/* $NetBSD: qcomscm.c,v 1.1 2024/12/30 12:31:10 jmcneill Exp $ */ /* $OpenBSD: qcscm.c,v 1.9 2024/08/04 15:30:08 kettenis Exp $ */ /* * Copyright (c) 2022 Patrick Wildt * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include #define ARM_SMCCC_STD_CALL (0U << 31) #define ARM_SMCCC_FAST_CALL (1U << 31) #define ARM_SMCCC_LP64 (1U << 30) #define ARM_SMCCC_OWNER_SIP 2 #define QCTEE_TZ_OWNER_TZ_APPS 48 #define QCTEE_TZ_OWNER_QSEE_OS 50 #define QCTEE_TZ_SVC_APP_ID_PLACEHOLDER 0 #define QCTEE_TZ_SVC_APP_MGR 1 #define QCTEE_OS_RESULT_SUCCESS 0 #define QCTEE_OS_RESULT_INCOMPLETE 1 #define QCTEE_OS_RESULT_BLOCKED_ON_LISTENER 2 #define QCTEE_OS_RESULT_FAILURE 0xffffffff #define QCTEE_OS_SCM_RES_APP_ID 0xee01 #define QCTEE_OS_SCM_RES_QSEOS_LISTENER_ID 0xee02 #define QCTEE_UEFI_GET_VARIABLE 0x8000 #define QCTEE_UEFI_SET_VARIABLE 0x8001 #define QCTEE_UEFI_GET_NEXT_VARIABLE 0x8002 #define QCTEE_UEFI_QUERY_VARIABLE_INFO 0x8003 #define QCTEE_UEFI_SUCCESS 0 #define QCTEE_UEFI_BUFFER_TOO_SMALL 0x80000005 #define QCTEE_UEFI_DEVICE_ERROR 0x80000007 #define QCTEE_UEFI_NOT_FOUND 0x8000000e #define QCSCM_SVC_PIL 0x02 #define QCSCM_PIL_PAS_INIT_IMAGE 0x01 #define QCSCM_PIL_PAS_MEM_SETUP 0x02 #define QCSCM_PIL_PAS_AUTH_AND_RESET 0x05 #define QCSCM_PIL_PAS_SHUTDOWN 0x06 #define QCSCM_PIL_PAS_IS_SUPPORTED 0x07 #define QCSCM_PIL_PAS_MSS_RESET 0x0a #define QCSCM_INTERRUPTED 1 #define QCSCM_EBUSY -22 #define QCSCM_ARGINFO_NUM(x) (((x) & 0xf) << 0) #define QCSCM_ARGINFO_TYPE(x, y) (((y) & 0x3) << (4 + 2 * (x))) #define QCSCM_ARGINFO_TYPE_VAL 0 #define QCSCM_ARGINFO_TYPE_RO 1 #define QCSCM_ARGINFO_TYPE_RW 2 #define QCSCM_ARGINFO_TYPE_BUFVAL 3 #define EFI_VARIABLE_NON_VOLATILE 0x00000001 #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 #define UNIX_GPS_EPOCH_OFFSET 315964800 #define EFI_VAR_RTCINFO __UNCONST(u"RTCInfo") extern struct arm32_bus_dma_tag arm_generic_dma_tag; struct qcscm_dmamem { bus_dmamap_t qdm_map; bus_dma_segment_t qdm_seg; size_t qdm_size; void *qdm_kva; }; #define QCSCM_DMA_MAP(_qdm) ((_qdm)->qdm_map) #define QCSCM_DMA_LEN(_qdm) ((_qdm)->qdm_size) #define QCSCM_DMA_DVA(_qdm) ((uint64_t)(_qdm)->qdm_map->dm_segs[0].ds_addr) #define QCSCM_DMA_KVA(_qdm, off) ((void *)((uintptr_t)(_qdm)->qdm_kva + (off))) static struct uuid qcscm_uefi_rtcinfo_guid = { 0x882f8c2b, 0x9646, 0x435f, 0x8d, 0xe5, { 0xf2, 0x08, 0xff, 0x80, 0xc1, 0xbd } }; struct qcscm_softc { device_t sc_dev; bus_dma_tag_t sc_dmat; struct qcscm_dmamem *sc_extarg; uint32_t sc_uefi_id; }; static int qcscm_match(device_t, cfdata_t, void *); static void qcscm_attach(device_t, device_t, void *); CFATTACH_DECL_NEW(qcomscm, sizeof(struct qcscm_softc), qcscm_match, qcscm_attach, NULL, NULL); static inline void qcscm_smc_exec(uint64_t *, uint64_t *); int qcscm_smc_call(struct qcscm_softc *, uint8_t, uint8_t, uint8_t, uint32_t, uint64_t *, int, uint64_t *); int qcscm_tee_app_get_id(struct qcscm_softc *, const char *, uint32_t *); int qcscm_tee_app_send(struct qcscm_softc *, uint32_t, uint64_t, uint64_t, uint64_t, uint64_t); efi_status qcscm_uefi_get_variable(struct qcscm_softc *, efi_char *, int, struct uuid *, uint32_t *, uint8_t *, int *); efi_status qcscm_uefi_set_variable(struct qcscm_softc *, efi_char *, int, struct uuid *, uint32_t, uint8_t *, int); efi_status qcscm_uefi_get_next_variable(struct qcscm_softc *, efi_char *, int *, struct uuid *); efi_status qcscm_efi_get_variable(efi_char *, struct uuid *, uint32_t *, u_long *, void *); efi_status qcscm_efi_set_variable(efi_char *, struct uuid *, uint32_t, u_long, void *); efi_status qcscm_efi_get_next_variable_name(u_long *, efi_char *, struct uuid *); #ifdef QCSCM_DEBUG void qcscm_uefi_dump_variables(struct qcscm_softc *); void qcscm_uefi_dump_variable(struct qcscm_softc *, efi_char *, int, struct uuid *); #endif int qcscm_uefi_rtc_get(uint32_t *); int qcscm_uefi_rtc_set(uint32_t); struct qcscm_dmamem * qcscm_dmamem_alloc(struct qcscm_softc *, bus_size_t, bus_size_t); void qcscm_dmamem_free(struct qcscm_softc *, struct qcscm_dmamem *); struct qcscm_softc *qcscm_sc; static const struct device_compatible_entry compat_data[] = { { .compat = "QCOM04DD" }, DEVICE_COMPAT_EOL }; static int qcscm_match(device_t parent, cfdata_t cf, void *aux) { struct acpi_attach_args *aa = aux; return acpi_compatible_match(aa, compat_data); } static void qcscm_attach(device_t parent, device_t self, void *aux) { struct qcscm_softc *sc = device_private(self); int error; sc->sc_dev = self; error = bus_dmatag_subregion(&arm_generic_dma_tag, 0, __MASK(32), &sc->sc_dmat, 0); KASSERT(error == 0); sc->sc_extarg = qcscm_dmamem_alloc(sc, PAGE_SIZE, 8); if (sc->sc_extarg == NULL) { aprint_error(": can't allocate memory for extended args\n"); return; } aprint_naive("\n"); aprint_normal("\n"); #if notyet error = qcscm_tee_app_get_id(sc, "qcom.tz.uefisecapp", &sc->sc_uefi_id); if (error != 0) { aprint_error_dev(self, "can't retrieve UEFI App: %d\n", error); sc->sc_uefi_id = UINT32_MAX; } #else sc->sc_uefi_id = UINT32_MAX; #endif qcscm_sc = sc; #ifdef QCSCM_DEBUG qcscm_uefi_dump_variables(sc); qcscm_uefi_dump_variable(sc, EFI_VAR_RTCINFO, sizeof(EFI_VAR_RTCINFO), &qcscm_uefi_rtcinfo_guid); #endif } /* Expects an uint64_t[18] */ static inline void qcscm_smc_exec(uint64_t *in, uint64_t *out) { asm volatile( "ldp x0, x1, [%[in], #0]\n" "ldp x2, x3, [%[in], #16]\n" "ldp x4, x5, [%[in], #32]\n" "ldp x6, x7, [%[in], #48]\n" "ldp x8, x9, [%[in], #64]\n" "ldp x10, x11, [%[in], #80]\n" "ldp x12, x13, [%[in], #96]\n" "ldp x14, x15, [%[in], #112]\n" "ldp x16, x17, [%[in], #128]\n" "smc #0\n" "stp x0, x1, [%[out], #0]\n" "stp x2, x3, [%[out], #16]\n" "stp x4, x5, [%[out], #32]\n" "stp x6, x7, [%[out], #48]\n" "stp x8, x9, [%[out], #64]\n" "stp x10, x11, [%[out], #80]\n" "stp x12, x13, [%[out], #96]\n" "stp x14, x15, [%[out], #112]\n" "stp x16, x17, [%[out], #128]\n" : : [in] "r" (in), [out] "r" (out) : "x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "memory"); } int qcscm_smc_call(struct qcscm_softc *sc, uint8_t owner, uint8_t svc, uint8_t cmd, uint32_t arginfo, uint64_t *args, int arglen, uint64_t *res) { uint64_t smcreq[18] = { 0 }, smcres[18] = { 0 }; uint64_t *smcextreq; int i, busy_retry; /* 4 of our 10 