TSEC
TSEC (Tegra Security Co-processor) is a dedicated unit powered by a NVIDIA Falcon microprocessor with crypto extensions.
Driver
A host driver for communicating with the TSEC is mapped to physical address 0x54500000 with a total size of 0x40000 bytes and exposes several registers.
Registers
The TSEC's MMIO space is divided as follows:
- 0x54500000 to 0x54501000: THI (Tegra Host Interface)
- 0x54501000 to 0x54501400: FALCON (Falcon microcontroller)
- 0x54501400 to 0x54501600: SCP (Secure coprocessor)
- 0x54501600 to 0x54501680: TFBIF (Tegra Framebuffer Interface)
- 0x54501680 to 0x54501700: CG (Clock Gate)
- 0x54501700 to 0x54501800: BAR0 (HOST1X device DMA)
- 0x54501800 to 0x54501900: TEGRA (Miscellaneous interfaces)
TSEC_THI_INCR_SYNCPT
Bits | Description |
---|---|
0-9 | TSEC_THI_INCR_SYNCPT_INDX |
10-17 | TSEC_THI_INCR_SYNCPT_COND |
TSEC_THI_INCR_SYNCPT_CTRL
Bits | Description |
---|---|
0 | TSEC_THI_INCR_SYNCPT_CTRL_SOFT_RESET |
8 | TSEC_THI_INCR_SYNCPT_CTRL_NO_STALL |
16 | TSEC_THI_INCR_SYNCPT_CTRL_SOFT_RESET_0 |
17 | TSEC_THI_INCR_SYNCPT_CTRL_NO_STALL_0 |
18 | TSEC_THI_INCR_SYNCPT_CTRL_SOFT_RESET_1 |
19 | TSEC_THI_INCR_SYNCPT_CTRL_NO_STALL_1 |
20 | TSEC_THI_INCR_SYNCPT_CTRL_SOFT_RESET_2 |
21 | TSEC_THI_INCR_SYNCPT_CTRL_NO_STALL_2 |
22 | TSEC_THI_INCR_SYNCPT_CTRL_SOFT_RESET_3 |
23 | TSEC_THI_INCR_SYNCPT_CTRL_NO_STALL_3 |
24 | TSEC_THI_INCR_SYNCPT_CTRL_SOFT_RESET_4 |
25 | TSEC_THI_INCR_SYNCPT_CTRL_NO_STALL_4 |
TSEC_THI_INCR_SYNCPT_ERR
Bits | Description |
---|---|
0 | TSEC_THI_INCR_SYNCPT_ERR_COND_STS_IMM |
1 | TSEC_THI_INCR_SYNCPT_ERR_COND_STS_OPDONE |
2 | TSEC_THI_INCR_SYNCPT_ERR_COND_STS_RD_DONE |
3 | TSEC_THI_INCR_SYNCPT_ERR_COND_STS_REG_WR_SAFE |
4 | TSEC_THI_INCR_SYNCPT_ERR_COND_STS_ENGINE_IDLE |
TSEC_THI_CTXSW_INCR_SYNCPT
Bits | Description |
---|---|
0-9 | TSEC_THI_CTXSW_INCR_SYNCPT_INDX |
TSEC_THI_CTXSW
Bits | Description |
---|---|
0-9 | TSEC_THI_CTXSW_CURR_CLASS |
10 | TSEC_THI_CTXSW_AUTO_ACK |
11-20 | TSEC_THI_CTXSW_CURR_CHANNEL |
TSEC_THI_CTXSW_NEXT
Bits | Description |
---|---|
0-9 | TSEC_THI_CTXSW_NEXT_NEXT_CLASS |
10-19 | TSEC_THI_CTXSW_NEXT_NEXT_CHANNEL |
TSEC_THI_CONT_SYNCPT_EOF
Bits | Description |
---|---|
0-9 | TSEC_THI_CONT_SYNCPT_EOF_INDEX |
10 | TSEC_THI_CONT_SYNCPT_EOF_COND |
TSEC_THI_CONT_SYNCPT_L1
Bits | Description |
---|---|
0-9 | TSEC_THI_CONT_SYNCPT_L1_INDEX |
10 | TSEC_THI_CONT_SYNCPT_L1_COND |
TSEC_THI_METHOD0
Bits | Description |
---|---|
0-11 | TSEC_THI_METHOD0_OFFSET |
Used to encode and send a method's ID over HOST1X to TSEC. This register mirrors the functionality of HOST1X's channel opcode submission.
The following methods are available:
ID | Method |
---|---|
0x100 | NOP |
0x140 | PM_TRIGGER |
0x200 | SET_APPLICATION_ID |
0x204 | SET_WATCHDOG_TIMER |
0x240 | SEMAPHORE_A |
0x244 | SEMAPHORE_B |
0x248 | SEMAPHORE_C |
0x24C | CTX_SAVE_AREA |
0x250 | CTX_SWITCH |
0x300 | EXECUTE |
0x304 | SEMAPHORE_D |
0x500 | HDCP_INIT |
0x504 | HDCP_CREATE_SESSION |
0x508 | HDCP_VERIFY_CERT_RX |
0x50C | HDCP_GENERATE_EKM |
0x510 | HDCP_REVOCATION_CHECK |
0x514 | HDCP_VERIFY_HPRIME |
0x518 | HDCP_ENCRYPT_PAIRING_INFO |
0x51C | HDCP_DECRYPT_PAIRING_INFO |
0x520 | HDCP_UPDATE_SESSION |
0x524 | HDCP_GENERATE_LC_INIT |
0x528 | HDCP_VERIFY_LPRIME |
0x52C | HDCP_GENERATE_SKE_INIT |
0x530 | HDCP_VERIFY_VPRIME |
0x534 | HDCP_ENCRYPTION_RUN_CTRL |
0x538 | HDCP_SESSION_CTRL |
0x53C | HDCP_COMPUTE_SPRIME |
0x540 | HDCP_GET_CERT_RX |
0x544 | HDCP_EXCHANGE_INFO |
0x548 | HDCP_DECRYPT_KM |
0x54C | HDCP_GET_HPRIME |
0x550 | HDCP_GENERATE_EKH_KM |
0x554 | HDCP_VERIFY_RTT_CHALLENGE |
0x558 | HDCP_GET_LPRIME |
0x55C | HDCP_DECRYPT_KS |
0x560 | HDCP_DECRYPT |
0x564 | HDCP_GET_RRX |
0x568 | HDCP_DECRYPT_REENCRYPT |
0x56C | |
0x570 | |
0x574 | HDCP_DECRYPT_STORED_KM |
0x578 | HDCP_GET_CURRENT_RESOLUTION |
0x57C | HDCP_GET_CURRENT_VERSION |
0x700 | HDCP_VALIDATE_SRM |
0x704 | HDCP_VALIDATE_STREAM |
0x708 | HDCP_TEST_SECURE_STATUS |
0x70C | HDCP_SET_DCP_KPUB |
0x710 | HDCP_SET_RX_KPUB |
0x714 | HDCP_SET_CERT_RX |
0x718 | HDCP_SET_SCRATCH_BUFFER |
0x71C | HDCP_SET_SRM |
0x720 | HDCP_SET_RECEIVER_ID_LIST |
0x724 | HDCP_SET_SPRIME |
0x728 | HDCP_SET_ENC_INPUT_BUFFER |
0x72C | HDCP_SET_ENC_OUTPUT_BUFFER |
0x730 | HDCP_GET_RTT_CHALLENGE |
0x734 | HDCP_STREAM_MANAGE |
0x738 | HDCP_READ_CAPS |
0x73C | HDCP_ENCRYPT |
0x740 | [6.0.0+] HDCP_GET_CURRENT_NONCE |
0x1114 | PM_TRIGGER_END |
TSEC_THI_METHOD1
Bits | Description |
---|---|
0-31 | TSEC_THI_METHOD1_DATA |
Used to encode and send a method's data over HOST1X to TSEC. This register mirrors the functionality of HOST1X's channel opcode submission.
TSEC_THI_CONTEXT_SWITCH
Bits | Description |
---|---|
0-27 | TSEC_THI_CONTEXT_SWITCH_PTR |
30-31 | TSEC_THI_CONTEXT_SWITCH_TARGET |
TSEC_THI_INT_STATUS
Bits | Description |
---|---|
0 | TSEC_THI_INT_STATUS_FALCON_INT |
TSEC_THI_INT_MASK
Bits | Description |
---|---|
0 | TSEC_THI_INT_MASK_FALCON_INT |
TSEC_THI_CONFIG0
Bits | Description |
---|---|
0 | TSEC_THI_CONFIG0_RETURN_SYNCPT_ON_ERR |
4 | TSEC_THI_CONFIG0_IDLE_SYNCPT_INC_ENG |
TSEC_THI_DBG_MISC
Bits | Description |
---|---|
0 | TSEC_THI_DBG_MISC_CLIENT_IDLE_STATUS |
1 | TSEC_THI_DBG_MISC_THI_IDLE_STATUS |
2 | TSEC_THI_DBG_MISC_THI_SYNCPT_PENDING_STATUS |
3 | TSEC_THI_DBG_MISC_THI_IDLE_EN |
TSEC_THI_SLCG_OVERRIDE_HIGH_A
Bits | Description |
---|---|
0-7 | TSEC_THI_SLCG_OVERRIDE_HIGH_A_REG |
TSEC_THI_SLCG_OVERRIDE_LOW_A
Bits | Description |
---|---|
0-31 | TSEC_THI_SLCG_OVERRIDE_LOW_A_REG |
TSEC_THI_CLK_OVERRIDE
Bits | Description |
---|---|
0-31 | TSEC_THI_CLK_OVERRIDE_CYA |
TSEC_FALCON_IRQSSET
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQSSET_GPTMR |
1 | TSEC_FALCON_IRQSSET_WDTMR |
2 | TSEC_FALCON_IRQSSET_MTHD |
3 | TSEC_FALCON_IRQSSET_CTXSW |
4 | TSEC_FALCON_IRQSSET_HALT |
5 | TSEC_FALCON_IRQSSET_EXTERR |
6 | TSEC_FALCON_IRQSSET_SWGEN0 |
7 | TSEC_FALCON_IRQSSET_SWGEN1 |
8-15 | TSEC_FALCON_IRQSSET_EXT |
16 | TSEC_FALCON_IRQSSET_DMA |
Used for setting Falcon's IRQs.
TSEC_FALCON_IRQSCLR
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQSCLR_GPTMR |
1 | TSEC_FALCON_IRQSCLR_WDTMR |
2 | TSEC_FALCON_IRQSCLR_MTHD |
3 | TSEC_FALCON_IRQSCLR_CTXSW |
4 | TSEC_FALCON_IRQSCLR_HALT |
5 | TSEC_FALCON_IRQSCLR_EXTERR |
6 | TSEC_FALCON_IRQSCLR_SWGEN0 |
7 | TSEC_FALCON_IRQSCLR_SWGEN1 |
8-15 | TSEC_FALCON_IRQSCLR_EXT |
16 | TSEC_FALCON_IRQSCLR_DMA |
Used for clearing Falcon's IRQs.
TSEC_FALCON_IRQSTAT
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQSTAT_GPTMR |
1 | TSEC_FALCON_IRQSTAT_WDTMR |
2 | TSEC_FALCON_IRQSTAT_MTHD |
3 | TSEC_FALCON_IRQSTAT_CTXSW |
4 | TSEC_FALCON_IRQSTAT_HALT |
5 | TSEC_FALCON_IRQSTAT_EXTERR |
6 | TSEC_FALCON_IRQSTAT_SWGEN0 |
7 | TSEC_FALCON_IRQSTAT_SWGEN1 |
8-15 | TSEC_FALCON_IRQSTAT_EXT |
16 | TSEC_FALCON_IRQSTAT_DMA |
Used for getting the status of Falcon's IRQs.
