(781a66c116)

Secure Memory-mapped IO functions, for volatile access. More...

#include <stddef.h>
#include <stdint.h>
#include "sw/device/lib/base/macros.h"
#include "sw/device/silicon_creator/lib/error.h"

Go to the source code of this file.

Data Structures
struct	sec_mmio_ctx
	Working context. More...

Macros
#define	SEC_MMIO_WRITE_INCREMENT(value) (sec_mmio_ctx.expected_write_count += (value))
	Increment the expected count of register writes by `value`. More...

#define	SEC_MMIO_ASSERT_WRITE_INCREMENT(enum_val, expected) static_assert(enum_val == expected, "Unexpected value for " #enum_val)
	Assert macro used to cross-reference exported sec_mmio expected write counts to their respective functions.

Typedefs
typedef struct sec_mmio_ctx	sec_mmio_ctx_t
	Working context. More...

Enumerations
enum	{ kSecMmioRegFileSize = 1000 }

Functions
	OT_ASSERT_MEMBER_OFFSET (sec_mmio_ctx_t, last_index, 0)
	The `sec_mmio_ctx_t` structure is accessible by both the ROM and ROM extension. More...

	OT_ASSERT_MEMBER_OFFSET (sec_mmio_ctx_t, write_count, 4)

	OT_ASSERT_MEMBER_OFFSET (sec_mmio_ctx_t, expected_write_count, 8)

	OT_ASSERT_MEMBER_OFFSET (sec_mmio_ctx_t, check_count, 12)

	OT_ASSERT_MEMBER_OFFSET (sec_mmio_ctx_t, values, 16)

	OT_ASSERT_MEMBER_OFFSET (sec_mmio_ctx_t, addrs, 4016)

	OT_ASSERT_SIZE (sec_mmio_ctx_t, 8016)

void	sec_mmio_init (void)
	Initializes the module. More...

void	sec_mmio_next_stage_init (void)
	Executes sec_mmio next boot stage initialization. More...

OT_WARN_UNUSED_RESULT uint32_t	sec_mmio_read32 (uint32_t addr)
	Reads an aligned uint32_t from the MMIO region `addr`. More...

void	sec_mmio_write32 (uint32_t addr, uint32_t value)
	Writes an aligned uint32_t to the MMIO region `base` at the give byte `offset`. More...

void	sec_mmio_write32_shadowed (uint32_t addr, uint32_t value)
	Writes an aligned uint32_t to the MMIO region `base` at the give byte `offset`. More...

void	sec_mmio_check_values (uint32_t rnd_offset)
	Checks the expected list of register values. More...

void	sec_mmio_check_values_except_otp (uint32_t rnd_offset, uint32_t otp_base)
	Checks the expected list of register values except for OTP values. More...

void	sec_mmio_check_counters (uint32_t expected_check_count)
	Checks the expected counter state. More...

Variables
sec_mmio_ctx_t	sec_mmio_ctx

Detailed Description

Secure Memory-mapped IO functions, for volatile access.

This module is responsible for tracking critical register values for an initialized context sec_mmio_ctx_t, and provides a mechanism to evaluate expectations and trigger an exception on fault detection.

Initialization

sec_mmio_init().

Register writes

Perform a number (N) of calls to sec_mmio_write32().
Increment the expected number of writes by N with SEC_MMIO_WRITE_INCREMENT(). This is done using a separate function call to be able to detect skip instruction faults on sec_mmio_write32() calls.

Register reads

Use the sec_mmio_read32().

Expectation checks

See the following:

Definition in file sec_mmio.h.

Data Structure Documentation

◆ sec_mmio_ctx

struct sec_mmio_ctx

Working context.

Contains list of expected register addresses and associated values, as well as expected counters.

Definition at line 63 of file sec_mmio.h.

Data Fields
uint32_t	addrs[kSecMmioRegFileSize]	List of expected register addresses.
uint32_t	check_count	Represents the number of times the check functions have been called. Incremented by the `sec_mmio_check_values()` and the `sec_mmio_check_counters()` functions.
uint32_t	expected_write_count	Represents the expected number of register write operations. Incremented by `SEC_MMIO_WRITE_INCREMENT()`.
uint32_t	last_index	Represents the expected number of register values.
uint32_t	values[kSecMmioRegFileSize]	List of expected register values.
uint32_t	write_count	Represents the number of register write operations. Incremented by the `sec_mmio_write32()` function.

Macro Definition Documentation

◆ SEC_MMIO_WRITE_INCREMENT

#define SEC_MMIO_WRITE_INCREMENT ( value ) (sec_mmio_ctx.expected_write_count += (value))

Increment the expected count of register writes by value.

This macro must be used to increment the number of expected register writes before calling sec_mmio_check_counters().

Parameters

value The expected write count increment.

Definition at line 119 of file sec_mmio.h.

Typedef Documentation

◆ sec_mmio_ctx_t

typedef struct sec_mmio_ctx sec_mmio_ctx_t

Working context.

Contains list of expected register addresses and associated values, as well as expected counters.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Enumerator
kSecMmioRegFileSize	Number of registers stored in the sec_mmio context.

