goto out; 2544 } 2545 2546 if (fh->fat_entry.data_size) { 2547 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2548 fh->fat_entry.start_address, 2549 newbuf, fh->fat_entry.data_size, 2550 fh->fat_entry.fek, fh->uuid); 2551 if (res != TEE_SUCCESS) 2552 goto out; 2553 } 2554 2555 newaddr = tee_mm_get_smem(mm); 2556 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2557 newsize, fh->fat_entry.fek, fh->uuid); 2558 if (res != TEE_SUCCESS) 2559 goto out; 2560 2561 } else { 2562 /* Don't change file location */ 2563 newaddr = fh->fat_entry.start_address; 2564 } 2565 2566 /* fh->pos is unchanged */ 2567 fh->fat_entry.data_size = newsize; 2568 fh->fat_entry.start_address = newaddr; 2569 res = write_fat_entry(fh, true); 2570 2571 out: 2572 mutex_unlock(&rpmb_mutex); 2573 if (pool_result) 2574 tee_mm_final(&p); 2575 if (newbuf) 2576 free(newbuf); 2577 2578 return res; 2579 } 2580 2581 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2582 { 2583 struct tee_rpmb_fs_dirent *e; 2584 2585 if (!dir) 2586 return; 2587 2588 free(dir->current); 2589 2590 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2591 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2592 free(e); 2593 } 2594 } 2595 2596 static TEE_Result rpmb_fs_dir_populate(const char *path, 2597 struct tee_fs_dir *dir) 2598 { 2599 struct tee_rpmb_fs_dirent *current = NULL; 2600 struct rpmb_fat_entry *fe = NULL; 2601 uint32_t fat_address; 2602 uint32_t filelen; 2603 char *filename; 2604 bool matched; 2605 struct tee_rpmb_fs_dirent *next = NULL; 2606 uint32_t pathlen; 2607 TEE_Result res = TEE_ERROR_GENERIC; 2608 char temp; 2609 2610 mutex_lock(&rpmb_mutex); 2611 2612 res = fat_entry_dir_init(); 2613 if (res) 2614 goto out; 2615 2616 pathlen = strlen(path); 2617 2618 while (true) { 2619 res = fat_entry_dir_get_next(&fe, &fat_address); 2620 if (res || !fe) 2621 break; 2622 2623 filename = fe->filename; 2624 if (fe->flags & FILE_IS_ACTIVE) { 2625 matched = false; 2626 filelen = strlen(filename); 2627 if (filelen > pathlen) { 2628 temp = filename[pathlen]; 2629 filename[pathlen] = '\0'; 2630 if (strcmp(filename, path) == 0) 2631 matched = true; 2632 2633 filename[pathlen] = temp; 2634 } 2635 2636 if (matched) { 2637 next = malloc(sizeof(*next)); 2638 if (!next) { 2639 res = TEE_ERROR_OUT_OF_MEMORY; 2640 goto out; 2641 } 2642 2643 next->entry.oidlen = tee_hs2b((uint8_t *) 2644 &filename[pathlen], 2645 next->entry.oid, 2646 filelen - pathlen, 2647 sizeof(next->entry.oid)); 2648 if (next->entry.oidlen) { 2649 SIMPLEQ_INSERT_TAIL(&dir->next, 2650 next, link); 2651 current = next; 2652 } else { 2653 free(next); 2654 next = NULL; 2655 } 2656 } 2657 } 2658 } 2659 2660 if (res) 2661 goto out; 2662 2663 if (current) 2664 res = TEE_SUCCESS; 2665 else 2666 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2667 2668 out: 2669 mutex_unlock(&rpmb_mutex); 2670 fat_entry_dir_deinit(); 2671 if (res) 2672 rpmb_fs_dir_free(dir); 2673 2674 return res; 2675 } 2676 2677 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2678 { 2679 uint32_t len; 2680 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2681 TEE_Result res = TEE_ERROR_GENERIC; 2682 struct tee_fs_dir *rpmb_dir = NULL; 2683 2684 if (!uuid || !dir) { 2685 res = TEE_ERROR_BAD_PARAMETERS; 2686 goto out; 2687 } 2688 2689 memset(path_local, 0, sizeof(path_local)); 2690 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2691 uuid) != TEE_SUCCESS) { 2692 res = TEE_ERROR_BAD_PARAMETERS; 2693 goto out; 2694 } 2695 len = strlen(path_local); 2696 2697 /* Add a slash to correctly match the full directory name. */ 2698 if (path_local[len - 1] != '/') 2699 path_local[len] = '/'; 2700 2701 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2702 if (!rpmb_dir) { 2703 res = TEE_ERROR_OUT_OF_MEMORY; 2704 goto out; 2705 } 2706 SIMPLEQ_INIT(&rpmb_dir->next); 2707 2708 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2709 if (res != TEE_SUCCESS) { 2710 free(rpmb_dir); 2711 rpmb_dir = NULL; 2712 goto out; 2713 } 2714 