1 /* 2 * Copyright 2024 NXP 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef NBOOT_API_H_ 8 #define NBOOT_API_H_ 9 10 #include <stdlib.h> 11 #include <stdint.h> 12 #include "fsl_common.h" 13 14 /******************************************************************************* 15 * Definitions 16 *******************************************************************************/ 17 #define NBOOT_ROOT_CERT_COUNT (4u) 18 #define NXPCLSB3_DIGEST_LENGTH_SHA256 (32u) 19 #define NXPCLSB3_DIGEST_LENGTH_SHA384 (48u) 20 #define NXPCLSB3_MAX_DIGEST_LENGTH (48u) 21 #define NBOOT_CONTEXT_RUNTIME_FINGERPRINT_BYTELEN (32u) 22 #define NBOOT_CONTEXT_CRYPTOLIB_MULTIPART_CMAC_CONTEXT_BYTELEN (256u) 23 #define NBOOT_CONTEXT_GDET_CONF_BUFFER_BYTELEN (16u) 24 #define NBOOT_CONTEXT_CRYPTOLIB_MULTIPART_DRBG_CONTEXT_BYTELEN (544u) 25 #define NBOOT_GET_WORDLEN_FROM_BYTELEN(bytelen) ((bytelen + 3) / sizeof(uint32_t)) 26 #define NBOOT_KEYINFO_WORDLEN (23u) 27 #define NXPCLHASH_WA_SIZE_MAX (128u + 64u) 28 #define NBOOT_CONTEXT_BYTELEN (192u + NXPCLHASH_WA_SIZE_MAX) 29 #define NBOOT_CONTEXT_WORDLEN (NBOOT_CONTEXT_BYTELEN / sizeof(uint32_t)) 30 #define NXPCLCSS_HASH_RTF_OUTPUT_SIZE ((size_t)32U) ///< Size of RTF appendix to hash output buffer, in bytes 31 32 #define NBOOT_EC_COORDINATE_256_SIZE_IN_BYTES (32u) 33 #define NBOOT_EC_COORDINATE_384_SIZE_IN_BYTES (48u) 34 #define NBOOT_EC_COORDINATE_521_SIZE_IN_BYTES (66u) 35 36 #define NBOOT_EC_COORDINATE_MAX_SIZE NBOOT_EC_COORDINATE_384_SIZE_IN_BYTES 37 #define NBOOT_EC_MIN_SIGNATURE_SIZE_IN_BYTES (2u * NBOOT_EC_COORDINATE_256_SIZE_IN_BYTES) 38 39 #define NBOOT_ROOT_OF_TRUST_HASH_SIZE_IN_BYTES (48u) 40 41 /* SB3.1 */ 42 #define NBOOT_SB3_MANIFEST_MAX_LENGTH_IN_BYTES \ 43 ((712u) + NBOOT_ISK_USER_DATA_MAX_SIZE_IN_BYTES) /* 712 + user data size */ 44 #define NBOOT_SB3_MANIFEST_MIN_LENGTH_IN_BYTES \ 45 (236u) /* sb3.1 header (60) + sha256 hash (32) + min cert block (80) + secp256 signature (64) */ 46 #define NBOOT_SB3_CHUNK_SIZE_IN_BYTES (256u) 47 #define NBOOT_SB3_BLOCK_HASH256_SIZE_IN_BYTES (32u) 48 #define NBOOT_SB3_BLOCK_HASH384_SIZE_IN_BYTES (48u) 49 50 /*! 51 * @brief NBOOT type for a timestamp 52 * 53 * This type defines the NBOOT timestamp 54 * 55 */ 56 typedef uint32_t nboot_timestamp_t[2]; 57 58 /*! 59 * @brief NBOOT SB3.1 header type 60 * 61 * This type defines the header used in the SB3.1 manifest 62 * 63 */ 64 typedef struct _nboot_sb3_header 65 { 66 uint32_t magic; /*!< offset 0x00: Fixed 4-byte string of 'sbv3' without the trailing NULL */ 67 uint32_t formatVersion; /*!< offset 0x04: (major = 3, minor = 1); The format version determines the manifest 68 (block0) size. */ 69 uint32_t flags; /*!< offset 0x08: not defined yet, keep zero for future compatibility */ 70 uint32_t blockCount; /*!< offset 0x0C: Number of blocks not including the manifest (block0). */ 71 uint32_t 72 blockSize; /*!< offset 0x10: Size in bytes of data block (repeated blockCount times for SB3 data stream). */ 73 nboot_timestamp_t timeStamp; /*!< offset 0x14: 64-bit value used as key derivation data. */ 74 uint32_t firmwareVersion; /*!< offset 0x1c: Version number of the included firmware */ 75 uint32_t imageTotalLength; /*!< offset 0x20: Total manifest length in bytes, including signatures etc. */ 76 uint32_t imageType; /*!