Definition at line 50 of file sec_mmio.h.

Function Documentation

◆ OT_ASSERT_MEMBER_OFFSET()

OT_ASSERT_MEMBER_OFFSET	(	sec_mmio_ctx_t	,
		last_index	,
		0
	)

The sec_mmio_ctx_t structure is accessible by both the ROM and ROM extension.

It's layout is therefore fixed and any changes must be applied to both boot stages.

◆ sec_mmio_check_counters()

void sec_mmio_check_counters ( uint32_t expected_check_count )

Checks the expected counter state.

Checks the expected number of register writes and check counts. An exception is thrown if the counters fail to match expectations.

Calling this function will increment the check function counter on a successful

Parameters

expected_check_count The expected check counter.

Definition at line 172 of file sec_mmio.c.

◆ sec_mmio_check_values()

void sec_mmio_check_values ( uint32_t rnd_offset )

Checks the expected list of register values.

All expected register values are verified against expectations. An exception is thrown if any of the comparison fails.

The rnd_offset parameter can be set to a random value to randomize the order of reads.

Calling this function will increment the check function counter on a successful call.

The rnd_offset parameter can be generated by calling the entropy source or the CSRNG driver.

Parameters

rnd_offset A random value used to generate a random read sequence.

Definition at line 121 of file sec_mmio.c.

◆ sec_mmio_check_values_except_otp()

void sec_mmio_check_values_except_otp	(	uint32_t	rnd_offset,
		uint32_t	otp_base
	)

Checks the expected list of register values except for OTP values.

All expected register values (except OTP) are verified against expectations. An exception is thrown if any of the comparison fails.

The rnd_offset parameter can be set to a random value to randomize the order of reads.

Calling this function will increment the check function counter on a successful call.

The rnd_offset parameter can be generated by calling the entropy source or the CSRNG driver.

Parameters

rnd_offset	A random value used to generate a random read sequence.
otp_base	The base address of the OTP peripheral. The avoided region is 64K in size.

Definition at line 142 of file sec_mmio.c.

◆ sec_mmio_init()

void sec_mmio_init ( void )

Initializes the module.

Initializes the internal sec_mmio_ctx_t context.

Definition at line 56 of file sec_mmio.c.

◆ sec_mmio_next_stage_init()

void sec_mmio_next_stage_init ( void )

Executes sec_mmio next boot stage initialization.

Performs the following operations to the internal sec_mmio_ctx_t context:

Clear the check count. This allows the caller to reset the sec_mmio_check_counters() expected count argument.
Reset all expected address and values in the expectations table starting at the last_index.

Definition at line 75 of file sec_mmio.c.

◆ sec_mmio_read32()

OT_WARN_UNUSED_RESULT uint32_t sec_mmio_read32 ( uint32_t addr )

Reads an aligned uint32_t from the MMIO region addr.

This function implements a read-read-comparison operation. The first read is stored in the list of expected register values for later comparison via sec_mmio_check_values().

An exception is thrown if the comparison operation fails.

Parameters

addr	The address to read from.

Returns: the read value.

Definition at line 89 of file sec_mmio.c.

◆ sec_mmio_write32()

void sec_mmio_write32	(	uint32_t	addr,
		uint32_t	value
	)

Writes an aligned uint32_t to the MMIO region base at the give byte offset.

This function implements a write-read-comparison operation. The first write value is stored in the list of expected register values for later comparison via sec_mmio_check_values().

On successful calls, this function will increment the internal count of writes. The caller is responsible to setting the expected write count with SEC_MMIO_WRITE_INCREMENT().

An exception is thrown if the comparison operation fails.

Parameters

addr	The address to write to.
value	The value to write.

Definition at line 99 of file sec_mmio.c.

◆ sec_mmio_write32_shadowed()

void sec_mmio_write32_shadowed	(	uint32_t	addr,
		uint32_t	value
	)

Writes an aligned uint32_t to the MMIO region base at the give byte offset.

This function implements a write-write-read-comparison operation for shadowed registers. The first write value is stored in the list of expected register values for later comparison via sec_mmio_check_values().

On successful calls, this function will increment the internal count of writes. The caller is responsible to setting the expected write count with SEC_MMIO_WRITE_INCREMENT().

An exception is thrown if the comparison operation fails.

Parameters

addr	The address to write to.
value	The value to write.

Definition at line 109 of file sec_mmio.c.

(781a66c116)

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Detailed Description

Data Structure Documentation

◆ sec_mmio_ctx

Macro Definition Documentation

◆ SEC_MMIO_WRITE_INCREMENT

Typedef Documentation

◆ sec_mmio_ctx_t

Enumeration Type Documentation

◆ anonymous enum

Function Documentation

◆ OT_ASSERT_MEMBER_OFFSET()

◆ sec_mmio_check_counters()

◆ sec_mmio_check_values()

◆ sec_mmio_check_values_except_otp()

◆ sec_mmio_init()

◆ sec_mmio_next_stage_init()

◆ sec_mmio_read32()

◆ sec_mmio_write32()

◆ sec_mmio_write32_shadowed()