[apple/xnu.git] / iokit / Kernel / i386 / IOKeyStoreHelper.cpp

/*
 * Copyright (c) 2010 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#include <sys/cdefs.h>
#include <stdbool.h>

#include <IOKit/assert.h>
#include <IOKit/system.h>
#include <IOKit/IOLib.h>
#include <IOKit/IOMemoryDescriptor.h>
#include <IOKit/IOKitDebug.h>

__BEGIN_DECLS

#include <pexpert/pexpert.h>

static volatile UInt32 alreadyFetched = 0;
static IOMemoryDescriptor * newData;

IOMemoryDescriptor *
IOGetBootKeyStoreData(void);
void
IOSetKeyStoreData(IOMemoryDescriptor * data);

// APFS
static volatile UInt32 apfsKeyFetched = 0;
static IOMemoryDescriptor* apfsKeyData = NULL;

IOMemoryDescriptor* IOGetAPFSKeyStoreData();
void IOSetAPFSKeyStoreData(IOMemoryDescriptor* data);

static volatile UInt32 ARVRootHashFetched = 0;
static volatile UInt32 bsARVRootHashFetched = 0;

IOMemoryDescriptor* IOGetARVRootHashData(void);
IOMemoryDescriptor* IOGetBaseSystemARVRootHashData(void);

bool IOBaseSystemARVRootHashAvailable(void);

static volatile UInt32 ARVManifestFetched = 0;
static volatile UInt32 bsARVManifestFetched = 0;

IOMemoryDescriptor* IOGetARVManifestData(void);
IOMemoryDescriptor* IOGetBaseSystemARVManifestData(void);

__END_DECLS

#if 1
#define DEBG(fmt, args...)      { kprintf(fmt, ## args); }
#else
#define DEBG(fmt, args...)      {}
#endif

void
IOSetKeyStoreData(IOMemoryDescriptor * data)
{
	newData = data;
	alreadyFetched = 0;
}

IOMemoryDescriptor *
IOGetBootKeyStoreData(void)
{
	IOMemoryDescriptor *memoryDescriptor;
	boot_args *args = (boot_args *)PE_state.bootArgs;
	IOOptionBits options;
	IOAddressRange ranges;

	if (!OSCompareAndSwap(0, 1, &alreadyFetched)) {
		return NULL;
	}

	if (newData) {
		IOMemoryDescriptor * data = newData;
		newData = NULL;
		return data;
	}

	DEBG("%s: data at address %u size %u\n", __func__,
	    args->keyStoreDataStart,
	    args->keyStoreDataSize);

	if (args->keyStoreDataStart == 0) {
		return NULL;
	}

	ranges.address = args->keyStoreDataStart;
	ranges.length = args->keyStoreDataSize;

	options = kIODirectionInOut | kIOMemoryTypePhysical64 | kIOMemoryMapperNone;

	memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges,
	    1,
	    0,
	    NULL,
	    options);

	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);

	return memoryDescriptor;
}

// APFS volume key fetcher

// Store in-memory key (could be used by IOHibernateDone)
void
IOSetAPFSKeyStoreData(IOMemoryDescriptor* data)
{
	// Do not allow re-fetching of the boot_args key by passing NULL here.
	if (data != NULL) {
		apfsKeyData = data;
		apfsKeyFetched = 0;
	}
}

// Retrieve any key we may have (stored in boot_args or by Hibernate)
IOMemoryDescriptor*
IOGetAPFSKeyStoreData()
{
	// Check if someone got the key before us
	if (!OSCompareAndSwap(0, 1, &apfsKeyFetched)) {
		return NULL;
	}

	// Do we have in-memory key?
	if (apfsKeyData) {
		IOMemoryDescriptor* data = apfsKeyData;
		apfsKeyData = NULL;
		return data;
	}

	// Looks like there was no in-memory key and it's the first call - try boot_args
	boot_args* args = (boot_args*)PE_state.bootArgs;

	DEBG("%s: data at address %u size %u\n", __func__, args->apfsDataStart, args->apfsDataSize);
	if (args->apfsDataStart == 0) {
		return NULL;
	}

