Software APIs
sw
device
lib
dif
dif_otp_ctrl.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
// DO NOT EDIT THIS FILE DIRECTLY.
5
// It has been generated with ./util/design/gen-otp-mmap.py
6
7
#ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_OTP_CTRL_H_
8
#define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_OTP_CTRL_H_
9
10
/**
11
* @file
12
* @brief <a href="/hw/ip/otp_ctrl/doc/">OTP Controller</a> Device Interface
13
* Functions
14
*/
15
16
#include <
stdint.h
>
17
18
#include "
sw/device/lib/base/macros.h
"
19
#include "
sw/device/lib/base/mmio.h
"
20
#include "
sw/device/lib/dif/dif_base.h
"
21
22
#include "
sw/device/lib/dif/autogen/dif_otp_ctrl_autogen.h
"
23
24
// Header Extern Guard (so header can be used from C and C++)
25
#ifdef __cplusplus
26
extern
"C"
{
27
#endif
// __cplusplus
28
29
/**
30
* A partition within OTP memory.
31
*/
32
typedef
enum
dif_otp_ctrl_partition
{
33
/**
34
* Vendor test partition.
35
*
36
* This is reserved for manufacturing smoke checks. The OTP wrapper
37
* control logic inside prim_otp is allowed to read/write to this
38
* region. ECC uncorrectable errors seen on the functional prim_otp
39
* interface will not lead to an alert for this partition.
40
* Instead, such errors will be reported as correctable ECC errors.
41
*/
42
kDifOtpCtrlPartitionVendorTest
,
43
/**
44
* Software configuration partition.
45
*
46
* This is for device-specific calibration data, e.g, clock, LDO, RNG,
47
* and configuration settings set by the ROM.
48
*/
49
kDifOtpCtrlPartitionCreatorSwCfg
,
50
/**
51
* Software configuration partition.
52
*
53
* This contains data that changes software behavior in the ROM, for
54
* example enabling defensive features in ROM or selecting failure
55
* modes if verification fails.
56
*/
57
kDifOtpCtrlPartitionOwnerSwCfg
,
58
/**
59
* This OTP partition is used to store four P-256 keys and four Sphincs+ keys.
60
*
61
* The partition requires 464
62
* bytes of software visible storage. The partition is
63
* locked at manufacturing time to protect against
64
* malicious write attempts.
65
*/
66
kDifOtpCtrlPartitionRotCreatorAuthCodesign
,
67
/**
68
* This OTP partition is used to capture the state of each key slot.
69
*
70
* Each key can be in one of the
71
* following states: BLANK, ENABLED, DISABLED. The
72
* encoded values are such that transitions between
73
* BLANK -> ENABLED -> DISABLED are possible without
74
* causing ECC errors (this is a mechanism similar to
75
* how we manage life cycle state transitions). The
76
* partition is left unlocked to allow STATE updates in
77
* the field. The ROM_EXT is required to lock access to
78
* the OTP Direct Access Interface to prevent DoS
79
* attacks from malicious code executing on Silicon
80
* Owner partitions. DAI write locking is available in
81
* EarlGrey.
82
*/
83
kDifOtpCtrlPartitionRotCreatorAuthState
,
84
/**
85
* Hardware configuration 0 partition.
86
*
87
* This contains a device identifier and manufacturing state.
88
*/
89
kDifOtpCtrlPartitionHwCfg0
,
90
/**
91
* Hardware configuration 1 partition.
92
*
93
* This contains several hardware feature switches.
94
*/
95
kDifOtpCtrlPartitionHwCfg1
,
96
/**
97
* Secret partition 0.
98
*
99
* This contains TEST lifecycle unlock tokens.
100
*/
101
kDifOtpCtrlPartitionSecret0
,
102
/**
103
* Secret partition 1.
104
*
105
* This contains SRAM and flash scrambling keys.
106
*/
107
kDifOtpCtrlPartitionSecret1
,
108
/**
109
* Secret partition 2.
110
*
111
* This contains RMA unlock token, creator root key, and creator seed.
112
*/
113
kDifOtpCtrlPartitionSecret2
,
114
/**
115
* Lifecycle partition.
116
*
117
* This contains lifecycle transition count and state. This partition
118
* cannot be locked since the life cycle state needs to advance to RMA
119
* in-field. Note that while this partition is not marked secret, it
120
* is not readable nor writeable via the DAI. Only the LC controller
121
* can access this partition, and even via the LC controller it is not
122
* possible to read the raw manufacturing life cycle state in encoded
123
* form, since that encoding is considered a netlist secret. The LC
124
* controller only exposes a decoded version of this state.
125
*/
126
kDifOtpCtrlPartitionLifeCycle
,
127
}
dif_otp_ctrl_partition_t
;
128
129
/**
130
* Runtime configuration for OTP.
131
*
132
* This struct describes runtime information for one-time configuration of the
133
* hardware.
134
*/
135
typedef
struct
dif_otp_ctrl_config
{
136
/**
137
* The timeout for an integrity or consistency check to succeed, in cycles.
138
*
139
* 100'000 is recommended as a minimum safe value.
140
*/
141
uint32_t
check_timeout
;
142
/**
143
* A mask for the pseudo-random integrity check period.
144
*
145
* The value of this mask limits the period of the integrity check; when the
146
* pseudo-random period is computed, this mask is applied to limit it. For
147
* example, a value of 0x3'ffff would correspond to a maximum period of about
148
* 2.8s at 24MHz.
149
*
150
* A value of zero disables the check.
151
*/
152
uint32_t
integrity_period_mask
;
153
/**
154
* A mask for the pseudo-random consistency check period.
155
*
156
* The value of this mask limits the period of the consistency check; when the
157
* pseudo-random period is computed, this mask is applied to limit it. For
158
* example, a value of 0x3ff'ffff would correspond to a maximum period of
159
* about 716s at 24MHz.
160
*
161
* A value of zero disables the check.
162
*/
163
uint32_t
consistency_period_mask
;
164
}
dif_otp_ctrl_config_t
;
165
166
/**
167
* A hardware-level status code.
168
*/
169
typedef
enum
dif_otp_ctrl_status_code
{
170
// NOTE: This enum's API *requires* that all "error"-like codes (that is,
171
// those which have associated cause registers) be a prefix of the enum
172
// values.
173
//
174
// Note furthermore that these enum variants are intended as bit indices, so
175
// their values should not be randomized.
176
/**
177
* Indicates an error occurred in the `VendorTest` partition.
178
*/
179
kDifOtpCtrlStatusCodeVendorTestError
= 0,
180
/**
181
* Indicates an error occurred in the `CreatorSwCfg` partition.
182
*/
183
kDifOtpCtrlStatusCodeCreatorSwCfgError
,
184
/**
185
* Indicates an error occurred in the `OwnerSwCfg` partition.
186
*/
187
kDifOtpCtrlStatusCodeOwnerSwCfgError
,
188
/**
189
* Indicates an error occurred in the `RotCreatorAuthCodesign` partition.
190
*/
191
kDifOtpCtrlStatusCodeRotCreatorAuthCodesignError
,
192
/**
193
* Indicates an error occurred in the `RotCreatorAuthState` partition.
194
*/
195
kDifOtpCtrlStatusCodeRotCreatorAuthStateError
,
196
/**
197
* Indicates an error occurred in the `HwCfg0` partition.
198
*/
199
kDifOtpCtrlStatusCodeHwCfg0Error
,
200
/**
201
* Indicates an error occurred in the `HwCfg1` partition.
202
*/
203
kDifOtpCtrlStatusCodeHwCfg1Error
,
204
/**
205
* Indicates an error occurred in the `Secret0` partition.
206
*/
207
kDifOtpCtrlStatusCodeSecret0Error
,
208
/**
209
* Indicates an error occurred in the `Secret1` partition.
