[PATCH v5 0/8] Replay Protected Memory Block (RPMB) subsystem

[PATCH v5 0/8] Replay Protected Memory Block (RPMB) subsystem

[Tomas Winkler]

Few storage technologies such is EMMC, UFS, and NVMe support RPMB
hardware partition with common protocol and frame layout.
The RPMB partition cannot be accessed via standard block layer, but by a
set of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
PROGRAM_KEY.
Such a partition provides authenticated and replay protected access,
hence suitable as a secure storage.

The RPMB layer aims to provide in-kernel API for Trusted Execution
Environment (TEE) devices that are capable to securely compute block
frame signature. In case a TEE device wish to store a replay protected
data, it creates an RPMB frame with requested data and computes HMAC of
the frame, then it requests the storage device via RPMB layer to store
the data.
A TEE driver can claim the RPMB interface, for example, via
class_interface_register ().
The layer provides two APIs, for rpmb_req_cmd() for issuing one of RPMB
specific commands and rpmb_seq_cmd() for issuing of raw RPMB protocol
frames,  which is close to emmc multi ioctl interface.

A storage device registers its RPMB hardware (eMMC) partition or RPMB
W-LUN (UFS) with the RPMB layer providing an implementation for
rpmb_seq_cmd() handler. The interface enables sending sequence of RPMB
standard frames.

A parallel user space API is provided via /dev/rpmbX character
device with two IOCTL commands.
Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is performed
by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD where
the whole RPMB sequence, including RESULT_READ is supplied by the caller.
The latter is intended for easier adjusting of the applications that
use MMC_IOC_MULTI_CMD ioctl, such as 
https://android.googlesource.com/trusty/app/storage/

There is a also sample tool under tools/rpmb/ directory that exercises
these interfaces and a simulation device that implements the device part.

Tomas Winkler (8):
  rpmb: add Replay Protected Memory Block (RPMB) subsystem
  char: rpmb: add sysfs-class ABI documentation
  char: rpmb: add device attributes
  char: rpmb: provide a user space interface
  char: rpmb: add RPMB simulation device
  tools rpmb: add RPBM access tool
  mmc: block: register RPMB partition with the RPMB subsystem
  scsi: ufs: connect to RPMB subsystem

 Documentation/ABI/testing/sysfs-class-rpmb |  44 ++
 Documentation/ioctl/ioctl-number.txt       |   1 +
 MAINTAINERS                                |  10 +
 drivers/char/Kconfig                       |   2 +
 drivers/char/Makefile                      |   1 +
 drivers/char/rpmb/Kconfig                  |  25 +
 drivers/char/rpmb/Makefile                 |   6 +
 drivers/char/rpmb/cdev.c                   | 269 ++++++++
 drivers/char/rpmb/core.c                   | 484 +++++++++++++++
 drivers/char/rpmb/rpmb-cdev.h              |  25 +
 drivers/char/rpmb/rpmb_sim.c               | 668 ++++++++++++++++++++
 drivers/mmc/card/Kconfig                   |   1 +
 drivers/mmc/card/block.c                   | 258 +++++++-
 drivers/scsi/ufs/Kconfig                   |   1 +
 drivers/scsi/ufs/ufshcd.c                  | 183 ++++++
 drivers/scsi/ufs/ufshcd.h                  |   2 +
 include/linux/rpmb.h                       | 165 +++++
 include/uapi/linux/Kbuild                  |   1 +
 include/uapi/linux/rpmb.h                  | 152 +++++
 tools/Makefile                             |  14 +-
 tools/rpmb/.gitignore                      |   2 +
 tools/rpmb/Makefile                        |  33 +
 tools/rpmb/rpmb.c                          | 948 +++++++++++++++++++++++++++++
 23 files changed, 3287 insertions(+), 8 deletions(-)
 create mode 100644 Documentation/ABI/testing/sysfs-class-rpmb
 create mode 100644 drivers/char/rpmb/Kconfig
 create mode 100644 drivers/char/rpmb/Makefile
 create mode 100644 drivers/char/rpmb/cdev.c
 create mode 100644 drivers/char/rpmb/core.c
 create mode 100644 drivers/char/rpmb/rpmb-cdev.h
 create mode 100644 drivers/char/rpmb/rpmb_sim.c
 create mode 100644 include/linux/rpmb.h
 create mode 100644 include/uapi/linux/rpmb.h
 create mode 100644 tools/rpmb/.gitignore
 create mode 100644 tools/rpmb/Makefile
 create mode 100644 tools/rpmb/rpmb.c

-- 
2.5.5

[PATCH v5 1/8] rpmb: add Replay Protected Memory Block (RPMB) subsystem

[Tomas Winkler]

Few storage technologies such is EMMC, UFS, and NVMe support RPMB
hardware partition with common protocol and frame layout.
The RPMB partition cannot be accessed via standard block layer, but by a
set of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
PROGRAM_KEY.
Such a partition provides authenticated and replay protected access,
hence suitable as a secure storage.

The RPMB layer aims to provide in-kernel API for Trusted Execution
Environment (TEE) devices that are capable to securely compute block
frame signature. In case a TEE device wish to store a replay protected
data, it creates an RPMB frame with requested data and computes HMAC of
the frame, then it requests the storage device via RPMB layer to store
the data.
A TEE driver can claim the RPMB interface, for example, via
class_interface_register ().
The layer provides two APIs, for rpmb_cmd_req() for issuing one of RPMB
specific commands and rpmb_cmd_seq() for issuing of raw RPMB protocol
frames,  which is close to emmc multi ioctl interface.

A storage device registers its RPMB hardware (eMMC) partition or RPMB
W-LUN (UFS) with the RPMB layer providing an implementation for
rpmb_cmd_seq() handler. The interface enables sending sequence of RPMB
standard frames.


Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
---
V2: added short workflow description in the commit message
V3: commit message fix
V4: resend
V5: add rpmb sequence interface.

 MAINTAINERS                |   7 +
 drivers/char/Kconfig       |   2 +
 drivers/char/Makefile      |   1 +
 drivers/char/rpmb/Kconfig  |   8 +
 drivers/char/rpmb/Makefile |   4 +
 drivers/char/rpmb/core.c   | 414 +++++++++++++++++++++++++++++++++++++++++++++
 include/linux/rpmb.h       | 230 +++++++++++++++++++++++++
 7 files changed, 666 insertions(+)
 create mode 100644 drivers/char/rpmb/Kconfig
 create mode 100644 drivers/char/rpmb/Makefile
 create mode 100644 drivers/char/rpmb/core.c
 create mode 100644 include/linux/rpmb.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 5ec852e1d94c..50143ebc862f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9706,6 +9706,13 @@ F:	include/net/rose.h
 F:	include/uapi/linux/rose.h
 F:	net/rose/
 
+RPMB SUBSYSTEM
+M:	Tomas Winkler <tomas.winkler@intel.com>
+L:	linux-kernel@vger.kernel.org
+S:	Supported
+F:	drivers/char/rpmb/*
+F:	include/linux/rpmb.h
+
 RTL2830 MEDIA DRIVER
 M:	Antti Palosaari <crope@iki.fi>
 L:	linux-media@vger.kernel.org
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 601f64fcc890..2dc9733a6427 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -602,5 +602,7 @@ config TILE_SROM
 
 source "drivers/char/xillybus/Kconfig"
 
+source "drivers/char/rpmb/Kconfig"
+
 endmenu
 
diff --git a/drivers/char/Makefile b/drivers/char/Makefile
index d8a7579300d2..1a5e43c1a9a6 100644
--- a/drivers/char/Makefile
+++ b/drivers/char/Makefile
@@ -60,3 +60,4 @@ js-rtc-y = rtc.o
 
 obj-$(CONFIG_TILE_SROM)		+= tile-srom.o
 obj-$(CONFIG_XILLYBUS)		+= xillybus/
+obj-$(CONFIG_RPMB)		+= rpmb/
diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
new file mode 100644
index 000000000000..c5e6e909efce
--- /dev/null
+++ b/drivers/char/rpmb/Kconfig
@@ -0,0 +1,8 @@
+config RPMB
+	tristate "RPMB partition interface"
+	help
+	  Unified RPMB partition interface for eMMC and UFS.
+	  Provides interface for in kernel security controllers to
+	  access RPMB partition.
+
+	  If unsure, select N.
diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
new file mode 100644
index 000000000000..812b3ed264c0
--- /dev/null
+++ b/drivers/char/rpmb/Makefile
@@ -0,0 +1,4 @@
+obj-$(CONFIG_RPMB) += rpmb.o
+rpmb-objs += core.o
+
+ccflags-y += -D__CHECK_ENDIAN__
diff --git a/drivers/char/rpmb/core.c b/drivers/char/rpmb/core.c
new file mode 100644
index 000000000000..ff10cbb7b644
--- /dev/null
+++ b/drivers/char/rpmb/core.c
@@ -0,0 +1,414 @@
+/*
+ * Copyright (C) 2015-2016 Intel Corp. All rights reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/mutex.h>
+#include <linux/list.h>
+#include <linux/device.h>
+#include <linux/slab.h>
+
+#include <linux/rpmb.h>
+
+static DEFINE_IDA(rpmb_ida);
+
+/**
+ * rpmb_dev_get - increase rpmb device ref counter
+ *
+ * @rdev: rpmb device
+ */
+struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
+{
+	return get_device(&rdev->dev) ? rdev : NULL;
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_get);
+
+/**
+ * rpmb_dev_put - decrease rpmb device ref counter
+ *
+ * @rdev: rpmb device
+ */
+void rpmb_dev_put(struct rpmb_dev *rdev)
+{
+	put_device(&rdev->dev);
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_put);
+
+static int rpmb_request_verify(struct rpmb_dev *rdev, struct rpmb_data *rpmbd)
+{
+	u16 req_type, block_count;
+	struct rpmb_cmd *in_cmd = &rpmbd->icmd;
+	struct rpmb_cmd *out_cmd = &rpmbd->ocmd;
+
+	if (!in_cmd->frames || !in_cmd->nframes ||
+	    !out_cmd->frames || !out_cmd->nframes)
+		return -EINVAL;
+
+	req_type = be16_to_cpu(in_cmd->frames[0].req_resp);
+	block_count = be16_to_cpu(in_cmd->frames[0].block_count);
+
+	if (rpmbd->req_type != req_type) {
+		dev_err(&rdev->dev, "rpmb req type doesn't match 0x%04X = 0x%04X\n",
+			req_type, rpmbd->req_type);
+		return -EINVAL;
+	}
+
+	switch (req_type) {
+	case RPMB_PROGRAM_KEY:
+		dev_dbg(&rdev->dev, "rpmb program key = 0x%1x blk = %d\n",
+			req_type, block_count);
+		break;
+	case RPMB_GET_WRITE_COUNTER:
+		dev_dbg(&rdev->dev, "rpmb get write counter = 0x%1x blk = %d\n",
+			req_type, block_count);
+
+		break;
+	case RPMB_WRITE_DATA:
+		dev_dbg(&rdev->dev, "rpmb write data = 0x%1x blk = %d\n",
+			req_type, block_count);
+
+		if (rdev->ops->reliable_wr_cnt &&
+		    block_count > rdev->ops->reliable_wr_cnt) {
+			dev_err(&rdev->dev, "rpmb write data: block count %u > reliable wr count %u\n",
+				block_count, rdev->ops->reliable_wr_cnt);
+			return -EINVAL;
+		}
+
+		if (block_count > in_cmd->nframes) {
+			dev_err(&rdev->dev, "rpmb write data: block count %u > in frame count %u\n",
+				block_count, in_cmd->nframes);
+			return -EINVAL;
+		}
+		break;
+	case RPMB_READ_DATA:
+		dev_dbg(&rdev->dev, "rpmb read data = 0x%1x blk = %d\n",
+			req_type, block_count);
+
+		if (block_count > out_cmd->nframes) {
+			dev_err(&rdev->dev, "rpmb read data: block count %u > out frame count %u\n",
+				block_count, out_cmd->nframes);
+			return -EINVAL;
+		}
+		break;
+	case RPMB_RESULT_READ:
+		/* Internal command not supported */
+		dev_err(&rdev->dev, "NOTSUPPORTED rpmb resut read = 0x%1x blk = %d\n",
+			req_type, block_count);
+		return -EOPNOTSUPP;
+
+	default:
+		dev_err(&rdev->dev, "Error rpmb invalid command = 0x%1x blk = %d\n",
+			req_type, block_count);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+/**
+ * rpmb_cmd_seq - send RPMB command sequence
+ *
+ * @rdev: rpmb device
+ * @cmds: rpmb command list
+ * @ncmds: number of commands
+ *
+ * Return: 0 on success
+ *         -EINVAL on wrong parameters
+ *         -EOPNOTSUPP if device doesn't support the requested operation
+ *         < 0 if the operation fails
+ */
+int rpmb_cmd_seq(struct rpmb_dev *rdev, struct rpmb_cmd *cmds, u32 ncmds)
+{
+	int err;
+
+	if (!rdev || !cmds || !ncmds)
+		return -EINVAL;
+
+	mutex_lock(&rdev->lock);
+	if (rdev->ops && rdev->ops->cmd_seq)
+		err = rdev->ops->cmd_seq(rdev->dev.parent, cmds, ncmds);
+	else
+		err = -EOPNOTSUPP;
+	mutex_unlock(&rdev->lock);
+	return err;
+}
+EXPORT_SYMBOL_GPL(rpmb_cmd_seq);
+
+static void rpmb_cmd_set(struct rpmb_cmd *cmd, u32 flags,
+			 struct rpmb_frame *frames, u32 nframes)
+{
+	cmd->flags = flags;
+	cmd->frames = frames;
+	cmd->nframes = nframes;
+}
+
+/**
+ * rpmb_cmd_req - send rpmb request command
+ *
+ * @rdev: rpmb device
+ * @rpmbd: rpmb request data
+ *
+ * Return: 0 on success
+ *         -EINVAL on wrong parameters
+ *         -EOPNOTSUPP if device doesn't support the requested operation
+ *         < 0 if the operation fails
+ */
+int rpmb_cmd_req(struct rpmb_dev *rdev, struct rpmb_data *rpmbd)
+{
+	struct rpmb_cmd cmd[3];
+	struct rpmb_frame *res_frame;
+	u32 cnt_in, cnt_out;
+	u32 ncmds;
+	u16 type;
+	int ret;
+
+	if (!rdev || !rpmbd)
+		return -EINVAL;
+
+	ret = rpmb_request_verify(rdev, rpmbd);
+	if (ret)
+		return ret;
+
+	if (!rdev->ops || !rdev->ops->cmd_seq)
+		return -EOPNOTSUPP;
+
+	cnt_in = rpmbd->icmd.nframes;
+	cnt_out = rpmbd->ocmd.nframes;
+	type = rpmbd->req_type;
+	switch (type) {
+	case RPMB_PROGRAM_KEY:
+		cnt_in = 1;
+		cnt_out = 1;
+		/* fall through */
+	case RPMB_WRITE_DATA:
+		rpmb_cmd_set(&cmd[0], RPMB_F_WRITE | RPMB_F_REL_WRITE,
+			     rpmbd->icmd.frames, cnt_in);
+
+		res_frame = rpmbd->ocmd.frames;
+		memset(res_frame, 0, sizeof(*res_frame));
+		res_frame->req_resp = cpu_to_be16(RPMB_RESULT_READ);
+		rpmb_cmd_set(&cmd[1], RPMB_F_WRITE, res_frame, 1);
+
+		rpmb_cmd_set(&cmd[2], 0, rpmbd->ocmd.frames, cnt_out);
+		ncmds = 3;
+		break;
+	case RPMB_GET_WRITE_COUNTER:
+		cnt_in = 1;
+		cnt_out = 1;
+		/* fall through */
+	case RPMB_READ_DATA:
+		rpmb_cmd_set(&cmd[0], RPMB_F_WRITE, rpmbd->icmd.frames, cnt_in);
+		rpmb_cmd_set(&cmd[1], 0, rpmbd->ocmd.frames, cnt_out);
+		ncmds = 2;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	mutex_lock(&rdev->lock);
+	ret = rdev->ops->cmd_seq(rdev->dev.parent, cmd, ncmds);
+	mutex_unlock(&rdev->lock);
+
+	return ret;
+}
+EXPORT_SYMBOL_GPL(rpmb_cmd_req);
+
+static void rpmb_dev_release(struct device *dev)
+{
+	struct rpmb_dev *rdev = to_rpmb_dev(dev);
+
+	ida_simple_remove(&rpmb_ida, rdev->id);
+	kfree(rdev);
+}
+
+struct class rpmb_class = {
+	.name = "rpmb",
+	.owner = THIS_MODULE,
+	.dev_release = rpmb_dev_release,
+};
+EXPORT_SYMBOL(rpmb_class);
+
+/**
+ * rpmb_dev_find_device - return first matching rpmb device
+ *
+ * @data: data for the match function
+ * @match: the matching function
+ *
+ * Return: matching rpmb device or NULL on failure
+ */
+struct rpmb_dev *rpmb_dev_find_device(void *data,
+		     int (*match)(struct device *dev, const void *data))
+{
+	struct device *dev;
+
+	dev = class_find_device(&rpmb_class, NULL, data, match);
+
+	return dev ? to_rpmb_dev(dev) : NULL;
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_find_device);
+
+static int match_by_type(struct device *dev, const void *data)
+{
+	struct rpmb_dev *rdev = to_rpmb_dev(dev);
+	enum rpmb_type *type = (enum rpmb_type *)data;
+
+	return (*type == RPMB_TYPE_ANY || rdev->ops->type == *type);
+}
+
+/**
+ * rpmb_dev_get_by_type - return first registered rpmb device
+ *      with matching type.
+ *      If run with RPMB_TYPE_ANY the first an probably only
+ *      device is returned
+ *
+ * @type: rpbm underlying device type
+ *
+ * Return: matching rpmb device or NULL/ERR_PTR on failure
+ */
+struct rpmb_dev *rpmb_dev_get_by_type(enum rpmb_type type)
+{
+	if (type > RPMB_TYPE_MAX)
+		return ERR_PTR(-EINVAL);
+
+	return rpmb_dev_find_device(&type, match_by_type);
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_get_by_type);
+
+static int match_by_parent(struct device *dev, const void *data)
+{
+	const struct device *parent = data;
+
+	return (parent && dev->parent == parent);
+}
+
+/**
+ * rpmb_dev_find_by_device - retrieve rpmb device from the parent device
+ *
+ * @parent: parent device of the rpmb device
+ *
+ * Return: NULL if there is no rpmb device associated with the parent device
+ */
+struct rpmb_dev *rpmb_dev_find_by_device(struct device *parent)
+{
+	if (!parent)
+		return NULL;
+
+	return rpmb_dev_find_device(parent, match_by_parent);
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_find_by_device);
+
+/**
+ * rpmb_dev_unregister - unregister RPMB partition from the RPMB subsystem
+ *
+ * @dev: parent device of the rpmb device
+ */
+int rpmb_dev_unregister(struct device *dev)
+{
+	struct rpmb_dev *rdev;
+
+	if (!dev)
+		return -EINVAL;
+
+	rdev = rpmb_dev_find_by_device(dev);
+	if (!rdev) {
+		dev_warn(dev, "no disk found %s\n", dev_name(dev->parent));
+		return -ENODEV;
+	}
+
+	rpmb_dev_put(rdev);
+
+	mutex_lock(&rdev->lock);
+	device_del(&rdev->dev);
+	mutex_unlock(&rdev->lock);
+
+	rpmb_dev_put(rdev);
+
+	return 0;
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_unregister);
+
+/**
+ * rpmb_dev_register - register RPMB partition with the RPMB subsystem
+ *
+ * @dev: storage device of the rpmb device
+ * @ops: device specific operations
+ */
+struct rpmb_dev *rpmb_dev_register(struct device *dev,
+				   const struct rpmb_ops *ops)
+{
+	struct rpmb_dev *rdev;
+	int id;
+	int ret;
+
+	if (!dev || !ops)
+		return ERR_PTR(-EINVAL);
+
+	if (!ops->cmd_seq)
+		return ERR_PTR(-EINVAL);
+
+	if (ops->type == RPMB_TYPE_ANY || ops->type > RPMB_TYPE_MAX)
+		return ERR_PTR(-EINVAL);
+
+	rdev = kzalloc(sizeof(*rdev), GFP_KERNEL);
+	if (!rdev)
+		return ERR_PTR(-ENOMEM);
+
+	id = ida_simple_get(&rpmb_ida, 0, 0, GFP_KERNEL);
+	if (id < 0) {
+		ret = id;
+		goto exit;
+	}
+
+	mutex_init(&rdev->lock);
+	rdev->ops = ops;
+	rdev->id = id;
+
+	dev_set_name(&rdev->dev, "rpmb%d", id);
+	rdev->dev.class = &rpmb_class;
+	rdev->dev.parent = dev;
+	ret = device_register(&rdev->dev);
+	if (ret)
+		goto exit;
+
+	dev_dbg(&rdev->dev, "registered disk\n");
+
+	return rdev;
+
+exit:
+	if (id >= 0)
+		ida_simple_remove(&rpmb_ida, id);
+	kfree(rdev);
+	return ERR_PTR(ret);
+}
+EXPORT_SYMBOL_GPL(rpmb_dev_register);
+
+static int __init rpmb_init(void)
+{
+	ida_init(&rpmb_ida);
+	class_register(&rpmb_class);
+	return 0;
+}
+
+static void __exit rpmb_exit(void)
+{
+	class_unregister(&rpmb_class);
+	ida_destroy(&rpmb_ida);
+}
+
+subsys_initcall(rpmb_init);
+module_exit(rpmb_exit);
+
+MODULE_AUTHOR("Intel Corporation");
+MODULE_DESCRIPTION("RPMB class");
+MODULE_LICENSE("GPL");
diff --git a/include/linux/rpmb.h b/include/linux/rpmb.h
new file mode 100644
index 000000000000..c6e49ade92e5
--- /dev/null
+++ b/include/linux/rpmb.h
@@ -0,0 +1,230 @@
+/*
+ * Copyright (C) 2015-2016 Intel Corp. All rights reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+#ifndef __RPMB_H__
+#define __RPMB_H__
+
+#include <linux/types.h>
+#include <linux/device.h>
+#include <linux/kref.h>
+
+/**
+ * struct rpmb_frame - rpmb frame as defined by specs
+ *
+ * @stuff        : stuff bytes
+ * @key_mac      : The authentication key or the message authentication
+ *                 code (MAC) depending on the request/response type.
+ *                 The MAC will be delivered in the last (or the only)
+ *                 block of data.
+ * @data         : Data to be written or read by signed access.
+ * @nonce        : Random number generated by the host for the requests
+ *                 and copied to the response by the RPMB engine.
+ * @write_counter: Counter value for the total amount of the successful
+ *                 authenticated data write requests made by the host.
+ * @addr         : Address of the data to be programmed to or read
+ *                 from the RPMB. Address is the serial number of
+ *                 the accessed block (half sector 256B).
+ * @block_count  : Number of blocks (half sectors, 256B) requested to be
+ *                 read/programmed.
+ * @result       : Includes information about the status of the write counter
+ *                 (valid, expired) and result of the access made to the RPMB.
+ * @req_resp     : Defines the type of request and response to/from the memory.
+ */
+struct rpmb_frame {
+	u8     stuff[196];
+	u8     key_mac[32];
+	u8     data[256];
+	u8     nonce[16];
+	__be32 write_counter;
+	__be16 addr;
+	__be16 block_count;
+	__be16 result;
+	__be16 req_resp;
+} __packed;
+
+#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
+#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
+#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
+#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
+#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
+
+#define RPMB_REQ2RESP(_OP) ((_OP) << 8)
+#define RPMB_RESP2REQ(_OP) ((_OP) >> 8)
+
+/**
+ * enum rpmb_op_result - rpmb operation results
+ *
+ * @RPMB_ERR_OK      : operation successful
+ * @RPMB_ERR_GENERAL : general failure
+ * @RPMB_ERR_AUTH    : mac doesn't match or ac calculation failure
+ * @RPMB_ERR_COUNTER : counter doesn't match or counter increment failure
+ * @RPMB_ERR_ADDRESS : address out of range or wrong address alignment
+ * @RPMB_ERR_WRITE   : data, counter, or result write failure
+ * @RPMB_ERR_READ    : data, counter, or result read failure
+ * @RPMB_ERR_NO_KEY  : authentication key not yet programmed
+ *
+ * @RPMB_ERR_COUNTER_EXPIRED:  counter expired
+ */
+enum rpmb_op_result {
+	RPMB_ERR_OK      = 0x0000,
+	RPMB_ERR_GENERAL = 0x0001,
+	RPMB_ERR_AUTH    = 0x0002,
+	RPMB_ERR_COUNTER = 0x0003,
+	RPMB_ERR_ADDRESS = 0x0004,
+	RPMB_ERR_WRITE   = 0x0005,
+	RPMB_ERR_READ    = 0x0006,
+	RPMB_ERR_NO_KEY  = 0x0007,
+
+	RPMB_ERR_COUNTER_EXPIRED = 0x0080
+};
+
+/**
+ * enum rpmb_type - type of underlaying storage technology
+ *
+ * @RPMB_TYPE_ANY   : any type used for search only
+ * @RPMB_TYPE_EMMC  : emmc (JESD84-B50.1)
+ * @RPMB_TYPE_UFS   : UFS (JESD220)
+ * @RPMB_TYPE_MAX   : upper sentinel
+ */
+enum rpmb_type {
+	RPMB_TYPE_ANY = 0,
+	RPMB_TYPE_EMMC,
+	RPMB_TYPE_UFS,
+	RPMB_TYPE_MAX = RPMB_TYPE_UFS
+};
+
+extern struct class rpmb_class;
+
+#define RPMB_F_WRITE     BIT(0)
+#define RPMB_F_REL_WRITE BIT(1)
+
+/**
+ * struct rpmb_cmd: rpmb access command
+ *
+ * @flags:   command flags
+ *      0 - read command
+ *      1 - write commnad RPMB_F_WRITE
+ *      2 - reliable write RPMB_F_REL_WRITE
+ * @nframes: number of rpmb frames in the command
+ * @frames:  list of rpmb frames
+ */
+struct rpmb_cmd {
+	u32 flags;
+	u32 nframes;
+	struct rpmb_frame *frames __aligned(8);
+};
+
+/**
+ * struct rpmb_data - rpmb data be transmitted in RPMB request
+ *
+ * @req_type: request type (program key, read, write, write counter)
+ * @icmd:     list of input frames
+ * @ocmd:     list of result frames
+ */
+struct rpmb_data {
+	u16 req_type;
+	struct rpmb_cmd icmd;
+	struct rpmb_cmd ocmd;
+};
+
+/**
+ * struct rpmb_ops - RPMB ops to be implemented by underlaying block device
+ *
+ * @cmd_seq        : send RPMB command sequence to the RPBM partition
+ *                   backed by the disk
+ * @type           : block device type
+ * @dev_id         : unique device identifier
+ * @dev_id_len     : unique device identifier length
+ * @reliable_wr_cnt: number of sectors that can be written in one access
+ */
+struct rpmb_ops {
+	int (*cmd_seq)(struct device *dev, struct rpmb_cmd *cmds, u32 ncmds);
+	enum rpmb_type type;
+	const u8 *dev_id;
+	size_t dev_id_len;
+	u16 reliable_wr_cnt;
+};
+
+/**
+ * struct rpmb_dev - device which can support RPMB partition
+ *
+ * @lock       : the device lock
+ * @dev        : device
+ * @id         : device id
+ * @ops        : operation exported by block layer
+ */
+struct rpmb_dev {
+	struct mutex lock; /* device serialization lock */
+	struct device dev;
+	int    id;
+	const struct rpmb_ops *ops;
+};
+
+#define to_rpmb_dev(x) container_of((x), struct rpmb_dev, dev)
+
+#if IS_ENABLED(CONFIG_RPMB)
+struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev);
+void rpmb_dev_put(struct rpmb_dev *rdev);
+struct rpmb_dev *rpmb_dev_find_by_device(struct device *parent);
+struct rpmb_dev *rpmb_dev_get_by_type(enum rpmb_type type);
+struct rpmb_dev *rpmb_dev_register(struct device *dev,
+				   const struct rpmb_ops *ops);
+struct rpmb_dev *rpmb_dev_find_device(void *data,
+			int (*match)(struct device *dev, const void *data));
+int rpmb_dev_unregister(struct device *dev);
+int rpmb_cmd_seq(struct rpmb_dev *rdev, struct rpmb_cmd *cmds, u32 ncmds);
+int rpmb_cmd_req(struct rpmb_dev *rdev, struct rpmb_data *data);
+
+#else
+static inline struct rpmb_dev *rpmb_dev_get(struct rpmb_dev *rdev)
+{
+	return NULL;
+}
+
+static inline void rpmb_dev_put(struct rpmb_dev *rdev) { }
+
+static inline struct rpmb_dev *rpmb_dev_find_by_device(struct device *parent)
+{
+	return NULL;
+}
+
+static inline
+struct rpmb_dev *rpmb_dev_get_by_type(enum rpmb_type type)
+{
+	return NULL;
+}
+
+static inline struct rpmb_dev *
+rpmb_dev_register(struct device *dev, const struct rpmb_ops *ops)
+{
+	return NULL;
+}
+
+static inline int rpmb_dev_unregister(struct device *dev)
+{
+	return 0;
+}
+
+static inline int rpmb_cmd_seq(struct rpmb_dev *rdev,
+			       struct rpmb_cmd *cmds, u32 ncmds)
+{
+	return 0;
+}
+
+static inline int rpmb_cmd_req(struct rpmb_dev *rdev, struct rpmb_data *data)
+{
+	return 0;
+}
+
+#endif /* CONFIG_RPMB */
+
+#endif /* __RPMB_H__ */
-- 
2.5.5

[PATCH v5 2/8] char: rpmb: add sysfs-class ABI documentation

[Tomas Winkler]

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
V2: resend
V3: add more verbose description
V4: resend
V5: adjust date and kernel version

 Documentation/ABI/testing/sysfs-class-rpmb | 20 ++++++++++++++++++++
 MAINTAINERS                                |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 Documentation/ABI/testing/sysfs-class-rpmb

diff --git a/Documentation/ABI/testing/sysfs-class-rpmb b/Documentation/ABI/testing/sysfs-class-rpmb
new file mode 100644
index 000000000000..3ffcd2d1f683
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-class-rpmb
@@ -0,0 +1,20 @@
+What:		/sys/class/rpmb/
+Date:		Aug 2016
+KernelVersion:  4.8
+Contact:	Tomas Winkler <tomas.winkler@intel.com>
+Description:
+		The rpmb/ class sub-directory belongs to RPMB device class.
+
+		Few storage technologies such is EMMC, UFS, and NVMe support
+		Replay Protected Memory Block (RPMB) hardware partition with
+		common protocol and frame layout.
+		Such a partition provides authenticated and replay protected access,
+		hence suitable as a secure storage.
+
+What:		/sys/class/rpmb/rpmbN/
+Date:		Aug 2016
+KernelVersion:	4.8
+Contact:	Tomas Winkler <tomas.winkler@intel.com>
+Description:
+		The /sys/class/rpmb/rpmbN directory is created for
+		each RPMB registered device
diff --git a/MAINTAINERS b/MAINTAINERS
index 50143ebc862f..02a6f6f10f48 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9712,6 +9712,7 @@ L:	linux-kernel@vger.kernel.org
 S:	Supported
 F:	drivers/char/rpmb/*
 F:	include/linux/rpmb.h
+F:	Documentation/ABI/testing/sysfs-class-rpmb
 
 RTL2830 MEDIA DRIVER
 M:	Antti Palosaari <crope@iki.fi>
-- 
2.5.5

[PATCH v5 3/8] char: rpmb: add device attributes

[Tomas Winkler]

Add attribute type that displays underlay storage type technology
EMMC, UFS, and attribute id, that displays underlay storage device id.
For EMMC this would be content of CID and for UFS serial number from
the device descriptor.


Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
V2: resend
V3: set kernel version to 4.7
V4: update target date to Maj
V5: adjust date and kernel version
 Documentation/ABI/testing/sysfs-class-rpmb | 24 ++++++++++++
 drivers/char/rpmb/core.c                   | 63 ++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)

diff --git a/Documentation/ABI/testing/sysfs-class-rpmb b/Documentation/ABI/testing/sysfs-class-rpmb
index 3ffcd2d1f683..7ca97d86bd97 100644
--- a/Documentation/ABI/testing/sysfs-class-rpmb
+++ b/Documentation/ABI/testing/sysfs-class-rpmb
@@ -18,3 +18,27 @@ Contact:	Tomas Winkler <tomas.winkler@intel.com>
 Description:
 		The /sys/class/rpmb/rpmbN directory is created for
 		each RPMB registered device
+
+What:		/sys/class/rpmb/rpmbN/id
+Date:		Aug 2016
+KernelVersion:	4.8
+Contact:	Tomas Winkler <tomas.winkler@intel.com>
+Description:
+		The /sys/class/rpmb/rpmbN/id file contains device id
+		in a binary form
+
+What:		/sys/class/rpmb/rpmbN/type
+Date:		Aug 2016
+KernelVersion:	4.8
+Contact:	Tomas Winkler <tomas.winkler@intel.com>
+Description:
+		The /sys/class/rpmb/rpmbN/type file contains device
+		underlay storage type technology: EMMC, UFS
+
+What:		/sys/class/rpmb/rpmbN/reliable_wr_cnt
+Date:		Aug 2016
+KernelVersion:	4.8
+Contact:	Tomas Winkler <tomas.winkler@intel.com>
+Description:
+		The /sys/class/rpmb/rpmbN/reliable_wr_cnt file contains
+		number of blocks that can be written in a single request
diff --git a/drivers/char/rpmb/core.c b/drivers/char/rpmb/core.c
index ff10cbb7b644..63271c7ed072 100644
--- a/drivers/char/rpmb/core.c
+++ b/drivers/char/rpmb/core.c
@@ -308,6 +308,67 @@ struct rpmb_dev *rpmb_dev_find_by_device(struct device *parent)
 }
 EXPORT_SYMBOL_GPL(rpmb_dev_find_by_device);
 
+static ssize_t type_show(struct device *dev,
+			 struct device_attribute *attr, char *buf)
+{
+	struct rpmb_dev *rdev = to_rpmb_dev(dev);
+	ssize_t ret;
+
+	switch (rdev->ops->type) {
+	case RPMB_TYPE_EMMC:
+		ret = scnprintf(buf, PAGE_SIZE, "EMMC\n");
+		break;
+	case RPMB_TYPE_UFS:
+		ret = scnprintf(buf, PAGE_SIZE, "UFS\n");
+		break;
+	default:
+		ret = scnprintf(buf, PAGE_SIZE, "UNKNOWN\n");
+		break;
+	}
+
+	return ret;
+}
+static DEVICE_ATTR_RO(type);
+
+static ssize_t id_show(struct device *dev,
+		       struct device_attribute *attr, char *buf)
+{
+	struct rpmb_dev *rdev = to_rpmb_dev(dev);
+	size_t sz = min_t(size_t, rdev->ops->dev_id_len, PAGE_SIZE);
+
+	if (!rdev->ops->dev_id)
+		return 0;
+
+	memcpy(buf, rdev->ops->dev_id, sz);
+	return sz;
+}
+static DEVICE_ATTR_RO(id);
+
+static ssize_t reliable_wr_cnt_show(struct device *dev,
+				    struct device_attribute *attr, char *buf)
+{
+	struct rpmb_dev *rdev = to_rpmb_dev(dev);
+
+	return scnprintf(buf, PAGE_SIZE, "%u\n", rdev->ops->reliable_wr_cnt);
+}
+static DEVICE_ATTR_RO(reliable_wr_cnt);
+
+static struct attribute *rpmb_attrs[] = {
+	&dev_attr_type.attr,
+	&dev_attr_id.attr,
+	&dev_attr_reliable_wr_cnt.attr,
+	NULL,
+};
+
+static struct attribute_group rpmb_attr_group = {
+	.attrs = rpmb_attrs,
+};
+
+static const struct attribute_group *rpmb_attr_groups[] = {
+	&rpmb_attr_group,
+	NULL
+};
+
 /**
  * rpmb_dev_unregister - unregister RPMB partition from the RPMB subsystem
  *
@@ -377,6 +438,8 @@ struct rpmb_dev *rpmb_dev_register(struct device *dev,
 	dev_set_name(&rdev->dev, "rpmb%d", id);
 	rdev->dev.class = &rpmb_class;
 	rdev->dev.parent = dev;
+	rdev->dev.groups = rpmb_attr_groups;
+
 	ret = device_register(&rdev->dev);
 	if (ret)
 		goto exit;
-- 
2.5.5

[PATCH v5 4/8] char: rpmb: provide a user space interface

[Tomas Winkler]

The user space API is achieved via two synchronous IOCTL.
Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is performed
by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD where
the whole RPMB sequence including RESULT_READ is supplied by the caller.
The latter is intended for  easier adjusting  of the  applications that
use MMC_IOC_MULTI_CMD ioctl.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
V2: use memdup_user
V3: commit message fix
V4: resend
V5: 1. Add RPMB_IOC_SEQ_CMD API.
    2. Export uapi rpmb.h header
 Documentation/ioctl/ioctl-number.txt |   1 +
 MAINTAINERS                          |   1 +
 drivers/char/rpmb/Kconfig            |   7 +
 drivers/char/rpmb/Makefile           |   1 +
 drivers/char/rpmb/cdev.c             | 269 +++++++++++++++++++++++++++++++++++
 drivers/char/rpmb/core.c             |   9 +-
 drivers/char/rpmb/rpmb-cdev.h        |  25 ++++
 include/linux/rpmb.h                 |  81 ++---------
 include/uapi/linux/Kbuild            |   1 +
 include/uapi/linux/rpmb.h            | 152 ++++++++++++++++++++
 10 files changed, 473 insertions(+), 74 deletions(-)
 create mode 100644 drivers/char/rpmb/cdev.c
 create mode 100644 drivers/char/rpmb/rpmb-cdev.h
 create mode 100644 include/uapi/linux/rpmb.h

diff --git a/Documentation/ioctl/ioctl-number.txt b/Documentation/ioctl/ioctl-number.txt
index 9369d3b0f09a..38f57332bf8e 100644
--- a/Documentation/ioctl/ioctl-number.txt
+++ b/Documentation/ioctl/ioctl-number.txt
@@ -320,6 +320,7 @@ Code  Seq#(hex)	Include File		Comments
 0xB1	00-1F	PPPoX			<mailto:mostrows@styx.uwaterloo.ca>
 0xB3	00	linux/mmc/ioctl.h
 0xB4	00-0F	linux/gpio.h		<mailto:linux-gpio@vger.kernel.org>
+0xB5	00-01	linux/uapi/linux/rpmb.h <mailto:linux-mei@linux.intel.com>
 0xC0	00-0F	linux/usb/iowarrior.h
 0xCA	00-0F	uapi/misc/cxl.h
 0xCA	80-8F	uapi/scsi/cxlflash_ioctl.h
diff --git a/MAINTAINERS b/MAINTAINERS
index 02a6f6f10f48..c7c08c6c041b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9711,6 +9711,7 @@ M:	Tomas Winkler <tomas.winkler@intel.com>
 L:	linux-kernel@vger.kernel.org
 S:	Supported
 F:	drivers/char/rpmb/*
+F:	include/uapi/linux/rpmb.h
 F:	include/linux/rpmb.h
 F:	Documentation/ABI/testing/sysfs-class-rpmb
 
diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
index c5e6e909efce..6794be9fcc5e 100644
--- a/drivers/char/rpmb/Kconfig
+++ b/drivers/char/rpmb/Kconfig
@@ -6,3 +6,10 @@ config RPMB
 	  access RPMB partition.
 
 	  If unsure, select N.
+
+config RPMB_INTF_DEV
+	bool "RPMB character device interface /dev/rpmbN"
+	depends on RPMB
+	help
+	  Say yes here if you want to access RPMB from user space
+	  via character device interface /dev/rpmb%d
diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
index 812b3ed264c0..b5dc087b1299 100644
--- a/drivers/char/rpmb/Makefile
+++ b/drivers/char/rpmb/Makefile
@@ -1,4 +1,5 @@
 obj-$(CONFIG_RPMB) += rpmb.o
 rpmb-objs += core.o
+rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o
 
 ccflags-y += -D__CHECK_ENDIAN__
diff --git a/drivers/char/rpmb/cdev.c b/drivers/char/rpmb/cdev.c
new file mode 100644
index 000000000000..f3ad3444f76d
--- /dev/null
+++ b/drivers/char/rpmb/cdev.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (C) 2015-2016 Intel Corp. All rights reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/module.h>
+#include <linux/fs.h>
+#include <linux/uaccess.h>
+#include <linux/compat.h>
+#include <linux/slab.h>
+#include <linux/capability.h>
+
+#include <linux/rpmb.h>
+
+#include "rpmb-cdev.h"
+
+static dev_t rpmb_devt;
+#define RPMB_MAX_DEVS  MINORMASK
+
+#define RPMB_DEV_OPEN    0  /** single open bit (position) */
+
+/**
+ * rpmb_open - the open function
+ *
+ * @inode: pointer to inode structure
+ * @fp: pointer to file structure
+ *
+ * Return: 0 on success, <0 on error
+ */
+static int rpmb_open(struct inode *inode, struct file *fp)
+{
+	struct rpmb_dev *rdev;
+
+	rdev = container_of(inode->i_cdev, struct rpmb_dev, cdev);
+	if (!rdev)
+		return -ENODEV;
+
+	/* the rpmb is single open! */
+	if (test_and_set_bit(RPMB_DEV_OPEN, &rdev->status))
+		return -EBUSY;
+
+	mutex_lock(&rdev->lock);
+
+	fp->private_data = rdev;
+
+	mutex_unlock(&rdev->lock);
+
+	return nonseekable_open(inode, fp);
+}
+
+static int rpmb_release(struct inode *inode, struct file *fp)
+{
+	struct rpmb_dev *rdev = fp->private_data;
+
+	clear_bit(RPMB_DEV_OPEN, &rdev->status);
+
+	return 0;
+}
+
+static int rpmb_cmd_copy_from_user(struct rpmb_cmd *cmd,
+				   struct rpmb_ioc_cmd __user *ucmd)
+{
+	size_t sz;
+	struct rpmb_frame *frames;
+
+	if (get_user(cmd->flags, &ucmd->flags))
+		return -EFAULT;
+
+	if (get_user(cmd->nframes, &ucmd->nframes))
+		return -EFAULT;
+
+	/* FIXME get real number this is from MMC_IOC_MAX_BYTES */
+	if (cmd->nframes > 256)
+		return -EINVAL;
+
+	sz = cmd->nframes * sizeof(struct rpmb_frame);
+	frames = memdup_user(u64_to_user_ptr(ucmd->frames_ptr), sz);
+	if (IS_ERR(frames))
+		return PTR_ERR(frames);
+
+	cmd->frames = frames;
+	return 0;
+}
+
+static int rpmb_cmd_copy_to_user(struct rpmb_ioc_cmd __user *ucmd,
+				 struct rpmb_cmd *cmd)
+{
+	size_t sz;
+
+	sz = cmd->nframes * sizeof(struct rpmb_frame);
+	if (copy_to_user(u64_to_user_ptr(ucmd->frames_ptr), cmd->frames, sz))
+		return -EFAULT;
+
+	return 0;
+}
+
+static long rpmb_ioctl_seq_cmd(struct rpmb_dev *rdev,
+			       struct rpmb_ioc_seq_cmd __user *ptr)
+{
+	__u64 ncmds;
+	struct rpmb_cmd *cmds;
+	struct rpmb_ioc_cmd __user *ucmds;
+
+	int i;
+	int ret;
+
+	/* The caller must have CAP_SYS_RAWIO, like mmc ioctl */
+	if (!capable(CAP_SYS_RAWIO))
+		return -EPERM;
+
+	/* some archs have issues with 64bit get_user */
+	if (copy_from_user(&ncmds, &ptr->num_of_cmds, sizeof(ncmds)))
+		return -EFAULT;
+
+	if (ncmds > 3) {
+		dev_err(&rdev->dev, "supporting up to 3 packets (%llu)\n",
+			ncmds);
+		return -EINVAL;
+	}
+
+	cmds = kcalloc(ncmds, sizeof(*cmds), GFP_KERNEL);
+	if (!cmds)
+		return -ENOMEM;
+
+	ucmds = (struct rpmb_ioc_cmd __user *)ptr->cmds;
+	for (i = 0; i < ncmds; i++) {
+		ret = rpmb_cmd_copy_from_user(&cmds[i], &ucmds[i]);
+		if (ret)
+			goto out;
+	}
+
+	ret = rpmb_cmd_seq(rdev, cmds, ncmds);
+	if (ret)
+		goto out;
+
+	for (i = 0; i < ncmds; i++) {
+		ret = rpmb_cmd_copy_to_user(&ucmds[i], &cmds[i]);
+		if (ret)
+			goto out;
+	}
+out:
+	for (i = 0; i < ncmds; i++)
+		kfree(cmds[i].frames);
+	kfree(cmds);
+	return ret;
+}
+
+static long rpmb_ioctl_req_cmd(struct rpmb_dev *rdev,
+			       struct rpmb_ioc_req_cmd __user *ptr)
+{
+	struct rpmb_data rpmbd;
+	u64 req_type;
+	int ret;
+
+
+	/* some archs have issues with 64bit get_user */
+	if (copy_from_user(&req_type, &ptr->req_type, sizeof(req_type)))
+		return -EFAULT;
+
+	if (req_type >= U16_MAX)
+		return -EINVAL;
+
+	memset(&rpmbd, 0, sizeof(rpmbd));
+
+	rpmbd.req_type = req_type & 0xFFFF;
+
+	ret = rpmb_cmd_copy_from_user(&rpmbd.icmd, &ptr->icmd);
+	if (ret)
+		goto out;
+
+	ret = rpmb_cmd_copy_from_user(&rpmbd.ocmd, &ptr->ocmd);
+	if (ret)
+		goto out;
+
+	ret = rpmb_cmd_req(rdev, &rpmbd);
+	if (ret)
+		goto out;
+
+	ret = rpmb_cmd_copy_to_user(&ptr->ocmd, &rpmbd.ocmd);
+
+out:
+	kfree(rpmbd.icmd.frames);
+	kfree(rpmbd.ocmd.frames);
+	return ret;
+}
+
+static long __rpmb_ioctl(struct file *fp, unsigned int cmd, void __user *arg)
+{
+	struct rpmb_dev *rdev = fp->private_data;
+
+	switch (cmd) {
+	case RPMB_IOC_REQ_CMD:
+		return rpmb_ioctl_req_cmd(rdev, arg);
+	case RPMB_IOC_SEQ_CMD:
+		return rpmb_ioctl_seq_cmd(rdev, arg);
+	default:
+		dev_err(&rdev->dev, "unsupported ioctl 0x%x.\n", cmd);
+		return -ENOIOCTLCMD;
+	}
+}
+
+static long rpmb_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
+{
+	return __rpmb_ioctl(fp, cmd, (void __user *)arg);
+}
+
+#ifdef CONFIG_COMPAT
+static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
+			      unsigned long arg)
+{
+	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
+}
+#endif /* CONFIG_COMPAT */
+
+static const struct file_operations rpmb_fops = {
+	.open           = rpmb_open,
+	.release        = rpmb_release,
+	.unlocked_ioctl = rpmb_ioctl,
+#ifdef CONFIG_COMPAT
+	.compat_ioctl   = rpmb_compat_ioctl,
+#endif
+	.owner          = THIS_MODULE,
+	.llseek         = noop_llseek,
+};
+
+void rpmb_cdev_prepare(struct rpmb_dev *rdev)
+{
+	rdev->dev.devt = MKDEV(MAJOR(rpmb_devt), rdev->id);
+	rdev->cdev.owner = THIS_MODULE;
+	cdev_init(&rdev->cdev, &rpmb_fops);
+}
+
+void rpmb_cdev_add(struct rpmb_dev *rdev)
+{
+	cdev_add(&rdev->cdev, rdev->dev.devt, 1);
+}
+
+void rpmb_cdev_del(struct rpmb_dev *rdev)
+{
+	if (rdev->dev.devt)
+		cdev_del(&rdev->cdev);
+}
+
+int __init rpmb_cdev_init(void)
+{
+	int ret;
+
+	ret = alloc_chrdev_region(&rpmb_devt, 0, RPMB_MAX_DEVS, "rpmb");
+	if (ret < 0)
+		pr_err("unable to allocate char dev region\n");
+
+	return ret;
+}
+
+void __exit rpmb_cdev_exit(void)
+{
+	if (rpmb_devt)
+		unregister_chrdev_region(rpmb_devt, RPMB_MAX_DEVS);
+}
diff --git a/drivers/char/rpmb/core.c b/drivers/char/rpmb/core.c
index 63271c7ed072..f2d244956d83 100644
--- a/drivers/char/rpmb/core.c
+++ b/drivers/char/rpmb/core.c
@@ -20,6 +20,7 @@
 #include <linux/slab.h>
 
 #include <linux/rpmb.h>
+#include "rpmb-cdev.h"
 
 static DEFINE_IDA(rpmb_ida);
 
@@ -390,6 +391,7 @@ int rpmb_dev_unregister(struct device *dev)
 	rpmb_dev_put(rdev);
 
 	mutex_lock(&rdev->lock);
+	rpmb_cdev_del(rdev);
 	device_del(&rdev->dev);
 	mutex_unlock(&rdev->lock);
 
@@ -440,10 +442,14 @@ struct rpmb_dev *rpmb_dev_register(struct device *dev,
 	rdev->dev.parent = dev;
 	rdev->dev.groups = rpmb_attr_groups;
 
+	rpmb_cdev_prepare(rdev);
+
 	ret = device_register(&rdev->dev);
 	if (ret)
 		goto exit;
 
+	rpmb_cdev_add(rdev);
+
 	dev_dbg(&rdev->dev, "registered disk\n");
 
 	return rdev;
@@ -460,11 +466,12 @@ static int __init rpmb_init(void)
 {
 	ida_init(&rpmb_ida);
 	class_register(&rpmb_class);
-	return 0;
+	return rpmb_cdev_init();
 }
 
 static void __exit rpmb_exit(void)
 {
+	rpmb_cdev_exit();
 	class_unregister(&rpmb_class);
 	ida_destroy(&rpmb_ida);
 }
diff --git a/drivers/char/rpmb/rpmb-cdev.h b/drivers/char/rpmb/rpmb-cdev.h
new file mode 100644
index 000000000000..5fb41e586ba9
--- /dev/null
+++ b/drivers/char/rpmb/rpmb-cdev.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2015-2016 Intel Corp. All rights reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+#ifdef CONFIG_RPMB_INTF_DEV
+int __init rpmb_cdev_init(void);
+void __exit rpmb_cdev_exit(void);
+void rpmb_cdev_prepare(struct rpmb_dev *rdev);
+void rpmb_cdev_add(struct rpmb_dev *rdev);
+void rpmb_cdev_del(struct rpmb_dev *rdev);
+#else
+static inline int __init rpmb_cdev_init(void) { return 0; }
+static inline void __exit rpmb_cdev_exit(void) {}
+static inline void rpmb_cdev_prepare(struct rpmb_dev *rdev) {}
+static inline void rpmb_cdev_add(struct rpmb_dev *rdev) {}
+static inline void rpmb_cdev_del(struct rpmb_dev *rdev) {}
+#endif /* CONFIG_RPMB_INTF_DEV */
diff --git a/include/linux/rpmb.h b/include/linux/rpmb.h
index c6e49ade92e5..c383d8d027e9 100644
--- a/include/linux/rpmb.h
+++ b/include/linux/rpmb.h
@@ -15,79 +15,11 @@
 
 #include <linux/types.h>
 #include <linux/device.h>
+#include <linux/cdev.h>
+#include <uapi/linux/rpmb.h>
 #include <linux/kref.h>
 
 /**
- * struct rpmb_frame - rpmb frame as defined by specs
- *
- * @stuff        : stuff bytes
- * @key_mac      : The authentication key or the message authentication
- *                 code (MAC) depending on the request/response type.
- *                 The MAC will be delivered in the last (or the only)
- *                 block of data.
- * @data         : Data to be written or read by signed access.
- * @nonce        : Random number generated by the host for the requests
- *                 and copied to the response by the RPMB engine.
- * @write_counter: Counter value for the total amount of the successful
- *                 authenticated data write requests made by the host.
- * @addr         : Address of the data to be programmed to or read
- *                 from the RPMB. Address is the serial number of
- *                 the accessed block (half sector 256B).
- * @block_count  : Number of blocks (half sectors, 256B) requested to be
- *                 read/programmed.
- * @result       : Includes information about the status of the write counter
- *                 (valid, expired) and result of the access made to the RPMB.
- * @req_resp     : Defines the type of request and response to/from the memory.
- */
-struct rpmb_frame {
-	u8     stuff[196];
-	u8     key_mac[32];
-	u8     data[256];
-	u8     nonce[16];
-	__be32 write_counter;
-	__be16 addr;
-	__be16 block_count;
-	__be16 result;
-	__be16 req_resp;
-} __packed;
-
-#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
-#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
-#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
-#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
-#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
-
-#define RPMB_REQ2RESP(_OP) ((_OP) << 8)
-#define RPMB_RESP2REQ(_OP) ((_OP) >> 8)
-
-/**
- * enum rpmb_op_result - rpmb operation results
- *
- * @RPMB_ERR_OK      : operation successful
- * @RPMB_ERR_GENERAL : general failure
- * @RPMB_ERR_AUTH    : mac doesn't match or ac calculation failure
- * @RPMB_ERR_COUNTER : counter doesn't match or counter increment failure
- * @RPMB_ERR_ADDRESS : address out of range or wrong address alignment
- * @RPMB_ERR_WRITE   : data, counter, or result write failure
- * @RPMB_ERR_READ    : data, counter, or result read failure
- * @RPMB_ERR_NO_KEY  : authentication key not yet programmed
- *
- * @RPMB_ERR_COUNTER_EXPIRED:  counter expired
- */
-enum rpmb_op_result {
-	RPMB_ERR_OK      = 0x0000,
-	RPMB_ERR_GENERAL = 0x0001,
-	RPMB_ERR_AUTH    = 0x0002,
-	RPMB_ERR_COUNTER = 0x0003,
-	RPMB_ERR_ADDRESS = 0x0004,
-	RPMB_ERR_WRITE   = 0x0005,
-	RPMB_ERR_READ    = 0x0006,
-	RPMB_ERR_NO_KEY  = 0x0007,
-
-	RPMB_ERR_COUNTER_EXPIRED = 0x0080
-};
-
-/**
  * enum rpmb_type - type of underlaying storage technology
  *
  * @RPMB_TYPE_ANY   : any type used for search only
@@ -104,9 +36,6 @@ enum rpmb_type {
 
 extern struct class rpmb_class;
 
-#define RPMB_F_WRITE     BIT(0)
-#define RPMB_F_REL_WRITE BIT(1)
-
 /**
  * struct rpmb_cmd: rpmb access command
  *
@@ -160,12 +89,18 @@ struct rpmb_ops {
  * @lock       : the device lock
  * @dev        : device
  * @id         : device id
+ * @cdev       : character dev
+ * @status     : device status
  * @ops        : operation exported by block layer
  */
 struct rpmb_dev {
 	struct mutex lock; /* device serialization lock */
 	struct device dev;
 	int    id;
+#ifdef CONFIG_RPMB_INTF_DEV
+	struct cdev cdev;
+	unsigned long status;
+#endif /* CONFIG_RPMB_INTF_DEV */
 	const struct rpmb_ops *ops;
 };
 
diff --git a/include/uapi/linux/Kbuild b/include/uapi/linux/Kbuild
index 8bdae34d1f9a..4a02adb48b7a 100644
--- a/include/uapi/linux/Kbuild
+++ b/include/uapi/linux/Kbuild
@@ -360,6 +360,7 @@ header-y += rio_mport_cdev.h
 header-y += romfs_fs.h
 header-y += rose.h
 header-y += route.h
+header-y += rpmb.h
 header-y += rtc.h
 header-y += rtnetlink.h
 header-y += scc.h
diff --git a/include/uapi/linux/rpmb.h b/include/uapi/linux/rpmb.h
new file mode 100644
index 000000000000..a6fa78e03c4f
--- /dev/null
+++ b/include/uapi/linux/rpmb.h
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2015-2016, Intel Corp.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation;
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef _UAPI_LINUX_RPMB_H_
+#define _UAPI_LINUX_RPMB_H_
+
+#include <linux/types.h>
+
+/**
+ * struct rpmb_frame - rpmb frame as defined by specs
+ *
+ * @stuff        : stuff bytes
+ * @key_mac      : The authentication key or the message authentication
+ *                 code (MAC) depending on the request/response type.
+ *                 The MAC will be delivered in the last (or the only)
+ *                 block of data.
+ * @data         : Data to be written or read by signed access.
+ * @nonce        : Random number generated by the host for the requests
+ *                 and copied to the response by the RPMB engine.
+ * @write_counter: Counter value for the total amount of the successful
+ *                 authenticated data write requests made by the host.
+ * @addr         : Address of the data to be programmed to or read
+ *                 from the RPMB. Address is the serial number of
+ *                 the accessed block (half sector 256B).
+ * @block_count  : Number of blocks (half sectors, 256B) requested to be
+ *                 read/programmed.
+ * @result       : Includes information about the status of the write counter
+ *                 (valid, expired) and result of the access made to the RPMB.
+ * @req_resp     : Defines the type of request and response to/from the memory.
+ */
+struct rpmb_frame {
+	__u8   stuff[196];
+	__u8   key_mac[32];
+	__u8   data[256];
+	__u8   nonce[16];
+	__be32 write_counter;
+	__be16 addr;
+	__be16 block_count;
+	__be16 result;
+	__be16 req_resp;
+} __attribute__((packed));
+
+#define RPMB_PROGRAM_KEY       0x1    /* Program RPMB Authentication Key */
+#define RPMB_GET_WRITE_COUNTER 0x2    /* Read RPMB write counter */
+#define RPMB_WRITE_DATA        0x3    /* Write data to RPMB partition */
+#define RPMB_READ_DATA         0x4    /* Read data from RPMB partition */
+#define RPMB_RESULT_READ       0x5    /* Read result request  (Internal) */
+
+#define RPMB_REQ2RESP(_OP) ((_OP) << 8)
+#define RPMB_RESP2REQ(_OP) ((_OP) >> 8)
+
+/* length of the part of the frame used for HMAC computation */
+#define hmac_data_len \
+	(sizeof(struct rpmb_frame) - offsetof(struct rpmb_frame, data))
+
+/**
+ * enum rpmb_op_result - rpmb operation results
+ *
+ * @RPMB_ERR_OK:       operation successful
+ * @RPMB_ERR_GENERAL:  general failure
+ * @RPMB_ERR_AUTH:     mac doesn't match or ac calculation failure
+ * @RPMB_ERR_COUNTER:  counter doesn't match or counter increment failure
+ * @RPMB_ERR_ADDRESS:  address out of range or wrong address alignment
+ * @RPMB_ERR_WRITE:    data, counter, or result write failure
+ * @RPMB_ERR_READ:     data, counter, or result read failure
+ * @RPMB_ERR_NO_KEY:   authentication key not yet programmed
+ *
+ * @RPMB_ERR_COUNTER_EXPIRED:  counter expired
+ */
+enum rpmb_op_result {
+	RPMB_ERR_OK      = 0x0000,
+	RPMB_ERR_GENERAL = 0x0001,
+	RPMB_ERR_AUTH    = 0x0002,
+	RPMB_ERR_COUNTER = 0x0003,
+	RPMB_ERR_ADDRESS = 0x0004,
+	RPMB_ERR_WRITE   = 0x0005,
+	RPMB_ERR_READ    = 0x0006,
+	RPMB_ERR_NO_KEY  = 0x0007,
+
+	RPMB_ERR_COUNTER_EXPIRED = 0x0080
+};
+
+#define RPMB_F_WRITE     (1UL << 0)
+#define RPMB_F_REL_WRITE (1UL << 1)
+
+/**
+ * struct rpmb_cmd: rpmb access command
+ *
+ * @flags:   command flags
+ *      0 - read command
+ *      1 - write commnad RPMB_F_WRITE
+ *      2 -  reliable write RPMB_F_REL_WRITE
+ * @nframes: number of rpmb frames in the command
+ * @frames_ptr:  a pointer to the list of rpmb frames
+ */
+struct rpmb_ioc_cmd {
+	__u32 flags;
+	__u32 nframes;
+	__aligned_u64 frames_ptr;
+};
+
+#define rpmb_ioc_cmd_set_frames(_cmd, _ptr) \
+	(_cmd).frames_ptr = (__aligned_u64)(intptr_t)(_ptr)
+
+#define rpmb_ioc_cmd_set(_cmd, _flags, _ptr, _n) do {         \
+	(_cmd).flags = (_flags);                              \
+	(_cmd).nframes = (_n);                                \
+	(_cmd).frames_ptr = (__aligned_u64)(intptr_t)(_ptr);  \
+} while (0)
+
+/**
+ * struct rpmb_ioc_req_cmd - rpmb operation request command
+ *
+ * @req_type: request type:  must match the in frame req_resp
+ *            program key
+ *            get write counter
+ *            write data
+ *            read data
+ * @icmd: input command
+ * @ocmd: output/result command
+ */
+struct rpmb_ioc_req_cmd {
+	__u64 req_type;
+	struct rpmb_ioc_cmd icmd;
+	struct rpmb_ioc_cmd ocmd;
+};
+
+/**
+ * struct rpmb_ioc_seq_cmd - rpmb command sequence
+ *
+ * @num_of_cmds: number of commands
+ * @cmds: list of rpmb commands
+ */
+struct rpmb_ioc_seq_cmd {
+	__u64 num_of_cmds;
+	struct rpmb_ioc_cmd cmds[0];
+};
+
+#define RPMB_IOC_REQ_CMD _IOWR(0xB5, 0, struct rpmb_ioc_req_cmd)
+#define RPMB_IOC_SEQ_CMD _IOWR(0xB5, 1, struct rpmb_ioc_seq_cmd)
+
+#endif /* _UAPI_LINUX_RPMB_H_ */
-- 
2.5.5

[PATCH v5 5/8] char: rpmb: add RPMB simulation device

[Tomas Winkler]

This is a simple platform device used for testing
the RPMB subsystem.

