2,787
edits
Changes
no edit summary
| [[#TSEC_THI_CONT_SYNCPT_L1|TSEC_THI_CONT_SYNCPT_L1]]
| [[#TSEC_THI_CONT_SYNCPT_L1|TSEC_THI_CONT_SYNCPT_L1]]
| 0x5450002C
| 0x5450002C
| 0x04
| 0x04
|-
|-
| 0x04
| 0x04
|-
|-
| TSEC_FALCON_UNK_E0
| [[#TSEC_FALCON_SIRQMASK|TSEC_FALCON_SIRQMASK]]
| 0x545010E0
| 0x545010E0
| 0x04
| 0x04
| 0x04
| 0x04
|-
|-
| [[#TSEC_FALCON_SSTAT|TSEC_FALCON_SSTAT]]
| [[#TSEC_FALCON_SERRSTAT|TSEC_FALCON_SERRSTAT]]
| 0x54501244
| 0x54501244
| 0x04
| 0x04
|-
|-
| TSEC_FALCON_UNK_250
| [[#TSEC_FALCON_SERRVAL|TSEC_FALCON_SERRVAL]]
| 0x54501248
| 0x04
|-
| [[#TSEC_FALCON_SERRADDR|TSEC_FALCON_SERRADDR]]
| 0x5450124C
| 0x04
|-
| [[#TSEC_FALCON_SCTL1|TSEC_FALCON_SCTL1]]
| 0x54501250
| 0x54501250
| 0x04
| 0x04
|-
|-
| TSEC_FALCON_UNK_260
| [[#TSEC_FALCON_STEST|TSEC_FALCON_STEST]]
| 0x54501258
| 0x04
|-
| [[#TSEC_FALCON_SICD|TSEC_FALCON_SICD]]
| 0x54501260
| 0x54501260
| 0x04
| 0x04
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL2
| [[#TSEC_SCP_RND_CTL2|TSEC_SCP_RND_CTL2]]
| 0x54501508
| 0x54501508
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL3
| [[#TSEC_SCP_RND_CTL3|TSEC_SCP_RND_CTL3]]
| 0x5450150C
| 0x5450150C
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL4
| [[#TSEC_SCP_RND_CTL4|TSEC_SCP_RND_CTL4]]
| 0x54501510
| 0x54501510
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL5
| [[#TSEC_SCP_RND_CTL5|TSEC_SCP_RND_CTL5]]
| 0x54501514
| 0x54501514
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL6
| [[#TSEC_SCP_RND_CTL6|TSEC_SCP_RND_CTL6]]
| 0x54501518
| 0x54501518
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL7
| [[#TSEC_SCP_RND_CTL7|TSEC_SCP_RND_CTL7]]
| 0x5450151C
| 0x5450151C
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL8
| [[#TSEC_SCP_RND_CTL8|TSEC_SCP_RND_CTL8]]
| 0x54501520
| 0x54501520
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL9
| [[#TSEC_SCP_RND_CTL9|TSEC_SCP_RND_CTL9]]
| 0x54501524
| 0x54501524
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL10
| [[#TSEC_SCP_RND_CTL10|TSEC_SCP_RND_CTL10]]
| 0x54501528
| 0x54501528
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL11
| [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]]
| 0x5450152C
| 0x5450152C
| 0x04
| 0x04
| [[#TSEC_TFBIF_DBG_R128COUNT|TSEC_TFBIF_DBG_R128COUNT]]
| [[#TSEC_TFBIF_DBG_R128COUNT|TSEC_TFBIF_DBG_R128COUNT]]
| 0x5450162C
| 0x5450162C
| 0x04
| 0x04
|-
|-
| [[#TSEC_TFBIF_MCCIF_FIFOCTRL1|TSEC_TFBIF_MCCIF_FIFOCTRL1]]
| [[#TSEC_TFBIF_MCCIF_FIFOCTRL1|TSEC_TFBIF_MCCIF_FIFOCTRL1]]
| 0x54501634
| 0x54501634
| 0x04
| 0x04
|-
|-
| [[#TSEC_TFBIF_REGIONCFG|TSEC_TFBIF_REGIONCFG]]
| [[#TSEC_TFBIF_REGIONCFG|TSEC_TFBIF_REGIONCFG]]
| 0x54501648
| 0x54501648
| 0x04
| 0x04
|-
|-
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_00
| [[#TSEC_VERSION|TSEC_VERSION]]
| 0x54501800
| 0x54501800
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_04
| [[#TSEC_SCRATCH0|TSEC_SCRATCH0]]
| 0x54501804
| 0x54501804
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_08
| [[#TSEC_SCRATCH1|TSEC_SCRATCH1]]
| 0x54501808
| 0x54501808
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_0C
| [[#TSEC_SCRATCH2|TSEC_SCRATCH2]]
| 0x5450180C
| 0x5450180C
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_10
| [[#TSEC_SCRATCH3|TSEC_SCRATCH3]]
| 0x54501810
| 0x54501810
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_14
| [[#TSEC_SCRATCH4|TSEC_SCRATCH4]]
| 0x54501814
| 0x54501814
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_18
| [[#TSEC_SCRATCH5|TSEC_SCRATCH5]]
| 0x54501818
| 0x54501818
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_1C
| [[#TSEC_SCRATCH6|TSEC_SCRATCH6]]
| 0x5450181C
| 0x5450181C
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_20
| [[#TSEC_SCRATCH7|TSEC_SCRATCH7]]
| 0x54501820
| 0x54501820
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_24
| [[#TSEC_GPTMRINT|TSEC_GPTMRINT]]
| 0x54501824
| 0x54501824
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_28
| [[#TSEC_GPTMRVAL|TSEC_GPTMRVAL]]
| 0x54501828
| 0x54501828
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_2C
| [[#TSEC_GPTMRCTL|TSEC_GPTMRCTL]]
| 0x5450182C
| 0x5450182C
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_30
| [[#TSEC_ITFEN|TSEC_ITFEN]]
| 0x54501830
| 0x54501830
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_34
| [[#TSEC_ITFSTAT|TSEC_ITFSTAT]]
| 0x54501834
| 0x54501834
| 0x04
| 0x04
|}
|}
=== TSEC_THI_STREAMID0 ===
=== TSEC_THI_METHOD0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-6
| 0-11
| TSEC_THI_STREAMID0_ID
| TSEC_THI_METHOD0_OFFSET
|}
|}
Used to encode and send a method's ID over HOST1X to TSEC. This register mirrors the functionality of HOST1X's channel opcode submission.
The following methods are available:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! ID
! Description
! Method
|-
|-
| 0x100
| 0x100
| NOP
| NOP
|-
|-
| 16
| 16
| TSEC_FALCON_DEBUG1_CTXSW_MODE
| TSEC_FALCON_DEBUG1_CTXSW_MODE
|}
|}
=== TSEC_FALCON_RSTAT3 ===
=== TSEC_FALCON_RSTAT3 ===
Mirror of the [[#TSEC_FALCON_ICD_RDATA|ICD status register 3]].
Mirror of the [[#TSEC_FALCON_ICD_RDATA|ICD status register 3]].
=== TSEC_FALCON_SIRQMASK ===
Unofficial name.
Same as [[#TSEC_FALCON_IRQMASK|TSEC_FALCON_IRQMASK]], but for LS mode.
=== TSEC_FALCON_CPUCTL ===
=== TSEC_FALCON_CPUCTL ===
|-
|-
| 4-5
| 4-5
| Current access level
|-
| 8-9
| Unknown access level
|-
| 12
| Unknown
| Unknown
|-
|-
| 12-13
| 13
| Unknown
| Unknown
|-
|-
|}
|}
=== TSEC_FALCON_SSTAT ===
=== TSEC_FALCON_SERRSTAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
| 0-23
| Unknown
|-
|-
| 30
| 30
|}
|}
=== TSEC_FALCON_SPROT_IMEM ===
Unofficial name.
Used for detecting invalid CSB accesses in LS mode.
=== TSEC_FALCON_SERRVAL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-31
| Read access level
| Error code
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_DMEM ===
=== TSEC_FALCON_SERRADDR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-31
| Read access level
| Error address
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_CPUCTL ===
=== TSEC_FALCON_SCTL1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-1
| Read access level
| CSB access level
|-
|-
| 4-7
| 2-3
| Write access level
| Unknown access level
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_MISC ===
=== TSEC_FALCON_STEST ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-31
| Read access level
| Unknown
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_IRQ ===
=== TSEC_FALCON_SICD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| Read access level
| Enable access to ICD command STOP
|-
| 1
| Enable access to ICD command RUN
|-
| 2
| Enable access to ICD command RUNB
|-
|-
| 4-7
| 3
| Write access level
| Enable access to ICD command STEP
|}
|-
| 4
| Enable access to ICD command EMASK
|-
| 5
| Enable access to ICD command RREG (only for SPRs)
|-
| 6
| Enable access to ICD command RSTAT
|-
| 7
| Enable access to IBRKPT registers
|-
|-
| 0-3
| 8
| Read access level
| Enable access to ICD command RREG (only for GPRs)
|-
|-
| 4-7
| 9
| Write access level
| Enable access to ICD command RDM
|}
|}
Controls accesses to the following registers:
Unofficial name.
Controls access to the ICD in LS mode.
=== TSEC_FALCON_SPROT_SCTL ===
=== TSEC_FALCON_SPROT_IMEM ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-2
| Read access level
| Read access level
|-
|-
| 4-7
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
Controls accesses to the [[#TSEC_FALCON_SCTL|TSEC_FALCON_SCTL]] register.
Unofficial name.
Controls accesses to Falcon IMEM.
