github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/dev_trusty.txt (about) 1 # Copyright 2018 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # Trusty IPC device (https://android.googlesource.com/kernel/common android-trusty-4.9). 5 6 include <linux/ioctl.h> 7 include <linux/fcntl.h> 8 9 resource fd_trusty[fd] 10 11 openat$trusty(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty 12 ioctl$TIPC_IOC_CONNECT(fd fd_trusty, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string[trusty_ports]]) 13 write$trusty(fd fd_trusty, msg ptr[in, array[int8]], len len[msg]) 14 read$trusty(fd fd_trusty, msg ptr[out, array[int8]], len len[msg]) 15 16 # TODO: describe interface for the rest of ports. 17 trusty_ports = "com.android.trusty.gatekeeper", "com.android.trusty.keymaster", "com.android.trusty.keymaster.secure", "com.android.trusty.avb", "com.android.trusty.hwkey", "com.android.trusty.hwrng", "com.android.trusty.appmgmt.srv2.start", trusty_storage_ports 18 19 trusty_open_flags = O_RDWR, O_RDWR_NONBLOCK 20 21 define O_RDWR_NONBLOCK O_RDWR | O_NONBLOCK 22 23 # This is not defined in any kernel header. 24 define TIPC_IOC_CONNECT _IOW('r', 0x80, char*) 25 26 define TRUSTY_ERROR_NONE 0 27 define TRUSTY_ERROR_INVALID 1 28 define TRUSTY_ERROR_RETRY 2 29 define TRUSTY_ERROR_UNKNOWN 3 30 31 ### gatekeeper ### 32 33 resource fd_trusty_gatekeeper[fd_trusty] 34 35 openat$trusty_gatekeeper(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_gatekeeper 36 ioctl$TIPC_IOC_CONNECT_gatekeeper(fd fd_trusty_gatekeeper, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string["com.android.trusty.gatekeeper"]]) 37 write$trusty_gatekeeper(fd fd_trusty_gatekeeper, msg ptr[in, trusty_gatekeeper_msg], len len[msg]) 38 39 trusty_gatekeeper_msg [ 40 err trusty_gatekeeper_error 41 retry trusty_gatekeeper_retry 42 enroll trusty_gatekeeper_enroll 43 verify trusty_gatekeeper_verify 44 ] [varlen] 45 46 trusty_gatekeeper_error { 47 cmd flags[trusty_gatekeeper_cmd, int32] 48 error const[TRUSTY_ERROR_INVALID, int32] 49 user_id const[0, int32] 50 } 51 52 trusty_gatekeeper_retry { 53 cmd flags[trusty_gatekeeper_cmd, int32] 54 error const[TRUSTY_ERROR_RETRY, int32] 55 user_id const[0, int32] 56 retry_timeout int32 57 } 58 59 trusty_gatekeeper_enroll { 60 cmd const[TRUSTY_GK_ENROLL, int32] 61 error const[TRUSTY_ERROR_NONE, int32] 62 user_id trusty_gatekeeper_user_id 63 provided_password trusty_blob 64 enrolled_password trusty_blob 65 password_handle_len bytesize[password_handle, int32] 66 password_handle trusty_password_handle 67 } [packed] 68 69 trusty_gatekeeper_verify { 70 cmd const[TRUSTY_GK_VERIFY, int32] 71 error const[TRUSTY_ERROR_NONE, int32] 72 user_id trusty_gatekeeper_user_id 73 challenge int64 74 password_handle