1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 #include <assert.h> 7 #include <crypto/crypto.h> 8 #include <kernel/huk_subkey.h> 9 #include <kernel/misc.h> 10 #include <kernel/msg_param.h> 11 #include <kernel/mutex.h> 12 #include <kernel/panic.h> 13 #include <kernel/tee_common.h> 14 #include <kernel/tee_common_otp.h> 15 #include <kernel/tee_misc.h> 16 #include <kernel/thread.h> 17 #include <mm/core_memprot.h> 18 #include <mm/mobj.h> 19 #include <mm/tee_mm.h> 20 #include <optee_rpc_cmd.h> 21 #include <stdlib.h> 22 #include <string_ext.h> 23 #include <string.h> 24 #include <sys/queue.h> 25 #include <tee/tee_fs.h> 26 #include <tee/tee_fs_key_manager.h> 27 #include <tee/tee_pobj.h> 28 #include <tee/tee_svc_storage.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #define RPMB_STORAGE_START_ADDRESS 0 33 #define RPMB_FS_FAT_START_ADDRESS 512 34 #define RPMB_BLOCK_SIZE_SHIFT 8 35 #define RPMB_CID_PRV_OFFSET 9 36 #define RPMB_CID_CRC_OFFSET 15 37 38 #define RPMB_FS_MAGIC 0x52504D42 39 #define FS_VERSION 2 40 41 #define FILE_IS_ACTIVE (1u << 0) 42 #define FILE_IS_LAST_ENTRY (1u << 1) 43 44 #define TEE_RPMB_FS_FILENAME_LENGTH 224 45 46 /** 47 * Utilized when caching is enabled, i.e., when CFG_RPMB_FS_CACHE_ENTRIES > 0. 48 * Cache size + the number of entries that are repeatedly read in and buffered 49 * once the cache is full. 50 */ 51 #define RPMB_BUF_MAX_ENTRIES (CFG_RPMB_FS_CACHE_ENTRIES + \ 52 CFG_RPMB_FS_RD_ENTRIES) 53 54 /** 55 * FS parameters: Information often used by internal functions. 56 * fat_start_address will be set by rpmb_fs_setup(). 57 * rpmb_fs_parameters can be read by any other function. 58 */ 59 struct rpmb_fs_parameters { 60 uint32_t fat_start_address; 61 uint32_t max_rpmb_address; 62 }; 63 64 /** 65 * File entry for a single file in a RPMB_FS partition. 66 */ 67 struct rpmb_fat_entry { 68 uint32_t start_address; 69 uint32_t data_size; 70 uint32_t flags; 71 uint32_t write_counter; 72 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 73 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 74 }; 75 76 /** 77 * Structure that describes buffered/cached FAT FS entries in RPMB storage. 78 * This structure is used in functions traversing the FAT FS. 79 */ 80 struct rpmb_fat_entry_dir { 81 /* 82 * Buffer storing the FAT FS entries read in from RPMB storage. It 83 * includes the optional cache entries (CFG_RPMB_FS_CACHE_ENTRIES) 84 * and entries temporary read for current FAT FS traversal 85 * (CFG_RPMB_FS_RD_ENTRIES) when not found from cached entries. 86 */ 87 struct rpmb_fat_entry *rpmb_fat_entry_buf; 88 /* Current index of FAT FS entry to read from buffer. */ 89 uint32_t idx_curr; 90 /* Total number of FAT FS entries in buffer. */ 91 uint32_t num_buffered; 92 /* Total number of FAT FS entries read during traversal. */ 93 uint32_t num_total_read; 94 /* Indicates that last FAT FS entry was read. */ 95 bool last_reached; 96 }; 97 98 /** 99 * FAT entry context with reference to a FAT entry and its 100 * location in RPMB. 101 */ 102 struct rpmb_file_handle { 103 struct rpmb_fat_entry fat_entry; 104 const TEE_UUID *uuid; 105 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 106 /* Address for current entry in RPMB */ 107 uint32_t rpmb_fat_address; 108 }; 109 110 /** 111 * RPMB_FS partition data 112 */ 113 struct rpmb_fs_partition { 114 uint32_t rpmb_fs_magic; 115 uint32_t fs_version; 116 uint32_t write_counter; 117 uint32_t fat_start_address; 118 /* Do not use reserved[] for other purpose than partition data. */ 119 uint8_t reserved[112]; 120 }; 121 122 /** 123 * A node in a list of directory entries. 124 */ 125 struct tee_rpmb_fs_dirent { 126 struct tee_fs_dirent entry; 127 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 128 }; 129 130 /** 131 * The RPMB directory representation. It contains a queue of 132 * RPMB directory entries: 'next'. 133 * The current pointer points to the last directory entry 134 * returned by readdir(). 135 */ 136 struct tee_fs_dir { 137 struct tee_rpmb_fs_dirent *current; 138 /* */ 139 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 140 }; 141 142 static struct rpmb_fs_parameters *fs_par; 143 static struct rpmb_fat_entry_dir *fat_entry_dir; 144 145 /* 146 * Lower interface to RPMB device 147 */ 148 149 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 150 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 151 152 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 153 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 154 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 155 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 156 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 157 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 158 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 159 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 160 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 161 162 #define RPMB_STUFF_DATA_SIZE 196 163 #define RPMB_KEY_MAC_SIZE 32 164 #define RPMB_DATA_SIZE 256 165 #define RPMB_NONCE_SIZE 16 166 #define RPMB_DATA_FRAME_SIZE 512 167 168 #define RPMB_RESULT_OK 0x00 169 #define RPMB_RESULT_GENERAL_FAILURE 0x01 170 #define RPMB_RESULT_AUTH_FAILURE 0x02 171 #define RPMB_RESULT_COUNTER_FAILURE 0x03 172 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 173 #define RPMB_RESULT_WRITE_FAILURE 0x05 174 #define RPMB_RESULT_READ_FAILURE 0x06 175 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 176 #define RPMB_RESULT_MASK 0x3F 177 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 178 179 /* RPMB internal commands */ 180 #define RPMB_CMD_DATA_REQ 0x00 181 #define RPMB_CMD_GET_DEV_INFO 0x01 182 183 #define RPMB_SIZE_SINGLE (128 * 1024) 184 185 /* Error codes for get_dev_info request/response. */ 186 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 187 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 188 189 struct rpmb_data_frame { 190 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 191 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 192 uint8_t data[RPMB_DATA_SIZE]; 193 uint8_t nonce[RPMB_NONCE_SIZE]; 194 uint8_t write_counter[4]; 195 uint8_t address[2]; 196 uint8_t block_count[2]; 197 uint8_t op_result[2]; 198 uint8_t msg_type[2]; 199 }; 200 201 struct rpmb_req { 202 uint16_t cmd; 203 uint16_t dev_id; 204 uint16_t block_count; 205 /* variable length of data */ 206 /* uint8_t data[]; REMOVED! */ 207 }; 208 209 #define TEE_RPMB_REQ_DATA(req) \ 210 ((void *)((struct rpmb_req *)(req) + 1)) 211 212 struct rpmb_raw_data { 213 uint16_t msg_type; 214 uint16_t *op_result; 215 uint16_t *block_count; 216 uint16_t *blk_idx; 217 uint32_t *write_counter; 218 uint8_t *nonce; 219 uint8_t *key_mac; 220 uint8_t *data; 221 /* data length to read or write */ 222 uint32_t len; 223 /* Byte address offset in the first block involved */ 224 uint8_t byte_offset; 225 }; 226 227 #define RPMB_EMMC_CID_SIZE 16 228 struct rpmb_dev_info { 229 uint8_t cid[RPMB_EMMC_CID_SIZE]; 230 /* EXT CSD-slice 168 "RPMB Size" */ 231 uint8_t rpmb_size_mult; 232 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 233 uint8_t rel_wr_sec_c; 234 /* Check the ret code and accept the data only if it is OK. */ 235 uint8_t ret_code; 236 }; 237 238 /* 239 * Struct for rpmb context data. 240 * 241 * @key RPMB key. 242 * @cid eMMC card ID. 243 * @wr_cnt Current write counter. 244 * @max_blk_idx The highest block index supported by current device. 245 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 246 * @dev_id Device ID of the eMMC device. 247 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 248 * @key_derived Flag indicating if key has been generated. 249 * @key_verified Flag indicating the key generated is verified ok. 250 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 251 */ 252 struct tee_rpmb_ctx { 253 uint8_t key[RPMB_KEY_MAC_SIZE]; 254 uint8_t cid[RPMB_EMMC_CID_SIZE]; 255 uint32_t wr_cnt; 256 uint16_t max_blk_idx; 257 uint16_t rel_wr_blkcnt; 258 uint16_t dev_id; 259 bool wr_cnt_synced; 260 bool key_derived; 261 bool key_verified; 262 bool dev_info_synced; 263 }; 264 265 static struct tee_rpmb_ctx *rpmb_ctx; 266 267 /* 268 * Mutex to serialize the operations exported by this file. 269 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 270 * different IDs. 271 */ 272 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 273 274 #ifdef CFG_RPMB_TESTKEY 275 276 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 277 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 278 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 279 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 280 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 281 }; 282 283 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 284 uint8_t *key, uint32_t len) 285 { 286 TEE_Result res = TEE_SUCCESS; 287 288 if (!key || RPMB_KEY_MAC_SIZE != len) { 289 res = TEE_ERROR_BAD_PARAMETERS; 290 goto out; 291 } 292 293 DMSG("RPMB: Using test key"); 294 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 295 296 out: 297 return res; 298 } 299 300 #else /* !CFG_RPMB_TESTKEY */ 301 302 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 303 uint8_t *key, uint32_t len) 304 { 305 uint8_t message[RPMB_EMMC_CID_SIZE]; 306 307 if (!key || RPMB_KEY_MAC_SIZE != len) 308 return TEE_ERROR_BAD_PARAMETERS; 309 310 IMSG("RPMB: Using generated key"); 311 312 /* 313 * PRV/CRC would be changed when doing eMMC FFU 314 * The following fields should be masked off when deriving RPMB key 315 * 316 * CID [55: 48]: PRV (Product revision) 317 * CID [07: 01]: CRC (CRC7 checksum) 318 * CID [00]: not used 319 */ 320 memcpy(message, rpmb_ctx->cid, RPMB_EMMC_CID_SIZE); 321 memset(message + RPMB_CID_PRV_OFFSET, 0, 1); 322 memset(message + RPMB_CID_CRC_OFFSET, 0, 1); 323 return huk_subkey_derive(HUK_SUBKEY_RPMB, message, sizeof(message), 324 key, len); 325 } 326 327 #endif /* !CFG_RPMB_TESTKEY */ 328 329 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 330 { 331 *bytes = (uint8_t) (u32 >> 24); 332 *(bytes + 1) = (uint8_t) (u32 >> 16); 333 *(bytes + 2) = (uint8_t) (u32 >> 8); 334 *(bytes + 3) = (uint8_t) u32; 335 } 336 337 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 338 { 339 *u32 = (uint32_t) ((*(bytes) << 24) + 340 (*(bytes + 1) << 16) + 341 (*(bytes + 2) << 8) + (*(bytes + 3))); 342 } 343 344 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 345 { 346 *bytes = (uint8_t) (u16 >> 8); 347 *(bytes + 1) = (uint8_t) u16; 348 } 349 350 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 351 { 352 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 353 } 354 355 static void get_op_result_bits(uint8_t *bytes, uint8_t *res) 356 { 357 *res = *(bytes + 1) & RPMB_RESULT_MASK; 358 } 359 360 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 361 uint8_t *key, uint32_t keysize, 362 struct rpmb_data_frame *datafrms, 363 uint16_t blkcnt) 364 { 365 TEE_Result res = TEE_ERROR_GENERIC; 366 int i; 367 void *ctx = NULL; 368 369 if (!mac || !key || !datafrms) 370 return TEE_ERROR_BAD_PARAMETERS; 371 372 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 373 if (res) 374 return res; 375 376 res = crypto_mac_init(ctx, key, keysize); 377 if (res != TEE_SUCCESS) 378 goto func_exit; 379 380 for (i = 0; i < blkcnt; i++) { 381 res = crypto_mac_update(ctx, datafrms[i].data, 382 RPMB_MAC_PROTECT_DATA_SIZE); 383 if (res != TEE_SUCCESS) 384 goto func_exit; 385 } 386 387 res = crypto_mac_final(ctx, mac, macsize); 388 if (res != TEE_SUCCESS) 389 goto func_exit; 390 391 res = TEE_SUCCESS; 392 393 func_exit: 394 crypto_mac_free_ctx(ctx); 395 return res; 396 } 397 398 struct tee_rpmb_mem { 399 struct mobj *phreq_mobj; 400 struct mobj *phresp_mobj; 401 size_t req_size; 402 size_t resp_size; 403 }; 404 405 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 406 { 407 if (!mem) 408 return; 409 410 if (mem->phreq_mobj) { 411 thread_rpc_free_payload(mem->phreq_mobj); 412 mem->phreq_mobj = NULL; 413 } 414 if (mem->phresp_mobj) { 415 thread_rpc_free_payload(mem->phresp_mobj); 416 mem->phresp_mobj = NULL; 417 } 418 } 419 420 421 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 422 struct tee_rpmb_mem *mem, void **req, void **resp) 423 { 424 TEE_Result res = TEE_SUCCESS; 425 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 426 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 427 428 if (!mem) 429 return TEE_ERROR_BAD_PARAMETERS; 430 431 memset(mem, 0, sizeof(*mem)); 432 433 mem->phreq_mobj = thread_rpc_alloc_payload(req_s); 434 mem->phresp_mobj = thread_rpc_alloc_payload(resp_s); 435 436 if (!mem->phreq_mobj || !mem->phresp_mobj) { 437 res = TEE_ERROR_OUT_OF_MEMORY; 438 goto out; 439 } 440 441 *req = mobj_get_va(mem->phreq_mobj, 0); 442 *resp = mobj_get_va(mem->phresp_mobj, 0); 443 if (!*req || !*resp) { 444 res = TEE_ERROR_GENERIC; 445 goto out; 446 } 447 448 mem->req_size = req_size; 449 mem->resp_size = resp_size; 450 451 out: 452 if (res != TEE_SUCCESS) 453 tee_rpmb_free(mem); 454 return res; 455 } 456 457 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 458 { 459 struct thread_param params[2] = { 460 [0] = THREAD_PARAM_MEMREF(IN, mem->phreq_mobj, 0, 461 mem->req_size), 462 [1] = THREAD_PARAM_MEMREF(OUT, mem->phresp_mobj, 0, 463 mem->resp_size), 464 }; 465 466 return thread_rpc_cmd(OPTEE_RPC_CMD_RPMB, 2, params); 467 } 468 469 static bool is_zero(const uint8_t *buf, size_t size) 470 { 471 size_t i; 472 473 for (i = 0; i < size; i++) 474 if (buf[i]) 475 return false; 476 return true; 477 } 478 479 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 480 uint16_t blk_idx, const uint8_t *fek, 481 const TEE_UUID *uuid) 482 { 483 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 484 blk_idx, fek, TEE_MODE_ENCRYPT); 485 } 486 487 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 488 uint16_t blk_idx, const uint8_t *fek, 489 const TEE_UUID *uuid) 490 { 491 return tee_fs_crypt_block(uuid, out, in, RPMB_DATA_SIZE, 492 blk_idx, fek, TEE_MODE_DECRYPT); 493 } 494 495 /* Decrypt/copy at most one block of data */ 496 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 497 size_t size, size_t offset, 498 uint16_t blk_idx __maybe_unused, const uint8_t *fek, 499 const TEE_UUID *uuid) 500 { 501 uint8_t *tmp __maybe_unused; 502 503 504 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 505 panic("invalid size or offset"); 506 507 if (!fek) { 508 /* Block is not encrypted (not a file data block) */ 509 memcpy(out, frm->data + offset, size); 510 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 511 /* The file was created with encryption disabled */ 512 return TEE_ERROR_SECURITY; 513 } else { 514 /* Block is encrypted */ 515 if (size < RPMB_DATA_SIZE) { 516 /* 517 * Since output buffer is not large enough to hold one 518 * block we must allocate a temporary buffer. 519 */ 520 tmp = malloc(RPMB_DATA_SIZE); 521 if (!tmp) 522 return TEE_ERROR_OUT_OF_MEMORY; 523 decrypt_block(tmp, frm->data, blk_idx, fek, uuid); 524 memcpy(out, tmp + offset, size); 525 free(tmp); 526 } else { 527 decrypt_block(out, frm->data, blk_idx, fek, uuid); 528 } 529 } 530 531 return TEE_SUCCESS; 532 } 533 534 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 535 struct rpmb_raw_data *rawdata, 536 uint16_t nbr_frms, uint16_t dev_id, 537 const uint8_t *fek, const TEE_UUID *uuid) 538 { 539 TEE_Result res = TEE_ERROR_GENERIC; 540 int i; 541 struct rpmb_data_frame *datafrm; 542 543 if (!req || !rawdata || !nbr_frms) 544 return TEE_ERROR_BAD_PARAMETERS; 545 546 /* 547 * Check write blockcount is not bigger than reliable write 548 * blockcount. 549 */ 550 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 551 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 552 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 553 rpmb_ctx->rel_wr_blkcnt); 554 return TEE_ERROR_GENERIC; 555 } 556 557 req->cmd = RPMB_CMD_DATA_REQ; 558 req->dev_id = dev_id; 559 560 /* Allocate memory for construct all data packets and calculate MAC. */ 561 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 562 if (!datafrm) 563 return TEE_ERROR_OUT_OF_MEMORY; 564 565 for (i = 0; i < nbr_frms; i++) { 566 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 567 568 if (rawdata->block_count) 569 u16_to_bytes(*rawdata->block_count, 570 datafrm[i].block_count); 571 572 if (rawdata->blk_idx) { 573 /* Check the block index is within range. */ 574 if ((*rawdata->blk_idx + nbr_frms) > 575 rpmb_ctx->max_blk_idx) { 576 res = TEE_ERROR_GENERIC; 577 goto func_exit; 578 } 579 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 580 } 581 582 if (rawdata->write_counter) 583 u32_to_bytes(*rawdata->write_counter, 584 datafrm[i].write_counter); 585 586 if (rawdata->nonce) 587 memcpy(datafrm[i].nonce, rawdata->nonce, 588 RPMB_NONCE_SIZE); 589 590 if (rawdata->data) { 591 if (fek) 592 encrypt_block(datafrm[i].data, 593 rawdata->data + (i * RPMB_DATA_SIZE), 594 *rawdata->blk_idx + i, fek, uuid); 595 else 596 memcpy(datafrm[i].data, 597 rawdata->data + (i * RPMB_DATA_SIZE), 598 RPMB_DATA_SIZE); 599 } 600 } 601 602 if (rawdata->key_mac) { 603 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 604 res = 605 tee_rpmb_mac_calc(rawdata->key_mac, 606 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 607 RPMB_KEY_MAC_SIZE, datafrm, 608 nbr_frms); 609 if (res != TEE_SUCCESS) 610 goto func_exit; 611 } 612 memcpy(datafrm[nbr_frms - 1].key_mac, 613 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 614 } 615 616 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 617 nbr_frms * RPMB_DATA_FRAME_SIZE); 618 619 #ifdef CFG_RPMB_FS_DEBUG_DATA 620 for (i = 0; i < nbr_frms; i++) { 621 DMSG("Dumping data frame %d:", i); 622 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 623 512 - RPMB_STUFF_DATA_SIZE); 624 } 625 #endif 626 627 res = TEE_SUCCESS; 628 func_exit: 629 free(datafrm); 630 return res; 631 } 632 633 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 634 struct rpmb_data_frame *frm, 635 const uint8_t *fek, const TEE_UUID *uuid) 636 { 637 TEE_Result res; 638 uint8_t *data; 639 uint16_t idx; 640 641 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 642 return TEE_ERROR_BAD_PARAMETERS; 643 644 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 645 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 646 if (res != TEE_SUCCESS) 647 return res; 648 649 data = rawdata->data; 650 bytes_to_u16(frm->address, &idx); 651 652 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek, 653 uuid); 654 return res; 655 } 656 657 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 658 struct rpmb_raw_data *rawdata, 659 uint16_t nbr_frms, 660 struct rpmb_data_frame *lastfrm, 661 const uint8_t *fek, 662 const TEE_UUID *uuid) 663 { 664 TEE_Result res = TEE_ERROR_GENERIC; 665 int i; 666 void *ctx = NULL; 667 uint16_t offset; 668 uint32_t size; 669 uint8_t *data; 670 uint16_t start_idx; 671 struct rpmb_data_frame localfrm; 672 673 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 674 return TEE_ERROR_BAD_PARAMETERS; 675 676 if (nbr_frms == 1) 677 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek, uuid); 678 679 /* nbr_frms > 1 */ 680 681 data = rawdata->data; 682 683 res = crypto_mac_alloc_ctx(&ctx, TEE_ALG_HMAC_SHA256); 684 if (res) 685 goto func_exit; 686 687 res = crypto_mac_init(ctx, rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 688 if (res != TEE_SUCCESS) 689 goto func_exit; 690 691 /* 692 * Note: JEDEC JESD84-B51: "In every packet the address is the start 693 * address of the full access (not address of the individual half a 694 * sector)" 695 */ 696 bytes_to_u16(lastfrm->address, &start_idx); 697 698 for (i = 0; i < (nbr_frms - 1); i++) { 699 700 /* 701 * By working on a local copy of the RPMB frame, we ensure that 702 * the data can not be modified after the MAC is computed but 703 * before the payload is decrypted/copied to the output buffer. 704 */ 705 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 706 707 res = crypto_mac_update(ctx, localfrm.data, 708 RPMB_MAC_PROTECT_DATA_SIZE); 709 if (res != TEE_SUCCESS) 710 goto func_exit; 711 712 if (i == 0) { 713 /* First block */ 714 offset = rawdata->byte_offset; 715 size = RPMB_DATA_SIZE - offset; 716 } else { 717 /* Middle blocks */ 718 size = RPMB_DATA_SIZE; 719 offset = 0; 720 } 721 722 res = decrypt(data, &localfrm, size, offset, start_idx + i, 723 fek, uuid); 724 if (res != TEE_SUCCESS) 725 goto func_exit; 726 727 data += size; 728 } 729 730 /* Last block */ 731 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 732 if (size == 0) 733 size = RPMB_DATA_SIZE; 734 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek, 735 uuid); 736 if (res != TEE_SUCCESS) 737 goto func_exit; 738 739 /* Update MAC against the last block */ 740 res = crypto_mac_update(ctx, lastfrm->data, RPMB_MAC_PROTECT_DATA_SIZE); 741 if (res != TEE_SUCCESS) 742 goto func_exit; 743 744 res = crypto_mac_final(ctx, rawdata->key_mac, RPMB_KEY_MAC_SIZE); 745 if (res != TEE_SUCCESS) 746 goto func_exit; 747 748 res = TEE_SUCCESS; 749 750 func_exit: 751 crypto_mac_free_ctx(ctx); 752 return res; 753 } 754 755 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 756 struct rpmb_raw_data *rawdata, 757 uint16_t nbr_frms, 758 const uint8_t *fek, 759 const TEE_UUID *uuid) 760 { 761 TEE_Result res = TEE_ERROR_GENERIC; 762 uint16_t msg_type; 763 uint32_t wr_cnt; 764 uint16_t blk_idx; 765 uint8_t op_result; 766 struct rpmb_data_frame lastfrm; 767 768 if (!datafrm || !rawdata || !nbr_frms) 769 return TEE_ERROR_BAD_PARAMETERS; 770 771 #ifdef CFG_RPMB_FS_DEBUG_DATA 772 for (uint32_t i = 0; i < nbr_frms; i++) { 773 DMSG("Dumping data frame %d:", i); 774 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 775 512 - RPMB_STUFF_DATA_SIZE); 776 } 777 #endif 778 779 /* Make sure the last data packet can't be modified once verified */ 780 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 781 782 /* Handle operation result and translate to TEEC error code. */ 783 get_op_result_bits(lastfrm.op_result, &op_result); 784 if (op_result == RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED) 785 return TEE_ERROR_ITEM_NOT_FOUND; 786 if (op_result != RPMB_RESULT_OK) 787 return TEE_ERROR_GENERIC; 788 789 /* Check the response msg_type. */ 790 bytes_to_u16(lastfrm.msg_type, &msg_type); 791 if (msg_type != rawdata->msg_type) { 792 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 793 rawdata->msg_type); 794 return TEE_ERROR_GENERIC; 795 } 796 797 if (rawdata->blk_idx) { 798 bytes_to_u16(lastfrm.address, &blk_idx); 799 if (blk_idx != *rawdata->blk_idx) { 800 DMSG("Unexpected block index"); 801 return TEE_ERROR_GENERIC; 802 } 803 } 804 805 if (rawdata->write_counter) { 806 wr_cnt = *rawdata->write_counter; 807 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 808 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 809 /* Verify the write counter is incremented by 1 */ 810 if (*rawdata->write_counter != wr_cnt + 1) { 811 DMSG("Counter mismatched (0x%04x/0x%04x)", 812 *rawdata->write_counter, wr_cnt + 1); 813 return TEE_ERROR_SECURITY; 814 } 815 rpmb_ctx->wr_cnt++; 816 } 817 } 818 819 if (rawdata->nonce) { 820 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 821 RPMB_NONCE_SIZE) != 0) { 822 DMSG("Nonce mismatched"); 823 return TEE_ERROR_SECURITY; 824 } 825 } 826 827 if (rawdata->key_mac) { 828 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 829 if (!rawdata->data) 830 return TEE_ERROR_GENERIC; 831 832 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 833 nbr_frms, &lastfrm, 834 fek, uuid); 835 836 if (res != TEE_SUCCESS) 837 return res; 838 } else { 839 /* 840 * There should be only one data frame for 841 * other msg types. 842 */ 843 if (nbr_frms != 1) 844 return TEE_ERROR_GENERIC; 845 846 res = tee_rpmb_mac_calc(rawdata->key_mac, 847 RPMB_KEY_MAC_SIZE, 848 rpmb_ctx->key, 849 RPMB_KEY_MAC_SIZE, 850 &lastfrm, 1); 851 852 if (res != TEE_SUCCESS) 853 return res; 854 } 855 856 #ifndef CFG_RPMB_FS_NO_MAC 857 if (consttime_memcmp(rawdata->key_mac, 858 (datafrm + nbr_frms - 1)->key_mac, 859 RPMB_KEY_MAC_SIZE) != 0) { 860 DMSG("MAC mismatched:"); 861 #ifdef CFG_RPMB_FS_DEBUG_DATA 862 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 863 #endif 864 return TEE_ERROR_SECURITY; 865 } 866 #endif /* !CFG_RPMB_FS_NO_MAC */ 867 } 868 869 return TEE_SUCCESS; 870 } 871 872 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 873 struct rpmb_dev_info *dev_info) 874 { 875 TEE_Result res = TEE_ERROR_GENERIC; 876 struct tee_rpmb_mem mem; 877 struct rpmb_dev_info *di; 878 struct rpmb_req *req = NULL; 879 uint8_t *resp = NULL; 880 uint32_t req_size; 881 uint32_t resp_size; 882 883 if (!dev_info) 884 return TEE_ERROR_BAD_PARAMETERS; 885 886 req_size = sizeof(struct rpmb_req); 887 resp_size = sizeof(struct rpmb_dev_info); 888 res = tee_rpmb_alloc(req_size, resp_size, &mem, 889 (void *)&req, (void *)&resp); 890 if (res != TEE_SUCCESS) 891 goto func_exit; 892 893 req->cmd = RPMB_CMD_GET_DEV_INFO; 894 req->dev_id = dev_id; 895 896 di = (struct rpmb_dev_info *)resp; 897 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 898 899 res = tee_rpmb_invoke(&mem); 900 if (res != TEE_SUCCESS) 901 goto func_exit; 902 903 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 904 res = TEE_ERROR_GENERIC; 905 goto func_exit; 906 } 907 908 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 909 910 #ifdef CFG_RPMB_FS_DEBUG_DATA 911 DMSG("Dumping dev_info:"); 912 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 913 #endif 914 915 res = TEE_SUCCESS; 916 917 func_exit: 918 tee_rpmb_free(&mem); 919 return res; 920 } 921 922 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 923 uint32_t *wr_cnt, 924 uint16_t *op_result) 925 { 926 TEE_Result res = TEE_ERROR_GENERIC; 927 struct tee_rpmb_mem mem; 928 uint16_t msg_type; 929 uint8_t nonce[RPMB_NONCE_SIZE]; 930 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 931 struct rpmb_req *req = NULL; 932 struct rpmb_data_frame *resp = NULL; 933 struct rpmb_raw_data rawdata; 934 uint32_t req_size; 935 uint32_t resp_size; 936 937 if (!wr_cnt) 938 return TEE_ERROR_BAD_PARAMETERS; 939 940 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 941 resp_size = RPMB_DATA_FRAME_SIZE; 942 res = tee_rpmb_alloc(req_size, resp_size, &mem, 943 (void *)&req, (void *)&resp); 944 if (res != TEE_SUCCESS) 945 goto func_exit; 946 947 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 948 if (res != TEE_SUCCESS) 949 goto func_exit; 950 951 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 952 953 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 954 rawdata.msg_type = msg_type; 955 rawdata.nonce = nonce; 956 957 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 958 if (res != TEE_SUCCESS) 959 goto func_exit; 960 961 res = tee_rpmb_invoke(&mem); 962 if (res != TEE_SUCCESS) 963 goto func_exit; 964 965 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 966 967 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 968 rawdata.msg_type = msg_type; 969 rawdata.op_result = op_result; 970 rawdata.write_counter = wr_cnt; 971 rawdata.nonce = nonce; 972 rawdata.key_mac = hmac; 973 974 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 975 if (res != TEE_SUCCESS) 976 goto func_exit; 977 978 res = TEE_SUCCESS; 979 980 func_exit: 981 tee_rpmb_free(&mem); 982 return res; 983 } 984 985 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 986 { 987 uint16_t op_result = 0; 988 TEE_Result res = TEE_ERROR_GENERIC; 989 990 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 991 &op_result); 992 993 if (res == TEE_SUCCESS) { 994 rpmb_ctx->key_verified = true; 995 rpmb_ctx->wr_cnt_synced = true; 996 } else 997 EMSG("Verify key returning 0x%x", res); 998 return res; 999 } 1000 1001 #ifdef CFG_RPMB_WRITE_KEY 1002 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1003 { 1004 TEE_Result res = TEE_ERROR_GENERIC; 1005 struct tee_rpmb_mem mem = { 0 }; 1006 uint16_t msg_type; 1007 struct rpmb_req *req = NULL; 1008 struct rpmb_data_frame *resp = NULL; 1009 struct rpmb_raw_data rawdata; 1010 uint32_t req_size; 1011 uint32_t resp_size; 1012 1013 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1014 resp_size = RPMB_DATA_FRAME_SIZE; 1015 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1016 (void *)&req, (void *)&resp); 1017 if (res != TEE_SUCCESS) 1018 goto func_exit; 1019 1020 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1021 1022 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1023 rawdata.msg_type = msg_type; 1024 rawdata.key_mac = rpmb_ctx->key; 1025 1026 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1027 if (res != TEE_SUCCESS) 1028 goto func_exit; 1029 1030 res = tee_rpmb_invoke(&mem); 1031 if (res != TEE_SUCCESS) 1032 goto func_exit; 1033 1034 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1035 1036 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1037 rawdata.msg_type = msg_type; 1038 1039 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, NULL); 1040 if (res != TEE_SUCCESS) 1041 goto func_exit; 1042 1043 res = TEE_SUCCESS; 1044 1045 func_exit: 1046 tee_rpmb_free(&mem); 1047 return res; 1048 } 1049 1050 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) 1051 { 1052 TEE_Result res; 1053 1054 if (!plat_rpmb_key_is_ready()) { 1055 DMSG("RPMB INIT: platform indicates RPMB key is not ready"); 1056 return TEE_ERROR_BAD_STATE; 1057 } 1058 1059 DMSG("RPMB INIT: Writing Key value:"); 1060 DHEXDUMP(rpmb_ctx->key, RPMB_KEY_MAC_SIZE); 1061 1062 res = tee_rpmb_write_key(dev_id); 1063 if (res == TEE_SUCCESS) { 1064 DMSG("RPMB INIT: Verifying Key"); 1065 res = tee_rpmb_verify_key_sync_counter(dev_id); 1066 } 1067 return res; 1068 } 1069 #else 1070 static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) 1071 { 1072 DMSG("RPMB INIT: CFG_RPMB_WRITE_KEY is not set"); 1073 return TEE_ERROR_BAD_STATE; 1074 } 1075 #endif 1076 1077 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1078 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1079 { 1080 TEE_Result res = TEE_SUCCESS; 1081 struct rpmb_dev_info dev_info; 1082 uint32_t nblocks = 0; 1083 1084 if (!rpmb_ctx) { 1085 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1086 if (!rpmb_ctx) 1087 return TEE_ERROR_OUT_OF_MEMORY; 1088 } else if (rpmb_ctx->dev_id != dev_id) { 1089 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1090 } 1091 1092 rpmb_ctx->dev_id = dev_id; 1093 1094 if (!rpmb_ctx->dev_info_synced) { 1095 DMSG("RPMB: Syncing device information"); 1096 1097 dev_info.rpmb_size_mult = 0; 1098 dev_info.rel_wr_sec_c = 0; 1099 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1100 if (res != TEE_SUCCESS) 1101 goto func_exit; 1102 1103 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1104 DMSG("RPMB: Reliable Write Sector Count is %d", 1105 dev_info.rel_wr_sec_c); 1106 1107 if (dev_info.rpmb_size_mult == 0) { 1108 res = TEE_ERROR_GENERIC; 1109 goto func_exit; 1110 } 1111 1112 if (MUL_OVERFLOW(dev_info.rpmb_size_mult, 1113 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE, &nblocks) || 1114 SUB_OVERFLOW(nblocks, 1, &rpmb_ctx->max_blk_idx)) { 1115 res = TEE_ERROR_BAD_PARAMETERS; 1116 goto func_exit; 1117 } 1118 1119 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1120 1121 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1122 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1123 #else 1124 rpmb_ctx->rel_wr_blkcnt = 1; 1125 #endif 1126 1127 rpmb_ctx->dev_info_synced = true; 1128 } 1129 1130 if (!rpmb_ctx->key_derived) { 1131 DMSG("RPMB INIT: Deriving key"); 1132 1133 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1134 RPMB_KEY_MAC_SIZE); 1135 if (res != TEE_SUCCESS) { 1136 EMSG("RPMB INIT: Deriving key failed with error 0x%x", 1137 res); 1138 goto func_exit; 1139 } 1140 1141 rpmb_ctx->key_derived = true; 1142 } 1143 1144 /* Perform a write counter read to verify if the key is ok. */ 1145 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1146 DMSG("RPMB INIT: Verifying Key"); 1147 1148 res = tee_rpmb_verify_key_sync_counter(dev_id); 1149 if (res == TEE_ERROR_ITEM_NOT_FOUND && 1150 !rpmb_ctx->key_verified) { 1151 /* 1152 * Need to write the key here and verify it. 1153 */ 1154 DMSG("RPMB INIT: Auth key not yet written"); 1155 res = tee_rpmb_write_and_verify_key(dev_id); 1156 } else if (res != TEE_SUCCESS) { 1157 EMSG("Verify key failed!"); 1158 EMSG("Make sure key here matches device key"); 1159 } 1160 } 1161 1162 func_exit: 1163 return res; 1164 } 1165 1166 /* 1167 * Read RPMB data in bytes. 1168 * 1169 * @dev_id Device ID of the eMMC device. 1170 * @addr Byte address of data. 1171 * @data Pointer to the data. 1172 * @len Size of data in bytes. 1173 * @fek Encrypted File Encryption Key or NULL. 1174 */ 1175 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1176 uint32_t len, const uint8_t *fek, 1177 const TEE_UUID *uuid) 1178 { 1179 TEE_Result res = TEE_ERROR_GENERIC; 1180 struct tee_rpmb_mem mem = { 0 }; 1181 uint16_t msg_type; 1182 uint8_t nonce[RPMB_NONCE_SIZE]; 1183 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1184 struct rpmb_req *req = NULL; 1185 struct rpmb_data_frame *resp = NULL; 1186 struct rpmb_raw_data rawdata; 1187 uint32_t req_size; 1188 uint32_t resp_size; 1189 uint16_t blk_idx; 1190 uint16_t blkcnt; 1191 uint8_t byte_offset; 1192 1193 if (!data || !len) 1194 return TEE_ERROR_BAD_PARAMETERS; 1195 1196 blk_idx = addr / RPMB_DATA_SIZE; 1197 byte_offset = addr % RPMB_DATA_SIZE; 1198 1199 if (len + byte_offset + RPMB_DATA_SIZE < RPMB_DATA_SIZE) { 1200 /* Overflow */ 1201 return TEE_ERROR_BAD_PARAMETERS; 1202 } 1203 blkcnt = 1204 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1205 res = tee_rpmb_init(dev_id); 1206 if (res != TEE_SUCCESS) 1207 goto func_exit; 1208 1209 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1210 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1211 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1212 (void *)&req, (void *)&resp); 1213 if (res != TEE_SUCCESS) 1214 goto func_exit; 1215 1216 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1217 res = crypto_rng_read(nonce, RPMB_NONCE_SIZE); 1218 if (res != TEE_SUCCESS) 1219 goto func_exit; 1220 1221 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1222 rawdata.msg_type = msg_type; 1223 rawdata.nonce = nonce; 1224 rawdata.blk_idx = &blk_idx; 1225 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL, NULL); 1226 if (res != TEE_SUCCESS) 1227 goto func_exit; 1228 1229 req->block_count = blkcnt; 1230 1231 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1232 blk_idx); 1233 1234 res = tee_rpmb_invoke(&mem); 1235 if (res != TEE_SUCCESS) 1236 goto func_exit; 1237 1238 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1239 1240 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1241 rawdata.msg_type = msg_type; 1242 rawdata.block_count = &blkcnt; 1243 rawdata.blk_idx = &blk_idx; 1244 rawdata.nonce = nonce; 1245 rawdata.key_mac = hmac; 1246 rawdata.data = data; 1247 1248 rawdata.len = len; 1249 rawdata.byte_offset = byte_offset; 1250 1251 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek, uuid); 1252 if (res != TEE_SUCCESS) 1253 goto func_exit; 1254 1255 res = TEE_SUCCESS; 1256 1257 func_exit: 1258 tee_rpmb_free(&mem); 1259 return res; 1260 } 1261 1262 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1263 const uint8_t *data_blks, uint16_t blkcnt, 1264 const uint8_t *fek, const TEE_UUID *uuid) 1265 { 1266 TEE_Result res; 1267 struct tee_rpmb_mem mem; 1268 uint16_t msg_type; 1269 uint32_t wr_cnt; 1270 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1271 struct rpmb_req *req = NULL; 1272 struct rpmb_data_frame *resp = NULL; 1273 struct rpmb_raw_data rawdata; 1274 uint32_t req_size; 1275 uint32_t resp_size; 1276 uint32_t nbr_writes; 1277 uint16_t tmp_blkcnt; 1278 uint16_t tmp_blk_idx; 1279 uint16_t i; 1280 1281 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1282 blk_idx); 1283 1284 if (!data_blks || !blkcnt) 1285 return TEE_ERROR_BAD_PARAMETERS; 1286 1287 res = tee_rpmb_init(dev_id); 1288 if (res != TEE_SUCCESS) 1289 return res; 1290 1291 /* 1292 * We need to split data when block count 1293 * is bigger than reliable block write count. 1294 */ 1295 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1296 req_size = sizeof(struct rpmb_req) + 1297 RPMB_DATA_FRAME_SIZE * blkcnt; 1298 else 1299 req_size = sizeof(struct rpmb_req) + 1300 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1301 1302 resp_size = RPMB_DATA_FRAME_SIZE; 1303 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1304 (void *)&req, (void *)&resp); 1305 if (res != TEE_SUCCESS) 1306 return res; 1307 1308 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1309 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1310 nbr_writes += 1; 1311 1312 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1313 tmp_blk_idx = blk_idx; 1314 for (i = 0; i < nbr_writes; i++) { 1315 /* 1316 * To handle the last write of block count which is 1317 * equal or smaller than reliable write block count. 1318 */ 1319 if (i == nbr_writes - 1) 1320 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1321 (nbr_writes - 1); 1322 1323 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1324 wr_cnt = rpmb_ctx->wr_cnt; 1325 1326 memset(req, 0x00, req_size); 1327 memset(resp, 0x00, resp_size); 1328 1329 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1330 rawdata.msg_type = msg_type; 1331 rawdata.block_count = &tmp_blkcnt; 1332 rawdata.blk_idx = &tmp_blk_idx; 1333 rawdata.write_counter = &wr_cnt; 1334 rawdata.key_mac = hmac; 1335 rawdata.data = (uint8_t *)data_blks + 1336 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1337 1338 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1339 fek, uuid); 1340 if (res != TEE_SUCCESS) 1341 goto out; 1342 1343 res = tee_rpmb_invoke(&mem); 1344 if (res != TEE_SUCCESS) { 1345 /* 1346 * To force wr_cnt sync next time, as it might get 1347 * out of sync due to inconsistent operation result! 1348 */ 1349 rpmb_ctx->wr_cnt_synced = false; 1350 goto out; 1351 } 1352 1353 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1354 1355 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1356 rawdata.msg_type = msg_type; 1357 rawdata.block_count = &tmp_blkcnt; 1358 rawdata.blk_idx = &tmp_blk_idx; 1359 rawdata.write_counter = &wr_cnt; 1360 rawdata.key_mac = hmac; 1361 1362 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL, 1363 NULL); 1364 if (res != TEE_SUCCESS) { 1365 /* 1366 * To force wr_cnt sync next time, as it might get 1367 * out of sync due to inconsistent operation result! 1368 */ 1369 rpmb_ctx->wr_cnt_synced = false; 1370 goto out; 1371 } 1372 1373 tmp_blk_idx += tmp_blkcnt; 1374 } 1375 1376 out: 1377 tee_rpmb_free(&mem); 1378 return res; 1379 } 1380 1381 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1382 uint32_t len) 1383 { 1384 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1385 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1386 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1387 1388 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1389 } 1390 1391 /* 1392 * Write RPMB data in bytes. 1393 * 1394 * @dev_id Device ID of the eMMC device. 