Line 723: |
Line 723: |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL2 | + | | [[#TSEC_SCP_RND_CTL2|TSEC_SCP_RND_CTL2]] |
| | 0x54501508 | | | 0x54501508 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL3 | + | | [[#TSEC_SCP_RND_CTL3|TSEC_SCP_RND_CTL3]] |
| | 0x5450150C | | | 0x5450150C |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL4 | + | | [[#TSEC_SCP_RND_CTL4|TSEC_SCP_RND_CTL4]] |
| | 0x54501510 | | | 0x54501510 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL5 | + | | [[#TSEC_SCP_RND_CTL5|TSEC_SCP_RND_CTL5]] |
| | 0x54501514 | | | 0x54501514 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL6 | + | | [[#TSEC_SCP_RND_CTL6|TSEC_SCP_RND_CTL6]] |
| | 0x54501518 | | | 0x54501518 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL7 | + | | [[#TSEC_SCP_RND_CTL7|TSEC_SCP_RND_CTL7]] |
| | 0x5450151C | | | 0x5450151C |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL8 | + | | [[#TSEC_SCP_RND_CTL8|TSEC_SCP_RND_CTL8]] |
| | 0x54501520 | | | 0x54501520 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL9 | + | | [[#TSEC_SCP_RND_CTL9|TSEC_SCP_RND_CTL9]] |
| | 0x54501524 | | | 0x54501524 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL10 | + | | [[#TSEC_SCP_RND_CTL10|TSEC_SCP_RND_CTL10]] |
| | 0x54501528 | | | 0x54501528 |
| | 0x04 | | | 0x04 |
| |- | | |- |
− | | TSEC_SCP_RND_CTL11 | + | | [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]] |
| | 0x5450152C | | | 0x5450152C |
| | 0x04 | | | 0x04 |
Line 3,577: |
Line 3,577: |
| |- | | |- |
| | 10 | | | 10 |
− | | Enable the [[#LOAD|LOAD]] block's interface | + | | Enable [[#LOAD|Falcon<->LOAD]] interface |
| |- | | |- |
| | 12 | | | 12 |
− | | Enable the [[#STORE|STORE]] block's interface | + | | Enable [[#STORE|Falcon<->STORE]] interface |
| |- | | |- |
| | 14 | | | 14 |
− | | Enable the [[#CMD|CMD]] block's interface | + | | Enable [[#CMD|Falcon<->CMD]] interface |
| |- | | |- |
| | 16 | | | 16 |
− | | Enable the [[#SEQ|SEQ]] block | + | | Enable [[#SEQ|SEQ]] |
| |- | | |- |
| | 20 | | | 20 |
− | | Enable the [[#CTL|CTL]] block | + | | Enable [[#CTL|CTL]] |
| |} | | |} |
| | | |
Line 3,598: |
Line 3,598: |
| |- | | |- |
| | 0 | | | 0 |
− | | Clear [[#SEQ|SEQ]] block's pipeline | + | | Clear [[#SEQ|SEQ]] |
| |- | | |- |
| | 8 | | | 8 |
− | | Clear the main [[#SCP|SCP]] pipeline | + | | Clear [[#SCP|SCP]]'s internal pipeline |
| |- | | |- |
| | 11 | | | 11 |
− | | Enable [[#RNG|RNG]] block's test mode | + | | Enable [[#RNG|RNG]]'s test mode |
| |- | | |- |
| | 12 | | | 12 |
− | | Enable the [[#RNG|RNG]] block | + | | Enable [[#RNG|RNG]] |
| |- | | |- |
| | 16 | | | 16 |
− | | Enable [[#LOAD|LOAD]] block's interface dummy mode (all reads return 0) | + | | Enable [[#LOAD|Falcon<->LOAD]] interface's dummy mode (all reads return 0) |
| |- | | |- |
| | 20 | | | 20 |
− | | Enable [[#LOAD|LOAD]] block's interface bypassing (all reads are dropped) | + | | Enable [[#LOAD|Falcon<->LOAD]] interface bypassing (all reads are dropped) |
| |- | | |- |
| | 24 | | | 24 |
