Switchtec Userspace PROJECT_NUMBER = 4.4
Loading...
Searching...
No Matches
mfg.h
1/*
2 * Microsemi Switchtec(tm) PCIe Management Library
3 * Copyright (c) 2019, Microsemi Corporation
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included
13 * in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
19 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
20 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
21 * OTHER DEALINGS IN THE SOFTWARE.
22 *
23 */
24
25#ifndef LIBSWITCHTEC_MFG_H
26#define LIBSWITCHTEC_MFG_H
27
28#define SWITCHTEC_MB_LOG_LEN 32
29
30#define SWITCHTEC_PUB_KEY_LEN 512
31#define SWITCHTEC_SIG_LEN 512
32#define SWITCHTEC_UDS_LEN 32
33#define SWITCHTEC_KMSK_LEN 64
34#define SWITCHTEC_KMSK_NUM_MAX 10
35#define SWITCHTEC_KMSK_NUM_GEN6 12
36#define SWITCHTEC_KMSK_LEN_DWORDS (SWITCHTEC_KMSK_LEN / 4)
37#define SWITCHTEC_GEN6_TOKEN_LEN 88
38
39#define SWITCHTEC_UID_LEN_DWORDS 16
40#define SWITCHTEC_PSID_LEN_DWORDS 4
41
42#define OTP_MULTI_DWORD_UID_UNIQUEID_DWORDS 16
43#define OTP_MULTI_DWORD_CUSTOMER_PSID0_DWORDS 4
44
45#define SWITCHTEC_SECURITY_SPI_RATE_MAX_NUM 16
46
47#define SWITCHTEC_UID_DWORD_S 16
48#define SWITCHTEC_PSID_DWORD_S 4
49
50#define OTP_MULTI_DWORD_IMAGE_BIAK0 656
51#define OTP_DWORD_0 0
52#define OTP_DWORD_10 10
53
54#define OTP_DWORD_0_PRODUCT_SECSC_LSB 22
55#define OTP_DWORD_0_PRODUCT_SECSC_MSK 0x00400000
56
57#define OTP_DWORD_10_SMBUS_SMBRMRPCADDR_LSB 0
58#define OTP_DWORD_10_SMBUS_SMBRMRPCADDR_MSK 0x000003FF
59#define OTP_DWORD_10_SMBUS_SMBRIF_LSB 10
60#define OTP_DWORD_10_SMBUS_SMBRIF_MSK 0x00000C00
61#define OTP_DWORD_10_SMBUS_SMBRATYPE_LSB 12
62#define OTP_DWORD_10_SMBUS_SMBRATYPE_MSK 0x00003000
63#define OTP_DWORD_10_SMBUS_SMBROCPADDR_LSB 18
64#define OTP_DWORD_10_SMBUS_SMBROCPADDR_MSK 0x0FFC0000
65
66#define SECIRE_CFG_GET_I2C (0xD4>>1)
67#define SECURE_CFG_GET_OCP (0xD2>>1)
68
69#define SECURE_CFG_GET_I2C_PORT_MSK 0x00000003
70#define SECURE_CFG_GET_I2C_PORT_LSB 0x0000000A
71#define SECURE_CFG_GET_I2C_ADDR_MSK 0x000003FF
72#define SECURE_CFG_GET_I2C_CMD_MAP_MSK 0x00000FFF
73#define SECURE_CFG_GET_I2C_CMD_MAP_LSB 0x0000000C
74#define SECURE_CFG_GET_I2C_RCVRY_INF_MSK 0x0000C000
75#define SECURE_CFG_GET_I2C_RCVRY_ADDR_MSK 0x000003FF
76
77struct switchtec_sn_ver_info {
78 uint32_t chip_serial;
79 uint32_t ver_km;
80 uint32_t ver_bl2;
81 uint32_t ver_main;
82 uint32_t ver_sec_unlock;
83 bool riot_ver_valid;
84 uint32_t ver_riot;
85 uint32_t *UID;
86 uint32_t *PSID0;
87 uint32_t PSID_UID_valid_flags;
88 uint32_t dbg_tok_sec_ver_rsvrd;
89 uint32_t kmt_sec_ver_rsvrd;
90};
91enum switchtec_debug_mode {
92 SWITCHTEC_DEBUG_MODE_ENABLED,
93 SWITCHTEC_DEBUG_MODE_DISABLED_BUT_ENABLE_ALLOWED,
94 SWITCHTEC_DEBUG_MODE_DISABLED,
95 SWITCHTEC_DEBUG_MODE_DISABLED_EXT
96};
97
98enum switchtec_secure_state {
