Software APIs
boot_policy.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/rom/boot_policy.h"
6 
7 #include "sw/device/lib/base/hardened.h"
8 #include "sw/device/silicon_creator/lib/base/chip.h"
9 #include "sw/device/silicon_creator/lib/boot_data.h"
10 #include "sw/device/silicon_creator/lib/drivers/lifecycle.h"
11 #include "sw/device/silicon_creator/lib/error.h"
12 #include "sw/device/silicon_creator/lib/shutdown.h"
13 #include "sw/device/silicon_creator/rom/boot_policy_ptrs.h"
14 
15 boot_policy_manifests_t boot_policy_manifests_get(void) {
16  const manifest_t *slot_a = boot_policy_manifest_a_get();
17  const manifest_t *slot_b = boot_policy_manifest_b_get();
18  // Choose the ROM_EXT with the greater security version.
19  // - If equal, choose the ROM_EXT with the greater major version.
20  // - If equal, choose the ROM_EXT with the greater minor version,
21  // - If equal, prefer slot A.
22  //
23  // The use of gotos below gives a 30% reduction in the size of
24  // this function in the ROM (70 bytes vs. 102 bytes).
25  if (slot_a->security_version > slot_b->security_version) {
26  goto a_first;
27  } else if (slot_a->security_version < slot_b->security_version) {
28  goto b_first;
29  } else if (slot_a->version_major > slot_b->version_major) {
30  goto a_first;
31  } else if (slot_a->version_major < slot_b->version_major) {
32  goto b_first;
33  } else if (slot_a->version_minor >= slot_b->version_minor) {
34  goto a_first;
35  } else {
36  goto b_first;
37  }
38 b_first:
39  return (boot_policy_manifests_t){{slot_b, slot_a}};
40 a_first:
41  return (boot_policy_manifests_t){{slot_a, slot_b}};
42 }
43 
44 rom_error_t boot_policy_manifest_check(const manifest_t *manifest,
45  const boot_data_t *boot_data) {
46  if (manifest->identifier != CHIP_ROM_EXT_IDENTIFIER) {
47  return kErrorBootPolicyBadIdentifier;
48  }
49  if (manifest->length < CHIP_ROM_EXT_SIZE_MIN ||
50  manifest->length > CHIP_ROM_EXT_RESIZABLE_SIZE_MAX) {
51  return kErrorBootPolicyBadLength;
52  }
53  RETURN_IF_ERROR(manifest_check(manifest));
54 
55  if (launder32(manifest->security_version) >=
56  boot_data->min_security_version_rom_ext) {
57  HARDENED_CHECK_GE(manifest->security_version,
58  boot_data->min_security_version_rom_ext);
59  return kErrorOk;
60  }
61  return kErrorBootPolicyRollback;
62 }
Return to OpenTitan Documentation