1 /*
2  * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 
8 
9 #ifndef _SECURE_BOOT_BASE_SWIMGVERIFY_H
10 #define _SECURE_BOOT_BASE_SWIMGVERIFY_H
11 
12 
13 #ifdef __cplusplus
14 extern "C"
15 {
16 #endif
17 
18 
19 #include "secureboot_defs.h"
20 #include "secureboot_stage_defs.h"
21 
22 /*----------------------------
23       PUBLIC FUNCTIONS
24 -----------------------------------*/
25 
26 /**
27  * @brief This function load the SW component to RAM, calculates HASH on it and compares the
28  *        result with the given HASH (taken from the certificate).
29  *        This function calculates the HASH simultaneously to reading data from the Flash.
30  *
31  *
32  * @param[in] preHashflashRead_func - User's Flash read function used to read data from the flash to memory location.
33  *        this is the first function used (before the hash)
34  * @param[in] preHashUserContext - User's context for the usage of preHashflashRead_func
35  * @param[in] hwBaseAddress - base address for the ARM TrustZone CryptoCell HW engines
36  * @param[in] isLoadFromFlash - should image be copied from flash with user callback
37  * @param[in] isVerifyImage - should image be verified with hash (and Aes if needed)
38  * @param[in] cryptoMode - crypto mode type: 0 = AES to Hash; 1 = AES and Hash
39  * @param[in] keyType - code encryption type definition
40  * @param[in] AESIv - AES IV buffer
41  * @param[in] pSwRecSignedData - a pointer to the s/w record signed data: hash, load address, max image size, code encode flag
42  * @param[in] pSwRecNoneSignedData - a pointer to the s/w record non-signed data: storage address, actual image size
43  * @param[in] workspace_ptr - temporary buffer to load the SW components to (SW components without
44  *            loading address).
45  * @param[in] workspaceSize - the temporary buffer size in bytes, minimal allowed size is
46  *            CC_DOUBLE_BUFFER_MAX_SIZE_IN_BYTES
47  *
48  * @return CCError_t - On success the value CC_OK is returned,
49  *         on failure - a value from BootImagesVerifier_error.h
50  */
51 
52 CCError_t CCSbImageLoadAndVerify(CCSbFlashReadFunc preHashflashRead_func,
53                        void *preHashUserContext,
54                        unsigned long hwBaseAddress,
55                        uint8_t isLoadFromFlash,
56                        uint8_t isVerifyImage,
57                        bsvCryptoMode_t cryptoMode,
58                        CCBsvKeyType_t  keyType,
59                        AES_Iv_t AESIv,
60                        uint8_t *pSwRecSignedData,
61                        uint32_t *pSwRecNoneSignedData,
62                        uint32_t *workspace_ptr,
63                        uint32_t workspaceSize);
64 
65 /*!
66  * @brief verify NV counter extension against OTP
67  *
68  * @param[in] hwBaseAddress - hw registers base address
69  * @param[in] pCertNvCounter    - NV counter fields read from certificate
70  * @param[in] certPkgInfo   - certPkgInfo - certificate data structure
71  *
72  * @return uint32_t         - On success: the value CC_OK is returned,
73  *                    On failure: a value from bsv_error.h
74  */
75 CCError_t CCSbVerifyNvCounter(unsigned long hwBaseAddress, uint32_t swVersion, CCSbCertInfo_t *certPkgInfo);
76 
77 /*!
78  * @brief Set NV counter to the OTP (if needed)
79  *
80  * @param[in] hwBaseAddress - hw registers base address
81  * @param[in] certPkgInfo   - certificate data structure
82  *
83  * @return uint32_t         - On success: the value CC_OK is returned,
84  *                    On failure: a value from bsv_error.h
85  */
86 CCError_t CCSbSetNvCounter(unsigned long hwBaseAddress, CCSbCertInfo_t *certPkgInfo);
87 
88 
89 #ifdef __cplusplus
90 }
91 #endif
92 
93 #endif
94 
95 
96