arch/arm/mach-omap2/sec-common.c

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /*
   3  *
   4  * Common security related functions for OMAP devices
   5  *
   6  * (C) Copyright 2016-2017
   7  * Texas Instruments, <www.ti.com>
   8  *
   9  * Daniel Allred <d-allred@ti.com>
  10  * Andreas Dannenberg <dannenberg@ti.com>
  11  * Harinarayan Bhatta <harinarayan@ti.com>
  12  * Andrew F. Davis <afd@ti.com>
  13  */
  14
  15 #include <common.h>
  16 #include <cpu_func.h>
  17 #include <hang.h>
  18 #include <init.h>
  19 #include <stdarg.h>
  20
  21 #include <asm/arch/sys_proto.h>
  22 #include <asm/cache.h>
  23 #include <asm/omap_common.h>
  24 #include <asm/omap_sec_common.h>
  25 #include <asm/spl.h>
  26 #include <asm/ti-common/sys_proto.h>
  27 #include <mapmem.h>
  28 #include <spl.h>
  29 #include <tee/optee.h>
  30
  31 /* Index for signature verify ROM API */
  32 #ifdef CONFIG_AM33XX
  33 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX     (0x0000000C)
  34 #else
  35 #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX     (0x0000000E)
  36 #endif
  37
  38 /* Index for signature PPA-based TI HAL APIs */
  39 #define PPA_HAL_SERVICES_START_INDEX        (0x200)
  40 #define PPA_SERV_HAL_TEE_LOAD_MASTER        (PPA_HAL_SERVICES_START_INDEX + 23)
  41 #define PPA_SERV_HAL_TEE_LOAD_SLAVE         (PPA_HAL_SERVICES_START_INDEX + 24)
  42 #define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
  43 #define PPA_SERV_HAL_SETUP_EMIF_FW_REGION   (PPA_HAL_SERVICES_START_INDEX + 26)
  44 #define PPA_SERV_HAL_LOCK_EMIF_FW           (PPA_HAL_SERVICES_START_INDEX + 27)
  45
  46 /* Offset of header size if image is signed as ISW */
  47 #define HEADER_SIZE_OFFSET      (0x6D)
  48
  49 int tee_loaded = 0;
  50
  51 /* Argument for PPA_SERV_HAL_TEE_LOAD_MASTER */
  52 struct ppa_tee_load_info {
  53         u32 tee_sec_mem_start; /* Physical start address reserved for TEE */
  54         u32 tee_sec_mem_size;  /* Size of the memory reserved for TEE */
  55         u32 tee_cert_start;    /* Address where signed TEE binary is loaded */
  56         u32 tee_cert_size;     /* Size of TEE certificate (signed binary) */
  57         u32 tee_jump_addr;     /* Address to jump to start TEE execution */
  58         u32 tee_arg0;          /* argument to TEE jump function, in r0 */
  59 };
  60
  61 static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN) __section(".data");
  62
  63 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
  64 {
  65         int i;
  66         u32 num_args;
  67         va_list ap;
  68
  69         va_start(ap, flag);
  70
  71         num_args = va_arg(ap, u32);
  72
  73         if (num_args > 4) {
  74                 va_end(ap);
  75                 return 1;
  76         }
  77
  78         /* Copy args to aligned args structure */
  79         for (i = 0; i < num_args; i++)
  80                 secure_rom_call_args[i + 1] = va_arg(ap, u32);
  81
  82         secure_rom_call_args[0] = num_args;
  83
  84         va_end(ap);
  85
  86         /* if data cache is enabled, flush the aligned args structure */
  87         flush_dcache_range(
  88                 (unsigned int)&secure_rom_call_args[0],
  89                 (unsigned int)&secure_rom_call_args[0] +
  90                 roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
  91
  92         return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
  93 }
  94
  95 static u32 find_sig_start(char *image, size_t size)
  96 {
  97         char *image_end = image + size;
  98         char *sig_start_magic = "CERT_";
  99         int magic_str_len = strlen(sig_start_magic);
 100         char *ch;
 101
 102         while (--image_end > image) {
 103                 if (*image_end == '_') {
 104                         ch = image_end - magic_str_len + 1;
 105                         if (!strncmp(ch, sig_start_magic, magic_str_len))
 106                                 return (u32)ch;
 107                 }
 108         }
 109         return 0;
 110 }
 111
 112 int secure_boot_verify_image(void **image, size_t *size)
 113 {
 114         int result = 1;
 115         u32 cert_addr, sig_addr;
 116         size_t cert_size;
 117
 118         /* Perform cache writeback on input buffer */
 119         flush_dcache_range(
 120                 rounddown((u32)*image, ARCH_DMA_MINALIGN),
 121                 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
 122
 123         cert_addr = (uint32_t)*image;
 124         sig_addr = find_sig_start((char *)*image, *size);
 125
 126         if (sig_addr == 0) {
 127                 printf("No signature found in image!\n");
 128                 result = 1;
 129                 goto auth_exit;
 130         }
 131
 132         *size = sig_addr - cert_addr;   /* Subtract out the signature size */
 133         /* Subtract header if present */
 134         if (strncmp((char *)sig_addr, "CERT_ISW_", 9) == 0)
 135                 *size -= ((u32 *)*image)[HEADER_SIZE_OFFSET];
 136         cert_size = *size;
 137
 138         /* Check if image load address is 32-bit aligned */
 139         if (!IS_ALIGNED(cert_addr, 4)) {
 140                 printf("Image is not 4-byte aligned!\n");
 141                 result = 1;
 142                 goto auth_exit;
 143         }
