Software APIs
error.h
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_ERROR_H_
6#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_ERROR_H_
7
8#include "sw/device/lib/base/bitfield.h"
9#include "sw/device/lib/base/hardened.h"
10
11#define USING_INTERNAL_STATUS
12#include "sw/device/lib/base/internal/status.h"
13#undef USING_INTERNAL_STATUS
14
15#ifdef __cplusplus
16extern "C" {
17#endif
18
19/**
20 * List of modules which can produce errors.
21 *
22 * Choose a two-letter identifier for each module and encode the module
23 * identifier the concatenated ASCII representation of those letters.
24 */
25#define MODULE_CODE(ch0_, ch1_) ((ch0_) << 8 | (ch1_))
26enum module_ {
27 // clang-format off
28 kModuleUnknown = 0,
29 kModuleAlertHandler = MODULE_CODE('A', 'H'),
30 kModuleSigverify = MODULE_CODE('S', 'V'),
31 kModuleKeymgr = MODULE_CODE('K', 'M'),
32 kModuleManifest = MODULE_CODE('M', 'A'),
33 kModuleRom = MODULE_CODE('M', 'R'),
34 kModuleInterrupt = MODULE_CODE('I', 'R'),
35 kModuleEpmp = MODULE_CODE('E', 'P'),
36 kModuleKmac = MODULE_CODE('K', 'C'),
37 kModuleOtbn = MODULE_CODE('B', 'N'),
38 kModuleFlashCtrl = MODULE_CODE('F', 'C'),
39 kModuleBootPolicy = MODULE_CODE('B', 'P'),
40 kModuleBootstrap = MODULE_CODE('B', 'S'),
41 kModuleLog = MODULE_CODE('L', 'G'),
42 kModuleBootData = MODULE_CODE('B', 'D'),
43 kModuleSpiDevice = MODULE_CODE('S', 'P'),
44 kModuleAst = MODULE_CODE('A', 'S'),
45 kModuleRstmgr = MODULE_CODE('R', 'S'),
46 KModuleRnd = MODULE_CODE('R', 'N'),
47 kModuleBootSvc = MODULE_CODE('B', 'C'),
48 kModuleBootLog = MODULE_CODE('B', 'L'),
49 kModuleRomExt = MODULE_CODE('R', 'E'),
50 kModuleRomExtInterrupt = MODULE_CODE('R', 'I'),
51 kModuleAsn1 = MODULE_CODE('A', '1'),
52 kModuleRetRam = MODULE_CODE('R', 'R'),
53 kModuleXModem = MODULE_CODE('X', 'M'),
54 kModuleRescue = MODULE_CODE('R', 'C'),
55 kModuleCert = MODULE_CODE('C', 'E'),
56 kModuleOwnership = MODULE_CODE('O', 'W'),
57 kModulePersoTlv = MODULE_CODE('P', 'T'),
58 kModuleDice = MODULE_CODE('D', 'C'),
59 kModulePwrmgr = MODULE_CODE('P', 'M'),
60 kModuleGpio = MODULE_CODE('G', 'I'),
61 kModuleUsb = MODULE_CODE('U', 'S'),
62 // clang-format on
63};
64
65/**
66 * Field definitions for the different fields of the error word.
67 */
68#define ROM_ERROR_FIELD_ERROR ((bitfield_field32_t){.mask = 0xFF, .index = 24})
69#define ROM_ERROR_FIELD_MODULE \
70 ((bitfield_field32_t){.mask = 0xFFFF, .index = 8})
71#define ROM_ERROR_FIELD_STATUS ((bitfield_field32_t){.mask = 0xFF, .index = 0})
72
73/**
74 * Helper macro for building up error codes.
75 * @param status_ An appropriate general status code from absl_staus.h.
76 * @param module_ The module identifier which produces this error.
77 * @param error_ The unique error id in that module. Error ids must not
78 * repeat within a module.
