[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / misc / mediatek / masp / asf / core / sec_mod_core.c

/******************************************************************************
 *  INCLUDE LIBRARY
 ******************************************************************************/

/******************************************************************************
 *  INCLUDE LINUX HEADER
 ******************************************************************************/
#include <linux/module.h>
#include <asm/uaccess.h>
#include <linux/ioctl.h>

/******************************************************************************
 *  INCLUDE LIBRARY
 ******************************************************************************/
#include <mach/mt_sec_hal.h>
#include "sec_boot_lib.h"
#include "masp_version.h"
#include "sec_ioctl.h"
#include "sec_osal_light.h"
#include "sec_nvram.h"

#define MOD                         "ASF"
#define HEVC_BLK_LEN                20480

#define CI_BLK_SIZE                 16
#define CI_BLK_ALIGN(len) ( ((len)+CI_BLK_SIZE-1) & ~(CI_BLK_SIZE-1) )

/**************************************************************************
 *  GLOBAL VARIABLES
 **************************************************************************/
typedef struct
{
    unsigned char buf[HEVC_BLK_LEN];
    unsigned int len;
} HEVC_BLK;
HEVC_BLK hevc_blk;


/**************************************************************************
 *  EXTERNAL VARIABLE
 **************************************************************************/
extern MtdPart                      mtd_part_map[];
extern bool                         bMsg;
extern struct semaphore             hacc_sem;

/**************************************************************************
 *  EXTERNAL FUNCTION
 **************************************************************************/
extern int sec_get_random_id(unsigned int *rid);
extern void sec_update_lks(unsigned char tr, unsigned char dn, unsigned char fb_ulk);
extern void sec_core_init (void);

static uint lks = 2;//if sec is not enabled, this param will not be updated
module_param(lks, uint, S_IRUSR/*|S_IWUSR|S_IWGRP*/|S_IRGRP|S_IROTH); /* r--r--r-- */
MODULE_PARM_DESC(lks, "A device lks parameter under sysfs (0=NL, 1=L, 2=NA)");

void sec_update_lks(unsigned char tr, unsigned char dn, unsigned char fb_ulk)
{
    if(fb_ulk)//FB
    {
        lks = 0;
    }
    else if(sec_schip_enabled())//SC
    {
        lks = 1;
    }
    else if(!sec_boot_enabled())//NSC
    {
        lks = 0;
    }
    else if(0 == tr && 2 == dn)//SWSEC
    {
        lks = 0;
    }
    else//SWSEC
    {
        lks = 1;
    }
}

//extern void osal_msleep(unsigned int msec);

/**************************************************************************
 *  SEC DRIVER IOCTL
 **************************************************************************/ 
long sec_core_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
    int err                     = 0;
    int ret                     = 0;
    unsigned int cipher_len     = 0;    
    unsigned int rid[4];
    unsigned char part_name[16];    
    META_CONTEXT meta_ctx;
    int status                  = 0;

    /* ---------------------------------- */
    /* IOCTL                              */
    /* ---------------------------------- */

    if (_IOC_TYPE(cmd) != SEC_IOC_MAGIC)
        return -ENOTTY;
    if (_IOC_NR(cmd) > SEC_IOC_MAXNR)
        return -ENOTTY;
    if (_IOC_DIR(cmd) & _IOC_READ)
        err = !access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd));
    if (_IOC_DIR(cmd) & _IOC_WRITE)
        err = !access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd));
    if (err) return -EFAULT;
    
    switch (cmd) {

        /* ---------------------------------- */
        /* get random id                      */
        /* ---------------------------------- */
        case SEC_GET_RANDOM_ID:
            SMSG(bMsg,"[%s] CMD - SEC_GET_RANDOM_ID\n",MOD);
            sec_get_random_id(&rid[0]);
            ret = osal_copy_to_user((void __user *)arg, (void *)&rid[0], sizeof(unsigned int) * 4);
            break;            

        /* ---------------------------------- */
        /* init boot info                     */
        /* ---------------------------------- */
        case SEC_BOOT_INIT:
            SMSG(bMsg,"[%s] CMD - SEC_BOOT_INIT\n",MOD);
            ret = masp_boot_init();
            sec_core_init();
            ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));            
            break;


        /* ---------------------------------- */
        /* check if secure boot is enbaled    */
        /* ---------------------------------- */
        case SEC_BOOT_IS_ENABLED:
            SMSG(bMsg,"[%s] CMD - SEC_BOOT_IS_ENABLED\n",MOD);
            ret = sec_boot_enabled();
            ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));            
            break;

        /* ---------------------------------- */
        /* encrypt sec cfg                    */
        /* ---------------------------------- */
        case SEC_SECCFG_ENCRYPT:
            SMSG(bMsg,"[%s] CMD - SEC_SECCFG_ENCRYPT\n",MOD);   
            if(copy_from_user((void *)&seccfg, (void __user *)arg, sizeof(SECCFG_U)))
            {
                return -EFAULT;
            }

            /* specify encrpytion length */
            SMSG(true,"[%s] SECCFG v%d\n",MOD,get_seccfg_ver());            
            if (SEC_CFG_END_PATTERN == seccfg.v1.end_pattern)
            {
                if((SECCFG_V1 != get_seccfg_ver()) && (SECCFG_V1_2 != get_seccfg_ver()))
                {
                    SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD,get_seccfg_ver());
                    SEC_ASSERT(0);
                }
                
                cipher_len = get_seccfg_cipher_len();
                sec_update_lks(seccfg.v1.sw_sec_lock_try, seccfg.v1.sw_sec_lock_done, seccfg.v1.attr == ATTR_DISABLE_IMG_CHECK);
                masp_hal_sp_hacc_enc((unsigned char*)&seccfg.v1.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
            }
            else if (SEC_CFG_END_PATTERN == seccfg.v3.end_pattern)
            {
                if(SECCFG_V3 != get_seccfg_ver())
                {
                    SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD,get_seccfg_ver());
                    SEC_ASSERT(0);
                }
                
                cipher_len = get_seccfg_cipher_len();
                sec_update_lks(seccfg.v3.sw_sec_lock_try, seccfg.v3.sw_sec_lock_done, seccfg.v3.seccfg_attr == ATTR_DISABLE_IMG_CHECK);
                masp_hal_sp_hacc_enc((unsigned char*)&seccfg.v3.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
            }
            else
            {
                SMSG(true,"[%s] wrong seccfg version v%d\n",MOD,seccfg.v3.seccfg_ver)
                SEC_ASSERT(0);
            }

            ret = osal_copy_to_user((void __user *)arg, (void *)&seccfg, sizeof(SECCFG_U));
            break;

        /* ---------------------------------- */
        /* decrypt sec cfg                    */
        /* ---------------------------------- */
        case SEC_SECCFG_DECRYPT:
            SMSG(bMsg,"[%s] CMD - SEC_SECCFG_DECRYPT\n",MOD);   
            if(copy_from_user((void *)&seccfg, (void __user *)arg, sizeof(SECCFG_U)))
            {
                return -EFAULT;
            }

            /* specify decrpytion length */
            if (SEC_CFG_END_PATTERN == seccfg.v1.end_pattern)
            {
                /* seccfg version should be corrected by caller */
                set_seccfg_ver(SECCFG_V1); 
                cipher_len = get_seccfg_cipher_len();
                masp_hal_sp_hacc_dec((unsigned char*)&seccfg.v1.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
                sec_update_lks(seccfg.v1.sw_sec_lock_try, seccfg.v1.sw_sec_lock_done, seccfg.v1.attr == ATTR_DISABLE_IMG_CHECK);
            }
            else if (SEC_CFG_END_PATTERN == seccfg.v3.end_pattern)
            {
                /* seccfg version should be corrected by caller */
                set_seccfg_ver(SECCFG_V3);
                cipher_len = get_seccfg_cipher_len();
                masp_hal_sp_hacc_dec((unsigned char*)&seccfg.v3.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
                sec_update_lks(seccfg.v3.sw_sec_lock_try, seccfg.v3.sw_sec_lock_done, seccfg.v3.seccfg_attr == ATTR_DISABLE_IMG_CHECK);
            }
            else
            {
                SMSG(true,"[%s] wrong seccfg version v%d\n",MOD,seccfg.v3.seccfg_ver)
                SEC_ASSERT(0);
            }            

            SMSG(bMsg,"[%s] SECCFG v%d\n",MOD,get_seccfg_ver());  
            
            ret = osal_copy_to_user((void __user *)arg, (void *)&seccfg, sizeof(SECCFG_U));
            break;

        /* ---------------------------------- */
        /* NVRAM HW encryption                */
        /* ---------------------------------- */
        case SEC_NVRAM_HW_ENCRYPT:
            SMSG(bMsg,"[%s] CMD - SEC_NVRAM_HW_ENCRYPT\n",MOD);   
            if(osal_copy_from_user((void *)&meta_ctx, (void __user *)arg, sizeof(meta_ctx)))
            {
                return -EFAULT;
            }

            /* TODO : double check if META register is correct ? */
            masp_hal_sp_hacc_enc((unsigned char*)&(meta_ctx.data),NVRAM_CIPHER_LEN,TRUE,HACC_USER2,FALSE);
            meta_ctx.ret = SEC_OK;
            
            ret = osal_copy_to_user((void __user *)arg, (void *)&meta_ctx, sizeof(meta_ctx));
            break;

