1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include <assert.h> 29 #include <kernel/tee_common.h> 30 #include <kernel/mutex.h> 31 #include <kernel/panic.h> 32 #include <kernel/tee_common_otp.h> 33 #include <kernel/thread.h> 34 #include <mm/core_memprot.h> 35 #include <mm/tee_mm.h> 36 #include <optee_msg_supplicant.h> 37 #include <stdlib.h> 38 #include <string.h> 39 #include <string_ext.h> 40 #include <sys/queue.h> 41 #include <tee/tee_cryp_provider.h> 42 #include <tee/tee_fs.h> 43 #include <tee/tee_fs_key_manager.h> 44 #include <trace.h> 45 #include <util.h> 46 47 #define RPMB_STORAGE_START_ADDRESS 0 48 #define RPMB_FS_FAT_START_ADDRESS 512 49 #define RPMB_BLOCK_SIZE_SHIFT 8 50 51 #define RPMB_FS_MAGIC 0x52504D42 52 #define FS_VERSION 2 53 #define N_ENTRIES 8 54 55 #define FILE_IS_ACTIVE (1u << 0) 56 #define FILE_IS_LAST_ENTRY (1u << 1) 57 58 #define TEE_RPMB_FS_FILENAME_LENGTH 224 59 60 /** 61 * FS parameters: Information often used by internal functions. 62 * fat_start_address will be set by rpmb_fs_setup(). 63 * rpmb_fs_parameters can be read by any other function. 64 */ 65 struct rpmb_fs_parameters { 66 uint32_t fat_start_address; 67 uint32_t max_rpmb_address; 68 }; 69 70 /** 71 * File entry for a single file in a RPMB_FS partition. 72 */ 73 struct rpmb_fat_entry { 74 uint32_t start_address; 75 uint32_t data_size; 76 uint32_t flags; 77 uint32_t write_counter; 78 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 79 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 80 }; 81 82 /** 83 * FAT entry context with reference to a FAT entry and its 84 * location in RPMB. 85 */ 86 struct rpmb_file_handle { 87 struct rpmb_fat_entry fat_entry; 88 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 89 /* Address for current entry in RPMB */ 90 uint32_t rpmb_fat_address; 91 }; 92 93 /** 94 * RPMB_FS partition data 95 */ 96 struct rpmb_fs_partition { 97 uint32_t rpmb_fs_magic; 98 uint32_t fs_version; 99 uint32_t write_counter; 100 uint32_t fat_start_address; 101 /* Do not use reserved[] for other purpose than partition data. */ 102 uint8_t reserved[112]; 103 }; 104 105 /** 106 * A node in a list of directory entries. entry->name is a 107 * pointer to name here. 108 */ 109 struct tee_rpmb_fs_dirent { 110 struct tee_fs_dirent entry; 111 char name[TEE_RPMB_FS_FILENAME_LENGTH]; 112 /* */ 113 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 114 }; 115 116 /** 117 * The RPMB directory representation. It contains a queue of 118 * RPMB directory entries: 'next'. 119 * The current pointer points to the last directory entry 120 * returned by readdir(). 121 */ 122 struct tee_fs_dir { 123 struct tee_rpmb_fs_dirent *current; 124 /* */ 125 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 126 }; 127 128 static struct rpmb_fs_parameters *fs_par; 129 130 /* 131 * Lower interface to RPMB device 132 */ 133 134 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 135 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 136 137 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 138 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 139 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 140 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 141 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 142 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 143 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 144 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 145 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 146 147 #define RPMB_STUFF_DATA_SIZE 196 148 #define RPMB_KEY_MAC_SIZE 32 149 #define RPMB_DATA_SIZE 256 150 #define RPMB_NONCE_SIZE 16 151 #define RPMB_DATA_FRAME_SIZE 512 152 153 #define RPMB_RESULT_OK 0x00 154 #define RPMB_RESULT_GENERAL_FAILURE 0x01 155 #define RPMB_RESULT_AUTH_FAILURE 0x02 156 #define RPMB_RESULT_COUNTER_FAILURE 0x03 157 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 158 #define RPMB_RESULT_WRITE_FAILURE 0x05 159 #define RPMB_RESULT_READ_FAILURE 0x06 160 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 161 #define RPMB_RESULT_MASK 0x3F 162 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 163 164 /* RPMB internal commands */ 165 #define RPMB_CMD_DATA_REQ 0x00 166 #define RPMB_CMD_GET_DEV_INFO 0x01 167 168 #define RPMB_SIZE_SINGLE (128 * 1024) 169 170 /* Error codes for get_dev_info request/response. */ 171 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 172 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 173 174 struct rpmb_data_frame { 175 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 176 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 177 uint8_t data[RPMB_DATA_SIZE]; 178 uint8_t nonce[RPMB_NONCE_SIZE]; 179 uint8_t write_counter[4]; 180 uint8_t address[2]; 181 uint8_t block_count[2]; 182 uint8_t op_result[2]; 183 uint8_t msg_type[2]; 184 }; 185 186 struct rpmb_req { 187 uint16_t cmd; 188 uint16_t dev_id; 189 uint16_t block_count; 190 /* variable length of data */ 191 /* uint8_t data[]; REMOVED! */ 192 }; 193 194 #define TEE_RPMB_REQ_DATA(req) \ 195 ((void *)((struct rpmb_req *)(req) + 1)) 196 197 struct rpmb_raw_data { 198 uint16_t msg_type; 199 uint16_t *op_result; 200 uint16_t *block_count; 201 uint16_t *blk_idx; 202 uint32_t *write_counter; 203 uint8_t *nonce; 204 uint8_t *key_mac; 205 uint8_t *data; 206 /* data length to read or write */ 207 uint32_t len; 208 /* Byte address offset in the first block involved */ 209 uint8_t byte_offset; 210 }; 211 212 #define RPMB_EMMC_CID_SIZE 16 213 struct rpmb_dev_info { 214 uint8_t cid[RPMB_EMMC_CID_SIZE]; 215 /* EXT CSD-slice 168 "RPMB Size" */ 216 uint8_t rpmb_size_mult; 217 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 218 uint8_t rel_wr_sec_c; 219 /* Check the ret code and accept the data only if it is OK. */ 220 uint8_t ret_code; 221 }; 222 223 /* 224 * Struct for rpmb context data. 225 * 226 * @key RPMB key. 227 * @cid eMMC card ID. 228 * @hash_ctx_size Hash context size 229 * @wr_cnt Current write counter. 230 * @max_blk_idx The highest block index supported by current device. 231 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 232 * @dev_id Device ID of the eMMC device. 233 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 234 * @key_derived Flag indicating if key has been generated. 235 * @key_verified Flag indicating the key generated is verified ok. 236 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 237 */ 238 struct tee_rpmb_ctx { 239 uint8_t key[RPMB_KEY_MAC_SIZE]; 240 uint8_t cid[RPMB_EMMC_CID_SIZE]; 241 size_t hash_ctx_size; 242 uint32_t wr_cnt; 243 uint16_t max_blk_idx; 244 uint16_t rel_wr_blkcnt; 245 uint16_t dev_id; 246 bool wr_cnt_synced; 247 bool key_derived; 248 bool key_verified; 249 bool dev_info_synced; 250 }; 251 252 static struct tee_rpmb_ctx *rpmb_ctx; 253 254 /* 255 * Mutex to serialize the operations exported by this file. 256 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 257 * different IDs. 258 */ 259 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 260 261 #ifdef CFG_RPMB_TESTKEY 262 263 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 264 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 265 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 266 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 267 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 268 }; 269 270 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 271 uint8_t *key, uint32_t len) 272 { 273 TEE_Result res = TEE_SUCCESS; 274 275 if (!key || RPMB_KEY_MAC_SIZE != len) { 276 res = TEE_ERROR_BAD_PARAMETERS; 277 goto out; 278 } 279 280 DMSG("RPMB: Using test key"); 281 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 282 283 out: 284 return res; 285 } 286 287 #else /* !CFG_RPMB_TESTKEY */ 288 289 /* 290 * NOTE: We need a common API to get hw unique key and it 291 * should return error when the hw unique is not a valid 292 * one as stated below. 