1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 #include <assert.h> 7 #include <crypto/crypto.h> 8 #include <kernel/huk_subkey.h> 9 #include <kernel/misc.h> 10 #include <kernel/msg_param.h> 11 #include <kernel/mutex.h> 12 #include <kernel/panic.h> 13 #include <kernel/tee_common.h> 14 #include <kernel/tee_common_otp.h> 15 #include <kernel/tee_misc.h> 16 #include <kernel/thread.h> 17 #include <mm/core_memprot.h> 18 #include <mm/mobj.h> 19 #include <mm/tee_mm.h> 20 #include <optee_rpc_cmd.h> 21 #include <stdlib.h> 22 #include <string_ext.h> 23 #include <string.h> 24 #include <sys/queue.h> 25 #include <tee/tee_fs.h> 26 #include <tee/tee_fs_key_manager.h> 27 #include <tee/tee_pobj.h> 28 #include <tee/tee_svc_storage.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #define RPMB_STORAGE_START_ADDRESS 0 33 #define RPMB_FS_FAT_START_ADDRESS 512 34 #define RPMB_BLOCK_SIZE_SHIFT 8 35 #define RPMB_CID_PRV_OFFSET 9 36 #define RPMB_CID_CRC_OFFSET 15 37 38 #define RPMB_FS_MAGIC 0x52504D42 39 #define FS_VERSION 2 40 41 #define FILE_IS_ACTIVE (1u << 0) 42 #define FILE_IS_LAST_ENTRY (1u << 1) 43 44 #define TEE_RPMB_FS_FILENAME_LENGTH 224 45 46 /** 47 * Utilized when caching is enabled, i.e., when CFG_RPMB_FS_CACHE_ENTRIES > 0. 48 * Cache size + the number of entries that are repeatedly read in and buffered 49 * once the cache is full. 50 */ 51 #define RPMB_BUF_MAX_ENTRIES (CFG_RPMB_FS_CACHE_ENTRIES + \ 52 CFG_RPMB_FS_RD_ENTRIES) 53 54 /** 55 * FS parameters: Information often used by internal functions. 56 * fat_start_address will be set by rpmb_fs_setup(). 57 * rpmb_fs_parameters can be read by any other function. 58 */ 59 struct rpmb_fs_parameters { 60 uint32_t fat_start_address; 61 uint32_t max_rpmb_address; 62 }; 63 64 /** 65 * File entry for a single file in a RPMB_FS partition. 66 */ 67 struct rpmb_fat_entry { 68 uint32_t start_address; 69 uint32_t data_size; 70 uint32_t flags; 71 uint32_t write_counter; 72 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 73 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 74 }; 75 76 /** 77 * Structure that describes buffered/cached FAT FS entries in RPMB storage. 78 * This structure is used in functions traversing the FAT FS. 79 */ 80 struct rpmb_fat_entry_dir { 81 /* 82 * Buffer storing the FAT FS entries read in from RPMB storage. It 83 * includes the optional cache entries (CFG_RPMB_FS_CACHE_ENTRIES) 84 * and entries temporary read for current FAT FS traversal 85 * (CFG_RPMB_FS_RD_ENTRIES) when not found from cached entries. 86 */ 87 struct rpmb_fat_entry *rpmb_fat_entry_buf; 88 /* Current index of FAT FS entry to read from buffer. */ 89 uint32_t idx_curr; 90 /* Total number of FAT FS entries in buffer. */ 91 uint32_t num_buffered; 92 /* Total number of FAT FS entries read during traversal. */ 93 uint32_t num_total_read; 94 /* Indicates that last FAT FS entry was read. */ 95 bool last_reached; 96 }; 97 98 /** 99 * FAT entry context with reference to a FAT entry and its 100 * location in RPMB. 101 */ 102 struct rpmb_file_handle { 103 struct rpmb_fat_entry fat_entry; 104 const TEE_UUID *uuid; 105 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 106 /* Address for current entry in RPMB */ 107 uint32_t rpmb_fat_address; 108 }; 109 110 /** 111 * RPMB_FS partition data 112 */ 113 struct rpmb_fs_partition { 114 uint32_t rpmb_fs_magic; 115 uint32_t fs_version; 116 uint32_t write_counter; 117 uint32_t fat_start_address; 118 /* Do not use reserved[] for other purpose than partition data. */ 119 uint8_t reserved[112]; 120 }; 121 122 /** 123 * A node in a list of directory entries. 124 */ 125 struct tee_rpmb_fs_dirent { 126 struct tee_fs_dirent entry; 127 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 128 }; 129 130 /** 131 * The RPMB directory representation. It contains a queue of 132 * RPMB directory entries: 'next'. 133 * The current pointer points to the last directory entry 134 * returned by readdir(). 135 */ 136 struct tee_fs_dir { 137 struct tee_rpmb_fs_dirent *current; 138 /* */ 139 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 140 }; 141 142 static struct rpmb_fs_parameters *fs_par; 143 static struct rpmb_fat_entry_dir *fat_entry_dir; 144 145 /* 146 * Lower interface to RPMB device 147 */ 148 149 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 150 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 151 152 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 153 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 154 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 155 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 156 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 157 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 158 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 159 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 160 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 161 162 #define RPMB_STUFF_DATA_SIZE 196 163 #define RPMB_KEY_MAC_SIZE 32 164 #define RPMB_DATA_SIZE 256 165 #define RPMB_NONCE_SIZE 16 166 #define RPMB_DATA_FRAME_SIZE 512 167 168 #define RPMB_RESULT_OK 0x00 169 #define RPMB_RESULT_GENERAL_FAILURE 0x01 170 #define RPMB_RESULT_AUTH_FAILURE 0x02 171 #define RPMB_RESULT_COUNTER_FAILURE 0x03 172 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 173 #define RPMB_RESULT_WRITE_FAILURE 0x05 174 #define RPMB_RESULT_READ_FAILURE 0x06 175 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 176 #define RPMB_RESULT_MASK 0x3F 177 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 178 179 /* RPMB internal commands */ 180 #define RPMB_CMD_DATA_REQ 0x00 181 #define RPMB_CMD_GET_DEV_INFO 0x01 182 183 #define RPMB_SIZE_SINGLE (128 * 1024) 184 185 /* Error codes for get_dev_info request/response. */ 186 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 187 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 188 189 struct rpmb_data_frame { 190 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 191 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 192 uint8_t data[RPMB_DATA_SIZE]; 193 uint8_t nonce[RPMB_NONCE_SIZE]; 194 uint8_t write_counter[4]; 195 uint8_t address[2]; 196 uint8_t block_count[2]; 197 uint8_t op_result[2]; 198 uint8_t msg_type[2]; 199 }; 200 201 struct rpmb_req { 202 uint16_t cmd; 203 uint16_t dev_id; 204 uint16_t block_count; 205 /* variable length of data */ 206 /* uint8_t data[]; REMOVED! */ 207 }; 208 209 #define TEE_RPMB_REQ_DATA(req) \ 210 ((void *)((struct rpmb_req *)(req) + 1)) 211 212 struct rpmb_raw_data { 213 uint16_t msg_type; 214 uint16_t *op_result; 215 uint16_t *block_count; 216 uint16_t *blk_idx; 217 uint32_t *write_counter; 218 uint8_t *nonce; 219 uint8_t *key_mac; 220 uint8_t *data; 221 /* data length to read or write */ 222 uint32_t len; 223 /* Byte address offset in the first block involved */ 224 uint8_t byte_offset; 225 }; 226 227 #define RPMB_EMMC_CID_SIZE 16 228 struct rpmb_dev_info { 229 uint8_t cid[RPMB_EMMC_CID_SIZE]; 230 /* EXT CSD-slice 168 "RPMB Size" */ 231 uint8_t rpmb_size_mult; 232 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 233 uint8_t rel_wr_sec_c; 234 /* Check the ret code and accept the data only if it is OK. */ 235 uint8_t ret_code; 236 }; 237 238 /* 239 * Struct for rpmb context data. 240 * 241 * @key RPMB key. 242 * @cid eMMC card ID. 243 * @wr_cnt Current write counter. 244 * @max_blk_idx The highest block index supported by current device. 245 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 246 * @dev_id Device ID of the eMMC device. 247 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 248 * @key_derived Flag indicating if key has been generated. 249 * @key_verified Flag indicating the key generated is verified ok. 250 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 251 */ 252 struct tee_rpmb_ctx { 253 uint8_t key[RPMB_KEY_MAC_SIZE]; 254 uint8_t cid[RPMB_EMMC_CID_SIZE]; 255 uint32_t wr_cnt; 256 uint16_t max_blk_idx; 257 uint16_t rel_wr_blkcnt; 258 uint16_t dev_id; 259 bool wr_cnt_synced; 260 bool key_derived; 261 bool key_verified; 262 bool dev_info_synced; 263 }; 264 265 static struct tee_rpmb_ctx *rpmb_ctx; 266 267 /* 268 * Mutex to serialize the operations exported by this file. 269 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 270 * different IDs. 271 */ 272 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 273 274 #ifdef CFG_RPMB_TESTKEY 275 276 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 277 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 278 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 279 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 280 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 281 }; 282 283 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 284 uint8_t *key, uint32_t len) 285 { 286 TEE_Result res = TEE_SUCCESS; 287 288 if (!key || RPMB_KEY_MAC_SIZE != len) { 289 res = TEE_ERROR_BAD_PARAMETERS; 290 goto out; 291 } 292 293 DMSG("RPMB: Using test key"); 294 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 295 296 out: 297 return res; 298 } 299 300 #else /* !CFG_RPMB_TESTKEY */ 301 302 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 303 uint8_t *key, uint32_t len) 304 { 305 uint8_t message[RPMB_EMMC_CID_SIZE]; 306 307 if (!key || RPMB_KEY_MAC_SIZE != len) 308 return TEE_ERROR_BAD_PARAMETERS; 309 310 IMSG("RPMB: Using generated key"); 311 312 /* 313 * PRV/CRC would be changed when doing eMMC FFU 314 * The following fields should be masked off when deriving RPMB key 315 * 316 * CID [55: 48]: PRV (Product revision) 317 * CID [07: 01]: CRC (CRC7 checksum) 318 * CID [00]: not used 319 */ 320 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 321 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 322 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 