TSEC_FALCON_IRQMODE
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQMODE_LVL_GPTMR |
1 | TSEC_FALCON_IRQMODE_LVL_WDTMR |
2 | TSEC_FALCON_IRQMODE_LVL_MTHD |
3 | TSEC_FALCON_IRQMODE_LVL_CTXSW |
4 | TSEC_FALCON_IRQMODE_LVL_HALT |
5 | TSEC_FALCON_IRQMODE_LVL_EXTERR |
6 | TSEC_FALCON_IRQMODE_LVL_SWGEN0 |
7 | TSEC_FALCON_IRQMODE_LVL_SWGEN1 |
8-15 | TSEC_FALCON_IRQMODE_LVL_EXT |
16 | TSEC_FALCON_IRQMODE_LVL_DMA |
Used for changing the mode Falcon's IRQs. A value of 1 means level triggered while a value of 0 means edge triggered.
TSEC_FALCON_IRQMSET
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQMSET_GPTMR |
1 | TSEC_FALCON_IRQMSET_WDTMR |
2 | TSEC_FALCON_IRQMSET_MTHD |
3 | TSEC_FALCON_IRQMSET_CTXSW |
4 | TSEC_FALCON_IRQMSET_HALT |
5 | TSEC_FALCON_IRQMSET_EXTERR |
6 | TSEC_FALCON_IRQMSET_SWGEN0 |
7 | TSEC_FALCON_IRQMSET_SWGEN1 |
8-15 | TSEC_FALCON_IRQMSET_EXT |
16 | TSEC_FALCON_IRQMSET_DMA |
Used for setting the mask for Falcon's IRQs.
TSEC_FALCON_IRQMCLR
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQMCLR_GPTMR |
1 | TSEC_FALCON_IRQMCLR_WDTMR |
2 | TSEC_FALCON_IRQMCLR_MTHD |
3 | TSEC_FALCON_IRQMCLR_CTXSW |
4 | TSEC_FALCON_IRQMCLR_HALT |
5 | TSEC_FALCON_IRQMCLR_EXTERR |
6 | TSEC_FALCON_IRQMCLR_SWGEN0 |
7 | TSEC_FALCON_IRQMCLR_SWGEN1 |
8-15 | TSEC_FALCON_IRQMCLR_EXT |
16 | TSEC_FALCON_IRQMCLR_DMA |
Used for clearing the mask for Falcon's IRQs.
TSEC_FALCON_IRQMASK
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQMASK_GPTMR |
1 | TSEC_FALCON_IRQMASK_WDTMR |
2 | TSEC_FALCON_IRQMASK_MTHD |
3 | TSEC_FALCON_IRQMASK_CTXSW |
4 | TSEC_FALCON_IRQMASK_HALT |
5 | TSEC_FALCON_IRQMASK_EXTERR |
6 | TSEC_FALCON_IRQMASK_SWGEN0 |
7 | TSEC_FALCON_IRQMASK_SWGEN1 |
8-15 | TSEC_FALCON_IRQMASK_EXT |
16 | TSEC_FALCON_IRQMASK_DMA |
Used for getting the value of the mask for Falcon's IRQs.
TSEC_FALCON_IRQDEST
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQDEST_HOST_GPTMR |
1 | TSEC_FALCON_IRQDEST_HOST_WDTMR |
2 | TSEC_FALCON_IRQDEST_HOST_MTHD |
3 | TSEC_FALCON_IRQDEST_HOST_CTXSW |
4 | TSEC_FALCON_IRQDEST_HOST_HALT |
5 | TSEC_FALCON_IRQDEST_HOST_EXTERR |
6 | TSEC_FALCON_IRQDEST_HOST_SWGEN0 |
7 | TSEC_FALCON_IRQDEST_HOST_SWGEN1 |
8-15 | TSEC_FALCON_IRQDEST_HOST_EXT |
16 | TSEC_FALCON_IRQDEST_TARGET_GPTMR |
17 | TSEC_FALCON_IRQDEST_TARGET_WDTMR |
18 | TSEC_FALCON_IRQDEST_TARGET_MTHD |
19 | TSEC_FALCON_IRQDEST_TARGET_CTXSW |
20 | TSEC_FALCON_IRQDEST_TARGET_HALT |
21 | TSEC_FALCON_IRQDEST_TARGET_EXTERR |
22 | TSEC_FALCON_IRQDEST_TARGET_SWGEN0 |
23 | TSEC_FALCON_IRQDEST_TARGET_SWGEN1 |
24-31 | TSEC_FALCON_IRQDEST_TARGET_EXT |
Used for routing Falcon's IRQs.
TSEC_FALCON_GPTMRINT
Bits | Description |
---|---|
0-31 | TSEC_FALCON_GPTMRINT_VAL |
TSEC_FALCON_GPTMRVAL
Bits | Description |
---|---|
0-31 | TSEC_FALCON_GPTMRVAL_VAL |
TSEC_FALCON_GPTMRCTL
Bits | Description |
---|---|
0 | TSEC_FALCON_GPTMRCTL_GPTMREN |
TSEC_FALCON_PTIMER0
Bits | Description |
---|---|
0-31 | TSEC_FALCON_PTIMER0_VAL |
TSEC_FALCON_PTIMER1
Bits | Description |
---|---|
0-31 | TSEC_FALCON_PTIMER1_VAL |
TSEC_FALCON_WDTMRVAL
Bits | Description |
---|---|
0-31 | TSEC_FALCON_WDTMRVAL_VAL |
TSEC_FALCON_WDTMRCTL
Bits | Description |
---|---|
0 | TSEC_FALCON_WDTMRCTL_WDTMREN |
TSEC_FALCON_IRQDEST2
Bits | Description |
---|---|
0 | TSEC_FALCON_IRQDEST2_HOST_DMA |
16 | TSEC_FALCON_IRQDEST2_TARGET_DMA |
Used for routing Falcon's IRQs.
TSEC_FALCON_MAILBOX0
Bits | Description |
---|---|
0-31 | TSEC_FALCON_MAILBOX0_DATA |
Scratch register for reading/writing data to Falcon.
TSEC_FALCON_MAILBOX1
Bits | Description |
---|---|
0-31 | TSEC_FALCON_MAILBOX1_DATA |
Scratch register for reading/writing data to Falcon.
TSEC_FALCON_ITFEN
Bits | Description |
---|---|
0 | TSEC_FALCON_ITFEN_CTXEN |
1 | TSEC_FALCON_ITFEN_MTHDEN |
Used for enabling/disabling Falcon interfaces.
TSEC_FALCON_IDLESTATE
Bits | Description |
---|---|
0 | TSEC_FALCON_IDLESTATE_FALCON_BUSY |
1-15 | TSEC_FALCON_IDLESTATE_EXT_BUSY |
Used for detecting if Falcon is busy or not.
TSEC_FALCON_CURCTX
Bits | Description |
---|---|
0-27 | TSEC_FALCON_CURCTX_CTXPTR |
28-29 | TSEC_FALCON_CURCTX_CTXTGT |
30 | TSEC_FALCON_CURCTX_CTXVLD |
TSEC_FALCON_NXTCTX
Bits | Description |
---|---|
0-27 | TSEC_FALCON_NXTCTX_CTXPTR |
28-29 | TSEC_FALCON_NXTCTX_CTXTGT |
30 | TSEC_FALCON_NXTCTX_CTXVLD |
TSEC_FALCON_CTXACK
Bits | Description |
---|---|
0 | TSEC_FALCON_CTXACK_SAVE_ACK |
1 | TSEC_FALCON_CTXACK_REST_ACK |
TSEC_FALCON_FHSTATE
Bits | Description |
---|---|
0 | TSEC_FALCON_FHSTATE_FALCON_HALTED |
1-15 | TSEC_FALCON_FHSTATE_EXT_HALTED |
16 | TSEC_FALCON_FHSTATE_ENGINE_FAULTED |
17 | TSEC_FALCON_FHSTATE_STALL_REQ |
TSEC_FALCON_PRIVSTATE
Bits | Description |
---|---|
0 | TSEC_FALCON_PRIVSTATE_PRIV |
TSEC_FALCON_MTHDDATA
Bits | Description |
---|---|
0-31 | TSEC_FALCON_MTHDDATA_DATA |
TSEC_FALCON_MTHDID
Bits | Description |
---|---|
0-11 | TSEC_FALCON_MTHDID_ID |
12-14 | TSEC_FALCON_MTHDID_SUBCH |
15 | TSEC_FALCON_MTHDID_PRIV |
16 | TSEC_FALCON_MTHDID_WPEND |
TSEC_FALCON_MTHDWDAT
Bits | Description |
---|---|
0-31 | TSEC_FALCON_MTHDWDAT_DATA |
TSEC_FALCON_MTHDCOUNT
Bits | Description |
---|---|
0-15 | TSEC_FALCON_MTHDCOUNT_COUNT |
TSEC_FALCON_MTHDPOP
Bits | Description |
---|---|
0 | TSEC_FALCON_MTHDPOP_POP |
TSEC_FALCON_MTHDRAMSZ
Bits | Description |
---|---|
0-15 | TSEC_FALCON_MTHDRAMSZ_RAMSZ |
TSEC_FALCON_SFTRESET
Bits | Description |
---|---|
0 | TSEC_FALCON_SFTRESET_EXT |
TSEC_FALCON_OS
Bits | Description |
---|---|
0-31 | TSEC_FALCON_OS_VERSION |
TSEC_FALCON_RM
Bits | Description |
---|---|
0-31 | TSEC_FALCON_RM_CONFIG |
TSEC_FALCON_SOFT_PM
Bits | Description |
---|---|
0-5 | TSEC_FALCON_SOFT_PM_PROBE |
16 | TSEC_FALCON_SOFT_PM_TRIGGER_END |
17 | TSEC_FALCON_SOFT_PM_TRIGGER_START |
TSEC_FALCON_SOFT_MODE
Bits | Description |
---|---|
0-5 | TSEC_FALCON_SOFT_MODE_PROBE |
TSEC_FALCON_DEBUG1
Bits | Description |
---|---|
0-15 | TSEC_FALCON_DEBUG1_MTHD_DRAIN_TIME |
16 | TSEC_FALCON_DEBUG1_CTXSW_MODE |
TSEC_FALCON_DEBUGINFO
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DEBUGINFO_DATA |
Used for UCODE self revocation. This register takes the base address of the GSC carveout shifted right by 8.
[6.0.0+] nvservices sets this to 0x8005FF00 >> 8 (physical DRAM address inside the GPU UCODE carveout) before starting the nvhost_tsec firmware.
