Description

Device initialisation, debug lock, upgrade functionality, user data...

API for managing the Secure Element or Root code on a device. Upload and read device configuration.

Modules

Tamper options
Tamper configuration options. Levels, signals and filter options.

Data Structures

struct sl_se_cert_size_type_t
Certificate size data structure.
struct sl_se_otp_init_t
OTP initialization data structure.
struct sl_se_debug_options_t
Debug lock options.
struct sl_se_debug_status_t
Debug status.
struct sl_se_status_t
SE status.

Functions

sl_status_t sl_se_check_se_image ( sl_se_command_context_t *cmd_ctx, void *image_addr)
Validate SE firmware image.
sl_status_t sl_se_apply_se_image ( sl_se_command_context_t *cmd_ctx, void *image_addr)
Apply SE firmware image.
sl_status_t sl_se_get_upgrade_status_se_image ( sl_se_command_context_t *cmd_ctx, uint32_t *status, uint32_t *prev_version)
Get upgrade status of SE firmware image.
sl_status_t sl_se_check_host_image ( sl_se_command_context_t *cmd_ctx, void *image_addr, uint32_t size)
Validate Host firmware image.
sl_status_t sl_se_apply_host_image ( sl_se_command_context_t *cmd_ctx, void *image_addr, uint32_t size)
Apply Host firmware image.
sl_status_t sl_se_upgrade_status_clear ( sl_se_command_context_t *cmd_ctx)
Clear Host firmware upgrade status.
sl_status_t sl_se_get_upgrade_status_host_image ( sl_se_command_context_t *cmd_ctx, uint32_t *status, uint32_t *prev_version)
Get upgrade status of Host firmware image.
sl_status_t sl_se_init_otp_key ( sl_se_command_context_t *cmd_ctx, sl_se_device_key_type_t key_type, void *key, uint32_t num_bytes)
Initialize key to be stored in the SE OTP flash.
sl_status_t sl_se_read_pubkey ( sl_se_command_context_t *cmd_ctx, sl_se_device_key_type_t key_type, void *key, uint32_t num_bytes)
Read a public key stored in the SE.
sl_status_t sl_se_init_otp ( sl_se_command_context_t *cmd_ctx, sl_se_otp_init_t *otp_init)
Initialize SE OTP configuration.
sl_status_t sl_se_read_otp ( sl_se_command_context_t *cmd_ctx, sl_se_otp_init_t *otp_settings)
Read SE OTP configuration.
sl_status_t sl_se_get_se_version ( sl_se_command_context_t *cmd_ctx, uint32_t *version)
Read the SE firmware version.
sl_status_t sl_se_get_debug_lock_status ( sl_se_command_context_t *cmd_ctx, sl_se_debug_status_t *status)
Returns the current debug lock configuration.
sl_status_t sl_se_apply_debug_lock ( sl_se_command_context_t *cmd_ctx)
Enables the debug lock for the part.
sl_status_t sl_se_write_user_data ( sl_se_command_context_t *cmd_ctx, uint32_t offset, void *data, uint32_t num_bytes)
Writes data to User Data section in MTP.
sl_status_t sl_se_erase_user_data ( sl_se_command_context_t *cmd_ctx)
Erases User Data section in MTP.
sl_status_t sl_se_get_status ( sl_se_command_context_t *cmd_ctx, sl_se_status_t *status)
Returns the current boot status, versions and system configuration.
sl_status_t sl_se_get_serialnumber ( sl_se_command_context_t *cmd_ctx, void *serial)
Read the serial number of the SE module.
sl_status_t sl_se_get_otp_version ( sl_se_command_context_t *cmd_ctx, uint32_t *version)
Read the OTP firmware version of the SE module.
sl_status_t sl_se_get_reset_cause ( sl_se_command_context_t *cmd_ctx, uint32_t *reset_cause)
Read the EMU->RSTCAUSE after a tamper reset.
sl_status_t sl_se_enable_secure_debug ( sl_se_command_context_t *cmd_ctx)
Enables the secure debug functionality.
sl_status_t sl_se_disable_secure_debug ( sl_se_command_context_t *cmd_ctx)
Disables the secure debug functionality.
sl_status_t sl_se_set_debug_options ( sl_se_command_context_t *cmd_ctx, const sl_se_debug_options_t *debug_options)
Set debug options.
sl_status_t sl_se_erase_device ( sl_se_command_context_t *cmd_ctx)
Performs a device mass erase and debug unlock.
sl_status_t sl_se_disable_device_erase ( sl_se_command_context_t *cmd_ctx)
Disabled device erase functionality.
sl_status_t sl_se_get_challenge ( sl_se_command_context_t *cmd_ctx, sl_se_challenge_t challenge)
Request challenge from SE which can be used to open debug access.
sl_status_t sl_se_roll_challenge ( sl_se_command_context_t *cmd_ctx)
Invalidate current challenge and make a new challenge.
sl_status_t sl_se_open_debug ( sl_se_command_context_t *cmd_ctx, void *cert, uint32_t len, const sl_se_debug_options_t *debug_options)
Unlock debug access using certificate and signed challenge.
sl_status_t sl_se_disable_tamper ( sl_se_command_context_t *cmd_ctx, void *cert, uint32_t len, sl_se_tamper_signals_t tamper_signals)
Temporarily disable tamper configuration using certificate and signed challenge.
sl_status_t sl_se_read_cert_size ( sl_se_command_context_t *cmd_ctx, sl_se_cert_size_type_t *cert_size)
Read size of stored certificates in SE.
sl_status_t sl_se_read_cert ( sl_se_command_context_t *cmd_ctx, sl_se_cert_type_t cert_type, void *cert, uint32_t num_bytes)
Read stored certificates in SE.

