1 /******************************************************************************
3 ******************************************************************************/
5 /******************************************************************************
7 ******************************************************************************/
8 #include <linux/module.h>
9 #include <asm/uaccess.h>
10 #include <linux/ioctl.h>
12 /******************************************************************************
14 ******************************************************************************/
15 #include <mach/mt_sec_hal.h>
16 #include "sec_boot_lib.h"
17 #include "masp_version.h"
18 #include "sec_ioctl.h"
19 #include "sec_osal_light.h"
20 #include "sec_nvram.h"
23 #define HEVC_BLK_LEN 20480
25 #define CI_BLK_SIZE 16
26 #define CI_BLK_ALIGN(len) ( ((len)+CI_BLK_SIZE-1) & ~(CI_BLK_SIZE-1) )
28 /**************************************************************************
30 **************************************************************************/
33 unsigned char buf
[HEVC_BLK_LEN
];
39 /**************************************************************************
41 **************************************************************************/
42 extern MtdPart mtd_part_map
[];
44 extern struct semaphore hacc_sem
;
46 /**************************************************************************
48 **************************************************************************/
49 extern int sec_get_random_id(unsigned int *rid
);
50 extern void sec_update_lks(unsigned char tr
, unsigned char dn
, unsigned char fb_ulk
);
51 extern void sec_core_init (void);
53 static uint lks
= 2;//if sec is not enabled, this param will not be updated
54 module_param(lks
, uint
, S_IRUSR
/*|S_IWUSR|S_IWGRP*/|S_IRGRP
|S_IROTH
); /* r--r--r-- */
55 MODULE_PARM_DESC(lks
, "A device lks parameter under sysfs (0=NL, 1=L, 2=NA)");
57 void sec_update_lks(unsigned char tr
, unsigned char dn
, unsigned char fb_ulk
)
63 else if(sec_schip_enabled())//SC
67 else if(!sec_boot_enabled())//NSC
71 else if(0 == tr
&& 2 == dn
)//SWSEC
81 //extern void osal_msleep(unsigned int msec);
83 /**************************************************************************
85 **************************************************************************/
86 long sec_core_ioctl(struct file
*file
, unsigned int cmd
, unsigned long arg
)
90 unsigned int cipher_len
= 0;
92 unsigned char part_name
[16];
93 META_CONTEXT meta_ctx
;
96 /* ---------------------------------- */
98 /* ---------------------------------- */
100 if (_IOC_TYPE(cmd
) != SEC_IOC_MAGIC
)
102 if (_IOC_NR(cmd
) > SEC_IOC_MAXNR
)
104 if (_IOC_DIR(cmd
) & _IOC_READ
)
105 err
= !access_ok(VERIFY_WRITE
, (void __user
*)arg
, _IOC_SIZE(cmd
));
106 if (_IOC_DIR(cmd
) & _IOC_WRITE
)
107 err
= !access_ok(VERIFY_READ
, (void __user
*)arg
, _IOC_SIZE(cmd
));
108 if (err
) return -EFAULT
;
112 /* ---------------------------------- */
114 /* ---------------------------------- */
115 case SEC_GET_RANDOM_ID
:
116 SMSG(bMsg
,"[%s] CMD - SEC_GET_RANDOM_ID\n",MOD
);
117 sec_get_random_id(&rid
[0]);
118 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&rid
[0], sizeof(unsigned int) * 4);
121 /* ---------------------------------- */
123 /* ---------------------------------- */
125 SMSG(bMsg
,"[%s] CMD - SEC_BOOT_INIT\n",MOD
);
126 ret
= masp_boot_init();
128 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&ret
, sizeof(int));
132 /* ---------------------------------- */
133 /* check if secure boot is enbaled */