99 SWITCHTEC_UNINITIALIZED_UNSECURED,
100 SWITCHTEC_INITIALIZED_UNSECURED,
101 SWITCHTEC_INITIALIZED_SECURED,
102 SWITCHTEC_SECURE_STATE_UNKNOWN = 0xff,
103};
104
105enum switchtec_secure_state_gen6 {
106 SWITCHTEC_GEN6_UNINITIALIZED_SECURE_CAPABLE = 0,
107 SWITCHTEC_GEN6_UNPROVISIONED_SECURED = 1,
108 SWITCHTEC_GEN6_INITIALIZED_SECURED = 2,
109 SWITCHTEC_GEN6_INITIALIZED_UNSECURED = 3,
110 SWITCHTEC_GEN6_SECURE_STATE_UNKNOWN = 0xff,
111};
112
113enum switchtec_attestation_mode {
114 SWITCHTEC_ATTESTATION_MODE_NOT_SUPPORTED,
115 SWITCHTEC_ATTESTATION_MODE_NONE,
116 SWITCHTEC_ATTESTATION_MODE_DICE
117};
118
122enum switchtec_otp_program_status {
123 SWITCHTEC_OTP_PROGRAMMABLE = 0,
124 SWITCHTEC_OTP_UNPROGRAMMABLE = 1,
125};
126
127enum switchtec_otp_program_mask {
128 SWITCHTEC_OTP_UNMASKED = 0,
129 SWITCHTEC_OTP_MASKED = 1,
130};
131
132struct switchtec_security_cfg_otp_region {
133 bool basic_valid;
134 bool mixed_ver_valid;
135 bool main_fw_ver_valid;
136 bool sec_unlock_ver_valid;
137 bool kmsk_valid[4];
138 enum switchtec_otp_program_status basic;
139 enum switchtec_otp_program_status mixed_ver;
140 enum switchtec_otp_program_status main_fw_ver;
141 enum switchtec_otp_program_status sec_unlock_ver;
142 enum switchtec_otp_program_status kmsk[4];
143};
144
145struct switchtec_security_cfg_otp_region_ext {
146 bool basic_valid;
147 bool debug_mode_valid;
148 bool key_ver_valid;
149 bool rc_ver_valid;
150 bool bl2_ver_valid;
151 bool main_fw_ver_valid;
152 bool sec_unlock_ver_valid;
153 bool kmsk_valid[10];
154 bool cdi_efuse_inc_mask_valid;
155 bool uds_valid;
156 bool uds_mask_valid;
157 bool mchp_uds_valid;
158 bool mchp_uds_mask_valid;
159 bool did_cert0_valid;
160 bool did_cert1_valid;
161 enum switchtec_otp_program_status basic;
162 enum switchtec_otp_program_status debug_mode;
163 enum switchtec_otp_program_status key_ver;
164 enum switchtec_otp_program_status rc_ver;
165 enum switchtec_otp_program_status bl2_ver;
166 enum switchtec_otp_program_status main_fw_ver;
167 enum switchtec_otp_program_status sec_unlock_ver;
168 enum switchtec_otp_program_status kmsk[10];
169 enum switchtec_otp_program_status cdi_efuse_inc_mask;
170 enum switchtec_otp_program_status uds;
171 enum switchtec_otp_program_mask uds_mask;
172 enum switchtec_otp_program_status mchp_uds;
173 enum switchtec_otp_program_mask mchp_uds_mask;
174 enum switchtec_otp_program_status did_cert0;
175 enum switchtec_otp_program_status did_cert1;
176};
177
178struct switchtec_attestation_state {
179 enum switchtec_attestation_mode attestation_mode;
180 bool cdi_efuse_inc_mask_valid;
181 unsigned int cdi_efuse_inc_mask;
182 bool uds_selfgen;
183 bool uds_visible;
184 unsigned char uds_data[32];
185};
186
187struct switchtec_security_cfg_state {
188 bool debug_mode_valid;
189 uint8_t basic_setting_valid;
