mbed library sources. Supersedes mbed-src.

Fork of mbed-dev by mbed official

Revision:
144:ef7eb2e8f9f7
Child:
149:156823d33999
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hal/storage_abstraction/Driver_Storage.h	Fri Sep 02 15:07:44 2016 +0100
@@ -0,0 +1,768 @@
+/*
+ * Copyright (c) 2006-2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __DRIVER_STORAGE_H
+#define __DRIVER_STORAGE_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+#include "Driver_Common.h"
+
+#define ARM_STORAGE_API_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(1,00)  /* API version */
+
+
+#define _ARM_Driver_Storage_(n)      Driver_Storage##n
+#define  ARM_Driver_Storage_(n) _ARM_Driver_Storage_(n)
+
+#define ARM_STORAGE_INVALID_OFFSET  (0xFFFFFFFFFFFFFFFFULL) ///< Invalid address (relative to a storage controller's
+                                                            ///< address space). A storage block may never start at this address.
+
+#define ARM_STORAGE_INVALID_ADDRESS (0xFFFFFFFFUL)          ///< Invalid address within the processor's memory address space.
+                                                            ///< Refer to memory-mapped storage, i.e. < \ref ARM_DRIVER_STORAGE::ResolveAddress().
+
+/****** Storage specific error codes *****/
+#define ARM_STORAGE_ERROR_NOT_ERASABLE      (ARM_DRIVER_ERROR_SPECIFIC - 1) ///< Part (or all) of the range provided to Erase() isn't erasable.
+#define ARM_STORAGE_ERROR_NOT_PROGRAMMABLE  (ARM_DRIVER_ERROR_SPECIFIC - 2) ///< Part (or all) of the range provided to ProgramData() isn't programmable.
+#define ARM_STORAGE_ERROR_PROTECTED         (ARM_DRIVER_ERROR_SPECIFIC - 3) ///< Part (or all) of the range to Erase() or ProgramData() is protected.
+#define ARM_STORAGE_ERROR_RUNTIME_OR_INTEGRITY_FAILURE (ARM_DRIVER_ERROR_SPECIFIC - 4) ///< Runtime or sanity-check failure.
+
+/**
+ * \brief Attributes of the storage range within a storage block.
+ */
+typedef struct _ARM_STORAGE_BLOCK_ATTRIBUTES {
+  uint32_t erasable      :  1;   ///< Erasing blocks is permitted with a minimum granularity of 'erase_unit'.
+                                 ///<   @note: if 'erasable' is 0--i.e. the 'erase' operation isn't available--then
+                                 ///<   'erase_unit' (see below) is immaterial and should be 0.
+  uint32_t programmable  :  1;   ///< Writing to ranges is permitted with a minimum granularity of 'program_unit'.
+                                 ///<   Writes are typically achieved through the ProgramData operation (following an erase);
+                                 ///<   if storage isn't erasable (see 'erasable' above) but is memory-mapped
+                                 ///<   (i.e. 'memory_mapped'), it can be written directly using memory-store operations.
+  uint32_t executable    :  1;   ///< This storage block can hold program data; the processor can fetch and execute code
+                                 ///<   sourced from it. Often this is accompanied with the device being 'memory_mapped' (see \ref ARM_STORAGE_INFO).
+  uint32_t protectable   :  1;   ///< The entire block can be protected from program and erase operations. Once protection
+                                 ///<   is enabled for a block, its 'erasable' and 'programmable' bits are turned off.
+  uint32_t reserved      : 28;
+  uint32_t erase_unit;           ///< Minimum erase size in bytes.
+                                 ///<   The offset of the start of the erase-range should also be aligned with this value.
+                                 ///<   Applicable if the 'erasable' attribute is set for the block.
+                                 ///<   @note: if 'erasable' (see above) is 0--i.e. the 'erase' operation isn't available--then
+                                 ///<   'erase_unit' is immaterial and should be 0.
+  uint32_t protection_unit;      ///< Minimum protectable size in bytes. Applicable if the 'protectable'
+                                 ///<   attribute is set for the block. This should be a divisor of the block's size. A
+                                 ///<   block can be considered to be made up of consecutive, individually-protectable fragments.
+} ARM_STORAGE_BLOCK_ATTRIBUTES;
+
+/**
+ * \brief A storage block is a range of memory with uniform attributes. Storage blocks
+ * combine to make up the address map of a storage controller.
+ */
+typedef struct _ARM_STORAGE_BLOCK {
+  uint64_t                     addr;       ///< This is the start address of the storage block. It is
+                                           ///<   expressed as an offset from the start of the storage map
+                                           ///<   maintained by the owning storage controller.
