 |
Software APIs
|
|
Software APIs
|
Key Manager Device Interface Functions More...
#include <stdint.h>#include "sw/device/lib/base/macros.h"#include "sw/device/lib/base/mmio.h"#include "sw/device/lib/dif/dif_base.h"#include "keymgr_regs.h"#include "sw/device/lib/dif/autogen/dif_keymgr_autogen.h"Go to the source code of this file.
Data Structures | |
| struct | dif_keymgr_config |
| Runtime configuration for key manager. More... | |
| struct | dif_keymgr_state_params |
| Parameters for a key manager state. More... | |
| struct | dif_keymgr_identity_seed_params |
| Parameters for generating an identity seed. More... | |
| struct | dif_keymgr_versioned_key_params |
| Parameters for generating a versioned key. More... | |
| struct | dif_keymgr_output |
| Output of a key manager operation. More... | |
| struct | dif_keymgr_binding_value |
| Attestation and sealing binding value. More... | |
| struct | dif_keymgr_max_key_version |
Typedefs | |
| typedef enum dif_keymgr_sideload_clr | dif_keymgr_sideload_clr_t |
| A typical usage of this library during different secure boot stages is as follows: More... | |
| typedef struct dif_keymgr_config | dif_keymgr_config_t |
| Runtime configuration for key manager. More... | |
| typedef enum dif_keymgr_state | dif_keymgr_state_t |
| Key manager states. More... | |
| typedef enum dif_keymgr_cdi_type | dif_keymgr_cdi_type_t |
| Compound Device Identifier type. More... | |
| typedef struct dif_keymgr_state_params | dif_keymgr_state_params_t |
| Parameters for a key manager state. | |
| typedef enum dif_keymgr_status_code | dif_keymgr_status_code_t |
| Status code bit flags. More... | |
| typedef uint8_t | dif_keymgr_status_codes_t |
| A bit vector of status codes. More... | |
| typedef struct dif_keymgr_identity_seed_params | dif_keymgr_identity_seed_params_t |
| Parameters for generating an identity seed. | |
| typedef enum dif_keymgr_versioned_key_dest | dif_keymgr_versioned_key_dest_t |
| Destination of a versioned key generation operation. More... | |
| typedef struct dif_keymgr_versioned_key_params | dif_keymgr_versioned_key_params_t |
| Parameters for generating a versioned key. | |
| typedef struct dif_keymgr_output | dif_keymgr_output_t |
| Output of a key manager operation. More... | |
| typedef struct dif_keymgr_binding_value | dif_keymgr_binding_value_t |
| Attestation and sealing binding value. | |
| typedef struct dif_keymgr_max_key_version | dif_keymgr_max_key_version_t |
Enumerations | |
| enum | dif_keymgr_sideload_clr { kDifKeyMgrSideLoadClearNone = 0 , kDifKeyMgrSideLoadClearAes = 1 , kDifKeyMgrSideLoadClearKmac = 2 , kDifKeyMgrSideLoadClearOtbn = 3 , kDifKeyMgrSideLoadClearAll = 7 } |
| A typical usage of this library during different secure boot stages is as follows: More... | |
| enum | dif_keymgr_state { kDifKeymgrStateReset , kDifKeymgrStateInitialized , kDifKeymgrStateCreatorRootKey , kDifKeymgrStateOwnerIntermediateKey , kDifKeymgrStateOwnerRootKey , kDifKeymgrStateDisabled , kDifKeymgrStateInvalid } |
| Key manager states. More... | |
| enum | dif_keymgr_cdi_type { kDifKeymgrSealingCdi = KEYMGR_CONTROL_SHADOWED_CDI_SEL_VALUE_SEALING_CDI , kDifKeymgrAttestationCdi } |
| Compound Device Identifier type. More... | |
| enum | dif_keymgr_status_code { kDifKeymgrStatusCodeIdle = 1 << 0 , kDifKeymgrStatusCodeInvalidOperation = 1 << 1 , kDifKeymgrStatusCodeInvalidKmacInput = 1 << 2 , kDifKeymgrStatusCodeInvalidKmacOutput = 1 << 3 , kDifKeymgrStatusCodeInvalidState = 1 << 4 } |
| Status code bit flags. More... | |
| enum | dif_keymgr_versioned_key_dest { kDifKeymgrVersionedKeyDestSw , kDifKeymgrVersionedKeyDestAes , kDifKeymgrVersionedKeyDestKmac , kDifKeymgrVersionedKeyDestOtbn , kDifKeymgrVersionedKeyDestLast = kDifKeymgrVersionedKeyDestOtbn } |
| Destination of a versioned key generation operation. More... | |
Key Manager Device Interface Functions
Definition in file dif_keymgr.h.
| struct dif_keymgr_config |
Runtime configuration for key manager.
