1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 #include <assert.h> 7 #include <crypto/crypto.h> 8 #include <kernel/huk_subkey.h> 9 #include <kernel/misc.h> 10 #include <kernel/msg_param.h> 11 #include <kernel/mutex.h> 12 #include <kernel/panic.h> 13 #include <kernel/tee_common.h> 14 #include <kernel/tee_common_otp.h> 15 #include <kernel/tee_misc.h> 16 #include <kernel/thread.h> 17 #include <mm/core_memprot.h> 18 #include <mm/mobj.h> 19 #include <mm/tee_mm.h> 20 #include <optee_rpc_cmd.h> 21 #include <stdlib.h> 22 #include <string_ext.h> 23 #include <string.h> 24 #include <sys/queue.h> 25 #include <tee/tee_fs.h> 26 #include <tee/tee_fs_key_manager.h> 27 #include <tee/tee_pobj.h> 28 #include <tee/tee_svc_storage.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #define RPMB_STORAGE_START_ADDRESS 0 33 #define RPMB_FS_FAT_START_ADDRESS 512 34 #define RPMB_BLOCK_SIZE_SHIFT 8 35 #define RPMB_CID_PRV_OFFSET 9 36 #define RPMB_CID_CRC_OFFSET 15 37 38 #define RPMB_FS_MAGIC 0x52504D42 39 #define FS_VERSION 2 40 41 #define FILE_IS_ACTIVE (1u << 0) 42 #define FILE_IS_LAST_ENTRY (1u << 1) 43 44 #define TEE_RPMB_FS_FILENAME_LENGTH 224 45 46 /** 47 * FS parameters: Information often used by internal functions. 48 * fat_start_address will be set by rpmb_fs_setup(). 49 * rpmb_fs_parameters can be read by any other function. 50 */ 51 struct rpmb_fs_parameters { 52 uint32_t fat_start_address; 53 uint32_t max_rpmb_address; 54 }; 55 56 /** 57 * File entry for a single file in a RPMB_FS partition. 58 */ 59 struct rpmb_fat_entry { 60 uint32_t start_address; 61 uint32_t data_size; 62 uint32_t flags; 63 uint32_t write_counter; 64 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 65 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 66 }; 67 68 /** 69 * FAT entry context with reference to a FAT entry and its 70 * location in RPMB. 71 */ 72 struct rpmb_file_handle { 73 struct rpmb_fat_entry fat_entry; 74 const TEE_UUID *uuid; 75 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 76 /* Address for current entry in RPMB */ 77 uint32_t rpmb_fat_address; 78 }; 79 80 /** 81 * RPMB_FS partition data 82 */ 83 struct rpmb_fs_partition { 84 uint32_t rpmb_fs_magic; 85 uint32_t fs_version; 86 uint32_t write_counter; 87 uint32_t fat_start_address; 88 /* Do not use reserved[] for other purpose than partition data. */ 89 uint8_t reserved[112]; 90 }; 91 92 /** 93 * A node in a list of directory entries. 94 */ 95 struct tee_rpmb_fs_dirent { 96 struct tee_fs_dirent entry; 97 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 98 }; 99 100 /** 101 * The RPMB directory representation. It contains a queue of 102 * RPMB directory entries: 'next'. 103 * The current pointer points to the last directory entry 104 * returned by readdir(). 105 */ 106 struct tee_fs_dir { 107 struct tee_rpmb_fs_dirent *current; 108 /* */ 109 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 110 }; 111 112 static struct rpmb_fs_parameters *fs_par; 113 114 /* 115 * Lower interface to RPMB device 116 */ 117 118 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 119 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 120 121 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 122 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 123 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 124 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 125 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 126 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 127 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 128 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 129 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 130 131 #define RPMB_STUFF_DATA_SIZE 196 132 #define RPMB_KEY_MAC_SIZE 32 133 #define RPMB_DATA_SIZE 256 134 #define RPMB_NONCE_SIZE 16 135 #define RPMB_DATA_FRAME_SIZE 512 136 137 #define RPMB_RESULT_OK 0x00 138 #define RPMB_RESULT_GENERAL_FAILURE 0x01 139 #define RPMB_RESULT_AUTH_FAILURE 0x02 140 #define RPMB_RESULT_COUNTER_FAILURE 0x03 141 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 142 #define RPMB_RESULT_WRITE_FAILURE 0x05 143 #define RPMB_RESULT_READ_FAILURE 0x06 144 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 145 #define RPMB_RESULT_MASK 0x3F 146 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 147 148 /* RPMB internal commands */ 149 #define RPMB_CMD_DATA_REQ 0x00 150 #define RPMB_CMD_GET_DEV_INFO 0x01 151 152 #define RPMB_SIZE_SINGLE (128 * 1024) 153 154 /* Error codes for get_dev_info request/response. */ 155 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 156 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 157 158 struct rpmb_data_frame { 159 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 160 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 161 uint8_t data[RPMB_DATA_SIZE]; 162 uint8_t nonce[RPMB_NONCE_SIZE]; 163 uint8_t write_counter[4]; 164 uint8_t address[2]; 165 uint8_t block_count[2]; 166 uint8_t op_result[2]; 167 uint8_t msg_type[2]; 168 }; 169 170 struct rpmb_req { 171 uint16_t cmd; 172 uint16_t dev_id; 173 uint16_t block_count; 174 /* variable length of data */ 175 /* uint8_t data[]; REMOVED! */ 176 }; 177 178 #define TEE_RPMB_REQ_DATA(req) \ 179 ((void *)((struct rpmb_req *)(req) + 1)) 180 181 struct rpmb_raw_data { 182 uint16_t msg_type; 183 uint16_t *op_result; 184 uint16_t *block_count; 185 uint16_t *blk_idx; 186 uint32_t *write_counter; 187 uint8_t *nonce; 188 uint8_t *key_mac; 189 uint8_t *data; 190 /* data length to read or write */ 191 uint32_t len; 192 /* Byte address offset in the first block involved */ 193 uint8_t byte_offset; 194 }; 195 196 #define RPMB_EMMC_CID_SIZE 16 197 struct rpmb_dev_info { 198 uint8_t cid[RPMB_EMMC_CID_SIZE]; 199 /* EXT CSD-slice 168 "RPMB Size" */ 200 uint8_t rpmb_size_mult; 201 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 202 uint8_t rel_wr_sec_c; 203 /* Check the ret code and accept the data only if it is OK. */ 204 uint8_t ret_code; 205 }; 206 207 /* 208 * Struct for rpmb context data. 209 * 210 * @key RPMB key. 211 * @cid eMMC card ID. 212 * @wr_cnt Current write counter. 213 * @max_blk_idx The highest block index supported by current device. 214 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 215 * @dev_id Device ID of the eMMC device. 216 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 217 * @key_derived Flag indicating if key has been generated. 218 * @key_verified Flag indicating the key generated is verified ok. 219 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 220 */ 221 struct tee_rpmb_ctx { 222 uint8_t key[RPMB_KEY_MAC_SIZE]; 223 uint8_t cid[RPMB_EMMC_CID_SIZE]; 224 uint32_t wr_cnt; 225 uint16_t max_blk_idx; 226 uint16_t rel_wr_blkcnt; 227 uint16_t dev_id; 228 bool wr_cnt_synced; 229 bool key_derived; 230 bool key_verified; 231 bool dev_info_synced; 232 }; 233 234 static struct tee_rpmb_ctx *rpmb_ctx; 235 236 /* 237 * Mutex to serialize the operations exported by this file. 238 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 239 * different IDs. 240 */ 241 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 242 243 #ifdef CFG_RPMB_TESTKEY 244 245 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 246 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 247 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 248 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 249 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 250 }; 251 252 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 253 uint8_t *key, uint32_t len) 254 { 255 TEE_Result res = TEE_SUCCESS; 256 257 if (!key || RPMB_KEY_MAC_SIZE != len) { 258 res = TEE_ERROR_BAD_PARAMETERS; 259 goto out; 260 } 261 262 DMSG("RPMB: Using test key"); 263 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 264 265 out: 266 return res; 267 } 268 269 #else /* !CFG_RPMB_TESTKEY */ 270 271 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 272 uint8_t *key, uint32_t len) 273 { 274 uint8_t message[RPMB_EMMC_CID_SIZE]; 275 276 if (!key || RPMB_KEY_MAC_SIZE != len) 277 return TEE_ERROR_BAD_PARAMETERS; 278 279 IMSG("RPMB: Using generated key"); 280 281 /* 282 * PRV/CRC would be changed when doing eMMC FFU 283 * The following fields should be masked off when deriving RPMB key 284 * 285 * CID [55: 48]: PRV (Product revision) 286 * CID [07: 01]: CRC (CRC7 checksum) 287 * CID [00]: not used 288 */ 289 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 290 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 291 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 292 return huk_subkey_derive(HUK_SUBKEY_RPMB, message, sizeof(message), 293 key, len); 294 } 295 296 #endif /* !CFG_RPMB_TESTKEY */ 297 298 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 299 { 300 *bytes = (uint8_t) (u32 >> 24); 301 *(bytes + 1) = (uint8_t) (u32 >> 16); 302 *(bytes + 2) = (uint8_t) (u32 >> 8); 303 *(bytes + 3) = (uint8_t) u32; 304 } 305 306 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 307 { 308 *u32 = (uint32_t) ((*(bytes) << 24) + 309 (*(bytes + 1) << 16) + 310 (*(bytes + 2) << 8) + (*(bytes + 3))); 311 } 312 313 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 314 { 315 *bytes = (uint8_t) (u16 >> 8); 316 *(bytes + 1) = (uint8_t) u16; 317 } 318 319 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 320 { 321 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 322 } 323 324 static void get_op_result_bits(uint8_t *bytes, uint8_t *res) 325 { 326 *res = *(bytes + 1) & RPMB_RESULT_MASK; 327 } 328 329 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 330 uint8_t *key, uint32_t keysize, 331 struct rpmb_data_frame *datafrms, 332 uint16_t blkcnt) 333 { 334 TEE_Result res = TEE_ERROR_GENERIC; 335 int i; 336 void *ctx = NULL; 337 338 if (!mac || !key || !datafrms) 339 return TEE_ERROR_BAD_PARAMETERS; 340 341 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 342 if (res) 343 return res; 344 345 res = crypto_mac_init(ctx, key, keysize); 346 if (res != TEE_SUCCESS) 347 goto func_exit; 348 349 for (i = 0; i < blkcnt; i++) { 350 res = crypto_mac_update(ctx, datafrms[i].data, 351 RPMB_MAC_PROTECT_DATA_SIZE); 352 if (res != TEE_SUCCESS) 353 goto func_exit; 354 } 355 356 res = crypto_mac_final(ctx, mac, macsize); 357 if (res != TEE_SUCCESS) 358 goto func_exit; 359 360 res = TEE_SUCCESS; 361 362 func_exit: 363 crypto_mac_free_ctx(ctx); 364 return res; 365 } 366 367 struct tee_rpmb_mem { 368 struct mobj *phreq_mobj; 369 struct mobj *phresp_mobj; 370 size_t req_size; 371 size_t resp_size; 372 }; 373 374 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 375 { 376 if (!mem) 377 return; 378 379 if (mem->phreq_mobj) { 380 thread_rpc_free_payload(mem->phreq_mobj); 381 mem->phreq_mobj = NULL; 382 } 383 if (mem->phresp_mobj) { 384 thread_rpc_free_payload(mem->phresp_mobj); 385 mem->phresp_mobj = NULL; 386 } 387 } 388 389 390 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 391 struct tee_rpmb_mem *mem, void **req, void **resp) 392 { 393 TEE_Result res = TEE_SUCCESS; 394 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 395 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 396 397 if (!mem) 398 return TEE_ERROR_BAD_PARAMETERS; 399 400 memset(mem, 0, sizeof(*mem)); 401 402 mem->phreq_mobj = thread_rpc_alloc_payload(req_s); 403 mem->phresp_mobj = thread_rpc_alloc_payload(resp_s); 404 405 if (!mem->phreq_mobj || !mem->phresp_mobj) { 406 res = TEE_ERROR_OUT_OF_MEMORY; 407 goto out; 408 } 409 410 *req = mobj_get_va(mem->phreq_mobj, 0); 411 *resp = mobj_get_va(mem->phresp_mobj, 0); 412 if (!*req || !*resp) { 413 res = TEE_ERROR_GENERIC; 414 goto out; 415 } 416 417 mem->req_size = req_size; 418 mem->resp_size = resp_size; 419 420 out: 421 if (res != TEE_SUCCESS) 422 tee_rpmb_free(mem); 423 return res; 424 } 425 426 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 427 { 428 struct thread_param params[2] = { 429 [0] = THREAD_PARAM_MEMREF(IN, mem->phreq_mobj, 0, 430 mem->req_size), 431 [1] = THREAD_PARAM_MEMREF(OUT, mem->phresp_mobj, 0, 432 mem->resp_size), 433 }; 434 435 return thread_rpc_cmd(OPTEE_RPC_CMD_RPMB, 2, params); 436 } 437 438 static bool is_zero(const uint8_t *buf, size_t size) 439 { 440 size_t i; 441 442 for (i = 0; i < size; i++) 443 if (buf[i]) 444 return false; 445 return true; 446 } 447 448 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 449 uint16_t blk_idx, const uint8_t *fek, 450 const TEE_UUID *uuid) 451 { 452 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 453 blk_idx, fek, TEE_MODE_ENCRYPT); 454 } 455 456 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 457 uint16_t blk_idx, const uint8_t *fek, 458 const TEE_UUID *uuid) 459 { 460 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 461 blk_idx, fek, TEE_MODE_DECRYPT); 462 } 463 464 /* Decrypt/copy at most one block of data */ 465 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 466 size_t size, size_t offset, 467 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 468 const TEE_UUID *uuid) 469 { 470 uint8_t *tmp __maybe_unused; 471 472 473 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 474 panic("invalid size or offset"); 475 476 if (!fek) { 477 /* Block is not encrypted (not a file data block) */ 478 memcpy(out, frm->data + offset, size); 479 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 480 /* The file was created with encryption disabled */ 481 return TEE_ERROR_SECURITY; 482 } else { 483 /* Block is encrypted */ 484 if (size < RPMB_DATA_SIZE) { 485 /* 486 * Since output buffer is not large enough to hold one 487 * block we must allocate a temporary buffer. 488 */ 489 tmp = malloc(RPMB_DATA_SIZE); 490 if (!tmp) 491 return TEE_ERROR_OUT_OF_MEMORY; 492 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 493 memcpy(out, tmp + offset, size); 494 free(tmp); 495 } else { 496 decrypt_block(out, frm->data, blk_idx, fek, uuid); 497 } 498 } 499 500 return TEE_SUCCESS; 501 } 502 503 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 504 struct rpmb_raw_data *rawdata, 505 uint16_t nbr_frms, uint16_t dev_id, 506 const uint8_t *fek, const TEE_UUID *uuid) 507 { 508 TEE_Result res = TEE_ERROR_GENERIC; 509 int i; 510 struct rpmb_data_frame *datafrm; 511 512 if (!req || !rawdata || !nbr_frms) 513 return TEE_ERROR_BAD_PARAMETERS; 514 515 /* 516 * Check write blockcount is not bigger than reliable write 517 * blockcount. 518 */ 519 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 520 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 521 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 522 rpmb_ctx->rel_wr_blkcnt); 523 return TEE_ERROR_GENERIC; 524 } 525 526 req->cmd = RPMB_CMD_DATA_REQ; 527 req->dev_id = dev_id; 528 529 /* Allocate memory for construct all data packets and calculate MAC. */ 530 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 531 if (!datafrm) 532 return TEE_ERROR_OUT_OF_MEMORY; 533 534 for (i = 0; i < nbr_frms; i++) { 535 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 536 537 if (rawdata->block_count) 538 u16_to_bytes(*rawdata->block_count, 539 datafrm[i].block_count); 540 541 if (rawdata->blk_idx) { 542 /* Check the block index is within range. */ 543 if ((*rawdata->blk_idx + nbr_frms) > 544 rpmb_ctx->max_blk_idx) { 545 res = TEE_ERROR_GENERIC; 546 goto func_exit; 547 } 548 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 549 } 550 551 if (rawdata->write_counter) 552 u32_to_bytes(*rawdata->write_counter, 553 datafrm[i].write_counter); 554 555 if (rawdata->nonce) 556 memcpy(datafrm[i].nonce, rawdata->nonce, 557 RPMB_NONCE_SIZE); 558 559 if (rawdata->data) { 560 if (fek) 561 encrypt_block(datafrm[i].data, 562 rawdata->data + (i * RPMB_DATA_SIZE), 563 *rawdata->blk_idx + i, fek, uuid); 564 else 565 memcpy(datafrm[i].data, 566 rawdata->data + (i * RPMB_DATA_SIZE), 567 RPMB_DATA_SIZE); 568 } 569 } 570 571 if (rawdata->key_mac) { 572 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 573 res = 574 tee_rpmb_mac_calc(rawdata->key_mac, 575 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 576 RPMB_KEY_MAC_SIZE, datafrm, 577 nbr_frms); 578 if (res != TEE_SUCCESS) 579 goto func_exit; 580 } 581 memcpy(datafrm[nbr_frms - 1].key_mac, 582 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 583 } 584 585 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 586 nbr_frms * RPMB_DATA_FRAME_SIZE); 587 588 #ifdef CFG_RPMB_FS_DEBUG_DATA 589 for (i = 0; i < nbr_frms; i++) { 590 DMSG("Dumping data frame %d:", i); 591 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 592 512 - RPMB_STUFF_DATA_SIZE); 593 } 594 #endif 595 596 res = TEE_SUCCESS; 597 func_exit: 598 free(datafrm); 599 return res; 600 } 601 602 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 603 struct rpmb_data_frame *frm, 604 const uint8_t *fek, const TEE_UUID *uuid) 605 { 606 TEE_Result res; 607 uint8_t *data; 608 uint16_t idx; 609 610 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 611 return TEE_ERROR_BAD_PARAMETERS; 612 613 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 614 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 615 if (res != TEE_SUCCESS) 616 return res; 617 618 data = rawdata->data; 619 bytes_to_u16(frm->address, &idx); 620 621 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 622 uuid); 623 return res; 624 } 625 626 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 627 struct rpmb_raw_data *rawdata, 628 uint16_t nbr_frms, 629 struct rpmb_data_frame *lastfrm, 630 const uint8_t *fek, 631 const TEE_UUID *uuid) 632 { 633 TEE_Result res = TEE_ERROR_GENERIC; 634 int i; 635 void *ctx = NULL; 636 uint16_t offset; 637 uint32_t size; 638 uint8_t *data; 639 uint16_t start_idx; 640 struct rpmb_data_frame localfrm; 641 642 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 643 return TEE_ERROR_BAD_PARAMETERS; 644 645 if (nbr_frms == 1) 646 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 647 648 /* nbr_frms > 1 */ 649 650 data = rawdata->data; 651 652 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 653 if (res) 654 goto func_exit; 655 656 res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 657 if (res != TEE_SUCCESS) 658 goto func_exit; 659 660 /* 661 * Note: JEDEC JESD84-B51: "In every packet the address is the start 662 * address of the full access (not address of the individual half a 663 * sector)" 664 */ 665 bytes_to_u16(lastfrm->address, &start_idx); 666 667 for (i = 0; i < (nbr_frms - 1); i++) { 668 669 /* 670 * By working on a local copy of the RPMB frame, we ensure that 671 * the data can not be modified after the MAC is computed but 672 * before the payload is decrypted/copied to the output buffer. 673 */ 674 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 675 676 res = crypto_mac_update(ctx, localfrm.data, 677 RPMB_MAC_PROTECT_DATA_SIZE); 678 if (res != TEE_SUCCESS) 679 goto func_exit; 680 681 if (i == 0) { 682 /* First block */ 683 offset = rawdata->byte_offset; 684 size = RPMB_DATA_SIZE - offset; 685 } else { 686 /* Middle blocks */ 687 size = RPMB_DATA_SIZE; 688 offset = 0; 689 } 690 691 res = decrypt(data, &localfrm, size, offset, start_idx + i, 692 fek, uuid); 693 if (res != TEE_SUCCESS) 694 goto func_exit; 695 696 data += size; 697 } 698 699 /* Last block */ 700 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 701 if (size == 0) 702 size = RPMB_DATA_SIZE; 703 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 704 uuid); 705 if (res != TEE_SUCCESS) 706 goto func_exit; 707 708 /* Update MAC against the last block */ 709 res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE); 710 if (res != TEE_SUCCESS) 711 goto func_exit; 712 713 res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE); 714 if (res != TEE_SUCCESS) 715 goto func_exit; 716 717 res = TEE_SUCCESS; 718 719 func_exit: 720 crypto_mac_free_ctx(ctx); 721 return res; 722 } 723 724 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 725 struct rpmb_raw_data *rawdata, 726 uint16_t nbr_frms, 727 const uint8_t *fek, 728 const TEE_UUID *uuid) 729 { 730 TEE_Result res = TEE_ERROR_GENERIC; 731 uint16_t msg_type; 732 uint32_t wr_cnt; 733 uint16_t blk_idx; 734 uint8_t op_result; 735 struct rpmb_data_frame lastfrm; 736 737 if (!datafrm || !rawdata || !nbr_frms) 738 return TEE_ERROR_BAD_PARAMETERS; 739 740 #ifdef CFG_RPMB_FS_DEBUG_DATA 741 for (uint32_t i = 0; i < nbr_frms; i++) { 742 DMSG("Dumping data frame %d:", i); 743 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 744 512 - RPMB_STUFF_DATA_SIZE); 745 } 746 #endif 747 748 /* Make sure the last data packet can't be modified once verified */ 749 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 750 751 /* Handle operation result and translate to TEEC error code. */ 752 get_op_result_bits(lastfrm.op_result, &op_result); 753 if (op_result == RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED) 754 return TEE_ERROR_ITEM_NOT_FOUND; 755 if (op_result != RPMB_RESULT_OK) 756 return TEE_ERROR_GENERIC; 757 758 /* Check the response msg_type. */ 759 bytes_to_u16(lastfrm.msg_type, &msg_type); 760 if (msg_type != rawdata->msg_type) { 761 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 762 rawdata->msg_type); 763 return TEE_ERROR_GENERIC; 764 } 765 766 if (rawdata->blk_idx) { 767 bytes_to_u16(lastfrm.address, &blk_idx); 768 if (blk_idx != *rawdata->blk_idx) { 769 DMSG("Unexpected block index"); 770 return TEE_ERROR_GENERIC; 771 } 772 } 773 774 if (rawdata->write_counter) { 775 wr_cnt = *rawdata->write_counter; 776 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 777 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 778 /* Verify the write counter is incremented by 1 */ 779 if (*rawdata->write_counter != wr_cnt + 1) { 780 DMSG("Counter mismatched (0x%04x/0x%04x)", 781 *rawdata->write_counter, wr_cnt + 1); 782 return TEE_ERROR_SECURITY; 783 } 784 rpmb_ctx->wr_cnt++; 785 } 786 } 787 788 if (rawdata->nonce) { 789 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 790 RPMB_NONCE_SIZE) != 0) { 791 DMSG("Nonce mismatched"); 792 return TEE_ERROR_SECURITY; 793 } 794 } 795 796 if (rawdata->key_mac) { 797 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 798 if (!rawdata->data) 799 return TEE_ERROR_GENERIC; 800 801 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 802 nbr_frms, &lastfrm, 803 fek, uuid); 804 805 if (res != TEE_SUCCESS) 806 return res; 807 } else { 808 /* 809 * There should be only one data frame for 810 * other msg types. 811 */ 812 if (nbr_frms != 1) 813 return TEE_ERROR_GENERIC; 814 815 res = tee_rpmb_mac_calc(rawdata->key_mac, 816 RPMB_KEY_MAC_SIZE, 817 rpmb_ctx->key, 818 RPMB_KEY_MAC_SIZE, 819 &lastfrm, 1); 820 821 if (res != TEE_SUCCESS) 822 return res; 823 } 824 825 #ifndef CFG_RPMB_FS_NO_MAC 826 if (consttime_memcmp(rawdata->key_mac, 827 (datafrm + nbr_frms - 1)->key_mac, 828 RPMB_KEY_MAC_SIZE) != 0) { 829 DMSG("MAC mismatched:"); 830 #ifdef CFG_RPMB_FS_DEBUG_DATA 831 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 832 #endif 833 return TEE_ERROR_SECURITY; 834 } 835 #endif /* !CFG_RPMB_FS_NO_MAC */ 836 } 837 838 return TEE_SUCCESS; 839 } 840 841 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 842 struct rpmb_dev_info *dev_info) 843 { 844 TEE_Result res = TEE_ERROR_GENERIC; 845 struct tee_rpmb_mem mem; 846 struct rpmb_dev_info *di; 847 struct rpmb_req *req = NULL; 848 uint8_t *resp = NULL; 849 uint32_t req_size; 850 uint32_t resp_size; 851 852 if (!dev_info) 853 return TEE_ERROR_BAD_PARAMETERS; 854 855 req_size = sizeof(struct rpmb_req); 856 resp_size = sizeof(struct rpmb_dev_info); 857 res = tee_rpmb_alloc(req_size, resp_size, &mem, 858 (void *)&req, (void *)&resp); 859 if (res != TEE_SUCCESS) 860 goto func_exit; 861 862 req->cmd = RPMB_CMD_GET_DEV_INFO; 863 req->dev_id = dev_id; 864 865 di = (struct rpmb_dev_info *)resp; 866 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 867 868 res = tee_rpmb_invoke(&mem); 869 if (res != TEE_SUCCESS) 870 goto func_exit; 871 872 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 873 res = TEE_ERROR_GENERIC; 874 goto func_exit; 875 } 876 877 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 878 879 #ifdef CFG_RPMB_FS_DEBUG_DATA 880 DMSG("Dumping dev_info:"); 881 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 882 #endif 883 884 res = TEE_SUCCESS; 885 886 func_exit: 887 tee_rpmb_free(&mem); 888 return res; 889 } 890 891 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 892 uint32_t *wr_cnt, 893 uint16_t *op_result) 894 { 895 TEE_Result res = TEE_ERROR_GENERIC; 896 struct tee_rpmb_mem mem; 897 uint16_t msg_type; 898 uint8_t nonce[RPMB_NONCE_SIZE]; 899 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 900 struct rpmb_req *req = NULL; 901 struct rpmb_data_frame *resp = NULL; 902 struct rpmb_raw_data rawdata; 903 uint32_t req_size; 904 uint32_t resp_size; 905 906 if (!wr_cnt) 907 return TEE_ERROR_BAD_PARAMETERS; 908 909 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 910 resp_size = RPMB_DATA_FRAME_SIZE; 911 res = tee_rpmb_alloc(req_size, resp_size, &mem, 912 (void *)&req, (void *)&resp); 913 if (res != TEE_SUCCESS) 914 goto func_exit; 915 916 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 917 if (res != TEE_SUCCESS) 918 goto func_exit; 919 920 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 921 922 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 923 rawdata.msg_type = msg_type; 924 rawdata.nonce = nonce; 925 926 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 927 if (res != TEE_SUCCESS) 928 goto func_exit; 929 930 res = tee_rpmb_invoke(&mem); 931 if (res != TEE_SUCCESS) 932 goto func_exit; 933 934 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 935 936 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 937 rawdata.msg_type = msg_type; 938 rawdata.op_result = op_result; 939 rawdata.write_counter = wr_cnt; 940 rawdata.nonce = nonce; 941 rawdata.key_mac = hmac; 942 943 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 944 if (res != TEE_SUCCESS) 945 goto func_exit; 946 947 res = TEE_SUCCESS; 948 949 func_exit: 950 