79 */
80#define ERROR_(error_, module_, status_) \
81 ((error_ << 24) | (module_ << 8) | (status_))
82
83// clang-format off
84// Use an X-macro to facilitate writing unit tests.
85// Note: This list is extend-only and you may not renumber errors after they
86// have been created. This is required for error-space stability
87// after the ROM is frozen.
88#define DEFINE_ERRORS(X) \
89 X(kErrorOk, 0x739), \
90 X(kErrorWriteBootdataThenReboot, 0x2ea), \
91 X(kErrorNoData, 0x4d7), \
92 X(kErrorUnknown, 0xffffffff), \
93 \
94 X(kErrorSigverifyBadRsaSignature, ERROR_(1, kModuleSigverify, kInvalidArgument)), \
95 X(kErrorSigverifyBadSpxSignature, ERROR_(2, kModuleSigverify, kInvalidArgument)), \
96 X(kErrorSigverifyBadKey, ERROR_(3, kModuleSigverify, kInvalidArgument)), \
97 X(kErrorSigverifyBadRsaKey, ERROR_(4, kModuleSigverify, kInvalidArgument)), \
98 X(kErrorSigverifyBadSpxKey, ERROR_(5, kModuleSigverify, kInvalidArgument)), \
99 X(kErrorSigverifyLargeRsaSignature, ERROR_(6, kModuleSigverify, kInvalidArgument)), \
100 X(kErrorSigverifyBadEcdsaSignature, ERROR_(7, kModuleSigverify, kInvalidArgument)), \
101 X(kErrorSigverifyBadAuthPartition, ERROR_(8, kModuleSigverify, kInvalidArgument)), \
102 X(kErrorSigverifyBadEcdsaKey, ERROR_(9, kModuleSigverify, kInvalidArgument)), \
103 X(kErrorSigverifyBadSpxConfig, ERROR_(10, kModuleSigverify, kInvalidArgument)), \
104 X(kErrorSigverifyEcdsaNotFound, ERROR_(11, kModuleSigverify, kNotFound)), \
105 X(kErrorSigverifySpxNotFound, ERROR_(12, kModuleSigverify, kNotFound)), \
106 \
107 X(kErrorKeymgrInternal, ERROR_(1, kModuleKeymgr, kInternal)), \
108 \
109 X(kErrorManifestBadEntryPoint, ERROR_(1, kModuleManifest, kInternal)), \
110 X(kErrorManifestBadCodeRegion, ERROR_(2, kModuleManifest, kInternal)), \
111 X(kErrorManifestBadSignedRegion, ERROR_(3, kModuleManifest, kInternal)), \
112 X(kErrorManifestBadExtension, ERROR_(4, kModuleManifest, kInternal)), \
113 X(kErrorManifestBadVersionMajor, ERROR_(5, kModuleManifest, kInternal)), \
114 \
115 X(kErrorAlertBadIndex, ERROR_(1, kModuleAlertHandler, kInvalidArgument)), \
116 X(kErrorAlertBadClass, ERROR_(2, kModuleAlertHandler, kInvalidArgument)), \
117 X(kErrorAlertBadEnable, ERROR_(3, kModuleAlertHandler, kInvalidArgument)), \
118 X(kErrorAlertBadEscalation, ERROR_(4, kModuleAlertHandler, kInvalidArgument)), \
119 X(kErrorAlertBadCrc32, ERROR_(5, kModuleAlertHandler, kInvalidArgument)), \
120 \
121 X(kErrorRomBootFailed, ERROR_(1, kModuleRom, kFailedPrecondition)), \
122 X(kErrorRomResetReasonFault, ERROR_(2, kModuleRom, kUnknown)), \
123 X(kErrorRomImmSection, ERROR_(3, kModuleRom, kInvalidArgument)), \
124 \
