1 /***************************************************************************//** 2 * @file 3 * @brief Silicon Labs Secure Engine Manager API definitions 4 ******************************************************************************* 5 * # License 6 * <b>Copyright 2020 Silicon Laboratories Inc. www.silabs.com</b> 7 ******************************************************************************* 8 * 9 * SPDX-License-Identifier: Zlib 10 * 11 * The licensor of this software is Silicon Laboratories Inc. 12 * 13 * This software is provided 'as-is', without any express or implied 14 * warranty. In no event will the authors be held liable for any damages 15 * arising from the use of this software. 16 * 17 * Permission is granted to anyone to use this software for any purpose, 18 * including commercial applications, and to alter it and redistribute it 19 * freely, subject to the following restrictions: 20 * 21 * 1. The origin of this software must not be misrepresented; you must not 22 * claim that you wrote the original software. If you use this software 23 * in a product, an acknowledgment in the product documentation would be 24 * appreciated but is not required. 25 * 2. Altered source versions must be plainly marked as such, and must not be 26 * misrepresented as being the original software. 27 * 3. This notice may not be removed or altered from any source distribution. 28 * 29 ******************************************************************************/ 30 #ifndef SL_SE_MANAGER_DEFINES_H 31 #define SL_SE_MANAGER_DEFINES_H 32 33 #include "sli_se_manager_features.h" 34 35 #if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) 36 37 #if !defined(SLI_SE_MANAGER_HOST_SYSTEM) 38 #if !defined(SL_TRUSTZONE_NONSECURE) 39 #if !defined(SE_MANAGER_CONFIG_FILE) 40 #include "sl_se_manager_config.h" 41 #else 42 #include SE_MANAGER_CONFIG_FILE 43 #endif // SE_MANAGER_CONFIG_FILE 44 #endif // SL_TRUSTZONE_NONSECURE 45 #endif // SLI_SE_MANAGER_HOST_SYSTEM 46 47 #if defined (SL_COMPONENT_CATALOG_PRESENT) 48 #include "sl_component_catalog.h" 49 #endif 50 51 /// @addtogroup sl_se_manager 52 /// @{ 53 54 #include <stdbool.h> 55 56 #ifdef __cplusplus 57 extern "C" { 58 #endif 59 60 // ----------------------------------------------------------------------------- 61 // Defines 62 63 /// @addtogroup sl_se_manager_core 64 /// @{ 65 66 /// Context initialization values. Some of the context values are not fully 67 /// initialized. The user will need to call the corresponding initialization 68 /// function in order to fully initialize the context objects for further use 69 /// in the SE Manager API. The purpose of these initialization values is to set 70 /// the context objects to a known safe state initially when the context object 71 /// is declared. 72 #define SL_SE_COMMAND_CONTEXT_INIT { SLI_SE_MAILBOX_COMMAND_DEFAULT(0), false } 73 74 /// @} (end addtogroup sl_se_manager_core) 75 76 /// @addtogroup sl_se_manager_util 77 /// @{ 78 79 /// Default configuration for OTP initialisation structure. 