1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include <assert.h> 29 #include <kernel/tee_common.h> 30 #include <kernel/mutex.h> 31 #include <kernel/panic.h> 32 #include <kernel/tee_common_otp.h> 33 #include <kernel/thread.h> 34 #include <optee_msg.h> 35 #include <tee/tee_cryp_provider.h> 36 #include <tee/tee_fs_defs.h> 37 #include <tee/tee_fs.h> 38 #include <tee/tee_fs_key_manager.h> 39 #include <mm/core_memprot.h> 40 #include <mm/tee_mm.h> 41 #include <stdlib.h> 42 #include <string.h> 43 #include <string_ext.h> 44 #include <sys/queue.h> 45 #include <trace.h> 46 #include <util.h> 47 48 #define RPMB_STORAGE_START_ADDRESS 0 49 #define RPMB_FS_FAT_START_ADDRESS 512 50 #define RPMB_BLOCK_SIZE_SHIFT 8 51 52 #define RPMB_FS_MAGIC 0x52504D42 53 #define FS_VERSION 2 54 #define N_ENTRIES 8 55 56 #define FILE_IS_ACTIVE (1u << 0) 57 #define FILE_IS_LAST_ENTRY (1u << 1) 58 59 #define TEE_RPMB_FS_FILENAME_LENGTH 224 60 61 /** 62 * FS parameters: Information often used by internal functions. 63 * fat_start_address will be set by rpmb_fs_setup(). 64 * rpmb_fs_parameters can be read by any other function. 65 */ 66 struct rpmb_fs_parameters { 67 uint32_t fat_start_address; 68 uint32_t max_rpmb_address; 69 }; 70 71 /** 72 * File entry for a single file in a RPMB_FS partition. 73 */ 74 struct rpmb_fat_entry { 75 uint32_t start_address; 76 uint32_t data_size; 77 uint32_t flags; 78 uint32_t write_counter; 79 uint8_t fek[TEE_FS_KM_FEK_SIZE]; 80 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 81 }; 82 83 /** 84 * FAT entry context with reference to a FAT entry and its 85 * location in RPMB. 86 */ 87 struct rpmb_file_handle { 88 struct rpmb_fat_entry fat_entry; 89 char filename[TEE_RPMB_FS_FILENAME_LENGTH]; 90 /* Address for current entry in RPMB */ 91 uint32_t rpmb_fat_address; 92 /* Current position */ 93 uint32_t pos; 94 }; 95 96 /** 97 * RPMB_FS partition data 98 */ 99 struct rpmb_fs_partition { 100 uint32_t rpmb_fs_magic; 101 uint32_t fs_version; 102 uint32_t write_counter; 103 uint32_t fat_start_address; 104 /* Do not use reserved[] for other purpose than partition data. */ 105 uint8_t reserved[112]; 106 }; 107 108 /** 109 * A node in a list of directory entries. entry->name is a 110 * pointer to name here. 111 */ 112 struct tee_rpmb_fs_dirent { 113 struct tee_fs_dirent entry; 114 char name[TEE_RPMB_FS_FILENAME_LENGTH]; 115 /* */ 116 SIMPLEQ_ENTRY(tee_rpmb_fs_dirent) link; 117 }; 118 119 /** 120 * The RPMB directory representation. It contains a queue of 121 * RPMB directory entries: 'next'. 122 * The current pointer points to the last directory entry 123 * returned by readdir(). 124 */ 125 struct tee_fs_dir { 126 struct tee_rpmb_fs_dirent *current; 127 /* */ 128 SIMPLEQ_HEAD(next_head, tee_rpmb_fs_dirent) next; 129 }; 130 131 static struct rpmb_fs_parameters *fs_par; 132 133 /* 134 * Lower interface to RPMB device 135 */ 136 137 #define RPMB_DATA_OFFSET (RPMB_STUFF_DATA_SIZE + RPMB_KEY_MAC_SIZE) 138 #define RPMB_MAC_PROTECT_DATA_SIZE (RPMB_DATA_FRAME_SIZE - RPMB_DATA_OFFSET) 139 140 #define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 141 #define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 142 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 143 #define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 144 #define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 145 #define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 146 #define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 147 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 148 #define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 149 150 #define RPMB_STUFF_DATA_SIZE 196 151 #define RPMB_KEY_MAC_SIZE 32 152 #define RPMB_DATA_SIZE 256 153 #define RPMB_NONCE_SIZE 16 154 #define RPMB_DATA_FRAME_SIZE 512 155 156 #define RPMB_RESULT_OK 0x00 157 #define RPMB_RESULT_GENERAL_FAILURE 0x01 158 #define RPMB_RESULT_AUTH_FAILURE 0x02 159 #define RPMB_RESULT_COUNTER_FAILURE 0x03 160 #define RPMB_RESULT_ADDRESS_FAILURE 0x04 161 #define RPMB_RESULT_WRITE_FAILURE 0x05 162 #define RPMB_RESULT_READ_FAILURE 0x06 163 #define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 164 #define RPMB_RESULT_MASK 0x3F 165 #define RPMB_RESULT_WR_CNT_EXPIRED 0x80 166 167 /* RPMB internal commands */ 168 #define RPMB_CMD_DATA_REQ 0x00 169 #define RPMB_CMD_GET_DEV_INFO 0x01 170 171 #define RPMB_SIZE_SINGLE (128 * 1024) 172 173 /* Error codes for get_dev_info request/response. */ 174 #define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 175 #define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 176 177 struct rpmb_data_frame { 178 uint8_t stuff_bytes[RPMB_STUFF_DATA_SIZE]; 179 uint8_t key_mac[RPMB_KEY_MAC_SIZE]; 180 uint8_t data[RPMB_DATA_SIZE]; 181 uint8_t nonce[RPMB_NONCE_SIZE]; 182 uint8_t write_counter[4]; 183 uint8_t address[2]; 184 uint8_t block_count[2]; 185 uint8_t op_result[2]; 186 uint8_t msg_type[2]; 187 }; 188 189 struct rpmb_req { 190 uint16_t cmd; 191 uint16_t dev_id; 192 uint16_t block_count; 193 /* variable length of data */ 194 /* uint8_t data[]; REMOVED! */ 195 }; 196 197 #define TEE_RPMB_REQ_DATA(req) \ 198 ((void *)((struct rpmb_req *)(req) + 1)) 199 200 struct rpmb_raw_data { 201 uint16_t msg_type; 202 uint16_t *op_result; 203 uint16_t *block_count; 204 uint16_t *blk_idx; 205 uint32_t *write_counter; 206 uint8_t *nonce; 207 uint8_t *key_mac; 208 uint8_t *data; 209 /* data length to read or write */ 210 uint32_t len; 211 /* Byte address offset in the first block involved */ 212 uint8_t byte_offset; 213 }; 214 215 #define RPMB_EMMC_CID_SIZE 16 216 struct rpmb_dev_info { 217 uint8_t cid[RPMB_EMMC_CID_SIZE]; 218 /* EXT CSD-slice 168 "RPMB Size" */ 219 uint8_t rpmb_size_mult; 220 /* EXT CSD-slice 222 "Reliable Write Sector Count" */ 221 uint8_t rel_wr_sec_c; 222 /* Check the ret code and accept the data only if it is OK. */ 223 uint8_t ret_code; 224 }; 225 226 /* 227 * Struct for rpmb context data. 228 * 229 * @key RPMB key. 230 * @cid eMMC card ID. 231 * @hash_ctx_size Hash context size 232 * @wr_cnt Current write counter. 233 * @max_blk_idx The highest block index supported by current device. 234 * @rel_wr_blkcnt Max number of data blocks for each reliable write. 235 * @dev_id Device ID of the eMMC device. 236 * @wr_cnt_synced Flag indicating if write counter is synced to RPMB. 237 * @key_derived Flag indicating if key has been generated. 238 * @key_verified Flag indicating the key generated is verified ok. 239 * @dev_info_synced Flag indicating if dev info has been retrieved from RPMB. 240 */ 241 struct tee_rpmb_ctx { 242 uint8_t key[RPMB_KEY_MAC_SIZE]; 243 uint8_t cid[RPMB_EMMC_CID_SIZE]; 244 size_t hash_ctx_size; 245 uint32_t wr_cnt; 246 uint16_t max_blk_idx; 247 uint16_t rel_wr_blkcnt; 248 uint16_t dev_id; 249 bool wr_cnt_synced; 250 bool key_derived; 251 bool key_verified; 252 bool dev_info_synced; 253 }; 254 255 static struct tee_rpmb_ctx *rpmb_ctx; 256 257 /* 258 * Mutex to serialize the operations exported by this file. 259 * It protects rpmb_ctx and prevents overlapping operations on eMMC devices with 260 * different IDs. 261 */ 262 static struct mutex rpmb_mutex = MUTEX_INITIALIZER; 263 264 #ifdef CFG_RPMB_TESTKEY 265 266 static const uint8_t rpmb_test_key[RPMB_KEY_MAC_SIZE] = { 267 0xD3, 0xEB, 0x3E, 0xC3, 0x6E, 0x33, 0x4C, 0x9F, 268 0x98, 0x8C, 0xE2, 0xC0, 0xB8, 0x59, 0x54, 0x61, 269 0x0D, 0x2B, 0xCF, 0x86, 0x64, 0x84, 0x4D, 0xF2, 270 0xAB, 0x56, 0xE6, 0xC6, 0x1B, 0xB7, 0x01, 0xE4 271 }; 272 273 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 274 uint8_t *key, uint32_t len) 275 { 276 TEE_Result res = TEE_SUCCESS; 277 278 if (!key || RPMB_KEY_MAC_SIZE != len) { 279 res = TEE_ERROR_BAD_PARAMETERS; 280 goto out; 281 } 282 283 DMSG("RPMB: Using test key"); 284 memcpy(key, rpmb_test_key, RPMB_KEY_MAC_SIZE); 285 286 out: 287 return res; 288 } 289 290 #else /* !CFG_RPMB_TESTKEY */ 291 292 /* 293 * NOTE: We need a common API to get hw unique key and it 294 * should return error when the hw unique is not a valid 295 * one as stated below. 