diff options
author | Philippe Langlais <philippe.langlais@stericsson.com> | 2011-12-06 11:59:01 +0100 |
---|---|---|
committer | Philippe Langlais <philippe.langlais@stericsson.com> | 2011-12-06 11:59:01 +0100 |
commit | 1d7b293daecc09ec904bc4fc43db8ce7e57250c8 (patch) | |
tree | 9dfb85c4d460a3b2115bbd62deab4243057f659d /include | |
parent | 388a5d7f47d788dd6ce9689d47b2cfa2f2e7f667 (diff) | |
parent | 9806aa5131528610f004d64caebe1d37d032ce62 (diff) |
Merge branch 'security' into linux-stable-ux500-3.1
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/tee.h | 312 |
1 files changed, 312 insertions, 0 deletions
diff --git a/include/linux/tee.h b/include/linux/tee.h new file mode 100644 index 00000000000..8b71224ac77 --- /dev/null +++ b/include/linux/tee.h @@ -0,0 +1,312 @@ +/* + * Trusted Execution Environment (TEE) interface for TrustZone enabled ARM CPUs. + * + * Copyright (C) ST-Ericsson SA 2010 + * Author: Shujuan Chen <shujuan.chen@stericsson.com> + * Author: Martin Hovang <martin.xm.hovang@stericsson.com> + * Author: Joakim Bech <joakim.xx.bech@stericsson.com> + * License terms: GNU General Public License (GPL) version 2 + */ + +#ifndef TEE_H +#define TEE_H + +/* tee_cmd id values */ +#define TEED_OPEN_SESSION 0x00000000U +#define TEED_CLOSE_SESSION 0x00000001U +#define TEED_INVOKE 0x00000002U + +/* tee_retval id values */ +#define TEED_SUCCESS 0x00000000U +#define TEED_ERROR_GENERIC 0xFFFF0000U +#define TEED_ERROR_ACCESS_DENIED 0xFFFF0001U +#define TEED_ERROR_CANCEL 0xFFFF0002U +#define TEED_ERROR_ACCESS_CONFLICT 0xFFFF0003U +#define TEED_ERROR_EXCESS_DATA 0xFFFF0004U +#define TEED_ERROR_BAD_FORMAT 0xFFFF0005U +#define TEED_ERROR_BAD_PARAMETERS 0xFFFF0006U +#define TEED_ERROR_BAD_STATE 0xFFFF0007U +#define TEED_ERROR_ITEM_NOT_FOUND 0xFFFF0008U +#define TEED_ERROR_NOT_IMPLEMENTED 0xFFFF0009U +#define TEED_ERROR_NOT_SUPPORTED 0xFFFF000AU +#define TEED_ERROR_NO_DATA 0xFFFF000BU +#define TEED_ERROR_OUT_OF_MEMORY 0xFFFF000CU +#define TEED_ERROR_BUSY 0xFFFF000DU +#define TEED_ERROR_COMMUNICATION 0xFFFF000EU +#define TEED_ERROR_SECURITY 0xFFFF000FU +#define TEED_ERROR_SHORT_BUFFER 0xFFFF0010U + +/* TEE origin codes */ +#define TEED_ORIGIN_DRIVER 0x00000002U +#define TEED_ORIGIN_TEE 0x00000003U +#define TEED_ORIGIN_TEE_APPLICATION 0x00000004U + +#define TEE_UUID_CLOCK_SIZE 8 + +#define TEEC_CONFIG_PAYLOAD_REF_COUNT 4 + +/* + * Flag constants indicating which of the memory references in an open session + * or invoke command operation payload (TEEC_Operation) that are used. + */ +#define TEEC_MEMREF_0_USED 0x00000001 +#define TEEC_MEMREF_1_USED 0x00000002 +#define TEEC_MEMREF_2_USED 0x00000004 +#define TEEC_MEMREF_3_USED 0x00000008 + +/* + * Flag constants indicating the data transfer direction of memory in + * TEEC_SharedMemory and TEEC_MemoryReference. TEEC_MEM_INPUT signifies data + * transfer direction from the client application to the TEE. TEEC_MEM_OUTPUT + * signifies data transfer direction from the TEE to the client application. + */ +#define TEEC_MEM_INPUT 0x00000001 +#define TEEC_MEM_OUTPUT 0x00000002 + +/* + * Session login methods, for use in TEEC_OpenSession() as parameter + * connectionMethod. Type is t_uint32. + * + * TEEC_LOGIN_PUBLIC No login data is provided. + */ +#define TEEC_LOGIN_PUBLIC 0x0 + +/* + * Exposed functions (command_id) in the static TA + */ +#define TEE_STA_GET_PRODUCT_CONFIG 10 +#define TEE_STA_SET_L2CC_PREFETCH_CTRL_REGISTER 11 + +/* Flags indicating run-time environment */ +#define TEE_RT_FLAGS_NORMAL 0x00000000 +#define TEE_RT_FLAGS_MASK_ITP_PROD 0x00000001 +#define TEE_RT_FLAGS_MODEM_DEBUG 0x00000002 +#define TEE_RT_FLAGS_RNG_REG_PUBLIC 0x00000004 +#define TEE_RT_FLAGS_JTAG_ENABLED 0x00000008 + +/* + * Product id numbers + */ +#define TEE_PRODUCT_ID_UNKNOWN 0 +#define TEE_PRODUCT_ID_8400 1 +#define TEE_PRODUCT_ID_8500 2 +#define TEE_PRODUCT_ID_9500 3 +#define TEE_PRODUCT_ID_5500 4 +#define TEE_PRODUCT_ID_7400 5 +#define TEE_PRODUCT_ID_8500C 6 + +/* Flags indicating fuses */ +#define TEE_FUSE_FLAGS_MODEM_DISABLE 0x00000001 + +/** + * struct tee_product_config - System configuration structure. + * + * @product_id: Product identification. + * @rt_flags: Runtime configuration flags. + * @fuse_flags: Fuse flags. + * + */ +struct tee_product_config { + uint32_t product_id; + uint32_t rt_flags; + uint32_t fuse_flags; +}; + +/** + * struct tee_uuid - Structure that represent an uuid. + * @timeLow: The low field of the time stamp. + * @timeMid: The middle field of the time stamp. + * @timeHiAndVersion: The high field of the timestamp multiplexed + * with the version number. + * @clockSeqAndNode: The clock sequence and the node. + * + * This structure have different naming (camel case) to comply with Global + * Platforms TEE Client API spec. This type is defined in RFC4122. + */ +struct tee_uuid { + uint32_t timeLow; + uint16_t timeMid; + uint16_t timeHiAndVersion; + uint8_t clockSeqAndNode[TEE_UUID_CLOCK_SIZE]; +}; + +/** + * struct tee_sharedmemory - Shared memory block for TEE. + * @buffer: The in/out data to TEE. + * @size: The size of the data. + * @flags: Variable telling whether it is a in, out or in/out parameter. + */ +struct tee_sharedmemory { + void *buffer; + size_t size; + uint32_t flags; +}; + +/** + * struct tee_operation - Payload for sessions or invoke operation. + * @shm: Array containing the shared memory buffers. + * @flags: Tells which if memory buffers that are in use. + */ +struct tee_operation { + struct tee_sharedmemory shm[TEEC_CONFIG_PAYLOAD_REF_COUNT]; + uint32_t flags; +}; + +struct tee_context {}; + +/** + * struct tee_session - The session of an open tee device. + * @state: The current state in the linux kernel. + * @err: Error code (as in Global Platform TEE Client API spec) + * @origin: Origin for the error code (also from spec). + * @id: Implementation defined type, 0 if not used. + * @ta: The trusted application. + * @uuid: The uuid for the trusted application. + * @cmd: The command to be executed in the trusted application. + * @driver_cmd: The command type in the driver. This is used from a client (user + * space to tell the Linux kernel whether it's a open-, + * close-session or if it is an invoke command. + * @ta_size: The size of the trusted application. + * @op: The payload for the trusted application. + * @sync: Mutex to handle multiple use of clients. + * + * This structure is mainly used in the Linux kernel as a session context for + * ongoing operations. Other than that it is also used in the communication with + * the user space. + */ +struct tee_session { + uint32_t state; + uint32_t err; + uint32_t origin; + uint32_t id; + void *ta; + struct tee_uuid *uuid; + unsigned int cmd; + unsigned int driver_cmd; + unsigned int ta_size; + struct tee_operation *op; + struct mutex *sync; +}; + +/** + * struct tee_read - Contains the error message and the origin. + * @err: Error code (as in Global Platform TEE Client API spec) + * @origin: Origin for the error code (also from spec). + * + * This is used by user space when a user space application wants to get more + * information about an error. + */ +struct tee_read { + unsigned int err; /* return value */ + unsigned int origin; /* error origin */ +}; + +/** + * Function that handles the function calls to trusted applications. + * @param ts: The session of a operation to be executed. + * @param sec_cmd: The type of command to be executed, open-, close-session, + * invoke command. + */ +int call_sec_world(struct tee_session *ts, int sec_cmd); + + +/** + * teec_initialize_context() - Initializes a context holding connection + * information on the specific TEE. + * @param name: A zero-terminated string identifying the TEE to connect to. + * If name is set to NULL, the default TEE is connected to. + * NULL is the only supported value in this version of the + * API implementation. + * @param