        /* ---------------------------------- */
        /* NVRAM HW decryption                */
        /* ---------------------------------- */
        case SEC_NVRAM_HW_DECRYPT:
            SMSG(bMsg,"[%s] CMD - SEC_NVRAM_HW_DECRYPT\n",MOD);   
            if(osal_copy_from_user((void *)&meta_ctx, (void __user *)arg, sizeof(meta_ctx)))
            {
                return -EFAULT;
            }

            masp_hal_sp_hacc_dec((unsigned char*)&(meta_ctx.data),NVRAM_CIPHER_LEN,TRUE,HACC_USER2,FALSE);
            meta_ctx.ret = SEC_OK;
            ret = osal_copy_to_user((void __user *)arg, (void *)&meta_ctx, sizeof(meta_ctx));
            break;

        /* ---------------------------------- */
        /* HEVC EOP                           */
        /* ---------------------------------- */
        case SEC_HEVC_EOP:
            SMSG(TRUE,"[%s] CMD - SEC_HEVC_EOP\n",MOD);   
            if(osal_copy_from_user((void *)(&hevc_blk), (void __user *)arg, sizeof(HEVC_BLK)))
            {
                return -EFAULT;
            }

            if (hevc_blk.len > HEVC_BLK_LEN) {
                SMSG(TRUE, "[%s] eop block size is too large!", MOD);
                return -EFAULT;
            }

            if ((hevc_blk.len % CI_BLK_SIZE) == 0)
            {
                cipher_len = hevc_blk.len;
            }
            else if ((hevc_blk.len % CI_BLK_SIZE) > 0)
            {
                cipher_len = CI_BLK_ALIGN(hevc_blk.len)-CI_BLK_SIZE;
                if (cipher_len == 0 ){
                    SMSG(TRUE,"[%s] less than one ci_blk, no need to do eop",MOD);   
                    break; 
                }
            }
            masp_hal_sp_hacc_enc((unsigned char*)(&hevc_blk.buf),cipher_len,TRUE,HACC_USER4,FALSE);

            ret = osal_copy_to_user((void __user *)arg, (void *)(&hevc_blk), sizeof(HEVC_BLK));
            break;

        /* ---------------------------------- */
        /* HEVC DOP                           */
        /* ---------------------------------- */
        case SEC_HEVC_DOP:
            SMSG(TRUE,"[%s] CMD - SEC_HEVC_DOP\n",MOD);   
            if(osal_copy_from_user((void *)(&hevc_blk), (void __user *)arg, sizeof(HEVC_BLK)))
            {
                return -EFAULT;
            }

            if (hevc_blk.len > HEVC_BLK_LEN) {
                SMSG(TRUE, "[%s] dop block size is too large!", MOD);
                return -EFAULT;
            }

            if ((hevc_blk.len % CI_BLK_SIZE) == 0)
            {
                cipher_len = hevc_blk.len;
            }
            else if ((hevc_blk.len % CI_BLK_SIZE) > 0)
            {
                cipher_len = CI_BLK_ALIGN(hevc_blk.len)-CI_BLK_SIZE;
                if (cipher_len == 0 ){
                    SMSG(TRUE,"[%s] less than one ci_blk, no need to do dop",MOD);   
                    break; 
                }
            }

            masp_hal_sp_hacc_dec((unsigned char*)(&hevc_blk.buf),cipher_len,TRUE,HACC_USER4,FALSE);
            
            ret = osal_copy_to_user((void __user *)arg, (void *)(&hevc_blk), sizeof(HEVC_BLK));
            break;

        /* ---------------------------------- */
        /* check if secure usbdl is enbaled   */
        /* ---------------------------------- */
        case SEC_USBDL_IS_ENABLED:
            SMSG(bMsg,"[%s] CMD - SEC_USBDL_IS_ENABLED\n",MOD);
            ret = sec_usbdl_enabled();
            ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));            
            break;

        /* ---------------------------------- */
        /* configure HACC HW (include SW KEY)  */
        /* ---------------------------------- */
        case SEC_HACC_CONFIG:
            SMSG(bMsg,"[%s] CMD - SEC_HACC_CONFIG\n",MOD);
            ret = sec_boot_hacc_init();
            ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));            
            break;

        /* ---------------------------------- */
        /* enable HACC HW clock                */
        /* ---------------------------------- */
        case SEC_HACC_ENABLE_CLK:
            SMSG(bMsg,"[%s] CMD - SEC_HACC_ENABLE_CLK\n",MOD);
            ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));            
            break;

        /* ---------------------------------- */
        /* lock hacc function                  */
        /* ---------------------------------- */
        case SEC_HACC_LOCK:
        
            SMSG(bMsg,"[%s] CMD - SEC_HACC_LOCK\n",MOD);   
            SMSG(bMsg,"[%s] lock\n",MOD);

            /* If the semaphore is successfully acquired, this function returns 0.*/                
            ret = osal_hacc_lock();

            if(ret)
            {
                SMSG(true,"[%s] ERESTARTSYS\n",MOD);
                return -ERESTARTSYS;
            }

            return ret;
            
        /* ---------------------------------- */
        /* unlock hacc function                */
        /* ---------------------------------- */
        case SEC_HACC_UNLOCK:

            SMSG(bMsg,"[%s] CMD - SEC_HACC_UNLOCK\n",MOD);   
            SMSG(bMsg,"[%s] unlock\n",MOD);

            osal_hacc_unlock();
            
            break;

        /* ---------------------------------- */
        /* check if secure boot check enabled */
        /* ---------------------------------- */
        case SEC_BOOT_PART_CHECK_ENABLE:
            SMSG(bMsg,"[%s] CMD -SEC_BOOT_PART_CHECK_ENABLE\n",MOD);
            if(copy_from_user((void *)part_name, (void __user *)arg, sizeof(part_name)))
            {
                return -EFAULT;
            }
            ret = sec_boot_check_part_enabled (part_name);
            SMSG(bMsg,"[%s] result '0x%x'\n",MOD,ret);
            return ret;

        /* ---------------------------------- */
        /* notify mark incomplete             */
        /* ---------------------------------- */
        case SEC_BOOT_NOTIFY_MARK_STATUS:
            SMSG(true,"[%s] mark status\n",MOD);
            /* may do some post process here ... */
            break;

        /* ---------------------------------- */
        /* notify check pass                  */
        /* ---------------------------------- */
        case SEC_BOOT_NOTIFY_PASS:
            SMSG(true,"[%s] sbchk pass\n",MOD);
            SMSG(true,"[%s] sbchk pass\n",MOD);
            SMSG(true,"[%s] sbchk pass\n",MOD);
            SMSG(true,"[%s] sbchk pass\n",MOD);            
            SMSG(true,"[%s] sbchk pass\n",MOD);
            /* may do some post process here ... */
            break;

        /* ---------------------------------- */
        /* notify check fail                  */
        /* ---------------------------------- */
        case SEC_BOOT_NOTIFY_FAIL:
            if(osal_copy_from_user((void *)part_name, (void __user *)arg, sizeof(part_name)))
            {
                return -EFAULT;
            }

            SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
            SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
            SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
            SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
            SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
            osal_msleep(3000);
            /* punishment ... */    
            SEC_ASSERT(0);
            break;

        /* ---------------------------------- */
        /* notify recovery mode done          */
        /* ---------------------------------- */
        case SEC_BOOT_NOTIFY_RMSDUP_DONE:
            SMSG(true,"[%s] recovery mode done\n",MOD);
            /* may do some post process here ... */
            break;

        /* ---------------------------------- */
        /* read rom info                      */
        /* ---------------------------------- */
        case SEC_READ_ROM_INFO:
            SMSG(bMsg,"[%s] read rom info\n",MOD);            
            ret = osal_copy_to_user((void __user *)arg, (void *)&rom_info, sizeof(AND_ROMINFO_T));
            break;     
            
        
        /* ---------------------------------- */
        /* notify check status          */
        /* ---------------------------------- */
        case SEC_BOOT_NOTIFY_STATUS:     
            ret = osal_copy_from_user((void *)&status, (void __user *)arg, sizeof(int)); 
            SMSG(true,"[%s] sbchk status : '0x%x' \n",MOD,status);
            break;
    }

    return 0;
}

/**************************************************************************
 *  SEC DRIVER INIT
 **************************************************************************/ 
void sec_core_init (void)
{
    SMSG(true,"[%s] version '%s%s', enter.\n",MOD,BUILD_TIME,BUILD_BRANCH);
    
    /* ---------------------------------- */
    /* disable key init in kerne module   */
    /* ---------------------------------- */
    sec_info.bKeyInitDis = TRUE;    
}