+  uint64_t                     size;       ///< This is the size of the storage block, in units of bytes.
+                                           ///<   Together with addr, it describes a range [addr, addr+size).
+  ARM_STORAGE_BLOCK_ATTRIBUTES attributes; ///< Attributes for this block.
+} ARM_STORAGE_BLOCK;
+
+/**
+ * The check for a valid ARM_STORAGE_BLOCK.
+ */
+#define ARM_STORAGE_VALID_BLOCK(BLK) (((BLK)->addr != ARM_STORAGE_INVALID_OFFSET) && ((BLK)->size != 0))
+
+/**
+ * \brief Values for encoding storage memory-types with respect to programmability.
+ *
+ * Please ensure that the maximum of the following memory types doesn't exceed 16; we
+ * encode this in a 4-bit field within ARM_STORAGE_INFO::programmability.
+ */
+#define ARM_STORAGE_PROGRAMMABILITY_RAM       (0x0)
+#define ARM_STORAGE_PROGRAMMABILITY_ROM       (0x1) ///< Read-only memory.
+#define ARM_STORAGE_PROGRAMMABILITY_WORM      (0x2) ///< write-once-read-only-memory (WORM).
+#define ARM_STORAGE_PROGRAMMABILITY_ERASABLE  (0x3) ///< re-programmable based on erase. Supports multiple writes.
+
+/**
+ * Values for encoding data-retention levels for storage blocks.
+ *
+ * Please ensure that the maximum of the following retention types doesn't exceed 16; we
+ * encode this in a 4-bit field within ARM_STORAGE_INFO::retention_level.
+ */
+#define ARM_RETENTION_WHILE_DEVICE_ACTIVE     (0x0) ///< Data is retained only during device activity.
+#define ARM_RETENTION_ACROSS_SLEEP            (0x1) ///< Data is retained across processor sleep.
+#define ARM_RETENTION_ACROSS_DEEP_SLEEP       (0x2) ///< Data is retained across processor deep-sleep.
+#define ARM_RETENTION_BATTERY_BACKED          (0x3) ///< Data is battery-backed. Device can be powered off.
+#define ARM_RETENTION_NVM                     (0x4) ///< Data is retained in non-volatile memory.
+
+/**
+ * Device Data Security Protection Features. Applicable mostly to EXTERNAL_NVM.
+ */
+typedef struct _ARM_STORAGE_SECURITY_FEATURES {
+  uint32_t acls                :  1; ///< Protection against internal software attacks using ACLs.
+  uint32_t rollback_protection :  1; ///< Roll-back protection. Set to true if the creator of the storage
+                                     ///<   can ensure that an external attacker can't force an
+                                     ///<   older firmware to run or to revert back to a previous state.
+  uint32_t tamper_proof        :  1; ///< Tamper-proof memory (will be deleted on tamper-attempts using board level or chip level sensors).
+  uint32_t internal_flash      :  1; ///< Internal flash.
+  uint32_t reserved1           : 12;
+
+  /**
+   * Encode support for hardening against various classes of attacks.
+   */
+  uint32_t software_attacks     :  1; ///< device software (malware running on the device).
+  uint32_t board_level_attacks  :  1; ///< board level attacks (debug probes, copy protection fuses.)
+  uint32_t chip_level_attacks   :  1; ///< chip level attacks (tamper-protection).
+  uint32_t side_channel_attacks :  1; ///< side channel attacks.
+  uint32_t reserved2            : 12;
+} ARM_STORAGE_SECURITY_FEATURES;
+
+#define ARM_STORAGE_PROGRAM_CYCLES_INFINITE (0UL) /**< Infinite or unknown endurance for reprogramming. */
+
+/**
+ * \brief Storage information. This contains device-metadata. It is the return
+ *     value from calling GetInfo() on the storage driver.
+ *
+ * \details These fields serve a different purpose than the ones contained in
+ *     \ref ARM_STORAGE_CAPABILITIES, which is another structure containing
+ *     device-level metadata. ARM_STORAGE_CAPABILITIES describes the API
+ *     capabilities, whereas ARM_STORAGE_INFO describes the device. Furthermore
+ *     ARM_STORAGE_CAPABILITIES fits within a single word, and is designed to be
+ *     passed around by value; ARM_STORAGE_INFO, on the other hand, contains
+ *     metadata which doesn't fit into a single word and requires the use of
+ *     pointers to be moved around.
+ */
+typedef struct _ARM_STORAGE_INFO {
+  uint64_t                      total_storage;        ///< Total available storage, in bytes.
+  uint32_t                      program_unit;         ///< Minimum programming size in bytes.
