1 /***************************************************************************//** 2 * @file 3 * @brief Silicon Labs Secure Engine Manager API. 4 ******************************************************************************* 5 * # License 6 * <b>Copyright 2020 Silicon Laboratories Inc. www.silabs.com</b> 7 ******************************************************************************* 8 * 9 * SPDX-License-Identifier: Zlib 10 * 11 * The licensor of this software is Silicon Laboratories Inc. 12 * 13 * This software is provided 'as-is', without any express or implied 14 * warranty. In no event will the authors be held liable for any damages 15 * arising from the use of this software. 16 * 17 * Permission is granted to anyone to use this software for any purpose, 18 * including commercial applications, and to alter it and redistribute it 19 * freely, subject to the following restrictions: 20 * 21 * 1. The origin of this software must not be misrepresented; you must not 22 * claim that you wrote the original software. If you use this software 23 * in a product, an acknowledgment in the product documentation would be 24 * appreciated but is not required. 25 * 2. Altered source versions must be plainly marked as such, and must not be 26 * misrepresented as being the original software. 27 * 3. This notice may not be removed or altered from any source distribution. 28 * 29 ******************************************************************************/ 30 #ifndef SL_SE_MANAGER_UTIL_H 31 #define SL_SE_MANAGER_UTIL_H 32 33 #include "em_device.h" 34 35 #if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) || defined(DOXYGEN) 36 37 /// @addtogroup sl_se_manager 38 /// @{ 39 40 /***************************************************************************//** 41 * @addtogroup sl_se_manager_util Utilities 42 * 43 * @brief 44 * Device initialisation, debug lock, upgrade functionality, user data... 45 * 46 * @details 47 * API for managing the Secure Engine or Root code on a device. Upload and 48 * read device configuration. 49 * 50 * @{ 51 ******************************************************************************/ 52 53 #if !defined(SL_TRUSTZONE_NONSECURE) 54 #include "sl_se_manager_key_handling.h" 55 #endif 56 #include "sl_se_manager_types.h" 57 #include "em_se.h" 58 #include "sl_status.h" 59 #include <stdint.h> 60 #include <stdbool.h> 61 #include <stddef.h> 62 63 #ifdef __cplusplus 64 extern "C" { 65 #endif 66 67 // ----------------------------------------------------------------------------- 68 // Prototypes 69 70 /***************************************************************************//** 71 * @brief 72 * Validate SE firmware image. 73 * 74 * @details 75 * Validate SE firmware image located at given address. This function is 76 * typically used before calling sl_se_apply_se_image. 77 * 78 * @param[in] cmd_ctx 79 * Pointer to an SE command context object. 80 * 81 * @param[in] image_addr 82 * Pointer to SE image to validate. 83 * 84 * @return 85 * One of the following sl_status_t codes: 86 * @retval SL_STATUS_OK when the command was executed successfully 87 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 88 ******************************************************************************/ 89 sl_status_t sl_se_check_se_image(sl_se_command_context_t *cmd_ctx, 90 void *image_addr); 91 92 /***************************************************************************//** 93 * @brief 94 * Apply SE firmware image. 95 * 96 * @details 97 * Apply SE firmware image located at given address. 98 * 99 * @param[in] cmd_ctx 100 * Pointer to an SE command context object. 101 * 102 * @param[in] image_addr 103 * Pointer to SE image to apply. 104 * 105 * @return 106 * One of the following sl_status_t codes: 107 * @retval SL_STATUS_OK when the command was executed successfully 108 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 109 ******************************************************************************/ 110 sl_status_t sl_se_apply_se_image(sl_se_command_context_t *cmd_ctx, 111 void *image_addr); 112 113 /***************************************************************************//** 114 * @brief 115 * Get upgrade status of SE firmware image. 116 * 117 * @param[in] cmd_ctx 118 * Pointer to an SE command context object. 119 * 120 * @param[in] status 121 * Pointer to 32-bit word where to return upgrade status. 122 * 123 * @param[in] prev_version 124 * Pointer to 32-bit word where to return previous version. 125 * 126 * @return 127 * One of the following sl_status_t codes: 128 * @retval SL_STATUS_OK when the command was executed successfully 129 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 130 ******************************************************************************/ 131 sl_status_t sl_se_get_upgrade_status_se_image(sl_se_command_context_t *cmd_ctx, 132 uint32_t *status, 133 uint32_t *prev_version); 134 135 /***************************************************************************//** 136 * @brief 137 * Validate Host firmware image. 