210
*/
211
kDifOtpCtrlStatusCodeSecret1Error
,
212
/**
213
* Indicates an error occurred in the `Secret2` partition.
214
*/
215
kDifOtpCtrlStatusCodeSecret2Error
,
216
/**
217
* Indicates an error occurred in the `LifeCycle` partition.
218
*/
219
kDifOtpCtrlStatusCodeLifeCycleError
,
220
/**
221
* Indicates an error occurred in the direct access interface.
222
*/
223
kDifOtpCtrlStatusCodeDaiError
,
224
/**
225
* Indicates an error occurred in the lifecycle interface.
226
*/
227
kDifOtpCtrlStatusCodeLciError
,
228
/**
229
* This is not a status code; rather, it represents the last error code which
230
* has a corresponding "cause" register.
231
*
232
* See `dif_otp_ctrl_status_t` for information on how to use this.
233
*/
234
kDifOtpCtrlStatusCodeHasCauseLast
=
kDifOtpCtrlStatusCodeLciError
,
235
/**
236
* Indicates that an integrity or consistency check has timed out.
237
*
238
* This error is unrecoverable.
239
*/
240
kDifOtpCtrlStatusCodeTimeoutError
,
241
/**
242
* Indicates that the LFSR that generates pseudo-random integrity and
243
* consistency checks is in a bad state.
244
*
245
* This error is unrecoverable.
246
*/
247
kDifOtpCtrlStatusCodeLfsrError
,
248
/**
249
* Indicates that the scrambling hardware is in a bad state.
250
*
251
* This error is unrecoverable.
252
*/
253
kDifOtpCtrlStatusCodeScramblingError
,
254
/**
255
* Indicates that the key derivation hardware is in a bad state.
256
*
257
* This error is unrecoverable.
258
*/
259
kDifOtpCtrlStatusCodeKdfError
,
260
/**
261
* Indicates a bus integrity error.
262
*
263
* This error will raise an alert.
264
*/
265
kDifOtpCtrlStatusCodeBusIntegError
,
266
/**
267
* Indicates that the direct access interface is idle.
268
*/
269
kDifOtpCtrlStatusCodeDaiIdle
,
270
/**
271
* Indicates that an integrity or consistency check is currently pending.
272
*/
273
kDifOtpCtrlStatusCodeCheckPending
,
274
}
dif_otp_ctrl_status_code_t
;
275
276
/**
277
* A hardware-level error code, associated with a particular error defined in
278
* `dif_otp_ctrl_status_t`.
279
*/
280
typedef
enum
dif_otp_ctrl_error
{
281
/**
282
* Indicates no error.
283
*/
284
kDifOtpCtrlErrorOk
,
285
/**
286
* Indicates that an OTP macro command was invalid or did not
287
* complete successfully.
288
*
289
* This error indicates non-recoverable hardware malfunction.
290
*/
291
kDifOtpCtrlErrorMacroUnspecified
,
292
/**
293
* Indicates a recoverable error during a read operation.
294
*
295
* A followup read should work as expected.
296
*/
297
kDifOtpCtrlErrorMacroRecoverableRead
,
298
/**
299
* Indicates an unrecoverable error during a read operation.
300
*
301
* This error indicates non-recoverable hardware malfunction.
302
*/
303
kDifOtpCtrlErrorMacroUnrecoverableRead
,
304
/**
305
* Indicates that the blank write check failed during a write operation.
306
*/
307
kDifOtpCtrlErrorMacroBlankCheckFailed
,
308
/**
309
* Indicates a locked memory region was accessed.
310
*/
311
kDifOtpCtrlErrorLockedAccess
,
312
/**
313
* Indicates a parity, integrity or consistency check failed in the buffer
314
* registers.
315
*
316
* This error indicates non-recoverable hardware malfunction.
317
*/
318
kDifOtpCtrlErrorBackgroundCheckFailed
,
319
/**
320
* Indicates that the FSM of the controller is in a bad state or that the
321
* controller's FSM has been moved into its terminal state due to escalation
322
* via the alert subsystem.
