2,787
edits
Changes
no edit summary
| [[#TSEC_THI_CONT_SYNCPT_L1|TSEC_THI_CONT_SYNCPT_L1]]
| [[#TSEC_THI_CONT_SYNCPT_L1|TSEC_THI_CONT_SYNCPT_L1]]
| 0x5450002C
| 0x5450002C
| 0x04
| 0x04
|-
|-
| 0x04
| 0x04
|-
|-
| TSEC_FALCON_UNK_E0
| [[#TSEC_FALCON_SIRQMASK|TSEC_FALCON_SIRQMASK]]
| 0x545010E0
| 0x545010E0
| 0x04
| 0x04
| 0x04
| 0x04
|-
|-
| [[#TSEC_FALCON_SSTAT|TSEC_FALCON_SSTAT]]
| [[#TSEC_FALCON_SERRSTAT|TSEC_FALCON_SERRSTAT]]
| 0x54501244
| 0x54501244
| 0x04
| 0x04
|-
|-
| TSEC_FALCON_UNK_250
| [[#TSEC_FALCON_SERRVAL|TSEC_FALCON_SERRVAL]]
| 0x54501248
| 0x04
|-
| [[#TSEC_FALCON_SERRADDR|TSEC_FALCON_SERRADDR]]
| 0x5450124C
| 0x04
|-
| [[#TSEC_FALCON_SCTL1|TSEC_FALCON_SCTL1]]
| 0x54501250
| 0x54501250
| 0x04
| 0x04
|-
|-
| TSEC_FALCON_UNK_260
| [[#TSEC_FALCON_STEST|TSEC_FALCON_STEST]]
| 0x54501258
| 0x04
|-
| [[#TSEC_FALCON_SICD|TSEC_FALCON_SICD]]
| 0x54501260
| 0x54501260
| 0x04
| 0x04
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL2
| [[#TSEC_SCP_RND_CTL2|TSEC_SCP_RND_CTL2]]
| 0x54501508
| 0x54501508
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL3
| [[#TSEC_SCP_RND_CTL3|TSEC_SCP_RND_CTL3]]
| 0x5450150C
| 0x5450150C
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL4
| [[#TSEC_SCP_RND_CTL4|TSEC_SCP_RND_CTL4]]
| 0x54501510
| 0x54501510
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL5
| [[#TSEC_SCP_RND_CTL5|TSEC_SCP_RND_CTL5]]
| 0x54501514
| 0x54501514
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL6
| [[#TSEC_SCP_RND_CTL6|TSEC_SCP_RND_CTL6]]
| 0x54501518
| 0x54501518
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL7
| [[#TSEC_SCP_RND_CTL7|TSEC_SCP_RND_CTL7]]
| 0x5450151C
| 0x5450151C
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL8
| [[#TSEC_SCP_RND_CTL8|TSEC_SCP_RND_CTL8]]
| 0x54501520
| 0x54501520
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL9
| [[#TSEC_SCP_RND_CTL9|TSEC_SCP_RND_CTL9]]
| 0x54501524
| 0x54501524
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL10
| [[#TSEC_SCP_RND_CTL10|TSEC_SCP_RND_CTL10]]
| 0x54501528
| 0x54501528
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_CTL11
| [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]]
| 0x5450152C
| 0x5450152C
| 0x04
| 0x04
| [[#TSEC_TFBIF_DBG_R128COUNT|TSEC_TFBIF_DBG_R128COUNT]]
| [[#TSEC_TFBIF_DBG_R128COUNT|TSEC_TFBIF_DBG_R128COUNT]]
| 0x5450162C
| 0x5450162C
| 0x04
| 0x04
|-
|-
| [[#TSEC_TFBIF_MCCIF_FIFOCTRL1|TSEC_TFBIF_MCCIF_FIFOCTRL1]]
| [[#TSEC_TFBIF_MCCIF_FIFOCTRL1|TSEC_TFBIF_MCCIF_FIFOCTRL1]]
| 0x54501634
| 0x54501634
| 0x04
| 0x04
|-
|-
| [[#TSEC_TFBIF_REGIONCFG|TSEC_TFBIF_REGIONCFG]]
| [[#TSEC_TFBIF_REGIONCFG|TSEC_TFBIF_REGIONCFG]]
| 0x54501648
| 0x54501648
| 0x04
| 0x04
|-
|-
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_00
| [[#TSEC_VERSION|TSEC_VERSION]]
| 0x54501800
| 0x54501800
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_04
| [[#TSEC_SCRATCH0|TSEC_SCRATCH0]]
| 0x54501804
| 0x54501804
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_08
| [[#TSEC_SCRATCH1|TSEC_SCRATCH1]]
| 0x54501808
| 0x54501808
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_0C
| [[#TSEC_SCRATCH2|TSEC_SCRATCH2]]
| 0x5450180C
| 0x5450180C
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_10
| [[#TSEC_SCRATCH3|TSEC_SCRATCH3]]
| 0x54501810
| 0x54501810
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_14
| [[#TSEC_SCRATCH4|TSEC_SCRATCH4]]
| 0x54501814
| 0x54501814
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_18
| [[#TSEC_SCRATCH5|TSEC_SCRATCH5]]
| 0x54501818
| 0x54501818
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_1C
| [[#TSEC_SCRATCH6|TSEC_SCRATCH6]]
| 0x5450181C
| 0x5450181C
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_20
| [[#TSEC_SCRATCH7|TSEC_SCRATCH7]]
| 0x54501820
| 0x54501820
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_24
| [[#TSEC_GPTMRINT|TSEC_GPTMRINT]]
| 0x54501824
| 0x54501824
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_28
| [[#TSEC_GPTMRVAL|TSEC_GPTMRVAL]]
| 0x54501828
| 0x54501828
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_2C
| [[#TSEC_GPTMRCTL|TSEC_GPTMRCTL]]
| 0x5450182C
| 0x5450182C
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_30
| [[#TSEC_ITFEN|TSEC_ITFEN]]
| 0x54501830
| 0x54501830
| 0x04
| 0x04
|-
|-
| TSEC_TEGRA_UNK_34
| [[#TSEC_ITFSTAT|TSEC_ITFSTAT]]
| 0x54501834
| 0x54501834
| 0x04
| 0x04
|}
|}
=== TSEC_THI_STREAMID0 ===
=== TSEC_THI_METHOD0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-6
| 0-11
| TSEC_THI_STREAMID0_ID
| TSEC_THI_METHOD0_OFFSET
|}
|}
Used to encode and send a method's ID over HOST1X to TSEC. This register mirrors the functionality of HOST1X's channel opcode submission.
The following methods are available:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! ID
! Description
! Method
|-
|-
| 0x100
| 0x100
| NOP
| NOP
|-
|-
|-
|-
| 0x24C
| 0x24C
|
| CTX_SAVE_AREA
|-
|-
| 0x250
| 0x250
|
| CTX_SWITCH
|-
|-
| 0x300
| 0x300
|-
|-
| 0x578
| 0x578
|
| HDCP_GET_CURRENT_RESOLUTION
|-
|-
| 0x57C
| 0x57C
|
| HDCP_GET_CURRENT_VERSION
|-
|-
| 0x700
| 0x700
| 16
| 16
| TSEC_FALCON_DEBUG1_CTXSW_MODE
| TSEC_FALCON_DEBUG1_CTXSW_MODE
|}
|}
=== TSEC_FALCON_RSTAT3 ===
=== TSEC_FALCON_RSTAT3 ===
Mirror of the [[#TSEC_FALCON_ICD_RDATA|ICD status register 3]].
Mirror of the [[#TSEC_FALCON_ICD_RDATA|ICD status register 3]].
=== TSEC_FALCON_SIRQMASK ===
Unofficial name.
Same as [[#TSEC_FALCON_IRQMASK|TSEC_FALCON_IRQMASK]], but for LS mode.
=== TSEC_FALCON_CPUCTL ===
=== TSEC_FALCON_CPUCTL ===
|-
|-
| 4-5
| 4-5
| Current access level
|-
| 8-9
| Unknown access level
|-
| 12
| Unknown
| Unknown
|-
|-
| 12-13
| 13
| Unknown
| Unknown
|-
|-
|}
|}
=== TSEC_FALCON_SSTAT ===
=== TSEC_FALCON_SERRSTAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
| 0-23
| Unknown
|-
|-
| 30
| 30
|}
|}
=== TSEC_FALCON_SPROT_IMEM ===
Unofficial name.
Used for detecting invalid CSB accesses in LS mode.
=== TSEC_FALCON_SERRVAL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-31
| Read access level
| Error code
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_DMEM ===
=== TSEC_FALCON_SERRADDR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-31
| Read access level
| Error address
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_CPUCTL ===
=== TSEC_FALCON_SCTL1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-1
| Read access level
| CSB access level
|-
|-
| 4-7
| 2-3
| Write access level
| Unknown access level
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_MISC ===
=== TSEC_FALCON_STEST ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-31
| Read access level
| Unknown
|}
|}
Unofficial name.
=== TSEC_FALCON_SPROT_IRQ ===
=== TSEC_FALCON_SICD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| Read access level
| Enable access to ICD command STOP
|-
| 1
| Enable access to ICD command RUN
|-
|-
| 4-7
| 2
| Write access level
| Enable access to ICD command RUNB
|-
| 3
| Enable access to ICD command STEP
|-
| 4
| Enable access to ICD command EMASK
|-
| 5
| Enable access to ICD command RREG (only for SPRs)
|-
| 6
| Enable access to ICD command RSTAT
|-
| 7
| Enable access to IBRKPT registers
|-
| 8
| Enable access to ICD command RREG (only for GPRs)
|-
| 9
| Enable access to ICD command RDM
|}
|}
Controls accesses to the following registers:
Unofficial name.
Controls access to the ICD in LS mode.
=== TSEC_FALCON_SPROT_MTHD ===
=== TSEC_FALCON_SPROT_IMEM ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-2
| Read access level
| Read access level
|-
|-
| 4-7
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
Controls accesses to the following registers:
Unofficial name.
Controls accesses to Falcon IMEM.
=== TSEC_FALCON_SPROT_DMEM ===
{| class="wikitable" border="1"
! Bits
=== TSEC_FALCON_SPROT_SCTL ===
{| class="wikitable" border="1"
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-2
| Read access level
| Read access level
|-
|-
| 4-7
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
Controls accesses to the [[#TSEC_FALCON_SCTL|TSEC_FALCON_SCTL]] register.
