Changes

The main purpose of the secure bootrom is to authenticate the code pages marked as "secure". This is done by first extracting the base address and size of the region to authenticate from the [[#SEC|SEC SPR]], then calculating a signature over this region and finally comparing it to the value of the [[#SCP|SCP]] register $c6.

The main purpose of the secure bootrom is to authenticate the code pages marked as "secure". This is done by first extracting the base address and size of the region to authenticate from the [[#SEC|SEC SPR]], then calculating a signature over this region and finally comparing it to the value of the [[#SCP|SCP]] register $c6.

If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid.

If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.

If the comparison fails, an exception is raised, but since the secure bootrom is already running from an exception context, this causes a double exception state which forces the CPU to halt.

If the comparison fails, an exception is raised, but since the secure bootrom is already running from an exception context, this causes a double exception state which forces the CPU to halt.