1 /*
2 * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <stddef.h>
9 #include <string.h>
10
11 #include <plat/common/platform.h>
12 #include <tools_share/tbbr_oid.h>
13
14 #include <lib/libc/endian.h>
15 #include <drivers/arm/cryptocell/713/bsv_api.h>
16 #include <drivers/arm/cryptocell/713/bsv_error.h>
17
18 /*
19 * Return the ROTPK hash
20 *
21 * Return: 0 = success, Otherwise = error
22 */
cc_get_rotpk_hash(unsigned char * dst,unsigned int len,unsigned int * flags)23 int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
24 {
25 CCError_t error;
26 uint32_t lcs;
27 int i;
28 uint32_t *key = (uint32_t *)dst;
29
30 assert(dst != NULL);
31 assert(len >= HASH_RESULT_SIZE_IN_WORDS);
32 assert(flags != NULL);
33
34 error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
35 if (error != CC_OK)
36 return 1;
37
38 if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
39 *flags = ROTPK_NOT_DEPLOYED;
40 return 0;
41 }
42
43 error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
44 CC_SB_HASH_BOOT_KEY_256B,
45 key, HASH_RESULT_SIZE_IN_WORDS);
46
47 if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
48 *flags = ROTPK_NOT_DEPLOYED;
49 return 0;
50 }
51
52 if (error == CC_OK) {
53
54 /* Keys are stored in OTP in little-endian format */
55 for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
56 key[i] = le32toh(key[i]);
57
58 *flags = ROTPK_IS_HASH;
59 return 0;
60 }
61
62 return 1;
63 }
64
65 /*
66 * Return the non-volatile counter value stored in the platform. The cookie
67 * specifies the OID of the counter in the certificate.
68 *
69 * Return: 0 = success, Otherwise = error
70 */
plat_get_nv_ctr(void * cookie,unsigned int * nv_ctr)71 int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
72 {
73 CCError_t error = CC_FAIL;
74
75 if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
76 error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
77 CC_SW_VERSION_TRUSTED, nv_ctr);
78 } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
79 error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
80 CC_SW_VERSION_NON_TRUSTED, nv_ctr);
81 }
82
83 return (error != CC_OK);
84 }
85
86 /*
87 * Store a new non-volatile counter value in the counter specified by the OID
88 * in the cookie. This function is not expected to be called if the Lifecycle
89 * state is RMA as the values in the certificate are expected to always match
90 * the nvcounter values. But if called when the LCS is RMA, the underlying
91 * helper functions will return success but without updating the counter.
92 *
93 * Return: 0 = success, Otherwise = error
94 */
plat_set_nv_ctr(void * cookie,unsigned int nv_ctr)95 int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
96 {
97 CCError_t error = CC_FAIL;
98
99 if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
100 error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
101 CC_SW_VERSION_TRUSTED, nv_ctr);
102 } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
103 error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
104 CC_SW_VERSION_NON_TRUSTED, nv_ctr);
105 }
106
107 return (error != CC_OK);
108 }
109
110