	// We have the key in the boot_args, create IOMemoryDescriptor for the blob
	IOAddressRange ranges;
	ranges.address = args->apfsDataStart;
	ranges.length = args->apfsDataSize;

	const IOOptionBits options = kIODirectionInOut | kIOMemoryTypePhysical64 | kIOMemoryMapperNone;

	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	return memoryDescriptor;
}

// ARV Root Hash fetcher

// Retrieve any root hash we may have (stored in boot_args)
IOMemoryDescriptor*
IOGetARVRootHashData(void)
{
	// Check if someone got the root hash before us
	if (!OSCompareAndSwap(0, 1, &ARVRootHashFetched)) {
		return NULL;
	}

	boot_args* args = (boot_args*)PE_state.bootArgs;

	DEBG("%s: data at address %llu size %llu\n", __func__, args->arvRootHashStart, args->arvRootHashSize);
	if (args->arvRootHashStart == 0) {
		return NULL;
	}

	// We have the root hash in the boot_args, create IOMemoryDescriptor for the blob
	IOAddressRange ranges;
	ranges.address = args->arvRootHashStart;
	ranges.length = args->arvRootHashSize;

	const IOOptionBits options = kIODirectionInOut | kIOMemoryTypePhysical64 | kIOMemoryMapperNone;

	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	return memoryDescriptor;
}

// Base System Analogue

IOMemoryDescriptor*
IOGetBaseSystemARVRootHashData(void)
{
	// Check if someone got the base system root hash before us
	if (!OSCompareAndSwap(0, 1, &bsARVRootHashFetched)) {
		return NULL;
	}

	boot_args* args = (boot_args*)PE_state.bootArgs;

	DEBG("%s: data at address %llu size %llu\n", __func__, args->bsARVRootHashStart, args->bsARVRootHashSize);
	if (args->bsARVRootHashStart == 0) {
		return NULL;
	}

	// We have the base system root hash in the boot_args, create IOMemoryDescriptor for the blob
	IOAddressRange ranges;
	ranges.address = args->bsARVRootHashStart;
	ranges.length = args->bsARVRootHashSize;

	const IOOptionBits options = kIODirectionInOut | kIOMemoryTypePhysical64 | kIOMemoryMapperNone;

	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	return memoryDescriptor;
}

bool
IOBaseSystemARVRootHashAvailable(void)
{
	boot_args* args = (boot_args*)PE_state.bootArgs;

	if (args->bsARVRootHashStart == 0 || args->bsARVRootHashSize == 0) {
		return false;
	}

	if (args->bsARVManifestStart == 0 || args->bsARVManifestSize == 0) {
		return false;
	}

	return true;
}

// ARV Manifest fetcher

// Retrieve any manifest we may have (stored in boot_args)
IOMemoryDescriptor*
IOGetARVManifestData(void)
{
	// Check if someone got the manifest before us
	if (!OSCompareAndSwap(0, 1, &ARVManifestFetched)) {
		return NULL;
	}

	boot_args* args = (boot_args*)PE_state.bootArgs;

	DEBG("%s: data at address %llu size %llu\n", __func__, args->arvManifestStart, args->arvManifestSize);
	if (args->arvManifestStart == 0) {
		return NULL;
	}

	// We have the manifest in the boot_args, create IOMemoryDescriptor for the blob
	IOAddressRange ranges;
	ranges.address = args->arvManifestStart;
	ranges.length = args->arvManifestSize;

	const IOOptionBits options = kIODirectionInOut | kIOMemoryTypePhysical64 | kIOMemoryMapperNone;

	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	return memoryDescriptor;
}

// Base System Analogue

IOMemoryDescriptor*
IOGetBaseSystemARVManifestData(void)
{
	// Check if someone got the base system manifest before us
	if (!OSCompareAndSwap(0, 1, &bsARVManifestFetched)) {
		return NULL;
	}

	boot_args* args = (boot_args*)PE_state.bootArgs;

	DEBG("%s: data at address %llu size %llu\n", __func__, args->bsARVManifestStart, args->bsARVManifestSize);
	if (args->bsARVManifestStart == 0) {
		return NULL;
	}

