 |
Software APIs
|
|
Software APIs
|
Key Manager Device Interface Functions More...
#include <stdint.h>#include "sw/device/lib/base/mmio.h"#include "sw/device/lib/dif/dif_warn_unused_result.h"Go to the source code of this file.
Data Structures | |
| struct | dif_keymgr_params |
| Hardware instantiation parameters for key manager. More... | |
| struct | dif_keymgr_config |
| Runtime configuration for key manager. More... | |
| struct | dif_keymgr |
| A handle to a key manager. More... | |
| struct | dif_keymgr_state_params |
| Parameters for a key manager state. More... | |
| struct | dif_keymgr_versioned_key_params |
| Parameters for generating a versioned key. More... | |
| struct | dif_keymgr_output |
| Output of a key manager operation. More... | |
Typedefs | |
| typedef enum dif_keymgr_toggle | dif_keymgr_toggle_t |
| Enumeration for enabling/disabling various functionality. | |
| typedef struct dif_keymgr_params | dif_keymgr_params_t |
| Hardware instantiation parameters for key manager. More... | |
| typedef struct dif_keymgr_config | dif_keymgr_config_t |
| Runtime configuration for key manager. More... | |
| typedef struct dif_keymgr | dif_keymgr_t |
| A handle to a key manager. More... | |
| typedef enum dif_keymgr_result | dif_keymgr_result_t |
| Result of a key manager operation. | |
| typedef enum dif_keymgr_lockable_result | dif_keymgr_lockable_result_t |
| Result of a key manager operation that writes to lockable registers. | |
| typedef enum dif_keymgr_irq | dif_keymgr_irq_t |
| Key manager interrupts. | |
| typedef uint32_t | dif_keymgr_irq_snapshot_t |
| A snapshot of the enablement state of key manager interrupts. More... | |
| typedef enum dif_keymgr_alert | dif_keymgr_alert_t |
| Key manager alerts. More... | |
| typedef enum dif_keymgr_state | dif_keymgr_state_t |
| Key manager states. More... | |
| typedef struct dif_keymgr_state_params | dif_keymgr_state_params_t |
| Parameters for a key manager state. | |
| typedef enum dif_keymgr_status_code | dif_keymgr_status_code_t |
| Status code bit flags. More... | |
| typedef uint8_t | dif_keymgr_status_codes_t |
| A bit vector of status codes. More... | |
| typedef enum dif_keymgr_versioned_key_dest | dif_keymgr_versioned_key_dest_t |
| Destination of a versioned key generation operation. More... | |
| typedef struct dif_keymgr_versioned_key_params | dif_keymgr_versioned_key_params_t |
| Parameters for generating a versioned key. | |
| typedef struct dif_keymgr_output | dif_keymgr_output_t |
| Output of a key manager operation. More... | |
Key Manager Device Interface Functions
Definition in file dif_keymgr.h.
| struct dif_keymgr_params |
Hardware instantiation parameters for key manager.
This struct describes information about the underlying hardware that is not determined until the hardware design is used as part of a top-level design.
Definition at line 44 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| mmio_region_t | base_addr | Base address of key manager registers. |
| struct dif_keymgr_config |
Runtime configuration for key manager.
This struct describes runtime information for one-time configuration of the hardware.
Definition at line 57 of file dif_keymgr.h.
| struct dif_keymgr |
A handle to a key manager.
This type should be treated as opaque by users.
Definition at line 73 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| dif_keymgr_params_t | params | Hardware instantiation parameters. |
| struct dif_keymgr_state_params |
Parameters for a key manager state.
Definition at line 306 of file dif_keymgr.h.
| struct dif_keymgr_versioned_key_params |
Parameters for generating a versioned key.
Definition at line 497 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| dif_keymgr_versioned_key_dest_t | dest |
Destination of the generated versioned key. See also: |
| uint32_t | salt[8] | Salt value to use for key generation. |
| uint32_t | version | Version value to use for key generation. |
| struct dif_keymgr_output |
Output of a key manager operation.
Key manager outputs are in two-shares.
Definition at line 565 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| uint32_t | value[2][8] | |
| typedef enum dif_keymgr_alert dif_keymgr_alert_t |
Key manager alerts.
Key manager generates alerts when it encounters a hardware or software error. Clients can use dif_keymgr_get_status_codes() to determine the type of error that occurred.
| typedef struct dif_keymgr_config dif_keymgr_config_t |
Runtime configuration for key manager.
This struct describes runtime information for one-time configuration of the hardware.
| typedef uint32_t dif_keymgr_irq_snapshot_t |
A snapshot of the enablement state of key manager interrupts.
This is an opaque type, to be used with the dif_keymgr_irq_disable_all() and dif_keymgr_irq_restore_all() functions.
Definition at line 148 of file dif_keymgr.h.
| typedef struct dif_keymgr_output dif_keymgr_output_t |
Output of a key manager operation.
Key manager outputs are in two-shares.
| typedef struct dif_keymgr_params dif_keymgr_params_t |
Hardware instantiation parameters for key manager.
This struct describes information about the underlying hardware that is not determined until the hardware design is used as part of a top-level design.
| typedef enum dif_keymgr_state dif_keymgr_state_t |
Key manager states.
Key manager has seven states that control its operation. During secure boot, key manager transitions between these states sequentially and these transitions are irreversible until a power cycle.
The secret value of key manager changes at each state transition in a well-defined manner, thus its meaning is tied to the current state of key manager.
The functionality of key manager is directly tied to the life cycle controller peripheral and it is explicitly disabled during specific life cycle stages. If key manager has not been initialized, it cannot be initialized until it is enabled by life cycle controller. If key manager is disabled by life cycle controller while it is in an operational state, it immediately wipes its contents and transitions to Disabled state.
| typedef enum dif_keymgr_status_code dif_keymgr_status_code_t |
Status code bit flags.
See also: dif_keymgr_status_codes_t.
| typedef uint8_t dif_keymgr_status_codes_t |
A bit vector of status codes.
The following snippet can be used to check if key manager is idle:
bool is_idle = (status_codes & kDifKeymgrStatusCodeIdle);
The following snippet can be used to check if key manager is idle and error-free:
bool is_idle_and_ok = (status_codes == kDifKeymgrStatusCodeIdle);
See also: dif_keymgr_status_code_t.
Definition at line 413 of file dif_keymgr.h.
| typedef struct dif_keymgr dif_keymgr_t |
A handle to a key manager.
This type should be treated as opaque by users.
Destination of a versioned key generation operation.
Key manager can make the output of a versioned key generation operation available to software or sideload it directly to a peripheral device. When the destination is a peripheral device, the output of the operation is not visible to software and a different derivation constant is used for each peripheral.
| enum dif_keymgr_alert |
Key manager alerts.
Key manager generates alerts when it encounters a hardware or software error. Clients can use dif_keymgr_get_status_codes() to determine the type of error that occurred.
Definition at line 157 of file dif_keymgr.h.
| enum dif_keymgr_irq |
Key manager interrupts.
| Enumerator | |
|---|---|
| kDifKeymgrIrqDone | Operation was completed. This interrupt is triggered regardless of the outcome of the operation. Clients can use |
Definition at line 127 of file dif_keymgr.h.
Result of a key manager operation that writes to lockable registers.
Definition at line 103 of file dif_keymgr.h.
| enum dif_keymgr_result |
Result of a key manager operation.
Definition at line 83 of file dif_keymgr.h.
| enum dif_keymgr_state |
Key manager states.
Key manager has seven states that control its operation. During secure boot, key manager transitions between these states sequentially and these transitions are irreversible until a power cycle.
The secret value of key manager changes at each state transition in a well-defined manner, thus its meaning is tied to the current state of key manager.
The functionality of key manager is directly tied to the life cycle controller peripheral and it is explicitly disabled during specific life cycle stages. If key manager has not been initialized, it cannot be initialized until it is enabled by life cycle controller. If key manager is disabled by life cycle controller while it is in an operational state, it immediately wipes its contents and transitions to Disabled state.
Definition at line 200 of file dif_keymgr.h.
Status code bit flags.
See also: dif_keymgr_status_codes_t.
Definition at line 376 of file dif_keymgr.h.
| enum dif_keymgr_toggle |
Enumeration for enabling/disabling various functionality.
| Enumerator | |
|---|---|
| kDifKeymgrToggleEnabled | Enabled state. |
| kDifKeymgrToggleDisabled | Disabled state. |
Definition at line 26 of file dif_keymgr.h.
