gen/doxy/dif__flash__ctrl_8h_source.html

// Copyright lowRISC contributors (OpenTitan project).

// Licensed under the Apache License, Version 2.0, see LICENSE for details.

// SPDX-License-Identifier: Apache-2.0


#ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_FLASH_CTRL_H_

#define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_FLASH_CTRL_H_


/**

 * @file

 * @brief <a href="/hw/ip/flash_ctrl/doc/">Flash Controller</a> Device

 * Interface Functions

 */


#include "sw/device/lib/base/macros.h"

#include "sw/device/lib/base/multibits.h"


#include "sw/device/lib/dif/autogen/dif_flash_ctrl_autogen.h"


#ifdef __cplusplus

extern "C" {

#endif  // __cplusplus


/**

 * Carries state for a flash controller device.

 *

 * All members except the `dev` should be considered private and should not be

 * accessed directly outside of the DIF implementation.

 */

typedef struct dif_flash_ctrl_state {

  /**

   * Contains autogenerated device information, like the base address for

   * registers in the flash controller device.

   */

  dif_flash_ctrl_t dev;


  /* Private members below. */


  /** Number of words remaining for the current transaction. */

  uint32_t words_remaining;

  /** Whether a transaction is pending completion. */

  bool transaction_pending;

} dif_flash_ctrl_state_t;


/**

 * Initialize the DIF state for the flash controller.

 *

 * @param handle The flash controller DIF state to initialize.

 * @param base_addr The base address for the flash controller.

 * @return `kDifBadArg` if `handle` is null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_init_state(dif_flash_ctrl_state_t *handle,

                                       mmio_region_t base_addr);


typedef struct dif_flash_ctrl_device_info {

  /** Number of banks under this flash controller. */

  uint32_t num_banks;

  /** Number of bytes per flash word. */

  uint32_t bytes_per_word;

  /** Number of bytes per flash page. */

  uint32_t bytes_per_page;

  /** Number of pages per bank in the data partition. */

  uint32_t data_pages;

  /** Number of pages per bank in the info partition, type 0. */

  uint32_t info0_pages;

  /** Number of pages per bank in the info partition, type 1. */

  uint32_t info1_pages;

  /** Number of pages per bank in the info partition, type 2. */

  uint32_t info2_pages;

} dif_flash_ctrl_device_info_t;


// TODO: Associate the data with a base address or acknowledge that there

// should only ever be one flash controller in the system.

/**

 * Get information on the flash controller sizes.

 *

 * @return A `dif_flash_ctrl_device_info_t` representing the feature sizes for

 * various components of the flash.

 */

OT_WARN_UNUSED_RESULT

dif_flash_ctrl_device_info_t dif_flash_ctrl_get_device_info(void);


/**

 * Set whether the flash is enabled.

 *

 * Generally, this is used to disable flash functionality in case of an

 * emergency. Flash functionality is ordinarily enabled.

 *

 * @param handle The flash controller to operate on.

 * @param enable Enable/disable flash functionality.

 * @return `kDifBadArg` if `handle` is null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_flash_enablement(dif_flash_ctrl_state_t *handle,

                                                 dif_toggle_t enable);


/**

 * Get whether flash functionality is enabled.

 *

 * @param handle The flash controller to operate on.

 * @param enabled_out Out parameter, where to store whether flash is enabled.

 * @return `kDifBadArg` if `handle` or `enabled_out` are null and `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_flash_enablement(

    const dif_flash_ctrl_state_t *handle, dif_toggle_t *enabled_out);


/**

 * Set whether execution / fetch access is enabled.

 *

 * @param handle The flash controller to operate on.

 * @param enable Enable/disable execution / fetch access.

 * @return `kDifBadArg` if `handle` or `enabled_out` are null and `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_exec_enablement(dif_flash_ctrl_state_t *handle,

                                                dif_toggle_t enable);


/**

 * Get whether execution / fetch access is enabled.

 *

 * @param handle The flash controller to operate on.

 * @param enabled_out Out parameter, whether execution / fetch access is

 * allowed.

 * @return `kDifBadArg` if `handle` or `enabled_out` are null and `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_exec_enablement(

    const dif_flash_ctrl_state_t *handle, dif_toggle_t *enabled_out);


/**

 * Begins the flash controller's initialization sequence. The flash controller

 * will read out the root seeds before allowing other usage of the controller.

 * This operation will only be performed once, and controller initialization

 * cannot be requested again until after a reset.

 *

 * @param handle The flash controller to operate on.

