From 3ee029b6fe82e31a112f13de419cee582df68e30 Mon Sep 17 00:00:00 2001
From: fire855 <thefire855@gmail.com>
Date: Sat, 5 Nov 2016 14:18:03 +0100
Subject: mediatek: update asf driver Backported from 3.18 MM kernel

---
 drivers/misc/mediatek/kernel/Makefile              |   2 +-
 drivers/misc/mediatek/masp/Makefile                |  67 +---
 drivers/misc/mediatek/masp/asfv2/Makefile.core     |  15 +
 drivers/misc/mediatek/masp/asfv2/Makefile.mach     |  18 +
 .../masp/asfv2/asf_export_inc/sec_export.h         |  75 ++++
 .../mediatek/masp/asfv2/asf_export_inc/sec_osal.h  |  68 ++++
 .../mediatek/masp/asfv2/asf_inc/masp_version.h     |   3 +
 .../mediatek/masp/asfv2/asf_inc/sec_boot_lib.h     |  68 ++++
 .../misc/mediatek/masp/asfv2/asf_inc/sec_ccci.h    |  13 +
 .../misc/mediatek/masp/asfv2/asf_inc/sec_error.h   | 228 ++++++++++++
 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_hal.h |  40 +++
 .../misc/mediatek/masp/asfv2/asf_inc/sec_ioctl.h   |  50 +++
 .../misc/mediatek/masp/asfv2/asf_inc/sec_nvram.h   |  21 ++
 .../mediatek/masp/asfv2/asf_inc/sec_osal_light.h   |  16 +
 .../misc/mediatek/masp/asfv2/asf_inc/sec_typedef.h |  11 +
 .../misc/mediatek/masp/asfv2/core/sec_boot_core.c  | 146 ++++++++
 drivers/misc/mediatek/masp/asfv2/core/sec_ccci.c   |  30 ++
 drivers/misc/mediatek/masp/asfv2/core/sec_legacy.c | 103 ++++++
 .../misc/mediatek/masp/asfv2/core/sec_mod_core.c   | 207 +++++++++++
 drivers/misc/mediatek/masp/asfv2/core/sec_osal.c   | 349 ++++++++++++++++++
 .../misc/mediatek/masp/asfv2/mach/hacc_export.c    | 228 ++++++++++++
 drivers/misc/mediatek/masp/asfv2/mach/hacc_hk.c    | 190 ++++++++++
 drivers/misc/mediatek/masp/asfv2/mach/hacc_lib.c   | 150 ++++++++
 drivers/misc/mediatek/masp/asfv2/mach/hacc_mach.h  | 206 +++++++++++
 .../misc/mediatek/masp/asfv2/mach/hacc_service.c   |  18 +
 drivers/misc/mediatek/masp/asfv2/mach/hacc_sk.c    | 322 +++++++++++++++++
 drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.c   | 170 +++++++++
 drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.h   |  10 +
 .../misc/mediatek/masp/asfv2/mach/hacc_tee_req.c   | 219 +++++++++++
 drivers/misc/mediatek/masp/asfv2/mach/sec_lib.c    |  64 ++++
 drivers/misc/mediatek/masp/asfv2/module/sec_mod.c  | 399 +++++++++++++++++++++
 drivers/misc/mediatek/masp/asfv2/module/sec_mod.h  |  51 +++
 drivers/misc/mediatek/masp/asfv2/tlc_inc/tci.h     |  47 +++
 .../misc/mediatek/masp/asfv2/tlc_inc/tlcApisec.h   |  73 ++++
 34 files changed, 3619 insertions(+), 58 deletions(-)
 create mode 100644 drivers/misc/mediatek/masp/asfv2/Makefile.core
 create mode 100644 drivers/misc/mediatek/masp/asfv2/Makefile.mach
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_export.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_osal.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/masp_version.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_boot_lib.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ccci.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_error.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_hal.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ioctl.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_nvram.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_osal_light.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/asf_inc/sec_typedef.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/core/sec_boot_core.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/core/sec_ccci.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/core/sec_legacy.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/core/sec_mod_core.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/core/sec_osal.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_export.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_hk.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_lib.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_mach.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_service.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_sk.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/hacc_tee_req.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/mach/sec_lib.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/module/sec_mod.c
 create mode 100644 drivers/misc/mediatek/masp/asfv2/module/sec_mod.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/tlc_inc/tci.h
 create mode 100644 drivers/misc/mediatek/masp/asfv2/tlc_inc/tlcApisec.h

diff --git a/drivers/misc/mediatek/kernel/Makefile b/drivers/misc/mediatek/kernel/Makefile
index 0c4f28dea..f189ef420 100755
--- a/drivers/misc/mediatek/kernel/Makefile
+++ b/drivers/misc/mediatek/kernel/Makefile
@@ -12,4 +12,4 @@ obj-y += system.o
 obj-$(CONFIG_ARM) += mt_cache_v7.o
 obj-$(CONFIG_ARM64) += mt_cache_v8.o
 obj-y += fiq_smp_call.o
-obj-y += sec_osal.o
+#obj-y += sec_osal.o
diff --git a/drivers/misc/mediatek/masp/Makefile b/drivers/misc/mediatek/masp/Makefile
index fc49d7ae8..0c7815613 100755
--- a/drivers/misc/mediatek/masp/Makefile
+++ b/drivers/misc/mediatek/masp/Makefile
@@ -1,71 +1,24 @@
+ifeq ($(CONFIG_MTK_SECURITY_SW_SUPPORT), y)
 #######################################
-# Sepcify source files
+# Specify source files
 #######################################
 #include $(MTK_ROOT_BUILD)/Makefile
 
 MTK_PLATFORM := $(subst ",,$(CONFIG_MTK_PLATFORM))
 MASP_CORE_DRIVER_DIR := $(srctree)/drivers/misc/mediatek/masp
 
-asf_link := asf
-lib_obj := $(MTK_PLATFORM)/module/sec_mod.o
-
-ifeq ($(CONFIG_MTK_SECURITY_SW_SUPPORT), y)
+#Kernel 3.18 always use asfv2
+asf_link := asfv2
 
-################################################
+############################################
 #[core_obj] include all the files under asf/core
 ################################################
-include $(MASP_CORE_DRIVER_DIR)/asf/Makefile.core
+include $(MASP_CORE_DRIVER_DIR)/$(asf_link)/Makefile.core
+include $(MASP_CORE_DRIVER_DIR)/$(asf_link)/Makefile.mach
 
-###################################################################
-#[mach_obj][HACC]: if TEE is enabled, HACC is done in secure world.
-###################################################################
-ifeq ($(CONFIG_TRUSTONIC_TEE_SUPPORT),y)
-ccflags-y += -I$(srctree)/arch/arm/mach-$(MTK_PLATFORM)/include/trustzone/sec/Tlsec/inc
-ccflags-y += -I$(srctree)/drivers/misc/mediatek/mach/$(MTK_PLATFORM)/include/trustzone/sec/Tlsec/inc
-ifeq ($(CONFIG_ARM64), y)
-ccflags-y += -I$(srctree)/drivers/misc/mediatek/gud/$(MTK_PLATFORM)/gud/MobiCoreKernelApi/include \
-             -I$(srctree)/drivers/misc/mediatek/gud/$(MTK_PLATFORM)/gud/MobiCoreKernelApi/public
-else
-ccflags-y += -I$(srctree)/drivers/misc/mediatek/gud/$(MTK_PLATFORM)/gud/MobiCoreKernelApi/include \
-             -I$(srctree)/drivers/misc/mediatek/gud/$(MTK_PLATFORM)/gud/MobiCoreKernelApi/public
-endif
-
-mach_obj += $(MTK_PLATFORM)/mach/hacc_tee_req.o
-mach_obj += $(MTK_PLATFORM)/mach/hacc_tee.o
-mach_obj += $(MTK_PLATFORM)/mach/hacc_service.o
-else
-include $(MASP_CORE_DRIVER_DIR)/$(MTK_PLATFORM)/mach/Makefile.mach
-endif
-
-##################################################################################
-#[lib_obj] crypto library. if custom auth is enabled, auth algo can be customized.
-##################################################################################
-ifeq ($(CONFIG_CUSTOM_SEC_AUTH_SUPPORT),y)
-CCCI_CUSTOM_DRIVER_DIR := $(call my-dir)$(call to-root,$(obj))mediatek/custom/out/$(call lc,$(MTK_PROJECT))/kernel/ccci
-lib_obj += $(CCCI_CUSTOM_DRIVER_DIR)/cust_auth.o
-else
-include $(MASP_CORE_DRIVER_DIR)/asf/Makefile.crypto
-lib_obj += $(crypto_obj)
-lib_obj += $(asf_link)/auth/sec_wrapper.o
-endif
-
-else
-ccflags-y += -DMTK_SECURITY_MODULE_LITE
-core_obj += $(asf_link)/core/sec_ops.o
-core_obj += $(asf_link)/core/alg_sha1.o
-ifneq ($(CONFIG_ARM64), y)
-mach_obj += $(MTK_PLATFORM)/mach/arm/sec_uid.o
-else
-mach_obj += $(MTK_PLATFORM)/mach/arm64/sec_uid.o
-endif
-EXTRA_CFLAGS += -I$(src)/asf/asf_inc
-endif
+# INCLUDE ASP LIBRARY
+sec-y += $(core_obj) $(mach_obj)
 
 # BUILD-IN
 obj-y += sec.o
-
-# HEADER FILES
-EXTRA_CFLAGS += -I$(src)/module
-
-# INCLUDE ASP LIBRARY
-sec-y += $(lib_obj) $(core_obj) $(mach_obj)
+endif
diff --git a/drivers/misc/mediatek/masp/asfv2/Makefile.core b/drivers/misc/mediatek/masp/asfv2/Makefile.core
new file mode 100644
index 000000000..5c0b71fd8
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/Makefile.core
@@ -0,0 +1,15 @@
+#######################################
+# Specify source files
+#######################################
+
+core_obj += $(asf_link)/core/sec_ccci.o
+core_obj += $(asf_link)/core/sec_boot_core.o
+core_obj += $(asf_link)/core/sec_mod_core.o
+core_obj += $(asf_link)/core/sec_osal.o
+core_obj += $(asf_link)/core/sec_legacy.o
+core_obj += $(asf_link)/module/sec_mod.o
+
+# HEADER FILE
+ccflags-y += -I$(src)/$(asf_link)/asf_inc
+ccflags-y += -I$(src)/$(asf_link)/asf_export_inc
+ccflags-y += -I$(src)/$(asf_link)/module
diff --git a/drivers/misc/mediatek/masp/asfv2/Makefile.mach b/drivers/misc/mediatek/masp/asfv2/Makefile.mach
new file mode 100644
index 000000000..79a029146
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/Makefile.mach
@@ -0,0 +1,18 @@
+###################################################################
+#[mach_obj][HACC]: if TEE is enabled, HACC is done in secure world.
+###################################################################
+ifeq ($(CONFIG_TRUSTONIC_TEE_SUPPORT),y)
+ccflags-y += -I$(src)/$(asf_link)/tlc_inc
+include $(srctree)/drivers/misc/mediatek/gud/Makefile.include
+mach_obj += $(asf_link)/mach/hacc_tee_req.o
+mach_obj += $(asf_link)/mach/hacc_tee.o
+mach_obj += $(asf_link)/mach/hacc_service.o
+else
+mach_obj += $(asf_link)/mach/sec_lib.o
+mach_obj += $(asf_link)/mach/hacc_lib.o
+mach_obj += $(asf_link)/mach/hacc_export.o
+mach_obj += $(asf_link)/mach/hacc_hk.o
+mach_obj += $(asf_link)/mach/hacc_sk.o
+endif
+
+ccflags-y += -I$(src)/$(asf_link)/asf_inc
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_export.h b/drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_export.h
new file mode 100644
index 000000000..832891c26
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_export.h
@@ -0,0 +1,75 @@
+#ifndef SEC_EXPORT_H
+#define SEC_EXPORT_H
+
+/**************************************************************************
+ *  Security Module ERROR CODE
+ **************************************************************************/
+#define SEC_OK                                  0x0000
+
+    /* IMAGE CIPHER */
+#define ERR_IMAGE_CIPHER_KEY_ERR                0x1000
+#define ERR_IMAGE_CIPHER_IMG_NOT_FOUND          0x1001
+#define ERR_IMAGE_CIPHER_READ_FAIL              0x1002
+#define ERR_IMAGE_CIPHER_WRONG_OPERATION        0x1003
+#define ERR_IMAGE_CIPHER_DEC_TEST_ERROR         0x1004
+#define ERR_IMAGE_CIPHER_ENC_TEST_ERROR         0x1005
+#define ERR_IMAGE_CIPHER_HEADER_NOT_FOUND       0x1006
+#define ERR_IMAGE_CIPHER_DEC_Fail               0x1007
+
+    /* AUTH */
+#define ERR_AUTH_IMAGE_VERIFY_FAIL              0x2000
+#define ERR_AES_KEY_NOT_FOUND                   0x2005
+
+    /* LIB */
+#define ERR_LIB_SEC_CFG_NOT_EXIST               0x3000
+#define ERR_LIB_VER_INVALID                     0x3001
+#define ERR_LIB_SEC_CFG_ERASE_FAIL              0x3002
+#define ERR_LIB_SEC_CFG_CANNOT_WRITE            0x3003
+
+    /* SECURE DOWNLOAD / IMAGE VERIFICATION */
+#define ERR_IMG_VERIFY_THIS_IMG_INFO_NOT_EXIST  0x4000
+#define ERR_IMG_VERIFY_HASH_COMPARE_FAIL        0x4001
+#define ERR_IMG_VERIFY_NO_SPACE_ADD_IMG_INFO    0x4002
+#define ERR_SEC_DL_TOKEN_NOT_FOUND_IN_IMG       0x4003
+#define ERR_SEC_DL_FLOW_ERROR                   0x4004
+
+    /* IMAGE DOWNLOAD LOCK */
+#define ERR_IMG_LOCK_TABLE_NOT_EXIST            0x5000
+#define ERR_IMG_LOCK_ALL_LOCK                   0x5001
+#define ERR_IMG_LOCK_NO_SPACE_ADD_LOCK_INFO     0x5002
+#define ERR_IMG_LOCK_THIS_IMG_INFO_NOT_EXIST    0x5003
+#define ERR_IMG_LOCK_MAGIC_ERROR                0x5004
+
+    /* KERNEL DRIVER */
+#define ERR_KERNEL_CRYPTO_INVALID_MODE          0xA000
+
+/**************************************************************************
+ *  Security Module Enumeration
+ **************************************************************************/
+typedef enum {
+	SECRO_MD1 = 0,
+	SECRO_MD2,
+} SECRO_USER;
+
+/**************************************************************************
+ *  Security Module Export API
+ **************************************************************************/
+extern int masp_boot_init(void);
+extern void masp_secure_algo(unsigned char Direction, unsigned char *ContentAddr,
+			     unsigned int ContentLen, unsigned char *CustomSeed,
+			     unsigned char *ResText);
+extern unsigned char masp_secure_algo_init(void);
+extern unsigned char masp_secure_algo_deinit(void);
+extern int masp_ccci_signfmt_verify_file(char *file_path, unsigned int *data_offset,
+					 unsigned int *data_sec_len);
+extern int masp_ccci_version_info(void);
+extern int masp_ccci_is_cipherfmt(int fp_id, unsigned int start_off, unsigned int *img_len);
+extern int masp_ccci_decrypt_cipherfmt(int fp_id, unsigned int start_off, char *buf,
+				       unsigned int buf_len, unsigned int *data_offset);
+extern unsigned char masp_secro_en(void);
+extern unsigned int masp_secro_md_len(unsigned char *md_info);
+extern unsigned int masp_secro_md_get_data(unsigned char *md_info, unsigned char *buf,
+					   unsigned int offset, unsigned int len);
+extern unsigned int masp_secro_blk_sz(void);
+
+#endif				/* SEC_EXPORT_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_osal.h b/drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_osal.h
new file mode 100644
index 000000000..8adec65dd
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_export_inc/sec_osal.h
@@ -0,0 +1,68 @@
+#ifndef SEC_OSAL_H
+#define SEC_OSAL_H
+
+/**************************************************************************
+ *  Operating System Abstract Layer - ERROR Definition
+ **************************************************************************/
+#define OSAL_FILE_NULL          (0)
+#define OSAL_FILE_OPEN_FAIL     (-1)
+#define OSAL_FILE_CLOSE_FAIL    (-2)
+#define OSAL_FILE_SEEK_FAIL     (-3)
+#define OSAL_FILE_GET_POS_FAIL  (-4)
+#define OSAL_FILE_READ_FAIL     (-5)
+
+
+/**************************************************************************
+ *  Operating System Abstract Layer - External Function
+ **************************************************************************/
+extern void osal_kfree(void *buf);
+extern void *osal_kmalloc(unsigned int size);
+extern unsigned long osal_copy_from_user(void *to, void *from, unsigned long size);
+extern unsigned long osal_copy_to_user(void *to, void *from, unsigned long size);
+extern int osal_hacc_lock(void);
+extern void osal_hacc_unlock(void);
+extern int osal_verify_lock(void);
+extern void osal_verify_unlock(void);
+extern int osal_secro_lock(void);
+extern void osal_secro_unlock(void);
+extern int osal_secro_v5_lock(void);
+extern void osal_secro_v5_unlock(void);
+extern int osal_mtd_lock(void);
+extern void osal_mtd_unlock(void);
+extern int osal_rid_lock(void);
+extern void osal_rid_unlock(void);
+extern void osal_msleep(unsigned int msec);
+extern void osal_assert(unsigned int val);
+extern int osal_set_kernel_fs(void);
+extern void osal_restore_fs(void);
+extern int osal_filp_open_read_only(const char *file_path);
+extern void *osal_get_filp_struct(int fp_id);
+extern int osal_filp_close(int fp_id);
+extern long long osal_filp_seek_set(int fp_id, long long off);
+extern long long osal_filp_seek_end(int fp_id, long long off);
+extern long long osal_filp_pos(int fp_id);
+extern long osal_filp_read(int fp_id, char *buf, unsigned long len);
+extern long osal_is_err(int fp_id);
+
+/**************************************************************************
+ *  Operating System Abstract Layer - Macro
