1 /***************************************************************************//**
2 * @file
3 * @brief Secure Element API
4 *******************************************************************************
5 * # License
6 * <b>Copyright 2018 Silicon Laboratories Inc. www.silabs.com</b>
7 *******************************************************************************
8 *
9 * SPDX-License-Identifier: Zlib
10 *
11 * The licensor of this software is Silicon Laboratories Inc.
12 *
13 * This software is provided 'as-is', without any express or implied
14 * warranty. In no event will the authors be held liable for any damages
15 * arising from the use of this software.
16 *
17 * Permission is granted to anyone to use this software for any purpose,
18 * including commercial applications, and to alter it and redistribute it
19 * freely, subject to the following restrictions:
20 *
21 * 1. The origin of this software must not be misrepresented; you must not
22 * claim that you wrote the original software. If you use this software
23 * in a product, an acknowledgment in the product documentation would be
24 * appreciated but is not required.
25 * 2. Altered source versions must be plainly marked as such, and must not be
26 * misrepresented as being the original software.
27 * 3. This notice may not be removed or altered from any source distribution.
28 *
29 ******************************************************************************/
30 #ifndef EM_SE_H
31 #define EM_SE_H
32
33 #if defined(__linux__)
34
35 #define SLI_EM_SE_HOST
36
37 #else
38
39 #include "em_device.h"
40
41 #endif // __linux__
42
43 #include "sl_common.h"
44
45 #if defined(SLI_EM_SE_HOST) || defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
46
47 #include <stdint.h>
48 #include <stdbool.h>
49 #include <stddef.h>
50
51 #ifdef __cplusplus
52 extern "C" {
53 #endif
54
55 /***************************************************************************//**
56 * @addtogroup se SE - Secure Element
57 *
58 * @brief Secure Element peripheral API
59 *
60 * @details
61 * Abstraction of the Secure Element's mailbox interface.
62 *
63 * For series 2 devices with a part number that is xG23 or higher, the
64 * following step is necessary for basic operation:
65 *
66 * Clock enable:
67 * @code
68 CMU_ClockEnable(cmuClock_SEMAILBOX, true);@endcode
69 *
70 * @note The high-level SE API has been moved to the SE manager, and the
71 * implementation in em_se should not be used.
72 *
73 * @note Using the SE's mailbox is not thread-safe in EMLIB, and accessing the
74 * SE's mailbox both in regular and IRQ context is not safe. SE operations
75 * should be performed using the SE manager if possible.
76 *
77 * @{
78 ******************************************************************************/
79
80 /*******************************************************************************
81 ****************************** DEFINES ***********************************
82 ******************************************************************************/
83
84 #if defined(CRYPTOACC_PRESENT)
85 /** Root Code Mailbox is invalid. */
86 #define SE_RESPONSE_MAILBOX_INVALID 0x00FE0000UL
87 /** Root Code Mailbox magic word */
88 #define SE_RESPONSE_MAILBOX_VALID 0xE5ECC0DEUL
89 #endif
90
91 /** Response status codes for the Secure Element */
92 #define SE_RESPONSE_MASK 0x000F0000UL
93 /** Command executed successfully or signature was successfully validated. */
94 #define SE_RESPONSE_OK 0x00000000UL
95
96 /** Maximum amount of parameters supported by the hardware FIFO */
97 #define SE_FIFO_MAX_PARAMETERS 13U
98
99 /** Stop datatransfer */
100 #define SE_DATATRANSFER_STOP 0x00000001UL
101 /** Discard datatransfer */
102 #define SE_DATATRANSFER_DISCARD 0x40000000UL
103 /** Realign datatransfer */
104 #define SE_DATATRANSFER_REALIGN 0x20000000UL
105 /** Datatransfer Const Address*/
106 #define SE_DATATRANSFER_CONSTADDRESS 0x10000000UL
107 /** Stop Length Mask */
108 #define SE_DATATRANSFER_LENGTH_MASK 0x0FFFFFFFUL
109
110 /** Maximum amount of parameters for largest command in defined command set */
111 #ifndef SE_MAX_PARAMETERS
112 #define SE_MAX_PARAMETERS 4U
113 #endif
114
115 /* Sanity-check defines */
116 #if SE_MAX_PARAMETERS > SE_FIFO_MAX_PARAMETERS
117 #error "Trying to configure more parameters than supported by the hardware"
118 #endif
119
120 /*******************************************************************************
121 ****************************** TYPEDEFS ***********************************
122 ******************************************************************************/
123
124 /**
125 * SE DMA transfer descriptor. Can be linked to each other to provide
126 * scatter-gather behavior.
