1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 #include <assert.h> 7 #include <crypto/crypto.h> 8 #include <kernel/huk_subkey.h> 9 #include <kernel/misc.h> 10 #include <kernel/msg_param.h> 11 #include <kernel/mutex.h> 12 #include <kernel/panic.h> 13 #include <kernel/tee_common.h> 14 #include <kernel/tee_common_otp.h> 15 #include <kernel/tee_misc.h> 16 #include <kernel/thread.h> 17 #include <mm/core_memprot.h> 18 #include <mm/mobj.h> 19 #include <mm/tee_mm.h> 20 #include <optee_rpc_cmd.h> 21 #include <stdlib.h> 22 #include <string_ext.h> 23 #include <string.h> 24 #include <sys/queue.h> 25 #include <tee/tee_fs.h> 26 #include <tee/tee_fs_key_manager.h> 27 #include <tee/tee_pobj.h> 28 #include <tee/tee_svc_storage.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #define RPMB_STORAGE_START_ADDRESS 0 33 #define RPMB_FS_FAT_START_ADDRESS 512 34 #define RPMB_BLOCK_SIZE_SHIFT 8 35 #define RPMB_CID_PRV_OFFSET 9 36 #define RPMB_CID_CRC_OFFSET 15 37 38 #define RPMB_FS_MAGIC 0x52504D42 39 #define FS_VERSION 2 40 41 #define FILE_IS_ACTIVE (1u << 0) 42 #define FILE_IS_LAST_ENTRY (1u << 1) 43 44 #define TEE_RPMB_FS_FILENAME_LENGTH 224 45 46 /** 47 * Utilized when caching is enabled, i.e., when CFG_RPMB_FS_CACHE_ENTRIES > 0. 48 * Cache size + the number of entries that are repeatedly read in and buffered 49 * once the cache is full. 50 */ 51 #define RPMB_BUF_MAX_ENTRIES (CFG_RPMB_FS_CACHE_ENTRIES + \ 52 CFG_RPMB_FS_RD_ENTRIES) 53 54 /** 55 * FS parameters: Information often used by internal functions. 56 * fat_start_address will be set by rpmb_fs_setup(). 57 * rpmb_fs_parameters can be read by any other function. 58 */ 59 struct rpmb_fs_parameters { 60 uint32_t fat_start_address; 61 uint32_t max_rpmb_address; 62 }; 63 64 /** 65 * File entry for a single file in a RPMB_FS partition. 66 */ 67 struct rpmb_fat_entry { 68 uint32_t start_address; 69 uint32_t data_size; 70 uint32_t flags; 71 uint32_t write_counter; 72 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 73 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 74 }; 75 76 /** 77 * Structure that describes buffered/cached FAT FS entries in RPMB storage. 78 * This structure is used in functions traversing the FAT FS. 79 */ 80 struct rpmb_fat_entry_dir { 81 /* 82 * Buffer storing the FAT FS entries read in from RPMB storage. It 83 * includes the optional cache entries (CFG_RPMB_FS_CACHE_ENTRIES) 84 * and entries temporary read for current FAT FS traversal 85 * (CFG_RPMB_FS_RD_ENTRIES) when not found from cached entries. 86 */ 87 struct rpmb_fat_entry *rpmb_fat_entry_buf; 88 /* Current index of FAT FS entry to read from buffer. */ 89 uint32_t idx_curr; 90 /* Total number of FAT FS entries in buffer. */ 91 uint32_t num_buffered; 92 /* Total number of FAT FS entries read during traversal. */ 93 uint32_t num_total_read; 94 /* Indicates that last FAT FS entry was read. */ 95 bool last_reached; 96 }; 97 98 /** 99 * FAT entry context with reference to a FAT entry and its 100 * location in RPMB. 101 */ 102 struct rpmb_file_handle { 103 struct rpmb_fat_entry fat_entry; 104 const TEE_UUID *uuid; 105 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 106 /* Address for current entry in RPMB */ 107 uint32_t rpmb_fat_address; 108 }; 109 110 /** 111 * RPMB_FS partition data 112 */ 113 struct rpmb_fs_partition { 114 uint32_t rpmb_fs_magic; 115 uint32_t fs_version; 116 uint32_t write_counter; 117 uint32_t fat_start_address; 118 /* Do not use reserved[] for other purpose than partition data. */ 119 uint8_t reserved[112]; 120 }; 121 122 /** 123 * A node in a list of directory entries. 124 */ 125 struct tee_rpmb_fs_dirent { 126 struct tee_fs_dirent entry; 127 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 128 }; 129 130 /** 131 * The RPMB directory representation. It contains a queue of 132 * RPMB directory entries: 'next'. 133 * The current pointer points to the last directory entry 134 * returned by readdir(). 135 */ 136 struct tee_fs_dir { 137 struct tee_rpmb_fs_dirent *current; 138 /* */ 139 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 140 }; 141 142 static struct rpmb_fs_parameters *fs_par; 143 static struct rpmb_fat_entry_dir *fat_entry_dir; 144 145 /* 146 * Lower interface to RPMB device 147 */ 148 149 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 150 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 151 152 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 153 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 154 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 155 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 156 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 157 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 158 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 159 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 160 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 161 162 #define RPMB_STUFF_DATA_SIZE 196 163 #define RPMB_KEY_MAC_SIZE 32 164 #define RPMB_DATA_SIZE 256 165 #define RPMB_NONCE_SIZE 16 166 #define RPMB_DATA_FRAME_SIZE 512 167 168 #define RPMB_RESULT_OK 0x00 169 #define RPMB_RESULT_GENERAL_FAILURE 0x01 170 #define RPMB_RESULT_AUTH_FAILURE 0x02 171 #define RPMB_RESULT_COUNTER_FAILURE 0x03 172 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 173 #define RPMB_RESULT_WRITE_FAILURE 0x05 174 #define RPMB_RESULT_READ_FAILURE 0x06 175 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 176 #define RPMB_RESULT_MASK 0x3F 177 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 178 179 /* RPMB internal commands */ 180 #define RPMB_CMD_DATA_REQ 0x00 181 #define RPMB_CMD_GET_DEV_INFO 0x01 182 183 #define RPMB_SIZE_SINGLE (128 * 1024) 184 185 /* Error codes for get_dev_info request/response. */ 186 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 187 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 188 189 struct rpmb_data_frame { 190 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 191 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 192 uint8_t data[RPMB_DATA_SIZE]; 193 uint8_t nonce[RPMB_NONCE_SIZE]; 194 uint8_t write_counter[4]; 195 uint8_t address[2]; 196 uint8_t block_count[2]; 197 uint8_t op_result[2]; 198 uint8_t msg_type[2]; 199 }; 200 201 struct rpmb_req { 202 uint16_t cmd; 203 uint16_t dev_id; 204 uint16_t block_count; 205 /* variable length of data */ 206 /* uint8_t data[]; REMOVED! */ 207 }; 208 209 #define TEE_RPMB_REQ_DATA(req) \ 210 ((void *)((struct rpmb_req *)(req) + 1)) 211 212 struct rpmb_raw_data { 213 uint16_t msg_type; 214 uint16_t *op_result; 215 uint16_t *block_count; 216 uint16_t *blk_idx; 217 uint32_t *write_counter; 218 uint8_t *nonce; 219 uint8_t *key_mac; 220 uint8_t *data; 221 /* data length to read or write */ 222 uint32_t len; 223 /* Byte address offset in the first block involved */ 224 uint8_t byte_offset; 225 }; 226 227 #define RPMB_EMMC_CID_SIZE 16 228 struct rpmb_dev_info { 229 uint8_t cid[RPMB_EMMC_CID_SIZE]; 230 /* EXT CSD-slice 168 "RPMB Size" */ 231 uint8_t rpmb_size_mult; 232 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 233 uint8_t rel_wr_sec_c; 234 /* Check the ret code and accept the data only if it is OK. */ 235 uint8_t ret_code; 236 }; 237 238 /* 239 * Struct for rpmb context data. 240 * 241 * @key RPMB key. 242 * @cid eMMC card ID. 243 * @wr_cnt Current write counter. 244 * @max_blk_idx The highest block index supported by current device. 245 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 246 * @dev_id Device ID of the eMMC device. 247 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 248 * @key_derived Flag indicating if key has been generated. 249 * @key_verified Flag indicating the key generated is verified ok. 250 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 251 */ 252 struct tee_rpmb_ctx { 253 uint8_t key[RPMB_KEY_MAC_SIZE]; 254 uint8_t cid[RPMB_EMMC_CID_SIZE]; 255 uint32_t wr_cnt; 256 uint16_t max_blk_idx; 257 uint16_t rel_wr_blkcnt; 258 uint16_t dev_id; 259 bool wr_cnt_synced; 260 bool key_derived; 261 bool key_verified; 262 bool dev_info_synced; 263 }; 264 265 static struct tee_rpmb_ctx *rpmb_ctx; 266 267 /* 268 * Mutex to serialize the operations exported by this file. 269 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 270 * different IDs. 271 */ 272 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 273 274 #ifdef CFG_RPMB_TESTKEY 275 276 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 277 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 278 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 279 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 280 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 281 }; 282 283 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 284 uint8_t *key, uint32_t len) 285 { 286 TEE_Result res = TEE_SUCCESS; 287 288 if (!key || RPMB_KEY_MAC_SIZE != len) { 289 res = TEE_ERROR_BAD_PARAMETERS; 290 goto out; 291 } 292 293 DMSG("RPMB: Using test key"); 294 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 295 296 out: 297 return res; 298 } 299 300 #else /* !CFG_RPMB_TESTKEY */ 301 302 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 303 uint8_t *key, uint32_t len) 304 { 305 uint8_t message[RPMB_EMMC_CID_SIZE]; 306 307 if (!key || RPMB_KEY_MAC_SIZE != len) 308 return TEE_ERROR_BAD_PARAMETERS; 309 310 IMSG("RPMB: Using generated key"); 311 312 /* 313 * PRV/CRC would be changed when doing eMMC FFU 314 * The following fields should be masked off when deriving RPMB key 315 * 316 * CID [55: 48]: PRV (Product revision) 317 * CID [07: 01]: CRC (CRC7 checksum) 318 * CID [00]: not used 319 */ 320 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 321 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 322 