MA-15151 Limit some hwcrypto commands within bootloader

It can be dangerous to export some hwcrypto commands to Linux, add commands to limit some commands within bootloader. Test: hwcrypto commands can't be used after locking boot state. Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22 Signed-off-by: Ji Luo <ji.luo@nxp.com>

MA-15151 Limit some hwcrypto commands within bootloader
It can be dangerous to export some hwcrypto commands to Linux, add commands to limit some commands within bootloader. Test: hwcrypto commands can't be used after locking boot state. Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22 Signed-off-by: Ji Luo <ji.luo@nxp.com>
Ji Luo · Eric Lee · Eric Lee · Eric Lee · Eric Lee · Eric Lee
1 parent 6c1087c030
Showing 4 changed files with 15 additions and 0 deletions Side-by-side Diff
drivers/fastboot/fb_fsl/fb_fsl_boot.c
include/interface/hwcrypto/hwcrypto.h
include/trusty/hwcrypto.h
lib/trusty/ql-tipc/hwcrypto.c
@@ -831,6 +831,8 @@
 		goto fail;
 	/* lock the boot status and rollback_idx preventing Linux modify it */
 	trusty_lock_boot_state();
+	/* lock the boot state so linux can't use some hwcrypto commands. */
+	hwcrypto_lock_boot_state();
 	/* put ql-tipc to release resource for Linux */
 	trusty_ipc_shutdown();
 #endif
@@ -40,6 +40,7 @@
     HWCRYPTO_ENCAP_BLOB      = (2 << HWCRYPTO_REQ_SHIFT),
     HWCRYPTO_GEN_RNG         = (3 << HWCRYPTO_REQ_SHIFT),
     HWCRYPTO_GEN_BKEK        = (4 << HWCRYPTO_REQ_SHIFT),
+    HWCRYPTO_LOCK_BOOT_STATE = (5 << HWCRYPTO_REQ_SHIFT),
 };
  
 /**
@@ -82,5 +82,12 @@
  * @len: size of required rng.
  * */
 int hwcrypto_gen_bkek(uint32_t buf, uint32_t len);
+
+/* Send request to secure side to lock boot state, so some
+ * hwcrypto commands can't be used outside of bootloader.
+ * Returns one of trusty_err.
+ * */
+int hwcrypto_lock_boot_state(void);
+
 #endif /* TRUSTY_HWCRYPTO_H_ */
@@ -262,4 +262,9 @@
                               sizeof(req), NULL, 0, false);
     return rc;
 }
+
+int hwcrypto_lock_boot_state(void)
+{
+    return hwcrypto_do_tipc(HWCRYPTO_LOCK_BOOT_STATE, NULL, 0, NULL, 0, false);
+}
...	...	@@ -831,6 +831,8 @@
831	831	goto fail;
832	832	/* lock the boot status and rollback_idx preventing Linux modify it */
833	833	trusty_lock_boot_state();
	834	+ /* lock the boot state so linux can't use some hwcrypto commands. */
	835	+ hwcrypto_lock_boot_state();
834	836	/* put ql-tipc to release resource for Linux */
835	837	trusty_ipc_shutdown();
836	838	#endif
...	...	@@ -40,6 +40,7 @@
40	40	HWCRYPTO_ENCAP_BLOB = (2 << HWCRYPTO_REQ_SHIFT),
41	41	HWCRYPTO_GEN_RNG = (3 << HWCRYPTO_REQ_SHIFT),
42	42	HWCRYPTO_GEN_BKEK = (4 << HWCRYPTO_REQ_SHIFT),
	43	+ HWCRYPTO_LOCK_BOOT_STATE = (5 << HWCRYPTO_REQ_SHIFT),
43	44	};
44	45
45	46	/**
...	...	@@ -82,5 +82,12 @@
82	82	* @len: size of required rng.
83	83	* */
84	84	int hwcrypto_gen_bkek(uint32_t buf, uint32_t len);
	85	+
	86	+/* Send request to secure side to lock boot state, so some
	87	+ * hwcrypto commands can't be used outside of bootloader.
	88	+ * Returns one of trusty_err.
	89	+ * */
	90	+int hwcrypto_lock_boot_state(void);
	91	+
85	92	#endif /* TRUSTY_HWCRYPTO_H_ */
...	...	@@ -262,4 +262,9 @@
262	262	sizeof(req), NULL, 0, false);
263	263	return rc;
264	264	}
	265	+
	266	+int hwcrypto_lock_boot_state(void)
	267	+{
	268	+ return hwcrypto_do_tipc(HWCRYPTO_LOCK_BOOT_STATE, NULL, 0, NULL, 0, false);
	269	+}