From 3416b97dc49ca05087870066ba991a727133b9bd Mon Sep 17 00:00:00 2001 From: Philippe Langlais Date: Thu, 20 Oct 2011 16:26:16 +0200 Subject: add trusted execution environment (tee) driver TEE working now for Android, tested ok with COPS! * Updated according to review comments - Added ST-Ericsson copyright headers to all tee files. - Fixed problem with not using readl/writel when using ioremap. - Fixed problem with forgetting to do iounmap on special case. - Fixed incorrect usage when doing copy_to_user when writing to the device. - Added architecture dependent file for the tee service that calls the secure world. - Added support for more several inputs (sharedmemory buffers) for tee. - Added dummy macro to map MT_MEMORY device. - Fixed memory leak in secure world due to not closing a TEE session correctly from the kernel. - Now we only copies input buffer from user space for tee. - Documented structures in tee.h. - Moved SVP implementation into arch/arm/mach-ux500 folder. - Added new config flags for ux500 and SVP regarding TEE driver. - Update mach-ux500/Kconfig: - Enable TEE_UX500 by default when using target hardware. - Enabel TEE_SVP by default when building simulator. - Fix the cache sync problem: not request ROM code to clean cache - ioremap for ICN_BASE, remove static mapping in cpu-db8500.c. - Fix ioremap of ICN_BASE and do iounmap after use. ST-Ericsson ID: WP269815 Change-Id: Ie861a90ec790e95fb3992e560512661693548a43 Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/4168 Reviewed-by: Shujuan CHEN Tested-by: Shujuan CHEN Signed-off-by: Lee Jones --- .../mach-ux500/include/mach/tee_ta_start_modem.h | 48 ++ arch/arm/mach-ux500/tee_service_svp.c | 66 +++ arch/arm/mach-ux500/tee_ta_start_modem_svp.c | 56 +++ arch/arm/mach-ux500/tee_ux500.c | 79 ++++ drivers/Kconfig | 3 + drivers/Makefile | 1 + drivers/tee/Kconfig | 13 + drivers/tee/Makefile | 8 + drivers/tee/tee_driver.c | 484 +++++++++++++++++++++ drivers/tee/tee_service.c | 17 + include/linux/tee.h | 143 ++++++ 11 files changed, 918 insertions(+) create mode 100644 arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h create mode 100644 arch/arm/mach-ux500/tee_service_svp.c create mode 100644 arch/arm/mach-ux500/tee_ta_start_modem_svp.c create mode 100644 arch/arm/mach-ux500/tee_ux500.c create mode 100644 drivers/tee/Kconfig create mode 100644 drivers/tee/Makefile create mode 100644 drivers/tee/tee_driver.c create mode 100644 drivers/tee/tee_service.c create mode 100644 include/linux/tee.h diff --git a/arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h b/arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h new file mode 100644 index 00000000000..6978b7314c5 --- /dev/null +++ b/arch/arm/mach-ux500/include/mach/tee_ta_start_modem.h @@ -0,0 +1,48 @@ +/* + * Data types and interface for TEE application for starting the modem. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Shujuan Chen + * License terms: GNU General Public License (GPL) version 2 + */ + +#ifndef TEE_TA_START_MODEM_H +#define TEE_TA_START_MODEM_H + +#define COMMAND_ID_START_MODEM 0x00000001 + +#define UUID_TEE_TA_START_MODEM_LOW 0x8AD94107 +#define UUID_TEE_TA_START_MODEM_MID 0x6E50 +#define UUID_TEE_TA_START_MODEM_HIGH 0x418E +#define UUID_TEE_TA_START_MODEM_CLOCKSEQ \ + {0xB1, 0x14, 0x75, 0x7D, 0x60, 0x21, 0xBD, 0x36} + +struct mcore_segment_descr { + void *segment; + void *hash; + u32 size; +}; + +struct access_image_descr { + void *elf_hdr; + void *pgm_hdr_tbl; + void *signature; + unsigned long nbr_segment; + struct mcore_segment_descr *descr; +}; + +/* TODO: To be redefined with only info needed by Secure world. */ +struct tee_ta_start_modem { + void *access_mem_start; + u32 shared_mem_size; + u32 access_private_mem_size; + struct access_image_descr access_image_descr; +}; + +/** + * This is the function to handle the modem release. + */ +int tee_ta_start_modem(struct tee_ta_start_modem *data); + +#endif + diff --git a/arch/arm/mach-ux500/tee_service_svp.c b/arch/arm/mach-ux500/tee_service_svp.c new file mode 100644 index 00000000000..aa65dd961a0 --- /dev/null +++ b/arch/arm/mach-ux500/tee_service_svp.c @@ -0,0 +1,66 @@ +/* + * TEE service to handle the calls to trusted applications in SVP. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Shujuan Chen + * License terms: GNU General Public License (GPL) version 2 + */ + +#include +#include +#include +#include +#include "mach/tee_ta_start_modem.h" + +static int cmp_uuid_start_modem(struct tee_uuid *uuid) +{ + int ret = -EINVAL; + + if (uuid == NULL) + return -EINVAL; + + /* This handles the calls to TA for start the modem */ + if ((uuid->timeLow == UUID_TEE_TA_START_MODEM_LOW) && + (uuid->timeMid == UUID_TEE_TA_START_MODEM_MID) && + (uuid->timeHiAndVersion == UUID_TEE_TA_START_MODEM_HIGH)) { + + u8 clockSeqAndNode[TEE_UUID_CLOCK_SIZE] = + UUID_TEE_TA_START_MODEM_CLOCKSEQ; + + ret = memcmp(uuid->clockSeqAndNode, clockSeqAndNode, + TEE_UUID_CLOCK_SIZE); + } + + return ret; +} + +int call_sec_world(struct tee_session *ts, int sec_cmd) +{ + int ret = 0; + + if (ts == NULL) + return -EINVAL; + + if (cmp_uuid_start_modem(ts->uuid)) + return -EINVAL; + + switch (ts->cmd) { + case COMMAND_ID_START_MODEM: + ret = tee_ta_start_modem((struct tee_ta_start_modem *) + ts->op); + if (ret) { + ts->err = TEED_ERROR_GENERIC; + ts->origin = TEED_ORIGIN_TEE_APPLICATION; + pr_err("tee_ta_start_modem() failed!\n"); + return ret; + } + break; + + default: + break; + } + + /* TODO: to handle more trusted applications. */ + + return ret; +} diff --git a/arch/arm/mach-ux500/tee_ta_start_modem_svp.c b/arch/arm/mach-ux500/tee_ta_start_modem_svp.c new file mode 100644 index 00000000000..12337b93154 --- /dev/null +++ b/arch/arm/mach-ux500/tee_ta_start_modem_svp.c @@ -0,0 +1,56 @@ +/* + * Trusted application for starting the modem. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Shujuan Chen + * License terms: GNU General Public License (GPL) version 2 + */ + +#include +#include +#include +#include +#include + +#include "mach/tee_ta_start_modem.h" + +static int reset_modem(unsigned long modem_start_addr) +{ + void __iomem *base = ioremap(U5500_ACCCON_BASE_SEC, 0x2FF); + if (!base) + return -ENOMEM; + + pr_info("[%s] Setting modem start address!\n", __func__); + writel(base + (U5500_ACCCON_CPUVEC_RESET_ADDR_OFFSET/sizeof(uint32_t)), + modem_start_addr); + + pr_info("[%s] resetting the modem!