mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-17 01:54:22 +00:00
d797665cce
Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: I606e2663fb3719edf6372d6ffa4f1982eef45994
100 lines
4.7 KiB
C
100 lines
4.7 KiB
C
/*
|
|
* Copyright (c) 2024, Arm Limited. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*
|
|
*/
|
|
|
|
#ifndef DICE_PROTECTION_ENVIRONMENT_H
|
|
#define DICE_PROTECTION_ENVIRONMENT_H
|
|
|
|
#include <stdbool.h>
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
#include <dice.h>
|
|
|
|
/* Additional defines for max size limit. These limits are set by DPE in RSE. */
|
|
#define DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE 64
|
|
#define DICE_CONFIG_DESCRIPTOR_MAX_SIZE 64
|
|
#define DICE_CODE_DESCRIPTOR_MAX_SIZE 32
|
|
|
|
typedef int32_t dpe_error_t;
|
|
|
|
#define DPE_NO_ERROR ((dpe_error_t)0)
|
|
#define DPE_INTERNAL_ERROR ((dpe_error_t)1)
|
|
#define DPE_INVALID_COMMAND ((dpe_error_t)2)
|
|
#define DPE_INVALID_ARGUMENT ((dpe_error_t)3)
|
|
#define DPE_ARGUMENT_NOT_SUPPORTED ((dpe_error_t)4)
|
|
#define DPE_SESSION_EXHAUSTED ((dpe_error_t)5)
|
|
|
|
/* Custom values in RSE based DPE implementation */
|
|
#define DPE_INSUFFICIENT_MEMORY ((dpe_error_t)128)
|
|
#define DPE_ERR_CBOR_FORMATTING ((dpe_error_t)129)
|
|
|
|
/**
|
|
* Client facing API. Parameters are according to the DPE spec version r0.9
|
|
*
|
|
* \brief Performs the DICE computation to derive a new context and optionally
|
|
* creates an intermediate certificate. Software component measurement
|
|
* must be provided in dice_inputs.
|
|
*
|
|
* \param[in] context_handle Input context handle for the DPE
|
|
* context.
|
|
* \param[in] cert_id Logical certificate id to which derived
|
|
* context belongs to.
|
|
* \param[in] retain_parent_context Flag to indicate whether to retain the
|
|
* parent context. True only if a client
|
|
* will call further DPE commands on the
|
|
* same context.
|
|
* \param[in] allow_new_context_to_derive Flag to indicate whether derived context
|
|
* can derive further. True only if the
|
|
* new context will load further components.
|
|
* \param[in] create_certificate Flag to indicate whether to create an
|
|
* intermediate certificate. True only if
|
|
* it is the last component in the layer.
|
|
* \param[in] dice_inputs DICE input values.
|
|
* \param[in] target_locality Identifies the locality to which the
|
|
* derived context will be bound. Could be
|
|
* MHU id.
|
|
* \param[in] return_certificate Indicates whether to return the generated
|
|
* certificate when create_certificate is true.
|
|
* \param[in] allow_new_context_to_export Indicates whether the DPE permits export of
|
|
* the CDI from the newly derived context.
|
|
* \param[in] export_cdi Indicates whether to export derived CDI.
|
|
* \param[out] new_context_handle New handle for the derived context.
|
|
* \param[out] new_parent_context_handle New handle for the parent context.
|
|
* \param[out] new_certificate_buf If create_certificate and return_certificate
|
|
* are both true, this argument holds the new
|
|
* certificate generated for the new context
|
|
* \param[in] new_certificate_buf_size Size of the allocated buffer for
|
|
* new certificate.
|
|
* \param[out] new_certificate_actual_size Actual size of the new certificate.
|
|
* \param[out] exported_cdi_buf If export_cdi is true, this is the
|
|
* exported CDI value.
|
|
* \param[in] exported_cdi_buf_size Size of the allocated buffer for
|
|
* exported cdi.
|
|
* \param[out] exported_cdi_actual_size Actual size of the exported cdi.
|
|
*
|
|
* \return Returns error code of type dpe_error_t
|
|
*/
|
|
dpe_error_t dpe_derive_context(int context_handle,
|
|
uint32_t cert_id,
|
|
bool retain_parent_context,
|
|
bool allow_new_context_to_derive,
|
|
bool create_certificate,
|
|
const DiceInputValues *dice_inputs,
|
|
int32_t target_locality,
|
|
bool return_certificate,
|
|
bool allow_new_context_to_export,
|
|
bool export_cdi,
|
|
int *new_context_handle,
|
|
int *new_parent_context_handle,
|
|
uint8_t *new_certificate_buf,
|
|
size_t new_certificate_buf_size,
|
|
size_t *new_certificate_actual_size,
|
|
uint8_t *exported_cdi_buf,
|
|
size_t exported_cdi_buf_size,
|
|
size_t *exported_cdi_actual_size);
|
|
|
|
#endif /* DICE_PROTECTION_ENVIRONMENT_H */
|