Changes

14,191 bytes added , 21:34, 24 September 2022

no edit summary

Line 8: Line 8:

* 0x54500000 to 0x54501000: THI (Tegra Host Interface)

* 0x54501000 to 0x54501400: [[#Falcon|FALCON (Falcon microcontroller)]]

−

* 0x54501400 to 0x54501600: [[#SCP|SCP (Secure ~~Co-processor~~)]]

+

* 0x54501400 to 0x54501600: [[#SCP|SCP (Secure coprocessor)]]

* 0x54501600 to 0x54501680: TFBIF (Tegra Framebuffer Interface)

* 0x54501680 to 0x54501700: CG (Clock Gate)

Line 49: Line 49:

| [[#TSEC_THI_CONT_SYNCPT_L1|TSEC_THI_CONT_SYNCPT_L1]]

| 0x5450002C

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_THI_STREAMID0|TSEC_THI_STREAMID0]]~~

−

~~| 0x54500030~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_THI_STREAMID1|TSEC_THI_STREAMID1]]~~

−

~~| 0x54500034~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_THI_THI_SEC|TSEC_THI_THI_SEC]]~~

−

~~| 0x54500038~~

| 0x04

|-

Line 307: Line 295:

| 0x04

|-

−

| ~~TSEC_FALCON_UNK_E0~~

+

| [[#TSEC_FALCON_SIRQMASK|TSEC_FALCON_SIRQMASK]]

| 0x545010E0

| 0x04

Line 547: Line 535:

| 0x04

|-

−

| [[#~~TSEC_FALCON_SSTAT~~|~~TSEC_FALCON_SSTAT~~]]

+

| [[#TSEC_FALCON_SERRSTAT|TSEC_FALCON_SERRSTAT]]

| 0x54501244

| 0x04

|-

−

| ~~TSEC_FALCON_UNK_250~~

+

| [[#TSEC_FALCON_SERRVAL|TSEC_FALCON_SERRVAL]]

+

| 0x54501248

+

| 0x04

+

|-

+

| [[#TSEC_FALCON_SERRADDR|TSEC_FALCON_SERRADDR]]

+

| 0x5450124C

+

| 0x04

+

|-

+

| [[#TSEC_FALCON_SCTL1|TSEC_FALCON_SCTL1]]

| 0x54501250

| 0x04

|-

−

| ~~TSEC_FALCON_UNK_260~~

+

| [[#TSEC_FALCON_STEST|TSEC_FALCON_STEST]]

+

| 0x54501258

+

| 0x04

+

|-

+

| [[#TSEC_FALCON_SICD|TSEC_FALCON_SICD]]

| 0x54501260

| 0x04

Line 719: Line 719:

| 0x04

|-

−

| [[#TSEC_SCP_RND_CTL1|~~TSEC_RND_SCP_CTL1~~]]

+

| [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]]

| 0x54501504

| 0x04

|-

−

| TSEC_SCP_RND_CTL2

+

| [[#TSEC_SCP_RND_CTL2|TSEC_SCP_RND_CTL2]]

| 0x54501508

| 0x04

|-

−

| TSEC_SCP_RND_CTL3

+

| [[#TSEC_SCP_RND_CTL3|TSEC_SCP_RND_CTL3]]

| 0x5450150C

| 0x04

|-

−

| TSEC_SCP_RND_CTL4

+

| [[#TSEC_SCP_RND_CTL4|TSEC_SCP_RND_CTL4]]

| 0x54501510

| 0x04

|-

−

| TSEC_SCP_RND_CTL5

+

| [[#TSEC_SCP_RND_CTL5|TSEC_SCP_RND_CTL5]]

| 0x54501514

| 0x04

|-

−

| TSEC_SCP_RND_CTL6

+

| [[#TSEC_SCP_RND_CTL6|TSEC_SCP_RND_CTL6]]

| 0x54501518

| 0x04

|-

−

| TSEC_SCP_RND_CTL7

+

| [[#TSEC_SCP_RND_CTL7|TSEC_SCP_RND_CTL7]]

| 0x5450151C

| 0x04

|-

−

| TSEC_SCP_RND_CTL8

+

| [[#TSEC_SCP_RND_CTL8|TSEC_SCP_RND_CTL8]]

| 0x54501520

| 0x04

|-

−

| TSEC_SCP_RND_CTL9

+

| [[#TSEC_SCP_RND_CTL9|TSEC_SCP_RND_CTL9]]

| 0x54501524

| 0x04

|-

−

| TSEC_SCP_RND_CTL10

+

| [[#TSEC_SCP_RND_CTL10|TSEC_SCP_RND_CTL10]]

| 0x54501528

| 0x04

|-

−

| TSEC_SCP_RND_CTL11

+

| [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]]

| 0x5450152C

| 0x04

Line 809: Line 809:

| [[#TSEC_TFBIF_DBG_R128COUNT|TSEC_TFBIF_DBG_R128COUNT]]

| 0x5450162C

−

~~| 0x04~~

−

|-

−

~~| TSEC_TFBIF_UNK_30~~

−

~~| 0x54501630~~

| 0x04

|-

| [[#TSEC_TFBIF_MCCIF_FIFOCTRL1|TSEC_TFBIF_MCCIF_FIFOCTRL1]]

| 0x54501634

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_WRR_RDP|TSEC_TFBIF_WRR_RDP]]~~

−

~~| 0x54501638~~

| 0x04

|-

Line 833: Line 825:

| [[#TSEC_TFBIF_REGIONCFG|TSEC_TFBIF_REGIONCFG]]

| 0x54501648

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_ACTMON_ACTIVE_MASK|TSEC_TFBIF_ACTMON_ACTIVE_MASK]]~~

−

~~| 0x5450164C~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_ACTMON_ACTIVE_BORPS|TSEC_TFBIF_ACTMON_ACTIVE_BORPS]]~~

−

~~| 0x54501650~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT|TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT]]~~

−

~~| 0x54501654~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_ACTMON_MCB_MASK|TSEC_TFBIF_ACTMON_MCB_MASK]]~~

−

~~| 0x54501660~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_ACTMON_MCB_BORPS|TSEC_TFBIF_ACTMON_MCB_BORPS]]~~

−

~~| 0x54501664~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_ACTMON_MCB_WEIGHT|TSEC_TFBIF_ACTMON_MCB_WEIGHT]]~~

−

~~| 0x54501668~~

−

~~| 0x04~~

−

|-

−

~~| [[#TSEC_TFBIF_THI_TRANSPROP|TSEC_TFBIF_THI_TRANSPROP]]~~

−

~~| 0x54501670~~

| 0x04

|-

Line 883: Line 847:

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_00~~

+

| [[#TSEC_VERSION|TSEC_VERSION]]

| 0x54501800

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_04~~

+

| [[#TSEC_SCRATCH0|TSEC_SCRATCH0]]

| 0x54501804

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_08~~

+

| [[#TSEC_SCRATCH1|TSEC_SCRATCH1]]

| 0x54501808

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_0C~~

+

| [[#TSEC_SCRATCH2|TSEC_SCRATCH2]]

| 0x5450180C

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_10~~

+

| [[#TSEC_SCRATCH3|TSEC_SCRATCH3]]

| 0x54501810

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_14~~

+

| [[#TSEC_SCRATCH4|TSEC_SCRATCH4]]

| 0x54501814

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_18~~

+

| [[#TSEC_SCRATCH5|TSEC_SCRATCH5]]

| 0x54501818

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_1C~~

+

| [[#TSEC_SCRATCH6|TSEC_SCRATCH6]]

| 0x5450181C

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_20~~

+

| [[#TSEC_SCRATCH7|TSEC_SCRATCH7]]

| 0x54501820

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_24~~

+

| [[#TSEC_GPTMRINT|TSEC_GPTMRINT]]

| 0x54501824

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_28~~

+

| [[#TSEC_GPTMRVAL|TSEC_GPTMRVAL]]

| 0x54501828

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_2C~~

+

| [[#TSEC_GPTMRCTL|TSEC_GPTMRCTL]]

| 0x5450182C

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_30~~

+

| [[#TSEC_ITFEN|TSEC_ITFEN]]

| 0x54501830

| 0x04

|-

−

| ~~TSEC_TEGRA_UNK_34~~

+

| [[#TSEC_ITFSTAT|TSEC_ITFSTAT]]

| 0x54501834

| 0x04

Line 1,079: Line 1,043:

|}

−

=== ~~TSEC_THI_STREAMID0~~ ===

+

=== TSEC_THI_METHOD0 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-6

+

| 0-11

−

| ~~TSEC_THI_STREAMID0_ID~~

+

| TSEC_THI_METHOD0_OFFSET

|}

−

~~=== TSEC_THI_STREAMID1 ===~~

+

Used to encode and send a method's ID over HOST1X to TSEC. This register mirrors the functionality of HOST1X's channel opcode submission.

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

−

|-

−

~~| 0-6~~

−

~~| TSEC_THI_STREAMID1_ID~~

−

|}

−

~~=== TSEC_THI_THI_SEC ===~~

+

The following methods are available:

{| class="wikitable" border="1"

−

! ~~Bits~~

+

! ID

−

! ~~Description~~

+

! Method

|-

−

~~| 0~~

+

| 0x100

−

~~| TSEC_THI_THI_SEC_TZ_LOCK~~

−

|-

−

~~| 4~~

−

~~| TSEC_THI_THI_SEC_TZ_AUTH~~

−

|-

−

~~| 8~~

−

~~| TSEC_THI_THI_SEC_CH_LOCK~~

−

|}

−

~~=== TSEC_THI_METHOD0 ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

−

|-

−

~~| 0-11~~

−

~~| TSEC_THI_METHOD0_OFFSET~~

−

|}

−

~~Used to encode and send a method's ID over HOST1X to TSEC. This register mirrors the functionality of HOST1X's channel opcode submission.~~

−

~~The following methods are available:~~

−

~~{| class="wikitable" border="1"~~

−

~~! ID~~

−

~~! Method~~

−

|-

−

| 0x100

| NOP

|-

Line 1,150: Line 1,081:

|-

| 0x24C

−

|

+

| CTX_SAVE_AREA

|-

| 0x250

−

|

+

| CTX_SWITCH

|-

| 0x300

Line 1,252: Line 1,183:

|-

| 0x578

−

|

+

| HDCP_GET_CURRENT_RESOLUTION

|-

| 0x57C

−

|

+

| HDCP_GET_CURRENT_VERSION

|-

| 0x700

Line 2,058: Line 1,989:

| 16

| TSEC_FALCON_DEBUG1_CTXSW_MODE

−

|-

−

~~| 17~~

−

~~| TSEC_FALCON_DEBUG1_TRACE_FORMAT~~

|}

Line 2,152: Line 2,080:

| 0-4

| TSEC_FALCON_PMM_FALCON_STALL_SEL

+

0x00: ANY

+

0x01: CODE

+

0x02: DMAQ

+

0x03: DMFENCE

+

0x04: DMWAIT

+

0x05: IMWAIT

+

0x06: IPND

+

0x07: LDSTQ

+

0x08: SB

+

0x09: ANY_SC

+

0x0A: CODE_SC

+

0x0B: DMAQ_SC

+

0x0C: DMFENCE_SC

+

0x0D: DMWAIT_SC

+

0x0E: IMWAIT_SC

+

0x0F: IPND_SC

+

0x10: LDSTQ_SC

+

0x11: SB_SC

|-

| 5-7

| TSEC_FALCON_PMM_FALCON_IDLE_SEL

+

0x00: WAITING

+

0x01: ENG_IDLE

+

0x02: MTHD_FULL

+

0x03: WAITING_SC

+

0x04: ENG_IDLE_SC

+

0x05: MTHD_FULL_SC

|-

| 8-11

| TSEC_FALCON_PMM_FALCON_SOFTPM0_SEL

+

0x00: 0

+

0x01: 1

+

0x02: 2

+

0x03: 3

+

0x04: 4

+

0x05: 5

+

0x06: 0_SC

+

0x07: 1_SC

+

0x08: 2_SC

+

0x09: 3_SC

+

0x0A: 4_SC

+

0x0B: 5_SC

|-

| 12-15

| TSEC_FALCON_PMM_FALCON_SOFTPM1_SEL

+

0x00: 0

|-

| 17-19

| TSEC_FALCON_PMM_TFBIF_DSTAT_SEL

+

0x00: 1KTRANSFER

+

0x01: RREQ

+

0x02: WREQ

+

0x03: TWREQ

+

0x04: 1KTRANSFER_SC

+

0x05: RREQ_SC

+

0x06: WREQ_SC

+

0x07: TWREQ_SC

|-

| 20-23

| TSEC_FALCON_PMM_TFBIF_STALL0_SEL

+

0x00: RDATQ_FULL

+

0x01: RACKQ_FULL

+

0x02: WREQQ_FULL

+

0x03: WDATQ_FULL

+

0x04: WACKQ_FULL

+

0x05: MREQQ_FULL

+

0x06: RREQ_PEND

+

0x07: WREQ_PEND

+

0x08: RDATQ_FULL_SC

+

0x09: RACKQ_FULL_SC

+

0x0A: WREQQ_FULL_SC

+

0x0B: WDATQ_FULL_SC

+

0x0C: WACKQ_FULL_SC

+

0x0D: MREQQ_FULL_SC

+

0x0E: RREQ_PEND_SC

+

0x0F: WREQ_PEND_SC

|-

| 24-27

| TSEC_FALCON_PMM_TFBIF_STALL1_SEL

+

0x00: RDATQ_FULL

|-

| 28-31

| TSEC_FALCON_PMM_TFBIF_STALL2_SEL

+

0x00: RDATQ_FULL

|}

Line 2,278: Line 2,269:

=== TSEC_FALCON_RSTAT3 ===

Mirror of the [[#TSEC_FALCON_ICD_RDATA|ICD status register 3]].

+

=== TSEC_FALCON_SIRQMASK ===

+

Unofficial name.

+

Same as [[#TSEC_FALCON_IRQMASK|TSEC_FALCON_IRQMASK]], but for LS mode.

=== TSEC_FALCON_CPUCTL ===

Line 2,751: Line 2,747:

|}

−

=== ~~TSEC_FALCON_IMEMC0~~ ===

+

=== TSEC_FALCON_IMEMC ===

{| class="wikitable" border="1"

! Bits

Line 2,783: Line 2,779:

Used for configuring access to Falcon's IMEM.

−

=== ~~TSEC_FALCON_IMEMD0~~ ===

+

=== TSEC_FALCON_IMEMD ===

{| class="wikitable" border="1"

! Bits

Line 2,794: Line 2,790:

Returns or takes the value for an IMEM read/write operation.

−

=== ~~TSEC_FALCON_IMEMT0~~ ===

+

=== TSEC_FALCON_IMEMT ===

{| class="wikitable" border="1"

! Bits

Line 2,805: Line 2,801:

Returns or takes the virtual page index for an IMEM read/write operation.

−

=== ~~TSEC_FALCON_DMEMC0~~ ===

+

=== TSEC_FALCON_DMEMC ===

{| class="wikitable" border="1"

! Bits

Line 2,825: Line 2,821:

Used for configuring access to Falcon's DMEM.