Unofficial name.
Controls accesses to Falcon DMEM.
=== TSEC_FALCON_SPROT_WDTMR ===
=== TSEC_FALCON_SPROT_CPUCTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0-2
| Read access level
| Read access level
|-
|-
| 4-7
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
Unofficial name.
Controls accesses to the [[#TSEC_FALCON_CPUCTL|TSEC_FALCON_CPUCTL]] register.
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH ===
=== TSEC_FALCON_SPROT_MISC ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-30
| 0-2
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL
| Read access level
|-
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
|-
| 31
| 7
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_PRIVSTATE|TSEC_FALCON_PRIVSTATE]]
* [[#TSEC_FALCON_SFTRESET|TSEC_FALCON_SFTRESET]]
* [[#TSEC_FALCON_ADDR|TSEC_FALCON_ADDR]]
* [[#TSEC_FALCON_DMACTL|TSEC_FALCON_DMACTL]]
* [[#TSEC_FALCON_IMCTL|TSEC_FALCON_IMCTL]]
* [[#TSEC_FALCON_IMSTAT|TSEC_FALCON_IMSTAT]]
* [[#TSEC_FALCON_SCTL1|TSEC_FALCON_SCTL1]]
* [[#TSEC_FALCON_DMAINFO_CTL|TSEC_FALCON_DMAINFO_CTL]]
=== TSEC_FALCON_SPROT_IRQ ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL
| Read access level
|}
|-
| 3
| Set on memory read access violation
|-
|-
| 0-30
| 4-6
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL
| Write access level
|-
|-
| 31
| 7
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_IRQMODE|TSEC_FALCON_IRQMODE]]
* [[#TSEC_FALCON_IRQMSET|TSEC_FALCON_IRQMSET]]
* [[#TSEC_FALCON_IRQMCLR|TSEC_FALCON_IRQMCLR]]
* [[#TSEC_FALCON_IRQDEST|TSEC_FALCON_IRQDEST]]
* [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]]
* [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]]
* [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]]
* [[#TSEC_FALCON_IRQDEST2|TSEC_FALCON_IRQDEST2]]
* [[#TSEC_FALCON_SIRQMASK|TSEC_FALCON_SIRQMASK]]
=== TSEC_FALCON_SPROT_MTHD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL
| Read access level
|}
|-
| 3
| Set on memory read access violation
|-
|-
| 0-30
| 4-6
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL
| Write access level
|-
|-
| 31
| 7
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_ITFEN|TSEC_FALCON_ITFEN]]
* [[#TSEC_FALCON_CURCTX|TSEC_FALCON_CURCTX]]
* [[#TSEC_FALCON_NXTCTX|TSEC_FALCON_NXTCTX]]
* [[#TSEC_FALCON_CTXACK|TSEC_FALCON_CTXACK]]
* [[#TSEC_FALCON_MTHDDATA|TSEC_FALCON_MTHDDATA]]
* [[#TSEC_FALCON_MTHDID|TSEC_FALCON_MTHDID]]
* [[#TSEC_FALCON_MTHDWDAT|TSEC_FALCON_MTHDWDAT]]
* [[#TSEC_FALCON_MTHDCOUNT|TSEC_FALCON_MTHDCOUNT]]
* [[#TSEC_FALCON_MTHDPOP|TSEC_FALCON_MTHDPOP]]
* [[#TSEC_FALCON_MTHDRAMSZ|TSEC_FALCON_MTHDRAMSZ]]
* [[#TSEC_FALCON_DEBUG1|TSEC_FALCON_DEBUG1]]
=== TSEC_FALCON_SPROT_SCTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-2
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL
| Read access level
|-
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
| 7
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH ===
Unofficial name.
Controls accesses to the [[#TSEC_FALCON_SCTL|TSEC_FALCON_SCTL]] register.
=== TSEC_FALCON_SPROT_WDTMR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-30
| 0-2
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL
| Read access level
|-
| 3
| Set on memory read access violation
|-
| 4-6
| Write access level
|-
|-
| 31
| 7
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT
| Set on memory write access violation
|}
|}
=== TSEC_FALCON_DMAINFO_CTL ===
Unofficial name.
Controls accesses to the following registers:
* [[#TSEC_FALCON_WDTMRVAL|TSEC_FALCON_WDTMRVAL]]
* [[#TSEC_FALCON_WDTMRCTL|TSEC_FALCON_WDTMRCTL]]
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW_VAL
| 1
|}
|}
=== TSEC_SCP_CTL0 ===
=== TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 10
| 0-30
| Enable the [[#LOAD|LOAD]] block's interface
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL
|-
|-
| 12
| 31
| Enable the [[#STORE|STORE]] block's interface
| TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT
|}
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 14
| 0-31
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL
| 20
|}
|}
=== TSEC_SCP_CTL1 ===
=== TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-30
| Clear [[#SEQ|SEQ]] block's pipeline
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL
|-
|-
| 8
| 31
| Clear the main [[#SCP|SCP]] pipeline
| TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT
|}
|}
=== TSEC_SCP_CTL_STAT ===
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 20
| 0-31
| TSEC_SCP_CTL_STAT_DEBUG_MODE
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL
|}
|}
=== TSEC_SCP_CTL_LOCK ===
=== TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-30
| Enable lockdown mode (locks IMEM and DMEM)
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL
|-
|-
| 1
| 31
| TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 2
| 0-31
| Unknown
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL
|}
=== TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 3
| 0-30
| Unknown
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL
|-
|-
| 4
| 31
| Lock the [[#SCP|SCP]]
| TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT
|}
|}
=== TSEC_FALCON_DMAINFO_CTL ===
=== TSEC_SCP_CFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Unknown
| TSEC_FALCON_DMAINFO_CTL_CLR_FBRD
|-
|-
| 1
| 1
| Unknown
| TSEC_FALCON_DMAINFO_CTL_CLR_FBWR
|-
|}
| 2
=== TSEC_SCP_CTL0 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 3
| 10
| Unknown
| Enable [[#LOAD|Falcon<->LOAD]] interface
|-
|-
| 4
| 12
| [[#AES|AES]] block's endianness
| Enable [[#STORE|Falcon<->STORE]] interface
|-
|-
| 8
| 14
| Flush [[#CMD|CMD]] block's pipeline
| Enable [[#CMD|Falcon<->CMD]] interface
|-
|-
| 12-13
| 16
| Carry chain size
| Enable [[#SEQ|SEQ]]
|-
|-
| 16-31
| 20
| Timeout value
| Enable [[#CTL|CTL]]
|}
|}
=== TSEC_SCP_CTL_SCP ===
Unofficial name.
=== TSEC_SCP_CTL1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Swap [[#SCP|SCP]] master
| Clear [[#SEQ|SEQ]]
|-
| 8
| Clear [[#SCP|SCP]]'s internal pipeline
|-
| 11
| Enable [[#RNG|RNG]]'s test mode
|-
| 12
| Enable [[#RNG|RNG]]
|-
| 16
| Enable [[#LOAD|Falcon<->LOAD]] interface's dummy mode (all reads return 0)
|-
|-
| 1
| 20
| Current [[#SCP|SCP]] master
| Enable [[#LOAD|Falcon<->LOAD]] interface bypassing (all reads are dropped)
|-
| 24
| Enable [[#STORE|Falcon<->STORE]] interface bypassing (all writes are dropped)
|}
|}
=== TSEC_SCP_CTL_PKEY ===
Unofficial name.
=== TSEC_SCP_CTL_STAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 20
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
| TSEC_SCP_CTL_STAT_DEBUG_MODE
|}
|}
=== TSEC_SCP_CTL_DBG ===
=== TSEC_SCP_CTL_LOCK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Unknown
| Enable lockdown mode (locks IMEM and DMEM)
|-
| 1
| Lockdown has pending exit request
|-
| 2
| Lockdown has been enabled before
|-
|-
| 4
| 4
| Unknown
| Enable SCP lockdown mode (locks [[#SCP|SCP]]'s MMIO register space)
|-
|-
| 8
| 6
| Unknown
| SCP lockdown has been enabled before
|}
|}
=== TSEC_SCP_DBG0 ===
Unofficial name.
Controls lockdown mode. Can only be cleared in HS mode.
=== TSEC_SCP_CFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| Index
| Endianness for ADD
0: Little
1: Big
|-
|-
| 4
| 1
| Auto-increment
| Endianness for GFMUL
0: Little
1: Big
|-
|-
| 5-6
| 2
| Target
| Endianness for [[#LOAD|LOAD]]
0: None
0: Little
1: STORE
1: Big
|-
|-
| 8-12
| 3
| [[#SEQ|SEQ]] block's current sequence size
| Endianness for [[#STORE|STORE]]
0: Little
1: Big
|-
|-
| 13-16
| 4
| [[#SEQ|SEQ]] block's current instruction address
| Endianness for [[#AES|AES]]
0: Little
1: Big
|-
|-
| 17
| 8
| [[#SEQ|SEQ]] block's current instruction is valid
| Flush [[#CMD|CMD]]
|-
|-
| 18
| 12-13
| [[#SEQ|SEQ]] block is running in HS mode
| Carry chain's size
0: 32 bits
1: 64 bits
2: 96 bits
3: 128 bits
|-
|-
| 19-22
| 16-31
| [[#LOAD|LOAD]] block's pipeline size
| [[#SCP|SCP]]'s internal pipeline stall timeout value
|}
|}
Unofficial name.
=== TSEC_SCP_DBG1 ===
=== TSEC_SCP_CTL_SCP ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| [[#SEQ|SEQ]] block's current instruction's first operand
| Swap [[#SCP|SCP]]'s master
|-
|-
| 4-9
| 1
| [[#SEQ|SEQ]] block's current instruction's second operand
| Current [[#SCP|SCP]]'s master
0: Falcon
1: External
|}
|}
Unofficial name.
=== TSEC_SCP_DBG2 ===
=== TSEC_SCP_CTL_PKEY ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-1
| 0
| [[#SEQ|SEQ]] block's state
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
|-
|-
| 4-7
| 1
| Number of [[#SEQ|SEQ]] block's instructions left
| TSEC_SCP_CTL_PKEY_LOADED
|}
|}
=== TSEC_SCP_CTL_DBG ===
=== TSEC_SCP_CMD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 4
| Destination register
| Disable lockdown mode
|-
|-
| 8-13
| 8
| Source register or immediate value
| Disable SCP lockdown mode
|}
|}
Unofficial name.