 * @return `kDifBadArg` if `handle` is null, `kDifError` if initialization has

 * already been started, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_start_controller_init(

    dif_flash_ctrl_state_t *handle);


/**

 * Status bits that can be queried.

 */

typedef struct dif_flash_ctrl_status {

  /**

   * Flash read FIFO full, software must consume data.

   */

  bool read_fifo_full : 1;

  /**

   * Flash read FIFO empty.

   */

  bool read_fifo_empty : 1;

  /**

   * Flash program FIFO full.

   */

  bool prog_fifo_full : 1;

  /**

   * Flash program FIFO empty, software must provide data.

   */

  bool prog_fifo_empty : 1;

  /**

   * Flash controller undergoing init.

   */

  bool controller_init_wip : 1;

  /**

   * Flash controller initialized.

   */

  bool controller_initialized : 1;

} dif_flash_ctrl_status_t;


/**

 * Query the status registers on the flash controller.

 *

 * This function checks the various status bits as described in

 * `dif_flash_ctrl_status_t`.

 *

 * @param handle flash controller device to check the status bits for.

 * @param status_out Out parameter. The current status of the flash controller.

 * @return `kDifBadArg` if `handle` or `status_out` is null, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_status(const dif_flash_ctrl_state_t *handle,

                                       dif_flash_ctrl_status_t *status_out);


/**

 * Represents programming capabilities of the flash controller. The meaning of

 * the boolean values is context-sensitive. For the result of a query, they

 * represent which types are allowed. As an argument to a function that disables

 * capabilities, a true value indicates that the function should disable that

 * type.

 */

typedef struct dif_flash_ctrl_prog_capabilities {

  /** Normal programming type. */

  bool normal_prog_type : 1;

  /** Repair programming type. */

  bool repair_prog_type : 1;

} dif_flash_ctrl_prog_capabilities_t;


/**

 * Query the allowed programming types.

 *

 * Note that this function is a check of a permission only. For checking whether

 * the flash supports a given type, use `dif_flash_ctrl_get_phy_status()`.

 * @sa dif_flash_ctrl_get_phy_status

 *

 * @param handle The flash controller to query.

 * @param allowed_types_out Out parameter. Points to location where the allowed

 * types should be written.

 * @return `kDifBadArg` if `handle` or `allowed_types_out` are null. `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_allowed_prog_types(

    const dif_flash_ctrl_state_t *handle,

    dif_flash_ctrl_prog_capabilities_t *allowed_types_out);


/**

 * Disallow the indicated programming operations.

 *

 * Note that this is a one-way operation. Programming types that are disabled

 * cannot be enabled again without a reset.

 *

 * @param handle The flash controller to operate on.

 * @param types_to_disallow A programming type marked true indicates that the

 * given type should be *disabled*.

 * @return `kDifBadArg` if handle is null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_disallow_prog_types(

    dif_flash_ctrl_state_t *handle,

    dif_flash_ctrl_prog_capabilities_t types_to_disable);


/**

 * Enum to represent the flash partition type (data or info).

 */

typedef enum dif_flash_ctrl_partition_type {

  kDifFlashCtrlPartitionTypeData = 0,

  kDifFlashCtrlPartitionTypeInfo = 1

} dif_flash_ctrl_partition_type_t;


typedef enum dif_flash_ctrl_operation {

  /** Read the specified number of words. */

  kDifFlashCtrlOpRead = 0,

  /** Program the specified number of words (normal mode). */

  kDifFlashCtrlOpProgram = 1,

  /**

   * Program the specified number of words in repair mode. Support for this

   * mode depends on the underlying flash technology. See

   * `dif_flash_ctrl_supports_repair_operation`.

   */

  kDifFlashCtrlOpProgramRepair = 5,

  /** Erase the specified page. */

  kDifFlashCtrlOpPageErase = 2,

  /** Erase the specified bank. */

  kDifFlashCtrlOpBankErase = 10,

} dif_flash_ctrl_operation_t;


typedef struct dif_flash_ctrl_transaction {

  dif_flash_ctrl_operation_t op;

  /**

   * The partition type for the transaction.

   *

   * Note: For bank erase operations, the data partition is *always* erased,

   * even when `partition_type` is `kFlashCtrlPartitionTypeInfo`.

   *

   */

  dif_flash_ctrl_partition_type_t partition_type;

  /**

   * The index / ID of the info partition. Unused for data partitions, since

   * there is only one in a given bank.

   */

  uint32_t partition_id;

  /**

   * Byte address (in the flash address space) to start the operation.

   *

   * For operations at a granularity of words, the flash controller will

   * truncate to the closest, lower word aligned address. For example, if 0x13

   * is supplied for a read, the controller will perform a read at address 0x10.

   *

   * Similarly, for page erase and bank erase operations, the flash controller

   * will truncate to the closest lower page-aligned or bank-aligned address,

   * respectively.

   */

  uint32_t byte_address;

  /**

   * Number of 32-bit words in the operation. Must be in the range [1,4096]

   * (inclusive) for program or read operations. Unused for erase operations.

   */

  uint32_t word_count;

} dif_flash_ctrl_transaction_t;


/**

 * Start a flash controller operation.

 *

 * Note that not all underlying flash memory supports the

 * `kDifFlashCtrlOpProgramRepair` operation. When specifying this in the `op`,

 * `dif_flash_ctrl_get_phy_status()` can first be used to ensure the operation

 * is supported.

 *

 * @param handle The flash controller device to execute the transaction on.

 * @param transaction The parameters that constitute the operation to start.

 * @return `kDifBadArg` if `handle` is null or `transaction` contains an invalid

 * or unsupported operation, `kDifUnavailable` if a flash transaction is in

 * progress at the controller, `kDifIpFifoFull` if the FIFOs are not empty, and

 * `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_start(dif_flash_ctrl_state_t *handle,

                                  dif_flash_ctrl_transaction_t transaction);


/**

 * Start a flash controller operation, with fewer safeguards. (unsafe version)

 *

 * Unlike `dif_flash_ctrl_start()`, this variant does not check whether the info

 * partition id is valid, whether the word count is valid, or whether the FIFOs

 * have been emptied. This function is intended to be used to trigger errors on

 * purpose, for testing the hardware responses.

 *

 * Note that not all underlying flash memory supports the

 * `kDifFlashCtrlOpProgramRepair` operation. When specifying this in the `op`,

 * `dif_flash_ctrl_get_phy_status()` can first be used to ensure the operation

 * is supported.

 *

 * @param handle The flash controller device to execute the transaction on.

 * @param transaction The parameters that constitute the operation to start.

 * @return `kDifBadArg` if `handle` is null, `kDifUnavailable` if a flash

 * transaction is in progress, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_start_unsafe(

    dif_flash_ctrl_state_t *handle, dif_flash_ctrl_transaction_t transaction);


/**

 * Suspend an ongoing erase transaction.

 *

 * If no erase transaction is ongoing, returns with no effect.

 *

 * @param handle flash controller device to operate on.

 * @return `kDifBadArg` if `handle` is null. Otherwise, `kDifOk`.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_suspend_erase(dif_flash_ctrl_state_t *handle);


/**

 * Query the controller for any erase suspension requests pending.

 *

 * @param handle The flash controller to query.

 * @param request_pending_out Out parameter. The location to write whether an

 * erase suspension request is pending.

 * @return `kDifBadArg` if `handle` or `request_pending_out` are null. `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_erase_suspend_status(

    dif_flash_ctrl_state_t *handle, bool *request_pending_out);


/**

 * Push data to the program FIFO. (unsafe version)

 *

 * This function is primarily for testing hardware error responses. If you are

 * not specifically trying to force an error, consider

 * `dif_flash_ctrl_prog_fifo_push()` instead. This function does not check if a

 * program transaction has begun, nor if the number of words would exceed the

 * size of the current transaction.

 *

 * Attempts to write the contents of `data` to the program FIFO without

 * consideration for the current controller state.

 *

 * It is up to the caller to call `dif_flash_ctrl_end()` to ensure the

 * flash controller completed this transaction successfully.

 *

 * @param handle flash controller device to push data to.

 * @param word_count The number of words to write.

 * @param data The data to write.

 * @return `kDifBadArg` if `handle` or `data` are null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_prog_fifo_push_unsafe(

    dif_flash_ctrl_state_t *handle, uint32_t word_count, const uint32_t *data);


/**

 * Push data to the program FIFO.

 *

 * Attempts to write the contents of `data` to the program FIFO. It is required

 * that a program transaction be started prior to calling this function, else

 * the call will fail with `kDifError`.

 *

 * The following conditions are also required:

 *   - `data` must reference a contiguous, allocated, readable region of at

 *     least `word_count` words, violation of this will produce undefined

 *     behavior.

 *   - The first call to this function after starting the program transaction

 *     the same `word_count` must not exceed what was supplied at the start of

 *     the program transaction.

 *   - Each subsequent call the new `word_count` must not exceed `word_count -

 *     words_sent_out` from the previous call.

 * All deviations on the above will produce a `kDifBadArg` error

 * unless otherwise specified.

 *

 * If the FIFO fills up, this function will cause the CPU to block until the

 * flash controller frees up more space.

 *

 * It is up to the caller to call `dif_flash_ctrl_end()` to ensure the

 * flash controller completed this transaction successfully.

 *

 * @param handle flash controller device to push data to.

 * @param word_count The number of words to write.

 * @param data The data to write.

 * program FIFO, will contain the number of words pushed.

 * @return `kDifBadArg` if `handle` or `data` are null or if the value of

 * `word_count` is illegal. `kDifError` if a program transaction was not

 * started. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_prog_fifo_push(dif_flash_ctrl_state_t *handle,

                                           uint32_t word_count,

                                           const uint32_t *data);


/**

 * Read data from the read FIFO. (unsafe version)

 *

 * This function is primarily for testing hardware error responses. If you are

 * not specifically trying to force an error, consider

 * `dif_flash_ctrl_read_fifo_pop()` instead. This function does not check if a

 * transaction is currently in progress, nor if this would cause a read beyond

 * the number of words for the current operation.

 *

 * Attempts to read `word_count` words from the read FIFO without consideration

 * for the current controller state.

 *

 * It is up to the caller to call `dif_flash_ctrl_end()` to ensure the

 * flash controller completed this transaction successfully.

 *

 * @param handle flash controller device to push data to.

 * @param word_count The number of words to read.

 * @param data_out The region in memory to store the data read off the FIFO.

 * @return `kDifBadArg` if `handle` or `data` are null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_read_fifo_pop_unsafe(dif_flash_ctrl_state_t *handle,

                                                 uint32_t word_count,

                                                 uint32_t *data_out);


/**

 * Read data from the read FIFO.

 *

 * Attempts to read `word_count` words from the read FIFO.

 *

 * The following conditions are required:

 *   - `data_out` must reference a contiguous, allocated, writable region of at

 *     least `word_count` words, violation of this will produce undefined

 *     behavior.

 *   - The first call to this function after starting the program transaction

 *     the same `word_count` must not exceed what was supplied at the start of

 * the read transaction.

 *   - Each subsequent call the new `word_count` must not exceed `word_count -

 *     words_received` from the previous call.

 * All deviations on the above will produce a `kDifBadArg` error unless

 * otherwise specified.

 *

 * If the FIFO empties this function will cause the CPU to block until the flash

 * controller fills the FIFO with more data.

 *

 * It is up to the caller to call `dif_flash_ctrl_end()` to ensure the

 * flash controller completed this transaction successfully.

 *

 * @param handle flash controller device to pull data from.

 * @param word_count The number of words to read.

 * @param data_out The region in memory to store the data read off the FIFO.

 * @param words_read_out Out-parameter, the number of words read.

 * @return `kDifBadArg` if `handle` or `data_out` are null, or if the value of

 * `word_count` is illegal. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_read_fifo_pop(dif_flash_ctrl_state_t *handle,

                                          uint32_t word_count,

                                          uint32_t *data_out);


typedef struct dif_flash_ctrl_error_codes {

  /**

   * Access permission error.

   */

  bool memory_properties_error : 1;

  /**

   * Uncorrectable flash read data error.

   */

  bool read_error : 1;

  /**

   * Flash program has a window resolution error. In other words, the start of

   * program and end of program are in different windows.

   */

  bool prog_window_error : 1;

  /**

   * Flash program operation selected an unavailable type. For example, the

   * repair type of programming was selected, but the flash did not support it.

   */

  bool prog_type_error : 1;

  /**

   * A shadow register encountered an update error.

   */

  bool shadow_register_error : 1;

} dif_flash_ctrl_error_codes_t;


/**

 * Represents recoverable errors and synchronous errors caused by software.

 */

typedef struct dif_flash_ctrl_error {

  /**

   * For errors associated with an address, the address where the error

   * occurred.

   */

  uint32_t address;


  /**

   * A set of error codes.

   */

  dif_flash_ctrl_error_codes_t codes;

} dif_flash_ctrl_error_t;


/**

 * Get the error codes and address of the last associated error.

 *

 * @param handle flash controller device to query.

 * @param error_code_out Output parameter. The location where the current status

 * is to be stored.

 * @return `kDifBadArg` if `handle` or `error_code_out` are null. `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_error_codes(

    const dif_flash_ctrl_state_t *handle,

    dif_flash_ctrl_error_t *error_code_out);


/**

 * Clear the error codes.

 *

 * @param handle flash controller device to set.

