1 /*
2  * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef _BOOT_IMAGES_VERIFIER_API_H
8 #define _BOOT_IMAGES_VERIFIER_API_H
9 
10 
11 #ifdef __cplusplus
12 extern "C"
13 {
14 #endif
15 
16 
17 /*! @file
18 @brief This file contains the set of Secure Boot APIs.
19 */
20 
21 #include "secureboot_defs.h"
22 #include "secureboot_gen_defs.h"
23 
24 
25 /*----------------------------
26       PUBLIC FUNCTIONS
27 -----------------------------------*/
28 
29 /*!
30 @brief This function initializes the Secure Boot certificate chain processing, and must be the first API called when processing Secure Boot certificate chain. It initializes the internal data fields of the certificate package.
31 
32 @return CC_OK on success.
33 @return A non-zero value from sbrom_bsv_error.h on failure.
34 */
35 CCError_t CC_SbCertChainVerificationInit(
36     CCSbCertInfo_t *certPkgInfo     /*!< [in/out] Pointer to the information about the certificate package */
37     );
38 
39 /*!
40 @brief This function verifies a single certificate package (containing either a key or content certificate). It verifies the following:
41     <ul><li> The public key (as saved in the certificate) against its Hash that is either found in the OTP memory (HBK) or in certPkgInfo.</li>
42     <li> The certificate's RSA signature.</li>
43     <li> The SW version in the certificate must be higher than or equal to the minimum SW version, as recorded on the device and passed in certPkgInfo.</li>
44     <li> Each SW module against its Hash in the certificate (for content certificates).</li></ul>
45 
46 @return CC_OK   On success.
47 @return A non-zero value from bsv_error.h on failure.
48 */
49 CCError_t CC_SbCertVerifySingle(
50     CCSbFlashReadFunc flashReadFunc,    /*!< [in] Pointer to the flash read function. */
51     void *userContext,          /*!< [in] An additional pointer for flashRead usage. May be NULL. */
52     unsigned long hwBaseAddress,        /*!< [in] CryptoCell HW registers' base address. */
53     CCAddr_t certStoreAddress,      /*!< [in] Flash address where the certificate is located. This address is provided to flashReadFunc. */
54     CCSbCertInfo_t *certPkgInfo,        /*!< [in/out] Pointer to the information about the certificate package. */
55     uint32_t  *pHeader,                 /*!< [in/out] Pointer to a buffer used for extracting the X509 TBS Headers. Must be NULL for proprietary certificates. */
56     uint32_t  headerSize,           /*!< [in] The size of pHeader in bytes. Must be 0 for proprietary certificates. */
57     uint32_t *pWorkspace,           /*!< [in] Buffer for the function's internal use. */
58     uint32_t workspaceSize          /*!< [in] The size of the workspace in bytes. Must be at least CC_SB_MIN_WORKSPACE_SIZE_IN_BYTES. */
59     );
60 
61 #ifdef __cplusplus
62 }
63 #endif
64 
65 #endif
66 
67 
68