xref: /aosp_15_r20/external/coreboot/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-trust.h (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1 #ifndef __BDK_TRUST_H__
2 #define __BDK_TRUST_H__
3 /***********************license start***********************************
4 * Copyright (c) 2003-2017  Cavium Inc. ([email protected]). All rights
5 * reserved.
6 *
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are
10 * met:
11 *
12 *   * Redistributions of source code must retain the above copyright
13 *     notice, this list of conditions and the following disclaimer.
14 *
15 *   * Redistributions in binary form must reproduce the above
16 *     copyright notice, this list of conditions and the following
17 *     disclaimer in the documentation and/or other materials provided
18 *     with the distribution.
19 *
20 *   * Neither the name of Cavium Inc. nor the names of
21 *     its contributors may be used to endorse or promote products
22 *     derived from this software without specific prior written
23 *     permission.
24 *
25 * This Software, including technical data, may be subject to U.S. export
26 * control laws, including the U.S. Export Administration Act and its
27 * associated regulations, and may be subject to export or import
28 * regulations in other countries.
29 *
30 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE IS PROVIDED "AS IS"
31 * AND WITH ALL FAULTS AND CAVIUM INC. MAKES NO PROMISES, REPRESENTATIONS OR
32 * WARRANTIES, EITHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT
33 * TO THE SOFTWARE, INCLUDING ITS CONDITION, ITS CONFORMITY TO ANY
34 * REPRESENTATION OR DESCRIPTION, OR THE EXISTENCE OF ANY LATENT OR PATENT
35 * DEFECTS, AND CAVIUM SPECIFICALLY DISCLAIMS ALL IMPLIED (IF ANY) WARRANTIES
36 * OF TITLE, MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR
37 * PURPOSE, LACK OF VIRUSES, ACCURACY OR COMPLETENESS, QUIET ENJOYMENT,
38 * QUIET POSSESSION OR CORRESPONDENCE TO DESCRIPTION. THE ENTIRE  RISK
39 * ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE LIES WITH YOU.
40 ***********************license end**************************************/
41 
42 /**
43  * @file
44  *
45  * Master include file for trusted boot support. Use bdk.h instead
46  * of including this file directly.
47  *
48  * @defgroup trust Trusted boot support
49  */
50 
51 #include "bdk-signed.h"
52 
53 typedef enum
54 {
55     BDK_TRUST_LEVEL_BROKEN,     /* Trust is unknown or was broken during boot. Fatal error state */
56     BDK_TRUST_LEVEL_NONE,       /* Untrusted boot */
57     BDK_TRUST_LEVEL_SIGNED,     /* Trusted boot verified by ROTPK */
58     BDK_TRUST_LEVEL_SIGNED_SSK, /* Trusted boot with SSK encryption */
59     BDK_TRUST_LEVEL_SIGNED_BSSK,/* Trusted boot with BSSK encryption */
60 }
61 bdk_trust_level_t;
62 
63 typedef struct
64 {
65     uint64_t total_length;
66     uint32_t s[8];
67 } bdk_sha256_state_t;
68 
69 /**
70  * Start a new SHA256
71  *
72  * @param hash_state Hash state to initialize
73  */
74 extern void bdk_sha256_init(bdk_sha256_state_t *hash_state);
75 
76 /**
77  * Update SHA256 for a data block
78  *
79  * @param hash_state Hash state
80  * @param data       Data to hash
81  * @param size       Size of the data in bytes
82  */
83 extern void bdk_sha256_update(bdk_sha256_state_t *hash_state, const void *data, int size);
84 
85 /**
86  * Finish a SHA256
87  *
88  * @param hash_state Hash state
89  *
90  * @return Pointer to the 64 byte SHA256
91  */
92 extern void *bdk_sha256_finish(bdk_sha256_state_t *hash_state);
93 
94 /**
95  * Perform AES128 encryption with CBC
96  *
97  * @param key    Key to use for encryption. Should be a pointer to key memory.
98  * @param data   Data to encrypt
99  * @param size   Size of the data in bytes. Must be a multiple of 16
100  * @param iv     Initial vector. Set to 16 zero bytes for start, then use to chain multiple
101  *               calls.
102  */
103 extern void bdk_aes128cbc_encrypt(const void *key, void *data, int size, void *iv);
104 
105 /**
106  * Perform AES128 decryption with CBC
107  *
108  * @param key    Key to use for decryption. Should be a pointer to key memory.
109  * @param data   Data to decrypt
110  * @param size   Size of the data in bytes. Must be a multiple of 16
111  * @param iv     Initial vector. Set to 16 zero bytes for start, then use to chain multiple
112  *               calls.
113  */
114 extern void bdk_aes128cbc_decrypt(const void *key, void *data, int size, void *iv);
115 
116 /**
117  * Called by boot stub (TBL1FW) to initialize the state of trust
118  */
119 extern void __bdk_trust_init(void);
120 
121 /**
122  * Returns the current level of trust. Must be called after
123  * __bdk_trust_init()
124  *
125  * @return Enumerated trsut level, see bdk_trust_level_t
126  */
127 extern bdk_trust_level_t bdk_trust_get_level(void);
128 
129 /**
130  * Return the current secure NV counter stored in the fuses
131  *
132  * @return NV counter (0-31)
133  */
134 extern int bdk_trust_get_nv_counter(void);
135 
136 #endif
137