diff options
Diffstat (limited to 'src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h')
-rw-r--r-- | src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h b/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h new file mode 100644 index 0000000000..601291c4bb --- /dev/null +++ b/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h @@ -0,0 +1,94 @@ +/***********************license start*********************************** +* Copyright (c) 2003-2017 Cavium Inc. (support@cavium.com). All rights +* reserved. +* +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions are +* met: +* +* * Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* +* * Redistributions in binary form must reproduce the above +* copyright notice, this list of conditions and the following +* disclaimer in the documentation and/or other materials provided +* with the distribution. +* +* * Neither the name of Cavium Inc. nor the names of +* its contributors may be used to endorse or promote products +* derived from this software without specific prior written +* permission. +* +* This Software, including technical data, may be subject to U.S. export +* control laws, including the U.S. Export Administration Act and its +* associated regulations, and may be subject to export or import +* regulations in other countries. +* +* TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE IS PROVIDED "AS IS" +* AND WITH ALL FAULTS AND CAVIUM INC. MAKES NO PROMISES, REPRESENTATIONS OR +* WARRANTIES, EITHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT +* TO THE SOFTWARE, INCLUDING ITS CONDITION, ITS CONFORMITY TO ANY +* REPRESENTATION OR DESCRIPTION, OR THE EXISTENCE OF ANY LATENT OR PATENT +* DEFECTS, AND CAVIUM SPECIFICALLY DISCLAIMS ALL IMPLIED (IF ANY) WARRANTIES +* OF TITLE, MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR +* PURPOSE, LACK OF VIRUSES, ACCURACY OR COMPLETENESS, QUIET ENJOYMENT, +* QUIET POSSESSION OR CORRESPONDENCE TO DESCRIPTION. THE ENTIRE RISK +* ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE LIES WITH YOU. +***********************license end**************************************/ + +/** + * @file + * + * Utility functions handling signed nad possibly encrypted files + * + * @defgroup signed Signed File IO + * @{ + */ + +/** + * Enumeration representing the possible data types in a signed file + */ +typedef enum +{ + BDK_SIGNED_IMAGE, /* BDK code image */ + BDK_SIGNED_DTS, /* Device tree file */ + BDK_SIGNED_PUB_KEY, /* Chain of trust public key, BDK proprietary format */ +} bdk_signed_data_t; + +/** + * Flags to pass to bdk_signed functions + */ +typedef enum +{ + BDK_SIGNED_FLAG_NONE = 0, /* Good for most files. Verfies as needed for trusted boot */ + BDK_SIGNED_FLAG_NOT_ENCRYPTED = 1 << 1, /* The file is not encrypted, even with trusted boot */ + BDK_SIGNED_FLAG_ALLOW_UNSIGNED = 1 << 2,/* File is not signed, even with trusted boot */ +} bdk_signed_flags_t; + +/** + * Load a file and verify its signature. If the file is encrypted, it is + * decrypted. If the file is compressed, it is decompressed. + * + * @param filename File to load + * @param loc Offset into file for image. This is normally zero for normal files. Device + * files, such as /dev/mem, will use this to locate the image. + * @param data_type Type of data in the file, enumerated by bdk_signed_data_t. This is required + * so the code can determine the file size before loading the whole file. + * @param flags Flags for controlling file loading + * @param filesize Set the size of the file if the file is loaded properly. If load fails, set to + * zero. + * + * @return Pointer to the data from the file, or NULL on failure + */ +extern void *bdk_signed_load(const char *filename, uint64_t loc, + bdk_signed_data_t data_type, bdk_signed_flags_t flags, uint64_t *filesize); + +/** + * Load the BDK's public signing key, which is signed by the Root of Trust + * + * @return Zero on success, negative on failure + */ +extern int bdk_signed_load_public(void); + +/** @} */ |