Overrides lockdown mode. Can only be set in debug mode.
=== TSEC_SCP_STAT0 ===
=== TSEC_SCP_DBG0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-3
| Index
| 2
|-
|-
| 4
| 4
| [[#STORE|STORE]] block's interface is active
| Auto-increment
|-
|-
| 6
| 5-6
| [[#SEQ|SEQ]] block is active
| Target
0: None
1: STORE
2: LOAD
3: SEQ
|-
|-
| 8
| 8-12
| [[#CTL|CTL]] block is active
| [[#SEQ|SEQ]]'s current sequence's size
|-
|-
| 10
| 13-16
| [[#LOAD|LOAD]] block's interface is active
| [[#SEQ|SEQ]]'s current instruction's address
|-
|-
| 14
| 17
| [[#AES|AES]] block is active
| [[#SEQ|SEQ]]'s current instruction is valid
|-
|-
| 16
| 18
| [[#RNG|RNG]] block is active
| [[#SEQ|SEQ]] is running in HS mode
|-
|-
| 0-1
| 19-22
| Signature comparison result
| [[#LOAD|LOAD]]'s queue's size
|-
|-
| 4
| 23
| [[#LOAD|LOAD]] block's interface is running in HS mode
| [[#LOAD|LOAD]]'s current operation is valid
|-
|-
| 6
| 24
| [[#LOAD|LOAD]] block's interface is ready
| [[#LOAD|LOAD]] is running in HS mode
|-
|-
| 8
| 25-26
| [[#STORE|STORE]] block's interface is running in HS mode
| [[#STORE|STORE]]'s queue's size
|-
|-
| 10
| 30
| [[#STORE|STORE]] block's interface received a valid operation
| [[#STORE|STORE]]'s current operation is valid
|-
|-
| 12
| 31
| [[#CMD|CMD]] block's interface is running in HS mode
| [[#STORE|STORE]] is running in HS mode
|}
|}
Unofficial name.
=== TSEC_SCP_STAT2 ===
Used for debugging the [[#LOAD|LOAD]], [[#STORE|STORE]] and [[#SEQ|SEQ]] blocks.
=== TSEC_SCP_DBG1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-4
| 0-31
| Current [[#SEQ|SEQ]] block opcode
| Data
If target is SEQ:
Bits 0-3: current instruction's first operand
Bits 4-9: current instruction's second operand
Bits 10-14: current instruction's opcode
|}
|}
Contains the status of crypto operations.
Unofficial name.
Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the [[#SEQ|SEQ]] block.
=== TSEC_SCP_RNG_STAT0 ===
=== TSEC_SCP_DBG2 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-1
| [[#RND|RND]] block is ready
| [[#SEQ|SEQ]]'s state
0: Idle
1: Recording (cs0begin/cs1begin)
2: Executing (cs0exec/cs1exec)
|-
|-
| 4-7
| 4-7
| Unknown
| Number of cycles left for [[#SEQ|SEQ]]'s current sequence
|-
|-
| 8-11
| 12-15
| Unknown
| Active crypto key register (ckeyreg)
|-
|}
Unofficial name.
| 20
Used for retrieving additional debug data associated with the [[#SEQ|SEQ]] block.
=== TSEC_SCP_CMD ===
=== TSEC_SCP_RNG_STAT1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-15
| 0-3
| Unknown
| Destination register
|-
|-
| 16-31
| 8-13
| Unknown
| Source register or immediate value
|-
|-
| 0
| 20-24
| [[#RND|RND]] ready
| Command opcode
0x0: nop (fuc5 opcode 0x00)
0x1: cmov (fuc5 opcode 0x84)
0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset)
0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset)
0x4: crnd (fuc5 opcode 0x90)
0x5: cs0begin (fuc5 opcode 0x94)
0x6: cs0exec (fuc5 opcode 0x98)
0x7: cs1begin (fuc5 opcode 0x9C)
0x8: cs1exec (fuc5 opcode 0xA0)
0x9: invalid (fuc5 opcode 0xA4)
0xA: cchmod (fuc5 opcode 0xA8)
0xB: cxor (fuc5 opcode 0xAC)
0xC: cadd (fuc5 opcode 0xB0)
0xD: cand (fuc5 opcode 0xB4)
0xE: crev (fuc5 opcode 0xB8)
0xF: cgfmul (fuc5 opcode 0xBC)
0x10: csecret (fuc5 opcode 0xC0)
0x11: ckeyreg (fuc5 opcode 0xC4)
0x12: ckexp (fuc5 opcode 0xC8)
0x13: ckrexp (fuc5 opcode 0xCC)
0x14: cenc (fuc5 opcode 0xD0)
0x15: cdec (fuc5 opcode 0xD4)
0x16: csigcmp (fuc5 opcode 0xD8)
0x17: csigenc (fuc5 opcode 0xDC)
0x18: csigclr (fuc5 opcode 0xE0)
|-
|-
| 20
| 28
| Single step
| [[#CMD|CMD]]'s current instruction is valid
|-
|-
| 24
| 31
| [[#RND|RND]] operation
| [[#CMD|CMD]] is running in HS mode
|}
|}
Unofficial name.
Contains information on the last crypto command executed.
=== TSEC_SCP_IRQMASK ===
=== TSEC_SCP_STAT0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| [[#RND|RND]] ready
| [[#SCP|SCP]] is active
|-
| 2
| [[#CMD|CMD]] is active
|-
|-
| 8
| 4
| ACL error
| [[#STORE|STORE]] is active
|-
|-
| 12
| 6
| SEC error
| [[#SEQ|SEQ]] is active
|-
|-
| 16
| 8
| [[#CMD|CMD]] error
| [[#CTL|CTL]] is active
|-
|-
| 20
| 10
| Single step
| [[#LOAD|LOAD]] is active
|-
|-
| 24
| 14
| [[#RND|RND]] operation
| [[#AES|AES]] is active
|-
|-
| 28
| 16
| Timeout
| [[#RNG|RNG]] is active
|}
|}
Unofficial name.
=== TSEC_SCP_ACL_ERR ===
Contains the statuses of hardware blocks.
=== TSEC_SCP_STAT1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-1
| Writing to a crypto register without the correct ACL
| Signature comparison result
0: None
1: Running
2: Failed
3: Succeeded
|-
|-
| 4
| 4
| Reading from a crypto register without the correct ACL
| [[#LOAD|Falcon<->LOAD]] interface is running in HS mode
|-
| 6
| [[#LOAD|Falcon<->LOAD]] interface is ready
|-
|-
| 8
| 8
| Invalid ACL change (cchmod)
| [[#STORE|Falcon<->STORE]] interface is running in HS mode
|-
| 10
| [[#STORE|Falcon<->STORE]] interface received a valid operation
|-
| 12
| [[#CMD|Falcon<->CMD]] interface is running in HS mode
|-
|-
| 31
| 14
| ACL error occurred
| [[#CMD|Falcon<->CMD]] interface received a valid instruction
|}
|}
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.
Unofficial name.
Contains the statuses of hardware interfaces and the result of the last authentication attempt.
=== TSEC_SCP_SEC_ERR ===
=== TSEC_SCP_STAT2 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-4
| Unknown
| Current opcode in [[#SEQ|SEQ]]
|-
|-
| 1-2
| 5-9
| Unknown
| Current opcode in [[#CMD|Falcon<->CMD]] interface
|-
|-
| 4
| 10-14
| Unknown
| Pending opcode in [[#CMD|CMD]]
|-
|-
| 5-6
| 15-16
| Unknown
| Current opcode in [[#AES|AES]]
0: Encryption
1: Decryption
2: Key expansion
3: Key reverse expansion
|-
|-
| 16
| 24
| Unknown
| [[#SCP|SCP]]'s internal pipeline is stalled on hazard
|-
|-
| 17-18
| 25
| Unknown
| [[#STORE|STORE]] is stalled
|-
|-
| 20
| 26
| Unknown
| [[#LOAD|LOAD]] is stalled
|-
|-
| 21-22
| 27
| Unknown
| [[#RNG|RNG]] is stalled
|-
|-
| 24
| 28
| Unknown
| [[#SCP|SCP]]'s internal pipeline is stalled on writeback
|-
|-
| 25-26
| 29
| Unknown
| [[#AES|AES]] is stalled
| SEC error occurred
|}
|}
=== TSEC_SCP_CMD_ERR ===
Unofficial name.
Contains the status of crypto operations.
=== TSEC_SCP_RNG_STAT0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| Invalid [[#CMD|CMD]] command
| [[#RND|RND]] is ready
|-
|-
| 4
| 4-7
| Empty [[#SEQ|SEQ]] sequence
| Unknown
|-
|-
| 8
| 8-11
| Unknown
| 12
|-
|-
| 16
| 16
| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)
| Unknown
|-
|-
| 20
| 20
| Invalid signature operation (csigcmp in HS mode)
| Unknown
|}
|}
Unofficial name.
=== TSEC_SCP_RND_CTL0 ===
=== TSEC_SCP_RNG_STAT1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-15
| [[#RND|RND]] clock trigger lower limit
| Unknown
|-
| 16-31
| Unknown
|}
|}
=== TSEC_SCP_RND_CTL1 ===
Unofficial name.
=== TSEC_SCP_IRQSTAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-15
| 0
| [[#RND|RND]] clock trigger upper limit
| [[#RND|RND]] ready
|-
| 8
| ACL error
|-
| 12
| SEC error
|-
| 16
| [[#CMD|CMD]] error
|-
| 20
| Single step
|-
| 24
| [[#RND|RND]] clock trigger
|-
|-
| 16-31
| 28
| [[#RND|RND]] clock trigger mask
| Stall timeout
|}
|}
=== TSEC_TFBIF_CTL ===
Unofficial name.