The module currently supports two configuration options:
1. max_wr_blks: for specifying max blocks that can be written
in a single command
2. daunits:  used to set storage capacity in 128K units.


Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
V2: remove .owner setting, it is set automatically
V3: 1. Add shutdown handler (similar to ufshcd)
    2. Commit message fix
V4: Use select RPMB in Kconfg to ensure valid configuration.
V5: Revamp the code using the sequence command.

 drivers/char/rpmb/Kconfig    |  10 +
 drivers/char/rpmb/Makefile   |   1 +
 drivers/char/rpmb/rpmb_sim.c | 668 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 679 insertions(+)
 create mode 100644 drivers/char/rpmb/rpmb_sim.c

diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
index 6794be9fcc5e..c21b3934249f 100644
--- a/drivers/char/rpmb/Kconfig
+++ b/drivers/char/rpmb/Kconfig
@@ -13,3 +13,13 @@ config RPMB_INTF_DEV
 	help
 	  Say yes here if you want to access RPMB from user space
 	  via character device interface /dev/rpmb%d
+
+
+config RPMB_SIM
+	tristate "RPMB partition device simulator"
+	default n
+	select RPMB
+	select CRYPTO_SHA256
+	select CRYPTO_HMAC
+	help
+	  RPMB partition simulator used for testing the RPMB subsystem
diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
index b5dc087b1299..81f924fd9a87 100644
--- a/drivers/char/rpmb/Makefile
+++ b/drivers/char/rpmb/Makefile
@@ -1,5 +1,6 @@
 obj-$(CONFIG_RPMB) += rpmb.o
 rpmb-objs += core.o
 rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o
+obj-$(CONFIG_RPMB_SIM) += rpmb_sim.o
 
 ccflags-y += -D__CHECK_ENDIAN__
diff --git a/drivers/char/rpmb/rpmb_sim.c b/drivers/char/rpmb/rpmb_sim.c
new file mode 100644
index 000000000000..e33f6809ae2c
--- /dev/null
+++ b/drivers/char/rpmb/rpmb_sim.c
@@ -0,0 +1,668 @@
+/******************************************************************************
+ * This file is provided under a dual BSD/GPLv2 license.  When using or
+ * redistributing this file, you may do so under either license.
+ *
+ * GPL LICENSE SUMMARY
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * The full GNU General Public License is included in this distribution
+ * in the file called LICENSE.GPL.
+ *
+ * Contact Information:
+ *	Intel Corporation.
+ *	linux-mei@linux.intel.com
+ *	http://www.intel.com
+ *
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name Intel Corporation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ *****************************************************************************/
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/platform_device.h>
+#include <linux/device.h>
+#include <crypto/hash.h>
+#include <linux/scatterlist.h>
+#include <linux/sizes.h>
+
+#include <linux/rpmb.h>
+
+static const char id[] = "RPMB:SIM";
+#define CAPACITY_UNIT SZ_128K
+#define CAPACITY_MIN  SZ_128K
+#define CAPACITY_MAX  SZ_16M
+#define BLK_UNIT      SZ_256
+
+static unsigned int max_wr_blks = 1;
+module_param(max_wr_blks, uint, 0644);
+MODULE_PARM_DESC(max_wr_blks, "max blocks that can be written in a single command (default: 1)");
+
+static unsigned int daunits = 1;
+module_param(daunits, uint, 0644);
+MODULE_PARM_DESC(daunits, "number of data area units of 128K (default: 1)");
+
+struct blk {
+	u8 data[BLK_UNIT];
+};
+
+/**
+ * struct rpmb_sim_dev
+ *
+ * @dev:  back pointer to the platform device
+ * @rdev: rpmb device
+ * @auth_key: Authentication key register which is used to authenticate
+ *            accesses when MAC is calculated;
+ * @auth_key_set: true if auth key was set
+ * @write_counter: Counter value for the total amount of successful
+ *             authenticated data write requests made by the host.
+ *             The initial value of this register after production is 00000000h.
+ *             The value will be incremented by one along with each successful
+ *             programming access. The value cannot be reset. After the counter
+ *             has reached the maximum value of FFFFFFFFh,
+ *             it will not be incremented anymore (overflow prevention)
+ * @hash_tfm:  hmac(sha256) tfm
+ *
+ * @res_frames: frame that holds the result of the last write operation
+ * @out_frames: next read operation result frames
+ * @out_frames_cnt: number of the output frames
+ *
+ * @capacity: size of the partition in bytes multiple of 128K
+ * @blkcnt:   block count
+ * @da:       data area in blocks
+ */
+struct rpmb_sim_dev {
+	struct device *dev;
+	struct rpmb_dev *rdev;
+	u8 auth_key[32];
+	bool auth_key_set;
+	u32 write_counter;
+	struct crypto_shash *hash_tfm;
+
+	struct rpmb_frame res_frames[1];
+	struct rpmb_frame *out_frames;
+	unsigned int out_frames_cnt;
+
+	size_t capacity;
+	size_t blkcnt;
+	struct blk *da;
+};
+
+static __be16 op_result(struct rpmb_sim_dev *rsdev, u16 result)
+{
+	if (!rsdev->auth_key_set)
+		return cpu_to_be16(RPMB_ERR_NO_KEY);
+
+	if (rsdev->write_counter == 0xFFFFFFFF)
+		result |=  RPMB_ERR_COUNTER_EXPIRED;
+
+	return cpu_to_be16(result);
+}
+
+static __be16 req_to_resp(u16 req)
+{
+	return cpu_to_be16(RPMB_REQ2RESP(req));
+}
+
+static int rpmb_sim_calc_hmac(struct rpmb_sim_dev *rsdev,
+			      struct rpmb_frame *frames,
+			      unsigned int blks, u8 *mac)
+{
+	SHASH_DESC_ON_STACK(desc, rsdev->hash_tfm);
+	int i;
+	int ret;
+
+	desc->tfm = rsdev->hash_tfm;
+	desc->flags = 0;
+
+	ret = crypto_shash_init(desc);
+	if (ret)
+		goto out;
+
+	for (i = 0; i < blks; i++) {
+		ret = crypto_shash_update(desc, frames[i].data, hmac_data_len);
+		if (ret)
+			goto out;
+	}
+	ret = crypto_shash_final(desc, mac);
+out:
+	if (ret)
+		dev_err(rsdev->dev, "digest error = %d", ret);
+
+	return ret;
+}
+
+static int rpmb_op_not_programmed(struct rpmb_sim_dev *rsdev, u16 req)
+{
+	struct rpmb_frame *res_frame = rsdev->res_frames;
+
+	res_frame->req_resp = req_to_resp(req);
+	res_frame->result = op_result(rsdev, RPMB_ERR_NO_KEY);
+
+	dev_err(rsdev->dev, "not programmed\n");
+
+	return 0;
+}
+
+static int rpmb_op_program_key(struct rpmb_sim_dev *rsdev,
+			       struct rpmb_frame *in_frame, u32 cnt)
+{
+	struct rpmb_frame *res_frame = rsdev->res_frames;
+	u16 req;
+	int ret;
+	u16 err = RPMB_ERR_OK;
+
+	req = be16_to_cpu(in_frame[0].req_resp);
+
+	if (req != RPMB_PROGRAM_KEY)
+		return -EINVAL;
+
+	if (cnt != 1)
+		return -EINVAL;
+
+	if (rsdev->auth_key_set) {
+		dev_err(rsdev->dev, "key allread set\n");
+		err = RPMB_ERR_WRITE;
+		goto out;
+	}
+
+	ret = crypto_shash_setkey(rsdev->hash_tfm, in_frame[0].key_mac, 32);
+	if (ret) {
+		dev_err(rsdev->dev, "set key failed = %d\n", ret);
+		err = RPMB_ERR_GENERAL;
+		goto out;
+	}
+
+	dev_dbg(rsdev->dev, "digest size %u\n",
+		crypto_shash_digestsize(rsdev->hash_tfm));
+
+	memcpy(rsdev->auth_key, in_frame[0].key_mac, 32);
+	rsdev->auth_key_set = true;
+out:
+
+	memset(res_frame, 0, sizeof(struct rpmb_frame));
+	res_frame->req_resp = req_to_resp(req);
+	res_frame->result = op_result(rsdev, err);
+
+	return 0;
+}
+
+static int rpmb_op_get_wr_counter(struct rpmb_sim_dev *rsdev,
+				  struct rpmb_frame *in_frame, u32 cnt)
+{
+	struct rpmb_frame *frame;
+	int ret = 0;
+	u16 req;
+	u16 err;
+
+	req = be16_to_cpu(in_frame[0].req_resp);
+	if (req != RPMB_GET_WRITE_COUNTER)
+		return -EINVAL;
+
+	if (cnt != 1)
+		return -EINVAL;
+
+	frame = kcalloc(1, sizeof(struct rpmb_frame), GFP_KERNEL);
+	if (!frame) {
+		err = RPMB_ERR_READ;
+		ret = -ENOMEM;
+		rsdev->out_frames = rsdev->res_frames;
+		rsdev->out_frames_cnt = cnt;
+		goto out;
+	}
+
+	rsdev->out_frames = frame;
+	rsdev->out_frames_cnt = cnt;
+
+	frame->req_resp = req_to_resp(req);
+	frame->write_counter = cpu_to_be32(rsdev->write_counter);
+	memcpy(frame->nonce, in_frame[0].nonce, 16);
+
+	err = RPMB_ERR_OK;
+	if (rpmb_sim_calc_hmac(rsdev, frame, cnt, frame->key_mac))
+		err = RPMB_ERR_READ;
+
+out:
+	rsdev->out_frames[0].req_resp = req_to_resp(req);
+	rsdev->out_frames[0].result = op_result(rsdev, err);
+
+	return ret;
+}
+
+static int rpmb_op_write_data(struct rpmb_sim_dev *rsdev,
+			      struct rpmb_frame *in_frame, u32 cnt)
+{
+	struct rpmb_frame *res_frame = rsdev->res_frames;
+	u8 mac[32];
+	u16 req, err, addr, blks;
+	unsigned int i;
+	int ret = 0;
+
+	req = be16_to_cpu(in_frame[0].req_resp);
+	if (req != RPMB_WRITE_DATA)
+		return -EINVAL;
+
+	if (rsdev->write_counter == 0xFFFFFFFF) {
+		err = RPMB_ERR_WRITE;
+		goto out;
+	}
+
+	blks = be16_to_cpu(in_frame[0].block_count);
+	if (blks == 0 || blks > cnt) {
+		ret = -EINVAL;
+		err = RPMB_ERR_GENERAL;
+		goto out;
+	}
+
+	if (blks > max_wr_blks) {
+		err = RPMB_ERR_WRITE;
+		goto out;
+	}
+
+	addr = be16_to_cpu(in_frame[0].addr);
+	if (addr >= rsdev->blkcnt) {
+		err = RPMB_ERR_ADDRESS;
+		goto out;
+	}
+
+	if (rpmb_sim_calc_hmac(rsdev, in_frame, blks, mac)) {
+		err = RPMB_ERR_AUTH;
+		goto out;
+	}
+
+	/* mac is in the last frame */
+	if (memcmp(mac, in_frame[blks - 1].key_mac, sizeof(mac)) != 0) {
+		err = RPMB_ERR_AUTH;
+		goto out;
+	}
+
+	if (be32_to_cpu(in_frame[0].write_counter) != rsdev->write_counter) {
+		err = RPMB_ERR_COUNTER;
+		goto out;
+	}
+
+	if (addr + blks > rsdev->blkcnt) {
+		err = RPMB_ERR_WRITE;
+		goto out;
+	}
+
+	err = RPMB_ERR_OK;
+	for (i = 0; i < blks; i++)
+		memcpy(rsdev->da[addr + i].data, in_frame[i].data, BLK_UNIT);
+
+	rsdev->write_counter++;
+
+out:
+	memset(res_frame, 0, sizeof(struct rpmb_frame));
+	if (err == RPMB_ERR_OK) {
+		res_frame->write_counter = cpu_to_be32(rsdev->write_counter);
+		memcpy(res_frame->key_mac, mac, sizeof(mac));
+	}
+	res_frame->req_resp = req_to_resp(req);
+	res_frame->result = op_result(rsdev, err);
+
+	return ret;
+}
+
+static int rpmb_op_read_data(struct rpmb_sim_dev *rsdev,
+			     struct rpmb_frame *in_frame, u32 cnt)
+{
+	struct rpmb_frame *res_frame = rsdev->res_frames;
+	struct rpmb_frame *out_frame;
+	u8 mac[32];
+	u16 req, err, addr, blks;
+	unsigned int i;
+	int ret;
+
+	req = be16_to_cpu(in_frame[0].req_resp);
+	if (req != RPMB_READ_DATA)
+		return -EINVAL;
+
+	out_frame = kcalloc(cnt, sizeof(struct rpmb_frame), GFP_KERNEL);
+	if (!out_frame) {
+		ret = -ENOMEM;
+		err = RPMB_ERR_READ;
+		goto out;
+	}
+
+	blks = be16_to_cpu(in_frame[0].block_count);
+	if (blks == 0 || blks > cnt) {
+		ret = -EINVAL;
+		err = RPMB_ERR_READ;
+		goto out;
+	}
+
+	ret = 0;
+	addr = be16_to_cpu(in_frame[0].addr);
+	if (addr >= rsdev->blkcnt) {
+		err = RPMB_ERR_ADDRESS;
+		goto out;
+	}
+
+	if (addr + blks > rsdev->blkcnt) {
+		err = RPMB_ERR_READ;
+		goto out;
+	}
+
+	for (i = 0; i < blks; i++) {
+		memcpy(out_frame[i].data, rsdev->da[addr + i].data, BLK_UNIT);
+		memcpy(out_frame[i].nonce, in_frame[0].nonce, 16);
+		out_frame[i].req_resp = req_to_resp(req);
+		out_frame[i].addr = in_frame[0].addr;
+		out_frame[i].block_count = cpu_to_be16(blks);
+	}
+
+	if (rpmb_sim_calc_hmac(rsdev, out_frame, blks, mac)) {
+		err = RPMB_ERR_AUTH;
+		goto out;
+	}
+
+	memcpy(out_frame[blks - 1].key_mac, mac, sizeof(mac));
+
+	err = RPMB_ERR_OK;
+	out_frame[0].result = op_result(rsdev, err);
+
+	rsdev->out_frames = out_frame;
+	rsdev->out_frames_cnt = cnt;
+
+out:
+	memset(res_frame, 0, sizeof(struct rpmb_frame));
+	res_frame->req_resp = req_to_resp(req);
+	res_frame->result = op_result(rsdev, err);
+	if (err != RPMB_ERR_OK) {
+		kfree(out_frame);
+		rsdev->out_frames = res_frame;
+		rsdev->out_frames_cnt = 1;
+	}
+
+	return ret;
+}
+
+static int rpmb_op_result_read(struct rpmb_sim_dev *rsdev,
+			       struct rpmb_frame *frames, u32 cnt)
+{
+	u16 req = be16_to_cpu(frames[0].req_resp);
+	u16 blks = be16_to_cpu(frames[0].block_count);
+
+	if (req != RPMB_RESULT_READ)
+		return -EINVAL;
+
+	if (blks != 0)
+		return -EINVAL;
+
+	rsdev->out_frames = rsdev->res_frames;
+	rsdev->out_frames_cnt = 1;
+	return 0;
+}
+
+static int rpmb_sim_write(struct rpmb_sim_dev *rsdev,
+			  struct rpmb_frame *frames, u32 cnt)
+{
+	u16 req;
+	int ret;
+
+	if (!frames || !cnt)
+		return -EINVAL;
+
+	req = be16_to_cpu(frames[0].req_resp);
+	if (!rsdev->auth_key_set && req != RPMB_PROGRAM_KEY)
+		return rpmb_op_not_programmed(rsdev, req);
+
+	switch (req) {
+	case RPMB_PROGRAM_KEY:
+		dev_dbg(rsdev->dev, "rpmb: program key\n");
+		ret = rpmb_op_program_key(rsdev, frames, cnt);
+		break;
+	case RPMB_WRITE_DATA:
+		dev_dbg(rsdev->dev, "rpmb: write data\n");
+		ret = rpmb_op_write_data(rsdev, frames, cnt);
+		break;
+	case RPMB_GET_WRITE_COUNTER:
+		dev_dbg(rsdev->dev, "rpmb: get write counter\n");
+		ret = rpmb_op_get_wr_counter(rsdev, frames, cnt);
+		break;
+	case RPMB_READ_DATA:
+		dev_dbg(rsdev->dev, "rpmb: read data\n");
+		ret = rpmb_op_read_data(rsdev, frames, cnt);
+		break;
+	case RPMB_RESULT_READ:
+		dev_dbg(rsdev->dev, "rpmb: result read\n");
+		ret = rpmb_op_result_read(rsdev, frames, cnt);
+		break;
+	default:
+		ret = -EINVAL;
+		break;
+	}
+
+	dev_dbg(rsdev->dev, "rpmb: ret=%d\n", ret);
+
+	return ret;
+}
+
+static int rpmb_sim_read(struct rpmb_sim_dev *rsdev,
+			 struct rpmb_frame *frames, u32 cnt)
+{
+	int i;
+
+	if (!frames || !cnt)
+		return -EINVAL;
+
+	if (!rsdev->out_frames || rsdev->out_frames_cnt == 0) {
+		dev_err(rsdev->dev, "out_frames are not set\n");
+		return -EINVAL;
+	}
+
+	for (i = 0; i < min_t(u32, rsdev->out_frames_cnt, cnt); i++)
+		memcpy(frames, rsdev->out_frames, sizeof(struct rpmb_frame));
+
+	if (rsdev->out_frames != rsdev->res_frames)
+		kfree(rsdev->out_frames);
+
+	rsdev->out_frames = NULL;
+	rsdev->out_frames_cnt = 0;
+	dev_dbg(rsdev->dev, "rpmb: cnt=%d\n", cnt);
+
+	return 0;
+}
+
+static int rpmb_sim_cmd_seq(struct device *dev,
+			    struct rpmb_cmd *cmds, u32 ncmds)
+{
+	struct platform_device *pdev;
+	struct rpmb_sim_dev *rsdev;
+	int i;
+	int ret;
+	struct rpmb_cmd *cmd;
+
+	if (!dev)
+		return -EINVAL;
+
+	pdev = to_platform_device(dev);
+	rsdev = platform_get_drvdata(pdev);
+
+	if (!rsdev)
+		return -EINVAL;
+
+	for (ret = 0, i = 0; i < ncmds && !ret; i++) {
+		cmd = &cmds[i];
+		if (cmd->flags & RPMB_F_WRITE)
+			ret = rpmb_sim_write(rsdev, cmd->frames, cmd->nframes);
+		else
+			ret = rpmb_sim_read(rsdev, cmd->frames, cmd->nframes);
+	}
+	return ret;
+}
+
+static struct rpmb_ops rpmb_sim_ops = {
+	.cmd_seq = rpmb_sim_cmd_seq,
+	.type = RPMB_TYPE_EMMC,
+};
+
+static int rpmb_sim_hmac_256_alloc(struct rpmb_sim_dev *rsdev)
+{
+	struct crypto_shash *hash_tfm;
+
+	hash_tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
+	if (IS_ERR(hash_tfm))
+		return PTR_ERR(hash_tfm);
+
+	rsdev->hash_tfm = hash_tfm;
+
+	dev_dbg(rsdev->dev, "hamac(sha256) registered\n");
+	return 0;
+}
+
+static void rpmb_sim_hmac_256_free(struct rpmb_sim_dev *rsdev)
+{
+	if (rsdev->hash_tfm)
+		crypto_free_shash(rsdev->hash_tfm);
+
+	rsdev->hash_tfm = NULL;
+}
+
+static int rpmb_sim_probe(struct platform_device *pdev)
+{
+	struct rpmb_sim_dev *rsdev;
+	int ret;
+
+	rsdev = kzalloc(sizeof(*rsdev), GFP_KERNEL);
+	if (!rsdev)
+		return -ENOMEM;
+
+	rsdev->dev = &pdev->dev;
+
+	ret = rpmb_sim_hmac_256_alloc(rsdev);
+	if (ret)
+		goto err;
+
+	rsdev->capacity = CAPACITY_UNIT * daunits;
+	rsdev->blkcnt  = rsdev->capacity / BLK_UNIT;
+	rsdev->da = kzalloc(rsdev->capacity, GFP_KERNEL);
+	if (!rsdev->da) {
+		ret = -ENOMEM;
+		goto err;
+	}
+
+	rpmb_sim_ops.dev_id_len = strlen(id);
+	rpmb_sim_ops.dev_id = id;
+	rpmb_sim_ops.reliable_wr_cnt = max_wr_blks;
+
+	rsdev->rdev = rpmb_dev_register(rsdev->dev, &rpmb_sim_ops);
+	if (IS_ERR(rsdev->rdev)) {
+		ret = PTR_ERR(rsdev->rdev);
+		goto err;
+	}
+
+	dev_info(&pdev->dev, "registered RPMB capacity = %zu of %zu blocks\n",
+		 rsdev->capacity, rsdev->blkcnt);
+
+	platform_set_drvdata(pdev, rsdev);
+
+	return 0;
+err:
+	rpmb_sim_hmac_256_free(rsdev);
+	if (rsdev)
+		kfree(rsdev->da);
+	kfree(rsdev);
+	return ret;
+}
+
+static int rpmb_sim_remove(struct platform_device *pdev)
+{
+	struct rpmb_sim_dev *rsdev;
+
+	rsdev = platform_get_drvdata(pdev);
+
+	rpmb_dev_unregister(rsdev->dev);
+
+	platform_set_drvdata(pdev, NULL);
+
+	rpmb_sim_hmac_256_free(rsdev);
+
+	kfree(rsdev->da);
+	kfree(rsdev);
+	return 0;
+}
+
+static void rpmb_sim_shutdown(struct platform_device *pdev)
+{
+	rpmb_sim_remove(pdev);
+}
+
+static struct platform_driver rpmb_sim_driver = {
+	.driver = {
+		.name  = "rpmb_sim",
+	},
+	.probe         = rpmb_sim_probe,
+	.remove        = rpmb_sim_remove,
+	.shutdown      = rpmb_sim_shutdown,
+};
+
+static struct platform_device *rpmb_sim_pdev;
+
+static int __init rpmb_sim_init(void)
+{
+	int ret;
+
+	rpmb_sim_pdev = platform_device_register_simple("rpmb_sim", -1,
+							NULL, 0);
+
+	if (IS_ERR(rpmb_sim_pdev))
+		return PTR_ERR(rpmb_sim_pdev);
+
+	ret = platform_driver_register(&rpmb_sim_driver);
+	if (ret)
+		platform_device_unregister(rpmb_sim_pdev);
+
+	return ret;
+}
+
+static void __exit rpmb_sim_exit(void)
+{
+	platform_device_unregister(rpmb_sim_pdev);
+	platform_driver_unregister(&rpmb_sim_driver);
+}
+
+module_init(rpmb_sim_init);
+module_exit(rpmb_sim_exit);
+
+MODULE_AUTHOR("Tomas Winkler <tomas.winkler@intel.com");
+MODULE_LICENSE("Dual BSD/GPL");
+MODULE_ALIAS("platform:rpmb_sim");
-- 
2.5.5

[PATCH v5 6/8] tools rpmb: add RPBM access tool

[Tomas Winkler]

Add simple RPMB host testing tool. It can be used
to program key, write and read data block, and retrieve
write counter.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
V2: resend
V3: fix missing objtool
V4: add verbose option
V5: 1. Adjust to the new API.
    2. Exercise both request and sequence ioctls.