TSEC_FALCON_IBRKPT1
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IBRKPT1_PC |
29 | TSEC_FALCON_IBRKPT1_SUPPRESS |
30 | TSEC_FALCON_IBRKPT1_SKIP |
31 | TSEC_FALCON_IBRKPT1_EN |
TSEC_FALCON_IBRKPT2
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IBRKPT2_PC |
29 | TSEC_FALCON_IBRKPT2_SUPPRESS |
30 | TSEC_FALCON_IBRKPT2_SKIP |
31 | TSEC_FALCON_IBRKPT2_EN |
TSEC_FALCON_CGCTL
Bits | Description |
---|---|
0 | TSEC_FALCON_CGCTL_CG_OVERRIDE |
TSEC_FALCON_ENGCTL
Bits | Description |
---|---|
0 | TSEC_FALCON_ENGCTL_INV_CONTEXT |
1 | TSEC_FALCON_ENGCTL_SET_STALLREQ |
2 | TSEC_FALCON_ENGCTL_CLR_STALLREQ |
3 | TSEC_FALCON_ENGCTL_SWITCH_CONTEXT |
8 | TSEC_FALCON_ENGCTL_STALLREQ |
9 | TSEC_FALCON_ENGCTL_STALLACK |
TSEC_FALCON_PMM
Bits | Description |
---|---|
0-4 | TSEC_FALCON_PMM_FALCON_STALL_SEL
0x00: ANY 0x01: CODE 0x02: DMAQ 0x03: DMFENCE 0x04: DMWAIT 0x05: IMWAIT 0x06: IPND 0x07: LDSTQ 0x08: SB 0x09: ANY_SC 0x0A: CODE_SC 0x0B: DMAQ_SC 0x0C: DMFENCE_SC 0x0D: DMWAIT_SC 0x0E: IMWAIT_SC 0x0F: IPND_SC 0x10: LDSTQ_SC 0x11: SB_SC |
5-7 | TSEC_FALCON_PMM_FALCON_IDLE_SEL
0x00: WAITING 0x01: ENG_IDLE 0x02: MTHD_FULL 0x03: WAITING_SC 0x04: ENG_IDLE_SC 0x05: MTHD_FULL_SC |
8-11 | TSEC_FALCON_PMM_FALCON_SOFTPM0_SEL
0x00: 0 0x01: 1 0x02: 2 0x03: 3 0x04: 4 0x05: 5 0x06: 0_SC 0x07: 1_SC 0x08: 2_SC 0x09: 3_SC 0x0A: 4_SC 0x0B: 5_SC |
12-15 | TSEC_FALCON_PMM_FALCON_SOFTPM1_SEL
0x00: 0 |
17-19 | TSEC_FALCON_PMM_TFBIF_DSTAT_SEL
0x00: 1KTRANSFER 0x01: RREQ 0x02: WREQ 0x03: TWREQ 0x04: 1KTRANSFER_SC 0x05: RREQ_SC 0x06: WREQ_SC 0x07: TWREQ_SC |
20-23 | TSEC_FALCON_PMM_TFBIF_STALL0_SEL
0x00: RDATQ_FULL 0x01: RACKQ_FULL 0x02: WREQQ_FULL 0x03: WDATQ_FULL 0x04: WACKQ_FULL 0x05: MREQQ_FULL 0x06: RREQ_PEND 0x07: WREQ_PEND 0x08: RDATQ_FULL_SC 0x09: RACKQ_FULL_SC 0x0A: WREQQ_FULL_SC 0x0B: WDATQ_FULL_SC 0x0C: WACKQ_FULL_SC 0x0D: MREQQ_FULL_SC 0x0E: RREQ_PEND_SC 0x0F: WREQ_PEND_SC |
24-27 | TSEC_FALCON_PMM_TFBIF_STALL1_SEL
0x00: RDATQ_FULL |
28-31 | TSEC_FALCON_PMM_TFBIF_STALL2_SEL
0x00: RDATQ_FULL |
TSEC_FALCON_ADDR
Bits | Description |
---|---|
0-5 | TSEC_FALCON_ADDR_LSB |
6-11 | TSEC_FALCON_ADDR_MSB |
TSEC_FALCON_IBRKPT3
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IBRKPT3_PC |
29 | TSEC_FALCON_IBRKPT3_SUPPRESS |
30 | TSEC_FALCON_IBRKPT3_SKIP |
31 | TSEC_FALCON_IBRKPT3_EN |
TSEC_FALCON_IBRKPT4
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IBRKPT4_PC |
29 | TSEC_FALCON_IBRKPT4_SUPPRESS |
30 | TSEC_FALCON_IBRKPT4_SKIP |
31 | TSEC_FALCON_IBRKPT4_EN |
TSEC_FALCON_IBRKPT5
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IBRKPT5_PC |
29 | TSEC_FALCON_IBRKPT5_SUPPRESS |
30 | TSEC_FALCON_IBRKPT5_SKIP |
31 | TSEC_FALCON_IBRKPT5_EN |
TSEC_FALCON_EXCI
Bits | Description |
---|---|
0-19 | TSEC_FALCON_EXCI_EXPC |
20-23 | TSEC_FALCON_EXCI_EXCAUSE
0x00: TRAP0 0x01: TRAP1 0x02: TRAP2 0x03: TRAP3 0x08: ILL_INS (invalid opcode) 0x09: INV_INS (authentication entry) 0x0A: MISS_INS (page miss) 0x0B: DHIT_INS (page multiple hit) 0x0F: BRKPT_INS (breakpoint hit) |
Contains information about raised exceptions.
TSEC_FALCON_SVEC_SPR
Bits | Description |
---|---|
18 | TSEC_FALCON_SVEC_SPR_SIGPASS |
TSEC_FALCON_RSTAT0
Mirror of the ICD status register 0.
TSEC_FALCON_RSTAT3
Mirror of the ICD status register 3.
TSEC_FALCON_SIRQMASK
Unofficial name.
Same as TSEC_FALCON_IRQMASK, but for LS mode.
TSEC_FALCON_CPUCTL
Bits | Description |
---|---|
0 | TSEC_FALCON_CPUCTL_IINVAL |
1 | TSEC_FALCON_CPUCTL_STARTCPU |
2 | TSEC_FALCON_CPUCTL_SRESET |
3 | TSEC_FALCON_CPUCTL_HRESET |
4 | TSEC_FALCON_CPUCTL_HALTED |
5 | TSEC_FALCON_CPUCTL_STOPPED |
6 | TSEC_FALCON_CPUCTL_ALIAS_EN |
Used for signaling the Falcon CPU.
TSEC_FALCON_BOOTVEC
Bits | Description |
---|---|
0-31 | TSEC_FALCON_BOOTVEC_VEC |
Takes the Falcon's boot vector address.
TSEC_FALCON_HWCFG
Bits | Description |
---|---|
0-8 | TSEC_FALCON_HWCFG_IMEM_SIZE |
9-17 | TSEC_FALCON_HWCFG_DMEM_SIZE |
18-26 | TSEC_FALCON_HWCFG_METHODFIFO_DEPTH |
27-31 | TSEC_FALCON_HWCFG_DMAQUEUE_DEPTH |
TSEC_FALCON_DMACTL
Bits | Description |
---|---|
0 | TSEC_FALCON_DMACTL_REQUIRE_CTX |
1 | TSEC_FALCON_DMACTL_DMEM_SCRUBBING |
2 | TSEC_FALCON_DMACTL_IMEM_SCRUBBING |
3-6 | TSEC_FALCON_DMACTL_DMAQ_NUM |
7 | TSEC_FALCON_DMACTL_SECURE_STAT |
Used for configuring the Falcon's DMA engine.
TSEC_FALCON_DMATRFBASE
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMATRFBASE_BASE |
Base address of the external memory buffer, shifted right by 8.
The current transfer address is calculated by adding TSEC_FALCON_DMATRFFBOFFS to the base.
TSEC_FALCON_DMATRFMOFFS
Bits | Description |
---|---|
0-15 | TSEC_FALCON_DMATRFMOFFS_OFFS |
For transfers to DMEM: the destination address. For transfers to IMEM: the destination virtual IMEM page.
TSEC_FALCON_DMATRFCMD
Bits | Description |
---|---|
0 | TSEC_FALCON_DMATRFCMD_FULL |
1 | TSEC_FALCON_DMATRFCMD_IDLE |
2-3 | TSEC_FALCON_DMATRFCMD_SEC |
4 | TSEC_FALCON_DMATRFCMD_IMEM |
5 | TSEC_FALCON_DMATRFCMD_WRITE |
8-10 | TSEC_FALCON_DMATRFCMD_SIZE |
12-14 | TSEC_FALCON_DMATRFCMD_CTXDMA |
Used for configuring DMA transfers.
TSEC_FALCON_DMATRFFBOFFS
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMATRFFBOFFS_OFFS |
For transfers to IMEM: the destination physical IMEM page.
TSEC_FALCON_DMAPOLL_FB
Bits | Description |
---|---|
0 | TSEC_FALCON_DMAPOLL_FB_FENCE_ACTIVE |
1 | TSEC_FALCON_DMAPOLL_FB_DMA_ACTIVE |
4 | TSEC_FALCON_DMAPOLL_FB_CFG_R_FENCE |
5 | TSEC_FALCON_DMAPOLL_FB_CFG_W_FENCE |
16-23 | TSEC_FALCON_DMAPOLL_FB_WCOUNT |
24-31 | TSEC_FALCON_DMAPOLL_FB_RCOUNT |
Contains the status of a DMA transfer between the Falcon and external memory.
TSEC_FALCON_DMAPOLL_CP
Bits | Description |
---|---|
0 | TSEC_FALCON_DMAPOLL_CP_FENCE_ACTIVE |
1 | TSEC_FALCON_DMAPOLL_CP_DMA_ACTIVE |
4 | TSEC_FALCON_DMAPOLL_CP_CFG_R_FENCE |
5 | TSEC_FALCON_DMAPOLL_CP_CFG_W_FENCE |
16-23 | TSEC_FALCON_DMAPOLL_CP_WCOUNT |
24-31 | TSEC_FALCON_DMAPOLL_CP_RCOUNT |
Contains the status of a DMA transfer between the Falcon and the SCP.
TSEC_FALCON_HWCFG1
Bits | Description |
---|---|
0-3 | TSEC_FALCON_HWCFG1_CORE_REV |
4-5 | TSEC_FALCON_HWCFG1_SECURITY_MODEL |
6-7 | TSEC_FALCON_HWCFG1_CORE_REV_SUBVERSION |
8-11 | TSEC_FALCON_HWCFG1_IMEM_PORTS |
12-15 | TSEC_FALCON_HWCFG1_DMEM_PORTS |
16-20 | TSEC_FALCON_HWCFG1_TAG_WIDTH |
27 | TSEC_FALCON_HWCFG1_DBG_PRIV_BUS |
28 | TSEC_FALCON_HWCFG1_CSB_SIZE_16M |
29 | TSEC_FALCON_HWCFG1_PRIV_DIRECT |
30 | TSEC_FALCON_HWCFG1_DMEM_APERTURES |
31 | TSEC_FALCON_HWCFG1_IMEM_AUTOFILL |
TSEC_FALCON_CPUCTL_ALIAS
Bits | Description |
---|---|
1 | TSEC_FALCON_CPUCTL_ALIAS_STARTCPU |
TSEC_FALCON_STACKCFG
Bits | Description |
---|---|
0-15 | TSEC_FALCON_STACKCFG_BOTTOM |
31 | TSEC_FALCON_STACKCFG_SPEXC |
TSEC_FALCON_IMCTL
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IMCTL_ADDR_BLK |
24-26 | TSEC_FALCON_IMCTL_CMD
0x00: NOP 0x01: IMINV (ITLB) 0x02: IMBLK (PTLB) 0x03: IMTAG (VTLB) 0x04: IMTAG_SETVLD |
Controls the Falcon TLB.
TSEC_FALCON_IMSTAT
Bits | Description |
---|---|
0-31 | TSEC_FALCON_IMSTAT_VAL |
Returns the result of the last command from TSEC_FALCON_IMCTL.
TSEC_FALCON_TRACEIDX
Bits | Description |
---|---|
0-7 | TSEC_FALCON_TRACEIDX_IDX |
16-23 | TSEC_FALCON_TRACEIDX_MAXIDX |
24-31 | TSEC_FALCON_TRACEIDX_CNT |
Controls the index for tracing with TSEC_FALCON_TRACEPC.
TSEC_FALCON_TRACEPC
Bits | Description |
---|---|
0-23 | TSEC_FALCON_TRACEPC_PC |
Returns the PC of the last call or branch executed.