− | | Enable [[#STORE|STORE]] block's interface bypassing (all writes are dropped) | + | | Enable [[#STORE|Falcon<->STORE]] interface bypassing (all writes are dropped) |
| |} | | |} |
| | | |
Line 3,635: |
Line 3,635: |
| | 0 | | | 0 |
| | Enable lockdown mode (locks IMEM and DMEM) | | | Enable lockdown mode (locks IMEM and DMEM) |
− | |-
| |
− | | 1
| |
− | | Unknown
| |
− | |-
| |
− | | 2
| |
− | | Unknown
| |
− | |-
| |
− | | 3
| |
− | | Unknown
| |
| |- | | |- |
| | 4 | | | 4 |
− | | Lock the [[#SCP|SCP]] | + | | Lock [[#SCP|SCP]]'s MMIO register space |
− | |-
| |
− | | 5
| |
− | | Unknown
| |
− | |-
| |
− | | 6
| |
− | | Unknown
| |
− | |-
| |
− | | 7
| |
− | | Unknown
| |
| |} | | |} |
| | | |
Line 3,666: |
Line 3,648: |
| |- | | |- |
| | 0 | | | 0 |
− | | Unknown | + | | Endianness for ADD |
| + | 0: Little |
| + | 1: Big |
| |- | | |- |
| | 1 | | | 1 |
− | | Unknown | + | | Endianness for GFMUL |
| + | 0: Little |
| + | 1: Big |
| |- | | |- |
| | 2 | | | 2 |
− | | Unknown | + | | Endianness for [[#LOAD|LOAD]] |
| + | 0: Little |
| + | 1: Big |
| |- | | |- |
| | 3 | | | 3 |
− | | Unknown | + | | Endianness for [[#STORE|STORE]] |
| + | 0: Little |
| + | 1: Big |
| |- | | |- |
| | 4 | | | 4 |
− | | [[#AES|AES]] block's endianness | + | | Endianness for [[#AES|AES]] |
| 0: Little | | 0: Little |
| 1: Big | | 1: Big |
| |- | | |- |
| | 8 | | | 8 |
− | | Flush [[#CMD|CMD]] block's pipeline | + | | Flush [[#CMD|CMD]] |
| |- | | |- |
| | 12-13 | | | 12-13 |
− | | Carry chain size | + | | Carry chain's size |
| 0: 32 bits | | 0: 32 bits |
| 1: 64 bits | | 1: 64 bits |
Line 3,693: |
Line 3,683: |
| |- | | |- |
| | 16-31 | | | 16-31 |
− | | Timeout value | + | | [[#SCP|SCP]]'s internal pipeline stall timeout value |
| |} | | |} |
| | | |
Line 3,702: |
Line 3,692: |
| |- | | |- |
| | 0 | | | 0 |
− | | Swap [[#SCP|SCP]] master | + | | Swap [[#SCP|SCP]]'s master |
| |- | | |- |
| | 1 | | | 1 |
− | | Current [[#SCP|SCP]] master | + | | Current [[#SCP|SCP]]'s master |
| 0: Falcon | | 0: Falcon |
| 1: External | | 1: External |
Line 3,759: |
Line 3,749: |
| |- | | |- |
| | 8-12 | | | 8-12 |
− | | [[#SEQ|SEQ]] block's current sequence size | + | | [[#SEQ|SEQ]]'s current sequence's size |
| |- | | |- |
| | 13-16 | | | 13-16 |
− | | [[#SEQ|SEQ]] block's current instruction address | + | | [[#SEQ|SEQ]]'s current instruction's address |
| |- | | |- |
| | 17 | | | 17 |
− | | [[#SEQ|SEQ]] block's current instruction is valid | + | | [[#SEQ|SEQ]]'s current instruction is valid |
| |- | | |- |
| | 18 | | | 18 |
− | | [[#SEQ|SEQ]] block is running in HS mode | + | | [[#SEQ|SEQ]] is running in HS mode |
| |- | | |- |
| | 19-22 | | | 19-22 |
− | | [[#LOAD|LOAD]] block's pipeline size | + | | [[#LOAD|LOAD]]'s queue's size |
| |- | | |- |
| | 23 | | | 23 |
− | | [[#LOAD|LOAD]] block's current operation is valid | + | | [[#LOAD|LOAD]]'s current operation is valid |
| |- | | |- |
| | 24 | | | 24 |
− | | [[#LOAD|LOAD]] block is running in HS mode | + | | [[#LOAD|LOAD]] is running in HS mode |