+ **************************************************************************/
+#define SEC_ASSERT(a) osal_assert(a)
+
+#define ASF_FILE int
+#define ASF_FILE_NULL OSAL_FILE_NULL
+#define ASF_GET_DS osal_set_kernel_fs()
+#define ASF_PUT_DS osal_restore_fs()
+#define ASF_OPEN(file_name) osal_filp_open_read_only(file_name)
+#define ASF_FILE_ERROR(fp) (fp == OSAL_FILE_NULL)
+#define ASF_CLOSE(fp) osal_filp_close(fp)
+#define ASF_SEEK_SET(fp, off) osal_filp_seek_set(fp, off)
+#define ASF_SEEK_END(fp, off) osal_filp_seek_end(fp, off)
+#define ASF_FILE_POS(fp) osal_filp_pos(fp)
+#define ASF_MALLOC(len) osal_kmalloc(len)
+#define ASF_FREE(buf) osal_kfree(buf)
+#define ASF_READ(fp, buf, len) osal_filp_read(fp, buf, len)
+#define ASF_STRTOK(str, delim) strsep(&str, delim)
+#define ASF_IS_ERR(fp) osal_is_err(fp)
+
+#endif				/* SEC_OSAL_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/masp_version.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/masp_version.h
new file mode 100644
index 000000000..b4b8943a1
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/masp_version.h
@@ -0,0 +1,3 @@
+#define BUILD_TIME "CST 2015"
+#define BUILD_BRANCH "(M)"
+#define CCCI_VERSION 1
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_boot_lib.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_boot_lib.h
new file mode 100644
index 000000000..2c036a047
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_boot_lib.h
@@ -0,0 +1,68 @@
+#ifndef SEC_BOOT_LIB_H
+#define SEC_BOOT_LIB_H
+
+/**************************************************************************
+ *  INCLUDE LINUX HEADER
+ **************************************************************************/
+#include "sec_osal_light.h"
+/**************************************************************************
+ *  INCLUDE MTK HEADERS
+ **************************************************************************/
+#include "masp_version.h"
+#include "sec_typedef.h"
+#include "sec_error.h"
+#include "sec_nvram.h"
+#include "sec_osal.h"
+#include "sec_mod.h"
+
+/**************************************************************************
+ * [S-BOOT]
+ **************************************************************************/
+/* S-BOOT Attribute */
+#define ATTR_SBOOT_DISABLE                  0x00
+#define ATTR_SBOOT_ENABLE                   0x11
+#define ATTR_SBOOT_ONLY_ENABLE_ON_SCHIP     0x22
+
+/**************************************************************************
+ * [S-USBDL]
+ **************************************************************************/
+/* S-USBDL Attribute */
+#define ATTR_SUSBDL_DISABLE                 0x00
+#define ATTR_SUSBDL_ENABLE                  0x11
+#define ATTR_SUSBDL_ONLY_ENABLE_ON_SCHIP    0x22
+
+
+
+
+/**************************************************************************
+ *  EXTERNAL VARIABLE
+ **************************************************************************/
+/*extern AND_ROMINFO_T rom_info;*/
+/*extern SECURE_INFO sec_info;*/
+/*extern SECCFG_U seccfg;*/
+/*extern AND_SECROIMG_T secroimg;*/
+
+extern unsigned int g_rom_info_sbc_attr;
+extern unsigned int g_rom_info_sdl_attr;
+extern unsigned int g_hw_sbcen;
+extern unsigned int g_lock_state;
+extern unsigned int g_random_id[NUM_RID];
+extern unsigned char g_crypto_seed[NUM_CRYPTO_SEED];
+extern unsigned int g_sbc_pubk_hash[NUM_SBC_PUBK_HASH];
+extern unsigned int lks;
+
+/**************************************************************************
+ * EXPORT FUNCTION
+ **************************************************************************/
+extern int masp_boot_init(void);
+extern int sec_boot_enabled(void);
+extern int sec_usbdl_enabled(void);
+extern int sec_modem_auth_enabled(void);
+extern int sec_schip_enabled(void);
+extern int sec_get_random_id(unsigned int *rid);
+
+/* HACC HW init */
+extern unsigned int sec_boot_hacc_init(void);
+
+
+#endif				/* SEC_BOOT_LIB_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ccci.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ccci.h
new file mode 100644
index 000000000..46162f76e
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ccci.h
@@ -0,0 +1,13 @@
+#ifndef SEC_CCCI_LIB_H
+#define SEC_CCCI_LIB_H
+
+int masp_ccci_signfmt_verify_file(char *file_path, unsigned int *data_offset,
+				  unsigned int *data_sec_len);
+int masp_ccci_version_info(void);
+int sec_ccci_file_open(char *file_path);
+int sec_ccci_file_close(int fp_id);
+int masp_ccci_is_cipherfmt(int fp_id, unsigned int start_off, unsigned int *img_len);
+int masp_ccci_decrypt_cipherfmt(int fp_id, unsigned int start_off, char *buf, unsigned int buf_len,
+				unsigned int *data_offset);
+
+#endif				/* SEC_CCCI_LIB_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_error.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_error.h
new file mode 100644
index 000000000..69b69124e
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_error.h
@@ -0,0 +1,228 @@
+#ifndef SEC_ERROR_H
+#define SEC_ERROR_H
+
+/**************************************************************************
+ *  COMPILE ASSERT
+ **************************************************************************/
+#define COMPILE_ASSERT(condition) ((void)sizeof(char[1 - 2*!!!(condition)]))
+
+#define SEC_OK                                  0x0000
+
+/* IMAGE CIPHER */
+#define ERR_IMAGE_CIPHER_KEY_ERR                0x1000
+#define ERR_IMAGE_CIPHER_IMG_NOT_FOUND          0x1001
+#define ERR_IMAGE_CIPHER_READ_FAIL              0x1002
+#define ERR_IMAGE_CIPHER_WRONG_OPERATION        0x1003
+#define ERR_IMAGE_CIPHER_DEC_TEST_ERROR         0x1004
+#define ERR_IMAGE_CIPHER_ENC_TEST_ERROR         0x1005
+#define ERR_IMAGE_CIPHER_HEADER_NOT_FOUND       0x1006
+#define ERR_IMAGE_CIPHER_DEC_Fail               0x1007
+
+/* SW AES */
+#define ERR_AES_KEY_SIZE_ERR                    0x2000
+#define ERR_AES_ALLOCATE_CTX_ERR                0x2001
+#define ERR_AES_ILEN_SHOULD_EQUAL_OLEN          0x2002
+#define ERR_AES_DATA_NOT_MULTIPLE_OF_BLOCK_SIZE 0x2004
+#define ERR_AES_KEY_NOT_FOUND                   0x2005
+
+/* ROM INFO */
+#define ERR_ROM_INFO_ALLOCATE_BUF_FAIL          0x3000
+#define ERR_ROM_INFO_MTD_OPEN_FAIL              0x3001
+#define ERR_ROM_INFO_MTD_READ_FAIL              0x3002
+#define ERR_ROM_INFO_MTD_NOT_FOUND              0x3003
+#define ERR_ROM_INFO_RESET_FAIL                 0x3004
+#define ERR_ROM_INFO_MOD_READ_FAIL              0x3005
+#define ERR_ROM_INFO_ID_INVALID                 0x3006
+#define ERR_INFO_MTD_NUM_INVALID                0x3007
+#define ERR_INFO_PART_NOT_FOUND                 0x3008
+#define ERR_INFO_OVER_MAX_PART_COUNT            0x3009
+
+/* SW RSA */
+#define ERR_RSA_KEY_NOT_FOUND                   0x4000
+#define ERR_RSA_WRONG_SIGNATURE_LEN             0x4001
+#define ERR_RSA_SIGNATURE_VERIFY_FAIL           0x4002
+
+/* SW HASH */
+#define ERR_HASH_WRONG_HASH_LEN                 0x5000
+
+/* HW AES */
+#define ERR_KER_CRYPTO_INVALID_MODE             0x6000
+#define ERR_HACC_MODE_INVALID                   0x6001
+#define ERR_HACC_KEY_INVALID                    0x6002
+#define ERR_HACC_DATA_UNALIGNED                 0x6003
+#define ERR_HACC_SEED_LEN_ERROR                 0x6004
+#define ERR_HACC_ENC_FAIL                       0x6005
+#define ERR_HACC_DEC_FAIL                       0x6006
+#define ERR_HACC_HW_WRAP_KEY_NOT_INIT           0x6007
+#define ERR_HACC_SW_KEY_NOT_INIT                0x6008
+#define ERR_SBOOT_HACC_INIT_FAIL                0x6009
+#define ERR_SBOOT_HACC_LOCK_FAIL                0x600A
+#define ERR_HACC_ENABLE_CLK_FAIL                0x600B
+#define ERR_HACC_UNKNOWN_USER                    0x600C
+#define ERR_HACC_OPEN_SECURE_CONNECTION_FAIL    0x6010
+#define ERR_HACC_REQUEST_SECURE_SERVICE_FAIL    0x6011
+#define ERR_HACC_ALLOCATE_BUFFER_FAIL           0x6012
+#define ERR_HACC_MCMAP_BUFFER_FAIL              0x6013
+#define ERR_HACC_NOTIFY_TO_TRUSTLET_FAIL        0x6014
+#define ERR_HACC_NOTIFY_FROM_TRUSTLET_FAIL      0x6015
+#define ERR_HACC_CLOSE_SECURE_CONNECTION_FAIL   0x6016
+
+/* SEC CFG */
+#define ERR_SEC_CFG_ALLOCATE_BUF_FAIL           0x7000
+#define ERR_SEC_CFG_MTD_OPEN_FAIL               0x7001
+#define ERR_SEC_CFG_MTD_READ_FAIL               0x7002
+#define ERR_SEC_CFG_MTD_NOT_FOUND               0x7003
+#define ERR_SEC_CFG_END_PATTERN_NOT_EXIST       0x7004
+#define ERR_SEC_CFG_STATUS_INVALID              0x7005
+#define ERR_SEC_CFG_INVALID_ID                  0x7006
+#define ERR_SEC_CFG_INVALID_END_PATTERN         0x7007
+#define ERR_SEC_CFG_MARK_INCOMPLETE_FAIL        0x7008
+#define ERR_SEC_CFG_RESET_FAIL                  0x7009
+#define ERR_SEC_CFG_IMG_NOT_FOUND               0x700A
+#define ERR_SEC_CFG_IS_FULL                     0x700B
+#define ERR_SEC_CFG_VERSION_INVALID             0x700C
+#define ERR_SEC_CFG_EXT_REGION_SPACE_OVERFLOW   0x700D
+#define ERR_SEC_CFG_MAGIC_INVALID               0x700E
+#define ERR_SEC_CFG_EXT_REGION_SELF_COPY_FAIL   0x700F
+#define ERR_SEC_CFG_EXT_REGION_OFFSET_INVALID   0x7010
+#define ERR_SEC_CFG_EXT_REGION_SIZE_CHANGE      0x7011
+
+/* SEC BOOT UPDATE */
+#define ERR_SBOOT_UPDATE_IMG_NOT_FOUND_IN_SECCFG 0x8000
+#define ERR_SBOOT_UPDATE_IMG_NOT_FOUND_IN_MTD   0x8001
+#define ERR_SBOOT_UPDATE_IMG_OPEN_FAIL          0x8002
+#define ERR_SBOOT_UPDATE_IMG_READ_FAIL          0x8003
+#define ERR_SBOOT_UPDATE_SEC_CFG_FAIL           0x8004
+#define ERR_SBOOT_UPDATE_SEC_RO_FAIL            0x8005
+#define ERR_SBOOT_UPDATE_CANNOT_ROLLBACK_VER    0x8006
+#define ERR_SBOOT_UPDATE_SEC_VER_NOT_FOUND      0x8007
+#define ERR_SBOOT_UPDATE_CUST_NAME_MISMATCH     0x8008
+#define ERR_SBOOT_UPDATE_IMG_INVALID            0x8009
+#define ERR_SBOOT_UPDATE_CUST_NAME_CANNOT_BE_NULL 0x800A
+
+/* SEC BOOT LIBRARY */
+#define SEC_SBOOT_INFO_PART_NOT_FOUND           0x9000
+#define SEC_SBOOT_OPEN_SEC_DRV_FAIL             0x9001
+#define SEC_SBOOT_SEC_DRV_IOCTL_FAIL            0x9002
+#define SEC_SBOOT_INFO_PART_WRITE_OPEN_FAIL     0x9003
+#define SEC_SBOOT_INFO_PART_WRITE_FAIL          0x9004
+#define SEC_SBOOT_INFO_INIT_FAIL                0x9005
+#define SEC_SBOOT_STATUE_QUERY_FAIL             0x9006
+#define SEC_SBOOT_NOT_ENABLED                   0x9007
+#define SEC_SUSBDL_STATUE_QUERY_FAIL            0x9008
+#define SEC_SUSBDL_NOT_ENABLED                  0x9009
+#define SEC_SBOOT_MARK_STATUS_FAIL              0x900A
+#define SEC_SBOOT_NOT_INIT_YET                  0x900B
+#define SEC_SBOOT_NOTIFY_DRIVER_FAIL            0x900C
+#define SEC_SBOOT_INVALID_IMG_ATTR              0x900D
+
+/* MTD / USIF  */
+#define ERR_MTD_INFO_NOT_FOUND                  0xA000
+#define ERR_MTD_PART_COUNT_INVALID              0xA001
+#define ERR_MTD_PART_NOT_FOUND                  0xA002
+#define ERR_MTD_PART_READ_FAIL                  0xA003
+#define ERR_MTD_PART_WRITE_FAIL                 0xA004
+#define ERR_MTD_PART_ADJUST_OFFSET_FAIL         0xA005
+#define ERR_MTD_PART_READ_MEMINFO_FAIL          0xA006
+#define ERR_MTD_PART_INVALID_MEMINFO_FAIL       0xA007
+#define ERR_MTD_NOT_SUPPORT_READ_YAFFS2         0xA008
+#define ERR_USIF_PART_READ_FAIL                 0xA009
+#define ERR_USIF_PART_WRITE_FAIL                0xA00A
+#define ERR_USIF_PROC_READ_FAIL                 0xA00B
+#define ERR_USIF_PROC_RN_NOT_FOUND              0xA00C
+#define ERR_MTD_NOT_SUPPORT_WRITE_YAFFS2        0xA00D
+#define ERR_USIF_NOT_SUPPORT_WRITE_YAFFS2       0xA00E
+#define ERR_USIF_NOT_SUPPORT_READ_YAFFS2        0xA00F
+#define ERR_GPT_PART_NAME_IS_NULL               0xA010
+#define ERR_GPT_PART_NAME_NOT_FOUND             0xA011
+
+
+
+/* SEC BOOT CHECK */
+#define ERR_SBOOT_CHECK_IMG_NOT_FOUND_IN_SECCFG 0xB000
+#define ERR_SBOOT_CHECK_IMG_NOT_FOUND_IN_MTD    0xB001
+#define ERR_SBOOT_CHECK_IMG_OPEN_FAIL           0xB002
+#define ERR_SBOOT_CHECK_IMG_READ_FAIL           0xB003
+#define ERR_SBOOT_CHECK_SEC_CFG_FAIL            0xB004
+#define ERR_SBOOT_CHECK_IMG_VERIFY_FAIL         0xB005
+#define ERR_SBOOT_CHECK_INVALID_IMAGE_OFFSET    0xB006
+#define ERR_SBOOT_CHECK_QUERY_ENABLED_FAIL      0xB007
+#define ERR_SBOOT_CHECK_PART_INVALID_STATUS     0xB008
+#define ERR_SBOOT_CHECK_MD_HDR_MAGIC_ERROR      0xB009
+#define ERR_SBOOT_CHECK_MD_NAME_INVLAID         0xB00A
+#define ERR_SBOOT_CHECK_MD_VER_CANNOT_ROLLBACK  0xB00B
+#define ERR_SBOOT_CHECK_INVALID_IMG_MAGIC_NUM   0xB00C
+#define ERR_SBOOT_CHECK_INVALID_MODEM           0xB00D
+#define ERR_SBOOT_CHECK_FL_NAME_INVLAID         0xB00E
+#define ERR_SBOOT_CHECK_FL_VER_CANNOT_ROLLBACK  0xB00F
+#define ERR_SBOOT_CHECK_INVALID_IMG_TYPE        0xB010
+
+/* META */
+#define ERR_META_NOT_CORRECT_MODE               0xC000
+#define ERR_NVRAM_DATA_NOT_ALIGNED              0xC001
+#define ERR_NVRAM_ENC_IOCTL_FAIL                0xC002
+#define ERR_NVRAM_DEC_IOCTL_FAIL                0xC002
+#define ERR_NVRAM_CIPHER_UT_FAIL                0xC003
+
+/* YAFFS2 COMMON */
+#define ERR_YAFFS2_PART_READ_FAIL               0xD000
+
+/* FILE SYSTEM */
+#define ERR_FS_ANDROID_SEC_LIST_NOT_SPECIFY     0xE000
+#define ERR_FS_SECRO_SEC_LIST_NOT_SPECIFY       0xE001
+#define ERR_FS_SEC_LIST_NOT_SPECIFY             0xE002
+#define ERR_FS_READ_SEC_LIST_FAIL               0xE003
+#define ERR_FS_SIGN_LENGTH_INVALID              0xE004
+#define ERR_FS_READ_BUF_IS_NULL                 0xE005
+#define ERR_FS_OPEN_SEC_FILE_FAIL               0xE006
+#define ERR_FS_READ_SEC_FILE_FAIL               0xE007
+#define ERR_FS_READ_BUF_ALLOCATE_FAIL           0xE008
+#define ERR_FS_READ_SIZE_FAIL                   0xE009
+#define ERR_FS_UNSUPPORT_IMAGE_NAME             0xE00A
+#define ERR_FS_SEC_LIST_NOT_SIGNED              0xE00B
+#define ERR_FS_READ_MODEM_FAIL                  0xE00C
+#define ERR_FS_MD_BIN_NOT_SPECIFY               0xE00D
+#define ERR_FS_SECRO_OPEN_FAIL                  0xE00E
+#define ERR_FS_SECRO_READ_SIZE_CANNOT_BE_ZERO   0xE00F
+#define ERR_FS_SECRO_READ_FAIL                  0xE010
+#define ERR_FS_SECRO_AP_INVALID                 0xE011
+#define ERR_FS_SECRO_MD_INVALID                 0xE012
+#define ERR_FS_SECRO_READ_WRONG_SIZE            0xE013
+
+/* SIGN FORMAT */
+#define ERR_SIGN_FORMAT_HASH_SIZE_WRONG         0xE100
+#define ERR_SIGN_FORMAT_MAGIC_WRONG             0xE101
+#define ERR_SIGN_FORMAT_GENERATE_HASH_FAIL      0xE102
+#define ERR_SIGN_FORMAT_EXT_MAGIC_WRONG         0xE103
+#define ERR_SIGN_FORMAT_EXT_HDR_MAGIC_WRONG     0xE104
+#define ERR_SIGN_FORMAT_EXT_TYPE_NOT_SUPPORT    0xE105
+#define ERR_SIGN_FORMAT_EXT_HDR_NOT_FOUND       0xE106
+#define ERR_SIGN_FORMAT_CAL_HASH_BY_CHUNK_FAIL  0xE107
+
+/* SECRO IMAGE */
+#define ERR_SECROIMG_MTD_NOT_FOUND              0xF000
+#define ERR_SECROIMG_HACC_IS_LOCK                0xF001
+#define ERR_SECROIMG_HACC_INIT_FAIL              0xF002
+#define ERR_SECROIMG_DECRYPT_INVALID            0xF003
+#define ERR_SECROIMG_PART_NOT_FOUND             0xF004
+#define ERR_SECROIMG_INVALID_IMG_LEN            0xF005
+#define ERR_SECROIMG_ALLOCATE_BUF_FAIL          0xF006
+#define ERR_SECROIMG_IS_EMPTY                   0xF007
+#define ERR_SECROIMG_MD_BUF_NOT_ENOUGH          0xF008
+#define ERR_SECROIMG_HACC_AP_DECRYPT_FAIL        0xF009
+#define ERR_SECROIMG_HACC_MD_DECRYPT_FAIL        0xF00A
+#define ERR_SECROIMG_INVALID_BUF_LEN            0xF00B
+#define ERR_SECROIMG_LEN_INCONSISTENT_WITH_PL   0xF00C
+#define ERR_SECROIMG_HASH_CHECK_FAIL            0xF00D
+#define ERR_SECROIMG_EMPTY_MD_INFO_STR          0xF00E
+#define ERR_SECROIMG_MD_INFO_NOT_EXIST          0xF00F
+#define ERR_SECROIMG_NEITHER_V3_NOR_V5_FORMAT   0xF010
+#define ERR_SECROIMG_V5_HASH_CHECK_FAIL         0xF011
+#define ERR_SECROIMG_V3_OFFSET_NOT_INIT         0xF012
+
+
+
+
+
+
+#endif				/* SEC_ERROR_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_hal.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_hal.h
new file mode 100644
index 000000000..566f82427
