Software APIs
dif_otp_ctrl.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 // DO NOT EDIT THIS FILE DIRECTLY.
5 // It has been generated with ./util/design/gen-otp-mmap.py
6 
7 #ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_OTP_CTRL_H_
8 #define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_OTP_CTRL_H_
9 
10 /**
11  * @file
12  * @brief <a href="/hw/ip/otp_ctrl/doc/">OTP Controller</a> Device Interface
13  * Functions
14  */
15 
16 #include <stdint.h>
17 
18 #include "sw/device/lib/base/macros.h"
19 #include "sw/device/lib/base/mmio.h"
20 #include "sw/device/lib/dif/dif_base.h"
21 
22 #include "sw/device/lib/dif/autogen/dif_otp_ctrl_autogen.h"
23 
24 // Header Extern Guard (so header can be used from C and C++)
25 #ifdef __cplusplus
26 extern "C" {
27 #endif // __cplusplus
28 
29 /**
30  * A partition within OTP memory.
31  */
32 typedef enum dif_otp_ctrl_partition {
33  /**
34  * Vendor test partition.
35  *
36  * This is reserved for manufacturing smoke checks. The OTP wrapper
37  * control logic inside prim_otp is allowed to read/write to this
38  * region. ECC uncorrectable errors seen on the functional prim_otp
39  * interface will not lead to an alert for this partition.
40  * Instead, such errors will be reported as correctable ECC errors.
41  */
42  kDifOtpCtrlPartitionVendorTest,
43  /**
44  * Software configuration partition.
45  *
46  * This is for device-specific calibration data, e.g, clock, LDO, RNG,
47  * and configuration settings set by the ROM.
48  */
49  kDifOtpCtrlPartitionCreatorSwCfg,
50  /**
51  * Software configuration partition.
52  *
53  * This contains data that changes software behavior in the ROM, for
54  * example enabling defensive features in ROM or selecting failure
55  * modes if verification fails.
56  */
57  kDifOtpCtrlPartitionOwnerSwCfg,
58  /**
59  * This OTP partition is used to store four P-256 keys and four Sphincs+ keys.
60  *
61  * The partition requires 464
62  * bytes of software visible storage. The partition is
63  * locked at manufacturing time to protect against
64  * malicious write attempts.
65  */
66  kDifOtpCtrlPartitionRotCreatorAuthCodesign,
67  /**
68  * This OTP partition is used to capture the state of each key slot.
69  *
70  * Each key can be in one of the
71  * following states: BLANK, ENABLED, DISABLED. The
72  * encoded values are such that transitions between
73  * BLANK -> ENABLED -> DISABLED are possible without
74  * causing ECC errors (this is a mechanism similar to
75  * how we manage life cycle state transitions). The
76  * partition is left unlocked to allow STATE updates in
77  * the field. The ROM_EXT is required to lock access to
78  * the OTP Direct Access Interface to prevent DoS
79  * attacks from malicious code executing on Silicon
80  * Owner partitions. DAI write locking is available in
81  * EarlGrey.
82  */
83  kDifOtpCtrlPartitionRotCreatorAuthState,
84  /**
85  * Hardware configuration 0 partition.
86  *
87  * This contains a device identifier and manufacturing state.
88  */
89  kDifOtpCtrlPartitionHwCfg0,
90  /**
91  * Hardware configuration 1 partition.
92  *
93  * This contains several hardware feature switches.
94  */
95  kDifOtpCtrlPartitionHwCfg1,
96  /**
97  * Secret partition 0.
98  *
99  * This contains TEST lifecycle unlock tokens.
100  */
101  kDifOtpCtrlPartitionSecret0,
102  /**
103  * Secret partition 1.
104  *
105  * This contains SRAM and flash scrambling keys.
106  */
107  kDifOtpCtrlPartitionSecret1,
108  /**
109  * Secret partition 2.