 * @return `kDifBadArg` if `handle` is null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_clear_error_codes(

    dif_flash_ctrl_state_t *handle, dif_flash_ctrl_error_codes_t codes);


typedef struct dif_flash_ctrl_output {

  /**

   * The error code associated with an `operation_error`. This field is only

   * valid if `operation_error` is true.

   */

  dif_flash_ctrl_error_t error_code;

  /**

   * Flash operation done.

   */

  bool operation_done : 1;

  /**

   * Flash operation error.

   */

  bool operation_error : 1;


} dif_flash_ctrl_output_t;


/**

 * Check that the transaction has completed and return any resulting error

 * codes. Does not clear the error codes, but does clear the operation status if

 * the operation has terminated.

 *

 * @param handle flash controller device for completing the transaction.

 * @param out Out parameter. Contains the transaction status and error codes.

 * @return `kDifBadArg` if `handle` or `out` are null, `kDifError` if no

 * transaction was pending, `kDifUnavailable` if the controller is still

 * processing the transaction, `kDifIpFifoFull` if there are still words

 * remaining for the FIFOs, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_end(dif_flash_ctrl_state_t *handle,

                                dif_flash_ctrl_output_t *out);


/**

 * Memory protection configuration options.

 */

typedef struct dif_flash_ctrl_region_properties {

  /** Read enable flag. */

  multi_bit_bool_t rd_en;

  /** Program enable flag. */

  multi_bit_bool_t prog_en;

  /** Erase enable flag. */

  multi_bit_bool_t erase_en;

  /** Scramble enable flag*/

  multi_bit_bool_t scramble_en;

  /** ECC enable flag. */

  multi_bit_bool_t ecc_en;

  /** High-endurance enable flag. */

  multi_bit_bool_t high_endurance_en;

} dif_flash_ctrl_region_properties_t;


/**

 * A composite of a data region and its memory properties.

 */

typedef struct dif_flash_ctrl_data_region_properties {

  /** Region base page index. */

  uint32_t base;

  /** Region config size (in number of pages). */

  uint32_t size;

  /** Memory properties of the region. */

  dif_flash_ctrl_region_properties_t properties;

} dif_flash_ctrl_data_region_properties_t;


/**

 * Representation of the memory protection regions for the info pages.

 */

typedef struct dif_flash_ctrl_info_region {

  /** Region bank ID. */

  uint32_t bank;

  /** Region info partition ID. */

  uint32_t partition_id;

  /** Region page index. */

  uint32_t page;

} dif_flash_ctrl_info_region_t;


/**

 * Enable/disable the data region of flash indexed by `region`.

 *

 * This may only be done if region configuration has not been locked.

 *

 * @param handle flash controller device to configure.

 * @param region The region to operate on.

 * @param enable Enable or disable this `region`.

 * @return `kDifBadArg` if `handle` is null or `region` is invalid, `kDifLocked`

 * if region configuration has been locked, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_data_region_enablement(

    dif_flash_ctrl_state_t *handle, uint32_t region, dif_toggle_t enable);


/**

 * Get the enabled/disabled state for the indicated data `region`.

 *

 * @param handle flash controller device to query.

 * @param region The region in question.

 * @param enabled_out Out-parameter, the enabled/disabled state of this region.

 * @return `kDifBadArg ` if `handle` or `enabled_out` is null, or if `region` is

 * invalid, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_data_region_enablement(

    const dif_flash_ctrl_state_t *handle, uint32_t region,

    dif_toggle_t *enabled_out);


/**

 * Enable/disable the info region of flash identified by `region`.

 *

 * This may only be done if region configuration has not been locked.

 *

 * @param handle flash controller device to configure.

 * @param region The region to operate on.

 * @param enable Enable or disable this `region`.

 * @return `kDifBadArg` if `handle` is null or `region` is invalid, `kDifLocked`

 * if region configuration has been locked, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_info_region_enablement(

    dif_flash_ctrl_state_t *handle, dif_flash_ctrl_info_region_t region,

    dif_toggle_t enable);


/**

 * Get the enabled/disabled state for the indicated info `region`.

 *

 * @param handle flash controller device to query.

 * @param region The region in question.

 * @param enabled_out Out-parameter, the enabled/disabled state of this region.

 * @return `kDifBadArg ` if `handle` or `enabled_out` is null, or if `region` is

 * invalid, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_info_region_enablement(

    const dif_flash_ctrl_state_t *handle, dif_flash_ctrl_info_region_t region,

    dif_toggle_t *enabled_out);


/**

 * Set the default memory properties for data regions, when not overridden by a

 * specific entry in the data region memory properties table.