80 #if defined(SLI_MAILBOX_COMMAND_SUPPORTED) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) 81 #define SL_SE_OTP_INIT_DEFAULT \ 82 { \ 83 .enable_secure_boot = false, \ 84 .verify_secure_boot_certificate = false, \ 85 .enable_anti_rollback = false, \ 86 .secure_boot_page_lock_narrow = false, \ 87 .secure_boot_page_lock_full = false, \ 88 .tamper_levels = { 0 }, \ 89 .tamper_filter_period = SL_SE_TAMPER_FILTER_PERIOD_2MIN, \ 90 .tamper_filter_threshold = SL_SE_TAMPER_FILTER_THRESHOLD_4, \ 91 .tamper_flags = 0, \ 92 .tamper_reset_threshold = 5 \ 93 } 94 #else 95 #define SL_SE_OTP_INIT_DEFAULT \ 96 { \ 97 .enable_secure_boot = false, \ 98 .verify_secure_boot_certificate = false, \ 99 .enable_anti_rollback = false, \ 100 .secure_boot_page_lock_narrow = false, \ 101 .secure_boot_page_lock_full = false \ 102 } 103 #endif 104 105 /// @} (end addtogroup sl_se_manager_util) 106 107 #if defined(SLI_MAILBOX_COMMAND_SUPPORTED) 108 // ------------------------------- 109 // Defines for SE functionality 110 111 /// @addtogroup sl_se_manager_key_handling 112 /// @{ 113 114 /// Asymmetric key can only be used for signing (not key exchange) 115 #define SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY (1UL << 10) 116 /// Described key belongs to a custom ECC domain 117 #define SL_SE_KEY_FLAG_ASYMMETRIC_USES_CUSTOM_DOMAIN (1UL << 12) 118 /// Storage buffer contains public part of an asymmetric key 119 #define SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY (1UL << 13) 120 /// Storage buffer contains private part of an asymmetric key 121 #define SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PRIVATE_KEY (1UL << 14) 122 /// Allow usage of this key by other bus masters or TrustZone levels than the 123 /// one which created/imported the key 124 #define SL_SE_KEY_FLAG_ALLOW_ANY_ACCESS (1UL << 15) 125 /// Old definition. Retained for backwards compatibility. 126 #define SL_SE_KEY_FLAG_ASYMMMETRIC_SIGNING_ONLY \ 127 (SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY) 128 129 /// Do not allow exporting the key to plaintext 130 #define SL_SE_KEY_FLAG_NON_EXPORTABLE (1UL << 24) 131 /// Indicate that the key has been generated by this device. This flag is only 132 /// valid when using the SE to generate a key and makes it non-exportable. 133 #define SL_SE_KEY_FLAG_IS_DEVICE_GENERATED (1UL << 25) 134 /// Indicate that the key can only be used to sign SE generated content. This 135 /// flag is only valid when using the SE to generate a key and makes it 136 /// non-exportable. 137 #define SL_SE_KEY_FLAG_IS_RESTRICTED (1UL << 25 | 1UL << 24) 138 139 /// Mask for algorithm field in key type 140 #define SL_SE_KEY_TYPE_ALGORITHM_MASK 0xf0000000 141 /// Offset of algorithm field in key type 142 #define SL_SE_KEY_TYPE_ALGORITHM_OFFSET 28 143 /// Mask for attributes field in key type 144 #define SL_SE_KEY_TYPE_ATTRIBUTES_MASK 0x00007fff 145 /// Offset of attributes field in key type 146 #define SL_SE_KEY_TYPE_ATTRIBUTES_OFFSET 0 147 148 /// Symmetric key type 149 #define SL_SE_KEY_TYPE_SYMMETRIC 0x00000000 150 /// Symmetric key type for AES-128 (16 byte key) 151 #define SL_SE_KEY_TYPE_AES_128 0x00000010 152 /// Symmetric key type for AES-192 (24 byte key) 153 #define SL_SE_KEY_TYPE_AES_192 0x00000018 154 /// Symmetric key type for AES-256 (32 byte key) 155 #define SL_SE_KEY_TYPE_AES_256 0x00000020 156 157 /// ECC Weierstrass Prime key type 158 #define SL_SE_KEY_TYPE_ECC_WEIERSTRASS_PRIME_CUSTOM (0x8U << SL_SE_KEY_TYPE_ALGORITHM_OFFSET) 159 /// ECC Montgomery key type 160 #define SL_SE_KEY_TYPE_ECC_MONTGOMERY (0xbU << SL_SE_KEY_TYPE_ALGORITHM_OFFSET) 161 /// EDDSA key type 162 #define SL_SE_KEY_TYPE_ECC_EDDSA (0xcU << SL_SE_KEY_TYPE_ALGORITHM_OFFSET) 163 164 /// ECC NIST P-192 165 #define SL_SE_KEY_TYPE_ECC_P192 (SL_SE_KEY_TYPE_ECC_WEIERSTRASS_PRIME_CUSTOM | (0x18)) 166 /// ECC NIST P-224 167 #define SL_SE_KEY_TYPE_ECC_P224 (SL_SE_KEY_TYPE_ECC_WEIERSTRASS_PRIME_CUSTOM | (0x1C)) 168 /// ECC NIST P-256 169 #define SL_SE_KEY_TYPE_ECC_P256 (SL_SE_KEY_TYPE_ECC_WEIERSTRASS_PRIME_CUSTOM | (0x20)) 170 171 /// ECC Ed25519 key for EdDSA 172 #define SL_SE_KEY_TYPE_ECC_ED25519 (SL_SE_KEY_TYPE_ECC_EDDSA | (0x20)) 173 174 /// ECC X25519 key for ECDH 175 #define SL_SE_KEY_TYPE_ECC_X25519 (SL_SE_KEY_TYPE_ECC_MONTGOMERY | (0x20)) 176 177 #if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) 178 /// Symmetric key type for ChaCha20 179 #define SL_SE_KEY_TYPE_CHACHA20 0x00000020 180 181 /// ECC NIST P-384 182 #define SL_SE_KEY_TYPE_ECC_P384 (SL_SE_KEY_TYPE_ECC_WEIERSTRASS_PRIME_CUSTOM | (0x30)) 183 /// ECC NIST P-521 184 #define SL_SE_KEY_TYPE_ECC_P521 (SL_SE_KEY_TYPE_ECC_WEIERSTRASS_PRIME_CUSTOM | (0x42)) 185 186 /// ECC X448 key for ECDH 187 #define SL_SE_KEY_TYPE_ECC_X448 (SL_SE_KEY_TYPE_ECC_MONTGOMERY | (0x38)) 188 189 /// ECC Ed448 key for EdDSA 190 #define SL_SE_KEY_TYPE_ECC_ED448 (SL_SE_KEY_TYPE_ECC_EDDSA | (0x38)) 191 192 #endif 193 194 /// Key storage methods 195 196 /// Key is stored in a plaintext buffer in application memory. Application 197 /// can save its in-memory buffer to non-volatile memory as needed to 198 /// provide key persistence. 199 #define SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT 0x00 200 #if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) 201 /// Key is stored encrypted in application memory. This ensures the key in 202 /// wrapped form is only usable on a specific device. If the key 203 /// additionally needs to be prevented from ever being output as plaintext, 204 /// also set the corresponding permission bit. Application can save its 205 /// in-memory buffer to non-volatile memory as needed to provide key 206 /// persistence. 207 /// Keys stored in this way should use the flag 208 /// SL_SE_KEY_FLAG_NON_EXPORTABLE unless there is a specific need to access 209 /// the key value outside the SE. 210 #define SL_SE_KEY_STORAGE_EXTERNAL_WRAPPED 0x01 211 /// Key is stored inside the SE, and will persist until system reset or 212 /// explicitly deleted. 213 /// Keys stored in this way should use the flag 214 /// SL_SE_KEY_FLAG_NON_EXPORTABLE unless there is a specific need to access 215 /// the key value outside the SE. 216 #define SL_SE_KEY_STORAGE_INTERNAL_VOLATILE 0x02 217 #endif 218 /// Key is one of the pre-defined keys (pre-loaded or write-once) available 219 /// in the SE. See documentation for a list of available keys. 220 #define SL_SE_KEY_STORAGE_INTERNAL_IMMUTABLE 0x03 221 222 /// List of available internal SE key slots 223 #if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) 224 #define SL_SE_KEY_SLOT_VOLATILE_0 0x00 ///< Internal volatile slot 0 225 #define SL_SE_KEY_SLOT_VOLATILE_1 0x01 ///< Internal volatile slot 1 226 #define SL_SE_KEY_SLOT_VOLATILE_2 0x02 ///< Internal volatile slot 2 227 #define SL_SE_KEY_SLOT_VOLATILE_3 0x03 ///< Internal volatile slot 3 228 #endif 229 230 #if defined(SLI_SE_SUPPORTS_NVM3_INTERNAL_KEY) 231 /// Minimum key slot value for internal keys 232 #define SL_SE_KEY_SLOT_INTERNAL_MIN 0xF6 233 /// Internal NVM3 key 234 #define SL_SE_KEY_SLOT_NVM3_KEY 