1 /* 2 * Copyright 2017, Rockchip Electronics Co., Ltd 3 * hisping lin, <hisping.lin@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <common.h> 9 #include <optee_include/OpteeClientInterface.h> 10 #include <optee_include/OpteeClientApiLib.h> 11 #include <optee_include/tee_client_api.h> 12 #include <optee_include/tee_api_defines.h> 13 #include <boot_rkimg.h> 14 #include <stdlib.h> 15 #include <attestation_key.h> 16 17 #define BOOT_FROM_EMMC (1 << 1) 18 #define STORAGE_CMD_READ_ATTRIBUTE_HASH 0 19 #define STORAGE_CMD_WRITE_ATTRIBUTE_HASH 1 20 #define STORAGE_CMD_UBOOT_END_OTP 2 21 #define STORAGE_CMD_READ_VBOOTKEY_HASH 3 22 #define STORAGE_CMD_WRITE_VBOOTKEY_HASH 4 23 #define STORAGE_CMD_READ_ENABLE_FLAG 5 24 #define STORAGE_CMD_WRITE_TA_ENCRYPTION_KEY 9 25 #define STORAGE_CMD_CHECK_SECURITY_LEVEL_FLAG 10 26 #define STORAGE_CMD_WRITE_OEM_HUK 11 27 #define STORAGE_CMD_WRITE_OEM_NS_OTP 12 28 #define STORAGE_CMD_READ_OEM_NS_OTP 13 29 #define STORAGE_CMD_WRITE_OEM_OTP_KEY 14 30 #define STORAGE_CMD_SET_OEM_HR_OTP_READ_LOCK 15 31 #define STORAGE_CMD_OEM_OTP_KEY_IS_WRITTEN 16 32 #define STORAGE_CMD_TA_ENCRYPTION_KEY_IS_WRITTEN 20 33 34 #define CRYPTO_SERVICE_CMD_OEM_OTP_KEY_PHYS_CIPHER 0x00000002 35 36 #define RK_CRYPTO_SERVICE_UUID { 0x0cacdb5d, 0x4fea, 0x466c, \ 37 { 0x97, 0x16, 0x3d, 0x54, 0x16, 0x52, 0x83, 0x0f } } 38 39 static uint8_t b2hs_add_base(uint8_t in) 40 { 41 if (in > 9) 42 return in + 55; 43 else 44 return in + 48; 45 } 46 47 static uint32_t b2hs(uint8_t *b, uint8_t *hs, uint32_t blen, uint32_t hslen) 48 { 49 uint32_t i = 0; 50 51 if (blen * 2 + 1 > hslen) 52 return 0; 53 54 for (; i < blen; i++) { 55 hs[i * 2 + 1] = b2hs_add_base(b[i] & 0xf); 56 hs[i * 2] = b2hs_add_base(b[i] >> 4); 57 } 58 hs[blen * 2] = 0; 59 60 return blen * 2; 61 } 62 63 static void crypto_flush_cacheline(uint32_t addr, uint32_t size) 64 { 65 ulong alignment = CONFIG_SYS_CACHELINE_SIZE; 66 ulong aligned_input, aligned_len; 67 68 if (!addr || !size) 69 return; 70 71 /* Must flush dcache before crypto DMA fetch data region */ 72 aligned_input = round_down(addr, alignment); 73 aligned_len = round_up(size + (addr - aligned_input), alignment); 74 flush_cache(aligned_input, aligned_len); 75 } 76 77 static void crypto_invalidate_cacheline(uint32_t addr, uint32_t size) 78 { 79 ulong alignment = CONFIG_SYS_CACHELINE_SIZE; 80 ulong aligned_input, aligned_len; 81 82 if (!addr || !size) 83 return; 84 85 /* Must invalidate dcache after crypto DMA write data region */ 86 aligned_input = round_down(addr, alignment); 87 aligned_len = round_up(size + (addr - aligned_input), alignment); 88 invalidate_dcache_range(aligned_input, aligned_input + aligned_len); 89 } 90 91 static uint32_t trusty_base_write_security_data(char *filename, 92 uint32_t filename_size, 93 uint8_t *data, 94 uint32_t data_size) 95 { 96 TEEC_Result TeecResult; 97 TEEC_Context TeecContext; 98 TEEC_Session TeecSession; 99 uint32_t ErrorOrigin; 100 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 101 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 102 TEEC_UUID *TeecUuid = &tempuuid; 103 TEEC_Operation TeecOperation = {0}; 104 struct blk_desc *dev_desc; 105 dev_desc = rockchip_get_bootdev(); 106 if (!dev_desc) { 107 printf("%s: dev_desc is NULL!\n", __func__); 108 return -TEEC_ERROR_GENERIC; 109 } 110 111 TeecResult = OpteeClientApiLibInitialize(); 112 if (TeecResult != TEEC_SUCCESS) 113 return TeecResult; 114 115 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 116 if (TeecResult != TEEC_SUCCESS) 117 return TeecResult; 118 119 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 120 TEEC_NONE, 121 TEEC_NONE, 122 TEEC_NONE); 123 /*0 nand or emmc "security" partition , 1 rpmb*/ 124 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 125 TeecOperation.params[0].value.a = 1; 126 else 127 TeecOperation.params[0].value.a = 0; 128 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 129 TeecOperation.params[0].value.a = 0; 130 #endif 131 132 TeecResult = TEEC_OpenSession(&TeecContext, 133 &TeecSession, 134 TeecUuid, 135 TEEC_LOGIN_PUBLIC, 136 NULL, 137 &TeecOperation, 138 &ErrorOrigin); 139 if (TeecResult != TEEC_SUCCESS) 140 return TeecResult; 141 142 TEEC_SharedMemory SharedMem0 = {0}; 143 144 SharedMem0.size = filename_size; 145 SharedMem0.flags = 0; 146 147 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 148 if (TeecResult != TEEC_SUCCESS) 149 goto exit; 150 151 memcpy(SharedMem0.buffer, filename, SharedMem0.size); 152 153 TEEC_SharedMemory SharedMem1 = {0}; 154 155 SharedMem1.size = data_size; 156 SharedMem1.flags = 0; 157 158 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 159 if (TeecResult != TEEC_SUCCESS) 160 goto exit; 161 162 memcpy(SharedMem1.buffer, data, SharedMem1.size); 163 164 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 165 TeecOperation.params[0].tmpref.size = SharedMem0.size; 166 167 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 168 TeecOperation.params[1].tmpref.size = SharedMem1.size; 169 170 171 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 172 TEEC_MEMREF_TEMP_INOUT, 173 TEEC_NONE, 174 TEEC_NONE); 175 176 TeecResult = TEEC_InvokeCommand(&TeecSession, 177 1, 178 &TeecOperation, 179 &ErrorOrigin); 180 if (TeecResult != TEEC_SUCCESS) 181 goto exit; 182 exit: 183 TEEC_ReleaseSharedMemory(&SharedMem0); 184 TEEC_ReleaseSharedMemory(&SharedMem1); 185 TEEC_CloseSession(&TeecSession); 186 TEEC_FinalizeContext(&TeecContext); 187 188 return TeecResult; 189 } 190 191 static uint32_t trusty_base_read_security_data(char *filename, 192 uint32_t filename_size, 193 uint8_t *data, 194 uint32_t data_size) 195 { 196 TEEC_Result TeecResult; 197 TEEC_Context TeecContext; 198 TEEC_Session TeecSession; 199 uint32_t ErrorOrigin; 200 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 201 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 202 TEEC_UUID *TeecUuid = &tempuuid; 203 TEEC_Operation TeecOperation = {0}; 204 205 struct blk_desc *dev_desc; 206 dev_desc = rockchip_get_bootdev(); 207 if (!dev_desc) { 208 printf("%s: dev_desc is NULL!