127 */
128 typedef struct {
129 volatile void* volatile data; /**< Data pointer */
130 void* volatile next; /**< Next descriptor */
131 volatile uint32_t length; /**< Length */
132 } SE_DataTransfer_t;
133
134 /** Default initialization of data transfer struct */
135 #define SE_DATATRANSFER_DEFAULT(address, length) \
136 { \
137 (void*)(address), /* Pointer to data block */ \
138 (void*)SE_DATATRANSFER_STOP, /* This is the last block by default */ \
139 (length) | SE_DATATRANSFER_REALIGN /* Add size, use realign by default */ \
140 }
141
142 /**
143 * SE Command structure to which all commands to the SE must adhere.
144 */
145 typedef struct {
146 uint32_t command; /**< SE Command */
147 SE_DataTransfer_t* data_in; /**< Input data */
148 SE_DataTransfer_t* data_out; /**< Output data */
149 uint32_t parameters[SE_MAX_PARAMETERS];/**< Parameters */
150 size_t num_parameters; /**< Number of parameters */
151 } SE_Command_t;
152
153 /** Default initialization of command struct */
154 #define SE_COMMAND_DEFAULT(command) \
155 { \
156 (command), /* Given command */ \
157 NULL, /* No data in */ \
158 NULL, /* No data out */ \
159 { 0, 0, 0, 0 }, /* No parameters */ \
160 0 /* No parameters */ \
161 }
162
163 /** Possible responses to a command */
164 typedef uint32_t SE_Response_t;
165
166 /*******************************************************************************
167 ***************************** PROTOTYPES **********************************
168 ******************************************************************************/
169
170 void SE_addDataInput(SE_Command_t *command,
171 SE_DataTransfer_t *data);
172
173 void SE_addDataOutput(SE_Command_t *command,
174 SE_DataTransfer_t *data);
175
176 void SE_addParameter(SE_Command_t *command, uint32_t parameter);
177
178 #if !defined(SLI_EM_SE_HOST)
179 void SE_executeCommand(SE_Command_t *command);
180 #endif // #if !defined(SLI_EM_SE_HOST)
181
182 #if defined(CRYPTOACC_PRESENT)
183 SE_Response_t SE_getVersion(uint32_t *version);
184 SE_Response_t SE_getConfigStatusBits(uint32_t *cfgStatus);
185 SE_Response_t SE_getOTPVersion(uint32_t *otpVersion);
186 SE_Response_t SE_ackCommand(SE_Command_t *command);
187 #endif // #if defined(CRYPTOACC_PRESENT)
188
189 // Utilities
190 #if defined(SEMAILBOX_PRESENT)
191 __STATIC_INLINE bool SE_isCommandCompleted(void);
192 __STATIC_INLINE SE_Response_t SE_readCommandResponse(void);
193 #elif defined(CRYPTOACC_PRESENT)
194 bool SE_isCommandCompleted(void);
195 uint32_t SE_readExecutedCommand(void);
196 SE_Response_t SE_readCommandResponse(void);
197 #endif // #if defined(SEMAILBOX_PRESENT)
198
199 #if !defined(SLI_EM_SE_HOST)
200 __STATIC_INLINE void SE_waitCommandCompletion(void);
201 __STATIC_INLINE void SE_disableInterrupt(uint32_t flags);
202 __STATIC_INLINE void SE_enableInterrupt(uint32_t flags);
203 #endif // #if !defined(SLI_EM_SE_HOST)
204
205 #if defined(SEMAILBOX_PRESENT)
206 /***************************************************************************//**
207 * @brief
208 * Check whether the running command has completed.
209 *
210 * @details
211 * This function polls the SE-to-host mailbox interrupt flag.
212 *
213 * @return True if a command has completed and the result is available
214 ******************************************************************************/
SE_isCommandCompleted(void)215 __STATIC_INLINE bool SE_isCommandCompleted(void)
216 {
217 return (bool)(SEMAILBOX_HOST->RX_STATUS & SEMAILBOX_RX_STATUS_RXINT);
218 }
219 #endif // #if defined(SEMAILBOX_PRESENT)
220
221 #if defined(SEMAILBOX_PRESENT)
222 /***************************************************************************//**
223 * @brief
224 * Read the status of the previously executed command.
225 *
226 * @details
227 * This function reads the status of the previously executed command.
228 *
229 * @note
230 * The command response needs to be read for every executed command, and can
231 * only be read once per executed command (FIFO behavior).
232 *
233 * @return
234 * One of the SE_RESPONSE return codes:
235 * SE_RESPONSE_OK when the command was executed successfully or a signature
236 * was successfully verified.
237 ******************************************************************************/
SE_readCommandResponse(void)238 __STATIC_INLINE SE_Response_t SE_readCommandResponse(void)
239 {
240 SE_waitCommandCompletion();
241 return (SE_Response_t)(SEMAILBOX_HOST->RX_HEADER & SE_RESPONSE_MASK);
242 }
243 #endif // #if defined(SEMAILBOX_PRESENT)
244
245 #if !defined(SLI_EM_SE_HOST)
246 /***************************************************************************//**
247 * @brief
248 * Wait for completion of the current command.
249 *
250 * @details
251 * This function "busy"-waits until the execution of the ongoing instruction
252 * has completed.
253 ******************************************************************************/
SE_waitCommandCompletion(void)254 __STATIC_INLINE void SE_waitCommandCompletion(void)
255 {
256 /* Wait for completion */
257 while (!SE_isCommandCompleted()) {
258 }
259 }
260
261 /***************************************************************************//**
262 * @brief
263 * Disable one or more SE interrupts.
264 *
265 * @param[in] flags
266 * SE interrupt sources to disable. Use a bitwise logic OR combination of
267 * valid interrupt flags for the Secure Element module
268 * (SE_CONFIGURATION_(TX/RX)INTEN).
269 ******************************************************************************/
SE_disableInterrupt(uint32_t flags)270 __STATIC_INLINE void SE_disableInterrupt(uint32_t flags)
271 {
272 #if defined(SEMAILBOX_PRESENT)
273 SEMAILBOX_HOST->CONFIGURATION &= ~flags;
274 #else
275 (void) flags;
276 #endif
277 }
278
279 /***************************************************************************//**
280 * @brief
281 * Enable one or more SE interrupts.
282 *
283 * @param[in] flags
284 * SE interrupt sources to enable. Use a bitwise logic OR combination of
285 * valid interrupt flags for the Secure Element module
286 * (SEMAILBOX_CONFIGURATION_TXINTEN or SEMAILBOX_CONFIGURATION_RXINTEN).
287 ******************************************************************************/
SE_enableInterrupt(uint32_t flags)288 __STATIC_INLINE void SE_enableInterrupt(uint32_t flags)
289 {
290 #if defined(SEMAILBOX_PRESENT)
291 SEMAILBOX_HOST->CONFIGURATION |= flags;
292 #else
293 (void) flags;
294 #endif
295 }
296
297 #endif // #if !defined(SLI_EM_SE_HOST)
298
299 /*******************************************************************************
300 ***************************** DEPRECATED *********************************
301 ******************************************************************************/
302
303 /***************************************************************************//**
304 * @addtogroup se_deprecated Deprecated Functions
305 * @brief Deprecated Functions
306 *
307 * @deprecated
308 * The following functions have been deprecated and will be removed in a
309 * future version of EMLIB. All high-level functionality have been moved to
310 * the SE manager.
