1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Turris Mox rWTM firmware driver 4 * 5 * Copyright (C) 2019, 2024 Marek Behún <kabel@kernel.org> 6 */ 7 8 #include <crypto/sha2.h> 9 #include <linux/align.h> 10 #include <linux/armada-37xx-rwtm-mailbox.h> 11 #include <linux/completion.h> 12 #include <linux/container_of.h> 13 #include <linux/debugfs.h> 14 #include <linux/device.h> 15 #include <linux/dma-mapping.h> 16 #include <linux/err.h> 17 #include <linux/fs.h> 18 #include <linux/hw_random.h> 19 #include <linux/if_ether.h> 20 #include <linux/kobject.h> 21 #include <linux/mailbox_client.h> 22 #include <linux/minmax.h> 23 #include <linux/module.h> 24 #include <linux/mutex.h> 25 #include <linux/platform_device.h> 26 #include <linux/sizes.h> 27 #include <linux/sysfs.h> 28 #include <linux/types.h> 29 30 #define DRIVER_NAME "turris-mox-rwtm" 31 32 #define RWTM_DMA_BUFFER_SIZE SZ_4K 33 34 /* 35 * The macros and constants below come from Turris Mox's rWTM firmware code. 36 * This firmware is open source and it's sources can be found at 37 * https://gitlab.labs.nic.cz/turris/mox-boot-builder/tree/master/wtmi. 38 */ 39 40 #define MOX_ECC_NUMBER_WORDS 17 41 #define MOX_ECC_NUMBER_LEN (MOX_ECC_NUMBER_WORDS * sizeof(u32)) 42 43 #define MOX_ECC_SIGNATURE_WORDS (2 * MOX_ECC_NUMBER_WORDS) 44 45 #define MBOX_STS_SUCCESS (0 << 30) 46 #define MBOX_STS_FAIL (1 << 30) 47 #define MBOX_STS_BADCMD (2 << 30) 48 #define MBOX_STS_ERROR(s) ((s) & (3 << 30)) 49 #define MBOX_STS_VALUE(s) (((s) >> 10) & 0xfffff) 50 #define MBOX_STS_CMD(s) ((s) & 0x3ff) 51 52 enum mbox_cmd { 53 MBOX_CMD_GET_RANDOM = 1, 54 MBOX_CMD_BOARD_INFO = 2, 55 MBOX_CMD_ECDSA_PUB_KEY = 3, 56 MBOX_CMD_HASH = 4, 57 MBOX_CMD_SIGN = 5, 58 MBOX_CMD_VERIFY = 6, 59 60 MBOX_CMD_OTP_READ = 7, 61 MBOX_CMD_OTP_WRITE = 8, 62 }; 63 64 /** 65 * struct mox_rwtm - driver private data structure 66 * @mbox_client: rWTM mailbox client 67 * @mbox: rWTM mailbox channel 68 * @hwrng: RNG driver structure 69 * @reply: last mailbox reply, filled in receive callback 70 * @buf: DMA buffer 71 * @buf_phys: physical address of the DMA buffer 72 * @busy: mutex to protect mailbox command execution 73 * @cmd_done: command done completion 74 * @has_board_info: whether board information is present 75 * @serial_number: serial number of the device 76 * @board_version: board version / revision of the device 77 * @ram_size: RAM size of the device 78 * @mac_address1: first MAC address of the device 79 * @mac_address2: second MAC address of the device 80 * @has_pubkey: whether board ECDSA public key is present 81 * @pubkey: board ECDSA public key 82 * @last_sig: last ECDSA signature generated with board ECDSA private key 83 * @last_sig_done: whether the last ECDSA signing is complete 84 */ 85 struct mox_rwtm { 86 struct mbox_client mbox_client; 87 struct mbox_chan *mbox; 88 struct hwrng hwrng; 89 90 struct armada_37xx_rwtm_rx_msg reply; 91 92 void *buf; 93 dma_addr_t buf_phys; 94 95 struct mutex busy; 96 struct completion cmd_done; 97 98 bool has_board_info; 99 u64 serial_number; 100 int board_version, ram_size; 101 u8 mac_address1[ETH_ALEN], mac_address2[ETH_ALEN]; 102 103 bool has_pubkey; 104 u8 pubkey[135]; 105 106 #ifdef CONFIG_DEBUG_FS 107 /* 108 * Signature process. This is currently done via debugfs, because it 109 * does not conform to the sysfs standard "one file per attribute". 