forked from lowRISC/opentitan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdif_alert_handler.h
701 lines (652 loc) · 23.7 KB
/
dif_alert_handler.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_ALERT_HANDLER_H_
#define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_ALERT_HANDLER_H_
/**
* @file
* @brief <a href="/hw/ip/alert_handler/doc/">Alert handler</a> Device Interface
* Functions
*/
#include <stdint.h>
#include "sw/device/lib/base/macros.h"
#include "sw/device/lib/base/mmio.h"
#include "sw/device/lib/dif/dif_base.h"
#include "sw/device/lib/dif/autogen/dif_alert_handler_autogen.h"
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
/**
* Helper X macro for defining enums and case statements related to alert
* classes. If an additional class is ever added to the hardware, this list can
* be updated.
*/
#define LIST_OF_CLASSES(X) \
X(A, 0) \
X(B, 1) \
X(C, 2) \
X(D, 3)
/**
* Helper macro for defining a `dif_alert_handler_class_t` enumeration constant.
* @class_ Alert class of the enumeration constant.
* @value_ Value of the enumeration constant.
*/
#define ALERT_CLASS_ENUM_INIT_(class_, value_) \
kDifAlertHandlerClass##class_ = value_,
/**
* An alert class.
*
* An alert class roughly specifies how to deal with an alert. The class
* determines which interrupt handler is fired for an alert, as well as the
* fine-grained details of the escalation policy, for when the processor
* fails to respond to an alert quickly enough.
*
* Alert classes serve as the alert handler's IRQ types. There is one IRQ for
* each class. Whenever an alert fires, the corresponding class's IRQ is
* serviced by the processor (if enabled).
*/
typedef enum dif_alert_handler_class {
LIST_OF_CLASSES(ALERT_CLASS_ENUM_INIT_)
} dif_alert_handler_class_t;
/**
* An alert, identified by a numeric id.
*
* Alerts are hardware-level events indicating that something catastrophic
* has happened. The alert handler consumes alerts, classifies them into a
* particular `dif_alert_handler_class_t`, and uses policy information attached
* to that class to handle it.
*
* The number of alerts is configurable at hardware-synthesis time.
*/
typedef uint32_t dif_alert_handler_alert_t;
/**
* Helper X macro for defining enums and case statements related to local
* alerts. If an additional class is ever added to the hardware, this list can
* be updated.
*/
#define LIST_OF_LOC_ALERTS(X) \
X(kDifAlertHandlerLocalAlertAlertPingFail, 0) \
X(kDifAlertHandlerLocalAlertEscalationPingFail, 1) \
X(kDifAlertHandlerLocalAlertAlertIntegrityFail, 2) \
X(kDifAlertHandlerLocalAlertEscalationIntegrityFail, 3) \
X(kDifAlertHandlerLocalAlertBusIntegrityFail, 4) \
X(kDifAlertHandlerLocalAlertShadowedUpdateError, 5) \
X(kDifAlertHandlerLocalAlertShadowedStorageError, 6)
/**
* Helper macro for defining a `dif_alert_handler_local_alert_t` enumeration
* constant.
* @name_ Name of the enumeration constant.
*/
#define LOC_ALERT_ENUM_INIT_(name_, value_) name_ = value_,
/**
* A local alert originating from within the alert handler itself.
*
* A local alert is exactly the same as a normal `dif_alert_handler_alert_t`,
* except that they use different functions for setting up classification and
* for getting causes.
*/
typedef enum dif_alert_handler_local_alert {
LIST_OF_LOC_ALERTS(LOC_ALERT_ENUM_INIT_)
} dif_alert_handler_local_alert_t;
/**
* An alert class state.
*
* This enum describes the sequence of states in the *escalation protocol*,
* which triggers under two different conditions:
* - If too many alerts of a particular class accumulate.
* - If the software IRQ handler for that class times out.
*
* When either of these conditions is reached, phase 0 begins. This may trigger
* an escalation signal, and after a configured duration, proceed to phase 1.
* This process repeats until phase 3 ends, at which point the class enters a
* "bricked" terminal state, which cannot be exited except by reset.
*
* At any point, software may end the escalation protocol by calling
* `dif_alert_handler_escalation_clear()` (unless clearing is disabled).
* Successfully calling this function, or clearing the IRQ on time, will reset
* the state back to idle. Note that this function cannot clear the terminal
* state; that state can only be cleared by resetting the chip.
*/
typedef enum dif_alert_handler_class_state {
/**
* The initial, idle state.
*/
kDifAlertHandlerClassStateIdle,
/**
* The "timeout" state, that is, the IRQ has been fired and the clock is
* ticking for the processor to handle the alert.
*/
kDifAlertHandlerClassStateTimeout,
/**
* The "fsm_error" state. This is a terminal state indicating the FSM
* has been glitched.
