Commit | Line | Data |
---|---|---|
6fa3eb70 S |
1 | /****************************************************************************** |
2 | * INCLUDE LIBRARY | |
3 | ******************************************************************************/ | |
4 | ||
5 | /****************************************************************************** | |
6 | * INCLUDE LINUX HEADER | |
7 | ******************************************************************************/ | |
8 | #include <linux/module.h> | |
9 | #include <asm/uaccess.h> | |
10 | #include <linux/ioctl.h> | |
11 | ||
12 | /****************************************************************************** | |
13 | * INCLUDE LIBRARY | |
14 | ******************************************************************************/ | |
15 | #include <mach/mt_sec_hal.h> | |
16 | #include "sec_boot_lib.h" | |
17 | #include "masp_version.h" | |
18 | #include "sec_ioctl.h" | |
19 | #include "sec_osal_light.h" | |
20 | #include "sec_nvram.h" | |
21 | ||
22 | #define MOD "ASF" | |
23 | #define HEVC_BLK_LEN 20480 | |
24 | ||
25 | #define CI_BLK_SIZE 16 | |
26 | #define CI_BLK_ALIGN(len) ( ((len)+CI_BLK_SIZE-1) & ~(CI_BLK_SIZE-1) ) | |
27 | ||
28 | /************************************************************************** | |
29 | * GLOBAL VARIABLES | |
30 | **************************************************************************/ | |
31 | typedef struct | |
32 | { | |
33 | unsigned char buf[HEVC_BLK_LEN]; | |
34 | unsigned int len; | |
35 | } HEVC_BLK; | |
36 | HEVC_BLK hevc_blk; | |
37 | ||
38 | ||
39 | /************************************************************************** | |
40 | * EXTERNAL VARIABLE | |
41 | **************************************************************************/ | |
42 | extern MtdPart mtd_part_map[]; | |
43 | extern bool bMsg; | |
44 | extern struct semaphore hacc_sem; | |
45 | ||
46 | /************************************************************************** | |
47 | * EXTERNAL FUNCTION | |
48 | **************************************************************************/ | |
49 | extern int sec_get_random_id(unsigned int *rid); | |
50 | extern void sec_update_lks(unsigned char tr, unsigned char dn, unsigned char fb_ulk); | |
51 | extern void sec_core_init (void); | |
52 | ||
53 | static uint lks = 2;//if sec is not enabled, this param will not be updated | |
54 | module_param(lks, uint, S_IRUSR/*|S_IWUSR|S_IWGRP*/|S_IRGRP|S_IROTH); /* r--r--r-- */ | |
55 | MODULE_PARM_DESC(lks, "A device lks parameter under sysfs (0=NL, 1=L, 2=NA)"); | |
56 | ||
57 | void sec_update_lks(unsigned char tr, unsigned char dn, unsigned char fb_ulk) | |
58 | { | |
59 | if(fb_ulk)//FB | |
60 | { | |
61 | lks = 0; | |
62 | } | |
63 | else if(sec_schip_enabled())//SC | |
64 | { | |
65 | lks = 1; | |
66 | } | |
67 | else if(!sec_boot_enabled())//NSC | |
68 | { | |
69 | lks = 0; | |
70 | } | |
71 | else if(0 == tr && 2 == dn)//SWSEC | |
72 | { | |
73 | lks = 0; | |
74 | } | |
75 | else//SWSEC | |
76 | { | |
77 | lks = 1; | |
78 | } | |
79 | } | |
80 | ||
81 | //extern void osal_msleep(unsigned int msec); | |
82 | ||
