1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stdint.h> 20 21 #include <lib/hwkey/hwkey.h> 22 #include <trusty_ipc.h> 23 24 #include "block_device.h" 25 #include "crypt.h" 26 #include "fs.h" 27 #include "rpmb.h" 28 #include "tipc_ns.h" 29 30 /** 31 * DOC: File System Identifiers 32 * 33 * These file system names can be used in log messages to distinguish between 34 * operations on different file systems. They are also mapped to identifiers to 35 * report metrics events. 36 * 37 * @file_system_id_td: Tamper detect storage. Rollback or tampering by 38 * non-secure code will be detected. 39 * @file_system_id_tdea: Tamper detect early-access storage. Rollback or 40 * tampering by non-secure code will be detected. 41 * Available before the non-secure OS has booted if 42 * supported by the boot loader. 43 * @file_system_id_tdp: Tamper detect persistent storage. Rollback or tampering 44 * by non-secure code will be detected. Data will persist 45 * across device wipes. 46 * @file_system_id_tp: Tamper proof storage. Non-secure code can prevent read 47 * and write operations from succeeding, but it cannot 48 * modify on-disk data. 49 * @file_system_id_nsp: Non-secure persistent storage. Deprecated. 50 */ 51 extern const char file_system_id_td[]; 52 extern const char file_system_id_tdea[]; 53 extern const char file_system_id_tdp[]; 54 extern const char file_system_id_tp[]; 55 extern const char file_system_id_nsp[]; 56 57 enum storage_filesystem_type { 58 STORAGE_TP, 59 STORAGE_TDEA, 60 STORAGE_TD, 61 STORAGE_TDP, 62 STORAGE_NSP, 63 STORAGE_FILESYSTEMS_COUNT, 64 }; 65 66 /** 67 * struct block_device_rpmb 68 * @dev: Block device state 69 * @rpmb_state: State of the backing rpmb 70 * @base: First block to use in rpmb partition 71 * @is_userdata: Is this RPMB device tied to the state of the userdata 72 * partition? 73 */ 74 struct block_device_rpmb { 75 struct block_device dev; 76 struct rpmb_state* rpmb_state; 77 uint16_t base; 78 bool is_userdata; 79 }; 80 81 /** 82 * struct block_device_ns 83 * @dev: Block device state 84 * @ipc_handle: IPC handle to use to talk to ns 85 * @ns_handle: Handle of the backing ns file 86 * @is_userdata: Is the backing file for this device in the (non-persistent) 87 * userdata partition? 88 */ 89 struct block_device_ns { 90 struct block_device dev; 91 handle_t ipc_handle; 92 ns_handle_t ns_handle; 93 bool is_userdata; 94 }; 95 96 /** 97 * struct block_device_tipc 98 * @ipc_handle: IPC handle to use to talk to storageproxy. 99 * @rpmb_state: State of the backing rpmb. Holds a pointer to 100 * @ipc_handle. 101 * @dev_rpmb: The rpmb block device backing @tr_state_rpmb. 102 * @tr_state_rpmb: Filesystem for rpmb (TP, TDEA). 103 * @dev_ns: The rpmb block device containing the superblock for 104 * @tr_state_ns. 105 * @dev_ns_rpmb: The rpmb block device backing @tr_state_ns. 106 * @tr_state_ns: Filesystem for TD. 107 * @dev_ns_tdp: The ns block device backing @tr_state_ns_tdp. Only 108 * present when $HAS_FS_TDP defined. 109 * @dev_ns_tdp_rpmb: The rpmb block device containing the superblock for 110 * @tr_state_ns_tdp. Only present when $HAS_FS_TDP 111 * defined. 112 * @tr_state_ns_tdp: Filesystem for TDP. Only present when $HAS_FS_TDP 113 * defined. 114 * @dev_ns_nsp: The ns block device backing @tr_state_ns_nsp. Only 115 * present when $HAS_FS_NSP defined. 116 * @dev_ns_nsp_superblock: The ns block device containing the superblock for 117 * @tr_state_ns_nsp. Only present when $HAS_FS_NSP 118 * defined. 119 * @tr_state_ns_nsp: Filesystem for NSP. Only present when $HAS_FS_NSP 120 * defined. 