\n", __func__); + writel(base + (U5500_ACCCON_ACC_CPU_CTRL_OFFSET/sizeof(uint32_t)), 1); + + iounmap(base); + + return 0; +} + +int tee_ta_start_modem(struct tee_ta_start_modem *data) +{ + int ret = 0; + struct elfhdr *elfhdr; + void __iomem *vaddr; + + vaddr = ioremap((unsigned long)data->access_image_descr.elf_hdr, + sizeof(struct elfhdr)); + if (!vaddr) + return -ENOMEM; + + elfhdr = (struct elfhdr *)readl(vaddr); + pr_info("Reading in kernel:elfhdr 0x%x:elfhdr->entry=0x%x\n", + (uint32_t)elfhdr, (uint32_t)elfhdr->e_entry); + + pr_info("[%s] reset modem()...\n", __func__); + ret = reset_modem(elfhdr->e_entry); + + iounmap(vaddr); + + return ret; +} diff --git a/arch/arm/mach-ux500/tee_ux500.c b/arch/arm/mach-ux500/tee_ux500.c new file mode 100644 index 00000000000..ab3782a323c --- /dev/null +++ b/arch/arm/mach-ux500/tee_ux500.c @@ -0,0 +1,79 @@ +/* + * TEE service to handle the calls to trusted applications. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Joakim Bech + * License terms: GNU General Public License (GPL) version 2 + */ +#include +#include +#include + +#include + +#define BOOT_BRIDGE_FUNC (U8500_BOOT_ROM_BASE + 0x18300) + +#define ISSWAPI_EXECUTE_TA 0x11000001 +#define ISSWAPI_CLOSE_TA 0x11000002 + +#define SEC_ROM_NO_FLAG_MASK 0x0000 + +static u32 call_sec_rom_bridge(u32 service_id, u32 cfg, ...) +{ + typedef u32 (*bridge_func)(u32, u32, va_list); + static bridge_func hw_sec_rom_pub_bridge; + va_list ap; + u32 ret; + + hw_sec_rom_pub_bridge = + (bridge_func)((u32)IO_ADDRESS(BOOT_BRIDGE_FUNC)); + + va_start(ap, cfg); + ret = hw_sec_rom_pub_bridge(service_id, cfg, ap); + va_end(ap); + + return ret; +} + +int call_sec_world(struct tee_session *ts, int sec_cmd) +{ + /* + * ts->ta and ts->uuid is set to NULL when opening the device, + * hence it should be safe to just do the call here. + */ + + switch (sec_cmd) { + case TEED_INVOKE: + if (!ts->uuid) { + call_sec_rom_bridge(ISSWAPI_EXECUTE_TA, + SEC_ROM_NO_FLAG_MASK, + virt_to_phys(&ts->id), + NULL, + virt_to_phys(ts->ta), + ts->cmd, + virt_to_phys((void *)(ts->op)), + virt_to_phys((void *)(&ts->origin))); + } else { + call_sec_rom_bridge(ISSWAPI_EXECUTE_TA, + SEC_ROM_NO_FLAG_MASK, + virt_to_phys(&ts->id), + virt_to_phys(ts->uuid), + virt_to_phys(ts->ta), + ts->cmd, + virt_to_phys((void *)(ts->op)), + virt_to_phys((void *)(&ts->origin))); + } + break; + + case TEED_CLOSE_SESSION: + call_sec_rom_bridge(ISSWAPI_CLOSE_TA, + SEC_ROM_NO_FLAG_MASK, + ts->id, + NULL, + virt_to_phys(ts->ta), + virt_to_phys((void *)(&ts->origin))); + break; + } + + return 0; +} diff --git a/drivers/Kconfig b/drivers/Kconfig index d236aef7e59..68e36aed05b 100644 --- a/drivers/Kconfig +++ b/drivers/Kconfig @@ -126,6 +126,8 @@ source "drivers/platform/Kconfig" source "drivers/clk/Kconfig" +source "drivers/tee/Kconfig" + source "drivers/hwspinlock/Kconfig" source "drivers/clocksource/Kconfig" @@ -141,3 +143,4 @@ source "drivers/virt/Kconfig" source "drivers/devfreq/Kconfig" endmenu + diff --git a/drivers/Makefile b/drivers/Makefile index 95952c82bf1..4ca756c31be 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -122,6 +122,7 @@ obj-y += platform/ obj-y += ieee802154/ #common clk code obj-y += clk/ +obj-$(CONFIG_TEE_SUPPORT) += tee/ obj-$(CONFIG_HWSPINLOCK) += hwspinlock/ obj-$(CONFIG_NFC) += nfc/ diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig new file mode 100644 index 00000000000..a452e888d77 --- /dev/null +++ b/drivers/tee/Kconfig @@ -0,0 +1,13 @@ +# +# Copyright (C) ST-Ericsson SA 2010 +# Author: Martin Hovang (martin.xm.hovang@stericsson.com) +# License terms: GNU General Public License (GPL) version 2 +# + +# Trursted Execution Environment Configuration +config TEE_SUPPORT + bool "Trusted Execution Environment Support" + default y + ---help--- + This implements the Trusted Execution Environment (TEE) Client + API Specification from GlobalPlatform Device Technology. diff --git a/drivers/tee/Makefile b/drivers/tee/Makefile new file mode 100644 index 00000000000..b937eb19d72 --- /dev/null +++ b/drivers/tee/Makefile @@ -0,0 +1,8 @@ +# +# Copyright (C) ST-Ericsson SA 2010 +# Author: Martin Hovang (martin.xm.hovang@stericsson.com) +# License terms: GNU General Public License (GPL) version 2 +# + +obj-$(CONFIG_TEE_SUPPORT) += tee_service.o +obj-$(CONFIG_TEE_SUPPORT) += tee_driver.o diff --git a/drivers/tee/tee_driver.c b/drivers/tee/tee_driver.c new file mode 100644 index 00000000000..551c92cc054 --- /dev/null +++ b/drivers/tee/tee_driver.c @@ -0,0 +1,484 @@ +/* + * Copyright (C) ST-Ericsson SA 2010 + * Author: Martin Hovang + * Author: Joakim Bech + * License terms: GNU General Public License (GPL) version 2 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define TEED_NAME "tee" + +#define TEED_STATE_OPEN_DEV 0 +#define TEED_STATE_OPEN_SESSION 1 + +#define TEEC_MEM_INPUT 0x00000001 +#define TEEC_MEM_OUTPUT 0x00000002 + +static int tee_open(struct inode *inode, struct file *file); +static int tee_release(struct inode *inode, struct file *file); +static int tee_read(struct file *filp, char __user *buffer, + size_t length, loff_t *offset); +static int tee_write(struct file *filp, const char __user *buffer, + size_t length, loff_t *offset); + +static inline void set_emsg(struct tee_session *ts, u32 msg) +{ + ts->err = msg; + ts->origin = TEED_ORIGIN_DRIVER; +} + +static void reset_session(struct tee_session *ts) +{ + ts->state = TEED_STATE_OPEN_DEV; + ts->err = TEED_SUCCESS; + ts->origin = TEED_ORIGIN_DRIVER; + ts->id = 0; + ts->ta = NULL; + ts->uuid = NULL; + ts->cmd = 0; + ts->driver_cmd = TEED_OPEN_SESSION; + ts->ta_size = 0; + ts->op = NULL; +} + +static int copy_ta(struct tee_session *ts, + struct tee_session *ku_buffer) +{ + ts->ta = kmalloc(ku_buffer->ta_size, GFP_KERNEL); + if (ts->ta == NULL) { + pr_err("[%s] error, out of memory (ta)\n", + __func__); + set_emsg(ts, TEED_ERROR_OUT_OF_MEMORY); + return -ENOMEM; + } + + ts->ta_size = ku_buffer->ta_size; + + memcpy(ts->ta, ku_buffer->ta, ku_buffer->ta_size); + return 0; +} + +static int copy_uuid(struct tee_session *ts, + struct tee_session *ku_buffer) +{ + ts->uuid = kmalloc(sizeof(struct tee_uuid), GFP_KERNEL); + + if (ts->uuid == NULL) { + pr_err("[%s] error, out of memory (uuid)\n", + __func__); + set_emsg(ts, TEED_ERROR_OUT_OF_MEMORY); + return -ENOMEM; + } + + memcpy(ts->uuid, ku_buffer->uuid, sizeof(struct tee_uuid)); + + return 0; +} + +static inline void free_operation(struct tee_session *ts) +{ + int i; + + for (i = 0; i < 4; ++i) { + kfree(ts->op->shm[i].buffer); + ts->op->shm[i].buffer = NULL; + } + + kfree(ts->op); + ts->op = NULL; +} + +static inline void memrefs_phys_to_virt(struct tee_session *ts) +{ + int i; + + for (i = 0; i < 4; ++i) { + if (ts->op->flags & (1 << i)) { + ts->op->shm[i].buffer = + phys_to_virt((unsigned long) + ts->op->shm[i].buffer); + } + } +} + +static int copy_memref_to_user(struct tee_operation *op, + struct tee_operation *ubuf_op, + int memref) +{ + unsigned long bytes_left; + + bytes_left = copy_to_user(ubuf_op->shm[memref].buffer, + op->shm[memref].buffer, + op->shm[memref].size); + + if (bytes_left != 0) { + pr_err("[%s] Failed to copy result to user space (%lu " + "bytes left of buffer).\n", __func__, bytes_left); + return bytes_left; + } + + bytes_left = put_user(op->shm[memref].size, &ubuf_op->shm[memref].size); + + if (bytes_left != 0) { + pr_err("[%s] Failed to copy result to user space (%lu " + "bytes left of size).\n", __func__, bytes_left); + return -EINVAL; + } + + bytes_left = put_user(op->shm[memref].flags, + &ubuf_op->shm[memref].flags); + if (bytes_left != 0) { + pr_err("[%s] Failed to copy result to user space (%lu " + "bytes left of flags).\n", __func__, bytes_left); + return -EINVAL; + } + + return 0; +} + +static int copy_memref_to_kernel(struct tee_operation *op, + struct tee_operation *kbuf_op, + int memref) +{ + /* Buffer freed in invoke_command if this function fails */ + op->shm[memref].buffer = kmalloc(kbuf_op->shm[memref].size, GFP_KERNEL); + + if (!op->shm[memref].buffer) { + pr_err("[%s] out of memory\n", __func__); + return -ENOMEM; + } + + /* + * Copy shared memory operations to a local kernel + * buffer if they are of type input. + */ + if (kbuf_op->shm[memref].flags & TEEC_MEM_INPUT) { + memcpy(op->shm[memref].buffer, + kbuf_op->shm[memref].buffer, + kbuf_op->shm[memref].size); + } + + op->shm[memref].size = kbuf_op->shm[memref].size; + op->shm[memref].flags = kbuf_op->shm[memref].flags; + + /* Secure world expects physical addresses. */ + op->shm[memref].buffer = (void *)virt_to_phys(op->shm[memref].buffer); + + return 0; +} + +static int open_tee_device(struct tee_session *ts, + struct tee_session *ku_buffer) +{ + int ret; + + if (ku_buffer->driver_cmd != TEED_OPEN_SESSION) { + set_emsg(ts, TEED_ERROR_BAD_STATE); + return -EINVAL; + } + + if (ku_buffer->ta) { + ret = copy_ta(ts, ku_buffer); + } else if (ku_buffer->uuid) { + ret = copy_uuid(ts, ku_buffer); + } else { + set_emsg(ts, TEED_ERROR_COMMUNICATION); + return -EINVAL; + } + + ts->id = 0; + ts->state = TEED_STATE_OPEN_SESSION; + return ret; +} + +static int invoke_command(struct tee_session *ts, + struct tee_session *ku_buffer, + struct tee_session __user *u_buffer) +{ + int i; + int ret = 0; + struct tee_operation *kbuf_op = + (struct tee_operation *)ku_buffer->op; + + ts->op = kmalloc(sizeof(struct tee_operation), GFP_KERNEL); + + if (!ts->op) { + if (ts->op == NULL) { + pr_err("[%s] error, out of memory " + "(op)\n", __func__); + set_emsg(ts, TEED_ERROR_OUT_OF_MEMORY); + ret = -ENOMEM; + goto err; + } + } + + /* Copy memrefs to kernel space. */ + ts->op->flags = kbuf_op->flags; + ts->cmd = ku_buffer->cmd; + + for (i = 0; i < 4; ++i) { + /* We only want to copy memrefs in use. */ + if (kbuf_op->flags & (1 << i)) { + ret = copy_memref_to_kernel(ts->op, kbuf_op, i); + + if (ret) + goto err; + } else { + ts->op->shm[i].buffer = NULL; + ts->op->shm[i].size = 0; + ts->op->shm[i].flags = 0; + } + } + + /* To call secure world */ + if (call_sec_world(ts, TEED_INVOKE)) { + ret = -EINVAL; + goto err; + } + + /* + * Convert physical addresses back to virtual address so the + * kernel can free the buffers when closing the session. + */ + memrefs_phys_to_virt(ts); + + for (i = 0; i < 4; ++i) { + if ((kbuf_op->flags & (1 << i)) && + (kbuf_op->shm[i].flags & TEEC_MEM_OUTPUT)) { + struct tee_operation *ubuf_op = + (struct tee_operation *)u_buffer->op; + + ret = copy_memref_to_user(ts->op, ubuf_op, i); + } + } +err: + free_operation(ts); + + return ret; +} + +static int tee_open(struct inode *inode, struct file *filp) +{ + struct tee_session *ts; + + filp->private_data = kmalloc(sizeof(struct tee_session), + GFP_KERNEL); + + if (filp->private_data == NULL) + return -ENOMEM; + + ts = (struct tee_session *) (filp->private_data); + + reset_session(ts); + + ts->sync = kmalloc(sizeof(struct mutex), GFP_KERNEL); + + if (!ts->sync) + return -ENOMEM; + + mutex_init(ts->sync); + + return 0; +} + +static int tee_release(struct inode *inode, struct file *filp) +{ + struct tee_session *ts; + int i; + + ts = (struct tee_session *) (filp->private_data); + + if (ts == NULL) + goto no_ts; + + if (ts->op) { + for (i = 0; i < 4; ++i) { + kfree(ts->op->shm[i].buffer); + ts->op->shm[i].buffer = NULL; + } + } + + kfree(ts->op); + ts->op = NULL; + + kfree(ts->sync); + ts->sync = NULL; + + kfree(ts->ta); + ts->ta = NULL; + +no_ts: + kfree(filp->private_data); + filp->private_data = NULL; + + return 0; +} + +/* + * Called when a process, which already opened the dev file, attempts + * to read from it. This function gets the current status of the session. + */ +static int tee_read(struct file *filp, char __user *buffer, + size_t length, loff_t *offset) +{ + struct tee_read buf; + struct tee_session *ts; + + if (length != sizeof(struct tee_read)) { + pr_err("[%s] error, incorrect input length\n", + __func__); + return -EINVAL; + } + + ts = (struct tee_session *) (filp->private_data); + + if (ts == NULL || ts->sync == NULL) { + pr_err("[%s] error, private_data not " + "initialized\n", __func__); + return -EINVAL; + } + + mutex_lock(ts->sync); + + buf.err = ts->err; + buf.origin = ts->origin; + + mutex_unlock(ts->sync); + + if (copy_to_user(buffer, &buf, length)) { + pr_err("[%s] error, copy_to_user failed!\n", + __func__); + return -EINVAL; + } + + return length; +} + +/* + * Called when a process writes to a dev file + */ +static int tee_write(struct file *filp, const char __user *buffer, + size_t length, loff_t *offset) +{ + struct tee_session ku_buffer; + struct tee_session *ts; + int ret = length; + + if (length != sizeof(struct tee_session)) { + pr_err("[%s] error, incorrect input length\n", + __func__); + return -EINVAL; + } + + if (copy_from_user(&ku_buffer, buffer, length)) { + pr_err("[%s] error, tee_session " + "copy_from_user failed\n", __func__); + return -EINVAL; + } + + ts = (struct tee_session *) (filp->private_data); + + if (ts == NULL || ts->sync == NULL) { + pr_err("[%s] error, private_data not " + "initialized\n", __func__); + return -EINVAL; + } + + mutex_lock(ts->sync); + + switch (ts->state) { + case TEED_STATE_OPEN_DEV: + ret = open_tee_device(ts, &ku_buffer); + break; + + case TEED_STATE_OPEN_SESSION: + switch (ku_buffer.driver_cmd) { + case TEED_INVOKE: + ret = invoke_command(ts, &ku_buffer, + (struct tee_session *)buffer); + break; + + case TEED_CLOSE_SESSION: + /* no caching implemented yet... */ + if (call_sec_world(ts, TEED_CLOSE_SESSION)) + ret = -EINVAL; + + kfree(ts->ta); + ts->ta = NULL; + + reset_session(ts); + break; + + default: + set_emsg(ts, TEED_ERROR_BAD_PARAMETERS); + ret = -EINVAL; + } + break; + default: + pr_err("[%s] unknown state\n", __func__); + set_emsg(ts, TEED_ERROR_BAD_STATE); + ret = -EINVAL; + } + + /* + * We expect that ret has value zero when reaching the end here. + * If it has any other value some error must have occured. + */ + if (!ret) + ret = length; + else + ret = -EINVAL; + + mutex_unlock(ts->sync); + + return ret; +} + +static const struct file_operations tee_fops = { + .owner = THIS_MODULE, + .read = tee_read, + .write = tee_write, + .open = tee_open, + .release = tee_release, +}; + +static struct miscdevice tee_dev = { + MISC_DYNAMIC_MINOR, + TEED_NAME, + &tee_fops +}; + +static int __init tee_init(void) +{ + int err = 0; + + err = misc_register(&tee_dev); + + if (err) { + pr_err("[%s] error %d adding character device " + "TEE\n", __func__, err); + } + + return err; +} + +static void __exit tee_exit(void) +{ + misc_deregister(&tee_dev); +} + +module_init(tee_init); +module_exit(tee_exit); + +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_DESCRIPTION("Trusted Execution Enviroment driver"); diff --git a/drivers/tee/tee_service.c b/drivers/tee/tee_service.c new file mode 100644 index 00000000000..b01e9d0ac39 --- /dev/null +++ b/drivers/tee/tee_service.c @@ -0,0 +1,17 @@ +/* + * TEE service to handle the calls to trusted applications. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Joakim Bech + * License terms: GNU General Public License (GPL) version 2 + */ +#include +#include +#include + +int __weak call_sec_world(struct tee_session *ts, int sec_cmd) +{ + pr_info("[%s] Generic call_sec_world called!\n", __func__); + + return 0; +} diff --git a/include/linux/tee.h b/include/linux/tee.h new file mode 100644 index 00000000000..0cdec2d254a --- /dev/null +++ b/include/linux/tee.h @@ -0,0 +1,143 @@ +/* + * Trusted Execution Environment (TEE) interface for TrustZone enabled ARM CPUs. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Shujuan Chen + * Author: Martin Hovang + * License terms: GNU General Public License (GPL) version 2 + */ + +#ifndef TEE_H +#define TEE_H + +/* tee_cmd id values */ +#define TEED_OPEN_SESSION 0x00000000U +#define TEED_CLOSE_SESSION 0x00000001U +#define TEED_INVOKE 0x00000002U + +/* tee_retval id values */ +#define TEED_SUCCESS 0x00000000U +#define TEED_ERROR_GENERIC 0xFFFF0000U +#define TEED_ERROR_ACCESS_DENIED 0xFFFF0001U +#define TEED_ERROR_CANCEL 0xFFFF0002U +#define TEED_ERROR_ACCESS_CONFLICT 0xFFFF0003U +#define TEED_ERROR_EXCESS_DATA 0xFFFF0004U +#define TEED_ERROR_BAD_FORMAT 0xFFFF0005U +#define TEED_ERROR_BAD_PARAMETERS 0xFFFF0006U +#define TEED_ERROR_BAD_STATE 0xFFFF0007U +#define TEED_ERROR_ITEM_NOT_FOUND 0xFFFF0008U +#define TEED_ERROR_NOT_IMPLEMENTED 0xFFFF0009U +#define TEED_ERROR_NOT_SUPPORTED 0xFFFF000AU +#define TEED_ERROR_NO_DATA 0xFFFF000BU +#define TEED_ERROR_OUT_OF_MEMORY 0xFFFF000CU +#define TEED_ERROR_BUSY 0xFFFF000DU +#define TEED_ERROR_COMMUNICATION 0xFFFF000EU +#define TEED_ERROR_SECURITY 0xFFFF000FU +#define TEED_ERROR_SHORT_BUFFER 0xFFFF0010U + +/* TEE origin codes */ +#define TEED_ORIGIN_DRIVER 0x00000002U +#define TEED_ORIGIN_TEE 