1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 #include <assert.h> 7 #include <crypto/crypto.h> 8 #include <kernel/misc.h> 9 #include <kernel/msg_param.h> 10 #include <kernel/mutex.h> 11 #include <kernel/panic.h> 12 #include <kernel/tee_common.h> 13 #include <kernel/tee_common_otp.h> 14 #include <kernel/tee_misc.h> 15 #include <kernel/thread.h> 16 #include <mm/core_memprot.h> 17 #include <mm/mobj.h> 18 #include <mm/tee_mm.h> 19 #include <optee_msg_supplicant.h> 20 #include <stdlib.h> 21 #include <string_ext.h> 22 #include <string.h> 23 #include <sys/queue.h> 24 #include <tee/tee_fs.h> 25 #include <tee/tee_fs_key_manager.h> 26 #include <tee/tee_pobj.h> 27 #include <tee/tee_svc_storage.h> 28 #include <trace.h> 29 #include <util.h> 30 31 #define RPMB_STORAGE_START_ADDRESS 0 32 #define RPMB_FS_FAT_START_ADDRESS 512 33 #define RPMB_BLOCK_SIZE_SHIFT 8 34 #define RPMB_CID_PRV_OFFSET 9 35 #define RPMB_CID_CRC_OFFSET 15 36 37 #define RPMB_FS_MAGIC 0x52504D42 38 #define FS_VERSION 2 39 #define N_ENTRIES 8 40 41 #define FILE_IS_ACTIVE (1u << 0) 42 #define FILE_IS_LAST_ENTRY (1u << 1) 43 44 #define TEE_RPMB_FS_FILENAME_LENGTH 224 45 46 /** 47 * FS parameters: Information often used by internal functions. 48 * fat_start_address will be set by rpmb_fs_setup(). 49 * rpmb_fs_parameters can be read by any other function. 50 */ 51 struct rpmb_fs_parameters { 52 uint32_t fat_start_address; 53 uint32_t max_rpmb_address; 54 }; 55 56 /** 57 * File entry for a single file in a RPMB_FS partition. 58 */ 59 struct rpmb_fat_entry { 60 uint32_t start_address; 61 uint32_t data_size; 62 uint32_t flags; 63 uint32_t write_counter; 64 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 65 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 66 }; 67 68 /** 69 * FAT entry context with reference to a FAT entry and its 70 * location in RPMB. 71 */ 72 struct rpmb_file_handle { 73 struct rpmb_fat_entry fat_entry; 74 const TEE_UUID *uuid; 75 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 76 /* Address for current entry in RPMB */ 77 uint32_t rpmb_fat_address; 78 }; 79 80 /** 81 * RPMB_FS partition data 82 */ 83 struct rpmb_fs_partition { 84 uint32_t rpmb_fs_magic; 85 uint32_t fs_version; 86 uint32_t write_counter; 87 uint32_t fat_start_address; 88 /* Do not use reserved[] for other purpose than partition data. */ 89 uint8_t reserved[112]; 90 }; 91 92 /** 93 * A node in a list of directory entries. 94 */ 95 struct tee_rpmb_fs_dirent { 96 struct tee_fs_dirent entry; 97 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 98 }; 99 100 /** 101 * The RPMB directory representation. It contains a queue of 102 * RPMB directory entries: 'next'. 103 * The current pointer points to the last directory entry 104 * returned by readdir(). 105 */ 106 struct tee_fs_dir { 107 struct tee_rpmb_fs_dirent *current; 108 /* */ 109 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 110 }; 111 112 static struct rpmb_fs_parameters *fs_par; 113 114 /* 115 * Lower interface to RPMB device 116 */ 117 118 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 119 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 120 121 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 122 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 123 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 124 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 125 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 126 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 127 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 128 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 129 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 130 131 #define RPMB_STUFF_DATA_SIZE 196 132 #define RPMB_KEY_MAC_SIZE 32 133 #define RPMB_DATA_SIZE 256 134 #define RPMB_NONCE_SIZE 16 135 #define RPMB_DATA_FRAME_SIZE 512 136 137 #define RPMB_RESULT_OK 0x00 138 #define RPMB_RESULT_GENERAL_FAILURE 0x01 139 #define RPMB_RESULT_AUTH_FAILURE 0x02 140 #define RPMB_RESULT_COUNTER_FAILURE 0x03 141 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 142 #define RPMB_RESULT_WRITE_FAILURE 0x05 143 #define RPMB_RESULT_READ_FAILURE 0x06 144 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 145 #define RPMB_RESULT_MASK 0x3F 146 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 147 148 /* RPMB internal commands */ 149 #define RPMB_CMD_DATA_REQ 0x00 150 #define RPMB_CMD_GET_DEV_INFO 0x01 151 152 #define RPMB_SIZE_SINGLE (128 * 1024) 153 154 /* Error codes for get_dev_info request/response. */ 155 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 156 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 157 158 struct rpmb_data_frame { 159 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 160 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 161 uint8_t data[RPMB_DATA_SIZE]; 162 uint8_t nonce[RPMB_NONCE_SIZE]; 163 uint8_t write_counter[4]; 164 uint8_t address[2]; 165 uint8_t block_count[2]; 166 uint8_t op_result[2]; 167 uint8_t msg_type[2]; 168 }; 169 170 struct rpmb_req { 171 uint16_t cmd; 172 uint16_t dev_id; 173 uint16_t block_count; 174 /* variable length of data */ 175 /* uint8_t data[]; REMOVED! */ 176 }; 177 178 #define TEE_RPMB_REQ_DATA(req) \ 179 ((void *)((struct rpmb_req *)(req) + 1)) 180 181 struct rpmb_raw_data { 182 uint16_t msg_type; 183 uint16_t *op_result; 184 uint16_t *block_count; 185 uint16_t *blk_idx; 186 uint32_t *write_counter; 187 uint8_t *nonce; 188 uint8_t *key_mac; 189 uint8_t *data; 190 /* data length to read or write */ 191 uint32_t len; 192 /* Byte address offset in the first block involved */ 193 uint8_t byte_offset; 194 }; 195 196 #define RPMB_EMMC_CID_SIZE 16 197 struct rpmb_dev_info { 198 uint8_t cid[RPMB_EMMC_CID_SIZE]; 199 /* EXT CSD-slice 168 "RPMB Size" */ 200 uint8_t rpmb_size_mult; 201 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 202 uint8_t rel_wr_sec_c; 203 /* Check the ret code and accept the data only if it is OK. */ 204 uint8_t ret_code; 205 }; 206 207 /* 208 * Struct for rpmb context data. 209 * 210 * @key RPMB key. 211 * @cid eMMC card ID. 212 * @wr_cnt Current write counter. 213 * @max_blk_idx The highest block index supported by current device. 214 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 215 * @dev_id Device ID of the eMMC device. 216 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 217 * @key_derived Flag indicating if key has been generated. 218 * @key_verified Flag indicating the key generated is verified ok. 219 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 220 */ 221 struct tee_rpmb_ctx { 222 uint8_t key[RPMB_KEY_MAC_SIZE]; 223 uint8_t cid[RPMB_EMMC_CID_SIZE]; 224 uint32_t wr_cnt; 225 uint16_t max_blk_idx; 226 uint16_t rel_wr_blkcnt; 227 uint16_t dev_id; 228 bool wr_cnt_synced; 229 bool key_derived; 230 bool key_verified; 231 bool dev_info_synced; 232 }; 233 234 static struct tee_rpmb_ctx *rpmb_ctx; 235 236 /* 237 * Mutex to serialize the operations exported by this file. 238 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 239 * different IDs. 240 */ 241 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 242 243 #ifdef CFG_RPMB_TESTKEY 244 245 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 246 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 247 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 248 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 249 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 250 }; 251 252 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 253 uint8_t *key, uint32_t len) 254 { 255 TEE_Result res = TEE_SUCCESS; 256 257 if (!key || RPMB_KEY_MAC_SIZE != len) { 258 res = TEE_ERROR_BAD_PARAMETERS; 259 goto out; 260 } 261 262 DMSG("RPMB: Using test key"); 263 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 264 265 out: 266 return res; 267 } 268 269 #else /* !CFG_RPMB_TESTKEY */ 270 271 /* 272 * NOTE: We need a common API to get hw unique key and it 273 * should return error when the hw unique is not a valid 274 * one as stated below. 275 * We need to make sure the hw unique we get is valid by: 276 * 1. In case of HUK is used, checking if OTP is hidden (in 277 * which case only zeros will be returned) or not; 278 * 2. In case of SSK is used, checking if SSK in OTP is 279 * write_locked (which means a valid key is provisioned) 280 * or not. 281 * 282 * Maybe tee_get_hw_unique_key() should be exposed as 283 * generic API for getting hw unique key! 284 */ 285 static TEE_Result tee_get_hw_unique_key(struct tee_hw_unique_key *hwkey) 286 { 287 if (!hwkey) 288 return TEE_ERROR_BAD_PARAMETERS; 289 290 return tee_otp_get_hw_unique_key(hwkey); 291 } 292 293 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 294 uint8_t *key, uint32_t len) 295 { 296 TEE_Result res; 297 struct tee_hw_unique_key hwkey; 298 uint8_t message[RPMB_EMMC_CID_SIZE]; 299 void *ctx = NULL; 300 301 if (!key || RPMB_KEY_MAC_SIZE != len) { 302 res = TEE_ERROR_BAD_PARAMETERS; 303 goto out; 304 } 305 306 IMSG("RPMB: Using generated key"); 307 res = tee_get_hw_unique_key(&hwkey); 308 if (res != TEE_SUCCESS) 309 goto out; 310 311 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 312 if (res) 313 goto out; 314 315 /* 316 * PRV/CRC would be changed when doing eMMC FFU 317 * The following fields should be masked off when deriving RPMB key 318 * 319 * CID [55: 48]: PRV (Product revision) 320 * CID [07: 01]: CRC (CRC7 checksum) 321 * CID [00]: not used 322 */ 323 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 324 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 325 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 326 res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, hwkey.data, 327 HW_UNIQUE_KEY_LENGTH); 328 if (res != TEE_SUCCESS) 329 goto out; 330 331 res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, 332 message, 333 RPMB_EMMC_CID_SIZE); 334 if (res != TEE_SUCCESS) 335 goto out; 336 337 res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, key, len); 338 339 out: 340 crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256); 341 return res; 342 } 343 344 #endif /* !CFG_RPMB_TESTKEY */ 345 346 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 347 { 348 *bytes = (uint8_t) (u32 >> 24); 349 *(bytes + 1) = (uint8_t) (u32 >> 16); 350 *(bytes + 2) = (uint8_t) (u32 >> 8); 351 *(bytes + 3) = (uint8_t) u32; 352 } 353 354 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 355 { 356 *u32 = (uint32_t) ((*(bytes) << 24) + 357 (*(bytes + 1) << 16) + 358 (*(bytes + 2) << 8) + (*(bytes + 3))); 359 } 360 361 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 362 { 363 *bytes = (uint8_t) (u16 >> 8); 364 *(bytes + 1) = (uint8_t) u16; 365 } 366 367 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 368 { 369 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 370 } 371 372 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 373 uint8_t *key, uint32_t keysize, 374 struct rpmb_data_frame *datafrms, 375 uint16_t blkcnt) 376 { 377 TEE_Result res = TEE_ERROR_GENERIC; 378 int i; 379 void *ctx = NULL; 380 381 if (!mac || !key || !datafrms) 382 return TEE_ERROR_BAD_PARAMETERS; 383 384 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 385 if (res) 386 return res; 387 388 res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, key, keysize); 389 if (res != TEE_SUCCESS) 390 goto func_exit; 391 392 for (i = 0; i < blkcnt; i++) { 393 res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, 394 datafrms[i].data, 395 RPMB_MAC_PROTECT_DATA_SIZE); 396 if (res != TEE_SUCCESS) 397 goto func_exit; 398 } 399 400 res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, mac, macsize); 401 if (res != TEE_SUCCESS) 402 goto func_exit; 403 404 res = TEE_SUCCESS; 405 406 func_exit: 407 crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256); 408 return res; 409 } 410 411 struct tee_rpmb_mem { 412 struct mobj *phreq_mobj; 413 struct mobj *phresp_mobj; 414 size_t req_size; 415 size_t resp_size; 416 }; 417 418 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 419 { 420 if (!mem) 421 return; 422 423 if (mem->phreq_mobj) { 424 thread_rpc_free_payload(mem->phreq_mobj); 425 mem->phreq_mobj = NULL; 426 } 427 if (mem->phresp_mobj) { 428 thread_rpc_free_payload(mem->phresp_mobj); 429 mem->phresp_mobj = NULL; 430 } 431 } 432 433 434 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 435 struct tee_rpmb_mem *mem, void **req, void **resp) 436 { 437 TEE_Result res = TEE_SUCCESS; 438 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 439 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 440 441 if (!mem) 442 return TEE_ERROR_BAD_PARAMETERS; 443 444 memset(mem, 0, sizeof(*mem)); 445 446 mem->phreq_mobj = thread_rpc_alloc_payload(req_s); 447 mem->phresp_mobj = thread_rpc_alloc_payload(resp_s); 448 449 if (!mem->phreq_mobj || !mem->phresp_mobj) { 450 res = TEE_ERROR_OUT_OF_MEMORY; 451 goto out; 452 } 453 454 *req = mobj_get_va(mem->phreq_mobj, 0); 455 *resp = mobj_get_va(mem->phresp_mobj, 0); 456 if (!*req || !*resp) { 457 res = TEE_ERROR_GENERIC; 458 goto out; 459 } 460 461 mem->req_size = req_size; 462 mem->resp_size = resp_size; 463 464 out: 465 if (res != TEE_SUCCESS) 466 tee_rpmb_free(mem); 467 return res; 468 } 469 470 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 471 { 472 struct optee_msg_param params[2]; 473 474 memset(params, 0, sizeof(params)); 475 476 if (!msg_param_init_memparam(params + 0, mem->phreq_mobj, 0, 477 mem->req_size, MSG_PARAM_MEM_DIR_IN)) 478 return TEE_ERROR_BAD_STATE; 479 480 if (!msg_param_init_memparam(params + 1, mem->phresp_mobj, 0, 481 mem->resp_size, MSG_PARAM_MEM_DIR_OUT)) 482 return TEE_ERROR_BAD_STATE; 483 484 return thread_rpc_cmd(OPTEE_MSG_RPC_CMD_RPMB, 2, params); 485 } 486 487 static bool is_zero(const uint8_t *buf, size_t size) 488 { 489 size_t i; 490 491 for (i = 0; i < size; i++) 492 if (buf[i]) 493 return false; 494 return true; 495 } 496 497 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 498 uint16_t blk_idx, const uint8_t *fek, 499 const TEE_UUID *uuid) 500 { 501 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 502 blk_idx, fek, TEE_MODE_ENCRYPT); 503 } 504 505 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 506 uint16_t blk_idx, const uint8_t *fek, 507 const TEE_UUID *uuid) 508 { 509 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 510 blk_idx, fek, TEE_MODE_DECRYPT); 511 } 512 513 /* Decrypt/copy at most one block of data */ 514 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 515 size_t size, size_t offset, 516 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 517 const TEE_UUID *uuid) 518 { 519 uint8_t *tmp __maybe_unused; 520 521 522 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 523 panic("invalid size or offset"); 524 525 if (!fek) { 526 /* Block is not encrypted (not a file data block) */ 527 memcpy(out, frm->data + offset, size); 528 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 529 /* The file was created with encryption disabled */ 530 return TEE_ERROR_SECURITY; 531 } else { 532 /* Block is encrypted */ 533 if (size < RPMB_DATA_SIZE) { 534 /* 535 * Since output buffer is not large enough to hold one 536 * block we must allocate a temporary buffer. 537 */ 538 tmp = malloc(RPMB_DATA_SIZE); 539 if (!tmp) 540 return TEE_ERROR_OUT_OF_MEMORY; 541 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 542 memcpy(out, tmp + offset, size); 543 free(tmp); 544 } else { 545 decrypt_block(out, frm->data, blk_idx, fek, uuid); 546 } 547 } 548 549 return TEE_SUCCESS; 550 } 551 552 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 553 struct rpmb_raw_data *rawdata, 554 uint16_t nbr_frms, uint16_t dev_id, 555 const uint8_t *fek, const TEE_UUID *uuid) 556 { 557 TEE_Result res = TEE_ERROR_GENERIC; 558 int i; 559 struct rpmb_data_frame *datafrm; 560 561 if (!req || !rawdata || !nbr_frms) 562 return TEE_ERROR_BAD_PARAMETERS; 563 564 /* 565 * Check write blockcount is not bigger than reliable write 566 * blockcount. 567 */ 568 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 569 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 570 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 571 rpmb_ctx->rel_wr_blkcnt); 572 return TEE_ERROR_GENERIC; 573 } 574 575 req->cmd = RPMB_CMD_DATA_REQ; 576 req->dev_id = dev_id; 577 578 /* Allocate memory for construct all data packets and calculate MAC. */ 579 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 580 if (!datafrm) 581 return TEE_ERROR_OUT_OF_MEMORY; 582 583 for (i = 0; i < nbr_frms; i++) { 584 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 585 586 if (rawdata->block_count) 587 u16_to_bytes(*rawdata->block_count, 588 datafrm[i].block_count); 589 590 if (rawdata->blk_idx) { 591 /* Check the block index is within range. */ 592 if ((*rawdata->blk_idx + nbr_frms) > 593 rpmb_ctx->max_blk_idx) { 594 res = TEE_ERROR_GENERIC; 595 goto func_exit; 596 } 597 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 598 } 599 600 if (rawdata->write_counter) 601 u32_to_bytes(*rawdata->write_counter, 602 datafrm[i].write_counter); 603 604 if (rawdata->nonce) 605 memcpy(datafrm[i].nonce, rawdata->nonce, 606 RPMB_NONCE_SIZE); 607 608 if (rawdata->data) { 609 if (fek) 610 encrypt_block(datafrm[i].data, 611 rawdata->data + (i * RPMB_DATA_SIZE), 612 *rawdata->blk_idx + i, fek, uuid); 613 else 614 memcpy(datafrm[i].data, 615 rawdata->data + (i * RPMB_DATA_SIZE), 616 RPMB_DATA_SIZE); 617 } 618 } 619 620 if (rawdata->key_mac) { 