1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * 4 * Common security related functions for OMAP devices 5 * 6 * (C) Copyright 2016-2017 7 * Texas Instruments, <www.ti.com> 8 * 9 * Daniel Allred <d-allred@ti.com> 10 * Andreas Dannenberg <dannenberg@ti.com> 11 * Harinarayan Bhatta <harinarayan@ti.com> 12 * Andrew F. Davis <afd@ti.com> 13 */ 14 15 #include <common.h> 16 #include <stdarg.h> 17 18 #include <asm/arch/sys_proto.h> 19 #include <asm/cache.h> 20 #include <asm/omap_common.h> 21 #include <asm/omap_sec_common.h> 22 #include <asm/spl.h> 23 #include <asm/ti-common/sys_proto.h> 24 #include <mapmem.h> 25 #include <spl.h> 26 #include <tee/optee.h> 27 28 /* Index for signature verify ROM API */ 29 #ifdef CONFIG_AM33XX 30 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) 31 #else 32 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) 33 #endif 34 35 /* Index for signature PPA-based TI HAL APIs */ 36 #define PPA_HAL_SERVICES_START_INDEX (0x200) 37 #define PPA_SERV_HAL_TEE_LOAD_MASTER (PPA_HAL_SERVICES_START_INDEX + 23) 38 #define PPA_SERV_HAL_TEE_LOAD_SLAVE (PPA_HAL_SERVICES_START_INDEX + 24) 39 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25) 40 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26) 41 #define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27) 42 43 /* Offset of header size if image is signed as ISW */ 44 #define HEADER_SIZE_OFFSET (0x6D) 45 46 int tee_loaded = 0; 47 48 /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */ 49 struct ppa_tee_load_info { 50 u32 tee_sec_mem_start; /* Physical start address reserved for TEE */ 51 u32 tee_sec_mem_size; /* Size of the memory reserved for TEE */ 52 u32 tee_cert_start; /* Address where signed TEE binary is loaded */ 53 u32 tee_cert_size; /* Size of TEE certificate (signed binary) */ 54 u32 tee_jump_addr; /* Address to jump to start TEE execution */ 55 u32 tee_arg0; /* argument to TEE jump function, in r0 */ 56 }; 57 58 static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN) __section(".data"); 59 60 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) 61 { 62 int i; 63 u32 num_args; 64 va_list ap; 65 66 va_start(ap, flag); 67 68 num_args = va_arg(ap, u32); 69 70 if (num_args > 4) { 71 va_end(ap); 72 return 1; 73 } 74 75 /* Copy args to aligned args structure */ 76 for (i = 0; i < num_args; i++) 77 secure_rom_call_args[i + 1] = va_arg(ap, u32); 78 79 secure_rom_call_args[0] = num_args; 80 81 va_end(ap); 82 83 /* if data cache is enabled, flush the aligned args structure */ 84 flush_dcache_range( 85 (unsigned int)&secure_rom_call_args[0], 86 (unsigned int)&secure_rom_call_args[0] + 87 roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN)); 88 89 return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); 90 } 91 92 static u32 find_sig_start(char *image, size_t size) 93 { 94 char *image_end = image + size; 95 char *sig_start_magic = "CERT_"; 96 int magic_str_len = strlen(sig_start_magic); 97 char *ch; 98 99 while (--image_end > image) { 100 if (*image_end == '_') { 101 ch = image_end - magic_str_len + 1; 102 if (!strncmp(ch, sig_start_magic, magic_str_len)) 103 return (u32)ch; 104 } 105 } 106 return 0; 107 } 108 109 int secure_boot_verify_image(void **image, size_t *size) 110 { 111 int result = 1; 112 u32 cert_addr, sig_addr; 113 size_t cert_size; 114 115 /* Perform cache writeback on input buffer */ 116 flush_dcache_range( 117 rounddown((u32)*image, ARCH_DMA_MINALIGN), 118 roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); 119 120 cert_addr = (uint32_t)*image; 121 sig_addr = find_sig_start((char *)*image, *size); 122 123 if (sig_addr == 0) { 124 printf("No signature found in image!\n"); 125 result = 1; 126 goto auth_exit; 127 } 128 129 *size = sig_addr - cert_addr; /* Subtract out the signature size */ 130 /* Subtract header if present */ 131 if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0) 132 *size -= ((u32 *)*image)[HEADER_SIZE_OFFSET]; 133 cert_size = *size; 134 135 /* Check if image load address is 32-bit aligned */ 136 if (!IS_ALIGNED(cert_addr, 4)) { 137 printf("Image is not 4-byte aligned!\n"); 138 result = 1; 139 goto auth_exit; 140 } 141 142 /* Image size also should be multiple of 4 */ 143 if (!IS_ALIGNED(cert_size, 4)) { 144 printf("Image size is not 4-byte aligned!\n"); 145 result = 1; 146 goto auth_exit; 147 } 148 149 /* Call ROM HAL API to verify certificate signature */ 150 debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, 151 cert_addr, cert_size, sig_addr); 152 153 result = secure_rom_call( 154 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, 155 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); 156 157 /* Perform cache writeback on output buffer */ 158 flush_dcache_range( 159 rounddown((u32)*image, ARCH_DMA_MINALIGN), 160 roundup((u32)*image + *size, ARCH_DMA_MINALIGN)); 161 162 auth_exit: 163 if (result != 0) { 164 printf("Authentication failed!\n"); 165 printf("Return Value = %08X\n", result); 166 hang(); 167 } 168 169 /* 170 * Output notification of successful authentication to re-assure the 171 * user that the secure code is being processed as expected. However 172 * suppress any such log output in case of building for SPL and booting 173 * via YMODEM. This is done to avoid disturbing the YMODEM serial 174 * protocol transactions. 175 */ 176 if (!(IS_ENABLED(CONFIG_SPL_BUILD) && 177 IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && 178 spl_boot_device() == BOOT_DEVICE_UART)) 179 printf("Authentication passed\n"); 180 181 return result; 182 } 183 184 u32 get_sec_mem_start(void) 185 { 186 u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START; 187 u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE; 188 /* 189 * Total reserved region is all contiguous with protected 190 * region coming first, followed by the non-secure region. 191 * If 0x0 start address is given, we simply put the reserved 192 * region at the end of the external DRAM. 193 */ 194 if (sec_mem_start == 0) 195 sec_mem_start = 196 (CONFIG_SYS_SDRAM_BASE + ( 197 #if defined(CONFIG_OMAP54XX) 198 omap_sdram_size() 199 #else 200 get_ram_size((void *)CONFIG_SYS_SDRAM_BASE, 201 CONFIG_MAX_RAM_BANK_SIZE) 202 #endif 203 - sec_mem_size)); 204 return sec_mem_start; 205 } 206 207 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr, 208 uint32_t size, uint32_t access_perm, 209 uint32_t initiator_perm) 210 { 211 int result = 1; 212 213 /* 214 * Call PPA HAL API to do any other general firewall 215 * configuration for regions 1-6 of the EMIF firewall. 216 */ 217 debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__, 218 region_num, start_addr, size); 219 220 result = secure_rom_call( 221 PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4, 222 (start_addr & 0xFFFFFFF0) | (region_num & 0x0F), 223 size, access_perm, initiator_perm); 224 225 if (result != 0) { 226 puts("Secure EMIF Firewall Setup failed!\n"); 227 debug("Return Value = %x\n", result); 228 } 229 230 return result; 231 } 232 233 #if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \ 234 CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE) 235 #error "TI Secure EMIF: Protected size cannot be larger than total size." 236 #endif 237 int secure_emif_reserve(void) 238 { 239 int result = 1; 240 u32 sec_mem_start = get_sec_mem_start(); 241 u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; 242 243 /* If there is no protected region, there is no reservation to make */ 244 if (sec_prot_size == 0) 245 return 0; 246 247 /* 248 * Call PPA HAL API to reserve a chunk of EMIF SDRAM 249 * for secure world use. This region should be carved out 250 * from use by any public code. EMIF firewall region 7 251 * will be used to protect this block of memory. 252 */ 253 result = secure_rom_call( 254 PPA_SERV_HAL_SETUP_SEC_RESVD_REGION, 255 0, 0, 2, sec_mem_start, sec_prot_size); 256 257 if (result != 0) { 258 puts("SDRAM Firewall: Secure memory reservation failed!\n"); 259 debug("Return Value = %x\n", result); 260 } 261 262 return result; 263 } 264 265 int secure_emif_firewall_lock(void) 266 { 267 int result = 1; 268 269 /* 270 * Call PPA HAL API to lock the EMIF firewall configurations. 271 * After this API is called, none of the PPA HAL APIs for 272 * configuring the EMIF firewalls will be usable again (that 273 * is, calls to those APIs will return failure and have no 274 * effect). 275 */ 276 277 result = secure_rom_call( 278 PPA_SERV_HAL_LOCK_EMIF_FW, 279 0, 0, 0); 280 281 if (result != 0) { 282 puts("Secure EMIF Firewall Lock failed!\n"); 283 debug("Return Value = %x\n", result); 284 } 285 286 return result; 287 } 288 289 static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN); 290 291 int secure_tee_install(u32 addr) 292 { 293 struct optee_header *hdr; 294 void *loadptr; 295 u32 tee_file_size; 296 u32 sec_mem_start = get_sec_mem_start(); 297 const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE; 298 u32 ret; 299 300 /* If there is no protected region, there is no place to put the TEE */ 301 if (size == 0) { 302 printf("Error loading TEE, no protected memory region available\n"); 303 return -ENOBUFS; 304 } 305 306 hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header)); 307 /* 280 bytes = size of signature */ 308 tee_file_size = hdr->init_size + hdr->paged_size + 309 sizeof(struct optee_header) + 280; 310 311 if ((hdr->magic != OPTEE_MAGIC) || 312 (hdr->version != OPTEE_VERSION) || 313 (tee_file_size > size)) { 314 printf("Error in TEE header. Check firewall and TEE sizes\n"); 315 unmap_sysmem(hdr); 316 return CMD_RET_FAILURE; 317 } 318 319 tee_info.tee_sec_mem_start = sec_mem_start; 320 tee_info.tee_sec_mem_size = size; 321 tee_info.tee_jump_addr = hdr->init_load_addr_lo; 322 tee_info.tee_cert_start = addr; 323 tee_info.tee_cert_size = tee_file_size; 324 tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr; 325 unmap_sysmem(hdr); 326 loadptr = map_sysmem(addr, tee_file_size); 327 328 debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start); 329 debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size); 330 debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr); 331 debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start); 332 debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size); 333 debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0); 334 debug("tee_file_size = %d\n", tee_file_size); 335 336 #if !defined(CONFIG_SYS_DCACHE_OFF) 337 flush_dcache_range( 338 rounddown((u32)loadptr, ARCH_DMA_MINALIGN), 339 roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN)); 340 341 flush_dcache_range((u32)&tee_info, (u32)&tee_info + 342 roundup(sizeof(tee_info), ARCH_DMA_MINALIGN)); 343 #endif 344 unmap_sysmem(loadptr); 345 346 ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info); 347 if (ret) { 348 printf("TEE_LOAD_MASTER Failed\n"); 349 return ret; 350 } 351 printf("TEE_LOAD_MASTER Done\n"); 352 353 #if defined(CONFIG_OMAP54XX) 354 if (!is_dra72x()) { 355 u32 *smc_cpu1_params; 356 /* Reuse the tee_info buffer for SMC params */ 357 smc_cpu1_params = (u32 *)&tee_info; 358 smc_cpu1_params[0] = 0; 359 #if !defined(CONFIG_SYS_DCACHE_OFF) 360 flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params + 361 roundup(sizeof(u32), ARCH_DMA_MINALIGN)); 362 #endif 363 ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0, 364 smc_cpu1_params); 365 if (ret) { 366 printf("TEE_LOAD_SLAVE Failed\n"); 367 return ret; 368 } 369 printf("TEE_LOAD_SLAVE Done\n"); 370 } 371 #endif 372 373 tee_loaded = 1; 374 375 return 0; 376 } 377