296 * We need to make sure the hw unique we get is valid by: 297 * 1. In case of HUK is used, checking if OTP is hidden (in 298 * which case only zeros will be returned) or not; 299 * 2. In case of SSK is used, checking if SSK in OTP is 300 * write_locked (which means a valid key is provisioned) 301 * or not. 302 * 303 * Maybe tee_get_hw_unique_key() should be exposed as 304 * generic API for getting hw unique key! 305 * We should change the API tee_otp_get_hw_unique_key() 306 * to return error code! 307 */ 308 static TEE_Result tee_get_hw_unique_key(struct tee_hw_unique_key *hwkey) 309 { 310 if (!hwkey) 311 return TEE_ERROR_BAD_PARAMETERS; 312 313 tee_otp_get_hw_unique_key(hwkey); 314 315 return TEE_SUCCESS; 316 } 317 318 static TEE_Result tee_rpmb_key_gen(uint16_t dev_id __unused, 319 uint8_t *key, uint32_t len) 320 { 321 TEE_Result res; 322 struct tee_hw_unique_key hwkey; 323 uint8_t *ctx = NULL; 324 325 if (!key || RPMB_KEY_MAC_SIZE != len) { 326 res = TEE_ERROR_BAD_PARAMETERS; 327 goto out; 328 } 329 330 IMSG("RPMB: Using generated key"); 331 res = tee_get_hw_unique_key(&hwkey); 332 if (res != TEE_SUCCESS) 333 goto out; 334 335 ctx = malloc(rpmb_ctx->hash_ctx_size); 336 if (!ctx) { 337 res = TEE_ERROR_OUT_OF_MEMORY; 338 goto out; 339 } 340 341 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, hwkey.data, 342 HW_UNIQUE_KEY_LENGTH); 343 if (res != TEE_SUCCESS) 344 goto out; 345 346 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 347 (uint8_t *)rpmb_ctx->cid, 348 RPMB_EMMC_CID_SIZE); 349 if (res != TEE_SUCCESS) 350 goto out; 351 352 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, key, len); 353 354 out: 355 free(ctx); 356 return res; 357 } 358 359 #endif /* !CFG_RPMB_TESTKEY */ 360 361 static void u32_to_bytes(uint32_t u32, uint8_t *bytes) 362 { 363 *bytes = (uint8_t) (u32 >> 24); 364 *(bytes + 1) = (uint8_t) (u32 >> 16); 365 *(bytes + 2) = (uint8_t) (u32 >> 8); 366 *(bytes + 3) = (uint8_t) u32; 367 } 368 369 static void bytes_to_u32(uint8_t *bytes, uint32_t *u32) 370 { 371 *u32 = (uint32_t) ((*(bytes) << 24) + 372 (*(bytes + 1) << 16) + 373 (*(bytes + 2) << 8) + (*(bytes + 3))); 374 } 375 376 static void u16_to_bytes(uint16_t u16, uint8_t *bytes) 377 { 378 *bytes = (uint8_t) (u16 >> 8); 379 *(bytes + 1) = (uint8_t) u16; 380 } 381 382 static void bytes_to_u16(uint8_t *bytes, uint16_t *u16) 383 { 384 *u16 = (uint16_t) ((*bytes << 8) + *(bytes + 1)); 385 } 386 387 static TEE_Result tee_rpmb_mac_calc(uint8_t *mac, uint32_t macsize, 388 uint8_t *key, uint32_t keysize, 389 struct rpmb_data_frame *datafrms, 390 uint16_t blkcnt) 391 { 392 TEE_Result res = TEE_ERROR_GENERIC; 393 int i; 394 uint8_t *ctx = NULL; 395 396 if (!mac || !key || !datafrms) 397 return TEE_ERROR_BAD_PARAMETERS; 398 399 ctx = malloc(rpmb_ctx->hash_ctx_size); 400 if (!ctx) 401 return TEE_ERROR_OUT_OF_MEMORY; 402 403 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, key, keysize); 404 if (res != TEE_SUCCESS) 405 goto func_exit; 406 407 for (i = 0; i < blkcnt; i++) { 408 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 409 datafrms[i].data, 410 RPMB_MAC_PROTECT_DATA_SIZE); 411 if (res != TEE_SUCCESS) 412 goto func_exit; 413 } 414 415 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, mac, macsize); 416 if (res != TEE_SUCCESS) 417 goto func_exit; 418 419 res = TEE_SUCCESS; 420 421 func_exit: 422 free(ctx); 423 return res; 424 } 425 426 struct tee_rpmb_mem { 427 paddr_t phreq; 428 uint64_t phreq_cookie; 429 paddr_t phresp; 430 uint64_t phresp_cookie; 431 size_t req_size; 432 size_t resp_size; 433 }; 434 435 static void tee_rpmb_free(struct tee_rpmb_mem *mem) 436 { 437 if (!mem) 438 return; 439 440 thread_rpc_free_payload(mem->phreq_cookie); 441 thread_rpc_free_payload(mem->phresp_cookie); 442 mem->phreq = 0; 443 mem->phreq_cookie = 0; 444 mem->phresp = 0; 445 mem->phresp_cookie = 0; 446 } 447 448 449 static TEE_Result tee_rpmb_alloc(size_t req_size, size_t resp_size, 450 struct tee_rpmb_mem *mem, void **req, void **resp) 451 { 452 TEE_Result res = TEE_SUCCESS; 453 size_t req_s = ROUNDUP(req_size, sizeof(uint32_t)); 454 size_t resp_s = ROUNDUP(resp_size, sizeof(uint32_t)); 455 456 if (!mem) 457 return TEE_ERROR_BAD_PARAMETERS; 458 459 memset(mem, 0, sizeof(*mem)); 460 thread_rpc_alloc_payload(req_s, &mem->phreq, &mem->phreq_cookie); 461 thread_rpc_alloc_payload(resp_s, &mem->phresp, &mem->phresp_cookie); 462 if (!mem->phreq || !mem->phresp) { 463 res = TEE_ERROR_OUT_OF_MEMORY; 464 goto out; 465 } 466 467 *req = phys_to_virt(mem->phreq, MEM_AREA_NSEC_SHM); 468 *resp = phys_to_virt(mem->phresp, MEM_AREA_NSEC_SHM); 469 if (!*req || !*resp) { 470 res = TEE_ERROR_GENERIC; 471 goto out; 472 } 473 474 mem->req_size = req_size; 475 mem->resp_size = resp_size; 476 477 out: 478 if (res != TEE_SUCCESS) 479 tee_rpmb_free(mem); 480 return res; 481 } 482 483 static TEE_Result tee_rpmb_invoke(struct tee_rpmb_mem *mem) 484 { 485 struct optee_msg_param params[2]; 486 487 memset(params, 0, sizeof(params)); 488 params[0].attr = OPTEE_MSG_ATTR_TYPE_TMEM_INPUT; 489 params[1].attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT; 490 params[0].u.tmem.buf_ptr = mem->phreq; 491 params[0].u.tmem.size = mem->req_size; 492 params[0].u.tmem.shm_ref = mem->phreq_cookie; 493 params[1].u.tmem.buf_ptr = mem->phresp; 494 params[1].u.tmem.size = mem->resp_size; 495 params[1].u.tmem.shm_ref = mem->phresp_cookie; 496 497 return thread_rpc_cmd(OPTEE_MSG_RPC_CMD_RPMB, 2, params); 498 } 499 500 static bool is_zero(const uint8_t *buf, size_t size) 501 { 502 size_t i; 503 504 for (i = 0; i < size; i++) 505 if (buf[i]) 506 return false; 507 return true; 508 } 509 510 static TEE_Result encrypt_block(uint8_t *out, const uint8_t *in, 511 uint16_t blk_idx, const uint8_t *fek) 512 { 513 return tee_fs_crypt_block(out, in, RPMB_DATA_SIZE, blk_idx, fek, 514 TEE_MODE_ENCRYPT); 515 } 516 517 static TEE_Result decrypt_block(uint8_t *out, const uint8_t *in, 518 uint16_t blk_idx, const uint8_t *fek) 519 { 520 return tee_fs_crypt_block(out, in, RPMB_DATA_SIZE, blk_idx, fek, 521 TEE_MODE_DECRYPT); 522 } 523 524 /* Decrypt/copy at most one block of data */ 525 static TEE_Result decrypt(uint8_t *out, const struct rpmb_data_frame *frm, 526 size_t size, size_t offset, 527 uint16_t blk_idx __maybe_unused, const uint8_t *fek) 528 { 529 uint8_t *tmp __maybe_unused; 530 531 532 if ((size + offset < size) || (size + offset > RPMB_DATA_SIZE)) 533 panic("invalid size or offset"); 534 535 if (!fek) { 536 /* Block is not encrypted (not a file data block) */ 537 memcpy(out, frm->data + offset, size); 538 } else if (is_zero(fek, TEE_FS_KM_FEK_SIZE)) { 539 /* The file was created with encryption disabled */ 540 return TEE_ERROR_SECURITY; 541 } else { 542 /* Block is encrypted */ 543 if (size < RPMB_DATA_SIZE) { 544 /* 545 * Since output buffer is not large enough to hold one 546 * block we must allocate a temporary buffer. 547 */ 548 tmp = malloc(RPMB_DATA_SIZE); 549 if (!tmp) 550 return TEE_ERROR_OUT_OF_MEMORY; 551 decrypt_block(tmp, frm->data, blk_idx, fek); 552 memcpy(out, tmp + offset, size); 553 free(tmp); 554 } else { 555 decrypt_block(out, frm->data, blk_idx, fek); 556 } 557 } 558 559 return TEE_SUCCESS; 560 } 561 562 static TEE_Result tee_rpmb_req_pack(struct rpmb_req *req, 563 struct rpmb_raw_data *rawdata, 564 uint16_t nbr_frms, uint16_t dev_id, 565 const uint8_t *fek) 566 { 567 TEE_Result res = TEE_ERROR_GENERIC; 568 int i; 569 struct rpmb_data_frame *datafrm; 570 571 if (!req || !rawdata || !nbr_frms) 572 return TEE_ERROR_BAD_PARAMETERS; 573 574 /* 575 * Check write blockcount is not bigger than reliable write 576 * blockcount. 577 */ 578 if ((rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) && 579 (nbr_frms > rpmb_ctx->rel_wr_blkcnt)) { 580 DMSG("wr_blkcnt(%d) > rel_wr_blkcnt(%d)", nbr_frms, 581 rpmb_ctx->rel_wr_blkcnt); 582 return TEE_ERROR_GENERIC; 583 } 584 585 req->cmd = RPMB_CMD_DATA_REQ; 586 req->dev_id = dev_id; 587 588 /* Allocate memory for construct all data packets and calculate MAC. */ 589 datafrm = calloc(nbr_frms, RPMB_DATA_FRAME_SIZE); 590 if (!datafrm) 591 return TEE_ERROR_OUT_OF_MEMORY; 592 593 for (i = 0; i < nbr_frms; i++) { 594 u16_to_bytes(rawdata->msg_type, datafrm[i].msg_type); 595 596 if (rawdata->block_count) 597 u16_to_bytes(*rawdata->block_count, 598 datafrm[i].block_count); 599 600 if (rawdata->blk_idx) { 601 /* Check the block index is within range. */ 602 if ((*rawdata->blk_idx + nbr_frms) > 603 rpmb_ctx->max_blk_idx) { 604 res = TEE_ERROR_GENERIC; 605 goto func_exit; 606 } 607 u16_to_bytes(*rawdata->blk_idx, datafrm[i].address); 608 } 609 610 if (rawdata->write_counter) 611 u32_to_bytes(*rawdata->write_counter, 612 datafrm[i].write_counter); 613 614 if (rawdata->nonce) 615 memcpy(datafrm[i].nonce, rawdata->nonce, 616 RPMB_NONCE_SIZE); 617 618 if (rawdata->data) { 619 if (fek) 620 encrypt_block(datafrm[i].data, 621 rawdata->data + (i * RPMB_DATA_SIZE), 622 *rawdata->blk_idx + i, fek); 623 else 624 memcpy(datafrm[i].data, 625 rawdata->data + (i * RPMB_DATA_SIZE), 626 RPMB_DATA_SIZE); 627 } 628 } 629 630 if (rawdata->key_mac) { 631 if (rawdata->msg_type == RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE) { 632 res = 633 tee_rpmb_mac_calc(rawdata->key_mac, 634 RPMB_KEY_MAC_SIZE, rpmb_ctx->key, 635 RPMB_KEY_MAC_SIZE, datafrm, 636 nbr_frms); 637 if (res != TEE_SUCCESS) 638 goto func_exit; 639 } 640 memcpy(datafrm[nbr_frms - 1].key_mac, 641 rawdata->key_mac, RPMB_KEY_MAC_SIZE); 642 } 643 644 memcpy(TEE_RPMB_REQ_DATA(req), datafrm, 645 nbr_frms * RPMB_DATA_FRAME_SIZE); 646 647 #ifdef CFG_RPMB_FS_DEBUG_DATA 648 for (i = 0; i < nbr_frms; i++) { 649 DMSG("Dumping data frame %d:", i); 650 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 651 512 - RPMB_STUFF_DATA_SIZE); 652 } 653 #endif 654 655 res = TEE_SUCCESS; 656 func_exit: 657 free(datafrm); 658 return res; 659 } 660 661 static TEE_Result data_cpy_mac_calc_1b(struct rpmb_raw_data *rawdata, 662 struct rpmb_data_frame *frm, 663 uint8_t *fek) 664 { 665 TEE_Result res; 666 uint8_t *data; 667 uint16_t idx; 668 669 if (rawdata->len + rawdata->byte_offset > RPMB_DATA_SIZE) 670 return TEE_ERROR_BAD_PARAMETERS; 671 672 res = tee_rpmb_mac_calc(rawdata->key_mac, RPMB_KEY_MAC_SIZE, 673 rpmb_ctx->key, RPMB_KEY_MAC_SIZE, frm, 1); 674 if (res != TEE_SUCCESS) 675 return res; 676 677 data = rawdata->data; 678 bytes_to_u16(frm->address, &idx); 679 680 res = decrypt(data, frm, rawdata->len, rawdata->byte_offset, idx, fek); 681 return res; 682 } 683 684 static TEE_Result tee_rpmb_data_cpy_mac_calc(struct rpmb_data_frame *datafrm, 685 struct rpmb_raw_data *rawdata, 686 uint16_t nbr_frms, 687 struct rpmb_data_frame *lastfrm, 688 uint8_t *fek) 689 { 690 TEE_Result res = TEE_ERROR_GENERIC; 691 int i; 692 uint8_t *ctx = NULL; 693 uint16_t offset; 694 uint32_t size; 695 uint8_t *data; 696 uint16_t start_idx; 697 struct rpmb_data_frame localfrm; 698 699 if (!datafrm || !rawdata || !nbr_frms || !lastfrm) 700 return TEE_ERROR_BAD_PARAMETERS; 701 702 if (nbr_frms == 1) 703 return data_cpy_mac_calc_1b(rawdata, lastfrm, fek); 704 705 /* nbr_frms > 1 */ 706 707 data = rawdata->data; 708 709 ctx = malloc(rpmb_ctx->hash_ctx_size); 710 if (!ctx) { 711 res = TEE_ERROR_OUT_OF_MEMORY; 712 goto func_exit; 713 } 714 715 res = crypto_ops.mac.init(ctx, TEE_ALG_HMAC_SHA256, rpmb_ctx->key, 716 RPMB_KEY_MAC_SIZE); 717 if (res != TEE_SUCCESS) 718 goto func_exit; 719 720 /* 721 * Note: JEDEC JESD84-B51: "In every packet the address is the start 722 * address of the full access (not address of the individual half a 723 * sector)" 724 */ 725 bytes_to_u16(lastfrm->address, &start_idx); 726 727 for (i = 0; i < (nbr_frms - 1); i++) { 728 729 /* 730 * By working on a local copy of the RPMB frame, we ensure that 731 * the data can not be modified after the MAC is computed but 732 * before the payload is decrypted/copied to the output buffer. 733 */ 734 memcpy(&localfrm, &datafrm[i], RPMB_DATA_FRAME_SIZE); 735 736 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, 737 localfrm.data, 738 RPMB_MAC_PROTECT_DATA_SIZE); 739 if (res != TEE_SUCCESS) 740 goto func_exit; 741 742 if (i == 0) { 743 /* First block */ 744 offset = rawdata->byte_offset; 745 size = RPMB_DATA_SIZE - offset; 746 } else { 747 /* Middle blocks */ 748 size = RPMB_DATA_SIZE; 749 offset = 0; 750 } 751 752 res = decrypt(data, &localfrm, size, offset, start_idx + i, 753 fek); 754 if (res != TEE_SUCCESS) 755 goto func_exit; 756 757 data += size; 758 } 759 760 /* Last block */ 761 size = (rawdata->len + rawdata->byte_offset) % RPMB_DATA_SIZE; 762 if (size == 0) 763 size = RPMB_DATA_SIZE; 764 res = decrypt(data, lastfrm, size, 0, start_idx + nbr_frms - 1, fek); 765 if (res != TEE_SUCCESS) 766 goto func_exit; 767 768 /* Update MAC against the last block */ 769 res = crypto_ops.mac.update(ctx, TEE_ALG_HMAC_SHA256, lastfrm->data, 770 RPMB_MAC_PROTECT_DATA_SIZE); 771 if (res != TEE_SUCCESS) 772 goto func_exit; 773 774 res = crypto_ops.mac.final(ctx, TEE_ALG_HMAC_SHA256, rawdata->key_mac, 775 RPMB_KEY_MAC_SIZE); 776 if (res != TEE_SUCCESS) 777 goto func_exit; 778 779 res = TEE_SUCCESS; 780 781 func_exit: 782 free(ctx); 783 return res; 784 } 785 786 static TEE_Result tee_rpmb_resp_unpack_verify(struct rpmb_data_frame *datafrm, 787 struct rpmb_raw_data *rawdata, 788 uint16_t nbr_frms, uint8_t *fek) 789 { 790 TEE_Result res = TEE_ERROR_GENERIC; 791 uint16_t msg_type; 792 uint32_t wr_cnt; 793 uint16_t blk_idx; 794 uint16_t op_result; 795 struct rpmb_data_frame lastfrm; 796 797 if (!datafrm || !rawdata || !nbr_frms) 798 return TEE_ERROR_BAD_PARAMETERS; 799 800 #ifdef CFG_RPMB_FS_DEBUG_DATA 801 for (uint32_t i = 0; i < nbr_frms; i++) { 802 DMSG("Dumping data frame %d:", i); 803 DHEXDUMP((uint8_t *)&datafrm[i] + RPMB_STUFF_DATA_SIZE, 804 512 - RPMB_STUFF_DATA_SIZE); 805 } 806 #endif 807 808 /* Make sure the last data packet can't be modified once verified */ 809 memcpy(&lastfrm, &datafrm[nbr_frms - 1], RPMB_DATA_FRAME_SIZE); 810 811 /* Handle operation result and translate to TEEC error code. */ 812 bytes_to_u16(lastfrm.op_result, &op_result); 813 if (rawdata->op_result) 814 *rawdata->op_result = op_result; 815 if (op_result != RPMB_RESULT_OK) 816 return TEE_ERROR_GENERIC; 817 818 /* Check the response msg_type. */ 819 bytes_to_u16(lastfrm.msg_type, &msg_type); 820 if (msg_type != rawdata->msg_type) { 821 DMSG("Unexpected msg_type (0x%04x != 0x%04x)", msg_type, 822 rawdata->msg_type); 823 return TEE_ERROR_GENERIC; 824 } 825 826 if (rawdata->blk_idx) { 827 bytes_to_u16(lastfrm.address, &blk_idx); 828 if (blk_idx != *rawdata->blk_idx) { 829 DMSG("Unexpected block index"); 830 return TEE_ERROR_GENERIC; 831 } 832 } 833 834 if (rawdata->write_counter) { 835 wr_cnt = *rawdata->write_counter; 836 bytes_to_u32(lastfrm.write_counter, rawdata->write_counter); 837 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE) { 838 /* Verify the write counter is incremented by 1 */ 839 if (*rawdata->write_counter != wr_cnt + 1) { 840 DMSG("Counter mismatched (0x%04x/0x%04x)", 841 *rawdata->write_counter, wr_cnt + 1); 842 return TEE_ERROR_SECURITY; 843 } 844 rpmb_ctx->wr_cnt++; 845 } 846 } 847 848 if (rawdata->nonce) { 849 if (buf_compare_ct(rawdata->nonce, lastfrm.nonce, 850 RPMB_NONCE_SIZE) != 0) { 851 DMSG("Nonce mismatched"); 852 return TEE_ERROR_SECURITY; 853 } 854 } 855 856 if (rawdata->key_mac) { 857 if (msg_type == RPMB_MSG_TYPE_RESP_AUTH_DATA_READ) { 858 if (!rawdata->data) 859 return TEE_ERROR_GENERIC; 860 861 res = tee_rpmb_data_cpy_mac_calc(datafrm, rawdata, 862 nbr_frms, &lastfrm, 863 fek); 864 865 if (res != TEE_SUCCESS) 866 return res; 867 } else { 868 /* 869 * There should be only one data frame for 870 * other msg types. 871 */ 872 if (nbr_frms != 1) 873 return TEE_ERROR_GENERIC; 874 875 res = tee_rpmb_mac_calc(rawdata->key_mac, 876 RPMB_KEY_MAC_SIZE, 877 rpmb_ctx->key, 878 RPMB_KEY_MAC_SIZE, 879 &lastfrm, 1); 880 881 if (res != TEE_SUCCESS) 882 return res; 883 } 884 885 #ifndef CFG_RPMB_FS_NO_MAC 886 if (buf_compare_ct(rawdata->key_mac, 887 (datafrm + nbr_frms - 1)->key_mac, 888 RPMB_KEY_MAC_SIZE) != 0) { 889 DMSG("MAC mismatched:"); 890 #ifdef CFG_RPMB_FS_DEBUG_DATA 891 DHEXDUMP((uint8_t *)rawdata->key_mac, 32); 892 #endif 893 return TEE_ERROR_SECURITY; 894 } 895 #endif /* !CFG_RPMB_FS_NO_MAC */ 896 } 897 898 return TEE_SUCCESS; 899 } 900 901 static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, 902 struct rpmb_dev_info *dev_info) 903 { 904 TEE_Result res = TEE_ERROR_GENERIC; 905 struct tee_rpmb_mem mem; 906 struct rpmb_dev_info *di; 907 struct rpmb_req *req = NULL; 908 uint8_t *resp = NULL; 909 uint32_t req_size; 910 uint32_t resp_size; 911 912 if (!dev_info) 913 return TEE_ERROR_BAD_PARAMETERS; 914 915 req_size = sizeof(struct rpmb_req); 916 resp_size = sizeof(struct rpmb_dev_info); 917 res = tee_rpmb_alloc(req_size, resp_size, &mem, 918 (void *)&req, (void *)&resp); 919 if (res != TEE_SUCCESS) 920 goto func_exit; 921 922 req->cmd = RPMB_CMD_GET_DEV_INFO; 923 req->dev_id = dev_id; 924 925 di = (struct rpmb_dev_info *)resp; 926 di->ret_code = RPMB_CMD_GET_DEV_INFO_RET_ERROR; 927 928 res = tee_rpmb_invoke(&mem); 929 if (res != TEE_SUCCESS) 930 goto func_exit; 931 932 if (di->ret_code != RPMB_CMD_GET_DEV_INFO_RET_OK) { 933 res = TEE_ERROR_GENERIC; 934 goto func_exit; 935 } 936 937 memcpy((uint8_t *)dev_info, resp, sizeof(struct rpmb_dev_info)); 938 939 #ifdef CFG_RPMB_FS_DEBUG_DATA 940 DMSG("Dumping dev_info:"); 941 DHEXDUMP((uint8_t *)dev_info, sizeof(struct rpmb_dev_info)); 942 #endif 943 944 res = TEE_SUCCESS; 945 946 func_exit: 947 tee_rpmb_free(&mem); 948 return res; 949 } 950 951 static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id, 952 uint32_t *wr_cnt, 953 uint16_t *op_result) 954 { 955 TEE_Result res = TEE_ERROR_GENERIC; 956 struct tee_rpmb_mem mem; 957 