Software APIs
dice_chain.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_DICE_CHAIN_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_DICE_CHAIN_H_
7 
8 #include "sw/device/lib/base/macros.h"
9 #include "sw/device/silicon_creator/lib/drivers/hmac.h"
10 #include "sw/device/silicon_creator/lib/error.h"
11 #include "sw/device/silicon_creator/lib/keymgr_binding_value.h"
12 #include "sw/device/silicon_creator/lib/manifest.h"
13 #include "sw/device/silicon_creator/lib/ownership/datatypes.h"
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 /**
20  * Initialize the dice chain builder with data from the flash pages.
21  *
22  * @return errors encountered during the operation.
23  */
24 OT_WARN_UNUSED_RESULT
25 rom_error_t dice_chain_init(void);
26 
27 /**
28  * Prepare the UDS key and check the UDS certificate.
29  *
30  * @return errors encountered during the operation.
31  */
32 OT_WARN_UNUSED_RESULT
33 rom_error_t dice_chain_attestation_silicon(void);
34 
35 /**
36  * Check the CDI_0 certificate and regenerate if invalid.
37  *
38  * @param rom_ext_measurement Pointer to the measurements to attest.
39  * @param rom_ext_manifest Pointer to the current rom_ext manifest.
40  * @return errors encountered during the operation.
41  */
42 OT_WARN_UNUSED_RESULT
43 rom_error_t dice_chain_attestation_creator(
44  keymgr_binding_value_t *rom_ext_measurement,
45  const manifest_t *rom_ext_manifest);
46 
47 /**
48  * Check the CDI_1 certificate and regenerate if invalid.
49  *
50  * @param owner_manifest Pointer to the owner SW manifest to be boot.
51  * @param bl0_measurement Pointer to the measurement of the owner firmware.
52  * @param owner_measurement Pointer to the measurement of the owner config.
53  * @param sealing_binding Pointer to the owner's sealing diversification
54  * constant.
55  * @param key_domain Domain of the Owner SW signing key.
56  * @return errors encountered during the operation.
57  */
58 OT_WARN_UNUSED_RESULT
59 rom_error_t dice_chain_attestation_owner(
60  const manifest_t *owner_manifest, keymgr_binding_value_t *bl0_measurement,
61  hmac_digest_t *owner_measurement, keymgr_binding_value_t *sealing_binding,
62  owner_app_domain_t key_domain);
63 
64 /**
65  * Write back the certificate chain to flash if changed.
66  *
67  * @return errors encountered during the operation.
68  */
69 OT_WARN_UNUSED_RESULT
70 rom_error_t dice_chain_flush_flash(void);
71 
72 #ifdef __cplusplus
73 }
74 #endif
75 
76 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_DICE_CHAIN_H_
Return to OpenTitan Documentation