Security: tf_daemon: Update to 1.06e1

The user-space SMC Daemon is takes care in particular of the effective
storage of the SMC secure storage within the device file system. The files
in which the SMC persistent data are stored are defined in the
Normal-World Configuration File.

All the security properties such as confidentiality, integrity, atomicity,
anti-rollback and bounding to the device are managed at the SMC PA level.

(cherry picked from commit c08b0dc330e67f33fa0a8fb9c62f38b07a9103c9)

Change-Id: I62714c8bb3b43ef2897a4b0efd49f88700a1ce55
Signed-off-by: Bryan Buckley <bryan.buckley@ti.com>

7 files changed, 422 insertions, 26 deletions

diff --git a/security/tf_daemon/Android.mk b/security/tf_daemon/Android.mk
index 02ff35e..d996d81 100644
--- a/security/tf_daemon/Android.mk
+++ b/security/tf_daemon/Android.mk
@@ -17,6 +17,8 @@ LOCAL_SRC_FILES := \
 	smc_properties_parser.c \
 	lib_manifest2.c
 
+LOCAL_LDFLAGS += -llog
+
 LOCAL_CFLAGS += -DLINUX
 LOCAL_CFLAGS += -D__ANDROID32__
 LOCAL_CFLAGS += -DSUPPORT_DELEGATION_EXTENSION
diff --git a/security/tf_daemon/delegation_client.c b/security/tf_daemon/delegation_client.c
index 54ee112..a2bff0b 100644
--- a/security/tf_daemon/delegation_client.c
+++ b/security/tf_daemon/delegation_client.c
@@ -28,7 +28,7 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#if defined(__ANDROID32__)
+#if defined(ANDROID)
 #include <stddef.h>
 #endif
 #include <stdio.h>
@@ -43,12 +43,12 @@
 #include <sys/types.h>
 #include <fcntl.h>
 
-#if defined(LINUX) || defined(__ANDROID32__)
+#if defined(LINUX) || defined(ANDROID)
 #include <unistd.h>
 #include <sys/resource.h>
 
 
-#if defined(__ANDROID32__)
+#if defined(ANDROID)
 /* fdatasync does not exist on Android */
 #define fdatasync fsync
 #else
@@ -58,14 +58,14 @@
  * in some distributions
  */
 int fdatasync(int fd);
-#endif /* __ANDROID32__ */
+#endif /* ANDROID */
 #include <syslog.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <pthread.h>
 #include <semaphore.h>
 #define PATH_SEPARATOR '/'
-#endif /* LINUX || __ANDROID32__ */
+#endif /* LINUX || ANDROID */
 
 #ifdef WIN32
 #include <windows.h>
@@ -97,6 +97,10 @@ int fdatasync(int fd);
 #include "delegation_client_extension.h"
 #endif
 
+#ifdef TFSW_FDM_ANDROID
+#include <android/log.h>
+#endif
+
 /*----------------------------------------------------------------------------
  * Design notes
  * ============
@@ -109,7 +113,7 @@ int fdatasync(int fd);
 /*----------------------------------------------------------------------------
  * Defines and structures
  *----------------------------------------------------------------------------*/
-#define ECHANGE_BUFFER_INSTRUCTIONS_NB 100
+#define ECHANGE_BUFFER_INSTRUCTIONS_NB 1000
 
 #define DEFAULT_WORKSPACE_SIZE (128*1024)
 
@@ -124,6 +128,21 @@ typedef struct
    uint8_t                        sWorkspace[1/*g_nWorkspaceSize*/];
 } DELEGATION_EXCHANGE_BUFFER;
 
+#ifdef SUPPORT_RPMB_PARTITION
+typedef struct
+{
+   uint8_t pDummy[196];
+   uint8_t pMAC[32];
+   uint8_t pData[256];
+   uint8_t pNonce[16];
+   uint32_t nMC;
+   uint16_t nAddr;
+   uint16_t nBlockCount;
+   uint16_t nResult;
+   uint16_t nReqOrResp;
+} DELEGATION_RPMB_MESSAGE;
+#endif
+
 #define MD_VAR_NOT_USED(variable)  do{(void)(variable);}while(0);
 
 #define MD_INLINE __inline
@@ -141,7 +160,7 @@ typedef struct
    in release builds whereas logs are visible to the customer.
 
    -----------------------------------------------*/
-#if defined(LINUX) || (defined __ANDROID32__)
+#if defined(LINUX) || (defined ANDROID)
 
 static bool bDetached = false;
 
@@ -155,9 +174,13 @@ static MD_INLINE void LogError(const char* format, ...)
    }
    else
    {
+#ifdef TFSW_FDM_ANDROID
+	   __android_log_vprint(ANDROID_LOG_ERROR   , "TF Daemon", format, ap);
+#else
       fprintf(stderr, "ERROR: ");
       vfprintf(stderr, format, ap);
       fprintf(stderr, "\n");
+#endif
    }
    va_end(ap);
 }
@@ -172,9 +195,13 @@ static MD_INLINE void LogWarning(const char* format, ...)
    }
    else
    {
+#ifdef TFSW_FDM_ANDROID
+	   __android_log_vprint(ANDROID_LOG_WARN   , "TF Daemon", format, ap);
+#else
       fprintf(stderr, "WARNING: ");
       vfprintf(stderr, format, ap);
       fprintf(stderr, "\n");
+#endif
    }
    va_end(ap);
 }
@@ -188,8 +215,12 @@ static MD_INLINE void LogInfo(const char* format, ...)
    }
    else
    {
+#ifdef TFSW_FDM_ANDROID
+	   __android_log_vprint(ANDROID_LOG_INFO   , "TF Daemon", format, ap);
+#else
       vfprintf(stderr, format, ap);
       fprintf(stderr, "\n");
+#endif
    }
    va_end(ap);
 }
@@ -205,9 +236,13 @@ static MD_INLINE void TRACE_ERROR(const char* format, ...)
    }
    else
    {
+#ifdef TFSW_FDM_ANDROID
+	   __android_log_vprint(ANDROID_LOG_ERROR   , "TF Daemon", format, ap);
+#else
       fprintf(stderr, "TRACE: ERROR: ");
       vfprintf(stderr, format, ap);
       fprintf(stderr, "\n");
+#endif
    }
    va_end(ap);
 #else
@@ -226,9 +261,13 @@ static MD_INLINE void TRACE_WARNING(const char* format, ...)
    }
    else
    {
+#ifdef TFSW_FDM_ANDROID
+	   __android_log_vprint(ANDROID_LOG_WARN   , "TF Daemon", format, ap);
+#else
       fprintf(stderr, "TRACE: WARNING: ");
       vfprintf(stderr, format, ap);
       fprintf(stderr, "\n");
+#endif
    }
    va_end(ap);
 #else
@@ -247,9 +286,13 @@ static MD_INLINE void TRACE_INFO(const char* format, ...)
    }
    else
    {
+#ifdef TFSW_FDM_ANDROID
+	   __android_log_vprint(ANDROID_LOG_INFO   , "TF Daemon", format, ap);
+#else
       fprintf(stderr, "TRACE: ");
       vfprintf(stderr, format, ap);
       fprintf(stderr, "\n");
+#endif
    }
    va_end(ap);
 #else
@@ -289,7 +332,7 @@ static MD_INLINE void TRACE_INFO(const char* format, ...)
 }
 
 #else
-/* !defined(LINUX) || !defined(__ANDROID32__) */
+/* !defined(LINUX) || !defined(ANDROID) */
 
 static MD_INLINE void LogError(const char* format, ...)
 {
@@ -359,7 +402,7 @@ static MD_INLINE void TRACE_INFO(const char* format, ...)
    MD_VAR_NOT_USED(format);
 #endif /* NDEBUG */
 }
-#endif /* defined(LINUX) || defined(__ANDROID32__) */
+#endif /* defined(LINUX) || defined(ANDROID) */
 