uint16_t msg_type; 958 uint8_t nonce[RPMB_NONCE_SIZE]; 959 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 960 struct rpmb_req *req = NULL; 961 struct rpmb_data_frame *resp = NULL; 962 struct rpmb_raw_data rawdata; 963 uint32_t req_size; 964 uint32_t resp_size; 965 966 if (!wr_cnt) 967 return TEE_ERROR_BAD_PARAMETERS; 968 969 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 970 resp_size = RPMB_DATA_FRAME_SIZE; 971 res = tee_rpmb_alloc(req_size, resp_size, &mem, 972 (void *)&req, (void *)&resp); 973 if (res != TEE_SUCCESS) 974 goto func_exit; 975 976 res = crypto_ops.prng.read(nonce, RPMB_NONCE_SIZE); 977 if (res != TEE_SUCCESS) 978 goto func_exit; 979 980 msg_type = RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ; 981 982 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 983 rawdata.msg_type = msg_type; 984 rawdata.nonce = nonce; 985 986 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL); 987 if (res != TEE_SUCCESS) 988 goto func_exit; 989 990 res = tee_rpmb_invoke(&mem); 991 if (res != TEE_SUCCESS) 992 goto func_exit; 993 994 msg_type = RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ; 995 996 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 997 rawdata.msg_type = msg_type; 998 rawdata.op_result = op_result; 999 rawdata.write_counter = wr_cnt; 1000 rawdata.nonce = nonce; 1001 rawdata.key_mac = hmac; 1002 1003 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL); 1004 if (res != TEE_SUCCESS) 1005 goto func_exit; 1006 1007 res = TEE_SUCCESS; 1008 1009 func_exit: 1010 tee_rpmb_free(&mem); 1011 return res; 1012 } 1013 1014 static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) 1015 { 1016 uint16_t op_result = 0; 1017 TEE_Result res = TEE_ERROR_GENERIC; 1018 1019 res = tee_rpmb_init_read_wr_cnt(dev_id, &rpmb_ctx->wr_cnt, 1020 &op_result); 1021 1022 if (res == TEE_SUCCESS) { 1023 rpmb_ctx->key_verified = true; 1024 rpmb_ctx->wr_cnt_synced = true; 1025 } 1026 1027 DMSG("Verify key returning 0x%x\n", res); 1028 return res; 1029 } 1030 1031 static TEE_Result tee_rpmb_write_key(uint16_t dev_id) 1032 { 1033 TEE_Result res = TEE_ERROR_GENERIC; 1034 struct tee_rpmb_mem mem = { 0 }; 1035 uint16_t msg_type; 1036 struct rpmb_req *req = NULL; 1037 struct rpmb_data_frame *resp = NULL; 1038 struct rpmb_raw_data rawdata; 1039 uint32_t req_size; 1040 uint32_t resp_size; 1041 1042 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1043 resp_size = RPMB_DATA_FRAME_SIZE; 1044 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1045 (void *)&req, (void *)&resp); 1046 if (res != TEE_SUCCESS) 1047 goto func_exit; 1048 1049 msg_type = RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM; 1050 1051 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1052 rawdata.msg_type = msg_type; 1053 rawdata.key_mac = rpmb_ctx->key; 1054 1055 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL); 1056 if (res != TEE_SUCCESS) 1057 goto func_exit; 1058 1059 res = tee_rpmb_invoke(&mem); 1060 if (res != TEE_SUCCESS) 1061 goto func_exit; 1062 1063 msg_type = RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM; 1064 1065 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1066 rawdata.msg_type = msg_type; 1067 1068 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL); 1069 if (res != TEE_SUCCESS) 1070 goto func_exit; 1071 1072 res = TEE_SUCCESS; 1073 1074 func_exit: 1075 tee_rpmb_free(&mem); 1076 return res; 1077 } 1078 1079 /* True when all the required crypto functions are available */ 1080 static bool have_crypto_ops(void) 1081 { 1082 return (crypto_ops.mac.init && crypto_ops.mac.update && 1083 crypto_ops.mac.final && crypto_ops.prng.read); 1084 } 1085 1086 /* This function must never return TEE_SUCCESS if rpmb_ctx == NULL */ 1087 static TEE_Result tee_rpmb_init(uint16_t dev_id) 1088 { 1089 TEE_Result res = TEE_SUCCESS; 1090 struct rpmb_dev_info dev_info; 1091 1092 if (!have_crypto_ops()) 1093 return TEE_ERROR_NOT_SUPPORTED; 1094 1095 if (!rpmb_ctx) { 1096 rpmb_ctx = calloc(1, sizeof(struct tee_rpmb_ctx)); 1097 if (!rpmb_ctx) 1098 return TEE_ERROR_OUT_OF_MEMORY; 1099 } else if (rpmb_ctx->dev_id != dev_id) { 1100 memset(rpmb_ctx, 0x00, sizeof(struct tee_rpmb_ctx)); 1101 } 1102 1103 rpmb_ctx->dev_id = dev_id; 1104 1105 if (!rpmb_ctx->dev_info_synced) { 1106 DMSG("RPMB: Syncing device information"); 1107 1108 dev_info.rpmb_size_mult = 0; 1109 dev_info.rel_wr_sec_c = 0; 1110 res = tee_rpmb_get_dev_info(dev_id, &dev_info); 1111 if (res != TEE_SUCCESS) 1112 goto func_exit; 1113 1114 DMSG("RPMB: RPMB size is %d*128 KB", dev_info.rpmb_size_mult); 1115 DMSG("RPMB: Reliable Write Sector Count is %d", 1116 dev_info.rel_wr_sec_c); 1117 1118 if (dev_info.rpmb_size_mult == 0) { 1119 res = TEE_ERROR_GENERIC; 1120 goto func_exit; 1121 } 1122 1123 rpmb_ctx->max_blk_idx = (dev_info.rpmb_size_mult * 1124 RPMB_SIZE_SINGLE / RPMB_DATA_SIZE) - 1; 1125 1126 memcpy(rpmb_ctx->cid, dev_info.cid, RPMB_EMMC_CID_SIZE); 1127 1128 if ((rpmb_ctx->hash_ctx_size == 0) && 1129 (crypto_ops.mac.get_ctx_size( 1130 TEE_ALG_HMAC_SHA256, 1131 &rpmb_ctx->hash_ctx_size))) { 1132 rpmb_ctx->hash_ctx_size = 0; 1133 res = TEE_ERROR_GENERIC; 1134 goto func_exit; 1135 } 1136 1137 #ifdef RPMB_DRIVER_MULTIPLE_WRITE_FIXED 1138 rpmb_ctx->rel_wr_blkcnt = dev_info.rel_wr_sec_c * 2; 1139 #else 1140 rpmb_ctx->rel_wr_blkcnt = 1; 1141 #endif 1142 1143 rpmb_ctx->dev_info_synced = true; 1144 } 1145 1146 if (!rpmb_ctx->key_derived) { 1147 DMSG("RPMB INIT: Deriving key"); 1148 1149 res = tee_rpmb_key_gen(dev_id, rpmb_ctx->key, 1150 RPMB_KEY_MAC_SIZE); 1151 if (res != TEE_SUCCESS) 1152 goto func_exit; 1153 1154 rpmb_ctx->key_derived = true; 1155 } 1156 1157 /* Perform a write counter read to verify if the key is ok. */ 1158 if (!rpmb_ctx->wr_cnt_synced || !rpmb_ctx->key_verified) { 1159 DMSG("RPMB INIT: Verifying Key"); 1160 1161 res = tee_rpmb_verify_key_sync_counter(dev_id); 1162 if (res != TEE_SUCCESS && !rpmb_ctx->key_verified) { 1163 /* 1164 * Need to write the key here and verify it. 1165 */ 1166 DMSG("RPMB INIT: Writing Key"); 1167 res = tee_rpmb_write_key(dev_id); 1168 if (res == TEE_SUCCESS) { 1169 DMSG("RPMB INIT: Verifying Key"); 1170 res = tee_rpmb_verify_key_sync_counter(dev_id); 1171 } 1172 } 1173 } 1174 1175 func_exit: 1176 return res; 1177 } 1178 1179 /* 1180 * Read RPMB data in bytes. 1181 * 1182 * @dev_id Device ID of the eMMC device. 1183 * @addr Byte address of data. 1184 * @data Pointer to the data. 1185 * @len Size of data in bytes. 1186 * @fek Encrypted File Encryption Key or NULL. 1187 */ 1188 static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data, 1189 uint32_t len, uint8_t *fek) 1190 { 1191 TEE_Result res = TEE_ERROR_GENERIC; 1192 struct tee_rpmb_mem mem = { 0 }; 1193 uint16_t msg_type; 1194 uint8_t nonce[RPMB_NONCE_SIZE]; 1195 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1196 struct rpmb_req *req = NULL; 1197 struct rpmb_data_frame *resp = NULL; 1198 struct rpmb_raw_data rawdata; 1199 uint32_t req_size; 1200 uint32_t resp_size; 1201 uint16_t blk_idx; 1202 uint16_t blkcnt; 1203 uint8_t byte_offset; 1204 1205 if (!data || !len) 1206 return TEE_ERROR_BAD_PARAMETERS; 1207 1208 blk_idx = addr / RPMB_DATA_SIZE; 1209 byte_offset = addr % RPMB_DATA_SIZE; 1210 1211 blkcnt = 1212 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1213 res = tee_rpmb_init(dev_id); 1214 if (res != TEE_SUCCESS) 1215 goto func_exit; 1216 1217 req_size = sizeof(struct rpmb_req) + RPMB_DATA_FRAME_SIZE; 1218 resp_size = RPMB_DATA_FRAME_SIZE * blkcnt; 1219 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1220 (void *)&req, (void *)&resp); 1221 if (res != TEE_SUCCESS) 1222 goto func_exit; 1223 1224 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_READ; 1225 res = crypto_ops.prng.read(nonce, RPMB_NONCE_SIZE); 1226 if (res != TEE_SUCCESS) 1227 goto func_exit; 1228 1229 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1230 rawdata.msg_type = msg_type; 1231 rawdata.nonce = nonce; 1232 rawdata.blk_idx = &blk_idx; 1233 res = tee_rpmb_req_pack(req, &rawdata, 1, dev_id, NULL); 1234 if (res != TEE_SUCCESS) 1235 goto func_exit; 1236 1237 req->block_count = blkcnt; 1238 1239 DMSG("Read %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1240 blk_idx); 1241 1242 res = tee_rpmb_invoke(&mem); 1243 if (res != TEE_SUCCESS) 1244 goto func_exit; 1245 1246 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_READ; 1247 1248 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1249 rawdata.msg_type = msg_type; 1250 rawdata.block_count = &blkcnt; 1251 rawdata.blk_idx = &blk_idx; 1252 rawdata.nonce = nonce; 1253 rawdata.key_mac = hmac; 1254 rawdata.data = data; 1255 1256 rawdata.len = len; 1257 rawdata.byte_offset = byte_offset; 1258 1259 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, blkcnt, fek); 1260 if (res != TEE_SUCCESS) 1261 goto func_exit; 1262 1263 res = TEE_SUCCESS; 1264 1265 func_exit: 1266 tee_rpmb_free(&mem); 1267 return res; 1268 } 1269 1270 static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx, 1271 const uint8_t *data_blks, uint16_t blkcnt, 1272 const uint8_t *fek) 1273 { 1274 TEE_Result res; 1275 struct tee_rpmb_mem mem; 1276 uint16_t msg_type; 1277 uint32_t wr_cnt; 1278 uint8_t hmac[RPMB_KEY_MAC_SIZE]; 1279 struct rpmb_req *req = NULL; 1280 struct rpmb_data_frame *resp = NULL; 1281 struct rpmb_raw_data rawdata; 1282 uint32_t req_size; 1283 uint32_t resp_size; 1284 uint32_t nbr_writes; 1285 uint16_t tmp_blkcnt; 1286 uint16_t tmp_blk_idx; 1287 uint16_t i; 1288 1289 DMSG("Write %u block%s at index %u", blkcnt, ((blkcnt > 1) ? "s" : ""), 1290 blk_idx); 1291 1292 if (!data_blks || !blkcnt) 1293 return TEE_ERROR_BAD_PARAMETERS; 1294 1295 res = tee_rpmb_init(dev_id); 1296 if (res != TEE_SUCCESS) 1297 return res; 1298 1299 /* 1300 * We need to split data when block count 1301 * is bigger than reliable block write count. 