−

=== ~~TSEC_FALCON_DMEMD0~~ ===

+

=== TSEC_FALCON_DMEMD ===

{| class="wikitable" border="1"

! Bits

Line 3,242: Line 3,238:

! Description

|-

−

| 0-1

+

| 0

−

| ~~TSEC_FALCON_SCTL_SEC_MODE~~

+

| TSEC_FALCON_SCTL_LSMODE

−

~~0: Non~~-~~secure~~

+

|-

−

1~~: Light Secure~~

+

| 1

−

~~2: Heavy Secure~~

+

| TSEC_FALCON_SCTL_HSMODE

|-

| 4-5

−

| ~~Previous security mode~~

+

| Current access level

−

~~0: Non~~-~~secure~~

+

|-

−

~~1: Light Secure~~

+

| 8-9

−

~~2: Heavy Secure~~

+

| Unknown access level

+

|-

+

| 12

+

| Unknown

|-

−

| ~~12-~~13

+

| 13

| Unknown

|-

Line 3,261: Line 3,260:

|}

−

=== ~~TSEC_FALCON_SSTAT~~ ===

+

=== TSEC_FALCON_SERRSTAT ===

{| class="wikitable" border="1"

! Bits

! Description

+

|-

+

| 0-23

+

| Unknown

+

|-

+

| 30

+

| Unknown

|-

| 31

Line 3,270: Line 3,275:

|}

−

=== ~~TSEC_FALCON_SPROT_IMEM~~ ===

+

Unofficial name.

+

Used for detecting invalid CSB accesses in LS mode.

+

=== TSEC_FALCON_SERRVAL ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-31

−

| ~~Read access level~~

+

| Error code

−

|-

−

~~| 4-7~~

−

~~| Write access level~~

|}

−

~~Controls accesses to Falcon IMEM~~.

+

Unofficial name.

−

=== ~~TSEC_FALCON_SPROT_DMEM~~ ===

+

=== TSEC_FALCON_SERRADDR ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-31

−

| ~~Read access level~~

+

| Error address

−

|-

−

~~| 4-7~~

−

~~| Write access level~~

|}

−

~~Controls accesses to Falcon DMEM~~.

+

Unofficial name.

−

=== ~~TSEC_FALCON_SPROT_CPUCTL~~ ===

+

=== TSEC_FALCON_SCTL1 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-1

−

| ~~Read~~ access level

+

| CSB access level

|-

−

| 4-7

+

| 2-3

−

| ~~Write~~ access level

+

| Unknown access level

|}

−

~~Controls accesses to the [[#TSEC_FALCON_CPUCTL|TSEC_FALCON_CPUCTL]] register~~.

+

Unofficial name.

−

=== ~~TSEC_FALCON_SPROT_MISC~~ ===

+

=== TSEC_FALCON_STEST ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-31

−

| ~~Read access level~~

+

| Unknown

−

|-

−

~~| 4-7~~

−

~~| Write access level~~

|}

−

~~Controls accesses~~ to ~~the following~~ registers:

+

Unofficial name.

−

* [[#TSEC_FALCON_PRIVSTATE|~~TSEC_FALCON_PRIVSTATE]]~~

+

−

* [[#TSEC_FALCON_SFTRESET|~~TSEC_FALCON_SFTRESET]]~~

+

=== TSEC_FALCON_SICD ===

−

* [[#TSEC_FALCON_ADDR|~~TSEC_FALCON_ADDR]]~~

+

{| class="wikitable" border="1"

−

* [[#TSEC_FALCON_DMACTL|~~TSEC_FALCON_DMACTL]]~~

+

! Bits

−

* [[#TSEC_FALCON_IMCTL|~~TSEC_FALCON_IMCTL]]~~

+

! Description

−

* [[#TSEC_FALCON_IMSTAT|~~TSEC_FALCON_IMSTAT]]~~

+

|-

−

* TSEC_FALCON_UNK_250

+

| 0

−

* [[#TSEC_FALCON_DMAINFO_CTL|TSEC_FALCON_DMAINFO_CTL]]

+

| Enable access to ICD command STOP

+

|-

+

| 1

+

| Enable access to ICD command RUN

+

|-

+

| 2

+

| Enable access to ICD command RUNB

+

|-

+

| 3

+

| Enable access to ICD command STEP

+

|-

+

| 4

+

| Enable access to ICD command EMASK

+

|-

+

| 5

+

| Enable access to ICD command RREG (only for SPRs)

+

|-

+

| 6

+

| Enable access to ICD command RSTAT

+

|-

+

| 7

+

| Enable access to IBRKPT registers

+

|-

+

| 8

+

| Enable access to ICD command RREG (only for GPRs)

+

|-

+

| 9

+

| Enable access to ICD command RDM

+

|}

+

Unofficial name.

+

Controls access to the ICD in LS mode.

−

=== ~~TSEC_FALCON_SPROT_IRQ~~ ===

+

=== TSEC_FALCON_SPROT_IMEM ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-2

| Read access level

|-

−

| 4-7

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

| Write access level

+

|-

+

| 7

+

| Set on memory write access violation

|}

−

Controls accesses to ~~the following registers:~~

+

Unofficial name.

−

* [[#TSEC_FALCON_IRQMODE|TSEC_FALCON_IRQMODE]]

+

−

* [[#TSEC_FALCON_IRQMSET|TSEC_FALCON_IRQMSET]]

+

Controls accesses to Falcon IMEM.

−

* [[#TSEC_FALCON_IRQMCLR|TSEC_FALCON_IRQMCLR]]

+

−

* [[#TSEC_FALCON_IRQDEST|TSEC_FALCON_IRQDEST]]

+

=== TSEC_FALCON_SPROT_DMEM ===

−

* [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]]

−

* [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]]

−

* [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]]

−

* [[#TSEC_FALCON_IRQDEST2|TSEC_FALCON_IRQDEST2]]

−

* TSEC_FALCON_UNK_E0

−

=== ~~TSEC_FALCON_SPROT_MTHD~~ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-2

| Read access level

|-

−

| 4-7

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

| Write access level

+

|-

+

| 7

+

| Set on memory write access violation

|}

−

Controls accesses to ~~the following registers:~~

+

Unofficial name.

−

* [[#TSEC_FALCON_ITFEN|TSEC_FALCON_ITFEN]]

+

−

* [[#TSEC_FALCON_CURCTX|TSEC_FALCON_CURCTX]]

+

Controls accesses to Falcon DMEM.

−

* [[#TSEC_FALCON_NXTCTX|TSEC_FALCON_NXTCTX]]

−

* [[#TSEC_FALCON_CTXACK|TSEC_FALCON_CTXACK]]

−

* [[#TSEC_FALCON_MTHDDATA|TSEC_FALCON_MTHDDATA]]

−

* [[#TSEC_FALCON_MTHDID|TSEC_FALCON_MTHDID]]

−

* [[#TSEC_FALCON_MTHDWDAT|TSEC_FALCON_MTHDWDAT]]

−

* [[#TSEC_FALCON_MTHDCOUNT|TSEC_FALCON_MTHDCOUNT]]

−

* [[#TSEC_FALCON_MTHDPOP|TSEC_FALCON_MTHDPOP]]

−

* [[#TSEC_FALCON_MTHDRAMSZ|TSEC_FALCON_MTHDRAMSZ]]

−

* [[#TSEC_FALCON_DEBUG1|TSEC_FALCON_DEBUG1]]

−

=== ~~TSEC_FALCON_SPROT_SCTL~~ ===

+

=== TSEC_FALCON_SPROT_CPUCTL ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-2

| Read access level

|-

−

| 4-7

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

| Write access level

+

|-

+

| 7

+

| Set on memory write access violation

|}

−

~~Controls accesses to the [[#TSEC_FALCON_SCTL|TSEC_FALCON_SCTL]] register~~.

+

Unofficial name.

−

=== ~~TSEC_FALCON_SPROT_WDTMR~~ ===

+

Controls accesses to the [[#TSEC_FALCON_CPUCTL|TSEC_FALCON_CPUCTL]] register.

+

=== TSEC_FALCON_SPROT_MISC ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0-2

| Read access level

|-

−

| 4-7

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

| Write access level

+

|-

+

| 7

+

| Set on memory write access violation

|}

+

Unofficial name.

Controls accesses to the following registers:

−

* [[#~~TSEC_FALCON_WDTMRVAL~~|~~TSEC_FALCON_WDTMRVAL~~]]

+

* [[#TSEC_FALCON_PRIVSTATE|TSEC_FALCON_PRIVSTATE]]

−

* [[#~~TSEC_FALCON_WDTMRCTL~~|~~TSEC_FALCON_WDTMRCTL~~]]

+

* [[#TSEC_FALCON_SFTRESET|TSEC_FALCON_SFTRESET]]

+

* [[#TSEC_FALCON_ADDR|TSEC_FALCON_ADDR]]

+

* [[#TSEC_FALCON_DMACTL|TSEC_FALCON_DMACTL]]

+

* [[#TSEC_FALCON_IMCTL|TSEC_FALCON_IMCTL]]

+

* [[#TSEC_FALCON_IMSTAT|TSEC_FALCON_IMSTAT]]

+

* [[#TSEC_FALCON_SCTL1|TSEC_FALCON_SCTL1]]

+

* [[#TSEC_FALCON_DMAINFO_CTL|TSEC_FALCON_DMAINFO_CTL]]

−

=== ~~TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW~~ ===

+

=== TSEC_FALCON_SPROT_IRQ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0-2

−

| ~~TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW_VAL~~

+

| Read access level

−

|}

+

|-

−

+

| 3

−

~~=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH ===~~

+

| Set on memory read access violation

−

{| ~~class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| 0-30

+

| 4-6

−

| ~~TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL~~

+

| Write access level

|-

−

| 31

+

| 7

−

| ~~TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT~~

+

| Set on memory write access violation

|}

−

~~=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW ===~~

+

Unofficial name.

−

{| ~~class="wikitable" border="1"~~

+

−

~~! Bits~~

+

Controls accesses to the following registers:

−

~~! Description~~

+

* [[#TSEC_FALCON_IRQMODE|TSEC_FALCON_IRQMODE]]

−

|-

+

* [[#TSEC_FALCON_IRQMSET|TSEC_FALCON_IRQMSET]]

−

| ~~0-31~~

+

* [[#TSEC_FALCON_IRQMCLR|TSEC_FALCON_IRQMCLR]]

−

| ~~TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL~~

+

* [[#TSEC_FALCON_IRQDEST|TSEC_FALCON_IRQDEST]]

−

|}

+

* [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]]

+

* [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]]

+

* [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]]

+

* [[#TSEC_FALCON_IRQDEST2|TSEC_FALCON_IRQDEST2]]

+

* [[#TSEC_FALCON_SIRQMASK|TSEC_FALCON_SIRQMASK]]

−

=== ~~TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH~~ ===

+

=== TSEC_FALCON_SPROT_MTHD ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-30

+

| 0-2

−

| ~~TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL~~

+

| Read access level

+

|-

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

+

| Write access level

|-

−

| 31

+

| 7

−

| ~~TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT~~

+

| Set on memory write access violation

|}

−

=== ~~TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW~~ ===

+

Unofficial name.

+

Controls accesses to the following registers:

+

* [[#TSEC_FALCON_ITFEN|TSEC_FALCON_ITFEN]]

+

* [[#TSEC_FALCON_CURCTX|TSEC_FALCON_CURCTX]]

+

* [[#TSEC_FALCON_NXTCTX|TSEC_FALCON_NXTCTX]]

+

* [[#TSEC_FALCON_CTXACK|TSEC_FALCON_CTXACK]]

+

* [[#TSEC_FALCON_MTHDDATA|TSEC_FALCON_MTHDDATA]]

+

* [[#TSEC_FALCON_MTHDID|TSEC_FALCON_MTHDID]]

+

* [[#TSEC_FALCON_MTHDWDAT|TSEC_FALCON_MTHDWDAT]]

+

* [[#TSEC_FALCON_MTHDCOUNT|TSEC_FALCON_MTHDCOUNT]]

+

* [[#TSEC_FALCON_MTHDPOP|TSEC_FALCON_MTHDPOP]]

+

* [[#TSEC_FALCON_MTHDRAMSZ|TSEC_FALCON_MTHDRAMSZ]]

+

* [[#TSEC_FALCON_DEBUG1|TSEC_FALCON_DEBUG1]]

+

=== TSEC_FALCON_SPROT_SCTL ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0-2

−

| ~~TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL~~

+

| Read access level

+

|-

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

+

| Write access level

+

|-

+

| 7

+

| Set on memory write access violation

|}

−

=== ~~TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH~~ ===

+

Unofficial name.

+

Controls accesses to the [[#TSEC_FALCON_SCTL|TSEC_FALCON_SCTL]] register.

+

=== TSEC_FALCON_SPROT_WDTMR ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-30

+

| 0-2

−

| ~~TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL~~

+

| Read access level

+

|-

+

| 3

+

| Set on memory read access violation

+

|-

+

| 4-6

+

| Write access level

|-

−

| 31

+

| 7

−

| ~~TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT~~

+

| Set on memory write access violation

|}

−

=== ~~TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW~~ ===

+

Unofficial name.

+

Controls accesses to the following registers:

+

* [[#TSEC_FALCON_WDTMRVAL|TSEC_FALCON_WDTMRVAL]]

+

* [[#TSEC_FALCON_WDTMRCTL|TSEC_FALCON_WDTMRCTL]]

+

=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW ===

{| class="wikitable" border="1"

! Bits

Line 3,481: Line 3,578:

|-

| 0-31

−

| ~~TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL~~

+

| TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW_VAL

|}

−

=== ~~TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH~~ ===

+

=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH ===

{| class="wikitable" border="1"

! Bits

Line 3,490: Line 3,587:

|-

| 0-30

−

| ~~TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL~~

+

| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL

|-

| 31

−

| ~~TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT~~

+

| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT

|}

−

=== ~~TSEC_FALCON_DMAINFO_CTL~~ ===

+

=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-31

−

~~| TSEC_FALCON_DMAINFO_CTL_CLR_FBRD~~

+

| TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL

−

|-

−

| 1

−

~~| TSEC_FALCON_DMAINFO_CTL_CLR_FBWR~~

|}

−

=== ~~TSEC_SCP_CTL0~~ ===

+

=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 10

+

| 0-30

−

| ~~Enable the LOAD interface~~

+

| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL

|-

−

| 12

+

| 31

−

| ~~Enable the STORE interface~~

+

| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT

−

|-

−

~~| 14~~

−

~~| Enable the CMD interface~~

−

|-

−

~~| 16~~

−

~~| Enable the SEQ controller~~

−

|-

−

~~| 20~~

−

~~| Enable the [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register~~

|}

−

=== ~~TSEC_SCP_CTL1~~ ===

+

=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-31

−

~~| Flush the SEQ controller~~

+

| TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL

−

|-

−

| 8

−

~~| Unknown~~

−

|-

−

~~| 11~~

−

~~| Enable RNG test mode~~

−

|-

−

~~| 12~~

−

~~| Enable the RNG controller~~

−

|-

−

~~| 16~~

−

~~| Enable LOAD interface dummy mode (all reads return 0)~~

−

|-

−

~~| 20~~

−

~~| Enable LOAD interface bypassing (all reads are dropped)~~

−

|-

−

~~| 24~~

−

~~| Enable STORE interface bypassing (all writes are dropped)~~

|}

−

=== ~~TSEC_SCP_CTL_STAT~~ ===

+

=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 20

+

| 0-30

−

| ~~TSEC_SCP_CTL_STAT_DEBUG_MODE~~

+

| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL

+

|-

+

| 31

+

| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT

|}

−

=== ~~TSEC_SCP_CTL_LOCK~~ ===

+

=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-31

−

| ~~Enable lockdown mode~~

+

| TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL

+

|}

+

=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 1

+

| 0-30

−

| ~~Unknown~~

+

| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL

|-

−

| 2

+

| 31

−

| ~~Unknown~~

+

| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT

−

|-

−

~~| 3~~

−

~~| Unknown~~

−

|-

−

~~| 4~~

−

~~| Lock the SCP~~

−

|-

−

~~| 5~~

−

~~| Unknown~~

−

|-

−

~~| 6~~

−

~~| Unknown~~

−

|-

−

~~| 7~~

−

~~| Unknown~~

|}

−

~~Controls lockdown mode and can only be cleared in Heavy Secure mode.~~

+

=== TSEC_FALCON_DMAINFO_CTL ===

−

=== ~~TSEC_SCP_CFG~~ ===

{| class="wikitable" border="1"

! Bits

Line 3,603: Line 3,662:

|-

| 0

−

| ~~Unknown~~

+

| TSEC_FALCON_DMAINFO_CTL_CLR_FBRD

|-

| 1

−

| ~~Unknown~~

+

| TSEC_FALCON_DMAINFO_CTL_CLR_FBWR

−

|-

+

|}

−

| 2

+

−

~~| Unknown~~

+

=== TSEC_SCP_CTL0 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 3

+

| 10

−

| ~~Unknown~~

+

| Enable [[#LOAD|Falcon<->LOAD]] interface

|-

−

| 4

+

| 12

−

| ~~Unknown~~

+

| Enable [[#STORE|Falcon<->STORE]] interface

|-

−

| 8

+

| 14

−

| ~~Flush the~~ CMD interface

+

| Enable [[#CMD|Falcon<->CMD]] interface

|-

−

| ~~12-13~~

+

| 16

−

| ~~Carry chain size~~

+

| Enable [[#SEQ|SEQ]]

−

~~0: 32 bits~~

−

~~1: 64 bits~~

−

~~2: 96 bits~~

−

~~3: 128 bits~~

|-

−

| ~~16-31~~

+

| 20

−

| ~~Timeout value~~

+

| Enable [[#CTL|CTL]]

|}

−

=== ~~TSEC_SCP_CTL_SCP~~ ===

+

Unofficial name.