125 /* The high-byte of kErrorInterrupt is modified with the interrupt cause */ \
126 X(kErrorInterrupt, ERROR_(0, kModuleInterrupt, kUnknown)), \
127 \
128 X(kErrorEpmpBadCheck, ERROR_(1, kModuleEpmp, kInternal)), \
129 \
130 X(kErrorKmacInvalidStatus, ERROR_(1, kModuleKmac, kInternal)), \
131 X(kErrorKmacInvalidKeySize, ERROR_(2, kModuleKmac, kInvalidArgument)), \
132 \
133 X(kErrorOtbnInvalidArgument, ERROR_(1, kModuleOtbn, kInvalidArgument)), \
134 X(kErrorOtbnBadOffsetLen, ERROR_(2, kModuleOtbn, kInvalidArgument)), \
135 X(kErrorOtbnExecutionFailed, ERROR_(3, kModuleOtbn, kInternal)), \
136 X(kErrorOtbnSecWipeImemFailed, ERROR_(4, kModuleOtbn, kInternal)), \
137 X(kErrorOtbnSecWipeDmemFailed, ERROR_(5, kModuleOtbn, kInternal)), \
138 X(kErrorOtbnBadInsnCount, ERROR_(6, kModuleOtbn, kInternal)), \
139 X(kErrorOtbnUnavailable, ERROR_(7, kModuleOtbn, kInternal)), \
140 \
141 X(kErrorFlashCtrlDataRead, ERROR_(1, kModuleFlashCtrl, kInternal)), \
142 X(kErrorFlashCtrlInfoRead, ERROR_(2, kModuleFlashCtrl, kInternal)), \
143 X(kErrorFlashCtrlDataWrite, ERROR_(3, kModuleFlashCtrl, kInternal)), \
144 X(kErrorFlashCtrlInfoWrite, ERROR_(4, kModuleFlashCtrl, kInternal)), \
145 X(kErrorFlashCtrlDataErase, ERROR_(5, kModuleFlashCtrl, kInternal)), \
146 X(kErrorFlashCtrlInfoErase, ERROR_(6, kModuleFlashCtrl, kInternal)), \
147 X(kErrorFlashCtrlDataEraseVerify, ERROR_(7, kModuleFlashCtrl, kInternal)), \
148 \
149 X(kErrorBootPolicyBadIdentifier, ERROR_(1, kModuleBootPolicy, kInternal)), \
150 X(kErrorBootPolicyBadLength, ERROR_(2, kModuleBootPolicy, kInternal)), \
151 X(kErrorBootPolicyRollback, ERROR_(3, kModuleBootPolicy, kInternal)), \
152 \
153 X(kErrorBootstrapEraseAddress, ERROR_(1, kModuleBootstrap, kInvalidArgument)), \
154 X(kErrorBootstrapProgramAddress, ERROR_(2, kModuleBootstrap, kInvalidArgument)), \
155 X(kErrorBootstrapInvalidState, ERROR_(3, kModuleBootstrap, kInvalidArgument)), \
156 X(kErrorBootstrapNotRequested, ERROR_(4, kModuleBootstrap, kInternal)), \
157 X(kErrorBootstrapDisabledRomExt, ERROR_(5, kModuleBootstrap, kInternal)), \
158 \
159 X(kErrorLogBadFormatSpecifier, ERROR_(1, kModuleLog, kInternal)), \
160 \
161 X(kErrorBootDataNotFound, ERROR_(1, kModuleBootData, kInternal)), \
162 X(kErrorBootDataWriteCheck, ERROR_(2, kModuleBootData, kInternal)), \
163 X(kErrorBootDataInvalid, ERROR_(3, kModuleBootData, kInternal)), \
164 \
165 X(kErrorSpiDevicePayloadOverflow, ERROR_(1, kModuleSpiDevice, kInternal)), \
166 \
167 X(kErrorAstInitNotDone, ERROR_(1, kModuleAst, kInternal)), \
168 \
169 X(kErrorRstmgrBadInit, ERROR_(1, kModuleRstmgr, kInternal)), \
170 \
171 X(kErrorRndBadCrc32, ERROR_(1, KModuleRnd, kInvalidArgument)), \
172 \
