Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 1 | /* |
| 2 | * |
| 3 | * Common security related functions for OMAP devices |
| 4 | * |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 5 | * (C) Copyright 2016-2017 |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 6 | * Texas Instruments, <www.ti.com> |
| 7 | * |
| 8 | * Daniel Allred <d-allred@ti.com> |
| 9 | * Andreas Dannenberg <dannenberg@ti.com> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 10 | * Harinarayan Bhatta <harinarayan@ti.com> |
| 11 | * Andrew F. Davis <afd@ti.com> |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 12 | * |
| 13 | * SPDX-License-Identifier: GPL-2.0+ |
| 14 | */ |
| 15 | |
| 16 | #include <common.h> |
| 17 | #include <stdarg.h> |
| 18 | |
| 19 | #include <asm/arch/sys_proto.h> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 20 | #include <asm/cache.h> |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 21 | #include <asm/omap_common.h> |
| 22 | #include <asm/omap_sec_common.h> |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 23 | #include <asm/spl.h> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 24 | #include <asm/ti-common/sys_proto.h> |
| 25 | #include <mapmem.h> |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 26 | #include <spl.h> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 27 | #include <tee/optee.h> |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 28 | |
| 29 | /* Index for signature verify ROM API */ |
Andrew F. Davis | 4ac19ba | 2017-01-11 10:19:52 -0600 | [diff] [blame] | 30 | #ifdef CONFIG_AM33XX |
| 31 | #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) |
| 32 | #else |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 33 | #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) |
Andrew F. Davis | 4ac19ba | 2017-01-11 10:19:52 -0600 | [diff] [blame] | 34 | #endif |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 35 | |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 36 | /* Index for signature PPA-based TI HAL APIs */ |
| 37 | #define PPA_HAL_SERVICES_START_INDEX (0x200) |
| 38 | #define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23) |
| 39 | #define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24) |
| 40 | #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25) |
| 41 | #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26) |
| 42 | #define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27) |
| 43 | |
| 44 | int tee_loaded = 0; |
| 45 | |
| 46 | /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */ |
| 47 | struct ppa_tee_load_info { |
| 48 | u32 tee_sec_mem_start; /* Physical start address reserved for TEE */ |
| 49 | u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */ |
| 50 | u32 tee_cert_start; /* Address where signed TEE binary is loaded */ |
| 51 | u32 tee_cert_size; /* Size of TEE certificate (signed binary) */ |
| 52 | u32 tee_jump_addr; /* Address to jump to start TEE execution */ |
| 53 | u32 tee_arg0; /* argument to TEE jump function, in r0 */ |
| 54 | }; |
| 55 | |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 56 | static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN); |
| 57 | |
| 58 | u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) |
| 59 | { |
| 60 | int i; |
| 61 | u32 num_args; |
| 62 | va_list ap; |
| 63 | |
| 64 | va_start(ap, flag); |
| 65 | |
| 66 | num_args = va_arg(ap, u32); |
| 67 | |
xypron.glpk@gmx.de | 1ecd2a2 | 2017-04-15 12:29:20 +0200 | [diff] [blame] | 68 | if (num_args > 4) { |
| 69 | va_end(ap); |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 70 | return 1; |
xypron.glpk@gmx.de | 1ecd2a2 | 2017-04-15 12:29:20 +0200 | [diff] [blame] | 71 | } |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 72 | |
| 73 | /* Copy args to aligned args structure */ |
| 74 | for (i = 0; i < num_args; i++) |
