2,787
edits
Changes
more TSEC goodness
! Address
! Address
! Width
! Width
|-
| TSEC_THI_UNK0
| 0x54500020
| 0x04
|-
|-
| TSEC_THI_INT_STATUS
| TSEC_THI_INT_STATUS
| 0x54500078
| 0x54500078
| 0x04
|-
| TSEC_THI_INT_STATUS2
| 0x5450007C
| 0x04
|-
| TSEC_THI_UNK1
| 0x54500084
| 0x04
| 0x04
|-
|-
| FALCON_SCTL
| FALCON_SCTL
| 0x54501240
| 0x54501240
| 0x04
|-
| TSEC_SCP_CTL_UNK0
| 0x54501400
| 0x04
|-
| TSEC_SCP_CTL_UNK1
| 0x54501404
| 0x04
| 0x04
|-
|-
| TSEC_SCP_CTL_AUTH_MODE
| TSEC_SCP_CTL_AUTH_MODE
| 0x5450140C
| 0x5450140C
| 0x04
|-
| TSEC_SCP_CTL_UNK2
| 0x54501410
| 0x04
| 0x04
|-
|-
| 0x04
| 0x04
|-
|-
| TSEC_TFBIF_MCCIF_FIFOCTRL
| TSEC_SCP_CTL_UNK3
| 0x54501604
| 0x54501420
| 0x04
|-
| TSEC_SCP_CTL_UNK4
| 0x54501428
| 0x04
| 0x04
|-
|-
| TSEC_DMA_CMD
| TSEC_SCP_CTL_UNK5
| 0x54501700
| 0x54501430
| 0x04
| 0x04
|-
|-
| TSEC_DMA_ADDR
| TSEC_SCP_UNK0
| 0x54501704
| 0x54501454
| 0x04
| 0x04
|-
|-
| TSEC_DMA_VAL
| TSEC_SCP_UNK1
| 0x54501708
| 0x54501458
| 0x04
| 0x04
|-
|-
| TSEC_DMA_UNK
| TSEC_SCP_UNK2
| 0x5450170C
| 0x54501470
| 0x04
| 0x04
|-
|-
| [[#TSEC_TEGRA_CTL|TSEC_TEGRA_CTL]]
| TSEC_SCP_UNK3
| 0x54501838
| 0x54501480
| 0x04
| 0x04
|-
|-
|}
| TSEC_SCP_UNK4
| 0x54501490
| 0x04
|-
| TSEC_UNK0
| 0x54501500
| 0x04
|-
|-
| 0
| TSEC_UNK1
| FALCON_ITFEN_CTXEN
| 0x54501504
| 0x04
|-
|-
| 1
| TSEC_UNK2
| FALCON_ITFEN_MTHDEN
| 0x5450150C
| 0x04
|-
|-
|}
| TSEC_UNK3
| 0x54501510
Used for enabling/disabling Falcon interfaces.
| 0x04
|-
| TSEC_UNK4
| 0x54501514
| 0x04
|-
| TSEC_UNK5
| 0x54501518
| 0x04
|-
| TSEC_UNK6
| 0x5450151C
| 0x04
|-
| TSEC_UNK7
| 0x54501528
| 0x04
|-
| TSEC_UNK8
| 0x5450152C
| 0x04
|-
| TSEC_TFBIF_MCCIF_UNK0
| 0x54501600
| 0x04
|-
| TSEC_TFBIF_MCCIF_FIFOCTRL
| 0x54501604
| 0x04
|-
| TSEC_TFBIF_MCCIF_UNK1
| 0x54501608
| 0x04
|-
| TSEC_TFBIF_MCCIF_UNK2
| 0x5450160C
| 0x04
|-
| TSEC_TFBIF_UNK0
| 0x54501630
| 0x04
|-
| TSEC_TFBIF_UNK1
| 0x54501634
| 0x04
|-
| TSEC_TFBIF_UNK2
| 0x54501640
| 0x04
|-
| [[#TSEC_DMA_CMD|TSEC_DMA_CMD]]
| 0x54501700
| 0x04
|-
| [[#TSEC_DMA_ADDR|TSEC_DMA_ADDR]]
| 0x54501704
| 0x04
|-
| [[#TSEC_DMA_VAL|TSEC_DMA_VAL]]
| 0x54501708
| 0x04
|-
| [[#TSEC_DMA_UNK|TSEC_DMA_UNK]]
| 0x5450170C
| 0x04
|-
| TSEC_TEGRA_UNK0
| 0x54501800
| 0x04
|-
| TSEC_TEGRA_UNK1
| 0x54501824
| 0x04
|-
| TSEC_TEGRA_UNK2
| 0x54501828
| 0x04
|-
| TSEC_TEGRA_UNK3
| 0x5450182C
| 0x04
|-
| [[#TSEC_TEGRA_CTL|TSEC_TEGRA_CTL]]
| 0x54501838
| 0x04
|-
|}
=== FALCON_IRQMSET ===
Used for configuring Falcon's IRQs.
=== FALCON_IRQDEST ===
Used for configuring Falcon's IRQs.
=== FALCON_SCRATCH0 ===
MMIO register for reading/writing data to Falcon.
=== FALCON_SCRATCH1 ===
MMIO register for reading/writing data to Falcon.
=== FALCON_ITFEN ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| FALCON_ITFEN_CTXEN
|-
| 1
| FALCON_ITFEN_MTHDEN
|-
|}
Used for enabling/disabling Falcon interfaces.
=== FALCON_IDLESTATE ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| FALCON_IDLESTATE_FALCON_BUSY
|-
|}
Used for detecting if Falcon is busy or not.
=== FALCON_CPUCTL ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| FALCON_CPUCTL_IINVAL
|-
| 1
| FALCON_CPUCTL_STARTCPU
|-
| 2
| FALCON_CPUCTL_SRESET
|-
| 3
| FALCON_CPUCTL_HRESET
|-
| 4
| FALCON_CPUCTL_HALTED
|-
| 5
| FALCON_CPUCTL_STOPPED
|-
|}
Used for signaling the Falcon CPU.
=== FALCON_BOOTVEC ===
Takes the Falcon's boot vector address.
=== FALCON_DMACTL ===
{| class="wikitable" border="1"
! Bits
! Description
|-
| 0
| FALCON_DMACTL_REQUIRE_CTX
|-
| 1
| FALCON_DMACTL_DMEM_SCRUBBING
|-
| 2
| FALCON_DMACTL_IMEM_SCRUBBING
|-
| 3-6
| FALCON_DMACTL_DMAQ_NUM
|-
| 7
| FALCON_DMACTL_SECURE_STAT
|-
|}
Used for configuring the Falcon's DMA engine.
=== FALCON_DMATRFBASE ===
Takes the host's base address for transferring data to/from the Falcon (DMA).
=== FALCON_DMATRFMOFFS ===
Takes the offset for the host's source memory being transferred.
=== FALCON_IDLESTATE ===
=== FALCON_DMATRFCMD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| FALCON_IDLESTATE_FALCON_BUSY
| FALCON_DMATRFCMD_FULL
|-
|-
| 1
| 1
| FALCON_CPUCTL_STARTCPU
| FALCON_DMATRFCMD_IDLE (this is set if the engine is idle)
|-
|-
| 2
| 2-3
| FALCON_DMATRFCMD_SEC
| FALCON_CPUCTL_HRESET
|-
|-
| 4
| 4
| FALCON_CPUCTL_HALTED
| FALCON_DMATRFCMD_IMEM
|-
|-
| 5
| 5
| FALCON_CPUCTL_STOPPED
| FALCON_DMATRFCMD_WRITE
|-
| 8-10
| FALCON_DMATRFCMD_SIZE
|-
| 12-14
| FALCON_DMATRFCMD_CTXDMA
|-
|-
|}
|}
Used for signaling the Falcon CPU.
Used for configuring DMA transfers.
=== FALCON_BOOTVEC ===
=== FALCON_DMATRFFBOFFS ===
Takes the Falcon's boot vector address.
Takes the offset for Falcon's target memory being transferred.