323
*
324
* This error indicates that the device has been glitched by an attacker.
325
*/
326
kDifOtpCtrlErrorFsmBadState
,
327
}
dif_otp_ctrl_error_t
;
328
329
/**
330
* The overall status of the OTP controller.
331
*
332
* See `dif_otp_ctrl_get_status()`.
333
*/
334
typedef
struct
dif_otp_ctrl_status
{
335
/**
336
* Currently active statuses, given as a bit vector. To check whether a
337
* particular status code was returned, write
338
*
339
* bool has_code = (status.codes >> kMyStatusCode) & 1;
340
*
341
* Note that it is possible to quickly check that the controller is idle and
342
* error-free by writing
343
*
344
* bool is_ok = status.codes == (1 << kDifOtpStatusCodeDaiIdle);
345
*/
346
uint32_t
codes
;
347
/**
348
* A list of root causes for each error status code.
349
*
350
* If the error status code `error` is present in `codes`, and
351
* `error <= kDifOtpCtrlStatusCodeHasCauseLast`, then `causes[error]`
352
* will contain its root cause.
353
*/
354
dif_otp_ctrl_error_t
causes
[
kDifOtpCtrlStatusCodeHasCauseLast
+ 1];
355
}
dif_otp_ctrl_status_t
;
356
357
/**
358
* Configures OTP with runtime information.
359
*
360
* This function should need to be called at most once for the lifetime of
361
* `otp`.
362
*
363
* @param otp An OTP handle.
364
* @param config Runtime configuration parameters.
365
* @return The result of the operation.
366
*/
367
OT_WARN_UNUSED_RESULT
368
dif_result_t
dif_otp_ctrl_configure
(
const
dif_otp_ctrl_t
*otp,
369
dif_otp_ctrl_config_t
config);
370
371
/**
372
* Runs an integrity check on the OTP hardware.
373
*
374
* This function can be used to trigger an integrity check independent of the
375
* pseudo-random hardware-generated checks.
376
*
377
* @param otp An OTP handle.
378
* @return The result of the operation.
379
*/
380
OT_WARN_UNUSED_RESULT
381
dif_result_t
dif_otp_ctrl_check_integrity
(
const
dif_otp_ctrl_t
*otp);
382
383
/**
384
* Runs a consistency check on the OTP hardware.
385
*
386
* This function can be used to trigger a consistency check independent of the
387
* pseudo-random hardware-generated checks.
388
*
389
* @param otp An OTP handle.
390
* @return The result of the operation.
391
*/
392
OT_WARN_UNUSED_RESULT
393
dif_result_t
dif_otp_ctrl_check_consistency
(
const
dif_otp_ctrl_t
*otp);
394
395
/**
396
* Locks out access to the direct access interface registers.
397
*
398
* This function is idempotent: calling it while functionality is locked will
399
* have no effect and return `kDifOk`.
400
*
401
* @param otp An OTP handle.
402
* @return The result of the operation.
403
*/
404
OT_WARN_UNUSED_RESULT
405
dif_result_t
dif_otp_ctrl_dai_lock
(
const
dif_otp_ctrl_t
*otp);
406
407
/**
408
* Checks whether access to the direct access interface is locked.
409
*
410
* Note that besides locking the DAI out until the next reset using the
411
* dif_otp_ctrl_dai_lock function, the DAI is also temporarily locked by the
412
* HW itself when it is busy processing a DAI command. In such a case, the
413
* kDifOtpCtrlStatusCodeDaiIdle status bit will be set to 0 as well.
414
*
415
* @param otp An OTP handle.
416
* @param[out] is_locked Out-param for the locked state.
417
* @return The result of the operation.
418
*/
419
OT_WARN_UNUSED_RESULT
420
dif_result_t
dif_otp_ctrl_dai_is_locked
(
const
dif_otp_ctrl_t
*otp,
421
bool
*is_locked);
422
423
/**
424
* Locks out `dif_otp_ctrl_configure()` function.
