vos/ambiq-hal-sys/ambiq-sparkfun-sdk/bootloader/am_multi_boot_secure.h

125 lines
5.3 KiB
C
Raw Permalink Normal View History

2022-10-24 06:45:43 +00:00
//*****************************************************************************
//
//! @file am_multi_boot_secure.h
//!
//! @brief Secure Bootloader Definitions
//! This file declares the customizable secure boot function hooks
//
//*****************************************************************************
//*****************************************************************************
//
// Copyright (c) 2020, Ambiq Micro
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its
// contributors may be used to endorse or promote products derived from this
// software without specific prior written permission.
//
// Third party software included in this distribution is subject to the
// additional license terms as defined in the /docs/licenses directory.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
//
// This is part of revision 2.4.2 of the AmbiqSuite Development Package.
//
//*****************************************************************************
#ifndef AM_MULTI_BOOT_SECURE_H
#define AM_MULTI_BOOT_SECURE_H
#include "am_mcu_apollo.h"
#include "am_bootloader.h"
//*****************************************************************************
//
//! @brief This func verifies the security trailer & initializes security params
//!
//! @param length - Length of the security trailer
//! @param pData - Pointer to the security trailer
//! @param bStoreInSram - -Indicates if the image can be accumulated in SRAM as
//! a whole. If not set, multiboot would need to keep flashing the image
//! segments as they arrive overwriting the existing content, even before the
//! image could be verified.
//! @param psImage - Pointer to the image properties as operated upon by multiboot
//! @param pProtect - Used to pass information back to multiboot, if the flashed
//! image needs any protection features. This is a place holder for future.
//!
//! This func verifies the security trailer & initializes security engine
//! required for decryption. It could also be used to verify the validity of the
//! key used for encryption.
//!
//! @return 0 for success, non-zero for failure.
//
//*****************************************************************************
int
init_multiboot_secure(uint32_t length, uint32_t *pData,
bool bStoreInSram, am_bootloader_image_t *pImage,
uint32_t *pProtect);
//*****************************************************************************
//
//! @brief This func performs in-place decryption of the supplied block of data
//!
//! @param pData - Pointer to encrypted image data in SRAM
//! @param ui32NumBytes - Length of data
//!
//!
//! This function should implement an in-place decryption of the data using the
//! selected security algorithm. The decryption engine should have been
//! initialized as part of init_multiboot_secure implementation.
//! This function should also compute the running CRC for the clear image.
//! This function could also be used to implement any other verification on the
//! image - based on prior knowledge of image structure.
//!
//! @return none.
//
//*****************************************************************************
void
multiboot_secure_decrypt(void *pData, uint32_t ui32NumBytes);
// Authenticate/Validate the image
// Return Clear CRC of the image
// for validation on subsequent boots
//*****************************************************************************
//
//! @brief This func performs final verification of the downloaded image
//!
//! @param ui32NumBytes - Pointer used to return the CRC of the clear image
//!
//!
//! This function could implement additional verification or authentication of
//! the downloaded (and decrypted) image. On successful verification, and if the
//! image did not need copy-protection in flash, it returns the clear image in
//! flash, so that on subsequent boots the bootloader can check the image for
//! integrity.
//!
//! @return It returns 0 if the verification succeeds, non-zero for failure
//
//*****************************************************************************
int
multiboot_secure_verify(uint32_t *pui32ClearCRC);
#endif // AM_MULTI_BOOT_SECURE_H