< offset 0x24: image type and flags */ 77 uint32_t certificateBlockOffset; /*!< offset 0x28: Offset from start of header block to the certificate block. */ 78 uint8_t description[16]; /*!< offset 0x32: This field provides description of the file. It is an arbitrary 79 string injected by the signing tool, which helps to identify the file. */ 80 } nboot_sb3_header_t; 81 82 #define NBOOT_SB3_MANIFEST_MAX_SIZE_IN_BYTES \ 83 (sizeof(nboot_sb3_header_t) + NBOOT_SB3_BLOCK_HASH384_SIZE_IN_BYTES + sizeof(nboot_certificate_block_t) + \ 84 NBOOT_EC_COORDINATE_MAX_SIZE * 2) 85 #define NBOOT_SB3_BLOCK_MAX_SIZE_IN_BYTES \ 86 (4 /* blockNumber */ + NBOOT_SB3_BLOCK_HASH384_SIZE_IN_BYTES + NBOOT_SB3_CHUNK_SIZE_IN_BYTES) 87 88 /*! @brief The size of the blob with Key Blob. */ 89 #define NBOOT_KEY_BLOB_SIZE_IN_BYTE_256 (32U) 90 #define NBOOT_KEY_BLOB_SIZE_IN_BYTE_384 (48U) 91 #define NBOOT_KEY_BLOB_SIZE_IN_BYTE_MAX (NBOOT_KEY_BLOB_SIZE_IN_BYTE_384) 92 93 #define SB3_DATA_BUFFER_SIZE_IN_BYTE (MAX(128, NBOOT_KEY_BLOB_SIZE_IN_BYTE_MAX)) 94 95 /*! 96 * @brief Boolean type for the NBOOT functions 97 * 98 * This type defines boolean values used by NBOOT functions that are not easily disturbed by Fault Attacks 99 * 100 */ 101 typedef enum _nboot_bool 102 { 103 kNBOOT_TRUE = 0x3C5AC33Cu, /*!< Value for TRUE. */ 104 kNBOOT_TRUE256 = 0x3C5AC35Au, /*!< Value for TRUE when P256 was used to sign the image. */ 105 kNBOOT_TRUE384 = 0x3C5AC3A5u, /*!< Value for TRUE when P384 was used to sign the image. */ 106 kNBOOT_FALSE = 0x5AA55AA5u, /*!< Value for FALSE. */ 107 kNBOOT_OperationAllowed = 0x3c5a33ccU, 108 kNBOOT_OperationDisallowed = 0x5aa5cc33U, 109 } nboot_bool_t; 110 111 /*! @brief Data structure holding secure counter value used by nboot library */ 112 typedef struct _nboot_secure_counter 113 { 114 uint32_t sc; 115 uint32_t scAp; 116 } nboot_secure_counter_t; 117 118 /** Type for nboot protected status codes */ 119 /** Lower 32-bits holds status value eg. kStatus_NBOOT_Success, upper 32-bits are flow protection value */ 120 typedef uint64_t nboot_status_protected_t; 121 /** Type for nboot status codes */ 122 typedef uint32_t nboot_status_t; 123 124 /** 125 * \defgroup nbootStatusValues This type defines status return values used by NBOOT functions that are not easily 126 * disturbed by Fault Attacks 127 * @{ 128 */ 129 #define kStatus_NBOOT_Success ((nboot_status_t)0x5A5A5A5Au) /*!< Operation completed successfully. */ 130 #define kStatus_NBOOT_Fail ((nboot_status_t)0x5A5AA5A5u) /*!< Operation failed. */ 131 #define kStatus_NBOOT_InvalidArgument ((nboot_status_t)0x5A5AA5F0u) /*!< Invalid argument passed to the function. */ 132 #define kStatus_NBOOT_RequestTimeout ((nboot_status_t)0x5A5AA5E1u) /*!< Operation timed out. */ 133 #define kStatus_NBOOT_KeyNotLoaded ((nboot_status_t)0x5A5AA5E2u) /*!< The requested key is not loaded. */ 134 #define kStatus_NBOOT_AuthFail ((nboot_status_t)0x5A5AA5E4u) /*!< Authentication failed. */ 135 #define kStatus_NBOOT_OperationNotAvaialable ((nboot_status_t)0x5A5AA5E5u) /*!< Operation not available on this HW. */ 136 #define kStatus_NBOOT_KeyNotAvailable ((nboot_status_t)0x5A5AA5E6u) /*!< Key is not avaialble. */ 137 #define kStatus_NBOOT_IvCounterOverflow ((nboot_status_t)0x5A5AA5E7u) /*!