110 * It should be rewritten via crypto API once akcipher API is available 111 * from userspace. 112 */ 113 u32 last_sig[MOX_ECC_SIGNATURE_WORDS]; 114 bool last_sig_done; 115 #endif 116 }; 117 118 static inline struct device *rwtm_dev(struct mox_rwtm *rwtm) 119 { 120 return rwtm->mbox_client.dev; 121 } 122 123 #define MOX_ATTR_RO(name, format, cat) \ 124 static ssize_t \ 125 name##_show(struct device *dev, struct device_attribute *a, \ 126 char *buf) \ 127 { \ 128 struct mox_rwtm *rwtm = dev_get_drvdata(dev); \ 129 if (!rwtm->has_##cat) \ 130 return -ENODATA; \ 131 return sysfs_emit(buf, format, rwtm->name); \ 132 } \ 133 static DEVICE_ATTR_RO(name) 134 135 MOX_ATTR_RO(serial_number, "%016llX\n", board_info); 136 MOX_ATTR_RO(board_version, "%i\n", board_info); 137 MOX_ATTR_RO(ram_size, "%i\n", board_info); 138 MOX_ATTR_RO(mac_address1, "%pM\n", board_info); 139 MOX_ATTR_RO(mac_address2, "%pM\n", board_info); 140 MOX_ATTR_RO(pubkey, "%s\n", pubkey); 141 142 static struct attribute *turris_mox_rwtm_attrs[] = { 143 &dev_attr_serial_number.attr, 144 &dev_attr_board_version.attr, 145 &dev_attr_ram_size.attr, 146 &dev_attr_mac_address1.attr, 147 &dev_attr_mac_address2.attr, 148 &dev_attr_pubkey.attr, 149 NULL 150 }; 151 ATTRIBUTE_GROUPS(turris_mox_rwtm); 152 153 static int mox_get_status(enum mbox_cmd cmd, u32 retval) 154 { 155 if (MBOX_STS_CMD(retval) != cmd) 156 return -EIO; 157 else if (MBOX_STS_ERROR(retval) == MBOX_STS_FAIL) 158 return -(int)MBOX_STS_VALUE(retval); 159 else if (MBOX_STS_ERROR(retval) == MBOX_STS_BADCMD) 160 return -EOPNOTSUPP; 161 else if (MBOX_STS_ERROR(retval) != MBOX_STS_SUCCESS) 162 return -EIO; 163 else 164 return MBOX_STS_VALUE(retval); 165 } 166 167 static void mox_rwtm_rx_callback(struct mbox_client *cl, void *data) 168 { 169 struct mox_rwtm *rwtm = dev_get_drvdata(cl->dev); 170 struct armada_37xx_rwtm_rx_msg *msg = data; 171 172 if (completion_done(&rwtm->cmd_done)) 173 return; 174 175 rwtm->reply = *msg; 176 complete(&rwtm->cmd_done); 177 } 178 179 static int mox_rwtm_exec(struct mox_rwtm *rwtm, enum mbox_cmd cmd, 180 struct armada_37xx_rwtm_tx_msg *msg, 181 bool interruptible) 182 { 183 struct armada_37xx_rwtm_tx_msg _msg = {}; 184 int ret; 185 186 if (!msg) 187 msg = &_msg; 188 189 msg->command = cmd; 190 191 ret = mbox_send_message(rwtm->mbox, msg); 192 if (ret < 0) 193 return ret; 194 195 if (interruptible) { 196 ret = wait_for_completion_interruptible(&rwtm->cmd_done); 197 if (ret < 0) 198 return ret; 199 } else { 200 if (!wait_for_completion_timeout(&rwtm->cmd_done, HZ / 2)) 201 return -ETIMEDOUT; 202 } 203 204 return mox_get_status(cmd, rwtm->reply.retval); 205 } 206 207 static void reply_to_mac_addr(u8 *mac, u32 t1, u32 t2) 208 { 209 mac[0] = t1 >> 8; 210 mac[1] = t1; 211 mac[2] = t2 >> 24; 212 mac[3] = t2 >> 16; 213 mac[4] = t2 >> 8; 214 mac[5] = t2; 215 } 216 217 static int mox_get_board_info(struct mox_rwtm *rwtm) 218 { 219 struct device *dev = rwtm_dev(rwtm); 220 struct armada_37xx_rwtm_rx_msg *reply = &rwtm->reply; 221 int ret; 222 223 ret = mox_rwtm_exec(rwtm, MBOX_CMD_BOARD_INFO, NULL, false); 224 if (ret == -ENODATA) { 225 dev_warn(dev, 226 "Board does not have manufacturing information burned!\n"); 227 } else if (ret == -EOPNOTSUPP) { 228 dev_notice(dev, 229 "Firmware does not support the BOARD_INFO command\n"); 230 } else if (ret < 0) { 231 return ret; 232 } else { 233 rwtm->serial_number = reply->status[1]; 234 rwtm->serial_number <<= 32; 235 rwtm->serial_number |= reply->status[0]; 236 rwtm->board_version = reply->status[2]; 237 rwtm->ram_size = reply->status[3]; 238 reply_to_mac_addr(rwtm->mac_address1, reply->status[4], 239 reply->status[5]); 240 reply_to_mac_addr(rwtm->mac_address2, reply->status[6], 241 reply->status[7]); 242 rwtm->has_board_info = true; 243 244 pr_info("Turris Mox serial number %016llX\n", 245 rwtm->serial_number); 246 pr_info(" board version %i\n", rwtm->board_version); 247 pr_info(" burned RAM size %i MiB\n", rwtm->ram_size); 248 } 249 250 ret = mox_rwtm_exec(rwtm, MBOX_CMD_ECDSA_PUB_KEY, NULL, false); 251 if (ret == -ENODATA) { 252 dev_warn(dev, "Board has no public key burned!\n"); 253 } else if (ret == -EOPNOTSUPP) { 254 dev_notice(dev, 255 "Firmware does not support the ECDSA_PUB_KEY command\n"); 256 } else if (ret < 0) { 257 return ret; 258 } else { 259 u32 *s = reply->status; 260 261 rwtm->has_pubkey = true; 262 sprintf(rwtm->pubkey, 263 "%06x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x", 264 ret, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], 265 s[8], s[9], s[10], s[11], s[12], s[13], s[14], s[15]); 266 } 267 268 return 0; 269 } 270 271 static int check_get_random_support(struct mox_rwtm *rwtm) 272 { 273 struct armada_37xx_rwtm_tx_msg msg = { 274 .args = { 1, rwtm->buf_phys, 4 }, 275 }; 276 277 return mox_rwtm_exec(rwtm, MBOX_CMD_GET_RANDOM, &msg, false); 278 } 279 280 static int mox_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) 281 { 282 struct mox_rwtm *rwtm = container_of(rng, struct mox_rwtm, hwrng); 283 struct armada_37xx_rwtm_tx_msg msg = { 284 .args = { 1, rwtm->buf_phys, ALIGN(max, 4) }, 285 }; 286 int ret; 287 288 max = min(max, RWTM_DMA_BUFFER_SIZE); 289 290 if (!wait) { 291 if (!mutex_trylock(&rwtm->busy)) 292 return -EBUSY; 293 } else { 294 mutex_lock(&rwtm->busy); 295 } 296 297 ret = mox_rwtm_exec(rwtm, MBOX_CMD_GET_RANDOM, &msg, true); 298 if (ret < 0) 299 goto unlock_mutex; 300 301 memcpy(data, rwtm->buf, max); 302 ret = max; 303 304 unlock_mutex: 305 mutex_unlock(&rwtm->busy); 306 return ret; 307 } 308 309 #ifdef CONFIG_DEBUG_FS 310 static int rwtm_debug_open(struct inode *inode, struct file *file) 311 { 312 file->private_data = inode->i_private; 313 314 return nonseekable_open(inode, file); 