=== TSEC_FALCON_SPROT_WDTMR ===
=== TSEC_FALCON_SPROT_DMEM ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-2
| Read access level
| Read access level
|-
|-
| 4-7
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
Controls accesses to the following registers:
Unofficial name.
Controls accesses to Falcon DMEM.
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW ===
=== TSEC_FALCON_SPROT_CPUCTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW_VAL
| Read access level
|-
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH ===
Unofficial name.
Controls accesses to the [[#TSEC_FALCON_CPUCTL|TSEC_FALCON_CPUCTL]] register.
=== TSEC_FALCON_SPROT_MISC ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-30
| 0-2
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL
| Read access level
|-
|-
| 31
| 3
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_PRIVSTATE|TSEC_FALCON_PRIVSTATE]]
* [[#TSEC_FALCON_SFTRESET|TSEC_FALCON_SFTRESET]]
* [[#TSEC_FALCON_ADDR|TSEC_FALCON_ADDR]]
* [[#TSEC_FALCON_DMACTL|TSEC_FALCON_DMACTL]]
* [[#TSEC_FALCON_IMCTL|TSEC_FALCON_IMCTL]]
* [[#TSEC_FALCON_IMSTAT|TSEC_FALCON_IMSTAT]]
* [[#TSEC_FALCON_SCTL1|TSEC_FALCON_SCTL1]]
* [[#TSEC_FALCON_DMAINFO_CTL|TSEC_FALCON_DMAINFO_CTL]]
=== TSEC_FALCON_SPROT_IRQ ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL
| Read access level
|-
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_IRQMODE|TSEC_FALCON_IRQMODE]]
* [[#TSEC_FALCON_IRQMSET|TSEC_FALCON_IRQMSET]]
* [[#TSEC_FALCON_IRQMCLR|TSEC_FALCON_IRQMCLR]]
* [[#TSEC_FALCON_IRQDEST|TSEC_FALCON_IRQDEST]]
* [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]]
* [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]]
* [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]]
* [[#TSEC_FALCON_IRQDEST2|TSEC_FALCON_IRQDEST2]]
* [[#TSEC_FALCON_SIRQMASK|TSEC_FALCON_SIRQMASK]]
=== TSEC_FALCON_SPROT_MTHD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-30
| 0-2
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL
| Read access level
|-
|-
| 31
| 3
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_ITFEN|TSEC_FALCON_ITFEN]]
* [[#TSEC_FALCON_CURCTX|TSEC_FALCON_CURCTX]]
* [[#TSEC_FALCON_NXTCTX|TSEC_FALCON_NXTCTX]]
* [[#TSEC_FALCON_CTXACK|TSEC_FALCON_CTXACK]]
* [[#TSEC_FALCON_MTHDDATA|TSEC_FALCON_MTHDDATA]]
* [[#TSEC_FALCON_MTHDID|TSEC_FALCON_MTHDID]]
* [[#TSEC_FALCON_MTHDWDAT|TSEC_FALCON_MTHDWDAT]]
* [[#TSEC_FALCON_MTHDCOUNT|TSEC_FALCON_MTHDCOUNT]]
* [[#TSEC_FALCON_MTHDPOP|TSEC_FALCON_MTHDPOP]]
* [[#TSEC_FALCON_MTHDRAMSZ|TSEC_FALCON_MTHDRAMSZ]]
* [[#TSEC_FALCON_DEBUG1|TSEC_FALCON_DEBUG1]]
=== TSEC_FALCON_SPROT_SCTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL
| Read access level
|-
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH ===
Unofficial name.
Controls accesses to the [[#TSEC_FALCON_SCTL|TSEC_FALCON_SCTL]] register.
=== TSEC_FALCON_SPROT_WDTMR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-30
| 0-2
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL
| Read access level
|-
|-
| 31
| 3
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_WDTMRVAL|TSEC_FALCON_WDTMRVAL]]
* [[#TSEC_FALCON_WDTMRCTL|TSEC_FALCON_WDTMRCTL]]
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW_VAL
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH ===
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-30
| 0-30
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL
|-
|-
| 31
| 31
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT
|}
|}
=== TSEC_FALCON_DMAINFO_CTL ===
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL
| 1
|}
|}
=== TSEC_SCP_CTL0 ===
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 10
| 0-30
| Enable the [[#LOAD|LOAD]] block's interface
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL
|-
|-
| 12
| 31
| Enable the [[#STORE|STORE]] block's interface
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT
|}
|}
=== TSEC_SCP_CTL1 ===
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| Clear [[#SEQ|SEQ]] block's pipeline
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 8
| 0-30
| Clear the main [[#SCP|SCP]] pipeline
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL
|-
|-
| 11
| 31
| Enable [[#RNG|RNG]] block's test mode
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 12
| 0-31
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL
| 24
|}
|}
=== TSEC_SCP_CTL_STAT ===
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 20
| 0-30
| TSEC_SCP_CTL_STAT_DEBUG_MODE
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL
|-
| 31
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT
|}
|}
=== TSEC_SCP_CTL_LOCK ===
=== TSEC_FALCON_DMAINFO_CTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Enable lockdown mode (locks IMEM and DMEM)
| TSEC_FALCON_DMAINFO_CTL_CLR_FBRD
|-
|-
| 1
| 1
| Unknown
| TSEC_FALCON_DMAINFO_CTL_CLR_FBWR
|}
=== TSEC_SCP_CTL0 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 2
| 10
| Unknown
| Enable [[#LOAD|Falcon<->LOAD]] interface
|-
|-
| 3
| 12
| Unknown
| Enable [[#STORE|Falcon<->STORE]] interface
|-
|-
| 4
| 14
| Lock the [[#SCP|SCP]]
| Enable [[#CMD|Falcon<->CMD]] interface
|-
|-
| 5
| 16
| Unknown
| Enable [[#SEQ|SEQ]]
|-
|-
| 6
| 20
| Unknown
| Enable [[#CTL|CTL]]
| Unknown
|}
|}
Unofficial name.
=== TSEC_SCP_CFG ===
=== TSEC_SCP_CTL1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Unknown
| Clear [[#SEQ|SEQ]]
|-
|-
| 1
| 8
| Unknown
| Clear [[#SCP|SCP]]'s internal pipeline
|-
|-
| 2
| 11
| Unknown
| Enable [[#RNG|RNG]]'s test mode
|-
|-
| 3
| 12
| Unknown
| Enable [[#RNG|RNG]]
|-
|-
| 4
| 16
| [[#AES|AES]] block's endianness
| Enable [[#LOAD|Falcon<->LOAD]] interface's dummy mode (all reads return 0)
|-
|-
| 8
| 20
| Flush [[#CMD|CMD]] block's pipeline
| Enable [[#LOAD|Falcon<->LOAD]] interface bypassing (all reads are dropped)
|-
|-
| 12-13
| 24
| Carry chain size
| Enable [[#STORE|Falcon<->STORE]] interface bypassing (all writes are dropped)
|}
Unofficial name.
|-
| 16-31
=== TSEC_SCP_CTL_SCP ===
=== TSEC_SCP_CTL_STAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 20
| Swap [[#SCP|SCP]] master
| TSEC_SCP_CTL_STAT_DEBUG_MODE
|}
|}
=== TSEC_SCP_CTL_PKEY ===
=== TSEC_SCP_CTL_LOCK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
| Enable lockdown mode (locks IMEM and DMEM)
|-
|-
| 1
| 1
| TSEC_SCP_CTL_PKEY_LOADED
| Lockdown has pending exit request
|-
|-
| 0
| 2
| Unknown
| Lockdown has been enabled before
|-
|-
| 4
| 4
| Unknown
| Enable SCP lockdown mode (locks [[#SCP|SCP]]'s MMIO register space)
|-
|-
| 8
| 6
| Unknown
| SCP lockdown has been enabled before
|}
|}
=== TSEC_SCP_DBG0 ===
Unofficial name.
Controls lockdown mode. Can only be cleared in HS mode.
=== TSEC_SCP_CFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| Index
| Endianness for ADD
0: Little
1: Big
|-
|-
| 4
| 1
| Auto-increment
| Endianness for GFMUL
0: Little
1: Big
|-
|-
| 5-6
| 2
| Target
| Endianness for [[#LOAD|LOAD]]
0: None
0: Little
1: STORE
1: Big
|-
|-
| 8-12
| 3
| [[#SEQ|SEQ]] block's current sequence size
| Endianness for [[#STORE|STORE]]
0: Little
1: Big
|-
|-
| 13-16
| 4
| [[#SEQ|SEQ]] block's current instruction address
| Endianness for [[#AES|AES]]
0: Little
1: Big
|-
|-
| 17
| 8
| [[#SEQ|SEQ]] block's current instruction is valid
| Flush [[#CMD|CMD]]
|-
|-
| 18
| 12-13
| [[#SEQ|SEQ]] block is running in HS mode
| Carry chain's size
0: 32 bits
1: 64 bits
2: 96 bits
3: 128 bits
|-
|-
| 19-22
| 16-31
| [[#LOAD|LOAD]] block's pipeline size
| [[#SCP|SCP]]'s internal pipeline stall timeout value
|}
|}
Unofficial name.
=== TSEC_SCP_DBG1 ===
=== TSEC_SCP_CTL_SCP ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| [[#SEQ|SEQ]] block's current instruction's first operand
| Swap [[#SCP|SCP]]'s master
|-
|-
| 4-9
| 1
| [[#SEQ|SEQ]] block's current instruction's second operand
| Current [[#SCP|SCP]]'s master
0: Falcon
1: External
|}
|}
Unofficial name.
