1 /* 2 * Copyright 2017, Rockchip Electronics Co., Ltd 3 * hisping lin, <hisping.lin@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <common.h> 9 #include <optee_include/OpteeClientInterface.h> 10 #include <optee_include/OpteeClientApiLib.h> 11 #include <optee_include/tee_client_api.h> 12 #include <optee_include/tee_api_defines.h> 13 #include <boot_rkimg.h> 14 #include <stdlib.h> 15 #include <attestation_key.h> 16 17 #define BOOT_FROM_EMMC (1 << 1) 18 #define STORAGE_CMD_READ_ATTRIBUTE_HASH 0 19 #define STORAGE_CMD_WRITE_ATTRIBUTE_HASH 1 20 #define STORAGE_CMD_UBOOT_END_OTP 2 21 #define STORAGE_CMD_READ_VBOOTKEY_HASH 3 22 #define STORAGE_CMD_WRITE_VBOOTKEY_HASH 4 23 #define STORAGE_CMD_READ_ENABLE_FLAG 5 24 #define STORAGE_CMD_WRITE_TA_ENCRYPTION_KEY 9 25 #define STORAGE_CMD_CHECK_SECURITY_LEVEL_FLAG 10 26 #define STORAGE_CMD_WRITE_OEM_HUK 11 27 #define STORAGE_CMD_WRITE_OEM_NS_OTP 12 28 #define STORAGE_CMD_READ_OEM_NS_OTP 13 29 #define STORAGE_CMD_WRITE_OEM_OTP_KEY 14 30 #define STORAGE_CMD_SET_OEM_HR_OTP_READ_LOCK 15 31 #define STORAGE_CMD_OEM_OTP_KEY_IS_WRITTEN 16 32 33 #define CRYPTO_SERVICE_CMD_OEM_OTP_KEY_PHYS_CIPHER 0x00000002 34 35 #define RK_CRYPTO_SERVICE_UUID { 0x0cacdb5d, 0x4fea, 0x466c, \ 36 { 0x97, 0x16, 0x3d, 0x54, 0x16, 0x52, 0x83, 0x0f } } 37 38 static uint8_t b2hs_add_base(uint8_t in) 39 { 40 if (in > 9) 41 return in + 55; 42 else 43 return in + 48; 44 } 45 46 static uint32_t b2hs(uint8_t *b, uint8_t *hs, uint32_t blen, uint32_t hslen) 47 { 48 uint32_t i = 0; 49 50 if (blen * 2 + 1 > hslen) 51 return 0; 52 53 for (; i < blen; i++) { 54 hs[i * 2 + 1] = b2hs_add_base(b[i] & 0xf); 55 hs[i * 2] = b2hs_add_base(b[i] >> 4); 56 } 57 hs[blen * 2] = 0; 58 59 return blen * 2; 60 } 61 62 static void crypto_flush_cacheline(uint32_t addr, uint32_t size) 63 { 64 ulong alignment = CONFIG_SYS_CACHELINE_SIZE; 65 ulong aligned_input, aligned_len; 66 67 if (!addr || !size) 68 return; 69 70 /* Must flush dcache before crypto DMA fetch data region */ 71 aligned_input = round_down(addr, alignment); 72 aligned_len = round_up(size + (addr - aligned_input), alignment); 73 flush_cache(aligned_input, aligned_len); 74 } 75 76 static void crypto_invalidate_cacheline(uint32_t addr, uint32_t size) 77 { 78 ulong alignment = CONFIG_SYS_CACHELINE_SIZE; 79 ulong aligned_input, aligned_len; 80 81 if (!addr || !size) 82 return; 83 84 /* Must invalidate dcache after crypto DMA write data region */ 85 aligned_input = round_down(addr, alignment); 86 aligned_len = round_up(size + (addr - aligned_input), alignment); 87 invalidate_dcache_range(aligned_input, aligned_input + aligned_len); 88 } 89 90 static uint32_t trusty_base_write_security_data(char *filename, 91 uint32_t filename_size, 92 uint8_t *data, 93 uint32_t data_size) 94 { 95 TEEC_Result TeecResult; 96 TEEC_Context TeecContext; 97 TEEC_Session TeecSession; 98 uint32_t ErrorOrigin; 99 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 100 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 101 TEEC_UUID *TeecUuid = &tempuuid; 102 TEEC_Operation TeecOperation = {0}; 103 struct blk_desc *dev_desc; 104 dev_desc = rockchip_get_bootdev(); 105 if (!dev_desc) { 106 printf("%s: dev_desc is NULL!\n", __func__); 107 return -TEEC_ERROR_GENERIC; 108 } 109 110 TeecResult = OpteeClientApiLibInitialize(); 111 if (TeecResult != TEEC_SUCCESS) 112 return TeecResult; 113 114 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 115 if (TeecResult != TEEC_SUCCESS) 116 return TeecResult; 117 118 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 119 TEEC_NONE, 120 TEEC_NONE, 121 TEEC_NONE); 122 /*0 nand or emmc "security" partition , 1 rpmb*/ 123 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 124 TeecOperation.params[0].value.a = 1; 125 else 126 TeecOperation.params[0].value.a = 0; 127 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 128 TeecOperation.params[0].value.a = 0; 129 #endif 130 131 TeecResult = TEEC_OpenSession(&TeecContext, 132 &TeecSession, 133 TeecUuid, 134 TEEC_LOGIN_PUBLIC, 135 NULL, 136 &TeecOperation, 137 &ErrorOrigin); 138 if (TeecResult != TEEC_SUCCESS) 139 return TeecResult; 140 141 TEEC_SharedMemory SharedMem0 = {0}; 142 143 SharedMem0.size = filename_size; 144 SharedMem0.flags = 0; 145 146 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 147 if (TeecResult != TEEC_SUCCESS) 148 goto exit; 149 150 memcpy(SharedMem0.buffer, filename, SharedMem0.size); 151 152 TEEC_SharedMemory SharedMem1 = {0}; 153 154 SharedMem1.size = data_size; 155 SharedMem1.flags = 0; 156 157 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 158 if (TeecResult != TEEC_SUCCESS) 159 goto exit; 160 161 memcpy(SharedMem1.buffer, data, SharedMem1.size); 162 163 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 164 TeecOperation.params[0].tmpref.size = SharedMem0.size; 165 166 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 167 TeecOperation.params[1].tmpref.size = SharedMem1.size; 168 169 170 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 171 TEEC_MEMREF_TEMP_INOUT, 172 TEEC_NONE, 173 