311 *
312 * @{
313 ******************************************************************************/
314
315 /*******************************************************************************
316 ****************************** DEFINES ***********************************
317 ******************************************************************************/
318
319 #if !defined(SLI_EM_SE_HOST)
320 /** @cond DO_NOT_INCLUDE_WITH_DOXYGEN */
321 #if defined(SEMAILBOX_PRESENT)
322 /* Command words for the Security Engine. */
323 #if (defined(_SILICON_LABS_SECURITY_FEATURE) \
324 && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
325 #define SE_COMMAND_WRAP_KEY 0x01000000UL
326 #define SE_COMMAND_UNWRAP_KEY 0x01020000UL
327 #define SE_COMMAND_TRANSFER_KEY 0x01060000UL
328 #endif /* _SILICON_LABS_SECURITY_FEATURE_VAULT */
329
330 #define SE_COMMAND_CREATE_KEY 0x02000000UL
331 #define SE_COMMAND_READPUB_KEY 0x02010000UL
332
333 #if (defined(_SILICON_LABS_SECURITY_FEATURE) \
334 && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
335 #define SE_COMMAND_DERIVE_KEY_PBKDF2 0x02020002UL
336 #define SE_COMMAND_DERIVE_KEY_HKDF 0x02020003UL
337 #endif /* _SILICON_LABS_SECURITY_FEATURE_VAULT */
338
339 #define SE_COMMAND_HASH 0x03000000UL
340 #define SE_COMMAND_HASHUPDATE 0x03010000UL
341 #define SE_COMMAND_HMAC 0x03020000UL
342
343 #define SE_COMMAND_AES_ENCRYPT 0x04000000UL
344 #define SE_COMMAND_AES_DECRYPT 0x04010000UL
345 #define SE_COMMAND_AES_GCM_ENCRYPT 0x04020000UL
346 #define SE_COMMAND_AES_GCM_DECRYPT 0x04030000UL
347 #define SE_COMMAND_AES_CMAC 0x04040000UL
348 #define SE_COMMAND_AES_CCM_ENCRYPT 0x04050000UL
349 #define SE_COMMAND_AES_CCM_DECRYPT 0x04060000UL
350
351 #define SE_COMMAND_SIGNATURE_SIGN 0x06000000UL
352 #define SE_COMMAND_SIGNATURE_VERIFY 0x06010000UL
353 #if (defined(_SILICON_LABS_SECURITY_FEATURE) \
354 && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
355 #define SE_COMMAND_EDDSA_SIGN 0x06020000UL
356 #define SE_COMMAND_EDDSA_VERIFY 0x06030000UL
357 #endif /* _SILICON_LABS_SECURITY_FEATURE_VAULT */
358
359 #define SE_COMMAND_TRNG_GET_RANDOM 0x07000000UL
360 #define SE_COMMAND_READ_CLOCK 0x07020000UL
361
362 #if (defined(_SILICON_LABS_SECURITY_FEATURE) \
363 && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
364 #define SE_COMMAND_ATTEST_CERTIFY 0x0A000000UL
365 #define SE_COMMAND_ATTEST_TIME 0x0A010000UL
366 #define SE_COMMAND_ATTEST_PUBKEY 0x0A020000UL
367 #endif /* _SILICON_LABS_SECURITY_FEATURE_VAULT */
368
369 #define SE_COMMAND_JPAKE_R1_GENERATE 0x0B000000UL
370 #define SE_COMMAND_JPAKE_R1_VERIFY 0x0B000100UL
371 #define SE_COMMAND_JPAKE_R2_GENERATE 0x0B010000UL
372 #define SE_COMMAND_JPAKE_R2_VERIFY 0x0B010100UL
373 #define SE_COMMAND_JPAKE_GEN_SESSIONKEY 0x0B020000UL
374
375 #if (defined(_SILICON_LABS_SECURITY_FEATURE) \
376 && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
377 #define SE_COMMAND_AEAD_ENCRYPT 0x0C000000UL
378 #define SE_COMMAND_AEAD_DECRYPT 0x0C010000UL
379 #define SE_COMMAND_CHACHA20_ENCRYPT 0x0C020000UL
380 #define SE_COMMAND_CHACHA20_DECRYPT 0x0C030000UL
381 #define SE_COMMAND_POLY1305_KEY_MAC 0x0C040000UL
382 #endif /* _SILICON_LABS_SECURITY_FEATURE_VAULT */
383
384 #define SE_COMMAND_DH 0x0E000000UL
385
386 #endif // #if defined(SEMAILBOX_PRESENT)