1395 * @addr Byte address of data. 1396 * @data Pointer to the data. 1397 * @len Size of data in bytes. 1398 * @fek Encrypted File Encryption Key or NULL. 1399 */ 1400 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1401 const uint8_t *data, uint32_t len, 1402 const uint8_t *fek, const TEE_UUID *uuid) 1403 { 1404 TEE_Result res = TEE_ERROR_GENERIC; 1405 uint8_t *data_tmp = NULL; 1406 uint16_t blk_idx; 1407 uint16_t blkcnt; 1408 uint8_t byte_offset; 1409 1410 blk_idx = addr / RPMB_DATA_SIZE; 1411 byte_offset = addr % RPMB_DATA_SIZE; 1412 1413 blkcnt = 1414 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1415 1416 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1417 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek, 1418 uuid); 1419 if (res != TEE_SUCCESS) 1420 goto func_exit; 1421 } else { 1422 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1423 if (!data_tmp) { 1424 res = TEE_ERROR_OUT_OF_MEMORY; 1425 goto func_exit; 1426 } 1427 1428 /* Read the complete blocks */ 1429 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1430 blkcnt * RPMB_DATA_SIZE, fek, uuid); 1431 if (res != TEE_SUCCESS) 1432 goto func_exit; 1433 1434 /* Partial update of the data blocks */ 1435 memcpy(data_tmp + byte_offset, data, len); 1436 1437 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1438 fek, uuid); 1439 if (res != TEE_SUCCESS) 1440 goto func_exit; 1441 } 1442 1443 res = TEE_SUCCESS; 1444 1445 func_exit: 1446 free(data_tmp); 1447 return res; 1448 } 1449 1450 /* 1451 * Read the RPMB write counter. 1452 * 1453 * @dev_id Device ID of the eMMC device. 1454 * @counter Pointer to the counter. 1455 */ 1456 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1457 uint32_t *counter) 1458 { 1459 TEE_Result res = TEE_SUCCESS; 1460 1461 if (!counter) 1462 return TEE_ERROR_BAD_PARAMETERS; 1463 1464 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1465 res = tee_rpmb_init(dev_id); 1466 if (res != TEE_SUCCESS) 1467 goto func_exit; 1468 } 1469 1470 *counter = rpmb_ctx->wr_cnt; 1471 1472 func_exit: 1473 return res; 1474 } 1475 1476 /* 1477 * Read the RPMB max block. 1478 * 1479 * @dev_id Device ID of the eMMC device. 1480 * @counter Pointer to receive the max block. 1481 */ 1482 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1483 { 1484 TEE_Result res = TEE_SUCCESS; 1485 1486 if (!max_block) 1487 return TEE_ERROR_BAD_PARAMETERS; 1488 1489 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1490 res = tee_rpmb_init(dev_id); 1491 if (res != TEE_SUCCESS) 1492 goto func_exit; 1493 } 1494 1495 *max_block = rpmb_ctx->max_blk_idx; 1496 1497 func_exit: 1498 return res; 1499 } 1500 1501 /* 1502 * End of lower interface to RPMB device 1503 */ 1504 1505 static TEE_Result get_fat_start_address(uint32_t *addr); 1506 static TEE_Result rpmb_fs_setup(void); 1507 1508 /** 1509 * fat_entry_dir_free: Free the FAT entry dir. 1510 */ 1511 static void fat_entry_dir_free(void) 1512 { 1513 if (fat_entry_dir) { 1514 free(fat_entry_dir->rpmb_fat_entry_buf); 1515 free(fat_entry_dir); 1516 fat_entry_dir = NULL; 1517 } 1518 } 1519 1520 /** 1521 * fat_entry_dir_init: Initialize the FAT FS entry buffer/cache 1522 * This function must be called before reading FAT FS entries using the 1523 * function fat_entry_dir_get_next. This initializes the buffer/cache with the 1524 * first FAT FS entries. 1525 */ 1526 static TEE_Result fat_entry_dir_init(void) 1527 { 1528 TEE_Result res = TEE_ERROR_GENERIC; 1529 struct rpmb_fat_entry *fe = NULL; 1530 uint32_t fat_address = 0; 1531 uint32_t num_elems_read = 0; 1532 1533 if (fat_entry_dir) 1534 return TEE_SUCCESS; 1535 1536 res = rpmb_fs_setup(); 1537 if (res) 1538 return res; 1539 1540 res = get_fat_start_address(&fat_address); 1541 if (res) 1542 return res; 1543 1544 fat_entry_dir = calloc(1, sizeof(struct rpmb_fat_entry_dir)); 1545 if (!fat_entry_dir) 1546 return TEE_ERROR_OUT_OF_MEMORY; 1547 1548 /* 1549 * If caching is enabled, read in up to the maximum cache size, but 1550 * never more than the single read in size. Otherwise, read in as many 1551 * entries fit into the temporary buffer. 1552 */ 1553 if (CFG_RPMB_FS_CACHE_ENTRIES) 1554 num_elems_read = MIN(CFG_RPMB_FS_CACHE_ENTRIES, 1555 CFG_RPMB_FS_RD_ENTRIES); 1556 else 1557 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1558 1559 /* 1560 * Allocate memory for the FAT FS entries to read in. 1561 */ 1562 fe = calloc(num_elems_read, sizeof(struct rpmb_fat_entry)); 1563 if (!fe) { 1564 res = TEE_ERROR_OUT_OF_MEMORY; 1565 goto out; 1566 } 1567 1568 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, (uint8_t *)fe, 1569 num_elems_read * sizeof(*fe), NULL, NULL); 1570 if (res) 1571 goto out; 1572 1573 fat_entry_dir->rpmb_fat_entry_buf = fe; 1574 1575 /* 1576 * We use this variable when getting next entries from the buffer/cache 1577 * to see whether we have to read in more entries from storage. 1578 */ 1579 fat_entry_dir->num_buffered = num_elems_read; 1580 1581 return TEE_SUCCESS; 1582 out: 1583 fat_entry_dir_free(); 1584 free(fe); 1585 return res; 1586 } 1587 1588 /** 1589 * fat_entry_dir_deinit: If caching is enabled, free the temporary buffer for 1590 * FAT FS entries in case the cache was too small. Keep the elements in the 1591 * cache. Reset the counter variables to start the next traversal from fresh 1592 * from the first cached entry. If caching is disabled, just free the 1593 * temporary buffer by calling fat_entry_dir_free and return. 1594 */ 1595 static void fat_entry_dir_deinit(void) 1596 { 1597 struct rpmb_fat_entry *fe = NULL; 1598 1599 if (!fat_entry_dir) 1600 return; 1601 1602 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1603 fat_entry_dir_free(); 1604 return; 1605 } 1606 1607 fe = fat_entry_dir->rpmb_fat_entry_buf; 1608 fat_entry_dir->idx_curr = 0; 1609 fat_entry_dir->num_total_read = 0; 1610 fat_entry_dir->last_reached = false; 1611 1612 if (fat_entry_dir->num_buffered > CFG_RPMB_FS_CACHE_ENTRIES) { 1613 fat_entry_dir->num_buffered = CFG_RPMB_FS_CACHE_ENTRIES; 1614 1615 fe = realloc(fe, fat_entry_dir->num_buffered * sizeof(*fe)); 1616 1617 /* 1618 * In case realloc fails, we are on the safe side if we destroy 1619 * the whole structure. Upon the next init, the cache has to be 1620 * re-established, but this case should not happen in practice. 1621 */ 1622 if (!fe) 1623 fat_entry_dir_free(); 1624 else 1625 fat_entry_dir->rpmb_fat_entry_buf = fe; 1626 } 1627 } 1628 1629 /** 1630 * fat_entry_dir_update: Updates a persisted FAT FS entry in the cache. 1631 * This function updates the FAT entry fat_entry that was written to address 1632 * fat_address onto RPMB storage in the cache. 1633 */ 1634 static TEE_Result __maybe_unused fat_entry_dir_update 1635 (struct rpmb_fat_entry *fat_entry, 1636 uint32_t fat_address) 1637 { 1638 uint32_t fat_entry_buf_idx = 0; 1639 /* Use a temp var to avoid compiler warning if caching disabled. */ 1640 uint32_t max_cache_entries = CFG_RPMB_FS_CACHE_ENTRIES; 1641 1642 assert(!(fat_address - RPMB_FS_FAT_START_ADDRESS) % 1643 sizeof(struct rpmb_fat_entry)); 1644 1645 /* Nothing to update if the cache is not initialized. */ 1646 if (!fat_entry_dir) 1647 return TEE_SUCCESS; 1648 1649 fat_entry_buf_idx = (fat_address - RPMB_FS_FAT_START_ADDRESS) / 1650 sizeof(struct rpmb_fat_entry); 1651 1652 /* Only need to write if index points to an entry in cache. */ 1653 if (fat_entry_buf_idx < max_cache_entries) { 1654 memcpy(fat_entry_dir->rpmb_fat_entry_buf + fat_entry_buf_idx, 1655 fat_entry, sizeof(struct rpmb_fat_entry)); 1656 } 1657 1658 return TEE_SUCCESS; 1659 } 1660 1661 /** 1662 * fat_entry_dir_get_next: Get next FAT FS entry. 1663 * Read either from cache/buffer, or by reading from RPMB storage if the 1664 * elements in the buffer/cache are fully read. When reading in from RPMB 1665 * storage, the buffer is overwritten in case caching is disabled. 1666 * In case caching is enabled, the cache is either further filled, or a 1667 * temporary buffer populated if the cache is already full. 1668 * The FAT FS entry is written to fat_entry. The respective address in RPMB 1669 * storage is written to fat_address, if not NULL. When the last FAT FS entry 1670 * was previously read, the function indicates this case by writing a NULL 1671 * pointer to fat_entry. 1672 * Returns a value different TEE_SUCCESS if the next FAT FS entry could not be 1673 * retrieved. 1674 */ 1675 static TEE_Result fat_entry_dir_get_next(struct rpmb_fat_entry **fat_entry, 1676 uint32_t *fat_address) 1677 { 1678 TEE_Result res = TEE_ERROR_GENERIC; 1679 struct rpmb_fat_entry *fe = NULL; 1680 uint32_t num_elems_read = 0; 1681 uint32_t fat_address_local = 0; 1682 1683 assert(fat_entry_dir && fat_entry); 1684 1685 /* Don't read further if we previously read the last FAT FS entry. */ 1686 if (fat_entry_dir->last_reached) { 1687 *fat_entry = NULL; 1688 return TEE_SUCCESS; 1689 } 1690 1691 fe = fat_entry_dir->rpmb_fat_entry_buf; 1692 1693 /* Determine address of FAT FS entry in RPMB storage. */ 1694 fat_address_local = RPMB_FS_FAT_START_ADDRESS + 1695 (fat_entry_dir->num_total_read * 1696 sizeof(struct rpmb_fat_entry)); 1697 1698 /* 1699 * We've read all so-far buffered elements, so we need to 1700 * read in more entries from RPMB storage. 1701 */ 1702 if (fat_entry_dir->idx_curr >= fat_entry_dir->num_buffered) { 1703 /* 1704 * This is the case where we do not cache entries, so just read 1705 * in next set of FAT FS entries into the buffer. 