1 files changed, 94 insertions, 0 deletions

diff --git a/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h b/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h
new file mode 100644
index 0000000000..601291c4bb
--- /dev/null
+++ b/src/vendorcode/cavium/include/bdk/libbdk-trust/bdk-signed.h
@@ -0,0 +1,94 @@
+/***********************license start***********************************
+* Copyright (c) 2003-2017  Cavium Inc. (support@cavium.com). All rights
+* reserved.
+*
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are
+* met:
+*
+*   * Redistributions of source code must retain the above copyright
+*     notice, this list of conditions and the following disclaimer.
+*
+*   * Redistributions in binary form must reproduce the above
+*     copyright notice, this list of conditions and the following
+*     disclaimer in the documentation and/or other materials provided
+*     with the distribution.
+*
+*   * Neither the name of Cavium Inc. nor the names of
+*     its contributors may be used to endorse or promote products
+*     derived from this software without specific prior written
+*     permission.
+*
+* This Software, including technical data, may be subject to U.S. export
+* control laws, including the U.S. Export Administration Act and its
+* associated regulations, and may be subject to export or import
+* regulations in other countries.
+*
+* TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE IS PROVIDED "AS IS"
+* AND WITH ALL FAULTS AND CAVIUM INC. MAKES NO PROMISES, REPRESENTATIONS OR
+* WARRANTIES, EITHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT
+* TO THE SOFTWARE, INCLUDING ITS CONDITION, ITS CONFORMITY TO ANY
+* REPRESENTATION OR DESCRIPTION, OR THE EXISTENCE OF ANY LATENT OR PATENT
+* DEFECTS, AND CAVIUM SPECIFICALLY DISCLAIMS ALL IMPLIED (IF ANY) WARRANTIES
+* OF TITLE, MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR
+* PURPOSE, LACK OF VIRUSES, ACCURACY OR COMPLETENESS, QUIET ENJOYMENT,
+* QUIET POSSESSION OR CORRESPONDENCE TO DESCRIPTION. THE ENTIRE  RISK
+* ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE LIES WITH YOU.
+***********************license end**************************************/
+
+/**
+ * @file
+ *
+ * Utility functions handling signed nad possibly encrypted files
+ *
+ * @defgroup signed Signed File IO
+ * @{
+ */
+
+/**
+ * Enumeration representing the possible data types in a signed file
+ */
+typedef enum
+{
+    BDK_SIGNED_IMAGE,   /* BDK code image */
+    BDK_SIGNED_DTS,     /* Device tree file */
+    BDK_SIGNED_PUB_KEY, /* Chain of trust public key, BDK proprietary format */
+} bdk_signed_data_t;
+
+/**
+ * Flags to pass to bdk_signed functions
+ */
+typedef enum
+{
+    BDK_SIGNED_FLAG_NONE = 0,               /* Good for most files. Verfies as needed for trusted boot */
+    BDK_SIGNED_FLAG_NOT_ENCRYPTED = 1 << 1, /* The file is not encrypted, even with trusted boot */
+    BDK_SIGNED_FLAG_ALLOW_UNSIGNED = 1 << 2,/* File is not signed, even with trusted boot */
+} bdk_signed_flags_t;
+
+/**
+ * Load a file and verify its signature. If the file is encrypted, it is
+ * decrypted. If the file is compressed, it is decompressed.
+ *
+ * @param filename  File to load
+ * @param loc       Offset into file for image. This is normally zero for normal files. Device
+ *                  files, such as /dev/mem, will use this to locate the image.
+ * @param data_type Type of data in the file, enumerated by bdk_signed_data_t. This is required
+ *                  so the code can determine the file size before loading the whole file.
+ * @param flags     Flags for controlling file loading
+ * @param filesize  Set the size of the file if the file is loaded properly. If load fails, set to
+ *                  zero.
+ *
+ * @return Pointer to the data from the file, or NULL on failure
+ */
+extern void *bdk_signed_load(const char *filename, uint64_t loc,
+    bdk_signed_data_t data_type, bdk_signed_flags_t flags, uint64_t *filesize);
+
+/**
+ * Load the BDK's public signing key, which is signed by the Root of Trust
+ *
+ * @return Zero on success, negative on failure
+ */
+extern int bdk_signed_load_public(void);
+
+/** @} */