	// We have the manifest in the boot_args, create IOMemoryDescriptor for the blob
	IOAddressRange ranges;
	ranges.address = args->bsARVManifestStart;
	ranges.length = args->bsARVManifestSize;

	const IOOptionBits options = kIODirectionInOut | kIOMemoryTypePhysical64 | kIOMemoryMapperNone;

	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	return memoryDescriptor;
}
Commit	Line	Data
6d2010ae A	1	/*
	2	* Copyright (c) 2010 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
0a7de745	5	*
6d2010ae A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
0a7de745	14	*
6d2010ae A	15	* Please obtain a copy of the License at
6d2010ae A	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
0a7de745	17	*
6d2010ae A	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
0a7de745	25	*
6d2010ae A	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#include <sys/cdefs.h>
	30	#include <stdbool.h>
	31
	32	#include <IOKit/assert.h>
	33	#include <IOKit/system.h>
	34	#include <IOKit/IOLib.h>
	35	#include <IOKit/IOMemoryDescriptor.h>
	36	#include <IOKit/IOKitDebug.h>
	37
	38	__BEGIN_DECLS
	39
	40	#include <pexpert/pexpert.h>
	41
	42	static volatile UInt32 alreadyFetched = 0;
	43	static IOMemoryDescriptor * newData;
	44
	45	IOMemoryDescriptor *
	46	IOGetBootKeyStoreData(void);
	47	void
	48	IOSetKeyStoreData(IOMemoryDescriptor * data);
	49
5ba3f43e A	50	// APFS
	51	static volatile UInt32 apfsKeyFetched = 0;
	52	static IOMemoryDescriptor* apfsKeyData = NULL;
	53
	54	IOMemoryDescriptor* IOGetAPFSKeyStoreData();
	55	void IOSetAPFSKeyStoreData(IOMemoryDescriptor* data);
	56
c3c9b80d	57	static volatile UInt32 ARVRootHashFetched = 0;
f427ee49	58	static volatile UInt32 bsARVRootHashFetched = 0;
f427ee49 A	59
f427ee49 A	60	IOMemoryDescriptor* IOGetARVRootHashData(void);
f427ee49	61	IOMemoryDescriptor* IOGetBaseSystemARVRootHashData(void);
f427ee49	62
c3c9b80d	63	bool IOBaseSystemARVRootHashAvailable(void);
f427ee49	64
c3c9b80d A	65	static volatile UInt32 ARVManifestFetched = 0;
c3c9b80d A	66	static volatile UInt32 bsARVManifestFetched = 0;
f427ee49 A	67
f427ee49 A	68	IOMemoryDescriptor* IOGetARVManifestData(void);
c3c9b80d	69	IOMemoryDescriptor* IOGetBaseSystemARVManifestData(void);
f427ee49	70
6d2010ae A	71	__END_DECLS
	72
	73	#if 1
0a7de745	74	#define DEBG(fmt, args...) { kprintf(fmt, ## args); }
6d2010ae	75	#else
0a7de745	76	#define DEBG(fmt, args...) {}
6d2010ae A	77	#endif
	78
	79	void
	80	IOSetKeyStoreData(IOMemoryDescriptor * data)
	81	{
0a7de745 A	82	newData = data;
0a7de745 A	83	alreadyFetched = 0;
6d2010ae A	84	}
	85
	86	IOMemoryDescriptor *
	87	IOGetBootKeyStoreData(void)
	88	{
0a7de745 A	89	IOMemoryDescriptor *memoryDescriptor;
	90	boot_args args = (boot_args )PE_state.bootArgs;
	91	IOOptionBits options;
	92	IOAddressRange ranges;
	93
	94	if (!OSCompareAndSwap(0, 1, &alreadyFetched)) {
	95	return NULL;
	96	}
	97
	98	if (newData) {
	99	IOMemoryDescriptor * data = newData;
	100	newData = NULL;
	101	return data;
	102	}
	103
	104	DEBG("%s: data at address %u size %u\n", __func__,
	105	args->keyStoreDataStart,
	106	args->keyStoreDataSize);
	107
	108	if (args->keyStoreDataStart == 0) {
	109	return NULL;
	110	}
	111
	112	ranges.address = args->keyStoreDataStart;
	113	ranges.length = args->keyStoreDataSize;
	114