425
*
426
* This function is idempotent: calling it while functionality is locked will
427
* have no effect and return `kDifOk`.
428
*
429
* @param otp An OTP handle.
430
* @return The result of the operation.
431
*/
432
OT_WARN_UNUSED_RESULT
433
dif_result_t
dif_otp_ctrl_lock_config
(
const
dif_otp_ctrl_t
*otp);
434
435
/**
436
* Checks whether `dif_otp_ctrl_configure()` function is locked-out.
437
*
438
* @param otp An OTP handle.
439
* @param[out] is_locked Out-param for the locked state.
440
* @return The result of the operation.
441
*/
442
OT_WARN_UNUSED_RESULT
443
dif_result_t
dif_otp_ctrl_config_is_locked
(
const
dif_otp_ctrl_t
*otp,
444
bool
*is_locked);
445
446
/**
447
* Locks out `dif_otp_ctrl_check_*()` functions.
448
*
449
* This function is idempotent: calling it while functionality is locked will
450
* have no effect and return `kDifOk`.
451
*
452
* @param otp An OTP handle.
453
* @return The result of the operation.
454
*/
455
OT_WARN_UNUSED_RESULT
456
dif_result_t
dif_otp_ctrl_lock_check_trigger
(
const
dif_otp_ctrl_t
*otp);
457
458
/**
459
* Checks whether the `dif_otp_ctrl_check_*()` functions are locked-out.
460
*
461
* @param otp An OTP handle.
462
* @param[out] is_locked Out-param for the locked state.
463
* @return The result of the operation.
464
*/
465
OT_WARN_UNUSED_RESULT
466
dif_result_t
dif_otp_ctrl_check_trigger_is_locked
(
const
dif_otp_ctrl_t
*otp,
467
bool
*is_locked);
468
469
/**
470
* Locks out reads to a SW partition.
471
*
472
* This function should only be called on SW partitions; doing otherwise will
473
* return an error.
474
*
475
* Note that this is distinct from the write-locking performed by calling
476
* `dif_otp_ctrl_dai_digest()`. In particular, the effects of this function will
477
* not persist past a system reset.
478
*
479
* This function is idempotent: calling it while functionality is locked will
480
* have no effect and return `kDifOk`.
481
*
482
* @param otp An OTP handle.
483
* @param partition The SW partition to lock.
484
* @return The result of the operation.
485
*/
486
OT_WARN_UNUSED_RESULT
487
dif_result_t
dif_otp_ctrl_lock_reading
(
const
dif_otp_ctrl_t
*otp,
488
dif_otp_ctrl_partition_t
partition);
489
490
/**
491
* Checks whether reads to a SW partition are locked out.
492
*
493
* This function should only be called on SW partitions; doing otherwise will
494
* return an error.
495
*
496
* @param otp An OTP handle.
497
* @param partition the SW partition to check for locking.
498
* @param[out] is_locked Out-param for the locked state.
499
* @return The result of the operation.
500
*/
501
OT_WARN_UNUSED_RESULT
502
dif_result_t
dif_otp_ctrl_reading_is_locked
(
const
dif_otp_ctrl_t
*otp,
503
dif_otp_ctrl_partition_t
partition,
504
bool
*is_locked);
505
506
/**
507
* Gets the current status of the OTP controller.
508
*
509
* @param otp An OTP handle.
510
* @param[out] status Out-param for the controller's status.
511
* @return The result of the operation.
512
*/
513
OT_WARN_UNUSED_RESULT
514
dif_result_t
dif_otp_ctrl_get_status
(
const
dif_otp_ctrl_t
*otp,
515
dif_otp_ctrl_status_t
*
status
);
516
517
/**
518
* Calculates a `relative_address` with respect to a `partition` start
519
* address.
520
*
521
* @param partition The partition to use to calculate the reference start
522
* address.
523
* @param abs_address Input address relative to the OTP memory start address.
524
* @param[out] relative_address The result relative address with respect to the
525
* `partition` start address.