+

=== TSEC_SCP_CTL1 ===

{| class="wikitable" border="1"

! Bits

Line 3,637: Line 3,697:

|-

| 0

−

| ~~Swap~~ SCP ~~master~~

+

| Clear [[#SEQ|SEQ]]

+

|-

+

| 8

+

| Clear [[#SCP|SCP]]'s internal pipeline

+

|-

+

| 11

+

| Enable [[#RNG|RNG]]'s test mode

+

|-

+

| 12

+

| Enable [[#RNG|RNG]]

+

|-

+

| 16

+

| Enable [[#LOAD|Falcon<->LOAD]] interface's dummy mode (all reads return 0)

+

|-

+

| 20

+

| Enable [[#LOAD|Falcon<->LOAD]] interface bypassing (all reads are dropped)

|-

−

| 1

+

| 24

−

| ~~Current SCP master~~

+

| Enable [[#STORE|Falcon<->STORE]] interface bypassing (all writes are dropped)

−

0: Falcon

−

~~1: External~~

|}

−

=== ~~TSEC_SCP_CTL_PKEY~~ ===

+

Unofficial name.

+

=== TSEC_SCP_CTL_STAT ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 20

−

| ~~TSEC_SCP_CTL_PKEY_REQUEST_RELOAD~~

+

| TSEC_SCP_CTL_STAT_DEBUG_MODE

−

|-

−

~~| 1~~

−

~~| TSEC_SCP_CTL_PKEY_LOADED~~

|}

−

=== ~~TSEC_SCP_CTL_DBG~~ ===

+

=== TSEC_SCP_CTL_LOCK ===

{| class="wikitable" border="1"

! Bits

Line 3,663: Line 3,735:

|-

| 0

−

| ~~Unknown~~

+

| Enable lockdown mode (locks IMEM and DMEM)

+

|-

+

| 1

+

| Lockdown has pending exit request

+

|-

+

| 2

+

| Lockdown has been enabled before

|-

| 4

−

| ~~Unknown~~

+

| Enable SCP lockdown mode (locks [[#SCP|SCP]]'s MMIO register space)

|-

−

| 8

+

| 6

−

| ~~Unknown~~

+

| SCP lockdown has been enabled before

−

|-

−

~~| 12~~

−

~~| Unknown~~

|}

−

=== ~~TSEC_SCP_DBG0~~ ===

+

Unofficial name.

+

Controls lockdown mode. Can only be cleared in HS mode.

+

=== TSEC_SCP_CFG ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0

−

| ~~Index~~

+

| Endianness for ADD

+

0: Little

+

1: Big

|-

−

| 4

+

| 1

−

| ~~Automatic increment~~

+

| Endianness for GFMUL

+

0: Little

+

1: Big

|-

−

| ~~5-6~~

+

| 2

−

| ~~Target~~

+

| Endianness for [[#LOAD|LOAD]]

−

0: ~~None~~

+

0: Little

−

1: ~~STORE~~

+

1: Big

−

~~2: LOAD~~

−

~~3: SEQ~~

|-

−

| ~~8-12~~

+

| 3

−

| ~~SEQ size~~

+

| Endianness for [[#STORE|STORE]]

+

0: Little

+

1: Big

|-

−

| ~~13-16~~

+

| 4

−

| ~~Unknown~~

+

| Endianness for [[#AES|AES]]

+

0: Little

+

1: Big

|-

−

| 17

+

| 8

−

| ~~SEQ instruction is valid~~

+

| Flush [[#CMD|CMD]]

|-

−

| 18

+

| 12-13

−

| ~~SEQ controller is running in HS mode~~

+

| Carry chain's size

−

|-

+

0: 32 bits

−

~~| 19-22~~

+

1: 64 bits

−

~~| LOAD size~~

+

2: 96 bits

+

3: 128 bits

|-

−

| 23

+

| 16-31

−

| ~~LOAD instruction is valid~~

+

| [[#SCP|SCP]]'s internal pipeline stall timeout value

+

|}

+

Unofficial name.

+

=== TSEC_SCP_CTL_SCP ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 24

+

| 0

−

| ~~LOAD interface is running in HS mode~~

+

| Swap [[#SCP|SCP]]'s master

|-

−

| ~~25-26~~

+

| 1

−

| ~~STORE size~~

+

| Current [[#SCP|SCP]]'s master

−

|-

+

0: Falcon

−

~~| 30~~

+

1: External

−

~~| STORE instruction is valid~~

−

|-

−

~~| 31~~

−

~~| STORE interface is running in HS mode~~

|}

−

~~Used for debugging crypto controllers such as the SEQ (crypto sequence)~~.

+

Unofficial name.

−

=== ~~TSEC_SCP_DBG1~~ ===

+

=== TSEC_SCP_CTL_PKEY ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0

−

| ~~SEQ instruction's first operand~~

+

| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD

|-

−

| ~~4-9~~

+

| 1

−

| ~~SEQ instruction's second operand~~

+

| TSEC_SCP_CTL_PKEY_LOADED

−

|-

−

~~| 10-14~~

−

~~| SEQ instruction's opcode~~

|}

−

~~Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ controller.~~

+

=== TSEC_SCP_CTL_DBG ===

−

=== ~~TSEC_SCP_DBG2~~ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| ~~0-1~~

+

| 4

−

| ~~SEQ controller's state~~

+

| Disable lockdown mode

−

~~0: Idle~~

−

~~1: Recording is active (cs0begin/cs1begin)~~

|-

−

| ~~4-7~~

+

| 8

−

| ~~Number of SEQ instructions left~~

+

| Disable SCP lockdown mode

−

|-

−

~~| 12-15~~

−

~~| Active crypto key register~~

|}

−

~~Used for retrieving additional debug data associated with the SEQ controller~~.

+

Unofficial name.

−

=== ~~TSEC_SCP_CMD~~ ===

+

Overrides lockdown mode. Can only be set in debug mode.

+

=== TSEC_SCP_DBG0 ===

{| class="wikitable" border="1"

! Bits

Line 3,768: Line 3,850:

|-

| 0-3

−

| ~~Destination register~~

+

| Index

+

|-

+

| 4

+

| Auto-increment

+

|-

+

| 5-6

+

| Target

+

0: None

+

1: STORE

+

2: LOAD

+

3: SEQ

|-

−

| 8-13

+

| 8-12

−

| ~~Source register or immediate value~~

+

| [[#SEQ|SEQ]]'s current sequence's size

|-

−

| 20-24

+

| 13-16

−

| ~~Command opcode~~

+

| [[#SEQ|SEQ]]'s current instruction's address

−

~~0x0: nop (fuc5 opcode 0x00)~~

−

~~0x1: cmov (fuc5 opcode 0x84)~~

−

~~0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset)~~

−

~~0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset)~~

−

~~0x4: crnd (fuc5 opcode 0x90)~~

−

~~0x5: cs0begin (fuc5 opcode 0x94)~~

−

~~0x6: cs0exec (fuc5 opcode 0x98)~~

−

~~0x7: cs1begin (fuc5 opcode 0x9C)~~

−

~~0x8: cs1exec (fuc5 opcode 0xA0)~~

−

~~0x9: invalid (fuc5 opcode 0xA4)~~

−

~~0xA: cchmod (fuc5 opcode 0xA8)~~

−

~~0xB: cxor (fuc5 opcode 0xAC)~~

−

~~0xC: cadd (fuc5 opcode 0xB0)~~

−

~~0xD: cand (fuc5 opcode 0xB4)~~

−

~~0xE: crev (fuc5 opcode 0xB8)~~

−

~~0xF: cprecmac (fuc5 opcode 0xBC)~~

−

~~0x10: csecret (fuc5 opcode 0xC0)~~

−

~~0x11: ckeyreg (fuc5 opcode 0xC4)~~

−

~~0x12: ckexp (fuc5 opcode 0xC8)~~

−

~~0x13: ckrexp (fuc5 opcode 0xCC)~~

−

~~0x14: cenc (fuc5 opcode 0xD0)~~

−

~~0x15: cdec (fuc5 opcode 0xD4)~~

−

~~0x16: csigauth (fuc5 opcode 0xD8)~~

−

~~0x17: csigenc (fuc5 opcode 0xDC)~~

−

~~0x18: csigclr (fuc5 opcode 0xE0)~~

|-

−

| 28

+

| 17

−

| ~~CMD~~ instruction is valid

+

| [[#SEQ|SEQ]]'s current instruction is valid

|-

−

| 31

+

| 18

−

| ~~CMD interface~~ is running in HS mode

+

| [[#SEQ|SEQ]] is running in HS mode

−

|}

−

~~Contains information on the last crypto command executed.~~

−

~~=== TSEC_SCP_STAT0 ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| 0

+

| 19-22

−

| ~~SCP is active~~

+

| [[#LOAD|LOAD]]'s queue's size

|-

−

| 2

+

| 23

−

| ~~CMD interface~~ is ~~active~~

+

| [[#LOAD|LOAD]]'s current operation is valid

|-

−

| 4

+

| 24

−

| ~~STORE interface~~ is ~~active~~

+

| [[#LOAD|LOAD]] is running in HS mode

|-

−

| 6

+

| 25-26

−

| ~~SEQ controller is active~~

+

| [[#STORE|STORE]]'s queue's size

|-

−

| 8

+

| 30

−

| [[#~~TSEC_SCP_CMD~~|~~TSEC_SCP_CMD~~]] ~~register~~ is ~~enabled~~

+

| [[#STORE|STORE]]'s current operation is valid

|-

−

| 10

+

| 31

−

| LOAD ~~interface is active~~

+

| [[#STORE|STORE]] is running in HS mode

+

|}

+

Unofficial name.

+

Used for debugging the [[#LOAD|LOAD]], [[#STORE|STORE]] and [[#SEQ|SEQ]] blocks.

+

=== TSEC_SCP_DBG1 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 14

+

| 0-31

−

| ~~AES controller~~ is ~~active~~

+

| Data

−

|-

+

If target is SEQ:

−

~~| 16~~

+

Bits 0-3: current instruction's first operand

−

~~| RNG controller is active~~

+

Bits 4-9: current instruction's second operand

+

Bits 10-14: current instruction's opcode

|}

−

~~Contains the status of the crypto controllers and interfaces~~.

+

Unofficial name.

−

=== ~~TSEC_SCP_STAT1~~ ===

+

Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the [[#SEQ|SEQ]] block.

+

=== TSEC_SCP_DBG2 ===

{| class="wikitable" border="1"

! Bits

Line 3,848: Line 3,920:

|-

| 0-1

−

| ~~Signature comparison result~~

+

| [[#SEQ|SEQ]]'s state

−

0: ~~None~~

+

0: Idle

−

1: ~~Running~~

+

1: Recording (cs0begin/cs1begin)

−

2: ~~Failed~~

+

2: Executing (cs0exec/cs1exec)

−

~~3: Succeeded~~

|-

−

| 4

+

| 4-7

−

| ~~LOAD interface is running in HS mode~~

+

| Number of cycles left for [[#SEQ|SEQ]]'s current sequence

|-

−

| 6

+

| 12-15

−

~~| LOAD interface is ready~~

+

| Active crypto key register (ckeyreg)

−

|-

+

|}

−

| 8

+

−

| ~~STORE interface is running in HS mode~~

+

Unofficial name.

−

|-

−

~~| 10~~

−

~~| STORE interface received a valid instruction~~

−

|-

−

~~| 12~~

−

~~| CMD interface is running in HS mode~~

−

|-

−

~~| 14~~

−

~~| CMD interface received a valid instruction~~

−

|}

−

~~Contains~~ the ~~status of the last authentication attempt and other miscellaneous statuses~~.

+

Used for retrieving additional debug data associated with the [[#SEQ|SEQ]] block.

−

=== ~~TSEC_SCP_STAT2~~ ===

+

=== TSEC_SCP_CMD ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-4

+

| 0-3

−

| ~~Current SEQ opcode~~

+

| Destination register

|-

−

| 5-9

+

| 8-13

−

| ~~Current CMD opcode~~

+

| Source register or immediate value

|-

−

| 10-14

+

| 20-24

−

| ~~Pending CMD~~ opcode

+

| Command opcode

+

0x0: nop (fuc5 opcode 0x00)

+

0x1: cmov (fuc5 opcode 0x84)

+

0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset)

+

0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset)

+

0x4: crnd (fuc5 opcode 0x90)

+

0x5: cs0begin (fuc5 opcode 0x94)

+

0x6: cs0exec (fuc5 opcode 0x98)

+

0x7: cs1begin (fuc5 opcode 0x9C)

+

0x8: cs1exec (fuc5 opcode 0xA0)

+

0x9: invalid (fuc5 opcode 0xA4)

+

0xA: cchmod (fuc5 opcode 0xA8)

+

0xB: cxor (fuc5 opcode 0xAC)

+

0xC: cadd (fuc5 opcode 0xB0)

+

0xD: cand (fuc5 opcode 0xB4)

+

0xE: crev (fuc5 opcode 0xB8)

+

0xF: cgfmul (fuc5 opcode 0xBC)

+

0x10: csecret (fuc5 opcode 0xC0)

+

0x11: ckeyreg (fuc5 opcode 0xC4)

+

0x12: ckexp (fuc5 opcode 0xC8)

+

0x13: ckrexp (fuc5 opcode 0xCC)

+

0x14: cenc (fuc5 opcode 0xD0)

+

0x15: cdec (fuc5 opcode 0xD4)

+

0x16: csigcmp (fuc5 opcode 0xD8)

+

0x17: csigenc (fuc5 opcode 0xDC)

+

0x18: csigclr (fuc5 opcode 0xE0)

|-

−

| ~~15-16~~

+

| 28

−

| ~~AES operation~~

+

| [[#CMD|CMD]]'s current instruction is valid

−

~~0: Encryption~~

−

~~1: Decryption~~

−

~~2: Key expansion~~

−

~~3: Key reverse expansion~~

|-

−

| 24

+

| 31

−

| ~~Unknown~~

+

| [[#CMD|CMD]] is running in HS mode

−

|-

−

~~| 25~~

−

~~| STORE operation is stalled~~

−

|-

−

~~| 26~~

−

~~| LOAD operation is stalled~~

−

|-

−

~~| 27~~

−

~~| RNG operation is stalled~~

−

|-

−

~~| 28~~

−

~~| Unknown~~

−

|-

−

~~| 29~~

−

| ~~AES operation~~ is ~~stalled~~

|}

−

Contains the ~~status of~~ crypto ~~operations~~.