0xF6 235 #else 236 /// Minimum key slot value for internal keys 237 #define SL_SE_KEY_SLOT_INTERNAL_MIN 0xF7 238 #endif 239 /// Internal TrustZone root key 240 #define SL_SE_KEY_SLOT_TRUSTZONE_ROOT_KEY 0xF7 241 /// Internal immutable application secure debug key 242 #define SL_SE_KEY_SLOT_APPLICATION_SECURE_DEBUG_KEY 0xF8 243 /// Internal immutable application AES-128 key (bootloader key) 244 #define SL_SE_KEY_SLOT_APPLICATION_AES_128_KEY 0xFA 245 /// Internal immutable application secure boot key 246 #define SL_SE_KEY_SLOT_APPLICATION_SECURE_BOOT_KEY 0xFC 247 /// Internal immutable application attestation key 248 #define SL_SE_KEY_SLOT_APPLICATION_ATTESTATION_KEY 0xFE 249 /// Internal immutable SE attestation key 250 #define SL_SE_KEY_SLOT_SE_ATTESTATION_KEY 0xFF 251 252 /// Size overhead for wrapped keys 253 #define SLI_SE_WRAPPED_KEY_OVERHEAD (12 + 16) 254 /// @} (end addtogroup sl_se_manager_key_handling) 255 256 /// @addtogroup sl_se_manager_key_derivation 257 /// @{ 258 259 /// Defines mapping the PBKDF2 PRFs to corresponding sl_se_hash_type_t values. 260 #define SL_SE_PRF_AES_CMAC_128 SL_SE_HASH_NONE ///< CMAC-AES-128 261 #define SL_SE_PRF_HMAC_SHA1 SL_SE_HASH_SHA1 ///< HMAC-SHA-1 262 #define SL_SE_PRF_HMAC_SHA224 SL_SE_HASH_SHA224 ///< HMAC-SHA-224 263 #define SL_SE_PRF_HMAC_SHA256 SL_SE_HASH_SHA256 ///< HMAC-SHA-256 264 #define SL_SE_PRF_HMAC_SHA384 SL_SE_HASH_SHA384 ///< HMAC-SHA-384 265 #define SL_SE_PRF_HMAC_SHA512 SL_SE_HASH_SHA512 ///< HMAC-SHA-512 266 267 /// @} (end addtogroup sl_se_manager_key_derivation) 268 269 /// @addtogroup sl_se_manager_util 270 /// @{ 271 272 /// SE Challenge size 273 #define SL_SE_CHALLENGE_SIZE 16 274 275 /// Certificate key size 276 #define SL_SE_CERT_KEY_SIZE 64 277 278 /// Certificate signature size 279 #define SL_SE_CERT_SIGN_SIZE 64 280 281 /// Batch ID certificate 282 #define SL_SE_CERT_BATCH 0x01 283 /// SE ID certificate 284 #define SL_SE_CERT_DEVICE_SE 0x02 285 /// Host ID certificate 286 #define SL_SE_CERT_DEVICE_HOST 0x03 287 288 /// @addtogroup sl_se_manager_util_tamper Tamper options 289 /// @brief 290 /// Tamper configuration options. Levels, signals and filter options. 291 /// @{ 292 293 // SE tamper signal levels 294 #define SL_SE_TAMPER_LEVEL_IGNORE 0 ///< No action taken 295 #define SL_SE_TAMPER_LEVEL_INTERRUPT 1 ///< Generate interrupt 296 #define SL_SE_TAMPER_LEVEL_FILTER 2 ///< Increment filter counter 297 #define SL_SE_TAMPER_LEVEL_RESET 4 ///< System reset 298 #define SL_SE_TAMPER_LEVEL_PERMANENTLY_ERASE_OTP 7 ///< Erase OTP - THIS WILL MAKE THE DEVICE INOPERATIONAL! 299 300 // SE tamper signals 301 #if defined(SLI_SE_MAJOR_VERSION_ONE) 302 303 #define SL_SE_TAMPER_SIGNAL_RESERVED_1 0x0 ///< Reserved tamper signal 304 #define SL_SE_TAMPER_SIGNAL_FILTER_COUNTER 0x1 ///< Filter counter exceeds threshold 305 #define SL_SE_TAMPER_SIGNAL_WATCHDOG 0x2 ///< SE watchdog timeout 306 #define SL_SE_TAMPER_SIGNAL_RESERVED_2 0x3 ///< Reserved tamper signal 307 #define SL_SE_TAMPER_SIGNAL_SE_RAM_CRC 0x4 ///< SE RAM CRC parity error 308 #define SL_SE_TAMPER_SIGNAL_SE_HARDFAULT 0x5 ///< SE CPU hardfault 309 #define SL_SE_TAMPER_SIGNAL_RESERVED_3 0x6 ///< Reserved tamper signal 310 #define SL_SE_TAMPER_SIGNAL_SE_SOFTWARE_ASSERTION 0x7 ///< SE software triggers an assert 311 #define SL_SE_TAMPER_SIGNAL_SE_SECURE_BOOT_FAILED 0x8 ///< Secure boot of