diff options
author | Ji Luo <ji.luo@nxp.com> | 2019-07-17 12:21:09 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2020-05-15 17:34:30 +0800 |
commit | 0221aefb405c8ad72bef2f5a4bdeaf350f533228 (patch) | |
tree | 2fc35f336625e8e168395bfdb2d4346e80ec5192 /include/trusty | |
parent | c4d8f9d5db2448810f7f5c6d58849f988073a8df (diff) |
MA-15151 Limit some hwcrypto commands within bootloader
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.
Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo <ji.luo@nxp.com>
(cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505)
Diffstat (limited to 'include/trusty')
-rw-r--r-- | include/trusty/hwcrypto.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/trusty/hwcrypto.h b/include/trusty/hwcrypto.h index d6837d6f84..bf7ae4cd87 100644 --- a/include/trusty/hwcrypto.h +++ b/include/trusty/hwcrypto.h @@ -82,4 +82,11 @@ int hwcrypto_gen_rng(uint32_t buf, uint32_t len); * @len: size of required rng. * */ int hwcrypto_gen_bkek(uint32_t buf, uint32_t len); + +/* Send request to secure side to lock boot state, so some + * hwcrypto commands can't be used outside of bootloader. + * Returns one of trusty_err. + * */ +int hwcrypto_lock_boot_state(void); + #endif /* TRUSTY_HWCRYPTO_H_ */ |