138 * 139 * @details 140 * Validate Host firmware image located at given address. This function is 141 * typically used before calling @ref sl_se_apply_host_image. 142 * 143 * @param[in] cmd_ctx 144 * Pointer to an SE command context object. 145 * 146 * @param[in] image_addr 147 * Pointer to Host image to validate. 148 * 149 * @param[in] size 150 * Size of Host image to validate. 151 * 152 * @return 153 * One of the following sl_status_t codes: 154 * @retval SL_STATUS_OK when the command was executed successfully 155 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 156 ******************************************************************************/ 157 sl_status_t sl_se_check_host_image(sl_se_command_context_t *cmd_ctx, 158 void *image_addr, 159 uint32_t size); 160 161 /***************************************************************************//** 162 * @brief 163 * Apply Host firmware image. 164 * 165 * @details 166 * Apply Host firmware image located at given address. 167 * 168 * @param[in] cmd_ctx 169 * Pointer to an SE command context object. 170 * 171 * @param[in] image_addr 172 * Pointer to Host image to apply. 173 * 174 * @param[in] size 175 * Size of Host image to apply. 176 * 177 * @return 178 * One of the following sl_status_t codes: 179 * @retval SL_STATUS_OK when the command was executed successfully 180 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 181 ******************************************************************************/ 182 sl_status_t sl_se_apply_host_image(sl_se_command_context_t *cmd_ctx, 183 void *image_addr, 184 uint32_t size); 185 186 /***************************************************************************//** 187 * @brief 188 * Get upgrade status of Host firmware image. 189 * 190 * @param[in] cmd_ctx 191 * Pointer to an SE command context object. 192 * 193 * @param[in] status 194 * Pointer to 32-bit word where to return upgrade status. 195 * 196 * @param[in] prev_version 197 * Pointer to 32-bit word where to return previous version. 198 * 199 * @return 200 * One of the following sl_status_t codes: 201 * @retval SL_STATUS_OK when the command was executed successfully 202 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 203 ******************************************************************************/ 204 sl_status_t 205 sl_se_get_upgrade_status_host_image(sl_se_command_context_t *cmd_ctx, 206 uint32_t *status, 207 uint32_t *prev_version); 208 209 /***************************************************************************//** 210 * @brief 211 * Initialize key to be stored in the SE OTP flash. 212 * 213 * @details 214 * Initialize key stored in the SE. The command can be used to write (@ref sl_se_device_key_type_t): 215 * * SL_SE_KEY_TYPE_IMMUTABLE_BOOT 216 * * SL_SE_KEY_TYPE_IMMUTABLE_AUTH 217 * * SL_SE_KEY_TYPE_IMMUTABLE_AES_128 218 * 219 * @note 220 * These keys can not be overwritten, so this command can only be issued once 221 * per key per part. 222 * 223 * @param[in] cmd_ctx 224 * Pointer to an SE command context object. 225 * 226 * @param[in] key_type 227 * ID of key type to initialize. 228 * 229 * @param[in] key 230 * Pointer to a buffer that contains the key. 231 * Public keys must be word aligned and have a length of 64 bytes. 232 * AES-128 keys must be word aligned and have length of 16 bytes. 233 * 234 * @param[in] num_bytes 235 * Length of key buffer in bytes (16 or 64 bytes). 236 * 237 * @return 238 * One of the following sl_status_t codes: 239 * @retval SL_STATUS_OK when the command was executed successfully 240 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 241 ******************************************************************************/ 242 sl_status_t sl_se_init_otp_key(sl_se_command_context_t *cmd_ctx, 243 sl_se_device_key_type_t key_type, 244 void *key, 245 uint32_t num_bytes); 246 247 /***************************************************************************//** 248 * @brief 249 * Read a public key stored in the SE. 250 * 251 * @details 252 * Read out a public key stored in the SE. The command can be used to read (@ref sl_se_device_key_type_t): 253 * * SL_SE_KEY_TYPE_IMMUTABLE_BOOT 254 * * SL_SE_KEY_TYPE_IMMUTABLE_AUTH 255 * 256 * @param[in] cmd_ctx 257 * Pointer to an SE command context object. 258 * 259 * @param[in] key_type 260 * ID of key type to read. 261 * 262 * @param[out] key 263 * Pointer to a buffer to contain the returned public key. 264 * Must be word aligned and have a length of 64 bytes. 265 * 266 * @param[in] num_bytes 267 * Length of pubkey buffer (64 bytes). 