lib: optee_client: add oem unlock status func

Change-Id: If92c59650994bd2ab8e689f063acf1d65dc08e48 Signed-off-by: Qiu Jian <qiujian@rock-chips.com>
2018-03-28 16:12:55 +08:00 · 2018-03-28 16:12:55 +08:00 · 78ef5fbdb9
parent 9564380bdf
commit 78ef5fbdb9
2 changed files with 150 additions and 1 deletions
--- a/include/optee_include/OpteeClientInterface.h
+++ b/include/optee_include/OpteeClientInterface.h
@ -7,6 +7,8 @@
 #ifndef _OPTEECLIENTTEST_H_
 #define _OPTEECLIENTTEST_H_

+#include <optee_include/tee_client_api.h>
+
 #define ATAP_HEX_UUID_LEN 32
 #define ATTEST_DH_SIZE     8
 #define ATTEST_UUID_SIZE     (ATAP_HEX_UUID_LEN+1)
@ -21,6 +23,20 @@ uint32_t trusty_read_lock_state(uint8_t *lock_state);
 uint32_t trusty_write_lock_state(uint8_t lock_state);
 uint32_t trusty_read_flash_lock_state(uint8_t *flash_lock_state);
 uint32_t trusty_write_flash_lock_state(uint8_t flash_lock_state);
+
+/*
+ * read data from rk_keymaster
+ *
+ * @filename:		the filename of the saved data to read
+ * @filename_size: 	size of filename
+ * @data: 		the buffer used to read data from rk_keymaster
+ * @data_size: 		buffer size of the data
+ *
+ * @return a positive number in case of error, or 0 on success.
+ */
+TEEC_Result read_from_keymaster
+	(uint8_t *filename, uint32_t filename_size,
+	uint8_t *data, uint32_t data_size);
 uint32_t write_to_keymaster
 	(uint8_t *filename, uint32_t filename_size,
 	uint8_t *data, uint32_t data_size);
@ -38,4 +54,23 @@ uint32_t trusty_attest_get_ca
 	(uint8_t *operation_start, uint32_t *operation_size,
 	 uint8_t *out, uint32_t *out_len);
 uint32_t trusty_attest_set_ca(uint8_t *ca_response, uint32_t *ca_response_size);
+
+/*
+ * read oem unlock status from rk_keymaster
+ *
+ * @unlock:used to read oem unlock status code,0:locked,1:unlocked
+ *
+ * @return a positive number in case of error, or 0 on success.
+ */
+TEEC_Result trusty_read_oem_unlock(uint8_t *unlock);
+
+/*
+ * update oem unlock status to rk_keymaster
+ *
+ * @unlock: oem unlock status code,0:locked,1:unlocked
+ *
+ * @return a positive number in case of error, or 0 on success.
+ */
+TEEC_Result trusty_write_oem_unlock(uint8_t unlock);
+
 #endif
--- a/lib/optee_clientApi/OpteeClientInterface.c
+++ b/lib/optee_clientApi/OpteeClientInterface.c
@ -8,6 +8,7 @@
 #include <common.h>
 #include <optee_include/OpteeClientApiLib.h>
 #include <optee_include/tee_client_api.h>
+#include <optee_include/tee_api_defines.h>
 #include <boot_rkimg.h>

 void test_optee(void)
@ -808,6 +809,93 @@ uint32_t trusty_write_flash_lock_state(uint8_t flash_lock_state)
 	return TeecResult;
 }