=== TSEC_SCP_IRQMASK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_CTL_CLR_BWCOUNT
| [[#RND|RND]] ready
|-
|-
| 1
| 8
| TSEC_TFBIF_CTL_ENABLE
| ACL error
|-
|-
| 2
| 12
| TSEC_TFBIF_CTL_CLR_IDLEWDERR
| SEC error
|-
|-
| 3
| 16
| TSEC_TFBIF_CTL_RESET
| [[#CMD|CMD]] error
|-
|-
| 4
| 20
| TSEC_TFBIF_CTL_IDLE
| Single step
|-
|-
| 5
| 24
| TSEC_TFBIF_CTL_IDLEWDERR
| [[#RND|RND]] clock trigger
|-
|-
| 6
| 28
| TSEC_TFBIF_CTL_SRTOUT
| Stall timeout
|}
Unofficial name.
=== TSEC_SCP_ACL_ERR ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| Writing to a crypto register without the correct ACL
|-
|-
| 7
| 4
| TSEC_TFBIF_CTL_CLR_SRTOUT
| Reading from a crypto register without the correct ACL
|-
|-
| 8-11
| 8
| TSEC_TFBIF_CTL_SRTOVAL
| Invalid ACL change (cchmod)
|-
|-
| 12
| 31
| TSEC_TFBIF_CTL_VPR
| ACL error occurred
|}
|}
=== TSEC_TFBIF_MCCIF_FIFOCTRL ===
Unofficial name.
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.
=== TSEC_SCP_SEC_ERR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE
| Security mode changed during sequence execution (cs0exec/cs1exec)
|-
|-
| 1
| 1-2
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE
| Security mode at the beginning of sequence execution
0: Non-secure
1: Heavy Secure
|-
|-
| 2
| 4
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X
| Security mode changed during sequence recording (cs0begin/cs1begin)
|-
|-
| 3
| 5-6
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST
| Security mode at the beginning of sequence recording
0: Non-secure
1: Heavy Secure
|-
|-
| 4
| 16
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X
| Security mode changed while reading from crypto register/stream (cxsout or xdld)
|-
|-
| 5
| 17-18
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST
| Security mode at the beginning of reading from crypto register/stream
0: Non-secure
1: Heavy Secure
|-
|-
| 6
| 20
| TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE
| Security mode and memory source changed while writing to crypto register/stream (cxsin or xdst)
|-
|-
| 7
| 21-22
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVR_MODE
| Security mode when memory source changed while writing to crypto register/stream
0: Non-secure
1: Heavy Secure
|-
|-
| 8
| 24
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVR_MODE
| Security mode changed while writing to crypto register/stream (cxsin or xdst)
|-
|-
| 0-11
| 25-26
| Security mode at the beginning of writing to crypto register/stream
0: Non-secure
1: Heavy Secure
|-
|-
| 16-27
| 31
| SEC error occurred
| TSEC_TFBIF_THROTTLE_LEAK_SIZE
|}
|}
=== TSEC_TFBIF_DBG_STAT0 ===
Unofficial name.
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|SEC error]] IRQ.
=== TSEC_SCP_CMD_ERR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_DBG_STAT0_1K_TRANSFER
| [[#CMD|CMD]]'s instruction is invalid
|-
| 4
| [[#SEQ|SEQ]]'s sequence is empty
|-
|-
| 1
| 8
| TSEC_TFBIF_DBG_STAT0_RREQ_ISSUED
| [[#SEQ|SEQ]]'s sequence is too long
|-
|-
| 2
| 12
| TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED
| [[#SEQ|SEQ]]'s sequence was not finished
|-
|-
| 3
| 16
| TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED
| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)
|-
|-
| 4
| 20
| TSEC_TFBIF_DBG_STAT0_STALL_RDATQ
| Invalid signature operation (csigcmp in HS mode)
|-
|-
| 5
| 24
| TSEC_TFBIF_DBG_STAT0_STALL_RACKQ
| Forbidden ACL change (cchmod in NS mode)
|}
Unofficial name.
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|CMD error]] IRQ.
=== TSEC_SCP_RND_CTL0 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 6
| 0-31
| TSEC_TFBIF_DBG_STAT0_STALL_WREQQ
| [[#RND|RND]] clock trigger's lower limit
|}
Unofficial name.
=== TSEC_SCP_RND_CTL1 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 7
| 0-15
| TSEC_TFBIF_DBG_STAT0_STALL_WDATQ
| [[#RND|RND]] clock trigger's upper limit
|-
|-
| 8
| 16-31
| TSEC_TFBIF_DBG_STAT0_STALL_WACKQ
| [[#RND|RND]] clock trigger's mask
|}
Unofficial name.
=== TSEC_SCP_RND_CTL2 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 9
| 0-15
| TSEC_TFBIF_DBG_STAT0_STALL_RREQ_PENDING
| Unknown
|}
Unofficial name.
=== TSEC_SCP_RND_CTL3 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 12
| Trigger first LFSR
| 12
| TSEC_TFBIF_DBG_STAT0_ENGINE_IDLE
|-
|-
| 16
| 16
| TSEC_TFBIF_DBG_STAT0_RU_IDLE
| Trigger second LFSR
|}
|}
=== TSEC_TFBIF_DBG_STAT1 ===
Unofficial name.
=== TSEC_SCP_RND_CTL4 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_DBG_STAT1_DATA
| First LFSR's polynomial for [[#RNG|RNG]]'s test mode
|}
|}
=== TSEC_TFBIF_DBG_RDCOUNT_LO ===
Unofficial name.
=== TSEC_SCP_RND_CTL5 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_DBG_RDCOUNT_LO_DATA
| First LFSR's initial state for [[#RNG|RNG]]'s test mode
|}
|}
=== TSEC_TFBIF_DBG_RDCOUNT_HI ===
Unofficial name.
=== TSEC_SCP_RND_CTL6 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_DBG_RDCOUNT_HI_DATA
| Second LFSR's polynomial for [[#RNG|RNG]]'s test mode
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_LO ===
Unofficial name.
=== TSEC_SCP_RND_CTL7 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_DBG_WRCOUNT_LO_DATA
| Second LFSR's initial state for [[#RNG|RNG]]'s test mode
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_HI ===
Unofficial name.
=== TSEC_SCP_RND_CTL8 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-31
| 0-15
| TSEC_TFBIF_DBG_WRCOUNT_HI_DATA
| Unknown
|-
| 16-31
| Unknown
|-
| 0-31
| TSEC_TFBIF_DBG_R32COUNT_DATA
|}
|}
Unofficial name.
=== TSEC_TFBIF_MCCIF_FIFOCTRL1 ===
=== TSEC_SCP_RND_CTL9 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-15
| 0-15
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT
| Unknown
|-
|-
| 16-31
| 16-31
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT
| Unknown
|}
|}
=== TSEC_TFBIF_WRR_RDP ===
Unofficial name.
=== TSEC_SCP_RND_CTL10 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-15
| 0-15
| TSEC_TFBIF_WRR_RDP_EXT_WEIGHT
| Unknown
|-
|-
| 16-31
| 16-31
| TSEC_TFBIF_WRR_RDP_INT_WEIGHT
| Unknown
|}
|}
=== TSEC_TFBIF_SPROT_EMEM ===
Unofficial name.
=== TSEC_SCP_RND_CTL11 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-3
| 0
| Read access level
| Unknown
|-
|-
| 4-7
| 1
| Write access level
| Unknown
|}
|-
| 2
| Unknown
|-
| 3
| Unknown
|-
|-
| 0
| 4-5
| First sampler's source
0: Oscillator
1: Unknown
2: LFSR
3: Dummy
|-
|-
| 4
| 6-7
| TSEC_TFBIF_TRANSCFG_ATT1_SWID
| Second sampler's source
0: Oscillator
1: Unknown
2: LFSR
3: Dummy
|-
|-
| 8
| 8-11
| TSEC_TFBIF_TRANSCFG_ATT2_SWID
| First sampler's tap value
|-
|-
| 12
| 12-15
| TSEC_TFBIF_TRANSCFG_ATT3_SWID
| Second sampler's tap value
|-
|-
| 16
| 16-19
| TSEC_TFBIF_TRANSCFG_ATT4_SWID
| Unknown
|-
|-
| 20
| 20-23
| TSEC_TFBIF_TRANSCFG_ATT5_SWID
| Unknown
|-
|-
| 24
| 24-30
| TSEC_TFBIF_TRANSCFG_ATT6_SWID
| Unknown
|-
|-
| 28
| 31
| TSEC_TFBIF_TRANSCFG_ATT7_SWID
| Unknown
|}
|}
Unofficial name.