268 * 269 * @return 270 * One of the following sl_status_t codes: 271 * @retval SL_STATUS_OK when the command was executed successfully 272 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 273 ******************************************************************************/ 274 sl_status_t sl_se_read_pubkey(sl_se_command_context_t *cmd_ctx, 275 sl_se_device_key_type_t key_type, 276 void *key, 277 uint32_t num_bytes); 278 279 /***************************************************************************//** 280 * @brief 281 * Initialize SE OTP configuration. 282 * 283 * @param[in] cmd_ctx 284 * Pointer to an SE command context object. 285 * 286 * @param[in] otp_init 287 * Pointer to OTP initialization structure. 288 * 289 * @return 290 * One of the following sl_status_t codes: 291 * @retval SL_STATUS_OK when the command was executed successfully 292 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 293 * @retval SL_STATUS_ABORT when the operation is not attempted. 294 ******************************************************************************/ 295 sl_status_t sl_se_init_otp(sl_se_command_context_t *cmd_ctx, 296 sl_se_otp_init_t *otp_init); 297 298 /***************************************************************************//** 299 * @brief 300 * Read SE OTP configuration. 301 * 302 * @param[in] cmd_ctx 303 * Pointer to an SE command context object. 304 * 305 * @param[out] otp_settings 306 * Pointer to OTP initialization structure. 307 * 308 * @return 309 * One of the following sl_status_t codes: 310 * @retval SL_STATUS_OK when the command was executed successfully 311 * @retval SL_STATUS_INVALID_COMMAND if OTP configuration isn't initialized 312 * @retval SL_STATUS_ABORT when the operation is not attempted. 313 ******************************************************************************/ 314 sl_status_t sl_se_read_otp(sl_se_command_context_t *cmd_ctx, 315 sl_se_otp_init_t *otp_settings); 316 317 /***************************************************************************//** 318 * @brief 319 * Read the SE firmware version. 320 * 321 * @param[in] cmd_ctx 322 * Pointer to an SE command context object. 323 * 324 * @param[out] version 325 * Pointer to uint32_t word where version shall be returned. 326 * 327 * @return 328 * One of the following sl_status_t codes: 329 * @retval SL_STATUS_OK when the command was executed successfully 330 * @retval SL_STATUS_OWNERSHIP when the ownership is already taken 331 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 332 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 333 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 334 ******************************************************************************/ 335 sl_status_t sl_se_get_se_version(sl_se_command_context_t *cmd_ctx, 336 uint32_t *version); 337 338 /***************************************************************************//** 339 * @brief 340 * Returns the current debug lock configuration. 341 * 342 * @param[in] cmd_ctx 343 * Pointer to an SE command context object. 344 * 345 * @param[out] status 346 * Pointer to sl_se_debug_status_t structure to be filled out with the 347 * current status of the debug configuration. 348 * 349 * @return 350 * One of the following sl_status_t codes: 351 * @retval SL_STATUS_OK when the command was executed successfully 352 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 353 ******************************************************************************/ 354 sl_status_t sl_se_get_debug_lock_status(sl_se_command_context_t *cmd_ctx, 355 sl_se_debug_status_t *status); 356 357 /***************************************************************************//** 358 * @brief 359 * Enables the debug lock for the part. 360 * 361 * @details 362 * The debug port will be closed and the only way to open it is through 363 * device erase (if enabled) or through secure debug unlock (if enabled). 364 * 365 * @param[in] cmd_ctx 366 * Pointer to an SE command context object. 367 * 368 * @return 369 * One of the following sl_status_t codes: 370 * @retval SL_STATUS_OK when the command was executed successfully 371 ******************************************************************************/ 372 sl_status_t sl_se_apply_debug_lock(sl_se_command_context_t *cmd_ctx); 373 374 #if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN) 375 /***************************************************************************//** 376 * @brief 377 * Writes data to User Data section in MTP. Write data must be aligned to 378 * word size and contain a number of bytes that is divisable by four. 379 * @note 380 * It is recommended to erase the flash page before performing a write. 381 * 382 * @param[in] cmd_ctx 383 * Pointer to an SE command context object. 384 * @param[in] offset 385 * Offset to the flash word to write to. Must be aligned to words. 