+                                                      ///<   The offset of the start of the program-range should also be aligned with this value.
+                                                      ///<   Applicable only if the 'programmable' attribute is set for a block.
+                                                      ///<   @note: setting program_unit to 0 has the effect of disabling the size and alignment
+                                                      ///<   restrictions (setting it to 1 also has the same effect).
+  uint32_t                      optimal_program_unit; ///< Optimal programming page-size in bytes. Some storage controllers
+                                                      ///<   have internal buffers into which to receive data. Writing in chunks of
+                                                      ///<   'optimal_program_unit' would achieve maximum programming speed.
+                                                      ///<   Applicable only if the 'programmable' attribute is set for the underlying block(s).
+  uint32_t                      program_cycles;       ///< A measure of endurance for reprogramming.
+                                                      ///<   Use ARM_STORAGE_PROGRAM_CYCLES_INFINITE for infinite or unknown endurance.
+  uint32_t                      erased_value    :  1; ///< Contents of erased memory (usually 1 to indicate erased bytes with state 0xFF).
+  uint32_t                      memory_mapped   :  1; ///< This storage device has a mapping onto the processor's memory address space.
+                                                      ///<   @note: For a memory-mapped block which isn't erasable but is programmable (i.e. if
+                                                      ///<   'erasable' is set to 0, but 'programmable' is 1), writes should be possible directly to
+                                                      ///<   the memory-mapped storage without going through the ProgramData operation.
+  uint32_t                      programmability :  4; ///< A value to indicate storage programmability.
+  uint32_t                      retention_level :  4;
+  uint32_t                      reserved        : 22;
+  ARM_STORAGE_SECURITY_FEATURES security;             ///< \ref ARM_STORAGE_SECURITY_FEATURES
+} ARM_STORAGE_INFO;
+
+/**
+\brief Operating status of the storage controller.
+*/
+typedef struct _ARM_STORAGE_STATUS {
+  uint32_t busy  : 1;                   ///< Controller busy flag
+  uint32_t error : 1;                   ///< Read/Program/Erase error flag (cleared on start of next operation)
+} ARM_STORAGE_STATUS;
+
+/**
+ * \brief Storage Driver API Capabilities.
+ *
+ * This data structure is designed to fit within a single word so that it can be
+ * fetched cheaply using a call to driver->GetCapabilities().
+ */
+typedef struct _ARM_STORAGE_CAPABILITIES {
+  uint32_t asynchronous_ops :  1; ///< Used to indicate if APIs like initialize,
+                                  ///<   read, erase, program, etc. can operate in asynchronous mode.
+                                  ///<   Setting this bit to 1 means that the driver is capable
+                                  ///<   of launching asynchronous operations; command completion is
+                                  ///<   signaled by the invocation of a completion callback. If
+                                  ///<   set to 1, drivers may still complete asynchronous
+                                  ///<   operations synchronously as necessary--in which case they
+                                  ///<   return a positive error code to indicate synchronous completion.
+  uint32_t erase_all        :  1; ///< Supports EraseAll operation.
+  uint32_t reserved         : 30;
+} ARM_STORAGE_CAPABILITIES;
+
+/**
+ * Command opcodes for Storage. Completion callbacks use these codes to refer to
+ * completing commands. Refer to \ref ARM_Storage_Callback_t.
+ */
+typedef enum _ARM_STORAGE_OPERATION {
+  ARM_STORAGE_OPERATION_GET_VERSION,
+  ARM_STORAGE_OPERATION_GET_CAPABILITIES,
+  ARM_STORAGE_OPERATION_INITIALIZE,
+  ARM_STORAGE_OPERATION_UNINITIALIZE,
+  ARM_STORAGE_OPERATION_POWER_CONTROL,
+  ARM_STORAGE_OPERATION_READ_DATA,
+  ARM_STORAGE_OPERATION_PROGRAM_DATA,
+  ARM_STORAGE_OPERATION_ERASE,
+  ARM_STORAGE_OPERATION_ERASE_ALL,
+  ARM_STORAGE_OPERATION_GET_STATUS,
+  ARM_STORAGE_OPERATION_GET_INFO,
+  ARM_STORAGE_OPERATION_RESOLVE_ADDRESS,
+  ARM_STORAGE_OPERATION_GET_NEXT_BLOCK,
+  ARM_STORAGE_OPERATION_GET_BLOCK
+} ARM_STORAGE_OPERATION;
+
+/**
+ * Declaration of the callback-type for command completion.
+ *
+ * @param [in] status
+ *               A code to indicate the status of the completed operation. For data
+ *               transfer operations, the status field is overloaded in case of
+ *               success to return the count of items successfully transferred; this
+ *               can be done safely because error codes are negative values.
