Merge topic branch 'security' into integration-linux-ux500

5 files changed, 289 insertions, 0 deletions

diff --git a/arch/arm/mach-ux500/include/mach/crypto-ux500.h b/arch/arm/mach-ux500/include/mach/crypto-ux500.h
new file mode 100644
index 00000000000..80c4620d633
--- /dev/null
+++ b/arch/arm/mach-ux500/include/mach/crypto-ux500.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) ST-Ericsson SA 2011
+ *
+ * Author: Joakim Bech <joakim.xx.bech@stericsson.com> for ST-Ericsson
+ * License terms: GNU General Public License (GPL) version 2
+ */
+#ifndef _CRYPTO_UX500_H
+#include <linux/dmaengine.h>
+#include <plat/ste_dma40.h>
+
+struct cryp_platform_data {
+	struct stedma40_chan_cfg mem_to_engine;
+	struct stedma40_chan_cfg engine_to_mem;
+};
+
+struct hash_platform_data {
+	void *mem_to_engine;
+	bool (*dma_filter)(struct dma_chan *chan, void *filter_param);
+};
+
+#endif
diff --git a/arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h b/arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h
new file mode 100644
index 00000000000..2ac88edfe71
--- /dev/null
+++ b/arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h
@@ -0,0 +1,47 @@
+/*
+ * Data types and interface for TEE application for starting the modem.
+ *
+ * Copyright (C) ST-Ericsson SA 2010
+ * Author: Shujuan Chen <shujuan.chen@stericsson.com>
+ * License terms: GNU General Public License (GPL) version 2
+ */
+
+#ifndef TEE_TA_START_MODEM_H
+#define TEE_TA_START_MODEM_H
+
+#define COMMAND_ID_START_MODEM		0x00000001
+
+#define UUID_TEE_TA_START_MODEM_LOW	0x8AD94107
+#define UUID_TEE_TA_START_MODEM_MID	0x6E50
+#define UUID_TEE_TA_START_MODEM_HIGH	0x418E
+#define UUID_TEE_TA_START_MODEM_CLOCKSEQ \
+	{0xB1, 0x14, 0x75, 0x7D, 0x60, 0x21, 0xBD, 0x36}
+
+struct mcore_segment_descr {
+	void *segment;
+	void *hash;
+	u32 size;
+};
+
+struct access_image_descr {
+	void *elf_hdr;
+	void *pgm_hdr_tbl;
+	void *signature;
+	unsigned long nbr_segment;
+	struct mcore_segment_descr *descr;
+};
+
+/* TODO: To be redefined with only info needed by Secure world. */
+struct tee_ta_start_modem {
+	void *access_mem_start;
+	u32 shared_mem_size;
+	u32 access_private_mem_size;
+	struct access_image_descr access_image_descr;
+};
+
+/**
+ * This is the function to handle the modem release.
+ */
+int tee_ta_start_modem(struct tee_ta_start_modem *data);
+
+#endif
diff --git a/arch/arm/mach-ux500/tee_service_svp.c b/arch/arm/mach-ux500/tee_service_svp.c
new file mode 100644
index 00000000000..aa65dd961a0
--- /dev/null
+++ b/arch/arm/mach-ux500/tee_service_svp.c
@@ -0,0 +1,66 @@
+/*
+ * TEE service to handle the calls to trusted applications in SVP.