2715 *dir = rpmb_dir; 2716 2717 out: 2718 return res; 2719 } 2720 2721 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2722 struct tee_fs_dirent **ent) 2723 { 2724 if (!dir) 2725 return TEE_ERROR_GENERIC; 2726 2727 free(dir->current); 2728 2729 dir->current = SIMPLEQ_FIRST(&dir->next); 2730 if (!dir->current) 2731 return TEE_ERROR_ITEM_NOT_FOUND; 2732 2733 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2734 2735 *ent = &dir->current->entry; 2736 return TEE_SUCCESS; 2737 } 2738 2739 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2740 { 2741 if (dir) { 2742 rpmb_fs_dir_free(dir); 2743 free(dir); 2744 } 2745 } 2746 2747 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2748 struct tee_file_handle **ret_fh) 2749 { 2750 TEE_Result res; 2751 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2752 2753 if (!fh) 2754 return TEE_ERROR_OUT_OF_MEMORY; 2755 2756 mutex_lock(&rpmb_mutex); 2757 2758 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2759 if (!res && size) 2760 *size = fh->fat_entry.data_size; 2761 2762 mutex_unlock(&rpmb_mutex); 2763 2764 if (res) 2765 free(fh); 2766 else 2767 *ret_fh = (struct tee_file_handle *)fh; 2768 2769 return res; 2770 } 2771 2772 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2773 const void *head, size_t head_size, 2774 const void *attr, size_t attr_size, 2775 const void *data, size_t data_size, 2776 struct tee_file_handle **ret_fh) 2777 { 2778 TEE_Result res; 2779 size_t pos = 0; 2780 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2781 2782 if (!fh) 2783 return TEE_ERROR_OUT_OF_MEMORY; 2784 2785 mutex_lock(&rpmb_mutex); 2786 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2787 if (res) 2788 goto out; 2789 2790 if (head && head_size) { 2791 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2792 if (res) 2793 goto out; 2794 pos += head_size; 2795 } 2796 2797 if (attr && attr_size) { 2798 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2799 if (res) 2800 goto out; 2801 pos += attr_size; 2802 } 2803 2804 if (data && data_size) { 2805 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2806 if (res) 2807 goto out; 2808 } 2809 2810 if (po->temporary) { 2811 /* 2812 * If it's a temporary filename (which it normally is) 2813 * rename into the final filename now that the file is 2814 * fully initialized. 2815 */ 2816 po->temporary = false; 2817 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2818 if (res) { 2819 po->temporary = true; 2820 goto out; 2821 } 2822 /* Update file handle after rename. */ 2823 tee_svc_storage_create_filename(fh->filename, 2824 sizeof(fh->filename), 2825 po, false); 2826 } 2827 2828 out: 2829 if (res) { 2830 rpmb_fs_remove_internal(fh); 2831 free(fh); 2832 } else { 2833 *ret_fh = (struct tee_file_handle *)fh; 2834 } 2835 mutex_unlock(&rpmb_mutex); 2836 2837 return res; 2838 } 2839 2840 const struct tee_file_operations rpmb_fs_ops = { 2841 .open = rpmb_fs_open, 2842 .create = rpmb_fs_create, 2843 .close = rpmb_fs_close, 2844 .read = rpmb_fs_read, 2845 .write = rpmb_fs_write, 2846 .truncate = rpmb_fs_truncate, 2847 .rename = rpmb_fs_rename, 2848 .remove = rpmb_fs_remove, 2849 .opendir = rpmb_fs_opendir, 2850 .closedir = rpmb_fs_closedir, 2851 .readdir = rpmb_fs_readdir, 2852 }; 2853 2854 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2855 struct tee_file_handle **ret_fh) 2856 { 2857 TEE_Result res; 2858 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2859 static const TEE_UUID uuid = { 0 }; 2860 2861 if (!fh) 2862 return TEE_ERROR_OUT_OF_MEMORY; 2863 2864 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2865 2866 mutex_lock(&rpmb_mutex); 2867 2868 res = rpmb_fs_open_internal(fh, &uuid, create); 2869 2870 mutex_unlock(&rpmb_mutex); 2871 2872 if (res) { 2873 if (create) 2874 rpmb_fs_remove_internal(fh); 2875 free(fh); 2876 } else { 2877 *ret_fh = (struct tee_file_handle *)fh; 2878 } 2879 2880 return res; 2881 } 2882 2883 bool __weak plat_rpmb_key_is_ready(void) 2884 { 2885 return true; 2886 } 2887