Macros

#define SL_SE_OTP_INIT_DEFAULT
Default configuration for OTP initialisation structure.
#define SL_SE_CHALLENGE_SIZE 16
SE Challenge size.
#define SL_SE_CERT_KEY_SIZE 64
Certificate key size.
#define SL_SE_CERT_SIGN_SIZE 64
Certificate signature size.
#define SL_SE_CERT_BATCH 0x01
Batch ID certificate.
#define SL_SE_CERT_DEVICE_SE 0x02
SE ID certificate.
#define SL_SE_CERT_DEVICE_HOST 0x03
Host ID certificate.

Typedefs

typedef uint8_t sl_se_tamper_level_t
SE tamper signal levels.
typedef uint32_t sl_se_tamper_signals_t
SE tamper signals.
typedef uint8_t sl_se_tamper_filter_period_t
SE tamper filter timeout period.
typedef uint8_t sl_se_tamper_filter_threshold_t
Number of tamper counts to trigger the filter signal.
typedef uint8_t sl_se_cert_type_t
SE certificate types.
typedef uint32_t sl_se_debug_flags_t
SE Debug lock flags.
typedef uint8_t sl_se_challenge_t [ SL_SE_CHALLENGE_SIZE ]
SE challenge storage.

Enumerations

enum sl_se_device_key_type_t {
SL_SE_KEY_TYPE_IMMUTABLE_BOOT = 0,
SL_SE_KEY_TYPE_IMMUTABLE_AUTH ,
SL_SE_KEY_TYPE_IMMUTABLE_AES_128 ,
SL_SE_KEY_TYPE_IMMUTABLE_ATTESTATION ,
SL_SE_KEY_TYPE_IMMUTABLE_SE_ATTESTATION
}
OTP key types.

Function Documentation

sl_se_check_se_image()

sl_status_t sl_se_check_se_image ( sl_se_command_context_t * cmd_ctx,
void * image_addr
)

Validate SE firmware image.

Validate SE firmware image located at given address. This function is typically used before calling sl_se_apply_se_image.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] image_addr Pointer to SE image to validate.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_apply_se_image()

sl_status_t sl_se_apply_se_image ( sl_se_command_context_t * cmd_ctx,
void * image_addr
)

Apply SE firmware image.

Apply SE firmware image located at given address.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] image_addr Pointer to SE image to apply.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_get_upgrade_status_se_image()

sl_status_t sl_se_get_upgrade_status_se_image ( sl_se_command_context_t * cmd_ctx,
uint32_t * status,
uint32_t * prev_version
)

Get upgrade status of SE firmware image.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] status Pointer to 32-bit word where to return upgrade status.
[in] prev_version Pointer to 32-bit word where to return previous version.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_check_host_image()

sl_status_t sl_se_check_host_image ( sl_se_command_context_t * cmd_ctx,
void * image_addr,
uint32_t size
)

Validate Host firmware image.

Validate Host firmware image located at given address. This function is typically used before calling sl_se_apply_host_image .