	115	options = kIODirectionInOut \| kIOMemoryTypePhysical64 \| kIOMemoryMapperNone;
	116
	117	memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges,
	118	1,
	119	0,
	120	NULL,
	121	options);
	122
	123	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	124
	125	return memoryDescriptor;
6d2010ae	126	}
5ba3f43e A	127
	128	// APFS volume key fetcher
	129
	130	// Store in-memory key (could be used by IOHibernateDone)
	131	void
	132	IOSetAPFSKeyStoreData(IOMemoryDescriptor* data)
	133	{
0a7de745 A	134	// Do not allow re-fetching of the boot_args key by passing NULL here.
	135	if (data != NULL) {
	136	apfsKeyData = data;
	137	apfsKeyFetched = 0;
	138	}
5ba3f43e A	139	}
	140
	141	// Retrieve any key we may have (stored in boot_args or by Hibernate)
	142	IOMemoryDescriptor*
	143	IOGetAPFSKeyStoreData()
	144	{
0a7de745 A	145	// Check if someone got the key before us
	146	if (!OSCompareAndSwap(0, 1, &apfsKeyFetched)) {
	147	return NULL;
	148	}
	149
	150	// Do we have in-memory key?
	151	if (apfsKeyData) {
	152	IOMemoryDescriptor* data = apfsKeyData;
	153	apfsKeyData = NULL;
	154	return data;
	155	}
	156
	157	// Looks like there was no in-memory key and it's the first call - try boot_args
	158	boot_args* args = (boot_args*)PE_state.bootArgs;
	159
	160	DEBG("%s: data at address %u size %u\n", __func__, args->apfsDataStart, args->apfsDataSize);
	161	if (args->apfsDataStart == 0) {
	162	return NULL;
	163	}
	164
	165	// We have the key in the boot_args, create IOMemoryDescriptor for the blob
	166	IOAddressRange ranges;
	167	ranges.address = args->apfsDataStart;
	168	ranges.length = args->apfsDataSize;
	169
	170	const IOOptionBits options = kIODirectionInOut \| kIOMemoryTypePhysical64 \| kIOMemoryMapperNone;
	171
	172	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	173	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	174	return memoryDescriptor;
5ba3f43e	175	}
f427ee49 A	176
	177	// ARV Root Hash fetcher
	178
c3c9b80d	179	// Retrieve any root hash we may have (stored in boot_args)
f427ee49 A	180	IOMemoryDescriptor*
	181	IOGetARVRootHashData(void)
	182	{
	183	// Check if someone got the root hash before us
c3c9b80d	184	if (!OSCompareAndSwap(0, 1, &ARVRootHashFetched)) {
f427ee49 A	185	return NULL;
	186	}
	187
f427ee49 A	188	boot_args* args = (boot_args*)PE_state.bootArgs;
	189
	190	DEBG("%s: data at address %llu size %llu\n", __func__, args->arvRootHashStart, args->arvRootHashSize);
	191	if (args->arvRootHashStart == 0) {
	192	return NULL;
	193	}
	194
	195	// We have the root hash in the boot_args, create IOMemoryDescriptor for the blob
	196	IOAddressRange ranges;
	197	ranges.address = args->arvRootHashStart;
	198	ranges.length = args->arvRootHashSize;
	199
	200	const IOOptionBits options = kIODirectionInOut \| kIOMemoryTypePhysical64 \| kIOMemoryMapperNone;
	201
	202	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	203	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	204	return memoryDescriptor;
	205	}
	206
c3c9b80d	207	// Base System Analogue
f427ee49 A	208
	209	IOMemoryDescriptor*
	210	IOGetBaseSystemARVRootHashData(void)
	211	{
c3c9b80d A	212	// Check if someone got the base system root hash before us
	213	if (!OSCompareAndSwap(0, 1, &bsARVRootHashFetched)) {
	214	return NULL;
	215	}
	216
	217	boot_args* args = (boot_args*)PE_state.bootArgs;
