2,939
edits
Changes
Jump to navigation
Jump to search
Line 4,963:
Line 4,963: − − If the comparison fails, an exception is raised, but since the secure bootrom is already running from an exception context, this causes a double exception state which forces the CPU to halt.
This is actually more complex. (Thanks Vale for noticing)
If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
If the comparison is successful, bit 18 of [[#SEC|SEC SPR]] is set (which is mirrored in [[#TSEC_FALCON_SVEC_SPR|TSEC_FALCON_SVEC_SPR]]), the signature comparison result in [[#TSEC_SCP_STAT1|TSEC_SCP_STAT1]] is set to 3 and each page from the region to authenticate is marked as valid. Bit 19 of [[#SEC|SEC SPR]] is also automatically set, preventing any interrupts or exceptions from being raised while in HS mode, but contrary to bit 18 this one can be manually cleared by authenticated code.
Below is the authentication algorithm's pseudocode:
Below is the authentication algorithm's pseudocode: