2,939
edits
Changes
→SecureBoot
$flags.ie0 = 0;
$flags.ie0 = 0;
$flags.ie1 = 0;
$flags.ie1 = 0;
// Jump to the SecureBoot blob's Falcon OS image
exec_secboot();
return 0x0F0F0F0F;
</pre>
[8.1.0+] Removed transfer base address setting and added IMEM protection.
<pre>
// The next xfer instruction will be overridden
// and target changes from DMA to crypto
cxset(0x01);
u32 crypto_reg_flag = 0x00060000;
u32 blob4_flcn_os_img_hash_addr = 0;
// Transfer data to crypto register c6
xdst(0, (blob4_flcn_os_img_hash_addr | crypto_reg_flag));
// The next xfer instruction will be overridden
// and target changes from DMA to crypto
cxset(0x01);
// Wait for all data loads/stores to finish
xdwait();
cmov($c7, $c6);
cxor($c7, $c7);
// Set auth_addr to 0x100, auth_size to 0x1D00,
// bit 16 (use_secret) and bit 17 (is_encrypted)
$cauth = ((0x02 << 0x10) | (0x01 << 0x10) | (0x1D00 << 0x10) | (0x100 >> 0x08));
// Clear interrupt flags
$flags.ie0 = 0;
$flags.ie1 = 0;
// Fill remaining IMEM with secret pages
bool use_secret = true;
memcpy_d2i(0x1E00, 0, 0x2200, 0x1E00, use_secret);
memcpy_d2i(0x4000, 0, 0x4000, 0x4000, use_secret);
// Wait for all code loads to finish
xcwait();
// Jump to the SecureBoot blob's Falcon OS image
// Jump to the SecureBoot blob's Falcon OS image