 *

 * @param handle flash controller device to configure.

 * @param properties The memory properties to control.

 * @return `kDifBadArg` if `handle` is null, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_default_region_properties(

    dif_flash_ctrl_state_t *handle,

    dif_flash_ctrl_region_properties_t properties);


/**

 * Get the default memory properties for data regions, when they are not

 * overridden by a specific entry in the data region memory properties table.

 *

 * @param handle flash controller device to query.

 * @param properties_out Out-parameter, a pointer to a

 * `dif_flash_ctrl_region_properties_t` struct for writing the memory

 * properties.

 * @return `kDifBadArg` if `handle` or `properties_out` are null. `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_default_region_properties(

    const dif_flash_ctrl_state_t *handle,

    dif_flash_ctrl_region_properties_t *properties_out);


/**

 * Set memory properties for the data region of flash indexed by `region`.

 *

 * This may only be done if region configuration has not been locked.

 *

 * @param handle flash controller device to configure.

 * @param region The region to operate on.

 * @param config The memory properties to control for this `region`.

 * @return `kDifBadArg` if `handle` is null or `region` is invalid, `kDifLocked`

 * if region configuration has been locked, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_data_region_properties(

    dif_flash_ctrl_state_t *handle, uint32_t region,

    dif_flash_ctrl_data_region_properties_t config);


/**

 * Get the memory properties for the data region of flash indexed by `region`.

 *

 * @param handle flash controller device to query.

 * @param region The index of the region entry in question.

 * @param config_out Out-parameter, a pointer to a

 * `dif_flash_ctrl_data_region_properties_t` struct for writing the full entry

 * showing the region configuration and its memory properties.

 * @return `kDifBadArg` if `handle` or `properties_out` are null or if `region`

 * is invalid. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_data_region_properties(

    const dif_flash_ctrl_state_t *handle, uint32_t region,

    dif_flash_ctrl_data_region_properties_t *config_out);


/**

 * Set memory properties for the info region of flash identified by `region`.

 *

 * This may only be done if region configuration has not been locked.

 *

 * @param handle flash controller device to configure.

 * @param region The region to operate on.

 * @param properties The memory properties to control for this `region`.

 * @return `kDifBadArg` if `handle` is null or `region` is invalid, `kDifLocked`

 * if region configuration has been locked, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_info_region_properties(

    dif_flash_ctrl_state_t *handle, dif_flash_ctrl_info_region_t region,

    dif_flash_ctrl_region_properties_t properties);


/**

 * Get the memory properties for the info region of flash identified by

 * `region`.

 *

 * @param handle flash controller device to query.

 * @param region The index of the region entry in question.

 * @param properties_out Out-parameter, a pointer to a

 * `dif_flash_ctrl_region_properties_t` struct for writing memory properties

 * associated with the indicated `region`.

 * @return `kDifBadArg` if `handle` or `properties_out` are null or if `region`

 * is invalid. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_info_region_properties(

    const dif_flash_ctrl_state_t *handle, dif_flash_ctrl_info_region_t region,

    dif_flash_ctrl_region_properties_t *properties_out);


/**

 * Lock data region memory properties configuration until the device is reset.

 *

 * This will prevent any further configuration of region properties until device

 * reset. Future calls to functions that set data region memory properties will

 * return `kDifLocked`.

 *

 * @param handle flash controller device to lock region configuration on.

 * @param region The region to lock.

 * @return `kDifBadArg` if `handle` is null, or if `region` is invalid,

 * `kDifLocked` if configuration is already locked, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_lock_data_region_properties(

    dif_flash_ctrl_state_t *handle, uint32_t region);


/**

 * Lock info region memory properties configuration until the device is reset.

 *

 * This will prevent any further configuration of region properties until device

 * reset. Future calls to functions that set info region memory properties will

 * return `kDifLocked`.

 *

 * @param handle flash controller device to lock region configuration on.

 * @param region The region to lock.

 * @return `kDifBadArg` if `handle` is null, or if `region` is invalid,

 * `kDifLocked` if configuration is already locked, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_lock_info_region_properties(

    dif_flash_ctrl_state_t *handle, dif_flash_ctrl_info_region_t region);


/**

 * Query the state of the region configuration lock for the given data `region`

 * entry's index.

 *

 * This function checks if memory region configuration is still enabled or if it

 * has been locked. Once locked, region configuration cannot be enabled again,

 * and all calls to region configuration functions will return `kDifLocked`

 * until the device is restarted.

 *

 * @param handle flash controller device to check the lock state for.

