| // SPDX-License-Identifier: GPL-2.0+ |
| /* |
| * Copyright (c) 2018 Linaro Limited |
| */ |
| |
| #include <common.h> |
| #include <dm.h> |
| #include <dm/device-internal.h> |
| #include <dm/uclass-internal.h> |
| #include <tee.h> |
| |
| /** |
| * struct tee_uclass_priv - information of a TEE, stored by the uclass |
| * |
| * @list_shm: list of structe tee_shm representing memory blocks shared |
| * with the TEE. |
| */ |
| struct tee_uclass_priv { |
| struct list_head list_shm; |
| }; |
| |
| static const struct tee_driver_ops *tee_get_ops(struct udevice *dev) |
| { |
| return device_get_ops(dev); |
| } |
| |
| void tee_get_version(struct udevice *dev, struct tee_version_data *vers) |
| { |
| tee_get_ops(dev)->get_version(dev, vers); |
| } |
| |
| int tee_open_session(struct udevice *dev, struct tee_open_session_arg *arg, |
| uint num_param, struct tee_param *param) |
| { |
| return tee_get_ops(dev)->open_session(dev, arg, num_param, param); |
| } |
| |
| int tee_close_session(struct udevice *dev, u32 session) |
| { |
| return tee_get_ops(dev)->close_session(dev, session); |
| } |
| |
| int tee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg, |
| uint num_param, struct tee_param *param) |
| { |
| return tee_get_ops(dev)->invoke_func(dev, arg, num_param, param); |
| } |
| |
| int __tee_shm_add(struct udevice *dev, ulong align, void *addr, ulong size, |
| u32 flags, struct tee_shm **shmp) |
| { |
| struct tee_shm *shm = NULL; |
| void *p = addr; |
| int rc; |
| |
| if (flags & TEE_SHM_ALLOC) { |
| /* |
| * When instructed to allocate on client's behalf, we allocate from |
| * target TEE's predefined shared memory pool. |
| */ |
| p = tee_get_ops(dev)->shm_allocate(dev, align, size); |
| |
| /* Skip registration with TEE since anything from the predefined pool |
| * is pre-registered as well. */ |
| flags &= ~(TEE_SHM_SEC_REGISTER); |
| } |
| if (!p) |
| return -ENOMEM; |
| |
| shm = tee_get_ops(dev)->shm_allocate(dev, 0, sizeof(*shm)); |
| if (!shm) { |
| rc = -ENOMEM; |
| goto err; |
| } |
| memset(shm, 0, sizeof(*shm)); |
| |
| shm->dev = dev; |
| shm->addr = p; |
| shm->size = size; |
| shm->flags = flags; |
| |
| if (flags & TEE_SHM_SEC_REGISTER) { |
| rc = tee_get_ops(dev)->shm_register(dev, shm); |
| if (rc) |
| goto err; |
| } |
| |
| if (flags & TEE_SHM_REGISTER) { |
| struct tee_uclass_priv *priv = dev_get_uclass_priv(dev); |
| |
| list_add(&shm->link, &priv->list_shm); |
| } |
| |
| *shmp = shm; |
| |
| return 0; |
| err: |
| tee_get_ops(dev)->shm_free(dev, shm); |
| if (flags & TEE_SHM_ALLOC) { |
| tee_get_ops(dev)->shm_free(dev, p); |
| } |
| |
| return rc; |
| } |
| |
| int tee_shm_alloc(struct udevice *dev, ulong size, u32 flags, |
| struct tee_shm **shmp) |
| { |
| u32 f = flags; |
| |
| f |= TEE_SHM_SEC_REGISTER | TEE_SHM_REGISTER | TEE_SHM_ALLOC; |
| |
| return __tee_shm_add(dev, 0, NULL, size, f, shmp); |
| } |
| |
| int tee_shm_register(struct udevice *dev, void *addr, ulong size, u32 flags, |
| struct tee_shm **shmp) |
| { |
| u32 f = flags & ~TEE_SHM_ALLOC; |
| |
| f |= TEE_SHM_SEC_REGISTER | TEE_SHM_REGISTER; |
| |
| return __tee_shm_add(dev, 0, addr, size, f, shmp); |
