1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include <assert.h> 29 #include <kernel/misc.h> 30 #include <kernel/msg_param.h> 31 #include <kernel/mutex.h> 32 #include <kernel/panic.h> 33 #include <kernel/tee_common.h> 34 #include <kernel/tee_common_otp.h> 35 #include <kernel/tee_misc.h> 36 #include <kernel/thread.h> 37 #include <mm/core_memprot.h> 38 #include <mm/mobj.h> 39 #include <mm/tee_mm.h> 40 #include <optee_msg_supplicant.h> 41 #include <stdlib.h> 42 #include <string_ext.h> 43 #include <string.h> 44 #include <sys/queue.h> 45 #include <tee/tee_cryp_provider.h> 46 #include <tee/tee_fs.h> 47 #include <tee/tee_fs_key_manager.h> 48 #include <tee/tee_pobj.h> 49 #include <tee/tee_svc_storage.h> 50 #include <trace.h> 51 #include <util.h> 52 53 #define RPMB_STORAGE_START_ADDRESS 0 54 #define RPMB_FS_FAT_START_ADDRESS 512 55 #define RPMB_BLOCK_SIZE_SHIFT 8 56 #define RPMB_CID_PRV_OFFSET 9 57 #define RPMB_CID_CRC_OFFSET 15 58 59 #define RPMB_FS_MAGIC 0x52504D42 60 #define FS_VERSION 2 61 #define N_ENTRIES 8 62 63 #define FILE_IS_ACTIVE (1u << 0) 64 #define FILE_IS_LAST_ENTRY (1u << 1) 65 66 #define TEE_RPMB_FS_FILENAME_LENGTH 224 67 68 /** 69 * FS parameters: Information often used by internal functions. 70 * fat_start_address will be set by rpmb_fs_setup(). 71 * rpmb_fs_parameters can be read by any other function. 72 */ 73 struct rpmb_fs_parameters { 74 uint32_t fat_start_address; 75 uint32_t max_rpmb_address; 76 }; 77 78 /** 79 * File entry for a single file in a RPMB_FS partition. 80 */ 81 struct rpmb_fat_entry { 82 uint32_t start_address; 83 uint32_t data_size; 84 uint32_t flags; 85 uint32_t write_counter; 86 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 87 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 88 }; 89 90 /** 91 * FAT entry context with reference to a FAT entry and its 92 * location in RPMB. 93 */ 94 struct rpmb_file_handle { 95 struct rpmb_fat_entry fat_entry; 96 const TEE_UUID *uuid; 97 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 98 /* Address for current entry in RPMB */ 99 uint32_t rpmb_fat_address; 100 }; 101 102 /** 103 * RPMB_FS partition data 104 */ 105 struct rpmb_fs_partition { 106 uint32_t rpmb_fs_magic; 107 uint32_t fs_version; 108 uint32_t write_counter; 109 uint32_t fat_start_address; 110 /* Do not use reserved[] for other purpose than partition data. */ 111 uint8_t reserved[112]; 112 }; 113 114 /** 115 * A node in a list of directory entries. 116 */ 117 struct tee_rpmb_fs_dirent { 118 struct tee_fs_dirent entry; 119 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 120 }; 121 122 /** 123 * The RPMB directory representation. It contains a queue of 124 * RPMB directory entries: 'next'. 125 * The current pointer points to the last directory entry 126 * returned by readdir(). 127 */ 128 struct tee_fs_dir { 129 struct tee_rpmb_fs_dirent *current; 130 /* */ 131 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 132 }; 133 134 static struct rpmb_fs_parameters *fs_par; 135 136 /* 137 * Lower interface to RPMB device 138 */ 139 140 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 141 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 142 143 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 144 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 145 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 146 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 147 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 148 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 149 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 150 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 151 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 152 153 #define RPMB_STUFF_DATA_SIZE 196 154 #define RPMB_KEY_MAC_SIZE 32 155 #define RPMB_DATA_SIZE 256 156 #define RPMB_NONCE_SIZE 16 157 #define RPMB_DATA_FRAME_SIZE 512 158 159 #define RPMB_RESULT_OK 0x00 160 #define RPMB_RESULT_GENERAL_FAILURE 0x01 161 #define RPMB_RESULT_AUTH_FAILURE 0x02 162 #define RPMB_RESULT_COUNTER_FAILURE 0x03 163 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 164 #define RPMB_RESULT_WRITE_FAILURE 0x05 165 #define RPMB_RESULT_READ_FAILURE 0x06 166 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 167 #define RPMB_RESULT_MASK 0x3F 168 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 169 170 /* RPMB internal commands */ 171 #define RPMB_CMD_DATA_REQ 0x00 172 #define RPMB_CMD_GET_DEV_INFO 0x01 173 174 #define RPMB_SIZE_SINGLE (128 * 1024) 175 176 /* Error codes for get_dev_info request/response. */ 177 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 178 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 179 180 struct rpmb_data_frame { 181 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 182 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 183 uint8_t data[RPMB_DATA_SIZE]; 184 uint8_t nonce[RPMB_NONCE_SIZE]; 185 uint8_t write_counter[4]; 186 uint8_t address[2]; 187 uint8_t block_count[2]; 188 uint8_t op_result[2]; 189 uint8_t msg_type[2]; 190 }; 191 192 struct rpmb_req { 193 uint16_t cmd; 194 uint16_t dev_id; 195 uint16_t block_count; 196 /* variable length of data */ 197 /* uint8_t data[]; REMOVED! */ 198 }; 199 200 #define TEE_RPMB_REQ_DATA(req) \ 201 ((void *)((struct rpmb_req *)(req) + 1)) 202 203 struct rpmb_raw_data { 204 uint16_t msg_type; 205 uint16_t *op_result; 206 uint16_t *block_count; 207 uint16_t *blk_idx; 208 uint32_t *write_counter; 209 uint8_t *nonce; 210 uint8_t *key_mac; 211 uint8_t *data; 212 /* data length to read or write */ 213 uint32_t len; 214 /* Byte address offset in the first block involved */ 215 uint8_t byte_offset; 216 }; 217 218 #define RPMB_EMMC_CID_SIZE 16 219 struct rpmb_dev_info { 220 uint8_t cid[RPMB_EMMC_CID_SIZE]; 221 /* EXT CSD-slice 168 "RPMB Size" */ 222 uint8_t rpmb_size_mult; 223 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 224 uint8_t rel_wr_sec_c; 225 /* Check the ret code and accept the data only if it is OK. */ 226 uint8_t ret_code; 227 }; 228 229 /* 230 * Struct for rpmb context data. 231 * 232 * @key RPMB key. 233 * @cid eMMC card ID. 234 * @hash_ctx_size Hash context size 235 * @wr_cnt Current write counter. 236 * @max_blk_idx The highest block index supported by current device. 237 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 238 * @dev_id Device ID of the eMMC device. 239 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 240 * @key_derived Flag indicating if key has been generated. 241 * @key_verified Flag indicating the key generated is verified ok. 242 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 243 */ 244 struct tee_rpmb_ctx { 245 uint8_t key[RPMB_KEY_MAC_SIZE]; 246 uint8_t cid[RPMB_EMMC_CID_SIZE]; 247 size_t hash_ctx_size; 248 uint32_t wr_cnt; 249 uint16_t max_blk_idx; 250 uint16_t rel_wr_blkcnt; 251 uint16_t dev_id; 252 bool wr_cnt_synced; 253 bool key_derived; 254 bool key_verified; 255 bool dev_info_synced; 256 }; 257 258 static struct tee_rpmb_ctx *rpmb_ctx; 259 260 /* 261 * Mutex to serialize the operations exported by this file. 262 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 263 * different IDs. 264 */ 265 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 266 267 #ifdef CFG_RPMB_TESTKEY 268 269 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 270 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 271 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 272 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 273 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 274 }; 275 276 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 277 uint8_t *key, uint32_t len) 278 { 279 TEE_Result res = TEE_SUCCESS; 280 281 if (!key || RPMB_KEY_MAC_SIZE != len) { 282 res = TEE_ERROR_BAD_PARAMETERS; 283 goto out; 284 } 285 286 DMSG("RPMB: Using test key"); 287 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 288 289 out: 290 return res; 291 } 292 293 #else /* !CFG_RPMB_TESTKEY */ 294 295 /* 296 * NOTE: We need a common API to get hw unique key and it 297 * should return error when the hw unique is not a valid 298 * one as stated below. 