110  *
111  * This contains RMA unlock token, creator root key, and creator seed.
112  */
113  kDifOtpCtrlPartitionSecret2,
114  /**
115  * Lifecycle partition.
116  *
117  * This contains lifecycle transition count and state. This partition
118  * cannot be locked since the life cycle state needs to advance to RMA
119  * in-field. Note that while this partition is not marked secret, it
120  * is not readable nor writeable via the DAI. Only the LC controller
121  * can access this partition, and even via the LC controller it is not
122  * possible to read the raw manufacturing life cycle state in encoded
123  * form, since that encoding is considered a netlist secret. The LC
124  * controller only exposes a decoded version of this state.
125  */
126  kDifOtpCtrlPartitionLifeCycle,
127 } dif_otp_ctrl_partition_t;
128 
129 /**
130  * Runtime configuration for OTP.
131  *
132  * This struct describes runtime information for one-time configuration of the
133  * hardware.
134  */
135 typedef struct dif_otp_ctrl_config {
136  /**
137  * The timeout for an integrity or consistency check to succeed, in cycles.
138  *
139  * 100'000 is recommended as a minimum safe value.
140  */
141  uint32_t check_timeout;
142  /**
143  * A mask for the pseudo-random integrity check period.
144  *
145  * The value of this mask limits the period of the integrity check; when the
146  * pseudo-random period is computed, this mask is applied to limit it. For
147  * example, a value of 0x3'ffff would correspond to a maximum period of about
148  * 2.8s at 24MHz.
149  *
150  * A value of zero disables the check.
151  */
152  uint32_t integrity_period_mask;
153  /**
154  * A mask for the pseudo-random consistency check period.
155  *
156  * The value of this mask limits the period of the consistency check; when the
157  * pseudo-random period is computed, this mask is applied to limit it. For
158  * example, a value of 0x3ff'ffff would correspond to a maximum period of
159  * about 716s at 24MHz.
160  *
161  * A value of zero disables the check.
162  */
163  uint32_t consistency_period_mask;
164 } dif_otp_ctrl_config_t;
165 
166 /**
167  * A hardware-level status code.
168  */
169 typedef enum dif_otp_ctrl_status_code {
170  // NOTE: This enum's API *requires* that all "error"-like codes (that is,
171  // those which have associated cause registers) be a prefix of the enum
172  // values.
173  //
174  // Note furthermore that these enum variants are intended as bit indices, so
175  // their values should not be randomized.
176  /**
177  * Indicates an error occurred in the `VendorTest` partition.
178  */
179  kDifOtpCtrlStatusCodeVendorTestError = 0,
180  /**
181  * Indicates an error occurred in the `CreatorSwCfg` partition.
182  */
183  kDifOtpCtrlStatusCodeCreatorSwCfgError,
184  /**
185  * Indicates an error occurred in the `OwnerSwCfg` partition.
186  */
187  kDifOtpCtrlStatusCodeOwnerSwCfgError,
188  /**
189  * Indicates an error occurred in the `RotCreatorAuthCodesign` partition.
190  */
191  kDifOtpCtrlStatusCodeRotCreatorAuthCodesignError,
192  /**
193  * Indicates an error occurred in the `RotCreatorAuthState` partition.
194  */
195  kDifOtpCtrlStatusCodeRotCreatorAuthStateError,
196  /**
197  * Indicates an error occurred in the `HwCfg0` partition.
198  */
199  kDifOtpCtrlStatusCodeHwCfg0Error,
200  /**
201  * Indicates an error occurred in the `HwCfg1` partition.
202  */
203  kDifOtpCtrlStatusCodeHwCfg1Error,
204  /**
205  * Indicates an error occurred in the `Secret0` partition.
206  */
207  kDifOtpCtrlStatusCodeSecret0Error,
208  /**
209  * Indicates an error occurred in the `Secret1` partition.
