tee-supplicant: Support multiple ta load paths

chao-amazon · chao-amazon · commit 76dde66ce903 · 2022-06-15T16:56:02.000-07:00
CFG_TEE_CLIENT_LOAD_PATH can have multiple paths separated by :
diff --git a/config.mk b/config.mk
@@ -31,6 +31,8 @@ CFG_TEE_CLIENT_LOG_FILE ?= $(CFG_TEE_FS_PARENT_PATH)/teec.log
 
 # CFG_TEE_CLIENT_LOAD_PATH
 #   The location of the client library file.
+#   Suport multiple ta load path
+#   CFG_TEE_CLIENT_LOAD_PATH ?= /lib:/vendor/lib
 CFG_TEE_CLIENT_LOAD_PATH ?= /lib
 
 # CFG_TEE_SUPP_PLUGINS
diff --git a/tee-supplicant/src/tee_supplicant.c b/tee-supplicant/src/tee_supplicant.c
@@ -67,6 +67,9 @@
 #define RPC_BUF_SIZE	(sizeof(struct tee_iocl_supp_send_arg) + \
 			 RPC_NUM_PARAMS * sizeof(struct tee_ioctl_param))
 
+char *ta_prefix[MAX_TA_PREFIX] = {0};
+int num_ta_prefix = 0;
+
 union tee_rpc_invoke {
 	uint64_t buf[(RPC_BUF_SIZE - 1) / sizeof(uint64_t) + 1];
 	struct tee_iocl_supp_recv_arg recv;
@@ -701,6 +704,9 @@ int main(int argc, char *argv[])
 	int e = 0;
 	int long_index = 0;
 	int opt = 0;
+	char *test_ta_prefix_multipath = NULL;
+	char *ta_prefix_multipath = NULL;
+	char *temp;
 
 	e = pthread_mutex_init(&arg.mutex, NULL);
 	if (e) {
@@ -762,30 +768,64 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+#ifdef TEEC_TEST_LOAD_PATH
+	test_ta_prefix_multipath = strdup(TEEC_TEST_LOAD_PATH);
+	if (!test_ta_prefix) {
+		EMSG("out of memory");
+		goto exit;
+	}
+	while ((temp = strsep(&test_ta_prefix_multipath, ":")) != NULL) {
+		if (num_ta_prefix < MAX_TA_PREFIX) {
+			ta_prefix[num_ta_prefix++] = temp;
+		}
+		else {
+			EMSG("Too many ta load paths");
+			goto exit;
+		}
+	}
+#endif
+	ta_prefix_multipath = strdup(TEEC_LOAD_PATH);
+	if (!ta_prefix_multipath) {
+		EMSG("out of memory");
+		goto exit;
+	}
+	while ((temp = strsep(&ta_prefix_multipath, ":")) != NULL) {
+		if (num_ta_prefix < MAX_TA_PREFIX) {
+			ta_prefix[num_ta_prefix++] = temp;
+		}
+		else {
+			EMSG("Too many ta load paths");
+			goto exit;
+		}
+	}
+
 	if (dev) {
 		arg.fd = open_dev(dev, &arg.gen_caps);
 		if (arg.fd < 0) {
 			EMSG("failed to open \"%s\"", argv[1]);
-			exit(EXIT_FAILURE);
+			goto exit;
 		}
 	} else {
 		arg.fd = get_dev_fd(&arg.gen_caps);
 		if (arg.fd < 0) {
 			EMSG("failed to find an OP-TEE supplicant device");
-			exit(EXIT_FAILURE);
+			goto exit;
 		}
 	}
 
 	if (plugin_load_all() != 0) {
 		EMSG("failed to load plugins");
-		exit(EXIT_FAILURE);
+		goto exit;
 	}
 
 	while (!arg.abort) {
 		if (!process_one_request(&arg))
 			arg.abort = true;
 	}
 
+exit:
+	free(test_ta_prefix_multipath);
+	free(ta_prefix_multipath);
 	close(arg.fd);
 
 	return EXIT_FAILURE;
diff --git a/tee-supplicant/src/teec_ta_load.c b/tee-supplicant/src/teec_ta_load.c
@@ -176,15 +176,13 @@ int TEECI_LoadSecureModule(const char* dev_path,
 			   const TEEC_UUID *destination, void *ta,
 			   size_t *ta_size)
 {
-#ifdef TEEC_TEST_LOAD_PATH
-	int res = 0;
+	int res = TA_BINARY_NOT_FOUND;
 
-	res = try_load_secure_module(TEEC_TEST_LOAD_PATH,
-				     dev_path, destination, ta, ta_size);
-	if (res != TA_BINARY_NOT_FOUND)
-		return res;
-#endif
-
-	return try_load_secure_module(TEEC_LOAD_PATH,
-				      dev_path, destination, ta, ta_size);
+	for (int i = 0; i < num_ta_prefix; i++) {
+		res = try_load_secure_module(ta_prefix[i],
+				dev_path, destination, ta, ta_size);
+		if (res == TA_BINARY_FOUND)
+			break;
+	}
+	return res;
 }
diff --git a/tee-supplicant/src/teec_ta_load.h b/tee-supplicant/src/teec_ta_load.h
@@ -31,6 +31,11 @@
 #define TA_BINARY_FOUND 0
 #define TA_BINARY_NOT_FOUND -1
 
+/* support multiple TA load path */
+#define MAX_TA_PREFIX 8
+extern char *ta_prefix[MAX_TA_PREFIX];
+extern int num_ta_prefix;
+
 /**
  * Based on the uuid this function will try to find a TA-binary on the
  * filesystem and return it back to the caller in the parameter ta.