323 return huk_subkey_derive(HUK_SUBKEY_RPMB, message, sizeof(message), 324 key, len); 325 } 326 327 #endif /* !CFG_RPMB_TESTKEY */ 328 329 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 330 { 331 *bytes = (uint8_t) (u32 >> 24); 332 *(bytes + 1) = (uint8_t) (u32 >> 16); 333 *(bytes + 2) = (uint8_t) (u32 >> 8); 334 *(bytes + 3) = (uint8_t) u32; 335 } 336 337 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 338 { 339 *u32 = (uint32_t) ((*(bytes) << 24) + 340 (*(bytes + 1) << 16) + 341 (*(bytes + 2) << 8) + (*(bytes + 3))); 342 } 343 344 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 345 { 346 *bytes = (uint8_t) (u16 >> 8); 347 *(bytes + 1) = (uint8_t) u16; 348 } 349 350 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 351 { 352 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 353 } 354 355 static void get_op_result_bits(uint8_t *bytes, uint8_t *res) 356 { 357 *res = *(bytes + 1) & RPMB_RESULT_MASK; 358 } 359 360 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 361 uint8_t *key, uint32_t keysize, 362 struct rpmb_data_frame *datafrms, 363 uint16_t blkcnt) 364 { 365 TEE_Result res = TEE_ERROR_GENERIC; 366 int i; 367 void *ctx = NULL; 368 369 if (!mac || !key || !datafrms) 370 return TEE_ERROR_BAD_PARAMETERS; 371 372 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 373 if (res) 374 return res; 375 376 res = crypto_mac_init(ctx, key, keysize); 377 if (res != TEE_SUCCESS) 378 goto func_exit; 379 380 for (i = 0; i < blkcnt; i++) { 381 res = crypto_mac_update(ctx, datafrms[i].data, 382 RPMB_MAC_PROTECT_DATA_SIZE); 383 if (res != TEE_SUCCESS) 384 goto func_exit; 385 } 386 387 res = crypto_mac_final(ctx, mac, macsize); 388 if (res != TEE_SUCCESS) 389 goto func_exit; 390 391 res = TEE_SUCCESS; 392 393 func_exit: 394 crypto_mac_free_ctx(ctx); 395 return res; 396 } 397 398 struct tee_rpmb_mem { 399 struct mobj *phreq_mobj; 400 struct mobj *phresp_mobj; 401 size_t req_size; 402 size_t resp_size; 403 }; 404 405 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 406 { 407 if (!mem) 408 return; 409 410 if (mem->phreq_mobj) { 411 thread_rpc_free_payload(mem->phreq_mobj); 412 mem->phreq_mobj = NULL; 413 } 414 if (mem->phresp_mobj) { 415 thread_rpc_free_payload(mem->phresp_mobj); 416 mem->phresp_mobj = NULL; 417 } 418 } 419 420 421 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 422 struct tee_rpmb_mem *mem, void **req, void **resp) 423 { 424 TEE_Result res = TEE_SUCCESS; 425 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 426 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 427 428 if (!mem) 429 return TEE_ERROR_BAD_PARAMETERS; 430 431 memset(mem, 0, sizeof(*mem)); 432 433 mem->phreq_mobj = thread_rpc_alloc_payload(req_s); 434 mem->phresp_mobj = thread_rpc_alloc_payload(resp_s); 435 436 if (!mem->phreq_mobj || !mem->phresp_mobj) { 437 res = TEE_ERROR_OUT_OF_MEMORY; 438 goto out; 439 } 440 441 *req = mobj_get_va(mem->phreq_mobj, 0); 442 *resp = mobj_get_va(mem->phresp_mobj, 0); 443 if (!*req || !*resp) { 444 res = TEE_ERROR_GENERIC; 445 goto out; 446 } 447 448 mem->req_size = req_size; 449 mem->resp_size = resp_size; 450 451 out: 452 if (res != TEE_SUCCESS) 453 tee_rpmb_free(mem); 454 return res; 455 } 456 457 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 458 { 459 struct thread_param params[2] = { 460 [0] = THREAD_PARAM_MEMREF(IN, mem->phreq_mobj, 0, 461 mem->req_size), 462 [1] = THREAD_PARAM_MEMREF(OUT, mem->phresp_mobj, 0, 463 mem->resp_size), 464 }; 465 466 return thread_rpc_cmd(OPTEE_RPC_CMD_RPMB, 2, params); 467 } 468 469 static bool is_zero(const uint8_t *buf, size_t size) 470 { 471 size_t i; 472 473 for (i = 0; i < size; i++) 474 if (buf[i]) 475 return false; 476 return true; 477 } 478 479 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 480 uint16_t blk_idx, const uint8_t *fek, 481 const TEE_UUID *uuid) 482 { 483 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 484 blk_idx, fek, TEE_MODE_ENCRYPT); 485 } 486 487 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 488 uint16_t blk_idx, const uint8_t *fek, 489 const TEE_UUID *uuid) 490 { 491 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 492 blk_idx, fek, TEE_MODE_DECRYPT); 493 } 494 495 /* Decrypt/copy at most one block of data */ 496 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 497 size_t size, size_t offset, 498 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 499 const TEE_UUID *uuid) 500 { 501 uint8_t *tmp __maybe_unused; 502 503 504 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 505 panic("invalid size or offset"); 506 507 if (!fek) { 508 /* Block is not encrypted (not a file data block) */ 509 memcpy(out, frm->data + offset, size); 510 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 511 /* The file was created with encryption disabled */ 512 return TEE_ERROR_SECURITY; 513 } else { 514 /* Block is encrypted */ 515 if (size < RPMB_DATA_SIZE) { 516 /* 517 * Since output buffer is not large enough to hold one 518 * block we must allocate a temporary buffer. 519 */ 520 tmp = malloc(RPMB_DATA_SIZE); 521 if (!tmp) 522 return TEE_ERROR_OUT_OF_MEMORY; 523 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 524 memcpy(out, tmp + offset, size); 525 free(tmp); 526 } else { 527 decrypt_block(out, frm->data, blk_idx, fek, uuid); 528 } 529 } 530 531 return TEE_SUCCESS; 532 } 533 534 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 535 struct rpmb_raw_data *rawdata, 536 uint16_t nbr_frms, uint16_t dev_id, 537 const uint8_t *fek, const TEE_UUID *uuid) 538 { 539 TEE_Result res = TEE_ERROR_GENERIC; 540 int i; 541 struct rpmb_data_frame *datafrm; 542 543 if (!req || !rawdata || !nbr_frms) 544 return TEE_ERROR_BAD_PARAMETERS; 545 546 /* 547 * Check write blockcount is not bigger than reliable write 548 * blockcount. 549 */ 550 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 551 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 552 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 553 rpmb_ctx->rel_wr_blkcnt); 554 return TEE_ERROR_GENERIC; 555 } 556 557 req->cmd = RPMB_CMD_DATA_REQ; 558 req->dev_id = dev_id; 559 560 /* Allocate memory for construct all data packets and calculate MAC. */ 561 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 562 if (!datafrm) 563 return TEE_ERROR_OUT_OF_MEMORY; 564 565 for (i = 0; i < nbr_frms; i++) { 566 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 567 568 if (rawdata->block_count) 569 u16_to_bytes(*rawdata->block_count, 570 datafrm[i].block_count); 571 572 if (rawdata->blk_idx) { 573 /* Check the block index is within range. */ 574 if ((*rawdata->blk_idx + nbr_frms - 1) > 575 rpmb_ctx->max_blk_idx) { 576 res = TEE_ERROR_GENERIC; 577 goto func_exit; 578 } 579 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 580 } 581 582 if (rawdata->write_counter) 583 u32_to_bytes(*rawdata->write_counter, 584 datafrm[i].write_counter); 585 586 if (rawdata->nonce) 587 memcpy(datafrm[i].nonce, rawdata->nonce, 588 RPMB_NONCE_SIZE); 589 590 if (rawdata->data) { 591 if (fek) { 592 res = encrypt_block(datafrm[i].data, 593 rawdata->data + 594 (i * RPMB_DATA_SIZE), 595 *rawdata->blk_idx + i, 596 fek, uuid); 597 if (res != TEE_SUCCESS) 598 goto func_exit; 599 } else { 600 memcpy(datafrm[i].data, 601 rawdata->data + (i * RPMB_DATA_SIZE), 602 RPMB_DATA_SIZE); 603 } 604 } 605 } 606 607 if (rawdata->key_mac) { 608 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 609 res = 610 tee_rpmb_mac_calc(rawdata->key_mac, 611 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 612 RPMB_KEY_MAC_SIZE, datafrm, 613 nbr_frms); 614 if (res != TEE_SUCCESS) 615 goto func_exit; 616 } 617 memcpy(datafrm[nbr_frms - 1].key_mac, 618 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 619 } 620 621 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 622 nbr_frms * RPMB_DATA_FRAME_SIZE); 623 624 #ifdef CFG_RPMB_FS_DEBUG_DATA 625 for (i = 0; i < nbr_frms; i++) { 626 DMSG("Dumping data frame %d:", i); 627 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 628 512 - RPMB_STUFF_DATA_SIZE); 629 } 630 #endif 631 632 res = TEE_SUCCESS; 633 func_exit: 634 free(datafrm); 635 return res; 636 } 637 638 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 639 struct rpmb_data_frame *frm, 640 const uint8_t *fek, const TEE_UUID *uuid) 641 { 642 TEE_Result res; 643 uint8_t *data; 644 uint16_t idx; 645 646 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 647 return TEE_ERROR_BAD_PARAMETERS; 648 649 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 650 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 651 if (res != TEE_SUCCESS) 652 return res; 653 654 data = rawdata->data; 655 bytes_to_u16(frm->address, &idx); 656 657 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 658 uuid); 659 return res; 660 } 661 662 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 663 struct rpmb_raw_data *rawdata, 664 uint16_t nbr_frms, 665 struct rpmb_data_frame *lastfrm, 666 const uint8_t *fek, 667 const TEE_UUID *uuid) 668 { 669 TEE_Result res = TEE_ERROR_GENERIC; 670 int i; 671 void *ctx = NULL; 672 uint16_t offset; 673 uint32_t size; 674 uint8_t *data; 675 uint16_t start_idx; 676 struct rpmb_data_frame localfrm; 677 678 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 679 return TEE_ERROR_BAD_PARAMETERS; 680 681 if (nbr_frms == 1) 682 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 683 684 /* nbr_frms > 1 */ 685 686 data = rawdata->data; 687 688 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 689 if (res) 690 goto func_exit; 691 692 res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 693 if (res != TEE_SUCCESS) 694 goto func_exit; 695 696 /* 697 * Note: JEDEC JESD84-B51: "In every packet the address is the start 698 * address of the full access (not address of the individual half a 699 * sector)" 700 */ 701 bytes_to_u16(lastfrm->address, &start_idx); 702 703 for (i = 0; i < (nbr_frms - 1); i++) { 704 705 /* 706 * By working on a local copy of the RPMB frame, we ensure that 707 * the data can not be modified after the MAC is computed but 708 * before the payload is decrypted/copied to the output buffer. 