trusty_blob 75 provided_password trusty_blob 76 } [packed] 77 78 trusty_password_handle { 79 version int8[0:2] 80 user_id int64 81 flags bool64 82 salt int64 83 signature array[int8, 32] 84 hardware_backed bool8 85 } [packed] 86 87 trusty_blob { 88 len bytesize[data, int32] 89 data array[int8] 90 } [packed] 91 92 type trusty_gatekeeper_user_id int32[0:4] 93 94 trusty_gatekeeper_cmd = TRUSTY_GK_ENROLL, TRUSTY_GK_VERIFY 95 96 define TRUSTY_GK_ENROLL 0 97 define TRUSTY_GK_VERIFY 2 98 99 ### keymaster.secure ### 100 101 resource fd_trusty_km_secure[fd_trusty] 102 103 openat$trusty_km_secure(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_km_secure 104 ioctl$TIPC_IOC_CONNECT_keymaster_secure(fd fd_trusty_km_secure, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string["com.android.trusty.keymaster.secure"]]) 105 write$trusty_km_secure(fd fd_trusty_km_secure, msg ptr[in, trusty_km_secure_msg], len len[msg]) 106 107 trusty_km_secure_msg { 108 cmd const[TRUSTY_KM_GET_AUTH_TOKEN_KEY, int32] 109 } 110 111 define TRUSTY_KM_GET_AUTH_TOKEN_KEY 0 112 113 ### keymaster ### 114 115 resource fd_trusty_km[fd_trusty] 116 117 openat$trusty_km(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_km 118 ioctl$TIPC_IOC_CONNECT_km(fd fd_trusty_km, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string["com.android.trusty.keymaster"]]) 119 write$trusty_km(fd fd_trusty_km, msg ptr[in, trusty_km_msg], len len[msg]) 120 121 trusty_km_msg [ 122 GENERATE_KEY trusty_km_msg_t[TRUSTY_KM_GENERATE_KEY, trusty_authorization_set] 123 BEGIN_OPERATION trusty_km_msg_t[TRUSTY_KM_BEGIN_OPERATION, trusty_km_begin_operation] 124 UPDATE_OPERATION trusty_km_msg_t[TRUSTY_KM_UPDATE_OPERATION, trusty_km_update_operation] 125 FINISH_OPERATION trusty_km_msg_t[TRUSTY_KM_FINISH_OPERATION, trusty_km_finish_operation] 126 ABORT_OPERATION trusty_km_msg_t[TRUSTY_KM_ABORT_OPERATION, int64] 127 IMPORT_KEY trusty_km_msg_t[TRUSTY_KM_IMPORT_KEY, trusty_km_import_key] 128 EXPORT_KEY trusty_km_msg_t[TRUSTY_KM_EXPORT_KEY, trusty_km_export_key] 129 GET_VERSION trusty_km_msg_t[TRUSTY_KM_GET_VERSION, void] 130 ADD_RNG_ENTROPY trusty_km_msg_t[TRUSTY_KM_ADD_RNG_ENTROPY, trusty_blob] 131 GET_SUPPORTED_ALGORITHMS trusty_km_msg_t[TRUSTY_KM_GET_SUPPORTED_ALGORITHMS, void] 132 GET_SUPPORTED_BLOCK_MODES trusty_km_msg_t[TRUSTY_KM_GET_SUPPORTED_BLOCK_MODES, trusty_km_supported_digests] 133 GET_SUPPORTED_PADDING_MODES trusty_km_msg_t[TRUSTY_KM_GET_SUPPORTED_PADDING_MODES, trusty_km_supported_digests] 134 GET_SUPPORTED_DIGESTS trusty_km_msg_t[TRUSTY_KM_GET_SUPPORTED_DIGESTS, trusty_km_supported_digests] 135 GET_SUPPORTED_IMPORT_FORMATS trusty_km_msg_t[TRUSTY_KM_GET_SUPPORTED_IMPORT_FORMATS, flags[trusty_km_algorithms, int32]] 136 GET_SUPPORTED_EXPORT_FORMATS