83 | /************************************************************************** | |
84 | * SEC DRIVER IOCTL | |
85 | **************************************************************************/ | |
86 | long sec_core_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |
87 | { | |
88 | int err = 0; | |
89 | int ret = 0; | |
90 | unsigned int cipher_len = 0; | |
91 | unsigned int rid[4]; | |
92 | unsigned char part_name[16]; | |
93 | META_CONTEXT meta_ctx; | |
94 | int status = 0; | |
95 | ||
96 | /* ---------------------------------- */ | |
97 | /* IOCTL */ | |
98 | /* ---------------------------------- */ | |
99 | ||
100 | if (_IOC_TYPE(cmd) != SEC_IOC_MAGIC) | |
101 | return -ENOTTY; | |
102 | if (_IOC_NR(cmd) > SEC_IOC_MAXNR) | |
103 | return -ENOTTY; | |
104 | if (_IOC_DIR(cmd) & _IOC_READ) | |
105 | err = !access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd)); | |
106 | if (_IOC_DIR(cmd) & _IOC_WRITE) | |
107 | err = !access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd)); | |
108 | if (err) return -EFAULT; | |
109 | ||
110 | switch (cmd) { | |
111 | ||
112 | /* ---------------------------------- */ | |
113 | /* get random id */ | |
114 | /* ---------------------------------- */ | |
115 | case SEC_GET_RANDOM_ID: | |
116 | SMSG(bMsg,"[%s] CMD - SEC_GET_RANDOM_ID\n",MOD); | |
117 | sec_get_random_id(&rid[0]); | |
118 | ret = osal_copy_to_user((void __user *)arg, (void *)&rid[0], sizeof(unsigned int) * 4); | |
119 | break; | |
120 | ||
121 | /* ---------------------------------- */ | |
122 | /* init boot info */ | |
123 | /* ---------------------------------- */ | |
124 | case SEC_BOOT_INIT: | |
125 | SMSG(bMsg,"[%s] CMD - SEC_BOOT_INIT\n",MOD); | |
126 | ret = masp_boot_init(); | |
127 | sec_core_init(); | |
128 | ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int)); | |
129 | break; | |
130 | ||
131 | ||
132 | /* ---------------------------------- */ | |
133 | /* check if secure boot is enbaled */ | |
134 | /* ---------------------------------- */ | |
135 | case SEC_BOOT_IS_ENABLED: | |
136 | SMSG(bMsg,"[%s] CMD - SEC_BOOT_IS_ENABLED\n",MOD); | |
137 | ret = sec_boot_enabled(); | |
138 | ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int)); | |
139 | break; | |
140 | ||
141 | /* ---------------------------------- */ | |
142 | /* encrypt sec cfg */ | |
143 | /* ---------------------------------- */ | |
144 | case SEC_SECCFG_ENCRYPT: | |
145 | SMSG(bMsg,"[%s] CMD - SEC_SECCFG_ENCRYPT\n",MOD); | |
146 | if(copy_from_user((void *)&seccfg, (void __user *)arg, sizeof(SECCFG_U))) | |
147 | { | |
148 | return -EFAULT; | |
149 | } | |
150 | ||
151 | /* specify encrpytion length */ | |
152 | SMSG(true,"[%s] SECCFG v%d\n",MOD,get_seccfg_ver()); | |
153 | if (SEC_CFG_END_PATTERN == seccfg.v1.end_pattern) | |
154 | { | |
155 | if((SECCFG_V1 != get_seccfg_ver()) && (SECCFG_V1_2 != get_seccfg_ver())) | |
156 | { | |
157 | SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD,get_seccfg_ver()); | |
158 | SEC_ASSERT(0); | |
159 | } | |
160 | ||
161 | cipher_len = get_seccfg_cipher_len(); | |
162 | sec_update_lks(seccfg.v1.sw_sec_lock_try, seccfg.v1.sw_sec_lock_done, seccfg.v1.attr == ATTR_DISABLE_IMG_CHECK); | |