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 323 return huk_subkey_derive(HUK_SUBKEY_RPMB, message, sizeof(message), 324 key, len); 325 } 326 327 #endif /* !CFG_RPMB_TESTKEY */ 328 329 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 330 { 331 *bytes = (uint8_t) (u32 >> 24); 332 *(bytes + 1) = (uint8_t) (u32 >> 16); 333 *(bytes + 2) = (uint8_t) (u32 >> 8); 334 *(bytes + 3) = (uint8_t) u32; 335 } 336 337 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 338 { 339 *u32 = (uint32_t) ((*(bytes) << 24) + 340 (*(bytes + 1) << 16) + 341 (*(bytes + 2) << 8) + (*(bytes + 3))); 342 } 343 344 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 345 { 346 *bytes = (uint8_t) (u16 >> 8); 347 *(bytes + 1) = (uint8_t) u16; 348 } 349 350 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 351 { 352 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 353 } 354 355 static void get_op_result_bits(uint8_t *bytes, uint8_t *res) 356 { 357 *res = *(bytes + 1) & RPMB_RESULT_MASK; 358 } 359 360 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 361 uint8_t *key, uint32_t keysize, 362 struct rpmb_data_frame *datafrms, 363 uint16_t blkcnt) 364 { 365 TEE_Result res = TEE_ERROR_GENERIC; 366 int i; 367 void *ctx = NULL; 368 369 if (!mac || !key || !datafrms) 370 return TEE_ERROR_BAD_PARAMETERS; 371 372 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 373 if (res) 374 return res; 375 376 res = crypto_mac_init(ctx, key, keysize); 377 if (res != TEE_SUCCESS) 378 goto func_exit; 379 380 for (i = 0; i < blkcnt; i++) { 381 res = crypto_mac_update(ctx, datafrms[i].data, 382 RPMB_MAC_PROTECT_DATA_SIZE); 383 if (res != TEE_SUCCESS) 384 goto func_exit; 385 } 386 387 res = crypto_mac_final(ctx, mac, macsize); 388 if (res != TEE_SUCCESS) 389 goto func_exit; 390 391 res = TEE_SUCCESS; 392 393 func_exit: 394 crypto_mac_free_ctx(ctx); 395 return res; 396 } 397 398 struct tee_rpmb_mem { 399 struct mobj *phreq_mobj; 400 struct mobj *phresp_mobj; 401 size_t req_size; 402 size_t resp_size; 403 }; 404 405 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 406 { 407 if (!mem) 408 return; 409 410 if (mem->phreq_mobj) { 411 thread_rpc_free_payload(mem->phreq_mobj); 412 mem->phreq_mobj = NULL; 413 } 414 if (mem->phresp_mobj) { 415 thread_rpc_free_payload(mem->phresp_mobj); 416 mem->phresp_mobj = NULL; 417 } 418 } 419 420 421 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 422 struct tee_rpmb_mem *mem, void **req, void **resp) 423 { 424 TEE_Result res = TEE_SUCCESS; 425 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 426 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 427 428 if (!mem) 429 return TEE_ERROR_BAD_PARAMETERS; 430 431 memset(mem, 0, sizeof(*mem)); 432 433 mem->phreq_mobj = thread_rpc_alloc_payload(req_s); 434 mem->phresp_mobj = thread_rpc_alloc_payload(resp_s); 435 436 if (!mem->phreq_mobj || !mem->phresp_mobj) { 437 res = TEE_ERROR_OUT_OF_MEMORY; 438 goto out; 439 } 440 441 *req = mobj_get_va(mem->phreq_mobj, 0); 442 *resp = mobj_get_va(mem->phresp_mobj, 0); 443 if (!*req || !*resp) { 444 res = TEE_ERROR_GENERIC; 445 goto out; 446 } 447 448 mem->req_size = req_size; 449 mem->resp_size = resp_size; 450 451 out: 452 if (res != TEE_SUCCESS) 453 tee_rpmb_free(mem); 454 return res; 455 } 456 457 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 458 { 459 struct thread_param params[2] = { 460 [0] = THREAD_PARAM_MEMREF(IN, mem->phreq_mobj, 0, 461 mem->req_size), 462 [1] = THREAD_PARAM_MEMREF(OUT, mem->phresp_mobj, 0, 463 mem->resp_size), 464 }; 465 466 return thread_rpc_cmd(OPTEE_RPC_CMD_RPMB, 2, params); 467 } 468 469 static bool is_zero(const uint8_t *buf, size_t size) 470 { 471 size_t i; 472 473 for (i = 0; i < size; i++) 474 if (buf[i]) 475 return false; 476 return true; 477 } 478 479 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 480 uint16_t blk_idx, const uint8_t *fek, 481 const TEE_UUID *uuid) 482 { 483 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 484 blk_idx, fek, TEE_MODE_ENCRYPT); 485 } 486 487 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 488 uint16_t blk_idx, const uint8_t *fek, 489 const TEE_UUID *uuid) 490 { 491 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 492 blk_idx, fek, TEE_MODE_DECRYPT); 493 } 494 495 /* Decrypt/copy at most one block of data */ 496 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 497 size_t size, size_t offset, 498 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 499 const TEE_UUID *uuid) 500 { 501 uint8_t *tmp __maybe_unused; 502 503 504 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 505 panic("invalid size or offset"); 506 507 if (!fek) { 508 /* Block is not encrypted (not a file data block) */ 509 memcpy(out, frm->data + offset, size); 510 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 511 /* The file was created with encryption disabled */ 512 return TEE_ERROR_SECURITY; 513 } else { 514 /* Block is encrypted */ 515 if (size < RPMB_DATA_SIZE) { 516 /* 517 * Since output buffer is not large enough to hold one 518 * block we must allocate a temporary buffer. 519 */ 520 tmp = malloc(RPMB_DATA_SIZE); 521 if (!tmp) 522 return TEE_ERROR_OUT_OF_MEMORY; 523 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 524 memcpy(out, tmp + offset, size); 525 free(tmp); 526 } else { 527 decrypt_block(out, frm->data, blk_idx, fek, uuid); 528 } 529 } 530 531 return TEE_SUCCESS; 532 } 533 534 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 535 struct rpmb_raw_data *rawdata, 536 uint16_t nbr_frms, uint16_t dev_id, 537 const uint8_t *fek, const TEE_UUID *uuid) 538 { 539 TEE_Result res = TEE_ERROR_GENERIC; 540 int i; 541 struct rpmb_data_frame *datafrm; 542 543 if (!req || !rawdata || !nbr_frms) 544 return TEE_ERROR_BAD_PARAMETERS; 545 546 /* 547 * Check write blockcount is not bigger than reliable write 548 * blockcount. 549 */ 550 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 551 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 552 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 553 rpmb_ctx->rel_wr_blkcnt); 554 return TEE_ERROR_GENERIC; 555 } 556 557 req->cmd = RPMB_CMD_DATA_REQ; 558 req->dev_id = dev_id; 559 560 /* Allocate memory for construct all data packets and calculate MAC. */ 561 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 562 if (!datafrm) 563 return TEE_ERROR_OUT_OF_MEMORY; 564 565 for (i = 0; i < nbr_frms; i++) { 566 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 567 568 if (rawdata->block_count) 569 u16_to_bytes(*rawdata->block_count, 570 datafrm[i].block_count); 571 572 if (rawdata->blk_idx) { 573 /* Check the block index is within range. */ 574 if ((*rawdata->blk_idx + nbr_frms) > 575 rpmb_ctx->max_blk_idx) { 576 res = TEE_ERROR_GENERIC; 577 goto func_exit; 578 } 579 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 580 } 581 582 if (rawdata->write_counter) 583 u32_to_bytes(*rawdata->write_counter, 584 datafrm[i].write_counter); 585 586 if (rawdata->nonce) 587 memcpy(datafrm[i].nonce, rawdata->nonce, 588 RPMB_NONCE_SIZE); 589 590 if (rawdata->data) { 591 if (fek) 592 encrypt_block(datafrm[i].data, 593 rawdata->data + (i * RPMB_DATA_SIZE), 594 *rawdata->blk_idx + i, fek, uuid); 595 else 596 memcpy(datafrm[i].data, 597 rawdata->data + (i * RPMB_DATA_SIZE), 598 RPMB_DATA_SIZE); 599 } 600 } 601 602 if (rawdata->key_mac) { 603 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 604 res = 605 tee_rpmb_mac_calc(rawdata->key_mac, 606 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 607 RPMB_KEY_MAC_SIZE, datafrm, 608 nbr_frms); 609 if (res != TEE_SUCCESS) 610 goto func_exit; 611 } 612 memcpy(datafrm[nbr_frms - 1].key_mac, 613 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 614 } 615 616 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 617 nbr_frms * RPMB_DATA_FRAME_SIZE); 618 619 #ifdef CFG_RPMB_FS_DEBUG_DATA 620 for (i = 0; i < nbr_frms; i++) { 621 DMSG("Dumping data frame %d:", i); 622 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 623 512 - RPMB_STUFF_DATA_SIZE); 624 } 625 #endif 626 627 res = TEE_SUCCESS; 628 func_exit: 629 free(datafrm); 630 return res; 631 } 632 633 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 634 struct rpmb_data_frame *frm, 635 const uint8_t *fek, const TEE_UUID *uuid) 636 { 637 TEE_Result res; 638 uint8_t *data; 639 uint16_t idx; 640 641 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 642 return TEE_ERROR_BAD_PARAMETERS; 643 644 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 645 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 646 if (res != TEE_SUCCESS) 647 return res; 648 649 data = rawdata->data; 650 bytes_to_u16(frm->address, &idx); 651 652 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 653 uuid); 654 return res; 655 } 656 657 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 658 struct rpmb_raw_data *rawdata, 659 uint16_t nbr_frms, 660 struct rpmb_data_frame *lastfrm, 661 const uint8_t *fek, 662 const TEE_UUID *uuid) 663 { 664 TEE_Result res = TEE_ERROR_GENERIC; 665 int i; 666 void *ctx = NULL; 667 uint16_t offset; 668 uint32_t size; 669 uint8_t *data; 670 uint16_t start_idx; 671 struct rpmb_data_frame localfrm; 672 673 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 674 return TEE_ERROR_BAD_PARAMETERS; 675 676 if (nbr_frms == 1) 677 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 678 679 /* nbr_frms > 1 */ 680 681 data = rawdata->data; 682 683 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 684 if (res) 685 goto func_exit; 686 687 res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 688 if (res != TEE_SUCCESS) 689 goto func_exit; 690 691 /* 692 * Note: JEDEC JESD84-B51: "In every packet the address is the start 693 * address of the full access (not address of the individual half a 694 * sector)" 695 */ 696 bytes_to_u16(lastfrm->address, &start_idx); 697 698 for (i = 0; i < (nbr_frms - 1); i++) { 699 700 /* 701 * By working on a local copy of the RPMB frame, we ensure that 702 * the data can not be modified after the MAC is computed but 703 * before the payload is decrypted/copied to the output buffer. 704 */ 705 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 706 707 res = crypto_mac_update(ctx, localfrm.data, 708 RPMB_MAC_PROTECT_DATA_SIZE); 709 if (res != TEE_SUCCESS) 710 goto func_exit; 711 712 if (i == 0) { 713 /* First block */ 714 offset = rawdata->byte_offset; 715 size = RPMB_DATA_SIZE - offset; 716 } else { 717 /* Middle blocks */ 718 size = RPMB_DATA_SIZE; 719 offset = 0; 720 } 721 722 res = decrypt(data, &localfrm, size, offset, start_idx + i, 723 fek, uuid); 724 if (res != TEE_SUCCESS) 725 goto func_exit; 726 727 data += size; 728 } 729 730 /* Last block */ 731 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 732 if (size == 0) 733 size = RPMB_DATA_SIZE; 734 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 735 uuid); 736 if (res != TEE_SUCCESS) 737 goto func_exit; 738 739 /* Update MAC against the last block */ 740 res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE); 741 if (res != TEE_SUCCESS) 742 goto func_exit; 743 744 res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE); 745 if (res != TEE_SUCCESS) 746 goto func_exit; 747 748 res = TEE_SUCCESS; 749 750 func_exit: 751 crypto_mac_free_ctx(ctx); 752 return res; 753 } 754 755 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 756 struct rpmb_raw_data *rawdata, 757 uint16_t nbr_frms, 758 const uint8_t *fek, 759 const TEE_UUID *uuid) 760 { 761 TEE_Result res = TEE_ERROR_GENERIC; 762 uint16_t msg_type; 763 uint32_t wr_cnt; 764 uint16_t blk_idx; 765 uint8_t op_result; 766 struct rpmb_data_frame lastfrm; 767 768 if (!datafrm || !rawdata || !nbr_frms) 769 return TEE_ERROR_BAD_PARAMETERS; 770 771 #ifdef CFG_RPMB_FS_DEBUG_DATA 772 for (uint32_t i = 0; i < nbr_frms; i++) { 773 DMSG("Dumping data frame %d:", i); 774 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 775 512 - RPMB_STUFF_DATA_SIZE); 776 } 777 #endif 778 779 /* Make sure the last data packet can't be modified once verified */ 780 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 781 782 /* Handle operation result and translate to TEEC error code. */ 783 get_op_result_bits(lastfrm.op_result, &op_result); 784 if (op_result == RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED) 785 return TEE_ERROR_ITEM_NOT_FOUND; 786 if (op_result != RPMB_RESULT_OK) 787 return TEE_ERROR_GENERIC; 788 789 /* Check the response msg_type. */ 790 bytes_to_u16(lastfrm.msg_type, &msg_type); 791 if (msg_type != rawdata->msg_type) { 792 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 793 rawdata->msg_type); 794 return TEE_ERROR_GENERIC; 795 } 796 797 if (rawdata->blk_idx) { 798 bytes_to_u16(lastfrm.address, &blk_idx); 799 if (blk_idx != *rawdata->blk_idx) { 800 DMSG("Unexpected block index"); 801 return TEE_ERROR_GENERIC; 802 } 803 } 804 805 if (rawdata->write_counter) { 806 wr_cnt = *rawdata->write_counter; 807 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 808 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 809 /* Verify the write counter is incremented by 1 */ 810 if (*rawdata->write_counter != wr_cnt + 1) { 811 DMSG("Counter mismatched (0x%04x/0x%04x)", 812 *rawdata->write_counter, wr_cnt + 1); 813 return TEE_ERROR_SECURITY; 814 } 815 rpmb_ctx->wr_cnt++; 816 } 817 } 818 819 if (rawdata->nonce) { 820 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 821 RPMB_NONCE_SIZE) != 0) { 822 DMSG("Nonce mismatched"); 823 return TEE_ERROR_SECURITY; 824 } 825 } 826 827 if (rawdata->key_mac) { 828 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 829 if (!rawdata->data) 830 return TEE_ERROR_GENERIC; 831 832 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 833 nbr_frms, &lastfrm, 834 fek, uuid); 835 836 if (res != TEE_SUCCESS) 837 return res; 838 } else { 839 /* 840 * There should be only one data frame for 841 * other msg types. 842 */ 843 if (nbr_frms != 1) 844 return TEE_ERROR_GENERIC; 845 846 res = tee_rpmb_mac_calc(rawdata->key_mac, 847 RPMB_KEY_MAC_SIZE, 848 rpmb_ctx->key, 849 RPMB_KEY_MAC_SIZE, 850 &lastfrm, 1); 851 852 if (res != TEE_SUCCESS) 853 return res; 854 } 855 856 #ifndef CFG_RPMB_FS_NO_MAC 857 if (consttime_memcmp(rawdata->key_mac, 858 (datafrm + nbr_frms - 1)->key_mac, 859 RPMB_KEY_MAC_SIZE) != 0) { 860 DMSG("MAC mismatched:"); 861 #ifdef CFG_RPMB_FS_DEBUG_DATA 862 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 863 #endif 864 return TEE_ERROR_SECURITY; 865 } 866 #endif /* !CFG_RPMB_FS_NO_MAC */ 867 } 868 869 return TEE_SUCCESS; 870 } 871 872 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 873 struct rpmb_dev_info *dev_info) 874 { 875 TEE_Result res = TEE_ERROR_GENERIC; 876 struct tee_rpmb_mem mem; 877 struct rpmb_dev_info *di; 878 struct rpmb_req *req = NULL; 879 uint8_t *resp = NULL; 880 uint32_t req_size; 881 uint32_t resp_size; 882 883 if (!dev_info) 884 return TEE_ERROR_BAD_PARAMETERS; 885 886 req_size = sizeof(struct rpmb_req); 887 resp_size = sizeof(struct rpmb_dev_info); 888 res = tee_rpmb_alloc(req_size, resp_size, &mem, 889 (void *)&req, (void *)&resp); 890 if (res != TEE_SUCCESS) 891 goto func_exit; 892 893 req->cmd = RPMB_CMD_GET_DEV_INFO; 894 req->dev_id = dev_id; 895 896 di = (struct rpmb_dev_info *)resp; 897 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 898 899 res = tee_rpmb_invoke(&mem); 900 if (res != TEE_SUCCESS) 901 goto func_exit; 902 903 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 904 res = TEE_ERROR_GENERIC; 905 goto func_exit; 906 } 907 908 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 909 910 #ifdef CFG_RPMB_FS_DEBUG_DATA 911 DMSG("Dumping dev_info:"); 912 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 913 #endif 914 915 res = TEE_SUCCESS; 916 917 func_exit: 918 tee_rpmb_free(&mem); 919 return res; 920 } 921 922 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 923 uint32_t *wr_cnt, 924 uint16_t *op_result) 925 { 926 TEE_Result res = TEE_ERROR_GENERIC; 927 struct tee_rpmb_mem mem; 928 uint16_t msg_type; 929 uint8_t nonce[RPMB_NONCE_SIZE]; 930 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 931 struct rpmb_req *req = NULL; 932 struct rpmb_data_frame *resp = NULL; 933 struct rpmb_raw_data rawdata; 934 uint32_t req_size; 935 uint32_t resp_size; 936 937 if (!wr_cnt) 938 return TEE_ERROR_BAD_PARAMETERS; 939 940 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 941 resp_size = RPMB_DATA_FRAME_SIZE; 942 res = tee_rpmb_alloc(req_size, resp_size, &mem, 943 (void *)&req, (void *)&resp); 944 if (res != TEE_SUCCESS) 945 goto func_exit; 946 947 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 948 if (res != TEE_SUCCESS) 949 goto func_exit; 950 951 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 952 953 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 954 rawdata.msg_type = msg_type; 955 rawdata.nonce = nonce; 956 957 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 958 if (res != TEE_SUCCESS) 959 goto func_exit; 960 961 res = tee_rpmb_invoke(&mem); 962 if (res != TEE_SUCCESS) 963 goto func_exit; 964 965 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 966 967 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 968 rawdata.msg_type = msg_type; 969 rawdata.op_result = op_result; 970 rawdata.write_counter = wr_cnt; 971 rawdata.nonce = nonce; 972 rawdata.key_mac = hmac; 973 974 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 975 if (res != TEE_SUCCESS) 976 goto func_exit; 977 978 res = TEE_SUCCESS; 979 980 func_exit: 981 tee_rpmb_free(&mem); 982 return res; 983 } 984 985 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 986 { 987 uint16_t op_result = 0; 988 TEE_Result res = TEE_ERROR_GENERIC; 989 990 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 991 &op_result); 992 993 if (res == TEE_SUCCESS) { 994 rpmb_ctx->key_verified = true; 995 rpmb_ctx->wr_cnt_synced = true; 996 } else 997 EMSG("Verify key returning 0x%x", res); 998 return res; 999 } 1000 1001 #ifdef CFG_RPMB_WRITE_KEY 1002 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1003 { 1004 TEE_Result res = TEE_ERROR_GENERIC; 1005 struct tee_rpmb_mem mem = { 0 }; 1006 uint16_t msg_type; 1007 struct rpmb_req *req = NULL; 1008 struct rpmb_data_frame *resp = NULL; 1009 struct rpmb_raw_data rawdata; 1010 uint32_t req_size; 1011 uint32_t resp_size; 1012 1013 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1014 resp_size = RPMB_DATA_FRAME_SIZE; 1015 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1016 (void *)&req, (void *)&resp); 1017 if (res != TEE_SUCCESS) 1018 goto func_exit; 1019 1020 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1021 1022 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1023 rawdata.msg_type = msg_type; 1024 rawdata.key_mac = rpmb_ctx->key; 1025 1026 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1027 if (res != TEE_SUCCESS) 1028 goto func_exit; 1029 1030 res = tee_rpmb_invoke(&mem); 1031 if (res != TEE_SUCCESS) 1032 goto func_exit; 1033 1034 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1035 1036 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1037 rawdata.msg_type = msg_type; 1038 1039 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1040 if (res != TEE_SUCCESS) 1041 goto func_exit; 1042 1043 res = TEE_SUCCESS; 1044 1045 func_exit: 1046 tee_rpmb_free(&mem); 1047 return res; 1048 } 1049 1050 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1051 { 1052 TEE_Result res; 1053 1054 if (!plat_rpmb_key_is_ready()) { 1055 DMSG("RPMB INIT: platform indicates RPMB key is not ready"); 1056 return TEE_ERROR_BAD_STATE; 1057 } 