1302 */ 1303 if (blkcnt < rpmb_ctx->rel_wr_blkcnt) 1304 req_size = sizeof(struct rpmb_req) + 1305 RPMB_DATA_FRAME_SIZE * blkcnt; 1306 else 1307 req_size = sizeof(struct rpmb_req) + 1308 RPMB_DATA_FRAME_SIZE * rpmb_ctx->rel_wr_blkcnt; 1309 1310 resp_size = RPMB_DATA_FRAME_SIZE; 1311 res = tee_rpmb_alloc(req_size, resp_size, &mem, 1312 (void *)&req, (void *)&resp); 1313 if (res != TEE_SUCCESS) 1314 return res; 1315 1316 nbr_writes = blkcnt / rpmb_ctx->rel_wr_blkcnt; 1317 if (blkcnt % rpmb_ctx->rel_wr_blkcnt > 0) 1318 nbr_writes += 1; 1319 1320 tmp_blkcnt = rpmb_ctx->rel_wr_blkcnt; 1321 tmp_blk_idx = blk_idx; 1322 for (i = 0; i < nbr_writes; i++) { 1323 /* 1324 * To handle the last write of block count which is 1325 * equal or smaller than reliable write block count. 1326 */ 1327 if (i == nbr_writes - 1) 1328 tmp_blkcnt = blkcnt - rpmb_ctx->rel_wr_blkcnt * 1329 (nbr_writes - 1); 1330 1331 msg_type = RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE; 1332 wr_cnt = rpmb_ctx->wr_cnt; 1333 1334 memset(req, 0x00, req_size); 1335 memset(resp, 0x00, resp_size); 1336 1337 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1338 rawdata.msg_type = msg_type; 1339 rawdata.block_count = &tmp_blkcnt; 1340 rawdata.blk_idx = &tmp_blk_idx; 1341 rawdata.write_counter = &wr_cnt; 1342 rawdata.key_mac = hmac; 1343 rawdata.data = (uint8_t *)data_blks + 1344 i * rpmb_ctx->rel_wr_blkcnt * RPMB_DATA_SIZE; 1345 1346 res = tee_rpmb_req_pack(req, &rawdata, tmp_blkcnt, dev_id, 1347 fek); 1348 if (res != TEE_SUCCESS) 1349 goto out; 1350 1351 res = tee_rpmb_invoke(&mem); 1352 if (res != TEE_SUCCESS) { 1353 /* 1354 * To force wr_cnt sync next time, as it might get 1355 * out of sync due to inconsistent operation result! 1356 */ 1357 rpmb_ctx->wr_cnt_synced = false; 1358 goto out; 1359 } 1360 1361 msg_type = RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE; 1362 1363 memset(&rawdata, 0x00, sizeof(struct rpmb_raw_data)); 1364 rawdata.msg_type = msg_type; 1365 rawdata.block_count = &tmp_blkcnt; 1366 rawdata.blk_idx = &tmp_blk_idx; 1367 rawdata.write_counter = &wr_cnt; 1368 rawdata.key_mac = hmac; 1369 1370 res = tee_rpmb_resp_unpack_verify(resp, &rawdata, 1, NULL); 1371 if (res != TEE_SUCCESS) { 1372 /* 1373 * To force wr_cnt sync next time, as it might get 1374 * out of sync due to inconsistent operation result! 1375 */ 1376 rpmb_ctx->wr_cnt_synced = false; 1377 goto out; 1378 } 1379 1380 tmp_blk_idx += tmp_blkcnt; 1381 } 1382 1383 out: 1384 tee_rpmb_free(&mem); 1385 return res; 1386 } 1387 1388 static bool tee_rpmb_write_is_atomic(uint16_t dev_id __unused, uint32_t addr, 1389 uint32_t len) 1390 { 1391 uint8_t byte_offset = addr % RPMB_DATA_SIZE; 1392 uint16_t blkcnt = ROUNDUP(len + byte_offset, 1393 RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1394 1395 return (blkcnt <= rpmb_ctx->rel_wr_blkcnt); 1396 } 1397 1398 /* 1399 * Write RPMB data in bytes. 1400 * 1401 * @dev_id Device ID of the eMMC device. 1402 * @addr Byte address of data. 1403 * @data Pointer to the data. 1404 * @len Size of data in bytes. 1405 * @fek Encrypted File Encryption Key or NULL. 1406 */ 1407 static TEE_Result tee_rpmb_write(uint16_t dev_id, uint32_t addr, 1408 const uint8_t *data, uint32_t len, 1409 uint8_t *fek) 1410 { 1411 TEE_Result res = TEE_ERROR_GENERIC; 1412 uint8_t *data_tmp = NULL; 1413 uint16_t blk_idx; 1414 uint16_t blkcnt; 1415 uint8_t byte_offset; 1416 1417 blk_idx = addr / RPMB_DATA_SIZE; 1418 byte_offset = addr % RPMB_DATA_SIZE; 1419 1420 blkcnt = 1421 ROUNDUP(len + byte_offset, RPMB_DATA_SIZE) / RPMB_DATA_SIZE; 1422 1423 if (byte_offset == 0 && (len % RPMB_DATA_SIZE) == 0) { 1424 res = tee_rpmb_write_blk(dev_id, blk_idx, data, blkcnt, fek); 1425 if (res != TEE_SUCCESS) 1426 goto func_exit; 1427 } else { 1428 data_tmp = calloc(blkcnt, RPMB_DATA_SIZE); 1429 if (!data_tmp) { 1430 res = TEE_ERROR_OUT_OF_MEMORY; 1431 goto func_exit; 1432 } 1433 1434 /* Read the complete blocks */ 1435 res = tee_rpmb_read(dev_id, blk_idx * RPMB_DATA_SIZE, data_tmp, 1436 blkcnt * RPMB_DATA_SIZE, fek); 1437 if (res != TEE_SUCCESS) 1438 goto func_exit; 1439 1440 /* Partial update of the data blocks */ 1441 memcpy(data_tmp + byte_offset, data, len); 1442 1443 res = tee_rpmb_write_blk(dev_id, blk_idx, data_tmp, blkcnt, 1444 fek); 1445 if (res != TEE_SUCCESS) 1446 goto func_exit; 1447 } 1448 1449 res = TEE_SUCCESS; 1450 1451 func_exit: 1452 free(data_tmp); 1453 return res; 1454 } 1455 1456 /* 1457 * Read the RPMB write counter. 1458 * 1459 * @dev_id Device ID of the eMMC device. 1460 * @counter Pointer to the counter. 1461 */ 1462 static TEE_Result tee_rpmb_get_write_counter(uint16_t dev_id, 1463 uint32_t *counter) 1464 { 1465 TEE_Result res = TEE_SUCCESS; 1466 1467 if (!counter) 1468 return TEE_ERROR_BAD_PARAMETERS; 1469 1470 if (!rpmb_ctx || !rpmb_ctx->wr_cnt_synced) { 1471 res = tee_rpmb_init(dev_id); 1472 if (res != TEE_SUCCESS) 1473 goto func_exit; 1474 } 1475 1476 *counter = rpmb_ctx->wr_cnt; 1477 1478 func_exit: 1479 return res; 1480 } 1481 1482 /* 1483 * Read the RPMB max block. 1484 * 1485 * @dev_id Device ID of the eMMC device. 1486 * @counter Pointer to receive the max block. 1487 */ 1488 static TEE_Result tee_rpmb_get_max_block(uint16_t dev_id, uint32_t *max_block) 1489 { 1490 TEE_Result res = TEE_SUCCESS; 1491 1492 if (!max_block) 1493 return TEE_ERROR_BAD_PARAMETERS; 1494 1495 if (!rpmb_ctx || !rpmb_ctx->dev_info_synced) { 1496 res = tee_rpmb_init(dev_id); 1497 if (res != TEE_SUCCESS) 1498 goto func_exit; 1499 } 1500 1501 *max_block = rpmb_ctx->max_blk_idx; 1502 1503 func_exit: 1504 return res; 1505 } 1506 1507 /* 1508 * End of lower interface to RPMB device 1509 */ 1510 1511 static TEE_Result get_fat_start_address(uint32_t *addr); 1512 1513 static void dump_fat(void) 1514 { 1515 TEE_Result res = TEE_ERROR_GENERIC; 1516 struct rpmb_fat_entry *fat_entries = NULL; 1517 uint32_t fat_address; 1518 size_t size; 1519 int i; 1520 bool last_entry_found = false; 1521 1522 res = get_fat_start_address(&fat_address); 1523 if (res != TEE_SUCCESS) 1524 goto out; 1525 1526 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1527 fat_entries = malloc(size); 1528 if (!fat_entries) { 1529 res = TEE_ERROR_OUT_OF_MEMORY; 1530 goto out; 1531 } 1532 1533 while (!last_entry_found) { 1534 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1535 (uint8_t *)fat_entries, size, NULL); 1536 if (res != TEE_SUCCESS) 1537 goto out; 1538 1539 for (i = 0; i < N_ENTRIES; i++) { 1540 1541 FMSG("flags 0x%x, size %d, address 0x%x, filename '%s'", 1542 fat_entries[i].flags, 1543 fat_entries[i].data_size, 1544 fat_entries[i].start_address, 1545 fat_entries[i].filename); 1546 1547 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1548 last_entry_found = true; 1549 break; 1550 } 1551 1552 /* Move to next fat_entry. */ 1553 fat_address += sizeof(struct rpmb_fat_entry); 1554 } 1555 } 1556 1557 out: 1558 free(fat_entries); 1559 } 1560 1561 #if (TRACE_LEVEL >= TRACE_DEBUG) 1562 static void dump_fh(struct rpmb_file_handle *fh) 1563 { 1564 DMSG("fh->filename=%s", fh->filename); 1565 DMSG("fh->pos=%u", fh->pos); 1566 DMSG("fh->rpmb_fat_address=%u", fh->rpmb_fat_address); 1567 DMSG("fh->fat_entry.start_address=%u", fh->fat_entry.start_address); 1568 DMSG("fh->fat_entry.data_size=%u", fh->fat_entry.data_size); 1569 } 1570 #else 1571 static void dump_fh(struct rpmb_file_handle *fh __unused) 1572 { 1573 } 1574 #endif 1575 