This struct describes runtime information for one-time configuration of the hardware.
Definition at line 68 of file dif_keymgr.h.
| struct dif_keymgr_state_params |
Parameters for a key manager state.
Definition at line 198 of file dif_keymgr.h.
| struct dif_keymgr_identity_seed_params |
Parameters for generating an identity seed.
Definition at line 368 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| dif_keymgr_cdi_type_t | cdi_type | Compound Device Identifier type (sealing or attestation). |
| struct dif_keymgr_versioned_key_params |
Parameters for generating a versioned key.
Definition at line 433 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| dif_keymgr_cdi_type_t | cdi_type | Coumpund Device Identifier type (sealing or attestation). |
| dif_keymgr_versioned_key_dest_t | dest |
Destination of the generated versioned key. See also: |
| uint32_t | salt[8] | Salt value to use for key generation. |
| uint32_t | version | Version value to use for key generation. |
| struct dif_keymgr_output |
Output of a key manager operation.
Key manager outputs are in two-shares.
Definition at line 505 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| uint32_t | value[2][8] | |
| struct dif_keymgr_binding_value |
Attestation and sealing binding value.
Definition at line 532 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| uint32_t | attestation[8] | Attestation binding value. |
| uint32_t | sealing[8] | Sealing binding value. |
| struct dif_keymgr_max_key_version |
Definition at line 554 of file dif_keymgr.h.
| Data Fields | ||
|---|---|---|
| uint32_t | creator_max_key_version | Max creator key version. |
| uint32_t | owner_int_max_key_version | Max owner intermediate key version. |
| uint32_t | owner_max_key_version | Max owner key version. |
| typedef enum dif_keymgr_cdi_type dif_keymgr_cdi_type_t |
Compound Device Identifier type.
The key manager supports the DICE open profile consisting of two Compound Device Identifiers (CDI):
In every operational state of the key manager, it is possible to derive either sealing or attestation identifiers, software or hardware keys by setting the CDI_SEL bit in the CONTROL_SHADOWED register.
| typedef struct dif_keymgr_config dif_keymgr_config_t |
Runtime configuration for key manager.
This struct describes runtime information for one-time configuration of the hardware.
| typedef struct dif_keymgr_output dif_keymgr_output_t |
Output of a key manager operation.
Key manager outputs are in two-shares.
| typedef enum dif_keymgr_sideload_clr dif_keymgr_sideload_clr_t |
A typical usage of this library during different secure boot stages is as follows:
dif_keymgr_init().dif_keymgr_configure().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().dif_keymgr_init().dif_keymgr_generate_versioned_key(), dif_keymgr_generate_identity_seed(), dif_keymgr_get_status_codes().dif_keymgr_read_output().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state(). Enumeration for side load slot clearing. | typedef enum dif_keymgr_state dif_keymgr_state_t |
Key manager states.
Key manager has seven states that control its operation. During secure boot, key manager transitions between these states sequentially and these transitions are irreversible until a power cycle.
The secret value of key manager changes at each state transition in a well-defined manner, thus its meaning is tied to the current state of key manager.
The functionality of key manager is directly tied to the life cycle controller peripheral and it is explicitly disabled during specific life cycle stages. If key manager has not been initialized, it cannot be initialized until it is enabled by life cycle controller. If key manager is disabled by life cycle controller while it is in an operational state, it immediately wipes its contents and transitions to Disabled state.
| typedef enum dif_keymgr_status_code dif_keymgr_status_code_t |
Status code bit flags.
See also: dif_keymgr_status_codes_t.
| typedef uint8_t dif_keymgr_status_codes_t |
A bit vector of status codes.
The following snippet can be used to check if key manager is idle:
bool is_idle = (status_codes & kDifKeymgrStatusCodeIdle);
The following snippet can be used to check if key manager is idle and error-free:
bool is_idle_and_ok = (status_codes == kDifKeymgrStatusCodeIdle);
See also: dif_keymgr_status_code_t.
Definition at line 338 of file dif_keymgr.h.
Destination of a versioned key generation operation.