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_hal.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2012 MediaTek, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#ifndef __MT_SEC_HAL_H__
+#define __MT_SEC_HAL_H__
+
+typedef enum {
+	HACC_USER1 = 0,
+	HACC_USER2,
+	HACC_USER3,
+	HACC_USER4
+} HACC_USER;
+
+/*int masp_hal_get_uuid(unsigned int *uuid);*/
+int masp_hal_sbc_enabled(void);
+int masp_hal_get_sbc_checksum(unsigned int *pChecksum);
+unsigned char masp_hal_secure_algo_init(void);
+unsigned char masp_hal_secure_algo_deinit(void);
+void masp_hal_secure_algo(unsigned char Direction, unsigned char *ContentAddr,
+			  unsigned int ContentLen, unsigned char *CustomSeed,
+			  unsigned char *ResText);
+unsigned int masp_hal_sp_hacc_init(unsigned char *sec_seed, unsigned int size);
+unsigned int masp_hal_sp_hacc_blk_sz(void);
+unsigned char *masp_hal_sp_hacc_enc(unsigned char *buf, unsigned int size, unsigned char bAC,
+				    HACC_USER user, unsigned char bDoLock);
+unsigned char *masp_hal_sp_hacc_dec(unsigned char *buf, unsigned int size, unsigned char bAC,
+				    HACC_USER user, unsigned char bDoLock);
+
+#endif				/* !__MT_SEC_HAL_H__ */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ioctl.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ioctl.h
new file mode 100644
index 000000000..c6b105074
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_ioctl.h
@@ -0,0 +1,50 @@
+#ifndef SEC_IOCTL_H
+#define SEC_IOCTL_H
+
+/* use 's' as magic number */
+#define SEC_IOC_MAGIC       's'
+
+/* random id */
+#define SEC_GET_RANDOM_ID               _IOR(SEC_IOC_MAGIC,  1, unsigned int)
+
+/* secure boot init */
+#define SEC_BOOT_INIT                   _IOR(SEC_IOC_MAGIC,  2, unsigned int)
+#define SEC_BOOT_IS_ENABLED             _IOR(SEC_IOC_MAGIC,  3, unsigned int)
+
+/* secure seccfg process */
+#define SEC_SECCFG_DECRYPT              _IOR(SEC_IOC_MAGIC,  4, unsigned int)
+#define SEC_SECCFG_ENCRYPT              _IOR(SEC_IOC_MAGIC,  5, unsigned int)
+
+/* secure usbdl */
+#define SEC_USBDL_IS_ENABLED            _IOR(SEC_IOC_MAGIC,  6, unsigned int)
+
+/* HACC HW */
+#define SEC_HACC_CONFIG                  _IOR(SEC_IOC_MAGIC,  7, unsigned int)
+#define SEC_HACC_LOCK                    _IOR(SEC_IOC_MAGIC,  8, unsigned int)
+#define SEC_HACC_UNLOCK                  _IOR(SEC_IOC_MAGIC,  9, unsigned int)
+#define SEC_HACC_ENABLE_CLK              _IOR(SEC_IOC_MAGIC, 10, unsigned int)
+
+/* secure boot check */
+#define SEC_BOOT_PART_CHECK_ENABLE      _IOR(SEC_IOC_MAGIC, 11, unsigned int)
+#define SEC_BOOT_NOTIFY_MARK_STATUS     _IOR(SEC_IOC_MAGIC, 12, unsigned int)
+#define SEC_BOOT_NOTIFY_PASS            _IOR(SEC_IOC_MAGIC, 13, unsigned int)
+#define SEC_BOOT_NOTIFY_FAIL            _IOR(SEC_IOC_MAGIC, 14, unsigned int)
+#define SEC_BOOT_NOTIFY_RMSDUP_DONE     _IOR(SEC_IOC_MAGIC, 15, unsigned int)
+#define SEC_BOOT_NOTIFY_STATUS          _IOR(SEC_IOC_MAGIC, 19, unsigned int)
+
+/* rom info */
+#define SEC_READ_ROM_INFO               _IOR(SEC_IOC_MAGIC, 16, unsigned int)
+
+/* META */
+#define SEC_NVRAM_HW_ENCRYPT            _IOR(SEC_IOC_MAGIC, 17, unsigned int)
+#define SEC_NVRAM_HW_DECRYPT            _IOR(SEC_IOC_MAGIC, 18, unsigned int)
+
+/* HEVC */
+#define SEC_HEVC_EOP                    _IOR(SEC_IOC_MAGIC, 20, unsigned int)
+#define SEC_HEVC_DOP                    _IOR(SEC_IOC_MAGIC, 21, unsigned int)
+
+#define SEC_IOC_MAXNR       (22)
+
+#define SEC_DEV             "/dev/sec"
+
+#endif				/* end of SEC_IOCTL_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_nvram.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_nvram.h
new file mode 100644
index 000000000..06c48cfda
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_nvram.h
@@ -0,0 +1,21 @@
+#ifndef SEC_META_H
+#define SEC_META_H
+
+/* used for META library */
+#define NVRAM_CIPHER_LEN (16)
+
+/******************************************************************************
+ *  MODEM CONTEXT FOR BOTH USER SPACE PROGRAM AND KERNEL MODULE
+ ******************************************************************************/
+typedef struct {
+	unsigned char data[NVRAM_CIPHER_LEN];
+	unsigned int ret;
+} META_CONTEXT;
+
+/******************************************************************************
+ *  EXPORT FUNCTIONS
+ ******************************************************************************/
+extern int sec_nvram_enc(META_CONTEXT *meta_ctx);
+extern int sec_nvram_dec(META_CONTEXT *meta_ctx);
+
+#endif				/* SEC_META_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_osal_light.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_osal_light.h
new file mode 100644
index 000000000..b69635b24
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_osal_light.h
@@ -0,0 +1,16 @@
+#ifndef SEC_OSAL_LIGHT_H
+#define SEC_OSAL_LIGHT_H
+
+/**************************************************************************
+ *  INCLUDE HEADERS
+ **************************************************************************/
+#include <linux/string.h>
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <stdbool.h>
+#include <linux/printk.h>
+#include <linux/io.h>
+#include <linux/err.h>
+
+#endif				/* SEC_OSAL_LIGHT_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_typedef.h b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_typedef.h
new file mode 100644
index 000000000..84a33971c
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/asf_inc/sec_typedef.h
@@ -0,0 +1,11 @@
+#ifndef SEC_PAL_H
+#define SEC_PAL_H
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#endif				/* end of SEC_LIB_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/core/sec_boot_core.c b/drivers/misc/mediatek/masp/asfv2/core/sec_boot_core.c
new file mode 100644
index 000000000..0ab0390a2
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/core/sec_boot_core.c
@@ -0,0 +1,146 @@
+/******************************************************************************
+ *  INCLUDE LIBRARY
+ ******************************************************************************/
+#include "sec_boot_lib.h"
+#include "sec_osal.h"
+#include "sec_hal.h"
+
+/**************************************************************************
+ *  DEFINITIONS
+ **************************************************************************/
+#define MOD                         "ASF"
+
+/**************************************************************************
+ *  LOCAL VARIABLE
+ **************************************************************************/
+
+/**************************************************************************
+ *  GLOBAL VARIABLE
+ **************************************************************************/
+/*AND_ROMINFO_T rom_info;*/
+/*SECURE_INFO sec_info;*/
+/*SECCFG_U seccfg;*/
+unsigned int g_rom_info_sbc_attr;
+unsigned int g_rom_info_sdl_attr;
+unsigned int g_hw_sbcen;
+unsigned int g_lock_state;
+unsigned int g_random_id[NUM_RID];
+unsigned char g_crypto_seed[NUM_CRYPTO_SEED];
+unsigned int g_sbc_pubk_hash[NUM_SBC_PUBK_HASH];
+
+
+int sec_get_random_id(unsigned int *rid)
+{
+	int ret = 0;
+	memcpy(rid, g_random_id, 16);
+	return ret;
+}
+
+
+/******************************************************************************
+ * CHECK IF SECURITY CHIP IS ENABLED
+******************************************************************************/
+int sec_schip_enabled(void)
+{
+	if (TRUE == masp_hal_sbc_enabled()) {
+		pr_debug("SC\n");
+		return 1;
+	}
+
+	pr_debug("NSC\n");
+
+	return 0;
+}
+
+
+/******************************************************************************
+ * CHECK IF SECURE USBDL IS ENABLED
+ ******************************************************************************/
+int sec_usbdl_enabled(void)
+{
+	switch (g_rom_info_sdl_attr) {
+	case ATTR_SUSBDL_ENABLE:
+		pr_debug("[%s] SUSBDL is enabled\n", MOD);
+		pr_debug("0x%x, SD-FORCE\n", ATTR_SUSBDL_ENABLE);
+		return 1;
+
+		/* SUSBDL can't be disabled on security chip */
+	case ATTR_SUSBDL_DISABLE:
+	case ATTR_SUSBDL_ONLY_ENABLE_ON_SCHIP:
+		pr_debug("[%s] SUSBDL is only enabled on S-CHIP\n", MOD);
+		if (TRUE == masp_hal_sbc_enabled()) {
+			pr_debug("0x%x, SD-SC\n", ATTR_SUSBDL_ONLY_ENABLE_ON_SCHIP);
+			return 1;
+		}
+		pr_debug("0x%x, SD-NSC\n", ATTR_SUSBDL_ONLY_ENABLE_ON_SCHIP);
+		return 0;
+
+	default:
+		pr_debug("[%s] invalid susbdl config (SD-0x%x)\n", MOD, g_rom_info_sdl_attr);
+		SEC_ASSERT(0);
+		return 1;
+	}
+}
+
+/******************************************************************************
+ * CHECK IF SECURE BOOT IS NEEDED
+******************************************************************************/
+int sec_boot_enabled(void)
+{
+	switch (g_rom_info_sbc_attr) {
+	case ATTR_SBOOT_ENABLE:
+		pr_debug("[%s] SBOOT is enabled\n", MOD);
+		pr_debug("0x%x, SB-FORCE\n", ATTR_SBOOT_ENABLE);
+		return 1;
+
+		/* secure boot can't be disabled on security chip */
+	case ATTR_SBOOT_DISABLE:
+	case ATTR_SBOOT_ONLY_ENABLE_ON_SCHIP:
+		pr_debug("[%s] SBOOT is only enabled on S-CHIP\n", MOD);
+		if (TRUE == masp_hal_sbc_enabled()) {
+			pr_debug("0x%x, SB-SC\n", ATTR_SBOOT_ONLY_ENABLE_ON_SCHIP);
+			return 1;
+		}
+
+		pr_debug("0x%x, SB-NSC\n", ATTR_SBOOT_ONLY_ENABLE_ON_SCHIP);
+		return 0;
+
+	default:
+		pr_debug("[%s] invalid sboot config (SB-0x%x)\n", MOD, g_rom_info_sbc_attr);
+		SEC_ASSERT(0);
+	}
+
+	return 0;
+
+}
+
+/**************************************************************************
+ *  SECURE BOOT INIT HACC
+ **************************************************************************/
+unsigned int sec_boot_hacc_init(void)
+{
+	unsigned int ret = SEC_OK;
+
+	/* ----------------------------------- */
+	/* lnit hacc key                        */
+	/* ----------------------------------- */
+	ret = masp_hal_sp_hacc_init(g_crypto_seed, sizeof(g_crypto_seed));
+	if (SEC_OK != ret)
+		goto _end;
+
+_end:
+	return ret;
+}
+
+
+/**************************************************************************
+ *  SECURE BOOT INIT
+ **************************************************************************/
+int masp_boot_init(void)
+{
+	int ret = SEC_OK;
+
+	pr_debug("[%s] error (0x%x)\n", MOD, ret);
+
+	return ret;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/core/sec_ccci.c b/drivers/misc/mediatek/masp/asfv2/core/sec_ccci.c
new file mode 100644
index 000000000..1d826c8c6
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/core/sec_ccci.c
@@ -0,0 +1,30 @@
+#include "sec_hal.h"
+#include "sec_boot_lib.h"
+#include "sec_ccci.h"
+
+/**************************************************************************
+ *  MODULE NAME
+ **************************************************************************/
+#define MOD                         "SEC_CCCI"
+
+void masp_secure_algo(unsigned char Direction, unsigned char *ContentAddr, unsigned int ContentLen,
+		      unsigned char *CustomSeed, unsigned char *ResText)
+{
+	return masp_hal_secure_algo(Direction, ContentAddr, ContentLen, CustomSeed, ResText);
+}
+
+/* return the result of hwEnableClock ( )
+   - TRUE  (1) means crypto engine init success
+   - FALSE (0) means crypto engine init fail    */
+unsigned char masp_secure_algo_init(void)
+{
+	return masp_hal_secure_algo_init();
+}
+
+/* return the result of hwDisableClock ( )
+   - TRUE  (1) means crypto engine de-init success
+   - FALSE (0) means crypto engine de-init fail    */
+unsigned char masp_secure_algo_deinit(void)
+{
+	return masp_hal_secure_algo_deinit();
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/core/sec_legacy.c b/drivers/misc/mediatek/masp/asfv2/core/sec_legacy.c
new file mode 100644
index 000000000..abdb6b62f
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/core/sec_legacy.c
@@ -0,0 +1,103 @@
+#include "sec_hal.h"
+#include "sec_error.h"
+#include "sec_boot_lib.h"
+
+/******************************************************************************
+ *  DEFINITIONS
+ ******************************************************************************/
+#define MOD                         "ASF"
+
+/******************************************************************************
+ * CHECK IF SECROIMG IS USED
+ ******************************************************************************/
+unsigned char masp_secro_en(void)
+{
+	return 0;
+}
+
+/******************************************************************************
+ * RETURN SECROIMG BLK SIZE
+ ******************************************************************************/
+unsigned int masp_secro_blk_sz(void)
+{
+	return masp_hal_sp_hacc_blk_sz();
+}
+
+/******************************************************************************
+ * RETURN SECROIMG MD LENGTH
+ ******************************************************************************/
+unsigned int masp_secro_md_len(unsigned char *md_info)
+{
+	return 0;
+}
+
+/******************************************************************************
+ * RETURN SECROIMG MD PLAINTEXT DATA
+ ******************************************************************************/
+unsigned int masp_secro_md_get_data(unsigned char *md_info, unsigned char *buf, unsigned int offset,
+				    unsigned int len)
+{
+	unsigned int ret = 0;
+
+	return ret;
+}
+
+/******************************************************************************
+ * CHECK IF MODEM AUTH IS NEEDED
+******************************************************************************/
+int sec_modem_auth_enabled(void)
+{
+	return 0;
+}
+
+/**************************************************************************
+ *  SECURE BOOT
+ **************************************************************************/
+int sec_boot_key_init(void)
+{
+	int ret = SEC_OK;
+
+	return ret;
+}
+
+int masp_ccci_signfmt_verify_file(char *file_path, unsigned int *data_offset,
+				  unsigned int *data_sec_len)
+{
+	unsigned int ret = SEC_OK;
+
+	return ret;
+}
+
+int masp_ccci_version_info(void)
+{
+	return CCCI_VERSION;
+}
+
+int sec_ccci_file_open(char *file_path)
+{
+	int fp_id;
+
+	fp_id = osal_filp_open_read_only(file_path);
+
+	if (fp_id != OSAL_FILE_NULL)
+		return fp_id;
+
+	return -1;
+}
+
+int sec_ccci_file_close(int fp_id)
+{
+	return osal_filp_close(fp_id);
+}
+
+
+int masp_ccci_is_cipherfmt(int fp_id, unsigned int start_off, unsigned int *img_len)
+{
+	return 0;
+}
+
+int masp_ccci_decrypt_cipherfmt(int fp_id, unsigned int start_off, char *buf, unsigned int buf_len,
+				unsigned int *data_offset)
+{
+	return 0;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/core/sec_mod_core.c b/drivers/misc/mediatek/masp/asfv2/core/sec_mod_core.c
new file mode 100644
index 000000000..217c39e5d
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/core/sec_mod_core.c
@@ -0,0 +1,207 @@
+/******************************************************************************
+ *  INCLUDE LIBRARY
+ ******************************************************************************/
+
+/******************************************************************************
+ *  INCLUDE LINUX HEADER
+ ******************************************************************************/
+#include <linux/module.h>
+#include <asm/uaccess.h>
+#include <linux/ioctl.h>
+
+/******************************************************************************
+ *  INCLUDE LIBRARY
+ ******************************************************************************/
+#include "sec_hal.h"
+#include "sec_boot_lib.h"
+#include "masp_version.h"
+#include "sec_ioctl.h"
+#include "sec_osal_light.h"
+#include "sec_nvram.h"
+
+#define MOD                         "ASF"
+#define HEVC_BLK_LEN                20480
+
+#define CI_BLK_SIZE                 16
+#define CI_BLK_ALIGN(len) (((len)+CI_BLK_SIZE-1) & ~(CI_BLK_SIZE-1))
+
+/**************************************************************************
+ *  GLOBAL VARIABLES
+ **************************************************************************/
+typedef struct {
+	unsigned char buf[HEVC_BLK_LEN];
+	unsigned int len;
+} HEVC_BLK;
+HEVC_BLK hevc_blk;
+
