Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / fb6237e62c6f43b01a31de2aa9fa4032f7f3cd6d / . / include / lib / psa / dice_protection_environment.h
blob: ddf9aa7be88e2a3b25ad0b10c1544c01158e1680 [file] [log] [blame]
Tamas Banfb6237e2023-06-06 13:41:14 +0200[diff] [blame^]1/*
2 * Copyright (c) 2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#ifndef DICE_PROTECTION_ENVIRONMENT_H
9#define DICE_PROTECTION_ENVIRONMENT_H
10
11#include <stdbool.h>
12#include <stddef.h>
13#include <stdint.h>
14
15#include <dice.h>
16
17/* Additional defines for max size limit. These limits are set by DPE in RSS. */
18#define DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE 64
19#define DICE_CONFIG_DESCRIPTOR_MAX_SIZE 64
20#define DICE_CODE_DESCRIPTOR_MAX_SIZE 32
21
22typedef int32_t dpe_error_t;
23
24#define DPE_NO_ERROR ((dpe_error_t)0)
25#define DPE_INTERNAL_ERROR ((dpe_error_t)1)
26#define DPE_INVALID_COMMAND ((dpe_error_t)2)
27#define DPE_INVALID_ARGUMENT ((dpe_error_t)3)
28#define DPE_ARGUMENT_NOT_SUPPORTED ((dpe_error_t)4)
29#define DPE_SESSION_EXHAUSTED ((dpe_error_t)5)
30
31/* Custom values in RSS based DPE implementation */
32#define DPE_INSUFFICIENT_MEMORY ((dpe_error_t)128)
33#define DPE_ERR_CBOR_FORMATTING ((dpe_error_t)129)
34
35/**
36 * Client facing API. Parameters are according to the DPE spec version r0.9
37 *
38 * \brief Performs the DICE computation to derive a new context and optionally
39 * creates an intermediate certificate. Software component measurement
40 * must be provided in dice_inputs.
41 *
42 * \param[in] context_handle Input context handle for the DPE
43 * context.
44 * \param[in] retain_parent_context Flag to indicate whether to retain the
45 * parent context. True only if a client
46 * will call further DPE commands on the
47 * same context.
48 * \param[in] allow_new_context_to_derive Flag to indicate whether derived context
49 * can derive further. True only if the
50 * new context will load further components.
51 * \param[in] create_certificate Flag to indicate whether to create an
52 * intermediate certificate. True only if
53 * it is the last component in the layer.
54 * \param[in] dice_inputs DICE input values.
55 * \param[in] target_locality Identifies the locality to which the
56 * derived context will be bound. Could be
57 * MHU id.
58 * \param[in] return_certificate Indicates whether to return the generated
59 * certificate when create_certificate is true.
60 * \param[in] allow_new_context_to_export Indicates whether the DPE permits export of
61 * the CDI from the newly derived context.
62 * \param[in] export_cdi Indicates whether to export derived CDI.
63 * \param[out] new_context_handle New handle for the derived context.
64 * \param[out] new_parent_context_handle New handle for the parent context.
65 * \param[out] new_certificate_buf If create_certificate and return_certificate
66 * are both true, this argument holds the new
67 * certificate generated for the new context
68 * \param[in] new_certificate_buf_size Size of the allocated buffer for
69 * new certificate.
70 * \param[out] new_certificate_actual_size Actual size of the new certificate.
71 * \param[out] exported_cdi_buf If export_cdi is true, this is the
72 * exported CDI value.
73 * \param[in] exported_cdi_buf_size Size of the allocated buffer for
74 * exported cdi.
75 * \param[out] exported_cdi_actual_size Actual size of the exported cdi.
76 *
77 * \return Returns error code of type dpe_error_t
78 */
79dpe_error_t dpe_derive_context(int context_handle,
80 bool retain_parent_context,
81 bool allow_new_context_to_derive,
82 bool create_certificate,
83 const DiceInputValues *dice_inputs,
84 int32_t target_locality,
85 bool return_certificate,
86 bool allow_new_context_to_export,
87 bool export_cdi,
88 int *new_context_handle,
89 int *new_parent_context_handle,
90 uint8_t *new_certificate_buf,
91 size_t new_certificate_buf_size,
92 size_t *new_certificate_actual_size,
93 uint8_t *exported_cdi_buf,
94 size_t exported_cdi_buf_size,
95 size_t *exported_cdi_actual_size);
96
97#endif /* DICE_PROTECTION_ENVIRONMENT_H */