diff options
| author | Alexander Potapenko <glider@google.com> | 2016-08-30 13:20:30 +0200 |
|---|---|---|
| committer | Alexander Potapenko <glider@google.com> | 2016-09-05 11:00:05 +0200 |
| commit | fb6f59caba884f748223c6ba7481bd996a0307d0 (patch) | |
| tree | 26acf34820459b3fe52b46c2b288ea5ec6a88807 /sys | |
| parent | 09f9a9a968b4fecb7808c5fe41782c22a7ffd202 (diff) | |
Add the /dev/tlk_device (Open Trusted Execution device driver) description
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/tlk_device.txt | 83 | ||||
| -rw-r--r-- | sys/tlk_device_amd64.const | 16 | ||||
| -rw-r--r-- | sys/tlk_device_arm64.const | 16 |
3 files changed, 115 insertions, 0 deletions
diff --git a/sys/tlk_device.txt b/sys/tlk_device.txt new file mode 100644 index 000000000..d8092fd1a --- /dev/null +++ b/sys/tlk_device.txt @@ -0,0 +1,83 @@ +# Copyright 2016 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +# Open Trusted Execution driver for /dev/tlk_device +# Reference source code: +# https://android.googlesource.com/kernel/tegra/+/android-tegra-dragon-3.18-marshmallow-dr-dragon/security/tlk_driver/ote_protocol.h + +include <linux/ioctl.h> +include <linux/types.h> +include <security/tlk_driver/ote_protocol.h> + +resource fd_tlk[fd] +resource te_session_id[int32] + +syz_open_dev$tlk_device(dev strconst["/dev/tlk_device"], id const[0], flags flags[open_flags]) fd_tlk + +ioctl$TE_IOCTL_OPEN_CLIENT_SESSION(fd fd_tlk, cmd const[TE_IOCTL_OPEN_CLIENT_SESSION], arg ptr[inout, te_opensession]) +ioctl$TE_IOCTL_CLOSE_CLIENT_SESSION(fd fd_tlk, cmd const[TE_IOCTL_CLOSE_CLIENT_SESSION], arg ptr[inout, te_closesession]) +ioctl$TE_IOCTL_LAUNCH_OPERATION(fd fd_tlk, cmd const[TE_IOCTL_LAUNCH_OPERATION], arg ptr[inout, te_launchop]) +ioctl$TE_IOCTL_SS_CMD(fd fd_tlk, cmd const[TE_IOCTL_SS_CMD], arg flags[te_ss_cmd_flags]) + +te_ss_cmd_flags = TE_IOCTL_SS_CMD_GET_NEW_REQ, TE_IOCTL_SS_CMD_REQ_COMPLETE +te_oper_param_type_flags = TE_PARAM_TYPE_NONE, TE_PARAM_TYPE_INT_RO, TE_PARAM_TYPE_INT_RW, TE_PARAM_TYPE_MEM_RO, TE_PARAM_TYPE_MEM_RW, TE_PARAM_TYPE_PERSIST_MEM_RO, TE_PARAM_TYPE_PERSIST_MEM_RW, TE_PARAM_TYPE_FLAGS_PHYS_LIST + + +# Values of time_low, time_mid, time_hi_and_version, clock_seq_and_node don't seem to mean anything. +te_service_id { + unused_time_low int32 + unused_time_mid int16 + unused_time_hi_and_version int16 + unused_clock_seq_and_node array[int8, 8] +} + +te_opensession { + dest_uuid te_service_id + operation te_operation + answer ptr[out, te_answer] +} + +te_closesession { + session_id te_session_id + answer ptr[out, te_answer] +} + +te_answer { + result int32 + session_id te_session_id + result_origin int32 +} + +te_launchop { + session_id te_session_id + operation te_operation + answer int64 +} + +te_operation { + unused_command int32 + status int32 + list_head ptr[in, te_oper_param] + unused_list_tail ptr[in, te_oper_param] + list_count int32 + unused_interface_side int32 +} + +te_int_mem_union [ + int int32 + Mem te_mem +] + +te_mem { + base vma + len int32 +} + +# TODO(glider): self-referencing overflows the stack in sysgen.go +te_oper_param { + index int32 + type flags[te_oper_param_type_flags, int32] + u te_int_mem_union +# next_ptr_user ptr[in, te_oper_param, opt] + next_ptr_user const[0, intptr] +} diff --git a/sys/tlk_device_amd64.const b/sys/tlk_device_amd64.const new file mode 100644 index 000000000..6866a48c3 --- /dev/null +++ b/sys/tlk_device_amd64.const @@ -0,0 +1,16 @@ +# AUTOGENERATED FILE +TE_IOCTL_CLOSE_CLIENT_SESSION = 3224925201 +TE_IOCTL_LAUNCH_OPERATION = 3224925204 +TE_IOCTL_OPEN_CLIENT_SESSION = 3224925200 +TE_IOCTL_SS_CMD = 2147775536 +TE_IOCTL_SS_CMD_GET_NEW_REQ = 1 +TE_IOCTL_SS_CMD_REQ_COMPLETE = 2 +TE_PARAM_TYPE_FLAGS_PHYS_LIST = 2147483648 +TE_PARAM_TYPE_INT_RO = 1 +TE_PARAM_TYPE_INT_RW = 2 +TE_PARAM_TYPE_MEM_RO = 3 +TE_PARAM_TYPE_MEM_RW = 4 +TE_PARAM_TYPE_NONE = 0 +TE_PARAM_TYPE_PERSIST_MEM_RO = 256 +TE_PARAM_TYPE_PERSIST_MEM_RW = 257 +__NR_ioctl = 16 diff --git a/sys/tlk_device_arm64.const b/sys/tlk_device_arm64.const new file mode 100644 index 000000000..8b8dce95a --- /dev/null +++ b/sys/tlk_device_arm64.const @@ -0,0 +1,16 @@ +# AUTOGENERATED FILE +TE_IOCTL_CLOSE_CLIENT_SESSION = 3224925201 +TE_IOCTL_LAUNCH_OPERATION = 3224925204 +TE_IOCTL_OPEN_CLIENT_SESSION = 3224925200 +TE_IOCTL_SS_CMD = 2147775536 +TE_IOCTL_SS_CMD_GET_NEW_REQ = 1 +TE_IOCTL_SS_CMD_REQ_COMPLETE = 2 +TE_PARAM_TYPE_FLAGS_PHYS_LIST = 2147483648 +TE_PARAM_TYPE_INT_RO = 1 +TE_PARAM_TYPE_INT_RW = 2 +TE_PARAM_TYPE_MEM_RO = 3 +TE_PARAM_TYPE_MEM_RW = 4 +TE_PARAM_TYPE_NONE = 0 +TE_PARAM_TYPE_PERSIST_MEM_RO = 256 +TE_PARAM_TYPE_PERSIST_MEM_RW = 257 +__NR_ioctl = 29 |