386 * @param[in] data 387 * Data to write to flash. 388 * @param[in] num_bytes 389 * Number of bytes to write to flash. NB: Must be divisable by four. 390 * @return 391 * One of the following sl_status_t codes: 392 * @retval SL_STATUS_OK when the command was executed successfully 393 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 394 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 395 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 396 ******************************************************************************/ 397 sl_status_t sl_se_write_user_data(sl_se_command_context_t *cmd_ctx, 398 uint32_t offset, 399 void *data, 400 uint32_t num_bytes); 401 402 /***************************************************************************//** 403 * @brief 404 * Erases User Data section in MTP. 405 * 406 * @param[in] cmd_ctx 407 * Pointer to an SE command context object. 408 * 409 * @return 410 * One of the following sl_status_t codes: 411 * @retval SL_STATUS_OK when the command was executed successfully 412 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 413 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 414 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 415 ******************************************************************************/ 416 sl_status_t sl_se_erase_user_data(sl_se_command_context_t *cmd_ctx); 417 418 /***************************************************************************//** 419 * @brief 420 * Returns the current boot status, versions and system configuration. 421 * 422 * @param[in] cmd_ctx 423 * Pointer to an SE command context object. 424 * 425 * @param[out] status 426 * SE_Status_t containing current SE status. 427 * 428 * @return 429 * One of the following sl_status_t codes: 430 * @retval SL_STATUS_OK upon command completion. Errors are encoded in the 431 * different parts of the returned status object. 432 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 433 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 434 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 435 ******************************************************************************/ 436 sl_status_t sl_se_get_status(sl_se_command_context_t *cmd_ctx, 437 sl_se_status_t *status); 438 439 /***************************************************************************//** 440 * @brief 441 * Read the serial number of the SE module. 442 * 443 * @param[in] cmd_ctx 444 * Pointer to an SE command context object. 445 * 446 * @param[out] serial 447 * Pointer to array of size 16 bytes. 448 * 449 * @return 450 * One of the following sl_status_t codes: 451 * @retval SL_STATUS_OK when the command was executed successfully 452 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 453 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 454 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 455 ******************************************************************************/ 456 sl_status_t sl_se_get_serialnumber(sl_se_command_context_t *cmd_ctx, 457 void *serial); 458 459 /***************************************************************************//** 460 * @brief 461 * Read the OTP firmware version of the SE module. 462 * 463 * @param[in] cmd_ctx 464 * Pointer to an SE command context object. 465 * 466 * @param[out] version 467 * Pointer to uint32_t word where version shall be returned. 468 * 469 * @return 470 * One of the following sl_status_t codes: 471 * @retval SL_STATUS_OK when the command was executed successfully 472 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 473 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 474 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 475 ******************************************************************************/ 476 sl_status_t sl_se_get_otp_version(sl_se_command_context_t *cmd_ctx, 477 uint32_t *version); 478 479 #if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1) || defined(DOXYGEN) 480 /***************************************************************************//** 481 * @brief 482 * Read the EMU->RSTCAUSE after a tamper reset. This function should be called 483 * if EMU->RSTCAUSE has been cleared upon boot. 484 * 485 * @param[in] cmd_ctx 486 * Pointer to an SE command context object. 487 * 488 * @param[out] reset_cause 489 * Pointer to uint32_t word where reset cause shall be returned. 490 * 491 * @return 492 * One of the following sl_status_t codes: 493 * @retval SL_STATUS_OK when the command was executed successfully 494 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 495 ******************************************************************************/ 496 sl_status_t sl_se_get_reset_cause(sl_se_command_context_t *cmd_ctx, 497 uint32_t* reset_cause); 498 #endif 499 500 /***************************************************************************//** 501 * @brief 502 * Enables the secure debug functionality. 