\n", __func__); 209 return -TEEC_ERROR_GENERIC; 210 } 211 212 TeecResult = OpteeClientApiLibInitialize(); 213 if (TeecResult != TEEC_SUCCESS) 214 return TeecResult; 215 216 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 217 if (TeecResult != TEEC_SUCCESS) 218 return TeecResult; 219 220 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 221 TEEC_NONE, 222 TEEC_NONE, 223 TEEC_NONE); 224 /*0 nand or emmc "security" partition , 1 rpmb*/ 225 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 226 TeecOperation.params[0].value.a = 1; 227 else 228 TeecOperation.params[0].value.a = 0; 229 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 230 TeecOperation.params[0].value.a = 0; 231 #endif 232 233 TeecResult = TEEC_OpenSession(&TeecContext, 234 &TeecSession, 235 TeecUuid, 236 TEEC_LOGIN_PUBLIC, 237 NULL, 238 &TeecOperation, 239 &ErrorOrigin); 240 if (TeecResult != TEEC_SUCCESS) 241 return TeecResult; 242 243 TEEC_SharedMemory SharedMem0 = {0}; 244 245 SharedMem0.size = filename_size; 246 SharedMem0.flags = 0; 247 248 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 249 if (TeecResult != TEEC_SUCCESS) 250 goto exit; 251 252 memcpy(SharedMem0.buffer, filename, SharedMem0.size); 253 254 TEEC_SharedMemory SharedMem1 = {0}; 255 256 SharedMem1.size = data_size; 257 SharedMem1.flags = 0; 258 259 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 260 if (TeecResult != TEEC_SUCCESS) 261 goto exit; 262 263 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 264 TeecOperation.params[0].tmpref.size = SharedMem0.size; 265 266 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 267 TeecOperation.params[1].tmpref.size = SharedMem1.size; 268 269 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 270 TEEC_MEMREF_TEMP_INOUT, 271 TEEC_NONE, 272 TEEC_NONE); 273 274 TeecResult = TEEC_InvokeCommand(&TeecSession, 275 0, 276 &TeecOperation, 277 &ErrorOrigin); 278 if (TeecResult == TEEC_SUCCESS) 279 memcpy(data, SharedMem1.buffer, SharedMem1.size); 280 exit: 281 TEEC_ReleaseSharedMemory(&SharedMem0); 282 TEEC_ReleaseSharedMemory(&SharedMem1); 283 TEEC_CloseSession(&TeecSession); 284 TEEC_FinalizeContext(&TeecContext); 285 286 return TeecResult; 287 } 288 289 static uint32_t trusty_base_end_security_data(void) 290 { 291 TEEC_Result TeecResult; 292 TEEC_Context TeecContext; 293 TEEC_Session TeecSession; 294 uint32_t ErrorOrigin; 295 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 296 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 297 TEEC_UUID *TeecUuid = &tempuuid; 298 TEEC_Operation TeecOperation = {0}; 299 300 TeecResult = OpteeClientApiLibInitialize(); 301 if (TeecResult != TEEC_SUCCESS) 302 return TeecResult; 303 304 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 305 if (TeecResult != TEEC_SUCCESS) 306 return TeecResult; 307 308 TeecResult = TEEC_OpenSession(&TeecContext, 309 &TeecSession, 310 TeecUuid, 311 TEEC_LOGIN_PUBLIC, 312 NULL, 313 NULL, 314 &ErrorOrigin); 315 if (TeecResult != TEEC_SUCCESS) 316 return TeecResult; 317 318 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 319 TEEC_NONE, 320 TEEC_NONE, 321 TEEC_NONE); 322 323 TeecResult = TEEC_InvokeCommand(&TeecSession, 324 2, 325 &TeecOperation, 326 &ErrorOrigin); 327 if (TeecResult != TEEC_SUCCESS) 328 goto exit; 329 exit: 330 TEEC_CloseSession(&TeecSession); 331 TEEC_FinalizeContext(&TeecContext); 332 333 return TeecResult; 334 } 335 336 static void trusty_notify_always_use_security(void) 337 { 338 #if defined(CONFIG_OPTEE_V2) && defined(CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION) 339 TEEC_Result TeecResult; 340 TEEC_Context TeecContext; 341 TEEC_Session TeecSession; 342 uint32_t ErrorOrigin; 343 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 344 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 345 TEEC_UUID *TeecUuid = &tempuuid; 346 TEEC_Operation TeecOperation = {0}; 347 348 TeecResult = OpteeClientApiLibInitialize(); 349 if (TeecResult != TEEC_SUCCESS) 350 return; 351 352 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 353 if (TeecResult != TEEC_SUCCESS) 354 return; 355 356 TeecResult = TEEC_OpenSession(&TeecContext, 357 &TeecSession, 358 TeecUuid, 359 TEEC_LOGIN_PUBLIC, 360 NULL, 361 NULL, 362 &ErrorOrigin); 363 if (TeecResult != TEEC_SUCCESS) 364 return; 365 366 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 367 TEEC_NONE, 368 TEEC_NONE, 369 TEEC_NONE); 370 371 TeecResult = TEEC_InvokeCommand(&TeecSession, 372 9, 373 &TeecOperation, 374 &ErrorOrigin); 375 if (TeecResult != TEEC_SUCCESS) 376 debug("notify always use security fail! please update optee!"); 377 378 TEEC_CloseSession(&TeecSession); 379 TEEC_FinalizeContext(&TeecContext); 380 381 return; 382 #endif 383 } 384 385 uint32_t trusty_read_rollback_index(uint32_t slot, uint64_t *value) 386 { 387 char hs[9]; 388 389 b2hs((uint8_t *)&slot, (uint8_t *)hs, 4, 9); 390 391 return trusty_base_read_security_data(hs, 8, (uint8_t *)value, 8); 392 } 393 394 uint32_t trusty_write_rollback_index(uint32_t slot, uint64_t value) 395 { 396 char hs[9]; 397 398 b2hs((uint8_t *)&slot, (uint8_t *)hs, 4, 9); 399 400 return trusty_base_write_security_data(hs, 8, (uint8_t *)&value, 8); 401 } 402 403 uint32_t trusty_read_permanent_attributes(uint8_t *attributes, uint32_t size) 404 { 405 return trusty_base_read_security_data("attributes", 406 sizeof("attributes"), attributes, size); 407 } 408 409 uint32_t trusty_write_permanent_attributes(uint8_t *attributes, uint32_t size) 410 { 411 return trusty_base_write_security_data("attributes", 412 sizeof("attributes"), attributes, size); 413 } 414 415 uint32_t trusty_read_permanent_attributes_flag(uint8_t *attributes) 416 { 417 return trusty_base_read_security_data("attributes_flag", 418 sizeof("attributes_flag"), attributes, 1); 419 } 420 421 uint32_t trusty_write_permanent_attributes_flag(uint8_t attributes) 422 { 423 return trusty_base_write_security_data("attributes_flag", 424 sizeof("attributes_flag"), &attributes, 1); 425 } 426 427 uint32_t trusty_read_permanent_attributes_cer(uint8_t *attributes, 428 uint32_t size) 429 { 430 return trusty_base_read_security_data("rsacer", 431 sizeof("rsacer"), attributes, size); 432 } 433 434 uint32_t trusty_write_permanent_attributes_cer(uint8_t *attributes, 435 uint32_t size) 436 { 437 return trusty_base_write_security_data("rsacer", 438 sizeof("rsacer"), attributes, size); 439 } 440 441 uint32_t trusty_read_lock_state(uint8_t *lock_state) 442 { 443 return trusty_base_read_security_data("lock_state", 444 sizeof("lock_state"), lock_state, 1); 445 } 446 447 uint32_t trusty_write_lock_state(uint8_t lock_state) 448 { 449 return trusty_base_write_security_data("lock_state", 450 sizeof("lock_state"), &lock_state, 1); 451 } 452 453 uint32_t trusty_read_flash_lock_state(uint8_t *flash_lock_state) 454 { 455 return trusty_base_read_security_data("flash_lock_state", 456 sizeof("flash_lock_state"), flash_lock_state, 1); 457 } 458 459 uint32_t trusty_write_flash_lock_state(uint8_t flash_lock_state) 460 { 461 return trusty_base_write_security_data("flash_lock_state", 462 sizeof("flash_lock_state"), &flash_lock_state, 1); 463 } 464 465 static uint32_t trusty_base_end_efuse_or_otp(void) 466 { 467 TEEC_Result TeecResult; 468 TEEC_Context TeecContext; 469 TEEC_Session TeecSession; 470 uint32_t ErrorOrigin; 471 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 472 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 473 474 TEEC_UUID *TeecUuid = &tempuuid; 475 TEEC_Operation TeecOperation = {0}; 476 477 TeecResult = OpteeClientApiLibInitialize(); 478 if (TeecResult != TEEC_SUCCESS) 479 return TeecResult; 480 481 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 482 if (TeecResult != TEEC_SUCCESS) 483 return TeecResult; 484 485 TeecResult = TEEC_OpenSession(&TeecContext, 486 &TeecSession, 487 TeecUuid, 488 TEEC_LOGIN_PUBLIC, 489 NULL, 490 NULL, 491 &ErrorOrigin); 492 if (TeecResult != TEEC_SUCCESS) 493 return TeecResult; 494 495 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 496 TEEC_NONE, 497 TEEC_NONE, 498 TEEC_NONE); 499 500 TeecResult = TEEC_InvokeCommand(&TeecSession, 501 STORAGE_CMD_UBOOT_END_OTP, 502 &TeecOperation, 503 &ErrorOrigin); 504 if (TeecResult != TEEC_SUCCESS) 505 goto exit; 506 exit: 507 TEEC_CloseSession(&TeecSession); 508 TEEC_FinalizeContext(&TeecContext); 509 510 return TeecResult; 511 } 512 513 static uint32_t trusty_base_efuse_or_otp_operation(uint32_t cmd, 514 uint8_t is_write, 515 uint32_t *buf, 516 uint32_t length) 517 { 518 TEEC_Result TeecResult; 519 TEEC_Context TeecContext; 520 TEEC_Session TeecSession; 521 uint32_t ErrorOrigin; 522 523 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 524 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 525 TEEC_UUID *TeecUuid = &tempuuid; 526 TEEC_Operation TeecOperation = {0}; 527 528 TeecResult = OpteeClientApiLibInitialize(); 529 if (TeecResult != TEEC_SUCCESS) 530 return TeecResult; 531 532 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 533 if (TeecResult != TEEC_SUCCESS) 534 return TeecResult; 535 536 TeecResult = TEEC_OpenSession(&TeecContext, 537 &TeecSession, 538 TeecUuid, 539 TEEC_LOGIN_PUBLIC, 540 NULL, 541 NULL, 542 &ErrorOrigin); 543 if (TeecResult != TEEC_SUCCESS) 544 return TeecResult; 545 546 TEEC_SharedMemory SharedMem0 = {0}; 547 548 SharedMem0.size = length * sizeof(uint32_t); 549 SharedMem0.flags = 0; 550 551 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 552 if (TeecResult != TEEC_SUCCESS) 553 goto exit; 554 555 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 556 TeecOperation.params[0].tmpref.size = SharedMem0.size; 557 558 if (is_write) { 559 memcpy(SharedMem0.buffer, buf, SharedMem0.size); 560 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 561 TEEC_NONE, 562 TEEC_NONE, 563 TEEC_NONE); 564 565 } else { 566 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, 567 TEEC_NONE, 568 TEEC_NONE, 569 TEEC_NONE); 570 } 571 572 TeecResult = TEEC_InvokeCommand(&TeecSession, 573 cmd, 574 &TeecOperation, 575 &ErrorOrigin); 576 if (TeecResult != TEEC_SUCCESS) 577 goto exit; 578 579 if (!is_write) 580 memcpy(buf, SharedMem0.buffer, SharedMem0.size); 581 582 exit: 583 TEEC_ReleaseSharedMemory(&SharedMem0); 584 TEEC_CloseSession(&TeecSession); 585 TEEC_FinalizeContext(&TeecContext); 586 587 return TeecResult; 588 } 589 590 uint32_t trusty_read_attribute_hash(uint32_t *buf, uint32_t length) 591 { 592 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_ATTRIBUTE_HASH, 593 false, buf, length); 594 } 595 596 uint32_t trusty_write_attribute_hash(uint32_t *buf, uint32_t length) 597 { 598 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_ATTRIBUTE_HASH, 599 true, buf, length); 600 } 601 602 uint32_t trusty_notify_optee_uboot_end(void) 603 { 604 TEEC_Result res; 605 606 res = trusty_base_end_security_data(); 607 res |= trusty_base_end_efuse_or_otp(); 608 return res; 609 } 610 611 uint32_t trusty_read_vbootkey_hash(uint32_t *buf, uint32_t length) 612 { 613 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_VBOOTKEY_HASH, 614 false, buf, length); 615 } 616 617 uint32_t trusty_write_vbootkey_hash(uint32_t *buf, uint32_t length) 618 { 619 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_VBOOTKEY_HASH, 