387
388 #define SE_COMMAND_CHECK_SE_IMAGE 0x43020000UL
389 #define SE_COMMAND_APPLY_SE_IMAGE 0x43030000UL
390 #define SE_COMMAND_STATUS_SE_IMAGE 0x43040000UL
391 #define SE_COMMAND_CHECK_HOST_IMAGE 0x43050001UL
392 #define SE_COMMAND_APPLY_HOST_IMAGE 0x43060001UL
393 #define SE_COMMAND_STATUS_HOST_IMAGE 0x43070000UL
394
395 #if defined(SEMAILBOX_PRESENT)
396
397 #define SE_COMMAND_STATUS_SE_VERSION 0x43080000UL
398 #define SE_COMMAND_STATUS_OTP_VERSION 0x43080100UL
399
400 #define SE_COMMAND_WRITE_USER_DATA 0x43090000UL
401 #define SE_COMMAND_ERASE_USER_DATA 0x430A0000UL
402
403 #define SE_COMMAND_DBG_LOCK_APPLY 0x430C0000
404 #define SE_COMMAND_DBG_LOCK_ENABLE_SECURE 0x430D0000
405 #define SE_COMMAND_DBG_LOCK_DISABLE_SECURE 0x430E0000
406 #define SE_COMMAND_DEVICE_ERASE 0x430F0000
407 #define SE_COMMAND_DEVICE_ERASE_DISABLE 0x43100000
408 #define SE_COMMAND_DBG_LOCK_STATUS 0x43110000
409
410 #define SE_COMMAND_PROTECTED_REGISTER 0x43210000
411
412 #define SE_COMMAND_GET_CHALLENGE 0xFD000000UL
413 #define SE_COMMAND_ROLL_CHALLENGE 0xFD000100UL
414 #define SE_COMMAND_OPEN_DEBUG 0xFD010001UL
415 #define SE_COMMAND_DISABLE_TAMPER 0xFD020001UL
416
417 #define SE_COMMAND_READ_SERIAL 0xFE000000UL
418 #define SE_COMMAND_GET_STATUS 0xFE010000UL
419 #define SE_COMMAND_READ_PUBKEYBOOT 0xFE020001UL
420
421 #define SE_COMMAND_SET_UPGRADEFLAG_SE 0xFE030000UL
422 #define SE_COMMAND_SET_UPGRADEFLAG_HOST 0xFE030001UL
423
424 #define SE_COMMAND_INIT_PUBKEY_SIGNATURE 0xFF090001UL
425 #define SE_COMMAND_READ_PUBKEY_SIGNATURE 0xFF0A0001UL
426 #endif /* SEMAILBOX_PRESENT */
427
428 #if defined(SEMAILBOX_PRESENT)
429 /* Command options for the Secure Element commands. */
430 /** Use MD5 as hash algorithm */
431 #define SE_COMMAND_OPTION_HASH_MD5 0x00000100UL
432 /** Use SHA1 as hash algorithm */
433 #define SE_COMMAND_OPTION_HASH_SHA1 0x00000200UL
434 /** Use SHA224 as hash algorithm */
435 #define SE_COMMAND_OPTION_HASH_SHA224 0x00000300UL
436 /** Use SHA256 as hash algorithm */
437 #define SE_COMMAND_OPTION_HASH_SHA256 0x00000400UL
438
439 #if (defined(_SILICON_LABS_SECURITY_FEATURE) \
440 && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
441 /** Use SHA384 as hash algorithm */
442 #define SE_COMMAND_OPTION_HASH_SHA384 0x00000500UL
443 /** Use SHA512 as hash algorithm */
444 #define SE_COMMAND_OPTION_HASH_SHA512 0x00000600UL
445 #endif /* _SILICON_LABS_SECURITY_FEATURE_VAULT */
446
447 /** Execute algorithm in ECB mode */
448 #define SE_COMMAND_OPTION_MODE_ECB 0x00000100UL
449 /** Execute algorithm in CBC mode */
450 #define SE_COMMAND_OPTION_MODE_CBC 0x00000200UL
451 /** Execute algorithm in CTR mode */
452 #define SE_COMMAND_OPTION_MODE_CTR 0x00000300UL
453 /** Execute algorithm in CFB mode */
454 #define SE_COMMAND_OPTION_MODE_CFB 0x00000400UL
455 /** Execute algorithm in OFB mode */
456 #define SE_COMMAND_OPTION_MODE_OFB 0x00000500UL
457 /** Execute algorithm in XTS mode */
458 #define SE_COMMAND_OPTION_MODE_XTS 0x00000800UL
459
460 #define SE_COMMAND_OPTION_CERT_DEVICE 0x00000100UL
461 #define SE_COMMAND_OPTION_CERT_BATCH 0x00000200UL
462 #define SE_COMMAND_OPTION_CERT_FACTORY 0x00000300UL
463
464 /** Pubkey type */
465 #define SE_KEY_TYPE_ROOT 0x00000300UL
466
467 /** Run the whole algorithm, all data present */