293 * We need to make sure the hw unique we get is valid by: 294 * 1. In case of HUK is used, checking if OTP is hidden (in 295 * which case only zeros will be returned) or not; 296 * 2. In case of SSK is used, checking if SSK in OTP is 297 * write_locked (which means a valid key is provisioned) 298 * or not. 299 * 300 * Maybe tee_get_hw_unique_key() should be exposed as 301 * generic API for getting hw unique key! 302 * We should change the API tee_otp_get_hw_unique_key() 303 * to return error code! 304 */ 305 static TEE_Result tee_get_hw_unique_key(struct tee_hw_unique_key *hwkey) 306 { 307 if (!hwkey) 308 return TEE_ERROR_BAD_PARAMETERS; 309 310 tee_otp_get_hw_unique_key(hwkey); 311 312 return TEE_SUCCESS; 313 } 314 315 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 316 uint8_t *key, uint32_t len) 317 { 318 TEE_Result res; 319 struct tee_hw_unique_key hwkey; 320 uint8_t *ctx = NULL; 321 322 if (!key || RPMB_KEY_MAC_SIZE != len) { 323 res = TEE_ERROR_BAD_PARAMETERS; 324 goto out; 325 } 326 327 IMSG("RPMB: Using generated key"); 328 res = tee_get_hw_unique_key(&hwkey); 329 if (res != TEE_SUCCESS) 330 goto out; 331 332 ctx = malloc(rpmb_ctx->hash_ctx_size); 333 if (!ctx) { 334 res = TEE_ERROR_OUT_OF_MEMORY; 335 goto out; 336 } 337 338 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, hwkey.data, 339 HW_UNIQUE_KEY_LENGTH); 340 if (res != TEE_SUCCESS) 341 goto out; 342 343 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 344 (uint8_t *)rpmb_ctx->cid, 345 RPMB_EMMC_CID_SIZE); 346 if (res != TEE_SUCCESS) 347 goto out; 348 349 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, key, len); 350 351 out: 352 free(ctx); 353 return res; 354 } 355 356 #endif /* !CFG_RPMB_TESTKEY */ 357 358 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 359 { 360 *bytes = (uint8_t) (u32 >> 24); 361 *(bytes + 1) = (uint8_t) (u32 >> 16); 362 *(bytes + 2) = (uint8_t) (u32 >> 8); 363 *(bytes + 3) = (uint8_t) u32; 364 } 365 366 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 367 { 368 *u32 = (uint32_t) ((*(bytes) << 24) + 369 (*(bytes + 1) << 16) + 370 (*(bytes + 2) << 8) + (*(bytes + 3))); 371 } 372 373 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 374 { 375 *bytes = (uint8_t) (u16 >> 8); 376 *(bytes + 1) = (uint8_t) u16; 377 } 378 379 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 380 { 381 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 382 } 383 384 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 385 uint8_t *key, uint32_t keysize, 386 struct rpmb_data_frame *datafrms, 387 uint16_t blkcnt) 388 { 389 TEE_Result res = TEE_ERROR_GENERIC; 390 int i; 391 uint8_t *ctx = NULL; 392 393 if (!mac || !key || !datafrms) 394 return TEE_ERROR_BAD_PARAMETERS; 395 396 ctx = malloc(rpmb_ctx->hash_ctx_size); 397 if (!ctx) 398 return TEE_ERROR_OUT_OF_MEMORY; 399 400 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, key, keysize); 401 if (res != TEE_SUCCESS) 402 goto func_exit; 403 404 for (i = 0; i < blkcnt; i++) { 405 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 406 datafrms[i].data, 407 RPMB_MAC_PROTECT_DATA_SIZE); 408 if (res != TEE_SUCCESS) 409 goto func_exit; 410 } 411 412 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, mac, macsize); 413 if (res != TEE_SUCCESS) 414 goto func_exit; 415 416 res = TEE_SUCCESS; 417 418 func_exit: 419 free(ctx); 420 return res; 421 } 422 423 struct tee_rpmb_mem { 424 paddr_t phreq; 425 uint64_t phreq_cookie; 426 paddr_t phresp; 427 uint64_t phresp_cookie; 428 size_t req_size; 429 size_t resp_size; 430 }; 431 432 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 433 { 434 if (!mem) 435 return; 436 437 if (mem->phreq) { 438 thread_rpc_free_payload(mem->phreq_cookie); 439 mem->phreq_cookie = 0; 440 mem->phreq = 0; 441 } 442 if (mem->phresp) { 443 thread_rpc_free_payload(mem->phresp_cookie); 444 mem->phresp_cookie = 0; 445 mem->phresp = 0; 446 } 447 } 448 449 450 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 451 struct tee_rpmb_mem *mem, void **req, void **resp) 452 { 453 TEE_Result res = TEE_SUCCESS; 454 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 455 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 456 457 if (!mem) 458 return TEE_ERROR_BAD_PARAMETERS; 459 460 memset(mem, 0, sizeof(*mem)); 461 thread_rpc_alloc_payload(req_s, &mem->phreq, &mem->phreq_cookie); 462 thread_rpc_alloc_payload(resp_s, &mem->phresp, &mem->phresp_cookie); 463 if (!mem->phreq || !mem->phresp) { 464 res = TEE_ERROR_OUT_OF_MEMORY; 465 goto out; 466 } 467 468 *req = phys_to_virt(mem->phreq, MEM_AREA_NSEC_SHM); 469 *resp = phys_to_virt(mem->phresp, MEM_AREA_NSEC_SHM); 470 if (!*req || !*resp) { 471 res = TEE_ERROR_GENERIC; 472 goto out; 473 } 474 475 mem->req_size = req_size; 476 mem->resp_size = resp_size; 477 478 out: 479 if (res != TEE_SUCCESS) 480 tee_rpmb_free(mem); 481 return res; 482 } 483 484 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 485 { 486 struct optee_msg_param params[2]; 487 488 memset(params, 0, sizeof(params)); 489 params[0].attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT; 490 params[1].attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT; 491 params[0].u.tmem.buf_ptr = mem->phreq; 492 params[0].u.tmem.size = mem->req_size; 493 params[0].u.tmem.shm_ref = mem->phreq_cookie; 494 params[1].u.tmem.buf_ptr = mem->phresp; 495 params[1].u.tmem.size = mem->resp_size; 496 params[1].u.tmem.shm_ref = mem->phresp_cookie; 497 498 return thread_rpc_cmd(OPTEE_MSG_RPC_CMD_RPMB, 2, params); 499 } 500 501 static bool is_zero(const uint8_t *buf, size_t size) 502 { 503 size_t i; 504 505 for (i = 0; i < size; i++) 506 if (buf[i]) 507 return false; 508 return true; 509 } 510 511 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 512 uint16_t blk_idx, const uint8_t *fek) 513 { 514 return tee_fs_crypt_block(out, in, RPMB_DATA_SIZE, blk_idx, fek, 515 TEE_MODE_ENCRYPT); 516 } 517 518 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 519 uint16_t blk_idx, const uint8_t *fek) 520 { 521 return tee_fs_crypt_block(out, in, RPMB_DATA_SIZE, blk_idx, fek, 522 TEE_MODE_DECRYPT); 523 } 524 525 /* Decrypt/copy at most one block of data */ 526 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 527 size_t size, size_t offset, 528 uint16_t blk_idx __maybe_unused, const uint8_t *fek) 529 { 530 uint8_t *tmp __maybe_unused; 531 532 533 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 534 panic("invalid size or offset"); 535 536 if (!fek) { 537 /* Block is not encrypted (not a file data block) */ 538 memcpy(out, frm->data + offset, size); 539 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 540 /* The file was created with encryption disabled */ 541 return TEE_ERROR_SECURITY; 542 } else { 543 /* Block is encrypted */ 544 if (size < RPMB_DATA_SIZE) { 545 /* 546 * Since output buffer is not large enough to hold one 547 * block we must allocate a temporary buffer. 548 */ 549 tmp = malloc(RPMB_DATA_SIZE); 550 if (!tmp) 551 return TEE_ERROR_OUT_OF_MEMORY; 552 decrypt_block(tmp, frm->data, blk_idx, fek); 553 memcpy(out, tmp + offset, size); 554 free(tmp); 555 } else { 556 decrypt_block(out, frm->data, blk_idx, fek); 557 } 558 } 559 560 return TEE_SUCCESS; 561 } 562 563 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 564 struct rpmb_raw_data *rawdata, 565 uint16_t nbr_frms, uint16_t dev_id, 566 const uint8_t *fek) 567 { 568 TEE_Result res = TEE_ERROR_GENERIC; 569 int i; 570 struct rpmb_data_frame *datafrm; 571 572 if (!req || !rawdata || !nbr_frms) 573 return TEE_ERROR_BAD_PARAMETERS; 574 575 /* 576 * Check write blockcount is not bigger than reliable write 577 * blockcount. 578 */ 579 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 580 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 581 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 582 rpmb_ctx->rel_wr_blkcnt); 583 return TEE_ERROR_GENERIC; 584 } 585 586 req->cmd = RPMB_CMD_DATA_REQ; 587 req->dev_id = dev_id; 588 589 /* Allocate memory for construct all data packets and calculate MAC. */ 590 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 591 if (!datafrm) 592 return TEE_ERROR_OUT_OF_MEMORY; 593 594 for (i = 0; i < nbr_frms; i++) { 595 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 596 597 if (rawdata->block_count) 598 u16_to_bytes(*rawdata->block_count, 599 datafrm[i].block_count); 600 601 if (rawdata->blk_idx) { 602 /* Check the block index is within range. */ 603 if ((*rawdata->blk_idx + nbr_frms) > 604 rpmb_ctx->max_blk_idx) { 605 res = TEE_ERROR_GENERIC; 606 goto func_exit; 607 } 608 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 609 } 610 611 if (rawdata->write_counter) 612 u32_to_bytes(*rawdata->write_counter, 613 datafrm[i].write_counter); 614 615 if (rawdata->nonce) 616 memcpy(datafrm[i].nonce, rawdata->nonce, 617 RPMB_NONCE_SIZE); 618 619 if (rawdata->data) { 620 if (fek) 621 encrypt_block(datafrm[i].data, 622 rawdata->data + (i * RPMB_DATA_SIZE), 623 *rawdata->blk_idx + i, fek); 624 else 625 memcpy(datafrm[i].data, 626 rawdata->data + (i * RPMB_DATA_SIZE), 627 RPMB_DATA_SIZE); 628 } 629 } 630 631 if (rawdata->key_mac) { 632 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 633 res = 634 tee_rpmb_mac_calc(rawdata->key_mac, 635 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 636 RPMB_KEY_MAC_SIZE, datafrm, 637 nbr_frms); 638 if (res != TEE_SUCCESS) 639 goto func_exit; 640 } 641 memcpy(datafrm[nbr_frms - 1].key_mac, 642 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 643 } 644 645 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 646 nbr_frms * RPMB_DATA_FRAME_SIZE); 647 648 #ifdef CFG_RPMB_FS_DEBUG_DATA 649 for (i = 0; i < nbr_frms; i++) { 650 DMSG("Dumping data frame %d:", i); 651 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 652 512 - RPMB_STUFF_DATA_SIZE); 653 } 654 #endif 655 656 res = TEE_SUCCESS; 657 func_exit: 658 free(datafrm); 659 return res; 660 } 661 662 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 663 struct rpmb_data_frame *frm, 664 uint8_t *fek) 665 { 666 TEE_Result res; 667 uint8_t *data; 668 uint16_t idx; 669 670 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 671 return TEE_ERROR_BAD_PARAMETERS; 672 673 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 674 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 675 if (res != TEE_SUCCESS) 676 return res; 677 678 data = rawdata->data; 679 bytes_to_u16(frm->address, &idx); 680 681 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek); 682 return res; 683 } 684 685 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 686 struct rpmb_raw_data *rawdata, 687 uint16_t nbr_frms, 688 struct rpmb_data_frame *lastfrm, 689 uint8_t *fek) 690 { 691 TEE_Result res = TEE_ERROR_GENERIC; 692 int i; 693 uint8_t *ctx = NULL; 694 uint16_t offset; 695 uint32_t size; 696 uint8_t *data; 697 uint16_t start_idx; 698 struct rpmb_data_frame localfrm; 699 700 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 701 return TEE_ERROR_BAD_PARAMETERS; 702 703 if (nbr_frms == 1) 704 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek); 705 706 /* nbr_frms > 1 */ 707 708 data = rawdata->data; 709 710 ctx = malloc(rpmb_ctx->hash_ctx_size); 711 if (!ctx) { 712 res = TEE_ERROR_OUT_OF_MEMORY; 713 goto func_exit; 714 } 715 716 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, rpmb_ctx->key, 717 RPMB_KEY_MAC_SIZE); 718 if (res != TEE_SUCCESS) 719 goto func_exit; 720 721 /* 722 * Note: JEDEC JESD84-B51: "In every packet the address is the start 723 * address of the full access (not address of the individual half a 724 * sector)" 725 */ 726 bytes_to_u16(lastfrm->address, &start_idx); 727 728 for (i = 0; i < (nbr_frms - 1); i++) { 729 730 /* 731 * By working on a local copy of the RPMB frame, we ensure that 732 * the data can not be modified after the MAC is computed but 733 * before the payload is decrypted/copied to the output buffer. 734 */ 735 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 736 737 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 738 localfrm.data, 739 RPMB_MAC_PROTECT_DATA_SIZE); 740 if (res != TEE_SUCCESS) 741 goto func_exit; 742 743 if (i == 0) { 744 /* First block */ 745 offset = rawdata->byte_offset; 746 size = RPMB_DATA_SIZE - offset; 747 } else { 748 /* Middle blocks */ 749 size = RPMB_DATA_SIZE; 750 offset = 0; 751 } 752 753 res = decrypt(data, &localfrm, size, offset, start_idx + i, 754 fek); 755 if (res != TEE_SUCCESS) 756 goto func_exit; 757 758 data += size; 759 } 760 761 /* Last block */ 762 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 763 if (size == 0) 764 size = RPMB_DATA_SIZE; 765 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek); 766 if (res != TEE_SUCCESS) 767 goto func_exit; 768 769 /* Update MAC against the last block */ 770 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, lastfrm->data, 771 RPMB_MAC_PROTECT_DATA_SIZE); 772 if (res != TEE_SUCCESS) 773 goto func_exit; 774 775 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, rawdata->key_mac, 776 RPMB_KEY_MAC_SIZE); 777 if (res != TEE_SUCCESS) 778 goto func_exit; 779 780 res = TEE_SUCCESS; 781 782 func_exit: 783 free(ctx); 784 return res; 785 } 786 787 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 788 struct rpmb_raw_data *rawdata, 789 uint16_t nbr_frms, uint8_t *fek) 790 { 791 TEE_Result res = TEE_ERROR_GENERIC; 792 uint16_t msg_type; 793 uint32_t wr_cnt; 794 uint16_t blk_idx; 795 uint16_t op_result; 796 struct rpmb_data_frame lastfrm; 797 798 if (!datafrm || !rawdata || !nbr_frms) 799 return TEE_ERROR_BAD_PARAMETERS; 800 801 #ifdef CFG_RPMB_FS_DEBUG_DATA 802 for (uint32_t i = 0; i < nbr_frms; i++) { 803 DMSG("Dumping data frame %d:", i); 804 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 805 512 - RPMB_STUFF_DATA_SIZE); 806 } 807 #endif 808 809 /* Make sure the last data packet can't be modified once verified */ 810 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 811 812 /* Handle operation result and translate to TEEC error code. */ 813 bytes_to_u16(lastfrm.op_result, &op_result); 814 if (rawdata->op_result) 815 *rawdata->op_result = op_result; 816 if (op_result != RPMB_RESULT_OK) 817 return TEE_ERROR_GENERIC; 818 819 /* Check the response msg_type. */ 820 bytes_to_u16(lastfrm.msg_type, &msg_type); 821 if (msg_type != rawdata->msg_type) { 822 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 823 rawdata->msg_type); 824 return TEE_ERROR_GENERIC; 825 } 826 827 if (rawdata->blk_idx) { 828 bytes_to_u16(lastfrm.address, &blk_idx); 829 if (blk_idx != *rawdata->blk_idx) { 830 DMSG("Unexpected block index"); 831 return TEE_ERROR_GENERIC; 832 } 833 } 834 835 if (rawdata->write_counter) { 836 wr_cnt = *rawdata->write_counter; 837 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 838 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 839 /* Verify the write counter is incremented by 1 */ 840 if (*rawdata->write_counter != wr_cnt + 1) { 841 DMSG("Counter mismatched (0x%04x/0x%04x)", 842 *rawdata->write_counter, wr_cnt + 1); 843 return TEE_ERROR_SECURITY; 844 } 845 rpmb_ctx->wr_cnt++; 846 } 847 } 848 849 if (rawdata->nonce) { 850 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 851 RPMB_NONCE_SIZE) != 0) { 852 DMSG("Nonce mismatched"); 853 return TEE_ERROR_SECURITY; 854 } 855 } 856 857 if (rawdata->key_mac) { 858 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 859 if (!rawdata->data) 860 return TEE_ERROR_GENERIC; 861 862 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 863 nbr_frms, &lastfrm, 864 fek); 865 866 if (res != TEE_SUCCESS) 867 return res; 868 } else { 869 /* 870 * There should be only one data frame for 871 * other msg types. 872 */ 873 if (nbr_frms != 1) 874 return TEE_ERROR_GENERIC; 875 876 res = tee_rpmb_mac_calc(rawdata->key_mac, 877 RPMB_KEY_MAC_SIZE, 878 rpmb_ctx->key, 879 RPMB_KEY_MAC_SIZE, 880 &lastfrm, 1); 881 882 if (res != TEE_SUCCESS) 883 return res; 884 } 885 886 #ifndef CFG_RPMB_FS_NO_MAC 887 if (buf_compare_ct(rawdata->key_mac, 888 (datafrm + nbr_frms - 1)->key_mac, 889 RPMB_KEY_MAC_SIZE) != 0) { 890 DMSG("MAC mismatched:"); 891 #ifdef CFG_RPMB_FS_DEBUG_DATA 892 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 893 #endif 894 return TEE_ERROR_SECURITY; 895 } 896 #endif /* !CFG_RPMB_FS_NO_MAC */ 897 } 898 899 return TEE_SUCCESS; 900 } 901 902 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 903 struct rpmb_dev_info *dev_info) 904 { 905 TEE_Result res = TEE_ERROR_GENERIC; 906 struct tee_rpmb_mem mem; 907 struct rpmb_dev_info *di; 908 struct rpmb_req *req = NULL; 909 uint8_t *resp = NULL; 910 uint32_t req_size; 911 uint32_t resp_size; 912 913 if (!dev_info) 914 return TEE_ERROR_BAD_PARAMETERS; 915 916 req_size = sizeof(struct rpmb_req); 917 resp_size = sizeof(struct rpmb_dev_info); 918 res = tee_rpmb_alloc(req_size, resp_size, &mem, 919 (void *)&req, (void *)&resp); 920 if (res != TEE_SUCCESS) 921 goto func_exit; 922 923 req->cmd = RPMB_CMD_GET_DEV_INFO; 924 req->dev_id = dev_id; 925 926 di = (struct rpmb_dev_info *)resp; 927 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 928 929 res = tee_rpmb_invoke(&mem); 930 if (res != TEE_SUCCESS) 931 goto func_exit; 932 933 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 934 res = TEE_ERROR_GENERIC; 935 goto func_exit; 936 } 937 938 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 939 940 #ifdef CFG_RPMB_FS_DEBUG_DATA 941 DMSG("Dumping dev_info:"); 942 