Home | History | Annotate | Download | only in asm 
      1 /* SPDX-License-Identifier: GPL-2.0+ */
      2 /*
      3  * (C) Copyright 2016
      4  * Texas Instruments, <www.ti.com>
      5  *
      6  * Andreas Dannenberg <dannenberg (at) ti.com>
      7  */
      8 #ifndef	_OMAP_SEC_COMMON_H_
      9 #define	_OMAP_SEC_COMMON_H_
     10 
     11 #include <common.h>
     12 
     13 /*
     14  * Invoke secure ROM API on high-security (HS) device variants. It formats
     15  * the variable argument list into the format expected by the ROM code before
     16  * triggering the actual low-level smc entry.
     17  */
     18 u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...);
     19 
     20 /*
     21  * Invoke a secure ROM API on high-secure (HS) device variants that can be used
     22  * to verify a secure blob by authenticating and optionally decrypting it. The
     23  * exact operation performed depends on how the certificate that was embedded
     24  * into the blob during the signing/encryption step when the secure blob was
     25  * first created.
     26  */
     27 int secure_boot_verify_image(void **p_image, size_t *p_size);
     28 
     29 /*
     30  * Return the start of secure reserved RAM, if a default start address has
     31  * not been configured then return a region at the end of the external DRAM.
     32  */
     33 u32 get_sec_mem_start(void);
     34 
     35 /*
     36  * Invoke a secure HAL API that allows configuration of the external memory
     37  * firewall regions.
     38  */
     39 int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
     40 			       uint32_t size, uint32_t access_perm,
     41 			       uint32_t initiator_perm);
     42 
     43 /*
     44  * Invoke a secure HAL API on high-secure (HS) device variants that reserves a
     45  * region of external memory for secure world use, and protects it using memory
     46  * firewalls that prevent public world access. This API is intended to setaside
     47  * memory that will be used for a secure world OS/TEE.
     48  */
     49 int secure_emif_reserve(void);
     50 
     51 /*
     52  * Invoke a secure HAL API to lock the external memory firewall configurations.
     53  * After this API is called, none of the HAL APIs for configuring the that
     54  * firewall will be usable (calls to those APIs will return failure and have
     55  * no effect).
     56  */
     57 int secure_emif_firewall_lock(void);
     58 
     59 /*
     60  * Invoke a secure HAL API to authenticate and install a Trusted Execution
     61  * Environment (TEE) image.
     62  */
     63 int secure_tee_install(u32 tee_image);
     64 
     65 #endif /* _OMAP_SEC_COMMON_H_ */
     66