1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *
4  * Common security related functions for OMAP devices
5  *
6  * (C) Copyright 2016-2017
7  * Texas Instruments, <www.ti.com>
8  *
9  * Daniel Allred <d-allred@ti.com>
10  * Andreas Dannenberg <dannenberg@ti.com>
11  * Harinarayan Bhatta <harinarayan@ti.com>
12  * Andrew F. Davis <afd@ti.com>
13  */
14 
15 #include <common.h>
16 #include <stdarg.h>
17 
18 #include <asm/arch/sys_proto.h>
19 #include <asm/cache.h>
20 #include <asm/omap_common.h>
21 #include <asm/omap_sec_common.h>
22 #include <asm/spl.h>
23 #include <asm/ti-common/sys_proto.h>
24 #include <mapmem.h>
25 #include <spl.h>
26 #include <tee/optee.h>
27 
28 /* Index for signature verify ROM API */
29 #ifdef CONFIG_AM33XX
30 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX	(0x0000000C)
31 #else
32 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX	(0x0000000E)
33 #endif
34 
35 /* Index for signature PPA-based TI HAL APIs */
36 #define PPA_HAL_SERVICES_START_INDEX        (0x200)
37 #define PPA_SERV_HAL_TEE_LOAD_MASTER        (PPA_HAL_SERVICES_START_INDEX + 23)
38 #define PPA_SERV_HAL_TEE_LOAD_SLAVE         (PPA_HAL_SERVICES_START_INDEX + 24)
39 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
40 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION   (PPA_HAL_SERVICES_START_INDEX + 26)
41 #define PPA_SERV_HAL_LOCK_EMIF_FW           (PPA_HAL_SERVICES_START_INDEX + 27)
42 
43 /* Offset of header size if image is signed as ISW */
44 #define HEADER_SIZE_OFFSET	(0x6D)
45 
46 int tee_loaded = 0;
47 
48 /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
49 struct ppa_tee_load_info {
50 	u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
51 	u32 tee_sec_mem_size;  /* Size of the memory reserved for TEE */
52 	u32 tee_cert_start;    /* Address where signed TEE binary is loaded */
53 	u32 tee_cert_size;     /* Size of TEE certificate (signed binary) */
54 	u32 tee_jump_addr;     /* Address to jump to start TEE execution */
55 	u32 tee_arg0;          /* argument to TEE jump function, in r0 */
56 };
57 
58 static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN) __section(".data");
59 
60 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
61 {
62 	int i;
63 	u32 num_args;
64 	va_list ap;
65 
66 	va_start(ap, flag);
67 
68 	num_args = va_arg(ap, u32);
69 
70 	if (num_args > 4) {
71 		va_end(ap);
72 		return 1;
73 	}
74 
75 	/* Copy args to aligned args structure */
76 	for (i = 0; i < num_args; i++)
77 		secure_rom_call_args[i + 1] = va_arg(ap, u32);
78 
79 	secure_rom_call_args[0] = num_args;
80 
81 	va_end(ap);
82 
83 	/* if data cache is enabled, flush the aligned args structure */
84 	flush_dcache_range(
85 		(unsigned int)&secure_rom_call_args[0],
86 		(unsigned int)&secure_rom_call_args[0] +
87 		roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
88 
89 	return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
90 }
91 
92 static u32 find_sig_start(char *image, size_t size)
93 {
94 	char *image_end = image + size;
95 	char *sig_start_magic = "CERT_";
96 	int magic_str_len = strlen(sig_start_magic);
97 	char *ch;
98 
99 	while (--image_end > image) {
100 		if (*image_end == '_') {
101 			ch = image_end - magic_str_len + 1;
102 			if (!strncmp(ch, sig_start_magic, magic_str_len))
103 				return (u32)ch;
104 		}
105 	}
106 	return 0;
107 }
108 
109 int secure_boot_verify_image(void **image, size_t *size)
110 {
111 	int result = 1;
112 	u32 cert_addr, sig_addr;
113 	size_t cert_size;
114 
115 	/* Perform cache writeback on input buffer */
116 	flush_dcache_range(
117 		rounddown((u32)*image, ARCH_DMA_MINALIGN),
118 		roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
119 
120 	cert_addr = (uint32_t)*image;
121 	sig_addr = find_sig_start((char *)*image, *size);
122 
123 	if (sig_addr == 0) {
124 		printf("No signature found in image!\n");
125 		result = 1;
126 		goto auth_exit;
127 	}
128 
129 	*size = sig_addr - cert_addr;	/* Subtract out the signature size */
130 	/* Subtract header if present */
131 	if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0)
132 		*size -= ((u32 *)*image)[HEADER_SIZE_OFFSET];
133 	cert_size = *size;
134 
135 	/* Check if image load address is 32-bit aligned */
136 	if (!IS_ALIGNED(cert_addr, 4)) {
137 		printf("Image is not 4-byte aligned!\n");
138 		result = 1;
139 		goto auth_exit;
140 	}
141 
142 	/* Image size also should be multiple of 4 */
143 	if (!IS_ALIGNED(cert_size, 4)) {
144 		printf("Image size is not 4-byte aligned!\n");
145 		result = 1;
146 		goto auth_exit;
147 	}
148 
149 	/* Call ROM HAL API to verify certificate signature */
150 	debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
151 	      cert_addr, cert_size, sig_addr);
152 
153 	result = secure_rom_call(
154 		API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
155 		4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
156 
157 	/* Perform cache writeback on output buffer */
158 	flush_dcache_range(
159 		rounddown((u32)*image, ARCH_DMA_MINALIGN),
160 		roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
161 
162 auth_exit:
163 	if (result != 0) {
164 		printf("Authentication failed!\n");
165 		printf("Return Value = %08X\n", result);
166 		hang();
167 	}
168 
169 	/*
170 	 * Output notification of successful authentication to re-assure the
171 	 * user that the secure code is being processed as expected. However
172 	 * suppress any such log output in case of building for SPL and booting
173 	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
174 	 * protocol transactions.
175 	 */
176 	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
177 	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
178 	      spl_boot_device() == BOOT_DEVICE_UART))
179 		printf("Authentication passed\n");
180 
181 	return result;
182 }
183 
184 u32 get_sec_mem_start(void)
185 {
186 	u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
187 	u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
188 	/*
189 	 * Total reserved region is all contiguous with protected
190 	 * region coming first, followed by the non-secure region.
191 	 * If 0x0 start address is given, we simply put the reserved
192 	 * region at the end of the external DRAM.
193 	 */
194 	if (sec_mem_start == 0)
195 		sec_mem_start =
196 			(CONFIG_SYS_SDRAM_BASE + (
197 #if defined(CONFIG_OMAP54XX)
198 			omap_sdram_size()
199 #else
200 			get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
201 				     CONFIG_MAX_RAM_BANK_SIZE)
202 #endif
203 			- sec_mem_size));
204 	return sec_mem_start;
205 }
206 
207 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
208 			       uint32_t size, uint32_t access_perm,
209 			       uint32_t initiator_perm)
210 {
211 	int result = 1;
212 
213 	/*
214 	 * Call PPA HAL API to do any other general firewall
215 	 * configuration for regions 1-6 of the EMIF firewall.
216 	 */
217 	debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
218 	      region_num, start_addr, size);
219 
220 	result = secure_rom_call(
221 			PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
222 			(start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
223 			size, access_perm, initiator_perm);
224 
225 	if (result != 0) {
226 		puts("Secure EMIF Firewall Setup failed!\n");
227 		debug("Return Value = %x\n", result);
228 	}
229 
230 	return result;
231 }
232 
233 #if	(CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE <  \
234 	CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
235 #error	"TI Secure EMIF: Protected size cannot be larger than total size."
236 #endif
237 int secure_emif_reserve(void)
238 {
239 	int result = 1;
240 	u32 sec_mem_start = get_sec_mem_start();
241 	u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
242 
243 	/* If there is no protected region, there is no reservation to make */
244 	if (sec_prot_size == 0)
245 		return 0;
246 
247 	/*
248 	 * Call PPA HAL API to reserve a chunk of EMIF SDRAM
249 	 * for secure world use. This region should be carved out
250 	 * from use by any public code. EMIF firewall region 7
251 	 * will be used to protect this block of memory.
252 	 */
253 	result = secure_rom_call(
254 			PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
255 			0, 0, 2, sec_mem_start, sec_prot_size);
256 
257 	if (result != 0) {
258 		puts("SDRAM Firewall: Secure memory reservation failed!\n");
259 		debug("Return Value = %x\n", result);
260 	}
261 
262 	return result;
263 }
264 
265 int secure_emif_firewall_lock(void)
266 {
267 	int result = 1;
268 
269 	/*
270 	 * Call PPA HAL API to lock the EMIF firewall configurations.
271 	 * After this API is called, none of the PPA HAL APIs for
272 	 * configuring the EMIF firewalls will be usable again (that
273 	 * is, calls to those APIs will return failure and have no
274 	 * effect).
275 	 */
276 
277 	result = secure_rom_call(
278 			PPA_SERV_HAL_LOCK_EMIF_FW,
279 			0, 0, 0);
280 
281 	if (result != 0) {
282 		puts("Secure EMIF Firewall Lock failed!\n");
283 		debug("Return Value = %x\n", result);
284 	}
285 
286 	return result;
287 }
288 
289 static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
290 
291 int secure_tee_install(u32 addr)
292 {
293 	struct optee_header *hdr;
294 	void *loadptr;
295 	u32 tee_file_size;
296 	u32 sec_mem_start = get_sec_mem_start();
297 	const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
298 	u32 ret;
299 
300 	/* If there is no protected region, there is no place to put the TEE */
301 	if (size == 0) {
302 		printf("Error loading TEE, no protected memory region available\n");
303 		return -ENOBUFS;
304 	}
305 
306 	hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
307 	/* 280 bytes = size of signature */
308 	tee_file_size = hdr->init_size + hdr->paged_size +
309 			sizeof(struct optee_header) + 280;
310 
311 	if ((hdr->magic != OPTEE_MAGIC) ||
312 	    (hdr->version != OPTEE_VERSION) ||
313 	    (tee_file_size > size)) {
314 		printf("Error in TEE header. Check firewall and TEE sizes\n");
315 		unmap_sysmem(hdr);
316 		return CMD_RET_FAILURE;
317 	}
318 
319 	tee_info.tee_sec_mem_start = sec_mem_start;
320 	tee_info.tee_sec_mem_size = size;
321 	tee_info.tee_jump_addr = hdr->init_load_addr_lo;
322 	tee_info.tee_cert_start = addr;
323 	tee_info.tee_cert_size = tee_file_size;
324 	tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
325 	unmap_sysmem(hdr);
326 	loadptr = map_sysmem(addr, tee_file_size);
327 
328 	debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
329 	debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
330 	debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
331 	debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
332 	debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
333 	debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
334 	debug("tee_file_size = %d\n", tee_file_size);
335 
336 #if !defined(CONFIG_SYS_DCACHE_OFF)
337 	flush_dcache_range(
338 		rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
339 		roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
340 
341 	flush_dcache_range((u32)&tee_info, (u32)&tee_info +
342 			roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
343 #endif
344 	unmap_sysmem(loadptr);
345 
346 	ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
347 	if (ret) {
348 		printf("TEE_LOAD_MASTER Failed\n");
349 		return ret;
350 	}
351 	printf("TEE_LOAD_MASTER Done\n");
352 
353 #if defined(CONFIG_OMAP54XX)
354 	if (!is_dra72x()) {
355 		u32 *smc_cpu1_params;
356 		/* Reuse the tee_info buffer for SMC params */
357 		smc_cpu1_params = (u32 *)&tee_info;
358 		smc_cpu1_params[0] = 0;
359 #if !defined(CONFIG_SYS_DCACHE_OFF)
360 		flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
361 				roundup(sizeof(u32), ARCH_DMA_MINALIGN));
362 #endif
363 		ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
364 				smc_cpu1_params);
365 		if (ret) {
366 			printf("TEE_LOAD_SLAVE Failed\n");
367 			return ret;
368 		}
369 		printf("TEE_LOAD_SLAVE Done\n");
370 	}
371 #endif
372 
373 	tee_loaded = 1;
374 
375 	return 0;
376 }
377