trusty_km_msg_t[TRUSTY_KM_GET_SUPPORTED_EXPORT_FORMATS, flags[trusty_km_algorithms, int32]] 137 GET_KEY_CHARACTERISTICS trusty_km_msg_t[TRUSTY_KM_GET_KEY_CHARACTERISTICS, trusty_km_get_key_characteristics] 138 ATTEST_KEY trusty_km_msg_t[TRUSTY_KM_ATTEST_KEY, trusty_km_attest_key] 139 UPGRADE_KEY trusty_km_msg_t[TRUSTY_KM_UPGRADE_KEY, trusty_km_attest_key] 140 CONFIGURE trusty_km_msg_t[TRUSTY_KM_CONFIGURE, trusty_km_configure] 141 GET_HMAC_SHARING_PARAMETERS trusty_km_msg_t[TRUSTY_KM_GET_HMAC_SHARING_PARAMETERS, void] 142 COMPUTE_SHARED_HMAC trusty_km_msg_t[TRUSTY_KM_COMPUTE_SHARED_HMAC, trusty_km_hmac_sharing_parameters_array] 143 VERIFY_AUTHORIZATION trusty_km_msg_t[TRUSTY_KM_VERIFY_AUTHORIZATION, trusty_km_verify_authorization] 144 DELETE_KEY trusty_km_msg_t[TRUSTY_KM_DELETE_KEY, trusty_blob] 145 DELETE_ALL_KEYS trusty_km_msg_t[TRUSTY_KM_DELETE_ALL_KEYS, void] 146 # TODO: is DESTROY_ATTESTATION_IDS a thing? Where is it handled? 147 IMPORT_WRAPPED_KEY trusty_km_msg_t[TRUSTY_KM_IMPORT_WRAPPED_KEY, trusty_km_import_wrapped_key] 148 ] [varlen] 149 150 type trusty_km_msg_t[CMD, PAYLOAD] { 151 cmd const[CMD, int32] 152 payload PAYLOAD 153 } [packed] 154 155 trusty_km_begin_operation { 156 purpose int32 157 key trusty_blob 158 additional_params trusty_authorization_set 159 } [packed] 160 161 trusty_km_update_operation { 162 handle int64 163 input trusty_blob 164 additional_params trusty_authorization_set 165 } [packed] 166 167 trusty_km_finish_operation { 168 handle int64 169 signature trusty_blob 170 additional_params trusty_authorization_set 171 input trusty_blob 172 } [packed] 173 174 trusty_km_import_key { 175 key_description trusty_authorization_set 176 key_format flags[trusty_km_key_format, int32] 177 key_material trusty_blob 178 } [packed] 179 180 trusty_km_key_format = 0, 1, 3 181 182 trusty_km_export_key { 183 key_description trusty_authorization_set 184 key_format flags[trusty_km_key_format, int32] 185 key_material trusty_blob 186 } [packed] 187 188 trusty_km_supported_digests { 189 algorithm flags[trusty_km_algorithms, int32] 190 purpose flags[trusty_km_purposes, int32] 191 } [packed] 192 193 trusty_km_algorithms = 1, 2, 3, 32, 33, 128 194 trusty_km_purposes = 0, 1, 2, 3, 4, 5 195 196 trusty_km_get_key_characteristics { 197 key_blob trusty_blob 198 additional_params trusty_authorization_set 199 } [packed] 200 201 trusty_km_attest_key { 202 key_blob trusty_blob 203 attest_params trusty_authorization_set 204 } [packed] 205 206 trusty_km_configure { 207 os_version int32 208 os_patchlevel int32 209 } [packed] 210 211 trusty_km_hmac_sharing_parameters_array { 212 num_params len[params, int32] 213 params array[trusty_km_hmac_sharing_parameter] 214 } [packed] 215 216 trusty_km_hmac_sharing_parameter { 217 seed