From 79d5983b61e41d5c586489b03e75a75961d31041 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 20 Jan 2021 20:10:52 -0700 Subject: log: Set up a flag byte for log records At present only a single flag (force_debug) is used in log records. Before adding more, convert this into a bitfield, so more can be added without using more space. To avoid expanding the log_record struct itself (which some drivers may wish to store in memory) reduce the line-number field to 16 bits. This provides for up to 64K lines which should be enough for anyone. Signed-off-by: Simon Glass --- common/log.c | 9 ++++++--- include/log.h | 14 ++++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/common/log.c b/common/log.c index 6b0034c3ba2..f87e33a9ca1 100644 --- a/common/log.c +++ b/common/log.c @@ -153,7 +153,7 @@ static bool log_passes_filters(struct log_device *ldev, struct log_rec *rec) { struct log_filter *filt; - if (rec->force_debug) + if (rec->flags & LOGRECF_FORCE_DEBUG) return true; /* If there are no filters, filter on the default log level */ @@ -245,7 +245,9 @@ int _log(enum log_category_t cat, enum log_level_t level, const char *file, rec.cat = cat; rec.level = level & LOGL_LEVEL_MASK; - rec.force_debug = level & LOGL_FORCE_DEBUG; + rec.flags = 0; + if (level & LOGL_FORCE_DEBUG) + rec.flags |= LOGRECF_FORCE_DEBUG; rec.file = file; rec.line = line; rec.func = func; @@ -255,7 +257,8 @@ int _log(enum log_category_t cat, enum log_level_t level, const char *file, gd->log_drop_count++; /* display dropped traces with console puts and DEBUG_UART */ - if (rec.level <= CONFIG_LOG_DEFAULT_LEVEL || rec.force_debug) { + if (rec.level <= CONFIG_LOG_DEFAULT_LEVEL || + rec.flags & LOGRECF_FORCE_DEBUG) { char buf[CONFIG_SYS_CBSIZE]; va_start(args, fmt); diff --git a/include/log.h b/include/log.h index 2d27f9f657e..da053b0a6e8 100644 --- a/include/log.h +++ b/include/log.h @@ -322,6 +322,12 @@ void __assert_fail(const char *assertion, const char *file, unsigned int line, #define log_msg_ret(_msg, _ret) ((void)(_msg), _ret) #endif +/** * enum log_rec_flags - Flags for a log record */ +enum log_rec_flags { + /** @LOGRECF_FORCE_DEBUG: Force output of debug record */ + LOGRECF_FORCE_DEBUG = BIT(0), +}; + /** * struct log_rec - a single log record * @@ -337,18 +343,18 @@ void __assert_fail(const char *assertion, const char *file, unsigned int line, * * @cat: Category, representing a uclass or part of U-Boot * @level: Severity level, less severe is higher - * @force_debug: Force output of debug - * @file: Name of file where the log record was generated (not allocated) * @line: Line number where the log record was generated + * @flags: Flags for log record (enum log_rec_flags) + * @file: Name of file where the log record was generated (not allocated) * @func: Function where the log record was generated (not allocated) * @msg: Log message (allocated) */ struct log_rec { enum log_category_t cat; enum log_level_t level; - bool force_debug; + u16 line; + u8 flags; const char *file; - int line; const char *func; const char *msg; }; -- cgit From 9ad7a6c25c7142a46fe4b811c13bc3280c4bb27f Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 20 Jan 2021 20:10:53 -0700 Subject: log: Handle line continuation When multiple log() calls are used which don't end in newline, the log prefix is prepended multiple times in the same line. This makes the output look strange. Fix this by detecting when the previous log record did not end in newline. In that case, setting a flag. Drop the unused BUFFSIZE in the test while we are here. As an example implementation, update log_console to check the flag and produce the expected output. Signed-off-by: Simon Glass --- common/log.c | 7 ++++++- common/log_console.c | 26 +++++++++++++++----------- doc/develop/logging.rst | 16 ++++++++++++++++ include/asm-generic/global_data.h | 6 ++++++ include/log.h | 2 ++ test/log/cont_test.c | 19 +++++++++++++++---- 6 files changed, 60 insertions(+), 16 deletions(-) diff --git a/common/log.c b/common/log.c index f87e33a9ca1..ea407c6db9e 100644 --- a/common/log.c +++ b/common/log.c @@ -218,8 +218,11 @@ static int log_dispatch(struct log_rec *rec, const char *fmt, va_list args) if ((ldev->flags & LOGDF_ENABLE) && log_passes_filters(ldev, rec)) { if (!rec->msg) { - vsnprintf(buf, sizeof(buf), fmt, args); + int len; + + len = vsnprintf(buf, sizeof(buf), fmt, args); rec->msg = buf; + gd->log_cont = len && buf[len - 1] != '\n'; } ldev->drv->emit(ldev, rec); } @@ -248,6 +251,8 @@ int _log(enum log_category_t cat, enum log_level_t level, const char *file, rec.flags = 0; if (level & LOGL_FORCE_DEBUG) rec.flags |= LOGRECF_FORCE_DEBUG; + if (gd->log_cont) + rec.flags |= LOGRECF_CONT; rec.file = file; rec.line = line; rec.func = func; diff --git a/common/log_console.c b/common/log_console.c index 6abb13c93b8..3f6177499ef 100644 --- a/common/log_console.c +++ b/common/log_console.c @@ -15,6 +15,7 @@ DECLARE_GLOBAL_DATA_PTR; static int log_console_emit(struct log_device *ldev, struct log_rec *rec) { int fmt = gd->log_fmt; + bool add_space = false; /* * The output format is designed to give someone a fighting chance of @@ -26,18 +27,21 @@ static int log_console_emit(struct log_device *ldev, struct log_rec *rec) * - function is an identifier and ends with () * - message has a space before it unless it is on its own */ - if (fmt & BIT(LOGF_LEVEL)) - printf("%s.", log_get_level_name(rec->level)); - if (fmt & BIT(LOGF_CAT)) - printf("%s,", log_get_cat_name(rec->cat)); - if (fmt & BIT(LOGF_FILE)) - printf("%s:", rec->file); - if (fmt & BIT(LOGF_LINE)) - printf("%d-", rec->line); - if (fmt & BIT(LOGF_FUNC)) - printf("%s()", rec->func); + if (!(rec->flags & LOGRECF_CONT) && fmt != BIT(LOGF_MSG)) { + add_space = true; + if (fmt & BIT(LOGF_LEVEL)) + printf("%s.", log_get_level_name(rec->level)); + if (fmt & BIT(LOGF_CAT)) + printf("%s,", log_get_cat_name(rec->cat)); + if (fmt & BIT(LOGF_FILE)) + printf("%s:", rec->file); + if (fmt & BIT(LOGF_LINE)) + printf("%d-", rec->line); + if (fmt & BIT(LOGF_FUNC)) + printf("%s()", rec->func); + } if (fmt & BIT(LOGF_MSG)) - printf("%s%s", fmt != BIT(LOGF_MSG) ? " " : "", rec->msg); + printf("%s%s", add_space ? " " : "", rec->msg); return 0; } diff --git a/doc/develop/logging.rst b/doc/develop/logging.rst index 60c18c5b3a8..622ad6ad1af 100644 --- a/doc/develop/logging.rst +++ b/doc/develop/logging.rst @@ -96,6 +96,22 @@ Also debug() and error() will generate log records - these use LOG_CATEGORY as the category, so you should #define this right at the top of the source file to ensure the category is correct. +Generally each log format_string ends with a newline. If it does not, then the +next log statement will have the LOGRECF_CONT flag set. This can be used to +continue the statement on the same line as the previous one without emitting +new header information (such as category/level). This behaviour is implemented +with log_console. Here is an example that prints a list all on one line with +the tags at the start: + +.. code-block:: c + + log_debug("Here is a list:"); + for (i = 0; i < count; i++) + log_debug(" item %d", i); + log_debug("\n"); + +Also see the special category LOGL_CONT and level LOGC_CONT. + You can also define CONFIG_LOG_ERROR_RETURN to enable the log_ret() macro. This can be used whenever your function returns an error value: diff --git a/include/asm-generic/global_data.h b/include/asm-generic/global_data.h index b6a9991fc9a..c24f5e0e973 100644 --- a/include/asm-generic/global_data.h +++ b/include/asm-generic/global_data.h @@ -410,6 +410,12 @@ struct global_data { * This value is used as logging level for continuation messages. */ int logl_prev; + /** + * @log_cont: Previous log line did not finished wtih \n + * + * This allows for chained log messages on the same line + */ + bool log_cont; #endif #if CONFIG_IS_ENABLED(BLOBLIST) /** diff --git a/include/log.h b/include/log.h index da053b0a6e8..c0453d2f97c 100644 --- a/include/log.h +++ b/include/log.h @@ -326,6 +326,8 @@ void __assert_fail(const char *assertion, const char *file, unsigned int line, enum log_rec_flags { /** @LOGRECF_FORCE_DEBUG: Force output of debug record */ LOGRECF_FORCE_DEBUG = BIT(0), + /** @LOGRECF_CONT: Continuation of previous log record */ + LOGRECF_CONT = BIT(1), }; /** diff --git a/test/log/cont_test.c b/test/log/cont_test.c index 16379a74be6..de7b7f064cd 100644 --- a/test/log/cont_test.c +++ b/test/log/cont_test.c @@ -15,8 +15,6 @@ DECLARE_GLOBAL_DATA_PTR; -#define BUFFSIZE 64 - static int log_test_cont(struct unit_test_state *uts) { int log_fmt; @@ -29,12 +27,13 @@ static int log_test_cont(struct unit_test_state *uts) gd->log_fmt = (1 << LOGF_CAT) | (1 << LOGF_LEVEL) | (1 << LOGF_MSG); gd->default_log_level = LOGL_INFO; console_record_reset_enable(); - log(LOGC_ARCH, LOGL_ERR, "ea%d ", 1); + log(LOGC_ARCH, LOGL_ERR, "ea%d\n", 1); log(LOGC_CONT, LOGL_CONT, "cc%d\n", 2); gd->default_log_level = log_level; gd->log_fmt = log_fmt; gd->flags &= ~GD_FLG_RECORD; - ut_assertok(ut_check_console_line(uts, "ERR.arch, ea1 ERR.arch, cc2")); + ut_assertok(ut_check_console_line(uts, "ERR.arch, ea1")); + ut_assertok(ut_check_console_line(uts, "ERR.arch, cc2")); ut_assertok(ut_check_console_end(uts)); /* Write a third message which is not a continuation */ @@ -48,6 +47,18 @@ static int log_test_cont(struct unit_test_state *uts) ut_assertok(ut_check_console_line(uts, "INFO.efi, ie3")); ut_assertok(ut_check_console_end(uts)); + /* Write two messages without a newline between them */ + gd->log_fmt = (1 << LOGF_CAT) | (1 << LOGF_LEVEL) | (1 << LOGF_MSG); + gd->default_log_level = LOGL_INFO; + console_record_reset_enable(); + log(LOGC_ARCH, LOGL_ERR, "ea%d ", 1); + log(LOGC_CONT, LOGL_CONT, "cc%d\n", 2); + gd->default_log_level = log_level; + gd->log_fmt = log_fmt; + gd->flags &= ~GD_FLG_RECORD; + ut_assertok(ut_check_console_line(uts, "ERR.arch, ea1 cc2")); + ut_assertok(ut_check_console_end(uts)); + return 0; } LOG_TEST(log_test_cont); -- cgit From 7bd06587decafabb56f68de3ae87adb4c49ca8db Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 20 Jan 2021 20:10:54 -0700 Subject: log: Add return-checking macros for 0 being success The existing log_ret() and log_msg_ret() macros consider an error to be less than zero. But some function may return a positive number to indicate a different kind of failure. Add macros to check for that also. Signed-off-by: Simon Glass --- doc/develop/logging.rst | 15 ++++++++++++++- include/log.h | 20 ++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/doc/develop/logging.rst b/doc/develop/logging.rst index 622ad6ad1af..f4e925048e8 100644 --- a/doc/develop/logging.rst +++ b/doc/develop/logging.rst @@ -117,11 +117,24 @@ can be used whenever your function returns an error value: .. code-block:: c - return log_ret(uclass_first_device(UCLASS_MMC, &dev)); + return log_ret(uclass_first_device_err(UCLASS_MMC, &dev)); This will write a log record when an error code is detected (a value < 0). This can make it easier to trace errors that are generated deep in the call stack. +The log_msg_ret() variant will print a short string if CONFIG_LOG_ERROR_RETURN +is enabled. So long as the string is unique within the function you can normally +determine exactly which call failed: + +.. code-block:: c + + ret = gpio_request_by_name(dev, "cd-gpios", 0, &desc, GPIOD_IS_IN); + if (ret) + return log_msg_ret("gpio", ret); + +Some functions return 0 for success and any other value is an error. For these, +log_retz() and log_msg_retz() are available. + Convenience functions ~~~~~~~~~~~~~~~~~~~~~ diff --git a/include/log.h b/include/log.h index c0453d2f97c..6ef891d4d2d 100644 --- a/include/log.h +++ b/include/log.h @@ -316,10 +316,30 @@ void __assert_fail(const char *assertion, const char *file, unsigned int line, __ret); \ __ret; \ }) + +/* + * Similar to the above, but any non-zero value is consider an error, not just + * values less than 0. + */ +#define log_retz(_ret) ({ \ + int __ret = (_ret); \ + if (__ret) \ + log(LOG_CATEGORY, LOGL_ERR, "returning err=%d\n", __ret); \ + __ret; \ + }) +#define log_msg_retz(_msg, _ret) ({ \ + int __ret = (_ret); \ + if (__ret) \ + log(LOG_CATEGORY, LOGL_ERR, "%s: returning err=%d\n", _msg, \ + __ret); \ + __ret; \ + }) #else /* Non-logging versions of the above which just return the error code */ #define log_ret(_ret) (_ret) #define log_msg_ret(_msg, _ret) ((void)(_msg), _ret) +#define log_retz(_ret) (_ret) +#define log_msg_retz(_msg, _ret) ((void)(_msg), _ret) #endif /** * enum log_rec_flags - Flags for a log record */ -- cgit From 9586a481731c67997a09162dd41579dbc8c35db6 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 20 Jan 2021 20:10:56 -0700 Subject: tpm: Don't select LOG We don't need to enable logging to run this command since the output will still appear. Drop the 'select'. Signed-off-by: Simon Glass --- cmd/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/Kconfig b/cmd/Kconfig index 4defbd9cf9c..400133f8de9 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2027,7 +2027,6 @@ config CMD_TPM_V1 config CMD_TPM_V2 bool - select CMD_LOG config CMD_TPM bool "Enable the 'tpm' command" -- cgit From e7c920a22800ade845a656f7925c1977e69e95b1 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 7 Feb 2021 14:27:04 -0700 Subject: tpm: Correct warning on 32-bit build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix the warning: drivers/tpm/tpm2_tis_sandbox.c: In function ‘sandbox_tpm2_xfer’: drivers/tpm/tpm2_tis_sandbox.c:288:48: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=] printf("TPM2: Unmatching length, received: %ld, expected: %d\n", ~~^ %d send_size, length); ~~~~~~~~~ Signed-off-by: Simon Glass Reviewed-by: Heinrich Schuchardt --- drivers/tpm/tpm2_tis_sandbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index c74bacfd719..24c804a5645 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -285,7 +285,7 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, length = get_unaligned_be32(sent); sent += sizeof(length); if (length != send_size) { - printf("TPM2: Unmatching length, received: %ld, expected: %d\n", + printf("TPM2: Unmatching length, received: %zd, expected: %d\n", send_size, length); rc = TPM2_RC_SIZE; sandbox_tpm2_fill_buf(recv, recv_len, tag, rc); -- cgit From 634f5ad3aeb7d188d2529c88f31f7902ed3c17cd Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 7 Feb 2021 14:27:05 -0700 Subject: test: acpi: Fix warnings on 32-bit build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some format strings use the wrong type. Fix them. Example warnings: In file included from test/dm/acpi.c:22: test/dm/acpi.c: In function ‘dm_test_acpi_cmd_list’: test/dm/acpi.c:362:21: warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘unsigned int’ [-Wformat=] ut_assert_nextline("RSDP %08lx %06lx (v02 U-BOOT)", addr, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(struct acpi_rsdp)); ~~~~~~~~~~~~~~~~~~~~~~~~ include/test/ut.h:282:33: note: in definition of macro ‘ut_assert_nextline’ if (ut_check_console_line(uts, fmt, ##args)) { \ ^~~ Signed-off-by: Simon Glass --- test/dm/acpi.