forked from espressif/esp-idf
feat(esp_rom): Added ROM headers related to Key Manager
This commit is contained in:
Aditya Patwardhan
103
components/esp_rom/include/esp32p4/rom/key_mgr.h
Normal file
103
components/esp_rom/include/esp32p4/rom/key_mgr.h
Normal file
@@ -0,0 +1,103 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
#pragma once
|
||||
|
||||
#include "soc/soc_caps.h"
|
||||
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
#include <stdint.h>
|
||||
#include "esp_attr.h"
|
||||
#include "ets_sys.h"
|
||||
#include "km.h"
|
||||
|
||||
#if __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// store huk info, occupy 96 words
|
||||
struct huk_info {
|
||||
#define HUK_INFO_LEN 384
|
||||
uint8_t info[HUK_INFO_LEN];
|
||||
uint32_t crc;
|
||||
} PACKED_ATTR;
|
||||
|
||||
// store key info, occupy 512 bits
|
||||
struct key_info {
|
||||
#define KEY_INFO_LEN 64
|
||||
uint8_t info[KEY_INFO_LEN];
|
||||
uint32_t crc;
|
||||
} PACKED_ATTR;
|
||||
|
||||
struct huk_key_block {
|
||||
#define KEY_HUK_SECTOR_MAGIC 0xDEA5CE5A
|
||||
uint32_t magic;
|
||||
uint32_t version; // for backward compatibility
|
||||
uint8_t reserved[16];
|
||||
struct huk_info huk_info;
|
||||
struct key_info key_info[2]; // at most 2 key info (XTS-512_1 and XTS-512_2), at least use 1
|
||||
} WORD_ALIGNED_ATTR PACKED_ATTR;
|
||||
|
||||
/*
|
||||
* We define two info sectors "active" and "backup" here
|
||||
* Most rom code would rely only on the "active" sector for the key information
|
||||
*
|
||||
* But there could be a situation where the huk and key information must be regenerated
|
||||
* based on ageing and other factors. For that scenario, we need a "backup" sector
|
||||
*/
|
||||
#define KEY_HUK_SECTOR_OFFSET(i) ((i)*0x1000)
|
||||
#define ACTIVE_SECTOR_OFFSET KEY_HUK_SECTOR_OFFSET(0)
|
||||
#define BACKUP_SECTOR_OFFSET KEY_HUK_SECTOR_OFFSET(1)
|
||||
|
||||
#define KM_PERI_ECDSA (BIT(0))
|
||||
#define KM_PERI_XTS (BIT(1))
|
||||
|
||||
struct km_deploy_ops {
|
||||
#define KM_KEY_PURPOSE_ECDSA 1
|
||||
#define KM_KEY_PURPOSE_XTS_256_1 2
|
||||
#define KM_KEY_PURPOSE_XTS_256_2 3
|
||||
#define KM_KEY_PURPOSE_XTS_128 4
|
||||
int km_key_purpose;
|
||||
#define KM_DEPLOY_MODE_RANDOM 0
|
||||
#define KM_DEPLOY_MODE_AES 1
|
||||
#define KM_DEPLOY_MODE_ECDH0 2
|
||||
#define KM_DEPLOY_MODE_ECDH1 3
|
||||
#define KM_DEPLOY_MODE_RECOVER 4
|
||||
#define KM_DEPLOY_MODE_EXPORT 5
|
||||
int deploy_mode;
|
||||
uint8_t *init_key; // 256 bits, only used in aes and ecdh1 deploy mode
|
||||
int deploy_only_once;
|
||||
int force_use_km_key;
|
||||
int km_use_efuse_key;
|
||||
uint32_t efuse_km_rnd_switch_cycle; // 0 means use default
|
||||
uint32_t km_rnd_switch_cycle; // 0 means use default
|
||||
int km_use_sw_init_key;
|
||||
struct huk_info *huk_info;
|
||||
struct key_info *key_info;
|
||||
};
|
||||
|
||||
/* state of km */
|
||||
#define KM_STATE_IDLE 0
|
||||
#define KM_STATE_LOAD 1
|
||||
#define KM_STATE_GAIN 2
|
||||
#define KM_STATE_BUSY 3
|
||||
#define KM_STATE_INVALID 4
|
||||
|
||||
/* state of huk generator
|
||||
* values defined same as km
|
||||
*/
|
||||
#define HUK_STATE_IDLE 0
|
||||
#define HUK_STATE_LOAD 1
|
||||
#define HUK_STATE_GAIN 2
|
||||
#define HUK_STATE_BUSY 3
|
||||
|
||||
#define HUK_NOT_GENERATED 0
|
||||
#define HUK_GEN_VALID 1
|
||||
#define HUK_GEN_INVALID 2
|
||||
|
||||
#if __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
63
components/esp_rom/include/esp32p4/rom/km.h
Normal file
63
components/esp_rom/include/esp32p4/rom/km.h
Normal file
@@ -0,0 +1,63 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
#ifndef _KM_H
|
||||
#define _KM_H
|
||||
|
||||
#include "soc/soc_caps.h"
|
||||
#if SOC_KEY_MANAGER_SUPPORTED
|
||||
|
||||
#include <stdint.h>
|
||||
#include "soc/soc.h"
|
||||
#include "ets_sys.h"
|
||||
|
||||
#if __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* huk mode type */
|
||||
typedef enum {
|
||||
HUK_MODE_RECOVER = 0,
|
||||
HUK_MODE_GEN = 1,
|
||||
} huk_mode_t;
|
||||
|
||||
/**
|
||||
* @brief Recover efuse key or key manager key if flash encryption is enabled
|
||||
*
|
||||
* @param do_log : if km process print log
|
||||
*
|
||||
* @return ETS_OK when key is recovered, ETS_FAILED when key not recovered
|
||||
*/
|
||||
ETS_STATUS esp_rom_check_recover_key(int do_log);
|
||||
|
||||
/**
|
||||
* @brief Configure huk mode
|
||||
*
|
||||
* @param mode : HUK_MODE_RECOVER or HUK_MODE_GEN
|
||||
*
|
||||
* @param huk_info : uint8_t pointer to the buffer which will feed the huk info or
|
||||
* gain the huk info
|
||||
*
|
||||
* @return ETS_OK when huk configuration is done, else ETS_FAILED
|
||||
*/
|
||||
ETS_STATUS esp_rom_km_huk_conf(huk_mode_t mode, uint8_t *huk_info);
|
||||
|
||||
/**
|
||||
* @brief Get huk risk. The risk level of HUK is 0-6: the higher the risk level is,
|
||||
* the more error bits there are in the PUF SRAM. 7: Error level, HUK is invalid
|
||||
*
|
||||
* @param None
|
||||
*
|
||||
* @return The huk risk
|
||||
*/
|
||||
int esp_rom_km_huk_risk(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif /* _KM_H */
|
||||
Reference in New Issue
Block a user