TEEC_NONE); 174 175 TeecResult = TEEC_InvokeCommand(&TeecSession, 176 1, 177 &TeecOperation, 178 &ErrorOrigin); 179 if (TeecResult != TEEC_SUCCESS) 180 goto exit; 181 exit: 182 TEEC_ReleaseSharedMemory(&SharedMem0); 183 TEEC_ReleaseSharedMemory(&SharedMem1); 184 TEEC_CloseSession(&TeecSession); 185 TEEC_FinalizeContext(&TeecContext); 186 187 return TeecResult; 188 } 189 190 static uint32_t trusty_base_read_security_data(char *filename, 191 uint32_t filename_size, 192 uint8_t *data, 193 uint32_t data_size) 194 { 195 TEEC_Result TeecResult; 196 TEEC_Context TeecContext; 197 TEEC_Session TeecSession; 198 uint32_t ErrorOrigin; 199 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 200 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 201 TEEC_UUID *TeecUuid = &tempuuid; 202 TEEC_Operation TeecOperation = {0}; 203 204 struct blk_desc *dev_desc; 205 dev_desc = rockchip_get_bootdev(); 206 if (!dev_desc) { 207 printf("%s: dev_desc is NULL!\n", __func__); 208 return -TEEC_ERROR_GENERIC; 209 } 210 211 TeecResult = OpteeClientApiLibInitialize(); 212 if (TeecResult != TEEC_SUCCESS) 213 return TeecResult; 214 215 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 216 if (TeecResult != TEEC_SUCCESS) 217 return TeecResult; 218 219 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 220 TEEC_NONE, 221 TEEC_NONE, 222 TEEC_NONE); 223 /*0 nand or emmc "security" partition , 1 rpmb*/ 224 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 225 TeecOperation.params[0].value.a = 1; 226 else 227 TeecOperation.params[0].value.a = 0; 228 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 229 TeecOperation.params[0].value.a = 0; 230 #endif 231 232 TeecResult = TEEC_OpenSession(&TeecContext, 233 &TeecSession, 234 TeecUuid, 235 TEEC_LOGIN_PUBLIC, 236 NULL, 237 &TeecOperation, 238 &ErrorOrigin); 239 if (TeecResult != TEEC_SUCCESS) 240 return TeecResult; 241 242 TEEC_SharedMemory SharedMem0 = {0}; 243 244 SharedMem0.size = filename_size; 245 SharedMem0.flags = 0; 246 247 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 248 if (TeecResult != TEEC_SUCCESS) 249 goto exit; 250 251 memcpy(SharedMem0.buffer, filename, SharedMem0.size); 252 253 TEEC_SharedMemory SharedMem1 = {0}; 254 255 SharedMem1.size = data_size; 256 SharedMem1.flags = 0; 257 258 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 259 if (TeecResult != TEEC_SUCCESS) 260 goto exit; 261 262 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 263 TeecOperation.params[0].tmpref.size = SharedMem0.size; 264 265 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 266 TeecOperation.params[1].tmpref.size = SharedMem1.size; 267 268 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 269 TEEC_MEMREF_TEMP_INOUT, 270 TEEC_NONE, 271 TEEC_NONE); 272 273 TeecResult = TEEC_InvokeCommand(&TeecSession, 274 0, 275 &TeecOperation, 276 &ErrorOrigin); 277 if (TeecResult == TEEC_SUCCESS) 278 memcpy(data, SharedMem1.buffer, SharedMem1.size); 279 exit: 280 TEEC_ReleaseSharedMemory(&SharedMem0); 281 TEEC_ReleaseSharedMemory(&SharedMem1); 282 TEEC_CloseSession(&TeecSession); 283 TEEC_FinalizeContext(&TeecContext); 284 285 return TeecResult; 286 } 287 288 static uint32_t trusty_base_end_security_data(void) 289 { 290 TEEC_Result TeecResult; 291 TEEC_Context TeecContext; 292 TEEC_Session TeecSession; 293 uint32_t ErrorOrigin; 294 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 295 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 296 TEEC_UUID *TeecUuid = &tempuuid; 297 TEEC_Operation TeecOperation = {0}; 298 299 TeecResult = OpteeClientApiLibInitialize(); 300 if (TeecResult != TEEC_SUCCESS) 301 return TeecResult; 302 303 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 304 if (TeecResult != TEEC_SUCCESS) 305 return TeecResult; 306 307 TeecResult = TEEC_OpenSession(&TeecContext, 308 &TeecSession, 309 TeecUuid, 310 TEEC_LOGIN_PUBLIC, 311 NULL, 312 NULL, 313 &ErrorOrigin); 314 if (TeecResult != TEEC_SUCCESS) 315 return TeecResult; 316 317 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 318 TEEC_NONE, 319 TEEC_NONE, 320 TEEC_NONE); 321 322 TeecResult = TEEC_InvokeCommand(&TeecSession, 323 2, 324 &TeecOperation, 325 &ErrorOrigin); 326 if (TeecResult != TEEC_SUCCESS) 327 goto exit; 328 exit: 329 TEEC_CloseSession(&TeecSession); 330 TEEC_FinalizeContext(&TeecContext); 331 332 return TeecResult; 333 } 334 335 static void trusty_notify_always_use_security(void) 336 { 337 #if defined(CONFIG_OPTEE_V2) && defined(CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION) 338 TEEC_Result TeecResult; 339 TEEC_Context TeecContext; 340 TEEC_Session TeecSession; 341 uint32_t ErrorOrigin; 342 TEEC_UUID tempuuid = { 0x1b484ea5, 0x698b, 0x4142, 343 { 0x82, 0xb8, 0x3a, 0xcf, 0x16, 0xe9, 0x9e, 0x2a } }; 344 TEEC_UUID *TeecUuid = &tempuuid; 345 TEEC_Operation TeecOperation = {0}; 346 347 TeecResult = OpteeClientApiLibInitialize(); 348 if (TeecResult != TEEC_SUCCESS) 349 return; 350 351 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 352 if (TeecResult != TEEC_SUCCESS) 353 return; 354 355 TeecResult = TEEC_OpenSession(&TeecContext, 356 &TeecSession, 357 TeecUuid, 358 TEEC_LOGIN_PUBLIC, 359 NULL, 360 NULL, 361 &ErrorOrigin); 362 if (TeecResult != TEEC_SUCCESS) 363 return; 364 365 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 366 TEEC_NONE, 367 TEEC_NONE, 368 TEEC_NONE); 369 370 TeecResult = TEEC_InvokeCommand(&TeecSession, 371 9, 372 &TeecOperation, 373 &ErrorOrigin); 374 if (TeecResult != TEEC_SUCCESS) 375 debug("notify always use security fail! please update optee!"); 376 377 TEEC_CloseSession(&TeecSession); 378 TEEC_FinalizeContext(&TeecContext); 379 380 return; 381 #endif 382 } 383 384 uint32_t trusty_read_rollback_index(uint32_t slot, uint64_t *value) 385 { 386 char hs[9]; 387 388 b2hs((uint8_t *)&slot, (uint8_t *)hs, 4, 9); 389 390 return trusty_base_read_security_data(hs, 8, (uint8_t *)value, 8); 391 } 392 393 uint32_t trusty_write_rollback_index(uint32_t slot, uint64_t value) 394 { 395 char hs[9]; 396 397 b2hs((uint8_t *)&slot, (uint8_t *)hs, 4, 9); 398 399 return trusty_base_write_security_data(hs, 8, (uint8_t *)&value, 8); 400 } 401 402 uint32_t trusty_read_permanent_attributes(uint8_t *attributes, uint32_t size) 403 { 404 return trusty_base_read_security_data("attributes", 405 sizeof("attributes"), attributes, size); 406 } 407 408 uint32_t trusty_write_permanent_attributes(uint8_t *attributes, uint32_t size) 409 { 410 return trusty_base_write_security_data("attributes", 411 sizeof("attributes"), attributes, size); 412 } 413 414 uint32_t trusty_read_permanent_attributes_flag(uint8_t *attributes) 415 { 416 return trusty_base_read_security_data("attributes_flag", 417 sizeof("attributes_flag"), attributes, 1); 418 } 419 420 uint32_t trusty_write_permanent_attributes_flag(uint8_t attributes) 421 { 422 return trusty_base_write_security_data("attributes_flag", 423 sizeof("attributes_flag"), &attributes, 1); 424 } 425 426 uint32_t trusty_read_permanent_attributes_cer(uint8_t *attributes, 427 uint32_t size) 428 { 429 return trusty_base_read_security_data("rsacer", 430 sizeof("rsacer"), attributes, size); 431 } 432 433 uint32_t trusty_write_permanent_attributes_cer(uint8_t *attributes, 434 uint32_t size) 435 { 436 return trusty_base_write_security_data("rsacer", 437 sizeof("rsacer"), attributes, size); 438 } 439 440 uint32_t trusty_read_lock_state(uint8_t *lock_state) 441 { 442 return trusty_base_read_security_data("lock_state", 443 sizeof("lock_state"), lock_state, 1); 444 } 445 446 uint32_t trusty_write_lock_state(uint8_t lock_state) 447 { 448 return trusty_base_write_security_data("lock_state", 449 sizeof("lock_state"), &lock_state, 1); 450 } 451 452 uint32_t trusty_read_flash_lock_state(uint8_t *flash_lock_state) 453 { 454 return trusty_base_read_security_data("flash_lock_state", 455 sizeof("flash_lock_state"), flash_lock_state, 1); 456 } 457 458 uint32_t trusty_write_flash_lock_state(uint8_t flash_lock_state) 459 { 460 return trusty_base_write_security_data("flash_lock_state", 461 sizeof("flash_lock_state"), &flash_lock_state, 1); 462 } 463 464 static uint32_t trusty_base_end_efuse_or_otp(void) 465 { 466 TEEC_Result TeecResult; 467 TEEC_Context TeecContext; 468 TEEC_Session TeecSession; 469 uint32_t ErrorOrigin; 470 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 471 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 472 473 TEEC_UUID *TeecUuid = &tempuuid; 474 TEEC_Operation TeecOperation = {0}; 475 476 TeecResult = OpteeClientApiLibInitialize(); 477 if (TeecResult != TEEC_SUCCESS) 478 return TeecResult; 479 480 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 481 if (TeecResult != TEEC_SUCCESS) 482 return TeecResult; 483 484 TeecResult = TEEC_OpenSession(&TeecContext, 485 &TeecSession, 486 TeecUuid, 487 TEEC_LOGIN_PUBLIC, 488 NULL, 489 NULL, 490 &ErrorOrigin); 491 if (TeecResult != TEEC_SUCCESS) 492 return TeecResult; 493 494 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, 495 TEEC_NONE, 496 TEEC_NONE, 497 TEEC_NONE); 498 499 TeecResult = TEEC_InvokeCommand(&TeecSession, 500 STORAGE_CMD_UBOOT_END_OTP, 501 &TeecOperation, 502 &ErrorOrigin); 503 if (TeecResult != TEEC_SUCCESS) 504 goto exit; 505 exit: 506 TEEC_CloseSession(&TeecSession); 507 TEEC_FinalizeContext(&TeecContext); 508 509 return TeecResult; 510 } 511 512 static uint32_t trusty_base_efuse_or_otp_operation(uint32_t cmd, 513 uint8_t is_write, 514 uint32_t *buf, 515 uint32_t length) 516 { 517 TEEC_Result TeecResult; 518 TEEC_Context TeecContext; 519 TEEC_Session TeecSession; 520 uint32_t ErrorOrigin; 521 522 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 523 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 524 TEEC_UUID *TeecUuid = &tempuuid; 525 TEEC_Operation TeecOperation = {0}; 526 527 TeecResult = OpteeClientApiLibInitialize(); 528 if (TeecResult != TEEC_SUCCESS) 529 return TeecResult; 530 531 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 532 if (TeecResult != TEEC_SUCCESS) 533 return TeecResult; 534 535 TeecResult = TEEC_OpenSession(&TeecContext, 536 &TeecSession, 537 TeecUuid, 538 TEEC_LOGIN_PUBLIC, 539 NULL, 540 NULL, 541 &ErrorOrigin); 542 if (TeecResult != TEEC_SUCCESS) 543 return TeecResult; 544 545 TEEC_SharedMemory SharedMem0 = {0}; 546 547 SharedMem0.size = length * sizeof(uint32_t); 548 SharedMem0.flags = 0; 549 550 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 551 if (TeecResult != TEEC_SUCCESS) 552 goto exit; 553 554 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 555 TeecOperation.params[0].tmpref.size = SharedMem0.size; 556 557 if (is_write) { 558 memcpy(SharedMem0.buffer, buf, SharedMem0.size); 559 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT, 560 TEEC_NONE, 561 TEEC_NONE, 562 TEEC_NONE); 563 564 } else { 565 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, 566 TEEC_NONE, 567 TEEC_NONE, 568 TEEC_NONE); 569 } 570 571 TeecResult = TEEC_InvokeCommand(&TeecSession, 572 cmd, 573 &TeecOperation, 574 &ErrorOrigin); 575 if (TeecResult != TEEC_SUCCESS) 576 goto exit; 577 578 if (!is_write) 579 memcpy(buf, SharedMem0.buffer, SharedMem0.size); 580 581 exit: 582 TEEC_ReleaseSharedMemory(&SharedMem0); 583 TEEC_CloseSession(&TeecSession); 584 TEEC_FinalizeContext(&TeecContext); 585 586 return TeecResult; 587 } 588 589 uint32_t trusty_read_attribute_hash(uint32_t *buf, uint32_t length) 590 { 591 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_ATTRIBUTE_HASH, 592 false, buf, length); 593 } 594 595 uint32_t trusty_write_attribute_hash(uint32_t *buf, uint32_t length) 596 { 597 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_ATTRIBUTE_HASH, 598 true, buf, length); 599 } 600 601 uint32_t trusty_notify_optee_uboot_end(void) 602 { 603 TEEC_Result res; 604 605 res = trusty_base_end_security_data(); 606 res |= trusty_base_end_efuse_or_otp(); 607 return res; 608 } 609 610 uint32_t trusty_read_vbootkey_hash(uint32_t *buf, uint32_t length) 611 { 612 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_VBOOTKEY_HASH, 613 false, buf, length); 614 } 615 616 uint32_t trusty_write_vbootkey_hash(uint32_t *buf, uint32_t length) 617 { 618 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_VBOOTKEY_HASH, 619 true, buf, length); 620 } 621 622 uint32_t trusty_read_vbootkey_enable_flag(uint8_t *flag) 623 { 624 uint32_t bootflag; 625 TEEC_Result TeecResult; 626 627 *flag = 0; 628 629 TeecResult = trusty_base_efuse_or_otp_operation(STORAGE_CMD_READ_ENABLE_FLAG, 630 false, &bootflag, 1); 631 632 if (TeecResult == TEEC_SUCCESS) { 633 #if defined(CONFIG_ROCKCHIP_RK3288) 634 if (bootflag == 0x00000001) 635 *flag = 1; 636 #else 637 if (bootflag == 0x000000FF) 638 *flag = 1; 639 #endif 640 } 641 return TeecResult; 642 } 643 644 uint32_t trusty_write_ta_encryption_key(uint32_t *buf, uint32_t length) 645 { 646 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_TA_ENCRYPTION_KEY, 647 true, buf, length); 648 } 649 650 uint32_t trusty_check_security_level_flag(uint8_t flag) 651 { 652 uint32_t levelflag; 653 654 levelflag = flag; 655 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_CHECK_SECURITY_LEVEL_FLAG, 656 true, &levelflag, 1); 657 } 658 659 uint32_t trusty_write_oem_huk(uint32_t *buf, uint32_t length) 660 { 661 return trusty_base_efuse_or_otp_operation(STORAGE_CMD_WRITE_OEM_HUK, 662 true, buf, length); 663 } 664 665 static void trusty_select_security_level(void) 666 { 667 #if (CONFIG_OPTEE_SECURITY_LEVEL > 0) 668 TEEC_Result TeecResult; 669 670 TeecResult = trusty_check_security_level_flag(CONFIG_OPTEE_SECURITY_LEVEL); 671 if (TeecResult == TEE_ERROR_CANCEL) { 672 run_command("download", 0); 673 return; 674 } 675 676 if (TeecResult == TEEC_SUCCESS) 677 debug("optee select security level success!"); 678 else 679 panic("optee select security level fail!"); 680 681 return; 682 #endif 683 } 684 685 void optee_client_init(void) 686 { 687 trusty_select_security_level(); 688 trusty_notify_always_use_security(); 689 } 690 691 uint32_t trusty_write_oem_ns_otp(uint32_t byte_off, uint8_t *byte_buf, uint32_t byte_len) 692 { 693 TEEC_Result TeecResult; 694 TEEC_Context TeecContext; 695 TEEC_Session TeecSession; 696 uint32_t ErrorOrigin; 697 698 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 699 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 700 TEEC_UUID *TeecUuid = &tempuuid; 701 TEEC_Operation TeecOperation = {0}; 702 703 TeecResult = OpteeClientApiLibInitialize(); 704 if (TeecResult != TEEC_SUCCESS) 705 return TeecResult; 706 707 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 708 if (TeecResult != TEEC_SUCCESS) 709 return TeecResult; 710 711 TeecResult = TEEC_OpenSession(&TeecContext, 712 &TeecSession, 713 TeecUuid, 714 TEEC_LOGIN_PUBLIC, 715 NULL, 716 NULL, 717 &ErrorOrigin); 718 if (TeecResult != TEEC_SUCCESS) 719 return TeecResult; 720 721 TeecOperation.params[0].value.a = byte_off; 722 723 TEEC_SharedMemory SharedMem = {0}; 724 725 SharedMem.size = byte_len; 726 SharedMem.flags = 0; 727 728 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 729 if (TeecResult != TEEC_SUCCESS) 730 goto exit; 731 732 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 733 TeecOperation.params[1].tmpref.size = SharedMem.size; 734 735 