621 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 622 res = 623 tee_rpmb_mac_calc(rawdata->key_mac, 624 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 625 RPMB_KEY_MAC_SIZE, datafrm, 626 nbr_frms); 627 if (res != TEE_SUCCESS) 628 goto func_exit; 629 } 630 memcpy(datafrm[nbr_frms - 1].key_mac, 631 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 632 } 633 634 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 635 nbr_frms * RPMB_DATA_FRAME_SIZE); 636 637 #ifdef CFG_RPMB_FS_DEBUG_DATA 638 for (i = 0; i < nbr_frms; i++) { 639 DMSG("Dumping data frame %d:", i); 640 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 641 512 - RPMB_STUFF_DATA_SIZE); 642 } 643 #endif 644 645 res = TEE_SUCCESS; 646 func_exit: 647 free(datafrm); 648 return res; 649 } 650 651 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 652 struct rpmb_data_frame *frm, 653 const uint8_t *fek, const TEE_UUID *uuid) 654 { 655 TEE_Result res; 656 uint8_t *data; 657 uint16_t idx; 658 659 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 660 return TEE_ERROR_BAD_PARAMETERS; 661 662 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 663 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 664 if (res != TEE_SUCCESS) 665 return res; 666 667 data = rawdata->data; 668 bytes_to_u16(frm->address, &idx); 669 670 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 671 uuid); 672 return res; 673 } 674 675 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 676 struct rpmb_raw_data *rawdata, 677 uint16_t nbr_frms, 678 struct rpmb_data_frame *lastfrm, 679 const uint8_t *fek, 680 const TEE_UUID *uuid) 681 { 682 TEE_Result res = TEE_ERROR_GENERIC; 683 int i; 684 void *ctx = NULL; 685 uint16_t offset; 686 uint32_t size; 687 uint8_t *data; 688 uint16_t start_idx; 689 struct rpmb_data_frame localfrm; 690 691 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 692 return TEE_ERROR_BAD_PARAMETERS; 693 694 if (nbr_frms == 1) 695 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 696 697 /* nbr_frms > 1 */ 698 699 data = rawdata->data; 700 701 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 702 if (res) 703 goto func_exit; 704 705 res = crypto_mac_init(ctx, TEE_ALG_HMAC_SHA256, rpmb_ctx->key, 706 RPMB_KEY_MAC_SIZE); 707 if (res != TEE_SUCCESS) 708 goto func_exit; 709 710 /* 711 * Note: JEDEC JESD84-B51: "In every packet the address is the start 712 * address of the full access (not address of the individual half a 713 * sector)" 714 */ 715 bytes_to_u16(lastfrm->address, &start_idx); 716 717 for (i = 0; i < (nbr_frms - 1); i++) { 718 719 /* 720 * By working on a local copy of the RPMB frame, we ensure that 721 * the data can not be modified after the MAC is computed but 722 * before the payload is decrypted/copied to the output buffer. 723 */ 724 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 725 726 res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, localfrm.data, 727 RPMB_MAC_PROTECT_DATA_SIZE); 728 if (res != TEE_SUCCESS) 729 goto func_exit; 730 731 if (i == 0) { 732 /* First block */ 733 offset = rawdata->byte_offset; 734 size = RPMB_DATA_SIZE - offset; 735 } else { 736 /* Middle blocks */ 737 size = RPMB_DATA_SIZE; 738 offset = 0; 739 } 740 741 res = decrypt(data, &localfrm, size, offset, start_idx + i, 742 fek, uuid); 743 if (res != TEE_SUCCESS) 744 goto func_exit; 745 746 data += size; 747 } 748 749 /* Last block */ 750 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 751 if (size == 0) 752 size = RPMB_DATA_SIZE; 753 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 754 uuid); 755 if (res != TEE_SUCCESS) 756 goto func_exit; 757 758 /* Update MAC against the last block */ 759 res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256, lastfrm->data, 760 RPMB_MAC_PROTECT_DATA_SIZE); 761 if (res != TEE_SUCCESS) 762 goto func_exit; 763 764 res = crypto_mac_final(ctx, TEE_ALG_HMAC_SHA256, rawdata->key_mac, 765 RPMB_KEY_MAC_SIZE); 766 if (res != TEE_SUCCESS) 767 goto func_exit; 768 769 res = TEE_SUCCESS; 770 771 func_exit: 772 crypto_mac_free_ctx(ctx, TEE_ALG_HMAC_SHA256); 773 return res; 774 } 775 776 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 777 struct rpmb_raw_data *rawdata, 778 uint16_t nbr_frms, 779 const uint8_t *fek, 780 const TEE_UUID *uuid) 781 { 782 TEE_Result res = TEE_ERROR_GENERIC; 783 uint16_t msg_type; 784 uint32_t wr_cnt; 785 uint16_t blk_idx; 786 uint16_t op_result; 787 struct rpmb_data_frame lastfrm; 788 789 if (!datafrm || !rawdata || !nbr_frms) 790 return TEE_ERROR_BAD_PARAMETERS; 791 792 #ifdef CFG_RPMB_FS_DEBUG_DATA 793 for (uint32_t i = 0; i < nbr_frms; i++) { 794 DMSG("Dumping data frame %d:", i); 795 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 796 512 - RPMB_STUFF_DATA_SIZE); 797 } 798 #endif 799 800 /* Make sure the last data packet can't be modified once verified */ 801 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 802 803 /* Handle operation result and translate to TEEC error code. */ 804 bytes_to_u16(lastfrm.op_result, &op_result); 805 if (rawdata->op_result) 806 *rawdata->op_result = op_result; 807 if (op_result != RPMB_RESULT_OK) 808 return TEE_ERROR_GENERIC; 809 810 /* Check the response msg_type. */ 811 bytes_to_u16(lastfrm.msg_type, &msg_type); 812 if (msg_type != rawdata->msg_type) { 813 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 814 rawdata->msg_type); 815 return TEE_ERROR_GENERIC; 816 } 817 818 if (rawdata->blk_idx) { 819 bytes_to_u16(lastfrm.address, &blk_idx); 820 if (blk_idx != *rawdata->blk_idx) { 821 DMSG("Unexpected block index"); 822 return TEE_ERROR_GENERIC; 823 } 824 } 825 826 if (rawdata->write_counter) { 827 wr_cnt = *rawdata->write_counter; 828 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 829 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 830 /* Verify the write counter is incremented by 1 */ 831 if (*rawdata->write_counter != wr_cnt + 1) { 832 DMSG("Counter mismatched (0x%04x/0x%04x)", 833 *rawdata->write_counter, wr_cnt + 1); 834 return TEE_ERROR_SECURITY; 835 } 836 rpmb_ctx->wr_cnt++; 837 } 838 } 839 840 if (rawdata->nonce) { 841 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 842 RPMB_NONCE_SIZE) != 0) { 843 DMSG("Nonce mismatched"); 844 return TEE_ERROR_SECURITY; 845 } 846 } 847 848 if (rawdata->key_mac) { 849 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 850 if (!rawdata->data) 851 return TEE_ERROR_GENERIC; 852 853 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 854 nbr_frms, &lastfrm, 855 fek, uuid); 856 857 if (res != TEE_SUCCESS) 858 return res; 859 } else { 860 /* 861 * There should be only one data frame for 862 * other msg types. 863 */ 864 if (nbr_frms != 1) 865 return TEE_ERROR_GENERIC; 866 867 res = tee_rpmb_mac_calc(rawdata->key_mac, 868 RPMB_KEY_MAC_SIZE, 869 rpmb_ctx->key, 870 RPMB_KEY_MAC_SIZE, 871 &lastfrm, 1); 872 873 if (res != TEE_SUCCESS) 874 return res; 875 } 876 877 #ifndef CFG_RPMB_FS_NO_MAC 878 if (buf_compare_ct(rawdata->key_mac, 879 (datafrm + nbr_frms - 1)->key_mac, 880 RPMB_KEY_MAC_SIZE) != 0) { 881 DMSG("MAC mismatched:"); 882 #ifdef CFG_RPMB_FS_DEBUG_DATA 883 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 884 #endif 885 return TEE_ERROR_SECURITY; 886 } 887 #endif /* !CFG_RPMB_FS_NO_MAC */ 888 } 889 890 return TEE_SUCCESS; 891 } 892 893 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 894 struct rpmb_dev_info *dev_info) 895 { 896 TEE_Result res = TEE_ERROR_GENERIC; 897 struct tee_rpmb_mem mem; 898 struct rpmb_dev_info *di; 899 struct rpmb_req *req = NULL; 900 uint8_t *resp = NULL; 901 uint32_t req_size; 902 uint32_t resp_size; 903 904 if (!dev_info) 905 return TEE_ERROR_BAD_PARAMETERS; 906 907 req_size = sizeof(struct rpmb_req); 908 resp_size = sizeof(struct rpmb_dev_info); 909 res = tee_rpmb_alloc(req_size, resp_size, &mem, 910 (void *)&req, (void *)&resp); 911 if (res != TEE_SUCCESS) 912 goto func_exit; 913 914 req->cmd = RPMB_CMD_GET_DEV_INFO; 915 req->dev_id = dev_id; 916 917 di = (struct rpmb_dev_info *)resp; 918 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 919 920 res = tee_rpmb_invoke(&mem); 921 if (res != TEE_SUCCESS) 922 goto func_exit; 923 924 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 925 res = TEE_ERROR_GENERIC; 926 goto func_exit; 927 } 928 929 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 930 931 #ifdef CFG_RPMB_FS_DEBUG_DATA 932 DMSG("Dumping dev_info:"); 933 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 934 #endif 935 936 res = TEE_SUCCESS; 937 938 func_exit: 939 tee_rpmb_free(&mem); 940 return res; 941 } 942 943 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 944 uint32_t *wr_cnt, 945 uint16_t *op_result) 946 { 947 TEE_Result res = TEE_ERROR_GENERIC; 948 struct tee_rpmb_mem