trusty_blob 218 none array[int8, 32] 219 } [packed] 220 221 trusty_km_verify_authorization { 222 challenge int64 223 parameters_to_verify trusty_authorization_set 224 auth_token trusty_km_hardware_auth_token 225 } [packed] 226 227 trusty_km_hardware_auth_token { 228 challenge int64 229 user_id int64 230 authenticator_id int64 231 authenticator_type int32 232 timestamp int64 233 mac trusty_blob 234 } [packed] 235 236 trusty_km_import_wrapped_key { 237 wrapped_key trusty_blob 238 wrapping_key trusty_blob 239 masking_key trusty_blob 240 additional_params trusty_authorization_set 241 password_sid int64 242 biometric_sid int64 243 } [packed] 244 245 trusty_authorization_set { 246 indirect_data trusty_blob 247 elements_count len[elements, int32] 248 elements_size bytesize[elements, int32] 249 elements array[trusty_authorization_elem] 250 } [packed] 251 252 trusty_authorization_elem [ 253 ENUM trusty_authorization_elem_t[TRUSTY_KM_ENUM, int32] 254 ENUM_REP trusty_authorization_elem_t[TRUSTY_KM_ENUM_REP, int32] 255 UINT trusty_authorization_elem_t[TRUSTY_KM_UINT, int32] 256 UINT_REP trusty_authorization_elem_t[TRUSTY_KM_UINT_REP, int32] 257 ULONG trusty_authorization_elem_t[TRUSTY_KM_ULONG, int64] 258 ULONG_REP trusty_authorization_elem_t[TRUSTY_KM_ULONG_REP, int64] 259 DATE trusty_authorization_elem_t[TRUSTY_KM_DATE, int64] 260 BOOL trusty_authorization_elem_t[TRUSTY_KM_BOOL, bool8] 261 BIGNUM trusty_authorization_elem_t[TRUSTY_KM_BIGNUM, trusty_authorization_bytes] 262 BYTES trusty_authorization_elem_t[TRUSTY_KM_BYTES, trusty_authorization_bytes] 263 ] [varlen] 264 265 type trusty_authorization_elem_t[TAG, DATA] { 266 tag const[TAG, int32] 267 data DATA 268 } [packed] 269 270 trusty_authorization_bytes { 271 # NEED: these are length/offset in trusty_authorization_set.indirect_data. 272 data_length int32 273 offset int32 274 } [packed] 275 276 define TRUSTY_KM_REQ_SHIFT 2 277 define TRUSTY_KM_GENERATE_KEY 0 << TRUSTY_KM_REQ_SHIFT 278 define TRUSTY_KM_BEGIN_OPERATION 1 << TRUSTY_KM_REQ_SHIFT 279 define TRUSTY_KM_UPDATE_OPERATION 2 << TRUSTY_KM_REQ_SHIFT 280 define TRUSTY_KM_FINISH_OPERATION 3 << TRUSTY_KM_REQ_SHIFT 281 define TRUSTY_KM_ABORT_OPERATION 4 << TRUSTY_KM_REQ_SHIFT 282 define TRUSTY_KM_IMPORT_KEY 5 << TRUSTY_KM_REQ_SHIFT 283 define TRUSTY_KM_EXPORT_KEY 6 << TRUSTY_KM_REQ_SHIFT 284 define TRUSTY_KM_GET_VERSION 7 << TRUSTY_KM_REQ_SHIFT 285 define TRUSTY_KM_ADD_RNG_ENTROPY 8 << TRUSTY_KM_REQ_SHIFT 286 define TRUSTY_KM_GET_SUPPORTED_ALGORITHMS 9 << TRUSTY_KM_REQ_SHIFT 287 define TRUSTY_KM_GET_SUPPORTED_BLOCK_MODES 10 << TRUSTY_KM_REQ_SHIFT 288 define TRUSTY_KM_GET_SUPPORTED_PADDING_MODES 11 << TRUSTY_KM_REQ_SHIFT 289 define TRUSTY_KM_GET_SUPPORTED_DIGESTS 12 << TRUSTY_KM_REQ_SHIFT 290 define TRUSTY_KM_GET_SUPPORTED_IMPORT_FORMATS 13 << TRUSTY_KM_REQ_SHIFT 291 define TRUSTY_KM_GET_SUPPORTED_EXPORT_FORMATS 14 << TRUSTY_KM_REQ_SHIFT 292 define TRUSTY_KM_GET_KEY_CHARACTERISTICS 15 << TRUSTY_KM_REQ_SHIFT 293 define TRUSTY_KM_ATTEST_KEY 16 << TRUSTY_KM_REQ_SHIFT 294 define TRUSTY_KM_UPGRADE_KEY 17 << TRUSTY_KM_REQ_SHIFT 295 define TRUSTY_KM_CONFIGURE 18 << TRUSTY_KM_REQ_SHIFT 296 define TRUSTY_KM_GET_HMAC_SHARING_PARAMETERS 19 << TRUSTY_KM_REQ_SHIFT 297 define TRUSTY_KM_COMPUTE_SHARED_HMAC 20 << TRUSTY_KM_REQ_SHIFT 298 define TRUSTY_KM_VERIFY_AUTHORIZATION 21 << TRUSTY_KM_REQ_SHIFT 299 define TRUSTY_KM_DELETE_KEY 22 << TRUSTY_KM_REQ_SHIFT 300 define TRUSTY_KM_DELETE_ALL_KEYS 23 << TRUSTY_KM_REQ_SHIFT 301 define TRUSTY_KM_DESTROY_ATTESTATION_IDS 24 << TRUSTY_KM_REQ_SHIFT 302 define TRUSTY_KM_IMPORT_WRAPPED_KEY 25 << TRUSTY_KM_REQ_SHIFT 303 304 define TRUSTY_KM_ENUM 1 << 28 305 define TRUSTY_KM_ENUM_REP 2 << 28 306 define TRUSTY_KM_UINT 3 << 28 307 define TRUSTY_KM_UINT_REP 4 << 28 308 define TRUSTY_KM_ULONG 5 << 28 309 define TRUSTY_KM_DATE 6 << 28 310 define TRUSTY_KM_BOOL 7 << 28 311 define TRUSTY_KM_BIGNUM 8 << 28 312 define TRUSTY_KM_BYTES 9 << 28 313 define TRUSTY_KM_ULONG_REP 10 << 28 314 315 # TODO: does it make sense to exercise bootloader commands? 316 # They should be locked when Linux starts and we probably trust bootloader anyway? 317 318 ### avb ### 319 320 resource fd_trusty_avb[fd_trusty] 321 322 openat$trusty_avb(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_avb 323 ioctl$TIPC_IOC_CONNECT_avb(fd fd_trusty_avb, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string["com.android.trusty.avb"]]) 324 write$trusty_avb(fd fd_trusty_avb, msg ptr[in, trusty_avb_msg], len len[msg]) 325 326 trusty_avb_msg [ 327 READ_ROLLBACK_INDEX trusty_avb_msg_t[TRUSTY_AVB_READ_ROLLBACK_INDEX, trusty_avb_rollback_index] 328 WRITE_ROLLBACK_INDEX trusty_avb_msg_t[TRUSTY_AVB_WRITE_ROLLBACK_INDEX, trusty_avb_rollback_index] 329 AVB_GET_VERSION trusty_avb_msg_t[TRUSTY_AVB_GET_VERSION, void] 330 READ_PERMANENT_ATTRIBUTES trusty_avb_msg_t[TRUSTY_AVB_READ_PERMANENT_ATTRIBUTES, void] 331 WRITE_PERMANENT_ATTRIBUTES trusty_avb_msg_t[TRUSTY_AVB_WRITE_PERMANENT_ATTRIBUTES, array[int8]] 332 READ_LOCK_STATE trusty_avb_msg_t[TRUSTY_AVB_READ_LOCK_STATE, void] 333 WRITE_LOCK_STATE trusty_avb_msg_t[TRUSTY_AVB_WRITE_LOCK_STATE, int8] 334 LOCK_BOOT_STATE trusty_avb_msg_t[TRUSTY_AVB_LOCK_BOOT_STATE, void] 335 ] [varlen] 336 337 type trusty_avb_msg_t[CMD, PAYLOAD] { 338 cmd const[CMD, int32] 339 payload PAYLOAD 340 } [packed] 341 342 trusty_avb_rollback_index { 343 value int64 344 slot int32 345 } [packed] 346 347 define TRUSTY_AVB_REQ_SHIFT 1 348 define TRUSTY_AVB_READ_ROLLBACK_INDEX 0 << TRUSTY_AVB_REQ_SHIFT 349 define