1 /*
2  * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __TFM_ATTEST_HAL_H__
9 #define __TFM_ATTEST_HAL_H__
10 
11 #include <stdint.h>
12 
13 #ifdef __cplusplus
14 extern "C" {
15 #endif
16 
17 /**
18  * \brief Security lifecycle of the device
19  */
20 enum tfm_security_lifecycle_t {
21     TFM_SLC_UNKNOWN                   = 0x0000u,
22     TFM_SLC_ASSEMBLY_AND_TEST         = 0x1000u,
23     TFM_SLC_PSA_ROT_PROVISIONING      = 0x2000u,
24     TFM_SLC_SECURED                   = 0x3000u,
25     TFM_SLC_NON_PSA_ROT_DEBUG         = 0x4000u,
26     TFM_SLC_RECOVERABLE_PSA_ROT_DEBUG = 0x5000u,
27     TFM_SLC_DECOMMISSIONED            = 0x6000u,
28     TFM_SLC_MAX_VALUE                 = UINT32_MAX,
29 };
30 
31 /**
32  * \def VERIFICATION_URL_MAX_SIZE
33  *
34  * \brief Maximum size of verification URL in bytes
35  */
36 #define VERIFICATION_URL_MAX_SIZE (32u)
37 
38 /**
39  * \def PROFILE_DEFINITION_MAX_SIZE
40  *
41  * \brief Maximum size of profile definition in bytes
42  */
43 #define PROFILE_DEFINITION_MAX_SIZE (32u)
44 
45 /**
46  * \def PLATFORM_CONFIG_MAX_SIZE
47  *
48  * \brief Maximum size of the the platform configuration data.
49  */
50 #define PLATFORM_CONFIG_MAX_SIZE (32u)
51 
52 /**
53  * \def PLATFORM_HASH_ALGO_ID_MAX_SIZE
54  *
55  * \brief Maximum size of the platform hash algorithm identifier string.
56  */
57 #define PLATFORM_HASH_ALGO_ID_MAX_SIZE (32u)
58 
59 /**
60  * \brief Retrieve the security lifecycle of the device
61  *
62  * Security lifecycle is a mandatory claim in the initial attestation token.
63  *
64  * \return According to \ref tfm_security_lifecycle_t
65  */
66 enum tfm_security_lifecycle_t tfm_attest_hal_get_security_lifecycle(void);
67 
68 /**
69  * \brief Retrieve the verification service indicator for initial attestation.
70  *
71  * It is used by relying party to locate a validation service for the token.
72  * It can be a text string that can be used to locate the service or can be a
73  * URL specifying the address of the service.
74  *
75  * \param[in/out] size  As an input value it indicates the size of the caller
76  *                      allocated buffer (in bytes) to store the verification
77  *                      service indicator. At return its value is updated with
78  *                      the exact size of the verification service URL.
79  * \param[out]    buf   Pointer to the buffer to store the verification service
80  *                      URL.
81  *
82  * \return  Returns error code specified in \ref tfm_plat_err_t
83  */
84 enum tfm_plat_err_t
85 tfm_attest_hal_get_verification_service(uint32_t *size, uint8_t *buf);
86 
87 /**
88  * \brief Retrieve the name of the profile definition document for initial
89  *        attestation.
90  *
91  *  This document describes the 'profile' of the initial attestation token,
92  *  being a full description of the claims, their usage, verification and
93  *  token signing.
94  *
95  * \param[in/out] size  As an input value it indicates the size of the caller
96  *                      allocated buffer (in bytes) to store the profile
97  *                      definition. At return its value is updated with the
98  *                      exact size of the profile definition.
99  * \param[out]    buf   Pointer to the buffer to store the profile definition.
100  *
101  * \return  Returns error code specified in \ref tfm_plat_err_t
102  */
103 enum tfm_plat_err_t
104 tfm_attest_hal_get_profile_definition(uint32_t *size, uint8_t *buf);
105 
106 /**
107  * \brief Retrieve the platform configuration data.
108  *
109  * The Root Non-Volatile Storage(RNVS) is an on-chip non-volatile storage
110  * resource like fuses or on-chip flash that stores CCA platform immutable
111  * boot parameters.
112  *
113  * \param[in/out] size  As an input value it indicates the size of the caller
114  *                      allocated buffer (in bytes) to store the platform
115  *                      config. At return its value is updated with the
116  *                      exact size of the platform configuration data.
117  * \param[out]    buf   Pointer to the buffer to store the platform
118  *                      configuration data.
119  *
120  * \return  Returns error code specified in \ref tfm_plat_err_t
121  */
122 enum tfm_plat_err_t
123 tfm_attest_hal_get_platform_config(uint32_t *size, uint8_t *buf);
124 
125 
126 /**
127  * \brief Retrieve the platform hash algorithm identifier.
128  *
129  * According to IANA hash algorithm registry:
130  *   - https://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml
131  *
132  * \param[in/out] size  As an input value it indicates the size of the caller
133  *                      allocated buffer (in bytes) to store the platform
134  *                      hash algo. At return its value is updated with the
135  *                      exact size of the platform hahs algo string.
136  * \param[out]    buf   Pointer to the buffer to store the platform
137  *                      hash algo string.
138  *
139  * \return  Returns error code specified in \ref tfm_plat_err_t
140  */
141 enum tfm_plat_err_t
142 tfm_attest_hal_get_platform_hash_algo(uint32_t *size, uint8_t *buf);
143 
144 #ifdef __cplusplus
145 }
146 #endif
147 
148 #endif /* __TFM_ATTEST_HAL_H__ */
149