< Overflow of IV counter (PRINCE/IPED). */ 138 #define kStatus_NBOOT_SelftestFail ((nboot_status_t)0x5A5AA5E8u) /*!< FIPS self-test failure. */ 139 #define kStatus_NBOOT_InvalidDataFormat ((nboot_status_t)0x5A5AA5E9u) /*!< Invalid data format for example antipole */ 140 #define kStatus_NBOOT_IskCertUserDataTooBig \ 141 ((nboot_status_t)0x5A5AA5EAu) /*!< Size of User data in ISK certificate is greater than 96 bytes */ 142 #define kStatus_NBOOT_IskCertSignatureOffsetTooSmall \ 143 ((nboot_status_t)0x5A5AA5EBu) /*!< Signature offset in ISK certificate is smaller than expected */ 144 #define kStatus_NBOOT_MemcpyFail ((nboot_status_t)0x5A5A845A) /*!< Unexpected error detected during nboot_memcpy() */ 145 146 /**@}*/ 147 148 typedef uint32_t nboot_root_key_revocation_t; 149 typedef uint32_t nboot_root_key_usage_t; 150 typedef uint32_t nboot_root_key_type_and_length_t; 151 152 /*! @brief Enumeration for SoC Lifecycle. */ 153 #define nboot_lc_nxpBlank (0xFFFF0000u) 154 #define nboot_lc_nxpFab (0xFFFE0001u) 155 #define nboot_lc_nxpDev (0xFF0300FCu) 156 #define nboot_lc_nxpProvisioned (0xFFFC0003u) 157 #define nboot_lc_oemOpen (0xFFFC0003u) 158 #define nboot_lc_oemSecureWorld (0xFFF80007u) 159 #define nboot_lc_oemClosed (0xFFF0000Fu) 160 #define nboot_lc_oemLocked (0xFF3000CFu) 161 #define nboot_lc_oemFieldReturn (0xFFE0001Fu) 162 #define nboot_lc_nxpFieldReturn (0xFF80007Fu) 163 #define nboot_lc_shredded (0xFF0000FFu) 164 typedef uint32_t nboot_soc_lifecycle_t; 165 166 typedef struct _nboot_rot_auth_parms 167 { 168 /* trusted information originated from CFPA */ 169 nboot_root_key_revocation_t soc_rootKeyRevocation[NBOOT_ROOT_CERT_COUNT]; /*!< Provided by caller based on NVM 170 information in CFPA: ROTKH_REVOKE */ 171 uint32_t soc_imageKeyRevocation; /*!< Provided by caller based on NVM information in CFPA: IMAGE_KEY_REVOKE */ 172 173 /* trusted information originated from CMPA */ 174 uint32_t soc_rkh[12]; /*!< Provided by caller based on NVM information in CMPA: ROTKH (hash of hashes) */ 175 /*!< In case of kNBOOT_RootKey_Ecdsa_P384, sock_rkh[0..11] are used */ 176 /*!< In case of kNBOOT_RootKey_Ecdsa_P256, sock_rkh[0..7] are used */ 177 178 uint32_t soc_numberOfRootKeys; /* unsigned int, between minimum = 1 and maximum = 4; */ 179 nboot_root_key_usage_t soc_rootKeyUsage[NBOOT_ROOT_CERT_COUNT]; /* CMPA */ 180 nboot_root_key_type_and_length_t 181 soc_rootKeyTypeAndLength; /* static selection between ECDSA P-256 or ECDSA P-384 based root keys */ 182 183 /* trusted information originated from OTP fuses */ 184 nboot_soc_lifecycle_t soc_lifecycle; 185 } nboot_rot_auth_parms_t; 186 187 typedef struct _nboot_sb3_load_manifest_parms 188 { 189 nboot_rot_auth_parms_t soc_RoTNVM; /*! trusted information originated from CFPA and NMPA */ 190 uint32_t soc_trustedFirmwareVersion; /*!< Provided by caller based on NVM information in CFPA: Secure_FW_Version */ 191 uint8_t pckBlob[48]; 192 } nboot_sb3_load_manifest_parms_t; 193 194 typedef struct _nboot_img_auth_ecdsa_parms 195 { 196 /* trusted information originated from CFPA and NMPA */ 197 nboot_rot_auth_parms_t soc_RoTNVM; 198 199 uint32_t soc_trustedFirmwareVersion; /*!< Provided by caller based on NVM information in CFPA: Secure_FW_Version */ 200 } nboot_img_auth_ecdsa_parms_t; 201 202 typedef struct _nboot_cmac_authenticate_parms 203 { 204 uint32_t expectedMAC[4]; /*!