tee_rpmb_free(&mem); 951 return res; 952 } 953 954 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 955 { 956 uint16_t op_result = 0; 957 TEE_Result res = TEE_ERROR_GENERIC; 958 959 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 960 &op_result); 961 962 if (res == TEE_SUCCESS) { 963 rpmb_ctx->key_verified = true; 964 rpmb_ctx->wr_cnt_synced = true; 965 } else 966 EMSG("Verify key returning 0x%x", res); 967 return res; 968 } 969 970 #ifdef CFG_RPMB_WRITE_KEY 971 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 972 { 973 TEE_Result res = TEE_ERROR_GENERIC; 974 struct tee_rpmb_mem mem = { 0 }; 975 uint16_t msg_type; 976 struct rpmb_req *req = NULL; 977 struct rpmb_data_frame *resp = NULL; 978 struct rpmb_raw_data rawdata; 979 uint32_t req_size; 980 uint32_t resp_size; 981 982 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 983 resp_size = RPMB_DATA_FRAME_SIZE; 984 res = tee_rpmb_alloc(req_size, resp_size, &mem, 985 (void *)&req, (void *)&resp); 986 if (res != TEE_SUCCESS) 987 goto func_exit; 988 989 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 990 991 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 992 rawdata.msg_type = msg_type; 993 rawdata.key_mac = rpmb_ctx->key; 994 995 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 996 if (res != TEE_SUCCESS) 997 goto func_exit; 998 999 res = tee_rpmb_invoke(&mem); 1000 if (res != TEE_SUCCESS) 1001 goto func_exit; 1002 1003 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1004 1005 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1006 rawdata.msg_type = msg_type; 1007 1008 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1009 if (res != TEE_SUCCESS) 1010 goto func_exit; 1011 1012 res = TEE_SUCCESS; 1013 1014 func_exit: 1015 tee_rpmb_free(&mem); 1016 return res; 1017 } 1018 1019 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1020 { 1021 TEE_Result res; 1022 1023 if (!plat_rpmb_key_is_ready()) { 1024 DMSG("RPMB INIT: platform indicates RPMB key is not ready"); 1025 return TEE_ERROR_BAD_STATE; 1026 } 1027 1028 DMSG("RPMB INIT: Writing Key value:"); 1029 DHEXDUMP(rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 1030 1031 res = tee_rpmb_write_key(dev_id); 1032 if (res == TEE_SUCCESS) { 1033 DMSG("RPMB INIT: Verifying Key"); 1034 res = tee_rpmb_verify_key_sync_counter(dev_id); 1035 } 1036 return res; 1037 } 1038 #else 1039 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1040 { 1041 DMSG("RPMB INIT: CFG_RPMB_WRITE_KEY is not set"); 1042 return TEE_ERROR_BAD_STATE; 1043 } 1044 #endif 1045 1046 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1047 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1048 { 1049 TEE_Result res = TEE_SUCCESS; 1050 struct rpmb_dev_info dev_info; 1051 uint32_t nblocks = 0; 1052 1053 if (!rpmb_ctx) { 1054 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1055 if (!rpmb_ctx) 1056 return TEE_ERROR_OUT_OF_MEMORY; 1057 } else if (rpmb_ctx->dev_id != dev_id) { 1058 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1059 } 1060 1061 rpmb_ctx->dev_id = dev_id; 1062 1063 if (!rpmb_ctx->dev_info_synced) { 1064 DMSG("RPMB: Syncing device information"); 1065 1066 dev_info.rpmb_size_mult = 0; 1067 dev_info.rel_wr_sec_c = 0; 1068 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1069 if (res != TEE_SUCCESS) 1070 goto func_exit; 1071 1072 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1073 DMSG("RPMB: Reliable Write Sector Count is %d", 1074 dev_info.rel_wr_sec_c); 1075 1076 if (dev_info.rpmb_size_mult == 0) { 1077 res = TEE_ERROR_GENERIC; 1078 goto func_exit; 1079 } 1080 1081 if (MUL_OVERFLOW(dev_info.rpmb_size_mult, 1082 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE, &nblocks) || 1083 SUB_OVERFLOW(nblocks, 1, &rpmb_ctx->max_blk_idx)) { 1084 res = TEE_ERROR_BAD_PARAMETERS; 1085 goto func_exit; 1086 } 1087 1088 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1089 1090 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1091 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1092 #else 1093 rpmb_ctx->rel_wr_blkcnt = 1; 1094 #endif 1095 1096 rpmb_ctx->dev_info_synced = true; 1097 } 1098 1099 if (!rpmb_ctx->key_derived) { 1100 DMSG("RPMB INIT: Deriving key"); 1101 1102 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1103 RPMB_KEY_MAC_SIZE); 1104 if (res != TEE_SUCCESS) { 1105 EMSG("RPMB INIT: Deriving key failed with error 0x%x", 1106 res); 1107 goto func_exit; 1108 } 1109 1110 rpmb_ctx->key_derived = true; 1111 } 1112 1113 /* Perform a write counter read to verify if the key is ok. */ 1114 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1115 DMSG("RPMB INIT: Verifying Key"); 1116 1117 res = tee_rpmb_verify_key_sync_counter(dev_id); 1118 if (res == TEE_ERROR_ITEM_NOT_FOUND && 1119 !rpmb_ctx->key_verified) { 1120 /* 1121 * Need to write the key here and verify it. 1122 */ 1123 DMSG("RPMB INIT: Auth key not yet written"); 1124 res = tee_rpmb_write_and_verify_key(dev_id); 1125 } else if (res != TEE_SUCCESS) { 1126 EMSG("Verify key failed!"); 1127 EMSG("Make sure key here matches device key"); 1128 } 1129 } 1130 1131 func_exit: 1132 return res; 1133 } 1134 1135 /* 1136 * Read RPMB data in bytes. 1137 * 1138 * @dev_id Device ID of the eMMC device. 1139 * @addr Byte address of data. 1140 * @data Pointer to the data. 1141 * @len Size of data in bytes. 1142 * @fek Encrypted File Encryption Key or NULL. 1143 */ 1144 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1145 uint32_t len, const uint8_t *fek, 1146 const TEE_UUID *uuid) 1147 { 1148 TEE_Result res = TEE_ERROR_GENERIC; 1149 struct tee_rpmb_mem mem = { 0 }; 1150 uint16_t msg_type; 1151 uint8_t nonce[RPMB_NONCE_SIZE]; 1152 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1153 struct rpmb_req *req = NULL; 1154 struct rpmb_data_frame *resp = NULL; 1155 struct rpmb_raw_data rawdata; 1156 uint32_t req_size; 1157 uint32_t resp_size; 1158 uint16_t blk_idx; 1159 uint16_t blkcnt; 1160 uint8_t byte_offset; 1161 1162 if (!data || !len) 1163 return TEE_ERROR_BAD_PARAMETERS; 1164 1165 blk_idx = addr / RPMB_DATA_SIZE; 1166 byte_offset = addr % RPMB_DATA_SIZE; 1167 1168 if (len + byte_offset + RPMB_DATA_SIZE < RPMB_DATA_SIZE) { 1169 /* Overflow */ 1170 return TEE_ERROR_BAD_PARAMETERS; 1171 } 1172 blkcnt = 1173 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1174 res = tee_rpmb_init(dev_id); 1175 if (res != TEE_SUCCESS) 1176 goto func_exit; 1177 1178 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1179 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1180 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1181 (void *)&req, (void *)&resp); 1182 if (res != TEE_SUCCESS) 1183 goto func_exit; 1184 1185 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1186 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1187 if (res != TEE_SUCCESS) 1188 goto func_exit; 1189 1190 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1191 rawdata.msg_type = msg_type; 1192 rawdata.nonce = nonce; 1193 rawdata.blk_idx = &blk_idx; 1194 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1195 if (res != TEE_SUCCESS) 1196 goto func_exit; 1197 1198 req->block_count = blkcnt; 1199 1200 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1201 blk_idx); 1202 1203 res = tee_rpmb_invoke(&mem); 1204 if (res != TEE_SUCCESS) 1205 goto func_exit; 1206 1207 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1208 1209 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1210 rawdata.msg_type = msg_type; 1211 rawdata.block_count = &blkcnt; 1212 rawdata.blk_idx = &blk_idx; 1213 rawdata.nonce = nonce; 1214 rawdata.key_mac = hmac; 1215 rawdata.data = data; 1216 1217 rawdata.len = len; 1218 rawdata.byte_offset = byte_offset; 1219 1220 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1221 if (res != TEE_SUCCESS) 1222 goto func_exit; 1223 1224 res = TEE_SUCCESS; 1225 1226 func_exit: 1227 tee_rpmb_free(&mem); 1228 return res; 1229 } 1230 1231 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1232 const uint8_t *data_blks, uint16_t blkcnt, 1233 const uint8_t *fek, const TEE_UUID *uuid) 1234 { 1235 TEE_Result res; 1236 struct tee_rpmb_mem mem; 1237 uint16_t msg_type; 1238 uint32_t wr_cnt; 1239 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1240 struct rpmb_req *req = NULL; 1241 struct rpmb_data_frame *resp = NULL; 1242 struct rpmb_raw_data rawdata; 1243 uint32_t req_size; 1244 uint32_t resp_size; 1245 uint32_t nbr_writes; 1246 uint16_t tmp_blkcnt; 1247 uint16_t tmp_blk_idx; 1248 uint16_t i; 1249 1250 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1251 blk_idx); 1252 1253 if (!data_blks || !blkcnt) 1254 return TEE_ERROR_BAD_PARAMETERS; 1255 1256 res = tee_rpmb_init(dev_id); 1257 if (res != TEE_SUCCESS) 1258 return res; 1259 1260 /* 1261 * We need to split data when block count 1262 * is bigger than reliable block write count. 