mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 02:36:02 +00:00
1e9046e3a1
A number of storage technologies support a specialised hardware partition designed to be resistant to replay attacks. The underlying HW protocols differ but the operations are common. The RPMB partition cannot be accessed via standard block layer, but by a set of specific RPMB commands. Such a partition provides authenticated and replay protected access, hence suitable as a secure storage. The initial aim of this patch is to provide a simple RPMB driver interface which can be accessed by the optee driver to facilitate early RPMB access to OP-TEE OS (secure OS) during the boot time. A TEE device driver can claim the RPMB interface, for example, via rpmb_interface_register() or rpmb_dev_find_device(). The RPMB driver provides a callback to route RPMB frames to the RPMB device accessible via rpmb_route_frames(). The detailed operation of implementing the access is left to the TEE device driver itself. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Shyam Saini <shyamsaini@linux.microsoft.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Tested-by: Manuel Traut <manut@mecka.net> Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Link: https://lore.kernel.org/r/20240814153558.708365-2-jens.wiklander@linaro.org Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
124 lines
3.2 KiB
C
124 lines
3.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2015-2019 Intel Corp. All rights reserved
|
|
* Copyright (C) 2021-2022 Linaro Ltd
|
|
*/
|
|
#ifndef __RPMB_H__
|
|
#define __RPMB_H__
|
|
|
|
#include <linux/device.h>
|
|
#include <linux/types.h>
|
|
|
|
/**
|
|
* enum rpmb_type - type of underlying storage technology
|
|
*
|
|
* @RPMB_TYPE_EMMC : emmc (JESD84-B50.1)
|
|
* @RPMB_TYPE_UFS : UFS (JESD220)
|
|
* @RPMB_TYPE_NVME : NVM Express
|
|
*/
|
|
enum rpmb_type {
|
|
RPMB_TYPE_EMMC,
|
|
RPMB_TYPE_UFS,
|
|
RPMB_TYPE_NVME,
|
|
};
|
|
|
|
/**
|
|
* struct rpmb_descr - RPMB description provided by the underlying block device
|
|
*
|
|
* @type : block device type
|
|
* @route_frames : routes frames to and from the RPMB device
|
|
* @dev_id : unique device identifier read from the hardware
|
|
* @dev_id_len : length of unique device identifier
|
|
* @reliable_wr_count: number of sectors that can be written in one access
|
|
* @capacity : capacity of the device in units of 128K
|
|
*
|
|
* @dev_id is intended to be used as input when deriving the authenticaion key.
|
|
*/
|
|
struct rpmb_descr {
|
|
enum rpmb_type type;
|
|
int (*route_frames)(struct device *dev, u8 *req, unsigned int req_len,
|
|
u8 *resp, unsigned int resp_len);
|
|
u8 *dev_id;
|
|
size_t dev_id_len;
|
|
u16 reliable_wr_count;
|
|
u16 capacity;
|
|
};
|
|
|
|
/**
|
|
* struct rpmb_dev - device which can support RPMB partition
|
|
*
|
|
* @dev : device
|
|
* @id : device_id
|
|
* @list_node : linked list node
|
|
* @descr : RPMB description
|
|
*/
|
|
struct rpmb_dev {
|
|
struct device dev;
|
|
int id;
|
|
struct list_head list_node;
|
|
struct rpmb_descr descr;
|
|
};
|
|
|
|
#define to_rpmb_dev(x) container_of((x), struct rpmb_dev, dev)
|
|
|
|
#if IS_ENABLED(CONFIG_RPMB)
|
|
struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev);
|
|
void rpmb_dev_put(struct rpmb_dev *rdev);
|
|
struct rpmb_dev *rpmb_dev_find_device(const void *data,
|
|
const struct rpmb_dev *start,
|
|
int (*match)(struct device *dev,
|
|
const void *data));
|
|
int rpmb_interface_register(struct class_interface *intf);
|
|
void rpmb_interface_unregister(struct class_interface *intf);
|
|
struct rpmb_dev *rpmb_dev_register(struct device *dev,
|
|
struct rpmb_descr *descr);
|
|
int rpmb_dev_unregister(struct rpmb_dev *rdev);
|
|
|
|
int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
|
|
unsigned int req_len, u8 *resp, unsigned int resp_len);
|
|
|
|
#else
|
|
static inline struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline void rpmb_dev_put(struct rpmb_dev *rdev) { }
|
|
|
|
static inline struct rpmb_dev *
|
|
rpmb_dev_find_device(const void *data, const struct rpmb_dev *start,
|
|
int (*match)(struct device *dev, const void *data))
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline int rpmb_interface_register(struct class_interface *intf)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
|
|
static inline void rpmb_interface_unregister(struct class_interface *intf)
|
|
{
|
|
}
|
|
|
|
static inline struct rpmb_dev *
|
|
rpmb_dev_register(struct device *dev, struct rpmb_descr *descr)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline int rpmb_dev_unregister(struct rpmb_dev *dev)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int rpmb_route_frames(struct rpmb_dev *rdev, u8 *req,
|
|
unsigned int req_len, u8 *resp,
|
|
unsigned int resp_len)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
#endif /* CONFIG_RPMB */
|
|
|
|
#endif /* __RPMB_H__ */
|