Deprecated Functions
Description
Deprecated Functions.
Data Structures |
|
struct | SE_OTPInit_t |
SE OTP initialization struct.
|
|
struct | SE_DebugStatus_t |
SE debug status.
|
|
struct | SE_Status_t |
SE status.
|
|
Functions |
|
SE_Response_t |
SE_initOTP
(
SE_OTPInit_t
*otp_init) SL_DEPRECATED_API_SDK_3_0
|
SE_Response_t |
SE_initPubkey
(uint32_t key_type, void *pubkey, uint32_t numBytes, bool signature) SL_DEPRECATED_API_SDK_3_0
|
SE_Response_t |
SE_writeUserData
(uint32_t offset, void *data, uint32_t numBytes)
|
SE_Response_t |
SE_eraseUserData
()
|
SE_Response_t |
SE_readPubkey
(uint32_t key_type, void *pubkey, uint32_t numBytes, bool signature)
|
SE_Response_t |
SE_debugLockStatus
(
SE_DebugStatus_t
*status)
|
SE_Response_t |
SE_debugLockApply
(void)
|
SE_Response_t |
SE_debugSecureEnable
(void)
|
SE_Response_t |
SE_debugSecureDisable
(void)
|
SE_Response_t |
SE_deviceEraseDisable
(void)
|
SE_Response_t |
SE_deviceErase
(void)
|
SE_Response_t |
SE_getStatus
(
SE_Status_t
*status)
|
SE_Response_t |
SE_serialNumber
(void *serial)
|
Function Documentation
◆ SE_initOTP()
SE_Response_t SE_initOTP | ( | SE_OTPInit_t * |
otp_init
|
) |
Initialize SE one-time-programmable (OTP) configuration.
Configuration is performed by setting the desired options in the SE_OTPInit_t structure.
This function can be used to enable secure boot, to configure flash page locking, and to enable anti-rollback protection when using the SE to perform an application upgrade, typically a Gecko bootloader upgrade.
Before secure boot can be enabled, the public key used for secure boot verification must be uploaded using
SE_initPubkey()
.
- Warning
- This command can only be executed once per device! When the configuration has been programmed it is not possible to update any of the fields.
- Parameters
-
[in] otp_init
SE_OTPInit_t structure containing the SE configuration.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully
◆ SE_initPubkey()
SE_Response_t SE_initPubkey | ( | uint32_t |
key_type,
|
void * |
pubkey,
|
||
uint32_t |
numBytes,
|
||
bool |
signature
|
||
) |
Init pubkey or pubkey signature.
Initialize public key stored in the SE, or its corresponding signature. The command can be used to write:
- SE_KEY_TYPE_BOOT – public key used to perform secure boot
- SE_KEY_TYPE_AUTH – public key used to perform secure debug
- Note
- These keys can not be overwritten, so this command can only be issued once per key per part.
- Parameters
-
[in] key_type
ID of key type to initialize. [in] pubkey
Pointer to a buffer that contains the public key or signature. Must be word aligned and have a length of 64 bytes. [in] numBytes
Length of pubkey buffer (64 bytes). [in] signature
If true, initialize signature for the specified key type instead of the public key itself.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully SE_RESPONSE_TEST_FAILED
when the pubkey is not set SE_RESPONSE_INVALID_PARAMETER
when an invalid type is passed
◆ SE_writeUserData()
SE_Response_t SE_writeUserData | ( | uint32_t |
offset,
|
void * |
data,
|
||
uint32_t |
numBytes
|
||
) |
Writes data to User Data section in MTP. Write data must be aligned to word size and contain a number of bytes that is divisable by four.
- Note
- It is recommended to erase the flash page before performing a write.
- Parameters
-
[in] offset
Offset to the flash word to write to. Must be aligned to words. [in] data
Data to write to flash. [in] numBytes
Number of bytes to write to flash. NB: Must be divisable by four.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully or a signature was successfully verified, SE_RESPONSE_INVALID_COMMAND
when the command ID was not recognized, SE_RESPONSE_AUTHORIZATION_ERROR
when the command is not authorized, SE_RESPONSE_INVALID_SIGNATURE
when signature verification failed, SE_RESPONSE_BUS_ERROR
when a bus error was thrown during the command, e.g. because of conflicting Secure/Non-Secure memory accesses, SE_RESPONSE_CRYPTO_ERROR
on an internal SE failure, or SE_RESPONSE_INVALID_PARAMETER
when an invalid parameter was passed
◆ SE_eraseUserData()
SE_Response_t SE_eraseUserData | ( |
|
) |
Erases User Data section in MTP.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully or a signature was successfully verified, SE_RESPONSE_INVALID_COMMAND
when the command ID was not recognized, SE_RESPONSE_AUTHORIZATION_ERROR
when the command is not authorized, SE_RESPONSE_INVALID_SIGNATURE
when signature verification failed, SE_RESPONSE_BUS_ERROR
when a bus error was thrown during the command, e.g. because of conflicting Secure/Non-Secure memory accesses, SE_RESPONSE_CRYPTO_ERROR
on an internal SE failure, or SE_RESPONSE_INVALID_PARAMETER
when an invalid parameter was passed
◆ SE_readPubkey()
SE_Response_t SE_readPubkey | ( | uint32_t |
key_type,
|
void * |
pubkey,
|
||
uint32_t |
numBytes,
|
||
bool |
signature
|
||
) |
Read pubkey or pubkey signature.