620 true, buf, length); 621 } 622 623 uint32_t trusty_read_vbootkey_enable_flag(uint8_t *flag) 624 { 625 uint32_t bootflag; 626 TEEC_Result TeecResult; 627 628 *flag = 0; 629 630 TeecResult = trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_ENABLE_FLAG, 631 false, &bootflag, 1); 632 633 if (TeecResult == TEEC_SUCCESS) { 634 #if defined(CONFIG_ROCKCHIP_RK3288) 635 if (bootflag == 0x00000001) 636 *flag = 1; 637 #else 638 if (bootflag == 0x000000FF) 639 *flag = 1; 640 #endif 641 } 642 return TeecResult; 643 } 644 645 uint32_t trusty_write_ta_encryption_key(uint32_t *buf, uint32_t length) 646 { 647 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_TA_ENCRYPTION_KEY, 648 true, buf, length); 649 } 650 651 uint32_t trusty_ta_encryption_key_is_written(uint8_t *value) 652 { 653 TEEC_Result TeecResult; 654 TEEC_Context TeecContext; 655 TEEC_Session TeecSession; 656 uint32_t ErrorOrigin; 657 658 *value = 0; 659 660 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 661 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 662 TEEC_UUID *TeecUuid = &tempuuid; 663 TEEC_Operation TeecOperation = {0}; 664 665 TeecResult = OpteeClientApiLibInitialize(); 666 if (TeecResult != TEEC_SUCCESS) 667 return TeecResult; 668 669 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 670 if (TeecResult != TEEC_SUCCESS) 671 return TeecResult; 672 673 TeecResult = TEEC_OpenSession(&TeecContext, 674 &TeecSession, 675 TeecUuid, 676 TEEC_LOGIN_PUBLIC, 677 NULL, 678 NULL, 679 &ErrorOrigin); 680 if (TeecResult != TEEC_SUCCESS) 681 return TeecResult; 682 683 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_OUTPUT, 684 TEEC_NONE, 685 TEEC_NONE, 686 TEEC_NONE); 687 688 TeecResult = TEEC_InvokeCommand(&TeecSession, 689 STORAGE_CMD_TA_ENCRYPTION_KEY_IS_WRITTEN, 690 &TeecOperation, 691 &ErrorOrigin); 692 if (TeecResult == TEEC_SUCCESS) 693 *value = TeecOperation.params[0].value.a; 694 695 TEEC_CloseSession(&TeecSession); 696 TEEC_FinalizeContext(&TeecContext); 697 698 return TeecResult; 699 } 700 701 uint32_t trusty_check_security_level_flag(uint8_t flag) 702 { 703 uint32_t levelflag; 704 705 levelflag = flag; 706 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_CHECK_SECURITY_LEVEL_FLAG, 707 true, &levelflag, 1); 708 } 709 710 uint32_t trusty_write_oem_huk(uint32_t *buf, uint32_t length) 711 { 712 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_OEM_HUK, 713 true, buf, length); 714 } 715 716 static void trusty_select_security_level(void) 717 { 718 #if (CONFIG_OPTEE_SECURITY_LEVEL > 0) 719 TEEC_Result TeecResult; 720 721 TeecResult = trusty_check_security_level_flag(CONFIG_OPTEE_SECURITY_LEVEL); 722 if (TeecResult == TEE_ERROR_CANCEL) { 723 run_command("download", 0); 724 return; 725 } 726 727 if (TeecResult == TEEC_SUCCESS) 728 debug("optee select security level success!"); 729 else 730 panic("optee select security level fail!"); 731 732 return; 733 #endif 734 } 735 736 void optee_client_init(void) 737 { 738 trusty_select_security_level(); 739 trusty_notify_always_use_security(); 740 } 741 742 uint32_t trusty_write_oem_ns_otp(uint32_t byte_off, uint8_t *byte_buf, uint32_t byte_len) 743 { 744 TEEC_Result TeecResult; 745 TEEC_Context TeecContext; 746 TEEC_Session TeecSession; 747 uint32_t ErrorOrigin; 748 749 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 750 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 751 TEEC_UUID *TeecUuid = &tempuuid; 752 TEEC_Operation TeecOperation = {0}; 753 754 TeecResult = OpteeClientApiLibInitialize(); 755 if (TeecResult != TEEC_SUCCESS) 756 return TeecResult; 757 758 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 759 if (TeecResult != TEEC_SUCCESS) 760 return TeecResult; 761 762 TeecResult = TEEC_OpenSession(&TeecContext, 763 &TeecSession, 764 TeecUuid, 765 TEEC_LOGIN_PUBLIC, 766 NULL, 767 NULL, 768 &ErrorOrigin); 769 if (TeecResult != TEEC_SUCCESS) 770 return TeecResult; 771 772 TeecOperation.params[0].value.a = byte_off; 773 774 TEEC_SharedMemory SharedMem = {0}; 775 776 SharedMem.size = byte_len; 777 SharedMem.flags = 0; 778 779 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 780 if (TeecResult != TEEC_SUCCESS) 781 goto exit; 782 783 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 784 TeecOperation.params[1].tmpref.size = SharedMem.size; 785 786 memcpy(SharedMem.buffer, byte_buf, SharedMem.size); 787 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 788 TEEC_MEMREF_TEMP_INPUT, 789 TEEC_NONE, 790 TEEC_NONE); 791 792 TeecResult = TEEC_InvokeCommand(&TeecSession, 793 STORAGE_CMD_WRITE_OEM_NS_OTP, 794 &TeecOperation, 795 &ErrorOrigin); 796 if (TeecResult != TEEC_SUCCESS) 797 goto exit; 798 799 exit: 800 TEEC_ReleaseSharedMemory(&SharedMem); 801 TEEC_CloseSession(&TeecSession); 802 TEEC_FinalizeContext(&TeecContext); 803 804 return TeecResult; 805 } 806 807 uint32_t trusty_read_oem_ns_otp(uint32_t byte_off, uint8_t *byte_buf, uint32_t byte_len) 808 { 809 TEEC_Result TeecResult; 810 TEEC_Context TeecContext; 811 TEEC_Session TeecSession; 812 uint32_t ErrorOrigin; 813 814 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 815 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 816 TEEC_UUID *TeecUuid = &tempuuid; 817 TEEC_Operation TeecOperation = {0}; 818 819 TeecResult = OpteeClientApiLibInitialize(); 820 if (TeecResult != TEEC_SUCCESS) 821 return TeecResult; 822 823 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 824 if (TeecResult != TEEC_SUCCESS) 825 return TeecResult; 826 827 TeecResult = TEEC_OpenSession(&TeecContext, 828 &TeecSession, 829 TeecUuid, 830 TEEC_LOGIN_PUBLIC, 831 NULL, 832 NULL, 833 &ErrorOrigin); 834 if (TeecResult != TEEC_SUCCESS) 835 return TeecResult; 836 837 TeecOperation.params[0].value.a = byte_off; 