 MAINTAINERS           |   1 +
 tools/Makefile        |  14 +-
 tools/rpmb/.gitignore |   2 +
 tools/rpmb/Makefile   |  33 ++
 tools/rpmb/rpmb.c     | 948 ++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 993 insertions(+), 5 deletions(-)
 create mode 100644 tools/rpmb/.gitignore
 create mode 100644 tools/rpmb/Makefile
 create mode 100644 tools/rpmb/rpmb.c

diff --git a/MAINTAINERS b/MAINTAINERS
index c7c08c6c041b..b842a8be44fb 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9714,6 +9714,7 @@ F:	drivers/char/rpmb/*
 F:	include/uapi/linux/rpmb.h
 F:	include/linux/rpmb.h
 F:	Documentation/ABI/testing/sysfs-class-rpmb
+F:	tools/rpmb/
 
 RTL2830 MEDIA DRIVER
 M:	Antti Palosaari <crope@iki.fi>
diff --git a/tools/Makefile b/tools/Makefile
index f10b64d8c674..b90003945af1 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -20,6 +20,7 @@ help:
 	@echo '  lguest                 - a minimal 32-bit x86 hypervisor'
 	@echo '  net                    - misc networking tools'
 	@echo '  perf                   - Linux performance measurement and analysis tool'
+	@echo '  rpmb                   - Replay protected memory block access tool'
 	@echo '  selftests              - various kernel selftests'
 	@echo '  spi                    - spi tools'
 	@echo '  objtool                - an ELF object analysis tool'
@@ -56,7 +57,7 @@ acpi: FORCE
 cpupower: FORCE
 	$(call descend,power/$@)
 
-cgroup firewire hv guest spi usb virtio vm net iio gpio objtool: FORCE
+cgroup firewire hv guest rpmb spi usb virtio vm net iio gpio objtool: FORCE
 	$(call descend,$@)
 
 liblockdep: FORCE
@@ -86,7 +87,7 @@ freefall: FORCE
 	$(call descend,laptop/$@)
 
 all: acpi cgroup cpupower hv firewire lguest \
-		perf selftests turbostat usb \
+		perf rpmb selftests turbostat usb \
 		virtio vm net x86_energy_perf_policy \
 		tmon freefall objtool
 
@@ -96,7 +97,7 @@ acpi_install:
 cpupower_install:
 	$(call descend,power/$(@:_install=),install)
 
-cgroup_install firewire_install hv_install lguest_install perf_install usb_install virtio_install vm_install net_install objtool_install:
+cgroup_install firewire_install hv_install lguest_install perf_install rpmb_install usb_install virtio_install vm_install net_install objtool_install:
 	$(call descend,$(@:_install=),install)
 
 selftests_install:
@@ -115,7 +116,7 @@ kvm_stat_install:
 	$(call descend,kvm/$(@:_install=),install)
 
 install: acpi_install cgroup_install cpupower_install hv_install firewire_install lguest_install \
-		perf_install selftests_install turbostat_install usb_install \
+		perf_install rpmb_install selftests_install turbostat_install usb_install \
 		virtio_install vm_install net_install x86_energy_perf_policy_install \
 		tmon_install freefall_install objtool_install kvm_stat_install
 
@@ -144,6 +145,9 @@ perf_clean:
 	$(Q)mkdir -p $(PERF_O) .
 	$(Q)$(MAKE) --no-print-directory -C perf O=$(PERF_O) subdir= clean
 
+rpmb_clean:
+	$(call descend,$(@:_clean=),clean)
+
 selftests_clean:
 	$(call descend,testing/$(@:_clean=),clean)
 
@@ -160,7 +164,7 @@ build_clean:
 	$(call descend,build,clean)
 
 clean: acpi_clean cgroup_clean cpupower_clean hv_clean firewire_clean lguest_clean \
-		perf_clean selftests_clean turbostat_clean spi_clean usb_clean virtio_clean \
+		perf_clean rpmb_clean selftests_clean turbostat_clean spi_clean usb_clean virtio_clean \
 		vm_clean net_clean iio_clean x86_energy_perf_policy_clean tmon_clean \
 		freefall_clean build_clean libbpf_clean libsubcmd_clean liblockdep_clean \
 		gpio_clean objtool_clean
diff --git a/tools/rpmb/.gitignore b/tools/rpmb/.gitignore
new file mode 100644
index 000000000000..218f680548e6
--- /dev/null
+++ b/tools/rpmb/.gitignore
@@ -0,0 +1,2 @@
+*.o
+rpmb
diff --git a/tools/rpmb/Makefile b/tools/rpmb/Makefile
new file mode 100644
index 000000000000..96275a8579e6
--- /dev/null
+++ b/tools/rpmb/Makefile
@@ -0,0 +1,33 @@
+CC = $(CROSS_COMPILE)gcc
+LD = $(CROSS_COMPILE)ld
+PKG_CONFIG = $(CROSS_COMPILE)pkg-config
+
+ifeq ($(srctree),)
+srctree := $(patsubst %/,%,$(dir $(shell pwd)))
+srctree := $(patsubst %/,%,$(dir $(srctree)))
+#$(info Determined 'srctree' to be $(srctree))
+endif
+
+INSTALL = install
+prefix ?= /usr/local
+bindir = $(prefix)/bin
+
+
+CFLAGS += -D__EXPORTED_HEADERS__ -g -static
+LDFLAGS += -static
+CFLAGS += -I$(srctree)/include/uapi -I$(srctree)/include
+LDLIBS += $(shell $(PKG_CONFIG) --libs --static libcrypto)
+
+prog := rpmb
+
+all : $(prog)
+
+$(prog): rpmb.o
+
+clean :
+	$(RM) $(prog) *.o
+
+install: $(prog)
+	$(INSTALL) -m755 -d $(DESTDIR)$(bindir)
+	$(INSTALL) $(prog) $(DESTDIR)$(bindir)
+
diff --git a/tools/rpmb/rpmb.c b/tools/rpmb/rpmb.c
new file mode 100644
index 000000000000..c650ea4b1142
--- /dev/null
+++ b/tools/rpmb/rpmb.c
@@ -0,0 +1,948 @@
+/******************************************************************************
+ * This file is provided under a dual BSD/GPLv2 license.  When using or
+ * redistributing this file, you may do so under either license.
+ *
+ * GPL LICENSE SUMMARY
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * The full GNU General Public License is included in this distribution
+ * in the file called LICENSE.GPL.
+ *
+ * Contact Information:
+ *	Intel Corporation.
+ *	linux-mei@linux.intel.com
+ *	http://www.intel.com
+ *
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name Intel Corporation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ *****************************************************************************/
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <libgen.h>
+#include <limits.h>
+#include <ctype.h>
+#include <errno.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+#include <openssl/engine.h>
+#include <openssl/hmac.h>
+
+#include "linux/rpmb.h"
+
+#define RPMB_KEY_SIZE 32
+#define RPMB_MAC_SIZE 32
+#define RPMB_NONCE_SIZE 16
+
+bool verbose;
+#define rpmb_dbg(fmt, ARGS...) do {                     \
+	if (verbose)                                    \
+		fprintf(stderr, "rpmb: " fmt, ##ARGS);  \
+} while (0)
+
+#define rpmb_msg(fmt, ARGS...) \
+	fprintf(stderr, "rpmb: " fmt, ##ARGS)
+
+#define rpmb_err(fmt, ARGS...) \
+	fprintf(stderr, "rpmb: error: " fmt, ##ARGS)
+
+static const char *rpmb_op_str(uint16_t op)
+{
+#define RPMB_OP(_op) case RPMB_##_op: return #_op
+
+	switch (op) {
+	RPMB_OP(PROGRAM_KEY);
+	RPMB_OP(GET_WRITE_COUNTER);
+	RPMB_OP(WRITE_DATA);
+	RPMB_OP(READ_DATA);
+	RPMB_OP(RESULT_READ);
+	break;
+	default:
+		return "unknown";
+	}
+#undef RPMB_OP
+}
+
+static const char *rpmb_result_str(enum rpmb_op_result result)
+{
+#define str(x) #x
+#define RPMB_ERR(_res) case RPMB_ERR_##_res:         \
+	{ if (result & RPMB_ERR_COUNTER_EXPIRED)     \
+		return "COUNTER_EXPIRE:" str(_res);  \
+	else                                         \
+		return #_res;                        \
+	}
+
+	switch (result & 0x000F) {
+	RPMB_ERR(OK);
+	RPMB_ERR(GENERAL);
+	RPMB_ERR(AUTH);
+	RPMB_ERR(COUNTER);
+	RPMB_ERR(ADDRESS);
+	RPMB_ERR(WRITE);
+	RPMB_ERR(READ);
+	RPMB_ERR(NO_KEY);
+	break;
+	default:
+		return "unknown";
+	}
+#undef RPMB_ERR
+#undef str
+};
+
+static inline void __dump_buffer(const char *buf)
+{
+	fprintf(stderr, "%s\n", buf);
+}
+
+static void
+dump_hex_buffer(const char *title, const unsigned char *buf, size_t len)
+{
+	const size_t pbufsz = 16 * 3;
+	char pbuf[pbufsz];
+	int j = 0;
+
+	if (title)
+		fprintf(stderr, "%s\n", title);
+	while (len-- > 0) {
+		snprintf(&pbuf[j], pbufsz - j, "%02X ", *buf++);
+		j += 3;
+		if (j == 16 * 3) {
+			__dump_buffer(pbuf);
+			j = 0;
+		}
+	}
+	if (j)
+		__dump_buffer(pbuf);
+}
+
+static void dbg_dump_frame(const char *title, const struct rpmb_frame *f)
+{
+	uint16_t result, req_resp;
+
+	if (!verbose)
+		return;
+
+	if (!f)
+		return;
+
+	if (title)
+		fprintf(stderr, "%s\n", title);
+
+	result = be16toh(f->result);
+	req_resp = be16toh(f->req_resp);
+	if (req_resp & 0xf00)
+		req_resp = RPMB_RESP2REQ(req_resp);
+
+	fprintf(stderr, "ptr: %p\n", f);
+	dump_hex_buffer("key_mac: ", f->key_mac, 32);
+	dump_hex_buffer("data: ", f->data, 256);
+	dump_hex_buffer("nonce: ", f->nonce, 16);
+	fprintf(stderr, "write_counter: %u\n", be32toh(f->write_counter));
+	fprintf(stderr, "address:  %0X\n", be16toh(f->addr));
+	fprintf(stderr, "block_count: %u\n", be16toh(f->block_count));
+	fprintf(stderr, "result %s:%d\n", rpmb_result_str(result), result);
+	fprintf(stderr, "req_resp %s\n", rpmb_op_str(req_resp));
+}
+
+static int open_dev_file(const char *devfile)
+{
+	int fd;
+
+	fd = open(devfile, O_RDWR);
+	if (fd < 0)
+		rpmb_err("Cannot open: %s: %s\n", devfile, strerror(errno));
+	return fd;
+}
+
+static int open_rd_file(const char *datafile, const char *type)
+{
+	int fd;
+
+	if (!strcmp(datafile, "-"))
+		fd = STDIN_FILENO;
+	else
+		fd = open(datafile, O_RDONLY);
+
+	if (fd < 0)
+		rpmb_err("Cannot open %s: %s: %s\n",
+			 type, datafile, strerror(errno));
+
+	return fd;
+}
+
+static int open_wr_file(const char *datafile, const char *type)
+{
+	int fd;
+
+	if (!strcmp(datafile, "-"))
+		fd = STDOUT_FILENO;
+	else
+		fd = open(datafile, O_WRONLY | O_CREAT | O_APPEND,
+			  S_IRUSR | S_IWUSR);
+	if (fd < 0)
+		rpmb_err("Cannot open %s: %s: %s\n",
+			 type, datafile, strerror(errno));
+	return fd;
+}
+
+static void close_fd(int fd)
+{
+	if (fd > 0 && fd != STDIN_FILENO && fd != STDOUT_FILENO)
+		close(fd);
+}
+
+/* blocking rw wrapper */
+#define rw(func, fd, buf, size)                              \
+({                                                           \
+	ssize_t nread = 0, n;                                \
+	char *_buf = (char *)buf;                            \
+	do {                                                 \
+		n = func(fd, _buf + nread, size - nread);    \
+		if (n == -1 && errno != EINTR) {             \
+			nread = -1;                          \
+			break;                               \
+		} else if (n > 0) {                          \
+			nread += n;                          \
+		}                                            \
+	} while (n != 0 && (size_t)nread != size);           \
+	nread;                                               \
+})
+
+static ssize_t read_file(int fd, unsigned char *data, size_t size)
+{
+	ssize_t ret;
+
+	ret = rw(read, fd, data, size);
+	if (ret < 0) {
+		rpmb_err("cannot read file: %s\n", strerror(errno));
+	} else if (ret != size) {
+		rpmb_err("read %zd but must be %zu bytes length\n", ret, size);
+		ret = -EINVAL;
+	}
+
+	return ret;
+}
+
+static ssize_t write_file(int fd, unsigned char *data, size_t size)
+{
+	ssize_t ret;
+
+	ret = rw(write, fd, data, size);
+	if (ret < 0) {
+		rpmb_err("cannot read file: %s\n", strerror(errno));
+	} else if (ret != size) {
+		rpmb_err("data is %zd but must be %zu bytes length\n",
+			 ret, size);
+		ret = -EINVAL;
+	}
+	return ret;
+}
+
+static int rpmb_calc_hmac_sha256(struct rpmb_frame *frames, size_t blocks_cnt,
+				 const unsigned char key[],
+				 unsigned int key_size,
+				 unsigned char mac[],
+				 unsigned int mac_size)
+{
+	HMAC_CTX ctx;
+	int ret;
+	int i;
+
+	 /* SSL returns 1 on success 0 on failure */
+
+	HMAC_CTX_init(&ctx);
+	ret = HMAC_Init_ex(&ctx, key, key_size, EVP_sha256(), NULL);
+	if (ret == 0)
+		goto out;
+	for (i = 0; i < blocks_cnt; i++)
+		HMAC_Update(&ctx, frames[i].data, hmac_data_len);
+
+	ret = HMAC_Final(&ctx, mac, &mac_size);
+	if (ret == 0)
+		goto out;
+	if (mac_size != RPMB_MAC_SIZE)
+		ret = 0;
+
+	ret = 1;
+out:
+	HMAC_CTX_cleanup(&ctx);
+	return ret == 1 ? 0 : -1;
+}
+
+static int (*rpmb_ioctl)(int fd, uint16_t req,
+			 const struct rpmb_frame *frames_in,
+			 unsigned int cnt_in,
+			 struct rpmb_frame *frames_out,
+			 unsigned int cnt_out);
+
+static int rpmb_ioctl_seq(int fd, uint16_t req,
+			  const struct rpmb_frame *frames_in,
+			  unsigned int cnt_in,
+			  struct rpmb_frame *frames_out,
+			  unsigned int cnt_out)
+{
+	int ret;
+	struct {
+		struct rpmb_ioc_seq_cmd h;
+		struct rpmb_ioc_cmd cmd[3];
+	} iseq = {};
+	struct rpmb_frame *frame_res = NULL;
+	int i;
+	uint32_t flags;
+
+	rpmb_dbg("RPMB OP: %s\n", rpmb_op_str(req));
+	dbg_dump_frame("In Frame: ", frames_in);
+
+	i = 0;
+	flags = RPMB_F_WRITE;
+	if (req == RPMB_WRITE_DATA || req == RPMB_PROGRAM_KEY)
+		flags |= RPMB_F_REL_WRITE;
+	rpmb_ioc_cmd_set(iseq.cmd[i], flags, frames_in, cnt_in);
+	i++;
+
+	if (req == RPMB_WRITE_DATA || req == RPMB_PROGRAM_KEY) {
+		frame_res = calloc(1, sizeof(*frame_res));
+		frame_res->req_resp =  htobe16(RPMB_RESULT_READ);
+		if (!frame_res)
+			return -ENOMEM;
+		rpmb_ioc_cmd_set(iseq.cmd[i], RPMB_F_WRITE, frame_res, 1);
+		i++;
+	}
+
+	rpmb_ioc_cmd_set(iseq.cmd[i], 0, frames_out, cnt_out);
+	i++;
+
+	iseq.h.num_of_cmds = i;
+	ret = ioctl(fd, RPMB_IOC_SEQ_CMD, &iseq);
+	if (ret < 0)
+		rpmb_err("ioctl failure %d: %s\n", ret, strerror(errno));
+
+	dbg_dump_frame("Res Frame: ", frame_res);
+	dbg_dump_frame("Out Frame: ", frames_out);
+	free(frame_res);
+	return ret;
+}
+
+static int rpmb_ioctl_req(int fd, uint16_t req,
+			  const struct rpmb_frame *frames_in,
+			  unsigned int cnt_in,
+			  struct rpmb_frame *frames_out,
+			  unsigned int cnt_out)
+{
+	struct rpmb_ioc_req_cmd ireq;
+	int ret;
+
+	ireq.req_type = req;
+	rpmb_ioc_cmd_set(ireq.icmd, RPMB_F_WRITE, frames_in, cnt_in);
+	rpmb_ioc_cmd_set(ireq.ocmd, 0, frames_out, cnt_out);
+
+	rpmb_dbg("RPMB OP: %s\n", rpmb_op_str(req));
+	dbg_dump_frame("In Frame: ", frames_in);
+	ret = ioctl(fd, RPMB_IOC_REQ_CMD, &ireq);
+	if (ret < 0)
+		rpmb_err("ioctl failure %d: %s\n", ret, strerror(errno));
+	dbg_dump_frame("Out Frame: ", frames_out);
+
+	return ret;
+}
+
+static int op_rpmb_program_key(int nargs, char *argv[])
+{
+	int ret;
+	int  dev_fd = -1, key_fd = -1;
+	uint16_t req = RPMB_PROGRAM_KEY;
+	struct rpmb_frame frame_in, frame_out;
+
+	ret = -EINVAL;
+	if (nargs != 2)
+		return ret;
+
+	dev_fd = open_dev_file(argv[0]);
+	if (dev_fd < 0)
+		goto out;
+	argv++;
+
+	key_fd = open_rd_file(argv[0], "key file");
+	if (key_fd < 0)
+		goto out;
+	argv++;
+
+	memset(&frame_in, 0, sizeof(frame_in));
+	frame_in.req_resp = htobe16(req);
+
+	read_file(key_fd, frame_in.key_mac, RPMB_KEY_SIZE);
+
+	ret = rpmb_ioctl(dev_fd, req, &frame_in, 1, &frame_out, 1);
+	if (ret)
+		goto out;
+
+	ret = be16toh(frame_out.result);
+	if (ret)
+		rpmb_err("RPMB operation %s failed, %s[0x%04x]\n",
+			 rpmb_op_str(req), rpmb_result_str(ret), ret);
+
+out:
+	close_fd(dev_fd);
+	close_fd(key_fd);
+
+	return ret;
+}
+
+static int rpmb_get_write_counter(int dev_fd, unsigned int *cnt,
+				  const unsigned char *key)
+{
+	int ret;
+	uint16_t req = RPMB_GET_WRITE_COUNTER;
+	unsigned char mac[RPMB_MAC_SIZE];
+	struct rpmb_frame frame_in;
+	struct rpmb_frame frame_out;
+
+	memset(&frame_in, 0, sizeof(frame_in));
+	frame_in.req_resp = htobe16(req);
+	RAND_bytes(frame_in.nonce, RPMB_NONCE_SIZE);
+
+	ret = rpmb_ioctl(dev_fd, req, &frame_in, 1, &frame_out, 1);
+	if (ret != 0)
+		return ret;
+
+	ret = be16toh(frame_out.result);
+	if (ret)
+		goto out;
+
+	if (key) {
+		rpmb_calc_hmac_sha256(&frame_out, 1,
+				      key, RPMB_KEY_SIZE,
+				      mac, RPMB_MAC_SIZE);
+		if (memcmp(mac, frame_out.key_mac, RPMB_MAC_SIZE)) {
+			rpmb_err("RPMB hmac mismatch\n");
+			dump_hex_buffer("Result MAC: ",
+					frame_out.key_mac, RPMB_MAC_SIZE);
+			dump_hex_buffer("Expected MAC: ", mac, RPMB_MAC_SIZE);
+			ret = RPMB_ERR_AUTH;
+			goto out;
+		}
+	}
+
+	*cnt = be32toh(frame_out.write_counter);
+
+out:
+	if (ret) {
+		rpmb_err("RPMB operation %s failed, %s[0x%04x]\n",
+			 rpmb_op_str(req), rpmb_result_str(ret), ret);
+	}
+	return ret;
+}
+
+static int op_rpmb_get_write_counter(int nargs, char **argv)
+{
+	int ret;
+	int dev_fd = -1, key_fd = -1;
+	bool has_key;
+	unsigned char key[RPMB_KEY_SIZE];
+	unsigned int cnt;
+
+	if (nargs == 2)
+		has_key = true;
+	else if (nargs == 1)
+		has_key = false;
+	else
+		return -EINVAL;
+
+	ret = -EINVAL;
+	dev_fd = open_dev_file(argv[0]);
+	if (dev_fd < 0)
+		return ret;
+	argv++;
+
+	if (has_key) {
+		key_fd = open_rd_file(argv[0], "key file");
+		if (key_fd < 0)
+			goto out;
+		argv++;
+
+		ret = read_file(key_fd, key, RPMB_KEY_SIZE);
+		if (ret < 0)
+			goto out;
+
+		ret = rpmb_get_write_counter(dev_fd, &cnt, key);
+	} else {
+		ret = rpmb_get_write_counter(dev_fd, &cnt, NULL);
+	}
+
+	if (!ret)
+		printf("Counter value: 0x%08x\n", cnt);
+
+out:
+	close_fd(dev_fd);
+	close_fd(key_fd);
+	return ret;
+}
+
+static int op_rpmb_read_blocks(int nargs, char **argv)
+{
+	int i, ret;
+	int dev_fd = -1, data_fd = -1, key_fd = -1;
+	uint16_t req = RPMB_READ_DATA;
+	uint16_t addr, blocks_cnt;
+	unsigned char key[RPMB_KEY_SIZE];
+	unsigned char mac[RPMB_MAC_SIZE];
+	unsigned long numarg;
+	bool has_key;
+	struct rpmb_frame frame_in;
+	struct rpmb_frame *frames_out = NULL;
+	struct rpmb_frame *frame_out;
+
+	ret = -EINVAL;
+	if (nargs == 4)
+		has_key = false;
+	else if (nargs == 5)
+		has_key = true;
+	else
+		return ret;
+
+	dev_fd = open_dev_file(argv[0]);
+	if (dev_fd < 0)
+		goto out;
+	argv++;
+
+	errno = 0;
+	numarg = strtoul(argv[0], NULL, 0);
+	if (errno || numarg > USHRT_MAX) {
+		rpmb_err("wrong block address\n");
+		goto out;
+	}
+	addr = (uint16_t)numarg;
+	argv++;
+
+	errno = 0;
+	numarg = strtoul(argv[0], NULL, 0);
+	if (errno || numarg > USHRT_MAX) {
+		rpmb_err("wrong blocks count\n");
+		goto out;
+	}
+	blocks_cnt = (uint16_t)numarg;
+	argv++;
+
+	if (blocks_cnt == 0) {
+		rpmb_err("wrong blocks count\n");
+		goto out;
+	}
+
+	data_fd = open_wr_file(argv[0], "output data");
+	if (data_fd < 0)
+		goto out;
+	argv++;
+
+	if (has_key) {
+		key_fd = open_rd_file(argv[0], "key file");
+		if (key_fd < 0)
+			goto out;
+		argv++;
+
+		ret = read_file(key_fd, key, RPMB_KEY_SIZE);
+		if (ret < 0)
+			goto out;
+	}
+
+	ret = 0;
+	memset(&frame_in, 0, sizeof(frame_in));
+	frame_in.req_resp = htobe16(req);
+	frame_in.addr = htobe16(addr);
+	frame_in.block_count = htobe16(blocks_cnt);
+	if (has_key)
+		RAND_bytes(frame_in.nonce, RPMB_NONCE_SIZE);
+
+	frames_out = calloc(blocks_cnt, sizeof(struct rpmb_frame));
+	if (!frames_out) {
+		rpmb_err("Cannot allocate %d RPMB frames\n", blocks_cnt);
+		ret = -ENOMEM;
+		goto out;
+	}
+
+	ret = rpmb_ioctl(dev_fd, req, &frame_in, 1, frames_out, blocks_cnt);
+	if (ret)
+		goto out;
+
+	frame_out = &frames_out[blocks_cnt - 1];
+	ret = be16toh(frame_out->result);
+	if (ret) {
+		rpmb_err("RPMB operation %s failed, %s[0x%04x]\n",
+			 rpmb_op_str(req), rpmb_result_str(ret), ret);
+		goto out;
+	}
+
+	if (has_key) {
+		rpmb_calc_hmac_sha256(frames_out, blocks_cnt,
+				      key, RPMB_KEY_SIZE,
+				      mac, RPMB_MAC_SIZE);
+		if (memcmp(mac, frame_out->key_mac, RPMB_MAC_SIZE)) {
+			rpmb_err("RPMB hmac mismatch\n");
+			dump_hex_buffer("Result MAC: ",
+					frame_out->key_mac, RPMB_MAC_SIZE);
+			dump_hex_buffer("Expected MAC: ", mac, RPMB_MAC_SIZE);
+			ret = RPMB_ERR_AUTH;
+			goto out;
+		}
+	}
+
+	for (i = 0; i < blocks_cnt; i++) {
+		ret = write_file(data_fd, frames_out[i].data,
+				 sizeof(frames_out[i].data));
+		if (ret < 0)
+			goto out;
+	}
+
+out:
+	free(frames_out);
+	close_fd(dev_fd);
+	close_fd(data_fd);
+	close_fd(key_fd);
+
+	return ret;
+}
+
+static int op_rpmb_write_blocks(int nargs, char **argv)
+{
+	int ret;
+	int dev_fd = -1, key_fd = -1, data_fd = -1;
+	int i;
+	uint16_t req = RPMB_WRITE_DATA;
+	unsigned char key[RPMB_KEY_SIZE];
+	unsigned char mac[RPMB_MAC_SIZE];
+	unsigned long numarg;
+	uint16_t addr, blocks_cnt;
+	unsigned int cnt;
+	struct rpmb_frame *frames_in;
+	struct rpmb_frame frame_out;
+
+	ret = -EINVAL;
+	if (nargs != 5)
+		goto out;
+
+	dev_fd = open_dev_file(argv[0]);
+	if (dev_fd < 0)
+		goto out;
+	argv++;
+
+	errno = 0;
+	numarg = strtoul(argv[0], NULL, 0);
+	if (errno || numarg > USHRT_MAX) {
+		rpmb_err("wrong block address %s\n", argv[0]);
+		goto out;
+	}
+	addr = (uint16_t)numarg;
+	argv++;
+
+	errno = 0;
+	numarg = strtoul(argv[0], NULL, 0);
+	if (errno || numarg > USHRT_MAX) {
+		rpmb_err("wrong blocks count\n");
+		goto out;
+	}
+	blocks_cnt = (uint16_t)numarg;
+	argv++;
+
+	if (blocks_cnt == 0) {
+		rpmb_err("wrong blocks count\n");
+		goto out;
+	}
+
+	data_fd = open_rd_file(argv[0], "data file");
+	if (data_fd < 0)
+		goto out;
+	argv++;
+
+	key_fd = open_rd_file(argv[0], "key file");
+	if (key_fd < 0)
+		goto out;
+	argv++;
+
+	ret = read_file(key_fd, key, RPMB_KEY_SIZE);
+	if (ret < 0)
+		goto out;
+
+	frames_in = calloc(blocks_cnt, sizeof(struct rpmb_frame));
+	if (!frames_in) {
+		rpmb_err("can't allocate memory for RPMB outer frames\n");
+		exit(EXIT_FAILURE);
+	}
+
+	ret = rpmb_get_write_counter(dev_fd, &cnt, key);
+	if (ret)
+		goto out;
+
+	for (i = 0; i < blocks_cnt; i++) {
+		frames_in[i].req_resp      = htobe16(req);
+		frames_in[i].block_count   = htobe16(blocks_cnt);
+		frames_in[i].addr          = htobe16(addr);
+		frames_in[i].write_counter = htobe32(cnt);
+	}
+
+	for (i = 0; i < blocks_cnt; i++) {
+		ret = read_file(data_fd, frames_in[i].data,
+				sizeof(frames_in[0].data));
+		if (ret < 0)
+			goto out;
+	}
+
+	rpmb_calc_hmac_sha256(frames_in, blocks_cnt,
+			      key, RPMB_KEY_SIZE,
+			      mac, RPMB_MAC_SIZE);
+	memcpy(frames_in[blocks_cnt - 1].key_mac, mac, RPMB_MAC_SIZE);
+	ret = rpmb_ioctl(dev_fd, req, frames_in, blocks_cnt, &frame_out, 1);
+	if (ret != 0)
+		goto out;
+
+	ret = be16toh(frame_out.result);
+	if (ret) {
+		rpmb_err("RPMB operation %s failed, %s[0x%04x]\n",
+			 rpmb_op_str(req), rpmb_result_str(ret), ret);
+	}
+out:
+	close_fd(dev_fd);
+	close_fd(data_fd);
+	close_fd(key_fd);
+	return ret;
+}
+
+typedef int (*rpmb_op)(int argc, char *argv[]);
+
+struct rpmb_cmd {
+	const char *op_name;
+	rpmb_op     op;
+	const char  *usage; /* usage title */
+	const char  *help;  /* help */
+};
+
+static const struct rpmb_cmd cmds[] = {
+	{
+	 "program-key",
+	 op_rpmb_program_key,
+	 "<RPMB_DEVICE> <KEY_FILE>",
+	 "    Program authentication key of 32 bytes length from the KEY_FILE\n"
+	 "    when KEY_FILE is -, read standard input.\n"
+	 "    NOTE: This is a one-time programmable irreversible change.\n",
+	},
+	{
+	 "write-counter",
+	 op_rpmb_get_write_counter,
+	 "<RPMB_DEVICE> [KEY_FILE]",
+	 "    Rertrive write counter value from the <RPMB_DEVICE> to stdout.\n"
+	 "    When KEY_FILE is present data is verified via HMAC\n"
+	 "    when KEY_FILE is -, read standard input.\n"
+	},
+	{
+	  "write-blocks",
+	  op_rpmb_write_blocks,
+	  "<RPMB_DEVICE> <address> <block_count> <DATA_FILE> <KEY_FILE>",
+	  "    <block count> of 256 bytes will be written from the DATA_FILE\n"
+	  "    to the <RPMB_DEVICE> at block offset <address>.\n"
+	  "    When DATA_FILE is -, read from standard input.\n",
+	},
+	{
+	  "read-blocks",
+	  op_rpmb_read_blocks,
+	  "<RPMB_DEVICE> <address> <blocks count> <OUTPUT_FILE> [KEY_FILE]",
+	  "    <block count> of 256 bytes will be read from <RPMB_DEVICE>\n"
+	  "    to the OUTPUT_FILE\n"
+	  "    When KEY_FILE is present data is verified via HMAC\n"
+	  "    When OUTPUT/KEY_FILE is -, read from standard input.\n"
+	  "    When OUTPUT_FILE is -, write to standard output\n",
+	},
+
+	{ NULL, NULL, NULL, NULL }
+};
+
+static void help(const char *prog, const struct rpmb_cmd *cmd)
+{
+	printf("%s %s %s\n", prog, cmd->op_name, cmd->usage);
+	printf("%s\n", cmd->help);
+}
+
+static void usage(const char *prog)
+{
+	int i;
+
+	printf("\n");
+	printf("Usage: %s [-v] [-r|-s] <command> <args>\n\n", prog);
+	for (i = 0; cmds[i].op_name; i++)
+		printf("       %s %s %s\n",
+		       prog, cmds[i].op_name, cmds[i].usage);
+
+	printf("\n");
+	printf("      %s -v/--verbose: runs in verbose mode\n", prog);
+	printf("      %s -s/ --sequence: use RPMB_IOC_SEQ_CMD\n", prog);
+	printf("      %s -r/--request: use RPMB_IOC_REQ_CMD\n", prog);
+	printf("      %s help : shows this help\n", prog);
+	printf("      %s help <command>: shows detailed help\n", prog);
+}
+
+static bool call_for_help(const char *arg)
+{
+	return !strcmp(arg, "help") ||
+	       !strcmp(arg, "-h")   ||
+	       !strcmp(arg, "--help");
+}
+
+static bool parse_verbose(const char *arg)
+{
+	return !strcmp(arg, "-v") ||
+	       !strcmp(arg, "--verbose");
+}
+
+static bool parse_req(const char *arg)
+{
+	return !strcmp(arg, "-r") ||
+	       !strcmp(arg, "--request");
+}
+
+static bool parse_seq(const char *arg)
+{
+	return !strcmp(arg, "-s") ||
+	       !strcmp(arg, "--sequence");
+}
+
+static const
+struct rpmb_cmd *parse_args(const char *prog, int *_argc, char **_argv[])
+{
+	int i;
+	int argc = *_argc;
+	char **argv =  *_argv;
+	const struct rpmb_cmd *cmd = NULL;
+	bool need_help = false;
+
+	argc--; argv++;
+
+	if (argc == 0)
+		goto out;
+
+	if (call_for_help(argv[0])) {
+		argc--; argv++;
+		if (argc == 0)
+			goto out;
+
+		need_help = true;
+	}
+
+	if (parse_verbose(argv[0])) {
+		argc--; argv++;
+		if (argc == 0)
+			goto out;
+
+		verbose = true;
+	}
+
+	if (parse_req(argv[0])) {
+		argc--; argv++;
+		if (argc == 0)
+			goto out;
+
+		rpmb_ioctl = rpmb_ioctl_req;
+	}
+
+	if (parse_seq(argv[0])) {
+		argc--; argv++;
+		if (argc == 0)
+			goto out;
+
+		rpmb_ioctl = rpmb_ioctl_seq;
+	}
+
+	if (!rpmb_ioctl)
+		rpmb_ioctl = rpmb_ioctl_req;
+
+	for (i = 0; cmds[i].op_name; i++) {
+		if (!strncmp(argv[0], cmds[i].op_name,
+			     strlen(cmds[i].op_name))) {
+			cmd = &cmds[i];
+			argc--; argv++;
+			break;
+		}
+	}
+
+	if (!cmd)
+		goto out;
+
+	if (need_help || (argc > 0 && call_for_help(argv[0]))) {
+		help(prog, cmd);
+		argc--; argv++;
+		return NULL;
+	}
+
+out:
+	*_argc = argc;
+	*_argv = argv;
+
+	if (!cmd)
+		usage(prog);
+
+	return cmd;
+}
+
+int main(int argc, char *argv[])
+{
+	const char *prog = basename(argv[0]);
+	const struct rpmb_cmd *cmd;
+	int ret;
+
+	cmd = parse_args(prog, &argc, &argv);
+	if (!cmd)
+		exit(EXIT_SUCCESS);
+
+	ret = cmd->op(argc, argv);
+	if (ret == -EINVAL)
+		help(prog, cmd);
+
+	if (ret)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}
-- 
2.5.5