Read out a public key stored in the SE, or its signature. The command can be used to read:
- SE_KEY_TYPE_BOOT
- SE_KEY_TYPE_AUTH
- Parameters
-
[in] key_type
ID of key type to read. [out] pubkey
Pointer to a buffer to contain the returned public key. Must be word aligned and have a length of 64 bytes. [in] numBytes
Length of pubkey buffer (64 bytes). [in] signature
If true, the function will return the signature programmed for the specified public key instead of the public key itself.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully SE_RESPONSE_TEST_FAILED
when the pubkey is not set SE_RESPONSE_INVALID_PARAMETER
when an invalid type is passed
◆ SE_debugLockStatus()
SE_Response_t SE_debugLockStatus | ( | SE_DebugStatus_t * |
status
|
) |
Returns the current debug lock configuration.
- Parameters
-
[out] status
The command returns a SE_DebugStatus_t with the current status of the debug configuration.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully. SE_RESPONSE_INTERNAL_ERROR
if there are configuration errors.
◆ SE_debugLockApply()
SE_Response_t SE_debugLockApply | ( | void |
|
) |
Enables the debug lock for the part.
The debug port will be closed and the only way to open it is through device erase (if enabled) or temporarily through secure debug unlock (if enabled).
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully. SE_RESPONSE_INTERNAL_ERROR
there was a problem locking the debug port.
◆ SE_debugSecureEnable()
SE_Response_t SE_debugSecureEnable | ( | void |
|
) |
Enables the secure debug functionality.
Enables the secure debug functionality. This functionality makes it possible to open a locked debug port by signing a cryptographic challenge and using the debug command interface (DCI).
This command can only be executed before the debug port is locked, and after a secure debug public key has been installed in the SE using
SE_initPubkey()
or the corresponding DCI command.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully. SE_RESPONSE_INVALID_COMMAND
if debug port is locked. SE_RESPONSE_INVALID_PARAMETER
if secure debug certificates are missing. SE_RESPONSE_INTERNAL_ERROR
if there was a problem during execution.
◆ SE_debugSecureDisable()
SE_Response_t SE_debugSecureDisable | ( | void |
|
) |
Disables the secure debug functionality.
Disables the secure debug functionality that can be used to open a locked debug port.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully. SE_RESPONSE_INTERNAL_ERROR
if there was a problem during execution.
◆ SE_deviceEraseDisable()
SE_Response_t SE_deviceEraseDisable | ( | void |
|
) |
Disabled device erase functionality.
This command disables the device erase command. It does not lock the debug interface to the part, but it is a permanent action for the part. If device erase is disabled and the device is debug locked, there is no way to permanently unlock the part. If secure debug unlock is enabled, secure debug unlock can still be used to temporarily open the debug port.
- Warning
- This command permanently disables the device erase functionality!
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully. SE_RESPONSE_INTERNAL_ERROR
if there was a problem during execution.
◆ SE_deviceErase()
SE_Response_t SE_deviceErase | ( | void |
|
) |
Performs a device mass erase and debug unlock.
Performs a device mass erase and resets the debug configuration to its initial unlocked state. Only available before
SE_deviceEraseDisable
or the corresponding DCI command has been executed.
- Note
- This command clears and verifies the complete flash and ram of the system, excluding the user data pages and one-time programmable commissioning information in the secure element.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
when the command was executed successfully. SE_RESPONSE_INVALID_COMMAND
if device erase is disabled. SE_RESPONSE_INTERNAL_ERROR
if there was a problem during execution.
◆ SE_getStatus()
SE_Response_t SE_getStatus | ( | SE_Status_t * |
status
|
) |
Returns the current boot status, versions and system configuration.
- Parameters
-
[out] status
SE_Status_t containing current SE status.
- Returns
- One of the SE_RESPONSE return codes.
- Return values
-
SE_RESPONSE_OK
upon command completion. Errors are encoded in the different parts of the returned status object.
◆ SE_serialNumber()
SE_Response_t SE_serialNumber | ( | void * |
serial
|
) |
Read the serial number of the SE module.
- Parameters
-
[out] serial
Pointer to array of size 16 bytes.
- Returns
- One of the SE_Response_t return codes.
- Return values
-
SE_RESPONSE_OK
when serial number is returned successfully, SE_RESPONSE_INTERNAL_ERROR
if not.