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/dm/acpi.c b/test/dm/acpi.c index 240187c5235..2edab7be544 100644 --- a/test/dm/acpi.c +++ b/test/dm/acpi.c @@ -360,24 +360,24 @@ static int dm_test_acpi_cmd_list(struct unit_test_state *uts) run_command("acpi list", 0); addr = (ulong)map_to_sysmem(buf); ut_assert_nextline("ACPI tables start at %lx", addr); - ut_assert_nextline("RSDP %08lx %06lx (v02 U-BOOT)", addr, + ut_assert_nextline("RSDP %08lx %06zx (v02 U-BOOT)", addr, sizeof(struct acpi_rsdp)); addr = ALIGN(addr + sizeof(struct acpi_rsdp), 16); - ut_assert_nextline("RSDT %08lx %06lx (v01 U-BOOT U-BOOTBL %x INTL 0)", + ut_assert_nextline("RSDT %08lx %06zx (v01 U-BOOT U-BOOTBL %x INTL 0)", addr, sizeof(struct acpi_table_header) + 3 * sizeof(u32), U_BOOT_BUILD_DATE); addr = ALIGN(addr + sizeof(struct acpi_rsdt), 16); - ut_assert_nextline("XSDT %08lx %06lx (v01 U-BOOT U-BOOTBL %x INTL 0)", + ut_assert_nextline("XSDT %08lx %06zx (v01 U-BOOT U-BOOTBL %x INTL 0)", addr, sizeof(struct acpi_table_header) + 3 * sizeof(u64), U_BOOT_BUILD_DATE); addr = ALIGN(addr + sizeof(struct acpi_xsdt), 64); - ut_assert_nextline("DMAR %08lx %06lx (v01 U-BOOT U-BOOTBL %x INTL 0)", + ut_assert_nextline("DMAR %08lx %06zx (v01 U-BOOT U-BOOTBL %x INTL 0)", addr, sizeof(struct acpi_dmar), U_BOOT_BUILD_DATE); addr = ALIGN(addr + sizeof(struct acpi_dmar), 16); - ut_assert_nextline("DMAR %08lx %06lx (v01 U-BOOT U-BOOTBL %x INTL 0)", + ut_assert_nextline("DMAR %08lx %06zx (v01 U-BOOT U-BOOTBL %x INTL 0)", addr, sizeof(struct acpi_dmar), U_BOOT_BUILD_DATE); addr = ALIGN(addr + sizeof(struct acpi_dmar), 16); - ut_assert_nextline("DMAR %08lx %06lx (v01 U-BOOT U-BOOTBL %x INTL 0)", + ut_assert_nextline("DMAR %08lx %06zx (v01 U-BOOT U-BOOTBL %x INTL 0)", addr, sizeof(struct acpi_dmar), U_BOOT_BUILD_DATE); ut_assert_console_end(); -- cgit From 2a8dc4c488bf7c67c7065eb5ab565ccf568cf725 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sun, 7 Feb 2021 14:27:07 -0700 Subject: doc: sandbox: Update instructions on quitting The 'reset' command now resets sandbox but does not quit it. Fix the instructions. Fixes: 329dccc0675 ("sandbox: implement reset") Signed-off-by: Simon Glass --- doc/arch/sandbox.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/arch/sandbox.rst b/doc/arch/sandbox.rst index 1638b050002..8b18a221172 100644 --- a/doc/arch/sandbox.rst +++ b/doc/arch/sandbox.rst @@ -82,7 +82,7 @@ console:: You can issue commands as your would normally. If the command you want is not supported you can add it to include/configs/sandbox.h. -To exit, type 'reset' or press Ctrl-C. +To exit, type 'poweroff' or press Ctrl-C. Console / LCD support -- cgit From 166363f2ed9e72ed3e2bf09d9317d6a5fdafcbea Mon Sep 17 00:00:00 2001 From: Jorge Ramirez-Ortiz Date: Sun, 14 Feb 2021 16:27:23 +0100 Subject: common: SCP03 control (enable and provision of keys) This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050). All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available. For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part. To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory). For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- common/Kconfig | 8 +++++++ common/Makefile | 1 + common/scp03.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ include/scp03.h | 21 ++++++++++++++++++ include/tee/optee_ta_scp03.h | 21 ++++++++++++++++++ 5 files changed, 104 insertions(+) create mode 100644 common/scp03.c create mode 100644 include/scp03.h create mode 100644 include/tee/optee_ta_scp03.h diff --git a/common/Kconfig b/common/Kconfig index 2bb3798f808..482f1235347 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -588,6 +588,14 @@ config AVB_BUF_SIZE endif # AVB_VERIFY +config SCP03 + bool "Build SCP03 - Secure Channel Protocol O3 - controls" + depends on OPTEE || SANDBOX + depends on TEE + help + This option allows U-Boot to enable and or provision SCP03 on an OPTEE + controlled Secured Element. + config SPL_HASH bool # "Support hashing API (SHA1, SHA256, etc.)" help diff --git a/common/Makefile b/common/Makefile index daeea67cf29..215b8b26fdc 100644 --- a/common/Makefile +++ b/common/Makefile @@ -137,3 +137,4 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_AVB_VERIFY) += avb_verify.o +obj-$(CONFIG_SCP03) += scp03.o diff --git a/common/scp03.c b/common/scp03.c new file mode 100644 index 00000000000..09ef7b5ba3d --- /dev/null +++ b/common/scp03.