@@ Line 1: / Line 1: @@
-TSEC (Tegra Security Engine Controller) is a NVIDIA Falcon microprocessor with crypto extensions. Therefore, all information in this page related to Falcon is identical for TSEC and vice versa.
+TSEC (Tegra Security Engine Controller) is a dedicated unit powered by a NVIDIA Falcon microprocessor with crypto extensions.
 = Driver =
-A host driver for communicating with the TSEC/Falcon is mapped to physical address 0x54500000 with a total size of 0x40000 bytes and exposes several registers.
+A host driver for communicating with the TSEC is mapped to physical address 0x54500000 with a total size of 0x40000 bytes and exposes several registers.
 == Registers ==
+Registers from 0x54501000 to 0x54502000 are a MMIO window for communicating with the Falcon microprocessor. From this range, the subset of registers from 0x54501400 to 0x54501FE8 are specific to the TSEC.
 {| class="wikitable" border="1"
 !  Name
 !  Address
 !  Width
+|-
+| FALCON_IRQSSET
+| 0x54501000
+| 0x04
+|-
+| FALCON_IRQSCLR
+| 0x54501004
+| 0x04
+|-
+| FALCON_IRQSTAT
+| 0x54501008
+| 0x04
+|-
+| FALCON_IRQMODE
+| 0x5450100C
+| 0x04
 |-
 | [[#FALCON_IRQMSET|FALCON_IRQMSET]]
 | 0x54501010
+| 0x04
+|-
+| FALCON_IRQMCLR
+| 0x54501014
+| 0x04
+|-
+| FALCON_IRQMASK
+| 0x54501018
 | 0x04
 |-
@@ Line 28: / Line 54: @@
 | [[#FALCON_ITFEN|FALCON_ITFEN]]
 | 0x54501048
+| 0x04
+|-
+| FALCON_IDLESTATE
+| 0x5450104C
+| 0x04
+|-
+| FALCON_CURCTX
+| 0x54501050
+| 0x04
+|-
+| FALCON_NXTCTX
+| 0x54501054
+| 0x04
+|-
+| FALCON_SCRATCH2
+| 0x54501080
+| 0x04
+|-
+| FALCON_SCRATCH3
+| 0x54501084
+| 0x04
+|-
+| FALCON_ENGCTL
+| 0x545010A4
 | 0x04
 |-
@@ Line 36: / Line 86: @@
 | [[#FALCON_BOOTVEC|FALCON_BOOTVEC]]
 | 0x54501104
+| 0x04
+|-
+| FALCON_HWCFG
+| 0x54501108
 | 0x04
 |-
@@ Line 56: / Line 110: @@
 | [[#FALCON_DMATRFFBOFFS|FALCON_DMATRFFBOFFS]]
 | 0x5450111C
+| 0x04
+|-
+| FALCON_CPUCTL_ALIAS
+| 0x54501130
+| 0x04
+|-
+| FALCON_EXTERRADDR
+| 0x54501168
+| 0x04
+|-
+| FALCON_EXTERRSTAT
+| 0x5450116C
+| 0x04
+|-
+| FALCON_CODE_INDEX
+| 0x54501180
+| 0x04
+|-
+| FALCON_CODE
+| 0x54501184
+| 0x04
+|-
+| FALCON_CODE_VIRT_ADDR
+| 0x54501188
+| 0x04
+|-
+| FALCON_DATA_INDEX0
+| 0x545011C0
+| 0x04
+|-
+| FALCON_DATA0
+| 0x545011C4
+| 0x04
+|-
+| FALCON_DATA_INDEX1
+| 0x545011C8
+| 0x04
+|-
+| FALCON_DATA1
+| 0x545011CC
+| 0x04
+|-
+| FALCON_DATA_INDEX2
+| 0x545011D0
+| 0x04
+|-
+| FALCON_DATA2
+| 0x545011D4
+| 0x04
+|-
+| FALCON_DATA_INDEX3
+| 0x545011D8
+| 0x04
+|-
+| FALCON_DATA3
+| 0x545011DC
+| 0x04
+|-
+| FALCON_DATA_INDEX4
+| 0x545011E0
+| 0x04
+|-
+| FALCON_DATA4
+| 0x545011E4
+| 0x04
+|-
+| FALCON_DATA_INDEX5
+| 0x545011E8
+| 0x04
+|-
+| FALCON_DATA5
+| 0x545011EC
+| 0x04
+|-
+| FALCON_DATA_INDEX6
+| 0x545011F0
+| 0x04
+|-
+| FALCON_DATA6
+| 0x545011F4
+| 0x04
+|-
+| FALCON_DATA_INDEX7
+| 0x545011F8
+| 0x04
+|-
+| FALCON_DATA7
+| 0x545011FC
