arch/arm/mach-omap2/sec-common.c

   1 /*
   2  *
   3  * Common security related functions for OMAP devices
   4  *
   5  * (C) Copyright 2016-2017
   6  * Texas Instruments, <www.ti.com>
   7  *
   8  * Daniel Allred <d-allred@ti.com>
   9  * Andreas Dannenberg <dannenberg@ti.com>
  10  * Harinarayan Bhatta <harinarayan@ti.com>
  11  * Andrew F. Davis <afd@ti.com>
  12  *
  13  * SPDX-License-Identifier: GPL-2.0+
  14  */
  15
  16 #include <common.h>
  17 #include <stdarg.h>
  18
  19 #include <asm/arch/sys_proto.h>
  20 #include <asm/cache.h>
  21 #include <asm/omap_common.h>
  22 #include <asm/omap_sec_common.h>
  23 #include <asm/spl.h>
  24 #include <asm/ti-common/sys_proto.h>
  25 #include <mapmem.h>
  26 #include <spl.h>
  27 #include <tee/optee.h>
  28
  29 /* Index for signature verify ROM API */
  30 #ifdef CONFIG_AM33XX
  31 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX     (0x0000000C)
  32 #else
  33 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX     (0x0000000E)
  34 #endif
  35
  36 /* Index for signature PPA-based TI HAL APIs */
  37 #define PPA_HAL_SERVICES_START_INDEX        (0x200)
  38 #define PPA_SERV_HAL_TEE_LOAD_MASTER        (PPA_HAL_SERVICES_START_INDEX + 23)
  39 #define PPA_SERV_HAL_TEE_LOAD_SLAVE         (PPA_HAL_SERVICES_START_INDEX + 24)
  40 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
  41 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION   (PPA_HAL_SERVICES_START_INDEX + 26)
  42 #define PPA_SERV_HAL_LOCK_EMIF_FW           (PPA_HAL_SERVICES_START_INDEX + 27)
  43
  44 int tee_loaded = 0;
  45
  46 /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
  47 struct ppa_tee_load_info {
  48         u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
  49         u32 tee_sec_mem_size;  /* Size of the memory reserved for TEE */
  50         u32 tee_cert_start;    /* Address where signed TEE binary is loaded */
  51         u32 tee_cert_size;     /* Size of TEE certificate (signed binary) */
  52         u32 tee_jump_addr;     /* Address to jump to start TEE execution */
  53         u32 tee_arg0;          /* argument to TEE jump function, in r0 */
  54 };
  55
  56 static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
  57
  58 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
  59 {
  60         int i;
  61         u32 num_args;
  62         va_list ap;
  63
  64         va_start(ap, flag);
  65
  66         num_args = va_arg(ap, u32);
  67
  68         if (num_args > 4) {
  69                 va_end(ap);
  70                 return 1;
  71         }
  72
  73         /* Copy args to aligned args structure */
  74         for (i = 0; i < num_args; i++)
  75                 secure_rom_call_args[i + 1] = va_arg(ap, u32);
  76
  77         secure_rom_call_args[0] = num_args;
  78
  79         va_end(ap);
  80
  81         /* if data cache is enabled, flush the aligned args structure */
  82         flush_dcache_range(
  83                 (unsigned int)&secure_rom_call_args[0],
  84                 (unsigned int)&secure_rom_call_args[0] +
  85                 roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
  86
  87         return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
  88 }
  89
  90 static u32 find_sig_start(char *image, size_t size)
  91 {
  92         char *image_end = image + size;
  93         char *sig_start_magic = "CERT_";
  94         int magic_str_len = strlen(sig_start_magic);
  95         char *ch;
  96
  97         while (--image_end > image) {
  98                 if (*image_end == '_') {
  99                         ch = image_end - magic_str_len + 1;
 100                         if (!strncmp(ch, sig_start_magic, magic_str_len))
 101                                 return (u32)ch;
 102                 }
 103         }
 104         return 0;
 105 }
 106
 107 int secure_boot_verify_image(void **image, size_t *size)
 108 {
 109         int result = 1;
 110         u32 cert_addr, sig_addr;
 111         size_t cert_size;
 112
 113         /* Perform cache writeback on input buffer */
 114         flush_dcache_range(
 115                 rounddown((u32)*image, ARCH_DMA_MINALIGN),
 116                 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
 117
 118         cert_addr = (uint32_t)*image;
 119         sig_addr = find_sig_start((char *)*image, *size);
 120
 121         if (sig_addr == 0) {
 122                 printf("No signature found in image!\n");
 123                 result = 1;
 124                 goto auth_exit;
 125         }
 126
 127         *size = sig_addr - cert_addr;   /* Subtract out the signature size */
 128         cert_size = *size;
 129
 130         /* Check if image load address is 32-bit aligned */
 131         if (!IS_ALIGNED(cert_addr, 4)) {
 132                 printf("Image is not 4-byte aligned!\n");
