1 /*
2  * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 #include <stddef.h>
9 #include <string.h>
10 
11 #include <plat/common/platform.h>
12 #include <tools_share/tbbr_oid.h>
13 
14 #include <lib/libc/endian.h>
15 #include <drivers/arm/cryptocell/713/bsv_api.h>
16 #include <drivers/arm/cryptocell/713/bsv_error.h>
17 
18 /*
19  * Return the ROTPK hash
20  *
21  * Return: 0 = success, Otherwise = error
22  */
cc_get_rotpk_hash(unsigned char * dst,unsigned int len,unsigned int * flags)23 int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
24 {
25 	CCError_t error;
26 	uint32_t lcs;
27 	int i;
28 	uint32_t *key = (uint32_t *)dst;
29 
30 	assert(dst != NULL);
31 	assert(len >= HASH_RESULT_SIZE_IN_WORDS);
32 	assert(flags != NULL);
33 
34 	error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
35 	if (error != CC_OK)
36 		return 1;
37 
38 	if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
39 		*flags = ROTPK_NOT_DEPLOYED;
40 		return 0;
41 	}
42 
43 	error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
44 				    CC_SB_HASH_BOOT_KEY_256B,
45 				    key, HASH_RESULT_SIZE_IN_WORDS);
46 
47 	if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
48 		*flags = ROTPK_NOT_DEPLOYED;
49 		return 0;
50 	}
51 
52 	if (error == CC_OK) {
53 
54 		/* Keys are stored in OTP in little-endian format */
55 		for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
56 			key[i] = le32toh(key[i]);
57 
58 		*flags = ROTPK_IS_HASH;
59 		return 0;
60 	}
61 
62 	return 1;
63 }
64 
65 /*
66  * Return the non-volatile counter value stored in the platform. The cookie
67  * specifies the OID of the counter in the certificate.
68  *
69  * Return: 0 = success, Otherwise = error
70  */
plat_get_nv_ctr(void * cookie,unsigned int * nv_ctr)71 int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
72 {
73 	CCError_t error = CC_FAIL;
74 
75 	if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
76 		error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
77 					   CC_SW_VERSION_TRUSTED, nv_ctr);
78 	} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
79 		error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
80 					   CC_SW_VERSION_NON_TRUSTED, nv_ctr);
81 	}
82 
83 	return (error != CC_OK);
84 }
85 
86 /*
87  * Store a new non-volatile counter value in the counter specified by the OID
88  * in the cookie. This function is not expected to be called if the Lifecycle
89  * state is RMA as the values in the certificate are expected to always match
90  * the nvcounter values. But if called when the LCS is RMA, the underlying
91  * helper functions will return success but without updating the counter.
92  *
93  * Return: 0 = success, Otherwise = error
94  */
plat_set_nv_ctr(void * cookie,unsigned int nv_ctr)95 int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
96 {
97 	CCError_t error = CC_FAIL;
98 
99 	if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
100 		error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
101 					   CC_SW_VERSION_TRUSTED, nv_ctr);
102 	} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
103 		error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
104 					   CC_SW_VERSION_NON_TRUSTED, nv_ctr);
105 	}
106 
107 	return (error != CC_OK);
108 }
109 
110