< expected MAC result */ 205 } nboot_img_authenticate_cmac_parms_t; 206 207 typedef struct nboot_sb3_context_t 208 { 209 uint8_t kblk; /*! reference into the nboot key table for used kblk */ 210 uint32_t expectedHashLen; /*! Length of expected hash of next block */ 211 uint8_t expectedHash[NXPCLSB3_MAX_DIGEST_LENGTH]; /*! Expected hash of next block */ 212 } nboot_sb3_context_t; 213 214 /*! 215 * @brief NBOOT context type 216 * 217 * This type defines the NBOOT context 218 * 219 */ 220 typedef struct _nboot_context 221 { 222 uint32_t totalBlocks; /*!< holds number of SB3 blocks. Initialized by nboot_sb3_load_header(). */ 223 uint32_t processData; /*!< flag, initialized by nboot_sb3_load_header(). 224 SB3 related flag set by NBOOT in case the nboot_sb3_load_block() 225 provides plain data to output buffer (for processing by ROM SB3 loader */ 226 uint32_t timeout; /*!< timeout value for css operation. In case it is 0, infinite wait is performed */ 227 uint32_t keyinfo[NBOOT_KEYINFO_WORDLEN]; /*!< data for NBOOT key management. */ 228 nboot_sb3_context_t 229 sb3; /*!< state for stateful SB3 APIs, shared between nboot_sb3_load_manifest and nboot_sb3_load_block */ 230 uint32_t uuid[4]; /*!< holds UUID value from NMPA */ 231 uint32_t prngReadyFlag; /*!< flag, used by nboot_rng_generate_lq_random() to determine whether CSS is ready to 232 generate rnd number */ 233 uint32_t oemShareValidFlag; /*!< flag, used during TP to determine whether valid oemShare was set by 234 nboot_tp_isp_gen_oem_master_share() */ 235 uint32_t oemShare[8]; /*!< buffer to store OEM_SHARE computed by nxpCLTrustProv_nboot_isp_gen_oem_master_share() 236 Only first 128-bits are actually used, but since CSS always uses 256-bit key shares, 237 remaining data must be zero filled. Pointer to this buffer is used as input to CSS during 238 KEYPROV */ 239 nboot_secure_counter_t secureCounter; /*!< Secure counter used by nboot */ 240 uint32_t rtf[NBOOT_GET_WORDLEN_FROM_BYTELEN(NBOOT_CONTEXT_RUNTIME_FINGERPRINT_BYTELEN)]; 241 uint32_t imageHash[48 / sizeof(uint32_t)]; 242 uint32_t authStatus; 243 uint32_t disableProvisioningFirmwareNXP; 244 uint32_t cryptolib_multipartCmacContext[NBOOT_GET_WORDLEN_FROM_BYTELEN( 245 NBOOT_CONTEXT_CRYPTOLIB_MULTIPART_CMAC_CONTEXT_BYTELEN)]; 246 } nboot_context_t; 247 248 /*! 249 * @brief NBOOT type for an ECC coordinate 250 * 251 * This type defines the NBOOT ECC coordinate type 252 * 253 */ 254 typedef uint8_t 255 nboot_ecc_coordinate_t[NBOOT_EC_COORDINATE_MAX_SIZE]; /*!ECC point coordinate, up to 384-bits. big endian. */ 256 257 /*! 258 * @brief NBOOT type for an ECC signature 259 * 260 * This type defines the NBOOT ECC signature type 261 * 262 */ 263 typedef struct 264 { 265 nboot_ecc_coordinate_t r; /*! r portion of the ECDSA signature, up to 384-bits. big endian. */ 266 nboot_ecc_coordinate_t s; /*! s portion of the ECDSA signature, up to 384-bits. big endian. */ 267 } nboot_ecdsa_signature_t; 268 269 /*! 270 * @brief NBOOT type for an ECC point 271 * 272 * This type defines the NBOOT ECC point type 273 * 274 */ 275 typedef struct 276 { 277 nboot_ecc_coordinate_t x; /*! x portion of the ECDSA public key, up to 384-bits. big endian. */ 278 nboot_ecc_coordinate_t y; /*! y portion of the ECDSA public key, up to 384-bits. big endian. */ 279 } nboot_ecdsa_public_key_t; 280 281 typedef uint8_t nboot_ctrk_hash_t[NBOOT_ROOT_OF_TRUST_HASH_SIZE_IN_BYTES]; 282 283 /*! 