 133                 result = 1;
 134                 goto auth_exit;
 135         }
 136
 137         /* Image size also should be multiple of 4 */
 138         if (!IS_ALIGNED(cert_size, 4)) {
 139                 printf("Image size is not 4-byte aligned!\n");
 140                 result = 1;
 141                 goto auth_exit;
 142         }
 143
 144         /* Call ROM HAL API to verify certificate signature */
 145         debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
 146               cert_addr, cert_size, sig_addr);
 147
 148         result = secure_rom_call(
 149                 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
 150                 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
 151
 152         /* Perform cache writeback on output buffer */
 153         flush_dcache_range(
 154                 rounddown((u32)*image, ARCH_DMA_MINALIGN),
 155                 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
 156
 157 auth_exit:
 158         if (result != 0) {
 159                 printf("Authentication failed!\n");
 160                 printf("Return Value = %08X\n", result);
 161                 hang();
 162         }
 163
 164         /*
 165          * Output notification of successful authentication as well the name of
 166          * the signing certificate used to re-assure the user that the secure
 167          * code is being processed as expected. However suppress any such log
 168          * output in case of building for SPL and booting via YMODEM. This is
 169          * done to avoid disturbing the YMODEM serial protocol transactions.
 170          */
 171         if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
 172               IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
 173               spl_boot_device() == BOOT_DEVICE_UART))
 174                 printf("Authentication passed: %s\n", (char *)sig_addr);
 175
 176         return result;
 177 }
 178
 179 u32 get_sec_mem_start(void)
 180 {
 181         u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
 182         u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
 183         /*
 184          * Total reserved region is all contiguous with protected
 185          * region coming first, followed by the non-secure region.
 186          * If 0x0 start address is given, we simply put the reserved
 187          * region at the end of the external DRAM.
 188          */
 189         if (sec_mem_start == 0)
 190                 sec_mem_start =
 191                         (CONFIG_SYS_SDRAM_BASE + (
 192 #if defined(CONFIG_OMAP54XX)
 193                         omap_sdram_size()
 194 #else
 195                         get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
 196                                      CONFIG_MAX_RAM_BANK_SIZE)
 197 #endif
 198                         - sec_mem_size));
 199         return sec_mem_start;
 200 }
 201
 202 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
 203                                uint32_t size, uint32_t access_perm,
 204                                uint32_t initiator_perm)
 205 {
 206         int result = 1;
 207
 208         /*
 209          * Call PPA HAL API to do any other general firewall
 210          * configuration for regions 1-6 of the EMIF firewall.
 211          */
 212         debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
 213               region_num, start_addr, size);
 214
 215         result = secure_rom_call(
 216                         PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
 217                         (start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
 218                         size, access_perm, initiator_perm);
 219
 220         if (result != 0) {
 221                 puts("Secure EMIF Firewall Setup failed!\n");
 222                 debug("Return Value = %x\n", result);
 223         }
 224
 225         return result;
 226 }
 227
 228 #if     (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE <  \
 229         CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
 230 #error  "TI Secure EMIF: Protected size cannot be larger than total size."
 231 #endif
 232 int secure_emif_reserve(void)
 233 {
 234         int result = 1;
 235         u32 sec_mem_start = get_sec_mem_start();
 236         u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
 237
 238         /* If there is no protected region, there is no reservation to make */
 239         if (sec_prot_size == 0)
 240                 return 0;
 241
 242         /*
 243          * Call PPA HAL API to reserve a chunk of EMIF SDRAM
 244          * for secure world use. This region should be carved out
 245          * from use by any public code. EMIF firewall region 7
 246          * will be used to protect this block of memory.