=== TSEC_TFBIF_CTL ===
=== TSEC_TFBIF_REGIONCFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-2
| 0
| TSEC_TFBIF_REGIONCFG_T0_APERT_ID
| TSEC_TFBIF_CTL_CLR_BWCOUNT
|-
| 1
| TSEC_TFBIF_CTL_ENABLE
|-
| 2
| TSEC_TFBIF_CTL_CLR_IDLEWDERR
|-
|-
| 3
| 3
| TSEC_TFBIF_REGIONCFG_T0_VPR
| TSEC_TFBIF_CTL_RESET
|-
|-
| 4-6
| 4
| TSEC_TFBIF_REGIONCFG_T1_APERT_ID
| TSEC_TFBIF_CTL_IDLE
|-
|-
| 7
| 5
| TSEC_TFBIF_REGIONCFG_T1_VPR
| TSEC_TFBIF_CTL_IDLEWDERR
|-
|-
| 8-10
| 6
| TSEC_TFBIF_REGIONCFG_T2_APERT_ID
| TSEC_TFBIF_CTL_SRTOUT
|-
|-
| 11
| 7
| TSEC_TFBIF_REGIONCFG_T2_VPR
| TSEC_TFBIF_CTL_CLR_SRTOUT
|-
|-
| 12-14
| 8-11
| TSEC_TFBIF_REGIONCFG_T3_APERT_ID
| TSEC_TFBIF_CTL_SRTOVAL
|-
|-
| 15
| 12
| TSEC_TFBIF_REGIONCFG_T3_VPR
| TSEC_TFBIF_CTL_VPR
|}
=== TSEC_TFBIF_MCCIF_FIFOCTRL ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 16-18
| 0
| TSEC_TFBIF_REGIONCFG_T4_APERT_ID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE
|-
|-
| 19
| 1
| TSEC_TFBIF_REGIONCFG_T4_VPR
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE
|-
| 2
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X
|-
|-
| 20-22
| 3
| TSEC_TFBIF_REGIONCFG_T5_APERT_ID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST
|-
|-
| 23
| 4
| TSEC_TFBIF_REGIONCFG_T5_VPR
| TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X
|-
|-
| 24-26
| 5
| TSEC_TFBIF_REGIONCFG_T6_APERT_ID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST
|-
|-
| 27
| 6
| TSEC_TFBIF_REGIONCFG_T6_VPR
| TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE
|-
|-
| 28-30
| 7
| TSEC_TFBIF_REGIONCFG_T7_APERT_ID
| TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVR_MODE
|-
|-
| 31
| 8
| TSEC_TFBIF_REGIONCFG_T7_VPR
| TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVR_MODE
|}
|}
=== TSEC_TFBIF_THROTTLE ===
=== TSEC_TFBIF_ACTMON_ACTIVE_MASK ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-11
| TSEC_TFBIF_ACTMON_ACTIVE_MASK_STARVED_MC
| TSEC_TFBIF_THROTTLE_BUCKET_SIZE
|-
|-
| 1
| 16-27
| TSEC_TFBIF_ACTMON_ACTIVE_MASK_STALLED_MC
| TSEC_TFBIF_THROTTLE_LEAK_COUNT
|-
|-
| 2
| 30-31
| TSEC_TFBIF_THROTTLE_LEAK_SIZE
| 3
|}
|}
=== TSEC_TFBIF_DBG_STAT0 ===
=== TSEC_TFBIF_ACTMON_ACTIVE_BORPS ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STARVED_MC_POLARITY
| TSEC_TFBIF_DBG_STAT0_1K_TRANSFER
|-
|-
| 1
| 1
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STARVED_MC_OPERATION
| TSEC_TFBIF_DBG_STAT0_RREQ_ISSUED
|-
|-
| 2
| 2
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STALLED_MC_POLARITY
| TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED
|-
|-
| 3
| 3
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_STALLED_MC_OPERATION
| TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED
|-
|-
| 4
| 4
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_DELAYED_MC_POLARITY
| TSEC_TFBIF_DBG_STAT0_STALL_RDATQ
|-
|-
| 5
| 5
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_DELAYED_MC_OPERATION
| TSEC_TFBIF_DBG_STAT0_STALL_RACKQ
|-
|-
| 6
| 6
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_ACTIVE_POLARITY
| TSEC_TFBIF_DBG_STAT0_STALL_WREQQ
|-
|-
| 7
| 7
| TSEC_TFBIF_ACTMON_ACTIVE_BORPS_ACTIVE_OPERATION
| TSEC_TFBIF_DBG_STAT0_STALL_WDATQ
|-
|-
| 0-31
| 8
| TSEC_TFBIF_ACTMON_ACTIVE_WEIGHT_VAL
| TSEC_TFBIF_DBG_STAT0_STALL_WACKQ
|-
|-
| 0
| 9
| TSEC_TFBIF_ACTMON_MCB_MASK_STARVED_MC
| TSEC_TFBIF_DBG_STAT0_STALL_RREQ_PENDING
|-
|-
| 1
| 10
| TSEC_TFBIF_ACTMON_MCB_MASK_STALLED_MC
| TSEC_TFBIF_DBG_STAT0_STALL_WREQ_PENDING
|-
|-
| 2
| 11
| TSEC_TFBIF_ACTMON_MCB_MASK_DELAYED_MC
| TSEC_TFBIF_DBG_STAT0_STALL_MREQ
|-
|-
| 3
| 12
| TSEC_TFBIF_ACTMON_MCB_MASK_ACTIVE
| TSEC_TFBIF_DBG_STAT0_ENGINE_IDLE
|-
|-
| 0
| 13
| TSEC_TFBIF_ACTMON_MCB_BORPS_STARVED_MC_POLARITY
| TSEC_TFBIF_DBG_STAT0_RMCCIF_IDLE
|-
|-
| 1
| 14
| TSEC_TFBIF_ACTMON_MCB_BORPS_STARVED_MC_OPERATION
| TSEC_TFBIF_DBG_STAT0_WMCCIF_IDLE
|-
|-
| 2
| 15
| TSEC_TFBIF_ACTMON_MCB_BORPS_STALLED_MC_POLARITY
| TSEC_TFBIF_DBG_STAT0_CSB_IDLE
|-
|-
| 3
| 16
| TSEC_TFBIF_ACTMON_MCB_BORPS_STALLED_MC_OPERATION
| TSEC_TFBIF_DBG_STAT0_RU_IDLE
|-
|-
| 4
| 17
| TSEC_TFBIF_ACTMON_MCB_BORPS_DELAYED_MC_POLARITY
| TSEC_TFBIF_DBG_STAT0_WU_IDLE
|-
|-
| 5
| 19
| TSEC_TFBIF_ACTMON_MCB_BORPS_DELAYED_MC_OPERATION
| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_ACTIVE
|-
|-
| 6
| 20
| TSEC_TFBIF_ACTMON_MCB_BORPS_ACTIVE_POLARITY
| TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_MCB
|}
|}
=== TSEC_TFBIF_DBG_STAT1 ===
=== TSEC_TFBIF_ACTMON_MCB_WEIGHT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_TFBIF_ACTMON_MCB_WEIGHT_VAL
| TSEC_TFBIF_DBG_STAT1_DATA
|}
|}
=== TSEC_TFBIF_DBG_RDCOUNT_LO ===
=== TSEC_TFBIF_THI_TRANSPROP ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-6
| 0-31
| TSEC_TFBIF_THI_TRANSPROP_STREAMID0
| TSEC_TFBIF_DBG_RDCOUNT_LO_DATA
|}
|}
=== TSEC_CG ===
=== TSEC_TFBIF_DBG_RDCOUNT_HI ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-5
| 0-31
| TSEC_CG_IDLE_CG_DLY_CNT
| TSEC_TFBIF_DBG_RDCOUNT_HI_DATA
|}
|}
=== TSEC_BAR0_CTL ===
=== TSEC_TFBIF_DBG_WRCOUNT_LO ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 0-31
| TSEC_TFBIF_DBG_WRCOUNT_LO_DATA
| TSEC_BAR0_CTL_INIT
|}
|}
=== TSEC_TFBIF_DBG_WRCOUNT_HI ===
=== TSEC_BAR0_ADDR ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_BAR0_ADDR_VAL
| TSEC_TFBIF_DBG_WRCOUNT_HI_DATA
|}
|}
=== TSEC_TFBIF_DBG_R32COUNT ===
=== TSEC_BAR0_DATA ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_BAR0_DATA_VAL
| TSEC_TFBIF_DBG_R32COUNT_DATA
|}
|}
=== TSEC_TFBIF_DBG_R64COUNT ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| TSEC_TFBIF_DBG_R64COUNT_DATA
|}
=== TSEC_BAR0_TIMEOUT ===
=== TSEC_TFBIF_DBG_R128COUNT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0-31
| 0-31
| TSEC_BAR0_TIMEOUT_VAL
| TSEC_TFBIF_DBG_R128COUNT_DATA
|}
|}
=== TSEC_TFBIF_MCCIF_FIFOCTRL1 ===
=== TSEC_TEGRA_CTL ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 16
| 0-15
| TSEC_TEGRA_CTL_TKFI_KFUSE
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT
|-
|-
| 17
| 16-31
| TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE
| TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT
|}
=== TSEC_TFBIF_SPROT_EMEM ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 24
| 0-2
| TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C
| Read access level
|-
|-
| 25
| 3
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X
| Set on memory read access violation
|-
|-
| 26
| 4-6
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB
| Write access level
|-
|-
| 27
| 7
| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C
| Set on memory write access violation
|}
|}
Unofficial name.
Controls accesses to external memory regions. Accessible in HS mode only.
=== TSEC_TFBIF_TRANSCFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-7 || General purpose predicates
| 0
| TSEC_TFBIF_TRANSCFG_ATT0_SWID
|-
|-
| 8 || ALU carry flag
| 4
| TSEC_TFBIF_TRANSCFG_ATT1_SWID
|-
|-
| 9 || ALU signed overflow flag
| 8
| TSEC_TFBIF_TRANSCFG_ATT2_SWID
|-
|-
| 10 || ALU sign flag
| 12
| TSEC_TFBIF_TRANSCFG_ATT3_SWID
|-
|-
| 11 || ALU zero flag
| 16
| TSEC_TFBIF_TRANSCFG_ATT4_SWID
|-
|-
| 16 || Interrupt 0 enable
| 20
| TSEC_TFBIF_TRANSCFG_ATT5_SWID
|-
|-
| 17 || Interrupt 1 enable
| 24
| TSEC_TFBIF_TRANSCFG_ATT6_SWID
|-
|-
| 18 || Interrupt 2 enable (undefined)
| 28
| TSEC_TFBIF_TRANSCFG_ATT7_SWID
| 24 || Exception active
|}
|}
Configures the software ID per CTXDMA port for memory transactions. Software ID 0 (HW_SWID) forces all transactions to go through the SMMU while software ID 1 (PHY_SWID) bypasses it. Accessible in HS mode only.
[6.0.0+] The nvhost_tsec firmware sets this register to 0x10 or 0x111110 before reading memory from the GPU UCODE carveout.
