Trait HWData 

pub trait HWData {
    type Error;

    // Required methods
    fn huk(&self) -> Result<HWSymmetricKey, Self::Error>;
    fn guk(&self) -> Result<HWSymmetricKey, Self::Error>;
    fn cpak(&self) -> Result<Option<HWAsymmetricKey>, Self::Error>;
    fn bl_hash(&self) -> Result<HWHash, Self::Error>;
    fn boot_measurements(&self) -> Result<Vec<BootMeasurement>, Self::Error>;
    fn implementation_id(&self) -> Result<[u8; 32], Self::Error>;
    fn security_lifecycle(&self) -> Result<u32, Self::Error>;
    fn profile_definition(
        &self,
    ) -> Result<Option<ArrayVec<[u8; 35]>>, Self::Error>;
    fn verification_service_url(
        &self,
    ) -> Result<Option<ArrayVec<[u8; 32]>>, Self::Error>;
    fn platform_config(&self) -> Result<ArrayVec<[u8; 32]>, Self::Error>;
}

Interface for fetching hardware specific data:

• Boot measurements,
• Hardware keys,
• Claims data, In compliance with [documentation-service.arm.com/static/610aaec33d73a34b640e333b](Arm CCA Security Model 1.0).

Required Associated Types

type Error

Required Methods

fn huk(&self) -> Result<HWSymmetricKey, Self::Error>

Hardware unique 256bit symmetric key. It represents a randomly unique seed for each manufactured instance of CCA enabled system.

fn guk(&self) -> Result<HWSymmetricKey, Self::Error>

Group unique 256bit symmetric key. It represents a randomly unique seed that may be shared with some group of manufactured CCA enabled systems with the same immutable hardware security properties.

fn cpak(&self) -> Result<Option<HWAsymmetricKey>, Self::Error>

Byte string representing CCA Platform Attestation Key. Optional, can be derived in runtime.

fn bl_hash(&self) -> Result<HWHash, Self::Error>

BL2 image signed hash.

fn boot_measurements(&self) -> Result<Vec<BootMeasurement>, Self::Error>

Software state of the system. Each entry represents a BootMeasurement of software component within the device.

fn implementation_id(&self) -> Result<[u8; 32], Self::Error>

A byte string representing the original implementation signer of the attestation key and indentifies contract between the report and verification.

fn security_lifecycle(&self) -> Result<u32, Self::Error>

Represents the current lifecycle state of the instance. Custom claim with a value encoded as integer that is divided to convey a major state and a minor state. The PSA state and implementation state are encoded as follows:

• version[15:8] - PSA lifecycle state - major
• version[7:0] - IMPLEMENTATION DEFINED state - minor Possible PSA lifecycle states:
• Unknown (0x1000u),
• PSA_RoT_Provisioning (0x2000u),
• Secured (0x3000u),
• Non_PSA_RoT_Debug(0x4000u),
• Recoverable_PSA_RoT_Debug (0x5000u),
• Decommissioned (0x6000u)

fn profile_definition(&self) -> Result<Option<ArrayVec<[u8; 35]>>, Self::Error>

Contains the name of a document that describes the ‘profile’ of the token, being a full description of the claims, their usage, verification and token signing. The document name may include versioning. Custom claim with a value encoded as text string.

fn verification_service_url( &self, ) -> Result<Option<ArrayVec<[u8; 32]>>, Self::Error>

The value is a text string that can be used to locate the service or a URL specifying the address of the service. t is used by a Relying Party to locate a validation service for the token.

fn platform_config(&self) -> Result<ArrayVec<[u8; 32]>, Self::Error>

Describes the set of chosen implementation options of the CCA platform.

Dyn Compatibility

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors