1 /* 2 * 3 * Common security related functions for OMAP devices 4 * 5 * (C) Copyright 2016-2017 6 * Texas Instruments, <www.ti.com> 7 * 8 * Daniel Allred <d-allred@ti.com> 9 * Andreas Dannenberg <dannenberg@ti.com> 10 * Harinarayan Bhatta <harinarayan@ti.com> 11 * Andrew F. Davis <afd@ti.com> 12 * 13 * SPDX-License-Identifier: GPL-2.0+ 14 */ 15 16 #include <common.h> 17 #include <stdarg.h> 18 19 #include <asm/arch/sys_proto.h> 20 #include <asm/cache.h> 21 #include <asm/omap_common.h> 22 #include <asm/omap_sec_common.h> 23 #include <asm/spl.h> 24 #include <asm/ti-common/sys_proto.h> 25 #include <mapmem.h> 26 #include <spl.h> 27 #include <tee/optee.h> 28 29 /* Index for signature verify ROM API */ 30 #ifdef CONFIG_AM33XX 31 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) 32 #else 33 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) 34 #endif 35 36 /* Index for signature PPA-based TI HAL APIs */ 37 #define PPA_HAL_SERVICES_START_INDEX (0x200) 38 #define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23) 39 #define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24) 40 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25) 41 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26) 42 #define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27) 43 44 int tee_loaded = 0; 45 46 /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */ 47 struct ppa_tee_load_info { 48 u32 tee_sec_mem_start; /* Physical start address reserved for TEE */ 49 u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */ 50 u32 tee_cert_start; /* Address where signed TEE binary is loaded */ 51 u32 tee_cert_size; /* Size of TEE certificate (signed binary) */ 52 u32 tee_jump_addr; /* Address to jump to start TEE execution */ 53 u32 tee_arg0; /* argument to TEE jump function, in r0 */ 54 }; 55 56 static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN); 57 58 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) 59 { 60 int i; 61 u32 num_args; 62 va_list ap; 63 64 va_start(ap, flag); 65 66 num_args = va_arg(ap, u32); 67 68 if (num_args > 4) { 69 va_end(ap); 70 return 1; 71 } 72 73 /* Copy args to aligned args structure */ 74 for (i = 0; i < num_args; i++) 75 secure_rom_call_args[i + 1] = va_arg(ap, u32); 76 77 secure_rom_call_args[0] = num_args; 78 79 va_end(ap); 80 81 /* if data cache is enabled, flush the aligned args structure */ 82 flush_dcache_range( 83 (unsigned int)&secure_rom_call_args[0], 84 (unsigned int)&secure_rom_call_args[0] + 85 roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN)); 86 87 return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); 88 } 89 90 static u32 find_sig_start(char *image, size_t size) 91 { 92 char *image_end = image + size; 93 char *sig_start_magic = "CERT_"; 94 int magic_str_len = strlen(sig_start_magic); 95 char *ch; 96 97 while (--image_end > image) { 98 if (*image_end == '_') { 99 ch = image_end - magic_str_len + 1; 100 if (!strncmp(ch, sig_start_magic, magic_str_len)) 101 return (u32)ch; 102 } 103 } 104 return 0; 105 } 106 107 int secure_boot_verify_image(void **image, size_t *size) 108 { 109 int result = 1; 110 u32 cert_addr, sig_addr; 111 size_t cert_size; 112 113 /* Perform cache writeback on input buffer */ 114 flush_dcache_range( 115 rounddown((u32)*image, ARCH_DMA_MINALIGN), 116 roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); 117 118 cert_addr = (uint32_t)*image; 119 sig_addr = find_sig_start((char *)*image, *size); 120 121 if (sig_addr == 0) { 122 printf("No signature found in image!\n"); 123 result = 1; 124 goto auth_exit; 125 } 126 127 *size = sig_addr - cert_addr; /* Subtract out the signature size */ 128 cert_size = *size; 129 130 /* Check if image load address is 32-bit aligned */ 131 if (!IS_ALIGNED(cert_addr, 4)) { 132 printf("Image is not 4-byte aligned!\n"); 133 result = 1; 134 goto auth_exit; 135 } 136 137 /* Image size also should be multiple of 4 */ 138 if (!IS_ALIGNED(cert_size, 4)) { 139 printf("Image size is not 4-byte aligned!\n"); 140 result = 1; 141 goto auth_exit; 142 } 143 144 /* Call ROM HAL API to verify certificate signature */ 145 debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, 146 cert_addr, cert_size, sig_addr); 147 148 result = secure_rom_call( 149 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, 150 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); 151 152 /* Perform cache writeback on output buffer */ 153 flush_dcache_range( 154 rounddown((u32)*image, ARCH_DMA_MINALIGN), 155 roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); 156 157 auth_exit: 158 if (result != 0) { 159 printf("Authentication failed!\n"); 160 printf("Return Value = %08X\n", result); 161 hang(); 162 } 163 164 /* 165 * Output notification of successful authentication as well the name of 166 * the signing certificate used to re-assure the user that the secure 167 * code is being processed as expected. However suppress any such log 168 * output in case of building for SPL and booting via YMODEM. This is 169 * done to avoid disturbing the YMODEM serial protocol transactions. 170 */ 171 if (!(IS_ENABLED(CONFIG_SPL_BUILD) && 172 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && 173 spl_boot_device() == BOOT_DEVICE_UART)) 174 printf("Authentication passed: %s\n", (char *)sig_addr); 175 176 return result; 177 } 178 179 u32 get_sec_mem_start(void) 180 { 181 u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START; 182 u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE; 183 /* 184 * Total reserved region is all contiguous with protected 185 * region coming first, followed by the non-secure region. 186 * If 0x0 start address is given, we simply put the reserved 187 * region at the end of the external DRAM. 188 */ 189 if (sec_mem_start == 0) 190 sec_mem_start = 191 (CONFIG_SYS_SDRAM_BASE + ( 192 #if defined(CONFIG_OMAP54XX) 193 omap_sdram_size() 194 #else 195 get_ram_size((void *)CONFIG_SYS_SDRAM_BASE, 196 CONFIG_MAX_RAM_BANK_SIZE) 197 #endif 198 - sec_mem_size)); 199 return sec_mem_start; 200 } 201 202 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr, 203 uint32_t size, uint32_t access_perm, 204 uint32_t initiator_perm) 205 { 206 int result = 1; 207 208 /* 209 * Call PPA HAL API to do any other general firewall 210 * configuration for regions 1-6 of the EMIF firewall. 211 */ 212 debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__, 213 region_num, start_addr, size); 214 215 result = secure_rom_call( 216 PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4, 217 (start_addr & 0xFFFFFFF0) | (region_num & 0x0F), 218 size, access_perm, initiator_perm); 219 220 if (result != 0) { 221 puts("Secure EMIF Firewall Setup failed!\n"); 222 debug("Return Value = %x\n", result); 223 } 224 225 return result; 226 } 227 228 #if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \ 229 CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE) 230 #error "TI Secure EMIF: Protected size cannot be larger than total size." 231 #endif 232 int secure_emif_reserve(void) 233 { 234 int result = 1; 235 u32 sec_mem_start = get_sec_mem_start(); 236 u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; 237 238 /* If there is no protected region, there is no reservation to make */ 239 if (sec_prot_size == 0) 240 return 0; 241 242 /* 243 * Call PPA HAL API to reserve a chunk of EMIF SDRAM 244 * for secure world use. This region should be carved out 245 * from use by any public code. EMIF firewall region 7 246 * will be used to protect this block of memory. 247 */ 248 result = secure_rom_call( 249 PPA_SERV_HAL_SETUP_SEC_RESVD_REGION, 250 0, 0, 2, sec_mem_start, sec_prot_size); 251 252 if (result != 0) { 253 puts("SDRAM Firewall: Secure memory reservation failed!\n"); 254 debug("Return Value = %x\n", result); 255 } 256 257 return result; 258 } 259 260 int secure_emif_firewall_lock(void) 261 { 262 int result = 1; 263 264 /* 265 * Call PPA HAL API to lock the EMIF firewall configurations. 266 * After this API is called, none of the PPA HAL APIs for 267 * configuring the EMIF firewalls will be usable again (that 268 * is, calls to those APIs will return failure and have no 269 * effect). 270 */ 271 272 result = secure_rom_call( 273 PPA_SERV_HAL_LOCK_EMIF_FW, 274 0, 0, 0); 275 276 if (result != 0) { 277 puts("Secure EMIF Firewall Lock failed!\n"); 278 debug("Return Value = %x\n", result); 279 } 280 281 return result; 282 } 283 284 static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN); 285 286 int secure_tee_install(u32 addr) 287 { 288 struct optee_header *hdr; 289 void *loadptr; 290 u32 tee_file_size; 291 u32 sec_mem_start = get_sec_mem_start(); 292 const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; 293 u32 ret; 294 295 /* If there is no protected region, there is no place to put the TEE */ 296 if (size == 0) { 297 printf("Error loading TEE, no protected memory region available\n"); 298 return -ENOBUFS; 299 } 300 301 hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header)); 302 /* 280 bytes = size of signature */ 303 tee_file_size = hdr->init_size + hdr->paged_size + 304 sizeof(struct optee_header) + 280; 305 306 if ((hdr->magic != OPTEE_MAGIC) || 307 (hdr->version != OPTEE_VERSION) || 308 (hdr->init_load_addr_hi != 0) || 309 (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) || 310 (tee_file_size > size) || 311 ((hdr->init_load_addr_lo + tee_file_size - 1) > 312 (sec_mem_start + size - 1))) { 313 printf("Error in TEE header. Check load address and sizes\n"); 314 unmap_sysmem(hdr); 315 return CMD_RET_FAILURE; 316 } 317 318 tee_info.tee_sec_mem_start = sec_mem_start; 319 tee_info.tee_sec_mem_size = size; 320 tee_info.tee_jump_addr = hdr->init_load_addr_lo; 321 tee_info.tee_cert_start = addr; 322 tee_info.tee_cert_size = tee_file_size; 323 tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr; 324 unmap_sysmem(hdr); 325 loadptr = map_sysmem(addr, tee_file_size); 326 327 debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start); 328 debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size); 329 debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr); 330 debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start); 331 debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size); 332 debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0); 333 debug("tee_file_size = %d\n", tee_file_size); 334 335 #if !defined(CONFIG_SYS_DCACHE_OFF) 336 flush_dcache_range( 337 rounddown((u32)loadptr, ARCH_DMA_MINALIGN), 338 roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN)); 339 340 flush_dcache_range((u32)&tee_info, (u32)&tee_info + 341 roundup(sizeof(tee_info), ARCH_DMA_MINALIGN)); 342 #endif 343 unmap_sysmem(loadptr); 344 345 ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info); 346 if (ret) { 347 printf("TEE_LOAD_MASTER Failed\n"); 348 return ret; 349 } 350 printf("TEE_LOAD_MASTER Done\n"); 351 352 #if defined(CONFIG_OMAP54XX) 353 if (!is_dra72x()) { 354 u32 *smc_cpu1_params; 355 /* Reuse the tee_info buffer for SMC params */ 356 smc_cpu1_params = (u32 *)&tee_info; 357 smc_cpu1_params[0] = 0; 358 #if !defined(CONFIG_SYS_DCACHE_OFF) 359 flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params + 360 roundup(sizeof(u32), ARCH_DMA_MINALIGN)); 361 #endif 362 ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0, 363 smc_cpu1_params); 364 if (ret) { 365 printf("TEE_LOAD_SLAVE Failed\n"); 366 return ret; 367 } 368 printf("TEE_LOAD_SLAVE Done\n"); 369 } 370 #endif 371 372 tee_loaded = 1; 373 374 return 0; 375 } 376