SE firmware failed 312 #define SL_SE_TAMPER_SIGNAL_USER_SECURE_BOOT_FAILED 0x9 ///< Secure boot of user code failed 313 #define SL_SE_TAMPER_SIGNAL_MAILBOX_AUTHORIZATION_ERROR 0xA ///< Unauthorised command received over the Mailbox interface 314 #define SL_SE_TAMPER_SIGNAL_DCI_AUTHORIZATION_ERROR 0xB ///< Unauthorised command received over the DCI interface 315 #define SL_SE_TAMPER_SIGNAL_FLASH_INTEGRITY_ERROR 0xC ///< Flash content couldn't be properly authenticated 316 #define SL_SE_TAMPER_SIGNAL_RESERVED_4 0xD ///< Reserved tamper signal 317 #define SL_SE_TAMPER_SIGNAL_SELFTEST_FAILED 0xE ///< Integrity error of internal storage is detected 318 #define SL_SE_TAMPER_SIGNAL_TRNG_MONITOR 0xF ///< TRNG monitor detected lack of entropy 319 #define SL_SE_TAMPER_SIGNAL_PRS0 0x10 ///< PRS channel 0 asserted 320 #define SL_SE_TAMPER_SIGNAL_PRS1 0x11 ///< PRS channel 1 asserted 321 #define SL_SE_TAMPER_SIGNAL_PRS2 0x12 ///< PRS channel 2 asserted 322 #define SL_SE_TAMPER_SIGNAL_PRS3 0x13 ///< PRS channel 3 asserted 323 #define SL_SE_TAMPER_SIGNAL_PRS4 0x14 ///< PRS channel 4 asserted 324 #define SL_SE_TAMPER_SIGNAL_PRS5 0x15 ///< PRS channel 5 asserted 325 #define SL_SE_TAMPER_SIGNAL_PRS6 0x16 ///< PRS channel 6 asserted 326 #define SL_SE_TAMPER_SIGNAL_PRS7 0x17 ///< PRS channel 7 asserted 327 #define SL_SE_TAMPER_SIGNAL_DECOUPLE_BOD 0x18 ///< Decouple brown-out-detector threshold alert 328 #define SL_SE_TAMPER_SIGNAL_TEMPERATURE_SENSOR 0x19 ///< On-device temperature sensor detects operation outside datasheet specification 329 #define SL_SE_TAMPER_SIGNAL_VOLTAGE_GLITCH_FALLING 0x1A ///< Voltage glitch detector detected falling glitch 330 #define SL_SE_TAMPER_SIGNAL_VOLTAGE_GLITCH_RISING 0x1B ///< Voltage glitch detector detected rising glitch 331 #define SL_SE_TAMPER_SIGNAL_SECURE_LOCK_ERROR 0x1C ///< Debug lock internal logic check failed 332 #define SL_SE_TAMPER_SIGNAL_SE_DEBUG_GRANTED 0x1D ///< SE debug granted 333 #define SL_SE_TAMPER_SIGNAL_DIGITAL_GLITCH 0x1E ///< Digital glitch detector detected an event 334 #define SL_SE_TAMPER_SIGNAL_SE_ICACHE_ERROR 0x1F ///< SE ICACHE checksum error 335 #define SL_SE_TAMPER_SIGNAL_NUM_SIGNALS 0x20 ///< Number of tamper signals 336 337 #elif defined(_SILICON_LABS_32B_SERIES_2_CONFIG_5) || defined(_SILICON_LABS_32B_SERIES_2_CONFIG_9) 338 339 // SE tamper signals for xG25 and xG29, with ETAMPDET signal included. 340 #define SL_SE_TAMPER_SIGNAL_RESERVED_1 0x0 ///< Reserved tamper signal 341 #define SL_SE_TAMPER_SIGNAL_FILTER_COUNTER 0x1 ///< Filter counter exceeds threshold 342 #define SL_SE_TAMPER_SIGNAL_WATCHDOG 0x2 ///< SE watchdog timeout 343 #define SL_SE_TAMPER_SIGNAL_RESERVED_2 0x3 ///< Reserved tamper signal 344 #define SL_SE_TAMPER_SIGNAL_SE_RAM_ECC_2 0x4 ///< SE RAM 2-bit ECC error 345 #define SL_SE_TAMPER_SIGNAL_SE_HARDFAULT 0x5 ///< SE CPU hardfault 346 #define SL_SE_TAMPER_SIGNAL_RESERVED_3 0x6 ///< Reserved tamper signal 347 #define SL_SE_TAMPER_SIGNAL_SE_SOFTWARE_ASSERTION 0x7 ///< SE software triggers an assert 348 #define SL_SE_TAMPER_SIGNAL_SE_SECURE_BOOT_FAILED 0x8 ///< Secure boot of SE firmware failed 349 #define SL_SE_TAMPER_SIGNAL_USER_SECURE_BOOT_FAILED 0x9 ///< Secure boot of user code failed 350 #define SL_SE_TAMPER_SIGNAL_MAILBOX_AUTHORIZATION_ERROR 0xA ///< Unauthorised command received over the Mailbox interface 351 #define