Destination of a versioned key generation operation.
Key manager can make the output of a versioned key generation operation available to software or sideload it directly to a peripheral device. When the destination is a peripheral device, the output of the operation is not visible to software and a different derivation constant is used for each peripheral.
| Enumerator | |
|---|---|
| kDifKeymgrVersionedKeyDestSw | Store the generated versioned key in software visible registers. The generated versioned key can be read by calling |
| kDifKeymgrVersionedKeyDestAes | Sideload the generated versioned key to AES device. |
| kDifKeymgrVersionedKeyDestHmac | Sideload the generated versioned key to HMAC device. |
| kDifKeymgrVersionedKeyDestKmac | Sideload the generated versioned key to KMAC device. |
Definition at line 467 of file dif_keymgr.h.
| DIF_WARN_UNUSED_RESULT dif_keymgr_lockable_result_t dif_keymgr_advance_state | ( | const dif_keymgr_t * | keymgr, |
| const dif_keymgr_state_params_t * | params | ||
| ) |
Advances key manager state.
This function instructs key manager to transition to the next state, i.e. Reset -> Initialized -> CreatorRootKey -> OwnerIntermediateKey -> OwnerRootKey -> Disabled. Once a state transition starts, key manager locks the control register until the transition is complete. State transitions are irreversible until a power cycle.
The entropy source must be initialized before this function is called. After PoR, key manager is in Reset state with a non-deterministic secret value. The first call to this function after PoR causes key manager to initialize its secret value using the random values generated by the entropy source and transition to Initialized state.
params is required when the next state is an operational state, i.e. CreatorRootKey, OwnerIntermediateKey, or OwnerRootKey. It must be NULL for all other cases.
This is an asynchronous function because key manager state transitions involve KMAC operations that can take some time to complete. Clients must check the status of key manager using dif_keymgr_get_status_codes() before calling other functions in this library.
| keymgr | A key manager handle. |
| params | The binding and max key version value for the next state. |
Definition at line 300 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_alert_force | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_alert_t | alert | ||
| ) |
Forces a particular alert as if hardware had asserted it.
| keymgr | A key manager handle. |
| alert | An alert type. |
Definition at line 597 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_configure | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_config_t | config | ||
| ) |
Configures key manager with runtime information.
This function should need to be called once for the lifetime of keymgr.
| keymgr | A key manager handle. |
| config | Runtime configuration parameters. |
Definition at line 286 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_lockable_result_t dif_keymgr_disable | ( | const dif_keymgr_t * | keymgr | ) |
Disables key manager.
This function disables key manager until the next power cycle by making it transition to Disabled state. Disabled state is a terminal state where key manager is no longer operational and its secret value is a random value.
| keymgr | A key manager handle. |
Definition at line 372 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_lockable_result_t dif_keymgr_generate_identity_seed | ( | const dif_keymgr_t * | keymgr | ) |
Generates an identity seed.
This function requests key manager to generate an identity seed using its current secret value. Clients must first verify that the operation was successful using dif_keymgr_get_status_codes() before reading the generated identity seed using dif_keymgr_read_output().
The generated seed can be used to generate an identity using an asymmetric KDF.
| keymgr | A key manager handle. |
Definition at line 483 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_lockable_result_t dif_keymgr_generate_versioned_key | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_versioned_key_params_t | params | ||
| ) |
Generates a versioned key.
This function requests key manager to generate a versioned key using its current secret value and the provided parameters. The generated key can be sideloaded directly to a peripheral device or made visible to software using params.dest. If the destination is software, clients must first verify that the operation was successful using dif_keymgr_get_status_codes() before reading the generated key using dif_keymgr_read_output().
| keymgr | A key manager handle. |
| params | Key generation parameters. |
Definition at line 501 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_get_state | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_state_t * | state | ||
| ) |
Gets the current state of key manager.
| keymgr | A key manager handle. | |
| [out] | state | Out-param for current key manager state. |
Definition at line 447 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_get_status_codes | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_status_codes_t * | status_codes | ||
| ) |
Gets the operational status of key manager.
