blob: 2630e7d316a0d34af2368d928c7ff12e0e6ab282 [file] [log] [blame]
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -05001/*
2 *
3 * Common security related functions for OMAP devices
4 *
Andrew F. Davis3348e0c2017-07-10 14:45:49 -05005 * (C) Copyright 2016-2017
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -05006 * Texas Instruments, <www.ti.com>
7 *
8 * Daniel Allred <d-allred@ti.com>
9 * Andreas Dannenberg <dannenberg@ti.com>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050010 * Harinarayan Bhatta <harinarayan@ti.com>
11 * Andrew F. Davis <afd@ti.com>
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050012 *
13 * SPDX-License-Identifier: GPL-2.0+
14 */
15
16#include <common.h>
17#include <stdarg.h>
18
19#include <asm/arch/sys_proto.h>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050020#include <asm/cache.h>
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050021#include <asm/omap_common.h>
22#include <asm/omap_sec_common.h>
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050023#include <asm/spl.h>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050024#include <asm/ti-common/sys_proto.h>
25#include <mapmem.h>
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050026#include <spl.h>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050027#include <tee/optee.h>
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050028
29/* Index for signature verify ROM API */
Andrew F. Davis4ac19ba2017-01-11 10:19:52 -060030#ifdef CONFIG_AM33XX
31#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C)
32#else
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050033#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
Andrew F. Davis4ac19ba2017-01-11 10:19:52 -060034#endif
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050035
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050036/* Index for signature PPA-based TI HAL APIs */
37#define PPA_HAL_SERVICES_START_INDEX (0x200)
38#define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23)
39#define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24)
40#define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
41#define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26)
42#define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27)
43
Madan Srinivas0830d722017-09-20 14:37:36 -050044/* Offset of header size if image is signed as ISW */
45#define HEADER_SIZE_OFFSET (0x6D)
46
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050047int tee_loaded = 0;
48
49/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
50struct ppa_tee_load_info {
51 u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
52 u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */
53 u32 tee_cert_start; /* Address where signed TEE binary is loaded */
54 u32 tee_cert_size; /* Size of TEE certificate (signed binary) */
55 u32 tee_jump_addr; /* Address to jump to start TEE execution */
56 u32 tee_arg0; /* argument to TEE jump function, in r0 */
57};
58
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050059static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
60
61u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
62{
63 int i;
64 u32 num_args;
65 va_list ap;
66
67 va_start(ap, flag);
68
69 num_args = va_arg(ap, u32);
70
xypron.glpk@gmx.de1ecd2a22017-04-15 12:29:20 +020071 if (num_args > 4) {
72 va_end(ap);
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050073 return 1;
xypron.glpk@gmx.de1ecd2a22017-04-15 12:29:20 +020074 }
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050075
76 /* Copy args to aligned args structure */
77 for (i = 0; i < num_args; i++)
78 secure_rom_call_args[i + 1] = va_arg(ap, u32);
79
80 secure_rom_call_args[0] = num_args;
81
82 va_end(ap);
83
84 /* if data cache is enabled, flush the aligned args structure */
85 flush_dcache_range(
86 (unsigned int)&secure_rom_call_args[0],
87 (unsigned int)&secure_rom_call_args[0] +
88 roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
89
90 return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
91}
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050092
93static u32 find_sig_start(char *image, size_t size)
94{
95 char *image_end = image + size;
96 char *sig_start_magic = "CERT_";
97 int magic_str_len = strlen(sig_start_magic);
98 char *ch;
99
100 while (--image_end > image) {
101 if (*image_end == '_') {
102 ch = image_end - magic_str_len + 1;
103 if (!strncmp(ch, sig_start_magic, magic_str_len))
104 return (u32)ch;
105 }
106 }
107 return 0;
108}
109
110int secure_boot_verify_image(void **image, size_t *size)
111{
112 int result = 1;
113 u32 cert_addr, sig_addr;
114 size_t cert_size;
115
116 /* Perform cache writeback on input buffer */
117 flush_dcache_range(
Andrew F. Davisef3fc42d2017-07-26 14:53:19 -0500118 rounddown((u32)*image, ARCH_DMA_MINALIGN),