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include +#include +#include +#include + +static int scp03_enable(bool provision) +{ + const struct tee_optee_ta_uuid uuid = PTA_SCP03_UUID; + struct tee_open_session_arg session; + struct tee_invoke_arg invoke; + struct tee_param param; + struct udevice *tee = NULL; + + tee = tee_find_device(tee, NULL, NULL, NULL); + if (!tee) + return -ENODEV; + + memset(&session, 0, sizeof(session)); + tee_optee_ta_uuid_to_octets(session.uuid, &uuid); + if (tee_open_session(tee, &session, 0, NULL)) + return -ENXIO; + + memset(¶m, 0, sizeof(param)); + param.attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT; + param.u.value.a = provision; + + memset(&invoke, 0, sizeof(invoke)); + invoke.func = PTA_CMD_ENABLE_SCP03; + invoke.session = session.session; + + if (tee_invoke_func(tee, &invoke, 1, ¶m)) + return -EIO; + + tee_close_session(tee, session.session); + + return 0; +} + +int tee_enable_scp03(void) +{ + return scp03_enable(false); +} + +int tee_provision_scp03(void) +{ + return scp03_enable(true); +} diff --git a/include/scp03.h b/include/scp03.h new file mode 100644 index 00000000000..729667ccd1c --- /dev/null +++ b/include/scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#ifndef _SCP03_H +#define _SCP03_H + +/* + * Requests to OPTEE to enable or provision the Secure Channel Protocol on its + * Secure Element + * + * If key provisioning is requested, OPTEE shall generate new SCP03 keys and + * write them to the Secure Element. + * + * Both functions return < 0 on error else 0. + */ +int tee_enable_scp03(void); +int tee_provision_scp03(void); +#endif /* _SCP03_H */ diff --git a/include/tee/optee_ta_scp03.h b/include/tee/optee_ta_scp03.h new file mode 100644 index 00000000000..13f9956d983 --- /dev/null +++ b/include/tee/optee_ta_scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ +#ifndef __TA_SCP03_H +#define __TA_SCP03_H + +#define PTA_SCP03_UUID { 0xbe0e5821, 0xe718, 0x4f77, \ + { 0xab, 0x3e, 0x8e, 0x6c, 0x73, 0xa9, 0xc7, 0x35 } } + +/* + * Enable Secure Channel Protocol functionality (SCP03) on the Secure Element. + * Setting the operation value to something different than NULL will trigger + * the SCP03 provisioning request. + * + * in params[0].a = operation + */ +#define PTA_CMD_ENABLE_SCP03 0 + +#endif /*__TA_SCP03_H*/ -- cgit From 26839e5ddee369ea68acd8cbc8e24c7180c17e82 Mon Sep 17 00:00:00 2001 From: Jorge Ramirez-Ortiz Date: Sun, 14 Feb 2021 16:27:24 +0100 Subject: cmd: SCP03: enable and provision command Enable and provision the SCP03 keys on a TEE controlled secured elemt from the U-Boot shell. Executing this command will generate and program new SCP03 encryption keys on the secure element NVM. Depending on the TEE implementation, the keys would then be stored in some persistent storage or better derived from some platform secret (so they can't be lost). Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass Reviewed-by: Igor Opaniuk --- cmd/Kconfig | 8 ++++++++ cmd/Makefile | 3 +++ cmd/scp03.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 cmd/scp03.c diff --git a/cmd/Kconfig b/cmd/Kconfig index 400133f8de9..960080d6d40 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2022,6 +2022,14 @@ config HASH_VERIFY help Add -v option to verify data against a hash. +config CMD_SCP03 + bool "scp03 - SCP03 enable and rotate/provision operations" + depends on SCP03 + help + This command provides access to a Trusted Application + running in a TEE to request Secure Channel Protocol 03 + (SCP03) enablement and/or rotation of its SCP03 keys. + config CMD_TPM_V1 bool diff --git a/cmd/Makefile b/cmd/Makefile index 176bf925fdc..a7017e84524 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o # Android Verified Boot 2.0 obj-$(CONFIG_CMD_AVB) += avb.o +# Foundries.IO SCP03 +obj-$(CONFIG_CMD_SCP03) += scp03.o + obj-$(CONFIG_ARM) += arm/ obj-$(CONFIG_RISCV) += riscv/ obj-$(CONFIG_SANDBOX) += sandbox/ diff --git a/cmd/scp03.c b/cmd/scp03.c new file mode 100644 index 00000000000..655e0bba08b --- /dev/null +++ b/cmd/scp03.