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 943 #endif 944 945 res = TEE_SUCCESS; 946 947 func_exit: 948 tee_rpmb_free(&mem); 949 return res; 950 } 951 952 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 953 uint32_t *wr_cnt, 954 uint16_t *op_result) 955 { 956 TEE_Result res = TEE_ERROR_GENERIC; 957 struct tee_rpmb_mem mem; 958 uint16_t msg_type; 959 uint8_t nonce[RPMB_NONCE_SIZE]; 960 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 961 struct rpmb_req *req = NULL; 962 struct rpmb_data_frame *resp = NULL; 963 struct rpmb_raw_data rawdata; 964 uint32_t req_size; 965 uint32_t resp_size; 966 967 if (!wr_cnt) 968 return TEE_ERROR_BAD_PARAMETERS; 969 970 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 971 resp_size = RPMB_DATA_FRAME_SIZE; 972 res = tee_rpmb_alloc(req_size, resp_size, &mem, 973 (void *)&req, (void *)&resp); 974 if (res != TEE_SUCCESS) 975 goto func_exit; 976 977 res = crypto_ops.prng.read(nonce, RPMB_NONCE_SIZE); 978 if (res != TEE_SUCCESS) 979 goto func_exit; 980 981 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 982 983 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 984 rawdata.msg_type = msg_type; 985 rawdata.nonce = nonce; 986 987 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL); 988 if (res != TEE_SUCCESS) 989 goto func_exit; 990 991 res = tee_rpmb_invoke(&mem); 992 if (res != TEE_SUCCESS) 993 goto func_exit; 994 995 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 996 997 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 998 rawdata.msg_type = msg_type; 999 rawdata.op_result = op_result; 1000 rawdata.write_counter = wr_cnt; 1001 rawdata.nonce = nonce; 1002 rawdata.key_mac = hmac; 1003 1004 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL); 1005 if (res != TEE_SUCCESS) 1006 goto func_exit; 1007 1008 res = TEE_SUCCESS; 1009 1010 func_exit: 1011 tee_rpmb_free(&mem); 1012 return res; 1013 } 1014 1015 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 1016 { 1017 uint16_t op_result = 0; 1018 TEE_Result res = TEE_ERROR_GENERIC; 1019 1020 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 1021 &op_result); 1022 1023 if (res == TEE_SUCCESS) { 1024 rpmb_ctx->key_verified = true; 1025 rpmb_ctx->wr_cnt_synced = true; 1026 } 1027 1028 DMSG("Verify key returning 0x%x\n", res); 1029 return res; 1030 } 1031 1032 #ifdef CFG_RPMB_WRITE_KEY 1033 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1034 { 1035 TEE_Result res = TEE_ERROR_GENERIC; 1036 struct tee_rpmb_mem mem = { 0 }; 1037 uint16_t msg_type; 1038 struct rpmb_req *req = NULL; 1039 struct rpmb_data_frame *resp = NULL; 1040 struct rpmb_raw_data rawdata; 1041 uint32_t req_size; 1042 uint32_t resp_size; 1043 1044 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1045 resp_size = RPMB_DATA_FRAME_SIZE; 1046 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1047 (void *)&req, (void *)&resp); 1048 if (res != TEE_SUCCESS) 1049 goto func_exit; 1050 1051 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1052 1053 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1054 rawdata.msg_type = msg_type; 1055 rawdata.key_mac = rpmb_ctx->key; 1056 1057 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL); 1058 if (res != TEE_SUCCESS) 1059 goto func_exit; 1060 1061 res = tee_rpmb_invoke(&mem); 1062 if (res != TEE_SUCCESS) 1063 goto func_exit; 1064 1065 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1066 1067 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1068 rawdata.msg_type = msg_type; 1069 1070 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL); 1071 if (res != TEE_SUCCESS) 1072 goto func_exit; 1073 1074 res = TEE_SUCCESS; 1075 1076 func_exit: 1077 tee_rpmb_free(&mem); 1078 return res; 1079 } 1080 1081 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1082 { 1083 TEE_Result res; 1084 1085 DMSG("RPMB INIT: Writing Key"); 1086 res = tee_rpmb_write_key(dev_id); 1087 if (res == TEE_SUCCESS) { 1088 DMSG("RPMB INIT: Verifying Key"); 1089 res = tee_rpmb_verify_key_sync_counter(dev_id); 1090 } 1091 return res; 1092 } 1093 #else 1094 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1095 { 1096 return TEE_ERROR_BAD_STATE; 1097 } 1098 #endif 1099 1100 /* True when all the required crypto functions are available */ 1101 static bool have_crypto_ops(void) 1102 { 1103 return (crypto_ops.mac.init && crypto_ops.mac.update && 1104 crypto_ops.mac.final && crypto_ops.prng.read); 1105 } 1106 1107 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1108 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1109 { 1110 TEE_Result res = TEE_SUCCESS; 1111 struct rpmb_dev_info dev_info; 1112 1113 if (!have_crypto_ops()) 1114 return TEE_ERROR_NOT_SUPPORTED; 1115 1116 if (!rpmb_ctx) { 1117 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1118 if (!rpmb_ctx) 1119 return TEE_ERROR_OUT_OF_MEMORY; 1120 } else if (rpmb_ctx->dev_id != dev_id) { 1121 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1122 } 1123 1124 rpmb_ctx->dev_id = dev_id; 1125 1126 if (!rpmb_ctx->dev_info_synced) { 1127 DMSG("RPMB: Syncing device information"); 1128 1129 dev_info.rpmb_size_mult = 0; 1130 dev_info.rel_wr_sec_c = 0; 1131 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1132 if (res != TEE_SUCCESS) 1133 goto func_exit; 1134 1135 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1136 DMSG("RPMB: Reliable Write Sector Count is %d", 1137 dev_info.rel_wr_sec_c); 1138 1139 if (dev_info.rpmb_size_mult == 0) { 1140 res = TEE_ERROR_GENERIC; 1141 goto func_exit; 1142 } 1143 1144 rpmb_ctx->max_blk_idx = (dev_info.rpmb_size_mult * 1145 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE) - 1; 1146 1147 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1148 1149 if ((rpmb_ctx->hash_ctx_size == 0) && 1150 (crypto_ops.mac.get_ctx_size( 1151 TEE_ALG_HMAC_SHA256, 1152 &rpmb_ctx->hash_ctx_size))) { 1153 rpmb_ctx->hash_ctx_size = 0; 1154 res = TEE_ERROR_GENERIC; 1155 goto func_exit; 1156 } 1157 1158 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1159 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1160 #else 1161 rpmb_ctx->rel_wr_blkcnt = 1; 1162 #endif 1163 1164 rpmb_ctx->dev_info_synced = true; 1165 } 1166 1167 if (!rpmb_ctx->key_derived) { 1168 DMSG("RPMB INIT: Deriving key"); 1169 1170 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1171 RPMB_KEY_MAC_SIZE); 1172 if (res != TEE_SUCCESS) 1173 goto func_exit; 1174 1175 rpmb_ctx->key_derived = true; 1176 } 1177 1178 /* Perform a write counter read to verify if the key is ok. */ 1179 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1180 DMSG("RPMB INIT: Verifying Key"); 1181 1182 res = tee_rpmb_verify_key_sync_counter(dev_id); 1183 if (res != TEE_SUCCESS && !rpmb_ctx->key_verified) { 1184 /* 1185 * Need to write the key here and verify it. 1186 */ 1187 res = tee_rpmb_write_and_verify_key(dev_id); 1188 } 1189 } 1190 1191 func_exit: 1192 return res; 1193 } 1194 1195 /* 1196 * Read RPMB data in bytes. 1197 * 1198 * @dev_id Device ID of the eMMC device. 1199 * @addr Byte address of data. 1200 * @data Pointer to the data. 1201 * @len Size of data in bytes. 1202 * @fek Encrypted File Encryption Key or NULL. 1203 */ 1204 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1205 uint32_t len, uint8_t *fek) 1206 { 1207 TEE_Result res = TEE_ERROR_GENERIC; 1208 struct tee_rpmb_mem mem = { 0 }; 1209 uint16_t msg_type; 1210 uint8_t nonce[RPMB_NONCE_SIZE]; 1211 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1212 struct rpmb_req *req = NULL; 1213 struct rpmb_data_frame *resp = NULL; 1214 struct rpmb_raw_data rawdata; 1215 uint32_t req_size; 1216 uint32_t resp_size; 1217 uint16_t blk_idx; 1218 uint16_t blkcnt; 1219 uint8_t byte_offset; 1220 1221 if (!data || !len) 1222 return TEE_ERROR_BAD_PARAMETERS; 1223 1224 blk_idx = addr / RPMB_DATA_SIZE; 1225 byte_offset = addr % RPMB_DATA_SIZE; 1226 1227 blkcnt = 1228 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1229 res = tee_rpmb_init(dev_id); 1230 if (res != TEE_SUCCESS) 1231 goto func_exit; 1232 1233 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1234 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1235 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1236 (void *)&req, (void *)&resp); 1237 if (res != TEE_SUCCESS) 1238 goto func_exit; 1239 1240 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1241 res = crypto_ops.prng.read(nonce, RPMB_NONCE_SIZE); 1242 if (res != TEE_SUCCESS) 1243 goto func_exit; 1244 1245 