mem; 949 uint16_t msg_type; 950 uint8_t nonce[RPMB_NONCE_SIZE]; 951 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 952 struct rpmb_req *req = NULL; 953 struct rpmb_data_frame *resp = NULL; 954 struct rpmb_raw_data rawdata; 955 uint32_t req_size; 956 uint32_t resp_size; 957 958 if (!wr_cnt) 959 return TEE_ERROR_BAD_PARAMETERS; 960 961 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 962 resp_size = RPMB_DATA_FRAME_SIZE; 963 res = tee_rpmb_alloc(req_size, resp_size, &mem, 964 (void *)&req, (void *)&resp); 965 if (res != TEE_SUCCESS) 966 goto func_exit; 967 968 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 969 if (res != TEE_SUCCESS) 970 goto func_exit; 971 972 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 973 974 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 975 rawdata.msg_type = msg_type; 976 rawdata.nonce = nonce; 977 978 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 979 if (res != TEE_SUCCESS) 980 goto func_exit; 981 982 res = tee_rpmb_invoke(&mem); 983 if (res != TEE_SUCCESS) 984 goto func_exit; 985 986 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 987 988 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 989 rawdata.msg_type = msg_type; 990 rawdata.op_result = op_result; 991 rawdata.write_counter = wr_cnt; 992 rawdata.nonce = nonce; 993 rawdata.key_mac = hmac; 994 995 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 996 if (res != TEE_SUCCESS) 997 goto func_exit; 998 999 res = TEE_SUCCESS; 1000 1001 func_exit: 1002 tee_rpmb_free(&mem); 1003 return res; 1004 } 1005 1006 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 1007 { 1008 uint16_t op_result = 0; 1009 TEE_Result res = TEE_ERROR_GENERIC; 1010 1011 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 1012 &op_result); 1013 1014 if (res == TEE_SUCCESS) { 1015 rpmb_ctx->key_verified = true; 1016 rpmb_ctx->wr_cnt_synced = true; 1017 } 1018 1019 DMSG("Verify key returning 0x%x\n", res); 1020 return res; 1021 } 1022 1023 #ifdef CFG_RPMB_WRITE_KEY 1024 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1025 { 1026 TEE_Result res = TEE_ERROR_GENERIC; 1027 struct tee_rpmb_mem mem = { 0 }; 1028 uint16_t msg_type; 1029 struct rpmb_req *req = NULL; 1030 struct rpmb_data_frame *resp = NULL; 1031 struct rpmb_raw_data rawdata; 1032 uint32_t req_size; 1033 uint32_t resp_size; 1034 1035 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1036 resp_size = RPMB_DATA_FRAME_SIZE; 1037 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1038 (void *)&req, (void *)&resp); 1039 if (res != TEE_SUCCESS) 1040 goto func_exit; 1041 1042 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1043 1044 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1045 rawdata.msg_type = msg_type; 1046 rawdata.key_mac = rpmb_ctx->key; 1047 1048 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1049 if (res != TEE_SUCCESS) 1050 goto func_exit; 1051 1052 res = tee_rpmb_invoke(&mem); 1053 if (res != TEE_SUCCESS) 1054 goto func_exit; 1055 1056 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1057 1058 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1059 rawdata.msg_type = msg_type; 1060 1061 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1062 if (res != TEE_SUCCESS) 1063 goto func_exit; 1064 1065 res = TEE_SUCCESS; 1066 1067 func_exit: 1068 tee_rpmb_free(&mem); 1069 return res; 1070 } 1071 1072 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1073 { 1074 TEE_Result res; 1075 1076 DMSG("RPMB INIT: Writing Key"); 1077 res = tee_rpmb_write_key(dev_id); 1078 if (res == TEE_SUCCESS) { 1079 DMSG("RPMB INIT: Verifying Key"); 1080 res = tee_rpmb_verify_key_sync_counter(dev_id); 1081 } 1082 return res; 1083 } 1084 #else 1085 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1086 { 1087 return TEE_ERROR_BAD_STATE; 1088 } 1089 #endif 1090 1091 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1092 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1093 { 1094 TEE_Result res = TEE_SUCCESS; 1095 struct rpmb_dev_info dev_info; 1096 1097 if (!rpmb_ctx) { 1098 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1099 if (!rpmb_ctx) 1100 return TEE_ERROR_OUT_OF_MEMORY; 1101 } else if (rpmb_ctx->dev_id != dev_id) { 1102 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1103 } 1104 1105 rpmb_ctx->dev_id = dev_id; 1106 1107 if (!rpmb_ctx->dev_info_synced) { 1108 DMSG("RPMB: Syncing device information"); 1109 1110 dev_info.rpmb_size_mult = 0; 1111 dev_info.rel_wr_sec_c = 0; 1112 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1113 if (res != TEE_SUCCESS) 1114 goto func_exit; 1115 1116 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1117 DMSG("RPMB: Reliable Write Sector Count is %d", 1118 dev_info.rel_wr_sec_c); 1119 1120 if (dev_info.rpmb_size_mult == 0) { 1121 res = TEE_ERROR_GENERIC; 1122 goto func_exit; 1123 } 1124 1125 rpmb_ctx->max_blk_idx = (dev_info.rpmb_size_mult * 1126 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE) - 1; 1127 1128 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1129 1130 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1131 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1132 #else 1133 rpmb_ctx->rel_wr_blkcnt = 1; 1134 #endif 1135 1136 rpmb_ctx->dev_info_synced = true; 1137 } 1138 1139 if (!rpmb_ctx->key_derived) { 1140 DMSG("RPMB INIT: Deriving key"); 1141 1142 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1143 RPMB_KEY_MAC_SIZE); 1144 if (res != TEE_SUCCESS) 1145 goto func_exit; 1146 1147 rpmb_ctx->key_derived = true; 1148 } 1149 1150 /* Perform a write counter read to verify if the key is ok. */ 1151 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1152 DMSG("RPMB INIT: Verifying Key"); 1153 1154 res = tee_rpmb_verify_key_sync_counter(dev_id); 1155 if (res != TEE_SUCCESS && !rpmb_ctx->key_verified) { 1156 /* 1157 * Need to write the key here and verify it. 1158 */ 1159 res = tee_rpmb_write_and_verify_key(dev_id); 1160 } 1161 } 1162 1163 func_exit: 1164 return res; 1165 } 1166 1167 /* 1168 * Read RPMB data in bytes. 1169 * 1170 * @dev_id Device ID of the eMMC device. 1171 * @addr Byte address of data. 1172 * @data Pointer to the data. 1173 * @len Size of data in bytes. 1174 * @fek Encrypted File Encryption Key or NULL. 1175 */ 1176 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1177 uint32_t len, const uint8_t *fek, 1178 const TEE_UUID *uuid) 1179 { 1180 TEE_Result res = TEE_ERROR_GENERIC; 1181 struct tee_rpmb_mem mem = { 0 }; 1182 uint16_t msg_type; 1183 uint8_t nonce[RPMB_NONCE_SIZE]; 1184 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1185 struct rpmb_req *req = NULL; 1186 struct rpmb_data_frame *resp = NULL; 1187 struct rpmb_raw_data rawdata; 1188 uint32_t req_size; 1189 uint32_t resp_size; 1190 uint16_t blk_idx; 1191 uint16_t blkcnt; 1192 uint8_t byte_offset; 1193 1194 if (!data || !len) 1195 return TEE_ERROR_BAD_PARAMETERS; 1196 1197 blk_idx = addr / RPMB_DATA_SIZE; 1198 byte_offset = addr % RPMB_DATA_SIZE; 1199 1200 blkcnt = 1201 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1202 res = tee_rpmb_init(dev_id); 1203 if (res != TEE_SUCCESS) 1204 goto func_exit; 1205 1206 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1207 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1208 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1209 (void *)&req, (void *)&resp); 1210 if (res != TEE_SUCCESS) 1211 goto func_exit; 1212 1213 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1214 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1215 if (res != TEE_SUCCESS) 1216 goto func_exit; 1217 1218 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1219 rawdata.msg_type = msg_type; 1220 rawdata.nonce = nonce; 1221 rawdata.blk_idx = &blk_idx; 1222 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1223 if (res != TEE_SUCCESS) 1224 goto func_exit; 1225 1226 req->block_count = blkcnt; 1227 1228 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1229 blk_idx); 1230 1231 res = tee_rpmb_invoke(&mem); 1232 if (res != TEE_SUCCESS) 1233 goto func_exit; 1234 1235 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1236 1237 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1238 rawdata.msg_type = msg_type; 1239 rawdata.block_count = &blkcnt; 1240 rawdata.blk_idx = &blk_idx; 1241 rawdata.nonce = nonce; 1242 rawdata.key_mac = hmac; 1243 rawdata.data = data; 1244 1245 rawdata.len = len; 1246 rawdata.byte_offset = byte_offset; 1247 1248 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1249 if (res != TEE_SUCCESS) 1250 goto func_exit; 1251 1252 res = TEE_SUCCESS; 1253 1254 func_exit: 1255 tee_rpmb_free(&mem); 1256 return res; 1257 } 1258 1259 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1260 const uint8_t *data_blks, uint16_t blkcnt, 1261 const uint8_t *fek, const TEE_UUID *uuid) 1262 { 1263 TEE_Result res; 1264 struct tee_rpmb_mem mem; 1265 uint16_t msg_type; 1266 uint32_t wr_cnt; 1267 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1268 struct rpmb_req *req = NULL; 1269 struct rpmb_data_frame *resp = NULL; 1270 struct rpmb_raw_data rawdata; 1271 uint32_t req_size; 1272 uint32_t resp_size; 1273 uint32_t nbr_writes; 1274 uint16_t tmp_blkcnt; 1275 uint16_t tmp_blk_idx; 1276 uint16_t i; 1277 1278 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1279 blk_idx); 1280 1281 if (!data_blks || !blkcnt) 1282 return TEE_ERROR_BAD_PARAMETERS; 1283 1284 res = tee_rpmb_init(dev_id); 1285 if (res != TEE_SUCCESS) 1286 return res; 1287 1288 /* 1289 * We need to split data when block count 1290 * is bigger than reliable block write count. 1291 */ 1292 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1293 req_size = sizeof(struct rpmb_req) + 1294 RPMB_DATA_FRAME_SIZE * blkcnt; 1295 else 1296 req_size = sizeof(struct rpmb_req) + 1297 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1298 1299 resp_size = RPMB_DATA_FRAME_SIZE; 1300 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1301 (void *)&req, (void *)&resp); 1302 if (res != TEE_SUCCESS) 1303 return res; 1304 1305 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1306 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1307 nbr_writes += 1; 1308 1309 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1310 tmp_blk_idx = blk_idx; 1311 for (i = 0; i < nbr_writes; i++) { 1312 /* 1313 * To handle the last write of block count which is 1314 * equal or smaller than reliable write block count. 1315 */ 1316 if (i == nbr_writes - 1) 1317 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1318 (nbr_writes - 1); 1319 1320 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1321 wr_cnt = rpmb_ctx->wr_cnt; 1322 1323 memset(req, 0x00, req_size); 1324 memset(resp, 0x00, resp_size); 1325 1326 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1327 rawdata.msg_type = msg_type; 1328 rawdata.block_count = &tmp_blkcnt; 1329 rawdata.blk_idx = &tmp_blk_idx; 1330 rawdata.write_counter = &wr_cnt; 1331 rawdata.key_mac = hmac; 1332 rawdata.data = (uint8_t *)data_blks + 1333 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1334 1335 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1336 fek, uuid); 1337 if (res != TEE_SUCCESS) 1338 goto out; 1339 1340 res = tee_rpmb_invoke(&mem); 1341 if (res != TEE_SUCCESS) { 1342 /* 1343 * To force wr_cnt sync next time, as it might get 1344 * out of sync due to inconsistent operation result! 1345 */ 1346 rpmb_ctx->wr_cnt_synced = false; 1347 goto out; 1348 } 1349 1350 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1351 1352 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1353 rawdata.msg_type = msg_type; 1354 rawdata.block_count = &tmp_blkcnt; 1355 rawdata.blk_idx = &tmp_blk_idx; 1356 rawdata.write_counter = &wr_cnt; 1357 rawdata.key_mac = hmac; 1358 1359 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1360 NULL); 1361 if (res != TEE_SUCCESS) { 1362 /* 1363 * To force wr_cnt sync next time, as it might get 1364 * out of sync due to inconsistent operation result! 1365 */ 1366 rpmb_ctx->wr_cnt_synced = false; 1367 goto out; 1368 } 1369 1370 tmp_blk_idx += tmp_blkcnt; 1371 } 1372 1373 out: 1374 tee_rpmb_free(&mem); 1375 return res; 1376 } 1377 1378 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1379 uint32_t len) 1380 { 1381 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1382 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1383 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1384 1385 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1386 } 1387 1388 /* 1389 * Write RPMB data in bytes. 1390 * 1391 * @dev_id Device ID of the eMMC device. 1392 * @addr Byte address of data. 1393 * @data Pointer to the data. 1394 * @len Size of data in bytes. 1395 * @fek Encrypted File Encryption Key or NULL. 1396 */ 1397 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1398 const uint8_t *data, uint32_t len, 1399 const uint8_t *fek, const TEE_UUID *uuid) 1400 { 1401 TEE_Result res = TEE_ERROR_GENERIC; 1402 uint8_t *data_tmp = NULL; 1403 uint16_t blk_idx; 1404 uint16_t blkcnt; 1405 uint8_t byte_offset; 1406 1407 blk_idx = addr / RPMB_DATA_SIZE; 1408 byte_offset = addr % RPMB_DATA_SIZE; 1409 1410 blkcnt = 1411 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1412 1413 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1414 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1415 uuid); 1416 if (res != TEE_SUCCESS) 1417 goto func_exit; 1418 } else { 1419 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1420 if (!data_tmp) { 1421 res = TEE_ERROR_OUT_OF_MEMORY; 1422 goto func_exit; 1423 } 1424 1425 /* Read the complete blocks */ 1426 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1427 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1428 if (res != TEE_SUCCESS) 1429 goto func_exit; 1430 1431 /* Partial update of the data blocks */ 1432 memcpy(data_tmp + byte_offset, data, len); 1433 1434 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1435 fek, uuid); 1436 if (res != TEE_SUCCESS) 1437 goto func_exit; 1438 } 1439 1440 res = TEE_SUCCESS; 1441 1442 func_exit: 1443 free(data_tmp); 1444 return res; 1445 } 1446 1447 /* 1448 * Read the RPMB write counter. 1449 * 1450 * @dev_id Device ID of the eMMC device. 1451 * @counter Pointer to the counter. 1452 */ 1453 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1454 uint32_t *counter) 1455 { 1456 TEE_Result res = TEE_SUCCESS; 1457 1458 if (!counter) 1459 return TEE_ERROR_BAD_PARAMETERS; 1460 1461 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1462 res = tee_rpmb_init(dev_id); 1463 if (res != TEE_SUCCESS) 1464 goto func_exit; 1465 } 1466 1467 *counter = rpmb_ctx->wr_cnt; 1468 1469 func_exit: 1470 return res; 1471 } 1472 1473 /* 1474 * Read the RPMB max block. 1475 * 1476 * @dev_id Device ID of the eMMC device. 1477 * @counter Pointer to receive the max block. 1478 */ 1479 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1480 { 1481 TEE_Result res = TEE_SUCCESS; 1482 1483 if (!max_block) 1484 return TEE_ERROR_BAD_PARAMETERS; 1485 1486 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1487 res = tee_rpmb_init(dev_id); 1488 if (res != TEE_SUCCESS) 1489 goto func_exit; 1490 } 1491 1492 *max_block = rpmb_ctx->max_blk_idx; 1493 1494 func_exit: 1495 return res; 1496 } 1497 1498 /* 1499 * End of lower interface to RPMB device 1500 */ 1501 1502 static TEE_Result get_fat_start_address(uint32_t *addr); 1503 1504 static void dump_fat(void) 1505 { 1506 TEE_Result res = TEE_ERROR_GENERIC; 1507 struct rpmb_fat_entry *fat_entries = NULL; 1508 uint32_t fat_address; 1509 size_t size; 1510 int i; 1511 bool last_entry_found = false; 1512 1513 res = get_fat_start_address(&fat_address); 1514 if (res != TEE_SUCCESS) 1515 goto out; 1516 1517 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1518 fat_entries = malloc(size); 1519 if (!fat_entries) { 1520 res = TEE_ERROR_OUT_OF_MEMORY; 1521 goto out; 1522 } 1523 1524 while (!last_entry_found) { 1525 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1526 (uint8_t *)fat_entries, size, NULL, NULL); 1527 if (res != TEE_SUCCESS) 1528 goto out; 1529 1530 for (i = 0; i < N_ENTRIES; i++) { 1531 1532 FMSG("flags 0x%x, size %d, address 0x%x, filename '%s'", 1533 fat_entries[i].flags, 1534 fat_entries[i].data_size, 1535 fat_entries[i].start_address, 1536 fat_entries[i].filename); 1537 1538 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1539 last_entry_found = true; 1540 break; 1541 } 1542 1543 /* Move to next fat_entry. */ 1544 fat_address += sizeof(struct rpmb_fat_entry); 1545 } 1546 } 1547 1548 out: 1549 free(fat_entries); 1550 } 1551 1552 #if (TRACE_LEVEL >= TRACE_DEBUG) 1553 static void dump_fh(struct rpmb_file_handle *fh) 1554 { 1555 DMSG("fh->filename=%s", fh->filename); 1556 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1557 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1558 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1559 } 1560 #else 1561 static void dump_fh(struct rpmb_file_handle *fh __unused) 1562 { 1563 } 1564 #endif 1565 1566 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1567 bool temporary) 1568 { 1569 struct rpmb_file_handle *fh = NULL; 1570 1571 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1572 if (!fh) 1573 return NULL; 1574 1575 if (po) 1576 tee_svc_storage_create_filename(fh->filename, 1577 sizeof(fh->filename), po, 1578 temporary); 1579 1580 return fh; 1581 } 1582 1583 /** 1584 * write_fat_entry: Store info in a fat_entry to RPMB. 1585 */ 1586 