299 * We need to make sure the hw unique we get is valid by: 300 * 1. In case of HUK is used, checking if OTP is hidden (in 301 * which case only zeros will be returned) or not; 302 * 2. In case of SSK is used, checking if SSK in OTP is 303 * write_locked (which means a valid key is provisioned) 304 * or not. 305 * 306 * Maybe tee_get_hw_unique_key() should be exposed as 307 * generic API for getting hw unique key! 308 * We should change the API tee_otp_get_hw_unique_key() 309 * to return error code! 310 */ 311 static TEE_Result tee_get_hw_unique_key(struct tee_hw_unique_key *hwkey) 312 { 313 if (!hwkey) 314 return TEE_ERROR_BAD_PARAMETERS; 315 316 tee_otp_get_hw_unique_key(hwkey); 317 318 return TEE_SUCCESS; 319 } 320 321 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 322 uint8_t *key, uint32_t len) 323 { 324 TEE_Result res; 325 struct tee_hw_unique_key hwkey; 326 uint8_t message[RPMB_EMMC_CID_SIZE]; 327 uint8_t *ctx = NULL; 328 329 if (!key || RPMB_KEY_MAC_SIZE != len) { 330 res = TEE_ERROR_BAD_PARAMETERS; 331 goto out; 332 } 333 334 IMSG("RPMB: Using generated key"); 335 res = tee_get_hw_unique_key(&hwkey); 336 if (res != TEE_SUCCESS) 337 goto out; 338 339 ctx = malloc(rpmb_ctx->hash_ctx_size); 340 if (!ctx) { 341 res = TEE_ERROR_OUT_OF_MEMORY; 342 goto out; 343 } 344 345 /* 346 * PRV/CRC would be changed when doing eMMC FFU 347 * The following fields should be masked off when deriving RPMB key 348 * 349 * CID [55: 48]: PRV (Product revision) 350 * CID [07: 01]: CRC (CRC7 checksum) 351 * CID [00]: not used 352 */ 353 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 354 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 355 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 356 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, hwkey.data, 357 HW_UNIQUE_KEY_LENGTH); 358 if (res != TEE_SUCCESS) 359 goto out; 360 361 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 362 message, 363 RPMB_EMMC_CID_SIZE); 364 if (res != TEE_SUCCESS) 365 goto out; 366 367 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, key, len); 368 369 out: 370 free(ctx); 371 return res; 372 } 373 374 #endif /* !CFG_RPMB_TESTKEY */ 375 376 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 377 { 378 *bytes = (uint8_t) (u32 >> 24); 379 *(bytes + 1) = (uint8_t) (u32 >> 16); 380 *(bytes + 2) = (uint8_t) (u32 >> 8); 381 *(bytes + 3) = (uint8_t) u32; 382 } 383 384 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 385 { 386 *u32 = (uint32_t) ((*(bytes) << 24) + 387 (*(bytes + 1) << 16) + 388 (*(bytes + 2) << 8) + (*(bytes + 3))); 389 } 390 391 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 392 { 393 *bytes = (uint8_t) (u16 >> 8); 394 *(bytes + 1) = (uint8_t) u16; 395 } 396 397 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 398 { 399 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 400 } 401 402 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 403 uint8_t *key, uint32_t keysize, 404 struct rpmb_data_frame *datafrms, 405 uint16_t blkcnt) 406 { 407 TEE_Result res = TEE_ERROR_GENERIC; 408 int i; 409 uint8_t *ctx = NULL; 410 411 if (!mac || !key || !datafrms) 412 return TEE_ERROR_BAD_PARAMETERS; 413 414 ctx = malloc(rpmb_ctx->hash_ctx_size); 415 if (!ctx) 416 return TEE_ERROR_OUT_OF_MEMORY; 417 418 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, key, keysize); 419 if (res != TEE_SUCCESS) 420 goto func_exit; 421 422 for (i = 0; i < blkcnt; i++) { 423 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 424 datafrms[i].data, 425 RPMB_MAC_PROTECT_DATA_SIZE); 426 if (res != TEE_SUCCESS) 427 goto func_exit; 428 } 429 430 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, mac, macsize); 431 if (res != TEE_SUCCESS) 432 goto func_exit; 433 434 res = TEE_SUCCESS; 435 436 func_exit: 437 free(ctx); 438 return res; 439 } 440 441 struct tee_rpmb_mem { 442 struct mobj *phreq_mobj; 443 uint64_t phreq_cookie; 444 struct mobj *phresp_mobj; 445 uint64_t phresp_cookie; 446 size_t req_size; 447 size_t resp_size; 448 }; 449 450 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 451 { 452 if (!mem) 453 return; 454 455 if (mem->phreq_mobj) { 456 thread_rpc_free_payload(mem->phreq_cookie, mem->phreq_mobj); 457 mem->phreq_cookie = 0; 458 mem->phreq_mobj = NULL; 459 } 460 if (mem->phresp_mobj) { 461 thread_rpc_free_payload(mem->phresp_cookie, mem->phresp_mobj); 462 mem->phresp_cookie = 0; 463 mem->phresp_mobj = NULL; 464 } 465 } 466 467 468 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 469 struct tee_rpmb_mem *mem, void **req, void **resp) 470 { 471 TEE_Result res = TEE_SUCCESS; 472 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 473 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 474 475 if (!mem) 476 return TEE_ERROR_BAD_PARAMETERS; 477 478 memset(mem, 0, sizeof(*mem)); 479 480 mem->phreq_mobj = thread_rpc_alloc_payload(req_s, &mem->phreq_cookie); 481 mem->phresp_mobj = 482 thread_rpc_alloc_payload(resp_s, &mem->phresp_cookie); 483 484 if (!mem->phreq_mobj || !mem->phresp_mobj) { 485 res = TEE_ERROR_OUT_OF_MEMORY; 486 goto out; 487 } 488 489 *req = mobj_get_va(mem->phreq_mobj, 0); 490 *resp = mobj_get_va(mem->phresp_mobj, 0); 491 if (!*req || !*resp) { 492 res = TEE_ERROR_GENERIC; 493 goto out; 494 } 495 496 mem->req_size = req_size; 497 mem->resp_size = resp_size; 498 499 out: 500 if (res != TEE_SUCCESS) 501 tee_rpmb_free(mem); 502 return res; 503 } 504 505 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 506 { 507 struct optee_msg_param params[2]; 508 509 memset(params, 0, sizeof(params)); 510 511 if (!msg_param_init_memparam(params + 0, mem->phreq_mobj, 0, 512 mem->req_size, mem->phreq_cookie, 513 MSG_PARAM_MEM_DIR_IN)) 514 return TEE_ERROR_BAD_STATE; 515 516 if (!msg_param_init_memparam(params + 1, mem->phresp_mobj, 0, 517 mem->resp_size, mem->phresp_cookie, 518 MSG_PARAM_MEM_DIR_OUT)) 519 return TEE_ERROR_BAD_STATE; 520 521 return thread_rpc_cmd(OPTEE_MSG_RPC_CMD_RPMB, 2, params); 522 } 523 524 static bool is_zero(const uint8_t *buf, size_t size) 525 { 526 size_t i; 527 528 for (i = 0; i < size; i++) 529 if (buf[i]) 530 return false; 531 return true; 532 } 533 534 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 535 uint16_t blk_idx, const uint8_t *fek, 536 const TEE_UUID *uuid) 537 { 538 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 539 blk_idx, fek, TEE_MODE_ENCRYPT); 540 } 541 542 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 543 uint16_t blk_idx, const uint8_t *fek, 544 const TEE_UUID *uuid) 545 { 546 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 547 blk_idx, fek, TEE_MODE_DECRYPT); 548 } 549 550 /* Decrypt/copy at most one block of data */ 551 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 552 size_t size, size_t offset, 553 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 554 const TEE_UUID *uuid) 555 { 556 uint8_t *tmp __maybe_unused; 557 558 559 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 560 panic("invalid size or offset"); 561 562 if (!fek) { 563 /* Block is not encrypted (not a file data block) */ 564 memcpy(out, frm->data + offset, size); 565 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 566 /* The file was created with encryption disabled */ 567 return TEE_ERROR_SECURITY; 568 } else { 569 /* Block is encrypted */ 570 if (size < RPMB_DATA_SIZE) { 571 /* 572 * Since output buffer is not large enough to hold one 573 * block we must allocate a temporary buffer. 574 */ 575 tmp = malloc(RPMB_DATA_SIZE); 576 if (!tmp) 577 return TEE_ERROR_OUT_OF_MEMORY; 578 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 579 memcpy(out, tmp + offset, size); 580 free(tmp); 581 } else { 582 decrypt_block(out, frm->data, blk_idx, fek, uuid); 583 } 584 } 585 586 return TEE_SUCCESS; 587 } 588 589 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 590 struct rpmb_raw_data *rawdata, 591 uint16_t nbr_frms, uint16_t dev_id, 592 const uint8_t *fek, const TEE_UUID *uuid) 593 { 594 TEE_Result res = TEE_ERROR_GENERIC; 595 int i; 596 struct rpmb_data_frame *datafrm; 597 598 if (!req || !rawdata || !nbr_frms) 599 return TEE_ERROR_BAD_PARAMETERS; 600 601 /* 602 * Check write blockcount is not bigger than reliable write 603 * blockcount. 604 */ 605 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 606 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 607 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 608 rpmb_ctx->rel_wr_blkcnt); 609 return TEE_ERROR_GENERIC; 610 } 611 612 req->cmd = RPMB_CMD_DATA_REQ; 613 req->dev_id = dev_id; 614 615 /* Allocate memory for construct all data packets and calculate MAC. */ 616 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 617 if (!datafrm) 618 return TEE_ERROR_OUT_OF_MEMORY; 619 620 for (i = 0; i < nbr_frms; i++) { 621 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 622 623 if (rawdata->block_count) 624 u16_to_bytes(*rawdata->block_count, 625 datafrm[i].block_count); 626 627 if (rawdata->blk_idx) { 628 /* Check the block index is within range. */ 629 if ((*rawdata->blk_idx + nbr_frms) > 630 rpmb_ctx->max_blk_idx) { 631 res = TEE_ERROR_GENERIC; 632 goto func_exit; 633 } 634 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 635 } 636 637 if (rawdata->write_counter) 638 u32_to_bytes(*rawdata->write_counter, 639 datafrm[i].write_counter); 640 641 if (rawdata->nonce) 642 memcpy(datafrm[i].nonce, rawdata->nonce, 643 RPMB_NONCE_SIZE); 644 645 if (rawdata->data) { 646 if (fek) 647 encrypt_block(datafrm[i].data, 648 rawdata->data + (i * RPMB_DATA_SIZE), 649 *rawdata->blk_idx + i, fek, uuid); 650 else 