1576 static struct rpmb_file_handle *alloc_file_handle(const char *filename) 1577 { 1578 struct rpmb_file_handle *fh = NULL; 1579 1580 fh = calloc(1, sizeof(struct rpmb_file_handle)); 1581 if (!fh) 1582 return NULL; 1583 1584 if (filename) 1585 strlcpy(fh->filename, filename, sizeof(fh->filename)); 1586 1587 return fh; 1588 } 1589 1590 /** 1591 * write_fat_entry: Store info in a fat_entry to RPMB. 1592 */ 1593 static TEE_Result write_fat_entry(struct rpmb_file_handle *fh, 1594 bool update_write_counter) 1595 { 1596 TEE_Result res = TEE_ERROR_GENERIC; 1597 1598 /* Protect partition data. */ 1599 if (fh->rpmb_fat_address < sizeof(struct rpmb_fs_partition)) { 1600 res = TEE_ERROR_ACCESS_CONFLICT; 1601 goto out; 1602 } 1603 1604 if (fh->rpmb_fat_address % sizeof(struct rpmb_fat_entry) != 0) { 1605 res = TEE_ERROR_BAD_PARAMETERS; 1606 goto out; 1607 } 1608 1609 if (update_write_counter) { 1610 res = tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1611 &fh->fat_entry.write_counter); 1612 if (res != TEE_SUCCESS) 1613 goto out; 1614 } 1615 1616 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, fh->rpmb_fat_address, 1617 (uint8_t *)&fh->fat_entry, 1618 sizeof(struct rpmb_fat_entry), NULL); 1619 1620 dump_fat(); 1621 1622 out: 1623 return res; 1624 } 1625 1626 /** 1627 * rpmb_fs_setup: Setup rpmb fs. 1628 * Set initial partition and FS values and write to RPMB. 1629 * Store frequently used data in RAM. 1630 */ 1631 static TEE_Result rpmb_fs_setup(void) 1632 { 1633 TEE_Result res = TEE_ERROR_GENERIC; 1634 struct rpmb_fs_partition *partition_data = NULL; 1635 struct rpmb_file_handle *fh = NULL; 1636 uint32_t max_rpmb_block = 0; 1637 1638 if (fs_par) { 1639 res = TEE_SUCCESS; 1640 goto out; 1641 } 1642 1643 res = tee_rpmb_get_max_block(CFG_RPMB_FS_DEV_ID, &max_rpmb_block); 1644 if (res != TEE_SUCCESS) 1645 goto out; 1646 1647 partition_data = calloc(1, sizeof(struct rpmb_fs_partition)); 1648 if (!partition_data) { 1649 res = TEE_ERROR_OUT_OF_MEMORY; 1650 goto out; 1651 } 1652 1653 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1654 (uint8_t *)partition_data, 1655 sizeof(struct rpmb_fs_partition), NULL); 1656 if (res != TEE_SUCCESS) 1657 goto out; 1658 1659 #ifndef CFG_RPMB_RESET_FAT 1660 if (partition_data->rpmb_fs_magic == RPMB_FS_MAGIC) { 1661 if (partition_data->fs_version == FS_VERSION) { 1662 res = TEE_SUCCESS; 1663 goto store_fs_par; 1664 } else { 1665 /* Wrong software is in use. */ 1666 res = TEE_ERROR_ACCESS_DENIED; 1667 goto out; 1668 } 1669 } 1670 #else 1671 EMSG("**** Clearing Storage ****"); 1672 #endif 1673 1674 /* Setup new partition data. */ 1675 partition_data->rpmb_fs_magic = RPMB_FS_MAGIC; 1676 partition_data->fs_version = FS_VERSION; 1677 partition_data->fat_start_address = RPMB_FS_FAT_START_ADDRESS; 1678 1679 /* Initial FAT entry with FILE_IS_LAST_ENTRY flag set. */ 1680 fh = alloc_file_handle(NULL); 1681 if (!fh) { 1682 res = TEE_ERROR_OUT_OF_MEMORY; 1683 goto out; 1684 } 1685 fh->fat_entry.flags = FILE_IS_LAST_ENTRY; 1686 fh->rpmb_fat_address = partition_data->fat_start_address; 1687 1688 /* Write init FAT entry and partition data to RPMB. */ 1689 res = write_fat_entry(fh, true); 1690 if (res != TEE_SUCCESS) 1691 goto out; 1692 1693 res = 1694 tee_rpmb_get_write_counter(CFG_RPMB_FS_DEV_ID, 1695 &partition_data->write_counter); 1696 if (res != TEE_SUCCESS) 1697 goto out; 1698 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, RPMB_STORAGE_START_ADDRESS, 1699 (uint8_t *)partition_data, 1700 sizeof(struct rpmb_fs_partition), NULL); 1701 1702 #ifndef CFG_RPMB_RESET_FAT 1703 store_fs_par: 1704 #endif 1705 1706 /* Store FAT start address. */ 1707 fs_par = calloc(1, sizeof(struct rpmb_fs_parameters)); 1708 if (!fs_par) { 1709 res = TEE_ERROR_OUT_OF_MEMORY; 1710 goto out; 1711 } 1712 1713 fs_par->fat_start_address = partition_data->fat_start_address; 1714 fs_par->max_rpmb_address = max_rpmb_block << RPMB_BLOCK_SIZE_SHIFT; 1715 1716 dump_fat(); 1717 1718 out: 1719 free(fh); 1720 free(partition_data); 1721 return res; 1722 } 1723 1724 /** 1725 * get_fat_start_address: 1726 * FAT start_address from fs_par. 1727 */ 1728 static TEE_Result get_fat_start_address(uint32_t *addr) 1729 { 1730 if (!fs_par) 1731 return TEE_ERROR_NO_DATA; 1732 1733 *addr = fs_par->fat_start_address; 1734 1735 return TEE_SUCCESS; 1736 } 1737 1738 /** 1739 * read_fat: Read FAT entries 1740 * Return matching FAT entry for read, rm rename and stat. 1741 * Build up memory pool and return matching entry for write operation. 1742 * "Last FAT entry" can be returned during write. 1743 */ 1744 static TEE_Result read_fat(struct rpmb_file_handle *fh, tee_mm_pool_t *p) 1745 { 1746 TEE_Result res = TEE_ERROR_GENERIC; 1747 tee_mm_entry_t *mm = NULL; 1748 struct rpmb_fat_entry *fat_entries = NULL; 1749 uint32_t fat_address; 1750 size_t size; 1751 int i; 1752 bool entry_found = false; 1753 bool last_entry_found = false; 1754 bool expand_fat = false; 1755 struct rpmb_file_handle last_fh; 1756 1757 DMSG("fat_address %d", fh->rpmb_fat_address); 1758 1759 res = rpmb_fs_setup(); 1760 if (res != TEE_SUCCESS) 1761 goto out; 1762 1763 res = get_fat_start_address(&fat_address); 1764 if (res != TEE_SUCCESS) 1765 goto out; 1766 1767 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 1768 fat_entries = malloc(size); 1769 if (!fat_entries) { 1770 res = TEE_ERROR_OUT_OF_MEMORY; 1771 goto out; 1772 } 1773 1774 /* 1775 * The pool is used to represent the current RPMB layout. To find 1776 * a slot for the file tee_mm_alloc is called on the pool. Thus 1777 * if it is not NULL the entire FAT must be traversed to fill in 1778 * the pool. 1779 */ 1780 while (!last_entry_found && (!entry_found || p)) { 1781 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 1782 (uint8_t *)fat_entries, size, NULL); 1783 if (res != TEE_SUCCESS) 1784 goto out; 1785 1786 for (i = 0; i < N_ENTRIES; i++) { 1787 /* 1788 * Look for an entry, matching filenames. (read, rm, 1789 * rename and stat.). Only store first filename match. 1790 */ 1791 if (fh->filename && 1792 (strcmp(fh->filename, 1793 fat_entries[i].filename) == 0) && 1794 (fat_entries[i].flags & FILE_IS_ACTIVE) && 1795 (!entry_found)) { 1796 entry_found = true; 1797 fh->rpmb_fat_address = fat_address; 1798 memcpy(&fh->fat_entry, &fat_entries[i], 1799 sizeof(struct rpmb_fat_entry)); 1800 if (!p) 1801 break; 1802 } 1803 1804 /* Add existing files to memory pool. (write) */ 1805 if (p) { 1806 if ((fat_entries[i].flags & FILE_IS_ACTIVE) && 1807 (fat_entries[i].data_size > 0)) { 1808 1809 mm = tee_mm_alloc2 1810 (p, 1811 fat_entries[i].start_address, 1812 fat_entries[i].data_size); 1813 if (!mm) { 1814 res = TEE_ERROR_OUT_OF_MEMORY; 1815 goto out; 1816 } 1817 } 1818 1819 /* Unused FAT entries can be reused (write) */ 1820 if (((fat_entries[i].flags & FILE_IS_ACTIVE) == 1821 0) && (fh->rpmb_fat_address == 0)) { 1822 fh->rpmb_fat_address = fat_address; 1823 memcpy(&fh->fat_entry, &fat_entries[i], 1824 sizeof(struct rpmb_fat_entry)); 1825 } 1826 } 1827 1828 if ((fat_entries[i].flags & FILE_IS_LAST_ENTRY) != 0) { 1829 last_entry_found = true; 1830 1831 /* 1832 * If the last entry was reached and was chosen 1833 * by the previous check, then the FAT needs to 1834 * be expanded. 1835 * fh->rpmb_fat_address is the address chosen 1836 * to store the files FAT entry and fat_address 1837 * is the current FAT entry address being 1838 * compared. 1839 */ 1840 if (p && fh->rpmb_fat_address == fat_address) 1841 expand_fat = true; 1842 break; 1843 } 1844 1845 /* Move to next fat_entry. */ 1846 fat_address += sizeof(struct rpmb_fat_entry); 1847 } 1848 } 1849 1850 /* 1851 * Represent the FAT table in the pool. 1852 */ 1853 if (p) { 1854 /* 1855 * Since fat_address is the start of the last entry it needs to 1856 * be moved up by an entry. 1857 */ 1858 fat_address += sizeof(struct rpmb_fat_entry); 1859 1860 /* Make room for yet a FAT entry and add to memory pool. */ 1861 if (expand_fat) 1862 fat_address += sizeof(struct rpmb_fat_entry); 1863 1864 mm = tee_mm_alloc2(p, RPMB_STORAGE_START_ADDRESS, fat_address); 1865 if (!mm) { 1866 res = TEE_ERROR_OUT_OF_MEMORY; 1867 goto out; 1868 } 1869 1870 if (expand_fat) { 1871 /* 1872 * Point fat_address to the beginning of the new 1873 * entry. 