1 /* 2 * Copyright 2017, Rockchip Electronics Co., Ltd 3 * hisping lin, <hisping.lin@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <common.h> 9 #include <optee_include/OpteeClientInterface.h> 10 #include <optee_include/OpteeClientApiLib.h> 11 #include <optee_include/tee_client_api.h> 12 #include <optee_include/tee_api_defines.h> 13 #include <boot_rkimg.h> 14 #include <stdlib.h> 15 #include <attestation_key.h> 16 17 #define BOOT_FROM_EMMC (1 << 1) 18 #define STORAGE_CMD_READ_ATTRIBUTE_HASH 0 19 #define STORAGE_CMD_WRITE_ATTRIBUTE_HASH 1 20 #define STORAGE_CMD_UBOOT_END_OTP 2 21 #define STORAGE_CMD_READ_VBOOTKEY_HASH 3 22 #define STORAGE_CMD_WRITE_VBOOTKEY_HASH 4 23 #define STORAGE_CMD_READ_ENABLE_FLAG 5 24 #define STORAGE_CMD_WRITE_TA_ENCRYPTION_KEY 9 25 #define STORAGE_CMD_CHECK_SECURITY_LEVEL_FLAG 10 26 #define STORAGE_CMD_WRITE_OEM_HUK 11 27 #define STORAGE_CMD_WRITE_OEM_NS_OTP 12 28 #define STORAGE_CMD_READ_OEM_NS_OTP 13 29 #define STORAGE_CMD_WRITE_OEM_OTP_KEY 14 30 #define STORAGE_CMD_SET_OEM_HR_OTP_READ_LOCK 15 31 #define STORAGE_CMD_OEM_OTP_KEY_IS_WRITTEN 16 32 #define STORAGE_CMD_TA_ENCRYPTION_KEY_IS_WRITTEN 20 33 34 #define CRYPTO_SERVICE_CMD_OEM_OTP_KEY_PHYS_CIPHER 0x00000002 35 36 #define RK_CRYPTO_SERVICE_UUID { 0x0cacdb5d, 0x4fea, 0x466c, \ 37 { 0x97, 0x16, 0x3d, 0x54, 0x16, 0x52, 0x83, 0x0f } } 38 39 static uint8_t b2hs_add_base(uint8_t in) 40 { 41 if (in > 9) 42 return in + 55; 43 else 44 return in + 48; 45 } 46 47 static uint32_t b2hs(uint8_t *b, uint8_t *hs, uint32_t blen, uint32_t hslen) 48 { 49 uint32_t i = 0; 50 51 if (blen * 2 + 1 > hslen) 52 return 0; 53 54 for (; i < blen; i++) { 55 hs[i * 2 + 1] = b2hs_add_base(b[i] & 0xf); 56 hs[i * 2] = b2hs_add_base(b[i] >> 4); 57 } 58 hs[blen * 2] = 0; 59 60 return blen * 2; 61 } 62 63 static void crypto_flush_cacheline(uint32_t addr, uint32_t size) 64 { 65 ulong alignment = CONFIG_SYS_CACHELINE_SIZE; 66 ulong aligned_input, aligned_len; 67 68 if (!addr || !size) 69 return; 70 71 /* Must flush dcache before crypto DMA fetch data region */ 72 aligned_input = round_down(addr, alignment); 73 aligned_len = round_up(size + (addr - aligned_input), alignment); 74 flush_cache(aligned_input, aligned_len); 75 } 76 77 static void crypto_invalidate_cacheline(uint32_t addr, uint32_t size) 78 { 79 ulong alignment = CONFIG_SYS_CACHELINE_SIZE; 80 ulong aligned_input, aligned_len; 81 82 if (!addr || !size) 83 return; 84 85 /* Must invalidate dcache after crypto DMA write data region */ 86 aligned_input = round_down(addr, alignment); 87 aligned_len = round_up(size + (addr - aligned_input), alignment); 88 invalidate_dcache_range(aligned_input, aligned_input + aligned_len); 89 } 90 91 static uint32_t trusty_base_write_security_data(char *filename, 92 uint32_t filename_size, 93 uint8_t *data, 94 uint32_t data_size) 95 { 96 TEEC_Result TeecResult; 97 TEEC_Context TeecContext; 98 TEEC_Session TeecSession; 99 uint32_t ErrorOrigin; 100 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 101 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 102 TEEC_UUID *TeecUuid = &tempuuid; 103 TEEC_Operation TeecOperation = {0}; 104 struct blk_desc *dev_desc; 105 dev_desc = rockchip_get_bootdev(); 106 if (!dev_desc) { 107 printf("%s: dev_desc is NULL!\n", __func__); 108 return -TEEC_ERROR_GENERIC; 109 } 110 111 TeecResult = OpteeClientApiLibInitialize(); 112 if (TeecResult != TEEC_SUCCESS) 113 return TeecResult; 114 115 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 116 if (TeecResult != TEEC_SUCCESS) 117 return TeecResult; 118 119 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 120 TEEC_NONE, 121 TEEC_NONE, 122 TEEC_NONE); 123 /*0 nand or emmc "security" partition , 1 rpmb*/ 124 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 125 TeecOperation.params[0].value.a = 1; 126 else 127 TeecOperation.params[0].value.a = 0; 128 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 129 TeecOperation.params[0].value.a = 0; 130 #endif 131 132 TeecResult = TEEC_OpenSession(&TeecContext, 133 &TeecSession, 134 TeecUuid, 135 TEEC_LOGIN_PUBLIC, 136 NULL, 137 &TeecOperation, 138 &ErrorOrigin); 139 if (TeecResult != TEEC_SUCCESS) 140 return TeecResult; 141 142 TEEC_SharedMemory SharedMem0 = {0}; 143 144 SharedMem0.size = filename_size; 145 SharedMem0.flags = 0; 146 147 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 148 if (TeecResult != TEEC_SUCCESS) 149 goto exit; 150 151 memcpy(SharedMem0.buffer, filename, SharedMem0.size); 152 153 TEEC_SharedMemory SharedMem1 = {0}; 154 155 SharedMem1.size = data_size; 156 SharedMem1.flags = 0; 157 158 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 159 if (TeecResult != TEEC_SUCCESS) 160 goto exit; 161 162 memcpy(SharedMem1.buffer, data, SharedMem1.size); 163 164 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 165 TeecOperation.params[0].tmpref.size = SharedMem0.size; 166 167 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 168 TeecOperation.params[1].tmpref.size = SharedMem1.size; 169 170 171 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 172 TEEC_MEMREF_TEMP_INOUT, 173 TEEC_NONE, 174 TEEC_NONE); 175 176 TeecResult = TEEC_InvokeCommand(&TeecSession, 177 1, 178 &TeecOperation, 179 &ErrorOrigin); 180 