+uint lks = 2;		/* if sec is not enabled, this param will not be updated */
+module_param(lks, uint, S_IRUSR /*|S_IWUSR|S_IWGRP */  | S_IRGRP | S_IROTH);	/* r--r--r-- */
+MODULE_PARM_DESC(lks, "A device lks parameter under sysfs (0=NL, 1=L, 2=NA)");
+
+
+/**************************************************************************
+ *  SEC DRIVER EXIT
+ **************************************************************************/
+void sec_core_exit(void)
+{
+	pr_debug("[%s] version '%s%s', exit.\n", MOD, BUILD_TIME, BUILD_BRANCH);
+}
+
+/* extern void osal_msleep(unsigned int msec); */
+
+/**************************************************************************
+ *  SEC DRIVER IOCTL
+ **************************************************************************/
+long sec_core_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+	int err = 0;
+	int ret = 0;
+	unsigned int cipher_len = 0;
+	unsigned int rid[4];
+	META_CONTEXT meta_ctx;
+
+	/* ---------------------------------- */
+	/* IOCTL                              */
+	/* ---------------------------------- */
+
+	if (_IOC_TYPE(cmd) != SEC_IOC_MAGIC)
+		return -ENOTTY;
+	if (_IOC_NR(cmd) > SEC_IOC_MAXNR)
+		return -ENOTTY;
+	if (_IOC_DIR(cmd) & _IOC_READ)
+		err = !access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd));
+	if (_IOC_DIR(cmd) & _IOC_WRITE)
+		err = !access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd));
+	if (err)
+		return -EFAULT;
+
+	switch (cmd) {
+
+		/* ---------------------------------- */
+		/* get random id                      */
+		/* ---------------------------------- */
+	case SEC_GET_RANDOM_ID:
+		pr_debug("[%s] CMD - SEC_GET_RANDOM_ID\n", MOD);
+		sec_get_random_id(&rid[0]);
+		ret =
+		    osal_copy_to_user((void __user *)arg, (void *)&rid[0],
+				      sizeof(unsigned int) * 4);
+		break;
+
+		/* ---------------------------------- */
+		/* init boot info                     */
+		/* ---------------------------------- */
+	case SEC_BOOT_INIT:
+		pr_debug("[%s] CMD - SEC_BOOT_INIT\n", MOD);
+		ret = masp_boot_init();
+		ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));
+		break;
+
+		/* ---------------------------------- */
+		/* check if secure usbdl is enbaled   */
+		/* ---------------------------------- */
+	case SEC_USBDL_IS_ENABLED:
+		pr_debug("[%s] CMD - SEC_USBDL_IS_ENABLED\n", MOD);
+		ret = sec_usbdl_enabled();
+		ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));
+		break;
+
+		/* ---------------------------------- */
+		/* check if secure boot is enbaled    */
+		/* ---------------------------------- */
+	case SEC_BOOT_IS_ENABLED:
+		pr_debug("[%s] CMD - SEC_BOOT_IS_ENABLED\n", MOD);
+		ret = sec_boot_enabled();
+		ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));
+		break;
+
+		/* ---------------------------------- */
+		/* NVRAM HW encryption                */
+		/* ---------------------------------- */
+	case SEC_NVRAM_HW_ENCRYPT:
+		pr_debug("[%s] CMD - SEC_NVRAM_HW_ENCRYPT\n", MOD);
+		if (osal_copy_from_user((void *)&meta_ctx, (void __user *)arg, sizeof(meta_ctx)))
+			return -EFAULT;
+
+		/* TODO : double check if META register is correct ? */
+		masp_hal_sp_hacc_enc((unsigned char *)&(meta_ctx.data), NVRAM_CIPHER_LEN, TRUE,
+				     HACC_USER2, FALSE);
+		meta_ctx.ret = SEC_OK;
+
+		ret = osal_copy_to_user((void __user *)arg, (void *)&meta_ctx, sizeof(meta_ctx));
+		break;
+
+		/* ---------------------------------- */
+		/* NVRAM HW decryption                */
+		/* ---------------------------------- */
+	case SEC_NVRAM_HW_DECRYPT:
+		pr_debug("[%s] CMD - SEC_NVRAM_HW_DECRYPT\n", MOD);
+		if (osal_copy_from_user((void *)&meta_ctx, (void __user *)arg, sizeof(meta_ctx)))
+			return -EFAULT;
+
+		masp_hal_sp_hacc_dec((unsigned char *)&(meta_ctx.data), NVRAM_CIPHER_LEN, TRUE,
+				     HACC_USER2, FALSE);
+		meta_ctx.ret = SEC_OK;
+		ret = osal_copy_to_user((void __user *)arg, (void *)&meta_ctx, sizeof(meta_ctx));
+		break;
+
+		/* ---------------------------------- */
+		/* HEVC EOP                           */
+		/* ---------------------------------- */
+	case SEC_HEVC_EOP:
+		pr_debug("[%s] CMD - SEC_HEVC_EOP\n", MOD);
+		if (osal_copy_from_user((void *)(&hevc_blk), (void __user *)arg, sizeof(HEVC_BLK)))
+			return -EFAULT;
+
+		if ((hevc_blk.len % CI_BLK_SIZE) == 0) {
+			cipher_len = hevc_blk.len;
+		} else if ((hevc_blk.len % CI_BLK_SIZE) > 0) {
+			cipher_len = CI_BLK_ALIGN(hevc_blk.len) - CI_BLK_SIZE;
+			if (cipher_len == 0) {
+				pr_debug("[%s] less than one ci_blk, no need to do eop", MOD);
+				break;
+			}
+		}
+		masp_hal_sp_hacc_enc((unsigned char *)(&hevc_blk.buf), cipher_len, TRUE, HACC_USER4,
+				     FALSE);
+
+		ret = osal_copy_to_user((void __user *)arg, (void *)(&hevc_blk), sizeof(HEVC_BLK));
+		break;
+
+		/* ---------------------------------- */
+		/* HEVC DOP                           */
+		/* ---------------------------------- */
+	case SEC_HEVC_DOP:
+		pr_debug("[%s] CMD - SEC_HEVC_DOP\n", MOD);
+		if (osal_copy_from_user((void *)(&hevc_blk), (void __user *)arg, sizeof(HEVC_BLK)))
+			return -EFAULT;
+
+		if ((hevc_blk.len % CI_BLK_SIZE) == 0)
+			cipher_len = hevc_blk.len;
+		else if ((hevc_blk.len % CI_BLK_SIZE) > 0) {
+			cipher_len = CI_BLK_ALIGN(hevc_blk.len) - CI_BLK_SIZE;
+			if (cipher_len == 0) {
+				pr_debug("[%s] less than one ci_blk, no need to do dop", MOD);
+				break;
+			}
+		}
+
+		masp_hal_sp_hacc_dec((unsigned char *)(&hevc_blk.buf), cipher_len, TRUE, HACC_USER4,
+				     FALSE);
+
+		ret = osal_copy_to_user((void __user *)arg, (void *)(&hevc_blk), sizeof(HEVC_BLK));
+		break;
+
+		/* ---------------------------------- */
+		/* configure HACC HW (include SW KEY)  */
+		/* ---------------------------------- */
+	case SEC_HACC_CONFIG:
+		pr_debug("[%s] CMD - SEC_HACC_CONFIG\n", MOD);
+		ret = sec_boot_hacc_init();
+		ret = osal_copy_to_user((void __user *)arg, (void *)&ret, sizeof(int));
+		break;
+
+	}
+
+	return 0;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/core/sec_osal.c b/drivers/misc/mediatek/masp/asfv2/core/sec_osal.c
new file mode 100644
index 000000000..d4d12ce96
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/core/sec_osal.c
@@ -0,0 +1,349 @@
+/******************************************************************************
+ *  KERNEL HEADER
+ ******************************************************************************/
+#include "sec_osal.h"
+
+#include <linux/string.h>
+#include <linux/bug.h>
+#include <linux/spinlock.h>
+#include <linux/semaphore.h>
+#include <linux/delay.h>
+#include <linux/errno.h>
+#include <linux/mutex.h>
+#include <linux/mtd/mtd.h>
+#include <linux/fs.h>
+#include <linux/mtd/partitions.h>
+#include <asm/uaccess.h>
+#include <linux/slab.h>
+#include <linux/version.h>
+#include <linux/module.h>
+#include <linux/vmalloc.h>
+
+/*****************************************************************************
+ * MACRO
+ *****************************************************************************/
+#ifndef ASSERT
+#define ASSERT(expr)        BUG_ON(!(expr))
+#endif
+
+/*****************************************************************************
+ * GLOBAL VARIABLE
+ *****************************************************************************/
+DEFINE_SEMAPHORE(hacc_sem);
+DEFINE_SEMAPHORE(mtd_sem);
+DEFINE_SEMAPHORE(rid_sem);
+DEFINE_SEMAPHORE(sec_mm_sem);
+DEFINE_SEMAPHORE(osal_fp_sem);
+DEFINE_SEMAPHORE(osal_verify_sem);
+DEFINE_SEMAPHORE(osal_secro_sem);
+DEFINE_SEMAPHORE(osal_secro_v5_sem);
+
+/*****************************************************************************
+ * LOCAL VARIABLE
+ *****************************************************************************/
+static mm_segment_t curr_fs;
+#define OSAL_MAX_FP_COUNT           4096
+#define OSAL_FP_OVERFLOW            OSAL_MAX_FP_COUNT
+/* The array 0 will be not be used, and fp_id=0 will be though as NULL file */
+static struct file *g_osal_fp[OSAL_MAX_FP_COUNT] = { 0 };
+
+/*****************************************************************************
+ * PORTING LAYER
+ *****************************************************************************/
+void osal_kfree(void *buf)
+{
+/* kfree(buf); */
+	vfree(buf);
+}
+EXPORT_SYMBOL(osal_kfree);
+
+void *osal_kmalloc(unsigned int size)
+{
+/* return kmalloc(size,GFP_KERNEL); */
+	return vmalloc(size);
+}
+EXPORT_SYMBOL(osal_kmalloc);
+
+unsigned long osal_copy_from_user(void *to, void *from, unsigned long size)
+{
+	return copy_from_user(to, from, size);
+}
+EXPORT_SYMBOL(osal_copy_from_user);
+
+unsigned long osal_copy_to_user(void *to, void *from, unsigned long size)
+{
+	return copy_to_user(to, from, size);
+}
+EXPORT_SYMBOL(osal_copy_to_user);
+
+int osal_hacc_lock(void)
+{
+	return down_interruptible(&hacc_sem);
+}
+EXPORT_SYMBOL(osal_hacc_lock);
+
+void osal_hacc_unlock(void)
+{
+	up(&hacc_sem);
+}
+EXPORT_SYMBOL(osal_hacc_unlock);
+
+int osal_verify_lock(void)
+{
+	return down_interruptible(&osal_verify_sem);
+}
+EXPORT_SYMBOL(osal_verify_lock);
+
+void osal_verify_unlock(void)
+{
+	up(&osal_verify_sem);
+}
+EXPORT_SYMBOL(osal_verify_unlock);
+
+int osal_secro_lock(void)
+{
+	return down_interruptible(&osal_secro_sem);
+}
+EXPORT_SYMBOL(osal_secro_lock);
+
+void osal_secro_unlock(void)
+{
+	up(&osal_secro_sem);
+}
+EXPORT_SYMBOL(osal_secro_unlock);
+
+int osal_secro_v5_lock(void)
+{
+	return down_interruptible(&osal_secro_v5_sem);
+}
+EXPORT_SYMBOL(osal_secro_v5_lock);
+
+void osal_secro_v5_unlock(void)
+{
+	up(&osal_secro_v5_sem);
+}
+EXPORT_SYMBOL(osal_secro_v5_unlock);
+
+int osal_mtd_lock(void)
+{
+	return down_interruptible(&mtd_sem);
+}
+EXPORT_SYMBOL(osal_mtd_lock);
+
+void osal_mtd_unlock(void)
+{
+	up(&mtd_sem);
+}
+EXPORT_SYMBOL(osal_mtd_unlock);
+
+int osal_rid_lock(void)
+{
+	return down_interruptible(&rid_sem);
+}
+EXPORT_SYMBOL(osal_rid_lock);
+
+void osal_rid_unlock(void)
+{
+	up(&rid_sem);
+}
+EXPORT_SYMBOL(osal_rid_unlock);
+
+void osal_msleep(unsigned int msec)
+{
+	msleep(msec);
+}
+EXPORT_SYMBOL(osal_msleep);
+
+void osal_assert(unsigned int val)
+{
+	ASSERT(val);
+}
+EXPORT_SYMBOL(osal_assert);
+
+int osal_set_kernel_fs(void)
+{
+	int val = 0;
+
+	val = down_interruptible(&sec_mm_sem);
+	curr_fs = get_fs();
+	set_fs(KERNEL_DS);
+	return val;
+}
+EXPORT_SYMBOL(osal_set_kernel_fs);
+
+void osal_restore_fs(void)
+{
+	set_fs(curr_fs);
+	up(&sec_mm_sem);
+}
+EXPORT_SYMBOL(osal_restore_fs);
+
+int osal_filp_open_read_only(const char *file_path)
+{
+	int filp_id = 0;
+	int val = 0;
+
+	val = down_interruptible(&osal_fp_sem);
+
+	for (filp_id = 1; filp_id < OSAL_MAX_FP_COUNT - 1; filp_id++) {
+		if (g_osal_fp[filp_id] == NULL)
+			break;
+	}
+
+	g_osal_fp[filp_id] = filp_open(file_path, O_RDONLY, 0777);
+
+	if (IS_ERR(g_osal_fp[filp_id])) {
+		g_osal_fp[OSAL_FILE_NULL] = g_osal_fp[filp_id];	/* Record the fail reason in pos 0 */
+		g_osal_fp[filp_id] = NULL;
+		filp_id = OSAL_FILE_NULL;
+	}
+
+	up(&osal_fp_sem);
+
+	/* the fp_id = 0 will be thought as NULL file ponter */
+	if (filp_id >= OSAL_FP_OVERFLOW) {
+		g_osal_fp[OSAL_FILE_NULL] = (struct file *)(-ENOMEM);	/* Out of memory */
+		return OSAL_FILE_NULL;
+	}
+
+	return filp_id;
+}
+EXPORT_SYMBOL(osal_filp_open_read_only);
+
+void *osal_get_filp_struct(int fp_id)
+{
+	int val = 0;
+	struct file *ret;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		ret = g_osal_fp[fp_id];
+
+		up(&osal_fp_sem);
+
+		return (void *)ret;
+	}
+
+	return (struct file *)(-ENOENT);	/* No such file or directory */
+}
+EXPORT_SYMBOL(osal_get_filp_struct);
+
+int osal_filp_close(int fp_id)
+{
+	int val = 0;
+	int ret = 0;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		if (!IS_ERR(g_osal_fp[fp_id]))
+			ret = filp_close(g_osal_fp[fp_id], NULL);
+		g_osal_fp[fp_id] = NULL;
+
+		up(&osal_fp_sem);
+
+		return ret;
+	}
+
+	return OSAL_FILE_CLOSE_FAIL;
+}
+EXPORT_SYMBOL(osal_filp_close);
+
+loff_t osal_filp_seek_set(int fp_id, loff_t off)
+{
+	loff_t offset;
+	int val = 0;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		offset = g_osal_fp[fp_id]->f_op->llseek(g_osal_fp[fp_id], off, SEEK_SET);
+
+		up(&osal_fp_sem);
+
+		return offset;
+	}
+
+	return OSAL_FILE_SEEK_FAIL;
+}
+EXPORT_SYMBOL(osal_filp_seek_set);
+
+loff_t osal_filp_seek_end(int fp_id, loff_t off)
+{
+	loff_t offset;
+	int val = 0;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		offset = g_osal_fp[fp_id]->f_op->llseek(g_osal_fp[fp_id], off, SEEK_END);
+
+		up(&osal_fp_sem);
+
+		return offset;
+	}
+
+	return OSAL_FILE_SEEK_FAIL;
+}
+EXPORT_SYMBOL(osal_filp_seek_end);
+
+loff_t osal_filp_pos(int fp_id)
+{
+	loff_t offset;
+	int val = 0;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		offset = g_osal_fp[fp_id]->f_pos;
+
+		up(&osal_fp_sem);
+
+		return offset;
+	}
+
+	return OSAL_FILE_GET_POS_FAIL;
+}
+EXPORT_SYMBOL(osal_filp_pos);
+
+long osal_filp_read(int fp_id, char *buf, unsigned long len)
+{
+	ssize_t read_len;
+	int val = 0;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		read_len =
+		    g_osal_fp[fp_id]->f_op->read(g_osal_fp[fp_id], buf, len,
+						 &g_osal_fp[fp_id]->f_pos);
+
+		up(&osal_fp_sem);
+
+		return read_len;
+	}
+
+	return OSAL_FILE_READ_FAIL;
+}
+EXPORT_SYMBOL(osal_filp_read);
+
+long osal_is_err(int fp_id)
+{
+	bool err;
+	int val = 0;
+
+	if (fp_id >= 1 && fp_id < OSAL_MAX_FP_COUNT) {
+		val = down_interruptible(&osal_fp_sem);
+
+		err = IS_ERR(g_osal_fp[fp_id]);
+
+		up(&osal_fp_sem);
+
+		return err;
+	}
+
+	/*osal_assert(0); */
+	return 1;
+}
+EXPORT_SYMBOL(osal_is_err);
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_export.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_export.c
new file mode 100644
index 000000000..da51a4940
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_export.c
@@ -0,0 +1,228 @@
+/* Copyright Statement:
+ *
+ * This software/firmware and related documentation ("MediaTek Software") are
+ * protected under relevant copyright laws. The information contained herein
+ * is confidential and proprietary to MediaTek Inc. and/or its licensors.
+ * Without the prior written permission of MediaTek inc. and/or its licensors,
+ * any reproduction, modification, use or disclosure of MediaTek Software,
+ * and information contained herein, in whole or in part, shall be strictly prohibited.
+ *
+ * MediaTek Inc. (C) 2011. All rights reserved.
+ *
+ * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+ * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+ * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER ON
+ * AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+ * NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+ * SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+ * SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES TO LOOK ONLY TO SUCH
+ * THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. RECEIVER EXPRESSLY ACKNOWLEDGES
+ * THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES
+ * CONTAINED IN MEDIATEK SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK
+ * SOFTWARE RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR
+ * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND
+ * CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+ * AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+ * OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY RECEIVER TO
+ * MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+ *
+ * The following software/firmware and/or related documentation ("MediaTek Software")
+ * have been modified by MediaTek Inc. All revisions are subject to any receiver's
+ * applicable license agreements with MediaTek Inc.
+ */
+
+#include "sec_osal.h"
+/*#include <mach/mt_typedefs.h>*/
+#include "sec_hal.h"
+#include "sec_osal_light.h"
+#include "sec_boot_lib.h"
+#include "sec_error.h"
+#include "hacc_mach.h"
+
+
+
+/******************************************************************************
+ * This file provide the HACC operation function to secure library
+ * All the functions should be general ...
+ ******************************************************************************/
+#define MOD                         "ASF"
+
+/******************************************************************************
+ * GLOBAL VARIABLES
+ ******************************************************************************/
+bool bHACC_HWWrapKeyInit = FALSE;
+bool bHACC_SWKeyInit = FALSE;
+
+/******************************************************************************
+ *  INTERNAL VARIABLES
+ ******************************************************************************/
+static const unsigned int g_HACC_CFG_1[8] = {
+	0x9ED40400, 0x00E884A1, 0xE3F083BD, 0x2F4E6D8A,
+	0xFF838E5C, 0xE940A0E3, 0x8D4DECC6, 0x45FC0989
+};
+
+static const unsigned int g_HACC_CFG_2[8] = {
+	0xAA542CDA, 0x55522114, 0xE3F083BD, 0x55522114,
+	0xAA542CDA, 0xAA542CDA, 0x55522114, 0xAA542CDA
+};
+
+static const unsigned int g_HACC_CFG_3[8] = {
+	0x2684B690, 0xEB67A8BE, 0xA113144C, 0x177B1215,
+	0x168BEE66, 0x1284B684, 0xDF3BCE3A, 0x217F6FA2
+};
+
+
+/******************************************************************************
+ *  INTERNAL ENGINE
+ ******************************************************************************/
+static unsigned char *sp_hacc_internal(unsigned char *buf, unsigned int size, bool bAC,
+				       HACC_USER user, bool bDoLock, AES_OPS aes_type, bool bEn)
+{
+	unsigned int err = 0;
+
+	/* ---------------------------- */
+	/* get hacc lock                 */
+	/* ---------------------------- */
+	if (TRUE == bDoLock) {
+		/* If the semaphore is successfully acquired, this function returns 0. */
+		err = osal_hacc_lock();
+
+		if (err) {
+			err = ERR_SBOOT_HACC_LOCK_FAIL;
+			goto _err;
+		}
+	}
+
+	/* ---------------------------- */
+	/* ciphering and force AC               */
+	/* ---------------------------- */
+	switch (user) {
+	case HACC_USER1:
+		/* ---------------------------- */
+		/* use smart phone hacc function 1  */
+		/* ---------------------------- */
+		HACC_V3_Init(bEn, g_HACC_CFG_1);
+
+		HACC_V3_Run((unsigned int *)buf, size, (unsigned int *)buf);
+
+		HACC_V3_Terminate();
+		break;
+
+	case HACC_USER2:
+		/* ---------------------------- */
+		/* use smart phone hacc function 2  */
+		/* ---------------------------- */
+		HACC_V3_Init(bEn, g_HACC_CFG_2);
+
+		HACC_V3_Run((unsigned int *)buf, size, (unsigned int *)buf);
+
+		HACC_V3_Terminate();
+		break;
+
+
+	case HACC_USER3:
+		/* use smart phone hacc function 3 */
+		/* ---------------------------- */
+		if (FALSE == bHACC_HWWrapKeyInit) {
+			err = ERR_HACC_HW_WRAP_KEY_NOT_INIT;
+			goto _err;
+		}
+
+
+		err = hacc_set_key(AES_HW_WRAP_KEY, AES_KEY_256);
+
+		if (SEC_OK != err)
+			goto _err;
+
+		err = hacc_do_aes(aes_type, buf, buf, AES_BLK_SZ_ALIGN(size));
+
+		if (SEC_OK != err)
+			goto _err;
+		break;
+
+	case HACC_USER4:
+		/* ---------------------------- */
+		/* use smart phone hacc function 4  */
+		/* ---------------------------- */
+		HACC_V3_Init(bEn, g_HACC_CFG_3);
+
+		HACC_V3_Run((unsigned int *)buf, size, (unsigned int *)buf);
+
+		HACC_V3_Terminate();
+		break;
+
+	default:
+		err = ERR_HACC_UNKNOWN_USER;
+		goto _err;
+	}
+
+	/* ---------------------------- */
+	/* release hacc lock             */
+	/* ---------------------------- */
+	if (TRUE == bDoLock)
+		osal_hacc_unlock();
+
+	return buf;
+
+_err:
+	if (TRUE == bDoLock)
+		osal_hacc_unlock();
+
+	pr_debug("[%s] HACC Fail (0x%x)\n", MOD, err);
+
+	BUG_ON(!(0));
+
+	return buf;
+}
+
+/******************************************************************************
+ *  ENCRYPTION
+ ******************************************************************************/
+unsigned char *masp_hal_sp_hacc_enc(unsigned char *buf, unsigned int size, unsigned char bAC,
+				    HACC_USER user, unsigned char bDoLock)
+{
+	return sp_hacc_internal(buf, size, TRUE, user, bDoLock, AES_ENC, TRUE);
+}
+
+
+/******************************************************************************
+ *  DECRYPTION
+ ******************************************************************************/
+unsigned char *masp_hal_sp_hacc_dec(unsigned char *buf, unsigned int size, unsigned char bAC,
+				    HACC_USER user, unsigned char bDoLock)
+{
+	return sp_hacc_internal(buf, size, TRUE, user, bDoLock, AES_DEC, FALSE);
+}
+
+/******************************************************************************
+ *  HACC BLK SIZE
+ ******************************************************************************/
+unsigned int masp_hal_sp_hacc_blk_sz(void)
+{
+	return AES_BLK_SZ;
+}
+
+/******************************************************************************
+ *  HACC INITIALIZATION
+ ******************************************************************************/
+unsigned int masp_hal_sp_hacc_init(unsigned char *sec_seed, unsigned int size)
+{
+	AES_KEY_SEED keyseed;
+	unsigned int i = 0;
+
+	if (_CRYPTO_SEED_LEN != size)
+		return ERR_HACC_SEED_LEN_ERROR;
+
+	keyseed.size = HACC_AES_MAX_KEY_SZ;
+	for (i = 0; i < HACC_AES_MAX_KEY_SZ / 2; i++) {
+		keyseed.seed[i] = sec_seed[i];
+		keyseed.seed[HACC_AES_MAX_KEY_SZ - i - 1] = sec_seed[i] + MTK_HACC_SEED;
+	}
+
+	pr_debug("0x%x,0x%x,0x%x,0x%x\n", keyseed.seed[0], keyseed.seed[1], keyseed.seed[2],
+	     keyseed.seed[3]);
+
+	return hacc_init(&keyseed);
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_hk.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_hk.c
new file mode 100644
index 000000000..131287a22
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_hk.c
@@ -0,0 +1,190 @@
+/* Copyright Statement:
+ *
+ * This software/firmware and related documentation ("MediaTek Software") are
+ * protected under relevant copyright laws. The information contained herein
+ * is confidential and proprietary to MediaTek Inc. and/or its licensors.
+ * Without the prior written permission of MediaTek inc. and/or its licensors,
+ * any reproduction, modification, use or disclosure of MediaTek Software,
+ * and information contained herein, in whole or in part, shall be strictly prohibited.
+ *
+ * MediaTek Inc. (C) 2011. All rights reserved.
+ *
+ * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+ * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+ * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER ON
+ * AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+ * NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+ * SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+ * SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES TO LOOK ONLY TO SUCH
+ * THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. RECEIVER EXPRESSLY ACKNOWLEDGES
+ * THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES
+ * CONTAINED IN MEDIATEK SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK
+ * SOFTWARE RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR
+ * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND
+ * CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+ * AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+ * OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY RECEIVER TO
+ * MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+ *
+ * The following software/firmware and/or related documentation ("MediaTek Software")
+ * have been modified by MediaTek Inc. All revisions are subject to any receiver's
+ * applicable license agreements with MediaTek Inc.
+ */
+
+#include "sec_hal.h"
+#include "sec_error.h"
+#include "sec_typedef.h"
+#include "hacc_mach.h"
+
+/******************************************************************************
+ * DEBUG
+ ******************************************************************************/
+#define SEC_DEBUG                   (FALSE)
+#define SMSG                        DBG_MSG
+#if SEC_DEBUG
+#define DMSG                        DBG_MSG
+#else
+#define DMSG
+#endif
+
+static const unsigned int g_CFG_RANDOM_PATTERN[3][4] = {
+	{0x2D44BB70, 0xA744D227, 0xD0A9864B, 0x83FFC244},
+	{0x7EC8266B, 0x43E80FB2, 0x01A6348A, 0x2067F9A0},
+	{0x54536405, 0xD546A6B1, 0x1CC3EC3A, 0xDE377A83}
+};
+
+
+/******************************************************************************
+ * HACC HW internal function
+ ******************************************************************************/
+void HACC_V3_Init(bool encode, const unsigned int g_AC_CFG[])
+{
+
+	unsigned int i, j;
+	const unsigned int *p1;
+	/* const unsigned int *p2; */
+	unsigned int acon_setting;
+
+	/* -------------------------- */
+	/* Power On HACC               */
+	/* -------------------------- */
+	masp_hal_secure_algo_init();
+
+	/* -------------------------- */
+	/* Configuration              */
+	/* -------------------------- */
+
+	/* set little endian */
+	acon_setting = HACC_AES_CHG_BO_OFF;
+
+	/* set mode */
+	acon_setting |= HACC_AES_CBC;
+
+	/* type */
+	acon_setting |= HACC_AES_128;
+
+	/* operation */
+	if (encode)
+		acon_setting |= HACC_AES_ENC;
+	else
+		acon_setting |= HACC_AES_DEC;
+
+	/* -------------------------- */
+	/* Set Key                    */
+	/* -------------------------- */
+
+	/* clear key */
+	for (i = 0; i < 8; i++)
+		*(((volatile unsigned int *)HACC_AKEY0) + i) = 0;
+
+	/* -------------------------- */
+	/* Generate META Key          */
+	/* -------------------------- */
+	*((volatile unsigned int *)HACC_ACON) =
+	    (HACC_AES_CHG_BO_OFF | HACC_AES_128 | HACC_AES_CBC | HACC_AES_DEC);
+
+	/* init ACONK
+	   B2C: bind HUID/HUK to HACC */
+	*((volatile unsigned int *)HACC_ACONK) = HACC_AES_BK2C;
+	/* enable R2K, so that output data is feedback to key by HACC internal algorithm */
+	*((volatile unsigned int *)HACC_ACONK) |= HACC_AES_R2K;
+
+	/* clear HACC_ASRC/HACC_ACFG/HACC_AOUT */
+	*((volatile unsigned int *)HACC_ACON2) = HACC_AES_CLR;
+
+	/* set cfg */
+	p1 = &g_AC_CFG[0];
+	for (i = 0; i < 4; i++)
+		*(((volatile unsigned int *)HACC_ACFG0) + i) = *(p1 + i);
+
+	/* encrypt fix pattern 3 rounds to generate a pattern from HUID/HUK */
+	for (i = 0; i < 3; i++) {
+		/* set fixed pattern into source */
+		p1 = g_CFG_RANDOM_PATTERN[i];
+		for (j = 0; j < 4; j++)
+			*(((volatile unsigned int *)HACC_ASRC0) + j) = *(p1 + j);
+		/* start decryption */
+		*((volatile unsigned int *)HACC_ACON2) = HACC_AES_START;
+		/* polling ready */
+		while (0 == ((*((volatile unsigned int *)HACC_ACON2)) & HACC_AES_RDY))
+			;
+	}
+
+	/* -------------------------- */
+	/* Set CFG                     */
+	/* -------------------------- */
+
+	/* clear HACC_ASRC/HACC_ACFG/HACC_AOUT */
+	*((volatile unsigned int *)HACC_ACON2) = HACC_AES_CLR;
+
+	/* set cfg */
+	p1 = &g_AC_CFG[0];
+	for (i = 0; i < 4; i++)
+		*(((volatile unsigned int *)HACC_ACFG0) + i) = *(p1 + i);
+
+	/* set config without R2K */
+	*((volatile unsigned int *)HACC_ACON) = acon_setting;
+	*((volatile unsigned int *)HACC_ACONK) = 0;
+}
+
+void HACC_V3_Run(volatile unsigned int *p_src, unsigned int src_len, volatile unsigned int *p_dst)
+{
+	unsigned int i, j;
+
+	/* config src/dst addr and len */
+	unsigned int len = src_len;
+
+	/* fo operation */
+	for (i = 0; i < len; i += 16, p_src += 4, p_dst += 4) {
+		/* set fixed pattern into source */
+		for (j = 0; j < 4; j++)
+			*(((volatile unsigned int *)HACC_ASRC0) + j) = *(p_src + j);
+		/* start encryption */
+		*((volatile unsigned int *)HACC_ACON2) = HACC_AES_START;
+		/* polling ready */
+		while (0 == ((*((volatile unsigned int *)HACC_ACON2)) & HACC_AES_RDY))
+			;
+		/* read out data */
+		for (j = 0; j < 4; j++)
+			*(p_dst + j) = *(((volatile unsigned int *)HACC_AOUT0) + j);
+	}
+}
+
+void HACC_V3_Terminate(void)
+{
+	unsigned int i;
+
+	/* clear HACC_ASRC/HACC_ACFG/HACC_AOUT */
+	*((volatile unsigned int *)HACC_ACON2) = HACC_AES_CLR;
+
+	/* -------------------------- */
+	/* Clear Key                  */
+	/* -------------------------- */
+	/* clear key */
+	for (i = 0; i < 8; i++)
+		*(((volatile unsigned int *)HACC_AKEY0) + i) = 0;
+
+	masp_hal_secure_algo_deinit();
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_lib.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_lib.c
new file mode 100644
index 000000000..f97efb20e
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_lib.c
@@ -0,0 +1,150 @@
+/* Copyright Statement:
+ *
+ * This software/firmware and related documentation ("MediaTek Software") are
+ * protected under relevant copyright laws. The information contained herein
+ * is confidential and proprietary to MediaTek Inc. and/or its licensors.
+ * Without the prior written permission of MediaTek inc. and/or its licensors,
+ * any reproduction, modification, use or disclosure of MediaTek Software,
+ * and information contained herein, in whole or in part, shall be strictly prohibited.
+ *
+ * MediaTek Inc. (C) 2011. All rights reserved.
+ *
+ * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+ * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+ * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER ON
+ * AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+ * NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+ * SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+ * SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES TO LOOK ONLY TO SUCH
+ * THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. RECEIVER EXPRESSLY ACKNOWLEDGES
+ * THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES
+ * CONTAINED IN MEDIATEK SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK
+ * SOFTWARE RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR
+ * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND
+ * CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+ * AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+ * OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY RECEIVER TO
+ * MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+ *
+ * The following software/firmware and/or related documentation ("MediaTek Software")
+ * have been modified by MediaTek Inc. All revisions are subject to any receiver's
+ * applicable license agreements with MediaTek Inc.