{| class=wikitable
=== TSEC_TFBIF_REGIONCFG ===
! Bits || Description
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 0-4 || Number of instructions the override is valid for (0x1F means infinite)
| 0-2
| TSEC_TFBIF_REGIONCFG_T0_APERT_ID
|-
|-
| 5 || Crypto source/destination select
| 3
| TSEC_TFBIF_REGIONCFG_T0_VPR
|-
|-
| 6 || Bypass mode
| 4-6
| TSEC_TFBIF_REGIONCFG_T1_APERT_ID
|-
| 7
| TSEC_TFBIF_REGIONCFG_T1_VPR
|-
| 8-10
| TSEC_TFBIF_REGIONCFG_T2_APERT_ID
|-
|-
| 7 || Internal memory select
| 11
| TSEC_TFBIF_REGIONCFG_T2_VPR
|-
|-
| 0-7 || Start of region to authenticate (in pages of 0x100 bytes)
| 12-14
| TSEC_TFBIF_REGIONCFG_T3_APERT_ID
|-
|-
| 16 || Force secure DMA transfers
| 15
| TSEC_TFBIF_REGIONCFG_T3_VPR
|-
|-
| 17 || Decrypt region to authenticate
| 16-18
| TSEC_TFBIF_REGIONCFG_T4_APERT_ID
|-
|-
| 18 || Signature check passed
| 19
| TSEC_TFBIF_REGIONCFG_T4_VPR
|-
|-
| 19 || Suppress interrupts and exceptions
| 20-22
| TSEC_TFBIF_REGIONCFG_T5_APERT_ID
|-
|-
| 24-31 || Size of region to authenticate (in pages of 0x100 bytes)
| 23
| TSEC_TFBIF_REGIONCFG_T5_VPR
|-
|-
| 0-2 || CTXDMA port for code loads (xcld)
| 24-26
| TSEC_TFBIF_REGIONCFG_T6_APERT_ID
|-
|-
| 4-6 || CTXDMA port for code stores (invalid)
| 27
| TSEC_TFBIF_REGIONCFG_T6_VPR
|-
|-
| 8-10 || CTXDMA port for data loads (xdld)
| 28-30
| TSEC_TFBIF_REGIONCFG_T7_APERT_ID
|-
|-
| 12-14 || CTXDMA port for data stores (xdst)
| 31
| TSEC_TFBIF_REGIONCFG_T7_VPR
|}
|}
Configures the aperture ID and VPR mode per CTXDMA port for memory region accessing. Accessible in HS mode only.
[6.0.0+] The nvhost_tsec firmware sets this register to 0x20 or 0x140 before reading memory from the GPU UCODE carveout.
=== TSEC_CG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0-19 || Exception PC
| 0-5
| TSEC_CG_IDLE_CG_DLY_CNT
|-
| 6
| TSEC_CG_IDLE_CG_EN
|-
| 16-18
| TSEC_CG_WAKEUP_DLY_CNT
|-
|-
| 20-23 || Exception cause
| 19
| TSEC_CG_WAKEUP_DLY_EN
|}
|}
=== TSEC_BAR0_CTL ===
{| class="wikitable" border="1"
==== SEC1 ====
! Bits
! Description
|-
| 0
| TSEC_BAR0_CTL_READ
|-
| 1
| TSEC_BAR0_CTL_WRITE
|-
| 4-7
| TSEC_BAR0_CTL_BYTE_MASK
|-
| 12-13
| TSEC_BAR0_CTL_STATUS
0: Idle
1: Busy
2: Error
3: Disabled
|-
| 16-17
| TSEC_BAR0_CTL_SEC_MODE
0: Non-secure
1: Invalid
2: Light Secure
3: Heavy Secure
|-
| 31
| TSEC_BAR0_CTL_INIT
|}
Unofficial name.
Controls DMA transfers between TSEC and HOST1X (master and clients).
Starting a transfer over BAR0 automatically sets TSEC_BAR0_CTL_SEC_MODE to the current Falcon security mode. Once set, any attempts to start a transfer from a lower security level will fail.
==== Exit ====
=== TSEC_BAR0_ADDR ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| TSEC_BAR0_ADDR_VAL
|}
Unofficial name.
Takes the address for DMA transfers between TSEC and HOST1X (master and clients).
== SCP ==
=== TSEC_BAR0_DATA ===
"SCP" (Secure Co-Processor) is a proprietary coprocessor which can be found inside every [[#Falcon|Falcon]] that supports [[#Heavy_Secure_Mode|Heavy Secure Mode]]. On the Tegra X1 these are TSECA, TSECB, NVDEC and the GPU's PMU.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| TSEC_BAR0_DATA_VAL
|}
Unofficial name.
Takes the data for DMA transfers between TSEC and HOST1X (master and clients).
==== STORE ====
=== TSEC_BAR0_TIMEOUT ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| TSEC_BAR0_TIMEOUT_VAL
|}
Unofficial name.
Takes the timeout value for DMA transfers between TSEC and HOST1X (master and clients).
=== TSEC_VERSION ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Version
|}
Unofficial name.
=== TSEC_SCRATCH0 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH1 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
==== RNG ====
=== TSEC_SCRATCH2 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
===== RND =====
=== TSEC_SCRATCH3 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-31
| Value
|}
Unofficial name.
=== Operations ===
=== TSEC_SCRATCH4 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Opcode
! Bits
! Name
! Description
|-
|-
| 0 || nop || N/A || N/A || ||
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH5 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 1 || mov || $cX || $cY || <code>$cX = $cY; ACL(X) = ACL(Y);</code> ||
| 0-31
| Value
|}
Unofficial name.
=== TSEC_SCRATCH6 ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 2 || sin || $cX || N/A || <code>$cX = read_stream(); ACL(X) = ???;</code> ||
| 0-31
|-
| Value
| 3 || sout || $cX || N/A || <code>write_stream($cX);</code> || ?
|}
|-
| 4 || [[#rnd|rnd]] || $cX || N/A || <code>$cX = read_rnd(); ACL(X) = ???;</code> ||
Unofficial name.
|-
| 5 || s0begin || immX || N/A || <code>record_macro_for_N_instructions(0, immX);</code> ||
=== TSEC_SCRATCH7 ===
|-
{| class="wikitable" border="1"
| 6 || s0exec || immX || N/A || <code>execute_macro_N_times(0, immX);</code> ||
! Bits
|-
! Description
| 7 || s1begin || immX || N/A || <code>record_macro_for_N_instructions(1, immX);</code> ||
|-
|-
| 0-31
| 8 || s1exec || immX || N/A || <code>execute_macro_N_times(1, immX);</code> ||
| Value
|-
|}
| 9 || <invalid> || || || ||
|-
Unofficial name.
| 0xA || [[#chmod|chmod]] || $cX || immY || Complicated, see [[#ACL|ACL]]. ||
|-
=== TSEC_GPTMRINT ===
| 0xB || xor || $cX || $cY || <code>$cX ^= $cY;</code> || <code>(ACL(X) & 2) && (ACL(Y) & 2)</code>
Unofficial name.
|-
| 0xC || add || $cX || immY || <code>$cX += immY;</code> || <code>(ACL(X) & 2)</code>
Same as [[#TSEC_FALCON_GPTMRINT|TSEC_FALCON_GPTMRINT]], but for an unknown hardware block.
=== TSEC_GPTMRVAL ===
Unofficial name.
Same as [[#TSEC_FALCON_GPTMRVAL|TSEC_FALCON_GPTMRVAL]], but for an unknown hardware block.
=== TSEC_GPTMRCTL ===
Unofficial name.
Same as [[#TSEC_FALCON_GPTMRCTL|TSEC_FALCON_GPTMRCTL]], but for an unknown hardware block.
=== TSEC_ITFEN ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| Enable [[#TSEC_GPTMRINT|TSEC_GPTMRINT]]
|-
| 1
| Unknown
|-
| 2
| Unknown
|-
| 3
| Unknown
|}
Unofficial name.
=== TSEC_ITFSTAT ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| [[#TSEC_GPTMRINT|TSEC_GPTMRINT]] is enabled
|-
| 1
| Unknown
|-
| 2
| Unknown
|-
| 3
| Unknown
|}
Unofficial name.
=== TSEC_TEGRA_CTL ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 16
| TSEC_TEGRA_CTL_TKFI_KFUSE
|-
| 17
| TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE
|-
| 24
| TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C
|-
| 25
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X
|-
| 26
| TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB
|-
| 27
| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C
|}
== Falcon ==
"Falcon" (FAst Logic CONtroller) is a proprietary general purpose CPU which can be found inside various hardware blocks that require some sort of logic processing such as TSEC (TSECA and TSECB), NVDEC, NVENC, NVJPG, VIC, GPU PMU and XUSB.
=== Processor Registers ===
A total of 32 processor registers are available in the Falcon CPU.
==== REG0-REG15 ====
These are 16 32-bit GPRs (general purpose registers).
==== IV0 ====
This is a SPR (special purpose register) that holds the address for interrupt vector 0. Only bits 0 to 15 are used.
==== IV1 ====
This is a SPR (special purpose register) that holds the address for interrupt vector 1. Only bits 0 to 15 are used.
==== IV2 ====
This is a SPR (special purpose register) that holds the address for interrupt vector 2. This register is considered "UNDEFINED" and appears to be unused.
==== EV ====
This is a SPR (special purpose register) that holds the address for the exception vector. Only bits 0 to 15 are used.
Alternative name (envytools): "tv".
==== SP ====
This is a SPR (special purpose register) that holds the current stack pointer. Only bits 0 to 15 are used.
==== PC ====
This is a SPR (special purpose register) that holds the current program counter. Only bits 0 to 15 are used.
==== IMB ====
This is a SPR (special purpose register) that holds the external base address for IMEM transfers.
Alternative name (envytools): "xcbase".
==== DMB ====
This is a SPR (special purpose register) that holds the external base address for DMEM transfers.
Alternative name (envytools): "xdbase".
==== CSW ====
This is a SPR (special purpose register) that holds various flag bits.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-7 || General purpose predicates
|-
| 8 || ALU carry flag
|-
| 9 || ALU signed overflow flag
|-
| 10 || ALU sign flag
|-
| 11 || ALU zero flag
|-
| 16 || Interrupt 0 enable
|-
| 17 || Interrupt 1 enable
|-
| 18 || Interrupt 2 enable (undefined)
|-
| 20 || Interrupt 0 saved enable
|-
| 21 || Interrupt 1 saved enable
|-
| 22 || Interrupt 2 saved enable (undefined)
|-
| 24 || Exception active
|-
| 26-31 || Unknown
|}
Alternative name (envytools): "flags".
==== CCR ====
This is a SPR (special purpose register) that holds configuration bits for the SCP DMA override functionality. The value of this register is set using the "cxset" instruction which provides a way to change the behavior of a variable amount of successively executed DMA-related instructions ("xdwait", "xdst" and "xdld").
{| class=wikitable
! Bits || Description
|-
| 0-4 || Number of instructions the override is valid for (0x1F means infinite)
|-
| 5 || Crypto source/destination select
0: Crypto register
1: Crypto stream
|-
| 6 || Bypass mode
0: Disabled
1: Enabled
|-
| 7 || Internal memory select
0: DMEM
1: IMEM
|}
Alternative name (envytools): "cx".