Key manager can make the output of a versioned key generation operation available to software or sideload it directly to a peripheral device. When the destination is a peripheral device, the output of the operation is not visible to software and a different derivation constant is used for each peripheral.
| enum dif_keymgr_cdi_type |
Compound Device Identifier type.
The key manager supports the DICE open profile consisting of two Compound Device Identifiers (CDI):
In every operational state of the key manager, it is possible to derive either sealing or attestation identifiers, software or hardware keys by setting the CDI_SEL bit in the CONTROL_SHADOWED register.
| Enumerator | |
|---|---|
| kDifKeymgrSealingCdi | Sealing CDI. This is the default configuration, corresponding to an unset bit. |
| kDifKeymgrAttestationCdi | Attestation CDI. |
Definition at line 168 of file dif_keymgr.h.
A typical usage of this library during different secure boot stages is as follows:
dif_keymgr_init().dif_keymgr_configure().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state().dif_keymgr_init().dif_keymgr_generate_versioned_key(), dif_keymgr_generate_identity_seed(), dif_keymgr_get_status_codes().dif_keymgr_read_output().dif_keymgr_advance_state(), dif_keymgr_get_status_codes(), dif_keymgr_get_state(). Enumeration for side load slot clearing. Definition at line 51 of file dif_keymgr.h.
| enum dif_keymgr_state |
Key manager states.
Key manager has seven states that control its operation. During secure boot, key manager transitions between these states sequentially and these transitions are irreversible until a power cycle.
The secret value of key manager changes at each state transition in a well-defined manner, thus its meaning is tied to the current state of key manager.
The functionality of key manager is directly tied to the life cycle controller peripheral and it is explicitly disabled during specific life cycle stages. If key manager has not been initialized, it cannot be initialized until it is enabled by life cycle controller. If key manager is disabled by life cycle controller while it is in an operational state, it immediately wipes its contents and transitions to Disabled state.
Definition at line 97 of file dif_keymgr.h.
Status code bit flags.
See also: dif_keymgr_status_codes_t.
Definition at line 300 of file dif_keymgr.h.
Destination of a versioned key generation operation.
Key manager can make the output of a versioned key generation operation available to software or sideload it directly to a peripheral device. When the destination is a peripheral device, the output of the operation is not visible to software and a different derivation constant is used for each peripheral.
| Enumerator | |
|---|---|
| kDifKeymgrVersionedKeyDestSw | Store the generated versioned key in software visible registers. The generated versioned key can be read by calling |
| kDifKeymgrVersionedKeyDestAes | Sideload the generated versioned key to AES device. |
| kDifKeymgrVersionedKeyDestKmac | Sideload the generated versioned key to KMAC device. |
| kDifKeymgrVersionedKeyDestOtbn | Sideload the generated versioned key to Otbn device. |
Definition at line 403 of file dif_keymgr.h.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_advance_state | ( | const dif_keymgr_t * | keymgr, |
| const dif_keymgr_state_params_t * | params | ||
| ) |
Advances key manager state.
This function instructs key manager to transition to the next state, i.e. Reset -> Initialized -> CreatorRootKey -> OwnerIntermediateKey -> OwnerRootKey -> Disabled. Once a state transition starts, key manager locks the control register until the transition is complete. State transitions are irreversible until a power cycle.
The entropy source must be initialized before this function is called. After PoR, key manager is in Reset state with a non-deterministic secret value. The first call to this function after PoR causes key manager to initialize its secret value using the random values generated by the entropy source and transition to Initialized state.
params is required when the next state is an operational state, i.e. CreatorRootKey, OwnerIntermediateKey, or OwnerRootKey. It must be NULL for all other cases.
This is an asynchronous function because key manager state transitions involve KMAC operations that can take some time to complete. Clients must check the status of key manager using dif_keymgr_get_status_codes() before calling other functions in this library.
| keymgr | A key manager handle. |
| params | The binding and max key version value for the next state. |
Definition at line 269 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_advance_state_raw | ( | const dif_keymgr_t * | keymgr | ) |
Advances key manager state without setting any of the required inputs.
This function instructs key manager to transition to the next state, i.e. Reset -> Initialized -> CreatorRootKey -> OwnerIntermediateKey -> OwnerRootKey -> Disabled. Once a state transition starts, key manager locks the control register until the transition is complete. State transitions are irreversible until a power cycle.
This function does not have a dif_keymgr_state_params_t parameter since these inputs are expected to be set before this function is called, e.g. when the chip is using rom as opposed to test_rom. See dif_keymgr_advance_state() if you need to set the binding value and max key version before advancing the state.
