diff options
Diffstat (limited to 'board/cr50/dcrypto/fips.c')
-rw-r--r-- | board/cr50/dcrypto/fips.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 431c7afd9b..c1b5454545 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -59,9 +59,13 @@ bool fips_crypto_allowed(void) fips_is_no_crypto_error() && DCRYPTO_ladder_is_enabled()); } +/** + * This function can be called very early in the boot before FIPS power-up. + * It doesn't use FIPS crypto, so we just check for no FIPS errors. + */ int crypto_enabled(void) { - return fips_crypto_allowed(); + return fips_is_no_crypto_error() && DCRYPTO_ladder_is_enabled(); } void fips_throw_err(enum fips_status err) @@ -769,9 +773,6 @@ void fips_power_up_tests(void) void fips_power_on(void) { fips_last_kat_test_duration = -1ULL; - /* make sure on power-on / resume it's cleared */ - _fips_status = FIPS_UNINITIALIZED; - /** * If this was a power-on or power-up tests weren't executed * for some reason, run them now. Board FIPS KAT status will @@ -779,8 +780,8 @@ void fips_power_on(void) */ if (!fips_is_power_up_done()) fips_power_up_tests(); - else /* tests were already completed before sleep */ - _fips_status |= FIPS_POWER_UP_TEST_DONE; + else /* tests were already completed before sleep */ + _fips_status |= FIPS_POWER_UP_TEST_DONE | FIPS_MODE_ACTIVE; } const struct fips_vtable *fips_vtable; @@ -808,6 +809,10 @@ static bool is_flash_address(const void *ptr) return false; } +/** + * This function is called the first in FIPS initialization very early + * in the boot to set-up required dependencies. + */ void fips_set_callbacks(const struct fips_vtable *vtable) { if (is_flash_address(vtable) && @@ -832,4 +837,7 @@ void fips_set_callbacks(const struct fips_vtable *vtable) fips_vtable = vtable; else fips_vtable = NULL; + + /* make sure on power-on / resume it's cleared */ + _fips_status = FIPS_UNINITIALIZED; } |