*/
kDifAlertHandlerClassStateFsmError,
/**
* The terminal state. Most configurations will never reach this state, since
* one of the previous phases will use an escalation signal to reset the
* device.
*/
kDifAlertHandlerClassStateTerminal,
/**
* The zeroth escalation phase.
*/
kDifAlertHandlerClassStatePhase0,
/**
* The first escalation phase.
*/
kDifAlertHandlerClassStatePhase1,
/**
* The second escalation phase.
*/
kDifAlertHandlerClassStatePhase2,
/**
* The third escalation phase.
*/
kDifAlertHandlerClassStatePhase3,
} dif_alert_handler_class_state_t;
/**
* An escalation signal, identified by a numeric ID.
*
* An escalation signal is a generic "response" to failing to handle alert(s).
* The meaning of each escalation signal is determined by the chip.
*
* An alert class can be configured to raise various escalation signal(s) during
* various escalation phases as part of its escalation policy.
*/
typedef uint32_t dif_alert_handler_escalation_signal_t;
/**
* Runtime configuration for an escalation phase.
*/
typedef struct dif_alert_handler_escalation_phase {
/**
* The phase this configuration describes.
*
* It is an error for this to not be one of the `Phase` constants in
* `dif_alert_handler_class_state_t`.
*/
dif_alert_handler_class_state_t phase;
/**
* The escalation signal that should be triggered when this phase begins.
*/
dif_alert_handler_escalation_signal_t signal;
/**
* The duration of this phase, in cycles.
*/
uint32_t duration_cycles;
} dif_alert_handler_escalation_phase_t;
/**
* Runtime configuration for a particular alert class.
*
* This struct describes the escalation protocol for an alert class.
*/
typedef struct dif_alert_handler_class_config {
/**
* Whether to automatically lock the accumulation counter.
*
* There are two ways to lock the accumulation counter (prevent it from being
* cleared once the class's escalation protocol has been triggered):
* 1. clear the write enable for the accumulation counter clear register, or
* 2. to set this configuration flag which will automatically clear the
* write enable for the accumulation counter clear register once the
* class's escalation protocol has been triggered.
*/
dif_toggle_t auto_lock_accumulation_counter;
/**
* The threshold for the class accmulator which indicates the number of alerts
* that must fire because the class's escalation protocol will trigger.
*/
uint16_t accumulator_threshold;
/**
* The number of cycles this class's associated IRQ handler has to acknowledge
* the IRQ before escalation is triggered.
*
* A value of zero disables the timeout.
*/
uint32_t irq_deadline_cycles;
/**
* Escalation phases to be configured for this class.
*
* Each escalation phase in this list will additionally be set as enabled for
* this class; phases not listed will have their escalation signals disabled.
*/
const dif_alert_handler_escalation_phase_t *escalation_phases;
/**
* The length of the array `escalation_phases`.
*/
size_t escalation_phases_len;
/**
* The escalation phase to capture the crashdump information in.
*
* It is an error for this to not be one of the `Phase` constants in
* `dif_alert_handler_class_state_t`.
*
* Note, it is recommended to capture the crashdump upon entering the first
* escalation phase that activates a countermeasure with many side-effects
* (e.g. life cycle state scrapping) in order to prevent spurious alert events
* from masking the original alert causes.
*/
dif_alert_handler_class_state_t crashdump_escalation_phase;
} dif_alert_handler_class_config_t;
/**
* Runtime configuration for the alert handler.
*
* This struct describes runtime information for a single-shot configuration of
* the alert handler hardware.
*
* Note, any of the array pointers may be NULL, in which case the associated
* length should be 0.
*/
typedef struct dif_alert_handler_config {
/**
* A list of alerts to configure.
*/
dif_alert_handler_alert_t *alerts;
/**
* A list of classes to assign each alert to.
*/
dif_alert_handler_class_t *alert_classes;
/**
* The lengths of the arrays `alerts` and `alert_classes`.
*/
size_t alerts_len;
/**
* A list of local alerts to configure.
*/
dif_alert_handler_local_alert_t *local_alerts;
/**
* A list of classes to assign each local alert to.
*/
dif_alert_handler_class_t *local_alert_classes;
/**
* The lengths of the arrays `local_alerts` and `local_alert_classes`.
*/
size_t local_alerts_len;
/**
* A list of alert classes to configure.
*/
const dif_alert_handler_class_t *classes;
/**
* A list of alert class (escalation protocol) configurations.
*/
const dif_alert_handler_class_config_t *class_configs;
/**
* The length of the arrays `classes` and `class_configs`.
*/
size_t classes_len;
/**
* The alert ping timeout, in cycles.
*
* The alert handler will regularly, at random intervals, ping alert
* sources. If a source fails to respond, a local alert will be raised.
*
* The appropriate value will be dependent on all of the clocks involved on
* a chip.