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1246 rawdata.msg_type = msg_type; 1247 rawdata.nonce = nonce; 1248 rawdata.blk_idx = &blk_idx; 1249 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL); 1250 if (res != TEE_SUCCESS) 1251 goto func_exit; 1252 1253 req->block_count = blkcnt; 1254 1255 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1256 blk_idx); 1257 1258 res = tee_rpmb_invoke(&mem); 1259 if (res != TEE_SUCCESS) 1260 goto func_exit; 1261 1262 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1263 1264 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1265 rawdata.msg_type = msg_type; 1266 rawdata.block_count = &blkcnt; 1267 rawdata.blk_idx = &blk_idx; 1268 rawdata.nonce = nonce; 1269 rawdata.key_mac = hmac; 1270 rawdata.data = data; 1271 1272 rawdata.len = len; 1273 rawdata.byte_offset = byte_offset; 1274 1275 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek); 1276 if (res != TEE_SUCCESS) 1277 goto func_exit; 1278 1279 res = TEE_SUCCESS; 1280 1281 func_exit: 1282 tee_rpmb_free(&mem); 1283 return res; 1284 } 1285 1286 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1287 const uint8_t *data_blks, uint16_t blkcnt, 1288 const uint8_t *fek) 1289 { 1290 TEE_Result res; 1291 struct tee_rpmb_mem mem; 1292 uint16_t msg_type; 1293 uint32_t wr_cnt; 1294 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1295 struct rpmb_req *req = NULL; 1296 struct rpmb_data_frame *resp = NULL; 1297 struct rpmb_raw_data rawdata; 1298 uint32_t req_size; 1299 uint32_t resp_size; 1300 uint32_t nbr_writes; 1301 uint16_t tmp_blkcnt; 1302 uint16_t tmp_blk_idx; 1303 uint16_t i; 1304 1305 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1306 blk_idx); 1307 1308 if (!data_blks || !blkcnt) 1309 return TEE_ERROR_BAD_PARAMETERS; 1310 1311 res = tee_rpmb_init(dev_id); 1312 if (res != TEE_SUCCESS) 1313 return res; 1314 1315 /* 1316 * We need to split data when block count 1317 * is bigger than reliable block write count. 1318 */ 1319 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1320 req_size = sizeof(struct rpmb_req) + 1321 RPMB_DATA_FRAME_SIZE * blkcnt; 1322 else 1323 req_size = sizeof(struct rpmb_req) + 1324 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1325 1326 resp_size = RPMB_DATA_FRAME_SIZE; 1327 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1328 (void *)&req, (void *)&resp); 1329 if (res != TEE_SUCCESS) 1330 return res; 1331 1332 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1333 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1334 nbr_writes += 1; 1335 1336 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1337 tmp_blk_idx = blk_idx; 1338 for (i = 0; i < nbr_writes; i++) { 1339 /* 1340 * To handle the last write of block count which is 1341 * equal or smaller than reliable write block count. 1342 */ 1343 if (i == nbr_writes - 1) 1344 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1345 (nbr_writes - 1); 1346 1347 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1348 wr_cnt = rpmb_ctx->wr_cnt; 1349 1350 memset(req, 0x00, req_size); 1351 memset(resp, 0x00, resp_size); 1352 1353 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1354 rawdata.msg_type = msg_type; 1355 rawdata.block_count = &tmp_blkcnt; 1356 rawdata.blk_idx = &tmp_blk_idx; 1357 rawdata.write_counter = &wr_cnt; 1358 rawdata.key_mac = hmac; 1359 rawdata.data = (uint8_t *)data_blks + 1360 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1361 1362 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1363 fek); 1364 if (res != TEE_SUCCESS) 1365 goto out; 1366 1367 res = tee_rpmb_invoke(&mem); 1368 if (res != TEE_SUCCESS) { 1369 /* 1370 * To force wr_cnt sync next time, as it might get 1371 * out of sync due to inconsistent operation result! 1372 */ 1373 rpmb_ctx->wr_cnt_synced = false; 1374 goto out; 1375 } 1376 1377 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1378 1379 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1380 rawdata.msg_type = msg_type; 1381 rawdata.block_count = &tmp_blkcnt; 1382 rawdata.blk_idx = &tmp_blk_idx; 1383 rawdata.write_counter = &wr_cnt; 1384 rawdata.key_mac = hmac; 1385 1386 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL); 1387 if (res != TEE_SUCCESS) { 1388 /* 1389 * To force wr_cnt sync next time, as it might get 1390 * out of sync due to inconsistent operation result! 1391 */ 1392 rpmb_ctx->wr_cnt_synced = false; 1393 goto out; 1394 } 1395 1396 tmp_blk_idx += tmp_blkcnt; 1397 } 1398 1399 out: 1400 tee_rpmb_free(&mem); 1401 return res; 1402 } 1403 1404 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1405 uint32_t len) 1406 { 1407 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1408 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1409 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1410 1411 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1412 } 1413 1414 /* 1415 * Write RPMB data in bytes. 1416 * 1417 * @dev_id Device ID of the eMMC device. 1418 * @addr Byte address of data. 1419 * @data Pointer to the data. 1420 * @len Size of data in bytes. 1421 * @fek Encrypted File Encryption Key or NULL. 1422 */ 1423 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1424 const uint8_t *data, uint32_t len, 1425 uint8_t *fek) 1426 { 1427 TEE_Result res = TEE_ERROR_GENERIC; 1428 uint8_t *data_tmp = NULL; 1429 uint16_t blk_idx; 1430 uint16_t blkcnt; 1431 uint8_t byte_offset; 1432 1433 blk_idx = addr / RPMB_DATA_SIZE; 1434 byte_offset = addr % RPMB_DATA_SIZE; 1435 1436 blkcnt = 1437 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1438 1439 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1440 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek); 1441 if (res != TEE_SUCCESS) 1442 goto func_exit; 1443 } else { 1444 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1445 if (!data_tmp) { 1446 res = TEE_ERROR_OUT_OF_MEMORY; 1447 goto func_exit; 1448 } 1449 1450 /* Read the complete blocks */ 1451 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1452 blkcnt * RPMB_DATA_SIZE, fek); 1453 if (res != TEE_SUCCESS) 1454 goto func_exit; 1455 1456 /* Partial update of the data blocks */ 1457 memcpy(data_tmp + byte_offset, data, len); 1458 1459 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1460 fek); 1461 if (res != TEE_SUCCESS) 1462 goto func_exit; 1463 } 1464 1465 res = TEE_SUCCESS; 1466 1467 func_exit: 1468 free(data_tmp); 1469 return res; 1470 } 1471 1472 /* 1473 * Read the RPMB write counter. 1474 * 1475 * @dev_id Device ID of the eMMC device. 1476 * @counter Pointer to the counter. 1477 */ 1478 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1479 uint32_t *counter) 1480 { 1481 TEE_Result res = TEE_SUCCESS; 1482 1483 if (!counter) 1484 return TEE_ERROR_BAD_PARAMETERS; 1485 1486 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1487 res = tee_rpmb_init(dev_id); 1488 if (res != TEE_SUCCESS) 1489 goto func_exit; 1490 } 1491 1492 *counter = rpmb_ctx->wr_cnt; 1493 1494 func_exit: 1495 return res; 1496 } 1497 1498 /* 1499 * Read the RPMB max block. 1500 * 1501 * @dev_id Device ID of the eMMC device. 1502 * @counter Pointer to receive the max block. 1503 */ 1504 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1505 { 1506 TEE_Result res = TEE_SUCCESS; 1507 1508 if (!max_block) 1509 return TEE_ERROR_BAD_PARAMETERS; 1510 1511 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1512 res = tee_rpmb_init(dev_id); 1513 if (res != TEE_SUCCESS) 1514 goto func_exit; 1515 } 1516 1517 *max_block = rpmb_ctx->max_blk_idx; 1518 1519 func_exit: 1520 return res; 1521 } 1522 1523 /* 1524 * End of lower interface to RPMB device 1525 */ 1526 1527 static TEE_Result get_fat_start_address(uint32_t *addr); 1528 1529 static void dump_fat(void) 1530 { 1531 TEE_Result res = TEE_ERROR_GENERIC; 1532 struct rpmb_fat_entry *fat_entries = NULL; 1533 uint32_t fat_address; 1534 size_t size; 1535 int i; 1536 bool last_entry_found = false; 1537 1538 res = get_fat_start_address(&fat_address); 1539 if (res != TEE_SUCCESS) 1540 goto out; 1541 1542 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1543 fat_entries = malloc(size); 1544 if (!fat_entries) { 1545 res = TEE_ERROR_OUT_OF_MEMORY; 1546 goto out; 1547 } 1548 1549 while (!last_entry_found) { 1550 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1551 (uint8_t *)fat_entries, size, NULL); 1552 if (res != TEE_SUCCESS) 1553 goto out; 1554 1555 for (i = 0; i < N_ENTRIES; i++) { 1556 1557 FMSG("flags 0x%x, size %d, address 