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] image_addr Pointer to Host image to validate.
[in] size Size of Host image to validate.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_apply_host_image()

sl_status_t sl_se_apply_host_image ( sl_se_command_context_t * cmd_ctx,
void * image_addr,
uint32_t size
)

Apply Host firmware image.

Apply Host firmware image located at given address.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] image_addr Pointer to Host image to apply.
[in] size Size of Host image to apply.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_upgrade_status_clear()

sl_status_t sl_se_upgrade_status_clear ( sl_se_command_context_t * cmd_ctx )

Clear Host firmware upgrade status.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
Returns
Return values
SL_STATUS_OK when the Host upgrade status has been cleared, otherwise an error code from sl_status.h if no upgrade has been run and there is nothing to clear.

sl_se_get_upgrade_status_host_image()

sl_status_t sl_se_get_upgrade_status_host_image ( sl_se_command_context_t * cmd_ctx,
uint32_t * status,
uint32_t * prev_version
)

Get upgrade status of Host firmware image.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] status Pointer to 32-bit word where to return upgrade status.
[in] prev_version Pointer to 32-bit word where to return previous version.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_init_otp_key()

sl_status_t sl_se_init_otp_key ( sl_se_command_context_t * cmd_ctx,
sl_se_device_key_type_t key_type,
void * key,
uint32_t num_bytes
)

Initialize key to be stored in the SE OTP flash.

Initialize key stored in the SE. The command can be used to write ( sl_se_device_key_type_t ):

  • SL_SE_KEY_TYPE_IMMUTABLE_BOOT
  • SL_SE_KEY_TYPE_IMMUTABLE_AUTH
  • SL_SE_KEY_TYPE_IMMUTABLE_AES_128
Note
These keys can not be overwritten, so this command can only be issued once per key per part.
Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] key_type ID of key type to initialize.
[in] key Pointer to a buffer that contains the key. Public keys must be word aligned and have a length of 64 bytes. AES-128 keys must be word aligned and have length of 16 bytes.
[in] num_bytes Length of key buffer in bytes (16 or 64 bytes).
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_read_pubkey()

sl_status_t sl_se_read_pubkey ( sl_se_command_context_t * cmd_ctx,
sl_se_device_key_type_t key_type,
void * key,
uint32_t num_bytes
)

Read a public key stored in the SE.

Read out a public key stored in the SE. The command can be used to read ( sl_se_device_key_type_t ):

  • SL_SE_KEY_TYPE_IMMUTABLE_BOOT
  • SL_SE_KEY_TYPE_IMMUTABLE_AUTH
Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] key_type ID of key type to read.
[out] key Pointer to a buffer to contain the returned public key. Must be word aligned and have a length of 64 bytes.
[in] num_bytes Length of pubkey buffer (64 bytes).
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_init_otp()

sl_status_t sl_se_init_otp ( sl_se_command_context_t * cmd_ctx,
sl_se_otp_init_t * otp_init
)

Initialize SE OTP configuration.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] otp_init Pointer to OTP initialization structure.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed
SL_STATUS_ABORT when the operation is not attempted.

sl_se_read_otp()

sl_status_t sl_se_read_otp ( sl_se_command_context_t * cmd_ctx,
sl_se_otp_init_t * otp_settings
)

Read SE OTP configuration.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] otp_settings Pointer to OTP initialization structure.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_COMMAND if OTP configuration isn't initialized
SL_STATUS_ABORT when the operation is not attempted.

sl_se_get_se_version()

sl_status_t sl_se_get_se_version ( sl_se_command_context_t * cmd_ctx,
uint32_t * version
)

Read the SE firmware version.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] version Pointer to uint32_t word where version shall be returned.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_OWNERSHIP when the ownership is already taken
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_get_debug_lock_status()

sl_status_t sl_se_get_debug_lock_status ( sl_se_command_context_t * cmd_ctx,
sl_se_debug_status_t * status
)

Returns the current debug lock configuration.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] status Pointer to sl_se_debug_status_t structure to be filled out with the current status of the debug configuration.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_apply_debug_lock()

sl_status_t sl_se_apply_debug_lock ( sl_se_command_context_t * cmd_ctx )

Enables the debug lock for the part.

The debug port will be closed and the only way to open it is through device erase (if enabled) or through secure debug unlock (if enabled).

Parameters
[in] cmd_ctx Pointer to an SE command context object.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully

sl_se_write_user_data()

sl_status_t sl_se_write_user_data ( sl_se_command_context_t * cmd_ctx,
uint32_t offset,
void * data,
uint32_t num_bytes
)

Writes data to User Data section in MTP.

Write data must be aligned to word size and contain a number of bytes that is divisable by four.

Note
It is recommended to erase the flash page before performing a write.
Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] offset Offset to the flash word to write to. Must be aligned to words.
[in] data Data to write to flash.
[in] num_bytes Number of bytes to write to flash. NB: Must be divisable by four.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_erase_user_data()

sl_status_t sl_se_erase_user_data ( sl_se_command_context_t * cmd_ctx )

Erases User Data section in MTP.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_get_status()

sl_status_t sl_se_get_status ( sl_se_command_context_t * cmd_ctx,
sl_se_status_t * status
)

Returns the current boot status, versions and system configuration.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] status SE_Status_t containing current SE status.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK upon command completion. Errors are encoded in the different parts of the returned status object.
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_get_serialnumber()

sl_status_t sl_se_get_serialnumber ( sl_se_command_context_t * cmd_ctx,
void * serial
)

Read the serial number of the SE module.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] serial Pointer to array of size 16 bytes.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_get_otp_version()

sl_status_t sl_se_get_otp_version ( sl_se_command_context_t * cmd_ctx,
uint32_t * version
)

Read the OTP firmware version of the SE module.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] version Pointer to uint32_t word where version shall be returned.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_get_reset_cause()

sl_status_t sl_se_get_reset_cause ( sl_se_command_context_t * cmd_ctx,
uint32_t * reset_cause
)

Read the EMU->RSTCAUSE after a tamper reset.

This function should be called if EMU->RSTCAUSE has been cleared upon boot.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] reset_cause Pointer to uint32_t word where reset cause shall be returned.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized

sl_se_enable_secure_debug()

sl_status_t sl_se_enable_secure_debug ( sl_se_command_context_t * cmd_ctx )

Enables the secure debug functionality.

Enables the secure debug functionality that can be used to open a locked debug port through the Get challenge and Open debug commands. This command can only be executed before the debug port is locked, and after a secure debug public key has been installed in the SE.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully

sl_se_disable_secure_debug()

sl_status_t sl_se_disable_secure_debug ( sl_se_command_context_t * cmd_ctx )

Disables the secure debug functionality.

Parameters
[in] cmd_ctx Pointer to an SE command context object.

Disables the secure debug functionality that can be used to open a locked debug port.

Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully

sl_se_set_debug_options()

sl_status_t sl_se_set_debug_options ( sl_se_command_context_t * cmd_ctx,
const sl_se_debug_options_t * debug_options
)

Set debug options.

This function makes it possible to configure the Trust-Zone access permissions of the debug interface. For details please refer to sl_se_debug_options_t .

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] debug_options Pointer to debug options structure.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully

sl_se_erase_device()

sl_status_t sl_se_erase_device ( sl_se_command_context_t * cmd_ctx )

Performs a device mass erase and debug unlock.

Performs a device mass erase and resets the debug configuration to its initial unlocked state. Only available before DEVICE_ERASE_DISABLE has been executed.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
Note
This command clears and verifies the complete flash and ram of the system, excluding the user data pages and one-time programmable commissioning information in the secure element.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_COMMAND if device erase is disabled.

sl_se_disable_device_erase()

sl_status_t sl_se_disable_device_erase ( sl_se_command_context_t * cmd_ctx )

Disabled device erase functionality.

This command disables the device erase command. It does not lock the debug interface to the part, but it is a permanent action for the part. If device erase is disabled and the device is debug locked, there is no way to permanently unlock the part. If secure debug unlock is enabled, secure debug unlock can still be used to temporarily open the debug port.

Warning
This command permanently disables the device erase functionality!
Parameters
[in] cmd_ctx Pointer to an SE command context object.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully

sl_se_get_challenge()

sl_status_t sl_se_get_challenge ( sl_se_command_context_t * cmd_ctx,
sl_se_challenge_t challenge
)

Request challenge from SE which can be used to open debug access.

This command requests a challenge (16 bytes) which can be used to generate a certificate in order to open debug access, sl_se_open_debug .

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[out] challenge SE challenge storage.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_roll_challenge()

sl_status_t sl_se_roll_challenge ( sl_se_command_context_t * cmd_ctx )

Invalidate current challenge and make a new challenge.