 /*----------------------------------------------------------------------------
  * Globals
@@ -483,7 +526,7 @@ int static_checkStorageDirAndAccessRights(char * directoryName)
    if (result == 0)
    {
       /* Storage dir exists. Check access rights */
-#if defined(LINUX) || (defined __ANDROID32__)
+#if defined(LINUX) || (defined ANDROID)
       if ((buf.st_mode & (S_IXUSR | S_IWUSR)) != (S_IXUSR | S_IWUSR))
       {
          LogError("storageDir '%s' does not have read-write access", directoryName);
@@ -529,7 +572,7 @@ static TEEC_Result partitionDestroy(uint32_t nPartitionID)
    }
 
    /* Try to erase the file */
-#if defined(LINUX) || (defined __ANDROID32__) || defined (__SYMBIAN32__)
+#if defined(LINUX) || (defined ANDROID) || defined (__SYMBIAN32__)
    if (unlink(g_pPartitionNames[nPartitionID]) != 0)
 #endif
 #ifdef WIN32
@@ -686,6 +729,46 @@ static TEEC_Result partitionRead(uint32_t nPartitionID, uint32_t nSectorIndex, u
    return S_SUCCESS;
 }
 
+#ifdef SUPPORT_RPMB_PARTITION
+static TEEC_Result rpmbRead(DELEGATION_RPMB_INSTRUCTION *pInstruction)
+{
+   DELEGATION_RPMB_MESSAGE* pMessages;
+   uint32_t nNbMsg, nIndex;
+
+   nNbMsg = g_nSectorSize >> 8;
+   pMessages = (DELEGATION_RPMB_MESSAGE*)malloc(nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE));
+   if (pMessages == NULL)
+   {
+      return S_ERROR_OUT_OF_MEMORY;
+   }
+   memset(pMessages,0,nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE));
+
+   for (nIndex=0;nIndex<nNbMsg;nIndex++)
+   {
+      memcpy(pMessages[nIndex].pNonce , pInstruction->pNonce, 16);
+      pMessages[nIndex].nAddr = pInstruction->nAddr;
+      pMessages[nIndex].nBlockCount = pInstruction->nBlockCount;
+      pMessages[nIndex].nReqOrResp = 0x0004;
+   }
+   memcpy(pMessages[nNbMsg-1].pMAC,pInstruction->nMAC,32);
+
+   /* TODO: send to the RPMB driver */
+
+   memcpy(pInstruction->pNonce,pMessages[0].pNonce , 16);
+   pInstruction->nAddr = pMessages[0].nAddr;
+   pInstruction->nBlockCount = pMessages[0].nBlockCount;
+   for (nIndex=0;nIndex<nNbMsg;nIndex++)
+   {
+      memcpy(g_pWorkspaceBuffer + pInstruction->nWorkspaceOffset[nIndex],pMessages[nIndex].pData,256);
+   }
+   memcpy(pInstruction->nMAC, pMessages[nNbMsg-1].pMAC,32);
+   pInstruction->nResult=pMessages[nNbMsg-1].nResult;
+
+   free(pMessages);
+
+   return S_SUCCESS;
+}
+#endif
 /**
  * This function executes the WRITE instruction.
  *
@@ -724,7 +807,42 @@ static TEEC_Result partitionWrite(uint32_t nPartitionID, uint32_t nSectorIndex,
    return S_SUCCESS;
 }
 
+#ifdef SUPPORT_RPMB_PARTITION
+static TEEC_Result rpmbWrite(DELEGATION_RPMB_INSTRUCTION *pInstruction)
+{
+   DELEGATION_RPMB_MESSAGE* pMessages;
+   uint32_t nNbMsg, nIndex;
 