121 */ 122 struct block_device_tipc { 123 handle_t ipc_handle; 124 struct rpmb_state* rpmb_state; 125 126 struct block_device_rpmb dev_rpmb; 127 struct fs tr_state_rpmb; 128 129 struct block_device_ns dev_ns; 130 struct block_device_rpmb dev_ns_rpmb; 131 struct fs tr_state_ns; 132 133 #if HAS_FS_TDP 134 struct block_device_ns dev_ns_tdp; 135 struct block_device_rpmb dev_ns_tdp_rpmb; 136 struct fs tr_state_ns_tdp; 137 #endif 138 139 #if HAS_FS_NSP 140 struct block_device_ns dev_ns_nsp; 141 struct block_device_ns dev_ns_nsp_superblock; 142 struct fs tr_state_ns_nsp; 143 #endif 144 }; 145 146 __BEGIN_CDECLS 147 148 /** 149 * block_device_tipc_init() - Initialize a block device context 150 * @self: Out param. Will contain the created &struct block_device_tipc, 151 * which must later be cleaned up by passing to block_device_tipc_destroy() 152 * @ipc_handle: IPC handle to use to talk to ns. 153 * @fs_key: Key used to decrypt filesystems. 154 * @rpmb_key: Key used to access rpmb. If null, a derived key will be used 155 * instead. 156 * @hwkey_session: HWCrpyto session handle to use for rpmb access. 157 */ 158 int block_device_tipc_init(struct block_device_tipc* self, 159 handle_t ipc_handle, 160 const struct key* fs_key, 161 const struct rpmb_key* rpmb_key, 162 hwkey_session_t hwkey_session); 163 164 /** 165 * block_device_tipc_destroy() - Destroy a block device context 166 * @self: The &struct block_device_tipc to destroy. Does not free the 167 * context's memory. Any &struct fs &self returned from calls to 168 * block_device_tipc_get_fs() must no longer be in use. @self must have 169 * already been disconnected with &block_device_tipc_disconnect(). 170 */ 171 void block_device_tipc_destroy(struct block_device_tipc* self); 172 173 /** 174 * block_device_tipc_fs_connected() - Check whether a given filesystem is 175 * connected 176 * 177 * @self: The &struct block_device_tipc from which to check for a filesystem. 178 * @fs_type: The type of filesystem to check. 179 */ 180 bool block_device_tipc_fs_connected(struct block_device_tipc* self, 181 enum storage_filesystem_type fs_type); 182 183 /** 184 * block_device_tipc_get_fs() - Get a reference to one of the managed 185 * filesystems 186 * 187 * @self: The &struct block_device_tipc to get a filesystem from. 188 * @fs_type: The type of filesystem to get. 189 */ 190 struct fs* block_device_tipc_get_fs(struct block_device_tipc* self, 191 enum storage_filesystem_type fs_type); 192 193 /** 194 * block_device_tipc_disconnect() - Disconnect from the block devices 195 * 196 * Severs ipc connections to the block devices/filesystems backing the &struct 197 * fs objects returned by &block_device_tipc_get_fs(). These fs objects state 198 * will be maintained, but they must not be used until 199 * &block_device_tipc_reconnect() is called. 200 * 201 * @self: The &struct block_device_tipc to disconnect. 202 */ 203 void block_device_tipc_disconnect(struct block_device_tipc* self); 204 205 /** 206 * block_device_tipc_reconnect() - Reconnect to the block devices 207 * 208 * Reestablishes ipc connections to the block devices/filesystems backing the 209 * &struct fs objects returned by &block_device_tipc_get_fs(). 210 * 211 * @self: The &struct block_device_tipc to reconnect. 212 * @ipc_handle: IPC handle to use to talk to backing block devices/filesystems. 213 * @fs_key: Key used to decrypt filesystems. 214 */ 215 int block_device_tipc_reconnect(struct block_device_tipc* self, 216 handle_t ipc_handle, 217 const struct key* fs_key); 218 219 __END_CDECLS 220