TSEC_FALCON_IMFILLRNG0
Bits | Description |
---|---|
0-15 | TSEC_FALCON_IMFILLRNG0_TAG_LO |
16-31 | TSEC_FALCON_IMFILLRNG0_TAG_HI |
TSEC_FALCON_IMFILLRNG1
Bits | Description |
---|---|
0-15 | TSEC_FALCON_IMFILLRNG1_TAG_LO |
16-31 | TSEC_FALCON_IMFILLRNG1_TAG_HI |
TSEC_FALCON_IMFILLCTL
Bits | Description |
---|---|
0-7 | TSEC_FALCON_IMFILLCTL_NBLOCKS |
TSEC_FALCON_IMCTL_DEBUG
Bits | Description |
---|---|
0-23 | TSEC_FALCON_IMCTL_DEBUG_ADDR_BLK |
24-26 | TSEC_FALCON_IMCTL_DEBUG_CMD
0x00: NOP 0x02: IMBLK 0x03: IMTAG |
TSEC_FALCON_CMEMBASE
Bits | Description |
---|---|
18-31 | TSEC_FALCON_CMEMBASE_VAL |
TSEC_FALCON_DMEMAPERT
Bits | Description |
---|---|
0-7 | TSEC_FALCON_DMEMAPERT_TIME_OUT |
8-11 | TSEC_FALCON_DMEMAPERT_TIME_UNIT |
16 | TSEC_FALCON_DMEMAPERT_ENABLE |
17-19 | TSEC_FALCON_DMEMAPERT_LDSTQ_NUM |
TSEC_FALCON_EXTERRADDR
Bits | Description |
---|---|
0-31 | TSEC_FALCON_EXTERRADDR_ADDR |
TSEC_FALCON_EXTERRSTAT
Bits | Description |
---|---|
0-23 | TSEC_FALCON_EXTERRSTAT_PC |
24-27 | TSEC_FALCON_EXTERRSTAT_STAT |
31 | TSEC_FALCON_EXTERRSTAT_VALID |
TSEC_FALCON_CG2
Bits | Description |
---|---|
1 | TSEC_FALCON_CG2_SLCG_FALCON_DMA |
2 | TSEC_FALCON_CG2_SLCG_FALCON_GC6_SR_FSM |
3 | TSEC_FALCON_CG2_SLCG_FALCON_PIPE |
4 | TSEC_FALCON_CG2_SLCG_FALCON_DIV |
5 | TSEC_FALCON_CG2_SLCG_FALCON_ICD |
6 | TSEC_FALCON_CG2_SLCG_FALCON_CFG |
7 | TSEC_FALCON_CG2_SLCG_FALCON_CTXSW |
8 | TSEC_FALCON_CG2_SLCG_FALCON_PMB |
9 | TSEC_FALCON_CG2_SLCG_FALCON_RF |
10 | TSEC_FALCON_CG2_SLCG_FALCON_MUL |
11 | TSEC_FALCON_CG2_SLCG_FALCON_LDST |
12 | TSEC_FALCON_CG2_SLCG_FALCON_TSYNC |
13 | TSEC_FALCON_CG2_SLCG_FALCON_GPTMR |
14 | TSEC_FALCON_CG2_SLCG_FALCON_WDTMR |
15 | TSEC_FALCON_CG2_SLCG_FALCON_IRQSTAT |
16 | TSEC_FALCON_CG2_SLCG_FALCON_TOP |
17 | TSEC_FALCON_CG2_SLCG_FBIF |
TSEC_FALCON_IMEMC
Bits | Description |
---|---|
2-7 | TSEC_FALCON_IMEMC_OFFS |
8-15 | TSEC_FALCON_IMEMC_BLK |
24 | TSEC_FALCON_IMEMC_AINCW |
25 | TSEC_FALCON_IMEMC_AINCR |
28 | TSEC_FALCON_IMEMC_SECURE |
29 | TSEC_FALCON_IMEMC_SEC_ATOMIC |
30 | TSEC_FALCON_IMEMC_SEC_WR_VIO |
31 | TSEC_FALCON_IMEMC_SEC_LOCK |
Used for configuring access to Falcon's IMEM.
TSEC_FALCON_IMEMD
Bits | Description |
---|---|
0-31 | TSEC_FALCON_IMEMD_DATA |
Returns or takes the value for an IMEM read/write operation.
TSEC_FALCON_IMEMT
Bits | Description |
---|---|
0-15 | TSEC_FALCON_IMEMT_TAG |
Returns or takes the virtual page index for an IMEM read/write operation.
TSEC_FALCON_DMEMC
Bits | Description |
---|---|
2-7 | TSEC_FALCON_DMEMC_OFFS |
8-15 | TSEC_FALCON_DMEMC_BLK |
24 | TSEC_FALCON_DMEMC_AINCW |
25 | TSEC_FALCON_DMEMC_AINCR |
Used for configuring access to Falcon's DMEM.
TSEC_FALCON_DMEMD
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMEMD_DATA |
Returns or takes the value for a DMEM read/write operation.
TSEC_FALCON_ICD_CMD
Bits | Description |
---|---|
0-3 | TSEC_FALCON_ICD_CMD_OPC
0x00: STOP 0x01: RUN (run from PC) 0x02: JRUN (run from address) 0x03: RUNB (run from PC) 0x04: JRUNB (run from address) 0x05: STEP (step from PC) 0x06: JSTEP (step from address) 0x07: EMASK (set exception mask) 0x08: RREG (read register) 0x09: WREG (write register) 0x0A: RDM (read data memory) 0x0B: WDM (write data memory) 0x0C: RCM (read MMIO/configuration memory) 0x0D: WCM (write MMIO/configuration memory) 0x0E: RSTAT (read status) 0x0F: SBU (store buffer update) |
6-7 | TSEC_FALCON_ICD_CMD_SZ
0x00: B (byte) 0x01: HW (half word) 0x02: W (word) |
8-12 | TSEC_FALCON_ICD_CMD_IDX
0x00: REG0 | RSTAT0 | WB0 0x01: REG1 | RSTAT1 | WB1 0x02: REG2 | RSTAT2 | WB2 0x03: REG3 | RSTAT3 | WB3 0x04: REG4 | RSTAT4 0x05: REG5 | RSTAT5 0x06: REG6 0x07: REG7 0x08: REG8 0x09: REG9 0x0A: REG10 0x0B: REG11 0x0C: REG12 0x0D: REG13 0x0E: REG14 0x0F: REG15 0x10: IV0 0x11: IV1 0x12: UNDEFINED 0x13: EV 0x14: SP 0x15: PC 0x16: IMB 0x17: DMB 0x18: CSW 0x19: CCR 0x1A: SEC 0x1B: CTX 0x1C: EXCI 0x1D: SEC1 0x1E: IMB1 0x1F: DMB1 |
14 | TSEC_FALCON_ICD_CMD_ERROR |
15 | TSEC_FALCON_ICD_CMD_RDVLD |
16-31 | TSEC_FALCON_ICD_CMD_PARM
0x0001: EMASK_TRAP0 0x0002: EMASK_TRAP1 0x0004: EMASK_TRAP2 0x0008: EMASK_TRAP3 0x0010: EMASK_EXC_UNIMP 0x0020: EMASK_EXC_IMISS 0x0040: EMASK_EXC_IMHIT 0x0080: EMASK_EXC_IBREAK 0x0100: EMASK_IV0 0x0200: EMASK_IV1 0x0400: EMASK_IV2 0x0800: EMASK_EXT0 0x1000: EMASK_EXT1 0x2000: EMASK_EXT2 0x4000: EMASK_EXT3 0x8000: EMASK_EXT4 |
Used for sending commands to the Falcon's in-chip debugger.
TSEC_FALCON_ICD_ADDR
Bits | Description |
---|---|
0-31 | TSEC_FALCON_ICD_ADDR_ADDR |
Takes the target address for the Falcon's in-chip debugger.
TSEC_FALCON_ICD_WDATA
Bits | Description |
---|---|
0-31 | TSEC_FALCON_ICD_WDATA_DATA |
Takes the data for writing using the Falcon's in-chip debugger.
TSEC_FALCON_ICD_RDATA
Bits | Description |
---|---|
0-31 | TSEC_FALCON_ICD_RDATA_DATA |
Returns the data read using the Falcon's in-chip debugger.
When reading from an internal status register (STAT), the following applies:
Bits | Description |
---|---|
0 | RSTAT0_MEM_STALL |
1 | RSTAT0_DMA_STALL |
2 | RSTAT0_FENCE_STALL |
3 | RSTAT0_DIV_STALL |
4 | RSTAT0_DMA_STALL_DMAQ |
5 | RSTAT0_DMA_STALL_DMWAITING |
6 | RSTAT0_DMA_STALL_IMWAITING |
7 | RSTAT0_ANY_STALL |
8 | RSTAT0_SBFULL_STALL |
9 | RSTAT0_SBHIT_STALL |
10 | RSTAT0_FLOW_STALL |
11 | RSTAT0_SP_STALL |
12 | RSTAT0_BL_STALL |
13 | RSTAT0_IPND_STALL |
14 | RSTAT0_LDSTQ_STALL |
16 | RSTAT0_NOINSTR_STALL |
20 | RSTAT0_HALTSTOP_FLUSH |
21 | RSTAT0_AFILL_FLUSH |
22 | RSTAT0_EXC_FLUSH |
23-25 | RSTAT0_IRQ_FLUSH |
28 | RSTAT0_VALIDRD |
29 | RSTAT0_WAITING |
30 | RSTAT0_HALTED |
31 | RSTAT0_MTHD_FULL |
Bits | Description |
---|---|
0-3 | RSTAT1_WB_ALLOC |
4-7 | RSTAT1_WB_VALID |
8-9 | RSTAT1_WB0_SZ |
10-11 | RSTAT1_WB1_SZ |
12-13 | RSTAT1_WB2_SZ |
14-15 | RSTAT1_WB3_SZ |
16-19 | RSTAT1_WB0_IDX |
20-23 | RSTAT1_WB1_IDX |
24-27 | RSTAT1_WB2_IDX |
28-31 | RSTAT1_WB3_IDX |
Bits | Description |
---|---|
0-3 | RSTAT2_DMAQ_NUM |
4 | RSTAT2_DMA_ENABLE |
5-7 | RSTAT2_LDSTQ_NUM |
16-19 | RSTAT2_EM_BUSY |
20-23 | RSTAT2_EM_ACKED |
24-27 | RSTAT2_EM_ISWR |
28-31 | RSTAT2_EM_DVLD |
Bits | Description |
---|---|
0 | RSTAT3_MTHD_IDLE |
1 | RSTAT3_CTXSW_IDLE |
2 | RSTAT3_DMA_IDLE |
3 | RSTAT3_SCP_IDLE |
4 | RSTAT3_LDST_IDLE |
5 | RSTAT3_SBWB_EMPTY |
6-8 | RSTAT3_CSWIE |
10 | RSTAT3_CSWE |
12-14 | RSTAT3_CTXSW_STATE
0x00: IDLE 0x01: SM_CHECK 0x02: SM_SAVE 0x03: SM_SAVE_WAIT 0x04: SM_BLK_BIND 0x05: SM_RESET 0x06: SM_RESETWAIT 0x07: SM_ACK |
15 | RSTAT3_CTXSW_PEND |
17 | RSTAT3_DMA_FBREQ_IDLE |
18 | RSTAT3_DMA_ACKQ_EMPTY |
19 | RSTAT3_DMA_RDQ_EMPTY |
20 | RSTAT3_DMA_WR_BUSY |
21 | RSTAT3_DMA_RD_BUSY |
22 | RSTAT3_LDST_XT_BUSY |
23 | RSTAT3_LDST_XT_BLOCK |
24 | RSTAT3_ENG_IDLE |
Bits | Description |
---|---|
0-1 | RSTAT4_ICD_STATE
0x00: NORMAL 0x01: WAIT_ISSUE_CLEAR 0x02: WAIT_EXLDQ_CLEAR 0x03: FULL_DBG_MODE |
2-3 | RSTAT4_ICD_MODE
0x00: SUPPRESSICD 0x01: ENTERICD_IBRK 0x02: ENTERICD_STEP |
16 | RSTAT4_ICD_EMASK_TRAP0 |
17 | RSTAT4_ICD_EMASK_TRAP1 |
18 | RSTAT4_ICD_EMASK_TRAP2 |
19 | RSTAT4_ICD_EMASK_TRAP3 |
20 | RSTAT4_ICD_EMASK_EXC_UNIMP |
21 | RSTAT4_ICD_EMASK_EXC_IMISS |
22 | RSTAT4_ICD_EMASK_EXC_IMHIT |
23 | RSTAT4_ICD_EMASK_EXC_IBREAK |
24 | RSTAT4_ICD_EMASK_IV0 |
25 | RSTAT4_ICD_EMASK_IV1 |
26 | RSTAT4_ICD_EMASK_IV2 |
27 | RSTAT4_ICD_EMASK_EXT0 |
28 | RSTAT4_ICD_EMASK_EXT1 |
29 | RSTAT4_ICD_EMASK_EXT2 |
30 | RSTAT4_ICD_EMASK_EXT3 |
31 | RSTAT4_ICD_EMASK_EXT4 |
Bits | Description |
---|---|
0-7 | RSTAT5_LRU_STATE |
TSEC_FALCON_SCTL
Bits | Description |
---|---|
0 | TSEC_FALCON_SCTL_LSMODE |
1 | TSEC_FALCON_SCTL_HSMODE |
4-5 | Current access level |
8-9 | Unknown access level |
12 | Unknown |
13 | Unknown |
14 | Initialize the transition to LS mode |
TSEC_FALCON_SERRSTAT
Bits | Description |
---|---|
0-23 | Unknown |
30 | Unknown |
31 | Set on memory protection violation |
Unofficial name.
Used for detecting invalid CSB accesses in LS mode.
TSEC_FALCON_SERRVAL
Bits | Description |
---|---|
0-31 | Error code |
Unofficial name.
TSEC_FALCON_SERRADDR
Bits | Description |
---|---|
0-31 | Error address |
Unofficial name.
TSEC_FALCON_SCTL1
Bits | Description |
---|---|
0-1 | CSB access level |
2-3 | Unknown access level |
Unofficial name.
TSEC_FALCON_STEST
Bits | Description |
---|---|
0-31 | Unknown |
Unofficial name.
TSEC_FALCON_SICD
Bits | Description |
---|---|
0 | Enable access to ICD command STOP |
1 | Enable access to ICD command RUN |
2 | Enable access to ICD command RUNB |
3 | Enable access to ICD command STEP |
4 | Enable access to ICD command EMASK |
5 | Enable access to ICD command RREG (only for SPRs) |
6 | Enable access to ICD command RSTAT |
7 | Enable access to IBRKPT registers |
8 | Enable access to ICD command RREG (only for GPRs) |
9 | Enable access to ICD command RDM |
Unofficial name.
Controls access to the ICD in LS mode.
TSEC_FALCON_SPROT_IMEM
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to Falcon IMEM.
TSEC_FALCON_SPROT_DMEM
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to Falcon DMEM.
TSEC_FALCON_SPROT_CPUCTL
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to the TSEC_FALCON_CPUCTL register.
TSEC_FALCON_SPROT_MISC
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to the following registers:
- TSEC_FALCON_PRIVSTATE
- TSEC_FALCON_SFTRESET
- TSEC_FALCON_ADDR
- TSEC_FALCON_DMACTL
- TSEC_FALCON_IMCTL
- TSEC_FALCON_IMSTAT
- TSEC_FALCON_SCTL1
- TSEC_FALCON_DMAINFO_CTL
TSEC_FALCON_SPROT_IRQ
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to the following registers:
- TSEC_FALCON_IRQMODE
- TSEC_FALCON_IRQMSET
- TSEC_FALCON_IRQMCLR
- TSEC_FALCON_IRQDEST
- TSEC_FALCON_GPTMRINT
- TSEC_FALCON_GPTMRVAL
- TSEC_FALCON_GPTMRCTL
- TSEC_FALCON_IRQDEST2
- TSEC_FALCON_SIRQMASK
TSEC_FALCON_SPROT_MTHD
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to the following registers:
- TSEC_FALCON_ITFEN
- TSEC_FALCON_CURCTX
- TSEC_FALCON_NXTCTX
- TSEC_FALCON_CTXACK
- TSEC_FALCON_MTHDDATA
- TSEC_FALCON_MTHDID
- TSEC_FALCON_MTHDWDAT
- TSEC_FALCON_MTHDCOUNT
- TSEC_FALCON_MTHDPOP
- TSEC_FALCON_MTHDRAMSZ
- TSEC_FALCON_DEBUG1
TSEC_FALCON_SPROT_SCTL
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to the TSEC_FALCON_SCTL register.
TSEC_FALCON_SPROT_WDTMR
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to the following registers:
TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMAINFO_FINISHED_FBRD_LOW_VAL |
TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH
Bits | Description |
---|---|
0-30 | TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_VAL |
31 | TSEC_FALCON_DMAINFO_FINISHED_FBRD_HIGH_OBIT |
TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMAINFO_FINISHED_FBWR_LOW_VAL |
TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH
Bits | Description |
---|---|
0-30 | TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_VAL |
31 | TSEC_FALCON_DMAINFO_FINISHED_FBWR_HIGH_OBIT |
TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMAINFO_CURRENT_FBRD_LOW_VAL |
TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH
Bits | Description |
---|---|
0-30 | TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_VAL |
31 | TSEC_FALCON_DMAINFO_CURRENT_FBRD_HIGH_OBIT |
TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW
Bits | Description |
---|---|
0-31 | TSEC_FALCON_DMAINFO_CURRENT_FBWR_LOW_VAL |
TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH
Bits | Description |
---|---|
0-30 | TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_VAL |
31 | TSEC_FALCON_DMAINFO_CURRENT_FBWR_HIGH_OBIT |
TSEC_FALCON_DMAINFO_CTL
Bits | Description |
---|---|
0 | TSEC_FALCON_DMAINFO_CTL_CLR_FBRD |
1 | TSEC_FALCON_DMAINFO_CTL_CLR_FBWR |
TSEC_SCP_CTL0
Bits | Description |
---|---|
10 | Enable Falcon<->LOAD interface |
12 | Enable Falcon<->STORE interface |
14 | Enable Falcon<->CMD interface |
16 | Enable SEQ |
20 | Enable CTL |
Unofficial name.
TSEC_SCP_CTL1
Bits | Description |
---|---|
0 | Clear SEQ |
8 | Clear SCP's internal pipeline |
11 | Enable RNG's test mode |
12 | Enable RNG |
16 | Enable Falcon<->LOAD interface's dummy mode (all reads return 0) |
20 | Enable Falcon<->LOAD interface bypassing (all reads are dropped) |
24 | Enable Falcon<->STORE interface bypassing (all writes are dropped) |
Unofficial name.
TSEC_SCP_CTL_STAT
Bits | Description |
---|---|
20 | TSEC_SCP_CTL_STAT_DEBUG_MODE |
TSEC_SCP_CTL_LOCK
Bits | Description |
---|---|
0 | Enable lockdown mode (locks IMEM and DMEM) |
1 | Lockdown has pending exit request |
2 | Lockdown has been enabled before |
4 | Enable SCP lockdown mode (locks SCP's MMIO register space) |
6 | SCP lockdown has been enabled before |
Unofficial name.
Controls lockdown mode. Can only be cleared in HS mode.
TSEC_SCP_CFG
Bits | Description |
---|---|
0 | Endianness for ADD
0: Little 1: Big |
1 | Endianness for GFMUL
0: Little 1: Big |
2 | Endianness for LOAD
0: Little 1: Big |
3 | Endianness for STORE
0: Little 1: Big |
4 | Endianness for AES
0: Little 1: Big |
8 | Flush CMD |
12-13 | Carry chain's size
0: 32 bits 1: 64 bits 2: 96 bits 3: 128 bits |
16-31 | SCP's internal pipeline stall timeout value |
Unofficial name.
TSEC_SCP_CTL_SCP
Bits | Description |
---|---|
0 | Swap SCP's master |
1 | Current SCP's master
0: Falcon 1: External |
Unofficial name.
TSEC_SCP_CTL_PKEY
Bits | Description |
---|---|
0 | TSEC_SCP_CTL_PKEY_REQUEST_RELOAD |
1 | TSEC_SCP_CTL_PKEY_LOADED |
TSEC_SCP_CTL_DBG
Bits | Description |
---|---|
4 | Disable lockdown mode |
8 | Disable SCP lockdown mode |
Unofficial name.
Overrides lockdown mode. Can only be set in debug mode.
TSEC_SCP_DBG0
Bits | Description |
---|---|
0-3 | Index |
4 | Auto-increment |
5-6 | Target
0: None 1: STORE 2: LOAD 3: SEQ |
8-12 | SEQ's current sequence's size |
13-16 | SEQ's current instruction's address |
17 | SEQ's current instruction is valid |
18 | SEQ is running in HS mode |
19-22 | LOAD's queue's size |
23 | LOAD's current operation is valid |
24 | LOAD is running in HS mode |
25-26 | STORE's queue's size |
30 | STORE's current operation is valid |
31 | STORE is running in HS mode |
Unofficial name.
Used for debugging the LOAD, STORE and SEQ blocks.
TSEC_SCP_DBG1
Bits | Description |
---|---|
0-31 | Data
If target is SEQ: Bits 0-3: current instruction's first operand Bits 4-9: current instruction's second operand Bits 10-14: current instruction's opcode |
Unofficial name.
Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ block.
TSEC_SCP_DBG2
Bits | Description |
---|---|
0-1 | SEQ's state
0: Idle 1: Recording (cs0begin/cs1begin) 2: Executing (cs0exec/cs1exec) |
4-7 | Number of cycles left for SEQ's current sequence |
12-15 | Active crypto key register (ckeyreg) |
Unofficial name.
Used for retrieving additional debug data associated with the SEQ block.
TSEC_SCP_CMD
Bits | Description |
---|---|
0-3 | Destination register |
8-13 | Source register or immediate value |
20-24 | Command opcode
0x0: nop (fuc5 opcode 0x00) 0x1: cmov (fuc5 opcode 0x84) 0x2: cxsin (fuc5 opcode 0x88) or xdst (with cxset) 0x3: cxsout (fuc5 opcode 0x8C) or xdld (with cxset) 0x4: crnd (fuc5 opcode 0x90) 0x5: cs0begin (fuc5 opcode 0x94) 0x6: cs0exec (fuc5 opcode 0x98) 0x7: cs1begin (fuc5 opcode 0x9C) 0x8: cs1exec (fuc5 opcode 0xA0) 0x9: invalid (fuc5 opcode 0xA4) 0xA: cchmod (fuc5 opcode 0xA8) 0xB: cxor (fuc5 opcode 0xAC) 0xC: cadd (fuc5 opcode 0xB0) 0xD: cand (fuc5 opcode 0xB4) 0xE: crev (fuc5 opcode 0xB8) 0xF: cgfmul (fuc5 opcode 0xBC) 0x10: csecret (fuc5 opcode 0xC0) 0x11: ckeyreg (fuc5 opcode 0xC4) 0x12: ckexp (fuc5 opcode 0xC8) 0x13: ckrexp (fuc5 opcode 0xCC) 0x14: cenc (fuc5 opcode 0xD0) 0x15: cdec (fuc5 opcode 0xD4) 0x16: csigcmp (fuc5 opcode 0xD8) 0x17: csigenc (fuc5 opcode 0xDC) 0x18: csigclr (fuc5 opcode 0xE0) |
28 | CMD's current instruction is valid |
31 | CMD is running in HS mode |
Unofficial name.
Contains information on the last crypto command executed.