651 memcpy(datafrm[i].data, 652 rawdata->data + (i * RPMB_DATA_SIZE), 653 RPMB_DATA_SIZE); 654 } 655 } 656 657 if (rawdata->key_mac) { 658 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 659 res = 660 tee_rpmb_mac_calc(rawdata->key_mac, 661 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 662 RPMB_KEY_MAC_SIZE, datafrm, 663 nbr_frms); 664 if (res != TEE_SUCCESS) 665 goto func_exit; 666 } 667 memcpy(datafrm[nbr_frms - 1].key_mac, 668 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 669 } 670 671 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 672 nbr_frms * RPMB_DATA_FRAME_SIZE); 673 674 #ifdef CFG_RPMB_FS_DEBUG_DATA 675 for (i = 0; i < nbr_frms; i++) { 676 DMSG("Dumping data frame %d:", i); 677 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 678 512 - RPMB_STUFF_DATA_SIZE); 679 } 680 #endif 681 682 res = TEE_SUCCESS; 683 func_exit: 684 free(datafrm); 685 return res; 686 } 687 688 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 689 struct rpmb_data_frame *frm, 690 const uint8_t *fek, const TEE_UUID *uuid) 691 { 692 TEE_Result res; 693 uint8_t *data; 694 uint16_t idx; 695 696 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 697 return TEE_ERROR_BAD_PARAMETERS; 698 699 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 700 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 701 if (res != TEE_SUCCESS) 702 return res; 703 704 data = rawdata->data; 705 bytes_to_u16(frm->address, &idx); 706 707 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 708 uuid); 709 return res; 710 } 711 712 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 713 struct rpmb_raw_data *rawdata, 714 uint16_t nbr_frms, 715 struct rpmb_data_frame *lastfrm, 716 const uint8_t *fek, 717 const TEE_UUID *uuid) 718 { 719 TEE_Result res = TEE_ERROR_GENERIC; 720 int i; 721 uint8_t *ctx = NULL; 722 uint16_t offset; 723 uint32_t size; 724 uint8_t *data; 725 uint16_t start_idx; 726 struct rpmb_data_frame localfrm; 727 728 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 729 return TEE_ERROR_BAD_PARAMETERS; 730 731 if (nbr_frms == 1) 732 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 733 734 /* nbr_frms > 1 */ 735 736 data = rawdata->data; 737 738 ctx = malloc(rpmb_ctx->hash_ctx_size); 739 if (!ctx) { 740 res = TEE_ERROR_OUT_OF_MEMORY; 741 goto func_exit; 742 } 743 744 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, rpmb_ctx->key, 745 RPMB_KEY_MAC_SIZE); 746 if (res != TEE_SUCCESS) 747 goto func_exit; 748 749 /* 750 * Note: JEDEC JESD84-B51: "In every packet the address is the start 751 * address of the full access (not address of the individual half a 752 * sector)" 753 */ 754 bytes_to_u16(lastfrm->address, &start_idx); 755 756 for (i = 0; i < (nbr_frms - 1); i++) { 757 758 /* 759 * By working on a local copy of the RPMB frame, we ensure that 760 * the data can not be modified after the MAC is computed but 761 * before the payload is decrypted/copied to the output buffer. 762 */ 763 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 764 765 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 766 localfrm.data, 767 RPMB_MAC_PROTECT_DATA_SIZE); 768 if (res != TEE_SUCCESS) 769 goto func_exit; 770 771 if (i == 0) { 772 /* First block */ 773 offset = rawdata->byte_offset; 774 size = RPMB_DATA_SIZE - offset; 775 } else { 776 /* Middle blocks */ 777 size = RPMB_DATA_SIZE; 778 offset = 0; 779 } 780 781 res = decrypt(data, &localfrm, size, offset, start_idx + i, 782 fek, uuid); 783 if (res != TEE_SUCCESS) 784 goto func_exit; 785 786 data += size; 787 } 788 789 /* Last block */ 790 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 791 if (size == 0) 792 size = RPMB_DATA_SIZE; 793 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 794 uuid); 795 if (res != TEE_SUCCESS) 796 goto func_exit; 797 798 /* Update MAC against the last block */ 799 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, lastfrm->data, 800 RPMB_MAC_PROTECT_DATA_SIZE); 801 if (res != TEE_SUCCESS) 802 goto func_exit; 803 804 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, rawdata->key_mac, 805 RPMB_KEY_MAC_SIZE); 806 if (res != TEE_SUCCESS) 807 goto func_exit; 808 809 res = TEE_SUCCESS; 810 811 func_exit: 812 free(ctx); 813 return res; 814 } 815 816 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 817 struct rpmb_raw_data *rawdata, 818 uint16_t nbr_frms, 819 const uint8_t *fek, 820 const TEE_UUID *uuid) 821 { 822 TEE_Result res = TEE_ERROR_GENERIC; 823 uint16_t msg_type; 824 uint32_t wr_cnt; 825 uint16_t blk_idx; 826 uint16_t op_result; 827 struct rpmb_data_frame lastfrm; 828 829 if (!datafrm || !rawdata || !nbr_frms) 830 return TEE_ERROR_BAD_PARAMETERS; 831 832 #ifdef CFG_RPMB_FS_DEBUG_DATA 833 for (uint32_t i = 0; i < nbr_frms; i++) { 834 DMSG("Dumping data frame %d:", i); 835 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 836 512 - RPMB_STUFF_DATA_SIZE); 837 } 838 #endif 839 840 /* Make sure the last data packet can't be modified once verified */ 841 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 842 843 /* Handle operation result and translate to TEEC error code. */ 844 bytes_to_u16(lastfrm.op_result, &op_result); 845 if (rawdata->op_result) 846 *rawdata->op_result = op_result; 847 if (op_result != RPMB_RESULT_OK) 848 return TEE_ERROR_GENERIC; 849 850 /* Check the response msg_type. */ 851 bytes_to_u16(lastfrm.msg_type, &msg_type); 852 if (msg_type != rawdata->msg_type) { 853 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 854 rawdata->msg_type); 855 return TEE_ERROR_GENERIC; 856 } 857 858 if (rawdata->blk_idx) { 859 bytes_to_u16(lastfrm.address, &blk_idx); 860 if (blk_idx != *rawdata->blk_idx) { 861 DMSG("Unexpected block index"); 862 return TEE_ERROR_GENERIC; 863 } 864 } 865 866 if (rawdata->write_counter) { 867 wr_cnt = *rawdata->write_counter; 868 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 869 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 870 /* Verify the write counter is incremented by 1 */ 871 if (*rawdata->write_counter != wr_cnt + 1) { 872 DMSG("Counter mismatched (0x%04x/0x%04x)", 873 *rawdata->write_counter, wr_cnt + 1); 874 return TEE_ERROR_SECURITY; 875 } 876 rpmb_ctx->wr_cnt++; 877 } 878 } 879 880 if (rawdata->nonce) { 881 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 882 RPMB_NONCE_SIZE) != 0) { 883 DMSG("Nonce mismatched"); 884 return TEE_ERROR_SECURITY; 885 } 886 } 887 888 if (rawdata->key_mac) { 889 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 890 if (!rawdata->data) 891 return TEE_ERROR_GENERIC; 892 893 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 894 nbr_frms, &lastfrm, 895 fek, uuid); 896 897 if (res != TEE_SUCCESS) 898 return res; 899 } else { 900 /* 901 * There should be only one data frame for 902 * other msg types. 903 */ 904 if (nbr_frms != 1) 905 return TEE_ERROR_GENERIC; 906 907 res = tee_rpmb_mac_calc(rawdata->key_mac, 908 RPMB_KEY_MAC_SIZE, 909 rpmb_ctx->key, 910 RPMB_KEY_MAC_SIZE, 911 &lastfrm, 1); 912 913 if (res != TEE_SUCCESS) 914 return res; 915 } 916 917 #ifndef CFG_RPMB_FS_NO_MAC 918 if (buf_compare_ct(rawdata->key_mac, 919 (datafrm + nbr_frms - 1)->key_mac, 920 RPMB_KEY_MAC_SIZE) != 0) { 921 DMSG("MAC mismatched:"); 922 #ifdef CFG_RPMB_FS_DEBUG_DATA 923 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 924 #endif 925 return TEE_ERROR_SECURITY; 926 } 927 #endif /* !CFG_RPMB_FS_NO_MAC */ 928 } 929 930 return TEE_SUCCESS; 931 } 932 933 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 934 struct rpmb_dev_info *dev_info) 935 { 936 TEE_Result res = TEE_ERROR_GENERIC; 937 struct tee_rpmb_mem mem; 938 struct rpmb_dev_info *di; 939 struct rpmb_req *req = NULL; 940 uint8_t *resp = NULL; 941 uint32_t req_size; 942 uint32_t resp_size; 943 944 if (!dev_info) 945 return TEE_ERROR_BAD_PARAMETERS; 946 947 req_size = sizeof(struct rpmb_req); 948 resp_size = sizeof(struct rpmb_dev_info); 949 res = tee_rpmb_alloc(req_size, resp_size, &mem, 950 (void *)&req, (void *)&resp); 951 if (res != TEE_SUCCESS) 952 goto func_exit; 953 954 req->cmd = RPMB_CMD_GET_DEV_INFO; 955 req->dev_id = dev_id; 956 957 di = (struct rpmb_dev_info *)resp; 958 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 959 960 res = tee_rpmb_invoke(&mem); 961 if (res != TEE_SUCCESS) 962 goto func_exit; 963 964 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 965 res = TEE_ERROR_GENERIC; 966 goto func_exit; 967 } 968 969 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 970 971 #ifdef CFG_RPMB_FS_DEBUG_DATA 972 DMSG("Dumping dev_info:"); 973 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 974 #endif 975 976 res = TEE_SUCCESS; 977 978 func_exit: 979 tee_rpmb_free(&mem); 980 return res; 981 } 982 983 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 984 uint32_t *wr_cnt, 985 uint16_t *op_result) 986 { 987 TEE_Result res = TEE_ERROR_GENERIC; 988 