| |- | | |- |
| | 25-26 | | | 25-26 |
− | | [[#STORE|STORE]] block's pipeline size | + | | [[#STORE|STORE]]'s queue's size |
| |- | | |- |
| | 30 | | | 30 |
− | | [[#STORE|STORE]] block's current operation is valid | + | | [[#STORE|STORE]]'s current operation is valid |
| |- | | |- |
| | 31 | | | 31 |
− | | [[#STORE|STORE]] block is running in HS mode | + | | [[#STORE|STORE]] is running in HS mode |
| |} | | |} |
| | | |
Line 3,796: |
Line 3,786: |
| ! Description | | ! Description |
| |- | | |- |
− | | 0-3 | + | | 0-31 |
− | | [[#SEQ|SEQ]] block's current instruction's first operand | + | | Data |
− | |-
| + | If target is SEQ: |
− | | 4-9
| + | Bits 0-3: current instruction's first operand |
− | | [[#SEQ|SEQ]] block's current instruction's second operand
| + | Bits 4-9: current instruction's second operand |
− | |-
| + | Bits 10-14: current instruction's opcode |
− | | 10-14
| |
− | | [[#SEQ|SEQ]] block's current instruction's opcode
| |
| |} | | |} |
| | | |
− | Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ controller. | + | Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the [[#SEQ|SEQ]] block. |
| | | |
| === TSEC_SCP_DBG2 === | | === TSEC_SCP_DBG2 === |
Line 3,814: |
Line 3,802: |
| |- | | |- |
| | 0-1 | | | 0-1 |
− | | [[#SEQ|SEQ]] block's state | + | | [[#SEQ|SEQ]]'s state |
| 0: Idle | | 0: Idle |
| 1: Recording is active (cs0begin/cs1begin) | | 1: Recording is active (cs0begin/cs1begin) |
| |- | | |- |
| | 4-7 | | | 4-7 |
− | | Number of [[#SEQ|SEQ]] block's instructions left | + | | Number of instructions left in [[#SEQ|SEQ]] |
| |- | | |- |
| | 12-15 | | | 12-15 |
− | | Active crypto key register | + | | Active crypto key register (ckeyreg) |
| |} | | |} |
| | | |
Line 3,867: |
Line 3,855: |
| |- | | |- |
| | 28 | | | 28 |
− | | [[#CMD|CMD]] block's current instruction is valid | + | | [[#CMD|CMD]]'s current instruction is valid |
| |- | | |- |
| | 31 | | | 31 |
− | | [[#CMD|CMD]] block is running in HS mode | + | | [[#CMD|CMD]] is running in HS mode |
| |} | | |} |
| | | |
Line 3,884: |
Line 3,872: |
| |- | | |- |
| | 2 | | | 2 |
− | | [[#CMD|CMD]] block's interface is active | + | | [[#CMD|CMD]] is active |
| |- | | |- |
| | 4 | | | 4 |
− | | [[#STORE|STORE]] block's interface is active | + | | [[#STORE|STORE]] is active |
| |- | | |- |
| | 6 | | | 6 |
− | | [[#SEQ|SEQ]] block is active | + | | [[#SEQ|SEQ]] is active |
| |- | | |- |
| | 8 | | | 8 |
− | | [[#CTL|CTL]] block is active | + | | [[#CTL|CTL]] is active |
| |- | | |- |
| | 10 | | | 10 |
− | | [[#LOAD|LOAD]] block's interface is active | + | | [[#LOAD|LOAD]] is active |
| |- | | |- |
| | 14 | | | 14 |
− | | [[#AES|AES]] block is active | + | | [[#AES|AES]] is active |
| |- | | |- |
| | 16 | | | 16 |
− | | [[#RNG|RNG]] block is active | + | | [[#RNG|RNG]] is active |
| |} | | |} |
| | | |
− | Contains the status of the hardware blocks and interfaces. | + | Contains the statuses of hardware blocks. |
| | | |
| === TSEC_SCP_STAT1 === | | === TSEC_SCP_STAT1 === |