190 uint8_t public_key_exp_valid;
191 uint8_t public_key_num_valid;
192 uint8_t public_key_ver_valid;
193 uint8_t public_key_valid;
194
195 enum switchtec_debug_mode debug_mode;
196 enum switchtec_secure_state secure_state;
197
198 uint8_t jtag_lock_after_reset;
199 uint8_t jtag_lock_after_bl1;
200 uint8_t jtag_bl1_unlock_allowed;
201 uint8_t jtag_post_bl1_unlock_allowed;
202
203 float spi_clk_rate;
204 uint32_t i2c_recovery_tmo;
205 uint32_t i2c_port;
206 uint32_t i2c_addr;
207 uint32_t i2c_cmd_map;
208 uint32_t public_key_exponent;
209 uint32_t public_key_num;
210 uint32_t public_key_ver;
211
212 uint8_t public_key[SWITCHTEC_KMSK_NUM_MAX][SWITCHTEC_KMSK_LEN];
213
214 uint8_t secsc;
215 uint16_t i2c_rcvry_address_ocp;
216 uint32_t otp_key_hash[SWITCHTEC_KMSK_NUM_GEN6][SWITCHTEC_KMSK_LEN_DWORDS];
217
218 bool otp_valid;
219 bool use_otp_ext;
220 struct switchtec_security_cfg_otp_region otp;
221 struct switchtec_security_cfg_otp_region_ext otp_ext;
222
223 struct switchtec_attestation_state attn_state;
224};
225
226struct switchtec_security_cfg_state_gen6 {
227 /* DWORD 0 */
228 uint32_t twi_rcvry_address_mrpc :10;
229 uint32_t twi_rcvry_bus :2;
230 uint32_t twi_address_type :2;
231 uint32_t twi_rcvry_address_ocp :10;
232 uint32_t reserved_dw_0_1 :8;
233
234 /* DWORD 1 */
235 uint32_t mrpc_command_map :12;
236 uint32_t secsc :1;
237 uint32_t reserved_dw_1_1 :19;
238
239 /* DWORD 2 */
240 uint32_t ap_offset :20;
241 uint32_t reserved_dw_2_1 :12;
242
243 /* DWORD 3 */
244 uint32_t i3c_pid_high :32;
245
246 /* DWORD 4 */
247 uint32_t i3c_pid_low :32;
248
249 /* DWORD 5 */
250 uint32_t i3c_rcvry_address :7;
251 uint32_t i3c_rcvry_bus :2;
252 uint32_t reserved_dw_5_1 :23;
253
254 /* DWORD 6 */
255 uint32_t algo_crc_disable :1;
256 uint32_t algo_ecdsa_p384_disable :1;
257 uint32_t algo_ecdsa_p521_disable :1;
258 uint32_t algo_rsa3ksha2_disable :1;
259 uint32_t algo_rsa4ksha2_disable :1;
260 uint32_t algo_dilithium5_disable :1;
261 uint32_t reserved_dw_6_1 :2;
262 uint32_t rom_key_1_disable :1;
263 uint32_t rom_key_2_disable :1;
264 uint32_t rom_key_3_disable :1;
265 uint32_t rom_key_4_disable :1;
266 uint32_t reserved_dw_6_2 :4;
267 uint32_t boot_from_uart_disable :1;
268 uint32_t boot_from_smbus_disable :1;
269 uint32_t boot_from_i3c_disable :1;
270 uint32_t failover_to_uart_disable :1;
271 uint32_t failover_to_smbus_disable :1;
272 uint32_t failover_to_i3c_disable :1;
273 uint32_t reserved_dw_6_3 :2;
274 uint32_t static_token_disable :1;
275 uint32_t psid_only_token_disable :1;
276 uint32_t uid_only_token_disable :1;
277 uint32_t psid_uid_token_disable :1;
278 uint32_t reserved_dw_6_4 :4;
279
280 /* DWORD 7 */
281 uint32_t puf_ac_status :2;
282 uint32_t rsvd_dw_7_0 :2;
283 uint32_t otp_key0_hash_status :2;
284 uint32_t otp_key1_hash_status :2;
285 uint32_t otp_key2_hash_status :2;