1874 */ 1875 fat_address -= sizeof(struct rpmb_fat_entry); 1876 memset(&last_fh, 0, sizeof(last_fh)); 1877 last_fh.fat_entry.flags = FILE_IS_LAST_ENTRY; 1878 last_fh.rpmb_fat_address = fat_address; 1879 res = write_fat_entry(&last_fh, true); 1880 if (res != TEE_SUCCESS) 1881 goto out; 1882 } 1883 } 1884 1885 if (fh->filename && !fh->rpmb_fat_address) 1886 res = TEE_ERROR_ITEM_NOT_FOUND; 1887 1888 out: 1889 free(fat_entries); 1890 return res; 1891 } 1892 1893 static TEE_Result generate_fek(struct rpmb_fat_entry *fe) 1894 { 1895 TEE_Result res; 1896 1897 again: 1898 res = tee_fs_generate_fek(fe->fek, sizeof(fe->fek)); 1899 if (res != TEE_SUCCESS) 1900 return res; 1901 1902 if (is_zero(fe->fek, sizeof(fe->fek))) 1903 goto again; 1904 1905 return res; 1906 } 1907 1908 static TEE_Result rpmb_fs_open_internal(const char *file, bool create, 1909 struct tee_file_handle **ret_fh) 1910 { 1911 struct rpmb_file_handle *fh = NULL; 1912 size_t filelen; 1913 tee_mm_pool_t p; 1914 bool pool_result; 1915 TEE_Result res = TEE_ERROR_GENERIC; 1916 1917 mutex_lock(&rpmb_mutex); 1918 1919 filelen = strlen(file); 1920 if (filelen >= TEE_RPMB_FS_FILENAME_LENGTH - 1 || filelen == 0) { 1921 res = TEE_ERROR_BAD_PARAMETERS; 1922 goto out; 1923 } 1924 1925 if (file[filelen - 1] == '/') { 1926 res = TEE_ERROR_BAD_PARAMETERS; 1927 goto out; 1928 } 1929 1930 fh = alloc_file_handle(file); 1931 if (!fh) { 1932 res = TEE_ERROR_OUT_OF_MEMORY; 1933 goto out; 1934 } 1935 1936 /* We need to do setup in order to make sure fs_par is filled in */ 1937 res = rpmb_fs_setup(); 1938 if (res != TEE_SUCCESS) 1939 goto out; 1940 1941 if (create) { 1942 /* Upper memory allocation must be used for RPMB_FS. */ 1943 pool_result = tee_mm_init(&p, 1944 RPMB_STORAGE_START_ADDRESS, 1945 fs_par->max_rpmb_address, 1946 RPMB_BLOCK_SIZE_SHIFT, 1947 TEE_MM_POOL_HI_ALLOC); 1948 1949 if (!pool_result) { 1950 res = TEE_ERROR_OUT_OF_MEMORY; 1951 goto out; 1952 } 1953 1954 res = read_fat(fh, &p); 1955 tee_mm_final(&p); 1956 if (res != TEE_SUCCESS) 1957 goto out; 1958 } else { 1959 res = read_fat(fh, NULL); 1960 if (res != TEE_SUCCESS) 1961 goto out; 1962 } 1963 1964 /* 1965 * If this is opened with create and the entry found was not active 1966 * then this is a new file and the FAT entry must be written 1967 */ 1968 if (create) { 1969 if ((fh->fat_entry.flags & FILE_IS_ACTIVE) == 0) { 1970 memset(&fh->fat_entry, 0, 1971 sizeof(struct rpmb_fat_entry)); 1972 memcpy(fh->fat_entry.filename, file, strlen(file)); 1973 /* Start address and size are 0 */ 1974 fh->fat_entry.flags = FILE_IS_ACTIVE; 1975 1976 res = generate_fek(&fh->fat_entry); 1977 if (res != TEE_SUCCESS) 1978 goto out; 1979 DMSG("GENERATE FEK key: %p", 1980 (void *)fh->fat_entry.fek); 1981 DHEXDUMP(fh->fat_entry.fek, sizeof(fh->fat_entry.fek)); 1982 1983 res = write_fat_entry(fh, true); 1984 if (res != TEE_SUCCESS) 1985 goto out; 1986 } 1987 } 1988 1989 res = TEE_SUCCESS; 1990 1991 out: 1992 if (res == TEE_SUCCESS) 1993 *ret_fh = (struct tee_file_handle *)fh; 1994 else 1995 free(fh); 1996 1997 mutex_unlock(&rpmb_mutex); 1998 return res; 1999 } 2000 2001 static void rpmb_fs_close(struct tee_file_handle **tfh) 2002 { 2003 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)*tfh; 2004 2005 free(fh); 2006 *tfh = NULL; 2007 } 2008 2009 static TEE_Result rpmb_fs_read(struct tee_file_handle *tfh, void *buf, 2010 size_t *len) 2011 { 2012 TEE_Result res; 2013 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2014 size_t size = *len; 2015 2016 if (!size) 2017 return TEE_SUCCESS; 2018 2019 mutex_lock(&rpmb_mutex); 2020 2021 dump_fh(fh); 2022 2023 res = read_fat(fh, NULL); 2024 if (res != TEE_SUCCESS) 2025 goto out; 2026 2027 if (fh->pos >= fh->fat_entry.data_size) { 2028 *len = 0; 2029 goto out; 2030 } 2031 2032 size = MIN(size, fh->fat_entry.data_size - fh->pos); 2033 if (size) { 2034 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2035 fh->fat_entry.start_address + fh->pos, buf, 2036 size, fh->fat_entry.fek); 2037 if (res != TEE_SUCCESS) 2038 goto out; 2039 } 2040 *len = size; 2041 fh->pos += size; 2042 2043 out: 2044 mutex_unlock(&rpmb_mutex); 2045 return res; 2046 } 2047 2048 static TEE_Result rpmb_fs_write(struct tee_file_handle *tfh, const void *buf, 2049 size_t size) 2050 { 2051 TEE_Result res; 2052 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2053 tee_mm_pool_t p; 2054 bool pool_result = false; 2055 tee_mm_entry_t *mm; 2056 size_t end; 2057 size_t newsize; 2058 uint8_t *newbuf = NULL; 2059 uintptr_t newaddr; 2060 uint32_t start_addr; 2061 2062 if (!size) 2063 return TEE_SUCCESS; 2064 2065 mutex_lock(&rpmb_mutex); 2066 2067 if (!fs_par) { 2068 res = TEE_ERROR_GENERIC; 2069 goto out; 2070 } 2071 2072 dump_fh(fh); 2073 2074 /* Upper memory allocation must be used for RPMB_FS. */ 2075 pool_result = tee_mm_init(&p, 2076 RPMB_STORAGE_START_ADDRESS, 2077 fs_par->max_rpmb_address, 2078 RPMB_BLOCK_SIZE_SHIFT, 2079 TEE_MM_POOL_HI_ALLOC); 2080 if (!pool_result) { 2081 res = TEE_ERROR_OUT_OF_MEMORY; 2082 goto out; 2083 } 2084 2085 res = read_fat(fh, &p); 2086 if (res != TEE_SUCCESS) 2087 goto out; 2088 2089 if (fh->fat_entry.flags & FILE_IS_LAST_ENTRY) 2090 panic("invalid last entry flag"); 2091 2092 end = fh->pos + size; 2093 start_addr = fh->fat_entry.start_address + fh->pos; 2094 2095 if (end <= fh->fat_entry.data_size && 2096 tee_rpmb_write_is_atomic(CFG_RPMB_FS_DEV_ID, start_addr, size)) { 2097 2098 DMSG("Updating data in-place"); 2099 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, start_addr, buf, 2100 size, fh->fat_entry.fek); 2101 if (res != TEE_SUCCESS) 2102 goto out; 2103 } else { 2104 /* 2105 * File must be extended, or update cannot be atomic: allocate, 2106 * read, update, write. 2107 */ 2108 2109 DMSG("Need to re-allocate"); 2110 newsize = MAX(end, fh->fat_entry.data_size); 2111 mm = tee_mm_alloc(&p, newsize); 2112 newbuf = calloc(newsize, 1); 2113 if (!mm || !newbuf) { 2114 res = TEE_ERROR_OUT_OF_MEMORY; 2115 goto out; 2116 } 2117 2118 if (fh->fat_entry.data_size) { 2119 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2120 fh->fat_entry.start_address, 2121 newbuf, fh->fat_entry.data_size, 2122 fh->fat_entry.fek); 2123 if (res != TEE_SUCCESS) 2124 goto out; 2125 } 2126 2127 memcpy(newbuf + fh->pos, buf, size); 2128 2129 newaddr = tee_mm_get_smem(mm); 2130 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2131 newsize, fh->fat_entry.fek); 2132 if (res != TEE_SUCCESS) 2133 goto out; 2134 2135 fh->fat_entry.data_size = newsize; 2136 fh->fat_entry.start_address = newaddr; 2137 res = write_fat_entry(fh, true); 2138 if (res != TEE_SUCCESS) 2139 goto out; 2140 } 2141 2142 fh->pos += size; 2143 out: 2144 mutex_unlock(&rpmb_mutex); 2145 if (pool_result) 2146 tee_mm_final(&p); 2147 if (newbuf) 2148 free(newbuf); 2149 2150 return res; 2151 } 2152 2153 static TEE_Result rpmb_fs_seek(struct tee_file_handle *tfh, int32_t offset, 2154 TEE_Whence whence, int32_t *new_offs) 2155 2156 { 2157 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2158 TEE_Result res; 2159 tee_fs_off_t new_pos; 2160 2161 mutex_lock(&rpmb_mutex); 2162 2163 res = read_fat(fh, NULL); 2164 if (res != TEE_SUCCESS) 2165 goto out; 2166 2167 switch (whence) { 2168 case TEE_DATA_SEEK_SET: 2169 new_pos = offset; 2170 break; 2171 2172 case TEE_DATA_SEEK_CUR: 2173 new_pos = fh->pos + offset; 2174 break; 2175 2176 case TEE_DATA_SEEK_END: 2177 new_pos = fh->fat_entry.data_size + offset; 2178 break; 2179 2180 default: 2181 res = TEE_ERROR_BAD_PARAMETERS; 2182 goto out; 2183 } 2184 2185 if (new_pos < 0) 2186 new_pos = 0; 2187 2188 if (new_pos > TEE_DATA_MAX_POSITION) { 2189 EMSG("Position is beyond TEE_DATA_MAX_POSITION"); 2190 res = TEE_ERROR_BAD_PARAMETERS; 2191 goto out; 2192 } 2193 2194 fh->pos = new_pos; 2195 if (new_offs) 2196 *new_offs = new_pos; 2197 out: 2198 mutex_unlock(&rpmb_mutex); 2199 return res; 2200 } 2201 2202 static TEE_Result rpmb_fs_remove(const char *filename) 2203 { 2204 TEE_Result res = TEE_ERROR_GENERIC; 2205 struct rpmb_file_handle *fh = NULL; 2206 2207 mutex_lock(&rpmb_mutex); 2208 2209 if (!filename || strlen(filename) >= TEE_RPMB_FS_FILENAME_LENGTH - 1) { 2210 res = TEE_ERROR_BAD_PARAMETERS; 2211 goto out; 2212 } 2213 2214 fh = alloc_file_handle(filename); 2215 if (!fh) { 2216 res = TEE_ERROR_OUT_OF_MEMORY; 2217 goto out; 2218 } 2219 2220 res = read_fat(fh, NULL); 2221 if (res != TEE_SUCCESS) 2222 goto out; 2223 2224 /* Clear this file entry. */ 2225 memset(&fh->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2226 res = write_fat_entry(fh, false); 2227 2228 out: 2229 mutex_unlock(&rpmb_mutex); 2230 free(fh); 2231 return res; 2232 } 2233 2234 static TEE_Result rpmb_fs_rename(const char *old_name, const char *new_name, 2235 bool overwrite) 2236 { 2237 TEE_Result res = TEE_ERROR_GENERIC; 2238 struct rpmb_file_handle *fh_old = NULL; 2239 struct rpmb_file_handle *fh_new = NULL; 2240 uint32_t old_len; 2241 uint32_t new_len; 2242 2243 mutex_lock(&rpmb_mutex); 2244 2245 if (!old_name || !new_name) { 2246 res = TEE_ERROR_BAD_PARAMETERS; 2247 goto out; 2248 } 2249 2250 old_len = strlen(old_name); 2251 new_len = strlen(new_name); 2252 2253 if ((old_len >= TEE_RPMB_FS_FILENAME_LENGTH - 1) || 2254 (new_len >= TEE_RPMB_FS_FILENAME_LENGTH - 1) || (new_len == 0)) { 2255 2256 res = TEE_ERROR_BAD_PARAMETERS; 2257 goto out; 2258 } 2259 2260 fh_old = alloc_file_handle(old_name); 2261 if (!fh_old) { 2262 res = TEE_ERROR_OUT_OF_MEMORY; 2263 goto out; 2264 } 2265 2266 fh_new = alloc_file_handle(new_name); 2267 if (!fh_new) { 2268 res = TEE_ERROR_OUT_OF_MEMORY; 2269 goto out; 2270 } 2271 2272 res = read_fat(fh_old, NULL); 2273 if (res != TEE_SUCCESS) 2274 goto out; 2275 2276 res = read_fat(fh_new, NULL); 2277 if (res == TEE_SUCCESS) { 2278 if (!overwrite) { 2279 res = TEE_ERROR_BAD_PARAMETERS; 2280 goto out; 2281 } 2282 2283 /* Clear this file entry. */ 2284 memset(&fh_new->fat_entry, 0, sizeof(struct rpmb_fat_entry)); 2285 res = write_fat_entry(fh_new, false); 2286 if (res != TEE_SUCCESS) 2287 goto out; 2288 } 2289 2290 memset(fh_old->fat_entry.filename, 0, TEE_RPMB_FS_FILENAME_LENGTH); 2291 memcpy(fh_old->fat_entry.filename, new_name, new_len); 2292 2293 res = write_fat_entry(fh_old, false); 2294 2295 out: 2296 mutex_unlock(&rpmb_mutex); 2297 free(fh_old); 2298 free(fh_new); 2299 2300 return res; 2301 } 2302 2303 static TEE_Result rpmb_fs_truncate(struct tee_file_handle *tfh, size_t length) 2304 { 2305 struct rpmb_file_handle *fh = (struct rpmb_file_handle *)tfh; 2306 tee_mm_pool_t p; 2307 bool pool_result = false; 2308 tee_mm_entry_t *mm; 2309 uint32_t newsize; 2310 uint8_t *newbuf = NULL; 2311 uintptr_t newaddr; 2312 TEE_Result res = TEE_ERROR_GENERIC; 2313 2314 mutex_lock(&rpmb_mutex); 2315 2316 if (length > INT32_MAX) { 2317 res = TEE_ERROR_BAD_PARAMETERS; 2318 goto out; 2319 } 2320 newsize = length; 2321 2322 res = read_fat(fh, NULL); 2323 if (res != TEE_SUCCESS) 2324 goto out; 2325 2326 if (newsize > fh->fat_entry.data_size) { 2327 /* Extend file */ 2328 2329 pool_result = tee_mm_init(&p, 2330 RPMB_STORAGE_START_ADDRESS, 2331 fs_par->max_rpmb_address, 2332 RPMB_BLOCK_SIZE_SHIFT, 2333 TEE_MM_POOL_HI_ALLOC); 2334 if (!pool_result) { 2335 res = TEE_ERROR_OUT_OF_MEMORY; 2336 goto out; 2337 } 2338 res = read_fat(fh, &p); 2339 if (res != TEE_SUCCESS) 2340 goto out; 2341 2342 mm = tee_mm_alloc(&p, newsize); 2343 newbuf = calloc(newsize, 1); 2344 if (!mm || !newbuf) { 2345 res = TEE_ERROR_OUT_OF_MEMORY; 2346 goto out; 2347 } 2348 2349 if (fh->fat_entry.data_size) { 2350 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, 2351 fh->fat_entry.start_address, 2352 newbuf, fh->fat_entry.data_size, 2353 fh->fat_entry.fek); 2354 if (res != TEE_SUCCESS) 2355 goto out; 2356 } 2357 2358 newaddr = tee_mm_get_smem(mm); 2359 res = tee_rpmb_write(CFG_RPMB_FS_DEV_ID, newaddr, newbuf, 2360 newsize, fh->fat_entry.fek); 2361 if (res != TEE_SUCCESS) 2362 goto out; 2363 2364 } else { 2365 /* Don't change file location */ 2366 newaddr = fh->fat_entry.start_address; 2367 } 2368 2369 /* fh->pos is unchanged */ 2370 fh->fat_entry.data_size = newsize; 2371 fh->fat_entry.start_address = newaddr; 2372 res = write_fat_entry(fh, true); 2373 2374 out: 2375 mutex_unlock(&rpmb_mutex); 2376 if (pool_result) 2377 tee_mm_final(&p); 2378 if (newbuf) 2379 free(newbuf); 2380 2381 return res; 2382 } 2383 2384 static void rpmb_fs_dir_free(struct tee_fs_dir *dir) 2385 { 2386 struct tee_rpmb_fs_dirent *e; 2387 2388 if (!dir) 2389 return; 2390 2391 free(dir->current); 2392 2393 while ((e = SIMPLEQ_FIRST(&dir->next))) { 2394 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2395 free(e); 2396 } 2397 } 2398 2399 static TEE_Result rpmb_fs_dir_populate(const char *path, 2400 struct tee_fs_dir *dir) 2401 { 2402 struct tee_rpmb_fs_dirent *current = NULL; 2403 struct rpmb_fat_entry *fat_entries = NULL; 2404 uint32_t fat_address; 2405 uint32_t filelen; 2406 char *filename; 2407 int i; 2408 bool last_entry_found = false; 2409 bool matched; 2410 struct tee_rpmb_fs_dirent *next = NULL; 2411 uint32_t pathlen; 2412 TEE_Result res = TEE_ERROR_GENERIC; 2413 uint32_t size; 2414 char temp; 2415 2416 mutex_lock(&rpmb_mutex); 2417 2418 res = rpmb_fs_setup(); 2419 if (res != TEE_SUCCESS) 2420 goto out; 2421 2422 res = get_fat_start_address(&fat_address); 2423 if (res != TEE_SUCCESS) 2424 goto out; 2425 2426 size = N_ENTRIES * sizeof(struct rpmb_fat_entry); 2427 fat_entries = malloc(size); 2428 if (!fat_entries) { 2429 res = TEE_ERROR_OUT_OF_MEMORY; 2430 goto out; 2431 } 2432 2433 pathlen = strlen(path); 2434 while (!last_entry_found) { 2435 res = tee_rpmb_read(CFG_RPMB_FS_DEV_ID, fat_address, 2436 (uint8_t *)fat_entries, size, NULL); 2437 if (res != TEE_SUCCESS) 2438 goto out; 2439 2440 for (i = 0; i < N_ENTRIES; i++) { 2441 filename = fat_entries[i].filename; 2442 if (fat_entries[i].flags & FILE_IS_ACTIVE) { 2443 matched = false; 2444 filelen = strlen(filename); 2445 if (filelen > pathlen) { 2446 temp = filename[pathlen]; 2447 filename[pathlen] = '\0'; 2448 if (strcmp(filename, path) == 0) 2449 matched = true; 2450 2451 filename[pathlen] = temp; 2452 } 2453 2454 if (matched) { 2455 next = malloc(sizeof(*next)); 2456 if (!next) { 2457 res = TEE_ERROR_OUT_OF_MEMORY; 2458 goto out; 2459 } 2460 2461 memset(next, 0, sizeof(*next)); 2462 next->entry.d_name = next->name; 2463 memcpy(next->name, 2464 &filename[pathlen], 2465 filelen - pathlen); 2466 2467 SIMPLEQ_INSERT_TAIL(&dir->next, next, 2468 link); 2469 current = next; 2470 } 2471 } 2472 2473 if (fat_entries[i].flags & FILE_IS_LAST_ENTRY) { 2474 last_entry_found = true; 2475 break; 2476 } 2477 2478 /* Move to next fat_entry. */ 2479 fat_address += sizeof(struct rpmb_fat_entry); 2480 } 2481 } 2482 2483 if (current) 2484 res = TEE_SUCCESS; 2485 else 2486 res = TEE_ERROR_ITEM_NOT_FOUND; /* No directories were found. */ 2487 2488 out: 2489 mutex_unlock(&rpmb_mutex); 2490 if (res != TEE_SUCCESS) 2491 rpmb_fs_dir_free(dir); 2492 if (fat_entries) 2493 free(fat_entries); 2494 2495 return res; 2496 } 2497 2498 static TEE_Result rpmb_fs_opendir(const char *path, struct tee_fs_dir **dir) 2499 { 2500 uint32_t len; 2501 uint32_t max_size; 2502 char path_local[TEE_RPMB_FS_FILENAME_LENGTH]; 2503 TEE_Result res = TEE_ERROR_GENERIC; 2504 struct tee_fs_dir *rpmb_dir = NULL; 2505 2506 if (!path || !dir) { 2507 res = TEE_ERROR_BAD_PARAMETERS; 2508 goto out; 2509 } 2510 2511 /* 2512 * There must be room for at least the NULL char and a char for the 2513 * filename after the path. 2514 */ 2515 max_size = TEE_RPMB_FS_FILENAME_LENGTH - 2; 2516 len = strlen(path); 2517 if (len > max_size || len == 0) { 2518 res = TEE_ERROR_BAD_PARAMETERS; 2519 goto out; 2520 } 2521 2522 memset(path_local, 0, sizeof(path_local)); 2523 memcpy(path_local, path, len); 2524 2525 /* Add a slash to correctly match the full directory name. */ 2526 if (path_local[len - 1] != '/') 2527 path_local[len] = '/'; 2528 2529 rpmb_dir = calloc(1, sizeof(*rpmb_dir)); 2530 if (!rpmb_dir) { 2531 res = TEE_ERROR_OUT_OF_MEMORY; 2532 goto out; 2533 } 2534 SIMPLEQ_INIT(&rpmb_dir->next); 2535 2536 res = rpmb_fs_dir_populate(path_local, rpmb_dir); 2537 if (res != TEE_SUCCESS) { 2538 free(rpmb_dir); 2539 rpmb_dir = NULL; 2540 goto out; 2541 } 2542 2543 *dir = rpmb_dir; 2544 2545 out: 2546 return res; 2547 } 2548 2549 static TEE_Result rpmb_fs_readdir(struct tee_fs_dir *dir, 2550 struct tee_fs_dirent **ent) 2551 { 2552 if (!dir) 2553 return TEE_ERROR_GENERIC; 2554 2555 free(dir->current); 2556 2557 dir->current = SIMPLEQ_FIRST(&dir->next); 2558 if (!dir->current) 2559 return TEE_ERROR_ITEM_NOT_FOUND; 2560 2561 SIMPLEQ_REMOVE_HEAD(&dir->next, link); 2562 2563 *ent = &dir->current->entry; 2564 return TEE_SUCCESS; 2565 } 2566 2567 static void rpmb_fs_closedir(struct tee_fs_dir *dir) 2568 { 2569 if (dir) { 2570 rpmb_fs_dir_free(dir); 2571 free(dir); 2572 } 2573 } 2574 2575 static TEE_Result rpmb_fs_open(const char *file, struct tee_file_handle **fh) 2576 { 2577 return rpmb_fs_open_internal(file, false, fh); 2578 } 2579 2580 static TEE_Result rpmb_fs_create(const char *file, struct tee_file_handle **fh) 2581 { 2582 return rpmb_fs_open_internal(file, true, fh); 2583 } 2584 2585 const struct tee_file_operations rpmb_fs_ops = { 2586 .open = rpmb_fs_open, 2587 .create = rpmb_fs_create, 2588 .close = rpmb_fs_close, 2589 .read = rpmb_fs_read, 2590 .write = rpmb_fs_write, 2591 .seek = rpmb_fs_seek, 2592 .truncate = rpmb_fs_truncate, 2593 .rename = rpmb_fs_rename, 2594 .remove = rpmb_fs_remove, 2595 .opendir = rpmb_fs_opendir, 2596 .closedir = rpmb_fs_closedir, 2597 .readdir = rpmb_fs_readdir, 2598 }; 2599