1 /*
2  *
3  * Common security related functions for OMAP devices
4  *
5  * (C) Copyright 2016-2017
6  * Texas Instruments, <www.ti.com>
7  *
8  * Daniel Allred <d-allred@ti.com>
9  * Andreas Dannenberg <dannenberg@ti.com>
10  * Harinarayan Bhatta <harinarayan@ti.com>
11  * Andrew F. Davis <afd@ti.com>
12  *
13  * SPDX-License-Identifier: GPL-2.0+
14  */
15 
16 #include <common.h>
17 #include <stdarg.h>
18 
19 #include <asm/arch/sys_proto.h>
20 #include <asm/cache.h>
21 #include <asm/omap_common.h>
22 #include <asm/omap_sec_common.h>
23 #include <asm/spl.h>
24 #include <asm/ti-common/sys_proto.h>
25 #include <mapmem.h>
26 #include <spl.h>
27 #include <tee/optee.h>
28 
29 /* Index for signature verify ROM API */
30 #ifdef CONFIG_AM33XX
31 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX	(0x0000000C)
32 #else
33 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX	(0x0000000E)
34 #endif
35 
36 /* Index for signature PPA-based TI HAL APIs */
37 #define PPA_HAL_SERVICES_START_INDEX        (0x200)
38 #define PPA_SERV_HAL_TEE_LOAD_MASTER        (PPA_HAL_SERVICES_START_INDEX + 23)
39 #define PPA_SERV_HAL_TEE_LOAD_SLAVE         (PPA_HAL_SERVICES_START_INDEX + 24)
40 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
41 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION   (PPA_HAL_SERVICES_START_INDEX + 26)
42 #define PPA_SERV_HAL_LOCK_EMIF_FW           (PPA_HAL_SERVICES_START_INDEX + 27)
43 
44 int tee_loaded = 0;
45 
46 /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
47 struct ppa_tee_load_info {
48 	u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
49 	u32 tee_sec_mem_size;  /* Size of the memory reserved for TEE */
50 	u32 tee_cert_start;    /* Address where signed TEE binary is loaded */
51 	u32 tee_cert_size;     /* Size of TEE certificate (signed binary) */
52 	u32 tee_jump_addr;     /* Address to jump to start TEE execution */
53 	u32 tee_arg0;          /* argument to TEE jump function, in r0 */
54 };
55 
56 static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
57 
58 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
59 {
60 	int i;
61 	u32 num_args;
62 	va_list ap;
63 
64 	va_start(ap, flag);
65 
66 	num_args = va_arg(ap, u32);
67 
68 	if (num_args > 4) {
69 		va_end(ap);
70 		return 1;
71 	}
72 
73 	/* Copy args to aligned args structure */
74 	for (i = 0; i < num_args; i++)
75 		secure_rom_call_args[i + 1] = va_arg(ap, u32);
76 
77 	secure_rom_call_args[0] = num_args;
78 
79 	va_end(ap);
80 
81 	/* if data cache is enabled, flush the aligned args structure */
82 	flush_dcache_range(
83 		(unsigned int)&secure_rom_call_args[0],
84 		(unsigned int)&secure_rom_call_args[0] +
85 		roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
86 
87 	return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
88 }
89 
90 static u32 find_sig_start(char *image, size_t size)
91 {
92 	char *image_end = image + size;
93 	char *sig_start_magic = "CERT_";
94 	int magic_str_len = strlen(sig_start_magic);
95 	char *ch;
96 
97 	while (--image_end > image) {
98 		if (*image_end == '_') {
99 			ch = image_end - magic_str_len + 1;
100 			if (!strncmp(ch, sig_start_magic, magic_str_len))
101 				return (u32)ch;
102 		}
103 	}
104 	return 0;
105 }
106 
107 int secure_boot_verify_image(void **image, size_t *size)
108 {
109 	int result = 1;
110 	u32 cert_addr, sig_addr;
111 	size_t cert_size;
112 
113 	/* Perform cache writeback on input buffer */
114 	flush_dcache_range(
115 		(u32)*image,
116 		(u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
117 
118 	cert_addr = (uint32_t)*image;
119 	sig_addr = find_sig_start((char *)*image, *size);
120 
121 	if (sig_addr == 0) {
122 		printf("No signature found in image!\n");
123 		result = 1;
124 		goto auth_exit;
125 	}
126 
127 	*size = sig_addr - cert_addr;	/* Subtract out the signature size */
128 	cert_size = *size;
129 
130 	/* Check if image load address is 32-bit aligned */
131 	if (!IS_ALIGNED(cert_addr, 4)) {
132 		printf("Image is not 4-byte aligned!\n");
133 		result = 1;
134 		goto auth_exit;
135 	}
136 
137 	/* Image size also should be multiple of 4 */
138 	if (!IS_ALIGNED(cert_size, 4)) {
139 		printf("Image size is not 4-byte aligned!\n");
140 		result = 1;
141 		goto auth_exit;
142 	}
143 
144 	/* Call ROM HAL API to verify certificate signature */
145 	debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
146 	      cert_addr, cert_size, sig_addr);
147 
148 	result = secure_rom_call(
149 		API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
150 		4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
151 
152 	/* Perform cache writeback on output buffer */
153 	flush_dcache_range(
154 		(u32)*image,
155 		(u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
156 
157 auth_exit:
158 	if (result != 0) {
159 		printf("Authentication failed!\n");
160 		printf("Return Value = %08X\n", result);
161 		hang();
162 	}
163 
164 	/*
165 	 * Output notification of successful authentication as well the name of
166 	 * the signing certificate used to re-assure the user that the secure
167 	 * code is being processed as expected. However suppress any such log
168 	 * output in case of building for SPL and booting via YMODEM. This is
169 	 * done to avoid disturbing the YMODEM serial protocol transactions.
170 	 */
171 	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
172 	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
173 	      spl_boot_device() == BOOT_DEVICE_UART))
174 		printf("Authentication passed: %s\n", (char *)sig_addr);
175 
176 	return result;
177 }
178 
179 u32 get_sec_mem_start(void)
180 {
181 	u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
182 	u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
183 	/*
184 	 * Total reserved region is all contiguous with protected
185 	 * region coming first, followed by the non-secure region.
186 	 * If 0x0 start address is given, we simply put the reserved
187 	 * region at the end of the external DRAM.
188 	 */
189 	if (sec_mem_start == 0)
190 		sec_mem_start =
191 			(CONFIG_SYS_SDRAM_BASE + (
192 #if defined(CONFIG_OMAP54XX)
193 			omap_sdram_size()
194 #else
195 			get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
196 				     CONFIG_MAX_RAM_BANK_SIZE)
197 #endif
198 			- sec_mem_size));
199 	return sec_mem_start;
200 }
201 
202 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
203 			       uint32_t size, uint32_t access_perm,
204 			       uint32_t initiator_perm)
205 {
206 	int result = 1;
207 
208 	/*
209 	 * Call PPA HAL API to do any other general firewall
210 	 * configuration for regions 1-6 of the EMIF firewall.
211 	 */
212 	debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
213 	      region_num, start_addr, size);
214 
215 	result = secure_rom_call(
216 			PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
217 			(start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
218 			size, access_perm, initiator_perm);
219 
220 	if (result != 0) {
221 		puts("Secure EMIF Firewall Setup failed!\n");
222 		debug("Return Value = %x\n", result);
223 	}
224 
225 	return result;
226 }
227 
228 #if	(CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE <  \
229 	CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
230 #error	"TI Secure EMIF: Protected size cannot be larger than total size."
231 #endif
232 int secure_emif_reserve(void)
233 {
234 	int result = 1;
235 	u32 sec_mem_start = get_sec_mem_start();
236 	u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
237 
238 	/* If there is no protected region, there is no reservation to make */
239 	if (sec_prot_size == 0)
240 		return 0;
241 
242 	/*
243 	 * Call PPA HAL API to reserve a chunk of EMIF SDRAM
244 	 * for secure world use. This region should be carved out
245 	 * from use by any public code. EMIF firewall region 7
246 	 * will be used to protect this block of memory.
247 	 */
248 	result = secure_rom_call(
249 			PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
250 			0, 0, 2, sec_mem_start, sec_prot_size);
251 
252 	if (result != 0) {
253 		puts("SDRAM Firewall: Secure memory reservation failed!\n");
254 		debug("Return Value = %x\n", result);
255 	}
256 
257 	return result;
258 }
259 
260 int secure_emif_firewall_lock(void)
261 {
262 	int result = 1;
263 
264 	/*
265 	 * Call PPA HAL API to lock the EMIF firewall configurations.
266 	 * After this API is called, none of the PPA HAL APIs for
267 	 * configuring the EMIF firewalls will be usable again (that
268 	 * is, calls to those APIs will return failure and have no
269 	 * effect).
270 	 */
271 
272 	result = secure_rom_call(
273 			PPA_SERV_HAL_LOCK_EMIF_FW,
274 			0, 0, 0);
275 
276 	if (result != 0) {
277 		puts("Secure EMIF Firewall Lock failed!\n");
278 		debug("Return Value = %x\n", result);
279 	}
280 
281 	return result;
282 }
283 
284 static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
285 
286 int secure_tee_install(u32 addr)
287 {
288 	struct optee_header *hdr;
289 	void *loadptr;
290 	u32 tee_file_size;
291 	u32 sec_mem_start = get_sec_mem_start();
292 	const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
293 	u32 ret;
294 
295 	/* If there is no protected region, there is no place to put the TEE */
296 	if (size == 0) {
297 		printf("Error loading TEE, no protected memory region available\n");
298 		return -ENOBUFS;
299 	}
300 
301 	hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
302 	/* 280 bytes = size of signature */
303 	tee_file_size = hdr->init_size + hdr->paged_size +
304 			sizeof(struct optee_header) + 280;
305 
306 	if ((hdr->magic != OPTEE_MAGIC) ||
307 	    (hdr->version != OPTEE_VERSION) ||
308 	    (hdr->init_load_addr_hi != 0) ||
309 	    (hdr->init_load_addr_lo < (sec_mem_start + sizeof(struct optee_header))) ||
310 	    (tee_file_size > size) ||
311 	    ((hdr->init_load_addr_lo + tee_file_size - 1) >
312 	     (sec_mem_start + size - 1))) {
313 		printf("Error in TEE header. Check load address and sizes\n");
314 		unmap_sysmem(hdr);
315 		return CMD_RET_FAILURE;
316 	}
317 
318 	tee_info.tee_sec_mem_start = sec_mem_start;
319 	tee_info.tee_sec_mem_size = size;
320 	tee_info.tee_jump_addr = hdr->init_load_addr_lo;
321 	tee_info.tee_cert_start = addr;
322 	tee_info.tee_cert_size = tee_file_size;
323 	tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
324 	unmap_sysmem(hdr);
325 	loadptr = map_sysmem(addr, tee_file_size);
326 
327 	debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
328 	debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
329 	debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
330 	debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
331 	debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
332 	debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
333 	debug("tee_file_size = %d\n", tee_file_size);
334 
335 #if !defined(CONFIG_SYS_DCACHE_OFF)
336 	flush_dcache_range(
337 		rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
338 		roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
339 
340 	flush_dcache_range((u32)&tee_info, (u32)&tee_info +
341 			roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
342 #endif
343 	unmap_sysmem(loadptr);
344 
345 	ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
346 	if (ret) {
347 		printf("TEE_LOAD_MASTER Failed\n");
348 		return ret;
349 	}
350 	printf("TEE_LOAD_MASTER Done\n");
351 
352 #if defined(CONFIG_OMAP54XX)
353 	if (!is_dra72x()) {
354 		u32 *smc_cpu1_params;
355 		/* Reuse the tee_info buffer for SMC params */
356 		smc_cpu1_params = (u32 *)&tee_info;
357 		smc_cpu1_params[0] = 0;
358 #if !defined(CONFIG_SYS_DCACHE_OFF)
359 		flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
360 				roundup(sizeof(u32), ARCH_DMA_MINALIGN));
361 #endif
362 		ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
363 				smc_cpu1_params);
364 		if (ret) {
365 			printf("TEE_LOAD_SLAVE Failed\n");
366 			return ret;
367 		}
368 		printf("TEE_LOAD_SLAVE Done\n");
369 	}
370 #endif
371 
372 	tee_loaded = 1;
373 
374 	return 0;
375 }
376