+ *
+ * @param [in] operation
+ *               The command op-code. This value isn't essential for the callback in
+ *               the presence of the command instance-id, but it is expected that
+ *               this information could be a quick and useful filter.
+ */
+typedef void (*ARM_Storage_Callback_t)(int32_t status, ARM_STORAGE_OPERATION operation);
+
+/**
+ * This is the set of operations constituting the Storage driver. Their
+ * implementation is platform-specific, and needs to be supplied by the
+ * porting effort.
+ *
+ * Some APIs within `ARM_DRIVER_STORAGE` will always operate synchronously:
+ * GetVersion, GetCapabilities, GetStatus, GetInfo, ResolveAddress,
+ * GetNextBlock, and GetBlock. This means that control returns to the caller
+ * with a relevant status code only after the completion of the operation (or
+ * the discovery of a failure condition).
+ *
+ * The remainder of the APIs: Initialize, Uninitialize, PowerControl, ReadData,
+ * ProgramData, Erase, EraseAll, can function asynchronously if the underlying
+ * controller supports it--i.e. if ARM_STORAGE_CAPABILITIES::asynchronous_ops is
+ * set. In the case of asynchronous operation, the invocation returns early
+ * (with ARM_DRIVER_OK) and results in a completion callback later. If
+ * ARM_STORAGE_CAPABILITIES::asynchronous_ops is not set, then all such APIs
+ * execute synchronously, and control returns to the caller with a status code
+ * only after the completion of the operation (or the discovery of a failure
+ * condition).
+ *
+ * If ARM_STORAGE_CAPABILITIES::asynchronous_ops is set, a storage driver may
+ * still choose to execute asynchronous operations in a synchronous manner. If
+ * so, the driver returns a positive value to indicate successful synchronous
+ * completion (or an error code in case of failure) and no further invocation of
+ * completion callback should be expected. The expected return value for
+ * synchronous completion of such asynchronous operations varies depending on
+ * the operation. For operations involving data access, it often equals the
+ * amount of data transferred or affected. For non data-transfer operations,
+ * such as EraseAll or Initialize, it is usually 1.
+ *
+ * Here's a code snippet to suggest how asynchronous APIs might be used by
+ * callers to handle both synchronous and asynchronous execution by the
+ * underlying storage driver:
+ * \code
+ *     ASSERT(ARM_DRIVER_OK == 0); // this is a precondition; it doesn't need to be put in code
+ *     int32_t returnValue = drv->asynchronousAPI(...);
+ *     if (returnValue < ARM_DRIVER_OK) {
+ *         // handle error.
+ *     } else if (returnValue == ARM_DRIVER_OK) {
+ *         ASSERT(drv->GetCapabilities().asynchronous_ops == 1);
+ *         // handle early return from asynchronous execution; remainder of the work is done in the callback handler.
+ *     } else {
+ *         ASSERT(returnValue == EXPECTED_RETURN_VALUE_FOR_SYNCHRONOUS_COMPLETION);
+ *         // handle synchronous completion.
+ *     }
+ * \endcode
+ */
+typedef struct _ARM_DRIVER_STORAGE {
+  /**
+   * \brief Get driver version.
+   *
+   * The function GetVersion() returns version information of the driver implementation in ARM_DRIVER_VERSION.
+   *
+   *    - API version is the version of the CMSIS-Driver specification used to implement this driver.
+   *    - Driver version is source code version of the actual driver implementation.
+   *
+   * Example:
+   * \code
+   *     extern ARM_DRIVER_STORAGE *drv_info;
+   *
+   *     void read_version (void)  {
+   *       ARM_DRIVER_VERSION  version;
+   *
+   *       version = drv_info->GetVersion ();
+   *       if (version.api < 0x10A)   {      // requires at minimum API version 1.10 or higher
+   *         // error handling
+   *         return;
+   *       }
+   *     }
+   * \endcode
+   *
+   * @return \ref ARM_DRIVER_VERSION.
+   *
+   * @note This API returns synchronously--it does not result in an invocation
+   *     of a completion callback.
+   *
+   * @note The function GetVersion() can be called any time to obtain the
+   *     required information from the driver (even before initialization). It
+   *     always returns the same information.
+   */
+  ARM_DRIVER_VERSION (*GetVersion)(void);
+
+  /**
+   * \brief Get driver capabilities.
+   *
+   * \details The function GetCapabilities() returns information about
+   * capabilities in this driver implementation. The data fields of the struct
+   * ARM_STORAGE_CAPABILITIES encode various capabilities, for example if the device
+   * is able to execute operations asynchronously.