210  */
211  kDifOtpCtrlStatusCodeSecret1Error,
212  /**
213  * Indicates an error occurred in the `Secret2` partition.
214  */
215  kDifOtpCtrlStatusCodeSecret2Error,
216  /**
217  * Indicates an error occurred in the `LifeCycle` partition.
218  */
219  kDifOtpCtrlStatusCodeLifeCycleError,
220  /**
221  * Indicates an error occurred in the direct access interface.
222  */
223  kDifOtpCtrlStatusCodeDaiError,
224  /**
225  * Indicates an error occurred in the lifecycle interface.
226  */
227  kDifOtpCtrlStatusCodeLciError,
228  /**
229  * This is not a status code; rather, it represents the last error code which
230  * has a corresponding "cause" register.
231  *
232  * See `dif_otp_ctrl_status_t` for information on how to use this.
233  */
234  kDifOtpCtrlStatusCodeHasCauseLast = kDifOtpCtrlStatusCodeLciError,
235  /**
236  * Indicates that an integrity or consistency check has timed out.
237  *
238  * This error is unrecoverable.
239  */
240  kDifOtpCtrlStatusCodeTimeoutError,
241  /**
242  * Indicates that the LFSR that generates pseudo-random integrity and
243  * consistency checks is in a bad state.
244  *
245  * This error is unrecoverable.
246  */
247  kDifOtpCtrlStatusCodeLfsrError,
248  /**
249  * Indicates that the scrambling hardware is in a bad state.
250  *
251  * This error is unrecoverable.
252  */
253  kDifOtpCtrlStatusCodeScramblingError,
254  /**
255  * Indicates that the key derivation hardware is in a bad state.
256  *
257  * This error is unrecoverable.
258  */
259  kDifOtpCtrlStatusCodeKdfError,
260  /**
261  * Indicates a bus integrity error.
262  *
263  * This error will raise an alert.
264  */
265  kDifOtpCtrlStatusCodeBusIntegError,
266  /**
267  * Indicates that the direct access interface is idle.
268  */
269  kDifOtpCtrlStatusCodeDaiIdle,
270  /**
271  * Indicates that an integrity or consistency check is currently pending.
272  */
273  kDifOtpCtrlStatusCodeCheckPending,
274 } dif_otp_ctrl_status_code_t;
275 
276 /**
277  * A hardware-level error code, associated with a particular error defined in
278  * `dif_otp_ctrl_status_t`.
279  */
280 typedef enum dif_otp_ctrl_error {
281  /**
282  * Indicates no error.
283  */
284  kDifOtpCtrlErrorOk,
285  /**
286  * Indicates that an OTP macro command was invalid or did not
287  * complete successfully.
288  *
289  * This error indicates non-recoverable hardware malfunction.
290  */
291  kDifOtpCtrlErrorMacroUnspecified,
292  /**
293  * Indicates a recoverable error during a read operation.
294  *
295  * A followup read should work as expected.
296  */
297  kDifOtpCtrlErrorMacroRecoverableRead,
298  /**
299  * Indicates an unrecoverable error during a read operation.
300  *
301  * This error indicates non-recoverable hardware malfunction.
302  */
303  kDifOtpCtrlErrorMacroUnrecoverableRead,
304  /**
305  * Indicates that the blank write check failed during a write operation.
306  */
307  kDifOtpCtrlErrorMacroBlankCheckFailed,
308  /**
309  * Indicates a locked memory region was accessed.
310  */
311  kDifOtpCtrlErrorLockedAccess,
312  /**
313  * Indicates a parity, integrity or consistency check failed in the buffer
314  * registers.
315  *
316  * This error indicates non-recoverable hardware malfunction.
317  */
318  kDifOtpCtrlErrorBackgroundCheckFailed,
319  /**
320  * Indicates that the FSM of the controller is in a bad state or that the
321  * controller's FSM has been moved into its terminal state due to escalation
322  * via the alert subsystem.