struct tee_rpmb_mem mem; 989 uint16_t msg_type; 990 uint8_t nonce[RPMB_NONCE_SIZE]; 991 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 992 struct rpmb_req *req = NULL; 993 struct rpmb_data_frame *resp = NULL; 994 struct rpmb_raw_data rawdata; 995 uint32_t req_size; 996 uint32_t resp_size; 997 998 if (!wr_cnt) 999 return TEE_ERROR_BAD_PARAMETERS; 1000 1001 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1002 resp_size = RPMB_DATA_FRAME_SIZE; 1003 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1004 (void *)&req, (void *)&resp); 1005 if (res != TEE_SUCCESS) 1006 goto func_exit; 1007 1008 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1009 if (res != TEE_SUCCESS) 1010 goto func_exit; 1011 1012 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 1013 1014 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1015 rawdata.msg_type = msg_type; 1016 rawdata.nonce = nonce; 1017 1018 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1019 if (res != TEE_SUCCESS) 1020 goto func_exit; 1021 1022 res = tee_rpmb_invoke(&mem); 1023 if (res != TEE_SUCCESS) 1024 goto func_exit; 1025 1026 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 1027 1028 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1029 rawdata.msg_type = msg_type; 1030 rawdata.op_result = op_result; 1031 rawdata.write_counter = wr_cnt; 1032 rawdata.nonce = nonce; 1033 rawdata.key_mac = hmac; 1034 1035 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1036 if (res != TEE_SUCCESS) 1037 goto func_exit; 1038 1039 res = TEE_SUCCESS; 1040 1041 func_exit: 1042 tee_rpmb_free(&mem); 1043 return res; 1044 } 1045 1046 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 1047 { 1048 uint16_t op_result = 0; 1049 TEE_Result res = TEE_ERROR_GENERIC; 1050 1051 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 1052 &op_result); 1053 1054 if (res == TEE_SUCCESS) { 1055 rpmb_ctx->key_verified = true; 1056 rpmb_ctx->wr_cnt_synced = true; 1057 } 1058 1059 DMSG("Verify key returning 0x%x\n", res); 1060 return res; 1061 } 1062 1063 #ifdef CFG_RPMB_WRITE_KEY 1064 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1065 { 1066 TEE_Result res = TEE_ERROR_GENERIC; 1067 struct tee_rpmb_mem mem = { 0 }; 1068 uint16_t msg_type; 1069 struct rpmb_req *req = NULL; 1070 struct rpmb_data_frame *resp = NULL; 1071 struct rpmb_raw_data rawdata; 1072 uint32_t req_size; 1073 uint32_t resp_size; 1074 1075 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1076 resp_size = RPMB_DATA_FRAME_SIZE; 1077 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1078 (void *)&req, (void *)&resp); 1079 if (res != TEE_SUCCESS) 1080 goto func_exit; 1081 1082 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1083 1084 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1085 rawdata.msg_type = msg_type; 1086 rawdata.key_mac = rpmb_ctx->key; 1087 1088 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1089 if (res != TEE_SUCCESS) 1090 goto func_exit; 1091 1092 res = tee_rpmb_invoke(&mem); 1093 if (res != TEE_SUCCESS) 1094 goto func_exit; 1095 1096 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1097 1098 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1099 rawdata.msg_type = msg_type; 1100 1101 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1102 if (res != TEE_SUCCESS) 1103 goto func_exit; 1104 1105 res = TEE_SUCCESS; 1106 1107 func_exit: 1108 tee_rpmb_free(&mem); 1109 return res; 1110 } 1111 1112 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1113 { 1114 TEE_Result res; 1115 1116 DMSG("RPMB INIT: Writing Key"); 1117 res = tee_rpmb_write_key(dev_id); 1118 if (res == TEE_SUCCESS) { 1119 DMSG("RPMB INIT: Verifying Key"); 1120 res = tee_rpmb_verify_key_sync_counter(dev_id); 1121 } 1122 return res; 1123 } 1124 #else 1125 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1126 { 1127 return TEE_ERROR_BAD_STATE; 1128 } 1129 #endif 1130 1131 /* True when all the required crypto functions are available */ 1132 static bool have_crypto_ops(void) 1133 { 1134 return (crypto_ops.mac.init && crypto_ops.mac.update && 1135 crypto_ops.mac.final); 1136 } 1137 1138 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1139 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1140 { 1141 TEE_Result res = TEE_SUCCESS; 1142 struct rpmb_dev_info dev_info; 1143 1144 if (!have_crypto_ops()) 1145 return TEE_ERROR_NOT_SUPPORTED; 1146 1147 if (!rpmb_ctx) { 1148 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1149 if (!rpmb_ctx) 1150 return TEE_ERROR_OUT_OF_MEMORY; 1151 } else if (rpmb_ctx->dev_id != dev_id) { 1152 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1153 } 1154 1155 rpmb_ctx->dev_id = dev_id; 1156 1157 if (!rpmb_ctx->dev_info_synced) { 1158 DMSG("RPMB: Syncing device information"); 1159 1160 dev_info.rpmb_size_mult = 0; 1161 dev_info.rel_wr_sec_c = 0; 1162 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1163 if (res != TEE_SUCCESS) 1164 goto func_exit; 1165 1166 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1167 DMSG("RPMB: Reliable Write Sector Count is %d", 1168 dev_info.rel_wr_sec_c); 1169 1170 if (dev_info.rpmb_size_mult == 0) { 1171 res = TEE_ERROR_GENERIC; 1172 goto func_exit; 1173 } 1174 1175 rpmb_ctx->max_blk_idx = (dev_info.rpmb_size_mult * 1176 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE) - 1; 1177 1178 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1179 1180 if ((rpmb_ctx->hash_ctx_size == 0) && 1181 (crypto_ops.mac.get_ctx_size( 1182 TEE_ALG_HMAC_SHA256, 1183 &rpmb_ctx->hash_ctx_size))) { 1184 rpmb_ctx->hash_ctx_size = 0; 1185 res = TEE_ERROR_GENERIC; 1186 goto func_exit; 1187 } 1188 1189 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1190 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1191 #else 1192 rpmb_ctx->rel_wr_blkcnt = 1; 1193 #endif 1194 1195 rpmb_ctx->dev_info_synced = true; 1196 } 1197 1198 if (!rpmb_ctx->key_derived) { 1199 DMSG("RPMB INIT: Deriving key"); 1200 1201 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1202 RPMB_KEY_MAC_SIZE); 1203 if (res != TEE_SUCCESS) 1204 goto func_exit; 1205 1206 rpmb_ctx->key_derived = true; 1207 } 1208 1209 /* Perform a write counter read to verify if the key is ok. */ 1210 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1211 DMSG("RPMB INIT: Verifying Key"); 1212 1213 res = tee_rpmb_verify_key_sync_counter(dev_id); 1214 if (res != TEE_SUCCESS && !rpmb_ctx->key_verified) { 1215 /* 1216 * Need to write the key here and verify it. 1217 */ 1218 res = tee_rpmb_write_and_verify_key(dev_id); 1219 } 1220 } 1221 1222 func_exit: 1223 return res; 1224 } 1225 1226 /* 1227 * Read RPMB data in bytes. 1228 * 1229 * @dev_id Device ID of the eMMC device. 1230 * @addr Byte address of data. 1231 * @data Pointer to the data. 1232 * @len Size of data in bytes. 1233 * @fek Encrypted File Encryption Key or NULL. 1234 */ 1235 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1236 uint32_t len, const uint8_t *fek, 1237 const TEE_UUID *uuid) 1238 { 1239 TEE_Result res = TEE_ERROR_GENERIC; 1240 struct tee_rpmb_mem mem = { 0 }; 1241 uint16_t msg_type; 1242 uint8_t nonce[RPMB_NONCE_SIZE]; 1243 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1244 struct rpmb_req *req = NULL; 1245 struct rpmb_data_frame *resp = NULL; 1246 struct rpmb_raw_data rawdata; 1247 uint32_t req_size; 1248 uint32_t resp_size; 1249 uint16_t blk_idx; 1250 uint16_t blkcnt; 1251 uint8_t byte_offset; 1252 1253 if (!data || !len) 1254 return TEE_ERROR_BAD_PARAMETERS; 1255 1256 blk_idx = addr / RPMB_DATA_SIZE; 1257 byte_offset = addr % RPMB_DATA_SIZE; 1258 1259 blkcnt = 1260 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1261 res = tee_rpmb_init(dev_id); 1262 if (res != TEE_SUCCESS) 1263 goto func_exit; 1264 1265 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1266 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1267 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1268 (void *)&req, (void *)&resp); 1269 if (res != TEE_SUCCESS) 1270 goto func_exit; 1271 1272 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1273 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1274 if (res != TEE_SUCCESS) 1275 goto func_exit; 1276 1277 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1278 rawdata.msg_type = msg_type; 1279 rawdata.nonce = nonce; 1280 rawdata.blk_idx = &blk_idx; 1281 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1282 if (res != TEE_SUCCESS) 1283 goto func_exit; 1284 1285 req->block_count = blkcnt; 1286 1287 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1288 blk_idx); 1289 1290 res = tee_rpmb_invoke(&mem); 1291 if (res != TEE_SUCCESS) 1292 goto func_exit; 1293 1294 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1295 1296 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1297 rawdata.msg_type = msg_type; 1298 rawdata.block_count = &blkcnt; 1299 rawdata.blk_idx = &blk_idx; 1300 rawdata.nonce = nonce; 1301 rawdata.key_mac = hmac; 1302 rawdata.data = data; 1303 1304 rawdata.len = len; 1305 rawdata.byte_offset = byte_offset; 1306 1307 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1308 if (res != TEE_SUCCESS) 1309 goto func_exit; 1310 1311 res = TEE_SUCCESS; 1312 1313 func_exit: 1314 tee_rpmb_free(&mem); 1315 return res; 1316 } 1317 1318 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1319 const uint8_t *data_blks, uint16_t blkcnt, 1320 const uint8_t *fek, const TEE_UUID *uuid) 1321 { 1322 TEE_Result res; 1323 struct tee_rpmb_mem mem; 1324 uint16_t msg_type; 1325 uint32_t wr_cnt; 1326 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1327 struct rpmb_req *req = NULL; 1328 struct rpmb_data_frame *resp = NULL; 1329 struct rpmb_raw_data rawdata; 1330 uint32_t req_size; 1331 uint32_t resp_size; 1332 uint32_t nbr_writes; 1333 uint16_t tmp_blkcnt; 1334 uint16_t tmp_blk_idx; 1335 uint16_t i; 1336 1337 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1338 blk_idx); 1339 1340 if (!data_blks || !blkcnt) 1341 return TEE_ERROR_BAD_PARAMETERS; 1342 1343 res = tee_rpmb_init(dev_id); 1344 if (res != TEE_SUCCESS) 1345 return res; 1346 1347 /* 1348 * We need to split data when block count 1349 * is bigger than reliable block write count. 