[PATCH v5 7/8] mmc: block: register RPMB partition with the RPMB subsystem

[Tomas Winkler]

Register eMMC RPMB partition with the RPMB subsystem and provide
implementation for the RPMB access operations abstracting
actual multi step process.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
---
V2: resend
V3: commit message fix
V4: Kconfig: use select RPMB to ensure valid configuration
    Switch back to main area after RPMB access
V5: Revamp code using new sequence command
    Support for 8K packets in e.MMC v5.1

 drivers/mmc/card/Kconfig |   1 +
 drivers/mmc/card/block.c | 258 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 256 insertions(+), 3 deletions(-)

diff --git a/drivers/mmc/card/Kconfig b/drivers/mmc/card/Kconfig
index 5562308699bc..537d0bc82781 100644
--- a/drivers/mmc/card/Kconfig
+++ b/drivers/mmc/card/Kconfig
@@ -7,6 +7,7 @@ comment "MMC/SD/SDIO Card Drivers"
 config MMC_BLOCK
 	tristate "MMC block device driver"
 	depends on BLOCK
+	select RPMB
 	default y
 	help
 	  Say Y here to enable the MMC block device driver support.
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index e62fde3ac431..0e1f11da40c2 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -42,6 +42,7 @@
 #include <linux/mmc/host.h>
 #include <linux/mmc/mmc.h>
 #include <linux/mmc/sd.h>
+#include <linux/rpmb.h>
 
 #include <asm/uaccess.h>
 
@@ -110,6 +111,7 @@ struct mmc_blk_data {
 #define MMC_BLK_WRITE		BIT(1)
 #define MMC_BLK_DISCARD		BIT(2)
 #define MMC_BLK_SECDISCARD	BIT(3)
+#define MMC_BLK_RPMB		BIT(4)
 
 	/*
 	 * Only set in main mmc_blk_data associated
@@ -398,8 +400,8 @@ static int mmc_blk_ioctl_copy_to_user(struct mmc_ioc_cmd __user *ic_ptr,
 	return 0;
 }
 
-static int ioctl_rpmb_card_status_poll(struct mmc_card *card, u32 *status,
-				       u32 retries_max)
+static int mmc_blk_rpmb_status_poll(struct mmc_card *card, u32 *status,
+				    u32 retries_max)
 {
 	int err;
 	u32 retry_count = 0;
@@ -572,7 +574,7 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card *card, struct mmc_blk_data *md,
 		 * Ensure RPMB command has completed by polling CMD13
 		 * "Send Status".
 		 */
-		err = ioctl_rpmb_card_status_poll(card, &status, 5);
+		err = mmc_blk_rpmb_status_poll(card, &status, 5);
 		if (err)
 			dev_err(mmc_dev(card->host),
 					"%s: Card Status=0x%08X, error %d\n",
@@ -1162,6 +1164,252 @@ int mmc_access_rpmb(struct mmc_queue *mq)
 	return false;
 }
 
+static int mmc_rpmb_send_cmd(struct mmc_card *card,
+			     unsigned int data_type, bool do_rel_wr,
+			     void *buf, u16 blks)
+{
+	int err;
+	u32 status;
+	struct mmc_command sbc = {
+		.opcode = MMC_SET_BLOCK_COUNT,
+		.flags  = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_AC,
+	};
+
+	struct mmc_command cmd = {
+		.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_ADTC,
+	};
+
+	struct mmc_data data = {
+		.blksz = 512,
+	};
+	struct mmc_request mrq = {
+		.sbc    = &sbc,
+		.cmd    = &cmd,
+		.data   = &data,
+		.stop   = NULL,
+	};
+	struct scatterlist sg;
+
+	/*  set CMD23 */
+	sbc.arg = blks & 0x0000FFFF;
+	if (do_rel_wr)
+		sbc.arg |= MMC_CMD23_ARG_REL_WR;
+
+	/*  set CMD25/18 */
+	cmd.opcode = (data_type == MMC_DATA_WRITE) ?
+		MMC_WRITE_MULTIPLE_BLOCK : MMC_READ_MULTIPLE_BLOCK;
+
+	sg_init_one(&sg, buf, 512 * blks);
+
+	data.blocks = blks;
+	data.sg     = &sg;
+	data.sg_len = 1;
+	data.flags  = data_type;
+	mmc_set_data_timeout(&data, card);
+
+	mmc_wait_for_req(card->host, &mrq);
+
+	if (cmd.error) {
+		dev_err(mmc_dev(card->host), "cmd error (%d)\n", cmd.error);
+		return cmd.error;
+	}
+
+	if (data.error) {
+		dev_err(mmc_dev(card->host), "data error (%d)\n", data.error);
+		return data.error;
+	}
+
+	err = mmc_blk_rpmb_status_poll(card, &status, 5);
+	if (err)
+		dev_err(mmc_dev(card->host), "Card Status=0x%08X, error %d\n",
+			status, err);
+	return err;
+}
+
+static int mmc_blk_rpmb_sequence(struct mmc_card *card,
+				 struct rpmb_cmd *cmds, u32 ncmds)
+{
+	int err, i;
+	struct rpmb_cmd *cmd;
+	unsigned int data_type;
+	bool do_rel_wr;
+
+	for (err = 0, i = 0; i < ncmds && !err; i++) {
+		cmd = &cmds[i];
+		if (cmd->flags & RPMB_F_WRITE) {
+			data_type = MMC_DATA_WRITE;
+			do_rel_wr = !!(cmd->flags & RPMB_F_REL_WRITE);
+		} else {
+			data_type = MMC_DATA_READ;
+			do_rel_wr = false;
+		}
+
+		err =  mmc_rpmb_send_cmd(card, data_type, do_rel_wr,
+					 cmd->frames, cmd->nframes);
+	}
+
+	return err;
+}
+
+static int mmc_blk_rpmb_process(struct mmc_blk_data *md,
+				struct rpmb_cmd *cmds, u32 ncmds)
+{
+	struct mmc_card *card;
+	int ret;
+
+	if (WARN_ON(!md || !cmds || !ncmds))
+		return -EINVAL;
+
+	if (!(md->flags & MMC_BLK_CMD23) ||
+	    (md->part_type != EXT_CSD_PART_CONFIG_ACC_RPMB))
+		return -EOPNOTSUPP;
+
+	card = md->queue.card;
+	if (!card || !mmc_card_mmc(card))
+		return -ENODEV;
+
+	mmc_get_card(card);
+
+	/* switch to RPMB partition */
+	ret = mmc_blk_part_switch(card, md);
+	if (ret) {
+		dev_err(mmc_dev(card->host), "Invalid RPMB partition switch (%d)!\n",
+			ret);
+		/*
+		 * In case partition is not in user data area, make
+		 * a force partition switch.
+		 * we need reset eMMC card at here
+		 */
+		ret = mmc_blk_reset(md, card->host, MMC_BLK_RPMB);
+		if (!ret)
+			mmc_blk_reset_success(md, MMC_BLK_RPMB);
+		else
+			dev_err(mmc_dev(card->host), "eMMC card reset failed (%d)\n",
+				ret);
+		goto out;
+	}
+
+	ret = mmc_blk_rpmb_sequence(card, cmds, ncmds);
+	if (ret)
+		dev_err(mmc_dev(card->host), "failed (%d) to handle RPMB request\n",
+			ret);
+
+	/* Always switch back to main area after RPMB access */
+	mmc_blk_part_switch(card, dev_get_drvdata(&card->dev));
+out:
+	mmc_put_card(card);
+	return ret;
+}
+
+static int mmc_blk_rpmb_cmd_seq(struct device *dev,
+				struct rpmb_cmd *cmds, u32 ncmds)
+{
+	struct mmc_blk_data *md;
+	int ret;
+
+	md = mmc_blk_get(dev_to_disk(dev));
+	if (!md)
+		return -ENODEV;
+
+	if (!cmds || !ncmds)
+		return -EINVAL;
+
+	ret = mmc_blk_rpmb_process(md, cmds, ncmds);
+
+	mmc_blk_put(md);
+
+	return ret;
+}
+
+static struct rpmb_ops mmc_rpmb_dev_ops = {
+	.cmd_seq = mmc_blk_rpmb_cmd_seq,
+	.type = RPMB_TYPE_EMMC,
+};
+
+static struct mmc_blk_data *mmc_blk_rpmb_part_get(struct mmc_blk_data *md)
+{
+	struct mmc_blk_data *part_md;
+
+	if (!md)
+		return NULL;
+
+	list_for_each_entry(part_md, &md->part, part) {
+		if (part_md->area_type == MMC_BLK_DATA_AREA_RPMB)
+			return part_md;
+	}
+
+	return NULL;
+}
+
+static void mmc_blk_rpmb_unset_dev_id(struct rpmb_ops *ops)
+{
+	kfree(ops->dev_id);
+	ops->dev_id = NULL;
+}
+
+static int mmc_blk_rpmb_set_dev_id(struct rpmb_ops *ops, struct mmc_card *card)
+{
+	char *id;
+
+	id = kmalloc(sizeof(card->raw_cid), GFP_KERNEL);
+	if (!id)
+		return -ENOMEM;
+
+	memcpy(id, card->raw_cid, sizeof(card->raw_cid));
+	ops->dev_id = id;
+	ops->dev_id_len = sizeof(card->raw_cid);
+
+	return 0;
+}
+
+static void mmc_blk_rpmb_set_rel_wr_cnt(struct rpmb_ops *ops,
+					struct mmc_card *card)
+{
+	u16 rel_wr_cnt;
+
+	/* RPMB blocks are written in half sectors hence '* 2' */
+	rel_wr_cnt = card->ext_csd.rel_sectors * 2;
+	/* eMMC 5.1 may support RPMB 8K (32) frames */
+	if (card->ext_csd.rev >= 8) {
+		if (card->ext_csd.rel_param & EXT_CSD_WR_REL_PARAM_EN)
+			rel_wr_cnt = 32;
+		else
+			rel_wr_cnt = 2;
+	}
+	ops->reliable_wr_cnt = rel_wr_cnt;
+}
+
+static void mmc_blk_rpmb_add(struct mmc_card *card)
+{
+	struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
+	struct mmc_blk_data *part_md = mmc_blk_rpmb_part_get(md);
+	struct rpmb_dev *rdev;
+
+	if (!part_md)
+		return;
+
+	mmc_blk_rpmb_set_dev_id(&mmc_rpmb_dev_ops, card);
+	mmc_blk_rpmb_set_rel_wr_cnt(&mmc_rpmb_dev_ops, card);
+
+	rdev = rpmb_dev_register(disk_to_dev(part_md->disk),
+				 &mmc_rpmb_dev_ops);
+	if (IS_ERR(rdev)) {
+		pr_warn("%s: cannot register to rpmb %ld\n",
+			part_md->disk->disk_name, PTR_ERR(rdev));
+	}
+}
+
+static void mmc_blk_rpmb_remove(struct mmc_card *card)
+{
+	struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
+	struct mmc_blk_data *part_md = mmc_blk_rpmb_part_get(md);
+
+	if (part_md)
+		rpmb_dev_unregister(disk_to_dev(part_md->disk));
+
+	mmc_blk_rpmb_unset_dev_id(&mmc_rpmb_dev_ops);
+}
+
 static int mmc_blk_issue_discard_rq(struct mmc_queue *mq, struct request *req)
 {
 	struct mmc_blk_data *md = mq->data;
@@ -2613,6 +2861,8 @@ static int mmc_blk_probe(struct mmc_card *card)
 			goto out;
 	}
 
+	mmc_blk_rpmb_add(card);
+
 	pm_runtime_set_autosuspend_delay(&card->dev, 3000);
 	pm_runtime_use_autosuspend(&card->dev);
 
@@ -2637,6 +2887,7 @@ static void mmc_blk_remove(struct mmc_card *card)
 {
 	struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
 
+	mmc_blk_rpmb_remove(card);
 	mmc_blk_remove_parts(card, md);
 	pm_runtime_get_sync(&card->dev);
 	mmc_claim_host(card->host);
@@ -2665,6 +2916,7 @@ static int _mmc_blk_suspend(struct mmc_card *card)
 
 static void mmc_blk_shutdown(struct mmc_card *card)
 {
+	mmc_blk_rpmb_remove(card);
 	_mmc_blk_suspend(card);
 }
 
-- 
2.5.5

[PATCH v5 8/8] scsi: ufs: connect to RPMB subsystem

[Tomas Winkler]

Register UFS RPMB LUN with the RPMB subsystem and provide
implementation for the RPMB access operations. RPMB partition is
accessed via a sequence of security protocol in and security protocol
out commands with UFS specific parameters. This multi step process is
abstracted into 4 basic RPMB commands.

Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
V2: resend
V3: resend
V4: Kconfig: use select RPMB to ensure valid configuration
V5: Revamp code using new sequence command.

 drivers/scsi/ufs/Kconfig  |   1 +
 drivers/scsi/ufs/ufshcd.c | 183 ++++++++++++++++++++++++++++++++++++++++++++++
 drivers/scsi/ufs/ufshcd.h |   2 +
 3 files changed, 186 insertions(+)

diff --git a/drivers/scsi/ufs/Kconfig b/drivers/scsi/ufs/Kconfig
index 097894a1fab5..e6ff8ecff695 100644
--- a/drivers/scsi/ufs/Kconfig
+++ b/drivers/scsi/ufs/Kconfig
@@ -38,6 +38,7 @@ config SCSI_UFSHCD
 	select PM_DEVFREQ
 	select DEVFREQ_GOV_SIMPLE_ONDEMAND
 	select NLS
+	select RPMB
 	---help---
 	This selects the support for UFS devices in Linux, say Y and make
 	  sure that you know the name of your UFS host adapter (the card
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index f8fa72c31a9d..b41fce16f687 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -37,10 +37,13 @@
  * license terms, and distributes only under these terms.
  */
 
+#include <asm/unaligned.h>
 #include <linux/async.h>
 #include <linux/devfreq.h>
 #include <linux/nls.h>
 #include <linux/of.h>
+#include <linux/rpmb.h>
+
 #include "ufshcd.h"
 #include "ufs_quirks.h"
 #include "unipro.h"
@@ -4744,6 +4747,178 @@ static void ufshcd_init_icc_levels(struct ufs_hba *hba)
 
 }
 
+#define SEC_PROTOCOL_UFS  0xEC
+#define   SEC_SPECIFIC_UFS_RPMB 0x0001
+
+#define SEC_PROTOCOL_CMD_SIZE 12
+#define SEC_PROTOCOL_RETRIES 3
+#define SEC_PROTOCOL_RETRIES_ON_RESET 10
+#define SEC_PROTOCOL_TIMEOUT msecs_to_jiffies(1000)
+
+static int
+ufshcd_rpmb_security_out(struct scsi_device *sdev,
+			 struct rpmb_frame *frames, u32 cnt)
+{
+	struct scsi_sense_hdr sshdr;
+	u32 trans_len = cnt * sizeof(struct rpmb_frame);
+	int reset_retries = SEC_PROTOCOL_RETRIES_ON_RESET;
+	int ret;
+	u8 cmd[SEC_PROTOCOL_CMD_SIZE];
+
+	memset(cmd, 0, SEC_PROTOCOL_CMD_SIZE);
+	cmd[0] = SECURITY_PROTOCOL_OUT;
+	cmd[1] = SEC_PROTOCOL_UFS;
+	put_unaligned_be16(SEC_SPECIFIC_UFS_RPMB, cmd + 2);
+	cmd[4] = 0;                              /* inc_512 bit 7 set to 0 */
+	put_unaligned_be32(trans_len, cmd + 6);  /* transfer length */
+
+retry:
+	ret = scsi_execute_req_flags(sdev, cmd, DMA_TO_DEVICE,
+				     frames, trans_len, &sshdr,
+				     SEC_PROTOCOL_TIMEOUT, SEC_PROTOCOL_RETRIES,
+				     NULL, 0);
+
+	if (ret && scsi_sense_valid(&sshdr) &&
+	    sshdr.sense_key == UNIT_ATTENTION &&
+	    sshdr.asc == 0x29 && sshdr.ascq == 0x00)
+		/*
+		 * Device reset might occur several times,
+		 * give it one more chance
+		 */
+		if (--reset_retries > 0)
+			goto retry;
+
+	if (ret)
+		dev_err(&sdev->sdev_gendev, "%s: failed with err %0x\n",
+			__func__, ret);
+
+	if (driver_byte(ret) & DRIVER_SENSE)
+		scsi_print_sense_hdr(sdev, "rpmb: security out", &sshdr);
+
+	return ret;
+}
+
+static int
+ufshcd_rpmb_security_in(struct scsi_device *sdev,
+			struct rpmb_frame *frames, u32 cnt)
+{
+	struct scsi_sense_hdr sshdr;
+	u32 alloc_len = cnt * sizeof(struct rpmb_frame);
+	int reset_retries = SEC_PROTOCOL_RETRIES_ON_RESET;
+	int ret;
+	u8 cmd[SEC_PROTOCOL_CMD_SIZE];
+
+	memset(cmd, 0, SEC_PROTOCOL_CMD_SIZE);
+	cmd[0] = SECURITY_PROTOCOL_IN;
+	cmd[1] = SEC_PROTOCOL_UFS;
+	put_unaligned_be16(SEC_SPECIFIC_UFS_RPMB, cmd + 2);
+	cmd[4] = 0;                             /* inc_512 bit 7 set to 0 */
+	put_unaligned_be32(alloc_len, cmd + 6); /* allocation length */
+
+retry:
+	ret = scsi_execute_req_flags(sdev, cmd, DMA_FROM_DEVICE,
+				     frames, alloc_len, &sshdr,
+				     SEC_PROTOCOL_TIMEOUT, SEC_PROTOCOL_RETRIES,
+				     NULL, 0);
+
+	if (ret && scsi_sense_valid(&sshdr) &&
+	    sshdr.sense_key == UNIT_ATTENTION &&
+	    sshdr.asc == 0x29 && sshdr.ascq == 0x00)
+		/*
+		 * Device reset might occur several times,
+		 * give it one more chance
+		*/
+		if (--reset_retries > 0)
+			goto retry;
+
+	if (ret)
+		dev_err(&sdev->sdev_gendev, "%s: failed with err %0x\n",
+			__func__, ret);
+
+	if (driver_byte(ret) & DRIVER_SENSE)
+		scsi_print_sense_hdr(sdev, "rpmb: security in", &sshdr);
+
+	return ret;
+}
+
+static int ufshcd_rpmb_cmd_seq(struct device *dev,
+			       struct rpmb_cmd *cmds, u32 ncmds)
+{
+	unsigned long flags;
+	struct ufs_hba *hba = dev_get_drvdata(dev);
+	struct scsi_device *sdev;
+	struct rpmb_cmd *cmd;
+	int i;
+	int ret;
+
+	spin_lock_irqsave(hba->host->host_lock, flags);
+	sdev = hba->sdev_ufs_rpmb;
+	if (sdev) {
+		ret = scsi_device_get(sdev);
+		if (!ret && !scsi_device_online(sdev)) {
+			ret = -ENODEV;
+			scsi_device_put(sdev);
+		}
+	} else {
+		ret = -ENODEV;
+	}
+	spin_unlock_irqrestore(hba->host->host_lock, flags);
+	if (ret)
+		return ret;
+
+	for (ret = 0, i = 0; i < ncmds && !ret; i++) {
+		cmd = &cmds[i];
+		if (cmd->flags & RPMB_F_WRITE)
+			ret = ufshcd_rpmb_security_out(sdev, cmd->frames,
+						       cmd->nframes);
+		else
+			ret = ufshcd_rpmb_security_in(sdev, cmd->frames,
+						      cmd->nframes);
+	}
+	scsi_device_put(sdev);
+	return ret;
+}
+
+static struct rpmb_ops ufshcd_rpmb_dev_ops = {
+	.cmd_seq = ufshcd_rpmb_cmd_seq,
+	.type = RPMB_TYPE_UFS,
+};
+
+static inline void ufshcd_rpmb_add(struct ufs_hba *hba)
+{
+	struct rpmb_dev *rdev;
+
+	scsi_device_get(hba->sdev_ufs_rpmb);
+	rdev = rpmb_dev_register(hba->dev, &ufshcd_rpmb_dev_ops);
+	if (IS_ERR(rdev)) {
+		dev_warn(hba->dev, "%s: cannot register to rpmb %ld\n",
+			 dev_name(hba->dev), PTR_ERR(rdev));
+		goto out_put_dev;
+	}
+
+	return;
+
+out_put_dev:
+	scsi_device_put(hba->sdev_ufs_rpmb);
+	hba->sdev_ufs_rpmb = NULL;
+}
+
+static inline void ufshcd_rpmb_remove(struct ufs_hba *hba)
+{
+	unsigned long flags;
+
+	if (!hba->sdev_ufs_rpmb)
+		return;
+
+	spin_lock_irqsave(hba->host->host_lock, flags);
+
+	rpmb_dev_unregister(hba->dev);
+	scsi_device_put(hba->sdev_ufs_rpmb);
+	hba->sdev_ufs_rpmb = NULL;
+
+	spin_unlock_irqrestore(hba->host->host_lock, flags);
+}
+
 /**
  * ufshcd_scsi_add_wlus - Adds required W-LUs
  * @hba: per-adapter instance
@@ -4799,7 +4974,11 @@ static int ufshcd_scsi_add_wlus(struct ufs_hba *hba)
 		ret = PTR_ERR(sdev_rpmb);
 		goto remove_sdev_boot;
 	}
+	hba->sdev_ufs_rpmb = sdev_rpmb;
+
+	ufshcd_rpmb_add(hba);
 	scsi_device_put(sdev_rpmb);
+
 	goto out;
 
 remove_sdev_boot:
@@ -6168,6 +6347,8 @@ int ufshcd_shutdown(struct ufs_hba *hba)
 			goto out;
 	}
 
+	ufshcd_rpmb_remove(hba);
+
 	ret = ufshcd_suspend(hba, UFS_SHUTDOWN_PM);
 out:
 	if (ret)
@@ -6184,6 +6365,8 @@ EXPORT_SYMBOL(ufshcd_shutdown);
  */
 void ufshcd_remove(struct ufs_hba *hba)
 {
+	ufshcd_rpmb_remove(hba);
+
 	scsi_remove_host(hba->host);
 	/* disable interrupts */
 	ufshcd_disable_intr(hba, hba->intr_mask);
diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h
index 4bb65669f052..92bfddf80ae8 100644
--- a/drivers/scsi/ufs/ufshcd.h
+++ b/drivers/scsi/ufs/ufshcd.h
@@ -346,6 +346,7 @@ struct ufs_init_prefetch {
  * @utmrdl_dma_addr: UTMRDL DMA address
  * @host: Scsi_Host instance of the driver
  * @dev: device handle
+ * @sdev_ufs_rpmb: reference to RPMB device W-LU
  * @lrb: local reference block
  * @lrb_in_use: lrb in use
  * @outstanding_tasks: Bits representing outstanding task requests
@@ -408,6 +409,7 @@ struct ufs_hba {
 	 * "UFS device" W-LU.
 	 */
 	struct scsi_device *sdev_ufs_device;
+	struct scsi_device *sdev_ufs_rpmb;
 
 	enum ufs_dev_pwr_mode curr_dev_pwr_mode;
 	enum uic_link_state uic_link_state;
-- 
2.5.5

Re: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Paul Gortmaker]

On Mon, Jul 18, 2016 at 4:27 PM, Tomas Winkler <tomas.winkler@intel.com> wrote:
> The user space API is achieved via two synchronous IOCTL.
> Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is performed
> by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD where
> the whole RPMB sequence including RESULT_READ is supplied by the caller.
> The latter is intended for  easier adjusting  of the  applications that
> use MMC_IOC_MULTI_CMD ioctl.
>
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> ---

[...]

> diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
> index c5e6e909efce..6794be9fcc5e 100644
> --- a/drivers/char/rpmb/Kconfig
> +++ b/drivers/char/rpmb/Kconfig
> @@ -6,3 +6,10 @@ config RPMB
>           access RPMB partition.
>
>           If unsure, select N.
> +
> +config RPMB_INTF_DEV
> +       bool "RPMB character device interface /dev/rpmbN"

A bool Kconfig should ideally....

> +       depends on RPMB
> +       help
> +         Say yes here if you want to access RPMB from user space
> +         via character device interface /dev/rpmb%d
> diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
> index 812b3ed264c0..b5dc087b1299 100644
> --- a/drivers/char/rpmb/Makefile
> +++ b/drivers/char/rpmb/Makefile
> @@ -1,4 +1,5 @@
>  obj-$(CONFIG_RPMB) += rpmb.o
>  rpmb-objs += core.o
> +rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o
>
>  ccflags-y += -D__CHECK_ENDIAN__
> diff --git a/drivers/char/rpmb/cdev.c b/drivers/char/rpmb/cdev.c
> new file mode 100644
> index 000000000000..f3ad3444f76d
> --- /dev/null
> +++ b/drivers/char/rpmb/cdev.c
> @@ -0,0 +1,269 @@
> +/*
> + * Copyright (C) 2015-2016 Intel Corp. All rights reserved
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; version 2 of the License.
> + *
> + * This program is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * General Public License for more details.
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/module.h>

....not use module.h or any MODULE_ macros from within it.

Thanks,
Paul.
--

> +#include <linux/fs.h>
> +#include <linux/uaccess.h>
> +#include <linux/compat.h>
> +#include <linux/slab.h>
> +#include <linux/capability.h>
> +
> +#include <linux/rpmb.h>
> +
> +#include "rpmb-cdev.h"
> +
> +static dev_t rpmb_devt;

RE: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Winkler, Tomas]

> 
> On Mon, Jul 18, 2016 at 4:27 PM, Tomas Winkler <tomas.winkler@intel.com>
> wrote:
> > The user space API is achieved via two synchronous IOCTL.
> > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> performed
> > by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> where
> > the whole RPMB sequence including RESULT_READ is supplied by the caller.
> > The latter is intended for  easier adjusting  of the  applications
> > that use MMC_IOC_MULTI_CMD ioctl.
> >
> > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > ---
> 
> [...]
> 
> > diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
> > index c5e6e909efce..6794be9fcc5e 100644
> > --- a/drivers/char/rpmb/Kconfig
> > +++ b/drivers/char/rpmb/Kconfig
> > @@ -6,3 +6,10 @@ config RPMB
> >           access RPMB partition.
> >
> >           If unsure, select N.
> > +
> > +config RPMB_INTF_DEV
> > +       bool "RPMB character device interface /dev/rpmbN"
> 
> A bool Kconfig should ideally....
> 
> > +       depends on RPMB
> > +       help
> > +         Say yes here if you want to access RPMB from user space
> > +         via character device interface /dev/rpmb%d
> > diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
> > index 812b3ed264c0..b5dc087b1299 100644
> > --- a/drivers/char/rpmb/Makefile
> > +++ b/drivers/char/rpmb/Makefile
> > @@ -1,4 +1,5 @@
> >  obj-$(CONFIG_RPMB) += rpmb.o
> >  rpmb-objs += core.o
> > +rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o

This is not a builtin, this is an optional part of the module 

> > +#include <linux/module.h>
> 
> ....not use module.h or any MODULE_ macros from within it.

Can be dropped in this case as no macros are used, 
but the pattern Kconfig bool -> no include module.h  you are following has false positive cases.

Thanks
Tomas

Re: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Paul Gortmaker]

[RE: [PATCH v5 4/8] char: rpmb: provide a user space interface] On 20/07/2016 (Wed 09:02) Winkler, Tomas wrote:

> > 
> > On Mon, Jul 18, 2016 at 4:27 PM, Tomas Winkler <tomas.winkler@intel.com>
> > wrote:
> > > The user space API is achieved via two synchronous IOCTL.
> > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> > performed
> > > by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> > where
> > > the whole RPMB sequence including RESULT_READ is supplied by the caller.
> > > The latter is intended for  easier adjusting  of the  applications
> > > that use MMC_IOC_MULTI_CMD ioctl.
> > >
> > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > ---
> > 
> > [...]
> > 
> > > diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
> > > index c5e6e909efce..6794be9fcc5e 100644
> > > --- a/drivers/char/rpmb/Kconfig
> > > +++ b/drivers/char/rpmb/Kconfig
> > > @@ -6,3 +6,10 @@ config RPMB
> > >           access RPMB partition.
> > >
> > >           If unsure, select N.
> > > +
> > > +config RPMB_INTF_DEV
> > > +       bool "RPMB character device interface /dev/rpmbN"
> > 
> > A bool Kconfig should ideally....
> > 
> > > +       depends on RPMB
> > > +       help
> > > +         Say yes here if you want to access RPMB from user space
> > > +         via character device interface /dev/rpmb%d
> > > diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
> > > index 812b3ed264c0..b5dc087b1299 100644
> > > --- a/drivers/char/rpmb/Makefile
> > > +++ b/drivers/char/rpmb/Makefile
> > > @@ -1,4 +1,5 @@
> > >  obj-$(CONFIG_RPMB) += rpmb.o
> > >  rpmb-objs += core.o
> > > +rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o
> 
> This is not a builtin, this is an optional part of the module 

Object files that are not stand-alone, but linked into a larger object
to create a module generally still don't need module.h if they
themselves specifically aren't registering the module or similar.

