/* * Copyright (C) 2019 SAMSUNG S.LSI * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef __GRDM_COMMON__H #define __GRDM_COMMON__H /** * @file grdm_common.h * @brief Common file to use GuardianM API. */ /** * @ingroup grdm * @defgroup grdm_common GRDM_Common * @brief Common file to use GuardianM API. * * This header file provides definifions to use GuardianM API. * @{ */ #ifdef ESE_U_BOOT_BUILD #include #else //#include #include #endif // Initial status shall be SELECTABLE. #define GRDM_STATE_SELECTABLE 0x01 #define GRDM_STATE_PERSONALIZED 0x03 #define GRDM_STATE_RESET 0x07 #define GRDM_STATE_BLOCKED 0x0F //Attestation Certificate Index #define ATTESTATION_ROOT 0x00 /**< @brief Index of attestation root certificate */ #define ATTESTATION_SUBCA 0x01 /**< @brief Index of attestation sub-CA certificate */ #define ATTESTATION_ENDENTITY 0x02 /**< @brief Index of attestation end entity certificate */ #define SAK_ROOT 0x10 #define SAK 0x11 //Device Attestation Type Index #define SIMPLE_MODE 0 #define ENDTOEND_ENCRYPTION_MODE 1 //BootLoader Credential Index #define NUM_BL_CREDENTIAL 4 #define BL_CREDENTIAL_STATUS 0 #define BL_CREDENTIAL_ROT 1 /**< @brief Can be read via secure channel with the domain of index DOMAIN_INDEX_BL_ROT*/ #define BL_CREDENTIAL_KG 2 /**< @brief can be read via secure channel with the domain of index DOMAIN_INDEX_BL_KG*/ #define BL_CREDENTIAL_EM_CORE 3 /**< @brief Access of this credential is only permitted to BootLoader*/ /* * Reserved indexes for authorized accessors who can read BL credentials. * Details on access rights to BL credentials can be found in Chapter 5.2 */ #define ACCESSOR_KM 0x00 #define ACCESSOR_ICCC 0x01 /* * Indexes for secure domains managed by Guardian M * Domain Index: 0X */ #define NUM_DOMAIN_INDEX 6 #define MAX_DOMAIN_INDEX 0x05 #define MIN_DOMAIN_INDEX 0x00 #define NUM_CREDENTIAL 8 // each domain can store 8 credential data. (index 0~7) #define MAX_CREDENTIAL_SIZE 256 //Reserved indexes for domains #define DOMAIN_INDEX_KM 0x00 #define DOMAIN_INDEX_ICCC 0x01 #define DOMAIN_INDEX_ADMIN 0x10 /* * Indexes for secure sub-domains managed by Administrator of Guardian M. * Domain Index: 1X * Number of credentials for each sub-domain is the same as NUM_CREDENTIAL 8. * Maximum size of credential is the same as MAX_CREDENTIAL_SIZE 256. */ #define NUM_SUBDOMAIN 9 // index 0x11 ~ 0x19 #define MAX_SUBDOMAIN_INDEX 0x19 #define MIN_SUBDOMAIN_INDEX 0x11 //Error Codes #define GRDM_NO_ERROR 0 /**< @brief Return value of success status */ #define GRDM_UNKNOWN_ERROR -1 /**< @brief Return value of unknown error status */ #define GRDM_INVALID_DATA -2 /**< @brief Return value of invalid data status */ #define GRDM_DATA_NOT_FOUND -3 /**< @brief Return value of data not found status */ #define GRDM_DATA_PARSE_FAIL -4 /**< @brief Return value of data parse fail status */ #define GRDM_SECURITY_ACCESS_DENIED -5 /**< @brief Return value of security access denied status */ #define GRDM_SECURITY_CONDITION_ERROR -6 /**< @brief Return value of security condition error status */ #define GRDM_APDU_ERROR -7 /**< @brief Return value of APDU error status */ #define GRDM_ALREADY_INJECTED -8 /**< @brief Return value of already injected status */ #define GRDM_BUFFER_EMPTY -9 /**< @brief Return value of buffer empty status */ #define GRDM_BUFFER_NOT_ENOUGH -10 /**< @brief Return value of buffer not enough status */ #define GRDM_COMM_ERROR -11 /**< @brief Return value of common error status */ #define GRDM_AUTHENTICATION_ERROR -12 /**< @brief Return value of authentication error status */ #define GRDM_INVALID_INDEX -13 /**< @brief Return value of invalid index status */ #define GRDM_NOT_PERSONALIZED -14 /**< @brief Return value of not personalized status */ #define GRDM_BLOCKED -15 /**< @brief Return value of blocked status */ #define GRDM_BOOT_STATE_NOT_OK -16 /**< @brief Return value of boot state not ok status */ #define GRDM_ALREADY_FUSED -17 /**< @brief Return value of already fused status */ #define GRDM_FUSING_ERROR -18 /**< @brief Return value of fusing error */ #define GRDM_FUSING_BLKEY_ERROR -19 /**< @brief Return value of BL_authkey is not present */ #define GRDM_BROKEN_FW -20 /**< @brief Return value of broken fw status */ #define GRDM_FW_ALREADY_UPDATED -21 /**< @brief Return value of fw already updated status */ #define GRDM_SPIOPEN_ERROR -101 #define GRDM_SPICLOSE_ERROR -102 /** * @brief Type definition of GRDM_RESULT */ typedef int32_t GRDM_RESULT; /** * @brief Open logical channel * * - API to open logical channel. * * @return Returns ::GRDM_NO_ERROR if succeeded and other value if failed. * @see grdm_closeLogicalChannel */ GRDM_RESULT grdm_openLogicalChannel (void); /** * @brief Close logical channel * * - API to close logical channel. * * @return Returns ::GRDM_NO_ERROR if succeeded and other value if failed. * @see grdm_openLogicalChannel */ GRDM_RESULT grdm_closeLogicalChannel (void); /** * @} */ #endif