MA-15151 Limit some hwcrypto commands within bootloader

It can be dangerous to export some hwcrypto commands to Linux, add commands to limit some commands within bootloader. Test: hwcrypto commands can't be used after locking boot state. Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22 Signed-off-by: Ji Luo <ji.luo@nxp.com> (cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505)
author: Ji Luo <ji.luo@nxp.com> 2019-07-17 12:21:09 +0800
committer: Ji Luo <ji.luo@nxp.com> 2020-05-15 17:34:30 +0800
commit: 0221aefb405c8ad72bef2f5a4bdeaf350f533228 (patch)
tree: 2fc35f336625e8e168395bfdb2d4346e80ec5192 /include/trusty
parent: c4d8f9d5db2448810f7f5c6d58849f988073a8df (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/include/trusty/hwcrypto.h b/include/trusty/hwcrypto.h
index d6837d6f84..bf7ae4cd87 100644
--- a/include/trusty/hwcrypto.h
+++ b/include/trusty/hwcrypto.h
@@ -82,4 +82,11 @@ int hwcrypto_gen_rng(uint32_t buf, uint32_t len);
  * @len: size of required rng.
  * */
 int hwcrypto_gen_bkek(uint32_t buf, uint32_t len);
+
+/* Send request to secure side to lock boot state, so some
+ * hwcrypto commands can't be used outside of bootloader.
+ * Returns one of trusty_err.
+ * */
+int hwcrypto_lock_boot_state(void);
+
 #endif /* TRUSTY_HWCRYPTO_H_ */
author	Ji Luo <ji.luo@nxp.com>	2019-07-17 12:21:09 +0800
committer	Ji Luo <ji.luo@nxp.com>	2020-05-15 17:34:30 +0800
commit	0221aefb405c8ad72bef2f5a4bdeaf350f533228 (patch)
tree	2fc35f336625e8e168395bfdb2d4346e80ec5192 /include/trusty
parent	c4d8f9d5db2448810f7f5c6d58849f988073a8df (diff)