1058 1059 DMSG("RPMB INIT: Writing Key value:"); 1060 DHEXDUMP(rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 1061 1062 res = tee_rpmb_write_key(dev_id); 1063 if (res == TEE_SUCCESS) { 1064 DMSG("RPMB INIT: Verifying Key"); 1065 res = tee_rpmb_verify_key_sync_counter(dev_id); 1066 } 1067 return res; 1068 } 1069 #else 1070 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1071 { 1072 DMSG("RPMB INIT: CFG_RPMB_WRITE_KEY is not set"); 1073 return TEE_ERROR_BAD_STATE; 1074 } 1075 #endif 1076 1077 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1078 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1079 { 1080 TEE_Result res = TEE_SUCCESS; 1081 struct rpmb_dev_info dev_info; 1082 uint32_t nblocks = 0; 1083 1084 if (!rpmb_ctx) { 1085 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1086 if (!rpmb_ctx) 1087 return TEE_ERROR_OUT_OF_MEMORY; 1088 } else if (rpmb_ctx->dev_id != dev_id) { 1089 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1090 } 1091 1092 rpmb_ctx->dev_id = dev_id; 1093 1094 if (!rpmb_ctx->dev_info_synced) { 1095 DMSG("RPMB: Syncing device information"); 1096 1097 dev_info.rpmb_size_mult = 0; 1098 dev_info.rel_wr_sec_c = 0; 1099 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1100 if (res != TEE_SUCCESS) 1101 goto func_exit; 1102 1103 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1104 DMSG("RPMB: Reliable Write Sector Count is %d", 1105 dev_info.rel_wr_sec_c); 1106 1107 if (dev_info.rpmb_size_mult == 0) { 1108 res = TEE_ERROR_GENERIC; 1109 goto func_exit; 1110 } 1111 1112 if (MUL_OVERFLOW(dev_info.rpmb_size_mult, 1113 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE, &nblocks) || 1114 SUB_OVERFLOW(nblocks, 1, &rpmb_ctx->max_blk_idx)) { 1115 res = TEE_ERROR_BAD_PARAMETERS; 1116 goto func_exit; 1117 } 1118 1119 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1120 1121 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1122 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1123 #else 1124 rpmb_ctx->rel_wr_blkcnt = 1; 1125 #endif 1126 1127 rpmb_ctx->dev_info_synced = true; 1128 } 1129 1130 if (!rpmb_ctx->key_derived) { 1131 DMSG("RPMB INIT: Deriving key"); 1132 1133 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1134 RPMB_KEY_MAC_SIZE); 1135 if (res != TEE_SUCCESS) { 1136 EMSG("RPMB INIT: Deriving key failed with error 0x%x", 1137 res); 1138 goto func_exit; 1139 } 1140 1141 rpmb_ctx->key_derived = true; 1142 } 1143 1144 /* Perform a write counter read to verify if the key is ok. */ 1145 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1146 DMSG("RPMB INIT: Verifying Key"); 1147 1148 res = tee_rpmb_verify_key_sync_counter(dev_id); 1149 if (res == TEE_ERROR_ITEM_NOT_FOUND && 1150 !rpmb_ctx->key_verified) { 1151 /* 1152 * Need to write the key here and verify it. 1153 */ 1154 DMSG("RPMB INIT: Auth key not yet written"); 1155 res = tee_rpmb_write_and_verify_key(dev_id); 1156 } else if (res != TEE_SUCCESS) { 1157 EMSG("Verify key failed!"); 1158 EMSG("Make sure key here matches device key"); 1159 } 1160 } 1161 1162 func_exit: 1163 return res; 1164 } 1165 1166 /* 1167 * Read RPMB data in bytes. 1168 * 1169 * @dev_id Device ID of the eMMC device. 1170 * @addr Byte address of data. 1171 * @data Pointer to the data. 1172 * @len Size of data in bytes. 1173 * @fek Encrypted File Encryption Key or NULL. 1174 */ 1175 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1176 uint32_t len, const uint8_t *fek, 1177 const TEE_UUID *uuid) 1178 { 1179 TEE_Result res = TEE_ERROR_GENERIC; 1180 struct tee_rpmb_mem mem = { 0 }; 1181 uint16_t msg_type; 1182 uint8_t nonce[RPMB_NONCE_SIZE]; 1183 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1184 struct rpmb_req *req = NULL; 1185 struct rpmb_data_frame *resp = NULL; 1186 struct rpmb_raw_data rawdata; 1187 uint32_t req_size; 1188 uint32_t resp_size; 1189 uint16_t blk_idx; 1190 uint16_t blkcnt; 1191 uint8_t byte_offset; 1192 1193 if (!data || !len) 1194 return TEE_ERROR_BAD_PARAMETERS; 1195 1196 blk_idx = addr / RPMB_DATA_SIZE; 1197 byte_offset = addr % RPMB_DATA_SIZE; 1198 1199 if (len + byte_offset + RPMB_DATA_SIZE < RPMB_DATA_SIZE) { 1200 /* Overflow */ 1201 return TEE_ERROR_BAD_PARAMETERS; 1202 } 1203 blkcnt = 1204 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1205 res = tee_rpmb_init(dev_id); 1206 if (res != TEE_SUCCESS) 1207 goto func_exit; 1208 1209 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1210 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1211 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1212 (void *)&req, (void *)&resp); 1213 if (res != TEE_SUCCESS) 1214 goto func_exit; 1215 1216 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1217 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1218 if (res != TEE_SUCCESS) 1219 goto func_exit; 1220 1221 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1222 rawdata.msg_type = msg_type; 1223 rawdata.nonce = nonce; 1224 rawdata.blk_idx = &blk_idx; 1225 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1226 if (res != TEE_SUCCESS) 1227 goto func_exit; 1228 1229 req->block_count = blkcnt; 1230 1231 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1232 blk_idx); 1233 1234 res = tee_rpmb_invoke(&mem); 1235 if (res != TEE_SUCCESS) 1236 goto func_exit; 1237 1238 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1239 1240 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1241 rawdata.msg_type = msg_type; 1242 rawdata.block_count = &blkcnt; 1243 rawdata.blk_idx = &blk_idx; 1244 rawdata.nonce = nonce; 1245 rawdata.key_mac = hmac; 1246 rawdata.data = data; 1247 1248 rawdata.len = len; 1249 rawdata.byte_offset = byte_offset; 1250 1251 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1252 if (res != TEE_SUCCESS) 1253 goto func_exit; 1254 1255 res = TEE_SUCCESS; 1256 1257 func_exit: 1258 tee_rpmb_free(&mem); 1259 return res; 1260 } 1261 1262 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1263 const uint8_t *data_blks, uint16_t blkcnt, 1264 const uint8_t *fek, const TEE_UUID *uuid) 1265 { 1266 TEE_Result res; 1267 struct tee_rpmb_mem mem; 1268 uint16_t msg_type; 1269 uint32_t wr_cnt; 1270 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1271 struct rpmb_req *req = NULL; 1272 struct rpmb_data_frame *resp = NULL; 1273 struct rpmb_raw_data rawdata; 1274 uint32_t req_size; 1275 uint32_t resp_size; 1276 uint32_t nbr_writes; 1277 uint16_t tmp_blkcnt; 1278 uint16_t tmp_blk_idx; 1279 uint16_t i; 1280 1281 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1282 blk_idx); 1283 1284 if (!data_blks || !blkcnt) 1285 return TEE_ERROR_BAD_PARAMETERS; 1286 1287 res = tee_rpmb_init(dev_id); 1288 if (res != TEE_SUCCESS) 1289 return res; 1290 1291 /* 1292 * We need to split data when block count 1293 * is bigger than reliable block write count. 1294 */ 1295 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1296 req_size = sizeof(struct rpmb_req) + 1297 RPMB_DATA_FRAME_SIZE * blkcnt; 1298 else 1299 req_size = sizeof(struct rpmb_req) + 1300 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1301 1302 resp_size = RPMB_DATA_FRAME_SIZE; 1303 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1304 (void *)&req, (void *)&resp); 1305 if (res != TEE_SUCCESS) 1306 return res; 1307 1308 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1309 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1310 nbr_writes += 1; 1311 1312 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1313 tmp_blk_idx = blk_idx; 1314 for (i = 0; i < nbr_writes; i++) { 1315 /* 1316 * To handle the last write of block count which is 1317 * equal or smaller than reliable write block count. 1318 */ 1319 if (i == nbr_writes - 1) 1320 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1321 (nbr_writes - 1); 1322 1323 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1324 wr_cnt = rpmb_ctx->wr_cnt; 1325 1326 memset(req, 0x00, req_size); 1327 memset(resp, 0x00, resp_size); 1328 1329 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1330 rawdata.msg_type = msg_type; 1331 rawdata.block_count = &tmp_blkcnt; 1332 rawdata.blk_idx = &tmp_blk_idx; 1333 rawdata.write_counter = &wr_cnt; 1334 rawdata.key_mac = hmac; 1335 rawdata.data = (uint8_t *)data_blks + 1336 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1337 1338 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1339 fek, uuid); 1340 if (res != TEE_SUCCESS) 1341 goto out; 1342 1343 res = tee_rpmb_invoke(&mem); 1344 if (res != TEE_SUCCESS) { 1345 /* 1346 * To force wr_cnt sync next time, as it might get 1347 * out of sync due to inconsistent operation result! 1348 */ 1349 rpmb_ctx->wr_cnt_synced = false; 1350 goto out; 1351 } 1352 1353 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1354 1355 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1356 rawdata.msg_type = msg_type; 1357 rawdata.block_count = &tmp_blkcnt; 1358 rawdata.blk_idx = &tmp_blk_idx; 1359 rawdata.write_counter = &wr_cnt; 1360 rawdata.key_mac = hmac; 1361 1362 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1363 NULL); 1364 if (res != TEE_SUCCESS) { 1365 /* 1366 * To force wr_cnt sync next time, as it might get 1367 * out of sync due to inconsistent operation result! 1368 */ 1369 rpmb_ctx->wr_cnt_synced = false; 1370 goto out; 1371 } 1372 1373 tmp_blk_idx += tmp_blkcnt; 1374 } 1375 1376 out: 1377 tee_rpmb_free(&mem); 1378 return res; 1379 } 1380 1381 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1382 uint32_t len) 1383 { 1384 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1385 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1386 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1387 1388 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1389 } 1390 1391 /* 1392 * Write RPMB data in bytes. 