if (TeecResult != TEEC_SUCCESS) 181 goto exit; 182 exit: 183 TEEC_ReleaseSharedMemory(&SharedMem0); 184 TEEC_ReleaseSharedMemory(&SharedMem1); 185 TEEC_CloseSession(&TeecSession); 186 TEEC_FinalizeContext(&TeecContext); 187 188 return TeecResult; 189 } 190 191 static uint32_t trusty_base_read_security_data(char *filename, 192 uint32_t filename_size, 193 uint8_t *data, 194 uint32_t data_size) 195 { 196 TEEC_Result TeecResult; 197 TEEC_Context TeecContext; 198 TEEC_Session TeecSession; 199 uint32_t ErrorOrigin; 200 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 201 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 202 TEEC_UUID *TeecUuid = &tempuuid; 203 TEEC_Operation TeecOperation = {0}; 204 205 struct blk_desc *dev_desc; 206 dev_desc = rockchip_get_bootdev(); 207 if (!dev_desc) { 208 printf("%s: dev_desc is NULL!\n", __func__); 209 return -TEEC_ERROR_GENERIC; 210 } 211 212 TeecResult = OpteeClientApiLibInitialize(); 213 if (TeecResult != TEEC_SUCCESS) 214 return TeecResult; 215 216 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 217 if (TeecResult != TEEC_SUCCESS) 218 return TeecResult; 219 220 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 221 TEEC_NONE, 222 TEEC_NONE, 223 TEEC_NONE); 224 /*0 nand or emmc "security" partition , 1 rpmb*/ 225 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 226 TeecOperation.params[0].value.a = 1; 227 else 228 TeecOperation.params[0].value.a = 0; 229 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 230 TeecOperation.params[0].value.a = 0; 231 #endif 232 233 TeecResult = TEEC_OpenSession(&TeecContext, 234 &TeecSession, 235 TeecUuid, 236 TEEC_LOGIN_PUBLIC, 237 NULL, 238 &TeecOperation, 239 &ErrorOrigin); 240 if (TeecResult != TEEC_SUCCESS) 241 return TeecResult; 242 243 TEEC_SharedMemory SharedMem0 = {0}; 244 245 SharedMem0.size = filename_size; 246 SharedMem0.flags = 0; 247 248 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 249 if (TeecResult != TEEC_SUCCESS) 250 goto exit; 251 252 memcpy(SharedMem0.buffer, filename, SharedMem0.size); 253 254 TEEC_SharedMemory SharedMem1 = {0}; 255 256 SharedMem1.size = data_size; 257 SharedMem1.flags = 0; 258 259 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 260 if (TeecResult != TEEC_SUCCESS) 261 goto exit; 262 263 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 264 TeecOperation.params[0].tmpref.size = SharedMem0.size; 265 266 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 267 TeecOperation.params[1].tmpref.size = SharedMem1.size; 268 269 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 270 TEEC_MEMREF_TEMP_INOUT, 271 TEEC_NONE, 272 TEEC_NONE); 273 274 TeecResult = TEEC_InvokeCommand(&TeecSession, 275 0, 276 &TeecOperation, 277 &ErrorOrigin); 278 if (TeecResult == TEEC_SUCCESS) 279 memcpy(data, SharedMem1.buffer, SharedMem1.size); 280 exit: 281 TEEC_ReleaseSharedMemory(&SharedMem0); 282 TEEC_ReleaseSharedMemory(&SharedMem1); 283 TEEC_CloseSession(&TeecSession); 284 TEEC_FinalizeContext(&TeecContext); 285 286 return TeecResult; 287 } 288 289 static uint32_t trusty_base_end_security_data(void) 290 { 291 TEEC_Result TeecResult; 292 TEEC_Context TeecContext; 293 TEEC_Session TeecSession; 294 uint32_t ErrorOrigin; 295 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 296 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 297 TEEC_UUID *TeecUuid = &tempuuid; 298 TEEC_Operation TeecOperation = {0}; 299 300 TeecResult = OpteeClientApiLibInitialize(); 301 if (TeecResult != TEEC_SUCCESS) 302 return TeecResult; 303 304 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 305 if (TeecResult != TEEC_SUCCESS) 306 return TeecResult; 307 308 TeecResult = TEEC_OpenSession(&TeecContext, 309 &TeecSession, 310 TeecUuid, 311 TEEC_LOGIN_PUBLIC, 312 NULL, 313 NULL, 314 &ErrorOrigin); 315 if (TeecResult != TEEC_SUCCESS) 316 return TeecResult; 317 318 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 319 TEEC_NONE, 320 TEEC_NONE, 321 TEEC_NONE); 322 323 TeecResult = TEEC_InvokeCommand(&TeecSession, 324 2, 325 &TeecOperation, 326 &ErrorOrigin); 327 if (TeecResult != TEEC_SUCCESS) 328 goto exit; 329 exit: 330 TEEC_CloseSession(&TeecSession); 331 TEEC_FinalizeContext(&TeecContext); 332 333 return TeecResult; 334 } 335 336 static void trusty_notify_always_use_security(void) 337 { 338 #if defined(CONFIG_OPTEE_V2) && defined(CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION) 339 TEEC_Result TeecResult; 340 TEEC_Context TeecContext; 341 TEEC_Session TeecSession; 342 uint32_t ErrorOrigin; 343 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 344 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 345 TEEC_UUID *TeecUuid = &tempuuid; 346 TEEC_Operation TeecOperation = {0}; 347 348 TeecResult = OpteeClientApiLibInitialize(); 349 if (TeecResult != TEEC_SUCCESS) 350 return; 351 352 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 353 if (TeecResult != TEEC_SUCCESS) 354 return; 355 356 TeecResult = TEEC_OpenSession(&TeecContext, 357 &TeecSession, 358 TeecUuid, 359 TEEC_LOGIN_PUBLIC, 360 NULL, 361 NULL, 362 &ErrorOrigin); 363 if (TeecResult != TEEC_SUCCESS) 364 return; 365 366 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 367 TEEC_NONE, 368 TEEC_NONE, 369 TEEC_NONE); 