+TEEC_Result read_from_keymaster(uint8_t *filename,
+		uint32_t filename_size,
+		uint8_t *data,
+		uint32_t size)
+{
+	TEEC_Result TeecResult;
+	TEEC_Context TeecContext;
+	TEEC_Session TeecSession;
+	uint32_t ErrorOrigin;
+	TEEC_UUID tempuuid = { 0x258be795, 0xf9ca, 0x40e6,
+		{ 0xa8, 0x69, 0x9c, 0xe6, 0x88, 0x6c, 0x5d, 0x5d } };
+	TEEC_UUID *TeecUuid = &tempuuid;
+	TEEC_Operation TeecOperation = {0};
+	struct blk_desc *dev_desc;
+	dev_desc = rockchip_get_bootdev();
+
+	debug("read_from_keymaster start\n");
+	OpteeClientApiLibInitialize();
+
+	TeecResult = TEEC_InitializeContext(NULL, &TeecContext);
+
+	TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT,
+						TEEC_NONE,
+						TEEC_NONE,
+						TEEC_NONE);
+	/*0 nand or emmc "security" partition , 1 rpmb*/
+	TeecOperation.params[0].value.a = (dev_desc->if_type == IF_TYPE_MMC) ? 1 : 0;
+#ifdef CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION
+	TeecOperation.params[0].value.a = 0;
+#endif
+
+	TeecResult = TEEC_OpenSession(&TeecContext,
+				&TeecSession,
+				TeecUuid,
+				TEEC_LOGIN_PUBLIC,
+				NULL,
+#ifdef CONFIG_OPTEE_V1
+				NULL,
+#endif
+#ifdef CONFIG_OPTEE_V2
+				&TeecOperation,
+#endif
+				&ErrorOrigin);
+
+	TEEC_SharedMemory SharedMem0 = {0};
+
+	SharedMem0.size = filename_size;
+	SharedMem0.flags = 0;
+
+	TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem0);
+
+	memcpy(SharedMem0.buffer, filename, SharedMem0.size);
+
+	TEEC_SharedMemory SharedMem1 = {0};
+
+	SharedMem1.size = size;
+	SharedMem1.flags = 0;
+
+	TeecResult = TEEC_AllocateSharedMemory(&TeecContext, &SharedMem1);
+
+	TeecOperation.params[0].tmpref.buffer = SharedMem0.buffer;
+	TeecOperation.params[0].tmpref.size = SharedMem0.size;
+
+	TeecOperation.params[1].tmpref.buffer = SharedMem1.buffer;
+	TeecOperation.params[1].tmpref.size = SharedMem1.size;
+
+
+	TeecOperation.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_INPUT,
+						TEEC_MEMREF_TEMP_INOUT,
+						TEEC_NONE,
+						TEEC_NONE);
+
+	TeecResult = TEEC_InvokeCommand(&TeecSession,
+					142,
+					&TeecOperation,
+					&ErrorOrigin);
+	if (TeecResult == TEEC_SUCCESS)
+		memcpy(data, SharedMem1.buffer, SharedMem1.size);
+	TEEC_ReleaseSharedMemory(&SharedMem0);
+	TEEC_ReleaseSharedMemory(&SharedMem1);
+	TEEC_CloseSession(&TeecSession);
+	TEEC_FinalizeContext(&TeecContext);
+	debug("read_from_keymaster end\n");
+
+	return TeecResult;
+}
+
 uint32_t write_to_keymaster(uint8_t *filename,
 		uint32_t filename_size,
 		uint8_t *data,
@ -892,7 +980,7 @@ uint32_t write_to_keymaster(uint8_t *filename,
 	TEEC_ReleaseSharedMemory(&SharedMem1);
 	TEEC_CloseSession(&TeecSession);
 	TEEC_FinalizeContext(&TeecContext);
-	debug("testmm end\n");
+	debug("write_to_keymaster end\n");
 	debug("TeecResult %x\n", TeecResult);

 	return TeecResult;
@ -1731,3 +1819,29 @@ uint32_t trusty_attest_set_ca(uint8_t *ca_response, uint32_t *ca_response_size)

 	return TeecResult;
 }
+
+TEEC_Result trusty_write_oem_unlock(uint8_t unlock)
+{
+	char *file = "oem.unlock";
+	TEEC_Result ret;
+
+	ret = write_to_keymaster((uint8_t *)file, strlen(file),
+		(uint8_t *)&unlock, 1);
+	return ret;
+}
+
+TEEC_Result trusty_read_oem_unlock(uint8_t *unlock)
+{
+	char *file = "oem.unlock";
+	TEEC_Result ret;
+
+	ret = read_from_keymaster((uint8_t *)file, strlen(file),
+		unlock, 1);
+
+	if (ret == TEE_ERROR_ITEM_NOT_FOUND) {
+		debug("init oem unlock status 0");
+		ret = trusty_write_oem_unlock(0);
+	}
+
+	return ret;
+}