1706 * Goto the end of the when statement if that is done. 1707 */ 1708 if (!CFG_RPMB_FS_CACHE_ENTRIES) { 1709 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1710 fat_entry_dir->idx_curr = 0; 1711 1712 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1713 fat_address_local, (uint8_t *)fe, 1714 num_elems_read * sizeof(*fe), NULL, 1715 NULL); 1716 if (res) 1717 return res; 1718 goto post_read_in; 1719 } 1720 1721 /* 1722 * We cache FAT FS entries, and the buffer is not completely 1723 * filled. Further keep on extending the buffer up to its max 1724 * size by reading in from RPMB. 1725 */ 1726 if (fat_entry_dir->num_total_read < RPMB_BUF_MAX_ENTRIES) { 1727 /* 1728 * Read at most as many elements as fit in the buffer 1729 * and no more than the defined number of entries to 1730 * read in at once. 1731 */ 1732 num_elems_read = MIN(RPMB_BUF_MAX_ENTRIES - 1733 fat_entry_dir->num_total_read, 1734 (uint32_t)CFG_RPMB_FS_RD_ENTRIES); 1735 1736 /* 1737 * Expand the buffer to fit in the additional entries. 1738 */ 1739 fe = realloc(fe, 1740 (fat_entry_dir->num_buffered + 1741 num_elems_read) * sizeof(*fe)); 1742 if (!fe) 1743 return TEE_ERROR_OUT_OF_MEMORY; 1744 1745 fat_entry_dir->rpmb_fat_entry_buf = fe; 1746 1747 /* Read in to the next free slot in the buffer/cache. */ 1748 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1749 fat_address_local, 1750 (uint8_t *)(fe + 1751 fat_entry_dir->num_total_read), 1752 num_elems_read * sizeof(*fe), 1753 NULL, NULL); 1754 if (res) 1755 return res; 1756 1757 fat_entry_dir->num_buffered += num_elems_read; 1758 } else { 1759 /* 1760 * This happens when we have read as many elements as 1761 * can possibly fit into the buffer. 1762 * As the first part of the buffer serves as our cache, 1763 * we only overwrite the last part that serves as our 1764 * temporary buffer used to iteratively read in entries 1765 * when the cache is full. Read in the temporary buffer 1766 * maximum size. 1767 */ 1768 num_elems_read = CFG_RPMB_FS_RD_ENTRIES; 1769 /* Reset index to beginning of the temporary buffer. */ 1770 fat_entry_dir->idx_curr = CFG_RPMB_FS_CACHE_ENTRIES; 1771 1772 /* Read in elements after the end of the cache. */ 1773 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 1774 fat_address_local, 1775 (uint8_t *)(fe + 1776 fat_entry_dir->idx_curr), 1777 num_elems_read * sizeof(*fe), 1778 NULL, NULL); 1779 if (res) 1780 return res; 1781 } 1782 } 1783 1784 post_read_in: 1785 if (fat_address) 1786 *fat_address = fat_address_local; 1787 1788 *fat_entry = fe + fat_entry_dir->idx_curr; 1789 1790 fat_entry_dir->idx_curr++; 1791 fat_entry_dir->num_total_read++; 1792 1793 /* 1794 * Indicate last entry was read. 1795 * Ensures we return a zero value for fat_entry on next invocation. 1796 */ 1797 if ((*fat_entry)->flags & FILE_IS_LAST_ENTRY) 1798 fat_entry_dir->last_reached = true; 1799 1800 return TEE_SUCCESS; 1801 } 1802 1803 #if (TRACE_LEVEL >= TRACE_FLOW) 1804 static void dump_fat(void) 1805 { 1806 TEE_RESULT res; 1807 struct rpmb_fat_entry *fe = NULL; 1808 1809 if (fat_entry_dir_init()) 1810 return; 1811 1812 while (true) { 1813 res = fat_entry_dir_get_next(&fe, NULL); 1814 if (res || !fe) 1815 break; 1816 1817 FMSG("flags %#"PRIx32", size %"PRIu32", address %#"PRIx32 1818 ", filename '%s'", 1819 fe->flags, fe->data_size, fe->start_address, fe->filename); 1820 } 1821 1822 fat_entry_dir_deinit(); 1823 } 1824 #else 1825 static void dump_fat(void) 1826 { 1827 } 1828 #endif 1829 1830 #if (TRACE_LEVEL >= TRACE_DEBUG) 1831 static void dump_fh(struct rpmb_file_handle *fh) 1832 { 1833 DMSG("fh->filename=%s", fh->filename); 1834 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1835 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1836 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1837 } 1838 #else 1839 static void dump_fh(struct rpmb_file_handle *fh __unused) 1840 { 1841 } 1842 #endif 1843 1844 static struct rpmb_file_handle *alloc_file_handle(struct tee_pobj *po, 1845 bool temporary) 1846 { 1847 struct rpmb_file_handle *fh = NULL; 1848 1849 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1850 if (!fh) 1851 return NULL; 1852 1853 if (po) 1854 tee_svc_storage_create_filename(fh->filename, 1855 sizeof(fh->filename), po, 1856 temporary); 1857 1858 return fh; 1859 } 1860 1861 /** 1862 * write_fat_entry: Store info in a fat_entry to RPMB. 1863 */ 1864 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1865 bool update_write_counter) 1866 { 1867 TEE_Result res = TEE_ERROR_GENERIC; 1868 1869 /* Protect partition data. */ 1870 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1871 res = TEE_ERROR_ACCESS_CONFLICT; 1872 goto out; 1873 } 1874 1875 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1876 res = TEE_ERROR_BAD_PARAMETERS; 1877 goto out; 1878 } 1879 1880 if (update_write_counter) { 1881 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1882 &fh->fat_entry.write_counter); 1883 if (res) 1884 goto out; 1885 } 1886 1887 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1888 (uint8_t *)&fh->fat_entry, 1889 sizeof(struct rpmb_fat_entry), NULL, NULL); 1890 1891 dump_fat(); 1892 1893 /* If caching enabled, update a successfully written entry in cache. */ 1894 if (CFG_RPMB_FS_CACHE_ENTRIES && !res) 1895 res = fat_entry_dir_update(&fh->fat_entry, 1896 fh->rpmb_fat_address); 1897 1898 out: 1899 return res; 1900 } 1901 1902 /** 1903 * rpmb_fs_setup: Setup RPMB FS. 1904 * Set initial partition and FS values and write to RPMB. 1905 * Store frequently used data in RAM. 1906 */ 1907 static TEE_Result rpmb_fs_setup(void) 1908 { 1909 TEE_Result res = TEE_ERROR_GENERIC; 1910 struct rpmb_fs_partition *partition_data = NULL; 1911 struct rpmb_file_handle *fh = NULL; 1912 uint32_t max_rpmb_block = 0; 1913 1914 if (fs_par) { 1915 res = TEE_SUCCESS; 1916 goto out; 1917 } 1918 1919 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1920 if (res != TEE_SUCCESS) 1921 goto out; 1922 1923 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1924 if (!partition_data) { 1925 res = TEE_ERROR_OUT_OF_MEMORY; 1926 goto out; 1927 } 1928 1929 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1930 (uint8_t *)partition_data, 1931 sizeof(struct rpmb_fs_partition), NULL, NULL); 1932 if (res != TEE_SUCCESS) 1933 goto out; 1934 1935 #ifndef CFG_RPMB_RESET_FAT 1936 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1937 if (partition_data->fs_version == FS_VERSION) { 1938 res = TEE_SUCCESS; 1939 goto store_fs_par; 1940 } else { 1941 EMSG("Wrong software is in use."); 1942 res = TEE_ERROR_ACCESS_DENIED; 1943 goto out; 1944 } 1945 } 1946 #else 1947 EMSG("**** Clearing Storage ****"); 1948 #endif 1949 1950 /* Setup new partition data. */ 1951 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1952 partition_data->fs_version = FS_VERSION; 1953 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1954 1955 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1956 fh = alloc_file_handle(NULL, false); 1957 if (!fh) { 1958 res = TEE_ERROR_OUT_OF_MEMORY; 1959 goto out; 1960 } 1961 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1962 fh->rpmb_fat_address = partition_data->fat_start_address; 1963 1964 /* Write init FAT entry and partition data to RPMB. */ 1965 res = write_fat_entry(fh, true); 1966 if (res != TEE_SUCCESS) 1967 goto out; 1968 1969 res = 1970 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1971 &partition_data->write_counter); 1972 if (res != TEE_SUCCESS) 1973 goto out; 1974 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1975 (uint8_t *)partition_data, 1976 sizeof(struct rpmb_fs_partition), NULL, NULL); 1977 1978 #ifndef CFG_RPMB_RESET_FAT 1979 store_fs_par: 1980 #endif 1981 1982 /* Store FAT start address. */ 1983 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1984 if (!fs_par) { 1985 res = TEE_ERROR_OUT_OF_MEMORY; 1986 goto out; 1987 } 1988 1989 fs_par->fat_start_address = partition_data->fat_start_address; 1990 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1991 1992 dump_fat(); 1993 1994 out: 1995 free(fh); 1996 free(partition_data); 1997 return res; 1998 } 1999 2000 /** 2001 * get_fat_start_address: 2002 * FAT start_address from fs_par. 2003 */ 2004 static TEE_Result get_fat_start_address(uint32_t *addr) 2005 { 2006 if (!fs_par) 2007 return TEE_ERROR_NO_DATA; 2008 2009 *addr = fs_par->fat_start_address; 2010 2011 return TEE_SUCCESS; 2012 } 2013 2014 /** 2015 * read_fat: Read FAT entries 2016 * Return matching FAT entry for read, rm rename and stat. 2017 * Build up memory pool and return matching entry for write operation. 2018 * "Last FAT entry" can be returned during write. 2019 */ 2020 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 2021 { 2022 TEE_Result res = TEE_ERROR_GENERIC; 2023 tee_mm_entry_t *mm = NULL; 2024 struct rpmb_fat_entry *fe = NULL; 2025 uint32_t fat_address; 2026 bool entry_found = false; 2027 bool expand_fat = false; 2028 struct rpmb_file_handle last_fh; 2029 2030 DMSG("fat_address %d", fh->rpmb_fat_address); 2031 2032 res = fat_entry_dir_init(); 2033 if (res) 2034 goto out; 2035 2036 /* 2037 * The pool is used to represent the current RPMB layout. To find 2038 * a slot for the file tee_mm_alloc is called on the pool. Thus 2039 * if it is not NULL the entire FAT must be traversed to fill in 2040 * the pool. 2041 */ 2042 while (true) { 2043 res = fat_entry_dir_get_next(&fe, &fat_address); 2044 if (res || !fe) 2045 break; 2046 2047 /* 2048 * Look for an entry, matching filenames. (read, rm, 2049 * rename and stat.). Only store first filename match. 2050 */ 2051 if ((!strcmp(fh->filename, fe->filename)) && 2052 (fe->flags & FILE_IS_ACTIVE) && !entry_found) { 2053 entry_found = true; 2054 fh->rpmb_fat_address = fat_address; 2055 memcpy(&fh->fat_entry, fe, sizeof(*fe)); 2056 if (!p) 2057 break; 2058 } 2059 2060 /* Add existing files to memory pool. (write) */ 2061 if (p) { 2062 if ((fe->flags & FILE_IS_ACTIVE) && fe->data_size > 0) { 2063 2064 mm = tee_mm_alloc2(p, fe->start_address, 2065 fe->data_size); 2066 if (!mm) { 2067 res = TEE_ERROR_OUT_OF_MEMORY; 2068 goto out; 2069 } 2070 } 2071 2072 /* Unused FAT entries can be reused (write) */ 2073 if (((fe->flags & FILE_IS_ACTIVE) == 0) && 2074 fh->rpmb_fat_address == 0) { 2075 fh->rpmb_fat_address = fat_address; 2076 memcpy(&fh->fat_entry, fe, 2077 sizeof(struct rpmb_fat_entry)); 2078 } 2079 2080 if (((fe->flags & FILE_IS_LAST_ENTRY) != 0) && 2081 fh->rpmb_fat_address == fat_address) { 2082 2083 /* 2084 * If the last entry was reached and was chosen 2085 * by the previous check, then the FAT needs to 2086 * be expanded. 