 144
 145         /* Image size also should be multiple of 4 */
 146         if (!IS_ALIGNED(cert_size, 4)) {
 147                 printf("Image size is not 4-byte aligned!\n");
 148                 result = 1;
 149                 goto auth_exit;
 150         }
 151
 152         /* Call ROM HAL API to verify certificate signature */
 153         debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
 154               cert_addr, cert_size, sig_addr);
 155
 156         result = secure_rom_call(
 157                 API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
 158                 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
 159
 160         /* Perform cache writeback on output buffer */
 161         flush_dcache_range(
 162                 rounddown((u32)*image, ARCH_DMA_MINALIGN),
 163                 roundup((u32)*image + *size, ARCH_DMA_MINALIGN));
 164
 165 auth_exit:
 166         if (result != 0) {
 167                 printf("Authentication failed!\n");
 168                 printf("Return Value = %08X\n", result);
 169                 hang();
 170         }
 171
 172         /*
 173          * Output notification of successful authentication to re-assure the
 174          * user that the secure code is being processed as expected. However
 175          * suppress any such log output in case of building for SPL and booting
 176          * via YMODEM. This is done to avoid disturbing the YMODEM serial
 177          * protocol transactions.
 178          */
 179         if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
 180               IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
 181               spl_boot_device() == BOOT_DEVICE_UART))
 182                 printf("Authentication passed\n");
 183
 184         return result;
 185 }
 186
 187 u32 get_sec_mem_start(void)
 188 {
 189         u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
 190         u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
 191         /*
 192          * Total reserved region is all contiguous with protected
 193          * region coming first, followed by the non-secure region.
 194          * If 0x0 start address is given, we simply put the reserved
 195          * region at the end of the external DRAM.
 196          */
 197         if (sec_mem_start == 0)
 198                 sec_mem_start =
 199                         (CONFIG_SYS_SDRAM_BASE + (
 200 #if defined(CONFIG_OMAP54XX)
 201                         omap_sdram_size()
 202 #else
 203                         get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
 204                                      CONFIG_MAX_RAM_BANK_SIZE)
 205 #endif
 206                         - sec_mem_size));
 207         return sec_mem_start;
 208 }
 209
 210 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
 211                                uint32_t size, uint32_t access_perm,
 212                                uint32_t initiator_perm)
 213 {
 214         int result = 1;
 215
 216         /*
 217          * Call PPA HAL API to do any other general firewall
 218          * configuration for regions 1-6 of the EMIF firewall.
 219          */
 220         debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
 221               region_num, start_addr, size);
 222
 223         result = secure_rom_call(
 224                         PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
 225                         (start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
 226                         size, access_perm, initiator_perm);
 227
 228         if (result != 0) {
 229                 puts("Secure EMIF Firewall Setup failed!\n");
 230                 debug("Return Value = %x\n", result);
 231         }
 232
 233         return result;
 234 }
 235
 236 #if     (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE <  \
 237         CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
 238 #error  "TI Secure EMIF: Protected size cannot be larger than total size."
 239 #endif
 240 int secure_emif_reserve(void)
 241 {
 242         int result = 1;
 243         u32 sec_mem_start = get_sec_mem_start();
 244         u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
 245
 246         /* If there is no protected region, there is no reservation to make */
 247         if (sec_prot_size == 0)
 248                 return 0;
 249
 250         /*
 251          * Call PPA HAL API to reserve a chunk of EMIF SDRAM
 252          * for secure world use. This region should be carved out
 253          * from use by any public code. EMIF firewall region 7
 254          * will be used to protect this block of memory.
 255          */
 256         result = secure_rom_call(
 257                         PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
 258                         0, 0, 2, sec_mem_start, sec_prot_size);
 259
 260         if (result != 0) {
 261                 puts("SDRAM Firewall: Secure memory reservation failed!\n");
 262                 debug("Return Value = %x\n", result);
 263         }
 264
 265         return result;
 266 }
 267
 268 int secure_emif_firewall_lock(void)
 269 {
 270         int result = 1;
 271
 272         /*
 273          * Call PPA HAL API to lock the EMIF firewall configurations.
