Software APIs
keymgr.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_DRIVERS_KEYMGR_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_DRIVERS_KEYMGR_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "sw/device/silicon_creator/lib/error.h"
12 #include "sw/device/silicon_creator/lib/keymgr_binding_value.h"
13 
14 #ifdef __cplusplus
15 extern "C" {
16 #endif
17 
18 /**
19  * Key Manager states.
20  */
21 typedef enum sc_keymgr_state {
22  /**
23  * Key manager control is still in reset. Please wait for initialization
24  * complete before issuing operations
25  */
26  kScKeymgrStateReset,
27  /**
28  * Key manager control has finished initialization and will now accept
29  * software commands.
30  */
31  kScKeymgrStateInit,
32  /**
33  * Key manager control currently contains the creator root key.
34  */
35  kScKeymgrStateCreatorRootKey,
36  /**
37  * Key manager control currently contains the owner intermediate key.
38  */
39  kScKeymgrStateOwnerIntermediateKey,
40  /**
41  * Key manager control currently contains the owner key.
42  */
43  kScKeymgrStateOwnerKey,
44  /**
45  * Key manager currently disabled. Please reset the key manager. Sideload keys
46  * are still valid.
47  */
48  kScKeymgrStateDisabled,
49  /**
50  * Key manager currently invalid. Please reset the key manager. Sideload keys
51  * are no longer valid.
52  */
53  kScKeymgrStateInvalid,
54  /**
55  * This is not a state - it is the total number of states.
56  */
57  kScKeymgrStateNumStates,
58 } sc_keymgr_state_t;
59 
60 enum {
61  /**
62  * Number of 32-bit words for the salt.
63  */
64  kScKeymgrSaltNumWords = 8,
65 };
66 
67 /**
68  * Data used to differentiate a generated keymgr key.
69  */
70 typedef struct sc_keymgr_diversification {
71  /**
72  * Salt value to use for key generation.
73  */
74  uint32_t salt[kScKeymgrSaltNumWords];
75  /**
76  * Version for key generation (anti-rollback protection).
77  */
78  uint32_t version;
79 } sc_keymgr_diversification_t;
80 
81 /**
82  * Destination for key generation.
83  */
84 typedef enum sc_keymgr_dest {
85  kScKeymgrDestNone = 0,
86  kScKeymgrDestAes = 1,
87  kScKeymgrDestKmac = 2,
88  kScKeymgrDestOtbn = 3,
89 } sc_keymgr_dest_t;
90 
91 /**
92  * The following constants represent the expected number of sec_mmio register
93  * writes performed by functions in provided in this module. See
94  * `SEC_MMIO_WRITE_INCREMENT()` for more details.
95  *
96  * Example:
97  * ```
98  * sc_keymgr_sw_binding_set();
99  * SEC_MMIO_WRITE_INCREMENT(kScKeymgrSecMmioSwBindingSet);
100  * ```
101  */
102 enum {
103  kScKeymgrSecMmioEntropyReseedIntervalSet = 1,
104  kScKeymgrSecMmioSwBindingSet = 17,
105  kScKeymgrSecMmioCreatorMaxVerSet = 2,
106  kScKeymgrSecMmioOwnerIntMaxVerSet = 2,
107  kScKeymgrSecMmioOwnerMaxVerSet = 2,
108 };
109 
110 /**
111  * Sets the key manager software binding inputs.
112  *
113  * This function also clears and caches the value of the `SW_BINDING_REGWEN`
114  * register in the `sec_mmio` expectations table. This register is unlocked
115  * after a successful transaction. It is recommended to call
116  * `sc_keymgr_sw_binding_unlock_wait()` after initiating a transition to update
117  * its value in the `sec_mmio` expectations table.
118  *
119  * @param binding_value_sealing Software binding for sealing value.
120  * @param binding_value_attestation Software binding for attestation value.
121  */
122 void sc_keymgr_sw_binding_set(
123  const keymgr_binding_value_t *binding_value_sealing,
124  const keymgr_binding_value_t *binding_value_attestation);
125 
126 /**
127  * Blocks until the software binding registers are unlocked.
128  *
129  * This function can be called after `sc_keymgr_advance_state()` to wait for the
130  * software binding registers to become available for writing and to update the
131  * cached value of `SW_BINDING_REGWEN` register in the `sec_mmio` expectations
132  * table.
133  */
134 void sc_keymgr_sw_binding_unlock_wait(void);
135 
136 /**
137  * Sets the Silicon Creator max key version.
138  *
139  * @param max_key_ver Maximum key version associated with the Silicon Creator
140  * key manager stage.
141  */
142 void sc_keymgr_creator_max_ver_set(uint32_t max_key_ver);
143 
144 /**
145  * Sets the Silicon Owner Intermediate max key version.
146  *
147  * @param max_key_ver Maximum key version associated with the Silicon Owner
148  * Intermediate key manager stage.
149  */
150 void sc_keymgr_owner_int_max_ver_set(uint32_t max_key_ver);
151 
152 /**
153  * Sets the Silicon Owner max key version.
154  *
155  * @param max_key_ver Maximum key version associated with the Silicon Owner
156  * key manager stage.
157  */
158 void sc_keymgr_owner_max_ver_set(uint32_t max_key_ver);
159 
160 /**
161  * Sets the entropy reseed interval of the key manager.
162  *
163  * @param entropy_reseed_interval Number of key manager cycles before the
164  * entropy is reseeded.
165  * @return The result of the operation.
166  */
167 void sc_keymgr_entropy_reseed_interval_set(uint16_t entropy_reseed_interval);
168 
169 /**
170  * Advances the state of the key manager.
171  *
172  * The `sc_keymgr_state_check()` function must be called before this function to
173  * ensure the key manager is in the expected state and ready to receive op
174  * commands.
175  *
176  * The caller is responsible for calling the `sc_keymgr_state_check()` at a
177  * later time to ensure the advance transition completed without errors.
178  *
179  * Note: It is recommended to call `sc_keymgr_sw_binding_unlock_wait()` before
180  * the secure mmio `sec_mmio_check_values()` function to make sure the value of
181  * the `SW_BINDING_REGWEN` register is updated in the secure mmio expectations
182  * table.
183  */
184 void sc_keymgr_advance_state(void);
185 
186 /**
187  * Checks the state of the key manager.
188  *
189  * @param expected_state Expected key manager state.
190  * @return `kErrorOk` if the key manager is in `expected_state` and the status
191  * is idle or success; otherwise returns `kErrorKeymgrInternal`.
192  */
193 OT_WARN_UNUSED_RESULT
194 rom_error_t sc_keymgr_state_check(sc_keymgr_state_t expected_state);
195 
196 /**
197  * Keymgr output-generate key types (attestation or sealing).
198  */
199 typedef enum sc_keymgr_key_type {
200  kScKeymgrKeyTypeAttestation = 0,
201  kScKeymgrKeyTypeSealing = 1,
202 } sc_keymgr_key_type_t;
203 
204 /**
205  * Keymgr ECC key generation descriptor.
206  */
207 typedef struct sc_keymgr_ecc_key {
208  /**
209  * Keymgr key type, either: attestation or sealing.
210  *
211  * Attestation keys are derived from keymgr state that changes when ROM_EXT or
212  * Owner firmware is updated, while Sealing keys remain stable as long as a
213  * device remains under the same ownership and hardware lifecycle state.
214  */
215  sc_keymgr_key_type_t type;
216  /**
217  * Index into the kFlashCtrlInfoPageAttestationKeySeeds flash info page that
218  * holds a seed for generating the ECC key pair.
219  */
220  uint32_t keygen_seed_idx;
221  /**
222  * Pointer to the keymgr diversifier that is used when actuating the keymgr's
223  * "output-generate" function to generate another ECC keygen seed that will be
224  * sideloaded to OTBN.
225  */
226  const sc_keymgr_diversification_t *keymgr_diversifier;
227  /**
228  * Pointer to the keymgr diversifier that is used when actuating the keymgr's
229  */
230  sc_keymgr_state_t required_keymgr_state;
231 } sc_keymgr_ecc_key_t;
232 
233 /**
234  * Generate a key manager key and sideload to the requested block.