=== TSEC_SCP_DBG2 ===
=== TSEC_SCP_CTL_PKEY ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-1
| 0
| [[#SEQ|SEQ]] block's state
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
|-
| 1
| TSEC_SCP_CTL_PKEY_LOADED
|}
=== TSEC_SCP_CTL_DBG ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 4-7
| 4
| Number of [[#SEQ|SEQ]] block's instructions left
| Disable lockdown mode
|-
|-
| 12-15
| 8
| Active crypto key register
| Disable SCP lockdown mode
|}
|}
Unofficial name.
Overrides lockdown mode. Can only be set in debug mode.
=== TSEC_SCP_CMD ===
=== TSEC_SCP_DBG0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-3
| 0-3
| Destination register
| Index
|-
| 4
| Auto-increment
|-
|-
| 8-13
| 5-6
| Source register or immediate value
| Target
0: None
1: STORE
2: LOAD
3: SEQ
|-
|-
| 20-24
| 8-12
| Command opcode
| [[#SEQ|SEQ]]'s current sequence's size
|-
| 13-16
| [[#SEQ|SEQ]]'s current instruction's address
|-
| 17
| [[#SEQ|SEQ]]'s current instruction is valid
|-
| 18
| [[#SEQ|SEQ]] is running in HS mode
|-
| 19-22
| [[#LOAD|LOAD]]'s queue's size
|-
| 23
| [[#LOAD|LOAD]]'s current operation is valid
|-
| 24
| [[#LOAD|LOAD]] is running in HS mode
|-
| 25-26
| [[#STORE|STORE]]'s queue's size
|-
|-
| 28
| 30
| [[#CMD|CMD]] block's current instruction is valid
| [[#STORE|STORE]]'s current operation is valid
|-
|-
| 31
| 31
| [[#CMD|CMD]] block is running in HS mode
| [[#STORE|STORE]] is running in HS mode
|}
|}
Unofficial name.
Used for debugging the [[#LOAD|LOAD]], [[#STORE|STORE]] and [[#SEQ|SEQ]] blocks.
=== TSEC_SCP_STAT0 ===
=== TSEC_SCP_DBG1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| Data
If target is SEQ:
| 2
Bits 0-3: current instruction's first operand
Bits 4-9: current instruction's second operand
Bits 10-14: current instruction's opcode
|}
Unofficial name.
| [[#AES|AES]] block is active
Contains the status of the hardware blocks and interfaces.
Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the [[#SEQ|SEQ]] block.
=== TSEC_SCP_STAT1 ===
=== TSEC_SCP_DBG2 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-1
| 0-1
| Signature comparison result
| [[#SEQ|SEQ]]'s state
0: None
0: Idle
1: Running
1: Recording (cs0begin/cs1begin)
2: Failed
2: Executing (cs0exec/cs1exec)
|-
|-
| 4
| 4-7
| [[#LOAD|LOAD]] block's interface is running in HS mode
| Number of cycles left for [[#SEQ|SEQ]]'s current sequence
|-
|-
| 12-15
| Active crypto key register (ckeyreg)
| 12
| 14
|}
|}
Unofficial name.
Used for retrieving additional debug data associated with the [[#SEQ|SEQ]] block.
=== TSEC_SCP_STAT2 ===
=== TSEC_SCP_CMD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-4
| 0-3
| Current [[#SEQ|SEQ]] block opcode
| Destination register
|-
|-
| 5-9
| 8-13
| Current [[#CMD|CMD]] block's interface opcode
| Source register or immediate value
|-
|-
| 10-14
| 20-24
| Pending [[#CMD|CMD]] block opcode
| Command opcode
0x0: nop (fuc5 opcode 0x00)
0x1: cmov (fuc5 opcode 0x84)
0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset)
0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset)
0x4: crnd (fuc5 opcode 0x90)
0x5: cs0begin (fuc5 opcode 0x94)
0x6: cs0exec (fuc5 opcode 0x98)
0x7: cs1begin (fuc5 opcode 0x9C)
0x8: cs1exec (fuc5 opcode 0xA0)
0x9: invalid (fuc5 opcode 0xA4)
0xA: cchmod (fuc5 opcode 0xA8)
0xB: cxor (fuc5 opcode 0xAC)
0xC: cadd (fuc5 opcode 0xB0)
0xD: cand (fuc5 opcode 0xB4)
0xE: crev (fuc5 opcode 0xB8)
0xF: cgfmul (fuc5 opcode 0xBC)
0x10: csecret (fuc5 opcode 0xC0)
0x11: ckeyreg (fuc5 opcode 0xC4)
0x12: ckexp (fuc5 opcode 0xC8)
0x13: ckrexp (fuc5 opcode 0xCC)
0x14: cenc (fuc5 opcode 0xD0)
0x15: cdec (fuc5 opcode 0xD4)
0x16: csigcmp (fuc5 opcode 0xD8)
0x17: csigenc (fuc5 opcode 0xDC)
0x18: csigclr (fuc5 opcode 0xE0)
|-
|-
| 28
| 28
| Unknown
| [[#CMD|CMD]]'s current instruction is valid
|-
|-
| 29
| 31
| [[#AES|AES]] block is stalled
| [[#CMD|CMD]] is running in HS mode
|}
|}
Unofficial name.
=== TSEC_SCP_RNG_STAT0 ===
Contains information on the last crypto command executed.
=== TSEC_SCP_STAT0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| [[#RND|RND]] block is ready
| [[#SCP|SCP]] is active
|-
| 2
| [[#CMD|CMD]] is active
|-
|-
| 4-7
| 4
| Unknown
| [[#STORE|STORE]] is active
|-
|-
| 8-11
| 6
| Unknown
| [[#SEQ|SEQ]] is active
|-
|-
| 16
| 8
| Unknown
| [[#CTL|CTL]] is active
|-
|-
| 20
| 10
| Unknown
| [[#LOAD|LOAD]] is active
|}
|-
|-
| 0-15
| 14
| Unknown
| [[#AES|AES]] is active
|-
|-
| 16-31
| 16
| Unknown
| [[#RNG|RNG]] is active
|}
|}
=== TSEC_SCP_IRQSTAT ===
Unofficial name.
Contains the statuses of hardware blocks.
=== TSEC_SCP_STAT1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-1
| [[#RND|RND]] ready
| Signature comparison result
0: None
1: Running
2: Failed
3: Succeeded
|-
|-
| 8
| 4
| ACL error
| [[#LOAD|Falcon<->LOAD]] interface is running in HS mode
|-
|-
| 12
| 6
| SEC error
| [[#LOAD|Falcon<->LOAD]] interface is ready
|-
|-
| 16
| 8
| [[#CMD|CMD]] error
| [[#STORE|Falcon<->STORE]] interface is running in HS mode
|-
|-
| 20
| 10
| Single step
| [[#STORE|Falcon<->STORE]] interface received a valid operation
|-
|-
| 24
| 12
| [[#RND|RND]] operation
| [[#CMD|Falcon<->CMD]] interface is running in HS mode
|-
|-
| 28
| 14
| Timeout
| [[#CMD|Falcon<->CMD]] interface received a valid instruction
|}
|}
Unofficial name.
=== TSEC_SCP_IRQMASK ===
Contains the statuses of hardware interfaces and the result of the last authentication attempt.
=== TSEC_SCP_STAT2 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-4
| [[#RND|RND]] ready
| Current opcode in [[#SEQ|SEQ]]
|-
| 5-9
| Current opcode in [[#CMD|Falcon<->CMD]] interface
|-
| 10-14
| Pending opcode in [[#CMD|CMD]]
|-
|-
| 8
| 15-16
| ACL error
| Current opcode in [[#AES|AES]]
0: Encryption
1: Decryption
2: Key expansion
3: Key reverse expansion
|-
|-
| 12
| 24
| SEC error
| [[#SCP|SCP]]'s internal pipeline is stalled on hazard
|-
|-
| 16
| 25
| [[#CMD|CMD]] error
| [[#STORE|STORE]] is stalled
|-
|-
| 20
| 26
| Single step
| [[#LOAD|LOAD]] is stalled
|-
|-
| 24
| 27
| [[#RND|RND]] operation
| [[#RNG|RNG]] is stalled
|-
|-
| 28
| 28
| Timeout
| [[#SCP|SCP]]'s internal pipeline is stalled on writeback
|-
| 29
| [[#AES|AES]] is stalled
|}
|}
Unofficial name.
=== TSEC_SCP_ACL_ERR ===
Contains the status of crypto operations.
=== TSEC_SCP_RNG_STAT0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Writing to a crypto register without the correct ACL
| [[#RND|RND]] is ready
|-
| 4-7
| Unknown
|-
|-
| 4
| 8-11
| Reading from a crypto register without the correct ACL
| Unknown
|-
|-
| 8
| 16
| Invalid ACL change (cchmod)
| Unknown
|-
|-
| 31
| 20
| ACL error occurred
| Unknown
|}
|}
Unofficial name.
=== TSEC_SCP_SEC_ERR ===
=== TSEC_SCP_RNG_STAT1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-15
| Unknown
| Unknown
|-
|-
| 1-2
| 16-31
| Unknown
| Unknown
|}
Unofficial name.
=== TSEC_SCP_IRQSTAT ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| [[#RND|RND]] ready
|-
|-
| 4
| 8
| Unknown
| ACL error
|-
|-
| 5-6
| 12
| Unknown
| SEC error
|-
|-
| 16
| 16
| Unknown
| [[#CMD|CMD]] error
|-
|-
| 20
| Single step
| 20
| Unknown
|-
|-
| 24
| 24
| Unknown
| [[#RND|RND]] clock trigger
|-
|-
| 25-26
| 28
| Unknown
| Stall timeout
|}
|}
=== TSEC_SCP_CMD_ERR ===
Unofficial name.
