 |
xilloader
Vitis Drivers API Documentation
|
|
xilloader
Vitis Drivers API Documentation
|
This file contains all common security operations including sha related code.
MODIFICATION HISTORY:
Ver Who Date Changes
1.00 vns 04/23/19 First release 1.01 vns 05/13/19 Added grey key decryption support vns 06/14/19 Removed SHA padding related code vns 07/09/19 Added PPK and SPK integrity checks Updated chunk size for secure partition Added encryption + authentication support vns 07/23/19 Added functions to load secure headers vns 08/23/19 Added buffer cleaning on failure Added different key sources support Added header decryption support Set hardware into reset upon failure sb 08/24/19 Fixed coverity warnings har 08/26/19 Fixed MISRA C violations vns 08/28/19 Fixed bug in loading bigger secure CDOs 1.02 vns 02/23/20 Added DPA CM enable/disable functionality vns 02/26/20 Added encryption revoke checks Added DEC_ONLY checks Updated PDI fields Added DPA CM enable/disable for MetaHeader har 02/24/20 Added code to return error codes rpo 02/25/20 Added SHA, RSA, ECDSA, AES KAT support vns 03/01/20 Added PUF KEK decrypt support ana 04/02/20 Added crypto engine KAT test function calls Removed release reset function calls from this file and added in respective library files bsv 04/07/20 Change DMA name to PMCDMA vns 04/13/20 Moved Aes instance to Secure structure 1.03 ana 06/04/20 Minor Enhancement and updated Sha3 hash buffer with XSecure_Sha3Hash Structure tar 07/23/20 Fixed MISRA-C required violations skd 07/29/20 Updated device copy macros kpt 07/30/20 Added Meta header IV range checks and added IV support for ENC only case kpt 08/01/20 Corrected check to validate the last row of ppk hash bsv 08/06/20 Added delay load support for secure cases kpt 08/10/20 Corrected endianness for meta header IV range checking har 08/11/20 Added support for authenticated JTAG td 08/19/20 Fixed MISRA C violations Rule 10.3 kal 08/23/20 Added parallel DMA support for Qspi and Ospi for secure har 08/24/20 Added support for ECDSA P521 authentication kpt 08/27/20 Changed argument type from u8* to UINTPTR for SHA kpt 09/07/20 Fixed key rolling issue kpt 09/08/20 Added redundancy at security critical checks rpo 09/10/20 Added return type for XSecure_Sha3Start bsv 09/30/20 Renamed XLOADER_CHUNK_MEMORY to XPLMI_PMCRAM_CHUNK_MEMORY har 09/30/20 Deprecated Family Key support bm 09/30/20 Added SecureClear API to clear security critical data in case of exceptions and also place AES, ECDSA_RSA, SHA3 in reset kal 10/07/20 Added Missed DB check in XLoader_RsaSignVerify API kal 10/16/20 Added a check for RSA EM MSB bit to make sure it is zero kpt 10/19/20 Code clean up td 10/19/20 MISRA C Fixes bsv 10/19/20 Parallel DMA related changes har 10/19/20 Replaced ECDSA in function calls 1.04 har 11/12/20 Initialized GVF in PufData structure with MSB of shutter value Improved checks for sync in PDI DPACM Cfg and Efuse DPACM Cfg bm 12/16/20 Added PLM_SECURE_EXCLUDE macro. Also moved authentication and encryption related code to xloader_auth_enc.c file bm 01/04/21 Updated checksum verification to be done at destination memory kpt 02/18/21 Fixed logical error in partition next chunk copy in encryption cases 1.05 har 03/17/21 Added API to set the secure state of device ma 03/24/21 Minor updates to prints in XilLoader bm 05/10/21 Updated chunking logic for hashes bm 05/13/21 Updated code to use common crypto instances from xilsecure ma 05/18/21 Minor code cleanup ma 05/20/21 Fix warnings introduced due to volatile qualifier har 05/20/21 Added checks in case both efuse auth and bh auth are enabled 1.06 td 07/08/21 Fix doxygen warnings har 07/15/21 Fixed doxygen warnings har 07/27/21 Added prints for Secure State kpt 08/11/21 Added redundant check for