	218
	219	DEBG("%s: data at address %llu size %llu\n", __func__, args->bsARVRootHashStart, args->bsARVRootHashSize);
	220	if (args->bsARVRootHashStart == 0) {
	221	return NULL;
	222	}
	223
	224	// We have the base system root hash in the boot_args, create IOMemoryDescriptor for the blob
	225	IOAddressRange ranges;
	226	ranges.address = args->bsARVRootHashStart;
	227	ranges.length = args->bsARVRootHashSize;
	228
	229	const IOOptionBits options = kIODirectionInOut \| kIOMemoryTypePhysical64 \| kIOMemoryMapperNone;
	230
	231	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	232	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	233	return memoryDescriptor;
f427ee49 A	234	}
	235
	236	bool
	237	IOBaseSystemARVRootHashAvailable(void)
	238	{
c3c9b80d A	239	boot_args* args = (boot_args*)PE_state.bootArgs;
	240
	241	if (args->bsARVRootHashStart == 0 \|\| args->bsARVRootHashSize == 0) {
f427ee49 A	242	return false;
	243	}
	244
c3c9b80d A	245	if (args->bsARVManifestStart == 0 \|\| args->bsARVManifestSize == 0) {
c3c9b80d A	246	return false;
f427ee49	247	}
f427ee49	248
c3c9b80d	249	return true;
f427ee49 A	250	}
f427ee49 A	251
f427ee49 A	252	// ARV Manifest fetcher
f427ee49 A	253
c3c9b80d	254	// Retrieve any manifest we may have (stored in boot_args)
f427ee49 A	255	IOMemoryDescriptor*
	256	IOGetARVManifestData(void)
	257	{
	258	// Check if someone got the manifest before us
c3c9b80d	259	if (!OSCompareAndSwap(0, 1, &ARVManifestFetched)) {
f427ee49 A	260	return NULL;
	261	}
	262
f427ee49 A	263	boot_args* args = (boot_args*)PE_state.bootArgs;
	264
	265	DEBG("%s: data at address %llu size %llu\n", __func__, args->arvManifestStart, args->arvManifestSize);
	266	if (args->arvManifestStart == 0) {
	267	return NULL;
	268	}
	269
	270	// We have the manifest in the boot_args, create IOMemoryDescriptor for the blob
	271	IOAddressRange ranges;
	272	ranges.address = args->arvManifestStart;
	273	ranges.length = args->arvManifestSize;
	274
	275	const IOOptionBits options = kIODirectionInOut \| kIOMemoryTypePhysical64 \| kIOMemoryMapperNone;
	276
	277	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	278	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	279	return memoryDescriptor;
	280	}
c3c9b80d A	281
	282	// Base System Analogue
	283
	284	IOMemoryDescriptor*
	285	IOGetBaseSystemARVManifestData(void)
	286	{
	287	// Check if someone got the base system manifest before us
	288	if (!OSCompareAndSwap(0, 1, &bsARVManifestFetched)) {
	289	return NULL;
	290	}
	291
	292	boot_args* args = (boot_args*)PE_state.bootArgs;
	293
	294	DEBG("%s: data at address %llu size %llu\n", __func__, args->bsARVManifestStart, args->bsARVManifestSize);
	295	if (args->bsARVManifestStart == 0) {
	296	return NULL;
	297	}
	298
	299	// We have the manifest in the boot_args, create IOMemoryDescriptor for the blob
	300	IOAddressRange ranges;
	301	ranges.address = args->bsARVManifestStart;
	302	ranges.length = args->bsARVManifestSize;
	303
	304	const IOOptionBits options = kIODirectionInOut \| kIOMemoryTypePhysical64 \| kIOMemoryMapperNone;
	305
	306	IOMemoryDescriptor* memoryDescriptor = IOMemoryDescriptor::withOptions(&ranges, 1, 0, NULL, options);
	307	DEBG("%s: memory descriptor %p\n", __func__, memoryDescriptor);
	308	return memoryDescriptor;
	309	}