315 } 316 317 static ssize_t do_sign_read(struct file *file, char __user *buf, size_t len, 318 loff_t *ppos) 319 { 320 struct mox_rwtm *rwtm = file->private_data; 321 ssize_t ret; 322 323 /* only allow one read, of whole signature, from position 0 */ 324 if (*ppos != 0) 325 return 0; 326 327 if (len < sizeof(rwtm->last_sig)) 328 return -EINVAL; 329 330 if (!rwtm->last_sig_done) 331 return -ENODATA; 332 333 ret = simple_read_from_buffer(buf, len, ppos, rwtm->last_sig, 334 sizeof(rwtm->last_sig)); 335 rwtm->last_sig_done = false; 336 337 return ret; 338 } 339 340 static ssize_t do_sign_write(struct file *file, const char __user *buf, 341 size_t len, loff_t *ppos) 342 { 343 struct mox_rwtm *rwtm = file->private_data; 344 struct armada_37xx_rwtm_tx_msg msg; 345 loff_t dummy = 0; 346 ssize_t ret; 347 348 if (len != SHA512_DIGEST_SIZE) 349 return -EINVAL; 350 351 /* if last result is not zero user has not read that information yet */ 352 if (rwtm->last_sig_done) 353 return -EBUSY; 354 355 if (!mutex_trylock(&rwtm->busy)) 356 return -EBUSY; 357 358 /* 359 * Here we have to send: 360 * 1. Address of the input to sign. 361 * The input is an array of 17 32-bit words, the first (most 362 * significat) is 0, the rest 16 words are copied from the SHA-512 363 * hash given by the user and converted from BE to LE. 364 * 2. Address of the buffer where ECDSA signature value R shall be 365 * stored by the rWTM firmware. 366 * 3. Address of the buffer where ECDSA signature value S shall be 367 * stored by the rWTM firmware. 368 */ 369 memset(rwtm->buf, 0, sizeof(u32)); 370 ret = simple_write_to_buffer(rwtm->buf + sizeof(u32), 371 SHA512_DIGEST_SIZE, &dummy, buf, len); 372 if (ret < 0) 373 goto unlock_mutex; 374 be32_to_cpu_array(rwtm->buf, rwtm->buf, MOX_ECC_NUMBER_WORDS); 375 376 msg.args[0] = 1; 377 msg.args[1] = rwtm->buf_phys; 378 msg.args[2] = rwtm->buf_phys + MOX_ECC_NUMBER_LEN; 379 msg.args[3] = rwtm->buf_phys + 2 * MOX_ECC_NUMBER_LEN; 380 381 ret = mox_rwtm_exec(rwtm, MBOX_CMD_SIGN, &msg, true); 382 if (ret < 0) 383 goto unlock_mutex; 384 385 /* 386 * Here we read the R and S values of the ECDSA signature 387 * computed by the rWTM firmware and convert their words from 388 * LE to BE. 389 */ 390 memcpy(rwtm->last_sig, rwtm->buf + MOX_ECC_NUMBER_LEN, 391 sizeof(rwtm->last_sig)); 392 cpu_to_be32_array(rwtm->last_sig, rwtm->last_sig, 393 MOX_ECC_SIGNATURE_WORDS); 394 rwtm->last_sig_done = true; 395 396 mutex_unlock(&rwtm->busy); 397 return len; 398 unlock_mutex: 399 mutex_unlock(&rwtm->busy); 400 return ret; 401 } 402 403 static const struct file_operations do_sign_fops = { 404 .owner = THIS_MODULE, 405 .open = rwtm_debug_open, 406 .read = do_sign_read, 407 .write = do_sign_write, 408 }; 409 410 static void rwtm_debugfs_release(void *root) 411 { 412 debugfs_remove_recursive(root); 413 } 414 415 static void rwtm_register_debugfs(struct mox_rwtm *rwtm) 416 { 417 struct dentry *root; 418 419 root = debugfs_create_dir("turris-mox-rwtm", NULL); 420 421 