709 */ 710 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 711 712 res = crypto_mac_update(ctx, localfrm.data, 713 RPMB_MAC_PROTECT_DATA_SIZE); 714 if (res != TEE_SUCCESS) 715 goto func_exit; 716 717 if (i == 0) { 718 /* First block */ 719 offset = rawdata->byte_offset; 720 size = RPMB_DATA_SIZE - offset; 721 } else { 722 /* Middle blocks */ 723 size = RPMB_DATA_SIZE; 724 offset = 0; 725 } 726 727 res = decrypt(data, &localfrm, size, offset, start_idx + i, 728 fek, uuid); 729 if (res != TEE_SUCCESS) 730 goto func_exit; 731 732 data += size; 733 } 734 735 /* Last block */ 736 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 737 if (size == 0) 738 size = RPMB_DATA_SIZE; 739 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 740 uuid); 741 if (res != TEE_SUCCESS) 742 goto func_exit; 743 744 /* Update MAC against the last block */ 745 res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE); 746 if (res != TEE_SUCCESS) 747 goto func_exit; 748 749 res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE); 750 if (res != TEE_SUCCESS) 751 goto func_exit; 752 753 res = TEE_SUCCESS; 754 755 func_exit: 756 crypto_mac_free_ctx(ctx); 757 return res; 758 } 759 760 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 761 struct rpmb_raw_data *rawdata, 762 uint16_t nbr_frms, 763 const uint8_t *fek, 764 const TEE_UUID *uuid) 765 { 766 TEE_Result res = TEE_ERROR_GENERIC; 767 uint16_t msg_type; 768 uint32_t wr_cnt; 769 uint16_t blk_idx; 770 uint8_t op_result; 771 struct rpmb_data_frame lastfrm; 772 773 if (!datafrm || !rawdata || !nbr_frms) 774 return TEE_ERROR_BAD_PARAMETERS; 775 776 #ifdef CFG_RPMB_FS_DEBUG_DATA 777 for (uint32_t i = 0; i < nbr_frms; i++) { 778 DMSG("Dumping data frame %d:", i); 779 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 780 512 - RPMB_STUFF_DATA_SIZE); 781 } 782 #endif 783 784 /* Make sure the last data packet can't be modified once verified */ 785 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 786 787 /* Handle operation result and translate to TEEC error code. */ 788 get_op_result_bits(lastfrm.op_result, &op_result); 789 if (op_result == RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED) 790 return TEE_ERROR_ITEM_NOT_FOUND; 791 if (op_result != RPMB_RESULT_OK) 792 return TEE_ERROR_GENERIC; 793 794 /* Check the response msg_type. */ 795 bytes_to_u16(lastfrm.msg_type, &msg_type); 796 if (msg_type != rawdata->msg_type) { 797 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 798 rawdata->msg_type); 799 return TEE_ERROR_GENERIC; 800 } 801 802 if (rawdata->blk_idx) { 803 bytes_to_u16(lastfrm.address, &blk_idx); 804 if (blk_idx != *rawdata->blk_idx) { 805 DMSG("Unexpected block index"); 806 return TEE_ERROR_GENERIC; 807 } 808 } 809 810 if (rawdata->write_counter) { 811 wr_cnt = *rawdata->write_counter; 812 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 813 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 814 /* Verify the write counter is incremented by 1 */ 815 if (*rawdata->write_counter != wr_cnt + 1) { 816 DMSG("Counter mismatched (0x%04x/0x%04x)", 817 *rawdata->write_counter, wr_cnt + 1); 818 return TEE_ERROR_SECURITY; 819 } 820 rpmb_ctx->wr_cnt++; 821 } 822 } 823 824 if (rawdata->nonce) { 825 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 826 RPMB_NONCE_SIZE) != 0) { 827 DMSG("Nonce mismatched"); 828 return TEE_ERROR_SECURITY; 829 } 830 } 831 832 if (rawdata->key_mac) { 833 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 834 if (!rawdata->data) 835 return TEE_ERROR_GENERIC; 836 837 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 838 nbr_frms, &lastfrm, 839 fek, uuid); 840 841 if (res != TEE_SUCCESS) 842 return res; 843 } else { 844 /* 845 * There should be only one data frame for 846 * other msg types. 847 */ 848 if (nbr_frms != 1) 849 return TEE_ERROR_GENERIC; 850 851 res = tee_rpmb_mac_calc(rawdata->key_mac, 852 RPMB_KEY_MAC_SIZE, 853 rpmb_ctx->key, 854 RPMB_KEY_MAC_SIZE, 855 &lastfrm, 1); 856 857 if (res != TEE_SUCCESS) 858 return res; 859 } 860 861 #ifndef CFG_RPMB_FS_NO_MAC 862 if (consttime_memcmp(rawdata->key_mac, 863 (datafrm + nbr_frms - 1)->key_mac, 864 RPMB_KEY_MAC_SIZE) != 0) { 865 DMSG("MAC mismatched:"); 866 #ifdef CFG_RPMB_FS_DEBUG_DATA 867 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 868 #endif 869 return TEE_ERROR_SECURITY; 870 } 871 #endif /* !CFG_RPMB_FS_NO_MAC */ 872 } 873 874 return TEE_SUCCESS; 875 } 876 877 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 878 struct rpmb_dev_info *dev_info) 879 { 880 TEE_Result res = TEE_ERROR_GENERIC; 881 struct tee_rpmb_mem mem; 882 struct rpmb_dev_info *di; 883 struct rpmb_req *req = NULL; 884 uint8_t *resp = NULL; 885 uint32_t req_size; 886 uint32_t resp_size; 887 888 if (!dev_info) 889 return TEE_ERROR_BAD_PARAMETERS; 890 891 req_size = sizeof(struct rpmb_req); 892 resp_size = sizeof(struct rpmb_dev_info); 893 res = tee_rpmb_alloc(req_size, resp_size, &mem, 894 (void *)&req, (void *)&resp); 895 if (res != TEE_SUCCESS) 896 goto func_exit; 897 898 req->cmd = RPMB_CMD_GET_DEV_INFO; 899 req->dev_id = dev_id; 900 901 di = (struct rpmb_dev_info *)resp; 902 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 903 904 res = tee_rpmb_invoke(&mem); 905 if (res != TEE_SUCCESS) 906 goto func_exit; 907 908 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 909 res = TEE_ERROR_GENERIC; 910 goto func_exit; 911 } 912 913 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 914 915 #ifdef CFG_RPMB_FS_DEBUG_DATA 916 DMSG("Dumping dev_info:"); 917 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 918 #endif 919 920 res = TEE_SUCCESS; 921 922 func_exit: 923 tee_rpmb_free(&mem); 924 return res; 925 } 926 927 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 928 uint32_t *wr_cnt, 929 uint16_t *op_result) 930 { 931 TEE_Result res = TEE_ERROR_GENERIC; 932 struct tee_rpmb_mem mem; 933 uint16_t msg_type; 934 uint8_t nonce[RPMB_NONCE_SIZE]; 935 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 936 struct rpmb_req *req = NULL; 937 struct rpmb_data_frame *resp = NULL; 938 struct rpmb_raw_data rawdata; 939 uint32_t req_size; 940 uint32_t resp_size; 941 942 if (!wr_cnt) 943 return TEE_ERROR_BAD_PARAMETERS; 944 945 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 946 resp_size = RPMB_DATA_FRAME_SIZE; 947 res = tee_rpmb_alloc(req_size, resp_size, &mem, 948 (void *)&req, (void *)&resp); 949 if (res != TEE_SUCCESS) 950 goto func_exit; 951 952 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 953 if (res != TEE_SUCCESS) 954 goto func_exit; 955 956 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 957 958 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 959 rawdata.msg_type = msg_type; 960 rawdata.nonce = nonce; 961 962 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 963 if (res != TEE_SUCCESS) 964 goto func_exit; 965 966 res = tee_rpmb_invoke(&mem); 967 if (res != TEE_SUCCESS) 968 goto func_exit; 969 970 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 971 972 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 973 rawdata.msg_type = msg_type; 974 rawdata.op_result = op_result; 975 rawdata.write_counter = wr_cnt; 976 rawdata.nonce = nonce; 977 rawdata.key_mac = hmac; 978 979 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 980 if (res != TEE_SUCCESS) 981 goto func_exit; 982 983 res = TEE_SUCCESS; 984 985 func_exit: 986 tee_rpmb_free(&mem); 987 return res; 988 } 989 990 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 991 { 992 uint16_t op_result = 0; 993 TEE_Result res = TEE_ERROR_GENERIC; 994 995 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 996 &op_result); 997 998 if (res == TEE_SUCCESS) { 999 rpmb_ctx->key_verified = true; 1000 rpmb_ctx->wr_cnt_synced = true; 1001 } else 1002 EMSG("Verify key returning 0x%x", res); 1003 return res; 1004 } 1005 1006 #ifdef CFG_RPMB_WRITE_KEY 1007 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1008 { 1009 TEE_Result res = TEE_ERROR_GENERIC; 1010 struct tee_rpmb_mem mem = { 0 }; 1011 uint16_t msg_type; 1012 struct rpmb_req *req = NULL; 1013 struct rpmb_data_frame *resp = NULL; 1014 struct rpmb_raw_data rawdata; 1015 uint32_t req_size; 1016 uint32_t resp_size; 1017 1018 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1019 resp_size = RPMB_DATA_FRAME_SIZE; 1020 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1021 (void *)&req, (void *)&resp); 1022 if (res != TEE_SUCCESS) 1023 goto func_exit; 1024 1025 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1026 1027 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1028 rawdata.msg_type = msg_type; 1029 rawdata.key_mac = rpmb_ctx->key; 1030 1031 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1032 if (res != TEE_SUCCESS) 1033 goto func_exit; 1034 1035 res = tee_rpmb_invoke(&mem); 1036 if (res != TEE_SUCCESS) 1037 goto func_exit; 1038 1039 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1040 1041 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1042 rawdata.msg_type = msg_type; 1043 1044 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1045 if (res != TEE_SUCCESS) 1046 goto func_exit; 1047 1048 res = TEE_SUCCESS; 1049 1050 func_exit: 1051 tee_rpmb_free(&mem); 1052 return res; 1053 } 1054 1055 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1056 { 1057 TEE_Result res; 1058 1059 if (!plat_rpmb_key_is_ready()) { 1060 DMSG("RPMB INIT: platform indicates RPMB key is not ready"); 1061 return