blob: 2d54a3165ef3a278b86002e3d1d266c84cfffa97 [file] [log] [blame]
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -05001/*
2 *
3 * Common security related functions for OMAP devices
4 *
Andrew F. Davis3348e0c2017-07-10 14:45:49 -05005 * (C) Copyright 2016-2017
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -05006 * Texas Instruments, <www.ti.com>
7 *
8 * Daniel Allred <d-allred@ti.com>
9 * Andreas Dannenberg <dannenberg@ti.com>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050010 * Harinarayan Bhatta <harinarayan@ti.com>
11 * Andrew F. Davis <afd@ti.com>
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050012 *
13 * SPDX-License-Identifier: GPL-2.0+
14 */
15
16#include <common.h>
17#include <stdarg.h>
18
19#include <asm/arch/sys_proto.h>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050020#include <asm/cache.h>
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050021#include <asm/omap_common.h>
22#include <asm/omap_sec_common.h>
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050023#include <asm/spl.h>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050024#include <asm/ti-common/sys_proto.h>
25#include <mapmem.h>
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050026#include <spl.h>
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050027#include <tee/optee.h>
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050028
29/* Index for signature verify ROM API */
Andrew F. Davis4ac19ba2017-01-11 10:19:52 -060030#ifdef CONFIG_AM33XX
31#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C)
32#else
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050033#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
Andrew F. Davis4ac19ba2017-01-11 10:19:52 -060034#endif
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050035
Andrew F. Davis3348e0c2017-07-10 14:45:49 -050036/* Index for signature PPA-based TI HAL APIs */
37#define PPA_HAL_SERVICES_START_INDEX (0x200)
38#define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23)
39#define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24)
40#define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
41#define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26)
42#define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27)
43
44int tee_loaded = 0;
45
46/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
47struct ppa_tee_load_info {
48 u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
49 u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */
50 u32 tee_cert_start; /* Address where signed TEE binary is loaded */
51 u32 tee_cert_size; /* Size of TEE certificate (signed binary) */
52 u32 tee_jump_addr; /* Address to jump to start TEE execution */
53 u32 tee_arg0; /* argument to TEE jump function, in r0 */
54};
55
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050056static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
57
58u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
59{
60 int i;
61 u32 num_args;
62 va_list ap;
63
64 va_start(ap, flag);
65
66 num_args = va_arg(ap, u32);
67
xypron.glpk@gmx.de1ecd2a22017-04-15 12:29:20 +020068 if (num_args > 4) {
69 va_end(ap);
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050070 return 1;
xypron.glpk@gmx.de1ecd2a22017-04-15 12:29:20 +020071 }
Andreas Dannenbergd86f7af2016-06-27 09:19:18 -050072
73 /* Copy args to aligned args structure */
74 for (i = 0; i < num_args; i++)
75 secure_rom_call_args[i + 1] = va_arg(ap, u32);
76
77 secure_rom_call_args[0] = num_args;
78
79 va_end(ap);
80
81 /* if data cache is enabled, flush the aligned args structure */
82 flush_dcache_range(
83 (unsigned int)&secure_rom_call_args[0],
84 (unsigned int)&secure_rom_call_args[0] +
85 roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
86
87 return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
88}
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -050089
90static u32 find_sig_start(char *image, size_t size)
91{
92 char *image_end = image + size;
93 char *sig_start_magic = "CERT_";
94 int magic_str_len = strlen(sig_start_magic);
95 char *ch;
96
97 while (--image_end > image) {
98 if (*image_end == '_') {
99 ch = image_end - magic_str_len + 1;
100 if (!strncmp(ch, sig_start_magic, magic_str_len))
101 return (u32)ch;
102 }
103 }
104 return 0;
105}
106
107int secure_boot_verify_image(void **image, size_t *size)
108{
109 int result = 1;
110 u32 cert_addr, sig_addr;
111 size_t cert_size;
112
113 /* Perform cache writeback on input buffer */
114 flush_dcache_range(
Andrew F. Davisef3fc42d2017-07-26 14:53:19 -0500115 rounddown((u32)*image, ARCH_DMA_MINALIGN),
116 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -0500117
118 cert_addr = (uint32_t)*image;
119 sig_addr = find_sig_start((char *)*image, *size);
120
121 if (sig_addr == 0) {
122 printf("No signature found in image!\n");
123 result = 1;
124 goto auth_exit;
125 }
126
127 *size = sig_addr - cert_addr; /* Subtract out the signature size */
128 cert_size = *size;
129
130 /* Check if image load address is 32-bit aligned */
131 if (!IS_ALIGNED(cert_addr, 4)) {
132 printf("Image is not 4-byte aligned!\n");
133 result = 1;
134 goto auth_exit;
135 }
136
137 /* Image size also should be multiple of 4 */
138 if (!IS_ALIGNED(cert_size, 4)) {
139 printf("Image size is not 4-byte aligned!\n");
140 result = 1;
141 goto auth_exit;
142 }
143
144 /* Call ROM HAL API to verify certificate signature */
145 debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
146 cert_addr, cert_size, sig_addr);
147
148 result = secure_rom_call(
149 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
150 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
Andrew F. Davis4f65ee32017-02-22 17:46:39 -0600151
152 /* Perform cache writeback on output buffer */
153 flush_dcache_range(
Andrew F. Davisef3fc42d2017-07-26 14:53:19 -0500154 rounddown((u32)*image, ARCH_DMA_MINALIGN),
155 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
Andrew F. Davis4f65ee32017-02-22 17:46:39 -0600156
Andreas Dannenberg1bb0a212016-06-27 09:19:19 -0500157auth_exit:
158 if (result != 0) {
159 printf("Authentication failed!\n");
160 printf("Return Value = %08X\n", result);
161 hang();
162 }
163
164 /*
165 * Output notification of successful authentication as well the name of
166 * the signing certificate used to re-assure the user that the secure
167 * code is being processed as expected. However suppress any such log
168 * output in case of building for SPL and booting via YMODEM. This is
169 * done to avoid disturbing the YMODEM serial protocol transactions.
170 */
171 if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
172 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
173 spl_boot_device() == BOOT_DEVICE_UART))
174 printf("Authentication passed: %s\n", (char *)sig_addr);
175
176 return result;
177}
Andrew F. Davis3348e0c2017-07-10 14:45:49 -0500178
Andrew F. Davis03750232017-07-10 14:45:50 -0500179u32 get_sec_mem_start(void)
Andrew F. Davis3348e0c2017-07-10 14:45:49 -0500180{
181 u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
182 u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
183 /*
184 * Total reserved region is all contiguous with protected
185 * region coming first, followed by the non-secure region.
186 * If 0x0 start address is given, we simply put the reserved
187 * region at the end of the external DRAM.
188 */
189 if (sec_mem_start == 0)
190 sec_mem_start =
191 (CONFIG_SYS_SDRAM_BASE + (
192#if defined(CONFIG_OMAP54XX)
193 omap_sdram_size()
194#else
195 get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
196 CONFIG_MAX_RAM_BANK_SIZE)
197#endif
198 - sec_mem_size));
199 return sec_mem_start;
200}
201
202int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
203 uint32_t size, uint32_t access_perm,
204 uint32_t initiator_perm)
205{
206 int result = 1;
207
208 /*
209 * Call PPA HAL API to do any other general firewall
210 * configuration for regions 1-6 of the EMIF firewall.
211 */
212 debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
213 region_num, start_addr, size);
214
215 result = secure_rom_call(
216 PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
217 (start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
218 size, access_perm, initiator_perm);
219
220 if (result != 0) {
221 puts("Secure EMIF Firewall Setup failed!\n");
222 debug("Return Value = %x\n", result);
223 }
224
225 return result;
226}
227
228#if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \
229 CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
230#error "TI Secure EMIF: Protected size cannot be larger than total size."
231#endif
232int secure_emif_reserve(void)
233{
234 int result = 1;
235 u32 sec_mem_start = get_sec_mem_start();
236 u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
237
238 /* If there is no protected region, there is no reservation to make */
239 if (sec_prot_size == 0)
240 return 0;
241
242 /*
243 * Call PPA HAL API to reserve a chunk of EMIF SDRAM
244 * for secure world use. This region should be carved out
245 * from use by any public code. EMIF firewall region 7
246 * will be used to protect this block of memory.
247 */
248 result = secure_rom_call(
249 PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
250 0, 0, 2, sec_mem_start, sec_prot_size);
251
252 if (result != 0) {
253 puts("SDRAM Firewall: Secure memory reservation failed!\n");
254 debug("Return Value = %x\n", result);
255 }
256
257 return result;
258}
259
260int secure_emif_firewall_lock(void)
261{
262 int result = 1;
263
264 /*
265 * Call PPA HAL API to lock the EMIF firewall configurations.
266 * After this API is called, none of the PPA HAL APIs for
267 * configuring the EMIF firewalls will be usable again (that
268 * is, calls to those APIs will return failure and have no
269 * effect).
270 */
271
272 result = secure_rom_call(
273 PPA_SERV_HAL_LOCK_EMIF_FW,
274 0, 0, 0);
275
276 if (result != 0) {
277 puts("Secure EMIF Firewall Lock failed!\n");
278 debug("Return Value = %x\n", result);
279 }
280
281 return result;
282}
283
284static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
285
286int secure_tee_install(u32 addr)
287{
288 struct optee_header *hdr;
289 void *loadptr;
290 u32 tee_file_size;
291 u32 sec_mem_start = get_sec_mem_start();
292 const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
293 u32 ret;
294
295 /* If there is no protected region, there is no place to put the TEE */
296 if (size == 0) {
297 printf("Error loading TEE, no protected memory region available\n");
298 return -ENOBUFS;
299 }
300
301 hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
302 /* 280 bytes = size of signature */
303 tee_file_size = hdr->init_size + hdr->paged_size +
304 sizeof(struct optee_header) + 280;
305
306 if ((hdr->magic != OPTEE_MAGIC) ||
307 (hdr->version != OPTEE_VERSION) ||
308 (hdr->init_load_addr_hi != 0) ||
309 (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) ||
310 (tee_file_size > size) ||
311 ((hdr->init_load_addr_lo + tee_file_size - 1) >
312 (sec_mem_start + size - 1))) {
313 printf("Error in TEE header. Check load address and sizes\n");
314 unmap_sysmem(hdr);
315 return CMD_RET_FAILURE;
316 }
317
318 tee_info.tee_sec_mem_start = sec_mem_start;
319 tee_info.tee_sec_mem_size = size;
320 tee_info.tee_jump_addr = hdr->init_load_addr_lo;
321 tee_info.tee_cert_start = addr;
322 tee_info.tee_cert_size = tee_file_size;
323 tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
324 unmap_sysmem(hdr);
325 loadptr = map_sysmem(addr, tee_file_size);
326
327 debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
328 debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
329 debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
330 debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
331 debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
332 debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
333 debug("tee_file_size = %d\n", tee_file_size);
334
335#if !defined(CONFIG_SYS_DCACHE_OFF)
336 flush_dcache_range(
337 rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
338 roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
339
340 flush_dcache_range((u32)&tee_info, (u32)&tee_info +
341 roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
342#endif
343 unmap_sysmem(loadptr);
344
345 ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
346 if (ret) {
347 printf("TEE_LOAD_MASTER Failed\n");
348 return ret;
349 }
350 printf("TEE_LOAD_MASTER Done\n");
351
352#if defined(CONFIG_OMAP54XX)
353 if (!is_dra72x()) {
354 u32 *smc_cpu1_params;
355 /* Reuse the tee_info buffer for SMC params */
356 smc_cpu1_params = (u32 *)&tee_info;
357 smc_cpu1_params[0] = 0;
358#if !defined(CONFIG_SYS_DCACHE_OFF)
359 flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
360 roundup(sizeof(u32), ARCH_DMA_MINALIGN));
361#endif
362 ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
363 smc_cpu1_params);
364 if (ret) {
365 printf("TEE_LOAD_SLAVE Failed\n");
366 return ret;
367 }
368 printf("TEE_LOAD_SLAVE Done\n");
369 }
370#endif
371
372 tee_loaded = 1;
373
374 return 0;
375}