Line 3,920: |
Line 3,908: |
| |- | | |- |
| | 4 | | | 4 |
− | | [[#LOAD|LOAD]] block's interface is running in HS mode | + | | [[#LOAD|Falcon<->LOAD]] interface is running in HS mode |
| |- | | |- |
| | 6 | | | 6 |
− | | [[#LOAD|LOAD]] block's interface is ready | + | | [[#LOAD|Falcon<->LOAD]] interface is ready |
| |- | | |- |
| | 8 | | | 8 |
− | | [[#STORE|STORE]] block's interface is running in HS mode | + | | [[#STORE|Falcon<->STORE]] interface is running in HS mode |
| |- | | |- |
| | 10 | | | 10 |
− | | [[#STORE|STORE]] block's interface received a valid operation | + | | [[#STORE|Falcon<->STORE]] interface received a valid operation |
| |- | | |- |
| | 12 | | | 12 |
− | | [[#CMD|CMD]] block's interface is running in HS mode | + | | [[#CMD|Falcon<->CMD]] interface is running in HS mode |
| |- | | |- |
| | 14 | | | 14 |
− | | [[#CMD|CMD]] block's interface received a valid instruction | + | | [[#CMD|Falcon<->CMD]] interface received a valid instruction |
| |} | | |} |
| | | |
− | Contains the status of the last authentication attempt and other miscellaneous statuses. | + | Contains the statuses of hardware interfaces and the result of the last authentication attempt. |
| | | |
| === TSEC_SCP_STAT2 === | | === TSEC_SCP_STAT2 === |
Line 3,946: |
Line 3,934: |
| |- | | |- |
| | 0-4 | | | 0-4 |
− | | Current [[#SEQ|SEQ]] block opcode | + | | Current opcode in [[#SEQ|SEQ]] |
| |- | | |- |
| | 5-9 | | | 5-9 |
− | | Current [[#CMD|CMD]] block's interface opcode | + | | Current opcode in [[#CMD|Falcon<->CMD]] interface |
| |- | | |- |
| | 10-14 | | | 10-14 |
− | | Pending [[#CMD|CMD]] block opcode | + | | Pending opcode in [[#CMD|CMD]] |
| |- | | |- |
| | 15-16 | | | 15-16 |
− | | Current [[#AES|AES]] block operation | + | | Current opcode in [[#AES|AES]] |
| 0: Encryption | | 0: Encryption |
| 1: Decryption | | 1: Decryption |
Line 3,962: |
Line 3,950: |
| |- | | |- |
| | 24 | | | 24 |
− | | Unknown | + | | [[#SCP|SCP]]'s internal pipeline is stalled on hazard |
| |- | | |- |
| | 25 | | | 25 |
− | | [[#STORE|STORE]] block is stalled | + | | [[#STORE|STORE]] is stalled |
| |- | | |- |
| | 26 | | | 26 |
− | | [[#LOAD|LOAD]] block is stalled | + | | [[#LOAD|LOAD]] is stalled |
| |- | | |- |
| | 27 | | | 27 |
− | | [[#RNG|RNG]] block is stalled | + | | [[#RNG|RNG]] is stalled |
| |- | | |- |
| | 28 | | | 28 |
− | | Unknown | + | | [[#SCP|SCP]]'s internal pipeline is stalled on writeback |
| |- | | |- |
| | 29 | | | 29 |
− | | [[#AES|AES]] block is stalled | + | | [[#AES|AES]] is stalled |
| |} | | |} |
| | | |
Line 3,988: |
Line 3,976: |
| |- | | |- |
| | 0 | | | 0 |
− | | [[#RND|RND]] block is ready | + | | [[#RND|RND]] is ready |
| |- | | |- |
| | 4-7 | | | 4-7 |
Line 4,036: |
Line 4,024: |
| |- | | |- |
| | 24 | | | 24 |
− | | [[#RND|RND]] operation | + | | [[#RND|RND]] clock trigger |
| |- | | |- |
| | 28 | | | 28 |
− | | Timeout | + | | Stall timeout |
| |} | | |} |
− |
| |
− | Used for getting the status of crypto IRQs.