370 371 TeecResult = TEEC_InvokeCommand(&TeecSession, 372 9, 373 &TeecOperation, 374 &ErrorOrigin); 375 if (TeecResult != TEEC_SUCCESS) 376 debug("notify always use security fail! please update optee!"); 377 378 TEEC_CloseSession(&TeecSession); 379 TEEC_FinalizeContext(&TeecContext); 380 381 return; 382 #endif 383 } 384 385 uint32_t trusty_read_rollback_index(uint32_t slot, uint64_t *value) 386 { 387 char hs[9]; 388 389 b2hs((uint8_t *)&slot, (uint8_t *)hs, 4, 9); 390 391 return trusty_base_read_security_data(hs, 8, (uint8_t *)value, 8); 392 } 393 394 uint32_t trusty_write_rollback_index(uint32_t slot, uint64_t value) 395 { 396 char hs[9]; 397 398 b2hs((uint8_t *)&slot, (uint8_t *)hs, 4, 9); 399 400 return trusty_base_write_security_data(hs, 8, (uint8_t *)&value, 8); 401 } 402 403 uint32_t trusty_read_permanent_attributes(uint8_t *attributes, uint32_t size) 404 { 405 return trusty_base_read_security_data("attributes", 406 sizeof("attributes"), attributes, size); 407 } 408 409 uint32_t trusty_write_permanent_attributes(uint8_t *attributes, uint32_t size) 410 { 411 return trusty_base_write_security_data("attributes", 412 sizeof("attributes"), attributes, size); 413 } 414 415 uint32_t trusty_read_permanent_attributes_flag(uint8_t *attributes) 416 { 417 return trusty_base_read_security_data("attributes_flag", 418 sizeof("attributes_flag"), attributes, 1); 419 } 420 421 uint32_t trusty_write_permanent_attributes_flag(uint8_t attributes) 422 { 423 return trusty_base_write_security_data("attributes_flag", 424 sizeof("attributes_flag"), &attributes, 1); 425 } 426 427 uint32_t trusty_read_permanent_attributes_cer(uint8_t *attributes, 428 uint32_t size) 429 { 430 return trusty_base_read_security_data("rsacer", 431 sizeof("rsacer"), attributes, size); 432 } 433 434 uint32_t trusty_write_permanent_attributes_cer(uint8_t *attributes, 435 uint32_t size) 436 { 437 return trusty_base_write_security_data("rsacer", 438 sizeof("rsacer"), attributes, size); 439 } 440 441 uint32_t trusty_read_lock_state(uint8_t *lock_state) 442 { 443 return trusty_base_read_security_data("lock_state", 444 sizeof("lock_state"), lock_state, 1); 445 } 446 447 uint32_t trusty_write_lock_state(uint8_t lock_state) 448 { 449 return trusty_base_write_security_data("lock_state", 450 sizeof("lock_state"), &lock_state, 1); 451 } 452 453 uint32_t trusty_read_flash_lock_state(uint8_t *flash_lock_state) 454 { 455 return trusty_base_read_security_data("flash_lock_state", 456 sizeof("flash_lock_state"), flash_lock_state, 1); 457 } 458 459 uint32_t trusty_write_flash_lock_state(uint8_t flash_lock_state) 460 { 461 return trusty_base_write_security_data("flash_lock_state", 462 sizeof("flash_lock_state"), &flash_lock_state, 1); 463 } 464 465 static uint32_t trusty_base_end_efuse_or_otp(void) 466 { 467 TEEC_Result TeecResult; 468 TEEC_Context TeecContext; 469 TEEC_Session TeecSession; 470 uint32_t ErrorOrigin; 471 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 472 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 473 474 TEEC_UUID *TeecUuid = &tempuuid; 475 TEEC_Operation TeecOperation = {0}; 476 477 TeecResult = OpteeClientApiLibInitialize(); 478 if (TeecResult != TEEC_SUCCESS) 479 return TeecResult; 480 481 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 482 if (TeecResult != TEEC_SUCCESS) 483 return TeecResult; 484 485 TeecResult = TEEC_OpenSession(&TeecContext, 486 &TeecSession, 487 TeecUuid, 488 TEEC_LOGIN_PUBLIC, 489 NULL, 490 NULL, 491 &ErrorOrigin); 492 if (TeecResult != TEEC_SUCCESS) 493 return TeecResult; 494 495 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 496 TEEC_NONE, 497 TEEC_NONE, 498 TEEC_NONE); 499 500 TeecResult = TEEC_InvokeCommand(&TeecSession, 501 STORAGE_CMD_UBOOT_END_OTP, 502 &TeecOperation, 503 &ErrorOrigin); 504 if (TeecResult != TEEC_SUCCESS) 505 goto exit; 506 exit: 507 TEEC_CloseSession(&TeecSession); 508 TEEC_FinalizeContext(&TeecContext); 509 510 return TeecResult; 511 } 512 513 static uint32_t trusty_base_efuse_or_otp_operation(uint32_t cmd, 514 uint8_t is_write, 515 uint32_t *buf, 516 uint32_t length) 517 { 518 TEEC_Result TeecResult; 519 TEEC_Context TeecContext; 520 TEEC_Session TeecSession; 521 uint32_t ErrorOrigin; 522 523 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 524 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 525 TEEC_UUID *TeecUuid = &tempuuid; 526 TEEC_Operation TeecOperation = {0}; 527 528 TeecResult = OpteeClientApiLibInitialize(); 529 if (TeecResult != TEEC_SUCCESS) 530 return TeecResult; 531 532 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 533 if (TeecResult != TEEC_SUCCESS) 534 return TeecResult; 535 536 TeecResult = TEEC_OpenSession(&TeecContext, 537 &TeecSession, 538 TeecUuid, 539 TEEC_LOGIN_PUBLIC, 540 NULL, 541 NULL, 542 &ErrorOrigin); 543 if (TeecResult != TEEC_SUCCESS) 544 return TeecResult; 545 546 TEEC_SharedMemory SharedMem0 = {0}; 547 548 SharedMem0.size = length * sizeof(uint32_t); 549 SharedMem0.flags = 0; 550 551 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 552 if (TeecResult != TEEC_SUCCESS) 553 goto exit; 554 555 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 556 TeecOperation.params[0].tmpref.size = SharedMem0.size; 557 558 if (is_write) { 559 memcpy(SharedMem0.buffer, buf, SharedMem0.size); 560 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 561 TEEC_NONE, 562 TEEC_NONE, 563 TEEC_NONE); 564 565 } else { 566 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, 567 TEEC_NONE, 568 TEEC_NONE, 569 TEEC_NONE); 570 } 571 572 TeecResult = TEEC_InvokeCommand(&TeecSession, 573 cmd, 574 &TeecOperation, 575 &ErrorOrigin); 576 if (TeecResult != TEEC_SUCCESS) 577 goto exit; 578 579 if (!is_write) 580 memcpy(buf, SharedMem0.buffer, SharedMem0.size); 581 582 exit: 583 TEEC_ReleaseSharedMemory(&SharedMem0); 584 TEEC_CloseSession(&TeecSession); 585 TEEC_FinalizeContext(&TeecContext); 586 587 return TeecResult; 588 } 589 590 uint32_t trusty_read_attribute_hash(uint32_t *buf, uint32_t length) 591 { 592 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_ATTRIBUTE_HASH, 593 false, buf, length); 594 } 595 596 uint32_t trusty_write_attribute_hash(uint32_t *buf, uint32_t length) 597 { 598 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_ATTRIBUTE_HASH, 599 true, buf, length); 600 } 601 602 uint32_t trusty_notify_optee_uboot_end(void) 603 { 604 TEEC_Result res; 605 606 res = trusty_base_end_security_data(); 607 res |= trusty_base_end_efuse_or_otp(); 608 return res; 609 } 610 611 uint32_t trusty_read_vbootkey_hash(uint32_t *buf, uint32_t length) 612 { 613 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_VBOOTKEY_HASH, 614 false, buf, length); 615 } 616 617 uint32_t trusty_write_vbootkey_hash(uint32_t *buf, uint32_t length) 618 { 619 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_VBOOTKEY_HASH, 620 true, buf, length); 621 } 622 623 uint32_t trusty_read_vbootkey_enable_flag(uint8_t *flag) 624 { 625 uint32_t bootflag; 626 TEEC_Result TeecResult; 627 628 *flag = 0; 629 630 TeecResult = trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_ENABLE_FLAG, 631 false, &bootflag, 1); 632 633 if (TeecResult == TEEC_SUCCESS) { 634 #if defined(CONFIG_ROCKCHIP_RK3288) 635 if (bootflag == 0x00000001) 636 *flag = 1; 637 #else 638 if (bootflag == 0x000000FF) 639 *flag = 1; 640 #endif 641 } 642 return TeecResult; 643 } 644 645 uint32_t trusty_write_ta_encryption_key(uint32_t *buf, uint32_t length) 646 { 647 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_TA_ENCRYPTION_KEY, 648 true, buf, length); 649 } 650 651 uint32_t trusty_ta_encryption_key_is_written(uint8_t *value) 652 { 653 TEEC_Result TeecResult; 654 TEEC_Context TeecContext; 655 TEEC_Session TeecSession; 656 uint32_t ErrorOrigin; 657 658 *value = 0; 659 660 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 661 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 662 TEEC_UUID *TeecUuid = &tempuuid; 663 TEEC_Operation TeecOperation = {0}; 664 665 TeecResult = OpteeClientApiLibInitialize(); 666 if (TeecResult != TEEC_SUCCESS) 667 return TeecResult; 668 669 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 670 if (TeecResult != TEEC_SUCCESS) 671 return TeecResult; 672 673 TeecResult = TEEC_OpenSession(&TeecContext, 674 &TeecSession, 675 TeecUuid, 676 TEEC_LOGIN_PUBLIC, 677 NULL, 678 NULL, 679 &ErrorOrigin); 680 if (TeecResult != TEEC_SUCCESS) 681 return TeecResult; 682 683 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_OUTPUT, 684 TEEC_NONE, 685 TEEC_NONE, 686 TEEC_NONE); 687 688 TeecResult = TEEC_InvokeCommand(&TeecSession, 689 STORAGE_CMD_TA_ENCRYPTION_KEY_IS_WRITTEN, 690 &TeecOperation, 691 &ErrorOrigin); 692 if (TeecResult == TEEC_SUCCESS) 693 *value = TeecOperation.params[0].value.a; 694 695 TEEC_CloseSession(&TeecSession); 696 TEEC_FinalizeContext(&TeecContext); 697 698 return TeecResult; 699 } 700 701 uint32_t trusty_check_security_level_flag(uint8_t flag) 702 { 703 uint32_t levelflag; 704 705 levelflag = flag; 706 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_CHECK_SECURITY_LEVEL_FLAG, 707 true, &levelflag, 1); 708 } 709 710 uint32_t trusty_write_oem_huk(uint32_t *buf, uint32_t length) 711 { 712 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_OEM_HUK, 713 true, buf, length); 714 } 715 716 static void trusty_select_security_level(void) 717 { 718 #if (CONFIG_OPTEE_SECURITY_LEVEL > 0) 719 TEEC_Result TeecResult; 720 721 TeecResult = trusty_check_security_level_flag(CONFIG_OPTEE_SECURITY_LEVEL); 722 if (TeecResult == TEE_ERROR_CANCEL) { 723 run_command("download", 0); 724 return; 725 } 726 727 if (TeecResult == TEEC_SUCCESS) 728 debug("optee select security level success!"); 729 else 730 panic("optee select security level fail!"); 731 732 return; 733 #endif 734 } 735 736 void optee_client_init(void) 737 { 738 trusty_select_security_level(); 739 trusty_notify_always_use_security(); 740 } 741 742 uint32_t trusty_write_oem_ns_otp(uint32_t byte_off, uint8_t *byte_buf, uint32_t byte_len) 743 { 744 TEEC_Result TeecResult; 745 TEEC_Context TeecContext; 746 TEEC_Session TeecSession; 747 uint32_t ErrorOrigin; 748 749 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 750 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 751 TEEC_UUID *TeecUuid = &tempuuid; 752 TEEC_Operation TeecOperation = {0}; 753 754 TeecResult = OpteeClientApiLibInitialize(); 755 if (TeecResult != TEEC_SUCCESS) 756 return TeecResult; 757 758 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 