This command requests the SE to invalidate it's current challenge (16bytes) and generate a new challenge.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully

sl_se_open_debug()

sl_status_t sl_se_open_debug ( sl_se_command_context_t * cmd_ctx,
void * cert,
uint32_t len,
const sl_se_debug_options_t * debug_options
)

Unlock debug access using certificate and signed challenge.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] cert Certificate for debug unlock and signed challenge.
[in] len Length of certificate in number of bytes.
[in] debug_options Debug options to open/unlock.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_disable_tamper()

sl_status_t sl_se_disable_tamper ( sl_se_command_context_t * cmd_ctx,
void * cert,
uint32_t len,
sl_se_tamper_signals_t tamper_signals
)

Temporarily disable tamper configuration using certificate and signed challenge.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] cert Certificate for disabling tamper and signed challenge.
[in] len Length of certificate in number of bytes.
[in] tamper_signals Tamper signals to disable. Each signal represented by a bit.
Returns
One of the following sl_status_t codes:
Return values
SL_STATUS_OK when the command was executed successfully
SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed

sl_se_read_cert_size()

sl_status_t sl_se_read_cert_size ( sl_se_command_context_t * cmd_ctx,
sl_se_cert_size_type_t * cert_size
)

Read size of stored certificates in SE.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in,out] cert_size Size of the certificates stored in SE.
Returns
Status code, sl_status.h.

sl_se_read_cert()

sl_status_t sl_se_read_cert ( sl_se_command_context_t * cmd_ctx,
sl_se_cert_type_t cert_type,
void * cert,
uint32_t num_bytes
)

Read stored certificates in SE.

Parameters
[in] cmd_ctx Pointer to an SE command context object.
[in] cert_type Type of the certificate stored in SE.
[in,out] cert Buffer to read certificate.
[in] num_bytes Length of certificate in number of bytes.
Returns
Status code, sl_status.h.

Macro Definition Documentation

SL_SE_OTP_INIT_DEFAULT

#define SL_SE_OTP_INIT_DEFAULT
Value:
{ \
.enable_secure_boot = false , \
.verify_secure_boot_certificate = false , \
.enable_anti_rollback = false , \
.secure_boot_page_lock_narrow = false , \
.secure_boot_page_lock_full = false , \
.tamper_levels = { 0 }, \
.tamper_filter_period = SL_SE_TAMPER_FILTER_PERIOD_2MIN , \
.tamper_filter_threshold = SL_SE_TAMPER_FILTER_THRESHOLD_4 , \
.tamper_flags = 0, \
.tamper_reset_threshold = 5 \
}

Default configuration for OTP initialisation structure.

SL_SE_CHALLENGE_SIZE

#define SL_SE_CHALLENGE_SIZE   16

SE Challenge size.

SL_SE_CERT_KEY_SIZE

#define SL_SE_CERT_KEY_SIZE   64

Certificate key size.

SL_SE_CERT_SIGN_SIZE

#define SL_SE_CERT_SIGN_SIZE   64

Certificate signature size.

SL_SE_CERT_BATCH

#define SL_SE_CERT_BATCH   0x01

Batch ID certificate.

SL_SE_CERT_DEVICE_SE

#define SL_SE_CERT_DEVICE_SE   0x02

SE ID certificate.

SL_SE_CERT_DEVICE_HOST

#define SL_SE_CERT_DEVICE_HOST   0x03

Host ID certificate.

Typedef Documentation

sl_se_tamper_level_t

typedef uint8_t sl_se_tamper_level_t

SE tamper signal levels.

sl_se_tamper_signals_t

typedef uint32_t sl_se_tamper_signals_t

SE tamper signals.

sl_se_tamper_filter_period_t

SE tamper filter timeout period.

sl_se_tamper_filter_threshold_t

Number of tamper counts to trigger the filter signal.

sl_se_cert_type_t

typedef uint8_t sl_se_cert_type_t

SE certificate types.

sl_se_debug_flags_t

typedef uint32_t sl_se_debug_flags_t

SE Debug lock flags.

sl_se_challenge_t

typedef uint8_t sl_se_challenge_t[ SL_SE_CHALLENGE_SIZE ]

SE challenge storage.

Enumeration Type Documentation

sl_se_device_key_type_t

OTP key types.