| |
| | | |
| === TSEC_SCP_IRQMASK === | | === TSEC_SCP_IRQMASK === |
Line 4,065: |
Line 4,051: |
| |- | | |- |
| | 24 | | | 24 |
− | | [[#RND|RND]] operation | + | | [[#RND|RND]] clock trigger |
| |- | | |- |
| | 28 | | | 28 |
− | | Timeout | + | | Stall timeout |
| |} | | |} |
− |
| |
− | Used for getting the value of the mask for crypto IRQs.
| |
| | | |
| === TSEC_SCP_ACL_ERR === | | === TSEC_SCP_ACL_ERR === |
Line 4,131: |
Line 4,115: |
| | SEC error occurred | | | SEC error occurred |
| |} | | |} |
| + | |
| + | Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|SEC error]] IRQ. |
| | | |
| === TSEC_SCP_CMD_ERR === | | === TSEC_SCP_CMD_ERR === |
Line 4,138: |
Line 4,124: |
| |- | | |- |
| | 0 | | | 0 |
− | | Invalid [[#CMD|CMD]] command | + | | [[#CMD|CMD]]'s instruction is invalid |
| |- | | |- |
| | 4 | | | 4 |
− | | Empty [[#SEQ|SEQ]] sequence | + | | [[#SEQ|SEQ]]'s sequence is empty |
| |- | | |- |
| | 8 | | | 8 |
− | | [[#SEQ|SEQ]] sequence is too long | + | | [[#SEQ|SEQ]]'s sequence is too long |
| |- | | |- |
| | 12 | | | 12 |
− | | [[#SEQ|SEQ]] sequence was not finished | + | | [[#SEQ|SEQ]]'s sequence was not finished |
| |- | | |- |
| | 16 | | | 16 |
Line 4,167: |
Line 4,153: |
| |- | | |- |
| | 0-31 | | | 0-31 |
− | | [[#RND|RND]] clock trigger lower limit | + | | [[#RND|RND]] clock trigger's lower limit |
| |} | | |} |
| | | |
Line 4,176: |
Line 4,162: |
| |- | | |- |
| | 0-15 | | | 0-15 |
− | | [[#RND|RND]] clock trigger upper limit | + | | [[#RND|RND]] clock trigger's upper limit |
| |- | | |- |
| | 16-31 | | | 16-31 |
− | | [[#RND|RND]] clock trigger mask | + | | [[#RND|RND]] clock trigger's mask |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL2 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-15 |
| + | | Unknown |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL3 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 12 |
| + | | Trigger first LFSR |
| + | |- |
| + | | 16 |
| + | | Trigger second LFSR |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL4 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-31 |
| + | | First LFSR's polynomial for [[#RNG|RNG]]'s test mode |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL5 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-31 |
| + | | First LFSR's initial state for [[#RNG|RNG]]'s test mode |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL6 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-31 |
| + | | Second LFSR's polynomial for [[#RNG|RNG]]'s test mode |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL7 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-31 |
| + | | Second LFSR's initial state for [[#RNG|RNG]]'s test mode |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL8 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-15 |
| + | | Unknown |
| + | |- |
| + | | 16-31 |
| + | | Unknown |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL9 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-15 |