SL_SE_TAMPER_SIGNAL_DCI_AUTHORIZATION_ERROR 0xB ///< Unauthorised command received over the DCI interface 352 #define SL_SE_TAMPER_SIGNAL_FLASH_INTEGRITY_ERROR 0xC ///< Flash content couldn't be properly authenticated 353 #define SL_SE_TAMPER_SIGNAL_RESERVED_4 0xD ///< Reserved tamper signal 354 #define SL_SE_TAMPER_SIGNAL_SELFTEST_FAILED 0xE ///< Integrity error of internal storage is detected 355 #define SL_SE_TAMPER_SIGNAL_TRNG_MONITOR 0xF ///< TRNG monitor detected lack of entropy 356 #define SL_SE_TAMPER_SIGNAL_SECURE_LOCK_ERROR 0x10 ///< Debug lock internal logic check failed 357 #define SL_SE_TAMPER_ATAMPDET_EMPGD 0x11 ///< Electromagnetic pulse glitch detector 358 #define SL_SE_TAMPER_ATAMPDET_SUPGD 0x12 ///< Supply glitch detector 359 #define SL_SE_TAMPER_SE_ICACHE_ERROR 0x13 ///< SE ICache RAM error 360 #define SL_SE_TAMPER_SIGNAL_SE_RAM_ECC_1 0x14 ///< SE RAM 1-bit ECC error 361 #define SL_SE_TAMPER_SIGNAL_BOD 0x15 ///< Brown-out-detector threshold alert 362 #define SL_SE_TAMPER_SIGNAL_TEMPERATURE_SENSOR 0x16 ///< On-device temperature sensor 363 #define SL_SE_TAMPER_SIGNAL_DPLL_LOCK_FAIL_LOW 0x17 ///< DPLL lock fail low 364 #define SL_SE_TAMPER_SIGNAL_DPLL_LOCK_FAIL_HIGH 0x18 ///< DPLL lock fail high 365 #define SL_SE_TAMPER_SIGNAL_ETAMPDET 0x19 ///< External tamper detect 366 #define SL_SE_TAMPER_SIGNAL_PRS0 0x1a ///< PRS channel 0 asserted 367 #define SL_SE_TAMPER_SIGNAL_PRS1 0x1b ///< PRS channel 1 asserted 368 #define SL_SE_TAMPER_SIGNAL_PRS2 0x1c ///< PRS channel 2 asserted 369 #define SL_SE_TAMPER_SIGNAL_PRS3 0x1d ///< PRS channel 3 asserted 370 #define SL_SE_TAMPER_SIGNAL_PRS4 0x1e ///< PRS channel 4 asserted 371 #define SL_SE_TAMPER_SIGNAL_PRS5 0x1f ///< PRS channel 5 asserted 372 #define SL_SE_TAMPER_SIGNAL_NUM_SIGNALS 0x20 ///< Number of tamper signals 373 374 #else 375 376 // SE tamper signals 377 #define SL_SE_TAMPER_SIGNAL_RESERVED_1 0x0 ///< Reserved tamper signal 378 #define SL_SE_TAMPER_SIGNAL_FILTER_COUNTER 0x1 ///< Filter counter exceeds threshold 379 #define SL_SE_TAMPER_SIGNAL_WATCHDOG 0x2 ///< SE watchdog timeout 380 #define SL_SE_TAMPER_SIGNAL_RESERVED_2 0x3 ///< Reserved tamper signal 381 #define SL_SE_TAMPER_SIGNAL_SE_RAM_ECC_2 0x4 ///< SE RAM 2-bit ECC error 382 #define SL_SE_TAMPER_SIGNAL_SE_HARDFAULT 0x5 ///< SE CPU hardfault 383 #define SL_SE_TAMPER_SIGNAL_RESERVED_3 0x6 ///< Reserved tamper signal 384 #define SL_SE_TAMPER_SIGNAL_SE_SOFTWARE_ASSERTION 0x7 ///< SE software triggers an assert 385 #define SL_SE_TAMPER_SIGNAL_SE_SECURE_BOOT_FAILED 0x8 ///< Secure boot of SE firmware failed 386 #define SL_SE_TAMPER_SIGNAL_USER_SECURE_BOOT_FAILED 0x9 ///< Secure boot of user code failed 387 #define SL_SE_TAMPER_SIGNAL_MAILBOX_AUTHORIZATION_ERROR 0xA ///< Unauthorised command received over the Mailbox interface 388 #define SL_SE_TAMPER_SIGNAL_DCI_AUTHORIZATION_ERROR 0xB ///< Unauthorised command received over the DCI interface 389 #define SL_SE_TAMPER_SIGNAL_FLASH_INTEGRITY_ERROR 0xC ///< Flash content couldn't be properly authenticated 390 #define SL_SE_TAMPER_SIGNAL_RESERVED_4 0xD ///< Reserved tamper signal 391 #define SL_SE_TAMPER_SIGNAL_SELFTEST_FAILED 0xE ///< Integrity error of internal storage is detected 392 #define SL_SE_TAMPER_SIGNAL_TRNG_MONITOR 0xF ///< TRNG monitor detected lack of entropy 393 #define SL_SE_TAMPER_SIGNAL_SECURE_LOCK_ERROR 0x10 ///< Debug lock