*
* Note that the ping timer won't start until `dif_alert_handler_lock()` is
* successfully called.
*
* Note while this value must fit into the timeout register which is smaller
* than the native word length.
*/
uint32_t ping_timeout;
} dif_alert_handler_config_t;
/**
* Configures an alert in the alert handler.
*
* This operation is lock-protected, meaning once the configuration is locked,
* it cannot be reconfigured until after a system reset.
*
* @param alert_handler An alert handler handle.
* @param alert The alert to be configured.
* @param alert_class The class to assign the alert to.
* @param enabled The enablement state to configure the alert in.
* @param locked The locked state to configure the alert in.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_configure_alert(
const dif_alert_handler_t *alert_handler, dif_alert_handler_alert_t alert,
dif_alert_handler_class_t alert_class, dif_toggle_t enabled,
dif_toggle_t locked);
/**
* Configures a local alert in the alert handler.
*
* This operation is lock-protected, meaning once the configuration is locked,
* it cannot be reconfigured until after a system reset.
*
* @param alert_handler An alert handler handle.
* @param local_alert The local alert to be configured.
* @param alert_class The class to assign the alert to.
* @param enabled The enablement state to configure the alert in.
* @param locked The locked state to configure the alert in.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_configure_local_alert(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_local_alert_t local_alert,
dif_alert_handler_class_t alert_class, dif_toggle_t enabled,
dif_toggle_t locked);
/**
* Configures the escalation protocol of an alert class in the alert handler.
*
* This operation is lock-protected, meaning once the configuration is locked,
* it cannot be reconfigured until after a system reset.
*
* Note, regardless if the class is enabled or, IRQs will still fire based on
* the accumulation counter threshold configuration for the class, however, the
* escalation protocol will not trigger.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to be configured.
* @param config The escalation protocol configuration.
* @param enabled The enablement state of the class escalation protocol.
* @param locked The locked state to configure the class in.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_configure_class(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class,
dif_alert_handler_class_config_t config, dif_toggle_t enabled,
dif_toggle_t locked);
/**
* Configures the ping timer in the alert handler.
*
* This operation is lock-protected, meaning once the configuration is locked,
* it cannot be reconfigured until after a system reset.
*
* Note, the ping timer will only ping alerts that have been enabled AND locked.
* Therefore, this DIF should be invoked after configuring and enabling each
* (local) alert.
*
* @param alert_handler An alert handler handle.
* @param ping_timeout The alert ping timeout, in cycles.
* @param enabled The enablement state to configure the ping timer in.
* @param locked The locked state to configure ping timer in.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_configure_ping_timer(
const dif_alert_handler_t *alert_handler, uint32_t ping_timeout,
dif_toggle_t enabled, dif_toggle_t locked);
/**
* Enables the ping timer in the alert handler.
*
* This operation is lock-protected, meaning once the configuration is locked,
* it cannot be reconfigured until after a system reset.
*
* Note, the ping timer will only ping alerts that have been enabled AND locked.
* Therefore, this DIF should be invoked after configuring and enabling each
* (local) alert.
*
* @param alert_handler An alert handler handle.
* @param locked The locked state to configure ping timer in after enabling it.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_ping_timer_set_enabled(
const dif_alert_handler_t *alert_handler, dif_toggle_t locked);
/**
* Locks out an alert handler alert configuration.
*
* This operation cannot be undone, and should be performed at the end of
* configuring the alert handler in early boot.
*
* This function is reentrant: calling it while functionality is locked will
* have no effect and return `kDifOk`.
*
* @param alert_handler An alert handler handle.
* @param alert The alert to lock.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_lock_alert(
const dif_alert_handler_t *alert_handler, dif_alert_handler_alert_t alert);
/**
* Checks whether an alert handler's alert is locked.
*
* @param alert_handler An alert handler handle.
* @param alert The alert to check is locked.
* @param[out] is_locked Out-param for the locked state.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_is_alert_locked(
const dif_alert_handler_t *alert_handler, dif_alert_handler_alert_t alert,
bool *is_locked);
/**
* Locks out an alert handler local alert configuration.
*
* This operation cannot be undone, and should be performed at the end of
* configuring the alert handler in early boot.
*
* This function is reentrant: calling it while functionality is locked will
* have no effect and return `kDifOk`.
*
* @param alert_handler An alert handler handle.
* @param local_alert The local alert to lock.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_lock_local_alert(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_local_alert_t local_alert);
/**
* Checks whether an alert handler's local alert is locked.
*
* @param alert_handler An alert handler handle.
* @param local_alert The local alert to check is locked.
* @param[out] is_locked Out-param for the locked state.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_is_local_alert_locked(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_local_alert_t local_alert, bool *is_locked);
/**
* Locks out an alert handler class configuration.
*
* This operation cannot be undone, and should be performed at the end of
* configuring the alert handler in early boot.
