blob: 5abbe631fcf44a932a287587ba97b8390c8321e7 [file] [log] [blame]
/* Copyright (c) 2011-2017, The Linux Foundation. All rights reserved.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
* * Neither the name of The Linux Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __SCM_H__
#define __SCM_H__
#include <reboot.h>
/* ARM SCM format support related flags */
#define SIP_SVC_CALLS 0x02000000
#define MAKE_SIP_SCM_CMD(svc_id, cmd_id) ((((svc_id << 8) | (cmd_id)) & 0xFFFF) | SIP_SVC_CALLS)
#define MAKE_SCM_VAR_ARGS(num_args, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, ...) (\
(((t0) & 0xff) << 4) | \
(((t1) & 0xff) << 6) | \
(((t2) & 0xff) << 8) | \
(((t3) & 0xff) << 10) | \
(((t4) & 0xff) << 12) | \
(((t5) & 0xff) << 14) | \
(((t6) & 0xff) << 16) | \
(((t7) & 0xff) << 18) | \
(((t8) & 0xff) << 20) | \
(((t9) & 0xff) << 22) | \
(num_args & 0xffff))
#define MAKE_SCM_ARGS(...) MAKE_SCM_VAR_ARGS(__VA_ARGS__, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
#define SCM_ATOMIC_BIT BIT(31)
#define SCM_MAX_ARG_LEN 5
#define SCM_INDIR_MAX_LEN 10
enum
{
SMC_PARAM_TYPE_VALUE = 0,
SMC_PARAM_TYPE_BUFFER_READ,
SMC_PARAM_TYPE_BUFFER_READWRITE,
SMC_PARAM_TYPE_BUFFER_VALIDATION,
} scm_arg_type;
/* 8 Byte SSD magic number (LE) */
#define DECRYPT_MAGIC_0 0x73737A74
#define DECRYPT_MAGIC_1 0x676D6964
#define ENCRYPT_MAGIC_0 0x6B647373
#define ENCRYPT_MAGIC_1 0x676D6973
#define SSD_HEADER_MAGIC_SIZE 8
#define SSD_HEADER_XML_SIZE 2048
#define SSD_HEADER_MIN_SIZE 128
#define MULTIPLICATION_FACTOR 2
typedef unsigned int uint32;
typedef struct {
uint32 len;
uint32 buf_offset;
uint32 resp_hdr_offset;
uint32 id;
} scm_command;
typedef struct {
uint32 len;
uint32 buf_offset;
uint32 is_complete;
} scm_response;
typedef struct {
uint32 *img_ptr;
uint32 *img_len_ptr;
} img_req;
typedef struct {
uint32 id;
uint32 spare;
} tz_secure_cfg;
typedef struct {
uint32 md_len;
uint32* md;
} ssd_parse_md_req;
typedef struct {
uint32 status;
uint32 md_ctx_id;
uint32* md_end_ptr;
} ssd_parse_md_rsp;
typedef struct {
uint32 md_ctx_id;
uint32 last_frag;
uint32 frag_len;
uint32 *frag;
} ssd_decrypt_img_frag_req;
typedef struct {
uint32 status;
} ssd_decrypt_img_frag_rsp;
typedef struct{
uint32 feature_id;
} feature_version_req;
typedef struct{
uint32 version;
} feature_version_rsp;
typedef struct{
uint32 *status_ptr;
uint32 status_len;
} get_secure_state_req;
typedef struct{
uint32 status_low;
uint32 status_high;
} get_secure_state_rsp;
typedef struct{
uint32 row_address;
uint32 addr_type;
uint32 *row_data;
uint32 *qfprom_api_status;
} qfprom_read_row_req;
typedef struct{
uint32 *keystore_ptr;
uint32 keystore_len;
} ssd_protect_keystore_req;
typedef struct{
uint32 status;
} ssd_protect_keystore_rsp;
typedef struct {
uint32_t config;
uint32_t spare;
} tz_xpu_prot_cmd;
typedef struct {
uint64_t el1_x0;
uint64_t el1_x1;
uint64_t el1_x2;
uint64_t el1_x3;
uint64_t el1_x4;
uint64_t el1_x5;
uint64_t el1_x6;
uint64_t el1_x7;
uint64_t el1_x8;
uint64_t el1_elr;
} el1_system_param;
struct tz_prng_data {
uint8_t *out_buf;
uint32_t out_buf_size;
}__PACKED;
typedef struct {
uint8_t *in_buf;
uint32_t in_buf_size;
uint8_t *out_buf;
uint32_t out_buf_size;
uint32_t direction;
} mdtp_cipher_dip_req;
/* SCM support as per ARM spec */
/*
* Structure to define the argument for scm call
* x0: is the command ID
* x1: Number of argument & type of arguments
* : Type can be any of
* : SMC_PARAM_TYPE_VALUE 0
* : SMC_PARAM_TYPE_BUFFER_READ 1
* : SMC_PARAM_TYPE_BUFFER_READWRITE 2
* : SMC_PARAM_TYPE_BUFFER_VALIDATION 3
* @Note: Number of argument count starts from X2.