1350 */ 1351 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1352 req_size = sizeof(struct rpmb_req) + 1353 RPMB_DATA_FRAME_SIZE * blkcnt; 1354 else 1355 req_size = sizeof(struct rpmb_req) + 1356 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1357 1358 resp_size = RPMB_DATA_FRAME_SIZE; 1359 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1360 (void *)&req, (void *)&resp); 1361 if (res != TEE_SUCCESS) 1362 return res; 1363 1364 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1365 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1366 nbr_writes += 1; 1367 1368 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1369 tmp_blk_idx = blk_idx; 1370 for (i = 0; i < nbr_writes; i++) { 1371 /* 1372 * To handle the last write of block count which is 1373 * equal or smaller than reliable write block count. 1374 */ 1375 if (i == nbr_writes - 1) 1376 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1377 (nbr_writes - 1); 1378 1379 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1380 wr_cnt = rpmb_ctx->wr_cnt; 1381 1382 memset(req, 0x00, req_size); 1383 memset(resp, 0x00, resp_size); 1384 1385 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1386 rawdata.msg_type = msg_type; 1387 rawdata.block_count = &tmp_blkcnt; 1388 rawdata.blk_idx = &tmp_blk_idx; 1389 rawdata.write_counter = &wr_cnt; 1390 rawdata.key_mac = hmac; 1391 rawdata.data = (uint8_t *)data_blks + 1392 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1393 1394 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1395 fek, uuid); 1396 if (res != TEE_SUCCESS) 1397 goto out; 1398 1399 res = tee_rpmb_invoke(&mem); 1400 if (res != TEE_SUCCESS) { 1401 /* 1402 * To force wr_cnt sync next time, as it might get 1403 * out of sync due to inconsistent operation result! 1404 */ 1405 rpmb_ctx->wr_cnt_synced = false; 1406 goto out; 1407 } 1408 1409 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1410 1411 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1412 rawdata.msg_type = msg_type; 1413 rawdata.block_count = &tmp_blkcnt; 1414 rawdata.blk_idx = &tmp_blk_idx; 1415 rawdata.write_counter = &wr_cnt; 1416 rawdata.key_mac = hmac; 1417 1418 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1419 NULL); 1420 if (res != TEE_SUCCESS) { 1421 /* 1422 * To force wr_cnt sync next time, as it might get 1423 * out of sync due to inconsistent operation result! 1424 */ 1425 rpmb_ctx->wr_cnt_synced = false; 1426 goto out; 1427 } 1428 1429 tmp_blk_idx += tmp_blkcnt; 1430 } 1431 1432 out: 1433 tee_rpmb_free(&mem); 1434 return res; 1435 } 1436 1437 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1438 uint32_t len) 1439 { 1440 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1441 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1442 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1443 1444 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1445 } 1446 1447 /* 1448 * Write RPMB data in bytes. 1449 * 1450 * @dev_id Device ID of the eMMC device. 1451 * @addr Byte address of data. 1452 * @data Pointer to the data. 1453 * @len Size of data in bytes. 1454 * @fek Encrypted File Encryption Key or NULL. 1455 */ 1456 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1457 const uint8_t *data, uint32_t len, 1458 const uint8_t *fek, const TEE_UUID *uuid) 1459 { 1460 TEE_Result res = TEE_ERROR_GENERIC; 1461 uint8_t *data_tmp = NULL; 1462 uint16_t blk_idx; 1463 uint16_t blkcnt; 1464 uint8_t byte_offset; 1465 1466 blk_idx = addr / RPMB_DATA_SIZE; 1467 byte_offset = addr % RPMB_DATA_SIZE; 1468 1469 blkcnt = 1470 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1471 1472 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1473 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1474 uuid); 1475 if (res != TEE_SUCCESS) 1476 goto func_exit; 1477 } else { 1478 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1479 if (!data_tmp) { 1480 res = TEE_ERROR_OUT_OF_MEMORY; 1481 goto func_exit; 1482 } 1483 1484 /* Read the complete blocks */ 1485 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1486 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1487 if (res != TEE_SUCCESS) 1488 goto func_exit; 1489 1490 /* Partial update of the data blocks */ 1491 memcpy(data_tmp + byte_offset, data, len); 1492 1493 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1494 fek, uuid); 1495 if (res != TEE_SUCCESS) 1496 goto func_exit; 1497 } 1498 1499 res = TEE_SUCCESS; 1500 1501 func_exit: 1502 free(data_tmp); 1503 return res; 1504 } 1505 1506 /* 1507 * Read the RPMB write counter. 1508 * 1509 * @dev_id Device ID of the eMMC device. 1510 * @counter Pointer to the counter. 1511 */ 1512 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1513 uint32_t *counter) 1514 { 1515 TEE_Result res = TEE_SUCCESS; 1516 1517 if (!counter) 1518 return TEE_ERROR_BAD_PARAMETERS; 1519 1520 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1521 res = tee_rpmb_init(dev_id); 1522 if (res != TEE_SUCCESS) 1523 goto func_exit; 1524 } 1525 1526 *counter = rpmb_ctx->wr_cnt; 1527 1528 func_exit: 1529 return res; 1530 } 1531 1532 /* 1533 * Read the RPMB max block. 1534 * 1535 * @dev_id Device ID of the eMMC device. 1536 * @counter Pointer to receive the max block. 1537 */ 1538 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1539 { 1540 TEE_Result res = TEE_SUCCESS; 1541 1542 if (!max_block) 1543 return TEE_ERROR_BAD_PARAMETERS; 1544 1545 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1546 res = tee_rpmb_init(dev_id); 1547 if (res != TEE_SUCCESS) 1548 goto func_exit; 1549 } 1550 1551 *max_block = rpmb_ctx->max_blk_idx; 1552 1553 func_exit: 1554 return res; 1555 } 1556 1557 /* 1558 * End of lower interface to RPMB device 1559 */ 1560 1561 static TEE_Result get_fat_start_address(uint32_t *addr); 1562 1563 static void dump_fat(void) 1564 { 1565 TEE_Result res = TEE_ERROR_GENERIC; 1566 struct rpmb_fat_entry *fat_entries = NULL; 1567 uint32_t fat_address; 1568 size_t size; 1569 int i; 1570 bool last_entry_found = false; 1571 1572 res = get_fat_start_address(&fat_address); 1573 if (res != TEE_SUCCESS) 1574 goto out; 1575 1576 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1577 fat_entries = malloc(size); 1578 if (!fat_entries) { 1579 res = TEE_ERROR_OUT_OF_MEMORY; 1580 goto out; 1581 } 1582 1583 while (!last_entry_found) { 1584 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1585 (uint8_t *)fat_entries, size, NULL, NULL); 1586 if (res != TEE_SUCCESS) 1587 goto out; 1588 1589 for (i = 0; i < N_ENTRIES; i++) { 1590 1591 FMSG("flags 0x%x, size %d, address 0x%x, filename '%s'", 1592 fat_entries[i].flags, 1593 fat_entries[i].data_size, 1594 fat_entries[i].start_address, 1595 fat_entries[i].filename); 1596 1597 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1598 last_entry_found = true; 1599 break; 1600 } 1601 1602 /* Move to next fat_entry. */ 1603 fat_address += sizeof(struct rpmb_fat_entry); 1604 } 1605 } 1606 1607 out: 1608 free(fat_entries); 1609 } 1610 1611 #if (TRACE_LEVEL >= TRACE_DEBUG) 1612 static void dump_fh(struct rpmb_file_handle *fh) 1613 { 1614 DMSG("fh->filename=%s", fh->filename); 1615 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1616 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1617 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1618 } 1619 #else 1620 static void dump_fh(struct rpmb_file_handle *fh __unused) 1621 { 1622 } 1623 #endif 1624 1625 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1626 bool temporary) 1627 { 1628 struct rpmb_file_handle *fh = NULL; 