blob: fd550aa3326cb6cf8ed80de2d4910213476ad67f [file] [log] [blame]
// Copyright lowRISC contributors.
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_EXT_ROM_EXT_BOOT_POLICY_H_
#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_EXT_ROM_EXT_BOOT_POLICY_H_
#include "sw/device/silicon_creator/lib/error.h"
#include "sw/device/silicon_creator/lib/manifest.h"
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
/**
* Type alias for the first owner boot stage entry point.
*
* The entry point address obtained from the first owner boot stage manifest
* must be cast to a pointer to this type before being called.
*/
typedef void owner_stage_entry_point(void);
/**
* Manifests of first boot owner boot stages in descending order according to
* their security versions.
*
* These boot stages must be verified prior to handing over execution.
*/
typedef struct rom_ext_boot_policy_manifests {
/**
* First owner boot stage manifests in descending order according to
* their security versions.
*/
const manifest_t *ordered[2];
} rom_ext_boot_policy_manifests_t;
/**
* Returns the manifests of first owner boot stages that should be attempted to
* boot in descending order according to their security versions.
*
* These boot stages must be verified prior to handing over execution.
*
* @return Manifests of first owner boot stages in descending order according to
* their security versions.
*/
rom_ext_boot_policy_manifests_t rom_ext_boot_policy_manifests_get(void);
/**
* Checks the fields of a first owner boot stage manifest.
*
* This function performs bounds checks on the fields of the manifest, checks
* that its `identifier` is correct, and its `security_version` is greater than
* or equal to the minimum required security version.
*
* @param manifest A first boot owner boot stage manifest.
* @return Result of the operation.
*/
rom_error_t rom_ext_boot_policy_manifest_check(const manifest_t *manifest);
#ifdef __cplusplus
} // extern "C"
#endif // __cplusplus
#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_EXT_ROM_EXT_BOOT_POLICY_H_