core: add ta storage based on tadb

Adds ta storage based on tadb. The TAs has to be installed in tadb before they can be loaded. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
OP-TEE · Dec 1, 2017 · b7659f9 · b7659f9
1 parent 4447470
commit b7659f9
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 0 deletions.
diff --git a/core/arch/arm/kernel/secstor_ta.c b/core/arch/arm/kernel/secstor_ta.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+
+#include <tee/tadb.h>
+#include <kernel/user_ta.h>
+#include <initcall.h>
+#include "elf_load.h"
+
+static TEE_Result secstor_ta_open(const TEE_UUID *uuid,
+				  struct user_ta_store_handle **handle)
+{
+	TEE_Result res;
+	struct tee_tadb_ta_read *ta;
+	size_t l;
+	const struct tee_tadb_property *prop;
+
+	res = tee_tadb_ta_open(uuid, &ta);
+	if (res)
+		return res;
+	prop = tee_tadb_ta_get_property(ta);
+
+	l = prop->custom_size;
+	res = tee_tadb_ta_read(ta, NULL, &l);
+	if (res)
+		goto err;
+	if (l != prop->custom_size)
+		goto err;
+
+	*handle = (struct user_ta_store_handle *)ta;
+
+	return TEE_SUCCESS;
+err:
+	tee_tadb_ta_close(ta);
+	return res;
+}
+
+static TEE_Result secstor_ta_get_size(const struct user_ta_store_handle *h,
+				      size_t *size)
+{
+	struct tee_tadb_ta_read *ta = (struct tee_tadb_ta_read *)h;
+	const struct tee_tadb_property *prop = tee_tadb_ta_get_property(ta);
+
+	*size = prop->bin_size;
+
+	return TEE_SUCCESS;
+}
+
+static TEE_Result secstor_ta_read(struct user_ta_store_handle *h, void *data,
+				  size_t len)
+{
+	struct tee_tadb_ta_read *ta = (struct tee_tadb_ta_read *)h;
+	size_t l = len;
+	TEE_Result res = tee_tadb_ta_read(ta, data, &l);
+
+	if (res)
+		return res;
+	if (l != len)
+		return TEE_ERROR_BAD_PARAMETERS;
+
+	return TEE_SUCCESS;
+}
+
+static void secstor_ta_close(struct user_ta_store_handle *h)
+{
+	struct tee_tadb_ta_read *ta = (struct tee_tadb_ta_read *)h;
+
+	tee_tadb_ta_close(ta);
+}
+
+static struct user_ta_store_ops ops = {
+	.description = "Secure Storage TA",
+	.open = secstor_ta_open,
+	.get_size = secstor_ta_get_size,
+	.read = secstor_ta_read,
+	.close = secstor_ta_close,
+	.priority = 9,
+};
+
+static TEE_Result secstor_ta_init(void)
+{
+	return tee_ta_register_ta_store(&ops);
+}
+
+service_init(secstor_ta_init);
diff --git a/core/arch/arm/kernel/sub.mk b/core/arch/arm/kernel/sub.mk
@@ -2,6 +2,7 @@ ifeq ($(CFG_WITH_USER_TA),y)
 srcs-y += user_ta.c
 srcs-$(CFG_REE_FS_TA) += ree_fs_ta.c
 srcs-$(CFG_EARLY_TA) += early_ta.c
+srcs-$(CFG_SECSTOR_TA) += secstor_ta.c
 endif
 srcs-y += pseudo_ta.c
 srcs-y += elf_load.c

diff --git a/mk/config.mk b/mk/config.mk
@@ -271,6 +271,11 @@ CFG_GP_SOCKETS ?= y
 # invocation parameters referring to specific secure memories).
 CFG_SECURE_DATA_PATH ?= n
 
+# Enable storage for TAs in secure storage, depends on CFG_REE_FS=y
+# TA binaries are stored encrypted in the REE FS and are protected by
+# metadata in secure storage.
+CFG_SECSTOR_TA ?= y
+
 # Define the number of cores per cluster used in calculating core position.
 # The cluster number is shifted by this value and added to the core ID,
 # so its value represents log2(cores/cluster).