| + | | Unknown |
| + | |- |
| + | | 16-31 |
| + | | Unknown |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL10 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0-15 |
| + | | Unknown |
| + | |- |
| + | | 16-31 |
| + | | Unknown |
| + | |} |
| + | |
| + | === TSEC_SCP_RND_CTL11 === |
| + | {| class="wikitable" border="1" |
| + | ! Bits |
| + | ! Description |
| + | |- |
| + | | 0 |
| + | | Unknown |
| + | |- |
| + | | 1 |
| + | | Unknown |
| + | |- |
| + | | 2 |
| + | | Unknown |
| + | |- |
| + | | 3 |
| + | | Unknown |
| + | |- |
| + | | 4-5 |
| + | | First sampler's source |
| + | 0: Oscillator |
| + | 1: Unknown |
| + | 2: LFSR |
| + | 3: Dummy |
| + | |- |
| + | | 6-7 |
| + | | Second sampler's source |
| + | 0: Oscillator |
| + | 1: Unknown |
| + | 2: LFSR |
| + | 3: Dummy |
| + | |- |
| + | | 8-11 |
| + | | First sampler's tap value |
| + | |- |
| + | | 12-15 |
| + | | Second sampler's tap value |
| + | |- |
| + | | 16-19 |
| + | | Unknown |
| + | |- |
| + | | 20-23 |
| + | | Unknown |
| + | |- |
| + | | 24-30 |
| + | | Unknown |
| + | |- |
| + | | 31 |
| + | | Unknown |
| |} | | |} |
| | | |
Line 5,136: |
Line 5,265: |
| * Write 0x7FFF to [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTL0]]. | | * Write 0x7FFF to [[#TSEC_SCP_RND_CTL0|TSEC_SCP_RND_CTL0]]. |
| * Write 0x3FF0000 to [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]]. | | * Write 0x3FF0000 to [[#TSEC_SCP_RND_CTL1|TSEC_SCP_RND_CTL1]]. |
− | * Write 0xFF00 to TSEC_SCP_RND_CTL11. | + | * Write 0xFF00 to [[#TSEC_SCP_RND_CTL11|TSEC_SCP_RND_CTL11]]. |
| * Write 0x1000 to [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]]. | | * Write 0x1000 to [[#TSEC_SCP_CTL1|TSEC_SCP_CTL1]]. |
| | | |
Line 5,148: |
Line 5,277: |
| ! Description | | ! Description |
| |- | | |- |
− | | 0 || Secure key. Forced set if bit1 is set. Once cleared, cannot be set again. | + | | 0 || Secure Keyable (forced set if bit1 is set; once cleared, cannot be set again) |
| |- | | |- |
− | | 1 || Secure readable. Once cleared, cannot be set again. | + | | 1 || Secure Readable (once cleared, cannot be set again) |
| |- | | |- |
− | | 2 || Insecure key. Forced set if bit3 is set. Forced clear if bit0 is clear. Can be toggled back and forth. | + | | 2 || Keyable (forced set if bit3 is set; forced clear if bit0 is clear; can be toggled back and forth) |
| |- | | |- |
− | | 3 || Insecure readable. Forced clear if bit1 is clear. Can be toggled back and forth. | + | | 3 || Readable (forced clear if bit1 is clear; can be toggled back and forth) |
| |- | | |- |
− | | 4 || Insecure overwritable. Can be toggled back and forth. | + | | 4 || Writeable (can be toggled back and forth) |
| |} | | |} |
| | | |
| On boot, the ACL is 0x1F for all $cX. | | On boot, the ACL is 0x1F for all $cX. |
| | | |
− | Loading into $cX using xdst instruction sets ACL($cX) to 0x13 and 0x1F, for secure and insecure mode respectively. | + | Loading into $cX using xdst instruction sets ACL($cX) to 0x13 and 0x1F, for heavy secure and non-secure mode respectively. |
