From 890c72382fd14b8271facc6ba771b9ec410108b9 Mon Sep 17 00:00:00 2001 From: "Andrew F. Davis" Date: Thu, 20 Apr 2017 11:33:33 -0500 Subject: [PATCH 1/3] plat-ti: Rename platform context to platform boot arguments Currently the non-secure context is passed in from our initial secure software as part of the OP-TEE load process. This passed-in data will not only contain the non-secure context but also any additional data we may need to give to OP-TEE. Rename these structures and group the context data into a struct for future expansion. Signed-off-by: Andrew F. Davis Reviewed-by: Jens Wiklander Reviewed-by: Jerome Forissier --- core/arch/arm/plat-ti/main.c | 44 ++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/core/arch/arm/plat-ti/main.c b/core/arch/arm/plat-ti/main.c index af45787118f..d8c385fed08 100644 --- a/core/arch/arm/plat-ti/main.c +++ b/core/arch/arm/plat-ti/main.c @@ -125,38 +125,42 @@ struct plat_nsec_ctx { uint32_t mon_spsr; }; +struct plat_boot_args { + struct plat_nsec_ctx nsec_ctx; +}; + void init_sec_mon(unsigned long nsec_entry) { - struct plat_nsec_ctx *plat_ctx; + struct plat_boot_args *plat_boot_args; struct sm_nsec_ctx *nsec_ctx; - plat_ctx = phys_to_virt(nsec_entry, MEM_AREA_IO_SEC); - if (!plat_ctx) + plat_boot_args = phys_to_virt(nsec_entry, MEM_AREA_IO_SEC); + if (!plat_boot_args) panic(); /* Invalidate cache to fetch data from external memory */ cache_op_inner(DCACHE_AREA_INVALIDATE, - plat_ctx, sizeof(*plat_ctx)); + plat_boot_args, sizeof(*plat_boot_args)); /* Initialize secure monitor */ nsec_ctx = sm_get_nsec_ctx(); - nsec_ctx->mode_regs.usr_sp = plat_ctx->usr_sp; - nsec_ctx->mode_regs.usr_lr = plat_ctx->usr_lr; - nsec_ctx->mode_regs.irq_spsr = plat_ctx->irq_spsr; - nsec_ctx->mode_regs.irq_sp = plat_ctx->irq_sp; - nsec_ctx->mode_regs.irq_lr = plat_ctx->irq_lr; - nsec_ctx->mode_regs.svc_spsr = plat_ctx->svc_spsr; - nsec_ctx->mode_regs.svc_sp = plat_ctx->svc_sp; - nsec_ctx->mode_regs.svc_lr = plat_ctx->svc_lr; - nsec_ctx->mode_regs.abt_spsr = plat_ctx->abt_spsr; - nsec_ctx->mode_regs.abt_sp = plat_ctx->abt_sp; - nsec_ctx->mode_regs.abt_lr = plat_ctx->abt_lr; - nsec_ctx->mode_regs.und_spsr = plat_ctx->und_spsr; - nsec_ctx->mode_regs.und_sp = plat_ctx->und_sp; - nsec_ctx->mode_regs.und_lr = plat_ctx->und_lr; - nsec_ctx->mon_lr = plat_ctx->mon_lr; - nsec_ctx->mon_spsr = plat_ctx->mon_spsr; + nsec_ctx->mode_regs.usr_sp = plat_boot_args->nsec_ctx.usr_sp; + nsec_ctx->mode_regs.usr_lr = plat_boot_args->nsec_ctx.usr_lr; + nsec_ctx->mode_regs.irq_spsr = plat_boot_args->nsec_ctx.irq_spsr; + nsec_ctx->mode_regs.irq_sp = plat_boot_args->nsec_ctx.irq_sp; + nsec_ctx->mode_regs.irq_lr = plat_boot_args->nsec_ctx.irq_lr; + nsec_ctx->mode_regs.svc_spsr = plat_boot_args->nsec_ctx.svc_spsr; + nsec_ctx->mode_regs.svc_sp = plat_boot_args->nsec_ctx.svc_sp; + nsec_ctx->mode_regs.svc_lr = plat_boot_args->nsec_ctx.svc_lr; + nsec_ctx->mode_regs.abt_spsr = plat_boot_args->nsec_ctx.abt_spsr; + nsec_ctx->mode_regs.abt_sp = plat_boot_args->nsec_ctx.abt_sp; + nsec_ctx->mode_regs.abt_lr = plat_boot_args->nsec_ctx.abt_lr; + nsec_ctx->mode_regs.und_spsr = plat_boot_args->nsec_ctx.und_spsr; + nsec_ctx->mode_regs.und_sp = plat_boot_args->nsec_ctx.und_sp; + nsec_ctx->mode_regs.und_lr = plat_boot_args->nsec_ctx.und_lr; + nsec_ctx->mon_lr = plat_boot_args->nsec_ctx.mon_lr; + nsec_ctx->mon_spsr = plat_boot_args->nsec_ctx.mon_spsr; } void console_init(void) From 2eae8d86734f9bf588e5a7eae4d5cfb774fc777d Mon Sep 17 00:00:00 2001 From: "Andrew F. Davis" Date: Thu, 20 Apr 2017 11:40:09 -0500 Subject: [PATCH 2/3] plat-ti: Read and store HUK sent by initial secure software Some TI platforms pass the HUK to OP-TEE via a secure memory stack. Read and store this key for later use. On platforms without CFG_OTP_SUPPORT this key is ignored. Signed-off-by: Andrew F. Davis Reviewed-by: Jens Wiklander Reviewed-by: Jerome Forissier --- core/arch/arm/plat-ti/main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/arch/arm/plat-ti/main.c b/core/arch/arm/plat-ti/main.c index d8c385fed08..54722f64c17 100644 --- a/core/arch/arm/plat-ti/main.c +++ b/core/arch/arm/plat-ti/main.c @@ -47,8 +47,11 @@ #include #include +#define PLAT_HW_UNIQUE_KEY_LENGTH 32 + static struct gic_data gic_data; static struct serial8250_uart_data console_data __early_bss; +static uint8_t plat_huk[PLAT_HW_UNIQUE_KEY_LENGTH]; register_phys_mem(MEM_AREA_IO_SEC, SECRAM_BASE, SECRAM_SIZE); register_phys_mem(MEM_AREA_IO_SEC, GICC_BASE, GICC_SIZE); @@ -127,6 +130,7 @@ struct plat_nsec_ctx { struct plat_boot_args { struct plat_nsec_ctx nsec_ctx; + uint8_t huk[PLAT_HW_UNIQUE_KEY_LENGTH]; }; void init_sec_mon(unsigned long nsec_entry) @@ -161,6 +165,8 @@ void init_sec_mon(unsigned long nsec_entry) nsec_ctx->mode_regs.und_lr = plat_boot_args->nsec_ctx.und_lr; nsec_ctx->mon_lr = plat_boot_args->nsec_ctx.mon_lr; nsec_ctx->mon_spsr = plat_boot_args->nsec_ctx.mon_spsr; + + memcpy(plat_huk, plat_boot_args->huk, sizeof(plat_boot_args->huk)); } void console_init(void) From fd7ea04cc7e308cb07d41d188e5fedc8dbcf8129 Mon Sep 17 00:00:00 2001 From: "Andrew F. Davis" Date: Thu, 20 Apr 2017 12:09:50 -0500 Subject: [PATCH 3/3] plat-ti: Add support for using HUK on DRA7xx/AM57xx On DRA7xx/AM57xx the initial secure software will pass OP-TEE a Hardware Unique Key (HUK), use this key when requested. Signed-off-by: Andrew F. Davis Reviewed-by: Jens Wiklander Reviewed-by: Jerome Forissier --- core/arch/arm/plat-ti/conf.mk | 1 + core/arch/arm/plat-ti/main.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/core/arch/arm/plat-ti/conf.mk b/core/arch/arm/plat-ti/conf.mk index 1d704a232ad..3de900bac4d 100644 --- a/core/arch/arm/plat-ti/conf.mk +++ b/core/arch/arm/plat-ti/conf.mk @@ -15,6 +15,7 @@ $(call force,CFG_PL310_LOCKED,y) $(call force,CFG_SECURE_TIME_SOURCE_REE,y) arm32-platform-cpuarch := cortex-a9 else +CFG_OTP_SUPPORT ?= y $(call force,CFG_HWSUPP_MEM_PERM_PXN,y) $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) arm32-platform-cpuarch := cortex-a15 diff --git a/core/arch/arm/plat-ti/main.c b/core/arch/arm/plat-ti/main.c index 54722f64c17..6e522996d1b 100644 --- a/core/arch/arm/plat-ti/main.c +++ b/core/arch/arm/plat-ti/main.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include @@ -175,3 +176,12 @@ void console_init(void) CONSOLE_UART_CLK_IN_HZ, CONSOLE_BAUDRATE); register_serial_console(&console_data.chip); } + +#if defined(CFG_OTP_SUPPORT) + +void tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey) +{ + memcpy(&hwkey->data[0], &plat_huk[0], sizeof(hwkey->data)); +} + +#endif