* x2-x4: Arguments
* X5[10]: if the number of argument is more, an indirect
* : list can be passed here.
*/
typedef struct {
uint32_t x0;/* command ID details as per ARMv8 spec :
0:7 command, 8:15 service id
0x02000000: SIP calls
30: SMC32 or SMC64
31: Standard or fast calls*/
uint32_t x1; /* # of args and attributes for buffers
* 0-3: arg #
* 4-5: type of arg1
* 6-7: type of arg2
* :
* :
* 20-21: type of arg8
* 22-23: type of arg9
*/
uint32_t x2; /* Param1 */
uint32_t x3; /* Param2 */
uint32_t x4; /* Param3 */
uint32_t x5[10]; /* Indirect parameter list */
uint32_t atomic; /* To indicate if its standard or fast call */
} scmcall_arg;
/* Return value for the SCM call:
* SCM call returns values in register if its less than
* 12 bytes, anything greater need to be input buffer + input len
* arguments
*/
typedef struct
{
uint32_t x1;
uint32_t x2;
uint32_t x3;
} scmcall_ret;
/* Service IDs */
#define SCM_SVC_BOOT 0x01
#define TZBSP_SVC_INFO 0x06
#define SCM_SVC_SSD 0x07
#define SVC_MEMORY_PROTECTION 0x0C
#define TZ_SVC_CRYPTO 0x0A
#define SCM_SVC_INFO 0x06
#define TZ_SVC_DLOAD_MODE 0x3
/*Service specific command IDs */
#define ERR_FATAL_ENABLE 0x0
#define SSD_DECRYPT_ID 0x01
#define SSD_ENCRYPT_ID 0x02
#define SSD_PROTECT_KEYSTORE_ID 0x05
#define SSD_PARSE_MD_ID 0x06
#define SSD_DECRYPT_IMG_FRAG_ID 0x07
#define WDOG_DEBUG_DISABLE 0x09
#define SCM_DLOAD_CMD 0x10
#define XPU_ERR_FATAL 0xe
#define SECURE_DEVICE_MDSS 0x01
#define IOMMU_SECURE_CFG 0x02
#define TZ_INFO_GET_FEATURE_ID 0x03
#define TZ_INFO_GET_SECURE_STATE 0x04
#define PRNG_CMD_ID 0x01
#define IS_CALL_AVAIL_CMD 0x01
#define IS_SECURE_BOOT_ENABLED 0x04
/* Download Mode specific arguments to be passed to TZ */
#define SCM_EDLOAD_MODE 0x01
#define SCM_DLOAD_MODE 0x10
/* SSD parsing status messages from TZ */
#define SSD_PMD_ENCRYPTED 0
#define SSD_PMD_NOT_ENCRYPTED 1
#define SSD_PMD_NO_MD_FOUND 3
#define SSD_PMD_BUSY 4
#define SSD_PMD_BAD_MD_PTR_OR_LEN 5
#define SSD_PMD_PARSING_INCOMPLETE 6
#define SSD_PMD_PARSING_FAILED 7
#define SSD_PMD_SETUP_CIPHER_FAILED 8
/* Keystore status messages */
#define TZBSP_SSD_PKS_SUCCESS 0 /**< Successful return. */
#define TZBSP_SSD_PKS_INVALID_PTR 1 /**< Keystore pointer invalid. */
#define TZBSP_SSD_PKS_INVALID_LEN 2 /**< Keystore length incorrect. */
#define TZBSP_SSD_PKS_UNALIGNED_PTR 3 /**< Keystore pointer not word
aligned. */
#define TZBSP_SSD_PKS_PROTECT_MEM_FAILED 4 /**< Failure when protecting
the keystore memory.*/
#define TZBSP_SSD_PKS_INVALID_NUM_KEYS 5 /**< Unsupported number of
keys passed. If a valid
pointer to non-secure
memory is passed that
isn't a keystore, this is
a likely return code. */
#define TZBSP_SSD_PKS_DECRYPT_FAILED 6 /**< The keystore could not be
decrypted. */
/* Features in TZ */
#define TZBSP_FVER_SSD 5
#define TZBSP_GET_FEATURE_VERSION(major) ((major >> 22)& 0x3FF)
static uint32 smc(uint32 cmd_addr);
int decrypt_scm(uint32_t ** img_ptr, uint32_t * img_len_ptr);
