LXR uboot/arch/arm/mach-omap2/sec-common.c

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 *
   4 * Common security related functions for OMAP devices
   5 *
   6 * (C) Copyright 2016-2017
   7 * Texas Instruments, <www.ti.com>
   8 *
   9 * Daniel Allred <d-allred@ti.com>
  10 * Andreas Dannenberg <dannenberg@ti.com>
  11 * Harinarayan Bhatta <harinarayan@ti.com>
  12 * Andrew F. Davis <afd@ti.com>
  13 */
  14
  15#include <common.h>
  16#include <command.h>
  17#include <cpu_func.h>
  18#include <hang.h>
  19#include <init.h>
  20#include <log.h>
  21#include <stdarg.h>
  22
  23#include <asm/arch/sys_proto.h>
  24#include <asm/cache.h>
  25#include <asm/omap_common.h>
  26#include <asm/omap_sec_common.h>
  27#include <asm/spl.h>
  28#include <asm/ti-common/sys_proto.h>
  29#include <mapmem.h>
  30#include <spl.h>
  31#include <tee/optee.h>
  32
  33/* Index for signature verify ROM API */
  34#ifdef CONFIG_AM33XX
  35#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX     (0x0000000C)
  36#else
  37#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX     (0x0000000E)
  38#endif
  39
  40/* Index for signature PPA-based TI HAL APIs */
  41#define PPA_HAL_SERVICES_START_INDEX        (0x200)
  42#define PPA_SERV_HAL_TEE_LOAD_MASTER        (PPA_HAL_SERVICES_START_INDEX + 23)
  43#define PPA_SERV_HAL_TEE_LOAD_SLAVE         (PPA_HAL_SERVICES_START_INDEX + 24)
  44#define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
  45#define PPA_SERV_HAL_SETUP_EMIF_FW_REGION   (PPA_HAL_SERVICES_START_INDEX + 26)
  46#define PPA_SERV_HAL_LOCK_EMIF_FW           (PPA_HAL_SERVICES_START_INDEX + 27)
  47
  48/* Offset of header size if image is signed as ISW */
  49#define HEADER_SIZE_OFFSET      (0x6D)
  50
  51int tee_loaded = 0;
  52
  53/* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
  54struct ppa_tee_load_info {
  55        u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
  56        u32 tee_sec_mem_size;  /* Size of the memory reserved for TEE */
  57        u32 tee_cert_start;    /* Address where signed TEE binary is loaded */
  58        u32 tee_cert_size;     /* Size of TEE certificate (signed binary) */
  59        u32 tee_jump_addr;     /* Address to jump to start TEE execution */
  60        u32 tee_arg0;          /* argument to TEE jump function, in r0 */
  61};
  62
  63static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN) __section(".data");
  64
  65u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
  66{
  67        int i;
  68        u32 num_args;
  69        va_list ap;
  70
  71        va_start(ap, flag);
  72
  73        num_args = va_arg(ap, u32);
  74
  75        if (num_args > 4) {
  76                va_end(ap);
  77                return 1;
  78        }
  79
  80        /* Copy args to aligned args structure */
  81        for (i = 0; i < num_args; i++)
  82                secure_rom_call_args[i + 1] = va_arg(ap, u32);
  83
  84        secure_rom_call_args[0] = num_args;
  85
  86        va_end(ap);
  87
  88        /* if data cache is enabled, flush the aligned args structure */
  89        flush_dcache_range(
  90                (unsigned int)&secure_rom_call_args[0],
  91                (unsigned int)&secure_rom_call_args[0] +
  92                roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
  93
  94        return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
  95}
  96
  97static u32 find_sig_start(char *image, size_t size)
  98{
  99        char *image_end = image + size;
 100        char *sig_start_magic = "CERT_";
 101        int magic_str_len = strlen(sig_start_magic);
 102        char *ch;
 103
 104        while (--image_end > image) {
 105                if (*image_end == '_') {
 106                        ch = image_end - magic_str_len + 1;
 107                        if (!strncmp(ch, sig_start_magic, magic_str_len))
 108                                return (u32)ch;
 109                }
 110        }
 111        return 0;
 112}
 113
 114int secure_boot_verify_image(void **image, size_t *size)
 115{
 116        int result = 1;
 117        u32 cert_addr, sig_addr;
 118        size_t cert_size;
 119
 120        /* Perform cache writeback on input buffer */
 121        flush_dcache_range(
 122                rounddown((u32)*image, ARCH_DMA_MINALIGN),
 123                roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
 124
 125        cert_addr = (uint32_t)*image;
 126        sig_addr = find_sig_start((char *)*image, *size);
 127
 128        if (sig_addr == 0) {
 129                printf("No signature found in image!\n");
 130                result = 1;
 131                goto auth_exit;
 132        }
 133
 134        *size = sig_addr - cert_addr;   /* Subtract out the signature size */
 135        /* Subtract header if present */
 136        if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0)
 137                *size -= ((u32 *)*image)[HEADER_SIZE_OFFSET];
 138        cert_size = *size;
 139
 140        /* Check if image load address is 32-bit aligned */
 141        if (!IS_ALIGNED(cert_addr, 4)) {
 142                printf("Image is not 4-byte aligned!\n");
 143                result = 1;
 144                goto auth_exit;
 145        }
 146
 147        /* Image size also should be multiple of 4 */
 148        if (!IS_ALIGNED(cert_size, 4)) {
 149                printf("Image size is not 4-byte aligned!\n");
 150                result = 1;
 151                goto auth_exit;
 152        }
 153
 154        /* Call ROM HAL API to verify certificate signature */
 155        debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
 156              cert_addr, cert_size, sig_addr);
 157
 158        result = secure_rom_call(
 159                API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
 160                4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
 161
 162        /* Perform cache writeback on output buffer */
 163        flush_dcache_range(
 164                rounddown((u32)*image, ARCH_DMA_MINALIGN),
 165                roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
 166
 167auth_exit:
 168        if (result != 0) {
 169                printf("Authentication failed!\n");
 170                printf("Return Value = %08X\n", result);
 171                hang();
 172        }
 173
 174        /*
 175         * Output notification of successful authentication to re-assure the
 176         * user that the secure code is being processed as expected. However
 177         * suppress any such log output in case of building for SPL and booting
 178         * via YMODEM. This is done to avoid disturbing the YMODEM serial
 179         * protocol transactions.
 180         */
 181        if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
 182              IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
 183              spl_boot_device() == BOOT_DEVICE_UART))
 184                printf("Authentication passed\n");
 185
 186        return result;
 187}
 188
 189u32 get_sec_mem_start(void)
 190{
 191        u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
 192        u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
 193        /*
 194         * Total reserved region is all contiguous with protected
 195         * region coming first, followed by the non-secure region.
 196         * If 0x0 start address is given, we simply put the reserved
 197         * region at the end of the external DRAM.
 198         */
 199        if (sec_mem_start == 0)
 200                sec_mem_start =
 201                        (CONFIG_SYS_SDRAM_BASE + (
 202#if defined(CONFIG_OMAP54XX)
 203                        omap_sdram_size()
 204#else
 205                        get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
 206                                     CONFIG_MAX_RAM_BANK_SIZE)
 207#endif
 208                        - sec_mem_size));
 209        return sec_mem_start;
 210}
 211
 212int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
 213                               uint32_t size, uint32_t access_perm,
 214                               uint32_t initiator_perm)
 215{
 216        int result = 1;
 217
 218        /*
 219         * Call PPA HAL API to do any other general firewall
 220         * configuration for regions 1-6 of the EMIF firewall.
 221         */
 222        debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
 223              region_num, start_addr, size);
 224
 225        result = secure_rom_call(
 226                        PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
 227                        (start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
 228                        size, access_perm, initiator_perm);
 229
 230        if (result != 0) {
 231                puts("Secure EMIF Firewall Setup failed!\n");
 232                debug("Return Value = %x\n", result);
 233        }
 234
 235        return result;
 236}
 237
 238#if     (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE <  \
 239        CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
 240#error  "TI Secure EMIF: Protected size cannot be larger than total size."
 241#endif
 242int secure_emif_reserve(void)
 243{
 244        int result = 1;
 245        u32 sec_mem_start = get_sec_mem_start();
 246        u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
 247
 248        /* If there is no protected region, there is no reservation to make */
 249        if (sec_prot_size == 0)
 250                return 0;
 251
 252        /*
 253         * Call PPA HAL API to reserve a chunk of EMIF SDRAM
 254         * for secure world use. This region should be carved out
 255         * from use by any public code. EMIF firewall region 7
 256         * will be used to protect this block of memory.
 257         */
 258        result = secure_rom_call(
 259                        PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
 260                        0, 0, 2, sec_mem_start, sec_prot_size);
 261
 262        if (result != 0) {
 263                puts("SDRAM Firewall: Secure memory reservation failed!\n");
 264                debug("Return Value = %x\n", result);
 265        }
 266
 267        return result;
 268}
 269
 270int secure_emif_firewall_lock(void)
 271{
 272        int result = 1;
 273
 274        /*
 275         * Call PPA HAL API to lock the EMIF firewall configurations.
 276         * After this API is called, none of the PPA HAL APIs for
 277         * configuring the EMIF firewalls will be usable again (that
 278         * is, calls to those APIs will return failure and have no
 279         * effect).
 280         */
 281
 282        result = secure_rom_call(
 283                        PPA_SERV_HAL_LOCK_EMIF_FW,
 284                        0, 0, 0);
 285
 286        if (result != 0) {
 287                puts("Secure EMIF Firewall Lock failed!\n");
 288                debug("Return Value = %x\n", result);
 289        }
 290
 291        return result;
 292}
 293
 294static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
 295
 296int secure_tee_install(u32 addr)
 297{
 298        struct optee_header *hdr;
 299        void *loadptr;
 300        u32 tee_file_size;
 301        u32 sec_mem_start = get_sec_mem_start();
 302        const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
 303        u32 ret;
 304
 305        /* If there is no protected region, there is no place to put the TEE */
 306        if (size == 0) {
 307                printf("Error loading TEE, no protected memory region available\n");
 308                return -ENOBUFS;
 309        }
 310
 311        hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
 312        /* 280 bytes = size of signature */
 313        tee_file_size = hdr->init_size + hdr->paged_size +
 314                        sizeof(struct optee_header) + 280;
 315
 316        if ((hdr->magic != OPTEE_MAGIC) ||
 317            (hdr->version != OPTEE_VERSION) ||
 318            (tee_file_size > size)) {
 319                printf("Error in TEE header. Check firewall and TEE sizes\n");
 320                unmap_sysmem(hdr);
 321                return CMD_RET_FAILURE;
 322        }
 323
 324        tee_info.tee_sec_mem_start = sec_mem_start;
 325        tee_info.tee_sec_mem_size = size;
 326        tee_info.tee_jump_addr = hdr->init_load_addr_lo;
 327        tee_info.tee_cert_start = addr;
 328        tee_info.tee_cert_size = tee_file_size;
 329        tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
 330        unmap_sysmem(hdr);
 331        loadptr = map_sysmem(addr, tee_file_size);
 332
 333        debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
 334        debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
 335        debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
 336        debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
 337        debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
 338        debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
 339        debug("tee_file_size = %d\n", tee_file_size);
 340
 341#if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF)
 342        flush_dcache_range(
 343                rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
 344                roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
 345
 346        flush_dcache_range((u32)&tee_info, (u32)&tee_info +
 347                        roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
 348#endif
 349        unmap_sysmem(loadptr);
 350
 351        ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
 352        if (ret) {
 353                printf("TEE_LOAD_MASTER Failed\n");
 354                return ret;
 355        }
 356        printf("TEE_LOAD_MASTER Done\n");
 357
 358#if defined(CONFIG_OMAP54XX)
 359        if (!is_dra72x()) {
 360                u32 *smc_cpu1_params;
 361                /* Reuse the tee_info buffer for SMC params */
 362                smc_cpu1_params = (u32 *)&tee_info;
 363                smc_cpu1_params[0] = 0;
 364#if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF)
 365                flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
 366                                roundup(sizeof(u32), ARCH_DMA_MINALIGN));
 367#endif
 368                ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
 369                                smc_cpu1_params);
 370                if (ret) {
 371                        printf("TEE_LOAD_SLAVE Failed\n");
 372                        return ret;
 373                }
 374                printf("TEE_LOAD_SLAVE Done\n");
 375        }
 376#endif
 377
 378        tee_loaded = 1;
 379
 380        return 0;
 381}
 382