+   nNbMsg = g_nSectorSize >> 8;
+   pMessages = (DELEGATION_RPMB_MESSAGE*)malloc(nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE));
+   if (pMessages == NULL)
+   {
+      return S_ERROR_OUT_OF_MEMORY;
+   }
+   memset(pMessages,0,nNbMsg * sizeof(DELEGATION_RPMB_MESSAGE));
+
+   for (nIndex=0;nIndex<nNbMsg;nIndex++)
+   {
+      memcpy(pMessages[nIndex].pData,g_pWorkspaceBuffer + pInstruction->nWorkspaceOffset[nIndex],256);
+      pMessages[nIndex].nMC = pInstruction->nMC;
+      pMessages[nIndex].nAddr = pInstruction->nAddr;
+      pMessages[nIndex].nBlockCount = pInstruction->nBlockCount;
+      pMessages[nIndex].nReqOrResp = 0x0003;
+   }
+   memcpy(pMessages[nNbMsg-1].pMAC,pInstruction->nMAC,32);
+
+   /* TODO: send to the RPMB driver */
+
+   pInstruction->nAddr = pMessages[0].nAddr;
+   pInstruction->nMC = pMessages[0].nMC;
+   memcpy(pInstruction->nMAC, pMessages[nNbMsg-1].pMAC,32);
+   pInstruction->nResult=pMessages[nNbMsg-1].nResult;
+
+   free(pMessages);
+
+   return S_SUCCESS;
+}
+#endif
 /**
  * This function executes the SET_SIZE instruction.
  *
@@ -774,7 +892,7 @@ static TEEC_Result partitionSetSize(uint32_t nPartitionID, uint32_t nNewSectorCo
    {
       int result = 0;
       /* Truncate the partition file */
-#if defined(LINUX) || (defined __ANDROID32__)
+#if defined(LINUX) || (defined ANDROID)
       result = ftruncate(fileno(pFile),nNewSectorCount * g_nSectorSize);
 #endif
 #if defined (__SYMBIAN32__)
@@ -819,7 +937,7 @@ static TEEC_Result partitionSync(uint32_t nPartitionID)
    }
    /* Then synchronize the file descriptor with the file-system */
 
-#if defined(LINUX) || (defined __ANDROID32__)
+#if defined(LINUX) || (defined ANDROID)
    result=fdatasync(fileno(pFile));
 #endif
 #if defined (__SYMBIAN32__)
@@ -1008,6 +1126,13 @@ static int runSession(TEEC_Context* pContext, TEEC_Session* pSession, TEEC_Opera
                {
                case DELEGATION_INSTRUCTION_PARTITION_CREATE:
                   nError = partitionCreate(nPartitionID);
+#ifdef SUPPORT_RPMB_PARTITION
+                  if (nPartitionID == RPMB_PARTITION_ID)
+                  {
+                     /* TODO: get the Write counter */
+                     pInstruction->sAuthRW.nMC = 0;
+                  }
+#endif
                   TRACE_INFO("INSTRUCTION: ID=0x%x pid=%d err=%d", (nInstructionID & 0x0F), nPartitionID, nError);
                   break;
                case DELEGATION_INSTRUCTION_PARTITION_OPEN:
@@ -1019,9 +1144,33 @@ static int runSession(TEEC_Context* pContext, TEEC_Session* pSession, TEEC_Opera
                      {
                         g_pExchangeBuffer->sAdministrativeData.nPartitionOpenSizes[nPartitionID] = nPartitionSize;
                      }
+#ifdef SUPPORT_RPMB_PARTITION
+                     if (nPartitionID == RPMB_PARTITION_ID)
+                     {
+                        /* TODO: get the Write counter */
+                        pInstruction->sAuthRW.nMC = 0;
+                     }
+#endif
                      break;
                   }
                case DELEGATION_INSTRUCTION_PARTITION_READ:
+#ifdef SUPPORT_RPMB_PARTITION
+                  if (nPartitionID == RPMB_PARTITION_ID)
+                  {
+                     if (nInstructionsIndex + sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t) <= nInstructionsBufferSize)
+                     {
+                        nInstructionsIndex+=sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t);
+                     }
+                     else
+                     {
+                        goto instruction_parse_end;
+                     }
+                     nError = rpmbRead(&pInstruction->sAuthRW);
+                     TRACE_INFO("INSTRUCTION: ID=0x%x pid=%d err=%d", (nInstructionID & 0x0F), nPartitionID, nError);
+                     break;
+                  }
+                  else
+#endif
                   {
                      /* Parse parameters */
                      uint32_t nSectorID;
@@ -1041,6 +1190,23 @@ static int runSession(TEEC_Context* pContext, TEEC_Session* pSession, TEEC_Opera
                      break;
                   }
                case DELEGATION_INSTRUCTION_PARTITION_WRITE:
+#ifdef SUPPORT_RPMB_PARTITION
+                  if (nPartitionID == RPMB_PARTITION_ID)
+                  {
+                     if (nInstructionsIndex + sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t) <= nInstructionsBufferSize)
+                     {
+                        nInstructionsIndex+=sizeof(DELEGATION_RPMB_INSTRUCTION)-sizeof(uint32_t);
+                     }
+                     else
+                     {
+                        goto instruction_parse_end;
+                     }
+                     nError = rpmbWrite(&pInstruction->sAuthRW);
+                     TRACE_INFO("INSTRUCTION: ID=0x%x pid=%d err=%d", (nInstructionID & 0x0F), nPartitionID, nError);
+                     break;
+                  }
+                  else
+#endif
                   {
                      /* Parse parameters */
                      uint32_t nSectorID;
@@ -1317,7 +1483,7 @@ int main(int argc, char* argv[])
     * Detach the daemon from the console
     */
 