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1587 bool update_write_counter) 1588 { 1589 TEE_Result res = TEE_ERROR_GENERIC; 1590 1591 /* Protect partition data. */ 1592 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1593 res = TEE_ERROR_ACCESS_CONFLICT; 1594 goto out; 1595 } 1596 1597 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1598 res = TEE_ERROR_BAD_PARAMETERS; 1599 goto out; 1600 } 1601 1602 if (update_write_counter) { 1603 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1604 &fh->fat_entry.write_counter); 1605 if (res != TEE_SUCCESS) 1606 goto out; 1607 } 1608 1609 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1610 (uint8_t *)&fh->fat_entry, 1611 sizeof(struct rpmb_fat_entry), NULL, NULL); 1612 1613 dump_fat(); 1614 1615 out: 1616 return res; 1617 } 1618 1619 /** 1620 * rpmb_fs_setup: Setup rpmb fs. 1621 * Set initial partition and FS values and write to RPMB. 1622 * Store frequently used data in RAM. 1623 */ 1624 static TEE_Result rpmb_fs_setup(void) 1625 { 1626 TEE_Result res = TEE_ERROR_GENERIC; 1627 struct rpmb_fs_partition *partition_data = NULL; 1628 struct rpmb_file_handle *fh = NULL; 1629 uint32_t max_rpmb_block = 0; 1630 1631 if (fs_par) { 1632 res = TEE_SUCCESS; 1633 goto out; 1634 } 1635 1636 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1637 if (res != TEE_SUCCESS) 1638 goto out; 1639 1640 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1641 if (!partition_data) { 1642 res = TEE_ERROR_OUT_OF_MEMORY; 1643 goto out; 1644 } 1645 1646 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1647 (uint8_t *)partition_data, 1648 sizeof(struct rpmb_fs_partition), NULL, NULL); 1649 if (res != TEE_SUCCESS) 1650 goto out; 1651 1652 #ifndef CFG_RPMB_RESET_FAT 1653 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1654 if (partition_data->fs_version == FS_VERSION) { 1655 res = TEE_SUCCESS; 1656 goto store_fs_par; 1657 } else { 1658 /* Wrong software is in use. */ 1659 res = TEE_ERROR_ACCESS_DENIED; 1660 goto out; 1661 } 1662 } 1663 #else 1664 EMSG("**** Clearing Storage ****"); 1665 #endif 1666 1667 /* Setup new partition data. */ 1668 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1669 partition_data->fs_version = FS_VERSION; 1670 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1671 1672 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1673 fh = alloc_file_handle(NULL, false); 1674 if (!fh) { 1675 res = TEE_ERROR_OUT_OF_MEMORY; 1676 goto out; 1677 } 1678 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1679 fh->rpmb_fat_address = partition_data->fat_start_address; 1680 1681 /* Write init FAT entry and partition data to RPMB. */ 1682 res = write_fat_entry(fh, true); 1683 if (res != TEE_SUCCESS) 1684 goto out; 1685 1686 res = 1687 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1688 &partition_data->write_counter); 1689 if (res != TEE_SUCCESS) 1690 goto out; 1691 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1692 (uint8_t *)partition_data, 1693 sizeof(struct rpmb_fs_partition), NULL, NULL); 1694 1695 #ifndef CFG_RPMB_RESET_FAT 1696 store_fs_par: 1697 #endif 1698 1699 /* Store FAT start address. */ 1700 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1701 if (!fs_par) { 1702 res = TEE_ERROR_OUT_OF_MEMORY; 1703 goto out; 1704 } 1705 1706 fs_par->fat_start_address = partition_data->fat_start_address; 1707 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1708 1709 dump_fat(); 1710 1711 out: 1712 free(fh); 1713 free(partition_data); 1714 return res; 1715 } 1716 1717 /** 1718 * get_fat_start_address: 1719 * FAT start_address from fs_par. 1720 */ 1721 static TEE_Result get_fat_start_address(uint32_t *addr) 1722 { 1723 if (!fs_par) 1724 return TEE_ERROR_NO_DATA; 1725 1726 *addr = fs_par->fat_start_address; 1727 1728 return TEE_SUCCESS; 1729 } 1730 1731 /** 1732 * read_fat: Read FAT entries 1733 * Return matching FAT entry for read, rm rename and stat. 1734 * Build up memory pool and return matching entry for write operation. 1735 * "Last FAT entry" can be returned during write. 1736 */ 1737 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 1738 { 1739 TEE_Result res = TEE_ERROR_GENERIC; 1740 tee_mm_entry_t *mm = NULL; 1741 struct rpmb_fat_entry *fat_entries = NULL; 1742 uint32_t fat_address; 1743 size_t size; 1744 int i; 1745 bool entry_found = false; 1746 bool last_entry_found = false; 1747 bool expand_fat = false; 1748 struct rpmb_file_handle last_fh; 1749 1750 DMSG("fat_address %d", fh->rpmb_fat_address); 1751 1752 res = rpmb_fs_setup(); 1753 if (res != TEE_SUCCESS) 1754 goto out; 1755 1756 res = get_fat_start_address(&fat_address); 1757 if (res != TEE_SUCCESS) 1758 goto out; 1759 1760 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1761 fat_entries = malloc(size); 1762 if (!fat_entries) { 1763 res = TEE_ERROR_OUT_OF_MEMORY; 1764 goto out; 1765 } 1766 1767 /* 1768 * The pool is used to represent the current RPMB layout. To find 1769 * a slot for the file tee_mm_alloc is called on the pool. Thus 1770 * if it is not NULL the entire FAT must be traversed to fill in 1771 * the pool. 1772 */ 1773 while (!last_entry_found && (!entry_found || p)) { 1774 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1775 (uint8_t *)fat_entries, size, NULL, NULL); 1776 if (res != TEE_SUCCESS) 1777 goto out; 1778 1779 for (i = 0; i < N_ENTRIES; i++) { 1780 /* 1781 * Look for an entry, matching filenames. (read, rm, 1782 * rename and stat.). Only store first filename match. 1783 */ 1784 if (fh->filename && 1785 (strcmp(fh->filename, 1786 fat_entries[i].filename) == 0) && 1787 (fat_entries[i].flags & FILE_IS_ACTIVE) && 1788 (!entry_found)) { 1789 entry_found = true; 1790 fh->rpmb_fat_address = fat_address; 1791 memcpy(&fh->fat_entry, &fat_entries[i], 1792 sizeof(struct rpmb_fat_entry)); 1793 if (!p) 1794 break; 1795 } 1796 1797 /* Add existing files to memory pool. (write) */ 1798 if (p) { 1799 if ((fat_entries[i].flags & FILE_IS_ACTIVE) && 1800 (fat_entries[i].data_size > 0)) { 1801 1802 mm = tee_mm_alloc2 1803 (p, 1804 fat_entries[i].start_address, 1805 fat_entries[i].data_size); 1806 if (!mm) { 1807 res = TEE_ERROR_OUT_OF_MEMORY; 1808 goto out; 1809 } 1810 } 1811 1812 /* Unused FAT entries can be reused (write) */ 1813 if (((fat_entries[i].flags & FILE_IS_ACTIVE) == 1814 0) && (fh->rpmb_fat_address == 0)) { 1815 fh->rpmb_fat_address = fat_address; 1816 memcpy(&fh->fat_entry, &fat_entries[i], 1817 sizeof(struct rpmb_fat_entry)); 1818 } 1819 } 1820 1821 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1822 last_entry_found = true; 1823 1824 /* 1825 * If the last entry was reached and was chosen 1826 * by the previous check, then the FAT needs to 1827 * be expanded. 1828 * fh->rpmb_fat_address is the address chosen 1829 * to store the files FAT entry and fat_address 1830 * is the current FAT entry address being 1831 * compared. 1832 */ 1833 if (p && fh->rpmb_fat_address == fat_address) 1834 expand_fat = true; 1835 break; 1836 } 1837 1838 /* Move to next fat_entry. */ 1839 fat_address += sizeof(struct rpmb_fat_entry); 1840 } 1841 } 1842 1843 /* 1844 * Represent the FAT table in the pool. 1845 */ 1846 if (p) { 1847 /* 1848 * Since fat_address is the start of the last entry it needs to 1849 * be moved up by an entry. 1850 */ 1851 fat_address += sizeof(struct rpmb_fat_entry); 1852 1853 /* Make room for yet a FAT entry and add to memory pool. */ 1854 if (expand_fat) 1855 fat_address += sizeof(struct rpmb_fat_entry); 1856 1857 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 1858 if (!mm) { 1859 res = TEE_ERROR_OUT_OF_MEMORY; 1860 goto out; 1861 } 1862 1863 if (expand_fat) { 1864 /* 1865 * Point fat_address to the beginning of the new 1866 * entry. 