internal logic check failed 394 #define SL_SE_TAMPER_ATAMPDET_EMPGD 0x11 ///< Electromagnetic pulse glitch detector 395 #define SL_SE_TAMPER_ATAMPDET_SUPGD 0x12 ///< Supply glitch detector 396 #define SL_SE_TAMPER_SE_ICACHE_ERROR 0x13 ///< SE ICache RAM error 397 #define SL_SE_TAMPER_SIGNAL_SE_RAM_ECC_1 0x14 ///< SE RAM 1-bit ECC error 398 #define SL_SE_TAMPER_SIGNAL_BOD 0x15 ///< Brown-out-detector threshold alert 399 #define SL_SE_TAMPER_SIGNAL_TEMPERATURE_SENSOR 0x16 ///< On-device temperature sensor 400 #define SL_SE_TAMPER_SIGNAL_DPLL_LOCK_FAIL_LOW 0x17 ///< DPLL lock fail low 401 #define SL_SE_TAMPER_SIGNAL_DPLL_LOCK_FAIL_HIGH 0x18 ///< DPLL lock fail high 402 #define SL_SE_TAMPER_SIGNAL_PRS0 0x19 ///< PRS channel 0 asserted 403 #define SL_SE_TAMPER_SIGNAL_PRS1 0x1a ///< PRS channel 1 asserted 404 #define SL_SE_TAMPER_SIGNAL_PRS2 0x1b ///< PRS channel 2 asserted 405 #define SL_SE_TAMPER_SIGNAL_PRS3 0x1c ///< PRS channel 3 asserted 406 #define SL_SE_TAMPER_SIGNAL_PRS4 0x1d ///< PRS channel 4 asserted 407 #define SL_SE_TAMPER_SIGNAL_PRS5 0x1e ///< PRS channel 5 asserted 408 #define SL_SE_TAMPER_SIGNAL_PRS6 0x1f ///< PRS channel 6 asserted 409 #define SL_SE_TAMPER_SIGNAL_NUM_SIGNALS 0x20 ///< Number of tamper signals 410 411 #endif 412 413 // SE tamper filter timeout period. 414 #define SL_SE_TAMPER_FILTER_PERIOD_32MS 0x0 ///< Timeout ~32ms 415 #define SL_SE_TAMPER_FILTER_PERIOD_64MS 0x1 ///< Timeout ~64ms 416 #define SL_SE_TAMPER_FILTER_PERIOD_128MS 0x2 ///< Timeout ~128ms 417 #define SL_SE_TAMPER_FILTER_PERIOD_256MS 0x3 ///< Timeout ~256ms 418 #define SL_SE_TAMPER_FILTER_PERIOD_512MS 0x4 ///< Timeout ~512ms 419 #define SL_SE_TAMPER_FILTER_PERIOD_1S 0x5 ///< Timeout ~1s 420 #define SL_SE_TAMPER_FILTER_PERIOD_2S 0x6 ///< Timeout ~2s 421 #define SL_SE_TAMPER_FILTER_PERIOD_4S 0x7 ///< Timeout ~4.1s 422 #define SL_SE_TAMPER_FILTER_PERIOD_8S 0x8 ///< Timeout ~8.2s 423 #define SL_SE_TAMPER_FILTER_PERIOD_16S 0x9 ///< Timeout ~16.4s 424 #define SL_SE_TAMPER_FILTER_PERIOD_33S 0xA ///< Timeout ~32.8s 425 #define SL_SE_TAMPER_FILTER_PERIOD_1MIN 0xB ///< Timeout ~1.1min 426 #define SL_SE_TAMPER_FILTER_PERIOD_2MIN 0xC ///< Timeout ~2.2min 427 #define SL_SE_TAMPER_FILTER_PERIOD_4MIN 0xD ///< Timeout ~4.4min 428 #define SL_SE_TAMPER_FILTER_PERIOD_9MIN 0xE ///< Timeout ~8.7min 429 #define SL_SE_TAMPER_FILTER_PERIOD_18MIN 0xF ///< Timeout ~17.5min 430 #define SL_SE_TAMPER_FILTER_PERIOD_35MIN 0x10 ///< Timeout ~35min 431 #define SL_SE_TAMPER_FILTER_PERIOD_1H 0x11 ///< Timeout ~1.2h 432 #define SL_SE_TAMPER_FILTER_PERIOD_2H 0x12 ///< Timeout ~2.3h 433 #define SL_SE_TAMPER_FILTER_PERIOD_5H 0x13 ///< Timeout ~4.7h 434 #define SL_SE_TAMPER_FILTER_PERIOD_9H 0x14 ///< Timeout ~9.3h 435 #define SL_SE_TAMPER_FILTER_PERIOD_19H 0x15 ///< Timeout ~18.6h 436 #define SL_SE_TAMPER_FILTER_PERIOD_2DAYS 0x16 ///< Timeout ~1.6days 437 #define SL_SE_TAMPER_FILTER_PERIOD_3DAYS 0x17 ///< Timeout ~3.1days 438 #define SL_SE_TAMPER_FILTER_PERIOD_6DAYS 0x18 ///< Timeout ~6.2days 439 #define SL_SE_TAMPER_FILTER_PERIOD_12DAYS 0x19 ///< Timeout ~12.4days 440 #define SL_SE_TAMPER_FILTER_PERIOD_25DAYS 0x1A ///< Timeout ~24.9days 441 #define SL_SE_TAMPER_FILTER_PERIOD_50DAYS 0x1B ///< Timeout ~49.7days 442 #define SL_SE_TAMPER_FILTER_PERIOD_100DAYS 0x1C ///< Timeout ~99.4days 443 #define SL_SE_TAMPER_FILTER_PERIOD_199DAYS 0x1D ///< Timeout ~198.8days 444 #define SL_SE_TAMPER_FILTER_PERIOD_398DAYS 0x1E ///< Timeout ~397.7days 445 #define SL_SE_TAMPER_FILTER_PERIOD_795DAYS 0x1F ///< Timeout ~795.4days 446 447 // Number of tamper counts to trigger the filter signal. 