+

Unofficial name.

+

Contains information on the last crypto command executed.

−

=== ~~TSEC_SCP_RNG_STAT0~~ ===

+

=== TSEC_SCP_STAT0 ===

{| class="wikitable" border="1"

! Bits

Line 3,923: Line 3,992:

|-

| 0

−

| ~~Internal RND controller~~ is ~~ready~~

+

| [[#SCP|SCP]] is active

+

|-

+

| 2

+

| [[#CMD|CMD]] is active

+

|-

+

| 4

+

| [[#STORE|STORE]] is active

|-

−

| 4-7

+

| 6

−

| ~~Unknown~~

+

| [[#SEQ|SEQ]] is active

+

|-

+

| 8

+

| [[#CTL|CTL]] is active

+

|-

+

| 10

+

| [[#LOAD|LOAD]] is active

|-

−

| ~~8-11~~

+

| 14

−

| ~~Unknown~~

+

| [[#AES|AES]] is active

|-

| 16

−

| ~~Unknown~~

+

| [[#RNG|RNG]] is active

−

|-

−

~~| 20~~

−

~~| Unknown~~

|}

−

~~=== TSEC_SCP_RNG_STAT1 ===~~

+

Unofficial name.

−

~~{| class="wikitable" border="1"~~

+

−

~~! Bits~~

+

Contains the statuses of hardware blocks.

−

~~! Description~~

−

|-

−

~~| 0-15~~

−

~~| Unknown~~

−

|-

−

~~| 16-31~~

−

~~| Unknown~~

−

|}

−

=== ~~TSEC_SCP_IRQSTAT~~ ===

+

=== TSEC_SCP_STAT1 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-1

−

| ~~RND ready~~

+

| Signature comparison result

+

0: None

+

1: Running

+

2: Failed

+

3: Succeeded

|-

−

| 8

+

| 4

−

| ~~ACL error~~

+

| [[#LOAD|Falcon<->LOAD]] interface is running in HS mode

|-

−

| 12

+

| 6

−

| ~~SEC error~~

+

| [[#LOAD|Falcon<->LOAD]] interface is ready

|-

−

| 16

+

| 8

−

| ~~CMD error~~

+

| [[#STORE|Falcon<->STORE]] interface is running in HS mode

|-

−

| 20

+

| 10

−

| ~~Single step~~

+

| [[#STORE|Falcon<->STORE]] interface received a valid operation

|-

−

| 24

+

| 12

−

| ~~RND operation~~

+

| [[#CMD|Falcon<->CMD]] interface is running in HS mode

|-

−

| 28

+

| 14

−

| ~~Timeout~~

+

| [[#CMD|Falcon<->CMD]] interface received a valid instruction

|}

−

~~Used for getting~~ the ~~status~~ of ~~crypto IRQs~~.

+

Unofficial name.

+

Contains the statuses of hardware interfaces and the result of the last authentication attempt.

−

=== ~~TSEC_SCP_IRQMASK~~ ===

+

=== TSEC_SCP_STAT2 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-4

−

| ~~RND ready~~

+

| Current opcode in [[#SEQ|SEQ]]

|-

−

| 8

+

| 5-9

−

| ~~ACL error~~

+

| Current opcode in [[#CMD|Falcon<->CMD]] interface

|-

−

| 12

+

| 10-14

−

| ~~SEC error~~

+

| Pending opcode in [[#CMD|CMD]]

|-

−

| 16

+

| 15-16

−

| ~~CMD error~~

+

| Current opcode in [[#AES|AES]]

+

0: Encryption

+

1: Decryption

+

2: Key expansion

+

3: Key reverse expansion

+

|-

+

| 24

+

| [[#SCP|SCP]]'s internal pipeline is stalled on hazard

+

|-

+

| 25

+

| [[#STORE|STORE]] is stalled

|-

−

| 20

+

| 26

−

| ~~Single step~~

+

| [[#LOAD|LOAD]] is stalled

|-

−

| 24

+

| 27

−

| ~~RND operation~~

+

| [[#RNG|RNG]] is stalled

|-

| 28

−

| ~~Timeout~~

+

| [[#SCP|SCP]]'s internal pipeline is stalled on writeback

+

|-

+

| 29

+

| [[#AES|AES]] is stalled

|}

−

~~Used for getting the value of the mask for crypto IRQs~~.

+

Unofficial name.

−

=== ~~TSEC_SCP_ACL_ERR~~ ===

+

Contains the status of crypto operations.

+

=== TSEC_SCP_RNG_STAT0 ===

{| class="wikitable" border="1"

! Bits

Line 4,014: Line 4,105:

|-

| 0

−

| ~~Writing to a crypto register without the correct ACL~~

+

| [[#RND|RND]] is ready

+

|-

+

| 4-7

+

| Unknown

|-

−

| 4

+

| 8-11

−

| ~~Reading from a crypto register without the correct ACL~~

+

| Unknown

|-

−

| 8

+

| 16

−

| ~~Invalid ACL change (cchmod)~~

+

| Unknown

|-

−

| 31

+

| 20

−

| ~~ACL error occurred~~

+

| Unknown

|}

−

~~Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ~~.

+

Unofficial name.

−

=== ~~TSEC_SCP_SEC_ERR~~ ===

+

=== TSEC_SCP_RNG_STAT1 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-15

| Unknown

|-

−

| 1-2

+

| 16-31

−

~~| Unknown~~

−

|-

−

~~| 4~~

| Unknown

+

|}

+

Unofficial name.

+

=== TSEC_SCP_IRQSTAT ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0

+

| [[#RND|RND]] ready

+

|-

+

| 8

+

| ACL error

|-

−

| ~~5-6~~

+

| 12

−

| ~~Unknown~~

+

| SEC error

|-

| 16

−

| ~~Unknown~~

+

| [[#CMD|CMD]] error

−

|-

−

~~| 17-18~~

−

~~| Unknown~~

|-

| 20

−

| ~~Unknown~~

+

| Single step

−

|-

−

~~| 21-22~~

−

~~| Unknown~~

|-

| 24

−

| ~~Unknown~~

+

| [[#RND|RND]] clock trigger

|-

−

| ~~25-26~~

+

| 28

−

| ~~Unknown~~

+

| Stall timeout

−

|-

−

~~| 31~~

−

~~| SEC error occurred~~

|}

−

=== ~~TSEC_SCP_CMD_ERR~~ ===

+

Unofficial name.

+

=== TSEC_SCP_IRQMASK ===

{| class="wikitable" border="1"

! Bits

Line 4,073: Line 4,171:

|-

| 0

−

| ~~Invalid command~~

+

| [[#RND|RND]] ready

−

|-

−

~~| 4~~

−

~~| Empty crypto sequence~~

|-

| 8

−

| ~~Crypto sequence is too long~~

+

| ACL error

|-

| 12

−

| ~~Crypto sequence was not finished~~

+

| SEC error

|-

| 16

−

| ~~Forbidden signature operation (csigenc, csigclr or csigauth in NS mode)~~

+

| [[#CMD|CMD]] error

|-

| 20

−

| ~~Invalid signature operation (csigauth in HS mode)~~

+

| Single step

|-

| 24

−

| ~~Forbidden ACL change (cchmod in NS mode)~~

+

| [[#RND|RND]] clock trigger

+

|-

+

| 28

+

| Stall timeout

|}

−

~~Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|CMD error]] IRQ~~.

+

Unofficial name.

−

=== ~~TSEC_SCP_RND_CTL0~~ ===

+

=== TSEC_SCP_ACL_ERR ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0~~-31~~

+

| 0

−

| ~~RND clock trigger lower limit~~

+

| Writing to a crypto register without the correct ACL

−

|}

+

|-

−

+

| 4

−

~~=== TSEC_SCP_RND_CTL1 ===~~

+

| Reading from a crypto register without the correct ACL

−

{| ~~class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| ~~0-15~~

+

| 8

−

| ~~RND clock trigger upper limit~~

+

| Invalid ACL change (cchmod)

|-

−

| ~~16-~~31

+

| 31

−

| ~~RND clock trigger mask~~

+

| ACL error occurred

|}

−

=== ~~TSEC_TFBIF_CTL~~ ===

+

Unofficial name.

+

Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.

+

=== TSEC_SCP_SEC_ERR ===

{| class="wikitable" border="1"

! Bits

Line 4,123: Line 4,222:

|-

| 0

−

| ~~TSEC_TFBIF_CTL_CLR_BWCOUNT~~

+

| Security mode changed during sequence execution (cs0exec/cs1exec)

|-

−

| 1

+

| 1-2

−

| ~~TSEC_TFBIF_CTL_ENABLE~~

+

| Security mode at the beginning of sequence execution

+

0: Non-secure

+

1: Heavy Secure

|-

−

| 2

+

| 4

−

| ~~TSEC_TFBIF_CTL_CLR_IDLEWDERR~~

+

| Security mode changed during sequence recording (cs0begin/cs1begin)

|-

−

| 3

+

| 5-6

−

| ~~TSEC_TFBIF_CTL_RESET~~

+

| Security mode at the beginning of sequence recording

+

0: Non-secure

+

1: Heavy Secure

|-

−

| 4

+

| 16

−

| ~~TSEC_TFBIF_CTL_IDLE~~

+

| Security mode changed while reading from crypto register/stream (cxsout or xdld)

|-

−

| 5

+

| 17-18

−

| ~~TSEC_TFBIF_CTL_IDLEWDERR~~

+

| Security mode at the beginning of reading from crypto register/stream

+

0: Non-secure

+

1: Heavy Secure

|-

−

| 6

+

| 20

−

| ~~TSEC_TFBIF_CTL_SRTOUT~~

+

| Security mode and memory source changed while writing to crypto register/stream (cxsin or xdst)

+

|-

+

| 21-22

+

| Security mode when memory source changed while writing to crypto register/stream

+

0: Non-secure

+

1: Heavy Secure

|-

−

| 7

+

| 24

−

| ~~TSEC_TFBIF_CTL_CLR_SRTOUT~~

+

| Security mode changed while writing to crypto register/stream (cxsin or xdst)

|-

−

| 8-11

+

| 25-26

−

| ~~TSEC_TFBIF_CTL_SRTOVAL~~

+

| Security mode at the beginning of writing to crypto register/stream

+

0: Non-secure

+

1: Heavy Secure

|-

−

| 12

+

| 31

−

| ~~TSEC_TFBIF_CTL_VPR~~

+

| SEC error occurred

|}

−

=== ~~TSEC_TFBIF_MCCIF_FIFOCTRL~~ ===

+

Unofficial name.

+

Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|SEC error]] IRQ.

+

=== TSEC_SCP_CMD_ERR ===

{| class="wikitable" border="1"

! Bits

Line 4,159: Line 4,275:

|-

| 0

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE~~

+

| [[#CMD|CMD]]'s instruction is invalid

|-

−

| 1

+

| 4

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE~~

+

| [[#SEQ|SEQ]]'s sequence is empty

|-

−

| 2

+

| 8

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X~~

+

| [[#SEQ|SEQ]]'s sequence is too long

|-

−

| 3

+

| 12

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST~~

+

| [[#SEQ|SEQ]]'s sequence was not finished

|-

−

| 4

+

| 16

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X~~

+

| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)

|-

−

| 5

+

| 20

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST~~

+

| Invalid signature operation (csigcmp in HS mode)

|-

−

| 6

+

| 24

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE~~

+

| Forbidden ACL change (cchmod in NS mode)

−

|-

+

|}

−

| 7

+

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVR_MODE~~

+

Unofficial name.

+

Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|CMD error]] IRQ.

+

=== TSEC_SCP_RND_CTL0 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 8

+

| 0-31

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVR_MODE~~

+

| [[#RND|RND]] clock trigger's lower limit

|}

−

=== ~~TSEC_TFBIF_THROTTLE~~ ===

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL1 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-11

+

| 0-15

−

| ~~TSEC_TFBIF_THROTTLE_BUCKET_SIZE~~

+

| [[#RND|RND]] clock trigger's upper limit

|-

−

| 16-27

+

| 16-31

−

| ~~TSEC_TFBIF_THROTTLE_LEAK_COUNT~~

+

| [[#RND|RND]] clock trigger's mask

+

|}

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL2 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 30-31

+

| 0-15

−

| ~~TSEC_TFBIF_THROTTLE_LEAK_SIZE~~

+

| Unknown

|}

−

=== ~~TSEC_TFBIF_DBG_STAT0~~ ===

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL3 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 12

−

| ~~TSEC_TFBIF_DBG_STAT0_1K_TRANSFER~~

+

| Trigger first LFSR

|-

−

| 1

+

| 16

−

~~| TSEC_TFBIF_DBG_STAT0_RREQ_ISSUED~~

+

| Trigger second LFSR

+

|}

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL4 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 2

+

| 0-31

−

| ~~TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED~~

+

| First LFSR's polynomial for [[#RNG|RNG]]'s test mode

+

|}

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL5 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 3

+

| 0-31

−

| ~~TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED~~

+

| First LFSR's initial state for [[#RNG|RNG]]'s test mode

+

|}

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL6 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 4

+

| 0-31

−

| ~~TSEC_TFBIF_DBG_STAT0_STALL_RDATQ~~

+

| Second LFSR's polynomial for [[#RNG|RNG]]'s test mode

+

|}

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL7 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 5

+

| 0-31

−

| ~~TSEC_TFBIF_DBG_STAT0_STALL_RACKQ~~

+

| Second LFSR's initial state for [[#RNG|RNG]]'s test mode

+

|}

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL8 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 6

+

| 0-15

−

| ~~TSEC_TFBIF_DBG_STAT0_STALL_WREQQ~~

+

| Unknown

|-

−

| 7

+

| 16-31

−

| ~~TSEC_TFBIF_DBG_STAT0_STALL_WDATQ~~

+

| Unknown

−

|-

+

|}

−

| 8

+

−

~~| TSEC_TFBIF_DBG_STAT0_STALL_WACKQ~~

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL9 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 9

+

| 0-15

−

| ~~TSEC_TFBIF_DBG_STAT0_STALL_RREQ_PENDING~~

+

| Unknown

|-

−

~~| 10~~

+

| 16-31

−

~~| TSEC_TFBIF_DBG_STAT0_STALL_WREQ_PENDING~~

+

| Unknown

−

|-

−

~~| 11~~

−

~~| TSEC_TFBIF_DBG_STAT0_STALL_MREQ~~

−

|-

−

~~| 12~~

−

~~| TSEC_TFBIF_DBG_STAT0_ENGINE_IDLE~~

−

|-

−

~~| 13~~

−

~~| TSEC_TFBIF_DBG_STAT0_RMCCIF_IDLE~~

−

|-

−

~~| 14~~

−

~~| TSEC_TFBIF_DBG_STAT0_WMCCIF_IDLE~~

−

|-

−

~~| 15~~

−

~~| TSEC_TFBIF_DBG_STAT0_CSB_IDLE~~

−

|-

−

| 16

−

~~| TSEC_TFBIF_DBG_STAT0_RU_IDLE~~

−

|-

−

| 17

−

~~| TSEC_TFBIF_DBG_STAT0_WU_IDLE~~

−

|-

−

~~| 19~~

−

~~| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_ACTIVE~~

−

|-

−

~~| 20~~

−

~~| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_MCB~~

|}

−

=== ~~TSEC_TFBIF_DBG_STAT1~~ ===

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL10 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0-15

−

| ~~TSEC_TFBIF_DBG_STAT1_DATA~~

+

| Unknown

+

|-

+

| 16-31

+

| Unknown

|}

−

=== ~~TSEC_TFBIF_DBG_RDCOUNT_LO~~ ===

+

Unofficial name.