759 if (TeecResult != TEEC_SUCCESS) 760 return TeecResult; 761 762 TeecResult = TEEC_OpenSession(&TeecContext, 763 &TeecSession, 764 TeecUuid, 765 TEEC_LOGIN_PUBLIC, 766 NULL, 767 NULL, 768 &ErrorOrigin); 769 if (TeecResult != TEEC_SUCCESS) 770 return TeecResult; 771 772 TeecOperation.params[0].value.a = byte_off; 773 774 TEEC_SharedMemory SharedMem = {0}; 775 776 SharedMem.size = byte_len; 777 SharedMem.flags = 0; 778 779 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 780 if (TeecResult != TEEC_SUCCESS) 781 goto exit; 782 783 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 784 TeecOperation.params[1].tmpref.size = SharedMem.size; 785 786 memcpy(SharedMem.buffer, byte_buf, SharedMem.size); 787 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 788 TEEC_MEMREF_TEMP_INPUT, 789 TEEC_NONE, 790 TEEC_NONE); 791 792 TeecResult = TEEC_InvokeCommand(&TeecSession, 793 STORAGE_CMD_WRITE_OEM_NS_OTP, 794 &TeecOperation, 795 &ErrorOrigin); 796 if (TeecResult != TEEC_SUCCESS) 797 goto exit; 798 799 exit: 800 TEEC_ReleaseSharedMemory(&SharedMem); 801 TEEC_CloseSession(&TeecSession); 802 TEEC_FinalizeContext(&TeecContext); 803 804 return TeecResult; 805 } 806 807 uint32_t trusty_read_oem_ns_otp(uint32_t byte_off, uint8_t *byte_buf, uint32_t byte_len) 808 { 809 TEEC_Result TeecResult; 810 TEEC_Context TeecContext; 811 TEEC_Session TeecSession; 812 uint32_t ErrorOrigin; 813 814 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 815 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 816 TEEC_UUID *TeecUuid = &tempuuid; 817 TEEC_Operation TeecOperation = {0}; 818 819 TeecResult = OpteeClientApiLibInitialize(); 820 if (TeecResult != TEEC_SUCCESS) 821 return TeecResult; 822 823 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 824 if (TeecResult != TEEC_SUCCESS) 825 return TeecResult; 826 827 TeecResult = TEEC_OpenSession(&TeecContext, 828 &TeecSession, 829 TeecUuid, 830 TEEC_LOGIN_PUBLIC, 831 NULL, 832 NULL, 833 &ErrorOrigin); 834 if (TeecResult != TEEC_SUCCESS) 835 return TeecResult; 836 837 TeecOperation.params[0].value.a = byte_off; 838 839 TEEC_SharedMemory SharedMem = {0}; 840 841 SharedMem.size = byte_len; 842 SharedMem.flags = 0; 843 844 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 845 if (TeecResult != TEEC_SUCCESS) 846 goto exit; 847 848 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 849 TeecOperation.params[1].tmpref.size = SharedMem.size; 850 851 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 852 TEEC_MEMREF_TEMP_OUTPUT, 853 TEEC_NONE, 854 TEEC_NONE); 855 856 TeecResult = TEEC_InvokeCommand(&TeecSession, 857 STORAGE_CMD_READ_OEM_NS_OTP, 858 &TeecOperation, 859 &ErrorOrigin); 860 if (TeecResult != TEEC_SUCCESS) 861 goto exit; 862 863 memcpy(byte_buf, SharedMem.buffer, SharedMem.size); 864 865 exit: 866 TEEC_ReleaseSharedMemory(&SharedMem); 867 TEEC_CloseSession(&TeecSession); 868 TEEC_FinalizeContext(&TeecContext); 869 870 return TeecResult; 871 } 872 873 uint32_t trusty_write_oem_otp_key(enum RK_OEM_OTP_KEYID key_id, 874 uint8_t *byte_buf, uint32_t byte_len) 875 { 876 TEEC_Result TeecResult; 877 TEEC_Context TeecContext; 878 TEEC_Session TeecSession; 879 uint32_t ErrorOrigin; 880 881 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 882 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 883 TEEC_UUID *TeecUuid = &tempuuid; 884 TEEC_Operation TeecOperation = {0}; 885 886 TeecResult = OpteeClientApiLibInitialize(); 887 if (TeecResult != TEEC_SUCCESS) 888 return TeecResult; 889 890 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 891 if (TeecResult != TEEC_SUCCESS) 892 return TeecResult; 893 894 TeecResult = TEEC_OpenSession(&TeecContext, 895 &TeecSession, 896 TeecUuid, 897 TEEC_LOGIN_PUBLIC, 898 NULL, 899 NULL, 900 &ErrorOrigin); 901 if (TeecResult != TEEC_SUCCESS) 902 return TeecResult; 903 904 TeecOperation.params[0].value.a = key_id; 905 906 TEEC_SharedMemory SharedMem = {0}; 907 908 SharedMem.size = byte_len; 909 SharedMem.flags = 0; 910 911 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 912 if (TeecResult != TEEC_SUCCESS) 913 goto exit; 914 915 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 916 TeecOperation.params[1].tmpref.size = SharedMem.size; 917 918 memcpy(SharedMem.buffer, byte_buf, SharedMem.size); 919 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 920 TEEC_MEMREF_TEMP_INPUT, 921 TEEC_NONE, 922 TEEC_NONE); 923 924 TeecResult = TEEC_InvokeCommand(&TeecSession, 925 STORAGE_CMD_WRITE_OEM_OTP_KEY, 926 &TeecOperation, 927 &ErrorOrigin); 928 if (TeecResult != TEEC_SUCCESS) 929 goto exit; 930 931 exit: 932 TEEC_ReleaseSharedMemory(&SharedMem); 933 TEEC_CloseSession(&TeecSession); 934 TEEC_FinalizeContext(&TeecContext); 935 936 return TeecResult; 937 } 938 939 uint32_t trusty_oem_otp_key_is_written(enum RK_OEM_OTP_KEYID key_id, uint8_t *value) 940 { 941 TEEC_Result TeecResult; 942 TEEC_Context TeecContext; 943 TEEC_Session TeecSession; 944 uint32_t ErrorOrigin; 945 946 *value = 0xFF; 947 948 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 949 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 950 TEEC_UUID *TeecUuid = &tempuuid; 951 TEEC_Operation TeecOperation = {0}; 952 953 TeecResult = OpteeClientApiLibInitialize(); 