/**************************************************************************
 *  SEC DRIVER EXIT
 **************************************************************************/ 
void sec_core_exit (void)
{
    SMSG(true,"[%s] version '%s%s', exit.\n",MOD,BUILD_TIME,BUILD_BRANCH);
}
Commit	Line	Data
6fa3eb70 S	1	/******************************************************************************
	2	* INCLUDE LIBRARY
	3	******************************************************************************/
	4
	5	/******************************************************************************
	6	* INCLUDE LINUX HEADER
	7	******************************************************************************/
	8	#include <linux/module.h>
	9	#include <asm/uaccess.h>
	10	#include <linux/ioctl.h>
	11
	12	/******************************************************************************
	13	* INCLUDE LIBRARY
	14	******************************************************************************/
	15	#include <mach/mt_sec_hal.h>
	16	#include "sec_boot_lib.h"
	17	#include "masp_version.h"
	18	#include "sec_ioctl.h"
	19	#include "sec_osal_light.h"
	20	#include "sec_nvram.h"
	21
	22	#define MOD "ASF"
	23	#define HEVC_BLK_LEN 20480
	24
	25	#define CI_BLK_SIZE 16
	26	#define CI_BLK_ALIGN(len) ( ((len)+CI_BLK_SIZE-1) & ~(CI_BLK_SIZE-1) )
	27
	28	/**************************************************************************
	29	* GLOBAL VARIABLES
	30	**************************************************************************/
	31	typedef struct
	32	{
	33	unsigned char buf[HEVC_BLK_LEN];
	34	unsigned int len;
	35	} HEVC_BLK;
	36	HEVC_BLK hevc_blk;
	37
	38
	39	/**************************************************************************
	40	* EXTERNAL VARIABLE
	41	**************************************************************************/
	42	extern MtdPart mtd_part_map[];
	43	extern bool bMsg;
	44	extern struct semaphore hacc_sem;
	45
	46	/**************************************************************************
	47	* EXTERNAL FUNCTION
	48	**************************************************************************/
	49	extern int sec_get_random_id(unsigned int *rid);
	50	extern void sec_update_lks(unsigned char tr, unsigned char dn, unsigned char fb_ulk);
	51	extern void sec_core_init (void);
	52
	53	static uint lks = 2;//if sec is not enabled, this param will not be updated
	54	module_param(lks, uint, S_IRUSR/\|S_IWUSR\|S_IWGRP/\|S_IRGRP\|S_IROTH); /* r--r--r-- */
	55	MODULE_PARM_DESC(lks, "A device lks parameter under sysfs (0=NL, 1=L, 2=NA)");
	56
	57	void sec_update_lks(unsigned char tr, unsigned char dn, unsigned char fb_ulk)
	58	{
	59	if(fb_ulk)//FB
	60	{
	61	lks = 0;
	62	}
	63	else if(sec_schip_enabled())//SC
	64	{
65	lks = 1;
66	}
67	else if(!sec_boot_enabled())//NSC
68	{
69	lks = 0;
70	}
71	else if(0 == tr && 2 == dn)//SWSEC
72	{
73	lks = 0;
74	}
75	else//SWSEC
76	{
77	lks = 1;
78	}
79	}
80
81	//extern void osal_msleep(unsigned int msec);
82
83	/**************************************************************************
84	* SEC DRIVER IOCTL
85	**************************************************************************/
86	long sec_core_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
87	{
88	int err = 0;
89	int ret = 0;
90	unsigned int cipher_len = 0;
91	unsigned int rid[4];
92	unsigned char part_name[16];
93	META_CONTEXT meta_ctx;
94	int status = 0;
95
96	/* ---------------------------------- */
97	/* IOCTL */
98	/* ---------------------------------- */
99
100	if (_IOC_TYPE(cmd) != SEC_IOC_MAGIC)
101	return -ENOTTY;
102	if (_IOC_NR(cmd) > SEC_IOC_MAXNR)
103	return -ENOTTY;
104	if (_IOC_DIR(cmd) & _IOC_READ)
105	err = !access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd));
106	if (_IOC_DIR(cmd) & _IOC_WRITE)
107	err = !access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd));
108	if (err) return -EFAULT;
109
110	switch (cmd) {
111
112	/* ---------------------------------- */
113	/* get random id */
114	/* ---------------------------------- */
115	case SEC_GET_RANDOM_ID:
116	SMSG(bMsg,"[%s] CMD - SEC_GET_RANDOM_ID\n",MOD);
117	sec_get_random_id(&rid[0]);