1629 1630 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1631 if (!fh) 1632 return NULL; 1633 1634 if (po) 1635 tee_svc_storage_create_filename(fh->filename, 1636 sizeof(fh->filename), po, 1637 temporary); 1638 1639 return fh; 1640 } 1641 1642 /** 1643 * write_fat_entry: Store info in a fat_entry to RPMB. 1644 */ 1645 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1646 bool update_write_counter) 1647 { 1648 TEE_Result res = TEE_ERROR_GENERIC; 1649 1650 /* Protect partition data. */ 1651 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1652 res = TEE_ERROR_ACCESS_CONFLICT; 1653 goto out; 1654 } 1655 1656 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1657 res = TEE_ERROR_BAD_PARAMETERS; 1658 goto out; 1659 } 1660 1661 if (update_write_counter) { 1662 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1663 &fh->fat_entry.write_counter); 1664 if (res != TEE_SUCCESS) 1665 goto out; 1666 } 1667 1668 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1669 (uint8_t *)&fh->fat_entry, 1670 sizeof(struct rpmb_fat_entry), NULL, NULL); 1671 1672 dump_fat(); 1673 1674 out: 1675 return res; 1676 } 1677 1678 /** 1679 * rpmb_fs_setup: Setup rpmb fs. 1680 * Set initial partition and FS values and write to RPMB. 1681 * Store frequently used data in RAM. 1682 */ 1683 static TEE_Result rpmb_fs_setup(void) 1684 { 1685 TEE_Result res = TEE_ERROR_GENERIC; 1686 struct rpmb_fs_partition *partition_data = NULL; 1687 struct rpmb_file_handle *fh = NULL; 1688 uint32_t max_rpmb_block = 0; 1689 1690 if (fs_par) { 1691 res = TEE_SUCCESS; 1692 goto out; 1693 } 1694 1695 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1696 if (res != TEE_SUCCESS) 1697 goto out; 1698 1699 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1700 if (!partition_data) { 1701 res = TEE_ERROR_OUT_OF_MEMORY; 1702 goto out; 1703 } 1704 1705 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1706 (uint8_t *)partition_data, 1707 sizeof(struct rpmb_fs_partition), NULL, NULL); 1708 if (res != TEE_SUCCESS) 1709 goto out; 1710 1711 #ifndef CFG_RPMB_RESET_FAT 1712 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1713 if (partition_data->fs_version == FS_VERSION) { 1714 res = TEE_SUCCESS; 1715 goto store_fs_par; 1716 } else { 1717 /* Wrong software is in use. */ 1718 res = TEE_ERROR_ACCESS_DENIED; 1719 goto out; 1720 } 1721 } 1722 #else 1723 EMSG("**** Clearing Storage ****"); 1724 #endif 1725 1726 /* Setup new partition data. */ 1727 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1728 partition_data->fs_version = FS_VERSION; 1729 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1730 1731 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1732 fh = alloc_file_handle(NULL, false); 1733 if (!fh) { 1734 res = TEE_ERROR_OUT_OF_MEMORY; 1735 goto out; 1736 } 1737 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1738 fh->rpmb_fat_address = partition_data->fat_start_address; 1739 1740 /* Write init FAT entry and partition data to RPMB. */ 1741 res = write_fat_entry(fh, true); 1742 if (res != TEE_SUCCESS) 1743 goto out; 1744 1745 res = 1746 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1747 &partition_data->write_counter); 1748 if (res != TEE_SUCCESS) 1749 goto out; 1750 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1751 (uint8_t *)partition_data, 1752 sizeof(struct rpmb_fs_partition), NULL, NULL); 1753 1754 #ifndef CFG_RPMB_RESET_FAT 1755 store_fs_par: 1756 #endif 1757 1758 /* Store FAT start address. */ 1759 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1760 if (!fs_par) { 1761 res = TEE_ERROR_OUT_OF_MEMORY; 1762 goto out; 1763 } 1764 1765 fs_par->fat_start_address = partition_data->fat_start_address; 1766 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1767 1768 dump_fat(); 1769 1770 out: 1771 free(fh); 1772 free(partition_data); 1773 return res; 1774 } 1775 1776 /** 1777 * get_fat_start_address: 1778 * FAT start_address from fs_par. 1779 */ 1780 static TEE_Result get_fat_start_address(uint32_t *addr) 1781 { 1782 if (!fs_par) 1783 return TEE_ERROR_NO_DATA; 1784 1785 *addr = fs_par->fat_start_address; 1786 1787 return TEE_SUCCESS; 1788 } 1789 1790 /** 1791 * read_fat: Read FAT entries 1792 * Return matching FAT entry for read, rm rename and stat. 1793 * Build up memory pool and return matching entry for write operation. 1794 * "Last FAT entry" can be returned during write. 1795 */ 1796 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 1797 { 1798 TEE_Result res = TEE_ERROR_GENERIC; 1799 tee_mm_entry_t *mm = NULL; 1800 struct rpmb_fat_entry *fat_entries = NULL; 1801 uint32_t fat_address; 1802 size_t size; 1803 int i; 1804 bool entry_found = false; 1805 bool last_entry_found = false; 1806 bool expand_fat = false; 1807 struct rpmb_file_handle last_fh; 1808 1809 DMSG("fat_address %d", fh->rpmb_fat_address); 1810 1811 res = rpmb_fs_setup(); 1812 if (res != TEE_SUCCESS) 1813 goto out; 1814 1815 res = get_fat_start_address(&fat_address); 1816 if (res != TEE_SUCCESS) 1817 goto out; 1818 1819 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1820 fat_entries = malloc(size); 1821 if (!fat_entries) { 1822 res = TEE_ERROR_OUT_OF_MEMORY; 1823 goto out; 1824 } 1825 1826 /* 1827 * The pool is used to represent the current RPMB layout. To find 1828 * a slot for the file tee_mm_alloc is called on the pool. Thus 1829 * if it is not NULL the entire FAT must be traversed to fill in 1830 * the pool. 1831 */ 1832 while (!last_entry_found && (!entry_found || p)) { 1833 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1834 (uint8_t *)fat_entries, size, NULL, NULL); 1835 if (res != TEE_SUCCESS) 1836 goto out; 1837 1838 for (i = 0; i < N_ENTRIES; i++) { 1839 /* 1840 * Look for an entry, matching filenames. (read, rm, 1841 * rename and stat.). Only store first filename match. 1842 */ 1843 if (fh->filename && 1844 (strcmp(fh->filename, 1845 fat_entries[i].filename) == 0) && 1846 (fat_entries[i].flags & FILE_IS_ACTIVE) && 1847 (!entry_found)) { 1848 entry_found = true; 1849 fh->rpmb_fat_address = fat_address; 1850 memcpy(&fh->fat_entry, &fat_entries[i], 1851 sizeof(struct rpmb_fat_entry)); 1852 if (!p) 1853 break; 1854 } 1855 1856 /* Add existing files to memory pool. (write) */ 1857 if (p) { 1858 if ((fat_entries[i].flags & FILE_IS_ACTIVE) && 1859 (fat_entries[i].data_size > 0)) { 1860 1861 mm = tee_mm_alloc2 1862 (p, 1863 fat_entries[i].start_address, 1864 fat_entries[i].data_size); 1865 if (!mm) { 1866 res = TEE_ERROR_OUT_OF_MEMORY; 1867 goto out; 1868 } 1869 } 1870 1871 /* Unused FAT entries can be reused (write) */ 1872 if (((fat_entries[i].flags & FILE_IS_ACTIVE) == 1873 0) && (fh->rpmb_fat_address == 0)) { 1874 fh->rpmb_fat_address = fat_address; 1875 memcpy(&fh->fat_entry, &fat_entries[i], 1876 sizeof(struct rpmb_fat_entry)); 1877 } 1878 } 1879 1880 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1881 last_entry_found = true; 1882 1883 /* 1884 * If the last entry was reached and was chosen 1885 * by the previous check, then the FAT needs to 1886 * be expanded. 1887 * fh->rpmb_fat_address is the address chosen 1888 * to store the files FAT entry and fat_address 1889 * is the current FAT entry address being 1890 * compared. 1891 */ 1892 if (p && fh->rpmb_fat_address == fat_address) 1893 expand_fat = true; 1894 break; 1895 } 1896 1897 /* Move to next fat_entry. */ 1898 fat_address += sizeof(struct rpmb_fat_entry); 1899 } 1900 } 1901 1902 /* 1903 * Represent the FAT table in the pool. 1904 */ 1905 if (p) { 1906 /* 1907 * Since fat_address is the start of the last entry it needs to 1908 * be moved up by an entry. 1909 */ 1910 fat_address += sizeof(struct rpmb_fat_entry); 1911 1912 /* Make room for yet a FAT entry and add to memory pool. */ 1913 if (expand_fat) 1914 fat_address += sizeof(struct rpmb_fat_entry); 1915 1916 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 1917 if (!mm) { 1918 res = TEE_ERROR_OUT_OF_MEMORY; 1919 goto out; 1920 } 1921 1922 if (expand_fat) { 1923 /* 1924 * Point fat_address to the beginning of the new 1925 * entry. 