+ *
+ * Copyright (C) ST-Ericsson SA 2010
+ * Author: Shujuan Chen <shujuan.chen@stericsson.com>
+ * License terms: GNU General Public License (GPL) version 2
+ */
+
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <linux/tee.h>
+#include <linux/err.h>
+#include "mach/tee_ta_start_modem.h"
+
+static int cmp_uuid_start_modem(struct tee_uuid *uuid)
+{
+	int ret = -EINVAL;
+
+	if (uuid == NULL)
+		return -EINVAL;
+
+	/* This handles the calls to TA for start the modem */
+	if ((uuid->timeLow == UUID_TEE_TA_START_MODEM_LOW) &&
+	    (uuid->timeMid == UUID_TEE_TA_START_MODEM_MID) &&
+	    (uuid->timeHiAndVersion == UUID_TEE_TA_START_MODEM_HIGH)) {
+
+		u8 clockSeqAndNode[TEE_UUID_CLOCK_SIZE] =
+			UUID_TEE_TA_START_MODEM_CLOCKSEQ;
+
+		ret = memcmp(uuid->clockSeqAndNode, clockSeqAndNode,
+			     TEE_UUID_CLOCK_SIZE);
+	}
+
+	return ret;
+}
+
+int call_sec_world(struct tee_session *ts, int sec_cmd)
+{
+	int ret = 0;
+
+	if (ts == NULL)
+		return -EINVAL;
+
+	if (cmp_uuid_start_modem(ts->uuid))
+		return -EINVAL;
+
+	switch (ts->cmd) {
+	case COMMAND_ID_START_MODEM:
+		ret = tee_ta_start_modem((struct tee_ta_start_modem *)
+					 ts->op);
+		if (ret) {
+			ts->err = TEED_ERROR_GENERIC;
+			ts->origin = TEED_ORIGIN_TEE_APPLICATION;
+			pr_err("tee_ta_start_modem() failed!\n");
+			return ret;
+		}
+		break;
+
+	default:
+		break;
+	}
+
+	/* TODO: to handle more trusted applications. */
+
+	return ret;
+}
diff --git a/arch/arm/mach-ux500/tee_ta_start_modem_svp.c b/arch/arm/mach-ux500/tee_ta_start_modem_svp.c
new file mode 100644
index 00000000000..12337b93154
--- /dev/null
+++ b/arch/arm/mach-ux500/tee_ta_start_modem_svp.c
@@ -0,0 +1,56 @@
+/*
+ * Trusted application for starting the modem.
+ *
+ * Copyright (C) ST-Ericsson SA 2010
+ * Author: Shujuan Chen <shujuan.chen@stericsson.com>
+ * License terms: GNU General Public License (GPL) version 2
+ */
+
+#include <linux/err.h>
+#include <linux/io.h>
+#include <linux/kernel.h>
+#include <linux/elf.h>
+#include <mach/hardware.h>
+
+#include "mach/tee_ta_start_modem.h"
+
+static int reset_modem(unsigned long modem_start_addr)
+{
+	void __iomem *base = ioremap(U5500_ACCCON_BASE_SEC, 0x2FF);
+	if (!base)
+		return -ENOMEM;
+
+	pr_info("[%s] Setting modem start address!\n", __func__);
+	writel(base + (U5500_ACCCON_CPUVEC_RESET_ADDR_OFFSET/sizeof(uint32_t)),
+	       modem_start_addr);
+
+	pr_info("[%s] resetting the modem!\n", __func__);
+	writel(base + (U5500_ACCCON_ACC_CPU_CTRL_OFFSET/sizeof(uint32_t)), 1);
+
+	iounmap(base);
+
+	return 0;
+}
+
+int tee_ta_start_modem(struct tee_ta_start_modem *data)
+{
+	int ret = 0;
+	struct elfhdr *elfhdr;
+	void __iomem *vaddr;
+
+	vaddr = ioremap((unsigned long)data->access_image_descr.elf_hdr,
+			sizeof(struct elfhdr));
+	if (!vaddr)
+		return -ENOMEM;
+
+	elfhdr = (struct elfhdr *)readl(vaddr);
+	pr_info("Reading in kernel:elfhdr 0x%x:elfhdr->entry=0x%x\n",
+			(uint32_t)elfhdr, (uint32_t)elfhdr->e_entry);
+
+	pr_info("[%s] reset modem()...\n", __func__);
+	ret = reset_modem(elfhdr->e_entry);
+
+	iounmap(vaddr);
+
+	return ret;
+}
diff --git a/arch/arm/mach-ux500/tee_ux500.c b/arch/arm/mach-ux500/tee_ux500.c
new file mode 100644
index 00000000000..9fa985a48c8
--- /dev/null
+++ b/arch/arm/mach-ux500/tee_ux500.c
@@ -0,0 +1,99 @@
+/*
+ * TEE service to handle the calls to trusted applications.