163 | masp_hal_sp_hacc_enc((unsigned char*)&seccfg.v1.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE); | |
164 | } | |
165 | else if (SEC_CFG_END_PATTERN == seccfg.v3.end_pattern) | |
166 | { | |
167 | if(SECCFG_V3 != get_seccfg_ver()) | |
168 | { | |
169 | SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD,get_seccfg_ver()); | |
170 | SEC_ASSERT(0); | |
171 | } | |
172 | ||
173 | cipher_len = get_seccfg_cipher_len(); | |
174 | sec_update_lks(seccfg.v3.sw_sec_lock_try, seccfg.v3.sw_sec_lock_done, seccfg.v3.seccfg_attr == ATTR_DISABLE_IMG_CHECK); | |
175 | masp_hal_sp_hacc_enc((unsigned char*)&seccfg.v3.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE); | |
176 | } | |
177 | else | |
178 | { | |
179 | SMSG(true,"[%s] wrong seccfg version v%d\n",MOD,seccfg.v3.seccfg_ver) | |
180 | SEC_ASSERT(0); | |
181 | } | |
182 | ||
183 | ret = osal_copy_to_user((void __user *)arg, (void *)&seccfg, sizeof(SECCFG_U)); | |
184 | break; | |
185 | ||
186 | /* ---------------------------------- */ | |
187 | /* decrypt sec cfg */ | |
188 | /* ---------------------------------- */ | |
189 | case SEC_SECCFG_DECRYPT: | |
190 | SMSG(bMsg,"[%s] CMD - SEC_SECCFG_DECRYPT\n",MOD); | |
191 | if(copy_from_user((void *)&seccfg, (void __user *)arg, sizeof(SECCFG_U))) | |
192 | { | |
193 | return -EFAULT; | |
194 | } | |
195 | ||
196 | /* specify decrpytion length */ | |
197 | if (SEC_CFG_END_PATTERN == seccfg.v1.end_pattern) | |
198 | { | |
199 | /* seccfg version should be corrected by caller */ | |
200 | set_seccfg_ver(SECCFG_V1); | |
201 | cipher_len = get_seccfg_cipher_len(); | |
202 | masp_hal_sp_hacc_dec((unsigned char*)&seccfg.v1.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE); | |
203 | sec_update_lks(seccfg.v1.sw_sec_lock_try, seccfg.v1.sw_sec_lock_done, seccfg.v1.attr == ATTR_DISABLE_IMG_CHECK); | |
204 | } | |
205 | else if (SEC_CFG_END_PATTERN == seccfg.v3.end_pattern) | |
206 | { | |
207 | /* seccfg version should be corrected by caller */ | |
208 | set_seccfg_ver(SECCFG_V3); | |
209 | cipher_len = get_seccfg_cipher_len(); | |
210 | masp_hal_sp_hacc_dec((unsigned char*)&seccfg.v3.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE); | |
211 | sec_update_lks(seccfg.v3.sw_sec_lock_try, seccfg.v3.sw_sec_lock_done, seccfg.v3.seccfg_attr == ATTR_DISABLE_IMG_CHECK); | |
212 | } | |
213 | else | |
214 | { | |
215 | SMSG(true,"[%s] wrong seccfg version v%d\n",MOD,seccfg.v3.seccfg_ver) | |
216 | SEC_ASSERT(0); | |
217 | } | |
218 | ||
219 | SMSG(bMsg,"[%s] SECCFG v%d\n",MOD,get_seccfg_ver()); | |
220 | ||
221 | ret = osal_copy_to_user((void __user *)arg, (void *)&seccfg, sizeof(SECCFG_U)); | |
222 | break; | |
223 | ||
224 | /* ---------------------------------- */ | |
225 | /* NVRAM HW encryption */ | |
226 | /* ---------------------------------- */ | |
227 | case SEC_NVRAM_HW_ENCRYPT: | |
228 | SMSG(bMsg,"[%s] CMD - SEC_NVRAM_HW_ENCRYPT\n",MOD); | |
229 | if(osal_copy_from_user((void *)&meta_ctx, (void __user *)arg, sizeof(meta_ctx))) | |
230 | { | |
231 | return -EFAULT; | |
232 | } | |
233 | ||