0x00000003U +#define TEED_ORIGIN_TEE_APPLICATION 0x00000004U + +#define TEE_UUID_CLOCK_SIZE 8 + +#define TEEC_CONFIG_PAYLOAD_REF_COUNT 4 + +/** + * struct tee_uuid - Structure that represent an uuid. + * @timeLow: The low field of the time stamp. + * @timeMid: The middle field of the time stamp. + * @timeHiAndVersion: The high field of the timestamp multiplexed + * with the version number. + * @clockSeqAndNode: The clock sequence and the node. + * + * This structure have different naming (camel case) to comply with Global + * Platforms TEE Client API spec. This type is defined in RFC4122. + */ +struct tee_uuid { + uint32_t timeLow; + uint16_t timeMid; + uint16_t timeHiAndVersion; + uint8_t clockSeqAndNode[TEE_UUID_CLOCK_SIZE]; +}; + +/** + * struct tee_sharedmemory - Shared memory block for TEE. + * @buffer: The in/out data to TEE. + * @size: The size of the data. + * @flags: Variable telling whether it is a in, out or in/out parameter. + */ +struct tee_sharedmemory { + void *buffer; + size_t size; + uint32_t flags; +}; + +/** + * struct tee_operation - Payload for sessions or invoke operation. + * @shm: Array containing the shared memory buffers. + * @flags: Tells which if memory buffers that are in use. + */ +struct tee_operation { + struct tee_sharedmemory shm[TEEC_CONFIG_PAYLOAD_REF_COUNT]; + uint32_t flags; +}; + +/** + * struct tee_session - The session of an open tee device. + * @state: The current state in the linux kernel. + * @err: Error code (as in Global Platform TEE Client API spec) + * @origin: Origin for the error code (also from spec). + * @id: Implementation defined type, 0 if not used. + * @ta: The trusted application. + * @uuid: The uuid for the trusted application. + * @cmd: The command to be executed in the trusted application. + * @driver_cmd: The command type in the driver. This is used from a client (user + * space to tell the Linux kernel whether it's a open-, + * close-session or if it is an invoke command. + * @ta_size: The size of the trusted application. + * @op: The payload for the trusted application. + * @sync: Mutex to handle multiple use of clients. + * + * This structure is mainly used in the Linux kernel as a session context for + * ongoing operations. Other than that it is also used in the communication with + * the user space. + */ +struct tee_session { + uint32_t state; + uint32_t err; + uint32_t origin; + uint32_t id; + void *ta; + struct tee_uuid *uuid; + unsigned int cmd; + unsigned int driver_cmd; + unsigned int ta_size; + struct tee_operation *op; + struct mutex *sync; +}; + +/** + * struct tee_read - Contains the error message and the origin. + * @err: Error code (as in Global Platform TEE Client API spec) + * @origin: Origin for the error code (also from spec). + * + * This is used by user space when a user space application wants to get more + * information about an error. + */ +struct tee_read { + unsigned int err; /* return value */ + unsigned int origin; /* error origin */ +}; + +/** + * Function that handles the function calls to trusted applications. + * @param ts: The session of a operation to be executed. + * @param sec_cmd: The type of command to be executed, open-, close-session, + * invoke command. + */ +int call_sec_world(struct tee_session *ts, int sec_cmd); + +#endif -- cgit v1.2.3