=== TSEC_SCP_IRQMASK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Invalid [[#CMD|CMD]] command
| [[#RND|RND]] ready
|-
|-
| 8
| 8
| [[#SEQ|SEQ]] sequence is too long
| ACL error
|-
|-
| 12
| 12
| [[#SEQ|SEQ]] sequence was not finished
| SEC error
|-
|-
| 16
| 16
| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)
| [[#CMD|CMD]] error
|-
|-
| 20
| 20
| Invalid signature operation (csigcmp in HS mode)
| Single step
|-
|-
| 24
| 24
| Forbidden ACL change (cchmod in NS mode)
| [[#RND|RND]] clock trigger
|-
| 28
| Stall timeout
|}
|}
Unofficial name.
=== TSEC_SCP_RND_CTL0 ===
=== TSEC_SCP_ACL_ERR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0
| [[#RND|RND]] clock trigger lower limit
| Writing to a crypto register without the correct ACL
|-
| 4
| Reading from a crypto register without the correct ACL
|-
| 8
| Invalid ACL change (cchmod)
|-
| 31
| ACL error occurred
|}
|}
Unofficial name.
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.
=== TSEC_TFBIF_CTL ===
=== TSEC_SCP_SEC_ERR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_CTL_CLR_BWCOUNT
| Security mode changed during sequence execution (cs0exec/cs1exec)
|-
| 1-2
| Security mode at the beginning of sequence execution
0: Non-secure
1: Heavy Secure
|-
|-
| 1
| 4
| TSEC_TFBIF_CTL_ENABLE
| Security mode changed during sequence recording (cs0begin/cs1begin)
|-
|-
| 2
| 5-6
| TSEC_TFBIF_CTL_CLR_IDLEWDERR
| Security mode at the beginning of sequence recording
0: Non-secure
1: Heavy Secure
|-
|-
| 3
| 16
| TSEC_TFBIF_CTL_RESET
| Security mode changed while reading from crypto register/stream (cxsout or xdld)
|-
|-
| 4
| 17-18
| TSEC_TFBIF_CTL_IDLE
| Security mode at the beginning of reading from crypto register/stream
0: Non-secure
1: Heavy Secure
|-
|-
| 5
| 20
| TSEC_TFBIF_CTL_IDLEWDERR
| Security mode and memory source changed while writing to crypto register/stream (cxsin or xdst)
|-
|-
| 6
| 21-22
| TSEC_TFBIF_CTL_SRTOUT
| Security mode when memory source changed while writing to crypto register/stream
0: Non-secure
1: Heavy Secure
|-
|-
| 7
| 24
| TSEC_TFBIF_CTL_CLR_SRTOUT
| Security mode changed while writing to crypto register/stream (cxsin or xdst)
|-
|-
| 8-11
| 25-26
| TSEC_TFBIF_CTL_SRTOVAL
| Security mode at the beginning of writing to crypto register/stream
0: Non-secure
1: Heavy Secure
|-
|-
| 12
| 31
| TSEC_TFBIF_CTL_VPR
| SEC error occurred
|}
|}
=== TSEC_TFBIF_MCCIF_FIFOCTRL ===
Unofficial name.
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|SEC error]] IRQ.
=== TSEC_SCP_CMD_ERR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE
| [[#CMD|CMD]]'s instruction is invalid
|-
|-
| 1
| 4
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE
| [[#SEQ|SEQ]]'s sequence is empty
|-
|-
| 2
| 8
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X
| [[#SEQ|SEQ]]'s sequence is too long
|-
|-
| 3
| 12
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST
| [[#SEQ|SEQ]]'s sequence was not finished
|-
|-
| 4
| 16
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X
| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)
|-
|-
| 5
| 20
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST
| Invalid signature operation (csigcmp in HS mode)
|-
|-
| 6
| 24
| TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE
| Forbidden ACL change (cchmod in NS mode)
|}
|}
=== TSEC_TFBIF_THROTTLE ===
Unofficial name.
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|CMD error]] IRQ.
=== TSEC_SCP_RND_CTL0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-11
| 0-31
| [[#RND|RND]] clock trigger's lower limit
|-
| TSEC_TFBIF_THROTTLE_LEAK_SIZE
|}
|}
=== TSEC_TFBIF_DBG_STAT0 ===
Unofficial name.
=== TSEC_SCP_RND_CTL1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-15
| TSEC_TFBIF_DBG_STAT0_1K_TRANSFER
| [[#RND|RND]] clock trigger's upper limit
|-
|-
| 1
| 16-31
| [[#RND|RND]] clock trigger's mask
|}
Unofficial name.
=== TSEC_SCP_RND_CTL2 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 2
| 0-15
| TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED
| Unknown
|}
Unofficial name.
=== TSEC_SCP_RND_CTL3 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 3
| 12
| TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED
| Trigger first LFSR
|-
|-
| 4
| 16
| TSEC_TFBIF_DBG_STAT0_STALL_RDATQ
| Trigger second LFSR
|}
Unofficial name.
=== TSEC_SCP_RND_CTL4 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 5
| 0-31
| TSEC_TFBIF_DBG_STAT0_STALL_RACKQ
| First LFSR's polynomial for [[#RNG|RNG]]'s test mode
|}
Unofficial name.
=== TSEC_SCP_RND_CTL5 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 6
| 0-31
| First LFSR's initial state for [[#RNG|RNG]]'s test mode
|}
| 7
| TSEC_TFBIF_DBG_STAT0_STALL_WDATQ
Unofficial name.
|-
=== TSEC_TFBIF_DBG_STAT1 ===
=== TSEC_SCP_RND_CTL6 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_DBG_STAT1_DATA
| Second LFSR's polynomial for [[#RNG|RNG]]'s test mode
|}
|}
=== TSEC_TFBIF_DBG_RDCOUNT_LO ===
Unofficial name.
=== TSEC_SCP_RND_CTL7 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_DBG_RDCOUNT_LO_DATA
| Second LFSR's initial state for [[#RNG|RNG]]'s test mode
|}
|}
=== TSEC_TFBIF_DBG_RDCOUNT_HI ===
Unofficial name.
=== TSEC_SCP_RND_CTL8 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-15
| TSEC_TFBIF_DBG_RDCOUNT_HI_DATA
| Unknown
|-
| 16-31
| Unknown
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_LO ===
Unofficial name.
=== TSEC_SCP_RND_CTL9 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-15
| TSEC_TFBIF_DBG_WRCOUNT_LO_DATA
| Unknown
|-
| 16-31
| Unknown
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_HI ===
Unofficial name.
=== TSEC_SCP_RND_CTL10 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-15
| TSEC_TFBIF_DBG_WRCOUNT_HI_DATA
| Unknown
|-
|-
| 0-31
| 16-31
| TSEC_TFBIF_DBG_R32COUNT_DATA
| Unknown
|}
|}
Unofficial name.
=== TSEC_TFBIF_DBG_R128COUNT ===
=== TSEC_SCP_RND_CTL11 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0
| TSEC_TFBIF_DBG_R128COUNT_DATA
| Unknown
|}
|-
| 1
| Unknown
|-
| 2
| Unknown
|-
| 3
| Unknown
|-
| 4-5
| First sampler's source
0: Oscillator
1: Unknown
2: LFSR
3: Dummy
|-
| 6-7
| Second sampler's source
0: Oscillator
1: Unknown
2: LFSR
3: Dummy
|-
| 8-11
| First sampler's tap value
|-
| 12-15
| Second sampler's tap value
|-
|-
| 0-15
| 16-19
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT
| Unknown
|-
|-
| 16-31
| 20-23
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT
| Unknown
|-
|-
| 0-15
| 24-30
| TSEC_TFBIF_WRR_RDP_EXT_WEIGHT
| Unknown
|-
|-
| 16-31
| 31
| TSEC_TFBIF_WRR_RDP_INT_WEIGHT
| Unknown
|}
|}
=== TSEC_TFBIF_SPROT_EMEM ===
Unofficial name.
=== TSEC_TFBIF_CTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| Read access level
| TSEC_TFBIF_CTL_CLR_BWCOUNT
|-
| 1
| TSEC_TFBIF_CTL_ENABLE
|-
| 2
| TSEC_TFBIF_CTL_CLR_IDLEWDERR
|-
| 3
| TSEC_TFBIF_CTL_RESET
|-
| 4
| TSEC_TFBIF_CTL_IDLE
|-
| 5
| TSEC_TFBIF_CTL_IDLEWDERR
|-
| 6
| TSEC_TFBIF_CTL_SRTOUT
|-
| 7
| TSEC_TFBIF_CTL_CLR_SRTOUT
|-
| 8-11
| TSEC_TFBIF_CTL_SRTOVAL
|-
|-
| 4-7
| 12
| Write access level
| TSEC_TFBIF_CTL_VPR
|}
|}
=== TSEC_TFBIF_MCCIF_FIFOCTRL ===
=== TSEC_TFBIF_TRANSCFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_TRANSCFG_ATT0_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE
|-
|-
| 4
| 1
| TSEC_TFBIF_TRANSCFG_ATT1_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE
|-
|-
| 8
| 2
| TSEC_TFBIF_TRANSCFG_ATT2_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X
|-
|-
| 12
| 3
| TSEC_TFBIF_TRANSCFG_ATT3_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST
|-
| 4
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X
|-
|-
| 16
| 5
| TSEC_TFBIF_TRANSCFG_ATT4_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST
|-
|-
| 20
| 6
| TSEC_TFBIF_TRANSCFG_ATT5_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE
|-
|-
| 24
| 7
| TSEC_TFBIF_TRANSCFG_ATT6_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVR_MODE
|-
|-
| 28
| 8
| TSEC_TFBIF_TRANSCFG_ATT7_SWID
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVR_MODE
|}
|}
=== TSEC_TFBIF_THROTTLE ===
=== TSEC_TFBIF_REGIONCFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-2
| 0-11
| TSEC_TFBIF_REGIONCFG_T0_APERT_ID
| TSEC_TFBIF_THROTTLE_BUCKET_SIZE
|-
|-
| 3
| 16-27
| TSEC_TFBIF_REGIONCFG_T0_VPR
| TSEC_TFBIF_THROTTLE_LEAK_COUNT
|-
|-
| 4-6
| 30-31
| TSEC_TFBIF_REGIONCFG_T1_APERT_ID
| TSEC_TFBIF_THROTTLE_LEAK_SIZE
|-
|}
| 7
=== TSEC_TFBIF_DBG_STAT0 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 8-10
| 0
| TSEC_TFBIF_REGIONCFG_T2_APERT_ID
| TSEC_TFBIF_DBG_STAT0_1K_TRANSFER
|-
|-
| 11
| 1
| TSEC_TFBIF_REGIONCFG_T2_VPR
| TSEC_TFBIF_DBG_STAT0_RREQ_ISSUED
|-
|-
| 12-14
| 2
| TSEC_TFBIF_REGIONCFG_T3_APERT_ID
| TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED
|-
|-
| 15
| 3
| TSEC_TFBIF_REGIONCFG_T3_VPR
| TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED
|-
|-
| 16-18
| 4
| TSEC_TFBIF_REGIONCFG_T4_APERT_ID
| TSEC_TFBIF_DBG_STAT0_STALL_RDATQ
|-
|-
| 19
| 5
| TSEC_TFBIF_REGIONCFG_T4_VPR
| TSEC_TFBIF_DBG_STAT0_STALL_RACKQ
|-
|-
| 20-22
| 6
| TSEC_TFBIF_REGIONCFG_T5_APERT_ID
| TSEC_TFBIF_DBG_STAT0_STALL_WREQQ
|-
|-
| 23
| 7
| TSEC_TFBIF_REGIONCFG_T5_VPR
| TSEC_TFBIF_DBG_STAT0_STALL_WDATQ
|-
|-
| 24-26
| 8
| TSEC_TFBIF_REGIONCFG_T6_APERT_ID
| TSEC_TFBIF_DBG_STAT0_STALL_WACKQ
|-
|-
| 27
| 9
| TSEC_TFBIF_REGIONCFG_T6_VPR
| TSEC_TFBIF_DBG_STAT0_STALL_RREQ_PENDING
|-
|-
| 28-30
| 10
| TSEC_TFBIF_REGIONCFG_T7_APERT_ID
| TSEC_TFBIF_DBG_STAT0_STALL_WREQ_PENDING
|-
| 11
| TSEC_TFBIF_DBG_STAT0_STALL_MREQ
|-
| 12
| TSEC_TFBIF_DBG_STAT0_ENGINE_IDLE
|-
| 13
| TSEC_TFBIF_DBG_STAT0_RMCCIF_IDLE
|-
| 14
| TSEC_TFBIF_DBG_STAT0_WMCCIF_IDLE
|-
| 15
| TSEC_TFBIF_DBG_STAT0_CSB_IDLE
|-
| 16
| TSEC_TFBIF_DBG_STAT0_RU_IDLE
|-
| 17
| TSEC_TFBIF_DBG_STAT0_WU_IDLE
|-
| 19
| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_ACTIVE
|-
|-
| 31
| 20
| TSEC_TFBIF_REGIONCFG_T7_VPR
| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_MCB
|}
|}
=== TSEC_TFBIF_DBG_STAT1 ===
=== TSEC_TFBIF_ACTMON_ACTIVE_MASK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_TFBIF_DBG_STAT1_DATA
| 3
|}
|}
=== TSEC_TFBIF_DBG_RDCOUNT_LO ===
=== TSEC_TFBIF_ACTMON_ACTIVE_BORPS ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STARVED_MC_POLARITY
| TSEC_TFBIF_DBG_RDCOUNT_LO_DATA
|}
=== TSEC_TFBIF_DBG_RDCOUNT_HI ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 1
| 0-31
| TSEC_TFBIF_DBG_RDCOUNT_HI_DATA
| 2
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_LO ===
=== TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT_VAL
| TSEC_TFBIF_DBG_WRCOUNT_LO_DATA
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_HI ===
=== TSEC_TFBIF_ACTMON_MCB_MASK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_TFBIF_DBG_WRCOUNT_HI_DATA
| 3
|}
|}
=== TSEC_TFBIF_DBG_R32COUNT ===
=== TSEC_TFBIF_ACTMON_MCB_BORPS ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_TFBIF_ACTMON_MCB_BORPS_STARVED_MC_POLARITY
| TSEC_TFBIF_DBG_R32COUNT_DATA
|-
|}
| 1
=== TSEC_TFBIF_DBG_R64COUNT ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 2
| 0-31
| TSEC_TFBIF_DBG_R64COUNT_DATA
| 5
|}
|}
=== TSEC_TFBIF_DBG_R128COUNT ===
=== TSEC_TFBIF_ACTMON_MCB_WEIGHT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_ACTMON_MCB_WEIGHT_VAL
| TSEC_TFBIF_DBG_R128COUNT_DATA
|}
|}
=== TSEC_TFBIF_MCCIF_FIFOCTRL1 ===
=== TSEC_TFBIF_THI_TRANSPROP ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-6
| 0-15
| TSEC_TFBIF_THI_TRANSPROP_STREAMID0
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT
|-
|-
| 8-14
| 16-31
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT
| TSEC_TFBIF_THI_TRANSPROP_TZ_AUTH
|}
|}
=== TSEC_CG ===
=== TSEC_TFBIF_SPROT_EMEM ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-5
| 0-2
| TSEC_CG_IDLE_CG_DLY_CNT
| Read access level
|-
|-
| 6
| 3
| TSEC_CG_IDLE_CG_EN
| Set on memory read access violation
|-
|-
| 16-18
| 4-6
| TSEC_CG_WAKEUP_DLY_CNT
| Write access level
|-
|-
| 19
| 7
| TSEC_CG_WAKEUP_DLY_EN
| Set on memory write access violation
|}
|}
=== TSEC_BAR0_CTL ===
Unofficial name.
Controls accesses to external memory regions. Accessible in HS mode only.
=== TSEC_TFBIF_TRANSCFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_BAR0_CTL_READ
| TSEC_TFBIF_TRANSCFG_ATT0_SWID
|-
| 4
| TSEC_TFBIF_TRANSCFG_ATT1_SWID
|-
| 8
| TSEC_TFBIF_TRANSCFG_ATT2_SWID
|-
|-
| 1
| 12
| TSEC_BAR0_CTL_WRITE
| TSEC_TFBIF_TRANSCFG_ATT3_SWID
|-
|-
| 4-7
| 16
| TSEC_BAR0_CTL_BYTE_MASK
| TSEC_TFBIF_TRANSCFG_ATT4_SWID
|-
|-
| 12-13
| 20
| TSEC_BAR0_CTL_STATUS
| TSEC_TFBIF_TRANSCFG_ATT5_SWID
|-
|-
| 16-17
| 24
| TSEC_BAR0_CTL_SEC_MODE
| TSEC_TFBIF_TRANSCFG_ATT6_SWID
|-
|-
| 31
| 28
| TSEC_BAR0_CTL_INIT
| TSEC_TFBIF_TRANSCFG_ATT7_SWID
|}
|}
Configures the software ID per CTXDMA port for memory transactions. Software ID 0 (HW_SWID) forces all transactions to go through the SMMU while software ID 1 (PHY_SWID) bypasses it. Accessible in HS mode only.
[6.0.0+] The nvhost_tsec firmware sets this register to 0x10 or 0x111110 before reading memory from the GPU UCODE carveout.
=== TSEC_BAR0_ADDR ===
=== TSEC_TFBIF_REGIONCFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_BAR0_ADDR_VAL
| TSEC_TFBIF_REGIONCFG_T0_APERT_ID
|-
|-
| 0-31
| 3
| TSEC_BAR0_DATA_VAL
| TSEC_TFBIF_REGIONCFG_T0_VPR
|-
|-
| 0-31
| 4-6
| TSEC_BAR0_TIMEOUT_VAL
| TSEC_TFBIF_REGIONCFG_T1_APERT_ID
|-
|-
| 16
| 7
| TSEC_TEGRA_CTL_TKFI_KFUSE
| TSEC_TFBIF_REGIONCFG_T1_VPR
|-
|-
| 17
| 8-10
| TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE
| TSEC_TFBIF_REGIONCFG_T2_APERT_ID
|-
|-
| 24
| 11
| TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C
| TSEC_TFBIF_REGIONCFG_T2_VPR
|-
| 12-14
| TSEC_TFBIF_REGIONCFG_T3_APERT_ID
|-
| 15
| TSEC_TFBIF_REGIONCFG_T3_VPR
|-
| 16-18
| TSEC_TFBIF_REGIONCFG_T4_APERT_ID
|-
| 19
| TSEC_TFBIF_REGIONCFG_T4_VPR
|-
| 20-22
| TSEC_TFBIF_REGIONCFG_T5_APERT_ID
|-
|-
| 25
| 23
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X
| TSEC_TFBIF_REGIONCFG_T5_VPR
|-
|-
| 26
| 24-26
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB
| TSEC_TFBIF_REGIONCFG_T6_APERT_ID
|-
|-
| 27
| 27
| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C
| TSEC_TFBIF_REGIONCFG_T6_VPR
|-
| 28-30
| TSEC_TFBIF_REGIONCFG_T7_APERT_ID
|-
| 31
| TSEC_TFBIF_REGIONCFG_T7_VPR
|}
|}
Configures the aperture ID and VPR mode per CTXDMA port for memory region accessing. Accessible in HS mode only.