0x%x, filename '%s'", 1558 fat_entries[i].flags, 1559 fat_entries[i].data_size, 1560 fat_entries[i].start_address, 1561 fat_entries[i].filename); 1562 1563 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1564 last_entry_found = true; 1565 break; 1566 } 1567 1568 /* Move to next fat_entry. */ 1569 fat_address += sizeof(struct rpmb_fat_entry); 1570 } 1571 } 1572 1573 out: 1574 free(fat_entries); 1575 } 1576 1577 #if (TRACE_LEVEL >= TRACE_DEBUG) 1578 static void dump_fh(struct rpmb_file_handle *fh) 1579 { 1580 DMSG("fh->filename=%s", fh->filename); 1581 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1582 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1583 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1584 } 1585 #else 1586 static void dump_fh(struct rpmb_file_handle *fh __unused) 1587 { 1588 } 1589 #endif 1590 1591 static struct rpmb_file_handle *alloc_file_handle(const char *filename) 1592 { 1593 struct rpmb_file_handle *fh = NULL; 1594 1595 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1596 if (!fh) 1597 return NULL; 1598 1599 if (filename) 1600 strlcpy(fh->filename, filename, sizeof(fh->filename)); 1601 1602 return fh; 1603 } 1604 1605 /** 1606 * write_fat_entry: Store info in a fat_entry to RPMB. 1607 */ 1608 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1609 bool update_write_counter) 1610 { 1611 TEE_Result res = TEE_ERROR_GENERIC; 1612 1613 /* Protect partition data. */ 1614 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1615 res = TEE_ERROR_ACCESS_CONFLICT; 1616 goto out; 1617 } 1618 1619 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1620 res = TEE_ERROR_BAD_PARAMETERS; 1621 goto out; 1622 } 1623 1624 if (update_write_counter) { 1625 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1626 &fh->fat_entry.write_counter); 1627 if (res != TEE_SUCCESS) 1628 goto out; 1629 } 1630 1631 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1632 (uint8_t *)&fh->fat_entry, 1633 sizeof(struct rpmb_fat_entry), NULL); 1634 1635 dump_fat(); 1636 1637 out: 1638 return res; 1639 } 1640 1641 /** 1642 * rpmb_fs_setup: Setup rpmb fs. 1643 * Set initial partition and FS values and write to RPMB. 1644 * Store frequently used data in RAM. 1645 */ 1646 static TEE_Result rpmb_fs_setup(void) 1647 { 1648 TEE_Result res = TEE_ERROR_GENERIC; 1649 struct rpmb_fs_partition *partition_data = NULL; 1650 struct rpmb_file_handle *fh = NULL; 1651 uint32_t max_rpmb_block = 0; 1652 1653 if (fs_par) { 1654 res = TEE_SUCCESS; 1655 goto out; 1656 } 1657 1658 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1659 if (res != TEE_SUCCESS) 1660 goto out; 1661 1662 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1663 if (!partition_data) { 1664 res = TEE_ERROR_OUT_OF_MEMORY; 1665 goto out; 1666 } 1667 1668 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1669 (uint8_t *)partition_data, 1670 sizeof(struct rpmb_fs_partition), NULL); 1671 if (res != TEE_SUCCESS) 1672 goto out; 1673 1674 #ifndef CFG_RPMB_RESET_FAT 1675 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1676 if (partition_data->fs_version == FS_VERSION) { 1677 res = TEE_SUCCESS; 1678 goto store_fs_par; 1679 } else { 1680 /* Wrong software is in use. */ 1681 res = TEE_ERROR_ACCESS_DENIED; 1682 goto out; 1683 } 1684 } 1685 #else 1686 EMSG("**** Clearing Storage ****"); 1687 #endif 1688 1689 /* Setup new partition data. */ 1690 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1691 partition_data->fs_version = FS_VERSION; 1692 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1693 1694 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1695 fh = alloc_file_handle(NULL); 1696 if (!fh) { 1697 res = TEE_ERROR_OUT_OF_MEMORY; 1698 goto out; 1699 } 1700 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1701 fh->rpmb_fat_address = partition_data->fat_start_address; 1702 1703 /* Write init FAT entry and partition data to RPMB. */ 1704 res = write_fat_entry(fh, true); 1705 if (res != TEE_SUCCESS) 1706 goto out; 1707 1708 res = 1709 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1710 &partition_data->write_counter); 1711 if (res != TEE_SUCCESS) 1712 goto out; 1713 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1714 (uint8_t *)partition_data, 1715 sizeof(struct rpmb_fs_partition), NULL); 1716 1717 #ifndef CFG_RPMB_RESET_FAT 1718 store_fs_par: 1719 #endif 1720 1721 /* Store FAT start address. */ 1722 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1723 if (!fs_par) { 1724 res = TEE_ERROR_OUT_OF_MEMORY; 1725 goto out; 1726 } 1727 1728 fs_par->fat_start_address = partition_data->fat_start_address; 1729 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1730 1731 dump_fat(); 1732 1733 out: 1734 free(fh); 1735 free(partition_data); 1736 return res; 1737 } 1738 1739 /** 1740 * get_fat_start_address: 1741 * FAT start_address from fs_par. 1742 */ 1743 static TEE_Result get_fat_start_address(uint32_t *addr) 1744 { 1745 if (!fs_par) 1746 return TEE_ERROR_NO_DATA; 1747 1748 *addr = fs_par->fat_start_address; 1749 1750 return TEE_SUCCESS; 1751 } 1752 1753 /** 1754 * read_fat: Read FAT entries 1755 * Return matching FAT entry for read, rm rename and stat. 1756 * Build up memory pool and return matching entry for write operation. 1757 * "Last FAT entry" can be returned during write. 1758 */ 1759 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 1760 { 1761 TEE_Result res = TEE_ERROR_GENERIC; 1762 tee_mm_entry_t *mm = NULL; 1763 struct rpmb_fat_entry *fat_entries = NULL; 1764 uint32_t fat_address; 1765 size_t size; 1766 int i; 1767 bool entry_found = false; 1768 bool last_entry_found = false; 1769 bool expand_fat = false; 1770 struct rpmb_file_handle last_fh; 1771 1772 DMSG("fat_address %d", fh->rpmb_fat_address); 1773 1774 res = rpmb_fs_setup(); 1775 if (res != TEE_SUCCESS) 1776 goto out; 1777 1778 res = get_fat_start_address(&fat_address); 1779 if (res != TEE_SUCCESS) 1780 goto out; 1781 1782 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1783 fat_entries = malloc(size); 1784 if (!fat_entries) { 1785 res = TEE_ERROR_OUT_OF_MEMORY; 1786 goto out; 1787 } 1788 1789 /* 1790 * The pool is used to represent the current RPMB layout. To find 1791 * a slot for the file tee_mm_alloc is called on the pool. Thus 1792 * if it is not NULL the entire FAT must be traversed to fill in 1793 * the pool. 1794 */ 1795 while (!last_entry_found && (!entry_found || p)) { 1796 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1797 (uint8_t *)fat_entries, size, NULL); 1798 if (res != TEE_SUCCESS) 1799 goto out; 1800 1801 for (i = 0; i < N_ENTRIES; i++) { 1802 /* 1803 * Look for an entry, matching filenames. (read, rm, 1804 * rename and stat.). Only store first filename match. 1805 */ 1806 if (fh->filename && 1807 (strcmp(fh->filename, 1808 fat_entries[i].filename) == 0) && 1809 (fat_entries[i].flags & FILE_IS_ACTIVE) && 1810 (!entry_found)) { 1811 entry_found = true; 1812 fh->rpmb_fat_address = fat_address; 1813 memcpy(&fh->fat_entry, &fat_entries[i], 1814 sizeof(struct rpmb_fat_entry)); 1815 if (!p) 1816 break; 1817 } 1818 1819 /* Add existing files to memory pool. (write) */ 1820 if (p) { 1821 if ((fat_entries[i].flags & FILE_IS_ACTIVE) && 1822 (fat_entries[i].data_size > 0)) { 1823 1824 mm = tee_mm_alloc2 1825 (p, 1826 fat_entries[i].start_address, 1827 fat_entries[i].data_size); 1828 if (!mm) { 1829 res = TEE_ERROR_OUT_OF_MEMORY; 1830 goto out; 1831 } 1832 } 1833 1834 /* Unused FAT entries can be reused (write) */ 1835 if (((fat_entries[i].flags & FILE_IS_ACTIVE) == 1836 0) && (fh->rpmb_fat_address == 0)) { 1837 fh->rpmb_fat_address = fat_address; 1838 memcpy(&fh->fat_entry, &fat_entries[i], 1839 sizeof(struct rpmb_fat_entry)); 1840 } 1841 } 1842 1843 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1844 last_entry_found = true; 1845 1846 /* 1847 * If the last entry was reached and was chosen 1848 * by the previous check, then the FAT needs to 1849 * be expanded. 1850 * fh->rpmb_fat_address is the address chosen 1851 * to store the files FAT entry and fat_address 1852 * is the current FAT entry address being 1853 * compared. 1854 */ 1855 if (p && fh->rpmb_fat_address == fat_address) 1856 expand_fat = true; 1857 break; 1858 } 1859 1860 /* Move to next fat_entry. */ 1861 fat_address += sizeof(struct rpmb_fat_entry); 1862 } 1863 } 1864 1865 /* 1866 * Represent the FAT table in the pool. 1867 */ 1868 if (p) { 1869 /* 1870 * Since fat_address is the start of the last entry it needs to 1871 * be moved up by an entry. 