1926 */ 1927 fat_address -= sizeof(struct rpmb_fat_entry); 1928 memset(&last_fh, 0, sizeof(last_fh)); 1929 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 1930 last_fh.rpmb_fat_address = fat_address; 1931 res = write_fat_entry(&last_fh, true); 1932 if (res != TEE_SUCCESS) 1933 goto out; 1934 } 1935 } 1936 1937 if (fh->filename && !fh->rpmb_fat_address) 1938 res = TEE_ERROR_ITEM_NOT_FOUND; 1939 1940 out: 1941 free(fat_entries); 1942 return res; 1943 } 1944 1945 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 1946 { 1947 TEE_Result res; 1948 1949 again: 1950 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 1951 if (res != TEE_SUCCESS) 1952 return res; 1953 1954 if (is_zero(fe->fek, sizeof(fe->fek))) 1955 goto again; 1956 1957 return res; 1958 } 1959 1960 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 1961 const TEE_UUID *uuid, bool create) 1962 { 1963 tee_mm_pool_t p; 1964 bool pool_result; 1965 TEE_Result res = TEE_ERROR_GENERIC; 1966 1967 /* We need to do setup in order to make sure fs_par is filled in */ 1968 res = rpmb_fs_setup(); 1969 if (res != TEE_SUCCESS) 1970 goto out; 1971 1972 fh->uuid = uuid; 1973 if (create) { 1974 /* Upper memory allocation must be used for RPMB_FS. */ 1975 pool_result = tee_mm_init(&p, 1976 RPMB_STORAGE_START_ADDRESS, 1977 fs_par->max_rpmb_address, 1978 RPMB_BLOCK_SIZE_SHIFT, 1979 TEE_MM_POOL_HI_ALLOC); 1980 1981 if (!pool_result) { 1982 res = TEE_ERROR_OUT_OF_MEMORY; 1983 goto out; 1984 } 1985 1986 res = read_fat(fh, &p); 1987 tee_mm_final(&p); 1988 if (res != TEE_SUCCESS) 1989 goto out; 1990 } else { 1991 res = read_fat(fh, NULL); 1992 if (res != TEE_SUCCESS) 1993 goto out; 1994 } 1995 1996 /* 1997 * If this is opened with create and the entry found was not active 1998 * then this is a new file and the FAT entry must be written 1999 */ 2000 if (create) { 2001 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 2002 memset(&fh->fat_entry, 0, 2003 sizeof(struct rpmb_fat_entry)); 2004 memcpy(fh->fat_entry.filename, fh->filename, 2005 strlen(fh->filename)); 2006 /* Start address and size are 0 */ 2007 fh->fat_entry.flags = FILE_IS_ACTIVE; 2008 2009 res = generate_fek(&fh->fat_entry, uuid); 2010 if (res != TEE_SUCCESS) 2011 goto out; 2012 DMSG("GENERATE FEK key: %p", 2013 (void *)fh->fat_entry.fek); 2014 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 2015 2016 res = write_fat_entry(fh, true); 2017 if (res != TEE_SUCCESS) 2018 goto out; 2019 } 2020 } 2021 2022 res = TEE_SUCCESS; 2023 2024 out: 2025 return res; 2026 } 2027 2028 static void rpmb_fs_close(struct tee_file_handle **tfh) 2029 { 2030 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2031 2032 free(fh); 2033 *tfh = NULL; 2034 } 2035 2036 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 2037 void *buf, size_t *len) 2038 { 2039 TEE_Result res; 2040 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2041 size_t size = *len; 2042 2043 if (!size) 2044 return TEE_SUCCESS; 2045 2046 mutex_lock(&rpmb_mutex); 2047 2048 dump_fh(fh); 2049 2050 res = read_fat(fh, NULL); 2051 if (res != TEE_SUCCESS) 2052 goto out; 2053 2054 if (pos >= fh->fat_entry.data_size) { 2055 *len = 0; 2056 goto out; 2057 } 2058 2059 size = MIN(size, fh->fat_entry.data_size - pos); 2060 if (size) { 2061 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2062 fh->fat_entry.start_address + pos, buf, 2063 size, fh->fat_entry.fek, fh->uuid); 2064 if (res != TEE_SUCCESS) 2065 goto out; 2066 } 2067 *len = size; 2068 2069 out: 2070 mutex_unlock(&rpmb_mutex); 2071 return res; 2072 } 2073 2074 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 2075 size_t pos, const void *buf, 2076 size_t size) 2077 { 2078 TEE_Result res; 2079 tee_mm_pool_t p; 2080 bool pool_result = false; 2081 tee_mm_entry_t *mm; 2082 size_t end; 2083 size_t newsize; 2084 uint8_t *newbuf = NULL; 2085 uintptr_t newaddr; 2086 uint32_t start_addr; 2087 2088 if (!size) 2089 return TEE_SUCCESS; 2090 2091 if (!fs_par) { 2092 res = TEE_ERROR_GENERIC; 2093 goto out; 2094 } 2095 2096 dump_fh(fh); 2097 2098 /* Upper memory allocation must be used for RPMB_FS. */ 2099 pool_result = tee_mm_init(&p, 2100 RPMB_STORAGE_START_ADDRESS, 2101 fs_par->max_rpmb_address, 2102 RPMB_BLOCK_SIZE_SHIFT, 2103 TEE_MM_POOL_HI_ALLOC); 2104 if (!pool_result) { 2105 res = TEE_ERROR_OUT_OF_MEMORY; 2106 goto out; 2107 } 2108 2109 res = read_fat(fh, &p); 2110 if (res != TEE_SUCCESS) 2111 goto out; 2112 2113 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2114 panic("invalid last entry flag"); 2115 2116 end = pos + size; 2117 start_addr = fh->fat_entry.start_address + pos; 2118 2119 if (end <= fh->fat_entry.data_size && 2120 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2121 2122 DMSG("Updating data in-place"); 2123 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2124 size, fh->fat_entry.fek, fh->uuid); 2125 if (res != TEE_SUCCESS) 2126 goto out; 2127 } else { 2128 /* 2129 * File must be extended, or update cannot be atomic: allocate, 2130 * read, update, write. 2131 */ 2132 2133 DMSG("Need to re-allocate"); 2134 newsize = MAX(end, fh->fat_entry.data_size); 2135 mm = tee_mm_alloc(&p, newsize); 2136 newbuf = calloc(1, newsize); 2137 if (!mm || !newbuf) { 2138 res = TEE_ERROR_OUT_OF_MEMORY; 2139 goto out; 2140 } 2141 2142 if (fh->fat_entry.data_size) { 2143 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2144 fh->fat_entry.start_address, 2145 newbuf, fh->fat_entry.data_size, 2146 fh->fat_entry.fek, fh->uuid); 2147 if (res != TEE_SUCCESS) 2148 goto out; 2149 } 2150 2151 memcpy(newbuf + pos, buf, size); 2152 2153 newaddr = tee_mm_get_smem(mm); 2154 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2155 newsize, fh->fat_entry.fek, fh->uuid); 2156 if (res != TEE_SUCCESS) 2157 goto out; 2158 2159 fh->fat_entry.data_size = newsize; 2160 fh->fat_entry.start_address = newaddr; 2161 res = write_fat_entry(fh, true); 2162 if (res != TEE_SUCCESS) 2163 goto out; 2164 } 2165 2166 out: 2167 if (pool_result) 2168 tee_mm_final(&p); 2169 if (newbuf) 2170 free(newbuf); 2171 2172 return res; 2173 } 2174 2175 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2176 const void *buf, size_t size) 2177 { 2178 TEE_Result res; 2179 2180 mutex_lock(&rpmb_mutex); 2181 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2182 buf, size); 2183 mutex_unlock(&rpmb_mutex); 2184 2185 return res; 2186 } 2187 2188 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2189 { 2190 TEE_Result res; 2191 2192 res = read_fat(fh, NULL); 2193 if (res) 2194 return res; 2195 2196 /* Clear this file entry. */ 2197 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2198 return write_fat_entry(fh, false); 2199 } 2200 2201 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2202 { 2203 TEE_Result res; 2204 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2205 2206 if (!fh) 2207 return TEE_ERROR_OUT_OF_MEMORY; 2208 2209 mutex_lock(&rpmb_mutex); 2210 2211 res = rpmb_fs_remove_internal(fh); 2212 2213 mutex_unlock(&rpmb_mutex); 2214 2215 free(fh); 2216 return res; 2217 } 2218 2219 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2220 struct tee_pobj *new, 2221 bool overwrite) 2222 { 2223 TEE_Result res = TEE_ERROR_GENERIC; 2224 struct rpmb_file_handle *fh_old = NULL; 2225 struct rpmb_file_handle *fh_new = NULL; 2226 2227 if (!old) { 2228 res = TEE_ERROR_BAD_PARAMETERS; 2229 goto out; 2230 } 2231 2232 if (new) 2233 fh_old = alloc_file_handle(old, old->temporary); 2234 else 2235 fh_old = alloc_file_handle(old, true); 2236 if (!fh_old) { 2237 res = TEE_ERROR_OUT_OF_MEMORY; 2238 goto out; 2239 } 2240 2241 if (new) 2242 fh_new = alloc_file_handle(new, new->temporary); 2243 else 2244 fh_new = alloc_file_handle(old, false); 2245 if (!fh_new) { 2246 res = TEE_ERROR_OUT_OF_MEMORY; 2247 goto out; 2248 } 2249 2250 res = read_fat(fh_old, NULL); 2251 if (res != TEE_SUCCESS) 2252 goto out; 2253 2254 res = read_fat(fh_new, NULL); 2255 if (res == TEE_SUCCESS) { 2256 if (!overwrite) { 2257 res = TEE_ERROR_ACCESS_CONFLICT; 2258 goto out; 2259 } 2260 2261 /* Clear this file entry. */ 2262 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2263 res = write_fat_entry(fh_new, false); 2264 if (res != TEE_SUCCESS) 2265 goto out; 2266 } 2267 2268 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2269 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2270 strlen(fh_new->filename)); 2271 2272 res = write_fat_entry(fh_old, false); 2273 2274 out: 2275 free(fh_old); 2276 free(fh_new); 2277 2278 return res; 2279 } 2280 2281 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2282 bool overwrite) 2283 { 2284 TEE_Result res; 2285 2286 mutex_lock(&rpmb_mutex); 2287 res = rpmb_fs_rename_internal(old, new, overwrite); 2288 mutex_unlock(&rpmb_mutex); 2289 2290 return res; 2291 } 2292 2293 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2294 { 2295 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2296 tee_mm_pool_t p; 2297 bool pool_result = false; 2298 tee_mm_entry_t *mm; 2299 uint32_t newsize; 2300 uint8_t *newbuf = NULL; 2301 uintptr_t newaddr; 2302 TEE_Result res = TEE_ERROR_GENERIC; 2303 2304 mutex_lock(&rpmb_mutex); 2305 2306 if (length > INT32_MAX) { 2307 res = TEE_ERROR_BAD_PARAMETERS; 2308 goto out; 2309 } 2310 newsize = length; 2311 2312 res = read_fat(fh, NULL); 2313 if (res != TEE_SUCCESS) 2314 goto out; 2315 2316 if (newsize > fh->fat_entry.data_size) { 2317 /* Extend file */ 2318 2319 pool_result = tee_mm_init(&p, 2320 RPMB_STORAGE_START_ADDRESS, 2321 fs_par->max_rpmb_address, 2322 RPMB_BLOCK_SIZE_SHIFT, 2323 TEE_MM_POOL_HI_ALLOC); 2324 if (!pool_result) { 2325 res = TEE_ERROR_OUT_OF_MEMORY; 2326 goto out; 2327 } 2328 