1867 */ 1868 fat_address -= sizeof(struct rpmb_fat_entry); 1869 memset(&last_fh, 0, sizeof(last_fh)); 1870 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 1871 last_fh.rpmb_fat_address = fat_address; 1872 res = write_fat_entry(&last_fh, true); 1873 if (res != TEE_SUCCESS) 1874 goto out; 1875 } 1876 } 1877 1878 if (fh->filename && !fh->rpmb_fat_address) 1879 res = TEE_ERROR_ITEM_NOT_FOUND; 1880 1881 out: 1882 free(fat_entries); 1883 return res; 1884 } 1885 1886 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 1887 { 1888 TEE_Result res; 1889 1890 again: 1891 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 1892 if (res != TEE_SUCCESS) 1893 return res; 1894 1895 if (is_zero(fe->fek, sizeof(fe->fek))) 1896 goto again; 1897 1898 return res; 1899 } 1900 1901 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 1902 const TEE_UUID *uuid, bool create) 1903 { 1904 tee_mm_pool_t p; 1905 bool pool_result; 1906 TEE_Result res = TEE_ERROR_GENERIC; 1907 1908 /* We need to do setup in order to make sure fs_par is filled in */ 1909 res = rpmb_fs_setup(); 1910 if (res != TEE_SUCCESS) 1911 goto out; 1912 1913 fh->uuid = uuid; 1914 if (create) { 1915 /* Upper memory allocation must be used for RPMB_FS. */ 1916 pool_result = tee_mm_init(&p, 1917 RPMB_STORAGE_START_ADDRESS, 1918 fs_par->max_rpmb_address, 1919 RPMB_BLOCK_SIZE_SHIFT, 1920 TEE_MM_POOL_HI_ALLOC); 1921 1922 if (!pool_result) { 1923 res = TEE_ERROR_OUT_OF_MEMORY; 1924 goto out; 1925 } 1926 1927 res = read_fat(fh, &p); 1928 tee_mm_final(&p); 1929 if (res != TEE_SUCCESS) 1930 goto out; 1931 } else { 1932 res = read_fat(fh, NULL); 1933 if (res != TEE_SUCCESS) 1934 goto out; 1935 } 1936 1937 /* 1938 * If this is opened with create and the entry found was not active 1939 * then this is a new file and the FAT entry must be written 1940 */ 1941 if (create) { 1942 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 1943 memset(&fh->fat_entry, 0, 1944 sizeof(struct rpmb_fat_entry)); 1945 memcpy(fh->fat_entry.filename, fh->filename, 1946 strlen(fh->filename)); 1947 /* Start address and size are 0 */ 1948 fh->fat_entry.flags = FILE_IS_ACTIVE; 1949 1950 res = generate_fek(&fh->fat_entry, uuid); 1951 if (res != TEE_SUCCESS) 1952 goto out; 1953 DMSG("GENERATE FEK key: %p", 1954 (void *)fh->fat_entry.fek); 1955 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 1956 1957 res = write_fat_entry(fh, true); 1958 if (res != TEE_SUCCESS) 1959 goto out; 1960 } 1961 } 1962 1963 res = TEE_SUCCESS; 1964 1965 out: 1966 return res; 1967 } 1968 1969 static void rpmb_fs_close(struct tee_file_handle **tfh) 1970 { 1971 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 1972 1973 free(fh); 1974 *tfh = NULL; 1975 } 1976 1977 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 1978 void *buf, size_t *len) 1979 { 1980 TEE_Result res; 1981 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 1982 size_t size = *len; 1983 1984 if (!size) 1985 return TEE_SUCCESS; 1986 1987 mutex_lock(&rpmb_mutex); 1988 1989 dump_fh(fh); 1990 1991 res = read_fat(fh, NULL); 1992 if (res != TEE_SUCCESS) 1993 goto out; 1994 1995 if (pos >= fh->fat_entry.data_size) { 1996 *len = 0; 1997 goto out; 1998 } 1999 2000 size = MIN(size, fh->fat_entry.data_size - pos); 2001 if (size) { 2002 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2003 fh->fat_entry.start_address + pos, buf, 2004 size, fh->fat_entry.fek, fh->uuid); 2005 if (res != TEE_SUCCESS) 2006 goto out; 2007 } 2008 *len = size; 2009 2010 out: 2011 mutex_unlock(&rpmb_mutex); 2012 return res; 2013 } 2014 2015 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 2016 size_t pos, const void *buf, 2017 size_t size) 2018 { 2019 TEE_Result res; 2020 tee_mm_pool_t p; 2021 bool pool_result = false; 2022 tee_mm_entry_t *mm; 2023 size_t end; 2024 size_t newsize; 2025 uint8_t *newbuf = NULL; 2026 uintptr_t newaddr; 2027 uint32_t start_addr; 2028 2029 if (!size) 2030 return TEE_SUCCESS; 2031 2032 if (!fs_par) { 2033 res = TEE_ERROR_GENERIC; 2034 goto out; 2035 } 2036 2037 dump_fh(fh); 2038 2039 /* Upper memory allocation must be used for RPMB_FS. */ 2040 pool_result = tee_mm_init(&p, 2041 RPMB_STORAGE_START_ADDRESS, 2042 fs_par->max_rpmb_address, 2043 RPMB_BLOCK_SIZE_SHIFT, 2044 TEE_MM_POOL_HI_ALLOC); 2045 if (!pool_result) { 2046 res = TEE_ERROR_OUT_OF_MEMORY; 2047 goto out; 2048 } 2049 2050 res = read_fat(fh, &p); 2051 if (res != TEE_SUCCESS) 2052 goto out; 2053 2054 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2055 panic("invalid last entry flag"); 2056 2057 end = pos + size; 2058 start_addr = fh->fat_entry.start_address + pos; 2059 2060 if (end <= fh->fat_entry.data_size && 2061 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2062 2063 DMSG("Updating data in-place"); 2064 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2065 size, fh->fat_entry.fek, fh->uuid); 2066 if (res != TEE_SUCCESS) 2067 goto out; 2068 } else { 2069 /* 2070 * File must be extended, or update cannot be atomic: allocate, 2071 * read, update, write. 2072 */ 2073 2074 DMSG("Need to re-allocate"); 2075 newsize = MAX(end, fh->fat_entry.data_size); 2076 mm = tee_mm_alloc(&p, newsize); 2077 newbuf = calloc(1, newsize); 2078 if (!mm || !newbuf) { 2079 res = TEE_ERROR_OUT_OF_MEMORY; 2080 goto out; 2081 } 2082 2083 if (fh->fat_entry.data_size) { 2084 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2085 fh->fat_entry.start_address, 2086 newbuf, fh->fat_entry.data_size, 2087 fh->fat_entry.fek, fh->uuid); 2088 if (res != TEE_SUCCESS) 2089 goto out; 2090 } 2091 2092 memcpy(newbuf + pos, buf, size); 2093 2094 newaddr = tee_mm_get_smem(mm); 2095 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2096 newsize, fh->fat_entry.fek, fh->uuid); 2097 if (res != TEE_SUCCESS) 2098 goto out; 2099 2100 fh->fat_entry.data_size = newsize; 2101 fh->fat_entry.start_address = newaddr; 2102 res = write_fat_entry(fh, true); 2103 if (res != TEE_SUCCESS) 2104 goto out; 2105 } 2106 2107 out: 2108 if (pool_result) 2109 tee_mm_final(&p); 2110 if (newbuf) 2111 free(newbuf); 2112 2113 return res; 2114 } 2115 2116 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2117 const void *buf, size_t size) 2118 { 2119 TEE_Result res; 2120 2121 mutex_lock(&rpmb_mutex); 2122 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2123 buf, size); 2124 mutex_unlock(&rpmb_mutex); 2125 2126 return res; 2127 } 2128 2129 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2130 { 2131 TEE_Result res; 2132 2133 res = read_fat(fh, NULL); 2134 if (res) 2135 return res; 2136 2137 /* Clear this file entry. */ 2138 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2139 return write_fat_entry(fh, false); 2140 } 2141 2142 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2143 { 2144 TEE_Result res; 2145 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2146 2147 if (!fh) 2148 return TEE_ERROR_OUT_OF_MEMORY; 2149 2150 mutex_lock(&rpmb_mutex); 2151 2152 res = rpmb_fs_remove_internal(fh); 2153 2154 mutex_unlock(&rpmb_mutex); 2155 2156 free(fh); 2157 return res; 2158 } 2159 2160 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2161 struct tee_pobj *new, 2162 bool overwrite) 2163 { 2164 TEE_Result res = TEE_ERROR_GENERIC; 2165 struct rpmb_file_handle *fh_old = NULL; 2166 struct rpmb_file_handle *fh_new = NULL; 2167 2168 if (!old) { 2169 res = TEE_ERROR_BAD_PARAMETERS; 2170 goto out; 2171 } 2172 2173 if (new) 2174 fh_old = alloc_file_handle(old, old->temporary); 2175 else 2176 fh_old = alloc_file_handle(old, true); 2177 if (!fh_old) { 2178 res = TEE_ERROR_OUT_OF_MEMORY; 2179 goto out; 2180 } 2181 2182 if (new) 2183 fh_new = alloc_file_handle(new, new->temporary); 2184 else 2185 fh_new = alloc_file_handle(old, false); 2186 if (!fh_new) { 2187 res = TEE_ERROR_OUT_OF_MEMORY; 2188 goto out; 2189 } 2190 2191 res = read_fat(fh_old, NULL); 2192 if (res != TEE_SUCCESS) 2193 goto out; 2194 2195 res = read_fat(fh_new, NULL); 2196 if (res == TEE_SUCCESS) { 2197 if (!overwrite) { 2198 res = TEE_ERROR_ACCESS_CONFLICT; 2199 goto out; 2200 } 2201 2202 /* Clear this file entry. */ 2203 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2204 res = write_fat_entry(fh_new, false); 2205 if (res != TEE_SUCCESS) 2206 goto out; 2207 } 2208 2209 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2210 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2211 strlen(fh_new->filename)); 2212 2213 res = write_fat_entry(fh_old, false); 2214 2215 out: 2216 free(fh_old); 2217 free(fh_new); 2218 2219 return res; 2220 } 2221 2222 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2223 bool overwrite) 2224 { 2225 TEE_Result res; 2226 2227 mutex_lock(&rpmb_mutex); 2228 res = rpmb_fs_rename_internal(old, new, overwrite); 2229 mutex_unlock(&rpmb_mutex); 2230 2231 return res; 2232 } 2233 2234 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2235 { 2236 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2237 tee_mm_pool_t p; 2238 bool pool_result = false; 2239 tee_mm_entry_t *mm; 2240 uint32_t newsize; 2241 uint8_t *newbuf = NULL; 2242 uintptr_t newaddr; 2243 TEE_Result res = TEE_ERROR_GENERIC; 2244 2245 mutex_lock(&rpmb_mutex); 2246 2247 if (length > INT32_MAX) { 2248 res = TEE_ERROR_BAD_PARAMETERS; 2249 goto out; 2250 } 2251 newsize = length; 2252 2253 res = read_fat(fh, NULL); 2254 if (res != TEE_SUCCESS) 2255 goto out; 2256 2257 if (newsize > fh->fat_entry.data_size) { 2258 /* Extend file */ 2259 2260 pool_result = tee_mm_init(&p, 2261 RPMB_STORAGE_START_ADDRESS, 2262 fs_par->max_rpmb_address, 2263 RPMB_BLOCK_SIZE_SHIFT, 2264 TEE_MM_POOL_HI_ALLOC); 2265 if (!pool_result) { 2266 res = TEE_ERROR_OUT_OF_MEMORY; 2267 goto out; 2268 } 2269 res = read_fat(fh, &p); 2270 if (res != TEE_SUCCESS) 2271 goto out; 2272 2273 mm = tee_mm_alloc(&p, newsize); 2274 