954 if (TeecResult != TEEC_SUCCESS) 955 return TeecResult; 956 957 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 958 if (TeecResult != TEEC_SUCCESS) 959 return TeecResult; 960 961 TeecResult = TEEC_OpenSession(&TeecContext, 962 &TeecSession, 963 TeecUuid, 964 TEEC_LOGIN_PUBLIC, 965 NULL, 966 NULL, 967 &ErrorOrigin); 968 if (TeecResult != TEEC_SUCCESS) 969 return TeecResult; 970 971 TeecOperation.params[0].value.a = key_id; 972 973 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, 974 TEEC_NONE, 975 TEEC_NONE, 976 TEEC_NONE); 977 978 TeecResult = TEEC_InvokeCommand(&TeecSession, 979 STORAGE_CMD_OEM_OTP_KEY_IS_WRITTEN, 980 &TeecOperation, 981 &ErrorOrigin); 982 if (TeecResult == TEEC_SUCCESS) 983 *value = TeecOperation.params[0].value.b; 984 985 TEEC_CloseSession(&TeecSession); 986 TEEC_FinalizeContext(&TeecContext); 987 988 return TeecResult; 989 } 990 991 uint32_t trusty_set_oem_hr_otp_read_lock(enum RK_OEM_OTP_KEYID key_id) 992 { 993 TEEC_Result TeecResult; 994 TEEC_Context TeecContext; 995 TEEC_Session TeecSession; 996 uint32_t ErrorOrigin; 997 998 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 999 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 1000 TEEC_UUID *TeecUuid = &tempuuid; 1001 TEEC_Operation TeecOperation = {0}; 1002 1003 TeecResult = OpteeClientApiLibInitialize(); 1004 if (TeecResult != TEEC_SUCCESS) 1005 return TeecResult; 1006 1007 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1008 if (TeecResult != TEEC_SUCCESS) 1009 return TeecResult; 1010 1011 TeecResult = TEEC_OpenSession(&TeecContext, 1012 &TeecSession, 1013 TeecUuid, 1014 TEEC_LOGIN_PUBLIC, 1015 NULL, 1016 NULL, 1017 &ErrorOrigin); 1018 if (TeecResult != TEEC_SUCCESS) 1019 return TeecResult; 1020 1021 TeecOperation.params[0].value.a = key_id; 1022 1023 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1024 TEEC_NONE, 1025 TEEC_NONE, 1026 TEEC_NONE); 1027 1028 TeecResult = TEEC_InvokeCommand(&TeecSession, 1029 STORAGE_CMD_SET_OEM_HR_OTP_READ_LOCK, 1030 &TeecOperation, 1031 &ErrorOrigin); 1032 if (TeecResult != TEEC_SUCCESS) 1033 goto exit; 1034 1035 exit: 1036 TEEC_CloseSession(&TeecSession); 1037 TEEC_FinalizeContext(&TeecContext); 1038 1039 return TeecResult; 1040 } 1041 1042 uint32_t trusty_oem_otp_key_cipher(enum RK_OEM_OTP_KEYID key_id, rk_cipher_config *config, 1043 uint32_t src_phys_addr, uint32_t dst_phys_addr, 1044 uint32_t len) 1045 { 1046 TEEC_Result TeecResult; 1047 TEEC_Context TeecContext; 1048 TEEC_Session TeecSession; 1049 TEEC_Operation TeecOperation = {0}; 1050 uint32_t ErrorOrigin; 1051 TEEC_UUID uuid = RK_CRYPTO_SERVICE_UUID; 1052 TEEC_SharedMemory SharedMem_config = {0}; 1053 1054 if (key_id != RK_OEM_OTP_KEY0 && 1055 key_id != RK_OEM_OTP_KEY1 && 1056 key_id != RK_OEM_OTP_KEY2 && 1057 key_id != RK_OEM_OTP_KEY3 && 1058 key_id != RK_OEM_OTP_KEY_FW) 1059 return TEEC_ERROR_BAD_PARAMETERS; 1060 1061 if (!config) 1062 return TEEC_ERROR_BAD_PARAMETERS; 1063 1064 if (config->algo != RK_ALGO_AES && config->algo != RK_ALGO_SM4) 1065 return TEEC_ERROR_BAD_PARAMETERS; 1066 1067 if (config->mode >= RK_CIPHER_MODE_XTS) 1068 return TEEC_ERROR_BAD_PARAMETERS; 1069 1070 if (config->operation != RK_MODE_ENCRYPT && 1071 config->operation != RK_MODE_DECRYPT) 1072 return TEEC_ERROR_BAD_PARAMETERS; 1073 1074 if (config->key_len != 16 && 1075 config->key_len != 24 && 1076 config->key_len != 32) 1077 return TEEC_ERROR_BAD_PARAMETERS; 1078 1079 if (key_id == RK_OEM_OTP_KEY_FW && config->key_len != 16) 1080 return TEEC_ERROR_BAD_PARAMETERS; 1081 1082 #if defined(CONFIG_ROCKCHIP_RV1126) 1083 if (config->key_len == 24) 1084 return TEEC_ERROR_BAD_PARAMETERS; 1085 #endif 1086 1087 if (len % AES_BLOCK_SIZE || 1088 len == 0) 1089 return TEEC_ERROR_BAD_PARAMETERS; 1090 1091 if (!src_phys_addr || !dst_phys_addr) 1092 return TEEC_ERROR_BAD_PARAMETERS; 1093 1094 TeecResult = OpteeClientApiLibInitialize(); 1095 if (TeecResult != TEEC_SUCCESS) 1096 return TeecResult; 1097 1098 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1099 if (TeecResult != TEEC_SUCCESS) 1100 return TeecResult; 1101 1102 TeecResult = TEEC_OpenSession(&TeecContext, 1103 &TeecSession, 1104 &uuid, 1105 TEEC_LOGIN_PUBLIC, 1106 NULL, 1107 NULL, 1108 &ErrorOrigin); 1109 if (TeecResult != TEEC_SUCCESS) 1110 goto exit; 1111 1112 SharedMem_config.size = sizeof(rk_cipher_config); 1113 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem_config); 1114 if (TeecResult != TEEC_SUCCESS) 1115 goto exit; 1116 1117 memcpy(SharedMem_config.buffer, config, sizeof(rk_cipher_config)); 1118 TeecOperation.params[0].value.a = key_id; 1119 TeecOperation.params[1].tmpref.buffer = SharedMem_config.buffer; 1120 TeecOperation.params[1].tmpref.size = SharedMem_config.size; 1121 TeecOperation.params[2].value.a = src_phys_addr; 1122 TeecOperation.params[2].value.b = len; 1123 TeecOperation.params[3].value.a = dst_phys_addr; 1124 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1125 TEEC_MEMREF_TEMP_INPUT, 1126 TEEC_VALUE_INPUT, 1127 TEEC_VALUE_INPUT); 1128 1129 crypto_flush_cacheline(src_phys_addr, len); 1130 crypto_flush_cacheline(dst_phys_addr, len); 1131 1132 TeecResult = TEEC_InvokeCommand(&TeecSession, 1133 CRYPTO_SERVICE_CMD_OEM_OTP_KEY_PHYS_CIPHER, 