mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-18 02:24:18 +00:00
50316e226f
Adding the AP/RSS interface for reading the ROTPK.
The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
where the in_vec indicates which of the 3 ROTPKs we want,
and the out_vec stores the ROTPK value we get back from RSS.
Through this service, we will be able to read any of the 3
ROTPKs used on a CCA platform:
- ROTPK for CCA firmware (BL2, BL31, RMM).
- ROTPK for secure firmware.
- ROTPK for non-secure firmware.
Change-Id: I44c615588235cc797fdf38870b74b4c422be0a72
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
58 lines
1.8 KiB
C
58 lines
1.8 KiB
C
/*
|
|
* Copyright (c) 2023, Arm Limited. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*
|
|
*/
|
|
|
|
#ifndef RSS_CRYPTO_DEFS_H
|
|
#define RSS_CRYPTO_DEFS_H
|
|
|
|
/* Declares types that encode errors, algorithms, key types, policies, etc. */
|
|
#include "psa/crypto_types.h"
|
|
|
|
/*
|
|
* Value identifying export public key function API, used to dispatch the request
|
|
* to the corresponding API implementation in the Crypto service backend.
|
|
*
|
|
*/
|
|
#define RSS_CRYPTO_EXPORT_PUBLIC_KEY_SID (uint16_t)(0x701)
|
|
|
|
/*
|
|
* The persistent key identifiers for RSS builtin keys.
|
|
*/
|
|
enum rss_key_id_builtin_t {
|
|
RSS_BUILTIN_KEY_ID_HOST_S_ROTPK = 0x7FFF816Cu,
|
|
RSS_BUILTIN_KEY_ID_HOST_NS_ROTPK,
|
|
RSS_BUILTIN_KEY_ID_HOST_CCA_ROTPK,
|
|
};
|
|
|
|
/*
|
|
* This type is used to overcome a limitation within RSS firmware in the number of maximum
|
|
* IOVECs it can use especially in psa_aead_encrypt and psa_aead_decrypt.
|
|
*/
|
|
#define RSS_CRYPTO_MAX_NONCE_LENGTH (16u)
|
|
struct rss_crypto_aead_pack_input {
|
|
uint8_t nonce[RSS_CRYPTO_MAX_NONCE_LENGTH];
|
|
uint32_t nonce_length;
|
|
};
|
|
|
|
/*
|
|
* Structure used to pack non-pointer types in a call
|
|
*/
|
|
struct rss_crypto_pack_iovec {
|
|
psa_key_id_t key_id; /* Key id */
|
|
psa_algorithm_t alg; /* Algorithm */
|
|
uint32_t op_handle; /* Frontend context handle associated
|
|
to a multipart operation */
|
|
uint32_t capacity; /* Key derivation capacity */
|
|
uint32_t ad_length; /* Additional Data length for multipart AEAD */
|
|
uint32_t plaintext_length; /* Plaintext length for multipart AEAD */
|
|
struct rss_crypto_aead_pack_input aead_in; /* Packs AEAD-related inputs */
|
|
uint16_t function_id; /* Used to identify the function in the API dispatcher
|
|
to the service backend. See rss_crypto_func_sid for
|
|
detail */
|
|
uint16_t step; /* Key derivation step */
|
|
};
|
|
|
|
#endif /* RSS_CRYPTO_DEFS_H */
|