The exception is a module that doesn't actively do anything but export
symbols (i.e. a library).  Then somewhere in it there needs to be a
MODULE_LICENSE so that the kernel can audit GPL and taint etc.

> 
> > > +#include <linux/module.h>
> > 
> > ....not use module.h or any MODULE_ macros from within it.
> 
> Can be dropped in this case as no macros are used, 
> but the pattern Kconfig bool -> no include module.h  you are following has false positive cases.

Yes, of course there are other things, like the exception table
searches, and symbol_get / symbol_put, macros defining string
lengths, etc... and I try to watch for those via inspection and
build testing. 

However the majority bool->module.h are there for two reasons:

1) in core code we had to use module.h in the past when export.h
   did not exist.

2) in driver code that largely capitalizes on copying from other
   drivers without explicitly considering modularity.

...and it is worth our while to clean both up, I think.

If you can think of specific false positives that I might not be
aware of, please don't hesitate to call them out.

Thanks,
Paul.
--

> 
> Thanks
> Tomas
> 

RE: [PATCH v5 0/8] Replay Protected Memory Block (RPMB) subsystem

[Winkler, Tomas]

> 
> Few storage technologies such is EMMC, UFS, and NVMe support RPMB
> hardware partition with common protocol and frame layout.
> The RPMB partition cannot be accessed via standard block layer, but by a set
> of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
> PROGRAM_KEY.
> Such a partition provides authenticated and replay protected access, hence
> suitable as a secure storage.
> 
> The RPMB layer aims to provide in-kernel API for Trusted Execution
> Environment (TEE) devices that are capable to securely compute block frame
> signature. In case a TEE device wish to store a replay protected data, it
> creates an RPMB frame with requested data and computes HMAC of the
> frame, then it requests the storage device via RPMB layer to store the data.
> A TEE driver can claim the RPMB interface, for example, via
> class_interface_register ().
> The layer provides two APIs, for rpmb_req_cmd() for issuing one of RPMB
> specific commands and rpmb_seq_cmd() for issuing of raw RPMB protocol
> frames,  which is close to emmc multi ioctl interface.
> 
> A storage device registers its RPMB hardware (eMMC) partition or RPMB W-
> LUN (UFS) with the RPMB layer providing an implementation for
> rpmb_seq_cmd() handler. The interface enables sending sequence of RPMB
> standard frames.
> 
> A parallel user space API is provided via /dev/rpmbX character device with
> two IOCTL commands.
> Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is performed
> by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> where the whole RPMB sequence, including RESULT_READ is supplied by the
> caller.
> The latter is intended for easier adjusting of the applications that use
> MMC_IOC_MULTI_CMD ioctl, such as
> https://android.googlesource.com/trusty/app/storage/
> 
> There is a also sample tool under tools/rpmb/ directory that exercises these
> interfaces and a simulation device that implements the device part.
> 
> Tomas Winkler (8):
>   rpmb: add Replay Protected Memory Block (RPMB) subsystem
>   char: rpmb: add sysfs-class ABI documentation
>   char: rpmb: add device attributes
>   char: rpmb: provide a user space interface
>   char: rpmb: add RPMB simulation device
>   tools rpmb: add RPBM access tool
>   mmc: block: register RPMB partition with the RPMB subsystem
>   scsi: ufs: connect to RPMB subsystem
>

I've got few off line request for git access of this code, so here si the repo https://github.com/tomasbw/linux-mei.git  branch rpmb.
The branch is rebasing one  over linux master branch 

Thanks and will appreciate any public  review. 
Tomas


 

Re: [PATCH v5 0/8] Replay Protected Memory Block (RPMB) subsystem

[Pavel Machek]

Hi!

> Few storage technologies such is EMMC, UFS, and NVMe support RPMB
> hardware partition with common protocol and frame layout.
> The RPMB partition cannot be accessed via standard block layer, but by a
> set of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
> PROGRAM_KEY.
> Such a partition provides authenticated and replay protected access,
> hence suitable as a secure storage.

...and that is suitable from locking devices from their owners, as
Nokia N9 (aka brick, because Microsoft turned off support servers)
teached me recently.

So I have to ask -- what are non-evil uses for this?

There were "secure extensions" mentioned before, but my understanding
is that it currently has severe limitations making it unsuitable for
mainline kernel. (IOW you can't event test the functionality if you
are not Intel).
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Re: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Pavel Machek]

On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> The user space API is achieved via two synchronous IOCTL.

IOCTLs?

> Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is performed
> by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD where
> the whole RPMB sequence including RESULT_READ is supplied by the caller.
> The latter is intended for  easier adjusting  of the  applications that
> use MMC_IOC_MULTI_CMD ioctl.

Why "  "?

> 
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>

> +
> +static long rpmb_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> +{
> +	return __rpmb_ioctl(fp, cmd, (void __user *)arg);
> +}
> +
> +#ifdef CONFIG_COMPAT
> +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> +			      unsigned long arg)
> +{
> +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> +}
> +#endif /* CONFIG_COMPAT */

Description of the ioctl is missing, and it should certainly be
designed in a way that it does not need compat support.


-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

RE: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Winkler, Tomas]

> 
> On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > The user space API is achieved via two synchronous IOCTL.
> 
> IOCTLs?

Will fix
 
> > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> performed
> > by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> where
> > the whole RPMB sequence including RESULT_READ is supplied by the caller.
> > The latter is intended for  easier adjusting  of the  applications
> > that use MMC_IOC_MULTI_CMD ioctl.
> 
> Why "  "?
Not sure I there is enough clue in your question. 
> 
> >
> > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> 
> > +
> > +static long rpmb_ioctl(struct file *fp, unsigned int cmd, unsigned
> > +long arg) {
> > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > +
> > +#ifdef CONFIG_COMPAT
> > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > +			      unsigned long arg)
> > +{
> > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > +}
> > +#endif /* CONFIG_COMPAT */
> 
> Description of the ioctl is missing, 
Will add. 

and it should certainly be designed in a way
> that it does not need compat support.

The compat_ioctl handler just casts the compat_ptr, I believe this should be done unless the ioctl is globaly registered in fs/compat_ioctl.c, but I might be wrong.
Tomas

Re: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Greg Kroah-Hartman]

On Sun, Aug 07, 2016 at 09:44:03AM +0000, Winkler, Tomas wrote:
> > 
> > On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > > The user space API is achieved via two synchronous IOCTL.
> > 
> > IOCTLs?
> 
> Will fix
>  
> > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> > performed
> > > by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> > where
> > > the whole RPMB sequence including RESULT_READ is supplied by the caller.
> > > The latter is intended for  easier adjusting  of the  applications
> > > that use MMC_IOC_MULTI_CMD ioctl.
> > 
> > Why "  "?
> Not sure I there is enough clue in your question. 
> > 
> > >
> > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > 
> > > +
> > > +static long rpmb_ioctl(struct file *fp, unsigned int cmd, unsigned
> > > +long arg) {
> > > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > > +
> > > +#ifdef CONFIG_COMPAT
> > > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > > +			      unsigned long arg)
> > > +{
> > > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > > +}
> > > +#endif /* CONFIG_COMPAT */
> > 
> > Description of the ioctl is missing, 
> Will add. 
> 
> and it should certainly be designed in a way
> > that it does not need compat support.
> 
> The compat_ioctl handler just casts the compat_ptr, I believe this
> should be done unless the ioctl is globaly registered in
> fs/compat_ioctl.c, but I might be wrong.

You shouldn't need a compat ioctl for anything new that is added, unless
your api is really messed up.  Please test to be sure, and not use a
compat ioctl at all, it isn't that hard to do.

thanks,

greg k-h

Re: [PATCH v5 2/8] char: rpmb: add sysfs-class ABI documentation

[Greg Kroah-Hartman]

On Mon, Jul 18, 2016 at 11:27:47PM +0300, Tomas Winkler wrote:
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> ---
> V2: resend
> V3: add more verbose description
> V4: resend
> V5: adjust date and kernel version
> 
>  Documentation/ABI/testing/sysfs-class-rpmb | 20 ++++++++++++++++++++
>  MAINTAINERS                                |  1 +
>  2 files changed, 21 insertions(+)
>  create mode 100644 Documentation/ABI/testing/sysfs-class-rpmb
> 
> diff --git a/Documentation/ABI/testing/sysfs-class-rpmb b/Documentation/ABI/testing/sysfs-class-rpmb
> new file mode 100644
> index 000000000000..3ffcd2d1f683
> --- /dev/null
> +++ b/Documentation/ABI/testing/sysfs-class-rpmb
> @@ -0,0 +1,20 @@
> +What:		/sys/class/rpmb/
> +Date:		Aug 2016
> +KernelVersion:  4.8
> +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> +Description:
> +		The rpmb/ class sub-directory belongs to RPMB device class.
> +
> +		Few storage technologies such is EMMC, UFS, and NVMe support
> +		Replay Protected Memory Block (RPMB) hardware partition with
> +		common protocol and frame layout.
> +		Such a partition provides authenticated and replay protected access,
> +		hence suitable as a secure storage.
> +
> +What:		/sys/class/rpmb/rpmbN/
> +Date:		Aug 2016
> +KernelVersion:	4.8
> +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> +Description:
> +		The /sys/class/rpmb/rpmbN directory is created for
> +		each RPMB registered device

So you have no sysfs files?  If not, why have a sysfs class at all?

thanks,

greg k-h

Re: [PATCH v5 3/8] char: rpmb: add device attributes

[Greg Kroah-Hartman]

On Mon, Jul 18, 2016 at 11:27:48PM +0300, Tomas Winkler wrote:
> Add attribute type that displays underlay storage type technology
> EMMC, UFS, and attribute id, that displays underlay storage device id.
> For EMMC this would be content of CID and for UFS serial number from
> the device descriptor.
> 
> 
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> ---
> V2: resend
> V3: set kernel version to 4.7
> V4: update target date to Maj
> V5: adjust date and kernel version
>  Documentation/ABI/testing/sysfs-class-rpmb | 24 ++++++++++++
>  drivers/char/rpmb/core.c                   | 63 ++++++++++++++++++++++++++++++
>  2 files changed, 87 insertions(+)
> 
> diff --git a/Documentation/ABI/testing/sysfs-class-rpmb b/Documentation/ABI/testing/sysfs-class-rpmb
> index 3ffcd2d1f683..7ca97d86bd97 100644
> --- a/Documentation/ABI/testing/sysfs-class-rpmb
> +++ b/Documentation/ABI/testing/sysfs-class-rpmb
> @@ -18,3 +18,27 @@ Contact:	Tomas Winkler <tomas.winkler@intel.com>
>  Description:
>  		The /sys/class/rpmb/rpmbN directory is created for
>  		each RPMB registered device
> +
> +What:		/sys/class/rpmb/rpmbN/id
> +Date:		Aug 2016
> +KernelVersion:	4.8
> +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> +Description:
> +		The /sys/class/rpmb/rpmbN/id file contains device id
> +		in a binary form

Oops, missed that you added these in a later patch, sorry about comment
on patch 2.

binary attribute?  Why?

> +
> +What:		/sys/class/rpmb/rpmbN/type
> +Date:		Aug 2016
> +KernelVersion:	4.8
> +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> +Description:
> +		The /sys/class/rpmb/rpmbN/type file contains device
> +		underlay storage type technology: EMMC, UFS
> +

What is this used for?

> +What:		/sys/class/rpmb/rpmbN/reliable_wr_cnt
> +Date:		Aug 2016
> +KernelVersion:	4.8
> +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> +Description:
> +		The /sys/class/rpmb/rpmbN/reliable_wr_cnt file contains
> +		number of blocks that can be written in a single request

Why is this needed?  Shouldn't the normal block device export this type
of information?


> diff --git a/drivers/char/rpmb/core.c b/drivers/char/rpmb/core.c
> index ff10cbb7b644..63271c7ed072 100644
> --- a/drivers/char/rpmb/core.c
> +++ b/drivers/char/rpmb/core.c
> @@ -308,6 +308,67 @@ struct rpmb_dev *rpmb_dev_find_by_device(struct device *parent)
>  }
>  EXPORT_SYMBOL_GPL(rpmb_dev_find_by_device);
>  
> +static ssize_t type_show(struct device *dev,
> +			 struct device_attribute *attr, char *buf)
> +{
> +	struct rpmb_dev *rdev = to_rpmb_dev(dev);
> +	ssize_t ret;
> +
> +	switch (rdev->ops->type) {
> +	case RPMB_TYPE_EMMC:
> +		ret = scnprintf(buf, PAGE_SIZE, "EMMC\n");

It's a sysfs file, no need for scnprintf() crap, just use sprintf()
please.

> +		break;

And the code can be made smaller by just doing:
		return sprintf(buf, "EMMC\n");

:)

> +	case RPMB_TYPE_UFS:
> +		ret = scnprintf(buf, PAGE_SIZE, "UFS\n");
> +		break;
> +	default:
> +		ret = scnprintf(buf, PAGE_SIZE, "UNKNOWN\n");
> +		break;
> +	}
> +
> +	return ret;
> +}
> +static DEVICE_ATTR_RO(type);
> +
> +static ssize_t id_show(struct device *dev,
> +		       struct device_attribute *attr, char *buf)
> +{
> +	struct rpmb_dev *rdev = to_rpmb_dev(dev);
> +	size_t sz = min_t(size_t, rdev->ops->dev_id_len, PAGE_SIZE);
> +
> +	if (!rdev->ops->dev_id)
> +		return 0;
> +
> +	memcpy(buf, rdev->ops->dev_id, sz);
>

Hm, no.  That's not how a binary attribute works.  If you want a binary
attribute, use that type, don't put binary data in a "normal" sysfs
file.

> +	return sz;
> +}
> +static DEVICE_ATTR_RO(id);
> +
> +static ssize_t reliable_wr_cnt_show(struct device *dev,
> +				    struct device_attribute *attr, char *buf)
> +{
> +	struct rpmb_dev *rdev = to_rpmb_dev(dev);
> +
> +	return scnprintf(buf, PAGE_SIZE, "%u\n", rdev->ops->reliable_wr_cnt);
> +}
> +static DEVICE_ATTR_RO(reliable_wr_cnt);
> +
> +static struct attribute *rpmb_attrs[] = {
> +	&dev_attr_type.attr,
> +	&dev_attr_id.attr,
> +	&dev_attr_reliable_wr_cnt.attr,
> +	NULL,
> +};
> +
> +static struct attribute_group rpmb_attr_group = {
> +	.attrs = rpmb_attrs,
> +};
> +
> +static const struct attribute_group *rpmb_attr_groups[] = {
> +	&rpmb_attr_group,
> +	NULL
> +};
> +
>  /**
>   * rpmb_dev_unregister - unregister RPMB partition from the RPMB subsystem
>   *
> @@ -377,6 +438,8 @@ struct rpmb_dev *rpmb_dev_register(struct device *dev,
>  	dev_set_name(&rdev->dev, "rpmb%d", id);
>  	rdev->dev.class = &rpmb_class;
>  	rdev->dev.parent = dev;
> +	rdev->dev.groups = rpmb_attr_groups;

Nice job with the group, thanks for doing that.

greg k-h

Re: [PATCH v5 5/8] char: rpmb: add RPMB simulation device

[Greg Kroah-Hartman]

On Mon, Jul 18, 2016 at 11:27:50PM +0300, Tomas Winkler wrote:
> This is a simple platform device used for testing
> the RPMB subsystem.
> 
> The module currently supports two configuration options:
> 1. max_wr_blks: for specifying max blocks that can be written
> in a single command
> 2. daunits:  used to set storage capacity in 128K units.
> 
> 
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> ---
> V2: remove .owner setting, it is set automatically
> V3: 1. Add shutdown handler (similar to ufshcd)
>     2. Commit message fix
> V4: Use select RPMB in Kconfg to ensure valid configuration.
> V5: Revamp the code using the sequence command.
> 
>  drivers/char/rpmb/Kconfig    |  10 +
>  drivers/char/rpmb/Makefile   |   1 +
>  drivers/char/rpmb/rpmb_sim.c | 668 +++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 679 insertions(+)
>  create mode 100644 drivers/char/rpmb/rpmb_sim.c
> 
> diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
> index 6794be9fcc5e..c21b3934249f 100644
> --- a/drivers/char/rpmb/Kconfig
> +++ b/drivers/char/rpmb/Kconfig
> @@ -13,3 +13,13 @@ config RPMB_INTF_DEV
>  	help
>  	  Say yes here if you want to access RPMB from user space
>  	  via character device interface /dev/rpmb%d
> +
> +
> +config RPMB_SIM
> +	tristate "RPMB partition device simulator"
> +	default n
> +	select RPMB
> +	select CRYPTO_SHA256
> +	select CRYPTO_HMAC
> +	help
> +	  RPMB partition simulator used for testing the RPMB subsystem

Hm, that's very vague, why would I want this?  Not want this?  Please
provide more information here.

thanks,

greg k-h

Re: [PATCH v5 5/8] char: rpmb: add RPMB simulation device

[Greg Kroah-Hartman]

On Mon, Jul 18, 2016 at 11:27:50PM +0300, Tomas Winkler wrote:
> This is a simple platform device used for testing
> the RPMB subsystem.
> 
> The module currently supports two configuration options:
> 1. max_wr_blks: for specifying max blocks that can be written
> in a single command
> 2. daunits:  used to set storage capacity in 128K units.
> 
> 
> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> ---
> V2: remove .owner setting, it is set automatically
> V3: 1. Add shutdown handler (similar to ufshcd)
>     2. Commit message fix
> V4: Use select RPMB in Kconfg to ensure valid configuration.
> V5: Revamp the code using the sequence command.
> 
>  drivers/char/rpmb/Kconfig    |  10 +
>  drivers/char/rpmb/Makefile   |   1 +
>  drivers/char/rpmb/rpmb_sim.c | 668 +++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 679 insertions(+)
>  create mode 100644 drivers/char/rpmb/rpmb_sim.c
> 
> diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
> index 6794be9fcc5e..c21b3934249f 100644
> --- a/drivers/char/rpmb/Kconfig
> +++ b/drivers/char/rpmb/Kconfig
> @@ -13,3 +13,13 @@ config RPMB_INTF_DEV
>  	help
>  	  Say yes here if you want to access RPMB from user space
>  	  via character device interface /dev/rpmb%d
> +
> +
> +config RPMB_SIM
> +	tristate "RPMB partition device simulator"
> +	default n
> +	select RPMB
> +	select CRYPTO_SHA256
> +	select CRYPTO_HMAC
> +	help
> +	  RPMB partition simulator used for testing the RPMB subsystem
> diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
> index b5dc087b1299..81f924fd9a87 100644
> --- a/drivers/char/rpmb/Makefile
> +++ b/drivers/char/rpmb/Makefile
> @@ -1,5 +1,6 @@
>  obj-$(CONFIG_RPMB) += rpmb.o
>  rpmb-objs += core.o
>  rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o
> +obj-$(CONFIG_RPMB_SIM) += rpmb_sim.o
>  
>  ccflags-y += -D__CHECK_ENDIAN__
> diff --git a/drivers/char/rpmb/rpmb_sim.c b/drivers/char/rpmb/rpmb_sim.c
> new file mode 100644
> index 000000000000..e33f6809ae2c
> --- /dev/null
> +++ b/drivers/char/rpmb/rpmb_sim.c
> @@ -0,0 +1,668 @@
> +/******************************************************************************
> + * This file is provided under a dual BSD/GPLv2 license.  When using or
> + * redistributing this file, you may do so under either license.
> + *
> + * GPL LICENSE SUMMARY
> + *
> + * Copyright(c) 2016 Intel Corporation. All rights reserved.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + *
> + * The full GNU General Public License is included in this distribution
> + * in the file called LICENSE.GPL.
> + *
> + * Contact Information:
> + *	Intel Corporation.
> + *	linux-mei@linux.intel.com
> + *	http://www.intel.com
> + *
> + * BSD LICENSE
> + *
> + * Copyright(c) 2016 Intel Corporation. All rights reserved.
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + *  * Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + *  * Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in
> + *    the documentation and/or other materials provided with the
> + *    distribution.
> + *  * Neither the name Intel Corporation nor the names of its
> + *    contributors may be used to endorse or promote products derived
> + *    from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + *
> + *****************************************************************************/
> +#include <linux/module.h>
> +#include <linux/slab.h>
> +#include <linux/platform_device.h>
> +#include <linux/device.h>
> +#include <crypto/hash.h>
> +#include <linux/scatterlist.h>
> +#include <linux/sizes.h>
> +
> +#include <linux/rpmb.h>
> +
> +static const char id[] = "RPMB:SIM";
> +#define CAPACITY_UNIT SZ_128K
> +#define CAPACITY_MIN  SZ_128K
> +#define CAPACITY_MAX  SZ_16M
> +#define BLK_UNIT      SZ_256
> +
> +static unsigned int max_wr_blks = 1;
> +module_param(max_wr_blks, uint, 0644);
> +MODULE_PARM_DESC(max_wr_blks, "max blocks that can be written in a single command (default: 1)");
> +
> +static unsigned int daunits = 1;
> +module_param(daunits, uint, 0644);
> +MODULE_PARM_DESC(daunits, "number of data area units of 128K (default: 1)");
> +
> +struct blk {
> +	u8 data[BLK_UNIT];
> +};
> +
> +/**
> + * struct rpmb_sim_dev
> + *
> + * @dev:  back pointer to the platform device
> + * @rdev: rpmb device
> + * @auth_key: Authentication key register which is used to authenticate
> + *            accesses when MAC is calculated;
> + * @auth_key_set: true if auth key was set
> + * @write_counter: Counter value for the total amount of successful
> + *             authenticated data write requests made by the host.
> + *             The initial value of this register after production is 00000000h.
> + *             The value will be incremented by one along with each successful
> + *             programming access. The value cannot be reset. After the counter
> + *             has reached the maximum value of FFFFFFFFh,
> + *             it will not be incremented anymore (overflow prevention)
> + * @hash_tfm:  hmac(sha256) tfm
> + *
> + * @res_frames: frame that holds the result of the last write operation
> + * @out_frames: next read operation result frames
> + * @out_frames_cnt: number of the output frames
> + *
> + * @capacity: size of the partition in bytes multiple of 128K
> + * @blkcnt:   block count
> + * @da:       data area in blocks
> + */
> +struct rpmb_sim_dev {
> +	struct device *dev;
> +	struct rpmb_dev *rdev;
> +	u8 auth_key[32];
> +	bool auth_key_set;
> +	u32 write_counter;
> +	struct crypto_shash *hash_tfm;
> +
> +	struct rpmb_frame res_frames[1];
> +	struct rpmb_frame *out_frames;
> +	unsigned int out_frames_cnt;
> +
> +	size_t capacity;
> +	size_t blkcnt;
> +	struct blk *da;
> +};
> +
> +static __be16 op_result(struct rpmb_sim_dev *rsdev, u16 result)
> +{
> +	if (!rsdev->auth_key_set)
> +		return cpu_to_be16(RPMB_ERR_NO_KEY);
> +
> +	if (rsdev->write_counter == 0xFFFFFFFF)
> +		result |=  RPMB_ERR_COUNTER_EXPIRED;
> +
> +	return cpu_to_be16(result);
> +}
> +
> +static __be16 req_to_resp(u16 req)
> +{
> +	return cpu_to_be16(RPMB_REQ2RESP(req));
> +}
> +
> +static int rpmb_sim_calc_hmac(struct rpmb_sim_dev *rsdev,
> +			      struct rpmb_frame *frames,
> +			      unsigned int blks, u8 *mac)
> +{
> +	SHASH_DESC_ON_STACK(desc, rsdev->hash_tfm);
> +	int i;
> +	int ret;
> +
> +	desc->tfm = rsdev->hash_tfm;
> +	desc->flags = 0;
> +
> +	ret = crypto_shash_init(desc);
> +	if (ret)
> +		goto out;
> +
> +	for (i = 0; i < blks; i++) {
> +		ret = crypto_shash_update(desc, frames[i].data, hmac_data_len);
> +		if (ret)
> +			goto out;
> +	}
> +	ret = crypto_shash_final(desc, mac);
> +out:
> +	if (ret)
> +		dev_err(rsdev->dev, "digest error = %d", ret);
> +
> +	return ret;
> +}
> +
> +static int rpmb_op_not_programmed(struct rpmb_sim_dev *rsdev, u16 req)
> +{
> +	struct rpmb_frame *res_frame = rsdev->res_frames;
> +
> +	res_frame->req_resp = req_to_resp(req);
> +	res_frame->result = op_result(rsdev, RPMB_ERR_NO_KEY);
> +
> +	dev_err(rsdev->dev, "not programmed\n");
> +
> +	return 0;
> +}
> +
> +static int rpmb_op_program_key(struct rpmb_sim_dev *rsdev,
> +			       struct rpmb_frame *in_frame, u32 cnt)
> +{
> +	struct rpmb_frame *res_frame = rsdev->res_frames;
> +	u16 req;
> +	int ret;
> +	u16 err = RPMB_ERR_OK;
> +
> +	req = be16_to_cpu(in_frame[0].req_resp);
> +
> +	if (req != RPMB_PROGRAM_KEY)
> +		return -EINVAL;
> +
> +	if (cnt != 1)
> +		return -EINVAL;
> +
> +	if (rsdev->auth_key_set) {
> +		dev_err(rsdev->dev, "key allread set\n");
> +		err = RPMB_ERR_WRITE;
> +		goto out;
> +	}
> +
> +	ret = crypto_shash_setkey(rsdev->hash_tfm, in_frame[0].key_mac, 32);
> +	if (ret) {
> +		dev_err(rsdev->dev, "set key failed = %d\n", ret);
> +		err = RPMB_ERR_GENERAL;
> +		goto out;
> +	}
> +
> +	dev_dbg(rsdev->dev, "digest size %u\n",
> +		crypto_shash_digestsize(rsdev->hash_tfm));
> +
> +	memcpy(rsdev->auth_key, in_frame[0].key_mac, 32);
> +	rsdev->auth_key_set = true;
> +out:
> +
> +	memset(res_frame, 0, sizeof(struct rpmb_frame));
> +	res_frame->req_resp = req_to_resp(req);
> +	res_frame->result = op_result(rsdev, err);
> +
> +	return 0;
> +}
> +
> +static int rpmb_op_get_wr_counter(struct rpmb_sim_dev *rsdev,
> +				  struct rpmb_frame *in_frame, u32 cnt)
> +{
> +	struct rpmb_frame *frame;
> +	int ret = 0;
> +	u16 req;
> +	u16 err;
> +
> +	req = be16_to_cpu(in_frame[0].req_resp);
> +	if (req != RPMB_GET_WRITE_COUNTER)
> +		return -EINVAL;
> +
> +	if (cnt != 1)
> +		return -EINVAL;
> +
> +	frame = kcalloc(1, sizeof(struct rpmb_frame), GFP_KERNEL);
> +	if (!frame) {
> +		err = RPMB_ERR_READ;
> +		ret = -ENOMEM;
> +		rsdev->out_frames = rsdev->res_frames;
> +		rsdev->out_frames_cnt = cnt;
> +		goto out;
> +	}
> +
> +	rsdev->out_frames = frame;
> +	rsdev->out_frames_cnt = cnt;
> +
> +	frame->req_resp = req_to_resp(req);
> +	frame->write_counter = cpu_to_be32(rsdev->write_counter);
> +	memcpy(frame->nonce, in_frame[0].nonce, 16);
> +
> +	err = RPMB_ERR_OK;
> +	if (rpmb_sim_calc_hmac(rsdev, frame, cnt, frame->key_mac))
> +		err = RPMB_ERR_READ;
> +
> +out:
> +	rsdev->out_frames[0].req_resp = req_to_resp(req);
> +	rsdev->out_frames[0].result = op_result(rsdev, err);
> +
> +	return ret;
> +}
> +
> +static int rpmb_op_write_data(struct rpmb_sim_dev *rsdev,
> +			      struct rpmb_frame *in_frame, u32 cnt)
> +{
> +	struct rpmb_frame *res_frame = rsdev->res_frames;
> +	u8 mac[32];
> +	u16 req, err, addr, blks;
> +	unsigned int i;
> +	int ret = 0;
> +
> +	req = be16_to_cpu(in_frame[0].req_resp);
> +	if (req != RPMB_WRITE_DATA)
> +		return -EINVAL;
> +
> +	if (rsdev->write_counter == 0xFFFFFFFF) {
> +		err = RPMB_ERR_WRITE;
> +		goto out;
> +	}
> +
> +	blks = be16_to_cpu(in_frame[0].block_count);
> +	if (blks == 0 || blks > cnt) {
> +		ret = -EINVAL;
> +		err = RPMB_ERR_GENERAL;
> +		goto out;
> +	}
> +
> +	if (blks > max_wr_blks) {
> +		err = RPMB_ERR_WRITE;
> +		goto out;
> +	}
> +
> +	addr = be16_to_cpu(in_frame[0].addr);
> +	if (addr >= rsdev->blkcnt) {
> +		err = RPMB_ERR_ADDRESS;
> +		goto out;
> +	}
> +
> +	if (rpmb_sim_calc_hmac(rsdev, in_frame, blks, mac)) {
> +		err = RPMB_ERR_AUTH;
> +		goto out;
> +	}
> +
> +	/* mac is in the last frame */
> +	if (memcmp(mac, in_frame[blks - 1].key_mac, sizeof(mac)) != 0) {
> +		err = RPMB_ERR_AUTH;
> +		goto out;
> +	}
> +
> +	if (be32_to_cpu(in_frame[0].write_counter) != rsdev->write_counter) {
> +		err = RPMB_ERR_COUNTER;
> +		goto out;
> +	}
> +
> +	if (addr + blks > rsdev->blkcnt) {
> +		err = RPMB_ERR_WRITE;
> +		goto out;
> +	}
> +
> +	err = RPMB_ERR_OK;
> +	for (i = 0; i < blks; i++)
> +		memcpy(rsdev->da[addr + i].data, in_frame[i].data, BLK_UNIT);
> +
> +	rsdev->write_counter++;
> +
> +out:
> +	memset(res_frame, 0, sizeof(struct rpmb_frame));
> +	if (err == RPMB_ERR_OK) {
> +		res_frame->write_counter = cpu_to_be32(rsdev->write_counter);
> +		memcpy(res_frame->key_mac, mac, sizeof(mac));
> +	}
> +	res_frame->req_resp = req_to_resp(req);
> +	res_frame->result = op_result(rsdev, err);
> +
> +	return ret;
> +}
> +
> +static int rpmb_op_read_data(struct rpmb_sim_dev *rsdev,
> +			     struct rpmb_frame *in_frame, u32 cnt)
> +{
> +	struct rpmb_frame *res_frame = rsdev->res_frames;
> +	struct rpmb_frame *out_frame;
> +	u8 mac[32];
> +	u16 req, err, addr, blks;
> +	unsigned int i;
> +	int ret;
> +
> +	req = be16_to_cpu(in_frame[0].req_resp);
> +	if (req != RPMB_READ_DATA)
> +		return -EINVAL;
> +
> +	out_frame = kcalloc(cnt, sizeof(struct rpmb_frame), GFP_KERNEL);
> +	if (!out_frame) {
> +		ret = -ENOMEM;
> +		err = RPMB_ERR_READ;
> +		goto out;
> +	}
> +
> +	blks = be16_to_cpu(in_frame[0].block_count);
> +	if (blks == 0 || blks > cnt) {
> +		ret = -EINVAL;
> +		err = RPMB_ERR_READ;
> +		goto out;
> +	}
> +
> +	ret = 0;
> +	addr = be16_to_cpu(in_frame[0].addr);
> +	if (addr >= rsdev->blkcnt) {
> +		err = RPMB_ERR_ADDRESS;
> +		goto out;
> +	}
> +
> +	if (addr + blks > rsdev->blkcnt) {
> +		err = RPMB_ERR_READ;
> +		goto out;
> +	}
> +
> +	for (i = 0; i < blks; i++) {
> +		memcpy(out_frame[i].data, rsdev->da[addr + i].data, BLK_UNIT);
> +		memcpy(out_frame[i].nonce, in_frame[0].nonce, 16);
> +		out_frame[i].req_resp = req_to_resp(req);
> +		out_frame[i].addr = in_frame[0].addr;
> +		out_frame[i].block_count = cpu_to_be16(blks);
> +	}
> +
> +	if (rpmb_sim_calc_hmac(rsdev, out_frame, blks, mac)) {
> +		err = RPMB_ERR_AUTH;
> +		goto out;
> +	}
> +
> +	memcpy(out_frame[blks - 1].key_mac, mac, sizeof(mac));
> +
> +	err = RPMB_ERR_OK;
> +	out_frame[0].result = op_result(rsdev, err);
> +
> +	rsdev->out_frames = out_frame;
> +	rsdev->out_frames_cnt = cnt;
> +
> +out:
> +	memset(res_frame, 0, sizeof(struct rpmb_frame));
> +	res_frame->req_resp = req_to_resp(req);
> +	res_frame->result = op_result(rsdev, err);
> +	if (err != RPMB_ERR_OK) {
> +		kfree(out_frame);
> +		rsdev->out_frames = res_frame;
> +		rsdev->out_frames_cnt = 1;
> +	}
> +
> +	return ret;
> +}
> +
> +static int rpmb_op_result_read(struct rpmb_sim_dev *rsdev,
> +			       struct rpmb_frame *frames, u32 cnt)
> +{
> +	u16 req = be16_to_cpu(frames[0].req_resp);
> +	u16 blks = be16_to_cpu(frames[0].block_count);
> +
> +	if (req != RPMB_RESULT_READ)
> +		return -EINVAL;
> +
> +	if (blks != 0)
> +		return -EINVAL;
> +
> +	rsdev->out_frames = rsdev->res_frames;
> +	rsdev->out_frames_cnt = 1;
> +	return 0;
> +}
> +
> +static int rpmb_sim_write(struct rpmb_sim_dev *rsdev,
> +			  struct rpmb_frame *frames, u32 cnt)
> +{
> +	u16 req;
> +	int ret;
> +
> +	if (!frames || !cnt)
> +		return -EINVAL;
> +
> +	req = be16_to_cpu(frames[0].req_resp);
> +	if (!rsdev->auth_key_set && req != RPMB_PROGRAM_KEY)
> +		return rpmb_op_not_programmed(rsdev, req);
> +
> +	switch (req) {
> +	case RPMB_PROGRAM_KEY:
> +		dev_dbg(rsdev->dev, "rpmb: program key\n");
> +		ret = rpmb_op_program_key(rsdev, frames, cnt);
> +		break;
> +	case RPMB_WRITE_DATA:
> +		dev_dbg(rsdev->dev, "rpmb: write data\n");
> +		ret = rpmb_op_write_data(rsdev, frames, cnt);
> +		break;
> +	case RPMB_GET_WRITE_COUNTER:
> +		dev_dbg(rsdev->dev, "rpmb: get write counter\n");
> +		ret = rpmb_op_get_wr_counter(rsdev, frames, cnt);
> +		break;
> +	case RPMB_READ_DATA:
> +		dev_dbg(rsdev->dev, "rpmb: read data\n");
> +		ret = rpmb_op_read_data(rsdev, frames, cnt);
> +		break;
> +	case RPMB_RESULT_READ:
> +		dev_dbg(rsdev->dev, "rpmb: result read\n");
> +		ret = rpmb_op_result_read(rsdev, frames, cnt);
> +		break;
> +	default:
> +		ret = -EINVAL;
> +		break;
> +	}
> +
> +	dev_dbg(rsdev->dev, "rpmb: ret=%d\n", ret);
> +
> +	return ret;
> +}
> +
> +static int rpmb_sim_read(struct rpmb_sim_dev *rsdev,
> +			 struct rpmb_frame *frames, u32 cnt)
> +{
> +	int i;
> +
> +	if (!frames || !cnt)
> +		return -EINVAL;
> +
> +	if (!rsdev->out_frames || rsdev->out_frames_cnt == 0) {
> +		dev_err(rsdev->dev, "out_frames are not set\n");
> +		return -EINVAL;
> +	}
> +
> +	for (i = 0; i < min_t(u32, rsdev->out_frames_cnt, cnt); i++)
> +		memcpy(frames, rsdev->out_frames, sizeof(struct rpmb_frame));
> +
> +	if (rsdev->out_frames != rsdev->res_frames)
> +		kfree(rsdev->out_frames);
> +
> +	rsdev->out_frames = NULL;
> +	rsdev->out_frames_cnt = 0;
> +	dev_dbg(rsdev->dev, "rpmb: cnt=%d\n", cnt);
> +
> +	return 0;
> +}
> +
> +static int rpmb_sim_cmd_seq(struct device *dev,
> +			    struct rpmb_cmd *cmds, u32 ncmds)
> +{
> +	struct platform_device *pdev;
> +	struct rpmb_sim_dev *rsdev;
> +	int i;
> +	int ret;
> +	struct rpmb_cmd *cmd;
> +
> +	if (!dev)
> +		return -EINVAL;
> +
> +	pdev = to_platform_device(dev);
> +	rsdev = platform_get_drvdata(pdev);
> +
> +	if (!rsdev)
> +		return -EINVAL;
> +
> +	for (ret = 0, i = 0; i < ncmds && !ret; i++) {
> +		cmd = &cmds[i];
> +		if (cmd->flags & RPMB_F_WRITE)
> +			ret = rpmb_sim_write(rsdev, cmd->frames, cmd->nframes);
> +		else
> +			ret = rpmb_sim_read(rsdev, cmd->frames, cmd->nframes);
> +	}
> +	return ret;
> +}
> +
> +static struct rpmb_ops rpmb_sim_ops = {
> +	.cmd_seq = rpmb_sim_cmd_seq,
> +	.type = RPMB_TYPE_EMMC,
> +};
> +
> +static int rpmb_sim_hmac_256_alloc(struct rpmb_sim_dev *rsdev)
> +{
> +	struct crypto_shash *hash_tfm;
> +
> +	hash_tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
> +	if (IS_ERR(hash_tfm))
> +		return PTR_ERR(hash_tfm);
> +
> +	rsdev->hash_tfm = hash_tfm;
> +
> +	dev_dbg(rsdev->dev, "hamac(sha256) registered\n");
> +	return 0;
> +}
> +
> +static void rpmb_sim_hmac_256_free(struct rpmb_sim_dev *rsdev)
> +{
> +	if (rsdev->hash_tfm)
> +		crypto_free_shash(rsdev->hash_tfm);
> +
> +	rsdev->hash_tfm = NULL;
> +}
> +
> +static int rpmb_sim_probe(struct platform_device *pdev)
> +{
> +	struct rpmb_sim_dev *rsdev;
> +	int ret;
> +
> +	rsdev = kzalloc(sizeof(*rsdev), GFP_KERNEL);
> +	if (!rsdev)
> +		return -ENOMEM;
> +
> +	rsdev->dev = &pdev->dev;
> +
> +	ret = rpmb_sim_hmac_256_alloc(rsdev);
> +	if (ret)
> +		goto err;
> +
> +	rsdev->capacity = CAPACITY_UNIT * daunits;
> +	rsdev->blkcnt  = rsdev->capacity / BLK_UNIT;
> +	rsdev->da = kzalloc(rsdev->capacity, GFP_KERNEL);
> +	if (!rsdev->da) {
> +		ret = -ENOMEM;
> +		goto err;
> +	}
> +
> +	rpmb_sim_ops.dev_id_len = strlen(id);
> +	rpmb_sim_ops.dev_id = id;
> +	rpmb_sim_ops.reliable_wr_cnt = max_wr_blks;
> +
> +	rsdev->rdev = rpmb_dev_register(rsdev->dev, &rpmb_sim_ops);
> +	if (IS_ERR(rsdev->rdev)) {
> +		ret = PTR_ERR(rsdev->rdev);
> +		goto err;
> +	}
> +
> +	dev_info(&pdev->dev, "registered RPMB capacity = %zu of %zu blocks\n",
> +		 rsdev->capacity, rsdev->blkcnt);
> +
> +	platform_set_drvdata(pdev, rsdev);
> +
> +	return 0;
> +err:
> +	rpmb_sim_hmac_256_free(rsdev);
> +	if (rsdev)
> +		kfree(rsdev->da);
> +	kfree(rsdev);
> +	return ret;
> +}
> +
> +static int rpmb_sim_remove(struct platform_device *pdev)
> +{
> +	struct rpmb_sim_dev *rsdev;
> +
> +	rsdev = platform_get_drvdata(pdev);
> +
> +	rpmb_dev_unregister(rsdev->dev);
> +
> +	platform_set_drvdata(pdev, NULL);
> +
> +	rpmb_sim_hmac_256_free(rsdev);
> +
> +	kfree(rsdev->da);
> +	kfree(rsdev);
> +	return 0;
> +}
> +
> +static void rpmb_sim_shutdown(struct platform_device *pdev)
> +{
> +	rpmb_sim_remove(pdev);
> +}
> +
> +static struct platform_driver rpmb_sim_driver = {
> +	.driver = {
> +		.name  = "rpmb_sim",
> +	},
> +	.probe         = rpmb_sim_probe,
> +	.remove        = rpmb_sim_remove,
> +	.shutdown      = rpmb_sim_shutdown,
> +};
> +
> +static struct platform_device *rpmb_sim_pdev;

