1 /*
2  *  Copyright (c) 2019-2020, Arm Limited. All rights reserved.
3  *
4  *  SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #ifndef __SECURITY_CNT_H__
8 #define __SECURITY_CNT_H__
9 
10 /**
11  * @file security_cnt.h
12  *
13  * @note The interface must be implemented in a fail-safe way that is
14  *       resistant to asynchronous power failures or it can use hardware
15  *       counters that have this capability, if supported by the platform.
16  *       When a counter incrementation was interrupted it must be able to
17  *       continue the incrementation process or recover the previous consistent
18  *       status of the counters. If the counters have reached a stable status
19  *       (every counter incrementation operation has finished), from that point
20  *       their value cannot decrease due to any kind of power failure.
21  *
22  * @note A security counter might be implemented using non-volatile OTP memory
23  *       (i.e. fuses) in which case it is the responsibility of the platform
24  *       code to map each possible security counter values onto the fuse bits
25  *       as the direct usage of counter values can be costly / impractical.
26  */
27 
28 #include <stdint.h>
29 #include "bootutil/fault_injection_hardening.h"
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 /**
36  * Initialises the security counters.
37  *
38  * @return                  FIH_SUCCESS on success
39  */
40 fih_ret boot_nv_security_counter_init(void);
41 
42 /**
43  * Reads the stored value of a given image's security counter.
44  *
45  * @param image_id          Index of the image (from 0).
46  * @param security_cnt      Pointer to store the security counter value.
47  *
48  * @return                  FIH_SUCCESS on success
49  */
50 fih_ret boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt);
51 
52 /**
53  * Updates the stored value of a given image's security counter with a new
54  * security counter value if the new one is greater.
55  *
56  * @param image_id          Index of the image (from 0).
57  * @param img_security_cnt  New security counter value. The new value must be
58  *                          between 0 and UINT32_MAX and it must be greater than
59  *                          or equal to the current security counter value.
60  *
61  * @return                  0 on success; nonzero on failure.
62  */
63 int32_t boot_nv_security_counter_update(uint32_t image_id,
64                                         uint32_t img_security_cnt);
65 
66 #ifdef __cplusplus
67 }
68 #endif
69 
70 #endif /* __SECURITY_CNT_H__ */
71