Changes

Jump to navigation Jump to search
192 bytes removed ,  18:13, 10 February 2021
This is actually more complex. (Thanks Vale for noticing)
Line 4,963: Line 4,963:     
If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
 
If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
  −
If the comparison fails, an exception is raised, but since the secure bootrom is already running from an exception context, this causes a double exception state which forces the CPU to halt.
      
Below is the authentication algorithm's pseudocode:
 
Below is the authentication algorithm's pseudocode:

Navigation menu