github.com/f-secure-foundry/tamago@v0.0.0-20220307101044-d73fcdd7f11b/soc/imx6/snvs.go (about)

     1  // NXP Secure Non Volatile Storage (SNVS)
     2  // https://github.com/f-secure-foundry/tamago
     3  //
     4  // Copyright (c) F-Secure Corporation
     5  // https://foundry.f-secure.com
     6  //
     7  // Use of this source code is governed by the license
     8  // that can be found in the LICENSE file.
     9  
    10  package imx6
    11  
    12  import (
    13  	"github.com/f-secure-foundry/tamago/bits"
    14  	"github.com/f-secure-foundry/tamago/internal/reg"
    15  )
    16  
    17  const (
    18  	SNVS_HPSR_REG       = 0x020cc014
    19  	HPSR_OTPMK_ZERO     = 27
    20  	HPSR_OTPMK_SYNDROME = 16
    21  
    22  	HPSR_SSM_STATE    = 8
    23  	SSM_STATE_TRUSTED = 0b1101
    24  	SSM_STATE_SECURE  = 0b1111
    25  )
    26  
    27  // SNVS verifies whether the Secure Non Volatile Storage (SNVS) is available in
    28  // Trusted or Secure state (indicating that Secure Boot is enabled).
    29  //
    30  // The unique OTPMK internal key is available only when Secure Boot (HAB) is
    31  // enabled, otherwise a Non-volatile Test Key (NVTK), identical for each SoC,
    32  // is used.
    33  func SNVS() bool {
    34  	hpsr := reg.Read(SNVS_HPSR_REG)
    35  
    36  	// ensure that the OTPMK has been correctly programmed
    37  	if bits.Get(&hpsr, HPSR_OTPMK_ZERO, 1) != 0 || bits.Get(&hpsr, HPSR_OTPMK_SYNDROME, 0x1ff) != 0 {
    38  		return false
    39  	}
    40  
    41  	switch bits.Get(&hpsr, HPSR_SSM_STATE, 0b1111) {
    42  	case SSM_STATE_TRUSTED, SSM_STATE_SECURE:
    43  		return true
    44  	default:
    45  		return false
    46  	}
    47  }