wolfBoot/include/hal.h at 2fcc98669dc19d4b7a9ef15820d5afc42ea208b0 · wolfSSL/wolfBoot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
/* hal.h
 *
 * The HAL API definitions.
 *
 * Copyright (C) 2025 wolfSSL Inc.
 *
 * This file is part of wolfBoot.
 *
 * wolfBoot is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * wolfBoot is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

#ifndef H_HAL_
#define H_HAL_

#ifdef __cplusplus
extern "C" {
#endif

#include "target.h"
#include <stddef.h>
#include <stdint.h>

/* Architecture specific calls */
#ifdef MMU
extern void do_boot(const uint32_t *app_offset, const uint32_t* dts_offset);
#else
extern void do_boot(const uint32_t *app_offset);
#endif
extern void arch_reboot(void);

/* Simulator-only calls */
#ifdef TARGET_sim
void hal_set_internal_flash_file(const char* file);
void hal_set_external_flash_file(const char* file);
void hal_deinit();
#endif

#if !defined(ARCH_64BIT) && \
    (defined(ARCH_x86_64) || defined(ARCH_AARCH64) || defined(ARCH_SIM))
    #define ARCH_64BIT
#endif

void hal_init(void);

/* Timer functions (platform-specific, used for benchmarking) */
#if defined(WOLFBOOT_UPDATE_DISK) || defined(BOOT_BENCHMARK)
uint64_t hal_get_timer_us(void);
#endif

/* Boot benchmarking macros
 * Usage: Declare BENCHMARK_DECLARE() at function scope,
 *        then use BENCHMARK_START() and BENCHMARK_END(msg) to measure time.
 */
#ifdef BOOT_BENCHMARK
    #define BENCHMARK_DECLARE() uint64_t _boot_bench_start
    #define BENCHMARK_START() (_boot_bench_start = hal_get_timer_us())
    #define BENCHMARK_END(msg) do { \
        uint64_t _elapsed_ms = (hal_get_timer_us() - _boot_bench_start) / 1000; \
        wolfBoot_printf(msg " (%lu ms)\r\n", (unsigned long)_elapsed_ms); \
    } while(0)
#else
    #define BENCHMARK_DECLARE() do {} while(0)
    #define BENCHMARK_START() do {} while(0)
    #define BENCHMARK_END(msg) wolfBoot_printf(msg "\r\n")
#endif

#ifdef ARCH_64BIT
    typedef uintptr_t haladdr_t; /* 64-bit platforms */
    int hal_flash_write(uintptr_t address, const uint8_t *data, int len);
    int hal_flash_erase(uintptr_t address, int len);
#else
    typedef uint32_t haladdr_t; /* original 32-bit */
    int hal_flash_write(uint32_t address, const uint8_t *data, int len);
    int hal_flash_erase(uint32_t address, int len);
#endif
void hal_flash_unlock(void);
void hal_flash_lock(void);
/*
 * Lock the flash region [address, address + len) against writes.
 * Return 0 on success, or a negative value on failure.
 */
int hal_flash_protect(haladdr_t address, int len);
void hal_prepare_boot(void);

#ifdef DUALBANK_SWAP
    void hal_flash_dualbank_swap(void);
#endif

#ifdef WOLFBOOT_DUALBOOT
    void* hal_get_primary_address(void);
    void* hal_get_update_address(void);
#endif

#ifdef MMU
    void *hal_get_dts_address(void);
    void *hal_get_dts_update_address(void);
#endif