TSEC_SCP_STAT0
Bits | Description |
---|---|
0 | SCP is active |
2 | CMD is active |
4 | STORE is active |
6 | SEQ is active |
8 | CTL is active |
10 | LOAD is active |
14 | AES is active |
16 | RNG is active |
Unofficial name.
Contains the statuses of hardware blocks.
TSEC_SCP_STAT1
Bits | Description |
---|---|
0-1 | Signature comparison result
0: None 1: Running 2: Failed 3: Succeeded |
4 | Falcon<->LOAD interface is running in HS mode |
6 | Falcon<->LOAD interface is ready |
8 | Falcon<->STORE interface is running in HS mode |
10 | Falcon<->STORE interface received a valid operation |
12 | Falcon<->CMD interface is running in HS mode |
14 | Falcon<->CMD interface received a valid instruction |
Unofficial name.
Contains the statuses of hardware interfaces and the result of the last authentication attempt.
TSEC_SCP_STAT2
Bits | Description |
---|---|
0-4 | Current opcode in SEQ |
5-9 | Current opcode in Falcon<->CMD interface |
10-14 | Pending opcode in CMD |
15-16 | Current opcode in AES
0: Encryption 1: Decryption 2: Key expansion 3: Key reverse expansion |
24 | SCP's internal pipeline is stalled on hazard |
25 | STORE is stalled |
26 | LOAD is stalled |
27 | RNG is stalled |
28 | SCP's internal pipeline is stalled on writeback |
29 | AES is stalled |
Unofficial name.
Contains the status of crypto operations.
TSEC_SCP_RNG_STAT0
Bits | Description |
---|---|
0 | RND is ready |
4-7 | Unknown |
8-11 | Unknown |
16 | Unknown |
20 | Unknown |
Unofficial name.
TSEC_SCP_RNG_STAT1
Bits | Description |
---|---|
0-15 | Unknown |
16-31 | Unknown |
Unofficial name.
TSEC_SCP_IRQSTAT
Bits | Description |
---|---|
0 | RND ready |
8 | ACL error |
12 | SEC error |
16 | CMD error |
20 | Single step |
24 | RND clock trigger |
28 | Stall timeout |
Unofficial name.
TSEC_SCP_IRQMASK
Bits | Description |
---|---|
0 | RND ready |
8 | ACL error |
12 | SEC error |
16 | CMD error |
20 | Single step |
24 | RND clock trigger |
28 | Stall timeout |
Unofficial name.
TSEC_SCP_ACL_ERR
Bits | Description |
---|---|
0 | Writing to a crypto register without the correct ACL |
4 | Reading from a crypto register without the correct ACL |
8 | Invalid ACL change (cchmod) |
31 | ACL error occurred |
Unofficial name.
Contains information on errors generated by the ACL error IRQ.
TSEC_SCP_SEC_ERR
Bits | Description |
---|---|
0 | Security mode changed during sequence execution (cs0exec/cs1exec) |
1-2 | Security mode at the beginning of sequence execution
0: Non-secure 1: Heavy Secure |
4 | Security mode changed during sequence recording (cs0begin/cs1begin) |
5-6 | Security mode at the beginning of sequence recording
0: Non-secure 1: Heavy Secure |
16 | Security mode changed while reading from crypto register/stream (cxsout or xdld) |
17-18 | Security mode at the beginning of reading from crypto register/stream
0: Non-secure 1: Heavy Secure |
20 | Security mode and memory source changed while writing to crypto register/stream (cxsin or xdst) |
21-22 | Security mode when memory source changed while writing to crypto register/stream
0: Non-secure 1: Heavy Secure |
24 | Security mode changed while writing to crypto register/stream (cxsin or xdst) |
25-26 | Security mode at the beginning of writing to crypto register/stream
0: Non-secure 1: Heavy Secure |
31 | SEC error occurred |
Unofficial name.
Contains information on errors generated by the SEC error IRQ.
TSEC_SCP_CMD_ERR
Bits | Description |
---|---|
0 | CMD's instruction is invalid |
4 | SEQ's sequence is empty |
8 | SEQ's sequence is too long |
12 | SEQ's sequence was not finished |
16 | Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode) |
20 | Invalid signature operation (csigcmp in HS mode) |
24 | Forbidden ACL change (cchmod in NS mode) |
Unofficial name.
Contains information on errors generated by the CMD error IRQ.
TSEC_SCP_RND_CTL0
Bits | Description |
---|---|
0-31 | RND clock trigger's lower limit |
Unofficial name.
TSEC_SCP_RND_CTL1
Bits | Description |
---|---|
0-15 | RND clock trigger's upper limit |
16-31 | RND clock trigger's mask |
Unofficial name.
TSEC_SCP_RND_CTL2
Bits | Description |
---|---|
0-15 | Unknown |
Unofficial name.
TSEC_SCP_RND_CTL3
Bits | Description |
---|---|
12 | Trigger first LFSR |
16 | Trigger second LFSR |
Unofficial name.
TSEC_SCP_RND_CTL4
Bits | Description |
---|---|
0-31 | First LFSR's polynomial for RNG's test mode |
Unofficial name.
TSEC_SCP_RND_CTL5
Bits | Description |
---|---|
0-31 | First LFSR's initial state for RNG's test mode |
Unofficial name.
TSEC_SCP_RND_CTL6
Bits | Description |
---|---|
0-31 | Second LFSR's polynomial for RNG's test mode |
Unofficial name.
TSEC_SCP_RND_CTL7
Bits | Description |
---|---|
0-31 | Second LFSR's initial state for RNG's test mode |
Unofficial name.
TSEC_SCP_RND_CTL8
Bits | Description |
---|---|
0-15 | Unknown |
16-31 | Unknown |
Unofficial name.
TSEC_SCP_RND_CTL9
Bits | Description |
---|---|
0-15 | Unknown |
16-31 | Unknown |
Unofficial name.
TSEC_SCP_RND_CTL10
Bits | Description |
---|---|
0-15 | Unknown |
16-31 | Unknown |
Unofficial name.
TSEC_SCP_RND_CTL11
Bits | Description |
---|---|
0 | Unknown |
1 | Unknown |
2 | Unknown |
3 | Unknown |
4-5 | First sampler's source
0: Oscillator 1: Unknown 2: LFSR 3: Dummy |
6-7 | Second sampler's source
0: Oscillator 1: Unknown 2: LFSR 3: Dummy |
8-11 | First sampler's tap value |
12-15 | Second sampler's tap value |
16-19 | Unknown |
20-23 | Unknown |
24-30 | Unknown |
31 | Unknown |
Unofficial name.
TSEC_TFBIF_CTL
Bits | Description |
---|---|
0 | TSEC_TFBIF_CTL_CLR_BWCOUNT |
1 | TSEC_TFBIF_CTL_ENABLE |
2 | TSEC_TFBIF_CTL_CLR_IDLEWDERR |
3 | TSEC_TFBIF_CTL_RESET |
4 | TSEC_TFBIF_CTL_IDLE |
5 | TSEC_TFBIF_CTL_IDLEWDERR |
6 | TSEC_TFBIF_CTL_SRTOUT |
7 | TSEC_TFBIF_CTL_CLR_SRTOUT |
8-11 | TSEC_TFBIF_CTL_SRTOVAL |
12 | TSEC_TFBIF_CTL_VPR |
TSEC_TFBIF_MCCIF_FIFOCTRL
Bits | Description |
---|---|
0 | TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVERRIDE |
1 | TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVERRIDE |
2 | TSEC_TFBIF_MCCIF_FIFOCTRL_WRCL_MCLE2X |
3 | TSEC_TFBIF_MCCIF_FIFOCTRL_RDMC_RDFAST |
4 | TSEC_TFBIF_MCCIF_FIFOCTRL_WRMC_CLLE2X |
5 | TSEC_TFBIF_MCCIF_FIFOCTRL_RDCL_RDFAST |
6 | TSEC_TFBIF_MCCIF_FIFOCTRL_CCLK_OVERRIDE |
7 | TSEC_TFBIF_MCCIF_FIFOCTRL_RCLK_OVR_MODE |
8 | TSEC_TFBIF_MCCIF_FIFOCTRL_WCLK_OVR_MODE |
TSEC_TFBIF_THROTTLE
Bits | Description |
---|---|
0-11 | TSEC_TFBIF_THROTTLE_BUCKET_SIZE |
16-27 | TSEC_TFBIF_THROTTLE_LEAK_COUNT |
30-31 | TSEC_TFBIF_THROTTLE_LEAK_SIZE |
TSEC_TFBIF_DBG_STAT0
Bits | Description |
---|---|
0 | TSEC_TFBIF_DBG_STAT0_1K_TRANSFER |
1 | TSEC_TFBIF_DBG_STAT0_RREQ_ISSUED |
2 | TSEC_TFBIF_DBG_STAT0_WREQ_ISSUED |
3 | TSEC_TFBIF_DBG_STAT0_TAGQ_ISSUED |
4 | TSEC_TFBIF_DBG_STAT0_STALL_RDATQ |
5 | TSEC_TFBIF_DBG_STAT0_STALL_RACKQ |
6 | TSEC_TFBIF_DBG_STAT0_STALL_WREQQ |
7 | TSEC_TFBIF_DBG_STAT0_STALL_WDATQ |
8 | TSEC_TFBIF_DBG_STAT0_STALL_WACKQ |
9 | TSEC_TFBIF_DBG_STAT0_STALL_RREQ_PENDING |
10 | TSEC_TFBIF_DBG_STAT0_STALL_WREQ_PENDING |
11 | TSEC_TFBIF_DBG_STAT0_STALL_MREQ |
12 | TSEC_TFBIF_DBG_STAT0_ENGINE_IDLE |
13 | TSEC_TFBIF_DBG_STAT0_RMCCIF_IDLE |
14 | TSEC_TFBIF_DBG_STAT0_WMCCIF_IDLE |
15 | TSEC_TFBIF_DBG_STAT0_CSB_IDLE |
16 | TSEC_TFBIF_DBG_STAT0_RU_IDLE |
17 | TSEC_TFBIF_DBG_STAT0_WU_IDLE |
19 | TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_ACTIVE |
20 | TSEC_TFBIF_DBG_STAT0_UNWEIGHT_ACTMON_MCB |
TSEC_TFBIF_DBG_STAT1
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_STAT1_DATA |
TSEC_TFBIF_DBG_RDCOUNT_LO
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_RDCOUNT_LO_DATA |
TSEC_TFBIF_DBG_RDCOUNT_HI
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_RDCOUNT_HI_DATA |
TSEC_TFBIF_DBG_WRCOUNT_LO
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_WRCOUNT_LO_DATA |
TSEC_TFBIF_DBG_WRCOUNT_HI
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_WRCOUNT_HI_DATA |
TSEC_TFBIF_DBG_R32COUNT
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_R32COUNT_DATA |
TSEC_TFBIF_DBG_R64COUNT
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_R64COUNT_DATA |
TSEC_TFBIF_DBG_R128COUNT
Bits | Description |
---|---|
0-31 | TSEC_TFBIF_DBG_R128COUNT_DATA |
TSEC_TFBIF_MCCIF_FIFOCTRL1
Bits | Description |
---|---|
0-15 | TSEC_TFBIF_MCCIF_FIFOCTRL1_SRD2MC_REORDER_DEPTH_LIMIT |
16-31 | TSEC_TFBIF_MCCIF_FIFOCTRL1_SWR2MC_REORDER_DEPTH_LIMIT |
TSEC_TFBIF_SPROT_EMEM
Bits | Description |
---|---|
0-2 | Read access level |
3 | Set on memory read access violation |
4-6 | Write access level |
7 | Set on memory write access violation |
Unofficial name.
Controls accesses to external memory regions. Accessible in HS mode only.
