NVIDIA DRIVE OS Linux API Reference

5.1.3.0 Release

 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages

Detailed Description

Defines Trusted Application (TA) services declarations and functions.

Data Structures

struct  te_request_t
 Holds the layout of the te_oper_param_t structures which must match the layout sent in by the non-secure (NS) world via the TrustZone Secure Monitor Call (TZ SMC) path. More...
 
struct  te_ta_to_ta_request_args_t
 
struct  te_entry_point_message_t
 
struct  te_identity_t
 Holds the identity of a client/caller. More...
 
struct  te_get_property_args_t
 Holds data about the TA client. More...
 
struct  te_device_unique_id
 Holds the device unique ID. More...
 
struct  te_root_of_trust
 Holds the root of trust for TLK. More...
 
struct  te_panic_args_t
 
struct  ta_event_args_t
 
struct  te_rollback_args_t
 

Macros

#define TE_PRINTF_MAX_SIZE   512
 
#define MAX_NUM_SUPPORTED_GUESTS   16U
 
#define DEFAULT_GUEST_ID   0xDEADFEED
 
#define LIBTA_CRITICAL(args...)   te_fprintf(TE_CRITICAL, args)
 
#define LIBTA_ERR(args...)   te_fprintf(TE_ERR, args)
 
#define LIBTA_INFO(args...)   te_fprintf(TE_INFO, args)
 
#define LIBTA_SECURE(args...)   te_fprintf(TE_SECURE, args)
 
#define DEVICE_UID_SIZE_BYTES   16
 
#define VERIFIED_BOOT_KEY_SIZE_BYTES   256
 
#define VERIFIED_BOOT_UNKNOWN_STATE   0
 
#define VERIFIED_BOOT_RED_STATE   1
 
#define VERIFIED_BOOT_YELLOW_STATE   2
 
#define VERIFIED_BOOT_GREEN_STATE   3
 
#define VERIFIED_BOOT_ORANGE_STATE   4
 
#define OTE_PANIC_MSG_MAX_SIZE   128
 Holds the panic information. More...
 
#define OTE_TE_FPRINTF_PREFIX_MAX_LENGTH   (OTE_TASK_NAME_MAX_LENGTH + 4)
 Defines the maximum length of the "[task_name] " prefix for the te_fprintf() task log entries. More...
 
#define LOG_PREFIX_CRITICAL   'C'
 
#define LOG_PREFIX_INFO   'I'
 
#define LOG_PREFIX_ERR   'E'
 
#define LOG_PREFIX_SECURE   'S'
 
#define ENABLE_SPECULATION_BARRIER
 general-purpose speculation barrier More...
 

Typedefs

typedef te_error_t(* ta_event_handler_t )(ta_event_args_t *args)
 

Enumerations

enum  {
  CREATE_INSTANCE = 1UL,
  DESTROY_INSTANCE = 2UL,
  OPEN_SESSION = 3UL,
  CLOSE_SESSION = 4UL,
  LAUNCH_OPERATION = 5UL,
  HANDLE_PM_EVENTS = 6UL
}
 
enum  te_pm_event_t {
  PM_EVENT_RESUME = 1,
  PM_EVENT_SUSPEND = 2,
  PM_EVENT_POWEROFF = 3
}
 
enum  {
  TE_LOGIN_PUBLIC = 0,
  TE_LOGIN_TA = 7
}
 Defines the supported login types. More...
 
enum  {
  TE_PROP_DATA_TYPE_UUID = 1,
  TE_PROP_DATA_TYPE_IDENTITY = 2
}
 Defines the type of property data. More...
 
enum  te_property_type_t {
  TE_PROPERTY_CURRENT_TA = 0xFFFFFFFF,
  TE_PROPERTY_CURRENT_CLIENT = 0xFFFFFFFE,
  TE_PROPERTY_TE_IMPLEMENTATION = 0xFFFFFFFD
}
 Defines the property data information. More...
 
enum  te_rollback_fields { TE_ROLLBACK_EKS2_VERSION = 1 }
 

Functions

void te_exit_service (void)
 
te_error_t te_init (int argc, char **argv)
 Initializes the service. More...
 
void te_destroy (void)
 Deinitializes the service. More...
 
te_error_t te_create_instance_iface (void)
 Creates a new instance of the service. More...
 
void te_destroy_instance_iface (void)
 Destroys an instance of the service. More...
 
te_error_t te_open_session_iface (void **sctx, te_operation_t *oper)
 Opens a session. More...
 