+   *
+   * Example:
+   * \code
+   *     extern ARM_DRIVER_STORAGE *drv_info;
+   *
+   *     void read_capabilities (void)  {
+   *       ARM_STORAGE_CAPABILITIES drv_capabilities;
+   *
+   *       drv_capabilities = drv_info->GetCapabilities ();
+   *       // interrogate capabilities
+   *
+   *     }
+   * \endcode
+   *
+   * @return \ref ARM_STORAGE_CAPABILITIES.
+   *
+   * @note This API returns synchronously--it does not result in an invocation
+   *     of a completion callback.
+   *
+   * @note The function GetCapabilities() can be called any time to obtain the
+   *     required information from the driver (even before initialization). It
+   *     always returns the same information.
+   */
+  ARM_STORAGE_CAPABILITIES (*GetCapabilities)(void);
+
+  /**
+   * \brief Initialize the Storage Interface.
+   *
+   * The function Initialize is called when the middleware component starts
+   * operation. In addition to bringing the controller to a ready state,
+   * Initialize() receives a callback handler to be invoked upon completion of
+   * asynchronous operations.
+   *
+   * Initialize() needs to be called explicitly before
+   * powering the peripheral using PowerControl(), and before initiating other
+   * accesses to the storage controller.
+   *
+   * The function performs the following operations:
+   *   - Initializes the resources needed for the Storage interface.
+   *   - Registers the \ref ARM_Storage_Callback_t callback function.
+   *
+   * To start working with a peripheral the functions Initialize and PowerControl need to be called in this order:
+   *     drv->Initialize (...); // Allocate I/O pins
+   *     drv->PowerControl (ARM_POWER_FULL);        // Power up peripheral, setup IRQ/DMA
+   *
+   * - Initialize() typically allocates the I/O resources (pins) for the
+   *   peripheral. The function can be called multiple times; if the I/O resources
+   *   are already initialized it performs no operation and just returns with
+   *   ARM_DRIVER_OK.
+   *
+   * - PowerControl (ARM_POWER_FULL) sets the peripheral registers including
+   *   interrupt (NVIC) and optionally DMA. The function can be called multiple
+   *   times; if the registers are already set it performs no operation and just
+   *   returns with ARM_DRIVER_OK.
+   *
+   * To stop working with a peripheral the functions PowerControl and Uninitialize need to be called in this order:
+   *     drv->PowerControl (ARM_POWER_OFF);     // Terminate any pending transfers, reset IRQ/DMA, power off peripheral
+   *     drv->Uninitialize (...);               // Release I/O pins
+   *
+   * The functions PowerControl and Uninitialize always execute and can be used
+   * to put the peripheral into a Safe State, for example after any data
+   * transmission errors. To restart the peripheral in an error condition,
+   * you should first execute the Stop Sequence and then the Start Sequence.
+   *
+   * @param [in] callback
+   *               Caller-defined callback to be invoked upon command completion
+   *               for asynchronous APIs (including the completion of
+   *               initialization). Use a NULL pointer when no callback
+   *               signals are required.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with a status value of ARM_DRIVER_OK or an error-code. In the
+   *     case of synchronous execution, control returns after completion with a
+   *     value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
+   */
+  int32_t (*Initialize)(ARM_Storage_Callback_t callback);
+
+  /**
+   * \brief De-initialize the Storage Interface.
+   *
+   * The function Uninitialize() de-initializes the resources of Storage interface.
+   *
+   * It is called when the middleware component stops operation, and wishes to
+   * release the software resources used by the interface.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with a status value of ARM_DRIVER_OK or an error-code. In the
+   *     case of synchronous execution, control returns after completion with a
+   *     value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
+   */
+  int32_t (*Uninitialize)(void);
+
+  /**
+   * \brief Control the Storage interface power.
+   *
+   * The function \b ARM_Storage_PowerControl operates the power modes of the Storage interface.
+   *
+   * To start working with a peripheral the functions Initialize and PowerControl need to be called in this order:
+   *     drv->Initialize (...);                 // Allocate I/O pins
+   *     drv->PowerControl (ARM_POWER_FULL);    // Power up peripheral, setup IRQ/DMA
+   *
+   * - Initialize() typically allocates the I/O resources (pins) for the
+   *   peripheral. The function can be called multiple times; if the I/O resources
+   *   are already initialized it performs no operation and just returns with
+   *   ARM_DRIVER_OK.