284 * @brief NBOOT type for the hash table 285 * 286 * This type defines the NBOOT hash table 287 * 288 */ 289 typedef struct _nboot_ctrk_hash_table 290 { 291 nboot_ctrk_hash_t ctrkHashTable[NBOOT_ROOT_CERT_COUNT]; 292 } nboot_ctrk_hash_table_t; 293 294 /*! 295 * @brief NBOOT type for the isk block 296 * 297 * This type defines the constant length part of an NBOOT isk block 298 * 299 */ 300 typedef struct 301 { 302 uint32_t signatureOffset; /*! Offset of signature in ISK block. */ 303 uint32_t constraints; /*! Version number of signing certificate. */ 304 uint32_t iskFlags; /*! Reserved for definiton of ISK certificate flags. */ 305 nboot_ecdsa_public_key_t 306 iskPubKey; /*! Public key of signing certificate. Variable length; only used to determine start address*/ 307 nboot_ecdsa_public_key_t userData; /*! Space for at lest one addition public key*/ 308 nboot_ecdsa_signature_t iskSign; /*! ISK signature*/ 309 } nboot_isk_block_t; 310 311 /*! 312 * @brief NBOOT type for the root certificate block 313 * 314 * This type defines the NBOOT root certificate block, it is part of the nboot_certificate_block_t 315 * 316 */ 317 typedef struct _nboot_root_certificate_block 318 { 319 uint32_t flags; //!< root certificate flags 320 nboot_ctrk_hash_table_t ctrkHashTable; //!< hash table 321 nboot_ecdsa_public_key_t rootPublicKey; //!< root public key 322 } nboot_root_certificate_block_t; 323 324 /*! 325 * @brief NBOOT type for the header of the certificate block 326 * 327 * This type defines the NBOOT header of the certificate block, it is part of the nboot_certificate_block_t 328 * 329 */ 330 typedef struct _nboot_certificate_header_block 331 { 332 uint32_t magic; //!< magic number. 333 uint32_t formatMajorMinorVersion; //!< format major minor version 334 uint32_t certBlockSize; //!< Size of the full certificate block 335 } nboot_certificate_header_block_t; 336 337 /*! 338 * @brief NBOOT type for the certificate block 339 * 340 * This type defines the constant length part of an NBOOT certificate block 341 * 342 */ 343 typedef struct _nboot_certificate_block 344 { 345 nboot_certificate_header_block_t header; 346 nboot_root_certificate_block_t rootCertBlock; /*! Details of selected root certificate (root certificate which will 347 be used for ISK signing/SB3 header signing) */ 348 nboot_isk_block_t iskBlock; 349 } nboot_certificate_block_t; 350 351 typedef struct 352 { 353 nboot_status_t (*nboot_context_init)(nboot_context_t *context); 354 nboot_status_t (*nboot_context_deinit)(nboot_context_t *context); 355 nboot_status_protected_t (*nboot_sb3_load_manifest)(nboot_context_t *context, 356 uint32_t *manifest, 357 nboot_sb3_load_manifest_parms_t *parms); 358 nboot_status_protected_t (*nboot_sb3_load_block)(nboot_context_t *context, uint32_t *block); 359 nboot_status_protected_t (*nboot_sb3_check_authenticity_and_completeness)(nboot_context_t *context, 360 uint32_t *address, 361 nboot_sb3_load_manifest_parms_t *parms); 362 nboot_status_protected_t (*nboot_img_authenticate_ecdsa)(nboot_context_t *context, 363 uint8_t imageStartAddress[], 364 nboot_bool_t *isSignatureVerified, 365 nboot_img_auth_ecdsa_parms_t *parms); 366 nboot_status_protected_t (*nboot_img_authenticate_cmac)(nboot_context_t *context, 367 uint8_t imageStartAddress[], 368 nboot_bool_t *isSignatureVerified, 369 nboot_img_authenticate_cmac_parms_t *parms); 370 } nboot_interface_t; 371 372 /******************************************************************************* 373 * API 374 ******************************************************************************/ 375 376 #if defined(__cplusplus) 377 extern "C" { 378 #endif 379 380 /*! 381 * @brief The function is used for initializing of the nboot context data structure. 382 * It should be called prior to any other calls of nboot API. 383 * 384 * @param nbootCtx Pointer to nboot_context_t structure. 385 * 386 * @retval #kStatus_NBOOT_Success Operation successfully finished 387 * @retval #kStatus_NBOOT_Fail Error occured during operation 388 */ 389 nboot_status_t NBOOT_ContextInit(nboot_context_t *context); 390 391 /*! 392 * @brief The function is used to deinitialize nboot context data structure. 393 * Its contents are overwritten with random data so that any sensitive data does not remain in memory. 394 * 395 * @param context Pointer to nboot_context_t structure. 396 397 * @retval #kStatus_NBOOT_Success Operation successfully finished 398 * @retval #kStatus_NBOOT_Fail Error occured during operation 399 */ 400 nboot_status_t NBOOT_ContextDeinit(nboot_context_t *context); 401 402 /*! 403 * @brief Verify NBOOT SB3.1 manifest (header message) 404 * 405 * This function verifies the NBOOT SB3.1 manifest (header message), initializes 406 * the context and loads keys into the CSS key store so that they can be used by nboot_sb3_load_block 407 * function. The NBOOT context has to be initialized by the function nboot_context_init before calling 408 * this function. Please note that this API is intended to be used only by users who needs to split 409 * FW update process (loading of SB3.1 file) to partial steps to customize whole operation. 410 * For regular SB3.1 processing, please use API described in chapter KB APIs. 411 * 412 * @param nbootCtx Pointer to nboot_context_t structure. 413 * @param manifest Pointer to the input manifest buffer 414 * @param params additional input parameters. Please refer to nboot_sb3_load_manifest_parms_t definition for details. 415 * 416 * @retval #kStatus_NBOOT_Success Operation successfully finished 417 * @retval #kStatus_NBOOT_Fail Error occured during operation 418 */ 419 nboot_status_protected_t NBOOT_Sb3LoadManifest(nboot_context_t *context, 420 uint32_t *manifest, 421 nboot_sb3_load_manifest_parms_t *parms); 422 423 /*! 424 * @brief Verify NBOOT SB3.1 block 425 * 426 * This function verifies and decrypts an NBOOT SB3.1 block. Decryption is performed in-place. 427 * The NBOOT context has to be initialized by the function nboot_context_init before calling this function. 428 * Please note that this API is intended to be used only by users who needs to split FW update process 429 * (loading of SB3.1 file) to partial steps to customize whole operation. For regular SB3.1 processing, 430 * please use API described in KB APIs. 431 * 432 * @param context Pointer to nboot_context_t structure. 