+

=== TSEC_SCP_RND_CTL11 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0

−

| ~~TSEC_TFBIF_DBG_RDCOUNT_LO_DATA~~

+

| Unknown

+

|-

+

| 1

+

| Unknown

+

|-

+

| 2

+

| Unknown

+

|-

+

| 3

+

| Unknown

+

|-

+

| 4-5

+

| First sampler's source

+

0: Oscillator

+

1: Unknown

+

2: LFSR

+

3: Dummy

+

|-

+

| 6-7

+

| Second sampler's source

+

0: Oscillator

+

1: Unknown

+

2: LFSR

+

3: Dummy

+

|-

+

| 8-11

+

| First sampler's tap value

+

|-

+

| 12-15

+

| Second sampler's tap value

+

|-

+

| 16-19

+

| Unknown

+

|-

+

| 20-23

+

| Unknown

+

|-

+

| 24-30

+

| Unknown

+

|-

+

| 31

+

| Unknown

|}

−

=== ~~TSEC_TFBIF_DBG_RDCOUNT_HI~~ ===

+

Unofficial name.

+

=== TSEC_TFBIF_CTL ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0

−

| ~~TSEC_TFBIF_DBG_RDCOUNT_HI_DATA~~

+

| TSEC_TFBIF_CTL_CLR_BWCOUNT

−

|}

+

|-

−

+

| 1

−

~~=== TSEC_TFBIF_DBG_WRCOUNT_LO ===~~

+

| TSEC_TFBIF_CTL_ENABLE

−

{| ~~class="wikitable" border="1"~~

+

|-

−

~~! Bits~~

+

| 2

−

~~! Description~~

+

| TSEC_TFBIF_CTL_CLR_IDLEWDERR

+

|-

+

| 3

+

| TSEC_TFBIF_CTL_RESET

+

|-

+

| 4

+

| TSEC_TFBIF_CTL_IDLE

+

|-

+

| 5

+

| TSEC_TFBIF_CTL_IDLEWDERR

+

|-

+

| 6

+

| TSEC_TFBIF_CTL_SRTOUT

+

|-

+

| 7

+

| TSEC_TFBIF_CTL_CLR_SRTOUT

|-

−

| 0-31

+

| 8-11

−

| ~~TSEC_TFBIF_DBG_WRCOUNT_LO_DATA~~

+

| TSEC_TFBIF_CTL_SRTOVAL

−

|}

−

~~=== TSEC_TFBIF_DBG_WRCOUNT_HI ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| ~~0-31~~

+

| 12

−

| ~~TSEC_TFBIF_DBG_WRCOUNT_HI_DATA~~

+

| TSEC_TFBIF_CTL_VPR

|}

−

=== ~~TSEC_TFBIF_DBG_R32COUNT~~ ===

+

=== TSEC_TFBIF_MCCIF_FIFOCTRL ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0

−

| ~~TSEC_TFBIF_DBG_R32COUNT_DATA~~

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE

+

|-

+

| 1

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE

+

|-

+

| 2

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X

+

|-

+

| 3

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST

+

|-

+

| 4

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X

+

|-

+

| 5

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST

+

|-

+

| 6

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE

+

|-

+

| 7

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVR_MODE

+

|-

+

| 8

+

| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVR_MODE

|}

−

=== ~~TSEC_TFBIF_DBG_R64COUNT~~ ===

+

=== TSEC_TFBIF_THROTTLE ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-31

+

| 0-11

−

| ~~TSEC_TFBIF_DBG_R64COUNT_DATA~~

+

| TSEC_TFBIF_THROTTLE_BUCKET_SIZE

+

|-

+

| 16-27

+

| TSEC_TFBIF_THROTTLE_LEAK_COUNT

+

|-

+

| 30-31

+

| TSEC_TFBIF_THROTTLE_LEAK_SIZE

|}

−

=== ~~TSEC_TFBIF_DBG_R128COUNT~~ ===

+

=== TSEC_TFBIF_DBG_STAT0 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0~~-31~~

+

| 0

−

| ~~TSEC_TFBIF_DBG_R128COUNT_DATA~~

+

| TSEC_TFBIF_DBG_STAT0_1K_TRANSFER

−

|}

+

|-

−

+

| 1

−

~~=== TSEC_TFBIF_MCCIF_FIFOCTRL1 ===~~

+

| TSEC_TFBIF_DBG_STAT0_RREQ_ISSUED

−

{| ~~class="wikitable" border="~~1"

−

~~! Bits~~

−

~~! Description~~

|-

−

| ~~0-15~~

+

| 2

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT~~

+

| TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED

|-

−

| ~~16-31~~

+

| 3

−

| ~~TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT~~

+

| TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED

−

|}

−

~~=== TSEC_TFBIF_WRR_RDP ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| ~~0-15~~

+

| 4

−

| ~~TSEC_TFBIF_WRR_RDP_EXT_WEIGHT~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_RDATQ

|-

−

| ~~16-31~~

+

| 5

−

| ~~TSEC_TFBIF_WRR_RDP_INT_WEIGHT~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_RACKQ

−

|}

−

~~=== TSEC_TFBIF_SPROT_EMEM ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| ~~0-3~~

+

| 6

−

| ~~Read access level~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_WREQQ

|-

−

| 4-7

+

| 7

−

| ~~Write access level~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_WDATQ

−

|}

+

|-

−

+

| 8

−

~~Controls accesses to external memory regions. Accessible in HS mode only.~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_WACKQ

−

~~=== TSEC_TFBIF_TRANSCFG ===~~

−

{| ~~class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| 0

+

| 9

−

| ~~TSEC_TFBIF_TRANSCFG_ATT0_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_RREQ_PENDING

|-

−

| 4

+

| 10

−

| ~~TSEC_TFBIF_TRANSCFG_ATT1_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_WREQ_PENDING

|-

−

| 8

+

| 11

−

| ~~TSEC_TFBIF_TRANSCFG_ATT2_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_STALL_MREQ

|-

| 12

−

| ~~TSEC_TFBIF_TRANSCFG_ATT3_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_ENGINE_IDLE

+

|-

+

| 13

+

| TSEC_TFBIF_DBG_STAT0_RMCCIF_IDLE

+

|-

+

| 14

+

| TSEC_TFBIF_DBG_STAT0_WMCCIF_IDLE

+

|-

+

| 15

+

| TSEC_TFBIF_DBG_STAT0_CSB_IDLE

|-

| 16

−

| ~~TSEC_TFBIF_TRANSCFG_ATT4_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_RU_IDLE

|-

−

| 20

+

| 17

−

| ~~TSEC_TFBIF_TRANSCFG_ATT5_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_WU_IDLE

|-

−

| 24

+

| 19

−

| ~~TSEC_TFBIF_TRANSCFG_ATT6_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_ACTIVE

|-

−

| 28

+

| 20

−

| ~~TSEC_TFBIF_TRANSCFG_ATT7_SWID~~

+

| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_MCB

|}

−

~~Configures the software ID per CTXDMA port for memory transactions. Software ID~~ 0 ~~(HW_SWID) forces all transactions to go through the SMMU while software ID 1 (PHY_SWID) bypasses it. Accessible in HS mode only.~~

+

=== TSEC_TFBIF_DBG_STAT1 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| TSEC_TFBIF_DBG_STAT1_DATA

+

|}

−

~~[6.~~0~~.0+] The nvhost_tsec firmware sets this register to 0x10 or 0x111110 before reading memory from the GPU UCODE carveout.~~

+

=== TSEC_TFBIF_DBG_RDCOUNT_LO ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| TSEC_TFBIF_DBG_RDCOUNT_LO_DATA

+

|}

−

=== ~~TSEC_TFBIF_REGIONCFG~~ ===

+

=== TSEC_TFBIF_DBG_RDCOUNT_HI ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-2

+

| 0-31

−

| ~~TSEC_TFBIF_REGIONCFG_T0_APERT_ID~~

+

| TSEC_TFBIF_DBG_RDCOUNT_HI_DATA

+

|}

+

=== TSEC_TFBIF_DBG_WRCOUNT_LO ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 3

+

| 0-31

−

| ~~TSEC_TFBIF_REGIONCFG_T0_VPR~~

+

| TSEC_TFBIF_DBG_WRCOUNT_LO_DATA

+

|}

+

=== TSEC_TFBIF_DBG_WRCOUNT_HI ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 4-6

+

| 0-31

−

| ~~TSEC_TFBIF_REGIONCFG_T1_APERT_ID~~

+

| TSEC_TFBIF_DBG_WRCOUNT_HI_DATA

+

|}

+

=== TSEC_TFBIF_DBG_R32COUNT ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 7

+

| 0-31

−

| ~~TSEC_TFBIF_REGIONCFG_T1_VPR~~

+

| TSEC_TFBIF_DBG_R32COUNT_DATA

+

|}

+

=== TSEC_TFBIF_DBG_R64COUNT ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 8-10

+

| 0-31

−

| ~~TSEC_TFBIF_REGIONCFG_T2_APERT_ID~~

+

| TSEC_TFBIF_DBG_R64COUNT_DATA

+

|}

+

=== TSEC_TFBIF_DBG_R128COUNT ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 11

+

| 0-31

−

| ~~TSEC_TFBIF_REGIONCFG_T2_VPR~~

+

| TSEC_TFBIF_DBG_R128COUNT_DATA

+

|}

+

=== TSEC_TFBIF_MCCIF_FIFOCTRL1 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 12-14

+

| 0-15

−

| ~~TSEC_TFBIF_REGIONCFG_T3_APERT_ID~~

+

| TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT

|-

−

~~| 15~~

+

| 16-31

−

~~| TSEC_TFBIF_REGIONCFG_T3_VPR~~

+

| TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT

−

|-

+

|}

−

| 16-18

−

~~| TSEC_TFBIF_REGIONCFG_T4_APERT_ID~~

−

|-

−

~~| 19~~

−

~~| TSEC_TFBIF_REGIONCFG_T4_VPR~~

−

|-

−

~~| 20-22~~

−

~~| TSEC_TFBIF_REGIONCFG_T5_APERT_ID~~

−

|-

−

~~| 23~~

−

~~| TSEC_TFBIF_REGIONCFG_T5_VPR~~

−

|-

−

~~| 24-26~~

−

~~| TSEC_TFBIF_REGIONCFG_T6_APERT_ID~~

−

|-

−

~~| 27~~

−

~~| TSEC_TFBIF_REGIONCFG_T6_VPR~~

−

|-

−

~~| 28-30~~

−

~~| TSEC_TFBIF_REGIONCFG_T7_APERT_ID~~

−

|-

−

| 31

−

| ~~TSEC_TFBIF_REGIONCFG_T7_VPR~~

−

|}

−

~~Configures the aperture ID and VPR mode per CTXDMA port for memory region accessing. Accessible in HS mode only.~~

+

=== TSEC_TFBIF_SPROT_EMEM ===

−

~~[6.0.0+] The nvhost_tsec firmware sets this register to 0x20 or 0x140 before reading memory from the GPU UCODE carveout.~~

−

=== ~~TSEC_TFBIF_ACTMON_ACTIVE_MASK~~ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-2

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_MASK_STARVED_MC~~

+

| Read access level

|-

−

| 1

+

| 3

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_MASK_STALLED_MC~~

+

| Set on memory read access violation

|-

−

| 2

+

| 4-6

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_MASK_DELAYED_MC~~

+

| Write access level

|-

−

| 3

+

| 7

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_MASK_ACTIVE~~

+

| Set on memory write access violation

|}

−

~~Takes the memory access mask for the Activity Monitor. Disconnected on the TSEC~~.

+

Unofficial name.

−

=== ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS~~ ===

+

Controls accesses to external memory regions. Accessible in HS mode only.

+

=== TSEC_TFBIF_TRANSCFG ===

{| class="wikitable" border="1"

! Bits

Line 4,495: Line 4,750:

|-

| 0

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STARVED_MC_POLARITY~~

+

| TSEC_TFBIF_TRANSCFG_ATT0_SWID

|-

−

| 1

+

| 4

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STARVED_MC_OPERATION~~

+

| TSEC_TFBIF_TRANSCFG_ATT1_SWID

|-

−

| 2

+

| 8

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STALLED_MC_POLARITY~~

+

| TSEC_TFBIF_TRANSCFG_ATT2_SWID

|-

−

| 3

+

| 12

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STALLED_MC_OPERATION~~

+

| TSEC_TFBIF_TRANSCFG_ATT3_SWID

|-

−

| 4

+

| 16

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_DELAYED_MC_POLARITY~~

+

| TSEC_TFBIF_TRANSCFG_ATT4_SWID

|-

−

| 5

+

| 20

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_DELAYED_MC_OPERATION~~

+

| TSEC_TFBIF_TRANSCFG_ATT5_SWID

|-

−

| 6

+

| 24

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_ACTIVE_POLARITY~~

+

| TSEC_TFBIF_TRANSCFG_ATT6_SWID

|-

−

| 7

+

| 28

−

| ~~TSEC_TFBIF_ACTMON_ACTIVE_BORPS_ACTIVE_OPERATION~~

+

| TSEC_TFBIF_TRANSCFG_ATT7_SWID

|}

−

~~Takes~~ the ~~billions of records~~ per ~~second count~~ for the ~~Activity Monitor~~. ~~Disconnected on the TSEC~~.

+

Configures the software ID per CTXDMA port for memory transactions. Software ID 0 (HW_SWID) forces all transactions to go through the SMMU while software ID 1 (PHY_SWID) bypasses it. Accessible in HS mode only.

−

~~=== TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT ===~~

+

[6.0.0+] The nvhost_tsec firmware sets this register to 0x10 or 0x111110 before reading memory from the GPU UCODE carveout.

