Changes

TSEC (view source)

Revision as of 20:31, 5 June 2020

2,232 bytes added , 20:31, 5 June 2020

no edit summary

Line 652: Line 652:

| 0x04

|-

−

| TSEC_SCP_CTL_SCP

+

| [[#TSEC_SCP_CTL_SCP|TSEC_SCP_CTL_SCP]]

| 0x54501414

| 0x04

Line 660: Line 660:

| 0x04

|-

−

| TSEC_SCP_CTL_DBG

+

| [[#TSEC_SCP_CTL_DBG|TSEC_SCP_CTL_DBG]]

| 0x5450141C

| 0x04

Line 696: Line 696:

| 0x04

|-

−

| TSEC_SCP_RND_STAT1

+

| [[#TSEC_SCP_RND_STAT1|TSEC_SCP_RND_STAT1]]

| 0x54501474

| 0x04

Line 712: Line 712:

| 0x04

|-

−

| TSEC_SCP_SEC_ERR

+

| [[#TSEC_SCP_SEC_ERR|TSEC_SCP_SEC_ERR]]

| 0x54501494

| 0x04

Line 2,429: Line 2,429:

|-

| 4-5

−

| ~~TSEC_FALCON_SCTL_OLD_SEC_MODE~~

+

| Previous security mode

0: Non-secure

1: Light Secure

Line 2,597: Line 2,597:

! Description

|-

−

| 20

+

| 10

−

| Enable the ~~[[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register~~

+

| Enable the LOAD interface

|-

−

| 16

+

| 12

−

| Enable the ~~SEQ controller~~

+

| Enable the STORE interface

|-

| 14

| Enable the CMD interface

|-

−

| 12

+

| 16

−

| Enable the ~~STORE interface~~

+

| Enable the SEQ controller

|-

−

| 10

+

| 20

−

| Enable the ~~LOAD interface~~

+

| Enable the [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register

|}

Line 2,619: Line 2,619:

|-

| 0

−

| Flush SEQ controller

+

| Flush the SEQ controller

+

|-

+

| 8

+

| Unknown

|-

| 11

Line 2,626: Line 2,629:

| 12

| Enable the RND controller

−

|}

−

~~=== TSEC_SCP_CFG ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| 16-31

+

| 16

−

| ~~Timeout value~~

+

| Enable LOAD interface dummy mode (all reads return 0)

+

|-

+

| 20

+

| Enable LOAD interface bypassing (all reads are dropped)

+

|-

+

| 24

+

| Enable STORE interface bypassing (all writes are dropped)

|}

Line 2,653: Line 2,656:

| 0

| Enable lockdown mode

+

|-

+

| 1

+

| Unknown

+

|-

+

| 2

+

| Unknown

+

|-

+

| 3

+

| Unknown

|-

| 4

−

| Lock SCP ~~and RND~~

+

| Lock the SCP

+

|-

+

| 5

+

| Unknown

+

|-

+

| 6

+

| Unknown

+

|-

+

| 7

+

| Unknown

|}

Controls lockdown mode and can only be cleared in Heavy Secure mode.

−

=== ~~TSEC_SCP_CTL_PKEY~~ ===

+

=== TSEC_SCP_CFG ===

{| class="wikitable" border="1"

! Bits

Line 2,666: Line 2,687:

|-

| 0

−

| ~~TSEC_SCP_CTL_PKEY_REQUEST_RELOAD~~

+

| Unknown

|-

| 1

−

| ~~TSEC_SCP_CTL_PKEY_LOADED~~

+

| Unknown

−

|}

−

~~=== TSEC_SCP_DBG0 ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| 0-3

+

| 2

−

| ~~Index~~

+

| Unknown

+

|-

+

| 3

+

| Unknown

|-

| 4

−

| ~~Automatic increment~~

+

| Unknown

+

|-

+

| 8

+

| Flush the CMD interface

|-

−

| 5-6

+

| 12-13

−

| ~~Target~~

+

| Carry chain size

−

0: ~~None~~

+

0: 32 bits

−

1: ~~Unknown~~

+

1: 64 bits

−

2: ~~Unknown~~

+

2: 96 bits

−

3: ~~SEQ~~

+

3: 128 bits

|-

−

| 8-12

+

| 16-31

−

| ~~SEQ size~~

+

| Timeout value

|}

−

~~Used for debugging crypto controllers such as the SEQ (crypto sequence).~~

+

=== TSEC_SCP_CTL_SCP ===

−

=== ~~TSEC_SCP_DBG1~~ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-3

+

| 0

−

| ~~SEQ instruction's first operand~~

+

| Swap SCP master

|-

−

| ~~4-9~~

+

| 1

−

| ~~SEQ instruction's second operand~~

+

| Current SCP master

−

|-

+

0: Falcon

−

~~| 10-14~~

+

1: External

−

~~| SEQ instruction's opcode~~

|}

−

~~Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ controller.~~

+

=== TSEC_SCP_CTL_PKEY ===

−

=== ~~TSEC_SCP_DBG2~~ ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-1

+

| 0

−

| ~~SEQ state~~

+

| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD

−

0~~: Idle~~

+

|-

−

~~1: Recording is active (cs0begin/cs1begin)~~

+

| 1

+

| TSEC_SCP_CTL_PKEY_LOADED

+

|}

+

=== TSEC_SCP_CTL_DBG ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0

+

| Unknown

+

|-

+

| 4

+

| Unknown

|-

−

| ~~4-7~~

+

| 8

−

| ~~Number of SEQ instructions left~~

+

| Unknown

|-

−

| 12~~-15~~

+

| 12

−

| ~~Active crypto key register~~

+

| Unknown

|}

−

~~Used for retrieving additional debug data associated with the SEQ controller.~~

+

=== TSEC_SCP_DBG0 ===

−

=== ~~TSEC_SCP_CMD~~ ===

{| class="wikitable" border="1"

! Bits

Line 2,738: Line 2,765:

|-

| 0-3

−

| ~~Destination register~~

+

| Index

|-

−

| 8-13

+

| 4

−

| ~~Source register or immediate value~~

+

| Automatic increment

+

|-

+

| 5-6

+

| Target

+

0: None

+

1: STORE

+

2: LOAD

+

3: SEQ

+

|-

+

| 8-12

+

| SEQ size

+

|-

+

| 13-16

+

| Unknown

+

|-

+

| 17

+

| SEQ instruction is valid

+

|-

+

| 18

+

| SEQ controller is running in HS mode

+

|-

+

| 19-22

+

| LOAD size

|-

−

| ~~20-24~~

+

| 23

−

| ~~Command opcode~~

+

| LOAD instruction is valid

−

~~0x0: nop (fuc5 opcode 0x00)~~

+

|-

−

~~0x1: cmov (fuc5 opcode 0x84)~~

+

| 24

−

~~0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset)~~

+

| LOAD interface is running in HS mode

−

~~0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset)~~

+

|-

−

~~0x4: crnd (fuc5 opcode 0x90)~~

+

| 25-26

−

~~0x5: cs0begin (fuc5 opcode 0x94)~~

+

| STORE size

−

~~0x6: cs0exec (fuc5 opcode 0x98)~~

−

~~0x7: cs1begin (fuc5 opcode 0x9C)~~

−

~~0x8: cs1exec (fuc5 opcode 0xA0)~~

−

~~0x9: invalid (fuc5 opcode 0xA4)~~

−

~~0xA: cchmod (fuc5 opcode 0xA8)~~

−

~~0xB: cxor (fuc5 opcode 0xAC)~~

−

~~0xC: cadd (fuc5 opcode 0xB0)~~

−

~~0xD: cand (fuc5 opcode 0xB4)~~

−

~~0xE: crev (fuc5 opcode 0xB8)~~

−

~~0xF: cprecmac (fuc5 opcode 0xBC)~~

−

~~0x10: csecret (fuc5 opcode 0xC0)~~

−

~~0x11: ckeyreg (fuc5 opcode 0xC4)~~

−

~~0x12: ckexp (fuc5 opcode 0xC8)~~

−

~~0x13: ckrexp (fuc5 opcode 0xCC)~~

−

~~0x14: cenc (fuc5 opcode 0xD0)~~

−

~~0x15: cdec (fuc5 opcode 0xD4)~~

−

~~0x16: csigauth (fuc5 opcode 0xD8)~~

−

~~0x17: csigenc (fuc5 opcode 0xDC)~~

−

~~0x18: csigclr (fuc5 opcode 0xE0)~~

|-

−

| 28

+

| 30

−

| ~~Set if the command~~ is valid

+

| STORE instruction is valid

|-

| 31

−

| ~~Set if~~ running in HS mode

+

| STORE interface is running in HS mode

|}

−

~~Contains information on~~ the ~~last~~ crypto ~~command executed~~.

+

Used for debugging crypto controllers such as the SEQ (crypto sequence).

−

=== ~~TSEC_SCP_STAT0~~ ===

+

=== TSEC_SCP_DBG1 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-3

−

| ~~SCP is active~~

+

| SEQ instruction's first operand

|-

−

| 2

+

| 4-9

−

| ~~CMD interface is active~~

+

| SEQ instruction's second operand

|-

−

| 6

+

| 10-14

−

~~| SEQ controller is active~~

+

| SEQ instruction's opcode

−

|-

−

| 14

−

| ~~AES controller is active~~

−

|-

−

~~| 16~~

−

~~| RND controller is active~~

|}

−

Contains the ~~status of~~ the ~~crypto controllers and interfaces~~.

+

Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ controller.

−

=== ~~TSEC_SCP_STAT1~~ ===

+

=== TSEC_SCP_DBG2 ===

{| class="wikitable" border="1"

! Bits

Line 2,809: Line 2,833:

|-

| 0-1

−

| ~~Signature comparison result~~

+

| SEQ controller's state

−

0: ~~None~~

+

0: Idle

−

1: ~~Running~~

+

1: Recording is active (cs0begin/cs1begin)

−

~~2: Failed~~

+

|-

−

~~3: Succeeded~~

+

| 4-7

+

| Number of SEQ instructions left

+

|-

+

| 12-15

+

| Active crypto key register

|}

−

~~Contains~~ the ~~status of the last authentication attempt~~.

+

Used for retrieving additional debug data associated with the SEQ controller.

−

=== ~~TSEC_SCP_STAT2~~ ===

+

=== TSEC_SCP_CMD ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0-4

+

| 0-3

−

| ~~Current SEQ opcode~~

+

| Destination register

|-

−

| 5-9

+

| 8-13

−

| ~~Current CMD opcode~~

+

| Source register or immediate value

|-

−

| 10-14

+

| 20-24

−

| ~~Pending CMD~~ opcode

+

| Command opcode

+

0x0: nop (fuc5 opcode 0x00)

+

0x1: cmov (fuc5 opcode 0x84)

+

0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset)

+

0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset)

+

0x4: crnd (fuc5 opcode 0x90)

+

0x5: cs0begin (fuc5 opcode 0x94)

+

0x6: cs0exec (fuc5 opcode 0x98)

+

0x7: cs1begin (fuc5 opcode 0x9C)

+

0x8: cs1exec (fuc5 opcode 0xA0)

+

0x9: invalid (fuc5 opcode 0xA4)

+

0xA: cchmod (fuc5 opcode 0xA8)

+

0xB: cxor (fuc5 opcode 0xAC)

+

0xC: cadd (fuc5 opcode 0xB0)

+

0xD: cand (fuc5 opcode 0xB4)

+

0xE: crev (fuc5 opcode 0xB8)

+

0xF: cprecmac (fuc5 opcode 0xBC)

+

0x10: csecret (fuc5 opcode 0xC0)