void te_close_session_iface (void *sctx)
 Closes an opened session. More...
 
te_error_t te_receive_operation_iface (void *sctx, te_operation_t *oper)
 Receives an operation. More...
 
void * ote_get_instance_data (void)
 Gets the instance context data. More...
 
void ote_set_instance_data (void *sessionContext)
 Sets an instance context data. More...
 
te_error_t te_get_current_ta_uuid (te_service_id_t *value)
 Gets the service ID for the current Trusted Application (TA). More...
 
te_error_t te_get_client_ta_identity (te_identity_t *value)
 Gets the current client's identity only if it is a secure TA. More...
 
te_error_t te_get_client_identity (te_identity_t *value)
 Gets the current client's identity. More...
 
char * uuid_to_str (te_service_id_t *uuid)
 Converts a UUID to string format. More...
 
te_error_t check_client_uuid (te_service_id_t *service_id)
 Validates the client's identity. More...
 
te_error_t check_client_login (uint32_t login, te_identity_t *client_id_p)
 Validates client's login scheme with the expected login type. More...
 
te_error_t te_get_current_guest_id (uint32_t *guest_id)
 Returns the current guest id requesting service from this TA. More...
 
te_error_t te_get_device_unique_id (te_device_unique_id *uid)
 Gets the device's unique ID. More...
 
te_error_t te_get_dsi_panel_config (bool *res)
 Gets whether the device has DSI panel attached or not. More...
 
te_error_t te_get_root_of_trust (te_root_of_trust *r_o_t)
 Gets the root of trust. More...
 
void te_panic (char *msg)
 Panics the system. More...
 
void te_fprintf_set_prefix (const char *prefix)
 Sets a printable prefix string that te_fprintf() outputs in front of every log message from this task. More...
 
void te_oper_dump_param (te_oper_param_t *param)
 Prints out the list of parameters for debugging. More...
 
void te_oper_dump_param_list (te_operation_t *te_op)
 Prints out the list of parameters for debugging. More...
 
te_error_t te_register_ta_event_handler (ta_event_handler_t handler, uint32_t events_mask)
 
te_error_t te_check_se_keyslot_owner (uint32_t keyslot_type, uint32_t keyslot_idx, te_service_id_t *uuid)
 Checks if the client TA is the owner of the keyslot it wants to write to. More...
 
te_error_t te_request_se_keyslot (uint32_t keyslot_type, uint32_t *keyslot_idx)
 Returns the index of a free SE keyslot if one is available. More...
 
te_error_t te_release_se_keyslot (uint32_t keyslot_type, uint32_t keyslot_idx)
 Releases a keyslot. More...
 
void convert_fd_to_log_prefix (int fd, char *log_level)
 Maps the fd level to a corresponding logger prefix character. More...
 
te_error_t te_rollback_check (te_rollback_args_t *rb_args)
 
static void te_speculation_barrier (void)
 

Macro Definition Documentation

#define DEFAULT_GUEST_ID   0xDEADFEED

Definition at line 58 of file ote_service.h.

#define DEVICE_UID_SIZE_BYTES   16

Definition at line 261 of file ote_service.h.

#define ENABLE_SPECULATION_BARRIER

general-purpose speculation barrier

Any memory read that is sequenced after the speculation barrier will not speculatively execute until all conditions evaluated before the barrier have been architecturally resolved.

Definition at line 440 of file ote_service.h.

#define LIBTA_CRITICAL (   args...)    te_fprintf(TE_CRITICAL, args)

Definition at line 61 of file ote_service.h.

#define LIBTA_ERR (   args...)    te_fprintf(TE_ERR, args)

Definition at line 62 of file ote_service.h.

#define LIBTA_INFO (   args...)    te_fprintf(TE_INFO, args)

Definition at line 63 of file ote_service.h.

#define LIBTA_SECURE (   args...)    te_fprintf(TE_SECURE, args)

Definition at line 64 of file ote_service.h.

#define LOG_PREFIX_CRITICAL   'C'

Definition at line 397 of file ote_service.h.

#define LOG_PREFIX_ERR   'E'

Definition at line 399 of file ote_service.h.

#define LOG_PREFIX_INFO   'I'

Definition at line 398 of file ote_service.h.

#define LOG_PREFIX_SECURE   'S'

Definition at line 400 of file ote_service.h.

#define MAX_NUM_SUPPORTED_GUESTS   16U

Definition at line 57 of file ote_service.h.

