From c9b08da80421eced95677778d4644e0ec8875193 Mon Sep 17 00:00:00 2001 From: typhoonow Date: Mon, 1 Jul 2024 11:41:11 +0800 Subject: [PATCH 1/2] update sdk and fix some errors --- build/signtools/manifest.py | 5 +++++ build/tools/docker_config_tools/gen_config.py | 4 ++-- include/TA/huawei_ext/tee_ext_api.h | 18 ++++++++++++++++ include/TA/tee_defines.h | 8 ++++++- include/TA/tee_trusted_storage_api.h | 2 ++ test/TA/helloworld/ta_demo.c | 21 +++++++++++++------ 6 files changed, 49 insertions(+), 9 deletions(-) diff --git a/build/signtools/manifest.py b/build/signtools/manifest.py index 12055df..fba929d 100755 --- a/build/signtools/manifest.py +++ b/build/signtools/manifest.py @@ -181,6 +181,7 @@ def update_target_type(target_info): max_service_len = 36 if dyn_conf_target_type == 1: target_type = PRODUCT_DRIVER_IMAGE + max_service_len = 31 if dyn_conf_target_type == 3: target_type = PRODUCT_SERVICE_IMAGE if dyn_conf_target_type == 4: @@ -195,6 +196,10 @@ def update_target_type(target_info): if not re.match(r"^[A-Za-z0-9_-]*$", service_name): logging.error("service name only can use [A-Z] [a-z] [0-9] '-' and '_'") return (False, 0) + if dyn_conf_target_type == 1: + if not re.match(r"^[A-Za-z0-9_]*$", service_name): + logging.error("driver service name only can use [A-Z] [a-z] [0-9] and _") + return (False, 0) if service_name_len > max_service_len: logging.error("service name len cannot larger than %s", str(max_service_len)) diff --git a/build/tools/docker_config_tools/gen_config.py b/build/tools/docker_config_tools/gen_config.py index 6d66dc4..5e9425d 100644 --- a/build/tools/docker_config_tools/gen_config.py +++ b/build/tools/docker_config_tools/gen_config.py @@ -46,9 +46,9 @@ def main(): content["prestart"][0]["args"] = start_args content["poststop"][0]["args"] = stop_args - flags = os.O_RDWR | os.CREAT + flags = os.O_RDWR | os.O_CREAT modes = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH - with os.fdopen(op.open(file_name, flags, modes), 'w+') as json_file: + with os.fdopen(os.open(file_name, flags, modes), 'w+') as json_file: json.dump(content, json_file, indent=4) if __name__ == '__main__': diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h index f468f9a..aa819a9 100644 --- a/include/TA/huawei_ext/tee_ext_api.h +++ b/include/TA/huawei_ext/tee_ext_api.h @@ -175,6 +175,24 @@ TEE_Result TEE_EXT_CheckClientPerm(uint32_t param_types, const TEE_Param params[ */ TEE_Result tee_ext_derive_ta_platfrom_keys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params, uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size); + +struct accel_memref_t { + uint64_t buffer; + uint32_t size; +}; + +/* +* enable crypto accelerator +* @param op [IN] target operation to be accelerated +* @param length [IN] lenght of in/out buffer +* @param memrefs [IN] in/out buffers +* @param memref_num [OUT] num of in/out buffers +* +* @return -1 means failed to enable accelerate +*/ +int32_t tee_enable_crypto_accelerator(TEE_OperationHandle op, + size_t length, struct accel_memref_t *memrefs, int *memref_num); + #ifdef __cplusplus #if __cplusplus } diff --git a/include/TA/tee_defines.h b/include/TA/tee_defines.h index 36ff389..f7c1e09 100755 --- a/include/TA/tee_defines.h +++ b/include/TA/tee_defines.h @@ -200,7 +200,7 @@ enum TEE_ObjectType { TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE, }; -#define OBJECT_NAME_LEN_MAX 255 +#define OBJECT_NAME_LEN_MAX 256 struct __TEE_ObjectHandle { void *dataPtr; @@ -325,12 +325,18 @@ enum TEE_Result_Value { TEE_ERROR_ROTSRV_NOT_AVAILABLE = 0xFFFF711B, /* ROT service is not available */ TEE_ERROR_ARTSRV_NOT_AVAILABLE = 0xFFFF711C, /* ART service is not available */ TEE_ERROR_HSMSRV_NOT_AVAILABLE = 0xFFFF711D, /* HSM service is not available */ + TEE_ERROR_VRPMB_AGENT_FAIL = 0xFFFF7200, /* REE vrpmb agent check magic failed, maybe cache fail */ + TEE_ERROR_VRPMB_RW_FAIL = 0xFFFF7201, /* REE ssd friver rw failed */ + TEE_ERROR_VRPMB_SUPER_MAC_FAILED = 0xFFFF7202, /* vrpmb check super block mac failed */ + TEE_ERROR_VRPMB_WRITE_REJECT = 0xFFFF7203, /* reject write to vrpmb */ TEE_ERROR_ANTIROOT_RSP_FAIL = 0xFFFF9110, /* AntiRoot Response verify failed */ TEE_ERROR_ANTIROOT_INVOKE_ERROR = 0xFFFF9111, /* AntiRoot ERROR during invokecmd */ TEE_ERROR_AUDIT_FAIL = 0xFFFF9112, /* audit failed */ TEE_FAIL2 = 0xFFFF9113, /* unused */ TEE_ERROR_IPC_OVERFLOW = 0xFFFF9114, /* IPC Channel overflow error */ TEE_ERROR_APM = 0xFFFF9115, /* APM error */ + TEE_ERROR_CA_AUTHFILE_NOT_EXIST = 0xFFFF9116, /* CA auth file not exist */ + TEE_ERROR_CA_CALLER_ACCESS_DENIED = 0xFFFF9117, /* ca caller access is denied */ }; /* diff --git a/include/TA/tee_trusted_storage_api.h b/include/TA/tee_trusted_storage_api.h index 680ea33..dff0ac9 100644 --- a/include/TA/tee_trusted_storage_api.h +++ b/include/TA/tee_trusted_storage_api.h @@ -98,6 +98,8 @@ enum Data_Flag_Constants { TEE_DATA_FLAG_AES256 = 0x10000000, /* If bit29 is set to 1, it means that the lower version will be opened first */ TEE_DATA_FLAG_OPEN_AESC = 0x20000000, + /* If bit30 is set to 1, it means use GM algorithm to protect data */ + TEE_DATA_FLAG_GM = 0x40000000, }; /* diff --git a/test/TA/helloworld/ta_demo.c b/test/TA/helloworld/ta_demo.c index 5c1f6b6..72f267e 100755 --- a/test/TA/helloworld/ta_demo.c +++ b/test/TA/helloworld/ta_demo.c @@ -42,6 +42,19 @@ static TEE_Result get_ta_version(char* buffer, size_t *buf_len) return TEE_SUCCESS; } +static TEE_Result add_ta_caller(void) +{ + TEE_Result ret = TEE_SUCCESS; + ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root"); + if (ret == TEE_SUCCESS) { + tlogd("TA entry point: add ca whitelist success"); + } else { + tloge("TA entry point: add ca whitelist failed"); + return TEE_ERROR_GENERIC; + } + return ret; +} + /** * Function TA_CreateEntryPoint * Description: @@ -55,13 +68,9 @@ TEE_Result TA_CreateEntryPoint(void) tlogd("----- TA entry point ----- "); tlogd("TA version: %s", TA_TEMPLATE_VERSION); - ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root"); - if (ret == TEE_SUCCESS) { - tlogd("TA entry point: add ca whitelist success"); - } else { - tloge("TA entry point: add ca whitelist failed"); + ret = add_ta_caller(); + if (ret != TEE_SUCCESS) return TEE_ERROR_GENERIC; - } return TEE_SUCCESS; } -- Gitee From 7fb209c80bb6a8d4d264963fdf52e177839fccab Mon Sep 17 00:00:00 2001 From: typhoonow Date: Tue, 2 Jul 2024 02:43:48 +0000 Subject: [PATCH 2/2] update include/TA/huawei_ext/tee_ext_api.h. Signed-off-by: typhoonow --- include/TA/huawei_ext/tee_ext_api.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h index aa819a9..03d21b8 100644 --- a/include/TA/huawei_ext/tee_ext_api.h +++ b/include/TA/huawei_ext/tee_ext_api.h @@ -181,7 +181,7 @@ struct accel_memref_t { uint32_t size; }; -/* +/* * enable crypto accelerator * @param op [IN] target operation to be accelerated * @param length [IN] lenght of in/out buffer -- Gitee