323  *
324  * This error indicates that the device has been glitched by an attacker.
325  */
326  kDifOtpCtrlErrorFsmBadState,
327 } dif_otp_ctrl_error_t;
328 
329 /**
330  * The overall status of the OTP controller.
331  *
332  * See `dif_otp_ctrl_get_status()`.
333  */
334 typedef struct dif_otp_ctrl_status {
335  /**
336  * Currently active statuses, given as a bit vector. To check whether a
337  * particular status code was returned, write
338  *
339  * bool has_code = (status.codes >> kMyStatusCode) & 1;
340  *
341  * Note that it is possible to quickly check that the controller is idle and
342  * error-free by writing
343  *
344  * bool is_ok = status.codes == (1 << kDifOtpStatusCodeDaiIdle);
345  */
346  uint32_t codes;
347  /**
348  * A list of root causes for each error status code.
349  *
350  * If the error status code `error` is present in `codes`, and
351  * `error <= kDifOtpCtrlStatusCodeHasCauseLast`, then `causes[error]`
352  * will contain its root cause.
353  */
354  dif_otp_ctrl_error_t causes[kDifOtpCtrlStatusCodeHasCauseLast + 1];
355 } dif_otp_ctrl_status_t;
356 
357 /**
358  * Configures OTP with runtime information.
359  *
360  * This function should need to be called at most once for the lifetime of
361  * `otp`.
362  *
363  * @param otp An OTP handle.
364  * @param config Runtime configuration parameters.
365  * @return The result of the operation.
366  */
367 OT_WARN_UNUSED_RESULT
368 dif_result_t dif_otp_ctrl_configure(const dif_otp_ctrl_t *otp,
369  dif_otp_ctrl_config_t config);
370 
371 /**
372  * Runs an integrity check on the OTP hardware.
373  *
374  * This function can be used to trigger an integrity check independent of the
375  * pseudo-random hardware-generated checks.
376  *
377  * @param otp An OTP handle.
378  * @return The result of the operation.
379  */
380 OT_WARN_UNUSED_RESULT
381 dif_result_t dif_otp_ctrl_check_integrity(const dif_otp_ctrl_t *otp);
382 
383 /**
384  * Runs a consistency check on the OTP hardware.
385  *
386  * This function can be used to trigger a consistency check independent of the
387  * pseudo-random hardware-generated checks.
388  *
389  * @param otp An OTP handle.
390  * @return The result of the operation.
391  */
392 OT_WARN_UNUSED_RESULT
393 dif_result_t dif_otp_ctrl_check_consistency(const dif_otp_ctrl_t *otp);
394 
395 /**
396  * Locks out access to the direct access interface registers.
397  *
398  * This function is idempotent: calling it while functionality is locked will
399  * have no effect and return `kDifOk`.
400  *
401  * @param otp An OTP handle.
402  * @return The result of the operation.
403  */
404 OT_WARN_UNUSED_RESULT
405 dif_result_t dif_otp_ctrl_dai_lock(const dif_otp_ctrl_t *otp);
406 
407 /**
408  * Checks whether access to the direct access interface is locked.
409  *
410  * Note that besides locking the DAI out until the next reset using the
411  * dif_otp_ctrl_dai_lock function, the DAI is also temporarily locked by the
412  * HW itself when it is busy processing a DAI command. In such a case, the
413  * kDifOtpCtrlStatusCodeDaiIdle status bit will be set to 0 as well.
414  *
415  * @param otp An OTP handle.
416  * @param[out] is_locked Out-param for the locked state.
417  * @return The result of the operation.
418  */
419 OT_WARN_UNUSED_RESULT
420 dif_result_t dif_otp_ctrl_dai_is_locked(const dif_otp_ctrl_t *otp,
421  bool *is_locked);
422 
423 /**
424  * Locks out `dif_otp_ctrl_configure()` function.