526
* @return The result of the operation.
527
*/
528
OT_WARN_UNUSED_RESULT
529
dif_result_t
dif_otp_ctrl_relative_address
(
dif_otp_ctrl_partition_t
partition,
530
uint32_t abs_address,
531
uint32_t *relative_address);
532
533
/**
534
* Schedules a read on the Direct Access Interface.
535
*
536
* Reads are performed relative to a partition; `address` should be given
537
* relative to the start of `partition`. An error is returned for out-of-bounds
538
* access.
539
*
540
* Furthermore, `address` must be well-aligned: it must be four-byte aligned for
541
* normal partitions and eight-byte-aligned for secret partitions. An error is
542
* returned for unaligned access.
543
*
544
* @param otp An OTP handle.
545
* @param partition The partition to read from.
546
* @param address A partition-relative address to read from.
547
* @return The result of the operation.
548
*/
549
OT_WARN_UNUSED_RESULT
550
dif_result_t
dif_otp_ctrl_dai_read_start
(
const
dif_otp_ctrl_t
*otp,
551
dif_otp_ctrl_partition_t
partition,
552
uint32_t address);
553
554
/**
555
* Gets the result of a completed 32-bit read operation on the Direct Access
556
* Interface.
557
*
558
* Whether this function or its 64-bit variant should be called is dependent on
559
* the most recent partition read from.
560
*
561
* @param otp An OTP handle.
562
* @param[out] value Out-param for the read value.
563
* @return The result of the operation.
564
*/
565
OT_WARN_UNUSED_RESULT
566
dif_result_t
dif_otp_ctrl_dai_read32_end
(
const
dif_otp_ctrl_t
*otp,
567
uint32_t *value);
568
569
/**
570
* Gets the result of a completed 64-bit read operation on the Direct Access
571
* Interface.
572
*
573
* Whether this function or its 32-bit variant should be called is dependent on
574
* the most recent partition read from.
575
*
576
* @param otp An OTP handle.
577
* @param[out] value Out-param for the read value.
578
* @return The result of the operation.
579
*/
580
OT_WARN_UNUSED_RESULT
581
dif_result_t
dif_otp_ctrl_dai_read64_end
(
const
dif_otp_ctrl_t
*otp,
582
uint64_t *value);
583
584
/**
585
* Schedules a 32-bit write on the Direct Access Interface.
586
*
587
* Writes are performed relative to a partition; `address` should be given
588
* relative to the start of `partition`. An error is returned for out-of-bounds
589
* access.
590
*
591
* Furthermore, `address` must be four-byte-aligned, and `partition` must not be
592
* a secret partition. An error is returned if neither condition is met.
593
*
594
* Note that this function cannot be used to program the digest at the end of a
595
* `SW` partition; `dif_otp_ctrl_dai_digest()` must be used instead.
596
*
597
* @param otp An OTP handle.
598
* @param partition The partition to program.
599
* @param address A partition-relative address to program.
600
* @param value The value to program into the OTP.
601
* @return The result of the operation.
602
*/
603
OT_WARN_UNUSED_RESULT
604
dif_result_t
dif_otp_ctrl_dai_program32
(
const
dif_otp_ctrl_t
*otp,
605
dif_otp_ctrl_partition_t
partition,
606
uint32_t address, uint32_t value);
607
608
/**
609
* Schedules a 64-bit write on the Direct Access Interface.
610
*
611
* Writes are performed relative to a partition; `address` should be given
612
* relative to the start of `partition`. An error is returned for out-of-bounds
613
* access.
614
*
615
* Furthermore, `address` must be eight-byte-aligned, and `partition` must be
616
* a secret partition. An error is returned if neither condition is met.
617
*
618
* @param otp An OTP handle.
619
* @param partition The partition to program.
620
* @param address A partition-relative address to program.
621
* @param value The value to program into the OTP.
622
* @return The result of the operation.