134 /* ---------------------------------- */
135 case SEC_BOOT_IS_ENABLED
:
136 SMSG(bMsg
,"[%s] CMD - SEC_BOOT_IS_ENABLED\n",MOD
);
137 ret
= sec_boot_enabled();
138 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&ret
, sizeof(int));
141 /* ---------------------------------- */
142 /* encrypt sec cfg */
143 /* ---------------------------------- */
144 case SEC_SECCFG_ENCRYPT
:
145 SMSG(bMsg
,"[%s] CMD - SEC_SECCFG_ENCRYPT\n",MOD
);
146 if(copy_from_user((void *)&seccfg
, (void __user
*)arg
, sizeof(SECCFG_U
)))
151 /* specify encrpytion length */
152 SMSG(true,"[%s] SECCFG v%d\n",MOD
,get_seccfg_ver());
153 if (SEC_CFG_END_PATTERN
== seccfg
.v1
.end_pattern
)
155 if((SECCFG_V1
!= get_seccfg_ver()) && (SECCFG_V1_2
!= get_seccfg_ver()))
157 SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD
,get_seccfg_ver());
161 cipher_len
= get_seccfg_cipher_len();
162 sec_update_lks(seccfg
.v1
.sw_sec_lock_try
, seccfg
.v1
.sw_sec_lock_done
, seccfg
.v1
.attr
== ATTR_DISABLE_IMG_CHECK
);
163 masp_hal_sp_hacc_enc((unsigned char*)&seccfg
.v1
.image_info
,cipher_len
,rom_info
.m_SEC_CTRL
.m_seccfg_ac_en
,HACC_USER1
,FALSE
);
165 else if (SEC_CFG_END_PATTERN
== seccfg
.v3
.end_pattern
)
167 if(SECCFG_V3
!= get_seccfg_ver())
169 SMSG(true,"[%s] mismatch seccfg version v%d\n",MOD
,get_seccfg_ver());
173 cipher_len
= get_seccfg_cipher_len();
174 sec_update_lks(seccfg
.v3
.sw_sec_lock_try
, seccfg
.v3
.sw_sec_lock_done
, seccfg
.v3
.seccfg_attr
== ATTR_DISABLE_IMG_CHECK
);
175 masp_hal_sp_hacc_enc((unsigned char*)&seccfg
.v3
.image_info
,cipher_len
,rom_info
.m_SEC_CTRL
.m_seccfg_ac_en
,HACC_USER1
,FALSE
);
179 SMSG(true,"[%s] wrong seccfg version v%d\n",MOD
,seccfg
.v3
.seccfg_ver
)
183 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&seccfg
, sizeof(SECCFG_U
));
186 /* ---------------------------------- */
187 /* decrypt sec cfg */
188 /* ---------------------------------- */
189 case SEC_SECCFG_DECRYPT
:
190 SMSG(bMsg
,"[%s] CMD - SEC_SECCFG_DECRYPT\n",MOD
);
191 if(copy_from_user((void *)&seccfg
, (void __user
*)arg
, sizeof(SECCFG_U
)))
196 /* specify decrpytion length */
197 if (SEC_CFG_END_PATTERN
== seccfg
.v1
.end_pattern
)
199 /* seccfg version should be corrected by caller */
200 set_seccfg_ver(SECCFG_V1
);
201 cipher_len
= get_seccfg_cipher_len();
202 masp_hal_sp_hacc_dec((unsigned char*)&seccfg
.v1
.image_info
,cipher_len
,rom_info
.m_SEC_CTRL
.m_seccfg_ac_en
,HACC_USER1
,FALSE
);
203 sec_update_lks(seccfg
.v1
.sw_sec_lock_try
, seccfg
.v1
.sw_sec_lock_done
, seccfg
.v1
.attr
== ATTR_DISABLE_IMG_CHECK
);
205 else if (SEC_CFG_END_PATTERN
== seccfg
.v3
.end_pattern
)
207 /* seccfg version should be corrected by caller */
208 set_seccfg_ver(SECCFG_V3
);
209 cipher_len
= get_seccfg_cipher_len();
210 masp_hal_sp_hacc_dec((unsigned char*)&seccfg
.v3
.image_info
,cipher_len
,rom_info
.m_SEC_CTRL
.m_seccfg_ac_en
,HACC_USER1
,FALSE
);
211 sec_update_lks(seccfg
.v3
.sw_sec_lock_try
, seccfg
.v3
.sw_sec_lock_done
, seccfg
.v3
.seccfg_attr
== ATTR_DISABLE_IMG_CHECK
);
215 SMSG(true,"[%s] wrong seccfg version v%d\n",MOD
,seccfg
.v3
.seccfg_ver
)
219 SMSG(bMsg
,"[%s] SECCFG v%d\n",MOD
,get_seccfg_ver());
221 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&seccfg
, sizeof(SECCFG_U
));
224 /* ---------------------------------- */
225 /* NVRAM HW encryption */
226 /* ---------------------------------- */
227 case SEC_NVRAM_HW_ENCRYPT
:
228 SMSG(bMsg
,"[%s] CMD - SEC_NVRAM_HW_ENCRYPT\n",MOD
);
229 if(osal_copy_from_user((void *)&meta_ctx
, (void __user
*)arg
, sizeof(meta_ctx