int decrypt_scm_v2(uint32_t ** img_ptr, uint32_t * img_len_ptr);
int encrypt_scm(uint32_t ** img_ptr, uint32_t * img_len_ptr);
int scm_svc_version(uint32 * major, uint32 * minor);
/**
* Check security status on the device. Returns the security check result.
* Bit value 0 means the check passing, and bit value 1 means the check failing.
*
* @state_low[out] : lower 32 bits of the state:
* Bit 0: secboot enabling check failed
* Bit 1: Sec HW key is not programmed
* Bit 2: debug disable check failed
* Bit 3: Anti-rollback check failed
* Bit 4: fuse config check failed
* Bit 5: rpmb fuse check failed
* @state_high[out] : highr 32 bits of the state.
*
* Returns 0 on success, negative on failure.
*/
int scm_svc_get_secure_state(uint32_t *state_low, uint32_t *state_high);
int scm_protect_keystore(uint32_t * img_ptr, uint32_t img_len);
int
scm_call(uint32_t svc_id, uint32_t cmd_id, const void *cmd_buf,
size_t cmd_len, void *resp_buf, size_t resp_len);
#define SCM_SVC_FUSE 0x08
#define SCM_BLOW_SW_FUSE_ID 0x01
#define SCM_IS_SW_FUSE_BLOWN_ID 0x02
#define SCM_QFPROM_READ_ROW_ID 0x05
#define HLOS_IMG_TAMPER_FUSE 0
#define WINSECAPP_LOADED_FUSE 1 /**< Used by the WinSec application to prevent reloading. */
#define UEFISECAPP_LOADED_FUSE 2 /**< Used by UefiSecApp to prevent
reloading. */
#define OEM_FUSE_1 3 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_2 4 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_3 5 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_4 6 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_5 7 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_6 8 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_7 9 /**< Reserved fuse bit for OEMs. */
#define OEM_FUSE_8 10 /**< Reserved fuse bit for OEMs. */
#define HLOS_BL_MILESTONE_FUSE 11 /**< Used to notify the bootloader milestone call.*/
#define HLOS_TAMPER_NOTIFY_FUSE 12 /**< Used to notify TZ that HLOS has been tampered.*/
#define NUM_SW_FUSES 13 /**< Number of supported software fuses.
@newpage */
#define SCM_SVC_CE_CHN_SWITCH_ID 0x04
#define SCM_CE_CHN_SWITCH_ID 0x02
#define SCM_SVC_ES 0x10
#define SCM_SAVE_PARTITION_HASH_ID 0x01
#define SCM_SVC_MDTP 0x12
#define SCM_MDTP_CIPHER_DIP 0x01
#define SCM_SVC_PWR 0x9
#define SCM_IO_DISABLE_PMIC_ARBITER 0x1
#define SCM_IO_DISABLE_PMIC_ARBITER1 0x2
#define SCM_SVC_MILESTONE_32_64_ID 0x1
#define SCM_SVC_MILESTONE_CMD_ID 0xf
#define SCM_SVC_TZSCHEDULER 0xFC
enum ap_ce_channel_type {
AP_CE_REGISTER_USE = 0,
AP_CE_ADM_USE = 1
};
/* Apps CE resource. */
#define TZ_RESOURCE_CE_AP 2
/* Secure IO Service IDs */
#define SCM_IO_READ 0x1
#define SCM_IO_WRITE 0x2
#define SCM_SVC_IO 0x5
uint8_t switch_ce_chn_cmd(enum ap_ce_channel_type channel);
/**
* Encrypt or Decrypt a Data Integrity Partition (DIP) structure using a
* HW derived key. The DIP is used for storing integrity information for
* Mobile Device Theft Protection (MDTP) service.