possible args fit into x2-x5 */ smcreq[0] = ARM_SMCCC_STD_CALL | ARM_SMCCC_LP64 | owner << 24 | svc << 8 | cmd; #ifdef QCSCM_DEBUG_SMC device_printf(sc->sc_dev, "owner %#x svc %#x cmd %#x req %#lx\n", owner, svc, cmd, smcreq[0]); #endif smcreq[1] = arginfo; for (i = 0; i < uimin(arglen, 4); i++) smcreq[2 + i] = args[i]; /* In case we have more than 4, use x5 as ptr to extra args */ if (arglen > 4) { smcreq[5] = QCSCM_DMA_DVA(sc->sc_extarg); smcextreq = QCSCM_DMA_KVA(sc->sc_extarg, 0); for (i = 0; i < uimin(arglen - 3, 7); i++) { smcextreq[i] = args[3 + i]; } cpu_drain_writebuf(); } #ifdef QCSCM_DEBUG_SMC device_printf(sc->sc_dev, "smcreq[before]:"); for (i = 0; i < __arraycount(smcreq); i++) { printf(" %#lx", smcreq[i]); } printf("\n"); #endif for (busy_retry = 20; busy_retry > 0; busy_retry--) { int intr_retry = 1000000; for (;;) { qcscm_smc_exec(smcreq, smcres); /* If the call gets interrupted, try again and re-pass x0/x6 */ if (smcres[0] == QCSCM_INTERRUPTED) { if (--intr_retry == 0) { break; } smcreq[0] = smcres[0]; smcreq[6] = smcres[6]; continue; } break; } if (smcres[0] != QCSCM_EBUSY) { break; } delay(30000); } #ifdef QCSCM_DEBUG_SMC device_printf(sc->sc_dev, "smcreq[after]:"); for (i = 0; i < __arraycount(smcreq); i++) { printf(" %#lx", smcreq[i]); } printf("\n"); device_printf(sc->sc_dev, "smcres[after]:"); for (i = 0; i < __arraycount(smcres); i++) { printf(" %#lx", smcres[i]); } printf("\n"); #endif if (res) { res[0] = smcres[1]; res[1] = smcres[2]; res[2] = smcres[3]; } return smcres[0]; } /* Retrieve id of app running in TEE by name */ int qcscm_tee_app_get_id(struct qcscm_softc *sc, const char *name, uint32_t *id) { struct qcscm_dmamem *qdm; uint64_t res[3]; uint64_t args[2]; uint32_t arginfo; int ret; /* Max name length is 64 */ if (strlen(name) > 64) return EINVAL; /* Alloc some phys mem to hold the name */ qdm = qcscm_dmamem_alloc(sc, PAGE_SIZE, 8); if (qdm == NULL) return ENOMEM; /* Copy name of app we want to get an id for to page */ memcpy(QCSCM_DMA_KVA(qdm, 0), name, strlen(name)); /* Pass address of name and length */ arginfo = QCSCM_ARGINFO_NUM(__arraycount(args)); arginfo |= QCSCM_ARGINFO_TYPE(0, QCSCM_ARGINFO_TYPE_RW); arginfo |= QCSCM_ARGINFO_TYPE(1, QCSCM_ARGINFO_TYPE_VAL); args[0] = QCSCM_DMA_DVA(qdm); args[1] = strlen(name); cpu_drain_writebuf(); /* Make call into TEE */ ret = qcscm_smc_call(sc, QCTEE_TZ_OWNER_QSEE_OS, QCTEE_TZ_SVC_APP_MGR, 0x03, arginfo, args, __arraycount(args), res); /* If the call succeeded, check the response status */ if (ret == 0) ret = res[0]; /* If the response status is successful as well, retrieve data */ if (ret == 0) *id = res[2]; qcscm_dmamem_free(sc, qdm); return ret; } /* Message interface to app running in TEE */ int qcscm_tee_app_send(struct qcscm_softc *sc, uint32_t id, uint64_t req_phys, uint64_t req_len, uint64_t rsp_phys, uint64_t rsp_len) { uint64_t res[3]; uint64_t args[5]; uint32_t arginfo; int ret; /* Pass id of app we target, plus request and response buffers */ arginfo = QCSCM_ARGINFO_NUM(__arraycount(args)); arginfo |= QCSCM_ARGINFO_TYPE(0, QCSCM_ARGINFO_TYPE_VAL); arginfo |= QCSCM_ARGINFO_TYPE(1, QCSCM_ARGINFO_TYPE_RW); arginfo |= QCSCM_ARGINFO_TYPE(2, QCSCM_ARGINFO_TYPE_VAL); arginfo |= QCSCM_ARGINFO_TYPE(3, QCSCM_ARGINFO_TYPE_RW); arginfo |= QCSCM_ARGINFO_TYPE(4, QCSCM_ARGINFO_TYPE_VAL); args[0] = id; args[1] = req_phys; args[2] = req_len; args[3] = rsp_phys; args[4] = rsp_len; /* Make call into TEE */ ret = qcscm_smc_call(sc, QCTEE_TZ_OWNER_TZ_APPS, QCTEE_TZ_SVC_APP_ID_PLACEHOLDER, 0x01, arginfo, args, __arraycount(args), res); /* If the call succeeded, check the response status */ if (ret == 0) ret = res[0]; return ret; } struct qcscm_req_uefi_get_variable { uint32_t command_id; uint32_t length; uint32_t name_offset; uint32_t name_size; uint32_t guid_offset; uint32_t guid_size; uint32_t data_size; }; struct qcscm_rsp_uefi_get_variable { uint32_t command_id; uint32_t length; uint32_t status; uint32_t attributes; uint32_t data_offset; uint32_t data_size; }; efi_status qcscm_uefi_get_variable(struct qcscm_softc *sc, efi_char *name, int name_size, struct uuid *guid, uint32_t *attributes, uint8_t *data, int *data_size) { struct qcscm_req_uefi_get_variable *req; struct qcscm_rsp_uefi_get_variable *resp; struct qcscm_dmamem *qdm; size_t reqsize, respsize; off_t reqoff, respoff; int ret; if (sc->sc_uefi_id == UINT32_MAX) return QCTEE_UEFI_DEVICE_ERROR; reqsize = ALIGN(sizeof(*req)) + ALIGN(name_size) + ALIGN(sizeof(*guid)); respsize = ALIGN(sizeof(*resp)) + ALIGN(*data_size); reqoff = 0; respoff = reqsize; qdm = qcscm_dmamem_alloc(sc, round_page(reqsize + respsize), 8); if (qdm == NULL) return QCTEE_UEFI_DEVICE_ERROR; req = QCSCM_DMA_KVA(qdm, reqoff); req->command_id = QCTEE_UEFI_GET_VARIABLE; req->data_size = *data_size; req->name_offset = ALIGN(sizeof(*req)); req->name_size = name_size; req->guid_offset = ALIGN(req->name_offset + req->name_size); req->guid_size = sizeof(*guid); req->length = req->guid_offset + req->guid_size; memcpy((char *)req + req->guid_offset, guid, sizeof(*guid)); memcpy((char *)req + req->name_offset, name, name_size); cpu_drain_writebuf(); ret = qcscm_tee_app_send(sc, sc->sc_uefi_id, QCSCM_DMA_DVA(qdm) + reqoff, reqsize, QCSCM_DMA_DVA(qdm) + respoff, respsize); if (ret) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } cpu_drain_writebuf(); resp = QCSCM_DMA_KVA(qdm, respoff); if (resp->command_id != QCTEE_UEFI_GET_VARIABLE || resp->length < sizeof(*resp)) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } if (resp->status) { if (resp->status == QCTEE_UEFI_BUFFER_TOO_SMALL) *data_size = resp->data_size; if (attributes) *attributes = resp->attributes; ret = resp->status; qcscm_dmamem_free(sc, qdm); return ret; } if (resp->length > respsize || resp->data_offset + resp->data_size > resp->length) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } if (attributes) *attributes = resp->attributes; if (*data_size == 0) { *data_size = resp->data_size; qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_SUCCESS; } if (resp->data_size > *data_size) { *data_size = resp->data_size; qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_BUFFER_TOO_SMALL; } memcpy(data, (char *)resp + resp->data_offset, resp->data_size); *data_size = resp->data_size; qcscm_dmamem_free(sc, qdm); return EFI_SUCCESS; } struct qcscm_req_uefi_set_variable { uint32_t command_id; uint32_t length; uint32_t name_offset; uint32_t name_size; uint32_t guid_offset; uint32_t guid_size; uint32_t attributes; uint32_t data_offset; uint32_t data_size; }; struct qcscm_rsp_uefi_set_variable { uint32_t command_id; uint32_t length; uint32_t status; uint32_t unknown[2]; }; efi_status qcscm_uefi_set_variable(struct qcscm_softc *sc, efi_char *name, int name_size, struct uuid *guid, uint32_t attributes, uint8_t *data, int data_size) { struct qcscm_req_uefi_set_variable *req; struct qcscm_rsp_uefi_set_variable *resp; struct qcscm_dmamem *qdm; size_t reqsize, respsize; off_t reqoff, respoff; int ret; if (sc->sc_uefi_id == UINT32_MAX) return QCTEE_UEFI_DEVICE_ERROR; reqsize = ALIGN(sizeof(*req)) + ALIGN(name_size) + ALIGN(sizeof(*guid)) + ALIGN(data_size); respsize = ALIGN(sizeof(*resp)); reqoff = 0; respoff = reqsize; qdm = qcscm_dmamem_alloc(sc, round_page(reqsize + respsize), 8); if (qdm == NULL) return QCTEE_UEFI_DEVICE_ERROR; req = QCSCM_DMA_KVA(qdm, reqoff); req->command_id = QCTEE_UEFI_SET_VARIABLE; req->attributes = attributes; req->name_offset = ALIGN(sizeof(*req)); req->name_size = name_size; req->guid_offset = ALIGN(req->name_offset + req->name_size); req->guid_size = sizeof(*guid); req->data_offset = ALIGN(req->guid_offset + req->guid_size); req->data_size = data_size; req->length = req->data_offset + req->data_size; memcpy((char *)req + req->name_offset, name, name_size); memcpy((char *)req + req->guid_offset, guid, sizeof(*guid)); memcpy((char *)req + req->data_offset, data, data_size); ret = qcscm_tee_app_send(sc, sc->sc_uefi_id, QCSCM_DMA_DVA(qdm) + reqoff, reqsize, QCSCM_DMA_DVA(qdm) + respoff, respsize); if (ret) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } resp = QCSCM_DMA_KVA(qdm, respoff); if (resp->command_id != QCTEE_UEFI_SET_VARIABLE || resp->length < sizeof(*resp) || resp->length > respsize) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } if (resp->status) { ret = resp->status; qcscm_dmamem_free(sc, qdm); return ret; } qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_SUCCESS; } struct qcscm_req_uefi_get_next_variable { uint32_t command_id; uint32_t length; uint32_t guid_offset; uint32_t guid_size; uint32_t name_offset; uint32_t name_size; }; struct qcscm_rsp_uefi_get_next_variable { uint32_t command_id; uint32_t length; uint32_t status; uint32_t guid_offset; uint32_t guid_size; uint32_t name_offset; uint32_t name_size; }; efi_status qcscm_uefi_get_next_variable(struct qcscm_softc *sc, efi_char *name, int *name_size, struct uuid *guid) { struct qcscm_req_uefi_get_next_variable *req; struct qcscm_rsp_uefi_get_next_variable *resp; struct qcscm_dmamem *qdm; size_t reqsize, respsize; off_t reqoff, respoff; int ret; if (sc->sc_uefi_id == UINT32_MAX) return QCTEE_UEFI_DEVICE_ERROR; reqsize = ALIGN(sizeof(*req)) + ALIGN(sizeof(*guid)) + ALIGN(*name_size); respsize = ALIGN(sizeof(*resp)) + ALIGN(sizeof(*guid)) + ALIGN(*name_size); reqoff = 0; respoff = reqsize; qdm = qcscm_dmamem_alloc(sc, round_page(reqsize + respsize), 8); if (qdm == NULL) return QCTEE_UEFI_DEVICE_ERROR; req = QCSCM_DMA_KVA(qdm, reqoff); req->command_id = QCTEE_UEFI_GET_NEXT_VARIABLE; req->guid_offset = ALIGN(sizeof(*req)); req->guid_size = sizeof(*guid); req->name_offset = ALIGN(req->guid_offset + req->guid_size); req->name_size = *name_size; req->length = req->name_offset + req->name_size; memcpy((char *)req + req->guid_offset, guid, sizeof(*guid)); memcpy((char *)req + req->name_offset, name, *name_size); ret = qcscm_tee_app_send(sc, sc->sc_uefi_id, QCSCM_DMA_DVA(qdm) + reqoff, reqsize, QCSCM_DMA_DVA(qdm) + respoff, respsize); if (ret) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } resp = QCSCM_DMA_KVA(qdm, respoff); if (resp->command_id != QCTEE_UEFI_GET_NEXT_VARIABLE || resp->length < sizeof(*resp) || resp->length > respsize) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } if (resp->status) { if (resp->status == QCTEE_UEFI_BUFFER_TOO_SMALL) *name_size = resp->name_size; ret = resp->status; qcscm_dmamem_free(sc, qdm); return ret; } if (resp->guid_offset + resp->guid_size > resp->length || resp->name_offset + resp->name_size > resp->length) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } if (resp->guid_size != sizeof(*guid)) { qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_DEVICE_ERROR; } if (resp->name_size > *name_size) { *name_size = resp->name_size; qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_BUFFER_TOO_SMALL; } memcpy(guid, (char *)resp + resp->guid_offset, sizeof(*guid)); memcpy(name, (char *)resp + resp->name_offset, resp->name_size); *name_size = resp->name_size; qcscm_dmamem_free(sc, qdm); return QCTEE_UEFI_SUCCESS; } efi_status qcscm_efi_get_variable(efi_char *name, struct uuid *guid, uint32_t *attributes, u_long *data_size, void *data) { struct qcscm_softc *sc = qcscm_sc; efi_status status; int name_size; int size; name_size = 0; while (name[name_size]) name_size++; name_size++; size = *data_size; status = qcscm_uefi_get_variable(sc, name, name_size * 2, guid, attributes, data, &size); *data_size = size; /* Convert 32-bit status code to 64-bit. */ return ((status & 0xf0000000) << 32 | (status & 0x0fffffff)); } efi_status qcscm_efi_set_variable(efi_char *name, struct uuid *guid, uint32_t attributes, u_long data_size, void *data) { struct qcscm_softc *sc = qcscm_sc; efi_status status; int name_size; name_size = 0; while (name[name_size]) name_size++; name_size++; status = qcscm_uefi_set_variable(sc, name, name_size * 2, guid, attributes, data, data_size); /* Convert 32-bit status code to 64-bit. */ return ((status & 0xf0000000) << 32 | (status & 0x0fffffff)); } efi_status qcscm_efi_get_next_variable_name(u_long *name_size, efi_char *name, struct uuid *guid) { struct qcscm_softc *sc = qcscm_sc; efi_status status; int size; size = *name_size; status = qcscm_uefi_get_next_variable(sc, name, &size, guid); *name_size = size; /* Convert 32-bit status code to 64-bit. */ return ((status & 0xf0000000) << 32 | (status & 0x0fffffff)); } #ifdef