[6.0.0+] The nvhost_tsec firmware sets this register to 0x20 or 0x140 before reading memory from the GPU UCODE carveout.
==== REG0-REG15 ====
=== TSEC_CG ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-5
| TSEC_CG_IDLE_CG_DLY_CNT
|-
| 6
| TSEC_CG_IDLE_CG_EN
|-
| 16-18
| TSEC_CG_WAKEUP_DLY_CNT
|-
| 19
| TSEC_CG_WAKEUP_DLY_EN
|}
=== TSEC_BAR0_CTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-7 || General purpose predicates
| 0
| TSEC_BAR0_CTL_READ
|-
|-
| 8 || ALU carry flag
| 1
| TSEC_BAR0_CTL_WRITE
|-
|-
| 9 || ALU signed overflow flag
| 4-7
| TSEC_BAR0_CTL_BYTE_MASK
|-
|-
| 10 || ALU sign flag
| 12-13
| TSEC_BAR0_CTL_STATUS
0: Idle
1: Busy
2: Error
3: Disabled
|-
|-
| 11 || ALU zero flag
| 16-17
| TSEC_BAR0_CTL_SEC_MODE
0: Non-secure
1: Invalid
2: Light Secure
3: Heavy Secure
|-
|-
| 16 || Interrupt 0 enable
| 31
| TSEC_BAR0_CTL_INIT
|-
|}
|}
Unofficial name.
Controls DMA transfers between TSEC and HOST1X (master and clients).
Starting a transfer over BAR0 automatically sets TSEC_BAR0_CTL_SEC_MODE to the current Falcon security mode. Once set, any attempts to start a transfer from a lower security level will fail.
{| class=wikitable
=== TSEC_BAR0_ADDR ===
! Bits || Description
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 0-4 || Number of instructions the override is valid for (0x1F means infinite)
| 0-31
| TSEC_BAR0_ADDR_VAL
| 7 || Internal memory select
|}
|}
Unofficial name.
Takes the address for DMA transfers between TSEC and HOST1X (master and clients).
=== TSEC_BAR0_DATA ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-7 || Start of region to authenticate (in pages of 0x100 bytes)
| 0-31
| TSEC_BAR0_DATA_VAL
| 24-31 || Size of region to authenticate (in pages of 0x100 bytes)
|}
|}
Unofficial name.
Takes the data for DMA transfers between TSEC and HOST1X (master and clients).
=== TSEC_BAR0_TIMEOUT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-2 || CTXDMA port for code loads (xcld)
| 0-31
| TSEC_BAR0_TIMEOUT_VAL
| 8-10 || CTXDMA port for data loads (xdld)
|}
|}
Unofficial name.
Takes the timeout value for DMA transfers between TSEC and HOST1X (master and clients).
=== TSEC_VERSION ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-19 || Exception PC
| 0-31
| Version
| 20-23 || Exception cause
|}
|}
Unofficial name.
==== SEC1 ====
=== TSEC_SCRATCH0 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
==== DMB1 ====
=== TSEC_SCRATCH1 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH2 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH3 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
==== Authentication ====
=== TSEC_SCRATCH4 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH5 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH6 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
== SCP ==
=== TSEC_SCRATCH7 ===
"SCP" (Secure Co-Processor) is a proprietary coprocessor which can be found inside every [[#Falcon|Falcon]] that supports [[#Secure BootROM|Heavy Secure Mode]]. On the Tegra X1 these are TSECA, TSECB, NVDEC and the GPU's PMU.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
==== LOAD ====
=== TSEC_GPTMRINT ===
Unofficial name.
Same as [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]], but for an unknown hardware block.
==== STORE ====
=== TSEC_GPTMRVAL ===
Unofficial name.
Same as [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]], but for an unknown hardware block.
==== CMD ====
=== TSEC_GPTMRCTL ===
Unofficial name.
Same as [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]], but for an unknown hardware block.
==== SEQ ====
=== TSEC_ITFEN ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| Enable [[#TSEC_GPTMRINT|TSEC_GPTMRINT]]
|-
| 1
| Unknown
|-
| 2
| Unknown
|-
| 3
| Unknown
|}
Unofficial name.
=== Operations ===
=== TSEC_ITFSTAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Opcode
! Bits
! Name
! Description
|-
| 0
| [[#TSEC_GPTMRINT|TSEC_GPTMRINT]] is enabled
|-
|-
| 0 || nop || N/A || N/A || ||
| 1
| Unknown
|-
|-
| 1 || mov || $cX || $cY || <code>$cX = $cY; ACL(X) = ACL(Y);</code> ||
| 2
| Unknown
|-
|-
| 2 || sin || $cX || N/A || <code>$cX = read_stream(); ACL(X) = ???;</code> ||
| 3
|-
| Unknown
| 3 || sout || $cX || N/A || <code>write_stream($cX);</code> || ?
|}
|-
| 4 || [[#rnd|rnd]] || $cX || N/A || <code>$cX = read_rnd(); ACL(X) = ???;</code> ||
Unofficial name.
|-
| 5 || s0begin || immX || N/A || <code>record_macro_for_N_instructions(0, immX);</code> ||
=== TSEC_TEGRA_CTL ===
|-
{| class="wikitable" border="1"
| 6 || s0exec || immX || N/A || <code>execute_macro_N_times(0, immX);</code> ||
! Bits
|-
! Description
| 7 || s1begin || immX || N/A || <code>record_macro_for_N_instructions(1, immX);</code> ||
|-
|-
| 16
| 8 || s1exec || immX || N/A || <code>execute_macro_N_times(1, immX);</code> ||
| TSEC_TEGRA_CTL_TKFI_KFUSE
|-
|-
| 9 || <invalid> || || || ||
| 17
|-
| TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE
| 0xA || [[#chmod|chmod]] || $cX || immY || Complicated, see [[#ACL|ACL]]. ||
|-
|-
| 24
| 0xB || xor || $cX || $cY || <code>$cX ^= $cY;</code> || <code>(ACL(X) & 2) && (ACL(Y) & 2)</code>
| TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C
|-
|-
| 0xC || add || $cX || immY || <code>$cX += immY;</code> || <code>(ACL(X) & 2)</code>
| 25
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X
|-
| 26
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB
|-
| 27
| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C
|}
== Falcon ==
"Falcon" (FAst Logic CONtroller) is a proprietary general purpose CPU which can be found inside various hardware blocks that require some sort of logic processing such as TSEC (TSECA and TSECB), NVDEC, NVENC, NVJPG, VIC, GPU PMU and XUSB.
=== Processor Registers ===
A total of 32 processor registers are available in the Falcon CPU.
==== REG0-REG15 ====
These are 16 32-bit GPRs (general purpose registers).
==== IV0 ====
This is a SPR (special purpose register) that holds the address for interrupt vector 0. Only bits 0 to 15 are used.
==== IV1 ====
This is a SPR (special purpose register) that holds the address for interrupt vector 1. Only bits 0 to 15 are used.
==== IV2 ====
This is a SPR (special purpose register) that holds the address for interrupt vector 2. This register is considered "UNDEFINED" and appears to be unused.
==== EV ====
This is a SPR (special purpose register) that holds the address for the exception vector. Only bits 0 to 15 are used.
Alternative name (envytools): "tv".
==== SP ====
This is a SPR (special purpose register) that holds the current stack pointer. Only bits 0 to 15 are used.
==== PC ====
This is a SPR (special purpose register) that holds the current program counter. Only bits 0 to 15 are used.
==== IMB ====
This is a SPR (special purpose register) that holds the external base address for IMEM transfers.
Alternative name (envytools): "xcbase".
==== DMB ====
This is a SPR (special purpose register) that holds the external base address for DMEM transfers.
Alternative name (envytools): "xdbase".
==== CSW ====
This is a SPR (special purpose register) that holds various flag bits.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-7 || General purpose predicates
|-
| 8 || ALU carry flag
|-
| 9 || ALU signed overflow flag
|-
| 10 || ALU sign flag
|-
| 11 || ALU zero flag
|-
| 16 || Interrupt 0 enable
|-
| 17 || Interrupt 1 enable
|-
| 18 || Interrupt 2 enable (undefined)
|-
| 20 || Interrupt 0 saved enable
|-
| 21 || Interrupt 1 saved enable
|-
| 22 || Interrupt 2 saved enable (undefined)
|-
| 24 || Exception active
|-
| 26-31 || Unknown
|}
Alternative name (envytools): "flags".
==== CCR ====
This is a SPR (special purpose register) that holds configuration bits for the SCP DMA override functionality. The value of this register is set using the "cxset" instruction which provides a way to change the behavior of a variable amount of successively executed DMA-related instructions ("xdwait", "xdst" and "xdld").
{| class=wikitable
! Bits || Description
|-
| 0-4 || Number of instructions the override is valid for (0x1F means infinite)
|-
| 5 || Crypto source/destination select
0: Crypto register
1: Crypto stream
|-
| 6 || Bypass mode
0: Disabled
1: Enabled
|-
| 7 || Internal memory select
0: DMEM
1: IMEM
|}
Alternative name (envytools): "cx".
==== SEC ====
This is a SPR (special purpose register) that holds configuration bits for the SCP authentication process.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-7 || Start of region to authenticate (in pages of 0x100 bytes)
|-
| 16 || Force secure DMA transfers
|-
| 17 || Decrypt region to authenticate
|-
| 18 || Signature check passed
|-
| 19 || Suppress interrupts and exceptions
|-
| 24-31 || Size of region to authenticate (in pages of 0x100 bytes)
|}
Alternative name (envytools): "cauth".
==== CTX ====
This is a SPR (special purpose register) that holds configuration bits for the CTXDMA ports.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-2 || CTXDMA port for code loads (xcld)
|-
| 4-6 || CTXDMA port for code stores (invalid)
|-
| 8-10 || CTXDMA port for data loads (xdld)
|-
| 12-14 || CTXDMA port for data stores (xdst)
|}
Alternative name (envytools): "xtargets".
==== EXCI ====
This is a SPR (special purpose register) that holds information on raised exceptions.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-19 || Exception PC
|-
| 20-23 || Exception cause
|}
Alternative name (envytools): "tstatus".
==== SEC1 ====
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
==== IMB1 ====
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
==== DMB1 ====
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
=== Secure BootROM ===
Certain Falcon CPUs may have an optional "Secure BootROM", but contrary to the common purpose of bootrom code, this doesn't execute while booting the CPU. In fact, being a microprocessor, Falcon is designed to execute user supplied code right off the bat in a clean slate state. However, Falcon can be paired with a [[#SCP|secure co-processor]] and provide a cryptosystem for any hardware block that may require it, originating what is known as a "secretful" unit.
Secretful Falcon CPUs have [[#TSEC_FALCON_HWCFG1|TSEC_FALCON_HWCFG1_SECURITY_MODEL]] set to 3, which means they support "Heavy Secure" mode (or "HS" for short). While in HS mode, the Falcon's DMEM and IMEM regions are protected from read and write operations, which effectively hides code and data from attackers.
Entering HS mode first requires uploading code marked as "secure" to Falcon, which can be done from MMIO using [[#TSEC_FALCON_IMEMC|TSEC_FALCON_IMEMC]] with the [[#TSEC_FALCON_IMEMC|TSEC_FALCON_IMEMC_SECURE]] bit set. Upon jumping to a page marked as secret, the [[#TSEC_FALCON_EXCI|INV_INS]] exception is raised which tells the Falcon to start executing the secure bootrom code.
The secure bootrom lives in a hidden ROM region, instead of IMEM, and is mapped as --x at address 0. On Falcon v5 CPUs its size is 0x367 bytes.
==== Initialization ====
The first instructions of the secure bootrom simply save each [[#REG0-REG15|GPR]] to the stack and check the contents of the [[#SEC|SEC SPR]].
==== Authentication ====
The main purpose of the secure bootrom is to authenticate the code pages marked as "secure". This is done by first extracting the base address and size of the region to authenticate from the [[#SEC|SEC SPR]], then calculating a signature over this region and finally comparing it to the value of the [[#SCP|SCP]] register $c6.
If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
Below is the authentication algorithm's pseudocode:
<syntaxhighlight>
...
// This runs in a loop for each 0x100 bytes page.
cs0begin 0x03
cxsin $c4
cenc $c3 $c5
cxor $c5 $c3
ckeyreg $c4
cxor $c5 $c5
cs0exec 0x11
...
// Use secret 0x01 as key and $c7 as seed.
csecret $c3 1
ckeyreg $c3
cenc $c3 $c7
ckeyreg $c3
cenc $c4 $c5
csigcmp $c4 $c6
...
</syntaxhighlight>
==== Decryption ====
If bit 17 is set in the [[#SEC|SEC SPR]], the secure bootrom will additionally attempt to decrypt the region to authenticate.
Below is the decryption algorithm's pseudocode:
<syntaxhighlight>
...
// Use secret 0x06 as key.
cs0begin 0x03
cxsin $c3
cdec $c4 $c3
cxsout $c4
csecret $c5 0x06
ckexp $c5 $c5
cs0exec 0x10
ckeyreg $c5
...
</syntaxhighlight>
==== Exit ====
The secure bootrom finishes by restoring each [[#REG0-REG15|GPR]] from stack and returning from the exception state. This will result in the authenticated code region being executed in HS mode until the current [[#PC|PC]] points to an address outside of the authenticated region. When this happens, each page from the authenticated region is automatically marked as invalid without any involvement of the secure bootrom, meaning that the secure bootrom is only invoked when entering HS mode.
== SCP ==
"SCP" (Secure Co-Processor) is a proprietary coprocessor which can be found inside every [[#Falcon|Falcon]] that supports [[#Secure BootROM|Heavy Secure Mode]]. On the Tegra X1 these are TSECA, TSECB, NVDEC and the GPU's PMU.
=== Hardware ===
SCP is subdivided into several specialized hardware blocks and interfaces.
==== LOAD ====
Block for handling memory reads from SCP to Falcon. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
==== STORE ====
Block for handling memory writes from Falcon to SCP. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
==== CMD ====
Block for translating Falcon crypto operands into SCP commands. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]]. The status of the current command is reported through register [[#TSEC_SCP_CMD|TSEC_SCP_CMD]].
==== SEQ ====
Block for recording and executing sequences of crypto operations in the form of macros.
Can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
==== CTL ====
Overseer block for controlling certain SCP features.
Can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
Registers [[#TSEC_SCP_CTL_STAT|TSEC_SCP_CTL_STAT]], [[#TSEC_SCP_CTL_LOCK|TSEC_SCP_CTL_LOCK]], [[#TSEC_SCP_CTL_SCP|TSEC_SCP_CTL_SCP]], [[#TSEC_SCP_CTL_PKEY|TSEC_SCP_CTL_PKEY]] and [[#TSEC_SCP_CTL_DBG|TSEC_SCP_CTL_DBG]] refer to this block.
==== AES ====
Block for providing AES-128-ECB functionality.
==== RNG ====
Block for encapsulating and controlling the internal random number generator.
Can be enabled or disabled by register [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]] and reports the status of the internal random number generator through registers [[#TSEC_SCP_RNG_STAT0|TSEC_SCP_RNG_STAT0]] and [[#TSEC_SCP_RNG_STAT1|TSEC_SCP_RNG_STAT1]].
===== RND =====
Internal random number generator.
Can be configured by the [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTLx]] registers.
=== Operations ===
{| class="wikitable" border="1"
! Opcode
! Name
! Operand0
! Operand1
! Operation
! Precondition
! Postcondition
|-
| 0 || nop || N/A || N/A || N/A || N/A || N/A
|-
| 1 || mov || $cX || $cY || <code><nowiki>$cX = $cY;</nowiki></code> || N/A || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 2 || xsin || $cX || N/A || <code><nowiki>$cX = read_from_stream();</nowiki></code> || N/A || <code><nowiki>ACL($cX) = is_mode_hs ? 0x3 : 0x1F;</nowiki></code>
|-
| 3 || xsout || $cX || N/A || <code><nowiki>write_to_stream($cX);</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0xA)))</nowiki></code> || N/A
|-
| 4 || [[#rnd|rnd]] || $cX || N/A || <code><nowiki>$cX = read_from_rnd();</nowiki></code> || N/A || <code><nowiki>ACL($cX) = is_mode_hs ? 0x3 : 0x1F;</nowiki></code>
|-
| 5 || s0begin || immX || N/A || <code><nowiki>record_macro_for_N_instructions(0, immX);</nowiki></code>|| N/A || N/A
|-
| 6 || s0exec || immX || N/A || <code><nowiki>execute_macro_N_times(0, immX);</nowiki></code> || N/A || N/A
|-
| 7 || s1begin || immX || N/A || <code><nowiki>record_macro_for_N_instructions(1, immX);</nowiki></code> || N/A || N/A
|-
| 8 || s1exec || immX || N/A || <code><nowiki>execute_macro_N_times(1, immX);</nowiki></code> || N/A || N/A
|-
| 9 || <invalid> || N/A || N/A || N/A || N/A || N/A
|-
| 0xA || [[#chmod|chmod]] || $cX || immY || <code><nowiki>ACL($cX) = immY;</nowiki></code> || See [[#ACLs|ACLs]] || N/A
|-
| 0xB || xor || $cX || $cY || <code><nowiki>$cX ^= $cY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0xC || add || $cX || immY || <code><nowiki>$cX += immY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A)))</nowiki></code> || N/A
|-
| 0xD || and || $cX || $cY || <code><nowiki>$cX &= $cY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0xE || rev || $cX || $cY || <code><nowiki>$cX = endian_swap128($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0xF || gfmul || $cX || $cY || <code><nowiki>$cX = gfmul($cY);</nowiki></code>|| <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0x10 || secret || $cX || immY || <code><nowiki>$cX = load_secret(immY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = load_secret_acl(immY);</nowiki></code>
|-
| 0x11 || keyreg || $cX || N/A || <code><nowiki>active_key = $cX;</nowiki></code> || N/A || N/A
|-
| 0x12 || kexp || $cX || $cY || <code><nowiki>$cX = aes_key_expand($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0x13 || krexp || $cX || $cY || <code><nowiki>$cX = aes_key_reverse_expand($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0x14 || enc || $cX || $cY || <code><nowiki>$cX = aes_enc(active_key, $cY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = (ACL(active_key) & ACL($cY));</nowiki></code>
|-
| 0x15 || dec || $cX || $cY || <code><nowiki>$cX = aes_dec(active_key, $cY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = (ACL(active_key) & ACL($cY));</nowiki></code>
|-
| 0x16 || [[#sigcmp|sigcmp]] || $cX || $cY || <code><nowiki>current_sig = memcmp($cX, $cY) ? NULL : $cX;</nowiki></code> || <code><nowiki>(is_mode_secure_bootrom && (ACL($cY) & 0x2))</nowiki></code> || <code><nowiki>is_mode_hs = has_sig = (current_sig != NULL);</nowiki></code>
|-
| 0x17 || sigenc || $cX || $cY || <code><nowiki>$cX = aes_enc($cY, current_sig);</nowiki></code> || <code><nowiki>(is_mode_hs && has_sig)</nowiki></code> || <code><nowiki>ACL($cX) = 0x3;</nowiki></code>
|-
| 0x18 || [[#sigclr|sigclr]] || N/A || N/A || <code><nowiki>current_sig = NULL;</nowiki></code> || <code><nowiki>(is_mode_hs && has_sig)</nowiki></code> || <code><nowiki>has_sig = false;</nowiki></code>
|}
==== rnd ====
<code>00000000: f5 3c 0X 90 crnd $cX</code>
This instruction initializes a crypto register with random data.