234 | /* TODO : double check if META register is correct ? */ | |
235 | masp_hal_sp_hacc_enc((unsigned char*)&(meta_ctx.data),NVRAM_CIPHER_LEN,TRUE,HACC_USER2,FALSE); | |
236 | meta_ctx.ret = SEC_OK; | |
237 | ||
238 | ret = osal_copy_to_user((void __user *)arg, (void *)&meta_ctx, sizeof(meta_ctx)); | |
239 | break; | |
240 | ||
241 | /* ---------------------------------- */ | |
242 | /* NVRAM HW decryption */ | |
243 | /* ---------------------------------- */ | |
244 | case SEC_NVRAM_HW_DECRYPT: | |
245 | SMSG(bMsg,"[%s] CMD - SEC_NVRAM_HW_DECRYPT\n",MOD); | |
246 | if(osal_copy_from_user((void *)&meta_ctx, (void __user *)arg, sizeof(meta_ctx))) | |
247 | { | |
248 | return -EFAULT; | |
249 | } | |
250 | ||
251 | masp_hal_sp_hacc_dec((unsigned char*)&(meta_ctx.data),NVRAM_CIPHER_LEN,TRUE,HACC_USER2,FALSE); | |
252 | meta_ctx.ret = SEC_OK; | |
253 | ret = osal_copy_to_user((void __user *)arg, (void *)&meta_ctx, sizeof(meta_ctx)); | |
254 | break; | |
255 | ||
256 | /* ---------------------------------- */ | |
257 | /* HEVC EOP */ | |
258 | /* ---------------------------------- */ | |
259 | case SEC_HEVC_EOP: | |
260 | SMSG(TRUE,"[%s] CMD - SEC_HEVC_EOP\n",MOD); | |
261 | if(osal_copy_from_user((void *)(&hevc_blk), (void __user *)arg, sizeof(HEVC_BLK))) | |
262 | { | |
263 | return -EFAULT; | |
264 | } | |
4b9e9796 S |
265 | |
266 | if (hevc_blk.len > HEVC_BLK_LEN) { | |
267 | SMSG(TRUE, "[%s] eop block size is too large!", MOD); | |
268 | return -EFAULT; | |
269 | } | |
270 | ||
6fa3eb70 S |
271 | if ((hevc_blk.len % CI_BLK_SIZE) == 0) |
272 | { | |
273 | cipher_len = hevc_blk.len; | |
274 | } | |
275 | else if ((hevc_blk.len % CI_BLK_SIZE) > 0) | |
276 | { | |
277 | cipher_len = CI_BLK_ALIGN(hevc_blk.len)-CI_BLK_SIZE; | |
278 | if (cipher_len == 0 ){ | |
279 | SMSG(TRUE,"[%s] less than one ci_blk, no need to do eop",MOD); | |
280 | break; | |
281 | } | |
282 | } | |
283 | masp_hal_sp_hacc_enc((unsigned char*)(&hevc_blk.buf),cipher_len,TRUE,HACC_USER4,FALSE); | |
284 | ||
285 | ret = osal_copy_to_user((void __user *)arg, (void *)(&hevc_blk), sizeof(HEVC_BLK)); | |
286 | break; | |
287 | ||
288 | /* ---------------------------------- */ | |
289 | /* HEVC DOP */ | |
290 | /* ---------------------------------- */ | |
291 | case SEC_HEVC_DOP: | |
292 | SMSG(TRUE,"[%s] CMD - SEC_HEVC_DOP\n",MOD); | |
293 | if(osal_copy_from_user((void *)(&hevc_blk), (void __user *)arg, sizeof(HEVC_BLK))) | |
294 | { | |
295 | return -EFAULT; | |
296 | } | |
297 | ||
4b9e9796 S |
298 | if (hevc_blk.len > HEVC_BLK_LEN) { |
299 | SMSG(TRUE, "[%s] dop block size is too large!", MOD); | |
300 | return -EFAULT; | |
301 | } | |
302 | ||
6fa3eb70 S |
303 | if ((hevc_blk.len % CI_BLK_SIZE) == 0) |
304 | { | |
305 | cipher_len = hevc_blk.len; | |
306 | } | |
307 | else if ((hevc_blk.len % CI_BLK_SIZE) > 0) | |
308 | { | |
309 | cipher_len = CI_BLK_ALIGN(hevc_blk.len)-CI_BLK_SIZE; | |
310 | if (cipher_len == 0 ){ | |
311 | SMSG(TRUE,"[%s] less than one ci_blk, no need to do dop",MOD); | |
312 | break; | |
313 | } | |
314 | } | |
315 | ||
316 | masp_hal_sp_hacc_dec((unsigned char*)(&hevc_blk.buf),cipher_len,TRUE,HACC_USER4,FALSE); | |
