Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 1 | /* |
| 2 | * |
| 3 | * Common security related functions for OMAP devices |
| 4 | * |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 5 | * (C) Copyright 2016-2017 |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 6 | * Texas Instruments, <www.ti.com> |
| 7 | * |
| 8 | * Daniel Allred <d-allred@ti.com> |
| 9 | * Andreas Dannenberg <dannenberg@ti.com> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 10 | * Harinarayan Bhatta <harinarayan@ti.com> |
| 11 | * Andrew F. Davis <afd@ti.com> |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 12 | * |
| 13 | * SPDX-License-Identifier: GPL-2.0+ |
| 14 | */ |
| 15 | |
| 16 | #include <common.h> |
| 17 | #include <stdarg.h> |
| 18 | |
| 19 | #include <asm/arch/sys_proto.h> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 20 | #include <asm/cache.h> |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 21 | #include <asm/omap_common.h> |
| 22 | #include <asm/omap_sec_common.h> |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 23 | #include <asm/spl.h> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 24 | #include <asm/ti-common/sys_proto.h> |
| 25 | #include <mapmem.h> |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 26 | #include <spl.h> |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 27 | #include <tee/optee.h> |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 28 | |
| 29 | /* Index for signature verify ROM API */ |
Andrew F. Davis | 4ac19ba | 2017-01-11 10:19:52 -0600 | [diff] [blame] | 30 | #ifdef CONFIG_AM33XX |
| 31 | #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) |
| 32 | #else |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 33 | #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) |
Andrew F. Davis | 4ac19ba | 2017-01-11 10:19:52 -0600 | [diff] [blame] | 34 | #endif |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 35 | |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 36 | /* Index for signature PPA-based TI HAL APIs */ |
| 37 | #define PPA_HAL_SERVICES_START_INDEX (0x200) |
| 38 | #define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23) |
| 39 | #define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24) |
| 40 | #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25) |
| 41 | #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26) |
| 42 | #define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27) |
| 43 | |
Madan Srinivas | 0830d72 | 2017-09-20 14:37:36 -0500 | [diff] [blame] | 44 | /* Offset of header size if image is signed as ISW */ |
| 45 | #define HEADER_SIZE_OFFSET (0x6D) |
| 46 | |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 47 | int tee_loaded = 0; |
| 48 | |
| 49 | /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */ |
| 50 | struct ppa_tee_load_info { |
| 51 | u32 tee_sec_mem_start; /* Physical start address reserved for TEE */ |
| 52 | u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */ |
| 53 | u32 tee_cert_start; /* Address where signed TEE binary is loaded */ |
| 54 | u32 tee_cert_size; /* Size of TEE certificate (signed binary) */ |
| 55 | u32 tee_jump_addr; /* Address to jump to start TEE execution */ |
| 56 | u32 tee_arg0; /* argument to TEE jump function, in r0 */ |
| 57 | }; |
| 58 | |
Andrew F. Davis | 60013a2 | 2018-01-16 14:25:48 -0600 | [diff] [blame] | 59 | static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN) __section(".data"); |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 60 | |
| 61 | u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) |
| 62 | { |
| 63 | int i; |
| 64 | u32 num_args; |
| 65 | va_list ap; |
| 66 | |
| 67 | va_start(ap, flag); |
| 68 | |
| 69 | num_args = va_arg(ap, u32); |
| 70 | |
xypron.glpk@gmx.de | 1ecd2a2 | 2017-04-15 12:29:20 +0200 | [diff] [blame] | 71 | if (num_args > 4) { |
| 72 | va_end(ap); |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 73 | return 1; |
xypron.glpk@gmx.de | 1ecd2a2 | 2017-04-15 12:29:20 +0200 | [diff] [blame] | 74 | } |
Andreas Dannenberg | d86f7af | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 75 | |
| 76 | /* Copy args to aligned args structure */ |
| 77 | for (i = 0; i < num_args; i++) |
| 78 | secure_rom_call_args[i + 1] = va_arg(ap, u32); |
| 79 | |
| 80 | secure_rom_call_args[0] = num_args; |
| 81 | |
| 82 | va_end(ap); |
| 83 | |
| 84 | /* if data cache is enabled, flush the aligned args structure */ |
| 85 | flush_dcache_range( |
| 86 | (unsigned int)&secure_rom_call_args[0], |
| 87 | (unsigned int)&secure_rom_call_args[0] + |
| 88 | roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN)); |
| 89 | |
| 90 | return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); |
| 91 | } |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 92 | |
| 93 | static u32 find_sig_start(char *image, size_t size) |
| 94 | { |
| 95 | char *image_end = image + size; |
| 96 | char *sig_start_magic = "CERT_"; |
| 97 | int magic_str_len = strlen(sig_start_magic); |
| 98 | char *ch; |
| 99 | |
| 100 | while (--image_end > image) { |
| 101 | if (*image_end == '_') { |
| 102 | ch = image_end - magic_str_len + 1; |
| 103 | if (!strncmp(ch, sig_start_magic, magic_str_len)) |
| 104 | return (u32)ch; |
| 105 | } |
| 106 | } |
| 107 | return 0; |
| 108 | } |
| 109 | |
| 110 | int secure_boot_verify_image(void **image, size_t *size) |
| 111 | { |
| 112 | int result = 1; |
| 113 | u32 cert_addr, sig_addr; |
| 114 | size_t cert_size; |
| 115 | |
| 116 | /* Perform cache writeback on input buffer */ |
| 117 | flush_dcache_range( |
Andrew F. Davis | ef3fc42d | 2017-07-26 14:53:19 -0500 | [diff] [blame] | 118 | rounddown((u32)*image, ARCH_DMA_MINALIGN), |
| 119 | roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 120 | |
| 121 | cert_addr = (uint32_t)*image; |
| 122 | sig_addr = find_sig_start((char *)*image, *size); |
| 123 | |
| 124 | if (sig_addr == 0) { |
| 125 | printf("No signature found in image!\n"); |
| 126 | result = 1; |
| 127 | goto auth_exit; |
| 128 | } |
| 129 | |
| 130 | *size = sig_addr - cert_addr; /* Subtract out the signature size */ |
Madan Srinivas | 0830d72 | 2017-09-20 14:37:36 -0500 | [diff] [blame] | 131 | /* Subtract header if present */ |
| 132 | if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0) |
Madan Srinivas | fbd23b9 | 2018-01-09 14:32:41 -0600 | [diff] [blame] | 133 | *size -= ((u32 *)*image)[HEADER_SIZE_OFFSET]; |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 134 | cert_size = *size; |
| 135 | |
| 136 | /* Check if image load address is 32-bit aligned */ |
| 137 | if (!IS_ALIGNED(cert_addr, 4)) { |
| 138 | printf("Image is not 4-byte aligned!\n"); |
| 139 | result = 1; |
| 140 | goto auth_exit; |
| 141 | } |
| 142 | |
| 143 | /* Image size also should be multiple of 4 */ |
| 144 | if (!IS_ALIGNED(cert_size, 4)) { |
| 145 | printf("Image size is not 4-byte aligned!\n"); |
| 146 | result = 1; |
| 147 | goto auth_exit; |
| 148 | } |
| 149 | |
| 150 | /* Call ROM HAL API to verify certificate signature */ |
| 151 | debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, |
| 152 | cert_addr, cert_size, sig_addr); |
| 153 | |
| 154 | result = secure_rom_call( |
| 155 | API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, |
| 156 | 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); |
Andrew F. Davis | 4f65ee3 | 2017-02-22 17:46:39 -0600 | [diff] [blame] | 157 | |
| 158 | /* Perform cache writeback on output buffer */ |
| 159 | flush_dcache_range( |
Andrew F. Davis | ef3fc42d | 2017-07-26 14:53:19 -0500 | [diff] [blame] | 160 | rounddown((u32)*image, ARCH_DMA_MINALIGN), |
| 161 | roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); |
Andrew F. Davis | 4f65ee3 | 2017-02-22 17:46:39 -0600 | [diff] [blame] | 162 | |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 163 | auth_exit: |
| 164 | if (result != 0) { |
| 165 | printf("Authentication failed!\n"); |
| 166 | printf("Return Value = %08X\n", result); |
| 167 | hang(); |
| 168 | } |
| 169 | |
| 170 | /* |
Andrew F. Davis | 6b3d4f3 | 2018-01-09 14:33:54 -0600 | [diff] [blame] | 171 | * Output notification of successful authentication to re-assure the |
| 172 | * user that the secure code is being processed as expected. However |
| 173 | * suppress any such log output in case of building for SPL and booting |
| 174 | * via YMODEM. This is done to avoid disturbing the YMODEM serial |
| 175 | * protocol transactions. |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 176 | */ |
| 177 | if (!(IS_ENABLED(CONFIG_SPL_BUILD) && |
| 178 | IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && |
| 179 | spl_boot_device() == BOOT_DEVICE_UART)) |
Andrew F. Davis | 6b3d4f3 | 2018-01-09 14:33:54 -0600 | [diff] [blame] | 180 | printf("Authentication passed\n"); |
Andreas Dannenberg | 1bb0a21 | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 181 | |
| 182 | return result; |
| 183 | } |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 184 | |
Andrew F. Davis | 0375023 | 2017-07-10 14:45:50 -0500 | [diff] [blame] | 185 | u32 get_sec_mem_start(void) |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 186 | { |
| 187 | u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START; |
| 188 | u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE; |
| 189 | /* |
| 190 | * Total reserved region is all contiguous with protected |
| 191 | * region coming first, followed by the non-secure region. |
| 192 | * If 0x0 start address is given, we simply put the reserved |
| 193 | * region at the end of the external DRAM. |
| 194 | */ |
| 195 | if (sec_mem_start == 0) |
| 196 | sec_mem_start = |
| 197 | (CONFIG_SYS_SDRAM_BASE + ( |
| 198 | #if defined(CONFIG_OMAP54XX) |
| 199 | omap_sdram_size() |
| 200 | #else |
| 201 | get_ram_size((void *)CONFIG_SYS_SDRAM_BASE, |
| 202 | CONFIG_MAX_RAM_BANK_SIZE) |
| 203 | #endif |
| 204 | - sec_mem_size)); |
| 205 | return sec_mem_start; |
| 206 | } |
| 207 | |
| 208 | int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr, |
| 209 | uint32_t size, uint32_t access_perm, |
| 210 | uint32_t initiator_perm) |
| 211 | { |
| 212 | int result = 1; |
| 213 | |
| 214 | /* |
| 215 | * Call PPA HAL API to do any other general firewall |
| 216 | * configuration for regions 1-6 of the EMIF firewall. |
| 217 | */ |
| 218 | debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__, |
| 219 | region_num, start_addr, size); |
| 220 | |
| 221 | result = secure_rom_call( |
| 222 | PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4, |
| 223 | (start_addr & 0xFFFFFFF0) | (region_num & 0x0F), |
| 224 | size, access_perm, initiator_perm); |
| 225 | |
| 226 | if (result != 0) { |
| 227 | puts("Secure EMIF Firewall Setup failed!\n"); |
| 228 | debug("Return Value = %x\n", result); |
| 229 | } |
| 230 | |
| 231 | return result; |
| 232 | } |
| 233 | |
| 234 | #if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \ |
| 235 | CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE) |
| 236 | #error "TI Secure EMIF: Protected size cannot be larger than total size." |
| 237 | #endif |
| 238 | int secure_emif_reserve(void) |
| 239 | { |
| 240 | int result = 1; |
| 241 | u32 sec_mem_start = get_sec_mem_start(); |
| 242 | u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; |
| 243 | |
| 244 | /* If there is no protected region, there is no reservation to make */ |
| 245 | if (sec_prot_size == 0) |
| 246 | return 0; |
| 247 | |
| 248 | /* |
| 249 | * Call PPA HAL API to reserve a chunk of EMIF SDRAM |
| 250 | * for secure world use. This region should be carved out |
| 251 | * from use by any public code. EMIF firewall region 7 |
| 252 | * will be used to protect this block of memory. |
| 253 | */ |
| 254 | result = secure_rom_call( |
| 255 | PPA_SERV_HAL_SETUP_SEC_RESVD_REGION, |
| 256 | 0, 0, 2, sec_mem_start, sec_prot_size); |
| 257 | |
| 258 | if (result != 0) { |
| 259 | puts("SDRAM Firewall: Secure memory reservation failed!\n"); |
| 260 | debug("Return Value = %x\n", result); |
| 261 | } |
| 262 | |
| 263 | return result; |
| 264 | } |
| 265 | |
| 266 | int secure_emif_firewall_lock(void) |
| 267 | { |
| 268 | int result = 1; |
| 269 | |
| 270 | /* |
| 271 | * Call PPA HAL API to lock the EMIF firewall configurations. |
| 272 | * After this API is called, none of the PPA HAL APIs for |
| 273 | * configuring the EMIF firewalls will be usable again (that |
| 274 | * is, calls to those APIs will return failure and have no |
| 275 | * effect). |
| 276 | */ |
| 277 | |
| 278 | result = secure_rom_call( |
| 279 | PPA_SERV_HAL_LOCK_EMIF_FW, |
| 280 | 0, 0, 0); |
| 281 | |
| 282 | if (result != 0) { |
| 283 | puts("Secure EMIF Firewall Lock failed!\n"); |
| 284 | debug("Return Value = %x\n", result); |
| 285 | } |
| 286 | |
| 287 | return result; |
| 288 | } |
| 289 | |
| 290 | static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN); |
| 291 | |
| 292 | int secure_tee_install(u32 addr) |
| 293 | { |
| 294 | struct optee_header *hdr; |
| 295 | void *loadptr; |
| 296 | u32 tee_file_size; |
| 297 | u32 sec_mem_start = get_sec_mem_start(); |
| 298 | const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; |
| 299 | u32 ret; |
| 300 | |
| 301 | /* If there is no protected region, there is no place to put the TEE */ |
| 302 | if (size == 0) { |
| 303 | printf("Error loading TEE, no protected memory region available\n"); |
| 304 | return -ENOBUFS; |
| 305 | } |
| 306 | |
| 307 | hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header)); |
| 308 | /* 280 bytes = size of signature */ |
| 309 | tee_file_size = hdr->init_size + hdr->paged_size + |
| 310 | sizeof(struct optee_header) + 280; |
| 311 | |
| 312 | if ((hdr->magic != OPTEE_MAGIC) || |
| 313 | (hdr->version != OPTEE_VERSION) || |
Harinarayan Bhatta | a1e4bc6 | 2017-09-13 13:27:44 -0500 | [diff] [blame] | 314 | (tee_file_size > size)) { |
| 315 | printf("Error in TEE header. Check firewall and TEE sizes\n"); |
Andrew F. Davis | 3348e0c | 2017-07-10 14:45:49 -0500 | [diff] [blame] | 316 | unmap_sysmem(hdr); |
| 317 | return CMD_RET_FAILURE; |
| 318 | } |
| 319 | |
| 320 | tee_info.tee_sec_mem_start = sec_mem_start; |
| 321 | tee_info.tee_sec_mem_size = size; |
| 322 | tee_info.tee_jump_addr = hdr->init_load_addr_lo; |
| 323 | tee_info.tee_cert_start = addr; |
| 324 | tee_info.tee_cert_size = tee_file_size; |
| 325 | tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr; |
| 326 | unmap_sysmem(hdr); |
| 327 | loadptr = map_sysmem(addr, tee_file_size); |
| 328 | |
| 329 | debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start); |
| 330 | debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size); |
| 331 | debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr); |
| 332 | debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start); |
| 333 | debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size); |
| 334 | debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0); |
| 335 | debug("tee_file_size = %d\n", tee_file_size); |
| 336 | |
| 337 | #if !defined(CONFIG_SYS_DCACHE_OFF) |
| 338 | flush_dcache_range( |
| 339 | rounddown((u32)loadptr, ARCH_DMA_MINALIGN), |
| 340 | roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN)); |
| 341 | |
| 342 | flush_dcache_range((u32)&tee_info, (u32)&tee_info + |
| 343 | roundup(sizeof(tee_info), ARCH_DMA_MINALIGN)); |
| 344 | #endif |
| 345 | unmap_sysmem(loadptr); |
| 346 | |
| 347 | ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info); |
| 348 | if (ret) { |
| 349 | printf("TEE_LOAD_MASTER Failed\n"); |
| 350 | return ret; |
| 351 | } |
| 352 | printf("TEE_LOAD_MASTER Done\n"); |
| 353 | |
| 354 | #if defined(CONFIG_OMAP54XX) |
| 355 | if (!is_dra72x()) { |
| 356 | u32 *smc_cpu1_params; |
| 357 | /* Reuse the tee_info buffer for SMC params */ |
| 358 | smc_cpu1_params = (u32 *)&tee_info; |
| 359 | smc_cpu1_params[0] = 0; |
| 360 | #if !defined(CONFIG_SYS_DCACHE_OFF) |
| 361 | flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params + |
| 362 | roundup(sizeof(u32), ARCH_DMA_MINALIGN)); |
| 363 | #endif |
| 364 | ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0, |
| 365 | smc_cpu1_params); |
| 366 | if (ret) { |
| 367 | printf("TEE_LOAD_SLAVE Failed\n"); |
| 368 | return ret; |
| 369 | } |
| 370 | printf("TEE_LOAD_SLAVE Done\n"); |
| 371 | } |
| 372 | #endif |
| 373 | |
| 374 | tee_loaded = 1; |
| 375 | |
| 376 | return 0; |
| 377 | } |