From bd0c2f8d99533f2fa497444e7b8c52ac0a3d76cd Mon Sep 17 00:00:00 2001 From: Mustafa Yigit Bilgen Date: Mon, 3 Dec 2018 15:53:38 -0800 Subject: [PATCH] spd: tlkd: support new TLK SMCs for RPMB service This patch adds support to handle following TLK SMCs: {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE} These SMCs need to be supported in ATF in order to forward them to TLK. Otherwise, these functionalities won't work. Brief: TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its version to TLK. TLK can use this to prevent rollback attacks. TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off execution to the OS. This allows preventing sensitive SMCs being used by the OS. TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB frames. Tested by: Tests TLK can receive the new SMCs issued by bootloader Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944 Signed-off-by: Mustafa Yigit Bilgen --- include/bl32/payloads/tlk.h | 3 +++ services/spd/tlkd/tlkd_main.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/include/bl32/payloads/tlk.h b/include/bl32/payloads/tlk.h index 5162d1340..290f32923 100644 --- a/include/bl32/payloads/tlk.h +++ b/include/bl32/payloads/tlk.h @@ -24,6 +24,9 @@ #define TLK_SS_REGISTER_HANDLER TLK_TOS_YIELD_FID(0x3) #define TLK_REGISTER_NS_DRAM_RANGES TLK_TOS_YIELD_FID(0x4) #define TLK_SET_ROOT_OF_TRUST TLK_TOS_YIELD_FID(0x5) +#define TLK_SET_BL_VERSION TLK_TOS_YIELD_FID(0x6) +#define TLK_LOCK_BL_INTERFACE TLK_TOS_YIELD_FID(0x7) +#define TLK_BL_RPMB_SERVICE TLK_TOS_YIELD_FID(0x8) #define TLK_RESUME_FID TLK_TOS_YIELD_FID(0x100) #define TLK_SYSTEM_SUSPEND TLK_TOS_YIELD_FID(0xE001) #define TLK_SYSTEM_RESUME TLK_TOS_YIELD_FID(0xE002) diff --git a/services/spd/tlkd/tlkd_main.c b/services/spd/tlkd/tlkd_main.c index 481bb69e3..ecac43522 100644 --- a/services/spd/tlkd/tlkd_main.c +++ b/services/spd/tlkd/tlkd_main.c @@ -272,6 +272,9 @@ static uintptr_t tlkd_smc_handler(uint32_t smc_fid, case TLK_TA_LAUNCH_OP: case TLK_TA_SEND_EVENT: case TLK_RESUME_FID: + case TLK_SET_BL_VERSION: + case TLK_LOCK_BL_INTERFACE: + case TLK_BL_RPMB_SERVICE: if (!ns) SMC_RET1(handle, SMC_UNK);