From: Stephen Carlson stcarlso@linux.microsoft.com
Security devices currently implement operations to store an OS anti-rollback monotonic counter. Existing devices such as the Trusted Platform Module (TPM) already support this operation, but this uclass provides abstraction for current and future devices that may support different features.
- New Driver Model uclass UCLASS_SECURITY. - New config CONFIG_DM_SECURITY to enable security device support. - New driver sandbox_security matching "security,sandbox", enabled with new config CONFIG_SECURITY_SANDBOX.
Signed-off-by: Stephen Carlson stcarlso@linux.microsoft.com --- MAINTAINERS | 8 ++++ drivers/Kconfig | 2 + drivers/Makefile | 1 + drivers/security/Kconfig | 25 +++++++++++ drivers/security/Makefile | 6 +++ drivers/security/sandbox_security.c | 65 +++++++++++++++++++++++++++++ drivers/security/security-uclass.c | 30 +++++++++++++ include/dm-security.h | 44 +++++++++++++++++++ include/dm/uclass-id.h | 1 + 9 files changed, 182 insertions(+) create mode 100644 drivers/security/Kconfig create mode 100644 drivers/security/Makefile create mode 100644 drivers/security/sandbox_security.c create mode 100644 drivers/security/security-uclass.c create mode 100644 include/dm-security.h
diff --git a/MAINTAINERS b/MAINTAINERS index bf851cffd6..73b6943e03 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1438,6 +1438,14 @@ F: cmd/seama.c F: doc/usage/cmd/seama.rst F: test/cmd/seama.c
+SECURITY +M: Stephen Carlson stcarlso@linux.microsoft.com +S: Maintained +F: drivers/security/Kconfig +F: drivers/security/Makefile +F: drivers/security/sandbox_security.c +F: drivers/security/security-uclass.c + SEMIHOSTING R: Sean Anderson sean.anderson@seco.com S: Orphaned diff --git a/drivers/Kconfig b/drivers/Kconfig index a25f6ae02f..95ea614210 100644 --- a/drivers/Kconfig +++ b/drivers/Kconfig @@ -116,6 +116,8 @@ source "drivers/rtc/Kconfig"
source "drivers/scsi/Kconfig"
+source "drivers/security/Kconfig" + source "drivers/serial/Kconfig"
source "drivers/smem/Kconfig" diff --git a/drivers/Makefile b/drivers/Makefile index efc2a4afb2..b670aae5fd 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -98,6 +98,7 @@ obj-$(CONFIG_PCH) += pch/ obj-$(CONFIG_DM_REBOOT_MODE) += reboot-mode/ obj-y += rtc/ obj-y += scsi/ +obj-y += security/ obj-y += sound/ obj-y += spmi/ obj-y += watchdog/ diff --git a/drivers/security/Kconfig b/drivers/security/Kconfig new file mode 100644 index 0000000000..f7af5c4e78 --- /dev/null +++ b/drivers/security/Kconfig @@ -0,0 +1,25 @@ +config DM_SECURITY + bool "Support security devices with driver model" + depends on DM + help + This option enables support for the security uclass which supports + devices intended to provide additional security features during + boot. These devices might encapsulate existing features of TPM + or TEE devices, but can also be dedicated security processors + implemented in specific hardware. + +config SECURITY_SANDBOX + bool "Enable sandbox security driver" + depends on DM_SECURITY + help + This driver supports a simulated security device that uses volatile + memory to store secure data and begins uninitialized. This + implementation allows OS images with security requirements to be + loaded in the sandbox environment. + +config SECURITY_TPM + bool "Enable TPM security driver" + depends on TPM && TPM_V2 && DM_SECURITY + help + This driver supports a security device based on existing TPM + functionality. diff --git a/drivers/security/Makefile b/drivers/security/Makefile new file mode 100644 index 0000000000..ed10c3f234 --- /dev/null +++ b/drivers/security/Makefile @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# (C) Copyright 2021 Microsoft, Inc. + +obj-$(CONFIG_DM_SECURITY) += security-uclass.o +obj-$(CONFIG_SECURITY_SANDBOX) += sandbox_security.o diff --git a/drivers/security/sandbox_security.c b/drivers/security/sandbox_security.c new file mode 100644 index 0000000000..bcb817a842 --- /dev/null +++ b/drivers/security/sandbox_security.c @@ -0,0 +1,65 