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include +#include +#include +#include + +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_enable_scp03()) { + printf("TEE failed to enable SCP03\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is enabled\n"); + + return CMD_RET_SUCCESS; +} + +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_provision_scp03()) { + printf("TEE failed to provision SCP03 keys\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is provisioned\n"); + + return CMD_RET_SUCCESS; +} + +static char text[] = + "provides a command to enable SCP03 and provision the SCP03 keys\n" + " enable - enable SCP03 on the TEE\n" + " provision - provision SCP03 on the TEE\n"; + +U_BOOT_CMD_WITH_SUBCMDS(scp03, "Secure Channel Protocol 03 control", text, + U_BOOT_SUBCMD_MKENT(enable, 1, 1, do_scp03_enable), + U_BOOT_SUBCMD_MKENT(provision, 1, 1, do_scp03_provision)); + -- cgit From 5a8783c80c395608148282906b0c322cd9554faf Mon Sep 17 00:00:00 2001 From: Jorge Ramirez-Ortiz Date: Sun, 14 Feb 2021 16:27:25 +0100 Subject: drivers: tee: sandbox: SCP03 control emulator Adds support for a working SCP03 emulation. Input parameters are validated however the commands (enable, provision) executed by the TEE are assumed to always succeed. Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- drivers/tee/optee/Kconfig | 6 ++++++ drivers/tee/sandbox.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index 65622f30b1e..d03028070b9 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -31,6 +31,12 @@ config OPTEE_TA_RPC_TEST permits to test reverse RPC calls to TEE supplicant. Should be used only in sandbox env. +config OPTEE_TA_SCP03 + bool "Support SCP03 TA" + default y + help + Enables support for controlling (enabling, provisioning) the + Secure Channel Protocol 03 operation in the OP-TEE SCP03 TA. endmenu endif diff --git a/drivers/tee/sandbox.c b/drivers/tee/sandbox.c index 3a1d34d6fc0..35e8542fa37 100644 --- a/drivers/tee/sandbox.c +++ b/drivers/tee/sandbox.c @@ -8,6 +8,7 @@ #include #include #include +#include #include "optee/optee_msg.h" #include "optee/optee_private.h" @@ -68,6 +69,7 @@ void *optee_alloc_and_init_page_list(void *buf, ulong len, return NULL; } +#if defined(CONFIG_OPTEE_TA_SCP03) || defined(CONFIG_OPTEE_TA_AVB) static u32 get_attr(uint n, uint num_params, struct tee_param *params) { if (n >= num_params) @@ -79,7 +81,7 @@ static u32 get_attr(uint n, uint num_params, struct tee_param *params) static u32 check_params(u8 p0, u8 p1, u8 p2, u8 p3, uint num_params, struct tee_param *params) { - u8 p[] = { p0, p1, p2, p3}; + u8 p[] = { p0, p1, p2, p3 }; uint n; for (n = 0; n < ARRAY_SIZE(p); n++) @@ -97,6 +99,50 @@ bad_params: return TEE_ERROR_BAD_PARAMETERS; } +#endif + +#ifdef CONFIG_OPTEE_TA_SCP03 +static u32 pta_scp03_open_session(struct udevice *dev, uint num_params, + struct tee_param *params) +{ + /* + * We don't expect additional parameters when opening a session to + * this TA. + */ + return check_params(TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); +} + +static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params, + struct tee_param *params) +{ + u32 res; + static bool enabled; + + switch (func) { + case PTA_CMD_ENABLE_SCP03: + res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); + if (res) + return res; + + if (!enabled) { + enabled = true; + } else { + } + + if (params[0].u.value.a) + + return TEE_SUCCESS; + default: + return TEE_ERROR_NOT_SUPPORTED; + } +} +#endif #ifdef CONFIG_OPTEE_TA_AVB static u32 ta_avb_open_session(struct udevice *dev, uint num_params, @@ -357,6 +403,12 @@ static const struct ta_entry ta_entries[] = { .invoke_func = ta_rpc_test_invoke_func, }, #endif +#ifdef CONFIG_OPTEE_TA_SCP03 + { .uuid = PTA_SCP03_UUID, + .open_session = pta_scp03_open_session, + .invoke_func = pta_scp03_invoke_func, + }, +#endif }; static void sandbox_tee_get_version(struct udevice *dev, -- cgit From ffd8483b3caf7b26b7b37642d3f33c1ef51545fa Mon Sep 17 00:00:00 2001 From: Jorge Ramirez-Ortiz Date: Sun, 14 Feb 2021 16:27:26 +0100 Subject: doc: describe the scp03 command The Secure Channel Protocol 03 command sends control requests (enable/provision) to the TEE implementing the protocol between the processor and the secure element. Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- doc/usage/index.rst | 1 + doc/usage/scp03.rst | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 doc/usage/scp03.rst diff --git a/doc/usage/index.rst b/doc/usage/index.rst index f7b706f9166..7fac2e4f275 100644 --- a/doc/usage/index.rst +++ b/doc/usage/index.rst @@ -33,3 +33,4 @@ Shell commands qfw sbi true + scp03 diff --git a/doc/usage/scp03.rst b/doc/usage/scp03.rst new file mode 100644 index 00000000000..7ff87ed85ac --- /dev/null +++ b/doc/usage/scp03.rst @@ -0,0 +1,33 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +scp03 command +============= + +Synopsis +-------- + +:: + + scp03 enable + scp03 provision + +Description +----------- + +The *scp03* command calls into a Trusted Application executing in a +Trusted Execution Environment to enable (if present) the Secure +Channel Protocol 03 stablished between the processor and the secure +element. + +This protocol encrypts all the communication between the processor and +the secure element using a set of pre-defined keys. These keys can be +rotated (provisioned) using the *provision* request. + +See also +-------- + +For some information on the internals implemented in the TEE, please +check the GlobalPlatform documentation on `Secure Channel Protocol '03'`_ + +.. _Secure Channel Protocol '03': + https://globalplatform.org/wp-content/uploads/2014/07/GPC_2.3_D_SCP03_v1.1.2_PublicRelease.pdf -- cgit From 7c591a841c1f089209285d6ff8d0e1bce5bb9618 Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Sun, 14 Feb 2021 16:27:27 +0100 Subject: sandbox: imply SCP03 and CMD_SCP03 Enable by default SCP_03/CMD_SCP03 for sandbox target. Signed-off-by: Igor Opaniuk Reviewed-by: Simon Glass --- arch/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index 27843cd79c4..70232239278 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -142,6 +142,8 @@ config SANDBOX imply AVB_VERIFY imply LIBAVB imply CMD_AVB + imply SCP03 + imply CMD_SCP03 imply UDP_FUNCTION_FASTBOOT imply VIRTIO_MMIO imply VIRTIO_PCI -- cgit From 7f047b4f5b4c86b53dbdd002322dcbf007f80623 Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Sun, 14 Feb 2021 16:27:28 +0100 Subject: test: py: add initial coverage for scp03 cmd Add initial test coverage for SCP03 command. Signed-off-by: Igor Opaniuk Reviewed-by: Simon Glass --- test/py/tests/test_scp03.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 test/py/tests/test_scp03.py diff --git a/test/py/tests/test_scp03.py b/test/py/tests/test_scp03.py new file mode 100644 index 00000000000..1f689252ddf --- /dev/null +++ b/test/py/tests/test_scp03.py @@ -0,0 +1,27 @@ +# Copyright (c) 2021 Foundries.io Ltd +# +# SPDX-License-Identifier: GPL-2.0+ +# +# SCP03 command test + +""" +This tests SCP03 command in U-boot. + +For additional details check doc/usage/scp03.rst +""" + +import pytest +import u_boot_utils as util + +@pytest.mark.buildconfigspec('cmd_scp03') +def test_scp03(u_boot_console): + """Enable and provision keys with SCP03 + """ + + success_str1 = "SCP03 is enabled" + success_str2 = "SCP03 is provisioned" + + response = u_boot_console.run_command('scp03 enable') + assert success_str1 in response + response = u_boot_console.run_command('scp03 provision') + assert success_str2 in response -- cgit