Executing this instruction only succeeds if the RNG controller is enabled for the SCP, which requires taking the following steps:
* Write 0x7FFF to [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTL0]].
* Write 0x3FF0000 to [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]].
* Write 0xFF00 to [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]].
* Write 0x1000 to [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]].
Otherwise it hangs forever.
==== chmod ====
<code>00000000: f5 3c XY a8 cchmod $cY 0X</code> or <code>00000000: f5 3c XY a9 cchmod $cY 1X</code>
This instruction takes a crypto register and a 5 bit immediate value which represents the [[#ACLs|ACLs]] mask to set.
==== sigcmp ====
<code>00000000: f5 3c XY d8 csigcmp $cY $cX</code>
Takes 2 crypto registers as operands and is automatically executed when jumping to a code region previously uploaded as secret. This instruction does not work in secure mode.
==== sigclr ====
<code>00000000: f5 3c 00 e0 csigclr</code>
This instruction takes no operands and clears the saved cauth signature used by the csigenc instruction.
=== ACLs ===
Each crypto register has an associated access control list with the following format:
{| class="wikitable" border="1"
! Bit
! Description
|-
|-
| 0xD || and || $cX || $cY || <code>$cX &= $cY;</code> || <code>(ACL(X) & 2) && (ACL(Y) & 2)</code>
| 0 || [[#Secure Keyable|Secure Keyable]]
|-
|-
| 0xE || rev || $cX || $cY || <code>$cX = endian_swap128($cY); ACL(X) = ACL(Y);</code> ||
| 1 || [[#Secure Readable|Secure Readable]]
|-
|-
| 0xF || gfmul || $cX || $cY || <code>$cX = gfmul($cY); ACL(X) = ACL(Y);</code> || <code>(ACL(Y) & 2)</code>
| 2 || [[#Insecure Keyable|Insecure Keyable]]
|-
|-
| 0x10 || secret || $cX || immY || <code>$cX = load_secret(immY); ACL(X) = load_secret_acl(immY);</code> ||
| 3 || [[#Insecure Readable|Insecure Readable]]
|-
|-
| 0x11 || keyreg || $cX || N/A || <code>active_key_idx = $cX;</code> ||
| 4 || [[#Insecure Writeable|Insecure Writeable]]
|}
|}
On boot, every crypto register has an ACL value of 0x1F.
In HS mode, [[#STORE|STORE]] can always write to a crypto register. In NS and LS modes, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.
In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS and LS modes, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.
Loading a secret into a crypto register sets a per-secret ACL, unconditionally.
==== rnd ====
==== Secure Keyable ====
Controls if a crypto register can be used as key in HS mode.
Forced set if the crypto register has [[#Secure Readable|Secure Readable]] access. Once cleared, this access mode cannot be set again.
==== Secure Readable ====
Controls if a crypto register can be read in HS mode.
Once cleared, this access mode cannot be set again.
=== ACLs ===
==== Insecure Keyable ====
Controls if a crypto register can be used as key in NS and LS modes.
Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access.
|-
|-
==== Insecure Readable ====
Controls if a crypto register can be read in NS and LS modes.
This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access.
==== Insecure Writeable ====
Controls if a crypto register can be written to in NS and LS modes.
This access mode has no effect in HS mode.
=== Secrets ===
=== Secrets ===
! Index || ACL || Description
! Index || ACL || Description
|-
|-
| 0x00 || 0x13 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
| 0x00 || 0x03 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
|-
|-
| 0x01 || 0x10 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm.
| 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm.
|-
|-
| 0x02 || 0x10 ||
| 0x02 || 0x00 ||
|-
|-
| 0x03 || 0x11 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x03 || 0x01 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x04 || 0x10 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x05 || 0x13 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
| 0x05 || 0x03 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
|-
|-
| 0x06 || 0x11 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).
| 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).
|-
|-
| 0x07 || 0x11 || Used by [6.0.0+] nvhost_tsec firmware.
| 0x07 || 0x01 || Used by [6.0.0+] nvhost_tsec firmware.
|-
|-
| 0x08 || 0x10 ||
| 0x08 || 0x00 ||
|-
|-
| 0x09 || 0x13 || Used by nvhost_tsec firmware.
| 0x09 || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x0A || 0x11 ||
| 0x0A || 0x01 ||
|-
|-
| 0x0B || 0x10 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x0C || 0x13 ||
| 0x0C || 0x03 ||
|-
|-
| 0x0D || 0x11 ||
| 0x0D || 0x01 ||
|-
|-
| 0x0E || 0x10 ||
| 0x0E || 0x00 ||
|-
|-
| 0x0F || 0x13 || Used by nvhost_tsec firmware.
| 0x0F || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x10 || 0x11 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
| 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
|-
|-
| 0x11 || 0x10 ||
| 0x11 || 0x00 ||
|-
|-
| 0x12 || 0x13 ||
| 0x12 || 0x03 ||
|-
|-
| 0x13 || 0x11 ||
| 0x13 || 0x01 ||
|-
|-
| 0x14 || 0x10 ||
| 0x14 || 0x00 ||
|-
|-
| 0x15 || 0x13 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
| 0x15 || 0x03 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
|-
|-
| 0x16 || 0x11 ||
| 0x16 || 0x01 ||
|-
|-
| 0x17 || 0x10 || Used by [11.0.0+] nvhost_tsec firmware.
| 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware.
|-
|-
| 0x18 || 0x13 ||
| 0x18 || 0x03 ||
|-
|-
| 0x19 || 0x11 ||
| 0x19 || 0x01 ||
|-
|-
| 0x1A || 0x10 ||
| 0x1A || 0x00 ||
|-
|-
| 0x1B || 0x13 ||
| 0x1B || 0x03 ||
|-
|-
| 0x1C || 0x11 ||
| 0x1C || 0x01 ||
|-
|-
| 0x1D || 0x10 ||
| 0x1D || 0x00 ||
|-
|-
| 0x1E || 0x13 ||
| 0x1E || 0x03 ||
|-
|-
| 0x1F || 0x11 ||
| 0x1F || 0x01 ||
|-
|-
| 0x20 || 0x10 ||
| 0x20 || 0x00 ||
|-
|-
| 0x21 || 0x13 ||
| 0x21 || 0x03 ||
|-
|-
| 0x22 || 0x11 ||
| 0x22 || 0x01 ||
|-
|-
| 0x23 || 0x10 ||
| 0x23 || 0x00 ||
|-
|-
| 0x24 || 0x13 ||
| 0x24 || 0x03 ||
|-
|-
| 0x25 || 0x11 ||
| 0x25 || 0x01 ||
|-
|-
| 0x26 || 0x10 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]
| 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]
|-
|-
| 0x27 || 0x13 ||
| 0x27 || 0x03 ||
|-
|-
| 0x28 || 0x11 ||
| 0x28 || 0x01 ||
|-
|-
| 0x29 || 0x10 ||
| 0x29 || 0x00 ||
|-
|-
| 0x2A || 0x13 ||
| 0x2A || 0x03 ||
|-
|-
| 0x2B || 0x11 ||
| 0x2B || 0x01 ||
|-
|-
| 0x2C || 0x10 ||
| 0x2C || 0x00 ||
|-
|-
| 0x2D || 0x13 ||
| 0x2D || 0x03 ||
|-
|-
| 0x2E || 0x11 ||
| 0x2E || 0x01 ||
|-
|-
| 0x2F || 0x10 ||
| 0x2F || 0x00 ||
|-
|-
| 0x30 || 0x13 ||
| 0x30 || 0x03 ||
|-
|-
| 0x31 || 0x11 ||
| 0x31 || 0x01 ||
|-
|-
| 0x32 || 0x10 ||
| 0x32 || 0x00 ||
|-
|-
| 0x33 || 0x13 ||
| 0x33 || 0x03 ||
|-
|-
| 0x34 || 0x11 ||
| 0x34 || 0x01 ||
|-
|-
| 0x35 || 0x10 ||
| 0x35 || 0x00 ||
|-
|-
| 0x36 || 0x13 ||
| 0x36 || 0x03 ||
|-
|-
| 0x37 || 0x11 ||
| 0x37 || 0x01 ||
|-
|-
| 0x38 || 0x10 ||
| 0x38 || 0x00 ||
|-
|-
| 0x39 || 0x13 ||
| 0x39 || 0x03 ||
|-
|-
| 0x3A || 0x11 ||
| 0x3A || 0x01 ||
|-
|-
| 0x3B || 0x10 ||
| 0x3B || 0x00 ||
|-
|-
| 0x3C || 0x13 || Used by nvhost_tsec firmware.
| 0x3C || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x3D || 0x11 ||
| 0x3D || 0x01 ||
|-
|-
| 0x3E || 0x10 ||
| 0x3E || 0x00 ||
|-
|-
| 0x3F || 0x10 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x3F || 0x00 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|}
|}