This function also clears OP_STATUS and ERR_CODE registers after reading them.
| keymgr | A key manager handle. | |
| [out] | status_codes | Out-param for key manager status codes. |
Definition at line 390 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_init | ( | dif_keymgr_params_t | params, |
| dif_keymgr_t * | keymgr | ||
| ) |
Creates a new handle for key manager.
This function does not actuate the hardware and must be called to initialize the handle that must be passed to other functions in this library in each boot stage. A typical usage of this library during different secure boot stages is as follows:
dif_keymgr_init().dif_keymgr_configure().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().dif_keymgr_init().dif_keymgr_generate_versioned_key(), dif_keymgr_generate_identity_seed(), dif_keymgr_get_status_codes().dif_keymgr_read_output().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().| params | Hardware instantiation parameters. | |
| [out] | keymgr | Out-param for the initialized handle. |
Definition at line 275 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_acknowledge | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_irq_t | irq | ||
| ) |
Acknowledges a particular interrupt, indicating to the hardware that it has been successfully serviced.
| keymgr | A key manager handle. |
| irq | An interrupt type. |
Definition at line 637 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_disable_all | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_irq_snapshot_t * | snapshot | ||
| ) |
Disables all interrupts, optionally snapshotting all toggle state for later restoration.
| keymgr | A key manager handle. | |
| [out] | snapshot | Out-param for the snapshot; may be NULL. |
Definition at line 699 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_force | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_irq_t | irq | ||
| ) |
Forces a particular interrupt, causing it to be serviced as if hardware had asserted it.
| keymgr | A key manager handle. |
| irq | An interrupt type. |
Definition at line 685 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_get_enabled | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_irq_t | irq, | ||
| dif_keymgr_toggle_t * | state | ||
| ) |
Checks whether a particular interrupt is currently enabled or disabled.
| keymgr | A key manager handle. | |
| irq | An interrupt type. | |
| [out] | state | Out-param for toggle state of the interrupt. |
Definition at line 651 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_is_pending | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_irq_t | irq, | ||
| bool * | is_pending | ||
| ) |
Returns whether a particular interrupt is currently pending.
| keymgr | A key manager handle. | |
| irq | An interrupt type. | |
| [out] | is_pending | Out-param for whether the interrupt is pending. |
Definition at line 621 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_restore_all | ( | const dif_keymgr_t * | keymgr, |
| const dif_keymgr_irq_snapshot_t * | snapshot | ||
| ) |
Restores interrupts from the given snapshot.
This function can be used with dif_keymgr_irq_disable_all() to temporary interrupt save-and-restore.
| keymgr | A key manager handle. |
| snapshot | A snapshot to restore from. |
Definition at line 715 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_irq_set_enabled | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_irq_t | irq, | ||
| dif_keymgr_toggle_t | state | ||
| ) |
Sets whether a particular interrupt is currently enabled or disabled.
| keymgr | A key manager handle. |
| irq | An interrupt type. |
| state | The new toggle state for the interrupt. |
Definition at line 666 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_read_output | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_output_t * | output | ||
| ) |
Reads the output of the last key manager operation.
After starting a key manager operation, clients must verify that the operation was successful using dif_keymgr_get_status_codes() before calling this function.
When key manager is used for versioned key generation, the output of this function is valid only if the destination of the operation was kDifKeymgrVersionedKeyDestSw.
See also: dif_keymgr_output_t.
| keymgr | A key manager handle. | |
| [out] | output | Out-param for key manager output. |
Definition at line 581 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_sideload_clear_get_enabled | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_toggle_t * | state | ||
| ) |
Checks whether clearing of sideload keys is enabled or not.
| keymgr | A key manager handle. | |
| [out] | Out-param | for the current toggle state of sideload clear. |
Definition at line 567 of file dif_keymgr.c.
| DIF_WARN_UNUSED_RESULT dif_keymgr_result_t dif_keymgr_sideload_clear_set_enabled | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_toggle_t | state | ||
| ) |
Starts or stops clearing of sideload keys.
When a key is generated to be sideloaded to a hardware peripheral, key manager stores it in a set of storage registers. Calling this function with state set to kDifKeymgrToggleEnabled causes key manager to clear sideload keys continously using random values from the entropty source. Callers must disable clearing of sideload keys to resume normal sideload operation.
| keymgr | A key manager handle. |
| state | The new toggle state for sideload clear. |
Definition at line 553 of file dif_keymgr.c.