*
* This function is reentrant: calling it while functionality is locked will
* have no effect and return `kDifOk`.
*
* @param alert_handler An alert handler handle.
* @param alert_class The alert class to lock.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_lock_class(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class);
/**
* Checks whether an alert handler's class is locked.
*
* @param alert_handler An alert handler handle.
* @param alert_class The alert class to check is locked.
* @param[out] is_locked Out-param for the locked state.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_is_class_locked(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class, bool *is_locked);
/**
* Locks out alert handler ping timer configuration.
*
* This operation cannot be undone, and should be performed at the end of
* configuring the alert handler in early boot.
*
* This function is reentrant: calling it while functionality is locked will
* have no effect and return `kDifOk`.
*
* @param alert_handler An alert handler handle.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_lock_ping_timer(
const dif_alert_handler_t *alert_handler);
/**
* Checks whether alert handler's ping timer is locked.
*
* @param alert_handler An alert handler handle.
* @param[out] is_locked Out-param for the locked state.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_is_ping_timer_locked(
const dif_alert_handler_t *alert_handler, bool *is_locked);
/**
* Checks whether an alert is one of the causes for an alert IRQ.
*
* Note that multiple alerts may be causes at the same time.
*
* @param alert_handler An alert handler handle.
* @param alert The alert to check.
* @param[out] is_cause Out-param for whether this alert is a cause.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_alert_is_cause(
const dif_alert_handler_t *alert_handler, dif_alert_handler_alert_t alert,
bool *is_cause);
/**
* Clears an alert from the cause vector, similar to an IRQ acknowledgement.
*
* @param alert_handler An alert handler handle.
* @param alert The alert to acknowledge.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_alert_acknowledge(
const dif_alert_handler_t *alert_handler, dif_alert_handler_alert_t alert);
/**
* Checks whether a local alert is one of the causes for an alert IRQ.
*
* Note that multiple alerts may be causes at the same time.
*
* @param alert_handler An alert handler handle.
* @param local_alert The local alert to check.
* @param[out] is_cause Out-param for whether this alert is a cause.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_local_alert_is_cause(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_local_alert_t local_alert, bool *is_cause);
/**
* Clears a local alert from the cause vector, similar to an IRQ
* acknowledgement.
*
* @param alert_handler An alert handler handle.
* @param local_alert The local alert to acknowledge.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_local_alert_acknowledge(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_local_alert_t local_alert);
/**
* Checks whether software can clear escalations for this class.
*
* If `automatic_locking` has been set in a class's configuration, this
* function may suddenly begin returning `false` instead of `true` without
* software invervention, if escalation has been triggered.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to check.
* @param[out] can_clear Out-param for the clear enablement state.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_escalation_can_clear(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class, bool *can_clear);
/**
* Disables escalation clearing for this class.
*
* This operation is similar to locking in that it cannot be undone.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to disable clearing for.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_escalation_disable_clearing(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class);
/**
* Clears an on-going escalation, as well as the class accumulator.
*
* This operation can be disabled with
* `dif_alert_handler_escalation_disable_clearing()`.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to clear an escalation for.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_escalation_clear(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class);
/**
* Gets the accumulator value for this class.
*
* This value is the number of alerts of this class that have been logged so
* far (more or less, since multiple alerts on the same cycle will be merged
* into one). Once this value equals the configured threshold, any followup
* alerts will immediately trigger the escalation protocol.
*
* This value is cleared as a side-effect of
* `dif_alert_handler_escalation_clear()`.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to get the accumulator for.
* @param[out] num_alerts Out-param for the number of alerts that have
* accumulated.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_get_accumulator(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class, uint16_t *num_alerts);
/**
* Gets the current value of the "escalation counter".
*
* The interpretation of this value depends on the value returned by
* `dif_alert_handler_class_state_get()`. If it is in the timeout state,
* it returns the number of cycles counted towards that cycle so far.
* If in an escalation phase, it returns the number of cycles that phase
* has been active for.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to set the counter for.
* @param[out] cycles Out-param for the counter.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_get_escalation_counter(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class, uint32_t *cycles);
/**
* Gets the current state of this class.
*
* See `dif_alert_handler_class_state_t` for potential states.
*
* @param alert_handler An alert handler handle.
* @param alert_class The class to get the state of
* @param[out] state Out-param for the class state.
* @return The result of the operation.
*/
OT_WARN_UNUSED_RESULT
dif_result_t dif_alert_handler_get_class_state(
const dif_alert_handler_t *alert_handler,
dif_alert_handler_class_t alert_class,
dif_alert_handler_class_state_t *state);
#ifdef __cplusplus
} // extern "C"
#endif // __cplusplus
#endif // OPENTITAN_SW_DEVICE_LIB_DIF_DIF_ALERT_HANDLER_H_