==== SEC ====
This is a SPR (special purpose register) that holds configuration bits for the SCP authentication process.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-7 || Start of region to authenticate (in pages of 0x100 bytes)
|-
| 16 || Force secure DMA transfers
|-
| 17 || Decrypt region to authenticate
|-
| 18 || Signature check passed
|-
| 19 || Suppress interrupts and exceptions
|-
| 24-31 || Size of region to authenticate (in pages of 0x100 bytes)
|}
Alternative name (envytools): "cauth".
==== CTX ====
This is a SPR (special purpose register) that holds configuration bits for the CTXDMA ports.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-2 || CTXDMA port for code loads (xcld)
|-
| 4-6 || CTXDMA port for code stores (invalid)
|-
| 8-10 || CTXDMA port for data loads (xdld)
|-
| 12-14 || CTXDMA port for data stores (xdst)
|}
Alternative name (envytools): "xtargets".
==== EXCI ====
This is a SPR (special purpose register) that holds information on raised exceptions.
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0-19 || Exception PC
|-
| 20-23 || Exception cause
|}
Alternative name (envytools): "tstatus".
==== SEC1 ====
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
==== IMB1 ====
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
==== DMB1 ====
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
=== Secure BootROM ===
Certain Falcon CPUs may have an optional "Secure BootROM", but contrary to the common purpose of bootrom code, this doesn't execute while booting the CPU. In fact, being a microprocessor, Falcon is designed to execute user supplied code right off the bat in a clean slate state. However, Falcon can be paired with a [[#SCP|secure co-processor]] and provide a cryptosystem for any hardware block that may require it, originating what is known as a "secretful" unit.
Secretful Falcon CPUs have [[#TSEC_FALCON_HWCFG1|TSEC_FALCON_HWCFG1_SECURITY_MODEL]] set to 3, which means they support "Heavy Secure" mode (or "HS" for short). While in HS mode, the Falcon's DMEM and IMEM regions are protected from read and write operations, which effectively hides code and data from attackers.
Entering HS mode first requires uploading code marked as "secure" to Falcon, which can be done from MMIO using [[#TSEC_FALCON_IMEMC|TSEC_FALCON_IMEMC]] with the [[#TSEC_FALCON_IMEMC|TSEC_FALCON_IMEMC_SECURE]] bit set. Upon jumping to a page marked as secret, the [[#TSEC_FALCON_EXCI|INV_INS]] exception is raised which tells the Falcon to start executing the secure bootrom code.
The secure bootrom lives in a hidden ROM region, instead of IMEM, and is mapped as --x at address 0. On Falcon v5 CPUs its size is 0x367 bytes.
==== Initialization ====
The first instructions of the secure bootrom simply save each [[#REG0-REG15|GPR]] to the stack and check the contents of the [[#SEC|SEC SPR]].
==== Authentication ====
The main purpose of the secure bootrom is to authenticate the code pages marked as "secure". This is done by first extracting the base address and size of the region to authenticate from the [[#SEC|SEC SPR]], then calculating a signature over this region and finally comparing it to the value of the [[#SCP|SCP]] register $c6.
If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
Below is the authentication algorithm's pseudocode:
<syntaxhighlight>
...
// This runs in a loop for each 0x100 bytes page.
cs0begin 0x03
cxsin $c4
cenc $c3 $c5
cxor $c5 $c3
ckeyreg $c4
cxor $c5 $c5
cs0exec 0x11
...
// Use secret 0x01 as key and $c7 as seed.
csecret $c3 1
ckeyreg $c3
cenc $c3 $c7
ckeyreg $c3
cenc $c4 $c5
csigcmp $c4 $c6
...
</syntaxhighlight>
==== Decryption ====
If bit 17 is set in the [[#SEC|SEC SPR]], the secure bootrom will additionally attempt to decrypt the region to authenticate.
Below is the decryption algorithm's pseudocode:
<syntaxhighlight>
...
// Use secret 0x06 as key.
cs0begin 0x03
cxsin $c3
cdec $c4 $c3
cxsout $c4
csecret $c5 0x06
ckexp $c5 $c5
cs0exec 0x10
ckeyreg $c5
...
</syntaxhighlight>
==== Exit ====
The secure bootrom finishes by restoring each [[#REG0-REG15|GPR]] from stack and returning from the exception state. This will result in the authenticated code region being executed in HS mode until the current [[#PC|PC]] points to an address outside of the authenticated region. When this happens, each page from the authenticated region is automatically marked as invalid without any involvement of the secure bootrom, meaning that the secure bootrom is only invoked when entering HS mode.
== SCP ==
"SCP" (Secure Co-Processor) is a proprietary coprocessor which can be found inside every [[#Falcon|Falcon]] that supports [[#Secure BootROM|Heavy Secure Mode]]. On the Tegra X1 these are TSECA, TSECB, NVDEC and the GPU's PMU.
=== Hardware ===
SCP is subdivided into several specialized hardware blocks and interfaces.
==== LOAD ====
Block for handling memory reads from SCP to Falcon. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
==== STORE ====
Block for handling memory writes from Falcon to SCP. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
==== CMD ====
Block for translating Falcon crypto operands into SCP commands. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]]. The status of the current command is reported through register [[#TSEC_SCP_CMD|TSEC_SCP_CMD]].
==== SEQ ====
Block for recording and executing sequences of crypto operations in the form of macros.
Can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
==== CTL ====
Overseer block for controlling certain SCP features.
Can be enabled or disabled by register [[#TSEC_SCP_CTL0|TSEC_SCP_CTL0]].
Registers [[#TSEC_SCP_CTL_STAT|TSEC_SCP_CTL_STAT]], [[#TSEC_SCP_CTL_LOCK|TSEC_SCP_CTL_LOCK]], [[#TSEC_SCP_CTL_SCP|TSEC_SCP_CTL_SCP]], [[#TSEC_SCP_CTL_PKEY|TSEC_SCP_CTL_PKEY]] and [[#TSEC_SCP_CTL_DBG|TSEC_SCP_CTL_DBG]] refer to this block.
==== AES ====
Block for providing AES-128-ECB functionality.
==== RNG ====
Block for encapsulating and controlling the internal random number generator.
Can be enabled or disabled by register [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]] and reports the status of the internal random number generator through registers [[#TSEC_SCP_RNG_STAT0|TSEC_SCP_RNG_STAT0]] and [[#TSEC_SCP_RNG_STAT1|TSEC_SCP_RNG_STAT1]].
===== RND =====
Internal random number generator.
Can be configured by the [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTLx]] registers.
=== Operations ===
{| class="wikitable" border="1"
! Opcode
! Name
! Operand0
! Operand1
! Operation
! Precondition
! Postcondition
|-
| 0 || nop || N/A || N/A || N/A || N/A || N/A
|-
| 1 || mov || $cX || $cY || <code><nowiki>$cX = $cY;</nowiki></code> || N/A || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 2 || xsin || $cX || N/A || <code><nowiki>$cX = read_from_stream();</nowiki></code> || N/A || <code><nowiki>ACL($cX) = is_mode_hs ? 0x3 : 0x1F;</nowiki></code>
|-
| 3 || xsout || $cX || N/A || <code><nowiki>write_to_stream($cX);</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0xA)))</nowiki></code> || N/A
|-
| 4 || [[#rnd|rnd]] || $cX || N/A || <code><nowiki>$cX = read_from_rnd();</nowiki></code> || N/A || <code><nowiki>ACL($cX) = is_mode_hs ? 0x3 : 0x1F;</nowiki></code>
|-
| 5 || s0begin || immX || N/A || <code><nowiki>record_macro_for_N_instructions(0, immX);</nowiki></code>|| N/A || N/A
|-
| 6 || s0exec || immX || N/A || <code><nowiki>execute_macro_N_times(0, immX);</nowiki></code> || N/A || N/A
|-
| 7 || s1begin || immX || N/A || <code><nowiki>record_macro_for_N_instructions(1, immX);</nowiki></code> || N/A || N/A
|-
| 8 || s1exec || immX || N/A || <code><nowiki>execute_macro_N_times(1, immX);</nowiki></code> || N/A || N/A
|-
| 9 || <invalid> || N/A || N/A || N/A || N/A || N/A
|-
| 0xA || [[#chmod|chmod]] || $cX || immY || <code><nowiki>ACL($cX) = immY;</nowiki></code> || See [[#ACLs|ACLs]] || N/A
|-
| 0xB || xor || $cX || $cY || <code><nowiki>$cX ^= $cY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0xC || add || $cX || immY || <code><nowiki>$cX += immY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A)))</nowiki></code> || N/A
|-
| 0xD || and || $cX || $cY || <code><nowiki>$cX &= $cY;</nowiki></code> || <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0xE || rev || $cX || $cY || <code><nowiki>$cX = endian_swap128($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0xF || gfmul || $cX || $cY || <code><nowiki>$cX = gfmul($cY);</nowiki></code>|| <code><nowiki>((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0x10 || secret || $cX || immY || <code><nowiki>$cX = load_secret(immY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = load_secret_acl(immY);</nowiki></code>
|-
| 0x11 || keyreg || $cX || N/A || <code><nowiki>active_key = $cX;</nowiki></code> || N/A || N/A
|-
| 0x12 || kexp || $cX || $cY || <code><nowiki>$cX = aes_key_expand($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0x13 || krexp || $cX || $cY || <code><nowiki>$cX = aes_key_reverse_expand($cY);</nowiki></code> || <code><nowiki>(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10)))</nowiki></code> || <code><nowiki>ACL($cX) = ACL($cY);</nowiki></code>
|-
| 0x14 || enc || $cX || $cY || <code><nowiki>$cX = aes_enc(active_key, $cY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = (ACL(active_key) & ACL($cY));</nowiki></code>
|-
| 0x15 || dec || $cX || $cY || <code><nowiki>$cX = aes_dec(active_key, $cY);</nowiki></code> || N/A || <code><nowiki>ACL($cX) = (ACL(active_key) & ACL($cY));</nowiki></code>
|-
| 0x16 || [[#sigcmp|sigcmp]] || $cX || $cY || <code><nowiki>current_sig = memcmp($cX, $cY) ? NULL : $cX;</nowiki></code> || <code><nowiki>(is_mode_secure_bootrom && (ACL($cY) & 0x2))</nowiki></code> || <code><nowiki>is_mode_hs = has_sig = (current_sig != NULL);</nowiki></code>
|-
| 0x17 || sigenc || $cX || $cY || <code><nowiki>$cX = aes_enc($cY, current_sig);</nowiki></code> || <code><nowiki>(is_mode_hs && has_sig)</nowiki></code> || <code><nowiki>ACL($cX) = 0x3;</nowiki></code>
|-
| 0x18 || [[#sigclr|sigclr]] || N/A || N/A || <code><nowiki>current_sig = NULL;</nowiki></code> || <code><nowiki>(is_mode_hs && has_sig)</nowiki></code> || <code><nowiki>has_sig = false;</nowiki></code>
|}
==== rnd ====
<code>00000000: f5 3c 0X 90 crnd $cX</code>
This instruction initializes a crypto register with random data.