286 uint32_t otp_key3_hash_status :2;
287 uint32_t otp_key4_hash_status :2;
288 uint32_t otp_key5_hash_status :2;
289 uint32_t otp_key6_hash_status :2;
290 uint32_t otp_key7_hash_status :2;
291 uint32_t otp_key8_hash_status :2;
292 uint32_t otp_key9_hash_status :2;
293 uint32_t otp_key10_hash_status :2;
294 uint32_t otp_key11_hash_status :2;
295 uint32_t rsvd_dw_7_1 :4;
296
297 /* DWORD 8 */
298 uint32_t rsvd_dw_8_0 :24;
299 uint32_t has_table_sha2_384_disable :1;
300 uint32_t has_table_sha2_512_disable :1;
301 uint32_t has_table_sha3_512_disable :1;
302 uint32_t has_table_crc32_disable :1;
303 uint32_t reserved_dw_8_1 :4;
304
305 /* DWORD 9 to ... */
306 uint32_t otp_key_hash[SWITCHTEC_KMSK_NUM_GEN6][SWITCHTEC_KMSK_LEN_DWORDS];
307};
308
312enum kmt_signature_types_e {
313 KMT_SIG_FORMAT_CRC = 0,
314 KMT_SIG_FORMAT_RSA3KSHA2 = 1,
315 KMT_SIG_FORMAT_RSA4KSHA2 = 2,
316 KMT_SIG_FORMAT_ECDSAP384SHA2 = 3,
317 KMT_SIG_FORMAT_ECDSAP521SHA2 = 4,
318 KMT_SIG_FORMAT_DILITHIUM5 = 5,
319 KMT_SIG_FORMAT_MAX
320};
321
322enum switchtec_otp_key_status {
323 UNPROGRAMMED = 0x00,
324 PROGRAMMED = 0x01,
325 REVOKED = 0x02,
326 INVALID = 0x03
327};
328
329struct switchtec_attestation_set {
330 enum switchtec_attestation_mode attestation_mode;
331 unsigned int cdi_efuse_inc_mask;
332 bool uds_selfgen;
333 bool uds_valid;
334 unsigned char uds_data[32];
335};
336
337struct switchtec_security_cfg_set {
338 uint8_t jtag_lock_after_reset;
339 uint8_t jtag_lock_after_bl1;
340 uint8_t jtag_bl1_unlock_allowed;
341 uint8_t jtag_post_bl1_unlock_allowed;
342
343 float spi_clk_rate;
344 uint32_t i2c_recovery_tmo;
345 uint32_t i2c_port;
346 uint32_t i2c_addr;
347 uint32_t i2c_cmd_map;
348 uint32_t public_key_exponent;
349
350 struct switchtec_attestation_set attn_set;
351};
352
353enum switchtec_active_index_id {
354 SWITCHTEC_ACTIVE_INDEX_0 = 0,
355 SWITCHTEC_ACTIVE_INDEX_1 = 1,
356 SWITCHTEC_ACTIVE_INDEX_NOT_SET = 0xfe
357};
358
359struct switchtec_active_index {
360 enum switchtec_active_index_id bl2;
361 enum switchtec_active_index_id firmware;
362 enum switchtec_active_index_id config;
363 enum switchtec_active_index_id keyman;
364 enum switchtec_active_index_id riot;
365};
366
367enum switchtec_bl2_recovery_mode {
368 SWITCHTEC_BL2_RECOVERY_I2C = 1,
369 SWITCHTEC_BL2_RECOVERY_XMODEM = 2,
370 SWITCHTEC_BL2_RECOVERY_I2C_AND_XMODEM = 3
371};
372
373#define TOKEN_RESOURCE_UNLOCK 0
374#define TOKEN_VERSION_UPDATE 1
375#define GEN6_TOKEN_STATIC 2
376#define GEN6_TOKEN_EPHEMERAL 3
377
378enum secure_token_get_types_e {
379 SECURE_TOKEN_GET_TYPE_STATIC = 0,
380 SECURE_TOKEN_GET_TYPE_EPHEMERAL = 1,
381 SECURE_TOKEN_GET_TYPE_MAX
382};
383
384struct switchtec_kmsk {
385 uint8_t kmsk[SWITCHTEC_KMSK_LEN];
386};
387
388struct switchtec_pubkey {
389 uint8_t pubkey[SWITCHTEC_PUB_KEY_LEN];