TEE_ERROR_BAD_STATE; 1062 } 1063 1064 DMSG("RPMB INIT: Writing Key value:"); 1065 DHEXDUMP(rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 1066 1067 res = tee_rpmb_write_key(dev_id); 1068 if (res == TEE_SUCCESS) { 1069 DMSG("RPMB INIT: Verifying Key"); 1070 res = tee_rpmb_verify_key_sync_counter(dev_id); 1071 } 1072 return res; 1073 } 1074 #else 1075 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1076 { 1077 DMSG("RPMB INIT: CFG_RPMB_WRITE_KEY is not set"); 1078 return TEE_ERROR_BAD_STATE; 1079 } 1080 #endif 1081 1082 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1083 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1084 { 1085 TEE_Result res = TEE_SUCCESS; 1086 struct rpmb_dev_info dev_info; 1087 uint32_t nblocks = 0; 1088 1089 if (!rpmb_ctx) { 1090 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1091 if (!rpmb_ctx) 1092 return TEE_ERROR_OUT_OF_MEMORY; 1093 } else if (rpmb_ctx->dev_id != dev_id) { 1094 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1095 } 1096 1097 rpmb_ctx->dev_id = dev_id; 1098 1099 if (!rpmb_ctx->dev_info_synced) { 1100 DMSG("RPMB: Syncing device information"); 1101 1102 dev_info.rpmb_size_mult = 0; 1103 dev_info.rel_wr_sec_c = 0; 1104 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1105 if (res != TEE_SUCCESS) 1106 goto func_exit; 1107 1108 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1109 DMSG("RPMB: Reliable Write Sector Count is %d", 1110 dev_info.rel_wr_sec_c); 1111 1112 if (dev_info.rpmb_size_mult == 0) { 1113 res = TEE_ERROR_GENERIC; 1114 goto func_exit; 1115 } 1116 1117 if (MUL_OVERFLOW(dev_info.rpmb_size_mult, 1118 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE, &nblocks) || 1119 SUB_OVERFLOW(nblocks, 1, &rpmb_ctx->max_blk_idx)) { 1120 res = TEE_ERROR_BAD_PARAMETERS; 1121 goto func_exit; 1122 } 1123 1124 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1125 1126 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1127 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1128 #else 1129 rpmb_ctx->rel_wr_blkcnt = 1; 1130 #endif 1131 1132 rpmb_ctx->dev_info_synced = true; 1133 } 1134 1135 if (!rpmb_ctx->key_derived) { 1136 DMSG("RPMB INIT: Deriving key"); 1137 1138 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1139 RPMB_KEY_MAC_SIZE); 1140 if (res != TEE_SUCCESS) { 1141 EMSG("RPMB INIT: Deriving key failed with error 0x%x", 1142 res); 1143 goto func_exit; 1144 } 1145 1146 rpmb_ctx->key_derived = true; 1147 } 1148 1149 /* Perform a write counter read to verify if the key is ok. */ 1150 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1151 DMSG("RPMB INIT: Verifying Key"); 1152 1153 res = tee_rpmb_verify_key_sync_counter(dev_id); 1154 if (res == TEE_ERROR_ITEM_NOT_FOUND && 1155 !rpmb_ctx->key_verified) { 1156 /* 1157 * Need to write the key here and verify it. 1158 */ 1159 DMSG("RPMB INIT: Auth key not yet written"); 1160 res = tee_rpmb_write_and_verify_key(dev_id); 1161 } else if (res != TEE_SUCCESS) { 1162 EMSG("Verify key failed!"); 1163 EMSG("Make sure key here matches device key"); 1164 } 1165 } 1166 1167 func_exit: 1168 return res; 1169 } 1170 1171 /* 1172 * Read RPMB data in bytes. 1173 * 1174 * @dev_id Device ID of the eMMC device. 1175 * @addr Byte address of data. 1176 * @data Pointer to the data. 1177 * @len Size of data in bytes. 1178 * @fek Encrypted File Encryption Key or NULL. 1179 */ 1180 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1181 uint32_t len, const uint8_t *fek, 1182 const TEE_UUID *uuid) 1183 { 1184 TEE_Result res = TEE_ERROR_GENERIC; 1185 struct tee_rpmb_mem mem = { 0 }; 1186 uint16_t msg_type; 1187 uint8_t nonce[RPMB_NONCE_SIZE]; 1188 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1189 struct rpmb_req *req = NULL; 1190 struct rpmb_data_frame *resp = NULL; 1191 struct rpmb_raw_data rawdata; 1192 uint32_t req_size; 1193 uint32_t resp_size; 1194 uint16_t blk_idx; 1195 uint16_t blkcnt; 1196 uint8_t byte_offset; 1197 1198 if (!data || !len) 1199 return TEE_ERROR_BAD_PARAMETERS; 1200 1201 blk_idx = addr / RPMB_DATA_SIZE; 1202 byte_offset = addr % RPMB_DATA_SIZE; 1203 1204 if (len + byte_offset + RPMB_DATA_SIZE < RPMB_DATA_SIZE) { 1205 /* Overflow */ 1206 return TEE_ERROR_BAD_PARAMETERS; 1207 } 1208 blkcnt = 1209 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1210 res = tee_rpmb_init(dev_id); 1211 if (res != TEE_SUCCESS) 1212 goto func_exit; 1213 1214 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1215 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1216 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1217 (void *)&req, (void *)&resp); 1218 if (res != TEE_SUCCESS) 1219 goto func_exit; 1220 1221 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1222 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1223 if (res != TEE_SUCCESS) 1224 goto func_exit; 1225 1226 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1227 rawdata.msg_type = msg_type; 1228 rawdata.nonce = nonce; 1229 rawdata.blk_idx = &blk_idx; 1230 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1231 if (res != TEE_SUCCESS) 1232 goto func_exit; 1233 1234 req->block_count = blkcnt; 1235 1236 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1237 blk_idx); 1238 1239 res = tee_rpmb_invoke(&mem); 1240 if (res != TEE_SUCCESS) 1241 goto func_exit; 1242 1243 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1244 1245 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1246 rawdata.msg_type = msg_type; 1247 rawdata.block_count = &blkcnt; 1248 rawdata.blk_idx = &blk_idx; 1249 rawdata.nonce = nonce; 1250 rawdata.key_mac = hmac; 1251 rawdata.data = data; 1252 1253 rawdata.len = len; 1254 rawdata.byte_offset = byte_offset; 1255 1256 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1257 if (res != TEE_SUCCESS) 1258 goto func_exit; 1259 1260 res = TEE_SUCCESS; 1261 1262 func_exit: 1263 tee_rpmb_free(&mem); 1264 return res; 1265 } 1266 1267 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1268 const uint8_t *data_blks, uint16_t blkcnt, 1269 const uint8_t *fek, const TEE_UUID *uuid) 1270 { 1271 TEE_Result res; 1272 struct tee_rpmb_mem mem; 1273 uint16_t msg_type; 1274 uint32_t wr_cnt; 1275 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1276 struct rpmb_req *req = NULL; 1277 struct rpmb_data_frame *resp = NULL; 1278 struct rpmb_raw_data rawdata; 1279 uint32_t req_size; 1280 uint32_t resp_size; 1281 uint32_t nbr_writes; 1282 uint16_t tmp_blkcnt; 1283 uint16_t tmp_blk_idx; 1284 uint16_t i; 1285 1286 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1287 blk_idx); 1288 1289 if (!data_blks || !blkcnt) 1290 return TEE_ERROR_BAD_PARAMETERS; 1291 1292 res = tee_rpmb_init(dev_id); 1293 if (res != TEE_SUCCESS) 1294 return res; 1295 1296 /* 1297 * We need to split data when block count 1298 * is bigger than reliable block write count. 1299 */ 1300 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1301 req_size = sizeof(struct rpmb_req) + 1302 RPMB_DATA_FRAME_SIZE * blkcnt; 1303 else 1304 req_size = sizeof(struct rpmb_req) + 1305 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1306 1307 resp_size = RPMB_DATA_FRAME_SIZE; 1308 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1309 (void *)&req, (void *)&resp); 1310 if (res != TEE_SUCCESS) 1311 return res; 1312 1313 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1314 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1315 nbr_writes += 1; 1316 1317 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1318 tmp_blk_idx = blk_idx; 1319 for (i = 0; i < nbr_writes; i++) { 1320 /* 1321 * To handle the last write of block count which is 1322 * equal or smaller than reliable write block count. 1323 */ 1324 if (i == nbr_writes - 1) 1325 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1326 (nbr_writes - 1); 1327 1328 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1329 wr_cnt = rpmb_ctx->wr_cnt; 1330 1331 memset(req, 0x00, req_size); 1332 memset(resp, 0x00, resp_size); 1333 1334 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1335 rawdata.msg_type = msg_type; 1336 rawdata.block_count = &tmp_blkcnt; 1337 rawdata.blk_idx = &tmp_blk_idx; 1338 rawdata.write_counter = &wr_cnt; 1339 rawdata.key_mac = hmac; 1340 rawdata.data = (uint8_t *)data_blks + 1341 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1342 1343 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1344 fek, uuid); 1345 if (res != TEE_SUCCESS) 1346 goto out; 1347 1348 res = tee_rpmb_invoke(&mem); 1349 if (res != TEE_SUCCESS) { 1350 /* 1351 * To force wr_cnt sync next time, as it might get 1352 * out of sync due to inconsistent operation result! 1353 */ 1354 rpmb_ctx->wr_cnt_synced = false; 1355 goto out; 1356 } 1357 1358 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1359 1360 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1361 rawdata.msg_type = msg_type; 1362 rawdata.block_count = &tmp_blkcnt; 1363 rawdata.blk_idx = &tmp_blk_idx; 1364 rawdata.write_counter = &wr_cnt; 1365 rawdata.key_mac = hmac; 1366 1367 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1368 NULL); 1369 if (res != TEE_SUCCESS) { 1370 /* 1371 * To force wr_cnt sync next time, as it might get 1372 * out of sync due to inconsistent operation result! 1373 */ 1374 rpmb_ctx->wr_cnt_synced = false; 1375 goto out; 1376 } 1377 1378 tmp_blk_idx += tmp_blkcnt; 1379 } 1380 1381 out: 1382 tee_rpmb_free(&mem); 1383 return res; 1384 } 1385 1386 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1387 uint32_t len) 1388 { 1389 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1390 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1391 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1392 1393 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1394 } 1395 1396 /* 1397 * Write RPMB data in bytes. 