838 839 TEEC_SharedMemory SharedMem = {0}; 840 841 SharedMem.size = byte_len; 842 SharedMem.flags = 0; 843 844 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 845 if (TeecResult != TEEC_SUCCESS) 846 goto exit; 847 848 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 849 TeecOperation.params[1].tmpref.size = SharedMem.size; 850 851 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 852 TEEC_MEMREF_TEMP_OUTPUT, 853 TEEC_NONE, 854 TEEC_NONE); 855 856 TeecResult = TEEC_InvokeCommand(&TeecSession, 857 STORAGE_CMD_READ_OEM_NS_OTP, 858 &TeecOperation, 859 &ErrorOrigin); 860 if (TeecResult != TEEC_SUCCESS) 861 goto exit; 862 863 memcpy(byte_buf, SharedMem.buffer, SharedMem.size); 864 865 exit: 866 TEEC_ReleaseSharedMemory(&SharedMem); 867 TEEC_CloseSession(&TeecSession); 868 TEEC_FinalizeContext(&TeecContext); 869 870 return TeecResult; 871 } 872 873 uint32_t trusty_write_oem_otp_key(enum RK_OEM_OTP_KEYID key_id, 874 uint8_t *byte_buf, uint32_t byte_len) 875 { 876 TEEC_Result TeecResult; 877 TEEC_Context TeecContext; 878 TEEC_Session TeecSession; 879 uint32_t ErrorOrigin; 880 881 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 882 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 883 TEEC_UUID *TeecUuid = &tempuuid; 884 TEEC_Operation TeecOperation = {0}; 885 886 TeecResult = OpteeClientApiLibInitialize(); 887 if (TeecResult != TEEC_SUCCESS) 888 return TeecResult; 889 890 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 891 if (TeecResult != TEEC_SUCCESS) 892 return TeecResult; 893 894 TeecResult = TEEC_OpenSession(&TeecContext, 895 &TeecSession, 896 TeecUuid, 897 TEEC_LOGIN_PUBLIC, 898 NULL, 899 NULL, 900 &ErrorOrigin); 901 if (TeecResult != TEEC_SUCCESS) 902 return TeecResult; 903 904 TeecOperation.params[0].value.a = key_id; 905 906 TEEC_SharedMemory SharedMem = {0}; 907 908 SharedMem.size = byte_len; 909 SharedMem.flags = 0; 910 911 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 912 if (TeecResult != TEEC_SUCCESS) 913 goto exit; 914 915 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 916 TeecOperation.params[1].tmpref.size = SharedMem.size; 917 918 memcpy(SharedMem.buffer, byte_buf, SharedMem.size); 919 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 920 TEEC_MEMREF_TEMP_INPUT, 921 TEEC_NONE, 922 TEEC_NONE); 923 924 TeecResult = TEEC_InvokeCommand(&TeecSession, 925 STORAGE_CMD_WRITE_OEM_OTP_KEY, 926 &TeecOperation, 927 &ErrorOrigin); 928 if (TeecResult != TEEC_SUCCESS) 929 goto exit; 930 931 exit: 932 TEEC_ReleaseSharedMemory(&SharedMem); 933 TEEC_CloseSession(&TeecSession); 934 TEEC_FinalizeContext(&TeecContext); 935 936 return TeecResult; 937 } 938 939 uint32_t trusty_oem_otp_key_is_written(enum RK_OEM_OTP_KEYID key_id, uint8_t *value) 940 { 941 TEEC_Result TeecResult; 942 TEEC_Context TeecContext; 943 TEEC_Session TeecSession; 944 uint32_t ErrorOrigin; 945 946 *value = 0xFF; 947 948 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 949 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 950 TEEC_UUID *TeecUuid = &tempuuid; 951 TEEC_Operation TeecOperation = {0}; 952 953 TeecResult = OpteeClientApiLibInitialize(); 954 if (TeecResult != TEEC_SUCCESS) 955 return TeecResult; 956 957 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 958 if (TeecResult != TEEC_SUCCESS) 959 return TeecResult; 960 961 TeecResult = TEEC_OpenSession(&TeecContext, 962 &TeecSession, 963 TeecUuid, 964 TEEC_LOGIN_PUBLIC, 965 NULL, 966 NULL, 967 &ErrorOrigin); 968 if (TeecResult != TEEC_SUCCESS) 969 return TeecResult; 970 971 TeecOperation.params[0].value.a = key_id; 972 973 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, 974 TEEC_NONE, 975 TEEC_NONE, 976 TEEC_NONE); 977 978 TeecResult = TEEC_InvokeCommand(&TeecSession, 979 STORAGE_CMD_OEM_OTP_KEY_IS_WRITTEN, 980 &TeecOperation, 981 &ErrorOrigin); 982 if (TeecResult == TEEC_SUCCESS) 983 *value = TeecOperation.params[0].value.b; 984 985 TEEC_CloseSession(&TeecSession); 986 TEEC_FinalizeContext(&TeecContext); 987 988 return TeecResult; 989 } 990 991 uint32_t trusty_set_oem_hr_otp_read_lock(enum RK_OEM_OTP_KEYID key_id) 992 { 993 TEEC_Result TeecResult; 994 TEEC_Context TeecContext; 995 TEEC_Session TeecSession; 996 uint32_t ErrorOrigin; 997 998 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 999 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 1000 TEEC_UUID *TeecUuid = &tempuuid; 1001 TEEC_Operation TeecOperation = {0}; 1002 1003 TeecResult = OpteeClientApiLibInitialize(); 1004 if (TeecResult != TEEC_SUCCESS) 1005 return TeecResult; 1006 1007 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1008 if (TeecResult != TEEC_SUCCESS) 1009 return TeecResult; 1010 1011 TeecResult = TEEC_OpenSession(&TeecContext, 1012 &TeecSession, 1013 TeecUuid, 1014 TEEC_LOGIN_PUBLIC, 1015 NULL, 1016 NULL, 1017 &ErrorOrigin); 1018 if (TeecResult != TEEC_SUCCESS) 1019 return TeecResult; 1020 1021 TeecOperation.params[0].value.a = key_id; 1022 1023 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1024 TEEC_NONE, 1025 TEEC_NONE, 1026 TEEC_NONE); 1027 1028 TeecResult = TEEC_InvokeCommand(&TeecSession, 1029 STORAGE_CMD_SET_OEM_HR_OTP_READ_LOCK, 1030 &TeecOperation, 1031 &ErrorOrigin); 1032 if (TeecResult != TEEC_SUCCESS) 1033 goto exit; 1034 1035 exit: 1036 TEEC_CloseSession(&TeecSession); 1037 TEEC_FinalizeContext(&TeecContext); 1038 1039 return TeecResult; 1040 } 1041 1042 uint32_t trusty_oem_otp_key_cipher(enum RK_OEM_OTP_KEYID key_id, rk_cipher_config *config, 1043 uint32_t src_phys_addr, uint32_t dst_phys_addr, 1044 uint32_t len) 1045 { 1046 TEEC_Result TeecResult; 1047 TEEC_Context TeecContext; 1048 TEEC_Session TeecSession; 1049 TEEC_Operation TeecOperation = {0}; 1050 uint32_t ErrorOrigin; 1051 TEEC_UUID uuid = RK_CRYPTO_SERVICE_UUID; 