1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
/* SPDX-License-Identifier: BSD-2-Clause */
/*
* Copyright (c) 2018-2019, Linaro Limited
*/
#ifndef __PTA_SYSTEM_H
#define __PTA_SYSTEM_H
#include <util.h>
/*
* Interface to the pseudo TA, which is provides misc. auxiliary services,
* extending existing GlobalPlatform Core API
*/
#define PTA_SYSTEM_UUID { 0x3a2f8978, 0x5dc0, 0x11e8, { \
0x9c, 0x2d, 0xfa, 0x7a, 0xe0, 0x1b, 0xbe, 0xbc } }
/*
* Having keys with too few bits impose a potential security risk, hence set a
* lower bound of 128 bits.
*/
#define TA_DERIVED_KEY_MIN_SIZE 16
/* Same value as max in huk_subkey_derive */
#define TA_DERIVED_KEY_MAX_SIZE 32
#define TA_DERIVED_EXTRA_DATA_MAX_SIZE 1024
/*
* Add (re-seed) caller-provided entropy to the RNG pool. Keymaster
* implementations need to securely mix the provided entropy into their pool,
* which also must contain internally-generated entropy from a hardware random
* number generator.
*
* [in] memref[0]: entropy input data
*/
#define PTA_SYSTEM_ADD_RNG_ENTROPY 0
/*
* Derives a device and TA unique key. The caller can also provide extra data
* that will be mixed together with existing device unique properties. If no
* extra data is provided, then the derived key will only use device unique
* properties and caller TA UUID.
*
* [in] params[0].memref.buffer Buffer for extra data
* [in] params[0].memref.size Size of extra data (max 1024 bytes)
* [out] params[1].memref.buffer Buffer for the derived key
* [out] params[1].memref.size Size of the derived key (16 to 32 bytes)
*/
#define PTA_SYSTEM_DERIVE_TA_UNIQUE_KEY 1
/* Memory can be shared with other TAs */
#define PTA_SYSTEM_MAP_FLAG_SHAREABLE BIT32(0)
/* Read/write memory */
#define PTA_SYSTEM_MAP_FLAG_WRITEABLE BIT32(1)
/* Executable memory */
#define PTA_SYSTEM_MAP_FLAG_EXECUTABLE BIT32(2)
/*
* Map zero initialized memory
*
* [in] value[0].a: Number of bytes
* [in] value[0].b: Flags, 0 or PTA_SYSTEM_MAP_FLAG_SHAREABLE
* [out] value[1].a: Address upper 32-bits
* [out] value[1].b: Address lower 32-bits
* [in] value[2].a: Extra pad before memory range
* [in] value[2].b: Extra pad after memory range
*/
#define PTA_SYSTEM_MAP_ZI 2
/*
* Unmap memory
*
* [in] value[0].a: Number of bytes
* [in] value[0].b: Must be 0
* [in] value[1].a: Address upper 32-bits
* [in] value[1].b: Address lower 32-bits
*/
#define PTA_SYSTEM_UNMAP 3
/*
* Find and opens an TA binary and return a handle
*
* [in] memref[0]: UUID of TA binary
* [out] value[1].a: Handle to TA binary
* [out] value[1].b: 0
*/
#define PTA_SYSTEM_OPEN_TA_BINARY 4
/*
* Close an TA binary handle
*
* When a TA is done mapping new parts of an TA binary it closes the handle
* to free resources, established mappings remains.
*
* [in] value[1].a: Handle to TA binary
* [in] value[1].b: Must be 0
*
* Returns TEE_SUCCESS if the TA binary was verified successfully.
*/
#define PTA_SYSTEM_CLOSE_TA_BINARY 5
/*
* Map segment of TA binary
*
* Different parts of an TA binary file needs different permissions.
* Read-write mapped parts are private to the TA, while read-only (which
* includes execute) mapped parts are shared with other TAs. This is
* transparent to the TA. If the supplied address in value[3] is 0 a
* suitable address is selected, else it will either be mapped at that
* address of an error is returned.
*
* [in] value[0].a: Handle to TA binary
* [in] value[0].b: Flags, PTA_SYSTEM_MAP_FLAG_*
* [in] value[1].a: Offset into TA binary, must be page aligned
* [in] value[1].b: Number of bytes, the last page will be zero
* extended if not page aligned
* [in/out] value[2].a: Address upper 32-bits
* [in/out] value[2].b: Address lower 32-bits
* [in] value[3].a: Extra pad before memory range
* [in] value[3].b: Extra pad after memory range
*/
#define PTA_SYSTEM_MAP_TA_BINARY 6
/*
* Copy a memory range from TA binary
*
* [in] value[0].a: Handle to TA binary
* [in] value[0].b: Offset into TA binary
* [out] memref[1]: Destination
*/
#define PTA_SYSTEM_COPY_FROM_TA_BINARY 7
/*
* Set memory protection
*
* [in] value[0].a: Number of bytes
* [in] value[0].b: Flags, PTA_SYSTEM_MAP_FLAG_*
* [in] value[1].a: Address upper 32-bits
* [in] value[1].b: Address lower 32-bits
*/
#define PTA_SYSTEM_SET_PROT 8
/*
* Remap a segment of a TA mapping
*
* Moves an already mapped segment of a TA to a new address. If the
* supplied new address is 0 a suitable address is selected, else it will
* either be mapped at that address or an error is returned.
*
* [in] value[0].a: Number of bytes, must match length rounded up to
* closest page of original mapping
* [in] value[0].b: Must be 0
* [in] value[1].a: Old address upper 32-bits
* [in] value[1].b: Old address lower 32-bits
* [in/out] value[2].a: New address upper 32-bits
* [in/out] value[2].b: New address lower 32-bits
* [in] value[3].a: Extra pad before memory range
* [in] value[3].b: Extra pad after memory range
*/
#define PTA_SYSTEM_REMAP 9
#endif /* __PTA_SYSTEM_H */
|