448 #define SL_SE_TAMPER_FILTER_THRESHOLD_2 0x7 ///< Counter threshold 2 449 #define SL_SE_TAMPER_FILTER_THRESHOLD_4 0x6 ///< Counter threshold 4 450 #define SL_SE_TAMPER_FILTER_THRESHOLD_8 0x5 ///< Counter threshold 8 451 #define SL_SE_TAMPER_FILTER_THRESHOLD_16 0x4 ///< Counter threshold 16 452 #define SL_SE_TAMPER_FILTER_THRESHOLD_32 0x3 ///< Counter threshold 32 453 #define SL_SE_TAMPER_FILTER_THRESHOLD_64 0x2 ///< Counter threshold 64 454 #define SL_SE_TAMPER_FILTER_THRESHOLD_128 0x1 ///< Counter threshold 128 455 #define SL_SE_TAMPER_FILTER_THRESHOLD_256 0x0 ///< Counter threshold 256 456 457 /// Tamper flags. 458 #define SL_SE_TAMPER_FLAG_DGLITCH_ALWAYS_ON (1UL << 1) /// Digital glitch detector always on 459 #define SL_SE_TAMPER_FLAG_KEEP_TAMPER_ALIVE_DURING_SLEEP (1UL << 2) /// Tamper is kept alive during sleep (down to EM3) 460 461 /// @} (end addtogroup sl_se_manager_util_tamper) 462 463 /// @} (end addtogroup sl_se_manager_util) 464 465 /// @addtogroup sl_se_manager_cipher 466 /// @{ 467 468 /// Initial values for CMAC streaming context struct @ref sl_se_cmac_streaming_context_t 469 #define SL_SE_CMAC_STREAMING_INIT_DEFAULT { NULL, { 0 }, { 0 }, 0 } 470 471 /// Initial values for AES-GCM streaming context struct @ref sl_se_gcm_streaming_context_t 472 #define SL_SE_GCM_STREAMING_INIT_DEFAULT { NULL, 0, 0, { 0 }, { 0 }, \ 473 { 0 }, 0, 0 } 474 475 /// Block size for the AES 476 #define SL_SE_AES_BLOCK_SIZE (16u) 477 478 /// @} (end addtogroup sl_se_manager_cipher) 479 480 /// @addtogroup sl_se_manager_hash 481 /// @{ 482 #define SL_SE_HASH_STREAMING_INIT_DEFAULT { NULL, 0, 0, NULL } ///< Default streaming hash context 483 #define SL_SE_SHA1_STREAMING_INIT_DEFAULT { { 0 }, { 0 }, { 0 } } ///< SHA1 streaming hash context 484 #define SL_SE_SHA224_STREAMING_INIT_DEFAULT { { 0 }, { 0 }, { 0 } } ///< SHA224 streaming hash context 485 #define SL_SE_SHA256_STREAMING_INIT_DEFAULT { { 0 }, { 0 }, { 0 } } ///< SHA256 streaming hash context 486 #define SL_SE_SHA384_STREAMING_INIT_DEFAULT { { 0 }, { 0 }, { 0 } } ///< SHA384 streaming hash context 487 #define SL_SE_SHA512_STREAMING_INIT_DEFAULT { { 0 }, { 0 }, { 0 } } ///< SHA512 streaming hash context 488 /// @} (end addtogroup sl_se_manager_hash) 489 490 #elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) // defined(SLI_MAILBOX_COMMAND_SUPPORTED) 491 // ------------------------------- 492 // Defines for Root code functionality 493 494 #define SL_SE_ROOT_CONFIG_MCU_SETTINGS_SHIFT 16U 495 496 #endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) 497 498 #if defined(_SILICON_LABS_32B_SERIES_3) 499 /// @addtogroup sl_se_manager_extmem 500 /// @{ 501 502 // The maximum number of code regions available on the device. 503 // The number of available code regions may be different on future devices. 504 #define SL_SE_MAX_CODE_REGIONS 8 505 506 /// @} (end addtogroup sl_se_manager_extmem) 507 508 #endif // defined(_SILICON_LABS_32B_SERIES_3) 509 510 #ifdef __cplusplus 511 } 512 #endif 513 514 /// @} (end addtogroup sl_se) 515 516 #endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) 517 518 #endif // SE_MANAGER_DEFINES_H 519