-#if defined(LINUX) || (defined __ANDROID32__)
+#if defined(LINUX) || (defined ANDROID)
    {
       /*
        * Turns this application into a daemon => fork off parent process, setup logging, ...
diff --git a/security/tf_daemon/lib_uuid.h b/security/tf_daemon/lib_uuid.h
new file mode 100644
index 0000000..acec4a0
--- /dev/null
+++ b/security/tf_daemon/lib_uuid.h
@@ -0,0 +1,155 @@
+/**
+ * Copyright(c) 2011 Trusted Logic.   All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name Trusted Logic nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __LIB_UUID_H__
+#define __LIB_UUID_H__
+
+
+#include "s_type.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#if 0
+}  /* balance curly quotes */
+#endif
+
+/**
+ * LIB_UUID is deprecated use S_UUID instead.
+ * @deprecated
+ */
+typedef S_UUID LIB_UUID;
+/**
+ * LIB_UUID_STRING_SIZE is deprecated use UUID_STRING_SIZE instead.
+ * @deprecated
+ */
+#define LIB_UUID_STRING_SIZE  36
+
+/**
+ * Defines the UUID string size in characters
+ *
+ * E.g. "f81d4fae-7dec-11d0-a765-00a0c91e6bf6"
+ **/
+#define UUID_STRING_SIZE  36
+
+/**
+ * Converts the string representation of an UUID to the binary representation as
+ * a S_UUID type. The binary UUID structure must be provided by the caller.
+ *
+ * @param   pIdentifierString  The UTF-8 representation of the identifier. This
+ *          string does not need to be zero terminated. The decoder reads only
+ *          the {UUID_STRING_SIZE} first bytes.
+ *
+ * @param   pIdentifier  The identifer structure receiving the binary value of
+ *          the identifier.
+ *
+ * @return  TRUE in case of success, FALSE if the string does not conform to the
+ *          syntax of UUID as defined in RFC 4122
+ *          (http://www.ietf.org/rfc/rfc4122.txt)
+ **/
+bool libUUIDFromString(
+      IN  const uint8_t* pIdentifierString,
+      OUT S_UUID* pIdentifier);
+
+/**
+ * Converts the binary representation of an UUID to the string representation.
+ *
+ * @param   pIdentifier  The identifer structure with the binary value of the
+ *          identifier.
+ *
+ * @param   pIdentifierString  The buffer receiving the UTF-8 representation of
+ *          the identifier. This string is not zero terminated. The encoder
+ *          writes only the first {UUID_STRING_SIZE} bytes.
+ *
+ **/
+void libUUIDToString(
+      IN  const S_UUID* pIdentifier,
+      OUT uint8_t* pIdentifierString);
+
+/**
+ * Generates an UUID from the specified MD5 hash value, as specified in section
+ * 4.3, Algorithm for Creating a Name-Based UUID, of RFC 4122.
+ *
+ * This function assumes that the hash value is 128-bit long.
+ *
+ * @param pHashData A pointer to the first byte of the MD5 hash data. Only the
+ * first 16 bytes of this hash data will be used to generate the UUID.
+ *
+ * @param pIdentifier A pointer to the placeholder receiving the generated
+ * identifier.
+ **/
+void libUUIDFromMD5Hash(
+      IN  const uint8_t* pHashData,
+      OUT S_UUID* pIdentifier);
+
+/**
+ * Generates an UUID from the specified SHA-1 hash value, as specified in
+ * section 4.3, Algorithm for Creating a Name-Based UUID, of RFC 4122.
+ *
+ * This function assumes that the hash value is 128-bit long.
+ *
+ * @param pHashData A pointer to the first byte of the SHA-1 hash data. Only the
+ * first 16 bytes of this hash data will be used to generate the UUID.
+ *
+ * @param pIdentifier A pointer to the placeholder receiving the generated
+ * identifier.
+ **/
+void libUUIDFromSHA1Hash(
+      IN  const uint8_t* pHashData,
+      OUT S_UUID* pIdentifier);
+
+/**
+ * Checks if an identifier is the nil identifier as specified in RFC 4122.
+ *
+ * @param   pIdentifier  The identifier to check.
+ *
+ * @return  TRUE if the identifier is the nil identifier, FALSE otherwise.
+ **/
+bool libUUIDIsNil(
+      IN  const S_UUID* pIdentifier);
+
+/**
+ * Sets an identifier to the nil value as specified in RFC 4122.
+ *
+ * @param   pIdentifier  The identifier to set to nil.
+ **/
+void libUUIDSetToNil(
+      OUT S_UUID* pIdentifier);
+
+#if 0
+{  /* balance curly quotes */
+#endif
+#ifdef __cplusplus
+}  /* closes extern "C" */
+#endif
+
+
+#endif  /* !defined(__LIB_UUID_H__) */
diff --git a/security/tf_daemon/s_version.h b/security/tf_daemon/s_version.h
index d112ea0..dd43c6a 100644
--- a/security/tf_daemon/s_version.h
+++ b/security/tf_daemon/s_version.h
@@ -58,15 +58,15 @@
 /*
  * This version number must be updated for each new release
  */
-#define S_VERSION_MAIN  "01.04"
-#define S_VERSION_RESOURCE 1,4,0,S_VERSION_BUILD
+#define S_VERSION_MAIN  "01.06"
+#define S_VERSION_RESOURCE 1,6,0,S_VERSION_BUILD
 