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2021 Microsoft, Inc + * Written by Stephen Carlson stcarlso@microsoft.com + */ + +#include <common.h> +#include <dm.h> +#include <fdtdec.h> +#include <dm-security.h> + +static struct security_state { + u64 arbvn; +}; + +static int sb_security_arbvn_get(struct udevice *dev, u64 *arbvn) +{ + struct security_state *priv = dev_get_priv(dev); + + if (!arbvn) + return -EINVAL; + + *arbvn = priv->arbvn; + return 0; +} + +static int sb_security_arbvn_set(struct udevice *dev, u64 arbvn) +{ + struct security_state *priv = dev_get_priv(dev); + u64 old_arbvn; + + old_arbvn = priv->arbvn; + if (arbvn < old_arbvn) + return -EPERM; + + priv->arbvn = arbvn; + return 0; +} + +static const struct dm_security_ops security_sandbox_ops = { + .arbvn_get = sb_security_arbvn_get, + .arbvn_set = sb_security_arbvn_set, +}; + +static int security_sandbox_probe(struct udevice *dev) +{ + struct security_state *priv = dev_get_priv(dev); + + priv->arbvn = 0ULL; + return 0; +} + +static const struct udevice_id security_sandbox_ids[] = { + { .compatible = "sandbox,security" }, + { } +}; + +U_BOOT_DRIVER(security_sandbox) = { + .name = "security_sandbox", + .id = UCLASS_SECURITY, + .priv_auto = sizeof(struct security_state), + .of_match = security_sandbox_ids, + .probe = security_sandbox_probe, + .ops = &security_sandbox_ops, +}; diff --git a/drivers/security/security-uclass.c b/drivers/security/security-uclass.c new file mode 100644 index 0000000000..26790f3130 --- /dev/null +++ b/drivers/security/security-uclass.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2021 Microsoft, Inc + * Written by Stephen Carlson stcarlso@microsoft.com + */ + +#include <common.h> +#include <dm.h> +#include <dm-security.h> + +int dm_security_arbvn_get(struct udevice *dev, uint64_t *arbvn) +{ + if (!dev || !arbvn) + return -EINVAL; + + return security_get_ops(dev)->arbvn_get(dev, arbvn); +} + +int dm_security_arbvn_set(struct udevice *dev, uint64_t arbvn) +{ + if (!dev) + return -EINVAL; + + return security_get_ops(dev)->arbvn_set(dev, arbvn); +} + +UCLASS_DRIVER(security) = { + .id = UCLASS_SECURITY, + .name = "security", +}; diff --git a/include/dm-security.h b/include/dm-security.h new file mode 100644 index 0000000000..f71fe5c255 --- /dev/null +++ b/include/dm-security.h @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2021 Microsoft, Inc. + */ + +#ifndef _DM_SECURITY_H_ +#define _DM_SECURITY_H_ + +#include <stdint.h> + +/* Access the security operations for a device */ +#define security_get_ops(dev) ((struct dm_security_ops *)(dev)->driver->ops) + +/** + * dm_security_arbvn_get() Gets the OS anti-roll back version number (ARBVN) + * + * @dev: Device to check + * @arbvn: Location where the ARBVN will be stored on success + * @return 0 if OK, -ve on error + */ +int dm_security_arbvn_get(struct udevice *dev, uint64_t *arbvn); + +/** + * dm_security_arbvn_set() Sets the OS anti-roll back version number (ARBVN). + * Only succeeds if the new version number is greater than or equal to the + * current ARBVN. + * + * @dev: Device to modify + * @arbvn: The new ARBVN value of the image that is loaded + * @return 0 if OK, -ve on error + */ +int dm_security_arbvn_set(struct udevice *dev, uint64_t arbvn); + +/** + * struct dm_security_ops - Driver model security operations + * + * Refer to the functions above for the description of each operation. + */ +struct dm_security_ops { + int (*arbvn_get)(struct udevice *dev, uint64_t *arbvn); + int (*arbvn_set)(struct udevice *dev, uint64_t arbvn); +}; + +#endif diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h index 0432c95c9e..af282a1baa 100644 --- a/include/dm/uclass-id.h +++ b/include/dm/uclass-id.h @@ -124,6 +124,7 @@ enum uclass_id { UCLASS_RTC, /* Real time clock device */ UCLASS_SCMI_AGENT, /* Interface with an SCMI server */ UCLASS_SCSI, /* SCSI device */ + UCLASS_SECURITY, /* Security device */ UCLASS_SERIAL, /* Serial UART */ UCLASS_SIMPLE_BUS, /* Bus with child devices */ UCLASS_SMEM, /* Shared memory interface */