A platform device?  Ick, no please don't abuse that interface for this
type of thing.  Make it a real device if you have one, and put it in the
proper place.  If it's a "virtual" device, great, use that.  But don't
make something up like this please.

thanks,

greg k-h

RE: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Winkler, Tomas]

> 
> On Sun, Aug 07, 2016 at 09:44:03AM +0000, Winkler, Tomas wrote:
> > >
> > > On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > > > The user space API is achieved via two synchronous IOCTL.
> > >
> > > IOCTLs?
> >
> > Will fix
> >
> > > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> > > performed
> > > > by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> > > where
> > > > the whole RPMB sequence including RESULT_READ is supplied by the
> caller.
> > > > The latter is intended for  easier adjusting  of the  applications
> > > > that use MMC_IOC_MULTI_CMD ioctl.
> > >
> > > Why "  "?
> > Not sure I there is enough clue in your question.
> > >
> > > >
> > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > >
> > > > +
> > > > +static long rpmb_ioctl(struct file *fp, unsigned int cmd,
> > > > +unsigned long arg) {
> > > > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > > > +
> > > > +#ifdef CONFIG_COMPAT
> > > > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > > > +			      unsigned long arg)
> > > > +{
> > > > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > > > +}
> > > > +#endif /* CONFIG_COMPAT */
> > >
> > > Description of the ioctl is missing,
> > Will add.
> >
> > and it should certainly be designed in a way
> > > that it does not need compat support.
> >
> > The compat_ioctl handler just casts the compat_ptr, I believe this
> > should be done unless the ioctl is globaly registered in
> > fs/compat_ioctl.c, but I might be wrong.
> 
> You shouldn't need a compat ioctl for anything new that is added, unless
> your api is really messed up.  Please test to be sure, and not use a compat
> ioctl at all, it isn't that hard to do.

compat_ioctl is called anyhow when CONFIG_COMPAT is set, there is no way around it, or I'm missing something?
Actually there is no more than that for the COMPAT support in this code.

Thanks
Tomas

RE: [PATCH v5 3/8] char: rpmb: add device attributes

[Winkler, Tomas]

> 
> On Mon, Jul 18, 2016 at 11:27:48PM +0300, Tomas Winkler wrote:
> > Add attribute type that displays underlay storage type technology
> > EMMC, UFS, and attribute id, that displays underlay storage device id.
> > For EMMC this would be content of CID and for UFS serial number from
> > the device descriptor.
> >
> >
> > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > ---
> > V2: resend
> > V3: set kernel version to 4.7
> > V4: update target date to Maj
> > V5: adjust date and kernel version
> >  Documentation/ABI/testing/sysfs-class-rpmb | 24 ++++++++++++
> >  drivers/char/rpmb/core.c                   | 63
> ++++++++++++++++++++++++++++++
> >  2 files changed, 87 insertions(+)
> >
> > diff --git a/Documentation/ABI/testing/sysfs-class-rpmb
> > b/Documentation/ABI/testing/sysfs-class-rpmb
> > index 3ffcd2d1f683..7ca97d86bd97 100644
> > --- a/Documentation/ABI/testing/sysfs-class-rpmb
> > +++ b/Documentation/ABI/testing/sysfs-class-rpmb
> > @@ -18,3 +18,27 @@ Contact:	Tomas Winkler
> <tomas.winkler@intel.com>
> >  Description:
> >  		The /sys/class/rpmb/rpmbN directory is created for
> >  		each RPMB registered device
> > +
> > +What:		/sys/class/rpmb/rpmbN/id
> > +Date:		Aug 2016
> > +KernelVersion:	4.8
> > +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> > +Description:
> > +		The /sys/class/rpmb/rpmbN/id file contains device id
> > +		in a binary form
> 
> Oops, missed that you added these in a later patch, sorry about comment on
> patch 2.
> 
> binary attribute?  Why?

Each underlying storage device has different notion (UFS uses Unicode/emmc a whole structure),  all we care about here is that the other side (TEE) match the device.

> 
> > +
> > +What:		/sys/class/rpmb/rpmbN/type
> > +Date:		Aug 2016
> > +KernelVersion:	4.8
> > +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> > +Description:
> > +		The /sys/class/rpmb/rpmbN/type file contains device
> > +		underlay storage type technology: EMMC, UFS
> > +
> 
> What is this used for?

We try to provide  unified interface for all types storage devices but we cannot rule out that TEE won't need this more intimate information,
For example if it whish to parse the binary id info (introduced above) for any reason. 

> 
> > +What:		/sys/class/rpmb/rpmbN/reliable_wr_cnt
> > +Date:		Aug 2016
> > +KernelVersion:	4.8
> > +Contact:	Tomas Winkler <tomas.winkler@intel.com>
> > +Description:
> > +		The /sys/class/rpmb/rpmbN/reliable_wr_cnt file contains
> > +		number of blocks that can be written in a single request
> 
> Why is this needed?  Shouldn't the normal block device export this type of
> information?
No, this is something specific for the RPMB partition. 
> 
> 
> > diff --git a/drivers/char/rpmb/core.c b/drivers/char/rpmb/core.c index
> > ff10cbb7b644..63271c7ed072 100644
> > --- a/drivers/char/rpmb/core.c
> > +++ b/drivers/char/rpmb/core.c
> > @@ -308,6 +308,67 @@ struct rpmb_dev
> *rpmb_dev_find_by_device(struct
> > device *parent)  }  EXPORT_SYMBOL_GPL(rpmb_dev_find_by_device);
> >
> > +static ssize_t type_show(struct device *dev,
> > +			 struct device_attribute *attr, char *buf) {
> > +	struct rpmb_dev *rdev = to_rpmb_dev(dev);
> > +	ssize_t ret;
> > +
> > +	switch (rdev->ops->type) {
> > +	case RPMB_TYPE_EMMC:
> > +		ret = scnprintf(buf, PAGE_SIZE, "EMMC\n");
> 
> It's a sysfs file, no need for scnprintf() crap, just use sprintf() please.
> 
> > +		break;
> 
> And the code can be made smaller by just doing:
> 		return sprintf(buf, "EMMC\n");
> 
> :)

Okay

> 
> > +	case RPMB_TYPE_UFS:
> > +		ret = scnprintf(buf, PAGE_SIZE, "UFS\n");
> > +		break;
> > +	default:
> > +		ret = scnprintf(buf, PAGE_SIZE, "UNKNOWN\n");
> > +		break;
> > +	}
> > +
> > +	return ret;
> > +}
> > +static DEVICE_ATTR_RO(type);
> > +
> > +static ssize_t id_show(struct device *dev,
> > +		       struct device_attribute *attr, char *buf) {
> > +	struct rpmb_dev *rdev = to_rpmb_dev(dev);
> > +	size_t sz = min_t(size_t, rdev->ops->dev_id_len, PAGE_SIZE);
> > +
> > +	if (!rdev->ops->dev_id)
> > +		return 0;
> > +
> > +	memcpy(buf, rdev->ops->dev_id, sz);
> >
> 
> Hm, no.  That's not how a binary attribute works.  If you want a binary
> attribute, use that type, don't put binary data in a "normal" sysfs file.

Will fix. 


Thanks for review.
Tomas

RE: [PATCH v5 5/8] char: rpmb: add RPMB simulation device

[Winkler, Tomas]