468 #define SE_COMMAND_OPTION_CONTEXT_WHOLE 0x00000000UL
469 /** Start the algorithm, but get a context to later add more data */
470 #define SE_COMMAND_OPTION_CONTEXT_START 0x00000001UL
471 /** End the algorithm, get the result */
472 #define SE_COMMAND_OPTION_CONTEXT_END 0x00000002UL
473 /** Add more data input to the algorithm. Need to supply previous context,
474 * and get a context back */
475 #define SE_COMMAND_OPTION_CONTEXT_ADD 0x00000003UL
476
477 /** Padding options for signature functionality. */
478 #define SE_COMMAND_OPTION_PADDING_NONE 0x00000000UL
479 #define SE_COMMAND_OPTION_PADDING_EMSA_PKCS 0x00000003UL
480 #define SE_COMMAND_OPTION_PADDING_PSS 0x00000004UL
481
482 /* Special parameters for the Secure Element commands. */
483 #define SE_COMMAND_OPTION_READ 0x00000000UL
484 #define SE_COMMAND_OPTION_WRITE 0x00000100UL
485
486 /** Magic parameter for deleting user data */
487 #define SE_COMMAND_OPTION_ERASE_UD 0xDE1E7EADUL
488
489 #endif /* SEMAILBOX_PRESENT */
490
491 /** Pubkey types */
492 #define SE_KEY_TYPE_BOOT 0x00000100UL
493 #define SE_KEY_TYPE_AUTH 0x00000200UL
494
495 #define SE_COMMAND_INIT_OTP 0xFF000001UL
496 #define SE_COMMAND_INIT_PUBKEY 0xFF070001UL
497
498 #define SE_COMMAND_READ_PUBKEY 0xFF080001UL
499
500 /**
501 * Command was not recognized as a valid command, or is not allowed in the
502 * current context.
503 */
504 #define SE_RESPONSE_INVALID_COMMAND 0x00010000UL
505 /**
506 * User did not provide the required credentials to be allowed to execute the
507 * command.
508 */
509 #define SE_RESPONSE_AUTHORIZATION_ERROR 0x00020000UL
510 /**
511 * Signature validation command (e.g. SE_COMMAND_SIGNATURE_VERIFY) failed to
512 * verify the given signature as being correct.
513 */
514 #define SE_RESPONSE_INVALID_SIGNATURE 0x00030000UL
515 /** A command started in non-secure mode is trying to access secure memory. */
516 #define SE_RESPONSE_BUS_ERROR 0x00040000UL
517 /** Internal error */
518 #define SE_RESPONSE_INTERNAL_ERROR 0x00050000UL
519 /** An internal error was raised and the command did not execute. */
520 #define SE_RESPONSE_CRYPTO_ERROR 0x00060000UL
521 /** One of the passed parameters is deemed invalid (e.g. out of bounds). */
522 #define SE_RESPONSE_INVALID_PARAMETER 0x00070000UL
523 /** Failure while checking the host for secure boot */
524 #define SE_RESPONSE_SECUREBOOT_ERROR 0x00090000UL
525 /** Failure during selftest */
526 #define SE_RESPONSE_SELFTEST_ERROR 0x000A0000UL
527 /** Feature/item not initialized or not present */
528 #define SE_RESPONSE_NOT_INITIALIZED 0x000B0000UL
529 /* Abort status code is given when no operation is attempted. */
530 #define SE_RESPONSE_ABORT 0x00FF0000UL
531
532 /** @endcond */
533
534 /*******************************************************************************
535 ****************************** TYPEDEFS ***********************************
536 ******************************************************************************/
537
538 /** SE OTP initialization struct */
539 typedef struct {
540 /** Enable secure boot for the host. */
541 bool enableSecureBoot;
542 /** Require certificate based secure boot signing. */
543 bool verifySecureBootCertificate;
544 /** Enable anti-rollback for host application upgrades. */