 * @param region The region in question.

 * @param locked_out Out-parameter, the current state of the region's

 * configuration lock.

 * @return `kDifBadArg` if `handle` or `locked_out` is null, or if `region` is

 * invalid, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_data_region_is_locked(

    const dif_flash_ctrl_state_t *handle, uint32_t region, bool *locked_out);


/**

 * Query the state of the region configuration lock for the given info `region`.

 *

 * This function checks if memory region configuration is still enabled or if it

 * has been locked. Once locked, region configuration cannot be enabled again,

 * and all calls to region configuration functions will return `kDifLocked`

 * until the device is restarted.

 *

 * @param handle flash controller device to check the lock state for.

 * @param region The region in question.

 * @param locked_out Out-parameter, the current state of the region's

 * configuration lock.

 * @return `kDifBadArg` if `handle` or `locked_out` is null, or if `region` is

 * invalid, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_info_region_is_locked(

    const dif_flash_ctrl_state_t *handle, dif_flash_ctrl_info_region_t region,

    bool *locked_out);


/**

 * Enable/disable erase operations for a particular flash bank.

 *

 * This may only be done if bank configuration is still enabled.

 *

 * @param handle flash controller device to operate on.

 * @param bank The bank to configure.

 * @param enable Enable/disable erase access for this bank.

 * @return `kDifBadArg` if `handle` is null or `bank` is invalid, `kDifLocked`

 * if bank configuration is locked, and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_bank_erase_enablement(

    dif_flash_ctrl_state_t *handle, uint32_t bank, dif_toggle_t enable);


/**

 * Query the erase permissions for a particular flash bank.

 *

 * @param handle flash controller device to query.

 * @param bank The bank to query.

 * @param enabled_out Out-parameter, the erase permissions for this bank.

 * @return `kDifBadArg` if `handle` or `enabled_out` is null and `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_bank_erase_enablement(

    const dif_flash_ctrl_state_t *handle, uint32_t bank,

    dif_toggle_t *enabled_out);


/**

 * Lock bank configuration until the device is reset.

 *

 * This will prevent any further configuration of memory banks until device

 * reset. Future calls to bank configuration functions will return `kDifLocked`.

 *

 * @param handle flash controller device to lock region configuration on.

 * @return `kDifBadArg` if `handle` is null, `kDifLocked` if already locked,

 * and `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_lock_bank_configuration(

    dif_flash_ctrl_state_t *handle);


/**

 * Query the state of the bank configuration lock.

 *

 * This function checks if memory bank configuration is still enabled or if it

 * has been locked. Once locked, bank configuration cannot be enabled again, and

 * all calls to bank configuration functions will return `kDifLocked` until the

 * device is restarted.

 *

 * @param handle flash controller device to check the lock state for.

 * @param locked_out Out-parameter, the current state of the bank configuration

 * lock.

 * @return `kDifBadArg` if `handle` or `locked_out` is null, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_bank_configuration_is_locked(

    const dif_flash_ctrl_state_t *handle, bool *locked_out);


/**

 * Set the interrupt watermarks for the program FIFO.

 *

 * The value of `level` defines the level the program FIFO must drain to before

 * triggering a `prog_lvl` interrupt.

 *

 * This interrupts will only trigger if enabled through the interrupt API.

 *

 * @param handle flash controller to set FIFO level watermarks for.

 * @param prog Trigger an interrupt when the program FIFO drains to this level.

 * @return `kDifBadArg` if `handle` is null or if the value `level` is out of

 * range, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_prog_fifo_watermark(

    dif_flash_ctrl_state_t *handle, uint32_t level);


/**

 * Set the interrupt watermarks for the read FIFO.

 *

 * The value of `level` defines the level the read FIFO must fill to before

 * triggering a `rd_lvl` interrupt.

 *

 * This interrupt will only trigger if enabled through the interrupt API.

 *

 * @param handle flash controller to set FIFO level watermarks for.

 * @param level Trigger an interrupt when the read FIFO fills to this level.

 * @return `kDifBadArg` if `flash_ctrl` is null or if the value of `prog` is out

 * of range, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_read_fifo_watermark(

    dif_flash_ctrl_state_t *handle, uint32_t level);


/**

 * Get the interrupt watermarks for the program and read FIFOs.

 *

 * @param handle flash controller to get FIFO level watermarks from.

 * @param prog_out Out-parameter, the prog FIFO watermark level. If the prog

 * FIFO empties to this level, a corresponding status bit and possibly an

 * interrupt may be generated. May be null.