TSEC_TFBIF_TRANSCFG
Bits | Description |
---|---|
0 | TSEC_TFBIF_TRANSCFG_ATT0_SWID |
4 | TSEC_TFBIF_TRANSCFG_ATT1_SWID |
8 | TSEC_TFBIF_TRANSCFG_ATT2_SWID |
12 | TSEC_TFBIF_TRANSCFG_ATT3_SWID |
16 | TSEC_TFBIF_TRANSCFG_ATT4_SWID |
20 | TSEC_TFBIF_TRANSCFG_ATT5_SWID |
24 | TSEC_TFBIF_TRANSCFG_ATT6_SWID |
28 | TSEC_TFBIF_TRANSCFG_ATT7_SWID |
Configures the software ID per CTXDMA port for memory transactions. Software ID 0 (HW_SWID) forces all transactions to go through the SMMU while software ID 1 (PHY_SWID) bypasses it. Accessible in HS mode only.
[6.0.0+] The nvhost_tsec firmware sets this register to 0x10 or 0x111110 before reading memory from the GPU UCODE carveout.
TSEC_TFBIF_REGIONCFG
Bits | Description |
---|---|
0-2 | TSEC_TFBIF_REGIONCFG_T0_APERT_ID |
3 | TSEC_TFBIF_REGIONCFG_T0_VPR |
4-6 | TSEC_TFBIF_REGIONCFG_T1_APERT_ID |
7 | TSEC_TFBIF_REGIONCFG_T1_VPR |
8-10 | TSEC_TFBIF_REGIONCFG_T2_APERT_ID |
11 | TSEC_TFBIF_REGIONCFG_T2_VPR |
12-14 | TSEC_TFBIF_REGIONCFG_T3_APERT_ID |
15 | TSEC_TFBIF_REGIONCFG_T3_VPR |
16-18 | TSEC_TFBIF_REGIONCFG_T4_APERT_ID |
19 | TSEC_TFBIF_REGIONCFG_T4_VPR |
20-22 | TSEC_TFBIF_REGIONCFG_T5_APERT_ID |
23 | TSEC_TFBIF_REGIONCFG_T5_VPR |
24-26 | TSEC_TFBIF_REGIONCFG_T6_APERT_ID |
27 | TSEC_TFBIF_REGIONCFG_T6_VPR |
28-30 | TSEC_TFBIF_REGIONCFG_T7_APERT_ID |
31 | TSEC_TFBIF_REGIONCFG_T7_VPR |
Configures the aperture ID and VPR mode per CTXDMA port for memory region accessing. Accessible in HS mode only.
[6.0.0+] The nvhost_tsec firmware sets this register to 0x20 or 0x140 before reading memory from the GPU UCODE carveout.
TSEC_CG
Bits | Description |
---|---|
0-5 | TSEC_CG_IDLE_CG_DLY_CNT |
6 | TSEC_CG_IDLE_CG_EN |
16-18 | TSEC_CG_WAKEUP_DLY_CNT |
19 | TSEC_CG_WAKEUP_DLY_EN |
TSEC_BAR0_CTL
Bits | Description |
---|---|
0 | TSEC_BAR0_CTL_READ |
1 | TSEC_BAR0_CTL_WRITE |
4-7 | TSEC_BAR0_CTL_BYTE_MASK |
12-13 | TSEC_BAR0_CTL_STATUS
0: Idle 1: Busy 2: Error 3: Disabled |
16-17 | TSEC_BAR0_CTL_SEC_MODE
0: Non-secure 1: Invalid 2: Light Secure 3: Heavy Secure |
31 | TSEC_BAR0_CTL_INIT |
Unofficial name.
Controls DMA transfers between TSEC and HOST1X (master and clients).
Starting a transfer over BAR0 automatically sets TSEC_BAR0_CTL_SEC_MODE to the current Falcon security mode. Once set, any attempts to start a transfer from a lower security level will fail.
TSEC_BAR0_ADDR
Bits | Description |
---|---|
0-31 | TSEC_BAR0_ADDR_VAL |
Unofficial name.
Takes the address for DMA transfers between TSEC and HOST1X (master and clients).
TSEC_BAR0_DATA
Bits | Description |
---|---|
0-31 | TSEC_BAR0_DATA_VAL |
Unofficial name.
Takes the data for DMA transfers between TSEC and HOST1X (master and clients).
TSEC_BAR0_TIMEOUT
Bits | Description |
---|---|
0-31 | TSEC_BAR0_TIMEOUT_VAL |
Unofficial name.
Takes the timeout value for DMA transfers between TSEC and HOST1X (master and clients).
TSEC_VERSION
Bits | Description |
---|---|
0-31 | Version |
Unofficial name.
TSEC_SCRATCH0
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH1
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH2
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH3
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH4
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH5
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH6
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_SCRATCH7
Bits | Description |
---|---|
0-31 | Value |
Unofficial name.
TSEC_GPTMRINT
Unofficial name.
Same as TSEC_FALCON_GPTMRINT, but for an unknown hardware block.
TSEC_GPTMRVAL
Unofficial name.
Same as TSEC_FALCON_GPTMRVAL, but for an unknown hardware block.
TSEC_GPTMRCTL
Unofficial name.
Same as TSEC_FALCON_GPTMRCTL, but for an unknown hardware block.
TSEC_ITFEN
Bits | Description |
---|---|
0 | Enable TSEC_GPTMRINT |
1 | Unknown |
2 | Unknown |
3 | Unknown |
Unofficial name.
TSEC_ITFSTAT
Bits | Description |
---|---|
0 | TSEC_GPTMRINT is enabled |
1 | Unknown |
2 | Unknown |
3 | Unknown |
Unofficial name.
TSEC_TEGRA_CTL
Bits | Description |
---|---|
16 | TSEC_TEGRA_CTL_TKFI_KFUSE |
17 | TSEC_TEGRA_CTL_TKFI_RESTART_FSM_KFUSE |
24 | TSEC_TEGRA_CTL_TMPI_FORCE_IDLE_INPUTS_I2C |
25 | TSEC_TEGRA_CTL_TMPI_RESTART_FSM_HOST1X |
26 | TSEC_TEGRA_CTL_TMPI_RESTART_FSM_APB |
27 | TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C |
Falcon
"Falcon" (FAst Logic CONtroller) is a proprietary general purpose CPU which can be found inside various hardware blocks that require some sort of logic processing such as TSEC (TSECA and TSECB), NVDEC, NVENC, NVJPG, VIC, GPU PMU and XUSB.
Processor Registers
A total of 32 processor registers are available in the Falcon CPU.
REG0-REG15
These are 16 32-bit GPRs (general purpose registers).
IV0
This is a SPR (special purpose register) that holds the address for interrupt vector 0. Only bits 0 to 15 are used.
IV1
This is a SPR (special purpose register) that holds the address for interrupt vector 1. Only bits 0 to 15 are used.
IV2
This is a SPR (special purpose register) that holds the address for interrupt vector 2. This register is considered "UNDEFINED" and appears to be unused.
EV
This is a SPR (special purpose register) that holds the address for the exception vector. Only bits 0 to 15 are used.
Alternative name (envytools): "tv".
SP
This is a SPR (special purpose register) that holds the current stack pointer. Only bits 0 to 15 are used.
PC
This is a SPR (special purpose register) that holds the current program counter. Only bits 0 to 15 are used.
IMB
This is a SPR (special purpose register) that holds the external base address for IMEM transfers.
Alternative name (envytools): "xcbase".
DMB
This is a SPR (special purpose register) that holds the external base address for DMEM transfers.
Alternative name (envytools): "xdbase".
CSW
This is a SPR (special purpose register) that holds various flag bits.
Bits | Description |
---|---|
0-7 | General purpose predicates |
8 | ALU carry flag |
9 | ALU signed overflow flag |
10 | ALU sign flag |
11 | ALU zero flag |
16 | Interrupt 0 enable |
17 | Interrupt 1 enable |
18 | Interrupt 2 enable (undefined) |
20 | Interrupt 0 saved enable |
21 | Interrupt 1 saved enable |
22 | Interrupt 2 saved enable (undefined) |
24 | Exception active |
26-31 | Unknown |
Alternative name (envytools): "flags".
CCR
This is a SPR (special purpose register) that holds configuration bits for the SCP DMA override functionality. The value of this register is set using the "cxset" instruction which provides a way to change the behavior of a variable amount of successively executed DMA-related instructions ("xdwait", "xdst" and "xdld").
Bits | Description |
---|---|
0-4 | Number of instructions the override is valid for (0x1F means infinite) |
5 | Crypto source/destination select
0: Crypto register 1: Crypto stream |
6 | Bypass mode
0: Disabled 1: Enabled |
7 | Internal memory select
0: DMEM 1: IMEM |
Alternative name (envytools): "cx".
SEC
This is a SPR (special purpose register) that holds configuration bits for the SCP authentication process.
Bits | Description |
---|---|
0-7 | Start of region to authenticate (in pages of 0x100 bytes) |
16 | Force secure DMA transfers |
17 | Decrypt region to authenticate |
18 | Signature check passed |
19 | Suppress interrupts and exceptions |
24-31 | Size of region to authenticate (in pages of 0x100 bytes) |
Alternative name (envytools): "cauth".
CTX
This is a SPR (special purpose register) that holds configuration bits for the CTXDMA ports.
Bits | Description |
---|---|
0-2 | CTXDMA port for code loads (xcld) |
4-6 | CTXDMA port for code stores (invalid) |
8-10 | CTXDMA port for data loads (xdld) |
12-14 | CTXDMA port for data stores (xdst) |
Alternative name (envytools): "xtargets".
EXCI
This is a SPR (special purpose register) that holds information on raised exceptions.
Bits | Description |
---|---|
0-19 | Exception PC |
20-23 | Exception cause |
Alternative name (envytools): "tstatus".
SEC1
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
IMB1
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
DMB1
Only available in Falcon v6+ CPUs, marked as "RESERVED" for v5.
Secure BootROM
Certain Falcon CPUs may have an optional "Secure BootROM", but contrary to the common purpose of bootrom code, this doesn't execute while booting the CPU. In fact, being a microprocessor, Falcon is designed to execute user supplied code right off the bat in a clean slate state. However, Falcon can be paired with a secure co-processor and provide a cryptosystem for any hardware block that may require it, originating what is known as a "secretful" unit.
Secretful Falcon CPUs have TSEC_FALCON_HWCFG1_SECURITY_MODEL set to 3, which means they support "Heavy Secure" mode (or "HS" for short). While in HS mode, the Falcon's DMEM and IMEM regions are protected from read and write operations, which effectively hides code and data from attackers.
Entering HS mode first requires uploading code marked as "secure" to Falcon, which can be done from MMIO using TSEC_FALCON_IMEMC with the TSEC_FALCON_IMEMC_SECURE bit set. Upon jumping to a page marked as secret, the INV_INS exception is raised which tells the Falcon to start executing the secure bootrom code.
The secure bootrom lives in a hidden ROM region, instead of IMEM, and is mapped as --x at address 0. On Falcon v5 CPUs its size is 0x367 bytes.
Initialization
The first instructions of the secure bootrom simply save each GPR to the stack and check the contents of the SEC SPR.
Authentication
The main purpose of the secure bootrom is to authenticate the code pages marked as "secure". This is done by first extracting the base address and size of the region to authenticate from the SEC SPR, then calculating a signature over this region and finally comparing it to the value of the SCP register $c6.
If the comparison is successful, bit 18 of SEC SPR is set (which is mirrored in TSEC_FALCON_SVEC_SPR), the signature comparison result in TSEC_SCP_STAT1 is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of SEC SPR is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
Below is the authentication algorithm's pseudocode:
...
// This runs in a loop for each 0x100 bytes page.
cs0begin 0x03
cxsin $c4
cenc $c3 $c5
cxor $c5 $c3
ckeyreg $c4
cxor $c5 $c5
cs0exec 0x11
...
