• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3  * Licensed under the Mulan PSL v2.
4  * You can use this software according to the terms and conditions of the Mulan PSL v2.
5  * You may obtain a copy of Mulan PSL v2 at:
6  *     http://license.coscl.org.cn/MulanPSL2
7  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8  * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9  * PURPOSE.
10  * See the Mulan PSL v2 for more details.
11  */
12 #include "load_app_comm.h"
13 #include <limits.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <securec.h>
17 #include <sys/mman.h>
18 #include "gtask_inner.h"
19 #include "service_manager.h"
20 #include "tee_log.h"
21 #include "target_type.h"
22 #include "tee_elf_verify.h"
23 #include "dynload.h"
24 
25 #include "load_v3_app.h"
26 
27 static elf_image_info g_img_info = { NULL, NULL, NULL, 0, 0, 0, -1, 0, { 0 }, false };
28 static elf_image_info *g_img_info_ptr = NULL;
29 
set_load_ta_mode_global_ptr(void)30 void set_load_ta_mode_global_ptr(void)
31 {
32     g_img_info_ptr = &g_img_info;
33 }
34 
get_img_info_ptr(void)35 elf_image_info *get_img_info_ptr(void)
36 {
37     return g_img_info_ptr;
38 }
39 
40 static tee_img_type_t get_img_type_v(const elf_verify_reply *verify_reply, uint32_t img_version);
41 static struct image_version_info g_images_attribute[] = {
42 #ifdef DYN_TA_SUPPORT_V3
43     {CIPHER_LAYER_VERSION, NULL, get_img_type_v, tee_secure_get_img_size_v3},
44 #endif
45 };
46 
set_service_attr(bool buildin,bool ta_64bit,tee_img_type_t img_type,struct service_attr * service_attr)47 static inline void set_service_attr(bool buildin, bool ta_64bit,
48                             tee_img_type_t img_type, struct service_attr *service_attr)
49 {
50     service_attr->build_in     = buildin;
51     service_attr->ta_64bit     = ta_64bit;
52     service_attr->img_type     = img_type;
53 }
54 
load_secure_app_image_general(tee_img_type_t img_type,const elf_verify_reply * verify_reply)55 static TEE_Result load_secure_app_image_general(tee_img_type_t img_type,
56     const elf_verify_reply *verify_reply)
57 {
58     struct service_attr service_attr;
59     bool ta_64bit = false;
60 
61     tlogi("TA: %s, UUID: %08x, ELF: %u, stack: %u, heap: %u, multi session: %s, keepalive: %s, singleInstance: %s, "\
62         "heap stack size page align :%s\n", (char *)verify_reply->service_name,
63         verify_reply->srv_uuid.timeLow,
64         verify_reply->payload_hdr.ta_elf_size, verify_reply->ta_property.stack_size,
65         verify_reply->ta_property.heap_size,
66         (verify_reply->ta_property.multi_session != 0) ? "Y" : "N",
67         (verify_reply->ta_property.instance_keep_alive != 0) ? "Y" : "N",
68         (verify_reply->ta_property.single_instance != 0) ? "Y" : "N",
69         (verify_reply->mani_ext.mem_page_align != 0) ? "Y" : "N");
70 
71     if (elf_param_check((uint32_t)(verify_reply->ta_property.stack_size),
72         (uint32_t)(verify_reply->ta_property.heap_size), verify_reply->payload_hdr.mani_ext_size) != 0) {
73         tloge("load_elf_param_check failed\n");
74         return TEE_ERROR_GENERIC;
75     }
76 
77     TEE_Result ret = varify_elf_arch((const char *)g_img_info_ptr->ptr_ta_elf,
78                                      verify_reply->payload_hdr.ta_elf_size, &ta_64bit);
79     if (ret != TEE_SUCCESS) {
80         tloge("varify elf architecture failed %x\n", ret);
81         return TEE_ERROR_GENERIC;
82     }
83     set_service_attr(false, ta_64bit, img_type, &service_attr);
84 
85     ret = load_elf_to_tee(&verify_reply->srv_uuid, (char *)verify_reply->service_name, false,
86         verify_reply->dyn_conf_registed, &service_attr);
87     if (ret != TEE_SUCCESS)
88         return ret;
89 
90     init_service_property(&verify_reply->srv_uuid, (uint32_t)verify_reply->ta_property.stack_size,
91         (uint32_t)verify_reply->ta_property.heap_size,
92         (bool)verify_reply->ta_property.single_instance,
93         (bool)verify_reply->ta_property.multi_session,
94         (bool)verify_reply->ta_property.instance_keep_alive,
95         (bool)verify_reply->mani_ext.ssa_enum_enable, (bool)verify_reply->mani_ext.mem_page_align,
96         (char *)g_img_info_ptr->ptr_manifest_buf, verify_reply->payload_hdr.mani_ext_size);
97 
98     if (memmove_s(g_img_info_ptr->img_buf, g_img_info_ptr->aligned_img_size, (const char *)g_img_info_ptr->ptr_ta_elf,
99         verify_reply->payload_hdr.ta_elf_size) != 0) {
100         tloge("move elf to file head failed\n");
101         return TEE_ERROR_GENERIC;
102     }
103 
104     return TEE_SUCCESS;
105 }
106 
load_secure_app_image(tee_img_type_t img_type,const elf_verify_reply * verify_reply)107 TEE_Result load_secure_app_image(tee_img_type_t img_type,
108     const elf_verify_reply *verify_reply)
109 {
110     TEE_Result ret;
111     if (verify_reply == NULL) {
112         tloge("bad parameters\n");