)))
234 /* TODO : double check if META register is correct ? */
235 masp_hal_sp_hacc_enc((unsigned char*)&(meta_ctx
.data
),NVRAM_CIPHER_LEN
,TRUE
,HACC_USER2
,FALSE
);
236 meta_ctx
.ret
= SEC_OK
;
238 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&meta_ctx
, sizeof(meta_ctx
));
241 /* ---------------------------------- */
242 /* NVRAM HW decryption */
243 /* ---------------------------------- */
244 case SEC_NVRAM_HW_DECRYPT
:
245 SMSG(bMsg
,"[%s] CMD - SEC_NVRAM_HW_DECRYPT\n",MOD
);
246 if(osal_copy_from_user((void *)&meta_ctx
, (void __user
*)arg
, sizeof(meta_ctx
)))
251 masp_hal_sp_hacc_dec((unsigned char*)&(meta_ctx
.data
),NVRAM_CIPHER_LEN
,TRUE
,HACC_USER2
,FALSE
);
252 meta_ctx
.ret
= SEC_OK
;
253 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&meta_ctx
, sizeof(meta_ctx
));
256 /* ---------------------------------- */
258 /* ---------------------------------- */
260 SMSG(TRUE
,"[%s] CMD - SEC_HEVC_EOP\n",MOD
);
261 if(osal_copy_from_user((void *)(&hevc_blk
), (void __user
*)arg
, sizeof(HEVC_BLK
)))
266 if (hevc_blk
.len
> HEVC_BLK_LEN
) {
267 SMSG(TRUE
, "[%s] eop block size is too large!", MOD
);
271 if ((hevc_blk
.len
% CI_BLK_SIZE
) == 0)
273 cipher_len
= hevc_blk
.len
;
275 else if ((hevc_blk
.len
% CI_BLK_SIZE
) > 0)
277 cipher_len
= CI_BLK_ALIGN(hevc_blk
.len
)-CI_BLK_SIZE
;
278 if (cipher_len
== 0 ){
279 SMSG(TRUE
,"[%s] less than one ci_blk, no need to do eop",MOD
);
283 masp_hal_sp_hacc_enc((unsigned char*)(&hevc_blk
.buf
),cipher_len
,TRUE
,HACC_USER4
,FALSE
);
285 ret
= osal_copy_to_user((void __user
*)arg
, (void *)(&hevc_blk
), sizeof(HEVC_BLK
));
288 /* ---------------------------------- */
290 /* ---------------------------------- */
292 SMSG(TRUE
,"[%s] CMD - SEC_HEVC_DOP\n",MOD
);
293 if(osal_copy_from_user((void *)(&hevc_blk
), (void __user
*)arg
, sizeof(HEVC_BLK
)))
298 if (hevc_blk
.len
> HEVC_BLK_LEN
) {
299 SMSG(TRUE
, "[%s] dop block size is too large!", MOD
);
303 if ((hevc_blk
.len
% CI_BLK_SIZE
) == 0)
305 cipher_len
= hevc_blk
.len
;
307 else if ((hevc_blk
.len
% CI_BLK_SIZE
) > 0)
309 cipher_len
= CI_BLK_ALIGN(hevc_blk
.len
)-CI_BLK_SIZE
;
310 if (cipher_len
== 0 ){
311 SMSG(TRUE
,"[%s] less than one ci_blk, no need to do dop",MOD
);
316 masp_hal_sp_hacc_dec((unsigned char*)(&hevc_blk
.buf
),cipher_len
,TRUE
,HACC_USER4
,FALSE
);
318 ret
= osal_copy_to_user((void __user
*)arg
, (void *)(&hevc_blk
), sizeof(HEVC_BLK
));
321 /* ---------------------------------- */
322 /* check if secure usbdl is enbaled */
323 /* ---------------------------------- */
324 case SEC_USBDL_IS_ENABLED
:
325 SMSG(bMsg
,"[%s] CMD - SEC_USBDL_IS_ENABLED\n",MOD
);
326 ret
= sec_usbdl_enabled();
327 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&ret
, sizeof(int));
330 /* ---------------------------------- */
331 /* configure HACC HW (include SW KEY) */
332 /* ---------------------------------- */
333 case SEC_HACC_CONFIG
:
334 SMSG(bMsg
,"[%s] CMD - SEC_HACC_CONFIG\n",MOD
);
335 ret
= sec_boot_hacc_init();
336 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&ret
, sizeof(int));
339 /* ---------------------------------- */
340 /* enable HACC HW clock */
341 /* ---------------------------------- */
342 case SEC_HACC_ENABLE_CLK
:
343 SMSG(bMsg
,"[%s] CMD - SEC_HACC_ENABLE_CLK\n",MOD
);
344 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&ret
, sizeof(int));
347 /* ---------------------------------- */
348 /* lock hacc function */
349 /* ---------------------------------- */
352 SMSG(bMsg
,"[%s] CMD - SEC_HACC_LOCK\n",MOD