1398 * 1399 * @dev_id Device ID of the eMMC device. 1400 * @addr Byte address of data. 1401 * @data Pointer to the data. 1402 * @len Size of data in bytes. 1403 * @fek Encrypted File Encryption Key or NULL. 1404 */ 1405 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1406 const uint8_t *data, uint32_t len, 1407 const uint8_t *fek, const TEE_UUID *uuid) 1408 { 1409 TEE_Result res = TEE_ERROR_GENERIC; 1410 uint8_t *data_tmp = NULL; 1411 uint16_t blk_idx; 1412 uint16_t blkcnt; 1413 uint8_t byte_offset; 1414 1415 blk_idx = addr / RPMB_DATA_SIZE; 1416 byte_offset = addr % RPMB_DATA_SIZE; 1417 1418 blkcnt = 1419 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1420 1421 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1422 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1423 uuid); 1424 if (res != TEE_SUCCESS) 1425 goto func_exit; 1426 } else { 1427 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1428 if (!data_tmp) { 1429 res = TEE_ERROR_OUT_OF_MEMORY; 1430 goto func_exit; 1431 } 1432 1433 /* Read the complete blocks */ 1434 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1435 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1436 if (res != TEE_SUCCESS) 1437 goto func_exit; 1438 1439 /* Partial update of the data blocks */ 1440 memcpy(data_tmp + byte_offset, data, len); 1441 1442 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1443 fek, uuid); 1444 if (res != TEE_SUCCESS) 1445 goto func_exit; 1446 } 1447 1448 res = TEE_SUCCESS; 1449 1450 func_exit: 1451 free(data_tmp); 1452 return res; 1453 } 1454 1455 /* 1456 * Read the RPMB write counter. 1457 * 1458 * @dev_id Device ID of the eMMC device. 1459 * @counter Pointer to the counter. 1460 */ 1461 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1462 uint32_t *counter) 1463 { 1464 TEE_Result res = TEE_SUCCESS; 1465 1466 if (!counter) 1467 return TEE_ERROR_BAD_PARAMETERS; 1468 1469 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1470 res = tee_rpmb_init(dev_id); 1471 if (res != TEE_SUCCESS) 1472 goto func_exit; 1473 } 1474 1475 *counter = rpmb_ctx->wr_cnt; 1476 1477 func_exit: 1478 return res; 1479 } 1480 1481 /* 1482 * Read the RPMB max block. 1483 * 1484 * @dev_id Device ID of the eMMC device. 1485 * @counter Pointer to receive the max block. 1486 */ 1487 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1488 { 1489 TEE_Result res = TEE_SUCCESS; 1490 1491 if (!max_block) 1492 return TEE_ERROR_BAD_PARAMETERS; 1493 1494 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1495 res = tee_rpmb_init(dev_id); 1496 if (res != TEE_SUCCESS) 1497 goto func_exit; 1498 } 1499 1500 *max_block = rpmb_ctx->max_blk_idx; 1501 1502 func_exit: 1503 return res; 1504 } 1505 1506 /* 1507 * End of lower interface to RPMB device 1508 */ 1509 1510 static TEE_Result get_fat_start_address(uint32_t *addr); 1511 static TEE_Result rpmb_fs_setup(void); 1512 1513 /** 1514 * fat_entry_dir_free: Free the FAT entry dir. 1515 */ 1516 static void fat_entry_dir_free(void) 1517 { 1518 if (fat_entry_dir) { 1519 free(fat_entry_dir->rpmb_fat_entry_buf); 1520 free(fat_entry_dir); 1521 fat_entry_dir = NULL; 1522 } 1523 } 1524 1525 /** 1526 * fat_entry_dir_init: Initialize the FAT FS entry buffer/cache 1527 * This function must be called before reading FAT FS entries using the 1528 * function fat_entry_dir_get_next. This initializes the buffer/cache with the 1529 * first FAT FS entries. 1530 */ 1531 static TEE_Result fat_entry_dir_init(void) 1532 { 1533 TEE_Result res = TEE_ERROR_GENERIC; 1534 struct rpmb_fat_entry *fe = NULL; 1535 uint32_t fat_address = 0; 1536 uint32_t num_elems_read = 0; 1537 1538 if (fat_entry_dir) 1539 return TEE_SUCCESS; 1540 1541 res = rpmb_fs_setup(); 1542 if (res) 1543 return res; 1544 1545 res = get_fat_start_address(&fat_address); 1546 if (res) 1547 return res; 1548 1549 fat_entry_dir = calloc(1, sizeof(struct rpmb_fat_entry_dir)); 1550 if (!fat_entry_dir) 1551 return TEE_ERROR_OUT_OF_MEMORY; 1552 1553 /* 1554 * If caching is enabled, read in up to the maximum cache size, but 1555 * never more than the single read in size. Otherwise, read in as many 1556 * entries fit into the temporary buffer. 1557 */ 1558 if (CFG_RPMB_FS_CACHE_ENTRIES) 1559 num_elems_read = MIN(CFG_RPMB_FS_CACHE_ENTRIES, 1560 CFG_RPMB_FS_RD_ENTRIES); 1561 else 1562 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1563 1564 /* 1565 * Allocate memory for the FAT FS entries to read in. 1566 */ 1567 fe = calloc(num_elems_read, sizeof(struct rpmb_fat_entry)); 1568 if (!fe) { 1569 res = TEE_ERROR_OUT_OF_MEMORY; 1570 goto out; 1571 } 1572 1573 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, (uint8_t *)fe, 1574 num_elems_read * sizeof(*fe), NULL, NULL); 1575 if (res) 1576 goto out; 1577 1578 fat_entry_dir->rpmb_fat_entry_buf = fe; 1579 1580 /* 1581 * We use this variable when getting next entries from the buffer/cache 1582 * to see whether we have to read in more entries from storage. 1583 */ 1584 fat_entry_dir->num_buffered = num_elems_read; 1585 1586 return TEE_SUCCESS; 1587 out: 1588 fat_entry_dir_free(); 1589 free(fe); 1590 return res; 1591 } 1592 1593 /** 1594 * fat_entry_dir_deinit: If caching is enabled, free the temporary buffer for 1595 * FAT FS entries in case the cache was too small. Keep the elements in the 1596 * cache. Reset the counter variables to start the next traversal from fresh 1597 * from the first cached entry. If caching is disabled, just free the 1598 * temporary buffer by calling fat_entry_dir_free and return. 1599 */ 1600 static void fat_entry_dir_deinit(void) 1601 { 1602 struct rpmb_fat_entry *fe = NULL; 1603 1604 if (!fat_entry_dir) 1605 return; 1606 1607 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1608 fat_entry_dir_free(); 1609 return; 1610 } 1611 1612 fe = fat_entry_dir->rpmb_fat_entry_buf; 1613 fat_entry_dir->idx_curr = 0; 1614 fat_entry_dir->num_total_read = 0; 1615 fat_entry_dir->last_reached = false; 1616 1617 if (fat_entry_dir->num_buffered > CFG_RPMB_FS_CACHE_ENTRIES) { 1618 fat_entry_dir->num_buffered = CFG_RPMB_FS_CACHE_ENTRIES; 1619 1620 fe = realloc(fe, fat_entry_dir->num_buffered * sizeof(*fe)); 1621 1622 /* 1623 * In case realloc fails, we are on the safe side if we destroy 1624 * the whole structure. Upon the next init, the cache has to be 1625 * re-established, but this case should not happen in practice. 1626 */ 1627 if (!fe) 1628 fat_entry_dir_free(); 1629 else 1630 fat_entry_dir->rpmb_fat_entry_buf = fe; 1631 } 1632 } 1633 1634 /** 1635 * fat_entry_dir_update: Updates a persisted FAT FS entry in the cache. 1636 * This function updates the FAT entry fat_entry that was written to address 1637 * fat_address onto RPMB storage in the cache. 1638 */ 1639 static TEE_Result __maybe_unused fat_entry_dir_update 1640 (struct rpmb_fat_entry *fat_entry, 1641 uint32_t fat_address) 1642 { 1643 uint32_t fat_entry_buf_idx = 0; 1644 /* Use a temp var to avoid compiler warning if caching disabled. */ 1645 uint32_t max_cache_entries = CFG_RPMB_FS_CACHE_ENTRIES; 1646 1647 assert(!((fat_address - RPMB_FS_FAT_START_ADDRESS) % 1648 sizeof(struct rpmb_fat_entry))); 1649 1650 /* Nothing to update if the cache is not initialized. */ 1651 if (!fat_entry_dir) 1652 return TEE_SUCCESS; 1653 1654 fat_entry_buf_idx = (fat_address - RPMB_FS_FAT_START_ADDRESS) / 1655 sizeof(struct rpmb_fat_entry); 1656 1657 /* Only need to write if index points to an entry in cache. */ 1658 if (fat_entry_buf_idx < fat_entry_dir->num_buffered && 1659 fat_entry_buf_idx < max_cache_entries) { 1660 memcpy(fat_entry_dir->rpmb_fat_entry_buf + fat_entry_buf_idx, 1661 fat_entry, sizeof(struct rpmb_fat_entry)); 1662 } 1663 1664 return TEE_SUCCESS; 1665 } 1666 1667 /** 1668 * fat_entry_dir_get_next: Get next FAT FS entry. 1669 * Read either from cache/buffer, or by reading from RPMB storage if the 1670 * elements in the buffer/cache are fully read. When reading in from RPMB 1671 * storage, the buffer is overwritten in case caching is disabled. 1672 * In case caching is enabled, the cache is either further filled, or a 1673 * temporary buffer populated if the cache is already full. 1674 * The FAT FS entry is written to fat_entry. The respective address in RPMB 1675 * storage is written to fat_address, if not NULL. When the last FAT FS entry 1676 * was previously read, the function indicates this case by writing a NULL 1677 * pointer to fat_entry. 1678 * Returns a value different TEE_SUCCESS if the next FAT FS entry could not be 1679 * retrieved. 1680 */ 1681 static TEE_Result fat_entry_dir_get_next(struct rpmb_fat_entry **fat_entry, 1682 uint32_t *fat_address) 1683 { 1684 TEE_Result res = TEE_ERROR_GENERIC; 1685 struct rpmb_fat_entry *fe = NULL; 1686 uint32_t num_elems_read = 0; 1687 uint32_t fat_address_local = 0; 1688 1689 assert(fat_entry_dir && fat_entry); 1690 1691 /* Don't read further if we previously read the last FAT FS entry. */ 1692 if (fat_entry_dir->last_reached) { 1693 *fat_entry = NULL; 1694 return TEE_SUCCESS; 1695 } 1696 1697 fe = fat_entry_dir->rpmb_fat_entry_buf; 1698 1699 /* Determine address of FAT FS entry in RPMB storage. */ 1700 fat_address_local = RPMB_FS_FAT_START_ADDRESS + 1701 (fat_entry_dir->num_total_read * 1702 sizeof(struct rpmb_fat_entry)); 1703 1704 /* 1705 * We've read all so-far buffered elements, so we need to 1706 * read in more entries from RPMB storage. 1707 */ 1708 if (fat_entry_dir->idx_curr >= fat_entry_dir->num_buffered) { 1709 /* 1710 * This is the case where we do not cache entries, so just read 1711 * in next set of FAT FS entries into the buffer. 