623
*/
624
OT_WARN_UNUSED_RESULT
625
dif_result_t
dif_otp_ctrl_dai_program64
(
const
dif_otp_ctrl_t
*otp,
626
dif_otp_ctrl_partition_t
partition,
627
uint32_t address, uint64_t value);
628
629
/**
630
* Schedules a hardware digest operation on the Direct Access Interface.
631
*
632
* **This operation will also lock writes for the given partition.**
633
*
634
* If `partition` is a SW partition, `digest` must be non-zero; if it is a
635
* partition with a hardware-managed digest, `digest` *must* be zero (since the
636
* digest will be generated by the hardware). An error is returned if either
637
* precondition is not met.
638
*
639
* This function does not work with the lifecycle state partition, and will
640
* return an error in that case.
641
*
642
* @param otp An OTP handle.
643
* @param partition The partition to digest and lock.
644
* @param digest The digest to program (for SW partitions).
645
* @return The result of the operation.
646
*/
647
OT_WARN_UNUSED_RESULT
648
dif_result_t
dif_otp_ctrl_dai_digest
(
const
dif_otp_ctrl_t
*otp,
649
dif_otp_ctrl_partition_t
partition,
650
uint64_t digest);
651
652
/**
653
* Checks if the digest value for the given partition has been computed. Once a
654
* digest has been computed for a partition, the partition is write-locked
655
* (additionally, read-locked if the partition is secret).
656
*
657
* The lifecycle partition does not have a digest, and checking if this region
658
* has a computed digest will return an error.
659
*
660
* @param otp An OTP handle.
661
* @param partition The partition to check the digest of.
662
* @param[out] is_computed Indicates if the digest has been computed.
663
* @return The result of the operation.
664
*/
665
OT_WARN_UNUSED_RESULT
666
dif_result_t
dif_otp_ctrl_is_digest_computed
(
const
dif_otp_ctrl_t
*otp,
667
dif_otp_ctrl_partition_t
partition,
668
bool
*is_computed);
669
670
/**
671
* Gets the buffered digest value for the given partition.
672
*
673
* Note that this value is only updated when the device is reset; if the digest
674
* has not been computed yet, or has been computed but not since device reset,
675
* this function will return an error.
676
*
677
* The lifecycle partition does not have a digest and will result in an error
678
* being returned.
679
*
680
* @param otp An OTP handle.
681
* @param partition The partition to get a digest for.
682
* @param[out] digest Out-param for the digest.
683
* @return The result of the operation.
684
*/
685
OT_WARN_UNUSED_RESULT
686
dif_result_t
dif_otp_ctrl_get_digest
(
const
dif_otp_ctrl_t
*otp,
687
dif_otp_ctrl_partition_t
partition,
688
uint64_t *digest);
689
690
/**
691
* Performs a memory-mapped read of the given partition, if it supports them.
692
*
693
* In particular, this function will read `len` words, starting at `address`,
694
* relative to the start of `partition`.
695
*
696
* The same caveats for `dif_otp_ctrl_dai_read_start()` apply to `address`; in
697
* addition, `address + len` must also be in-range and must not overflow.
698
*
699
* This function will block until the read completes, unlike Direct Access
700
* Interface functions.
701
*
702
* @param otp An OTP handle.
703
* @param partition The partition to read from.
704
* @param address A partition-relative address to read from.
705
* @param[out] buf A buffer of words to write read values to.
706
* @param len The number of words to read.
707
* @return The result of the operation.
708
*/
709
OT_WARN_UNUSED_RESULT
710
dif_result_t
dif_otp_ctrl_read_blocking
(
const
dif_otp_ctrl_t
*otp,
711
dif_otp_ctrl_partition_t
partition,
712
uint32_t address, uint32_t *buf,
713
size_t
len);
714
715
#ifdef __cplusplus
716
}
// extern "C"
717
#endif
// __cplusplus
718
719
#endif
// OPENTITAN_SW_DEVICE_LIB_DIF_DIF_OTP_CTRL_H_
Return to
OpenTitan Documentation