118	ret = osal_copy_to_user((void __user )arg, (void )&rid[0], sizeof(unsigned int) * 4);
119	break;
120
121	/* ---------------------------------- */
122	/* init boot info */
123	/* ---------------------------------- */
124	case SEC_BOOT_INIT:
125	SMSG(bMsg,"[%s] CMD - SEC_BOOT_INIT\n",MOD);
126	ret = masp_boot_init();
127	sec_core_init();
128	ret = osal_copy_to_user((void __user )arg, (void )&ret, sizeof(int));
129	break;
130
131
132	/* ---------------------------------- */
133	/* check if secure boot is enbaled */
134	/* ---------------------------------- */
135	case SEC_BOOT_IS_ENABLED:
136	SMSG(bMsg,"[%s] CMD - SEC_BOOT_IS_ENABLED\n",MOD);
137	ret = sec_boot_enabled();
138	ret = osal_copy_to_user((void __user )arg, (void )&ret, sizeof(int));
139	break;
140
141	/* ---------------------------------- */
142	/* encrypt sec cfg */
143	/* ---------------------------------- */
144	case SEC_SECCFG_ENCRYPT:
145	SMSG(bMsg,"[%s] CMD - SEC_SECCFG_ENCRYPT\n",MOD);
146	if(copy_from_user((void )&seccfg, (void __user )arg, sizeof(SECCFG_U)))
147	{
148	return -EFAULT;
149	}
150
151	/* specify encrpytion length */
152	SMSG(true,"[%s] SECCFG v%d\n",MOD,get_seccfg_ver());
153	if (SEC_CFG_END_PATTERN == seccfg.v1.end_pattern)
154	{
155	if((SECCFG_V1 != get_seccfg_ver()) && (SECCFG_V1_2 != get_seccfg_ver()))
156	{
157	SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD,get_seccfg_ver());
158	SEC_ASSERT(0);
159	}
160
161	cipher_len = get_seccfg_cipher_len();
162	sec_update_lks(seccfg.v1.sw_sec_lock_try, seccfg.v1.sw_sec_lock_done, seccfg.v1.attr == ATTR_DISABLE_IMG_CHECK);
163	masp_hal_sp_hacc_enc((unsigned char*)&seccfg.v1.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
164	}
165	else if (SEC_CFG_END_PATTERN == seccfg.v3.end_pattern)
166	{
167	if(SECCFG_V3 != get_seccfg_ver())
168	{
169	SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD,get_seccfg_ver());
170	SEC_ASSERT(0);
171	}
172
173	cipher_len = get_seccfg_cipher_len();
174	sec_update_lks(seccfg.v3.sw_sec_lock_try, seccfg.v3.sw_sec_lock_done, seccfg.v3.seccfg_attr == ATTR_DISABLE_IMG_CHECK);
175	masp_hal_sp_hacc_enc((unsigned char*)&seccfg.v3.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
176	}
177	else
178	{
179	SMSG(true,"[%s] wrong seccfg version v%d\n",MOD,seccfg.v3.seccfg_ver)
180	SEC_ASSERT(0);
181	}
182
183	ret = osal_copy_to_user((void __user )arg, (void )&seccfg, sizeof(SECCFG_U));
184	break;
185
186	/* ---------------------------------- */
187	/* decrypt sec cfg */
188	/* ---------------------------------- */
189	case SEC_SECCFG_DECRYPT:
190	SMSG(bMsg,"[%s] CMD - SEC_SECCFG_DECRYPT\n",MOD);
191	if(copy_from_user((void )&seccfg, (void __user )arg, sizeof(SECCFG_U)))
192	{
193	return -EFAULT;
194	}
195
196	/* specify decrpytion length */
197	if (SEC_CFG_END_PATTERN == seccfg.v1.end_pattern)
198	{
199	/* seccfg version should be corrected by caller */
200	set_seccfg_ver(SECCFG_V1);
201	cipher_len = get_seccfg_cipher_len();
202	masp_hal_sp_hacc_dec((unsigned char*)&seccfg.v1.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
203	sec_update_lks(seccfg.v1.sw_sec_lock_try, seccfg.v1.sw_sec_lock_done, seccfg.v1.attr == ATTR_DISABLE_IMG_CHECK);
204	}
205	else if (SEC_CFG_END_PATTERN == seccfg.v3.end_pattern)
206	{
207	/* seccfg version should be corrected by caller */
208	set_seccfg_ver(SECCFG_V3);
209	cipher_len = get_seccfg_cipher_len();
210	masp_hal_sp_hacc_dec((unsigned char*)&seccfg.v3.image_info,cipher_len,rom_info.m_SEC_CTRL.m_seccfg_ac_en,HACC_USER1,FALSE);
211	sec_update_lks(seccfg.v3.sw_sec_lock_try, seccfg.v3.sw_sec_lock_done, seccfg.v3.seccfg_attr == ATTR_DISABLE_IMG_CHECK);
212	}
213	else
214	{
215	SMSG(true,"[%s] wrong seccfg version v%d\n",MOD,seccfg.v3.seccfg_ver)
216	SEC_ASSERT(0);
217	}
218
219	SMSG(bMsg,"[%s] SECCFG v%d\n",MOD,get_seccfg_ver());
220
221	ret = osal_copy_to_user((void __user )arg, (void )&seccfg, sizeof(SECCFG_U));
222	break;
223
224	/* ---------------------------------- */
225	/* NVRAM HW encryption */
226	/* ---------------------------------- */
227	case SEC_NVRAM_HW_ENCRYPT:
228	SMSG(bMsg,"[%s] CMD - SEC_NVRAM_HW_ENCRYPT\n",MOD);
229	if(osal_copy_from_user((void )&meta_ctx, (void __user )arg, sizeof(meta_ctx)))
230	{
231	return -EFAULT;
232	}
233
234	/* TODO : double check if META register is correct ? */
235	masp_hal_sp_hacc_enc((unsigned char*)&(meta_ctx.data),NVRAM_CIPHER_LEN,TRUE,HACC_USER2,FALSE);
236	meta_ctx.ret = SEC_OK;
237
238	ret = osal_copy_to_user((void __user )arg, (void )&meta_ctx, sizeof(meta_ctx));
239	break;
240
241	/* ---------------------------------- */
242	/* NVRAM HW decryption */
243	/* ---------------------------------- */
244	case SEC_NVRAM_HW_DECRYPT:
245	SMSG(bMsg,"[%s] CMD - SEC_NVRAM_HW_DECRYPT\n",MOD);
246	if(osal_copy_from_user((void )&meta_ctx, (void __user )arg, sizeof(meta_ctx)))
247	{
248	return -EFAULT;
249	}
250
251	masp_hal_sp_hacc_dec((unsigned char*)&(meta_ctx.data),NVRAM_CIPHER_LEN,TRUE,HACC_USER2,FALSE);
252	meta_ctx.ret = SEC_OK;
253	ret = osal_copy_to_user((void __user )arg, (void )&meta_ctx, sizeof(meta_ctx));
254	break;
255
256	/* ---------------------------------- */
257	/* HEVC EOP */
258	/* ---------------------------------- */
259	case SEC_HEVC_EOP:
260	SMSG(TRUE,"[%s] CMD - SEC_HEVC_EOP\n",MOD);
261	if(osal_copy_from_user((void )(&hevc_blk), (void __user )arg, sizeof(HEVC_BLK)))
262	{
263	return -EFAULT;
264	}
4b9e9796 S	265
	266	if (hevc_blk.len > HEVC_BLK_LEN) {
	267	SMSG(TRUE, "[%s] eop block size is too large!", MOD);
	268	return -EFAULT;
	269	}
	270
6fa3eb70 S	271	if ((hevc_blk.len % CI_BLK_SIZE) == 0)
	272	{
	273	cipher_len = hevc_blk.len;
	274	}
	275	else if ((hevc_blk.len % CI_BLK_SIZE) > 0)
	276	{
	277	cipher_len = CI_BLK_ALIGN(hevc_blk.len)-CI_BLK_SIZE;
	278	if (cipher_len == 0 ){
	279	SMSG(TRUE,"[%s] less than one ci_blk, no need to do eop",MOD);
	280	break;
	281	}
	282	}
	283	masp_hal_sp_hacc_enc((unsigned char*)(&hevc_blk.buf),cipher_len,TRUE,HACC_USER4,FALSE);
	284
	285	ret = osal_copy_to_user((void __user )arg, (void )(&hevc_blk), sizeof(HEVC_BLK));
	286	break;
	287
	288	/* ---------------------------------- */
	289	/* HEVC DOP */
	290	/* ---------------------------------- */
	291	case SEC_HEVC_DOP:
	292	SMSG(TRUE,"[%s] CMD - SEC_HEVC_DOP\n",MOD);
	293	if(osal_copy_from_user((void )(&hevc_blk), (void __user )arg, sizeof(HEVC_BLK)))
	294	{
	295	return -EFAULT;
	296	}
	297
4b9e9796 S	298	if (hevc_blk.len > HEVC_BLK_LEN) {
	299	SMSG(TRUE, "[%s] dop block size is too large!", MOD);
	300	return -EFAULT;
	301	}
	302
6fa3eb70 S	303	if ((hevc_blk.len % CI_BLK_SIZE) == 0)
	304	{
	305	cipher_len = hevc_blk.len;
	306	}
	307	else if ((hevc_blk.len % CI_BLK_SIZE) > 0)
	308	{
	309	cipher_len = CI_BLK_ALIGN(hevc_blk.len)-CI_BLK_SIZE;
	310	if (cipher_len == 0 ){
	311	SMSG(TRUE,"[%s] less than one ci_blk, no need to do dop",MOD);
	312	break;
	313	}
	314	}
	315
	316	masp_hal_sp_hacc_dec((unsigned char*)(&hevc_blk.buf),cipher_len,TRUE,HACC_USER4,FALSE);
	317
	318	ret = osal_copy_to_user((void __user )arg, (void )(&hevc_blk), sizeof(HEVC_BLK));
	319	break;
	320
	321	/* ---------------------------------- */
	322	/* check if secure usbdl is enbaled */
	323	/* ---------------------------------- */
	324	case SEC_USBDL_IS_ENABLED:
	325	SMSG(bMsg,"[%s] CMD - SEC_USBDL_IS_ENABLED\n",MOD);
	326	ret = sec_usbdl_enabled();
	327	ret = osal_copy_to_user((void __user )arg, (void )&ret, sizeof(int));
	328	break;
	329
	330	/* ---------------------------------- */
	331	/* configure HACC HW (include SW KEY) */
	332	/* ---------------------------------- */
	333	case SEC_HACC_CONFIG:
	334	SMSG(bMsg,"[%s] CMD - SEC_HACC_CONFIG\n",MOD);
	335	ret = sec_boot_hacc_init();
	336	ret = osal_copy_to_user((void __user )arg, (void )&ret, sizeof(int));
	337	break;
	338
	339	/* ---------------------------------- */
	340	/* enable HACC HW clock */
	341	/* ---------------------------------- */
	342	case SEC_HACC_ENABLE_CLK:
	343	SMSG(bMsg,"[%s] CMD - SEC_HACC_ENABLE_CLK\n",MOD);
	344	ret = osal_copy_to_user((void __user )arg, (void )&ret, sizeof(int));
	345	break;
	346
	347	/* ---------------------------------- */
	348	/* lock hacc function */
	349	/* ---------------------------------- */