memcpy(SharedMem.buffer, byte_buf, SharedMem.size); 736 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 737 TEEC_MEMREF_TEMP_INPUT, 738 TEEC_NONE, 739 TEEC_NONE); 740 741 TeecResult = TEEC_InvokeCommand(&TeecSession, 742 STORAGE_CMD_WRITE_OEM_NS_OTP, 743 &TeecOperation, 744 &ErrorOrigin); 745 if (TeecResult != TEEC_SUCCESS) 746 goto exit; 747 748 exit: 749 TEEC_ReleaseSharedMemory(&SharedMem); 750 TEEC_CloseSession(&TeecSession); 751 TEEC_FinalizeContext(&TeecContext); 752 753 return TeecResult; 754 } 755 756 uint32_t trusty_read_oem_ns_otp(uint32_t byte_off, uint8_t *byte_buf, uint32_t byte_len) 757 { 758 TEEC_Result TeecResult; 759 TEEC_Context TeecContext; 760 TEEC_Session TeecSession; 761 uint32_t ErrorOrigin; 762 763 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 764 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 765 TEEC_UUID *TeecUuid = &tempuuid; 766 TEEC_Operation TeecOperation = {0}; 767 768 TeecResult = OpteeClientApiLibInitialize(); 769 if (TeecResult != TEEC_SUCCESS) 770 return TeecResult; 771 772 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 773 if (TeecResult != TEEC_SUCCESS) 774 return TeecResult; 775 776 TeecResult = TEEC_OpenSession(&TeecContext, 777 &TeecSession, 778 TeecUuid, 779 TEEC_LOGIN_PUBLIC, 780 NULL, 781 NULL, 782 &ErrorOrigin); 783 if (TeecResult != TEEC_SUCCESS) 784 return TeecResult; 785 786 TeecOperation.params[0].value.a = byte_off; 787 788 TEEC_SharedMemory SharedMem = {0}; 789 790 SharedMem.size = byte_len; 791 SharedMem.flags = 0; 792 793 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 794 if (TeecResult != TEEC_SUCCESS) 795 goto exit; 796 797 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 798 TeecOperation.params[1].tmpref.size = SharedMem.size; 799 800 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 801 TEEC_MEMREF_TEMP_OUTPUT, 802 TEEC_NONE, 803 TEEC_NONE); 804 805 TeecResult = TEEC_InvokeCommand(&TeecSession, 806 STORAGE_CMD_READ_OEM_NS_OTP, 807 &TeecOperation, 808 &ErrorOrigin); 809 if (TeecResult != TEEC_SUCCESS) 810 goto exit; 811 812 memcpy(byte_buf, SharedMem.buffer, SharedMem.size); 813 814 exit: 815 TEEC_ReleaseSharedMemory(&SharedMem); 816 TEEC_CloseSession(&TeecSession); 817 TEEC_FinalizeContext(&TeecContext); 818 819 return TeecResult; 820 } 821 822 uint32_t trusty_write_oem_otp_key(enum RK_OEM_OTP_KEYID key_id, 823 uint8_t *byte_buf, uint32_t byte_len) 824 { 825 TEEC_Result TeecResult; 826 TEEC_Context TeecContext; 827 TEEC_Session TeecSession; 828 uint32_t ErrorOrigin; 829 830 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 831 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 832 TEEC_UUID *TeecUuid = &tempuuid; 833 TEEC_Operation TeecOperation = {0}; 834 835 TeecResult = OpteeClientApiLibInitialize(); 836 if (TeecResult != TEEC_SUCCESS) 837 return TeecResult; 838 839 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 840 if (TeecResult != TEEC_SUCCESS) 841 return TeecResult; 842 843 TeecResult = TEEC_OpenSession(&TeecContext, 844 &TeecSession, 845 TeecUuid, 846 TEEC_LOGIN_PUBLIC, 847 NULL, 848 NULL, 849 &ErrorOrigin); 850 if (TeecResult != TEEC_SUCCESS) 851 return TeecResult; 852 853 TeecOperation.params[0].value.a = key_id; 854 855 TEEC_SharedMemory SharedMem = {0}; 856 857 SharedMem.size = byte_len; 858 SharedMem.flags = 0; 859 860 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem); 861 if (TeecResult != TEEC_SUCCESS) 862 goto exit; 863 864 TeecOperation.params[1].tmpref.buffer = SharedMem.buffer; 865 TeecOperation.params[1].tmpref.size = SharedMem.size; 866 867 memcpy(SharedMem.buffer, byte_buf, SharedMem.size); 868 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 869 TEEC_MEMREF_TEMP_INPUT, 870 TEEC_NONE, 871 TEEC_NONE); 872 873 TeecResult = TEEC_InvokeCommand(&TeecSession, 874 STORAGE_CMD_WRITE_OEM_OTP_KEY, 875 &TeecOperation, 876 &ErrorOrigin); 877 if (TeecResult != TEEC_SUCCESS) 878 goto exit; 879 880 exit: 881 TEEC_ReleaseSharedMemory(&SharedMem); 882 TEEC_CloseSession(&TeecSession); 883 TEEC_FinalizeContext(&TeecContext); 884 885 return TeecResult; 886 } 887 888 uint32_t trusty_oem_otp_key_is_written(enum RK_OEM_OTP_KEYID key_id, uint8_t *value) 889 { 890 TEEC_Result TeecResult; 891 TEEC_Context TeecContext; 892 TEEC_Session TeecSession; 893 uint32_t ErrorOrigin; 894 895 *value = 0xFF; 896 897 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 898 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 899 TEEC_UUID *TeecUuid = &tempuuid; 900 TEEC_Operation TeecOperation = {0}; 901 902 TeecResult = OpteeClientApiLibInitialize(); 903 if (TeecResult != TEEC_SUCCESS) 904 return TeecResult; 905 906 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 907 if (TeecResult != TEEC_SUCCESS) 908 return TeecResult; 909 910 TeecResult = TEEC_OpenSession(&TeecContext, 911 &TeecSession, 912 TeecUuid, 913 TEEC_LOGIN_PUBLIC, 914 NULL, 915 NULL, 916 &ErrorOrigin); 917 if (TeecResult != TEEC_SUCCESS) 918 return TeecResult; 919 920 TeecOperation.params[0].value.a = key_id; 921 922 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, 