1712 * Goto the end of the when statement if that is done. 1713 */ 1714 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1715 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1716 fat_entry_dir->idx_curr = 0; 1717 1718 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1719 fat_address_local, (uint8_t *)fe, 1720 num_elems_read * sizeof(*fe), NULL, 1721 NULL); 1722 if (res) 1723 return res; 1724 goto post_read_in; 1725 } 1726 1727 /* 1728 * We cache FAT FS entries, and the buffer is not completely 1729 * filled. Further keep on extending the buffer up to its max 1730 * size by reading in from RPMB. 1731 */ 1732 if (fat_entry_dir->num_total_read < RPMB_BUF_MAX_ENTRIES) { 1733 /* 1734 * Read at most as many elements as fit in the buffer 1735 * and no more than the defined number of entries to 1736 * read in at once. 1737 */ 1738 num_elems_read = MIN(RPMB_BUF_MAX_ENTRIES - 1739 fat_entry_dir->num_total_read, 1740 (uint32_t)CFG_RPMB_FS_RD_ENTRIES); 1741 1742 /* 1743 * Expand the buffer to fit in the additional entries. 1744 */ 1745 fe = realloc(fe, 1746 (fat_entry_dir->num_buffered + 1747 num_elems_read) * sizeof(*fe)); 1748 if (!fe) 1749 return TEE_ERROR_OUT_OF_MEMORY; 1750 1751 fat_entry_dir->rpmb_fat_entry_buf = fe; 1752 1753 /* Read in to the next free slot in the buffer/cache. */ 1754 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1755 fat_address_local, 1756 (uint8_t *)(fe + 1757 fat_entry_dir->num_total_read), 1758 num_elems_read * sizeof(*fe), 1759 NULL, NULL); 1760 if (res) 1761 return res; 1762 1763 fat_entry_dir->num_buffered += num_elems_read; 1764 } else { 1765 /* 1766 * This happens when we have read as many elements as 1767 * can possibly fit into the buffer. 1768 * As the first part of the buffer serves as our cache, 1769 * we only overwrite the last part that serves as our 1770 * temporary buffer used to iteratively read in entries 1771 * when the cache is full. Read in the temporary buffer 1772 * maximum size. 1773 */ 1774 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1775 /* Reset index to beginning of the temporary buffer. */ 1776 fat_entry_dir->idx_curr = CFG_RPMB_FS_CACHE_ENTRIES; 1777 1778 /* Read in elements after the end of the cache. */ 1779 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1780 fat_address_local, 1781 (uint8_t *)(fe + 1782 fat_entry_dir->idx_curr), 1783 num_elems_read * sizeof(*fe), 1784 NULL, NULL); 1785 if (res) 1786 return res; 1787 } 1788 } 1789 1790 post_read_in: 1791 if (fat_address) 1792 *fat_address = fat_address_local; 1793 1794 *fat_entry = fe + fat_entry_dir->idx_curr; 1795 1796 fat_entry_dir->idx_curr++; 1797 fat_entry_dir->num_total_read++; 1798 1799 /* 1800 * Indicate last entry was read. 1801 * Ensures we return a zero value for fat_entry on next invocation. 1802 */ 1803 if ((*fat_entry)->flags & FILE_IS_LAST_ENTRY) 1804 fat_entry_dir->last_reached = true; 1805 1806 return TEE_SUCCESS; 1807 } 1808 1809 #if (TRACE_LEVEL >= TRACE_FLOW) 1810 static void dump_fat(void) 1811 { 1812 TEE_Result res = TEE_ERROR_SECURITY; 1813 struct rpmb_fat_entry *fe = NULL; 1814 1815 if (!fs_par) 1816 return; 1817 1818 if (fat_entry_dir_init()) 1819 return; 1820 1821 while (true) { 1822 res = fat_entry_dir_get_next(&fe, NULL); 1823 if (res || !fe) 1824 break; 1825 1826 FMSG("flags %#"PRIx32", size %"PRIu32", address %#"PRIx32 1827 ", filename '%s'", 1828 fe->flags, fe->data_size, fe->start_address, fe->filename); 1829 } 1830 1831 fat_entry_dir_deinit(); 1832 } 1833 #else 1834 static void dump_fat(void) 1835 { 1836 } 1837 #endif 1838 1839 #if (TRACE_LEVEL >= TRACE_DEBUG) 1840 static void dump_fh(struct rpmb_file_handle *fh) 1841 { 1842 DMSG("fh->filename=%s", fh->filename); 1843 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1844 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1845 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1846 } 1847 #else 1848 static void dump_fh(struct rpmb_file_handle *fh __unused) 1849 { 1850 } 1851 #endif 1852 1853 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1854 bool temporary) 1855 { 1856 struct rpmb_file_handle *fh = NULL; 1857 1858 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1859 if (!fh) 1860 return NULL; 1861 1862 if (po) 1863 tee_svc_storage_create_filename(fh->filename, 1864 sizeof(fh->filename), po, 1865 temporary); 1866 1867 return fh; 1868 } 1869 1870 /** 1871 * write_fat_entry: Store info in a fat_entry to RPMB. 1872 */ 1873 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1874 bool update_write_counter) 1875 { 1876 TEE_Result res = TEE_ERROR_GENERIC; 1877 1878 /* Protect partition data. */ 1879 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1880 res = TEE_ERROR_ACCESS_CONFLICT; 1881 goto out; 1882 } 1883 1884 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1885 res = TEE_ERROR_BAD_PARAMETERS; 1886 goto out; 1887 } 1888 1889 if (update_write_counter) { 1890 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1891 &fh->fat_entry.write_counter); 1892 if (res) 1893 goto out; 1894 } 1895 1896 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1897 (uint8_t *)&fh->fat_entry, 1898 sizeof(struct rpmb_fat_entry), NULL, NULL); 1899 1900 dump_fat(); 1901 1902 /* If caching enabled, update a successfully written entry in cache. */ 1903 if (CFG_RPMB_FS_CACHE_ENTRIES && !res) 1904 res = fat_entry_dir_update(&fh->fat_entry, 1905 fh->rpmb_fat_address); 1906 1907 out: 1908 return res; 1909 } 1910 1911 /** 1912 * rpmb_fs_setup: Setup RPMB FS. 1913 * Set initial partition and FS values and write to RPMB. 1914 * Store frequently used data in RAM. 1915 */ 1916 static TEE_Result rpmb_fs_setup(void) 1917 { 1918 TEE_Result res = TEE_ERROR_GENERIC; 1919 struct rpmb_fs_partition *partition_data = NULL; 1920 struct rpmb_file_handle *fh = NULL; 1921 uint32_t max_rpmb_block = 0; 1922 1923 if (fs_par) { 1924 res = TEE_SUCCESS; 1925 goto out; 1926 } 1927 1928 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1929 if (res != TEE_SUCCESS) 1930 goto out; 1931 1932 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1933 if (!partition_data) { 1934 res = TEE_ERROR_OUT_OF_MEMORY; 1935 goto out; 1936 } 1937 1938 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1939 (uint8_t *)partition_data, 1940 sizeof(struct rpmb_fs_partition), NULL, NULL); 1941 if (res != TEE_SUCCESS) 1942 goto out; 1943 1944 #ifndef CFG_RPMB_RESET_FAT 1945 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1946 if (partition_data->fs_version == FS_VERSION) { 1947 res = TEE_SUCCESS; 1948 goto store_fs_par; 1949 } else { 1950 EMSG("Wrong software is in use."); 1951 res = TEE_ERROR_ACCESS_DENIED; 1952 goto out; 1953 } 1954 } 1955 #else 1956 EMSG("**** Clearing Storage ****"); 1957 #endif 1958 1959 /* Setup new partition data. */ 1960 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1961 partition_data->fs_version = FS_VERSION; 1962 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1963 1964 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1965 fh = alloc_file_handle(NULL, false); 1966 if (!fh) { 1967 res = TEE_ERROR_OUT_OF_MEMORY; 1968 goto out; 1969 } 1970 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1971 fh->rpmb_fat_address = partition_data->fat_start_address; 1972 1973 /* Write init FAT entry and partition data to RPMB. */ 1974 res = write_fat_entry(fh, true); 1975 if (res != TEE_SUCCESS) 1976 goto out; 1977 1978 res = 1979 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1980 &partition_data->write_counter); 1981 if (res != TEE_SUCCESS) 1982 goto out; 1983 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1984 (uint8_t *)partition_data, 1985 sizeof(struct rpmb_fs_partition), NULL, NULL); 1986 1987 #ifndef CFG_RPMB_RESET_FAT 1988 store_fs_par: 1989 #endif 1990 1991 /* Store FAT start address. */ 1992 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1993 if (!fs_par) { 1994 res = TEE_ERROR_OUT_OF_MEMORY; 1995 goto out; 1996 } 1997 1998 fs_par->fat_start_address = partition_data->fat_start_address; 1999 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 2000 2001 dump_fat(); 2002 2003 out: 2004 free(fh); 2005 free(partition_data); 2006 return res; 2007 } 2008 2009 /** 2010 * get_fat_start_address: 2011 * FAT start_address from fs_par. 2012 */ 2013 static TEE_Result get_fat_start_address(uint32_t *addr) 2014 { 2015 if (!fs_par) 2016 return TEE_ERROR_NO_DATA; 2017 2018 *addr = fs_par->fat_start_address; 2019 2020 return TEE_SUCCESS; 2021 } 2022 2023 /** 2024 * read_fat: Read FAT entries 2025 * Return matching FAT entry for read, rm rename and stat. 2026 * Build up memory pool and return matching entry for write operation. 2027 * "Last FAT entry" can be returned during write. 2028 */ 2029 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 2030 { 2031 TEE_Result res = TEE_ERROR_GENERIC; 2032 tee_mm_entry_t *mm = NULL; 2033 struct rpmb_fat_entry *fe = NULL; 2034 uint32_t fat_address; 2035 bool entry_found = false; 2036 bool expand_fat = false; 2037 struct rpmb_file_handle last_fh; 2038 2039 DMSG("fat_address %d", fh->rpmb_fat_address); 2040 2041 res = fat_entry_dir_init(); 2042 if (res) 2043 goto out; 2044 2045 /* 2046 * The pool is used to represent the current RPMB layout. To find 2047 * a slot for the file tee_mm_alloc is called on the pool. Thus 2048 * if it is not NULL the entire FAT must be traversed to fill in 2049 * the pool. 2050 */ 2051 while (true) { 2052 res = fat_entry_dir_get_next(&fe, &fat_address); 2053 if (res || !fe) 2054 break; 2055 2056 /* 2057 * Look for an entry, matching filenames. (read, rm, 2058 * rename and stat.). Only store first filename match. 