317 | ||
318 | ret = osal_copy_to_user((void __user *)arg, (void *)(&hevc_blk), sizeof(HEVC_BLK)); | |
319 | break; | |
320 | ||
321 | /* ---------------------------------- */ | |
322 | /* check if secure usbdl is enbaled */ | |
323 | /* ---------------------------------- */ | |
324 | case SEC_USBDL_IS_ENABLED: | |
325 | SMSG(bMsg,"[%s] CMD - SEC_USBDL_IS_ENABLED\n",MOD); | |
326 | ret = sec_usbdl_enabled(); | |
327 | ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int)); | |
328 | break; | |
329 | ||
330 | /* ---------------------------------- */ | |
331 | /* configure HACC HW (include SW KEY) */ | |
332 | /* ---------------------------------- */ | |
333 | case SEC_HACC_CONFIG: | |
334 | SMSG(bMsg,"[%s] CMD - SEC_HACC_CONFIG\n",MOD); | |
335 | ret = sec_boot_hacc_init(); | |
336 | ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int)); | |
337 | break; | |
338 | ||
339 | /* ---------------------------------- */ | |
340 | /* enable HACC HW clock */ | |
341 | /* ---------------------------------- */ | |
342 | case SEC_HACC_ENABLE_CLK: | |
343 | SMSG(bMsg,"[%s] CMD - SEC_HACC_ENABLE_CLK\n",MOD); | |
344 | ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int)); | |
345 | break; | |
346 | ||
347 | /* ---------------------------------- */ | |
348 | /* lock hacc function */ | |
349 | /* ---------------------------------- */ | |
350 | case SEC_HACC_LOCK: | |
351 | ||
352 | SMSG(bMsg,"[%s] CMD - SEC_HACC_LOCK\n",MOD); | |
353 | SMSG(bMsg,"[%s] lock\n",MOD); | |
354 | ||
355 | /* If the semaphore is successfully acquired, this function returns 0.*/ | |
356 | ret = osal_hacc_lock(); | |
357 | ||
358 | if(ret) | |
359 | { | |
360 | SMSG(true,"[%s] ERESTARTSYS\n",MOD); | |
361 | return -ERESTARTSYS; | |
362 | } | |
363 | ||
364 | return ret; | |
365 | ||
366 | /* ---------------------------------- */ | |
367 | /* unlock hacc function */ | |
368 | /* ---------------------------------- */ | |
369 | case SEC_HACC_UNLOCK: | |
370 | ||
371 | SMSG(bMsg,"[%s] CMD - SEC_HACC_UNLOCK\n",MOD); | |
372 | SMSG(bMsg,"[%s] unlock\n",MOD); | |
373 | ||
374 | osal_hacc_unlock(); | |
375 | ||
376 | break; | |
377 | ||
378 | /* ---------------------------------- */ | |
379 | /* check if secure boot check enabled */ | |
380 | /* ---------------------------------- */ | |
381 | case SEC_BOOT_PART_CHECK_ENABLE: | |
382 | SMSG(bMsg,"[%s] CMD -SEC_BOOT_PART_CHECK_ENABLE\n",MOD); | |
383 | if(copy_from_user((void *)part_name, (void __user *)arg, sizeof(part_name))) | |
384 | { | |
385 | return -EFAULT; | |
386 | } | |
387 | ret = sec_boot_check_part_enabled (part_name); | |
388 | SMSG(bMsg,"[%s] result '0x%x'\n",MOD,ret); | |
389 | return ret; | |
390 | ||
391 | /* ---------------------------------- */ | |
392 | /* notify mark incomplete */ | |
393 | /* ---------------------------------- */ | |
394 | case SEC_BOOT_NOTIFY_MARK_STATUS: | |
395 | SMSG(true,"[%s] mark status\n",MOD); | |
396 | /* may do some post process here ... */ | |
397 | break; | |
398 | ||
399 | /* ---------------------------------- */ | |
400 | /* notify check pass */ | |
401 | /* ---------------------------------- */ | |
