Software APIs
boot_svc_header.h
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_BOOT_SVC_BOOT_SVC_HEADER_H_
6#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_BOOT_SVC_BOOT_SVC_HEADER_H_
7
8#include <stdint.h>
9
10#include "sw/device/lib/base/macros.h"
11#include "sw/device/silicon_creator/lib/base/chip.h"
12#include "sw/device/silicon_creator/lib/drivers/hmac.h"
13#include "sw/device/silicon_creator/lib/error.h"
14
15#ifdef __cplusplus
16extern "C" {
17#endif // __cplusplus
18
19enum {
20 /**
21 * Common identifier shared by all boot services messages.
22 *
23 * ASCII "BSVC".
24 */
25 kBootSvcIdentifier = 0x43565342,
26};
27
28/**
29 * Boot services message header.
30 *
31 * All boot services messages start with a common header followed by a message
32 * specific payload.
33 */
34typedef struct boot_svc_header {
35 /**
36 * SHA256 digest of the message.
37 *
38 * Digest region starts at `identifier` and extends until the end of the
39 * message.
40 */
41 hmac_digest_t digest;
42 /**
43 * Identifier.
44 *
45 * This field must be `kBootSvcIdentifier` for boot service messages that use
46 * this header format.
47 */
48 uint32_t identifier;
49 /**
50 * Type of the message.
51 */
52 uint32_t type;
53 /**
54 * Total length of the message in bytes.
55 */
56 uint32_t length;
57} boot_svc_header_t;
58
59OT_ASSERT_MEMBER_OFFSET(boot_svc_header_t, digest, 0);
60OT_ASSERT_MEMBER_OFFSET(boot_svc_header_t, identifier, 32);
61OT_ASSERT_MEMBER_OFFSET(boot_svc_header_t, type, 36);
62OT_ASSERT_MEMBER_OFFSET(boot_svc_header_t, length, 40);
63OT_ASSERT_SIZE(boot_svc_header_t, CHIP_BOOT_SVC_MSG_HEADER_SIZE);
64
65/**
66 * Initialize the header of a boot services message.
67 *
68 * This function assumes that message payload starts immediately after the
69 * header and is exactly `length - sizeof(boot_svc_header_t)` bytes for digest
70 * computation. Since this function also intializes the message digest as part
71 * of header initialization, it must be called after the message payload is
72 * initialized.
73 *
74 * @param type Message type.
75 * @param length Total length of the message in bytes.
76 * @param[out] header Output buffer for the message.
77 */
78void boot_svc_header_finalize(uint32_t type, uint32_t length,
79 boot_svc_header_t *header);
80
81/**
82 * Checks the header of a boot services message.
83 *
84 * This function checks the identifier, digest, and length fields of a boot
85 * services message. Similar to the `boot_svc_header_finalize()` function above,
86 * this function also assumes that message payload starts immediately after the
87 * header and is exactly `length - sizeof(boot_svc_header_t)` bytes for digest
88 * computation.
89 *
90 * @param header Header of a boot services message.
91 * @return Whether the header is valid.
92 */
93rom_error_t boot_svc_header_check(const boot_svc_header_t *header);
94
95#ifdef __cplusplus
96} // extern "C"
97#endif // __cplusplus
98
99#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_BOOT_SVC_BOOT_SVC_HEADER_H_