 247          */
 248         result = secure_rom_call(
 249                         PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
 250                         0, 0, 2, sec_mem_start, sec_prot_size);
 251
 252         if (result != 0) {
 253                 puts("SDRAM Firewall: Secure memory reservation failed!\n");
 254                 debug("Return Value = %x\n", result);
 255         }
 256
 257         return result;
 258 }
 259
 260 int secure_emif_firewall_lock(void)
 261 {
 262         int result = 1;
 263
 264         /*
 265          * Call PPA HAL API to lock the EMIF firewall configurations.
 266          * After this API is called, none of the PPA HAL APIs for
 267          * configuring the EMIF firewalls will be usable again (that
 268          * is, calls to those APIs will return failure and have no
 269          * effect).
 270          */
 271
 272         result = secure_rom_call(
 273                         PPA_SERV_HAL_LOCK_EMIF_FW,
 274                         0, 0, 0);
 275
 276         if (result != 0) {
 277                 puts("Secure EMIF Firewall Lock failed!\n");
 278                 debug("Return Value = %x\n", result);
 279         }
 280
 281         return result;
 282 }
 283
 284 static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
 285
 286 int secure_tee_install(u32 addr)
 287 {
 288         struct optee_header *hdr;
 289         void *loadptr;
 290         u32 tee_file_size;
 291         u32 sec_mem_start = get_sec_mem_start();
 292         const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
 293         u32 ret;
 294
 295         /* If there is no protected region, there is no place to put the TEE */
 296         if (size == 0) {
 297                 printf("Error loading TEE, no protected memory region available\n");
 298                 return -ENOBUFS;
 299         }
 300
 301         hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
 302         /* 280 bytes = size of signature */
 303         tee_file_size = hdr->init_size + hdr->paged_size +
 304                         sizeof(struct optee_header) + 280;
 305
 306         if ((hdr->magic != OPTEE_MAGIC) ||
 307             (hdr->version != OPTEE_VERSION) ||
 308             (tee_file_size > size)) {
 309                 printf("Error in TEE header. Check firewall and TEE sizes\n");
 310                 unmap_sysmem(hdr);
 311                 return CMD_RET_FAILURE;
 312         }
 313
 314         tee_info.tee_sec_mem_start = sec_mem_start;
 315         tee_info.tee_sec_mem_size = size;
 316         tee_info.tee_jump_addr = hdr->init_load_addr_lo;
 317         tee_info.tee_cert_start = addr;
 318         tee_info.tee_cert_size = tee_file_size;
 319         tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
 320         unmap_sysmem(hdr);
 321         loadptr = map_sysmem(addr, tee_file_size);
 322
 323         debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
 324         debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
 325         debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
 326         debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
 327         debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
 328         debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
 329         debug("tee_file_size = %d\n", tee_file_size);
 330
 331 #if !defined(CONFIG_SYS_DCACHE_OFF)
 332         flush_dcache_range(
 333                 rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
 334                 roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
 335
 336         flush_dcache_range((u32)&tee_info, (u32)&tee_info +
 337                         roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
 338 #endif
 339         unmap_sysmem(loadptr);
 340
 341         ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
 342         if (ret) {
 343                 printf("TEE_LOAD_MASTER Failed\n");
 344                 return ret;
 345         }
 346         printf("TEE_LOAD_MASTER Done\n");
 347
 348 #if defined(CONFIG_OMAP54XX)
 349         if (!is_dra72x()) {
 350                 u32 *smc_cpu1_params;
 351                 /* Reuse the tee_info buffer for SMC params */
 352                 smc_cpu1_params = (u32 *)&tee_info;
 353                 smc_cpu1_params[0] = 0;
 354 #if !defined(CONFIG_SYS_DCACHE_OFF)
 355                 flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
 356                                 roundup(sizeof(u32), ARCH_DMA_MINALIGN));
 357 #endif
 358                 ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
 359                                 smc_cpu1_params);
 360                 if (ret) {
 361                         printf("TEE_LOAD_SLAVE Failed\n");
 362                         return ret;
 363                 }
 364                 printf("TEE_LOAD_SLAVE Done\n");
 365         }
 366 #endif
 367
 368         tee_loaded = 1;
 369
 370         return 0;
 371 }