+ */
+#include "sec_osal.h"
+/*#include <mach/mt_typedefs.h>*/
+#include "sec_hal.h"
+#include "hacc_mach.h"
+/*#include "sec_log.h"*/
+#include "sec_error.h"
+#include "sec_typedef.h"
+
+/******************************************************************************
+ * Crypto Engine Test Driver Debug Control
+ ******************************************************************************/
+#define MOD                         "CE"
+
+/******************************************************************************
+ * Seed Definition
+ ******************************************************************************/
+#define _CRYPTO_SEED_LEN            (16)
+
+/******************************************************************************
+ * GLOBAL FUNCTIONS
+ ******************************************************************************/
+/* return the result of hwEnableClock ( )
+   - TRUE  (1) means crypto engine init success
+   - FALSE (0) means crypto engine init fail    */
+unsigned char masp_hal_secure_algo_init(void)
+{
+	bool ret = TRUE;
+
+	return ret;
+}
+
+/* return the result of hwDisableClock ( )
+   - TRUE  (1) means crypto engine de-init success
+   - FALSE (0) means crypto engine de-init fail    */
+unsigned char masp_hal_secure_algo_deinit(void)
+{
+	bool ret = TRUE;
+
+	return ret;
+}
+
+/******************************************************************************
+ * CRYPTO ENGINE EXPORTED APIs
+ ******************************************************************************/
+/* perform crypto operation
+   @ Direction   : TRUE  (1) means encrypt
+		   FALSE (0) means decrypt
+   @ ContentAddr : input source address
+   @ ContentLen  : input source length
+   @ CustomSeed  : customization seed for crypto engine
+   @ ResText     : output destination address */
+void masp_hal_secure_algo(unsigned char Direction, unsigned char *ContentAddr,
+			  unsigned int ContentLen, unsigned char *CustomSeed,
+			  unsigned char *ResText)
+{
+	unsigned int err;
+	unsigned char *src, *dst, *seed;
+	unsigned int i = 0;
+
+	/* try to get hacc lock */
+	do {
+		/* If the semaphore is successfully acquired, this function returns 0. */
+		err = osal_hacc_lock();
+	} while (0 != err);
+
+	/* initialize hacc crypto configuration */
+	seed = (unsigned char *)CustomSeed;
+	err = masp_hal_sp_hacc_init(seed, _CRYPTO_SEED_LEN);
+
+	if (SEC_OK != err)
+		goto _error;
+
+	/* initialize source and destination address */
+	src = (unsigned char *)ContentAddr;
+	dst = (unsigned char *)ResText;
+
+	/* according to input parameter to encrypt or decrypt */
+	switch (Direction) {
+	case TRUE:
+		/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+		/* ! CCCI driver already got HACC lock ! */
+		/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+		dst =
+		    masp_hal_sp_hacc_enc((unsigned char *)src, ContentLen, TRUE, HACC_USER3, FALSE);
+		break;
+
+	case FALSE:
+		/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+		/* ! CCCI driver already got HACC lock ! */
+		/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+		dst =
+		    masp_hal_sp_hacc_dec((unsigned char *)src, ContentLen, TRUE, HACC_USER3, FALSE);
+		break;
+
+	default:
+		err = ERR_KER_CRYPTO_INVALID_MODE;
+		goto _error;
+	}
+
+
+	/* copy result */
+	for (i = 0; i < ContentLen; i++)
+		*(ResText + i) = *(dst + i);
+
+	/* try to release hacc lock */
+	osal_hacc_unlock();
+
+	return;
+
+_error:
+	/* try to release hacc lock */
+	osal_hacc_unlock();
+
+	pr_err("[%s] masp_hal_secure_algo error (0x%x)\n", MOD, err);
+	BUG_ON(!(0));
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_mach.h b/drivers/misc/mediatek/masp/asfv2/mach/hacc_mach.h
new file mode 100644
index 000000000..c804ab719
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_mach.h
@@ -0,0 +1,206 @@
+/* to avoid disclosing any secret and let customer know we have hacc hardware,
+   the file name 'hacc' is changed to 'hacc_hw' in kernel driver */
+
+#ifndef HACC_MACH_H
+#define HACC_MACH_H
+
+#include "sec_osal_light.h"
+
+/******************************************************************************
+ * CHIP SELECTION
+ ******************************************************************************/
+/*
+#include <mach/mt_typedefs.h>
+#include <mach/mt_reg_base.h>
+#include <mach/mt_clkmgr.h>
+*/
+#ifdef CONFIG_ARM64
+extern unsigned long long hacc_base;
+#else
+extern unsigned int hacc_base;
+#endif
+#if 0
+#ifdef CONFIG_ARM64
+extern unsigned long long es_base;
+#else
+extern unsigned int es_base;
+#endif
+#endif
+/******************************************************************************
+ * MACROS DEFINITIONS
+ ******************************************************************************/
+#define AES_BLK_SZ_ALIGN(size)      ((size) & ~((AES_BLK_SZ << 3) - 1))
+
+
+/******************************************************************************
+ * HARDWARE DEFINITIONS
+ ******************************************************************************/
+#define HACC_CG                      (0x1 << 10)
+
+#define HACC_AES_TEST_SRC            (0x02000000)
+#define HACC_AES_TEST_TMP            (0x02100000)
+#define HACC_AES_TEST_DST            (0x02200000)
+
+#define HACC_CFG_0                    (0x5a5a3257)	/* CHECKME */
+#define HACC_CFG_1                    (0x66975412)	/* CHECKME */
+#define HACC_CFG_2                    (0x66975412)	/* CHECKME */
+#define HACC_CFG_3                    (0x5a5a3257)	/* CHECKME */
+
+#define HACC_CON                     (hacc_base+0x0000)
+#define HACC_ACON                    (hacc_base+0x0004)
+#define HACC_ACON2                   (hacc_base+0x0008)
+#define HACC_ACONK                   (hacc_base+0x000C)
+#define HACC_ASRC0                   (hacc_base+0x0010)
+#define HACC_ASRC1                   (hacc_base+0x0014)
+#define HACC_ASRC2                   (hacc_base+0x0018)
+#define HACC_ASRC3                   (hacc_base+0x001C)
+#define HACC_AKEY0                   (hacc_base+0x0020)
+#define HACC_AKEY1                   (hacc_base+0x0024)
+#define HACC_AKEY2                   (hacc_base+0x0028)
+#define HACC_AKEY3                   (hacc_base+0x002C)
+#define HACC_AKEY4                   (hacc_base+0x0030)
+#define HACC_AKEY5                   (hacc_base+0x0034)
+#define HACC_AKEY6                   (hacc_base+0x0038)
+#define HACC_AKEY7                   (hacc_base+0x003C)
+#define HACC_ACFG0                   (hacc_base+0x0040)
+#define HACC_AOUT0                   (hacc_base+0x0050)
+#define HACC_AOUT1                   (hacc_base+0x0054)
+#define HACC_AOUT2                   (hacc_base+0x0058)
+#define HACC_AOUT3                   (hacc_base+0x005C)
+#define HACC_SW_OTP0                 (hacc_base+0x0060)
+#define HACC_SW_OTP1                 (hacc_base+0x0064)
+#define HACC_SW_OTP2                 (hacc_base+0x0068)
+#define HACC_SW_OTP3                 (hacc_base+0x006c)
+#define HACC_SW_OTP4                 (hacc_base+0x0070)
+#define HACC_SW_OTP5                 (hacc_base+0x0074)
+#define HACC_SW_OTP6                 (hacc_base+0x0078)
+#define HACC_SW_OTP7                 (hacc_base+0x007c)
+#define HACC_SECINIT0                (hacc_base+0x0080)
+#define HACC_SECINIT1                (hacc_base+0x0084)
+#define HACC_SECINIT2                (hacc_base+0x0088)
+#define HACC_MKJ                     (hacc_base+0x00a0)
+
+/* AES */
+#define HACC_AES_DEC                 0x00000000
+#define HACC_AES_ENC                 0x00000001
+#define HACC_AES_MODE_MASK           0x00000002
+#define HACC_AES_ECB                 0x00000000
+#define HACC_AES_CBC                 0x00000002
+#define HACC_AES_TYPE_MASK           0x00000030
+#define HACC_AES_128                 0x00000000
+#define HACC_AES_192                 0x00000010
+#define HACC_AES_256                 0x00000020
+#define HACC_AES_CHG_BO_MASK         0x00001000
+#define HACC_AES_CHG_BO_OFF          0x00000000
+#define HACC_AES_CHG_BO_ON           0x00001000
+#define HACC_AES_START               0x00000001
+#define HACC_AES_CLR                 0x00000002
+#define HACC_AES_RDY                 0x00008000
+
+/* AES key relevant */
+#define HACC_AES_BK2C                0x00000010
+#define HACC_AES_R2K                 0x00000100
+
+/* SECINIT magic */
+#define HACC_SECINIT0_MAGIC          0xAE0ACBEA
+#define HACC_SECINIT1_MAGIC          0xCD957018
+#define HACC_SECINIT2_MAGIC          0x46293911
+
+
+/******************************************************************************
+ * CONSTANT DEFINITIONS
+ ******************************************************************************/
+#define HACC_AES_MAX_KEY_SZ          (32)
+#define AES_CFG_SZ                   (16)
+#define AES_BLK_SZ                  (16)
+#define HACC_HW_KEY_SZ               (16)
+#define _CRYPTO_SEED_LEN            (16)
+
+/* In order to support NAND writer and keep MTK secret,
+   use MTK HACC seed and custom crypto seed to generate SW key
+   to encrypt SEC_CFG */
+#define MTK_HACC_SEED                (0x1)
+
+/******************************************************************************
+ * TYPE DEFINITIONS
+ ******************************************************************************/
+typedef enum {
+	AES_ECB_MODE,
+	AES_CBC_MODE
+} AES_MODE;
+
+typedef enum {
+	AES_DEC,
+	AES_ENC
+} AES_OPS;
+
+typedef enum {
+	AES_KEY_128 = 16,
+	AES_KEY_192 = 24,
+	AES_KEY_256 = 32
+} AES_KEY;
+
+typedef enum {
+	AES_SW_KEY,
+	AES_HW_KEY,
+	AES_HW_WRAP_KEY
+} AES_KEY_ID;
+
+typedef struct {
+	unsigned char config[AES_CFG_SZ];
+} AES_CFG;
+
+typedef struct {
+	unsigned int size;
+	unsigned char seed[HACC_AES_MAX_KEY_SZ];
+} AES_KEY_SEED;
+
+struct hacc_context {
+	AES_CFG cfg;
+	unsigned int blk_sz;
+	unsigned char sw_key[HACC_AES_MAX_KEY_SZ];
+	unsigned char hw_key[HACC_AES_MAX_KEY_SZ];
+};
+
+/* --------------------------------------------------------------------------- */
+/* Register Manipulations */
+/* --------------------------------------------------------------------------- */
+
+#define READ_REGISTER_UINT32(reg) \
+	(*(volatile unsigned int * const)(reg))
+
+#define WRITE_REGISTER_UINT32(reg, val) \
+	((*(volatile unsigned int * const)(reg)) = (val))
+
+#define INREG32(x)          READ_REGISTER_UINT32((unsigned int *)((void *)(x)))
+#define OUTREG32(x, y)      WRITE_REGISTER_UINT32((unsigned int *)((void *)(x)), (unsigned int)(y))
+#define SETREG32(x, y)      OUTREG32(x, INREG32(x)|(y))
+#define CLRREG32(x, y)      OUTREG32(x, INREG32(x)&~(y))
+#define MASKREG32(x, y, z)  OUTREG32(x, (INREG32(x)&~(y))|(z))
+
+#define DRV_Reg32(addr)             INREG32(addr)
+#define DRV_WriteReg32(addr, data)  OUTREG32(addr, data)
+#define DRV_SetReg32(addr, data)    SETREG32(addr, data)
+#define DRV_ClrReg32(addr, data)    CLRREG32(addr, data)
+
+
+/******************************************************************************
+ *  EXPORT FUNCTION
+ ******************************************************************************/
+extern unsigned int hacc_set_key(AES_KEY_ID id, AES_KEY key);
+extern unsigned int hacc_do_aes(AES_OPS ops, unsigned char *src, unsigned char *dst,
+				unsigned int size);
+extern unsigned int hacc_init(AES_KEY_SEED *keyseed);
+extern unsigned int hacc_deinit(void);
+extern void HACC_V3_Init(bool encode, const unsigned int g_AC_CFG[]);
+extern void HACC_V3_Run(volatile unsigned int *p_src, unsigned int src_len,
+			volatile unsigned int *p_dst);
+extern void HACC_V3_Terminate(void);
+
+/******************************************************************************
+ * EXTERNAL VARIABLE
+ ******************************************************************************/
+extern bool bHACC_HWWrapKeyInit;
+extern bool bHACC_SWKeyInit;
+
+#endif
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_service.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_service.c
new file mode 100644
index 000000000..1de100816
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_service.c
@@ -0,0 +1,18 @@
+#include <linux/types.h>
+#include "hacc_tee.h"
+
+
+int masp_hal_get_uuid(unsigned int *uuid)
+{
+	uuid[0] = get_devinfo_with_index(12);
+	uuid[1] = get_devinfo_with_index(13);
+	uuid[2] = get_devinfo_with_index(12);
+	uuid[3] = get_devinfo_with_index(13);
+
+	return 0;
+}
+
+int masp_hal_sbc_enabled(void)
+{
+	return (get_devinfo_with_index(6) & 0x00000002) ? 1 : 0;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_sk.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_sk.c
new file mode 100644
index 000000000..e518d703c
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_sk.c
@@ -0,0 +1,322 @@
+/* Copyright Statement:
+ *
+ * This software/firmware and related documentation ("MediaTek Software") are
+ * protected under relevant copyright laws. The information contained herein
+ * is confidential and proprietary to MediaTek Inc. and/or its licensors.
+ * Without the prior written permission of MediaTek inc. and/or its licensors,
+ * any reproduction, modification, use or disclosure of MediaTek Software,
+ * and information contained herein, in whole or in part, shall be strictly prohibited.
+ *
+ * MediaTek Inc. (C) 2011. All rights reserved.
+ *
+ * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+ * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+ * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER ON
+ * AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+ * NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+ * SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+ * SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES TO LOOK ONLY TO SUCH
+ * THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. RECEIVER EXPRESSLY ACKNOWLEDGES
+ * THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES
+ * CONTAINED IN MEDIATEK SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK
+ * SOFTWARE RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR
+ * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND
+ * CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+ * AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+ * OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY RECEIVER TO
+ * MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+ *
+ * The following software/firmware and/or related documentation ("MediaTek Software")
+ * have been modified by MediaTek Inc. All revisions are subject to any receiver's
+ * applicable license agreements with MediaTek Inc.
+ */
+
+/*#include <mach/mt_typedefs.h>
+#include <mach/mt_reg_base.h>
+*/
+#include "sec_error.h"
+#include "hacc_mach.h"
+
+/******************************************************************************
+ * this file contains the hardware secure engine low-level operations
+ * note that : all the functions in this file are ONLY for HACC internal usages.
+ ******************************************************************************/
+
+/******************************************************************************
+ * CONSTANT DEFINITIONS
+ ******************************************************************************/
+#define MOD                         "HACC"
+#define HACC_TEST                    (0)
+
+/******************************************************************************
+ * DEBUG
+ ******************************************************************************/
+#define SEC_DEBUG                   (0)
+#define SMSG                        printk
+#if SEC_DEBUG
+#define DMSG                        printk
+#else
+#define DMSG
+#endif
+
+
+
+/******************************************************************************
+ * LOCAL VERIABLE
+ ******************************************************************************/
+static struct hacc_context hacc_ctx;
+
+/******************************************************************************
+ * LOCAL FUNCTIONS
+ ******************************************************************************/
+
+#if HACC_TEST
+static void hacc_test(void)
+{
+	unsigned int i, test_sz = HACC_AES_MAX_KEY_SZ * 24;
+	unsigned int test_keysz = AES_KEY_256;
+	unsigned char *test_src = (unsigned char *)HACC_AES_TEST_SRC;
+	unsigned char *test_dst = (unsigned char *)HACC_AES_TEST_DST;
+	unsigned char *test_tmp = (unsigned char *)HACC_AES_TEST_TMP;
+
+	/* prepare data */
+	for (i = 0; i < test_sz; i++)
+		test_src[i] = i + 1;
+
+	hacc_set_key(AES_HW_WRAP_KEY, test_keysz);
+	hacc_do_aes(AES_ENC, test_src, test_tmp, test_sz);
+	hacc_set_key(AES_HW_WRAP_KEY, test_keysz);
+	hacc_do_aes(AES_DEC, test_tmp, test_dst, test_sz);
+
+	for (i = 0; i < test_sz; i++) {
+		if (test_src[i] != test_dst[i]) {
+			DMSG("[%s] test_src[%d] = 0x%x != test_dst[%d] = 0x%x\n", MOD, i,
+			     test_src[i], i, test_dst[i]);
+			DMSG(0);
+		}
+	}
+	DMSG("[%s] encrypt & descrypt unit test pass. (Key = %dbits)\n", MOD, test_keysz << 3);
+}
+#else
+#define hacc_test()      do {} while (0)
+#endif
+
+/******************************************************************************
+ * GLOBAL FUNCTIONS
+ ******************************************************************************/
+static unsigned int hacc_set_cfg(AES_CFG *cfg)
+{
+	memcpy(&hacc_ctx.cfg, cfg, sizeof(AES_CFG));
+	return SEC_OK;
+}
+
+static unsigned int hacc_set_mode(AES_MODE mode)
+{
+	AES_CFG cfg;
+
+	DRV_ClrReg32(HACC_ACON, HACC_AES_MODE_MASK);
+
+	switch (mode) {
+	case AES_ECB_MODE:
+		/* no need cfg */
+		memset(&cfg.config[0], 0, sizeof(cfg.config));
+		DRV_SetReg32(HACC_ACON, HACC_AES_ECB);
+		break;
+	case AES_CBC_MODE:
+		DRV_SetReg32(HACC_ACON, HACC_AES_CBC);
+		break;
+	default:
+		return ERR_HACC_MODE_INVALID;
+	}
+
+	return SEC_OK;
+}
+
+unsigned int hacc_set_key(AES_KEY_ID id, AES_KEY key)
+{
+	unsigned int i, acon = 0;
+	unsigned int akey;
+	unsigned char *tkey;
+
+	switch (key) {
+	case AES_KEY_128:
+		acon |= HACC_AES_128;
+		break;
+	case AES_KEY_192:
+		acon |= HACC_AES_192;
+		break;
+	case AES_KEY_256:
+		acon |= HACC_AES_256;
+		break;
+	default:
+		return ERR_HACC_KEY_INVALID;
+	}
+	/* set aes block size */
+	hacc_ctx.blk_sz = key;
+
+	/* set aes key length */
+	DRV_ClrReg32(HACC_ACON, HACC_AES_TYPE_MASK);
+	DRV_SetReg32(HACC_ACON, acon);
+
+	/* clear key */
+	for (i = 0; i < HACC_AES_MAX_KEY_SZ; i += 4)
+		DRV_WriteReg32(HACC_AKEY0 + i, 0);
+
+	/* set aes key */
+	switch (id) {