newbuf = calloc(1, newsize); 2275 if (!mm || !newbuf) { 2276 res = TEE_ERROR_OUT_OF_MEMORY; 2277 goto out; 2278 } 2279 2280 if (fh->fat_entry.data_size) { 2281 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2282 fh->fat_entry.start_address, 2283 newbuf, fh->fat_entry.data_size, 2284 fh->fat_entry.fek, fh->uuid); 2285 if (res != TEE_SUCCESS) 2286 goto out; 2287 } 2288 2289 newaddr = tee_mm_get_smem(mm); 2290 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2291 newsize, fh->fat_entry.fek, fh->uuid); 2292 if (res != TEE_SUCCESS) 2293 goto out; 2294 2295 } else { 2296 /* Don't change file location */ 2297 newaddr = fh->fat_entry.start_address; 2298 } 2299 2300 /* fh->pos is unchanged */ 2301 fh->fat_entry.data_size = newsize; 2302 fh->fat_entry.start_address = newaddr; 2303 res = write_fat_entry(fh, true); 2304 2305 out: 2306 mutex_unlock(&rpmb_mutex); 2307 if (pool_result) 2308 tee_mm_final(&p); 2309 if (newbuf) 2310 free(newbuf); 2311 2312 return res; 2313 } 2314 2315 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2316 { 2317 struct tee_rpmb_fs_dirent *e; 2318 2319 if (!dir) 2320 return; 2321 2322 free(dir->current); 2323 2324 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2325 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2326 free(e); 2327 } 2328 } 2329 2330 static TEE_Result rpmb_fs_dir_populate(const char *path, 2331 struct tee_fs_dir *dir) 2332 { 2333 struct tee_rpmb_fs_dirent *current = NULL; 2334 struct rpmb_fat_entry *fat_entries = NULL; 2335 uint32_t fat_address; 2336 uint32_t filelen; 2337 char *filename; 2338 int i; 2339 bool last_entry_found = false; 2340 bool matched; 2341 struct tee_rpmb_fs_dirent *next = NULL; 2342 uint32_t pathlen; 2343 TEE_Result res = TEE_ERROR_GENERIC; 2344 uint32_t size; 2345 char temp; 2346 2347 mutex_lock(&rpmb_mutex); 2348 2349 res = rpmb_fs_setup(); 2350 if (res != TEE_SUCCESS) 2351 goto out; 2352 2353 res = get_fat_start_address(&fat_address); 2354 if (res != TEE_SUCCESS) 2355 goto out; 2356 2357 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 2358 fat_entries = malloc(size); 2359 if (!fat_entries) { 2360 res = TEE_ERROR_OUT_OF_MEMORY; 2361 goto out; 2362 } 2363 2364 pathlen = strlen(path); 2365 while (!last_entry_found) { 2366 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 2367 (uint8_t *)fat_entries, size, NULL, NULL); 2368 if (res != TEE_SUCCESS) 2369 goto out; 2370 2371 for (i = 0; i < N_ENTRIES; i++) { 2372 filename = fat_entries[i].filename; 2373 if (fat_entries[i].flags & FILE_IS_ACTIVE) { 2374 matched = false; 2375 filelen = strlen(filename); 2376 if (filelen > pathlen) { 2377 temp = filename[pathlen]; 2378 filename[pathlen] = '\0'; 2379 if (strcmp(filename, path) == 0) 2380 matched = true; 2381 2382 filename[pathlen] = temp; 2383 } 2384 2385 if (matched) { 2386 next = malloc(sizeof(*next)); 2387 if (!next) { 2388 res = TEE_ERROR_OUT_OF_MEMORY; 2389 goto out; 2390 } 2391 2392 next->entry.oidlen = tee_hs2b( 2393 (uint8_t *)&filename[pathlen], 2394 next->entry.oid, 2395 filelen - pathlen, 2396 sizeof(next->entry.oid)); 2397 if (next->entry.oidlen) { 2398 SIMPLEQ_INSERT_TAIL(&dir->next, 2399 next, link); 2400 current = next; 2401 } else { 2402 free(next); 2403 next = NULL; 2404 } 2405 2406 } 2407 } 2408 2409 if (fat_entries[i].flags & FILE_IS_LAST_ENTRY) { 2410 last_entry_found = true; 2411 break; 2412 } 2413 2414 /* Move to next fat_entry. */ 2415 fat_address += sizeof(struct rpmb_fat_entry); 2416 } 2417 } 2418 2419 if (current) 2420 res = TEE_SUCCESS; 2421 else 2422 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2423 2424 out: 2425 mutex_unlock(&rpmb_mutex); 2426 if (res != TEE_SUCCESS) 2427 rpmb_fs_dir_free(dir); 2428 if (fat_entries) 2429 free(fat_entries); 2430 2431 return res; 2432 } 2433 2434 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2435 { 2436 uint32_t len; 2437 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2438 TEE_Result res = TEE_ERROR_GENERIC; 2439 struct tee_fs_dir *rpmb_dir = NULL; 2440 2441 if (!uuid || !dir) { 2442 res = TEE_ERROR_BAD_PARAMETERS; 2443 goto out; 2444 } 2445 2446 memset(path_local, 0, sizeof(path_local)); 2447 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2448 uuid) != TEE_SUCCESS) { 2449 res = TEE_ERROR_BAD_PARAMETERS; 2450 goto out; 2451 } 2452 len = strlen(path_local); 2453 2454 /* Add a slash to correctly match the full directory name. */ 2455 if (path_local[len - 1] != '/') 2456 path_local[len] = '/'; 2457 2458 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2459 if (!rpmb_dir) { 2460 res = TEE_ERROR_OUT_OF_MEMORY; 2461 goto out; 2462 } 2463 SIMPLEQ_INIT(&rpmb_dir->next); 2464 2465 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2466 if (res != TEE_SUCCESS) { 2467 free(rpmb_dir); 2468 rpmb_dir = NULL; 2469 goto out; 2470 } 2471 2472 *dir = rpmb_dir; 2473 2474 out: 2475 return res; 2476 } 2477 2478 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2479 struct tee_fs_dirent **ent) 2480 { 2481 if (!dir) 2482 return TEE_ERROR_GENERIC; 2483 2484 free(dir->current); 2485 2486 dir->current = SIMPLEQ_FIRST(&dir->next); 2487 if (!dir->current) 2488 return TEE_ERROR_ITEM_NOT_FOUND; 2489 2490 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2491 2492 *ent = &dir->current->entry; 2493 return TEE_SUCCESS; 2494 } 2495 2496 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2497 { 2498 if (dir) { 2499 rpmb_fs_dir_free(dir); 2500 free(dir); 2501 } 2502 } 2503 2504 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2505 struct tee_file_handle **ret_fh) 2506 { 2507 TEE_Result res; 2508 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2509 2510 if (!fh) 2511 return TEE_ERROR_OUT_OF_MEMORY; 2512 2513 mutex_lock(&rpmb_mutex); 2514 2515 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2516 if (!res && size) 2517 *size = fh->fat_entry.data_size; 2518 2519 mutex_unlock(&rpmb_mutex); 2520 2521 if (res) 2522 free(fh); 2523 else 2524 *ret_fh = (struct tee_file_handle *)fh; 2525 2526 return res; 2527 } 2528 2529 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2530 const void *head, size_t head_size, 2531 const void *attr, size_t attr_size, 2532 const void *data, size_t data_size, 2533 struct tee_file_handle **ret_fh) 2534 { 2535 TEE_Result res; 2536 size_t pos = 0; 2537 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2538 2539 if (!fh) 2540 return TEE_ERROR_OUT_OF_MEMORY; 2541 2542 mutex_lock(&rpmb_mutex); 2543 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2544 if (res) 2545 goto out; 2546 2547 if (head && head_size) { 2548 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2549 if (res) 2550 goto out; 2551 pos += head_size; 2552 } 2553 2554 if (attr && attr_size) { 2555 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2556 if (res) 2557 goto out; 2558 pos += attr_size; 2559 } 2560 2561 if (data && data_size) { 2562 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2563 if (res) 2564 goto out; 2565 } 2566 2567 if (po->temporary) { 2568 /* 2569 * If it's a temporary filename (which it normally is) 2570 * rename into the final filename now that the file is 2571 * fully initialized. 2572 */ 2573 po->temporary = false; 2574 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2575 if (res) { 2576 po->temporary = true; 2577 goto out; 2578 } 2579 /* Update file handle after rename. */ 2580 tee_svc_storage_create_filename(fh->filename, 2581 sizeof(fh->filename), 2582 po, false); 2583 } 2584 2585 out: 2586 if (res) { 2587 rpmb_fs_remove_internal(fh); 2588 free(fh); 2589 } else { 2590 *ret_fh = (struct tee_file_handle *)fh; 2591 } 2592 mutex_unlock(&rpmb_mutex); 2593 2594 return res; 2595 } 2596 2597 const struct tee_file_operations rpmb_fs_ops = { 2598 .open = rpmb_fs_open, 2599 .create = rpmb_fs_create, 2600 .close = rpmb_fs_close, 2601 .read = rpmb_fs_read, 2602 .write = rpmb_fs_write, 2603 .truncate = rpmb_fs_truncate, 2604 .rename = rpmb_fs_rename, 2605 .remove = rpmb_fs_remove, 2606 .opendir = rpmb_fs_opendir, 2607 .closedir = rpmb_fs_closedir, 2608 .readdir = rpmb_fs_readdir, 2609 }; 2610 2611 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2612 struct tee_file_handle **ret_fh) 2613 { 2614 TEE_Result res; 2615 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2616 static const TEE_UUID uuid = { 0 }; 2617 2618 if (!fh) 2619 return TEE_ERROR_OUT_OF_MEMORY; 2620 2621 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2622 2623 mutex_lock(&rpmb_mutex); 2624 2625 res = rpmb_fs_open_internal(fh, &uuid, create); 2626 2627 mutex_unlock(&rpmb_mutex); 2628 2629 if (res) { 2630 if (create) 2631 rpmb_fs_remove_internal(fh); 2632 free(fh); 2633 } else { 2634 *ret_fh = (struct tee_file_handle *)fh; 2635 } 2636 2637 return res; 2638 } 2639