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

−

|-

−

| 0~~-31~~

−

~~| TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT_VAL~~

−

|}

−

~~Controls the Activity Monitor. Disconnected on the TSEC.~~

+

=== TSEC_TFBIF_REGIONCFG ===

−

=== ~~TSEC_TFBIF_ACTMON_MCB_MASK~~ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-2

−

| ~~TSEC_TFBIF_ACTMON_MCB_MASK_STARVED_MC~~

+

| TSEC_TFBIF_REGIONCFG_T0_APERT_ID

|-

−

| 1

+

| 3

−

| ~~TSEC_TFBIF_ACTMON_MCB_MASK_STALLED_MC~~

+

| TSEC_TFBIF_REGIONCFG_T0_VPR

|-

−

| 2

+

| 4-6

−

| ~~TSEC_TFBIF_ACTMON_MCB_MASK_DELAYED_MC~~

+

| TSEC_TFBIF_REGIONCFG_T1_APERT_ID

|-

−

| 3

+

| 7

−

| ~~TSEC_TFBIF_ACTMON_MCB_MASK_ACTIVE~~

+

| TSEC_TFBIF_REGIONCFG_T1_VPR

−

|}

+

|-

−

+

| 8-10

−

~~Disconnected on the TSEC.~~

+

| TSEC_TFBIF_REGIONCFG_T2_APERT_ID

−

+

|-

−

~~=== TSEC_TFBIF_ACTMON_MCB_BORPS ===~~

+

| 11

−

{| ~~class="wikitable" border="1"~~

+

| TSEC_TFBIF_REGIONCFG_T2_VPR

−

~~! Bits~~

+

|-

−

~~! Description~~

+

| 12-14

+

| TSEC_TFBIF_REGIONCFG_T3_APERT_ID

+

|-

+

| 15

+

| TSEC_TFBIF_REGIONCFG_T3_VPR

|-

−

| 0

+

| 16-18

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_STARVED_MC_POLARITY~~

+

| TSEC_TFBIF_REGIONCFG_T4_APERT_ID

|-

−

| 1

+

| 19

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_STARVED_MC_OPERATION~~

+

| TSEC_TFBIF_REGIONCFG_T4_VPR

|-

−

| 2

+

| 20-22

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_STALLED_MC_POLARITY~~

+

| TSEC_TFBIF_REGIONCFG_T5_APERT_ID

|-

−

| 3

+

| 23

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_STALLED_MC_OPERATION~~

+

| TSEC_TFBIF_REGIONCFG_T5_VPR

|-

−

| 4

+

| 24-26

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_DELAYED_MC_POLARITY~~

+

| TSEC_TFBIF_REGIONCFG_T6_APERT_ID

|-

−

| 5

+

| 27

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_DELAYED_MC_OPERATION~~

+

| TSEC_TFBIF_REGIONCFG_T6_VPR

|-

−

| 6

+

| 28-30

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_ACTIVE_POLARITY~~

+

| TSEC_TFBIF_REGIONCFG_T7_APERT_ID

|-

−

| 7

+

| 31

−

| ~~TSEC_TFBIF_ACTMON_MCB_BORPS_ACTIVE_OPERATION~~

+

| TSEC_TFBIF_REGIONCFG_T7_VPR

|}

−

~~Disconnected on~~ the ~~TSEC~~.

+

Configures the aperture ID and VPR mode per CTXDMA port for memory region accessing. Accessible in HS mode only.

−

=== ~~TSEC_TFBIF_ACTMON_MCB_WEIGHT~~ ===

+

[6.0.0+] The nvhost_tsec firmware sets this register to 0x20 or 0x140 before reading memory from the GPU UCODE carveout.

+

=== TSEC_CG ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

~~| 0-31~~

+

| 0-5

−

~~| TSEC_TFBIF_ACTMON_MCB_WEIGHT_VAL~~

−

|}

−

~~Disconnected on the TSEC.~~

−

~~=== TSEC_TFBIF_THI_TRANSPROP ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

−

|-

−

~~| 0-6~~

−

~~| TSEC_TFBIF_THI_TRANSPROP_STREAMID0~~

−

|-

−

~~| 8-14~~

−

~~| TSEC_TFBIF_THI_TRANSPROP_STREAMID1~~

−

|-

−

~~| 16~~

−

~~| TSEC_TFBIF_THI_TRANSPROP_TZ_AUTH~~

−

|}

−

~~=== TSEC_CG ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

−

|-

−

| 0-5

| TSEC_CG_IDLE_CG_DLY_CNT

|-

Line 4,650: Line 4,874:

2: Error

3: Disabled

+

|-

+

| 16-17

+

| TSEC_BAR0_CTL_SEC_MODE

+

0: Non-secure

+

1: Invalid

+

2: Light Secure

+

3: Heavy Secure

|-

| 31

Line 4,655: Line 4,886:

|}

−

~~A BAR0 DMA read/write operation requires bits TSEC_BAR0_CTL_INIT and TSEC_BAR0_CTL_READ/TSEC_BAR0_CTL_WRITE to be set in TSEC_BAR0_CTL~~.

+

Unofficial name.

−

~~During the transfer, TSEC_BAR0_CTL_STATUS is set to "Busy"~~.

+

Controls DMA transfers between TSEC and HOST1X (master and clients).

−

~~Accessing an invalid address~~ sets ~~TSEC_BAR0_CTL_STATUS~~ to ~~"Error"~~.

+

Starting a transfer over BAR0 automatically sets TSEC_BAR0_CTL_SEC_MODE to the current Falcon security mode. Once set, any attempts to start a transfer from a lower security level will fail.

=== TSEC_BAR0_ADDR ===

Line 4,669: Line 4,900:

| TSEC_BAR0_ADDR_VAL

|}

+

Unofficial name.

Takes the address for DMA transfers between TSEC and HOST1X (master and clients).

Line 4,680: Line 4,913:

| TSEC_BAR0_DATA_VAL

|}

+

Unofficial name.

Takes the data for DMA transfers between TSEC and HOST1X (master and clients).

Line 4,691: Line 4,926:

| TSEC_BAR0_TIMEOUT_VAL

|}

+

Unofficial name.

Takes the timeout value for DMA transfers between TSEC and HOST1X (master and clients).

−

=== ~~TSEC_TEGRA_CTL~~ ===

+

=== TSEC_VERSION ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 16

+

| 0-31

−

~~| TSEC_TEGRA_CTL_TKFI_KFUSE~~

+

| Version

−

|-

−

~~| 17~~

−

~~| TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE~~

−

|-

−

~~| 24~~

−

~~| TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C~~

−

|-

−

| 25

−

~~| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X~~

−

|-

−

~~| 26~~

−

~~| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB~~

−

|-

−

~~| 27~~

−

~~| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C~~

|}

−

~~== Falcon ==~~

+

Unofficial name.

−

"Falcon" (FAst Logic CONtroller) is a proprietary general purpose CPU which can be found inside various hardware blocks that require some sort of logic processing such as TSEC (TSECA and TSECB), NVDEC, NVENC, NVJPG, VIC, GPU PMU and XUSB.

−

=== ~~Processor Registers~~ ===

+

=== TSEC_SCRATCH0 ===

−

~~A total of 32 processor registers are available in the Falcon CPU.~~

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== REG0-REG15 ====~~

+

Unofficial name.

−

~~These are 16 32-bit GPRs (general purpose registers)~~.

−

==== ~~IV0~~ ====

+

=== TSEC_SCRATCH1 ===

−

~~This is a SPR (special purpose register) that holds the address for interrupt vector~~ 0.

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== IV1 ====~~

+

Unofficial name.

−

~~This is a SPR (special purpose register) that holds the address for interrupt vector 1~~.

−

==== ~~IV2~~ ====

+

=== TSEC_SCRATCH2 ===

−

~~This is a SPR (special purpose register) that holds the address for interrupt vector 2. This register is considered~~ "~~UNDEFINED~~" ~~and appears to be unused.~~

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== EV ====~~

+

Unofficial name.

−

~~This is a SPR (special purpose register) that holds the address for the exception vector~~.

−

~~Alternative name (envytools):~~ "tv".

+

=== TSEC_SCRATCH3 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== SP ====~~

+

Unofficial name.

−

~~This is a SPR (special purpose register) that holds the current stack pointer~~.

−

==== PC ====

+

=== TSEC_SCRATCH4 ===

−

~~This is a SPR (special purpose register) that holds the current program counter.~~

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== IMB ====~~

+

Unofficial name.

−

~~This is a SPR (special purpose register) that holds the external base address for IMEM transfers~~.

−

~~Alternative name (envytools):~~ "~~xcbase~~".

+

=== TSEC_SCRATCH5 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== DMB ====~~

+

Unofficial name.

−

~~This is a SPR (special purpose register) that holds the external base address for DMEM transfers~~.

−

~~Alternative name (envytools):~~ "~~xdbase~~".

+

=== TSEC_SCRATCH6 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-31

+

| Value

+

|}

−

~~==== CSW ====~~

+

Unofficial name.

−

~~This is a SPR (special purpose register) that holds various flag bits~~.

+

=== TSEC_SCRATCH7 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-7 || ~~General purpose predicates~~

+

| 0-31

+

| Value

+

|}

+

Unofficial name.

+

=== TSEC_GPTMRINT ===

+

Unofficial name.

+

Same as [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]], but for an unknown hardware block.

+

=== TSEC_GPTMRVAL ===

+

Unofficial name.

+

Same as [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]], but for an unknown hardware block.

+

=== TSEC_GPTMRCTL ===

+

Unofficial name.

+

Same as [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]], but for an unknown hardware block.

+

=== TSEC_ITFEN ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 8 || ~~ALU carry flag~~

+

| 0

+

| Enable [[#TSEC_GPTMRINT|TSEC_GPTMRINT]]

|-

−

| 9 |~~| ALU signed overflow flag~~

+

| 1

+

| Unknown

|-

−

| 10 |~~| ALU sign flag~~

+

| 2

+

| Unknown

|-

−

| 11 || ~~ALU zero flag~~

+

| 3

−

|-

+

| Unknown

−

| ~~12-15 || Unused~~

+

|}

−

|-

+

−

~~| 16 || Interrupt 0 enable~~

+

Unofficial name.

+

=== TSEC_ITFSTAT ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 17 || ~~Interrupt 1 enable~~

+

| 0

+

| [[#TSEC_GPTMRINT|TSEC_GPTMRINT]] is enabled

|-

−

| 18 |~~| Interrupt 2 enable (undefined)~~

+

| 1

+

| Unknown

|-

−

| 19 |~~| Unused~~

+

| 2

+

| Unknown

|-

−

| 20 || ~~Interrupt 0 saved enable~~

+

| 3

+

| Unknown

+

|}

+

Unofficial name.

+

=== TSEC_TEGRA_CTL ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

|-

−

| 21 |~~| Interrupt 1 saved enable~~

+

| 16

+

| TSEC_TEGRA_CTL_TKFI_KFUSE

|-

−

| 22 |~~| Interrupt 2 saved enable (undefined)~~

+

| 17

+

| TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE

|-

−

| 23 |~~| Unused~~

+

| 24

+

| TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C

|-

−

| 24 |~~| Exception active~~

+

| 25

+

| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X

|-

−

| 25 |~~| Unused~~

+

| 26

+

| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB

|-

−

~~| 26 || Unknown~~

+

| 27

−

|-

+

| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C

−

| 27~~-28 || Unused~~

−

|-

−

| ~~29 || Unknown~~

−

|-

−

~~| 30-31 || Unused~~

|}

−

~~Alternative name~~ (~~envytools~~)~~: "flags"~~.

+

== Falcon ==

+

"Falcon" (FAst Logic CONtroller) is a proprietary general purpose CPU which can be found inside various hardware blocks that require some sort of logic processing such as TSEC (TSECA and TSECB), NVDEC, NVENC, NVJPG, VIC, GPU PMU and XUSB.

−

===~~= CCR =~~===

+

=== Processor Registers ===

−

~~This is a SPR (special purpose register) that holds configuration bits for the SCP DMA override functionality. The value~~ of ~~this register is set using the "cxset" instruction which provides a way to change~~ the ~~behavior of a variable amount of successively executed DMA-related instructions ("xdwait", "xdst" and "xdld")~~.

+

A total of 32 processor registers are available in the Falcon CPU.

−

~~{| class~~=~~wikitable~~

+

==== REG0-REG15 ====

−

~~! Bits || Description~~

+

These are 16 32-bit GPRs (general purpose registers).

−

|-

−

~~| 0~~-~~4 || Number of instructions the override is valid for~~ (~~0x1F means infinite~~)

−

|-

−

~~| 5 || Crypto destination/source select~~

−

~~0: Crypto register~~

−

~~1: Crypto stream~~

−

|-

−

~~| 6 || External memory override~~

−

~~0: Disabled~~

−

~~1: Enabled~~

−

|-

−

~~| 7 || Internal memory select~~

−

~~0: DMEM~~

−

~~1: IMEM~~

−

|-

−

~~| 8-31 || Unused~~

−

|}

−

~~Alternative name~~ (~~envytools~~)~~: "cx"~~.

+

==== IV0 ====

+

This is a SPR (special purpose register) that holds the address for interrupt vector 0. Only bits 0 to 15 are used.

−

==== ~~SEC~~ ====

+

==== IV1 ====

−

This is a SPR (special purpose register) that holds ~~configuration~~ bits ~~for the SCP authentication process~~.

+

This is a SPR (special purpose register) that holds the address for interrupt vector 1. Only bits 0 to 15 are used.

−

~~{| class~~=~~"wikitable" border~~=~~"1"~~

+

==== IV2 ====

−

~~! Bits~~

+

This is a SPR (special purpose register) that holds the address for interrupt vector 2. This register is considered "UNDEFINED" and appears to be unused.

−

~~! Description~~

−

|-

−

~~| 0-7 || Start of region to authenticate~~ (~~in 0x100 pages~~)

−

|-

−

~~| 8-15 || Unused~~

−

|-

−

~~| 16 || Mark all subsequent code transfers as secret~~

−

|-

−

~~| 17 || Region~~ is ~~encrypted~~

−

|-

−

~~| 18 || Unknown (set in HS mode)~~

−

|-

−

~~| 19 || Block traps~~ and ~~interrupts (set in HS mode)~~

−

|-

−

~~| 20-23 || Unused~~

−

|-

−

~~| 24-31 || Size of region~~ to ~~authenticate (in 0x100 pages)~~

−

|}

−

~~Alternative name~~ (~~envytools~~)~~: "cauth"~~.

+

==== EV ====

+

This is a SPR (special purpose register) that holds the address for the exception vector. Only bits 0 to 15 are used.

−

==== ~~CTX~~ ====

+

Alternative name (envytools): "tv".

−

This is a SPR (special purpose register) that holds ~~configuration~~ bits for the ~~CTXDMA ports~~.

+

==== SP ====

+

This is a SPR (special purpose register) that holds the current stack pointer. Only bits 0 to 15 are used.

+

==== PC ====

+

This is a SPR (special purpose register) that holds the current program counter. Only bits 0 to 15 are used.

+

==== IMB ====

+

This is a SPR (special purpose register) that holds the external base address for IMEM transfers.

+

Alternative name (envytools): "xcbase".

+

==== DMB ====

+

This is a SPR (special purpose register) that holds the external base address for DMEM transfers.

+

Alternative name (envytools): "xdbase".

+

==== CSW ====

+

This is a SPR (special purpose register) that holds various flag bits.

{| class="wikitable" border="1"

Line 4,865: Line 5,155:

! Description

|-

−

| 0-2 || ~~CTXDMA port for code loads (xcld)~~

+

| 0-7 || General purpose predicates

+

|-

+

| 8 || ALU carry flag

+

|-

+

| 9 || ALU signed overflow flag

+

|-

+

| 10 || ALU sign flag

+

|-

+

| 11 || ALU zero flag

|-

−

| 3 || ~~Unused~~

+

| 16 || Interrupt 0 enable

|-

−

| ~~4-6~~ || ~~CTXDMA port for code stores (invalid)~~

+

| 17 || Interrupt 1 enable

|-

−

| 7 || ~~Unused~~

+

| 18 || Interrupt 2 enable (undefined)

|-

−

| 8-10 || ~~CTXDMA port for data loads (xdld)~~

+

| 20 || Interrupt 0 saved enable

+

|-

+

| 21 || Interrupt 1 saved enable

|-

−

| 11 || ~~Unused~~

+

| 22 || Interrupt 2 saved enable (undefined)

|-

−

| ~~12-14~~ || ~~CTXDMA port for data stores (xdst)~~

+

| 24 || Exception active

|-

−

| 15-31 || ~~Unused~~

+

| 26-31 || Unknown

|}

−

Alternative name (envytools): "~~xtargets~~".

+

Alternative name (envytools): "flags".

−

==== ~~EXCI~~ ====

+

==== CCR ====

−

This is a SPR (special purpose register) that holds ~~information on raised exceptions~~.

