Software APIs
bootstrap.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/lib/bootstrap.h"
6 
7 #include "dt/dt_gpio.h"
8 #include "sw/device/lib/base/abs_mmio.h"
9 #include "sw/device/lib/base/hardened.h"
10 #include "sw/device/silicon_creator/lib/base/chip.h"
11 #include "sw/device/silicon_creator/lib/drivers/flash_ctrl.h"
12 #include "sw/device/silicon_creator/lib/drivers/otp.h"
13 #include "sw/device/silicon_creator/lib/error.h"
14 
15 #include "flash_ctrl_regs.h"
16 #include "gpio_regs.h"
17 #include "otp_ctrl_regs.h"
18 
19 static const dt_gpio_t kGpioDt = kDtGpio;
20 
21 rom_error_t bootstrap_chip_erase(void) {
22  flash_ctrl_bank_erase_perms_set(kHardenedBoolTrue);
23  rom_error_t err_0 = flash_ctrl_data_erase(0, kFlashCtrlEraseTypeBank);
24  rom_error_t err_1 = flash_ctrl_data_erase(FLASH_CTRL_PARAM_BYTES_PER_BANK,
25  kFlashCtrlEraseTypeBank);
26  flash_ctrl_bank_erase_perms_set(kHardenedBoolFalse);
27 
28  HARDENED_RETURN_IF_ERROR(err_0);
29  return err_1;
30 }
31 
32 rom_error_t bootstrap_erase_verify(void) {
33  rom_error_t err_0 = flash_ctrl_data_erase_verify(0, kFlashCtrlEraseTypeBank);
34  rom_error_t err_1 = flash_ctrl_data_erase_verify(
35  FLASH_CTRL_PARAM_BYTES_PER_BANK, kFlashCtrlEraseTypeBank);
36  HARDENED_RETURN_IF_ERROR(err_0);
37  return err_1;
38 }
39 
40 hardened_bool_t bootstrap_requested(void) {
41  uint32_t bootstrap_dis =
42  otp_read32(OTP_CTRL_PARAM_OWNER_SW_CFG_ROM_BOOTSTRAP_DIS_OFFSET);
43  if (launder32(bootstrap_dis) == kHardenedBoolTrue) {
44  return kHardenedBoolFalse;
45  }
46  HARDENED_CHECK_NE(bootstrap_dis, kHardenedBoolTrue);
47 
48  // A single read is sufficient since we expect strong pull-ups on the strap
49  // pins. We assume pinmux has already been configured (by pinmux_init) to
50  // enable the internal pull-downs on the strap pins. As such, an external
51  // weak pull-up will not be detected as a logic-high.
52  uint32_t res = launder32(kHardenedBoolTrue) ^ SW_STRAP_BOOTSTRAP;
53  res ^= abs_mmio_read32(dt_gpio_primary_reg_block(kGpioDt) +
54  GPIO_DATA_IN_REG_OFFSET) &
55  SW_STRAP_MASK;
56  if (launder32(res) != kHardenedBoolTrue) {
57  return kHardenedBoolFalse;
58  }
59  HARDENED_CHECK_EQ(res, kHardenedBoolTrue);
60  return res;
61 }
62 
63 rom_error_t bootstrap(void) {
64  hardened_bool_t requested = bootstrap_requested();
65  if (launder32(requested) != kHardenedBoolTrue) {
66  return kErrorBootstrapNotRequested;
67  }
68  HARDENED_CHECK_EQ(requested, kHardenedBoolTrue);
69 
70  return enter_bootstrap();
71 }
Return to OpenTitan Documentation