2059 */ 2060 if ((!strcmp(fh->filename, fe->filename)) && 2061 (fe->flags & FILE_IS_ACTIVE) && !entry_found) { 2062 entry_found = true; 2063 fh->rpmb_fat_address = fat_address; 2064 memcpy(&fh->fat_entry, fe, sizeof(*fe)); 2065 if (!p) 2066 break; 2067 } 2068 2069 /* Add existing files to memory pool. (write) */ 2070 if (p) { 2071 if ((fe->flags & FILE_IS_ACTIVE) && fe->data_size > 0) { 2072 2073 mm = tee_mm_alloc2(p, fe->start_address, 2074 fe->data_size); 2075 if (!mm) { 2076 res = TEE_ERROR_OUT_OF_MEMORY; 2077 goto out; 2078 } 2079 } 2080 2081 /* Unused FAT entries can be reused (write) */ 2082 if (((fe->flags & FILE_IS_ACTIVE) == 0) && 2083 fh->rpmb_fat_address == 0) { 2084 fh->rpmb_fat_address = fat_address; 2085 memcpy(&fh->fat_entry, fe, 2086 sizeof(struct rpmb_fat_entry)); 2087 } 2088 2089 if (((fe->flags & FILE_IS_LAST_ENTRY) != 0) && 2090 fh->rpmb_fat_address == fat_address) { 2091 2092 /* 2093 * If the last entry was reached and was chosen 2094 * by the previous check, then the FAT needs to 2095 * be expanded. 2096 * fh->rpmb_fat_address is the address chosen 2097 * to store the files FAT entry and fat_address 2098 * is the current FAT entry address being 2099 * compared. 2100 */ 2101 expand_fat = true; 2102 } 2103 } 2104 } 2105 2106 if (res) 2107 goto out; 2108 /* 2109 * Represent the FAT table in the pool. 2110 */ 2111 if (p) { 2112 /* 2113 * Since fat_address is the start of the last entry it needs to 2114 * be moved up by an entry. 2115 */ 2116 fat_address += sizeof(struct rpmb_fat_entry); 2117 2118 /* Make room for yet a FAT entry and add to memory pool. */ 2119 if (expand_fat) 2120 fat_address += sizeof(struct rpmb_fat_entry); 2121 2122 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 2123 if (!mm) { 2124 res = TEE_ERROR_OUT_OF_MEMORY; 2125 goto out; 2126 } 2127 2128 if (expand_fat) { 2129 /* 2130 * Point fat_address to the beginning of the new 2131 * entry. 2132 */ 2133 fat_address -= sizeof(struct rpmb_fat_entry); 2134 memset(&last_fh, 0, sizeof(last_fh)); 2135 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 2136 last_fh.rpmb_fat_address = fat_address; 2137 res = write_fat_entry(&last_fh, true); 2138 if (res != TEE_SUCCESS) 2139 goto out; 2140 } 2141 } 2142 2143 if (!fh->rpmb_fat_address) 2144 res = TEE_ERROR_ITEM_NOT_FOUND; 2145 2146 out: 2147 fat_entry_dir_deinit(); 2148 return res; 2149 } 2150 2151 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 2152 { 2153 TEE_Result res; 2154 2155 again: 2156 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 2157 if (res != TEE_SUCCESS) 2158 return res; 2159 2160 if (is_zero(fe->fek, sizeof(fe->fek))) 2161 goto again; 2162 2163 return res; 2164 } 2165 2166 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 2167 const TEE_UUID *uuid, bool create) 2168 { 2169 tee_mm_pool_t p; 2170 bool pool_result; 2171 TEE_Result res = TEE_ERROR_GENERIC; 2172 2173 /* We need to do setup in order to make sure fs_par is filled in */ 2174 res = rpmb_fs_setup(); 2175 if (res != TEE_SUCCESS) 2176 goto out; 2177 2178 fh->uuid = uuid; 2179 if (create) { 2180 /* Upper memory allocation must be used for RPMB_FS. */ 2181 pool_result = tee_mm_init(&p, 2182 RPMB_STORAGE_START_ADDRESS, 2183 fs_par->max_rpmb_address, 2184 RPMB_BLOCK_SIZE_SHIFT, 2185 TEE_MM_POOL_HI_ALLOC); 2186 2187 if (!pool_result) { 2188 res = TEE_ERROR_OUT_OF_MEMORY; 2189 goto out; 2190 } 2191 2192 res = read_fat(fh, &p); 2193 tee_mm_final(&p); 2194 if (res != TEE_SUCCESS) 2195 goto out; 2196 } else { 2197 res = read_fat(fh, NULL); 2198 if (res != TEE_SUCCESS) 2199 goto out; 2200 } 2201 2202 /* 2203 * If this is opened with create and the entry found was not active 2204 * then this is a new file and the FAT entry must be written 2205 */ 2206 if (create) { 2207 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 2208 memset(&fh->fat_entry, 0, 2209 sizeof(struct rpmb_fat_entry)); 2210 memcpy(fh->fat_entry.filename, fh->filename, 2211 strlen(fh->filename)); 2212 /* Start address and size are 0 */ 2213 fh->fat_entry.flags = FILE_IS_ACTIVE; 2214 2215 res = generate_fek(&fh->fat_entry, uuid); 2216 if (res != TEE_SUCCESS) 2217 goto out; 2218 DMSG("GENERATE FEK key: %p", 2219 (void *)fh->fat_entry.fek); 2220 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 2221 2222 res = write_fat_entry(fh, true); 2223 if (res != TEE_SUCCESS) 2224 goto out; 2225 } 2226 } 2227 2228 res = TEE_SUCCESS; 2229 2230 out: 2231 return res; 2232 } 2233 2234 static void rpmb_fs_close(struct tee_file_handle **tfh) 2235 { 2236 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2237 2238 free(fh); 2239 *tfh = NULL; 2240 } 2241 2242 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 2243 void *buf, size_t *len) 2244 { 2245 TEE_Result res; 2246 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2247 size_t size = *len; 2248 2249 if (!size) 2250 return TEE_SUCCESS; 2251 2252 mutex_lock(&rpmb_mutex); 2253 2254 dump_fh(fh); 2255 2256 res = read_fat(fh, NULL); 2257 if (res != TEE_SUCCESS) 2258 goto out; 2259 2260 if (pos >= fh->fat_entry.data_size) { 2261 *len = 0; 2262 goto out; 2263 } 2264 2265 size = MIN(size, fh->fat_entry.data_size - pos); 2266 if (size) { 2267 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2268 fh->fat_entry.start_address + pos, buf, 2269 size, fh->fat_entry.fek, fh->uuid); 2270 if (res != TEE_SUCCESS) 2271 goto out; 2272 } 2273 *len = size; 2274 2275 out: 2276 mutex_unlock(&rpmb_mutex); 2277 return res; 2278 } 2279 2280 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 2281 size_t pos, const void *buf, 2282 size_t size) 2283 { 2284 TEE_Result res; 2285 tee_mm_pool_t p; 2286 bool pool_result = false; 2287 tee_mm_entry_t *mm; 2288 size_t end; 2289 size_t newsize; 2290 uint8_t *newbuf = NULL; 2291 uintptr_t newaddr; 2292 uint32_t start_addr; 2293 2294 if (!size) 2295 return TEE_SUCCESS; 2296 2297 if (!fs_par) { 2298 res = TEE_ERROR_GENERIC; 2299 goto out; 2300 } 2301 2302 dump_fh(fh); 2303 2304 /* Upper memory allocation must be used for RPMB_FS. */ 2305 pool_result = tee_mm_init(&p, 2306 RPMB_STORAGE_START_ADDRESS, 2307 fs_par->max_rpmb_address, 2308 RPMB_BLOCK_SIZE_SHIFT, 2309 TEE_MM_POOL_HI_ALLOC); 2310 if (!pool_result) { 2311 res = TEE_ERROR_OUT_OF_MEMORY; 2312 goto out; 2313 } 2314 2315 res = read_fat(fh, &p); 2316 if (res != TEE_SUCCESS) 2317 goto out; 2318 2319 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2320 panic("invalid last entry flag"); 2321 2322 if (ADD_OVERFLOW(pos, size, &end)) { 2323 res = TEE_ERROR_BAD_PARAMETERS; 2324 goto out; 2325 } 2326 if (ADD_OVERFLOW(fh->fat_entry.start_address, pos, &start_addr)) { 2327 res = TEE_ERROR_BAD_PARAMETERS; 2328 goto out; 2329 } 2330 2331 if (end <= fh->fat_entry.data_size && 2332 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2333 2334 DMSG("Updating data in-place"); 2335 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2336 size, fh->fat_entry.fek, fh->uuid); 2337 if (res != TEE_SUCCESS) 2338 goto out; 2339 } else { 2340 /* 2341 * File must be extended, or update cannot be atomic: allocate, 2342 * read, update, write. 2343 */ 2344 2345 DMSG("Need to re-allocate"); 2346 newsize = MAX(end, fh->fat_entry.data_size); 2347 mm = tee_mm_alloc(&p, newsize); 2348 newbuf = calloc(1, newsize); 2349 if (!mm || !newbuf) { 2350 res = TEE_ERROR_OUT_OF_MEMORY; 2351 goto out; 2352 } 2353 2354 if (fh->fat_entry.data_size) { 2355 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2356 fh->fat_entry.start_address, 2357 newbuf, fh->fat_entry.data_size, 2358 fh->fat_entry.fek, fh->uuid); 2359 if (res != TEE_SUCCESS) 2360 goto out; 2361 } 2362 2363 memcpy(newbuf + pos, buf, size); 2364 2365 newaddr = tee_mm_get_smem(mm); 2366 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2367 newsize, fh->fat_entry.fek, fh->uuid); 2368 if (res != TEE_SUCCESS) 2369 goto out; 2370 2371 fh->fat_entry.data_size = newsize; 2372 fh->fat_entry.start_address = newaddr; 2373 res = write_fat_entry(fh, true); 2374 if (res != TEE_SUCCESS) 2375 goto out; 2376 } 2377 2378 out: 2379 if (pool_result) 2380 tee_mm_final(&p); 2381 if (newbuf) 2382 free(newbuf); 2383 2384 return res; 2385 } 2386 2387 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2388 const void *buf, size_t size) 2389 { 2390 TEE_Result res; 2391 2392 mutex_lock(&rpmb_mutex); 2393 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2394 buf, size); 2395 mutex_unlock(&rpmb_mutex); 2396 2397 return res; 2398 } 2399 2400 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2401 { 2402 TEE_Result res; 2403 2404 res = read_fat(fh, NULL); 2405 if (res) 2406 return res; 2407 2408 /* Clear this file entry. */ 2409 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2410 return write_fat_entry(fh, false); 2411 } 2412 2413 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2414 { 2415 TEE_Result res; 2416 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2417 2418 if (!fh) 2419 return TEE_ERROR_OUT_OF_MEMORY; 2420 2421 mutex_lock(&rpmb_mutex); 2422 2423 res = rpmb_fs_remove_internal(fh); 2424 2425 mutex_unlock(&rpmb_mutex); 2426 2427 free(fh); 2428 return res; 2429 } 2430 2431 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2432 struct tee_pobj *new, 2433 bool overwrite) 2434 { 2435 TEE_Result res = TEE_ERROR_GENERIC; 2436 struct rpmb_file_handle *fh_old = NULL; 2437 struct rpmb_file_handle *fh_new = NULL; 2438 2439 if (!old) { 2440 res = TEE_ERROR_BAD_PARAMETERS; 2441 goto out; 2442 } 2443 2444 if (new) 2445 fh_old = alloc_file_handle(old, old->temporary); 2446 else 2447 fh_old = alloc_file_handle(old, true); 2448 if (!fh_old) { 2449 res = TEE_ERROR_OUT_OF_MEMORY; 2450 goto out; 2451 } 2452 2453 if (new) 2454 fh_new = alloc_file_handle(new, new->temporary); 2455 else 2456 fh_new = alloc_file_handle(old, false); 2457 if (!fh_new) { 2458 res = TEE_ERROR_OUT_OF_MEMORY; 2459 goto out; 2460 } 2461 2462 res = read_fat(fh_old, NULL); 2463 if (res != TEE_SUCCESS) 2464 goto out; 2465 2466 res = read_fat(fh_new, NULL); 2467 if (res == TEE_SUCCESS) { 2468 if (!overwrite) { 2469 res = TEE_ERROR_ACCESS_CONFLICT; 2470 goto out; 2471 } 2472 2473 /* Clear this file entry. */ 2474 