GXL: defendkey: support secure upgrade check [2/3]

PD#SWPL-2100 Problem: GXL need to support secure upgrade check Solution: 1.add dtb decrypt support 2.add 32bit defendkey support Verify: GXL skt board verify pass Change-Id: I501967530b2a61d9b90c20241b82f92b00829453 Signed-off-by: Zhongfu Luo <zhongfu.luo@amlogic.com>
2026-06-07 11:26:02 +09:00 · 2018-11-21 18:14:23 +08:00
parent fd1fffe27c
commit 7b490782b9
2 changed files with 61 additions and 13 deletions
--- a/arch/arm/configs/meson64_a32_defconfig
+++ b/arch/arm/configs/meson64_a32_defconfig
@@ -366,6 +366,7 @@ CONFIG_AMLOGIC_GPIO_IRQ=y
 CONFIG_AMLOGIC_ATV_DEMOD=y
 CONFIG_AMLOGIC_DEBUG=y
 CONFIG_AMLOGIC_DEBUG_LOCKUP=y
+CONFIG_AMLOGIC_DEFENDKEY=y
 CONFIG_AMLOGIC_BATTERY_DUMMY=y
 CONFIG_AMLOGIC_CHARGER_DUMMY=y
 CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
--- a/drivers/amlogic/defendkey/defendkey.c
+++ b/drivers/amlogic/defendkey/defendkey.c
@@ -41,6 +41,10 @@
 void __iomem *mem_base_virt;
 unsigned long mem_size;
 unsigned long random_virt;
+static struct reserved_mem defendkey_rmem;
+
+#define CMD_SECURE_CHECK _IO('d', 0x01)
+#define CMD_DECRYPT_DTB  _IO('d', 0x02)

 enum e_defendkey_type {
 	e_upgrade_check = 0,
@@ -83,7 +87,27 @@ static loff_t defendkey_llseek(struct file *filp, loff_t off, int whence)
 static long defendkey_unlocked_ioctl(struct file *file,
 	unsigned int cmd, unsigned long arg)
 {
-	return 0;
+	unsigned long ret = 0;
+
+	switch (cmd) {
+	case CMD_SECURE_CHECK:
+		ret = aml_is_secure_set();
+		break;
+	case CMD_DECRYPT_DTB:
+		if (arg == 1)
+			decrypt_dtb = 1;
+		else if (arg == 0)
+			decrypt_dtb = 0;
+		else {
+			return -EINVAL;
+			pr_info("set defendkey decrypt_dtb fail,invalid value\n");
+		}
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return ret;
 }

 #ifdef CONFIG_COMPAT
@@ -124,7 +148,7 @@ static ssize_t defendkey_read(struct file *file,
 					__func__, ret);
 				return ret_fail;
 			}
-		__dma_flush_area((const void *)mem_base_virt, copy_size);
+		//__dma_flush_area((const void *)mem_base_virt, copy_size);
 		}
 		if (!ret) {
 			pr_info("%s: copy data to user successfully!\n",
@@ -143,11 +167,12 @@ static ssize_t defendkey_write(struct file *file,
 	ssize_t ret_value = ret_error;
 	int ret = -EINVAL;

-	unsigned long mem_base_phy, copy_base, copy_size, random;
-	unsigned long option = 0;
+	unsigned long mem_base_phy, copy_base, copy_size;
+	uint64_t option = 0, random = 0, option_random = 0;
 	int i;

-	mem_base_phy = get_sharemem_info(GET_SHARE_MEM_INPUT_BASE);
+
+	mem_base_phy = defendkey_rmem.base;
 	mem_base_virt = phys_to_virt(mem_base_phy);

 	if (!mem_base_phy || !mem_size) {
@@ -161,6 +186,12 @@ static ssize_t defendkey_write(struct file *file,

 	random = readl((void *)random_virt);

+#ifdef	CONFIG_ARM64_A32
+	option_random = (random << 8);
+#endif
+
+	option_random |= (random << 32);
+
 	for (i = 0; i <= count/mem_size; i++) {
 		copy_size = mem_size;
 		copy_base = (unsigned long)buf+i*mem_size;
@@ -173,7 +204,7 @@ static ssize_t defendkey_write(struct file *file,
 			ret =  -EFAULT;
 			goto exit;
 		}
-		__dma_flush_area((const void *)mem_base_virt, copy_size);
+		//__dma_flush_area((const void *)mem_base_virt, copy_size);

 		if (i == 0) {
 			option = 1;
@@ -181,19 +212,19 @@ static ssize_t defendkey_write(struct file *file,
 				/*just transfer data to BL31 one time*/
 				option = 1|2|4;
 			}
-			option |= (random<<32);
+			option |= option_random;
 		} else if ((i > 0) && (i < (count/mem_size))) {
-			option = 2|(random<<32);
+			option = 2|option_random;
 			if ((count%mem_size == 0) &&
 				(i == (count/mem_size - 1)))
-				option = 4|(random<<32);
+				option = 4|option_random;
 		} else if (i == (count/mem_size)) {
 			if (count%mem_size != 0)
-				option = 4|(random<<32);
+				option = 4|option_random;
 			else
 				break;
 		}
-		pr_info("defendkey:%d: copy_size:0x%lx, option:0x%lx\n",
+		pr_info("defendkey:%d: copy_size:0x%lx, option:0x%llx\n",
 			__LINE__, copy_size, option);
 		pr_info("decrypt_dtb: %d\n", decrypt_dtb);
 		if (e_decrypt_dtb == decrypt_dtb)
@@ -277,8 +308,7 @@ static ssize_t decrypt_dtb_store(struct class *cla,
 		len = count;

 	if (!strncmp(buf, "1", len)) {
-		//decrypt_dtb = 1;
-		pr_info("current BL31 share memory size not support decrypt_dtb\n");
+		decrypt_dtb = 1;
 	} else if (!strncmp(buf, "0", len))
 		decrypt_dtb = 0;
 	else {
@@ -313,6 +343,18 @@ static struct class defendkey_class = {
 	.class_attrs = defendkey_class_attrs,
 };

+static int __init rmem_defendkey_setup(struct reserved_mem *rmem)
+{
+	defendkey_rmem.base = rmem->base;
+	defendkey_rmem.size = rmem->size;
+
+	pr_info("Reserved memory: created defendkey at 0x%p, size %ld MiB\n",
+		     (void *)rmem->base, (unsigned long)rmem->size / SZ_1M);
+
+	return 0;
+}
+RESERVEDMEM_OF_DECLARE(defendkey, "amlogic, defendkey", rmem_defendkey_setup);
+
 static int aml_defendkey_probe(struct platform_device *pdev)
 {
 	int ret =  -1;
@@ -334,7 +376,12 @@ static int aml_defendkey_probe(struct platform_device *pdev)
 		dev_err(&pdev->dev, "please config mem_size in dts\n");
 		goto error1;
 	}
+
 	mem_size = val64;
+	if (mem_size > defendkey_rmem.size) {
+		dev_err(&pdev->dev, "Reserved memory is not enough!\n");
+		return -EINVAL;
+	}

 	res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
 	if (IS_ERR(res)) {