390 uint32_t pubkey_exp;
391};
392
393struct switchtec_signature{
394 uint8_t signature[SWITCHTEC_SIG_LEN];
395};
396
397struct switchtec_gen6_token{
398 uint8_t token[SWITCHTEC_GEN6_TOKEN_LEN];
399};
400
401struct switchtec_uds {
402 unsigned char uds[SWITCHTEC_UDS_LEN];
403};
404
405struct switchtec_security_spi_avail_rate {
406 int num_rates;
407 float rates[SWITCHTEC_SECURITY_SPI_RATE_MAX_NUM];
408};
409
410struct sec_cfg_get_struct {
411 uint32_t subcmd;
412 uint32_t OTP_dword_offset;
413 uint32_t read_dwords;
414};
415
416int switchtec_sn_ver_get(struct switchtec_dev *dev,
417 struct switchtec_sn_ver_info *info);
418int switchtec_security_config_get(struct switchtec_dev *dev, void *state);
419int switchtec_security_spi_avail_rate_get(struct switchtec_dev *dev,
420 struct switchtec_security_spi_avail_rate *rates);
421int switchtec_security_config_set(struct switchtec_dev *dev,
422 struct switchtec_security_cfg_set *setting);
423int switchtec_mailbox_to_file(struct switchtec_dev *dev, int fd);
424int switchtec_active_image_index_get(struct switchtec_dev *dev,
425 struct switchtec_active_index *index);
426int switchtec_active_image_index_set(struct switchtec_dev *dev,
427 struct switchtec_active_index *index);
428int switchtec_fw_exec(struct switchtec_dev *dev,
429 enum switchtec_bl2_recovery_mode recovery_mode);
430int switchtec_boot_resume(struct switchtec_dev *dev);
431int switchtec_kmsk_set(struct switchtec_dev *dev,
432 struct switchtec_pubkey *public_key,
433 struct switchtec_signature *signature,
434 struct switchtec_kmsk *kmsk);
435int switchtec_secure_state_set(struct switchtec_dev *dev,
436 enum switchtec_secure_state state);
437int switchtec_secure_state_set_debug_protect(struct switchtec_dev *dev);
438int switchtec_secure_state_set_transition(struct switchtec_dev *dev,
439 enum switchtec_secure_state state);
440int switchtec_dbg_unlock(struct switchtec_dev *dev, uint32_t serial,
441 uint32_t ver_sec_unlock,
442 struct switchtec_pubkey *public_key,
443 struct switchtec_signature *signature,
444 struct switchtec_gen6_token *token);
445int switchtec_dbg_unlock_version_update(struct switchtec_dev *dev,
446 uint32_t serial,
447 uint32_t ver_sec_unlock,
448 struct switchtec_pubkey *public_key,
449 struct switchtec_signature *signature);
450int switchtec_dbg_unlock_get_token_gen6(struct switchtec_dev *dev,
451 struct switchtec_gen6_token *token,
452 int token_type);
453int switchtec_dbg_unlock_status_get_gen6(struct switchtec_dev *dev,
454 uint32_t *jtag_status);
455int switchtec_secure_state_get_gen6(struct switchtec_dev *dev,
456 enum switchtec_secure_state_gen6 *state);
457int switchtec_read_sec_cfg_file(struct switchtec_dev *dev,
458 FILE *setting_file,
459 struct switchtec_security_cfg_set *set);
460int switchtec_read_pubk_file(FILE *pubk_file, struct switchtec_pubkey *pubk);