| } |
| |
| void tee_shm_free(struct tee_shm *shm) |
| { |
| if (!shm) |
| return; |
| |
| if (shm->flags & TEE_SHM_SEC_REGISTER) |
| tee_get_ops(shm->dev)->shm_unregister(shm->dev, shm); |
| |
| if (shm->flags & TEE_SHM_REGISTER) |
| list_del(&shm->link); |
| |
| if (shm->flags & TEE_SHM_ALLOC) |
| tee_get_ops(shm->dev)->shm_free(shm->dev, shm->addr); |
| |
| tee_get_ops(shm->dev)->shm_free(shm->dev, shm); |
| } |
| |
| bool tee_shm_is_registered(struct tee_shm *shm, struct udevice *dev) |
| { |
| struct tee_uclass_priv *priv = dev_get_uclass_priv(dev); |
| struct tee_shm *s; |
| |
| list_for_each_entry(s, &priv->list_shm, link) |
| if (s == shm) |
| return true; |
| |
| return false; |
| } |
| |
| struct udevice *tee_find_device(struct udevice *start, |
| int (*match)(struct tee_version_data *vers, |
| const void *data), |
| const void *data, |
| struct tee_version_data *vers) |
| { |
| struct udevice *dev = start; |
| struct tee_version_data lv; |
| struct tee_version_data *v = vers ? vers : &lv; |
| |
| if (!dev) |
| uclass_find_first_device(UCLASS_TEE, &dev); |
| else |
| uclass_find_next_device(&dev); |
| |
| for (; dev; uclass_find_next_device(&dev)) { |
| if (device_probe(dev)) |
| continue; |
| tee_get_ops(dev)->get_version(dev, v); |
| if (!match || match(v, data)) |
| return dev; |
| } |
| |
| return NULL; |
| } |
| |
| static int tee_pre_probe(struct udevice *dev) |
| { |
| struct tee_uclass_priv *priv = dev_get_uclass_priv(dev); |
| |
| INIT_LIST_HEAD(&priv->list_shm); |
| |
| return 0; |
| } |
| |
| static int tee_pre_remove(struct udevice *dev) |
| { |
| struct tee_uclass_priv *priv = dev_get_uclass_priv(dev); |
| struct tee_shm *shm; |
| |
| /* |
| * Any remaining shared memory must be unregistered now as U-Boot |
| * is about to hand over to the next stage and that memory will be |
| * reused. |
| */ |
| while (!list_empty(&priv->list_shm)) { |
| shm = list_first_entry(&priv->list_shm, struct tee_shm, link); |
| debug("%s: freeing leftover shm %p (size %lu, flags %#x)\n", |
| __func__, (void *)shm, shm->size, shm->flags); |
| tee_shm_free(shm); |
| } |
| |
| return 0; |
| } |
| |
| UCLASS_DRIVER(tee) = { |
| .id = UCLASS_TEE, |
| .name = "tee", |
| .per_device_auto_alloc_size = sizeof(struct tee_uclass_priv), |
| .pre_probe = tee_pre_probe, |
| .pre_remove = tee_pre_remove, |
| }; |
| |
| void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d, |
| const u8 s[TEE_UUID_LEN]) |
| { |
| d->time_low = ((u32)s[0] << 24) | ((u32)s[1] << 16) | |
| ((u32)s[2] << 8) | s[3], |
| d->time_mid = ((u32)s[4] << 8) | s[5]; |
| d->time_hi_and_version = ((u32)s[6] << 8) | s[7]; |
| memcpy(d->clock_seq_and_node, s + 8, sizeof(d->clock_seq_and_node)); |
| } |
| |
| void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN], |
| const struct tee_optee_ta_uuid *s) |
| { |
| d[0] = s->time_low >> 24; |
| d[1] = s->time_low >> 16; |
| d[2] = s->time_low >> 8; |
| d[3] = s->time_low; |
| d[4] = s->time_mid >> 8; |
| d[5] = s->time_mid; |
| d[6] = s->time_hi_and_version >> 8; |
| d[7] = s->time_hi_and_version; |
| memcpy(d + 8, s->clock_seq_and_node, sizeof(s->clock_seq_and_node)); |