> 
> On Mon, Jul 18, 2016 at 11:27:50PM +0300, Tomas Winkler wrote:
> > This is a simple platform device used for testing the RPMB subsystem.
> >
> > The module currently supports two configuration options:
> > 1. max_wr_blks: for specifying max blocks that can be written in a
> > single command 2. daunits:  used to set storage capacity in 128K
> > units.
> >
> >
> > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > ---
> > V2: remove .owner setting, it is set automatically
> > V3: 1. Add shutdown handler (similar to ufshcd)
> >     2. Commit message fix
> > V4: Use select RPMB in Kconfg to ensure valid configuration.
> > V5: Revamp the code using the sequence command.
> >
> >  drivers/char/rpmb/Kconfig    |  10 +
> >  drivers/char/rpmb/Makefile   |   1 +
> >  drivers/char/rpmb/rpmb_sim.c | 668
> > +++++++++++++++++++++++++++++++++++++++++++
> >  3 files changed, 679 insertions(+)
> >  create mode 100644 drivers/char/rpmb/rpmb_sim.c
> >
> > diff --git a/drivers/char/rpmb/Kconfig b/drivers/char/rpmb/Kconfig
> > index 6794be9fcc5e..c21b3934249f 100644
> > --- a/drivers/char/rpmb/Kconfig
> > +++ b/drivers/char/rpmb/Kconfig
> > @@ -13,3 +13,13 @@ config RPMB_INTF_DEV
> >  	help
> >  	  Say yes here if you want to access RPMB from user space
> >  	  via character device interface /dev/rpmb%d
> > +
> > +
> > +config RPMB_SIM
> > +	tristate "RPMB partition device simulator"
> > +	default n
> > +	select RPMB
> > +	select CRYPTO_SHA256
> > +	select CRYPTO_HMAC
> > +	help
> > +	  RPMB partition simulator used for testing the RPMB subsystem
> > diff --git a/drivers/char/rpmb/Makefile b/drivers/char/rpmb/Makefile
> > index b5dc087b1299..81f924fd9a87 100644
> > --- a/drivers/char/rpmb/Makefile
> > +++ b/drivers/char/rpmb/Makefile
> > @@ -1,5 +1,6 @@
> >  obj-$(CONFIG_RPMB) += rpmb.o
> >  rpmb-objs += core.o
> >  rpmb-$(CONFIG_RPMB_INTF_DEV) += cdev.o
> > +obj-$(CONFIG_RPMB_SIM) += rpmb_sim.o
> >
> >  ccflags-y += -D__CHECK_ENDIAN__
> > diff --git a/drivers/char/rpmb/rpmb_sim.c
> > b/drivers/char/rpmb/rpmb_sim.c new file mode 100644 index
> > 000000000000..e33f6809ae2c
> > --- /dev/null
> > +++ b/drivers/char/rpmb/rpmb_sim.c
> > @@ -0,0 +1,668 @@
> >
> +/**************************************************************
> ******
> > +**********
> > + * This file is provided under a dual BSD/GPLv2 license.  When using
> > +or
> > + * redistributing this file, you may do so under either license.
> > + *
> > + * GPL LICENSE SUMMARY
> > + *
> > + * Copyright(c) 2016 Intel Corporation. All rights reserved.
> > + *
> > + * This program is free software; you can redistribute it and/or
> > +modify
> > + * it under the terms of version 2 of the GNU General Public License
> > +as
> > + * published by the Free Software Foundation.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > +but
> > + * WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> GNU
> > + * General Public License for more details.
> > + *
> > + * The full GNU General Public License is included in this
> > +distribution
> > + * in the file called LICENSE.GPL.
> > + *
> > + * Contact Information:
> > + *	Intel Corporation.
> > + *	linux-mei@linux.intel.com
> > + *	http://www.intel.com
> > + *
> > + * BSD LICENSE
> > + *
> > + * Copyright(c) 2016 Intel Corporation. All rights reserved.
> > + * All rights reserved.
> > + *
> > + * Redistribution and use in source and binary forms, with or without
> > + * modification, are permitted provided that the following conditions
> > + * are met:
> > + *
> > + *  * Redistributions of source code must retain the above copyright
> > + *    notice, this list of conditions and the following disclaimer.
> > + *  * Redistributions in binary form must reproduce the above copyright
> > + *    notice, this list of conditions and the following disclaimer in
> > + *    the documentation and/or other materials provided with the
> > + *    distribution.
> > + *  * Neither the name Intel Corporation nor the names of its
> > + *    contributors may be used to endorse or promote products derived
> > + *    from this software without specific prior written permission.
> > + *
> > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
> > +CONTRIBUTORS
> > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT
> > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
> FITNESS
> > +FOR
> > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> > +COPYRIGHT
> > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
> > +INCIDENTAL,
> > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> NOT
> > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
> OF
> > +USE,
> > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
> AND ON
> > +ANY
> > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
> > +TORT
> > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
> THE
> > +USE
> > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
> DAMAGE.
> > + *
> > +
> >
> +***************************************************************
> ******
> > +********/
> > +#include <linux/module.h>
> > +#include <linux/slab.h>
> > +#include <linux/platform_device.h>
> > +#include <linux/device.h>
> > +#include <crypto/hash.h>
> > +#include <linux/scatterlist.h>
> > +#include <linux/sizes.h>
> > +
> > +#include <linux/rpmb.h>
> > +
> > +static const char id[] = "RPMB:SIM";
> > +#define CAPACITY_UNIT SZ_128K
> > +#define CAPACITY_MIN  SZ_128K
> > +#define CAPACITY_MAX  SZ_16M
> > +#define BLK_UNIT      SZ_256
> > +
> > +static unsigned int max_wr_blks = 1;
> > +module_param(max_wr_blks, uint, 0644);
> MODULE_PARM_DESC(max_wr_blks,
> > +"max blocks that can be written in a single command (default: 1)");
> > +
> > +static unsigned int daunits = 1;
> > +module_param(daunits, uint, 0644);
> > +MODULE_PARM_DESC(daunits, "number of data area units of 128K
> > +(default: 1)");
> > +
> > +struct blk {
> > +	u8 data[BLK_UNIT];
> > +};
> > +
> > +/**
> > + * struct rpmb_sim_dev
> > + *
> > + * @dev:  back pointer to the platform device
> > + * @rdev: rpmb device
> > + * @auth_key: Authentication key register which is used to authenticate
> > + *            accesses when MAC is calculated;
> > + * @auth_key_set: true if auth key was set
> > + * @write_counter: Counter value for the total amount of successful
> > + *             authenticated data write requests made by the host.
> > + *             The initial value of this register after production is 00000000h.
> > + *             The value will be incremented by one along with each successful
> > + *             programming access. The value cannot be reset. After the
> counter
> > + *             has reached the maximum value of FFFFFFFFh,
> > + *             it will not be incremented anymore (overflow prevention)
> > + * @hash_tfm:  hmac(sha256) tfm
> > + *
> > + * @res_frames: frame that holds the result of the last write
> > +operation
> > + * @out_frames: next read operation result frames
> > + * @out_frames_cnt: number of the output frames
> > + *
> > + * @capacity: size of the partition in bytes multiple of 128K
> > + * @blkcnt:   block count
> > + * @da:       data area in blocks
> > + */
> > +struct rpmb_sim_dev {
> > +	struct device *dev;
> > +	struct rpmb_dev *rdev;
> > +	u8 auth_key[32];
> > +	bool auth_key_set;
> > +	u32 write_counter;
> > +	struct crypto_shash *hash_tfm;
> > +
> > +	struct rpmb_frame res_frames[1];
> > +	struct rpmb_frame *out_frames;
> > +	unsigned int out_frames_cnt;
> > +
> > +	size_t capacity;
> > +	size_t blkcnt;
> > +	struct blk *da;
> > +};
> > +
> > +static __be16 op_result(struct rpmb_sim_dev *rsdev, u16 result) {
> > +	if (!rsdev->auth_key_set)
> > +		return cpu_to_be16(RPMB_ERR_NO_KEY);
> > +
> > +	if (rsdev->write_counter == 0xFFFFFFFF)
> > +		result |=  RPMB_ERR_COUNTER_EXPIRED;
> > +
> > +	return cpu_to_be16(result);
> > +}
> > +
> > +static __be16 req_to_resp(u16 req)
> > +{
> > +	return cpu_to_be16(RPMB_REQ2RESP(req)); }
> > +
> > +static int rpmb_sim_calc_hmac(struct rpmb_sim_dev *rsdev,
> > +			      struct rpmb_frame *frames,
> > +			      unsigned int blks, u8 *mac)
> > +{
> > +	SHASH_DESC_ON_STACK(desc, rsdev->hash_tfm);
> > +	int i;
> > +	int ret;
> > +
> > +	desc->tfm = rsdev->hash_tfm;
> > +	desc->flags = 0;
> > +
> > +	ret = crypto_shash_init(desc);
> > +	if (ret)
> > +		goto out;
> > +
> > +	for (i = 0; i < blks; i++) {
> > +		ret = crypto_shash_update(desc, frames[i].data,
> hmac_data_len);
> > +		if (ret)
> > +			goto out;
> > +	}
> > +	ret = crypto_shash_final(desc, mac);
> > +out:
> > +	if (ret)
> > +		dev_err(rsdev->dev, "digest error = %d", ret);
> > +
> > +	return ret;
> > +}
> > +
> > +static int rpmb_op_not_programmed(struct rpmb_sim_dev *rsdev, u16
> > +req) {
> > +	struct rpmb_frame *res_frame = rsdev->res_frames;
> > +
> > +	res_frame->req_resp = req_to_resp(req);
> > +	res_frame->result = op_result(rsdev, RPMB_ERR_NO_KEY);
> > +
> > +	dev_err(rsdev->dev, "not programmed\n");
> > +
> > +	return 0;
> > +}
> > +
> > +static int rpmb_op_program_key(struct rpmb_sim_dev *rsdev,
> > +			       struct rpmb_frame *in_frame, u32 cnt) {
> > +	struct rpmb_frame *res_frame = rsdev->res_frames;
> > +	u16 req;
> > +	int ret;
> > +	u16 err = RPMB_ERR_OK;
> > +
> > +	req = be16_to_cpu(in_frame[0].req_resp);
> > +
> > +	if (req != RPMB_PROGRAM_KEY)
> > +		return -EINVAL;
> > +
> > +	if (cnt != 1)
> > +		return -EINVAL;
> > +
> > +	if (rsdev->auth_key_set) {
> > +		dev_err(rsdev->dev, "key allread set\n");
> > +		err = RPMB_ERR_WRITE;
> > +		goto out;
> > +	}
> > +
> > +	ret = crypto_shash_setkey(rsdev->hash_tfm, in_frame[0].key_mac,
> 32);
> > +	if (ret) {
> > +		dev_err(rsdev->dev, "set key failed = %d\n", ret);
> > +		err = RPMB_ERR_GENERAL;
> > +		goto out;
> > +	}
> > +
> > +	dev_dbg(rsdev->dev, "digest size %u\n",
> > +		crypto_shash_digestsize(rsdev->hash_tfm));
> > +
> > +	memcpy(rsdev->auth_key, in_frame[0].key_mac, 32);
> > +	rsdev->auth_key_set = true;
> > +out:
> > +
> > +	memset(res_frame, 0, sizeof(struct rpmb_frame));
> > +	res_frame->req_resp = req_to_resp(req);
> > +	res_frame->result = op_result(rsdev, err);
> > +
> > +	return 0;
> > +}
> > +
> > +static int rpmb_op_get_wr_counter(struct rpmb_sim_dev *rsdev,
> > +				  struct rpmb_frame *in_frame, u32 cnt) {
> > +	struct rpmb_frame *frame;
> > +	int ret = 0;
> > +	u16 req;
> > +	u16 err;
> > +
> > +	req = be16_to_cpu(in_frame[0].req_resp);
> > +	if (req != RPMB_GET_WRITE_COUNTER)
> > +		return -EINVAL;
> > +
> > +	if (cnt != 1)
> > +		return -EINVAL;
> > +
> > +	frame = kcalloc(1, sizeof(struct rpmb_frame), GFP_KERNEL);
> > +	if (!frame) {
> > +		err = RPMB_ERR_READ;
> > +		ret = -ENOMEM;
> > +		rsdev->out_frames = rsdev->res_frames;
> > +		rsdev->out_frames_cnt = cnt;
> > +		goto out;
> > +	}
> > +
> > +	rsdev->out_frames = frame;
> > +	rsdev->out_frames_cnt = cnt;
> > +
> > +	frame->req_resp = req_to_resp(req);
> > +	frame->write_counter = cpu_to_be32(rsdev->write_counter);
> > +	memcpy(frame->nonce, in_frame[0].nonce, 16);
> > +
> > +	err = RPMB_ERR_OK;
> > +	if (rpmb_sim_calc_hmac(rsdev, frame, cnt, frame->key_mac))
> > +		err = RPMB_ERR_READ;
> > +
> > +out:
> > +	rsdev->out_frames[0].req_resp = req_to_resp(req);
> > +	rsdev->out_frames[0].result = op_result(rsdev, err);
> > +
> > +	return ret;
> > +}
> > +
> > +static int rpmb_op_write_data(struct rpmb_sim_dev *rsdev,
> > +			      struct rpmb_frame *in_frame, u32 cnt) {
> > +	struct rpmb_frame *res_frame = rsdev->res_frames;
> > +	u8 mac[32];
> > +	u16 req, err, addr, blks;
> > +	unsigned int i;
> > +	int ret = 0;
> > +
> > +	req = be16_to_cpu(in_frame[0].req_resp);
> > +	if (req != RPMB_WRITE_DATA)
> > +		return -EINVAL;
> > +
> > +	if (rsdev->write_counter == 0xFFFFFFFF) {
> > +		err = RPMB_ERR_WRITE;
> > +		goto out;
> > +	}
> > +
> > +	blks = be16_to_cpu(in_frame[0].block_count);
> > +	if (blks == 0 || blks > cnt) {
> > +		ret = -EINVAL;
> > +		err = RPMB_ERR_GENERAL;
> > +		goto out;
> > +	}
> > +
> > +	if (blks > max_wr_blks) {
> > +		err = RPMB_ERR_WRITE;
> > +		goto out;
> > +	}
> > +
> > +	addr = be16_to_cpu(in_frame[0].addr);
> > +	if (addr >= rsdev->blkcnt) {
> > +		err = RPMB_ERR_ADDRESS;
> > +		goto out;
> > +	}
> > +
> > +	if (rpmb_sim_calc_hmac(rsdev, in_frame, blks, mac)) {
> > +		err = RPMB_ERR_AUTH;
> > +		goto out;
> > +	}
> > +
> > +	/* mac is in the last frame */
> > +	if (memcmp(mac, in_frame[blks - 1].key_mac, sizeof(mac)) != 0) {
> > +		err = RPMB_ERR_AUTH;
> > +		goto out;
> > +	}
> > +
> > +	if (be32_to_cpu(in_frame[0].write_counter) != rsdev->write_counter)
> {
> > +		err = RPMB_ERR_COUNTER;
> > +		goto out;
> > +	}
> > +
> > +	if (addr + blks > rsdev->blkcnt) {
> > +		err = RPMB_ERR_WRITE;
> > +		goto out;
> > +	}
> > +
> > +	err = RPMB_ERR_OK;
> > +	for (i = 0; i < blks; i++)
> > +		memcpy(rsdev->da[addr + i].data, in_frame[i].data,
> BLK_UNIT);
> > +
> > +	rsdev->write_counter++;
> > +
> > +out:
> > +	memset(res_frame, 0, sizeof(struct rpmb_frame));
> > +	if (err == RPMB_ERR_OK) {
> > +		res_frame->write_counter = cpu_to_be32(rsdev-
> >write_counter);
> > +		memcpy(res_frame->key_mac, mac, sizeof(mac));
> > +	}
> > +	res_frame->req_resp = req_to_resp(req);
> > +	res_frame->result = op_result(rsdev, err);
> > +
> > +	return ret;
> > +}
> > +
> > +static int rpmb_op_read_data(struct rpmb_sim_dev *rsdev,
> > +			     struct rpmb_frame *in_frame, u32 cnt) {
> > +	struct rpmb_frame *res_frame = rsdev->res_frames;
> > +	struct rpmb_frame *out_frame;
> > +	u8 mac[32];
> > +	u16 req, err, addr, blks;
> > +	unsigned int i;
> > +	int ret;
> > +
> > +	req = be16_to_cpu(in_frame[0].req_resp);
> > +	if (req != RPMB_READ_DATA)
> > +		return -EINVAL;
> > +
> > +	out_frame = kcalloc(cnt, sizeof(struct rpmb_frame), GFP_KERNEL);
> > +	if (!out_frame) {
> > +		ret = -ENOMEM;
> > +		err = RPMB_ERR_READ;
> > +		goto out;
> > +	}
> > +
> > +	blks = be16_to_cpu(in_frame[0].block_count);
> > +	if (blks == 0 || blks > cnt) {
> > +		ret = -EINVAL;
> > +		err = RPMB_ERR_READ;
> > +		goto out;
> > +	}
> > +
> > +	ret = 0;
> > +	addr = be16_to_cpu(in_frame[0].addr);
> > +	if (addr >= rsdev->blkcnt) {
> > +		err = RPMB_ERR_ADDRESS;
> > +		goto out;
> > +	}
> > +
> > +	if (addr + blks > rsdev->blkcnt) {
> > +		err = RPMB_ERR_READ;
> > +		goto out;
> > +	}
> > +
> > +	for (i = 0; i < blks; i++) {
> > +		memcpy(out_frame[i].data, rsdev->da[addr + i].data,
> BLK_UNIT);
> > +		memcpy(out_frame[i].nonce, in_frame[0].nonce, 16);
> > +		out_frame[i].req_resp = req_to_resp(req);
> > +		out_frame[i].addr = in_frame[0].addr;
> > +		out_frame[i].block_count = cpu_to_be16(blks);
> > +	}
> > +
> > +	if (rpmb_sim_calc_hmac(rsdev, out_frame, blks, mac)) {
> > +		err = RPMB_ERR_AUTH;
> > +		goto out;
> > +	}
> > +
> > +	memcpy(out_frame[blks - 1].key_mac, mac, sizeof(mac));
> > +
> > +	err = RPMB_ERR_OK;
> > +	out_frame[0].result = op_result(rsdev, err);
> > +
> > +	rsdev->out_frames = out_frame;
> > +	rsdev->out_frames_cnt = cnt;
> > +
> > +out:
> > +	memset(res_frame, 0, sizeof(struct rpmb_frame));
> > +	res_frame->req_resp = req_to_resp(req);
> > +	res_frame->result = op_result(rsdev, err);
> > +	if (err != RPMB_ERR_OK) {
> > +		kfree(out_frame);
> > +		rsdev->out_frames = res_frame;
> > +		rsdev->out_frames_cnt = 1;
> > +	}
> > +
> > +	return ret;
> > +}
> > +
> > +static int rpmb_op_result_read(struct rpmb_sim_dev *rsdev,
> > +			       struct rpmb_frame *frames, u32 cnt) {
> > +	u16 req = be16_to_cpu(frames[0].req_resp);
> > +	u16 blks = be16_to_cpu(frames[0].block_count);
> > +
> > +	if (req != RPMB_RESULT_READ)
> > +		return -EINVAL;
> > +
> > +	if (blks != 0)
> > +		return -EINVAL;
> > +
> > +	rsdev->out_frames = rsdev->res_frames;
> > +	rsdev->out_frames_cnt = 1;
> > +	return 0;
> > +}
> > +
> > +static int rpmb_sim_write(struct rpmb_sim_dev *rsdev,
> > +			  struct rpmb_frame *frames, u32 cnt) {
> > +	u16 req;
> > +	int ret;
> > +
> > +	if (!frames || !cnt)
> > +		return -EINVAL;
> > +
> > +	req = be16_to_cpu(frames[0].req_resp);
> > +	if (!rsdev->auth_key_set && req != RPMB_PROGRAM_KEY)
> > +		return rpmb_op_not_programmed(rsdev, req);
> > +
> > +	switch (req) {
> > +	case RPMB_PROGRAM_KEY:
> > +		dev_dbg(rsdev->dev, "rpmb: program key\n");
> > +		ret = rpmb_op_program_key(rsdev, frames, cnt);
> > +		break;
> > +	case RPMB_WRITE_DATA:
> > +		dev_dbg(rsdev->dev, "rpmb: write data\n");
> > +		ret = rpmb_op_write_data(rsdev, frames, cnt);
> > +		break;
> > +	case RPMB_GET_WRITE_COUNTER:
> > +		dev_dbg(rsdev->dev, "rpmb: get write counter\n");
> > +		ret = rpmb_op_get_wr_counter(rsdev, frames, cnt);
> > +		break;
> > +	case RPMB_READ_DATA:
> > +		dev_dbg(rsdev->dev, "rpmb: read data\n");
> > +		ret = rpmb_op_read_data(rsdev, frames, cnt);
> > +		break;
> > +	case RPMB_RESULT_READ:
> > +		dev_dbg(rsdev->dev, "rpmb: result read\n");
> > +		ret = rpmb_op_result_read(rsdev, frames, cnt);
> > +		break;
> > +	default:
> > +		ret = -EINVAL;
> > +		break;
> > +	}
> > +
> > +	dev_dbg(rsdev->dev, "rpmb: ret=%d\n", ret);
> > +
> > +	return ret;
> > +}
> > +
> > +static int rpmb_sim_read(struct rpmb_sim_dev *rsdev,
> > +			 struct rpmb_frame *frames, u32 cnt) {
> > +	int i;
> > +
> > +	if (!frames || !cnt)
> > +		return -EINVAL;
> > +
> > +	if (!rsdev->out_frames || rsdev->out_frames_cnt == 0) {
> > +		dev_err(rsdev->dev, "out_frames are not set\n");
> > +		return -EINVAL;
> > +	}
> > +
> > +	for (i = 0; i < min_t(u32, rsdev->out_frames_cnt, cnt); i++)
> > +		memcpy(frames, rsdev->out_frames, sizeof(struct
> rpmb_frame));
> > +
> > +	if (rsdev->out_frames != rsdev->res_frames)
> > +		kfree(rsdev->out_frames);
> > +
> > +	rsdev->out_frames = NULL;
> > +	rsdev->out_frames_cnt = 0;
> > +	dev_dbg(rsdev->dev, "rpmb: cnt=%d\n", cnt);
> > +
> > +	return 0;
> > +}
> > +
> > +static int rpmb_sim_cmd_seq(struct device *dev,
> > +			    struct rpmb_cmd *cmds, u32 ncmds) {
> > +	struct platform_device *pdev;
> > +	struct rpmb_sim_dev *rsdev;
> > +	int i;
> > +	int ret;
> > +	struct rpmb_cmd *cmd;
> > +
> > +	if (!dev)
> > +		return -EINVAL;
> > +
> > +	pdev = to_platform_device(dev);
> > +	rsdev = platform_get_drvdata(pdev);
> > +
> > +	if (!rsdev)
> > +		return -EINVAL;
> > +
> > +	for (ret = 0, i = 0; i < ncmds && !ret; i++) {
> > +		cmd = &cmds[i];
> > +		if (cmd->flags & RPMB_F_WRITE)
> > +			ret = rpmb_sim_write(rsdev, cmd->frames, cmd-
> >nframes);
> > +		else
> > +			ret = rpmb_sim_read(rsdev, cmd->frames, cmd-
> >nframes);
> > +	}
> > +	return ret;
> > +}
> > +
> > +static struct rpmb_ops rpmb_sim_ops = {
> > +	.cmd_seq = rpmb_sim_cmd_seq,
> > +	.type = RPMB_TYPE_EMMC,
> > +};
> > +
> > +static int rpmb_sim_hmac_256_alloc(struct rpmb_sim_dev *rsdev) {
> > +	struct crypto_shash *hash_tfm;
> > +
> > +	hash_tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
> > +	if (IS_ERR(hash_tfm))
> > +		return PTR_ERR(hash_tfm);
> > +
> > +	rsdev->hash_tfm = hash_tfm;
> > +
> > +	dev_dbg(rsdev->dev, "hamac(sha256) registered\n");
> > +	return 0;
> > +}
> > +
> > +static void rpmb_sim_hmac_256_free(struct rpmb_sim_dev *rsdev) {
> > +	if (rsdev->hash_tfm)
> > +		crypto_free_shash(rsdev->hash_tfm);
> > +
> > +	rsdev->hash_tfm = NULL;
> > +}
> > +
> > +static int rpmb_sim_probe(struct platform_device *pdev) {
> > +	struct rpmb_sim_dev *rsdev;
> > +	int ret;
> > +
> > +	rsdev = kzalloc(sizeof(*rsdev), GFP_KERNEL);
> > +	if (!rsdev)
> > +		return -ENOMEM;
> > +
> > +	rsdev->dev = &pdev->dev;
> > +
> > +	ret = rpmb_sim_hmac_256_alloc(rsdev);
> > +	if (ret)
> > +		goto err;
> > +
> > +	rsdev->capacity = CAPACITY_UNIT * daunits;
> > +	rsdev->blkcnt  = rsdev->capacity / BLK_UNIT;
> > +	rsdev->da = kzalloc(rsdev->capacity, GFP_KERNEL);
> > +	if (!rsdev->da) {
> > +		ret = -ENOMEM;
> > +		goto err;
> > +	}
> > +
> > +	rpmb_sim_ops.dev_id_len = strlen(id);
> > +	rpmb_sim_ops.dev_id = id;
> > +	rpmb_sim_ops.reliable_wr_cnt = max_wr_blks;
> > +
> > +	rsdev->rdev = rpmb_dev_register(rsdev->dev, &rpmb_sim_ops);
> > +	if (IS_ERR(rsdev->rdev)) {
> > +		ret = PTR_ERR(rsdev->rdev);
> > +		goto err;
> > +	}
> > +
> > +	dev_info(&pdev->dev, "registered RPMB capacity = %zu of %zu
> blocks\n",
> > +		 rsdev->capacity, rsdev->blkcnt);
> > +
> > +	platform_set_drvdata(pdev, rsdev);
> > +
> > +	return 0;
> > +err:
> > +	rpmb_sim_hmac_256_free(rsdev);
> > +	if (rsdev)
> > +		kfree(rsdev->da);
> > +	kfree(rsdev);
> > +	return ret;
> > +}
> > +
> > +static int rpmb_sim_remove(struct platform_device *pdev) {
> > +	struct rpmb_sim_dev *rsdev;
> > +
> > +	rsdev = platform_get_drvdata(pdev);
> > +
> > +	rpmb_dev_unregister(rsdev->dev);
> > +
> > +	platform_set_drvdata(pdev, NULL);
> > +
> > +	rpmb_sim_hmac_256_free(rsdev);
> > +
> > +	kfree(rsdev->da);
> > +	kfree(rsdev);
> > +	return 0;
> > +}
> > +
> > +static void rpmb_sim_shutdown(struct platform_device *pdev) {
> > +	rpmb_sim_remove(pdev);
> > +}
> > +
> > +static struct platform_driver rpmb_sim_driver = {
> > +	.driver = {
> > +		.name  = "rpmb_sim",
> > +	},
> > +	.probe         = rpmb_sim_probe,
> > +	.remove        = rpmb_sim_remove,
> > +	.shutdown      = rpmb_sim_shutdown,
> > +};
> > +
> > +static struct platform_device *rpmb_sim_pdev;
> 
> A platform device?  Ick, no please don't abuse that interface for this type of
> thing.  Make it a real device if you have one, and put it in the proper place.  If
> it's a "virtual" device, great, use that.  But don't make something up like this
> please.

This is a virtual device (simulation), nothing behind it just a chunk of memory.
Is this there any information missing to make it clearer? 

Thanks
Tomas

Re: [PATCH v5 5/8] char: rpmb: add RPMB simulation device

[Greg Kroah-Hartman]

On Thu, Sep 01, 2016 at 08:25:28PM +0000, Winkler, Tomas wrote:
> > On Mon, Jul 18, 2016 at 11:27:50PM +0300, Tomas Winkler wrote:
> > > This is a simple platform device used for testing the RPMB subsystem.
> > > +static struct platform_device *rpmb_sim_pdev;
> > 
> > A platform device?  Ick, no please don't abuse that interface for this type of
> > thing.  Make it a real device if you have one, and put it in the proper place.  If
> > it's a "virtual" device, great, use that.  But don't make something up like this
> > please.
> 
> This is a virtual device (simulation), nothing behind it just a chunk of memory.
> Is this there any information missing to make it clearer? 

Don't make it a platform device, make it a "virtual" device, don't abuse
the platform device/driver interface for something that isn't really a
platform device.

thanks,

greg k-h

Re: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Greg Kroah-Hartman]

On Thu, Sep 01, 2016 at 08:05:26PM +0000, Winkler, Tomas wrote:
> 
> > 
> > On Sun, Aug 07, 2016 at 09:44:03AM +0000, Winkler, Tomas wrote:
> > > >
> > > > On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > > > > The user space API is achieved via two synchronous IOCTL.
> > > >
> > > > IOCTLs?
> > >
> > > Will fix
> > >
> > > > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> > > > performed
> > > > > by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> > > > where
> > > > > the whole RPMB sequence including RESULT_READ is supplied by the
> > caller.
> > > > > The latter is intended for  easier adjusting  of the  applications
> > > > > that use MMC_IOC_MULTI_CMD ioctl.
> > > >
> > > > Why "  "?
> > > Not sure I there is enough clue in your question.
> > > >
> > > > >
> > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > >
> > > > > +
> > > > > +static long rpmb_ioctl(struct file *fp, unsigned int cmd,
> > > > > +unsigned long arg) {
> > > > > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > > > > +
> > > > > +#ifdef CONFIG_COMPAT
> > > > > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > > > > +			      unsigned long arg)
> > > > > +{
> > > > > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > > > > +}
> > > > > +#endif /* CONFIG_COMPAT */
> > > >
> > > > Description of the ioctl is missing,
> > > Will add.
> > >
> > > and it should certainly be designed in a way
> > > > that it does not need compat support.
> > >
> > > The compat_ioctl handler just casts the compat_ptr, I believe this
> > > should be done unless the ioctl is globaly registered in
> > > fs/compat_ioctl.c, but I might be wrong.
> > 
> > You shouldn't need a compat ioctl for anything new that is added, unless
> > your api is really messed up.  Please test to be sure, and not use a compat
> > ioctl at all, it isn't that hard to do.
> 
> compat_ioctl is called anyhow when CONFIG_COMPAT is set, there is no
> way around it, or I'm missing something?  Actually there is no more
> than that for the COMPAT support in this code.

If you don't provide a compat_ioctl() all should be fine, right?

thanks,

greg k-h

RE: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Winkler, Tomas]

> On Thu, Sep 01, 2016 at 08:05:26PM +0000, Winkler, Tomas wrote:
> >
> > >
> > > On Sun, Aug 07, 2016 at 09:44:03AM +0000, Winkler, Tomas wrote:
> > > > >
> > > > > On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > > > > > The user space API is achieved via two synchronous IOCTL.
> > > > >
> > > > > IOCTLs?
> > > >
> > > > Will fix
> > > >
> > > > > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> > > > > performed
> > > > > > by the framework on behalf the user and second,
> > > > > > RPMB_IOC_SEQ_CMD
> > > > > where
> > > > > > the whole RPMB sequence including RESULT_READ is supplied by
> > > > > > the
> > > caller.
> > > > > > The latter is intended for  easier adjusting  of the
> > > > > > applications that use MMC_IOC_MULTI_CMD ioctl.
> > > > >
> > > > > Why "  "?
> > > > Not sure I there is enough clue in your question.
> > > > >
> > > > > >
> > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > >
> > > > > > +
> > > > > > +static long rpmb_ioctl(struct file *fp, unsigned int cmd,
> > > > > > +unsigned long arg) {
> > > > > > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > > > > > +
> > > > > > +#ifdef CONFIG_COMPAT
> > > > > > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > > > > > +			      unsigned long arg)
> > > > > > +{
> > > > > > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > > > > > +}
> > > > > > +#endif /* CONFIG_COMPAT */
> > > > >
> > > > > Description of the ioctl is missing,
> > > > Will add.
> > > >
> > > > and it should certainly be designed in a way
> > > > > that it does not need compat support.
> > > >
> > > > The compat_ioctl handler just casts the compat_ptr, I believe this
> > > > should be done unless the ioctl is globaly registered in
> > > > fs/compat_ioctl.c, but I might be wrong.
> > >
> > > You shouldn't need a compat ioctl for anything new that is added,
> > > unless your api is really messed up.  Please test to be sure, and
> > > not use a compat ioctl at all, it isn't that hard to do.
> >
> > compat_ioctl is called anyhow when CONFIG_COMPAT is set, there is no
> > way around it, or I'm missing something?  Actually there is no more
> > than that for the COMPAT support in this code.
> 
> If you don't provide a compat_ioctl() all should be fine, right?

No,  this doesn't work the driver has to provide compat_ioctl

You would expect something like
if (!f.file->f_op->compat_ioctl) {
                        error = f_op->f.file->f_op->unlocked_ioctl((f.file, cmd, compat_ptr(arg))
}
But there is no such code under  fs/compat_ioctl.c 

The translation has to implemented by the device driver or registered  directly in fs/compat_ioct.c in do_ioctl_trans or ioctl_pointer[]

If compat_ioct is not provided the application is receiving
: ioctl failure -1: Inappropriate ioctl for device
	
Thanks
Tomas

Re: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Pavel Machek]

On Sun 2016-09-04 11:35:33, Winkler, Tomas wrote:
> 
> > On Thu, Sep 01, 2016 at 08:05:26PM +0000, Winkler, Tomas wrote:
> > >
> > > >
> > > > On Sun, Aug 07, 2016 at 09:44:03AM +0000, Winkler, Tomas wrote:
> > > > > >
> > > > > > On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > > > > > > The user space API is achieved via two synchronous IOCTL.
> > > > > >
> > > > > > IOCTLs?
> > > > >
> > > > > Will fix
> > > > >
> > > > > > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is
> > > > > > performed
> > > > > > > by the framework on behalf the user and second,
> > > > > > > RPMB_IOC_SEQ_CMD
> > > > > > where
> > > > > > > the whole RPMB sequence including RESULT_READ is supplied by
> > > > > > > the
> > > > caller.
> > > > > > > The latter is intended for  easier adjusting  of the
> > > > > > > applications that use MMC_IOC_MULTI_CMD ioctl.
> > > > > >
> > > > > > Why "  "?
> > > > > Not sure I there is enough clue in your question.
> > > > > >
> > > > > > >
> > > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > >
> > > > > > > +
> > > > > > > +static long rpmb_ioctl(struct file *fp, unsigned int cmd,
> > > > > > > +unsigned long arg) {
> > > > > > > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > > > > > > +
> > > > > > > +#ifdef CONFIG_COMPAT
> > > > > > > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > > > > > > +			      unsigned long arg)
> > > > > > > +{
> > > > > > > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > > > > > > +}
> > > > > > > +#endif /* CONFIG_COMPAT */
> > > > > >
> > > > > > Description of the ioctl is missing,
> > > > > Will add.
> > > > >
> > > > > and it should certainly be designed in a way
> > > > > > that it does not need compat support.
> > > > >
> > > > > The compat_ioctl handler just casts the compat_ptr, I believe this
> > > > > should be done unless the ioctl is globaly registered in
> > > > > fs/compat_ioctl.c, but I might be wrong.
> > > >
> > > > You shouldn't need a compat ioctl for anything new that is added,
> > > > unless your api is really messed up.  Please test to be sure, and
> > > > not use a compat ioctl at all, it isn't that hard to do.
> > >
> > > compat_ioctl is called anyhow when CONFIG_COMPAT is set, there is no
> > > way around it, or I'm missing something?  Actually there is no more
> > > than that for the COMPAT support in this code.
> > 
> > If you don't provide a compat_ioctl() all should be fine, right?
> 
> No,  this doesn't work the driver has to provide compat_ioctl
> 
> You would expect something like
> if (!f.file->f_op->compat_ioctl) {
>                         error = f_op->f.file->f_op->unlocked_ioctl((f.file, cmd, compat_ptr(arg))
> }
> But there is no such code under  fs/compat_ioctl.c 
> 
> The translation has to implemented by the device driver or registered  directly in fs/compat_ioct.c in do_ioctl_trans or ioctl_pointer[]
> 
> If compat_ioct is not provided the application is receiving
> : ioctl failure -1: Inappropriate ioctl for device

Care to submit a patch? We should not really have to include
compat_ioctl support if it is already compatible...

Or maybe better provide empty function drivers can fill in when
compatible...?

									Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

RE: [PATCH v5 4/8] char: rpmb: provide a user space interface

[Winkler, Tomas]

\
> Subject: Re: [PATCH v5 4/8] char: rpmb: provide a user space interface
> 
> On Sun 2016-09-04 11:35:33, Winkler, Tomas wrote:
> >
> > > On Thu, Sep 01, 2016 at 08:05:26PM +0000, Winkler, Tomas wrote:
> > > >
> > > > >
> > > > > On Sun, Aug 07, 2016 at 09:44:03AM +0000, Winkler, Tomas wrote:
> > > > > > >
> > > > > > > On Mon 2016-07-18 23:27:49, Tomas Winkler wrote:
> > > > > > > > The user space API is achieved via two synchronous IOCTL.
> > > > > > >
> > > > > > > IOCTLs?
> > > > > >
> > > > > > Will fix
> > > > > >
> > > > > > > > Simplified one, RPMB_IOC_REQ_CMD, were read result cycles
> > > > > > > > is
> > > > > > > performed
> > > > > > > > by the framework on behalf the user and second,
> > > > > > > > RPMB_IOC_SEQ_CMD
> > > > > > > where
> > > > > > > > the whole RPMB sequence including RESULT_READ is supplied
> > > > > > > > by the
> > > > > caller.
> > > > > > > > The latter is intended for  easier adjusting  of the
> > > > > > > > applications that use MMC_IOC_MULTI_CMD ioctl.
> > > > > > >
> > > > > > > Why "  "?
> > > > > > Not sure I there is enough clue in your question.
> > > > > > >
> > > > > > > >
> > > > > > > > Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
> > > > > > >
> > > > > > > > +
> > > > > > > > +static long rpmb_ioctl(struct file *fp, unsigned int cmd,
> > > > > > > > +unsigned long arg) {
> > > > > > > > +	return __rpmb_ioctl(fp, cmd, (void __user *)arg); }
> > > > > > > > +
> > > > > > > > +#ifdef CONFIG_COMPAT
> > > > > > > > +static long rpmb_compat_ioctl(struct file *fp, unsigned int cmd,
> > > > > > > > +			      unsigned long arg) {
> > > > > > > > +	return	__rpmb_ioctl(fp, cmd, compat_ptr(arg));
> > > > > > > > +}
> > > > > > > > +#endif /* CONFIG_COMPAT */
> > > > > > >
> > > > > > > Description of the ioctl is missing,
> > > > > > Will add.
> > > > > >
> > > > > > and it should certainly be designed in a way
> > > > > > > that it does not need compat support.
> > > > > >
> > > > > > The compat_ioctl handler just casts the compat_ptr, I believe
> > > > > > this should be done unless the ioctl is globaly registered in
> > > > > > fs/compat_ioctl.c, but I might be wrong.
> > > > >
> > > > > You shouldn't need a compat ioctl for anything new that is
> > > > > added, unless your api is really messed up.  Please test to be
> > > > > sure, and not use a compat ioctl at all, it isn't that hard to do.
> > > >
> > > > compat_ioctl is called anyhow when CONFIG_COMPAT is set, there is
> > > > no way around it, or I'm missing something?  Actually there is no
> > > > more than that for the COMPAT support in this code.
> > >
> > > If you don't provide a compat_ioctl() all should be fine, right?
> >
> > No,  this doesn't work the driver has to provide compat_ioctl
> >
> > You would expect something like
> > if (!f.file->f_op->compat_ioctl) {
> >                         error =
> > f_op->f.file->f_op->unlocked_ioctl((f.file, cmd, compat_ptr(arg)) }
> > But there is no such code under  fs/compat_ioctl.c
> >
> > The translation has to implemented by the device driver or registered
> > directly in fs/compat_ioct.c in do_ioctl_trans or ioctl_pointer[]
> >
> > If compat_ioct is not provided the application is receiving
> > : ioctl failure -1: Inappropriate ioctl for device
> 
> Care to submit a patch? We should not really have to include compat_ioctl
> support if it is already compatible...
> 
> Or maybe better provide empty function drivers can fill in when
> compatible...?
> 
I'm not sure it is so simple to generallize, because ioctl selection logic in compat_ioctl has already a default actions and second because 'arg' my not be a pointer. 
Maybe a beter option would be to provide a function in spirit generic_ fs functions let say compat_generic_ioct() that would just cal unlocked_ioctl(fp, cmd, compat_ptr(arg))

Thanks
Tomas