	350	case SEC_HACC_LOCK:
	351
	352	SMSG(bMsg,"[%s] CMD - SEC_HACC_LOCK\n",MOD);
	353	SMSG(bMsg,"[%s] lock\n",MOD);
	354
	355	/* If the semaphore is successfully acquired, this function returns 0.*/
	356	ret = osal_hacc_lock();
	357
	358	if(ret)
	359	{
	360	SMSG(true,"[%s] ERESTARTSYS\n",MOD);
	361	return -ERESTARTSYS;
	362	}
	363
	364	return ret;
	365
	366	/* ---------------------------------- */
367	/* unlock hacc function */
368	/* ---------------------------------- */
369	case SEC_HACC_UNLOCK:
370
371	SMSG(bMsg,"[%s] CMD - SEC_HACC_UNLOCK\n",MOD);
372	SMSG(bMsg,"[%s] unlock\n",MOD);
373
374	osal_hacc_unlock();
375
376	break;
377
378	/* ---------------------------------- */
379	/* check if secure boot check enabled */
380	/* ---------------------------------- */
381	case SEC_BOOT_PART_CHECK_ENABLE:
382	SMSG(bMsg,"[%s] CMD -SEC_BOOT_PART_CHECK_ENABLE\n",MOD);
383	if(copy_from_user((void )part_name, (void __user )arg, sizeof(part_name)))
384	{
385	return -EFAULT;
386	}
387	ret = sec_boot_check_part_enabled (part_name);
388	SMSG(bMsg,"[%s] result '0x%x'\n",MOD,ret);
389	return ret;
390
391	/* ---------------------------------- */
392	/* notify mark incomplete */
393	/* ---------------------------------- */
394	case SEC_BOOT_NOTIFY_MARK_STATUS:
395	SMSG(true,"[%s] mark status\n",MOD);
396	/* may do some post process here ... */
397	break;
398
399	/* ---------------------------------- */
400	/* notify check pass */
401	/* ---------------------------------- */
402	case SEC_BOOT_NOTIFY_PASS:
403	SMSG(true,"[%s] sbchk pass\n",MOD);
404	SMSG(true,"[%s] sbchk pass\n",MOD);
405	SMSG(true,"[%s] sbchk pass\n",MOD);
406	SMSG(true,"[%s] sbchk pass\n",MOD);
407	SMSG(true,"[%s] sbchk pass\n",MOD);
408	/* may do some post process here ... */
409	break;
410
411	/* ---------------------------------- */
412	/* notify check fail */
413	/* ---------------------------------- */
414	case SEC_BOOT_NOTIFY_FAIL:
415	if(osal_copy_from_user((void )part_name, (void __user )arg, sizeof(part_name)))
416	{
417	return -EFAULT;
418	}
419
420	SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
421	SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
422	SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
423	SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
424	SMSG(true,"[%s] sbchk fail '%s'\n",MOD,part_name);
425	osal_msleep(3000);
426	/* punishment ... */
427	SEC_ASSERT(0);
428	break;
429
430	/* ---------------------------------- */
431	/* notify recovery mode done */
432	/* ---------------------------------- */
433	case SEC_BOOT_NOTIFY_RMSDUP_DONE:
434	SMSG(true,"[%s] recovery mode done\n",MOD);
435	/* may do some post process here ... */
436	break;
437
438	/* ---------------------------------- */
439	/* read rom info */
440	/* ---------------------------------- */
441	case SEC_READ_ROM_INFO:
442	SMSG(bMsg,"[%s] read rom info\n",MOD);
443	ret = osal_copy_to_user((void __user )arg, (void )&rom_info, sizeof(AND_ROMINFO_T));
444	break;
445
446
447	/* ---------------------------------- */
448	/* notify check status */
449	/* ---------------------------------- */
450	case SEC_BOOT_NOTIFY_STATUS:
451	ret = osal_copy_from_user((void )&status, (void __user )arg, sizeof(int));
452	SMSG(true,"[%s] sbchk status : '0x%x' \n",MOD,status);
453	break;
454	}
455
456	return 0;
457	}
458
459	/**************************************************************************
460	* SEC DRIVER INIT
461	**************************************************************************/
462	void sec_core_init (void)
463	{
464	SMSG(true,"[%s] version '%s%s', enter.\n",MOD,BUILD_TIME,BUILD_BRANCH);
465
466	/* ---------------------------------- */
467	/* disable key init in kerne module */
468	/* ---------------------------------- */
469	sec_info.bKeyInitDis = TRUE;
470	}
471
472	/**************************************************************************
473	* SEC DRIVER EXIT
474	**************************************************************************/
475	void sec_core_exit (void)
476	{
477	SMSG(true,"[%s] version '%s%s', exit.\n",MOD,BUILD_TIME,BUILD_BRANCH);
478	}
479