+   *
+   * - PowerControl (ARM_POWER_FULL) sets the peripheral registers including
+   *   interrupt (NVIC) and optionally DMA. The function can be called multiple
+   *   times; if the registers are already set it performs no operation and just
+   *   returns with ARM_DRIVER_OK.
+   *
+   * To stop working with a peripheral the functions PowerControl and Uninitialize need to be called in this order:
+   *
+   *     drv->PowerControl (ARM_POWER_OFF);     // Terminate any pending transfers, reset IRQ/DMA, power off peripheral
+   *     drv->Uninitialize (...);               // Release I/O pins
+   *
+   * The functions PowerControl and Uninitialize always execute and can be used
+   * to put the peripheral into a Safe State, for example after any data
+   * transmission errors. To restart the peripheral in an error condition,
+   * you should first execute the Stop Sequence and then the Start Sequence.
+   *
+   * @param state
+   *          \ref ARM_POWER_STATE. The target power-state for the storage controller.
+   *          The parameter state can have the following values:
+   *              - ARM_POWER_FULL : set-up peripheral for data transfers, enable interrupts
+   *                                 (NVIC) and optionally DMA. Can be called multiple times. If the peripheral
+   *                                 is already in this mode, then the function performs no operation and returns
+   *                                 with ARM_DRIVER_OK.
+   *              - ARM_POWER_LOW : may use power saving. Returns ARM_DRIVER_ERROR_UNSUPPORTED when not implemented.
+   *              - ARM_POWER_OFF : terminates any pending data transfers, disables peripheral, disables related interrupts and DMA.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with a status value of ARM_DRIVER_OK or an error-code. In the
+   *     case of synchronous execution, control returns after completion with a
+   *     value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
+   */
+  int32_t (*PowerControl)(ARM_POWER_STATE state);
+
+  /**
+   * \brief read the contents of a given address range from the storage device.
+   *
+   * \details Read the contents of a range of storage memory into a buffer
+   *   supplied by the caller. The buffer is owned by the caller and should
+   *   remain accessible for the lifetime of this command.
+   *
+   * @param  [in] addr
+   *                This specifies the address from where to read data.
+   *
+   * @param [out] data
+   *                The destination of the read operation. The buffer
+   *                is owned by the caller and should remain accessible for the
+   *                lifetime of this command.
+   *
+   * @param  [in] size
+   *                The number of bytes requested to read. The data buffer
+   *                should be at least as large as this size.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with the number of successfully transferred bytes passed in as
+   *     the 'status' parameter. In the case of synchronous execution, control
+   *     returns after completion with a positive transfer-count. Return values
+   *     less than ARM_DRIVER_OK (0) signify errors.
+   */
+  int32_t (*ReadData)(uint64_t addr, void *data, uint32_t size);
+
+  /**
+   * \brief program (write into) the contents of a given address range of the storage device.
+   *
+   * \details Write the contents of a given memory buffer into a range of
+   *   storage memory. In the case of flash memory, the destination range in
+   *   storage memory typically has its contents in an erased state from a
+   *   preceding erase operation. The source memory buffer is owned by the
+   *   caller and should remain accessible for the lifetime of this command.
+   *
+   * @param [in] addr
+   *               This is the start address of the range to be written into. It
+   *               needs to be aligned to the device's \em program_unit
+   *               specified in \ref ARM_STORAGE_INFO.
+   *
+   * @param [in] data
+   *               The source of the write operation. The buffer is owned by the
+   *               caller and should remain accessible for the lifetime of this
+   *               command.
+   *
+   * @param [in] size
+   *               The number of bytes requested to be written. The buffer
+   *               should be at least as large as this size. \note 'size' should
+   *               be a multiple of the device's 'program_unit' (see \ref
+   *               ARM_STORAGE_INFO).
+   *
+   * @note It is best for the middleware to write in units of
+   *     'optimal_program_unit' (\ref ARM_STORAGE_INFO) of the device.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with the number of successfully transferred bytes passed in as
+   *     the 'status' parameter. In the case of synchronous execution, control
+   *     returns after completion with a positive transfer-count. Return values
+   *     less than ARM_DRIVER_OK (0) signify errors.
+   */
+  int32_t (*ProgramData)(uint64_t addr, const void *data, uint32_t size);
+
+  /**
+   * @brief Erase Storage range.
+   *
+   * @details This function erases a range of storage specified by [addr, addr +
+   *     size). Both 'addr' and 'addr + size' should align with the
+   *     'erase_unit'(s) of the respective owning storage block(s) (see \ref
+   *     ARM_STORAGE_BLOCK and \ref ARM_STORAGE_BLOCK_ATTRIBUTES). The range to
+   *     be erased will have its contents returned to the un-programmed state--
+   *     i.e. to 'erased_value' (see \ref ARM_STORAGE_BLOCK_ATTRIBUTES), which
+   *     is usually 1 to indicate the pattern of all ones: 0xFF.