 /*
 * If this is a patch or engineering version use the following
 * defines to set the version number. Else set these values to 0.
 */
-#define S_VERSION_PATCH 11
-#define S_VERSION_ENG 0
+#define S_VERSION_ENG 1
+#define S_VERSION_PATCH 0
 
 #ifdef S_VERSION_BUILD
 /* TRICK: detect if S_VERSION is defined but empty */
@@ -105,8 +105,8 @@
 	S_VERSION_OS \
 	S_VERSION_PLATFORM \
 	S_VERSION_MAIN \
-	_S_VERSION_PATCH \
 	_S_VERSION_ENG \
+	_S_VERSION_PATCH \
 	"."  __STRINGIFY2(S_VERSION_BUILD) " " \
 	S_VERSION_VARIANT
 
diff --git a/security/tf_daemon/service_delegation_protocol.h b/security/tf_daemon/service_delegation_protocol.h
index 22b291d..bf831f8 100644
--- a/security/tf_daemon/service_delegation_protocol.h
+++ b/security/tf_daemon/service_delegation_protocol.h
@@ -70,6 +70,10 @@
 #define DELEGATION_NOTIFY_TYPE_INFO                 0x000000E3
 #define DELEGATION_NOTIFY_TYPE_DEBUG                0x000000E4
 