461int switchtec_read_kmsk_file(FILE *kmsk_file, struct switchtec_kmsk *kmsk);
462int switchtec_read_signature_file(FILE *sig_file,
463 struct switchtec_signature *sigature);
464int switchtec_read_token_file(FILE *tkn_file, struct switchtec_gen6_token *token);
465int switchtec_read_uds_file(FILE *uds_file, struct switchtec_uds *uds);
466int
467switchtec_security_state_has_kmsk(struct switchtec_security_cfg_state *state,
468 struct switchtec_kmsk *kmsk);
469int security_settings_get_gen6(struct switchtec_dev *dev,
470 struct switchtec_security_cfg_state_gen6 *state);
471
472/*
473 * Device Configuration MRPC (MRPC_DEVICE_CONFIG = 0x127)
474 * Structures and constants for Gen6 device configuration
475 */
476
477/* Sub-commands for MRPC_DEVICE_CONFIG */
478#define DEVICE_CONFIG_SUB_CMD_SET_DEVICE 0x0
479#define DEVICE_CONFIG_SUB_CMD_SET_SECURITY 0x1
480#define DEVICE_CONFIG_SUB_CMD_SET_CUSTOMER 0x2
481#define DEVICE_CONFIG_SUB_CMD_GET 0x3
482#define DEVICE_CONFIG_SUB_CMD_GET_SECURITY 0x4
483#define DEVICE_CONFIG_SUB_CMD_GET_CUSTOMER 0x5
484
485/* Constants for device configuration structures */
486#define DEVICE_CONFIG_CUSTOMER_FIELD_NUM 4
487#define DEVICE_CONFIG_CUSTOMER_ECC_FIELD_NUM 4
488#define DEVICE_CONFIG_CUSTOMER_ECC_FIELD_SIZE 2
489#define DEVICE_CONFIG_KEY_HASH_SIZE_DWORDS 16
490#define DEVICE_CONFIG_MAX_KEY_SLOTS 12
491
492struct switchtec_device_config_dev_settings {
493 /* DWORD 0 */
494 uint32_t twi_ocp_addr :10;
495 uint32_t twi_mrpc_addr :10;
496 uint32_t twi_rcvry_addr_type :2;
497 uint32_t twi_rcvry_bus :2;
498 uint32_t rsvd_0 :8;
499
500 /* DWORD 1 */
501 uint32_t i3c_pid_hi;
502
503 /* DWORD 2 */
504 uint32_t i3c_pid_lo :16;
505 uint32_t i3c_addr_7bit :7;
506 uint32_t i3c_rcvry_bus :2;
507 uint32_t rsvd_1 :7;
508};
509
510struct switchtec_device_config_customer_settings {
511 /* DWORD 0 */
512 uint32_t device_id :16;
513 uint32_t vendor_id :16;
514
515 /* DWORD 1 */
516 uint32_t revision_id :16;
517 uint32_t subsystem_id :16;
518
519 /* DWORD 2 */
520 uint32_t subsystem_vendor_id :16;
521 uint32_t rsvd_0 :16;
522
523 /* DWORD 3-6: customer fields */
524 uint32_t customer_fields[DEVICE_CONFIG_CUSTOMER_FIELD_NUM];
525
526 /* DWORD 7-14: customer ECC fields */
527 uint32_t customer_ecc_fields[DEVICE_CONFIG_CUSTOMER_ECC_FIELD_NUM]
528 [DEVICE_CONFIG_CUSTOMER_ECC_FIELD_SIZE];
529};
530
531struct switchtec_device_config_key_data {
532 /* DWORD 0 */
533 uint32_t index :8;
534 uint32_t rsvd :24;
535
536 /* DWORD 1-16: key hash (SHA2-512) */
537 uint32_t hash[DEVICE_CONFIG_KEY_HASH_SIZE_DWORDS];
538};
539
540struct switchtec_device_config_secure_settings {
541 /* DWORD 0 */
542 uint32_t command_map :12;
543 uint32_t rsvd_0 :4;
544 uint32_t static_token_disable :1;
545 uint32_t psid_only_token_disable :1;