1872 */ 1873 fat_address += sizeof(struct rpmb_fat_entry); 1874 1875 /* Make room for yet a FAT entry and add to memory pool. */ 1876 if (expand_fat) 1877 fat_address += sizeof(struct rpmb_fat_entry); 1878 1879 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 1880 if (!mm) { 1881 res = TEE_ERROR_OUT_OF_MEMORY; 1882 goto out; 1883 } 1884 1885 if (expand_fat) { 1886 /* 1887 * Point fat_address to the beginning of the new 1888 * entry. 1889 */ 1890 fat_address -= sizeof(struct rpmb_fat_entry); 1891 memset(&last_fh, 0, sizeof(last_fh)); 1892 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 1893 last_fh.rpmb_fat_address = fat_address; 1894 res = write_fat_entry(&last_fh, true); 1895 if (res != TEE_SUCCESS) 1896 goto out; 1897 } 1898 } 1899 1900 if (fh->filename && !fh->rpmb_fat_address) 1901 res = TEE_ERROR_ITEM_NOT_FOUND; 1902 1903 out: 1904 free(fat_entries); 1905 return res; 1906 } 1907 1908 static TEE_Result generate_fek(struct rpmb_fat_entry *fe) 1909 { 1910 TEE_Result res; 1911 1912 again: 1913 res = tee_fs_generate_fek(fe->fek, sizeof(fe->fek)); 1914 if (res != TEE_SUCCESS) 1915 return res; 1916 1917 if (is_zero(fe->fek, sizeof(fe->fek))) 1918 goto again; 1919 1920 return res; 1921 } 1922 1923 static TEE_Result rpmb_fs_open_internal(const char *file, bool create, 1924 struct tee_file_handle **ret_fh) 1925 { 1926 struct rpmb_file_handle *fh = NULL; 1927 size_t filelen; 1928 tee_mm_pool_t p; 1929 bool pool_result; 1930 TEE_Result res = TEE_ERROR_GENERIC; 1931 1932 mutex_lock(&rpmb_mutex); 1933 1934 filelen = strlen(file); 1935 if (filelen >= TEE_RPMB_FS_FILENAME_LENGTH - 1 || filelen == 0) { 1936 res = TEE_ERROR_BAD_PARAMETERS; 1937 goto out; 1938 } 1939 1940 if (file[filelen - 1] == '/') { 1941 res = TEE_ERROR_BAD_PARAMETERS; 1942 goto out; 1943 } 1944 1945 fh = alloc_file_handle(file); 1946 if (!fh) { 1947 res = TEE_ERROR_OUT_OF_MEMORY; 1948 goto out; 1949 } 1950 1951 /* We need to do setup in order to make sure fs_par is filled in */ 1952 res = rpmb_fs_setup(); 1953 if (res != TEE_SUCCESS) 1954 goto out; 1955 1956 if (create) { 1957 /* Upper memory allocation must be used for RPMB_FS. */ 1958 pool_result = tee_mm_init(&p, 1959 RPMB_STORAGE_START_ADDRESS, 1960 fs_par->max_rpmb_address, 1961 RPMB_BLOCK_SIZE_SHIFT, 1962 TEE_MM_POOL_HI_ALLOC); 1963 1964 if (!pool_result) { 1965 res = TEE_ERROR_OUT_OF_MEMORY; 1966 goto out; 1967 } 1968 1969 res = read_fat(fh, &p); 1970 tee_mm_final(&p); 1971 if (res != TEE_SUCCESS) 1972 goto out; 1973 } else { 1974 res = read_fat(fh, NULL); 1975 if (res != TEE_SUCCESS) 1976 goto out; 1977 } 1978 1979 /* 1980 * If this is opened with create and the entry found was not active 1981 * then this is a new file and the FAT entry must be written 1982 */ 1983 if (create) { 1984 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 1985 memset(&fh->fat_entry, 0, 1986 sizeof(struct rpmb_fat_entry)); 1987 memcpy(fh->fat_entry.filename, file, strlen(file)); 1988 /* Start address and size are 0 */ 1989 fh->fat_entry.flags = FILE_IS_ACTIVE; 1990 1991 res = generate_fek(&fh->fat_entry); 1992 if (res != TEE_SUCCESS) 1993 goto out; 1994 DMSG("GENERATE FEK key: %p", 1995 (void *)fh->fat_entry.fek); 1996 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 1997 1998 res = write_fat_entry(fh, true); 1999 if (res != TEE_SUCCESS) 2000 goto out; 2001 } 2002 } 2003 2004 res = TEE_SUCCESS; 2005 2006 out: 2007 if (res == TEE_SUCCESS) 2008 *ret_fh = (struct tee_file_handle *)fh; 2009 else 2010 free(fh); 2011 2012 mutex_unlock(&rpmb_mutex); 2013 return res; 2014 } 2015 2016 static void rpmb_fs_close(struct tee_file_handle **tfh) 2017 { 2018 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2019 2020 free(fh); 2021 *tfh = NULL; 2022 } 2023 2024 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 2025 void *buf, size_t *len) 2026 { 2027 TEE_Result res; 2028 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2029 size_t size = *len; 2030 2031 if (!size) 2032 return TEE_SUCCESS; 2033 2034 mutex_lock(&rpmb_mutex); 2035 2036 dump_fh(fh); 2037 2038 res = read_fat(fh, NULL); 2039 if (res != TEE_SUCCESS) 2040 goto out; 2041 2042 if (pos >= fh->fat_entry.data_size) { 2043 *len = 0; 2044 goto out; 2045 } 2046 2047 size = MIN(size, fh->fat_entry.data_size - pos); 2048 if (size) { 2049 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2050 fh->fat_entry.start_address + pos, buf, 2051 size, fh->fat_entry.fek); 2052 if (res != TEE_SUCCESS) 2053 goto out; 2054 } 2055 *len = size; 2056 2057 out: 2058 mutex_unlock(&rpmb_mutex); 2059 return res; 2060 } 2061 2062 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2063 const void *buf, size_t size) 2064 { 2065 TEE_Result res; 2066 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2067 tee_mm_pool_t p; 2068 bool pool_result = false; 2069 tee_mm_entry_t *mm; 2070 size_t end; 2071 size_t newsize; 2072 uint8_t *newbuf = NULL; 2073 uintptr_t newaddr; 2074 uint32_t start_addr; 2075 2076 if (!size) 2077 return TEE_SUCCESS; 2078 2079 mutex_lock(&rpmb_mutex); 2080 2081 if (!fs_par) { 2082 res = TEE_ERROR_GENERIC; 2083 goto out; 2084 } 2085 2086 dump_fh(fh); 2087 2088 /* Upper memory allocation must be used for RPMB_FS. */ 2089 pool_result = tee_mm_init(&p, 2090 RPMB_STORAGE_START_ADDRESS, 2091 fs_par->max_rpmb_address, 2092 RPMB_BLOCK_SIZE_SHIFT, 2093 TEE_MM_POOL_HI_ALLOC); 2094 if (!pool_result) { 2095 res = TEE_ERROR_OUT_OF_MEMORY; 2096 goto out; 2097 } 2098 2099 res = read_fat(fh, &p); 2100 if (res != TEE_SUCCESS) 2101 goto out; 2102 2103 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2104 panic("invalid last entry flag"); 2105 2106 end = pos + size; 2107 start_addr = fh->fat_entry.start_address + pos; 2108 2109 if (end <= fh->fat_entry.data_size && 2110 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2111 2112 DMSG("Updating data in-place"); 2113 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2114 size, fh->fat_entry.fek); 2115 if (res != TEE_SUCCESS) 2116 goto out; 2117 } else { 2118 /* 2119 * File must be extended, or update cannot be atomic: allocate, 2120 * read, update, write. 2121 */ 2122 2123 DMSG("Need to re-allocate"); 2124 newsize = MAX(end, fh->fat_entry.data_size); 2125 mm = tee_mm_alloc(&p, newsize); 2126 newbuf = calloc(newsize, 1); 2127 if (!mm || !newbuf) { 2128 res = TEE_ERROR_OUT_OF_MEMORY; 2129 goto out; 2130 } 2131 2132 if (fh->fat_entry.data_size) { 2133 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2134 fh->fat_entry.start_address, 2135 newbuf, fh->fat_entry.data_size, 2136 fh->fat_entry.fek); 2137 if (res != TEE_SUCCESS) 2138 goto out; 2139 } 2140 2141 memcpy(newbuf + pos, buf, size); 2142 2143 newaddr = tee_mm_get_smem(mm); 2144 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2145 newsize, fh->fat_entry.fek); 2146 if (res != TEE_SUCCESS) 2147 goto out; 2148 2149 fh->fat_entry.data_size = newsize; 2150 fh->fat_entry.start_address = newaddr; 2151 res = write_fat_entry(fh, true); 2152 if (res != TEE_SUCCESS) 2153 goto out; 2154 } 2155 2156 out: 2157 mutex_unlock(&rpmb_mutex); 2158 if (pool_result) 2159 tee_mm_final(&p); 2160 if (newbuf) 2161 free(newbuf); 2162 2163 return res; 2164 } 2165 2166 static TEE_Result rpmb_fs_remove(const char *filename) 2167 { 2168 TEE_Result res = TEE_ERROR_GENERIC; 2169 struct rpmb_file_handle *fh = NULL; 2170 2171 mutex_lock(&rpmb_mutex); 2172 2173 if (!filename || strlen(filename) >= TEE_RPMB_FS_FILENAME_LENGTH - 1) { 2174 res = TEE_ERROR_BAD_PARAMETERS; 2175 goto out; 2176 } 2177 2178 fh = alloc_file_handle(filename); 2179 if (!fh) { 2180 res = TEE_ERROR_OUT_OF_MEMORY; 2181 goto out; 2182 } 2183 2184 res = read_fat(fh, NULL); 2185 if (res != TEE_SUCCESS) 2186 goto out; 2187 2188 /* Clear this file entry. */ 2189 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2190 res = write_fat_entry(fh, false); 2191 2192 out: 2193 mutex_unlock(&rpmb_mutex); 2194 free(fh); 2195 return res; 2196 } 2197 2198 static TEE_Result rpmb_fs_rename(const char *old_name, const char *new_name, 2199 bool overwrite) 2200 { 2201 TEE_Result res = TEE_ERROR_GENERIC; 2202 struct rpmb_file_handle *fh_old = NULL; 2203 struct rpmb_file_handle *fh_new = NULL; 2204 uint32_t old_len; 2205 uint32_t new_len; 2206 2207 mutex_lock(&rpmb_mutex); 2208 2209 if (!old_name || !new_name) { 2210 res = TEE_ERROR_BAD_PARAMETERS; 2211 goto out; 2212 } 2213 2214 old_len = strlen(old_name); 2215 new_len = strlen(new_name); 2216 2217 if ((old_len >= TEE_RPMB_FS_FILENAME_LENGTH - 1) || 2218 (new_len >= TEE_RPMB_FS_FILENAME_LENGTH - 1) || (new_len == 0)) { 2219 2220 res = TEE_ERROR_BAD_PARAMETERS; 2221 goto out; 2222 } 2223 2224 fh_old = alloc_file_handle(old_name); 2225 if (!fh_old) { 2226 res = TEE_ERROR_OUT_OF_MEMORY; 2227 goto out; 2228 } 2229 2230 fh_new = alloc_file_handle(new_name); 2231 if (!fh_new) { 2232 res = TEE_ERROR_OUT_OF_MEMORY; 2233 goto out; 2234 } 2235 2236 res = read_fat(fh_old, NULL); 2237 if (res != TEE_SUCCESS) 2238 goto out; 2239 2240 res = read_fat(fh_new, NULL); 2241 if (res == TEE_SUCCESS) { 2242 if (!overwrite) { 2243 res = TEE_ERROR_BAD_PARAMETERS; 2244 goto out; 2245 } 2246 2247 /* Clear this file entry. */ 2248 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2249 res = write_fat_entry(fh_new, false); 2250 if (res != TEE_SUCCESS) 2251 goto out; 2252 } 2253 2254 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2255 memcpy(fh_old->fat_entry.filename, new_name, new_len); 2256 2257 res = write_fat_entry(fh_old, false); 2258 2259 out: 2260 mutex_unlock(&rpmb_mutex); 2261 free(fh_old); 2262 free(fh_new); 2263 2264 return res; 2265 } 2266 2267 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2268 { 2269 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2270 tee_mm_pool_t p; 2271 bool pool_result = false; 2272 tee_mm_entry_t *mm; 2273 uint32_t newsize; 2274 uint8_t *newbuf = NULL; 2275 uintptr_t newaddr; 2276 TEE_Result res = TEE_ERROR_GENERIC; 2277 2278 mutex_lock(&rpmb_mutex); 2279 2280 if (length > INT32_MAX) { 2281 res = TEE_ERROR_BAD_PARAMETERS; 2282 goto out; 2283 } 2284 newsize = length; 2285 2286 res = read_fat(fh, NULL); 2287 if (res != TEE_SUCCESS) 2288 goto out; 2289 2290 if (newsize > fh->fat_entry.data_size) { 2291 /* Extend file */ 2292 2293 pool_result = tee_mm_init(&p, 2294 RPMB_STORAGE_START_ADDRESS, 2295 fs_par->max_rpmb_address, 2296 RPMB_BLOCK_SIZE_SHIFT, 2297 TEE_MM_POOL_HI_ALLOC); 2298 if (!pool_result) { 2299 res = TEE_ERROR_OUT_OF_MEMORY; 2300 goto out; 2301 } 2302 res = read_fat(fh, &p); 2303 if (res != TEE_SUCCESS) 2304 goto out; 2305 2306 mm = tee_mm_alloc(&p, newsize); 2307 newbuf = calloc(newsize, 1); 2308 if (!mm || !newbuf) { 2309 res = TEE_ERROR_OUT_OF_MEMORY; 2310 goto out; 2311 } 2312 2313 if (fh->fat_entry.data_size) { 2314 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2315 fh->fat_entry.start_address, 2316 newbuf, fh->fat_entry.data_size, 2317 fh->fat_entry.fek); 2318 if (res != TEE_SUCCESS) 2319 goto out; 2320 } 2321 2322 newaddr = tee_mm_get_smem(mm); 2323 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2324 newsize, fh->fat_entry.fek); 2325 if (res != TEE_SUCCESS) 2326 goto out; 2327 2328 } else { 2329 /* Don't change file location */ 2330 newaddr = fh->fat_entry.start_address; 2331 } 2332 2333 /* fh->pos is unchanged */ 2334 fh->fat_entry.data_size = newsize; 2335 fh->fat_entry.start_address = newaddr; 2336 res = write_fat_entry(fh, true); 2337 2338 out: 2339 mutex_unlock(&rpmb_mutex); 2340 if (pool_result) 2341 tee_mm_final(&p); 2342 if (newbuf) 2343 free(newbuf); 2344 2345 return res; 2346 } 2347 2348 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2349 { 2350 struct tee_rpmb_fs_dirent *e; 2351 2352 if (!dir) 2353 return; 2354 2355 free(dir->current); 2356 2357 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2358 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2359 free(e); 2360 } 2361 } 2362 2363 static TEE_Result rpmb_fs_dir_populate(const char *path, 2364 struct tee_fs_dir *dir) 2365 { 2366 struct tee_rpmb_fs_dirent *current = NULL; 2367 struct rpmb_fat_entry *fat_entries = NULL; 2368 uint32_t fat_address; 2369 uint32_t filelen; 2370 char *filename; 2371 int i; 2372 bool last_entry_found = false; 2373 bool matched; 2374 struct tee_rpmb_fs_dirent *next = NULL; 2375 uint32_t pathlen; 2376 TEE_Result res = TEE_ERROR_GENERIC; 2377 uint32_t size; 2378 char temp; 2379 2380 mutex_lock(&rpmb_mutex); 2381 2382 res = rpmb_fs_setup(); 2383 if (res != TEE_SUCCESS) 2384 goto out; 2385 2386 res = get_fat_start_address(&fat_address); 2387 if (res != TEE_SUCCESS) 2388 goto out; 2389 2390 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 2391 fat_entries = malloc(size); 2392 if (!fat_entries) { 2393 res = TEE_ERROR_OUT_OF_MEMORY; 2394 goto out; 2395 } 2396 2397 pathlen = strlen(path); 2398 while (!last_entry_found) { 2399 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 2400 (uint8_t *)fat_entries, size, NULL); 2401 if (res != TEE_SUCCESS) 2402 goto out; 2403 2404 for (i = 0; i < N_ENTRIES; i++) { 2405 filename = fat_entries[i].filename; 2406 if (fat_entries[i].flags & FILE_IS_ACTIVE) { 2407 matched = false; 2408 filelen = strlen(filename); 2409 if (filelen > pathlen) { 2410 temp = filename[pathlen]; 2411 filename[pathlen] = '\0'; 2412 if (strcmp(filename, path) == 0) 2413 matched = true; 2414 2415 filename[pathlen] = temp; 2416 } 2417 2418 if (matched) { 2419 next = malloc(sizeof(*next)); 2420 if (!next) { 2421 res = TEE_ERROR_OUT_OF_MEMORY; 2422 goto out; 2423 } 2424 2425 memset(next, 0, sizeof(*next)); 2426 next->entry.d_name = next->name; 2427 memcpy(next->name, 2428 &filename[pathlen], 2429 filelen - pathlen); 2430 2431 SIMPLEQ_INSERT_TAIL(&dir->next, next, 2432 link); 2433 current = next; 2434 } 2435 } 2436 2437 if (fat_entries[i].flags & FILE_IS_LAST_ENTRY) { 2438 last_entry_found = true; 2439 break; 2440 } 2441 2442 /* Move to next fat_entry. */ 2443 fat_address += sizeof(struct rpmb_fat_entry); 2444 } 2445 } 2446 2447 if (current) 2448 res = TEE_SUCCESS; 2449 else 2450 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2451 2452 out: 2453 mutex_unlock(&rpmb_mutex); 2454 if (res != TEE_SUCCESS) 2455 rpmb_fs_dir_free(dir); 2456 if (fat_entries) 2457 free(fat_entries); 2458 2459 return res; 2460 } 2461 2462 static TEE_Result rpmb_fs_opendir(const char *path, struct tee_fs_dir **dir) 2463 { 2464 uint32_t len; 2465 uint32_t max_size; 2466 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2467 TEE_Result res = TEE_ERROR_GENERIC; 2468 struct tee_fs_dir *rpmb_dir = NULL; 2469 2470 if (!path || !dir) { 2471 res = TEE_ERROR_BAD_PARAMETERS; 2472 goto out; 2473 } 2474 2475 /* 2476 * There must be room for at least the NULL char and a char for the 2477 * filename after the path. 2478 */ 2479 max_size = TEE_RPMB_FS_FILENAME_LENGTH - 2; 2480 len = strlen(path); 2481 if (len > max_size || len == 0) { 2482 res = TEE_ERROR_BAD_PARAMETERS; 2483 goto out; 2484 } 2485 2486 memset(path_local, 0, sizeof(path_local)); 2487 memcpy(path_local, path, len); 2488 2489 /* Add a slash to correctly match the full directory name. */ 2490 if (path_local[len - 1] != '/') 2491 path_local[len] = '/'; 2492 2493 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2494 if (!rpmb_dir) { 2495 res = TEE_ERROR_OUT_OF_MEMORY; 2496 goto out; 2497 } 2498 SIMPLEQ_INIT(&rpmb_dir->next); 2499 2500 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2501 if (res != TEE_SUCCESS) { 2502 free(rpmb_dir); 2503 rpmb_dir = NULL; 2504 goto out; 2505 } 2506 2507 *dir = rpmb_dir; 2508 2509 out: 2510 return res; 2511 } 2512 2513 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2514 struct tee_fs_dirent **ent) 2515 { 2516 if (!dir) 2517 return TEE_ERROR_GENERIC; 2518 2519 free(dir->current); 2520 2521 dir->current = SIMPLEQ_FIRST(&dir->next); 2522 if (!dir->current) 2523 return TEE_ERROR_ITEM_NOT_FOUND; 2524 2525 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2526 2527 *ent = &dir->current->entry; 2528 return TEE_SUCCESS; 2529 } 2530 2531 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2532 { 2533 if (dir) { 2534 rpmb_fs_dir_free(dir); 2535 free(dir); 2536 } 2537 } 2538 2539 static TEE_Result rpmb_fs_open(const char *file, struct tee_file_handle **fh) 2540 { 2541 return rpmb_fs_open_internal(file, false, fh); 2542 } 2543 2544 static TEE_Result rpmb_fs_create(const char *file, struct tee_file_handle **fh) 2545 { 2546 return rpmb_fs_open_internal(file, true, fh); 2547 } 2548 2549 const struct tee_file_operations rpmb_fs_ops = { 2550 .open = rpmb_fs_open, 2551 .create = rpmb_fs_create, 2552 .close = rpmb_fs_close, 2553 .read = rpmb_fs_read, 2554 .write = rpmb_fs_write, 2555 .truncate = rpmb_fs_truncate, 2556 .rename = rpmb_fs_rename, 2557 .remove = rpmb_fs_remove, 2558 .opendir = rpmb_fs_opendir, 2559 .closedir = rpmb_fs_closedir, 2560 .readdir = rpmb_fs_readdir, 2561 }; 2562