+

This is a SPR (special purpose register) that holds configuration bits for the SCP DMA override functionality. The value of this register is set using the "cxset" instruction which provides a way to change the behavior of a variable amount of successively executed DMA-related instructions ("xdwait", "xdst" and "xdld").

+

{| class=wikitable

+

! Bits || Description

+

|-

+

| 0-4 || Number of instructions the override is valid for (0x1F means infinite)

+

|-

+

| 5 || Crypto source/destination select

+

0: Crypto register

+

1: Crypto stream

+

|-

+

| 6 || Bypass mode

+

0: Disabled

+

1: Enabled

+

|-

+

| 7 || Internal memory select

+

0: DMEM

+

1: IMEM

+

|}

+

Alternative name (envytools): "cx".

+

==== SEC ====

+

This is a SPR (special purpose register) that holds configuration bits for the SCP authentication process.

{| class="wikitable" border="1"

Line 4,891: Line 5,214:

! Description

|-

−

| 0-19 || ~~Exception PC~~

+

| 0-7 || Start of region to authenticate (in pages of 0x100 bytes)

+

|-

+

| 16 || Force secure DMA transfers

+

|-

+

| 17 || Decrypt region to authenticate

+

|-

+

| 18 || Signature check passed

|-

−

| ~~20-23~~ || ~~Exception cause~~

+

| 19 || Suppress interrupts and exceptions

|-

−

| 24-31 || ~~Unused~~

+

| 24-31 || Size of region to authenticate (in pages of 0x100 bytes)

|}

−

Alternative name (envytools): "~~tstatus~~".

+

Alternative name (envytools): "cauth".

−

==== ~~SEC1~~ ====

+

==== CTX ====

−

~~Unknown. Marked as "RESERVED"~~.

+

This is a SPR (special purpose register) that holds configuration bits for the CTXDMA ports.

−

==~~== IMB1 ====~~

+

{| class="wikitable" border="1"

−

~~Unknown. Marked as~~ "~~RESERVED~~".

+

! Bits

+

! Description

+

|-

+

| 0-2 || CTXDMA port for code loads (xcld)

+

|-

+

| 4-6 || CTXDMA port for code stores (invalid)

+

|-

+

| 8-10 || CTXDMA port for data loads (xdld)

+

|-

+

| 12-14 || CTXDMA port for data stores (xdst)

+

|}

−

==== DMB1 ====

+

Alternative name (envytools): "xtargets".

−

~~Unknown~~. ~~Marked~~ as "~~RESERVED~~".

+

==== EXCI ====

+

This is a SPR (special purpose register) that holds information on raised exceptions.

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-19 || Exception PC

+

|-

+

| 20-23 || Exception cause

+

|}

+

Alternative name (envytools): "tstatus".

+

==== SEC1 ====

+

Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.

+

==== IMB1 ====

+

Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.

+

==== DMB1 ====

+

Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.

+

=== Secure BootROM ===

+

Certain Falcon CPUs may have an optional "Secure BootROM", but contrary to the common purpose of bootrom code, this doesn't execute while booting the CPU. In fact, being a microprocessor, Falcon is designed to execute user supplied code right off the bat in a clean slate state. However, Falcon can be paired with a [[#SCP|secure co-processor]] and provide a cryptosystem for any hardware block that may require it, originating what is known as a "secretful" unit.

+

Secretful Falcon CPUs have [[#TSEC_FALCON_HWCFG1|TSEC_FALCON_HWCFG1_SECURITY_MODEL]] set to 3, which means they support "Heavy Secure" mode (or "HS" for short). While in HS mode, the Falcon's DMEM and IMEM regions are protected from read and write operations, which effectively hides code and data from attackers.

+

Entering HS mode first requires uploading code marked as "secure" to Falcon, which can be done from MMIO using [[#TSEC_FALCON_IMEMC|TSEC_FALCON_IMEMC]] with the [[#TSEC_FALCON_IMEMC|TSEC_FALCON_IMEMC_SECURE]] bit set. Upon jumping to a page marked as secret, the [[#TSEC_FALCON_EXCI|INV_INS]] exception is raised which tells the Falcon to start executing the secure bootrom code.

+

The secure bootrom lives in a hidden ROM region, instead of IMEM, and is mapped as --x at address 0. On Falcon v5 CPUs its size is 0x367 bytes.

+

==== Initialization ====

+

The first instructions of the secure bootrom simply save each [[#REG0-REG15|GPR]] to the stack and check the contents of the [[#SEC|SEC SPR]].

+

==== Authentication ====

+

The main purpose of the secure bootrom is to authenticate the code pages marked as "secure". This is done by first extracting the base address and size of the region to authenticate from the [[#SEC|SEC SPR]], then calculating a signature over this region and finally comparing it to the value of the [[#SCP|SCP]] register $c6.

+

If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.

+

Below is the authentication algorithm's pseudocode:

+

+

...

+

// This runs in a loop for each 0x100 bytes page.

+

cs0begin 0x03

+

cxsin $c4

+

cenc $c3 $c5

+

cxor $c5 $c3

+

ckeyreg $c4

+

cxor $c5 $c5

+

cs0exec 0x11

+

...

+

// Use secret 0x01 as key and $c7 as seed.

+

csecret $c3 1

+

ckeyreg $c3

+

cenc $c3 $c7

+

ckeyreg $c3

+

cenc $c4 $c5

+

csigcmp $c4 $c6

+

...

+

</syntaxhighlight>

+

==== Decryption ====

+

If bit 17 is set in the [[#SEC|SEC SPR]], the secure bootrom will additionally attempt to decrypt the region to authenticate.

+

Below is the decryption algorithm's pseudocode:

+

+

...

+

// Use secret 0x06 as key.

+

cs0begin 0x03

+

cxsin $c3

+

cdec $c4 $c3

+

cxsout $c4

+

csecret $c5 0x06

+

ckexp $c5 $c5

+

cs0exec 0x10

+

ckeyreg $c5

+

...

+

</syntaxhighlight>

+

==== Exit ====

+

The secure bootrom finishes by restoring each [[#REG0-REG15|GPR]] from stack and returning from the exception state. This will result in the authenticated code region being executed in HS mode until the current [[#PC|PC]] points to an address outside of the authenticated region. When this happens, each page from the authenticated region is automatically marked as invalid without any involvement of the secure bootrom, meaning that the secure bootrom is only invoked when entering HS mode.

== SCP ==

−

~~Part of the information here~~ (which ~~hasn~~'~~t made it~~ into ~~envytools documentation yet) was shared~~ by [~~https://wiki~~.~~0x04~~.~~net/wiki/Marcin_Ko%C5%9Bcielnicki mwk~~] ~~from reverse engineering falcon processors~~ over ~~the years~~.

+

"SCP" (Secure Co-Processor) is a proprietary coprocessor which can be found inside every [[#Falcon|Falcon]] that supports [[#Secure BootROM|Heavy Secure Mode]]. On the Tegra X1 these are TSECA, TSECB, NVDEC and the GPU's PMU.

+

=== Hardware ===

+

SCP is subdivided into several specialized hardware blocks and interfaces.

+

==== LOAD ====

+

Block for handling memory reads from SCP to Falcon. It communicates with Falcon over a dedicated interface.

+

The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].

+

==== STORE ====

+

Block for handling memory writes from Falcon to SCP. It communicates with Falcon over a dedicated interface.

+

The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].

+

==== CMD ====

+

Block for translating Falcon crypto operands into SCP commands. It communicates with Falcon over a dedicated interface.

−

~~=== Heavy Secure Mode ===~~

+

The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]]. The status of the current command is reported through register [[#TSEC_SCP_CMD|TSEC_SCP_CMD]].

−

~~==== Entry ====~~

−

~~From non-secure mode, upon jumping to a page marked as secret, a secret fault occurs~~. This causes the CPU to verify the region specified in $cauth against the MAC loaded in $c6. If the comparison is successful, the valid bit (bit0) is set on all pages in the $cauth region, and $pc is set to the base of the ~~$cauth region. If the comparsion fails, the CPU~~ is ~~halted~~.

−

==== ~~Exit~~ ====

+

==== SEQ ====

−

~~The CPU automatically goes back to non-secure mode when returning back into non-secret pages. When this happens, the valid bit (bit0)~~ in the ~~TLB flags is cleared~~ for ~~all secret pages~~.

+

Block for recording and executing sequences of crypto operations in the form of macros.

+

Can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].

+

==== CTL ====

+

Overseer block for controlling certain SCP features.

+

Can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].

+

−

==== ~~Implementation~~ ====

+

==== AES ====

−

Under certain circumstances, it is possible to observe [[#sigauth|sigauth]] being briefly written to [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] as "csigauth $c4 $c6" while the opcodes in [[#TSEC_SCP_STAT2|TSEC_SCP_STAT2]] are set to "cxsin" and "csigauth", respectively.

+

Block for providing AES-128-ECB functionality.

−

~~Via [[#TSEC_SCP_DBG0|TSEC_SCP_DBG0]] it can be observed that a 3-sized macro sequence is loaded into cs0 during a secure mode transition~~.

+

==== RNG ====

+

Block for encapsulating and controlling the internal random number generator.

−

=== Operations ===

+

Can be enabled or disabled by register [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]] and reports the status of the internal random number generator through registers [[#TSEC_SCP_RNG_STAT0|TSEC_SCP_RNG_STAT0]] and [[#TSEC_SCP_RNG_STAT1|TSEC_SCP_RNG_STAT1]].

−

{| class="wikitable" border="1"

+

===== RND =====

+

Internal random number generator.

+

Can be configured by the [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTLx]] registers.

+

=== Operations ===

+

{| class="wikitable" border="1"

! Opcode

! Name

! Operand0

−

! Operand1

+

! Operand1

−

! Operation

+

! Operation

−

! ~~Condition~~

+

! Precondition

−

|-

+

! Postcondition

−

| 0 || nop || N/A || N/A || ||

+

|-

−

|-

+

| 0 || nop || N/A || N/A || N/A || N/A || N/A

−

| 1 || mov || $cX || $cY || <code>$cX = $cY; ACL(X) = ACL(Y);</code> ||

+

|-

−

|-

+

| 1 || mov || $cX || $cY || <code><nowiki>$cX = $cY;</nowiki></code> || N/A || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

−

| 2 || ~~sin~~ || $cX || N/A || <code>$cX = ~~read_stream~~(); ACL(X) = ???;</code> ||

+

|-

−

|-

+

| 2 || xsin || $cX || N/A || <code><nowiki>$cX = read_from_stream();</nowiki></code> || N/A || <code><nowiki>ACL($cX) = is_mode_hs ? 0x3 : 0x1F;</nowiki></code>

−

| 3 || ~~sout~~ || $cX || N/A || <code>~~write_stream~~($cX);</code> || ?

+

|-

−

|-

+

| 3 || xsout || $cX || N/A || <code><nowiki>write_to_stream($cX);</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0xA)))</nowiki></code> || N/A

−

| 4 || [[#rnd|rnd]] || $cX || N/A || <code>$cX = ~~read_rnd~~(); ACL(X) = ???;</code> ||

+

|-

−

|-

+

| 4 || [[#rnd|rnd]] || $cX || N/A || <code><nowiki>$cX = read_from_rnd();</nowiki></code> || N/A || <code><nowiki>ACL($cX) = is_mode_hs ? 0x3 : 0x1F;</nowiki></code>

−

| 5 || s0begin || immX || N/A || <code>record_macro_for_N_instructions(0, immX);</code> ||

+

|-

−

|-

+

| 5 || s0begin || immX || N/A || <code><nowiki>record_macro_for_N_instructions(0, immX);</nowiki></code>|| N/A || N/A

−

| 6 || s0exec || immX || N/A || <code>execute_macro_N_times(0, immX);</code> ||

+

|-

−

|-

+

| 6 || s0exec || immX || N/A || <code><nowiki>execute_macro_N_times(0, immX);</nowiki></code> || N/A || N/A

−

| 7 || s1begin || immX || N/A || <code>record_macro_for_N_instructions(1, immX);</code> ||

+

|-

+

| 7 || s1begin || immX || N/A || <code><nowiki>record_macro_for_N_instructions(1, immX);</nowiki></code> || N/A || N/A

+

|-

+

| 8 || s1exec || immX || N/A || <code><nowiki>execute_macro_N_times(1, immX);</nowiki></code> || N/A || N/A

+

|-

+

| 9 || <invalid> || N/A || N/A || N/A || N/A || N/A

+

|-

+

| 0xA || [[#chmod|chmod]] || $cX || immY || <code><nowiki>ACL($cX) = immY;</nowiki></code> || See [[#ACLs|ACLs]] || N/A

+

|-

+

| 0xB || xor || $cX || $cY || <code><nowiki>$cX ^= $cY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

+

|-

+

| 0xC || add || $cX || immY || <code><nowiki>$cX += immY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A)))</nowiki></code> || N/A

+

|-

+

| 0xD || and || $cX || $cY || <code><nowiki>$cX &= $cY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

+

|-

+

| 0xE || rev || $cX || $cY || <code><nowiki>$cX = endian_swap128($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

+

|-

+

| 0xF || gfmul || $cX || $cY || <code><nowiki>$cX = gfmul($cY);</nowiki></code>|| <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

+

|-

+

| 0x10 || secret || $cX || immY || <code><nowiki>$cX = load_secret(immY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = load_secret_acl(immY);</nowiki></code>

+

|-

+

| 0x11 || keyreg || $cX || N/A || <code><nowiki>active_key = $cX;</nowiki></code> || N/A || N/A

+

|-

+

| 0x12 || kexp || $cX || $cY || <code><nowiki>$cX = aes_key_expand($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

+

|-

+

| 0x13 || krexp || $cX || $cY || <code><nowiki>$cX = aes_key_reverse_expand($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>

+

|-

+

| 0x14 || enc || $cX || $cY || <code><nowiki>$cX = aes_enc(active_key, $cY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = (ACL(active_key) & ACL($cY));</nowiki></code>

+

|-

+

| 0x15 || dec || $cX || $cY || <code><nowiki>$cX = aes_dec(active_key, $cY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = (ACL(active_key) & ACL($cY));</nowiki></code>

+

|-

+

| 0x16 || [[#sigcmp|sigcmp]] || $cX || $cY || <code><nowiki>current_sig = memcmp($cX, $cY) ? NULL : $cX;</nowiki></code> || <code><nowiki>(is_mode_secure_bootrom && (ACL($cY) & 0x2))</nowiki></code> || <code><nowiki>is_mode_hs = has_sig = (current_sig != NULL);</nowiki></code>

+

|-

+

| 0x17 || sigenc || $cX || $cY || <code><nowiki>$cX = aes_enc($cY, current_sig);</nowiki></code> || <code><nowiki>(is_mode_hs && has_sig)</nowiki></code> || <code><nowiki>ACL($cX) = 0x3;</nowiki></code>

+

|-

+

| 0x18 || [[#sigclr|sigclr]] || N/A || N/A || <code><nowiki>current_sig = NULL;</nowiki></code> || <code><nowiki>(is_mode_hs && has_sig)</nowiki></code> || <code><nowiki>has_sig = false;</nowiki></code>

+

|}

+

==== rnd ====

+

+

This instruction initializes a crypto register with random data.

+

Executing this instruction only succeeds if the RNG controller is enabled for the SCP, which requires taking the following steps:

+

* Write 0x7FFF to [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTL0]].

+

* Write 0x3FF0000 to [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]].

+

* Write 0xFF00 to [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]].

+

* Write 0x1000 to [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]].

+

Otherwise it hangs forever.