The entropy source must be initialized before this function is called. After PoR, key manager is in Reset state with a non-deterministic secret value. The first call to this function after PoR causes key manager to initialize its secret value using the random values generated by the entropy source and transition to Initialized state.
This is an asynchronous function because key manager state transitions involve KMAC operations that can take some time to complete. Clients must check the status of key manager using dif_keymgr_get_status_codes() before calling other functions in this library.
| keymgr | A key manager handle. |
Definition at line 342 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_configure | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_config_t | config | ||
| ) |
Configures key manager with runtime information.
This function should need to be called once for the lifetime of keymgr.
| keymgr | A key manager handle. |
| config | Runtime configuration parameters. |
Definition at line 254 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_disable | ( | const dif_keymgr_t * | keymgr | ) |
Disables key manager.
This function disables key manager until the next power cycle by making it transition to Disabled state. Disabled state is a terminal state where key manager is no longer operational and its secret value is a random value.
| keymgr | A key manager handle. |
Definition at line 361 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_generate_identity_seed | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_identity_seed_params_t | params | ||
| ) |
Generates an identity seed.
This function requests key manager to generate an identity seed using its current secret value. Clients must first verify that the operation was successful using dif_keymgr_get_status_codes() before reading the generated identity seed using dif_keymgr_read_output().
The generated seed can be used to generate an identity using an asymmetric KDF.
| keymgr | A key manager handle. |
| params | Identity seed generation params. |
Definition at line 476 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_generate_versioned_key | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_versioned_key_params_t | params | ||
| ) |
Generates a versioned key.
This function requests key manager to generate a versioned key using its current secret value and the provided parameters. The generated key can be sideloaded directly to a peripheral device or made visible to software using params.dest. If the destination is software, clients must first verify that the operation was successful using dif_keymgr_get_status_codes() before reading the generated key using dif_keymgr_read_output().
| keymgr | A key manager handle. |
| params | Key generation parameters. |
Definition at line 495 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_get_state | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_state_t * | state | ||
| ) |
Gets the current state of key manager.
| keymgr | A key manager handle. | |
| [out] | state | Out-param for current key manager state. |
Definition at line 440 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_get_status_codes | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_status_codes_t * | status_codes | ||
| ) |
Gets the operational status of key manager.
This function also clears OP_STATUS and ERR_CODE registers after reading them.
| keymgr | A key manager handle. | |
| [out] | status_codes | Out-param for key manager status codes. |
Definition at line 380 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_read_binding | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_binding_value_t * | output | ||
| ) |
Reads both the attestation or the binding value set.
| keymgr | A key manager handle. | |
| [out] | output | Value read. |
Definition at line 590 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_read_max_key_version | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_max_key_version_t * | versions | ||
| ) |
Reads the max key version of each stage.
| keymgr | A key manager handle. |
| version | Struct with the max versions set. |
Definition at line 607 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_read_output | ( | const dif_keymgr_t * | keymgr, |
| dif_keymgr_output_t * | output | ||
| ) |
Reads the output of the last key manager operation.
After starting a key manager operation, clients must verify that the operation was successful using dif_keymgr_get_status_codes() before calling this function.
When key manager is used for versioned key generation, the output of this function is valid only if the destination of the operation was kDifKeymgrVersionedKeyDestSw.
See also: dif_keymgr_output_t.
| keymgr | A key manager handle. | |
| [out] | output | Out-param for key manager output. |
Definition at line 574 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_sideload_clear_get_enabled | ( | const dif_keymgr_t * | keymgr, |
| dif_toggle_t * | state | ||
| ) |
Checks whether clearing of sideload keys is enabled or not.
| keymgr | A key manager handle. | |
| [out] | Out-param | for the current toggle state of sideload clear. |
Definition at line 561 of file dif_keymgr.c.
| OT_WARN_UNUSED_RESULT dif_result_t dif_keymgr_sideload_clear_set_enabled | ( | const dif_keymgr_t * | keymgr, |
| dif_toggle_t | state | ||
| ) |
Starts or stops clearing of sideload keys.
When a key is generated to be sideloaded to a hardware peripheral, key manager stores it in a set of storage registers. Calling this function with state set to kDifKeymgrToggleEnabled causes key manager to clear sideload keys continously using random values from the entropty source. Callers must disable clearing of sideload keys to resume normal sideload operation.
| keymgr | A key manager handle. |
| state | The new toggle state for sideload clear. |
Definition at line 546 of file dif_keymgr.c.