#define OTE_PANIC_MSG_MAX_SIZE   128

Holds the panic information.

Definition at line 315 of file ote_service.h.

#define OTE_TE_FPRINTF_PREFIX_MAX_LENGTH   (OTE_TASK_NAME_MAX_LENGTH + 4)

Defines the maximum length of the "[task_name] " prefix for the te_fprintf() task log entries.

Definition at line 330 of file ote_service.h.

#define TE_PRINTF_MAX_SIZE   512

Definition at line 56 of file ote_service.h.

#define VERIFIED_BOOT_GREEN_STATE   3

Definition at line 305 of file ote_service.h.

#define VERIFIED_BOOT_KEY_SIZE_BYTES   256

Definition at line 291 of file ote_service.h.

#define VERIFIED_BOOT_ORANGE_STATE   4

Definition at line 306 of file ote_service.h.

#define VERIFIED_BOOT_RED_STATE   1

Definition at line 303 of file ote_service.h.

#define VERIFIED_BOOT_UNKNOWN_STATE   0

Definition at line 302 of file ote_service.h.

#define VERIFIED_BOOT_YELLOW_STATE   2

Definition at line 304 of file ote_service.h.

Typedef Documentation

typedef te_error_t(* ta_event_handler_t)(ta_event_args_t *args)

Definition at line 364 of file ote_service.h.

Enumeration Type Documentation

anonymous enum
Enumerator
CREATE_INSTANCE 
DESTROY_INSTANCE 
OPEN_SESSION 
CLOSE_SESSION 
LAUNCH_OPERATION 
HANDLE_PM_EVENTS 

Definition at line 68 of file ote_service.h.

anonymous enum

Defines the supported login types.

Enumerator
TE_LOGIN_PUBLIC 
TE_LOGIN_TA 

Definition at line 163 of file ote_service.h.

anonymous enum

Defines the type of property data.

Enumerator
TE_PROP_DATA_TYPE_UUID 
TE_PROP_DATA_TYPE_IDENTITY 

Definition at line 169 of file ote_service.h.

Enumerator
PM_EVENT_RESUME 
PM_EVENT_SUSPEND 
PM_EVENT_POWEROFF 

Definition at line 77 of file ote_service.h.

Defines the property data information.

Enumerator
TE_PROPERTY_CURRENT_TA 
TE_PROPERTY_CURRENT_CLIENT 
TE_PROPERTY_TE_IMPLEMENTATION 

Definition at line 175 of file ote_service.h.

Enumerator
TE_ROLLBACK_EKS2_VERSION 

Definition at line 409 of file ote_service.h.

Function Documentation

te_error_t check_client_login ( uint32_t  login,
te_identity_t client_id_p 
)

Validates client's login scheme with the expected login type.

Parameters
[in]loginThe expected login type.
[out]client_id_pA pointer to the location where the login type is stored if login is successful.
Returns
OTE_SUCCESS to indicate that the operation was successful.
te_error_t check_client_uuid ( te_service_id_t service_id)

Validates the client's identity.

Parameters
[in]service_idA pointer to a service ID structure to be used to validate the identity.
Returns
OTE_SUCCESS to indicate that the operation was successful.
void convert_fd_to_log_prefix ( int  fd,
char *  log_level 
)

Maps the fd level to a corresponding logger prefix character.

Parameters
fdFile Descriptor
log_levelpointer to a character
void* ote_get_instance_data ( void  )

Gets the instance context data.

void ote_set_instance_data ( void *  sessionContext)

Sets an instance context data.

te_error_t te_check_se_keyslot_owner ( uint32_t  keyslot_type,
uint32_t  keyslot_idx,
te_service_id_t uuid 
)

Checks if the client TA is the owner of the keyslot it wants to write to.

Parameters
keyslot_typeThe keyslot type: RSA or AES.
keyslot_idxIndex of the keyslot.
uuidA pointer to the client TA's UUID.
Returns
OTE_SUCCESS if the owner is the TA, or OTE_ERROR_ACCESS_DENIED if the owner is someone else.
void te_close_session_iface ( void *  sctx)

Closes an opened session.

Parameters
sctxA pointer to the session to close.
te_error_t te_create_instance_iface ( void  )

Creates a new instance of the service.

void te_destroy ( void  )

Deinitializes the service.

void te_destroy_instance_iface ( void  )

Destroys an instance of the service.

void te_exit_service ( void  )
void te_fprintf_set_prefix ( const char *  prefix)

Sets a printable prefix string that te_fprintf() outputs in front of every log message from this task.

The OTE library automatically sets a "[task_name] " log prefix based on the task name set in the task manifest (if the manifest defines a task name).

Parameters
[in]prefixThe string to use for the prefix or NULL for no prefix. The maximum length of prefix is OTE_TE_FPRINTF_PREFIX_MAX_LENGTH. A NULL value cancels the log prefix; a non-null string changes the prefix.
te_error_t te_get_client_identity ( te_identity_t value)

Gets the current client's identity.

Parameters
[out]valueA pointer to te_identity_t, which holds the client's identity.
Returns
OTE_SUCCESS to indicate that the operation was successful.
te_error_t te_get_client_ta_identity ( te_identity_t value)

Gets the current client's identity only if it is a secure TA.

Parameters
[out]valueA pointer to te_identity_t, which holds the client's identity.
Returns
OTE_SUCCESS to indicate that the operation was successful.
te_error_t te_get_current_guest_id ( uint32_t *  guest_id)

Returns the current guest id requesting service from this TA.

Parameters
[out]guest_idGuest id which is requesting service from the TA. In the native non-hypervisor case, 0 is returned.
Returns
OTE_SUCCESS to indicate that the operation was successful.
OTE_ERROR_BAD_PARAMETERS to indicate guest_id pointer is NULL.
te_error_t te_get_current_ta_uuid ( te_service_id_t value)

Gets the service ID for the current Trusted Application (TA).

Parameters
[out]valueA pointer to te_service_id_t, which holds the service ID.
Returns
OTE_SUCCESS to indicate the operation was successful.
te_error_t te_get_device_unique_id ( te_device_unique_id uid)

Gets the device's unique ID.

Parameters
[out]uidA pointer to a location where the device's unique ID is to be stored.
te_error_t te_get_dsi_panel_config ( bool *  res)

Gets whether the device has DSI panel attached or not.

te_error_t te_get_root_of_trust ( te_root_of_trust r_o_t)

Gets the root of trust.

Parameters
[out]r_o_tA pointer to the root of trust.
te_error_t te_init ( int  argc,
char **  argv 
)

Initializes the service.

te_error_t te_open_session_iface ( void **  sctx,
te_operation_t oper 
)

Opens a session.

Parameters
sctxA pointer to the session.
operA pointer to the operation.
void te_oper_dump_param ( te_oper_param_t param)

Prints out the list of parameters for debugging.

Prints out the list of parameters with the parameter content.

Parameters
[in]paramA pointer to a TLK operation.
void te_oper_dump_param_list ( te_operation_t te_op)

Prints out the list of parameters for debugging.

Prints out the list of parameters with the parameter content.

Parameters
[in]te_opA pointer to a TLK operation.
void te_panic ( char *  msg)

Panics the system.

This call does not return.

Parameters
msgA pointer to a string containing a panic message.
te_error_t te_receive_operation_iface ( void *  sctx,
te_operation_t oper 
)

Receives an operation.

Parameters
sctxA pointer to the session from which to receive the operation.
operA pointer to the operation.
te_error_t te_register_ta_event_handler ( ta_event_handler_t  handler,
uint32_t  events_mask 
)
te_error_t te_release_se_keyslot ( uint32_t  keyslot_type,
uint32_t  keyslot_idx 
)

Releases a keyslot.

A TA normally releases a keyslot when done writing to it.

Parameters
keyslot_typeKeyslot type: RSA or AES.
keyslot_idxIndex of the keyslot.
Returns
OTE_SUCCESS to indicate that the operation was successful.
te_error_t te_request_se_keyslot ( uint32_t  keyslot_type,
uint32_t *  keyslot_idx 
)

Returns the index of a free SE keyslot if one is available.

Parameters
keyslot_typeKeyslot type: RSA or AES.
keyslot_idxA pointer to a location where a free keyslot index should be stored.
Returns
OTE_SUCCESS if the operation was successful, or OTE_ERROR_ITEM_NOT_FOUND if no keyslot was available.
te_error_t te_rollback_check ( te_rollback_args_t rb_args)
static void te_speculation_barrier ( void  )
inlinestatic

Definition at line 442 of file ote_service.h.

char* uuid_to_str ( te_service_id_t uuid)

Converts a UUID to string format.

Parameters
[in]uuidA pointer to the UUID to convert.
Returns
A pointer to the UUID in string format.