503 * 504 * @details 505 * Enables the secure debug functionality that can be used to open a locked 506 * debug port through the Get challenge and Open debug commands. This command 507 * can only be executed before the debug port is locked, and after a secure 508 * debug public key has been installed in the SE. 509 * 510 * @param[in] cmd_ctx 511 * Pointer to an SE command context object. 512 * 513 * @return 514 * One of the following sl_status_t codes: 515 * @retval SL_STATUS_OK when the command was executed successfully 516 ******************************************************************************/ 517 sl_status_t sl_se_enable_secure_debug(sl_se_command_context_t *cmd_ctx); 518 519 /***************************************************************************//** 520 * @brief 521 * Disables the secure debug functionality. 522 * 523 * @param[in] cmd_ctx 524 * Pointer to an SE command context object. 525 * 526 * @details 527 * Disables the secure debug functionality that can be used to open a 528 * locked debug port. 529 * 530 * @return 531 * One of the following sl_status_t codes: 532 * @retval SL_STATUS_OK when the command was executed successfully 533 ******************************************************************************/ 534 sl_status_t sl_se_disable_secure_debug(sl_se_command_context_t *cmd_ctx); 535 536 /***************************************************************************/ /** 537 * @brief 538 * Set debug options. 539 * 540 * @details 541 * This function makes it possible to configure the Trust-Zone access 542 * permissions of the debug interface. For details please refer to 543 * @ref sl_se_debug_options_t. 544 * 545 * @param[in] cmd_ctx 546 * Pointer to an SE command context object. 547 * 548 * @param[in] debug_options 549 * Pointer to debug options structure. 550 * 551 * @return 552 * One of the following sl_status_t codes: 553 * @retval SL_STATUS_OK when the command was executed successfully 554 ******************************************************************************/ 555 sl_status_t sl_se_set_debug_options(sl_se_command_context_t *cmd_ctx, 556 const sl_se_debug_options_t *debug_options); 557 558 /***************************************************************************//** 559 * @brief 560 * Performs a device mass erase and debug unlock. 561 * 562 * @details 563 * Performs a device mass erase and resets the debug configuration to its 564 * initial unlocked state. Only available before DEVICE_ERASE_DISABLE has 565 * been executed. 566 * 567 * @param[in] cmd_ctx 568 * Pointer to an SE command context object. 569 * 570 * @note 571 * This command clears and verifies the complete flash and ram of the 572 * system, excluding the user data pages and one-time programmable 573 * commissioning information in the secure engine. 574 * 575 * @return 576 * One of the following sl_status_t codes: 577 * @retval SL_STATUS_OK when the command was executed successfully 578 * @retval SL_STATUS_INVALID_COMMAND if device erase is disabled. 579 ******************************************************************************/ 580 sl_status_t sl_se_erase_device(sl_se_command_context_t *cmd_ctx); 581 582 /****************************************************************q***********//** 583 * @brief 584 * Disabled device erase functionality. 585 * 586 * @details 587 * This command disables the device erase command. It does not lock the 588 * debug interface to the part, but it is a permanent action for the part. 589 * If device erase is disabled and the device is debug locked, there is no 590 * way to permanently unlock the part. If secure debug unlock is enabled, 591 * secure debug unlock can still be used to temporarily open the debug port. 592 * 593 * @warning 594 * This command permanently disables the device erase functionality! 595 * 596 * @param[in] cmd_ctx 597 * Pointer to an SE command context object. 598 * 599 * @return 600 * One of the following sl_status_t codes: 601 * @retval SL_STATUS_OK when the command was executed successfully 602 ******************************************************************************/ 603 sl_status_t sl_se_disable_device_erase(sl_se_command_context_t *cmd_ctx); 604 605 /***************************************************************************//** 606 * @brief 607 * Request challenge from SE which can be used to open debug access. 608 * 609 * @details 610 * This command requests a challenge (16 bytes) which can be used to generate 611 * a certificate in order to open debug access, @ref sl_se_open_debug. 612 * 613 * @param[in] cmd_ctx 614 * Pointer to an SE command context object. 615 * 616 * @param[out] challenge 617 * SE challenge storage. 