+   *
+   * @param [in] addr
+   *               This is the start-address of the range to be erased. It must
+   *               start at an 'erase_unit' boundary of the underlying block.
+   *
+   * @param [in] size
+   *               Size (in bytes) of the range to be erased. 'addr + size'
+   *               must be aligned with the 'erase_unit' of the underlying
+   *               block.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return
+   *   If the range to be erased doesn't align with the erase_units of the
+   *   respective start and end blocks, ARM_DRIVER_ERROR_PARAMETER is returned.
+   *   If any part of the range is protected, ARM_STORAGE_ERROR_PROTECTED is
+   *   returned. If any part of the range is not erasable,
+   *   ARM_STORAGE_ERROR_NOT_ERASABLE is returned. All such sanity-check
+   *   failures result in the error code being returned synchronously and the
+   *   storage bytes within the range remain unaffected.
+   *   Otherwise the function executes in the following ways:
+   *     If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with the number of successfully erased bytes passed in as
+   *     the 'status' parameter. In the case of synchronous execution, control
+   *     returns after completion with a positive erase-count. Return values
+   *     less than ARM_DRIVER_OK (0) signify errors.
+   *
+   * @note Erase() may return a smaller (positive) value than the size of the
+   *     requested range. The returned value indicates the actual number of bytes
+   *     erased. It is the caller's responsibility to follow up with an appropriate
+   *     request to complete the operation.
+   *
+   * @note in the case of a failed erase (except when
+   *     ARM_DRIVER_ERROR_PARAMETER, ARM_STORAGE_ERROR_PROTECTED, or
+   *     ARM_STORAGE_ERROR_NOT_ERASABLE is returned synchronously), the
+   *     requested range should be assumed to be in an unknown state. The
+   *     previous contents may not be retained.
+   */
+  int32_t (*Erase)(uint64_t addr, uint32_t size);
+
+  /**
+   * @brief Erase complete storage. Optional function for faster erase of the complete device.
+   *
+   * This optional function erases the complete device. If the device does not
+   *    support global erase then the function returns the error value \ref
+   *    ARM_DRIVER_ERROR_UNSUPPORTED. The data field \em 'erase_all' =
+   *    \token{1} of the structure \ref ARM_STORAGE_CAPABILITIES encodes that
+   *    \ref ARM_STORAGE_EraseAll is supported.
+   *
+   * @note This API may execute asynchronously if
+   *     ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
+   *     execution is optional even if 'asynchronous_ops' is set.
+   *
+   * @return
+   *   If any part of the storage range is protected,
+   *   ARM_STORAGE_ERROR_PROTECTED is returned. If any part of the storage
+   *   range is not erasable, ARM_STORAGE_ERROR_NOT_ERASABLE is returned. All
+   *   such sanity-check failures result in the error code being returned
+   *   synchronously and the storage bytes within the range remain unaffected.
+   *   Otherwise the function executes in the following ways:
+   *     If asynchronous activity is launched, an invocation returns
+   *     ARM_DRIVER_OK, and the caller can expect to receive a callback in the
+   *     future with ARM_DRIVER_OK passed in as the 'status' parameter. In the
+   *     case of synchronous execution, control returns after completion with a
+   *     value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
+   */
+  int32_t (*EraseAll)(void);
+
+  /**
+   * @brief Get the status of the current (or previous) command executed by the
+   *     storage controller; stored in the structure \ref ARM_STORAGE_STATUS.
+   *
+   * @return
+   *          The status of the underlying controller.
+   *
+   * @note This API returns synchronously--it does not result in an invocation
+   *     of a completion callback.
+   */
+  ARM_STORAGE_STATUS (*GetStatus)(void);
+
+  /**
+   * @brief Get information about the Storage device; stored in the structure \ref ARM_STORAGE_INFO.
+   *
+   * @param [out] info
+   *                A caller-supplied buffer capable of being filled in with an
+   *                \ref ARM_STORAGE_INFO.
+   *
+   * @return ARM_DRIVER_OK if a ARM_STORAGE_INFO structure containing top level
+   *         metadata about the storage controller is filled into the supplied
+   *         buffer, else an appropriate error value.
+   *
+   * @note It is the caller's responsibility to ensure that the buffer passed in
+   *         is able to be initialized with a \ref ARM_STORAGE_INFO.
+   *
+   * @note This API returns synchronously--it does not result in an invocation
+   *     of a completion callback.