433 * @param block Pointer to the input SB3.1 data block 434 * 435 * @retval #kStatus_NBOOT_Success successfully finished 436 * @retval #kStatus_NBOOT_Fail occured during operation 437 */ 438 nboot_status_protected_t NBOOT_Sb3LoadBlock(nboot_context_t *context, uint32_t *block); 439 440 /*! 441 * @brief This function verifies and decrypts an NBOOT SB3.1 block. Decryption is performed in-place.The NBOOT context 442 * has to be initialized by the function nboot_context_init before calling this function. 443 * 444 * @param context Pointer to nboot_context_t structure. 445 * @param address Pointer to start of the image in memory 446 * @param parms Pointer to a data structure in trusted memory 447 * 448 * @retval #kStatus_NBOOT_Success successfully finished 449 * @retval #kStatus_NBOOT_Fail occured during operation 450 */ 451 nboot_status_protected_t NBOOT_Sb3CheckAuthenticityAndCompleteness(nboot_context_t *context, 452 uint32_t *address, 453 nboot_sb3_load_manifest_parms_t *parms); 454 455 /*! 456 * @brief This function authenticates image with asymmetric cryptography. 457 * The NBOOT context has to be initialized by the function nboot_context_init 458 * before calling this function. 459 * 460 * @param context Pointer to nboot_context_t structure. 461 * @param imageStartAddress Pointer to start of the image in memory. 462 * @param isSignatureVerified Pointer to memory holding function call result. 463 * After the function returns, the value will be set to kNBOOT_TRUE when the image is 464 * authentic. Any other value means the authentication does not pass. 465 * 466 * @param parms Pointer to a data structure in trusted memory, holding input parameters for the algorithm. 467 * The data structure shall be correctly filled before the function call. 468 * 469 * @retval #kStatus_NBOOT_Success Operation successfully finished 470 * @retval #kStatus_NBOOT_Fail Returned in all other cases. Doesn't always mean invalid image, 471 * it could also mean transient error caused by short time environmental conditions. 472 */ 473 nboot_status_protected_t NBOOT_ImgAuthenticateEcdsa(nboot_context_t *context, 474 uint8_t imageStartAddress[], 475 nboot_bool_t *isSignatureVerified, 476 nboot_img_auth_ecdsa_parms_t *parms); 477 478 /*! 479 * @brief This function calculates the CMAC over the given image and compares it to the expected value. 480 * To be more resistant against SPA, it is recommended that imageStartAddress is word aligned. 481 * The NBOOT context has to be initialized by the nboot_context_init() before calling this function. 482 * 483 * @param context Pointer to nboot_context_t structure. 484 * @param imageStartAddress Pointer to start of the image in memory. 485 * @param isSignatureVerified Pointer to memory holding function call result. 486 After the function returns, the value will be set to 487 * @param parms Pointer to a data structure in trusted memory, holding the reference MAC. 488 The data structure shall be correctly filled before the function call. 489 * 490 * @retval kStatus_NBOOT_Success 491 * @retval kStatus_NBOOT_Fail 492 */ 493 nboot_status_protected_t NBOOT_ImgAuthenticateCmac(nboot_context_t *context, 494 uint8_t imageStartAddress[], 495 nboot_bool_t *isSignatureVerified, 496 nboot_img_authenticate_cmac_parms_t *parms); 497 498 #endif /* FSL_ROMAPI_NBOOT_H_ */ 499