Xil_MemCmp in XLoader_VerifyHashNUpdateNext bsv 08/17/21 Code clean up bsv 08/31/21 Code clean up kpt 09/09/21 Fixed SW-BP-BLIND-WRITE in XLoader_SecureClear kpt 09/09/21 Fixed SW-BP-BLIND-WRITE in XLoader_AuthEncClear kpt 09/15/21 Fixed SW-BP-INIT-FAIL in XLoader_GetAHWRoT kpt 09/15/21 Fixed SW-BP-INIT-FAIL in XLoader_GetSHWRoT kpt 09/18/21 Fixed SW-BP-REDUNDANCY kpt 09/20/21 Fixed checksum issue in case of delay load bsv 10/01/21 Addressed code review comments 1.07 kpt 10/07/21 Decoupled checksum functionality from secure code kpt 10/20/21 Modified temporal checks to use temporal variables from data section bsv 10/26/21 Code clean up kpt 10/28/21 Added flags in XLoader_SecureInit to indicate the mode of copy 1.08 skd 11/18/21 Added time stamps in XLoader_ProcessChecksumPrtn kpt 12/13/21 Replaced standard library utility functions with secure functions bsv 02/09/22 Code clean up to reduce size bsv 02/09/22 Code clean up bsv 02/10/22 Code clean up by removing unwanted initializations bsv 02/14/22 Added comments for better readability kpt 02/18/22 Fixed copy to memory issue 1.09 bm 07/06/22 Refactor versal and versal_net code sk 10/19/22 Fix security review comments har 11/17/22 Removed XLoader_CheckNonZeroPpk and moved code to set Secure State(Auth) in xloader_plat_secure files ng 11/23/22 Updated doxygen comments kpt 02/21/23 Fixed bug in XLoader_SecureClear ng 03/30/23 Updated algorithm and return values in doxygen comments sk 05/18/23 Deprecate copy to memory feature yog 07/17/23 Added check for returning glitch error for XLoader_ChecksumInit API ng 07/10/23 Added support for system device-tree flow yog 08/17/23 Added a check to return error when secure is excluded and trying to do secure boot 2.1 kpt 12/13/23 Reset PMC TRNG when exception occurs ng 01/28/24 u8 variables optimization pre 12/09/24 use PMC RAM for Metaheader instead of PPU1 RAM pre 03/02/25 setting data context lost for SHA when the resource is busy pre 04/07/25 Hash verification skip for non-secure boot in export control enabled devices
Macros | |
| #define | XLOADER_SHA3_RESET_REG (0xF1210004U) |
| SHA3 Reset register address. More... | |
| #define | XLOADER_SHA3_RESET_VAL (0x1U) |
| SHA3 Reset value. More... | |
Functions | |
| int | XLoader_SecureInit (XLoader_SecureParams *SecurePtr, XilPdi *PdiPtr, u32 PrtnNum) |
| This function initializes XLoader_SecureParams's instance. More... | |
| int | XLoader_SecureCopy (XLoader_SecureParams *SecurePtr, u64 DestAddr, u32 Size) |
| This function loads secure non-cdo partitions. More... | |
| int | XLoader_SecureClear (void) |
| This function is called to clear secure critical data in case of exceptions. More... | |
| int | XLoader_VerifyHashNUpdateNext (XLoader_SecureParams *SecurePtr, u64 DataAddr, u32 Size, u8 Last) |
| This function calculates hash and compares with expected hash. More... | |
| int | XLoader_SecureChunkCopy (XLoader_SecureParams *SecurePtr, u64 SrcAddr, u8 Last, u32 BlockSize, u32 TotalSize) |
| This function copies the data from SrcAddr to chunk memory during processing of secure partitions. More... | |
| int | XLoader_CheckNonZeroPpk (void) |
| This function checks if PPK is programmed. More... | |
| u32 | XLoader_GetAHWRoT (const u32 *AHWRoTPtr) |
| This function returns the state of authenticated boot. More... | |
| u32 | XLoader_GetSHWRoT (const u32 *SHWRoTPtr) |
| This function returns the state of encrypted boot. More... | |
| int | XLoader_SetSecureState (void) |
| This function reads the value of PPK efuse bits, DEC only efuse bits and fields in bootheader and accordingly sets the Secure State of boot. More... | |
| XLoader_SecureTempParams * | XLoader_GetTempParams (void) |
| This function returns the pointer to XLoader_SecureTempParams. More... | |