);
353 SMSG(bMsg
,"[%s] lock\n",MOD
);
355 /* If the semaphore is successfully acquired, this function returns 0.*/
356 ret
= osal_hacc_lock();
360 SMSG(true,"[%s] ERESTARTSYS\n",MOD
);
366 /* ---------------------------------- */
367 /* unlock hacc function */
368 /* ---------------------------------- */
369 case SEC_HACC_UNLOCK
:
371 SMSG(bMsg
,"[%s] CMD - SEC_HACC_UNLOCK\n",MOD
);
372 SMSG(bMsg
,"[%s] unlock\n",MOD
);
378 /* ---------------------------------- */
379 /* check if secure boot check enabled */
380 /* ---------------------------------- */
381 case SEC_BOOT_PART_CHECK_ENABLE
:
382 SMSG(bMsg
,"[%s] CMD -SEC_BOOT_PART_CHECK_ENABLE\n",MOD
);
383 if(copy_from_user((void *)part_name
, (void __user
*)arg
, sizeof(part_name
)))
387 ret
= sec_boot_check_part_enabled (part_name
);
388 SMSG(bMsg
,"[%s] result '0x%x'\n",MOD
,ret
);
391 /* ---------------------------------- */
392 /* notify mark incomplete */
393 /* ---------------------------------- */
394 case SEC_BOOT_NOTIFY_MARK_STATUS
:
395 SMSG(true,"[%s] mark status\n",MOD
);
396 /* may do some post process here ... */
399 /* ---------------------------------- */
400 /* notify check pass */
401 /* ---------------------------------- */
402 case SEC_BOOT_NOTIFY_PASS
:
403 SMSG(true,"[%s] sbchk pass\n",MOD
);
404 SMSG(true,"[%s] sbchk pass\n",MOD
);
405 SMSG(true,"[%s] sbchk pass\n",MOD
);
406 SMSG(true,"[%s] sbchk pass\n",MOD
);
407 SMSG(true,"[%s] sbchk pass\n",MOD
);
408 /* may do some post process here ... */
411 /* ---------------------------------- */
412 /* notify check fail */
413 /* ---------------------------------- */
414 case SEC_BOOT_NOTIFY_FAIL
:
415 if(osal_copy_from_user((void *)part_name
, (void __user
*)arg
, sizeof(part_name
)))
420 SMSG(true,"[%s] sbchk fail '%s'\n",MOD
,part_name
);
421 SMSG(true,"[%s] sbchk fail '%s'\n",MOD
,part_name
);
422 SMSG(true,"[%s] sbchk fail '%s'\n",MOD
,part_name
);
423 SMSG(true,"[%s] sbchk fail '%s'\n",MOD
,part_name
);
424 SMSG(true,"[%s] sbchk fail '%s'\n",MOD
,part_name
);
430 /* ---------------------------------- */
431 /* notify recovery mode done */
432 /* ---------------------------------- */
433 case SEC_BOOT_NOTIFY_RMSDUP_DONE
:
434 SMSG(true,"[%s] recovery mode done\n",MOD
);
435 /* may do some post process here ... */
438 /* ---------------------------------- */
440 /* ---------------------------------- */
441 case SEC_READ_ROM_INFO
:
442 SMSG(bMsg
,"[%s] read rom info\n",MOD
);
443 ret
= osal_copy_to_user((void __user
*)arg
, (void *)&rom_info
, sizeof(AND_ROMINFO_T
));
447 /* ---------------------------------- */
448 /* notify check status */
449 /* ---------------------------------- */
450 case SEC_BOOT_NOTIFY_STATUS
:
451 ret
= osal_copy_from_user((void *)&status
, (void __user
*)arg
, sizeof(int));
452 SMSG(true,"[%s] sbchk status : '0x%x' \n",MOD
,status
);
459 /**************************************************************************
461 **************************************************************************/
462 void sec_core_init (void)
464 SMSG(true,"[%s] version '%s%s', enter.\n",MOD
,BUILD_TIME
,BUILD_BRANCH
);
466 /* ---------------------------------- */
467 /* disable key init in kerne module */
468 /* ---------------------------------- */
469 sec_info
.bKeyInitDis
= TRUE
;
472 /**************************************************************************
474 **************************************************************************/
475 void sec_core_exit (void)
477 SMSG(true,"[%s] version '%s%s', exit.\n",MOD
,BUILD_TIME
,BUILD_BRANCH
);