Software APIs
personalize.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_MANUF_LIB_PERSONALIZE_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_MANUF_LIB_PERSONALIZE_H_
7 
8 #include "sw/device/lib/base/status.h"
9 #include "sw/device/lib/dif/dif_flash_ctrl.h"
10 #include "sw/device/lib/dif/dif_lc_ctrl.h"
11 #include "sw/device/lib/dif/dif_otp_ctrl.h"
12 #include "sw/device/lib/testing/json/provisioning_data.h"
13 #include "sw/device/silicon_creator/manuf/lib/flash_info_fields.h"
14 
15 #include "otp_ctrl_regs.h" // Generated.
16 
17 /**
18  * Configures the SECRET1 OTP partition.
19  *
20  * The SECRET1 partition contains the Flash and SRAM scrambling seeds for the
21  * device.
22  *
23  * Preconditions:
24  * - Device has SW CSRNG data access (configured in HW_CFG0 parition).
25  *
26  * Note: The test will skip all programming steps and succeed if the SECRET1
27  * parition is already locked. This is to facilitate test re-runs.
28  *
29  * The caller should reset the device after calling this function and call
30  * `manuf_personalize_device_secret1_check()` afterwards to confirm that the
31  * OTP partition was successfully locked.
32  *
33  * @param lc_ctrl Lifecycle controller instance.
34  * @param otp_ctrl OTP controller instance.
35  * @return OK_STATUS on success.
36  */
37 status_t manuf_personalize_device_secret1(const dif_lc_ctrl_t *lc_ctrl,
38  const dif_otp_ctrl_t *otp_ctrl);
39 
40 /**
41  * Checks the SECRET1 OTP partition end state.
42  *
43  * @param otp_ctrl OTP controller interface.
44  * @return OK_STATUS if the SECRET1 partition is locked.
45  */
46 status_t manuf_personalize_device_secret1_check(const dif_otp_ctrl_t *otp_ctrl);
47 
48 /**
49  * Personalize device with unique secrets.
50  *
51  * The device is provisioned with a unique set of secrets, which are hidden from
52  * software. These secrets include both:
53  *
54  * 1. roots of the key derivation function in the key manager,
55  * a. CreatorSeed (Flash - Info Page)
56  * b. OwnerSeed (Flash - Info Page)
57  * c. RootKey (OTP - SECRET2 Partition)
58  * 2. the RMA unlock token (OTP - SECRET2 Partition)
59  *
60  * Preconditions:
61  * - Device has SW CSRNG data access (configured in HW_CFG0 parition).
62  *
63  * Note: The test will skip all programming steps and succeed if the SECRET2
64  * partition is already locked. This is to facilitate test re-runs.
65  *
66  * The caller should reset the device after calling this function.
67  *
68  * @param flash_state Flash controller instance.
69  * @param lc_ctrl Lifecycle controller instance.
70  * @param otp_ctrl OTP controller instance.
71  * @param rma_unlock_token_hash Pointer to the hashed RMA unlock token.
72  * @return OK_STATUS on success.
73  */
74 status_t manuf_personalize_device_secrets(
75  dif_flash_ctrl_state_t *flash_state, const dif_lc_ctrl_t *lc_ctrl,
76  const dif_otp_ctrl_t *otp_ctrl,
77  const lc_token_hash_t *rma_unlock_token_hash);
78 
79 /**
80  * Personalize device with an asymmetric keygen seed.
81  *
82  * The device is provisioned with a unique seed (extracted from a CSRNG
83  * instance) in the provided flash info page field that can be used at runtime
84  * to generate an asymmetric (e.g., ECDSA) key pair.
85  *
86  * Preconditions:
87  * - Device has SW CSRNG data access (configured in HW_CFG0 parition).
88  * - Device has initialized the entropy complex.
89  *
90  * @param flash_state Flash controller instance.
91  * @param field Info flash field location information.
92  * @param len The number of uint32_t words to program starting at the beginning
93  * of the target flash info field.
94  * @return OK_STATUS on success.
95  */
96 status_t manuf_personalize_flash_asymm_key_seed(
97  dif_flash_ctrl_state_t *flash_state, flash_info_field_t field, size_t len);
98 
99 /**
100  * Checks the device personalization end state.
101  *
102  * When personalization is complete, OTP SECRET2 partition should be locked.
103  *
104  * @param otp_ctrl OTP controller instance.
105  * @return OK_STATUS if the SECRET2 OTP partition is locked.
106  */
107 status_t manuf_personalize_device_secrets_check(const dif_otp_ctrl_t *otp_ctrl);
108 
109 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_MANUF_LIB_PERSONALIZE_H_
Return to OpenTitan Documentation