+#ifdef SUPPORT_RPMB_PARTITION
+#define RPMB_PARTITION_ID                 14
+#endif
+
 typedef struct
 {
    uint32_t nInstructionID;
@@ -90,6 +94,21 @@ typedef struct
    uint32_t nWorkspaceOffset;
 } DELEGATION_RW_INSTRUCTION;
 
+#ifdef SUPPORT_RPMB_PARTITION
+typedef struct
+{
+   uint32_t nInstructionID;
+   uint8_t  nMAC[32];
+   uint32_t nWorkspaceOffset[16];
+   uint8_t  pNonce[16];
+   uint32_t nMC;
+   uint16_t nAddr;
+   uint16_t nBlockCount;
+   uint16_t nResult;
+   uint16_t nRequest;
+} DELEGATION_RPMB_INSTRUCTION;
+#endif
+
 typedef struct
 {
    uint32_t nInstructionID;
@@ -102,6 +121,9 @@ typedef union
    DELEGATION_NOTIFY_INSTRUCTION     sNotify;
    DELEGATION_RW_INSTRUCTION         sReadWrite;
    DELEGATION_SET_SIZE_INSTRUCTION   sSetSize;
+#ifdef SUPPORT_RPMB_PARTITION
+   DELEGATION_RPMB_INSTRUCTION       sAuthRW;
+#endif
 } DELEGATION_INSTRUCTION;
 
 typedef struct
diff --git a/security/tf_daemon/smc_properties.c b/security/tf_daemon/smc_properties.c
index ce1e7e3..48bfa8c 100644
--- a/security/tf_daemon/smc_properties.c
+++ b/security/tf_daemon/smc_properties.c
@@ -76,7 +76,7 @@ typedef enum
    STATE_BINARY
 } INTEGER_FORMAT;
 
-#if defined (LINUX) || defined(__ANDROID32__)
+#if defined (LINUX) || defined(ANDROID)
 #define SEPARATOR_CHAR '/'
 
 #elif defined (WIN32) || defined (__SYMBIAN32__) || defined (_WIN32_WCE)
@@ -151,7 +151,7 @@ static bool checkFilePath(char *pPath)
          printf("Path %s doesn't point on a directory.\n", pDir);
          return false;
       }
-#if (!defined(__SYMBIAN32__)) && (!defined(_WIN32_WCE)) && (!defined(__ANDROID32__))
+#if (!defined(__SYMBIAN32__)) && (!defined(_WIN32_WCE)) && (!defined(ANDROID))
       // TODO : under Symbian, Android and WM, check access right of a directory failed? I don't know why...
        /* check read access */
        if ((buf.st_mode & S_IREAD) != S_IREAD)
diff --git a/security/tf_daemon/smc_properties_parser.c b/security/tf_daemon/smc_properties_parser.c
index 1f97224..8d0d676 100644
--- a/security/tf_daemon/smc_properties_parser.c
+++ b/security/tf_daemon/smc_properties_parser.c
@@ -42,6 +42,7 @@
 
 #include "smc_properties_parser.h"
 #include "lib_manifest2.h"
+#include "lib_uuid.h"
 #include "s_error.h"
 
 /* ---------------------------------------------------------------------------------
@@ -57,7 +58,7 @@
 #define GET_LAST_ERR  errno
 #endif
 