2087 * fh->rpmb_fat_address is the address chosen 2088 * to store the files FAT entry and fat_address 2089 * is the current FAT entry address being 2090 * compared. 2091 */ 2092 expand_fat = true; 2093 } 2094 } 2095 } 2096 2097 if (res) 2098 goto out; 2099 /* 2100 * Represent the FAT table in the pool. 2101 */ 2102 if (p) { 2103 /* 2104 * Since fat_address is the start of the last entry it needs to 2105 * be moved up by an entry. 2106 */ 2107 fat_address += sizeof(struct rpmb_fat_entry); 2108 2109 /* Make room for yet a FAT entry and add to memory pool. */ 2110 if (expand_fat) 2111 fat_address += sizeof(struct rpmb_fat_entry); 2112 2113 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 2114 if (!mm) { 2115 res = TEE_ERROR_OUT_OF_MEMORY; 2116 goto out; 2117 } 2118 2119 if (expand_fat) { 2120 /* 2121 * Point fat_address to the beginning of the new 2122 * entry. 2123 */ 2124 fat_address -= sizeof(struct rpmb_fat_entry); 2125 memset(&last_fh, 0, sizeof(last_fh)); 2126 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 2127 last_fh.rpmb_fat_address = fat_address; 2128 res = write_fat_entry(&last_fh, true); 2129 if (res != TEE_SUCCESS) 2130 goto out; 2131 } 2132 } 2133 2134 if (!fh->rpmb_fat_address) 2135 res = TEE_ERROR_ITEM_NOT_FOUND; 2136 2137 out: 2138 fat_entry_dir_deinit(); 2139 return res; 2140 } 2141 2142 static TEE_Result generate_fek(struct rpmb_fat_entry *fe, const TEE_UUID *uuid) 2143 { 2144 TEE_Result res; 2145 2146 again: 2147 res = tee_fs_generate_fek(uuid, fe->fek, sizeof(fe->fek)); 2148 if (res != TEE_SUCCESS) 2149 return res; 2150 2151 if (is_zero(fe->fek, sizeof(fe->fek))) 2152 goto again; 2153 2154 return res; 2155 } 2156 2157 static TEE_Result rpmb_fs_open_internal(struct rpmb_file_handle *fh, 2158 const TEE_UUID *uuid, bool create) 2159 { 2160 tee_mm_pool_t p; 2161 bool pool_result; 2162 TEE_Result res = TEE_ERROR_GENERIC; 2163 2164 /* We need to do setup in order to make sure fs_par is filled in */ 2165 res = rpmb_fs_setup(); 2166 if (res != TEE_SUCCESS) 2167 goto out; 2168 2169 fh->uuid = uuid; 2170 if (create) { 2171 /* Upper memory allocation must be used for RPMB_FS. */ 2172 pool_result = tee_mm_init(&p, 2173 RPMB_STORAGE_START_ADDRESS, 2174 fs_par->max_rpmb_address, 2175 RPMB_BLOCK_SIZE_SHIFT, 2176 TEE_MM_POOL_HI_ALLOC); 2177 2178 if (!pool_result) { 2179 res = TEE_ERROR_OUT_OF_MEMORY; 2180 goto out; 2181 } 2182 2183 res = read_fat(fh, &p); 2184 tee_mm_final(&p); 2185 if (res != TEE_SUCCESS) 2186 goto out; 2187 } else { 2188 res = read_fat(fh, NULL); 2189 if (res != TEE_SUCCESS) 2190 goto out; 2191 } 2192 2193 /* 2194 * If this is opened with create and the entry found was not active 2195 * then this is a new file and the FAT entry must be written 2196 */ 2197 if (create) { 2198 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 2199 memset(&fh->fat_entry, 0, 2200 sizeof(struct rpmb_fat_entry)); 2201 memcpy(fh->fat_entry.filename, fh->filename, 2202 strlen(fh->filename)); 2203 /* Start address and size are 0 */ 2204 fh->fat_entry.flags = FILE_IS_ACTIVE; 2205 2206 res = generate_fek(&fh->fat_entry, uuid); 2207 if (res != TEE_SUCCESS) 2208 goto out; 2209 DMSG("GENERATE FEK key: %p", 2210 (void *)fh->fat_entry.fek); 2211 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 2212 2213 res = write_fat_entry(fh, true); 2214 if (res != TEE_SUCCESS) 2215 goto out; 2216 } 2217 } 2218 2219 res = TEE_SUCCESS; 2220 2221 out: 2222 return res; 2223 } 2224 2225 static void rpmb_fs_close(struct tee_file_handle **tfh) 2226 { 2227 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2228 2229 free(fh); 2230 *tfh = NULL; 2231 } 2232 2233 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, size_t pos, 2234 void *buf, size_t *len) 2235 { 2236 TEE_Result res; 2237 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2238 size_t size = *len; 2239 2240 if (!size) 2241 return TEE_SUCCESS; 2242 2243 mutex_lock(&rpmb_mutex); 2244 2245 dump_fh(fh); 2246 2247 res = read_fat(fh, NULL); 2248 if (res != TEE_SUCCESS) 2249 goto out; 2250 2251 if (pos >= fh->fat_entry.data_size) { 2252 *len = 0; 2253 goto out; 2254 } 2255 2256 size = MIN(size, fh->fat_entry.data_size - pos); 2257 if (size) { 2258 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2259 fh->fat_entry.start_address + pos, buf, 2260 size, fh->fat_entry.fek, fh->uuid); 2261 if (res != TEE_SUCCESS) 2262 goto out; 2263 } 2264 *len = size; 2265 2266 out: 2267 mutex_unlock(&rpmb_mutex); 2268 return res; 2269 } 2270 2271 static TEE_Result rpmb_fs_write_primitive(struct rpmb_file_handle *fh, 2272 size_t pos, const void *buf, 2273 size_t size) 2274 { 2275 TEE_Result res; 2276 tee_mm_pool_t p; 2277 bool pool_result = false; 2278 tee_mm_entry_t *mm; 2279 size_t end; 2280 size_t newsize; 2281 uint8_t *newbuf = NULL; 2282 uintptr_t newaddr; 2283 uint32_t start_addr; 2284 2285 if (!size) 2286 return TEE_SUCCESS; 2287 2288 if (!fs_par) { 2289 res = TEE_ERROR_GENERIC; 2290 goto out; 2291 } 2292 2293 dump_fh(fh); 2294 2295 /* Upper memory allocation must be used for RPMB_FS. */ 2296 pool_result = tee_mm_init(&p, 2297 RPMB_STORAGE_START_ADDRESS, 2298 fs_par->max_rpmb_address, 2299 RPMB_BLOCK_SIZE_SHIFT, 2300 TEE_MM_POOL_HI_ALLOC); 2301 if (!pool_result) { 2302 res = TEE_ERROR_OUT_OF_MEMORY; 2303 goto out; 2304 } 2305 2306 res = read_fat(fh, &p); 2307 if (res != TEE_SUCCESS) 2308 goto out; 2309 2310 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2311 panic("invalid last entry flag"); 2312 2313 if (ADD_OVERFLOW(pos, size, &end)) { 2314 res = TEE_ERROR_BAD_PARAMETERS; 2315 goto out; 2316 } 2317 if (ADD_OVERFLOW(fh->fat_entry.start_address, pos, &start_addr)) { 2318 res = TEE_ERROR_BAD_PARAMETERS; 2319 goto out; 2320 } 2321 2322 if (end <= fh->fat_entry.data_size && 2323 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2324 2325 DMSG("Updating data in-place"); 2326 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2327 size, fh->fat_entry.fek, fh->uuid); 2328 if (res != TEE_SUCCESS) 2329 goto out; 2330 } else { 2331 /* 2332 * File must be extended, or update cannot be atomic: allocate, 2333 * read, update, write. 2334 */ 2335 2336 DMSG("Need to re-allocate"); 2337 newsize = MAX(end, fh->fat_entry.data_size); 2338 mm = tee_mm_alloc(&p, newsize); 2339 newbuf = calloc(1, newsize); 2340 if (!mm || !newbuf) { 2341 res = TEE_ERROR_OUT_OF_MEMORY; 2342 goto out; 2343 } 2344 2345 if (fh->fat_entry.data_size) { 2346 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2347 fh->fat_entry.start_address, 2348 newbuf, fh->fat_entry.data_size, 2349 fh->fat_entry.fek, fh->uuid); 2350 if (res != TEE_SUCCESS) 2351 goto out; 2352 } 2353 2354 memcpy(newbuf + pos, buf, size); 2355 2356 newaddr = tee_mm_get_smem(mm); 2357 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2358 newsize, fh->fat_entry.fek, fh->uuid); 2359 if (res != TEE_SUCCESS) 2360 goto out; 2361 2362 fh->fat_entry.data_size = newsize; 2363 fh->fat_entry.start_address = newaddr; 2364 res = write_fat_entry(fh, true); 2365 if (res != TEE_SUCCESS) 2366 goto out; 2367 } 2368 2369 out: 2370 if (pool_result) 2371 tee_mm_final(&p); 2372 if (newbuf) 2373 free(newbuf); 2374 2375 return res; 2376 } 2377 2378 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, size_t pos, 2379 const void *buf, size_t size) 2380 { 2381 TEE_Result res; 2382 2383 mutex_lock(&rpmb_mutex); 2384 res = rpmb_fs_write_primitive((struct rpmb_file_handle *)tfh, pos, 2385 buf, size); 2386 mutex_unlock(&rpmb_mutex); 2387 2388 return res; 2389 } 2390 2391 static TEE_Result rpmb_fs_remove_internal(struct rpmb_file_handle *fh) 2392 { 2393 TEE_Result res; 2394 2395 res = read_fat(fh, NULL); 2396 if (res) 2397 return res; 2398 2399 /* Clear this file entry. */ 2400 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2401 return write_fat_entry(fh, false); 2402 } 2403 2404 static TEE_Result rpmb_fs_remove(struct tee_pobj *po) 2405 { 2406 TEE_Result res; 2407 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2408 2409 if (!fh) 2410 return TEE_ERROR_OUT_OF_MEMORY; 2411 2412 mutex_lock(&rpmb_mutex); 2413 2414 res = rpmb_fs_remove_internal(fh); 2415 2416 mutex_unlock(&rpmb_mutex); 2417 2418 free(fh); 2419 return res; 2420 } 2421 2422 static TEE_Result rpmb_fs_rename_internal(struct tee_pobj *old, 2423 struct tee_pobj *new, 2424 bool overwrite) 2425 { 2426 TEE_Result res = TEE_ERROR_GENERIC; 2427 struct rpmb_file_handle *fh_old = NULL; 2428 struct rpmb_file_handle *fh_new = NULL; 2429 2430 if (!old) { 2431 res = TEE_ERROR_BAD_PARAMETERS; 2432 goto out; 2433 } 2434 2435 if (new) 2436 fh_old = alloc_file_handle(old, old->temporary); 2437 else 2438 fh_old = alloc_file_handle(old, true); 2439 if (!fh_old) { 2440 res = TEE_ERROR_OUT_OF_MEMORY; 2441 goto out; 2442 } 2443 2444 if (new) 2445 fh_new = alloc_file_handle(new, new->temporary); 2446 else 2447 fh_new = alloc_file_handle(old, false); 2448 if (!fh_new) { 2449 res = TEE_ERROR_OUT_OF_MEMORY; 2450 goto out; 2451 } 2452 2453 res = read_fat(fh_old, NULL); 2454 if (res != TEE_SUCCESS) 2455 goto out; 2456 2457 res = read_fat(fh_new, NULL); 2458 if (res == TEE_SUCCESS) { 2459 if (!overwrite) { 2460 res = TEE_ERROR_ACCESS_CONFLICT; 2461 goto out; 2462 } 2463 2464 /* Clear this file entry. */ 2465 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2466 res = write_fat_entry(fh_new, false); 2467 if (res != TEE_SUCCESS) 2468 goto out; 2469 } 2470 2471 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2472 memcpy(fh_old->fat_entry.filename, fh_new->filename, 2473 strlen(fh_new->filename)); 2474 2475 res = write_fat_entry(fh_old, false); 2476 2477 out: 2478 free(fh_old); 2479 free(fh_new); 2480 2481 return res; 2482 } 2483 2484 static TEE_Result rpmb_fs_rename(struct tee_pobj *old, struct tee_pobj *new, 2485 bool overwrite) 2486 { 2487 TEE_Result res; 2488 2489 mutex_lock(&rpmb_mutex); 2490 res = rpmb_fs_rename_internal(old, new, overwrite); 2491 mutex_unlock(&rpmb_mutex); 2492 2493 return res; 2494 } 2495 2496 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2497 { 2498 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2499 tee_mm_pool_t p; 2500 bool pool_result = false; 2501 tee_mm_entry_t *mm; 2502 uint32_t newsize; 2503 uint8_t *newbuf = NULL; 2504 uintptr_t newaddr; 2505 TEE_Result res = TEE_ERROR_GENERIC; 2506 2507 mutex_lock(&rpmb_mutex); 2508 2509 if (length > INT32_MAX) { 2510 res = TEE_ERROR_BAD_PARAMETERS; 2511 goto out; 2512 } 2513 newsize = length; 2514 2515 res = read_fat(fh, NULL); 2516 if (res != TEE_SUCCESS) 2517 goto out; 2518 2519 if (newsize > fh->fat_entry.data_size) { 2520 /* Extend file */ 2521 2522 pool_result = tee_mm_init(&p, 2523 RPMB_STORAGE_START_ADDRESS, 2524 fs_par->max_rpmb_address, 2525 RPMB_BLOCK_SIZE_SHIFT, 2526 TEE_MM_POOL_HI_ALLOC); 2527 if (!pool_result) { 2528 res = TEE_ERROR_OUT_OF_MEMORY; 2529 goto out; 2530 } 2531 res = read_fat(fh, &p); 2532 if (res != TEE_SUCCESS) 2533 goto out; 2534 2535 mm = tee_mm_alloc(&p, newsize); 2536 newbuf = calloc(1, newsize); 2537 if (!mm || !newbuf) { 2538 res = TEE_ERROR_OUT_OF_MEMORY; 2539 goto out; 2540 } 2541 2542 if (fh->fat_entry.data_size) { 2543 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2544 fh->fat_entry.start_address, 2545 newbuf, fh->fat_entry.data_size, 2546 fh->fat_entry.fek, fh->uuid); 2547 if (res != TEE_SUCCESS) 2548 goto out; 2549 } 2550 2551 newaddr = tee_mm_get_smem(mm); 2552 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2553 newsize, fh->fat_entry.fek, fh->uuid); 2554 if (res != TEE_SUCCESS) 2555 goto out; 2556 2557 } else { 2558 /* Don't change file location */ 2559 newaddr = fh->fat_entry.start_address; 2560 } 2561 2562 /* fh->pos is unchanged */ 2563 fh->fat_entry.data_size = newsize; 2564 fh->fat_entry.start_address = newaddr; 2565 res = write_fat_entry(fh, true); 2566 2567 out: 2568 mutex_unlock(&rpmb_mutex); 2569 if (pool_result) 2570 tee_mm_final(&p); 2571 if (newbuf) 2572 free(newbuf); 2573 2574 return res; 2575 } 2576 2577 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2578 { 2579 struct tee_rpmb_fs_dirent *e; 2580 2581 if (!dir) 2582 return; 2583 2584 free(dir->current); 2585 2586 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2587 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2588 free(e); 2589 } 2590 } 2591 2592 static TEE_Result rpmb_fs_dir_populate(const char *path, 2593 struct tee_fs_dir *dir) 2594 { 2595 struct tee_rpmb_fs_dirent *current = NULL; 2596 struct rpmb_fat_entry *fe = NULL; 2597 uint32_t fat_address; 2598 uint32_t filelen; 2599 char *filename; 2600 bool matched; 2601 struct tee_rpmb_fs_dirent *next = NULL; 2602 uint32_t pathlen; 2603 TEE_Result res = TEE_ERROR_GENERIC; 2604 char temp; 2605 2606 mutex_lock(&rpmb_mutex); 2607 2608 res = fat_entry_dir_init(); 2609 if (res) 2610 goto out; 2611 2612 pathlen = strlen(path); 2613 2614 while (true) { 2615 res = fat_entry_dir_get_next(&fe, &fat_address); 2616 if (res || !fe) 2617 break; 2618 2619 filename = fe->filename; 2620 if (fe->flags & FILE_IS_ACTIVE) { 2621 matched = false; 2622 filelen = strlen(filename); 2623 if (filelen > pathlen) { 2624 temp = filename[pathlen]; 2625 filename[pathlen] = '\0'; 2626 if (strcmp(filename, path) == 0) 2627 matched = true; 2628 2629 filename[pathlen] = temp; 2630 } 2631 2632 if (matched) { 2633 next = malloc(sizeof(*next)); 2634 if (!next) { 2635 res = TEE_ERROR_OUT_OF_MEMORY; 2636 goto out; 2637 } 2638 2639 next->entry.oidlen = tee_hs2b((uint8_t *) 2640 &filename[pathlen], 2641 next->entry.oid, 2642 filelen - pathlen, 2643 sizeof(next->entry.oid)); 2644 if (next->entry.oidlen) { 2645 SIMPLEQ_INSERT_TAIL(&dir->next, 2646 next, link); 2647 current = next; 2648 } else { 2649 free(next); 2650 next = NULL; 2651 } 2652 } 2653 } 2654 } 2655 2656 if (res) 2657 goto out; 2658 2659 if (current) 2660 res = TEE_SUCCESS; 2661 else 2662 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2663 2664 out: 2665 mutex_unlock(&rpmb_mutex); 2666 fat_entry_dir_deinit(); 2667 if (res) 2668 rpmb_fs_dir_free(dir); 2669 2670 return res; 2671 } 2672 2673 static TEE_Result rpmb_fs_opendir(const TEE_UUID *uuid, struct tee_fs_dir **dir) 2674 { 2675 uint32_t len; 2676 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2677 TEE_Result res = TEE_ERROR_GENERIC; 2678 struct tee_fs_dir *rpmb_dir = NULL; 2679 2680 if (!uuid || !dir) { 2681 res = TEE_ERROR_BAD_PARAMETERS; 2682 goto out; 2683 } 2684 2685 memset(path_local, 0, sizeof(path_local)); 2686 if (tee_svc_storage_create_dirname(path_local, sizeof(path_local) - 1, 2687 uuid) != TEE_SUCCESS) { 2688 res = TEE_ERROR_BAD_PARAMETERS; 2689 goto out; 2690 } 2691 len = strlen(path_local); 2692 2693 /* Add a slash to correctly match the full directory name. */ 2694 if (path_local[len - 1] != '/') 2695 path_local[len] = '/'; 2696 2697 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2698 if (!rpmb_dir) { 2699 res = TEE_ERROR_OUT_OF_MEMORY; 2700 goto out; 2701 } 2702 SIMPLEQ_INIT(&rpmb_dir->next); 2703 2704 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2705 if (res != TEE_SUCCESS) { 2706 free(rpmb_dir); 2707 rpmb_dir = NULL; 2708 goto out; 2709 } 2710 2711 *dir = rpmb_dir; 2712 2713 out: 2714 return res; 2715 } 2716 2717 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2718 struct tee_fs_dirent **ent) 2719 { 2720 if (!dir) 2721 return TEE_ERROR_GENERIC; 2722 2723 free(dir->current); 2724 2725 dir->current = SIMPLEQ_FIRST(&dir->next); 2726 if (!dir->current) 2727 return TEE_ERROR_ITEM_NOT_FOUND; 2728 2729 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2730 2731 *ent = &dir->current->entry; 2732 return TEE_SUCCESS; 2733 } 2734 2735 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2736 { 2737 if (dir) { 2738 rpmb_fs_dir_free(dir); 2739 free(dir); 2740 } 2741 } 2742 2743 static TEE_Result rpmb_fs_open(struct tee_pobj *po, size_t *size, 2744 struct tee_file_handle **ret_fh) 2745 { 2746 TEE_Result res; 2747 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2748 2749 if (!fh) 2750 return TEE_ERROR_OUT_OF_MEMORY; 2751 2752 mutex_lock(&rpmb_mutex); 2753 2754 res = rpmb_fs_open_internal(fh, &po->uuid, false); 2755 if (!res && size) 2756 *size = fh->fat_entry.data_size; 2757 2758 mutex_unlock(&rpmb_mutex); 2759 2760 if (res) 2761 free(fh); 2762 else 2763 *ret_fh = (struct tee_file_handle *)fh; 2764 2765 return res; 2766 } 2767 2768 static TEE_Result rpmb_fs_create(struct tee_pobj *po, bool overwrite, 2769 const void *head, size_t head_size, 2770 const void *attr, size_t attr_size, 2771 const void *data, size_t data_size, 2772 struct tee_file_handle **ret_fh) 2773 { 2774 TEE_Result res; 2775 size_t pos = 0; 2776 struct rpmb_file_handle *fh = alloc_file_handle(po, po->temporary); 2777 2778 if (!fh) 2779 return TEE_ERROR_OUT_OF_MEMORY; 2780 2781 mutex_lock(&rpmb_mutex); 2782 res = rpmb_fs_open_internal(fh, &po->uuid, true); 2783 if (res) 2784 goto out; 2785 2786 if (head && head_size) { 2787 res = rpmb_fs_write_primitive(fh, pos, head, head_size); 2788 if (res) 2789 goto out; 2790 pos += head_size; 2791 } 2792 2793 if (attr && attr_size) { 2794 res = rpmb_fs_write_primitive(fh, pos, attr, attr_size); 2795 if (res) 2796 goto out; 2797 pos += attr_size; 2798 } 2799 2800 if (data && data_size) { 2801 res = rpmb_fs_write_primitive(fh, pos, data, data_size); 2802 if (res) 2803 goto out; 2804 } 2805 2806 if (po->temporary) { 2807 /* 2808 * If it's a temporary filename (which it normally is) 2809 * rename into the final filename now that the file is 2810 * fully initialized. 2811 */ 2812 po->temporary = false; 2813 res = rpmb_fs_rename_internal(po, NULL, overwrite); 2814 if (res) { 2815 po->temporary = true; 2816 goto out; 2817 } 2818 /* Update file handle after rename. */ 2819 tee_svc_storage_create_filename(fh->filename, 2820 sizeof(fh->filename), 2821 po, false); 2822 } 2823 2824 out: 2825 if (res) { 2826 rpmb_fs_remove_internal(fh); 2827 free(fh); 2828 } else { 2829 *ret_fh = (struct tee_file_handle *)fh; 2830 } 2831 mutex_unlock(&rpmb_mutex); 2832 2833 return res; 2834 } 2835 2836 const struct tee_file_operations rpmb_fs_ops = { 2837 .open = rpmb_fs_open, 2838 .create = rpmb_fs_create, 2839 .close = rpmb_fs_close, 2840 .read = rpmb_fs_read, 2841 .write = rpmb_fs_write, 2842 .truncate = rpmb_fs_truncate, 2843 .rename = rpmb_fs_rename, 2844 .remove = rpmb_fs_remove, 2845 .opendir = rpmb_fs_opendir, 2846 .closedir = rpmb_fs_closedir, 2847 .readdir = rpmb_fs_readdir, 2848 }; 2849 2850 TEE_Result tee_rpmb_fs_raw_open(const char *fname, bool create, 2851 struct tee_file_handle **ret_fh) 2852 { 2853 TEE_Result res; 2854 struct rpmb_file_handle *fh = calloc(1, sizeof(*fh)); 2855 static const TEE_UUID uuid = { 0 }; 2856 2857 if (!fh) 2858 return TEE_ERROR_OUT_OF_MEMORY; 2859 2860 snprintf(fh->filename, sizeof(fh->filename), "/%s", fname); 2861 2862 mutex_lock(&rpmb_mutex); 2863 2864 res = rpmb_fs_open_internal(fh, &uuid, create); 2865 2866 mutex_unlock(&rpmb_mutex); 2867 2868 if (res) { 2869 if (create) 2870 rpmb_fs_remove_internal(fh); 2871 free(fh); 2872 } else { 2873 *ret_fh = (struct tee_file_handle *)fh; 2874 } 2875 2876 return res; 2877 } 2878 2879 bool __weak plat_rpmb_key_is_ready(void) 2880 { 2881 return true; 2882 } 2883