res = read_fat(fh, &p); 2329 if (res != TEE_SUCCESS) 2330 goto out; 2331 2332 mm = tee_mm_alloc(&p, newsize); 2333 newbuf = calloc(1, newsize); 2334 if (!mm || !newbuf) { 2335 res = TEE_ERROR_OUT_OF_MEMORY; 2336 goto out; 2337 } 2338 2339 if (fh->fat_entry.data_size) { 2340 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2341 fh->fat_entry.start_address, 2342 newbuf, fh->fat_entry.data_size, 2343 fh->fat_entry.fek, fh->uuid); 2344 if (res != TEE_SUCCESS) 2345 goto out; 2346 } 2347 2348 newaddr = tee_mm_get_smem(mm); 2349 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2350 newsize, fh->fat_entry.fek, fh->uuid); 2351 if (res != TEE_SUCCESS) 2352 goto out; 2353 2354 } else { 2355 /* Don't change file location */ 2356 newaddr = fh->fat_entry.start_address; 2357 } 2358 2359 /* fh->pos is unchanged */ 2360 fh->fat_entry.data_size = newsize; 2361 fh->fat_entry.start_address = newaddr; 2362 res = write_fat_entry(fh, true); 2363 2364 out: 2365 mutex_unlock(&rpmb_mutex); 2366 if (pool_result) 2367 tee_mm_final(&p); 2368 if (newbuf) 2369 free(newbuf); 2370 2371 return res; 2372 } 2373 2374 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2375 { 2376 struct tee_rpmb_fs_dirent *e; 2377 2378 if (!dir) 2379 return; 2380 2381 free(dir->current); 2382 2383 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2384 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2385 free(e); 2386 } 2387 } 2388 2389 static TEE_Result rpmb_fs_dir_populate(const char *path, 2390 struct tee_fs_dir *dir) 2391 { 2392 struct tee_rpmb_fs_dirent *current = NULL; 2393 struct rpmb_fat_entry *fat_entries = NULL; 2394 uint32_t fat_address; 2395 uint32_t filelen; 2396 char *filename; 2397 int i; 2398 bool last_entry_found = false; 2399 bool matched; 2400 struct tee_rpmb_fs_dirent *next = NULL; 2401 uint32_t pathlen; 2402 TEE_Result res = TEE_ERROR_GENERIC; 2403 uint32_t size; 2404 char temp; 2405 2406 mutex_lock(&rpmb_mutex); 2407 2408 res = rpmb_fs_setup(); 2409 if (res != TEE_SUCCESS) 2410 goto out; 2411 2412 res = get_fat_start_address(&fat_address); 2413 if (res != TEE_SUCCESS) 2414 goto out; 2415 2416 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 2417 fat_entries = malloc(size); 2418 if (!fat_entries) { 2419 res = TEE_ERROR_OUT_OF_MEMORY; 2420 goto out; 2421 } 2422 2423 pathlen = strlen(path); 2424 while (!last_entry_found) { 2425 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 2426 (uint8_t *)fat_entries, size, NULL, NULL); 2427 if (res != TEE_SUCCESS) 2428 goto out; 2429 2430 for (i = 0; i < N_ENTRIES; i++) { 2431 filename = fat_entries[i].filename; 2432 if (fat_entries[i].flags & FILE_IS_ACTIVE) { 2433 matched = false; 2434 filelen = strlen(filename); 2435 if (filelen > pathlen) { 2436 temp = filename[pathlen]; 2437 filename[pathlen] = '\0'; 2438 if (strcmp(filename, path) == 0) 2439 matched = true; 2440 2441 filename[pathlen] = temp; 2442 } 2443 2444 if (matched) { 2445 next = malloc(sizeof(*next)); 2446 if (!next) { 2447 res = TEE_ERROR_OUT_OF_MEMORY; 2448 goto out; 2449 } 2450 2451 next->entry.oidlen = tee_hs2b( 2452 (uint8_t *)&filename[pathlen], 2453 next->entry.oid, 2454 filelen - pathlen, 2455 sizeof(next->entry.oid)); 2456 if (next->entry.oidlen) { 2457 SIMPLEQ_INSERT_TAIL(&dir->next, 2458 next, link); 2459 current = next; 2460 } else { 2461 free(next); 2462 next = NULL; 2463 } 2464 2465 } 2466 } 2467 2468 if (fat_entries[i].flags & FILE_IS_LAST_ENTRY) { 2469 last_entry_found = true; 2470 break; 2471 } 2472 2473 /* Move to next fat_entry. */ 2474 fat_address += sizeof(struct rpmb_fat_entry); 2475 } 2476 } 2477 2478 if (current) 2479 res = TEE_SUCCESS; 2480 else 2481 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2482 2483 out: 2484 mutex_unlock(&rpmb_mutex); 2485 if (res != TEE_SUCCESS) 2486 rpmb_fs_dir_free(dir); 2487 if (fat_entries) 2488 free(fat_entries); 2489 2490 return res; 2491 } 2492 2493 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2494 { 2495 uint32_t len; 2496 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2497 TEE_Result res = TEE_ERROR_GENERIC; 2498 struct tee_fs_dir *rpmb_dir = NULL; 2499 2500 if (!uuid || !dir) { 2501 res = TEE_ERROR_BAD_PARAMETERS; 2502 goto out; 2503 } 2504 2505 memset(path_local, 0, sizeof(path_local)); 2506 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2507 uuid) != TEE_SUCCESS) { 2508 res = TEE_ERROR_BAD_PARAMETERS; 2509 goto out; 2510 } 2511 len = strlen(path_local); 2512 2513 /* Add a slash to correctly match the full directory name. */ 2514 if (path_local[len - 1] != '/') 2515 path_local[len] = '/'; 2516 2517 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2518 if (!rpmb_dir) { 2519 res = TEE_ERROR_OUT_OF_MEMORY; 2520 goto out; 2521 } 2522 SIMPLEQ_INIT(&rpmb_dir->next); 2523 2524 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2525 if (res != TEE_SUCCESS) { 2526 free(rpmb_dir); 2527 rpmb_dir = NULL; 2528 goto out; 2529 } 2530 2531 *dir = rpmb_dir; 2532 2533 out: 2534 return res; 2535 } 2536 2537 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2538 struct tee_fs_dirent **ent) 2539 { 2540 if (!dir) 2541 return TEE_ERROR_GENERIC; 2542 2543 free(dir->current); 2544 2545 dir->current = SIMPLEQ_FIRST(&dir->next); 2546 if (!dir->current) 2547 return TEE_ERROR_ITEM_NOT_FOUND; 2548 2549 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2550 2551 *ent = &dir->current->entry; 2552 return TEE_SUCCESS; 2553 } 2554 2555 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2556 { 2557 if (dir) { 2558 rpmb_fs_dir_free(dir); 2559 free(dir); 2560 } 2561 } 2562 2563 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2564 struct tee_file_handle **ret_fh) 2565 { 2566 TEE_Result res; 2567 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2568 2569 if (!fh) 2570 return TEE_ERROR_OUT_OF_MEMORY; 2571 2572 mutex_lock(&rpmb_mutex); 2573 2574 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2575 if (!res && size) 2576 *size = fh->fat_entry.data_size; 2577 2578 mutex_unlock(&rpmb_mutex); 2579 2580 if (res) 2581 free(fh); 2582 else 2583 *ret_fh = (struct tee_file_handle *)fh; 2584 2585 return res; 2586 } 2587 2588 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2589 const void *head, size_t head_size, 2590 const void *attr, size_t attr_size, 2591 const void *data, size_t data_size, 2592 struct tee_file_handle **ret_fh) 2593 { 2594 TEE_Result res; 2595 size_t pos = 0; 2596 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2597 2598 if (!fh) 2599 return TEE_ERROR_OUT_OF_MEMORY; 2600 2601 mutex_lock(&rpmb_mutex); 2602 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2603 if (res) 2604 goto out; 2605 2606 if (head && head_size) { 2607 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2608 if (res) 2609 goto out; 2610 pos += head_size; 2611 } 2612 2613 if (attr && attr_size) { 2614 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2615 if (res) 2616 goto out; 2617 pos += attr_size; 2618 } 2619 2620 if (data && data_size) { 2621 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2622 if (res) 2623 goto out; 2624 } 2625 2626 if (po->temporary) { 2627 /* 2628 * If it's a temporary filename (which it normally is) 2629 * rename into the final filename now that the file is 2630 * fully initialized. 2631 */ 2632 po->temporary = false; 2633 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2634 if (res) { 2635 po->temporary = true; 2636 goto out; 2637 } 2638 /* Update file handle after rename. */ 2639 tee_svc_storage_create_filename(fh->filename, 2640 sizeof(fh->filename), 2641 po, false); 2642 } 2643 2644 out: 2645 if (res) { 2646 rpmb_fs_remove_internal(fh); 2647 free(fh); 2648 } else { 2649 *ret_fh = (struct tee_file_handle *)fh; 2650 } 2651 mutex_unlock(&rpmb_mutex); 2652 2653 return res; 2654 } 2655 2656 const struct tee_file_operations rpmb_fs_ops = { 2657 .open = rpmb_fs_open, 2658 .create = rpmb_fs_create, 2659 .close = rpmb_fs_close, 2660 .read = rpmb_fs_read, 2661 .write = rpmb_fs_write, 2662 .truncate = rpmb_fs_truncate, 2663 .rename = rpmb_fs_rename, 2664 .remove = rpmb_fs_remove, 2665 .opendir = rpmb_fs_opendir, 2666 .closedir = rpmb_fs_closedir, 2667 .readdir = rpmb_fs_readdir, 2668 }; 2669 2670 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2671 struct tee_file_handle **ret_fh) 2672 { 2673 TEE_Result res; 2674 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2675 static const TEE_UUID uuid = { 0 }; 2676 2677 if (!fh) 2678 return TEE_ERROR_OUT_OF_MEMORY; 2679 2680 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2681 2682 mutex_lock(&rpmb_mutex); 2683 2684 res = rpmb_fs_open_internal(fh, &uuid, create); 2685 2686 mutex_unlock(&rpmb_mutex); 2687 2688 if (res) { 2689 if (create) 2690 rpmb_fs_remove_internal(fh); 2691 free(fh); 2692 } else { 2693 *ret_fh = (struct tee_file_handle *)fh; 2694 } 2695 2696 return res; 2697 } 2698