-#if defined (LINUX) || defined (__SYMBIAN32__) || defined (__ANDROID32__)
+#if defined (LINUX) || defined (__SYMBIAN32__) || defined (ANDROID)
 #define STRICMP strcasecmp
 #elif defined(_WIN32_WCE)
 #define STRICMP _stricmp
@@ -241,7 +242,7 @@ static NODE* SMCPropListFindElement(LIST* pList,char* pName,bool bIsCaseSensitiv
 
 
 static S_RESULT SMCPropYacc(uint8_t* pBuffer, uint32_t nBufferLength,
-                     CONF_FILE* pConfFile)
+                     CONF_FILE* pConfFile, SERVICE_SECTION* pService)
 {
    S_RESULT nError=S_SUCCESS;
    LIST *pPublicPropertyList=NULL;
@@ -264,6 +265,15 @@ static S_RESULT SMCPropYacc(uint8_t* pBuffer, uint32_t nBufferLength,
    sParserContext.nManifestLength = nBufferLength;
    sParserContext.nType = LIB_MANIFEST2_TYPE_SOURCE_WITH_SECTIONS;
 
+   if (pService!=NULL)
+   {
+      pPublicPropertyList=&pService->sPublicPropertyList;
+      pPrivatePropertyList=&pService->sPrivatePropertyList;
+      /* read inside a service compiled manifest */
+      sParserContext.nType = LIB_MANIFEST2_TYPE_COMPILED;
+      sprintf(serviceManifestName, "%s(manifest)", pService->sNode.pName);
+      sParserContext.pManifestName = serviceManifestName;
+   }
    libManifest2InitContext(&sParserContext);
 
    while (true)
@@ -382,6 +392,47 @@ static S_RESULT SMCPropYacc(uint8_t* pBuffer, uint32_t nBufferLength,
          }
          else
          {
+            if (strcmp(pProperty->sNode.pName,CONFIG_SERVICE_ID_PROPERTY_NAME) == 0)
+            {
+               if (pService!=NULL)
+               {
+                  pService->sNode.pName=malloc(nValueLength+1);
+                  if (pService->sNode.pName==NULL)
+                  {
+                     nError=S_ERROR_OUT_OF_MEMORY;
+                     goto error;
+                  }
+#if defined (LINUX) || defined (__SYMBIAN32__) || defined(ANDROID)
+                  {
+                     // put each char of the value in uppercase
+                     char* p=pProperty->pValue;
+                     while(*p)
+                     {
+                        *p=toupper(*p);
+                        p++;
+                     }
+                  }
+#else
+                  _strupr(pProperty->pValue);
+#endif
+                  memcpy(pService->sNode.pName,pProperty->pValue,nValueLength+1);
+
+                  if (!libUUIDFromString((const uint8_t*)pProperty->pValue,&pService->sUUID))
+                  {
+                     nError=S_ERROR_WRONG_SIGNATURE;
+                     goto error;
+                  }
+                  {
+                     S_UUID sNullUUID;
+                     memset(&sNullUUID,0,sizeof(S_UUID));
+                     if (!memcmp(&pService->sUUID,&sNullUUID,sizeof(S_UUID)))
+                     {
+                        nError=S_ERROR_WRONG_SIGNATURE;
+                        goto error;
+                     }
+                  }
+               }
+            }
             if ((nValueLength > strlen(CONFIG_PROPERTY_NAME)) &&
                 (memcmp(pProperty->sNode.pName, CONFIG_PROPERTY_NAME, strlen(CONFIG_PROPERTY_NAME)) == 0))
             {
@@ -411,10 +462,10 @@ error:
          TRACE_ERROR("Configuration file: wrong service UUID: %s\n", pValueZ);
          break;
       case S_ERROR_OUT_OF_MEMORY:
-	  TRACE_ERROR("Out of memory\n");
+         TRACE_ERROR("Out of memory\n");
          break;
       case S_ERROR_ITEM_NOT_FOUND:
-	  TRACE_ERROR("Configuration file: service \"%s\" not found\n", pNameZ);
+         TRACE_ERROR("Configuration file: service \"%s\" not found\n", pNameZ);
          break;
       }
    }
@@ -544,7 +595,7 @@ S_RESULT SMCPropParseConfigFile(char* pConfigFilename,CONF_FILE* pConfFile)
       assert(0);
    }
 
-   nError=SMCPropYacc(pFile,nFileLength,pConfFile);
+   nError=SMCPropYacc(pFile,nFileLength,pConfFile,NULL);
 
    if(pConfigFilename != NULL)
    {