| 75 | secure_rom_call_args[i + 1] = va_arg(ap, u32); |
| 76 | |
| 77 | secure_rom_call_args[0] = num_args; |
| 78 | |
| 79 | va_end(ap); |
| 80 | |
| 81 | /* if data cache is enabled, flush the aligned args structure */ |
| 82 | flush_dcache_range( |
| 83 | (unsigned int)&secure_rom_call_args[0], |
| 84 | (unsigned int)&secure_rom_call_args[0] + |
| 85 | roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN)); |
| 86 | |
| 87 | return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); |
| 88 | } |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 89 | |
| 90 | static u32 find_sig_start(char *image, size_t size) |
| 91 | { |
| 92 | char *image_end = image + size; |
| 93 | char *sig_start_magic = "CERT_"; |
| 94 | int magic_str_len = strlen(sig_start_magic); |
| 95 | char *ch; |
| 96 | |
| 97 | while (--image_end > image) { |
| 98 | if (*image_end == '_') { |
| 99 | ch = image_end - magic_str_len + 1; |
| 100 | if (!strncmp(ch, sig_start_magic, magic_str_len)) |
| 101 | return (u32)ch; |
| 102 | } |
| 103 | } |
| 104 | return 0; |
| 105 | } |
| 106 | |
| 107 | int secure_boot_verify_image(void **image, size_t *size) |
| 108 | { |
| 109 | int result = 1; |
| 110 | u32 cert_addr, sig_addr; |
| 111 | size_t cert_size; |
| 112 | |
| 113 | /* Perform cache writeback on input buffer */ |
| 114 | flush_dcache_range( |
Andrew F. Davis | ef3fc42d | 2017-07-26 14:53:19 -0500 | [diff] [blame] | 115 | rounddown((u32)*image, ARCH_DMA_MINALIGN), |
| 116 | roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 117 | |
| 118 | cert_addr = (uint32_t)*image; |
| 119 | sig_addr = find_sig_start((char *)*image, *size); |
| 120 | |
| 121 | if (sig_addr == 0) { |
| 122 | printf("No signature found in image!\n"); |
| 123 | result = 1; |
| 124 | goto auth_exit; |
| 125 | } |
| 126 | |
| 127 | *size = sig_addr - cert_addr; /* Subtract out the signature size */ |
| 128 | cert_size = *size; |
| 129 | |
| 130 | /* Check if image load address is 32-bit aligned */ |
| 131 | if (!IS_ALIGNED(cert_addr, 4)) { |
| 132 | printf("Image is not 4-byte aligned!\n"); |
| 133 | result = 1; |
| 134 | goto auth_exit; |
| 135 | } |
| 136 | |
| 137 | /* Image size also should be multiple of 4 */ |
| 138 | if (!IS_ALIGNED(cert_size, 4)) { |
| 139 | printf("Image size is not 4-byte aligned!\n"); |
| 140 | result = 1; |
| 141 | goto auth_exit; |
| 142 | } |
| 143 | |
| 144 | /* Call ROM HAL API to verify certificate signature */ |
| 145 | debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, |
| 146 | cert_addr, cert_size, sig_addr); |
| 147 | |
| 148 | result = secure_rom_call( |
| 149 | API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, |
| 150 | 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); |
Andrew F. Davis | 4f65ee3 | 2017-02-22 17:46:39 -0600 | [diff] [blame] | 151 | |
| 152 | /* Perform cache writeback on output buffer */ |
| 153 | flush_dcache_range( |
Andrew F. Davis | ef3fc42d | 2017-07-26 14:53:19 -0500 | [diff] [blame] | 154 | rounddown((u32)*image, ARCH_DMA_MINALIGN), |
| 155 | roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); |
Andrew F. Davis | 4f65ee3 | 2017-02-22 17:46:39 -0600 | [diff] [blame] | 156 | |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 157 | auth_exit: |
| 158 | if (result != 0) { |
| 159 | printf("Authentication failed!\n"); |
| 160 | printf("Return Value = %08X\n", result); |
| 161 | hang(); |
| 162 | } |
| 163 | |
| 164 | /* |
| 165 | * Output notification of successful authentication as well the name of |
| 166 | * the signing certificate used to re-assure the user that the secure |
| 167 | * code is being processed as expected. However suppress any such log |
| 168 | * output in case of building for SPL and booting via YMODEM. This is |
| 169 | * done to avoid disturbing the YMODEM serial protocol transactions. |
| 170 | */ |
| 171 | if (!(IS_ENABLED(CONFIG_SPL_BUILD) && |