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2475 res = write_fat_entry(fh_new, false); 2476 if (res != TEE_SUCCESS) 2477 goto out; 2478 } 2479 2480 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2481 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2482 strlen(fh_new->filename)); 2483 2484 res = write_fat_entry(fh_old, false); 2485 2486 out: 2487 free(fh_old); 2488 free(fh_new); 2489 2490 return res; 2491 } 2492 2493 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2494 bool overwrite) 2495 { 2496 TEE_Result res; 2497 2498 mutex_lock(&rpmb_mutex); 2499 res = rpmb_fs_rename_internal(old, new, overwrite); 2500 mutex_unlock(&rpmb_mutex); 2501 2502 return res; 2503 } 2504 2505 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2506 { 2507 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2508 tee_mm_pool_t p; 2509 bool pool_result = false; 2510 tee_mm_entry_t *mm; 2511 uint32_t newsize; 2512 uint8_t *newbuf = NULL; 2513 uintptr_t newaddr; 2514 TEE_Result res = TEE_ERROR_GENERIC; 2515 2516 mutex_lock(&rpmb_mutex); 2517 2518 if (length > INT32_MAX) { 2519 res = TEE_ERROR_BAD_PARAMETERS; 2520 goto out; 2521 } 2522 newsize = length; 2523 2524 res = read_fat(fh, NULL); 2525 if (res != TEE_SUCCESS) 2526 goto out; 2527 2528 if (newsize > fh->fat_entry.data_size) { 2529 /* Extend file */ 2530 2531 pool_result = tee_mm_init(&p, 2532 RPMB_STORAGE_START_ADDRESS, 2533 fs_par->max_rpmb_address, 2534 RPMB_BLOCK_SIZE_SHIFT, 2535 TEE_MM_POOL_HI_ALLOC); 2536 if (!pool_result) { 2537 res = TEE_ERROR_OUT_OF_MEMORY; 2538 goto out; 2539 } 2540 res = read_fat(fh, &p); 2541 if (res != TEE_SUCCESS) 2542 goto out; 2543 2544 mm = tee_mm_alloc(&p, newsize); 2545 newbuf = calloc(1, newsize); 2546 if (!mm || !newbuf) { 2547 res = TEE_ERROR_OUT_OF_MEMORY; 2548 goto out; 2549 } 2550 2551 if (fh->fat_entry.data_size) { 2552 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2553 fh->fat_entry.start_address, 2554 newbuf, fh->fat_entry.data_size, 2555 fh->fat_entry.fek, fh->uuid); 2556 if (res != TEE_SUCCESS) 2557 goto out; 2558 } 2559 2560 newaddr = tee_mm_get_smem(mm); 2561 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2562 newsize, fh->fat_entry.fek, fh->uuid); 2563 if (res != TEE_SUCCESS) 2564 goto out; 2565 2566 } else { 2567 /* Don't change file location */ 2568 newaddr = fh->fat_entry.start_address; 2569 } 2570 2571 /* fh->pos is unchanged */ 2572 fh->fat_entry.data_size = newsize; 2573 fh->fat_entry.start_address = newaddr; 2574 res = write_fat_entry(fh, true); 2575 2576 out: 2577 mutex_unlock(&rpmb_mutex); 2578 if (pool_result) 2579 tee_mm_final(&p); 2580 if (newbuf) 2581 free(newbuf); 2582 2583 return res; 2584 } 2585 2586 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2587 { 2588 struct tee_rpmb_fs_dirent *e; 2589 2590 if (!dir) 2591 return; 2592 2593 free(dir->current); 2594 2595 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2596 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2597 free(e); 2598 } 2599 } 2600 2601 static TEE_Result rpmb_fs_dir_populate(const char *path, 2602 struct tee_fs_dir *dir) 2603 { 2604 struct tee_rpmb_fs_dirent *current = NULL; 2605 struct rpmb_fat_entry *fe = NULL; 2606 uint32_t fat_address; 2607 uint32_t filelen; 2608 char *filename; 2609 bool matched; 2610 struct tee_rpmb_fs_dirent *next = NULL; 2611 uint32_t pathlen; 2612 TEE_Result res = TEE_ERROR_GENERIC; 2613 char temp; 2614 2615 mutex_lock(&rpmb_mutex); 2616 2617 res = fat_entry_dir_init(); 2618 if (res) 2619 goto out; 2620 2621 pathlen = strlen(path); 2622 2623 while (true) { 2624 res = fat_entry_dir_get_next(&fe, &fat_address); 2625 if (res || !fe) 2626 break; 2627 2628 filename = fe->filename; 2629 if (fe->flags & FILE_IS_ACTIVE) { 2630 matched = false; 2631 filelen = strlen(filename); 2632 if (filelen > pathlen) { 2633 temp = filename[pathlen]; 2634 filename[pathlen] = '\0'; 2635 if (strcmp(filename, path) == 0) 2636 matched = true; 2637 2638 filename[pathlen] = temp; 2639 } 2640 2641 if (matched) { 2642 next = malloc(sizeof(*next)); 2643 if (!next) { 2644 res = TEE_ERROR_OUT_OF_MEMORY; 2645 goto out; 2646 } 2647 2648 next->entry.oidlen = tee_hs2b((uint8_t *) 2649 &filename[pathlen], 2650 next->entry.oid, 2651 filelen - pathlen, 2652 sizeof(next->entry.oid)); 2653 if (next->entry.oidlen) { 2654 SIMPLEQ_INSERT_TAIL(&dir->next, 2655 next, link); 2656 current = next; 2657 } else { 2658 free(next); 2659 next = NULL; 2660 } 2661 } 2662 } 2663 } 2664 2665 if (res) 2666 goto out; 2667 2668 if (current) 2669 res = TEE_SUCCESS; 2670 else 2671 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2672 2673 out: 2674 mutex_unlock(&rpmb_mutex); 2675 fat_entry_dir_deinit(); 2676 if (res) 2677 rpmb_fs_dir_free(dir); 2678 2679 return res; 2680 } 2681 2682 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2683 { 2684 uint32_t len; 2685 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2686 TEE_Result res = TEE_ERROR_GENERIC; 2687 struct tee_fs_dir *rpmb_dir = NULL; 2688 2689 if (!uuid || !dir) { 2690 res = TEE_ERROR_BAD_PARAMETERS; 2691 goto out; 2692 } 2693 2694 memset(path_local, 0, sizeof(path_local)); 2695 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2696 uuid) != TEE_SUCCESS) { 2697 res = TEE_ERROR_BAD_PARAMETERS; 2698 goto out; 2699 } 2700 len = strlen(path_local); 2701 2702 /* Add a slash to correctly match the full directory name. */ 2703 if (path_local[len - 1] != '/') 2704 path_local[len] = '/'; 2705 2706 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2707 if (!rpmb_dir) { 2708 res = TEE_ERROR_OUT_OF_MEMORY; 2709 goto out; 2710 } 2711 SIMPLEQ_INIT(&rpmb_dir->next); 2712 2713 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2714 if (res != TEE_SUCCESS) { 2715 free(rpmb_dir); 2716 rpmb_dir = NULL; 2717 goto out; 2718 } 2719 2720 *dir = rpmb_dir; 2721 2722 out: 2723 return res; 2724 } 2725 2726 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2727 struct tee_fs_dirent **ent) 2728 { 2729 if (!dir) 2730 return TEE_ERROR_GENERIC; 2731 2732 free(dir->current); 2733 2734 dir->current = SIMPLEQ_FIRST(&dir->next); 2735 if (!dir->current) 2736 return TEE_ERROR_ITEM_NOT_FOUND; 2737 2738 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2739 2740 *ent = &dir->current->entry; 2741 return TEE_SUCCESS; 2742 } 2743 2744 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2745 { 2746 if (dir) { 2747 rpmb_fs_dir_free(dir); 2748 free(dir); 2749 } 2750 } 2751 2752 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2753 struct tee_file_handle **ret_fh) 2754 { 2755 TEE_Result res; 2756 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2757 2758 if (!fh) 2759 return TEE_ERROR_OUT_OF_MEMORY; 2760 2761 mutex_lock(&rpmb_mutex); 2762 2763 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2764 if (!res && size) 2765 *size = fh->fat_entry.data_size; 2766 2767 mutex_unlock(&rpmb_mutex); 2768 2769 if (res) 2770 free(fh); 2771 else 2772 *ret_fh = (struct tee_file_handle *)fh; 2773 2774 return res; 2775 } 2776 2777 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2778 const void *head, size_t head_size, 2779 const void *attr, size_t attr_size, 2780 const void *data, size_t data_size, 2781 struct tee_file_handle **ret_fh) 2782 { 2783 TEE_Result res; 2784 size_t pos = 0; 2785 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2786 2787 if (!fh) 2788 return TEE_ERROR_OUT_OF_MEMORY; 2789 2790 mutex_lock(&rpmb_mutex); 2791 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2792 if (res) 2793 goto out; 2794 2795 if (head && head_size) { 2796 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2797 if (res) 2798 goto out; 2799 pos += head_size; 2800 } 2801 2802 if (attr && attr_size) { 2803 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2804 if (res) 2805 goto out; 2806 pos += attr_size; 2807 } 2808 2809 if (data && data_size) { 2810 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2811 if (res) 2812 goto out; 2813 } 2814 2815 if (po->temporary) { 2816 /* 2817 * If it's a temporary filename (which it normally is) 2818 * rename into the final filename now that the file is 2819 * fully initialized. 2820 */ 2821 po->temporary = false; 2822 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2823 if (res) { 2824 po->temporary = true; 2825 goto out; 2826 } 2827 /* Update file handle after rename. */ 2828 tee_svc_storage_create_filename(fh->filename, 2829 sizeof(fh->filename), 2830 po, false); 2831 } 2832 2833 out: 2834 if (res) { 2835 rpmb_fs_remove_internal(fh); 2836 free(fh); 2837 } else { 2838 *ret_fh = (struct tee_file_handle *)fh; 2839 } 2840 mutex_unlock(&rpmb_mutex); 2841 2842 return res; 2843 } 2844 2845 const struct tee_file_operations rpmb_fs_ops = { 2846 .open = rpmb_fs_open, 2847 .create = rpmb_fs_create, 2848 .close = rpmb_fs_close, 2849 .read = rpmb_fs_read, 2850 .write = rpmb_fs_write, 2851 .truncate = rpmb_fs_truncate, 2852 .rename = rpmb_fs_rename, 2853 .remove = rpmb_fs_remove, 2854 .opendir = rpmb_fs_opendir, 2855 .closedir = rpmb_fs_closedir, 2856 .readdir = rpmb_fs_readdir, 2857 }; 2858 2859 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2860 struct tee_file_handle **ret_fh) 2861 { 2862 TEE_Result res; 2863 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2864 static const TEE_UUID uuid = { 0 }; 2865 2866 if (!fh) 2867 return TEE_ERROR_OUT_OF_MEMORY; 2868 2869 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2870 2871 mutex_lock(&rpmb_mutex); 2872 2873 res = rpmb_fs_open_internal(fh, &uuid, create); 2874 2875 mutex_unlock(&rpmb_mutex); 2876 2877 if (res) { 2878 if (create) 2879 rpmb_fs_remove_internal(fh); 2880 free(fh); 2881 } else { 2882 *ret_fh = (struct tee_file_handle *)fh; 2883 } 2884 2885 return res; 2886 } 2887 2888 bool __weak plat_rpmb_key_is_ready(void) 2889 { 2890 return true; 2891 } 2892