QCSCM_DEBUG void qcscm_uefi_dump_variables(struct qcscm_softc *sc) { efi_char name[128]; struct uuid guid; int namesize = sizeof(name); int i, ret; memset(name, 0, sizeof(name)); memset(&guid, 0, sizeof(guid)); for (;;) { ret = qcscm_uefi_get_next_variable(sc, name, &namesize, &guid); if (ret == 0) { printf("%s: ", device_xname(sc->sc_dev)); for (i = 0; i < namesize / 2; i++) printf("%c", name[i]); printf(" { 0x%08x, 0x%04x, 0x%04x, { ", guid.time_low, guid.time_mid, guid.time_hi_and_version); printf(" 0x%02x, 0x%02x,", guid.clock_seq_hi_and_reserved, guid.clock_seq_low); for (i = 0; i < 6; i++) { printf(" 0x%02x,", guid.node[i]); } printf(" }"); printf("\n"); namesize = sizeof(name); continue; } break; } } void qcscm_uefi_dump_variable(struct qcscm_softc *sc, efi_char *name, int namesize, struct uuid *guid) { uint8_t data[512]; int datasize = sizeof(data); int i, ret; ret = qcscm_uefi_get_variable(sc, name, namesize, guid, NULL, data, &datasize); if (ret != QCTEE_UEFI_SUCCESS) { printf("%s: error reading ", device_xname(sc->sc_dev)); for (i = 0; i < namesize / 2; i++) printf("%c", name[i]); printf("\n"); return; } printf("%s: ", device_xname(sc->sc_dev)); for (i = 0; i < namesize / 2; i++) printf("%c", name[i]); printf(" = "); for (i = 0; i < datasize; i++) printf("%02x", data[i]); printf("\n"); } #endif int qcscm_uefi_rtc_get(uint32_t *off) { struct qcscm_softc *sc = qcscm_sc; uint32_t rtcinfo[3]; int rtcinfosize = sizeof(rtcinfo); if (sc == NULL) return ENXIO; if (qcscm_uefi_get_variable(sc, EFI_VAR_RTCINFO, sizeof(EFI_VAR_RTCINFO), &qcscm_uefi_rtcinfo_guid, NULL, (uint8_t *)rtcinfo, &rtcinfosize) != 0) return EIO; /* UEFI stores the offset based on GPS epoch */ *off = rtcinfo[0] + UNIX_GPS_EPOCH_OFFSET; return 0; } int qcscm_uefi_rtc_set(uint32_t off) { struct qcscm_softc *sc = qcscm_sc; uint32_t rtcinfo[3]; int rtcinfosize = sizeof(rtcinfo); if (sc == NULL) return ENXIO; if (qcscm_uefi_get_variable(sc, EFI_VAR_RTCINFO, sizeof(EFI_VAR_RTCINFO), &qcscm_uefi_rtcinfo_guid, NULL, (uint8_t *)rtcinfo, &rtcinfosize) != 0) return EIO; /* UEFI stores the offset based on GPS epoch */ off -= UNIX_GPS_EPOCH_OFFSET; /* No need to set if we're not changing anything */ if (rtcinfo[0] == off) return 0; rtcinfo[0] = off; if (qcscm_uefi_set_variable(sc, EFI_VAR_RTCINFO, sizeof(EFI_VAR_RTCINFO), &qcscm_uefi_rtcinfo_guid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, (uint8_t *)rtcinfo, sizeof(rtcinfo)) != 0) return EIO; return 0; } int qcscm_pas_init_image(uint32_t peripheral, paddr_t metadata) { struct qcscm_softc *sc = qcscm_sc; uint64_t res[3]; uint64_t args[2]; uint32_t arginfo; int ret; if (sc == NULL) return ENXIO; arginfo = QCSCM_ARGINFO_NUM(__arraycount(args)); arginfo |= QCSCM_ARGINFO_TYPE(0, QCSCM_ARGINFO_TYPE_VAL); arginfo |= QCSCM_ARGINFO_TYPE(1, QCSCM_ARGINFO_TYPE_RW); args[0] = peripheral; args[1] = metadata; /* Make call into TEE */ ret = qcscm_smc_call(sc, ARM_SMCCC_OWNER_SIP, QCSCM_SVC_PIL, QCSCM_PIL_PAS_INIT_IMAGE, arginfo, args, __arraycount(args), res); /* If the call succeeded, check the response status */ if (ret == 0) ret = res[0]; return ret; } int qcscm_pas_mem_setup(uint32_t peripheral, paddr_t addr, size_t size) { struct qcscm_softc *sc = qcscm_sc; uint64_t res[3]; uint64_t args[3]; uint32_t arginfo; int ret; if (sc == NULL) return ENXIO; arginfo = QCSCM_ARGINFO_NUM(__arraycount(args)); arginfo |= QCSCM_ARGINFO_TYPE(0, QCSCM_ARGINFO_TYPE_VAL); arginfo |= QCSCM_ARGINFO_TYPE(1, QCSCM_ARGINFO_TYPE_VAL); arginfo |= QCSCM_ARGINFO_TYPE(2, QCSCM_ARGINFO_TYPE_VAL); args[0] = peripheral; args[1] = addr; args[2] = size; /* Make call into TEE */ ret = qcscm_smc_call(sc, ARM_SMCCC_OWNER_SIP, QCSCM_SVC_PIL, QCSCM_PIL_PAS_MEM_SETUP, arginfo, args, __arraycount(args), res); /* If the call succeeded, check the response status */ if (ret == 0) ret = res[0]; return ret; } int qcscm_pas_auth_and_reset(uint32_t peripheral) { struct qcscm_softc *sc = qcscm_sc; uint64_t res[3]; uint64_t args[1]; uint32_t arginfo; int ret; if (sc == NULL) return ENXIO; arginfo = QCSCM_ARGINFO_NUM(__arraycount(args)); arginfo |= QCSCM_ARGINFO_TYPE(0, QCSCM_ARGINFO_TYPE_VAL); args[0] = peripheral; /* Make call into TEE */ ret = qcscm_smc_call(sc, ARM_SMCCC_OWNER_SIP, QCSCM_SVC_PIL, QCSCM_PIL_PAS_AUTH_AND_RESET, arginfo, args, __arraycount(args), res); /* If the call succeeded, check the response status */ if (ret == 0) ret = res[0]; return ret; } int qcscm_pas_shutdown(uint32_t peripheral) { struct qcscm_softc *sc = qcscm_sc; uint64_t res[3]; uint64_t args[1]; uint32_t arginfo; int ret; if (sc == NULL) return ENXIO; arginfo = QCSCM_ARGINFO_NUM(__arraycount(args)); arginfo |= QCSCM_ARGINFO_TYPE(0, QCSCM_ARGINFO_TYPE_VAL); args[0] = peripheral; /* Make call into TEE */ ret = qcscm_smc_call(sc, ARM_SMCCC_OWNER_SIP, QCSCM_SVC_PIL, QCSCM_PIL_PAS_SHUTDOWN, arginfo, args, __arraycount(args), res); /* If the call succeeded, check the response status */ if (ret == 0) ret = res[0]; return ret; } /* DMA code */ struct qcscm_dmamem * qcscm_dmamem_alloc(struct qcscm_softc *sc, bus_size_t size, bus_size_t align) { struct qcscm_dmamem *qdm; int nsegs; qdm = kmem_zalloc(sizeof(*qdm), KM_SLEEP); qdm->qdm_size = size; if (bus_dmamap_create(sc->sc_dmat, size, 1, size, 0, BUS_DMA_WAITOK | BUS_DMA_ALLOCNOW, &qdm->qdm_map) != 0) goto qdmfree; if (bus_dmamem_alloc(sc->sc_dmat, size, align, 0, &qdm->qdm_seg, 1, &nsegs, BUS_DMA_WAITOK) != 0) goto destroy; if (bus_dmamem_map(sc->sc_dmat, &qdm->qdm_seg, nsegs, size, &qdm->qdm_kva, BUS_DMA_WAITOK | BUS_DMA_COHERENT) != 0) goto free; if (bus_dmamap_load(sc->sc_dmat, qdm->qdm_map, qdm->qdm_kva, size, NULL, BUS_DMA_WAITOK) != 0) goto unmap; memset(qdm->qdm_kva, 0, size); return (qdm); unmap: bus_dmamem_unmap(sc->sc_dmat, qdm->qdm_kva, size); free: bus_dmamem_free(sc->sc_dmat, &qdm->qdm_seg, 1); destroy: bus_dmamap_destroy(sc->sc_dmat, qdm->qdm_map); qdmfree: kmem_free(qdm, sizeof(*qdm)); return (NULL); } void qcscm_dmamem_free(struct qcscm_softc *sc, struct qcscm_dmamem *qdm) { bus_dmamem_unmap(sc->sc_dmat, qdm->qdm_kva, qdm->qdm_size); bus_dmamem_free(sc->sc_dmat, &qdm->qdm_seg, 1); bus_dmamap_destroy(sc->sc_dmat, qdm->qdm_map); kmem_free(qdm, sizeof(*qdm)); }