235  *
236  * Calls the key manager to sideload a key into the requested hardware block and
237  * waits until the operation is complete before returning. Can sideload an
238  * attestation or sealing key based on user input.
239  *
240  * @param destination: Hardware destination for key material.
241  * @param key_type Key type: attestation or sealing.
242  * @param diversification Diversification input for the key derivation.
243  * @return OK or error.
244  */
245 
246 OT_WARN_UNUSED_RESULT
247 rom_error_t sc_keymgr_generate_key(sc_keymgr_dest_t destination,
248  sc_keymgr_key_type_t key_type,
249  sc_keymgr_diversification_t diversification);
250 
251 /**
252  * Clear the requested sideloaded key slot.
253  *
254  * The entropy complex needs to be initialized before calling this function, so
255  * that keymgr can use it to clear the slot.
256  *
257  * @param destination: Hardware block to clear key material.
258  * @return OK or error.
259  */
260 OT_WARN_UNUSED_RESULT
261 rom_error_t sc_keymgr_sideload_clear(sc_keymgr_dest_t destination);
262 
263 /**
264  * Generate a key manager key and sideload to the OTBN block.
265  *
266  * Calls the key manager to sideload a key into the OTBN hardware block and
267  * waits until the operation is complete before returning. Can sideload an
268  * attestation or sealing key based on user input.
269  *
270  * @param key_type Key type: attestation or sealing.
271  * @param diversification Diversification input for the key derivation.
272  * @return OK or error.
273  */
274 OT_WARN_UNUSED_RESULT
275 inline rom_error_t sc_keymgr_generate_key_otbn(
276  sc_keymgr_key_type_t key_type,
277  sc_keymgr_diversification_t diversification) {
278  return sc_keymgr_generate_key(kScKeymgrDestOtbn, key_type, diversification);
279 }
280 
281 /**
282  * Clear OTBN's sideloaded key slot.
283  *
284  * The entropy complex needs to be initialized before calling this function, so
285  * that keymgr can use it to clear the slot.
286  *
287  * @return OK or error.
288  */
289 OT_WARN_UNUSED_RESULT
290 inline rom_error_t sc_keymgr_sideload_clear_otbn(void) {
291  return sc_keymgr_sideload_clear(kScKeymgrDestOtbn);
292 }
293 
294 /**
295  * Sets the binding registers and advances the keymgr to the
296  * `OwnerIntermediateKey` (CDI_0) key stage.
297  *
298  * Preconditions: keymgr has been initialized and cranked to the
299  * `CreatorRootKey` stage.
300  *
301  * @param attest_binding The attestation binding value to use.
302  * @param sealing_binding The sealing binding value to use.
303  * @param max_key_version Maximum key version associated with the Silicon Owner
304  * Intermediate key manager stage.
305  * @return The result of the operation.
306  */
307 OT_WARN_UNUSED_RESULT
308 rom_error_t sc_keymgr_owner_int_advance(keymgr_binding_value_t *attest_binding,
309  keymgr_binding_value_t *sealing_binding,
310  uint32_t max_key_version);
311 
312 /**
313  * Sets the binding registers and advances the keymgr to the `OwnerKey` (CDI_1)
314  * key stage.
315  *
316  * Preconditions: keymgr has been initialized and cranked to the
317  * `OwnerIntermediateKey` stage.
318  *
319  * @param attest_binding The attestation binding value to use.
320  * @param sealing_binding The sealing binding value to use.
321  * @param max_key_version Maximum key version associated with the Silicon Owner
322  * key manager stage.
323  * @return The result of the operation.
324  */
325 OT_WARN_UNUSED_RESULT
326 rom_error_t sc_keymgr_owner_advance(keymgr_binding_value_t *attest_binding,
327  keymgr_binding_value_t *sealing_binding,
328  uint32_t max_key_version);
329 
330 #ifdef __cplusplus
331 }
332 #endif
333 
334 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_DRIVERS_KEYMGR_H_
Return to OpenTitan Documentation