TRUSTY_AVB_WRITE_ROLLBACK_INDEX 1 << TRUSTY_AVB_REQ_SHIFT 350 define TRUSTY_AVB_GET_VERSION 2 << TRUSTY_AVB_REQ_SHIFT 351 define TRUSTY_AVB_READ_PERMANENT_ATTRIBUTES 3 << TRUSTY_AVB_REQ_SHIFT 352 define TRUSTY_AVB_WRITE_PERMANENT_ATTRIBUTES 4 << TRUSTY_AVB_REQ_SHIFT 353 define TRUSTY_AVB_READ_LOCK_STATE 5 << TRUSTY_AVB_REQ_SHIFT 354 define TRUSTY_AVB_WRITE_LOCK_STATE 6 << TRUSTY_AVB_REQ_SHIFT 355 define TRUSTY_AVB_LOCK_BOOT_STATE 7 << TRUSTY_AVB_REQ_SHIFT 356 357 ### storage ### 358 359 resource fd_trusty_storage[fd_trusty] 360 361 openat$trusty_storage(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_storage 362 ioctl$TIPC_IOC_CONNECT_storage(fd fd_trusty_storage, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string[trusty_storage_ports]]) 363 write$trusty_storage(fd fd_trusty_storage, msg ptr[in, trusty_storage], len len[msg]) 364 365 trusty_storage_ports = "com.android.trusty.storage.proxy", "com.android.trusty.storage.client.td", "com.android.trusty.storage.client.tdea", "com.android.trusty.storage.client.tp" 366 367 trusty_storage [ 368 delete trusty_storage_msg[TRUSTY_STORAGE_FILE_DELETE, trusty_storage_file_delete_req] 369 open trusty_storage_msg[TRUSTY_STORAGE_FILE_OPEN, trusty_storage_file_open_req] 370 close trusty_storage_msg[TRUSTY_STORAGE_FILE_CLOSE, trusty_storage_file_close_req] 371 read trusty_storage_msg[TRUSTY_STORAGE_FILE_READ, trusty_storage_file_read_req] 372 write trusty_storage_msg[TRUSTY_STORAGE_FILE_WRITE, trusty_storage_file_write_req] 373 get_size trusty_storage_msg[TRUSTY_STORAGE_FILE_GET_SIZE, trusty_storage_file_get_size_req] 374 set_size trusty_storage_msg[TRUSTY_STORAGE_FILE_SET_SIZE, trusty_storage_file_set_size_req] 375 rpmb trusty_storage_msg[TRUSTY_STORAGE_RPMB_SEND, trusty_storage_rpmb_send_req] 376 end_trans trusty_storage_msg[TRUSTY_STORAGE_END_TRANSACTION, void] 377 move trusty_storage_msg[TRUSTY_STORAGE_FILE_MOVE, trusty_storage_file_move_req] 378 list trusty_storage_msg[TRUSTY_STORAGE_FILE_LIST, trusty_storage_file_list_req] 379 ] [varlen] 380 381 type trusty_storage_msg[CMD, PAYLOAD] { 382 cmd const[CMD, int32] 383 op_id int32[0:4] 384 flags int32[0:7] 385 size bytesize[parent, int32] 386 # TODO: this is only output, right? 387 result const[0, int32] 388 __reserved const[0, int32] 389 payload PAYLOAD 390 } 391 392 define TRUSTY_STORAGE_FILE_DELETE 1 << 1 393 define TRUSTY_STORAGE_FILE_OPEN 2 << 1 394 define TRUSTY_STORAGE_FILE_CLOSE 3 << 1 395 define TRUSTY_STORAGE_FILE_READ 4 << 1 396 define TRUSTY_STORAGE_FILE_WRITE 5 << 1 397 define TRUSTY_STORAGE_FILE_GET_SIZE 6 << 1 398 define TRUSTY_STORAGE_FILE_SET_SIZE 7 << 1 399 define TRUSTY_STORAGE_RPMB_SEND 8 << 1 400 define TRUSTY_STORAGE_END_TRANSACTION 9 << 1 401 define TRUSTY_STORAGE_FILE_MOVE 10 << 1 402 define