425  *
426  * This function is idempotent: calling it while functionality is locked will
427  * have no effect and return `kDifOk`.
428  *
429  * @param otp An OTP handle.
430  * @return The result of the operation.
431  */
432 OT_WARN_UNUSED_RESULT
433 dif_result_t dif_otp_ctrl_lock_config(const dif_otp_ctrl_t *otp);
434 
435 /**
436  * Checks whether `dif_otp_ctrl_configure()` function is locked-out.
437  *
438  * @param otp An OTP handle.
439  * @param[out] is_locked Out-param for the locked state.
440  * @return The result of the operation.
441  */
442 OT_WARN_UNUSED_RESULT
443 dif_result_t dif_otp_ctrl_config_is_locked(const dif_otp_ctrl_t *otp,
444  bool *is_locked);
445 
446 /**
447  * Locks out `dif_otp_ctrl_check_*()` functions.
448  *
449  * This function is idempotent: calling it while functionality is locked will
450  * have no effect and return `kDifOk`.
451  *
452  * @param otp An OTP handle.
453  * @return The result of the operation.
454  */
455 OT_WARN_UNUSED_RESULT
456 dif_result_t dif_otp_ctrl_lock_check_trigger(const dif_otp_ctrl_t *otp);
457 
458 /**
459  * Checks whether the `dif_otp_ctrl_check_*()` functions are locked-out.
460  *
461  * @param otp An OTP handle.
462  * @param[out] is_locked Out-param for the locked state.
463  * @return The result of the operation.
464  */
465 OT_WARN_UNUSED_RESULT
466 dif_result_t dif_otp_ctrl_check_trigger_is_locked(const dif_otp_ctrl_t *otp,
467  bool *is_locked);
468 
469 /**
470  * Locks out reads to a SW partition.
471  *
472  * This function should only be called on SW partitions; doing otherwise will
473  * return an error.
474  *
475  * Note that this is distinct from the write-locking performed by calling
476  * `dif_otp_ctrl_dai_digest()`. In particular, the effects of this function will
477  * not persist past a system reset.
478  *
479  * This function is idempotent: calling it while functionality is locked will
480  * have no effect and return `kDifOk`.
481  *
482  * @param otp An OTP handle.
483  * @param partition The SW partition to lock.
484  * @return The result of the operation.
485  */
486 OT_WARN_UNUSED_RESULT
487 dif_result_t dif_otp_ctrl_lock_reading(const dif_otp_ctrl_t *otp,
488  dif_otp_ctrl_partition_t partition);
489 
490 /**
491  * Checks whether reads to a SW partition are locked out.
492  *
493  * This function should only be called on SW partitions; doing otherwise will
494  * return an error.
495  *
496  * @param otp An OTP handle.
497  * @param partition the SW partition to check for locking.
498  * @param[out] is_locked Out-param for the locked state.
499  * @return The result of the operation.
500  */
501 OT_WARN_UNUSED_RESULT
502 dif_result_t dif_otp_ctrl_reading_is_locked(const dif_otp_ctrl_t *otp,
503  dif_otp_ctrl_partition_t partition,
504  bool *is_locked);
505 
506 /**
507  * Gets the current status of the OTP controller.
508  *
509  * @param otp An OTP handle.
510  * @param[out] status Out-param for the controller's status.
511  * @return The result of the operation.
512  */
513 OT_WARN_UNUSED_RESULT
514 dif_result_t dif_otp_ctrl_get_status(const dif_otp_ctrl_t *otp,
515  dif_otp_ctrl_status_t *status);
516 
517 /**
518  * Calculates a `relative_address` with respect to a `partition` start
519  * address.
520  *
521  * @param partition The partition to use to calculate the reference start
522  * address.
523  * @param abs_address Input address relative to the OTP memory start address.
524  * @param[out] relative_address The result relative address with respect to the
525  * `partition` start address.
