| Gilad Ben-Yossef | 033327a | 2019-05-15 09:24:04 +0300 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <assert.h> |
| 8 | #include <stddef.h> |
| 9 | #include <string.h> |
| 10 | |
| 11 | #include <plat/common/platform.h> |
| 12 | #include <tools_share/tbbr_oid.h> |
| 13 | |
| 14 | #include <lib/libc/endian.h> |
| 15 | #include <drivers/arm/cryptocell/713/bsv_api.h> |
| 16 | #include <drivers/arm/cryptocell/713/bsv_error.h> |
| 17 | |
| 18 | /* |
| 19 | * Return the ROTPK hash |
| 20 | * |
| 21 | * Return: 0 = success, Otherwise = error |
| 22 | */ |
| 23 | int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags) |
| 24 | { |
| 25 | CCError_t error; |
| 26 | uint32_t lcs; |
| 27 | int i; |
| 28 | uint32_t *key = (uint32_t *)dst; |
| 29 | |
| 30 | assert(dst != NULL); |
| 31 | assert(len >= HASH_RESULT_SIZE_IN_WORDS); |
| 32 | assert(flags != NULL); |
| 33 | |
| 34 | error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs); |
| 35 | if (error != CC_OK) |
| 36 | return 1; |
| 37 | |
| 38 | if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) { |
| 39 | *flags = ROTPK_NOT_DEPLOYED; |
| 40 | return 0; |
| 41 | } |
| 42 | |
| 43 | error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE, |
| 44 | CC_SB_HASH_BOOT_KEY_256B, |
| 45 | key, HASH_RESULT_SIZE_IN_WORDS); |
| 46 | |
| 47 | if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) { |
| 48 | *flags = ROTPK_NOT_DEPLOYED; |
| 49 | return 0; |
| 50 | } |
| 51 | |
| 52 | if (error == CC_OK) { |
| 53 | |
| 54 | /* Keys are stored in OTP in little-endian format */ |
| 55 | for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++) |
| 56 | key[i] = le32toh(key[i]); |
| 57 | |
| 58 | *flags = ROTPK_IS_HASH; |
| 59 | return 0; |
| 60 | } |
| 61 | |
| 62 | return 1; |
| 63 | } |
| 64 | |
| 65 | /* |
| 66 | * Return the non-volatile counter value stored in the platform. The cookie |
| 67 | * specifies the OID of the counter in the certificate. |
| 68 | * |
| 69 | * Return: 0 = success, Otherwise = error |
| 70 | */ |
| 71 | int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) |
| 72 | { |
| 73 | CCError_t error = CC_FAIL; |
| 74 | |
| 75 | if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { |
| 76 | error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE, |
| 77 | CC_SW_VERSION_TRUSTED, nv_ctr); |
| 78 | } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { |
| 79 | error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE, |
| 80 | CC_SW_VERSION_NON_TRUSTED, nv_ctr); |
| 81 | } |
| 82 | |
| 83 | return (error != CC_OK); |
| 84 | } |
| 85 | |
| 86 | /* |
| 87 | * Store a new non-volatile counter value in the counter specified by the OID |
| 88 | * in the cookie. This function is not expected to be called if the Lifecycle |
| 89 | * state is RMA as the values in the certificate are expected to always match |
| 90 | * the nvcounter values. But if called when the LCS is RMA, the underlying |
| 91 | * helper functions will return success but without updating the counter. |
| 92 | * |
| 93 | * Return: 0 = success, Otherwise = error |
| 94 | */ |
| 95 | int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) |
| 96 | { |
| 97 | CCError_t error = CC_FAIL; |
| 98 | |
| 99 | if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { |
| 100 | error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE, |
| 101 | CC_SW_VERSION_TRUSTED, nv_ctr); |
| 102 | } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { |
| 103 | error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE, |
| 104 | CC_SW_VERSION_NON_TRUSTED, nv_ctr); |
| 105 | } |
| 106 | |
| 107 | return (error != CC_OK); |
| 108 | } |
| 109 | |