Executing this instruction only succeeds if the RNG controller is enabled for the SCP, which requires taking the following steps:
* Write 0x7FFF to [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTL0]].
* Write 0x3FF0000 to [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]].
* Write 0xFF00 to [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]].
* Write 0x1000 to [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]].
Otherwise it hangs forever.
==== chmod ====
<code>00000000: f5 3c XY a8 cchmod $cY 0X</code> or <code>00000000: f5 3c XY a9 cchmod $cY 1X</code>
This instruction takes a crypto register and a 5 bit immediate value which represents the [[#ACLs|ACLs]] mask to set.
==== sigcmp ====
<code>00000000: f5 3c XY d8 csigcmp $cY $cX</code>
Takes 2 crypto registers as operands and is automatically executed when jumping to a code region previously uploaded as secret. This instruction does not work in secure mode.
==== sigclr ====
<code>00000000: f5 3c 00 e0 csigclr</code>
This instruction takes no operands and clears the saved cauth signature used by the csigenc instruction.
=== ACLs ===
Each crypto register has an associated access control list with the following format:
{| class="wikitable" border="1"
! Bit
! Description
|-
|-
| 0xD || and || $cX || $cY || <code>$cX &= $cY;</code> || <code>(ACL(X) & 2) && (ACL(Y) & 2)</code>
| 0 || [[#Secure Keyable|Secure Keyable]]
|-
|-
| 0xE || rev || $cX || $cY || <code>$cX = endian_swap128($cY); ACL(X) = ACL(Y);</code> ||
| 1 || [[#Secure Readable|Secure Readable]]
|-
|-
| 0xF || gfmul || $cX || $cY || <code>$cX = gfmul($cY); ACL(X) = ACL(Y);</code> || <code>(ACL(Y) & 2)</code>
| 2 || [[#Insecure Keyable|Insecure Keyable]]
|-
|-
| 0x10 || secret || $cX || immY || <code>$cX = load_secret(immY); ACL(X) = load_secret_acl(immY);</code> ||
| 3 || [[#Insecure Readable|Insecure Readable]]
|-
|-
| 0x11 || keyreg || immX || N/A || <code>active_key_idx = immX;</code> ||
| 4 || [[#Insecure Writeable|Insecure Writeable]]
|}
|}
On boot, every crypto register has an ACL value of 0x1F.
In HS mode, [[#STORE|STORE]] can always write to a crypto register. In NS and LS modes, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.
In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS and LS modes, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.
Loading a secret into a crypto register sets a per-secret ACL, unconditionally.
==== rnd ====
==== Secure Keyable ====
Controls if a crypto register can be used as key in HS mode.
Forced set if the crypto register has [[#Secure Readable|Secure Readable]] access. Once cleared, this access mode cannot be set again.
==== Secure Readable ====
Controls if a crypto register can be read in HS mode.
Once cleared, this access mode cannot be set again.
=== ACLs ===
==== Insecure Keyable ====
Controls if a crypto register can be used as key in NS and LS modes.
Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access.
|-
|-
==== Insecure Readable ====
Controls if a crypto register can be read in NS and LS modes.
This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access.
==== Insecure Writeable ====
Controls if a crypto register can be written to in NS and LS modes.
This access mode has no effect in HS mode.
=== Secrets ===
=== Secrets ===
[[#Heavy_Secure_Mode|Heavy Secure Mode]] has access to 64 128-bit keys which are burned at factory. These keys can be loaded using the $csecret instruction which takes the target crypto register and the key index as arguments.
[[#Secure BootROM|Heavy Secure Mode]] has access to 64 128-bit keys which are burned at factory. These keys can be loaded using the $csecret instruction which takes the target crypto register and the key index as arguments.
Secrets are specific to each Falcon unit with the exception of secret 0x3F. This secret is effectively empty (all zeros), but is configured to be overwritten with the KFUSE private key once the KFUSE clock is enabled. The KFUSE private key is console-unique.
Secrets are specific to each Falcon unit with the exception of secret 0x3F. This secret is effectively empty (all zeros), but is configured to be overwritten with the KFUSE private key once the KFUSE clock is enabled. The KFUSE private key is console-unique.
! Index || ACL || Description
! Index || ACL || Description
|-
|-
| 0x00 || 0x13 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
| 0x00 || 0x03 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
|-
|-
| 0x01 || 0x10 || Used by Falcon's Secure Boot ROM for the signature generation algorithm.
| 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm.
|-
|-
| 0x02 || 0x10 ||
| 0x02 || 0x00 ||
|-
|-
| 0x03 || 0x11 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x03 || 0x01 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x04 || 0x10 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x05 || 0x13 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
| 0x05 || 0x03 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
|-
|-
| 0x06 || 0x11 || Used by Falcon's Secure Boot ROM as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).
| 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).
|-
|-
| 0x07 || 0x11 || Used by [6.0.0+] nvhost_tsec firmware.
| 0x07 || 0x01 || Used by [6.0.0+] nvhost_tsec firmware.
|-
|-
| 0x08 || 0x10 ||
| 0x08 || 0x00 ||
|-
|-
| 0x09 || 0x13 || Used by nvhost_tsec firmware.
| 0x09 || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x0A || 0x11 ||
| 0x0A || 0x01 ||
|-
|-
| 0x0B || 0x10 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x0C || 0x13 ||
| 0x0C || 0x03 ||
|-
|-
| 0x0D || 0x11 ||
| 0x0D || 0x01 ||
|-
|-
| 0x0E || 0x10 ||
| 0x0E || 0x00 ||
|-
|-
| 0x0F || 0x13 || Used by nvhost_tsec firmware.
| 0x0F || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x10 || 0x11 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
| 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
|-
|-
| 0x11 || 0x10 ||
| 0x11 || 0x00 ||
|-
|-
| 0x12 || 0x13 ||
| 0x12 || 0x03 ||
|-
|-
| 0x13 || 0x11 ||
| 0x13 || 0x01 ||
|-
|-
| 0x14 || 0x10 ||
| 0x14 || 0x00 ||
|-
|-
| 0x15 || 0x13 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
| 0x15 || 0x03 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
|-
|-
| 0x16 || 0x11 ||
| 0x16 || 0x01 ||
|-
|-
| 0x17 || 0x10 ||
| 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware.
|-
|-
| 0x18 || 0x13 ||
| 0x18 || 0x03 ||
|-
|-
| 0x19 || 0x11 ||
| 0x19 || 0x01 ||
|-
|-
| 0x1A || 0x10 ||
| 0x1A || 0x00 ||
|-
|-
| 0x1B || 0x13 ||
| 0x1B || 0x03 ||
|-
|-
| 0x1C || 0x11 ||
| 0x1C || 0x01 ||
|-
|-
| 0x1D || 0x10 ||
| 0x1D || 0x00 ||
|-
|-
| 0x1E || 0x13 ||
| 0x1E || 0x03 ||
|-
|-
| 0x1F || 0x11 ||
| 0x1F || 0x01 ||
|-
|-
| 0x20 || 0x10 ||
| 0x20 || 0x00 ||
|-
|-
| 0x21 || 0x13 ||
| 0x21 || 0x03 ||
|-
|-
| 0x22 || 0x11 ||
| 0x22 || 0x01 ||
|-
|-
| 0x23 || 0x10 ||
| 0x23 || 0x00 ||
|-
|-
| 0x24 || 0x13 ||
| 0x24 || 0x03 ||
|-
|-
| 0x25 || 0x11 ||
| 0x25 || 0x01 ||
|-
|-
| 0x26 || 0x10 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]
| 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]
|-
|-
| 0x27 || 0x13 ||
| 0x27 || 0x03 ||
|-
|-
| 0x28 || 0x11 ||
| 0x28 || 0x01 ||
|-
|-
| 0x29 || 0x10 ||
| 0x29 || 0x00 ||
|-
|-
| 0x2A || 0x13 ||
| 0x2A || 0x03 ||
|-
|-
| 0x2B || 0x11 ||
| 0x2B || 0x01 ||
|-
|-
| 0x2C || 0x10 ||
| 0x2C || 0x00 ||
|-
|-
| 0x2D || 0x13 ||
| 0x2D || 0x03 ||
|-
|-
| 0x2E || 0x11 ||
| 0x2E || 0x01 ||
|-
|-
| 0x2F || 0x10 ||
| 0x2F || 0x00 ||
|-
|-
| 0x30 || 0x13 ||
| 0x30 || 0x03 ||
|-
|-
| 0x31 || 0x11 ||
| 0x31 || 0x01 ||
|-
|-
| 0x32 || 0x10 ||
| 0x32 || 0x00 ||
|-
|-
| 0x33 || 0x13 ||
| 0x33 || 0x03 ||
|-
|-
| 0x34 || 0x11 ||
| 0x34 || 0x01 ||
|-
|-
| 0x35 || 0x10 ||
| 0x35 || 0x00 ||
|-
|-
| 0x36 || 0x13 ||
| 0x36 || 0x03 ||
|-
|-
| 0x37 || 0x11 ||
| 0x37 || 0x01 ||
|-
|-
| 0x38 || 0x10 ||
| 0x38 || 0x00 ||
|-
|-
| 0x39 || 0x13 ||
| 0x39 || 0x03 ||
|-
|-
| 0x3A || 0x11 ||
| 0x3A || 0x01 ||
|-
|-
| 0x3B || 0x10 ||
| 0x3B || 0x00 ||
|-
|-
| 0x3C || 0x13 || Used by nvhost_tsec firmware.
| 0x3C || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x3D || 0x11 ||
| 0x3D || 0x01 ||
|-
|-
| 0x3E || 0x10 ||
| 0x3E || 0x00 ||
|-
|-
| 0x3F || 0x10 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x3F || 0x00 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|}
|}