923 TEEC_NONE, 924 TEEC_NONE, 925 TEEC_NONE); 926 927 TeecResult = TEEC_InvokeCommand(&TeecSession, 928 STORAGE_CMD_OEM_OTP_KEY_IS_WRITTEN, 929 &TeecOperation, 930 &ErrorOrigin); 931 if (TeecResult == TEEC_SUCCESS) 932 *value = TeecOperation.params[0].value.b; 933 934 TEEC_CloseSession(&TeecSession); 935 TEEC_FinalizeContext(&TeecContext); 936 937 return TeecResult; 938 } 939 940 uint32_t trusty_set_oem_hr_otp_read_lock(enum RK_OEM_OTP_KEYID key_id) 941 { 942 TEEC_Result TeecResult; 943 TEEC_Context TeecContext; 944 TEEC_Session TeecSession; 945 uint32_t ErrorOrigin; 946 947 TEEC_UUID tempuuid = { 0x2d26d8a8, 0x5134, 0x4dd8, 948 { 0xb3, 0x2f, 0xb3, 0x4b, 0xce, 0xeb, 0xc4, 0x71 } }; 949 TEEC_UUID *TeecUuid = &tempuuid; 950 TEEC_Operation TeecOperation = {0}; 951 952 TeecResult = OpteeClientApiLibInitialize(); 953 if (TeecResult != TEEC_SUCCESS) 954 return TeecResult; 955 956 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 957 if (TeecResult != TEEC_SUCCESS) 958 return TeecResult; 959 960 TeecResult = TEEC_OpenSession(&TeecContext, 961 &TeecSession, 962 TeecUuid, 963 TEEC_LOGIN_PUBLIC, 964 NULL, 965 NULL, 966 &ErrorOrigin); 967 if (TeecResult != TEEC_SUCCESS) 968 return TeecResult; 969 970 TeecOperation.params[0].value.a = key_id; 971 972 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 973 TEEC_NONE, 974 TEEC_NONE, 975 TEEC_NONE); 976 977 TeecResult = TEEC_InvokeCommand(&TeecSession, 978 STORAGE_CMD_SET_OEM_HR_OTP_READ_LOCK, 979 &TeecOperation, 980 &ErrorOrigin); 981 if (TeecResult != TEEC_SUCCESS) 982 goto exit; 983 984 exit: 985 TEEC_CloseSession(&TeecSession); 986 TEEC_FinalizeContext(&TeecContext); 987 988 return TeecResult; 989 } 990 991 uint32_t trusty_oem_otp_key_cipher(enum RK_OEM_OTP_KEYID key_id, rk_cipher_config *config, 992 uint32_t src_phys_addr, uint32_t dst_phys_addr, 993 uint32_t len) 994 { 995 TEEC_Result TeecResult; 996 TEEC_Context TeecContext; 997 TEEC_Session TeecSession; 998 TEEC_Operation TeecOperation = {0}; 999 uint32_t ErrorOrigin; 1000 TEEC_UUID uuid = RK_CRYPTO_SERVICE_UUID; 1001 TEEC_SharedMemory SharedMem_config = {0}; 1002 1003 if (key_id != RK_OEM_OTP_KEY0 && 1004 key_id != RK_OEM_OTP_KEY1 && 1005 key_id != RK_OEM_OTP_KEY2 && 1006 key_id != RK_OEM_OTP_KEY3 && 1007 key_id != RK_OEM_OTP_KEY_FW) 1008 return TEEC_ERROR_BAD_PARAMETERS; 1009 1010 if (!config) 1011 return TEEC_ERROR_BAD_PARAMETERS; 1012 1013 if (config->algo != RK_ALGO_AES && config->algo != RK_ALGO_SM4) 1014 return TEEC_ERROR_BAD_PARAMETERS; 1015 1016 if (config->mode >= RK_CIPHER_MODE_XTS) 1017 return TEEC_ERROR_BAD_PARAMETERS; 1018 1019 if (config->operation != RK_MODE_ENCRYPT && 1020 config->operation != RK_MODE_DECRYPT) 1021 return TEEC_ERROR_BAD_PARAMETERS; 1022 1023 if (config->key_len != 16 && 1024 config->key_len != 24 && 1025 config->key_len != 32) 1026 return TEEC_ERROR_BAD_PARAMETERS; 1027 1028 if (key_id == RK_OEM_OTP_KEY_FW && config->key_len != 16) 1029 return TEEC_ERROR_BAD_PARAMETERS; 1030 1031 #if defined(CONFIG_ROCKCHIP_RV1126) 1032 if (config->key_len == 24) 1033 return TEEC_ERROR_BAD_PARAMETERS; 1034 #endif 1035 1036 if (len % AES_BLOCK_SIZE || 1037 len == 0) 1038 return TEEC_ERROR_BAD_PARAMETERS; 1039 1040 if (!src_phys_addr || !dst_phys_addr) 1041 return TEEC_ERROR_BAD_PARAMETERS; 1042 1043 TeecResult = OpteeClientApiLibInitialize(); 1044 if (TeecResult != TEEC_SUCCESS) 1045 return TeecResult; 1046 1047 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1048 if (TeecResult != TEEC_SUCCESS) 1049 return TeecResult; 1050 1051 TeecResult = TEEC_OpenSession(&TeecContext, 1052 &TeecSession, 1053 &uuid, 1054 TEEC_LOGIN_PUBLIC, 1055 NULL, 1056 NULL, 1057 &ErrorOrigin); 1058 if (TeecResult != TEEC_SUCCESS) 1059 goto exit; 1060 1061 SharedMem_config.size = sizeof(rk_cipher_config); 1062 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem_config); 1063 if (TeecResult != TEEC_SUCCESS) 1064 goto exit; 1065 1066 memcpy(SharedMem_config.buffer, config, sizeof(rk_cipher_config)); 1067 TeecOperation.params[0].value.a = key_id; 1068 TeecOperation.params[1].tmpref.buffer = SharedMem_config.buffer; 1069 TeecOperation.params[1].tmpref.size = SharedMem_config.size; 1070 TeecOperation.params[2].value.a = src_phys_addr; 1071 TeecOperation.params[2].value.b = len; 1072 TeecOperation.params[3].value.a = dst_phys_addr; 1073 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1074 TEEC_MEMREF_TEMP_INPUT, 1075 TEEC_VALUE_INPUT, 1076 TEEC_VALUE_INPUT); 1077 1078 crypto_flush_cacheline(src_phys_addr, len); 1079 crypto_flush_cacheline(dst_phys_addr, len); 1080 1081 TeecResult = TEEC_InvokeCommand(&TeecSession, 1082 CRYPTO_SERVICE_CMD_OEM_OTP_KEY_PHYS_CIPHER, 1083 &TeecOperation, 1084 &ErrorOrigin); 1085 1086 crypto_invalidate_cacheline(dst_phys_addr, len); 1087 1088 exit: 1089 TEEC_ReleaseSharedMemory(&SharedMem_config); 1090 TEEC_CloseSession(&TeecSession); 1091 TEEC_FinalizeContext(&TeecContext); 1092 return TeecResult; 1093 } 1094 1095 uint32_t trusty_attest_dh(uint8_t *dh, uint32_t *dh_size) 1096 { 1097 TEEC_Result TeecResult; 1098 TEEC_Context TeecContext; 1099 TEEC_Session TeecSession; 1100 uint32_t ErrorOrigin; 1101 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1102 { 0xa8, 0x69, 0x9c, 0xe6, 1103 0x88, 0x6c, 0x5d, 0x5d 1104 } 1105 }; 1106 TEEC_UUID *TeecUuid = &tempuuid; 1107 TEEC_Operation TeecOperation = {0}; 1108 struct blk_desc *dev_desc; 1109 dev_desc = rockchip_get_bootdev(); 1110 if (!dev_desc) { 1111 printf("%s: dev_desc is NULL!