1*2949576eSMichael Tretter /* SPDX-License-Identifier: BSD-2-Clause */ 2*2949576eSMichael Tretter /* 3*2949576eSMichael Tretter * Copyright (C) 2025, Pengutronix, Michael Tretter <entwicklung@pengutronix.de> 4*2949576eSMichael Tretter */ 5*2949576eSMichael Tretter 6*2949576eSMichael Tretter #ifndef __PTA_RK_SECURE_BOOT_H 7*2949576eSMichael Tretter #define __PTA_RK_SECURE_BOOT_H 8*2949576eSMichael Tretter 9*2949576eSMichael Tretter #include <tee_api_types.h> 10*2949576eSMichael Tretter 11*2949576eSMichael Tretter #define PTA_RK_SECURE_BOOT_UUID { 0x5cfa57f6, 0x1a4c, 0x407f, \ 12*2949576eSMichael Tretter { 0x94, 0xa7, 0xa5, 0x6c, 0x8c, 0x47, 0x01, 0x9d } } 13*2949576eSMichael Tretter 14*2949576eSMichael Tretter struct pta_rk_secure_boot_hash { 15*2949576eSMichael Tretter /* sha256 has 256 bit */ 16*2949576eSMichael Tretter uint8_t value[32]; 17*2949576eSMichael Tretter }; 18*2949576eSMichael Tretter 19*2949576eSMichael Tretter struct pta_rk_secure_boot_info { 20*2949576eSMichael Tretter uint8_t enabled; 21*2949576eSMichael Tretter uint8_t simulation; 22*2949576eSMichael Tretter struct pta_rk_secure_boot_hash hash; 23*2949576eSMichael Tretter }; 24*2949576eSMichael Tretter 25*2949576eSMichael Tretter /* 26*2949576eSMichael Tretter * PTA_RK_SECURE_BOOT_GET_INFO - Get secure boot status info 27*2949576eSMichael Tretter * 28*2949576eSMichael Tretter * [out] memref[0] buffer memory reference containing a struct 29*2949576eSMichael Tretter * pta_rk_secure_boot_info 30*2949576eSMichael Tretter */ 31*2949576eSMichael Tretter #define PTA_RK_SECURE_BOOT_GET_INFO 0x0 32*2949576eSMichael Tretter 33*2949576eSMichael Tretter /* 34*2949576eSMichael Tretter * PTA_RK_SECURE_BOOT_BURN_HASH - Burn the RSA key hash to fuses 35*2949576eSMichael Tretter * 36*2949576eSMichael Tretter * [in] memref[0] buffer memory reference containing a struct 37*2949576eSMichael Tretter * pta_rk_secure_boot_hash 38*2949576eSMichael Tretter * [in] value[1].a bit length of signing key 39*2949576eSMichael Tretter */ 40*2949576eSMichael Tretter #define PTA_RK_SECURE_BOOT_BURN_HASH 0x1 41*2949576eSMichael Tretter 42*2949576eSMichael Tretter /* 43*2949576eSMichael Tretter * PTA_RK_SECURE_BOOT_LOCKDOWN_DEVICE - Lockdown the device with secure boot 44*2949576eSMichael Tretter */ 45*2949576eSMichael Tretter #define PTA_RK_SECURE_BOOT_LOCKDOWN_DEVICE 0x2 46*2949576eSMichael Tretter 47*2949576eSMichael Tretter #endif /* __PTA_ROCKCHIP_OTP_H */ 48