+ *
+ * Copyright (C) ST-Ericsson SA 2010
+ * Author: Joakim Bech <joakim.xx.bech@stericsson.com>
+ * License terms: GNU General Public License (GPL) version 2
+ */
+#include <linux/kernel.h>
+#include <linux/tee.h>
+#include <linux/io.h>
+#include <linux/errno.h>
+
+#include <mach/hardware.h>
+
+#define ISSWAPI_EXECUTE_TA 0x11000001
+#define ISSWAPI_CLOSE_TA   0x11000002
+
+#define SEC_ROM_NO_FLAG_MASK    0x0000
+
+static u32 call_sec_rom_bridge(u32 service_id, u32 cfg, ...)
+{
+	typedef u32 (*bridge_func)(u32, u32, va_list);
+	bridge_func hw_sec_rom_pub_bridge;
+	va_list ap;
+	u32 ret;
+
+	if (cpu_is_u9540())
+		hw_sec_rom_pub_bridge = (bridge_func)
+			((u32)IO_ADDRESS_DB9540_ROM
+			 (U9540_BOOT_ROM_BASE + 0x17300));
+	else if (cpu_is_u8500())
+		hw_sec_rom_pub_bridge = (bridge_func)
+			((u32)IO_ADDRESS(U8500_BOOT_ROM_BASE + 0x17300));
+	else if (cpu_is_u5500())
+		hw_sec_rom_pub_bridge = (bridge_func)
+			((u32)IO_ADDRESS(U5500_BOOT_ROM_BASE + 0x18300));
+	else
+		ux500_unknown_soc();
+
+	va_start(ap, cfg);
+	ret = hw_sec_rom_pub_bridge(service_id, cfg, ap);
+	va_end(ap);
+
+	return ret;
+}
+
+int call_sec_world(struct tee_session *ts, int sec_cmd)
+{
+	/*
+	 * ts->ta and ts->uuid is set to NULL when opening the device,
+	 * hence it should be safe to just do the call here.
+	 */
+
+	switch (sec_cmd) {
+	case TEED_INVOKE:
+	if (!ts->uuid) {
+		call_sec_rom_bridge(ISSWAPI_EXECUTE_TA,
+				SEC_ROM_NO_FLAG_MASK,
+				virt_to_phys(&ts->id),
+				NULL,
+				virt_to_phys(ts->ta),
+				ts->cmd,
+				virt_to_phys((void *)(ts->op)),
+				virt_to_phys((void *)(&ts->err)),
+				virt_to_phys((void *)(&ts->origin)));
+	} else {
+		call_sec_rom_bridge(ISSWAPI_EXECUTE_TA,
+				SEC_ROM_NO_FLAG_MASK,
+				virt_to_phys(&ts->id),
+				virt_to_phys(ts->uuid),
+				virt_to_phys(ts->ta),
+				ts->cmd,
+				virt_to_phys((void *)(ts->op)),
+				virt_to_phys((void *)(&ts->err)),
+				virt_to_phys((void *)(&ts->origin)));
+	}
+	break;
+
+	case TEED_CLOSE_SESSION:
+		call_sec_rom_bridge(ISSWAPI_CLOSE_TA,
+				SEC_ROM_NO_FLAG_MASK,
+				ts->id,
+				NULL,
+				virt_to_phys(ts->ta),
+				virt_to_phys((void *)(&ts->err)));
+
+		/* Since the TEE Client API does NOT take care of
+		 * the return value, we print a warning here if
+		 * something went wrong in secure world.
+		 */
+		if (ts->err != TEED_SUCCESS)
+				pr_warning("[%s] failed in secure world\n",
+							__func__);
+
+	break;
+	}
+
+	return 0;
+}