\n", __func__); 1112 return -TEEC_ERROR_GENERIC; 1113 } 1114 1115 TeecResult = OpteeClientApiLibInitialize(); 1116 if (TeecResult != TEEC_SUCCESS) 1117 return TeecResult; 1118 1119 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1120 if (TeecResult != TEEC_SUCCESS) 1121 return TeecResult; 1122 1123 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1124 TEEC_NONE, 1125 TEEC_NONE, 1126 TEEC_NONE); 1127 /*0 nand or emmc "security" partition , 1 rpmb*/ 1128 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1129 TeecOperation.params[0].value.a = 1; 1130 else 1131 TeecOperation.params[0].value.a = 0; 1132 1133 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1134 TeecOperation.params[0].value.a = 0; 1135 #endif 1136 1137 TeecResult = TEEC_OpenSession(&TeecContext, 1138 &TeecSession, 1139 TeecUuid, 1140 TEEC_LOGIN_PUBLIC, 1141 NULL, 1142 &TeecOperation, 1143 &ErrorOrigin); 1144 if (TeecResult != TEEC_SUCCESS) 1145 return TeecResult; 1146 1147 TEEC_SharedMemory SharedMem0 = {0}; 1148 1149 SharedMem0.size = *dh_size; 1150 SharedMem0.flags = 0; 1151 1152 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1153 if (TeecResult != TEEC_SUCCESS) 1154 goto exit; 1155 1156 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1157 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1158 1159 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1160 TEEC_NONE, 1161 TEEC_NONE, 1162 TEEC_NONE); 1163 1164 TeecResult = TEEC_InvokeCommand(&TeecSession, 1165 143, 1166 &TeecOperation, 1167 &ErrorOrigin); 1168 if (TeecResult != TEEC_SUCCESS) 1169 goto exit; 1170 1171 *dh_size = TeecOperation.params[0].tmpref.size; 1172 memcpy(dh, SharedMem0.buffer, SharedMem0.size); 1173 exit: 1174 TEEC_ReleaseSharedMemory(&SharedMem0); 1175 TEEC_CloseSession(&TeecSession); 1176 TEEC_FinalizeContext(&TeecContext); 1177 1178 return TeecResult; 1179 } 1180 1181 uint32_t trusty_attest_uuid(uint8_t *uuid, uint32_t *uuid_size) 1182 { 1183 TEEC_Result TeecResult; 1184 TEEC_Context TeecContext; 1185 TEEC_Session TeecSession; 1186 uint32_t ErrorOrigin; 1187 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1188 { 0xa8, 0x69, 0x9c, 0xe6, 1189 0x88, 0x6c, 0x5d, 0x5d 1190 } 1191 }; 1192 TEEC_UUID *TeecUuid = &tempuuid; 1193 TEEC_Operation TeecOperation = {0}; 1194 struct blk_desc *dev_desc; 1195 dev_desc = rockchip_get_bootdev(); 1196 if (!dev_desc) { 1197 printf("%s: dev_desc is NULL!\n", __func__); 1198 return -TEEC_ERROR_GENERIC; 1199 } 1200 1201 TeecResult = OpteeClientApiLibInitialize(); 1202 if (TeecResult != TEEC_SUCCESS) 1203 return TeecResult; 1204 1205 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1206 if (TeecResult != TEEC_SUCCESS) 1207 return TeecResult; 1208 1209 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1210 TEEC_NONE, 1211 TEEC_NONE, 1212 TEEC_NONE); 1213 /*0 nand or emmc "security" partition , 1 rpmb*/ 1214 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1215 TeecOperation.params[0].value.a = 1; 1216 else 1217 TeecOperation.params[0].value.a = 0; 1218 1219 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1220 TeecOperation.params[0].value.a = 0; 1221 #endif 1222 1223 TeecResult = TEEC_OpenSession(&TeecContext, 1224 &TeecSession, 1225 TeecUuid, 1226 TEEC_LOGIN_PUBLIC, 1227 NULL, 1228 &TeecOperation, 1229 &ErrorOrigin); 1230 if (TeecResult != TEEC_SUCCESS) 1231 return TeecResult; 1232 1233 TEEC_SharedMemory SharedMem0 = {0}; 1234 1235 SharedMem0.size = *uuid_size; 1236 SharedMem0.flags = 0; 1237 1238 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1239 if (TeecResult != TEEC_SUCCESS) 1240 goto exit; 1241 1242 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1243 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1244 1245 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1246 TEEC_NONE, 1247 TEEC_NONE, 1248 TEEC_NONE); 1249 1250 TeecResult = TEEC_InvokeCommand(&TeecSession, 1251 144, 1252 &TeecOperation, 1253 &ErrorOrigin); 1254 if (TeecResult != TEEC_SUCCESS) 1255 goto exit; 1256 1257 *uuid_size = TeecOperation.params[0].tmpref.size; 1258 memcpy(uuid, SharedMem0.buffer, SharedMem0.size); 1259 exit: 1260 TEEC_ReleaseSharedMemory(&SharedMem0); 1261 TEEC_CloseSession(&TeecSession); 1262 TEEC_FinalizeContext(&TeecContext); 1263 1264 return TeecResult; 1265 } 1266 1267 uint32_t trusty_attest_get_ca(uint8_t *operation_start, 1268 uint32_t *operation_size, 1269 uint8_t *out, 1270 uint32_t *out_len) 1271 { 1272 TEEC_Result TeecResult; 1273 TEEC_Context TeecContext; 1274 TEEC_Session TeecSession; 1275 uint32_t ErrorOrigin; 1276 1277 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1278 { 0xa8, 0x69, 0x9c, 0xe6, 1279 0x88, 0x6c, 0x5d, 0x5d 1280 } 1281 }; 1282 1283 TEEC_UUID *TeecUuid = &tempuuid; 1284 TEEC_Operation TeecOperation = {0}; 1285 struct blk_desc *dev_desc; 1286 dev_desc = rockchip_get_bootdev(); 1287 if (!dev_desc) { 1288 printf("%s: dev_desc is NULL!