#if !defined(SPI_FLASH) && !defined(QSPI_FLASH) && !defined(OCTOSPI_FLASH)
    /* user supplied external flash interfaces */
    int  ext_flash_write(uintptr_t address, const uint8_t *data, int len);
    int  ext_flash_read(uintptr_t address, uint8_t *data, int len);
    int  ext_flash_erase(uintptr_t address, int len);
    void ext_flash_lock(void);
    void ext_flash_unlock(void);
#else
    #include "spi_flash.h"
    #define ext_flash_lock() do{}while(0)
    #define ext_flash_unlock() do{}while(0)
    #define ext_flash_read spi_flash_read
    #define ext_flash_write spi_flash_write
    static inline int ext_flash_erase(uintptr_t address, int len)
    {
        int ret = 0;
        uint32_t end = address + len - 1;
        uint32_t p;
        for (p = address; p <= end; p += SPI_FLASH_SECTOR_SIZE) {
            ret = spi_flash_sector_erase(p);
            if (ret != 0) {
                break;
            }
        }
        return ret;
    }
#endif /* !SPI_FLASH */

#ifdef TZEN

/* TrustZone hal API */

void hal_tz_claim_nonsecure_area(uint32_t address, int len);
void hal_tz_release_nonsecure_area(void);
void hal_tz_sau_init(void);
void hal_tz_sau_ns_region(void);
void hal_gtzc_init(void);

/* Needed by TZ to claim/release nonsecure flash areas */
void hal_flash_wait_complete(uint8_t bank);
void hal_flash_clear_errors(uint8_t bank);

#endif

#ifdef WOLFCRYPT_SECURE_MODE

void hal_trng_init(void);
void hal_trng_fini(void);
int hal_trng_get_entropy(unsigned char *out, unsigned len);

#endif

/* Attestation helpers (optional, weak stubs available). */
int hal_uds_derive_key(uint8_t *out, size_t out_len);
int hal_attestation_get_lifecycle(uint32_t *lifecycle);
int hal_attestation_get_implementation_id(uint8_t *buf, size_t *len);
int hal_attestation_get_ueid(uint8_t *buf, size_t *len);
int hal_attestation_get_iak_private_key(uint8_t *buf, size_t *len);

#ifdef FLASH_OTP_KEYSTORE

int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length);
int hal_flash_otp_set_readonly(uint32_t flashAddress, uint16_t length);
int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length);

#endif

#ifdef TEST_FLASH
int hal_flash_test(void);
#endif


#if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT)

#include "wolfhsm/wh_error.h"         /* wolfHSM error codes */
#include "wolfhsm/wh_client.h"        /* For client API access */
#include "wolfhsm/wh_client_crypto.h" /* For client crypto helper API */

extern whClientContext hsmClientCtx; /* global wolfHSM client context */

int hal_hsm_init_connect(void);
int hal_hsm_disconnect(void);

#elif defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) /*WOLFBOOT_ENABLE_WOLFHSM_CLIENT*/

#include "wolfhsm/wh_error.h"
#include "wolfhsm/wh_server.h"
#include "wolfhsm/wh_server_crypto.h"
#include "wolfhsm/wh_server_keystore.h"
#if defined(WOLFBOOT_CERT_CHAIN_VERIFY)
#include "wolfhsm/wh_server_cert.h"
#endif

extern whServerContext hsmServerCtx; /* global wolfHSM server context */

int hal_hsm_server_init(void);
int hal_hsm_server_cleanup(void);

#endif /* WOLFBOOT_ENABLE_WOLFHSM_SERVER */

#if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \
    defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)

/* devId and KeyIds for wolfHSM operations */

extern const int hsmDevIdHash;   /* devId for image digest */
extern const int hsmDevIdPubKey; /* devId for signature verification */
extern const int hsmKeyIdPubKey; /* KeyId for public key operations */
#ifdef EXT_ENCRYPTED
extern const int hsmDevIdCrypt; /* devId for image (enc)decryption */
extern const int hsmKeyIdCrypt; /* KeyId for image (enc/dec)ryption */
#endif
#ifdef WOLFBOOT_CERT_CHAIN_VERIFY
/* NvmId for trusted root CA certificate */
extern const whNvmId hsmNvmIdCertRootCA;
#endif

#endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || WOLFBOOT_ENABLE_WOLFHSM_SERVER */

#ifdef __cplusplus
}
#endif

#endif /* H_HAL_FLASH_ */