| 172 | IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && |
| 173 | spl_boot_device() == BOOT_DEVICE_UART)) |
| 174 | printf("Authentication passed: %s\n", (char *)sig_addr); |
| 175 | |
| 176 | return result; |
| 177 | } |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 178 | |
Andrew F. Davis | 0375023 | 2017-07-10 14:45:50 -0500 | [diff] [blame] | 179 | u32 get_sec_mem_start(void) |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 180 | { |
| 181 | u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START; |
| 182 | u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE; |
| 183 | /* |
| 184 | * Total reserved region is all contiguous with protected |
| 185 | * region coming first, followed by the non-secure region. |
| 186 | * If 0x0 start address is given, we simply put the reserved |
| 187 | * region at the end of the external DRAM. |
| 188 | */ |
| 189 | if (sec_mem_start == 0) |
| 190 | sec_mem_start = |
| 191 | (CONFIG_SYS_SDRAM_BASE + ( |
| 192 | #if defined(CONFIG_OMAP54XX) |
| 193 | omap_sdram_size() |
| 194 | #else |
| 195 | get_ram_size((void *)CONFIG_SYS_SDRAM_BASE, |
| 196 | CONFIG_MAX_RAM_BANK_SIZE) |
| 197 | #endif |
| 198 | - sec_mem_size)); |
| 199 | return sec_mem_start; |
| 200 | } |
| 201 | |
| 202 | int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr, |
| 203 | uint32_t size, uint32_t access_perm, |
| 204 | uint32_t initiator_perm) |
| 205 | { |
| 206 | int result = 1; |
| 207 | |
| 208 | /* |
| 209 | * Call PPA HAL API to do any other general firewall |
| 210 | * configuration for regions 1-6 of the EMIF firewall. |
| 211 | */ |
| 212 | debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__, |
| 213 | region_num, start_addr, size); |
| 214 | |
| 215 | result = secure_rom_call( |
| 216 | PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4, |
| 217 | (start_addr & 0xFFFFFFF0) | (region_num & 0x0F), |
| 218 | size, access_perm, initiator_perm); |
| 219 | |
| 220 | if (result != 0) { |
| 221 | puts("Secure EMIF Firewall Setup failed!\n"); |
| 222 | debug("Return Value = %x\n", result); |
| 223 | } |
| 224 | |
| 225 | return result; |
| 226 | } |
| 227 | |
| 228 | #if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \ |
| 229 | CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE) |
| 230 | #error "TI Secure EMIF: Protected size cannot be larger than total size." |
| 231 | #endif |
| 232 | int secure_emif_reserve(void) |
| 233 | { |
| 234 | int result = 1; |
| 235 | u32 sec_mem_start = get_sec_mem_start(); |
| 236 | u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; |
| 237 | |
| 238 | /* If there is no protected region, there is no reservation to make */ |
| 239 | if (sec_prot_size == 0) |
| 240 | return 0; |
| 241 | |
| 242 | /* |
| 243 | * Call PPA HAL API to reserve a chunk of EMIF SDRAM |
| 244 | * for secure world use. This region should be carved out |
| 245 | * from use by any public code. EMIF firewall region 7 |
| 246 | * will be used to protect this block of memory. |
| 247 | */ |
| 248 | result = secure_rom_call( |
| 249 | PPA_SERV_HAL_SETUP_SEC_RESVD_REGION, |
| 250 | 0, 0, 2, sec_mem_start, sec_prot_size); |
| 251 | |
| 252 | if (result != 0) { |
| 253 | puts("SDRAM Firewall: Secure memory reservation failed!\n"); |
| 254 | debug("Return Value = %x\n", result); |
| 255 | } |
| 256 | |
| 257 | return result; |
| 258 | } |
| 259 | |
| 260 | int secure_emif_firewall_lock(void) |
| 261 | { |
| 262 | int result = 1; |
| 263 | |
| 264 | /* |
| 265 | * Call PPA HAL API to lock the EMIF firewall configurations. |
| 266 | * After this API is called, none of the PPA HAL APIs for |
| 267 | * configuring the EMIF firewalls will be usable again (that |
| 268 | * is, calls to those APIs will return failure and have no |
| 269 | * effect). |
| 270 | */ |
| 271 | |
| 272 | result = secure_rom_call( |
| 273 | PPA_SERV_HAL_LOCK_EMIF_FW, |
| 274 | 0, 0, 0); |
| 275 | |
| 276 | if (result != 0) { |
| 277 | puts("Secure EMIF Firewall Lock failed!\n"); |
| 278 | debug("Return Value = %x\n", result); |
| 279 | } |
| 280 | |
| 281 | return result; |
| 282 | } |
| 283 | |
| 284 | static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN); |
| 285 | |
| 286 | int secure_tee_install(u32 addr) |
| 287 | { |
| 288 | struct optee_header *hdr; |
| 289 | void *loadptr; |
| 290 | u32 tee_file_size; |
| 291 | u32 sec_mem_start = get_sec_mem_start(); |
| 292 | const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; |
| 293 | u32 ret; |
| 294 | |
| 295 | /* If there is no protected region, there is no place to put the TEE */ |
| 296 | if (size == 0) { |
| 297 | printf("Error loading TEE, no protected memory region available\n"); |
| 298 | return -ENOBUFS; |
| 299 | } |
| 300 | |
| 301 | hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header)); |
| 302 | /* 280 bytes = size of signature */ |
| 303 | tee_file_size = hdr->init_size + hdr->paged_size + |
| 304 | sizeof(struct optee_header) + 280; |
| 305 | |
| 306 | if ((hdr->magic != OPTEE_MAGIC) || |
| 307 | (hdr->version != OPTEE_VERSION) || |
| 308 | (hdr->init_load_addr_hi != 0) || |
| 309 | (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) || |
| 310 | (tee_file_size > size) || |
| 311 | ((hdr->init_load_addr_lo + tee_file_size - 1) > |
| 312 | (sec_mem_start + size - 1))) { |
| 313 | printf("Error in TEE header. Check load address and sizes\n"); |
| 314 | unmap_sysmem(hdr); |
| 315 | return CMD_RET_FAILURE; |
| 316 | } |
| 317 | |
| 318 | tee_info.tee_sec_mem_start = sec_mem_start; |
| 319 | tee_info.tee_sec_mem_size = size; |
| 320 | tee_info.tee_jump_addr = hdr->init_load_addr_lo; |
| 321 | tee_info.tee_cert_start = addr; |
| 322 | tee_info.tee_cert_size = tee_file_size; |
| 323 | tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr; |
| 324 | unmap_sysmem(hdr); |
| 325 | loadptr = map_sysmem(addr, tee_file_size); |
| 326 | |
| 327 | debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start); |
| 328 | debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size); |
| 329 | debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr); |
| 330 | debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start); |
| 331 | debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size); |
| 332 | debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0); |
| 333 | debug("tee_file_size = %d\n", tee_file_size); |
| 334 | |
| 335 | #if !defined(CONFIG_SYS_DCACHE_OFF) |
| 336 | flush_dcache_range( |
| 337 | rounddown((u32)loadptr, ARCH_DMA_MINALIGN), |
| 338 | roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN)); |
| 339 | |
| 340 | flush_dcache_range((u32)&tee_info, (u32)&tee_info + |
| 341 | roundup(sizeof(tee_info), ARCH_DMA_MINALIGN)); |
| 342 | #endif |
| 343 | unmap_sysmem(loadptr); |
| 344 | |
| 345 | ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info); |
| 346 | if (ret) { |
| 347 | printf("TEE_LOAD_MASTER Failed\n"); |
| 348 | return ret; |
| 349 | } |
| 350 | printf("TEE_LOAD_MASTER Done\n"); |
| 351 | |
| 352 | #if defined(CONFIG_OMAP54XX) |
| 353 | if (!is_dra72x()) { |
| 354 | u32 *smc_cpu1_params; |
| 355 | /* Reuse the tee_info buffer for SMC params */ |
| 356 | smc_cpu1_params = (u32 *)&tee_info; |
| 357 | smc_cpu1_params[0] = 0; |
| 358 | #if !defined(CONFIG_SYS_DCACHE_OFF) |
| 359 | flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params + |
| 360 | roundup(sizeof(u32), ARCH_DMA_MINALIGN)); |
| 361 | #endif |
| 362 | ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0, |
| 363 | smc_cpu1_params); |
| 364 | if (ret) { |
| 365 | printf("TEE_LOAD_SLAVE Failed\n"); |
| 366 | return ret; |
| 367 | } |
| 368 | printf("TEE_LOAD_SLAVE Done\n"); |
| 369 | } |
| 370 | #endif |
| 371 | |
| 372 | tee_loaded = 1; |
| 373 | |
| 374 | return 0; |
| 375 | } |