+

==== chmod ====

+

<code>00000000: f5 3c XY a8 cchmod $cY 0X</code> or <code>00000000: f5 3c XY a9 cchmod $cY 1X</code>

+

This instruction takes a crypto register and a 5 bit immediate value which represents the [[#ACLs|ACLs]] mask to set.

+

==== sigcmp ====

+

<code>00000000: f5 3c XY d8 csigcmp $cY $cX</code>

+

Takes 2 crypto registers as operands and is automatically executed when jumping to a code region previously uploaded as secret. This instruction does not work in secure mode.

+

==== sigclr ====

+

<code>00000000: f5 3c 00 e0 csigclr</code>

+

This instruction takes no operands and clears the saved cauth signature used by the csigenc instruction.

+

=== ACLs ===

+

Each crypto register has an associated access control list with the following format:

+

{| class="wikitable" border="1"

+

! Bit

+

! Description

|-

−

| 8 || ~~s1exec || immX || N/A || <code>execute_macro_N_times(1, immX);</code> |~~|

+

| 0 || [[#Secure Keyable|Secure Keyable]]

|-

−

| ~~9 || <invalid> || || |~~| ||

+

| 1 || [[#Secure Readable|Secure Readable]]

|-

−

| ~~0xA~~ || [[#~~chmod~~|~~chmod~~]] ~~|| $cX || immY || Complicated, see [[#ACL|ACL]]. ||~~

+

| 2 || [[#Insecure Keyable|Insecure Keyable]]

|-

−

| ~~0xB~~ || ~~xor~~ |~~| $cX || $cY || <code>$cX ^= $cY;</code> || <code>(ACL(X) & 2) && (ACL(Y) & 2)</code>~~

+

| 3 || [[#Insecure Readable|Insecure Readable]]

|-

−

| ~~0xC || add || $cX || immY || <code>$cX += immY;</code> || <code>(ACL(X) & 2)</code>~~

+

| 4 || [[#Insecure Writeable|Insecure Writeable]]

−

|-

−

~~| 0xD || and || $cX || $cY || <code>$cX &= $cY;</code> || <code>(ACL(X) & 2) && (ACL(Y) & 2)</code>~~

−

|-

−

~~| 0xE || rev || $cX || $cY || <code>$cX = endian_swap128($cY); ACL(X) = ACL(Y);</code> ||~~

−

|-

−

~~| 0xF || gfmul || $cX || $cY || <code>$cX = gfmul($cY); ACL(X) = ACL(Y);</code> || <code>(ACL(Y) & 2)</code>~~

−

|-

−

~~| 0x10 || secret || $cX || immY || <code>$cX = load_secret(immY); ACL(X) = load_secret_acl(immY);</code> ||~~

−

|-

−

~~| 0x11 || keyreg || immX || N/A || <code>active_key_idx = immX;</code> ||~~

−

|-

−

~~| 0x12 || kexp || $cX || $cY || <code>$cX = aes_kexp($cY); ACL(X) = ACL(Y);</code> ||~~

−

|-

−

~~| 0x13 || krexp || $cX || $cY || <code>$cX = aes_kexp_reverse($cY); ACL(X) = ACL(Y);</code> ||~~

−

|-

−

~~| 0x14 || enc || $cX || $cY || <code>$cX = aes_enc(active_key_idx, $cY); ACL(X) = ACL(active_key_idx) & ACL(Y);</code> ||~~

−

|-

−

~~| 0x15 || dec || $cX || $cY || <code>$cX = aes_dec(active_key_idx, $cY); ACL(X) = ACL(active_key_idx) & ACL(Y);</code> ||~~

−

|-

−

~~| 0x16 || [[#sigauth|sigauth]] || $cX || $cY || <code>if (hash_verify($cX, $cY)) { has_sig = true; current_sig = $cX; }</code> || ?~~

−

|-

−

~~| 0x17~~ || [[#~~sigclr~~|~~sigclr~~]] ~~|| N/A || N/A || <code>has_sig = false;</code> ||~~

−

|-

−

~~| 0x18 || sigenc || $cX || $cY || <code>if (has_sig) { $cX = aes_enc($cY, current_sig); ACL(X) = 0x13; }</code> ||~~

|}

−

~~==== sigauth ====~~

+

On boot, every crypto register has an ACL value of 0x1F.

−

~~<code>00000000: f5 3c XY d8 csigauth $cY $cX</code>~~

−

~~Takes 2~~ crypto ~~registers as operands~~ and ~~is automatically executed when jumping~~ to a ~~code region previously uploaded as secret. This instruction does not work in secure~~ mode.

+

In HS mode, [[#STORE|STORE]] can always write to a crypto register. In NS and LS modes, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.

−

~~==== sigclr ====~~

+

In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS and LS modes, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.

−

~~<code>00000000: f5 3c 00 e0 csigclr</code>~~

−

~~This instruction takes no operands and clears the saved cauth signature used by the csigenc instruction~~.

+

Loading a secret into a crypto register sets a per-secret ACL, unconditionally.

−

==== ~~chmod~~ ====

+

==== Secure Keyable ====

−

~~<code>00000000: f5 3c XY a8 cchmod $cY 0X</code> or <code>00000000: f5 3c XY a9 cchmod $cY 1X</code>~~

+

Controls if a crypto register can be used as key in HS mode.

−

~~This instruction takes a~~ crypto register ~~and a 5 bit immediate value which represents the~~ [[#~~ACL~~|~~ACL~~]] ~~mask to~~ set.

+

Forced set if the crypto register has [[#Secure Readable|Secure Readable]] access. Once cleared, this access mode cannot be set again.

−

==== ~~rnd~~ ====

+

==== Secure Readable ====

−

~~<code>00000000: f5 3c 0X 90 crnd $cX</code>~~

+

Controls if a crypto register can be read in HS mode.

−

~~This instruction initializes a crypto register with random data.~~

+

Once cleared, this access mode cannot be set again.

−

~~Executing~~ this ~~instruction only succeeds if the RNG controller is enabled for the SCP, which requires taking the following steps:~~

−

* Write 0x7FFF to [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTL0]].

−

* Write 0x3FF0000 to [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]].

−

* Write 0xFF00 to TSEC_SCP_RND_CTL11.

−

* Write 0x1000 to [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]].

−

~~Otherwise it hangs forever~~.

+

==== Insecure Keyable ====

+

Controls if a crypto register can be used as key in NS and LS modes.

−

~~=== ACL ===~~

+

Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access.

−

~~{| class="wikitable" border="1"~~

−

~~! Bit~~

−

~~! Meaning~~

−

|-

−

~~| 0 || Secure key.~~ Forced set if ~~bit1 is set. Once cleared, cannot be set again.~~

−

|-

−

~~| 1 || Secure readable~~. ~~Once cleared,~~ cannot be ~~set again.~~

−

|-

−

~~| 2 || Insecure key. Forced~~ set if ~~bit3 is set. Forced clear if bit0 is clear. Can be toggled back and forth.~~

−

|-

−

~~| 3 || Insecure readable~~. ~~Forced clear if bit1 is clear. Can be toggled back and forth.~~

−

|-

−

~~| 4 || Insecure overwritable. Can be toggled back and forth.~~

−

|}

−

==== ~~Initial values~~ ====

+

==== Insecure Readable ====

−

~~On SCP boot, the ACL is 0x1F for all $cX~~.

+

Controls if a crypto register can be read in NS and LS modes.

−

~~Loading into $cX using xdst instruction sets ACL($cX) to 0x13 and 0x1F, for secure and insecure~~ mode ~~respectively~~.

+

This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access.

−

~~Spilling~~ a ~~$cX~~ to ~~DMEM using xdld instruction is allowed if (ACL($cX) & 2) or (ACL($cX) & 8), for secure~~ and ~~insecure mode respectively~~.

+

==== Insecure Writeable ====

+

Controls if a crypto register can be written to in NS and LS modes.

−

~~Loading a secret into $cX sets a per-secret ACL, unconditionally~~.

+

This access mode has no effect in HS mode.

=== Secrets ===

−

~~Falcon's~~ Heavy Secure Mode has access to 64 128-bit keys which are burned at factory. These keys can be loaded using the $csecret instruction which takes the target crypto register and the key index as arguments.

+

[[#Secure BootROM|Heavy Secure Mode]] has access to 64 128-bit keys which are burned at factory. These keys can be loaded using the $csecret instruction which takes the target crypto register and the key index as arguments.

Secrets are specific to each Falcon unit with the exception of secret 0x3F. This secret is effectively empty (all zeros), but is configured to be overwritten with the KFUSE private key once the KFUSE clock is enabled. The KFUSE private key is console-unique.

{| class=wikitable

−

! Index || ACL || ~~Notes~~

+

! Index || ACL || Description

|-

−

| 0x00 || ~~0x13~~ || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.

+

| 0x00 || 0x03 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.

|-

−

| 0x01 || ~~0x10~~ || Used by ~~nvhost_nvdec_bl020_prod firmware~~.

+

| 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm.

|-

−

| 0x02 || ~~0x10~~ ||

+

| 0x02 || 0x00 ||

|-

−

| 0x03 || ~~0x11~~ || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

+

| 0x03 || 0x01 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

|-

−

| 0x04 || ~~0x10~~ || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

+

| 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

|-

−

| 0x05 || ~~0x13~~ || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.

+

| 0x05 || 0x03 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.

|-

−

| 0x06 || ~~0x11~~ || Used by ~~the~~ [[#~~SCP~~|~~SCP~~]] as key to ~~encrypt/~~decrypt data during authentication (decided by bit 17 ~~from~~ the [[#SEC|SEC~~/cauth~~]] register).

+

| 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).

|-

−

| 0x07 || ~~0x11~~ || Used by [6.0.0+] nvhost_tsec firmware.

+

| 0x07 || 0x01 || Used by [6.0.0+] nvhost_tsec firmware.

|-

−

| 0x08 || ~~0x10~~ ||

+

| 0x08 || 0x00 ||

|-

−

| 0x09 || ~~0x13~~ || Used by nvhost_tsec firmware.

+

| 0x09 || 0x03 || Used by nvhost_tsec firmware.

|-

−

| 0x0A || ~~0x11~~ ||

+

| 0x0A || 0x01 ||

|-

−

| 0x0B || ~~0x10~~ || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

+

| 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

|-

−

| 0x0C || ~~0x13~~ ||

+

| 0x0C || 0x03 ||

|-

−

| 0x0D || ~~0x11~~ ||

+

| 0x0D || 0x01 ||

|-

−

| 0x0E || ~~0x10~~ ||

+

| 0x0E || 0x00 ||

|-

−

| 0x0F || ~~0x13~~ || Used by nvhost_tsec firmware.

+

| 0x0F || 0x03 || Used by nvhost_tsec firmware.

|-

−

| 0x10 || ~~0x11~~ || Used by [1.0.0-5.1.0] nvhost_tsec firmware.

+

| 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.

|-

−

| 0x11 || ~~0x10~~ ||

+

| 0x11 || 0x00 ||

|-

−

| 0x12 || ~~0x13~~ ||

+

| 0x12 || 0x03 ||

|-

−

| 0x13 || ~~0x11~~ ||

+

| 0x13 || 0x01 ||

|-

−

| 0x14 || ~~0x10~~ ||

+

| 0x14 || 0x00 ||

|-

−

| 0x15 || ~~0x13~~ || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.

+

| 0x15 || 0x03 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.

|-

−

| 0x16 || ~~0x11~~ ||

+

| 0x16 || 0x01 ||

|-

−

| 0x17 || ~~0x10~~ ||

+

| 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware.

|-

−

| 0x18 || ~~0x13~~ ||

+

| 0x18 || 0x03 ||

|-

−

| 0x19 || ~~0x11~~ ||

+

| 0x19 || 0x01 ||

|-

−

| 0x1A || ~~0x10~~ ||

+

| 0x1A || 0x00 ||

|-

−

| 0x1B || ~~0x13~~ ||

+

| 0x1B || 0x03 ||

|-

−

| 0x1C || ~~0x11~~ ||

+

| 0x1C || 0x01 ||

|-

−

| 0x1D || ~~0x10~~ ||

+

| 0x1D || 0x00 ||

|-

−

| 0x1E || ~~0x13~~ ||

+

| 0x1E || 0x03 ||

|-

−

| 0x1F || ~~0x11~~ ||

+

| 0x1F || 0x01 ||

|-

−

| 0x20 || ~~0x10~~ ||

+

| 0x20 || 0x00 ||

|-

−

| 0x21 || ~~0x13~~ ||

+

| 0x21 || 0x03 ||

|-

−

| 0x22 || ~~0x11~~ ||

+

| 0x22 || 0x01 ||

|-

−

| 0x23 || ~~0x10~~ ||

+

| 0x23 || 0x00 ||

|-

−

| 0x24 || ~~0x13~~ ||

+

| 0x24 || 0x03 ||

|-

−

| 0x25 || ~~0x11~~ ||

+

| 0x25 || 0x01 ||

|-

−

| 0x26 || ~~0x10~~ || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]

+

| 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]

|-

−

| 0x27 || ~~0x13~~ ||

+

| 0x27 || 0x03 ||

|-

−

| 0x28 || ~~0x11~~ ||

+

| 0x28 || 0x01 ||

|-

−

| 0x29 || ~~0x10~~ ||

+

| 0x29 || 0x00 ||

|-

−

| 0x2A || ~~0x13~~ ||

+

| 0x2A || 0x03 ||

|-

−

| 0x2B || ~~0x11~~ ||

+

| 0x2B || 0x01 ||

|-

−

| 0x2C || ~~0x10~~ ||

+

| 0x2C || 0x00 ||

|-

−

| 0x2D || ~~0x13~~ ||

+

| 0x2D || 0x03 ||

|-

−

| 0x2E || ~~0x11~~ ||

+

| 0x2E || 0x01 ||

|-

−

| 0x2F || ~~0x10~~ ||

+

| 0x2F || 0x00 ||

|-

−

| 0x30 || ~~0x13~~ ||

+

| 0x30 || 0x03 ||

|-

−

| 0x31 || ~~0x11~~ ||

+

| 0x31 || 0x01 ||

|-

−

| 0x32 || ~~0x10~~ ||

+

| 0x32 || 0x00 ||

|-

−

| 0x33 || ~~0x13~~ ||

+

| 0x33 || 0x03 ||

|-

−

| 0x34 || ~~0x11~~ ||

+

| 0x34 || 0x01 ||

|-

−

| 0x35 || ~~0x10~~ ||

+

| 0x35 || 0x00 ||

|-

−

| 0x36 || ~~0x13~~ ||

+

| 0x36 || 0x03 ||

|-

−

| 0x37 || ~~0x11~~ ||

+

| 0x37 || 0x01 ||

|-

−

| 0x38 || ~~0x10~~ ||

+

| 0x38 || 0x00 ||

|-

−

| 0x39 || ~~0x13~~ ||

+

| 0x39 || 0x03 ||

|-

−

| 0x3A || ~~0x11~~ ||

+

| 0x3A || 0x01 ||

|-

−

| 0x3B || ~~0x10~~ ||

+

| 0x3B || 0x00 ||

|-

−

| 0x3C || ~~0x13~~ || Used by nvhost_tsec firmware.

+

| 0x3C || 0x03 || Used by nvhost_tsec firmware.

|-

−

| 0x3D || ~~0x11~~ ||

+

| 0x3D || 0x01 ||

|-

−

| 0x3E || ~~0x10~~ ||

+

| 0x3E || 0x00 ||

|-

−

| 0x3F || ~~0x10~~ || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

+

| 0x3F || 0x00 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.

|}

Hexkyz

Bureaucrats, Administrators

2,787

edits

Changes

TSEC (view source)

Revision as of 21:34, 24 September 2022

Navigation menu

Search