14bca302aSIgor Opaniuk /* SPDX-License-Identifier: BSD-2-Clause */ 24bca302aSIgor Opaniuk /* 3b5b6225fSJens Wiklander * Copyright (c) 2018-2019, Linaro Limited 44bca302aSIgor Opaniuk */ 54bca302aSIgor Opaniuk #ifndef __PTA_SYSTEM_H 64bca302aSIgor Opaniuk #define __PTA_SYSTEM_H 74bca302aSIgor Opaniuk 8b5b6225fSJens Wiklander #include <util.h> 9b5b6225fSJens Wiklander 104bca302aSIgor Opaniuk /* 114bca302aSIgor Opaniuk * Interface to the pseudo TA, which is provides misc. auxiliary services, 124bca302aSIgor Opaniuk * extending existing GlobalPlatform Core API 134bca302aSIgor Opaniuk */ 144bca302aSIgor Opaniuk 154bca302aSIgor Opaniuk #define PTA_SYSTEM_UUID { 0x3a2f8978, 0x5dc0, 0x11e8, { \ 164bca302aSIgor Opaniuk 0x9c, 0x2d, 0xfa, 0x7a, 0xe0, 0x1b, 0xbe, 0xbc } } 174bca302aSIgor Opaniuk 184bca302aSIgor Opaniuk /* 19a30ddda9SJoakim Bech * Having keys with too few bits impose a potential security risk, hence set a 20a30ddda9SJoakim Bech * lower bound of 128 bits. 21a30ddda9SJoakim Bech */ 22a30ddda9SJoakim Bech #define TA_DERIVED_KEY_MIN_SIZE 16 23a30ddda9SJoakim Bech 24a30ddda9SJoakim Bech /* Same value as max in huk_subkey_derive */ 25a30ddda9SJoakim Bech #define TA_DERIVED_KEY_MAX_SIZE 32 26a30ddda9SJoakim Bech 27a30ddda9SJoakim Bech #define TA_DERIVED_EXTRA_DATA_MAX_SIZE 1024 28a30ddda9SJoakim Bech 29a30ddda9SJoakim Bech /* 304bca302aSIgor Opaniuk * Add (re-seed) caller-provided entropy to the RNG pool. Keymaster 314bca302aSIgor Opaniuk * implementations need to securely mix the provided entropy into their pool, 324bca302aSIgor Opaniuk * which also must contain internally-generated entropy from a hardware random 334bca302aSIgor Opaniuk * number generator. 344bca302aSIgor Opaniuk * 354bca302aSIgor Opaniuk * [in] memref[0]: entropy input data 364bca302aSIgor Opaniuk */ 374bca302aSIgor Opaniuk #define PTA_SYSTEM_ADD_RNG_ENTROPY 0 384bca302aSIgor Opaniuk 39a30ddda9SJoakim Bech /* 40a30ddda9SJoakim Bech * Derives a device and TA unique key. The caller can also provide extra data 41a30ddda9SJoakim Bech * that will be mixed together with existing device unique properties. If no 42a30ddda9SJoakim Bech * extra data is provided, then the derived key will only use device unique 43a30ddda9SJoakim Bech * properties and caller TA UUID. 44a30ddda9SJoakim Bech * 45a30ddda9SJoakim Bech * [in] params[0].memref.buffer Buffer for extra data 46a30ddda9SJoakim Bech * [in] params[0].memref.size Size of extra data (max 1024 bytes) 47a30ddda9SJoakim Bech * [out] params[1].memref.buffer Buffer for the derived key 48a30ddda9SJoakim Bech * [out] params[1].memref.size Size of the derived key (16 to 32 bytes) 49a30ddda9SJoakim Bech */ 50a30ddda9SJoakim Bech #define PTA_SYSTEM_DERIVE_TA_UNIQUE_KEY 1 51a30ddda9SJoakim Bech 52b5b6225fSJens Wiklander /* Memory can be shared with other TAs */ 53b5b6225fSJens Wiklander #define PTA_SYSTEM_MAP_FLAG_SHAREABLE BIT32(0) 54*0b414d3fSJens Wiklander /* Read/write memory */ 55*0b414d3fSJens Wiklander #define PTA_SYSTEM_MAP_FLAG_WRITEABLE BIT32(1) 56*0b414d3fSJens Wiklander /* Executable memory */ 57*0b414d3fSJens Wiklander #define PTA_SYSTEM_MAP_FLAG_EXECUTABLE BIT32(2) 58b5b6225fSJens Wiklander 59b5b6225fSJens Wiklander /* 60b5b6225fSJens Wiklander * Map zero initialized memory 61b5b6225fSJens Wiklander * 62b5b6225fSJens Wiklander * [in] value[0].a: Number of bytes 63b5b6225fSJens Wiklander * [in] value[0].b: Flags, 0 or PTA_SYSTEM_MAP_FLAG_SHAREABLE 64b5b6225fSJens Wiklander * [out] value[1].a: Address upper 32-bits 65b5b6225fSJens Wiklander * [out] value[1].b: Address lower 32-bits 66b5b6225fSJens Wiklander * [in] value[2].a: Extra pad before memory range 67b5b6225fSJens Wiklander * [in] value[2].b: Extra pad after memory