1052 TEEC_SharedMemory SharedMem_config = {0}; 1053 1054 if (key_id != RK_OEM_OTP_KEY0 && 1055 key_id != RK_OEM_OTP_KEY1 && 1056 key_id != RK_OEM_OTP_KEY2 && 1057 key_id != RK_OEM_OTP_KEY3 && 1058 key_id != RK_OEM_OTP_KEY_FW) 1059 return TEEC_ERROR_BAD_PARAMETERS; 1060 1061 if (!config) 1062 return TEEC_ERROR_BAD_PARAMETERS; 1063 1064 if (config->algo != RK_ALGO_AES && config->algo != RK_ALGO_SM4) 1065 return TEEC_ERROR_BAD_PARAMETERS; 1066 1067 if (config->mode >= RK_CIPHER_MODE_XTS) 1068 return TEEC_ERROR_BAD_PARAMETERS; 1069 1070 if (config->operation != RK_MODE_ENCRYPT && 1071 config->operation != RK_MODE_DECRYPT) 1072 return TEEC_ERROR_BAD_PARAMETERS; 1073 1074 if (config->key_len != 16 && 1075 config->key_len != 24 && 1076 config->key_len != 32) 1077 return TEEC_ERROR_BAD_PARAMETERS; 1078 1079 if (key_id == RK_OEM_OTP_KEY_FW && config->key_len != 16) 1080 return TEEC_ERROR_BAD_PARAMETERS; 1081 1082 #if defined(CONFIG_ROCKCHIP_RV1126) 1083 if (config->key_len == 24) 1084 return TEEC_ERROR_BAD_PARAMETERS; 1085 #endif 1086 1087 if (len % AES_BLOCK_SIZE || 1088 len == 0) 1089 return TEEC_ERROR_BAD_PARAMETERS; 1090 1091 if (!src_phys_addr || !dst_phys_addr) 1092 return TEEC_ERROR_BAD_PARAMETERS; 1093 1094 TeecResult = OpteeClientApiLibInitialize(); 1095 if (TeecResult != TEEC_SUCCESS) 1096 return TeecResult; 1097 1098 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1099 if (TeecResult != TEEC_SUCCESS) 1100 return TeecResult; 1101 1102 TeecResult = TEEC_OpenSession(&TeecContext, 1103 &TeecSession, 1104 &uuid, 1105 TEEC_LOGIN_PUBLIC, 1106 NULL, 1107 NULL, 1108 &ErrorOrigin); 1109 if (TeecResult != TEEC_SUCCESS) 1110 goto exit; 1111 1112 SharedMem_config.size = sizeof(rk_cipher_config); 1113 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem_config); 1114 if (TeecResult != TEEC_SUCCESS) 1115 goto exit; 1116 1117 memcpy(SharedMem_config.buffer, config, sizeof(rk_cipher_config)); 1118 TeecOperation.params[0].value.a = key_id; 1119 TeecOperation.params[1].tmpref.buffer = SharedMem_config.buffer; 1120 TeecOperation.params[1].tmpref.size = SharedMem_config.size; 1121 TeecOperation.params[2].value.a = src_phys_addr; 1122 TeecOperation.params[2].value.b = len; 1123 TeecOperation.params[3].value.a = dst_phys_addr; 1124 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1125 TEEC_MEMREF_TEMP_INPUT, 1126 TEEC_VALUE_INPUT, 1127 TEEC_VALUE_INPUT); 1128 1129 crypto_flush_cacheline(src_phys_addr, len); 1130 crypto_flush_cacheline(dst_phys_addr, len); 1131 1132 TeecResult = TEEC_InvokeCommand(&TeecSession, 1133 CRYPTO_SERVICE_CMD_OEM_OTP_KEY_PHYS_CIPHER, 1134 &TeecOperation, 1135 &ErrorOrigin); 1136 1137 crypto_invalidate_cacheline(dst_phys_addr, len); 1138 1139 exit: 1140 TEEC_ReleaseSharedMemory(&SharedMem_config); 1141 TEEC_CloseSession(&TeecSession); 1142 TEEC_FinalizeContext(&TeecContext); 1143 return TeecResult; 1144 } 1145 1146 uint32_t trusty_oem_user_ta_transfer(void) 1147 { 1148 TEEC_Result TeecResult; 1149 TEEC_Context TeecContext; 1150 TEEC_Session TeecSession; 1151 uint32_t ErrorOrigin; 1152 TEEC_UUID tempuuid = { 0x1db57234, 0xdacd, 0x462d, 1153 { 0x9b, 0xb1, 0xae, 0x79, 0xde, 0x44, 0xe2, 0xa5} }; 1154 TEEC_UUID *TeecUuid = &tempuuid; 1155 TEEC_Operation TeecOperation = {0}; 1156 const uint8_t transfer_inout[] = "Transfer data test."; 1157 1158 TeecResult = OpteeClientApiLibInitialize(); 1159 if (TeecResult != TEEC_SUCCESS) 1160 return TeecResult; 1161 1162 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1163 if (TeecResult != TEEC_SUCCESS) 1164 return TeecResult; 1165 1166 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 1167 TEEC_NONE, 1168 TEEC_NONE, 1169 TEEC_NONE); 1170 1171 TeecResult = TEEC_OpenSession(&TeecContext, 1172 &TeecSession, 1173 TeecUuid, 1174 TEEC_LOGIN_PUBLIC, 1175 NULL, 1176 &TeecOperation, 1177 &ErrorOrigin); 1178 if (TeecResult != TEEC_SUCCESS) 1179 return TeecResult; 1180 1181 TEEC_SharedMemory SharedMem0 = {0}; 1182 1183 SharedMem0.size = sizeof(transfer_inout); 1184 SharedMem0.flags = 0; 1185 1186 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1187 if (TeecResult != TEEC_SUCCESS) 1188 goto exit; 1189 1190 memcpy(SharedMem0.buffer, transfer_inout, SharedMem0.size); 1191 1192 TEEC_SharedMemory SharedMem1 = {0}; 1193 1194 SharedMem1.size = sizeof(transfer_inout); 1195 SharedMem1.flags = 0; 1196 1197 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 1198 if (TeecResult != TEEC_SUCCESS) 1199 goto exit; 1200 1201 TeecOperation.params[0].value.a = 66; 1202 TeecOperation.params[1].tmpref.buffer = SharedMem0.buffer; 1203 TeecOperation.params[1].tmpref.size = SharedMem0.size; 1204 TeecOperation.params[2].tmpref.buffer = SharedMem1.buffer; 1205 TeecOperation.params[2].tmpref.size = SharedMem1.size; 1206 1207 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, 1208 TEEC_MEMREF_TEMP_INPUT, 1209 TEEC_MEMREF_TEMP_OUTPUT, 1210 TEEC_NONE); 1211 1212 TeecResult = TEEC_InvokeCommand(&TeecSession, 1213 102, 1214 &TeecOperation, 1215 &ErrorOrigin); 1216 if (TeecResult != TEEC_SUCCESS) 1217 goto exit; 1218 1219 //Check the result 1220 if (TeecOperation.params[0].value.a == 66 + 1 && 1221 TeecOperation.params[0].value.b == TeecOperation.params[0].value.a) 1222 printf("test value : Pass!\n"); 1223 else 1224 printf("test value : Fail! (mismatch values)\n"); 1225 1226 if (memcmp(SharedMem1.buffer, transfer_inout, sizeof(transfer_inout)) == 0) 1227 printf("test buffer : Pass!\n"); 1228 else 1229 printf("test buffer : Fail! (mismatch buffer)\n"); 1230 1231 exit: 1232 TEEC_ReleaseSharedMemory(&SharedMem0); 1233 TEEC_ReleaseSharedMemory(&SharedMem1); 1234 TEEC_CloseSession(&TeecSession); 1235 TEEC_FinalizeContext(&TeecContext); 1236 1237 return TeecResult; 1238 } 1239 1240 uint32_t trusty_oem_user_ta_storage(void) 1241 { 1242 TEEC_Result TeecResult; 1243 TEEC_Context TeecContext; 1244 TEEC_Session TeecSession; 1245 uint32_t ErrorOrigin; 1246 TEEC_UUID tempuuid = { 0x1db57234, 0xdacd, 0x462d, 1247 { 0x9b, 0xb1, 0xae, 0x79, 0xde, 0x44, 0xe2, 0xa5} }; 1248 TEEC_UUID *TeecUuid = &tempuuid; 1249 TEEC_Operation TeecOperation = {0}; 1250 1251 TeecResult = OpteeClientApiLibInitialize(); 1252 if (TeecResult != TEEC_SUCCESS) 1253 return TeecResult; 1254 1255 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1256 if (TeecResult != TEEC_SUCCESS) 1257 return TeecResult; 1258 1259 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 1260 TEEC_NONE, 1261 TEEC_NONE, 1262 TEEC_NONE); 1263 1264 TeecResult = TEEC_OpenSession(&TeecContext, 1265 &TeecSession, 1266 TeecUuid, 1267 TEEC_LOGIN_PUBLIC, 1268 NULL, 1269 &TeecOperation, 1270 &ErrorOrigin); 1271 if (TeecResult != TEEC_SUCCESS) 1272 return TeecResult; 1273 1274 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 1275 TEEC_NONE, 1276 TEEC_NONE, 1277 TEEC_NONE); 1278 1279 TeecResult = TEEC_InvokeCommand(&TeecSession, 1280 103, 1281 &TeecOperation, 1282 &ErrorOrigin); 1283 if (TeecResult != TEEC_SUCCESS) 1284 goto exit; 1285 1286 exit: 1287 TEEC_CloseSession(&TeecSession); 1288 TEEC_FinalizeContext(&TeecContext); 1289 1290 return TeecResult; 1291 } 1292 1293 uint32_t trusty_attest_dh(uint8_t *dh, uint32_t *dh_size) 1294 { 1295 TEEC_Result TeecResult; 1296 TEEC_Context TeecContext; 1297 TEEC_Session TeecSession; 1298 uint32_t ErrorOrigin; 1299 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1300 { 0xa8, 0x69, 0x9c, 0xe6, 1301 0x88, 0x6c, 0x5d, 0x5d 1302 } 1303 }; 1304 TEEC_UUID *TeecUuid = &tempuuid; 1305 TEEC_Operation TeecOperation = {0}; 1306 struct blk_desc *dev_desc; 1307 dev_desc = rockchip_get_bootdev(); 1308 if (!dev_desc) { 1309 printf("%s: dev_desc is NULL!\n", __func__); 1310 return -TEEC_ERROR_GENERIC; 1311 } 1312 1313 TeecResult = OpteeClientApiLibInitialize(); 1314 if (TeecResult != TEEC_SUCCESS) 1315 return TeecResult; 1316 1317 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1318 if (TeecResult != TEEC_SUCCESS) 1319 return TeecResult; 1320 1321 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1322 TEEC_NONE, 1323 TEEC_NONE, 1324 TEEC_NONE); 1325 /*0 nand or emmc "security" partition , 1 rpmb*/ 1326 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1327 TeecOperation.params[0].value.a = 1; 1328 else 1329 TeecOperation.params[0].value.a = 0; 1330 1331 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1332 TeecOperation.params[0].value.a = 0; 1333 #endif 1334 1335 TeecResult = TEEC_OpenSession(&TeecContext, 1336 &TeecSession, 1337 TeecUuid, 1338 TEEC_LOGIN_PUBLIC, 1339 NULL, 1340 &TeecOperation, 1341 &ErrorOrigin); 1342 if (TeecResult != TEEC_SUCCESS) 1343 return TeecResult; 1344 1345 TEEC_SharedMemory SharedMem0 = {0}; 1346 1347 SharedMem0.size = *dh_size; 1348 SharedMem0.flags = 0; 1349 1350 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1351 if (TeecResult != TEEC_SUCCESS) 1352 goto exit; 1353 1354 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1355 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1356 1357 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1358 TEEC_NONE, 1359 TEEC_NONE, 1360 TEEC_NONE); 1361 1362 TeecResult = TEEC_InvokeCommand(&TeecSession, 1363 143, 1364 &TeecOperation, 1365 &ErrorOrigin); 1366 if (TeecResult != TEEC_SUCCESS) 1367 goto exit; 1368 1369 *dh_size = TeecOperation.params[0].tmpref.size; 1370 memcpy(dh, SharedMem0.buffer, SharedMem0.size); 1371 exit: 1372 TEEC_ReleaseSharedMemory(&SharedMem0); 1373 TEEC_CloseSession(&TeecSession); 1374 TEEC_FinalizeContext(&TeecContext); 1375 1376 return TeecResult; 1377 } 1378 1379 uint32_t trusty_attest_uuid(uint8_t *uuid, uint32_t *uuid_size) 1380 { 1381 TEEC_Result TeecResult; 1382 TEEC_Context TeecContext; 1383 TEEC_Session TeecSession; 1384 uint32_t ErrorOrigin; 1385 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1386 { 0xa8, 0x69, 0x9c, 0xe6, 1387 0x88, 0x6c, 0x5d, 0x5d 1388 } 1389 }; 1390 TEEC_UUID *TeecUuid = &tempuuid; 1391 TEEC_Operation TeecOperation = {0}; 1392 struct blk_desc *dev_desc; 1393 dev_desc = rockchip_get_bootdev(); 1394 if (!dev_desc) { 1395 printf("%s: dev_desc is NULL!\n", __func__); 1396 return -TEEC_ERROR_GENERIC; 1397 } 1398 1399 TeecResult = OpteeClientApiLibInitialize(); 1400 if (TeecResult != TEEC_SUCCESS) 1401 return TeecResult; 1402 1403 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1404 if (TeecResult != TEEC_SUCCESS) 1405 return TeecResult; 1406 1407 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1408 TEEC_NONE, 1409 TEEC_NONE, 1410 TEEC_NONE); 1411 /*0 nand or emmc "security" partition , 1 rpmb*/ 1412 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1413 TeecOperation.params[0].value.a = 1; 1414 else 1415 TeecOperation.params[0].value.a = 0; 1416 1417 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1418 TeecOperation.params[0].value.a = 0; 1419 #endif 1420 1421 TeecResult = TEEC_OpenSession(&TeecContext, 1422 &TeecSession, 1423 TeecUuid, 1424 TEEC_LOGIN_PUBLIC, 1425 NULL, 1426 &TeecOperation, 1427 &ErrorOrigin); 1428 if (TeecResult != TEEC_SUCCESS) 1429 return TeecResult; 1430 1431 TEEC_SharedMemory SharedMem0 = {0}; 1432 1433 SharedMem0.size = *uuid_size; 1434 SharedMem0.flags = 0; 1435 1436 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1437 if (TeecResult != TEEC_SUCCESS) 1438 goto exit; 1439 1440 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1441 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1442 1443 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1444 TEEC_NONE, 1445 TEEC_NONE, 1446 TEEC_NONE); 1447 1448 TeecResult = TEEC_InvokeCommand(&TeecSession, 1449 144, 1450 &TeecOperation, 1451 &ErrorOrigin); 1452 if (TeecResult != TEEC_SUCCESS) 1453 goto exit; 1454 1455 *uuid_size = TeecOperation.params[0].tmpref.size; 1456 memcpy(uuid, SharedMem0.buffer, SharedMem0.size); 1457 exit: 1458 TEEC_ReleaseSharedMemory(&SharedMem0); 1459 TEEC_CloseSession(&TeecSession); 1460 TEEC_FinalizeContext(&TeecContext); 1461 1462 return TeecResult; 1463 } 1464 1465 uint32_t trusty_attest_get_ca(uint8_t *operation_start, 1466 uint32_t *operation_size, 1467 uint8_t *out, 1468 uint32_t *out_len) 1469 { 1470 TEEC_Result TeecResult; 1471 TEEC_Context TeecContext; 1472 TEEC_Session TeecSession; 1473 uint32_t ErrorOrigin; 1474 1475 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1476 { 0xa8, 0x69, 0x9c, 0xe6, 1477 0x88, 0x6c, 0x5d, 0x5d 1478 } 1479 }; 1480 1481 TEEC_UUID *TeecUuid = &tempuuid; 1482 TEEC_Operation TeecOperation = {0}; 1483 struct blk_desc *dev_desc; 1484 dev_desc = rockchip_get_bootdev(); 1485 if (!dev_desc) { 1486 printf("%s: dev_desc is NULL!\n", __func__); 1487 return -TEEC_ERROR_GENERIC; 1488 } 1489 1490 TeecResult = OpteeClientApiLibInitialize(); 1491 if (TeecResult != TEEC_SUCCESS) 1492 return TeecResult; 1493 1494 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1495 if (TeecResult != TEEC_SUCCESS) 1496 return TeecResult; 1497 1498 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1499 TEEC_NONE, 1500 TEEC_NONE, 1501 TEEC_NONE); 1502 /*0 nand or emmc "security" partition , 1 rpmb*/ 1503 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1504 TeecOperation.params[0].value.a = 1; 1505 else 1506 TeecOperation.params[0].value.a = 0; 1507 1508 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1509 TeecOperation.params[0].value.a = 0; 1510 #endif 1511 1512 TeecResult = TEEC_OpenSession(&TeecContext, 1513 &TeecSession, 1514 TeecUuid, 1515 TEEC_LOGIN_PUBLIC, 1516 NULL, 1517 &TeecOperation, 1518 &ErrorOrigin); 1519 if (TeecResult != TEEC_SUCCESS) 1520 return TeecResult; 1521 1522 TEEC_SharedMemory SharedMem0 = {0}; 1523 1524 SharedMem0.size = *operation_size; 1525 SharedMem0.flags = 0; 1526 1527 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1528 if (TeecResult != TEEC_SUCCESS) 1529 goto exit; 1530 1531 memcpy(SharedMem0.buffer, operation_start, SharedMem0.size); 1532 1533 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1534 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1535 1536 TEEC_SharedMemory SharedMem1 = {0}; 1537 1538 SharedMem1.size = *out_len; 1539 SharedMem1.flags = 0; 1540 1541 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 1542 if (TeecResult != TEEC_SUCCESS) 1543 goto exit; 1544 1545 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 1546 TeecOperation.params[1].tmpref.size = SharedMem1.size; 1547 1548 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1549 TEEC_MEMREF_TEMP_INOUT, 1550 TEEC_NONE, 1551 TEEC_NONE); 1552 1553 TeecResult = TEEC_InvokeCommand(&TeecSession, 1554 145, 1555 &TeecOperation, 1556 &ErrorOrigin); 1557 if (TeecResult != TEEC_SUCCESS) 1558 goto exit; 1559 1560 *out_len = TeecOperation.params[1].tmpref.size; 1561 memcpy(out, SharedMem1.buffer, SharedMem1.size); 1562 exit: 1563 TEEC_ReleaseSharedMemory(&SharedMem0); 1564 TEEC_ReleaseSharedMemory(&SharedMem1); 1565 TEEC_CloseSession(&TeecSession); 1566 TEEC_FinalizeContext(&TeecContext); 1567 1568 return TeecResult; 1569 } 1570 1571 uint32_t trusty_attest_set_ca(uint8_t *ca_response, uint32_t *ca_response_size) 1572 { 1573 TEEC_Result TeecResult; 1574 TEEC_Context TeecContext; 1575 TEEC_Session TeecSession; 1576 uint32_t ErrorOrigin; 1577 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1578 { 0xa8, 0x69, 0x9c, 0xe6, 1579 0x88, 0x6c, 0x5d, 0x5d 1580 } 1581 }; 1582 TEEC_UUID *TeecUuid = &tempuuid; 1583 TEEC_Operation TeecOperation = {0}; 1584 struct blk_desc *dev_desc; 1585 dev_desc = rockchip_get_bootdev(); 1586 if (!dev_desc) { 1587 printf("%s: dev_desc is NULL!\n", __func__); 1588 return -TEEC_ERROR_GENERIC; 1589 } 1590 TeecResult = OpteeClientApiLibInitialize(); 1591 if (TeecResult != TEEC_SUCCESS) 1592 return TeecResult; 1593 1594 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1595 if (TeecResult != TEEC_SUCCESS) 1596 return TeecResult; 1597 1598 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1599 TEEC_NONE, 1600 TEEC_NONE, 1601 TEEC_NONE); 1602 /*0 nand or emmc "security" partition , 1 rpmb*/ 1603 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1604 TeecOperation.params[0].value.a = 1; 1605 else 1606 TeecOperation.params[0].value.a = 0; 1607 1608 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1609 TeecOperation.params[0].value.a = 0; 1610 #endif 1611 1612 TeecResult = TEEC_OpenSession(&TeecContext, 1613 &TeecSession, 1614 TeecUuid, 1615 TEEC_LOGIN_PUBLIC, 1616 NULL, 1617 &TeecOperation, 1618 &ErrorOrigin); 1619 if (TeecResult != TEEC_SUCCESS) 1620 return TeecResult; 1621 1622 TEEC_SharedMemory SharedMem0 = {0}; 1623 1624 SharedMem0.size = *ca_response_size; 1625 SharedMem0.flags = 0; 1626 1627 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1628 if (TeecResult != TEEC_SUCCESS) 1629 goto exit; 1630 1631 memcpy(SharedMem0.buffer, ca_response, SharedMem0.size); 1632 1633 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1634 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1635 1636 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1637 TEEC_NONE, 1638 TEEC_NONE, 1639 TEEC_NONE); 1640 1641 TeecResult = TEEC_InvokeCommand(&TeecSession, 1642 146, 1643 &TeecOperation, 1644 &ErrorOrigin); 1645 if (TeecResult != TEEC_SUCCESS) 1646 goto exit; 1647 exit: 1648 TEEC_ReleaseSharedMemory(&SharedMem0); 1649 TEEC_CloseSession(&TeecSession); 1650 TEEC_FinalizeContext(&TeecContext); 1651 1652 return TeecResult; 1653 } 1654