+

0x11: ckeyreg (fuc5 opcode 0xC4)

+

0x12: ckexp (fuc5 opcode 0xC8)

+

0x13: ckrexp (fuc5 opcode 0xCC)

+

0x14: cenc (fuc5 opcode 0xD0)

+

0x15: cdec (fuc5 opcode 0xD4)

+

0x16: csigauth (fuc5 opcode 0xD8)

+

0x17: csigenc (fuc5 opcode 0xDC)

+

0x18: csigclr (fuc5 opcode 0xE0)

|-

−

| ~~15-16~~

+

| 28

−

| ~~AES operation~~

+

| CMD instruction is valid

−

~~0: Encryption~~

−

~~1: Decryption~~

−

~~2: Key expansion~~

−

~~3: Key reverse expansion~~

|-

−

| 25

+

| 31

−

| ~~STORE operation~~ is ~~stalled~~

+

| CMD interface is running in HS mode

−

|-

−

~~| 26~~

−

~~| LOAD operation is stalled~~

−

|-

−

~~| 27~~

−

~~| RND operation is stalled~~

−

|-

−

~~| 29~~

−

~~| AES operation is stalled~~

|}

−

Contains the ~~status of~~ crypto ~~operations~~.

+

Contains information on the last crypto command executed.

−

=== ~~TSEC_SCP_RND_STAT0~~ ===

+

=== TSEC_SCP_STAT0 ===

{| class="wikitable" border="1"

! Bits

Line 2,860: Line 2,900:

|-

| 0

−

| ~~RND~~ is ~~ready~~

+

| SCP is active

−

|}

−

~~Contains the status of the RND controller.~~

−

~~=== TSEC_SCP_IRQSTAT ===~~

−

~~{| class="wikitable" border="1"~~

−

~~! Bits~~

−

~~! Description~~

|-

−

| 0

+

| 2

−

| ~~RND ready~~

+

| CMD interface is active

|-

−

| 8

+

| 4

−

| ~~ACL error~~

+

| STORE interface is active

|-

−

| 12

+

| 6

−

| ~~SEC error~~

+

| SEQ controller is active

|-

−

| 16

+

| 8

−

| ~~CMD error~~

+

| [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register is enabled

|-

−

| 20

+

| 10

−

| ~~Single step~~

+

| LOAD interface is active

|-

−

| 24

+

| 14

−

| ~~RND called~~

+

| AES controller is active

|-

−

| 28

+

| 16

−

| ~~Timeout~~

+

| RND controller is active

|}

−

~~Used for getting~~ the status of crypto ~~IRQs~~.

+

Contains the status of the crypto controllers and interfaces.

−

=== ~~TSEC_SCP_IRQMASK~~ ===

+

=== TSEC_SCP_STAT1 ===

{| class="wikitable" border="1"

! Bits

! Description

|-

−

| 0

+

| 0-1

−

| ~~RND~~ ready

+

| Signature comparison result

+

0: None

+

1: Running

+

2: Failed

+

3: Succeeded

+

|-

+

| 4

+

| LOAD interface is running in HS mode

+

|-

+

| 6

+

| LOAD interface is ready

|-

| 8

−

| ~~ACL error~~

+

| STORE interface is running in HS mode

+

|-

+

| 10

+

| STORE interface received a valid instruction

+

|-

+

| 12

+

| CMD interface is running in HS mode

+

|-

+

| 14

+

| CMD interface received a valid instruction

+

|}

+

Contains the status of the last authentication attempt and other miscellaneous statuses.

+

=== TSEC_SCP_STAT2 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-4

+

| Current SEQ opcode

+

|-

+

| 5-9

+

| Current CMD opcode

+

|-

+

| 10-14

+

| Pending CMD opcode

+

|-

+

| 15-16

+

| AES operation

+

0: Encryption

+

1: Decryption

+

2: Key expansion

+

3: Key reverse expansion

|-

−

| 12

+

| 24

−

| SEC error

+

| Unknown

−

|-

+

|-

−

| 16

+

| 25

−

| CMD error

+

| STORE operation is stalled

−

|-

+

|-

−

| 20

+

| 26

−

| Single step

+

| LOAD operation is stalled

−

|-

+

|-

−

| 24

+

| 27

−

| RND ~~called~~

+

| RND operation is stalled

−

|-

+

|-

−

| 28

+

| 28

−

| Timeout

+

| Unknown

−

|}

+

|-

−

+

| 29

−

Used for getting the value of the mask for crypto IRQs.

+

| AES operation is stalled

−

+

|}

−

=== TSEC_SCP_ACL_ERR ===

+

−

{| class="wikitable" border="1"

+

Contains the status of crypto operations.

−

! Bits

+

−

! Description

+

=== TSEC_SCP_RND_STAT0 ===

−

|-

+

{| class="wikitable" border="1"

−

| 0

+

! Bits

−

| Writing to a crypto register without the correct ACL

+

! Description

−

|-

+

|-

−

| 4

+

| 0

−

| Reading from a crypto register without the correct ACL

+

| RND controller is ready

−

|-

+

|-

−

| 8

+

| 4-7

−

| Invalid ACL change (cchmod)

+

| Unknown

+

|-

+

| 8-11

+

| Unknown

+

|-

+

| 16

+

| Unknown

+

|-

+

| 20

+

| Unknown

+

|}

+

=== TSEC_SCP_RND_STAT1 ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0-15

+

| Unknown

+

|-

+

| 16-31

+

| Unknown

+

|}

+

=== TSEC_SCP_IRQSTAT ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0

+

| RND ready

+

|-

+

| 8

+

| ACL error

+

|-

+

| 12

+

| SEC error

+

|-

+

| 16

+

| CMD error

+

|-

+

| 20

+

| Single step

+

|-

+

| 24

+

| RND operation

+

|-

+

| 28

+

| Timeout

+

|}

+

Used for getting the status of crypto IRQs.

+

=== TSEC_SCP_IRQMASK ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0

+

| RND ready

+

|-

+

| 8

+

| ACL error

+

|-

+

| 12

+

| SEC error

+

|-

+

| 16

+

| CMD error

+

|-

+

| 20

+

| Single step

+

|-

+

| 24

+

| RND operation

+

|-

+

| 28

+

| Timeout

+

|}

+

Used for getting the value of the mask for crypto IRQs.

+

=== TSEC_SCP_ACL_ERR ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0

+

| Writing to a crypto register without the correct ACL

+

|-

+

| 4

+

| Reading from a crypto register without the correct ACL

+

|-

+

| 8

+

| Invalid ACL change (cchmod)

+

|-

+

| 31

+

| ACL error occurred

+

|}

+

Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.

+

=== TSEC_SCP_SEC_ERR ===

+

{| class="wikitable" border="1"

+

! Bits

+

! Description

+

|-

+

| 0

+

| Unknown

+

|-

+

| 1-2

+

| Unknown

+

|-

+

| 4

+

| Unknown

+

|-

+

| 5-6

+

| Unknown

+

|-

+

| 16

+

| Unknown

+

|-

+

| 17-18

+

| Unknown

+

|-

+

| 20

+

| Unknown

+

|-

+

| 21-22

+

| Unknown

+

|-

+

| 24

+

| Unknown

+

|-

+

| 25-26

+

| Unknown

|-

| 31

−

| ~~ACL~~ error occurred

+

| SEC error occurred

|}

−

~~Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.~~

=== TSEC_SCP_CMD_ERR ===

Line 2,961: Line 3,169:

|-

| 16

−

| ~~Insecure~~ signature (csigenc, csigclr or csigauth)

+

| Forbidden signature operation (csigenc, csigclr or csigauth in NS mode)

|-

| 20

−

| Invalid signature (csigauth in HS mode)

+

| Invalid signature operation (csigauth in HS mode)

|-

| 24

Hexkyz

Bureaucrats, Administrators

2,787

edits