feat(psa): interface with RSS for retrieving ROTPK
Adding the AP/RSS interface for reading the ROTPK.
The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
where the in_vec indicates which of the 3 ROTPKs we want,
and the out_vec stores the ROTPK value we get back from RSS.
Through this service, we will be able to read any of the 3
ROTPKs used on a CCA platform:
- ROTPK for CCA firmware (BL2, BL31, RMM).
- ROTPK for secure firmware.
- ROTPK for non-secure firmware.
Change-Id: I44c615588235cc797fdf38870b74b4c422be0a72
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
diff --git a/include/lib/psa/rss_platform_api.h b/include/lib/psa/rss_platform_api.h
index 1dd7d05..8f74a51 100644
--- a/include/lib/psa/rss_platform_api.h
+++ b/include/lib/psa/rss_platform_api.h
@@ -11,6 +11,7 @@
#include <stdint.h>
#include "psa/error.h"
+#include <rss_crypto_defs.h>
#define RSS_PLATFORM_API_ID_NV_READ (1010)
#define RSS_PLATFORM_API_ID_NV_INCREMENT (1011)
@@ -41,4 +42,19 @@
rss_platform_nv_counter_read(uint32_t counter_id,
uint32_t size, uint8_t *val);
+/*
+ * Reads the public key or the public part of a key pair in binary format.
+ *
+ * key Identifier of the key to export.
+ * data Buffer where the key data is to be written.
+ * data_size Size of the data buffer in bytes.
+ * data_length On success, the number of bytes that make up the key data.
+ *
+ * PSA_SUCCESS if the value is read correctly. Otherwise,
+ * it returns a PSA_ERROR.
+ */
+psa_status_t
+rss_platform_key_read(enum rss_key_id_builtin_t key, uint8_t *data,
+ size_t data_size, size_t *data_length);
+
#endif /* RSS_PLATFORM_API_H */