| | | |
− | Spilling a $cX to DMEM using xdld instruction is allowed if (ACL($cX) & 2) or (ACL($cX) & 8), for secure and insecure mode respectively. | + | Spilling a $cX to DMEM using xdld instruction is allowed if (ACL($cX) & 2) or (ACL($cX) & 8), for heavy secure and non-secure mode respectively. |
| | | |
| Loading a secret into $cX sets a per-secret ACL, unconditionally. | | Loading a secret into $cX sets a per-secret ACL, unconditionally. |
Line 5,177: |
Line 5,306: |
| | 0x00 || 0x13 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. | | | 0x00 || 0x13 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. |
| |- | | |- |
− | | 0x01 || 0x10 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm. | + | | 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm. |
| |- | | |- |
− | | 0x02 || 0x10 || | + | | 0x02 || 0x00 || |
| |- | | |- |
− | | 0x03 || 0x11 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. | + | | 0x03 || 0x01 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
| |- | | |- |
− | | 0x04 || 0x10 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. | + | | 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
| |- | | |- |
| | 0x05 || 0x13 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. | | | 0x05 || 0x13 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. |
| |- | | |- |
− | | 0x06 || 0x11 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register). | + | | 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register). |
| |- | | |- |
− | | 0x07 || 0x11 || Used by [6.0.0+] nvhost_tsec firmware. | + | | 0x07 || 0x01 || Used by [6.0.0+] nvhost_tsec firmware. |
| |- | | |- |
− | | 0x08 || 0x10 || | + | | 0x08 || 0x00 || |
| |- | | |- |
| | 0x09 || 0x13 || Used by nvhost_tsec firmware. | | | 0x09 || 0x13 || Used by nvhost_tsec firmware. |
| |- | | |- |
− | | 0x0A || 0x11 || | + | | 0x0A || 0x01 || |
| |- | | |- |
− | | 0x0B || 0x10 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. | + | | 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
| |- | | |- |
| | 0x0C || 0x13 || | | | 0x0C || 0x13 || |
| |- | | |- |
− | | 0x0D || 0x11 || | + | | 0x0D || 0x01 || |
| |- | | |- |
− | | 0x0E || 0x10 || | + | | 0x0E || 0x00 || |
| |- | | |- |
| | 0x0F || 0x13 || Used by nvhost_tsec firmware. | | | 0x0F || 0x13 || Used by nvhost_tsec firmware. |
| |- | | |- |
− | | 0x10 || 0x11 || Used by [1.0.0-5.1.0] nvhost_tsec firmware. | + | | 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware. |
| |- | | |- |
− | | 0x11 || 0x10 || | + | | 0x11 || 0x00 || |
| |- | | |- |
| | 0x12 || 0x13 || | | | 0x12 || 0x13 || |
| |- | | |- |
− | | 0x13 || 0x11 || | + | | 0x13 || 0x01 || |
| |- | | |- |
− | | 0x14 || 0x10 || | + | | 0x14 || 0x00 || |
| |- | | |- |
| | 0x15 || 0x13 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares. | | | 0x15 || 0x13 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares. |