526  * @return The result of the operation.
527  */
528 OT_WARN_UNUSED_RESULT
529 dif_result_t dif_otp_ctrl_relative_address(dif_otp_ctrl_partition_t partition,
530  uint32_t abs_address,
531  uint32_t *relative_address);
532 
533 /**
534  * Schedules a read on the Direct Access Interface.
535  *
536  * Reads are performed relative to a partition; `address` should be given
537  * relative to the start of `partition`. An error is returned for out-of-bounds
538  * access.
539  *
540  * Furthermore, `address` must be well-aligned: it must be four-byte aligned for
541  * normal partitions and eight-byte-aligned for secret partitions. An error is
542  * returned for unaligned access.
543  *
544  * @param otp An OTP handle.
545  * @param partition The partition to read from.
546  * @param address A partition-relative address to read from.
547  * @return The result of the operation.
548  */
549 OT_WARN_UNUSED_RESULT
550 dif_result_t dif_otp_ctrl_dai_read_start(const dif_otp_ctrl_t *otp,
551  dif_otp_ctrl_partition_t partition,
552  uint32_t address);
553 
554 /**
555  * Gets the result of a completed 32-bit read operation on the Direct Access
556  * Interface.
557  *
558  * Whether this function or its 64-bit variant should be called is dependent on
559  * the most recent partition read from.
560  *
561  * @param otp An OTP handle.
562  * @param[out] value Out-param for the read value.
563  * @return The result of the operation.
564  */
565 OT_WARN_UNUSED_RESULT
566 dif_result_t dif_otp_ctrl_dai_read32_end(const dif_otp_ctrl_t *otp,
567  uint32_t *value);
568 
569 /**
570  * Gets the result of a completed 64-bit read operation on the Direct Access
571  * Interface.
572  *
573  * Whether this function or its 32-bit variant should be called is dependent on
574  * the most recent partition read from.
575  *
576  * @param otp An OTP handle.
577  * @param[out] value Out-param for the read value.
578  * @return The result of the operation.
579  */
580 OT_WARN_UNUSED_RESULT
581 dif_result_t dif_otp_ctrl_dai_read64_end(const dif_otp_ctrl_t *otp,
582  uint64_t *value);
583 
584 /**
585  * Schedules a 32-bit write on the Direct Access Interface.
586  *
587  * Writes are performed relative to a partition; `address` should be given
588  * relative to the start of `partition`. An error is returned for out-of-bounds
589  * access.
590  *
591  * Furthermore, `address` must be four-byte-aligned, and `partition` must not be
592  * a secret partition. An error is returned if neither condition is met.
593  *
594  * Note that this function cannot be used to program the digest at the end of a
595  * `SW` partition; `dif_otp_ctrl_dai_digest()` must be used instead.
596  *
597  * @param otp An OTP handle.
598  * @param partition The partition to program.
599  * @param address A partition-relative address to program.
600  * @param value The value to program into the OTP.
601  * @return The result of the operation.
602  */
603 OT_WARN_UNUSED_RESULT
604 dif_result_t dif_otp_ctrl_dai_program32(const dif_otp_ctrl_t *otp,
605  dif_otp_ctrl_partition_t partition,
606  uint32_t address, uint32_t value);
607 
608 /**
609  * Schedules a 64-bit write on the Direct Access Interface.
610  *
611  * Writes are performed relative to a partition; `address` should be given
612  * relative to the start of `partition`. An error is returned for out-of-bounds
613  * access.
614  *
615  * Furthermore, `address` must be eight-byte-aligned, and `partition` must be
616  * a secret partition. An error is returned if neither condition is met.
617  *
618  * @param otp An OTP handle.
619  * @param partition The partition to program.
620  * @param address A partition-relative address to program.
621  * @param value The value to program into the OTP.
622  * @return The result of the operation.
