| David Vincze | 060968d | 2019-05-23 01:13:14 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2019, Arm Limited. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: Apache-2.0 |
| 5 | */ |
| 6 | |
| 7 | #ifndef __SECURITY_CNT_H__ |
| 8 | #define __SECURITY_CNT_H__ |
| 9 | |
| 10 | /** |
| 11 | * @file security_cnt.h |
| 12 | * |
| 13 | * @note The interface must be implemented in a fail-safe way that is |
| 14 | * resistant to asynchronous power failures or it can use hardware |
| 15 | * counters that have this capability, if supported by the platform. |
| 16 | * When a counter incrementation was interrupted it must be able to |
| 17 | * continue the incrementation process or recover the previous consistent |
| 18 | * status of the counters. If the counters have reached a stable status |
| 19 | * (every counter incrementation operation has finished), from that point |
| 20 | * their value cannot decrease due to any kind of power failure. |
| 21 | */ |
| 22 | |
| 23 | #include <stdint.h> |
| 24 | |
| 25 | #ifdef __cplusplus |
| 26 | extern "C" { |
| 27 | #endif |
| 28 | |
| 29 | /** |
| 30 | * Initialises the security counters. |
| 31 | * |
| 32 | * @return 0 on success; nonzero on failure. |
| 33 | */ |
| 34 | int32_t boot_nv_security_counter_init(void); |
| 35 | |
| 36 | /** |
| 37 | * Reads the stored value of a given image's security counter. |
| 38 | * |
| 39 | * @param image_id Index of the image (from 0). |
| 40 | * @param security_cnt Pointer to store the security counter value. |
| 41 | * |
| 42 | * @return 0 on success; nonzero on failure. |
| 43 | */ |
| 44 | int32_t boot_nv_security_counter_get(uint32_t image_id, uint32_t *security_cnt); |
| 45 | |
| 46 | /** |
| 47 | * Updates the stored value of a given image's security counter with a new |
| 48 | * security counter value if the new one is greater. |
| 49 | * |
| 50 | * @param image_id Index of the image (from 0). |
| 51 | * @param img_security_cnt New security counter value. The new value must be |
| 52 | * between 0 and UINT32_MAX and it must be greater than |
| 53 | * or equal to the current security counter value. |
| 54 | * |
| 55 | * @return 0 on success; nonzero on failure. |
| 56 | */ |
| 57 | int32_t boot_nv_security_counter_update(uint32_t image_id, |
| 58 | uint32_t img_security_cnt); |
| 59 | |
| 60 | #ifdef __cplusplus |
| 61 | } |
| 62 | #endif |
| 63 | |
| 64 | #endif /* __SECURITY_CNT_H__ */ |