// Use secret 0x01 as key and $c7 as seed.
csecret $c3 1
ckeyreg $c3
cenc $c3 $c7
ckeyreg $c3
cenc $c4 $c5
csigcmp $c4 $c6
...
Decryption
If bit 17 is set in the SEC SPR, the secure bootrom will additionally attempt to decrypt the region to authenticate.
Below is the decryption algorithm's pseudocode:
...
// Use secret 0x06 as key.
cs0begin 0x03
cxsin $c3
cdec $c4 $c3
cxsout $c4
csecret $c5 0x06
ckexp $c5 $c5
cs0exec 0x10
ckeyreg $c5
...
Exit
The secure bootrom finishes by restoring each GPR from stack and returning from the exception state. This will result in the authenticated code region being executed in HS mode until the current PC points to an address outside of the authenticated region. When this happens, each page from the authenticated region is automatically marked as invalid without any involvement of the secure bootrom, meaning that the secure bootrom is only invoked when entering HS mode.
SCP
"SCP" (Secure Co-Processor) is a proprietary coprocessor which can be found inside every Falcon that supports Heavy Secure Mode. On the Tegra X1 these are TSECA, TSECB, NVDEC and the GPU's PMU.
Hardware
SCP is subdivided into several specialized hardware blocks and interfaces.
LOAD
Block for handling memory reads from SCP to Falcon. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register TSEC_SCP_CTL0.
STORE
Block for handling memory writes from Falcon to SCP. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register TSEC_SCP_CTL0.
CMD
Block for translating Falcon crypto operands into SCP commands. It communicates with Falcon over a dedicated interface.
The interface can be enabled or disabled by register TSEC_SCP_CTL0. The status of the current command is reported through register TSEC_SCP_CMD.
SEQ
Block for recording and executing sequences of crypto operations in the form of macros.
Can be enabled or disabled by register TSEC_SCP_CTL0.
CTL
Overseer block for controlling certain SCP features.
Can be enabled or disabled by register TSEC_SCP_CTL0.
Registers TSEC_SCP_CTL_STAT, TSEC_SCP_CTL_LOCK, TSEC_SCP_CTL_SCP, TSEC_SCP_CTL_PKEY and TSEC_SCP_CTL_DBG refer to this block.
AES
Block for providing AES-128-ECB functionality.
RNG
Block for encapsulating and controlling the internal random number generator.
Can be enabled or disabled by register TSEC_SCP_CTL1 and reports the status of the internal random number generator through registers TSEC_SCP_RNG_STAT0 and TSEC_SCP_RNG_STAT1.
RND
Internal random number generator.
Can be configured by the TSEC_SCP_RND_CTLx registers.
Operations
Opcode | Name | Operand0 | Operand1 | Operation | Precondition | Postcondition |
---|---|---|---|---|---|---|
0 | nop | N/A | N/A | N/A | N/A | N/A |
1 | mov | $cX | $cY | $cX = $cY; |
N/A | ACL($cX) = ACL($cY);
|
2 | xsin | $cX | N/A | $cX = read_from_stream(); |
N/A | ACL($cX) = is_mode_hs ? 0x3 : 0x1F;
|
3 | xsout | $cX | N/A | write_to_stream($cX); |
((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0xA))) |
N/A |
4 | rnd | $cX | N/A | $cX = read_from_rnd(); |
N/A | ACL($cX) = is_mode_hs ? 0x3 : 0x1F;
|
5 | s0begin | immX | N/A | record_macro_for_N_instructions(0, immX); |
N/A | N/A |
6 | s0exec | immX | N/A | execute_macro_N_times(0, immX); |
N/A | N/A |
7 | s1begin | immX | N/A | record_macro_for_N_instructions(1, immX); |
N/A | N/A |
8 | s1exec | immX | N/A | execute_macro_N_times(1, immX); |
N/A | N/A |
9 | <invalid> | N/A | N/A | N/A | N/A | N/A |
0xA | chmod | $cX | immY | ACL($cX) = immY; |
See ACLs | N/A |
0xB | xor | $cX | $cY | $cX ^= $cY; |
((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA))) |
ACL($cX) = ACL($cY);
|
0xC | add | $cX | immY | $cX += immY; |
((is_mode_hs && (ACL($cX) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A))) |
N/A |
0xD | and | $cX | $cY | $cX &= $cY; |
((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA))) |
ACL($cX) = ACL($cY);
|
0xE | rev | $cX | $cY | $cX = endian_swap128($cY); |
(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10))) |
ACL($cX) = ACL($cY);
|
0xF | gfmul | $cX | $cY | $cX = gfmul($cY); |
((is_mode_hs && (ACL($cX) & 0x2) && (ACL($cY) & 0x2)) || (!is_mode_hs && (ACL($cX) & 0x1A) && (ACL($cY) & 0xA))) |
ACL($cX) = ACL($cY);
|
0x10 | secret | $cX | immY | $cX = load_secret(immY); |
N/A | ACL($cX) = load_secret_acl(immY);
|
0x11 | keyreg | $cX | N/A | active_key = $cX; |
N/A | N/A |
0x12 | kexp | $cX | $cY | $cX = aes_key_expand($cY); |
(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10))) |
ACL($cX) = ACL($cY);
|
0x13 | krexp | $cX | $cY | $cX = aes_key_reverse_expand($cY); |
(is_mode_hs || (!is_mode_hs && (ACL($cX) & 0x10))) |
ACL($cX) = ACL($cY);
|
0x14 | enc | $cX | $cY | $cX = aes_enc(active_key, $cY); |
N/A | ACL($cX) = (ACL(active_key) & ACL($cY));
|
0x15 | dec | $cX | $cY | $cX = aes_dec(active_key, $cY); |
N/A | ACL($cX) = (ACL(active_key) & ACL($cY));
|
0x16 | sigcmp | $cX | $cY | current_sig = memcmp($cX, $cY) ? NULL : $cX; |
(is_mode_secure_bootrom && (ACL($cY) & 0x2)) |
is_mode_hs = has_sig = (current_sig != NULL);
|
0x17 | sigenc | $cX | $cY | $cX = aes_enc($cY, current_sig); |
(is_mode_hs && has_sig) |
ACL($cX) = 0x3;
|
0x18 | sigclr | N/A | N/A | current_sig = NULL; |
(is_mode_hs && has_sig) |
has_sig = false;
|
rnd
00000000: f5 3c 0X 90 crnd $cX
This instruction initializes a crypto register with random data.
Executing this instruction only succeeds if the RNG controller is enabled for the SCP, which requires taking the following steps:
- Write 0x7FFF to TSEC_SCP_RND_CTL0.
- Write 0x3FF0000 to TSEC_SCP_RND_CTL1.
- Write 0xFF00 to TSEC_SCP_RND_CTL11.
- Write 0x1000 to TSEC_SCP_CTL1.
Otherwise it hangs forever.
chmod
00000000: f5 3c XY a8 cchmod $cY 0X
or 00000000: f5 3c XY a9 cchmod $cY 1X
This instruction takes a crypto register and a 5 bit immediate value which represents the ACLs mask to set.
sigcmp
00000000: f5 3c XY d8 csigcmp $cY $cX
Takes 2 crypto registers as operands and is automatically executed when jumping to a code region previously uploaded as secret. This instruction does not work in secure mode.
sigclr
00000000: f5 3c 00 e0 csigclr
This instruction takes no operands and clears the saved cauth signature used by the csigenc instruction.
ACLs
Each crypto register has an associated access control list with the following format:
Bit | Description |
---|---|
0 | Secure Keyable |
1 | Secure Readable |
2 | Insecure Keyable |
3 | Insecure Readable |
4 | Insecure Writeable |
On boot, every crypto register has an ACL value of 0x1F.
In HS mode, STORE can always write to a crypto register. In NS and LS modes, STORE can only write to a crypto register if it has the Insecure Writeable access mode.
In HS mode, LOAD can only retrieve a crypto register's value if it has the Secure Readable access mode. In NS and LS modes, LOAD can only retrieve a crypto register's value if it has the Insecure Readable and Secure Readable access modes.
Loading a secret into a crypto register sets a per-secret ACL, unconditionally.
Secure Keyable
Controls if a crypto register can be used as key in HS mode.
Forced set if the crypto register has Secure Readable access. Once cleared, this access mode cannot be set again.
Secure Readable
Controls if a crypto register can be read in HS mode.
Once cleared, this access mode cannot be set again.
Insecure Keyable
Controls if a crypto register can be used as key in NS and LS modes.
Forced set if the crypto register has Insecure Readable access. This access mode cannot be set if the crypto register doesn't have Secure Keyable access.
Insecure Readable
Controls if a crypto register can be read in NS and LS modes.
This access mode cannot be set if the crypto register doesn't have Secure Readable access.
Insecure Writeable
Controls if a crypto register can be written to in NS and LS modes.
This access mode has no effect in HS mode.
Secrets
Heavy Secure Mode has access to 64 128-bit keys which are burned at factory. These keys can be loaded using the $csecret instruction which takes the target crypto register and the key index as arguments.
Secrets are specific to each Falcon unit with the exception of secret 0x3F. This secret is effectively empty (all zeros), but is configured to be overwritten with the KFUSE private key once the KFUSE clock is enabled. The KFUSE private key is console-unique.
Index | ACL | Description |
---|---|---|
0x00 | 0x03 | Used by Keygen, nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. |
0x01 | 0x00 | Used by Falcon's Secure BootROM for the signature generation algorithm. |
0x02 | 0x00 | |
0x03 | 0x01 | Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
0x04 | 0x00 | Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
0x05 | 0x03 | Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. |
0x06 | 0x01 | Used by Falcon's Secure BootROM as key to decrypt data during authentication (decided by bit 17 in the SEC register). |
0x07 | 0x01 | Used by [6.0.0+] nvhost_tsec firmware. |
0x08 | 0x00 | |
0x09 | 0x03 | Used by nvhost_tsec firmware. |
0x0A | 0x01 | |
0x0B | 0x00 | Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
0x0C | 0x03 | |
0x0D | 0x01 | |
0x0E | 0x00 | |
0x0F | 0x03 | Used by nvhost_tsec firmware. |
0x10 | 0x01 | Used by [1.0.0-5.1.0] nvhost_tsec firmware. |
0x11 | 0x00 | |
0x12 | 0x03 | |
0x13 | 0x01 | |
0x14 | 0x00 | |
0x15 | 0x03 | Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares. |
0x16 | 0x01 | |
0x17 | 0x00 | Used by [11.0.0+] nvhost_tsec firmware. |
0x18 | 0x03 | |
0x19 | 0x01 | |
0x1A | 0x00 | |
0x1B | 0x03 | |
0x1C | 0x01 | |
0x1D | 0x00 | |
0x1E | 0x03 | |
0x1F | 0x01 | |
0x20 | 0x00 | |
0x21 | 0x03 | |
0x22 | 0x01 | |
0x23 | 0x00 | |
0x24 | 0x03 | |
0x25 | 0x01 | |
0x26 | 0x00 | Used by KeygenLdr and SecureBoot |
0x27 | 0x03 | |
0x28 | 0x01 | |
0x29 | 0x00 | |
0x2A | 0x03 | |
0x2B | 0x01 | |
0x2C | 0x00 | |
0x2D | 0x03 | |
0x2E | 0x01 | |
0x2F | 0x00 | |
0x30 | 0x03 | |
0x31 | 0x01 | |
0x32 | 0x00 | |
0x33 | 0x03 | |
0x34 | 0x01 | |
0x35 | 0x00 | |
0x36 | 0x03 | |
0x37 | 0x01 | |
0x38 | 0x00 | |
0x39 | 0x03 | |
0x3A | 0x01 | |
0x3B | 0x00 | |
0x3C | 0x03 | Used by nvhost_tsec firmware. |
0x3D | 0x01 | |
0x3E | 0x00 | |
0x3F | 0x00 | Used by Keygen, nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |