1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (c) 2018 Linaro Limited 4 */ 5 6 #include <common.h> 7 #include <dm.h> 8 #include <log.h> 9 #include <tee.h> 10 #include <linux/arm-smccc.h> 11 #include <linux/io.h> 12 13 #include "optee_smc.h" 14 #include "optee_msg.h" 15 #include "optee_private.h" 16 17 #define PAGELIST_ENTRIES_PER_PAGE \ 18 ((OPTEE_MSG_NONCONTIG_PAGE_SIZE / sizeof(u64)) - 1) 19 20 typedef void (optee_invoke_fn)(unsigned long, unsigned long, unsigned long, 21 unsigned long, unsigned long, unsigned long, 22 unsigned long, unsigned long, 23 struct arm_smccc_res *); 24 25 struct optee_pdata { 26 optee_invoke_fn *invoke_fn; 27 }; 28 29 struct rpc_param { 30 u32 a0; 31 u32 a1; 32 u32 a2; 33 u32 a3; 34 u32 a4; 35 u32 a5; 36 u32 a6; 37 u32 a7; 38 }; 39 40 /** 41 * reg_pair_to_ptr() - Make a pointer of 2 32-bit values 42 * @reg0: High bits of the pointer 43 * @reg1: Low bits of the pointer 44 * 45 * Returns the combined result, note that if a pointer is 32-bit wide @reg0 46 * will be discarded. 47 */ 48 static void *reg_pair_to_ptr(u32 reg0, u32 reg1) 49 { 50 return (void *)(ulong)(((u64)reg0 << 32) | reg1); 51 } 52 53 /** 54 * reg_pair_from_64() - Split a 64-bit value into two 32-bit values 55 * @reg0: High bits of @val 56 * @reg1: Low bits of @val 57 * @val: The value to split 58 */ 59 static void reg_pair_from_64(u32 *reg0, u32 *reg1, u64 val) 60 { 61 *reg0 = val >> 32; 62 *reg1 = val; 63 } 64 65 /** 66 * optee_alloc_and_init_page_list() - Provide page list of memory buffer 67 * @buf: Start of buffer 68 * @len: Length of buffer 69 * @phys_buf_ptr Physical pointer with coded offset to page list 70 * 71 * Secure world doesn't share mapping with Normal world (U-Boot in this case) 72 * so physical pointers are needed when sharing pointers. 73 * 74 * Returns a pointer page list on success or NULL on failure 75 */ 76 void *optee_alloc_and_init_page_list(void *buf, ulong len, u64 *phys_buf_ptr) 77 { 78 const unsigned int page_size = OPTEE_MSG_NONCONTIG_PAGE_SIZE; 79 const phys_addr_t page_mask = page_size - 1; 80 u8 *buf_base; 81 unsigned int page_offset; 82 unsigned int num_pages; 83 unsigned int list_size; 84 unsigned int n; 85 void *page_list; 86 struct { 87 u64 pages_list[PAGELIST_ENTRIES_PER_PAGE]; 88 u64 next_page_data; 89 } *pages_data; 90 91 /* 92 * A Memory buffer is described in chunks of 4k. The list of 93 * physical addresses has to be represented by a physical pointer 94 * too and a single list has to start at a 4k page and fit into 95 * that page. In order to be able to describe large memory buffers 96 * these 4k pages carrying physical addresses are linked together 97 * in a list. See OPTEE_MSG_ATTR_NONCONTIG in 98 * drivers/tee/optee/optee_msg.h for more information. 99 */ 100 101 page_offset = (ulong)buf & page_mask; 102 num_pages = roundup(page_offset + len, page_size) / page_size; 103 list_size = DIV_ROUND_UP(num_pages, PAGELIST_ENTRIES_PER_PAGE) * 104 page_size; 105 page_list = memalign(page_size, list_size); 106 if (!page_list) 107 return NULL; 108 109 pages_data = page_list; 110 buf_base = (u8 *)rounddown((ulong)buf, page_size); 111 n = 0; 112 while (num_pages) { 113 pages_data->pages_list[n] = virt_to_phys(buf_base); 114 n++; 115 buf_base += page_size; 116 num_pages--; 117 118 if (n == PAGELIST_ENTRIES_PER_PAGE) { 119 pages_data->next_page_data = 120 virt_to_phys(pages_data + 1); 121 pages_data++; 122 n = 0; 123 } 124 } 125 126 *phys_buf_ptr = virt_to_phys(page_list) | page_offset; 127 return page_list; 128 } 129 130 static void optee_get_version(struct udevice *dev, 131 struct tee_version_data *vers) 132 { 133 struct tee_version_data v = { 134 .gen_caps = TEE_GEN_CAP_GP | TEE_GEN_CAP_REG_MEM, 135 }; 136 137 *vers = v; 138 } 139 140 static int get_msg_arg(struct udevice *dev, uint num_params, 141 struct tee_shm **shmp, struct optee_msg_arg **msg_arg) 142 { 143 int rc; 144 struct optee_msg_arg *ma; 145 146 rc = __tee_shm_add(dev, OPTEE_MSG_NONCONTIG_PAGE_SIZE, NULL, 147 OPTEE_MSG_GET_ARG_SIZE(num_params), TEE_SHM_ALLOC, 148 shmp); 149 if (rc) 150 return rc; 151 152 ma = (*shmp)->addr; 153 memset(ma, 0, OPTEE_MSG_GET_ARG_SIZE(num_params)); 154 ma->num_params = num_params; 155 *msg_arg = ma; 156 157 return 0; 158 } 159 160 static int to_msg_param(struct optee_msg_param *msg_params, uint num_params, 161 const struct tee_param *params) 162 { 163 uint n; 164 165 for (n = 0; n < num_params; n++) { 166 const struct tee_param *p = params + n; 167 struct optee_msg_param *mp = msg_params + n; 168 169 switch (p->attr) { 170 case TEE_PARAM_ATTR_TYPE_NONE: 171 mp->attr = OPTEE_MSG_ATTR_TYPE_NONE; 172 memset(&mp->u, 0, sizeof(mp->u)); 173 break; 174 case TEE_PARAM_ATTR_TYPE_VALUE_INPUT: 175 case TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT: 176 case TEE_PARAM_ATTR_TYPE_VALUE_INOUT: 177 mp->attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT + p->attr - 178 TEE_PARAM_ATTR_TYPE_VALUE_INPUT; 179 mp->u.value.a = p->u.value.a; 180 mp->u.value.b = p->u.value.b; 181 mp->u.value.c = p->u.value.c; 182 break; 183 case TEE_PARAM_ATTR_TYPE_MEMREF_INPUT: 184 case TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT: 185 case TEE_PARAM_ATTR_TYPE_MEMREF_INOUT: 186 mp->attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT + p->attr - 187 TEE_PARAM_ATTR_TYPE_MEMREF_INPUT; 188 mp->u.rmem.shm_ref = (ulong)p->u.memref.shm; 189 mp->u.rmem.size = p->u.memref.size; 190 mp->u.rmem.offs = p->u.memref.shm_offs; 191 break; 192 default: 193 return -EINVAL; 194 } 195 } 196 return 0; 197 } 198 199 static int from_msg_param(struct tee_param *params, uint num_params, 200 const struct optee_msg_param *msg_params) 201 { 202 uint n; 203 struct tee_shm *shm; 204 205 for (n = 0; n < num_params; n++) { 206 struct tee_param *p = params + n; 207 const struct optee_msg_param *mp = msg_params + n; 208 u32 attr = mp->attr & OPTEE_MSG_ATTR_TYPE_MASK; 209 210 switch (attr) { 211 case OPTEE_MSG_ATTR_TYPE_NONE: 212 p->attr = TEE_PARAM_ATTR_TYPE_NONE; 213 memset(&p->u, 0, sizeof(p->u)); 214 break; 215 case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: 216 case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: 217 case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: 218 p->attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT + attr - 219 OPTEE_MSG_ATTR_TYPE_VALUE_INPUT; 220 p->u.value.a = mp->u.value.a; 221 p->u.value.b = mp->u.value.b; 222 p->u.value.c = mp->u.value.c; 223 break; 224 case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: 225 case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: 226 case OPTEE_MSG_ATTR_TYPE_RMEM_INOUT: 227 p->attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT + attr - 228 OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; 229 p->u.memref.size = mp->u.rmem.size; 230 shm = (struct tee_shm *)(ulong)mp->u.rmem.shm_ref; 231 232 if (!shm) { 233 p->u.memref.shm_offs = 0; 234 p->u.memref.shm = NULL; 235 break; 236 } 237 p->u.memref.shm_offs = mp->u.rmem.offs; 238 p->u.memref.shm = shm; 239 break; 240 default: 241 return -EINVAL; 242 } 243 } 244 return 0; 245 } 246 247 static void handle_rpc(struct udevice *dev, struct rpc_param *param, 248 void *page_list) 249 { 250 struct tee_shm *shm; 251 252 switch (OPTEE_SMC_RETURN_GET_RPC_FUNC(param->a0)) { 253 case OPTEE_SMC_RPC_FUNC_ALLOC: 254 if (!__tee_shm_add(dev, OPTEE_MSG_NONCONTIG_PAGE_SIZE, NULL, 255 param->a1, TEE_SHM_ALLOC | TEE_SHM_REGISTER, 256 &shm)) { 257 reg_pair_from_64(¶m->a1, ¶m->a2, 258 virt_to_phys(shm->addr)); 259 /* "cookie" */ 260 reg_pair_from_64(¶m->a4, ¶m->a5, (ulong)shm); 261 } else { 262 param->a1 = 0; 263 param->a2 = 0; 264 param->a4 = 0; 265 param->a5 = 0; 266 } 267 break; 268 case OPTEE_SMC_RPC_FUNC_FREE: 269 shm = reg_pair_to_ptr(param->a1, param->a2); 270 tee_shm_free(shm); 271 break; 272 case OPTEE_SMC_RPC_FUNC_FOREIGN_INTR: 273 break; 274 case OPTEE_SMC_RPC_FUNC_CMD: 275 shm = reg_pair_to_ptr(param->a1, param->a2); 276 optee_suppl_cmd(dev, shm, page_list); 277 break; 278 default: 279 break; 280 } 281 282 param->a0 = OPTEE_SMC_CALL_RETURN_FROM_RPC; 283 } 284 285 static u32 call_err_to_res(u32 call_err) 286 { 287 switch (call_err) { 288 case OPTEE_SMC_RETURN_OK: 289 return TEE_SUCCESS; 290 default: 291 return TEE_ERROR_BAD_PARAMETERS; 292 } 293 } 294 295 static u32 do_call_with_arg(struct udevice *dev, struct optee_msg_arg *arg) 296 { 297 struct optee_pdata *pdata = dev_get_platdata(dev); 298 struct rpc_param param = { .a0 = OPTEE_SMC_CALL_WITH_ARG }; 299 void *page_list = NULL; 300 301 reg_pair_from_64(¶m.a1, ¶m.a2, virt_to_phys(arg)); 302 while (true) { 303 struct arm_smccc_res res; 304 305 pdata->invoke_fn(param.a0, param.a1, param.a2, param.a3, 306 param.a4, param.a5, param.a6, param.a7, &res); 307 308 free(page_list); 309 page_list = NULL; 310 311 if (OPTEE_SMC_RETURN_IS_RPC(res.a0)) { 312 param.a0 = res.a0; 313 param.a1 = res.a1; 314 param.a2 = res.a2; 315 param.a3 = res.a3; 316 handle_rpc(dev, ¶m, &page_list); 317 } else { 318 /* 319 * In case we've accessed RPMB to serve an RPC 320 * request we need to restore the previously 321 * selected partition as the caller may expect it 322 * to remain unchanged. 323 */ 324 optee_suppl_rpmb_release(dev); 325 return call_err_to_res(res.a0); 326 } 327 } 328 } 329 330 static int optee_close_session(struct udevice *dev, u32 session) 331 { 332 int rc; 333 struct tee_shm *shm; 334 struct optee_msg_arg *msg_arg; 335 336 rc = get_msg_arg(dev, 0, &shm, &msg_arg); 337 if (rc) 338 return rc; 339 340 msg_arg->cmd = OPTEE_MSG_CMD_CLOSE_SESSION; 341 msg_arg->session = session; 342 do_call_with_arg(dev, msg_arg); 343 344 tee_shm_free(shm); 345 346 return 0; 347 } 348 349 static int optee_open_session(struct udevice *dev, 350 struct tee_open_session_arg *arg, 351 uint num_params, struct tee_param *params) 352 { 353 int rc; 354 struct tee_shm *shm; 355 struct optee_msg_arg *msg_arg; 356 357 rc = get_msg_arg(dev, num_params + 2, &shm, &msg_arg); 358 if (rc) 359 return rc; 360 361 msg_arg->cmd = OPTEE_MSG_CMD_OPEN_SESSION; 362 /* 363 * Initialize and add the meta parameters needed when opening a 364 * session. 365 */ 366 msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | 367 OPTEE_MSG_ATTR_META; 368 msg_arg->params[1].attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | 369 OPTEE_MSG_ATTR_META; 370 memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid)); 371 memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid)); 372 msg_arg->params[1].u.value.c = arg->clnt_login; 373 374 rc = to_msg_param(msg_arg->params + 2, num_params, params); 375 if (rc) 376 goto out; 377 378 arg->ret = do_call_with_arg(dev, msg_arg); 379 if (arg->ret) { 380 arg->ret_origin = TEE_ORIGIN_COMMS; 381 goto out; 382 } 383 384 if (from_msg_param(params, num_params, msg_arg->params + 2)) { 385 arg->ret = TEE_ERROR_COMMUNICATION; 386 arg->ret_origin = TEE_ORIGIN_COMMS; 387 /* Close session again to avoid leakage */ 388 optee_close_session(dev, msg_arg->session); 389 goto out; 390 } 391 392 arg->session = msg_arg->session; 393 arg->ret = msg_arg->ret; 394 arg->ret_origin = msg_arg->ret_origin; 395 out: 396 tee_shm_free(shm); 397 398 return rc; 399 } 400 401 static int optee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg, 402 uint num_params, struct tee_param *params) 403 { 404 struct tee_shm *shm; 405 struct optee_msg_arg *msg_arg; 406 int rc; 407 408 rc = get_msg_arg(dev, num_params, &shm, &msg_arg); 409 if (rc) 410 return rc; 411 msg_arg->cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; 412 msg_arg->func = arg->func; 413 msg_arg->session = arg->session; 414 415 rc = to_msg_param(msg_arg->params, num_params, params); 416 if (rc) 417 goto out; 418 419 arg->ret = do_call_with_arg(dev, msg_arg); 420 if (arg->ret) { 421 arg->ret_origin = TEE_ORIGIN_COMMS; 422 goto out; 423 } 424 425 if (from_msg_param(params, num_params, msg_arg->params)) { 426 arg->ret = TEE_ERROR_COMMUNICATION; 427 arg->ret_origin = TEE_ORIGIN_COMMS; 428 goto out; 429 } 430 431 arg->ret = msg_arg->ret; 432 arg->ret_origin = msg_arg->ret_origin; 433 out: 434 tee_shm_free(shm); 435 return rc; 436 } 437 438 static int optee_shm_register(struct udevice *dev, struct tee_shm *shm) 439 { 440 struct tee_shm *shm_arg; 441 struct optee_msg_arg *msg_arg; 442 void *pl; 443 u64 ph_ptr; 444 int rc; 445 446 rc = get_msg_arg(dev, 1, &shm_arg, &msg_arg); 447 if (rc) 448 return rc; 449 450 pl = optee_alloc_and_init_page_list(shm->addr, shm->size, &ph_ptr); 451 if (!pl) { 452 rc = -ENOMEM; 453 goto out; 454 } 455 456 msg_arg->cmd = OPTEE_MSG_CMD_REGISTER_SHM; 457 msg_arg->params->attr = OPTEE_MSG_ATTR_TYPE_TMEM_OUTPUT | 458 OPTEE_MSG_ATTR_NONCONTIG; 459 msg_arg->params->u.tmem.buf_ptr = ph_ptr; 460 msg_arg->params->u.tmem.shm_ref = (ulong)shm; 461 msg_arg->params->u.tmem.size = shm->size; 462 463 if (do_call_with_arg(dev, msg_arg) || msg_arg->ret) 464 rc = -EINVAL; 465 466 free(pl); 467 out: 468 tee_shm_free(shm_arg); 469 470 return rc; 471 } 472 473 static int optee_shm_unregister(struct udevice *dev, struct tee_shm *shm) 474 { 475 struct tee_shm *shm_arg; 476 struct optee_msg_arg *msg_arg; 477 int rc; 478 479 rc = get_msg_arg(dev, 1, &shm_arg, &msg_arg); 480 if (rc) 481 return rc; 482 483 msg_arg->cmd = OPTEE_MSG_CMD_UNREGISTER_SHM; 484 msg_arg->params[0].attr = OPTEE_MSG_ATTR_TYPE_RMEM_INPUT; 485 msg_arg->params[0].u.rmem.shm_ref = (ulong)shm; 486 487 if (do_call_with_arg(dev, msg_arg) || msg_arg->ret) 488 rc = -EINVAL; 489 tee_shm_free(shm_arg); 490 491 return rc; 492 } 493 494 static const struct tee_driver_ops optee_ops = { 495 .get_version = optee_get_version, 496 .open_session = optee_open_session, 497 .close_session = optee_close_session, 498 .invoke_func = optee_invoke_func, 499 .shm_register = optee_shm_register, 500 .shm_unregister = optee_shm_unregister, 501 }; 502 503 static bool is_optee_api(optee_invoke_fn *invoke_fn) 504 { 505 struct arm_smccc_res res; 506 507 invoke_fn(OPTEE_SMC_CALLS_UID, 0, 0, 0, 0, 0, 0, 0, &res); 508 509 return res.a0 == OPTEE_MSG_UID_0 && res.a1 == OPTEE_MSG_UID_1 && 510 res.a2 == OPTEE_MSG_UID_2 && res.a3 == OPTEE_MSG_UID_3; 511 } 512 513 static void print_os_revision(optee_invoke_fn *invoke_fn) 514 { 515 union { 516 struct arm_smccc_res smccc; 517 struct optee_smc_call_get_os_revision_result result; 518 } res = { 519 .result = { 520 .build_id = 0 521 } 522 }; 523 524 invoke_fn(OPTEE_SMC_CALL_GET_OS_REVISION, 0, 0, 0, 0, 0, 0, 0, 525 &res.smccc); 526 527 if (res.result.build_id) 528 debug("OP-TEE revision %lu.%lu (%08lx)\n", res.result.major, 529 res.result.minor, res.result.build_id); 530 else 531 debug("OP-TEE revision %lu.%lu\n", res.result.major, 532 res.result.minor); 533 } 534 535 static bool api_revision_is_compatible(optee_invoke_fn *invoke_fn) 536 { 537 union { 538 struct arm_smccc_res smccc; 539 struct optee_smc_calls_revision_result result; 540 } res; 541 542 invoke_fn(OPTEE_SMC_CALLS_REVISION, 0, 0, 0, 0, 0, 0, 0, &res.smccc); 543 544 return res.result.major == OPTEE_MSG_REVISION_MAJOR && 545 (int)res.result.minor >= OPTEE_MSG_REVISION_MINOR; 546 } 547 548 static bool exchange_capabilities(optee_invoke_fn *invoke_fn, u32 *sec_caps) 549 { 550 union { 551 struct arm_smccc_res smccc; 552 struct optee_smc_exchange_capabilities_result result; 553 } res; 554 555 invoke_fn(OPTEE_SMC_EXCHANGE_CAPABILITIES, 556 OPTEE_SMC_NSEC_CAP_UNIPROCESSOR, 0, 0, 0, 0, 0, 0, 557 &res.smccc); 558 559 if (res.result.status != OPTEE_SMC_RETURN_OK) 560 return false; 561 562 *sec_caps = res.result.capabilities; 563 564 return true; 565 } 566 567 /* Simple wrapper functions to be able to use a function pointer */ 568 static void optee_smccc_smc(unsigned long a0, unsigned long a1, 569 unsigned long a2, unsigned long a3, 570 unsigned long a4, unsigned long a5, 571 unsigned long a6, unsigned long a7, 572 struct arm_smccc_res *res) 573 { 574 arm_smccc_smc(a0, a1, a2, a3, a4, a5, a6, a7, res); 575 } 576 577 static void optee_smccc_hvc(unsigned long a0, unsigned long a1, 578 unsigned long a2, unsigned long a3, 579 unsigned long a4, unsigned long a5, 580 unsigned long a6, unsigned long a7, 581 struct arm_smccc_res *res) 582 { 583 arm_smccc_hvc(a0, a1, a2, a3, a4, a5, a6, a7, res); 584 } 585 586 static optee_invoke_fn *get_invoke_func(struct udevice *dev) 587 { 588 const char *method; 589 590 debug("optee: looking for conduit method in DT.\n"); 591 method = ofnode_get_property(dev->node, "method", NULL); 592 if (!method) { 593 debug("optee: missing \"method\" property\n"); 594 return ERR_PTR(-ENXIO); 595 } 596 597 if (!strcmp("hvc", method)) 598 return optee_smccc_hvc; 599 else if (!strcmp("smc", method)) 600 return optee_smccc_smc; 601 602 debug("optee: invalid \"method\" property: %s\n", method); 603 return ERR_PTR(-EINVAL); 604 } 605 606 static int optee_ofdata_to_platdata(struct udevice *dev) 607 { 608 struct optee_pdata *pdata = dev_get_platdata(dev); 609 610 pdata->invoke_fn = get_invoke_func(dev); 611 if (IS_ERR(pdata->invoke_fn)) 612 return PTR_ERR(pdata->invoke_fn); 613 614 return 0; 615 } 616 617 static int optee_probe(struct udevice *dev) 618 { 619 struct optee_pdata *pdata = dev_get_platdata(dev); 620 u32 sec_caps; 621 622 if (!is_optee_api(pdata->invoke_fn)) { 623 debug("%s: OP-TEE api uid mismatch\n", __func__); 624 return -ENOENT; 625 } 626 627 print_os_revision(pdata->invoke_fn); 628 629 if (!api_revision_is_compatible(pdata->invoke_fn)) { 630 debug("%s: OP-TEE api revision mismatch\n", __func__); 631 return -ENOENT; 632 } 633 634 /* 635 * OP-TEE can use both shared memory via predefined pool or as 636 * dynamic shared memory provided by normal world. To keep things 637 * simple we're only using dynamic shared memory in this driver. 638 */ 639 if (!exchange_capabilities(pdata->invoke_fn, &sec_caps) || 640 !(sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM)) { 641 debug("%s: OP-TEE capabilities mismatch\n", __func__); 642 return -ENOENT; 643 } 644 645 return 0; 646 } 647 648 static const struct udevice_id optee_match[] = { 649 { .compatible = "linaro,optee-tz" }, 650 {}, 651 }; 652 653 U_BOOT_DRIVER(optee) = { 654 .name = "optee", 655 .id = UCLASS_TEE, 656 .of_match = optee_match, 657 .ofdata_to_platdata = optee_ofdata_to_platdata, 658 .probe = optee_probe, 659 .ops = &optee_ops, 660 .platdata_auto_alloc_size = sizeof(struct optee_pdata), 661 .priv_auto_alloc_size = sizeof(struct optee_private), 662 }; 663