1393 * 1394 * @dev_id Device ID of the eMMC device. 1395 * @addr Byte address of data. 1396 * @data Pointer to the data. 1397 * @len Size of data in bytes. 1398 * @fek Encrypted File Encryption Key or NULL. 1399 */ 1400 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1401 const uint8_t *data, uint32_t len, 1402 const uint8_t *fek, const TEE_UUID *uuid) 1403 { 1404 TEE_Result res = TEE_ERROR_GENERIC; 1405 uint8_t *data_tmp = NULL; 1406 uint16_t blk_idx; 1407 uint16_t blkcnt; 1408 uint8_t byte_offset; 1409 1410 blk_idx = addr / RPMB_DATA_SIZE; 1411 byte_offset = addr % RPMB_DATA_SIZE; 1412 1413 blkcnt = 1414 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1415 1416 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1417 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1418 uuid); 1419 if (res != TEE_SUCCESS) 1420 goto func_exit; 1421 } else { 1422 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1423 if (!data_tmp) { 1424 res = TEE_ERROR_OUT_OF_MEMORY; 1425 goto func_exit; 1426 } 1427 1428 /* Read the complete blocks */ 1429 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1430 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1431 if (res != TEE_SUCCESS) 1432 goto func_exit; 1433 1434 /* Partial update of the data blocks */ 1435 memcpy(data_tmp + byte_offset, data, len); 1436 1437 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1438 fek, uuid); 1439 if (res != TEE_SUCCESS) 1440 goto func_exit; 1441 } 1442 1443 res = TEE_SUCCESS; 1444 1445 func_exit: 1446 free(data_tmp); 1447 return res; 1448 } 1449 1450 /* 1451 * Read the RPMB write counter. 1452 * 1453 * @dev_id Device ID of the eMMC device. 1454 * @counter Pointer to the counter. 1455 */ 1456 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1457 uint32_t *counter) 1458 { 1459 TEE_Result res = TEE_SUCCESS; 1460 1461 if (!counter) 1462 return TEE_ERROR_BAD_PARAMETERS; 1463 1464 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1465 res = tee_rpmb_init(dev_id); 1466 if (res != TEE_SUCCESS) 1467 goto func_exit; 1468 } 1469 1470 *counter = rpmb_ctx->wr_cnt; 1471 1472 func_exit: 1473 return res; 1474 } 1475 1476 /* 1477 * Read the RPMB max block. 1478 * 1479 * @dev_id Device ID of the eMMC device. 1480 * @counter Pointer to receive the max block. 1481 */ 1482 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1483 { 1484 TEE_Result res = TEE_SUCCESS; 1485 1486 if (!max_block) 1487 return TEE_ERROR_BAD_PARAMETERS; 1488 1489 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1490 res = tee_rpmb_init(dev_id); 1491 if (res != TEE_SUCCESS) 1492 goto func_exit; 1493 } 1494 1495 *max_block = rpmb_ctx->max_blk_idx; 1496 1497 func_exit: 1498 return res; 1499 } 1500 1501 /* 1502 * End of lower interface to RPMB device 1503 */ 1504 1505 static TEE_Result get_fat_start_address(uint32_t *addr); 1506 static TEE_Result rpmb_fs_setup(void); 1507 1508 /** 1509 * fat_entry_dir_free: Free the FAT entry dir. 1510 */ 1511 static void fat_entry_dir_free(void) 1512 { 1513 if (fat_entry_dir) { 1514 free(fat_entry_dir->rpmb_fat_entry_buf); 1515 free(fat_entry_dir); 1516 fat_entry_dir = NULL; 1517 } 1518 } 1519 1520 /** 1521 * fat_entry_dir_init: Initialize the FAT FS entry buffer/cache 1522 * This function must be called before reading FAT FS entries using the 1523 * function fat_entry_dir_get_next. This initializes the buffer/cache with the 1524 * first FAT FS entries. 1525 */ 1526 static TEE_Result fat_entry_dir_init(void) 1527 { 1528 TEE_Result res = TEE_ERROR_GENERIC; 1529 struct rpmb_fat_entry *fe = NULL; 1530 uint32_t fat_address = 0; 1531 uint32_t num_elems_read = 0; 1532 1533 if (fat_entry_dir) 1534 return TEE_SUCCESS; 1535 1536 res = rpmb_fs_setup(); 1537 if (res) 1538 return res; 1539 1540 res = get_fat_start_address(&fat_address); 1541 if (res) 1542 return res; 1543 1544 fat_entry_dir = calloc(1, sizeof(struct rpmb_fat_entry_dir)); 1545 if (!fat_entry_dir) 1546 return TEE_ERROR_OUT_OF_MEMORY; 1547 1548 /* 1549 * If caching is enabled, read in up to the maximum cache size, but 1550 * never more than the single read in size. Otherwise, read in as many 1551 * entries fit into the temporary buffer. 1552 */ 1553 if (CFG_RPMB_FS_CACHE_ENTRIES) 1554 num_elems_read = MIN(CFG_RPMB_FS_CACHE_ENTRIES, 1555 CFG_RPMB_FS_RD_ENTRIES); 1556 else 1557 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1558 1559 /* 1560 * Allocate memory for the FAT FS entries to read in. 1561 */ 1562 fe = calloc(num_elems_read, sizeof(struct rpmb_fat_entry)); 1563 if (!fe) { 1564 res = TEE_ERROR_OUT_OF_MEMORY; 1565 goto out; 1566 } 1567 1568 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, (uint8_t *)fe, 1569 num_elems_read * sizeof(*fe), NULL, NULL); 1570 if (res) 1571 goto out; 1572 1573 fat_entry_dir->rpmb_fat_entry_buf = fe; 1574 1575 /* 1576 * We use this variable when getting next entries from the buffer/cache 1577 * to see whether we have to read in more entries from storage. 1578 */ 1579 fat_entry_dir->num_buffered = num_elems_read; 1580 1581 return TEE_SUCCESS; 1582 out: 1583 fat_entry_dir_free(); 1584 free(fe); 1585 return res; 1586 } 1587 1588 /** 1589 * fat_entry_dir_deinit: If caching is enabled, free the temporary buffer for 1590 * FAT FS entries in case the cache was too small. Keep the elements in the 1591 * cache. Reset the counter variables to start the next traversal from fresh 1592 * from the first cached entry. If caching is disabled, just free the 1593 * temporary buffer by calling fat_entry_dir_free and return. 1594 */ 1595 static void fat_entry_dir_deinit(void) 1596 { 1597 struct rpmb_fat_entry *fe = NULL; 1598 1599 if (!fat_entry_dir) 1600 return; 1601 1602 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1603 fat_entry_dir_free(); 1604 return; 1605 } 1606 1607 fe = fat_entry_dir->rpmb_fat_entry_buf; 1608 fat_entry_dir->idx_curr = 0; 1609 fat_entry_dir->num_total_read = 0; 1610 fat_entry_dir->last_reached = false; 1611 1612 if (fat_entry_dir->num_buffered > CFG_RPMB_FS_CACHE_ENTRIES) { 1613 fat_entry_dir->num_buffered = CFG_RPMB_FS_CACHE_ENTRIES; 1614 1615 fe = realloc(fe, fat_entry_dir->num_buffered * sizeof(*fe)); 1616 1617 /* 1618 * In case realloc fails, we are on the safe side if we destroy 1619 * the whole structure. Upon the next init, the cache has to be 1620 * re-established, but this case should not happen in practice. 1621 */ 1622 if (!fe) 1623 fat_entry_dir_free(); 1624 else 1625 fat_entry_dir->rpmb_fat_entry_buf = fe; 1626 } 1627 } 1628 1629 /** 1630 * fat_entry_dir_update: Updates a persisted FAT FS entry in the cache. 1631 * This function updates the FAT entry fat_entry that was written to address 1632 * fat_address onto RPMB storage in the cache. 1633 */ 1634 static TEE_Result __maybe_unused fat_entry_dir_update 1635 (struct rpmb_fat_entry *fat_entry, 1636 uint32_t fat_address) 1637 { 1638 uint32_t fat_entry_buf_idx = 0; 1639 /* Use a temp var to avoid compiler warning if caching disabled. */ 1640 uint32_t max_cache_entries = CFG_RPMB_FS_CACHE_ENTRIES; 1641 1642 assert(!(fat_address - RPMB_FS_FAT_START_ADDRESS) % 1643 sizeof(struct rpmb_fat_entry)); 1644 1645 /* Nothing to update if the cache is not initialized. */ 1646 if (!fat_entry_dir) 1647 return TEE_SUCCESS; 1648 1649 fat_entry_buf_idx = (fat_address - RPMB_FS_FAT_START_ADDRESS) / 1650 sizeof(struct rpmb_fat_entry); 1651 1652 /* Only need to write if index points to an entry in cache. */ 1653 if (fat_entry_buf_idx < max_cache_entries) { 1654 memcpy(fat_entry_dir->rpmb_fat_entry_buf + fat_entry_buf_idx, 1655 fat_entry, sizeof(struct rpmb_fat_entry)); 1656 } 1657 1658 return TEE_SUCCESS; 1659 } 1660 1661 /** 1662 * fat_entry_dir_get_next: Get next FAT FS entry. 1663 * Read either from cache/buffer, or by reading from RPMB storage if the 1664 * elements in the buffer/cache are fully read. When reading in from RPMB 1665 * storage, the buffer is overwritten in case caching is disabled. 1666 * In case caching is enabled, the cache is either further filled, or a 1667 * temporary buffer populated if the cache is already full. 1668 * The FAT FS entry is written to fat_entry. The respective address in RPMB 1669 * storage is written to fat_address, if not NULL. When the last FAT FS entry 1670 * was previously read, the function indicates this case by writing a NULL 1671 * pointer to fat_entry. 1672 * Returns a value different TEE_SUCCESS if the next FAT FS entry could not be 1673 * retrieved. 1674 */ 1675 static TEE_Result fat_entry_dir_get_next(struct rpmb_fat_entry **fat_entry, 1676 uint32_t *fat_address) 1677 { 1678 TEE_Result res = TEE_ERROR_GENERIC; 1679 struct rpmb_fat_entry *fe = NULL; 1680 uint32_t num_elems_read = 0; 1681 uint32_t fat_address_local = 0; 1682 1683 assert(fat_entry_dir && fat_entry); 1684 1685 /* Don't read further if we previously read the last FAT FS entry. */ 1686 if (fat_entry_dir->last_reached) { 1687 *fat_entry = NULL; 1688 return TEE_SUCCESS; 1689 } 1690 1691 fe = fat_entry_dir->rpmb_fat_entry_buf; 1692 1693 /* Determine address of FAT FS entry in RPMB storage. */ 1694 fat_address_local = RPMB_FS_FAT_START_ADDRESS + 1695 (fat_entry_dir->num_total_read * 1696 sizeof(struct rpmb_fat_entry)); 1697 1698 /* 1699 * We've read all so-far buffered elements, so we need to 1700 * read in more entries from RPMB storage. 1701 */ 1702 if (fat_entry_dir->idx_curr >= fat_entry_dir->num_buffered) { 1703 /* 1704 * This is the case where we do not cache entries, so just read 1705 * in next set of FAT FS entries into the buffer. 