119 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -0500120
121 cert_addr = (uint32_t)*image;
122 sig_addr = find_sig_start((char *)*image, *size);
123
124 if (sig_addr == 0) {
125 printf("No signature found in image!\n");
126 result = 1;
127 goto auth_exit;
128 }
129
130 *size = sig_addr - cert_addr; /* Subtract out the signature size */
Madan Srinivas0830d722017-09-20 14:37:36 -0500131 /* Subtract header if present */
132 if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0)
133 *size = ((u32 *)*image)[HEADER_SIZE_OFFSET];
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -0500134 cert_size = *size;
135
136 /* Check if image load address is 32-bit aligned */
137 if (!IS_ALIGNED(cert_addr, 4)) {
138 printf("Image is not 4-byte aligned!\n");
139 result = 1;
140 goto auth_exit;
141 }
142
143 /* Image size also should be multiple of 4 */
144 if (!IS_ALIGNED(cert_size, 4)) {
145 printf("Image size is not 4-byte aligned!\n");
146 result = 1;
147 goto auth_exit;
148 }
149
150 /* Call ROM HAL API to verify certificate signature */
151 debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
152 cert_addr, cert_size, sig_addr);
153
154 result = secure_rom_call(
155 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
156 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
Andrew F. Davis4f65ee32017-02-22 17:46:39 -0600157
158 /* Perform cache writeback on output buffer */
159 flush_dcache_range(
Andrew F. Davisef3fc42d2017-07-26 14:53:19 -0500160 rounddown((u32)*image, ARCH_DMA_MINALIGN),
161 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
Andrew F. Davis4f65ee32017-02-22 17:46:39 -0600162
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -0500163auth_exit:
164 if (result != 0) {
165 printf("Authentication failed!\n");
166 printf("Return Value = %08X\n", result);
167 hang();
168 }
169
170 /*
171 * Output notification of successful authentication as well the name of
172 * the signing certificate used to re-assure the user that the secure
173 * code is being processed as expected. However suppress any such log
174 * output in case of building for SPL and booting via YMODEM. This is
175 * done to avoid disturbing the YMODEM serial protocol transactions.
176 */
177 if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
178 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
179 spl_boot_device() == BOOT_DEVICE_UART))
180 printf("Authentication passed: %s\n", (char *)sig_addr);
181
182 return result;
183}
Andrew F. Davis3348e0c2017-07-10 14:45:49 -0500184
Andrew F. Davis03750232017-07-10 14:45:50 -0500185u32 get_sec_mem_start(void)
Andrew F. Davis3348e0c2017-07-10 14:45:49 -0500186{
187 u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
188 u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
189 /*
190 * Total reserved region is all contiguous with protected
191 * region coming first, followed by the non-secure region.
192 * If 0x0 start address is given, we simply put the reserved
193 * region at the end of the external DRAM.
194 */
195 if (sec_mem_start == 0)
196 sec_mem_start =
197 (CONFIG_SYS_SDRAM_BASE + (
198#if defined(CONFIG_OMAP54XX)
199 omap_sdram_size()
200#else
201 get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
202 CONFIG_MAX_RAM_BANK_SIZE)
203#endif
204 - sec_mem_size));
205 return sec_mem_start;
206}
207
208int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
209 uint32_t size, uint32_t access_perm,
210 uint32_t initiator_perm)
211{
212 int result = 1;
213
214 /*
215 * Call PPA HAL API to do any other general firewall
216 * configuration for regions 1-6 of the EMIF firewall.
217 */
218 debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
219 region_num, start_addr, size);
220
221 result = secure_rom_call(
222 PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
223 (start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
224 size, access_perm, initiator_perm);
225
226 if (result != 0) {
227 puts("Secure EMIF Firewall Setup failed!\n");
228 debug("Return Value = %x\n", result);
229 }
230
231 return result;
232}
233
234#if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \
235 CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
236#error "TI Secure EMIF: Protected size cannot be larger than total size."
237#endif
238int secure_emif_reserve(void)
239{
240 int result = 1;
241 u32 sec_mem_start = get_sec_mem_start();
242 u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
243
244 /* If there is no protected region, there is no reservation to make */
245 if (sec_prot_size == 0)
246 return 0;
247
248 /*
249 * Call PPA HAL API to reserve a chunk of EMIF SDRAM
250 * for secure world use. This region should be carved out
251 * from use by any public code. EMIF firewall region 7
252 * will be used to protect this block of memory.
253 */
254 result = secure_rom_call(
255 PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
256 0, 0, 2, sec_mem_start, sec_prot_size);
257
258 if (result != 0) {
259 puts("SDRAM Firewall: Secure memory reservation failed!\n");
260 debug("Return Value = %x\n", result);
261 }
262
263 return result;
264}
265
266int secure_emif_firewall_lock(void)
267{
268 int result = 1;
269
270 /*
271 * Call PPA HAL API to lock the EMIF firewall configurations.
272 * After this API is called, none of the PPA HAL APIs for
273 * configuring the EMIF firewalls will be usable again (that
274 * is, calls to those APIs will return failure and have no
275 * effect).
276 */
277
278 result = secure_rom_call(
279 PPA_SERV_HAL_LOCK_EMIF_FW,
280 0, 0, 0);
281
282 if (result != 0) {
283 puts("Secure EMIF Firewall Lock failed!\n");
284 debug("Return Value = %x\n", result);
285 }
286
287 return result;
288}
289
290static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
291
292int secure_tee_install(u32 addr)
293{
294 struct optee_header *hdr;
295 void *loadptr;
296 u32 tee_file_size;
297 u32 sec_mem_start = get_sec_mem_start();
298 const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
299 u32 ret;
300
301 /* If there is no protected region, there is no place to put the TEE */
302 if (size == 0) {
303 printf("Error loading TEE, no protected memory region available\n");
304 return -ENOBUFS;
305 }
306
307 hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
308 /* 280 bytes = size of signature */
309 tee_file_size = hdr->init_size + hdr->paged_size +
310 sizeof(struct optee_header) + 280;
311
312 if ((hdr->magic != OPTEE_MAGIC) ||
313 (hdr->version != OPTEE_VERSION) ||
Harinarayan Bhattaa1e4bc62017-09-13 13:27:44 -0500314 (tee_file_size > size)) {
315 printf("Error in TEE header. Check firewall and TEE sizes\n");
Andrew F. Davis3348e0c2017-07-10 14:45:49 -0500316 unmap_sysmem(hdr);
317 return CMD_RET_FAILURE;
318 }
319
320 tee_info.tee_sec_mem_start = sec_mem_start;
321 tee_info.tee_sec_mem_size = size;
322 tee_info.tee_jump_addr = hdr->init_load_addr_lo;
323 tee_info.tee_cert_start = addr;
324 tee_info.tee_cert_size = tee_file_size;
325 tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
326 unmap_sysmem(hdr);
327 loadptr = map_sysmem(addr, tee_file_size);
328
329 debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
330 debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
331 debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
332 debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
333 debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
334 debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
335 debug("tee_file_size = %d\n", tee_file_size);
336
337#if !defined(CONFIG_SYS_DCACHE_OFF)
338 flush_dcache_range(
339 rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
340 roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
341
342 flush_dcache_range((u32)&tee_info, (u32)&tee_info +
343 roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
344#endif
345 unmap_sysmem(loadptr);
346
347 ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
348 if (ret) {
349 printf("TEE_LOAD_MASTER Failed\n");
350 return ret;
351 }
352 printf("TEE_LOAD_MASTER Done\n");
353
354#if defined(CONFIG_OMAP54XX)
355 if (!is_dra72x()) {
356 u32 *smc_cpu1_params;
357 /* Reuse the tee_info buffer for SMC params */
358 smc_cpu1_params = (u32 *)&tee_info;
359 smc_cpu1_params[0] = 0;
360#if !defined(CONFIG_SYS_DCACHE_OFF)
361 flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
362 roundup(sizeof(u32), ARCH_DMA_MINALIGN));
363#endif
364 ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
365 smc_cpu1_params);
366 if (ret) {
367 printf("TEE_LOAD_SLAVE Failed\n");
368 return ret;
369 }
370 printf("TEE_LOAD_SLAVE Done\n");
371 }
372#endif
373
374 tee_loaded = 1;
375
376 return 0;
377}