1,359
edits
Changes
no edit summary
Before returning, this stage writes back to the host (using MMIO registers) and sets the key used by the first bootloader.
Before returning, this stage writes back to the host (using MMIO registers) and sets the key used by the first bootloader.
[6.2.0+] During this stage, [[#Key data|key data]] is loaded and execution jumps to [[#SecureBoot|SecureBootLdr]].
[6.2.0+] During this stage, [[#Key data|key data]] is loaded and execution jumps to [[#SecureBootLdr|SecureBootLdr]].
=== Initialization ===
=== Initialization ===
== SecureBootLdr ==
== SecureBootLdr ==
[6.2.0+] This was introduced to try to recover the secure boot from the RCM vulnerability.
This stage starts by authenticating and executing [[#KeygenLdr|KeygenLdr]] which in turn authenticates, decrypts and executes [[#Keygen|Keygen]] (both blobs remain unchanged from previous firmware versions).
This stage starts by authenticating and executing [[#KeygenLdr|KeygenLdr]] which in turn authenticates, decrypts and executes [[#Keygen|Keygen]] (both blobs remain unchanged from previous firmware versions).
After the TSEC key has been generated, execution returns to this stage which then parses and executes [[#SecureBoot|SecureBoot]].
After the TSEC key has been generated, execution returns to this stage which then parses and executes [[#SecureBoot|SecureBoot]].
== SecureBoot ==
== SecureBoot ==
[6.2.0+] This was introduced to try to recover the secure boot from the RCM vulnerability.
This stage prepares the stack then authenticates, decrypts and executes the SecureBoot blob's Falcon OS image.
This stage prepares the stack then authenticates, decrypts and executes the SecureBoot blob's Falcon OS image.