*
* @in_buf[in] : Pointer to plain text buffer.
* @in_buf_size[in] : Plain text buffer size.
* @out_buf[in] : Pointer to encrypted buffer.
* @out_buf_size[in] : Encrypted buffer size.
* @direction[in] : 0 for ENCRYPTION, 1 for DECRYPTION.
*
* Returns 0 on success, negative on failure.
*/
int mdtp_cipher_dip_cmd(uint8_t *in_buf, uint32_t in_buf_size, uint8_t *out_buf,
uint32_t out_buf_size, uint32_t direction);
uint32_t set_tamper_fuse_cmd(uint32_t fuse_id);
/**
* Reads the row data of the specified QFPROM row address.
*
* @row_address[in] : Row address in the QFPROM region to read.
* @addr_type[in] : Raw or corrected address.
* @row_data[in] : Pointer to the data to be read.
* @qfprom_api_status[out] : Status of the read operation.
*
* Returns Any errors while reading data from the specified
* Returns 0 on success, negative on failure.
*/
int qfprom_read_row_cmd(uint32_t row_address, uint32_t addr_type, uint32_t *row_data, uint32_t *qfprom_api_status);
int scm_halt_pmic_arbiter();
int scm_call_atomic2(uint32_t svc, uint32_t cmd, uint32_t arg1, uint32_t arg2);
int restore_secure_cfg(uint32_t id);
void scm_elexec_call(paddr_t kernel_entry, paddr_t dtb_offset);
int scm_random(uintptr_t * rbuf, uint32_t r_len);
uintptr_t get_canary();
/* API to configure XPU violations as fatal */
int scm_xpu_err_fatal_init();
/* APIs to support ARM scm standard
* Takes arguments : x0-x5 and returns result
* in x0-x3*/
uint32_t scm_call2(scmcall_arg *arg, scmcall_ret *ret);
/**
* struct scm_command - one SCM command buffer
* @len: total available memory for command and response
* @buf_offset: start of command buffer
* @resp_hdr_offset: start of response buffer
* @id: command to be executed
* @buf: buffer returned from scm_get_command_buffer()
*
* An SCM command is layed out in memory as follows:
*
* ------------------- <--- struct scm_command
* | command header |
* ------------------- <--- scm_get_command_buffer()
* | command buffer |
* ------------------- <--- struct scm_response and
* | response header | scm_command_to_response()
* ------------------- <--- scm_get_response_buffer()
* | response buffer |
* -------------------
*
* There can be arbitrary padding between the headers and buffers so
* you should always use the appropriate scm_get_*_buffer() routines
* to access the buffers in a safe manner.
*/
struct scm_command {
uint32_t len;
uint32_t buf_offset;
uint32_t resp_hdr_offset;
uint32_t id;
uint32_t buf[0];
};
/**
* struct scm_response - one SCM response buffer
* @len: total available memory for response
* @buf_offset: start of response data relative to start of scm_response
* @is_complete: indicates if the command has finished processing
*/
struct scm_response {
uint32_t len;
uint32_t buf_offset;
uint32_t is_complete;
};
/* Perform any scm init needed before making scm calls
* Used for checking if armv8 SCM support present
*/
void scm_init();
bool is_secure_boot_enable();
/* Is armv8 supported */
bool is_scm_armv8_support();
int scm_dload_mode(enum reboot_reason mode);
int scm_device_enter_dload();
int scm_call2_atomic(uint32_t svc, uint32_t cmd, uint32_t arg1, uint32_t arg2);
uint32_t scm_io_write(uint32_t address, uint32_t val);
int is_scm_call_available(uint32_t svc_id, uint32_t cmd_id);
int scm_disable_sdi();
bool allow_set_fuse(uint32_t version);
#endif