1706 * Goto the end of the when statement if that is done. 1707 */ 1708 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1709 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1710 fat_entry_dir->idx_curr = 0; 1711 1712 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1713 fat_address_local, (uint8_t *)fe, 1714 num_elems_read * sizeof(*fe), NULL, 1715 NULL); 1716 if (res) 1717 return res; 1718 goto post_read_in; 1719 } 1720 1721 /* 1722 * We cache FAT FS entries, and the buffer is not completely 1723 * filled. Further keep on extending the buffer up to its max 1724 * size by reading in from RPMB. 1725 */ 1726 if (fat_entry_dir->num_total_read < RPMB_BUF_MAX_ENTRIES) { 1727 /* 1728 * Read at most as many elements as fit in the buffer 1729 * and no more than the defined number of entries to 1730 * read in at once. 1731 */ 1732 num_elems_read = MIN(RPMB_BUF_MAX_ENTRIES - 1733 fat_entry_dir->num_total_read, 1734 (uint32_t)CFG_RPMB_FS_RD_ENTRIES); 1735 1736 /* 1737 * Expand the buffer to fit in the additional entries. 1738 */ 1739 fe = realloc(fe, 1740 (fat_entry_dir->num_buffered + 1741 num_elems_read) * sizeof(*fe)); 1742 if (!fe) 1743 return TEE_ERROR_OUT_OF_MEMORY; 1744 1745 fat_entry_dir->rpmb_fat_entry_buf = fe; 1746 1747 /* Read in to the next free slot in the buffer/cache. */ 1748 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1749 fat_address_local, 1750 (uint8_t *)(fe + 1751 fat_entry_dir->num_total_read), 1752 num_elems_read * sizeof(*fe), 1753 NULL, NULL); 1754 if (res) 1755 return res; 1756 1757 fat_entry_dir->num_buffered += num_elems_read; 1758 } else { 1759 /* 1760 * This happens when we have read as many elements as 1761 * can possibly fit into the buffer. 1762 * As the first part of the buffer serves as our cache, 1763 * we only overwrite the last part that serves as our 1764 * temporary buffer used to iteratively read in entries 1765 * when the cache is full. Read in the temporary buffer 1766 * maximum size. 1767 */ 1768 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1769 /* Reset index to beginning of the temporary buffer. */ 1770 fat_entry_dir->idx_curr = CFG_RPMB_FS_CACHE_ENTRIES; 1771 1772 /* Read in elements after the end of the cache. */ 1773 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1774 fat_address_local, 1775 (uint8_t *)(fe + 1776 fat_entry_dir->idx_curr), 1777 num_elems_read * sizeof(*fe), 1778 NULL, NULL); 1779 if (res) 1780 return res; 1781 } 1782 } 1783 1784 post_read_in: 1785 if (fat_address) 1786 *fat_address = fat_address_local; 1787 1788 *fat_entry = fe + fat_entry_dir->idx_curr; 1789 1790 fat_entry_dir->idx_curr++; 1791 fat_entry_dir->num_total_read++; 1792 1793 /* 1794 * Indicate last entry was read. 1795 * Ensures we return a zero value for fat_entry on next invocation. 1796 */ 1797 if ((*fat_entry)->flags & FILE_IS_LAST_ENTRY) 1798 fat_entry_dir->last_reached = true; 1799 1800 return TEE_SUCCESS; 1801 } 1802 1803 #if (TRACE_LEVEL >= TRACE_FLOW) 1804 static void dump_fat(void) 1805 { 1806 TEE_Result res = TEE_ERROR_SECURITY; 1807 struct rpmb_fat_entry *fe = NULL; 1808 1809 if (!fs_par) 1810 return; 1811 1812 if (fat_entry_dir_init()) 1813 return; 1814 1815 while (true) { 1816 res = fat_entry_dir_get_next(&fe, NULL); 1817 if (res || !fe) 1818 break; 1819 1820 FMSG("flags %#"PRIx32", size %"PRIu32", address %#"PRIx32 1821 ", filename '%s'", 1822 fe->flags, fe->data_size, fe->start_address, fe->filename); 1823 } 1824 1825 fat_entry_dir_deinit(); 1826 } 1827 #else 1828 static void dump_fat(void) 1829 { 1830 } 1831 #endif 1832 1833 #if (TRACE_LEVEL >= TRACE_DEBUG) 1834 static void dump_fh(struct rpmb_file_handle *fh) 1835 { 1836 DMSG("fh->filename=%s", fh->filename); 1837 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1838 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1839 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1840 } 1841 #else 1842 static void dump_fh(struct rpmb_file_handle *fh __unused) 1843 { 1844 } 1845 #endif 1846 1847 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1848 bool temporary) 1849 { 1850 struct rpmb_file_handle *fh = NULL; 1851 1852 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1853 if (!fh) 1854 return NULL; 1855 1856 if (po) 1857 tee_svc_storage_create_filename(fh->filename, 1858 sizeof(fh->filename), po, 1859 temporary); 1860 1861 return fh; 1862 } 1863 1864 /** 1865 * write_fat_entry: Store info in a fat_entry to RPMB. 1866 */ 1867 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1868 bool update_write_counter) 1869 { 1870 TEE_Result res = TEE_ERROR_GENERIC; 1871 1872 /* Protect partition data. */ 1873 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1874 res = TEE_ERROR_ACCESS_CONFLICT; 1875 goto out; 1876 } 1877 1878 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1879 res = TEE_ERROR_BAD_PARAMETERS; 1880 goto out; 1881 } 1882 1883 if (update_write_counter) { 1884 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1885 &fh->fat_entry.write_counter); 1886 if (res) 1887 goto out; 1888 } 1889 1890 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1891 (uint8_t *)&fh->fat_entry, 1892 sizeof(struct rpmb_fat_entry), NULL, NULL); 1893 1894 dump_fat(); 1895 1896 /* If caching enabled, update a successfully written entry in cache. */ 1897 if (CFG_RPMB_FS_CACHE_ENTRIES && !res) 1898 res = fat_entry_dir_update(&fh->fat_entry, 1899 fh->rpmb_fat_address); 1900 1901 out: 1902 return res; 1903 } 1904 1905 /** 1906 * rpmb_fs_setup: Setup RPMB FS. 1907 * Set initial partition and FS values and write to RPMB. 1908 * Store frequently used data in RAM. 1909 */ 1910 static TEE_Result rpmb_fs_setup(void) 1911 { 1912 TEE_Result res = TEE_ERROR_GENERIC; 1913 struct rpmb_fs_partition *partition_data = NULL; 1914 struct rpmb_file_handle *fh = NULL; 1915 uint32_t max_rpmb_block = 0; 1916 1917 if (fs_par) { 1918 res = TEE_SUCCESS; 1919 goto out; 1920 } 1921 1922 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1923 if (res != TEE_SUCCESS) 1924 goto out; 1925 1926 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1927 if (!partition_data) { 1928 res = TEE_ERROR_OUT_OF_MEMORY; 1929 goto out; 1930 } 1931 1932 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1933 (uint8_t *)partition_data, 1934 sizeof(struct rpmb_fs_partition), NULL, NULL); 1935 if (res != TEE_SUCCESS) 1936 goto out; 1937 1938 #ifndef CFG_RPMB_RESET_FAT 1939 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1940 if (partition_data->fs_version == FS_VERSION) { 1941 res = TEE_SUCCESS; 1942 goto store_fs_par; 1943 } else { 1944 EMSG("Wrong software is in use."); 1945 res = TEE_ERROR_ACCESS_DENIED; 1946 goto out; 1947 } 1948 } 1949 #else 1950 EMSG("**** Clearing Storage ****"); 1951 #endif 1952 1953 /* Setup new partition data. */ 1954 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1955 partition_data->fs_version = FS_VERSION; 1956 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1957 1958 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1959 fh = alloc_file_handle(NULL, false); 1960 if (!fh) { 1961 res = TEE_ERROR_OUT_OF_MEMORY; 1962 goto out; 1963 } 1964 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1965 fh->rpmb_fat_address = partition_data->fat_start_address; 1966 1967 /* Write init FAT entry and partition data to RPMB. */ 1968 res = write_fat_entry(fh, true); 1969 if (res != TEE_SUCCESS) 1970 goto out; 1971 1972 res = 1973 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1974 &partition_data->write_counter); 1975 if (res != TEE_SUCCESS) 1976 goto out; 1977 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1978 (uint8_t *)partition_data, 1979 sizeof(struct rpmb_fs_partition), NULL, NULL); 1980 1981 #ifndef CFG_RPMB_RESET_FAT 1982 store_fs_par: 1983 #endif 1984 1985 /* Store FAT start address. */ 1986 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1987 if (!fs_par) { 1988 res = TEE_ERROR_OUT_OF_MEMORY; 1989 goto out; 1990 } 1991 1992 fs_par->fat_start_address = partition_data->fat_start_address; 1993 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1994 1995 dump_fat(); 1996 1997 out: 1998 free(fh); 1999 free(partition_data); 2000 return res; 2001 } 2002 2003 /** 2004 * get_fat_start_address: 2005 * FAT start_address from fs_par. 2006 */ 2007 static TEE_Result get_fat_start_address(uint32_t *addr) 2008 { 2009 if (!fs_par) 2010 return TEE_ERROR_NO_DATA; 2011 2012 *addr = fs_par->fat_start_address; 2013 2014 return TEE_SUCCESS; 2015 } 2016 2017 /** 2018 * read_fat: Read FAT entries 2019 * Return matching FAT entry for read, rm rename and stat. 2020 * Build up memory pool and return matching entry for write operation. 2021 * "Last FAT entry" can be returned during write. 2022 */ 2023 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 2024 { 2025 TEE_Result res = TEE_ERROR_GENERIC; 2026 tee_mm_entry_t *mm = NULL; 2027 struct rpmb_fat_entry *fe = NULL; 2028 uint32_t fat_address; 2029 bool entry_found = false; 2030 bool expand_fat = false; 2031 struct rpmb_file_handle last_fh; 2032 2033 DMSG("fat_address %d", fh->rpmb_fat_address); 2034 2035 res = fat_entry_dir_init(); 2036 if (res) 2037 goto out; 2038 2039 /* 2040 * The pool is used to represent the current RPMB layout. To find 2041 * a slot for the file tee_mm_alloc is called on the pool. Thus 2042 * if it is not NULL the entire FAT must be traversed to fill in 2043 * the pool. 2044 */ 2045 while (true) { 2046 res = fat_entry_dir_get_next(&fe, &fat_address); 2047 if (res || !fe) 2048 break; 2049 2050 /* 2051 * Look for an entry, matching filenames. (read, rm, 2052 * rename and stat.). Only store first filename match. 