1263 */ 1264 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1265 req_size = sizeof(struct rpmb_req) + 1266 RPMB_DATA_FRAME_SIZE * blkcnt; 1267 else 1268 req_size = sizeof(struct rpmb_req) + 1269 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1270 1271 resp_size = RPMB_DATA_FRAME_SIZE; 1272 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1273 (void *)&req, (void *)&resp); 1274 if (res != TEE_SUCCESS) 1275 return res; 1276 1277 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1278 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1279 nbr_writes += 1; 1280 1281 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1282 tmp_blk_idx = blk_idx; 1283 for (i = 0; i < nbr_writes; i++) { 1284 /* 1285 * To handle the last write of block count which is 1286 * equal or smaller than reliable write block count. 1287 */ 1288 if (i == nbr_writes - 1) 1289 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1290 (nbr_writes - 1); 1291 1292 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1293 wr_cnt = rpmb_ctx->wr_cnt; 1294 1295 memset(req, 0x00, req_size); 1296 memset(resp, 0x00, resp_size); 1297 1298 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1299 rawdata.msg_type = msg_type; 1300 rawdata.block_count = &tmp_blkcnt; 1301 rawdata.blk_idx = &tmp_blk_idx; 1302 rawdata.write_counter = &wr_cnt; 1303 rawdata.key_mac = hmac; 1304 rawdata.data = (uint8_t *)data_blks + 1305 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1306 1307 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1308 fek, uuid); 1309 if (res != TEE_SUCCESS) 1310 goto out; 1311 1312 res = tee_rpmb_invoke(&mem); 1313 if (res != TEE_SUCCESS) { 1314 /* 1315 * To force wr_cnt sync next time, as it might get 1316 * out of sync due to inconsistent operation result! 1317 */ 1318 rpmb_ctx->wr_cnt_synced = false; 1319 goto out; 1320 } 1321 1322 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1323 1324 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1325 rawdata.msg_type = msg_type; 1326 rawdata.block_count = &tmp_blkcnt; 1327 rawdata.blk_idx = &tmp_blk_idx; 1328 rawdata.write_counter = &wr_cnt; 1329 rawdata.key_mac = hmac; 1330 1331 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1332 NULL); 1333 if (res != TEE_SUCCESS) { 1334 /* 1335 * To force wr_cnt sync next time, as it might get 1336 * out of sync due to inconsistent operation result! 1337 */ 1338 rpmb_ctx->wr_cnt_synced = false; 1339 goto out; 1340 } 1341 1342 tmp_blk_idx += tmp_blkcnt; 1343 } 1344 1345 out: 1346 tee_rpmb_free(&mem); 1347 return res; 1348 } 1349 1350 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1351 uint32_t len) 1352 { 1353 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1354 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1355 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1356 1357 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1358 } 1359 1360 /* 1361 * Write RPMB data in bytes. 1362 * 1363 * @dev_id Device ID of the eMMC device. 1364 * @addr Byte address of data. 1365 * @data Pointer to the data. 1366 * @len Size of data in bytes. 1367 * @fek Encrypted File Encryption Key or NULL. 1368 */ 1369 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1370 const uint8_t *data, uint32_t len, 1371 const uint8_t *fek, const TEE_UUID *uuid) 1372 { 1373 TEE_Result res = TEE_ERROR_GENERIC; 1374 uint8_t *data_tmp = NULL; 1375 uint16_t blk_idx; 1376 uint16_t blkcnt; 1377 uint8_t byte_offset; 1378 1379 blk_idx = addr / RPMB_DATA_SIZE; 1380 byte_offset = addr % RPMB_DATA_SIZE; 1381 1382 blkcnt = 1383 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1384 1385 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1386 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1387 uuid); 1388 if (res != TEE_SUCCESS) 1389 goto func_exit; 1390 } else { 1391 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1392 if (!data_tmp) { 1393 res = TEE_ERROR_OUT_OF_MEMORY; 1394 goto func_exit; 1395 } 1396 1397 /* Read the complete blocks */ 1398 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1399 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1400 if (res != TEE_SUCCESS) 1401 goto func_exit; 1402 1403 /* Partial update of the data blocks */ 1404 memcpy(data_tmp + byte_offset, data, len); 1405 1406 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1407 fek, uuid); 1408 if (res != TEE_SUCCESS) 1409 goto func_exit; 1410 } 1411 1412 res = TEE_SUCCESS; 1413 1414 func_exit: 1415 free(data_tmp); 1416 return res; 1417 } 1418 1419 /* 1420 * Read the RPMB write counter. 1421 * 1422 * @dev_id Device ID of the eMMC device. 1423 * @counter Pointer to the counter. 1424 */ 1425 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1426 uint32_t *counter) 1427 { 1428 TEE_Result res = TEE_SUCCESS; 1429 1430 if (!counter) 1431 return TEE_ERROR_BAD_PARAMETERS; 1432 1433 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1434 res = tee_rpmb_init(dev_id); 1435 if (res != TEE_SUCCESS) 1436 goto func_exit; 1437 } 1438 1439 *counter = rpmb_ctx->wr_cnt; 1440 1441 func_exit: 1442 return res; 1443 } 1444 1445 /* 1446 * Read the RPMB max block. 1447 * 1448 * @dev_id Device ID of the eMMC device. 1449 * @counter Pointer to receive the max block. 1450 */ 1451 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1452 { 1453 TEE_Result res = TEE_SUCCESS; 1454 1455 if (!max_block) 1456 return TEE_ERROR_BAD_PARAMETERS; 1457 1458 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1459 res = tee_rpmb_init(dev_id); 1460 if (res != TEE_SUCCESS) 1461 goto func_exit; 1462 } 1463 1464 *max_block = rpmb_ctx->max_blk_idx; 1465 1466 func_exit: 1467 return res; 1468 } 1469 1470 /* 1471 * End of lower interface to RPMB device 1472 */ 1473 1474 static TEE_Result get_fat_start_address(uint32_t *addr); 1475 1476 #if (TRACE_LEVEL >= TRACE_FLOW) 1477 static void dump_fat(void) 1478 { 1479 TEE_Result res = TEE_ERROR_GENERIC; 1480 struct rpmb_fat_entry *fat_entries = NULL; 1481 uint32_t fat_address; 1482 size_t size; 1483 int i; 1484 bool last_entry_found = false; 1485 1486 res = get_fat_start_address(&fat_address); 1487 if (res != TEE_SUCCESS) 1488 goto out; 1489 1490 size = CFG_RPMB_FS_RD_ENTRIES * sizeof(struct rpmb_fat_entry); 1491 fat_entries = malloc(size); 1492 if (!fat_entries) { 1493 res = TEE_ERROR_OUT_OF_MEMORY; 1494 goto out; 1495 } 1496 1497 while (!last_entry_found) { 1498 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1499 (uint8_t *)fat_entries, size, NULL, NULL); 1500 if (res != TEE_SUCCESS) 1501 goto out; 1502 1503 for (i = 0; i < CFG_RPMB_FS_RD_ENTRIES; i++) { 1504 1505 FMSG("flags 0x%x, size %d, address 0x%x, filename '%s'", 1506 fat_entries[i].flags, 1507 fat_entries[i].data_size, 1508 fat_entries[i].start_address, 1509 fat_entries[i].filename); 1510 1511 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1512 last_entry_found = true; 1513 break; 1514 } 1515 1516 /* Move to next fat_entry. */ 1517 fat_address += sizeof(struct rpmb_fat_entry); 1518 } 1519 } 1520 1521 out: 1522 free(fat_entries); 1523 } 1524 #else 1525 static void dump_fat(void) 1526 { 1527 } 1528 #endif 1529 1530 #if (TRACE_LEVEL >= TRACE_DEBUG) 1531 static void dump_fh(struct rpmb_file_handle *fh) 1532 { 1533 DMSG("fh->filename=%s", fh->filename); 1534 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1535 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1536 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1537 } 1538 #else 1539 static void dump_fh(struct rpmb_file_handle *fh __unused) 1540 { 1541 } 1542 #endif 1543 1544 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1545 bool temporary) 1546 { 1547 struct rpmb_file_handle *fh = NULL; 1548 1549 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1550 if (!fh) 1551 return NULL; 1552 1553 if (po) 1554 tee_svc_storage_create_filename(fh->filename, 1555 sizeof(fh->filename), po, 1556 temporary); 1557 1558 return fh; 1559 } 1560 1561 /** 1562 * write_fat_entry: Store info in a fat_entry to RPMB. 1563 */ 1564 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1565 bool update_write_counter) 1566 { 1567 TEE_Result res = TEE_ERROR_GENERIC; 1568 1569 /* Protect partition data. */ 1570 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1571 res = TEE_ERROR_ACCESS_CONFLICT; 1572 goto out; 1573 } 1574 1575 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1576 res = TEE_ERROR_BAD_PARAMETERS; 1577 goto out; 1578 } 1579 1580 if (update_write_counter) { 1581 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1582 &fh->fat_entry.write_counter); 1583 if (res != TEE_SUCCESS) 1584 goto out; 1585 } 1586 1587 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1588 (uint8_t *)&fh->fat_entry, 1589 sizeof(struct rpmb_fat_entry), NULL, NULL); 1590 1591 dump_fat(); 1592 1593 out: 1594 return res; 1595 } 1596 1597 /** 1598 * rpmb_fs_setup: Setup rpmb fs. 1599 * Set initial partition and FS values and write to RPMB. 1600 * Store frequently used data in RAM. 1601 */ 1602 static TEE_Result rpmb_fs_setup(void) 1603 { 1604 TEE_Result res = TEE_ERROR_GENERIC; 1605 struct rpmb_fs_partition *partition_data = NULL; 1606 struct rpmb_file_handle *fh = NULL; 1607 uint32_t max_rpmb_block = 0; 1608 1609 if (fs_par) { 1610 res = TEE_SUCCESS; 1611 goto out; 1612 } 1613 1614 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1615 if (res != TEE_SUCCESS) 1616 goto out; 1617 1618 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1619 if (!partition_data) { 1620 res = TEE_ERROR_OUT_OF_MEMORY; 1621 goto out; 1622 } 1623 1624 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1625 (uint8_t *)partition_data, 1626 sizeof(struct rpmb_fs_partition), NULL, NULL); 1627 if (res != TEE_SUCCESS) 1628 goto out; 1629 1630 #ifndef CFG_RPMB_RESET_FAT 1631 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1632 if (partition_data->fs_version == FS_VERSION) { 1633 res = TEE_SUCCESS; 1634 goto store_fs_par; 1635 } else { 1636 EMSG("Wrong software is in use."); 1637 res = TEE_ERROR_ACCESS_DENIED; 1638 goto out; 1639 } 1640 } 1641 #else 1642 EMSG("**** Clearing Storage ****"); 1643 #endif 1644 1645 /* Setup new partition data. */ 1646 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1647 partition_data->fs_version = FS_VERSION; 1648 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1649 1650 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1651 fh = alloc_file_handle(NULL, false); 1652 if (!fh) { 1653 res = TEE_ERROR_OUT_OF_MEMORY; 1654 goto out; 1655 } 1656 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1657 fh->rpmb_fat_address = partition_data->fat_start_address; 1658 1659 /* Write init FAT entry and partition data to RPMB. */ 1660 res = write_fat_entry(fh, true); 1661 if (res != TEE_SUCCESS) 1662 goto out; 1663 1664 res = 1665 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1666 &partition_data->write_counter); 1667 if (res != TEE_SUCCESS) 1668 goto out; 1669 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1670 (uint8_t *)partition_data, 1671 sizeof(struct rpmb_fs_partition), NULL, NULL); 1672 1673 #ifndef CFG_RPMB_RESET_FAT 1674 store_fs_par: 1675 #endif 1676 1677 /* Store FAT start address. */ 1678 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1679 if (!fs_par) { 1680 res = TEE_ERROR_OUT_OF_MEMORY; 1681 goto out; 1682 } 1683 1684 fs_par->fat_start_address = partition_data->fat_start_address; 1685 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1686 1687 dump_fat(); 1688 1689 out: 1690 free(fh); 1691 free(partition_data); 1692 return res; 1693 } 1694 1695 /** 1696 * get_fat_start_address: 1697 * FAT start_address from fs_par. 1698 */ 1699 static TEE_Result get_fat_start_address(uint32_t *addr) 1700 { 1701 if (!fs_par) 1702 return TEE_ERROR_NO_DATA; 1703 1704 *addr = fs_par->fat_start_address; 1705 1706 return TEE_SUCCESS; 1707 } 1708 1709 /** 1710 * read_fat: Read FAT entries 1711 * Return matching FAT entry for read, rm rename and stat. 1712 * Build up memory pool and return matching entry for write operation. 1713 * "Last FAT entry" can be returned during write. 1714 */ 1715 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 1716 { 1717 TEE_Result res = TEE_ERROR_GENERIC; 1718 tee_mm_entry_t *mm = NULL; 1719 struct rpmb_fat_entry *fat_entries = NULL; 1720 uint32_t fat_address; 1721 size_t size; 1722 int i; 1723 bool entry_found = false; 1724 bool last_entry_found = false; 1725 bool expand_fat = false; 1726 struct rpmb_file_handle last_fh; 1727 1728 DMSG("fat_address %d", fh->rpmb_fat_address); 1729 1730 res = rpmb_fs_setup(); 1731 if (res != TEE_SUCCESS) 1732 goto out; 1733 1734 res = get_fat_start_address(&fat_address); 1735 if (res != TEE_SUCCESS) 1736 goto out; 1737 1738 size = CFG_RPMB_FS_RD_ENTRIES * sizeof(struct rpmb_fat_entry); 1739 fat_entries = malloc(size); 1740 if (!fat_entries) { 1741 res = TEE_ERROR_OUT_OF_MEMORY; 1742 goto out; 1743 } 1744 1745 /* 1746 * The pool is used to represent the current RPMB layout. To find 1747 * a slot for the file tee_mm_alloc is called on the pool. Thus 1748 * if it is not NULL the entire FAT must be traversed to fill in 1749 * the pool. 1750 */ 1751 while (!last_entry_found && (!entry_found || p)) { 1752 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1753 (uint8_t *)fat_entries, size, NULL, NULL); 1754 if (res != TEE_SUCCESS) 1755 goto out; 1756 1757 for (i = 0; i < CFG_RPMB_FS_RD_ENTRIES; i++) { 1758 /* 1759 * Look for an entry, matching filenames. (read, rm, 1760 * rename and stat.). Only store first filename match. 1761 */ 1762 if (fh->filename && 1763 (strcmp(fh->filename, 1764 fat_entries[i].filename) == 0) && 1765 (fat_entries[i].flags & FILE_IS_ACTIVE) && 1766 (!entry_found)) { 1767 entry_found = true; 1768 fh->rpmb_fat_address = fat_address; 1769 memcpy(&fh->fat_entry, &fat_entries[i], 1770 sizeof(struct rpmb_fat_entry)); 1771 if (!p) 1772 break; 1773 } 1774 1775 /* Add existing files to memory pool. (write) */ 1776 if (p) { 1777 if ((fat_entries[i].flags & FILE_IS_ACTIVE) && 1778 (fat_entries[i].data_size > 0)) { 1779 1780 mm = tee_mm_alloc2 1781 (p, 1782 fat_entries[i].start_address, 1783 fat_entries[i].data_size); 1784 if (!mm) { 1785 res = TEE_ERROR_OUT_OF_MEMORY; 1786 goto out; 1787 } 1788 } 1789 1790 /* Unused FAT entries can be reused (write) */ 1791 if (((fat_entries[i].flags & FILE_IS_ACTIVE) == 1792 0) && (fh->rpmb_fat_address == 0)) { 1793 fh->rpmb_fat_address = fat_address; 1794 memcpy(&fh->fat_entry, &fat_entries[i], 1795 sizeof(struct rpmb_fat_entry)); 1796 } 1797 } 1798 1799 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1800 last_entry_found = true; 1801 1802 /* 1803 * If the last entry was reached and was chosen 1804 * by the previous check, then the FAT needs to 1805 * be expanded. 1806 * fh->rpmb_fat_address is the address chosen 1807 * to store the files FAT entry and fat_address 1808 * is the current FAT entry address being 1809 * compared. 1810 */ 1811 if (p && fh->rpmb_fat_address == fat_address) 1812 expand_fat = true; 1813 break; 1814 } 1815 1816 /* Move to next fat_entry. */ 1817 fat_address += sizeof(struct rpmb_fat_entry); 1818 } 1819 } 1820 1821 /* 1822 * Represent the FAT table in the pool. 1823 */ 1824 if (p) { 1825 /* 1826 * Since fat_address is the start of the last entry it needs to 1827 * be moved up by an entry. 1828 */ 1829 fat_address += sizeof(struct rpmb_fat_entry); 1830 1831 /* Make room for yet a FAT entry and add to memory pool. */ 1832 if (expand_fat) 1833 fat_address += sizeof(struct rpmb_fat_entry); 1834 1835 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 1836 if (!mm) { 1837 res = TEE_ERROR_OUT_OF_MEMORY; 1838 goto out; 1839 } 1840 1841 if (expand_fat) { 1842 /* 1843 * Point fat_address to the beginning of the new 1844 * entry. 1845 */ 1846 fat_address -= sizeof(struct rpmb_fat_entry); 1847 memset(&last_fh, 0, sizeof(last_fh)); 1848 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 1849 last_fh.rpmb_fat_address = fat_address; 1850 res = write_fat_entry(&last_fh, true); 1851 if (res != TEE_SUCCESS) 1852 goto out; 1853 } 1854 } 1855 1856 if (fh->filename && !fh->rpmb_fat_address) 1857 res = TEE_ERROR_ITEM_NOT_FOUND; 1858 1859 out: 1860 free(fat_entries); 1861 return res; 1862 } 1863 1864 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 1865 { 1866 TEE_Result res; 1867 1868 again: 1869 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 1870 if (res != TEE_SUCCESS) 1871 return res; 1872 1873 if (is_zero(fe->fek, sizeof(fe->fek))) 1874 goto again; 1875 1876 return res; 1877 } 1878 1879 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 1880 const TEE_UUID *uuid, bool create) 1881 { 1882 tee_mm_pool_t p; 1883 bool pool_result; 1884 TEE_Result res = TEE_ERROR_GENERIC; 1885 1886 /* We need to do setup in order to make sure fs_par is filled in */ 1887 res = rpmb_fs_setup(); 1888 if (res != TEE_SUCCESS) 1889 goto out; 1890 1891 fh->uuid = uuid; 1892 if (create) { 1893 /* Upper memory allocation must be used for RPMB_FS. */ 1894 pool_result = tee_mm_init(&p, 1895 RPMB_STORAGE_START_ADDRESS, 1896 fs_par->max_rpmb_address, 1897 RPMB_BLOCK_SIZE_SHIFT, 1898 TEE_MM_POOL_HI_ALLOC); 1899 1900 if (!pool_result) { 1901 res = TEE_ERROR_OUT_OF_MEMORY; 1902 goto out; 1903 } 1904 1905 res = read_fat(fh, &p); 1906 tee_mm_final(&p); 1907 if (res != TEE_SUCCESS) 1908 goto out; 1909 } else { 1910 res = read_fat(fh, NULL); 1911 if (res != TEE_SUCCESS) 1912 goto out; 1913 } 1914 1915 /* 1916 * If this is opened with create and the entry found was not active 1917 * then this is a new file and the FAT entry must be written 1918 */ 1919 if (create) { 1920 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 1921 memset(&fh->fat_entry, 0, 1922 sizeof(struct rpmb_fat_entry)); 1923 memcpy(fh->fat_entry.filename, fh->filename, 1924 strlen(fh->filename)); 1925 /* Start address and size are 0 */ 1926 fh->fat_entry.flags = FILE_IS_ACTIVE; 1927 1928 res = generate_fek(&fh->fat_entry, uuid); 1929 if (res != TEE_SUCCESS) 1930 goto out; 1931 DMSG("GENERATE FEK key: %p", 1932 (void *)fh->fat_entry.fek); 1933 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 1934 1935 res = write_fat_entry(fh, true); 1936 if (res != TEE_SUCCESS) 1937 goto out; 1938 } 1939 } 1940 1941 res = TEE_SUCCESS; 1942 1943 out: 1944 return res; 1945 } 1946 1947 static void rpmb_fs_close(struct tee_file_handle **tfh) 1948 { 1949 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 1950 1951 free(fh); 1952 *tfh = NULL; 1953 } 1954 1955 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 1956 void *buf, size_t *len) 1957 { 1958 TEE_Result res; 1959 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 1960 size_t size = *len; 1961 1962 if (!size) 1963 return TEE_SUCCESS; 1964 1965 mutex_lock(&rpmb_mutex); 1966 1967 dump_fh(fh); 1968 1969 res = read_fat(fh, NULL); 1970 if (res != TEE_SUCCESS) 1971 goto out; 1972 1973 if (pos >= fh->fat_entry.data_size) { 1974 *len = 0; 1975 goto out; 1976 } 1977 1978 size = MIN(size, fh->fat_entry.data_size - pos); 1979 if (size) { 1980 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1981 fh->fat_entry.start_address + pos, buf, 1982 size, fh->fat_entry.fek, fh->uuid); 1983 if (res != TEE_SUCCESS) 1984 goto out; 1985 } 1986 *len = size; 1987 1988 out: 1989 mutex_unlock(&rpmb_mutex); 1990 return res; 1991 } 1992 1993 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 1994 size_t pos, const void *buf, 1995 size_t size) 1996 { 1997 TEE_Result res; 1998 tee_mm_pool_t p; 1999 bool pool_result = false; 2000 tee_mm_entry_t *mm; 2001 size_t end; 2002 size_t newsize; 2003 uint8_t *newbuf = NULL; 2004 uintptr_t newaddr; 2005 uint32_t start_addr; 2006 2007 if (!size) 2008 return TEE_SUCCESS; 2009 2010 if (!fs_par) { 2011 res = TEE_ERROR_GENERIC; 2012 goto out; 2013 } 2014 2015 dump_fh(fh); 2016 2017 /* Upper memory allocation must be used for RPMB_FS. */ 2018 pool_result = tee_mm_init(&p, 2019 RPMB_STORAGE_START_ADDRESS, 2020 fs_par->max_rpmb_address, 2021 RPMB_BLOCK_SIZE_SHIFT, 2022 TEE_MM_POOL_HI_ALLOC); 2023 if (!pool_result) { 2024 res = TEE_ERROR_OUT_OF_MEMORY; 2025 goto out; 2026 } 2027 2028 res = read_fat(fh, &p); 2029 if (res != TEE_SUCCESS) 2030 goto out; 2031 2032 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2033 panic("invalid last entry flag"); 2034 2035 if (ADD_OVERFLOW(pos, size, &end)) { 2036 res = TEE_ERROR_BAD_PARAMETERS; 2037 goto out; 2038 } 2039 if (ADD_OVERFLOW(fh->fat_entry.start_address, pos, &start_addr)) { 2040 res = TEE_ERROR_BAD_PARAMETERS; 2041 goto out; 2042 } 2043 2044 if (end <= fh->fat_entry.data_size && 2045 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2046 2047 DMSG("Updating data in-place"); 2048 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2049 size, fh->fat_entry.fek, fh->uuid); 2050 if (res != TEE_SUCCESS) 2051 goto out; 2052 } else { 2053 /* 2054 * File must be extended, or update cannot be atomic: allocate, 2055 * read, update, write. 2056 */ 2057 2058 DMSG("Need to re-allocate"); 2059 newsize = MAX(end, fh->fat_entry.data_size); 2060 mm = tee_mm_alloc(&p, newsize); 2061 newbuf = calloc(1, newsize); 2062 if (!mm || !newbuf) { 2063 res = TEE_ERROR_OUT_OF_MEMORY; 2064 goto out; 2065 } 2066 2067 if (fh->fat_entry.data_size) { 2068 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2069 fh->fat_entry.start_address, 2070 newbuf, fh->fat_entry.data_size, 2071 fh->fat_entry.fek, fh->uuid); 2072 if (res != TEE_SUCCESS) 2073 goto out; 2074 } 2075 2076 memcpy(newbuf + pos, buf, size); 2077 2078 newaddr = tee_mm_get_smem(mm); 2079 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2080 newsize, fh->fat_entry.fek, fh->uuid); 2081 if (res != TEE_SUCCESS) 2082 goto out; 2083 2084 fh->fat_entry.data_size = newsize; 2085 fh->fat_entry.start_address = newaddr; 2086 res = write_fat_entry(fh, true); 2087 if (res != TEE_SUCCESS) 2088 goto out; 2089 } 2090 2091 out: 2092 if (pool_result) 2093 tee_mm_final(&p); 2094 if (newbuf) 2095 free(newbuf); 2096 2097 return res; 2098 } 2099 2100 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2101 const void *buf, size_t size) 2102 { 2103 TEE_Result res; 2104 2105 mutex_lock(&rpmb_mutex); 2106 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2107 buf, size); 2108 mutex_unlock(&rpmb_mutex); 2109 2110 return res; 2111 } 2112 2113 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2114 { 2115 TEE_Result res; 2116 2117 res = read_fat(fh, NULL); 2118 if (res) 2119 return res; 2120 2121 /* Clear this file entry. */ 2122 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2123 return write_fat_entry(fh, false); 2124 } 2125 2126 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2127 { 2128 TEE_Result res; 2129 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2130 2131 if (!fh) 2132 return TEE_ERROR_OUT_OF_MEMORY; 2133 2134 mutex_lock(&rpmb_mutex); 2135 2136 res = rpmb_fs_remove_internal(fh); 2137 2138 mutex_unlock(&rpmb_mutex); 2139 2140 free(fh); 2141 return res; 2142 } 2143 2144 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2145 struct tee_pobj *new, 2146 bool overwrite) 2147 { 2148 TEE_Result res = TEE_ERROR_GENERIC; 2149 struct rpmb_file_handle *fh_old = NULL; 2150 struct rpmb_file_handle *fh_new = NULL; 2151 2152 if (!old) { 2153 res = TEE_ERROR_BAD_PARAMETERS; 2154 goto out; 2155 } 2156 2157 if (new) 2158 fh_old = alloc_file_handle(old, old->temporary); 2159 else 2160 fh_old = alloc_file_handle(old, true); 2161 if (!fh_old) { 2162 res = TEE_ERROR_OUT_OF_MEMORY; 2163 goto out; 2164 } 2165 2166 if (new) 2167 fh_new = alloc_file_handle(new, new->temporary); 2168 else 2169 fh_new = alloc_file_handle(old, false); 2170 if (!fh_new) { 2171 res = TEE_ERROR_OUT_OF_MEMORY; 2172 goto out; 2173 } 2174 2175 res = read_fat(fh_old, NULL); 2176 if (res != TEE_SUCCESS) 2177 goto out; 2178 2179 res = read_fat(fh_new, NULL); 2180 if (res == TEE_SUCCESS) { 2181 if (!overwrite) { 2182 res = TEE_ERROR_ACCESS_CONFLICT; 2183 goto out; 2184 } 2185 2186 /* Clear this file entry. */ 2187 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2188 res = write_fat_entry(fh_new, false); 2189 if (res != TEE_SUCCESS) 2190 goto out; 2191 } 2192 2193 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2194 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2195 strlen(fh_new->filename)); 2196 2197 res = write_fat_entry(fh_old, false); 2198 2199 out: 2200 free(fh_old); 2201 free(fh_new); 2202 2203 return res; 2204 } 2205 2206 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2207 bool overwrite) 2208 { 2209 TEE_Result res; 2210 2211 mutex_lock(&rpmb_mutex); 2212 res = rpmb_fs_rename_internal(old, new, overwrite); 2213 mutex_unlock(&rpmb_mutex); 2214 2215 return res; 2216 } 2217 2218 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2219 { 2220 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2221 tee_mm_pool_t p; 2222 bool pool_result = false; 2223 tee_mm_entry_t *mm; 2224 uint32_t newsize; 2225 uint8_t *newbuf = NULL; 2226 uintptr_t newaddr; 2227 TEE_Result res = TEE_ERROR_GENERIC; 2228 2229 mutex_lock(&rpmb_mutex); 2230 2231 if (length > INT32_MAX) { 2232 res = TEE_ERROR_BAD_PARAMETERS; 2233 goto out; 2234 } 2235 newsize = length; 2236 2237 res = read_fat(fh, NULL); 2238 if (res != TEE_SUCCESS) 2239 goto out; 2240 2241 if (newsize > fh->fat_entry.data_size) { 2242 /* Extend file */ 2243 2244 pool_result = tee_mm_init(&p, 2245 RPMB_STORAGE_START_ADDRESS, 2246 fs_par->max_rpmb_address, 2247 RPMB_BLOCK_SIZE_SHIFT, 2248 TEE_MM_POOL_HI_ALLOC); 2249 if (!pool_result) { 2250 res = TEE_ERROR_OUT_OF_MEMORY; 2251 goto out; 2252 } 2253 res = read_fat(fh, &p); 2254 if (res != TEE_SUCCESS) 2255 goto out; 2256 2257 mm = tee_mm_alloc(&p, newsize); 2258 newbuf = calloc(1, newsize); 2259 if (!mm || !newbuf) { 2260 res = TEE_ERROR_OUT_OF_MEMORY; 2261 goto out; 2262 } 2263 2264 if (fh->fat_entry.data_size) { 2265 