debugfs_create_file_unsafe("do_sign", 0600, root, rwtm, &do_sign_fops); 422 423 devm_add_action_or_reset(rwtm_dev(rwtm), rwtm_debugfs_release, root); 424 } 425 #else 426 static inline void rwtm_register_debugfs(struct mox_rwtm *rwtm) 427 { 428 } 429 #endif 430 431 static void rwtm_devm_mbox_release(void *mbox) 432 { 433 mbox_free_channel(mbox); 434 } 435 436 static void rwtm_firmware_symlink_drop(void *parent) 437 { 438 sysfs_remove_link(parent, DRIVER_NAME); 439 } 440 441 static int turris_mox_rwtm_probe(struct platform_device *pdev) 442 { 443 struct mox_rwtm *rwtm; 444 struct device *dev = &pdev->dev; 445 int ret; 446 447 rwtm = devm_kzalloc(dev, sizeof(*rwtm), GFP_KERNEL); 448 if (!rwtm) 449 return -ENOMEM; 450 451 rwtm->buf = dmam_alloc_coherent(dev, RWTM_DMA_BUFFER_SIZE, 452 &rwtm->buf_phys, GFP_KERNEL); 453 if (!rwtm->buf) 454 return -ENOMEM; 455 456 platform_set_drvdata(pdev, rwtm); 457 458 ret = devm_mutex_init(dev, &rwtm->busy); 459 if (ret) 460 return ret; 461 462 init_completion(&rwtm->cmd_done); 463 464 rwtm->mbox_client.dev = dev; 465 rwtm->mbox_client.rx_callback = mox_rwtm_rx_callback; 466 467 rwtm->mbox = mbox_request_channel(&rwtm->mbox_client, 0); 468 if (IS_ERR(rwtm->mbox)) 469 return dev_err_probe(dev, PTR_ERR(rwtm->mbox), 470 "Cannot request mailbox channel!\n"); 471 472 ret = devm_add_action_or_reset(dev, rwtm_devm_mbox_release, rwtm->mbox); 473 if (ret) 474 return ret; 475 476 ret = mox_get_board_info(rwtm); 477 if (ret < 0) 478 dev_warn(dev, "Cannot read board information: %i\n", ret); 479 480 ret = check_get_random_support(rwtm); 481 if (ret < 0) { 482 dev_notice(dev, 483 "Firmware does not support the GET_RANDOM command\n"); 484 return ret; 485 } 486 487 rwtm->hwrng.name = DRIVER_NAME "_hwrng"; 488 rwtm->hwrng.read = mox_hwrng_read; 489 490 ret = devm_hwrng_register(dev, &rwtm->hwrng); 491 if (ret) 492 return dev_err_probe(dev, ret, "Cannot register HWRNG!\n"); 493 494 rwtm_register_debugfs(rwtm); 495 496 dev_info(dev, "HWRNG successfully registered\n"); 497 498 /* 499 * For sysfs ABI compatibility, create symlink 500 * /sys/firmware/turris-mox-rwtm to this device's sysfs directory. 501 */ 502 ret = sysfs_create_link(firmware_kobj, &dev->kobj, DRIVER_NAME); 503 if (!ret) 504 devm_add_action_or_reset(dev, rwtm_firmware_symlink_drop, 505 firmware_kobj); 506 507 return 0; 508 } 509 510 static const struct of_device_id turris_mox_rwtm_match[] = { 511 { .compatible = "cznic,turris-mox-rwtm", }, 512 { .compatible = "marvell,armada-3700-rwtm-firmware", }, 513 { }, 514 }; 515 516 MODULE_DEVICE_TABLE(of, turris_mox_rwtm_match); 517 518 static struct platform_driver turris_mox_rwtm_driver = { 519 .probe = turris_mox_rwtm_probe, 520 .driver = { 521 .name = DRIVER_NAME, 522 .of_match_table = turris_mox_rwtm_match, 523 .dev_groups = turris_mox_rwtm_groups, 524 }, 525 }; 526 module_platform_driver(turris_mox_rwtm_driver); 527 528 MODULE_LICENSE("GPL v2"); 529 MODULE_DESCRIPTION("Turris Mox rWTM firmware driver"); 530 MODULE_AUTHOR("Marek Behun <kabel@kernel.org>"); 531