=== FALCON_DMACTL ===
=== TSEC_SCP_CTL_STAT ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
! Description
! Description
|-
|-
| 0
| 20
| FALCON_DMACTL_REQUIRE_CTX
| TSEC_SCP_CTL_STAT_DEBUG_MODE
|-
|-
| 1
|}
=== TSEC_SCP_CTL_PKEY ===
{| class="wikitable" border="1"
! Bits
! Description
|-
|-
| 2
| 0
| FALCON_DMACTL_IMEM_SCRUBBING
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
|-
|-
| 3-6
| 1
| FALCON_DMACTL_DMAQ_NUM
| TSEC_SCP_CTL_PKEY_LOADED
|-
|-
|}
|}
=== TSEC_DMA_CMD ===
=== FALCON_DMATRFBASE ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Bits
! Bits
|-
|-
| 0
| 0
| FALCON_DMATRFCMD_FULL
| TSEC_DMA_CMD_READ
|-
|-
| 1
| 1
| FALCON_DMATRFCMD_IDLE (this is set if the engine is idle)
| TSEC_DMA_CMD_WRITE
|-
| 4-7
| TSEC_DMA_CMD_UNK
|-
|-
| 2-3
| 12
| FALCON_DMATRFCMD_SEC
| TSEC_DMA_CMD_BUSY
|-
|-
| 4
| 31
| FALCON_DMATRFCMD_IMEM
| TSEC_DMA_CMD_INIT
|-
|-
|}
|}
A DMA read/write operation requires bits TSEC_DMA_CMD_INIT and TSEC_DMA_CMD_READ/TSEC_DMA_CMD_WRITE to be set in TSEC_DMA_CMD.
During the transfer, the TSEC_DMA_CMD_BUSY bit is set.
=== FALCON_DMATRFFBOFFS ===
=== TSEC_DMA_ADDR ===
Takes the offset for Falcon's target memory being transferred.
Takes the address for DMA transfers between TSEC and HOST1X (master and clients).
=== TSEC_SCP_CTL_STAT ===
=== TSEC_DMA_VAL ===
Takes the value for DMA transfers between TSEC and HOST1X (master and clients).
=== TSEC_SCP_CTL_PKEY ===
=== TSEC_DMA_UNK ===
Always 0xFFF.
=== TSEC_TEGRA_CTL ===
=== TSEC_TEGRA_CTL ===
// Partially unknown fuc5 instruction
// Partially unknown fuc5 instruction
// Likely forces a change of permissions
// Likely forces a change of permissions
cchmod(c0, c0);
// Clear all crypto registers and propagate permissions
// Clear all crypto registers and propagate permissions
|-
|-
| 0b001 || external mem <-> crypto input/output stream
| 0b001 || external mem <-> crypto input/output stream
|-
| 0b011 || falcon data mem <-> crypto input/output stream
|-
| 0b100 || unknown, but can be combined with other types
|}
|}
Entry to Authenticated Mode always sets $pc to the address supplied in $cauth (ie the base of the signature-checked region). This takes effect when trying to branch to any address within the range covered by $cauth. Entry to Authenticated Mode (also called "Secure Mode") computes a MAC over the $cauth region and compares it to $c6 in order to perform the signature check.
Entry to Authenticated Mode always sets $pc to the address supplied in $cauth (ie the base of the signature-checked region). This takes effect when trying to branch to any address within the range covered by $cauth. Entry to Authenticated Mode (also called "Secure Mode") computes a MAC over the $cauth region and compares it to $c6 in order to perform the signature check.
Exit from Authenticated Mode must poke a special register (this seems to be I[0x10300] = 0) before leaving authenticated code pages. Failure to do this would result in the Falcon core halting.
Exit from Authenticated Mode must poke a special register before leaving authenticated code pages and a failure to do this would result in the Falcon core halting. Every Falcon based unit (TSEC, NVDEC, VIC) must map this register in their engine-specific subset of registers. In TSEC's case, the register is TSEC_SCP_CTL_AUTH_MODE.
=== Unknown Instructions ===
<code>00000000: f5 3c XY e0 cchmod $cY $cX</code> - likely forces a change of permissions.
<code>00000000: f5 3c XY a8 c_unk $cY $cX</code> - unknown crypto operation.
<code>00000000: f5 3c 0X 90 c_unk $cX</code> - unknown crypto operation.