113         return TEE_ERROR_BAD_PARAMETERS;
114     }
115 
116     uint32_t i = 0;
117     for (; i < ARRAY_SIZE(g_images_attribute); i++) {
118         if (g_img_info_ptr->img_version == g_images_attribute[i].img_version) {
119             ret = load_secure_app_image_general(img_type, verify_reply);
120             if (ret != TEE_SUCCESS) {
121                 tloge("Failed to load TA image\n");
122                 return ret;
123             }
124             break;
125         }
126     }
127     if (i == ARRAY_SIZE(g_images_attribute)) {
128         tloge("Unsupported secure image version: %d\n", g_img_info_ptr->img_version);
129         return TEE_ERROR_NOT_SUPPORTED;
130     }
131     return TEE_SUCCESS;
132 }
133 
134 
tee_secure_img_permission_check(uint32_t img_version,elf_verify_reply * verify_reply)135 TEE_Result tee_secure_img_permission_check(uint32_t img_version, elf_verify_reply *verify_reply)
136 {
137     TEE_Result ret;
138 
139     if (verify_reply == NULL) {
140         tloge("bad parameters\n");
141         return TEE_ERROR_BAD_PARAMETERS;
142     }
143 
144     uint32_t i = 0;
145     for (; i < ARRAY_SIZE(g_images_attribute); i++) {
146         if (img_version == g_images_attribute[i].img_version) {
147             if (g_images_attribute[i].secure_img_permission_check == NULL)
148                 break;
149             ret = g_images_attribute[i].secure_img_permission_check(verify_reply);
150             if (ret != TEE_SUCCESS) {
151                 tloge("Failed to load TA image\n");
152                 return ret;
153             }
154             break;
155         }
156     }
157     if (i == ARRAY_SIZE(g_images_attribute)) {
158         tloge("Unknown image version error %u\n", img_version);
159         return TEE_ERROR_NOT_SUPPORTED;
160     }
161         return TEE_SUCCESS;
162 }
163 
get_img_type_v(const elf_verify_reply * verify_reply,uint32_t img_version)164 static tee_img_type_t get_img_type_v(const elf_verify_reply *verify_reply, uint32_t img_version)
165 {
166     tee_img_type_t ret = IMG_TYPE_MAX;
167     switch (img_version) {
168     case TA_SIGN_VERSION:
169     case TA_RSA2048_VERSION:
170     case CIPHER_LAYER_VERSION:
171         if (verify_reply->mani_ext.target_type == DRV_TARGET_TYPE &&
172             verify_reply->mani_ext.hardware_type == HARDWARE_ENGINE_CRYPTO)
173             ret = IMG_TYPE_CRYPTO_DRV;
174         else if (verify_reply->mani_ext.is_lib)
175             ret = IMG_TYPE_LIB;
176         else if (verify_reply->mani_ext.target_type == DRV_TARGET_TYPE)
177             ret = IMG_TYPE_DYNAMIC_DRV;
178         else if (verify_reply->mani_ext.target_type == SRV_TARGET_TYPE)
179             ret = IMG_TYPE_DYNAMIC_SRV;
180         else if (verify_reply->mani_ext.target_type == CLIENT_TARGET_TYPE)
181             ret = IMG_TYPE_DYNAMIC_CLIENT;
182         else
183             ret = IMG_TYPE_APP;
184         break;
185     default:
186         tloge("Unsupported secure image version: %d\n", img_version);
187         break;
188     }
189     return ret;
190 }
191 
tee_secure_get_img_type(const elf_verify_reply * verify_reply,uint32_t img_version)192 tee_img_type_t tee_secure_get_img_type(const elf_verify_reply *verify_reply, uint32_t img_version)
193 {
194     tee_img_type_t ret = IMG_TYPE_MAX;
195     uint32_t i = 0;
196 
197     if (verify_reply == NULL) {
198         tloge("bad parameters\n");
199         return ret;
200     }
201 
202     for (; i < ARRAY_SIZE(g_images_attribute); i++) {
203         if (img_version == g_images_attribute[i].img_version) {
204             ret = g_images_attribute[i].get_img_type(verify_reply, img_version);
205             break;
206         }
207     }
208     return ret;
209 }
210 
tee_secure_get_img_size(uint32_t img_version,uint8_t * share_buf,uint32_t buf_len,uint32_t * img_size)211 TEE_Result tee_secure_get_img_size(uint32_t img_version, uint8_t *share_buf, uint32_t buf_len, uint32_t *img_size)
212 {
213     TEE_Result ret;
214     if (share_buf == NULL || img_size == NULL) {
215         tloge("bad parameters\n");
216         return TEE_ERROR_BAD_PARAMETERS;
217     }
218 
219     uint32_t i = 0;
220     for (; i < ARRAY_SIZE(g_images_attribute); i++) {
221         if (img_version == g_images_attribute[i].img_version) {
222             if (g_images_attribute[i].get_img_size == NULL)
223                 break;
224             ret = g_images_attribute[i].get_img_size(share_buf, buf_len, img_size);
225             if (ret != TEE_SUCCESS) {
226                 tloge("Failed to load TA image\n");
227                 return ret;
228             }
229             break;
230         }
231     }
232     if (i == ARRAY_SIZE(g_images_attribute)) {
233         tloge("Unknown image version error %u\n", img_version);
234         return TEE_ERROR_NOT_SUPPORTED;
235     }
236     return ret;
237 }
238