Software APIs
boot_policy.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_BOOT_POLICY_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_BOOT_POLICY_H_
7 
8 #include "sw/device/silicon_creator/lib/boot_data.h"
9 #include "sw/device/silicon_creator/lib/drivers/lifecycle.h"
10 #include "sw/device/silicon_creator/lib/error.h"
11 #include "sw/device/silicon_creator/lib/manifest.h"
12 
13 #ifdef __cplusplus
14 extern "C" {
15 #endif // __cplusplus
16 
17 /**
18  * Type alias for the ROM_EXT entry point.
19  *
20  * The entry point address obtained from the ROM_EXT manifest must be cast to a
21  * pointer to this type before being called.
22  */
23 typedef void rom_ext_entry_point(void);
24 
25 /**
26  * Manifests of ROM_EXTs in descending order according to their security
27  * versions.
28  *
29  * These ROM_EXTs must be verified prior to handing over execution.
30  */
31 typedef struct boot_policy_manifests {
32  /**
33  * ROM_EXT manifests in descending order according to their security versions.
34  */
35  const manifest_t *ordered[2];
36 } boot_policy_manifests_t;
37 
38 /**
39  * Returns the manifests of ROM_EXTs that should be attempted to boot in
40  * descending order according to their security versions.
41  *
42  * These ROM_EXTs must be verified prior to handing over execution.
43  *
44  * @return Manifests of ROM_EXTs in descending order according to their
45  * security versions.
46  */
47 OT_WARN_UNUSED_RESULT
48 boot_policy_manifests_t boot_policy_manifests_get(void);
49 
50 /**
51  * Checks the fields of a ROM_EXT manifest.
52  *
53  * This function performs bounds checks on the fields of the manifest, checks
54  * that its `identifier` is correct, and its `security_version` is greater than
55  * or equal to the minimum required security version.
56  *
57  * @param manifest A ROM_EXT manifest.
58  * @param boot_data Boot data.
59  * @return Result of the operation.
60  */
61 OT_WARN_UNUSED_RESULT
62 rom_error_t boot_policy_manifest_check(const manifest_t *manifest,
63  const boot_data_t *boot_data);
64 
65 #ifdef __cplusplus
66 } // extern "C"
67 #endif // __cplusplus
68 
69 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_BOOT_POLICY_H_
Return to OpenTitan Documentation