173 X(kErrorBootSvcBadHeader, ERROR_(1, kModuleBootSvc, kInternal)), \
174 X(kErrorBootSvcBadSlot, ERROR_(2, kModuleBootSvc, kInvalidArgument)), \
175 X(kErrorBootSvcBadSecVer, ERROR_(3, kModuleBootSvc, kInvalidArgument)), \
176 \
177 X(kErrorRomExtBootFailed, ERROR_(1, kModuleRomExt, kFailedPrecondition)), \
178 \
179 X(kErrorXModemTimeoutStart, ERROR_(1, kModuleXModem, kDeadlineExceeded)), \
180 X(kErrorXModemTimeoutPacket, ERROR_(2, kModuleXModem, kDeadlineExceeded)), \
181 X(kErrorXModemTimeoutData, ERROR_(3, kModuleXModem, kDeadlineExceeded)), \
182 X(kErrorXModemTimeoutCrc, ERROR_(4, kModuleXModem, kDeadlineExceeded)), \
183 X(kErrorXModemTimeoutAck, ERROR_(5, kModuleXModem, kDeadlineExceeded)), \
184 X(kErrorXModemCrc, ERROR_(6, kModuleXModem, kDataLoss)), \
185 X(kErrorXModemEndOfFile, ERROR_(7, kModuleXModem, kOutOfRange)), \
186 X(kErrorXModemCancel, ERROR_(8, kModuleXModem, kCancelled)), \
187 X(kErrorXModemUnknown, ERROR_(9, kModuleXModem, kUnknown)), \
188 X(kErrorXModemProtocol, ERROR_(10, kModuleXModem, kInvalidArgument)), \
189 X(kErrorXModemTooManyErrors, ERROR_(11, kModuleXModem, kFailedPrecondition)), \
190 X(kErrorXModemBadLength, ERROR_(12, kModuleXModem, kInvalidArgument)), \
191 \
192 /* The high-byte of kErrorInterrupt is modified with the interrupt cause */ \
193 X(kErrorRomExtInterrupt, ERROR_(0, kModuleRomExtInterrupt, kUnknown)), \
194 \
195 X(kErrorBootLogInvalid, ERROR_(1, kModuleBootLog, kInternal)), \
196 \
197 X(kErrorAsn1Internal, ERROR_(1, kModuleAsn1, kInternal)), \
198 X(kErrorAsn1StartInvalidArgument, ERROR_(2, kModuleAsn1, kInvalidArgument)), \
199 X(kErrorAsn1PushBytesInvalidArgument, ERROR_(3, kModuleAsn1, kInvalidArgument)), \
200 X(kErrorAsn1PushIntegerPadInvalidArgument, ERROR_(4, kModuleAsn1, kInvalidArgument)), \
201 X(kErrorAsn1PushIntegerInvalidArgument, ERROR_(5, kModuleAsn1, kInvalidArgument)), \
202 X(kErrorAsn1FinishBitstringInvalidArgument, ERROR_(6, kModuleAsn1, kInvalidArgument)), \
203 X(kErrorAsn1BufferExhausted, ERROR_(7, kModuleAsn1, kResourceExhausted)), \
204 \
205 X(kErrorRetRamBadVersion, ERROR_(1, kModuleRetRam, kUnknown)), \
206 \
207 X(kErrorRescueReboot, ERROR_(0, kModuleRescue, kInternal)), \
208 X(kErrorRescueBadMode, ERROR_(1, kModuleRescue, kInvalidArgument)), \
209 X(kErrorRescueImageTooBig, ERROR_(2, kModuleRescue, kFailedPrecondition)), \
210 X(kErrorRescueSendStart, ERROR_(4, kModuleRescue, kInternal)), \
211 X(kErrorRescueInactivity, ERROR_(5, kModuleRescue, kDeadlineExceeded)), \
212 \
213 X(kErrorCertInternal, ERROR_(0, kModuleCert, kInternal)), \
214 X(kErrorCertInvalidArgument, ERROR_(1, kModuleCert, kInvalidArgument)), \