623  */
624 OT_WARN_UNUSED_RESULT
625 dif_result_t dif_otp_ctrl_dai_program64(const dif_otp_ctrl_t *otp,
626  dif_otp_ctrl_partition_t partition,
627  uint32_t address, uint64_t value);
628 
629 /**
630  * Schedules a hardware digest operation on the Direct Access Interface.
631  *
632  * **This operation will also lock writes for the given partition.**
633  *
634  * If `partition` is a SW partition, `digest` must be non-zero; if it is a
635  * partition with a hardware-managed digest, `digest` *must* be zero (since the
636  * digest will be generated by the hardware). An error is returned if either
637  * precondition is not met.
638  *
639  * This function does not work with the lifecycle state partition, and will
640  * return an error in that case.
641  *
642  * @param otp An OTP handle.
643  * @param partition The partition to digest and lock.
644  * @param digest The digest to program (for SW partitions).
645  * @return The result of the operation.
646  */
647 OT_WARN_UNUSED_RESULT
648 dif_result_t dif_otp_ctrl_dai_digest(const dif_otp_ctrl_t *otp,
649  dif_otp_ctrl_partition_t partition,
650  uint64_t digest);
651 
652 /**
653  * Checks if the digest value for the given partition has been computed. Once a
654  * digest has been computed for a partition, the partition is write-locked
655  * (additionally, read-locked if the partition is secret).
656  *
657  * The lifecycle partition does not have a digest, and checking if this region
658  * has a computed digest will return an error.
659  *
660  * @param otp An OTP handle.
661  * @param partition The partition to check the digest of.
662  * @param[out] is_computed Indicates if the digest has been computed.
663  * @return The result of the operation.
664  */
665 OT_WARN_UNUSED_RESULT
666 dif_result_t dif_otp_ctrl_is_digest_computed(const dif_otp_ctrl_t *otp,
667  dif_otp_ctrl_partition_t partition,
668  bool *is_computed);
669 
670 /**
671  * Gets the buffered digest value for the given partition.
672  *
673  * Note that this value is only updated when the device is reset; if the digest
674  * has not been computed yet, or has been computed but not since device reset,
675  * this function will return an error.
676  *
677  * The lifecycle partition does not have a digest and will result in an error
678  * being returned.
679  *
680  * @param otp An OTP handle.
681  * @param partition The partition to get a digest for.
682  * @param[out] digest Out-param for the digest.
683  * @return The result of the operation.
684  */
685 OT_WARN_UNUSED_RESULT
686 dif_result_t dif_otp_ctrl_get_digest(const dif_otp_ctrl_t *otp,
687  dif_otp_ctrl_partition_t partition,
688  uint64_t *digest);
689 
690 /**
691  * Performs a memory-mapped read of the given partition, if it supports them.
692  *
693  * In particular, this function will read `len` words, starting at `address`,
694  * relative to the start of `partition`.
695  *
696  * The same caveats for `dif_otp_ctrl_dai_read_start()` apply to `address`; in
697  * addition, `address + len` must also be in-range and must not overflow.
698  *
699  * This function will block until the read completes, unlike Direct Access
700  * Interface functions.
701  *
702  * @param otp An OTP handle.
703  * @param partition The partition to read from.
704  * @param address A partition-relative address to read from.
705  * @param[out] buf A buffer of words to write read values to.
706  * @param len The number of words to read.
707  * @return The result of the operation.
708  */
709 OT_WARN_UNUSED_RESULT
710 dif_result_t dif_otp_ctrl_read_blocking(const dif_otp_ctrl_t *otp,
711  dif_otp_ctrl_partition_t partition,
712  uint32_t address, uint32_t *buf,
713  size_t len);
714 
715 #ifdef __cplusplus
716 } // extern "C"
717 #endif // __cplusplus
718 
719 #endif // OPENTITAN_SW_DEVICE_LIB_DIF_DIF_OTP_CTRL_H_
Return to OpenTitan Documentation