qseecom: Add ioctl for enterprise-security
Add ioctl to get a sw-fuse state and
add ioctl to save a partition hash.
Change-Id: I45adfec72ea79ce7bc26fac27bbaaacae86cb7d9
Signed-off-by: Amir Samuelov <amirs@codeaurora.org>
Signed-off-by: Elad Levi <elevi@codeaurora.org>
diff --git a/arch/arm/mach-msm/include/mach/scm.h b/arch/arm/mach-msm/include/mach/scm.h
index 4258dbd..72eb999 100644
--- a/arch/arm/mach-msm/include/mach/scm.h
+++ b/arch/arm/mach-msm/include/mach/scm.h
@@ -24,6 +24,7 @@
#define SCM_SVC_MP 0xC
#define SCM_SVC_CRYPTO 0xA
#define SCM_SVC_DCVS 0xD
+#define SCM_SVC_ES 0x10
#define SCM_SVC_TZSCHEDULER 0xFC
#ifdef CONFIG_MSM_SCM
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c
index 188ac32..fc51a5d 100644
--- a/drivers/misc/qseecom.c
+++ b/drivers/misc/qseecom.c
@@ -1,5 +1,3 @@
-
-
/*Qualcomm Secure Execution Environment Communicator (QSEECOM) driver
*
* Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
@@ -53,6 +51,7 @@
#define QSEE_VERSION_01 0x401000
#define QSEE_VERSION_02 0x402000
#define QSEE_VERSION_03 0x403000
+#define QSEE_VERSION_04 0x404000
#define QSEOS_CHECK_VERSION_CMD 0x00001803
@@ -62,6 +61,12 @@
#define QSEECOM_MAX_SG_ENTRY 512
#define QSEECOM_DISK_ENCRYTPION_KEY_ID 0
+/* Save partition image hash for authentication check */
+#define SCM_SAVE_PARTITION_HASH_ID 0x01
+
+/* Check if enterprise security is activate */
+#define SCM_IS_ACTIVATED_ID 0x02
+
enum qseecom_clk_definitions {
CLK_DFAB = 0,
CLK_SFPB,
@@ -2570,6 +2575,70 @@
return ret;
}
+static int qseecom_is_es_activated(void __user *argp)
+{
+ struct qseecom_is_es_activated_req req;
+ int ret;
+ int resp_buf;
+
+ if (qseecom.qsee_version < QSEE_VERSION_04) {
+ pr_err("invalid qsee version");
+ return -ENODEV;
+ }
+
+ if (argp == NULL) {
+ pr_err("arg is null");
+ return -EINVAL;
+ }
+
+ ret = scm_call(SCM_SVC_ES, SCM_IS_ACTIVATED_ID, NULL, 0,
+ (void *) &resp_buf, sizeof(resp_buf));
+ if (ret) {
+ pr_err("scm_call failed");
+ return ret;
+ }
+
+ req.is_activated = resp_buf;
+ ret = copy_to_user(argp, &req, sizeof(req));
+ if (ret) {
+ pr_err("copy_to_user failed");
+ return ret;
+ }
+
+ return 0;
+}
+
+static int qseecom_save_partition_hash(void __user *argp)
+{
+ struct qseecom_save_partition_hash_req req;
+ int ret;
+
+ if (qseecom.qsee_version < QSEE_VERSION_04) {
+ pr_err("invalid qsee version ");
+ return -ENODEV;
+ }
+
+ if (argp == NULL) {
+ pr_err("arg is null");
+ return -EINVAL;
+ }
+
+ ret = copy_from_user(&req, argp, sizeof(req));
+ if (ret) {
+ pr_err("copy_from_user failed");
+ return ret;
+ }
+
+ ret = scm_call(SCM_SVC_ES, SCM_SAVE_PARTITION_HASH_ID,
+ (void *) &req, sizeof(req), NULL, 0);
+ if (ret) {
+ pr_err("scm_call failed");
+ return ret;
+ }
+
+ return 0;
+}
+
static long qseecom_ioctl(struct file *file, unsigned cmd,
unsigned long arg)
{
@@ -2782,6 +2851,24 @@
mutex_unlock(&app_access_lock);
break;
}
+ case QSEECOM_IOCTL_SAVE_PARTITION_HASH_REQ: {
+ data->released = true;
+ mutex_lock(&app_access_lock);
+ atomic_inc(&data->ioctl_count);
+ ret = qseecom_save_partition_hash(argp);
+ atomic_dec(&data->ioctl_count);
+ mutex_unlock(&app_access_lock);
+ break;
+ }
+ case QSEECOM_IOCTL_IS_ES_ACTIVATED_REQ: {
+ data->released = true;
+ mutex_lock(&app_access_lock);
+ atomic_inc(&data->ioctl_count);
+ ret = qseecom_is_es_activated(argp);
+ atomic_dec(&data->ioctl_count);
+ mutex_unlock(&app_access_lock);
+ break;
+ }
default:
return -EINVAL;
}
diff --git a/include/linux/qseecom.h b/include/linux/qseecom.h
index c399b81..294c881 100644
--- a/include/linux/qseecom.h
+++ b/include/linux/qseecom.h
@@ -138,6 +138,25 @@
enum qseecom_key_management_usage_type usage;
};
+#define SHA256_DIGEST_LENGTH (256/8)
+/*
+ * struct qseecom_save_partition_hash_req
+ * @partition_id - partition id.
+ * @hash[SHA256_DIGEST_LENGTH] - sha256 digest.
+ */
+struct qseecom_save_partition_hash_req {
+ int partition_id; /* in */
+ char digest[SHA256_DIGEST_LENGTH]; /* in */
+};
+
+/*
+ * struct qseecom_is_es_activated_req
+ * @is_activated - 1=true , 0=false
+ */
+struct qseecom_is_es_activated_req {
+ int is_activated; /* out */
+};
+
#define QSEECOM_IOC_MAGIC 0x97
@@ -195,5 +214,10 @@
#define QSEECOM_IOCTL_WIPE_KEY_REQ \
_IOWR(QSEECOM_IOC_MAGIC, 18, struct qseecom_wipe_key_req)
+#define QSEECOM_IOCTL_SAVE_PARTITION_HASH_REQ \
+ _IOWR(QSEECOM_IOC_MAGIC, 19, struct qseecom_save_partition_hash_req)
+
+#define QSEECOM_IOCTL_IS_ES_ACTIVATED_REQ \
+ _IOWR(QSEECOM_IOC_MAGIC, 20, struct qseecom_is_es_activated_req)
#endif /* __QSEECOM_H_ */