 * @param read_out Out-parameter, the read FIFO watermark level. If the read

 * FIFO fills to this level, a corresponding status bit and possibly an

 * interrupt may be generated. May be null.

 * @return `kDifBadArg` if `handle` is null, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_fifo_watermarks(

    const dif_flash_ctrl_state_t *handle, uint32_t *prog_out,

    uint32_t *read_out);


/**

 * Resets both the program and read FIFOs.

 *

 * This is useful in the event of an unexpected error as a means of reseting

 * state.

 *

 * @param handle flash controller device to clear FIFOs on.

 * @return `kDifBadArg` if `handle` is null, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_reset_fifos(dif_flash_ctrl_state_t *handle);


typedef struct dif_flash_ctrl_faults {

  /** The flash hardware interface encountered a memory permission error. */

  bool memory_properties_error : 1;

  /** The flash hardware interface encountered a read data error. */

  bool read_error : 1;

  /** The flash hardware interface encountered a program resolution error. */

  bool prog_window_error : 1;

  /** The flash hardware interface encountered a program type error. */

  bool prog_type_error : 1;

  /** A host transaction was granted with illegal properties. */

  bool host_gnt_error : 1;

  /** The flash controller encountered a register integrity error. */

  bool register_integrity_error : 1;

  /** The flash memory encountered a register integrity error. */

  bool phy_integrity_error : 1;

  /** The lifecycle management interface encountered a fatal error. */

  bool lifecycle_manager_error : 1;

  /** A shadow register encountered a storage fault. */

  bool shadow_storage_error : 1;

} dif_flash_ctrl_faults_t;


/**

 * Gets the unrecoverable or hardware faults.

 *

 * @param handle flash controller device to query

 * @param faults_out Out parameter, a pointer to the location to write the fault

 * values.

 * @return `kDifBadArg` if `handle` or `fault_out` are null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_faults(const dif_flash_ctrl_state_t *handle,

                                       dif_flash_ctrl_faults_t *faults_out);


typedef struct dif_flash_ctrl_ecc_errors {

  /** Count of the number of single-bit ECC errors. */

  uint32_t single_bit_error_count;

  /** The last address that produced a single-bit ECC error. */

  uint32_t last_error_address;

} dif_flash_ctrl_ecc_errors_t;


/**

 * Get the ECC error information for the specified flash `bank`.

 *

 * @param handle The flash controller device to query.

 * @param bank The desired bank to look up errors for.

 * @return `kDifBadArg` if `handle` or `errors_out` are null or if `bank` is

 * invalid. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_ecc_errors(

    const dif_flash_ctrl_state_t *handle, uint32_t bank,

    dif_flash_ctrl_ecc_errors_t *errors_out);


typedef struct dif_flash_ctrl_phy_status {

  /** Flash phy controller is initializing. */

  bool phy_init_wip : 1;

  /** Normal programming is supported. */

  bool prog_normal_available : 1;

  /** Repair programming is supported. */

  bool prog_repair_available : 1;

} dif_flash_ctrl_phy_status_t;


/**

 * Query the status registers on the flash controller.

 *

 * This function checks the various status bits as described in

 * `dif_flash_ctrl_phy_status_t`.

 *

 * @param handle The flash controller device with the desired phy's status bit

 * to check.

 * @param status_out Out-parameter, the current status of the flash phy.

 * @return `kDifBadArg` if `handle` or `status_out` is null, `kDifOk`

 * otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_phy_status(

    const dif_flash_ctrl_state_t *handle,

    dif_flash_ctrl_phy_status_t *status_out);


/**

 * Set the value of the scratch register.

 *

 * @param handle The flash controller device to operate on.

 * @param value The value to set the scratch register to.

 * @return `kDifBadArg` if `handle` is null, `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_set_scratch(dif_flash_ctrl_state_t *handle,

                                        uint32_t value);


/**

 * Get the value of the scratch register.

 *

 * @param handle The flash controller device to query.

 * @param value_out Out parameter. The location to write the scratch register's

 * value to.

 * @return `kDifBadArg` if `handle` or `value_out` are null. `kDifOk` otherwise.

 */

OT_WARN_UNUSED_RESULT

dif_result_t dif_flash_ctrl_get_scratch(const dif_flash_ctrl_state_t *handle,

                                        uint32_t *value_out);


// TODO: PHY alerts, which are separate from the autogenerated alerts.


#ifdef __cplusplus

}  // extern "C"

#endif  // __cplusplus


#endif  // OPENTITAN_SW_DEVICE_LIB_DIF_DIF_FLASH_CTRL_H_