| |- | | |- |
− | | 0x16 || 0x11 || | + | | 0x16 || 0x01 || |
| |- | | |- |
− | | 0x17 || 0x10 || Used by [11.0.0+] nvhost_tsec firmware. | + | | 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware. |
| |- | | |- |
| | 0x18 || 0x13 || | | | 0x18 || 0x13 || |
| |- | | |- |
− | | 0x19 || 0x11 || | + | | 0x19 || 0x01 || |
| |- | | |- |
− | | 0x1A || 0x10 || | + | | 0x1A || 0x00 || |
| |- | | |- |
| | 0x1B || 0x13 || | | | 0x1B || 0x13 || |
| |- | | |- |
− | | 0x1C || 0x11 || | + | | 0x1C || 0x01 || |
| |- | | |- |
− | | 0x1D || 0x10 || | + | | 0x1D || 0x00 || |
| |- | | |- |
| | 0x1E || 0x13 || | | | 0x1E || 0x13 || |
| |- | | |- |
− | | 0x1F || 0x11 || | + | | 0x1F || 0x01 || |
| |- | | |- |
− | | 0x20 || 0x10 || | + | | 0x20 || 0x00 || |
| |- | | |- |
| | 0x21 || 0x13 || | | | 0x21 || 0x13 || |
| |- | | |- |
− | | 0x22 || 0x11 || | + | | 0x22 || 0x01 || |
| |- | | |- |
− | | 0x23 || 0x10 || | + | | 0x23 || 0x00 || |
| |- | | |- |
| | 0x24 || 0x13 || | | | 0x24 || 0x13 || |
| |- | | |- |
− | | 0x25 || 0x11 || | + | | 0x25 || 0x01 || |
| |- | | |- |
− | | 0x26 || 0x10 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]] | + | | 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]] |
| |- | | |- |
| | 0x27 || 0x13 || | | | 0x27 || 0x13 || |
| |- | | |- |
− | | 0x28 || 0x11 || | + | | 0x28 || 0x01 || |
| |- | | |- |
− | | 0x29 || 0x10 || | + | | 0x29 || 0x00 || |
| |- | | |- |
| | 0x2A || 0x13 || | | | 0x2A || 0x13 || |
| |- | | |- |
− | | 0x2B || 0x11 || | + | | 0x2B || 0x01 || |
| |- | | |- |
− | | 0x2C || 0x10 || | + | | 0x2C || 0x00 || |
| |- | | |- |
| | 0x2D || 0x13 || | | | 0x2D || 0x13 || |
| |- | | |- |
− | | 0x2E || 0x11 || | + | | 0x2E || 0x01 || |
| |- | | |- |
− | | 0x2F || 0x10 || | + | | 0x2F || 0x00 || |
| |- | | |- |
| | 0x30 || 0x13 || | | | 0x30 || 0x13 || |
| |- | | |- |
− | | 0x31 || 0x11 || | + | | 0x31 || 0x01 || |
| |- | | |- |
− | | 0x32 || 0x10 || | + | | 0x32 || 0x00 || |
| |- | | |- |
| | 0x33 || 0x13 || | | | 0x33 || 0x13 || |
| |- | | |- |
− | | 0x34 || 0x11 || | + | | 0x34 || 0x01 || |
| |- | | |- |
− | | 0x35 || 0x10 || | + | | 0x35 || 0x00 || |
| |- | | |- |
| | 0x36 || 0x13 || | | | 0x36 || 0x13 || |
| |- | | |- |
− | | 0x37 || 0x11 || | + | | 0x37 || 0x01 || |
| |- | | |- |
− | | 0x38 || 0x10 || | + | | 0x38 || 0x00 || |
| |- | | |- |
| | 0x39 || 0x13 || | | | 0x39 || 0x13 || |
| |- | | |- |
− | | 0x3A || 0x11 || | + | | 0x3A || 0x01 || |
| |- | | |- |
− | | 0x3B || 0x10 || | + | | 0x3B || 0x00 || |
| |- | | |- |
| | 0x3C || 0x13 || Used by nvhost_tsec firmware. | | | 0x3C || 0x13 || Used by nvhost_tsec firmware. |
| |- | | |- |
− | | 0x3D || 0x11 || | + | | 0x3D || 0x01 || |
| |- | | |- |
− | | 0x3E || 0x10 || | + | | 0x3E || 0x00 || |
| |- | | |- |
− | | 0x3F || 0x10 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. | + | | 0x3F || 0x00 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
| |} | | |} |