+   */
+  int32_t (*GetInfo)(ARM_STORAGE_INFO *info);
+
+  /**
+   * \brief For memory-mapped storage, resolve an address relative to
+   *     the storage controller into a memory address.
+   *
+   * @param addr
+   *          This is the address for which we want a resolution to the
+   *          processor's physical address space. It is an offset from the
+   *          start of the storage map maintained by the owning storage
+   *          controller.
+   *
+   * @return
+   *          The resolved address in the processor's address space; else
+   *          ARM_STORAGE_INVALID_ADDRESS, if no resolution is possible.
+   *
+   * @note This API returns synchronously. The invocation should return quickly,
+   *     and result in a resolved address.
+   */
+  uint32_t (*ResolveAddress)(uint64_t addr);
+
+  /**
+   * @brief Advance to the successor of the current block (iterator), or fetch
+   *     the first block (if 'prev_block' is passed in as NULL).
+   *
+   * @details This helper function fetches (an iterator to) the next block (or
+   *     the first block if 'prev_block' is passed in as NULL). In the failure
+   *     case, a terminating, invalid block iterator is filled into the out
+   *     parameter: 'next_block'. In combination with \ref
+   *     ARM_STORAGE_VALID_BLOCK(), it can be used to iterate over the sequence
+   *     of blocks within the storage map:
+   *
+   * \code
+   *   ARM_STORAGE_BLOCK block;
+   *   for (drv->GetNextBlock(NULL, &block); ARM_STORAGE_VALID_BLOCK(&block); drv->GetNextBlock(&block, &block)) {
+   *       // make use of block
+   *   }
+   * \endcode
+   *
+   * @param[in]  prev_block
+   *               An existing block (iterator) within the same storage
+   *               controller. The memory buffer holding this block is owned
+   *               by the caller. This pointer may be NULL; if so, the
+   *               invocation fills in the first block into the out parameter:
+   *               'next_block'.
+   *
+   * @param[out] next_block
+   *               A caller-owned buffer large enough to be filled in with
+   *               the following ARM_STORAGE_BLOCK. It is legal to provide the
+   *               same buffer using 'next_block' as was passed in with 'prev_block'. It
+   *               is also legal to pass a NULL into this parameter if the
+   *               caller isn't interested in populating a buffer with the next
+   *               block--i.e. if the caller only wishes to establish the
+   *               presence of a next block.
+   *
+   * @return ARM_DRIVER_OK if a valid next block is found (or first block, if
+   *     prev_block is passed as NULL); upon successful operation, the contents
+   *     of the next (or first) block are filled into the buffer pointed to by
+   *     the parameter 'next_block' and ARM_STORAGE_VALID_BLOCK(next_block) is
+   *     guaranteed to be true. Upon reaching the end of the sequence of blocks
+   *     (iterators), or in case the driver is unable to fetch information about
+   *     the next (or first) block, an error (negative) value is returned and an
+   *     invalid StorageBlock is populated into the supplied buffer. If
+   *     prev_block is NULL, the first block is returned.
+   *
+   * @note This API returns synchronously--it does not result in an invocation
+   *     of a completion callback.
+   */
+   int32_t (*GetNextBlock)(const ARM_STORAGE_BLOCK* prev_block, ARM_STORAGE_BLOCK *next_block);
+
+  /**
+   * @brief Find the storage block (iterator) encompassing a given storage address.
+   *
+   * @param[in]  addr
+   *               Storage address in bytes.
+   *
+   * @param[out] block
+   *               A caller-owned buffer large enough to be filled in with the
+   *               ARM_STORAGE_BLOCK encapsulating the given address. This value
+   *               can also be passed in as NULL if the caller isn't interested
+   *               in populating a buffer with the block--if the caller only
+   *               wishes to establish the presence of a containing storage
+   *               block.
+   *
+   * @return ARM_DRIVER_OK if a containing storage-block is found. In this case,
+   *     if block is non-NULL, the buffer pointed to by it is populated with
+   *     the contents of the storage block--i.e. if block is valid and a block is
+   *     found, ARM_STORAGE_VALID_BLOCK(block) would return true following this
+   *     call. If there is no storage block containing the given offset, or in
+   *     case the driver is unable to resolve an address to a storage-block, an
+   *     error (negative) value is returned and an invalid StorageBlock is
+   *     populated into the supplied buffer.
+   *
+   * @note This API returns synchronously--it does not result in an invocation
+   *     of a completion callback.
+   */
+  int32_t (*GetBlock)(uint64_t addr, ARM_STORAGE_BLOCK *block);
+} const ARM_DRIVER_STORAGE;
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif /* __DRIVER_STORAGE_H */