context: The context structure which is to be initialized. + * + * Initializes a context holding connection information between the calling + * client application and the TEE designated by the name string. + */ +int teec_initialize_context(const char *name, struct tee_context *context); + +/** + * teec_finalize_context() - Destroys a context holding connection information + * on the specific TEE. + * @param context: The context to be destroyed. + * + * This function destroys an initialized TEE context, closing the connection + * between the client application and the TEE. This function must only be + * called when all sessions related to this TEE context have been closed and + * all shared memory blocks have been released. + */ +int teec_finalize_context(struct tee_context *context); + +/** + * teec_open_session() - Opens a new session with the specified trusted + * application. + * @param context: The initialized TEE context structure in which scope to + * open the session. + * @param session: The session to initialize. + * @param destination: A structure identifying the trusted application with + * which to open a session. If this is set to NULL the + * operation TEEC_MEMREF_0 is expected to contain the blob + * which holds the Trusted Application. + * @param connection_method: The connection method to use. + * @param connection_data: Any data necessary to connect with the chosen + * connection method. Not supported should be set to + * NULL. + * @param operation: An operation structure to use in the session. May be + * set to NULL to signify no operation structure needed. + * If destination is set to NULL, TEEC_MEMREF_0 is + * expected to hold the TA binary as described above. + * @param error_origin: A parameter which will hold the error origin if this + * function returns any value other than TEEC_SUCCESS. + * + * Opens a new session with the specified trusted application. Only + * connectionMethod == TEEC_LOGIN_PUBLIC is supported. connectionData and + * operation shall be set to NULL. + */ +int teec_open_session(struct tee_context *context, struct tee_session *session, + const struct tee_uuid *destination, + unsigned int connection_method, + void *connection_data, struct tee_operation *operation, + unsigned int *error_origin); + +/** + * teec_close_session() - Closes the session which has been opened with the + * specific trusted application. + * @param session: The opened session to close. + * + * Closes the session which has been opened with the specific trusted + * application. + */ +int teec_close_session(struct tee_session *session); + +/** + * teec_invoke_command() - Executes a command in the specified trusted + * application. + * @param destination: A structure identifying the trusted application. + * @param command_id: Identifier of the command in the trusted application to + * invoke. + * @param operation: An operation structure to use in the invoke command. May + * be set to NULL to signify no operation structure needed. + * @param error_origin: A parameter which will hold the error origin if this + * function returns any value other than TEEC_SUCCESS. + * + * Executes a command in the specified trusted application. + */ +int teec_invoke_command(struct tee_session *session, unsigned int command_id, + struct tee_operation *operation, + unsigned int *error_origin); + +/** + * teec_allocate_shared_memory() - Allocate shared memory for TEE. + * @param context: The initialized TEE context structure in which scope to + * open the session. + * @param shared_memory: Pointer to the allocated shared memory. + */ +int teec_allocate_shared_memory(struct tee_context *context, + struct tee_sharedmemory *shared_memory); + +/** + * teec_release_shared_memory() - Free the shared memory. + * @param shared_memory: Pointer to the shared memory to be freed. + */ +void teec_release_shared_memory(struct tee_sharedmemory *shared_memory); + +#endif |