2053 */ 2054 if ((!strcmp(fh->filename, fe->filename)) && 2055 (fe->flags & FILE_IS_ACTIVE) && !entry_found) { 2056 entry_found = true; 2057 fh->rpmb_fat_address = fat_address; 2058 memcpy(&fh->fat_entry, fe, sizeof(*fe)); 2059 if (!p) 2060 break; 2061 } 2062 2063 /* Add existing files to memory pool. (write) */ 2064 if (p) { 2065 if ((fe->flags & FILE_IS_ACTIVE) && fe->data_size > 0) { 2066 2067 mm = tee_mm_alloc2(p, fe->start_address, 2068 fe->data_size); 2069 if (!mm) { 2070 res = TEE_ERROR_OUT_OF_MEMORY; 2071 goto out; 2072 } 2073 } 2074 2075 /* Unused FAT entries can be reused (write) */ 2076 if (((fe->flags & FILE_IS_ACTIVE) == 0) && 2077 fh->rpmb_fat_address == 0) { 2078 fh->rpmb_fat_address = fat_address; 2079 memcpy(&fh->fat_entry, fe, 2080 sizeof(struct rpmb_fat_entry)); 2081 } 2082 2083 if (((fe->flags & FILE_IS_LAST_ENTRY) != 0) && 2084 fh->rpmb_fat_address == fat_address) { 2085 2086 /* 2087 * If the last entry was reached and was chosen 2088 * by the previous check, then the FAT needs to 2089 * be expanded. 2090 * fh->rpmb_fat_address is the address chosen 2091 * to store the files FAT entry and fat_address 2092 * is the current FAT entry address being 2093 * compared. 2094 */ 2095 expand_fat = true; 2096 } 2097 } 2098 } 2099 2100 if (res) 2101 goto out; 2102 /* 2103 * Represent the FAT table in the pool. 2104 */ 2105 if (p) { 2106 /* 2107 * Since fat_address is the start of the last entry it needs to 2108 * be moved up by an entry. 2109 */ 2110 fat_address += sizeof(struct rpmb_fat_entry); 2111 2112 /* Make room for yet a FAT entry and add to memory pool. */ 2113 if (expand_fat) 2114 fat_address += sizeof(struct rpmb_fat_entry); 2115 2116 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 2117 if (!mm) { 2118 res = TEE_ERROR_OUT_OF_MEMORY; 2119 goto out; 2120 } 2121 2122 if (expand_fat) { 2123 /* 2124 * Point fat_address to the beginning of the new 2125 * entry. 2126 */ 2127 fat_address -= sizeof(struct rpmb_fat_entry); 2128 memset(&last_fh, 0, sizeof(last_fh)); 2129 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 2130 last_fh.rpmb_fat_address = fat_address; 2131 res = write_fat_entry(&last_fh, true); 2132 if (res != TEE_SUCCESS) 2133 goto out; 2134 } 2135 } 2136 2137 if (!fh->rpmb_fat_address) 2138 res = TEE_ERROR_ITEM_NOT_FOUND; 2139 2140 out: 2141 fat_entry_dir_deinit(); 2142 return res; 2143 } 2144 2145 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 2146 { 2147 TEE_Result res; 2148 2149 again: 2150 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 2151 if (res != TEE_SUCCESS) 2152 return res; 2153 2154 if (is_zero(fe->fek, sizeof(fe->fek))) 2155 goto again; 2156 2157 return res; 2158 } 2159 2160 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 2161 const TEE_UUID *uuid, bool create) 2162 { 2163 tee_mm_pool_t p; 2164 bool pool_result; 2165 TEE_Result res = TEE_ERROR_GENERIC; 2166 2167 /* We need to do setup in order to make sure fs_par is filled in */ 2168 res = rpmb_fs_setup(); 2169 if (res != TEE_SUCCESS) 2170 goto out; 2171 2172 fh->uuid = uuid; 2173 if (create) { 2174 /* Upper memory allocation must be used for RPMB_FS. */ 2175 pool_result = tee_mm_init(&p, 2176 RPMB_STORAGE_START_ADDRESS, 2177 fs_par->max_rpmb_address, 2178 RPMB_BLOCK_SIZE_SHIFT, 2179 TEE_MM_POOL_HI_ALLOC); 2180 2181 if (!pool_result) { 2182 res = TEE_ERROR_OUT_OF_MEMORY; 2183 goto out; 2184 } 2185 2186 res = read_fat(fh, &p); 2187 tee_mm_final(&p); 2188 if (res != TEE_SUCCESS) 2189 goto out; 2190 } else { 2191 res = read_fat(fh, NULL); 2192 if (res != TEE_SUCCESS) 2193 goto out; 2194 } 2195 2196 /* 2197 * If this is opened with create and the entry found was not active 2198 * then this is a new file and the FAT entry must be written 2199 */ 2200 if (create) { 2201 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 2202 memset(&fh->fat_entry, 0, 2203 sizeof(struct rpmb_fat_entry)); 2204 memcpy(fh->fat_entry.filename, fh->filename, 2205 strlen(fh->filename)); 2206 /* Start address and size are 0 */ 2207 fh->fat_entry.flags = FILE_IS_ACTIVE; 2208 2209 res = generate_fek(&fh->fat_entry, uuid); 2210 if (res != TEE_SUCCESS) 2211 goto out; 2212 DMSG("GENERATE FEK key: %p", 2213 (void *)fh->fat_entry.fek); 2214 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 2215 2216 res = write_fat_entry(fh, true); 2217 if (res != TEE_SUCCESS) 2218 goto out; 2219 } 2220 } 2221 2222 res = TEE_SUCCESS; 2223 2224 out: 2225 return res; 2226 } 2227 2228 static void rpmb_fs_close(struct tee_file_handle **tfh) 2229 { 2230 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2231 2232 free(fh); 2233 *tfh = NULL; 2234 } 2235 2236 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 2237 void *buf, size_t *len) 2238 { 2239 TEE_Result res; 2240 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2241 size_t size = *len; 2242 2243 if (!size) 2244 return TEE_SUCCESS; 2245 2246 mutex_lock(&rpmb_mutex); 2247 2248 dump_fh(fh); 2249 2250 res = read_fat(fh, NULL); 2251 if (res != TEE_SUCCESS) 2252 goto out; 2253 2254 if (pos >= fh->fat_entry.data_size) { 2255 *len = 0; 2256 goto out; 2257 } 2258 2259 size = MIN(size, fh->fat_entry.data_size - pos); 2260 if (size) { 2261 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2262 fh->fat_entry.start_address + pos, buf, 2263 size, fh->fat_entry.fek, fh->uuid); 2264 if (res != TEE_SUCCESS) 2265 goto out; 2266 } 2267 *len = size; 2268 2269 out: 2270 mutex_unlock(&rpmb_mutex); 2271 return res; 2272 } 2273 2274 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 2275 size_t pos, const void *buf, 2276 size_t size) 2277 { 2278 TEE_Result res; 2279 tee_mm_pool_t p; 2280 bool pool_result = false; 2281 tee_mm_entry_t *mm; 2282 size_t end; 2283 size_t newsize; 2284 uint8_t *newbuf = NULL; 2285 uintptr_t newaddr; 2286 uint32_t start_addr; 2287 2288 if (!size) 2289 return TEE_SUCCESS; 2290 2291 if (!fs_par) { 2292 res = TEE_ERROR_GENERIC; 2293 goto out; 2294 } 2295 2296 dump_fh(fh); 2297 2298 /* Upper memory allocation must be used for RPMB_FS. */ 2299 pool_result = tee_mm_init(&p, 2300 RPMB_STORAGE_START_ADDRESS, 2301 fs_par->max_rpmb_address, 2302 RPMB_BLOCK_SIZE_SHIFT, 2303 TEE_MM_POOL_HI_ALLOC); 2304 if (!pool_result) { 2305 res = TEE_ERROR_OUT_OF_MEMORY; 2306 goto out; 2307 } 2308 2309 res = read_fat(fh, &p); 2310 if (res != TEE_SUCCESS) 2311 goto out; 2312 2313 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2314 panic("invalid last entry flag"); 2315 2316 if (ADD_OVERFLOW(pos, size, &end)) { 2317 res = TEE_ERROR_BAD_PARAMETERS; 2318 goto out; 2319 } 2320 if (ADD_OVERFLOW(fh->fat_entry.start_address, pos, &start_addr)) { 2321 res = TEE_ERROR_BAD_PARAMETERS; 2322 goto out; 2323 } 2324 2325 if (end <= fh->fat_entry.data_size && 2326 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2327 2328 DMSG("Updating data in-place"); 2329 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2330 size, fh->fat_entry.fek, fh->uuid); 2331 if (res != TEE_SUCCESS) 2332 goto out; 2333 } else { 2334 /* 2335 * File must be extended, or update cannot be atomic: allocate, 2336 * read, update, write. 2337 */ 2338 2339 DMSG("Need to re-allocate"); 2340 newsize = MAX(end, fh->fat_entry.data_size); 2341 mm = tee_mm_alloc(&p, newsize); 2342 newbuf = calloc(1, newsize); 2343 if (!mm || !newbuf) { 2344 res = TEE_ERROR_OUT_OF_MEMORY; 2345 goto out; 2346 } 2347 2348 if (fh->fat_entry.data_size) { 2349 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2350 fh->fat_entry.start_address, 2351 newbuf, fh->fat_entry.data_size, 2352 fh->fat_entry.fek, fh->uuid); 2353 if (res != TEE_SUCCESS) 2354 goto out; 2355 } 2356 2357 memcpy(newbuf + pos, buf, size); 2358 2359 newaddr = tee_mm_get_smem(mm); 2360 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2361 newsize, fh->fat_entry.fek, fh->uuid); 2362 if (res != TEE_SUCCESS) 2363 goto out; 2364 2365 fh->fat_entry.data_size = newsize; 2366 fh->fat_entry.start_address = newaddr; 2367 res = write_fat_entry(fh, true); 2368 if (res != TEE_SUCCESS) 2369 goto out; 2370 } 2371 2372 out: 2373 if (pool_result) 2374 tee_mm_final(&p); 2375 if (newbuf) 2376 free(newbuf); 2377 2378 return res; 2379 } 2380 2381 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2382 const void *buf, size_t size) 2383 { 2384 TEE_Result res; 2385 2386 mutex_lock(&rpmb_mutex); 2387 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2388 buf, size); 2389 mutex_unlock(&rpmb_mutex); 2390 2391 return res; 2392 } 2393 2394 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2395 { 2396 TEE_Result res; 2397 2398 res = read_fat(fh, NULL); 2399 if (res) 2400 return res; 2401 2402 /* Clear this file entry. */ 2403 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2404 return write_fat_entry(fh, false); 2405 } 2406 2407 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2408 { 2409 TEE_Result res; 2410 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2411 2412 if (!fh) 2413 return TEE_ERROR_OUT_OF_MEMORY; 2414 2415 mutex_lock(&rpmb_mutex); 2416 2417 res = rpmb_fs_remove_internal(fh); 2418 2419 mutex_unlock(&rpmb_mutex); 2420 2421 free(fh); 2422 return res; 2423 } 2424 2425 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2426 struct tee_pobj *new, 2427 bool overwrite) 2428 { 2429 TEE_Result res = TEE_ERROR_GENERIC; 2430 struct rpmb_file_handle *fh_old = NULL; 2431 struct rpmb_file_handle *fh_new = NULL; 2432 2433 if (!old) { 2434 res = TEE_ERROR_BAD_PARAMETERS; 2435 goto out; 2436 } 2437 2438 if (new) 2439 fh_old = alloc_file_handle(old, old->temporary); 2440 else 2441 fh_old = alloc_file_handle(old, true); 2442 if (!fh_old) { 2443 res = TEE_ERROR_OUT_OF_MEMORY; 2444 goto out; 2445 } 2446 2447 if (new) 2448 fh_new = alloc_file_handle(new, new->temporary); 2449 else 2450 fh_new = alloc_file_handle(old, false); 2451 if (!fh_new) { 2452 res = TEE_ERROR_OUT_OF_MEMORY; 2453 goto out; 2454 } 2455 2456 res = read_fat(fh_old, NULL); 2457 if (res != TEE_SUCCESS) 2458 goto out; 2459 2460 res = read_fat(fh_new, NULL); 2461 if (res == TEE_SUCCESS) { 2462 if (!overwrite) { 2463 res = TEE_ERROR_ACCESS_CONFLICT; 2464 goto out; 2465 } 2466 2467 /* Clear this file entry. */ 2468 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2469 