215 X(kErrorCertInvalidSize, ERROR_(2, kModuleCert, kDataLoss)), \
216 \
217 X(kErrorOwnershipInvalidNonce, ERROR_(0, kModuleOwnership, kInvalidArgument)), \
218 X(kErrorOwnershipInvalidMode, ERROR_(1, kModuleOwnership, kInvalidArgument)), \
219 X(kErrorOwnershipInvalidSignature, ERROR_(2, kModuleOwnership, kInvalidArgument)), \
220 X(kErrorOwnershipInvalidState, ERROR_(3, kModuleOwnership, kInvalidArgument)), \
221 X(kErrorOwnershipInvalidRequest, ERROR_(4, kModuleOwnership, kInvalidArgument)), \
222 X(kErrorOwnershipInvalidTag, ERROR_(5, kModuleOwnership, kInvalidArgument)), \
223 X(kErrorOwnershipInvalidTagLength, ERROR_(6, kModuleOwnership, kInvalidArgument)), \
224 X(kErrorOwnershipDuplicateItem, ERROR_(7, kModuleOwnership, kAlreadyExists)), \
225 X(kErrorOwnershipFlashConfigLength, ERROR_(8, kModuleOwnership, kOutOfRange)), \
226 X(kErrorOwnershipInvalidInfoPage, ERROR_(9, kModuleOwnership, kInvalidArgument)), \
227 X(kErrorOwnershipBadInfoPage, ERROR_(10, kModuleOwnership, kInternal)), \
228 X(kErrorOwnershipNoOwner, ERROR_(11, kModuleOwnership, kInternal)), \
229 X(kErrorOwnershipKeyNotFound, ERROR_(12, kModuleOwnership, kNotFound)), \
230 X(kErrorOwnershipInvalidDin, ERROR_(13, kModuleOwnership, kInvalidArgument)), \
231 X(kErrorOwnershipUnlockDenied, ERROR_(14, kModuleOwnership, kPermissionDenied)), \
232 X(kErrorOwnershipFlashConfigRomExt, ERROR_(15, kModuleOwnership, kInvalidArgument)), \
233 X(kErrorOwnershipFlashConfigBounds, ERROR_(16, kModuleOwnership, kInvalidArgument)), \
234 X(kErrorOwnershipInvalidAlgorithm, ERROR_(17, kModuleOwnership, kInvalidArgument)), \
235 X(kErrorOwnershipFlashConfigSlots, ERROR_(18, kModuleOwnership, kInvalidArgument)), \
236 X(kErrorOwnershipInvalidRescueBounds, ERROR_(19, kModuleOwnership, kInvalidArgument)), \
237 X(kErrorOwnershipSignatureNotFound, ERROR_(20, kModuleOwnership, kNotFound)), \
238 /* Group all of the ISFB error codes together */ \
239 X(kErrorOwnershipISFBNotPresent, ERROR_(0x60, kModuleOwnership, kNotFound)), \
240 X(kErrorOwnershipISFBProductExpCnt, ERROR_(0x61, kModuleOwnership, kOutOfRange)), \
241 X(kErrorOwnershipISFBStrikeMask, ERROR_(0x62, kModuleOwnership, kPermissionDenied)), \
242 X(kErrorOwnershipISFBProductExp, ERROR_(0x63, kModuleOwnership, kPermissionDenied)), \
243 X(kErrorOwnershipISFBFailed, ERROR_(0x64, kModuleOwnership, kInternal)), \
244 X(kErrorOwnershipISFBPage, ERROR_(0x65, kModuleOwnership, kInvalidArgument)), \
245 X(kErrorOwnershipISFBSize, ERROR_(0x66, kModuleOwnership, kInvalidArgument)), \
246 /* Group all of the tag version error codes together */ \
247 X(kErrorOwnershipOWNRVersion, ERROR_(0x70, kModuleOwnership, kInvalidArgument)), \
248 X(kErrorOwnershipAPPKVersion, ERROR_(0x71, kModuleOwnership, kInvalidArgument)), \
249 X(kErrorOwnershipFLSHVersion, ERROR_(0x72, kModuleOwnership, kInvalidArgument)), \
250 X(kErrorOwnershipINFOVersion, ERROR_(0x73, kModuleOwnership, kInvalidArgument)), \
251 X(kErrorOwnershipRESQVersion, ERROR_(0x74, kModuleOwnership, kInvalidArgument)), \
252 X(kErrorOwnershipISFBVersion, ERROR_(0x75, kModuleOwnership, kInvalidArgument)), \
253 \
254 X(kErrorPersoTlvInternal, ERROR_(0, kModulePersoTlv, kInternal)), \
255 X(kErrorPersoTlvCertObjNotFound, ERROR_(1, kModulePersoTlv, kNotFound)), \
256 X(kErrorPersoTlvCertNameTooLong, ERROR_(2, kModulePersoTlv, kOutOfRange)), \
257 X(kErrorPersoTlvOutputBufTooSmall, ERROR_(3, kModulePersoTlv, kOutOfRange)), \
258 \
259 X(kErrorDiceInternal, ERROR_(0, kModuleDice, kInternal)), \
260 X(kErrorDiceCwtCoseKeyNotFound, ERROR_(1, kModuleDice, kNotFound)), \
261 X(kErrorDiceCwtCoseKeyBadSize, ERROR_(1, kModuleDice, kInternal)), \
262 X(kErrorDiceCwtKeyCoordsNotFound, ERROR_(2, kModuleDice, kNotFound)), \
263 \
264 X(kErrorPwrmgrUnknownRequestSource, ERROR_(1, kModulePwrmgr, kInvalidArgument)), \
265 X(kErrorPwrmgrInvalidRequestType, ERROR_(2, kModulePwrmgr, kInvalidArgument)), \
266 \
267 X(kErrorGpioInvalidPin, ERROR_(0, kModuleGpio, kInvalidArgument)), \
268 X(kErrorUsbBadSetup, ERROR_(0, kModuleUsb, kInvalidArgument)), \
269 X(kErrorUsbBadEndpointNumber, ERROR_(1, kModuleUsb, kInvalidArgument)), \
270 \
271 /* This comment prevent clang from trying to format the macro. */
272
273// clang-format on
274
275#define ERROR_ENUM_INIT(name_, value_) name_ = value_
276
277/**
278 * Unified set of errors for ROM and ROM_EXT.
279 */
280typedef enum rom_error { DEFINE_ERRORS(ERROR_ENUM_INIT) } rom_error_t;
281
282/**
283 * Evaluate an expression and return if the result is an error.
284 *
285 * @param expr_ An expression which results in a `rom_error_t`.
286 */
287#define RETURN_IF_ERROR(expr_) \
288 do { \
289 rom_error_t local_error_ = expr_; \
290 if (local_error_ != kErrorOk) { \
291 return local_error_; \
292 } \
293 } while (false)
294
295/**
296 * Hardened version of `RETURN_IF_ERROR()`.
297 *
298 * See `launder32()` and `HARDENED_CHECK_EQ()` in
299 * `sw/device/lib/base/hardened.h` for more details.
300 *
301 * @param expr_ An expression which results in a `rom_error_t`.
302 */
303#define HARDENED_RETURN_IF_ERROR(expr_) \
304 do { \
305 rom_error_t error_ = expr_; \
306 if (launder32(error_) != kErrorOk) { \
307 return error_; \
308 } \
309 HARDENED_CHECK_EQ(error_, kErrorOk); \
310 } while (false)
311
312#ifdef __cplusplus
313}
314#endif
315#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_ERROR_H_