402 | case SEC_BOOT_NOTIFY_PASS: | |
403 | SMSG(true,"[%s] sbchk pass\n",MOD); | |
404 | SMSG(true,"[%s] sbchk pass\n",MOD); | |
405 | SMSG(true,"[%s] sbchk pass\n",MOD); | |
406 | SMSG(true,"[%s] sbchk pass\n",MOD); | |
407 | SMSG(true,"[%s] sbchk pass\n",MOD); | |
408 | /* may do some post process here ... */ | |
409 | break; | |
410 | ||
411 | /* ---------------------------------- */ | |
412 | /* notify check fail */ | |
413 | /* ---------------------------------- */ | |
414 | case SEC_BOOT_NOTIFY_FAIL: | |
415 | if(osal_copy_from_user((void *)part_name, (void __user *)arg, sizeof(part_name))) | |
416 | { | |
417 | return -EFAULT; | |
418 | } | |
419 | ||
420 | SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name); | |
421 | SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name); | |
422 | SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name); | |
423 | SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name); | |
424 | SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name); | |
425 | osal_msleep(3000); | |
426 | /* punishment ... */ | |
427 | SEC_ASSERT(0); | |
428 | break; | |
429 | ||
430 | /* ---------------------------------- */ | |
431 | /* notify recovery mode done */ | |
432 | /* ---------------------------------- */ | |
433 | case SEC_BOOT_NOTIFY_RMSDUP_DONE: | |
434 | SMSG(true,"[%s] recovery mode done\n",MOD); | |
435 | /* may do some post process here ... */ | |
436 | break; | |
437 | ||
438 | /* ---------------------------------- */ | |
439 | /* read rom info */ | |
440 | /* ---------------------------------- */ | |
441 | case SEC_READ_ROM_INFO: | |
442 | SMSG(bMsg,"[%s] read rom info\n",MOD); | |
443 | ret = osal_copy_to_user((void __user *)arg, (void *)&rom_info, sizeof(AND_ROMINFO_T)); | |
444 | break; | |
445 | ||
446 | ||
447 | /* ---------------------------------- */ | |
448 | /* notify check status */ | |
449 | /* ---------------------------------- */ | |
450 | case SEC_BOOT_NOTIFY_STATUS: | |
451 | ret = osal_copy_from_user((void *)&status, (void __user *)arg, sizeof(int)); | |
452 | SMSG(true,"[%s] sbchk status : '0x%x' \n",MOD,status); | |
453 | break; | |
454 | } | |
455 | ||
456 | return 0; | |
457 | } | |
458 | ||
459 | /************************************************************************** | |
460 | * SEC DRIVER INIT | |
461 | **************************************************************************/ | |
462 | void sec_core_init (void) | |
463 | { | |
464 | SMSG(true,"[%s] version '%s%s', enter.\n",MOD,BUILD_TIME,BUILD_BRANCH); | |
465 | ||
466 | /* ---------------------------------- */ | |
467 | /* disable key init in kerne module */ | |
468 | /* ---------------------------------- */ | |
469 | sec_info.bKeyInitDis = TRUE; | |
470 | } | |
471 | ||
472 | /************************************************************************** | |
473 | * SEC DRIVER EXIT | |
474 | **************************************************************************/ | |
475 | void sec_core_exit (void) | |
476 | { | |
477 | SMSG(true,"[%s] version '%s%s', exit.\n",MOD,BUILD_TIME,BUILD_BRANCH); | |
478 | } | |
479 |