github.com/f-secure-foundry/tamago@v0.0.0-20220307101044-d73fcdd7f11b/soc/imx6/snvs.go (about) 1 // NXP Secure Non Volatile Storage (SNVS) 2 // https://github.com/f-secure-foundry/tamago 3 // 4 // Copyright (c) F-Secure Corporation 5 // https://foundry.f-secure.com 6 // 7 // Use of this source code is governed by the license 8 // that can be found in the LICENSE file. 9 10 package imx6 11 12 import ( 13 "github.com/f-secure-foundry/tamago/bits" 14 "github.com/f-secure-foundry/tamago/internal/reg" 15 ) 16 17 const ( 18 SNVS_HPSR_REG = 0x020cc014 19 HPSR_OTPMK_ZERO = 27 20 HPSR_OTPMK_SYNDROME = 16 21 22 HPSR_SSM_STATE = 8 23 SSM_STATE_TRUSTED = 0b1101 24 SSM_STATE_SECURE = 0b1111 25 ) 26 27 // SNVS verifies whether the Secure Non Volatile Storage (SNVS) is available in 28 // Trusted or Secure state (indicating that Secure Boot is enabled). 29 // 30 // The unique OTPMK internal key is available only when Secure Boot (HAB) is 31 // enabled, otherwise a Non-volatile Test Key (NVTK), identical for each SoC, 32 // is used. 33 func SNVS() bool { 34 hpsr := reg.Read(SNVS_HPSR_REG) 35 36 // ensure that the OTPMK has been correctly programmed 37 if bits.Get(&hpsr, HPSR_OTPMK_ZERO, 1) != 0 || bits.Get(&hpsr, HPSR_OTPMK_SYNDROME, 0x1ff) != 0 { 38 return false 39 } 40 41 switch bits.Get(&hpsr, HPSR_SSM_STATE, 0b1111) { 42 case SSM_STATE_TRUSTED, SSM_STATE_SECURE: 43 return true 44 default: 45 return false 46 } 47 }