TRUSTY_STORAGE_FILE_LIST 11 << 1 403 404 # Server returns handles in responses to requests, we don't parse them, so we just use int32 for now. 405 type trusty_storage_handle int32[0:4] 406 407 trusty_storage_file_delete_req { 408 flags const[0, int32] 409 name stringnoz 410 } 411 412 trusty_storage_file_move_req { 413 flags int32[0:7] 414 handle trusty_storage_handle 415 old_name_len bytesize[old_new_name, int32] 416 old_new_name stringnoz 417 new_new_name stringnoz 418 } [packed] 419 420 trusty_storage_file_open_req { 421 flags int32[0:7] 422 name stringnoz 423 } 424 425 trusty_storage_file_close_req { 426 handle trusty_storage_handle 427 } 428 429 trusty_storage_file_read_req { 430 handle trusty_storage_handle 431 size int32 432 offset int64 433 } 434 435 trusty_storage_file_write_req { 436 offset int64 437 handle trusty_storage_handle 438 __reserved const[0, int32] 439 data array[int8] 440 } 441 442 trusty_storage_file_list_req { 443 max_count int8 444 flags int8[0:7] 445 name stringnoz 446 } 447 448 trusty_storage_file_get_size_req { 449 handle trusty_storage_handle 450 } 451 452 trusty_storage_file_set_size_req { 453 size int64 454 handle trusty_storage_handle 455 } 456 457 trusty_storage_rpmb_send_req { 458 reliable_write_size bytesize[reliable_write, int32] 459 write_size bytesize[write, int32] 460 read_size int32[0:4096, 512] 461 __reserved const[0, int32] 462 reliable_write array[array[const[0, int8], 512]] 463 write array[array[const[0, int8], 512]] 464 } [packed] 465 466 ### hwkey ### 467 468 resource fd_trusty_hwkey[fd_trusty] 469 470 openat$trusty_hwkey(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_hwkey 471 ioctl$TIPC_IOC_CONNECT_hwkey(fd fd_trusty_hwkey, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string["com.android.trusty.hwkey"]]) 472 write$trusty_hwkey(fd fd_trusty_hwkey, msg ptr[in, trusty_hwkey], len len[msg]) 473 474 trusty_hwkey [ 475 get trusty_hwkey_msg[TRUSTY_HWKEY_GET_KEYSLOT, stringnoz] 476 derive trusty_hwkey_msg[TRUSTY_HWKEY_DERIVE, stringnoz] 477 ] [varlen] 478 479 type trusty_hwkey_msg[CMD, PAYLOAD] { 480 cmd const[CMD, int32] 481 op_id int32[0:4] 482 status const[0, int32] 483 arg1 const[0, int32] 484 arg2 const[0, int32] 485 payload PAYLOAD 486 } 487 488 define TRUSTY_HWKEY_GET_KEYSLOT 0 << 1 489 define TRUSTY_HWKEY_DERIVE 1 << 1 490 491 ### hwrng ### 492 493 resource fd_trusty_hwrng[fd_trusty] 494 495 openat$trusty_hwrng(fd const[AT_FDCWD], file ptr[in, string["/dev/trusty-ipc-dev0"]], flags flags[trusty_open_flags], mode const[0]) fd_trusty_hwrng 496 ioctl$TIPC_IOC_CONNECT_hwrng(fd fd_trusty_hwrng, cmd const[TIPC_IOC_CONNECT], arg ptr[in, string["com.android.trusty.hwrng"]]) 497 write$trusty_hwrng(fd fd_trusty_hwrng, msg ptr[in, int32], len len[msg])