+| 0x04
+|-
+| FALCON_ICD_CMD
+| 0x54501200
+| 0x04
+|-
+| FALCON_ICD_ADDR
+| 0x54501204
+| 0x04
+|-
+| FALCON_ICD_WDATA
+| 0x54501208
+| 0x04
+|-
+| FALCON_ICD_RDATA
+| 0x5450120C
+| 0x04
+|-
+| FALCON_SCTL
+| 0x54501240
+| 0x04
+|-
+| TSEC_AUTH_MODE
+| 0x5450140C
+| 0x04
+|-
+| [[#TSEC_SCP_CTL_PKEY|TSEC_SCP_CTL_PKEY]]
+| 0x54501418
+| 0x04
+|-
+| TSEC_DMA_CMD
+| 0x54501700
+| 0x04
+|-
+| TSEC_DMA_ADDR
+| 0x54501704
+| 0x04
+|-
+| TSEC_DMA_VAL
+| 0x54501708
+| 0x04
+|-
+| TSEC_DMA_UNK
+| 0x5450170C
+| 0x04
+|-
+| [[#TSEC_TEGRA_CTL|TSEC_TEGRA_CTL]]
+| 0x54501838
 | 0x04
 |-
@@ Line 143: / Line 333: @@
 === FALCON_DMATRFFBOFFS ===
 Takes the offset for Falcon's target memory being transferred.
+=== TSEC_SCP_CTL_PKEY ===
+{| class="wikitable" border="1"
+!  Bits
+!  Description
+|-
+| 0
+| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
+|-
+| 1
+| TSEC_SCP_CTL_PKEY_LOADED
+|-
+|}
+=== TSEC_TEGRA_CTL ===
+{| class="wikitable" border="1"
+!  Bits
+!  Description
+|-
+| 16
+| TSEC_TEGRA_CTL_TKFI_KFUSE
+|-
+|}
 = Boot Process =
@@ Line 475: / Line 688: @@
   cmov(c7, c0);
-  // Update engine specific IO (crypto?)
+  // Clear TSEC_TEGRA_CTL_TKFI_KFUSE
-  *(u32 *)0x00020E00 &= 0xEFFFF;
+ // This is TSEC_MMIO + 0x1000 + (0x20E00 / 0x40)
+  *(u32 *)TSEC_TEGRA_CTL &= 0xEFFFF;
-  // Update engine specific IO (crypto?)
+  // Set TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
-  *(u32 *)0x00010600 |= 0x01;
+ // This is TSEC_MMIO + 0x1000 + (0x10600 / 0x40)
+  *(u32 *)TSEC_SCP_CTL_PKEY |= 0x01;
-  u32 wait_10600 = 0;
+  u32 is_pkey_loaded = 0;
-  // Wait for some device
+  // Wait for TSEC_SCP_CTL_PKEY_LOADED
-  while (wait_10600 == 0)
+  while (!is_pkey_loaded)
-     wait_10600 = (*(u32 *)0x00010600 & 0x02);
+     is_pkey_loaded = (*(u32 *)TSEC_SCP_CTL_PKEY & 0x02);
   // Read data segment size from IO space
@@ Line 515: / Line 730: @@
   // Exit Authenticated Mode
-  *(u32 *)0x00010300 = 0;
+ // This is TSEC_MMIO + 0x1000 + (0x10300 / 0x40)
+  *(u32 *)TSEC_AUTH_MODE = 0;
   return;
@@ Line 621: / Line 837: @@
   else if (key_version == 0x02)	        // Use HOVI_COMMON_01
     hovi_key_addr = key_buf + 0x60;
-  else if (key_version == 0x03)	        // Use device key
+  else if (key_version == 0x03)	        // Use empty key
     hovi_key_addr = key_buf + 0x00;
   else
@@ Line 912: / Line 1,128: @@
 == Stage 2 ==
 This stage is decrypted by Stage 1 using a key generated by encrypting a seed with an hardware secret (see [[TSEC#keygen|keygen]]).
-The hardware secret is, presumably, a 16 bytes key located at offset 0x26 inside the KFUSE array.
 == Key data ==
@@ Line 924: / Line 1,139: @@
 | 0x00
 | 0x10
-| Device key
+| Empty
 |-
 | 0x10
@@ Line 944: / Line 1,159: @@
 | 0x50
 | 0x10
-| HOVI eks seed
+| HOVI EKS seed
 |-
 | 0x60
 | 0x10
-| HOVI common seed
+| HOVI COMMON seed
 |-
 | 0x70

TSEC: Difference between revisions