546 uint32_t uid_only_token_disable :1;
547 uint32_t psid_uid_token_disable :1;
548 uint32_t rsvd_1 :4;
549 uint32_t boot_from_uart_disable :1;
550 uint32_t boot_from_smbus_disable :1;
551 uint32_t boot_from_i3c_disable :1;
552 uint32_t failover_to_uart_disable :1;
553 uint32_t failover_to_smbus_disable :1;
554 uint32_t failover_to_i3c_disable :1;
555 uint32_t rsvd_2 :2;
556
557 /* DWORD 1-4: PSID0 */
558 uint32_t psid0[SWITCHTEC_PSID_LEN_DWORDS];
559
560 /* DWORD 5: number of keys to program */
561 uint32_t key_prog_num;
562
563 /* DWORD 6-...: key data (up to 12 keys, 17 DWORDs each) */
564 struct switchtec_device_config_key_data key_data[DEVICE_CONFIG_MAX_KEY_SLOTS];
565};
566
567struct switchtec_device_config_security_settings_status {
568 /* DWORD 0 */
569 uint32_t dok0_status :2;
570 uint32_t dok1_status :2;
571 uint32_t dok2_status :2;
572 uint32_t dok3_status :2;
573 uint32_t dok4_status :2;
574 uint32_t dok5_status :2;
575 uint32_t dok6_status :2;
576 uint32_t dok7_status :2;
577 uint32_t dok8_status :2;
578 uint32_t dok9_status :2;
579 uint32_t dok10_status :2;
580 uint32_t dok11_status :2;
581 uint32_t rsvd :8;
582};
583
588
589int switchtec_device_config_get(struct switchtec_dev *dev,
590 struct switchtec_device_config_dev_settings *settings);
591int switchtec_device_config_get_security(struct switchtec_dev *dev,
592 struct switchtec_device_config_get_sec *config);
593int switchtec_device_config_get_customer(struct switchtec_dev *dev,
594 struct switchtec_device_config_customer_settings *settings);
595int switchtec_device_config_set_dev(struct switchtec_dev *dev,
596 struct switchtec_device_config_dev_settings *settings);
597int switchtec_device_config_set_customer(struct switchtec_dev *dev,
598 struct switchtec_device_config_customer_settings *settings);
599int switchtec_device_config_set_security(struct switchtec_dev *dev,
600 struct switchtec_device_config_secure_settings *settings);
601
602/*
603 * DOK Config MRPC (MRPC_DOK_CONFIG = 0x128)
604 * Device Owner Key configuration for Gen6 devices
605 */
606
607/* Sub-commands for MRPC_DOK_CONFIG */
608#define DOK_CONFIG_SUB_CMD_SIGNATURE 0x0
609#define DOK_CONFIG_SUB_CMD_PROVISION 0x1
610#define DOK_CONFIG_SUB_CMD_REVOKE 0x2
611
612/* Authorization Flag values (auth_type field) */
613#define DOK_AUTH_FLAG_UID_ONLY 0x0
614#define DOK_AUTH_FLAG_PSID_ONLY 0x1
615#define DOK_AUTH_FLAG_UID_AND_PSID 0x2
616#define DOK_AUTH_FLAG_NONE 0x3
617
618struct switchtec_dok_signature {
619 uint8_t sub_cmd;
620 uint8_t sig_type;
621 uint8_t reserved[2];
622 uint32_t total_len;
623 uint32_t total_crc;
624 uint32_t data_len;
625 uint32_t offset;
626 uint8_t sig_data[512];
627};
628
629struct switchtec_dok_key_add {
630 /* DWORD 0 */
631 uint32_t sub_cmd :8;
632 uint32_t key_slot :8;
633 uint32_t auth_type :8;
634 uint32_t reserved :8;