range 68b5b6225fSJens Wiklander */ 69b5b6225fSJens Wiklander #define PTA_SYSTEM_MAP_ZI 2 70b5b6225fSJens Wiklander 71b5b6225fSJens Wiklander /* 72b5b6225fSJens Wiklander * Unmap memory 73b5b6225fSJens Wiklander * 74b5b6225fSJens Wiklander * [in] value[0].a: Number of bytes 75b5b6225fSJens Wiklander * [in] value[0].b: Must be 0 76b5b6225fSJens Wiklander * [in] value[1].a: Address upper 32-bits 77b5b6225fSJens Wiklander * [in] value[1].b: Address lower 32-bits 78b5b6225fSJens Wiklander */ 79b5b6225fSJens Wiklander #define PTA_SYSTEM_UNMAP 3 80b5b6225fSJens Wiklander 81*0b414d3fSJens Wiklander /* 82*0b414d3fSJens Wiklander * Find and opens an TA binary and return a handle 83*0b414d3fSJens Wiklander * 84*0b414d3fSJens Wiklander * [in] memref[0]: UUID of TA binary 85*0b414d3fSJens Wiklander * [out] value[1].a: Handle to TA binary 86*0b414d3fSJens Wiklander * [out] value[1].b: 0 87*0b414d3fSJens Wiklander */ 88*0b414d3fSJens Wiklander #define PTA_SYSTEM_OPEN_TA_BINARY 4 89*0b414d3fSJens Wiklander 90*0b414d3fSJens Wiklander /* 91*0b414d3fSJens Wiklander * Close an TA binary handle 92*0b414d3fSJens Wiklander * 93*0b414d3fSJens Wiklander * When a TA is done mapping new parts of an TA binary it closes the handle 94*0b414d3fSJens Wiklander * to free resources, established mappings remains. 95*0b414d3fSJens Wiklander * 96*0b414d3fSJens Wiklander * [in] value[1].a: Handle to TA binary 97*0b414d3fSJens Wiklander * [in] value[1].b: Must be 0 98*0b414d3fSJens Wiklander * 99*0b414d3fSJens Wiklander * Returns TEE_SUCCESS if the TA binary was verified successfully. 100*0b414d3fSJens Wiklander */ 101*0b414d3fSJens Wiklander #define PTA_SYSTEM_CLOSE_TA_BINARY 5 102*0b414d3fSJens Wiklander 103*0b414d3fSJens Wiklander /* 104*0b414d3fSJens Wiklander * Map segment of TA binary 105*0b414d3fSJens Wiklander * 106*0b414d3fSJens Wiklander * Different parts of an TA binary file needs different permissions. 107*0b414d3fSJens Wiklander * Read-write mapped parts are private to the TA, while read-only (which 108*0b414d3fSJens Wiklander * includes execute) mapped parts are shared with other TAs. This is 109*0b414d3fSJens Wiklander * transparent to the TA. If the supplied address in value[3] is 0 a 110*0b414d3fSJens Wiklander * suitable address is selected, else it will either be mapped at that 111*0b414d3fSJens Wiklander * address of an error is returned. 112*0b414d3fSJens Wiklander * 113*0b414d3fSJens Wiklander * [in] value[0].a: Handle to TA binary 114*0b414d3fSJens Wiklander * [in] value[0].b: Flags, PTA_SYSTEM_MAP_FLAG_* 115*0b414d3fSJens Wiklander * [in] value[1].a: Offset into TA binary, must be page aligned 116*0b414d3fSJens Wiklander * [in] value[1].b: Number of bytes, the last page will be zero 117*0b414d3fSJens Wiklander * extended if not page aligned 118*0b414d3fSJens Wiklander * [in/out] value[2].a: Address upper 32-bits 119*0b414d3fSJens Wiklander * [in/out] value[2].b: Address lower 32-bits 120*0b414d3fSJens Wiklander * [in] value[3].a: Extra pad before memory range 121*0b414d3fSJens Wiklander * [in] value[3].b: Extra pad after memory range 122*0b414d3fSJens Wiklander */ 123*0b414d3fSJens Wiklander #define PTA_SYSTEM_MAP_TA_BINARY 6 124*0b414d3fSJens Wiklander 125*0b414d3fSJens Wiklander /* 126*0b414d3fSJens Wiklander * Copy a memory range from TA binary 127*0b414d3fSJens Wiklander * 128*0b414d3fSJens Wiklander * [in] value[0].a: Handle to TA binary 129*0b414d3fSJens Wiklander * [in] value[0].b: Offset into TA binary 130*0b414d3fSJens Wiklander * [out] memref[1]: Destination 131*0b414d3fSJens Wiklander */ 132*0b414d3fSJens Wiklander #define PTA_SYSTEM_COPY_FROM_TA_BINARY 7 133*0b414d3fSJens Wiklander 1344bca302aSIgor Opaniuk #endif /* __PTA_SYSTEM_H */ 135