Software APIs
sigverify_keys_spx.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/rom/sigverify_keys_spx.h"
6 
7 #include "sw/device/silicon_creator/lib/sigverify/spx_verify.h"
8 #include "sw/device/silicon_creator/rom/sigverify_otp_keys.h"
9 
10 #include "otp_ctrl_regs.h"
11 
12 rom_error_t sigverify_spx_key_get(const sigverify_otp_key_ctx_t *sigverify_ctx,
13  uint32_t key_id, lifecycle_state_t lc_state,
14  const sigverify_spx_key_t **key,
15  sigverify_spx_config_id_t *config) {
16  *key = NULL;
17  *config = 0;
18  uint32_t spx_en = sigverify_spx_verify_enabled(lc_state);
19  rom_error_t error = kErrorSigverifyBadSpxKey;
20 
21  if (launder32(spx_en) != kSigverifySpxDisabledOtp) {
22  const sigverify_rom_key_header_t *rom_key = NULL;
23  error = sigverify_otp_keys_get(
24  (sigverify_otp_keys_get_params_t){
25  .key_id = key_id,
26  .lc_state = lc_state,
27  .key_array =
28  (const sigverify_rom_key_header_t *)(sigverify_ctx->keys.spx),
29  .key_cnt = kSigVerifyOtpKeysSpxCount,
30  .key_size = sizeof(sigverify_rom_spx_key_t),
31  .key_states = (uint32_t *)&sigverify_ctx->states.spx[0],
32  },
33  &rom_key);
34  if (error == kErrorOk) {
35  *key = &((const sigverify_rom_spx_key_t *)rom_key)->entry.key;
36  *config = ((const sigverify_rom_spx_key_t *)rom_key)->entry.config_id;
37  }
38  } else {
39  HARDENED_CHECK_EQ(spx_en, kSigverifySpxDisabledOtp);
40  error = sigverify_spx_success_to_ok(spx_en);
41  }
42 
43  if (error != kErrorOk) {
44  return kErrorSigverifyBadSpxKey;
45  }
46  return error;
47 }
Return to OpenTitan Documentation