1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
#ifndef __BDK_TRUST_H__
#define __BDK_TRUST_H__
/***********************license start***********************************
* Copyright (c) 2003-2017 Cavium Inc. (support@cavium.com). All rights
* reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of Cavium Inc. nor the names of
* its contributors may be used to endorse or promote products
* derived from this software without specific prior written
* permission.
*
* This Software, including technical data, may be subject to U.S. export
* control laws, including the U.S. Export Administration Act and its
* associated regulations, and may be subject to export or import
* regulations in other countries.
*
* TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE IS PROVIDED "AS IS"
* AND WITH ALL FAULTS AND CAVIUM INC. MAKES NO PROMISES, REPRESENTATIONS OR
* WARRANTIES, EITHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT
* TO THE SOFTWARE, INCLUDING ITS CONDITION, ITS CONFORMITY TO ANY
* REPRESENTATION OR DESCRIPTION, OR THE EXISTENCE OF ANY LATENT OR PATENT
* DEFECTS, AND CAVIUM SPECIFICALLY DISCLAIMS ALL IMPLIED (IF ANY) WARRANTIES
* OF TITLE, MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR
* PURPOSE, LACK OF VIRUSES, ACCURACY OR COMPLETENESS, QUIET ENJOYMENT,
* QUIET POSSESSION OR CORRESPONDENCE TO DESCRIPTION. THE ENTIRE RISK
* ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE LIES WITH YOU.
***********************license end**************************************/
/**
* @file
*
* Master include file for trusted boot support. Use bdk.h instead
* of including this file directly.
*
* @defgroup trust Trusted boot support
*/
#include "bdk-signed.h"
typedef enum
{
BDK_TRUST_LEVEL_BROKEN, /* Trust is unknown or was broken during boot. Fatal error state */
BDK_TRUST_LEVEL_NONE, /* Untrusted boot */
BDK_TRUST_LEVEL_SIGNED, /* Trusted boot verified by ROTPK */
BDK_TRUST_LEVEL_SIGNED_SSK, /* Trusted boot with SSK encryption */
BDK_TRUST_LEVEL_SIGNED_BSSK,/* Trusted boot with BSSK encryption */
}
bdk_trust_level_t;
typedef struct
{
uint64_t total_length;
uint32_t s[8];
} bdk_sha256_state_t;
/**
* Start a new SHA256
*
* @param hash_state Hash state to initialize
*/
extern void bdk_sha256_init(bdk_sha256_state_t *hash_state);
/**
* Update SHA256 for a data block
*
* @param hash_state Hash state
* @param data Data to hash
* @param size Size of the data in bytes
*/
extern void bdk_sha256_update(bdk_sha256_state_t *hash_state, const void *data, int size);
/**
* Finish a SHA256
*
* @param hash_state Hash state
*
* @return Pointer to the 64 byte SHA256
*/
extern void *bdk_sha256_finish(bdk_sha256_state_t *hash_state);
/**
* Perform AES128 encryption with CBC
*
* @param key Key to use for encryption. Should be a pointer to key memory.
* @param data Data to encrypt
* @param size Size of the data in bytes. Must be a multiple of 16
* @param iv Initial vector. Set to 16 zero bytes for start, then use to chain multiple
* calls.
*/
extern void bdk_aes128cbc_encrypt(const void *key, void *data, int size, void *iv);
/**
* Perform AES128 decryption with CBC
*
* @param key Key to use for decryption. Should be a pointer to key memory.
* @param data Data to decrypt
* @param size Size of the data in bytes. Must be a multiple of 16
* @param iv Initial vector. Set to 16 zero bytes for start, then use to chain multiple
* calls.
*/
extern void bdk_aes128cbc_decrypt(const void *key, void *data, int size, void *iv);
/**
* Called by boot stub (TBL1FW) to initialize the state of trust
*/
extern void __bdk_trust_init(void);
/**
* Returns the current level of trust. Must be called after
* __bdk_trust_init()
*
* @return Enumerated trsut level, see bdk_trust_level_t
*/
extern bdk_trust_level_t bdk_trust_get_level(void);
/**
* Return the current secure NV counter stored in the fuses
*
* @return NV counter (0-31)
*/
extern int bdk_trust_get_nv_counter(void);
#endif
|