635
636 /* DWORD 1-16: UID (512 bits) */
637 uint32_t uid[SWITCHTEC_UID_LEN_DWORDS];
638
639 /* DWORD 17-20: PSID (128 bits) */
640 uint32_t psid[SWITCHTEC_PSID_LEN_DWORDS];
641
642 /* DWORD 21-36: key hash (SHA2-512, 512 bits) */
643 uint32_t key_hash[DEVICE_CONFIG_KEY_HASH_SIZE_DWORDS];
644
645 /* DWORD 37-52: integrity hash (SHA2-512, 512 bits)
646 * Required when auth_type == DOK_AUTH_FLAG_NONE */
647 uint32_t integrity_hash[DEVICE_CONFIG_KEY_HASH_SIZE_DWORDS];
648};
649
650struct switchtec_dok_key_revoke {
651 /* DWORD 0 */
652 uint32_t sub_cmd :8;
653 uint32_t key_slot :8;
654 uint32_t auth_type :8;
655 uint32_t reserved :8;
656
657 /* DWORD 1-16: UID (512 bits) */
658 uint32_t uid[SWITCHTEC_UID_LEN_DWORDS];
659
660 /* DWORD 17-20: PSID (128 bits) */
661 uint32_t psid[SWITCHTEC_PSID_LEN_DWORDS];
662
663 /* DWORD 21-36: integrity hash (SHA2-512, 512 bits)
664 * Required when auth_type == DOK_AUTH_FLAG_NONE */
665 uint32_t integrity_hash[DEVICE_CONFIG_KEY_HASH_SIZE_DWORDS];
666};
667
668int switchtec_dok_config_signature(struct switchtec_dev *dev,
669 struct switchtec_dok_signature *sig);
670int switchtec_dok_config_key_add(struct switchtec_dev *dev,
671 struct switchtec_dok_key_add *key_add);
672int switchtec_dok_config_key_revoke(struct switchtec_dev *dev,
673 struct switchtec_dok_key_revoke *key_revoke);
674
675#endif // LIBSWITCHTEC_MFG_H
switchtec_sn_ver_get
int switchtec_sn_ver_get(struct switchtec_dev *dev, struct switchtec_sn_ver_info *info)
Get serial number and security version.
Definition mfg.c:2105
sec_cfg_get_struct
Definition mfg.h:410
switchtec_active_index
Definition mfg.h:359
switchtec_attestation_set
Definition mfg.h:329
switchtec_attestation_state
Definition mfg.h:178
switchtec_device_config_customer_settings
Definition mfg.h:510
switchtec_device_config_dev_settings
Definition mfg.h:492
switchtec_device_config_get_sec
Definition mfg.h:584
switchtec_device_config_key_data
Definition mfg.h:531
switchtec_device_config_secure_settings
Definition mfg.h:540
switchtec_device_config_security_settings_status
Definition mfg.h:567
switchtec_dok_key_add
Definition mfg.h:629
switchtec_dok_key_revoke
Definition mfg.h:650
switchtec_dok_signature
Definition mfg.h:618
switchtec_gen6_token
Definition mfg.h:397
switchtec_kmsk
Definition mfg.h:384
switchtec_pubkey
Definition mfg.h:388
switchtec_security_cfg_otp_region_ext
Definition mfg.h:145
switchtec_security_cfg_otp_region
Definition mfg.h:132
switchtec_security_cfg_set
Definition mfg.h:337
switchtec_security_cfg_state_gen6
Definition mfg.h:226
switchtec_security_cfg_state
Definition mfg.h:187
switchtec_security_spi_avail_rate
Definition mfg.h:405
switchtec_signature
Definition mfg.h:393
switchtec_sn_ver_info
Definition mfg.h:77
switchtec_uds
Definition mfg.h:401
Generated by doxygen 1.17.0