[PATCH 1/5] drivers: security: Add security devices to driver model

[seanedmond@linux.microsoft.com]

From: Stephen Carlson <stcarlso@linux.microsoft.com>

Security devices currently implement operations to store an OS
anti-rollback monotonic counter. Existing devices such as the Trusted
Platform Module (TPM) already support this operation, but this uclass
provides abstraction for current and future devices that may support
different features.

- New Driver Model uclass UCLASS_SECURITY.
- New config CONFIG_DM_SECURITY to enable security device support.
- New driver sandbox_security matching "security,sandbox", enabled with
  new config CONFIG_SECURITY_SANDBOX.

Signed-off-by: Stephen Carlson <stcarlso@linux.microsoft.com>
---
 MAINTAINERS                         |  8 ++++
 drivers/Kconfig                     |  2 +
 drivers/Makefile                    |  1 +
 drivers/security/Kconfig            | 25 +++++++++++
 drivers/security/Makefile           |  6 +++
 drivers/security/sandbox_security.c | 65 +++++++++++++++++++++++++++++
 drivers/security/security-uclass.c  | 30 +++++++++++++
 include/dm-security.h               | 44 +++++++++++++++++++
 include/dm/uclass-id.h              |  1 +
 9 files changed, 182 insertions(+)
 create mode 100644 drivers/security/Kconfig
 create mode 100644 drivers/security/Makefile
 create mode 100644 drivers/security/sandbox_security.c
 create mode 100644 drivers/security/security-uclass.c
 create mode 100644 include/dm-security.h

diff --git a/MAINTAINERS b/MAINTAINERS
index bf851cffd6..73b6943e03 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1438,6 +1438,14 @@ F:	cmd/seama.c
 F:	doc/usage/cmd/seama.rst
 F:	test/cmd/seama.c
 
+SECURITY
+M:	Stephen Carlson <stcarlso@linux.microsoft.com>
+S:	Maintained
+F:	drivers/security/Kconfig
+F:	drivers/security/Makefile
+F:	drivers/security/sandbox_security.c
+F:	drivers/security/security-uclass.c
+
 SEMIHOSTING
 R:	Sean Anderson <sean.anderson@seco.com>
 S:	Orphaned
diff --git a/drivers/Kconfig b/drivers/Kconfig
index a25f6ae02f..95ea614210 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -116,6 +116,8 @@ source "drivers/rtc/Kconfig"
 
 source "drivers/scsi/Kconfig"
 
+source "drivers/security/Kconfig"
+
 source "drivers/serial/Kconfig"
 