 274          * After this API is called, none of the PPA HAL APIs for
 275          * configuring the EMIF firewalls will be usable again (that
 276          * is, calls to those APIs will return failure and have no
 277          * effect).
 278          */
 279
 280         result = secure_rom_call(
 281                         PPA_SERV_HAL_LOCK_EMIF_FW,
 282                         0, 0, 0);
 283
 284         if (result != 0) {
 285                 puts("Secure EMIF Firewall Lock failed!\n");
 286                 debug("Return Value = %x\n", result);
 287         }
 288
 289         return result;
 290 }
 291
 292 static struct ppa_tee_load_info tee_info __aligned(ARCH_DMA_MINALIGN);
 293
 294 int secure_tee_install(u32 addr)
 295 {
 296         struct optee_header *hdr;
 297         void *loadptr;
 298         u32 tee_file_size;
 299         u32 sec_mem_start = get_sec_mem_start();
 300         const u32 size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
 301         u32 ret;
 302
 303         /* If there is no protected region, there is no place to put the TEE */
 304         if (size == 0) {
 305                 printf("Error loading TEE, no protected memory region available\n");
 306                 return -ENOBUFS;
 307         }
 308
 309         hdr = (struct optee_header *)map_sysmem(addr, sizeof(struct optee_header));
 310         /* 280 bytes = size of signature */
 311         tee_file_size = hdr->init_size + hdr->paged_size +
 312                         sizeof(struct optee_header) + 280;
 313
 314         if ((hdr->magic != OPTEE_MAGIC) ||
 315             (hdr->version != OPTEE_VERSION) ||
 316             (tee_file_size > size)) {
 317                 printf("Error in TEE header. Check firewall and TEE sizes\n");
 318                 unmap_sysmem(hdr);
 319                 return CMD_RET_FAILURE;
 320         }
 321
 322         tee_info.tee_sec_mem_start = sec_mem_start;
 323         tee_info.tee_sec_mem_size = size;
 324         tee_info.tee_jump_addr = hdr->init_load_addr_lo;
 325         tee_info.tee_cert_start = addr;
 326         tee_info.tee_cert_size = tee_file_size;
 327         tee_info.tee_arg0 = hdr->init_size + tee_info.tee_jump_addr;
 328         unmap_sysmem(hdr);
 329         loadptr = map_sysmem(addr, tee_file_size);
 330
 331         debug("tee_info.tee_sec_mem_start= %08X\n", tee_info.tee_sec_mem_start);
 332         debug("tee_info.tee_sec_mem_size = %08X\n", tee_info.tee_sec_mem_size);
 333         debug("tee_info.tee_jump_addr = %08X\n", tee_info.tee_jump_addr);
 334         debug("tee_info.tee_cert_start = %08X\n", tee_info.tee_cert_start);
 335         debug("tee_info.tee_cert_size = %08X\n", tee_info.tee_cert_size);
 336         debug("tee_info.tee_arg0 = %08X\n", tee_info.tee_arg0);
 337         debug("tee_file_size = %d\n", tee_file_size);
 338
 339 #if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF)
 340         flush_dcache_range(
 341                 rounddown((u32)loadptr, ARCH_DMA_MINALIGN),
 342                 roundup((u32)loadptr + tee_file_size, ARCH_DMA_MINALIGN));
 343
 344         flush_dcache_range((u32)&tee_info, (u32)&tee_info +
 345                         roundup(sizeof(tee_info), ARCH_DMA_MINALIGN));
 346 #endif
 347         unmap_sysmem(loadptr);
 348
 349         ret = secure_rom_call(PPA_SERV_HAL_TEE_LOAD_MASTER, 0, 0, 1, &tee_info);
 350         if (ret) {
 351                 printf("TEE_LOAD_MASTER Failed\n");
 352                 return ret;
 353         }
 354         printf("TEE_LOAD_MASTER Done\n");
 355
 356 #if defined(CONFIG_OMAP54XX)
 357         if (!is_dra72x()) {
 358                 u32 *smc_cpu1_params;
 359                 /* Reuse the tee_info buffer for SMC params */
 360                 smc_cpu1_params = (u32 *)&tee_info;
 361                 smc_cpu1_params[0] = 0;
 362 #if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF)
 363                 flush_dcache_range((u32)smc_cpu1_params, (u32)smc_cpu1_params +
 364                                 roundup(sizeof(u32), ARCH_DMA_MINALIGN));
 365 #endif
 366                 ret = omap_smc_sec_cpu1(PPA_SERV_HAL_TEE_LOAD_SLAVE, 0, 0,
 367                                 smc_cpu1_params);
 368                 if (ret) {
 369                         printf("TEE_LOAD_SLAVE Failed\n");
 370                         return ret;
 371                 }
 372                 printf("TEE_LOAD_SLAVE Done\n");
 373         }
 374 #endif
 375
 376         tee_loaded = 1;
 377
 378         return 0;
 379 }