| } |
| |
| static struct { |
| u32 code; |
| const char *meaning; |
| } well_known_errors[] = { |
| { TEE_SUCCESS, "operation was successful" }, |
| { TEE_ERROR_GENERIC, "non-specific cause" }, |
| { TEE_ERROR_ACCESS_DENIED, "access denied" }, |
| { TEE_ERROR_CANCEL, "operation was cancelled" }, |
| { TEE_ERROR_ACCESS_CONFLICT, "concurrent access caused conflict" }, |
| { TEE_ERROR_EXTRA_DATA, "too much data was passed for the operation" }, |
| { TEE_ERROR_BAD_FORMAT, "input data was of invalid format" }, |
| { TEE_ERROR_BAD_PARAMETERS, "input parameters were invalid" }, |
| { TEE_ERROR_BAD_STATE, "operation was not valid in current state" }, |
| { TEE_ERROR_ITEM_NOT_FOUND, "requested data item was not found" }, |
| { TEE_ERROR_NOT_IMPLEMENTED, |
| "operation should exist but not yet implemented" }, |
| { TEE_ERROR_NOT_SUPPORTED, |
| "operation is valid but not supported by this implementation" }, |
| { TEE_ERROR_NO_DATA, "expected data was missing" }, |
| { TEE_ERROR_OUT_OF_MEMORY, "system ran out of resources" }, |
| { TEE_ERROR_BUSY, "system is busy at something else" }, |
| { TEE_ERROR_COMMUNICATION, "communication with a remote party failed" }, |
| { TEE_ERROR_SECURITY, "a security fault was detected" }, |
| { TEE_ERROR_SHORT_BUFFER, |
| "supplied buffer was too short for the generated output" }, |
| { TEE_ERROR_EXTERNAL_CANCEL, |
| "an external event has caused a UX operation to be aborted" }, |
| { TEE_ERROR_TA_VERSION_INVALID, "TA version is too old" }, |
| { TEE_ERROR_TA_NUM_REACH_MAX, |
| "maximum number of trusted applications supported reached" }, |
| { TEE_ERROR_OVERFLOW, "value overflow detected" }, |
| { TEE_ERROR_TARGET_DEAD, "TA has terminated" }, |
| { TEE_ERROR_STORAGE_NO_SPACE, "system ran out of storage space" }, |
| { TEE_ERROR_MAC_INVALID, "invalid MAC address" }, |
| { TEE_ERROR_SIGNATURE_INVALID, "invalid signature" }, |
| { TEE_ERROR_TIME_NOT_SET, "time not set" }, |
| { TEE_ERROR_TIME_NEEDS_RESET, "time needs to be reset" }, |
| }; |
| |
| static const char *tee_result_to_str(u32 err) |
| { |
| for (int i = 0; i < ARRAY_SIZE(well_known_errors); i++) |
| if (err == well_known_errors[i].code) |
| return well_known_errors[i].meaning; |
| |
| return "unknown TEE error code"; |
| } |
| |
| static const char *tee_origin_to_str(u32 origin) |
| { |
| switch (origin) { |
| case TEE_ORIGIN_API: |
| return "client API"; |
| case TEE_ORIGIN_COMMS: |
| return "client comms stack"; |
| case TEE_ORIGIN_TEE: |
| return "TEE-OS"; |
| case TEE_ORIGIN_TRUSTED_APP: |
| return "TA"; |
| default: |
| return "unknown TEE origin"; |
| } |
| } |
| |
| const char *tee_explain_error(u32 rc, u32 arg_ret, u32 arg_ret_origin) |
| { |
| static char msg[256]; |
| int len; |
| |
| len = snprintf(msg, sizeof(msg), "rc = 0x%x(%s)", rc, |
| tee_result_to_str(rc)); |
| if (arg_ret) { |
| len += snprintf(msg + len, sizeof(msg) - len, |
| ", arg.ret = 0x%x(%s)", arg_ret, |
| tee_result_to_str(arg_ret)); |
| if (arg_ret_origin) { |
| snprintf(msg + len, sizeof(msg) - len, |
| ", arg.ret_origin = %u(%s)", arg_ret_origin, |
| tee_origin_to_str(arg_ret_origin)); |
| } |
| } |
| |
| return msg; |
| } |