 source "drivers/smem/Kconfig"
diff --git a/drivers/Makefile b/drivers/Makefile
index efc2a4afb2..b670aae5fd 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -98,6 +98,7 @@ obj-$(CONFIG_PCH) += pch/
 obj-$(CONFIG_DM_REBOOT_MODE) += reboot-mode/
 obj-y += rtc/
 obj-y += scsi/
+obj-y += security/
 obj-y += sound/
 obj-y += spmi/
 obj-y += watchdog/
diff --git a/drivers/security/Kconfig b/drivers/security/Kconfig
new file mode 100644
index 0000000000..f7af5c4e78
--- /dev/null
+++ b/drivers/security/Kconfig
@@ -0,0 +1,25 @@
+config DM_SECURITY
+	bool "Support security devices with driver model"
+	depends on DM
+	help
+	  This option enables support for the security uclass which supports
+	  devices intended to provide additional security features during
+	  boot. These devices might encapsulate existing features of TPM
+	  or TEE devices, but can also be dedicated security processors
+	  implemented in specific hardware.
+
+config SECURITY_SANDBOX
+	bool "Enable sandbox security driver"
+	depends on DM_SECURITY
+	help
+	  This driver supports a simulated security device that uses volatile
+	  memory to store secure data and begins uninitialized. This
+	  implementation allows OS images with security requirements to be
+	  loaded in the sandbox environment.
+
+config SECURITY_TPM
+	bool "Enable TPM security driver"
+	depends on TPM && TPM_V2 && DM_SECURITY
+	help
+	  This driver supports a security device based on existing TPM
+	  functionality.
diff --git a/drivers/security/Makefile b/drivers/security/Makefile
new file mode 100644
index 0000000000..ed10c3f234
--- /dev/null
+++ b/drivers/security/Makefile
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# (C) Copyright 2021 Microsoft, Inc.
+
+obj-$(CONFIG_DM_SECURITY) += security-uclass.o
+obj-$(CONFIG_SECURITY_SANDBOX) += sandbox_security.o
diff --git a/drivers/security/sandbox_security.c b/drivers/security/sandbox_security.c
new file mode 100644
index 0000000000..bcb817a842
--- /dev/null
+++ b/drivers/security/sandbox_security.c
@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2021 Microsoft, Inc
+ * Written by Stephen Carlson <stcarlso@microsoft.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <fdtdec.h>
+#include <dm-security.h>
+
+static struct security_state {
+	u64 arbvn;
+};
+
+static int sb_security_arbvn_get(struct udevice *dev, u64 *arbvn)
+{
+	struct security_state *priv = dev_get_priv(dev);
+
+	if (!arbvn)
+		return -EINVAL;
+
+	*arbvn = priv->arbvn;
+	return 0;
+}
+
+static int sb_security_arbvn_set(struct udevice *dev, u64 arbvn)
+{
+	struct security_state *priv = dev_get_priv(dev);
+	u64 old_arbvn;
+
+	old_arbvn = priv->arbvn;
+	if (arbvn < old_arbvn)
+		return -EPERM;
+
+	priv->arbvn = arbvn;
+	return 0;
+}
+
+static const struct dm_security_ops security_sandbox_ops = {
+	.arbvn_get		= sb_security_arbvn_get,
+	.arbvn_set		= sb_security_arbvn_set,
+};
+
+static int security_sandbox_probe(struct udevice *dev)
+{
+	struct security_state *priv = dev_get_priv(dev);
+
+	priv->arbvn = 0ULL;
+	return 0;
+}
+
+static const struct udevice_id security_sandbox_ids[] = {
+	{ .compatible = "sandbox,security" },
+	{ }
+};
+
+U_BOOT_DRIVER(security_sandbox) = {
+	.name	= "security_sandbox",
+	.id	= UCLASS_SECURITY,
+	.priv_auto = sizeof(struct security_state),
+	.of_match = security_sandbox_ids,
+	.probe	= security_sandbox_probe,
+	.ops	= &security_sandbox_ops,
+};
diff --git a/drivers/security/security-uclass.c b/drivers/security/security-uclass.c
new file mode 100644
index 0000000000..26790f3130
--- /dev/null
+++ b/drivers/security/security-uclass.c
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2021 Microsoft, Inc
+ * Written by Stephen Carlson <stcarlso@microsoft.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <dm-security.h>
+
+int dm_security_arbvn_get(struct udevice *dev, uint64_t *arbvn)
+{
+	if (!dev || !arbvn)
+		return -EINVAL;
+
+	return security_get_ops(dev)->arbvn_get(dev, arbvn);
+}
+
+int dm_security_arbvn_set(struct udevice *dev, uint64_t arbvn)
+{
+	if (!dev)
+		return -EINVAL;
+
+	return security_get_ops(dev)->arbvn_set(dev, arbvn);
+}
+
+UCLASS_DRIVER(security) = {
+	.id		= UCLASS_SECURITY,
+	.name		= "security",
+};
diff --git a/include/dm-security.h b/include/dm-security.h
new file mode 100644
index 0000000000..f71fe5c255
--- /dev/null
+++ b/include/dm-security.h
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2021 Microsoft, Inc.
+ */
+
+#ifndef _DM_SECURITY_H_
+#define _DM_SECURITY_H_
+
+#include <stdint.h>
+
+/* Access the security operations for a device */
+#define security_get_ops(dev)	((struct dm_security_ops *)(dev)->driver->ops)
+
+/**
+ * dm_security_arbvn_get() Gets the OS anti-roll back version number (ARBVN)
+ *
+ * @dev:     Device to check
+ * @arbvn:   Location where the ARBVN will be stored on success
+ * @return   0 if OK, -ve on error
+ */
+int dm_security_arbvn_get(struct udevice *dev, uint64_t *arbvn);
+
+/**
+ * dm_security_arbvn_set() Sets the OS anti-roll back version number (ARBVN).
+ * Only succeeds if the new version number is greater than or equal to the
+ * current ARBVN.
+ *
+ * @dev:     Device to modify
+ * @arbvn:   The new ARBVN value of the image that is loaded
+ * @return   0 if OK, -ve on error
+ */
+int dm_security_arbvn_set(struct udevice *dev, uint64_t arbvn);
+
+/**
+ * struct dm_security_ops - Driver model security operations
+ *
+ * Refer to the functions above for the description of each operation.
+ */
+struct dm_security_ops {
+	int (*arbvn_get)(struct udevice *dev, uint64_t *arbvn);
+	int (*arbvn_set)(struct udevice *dev, uint64_t arbvn);
+};
+
+#endif
diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
index 0432c95c9e..af282a1baa 100644
--- a/include/dm/uclass-id.h
+++ b/include/dm/uclass-id.h
@@ -124,6 +124,7 @@ enum uclass_id {
 	UCLASS_RTC,		/* Real time clock device */
 	UCLASS_SCMI_AGENT,	/* Interface with an SCMI server */
 	UCLASS_SCSI,		/* SCSI device */
+	UCLASS_SECURITY,	/* Security device */
 	UCLASS_SERIAL,		/* Serial UART */
 	UCLASS_SIMPLE_BUS,	/* Bus with child devices */
 	UCLASS_SMEM,		/* Shared memory interface */
-- 
2.40.0