545 bool enableAntiRollback;
546
547 /** Set flag to enable locking down all flash pages that cover the
548 * secure-booted image, except the last page if end of signature is not
549 * page-aligned. */
550 bool secureBootPageLockNarrow;
551 /** Set flag to enable locking down all flash pages that cover the
552 * secure-booted image, including the last page if end of signature is not
553 * page-aligned. */
554 bool secureBootPageLockFull;
555 } SE_OTPInit_t;
556
557 /** SE debug status */
558 typedef struct {
559 /** Whether debug lock is enabled */
560 bool debugLockEnabled;
561 /** Whether device erase is enabled */
562 bool deviceEraseEnabled;
563 /** Whether secure debug is enabled */
564 bool secureDebugEnabled;
565 } SE_DebugStatus_t;
566
567 /** SE status */
568 typedef struct {
569 /** Boot status code / error code (Bits [7:0]). */
570 uint32_t bootStatus;
571 /** SE firmware version. */
572 uint32_t seFwVersion;
573 /** Host firmware version (if available). */
574 uint32_t hostFwVersion;
575 /** Debug lock status. */
576 SE_DebugStatus_t debugStatus;
577 /** Secure boot enabled. */
578 bool secureBootEnabled;
579 } SE_Status_t;
580
581 /*******************************************************************************
582 ***************************** PROTOTYPES **********************************
583 ******************************************************************************/
584
585 SE_Response_t SE_initOTP(SE_OTPInit_t *otp_init) SL_DEPRECATED_API_SDK_3_0;
586
587 SE_Response_t SE_initPubkey(uint32_t key_type,
588 void* pubkey,
589 uint32_t numBytes,
590 bool signature)
591 SL_DEPRECATED_API_SDK_3_0;
592
593 SE_Response_t SE_initPubkey(uint32_t key_type,
594 void* pubkey,
595 uint32_t numBytes,
596 bool signature) SL_DEPRECATED_API_SDK_4_4;
597
598 #if defined(SEMAILBOX_PRESENT)
599
600 // User data commands
601 SE_Response_t SE_writeUserData(uint32_t offset,
602 void *data,
603 uint32_t numBytes)
604 SL_DEPRECATED_API_SDK_3_0;
605
606 SE_Response_t SE_eraseUserData(void) SL_DEPRECATED_API_SDK_3_0;
607
608 // Initialization commands
609 SE_Response_t SE_readPubkey(uint32_t key_type,
610 void* pubkey,
611 uint32_t numBytes,
612 bool signature) SL_DEPRECATED_API_SDK_4_4;
613
614 // Debug commands
615 SE_Response_t SE_debugLockStatus(SE_DebugStatus_t *status) SL_DEPRECATED_API_SDK_3_0;
616 SE_Response_t SE_debugLockApply(void) SL_DEPRECATED_API_SDK_3_0;
617 SE_Response_t SE_debugSecureEnable(void) SL_DEPRECATED_API_SDK_3_0;
618 SE_Response_t SE_debugSecureDisable(void) SL_DEPRECATED_API_SDK_3_0;
619 SE_Response_t SE_deviceEraseDisable(void) SL_DEPRECATED_API_SDK_3_0;
620 SE_Response_t SE_deviceErase(void) SL_DEPRECATED_API_SDK_3_0;
621
622 // Device status commands
623 SE_Response_t SE_getStatus(SE_Status_t *output) SL_DEPRECATED_API_SDK_3_0;
624 SE_Response_t SE_serialNumber(void *serial) SL_DEPRECATED_API_SDK_3_0;
625
626 #endif // #if defined(SEMAILBOX_PRESENT)
627 #endif // #if !defined(SLI_EM_SE_HOST)
628
629 /** @} (end addtogroup se_deprecated) */
630
631 #ifdef __cplusplus
632 }
633 #endif
634
635 /** @} (end addtogroup se) */
636
637 #endif /* defined(SEMAILBOX_PRESENT)
638 || defined(_SILICON_LABS_32B_SERIES_2_CONFIG_2) */
639
640 #endif /* EM_SE_H */
641