+	case AES_HW_KEY:
+		DRV_SetReg32(HACC_ACONK, HACC_AES_BK2C);
+		return 0;
+	case AES_HW_WRAP_KEY:
+		tkey = &hacc_ctx.hw_key[0];
+		break;
+	case AES_SW_KEY:
+	default:
+		tkey = &hacc_ctx.sw_key[0];
+		break;
+	}
+
+	/* non hardware binding key */
+	DRV_ClrReg32(HACC_ACONK, HACC_AES_BK2C);
+
+	/* update key. note that don't use key directly */
+	for (i = 0; i < HACC_AES_MAX_KEY_SZ; i += 4) {
+		akey = (tkey[i] << 24) | (tkey[i + 1] << 16) | (tkey[i + 2] << 8) | (tkey[i + 3]);
+		DRV_WriteReg32(HACC_AKEY0 + i, akey);
+	}
+
+	return SEC_OK;
+}
+
+unsigned int hacc_do_aes(AES_OPS ops, unsigned char *src, unsigned char *dst, unsigned int size)
+{
+	unsigned int i;
+	unsigned int *ds, *dt, *vt;
+
+	/* make sure size is aligned to aes block size */
+	if ((size % AES_BLK_SZ) != 0) {
+		SMSG("[%s] size = %d is not %d bytes alignment\n", MOD, size, AES_BLK_SZ);
+		return ERR_HACC_DATA_UNALIGNED;
+	}
+
+	vt = (unsigned int *)&hacc_ctx.cfg.config[0];
+
+	/* erase src, cfg, out register */
+	DRV_SetReg32(HACC_ACON2, HACC_AES_CLR);
+
+	/* set init config */
+	for (i = 0; i < AES_CFG_SZ; i += 4)
+		DRV_WriteReg32(HACC_ACFG0 + i, *vt++);
+
+	if (ops == AES_ENC)
+		DRV_SetReg32(HACC_ACON, HACC_AES_ENC);
+	else
+		DRV_ClrReg32(HACC_ACON, HACC_AES_ENC);
+
+	ds = (unsigned int *)src;
+	dt = (unsigned int *)dst;
+
+	do {
+		/* fill in the data */
+		for (i = 0; i < AES_BLK_SZ; i += 4)
+			DRV_WriteReg32(HACC_ASRC0 + i, *ds++);
+
+		/* start aes engine */
+		DRV_SetReg32(HACC_ACON2, HACC_AES_START);
+
+		/* wait for aes engine ready */
+		while ((DRV_Reg32(HACC_ACON2) & HACC_AES_RDY) == 0)
+			;
+
+		/* read out the data */
+		for (i = 0; i < AES_BLK_SZ; i += 4)
+			*dt++ = DRV_Reg32(HACC_AOUT0 + i);
+
+		if (size == 0)
+			goto _end;
+
+		size -= AES_BLK_SZ;
+
+	} while (size != 0);
+
+_end:
+
+	return SEC_OK;
+}
+
+unsigned int hacc_deinit(void)
+{
+	unsigned int ret = 0;
+
+	/* clear aes module */
+	DRV_SetReg32(HACC_ACON2, HACC_AES_CLR);
+
+	return ret;
+}
+
+unsigned int hacc_init(AES_KEY_SEED *keyseed)
+{
+	unsigned int i = 0;
+	unsigned int *config;
+	unsigned int ret = 0;
+
+	hacc_deinit();
+	/* DRV_WriteReg32(HACC_SECINIT0, HACC_SECINIT0_MAGIC); */
+	/* DRV_WriteReg32(HACC_SECINIT1, HACC_SECINIT1_MAGIC); */
+	/* DRV_WriteReg32(HACC_SECINIT2, HACC_SECINIT2_MAGIC); */
+
+	/* clear aes module */
+	DRV_SetReg32(HACC_ACON2, HACC_AES_CLR);
+
+	/* set aes module in cbc mode with no byte order change */
+	DRV_ClrReg32(HACC_ACON2, HACC_AES_CHG_BO_MASK | HACC_AES_MODE_MASK);
+	DRV_SetReg32(HACC_ACON2, HACC_AES_CHG_BO_OFF | HACC_AES_CBC);
+
+	/* aes secure initialiation */
+	memset(&hacc_ctx, 0, sizeof(struct hacc_context));
+
+	for (i = 0; i < keyseed->size; i++)
+		hacc_ctx.sw_key[i] = keyseed->seed[i];
+
+	config = (unsigned int *)&hacc_ctx.cfg.config[0];
+
+	*config++ = HACC_CFG_0;
+	*config++ = HACC_CFG_1;
+	*config++ = HACC_CFG_2;
+	*config = HACC_CFG_3;
+
+	ret = hacc_set_cfg(&hacc_ctx.cfg);
+	if (SEC_OK != ret)
+		goto _end;
+
+	ret = hacc_set_mode(AES_CBC_MODE);
+	if (SEC_OK != ret)
+		goto _end;
+
+	/* derive the hardware wrapper key */
+	ret = hacc_set_key(AES_HW_KEY, HACC_HW_KEY_SZ);
+	if (SEC_OK != ret)
+		goto _end;
+
+	ret = hacc_do_aes(AES_ENC, &hacc_ctx.sw_key[0], &hacc_ctx.hw_key[0], AES_KEY_256);
+	if (SEC_OK != ret)
+		goto _end;
+
+	ret = hacc_set_key(AES_HW_WRAP_KEY, AES_KEY_256);
+	if (SEC_OK != ret)
+		goto _end;
+
+	hacc_test();
+
+	/* from now on, HACC HW wrap key can be used */
+	bHACC_HWWrapKeyInit = 1;
+
+	/* from now on, HACC SW key can be used */
+	bHACC_SWKeyInit = 1;
+
+_end:
+
+	return ret;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.c
new file mode 100644
index 000000000..d8ee6860d
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.c
@@ -0,0 +1,170 @@
+
+#include <linux/types.h>
+#include "sec_hal.h"
+#include "sec_osal.h"
+
+#include "hacc_mach.h"
+#include "hacc_tee.h"
+#include "sec_error.h"
+
+
+#define TRUE 1
+#define FALSE 0
+#define BOOL uint8_t
+
+/* To turn on HACC module clock if required */
+unsigned char masp_hal_secure_algo_init(void)
+{
+	bool ret = TRUE;
+
+	return ret;
+}
+
+/* To turn off HACC module clock if required */
+unsigned char masp_hal_secure_algo_deinit(void)
+{
+	bool ret = TRUE;
+
+	return ret;
+}
+
+/* This function will not work in TEE case */
+unsigned int masp_hal_sp_hacc_init(unsigned char *sec_seed, unsigned int size)
+{
+	/* No implemtation is required in TEE's case */
+	return 0;
+}
+
+unsigned int masp_hal_sp_hacc_blk_sz(void)
+{
+	return AES_BLK_SZ;
+}
+
+static char *hacc_secure_request(HACC_USER user, unsigned char *buf, unsigned int buf_size,
+				 BOOL bEncrypt, BOOL bDoLock, unsigned char *sec_seed,
+				 unsigned int seed_size)
+{
+	unsigned int ret = SEC_OK;
+
+	/* get hacc lock */
+	if (TRUE == bDoLock) {
+		/* If the semaphore is successfully acquired, this function returns 0. */
+		ret = osal_hacc_lock();
+
+		if (ret) {
+			ret = ERR_SBOOT_HACC_LOCK_FAIL;
+			goto _exit;
+		}
+	}
+	/* turn on clock */
+	masp_hal_secure_algo_init();
+
+
+	if (buf_size != 0) {
+		/* try to open connection to TEE */
+		if (open_sdriver_connection() < 0) {
+			ret = ERR_HACC_OPEN_SECURE_CONNECTION_FAIL;
+			goto _exit;
+		}
+
+		/* send request to TEE */
+		ret =
+		    tee_secure_request((unsigned int)user, buf, buf_size, (unsigned int)bEncrypt,
+				       sec_seed, seed_size);
+		if (ret != SEC_OK) {
+			ret = ERR_HACC_REQUEST_SECURE_SERVICE_FAIL;
+			goto _exit;
+		}
+
+		if (close_sdriver_connection() < 0) {
+			ret = ERR_HACC_CLOSE_SECURE_CONNECTION_FAIL;
+			goto _exit;
+		}
+	} else {
+		pr_debug
+		    ("[HACC] hacc_secure_request - buffer size is 0, no encryption or decyrption is performed\n");
+	}
+
+
+_exit:
+	/* turn off clock */
+	masp_hal_secure_algo_deinit();
+	/* release hacc lock */
+	if (TRUE == bDoLock)
+		osal_hacc_unlock();
+
+	if (ret) {
+		pr_debug("[HACC] hacc_secure_request fail (0x%x) (don't ASSERT)\n", ret);
+
+		/* ASSERT(0); */
+	}
+
+	return buf;
+}
+
+void masp_hal_secure_algo(unsigned char Direction, unsigned char *ContentAddr,
+			  unsigned int ContentLen, unsigned char *CustomSeed,
+			  unsigned char *ResText)
+{
+	unsigned int err = 0;
+	unsigned char *src, *dst;
+	unsigned int i = 0;
+
+	/* try to get hacc lock */
+	do {
+		/* If the semaphore is successfully acquired, this function returns 0. */
+		err = osal_hacc_lock();
+	} while (0 != err);
+
+	/* initialize source and destination address */
+	src = (unsigned char *)ContentAddr;
+	dst = (unsigned char *)ResText;
+
+	/* according to input parameter to encrypt or decrypt */
+	switch (Direction) {
+	case TRUE:
+		dst = hacc_secure_request(HACC_USER3, (unsigned char *)src,
+		ContentLen, TRUE, FALSE, CustomSeed, _CRYPTO_SEED_LEN);	/* encrypt */
+		break;
+
+	case FALSE:
+		dst = hacc_secure_request(HACC_USER3, (unsigned char *)src,
+		ContentLen, FALSE, FALSE, CustomSeed, _CRYPTO_SEED_LEN);	/* decrypt */
+		break;
+
+	default:
+		err = ERR_KER_CRYPTO_INVALID_MODE;
+		goto _wrong_direction;
+	}
+
+	/* copy result */
+	for (i = 0; i < ContentLen; i++)
+		*(ResText + i) = *(dst + i);
+
+_wrong_direction:
+	/* try to release hacc lock */
+	osal_hacc_unlock();
+
+	if (err) {
+		pr_debug("[HACC] masp_hal_secure_algo error (0x%x) (don't ASSERT)\n", err);
+		/* ASSERT(0); */
+	}
+}
+
+/*
+ * For SECRO (user1), this function will help to get hacc lock
+ * For SECCFG (user1-sbchk), it should get hacc lock via ioctl command before using this function
+ * For MD NVRAM (user3), it should get hacc lock before using this function
+ * For AP NVRAM (user2), it should get hacc lock via ioctl command before using this function
+ */
+unsigned char *masp_hal_sp_hacc_enc(unsigned char *buf, unsigned int size, unsigned char bAC,
+				    HACC_USER user, unsigned char bDoLock)
+{
+	return hacc_secure_request(user, buf, size, TRUE, bDoLock, NULL, 0);
+}
+
+unsigned char *masp_hal_sp_hacc_dec(unsigned char *buf, unsigned int size, unsigned char bAC,
+				    HACC_USER user, unsigned char bDoLock)
+{
+	return hacc_secure_request(user, buf, size, FALSE, bDoLock, NULL, 0);
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.h b/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.h
new file mode 100644
index 000000000..4ae64ed07
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee.h
@@ -0,0 +1,10 @@
+#ifndef HACC_TEE_H
+#define HACC_TEE_H
+
+extern u32 get_devinfo_with_index(u32 index);
+int open_sdriver_connection(void);
+int tee_secure_request(unsigned int user, unsigned char *data, unsigned int data_size,
+		       unsigned int direction, unsigned char *seed, unsigned int seed_size);
+int close_sdriver_connection(void);
+
+#endif
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee_req.c b/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee_req.c
new file mode 100644
index 000000000..5144cb7d3
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/hacc_tee_req.c
@@ -0,0 +1,219 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/interrupt.h>
+#include <linux/device.h>
+#include <linux/mm.h>
+#include <linux/uaccess.h>
+#include <linux/slab.h>
+#include <linux/init.h>
+#include <linux/fs.h>
+#include <linux/device.h>
+#include <linux/platform_device.h>
+#include <linux/vmalloc.h>
+
+#include <linux/types.h>
+#include "mobicore_driver_api.h"
+#include "tlcApisec.h"
+#include "sec_error.h"
+#include "hacc_tee.h"
+
+static const struct mc_uuid_t MC_UUID_HACC = { {
+						0x05, 0x11, 0x00, 0x00,
+						0x00, 0x00, 0x00, 0x00,
+						0x00, 0x00, 0x00, 0x00,
+						0x00, 0x00, 0x00, 0x00}
+};
+
+uint32_t deviceId = MC_DEVICE_ID_DEFAULT;
+struct mc_session_handle drSessionHandle;
+static dapc_tciMessage_t *pTci;
+/* static int open_count = 0; */
+
+/* DO NOT invoke this function unless you get HACC lock */
+int open_sdriver_connection(void)
+{
+	enum mc_result mcRet = 0;
+	int retryCnt = 0;
+
+	do {
+		/* Initialize session handle data */
+		mcRet = mc_open_device(deviceId);
+		if (MC_DRV_OK != mcRet) {
+			retryCnt++;
+			pr_debug("NWD HACC: mc_open_device failed: %d, retry count (%d)\n", mcRet,
+				 retryCnt);
+			continue;
+		}
+		pr_debug("NWD HACC: mc_open_device success: %d\n", mcRet);
+
+		/* Allocating WSM for DCI */
+		mcRet =
+		    mc_malloc_wsm(deviceId, 0, sizeof(dapc_tciMessage_t), (uint8_t **) &pTci, 0);
+		if (MC_DRV_OK != mcRet) {
+			pr_debug("NWD HACC: mc_malloc_wsm failed: %d\n", mcRet);
+			break;
+		}
+
+		/* Open session to the trustlet */
+		memset(&drSessionHandle, 0, sizeof(drSessionHandle));
+		drSessionHandle.device_id = deviceId;
+		mcRet =
+		    mc_open_session(&drSessionHandle, &MC_UUID_HACC, (uint8_t *) pTci,
+				    (uint32_t) sizeof(dapc_tciMessage_t));
+
+		if (MC_DRV_OK != mcRet) {
+			pr_debug("NWD HACC: mc_open_session failed: %d\n", mcRet);
+			break;
+		}
+
+		pr_debug("NWD HACC: mc_open_session success: %d\n", mcRet);
+		break;
+	} while (retryCnt < 30);
+
+	if (MC_DRV_OK != mcRet)
+		return -1;
+
+	return 0;
+}
+
+/* DO NOT invoke this function unless you get HACC lock */
+int close_sdriver_connection(void)
+{
+	enum mc_result mcRet = 0;
+
+	do {
+		/* Close session */
+		mcRet = mc_close_session(&drSessionHandle);
+		if (MC_DRV_OK != mcRet) {
+			pr_debug("NWD HACC: mc_close_session failed: %d\n", mcRet);
+			break;
+		}
+		pr_debug("NWD HACC: mc_close_session success: %d\n", mcRet);
+		memset(&drSessionHandle, 0, sizeof(drSessionHandle));
+
+		/* Free WSM for DCI */
+		mcRet = mc_free_wsm(deviceId, (uint8_t *) pTci);
+		if (MC_DRV_OK != mcRet) {
+			pr_debug("NWD HACC: mc_free_wsm failed: %d\n", mcRet);
+			break;
+		}
+		pTci = NULL;
+
+		/* Close MobiCore device */
+		mcRet = mc_close_device(deviceId);
+		if (MC_DRV_OK != mcRet) {
+			pr_debug("NWD HACC: mc_close_device failed: %d\n", mcRet);
+			break;
+		}
+		pr_debug("NWD HACC: mc_close_device success: %d\n", mcRet);
+	} while (false);
+
+	if (MC_DRV_OK != mcRet)
+		return -1;
+
+	return 0;
+}
+
+
+/* DO NOT invoke this function unless you get HACC lock */
+int tee_secure_request(unsigned int user, unsigned char *data, unsigned int data_size,
+		       unsigned int direction, unsigned char *seed, unsigned int seed_size)
+{
+	int ret = SEC_OK;
+	struct mc_bulk_map dataMapInfo;
+	struct mc_bulk_map seedMapInfo;
+	char *databuf = NULL;
+	char *seedbuf = NULL;
+	enum mc_result mcRet = 0;
+
+	/* allocate data buffer to be sent to TEE */
+	databuf = vmalloc(data_size);
+	if (databuf == NULL) {
+		ret = ERR_HACC_ALLOCATE_BUFFER_FAIL;
+		goto _allocate_data_buf_err;
+	}
+	memcpy(databuf, data, data_size);
+
+	if (seed_size != 0) {
+		/* allocate seed buffer to be sent to TEE */
+		seedbuf = vmalloc(seed_size);
+		if (seedbuf == NULL) {
+			ret = ERR_HACC_ALLOCATE_BUFFER_FAIL;
+			goto _allocate_seed_buf_err;
+		}
+		memcpy(seedbuf, seed, seed_size);
+	}
+
+	/* map TCI virtual address for data buffer */
+	ret = mc_map(&drSessionHandle, databuf, data_size, &dataMapInfo);
+	if (MC_DRV_OK != ret) {
+		pr_debug("NWD HACC: mcMap failed of data buffer: %d", ret);
+		ret = ERR_HACC_MCMAP_BUFFER_FAIL;
+		goto _mcmap_data_fail;
+	}
+	pTci->data_addr = (uint32_t) dataMapInfo.secure_virt_addr;
+	pTci->data_len = data_size;
+
+	if (seed_size != 0) {
+		/* map TCI virtual address for seed buffer */
+		ret = mc_map(&drSessionHandle, seedbuf, seed_size, &seedMapInfo);
+		if (MC_DRV_OK != ret) {
+			pr_debug("NWD HACC: mcMap failed of seed buffer: %d", ret);
+			ret = ERR_HACC_MCMAP_BUFFER_FAIL;
+			goto _mcmap_seed_fail;
+		}
+		pTci->seed_addr = (uint32_t) seedMapInfo.secure_virt_addr;
+		pTci->seed_len = seed_size;
+	} else {
+		pTci->seed_addr = 0;
+		pTci->seed_len = 0;
+	}
+
+	/* set other TCI parameter */
+	pTci->hacc_user = user;
+	pTci->direction = direction;
+
+	/* set TCI command */
+	pTci->cmd.header.commandId = CMD_HACC_REQUEST;
+
+	/* notify the trustlet */
+	pr_debug("NWD HACC: prepare notify\n");
+	mcRet = mc_notify(&drSessionHandle);
+	if (MC_DRV_OK != mcRet) {
+		pr_debug("NWD HACC IRQ fail: mc_notify returned: %d\n", mcRet);
+		ret = ERR_HACC_NOTIFY_TO_TRUSTLET_FAIL;
+		goto _notify_to_trustlet_fail;
+	}
+
+	/* wait for response from the trustlet */
+	mcRet = mc_wait_notification(&drSessionHandle, /*MC_INFINITE_TIMEOUT */ 20000);
+	if (MC_DRV_OK != mcRet) {
+		pr_debug("NWD HACC IRQ fail: mc_wait_notification 20s timeout: %d\n", mcRet);
+		ret = ERR_HACC_NOTIFY_FROM_TRUSTLET_FAIL;
+		goto _notify_from_trustlet_fail;
+	}
+
+	if (pTci->result != 0) {
+		pr_debug("NWD HACC Request Fail!!!!!!!!(ret:%d, err:%d)\n", pTci->result,
+			 pTci->rsp.header.returnCode);
+	} else {
+		pr_debug("NWD HACC Request Success!!!!!!!!\n");
+		/* update result from secure buffer */
+		memcpy(data, databuf, data_size);
+	}
+
+_notify_from_trustlet_fail:
+_notify_to_trustlet_fail:
+	if (seed_size != 0)
+		mc_unmap(&drSessionHandle, seedbuf, &seedMapInfo);
+_mcmap_seed_fail:
+	mc_unmap(&drSessionHandle, databuf, &dataMapInfo);
+_mcmap_data_fail:
+	if (seed_size != 0)
+		vfree(seedbuf);
+_allocate_seed_buf_err:
+	vfree(databuf);
+_allocate_data_buf_err:
+
+	return ret;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/mach/sec_lib.c b/drivers/misc/mediatek/masp/asfv2/mach/sec_lib.c
new file mode 100644
index 000000000..d57c19a0a
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/mach/sec_lib.c
@@ -0,0 +1,64 @@
+/* Copyright Statement:
+ *
+ * This software/firmware and related documentation ("MediaTek Software") are
+ * protected under relevant copyright laws. The information contained herein
+ * is confidential and proprietary to MediaTek Inc. and/or its licensors.
+ * Without the prior written permission of MediaTek inc. and/or its licensors,
+ * any reproduction, modification, use or disclosure of MediaTek Software,
+ * and information contained herein, in whole or in part, shall be strictly prohibited.
+ *
+ * MediaTek Inc. (C) 2011. All rights reserved.
+ *
+ * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+ * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+ * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER ON
+ * AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+ * NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+ * SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+ * SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES TO LOOK ONLY TO SUCH
+ * THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. RECEIVER EXPRESSLY ACKNOWLEDGES
+ * THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES
+ * CONTAINED IN MEDIATEK SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK
+ * SOFTWARE RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR
+ * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND
+ * CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+ * AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+ * OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY RECEIVER TO
+ * MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+ *
+ * The following software/firmware and/or related documentation ("MediaTek Software")
+ * have been modified by MediaTek Inc. All revisions are subject to any receiver's
+ * applicable license agreements with MediaTek Inc.
+ */
+
+/******************************************************************************
+ * CHIP SELECTION
+ ******************************************************************************/
+/*#include <mach/mt_typedefs.h>*/
+#include "hacc_mach.h"
+/******************************************************************************
+ * REGISTER
+ ******************************************************************************/
+#include "sec_boot_lib.h"
+#include "sec_mod.h"
+
+
+/******************************************************************************
+ * LOCAL FUNCTIONS
+ ******************************************************************************/
+int masp_hal_sbc_enabled(void)
+{
+	return g_hw_sbcen;
+}
+
+int masp_hal_get_sbc_checksum(unsigned int *pChecksum)
+{
+	int i;
+
+	for (i = 0; i < NUM_SBC_PUBK_HASH; i++)
+		*pChecksum += g_sbc_pubk_hash[i];
+
+	return 0;
+}
diff --git a/drivers/misc/mediatek/masp/asfv2/module/sec_mod.c b/drivers/misc/mediatek/masp/asfv2/module/sec_mod.c
new file mode 100644
index 000000000..ec99a9e36
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/module/sec_mod.c
@@ -0,0 +1,399 @@
+/*
+* Copyright (C) 2011-2014 MediaTek Inc.