res = write_fat_entry(fh_new, false); 2470 if (res != TEE_SUCCESS) 2471 goto out; 2472 } 2473 2474 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2475 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2476 strlen(fh_new->filename)); 2477 2478 res = write_fat_entry(fh_old, false); 2479 2480 out: 2481 free(fh_old); 2482 free(fh_new); 2483 2484 return res; 2485 } 2486 2487 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2488 bool overwrite) 2489 { 2490 TEE_Result res; 2491 2492 mutex_lock(&rpmb_mutex); 2493 res = rpmb_fs_rename_internal(old, new, overwrite); 2494 mutex_unlock(&rpmb_mutex); 2495 2496 return res; 2497 } 2498 2499 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2500 { 2501 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2502 tee_mm_pool_t p; 2503 bool pool_result = false; 2504 tee_mm_entry_t *mm; 2505 uint32_t newsize; 2506 uint8_t *newbuf = NULL; 2507 uintptr_t newaddr; 2508 TEE_Result res = TEE_ERROR_GENERIC; 2509 2510 mutex_lock(&rpmb_mutex); 2511 2512 if (length > INT32_MAX) { 2513 res = TEE_ERROR_BAD_PARAMETERS; 2514 goto out; 2515 } 2516 newsize = length; 2517 2518 res = read_fat(fh, NULL); 2519 if (res != TEE_SUCCESS) 2520 goto out; 2521 2522 if (newsize > fh->fat_entry.data_size) { 2523 /* Extend file */ 2524 2525 pool_result = tee_mm_init(&p, 2526 RPMB_STORAGE_START_ADDRESS, 2527 fs_par->max_rpmb_address, 2528 RPMB_BLOCK_SIZE_SHIFT, 2529 TEE_MM_POOL_HI_ALLOC); 2530 if (!pool_result) { 2531 res = TEE_ERROR_OUT_OF_MEMORY; 2532 goto out; 2533 } 2534 res = read_fat(fh, &p); 2535 if (res != TEE_SUCCESS) 2536 goto out; 2537 2538 mm = tee_mm_alloc(&p, newsize); 2539 newbuf = calloc(1, newsize); 2540 if (!mm || !newbuf) { 2541 res = TEE_ERROR_OUT_OF_MEMORY; 2542 goto out; 2543 } 2544 2545 if (fh->fat_entry.data_size) { 2546 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2547 fh->fat_entry.start_address, 2548 newbuf, fh->fat_entry.data_size, 2549 fh->fat_entry.fek, fh->uuid); 2550 if (res != TEE_SUCCESS) 2551 goto out; 2552 } 2553 2554 newaddr = tee_mm_get_smem(mm); 2555 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2556 newsize, fh->fat_entry.fek, fh->uuid); 2557 if (res != TEE_SUCCESS) 2558 goto out; 2559 2560 } else { 2561 /* Don't change file location */ 2562 newaddr = fh->fat_entry.start_address; 2563 } 2564 2565 /* fh->pos is unchanged */ 2566 fh->fat_entry.data_size = newsize; 2567 fh->fat_entry.start_address = newaddr; 2568 res = write_fat_entry(fh, true); 2569 2570 out: 2571 mutex_unlock(&rpmb_mutex); 2572 if (pool_result) 2573 tee_mm_final(&p); 2574 if (newbuf) 2575 free(newbuf); 2576 2577 return res; 2578 } 2579 2580 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2581 { 2582 struct tee_rpmb_fs_dirent *e; 2583 2584 if (!dir) 2585 return; 2586 2587 free(dir->current); 2588 2589 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2590 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2591 free(e); 2592 } 2593 } 2594 2595 static TEE_Result rpmb_fs_dir_populate(const char *path, 2596 struct tee_fs_dir *dir) 2597 { 2598 struct tee_rpmb_fs_dirent *current = NULL; 2599 struct rpmb_fat_entry *fe = NULL; 2600 uint32_t fat_address; 2601 uint32_t filelen; 2602 char *filename; 2603 bool matched; 2604 struct tee_rpmb_fs_dirent *next = NULL; 2605 uint32_t pathlen; 2606 TEE_Result res = TEE_ERROR_GENERIC; 2607 char temp; 2608 2609 mutex_lock(&rpmb_mutex); 2610 2611 res = fat_entry_dir_init(); 2612 if (res) 2613 goto out; 2614 2615 pathlen = strlen(path); 2616 2617 while (true) { 2618 res = fat_entry_dir_get_next(&fe, &fat_address); 2619 if (res || !fe) 2620 break; 2621 2622 filename = fe->filename; 2623 if (fe->flags & FILE_IS_ACTIVE) { 2624 matched = false; 2625 filelen = strlen(filename); 2626 if (filelen > pathlen) { 2627 temp = filename[pathlen]; 2628 filename[pathlen] = '\0'; 2629 if (strcmp(filename, path) == 0) 2630 matched = true; 2631 2632 filename[pathlen] = temp; 2633 } 2634 2635 if (matched) { 2636 next = malloc(sizeof(*next)); 2637 if (!next) { 2638 res = TEE_ERROR_OUT_OF_MEMORY; 2639 goto out; 2640 } 2641 2642 next->entry.oidlen = tee_hs2b((uint8_t *) 2643 &filename[pathlen], 2644 next->entry.oid, 2645 filelen - pathlen, 2646 sizeof(next->entry.oid)); 2647 if (next->entry.oidlen) { 2648 SIMPLEQ_INSERT_TAIL(&dir->next, 2649 next, link); 2650 current = next; 2651 } else { 2652 free(next); 2653 next = NULL; 2654 } 2655 } 2656 } 2657 } 2658 2659 if (res) 2660 goto out; 2661 2662 if (current) 2663 res = TEE_SUCCESS; 2664 else 2665 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2666 2667 out: 2668 mutex_unlock(&rpmb_mutex); 2669 fat_entry_dir_deinit(); 2670 if (res) 2671 rpmb_fs_dir_free(dir); 2672 2673 return res; 2674 } 2675 2676 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2677 { 2678 uint32_t len; 2679 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2680 TEE_Result res = TEE_ERROR_GENERIC; 2681 struct tee_fs_dir *rpmb_dir = NULL; 2682 2683 if (!uuid || !dir) { 2684 res = TEE_ERROR_BAD_PARAMETERS; 2685 goto out; 2686 } 2687 2688 memset(path_local, 0, sizeof(path_local)); 2689 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2690 uuid) != TEE_SUCCESS) { 2691 res = TEE_ERROR_BAD_PARAMETERS; 2692 goto out; 2693 } 2694 len = strlen(path_local); 2695 2696 /* Add a slash to correctly match the full directory name. */ 2697 if (path_local[len - 1] != '/') 2698 path_local[len] = '/'; 2699 2700 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2701 if (!rpmb_dir) { 2702 res = TEE_ERROR_OUT_OF_MEMORY; 2703 goto out; 2704 } 2705 SIMPLEQ_INIT(&rpmb_dir->next); 2706 2707 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2708 if (res != TEE_SUCCESS) { 2709 free(rpmb_dir); 2710 rpmb_dir = NULL; 2711 goto out; 2712 } 2713 2714 *dir = rpmb_dir; 2715 2716 out: 2717 return res; 2718 } 2719 2720 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2721 struct tee_fs_dirent **ent) 2722 { 2723 if (!dir) 2724 return TEE_ERROR_GENERIC; 2725 2726 free(dir->current); 2727 2728 dir->current = SIMPLEQ_FIRST(&dir->next); 2729 if (!dir->current) 2730 return TEE_ERROR_ITEM_NOT_FOUND; 2731 2732 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2733 2734 *ent = &dir->current->entry; 2735 return TEE_SUCCESS; 2736 } 2737 2738 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2739 { 2740 if (dir) { 2741 rpmb_fs_dir_free(dir); 2742 free(dir); 2743 } 2744 } 2745 2746 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2747 struct tee_file_handle **ret_fh) 2748 { 2749 TEE_Result res; 2750 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2751 2752 if (!fh) 2753 return TEE_ERROR_OUT_OF_MEMORY; 2754 2755 mutex_lock(&rpmb_mutex); 2756 2757 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2758 if (!res && size) 2759 *size = fh->fat_entry.data_size; 2760 2761 mutex_unlock(&rpmb_mutex); 2762 2763 if (res) 2764 free(fh); 2765 else 2766 *ret_fh = (struct tee_file_handle *)fh; 2767 2768 return res; 2769 } 2770 2771 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2772 const void *head, size_t head_size, 2773 const void *attr, size_t attr_size, 2774 const void *data, size_t data_size, 2775 struct tee_file_handle **ret_fh) 2776 { 2777 TEE_Result res; 2778 size_t pos = 0; 2779 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2780 2781 if (!fh) 2782 return TEE_ERROR_OUT_OF_MEMORY; 2783 2784 mutex_lock(&rpmb_mutex); 2785 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2786 if (res) 2787 goto out; 2788 2789 if (head && head_size) { 2790 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2791 if (res) 2792 goto out; 2793 pos += head_size; 2794 } 2795 2796 if (attr && attr_size) { 2797 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2798 if (res) 2799 goto out; 2800 pos += attr_size; 2801 } 2802 2803 if (data && data_size) { 2804 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2805 if (res) 2806 goto out; 2807 } 2808 2809 if (po->temporary) { 2810 /* 2811 * If it's a temporary filename (which it normally is) 2812 * rename into the final filename now that the file is 2813 * fully initialized. 2814 */ 2815 po->temporary = false; 2816 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2817 if (res) { 2818 po->temporary = true; 2819 goto out; 2820 } 2821 /* Update file handle after rename. */ 2822 tee_svc_storage_create_filename(fh->filename, 2823 sizeof(fh->filename), 2824 po, false); 2825 } 2826 2827 out: 2828 if (res) { 2829 rpmb_fs_remove_internal(fh); 2830 free(fh); 2831 } else { 2832 *ret_fh = (struct tee_file_handle *)fh; 2833 } 2834 mutex_unlock(&rpmb_mutex); 2835 2836 return res; 2837 } 2838 2839 const struct tee_file_operations rpmb_fs_ops = { 2840 .open = rpmb_fs_open, 2841 .create = rpmb_fs_create, 2842 .close = rpmb_fs_close, 2843 .read = rpmb_fs_read, 2844 .write = rpmb_fs_write, 2845 .truncate = rpmb_fs_truncate, 2846 .rename = rpmb_fs_rename, 2847 .remove = rpmb_fs_remove, 2848 .opendir = rpmb_fs_opendir, 2849 .closedir = rpmb_fs_closedir, 2850 .readdir = rpmb_fs_readdir, 2851 }; 2852 2853 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2854 struct tee_file_handle **ret_fh) 2855 { 2856 TEE_Result res; 2857 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2858 static const TEE_UUID uuid = { 0 }; 2859 2860 if (!fh) 2861 return TEE_ERROR_OUT_OF_MEMORY; 2862 2863 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2864 2865 mutex_lock(&rpmb_mutex); 2866 2867 res = rpmb_fs_open_internal(fh, &uuid, create); 2868 2869 mutex_unlock(&rpmb_mutex); 2870 2871 if (res) { 2872 if (create) 2873 rpmb_fs_remove_internal(fh); 2874 free(fh); 2875 } else { 2876 *ret_fh = (struct tee_file_handle *)fh; 2877 } 2878 2879 return res; 2880 } 2881 2882 bool __weak plat_rpmb_key_is_ready(void) 2883 { 2884 return true; 2885 } 2886