\n", __func__); 1289 return -TEEC_ERROR_GENERIC; 1290 } 1291 1292 TeecResult = OpteeClientApiLibInitialize(); 1293 if (TeecResult != TEEC_SUCCESS) 1294 return TeecResult; 1295 1296 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1297 if (TeecResult != TEEC_SUCCESS) 1298 return TeecResult; 1299 1300 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1301 TEEC_NONE, 1302 TEEC_NONE, 1303 TEEC_NONE); 1304 /*0 nand or emmc "security" partition , 1 rpmb*/ 1305 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1306 TeecOperation.params[0].value.a = 1; 1307 else 1308 TeecOperation.params[0].value.a = 0; 1309 1310 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1311 TeecOperation.params[0].value.a = 0; 1312 #endif 1313 1314 TeecResult = TEEC_OpenSession(&TeecContext, 1315 &TeecSession, 1316 TeecUuid, 1317 TEEC_LOGIN_PUBLIC, 1318 NULL, 1319 &TeecOperation, 1320 &ErrorOrigin); 1321 if (TeecResult != TEEC_SUCCESS) 1322 return TeecResult; 1323 1324 TEEC_SharedMemory SharedMem0 = {0}; 1325 1326 SharedMem0.size = *operation_size; 1327 SharedMem0.flags = 0; 1328 1329 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1330 if (TeecResult != TEEC_SUCCESS) 1331 goto exit; 1332 1333 memcpy(SharedMem0.buffer, operation_start, SharedMem0.size); 1334 1335 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1336 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1337 1338 TEEC_SharedMemory SharedMem1 = {0}; 1339 1340 SharedMem1.size = *out_len; 1341 SharedMem1.flags = 0; 1342 1343 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1); 1344 if (TeecResult != TEEC_SUCCESS) 1345 goto exit; 1346 1347 TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer; 1348 TeecOperation.params[1].tmpref.size = SharedMem1.size; 1349 1350 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1351 TEEC_MEMREF_TEMP_INOUT, 1352 TEEC_NONE, 1353 TEEC_NONE); 1354 1355 TeecResult = TEEC_InvokeCommand(&TeecSession, 1356 145, 1357 &TeecOperation, 1358 &ErrorOrigin); 1359 if (TeecResult != TEEC_SUCCESS) 1360 goto exit; 1361 1362 *out_len = TeecOperation.params[1].tmpref.size; 1363 memcpy(out, SharedMem1.buffer, SharedMem1.size); 1364 exit: 1365 TEEC_ReleaseSharedMemory(&SharedMem0); 1366 TEEC_ReleaseSharedMemory(&SharedMem1); 1367 TEEC_CloseSession(&TeecSession); 1368 TEEC_FinalizeContext(&TeecContext); 1369 1370 return TeecResult; 1371 } 1372 1373 uint32_t trusty_attest_set_ca(uint8_t *ca_response, uint32_t *ca_response_size) 1374 { 1375 TEEC_Result TeecResult; 1376 TEEC_Context TeecContext; 1377 TEEC_Session TeecSession; 1378 uint32_t ErrorOrigin; 1379 TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6, 1380 { 0xa8, 0x69, 0x9c, 0xe6, 1381 0x88, 0x6c, 0x5d, 0x5d 1382 } 1383 }; 1384 TEEC_UUID *TeecUuid = &tempuuid; 1385 TEEC_Operation TeecOperation = {0}; 1386 struct blk_desc *dev_desc; 1387 dev_desc = rockchip_get_bootdev(); 1388 if (!dev_desc) { 1389 printf("%s: dev_desc is NULL!\n", __func__); 1390 return -TEEC_ERROR_GENERIC; 1391 } 1392 TeecResult = OpteeClientApiLibInitialize(); 1393 if (TeecResult != TEEC_SUCCESS) 1394 return TeecResult; 1395 1396 TeecResult = TEEC_InitializeContext(NULL, &TeecContext); 1397 if (TeecResult != TEEC_SUCCESS) 1398 return TeecResult; 1399 1400 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, 1401 TEEC_NONE, 1402 TEEC_NONE, 1403 TEEC_NONE); 1404 /*0 nand or emmc "security" partition , 1 rpmb*/ 1405 if (dev_desc->if_type == IF_TYPE_MMC && dev_desc->devnum == 0) 1406 TeecOperation.params[0].value.a = 1; 1407 else 1408 TeecOperation.params[0].value.a = 0; 1409 1410 #ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION 1411 TeecOperation.params[0].value.a = 0; 1412 #endif 1413 1414 TeecResult = TEEC_OpenSession(&TeecContext, 1415 &TeecSession, 1416 TeecUuid, 1417 TEEC_LOGIN_PUBLIC, 1418 NULL, 1419 &TeecOperation, 1420 &ErrorOrigin); 1421 if (TeecResult != TEEC_SUCCESS) 1422 return TeecResult; 1423 1424 TEEC_SharedMemory SharedMem0 = {0}; 1425 1426 SharedMem0.size = *ca_response_size; 1427 SharedMem0.flags = 0; 1428 1429 TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0); 1430 if (TeecResult != TEEC_SUCCESS) 1431 goto exit; 1432 1433 memcpy(SharedMem0.buffer, ca_response, SharedMem0.size); 1434 1435 TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer; 1436 TeecOperation.params[0].tmpref.size = SharedMem0.size; 1437 1438 TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INOUT, 1439 TEEC_NONE, 1440 TEEC_NONE, 1441 TEEC_NONE); 1442 1443 TeecResult = TEEC_InvokeCommand(&TeecSession, 1444 146, 1445 &TeecOperation, 1446 &ErrorOrigin); 1447 if (TeecResult != TEEC_SUCCESS) 1448 goto exit; 1449 exit: 1450 TEEC_ReleaseSharedMemory(&SharedMem0); 1451 TEEC_CloseSession(&TeecSession); 1452 TEEC_FinalizeContext(&TeecContext); 1453 1454 return TeecResult; 1455 } 1456