+*
+* This program is free software: you can redistribute it and/or modify it under the terms of the
+* GNU General Public License version 2 as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* See the GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License along with this program.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/******************************************************************************
+ *  INCLUDE LINUX HEADER
+ ******************************************************************************/
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/moduleparam.h>
+#include <linux/slab.h>
+#include <linux/unistd.h>
+#include <linux/sched.h>
+#include <linux/fs.h>
+#include <asm/uaccess.h>
+#include <linux/version.h>
+#include <linux/spinlock.h>
+#include <linux/semaphore.h>
+#include <linux/delay.h>
+#include <linux/kthread.h>
+#include <linux/errno.h>
+#include <linux/cdev.h>
+#include <linux/kdev_t.h>
+#include <linux/platform_device.h>
+#include <linux/device.h>
+#include <linux/mutex.h>
+#include <linux/vmalloc.h>
+#include <linux/poll.h>
+#include <linux/proc_fs.h>
+#include <linux/string.h>
+/* #include <mach/memory.h> */
+#include <asm/io.h>
+#include <linux/device.h>
+#include <linux/cdev.h>
+#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
+#include <linux/interrupt.h>
+#include <linux/irq.h>
+#include <linux/of_platform.h>
+#include <linux/of_irq.h>
+#include <linux/of_address.h>
+#ifdef CONFIG_OF
+#include <linux/of_fdt.h>
+#endif
+/******************************************************************************
+ *  INCLUDE LIBRARY
+ ******************************************************************************/
+#include "sec_osal.h"
+#include "sec_mod.h"
+#include "sec_boot_lib.h"
+#ifdef MTK_SECURITY_MODULE_LITE
+#include "masp_version.h"
+#endif
+
+#define SEC_DEV_NAME                "sec"
+#define SEC_MAJOR                   182
+#define MOD                         "MASP"
+
+#define TRACE_FUNC()                MSG_FUNC(SEC_DEV_NAME)
+
+
+
+/*************************************************************************
+ *  GLOBAL VARIABLE
+ **************************************************************************/
+static struct sec_mod sec = { 0 };
+
+static struct cdev sec_dev;
+static struct class *sec_class;
+static struct device *sec_device;
+
+#ifdef CONFIG_ARM64
+unsigned long long hacc_base;
+/*unsigned long long es_base;*/
+#else
+unsigned int hacc_base;
+/*unsigned int es_base;*/
+#endif
+
+static const struct of_device_id masp_of_ids[] = {
+	{.compatible = "mediatek,hacc",},
+	{}
+};
+#if 0
+/* ****************************
+ * FOR ES_BASE ONLY
+ ******************************/
+int es_probe(struct platform_device *dev)
+{
+
+#ifdef CONFIG_ARM64
+	es_base = (unsigned long long)of_iomap(dev->dev.of_node, 0);
+#else
+	es_base = (unsigned int)of_iomap(dev->dev.of_node, 0);
+#endif
+	if (!es_base) {
+		pr_err("[%s] ES register remapping failed\n", SEC_DEV_NAME);
+		return -ENXIO;
+	}
+	return 0;
+}
+
+int es_remove(struct platform_device *dev)
+{
+	es_base = 0;
+	return 0;
+}
+
+static const struct of_device_id es_of_ids[] = {
+	{.compatible = "mediatek,efusec",},
+	{}
+};
+
+static struct platform_driver es_driver = {
+	.driver = {
+		   .name = "es",
+		   .owner = THIS_MODULE,
+		   .of_match_table = es_of_ids,
+		   },
+	.probe = es_probe,
+	.remove = es_remove,
+};
+#endif
+/**************************************************************************
+ *  SEC DRIVER OPEN
+ **************************************************************************/
+static int sec_open(struct inode *inode, struct file *file)
+{
+	return 0;
+}
+
+/**************************************************************************
+ *  SEC DRIVER RELEASE
+ **************************************************************************/
+static int sec_release(struct inode *inode, struct file *file)
+{
+	return 0;
+}
+
+/**************************************************************************
+ *  SEC DRIVER IOCTL
+ **************************************************************************/
+static long sec_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+#ifdef MTK_SECURITY_MODULE_LITE
+	return -EIO;
+#else
+	return sec_core_ioctl(file, cmd, arg);
+#endif
+}
+
+static const struct file_operations sec_fops = {
+	.owner = THIS_MODULE,
+	.open = sec_open,
+	.release = sec_release,
+	.write = NULL,
+	.read = NULL,
+	.unlocked_ioctl = sec_ioctl
+};
+
+/**************************************************************************
+ *  SEC RID PROC FUNCTION
+ **************************************************************************/
+static int sec_proc_rid_show(struct seq_file *m, void *v)
+{
+	unsigned int rid[4] = { 0 };
+	unsigned int i = 0;
+
+	sec_get_random_id((unsigned int *)rid);
+
+	for (i = 0; i < 16; i++)
+		seq_putc(m, *((char *)rid + i));
+
+	return 0;
+}
+
+static int sec_proc_rid_open(struct inode *inode, struct file *file)
+{
+	return single_open(file, sec_proc_rid_show, NULL);
+}
+
+static const struct file_operations sec_proc_rid_fops = {
+	.open = sec_proc_rid_open,
+	.read = seq_read,
+	.llseek = seq_lseek,
+	.release = seq_release,
+};
+
+
+/**************************************************************************
+ *  SEC MODULE PARAMETER
+ **************************************************************************/
+static uint recovery_done;
+module_param(recovery_done, uint, S_IRUSR | S_IWUSR /*|S_IWGRP */  | S_IRGRP | S_IROTH);	/* rw-r--r-- */
+MODULE_PARM_DESC(recovery_done,
+		 "A recovery sync parameter under sysfs (0=complete, 1=on-going, 2=error)");
+
+/**************************************************************************
+ *  SEC DRIVER INIT
+ **************************************************************************/
+static int sec_init(struct platform_device *dev)
+{
+	int ret = 0;
+	dev_t id;
+
+	pr_debug("[%s] sec_init (%d)\n", SEC_DEV_NAME, ret);
+
+	#ifdef CONFIG_ARM64
+	hacc_base = (unsigned long long)of_iomap(dev->dev.of_node, 0);
+	#else
+	hacc_base = (unsigned int)of_iomap(dev->dev.of_node, 0);
+	#endif
+	if (!hacc_base) {
+		pr_err("[%s] HACC register remapping failed\n", SEC_DEV_NAME);
+		return -ENXIO;
+	}
+
+	id = MKDEV(SEC_MAJOR, 0);
+	ret = register_chrdev_region(id, 1, SEC_DEV_NAME);
+
+	if (ret) {
+		pr_err("[%s] Regist Failed (%d)\n", SEC_DEV_NAME, ret);
+		return ret;
+	}
+
+	sec_class = class_create(THIS_MODULE, SEC_DEV_NAME);
+	if (NULL == sec_class) {
+		pr_err("[%s] Create class failed(0x%x)\n", SEC_DEV_NAME, ret);
+		ret = -1;
+		return ret;
+	}
+
+	cdev_init(&sec_dev, &sec_fops);
+	sec_dev.owner = THIS_MODULE;
+
+	ret = cdev_add(&sec_dev, id, 1);
+	if (ret < 0)
+		goto exit;
+
+	sec_device = device_create(sec_class, NULL, id, NULL, SEC_DEV_NAME);
+	if (NULL == sec_class) {
+		pr_err("[%s] Create device failed(0x%x)\n", SEC_DEV_NAME, ret);
+		class_destroy(sec_class);
+		ret = -1;
+		return ret;
+	}
+
+	sec.id = id;
+	sec.init = 1;
+	spin_lock_init(&sec.lock);
+
+	proc_create("rid", 0, NULL, &sec_proc_rid_fops);
+
+#ifdef MTK_SECURITY_MODULE_LITE
+	pr_debug("[MASP Lite] version '%s%s', enter.\n", BUILD_TIME, BUILD_BRANCH);
+#endif
+
+exit:
+	if (ret != 0) {
+		device_destroy(sec_class, id);
+		class_destroy(sec_class);
+		unregister_chrdev_region(id, 1);
+		memset(&sec, 0, sizeof(sec));
+	}
+
+	return ret;
+}
+
+
+/**************************************************************************
+ *  SEC DRIVER EXIT
+ **************************************************************************/
+static void sec_exit(void)
+{
+	remove_proc_entry("rid", NULL);
+	cdev_del(&sec_dev);
+	unregister_chrdev_region(sec.id, 1);
+	memset(&sec, 0, sizeof(sec));
+
+#ifdef MTK_SECURITY_MODULE_LITE
+	pr_debug("[MASP Lite] version '%s%s', exit.\n", BUILD_TIME, BUILD_BRANCH);
+#else
+	sec_core_exit();
+#endif
+}
+
+/**************************************************************************
+ *  MASP PLATFORM DRIVER WRAPPER, FOR BUILD-IN SEQUENCE
+ **************************************************************************/
+int masp_probe(struct platform_device *dev)
+{
+	int ret = 0;
+
+	ret = sec_init(dev);
+	return ret;
+}
+
+int masp_remove(struct platform_device *dev)
+{
+	sec_exit();
+	return 0;
+}
+
+
+static struct platform_driver masp_driver = {
+	.driver = {
+		   .name = "masp",
+		   .owner = THIS_MODULE,
+		   .of_match_table = masp_of_ids,
+		   },
+	.probe = masp_probe,
+	.remove = masp_remove,
+};
+
+static int __init masp_init(void)
+{
+	int ret;
+	#if 0
+	ret = platform_driver_register(&es_driver);
+	if (ret) {
+		pr_err("[ES] Reg platform driver failed (%d)\n", ret);
+		return ret;
+	}
+	#endif
+	ret = platform_driver_register(&masp_driver);
+	if (ret) {
+		pr_err("[%s] Reg platform driver failed (%d)\n", SEC_DEV_NAME, ret);
+		return ret;
+	}
+
+	return ret;
+}
+
+#ifdef CONFIG_OF
+static int __init masp_parse_dt(unsigned long node, const char *uname, int depth, void *data)
+{
+	struct masp_tag *tags;
+	int i;
+
+	if (depth != 1 || (strcmp(uname, "chosen") != 0 && strcmp(uname, "chosen@0") != 0))
+		return 0;
+
+	tags = (struct masp_tag *)of_get_flat_dt_prop(node, "atag,masp", NULL);
+	if (tags) {
+		g_rom_info_sbc_attr = tags->rom_info_sbc_attr;
+		g_rom_info_sdl_attr = tags->rom_info_sdl_attr;
+		g_hw_sbcen = tags->hw_sbcen;
+		g_lock_state = tags->lock_state;
+		lks = tags->lock_state;
+		for (i = 0; i < NUM_RID; i++)
+			g_random_id[i] = tags->rid[i];
+		for (i = 0; i < NUM_CRYPTO_SEED; i++)
+			g_crypto_seed[i] = tags->crypto_seed[i];
+		for (i = 0; i < NUM_SBC_PUBK_HASH; i++)
+			g_sbc_pubk_hash[i] = tags->sbc_pubk_hash[i];
+	}
+	return 1;
+}
+
+static int __init masp_of_init(void)
+{
+	of_scan_flat_dt(masp_parse_dt, NULL);
+	return 0;
+}
+#endif
+static void __exit masp_exit(void)
+{
+	/*platform_driver_unregister(&es_driver);*/
+	platform_driver_unregister(&masp_driver);
+}
+module_init(masp_init);
+module_exit(masp_exit);
+
+/**************************************************************************
+ *  EXPORT FUNCTION
+ **************************************************************************/
+EXPORT_SYMBOL(sec_get_random_id);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("MediaTek Inc.");
+#ifdef CONFIG_OF
+early_initcall(masp_of_init);
+#endif
+#ifdef MTK_SECURITY_MODULE_LITE
+MODULE_DESCRIPTION("Mediatek Security Module Lite");
+#else
+MODULE_DESCRIPTION("Mediatek Security Module");
+#endif
diff --git a/drivers/misc/mediatek/masp/asfv2/module/sec_mod.h b/drivers/misc/mediatek/masp/asfv2/module/sec_mod.h
new file mode 100644
index 000000000..857b10e3b
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/module/sec_mod.h
@@ -0,0 +1,51 @@
+#ifndef SECMOD_H
+#define SECMOD_H
+
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/spinlock.h>
+#include <linux/fs.h>
+
+struct sec_ops {
+	int (*sec_get_rid)(unsigned int *rid);
+};
+
+struct sec_mod {
+	dev_t id;
+	int init;
+	spinlock_t lock;
+	const struct sec_ops *ops;
+};
+
+/**************************************************************************
+ *  EXTERNAL VARIABLE
+ **************************************************************************/
+extern const struct sec_ops *sec_get_ops(void);
+extern struct semaphore hacc_sem;
+/**************************************************************************
+ *  EXTERNAL FUNCTION
+ **************************************************************************/
+extern long sec_core_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
+extern void sec_core_init(void);
+extern void sec_core_exit(void);
+#define NUM_SBC_PUBK_HASH           8
+#define NUM_CRYPTO_SEED          16
+#define NUM_RID 4
+
+
+#ifdef CONFIG_OF
+/*device information data*/
+struct masp_tag {
+	u32 size;
+	u32 tag;
+	unsigned int rom_info_sbc_attr;
+	unsigned int rom_info_sdl_attr;
+	unsigned int hw_sbcen;
+	unsigned int lock_state;
+	unsigned int rid[NUM_RID];
+	/*rom_info.m_SEC_KEY.crypto_seed */
+	unsigned char crypto_seed[NUM_CRYPTO_SEED];
+	unsigned int sbc_pubk_hash[NUM_SBC_PUBK_HASH];
+};
+#endif
+#endif				/* end of SECMOD_H */
diff --git a/drivers/misc/mediatek/masp/asfv2/tlc_inc/tci.h b/drivers/misc/mediatek/masp/asfv2/tlc_inc/tci.h
new file mode 100644
index 000000000..b01b2bff0
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/tlc_inc/tci.h
@@ -0,0 +1,47 @@
+ /*
+ * Copyright (c) 2013 TRUSTONIC LIMITED
+ * All rights reserved
+ *
+ * The present software is the confidential and proprietary information of
+ * TRUSTONIC LIMITED. You shall not disclose the present software and shall
+ * use it only in accordance with the terms of the license agreement you
+ * entered into with TRUSTONIC LIMITED. This software may be subject to
+ * export or import laws in certain countries.
+ */
+
+#ifndef _TL_SEC_TCI_H_
+#define _TL_SEC_TCI_H_
+
+typedef uint32_t tciCommandId_t;
+typedef uint32_t tciResponseId_t;
+typedef uint32_t tciReturnCode_t;
+
+/**< Responses have bit 31 set */
+#define RSP_ID_MASK (1U << 31)
+#define RSP_ID(cmdId) (((uint32_t)(cmdId)) | RSP_ID_MASK)
+#define IS_CMD(cmdId) ((((uint32_t)(cmdId)) & RSP_ID_MASK) == 0)
+#define IS_RSP(cmdId) ((((uint32_t)(cmdId)) & RSP_ID_MASK) == RSP_ID_MASK)
+
+/**
+ * Return codes of Trustlet commands.
+ */
+#define RET_OK              0            /**< Set, if processing is error free */
+#define RET_ERR_UNKNOWN_CMD 1            /**< Unknown command */
+#define INVALID_VIRTUAL_ADDR 2
+
+/**
+ * TCI command header.
+ */
+typedef struct{
+	tciCommandId_t commandId; /**< Command ID */
+} tciCommandHeader_t;
+
+/**
+ * TCI response header.
+ */
+typedef struct{
+	tciResponseId_t     responseId; /**< Response ID (must be command ID | RSP_ID_MASK )*/
+	tciReturnCode_t     returnCode; /**< Return code of command */
+} tciResponseHeader_t;
+
+#endif /* TCI_H_ */
diff --git a/drivers/misc/mediatek/masp/asfv2/tlc_inc/tlcApisec.h b/drivers/misc/mediatek/masp/asfv2/tlc_inc/tlcApisec.h
new file mode 100644
index 000000000..133339c56
--- /dev/null
+++ b/drivers/misc/mediatek/masp/asfv2/tlc_inc/tlcApisec.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2013 TRUSTONIC LIMITED
+ * All rights reserved
+ *
+ * The present software is the confidential and proprietary information of
+ * TRUSTONIC LIMITED. You shall not disclose the present software and shall
+ * use it only in accordance with the terms of the license agreement you
+ * entered into with TRUSTONIC LIMITED. This software may be subject to
+ * export or import laws in certain countries.
+ */
+
+#ifndef _TL_SEC_API_H_
+#define _TL_SEC_API_H_
+
+#include "tci.h"
+
+/*
+ * Command ID's for communication Trustlet Connector -> Trustlet.
+ */
+#define CMD_DEVINFO_GET     1
+#define CMD_DAPC_SET        2
+#define CMD_HACC_REQUEST    3
+
+/*
+ * Termination codes
+ */
+#define EXIT_ERROR                  ((uint32_t)(-1))
+
+/*
+ * command message.
+ *
+ * @param len Length of the data to process.
+ * @param data Data to processed (cleartext or ciphertext).
+ */
+typedef struct {
+	tciCommandHeader_t  header;     /**< Command header */
+	uint32_t            len;        /**< Length of data to process or buffer */
+	uint32_t            respLen;    /**< Length of response buffer */
+} dapc_cmd_t;
+
+/*
+ * Response structure Trustlet -> Trustlet Connector.
+ */
+typedef struct {
+	tciResponseHeader_t header;     /**< Response header */
+	uint32_t            len;
+} dapc_rsp_t;
+
+/*
+ * TCI message data.
+ */
+typedef struct {
+	union {
+		dapc_cmd_t     cmd;
+		dapc_rsp_t     rsp;
+	};
+	uint32_t    index;
+	uint32_t    result;
+	uint32_t    data_addr;
+	uint32_t    data_len;
+	uint32_t    seed_addr;
+	uint32_t    seed_len;
+	uint32_t    hacc_user;
+	uint32_t    direction;
+	uint32_t    reserve[2];
+} dapc_tciMessage_t;
+
+/*
+ * Trustlet UUID.
+ */
+#define TL_SEC_UUID { { 0x5, 0x11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } }
+
+#endif /* _TL_SEC_API_H_ */
-- 
cgit v1.2.3