618 * 619 * @return 620 * One of the following sl_status_t codes: 621 * @retval SL_STATUS_OK when the command was executed successfully 622 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 623 ******************************************************************************/ 624 sl_status_t sl_se_get_challenge(sl_se_command_context_t *cmd_ctx, 625 sl_se_challenge_t challenge); 626 627 /***************************************************************************//** 628 * @brief 629 * Invalidate current challenge and make a new challenge. 630 * 631 * @details 632 * This command requests the SE to invalidate it's current challenge (16bytes) 633 * and generate a new challenge. 634 * 635 * @param[in] cmd_ctx 636 * Pointer to an SE command context object. 637 * 638 * @return 639 * One of the following sl_status_t codes: 640 * @retval SL_STATUS_OK when the command was executed successfully 641 ******************************************************************************/ 642 sl_status_t sl_se_roll_challenge(sl_se_command_context_t *cmd_ctx); 643 644 /***************************************************************************//** 645 * @brief 646 * Unlock debug access using certificate and signed challenge. 647 * 648 * @param[in] cmd_ctx 649 * Pointer to an SE command context object. 650 * 651 * @param[in] cert 652 * Certificate for debug unlock and signed challenge. 653 * 654 * @param[in] len 655 * Length of certificate in number of bytes. 656 * 657 * @param[in] debug_options 658 * Debug options to open/unlock. 659 * 660 * @return 661 * One of the following sl_status_t codes: 662 * @retval SL_STATUS_OK when the command was executed successfully 663 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 664 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 665 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 666 ******************************************************************************/ 667 sl_status_t sl_se_open_debug(sl_se_command_context_t *cmd_ctx, 668 void *cert, 669 uint32_t len, 670 const sl_se_debug_options_t *debug_options); 671 672 #if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN) 673 /***************************************************************************//** 674 * @brief 675 * Temporarily disable tamper configuration using certificate and signed 676 * challenge. 677 * 678 * @param[in] cmd_ctx 679 * Pointer to an SE command context object. 680 * 681 * @param[in] cert 682 * Certificate for disabling tamper and signed challenge. 683 * 684 * @param[in] len 685 * Length of certificate in number of bytes. 686 * 687 * @param[in] tamper_signals 688 * Tamper signals to disable. Each signal represented by a bit. 689 * 690 * @return 691 * One of the following sl_status_t codes: 692 * @retval SL_STATUS_OK when the command was executed successfully 693 * @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized 694 * @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized 695 * @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed 696 ******************************************************************************/ 697 sl_status_t sl_se_disable_tamper(sl_se_command_context_t *cmd_ctx, 698 void *cert, 699 uint32_t len, 700 sl_se_tamper_signals_t tamper_signals); 701 702 #endif // (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) 703 704 /***************************************************************************//** 705 * @brief 706 * Read size of stored certificates in SE. 707 * 708 * @param[in] cmd_ctx 709 * Pointer to an SE command context object. 710 * 711 * @param[in,out] cert_size 712 * Size of the certificates stored in SE. 713 714 * @return 715 * Status code, @ref sl_status.h. 716 ******************************************************************************/ 717 sl_status_t sl_se_read_cert_size(sl_se_command_context_t *cmd_ctx, 718 sl_se_cert_size_type_t *cert_size); 719 720 /***************************************************************************//** 721 * @brief 722 * Read stored certificates in SE. 723 * 724 * @param[in] cmd_ctx 725 * Pointer to an SE command context object. 726 * 727 * @param[in] cert_type 728 * Type of the certificate stored in SE. 729 * 730 * @param[in,out] cert 731 * Buffer to read certificate. 732 * 733 * @param[in] num_bytes 734 * Length of certificate in number of bytes. 735 * 736 * @return 737 * Status code, @ref sl_status.h. 738 ******************************************************************************/ 739 sl_status_t sl_se_read_cert(sl_se_command_context_t *cmd_ctx, 740 sl_se_cert_type_t cert_type, 741 void *cert, 742 uint32_t num_bytes); 743 744 #endif // defined(SEMAILBOX_PRESENT) 745 746 #ifdef __cplusplus 747 } 748 #endif 749 750 /// @} (end addtogroup sl_se_manager_util) 751 /// @} (end addtogroup sl_se_manager) 752 753 #endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) 754 755 #endif // SL_SE_MANAGER_UTIL_H 756