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2266 fh->fat_entry.start_address, 2267 newbuf, fh->fat_entry.data_size, 2268 fh->fat_entry.fek, fh->uuid); 2269 if (res != TEE_SUCCESS) 2270 goto out; 2271 } 2272 2273 newaddr = tee_mm_get_smem(mm); 2274 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2275 newsize, fh->fat_entry.fek, fh->uuid); 2276 if (res != TEE_SUCCESS) 2277 goto out; 2278 2279 } else { 2280 /* Don't change file location */ 2281 newaddr = fh->fat_entry.start_address; 2282 } 2283 2284 /* fh->pos is unchanged */ 2285 fh->fat_entry.data_size = newsize; 2286 fh->fat_entry.start_address = newaddr; 2287 res = write_fat_entry(fh, true); 2288 2289 out: 2290 mutex_unlock(&rpmb_mutex); 2291 if (pool_result) 2292 tee_mm_final(&p); 2293 if (newbuf) 2294 free(newbuf); 2295 2296 return res; 2297 } 2298 2299 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2300 { 2301 struct tee_rpmb_fs_dirent *e; 2302 2303 if (!dir) 2304 return; 2305 2306 free(dir->current); 2307 2308 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2309 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2310 free(e); 2311 } 2312 } 2313 2314 static TEE_Result rpmb_fs_dir_populate(const char *path, 2315 struct tee_fs_dir *dir) 2316 { 2317 struct tee_rpmb_fs_dirent *current = NULL; 2318 struct rpmb_fat_entry *fat_entries = NULL; 2319 uint32_t fat_address; 2320 uint32_t filelen; 2321 char *filename; 2322 int i; 2323 bool last_entry_found = false; 2324 bool matched; 2325 struct tee_rpmb_fs_dirent *next = NULL; 2326 uint32_t pathlen; 2327 TEE_Result res = TEE_ERROR_GENERIC; 2328 uint32_t size; 2329 char temp; 2330 2331 mutex_lock(&rpmb_mutex); 2332 2333 res = rpmb_fs_setup(); 2334 if (res != TEE_SUCCESS) 2335 goto out; 2336 2337 res = get_fat_start_address(&fat_address); 2338 if (res != TEE_SUCCESS) 2339 goto out; 2340 2341 size = CFG_RPMB_FS_RD_ENTRIES * sizeof(struct rpmb_fat_entry); 2342 fat_entries = malloc(size); 2343 if (!fat_entries) { 2344 res = TEE_ERROR_OUT_OF_MEMORY; 2345 goto out; 2346 } 2347 2348 pathlen = strlen(path); 2349 while (!last_entry_found) { 2350 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 2351 (uint8_t *)fat_entries, size, NULL, NULL); 2352 if (res != TEE_SUCCESS) 2353 goto out; 2354 2355 for (i = 0; i < CFG_RPMB_FS_RD_ENTRIES; i++) { 2356 filename = fat_entries[i].filename; 2357 if (fat_entries[i].flags & FILE_IS_ACTIVE) { 2358 matched = false; 2359 filelen = strlen(filename); 2360 if (filelen > pathlen) { 2361 temp = filename[pathlen]; 2362 filename[pathlen] = '\0'; 2363 if (strcmp(filename, path) == 0) 2364 matched = true; 2365 2366 filename[pathlen] = temp; 2367 } 2368 2369 if (matched) { 2370 next = malloc(sizeof(*next)); 2371 if (!next) { 2372 res = TEE_ERROR_OUT_OF_MEMORY; 2373 goto out; 2374 } 2375 2376 next->entry.oidlen = tee_hs2b( 2377 (uint8_t *)&filename[pathlen], 2378 next->entry.oid, 2379 filelen - pathlen, 2380 sizeof(next->entry.oid)); 2381 if (next->entry.oidlen) { 2382 SIMPLEQ_INSERT_TAIL(&dir->next, 2383 next, link); 2384 current = next; 2385 } else { 2386 free(next); 2387 next = NULL; 2388 } 2389 2390 } 2391 } 2392 2393 if (fat_entries[i].flags & FILE_IS_LAST_ENTRY) { 2394 last_entry_found = true; 2395 break; 2396 } 2397 2398 /* Move to next fat_entry. */ 2399 fat_address += sizeof(struct rpmb_fat_entry); 2400 } 2401 } 2402 2403 if (current) 2404 res = TEE_SUCCESS; 2405 else 2406 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2407 2408 out: 2409 mutex_unlock(&rpmb_mutex); 2410 if (res != TEE_SUCCESS) 2411 rpmb_fs_dir_free(dir); 2412 if (fat_entries) 2413 free(fat_entries); 2414 2415 return res; 2416 } 2417 2418 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2419 { 2420 uint32_t len; 2421 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2422 TEE_Result res = TEE_ERROR_GENERIC; 2423 struct tee_fs_dir *rpmb_dir = NULL; 2424 2425 if (!uuid || !dir) { 2426 res = TEE_ERROR_BAD_PARAMETERS; 2427 goto out; 2428 } 2429 2430 memset(path_local, 0, sizeof(path_local)); 2431 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2432 uuid) != TEE_SUCCESS) { 2433 res = TEE_ERROR_BAD_PARAMETERS; 2434 goto out; 2435 } 2436 len = strlen(path_local); 2437 2438 /* Add a slash to correctly match the full directory name. */ 2439 if (path_local[len - 1] != '/') 2440 path_local[len] = '/'; 2441 2442 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2443 if (!rpmb_dir) { 2444 res = TEE_ERROR_OUT_OF_MEMORY; 2445 goto out; 2446 } 2447 SIMPLEQ_INIT(&rpmb_dir->next); 2448 2449 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2450 if (res != TEE_SUCCESS) { 2451 free(rpmb_dir); 2452 rpmb_dir = NULL; 2453 goto out; 2454 } 2455 2456 *dir = rpmb_dir; 2457 2458 out: 2459 return res; 2460 } 2461 2462 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2463 struct tee_fs_dirent **ent) 2464 { 2465 if (!dir) 2466 return TEE_ERROR_GENERIC; 2467 2468 free(dir->current); 2469 2470 dir->current = SIMPLEQ_FIRST(&dir->next); 2471 if (!dir->current) 2472 return TEE_ERROR_ITEM_NOT_FOUND; 2473 2474 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2475 2476 *ent = &dir->current->entry; 2477 return TEE_SUCCESS; 2478 } 2479 2480 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2481 { 2482 if (dir) { 2483 rpmb_fs_dir_free(dir); 2484 free(dir); 2485 } 2486 } 2487 2488 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2489 struct tee_file_handle **ret_fh) 2490 { 2491 TEE_Result res; 2492 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2493 2494 if (!fh) 2495 return TEE_ERROR_OUT_OF_MEMORY; 2496 2497 mutex_lock(&rpmb_mutex); 2498 2499 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2500 if (!res && size) 2501 *size = fh->fat_entry.data_size; 2502 2503 mutex_unlock(&rpmb_mutex); 2504 2505 if (res) 2506 free(fh); 2507 else 2508 *ret_fh = (struct tee_file_handle *)fh; 2509 2510 return res; 2511 } 2512 2513 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2514 const void *head, size_t head_size, 2515 const void *attr, size_t attr_size, 2516 const void *data, size_t data_size, 2517 struct tee_file_handle **ret_fh) 2518 { 2519 TEE_Result res; 2520 size_t pos = 0; 2521 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2522 2523 if (!fh) 2524 return TEE_ERROR_OUT_OF_MEMORY; 2525 2526 mutex_lock(&rpmb_mutex); 2527 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2528 if (res) 2529 goto out; 2530 2531 if (head && head_size) { 2532 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2533 if (res) 2534 goto out; 2535 pos += head_size; 2536 } 2537 2538 if (attr && attr_size) { 2539 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2540 if (res) 2541 goto out; 2542 pos += attr_size; 2543 } 2544 2545 if (data && data_size) { 2546 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2547 if (res) 2548 goto out; 2549 } 2550 2551 if (po->temporary) { 2552 /* 2553 * If it's a temporary filename (which it normally is) 2554 * rename into the final filename now that the file is 2555 * fully initialized. 2556 */ 2557 po->temporary = false; 2558 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2559 if (res) { 2560 po->temporary = true; 2561 goto out; 2562 } 2563 /* Update file handle after rename. */ 2564 tee_svc_storage_create_filename(fh->filename, 2565 sizeof(fh->filename), 2566 po, false); 2567 } 2568 2569 out: 2570 if (res) { 2571 rpmb_fs_remove_internal(fh); 2572 free(fh); 2573 } else { 2574 *ret_fh = (struct tee_file_handle *)fh; 2575 } 2576 mutex_unlock(&rpmb_mutex); 2577 2578 return res; 2579 } 2580 2581 const struct tee_file_operations rpmb_fs_ops = { 2582 .open = rpmb_fs_open, 2583 .create = rpmb_fs_create, 2584 .close = rpmb_fs_close, 2585 .read = rpmb_fs_read, 2586 .write = rpmb_fs_write, 2587 .truncate = rpmb_fs_truncate, 2588 .rename = rpmb_fs_rename, 2589 .remove = rpmb_fs_remove, 2590 .opendir = rpmb_fs_opendir, 2591 .closedir = rpmb_fs_closedir, 2592 .readdir = rpmb_fs_readdir, 2593 }; 2594 2595 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2596 struct tee_file_handle **ret_fh) 2597 { 2598 TEE_Result res; 2599 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2600 static const TEE_UUID uuid = { 0 }; 2601 2602 if (!fh) 2603 return TEE_ERROR_OUT_OF_MEMORY; 2604 2605 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2606 2607 mutex_lock(&rpmb_mutex); 2608 2609 res = rpmb_fs_open_internal(fh, &uuid, create); 2610 2611 mutex_unlock(&rpmb_mutex); 2612 2613 if (res) { 2614 if (create) 2615 rpmb_fs_remove_internal(fh); 2616 free(fh); 2617 } else { 2618 *ret_fh = (struct tee_file_handle *)fh; 2619 } 2620 2621 return res; 2622 } 2623 2624 bool __weak plat_rpmb_key_is_ready(void) 2625 { 2626 return true; 2627 } 2628