| /* |
| * |
| * Common security related functions for OMAP devices |
| * |
| * (C) Copyright 2016-2017 |
| * Texas Instruments, <www.ti.com> |
| * |
| * Daniel Allred <d-allred@ti.com> |
| * Andreas Dannenberg <dannenberg@ti.com> |
| * Harinarayan Bhatta <harinarayan@ti.com> |
| * Andrew F. Davis <afd@ti.com> |
| * |
| * SPDX-License-Identifier: GPL-2.0+ |
| */ |
| |
| #include <common.h> |
| #include <stdarg.h> |
| |
| #include <asm/arch/sys_proto.h> |
| #include <asm/cache.h> |
| #include <asm/omap_common.h> |
| #include <asm/omap_sec_common.h> |
| #include <asm/spl.h> |
| #include <asm/ti-common/sys_proto.h> |
| #include <mapmem.h> |
| #include <spl.h> |
| #include <tee/optee.h> |
| |
| /* Index for signature verify ROM API */ |
| #ifdef CONFIG_AM33XX |
| #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) |
| #else |
| #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) |
| #endif |
| |
| /* Index for signature PPA-based TI HAL APIs */ |
| #define PPA_HAL_SERVICES_START_INDEX (0x200) |
| #define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23) |
| #define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24) |
| #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25) |
| #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26) |
| #define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27) |
| |
| int tee_loaded = 0; |
| |
| /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */ |
| struct ppa_tee_load_info { |
| u32 tee_sec_mem_start; /* Physical start address reserved for TEE */ |
| u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */ |
| u32 tee_cert_start; /* Address where signed TEE binary is loaded */ |
| u32 tee_cert_size; /* Size of TEE certificate (signed binary) */ |
| u32 tee_jump_addr; /* Address to jump to start TEE execution */ |
| u32 tee_arg0; /* argument to TEE jump function, in r0 */ |
| }; |
| |
| static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN); |
| |
| u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) |
| { |
| int i; |
| u32 num_args; |
| va_list ap; |
| |
| va_start(ap, flag); |
| |
| num_args = va_arg(ap, u32); |
| |
| if (num_args > 4) { |
| va_end(ap); |
| return 1; |
| } |
| |
| /* Copy args to aligned args structure */ |
| for (i = 0; i < num_args; i++) |
| secure_rom_call_args[i + 1] = va_arg(ap, u32); |
| |
| secure_rom_call_args[0] = num_args; |
| |
| va_end(ap); |
| |
| /* if data cache is enabled, flush the aligned args structure */ |
| flush_dcache_range( |
| (unsigned int)&secure_rom_call_args[0], |
| (unsigned int)&secure_rom_call_args[0] + |
| roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN)); |
| |
| return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); |
| } |
| |
| static u32 find_sig_start(char *image, size_t size) |
| { |
| char *image_end = image + size; |
| char *sig_start_magic = "CERT_"; |
| int magic_str_len = strlen(sig_start_magic); |
| char *ch; |
| |
| while (--image_end > image) { |
| if (*image_end == '_') { |
| ch = image_end - magic_str_len + 1; |
| if (!strncmp(ch, sig_start_magic, magic_str_len)) |
| return (u32)ch; |
| } |
| } |
| return 0; |
| } |
| |
| int secure_boot_verify_image(void **image, size_t *size) |
| { |
| int result = 1; |
| u32 cert_addr, sig_addr; |
| size_t cert_size; |
| |
| /* Perform cache writeback on input buffer */ |
| flush_dcache_range( |
| (u32)*image, |
| (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); |
| |
| cert_addr = (uint32_t)*image; |
| sig_addr = find_sig_start((char *)*image, *size); |
| |
| if (sig_addr == 0) { |
| printf("No signature found in image!\n"); |
| result = 1; |
| goto auth_exit; |
| } |
| |
| *size = sig_addr - cert_addr; /* Subtract out the signature size */ |
| cert_size = *size; |
| |
| /* Check if image load address is 32-bit aligned */ |
| if (!IS_ALIGNED(cert_addr, 4)) { |
| printf("Image is not 4-byte aligned!\n"); |
| result = 1; |
| goto auth_exit; |
| } |
| |
| /* Image size also should be multiple of 4 */ |
| if (!IS_ALIGNED(cert_size, 4)) { |
| printf("Image size is not 4-byte aligned!\n"); |
| result = 1; |
| goto auth_exit; |
| } |
| |
| /* Call ROM HAL API to verify certificate signature */ |
| debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, |
| cert_addr, cert_size, sig_addr); |
| |
| result = secure_rom_call( |
| API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, |
| 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); |
| |
| /* Perform cache writeback on output buffer */ |
| flush_dcache_range( |
| (u32)*image, |
| (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); |
| |
| auth_exit: |
| if (result != 0) { |
| printf("Authentication failed!\n"); |
| printf("Return Value = %08X\n", result); |
| hang(); |
| } |
| |
| /* |
| * Output notification of successful authentication as well the name of |
| * the signing certificate used to re-assure the user that the secure |
| * code is being processed as expected. However suppress any such log |
| * output in case of building for SPL and booting via YMODEM. This is |
| * done to avoid disturbing the YMODEM serial protocol transactions. |
| */ |
| if (!(IS_ENABLED(CONFIG_SPL_BUILD) && |
| IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && |
| spl_boot_device() == BOOT_DEVICE_UART)) |
| printf("Authentication passed: %s\n", (char *)sig_addr); |
| |
| return result; |
| } |
| |
| u32 get_sec_mem_start(void) |
| { |
| u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START; |
| u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE; |
| /* |
| * Total reserved region is all contiguous with protected |
| * region coming first, followed by the non-secure region. |
| * If 0x0 start address is given, we simply put the reserved |
| * region at the end of the external DRAM. |
| */ |
| if (sec_mem_start == 0) |
| sec_mem_start = |
| (CONFIG_SYS_SDRAM_BASE + ( |
| #if defined(CONFIG_OMAP54XX) |
| omap_sdram_size() |
| #else |
| get_ram_size((void *)CONFIG_SYS_SDRAM_BASE, |
| CONFIG_MAX_RAM_BANK_SIZE) |
| #endif |
| - sec_mem_size)); |
| return sec_mem_start; |
| } |
| |
| int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr, |
| uint32_t size, uint32_t access_perm, |
| uint32_t initiator_perm) |
| { |
| int result = 1; |
| |
| /* |
| * Call PPA HAL API to do any other general firewall |
| * configuration for regions 1-6 of the EMIF firewall. |
| */ |
| debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__, |
| region_num, start_addr, size); |
| |
| result = secure_rom_call( |
| PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4, |
| (start_addr & 0xFFFFFFF0) | (region_num & 0x0F), |
| size, access_perm, initiator_perm); |
| |
| if (result != 0) { |
| puts("Secure EMIF Firewall Setup failed!\n"); |
| debug("Return Value = %x\n", result); |
| } |
| |
| return result; |
| } |
| |
| #if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \ |
| CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE) |
| #error "TI Secure EMIF: Protected size cannot be larger than total size." |
| #endif |
| int secure_emif_reserve(void) |
| { |
| int result = 1; |
| u32 sec_mem_start = get_sec_mem_start(); |
| u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; |
| |
| /* If there is no protected region, there is no reservation to make */ |
| if (sec_prot_size == 0) |
| return 0; |
| |
| /* |
| * Call PPA HAL API to reserve a chunk of EMIF SDRAM |
| * for secure world use. This region should be carved out |
| * from use by any public code. EMIF firewall region 7 |
| * will be used to protect this block of memory. |
| */ |
| result = secure_rom_call( |
| PPA_SERV_HAL_SETUP_SEC_RESVD_REGION, |
| 0, 0, 2, sec_mem_start, sec_prot_size); |
| |
| if (result != 0) { |
| puts("SDRAM Firewall: Secure memory reservation failed!\n"); |
| debug("Return Value = %x\n", result); |
| } |
| |
| return result; |
| } |
| |
| int secure_emif_firewall_lock(void) |
| { |
| int result = 1; |
| |
| /* |
| * Call PPA HAL API to lock the EMIF firewall configurations. |
| * After this API is called, none of the PPA HAL APIs for |
| * configuring the EMIF firewalls will be usable again (that |
| * is, calls to those APIs will return failure and have no |
| * effect). |
| */ |
| |
| result = secure_rom_call( |
| PPA_SERV_HAL_LOCK_EMIF_FW, |
| 0, 0, 0); |
| |
| if (result != 0) { |
| puts("Secure EMIF Firewall Lock failed!\n"); |
| debug("Return Value = %x\n", result); |
| } |
| |
| return result; |
| } |
| |
| static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN); |
| |
| int secure_tee_install(u32 addr) |
| { |
| struct optee_header *hdr; |
| void *loadptr; |
| u32 tee_file_size; |
| u32 sec_mem_start = get_sec_mem_start(); |
| const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; |
| u32 ret; |
| |
| /* If there is no protected region, there is no place to put the TEE */ |
| if (size == 0) { |
| printf("Error loading TEE, no protected memory region available\n"); |
| return -ENOBUFS; |
| } |
| |
| hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header)); |
| /* 280 bytes = size of signature */ |
| tee_file_size = hdr->init_size + hdr->paged_size + |
| sizeof(struct optee_header) + 280; |
| |
| if ((hdr->magic != OPTEE_MAGIC) || |
| (hdr->version != OPTEE_VERSION) || |
| (hdr->init_load_addr_hi != 0) || |
| (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) || |
| (tee_file_size > size) || |
| ((hdr->init_load_addr_lo + tee_file_size - 1) > |
| (sec_mem_start + size - 1))) { |
| printf("Error in TEE header. Check load address and sizes\n"); |
| unmap_sysmem(hdr); |
| return CMD_RET_FAILURE; |
| } |
| |
| tee_info.tee_sec_mem_start = sec_mem_start; |
| tee_info.tee_sec_mem_size = size; |
| tee_info.tee_jump_addr = hdr->init_load_addr_lo; |
| tee_info.tee_cert_start = addr; |
| tee_info.tee_cert_size = tee_file_size; |
| tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr; |
| unmap_sysmem(hdr); |
| loadptr = map_sysmem(addr, tee_file_size); |
| |
| debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start); |
| debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size); |
| debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr); |
| debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start); |
| debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size); |
| debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0); |
| debug("tee_file_size = %d\n", tee_file_size); |
| |
| #if !defined(CONFIG_SYS_DCACHE_OFF) |
| flush_dcache_range( |
| rounddown((u32)loadptr, ARCH_DMA_MINALIGN), |
| roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN)); |
| |
| flush_dcache_range((u32)&tee_info, (u32)&tee_info + |
| roundup(sizeof(tee_info), ARCH_DMA_MINALIGN)); |
| #endif |
| unmap_sysmem(loadptr); |
| |
| ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info); |
| if (ret) { |
| printf("TEE_LOAD_MASTER Failed\n"); |
| return ret; |
| } |
| printf("TEE_LOAD_MASTER Done\n"); |
| |
| #if defined(CONFIG_OMAP54XX) |
| if (!is_dra72x()) { |
| u32 *smc_cpu1_params; |
| /* Reuse the tee_info buffer for SMC params */ |
| smc_cpu1_params = (u32 *)&tee_info; |
| smc_cpu1_params[0] = 0; |
| #if !defined(CONFIG_SYS_DCACHE_OFF) |
| flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params + |
| roundup(sizeof(u32), ARCH_DMA_MINALIGN)); |
| #endif |
| ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0, |
| smc_cpu1_params); |
| if (ret) { |
| printf("TEE_LOAD_SLAVE Failed\n"); |
| return ret; |
| } |
| printf("TEE_LOAD_SLAVE Done\n"); |
| } |
| #endif |
| |
| tee_loaded = 1; |
| |
| return 0; |
| } |