1134 &TeecOperation, 1135 &ErrorOrigin); 1136 1137 crypto_invalidate_cacheline(dst_phys_addr, len); 1138 1139 exit: 1140 TEEC_ReleaseSharedMemory(&SharedMem_config); 1141 TEEC_CloseSession(&TeecSession); 1142 TEEC_FinalizeContext(&TeecContext); 1143 return TeecResult; 1144 } 1145 1146 uint32_t trusty_attest_dh(uint8_t *dh, uint32_t *dh_size) 1147 { 1148 TEEC_Result TeecResult; 1149 TEEC_Context TeecContext; 1150 TEEC_Session TeecSession; 1151 uint32_t ErrorOrigin; 1152 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1153 { 0xa8, 0x69, 0x9c, 0xe6, 1154 0x88, 0x6c, 0x5d, 0x5d 1155 } 1156 }; 1157 TEEC_UUID *TeecUuid = &tempuuid; 1158 TEEC_Operation TeecOperation = {0}; 1159 struct blk_desc *dev_desc; 1160 dev_desc = rockchip_get_bootdev(); 1161 if (!dev_desc) { 1162 printf("%s: dev_desc is NULL!\n", __func__); 1163 return -TEEC_ERROR_GENERIC; 1164 } 1165 1166 TeecResult = OpteeClientApiLibInitialize(); 1167 if (TeecResult != TEEC_SUCCESS) 1168 return TeecResult; 1169 1170 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1171 if (TeecResult != TEEC_SUCCESS) 1172 return TeecResult; 1173 1174 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1175 TEEC_NONE, 1176 TEEC_NONE, 1177 TEEC_NONE); 1178 /*0 nand or emmc "security" partition , 1 rpmb*/ 1179 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1180 TeecOperation.params[0].value.a = 1; 1181 else 1182 TeecOperation.params[0].value.a = 0; 1183 1184 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1185 TeecOperation.params[0].value.a = 0; 1186 #endif 1187 1188 TeecResult = TEEC_OpenSession(&TeecContext, 1189 &TeecSession, 1190 TeecUuid, 1191 TEEC_LOGIN_PUBLIC, 1192 NULL, 1193 &TeecOperation, 1194 &ErrorOrigin); 1195 if (TeecResult != TEEC_SUCCESS) 1196 return TeecResult; 1197 1198 TEEC_SharedMemory SharedMem0 = {0}; 1199 1200 SharedMem0.size = *dh_size; 1201 SharedMem0.flags = 0; 1202 1203 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1204 if (TeecResult != TEEC_SUCCESS) 1205 goto exit; 1206 1207 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1208 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1209 1210 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1211 TEEC_NONE, 1212 TEEC_NONE, 1213 TEEC_NONE); 1214 1215 TeecResult = TEEC_InvokeCommand(&TeecSession, 1216 143, 1217 &TeecOperation, 1218 &ErrorOrigin); 1219 if (TeecResult != TEEC_SUCCESS) 1220 goto exit; 1221 1222 *dh_size = TeecOperation.params[0].tmpref.size; 1223 memcpy(dh, SharedMem0.buffer, SharedMem0.size); 1224 exit: 1225 TEEC_ReleaseSharedMemory(&SharedMem0); 1226 TEEC_CloseSession(&TeecSession); 1227 TEEC_FinalizeContext(&TeecContext); 1228 1229 return TeecResult; 1230 } 1231 1232 uint32_t trusty_attest_uuid(uint8_t *uuid, uint32_t *uuid_size) 1233 { 1234 TEEC_Result TeecResult; 1235 TEEC_Context TeecContext; 1236 TEEC_Session TeecSession; 1237 uint32_t ErrorOrigin; 1238 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1239 { 0xa8, 0x69, 0x9c, 0xe6, 1240 0x88, 0x6c, 0x5d, 0x5d 1241 } 1242 }; 1243 TEEC_UUID *TeecUuid = &tempuuid; 1244 TEEC_Operation TeecOperation = {0}; 1245 struct blk_desc *dev_desc; 1246 dev_desc = rockchip_get_bootdev(); 1247 if (!dev_desc) { 1248 printf("%s: dev_desc is NULL!\n", __func__); 1249 return -TEEC_ERROR_GENERIC; 1250 } 1251 1252 TeecResult = OpteeClientApiLibInitialize(); 1253 if (TeecResult != TEEC_SUCCESS) 1254 return TeecResult; 1255 1256 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1257 if (TeecResult != TEEC_SUCCESS) 1258 return TeecResult; 1259 1260 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1261 TEEC_NONE, 1262 TEEC_NONE, 1263 TEEC_NONE); 1264 /*0 nand or emmc "security" partition , 1 rpmb*/ 1265 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1266 TeecOperation.params[0].value.a = 1; 1267 else 1268 TeecOperation.params[0].value.a = 0; 1269 1270 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1271 TeecOperation.params[0].value.a = 0; 1272 #endif 1273 1274 TeecResult = TEEC_OpenSession(&TeecContext, 1275 &TeecSession, 1276 TeecUuid, 1277 TEEC_LOGIN_PUBLIC, 1278 NULL, 1279 &TeecOperation, 1280 &ErrorOrigin); 1281 if (TeecResult != TEEC_SUCCESS) 1282 return TeecResult; 1283 1284 TEEC_SharedMemory SharedMem0 = {0}; 1285 1286 SharedMem0.size = *uuid_size; 1287 SharedMem0.flags = 0; 1288 1289 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1290 if (TeecResult != TEEC_SUCCESS) 1291 goto exit; 1292 1293 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1294 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1295 1296 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1297 TEEC_NONE, 1298 TEEC_NONE, 1299 TEEC_NONE); 1300 1301 TeecResult = TEEC_InvokeCommand(&TeecSession, 1302 144, 1303 &TeecOperation, 1304 &ErrorOrigin); 1305 if (TeecResult != TEEC_SUCCESS) 1306 goto exit; 1307 1308 *uuid_size = TeecOperation.params[0].tmpref.size; 1309 memcpy(uuid, SharedMem0.buffer, SharedMem0.size); 1310 exit: 1311 TEEC_ReleaseSharedMemory(&SharedMem0); 1312 TEEC_CloseSession(&TeecSession); 1313 TEEC_FinalizeContext(&TeecContext); 1314 1315 return TeecResult; 1316 } 1317 1318 uint32_t trusty_attest_get_ca(uint8_t *operation_start, 1319 uint32_t *operation_size, 1320 uint8_t *out, 1321 uint32_t *out_len) 1322 { 1323 TEEC_Result TeecResult; 1324 TEEC_Context TeecContext; 1325 TEEC_Session TeecSession; 1326 uint32_t ErrorOrigin; 1327 1328 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1329 { 0xa8, 0x69, 0x9c, 0xe6, 1330 0x88, 0x6c, 0x5d, 0x5d 1331 } 1332 }; 1333 1334 TEEC_UUID *TeecUuid = &tempuuid; 1335 TEEC_Operation TeecOperation = {0}; 1336 struct blk_desc *dev_desc; 1337 dev_desc = rockchip_get_bootdev(); 1338 if (!dev_desc) { 1339 printf("%s: dev_desc is NULL!\n", __func__); 1340 return -TEEC_ERROR_GENERIC; 1341 } 1342 1343 TeecResult = OpteeClientApiLibInitialize(); 1344 if (TeecResult != TEEC_SUCCESS) 1345 return TeecResult; 1346 1347 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1348 if (TeecResult != TEEC_SUCCESS) 1349 return TeecResult; 1350 1351 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1352 TEEC_NONE, 1353 TEEC_NONE, 1354 TEEC_NONE); 1355 /*0 nand or emmc "security" partition , 1 rpmb*/ 1356 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1357 TeecOperation.params[0].value.a = 1; 1358 else 1359 TeecOperation.params[0].value.a = 0; 1360 1361 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1362 TeecOperation.params[0].value.a = 0; 1363 #endif 1364 1365 TeecResult = TEEC_OpenSession(&TeecContext, 1366 &TeecSession, 1367 TeecUuid, 1368 TEEC_LOGIN_PUBLIC, 1369 NULL, 1370 &TeecOperation, 1371 &ErrorOrigin); 1372 if (TeecResult != TEEC_SUCCESS) 1373 return TeecResult; 1374 1375 TEEC_SharedMemory SharedMem0 = {0}; 1376 1377 SharedMem0.size = *operation_size; 1378 SharedMem0.flags = 0; 1379 1380 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1381 if (TeecResult != TEEC_SUCCESS) 1382 goto exit; 1383 1384 memcpy(SharedMem0.buffer, operation_start, SharedMem0.size); 1385 1386 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1387 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1388 1389 TEEC_SharedMemory SharedMem1 = {0}; 1390 1391 SharedMem1.size = *out_len; 1392 SharedMem1.flags = 0; 1393 1394 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 1395 if (TeecResult != TEEC_SUCCESS) 1396 goto exit; 1397 1398 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 1399 TeecOperation.params[1].tmpref.size = SharedMem1.size; 1400 1401 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1402 TEEC_MEMREF_TEMP_INOUT, 1403 TEEC_NONE, 1404 TEEC_NONE); 1405 1406 TeecResult = TEEC_InvokeCommand(&TeecSession, 1407 145, 1408 &TeecOperation, 1409 &ErrorOrigin); 1410 if (TeecResult != TEEC_SUCCESS) 1411 goto exit; 1412 1413 *out_len = TeecOperation.params[1].tmpref.size; 1414 memcpy(out, SharedMem1.buffer, SharedMem1.size); 1415 exit: 1416 TEEC_ReleaseSharedMemory(&SharedMem0); 1417 TEEC_ReleaseSharedMemory(&SharedMem1); 1418 TEEC_CloseSession(&TeecSession); 1419 TEEC_FinalizeContext(&TeecContext); 1420 1421 return TeecResult; 1422 } 1423 1424 uint32_t trusty_attest_set_ca(uint8_t *ca_response, uint32_t *ca_response_size) 1425 { 1426 TEEC_Result TeecResult; 1427 TEEC_Context TeecContext; 1428 TEEC_Session TeecSession; 1429 uint32_t ErrorOrigin; 1430 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1431 { 0xa8, 0x69, 0x9c, 0xe6, 1432 0x88, 0x6c, 0x5d, 0x5d 1433 } 1434 }; 1435 TEEC_UUID *TeecUuid = &tempuuid; 1436 TEEC_Operation TeecOperation = {0}; 1437 struct blk_desc *dev_desc; 1438 dev_desc = rockchip_get_bootdev(); 1439 if (!dev_desc) { 1440 printf("%s: dev_desc is NULL!\n", __func__); 1441 return -TEEC_ERROR_GENERIC; 1442 } 1443 TeecResult = OpteeClientApiLibInitialize(); 1444 if (TeecResult != TEEC_SUCCESS) 1445 return TeecResult; 1446 1447 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1448 if (TeecResult != TEEC_SUCCESS) 1449 return TeecResult; 1450 1451 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1452 TEEC_NONE, 1453 TEEC_NONE, 1454 TEEC_NONE); 1455 /*0 nand or emmc "security" partition , 1 rpmb*/ 1456 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1457 TeecOperation.params[0].value.a = 1; 1458 else 1459 TeecOperation.params[0].value.a = 0; 1460 1461 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1462 TeecOperation.params[0].value.a = 0; 1463 #endif 1464 1465 TeecResult = TEEC_OpenSession(&TeecContext, 1466 &TeecSession, 1467 TeecUuid, 1468 TEEC_LOGIN_PUBLIC, 1469 NULL, 1470 &TeecOperation, 1471 &ErrorOrigin); 1472 if (TeecResult != TEEC_SUCCESS) 1473 return TeecResult; 1474 1475 TEEC_SharedMemory SharedMem0 = {0}; 1476 1477 SharedMem0.size = *ca_response_size; 1478 SharedMem0.flags = 0; 1479 1480 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1481 if (TeecResult != TEEC_SUCCESS) 1482 goto exit; 1483 1484 memcpy(SharedMem0.buffer, ca_response, SharedMem0.size); 1485 1486 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1487 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1488 1489 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1490 TEEC_NONE, 1491 TEEC_NONE, 1492 TEEC_NONE); 1493 1494 TeecResult = TEEC_InvokeCommand(&TeecSession, 1495 146, 1496 &TeecOperation, 1497 &ErrorOrigin); 1498 if (TeecResult != TEEC_SUCCESS) 1499 goto exit; 1500 exit: 1501 TEEC_ReleaseSharedMemory(&SharedMem0); 1502 TEEC_CloseSession(&TeecSession); 1503 TEEC_FinalizeContext(&TeecContext); 1504 1505 return TeecResult; 1506 } 1507