-
Notifications
You must be signed in to change notification settings - Fork 8
/
nvboot_bct.h
949 lines (792 loc) · 37.3 KB
/
nvboot_bct.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
/*
* Copyright (c) 2014 NVIDIA Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of NVIDIA CORPORATION nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* <b>NVIDIA Tegra ODM Kit:
* Boot Configuration Table (Tegra APX)</b>
*
* @b Description: NvBootConfigTable (BCT) contains the information
* needed to load boot loaders (BLs).
*/
/**
* @defgroup nvbl_bct_ap15 BCT (Tegra APX)
* @ingroup nvbl_bct_group
* @{
*
* @par Boot Sequence
*
* The following is an overview of the boot sequence.
* -# The Boot ROM (BR) uses information contained in fuses and straps to
* determine its operating mode and the secondary boot device from which
* to boot. If the recovery mode strap is enabled or the appropriate
* AO bit is set, it heads straight to recovery mode.
* The BR also intializes the subset of the hardware needed to boot the
* device.
* -# The BR configures the secondary boot device and searches for a valid
* Boot Configuration Table (BCT). If it fails to locate one, it enters
* recovery mode.
* -# If the BCT contains SDRAM parameters, the BR configures the SDRAM
* controller using the appropriate set.
* -# If the BCT contains device parameters, the BR reconfigures the
* appropriate controller.
* -# The BCT attempts to load a boot loader (BL), using redundant copies
* and failover as needed. The BR enters recovery mode if it cannot load
* a valid BL.
* -# The BR cleans up after itself and hands control over to the BL.
*
* <!-- Note: Recovery mode is described in nvboot_rcm.h. -->
* <!-- During the boot process, the BR records data in the Boot Information
* Table (BIT). This table provides information to the BL about what
* transpired during booting, along with a pointer to where a copy of
* the BCT can be found in memory. Details about the BIT can be found
* in nvboot_bit.h.
* -->
*
* @par Boot ROM Operating Modes
*
* The operating modes of the BR include:
* - @b NvProduction: This is the mode in which chips are provided to customers
* from NVIDIA. In this mode, fuses can still be programmed via recovery
* mode. BCTs and BLs are signed with a key of all 0's, but not encrypted.
* - @b OdmNonSecure: This is the mode in which customers ship products if they
* choose not to enable the more stringent security mechanisms. In
* this mode, fuses can no longer be programmed. As in NvProduction mode,
* BCTs and BLs are signed with a key of all 0's and not encrypted.
* This mode is sometimes called OdmProduction.
* - @b OdmSecure: This is the mode in which customers ship products with the
* stricter security measures in force. Fuses cannot be programmed, and
* all BCTs and BLs must be signed and encrypted with the secure boot key
* (SBK).
*
* @par Cryptographic Notes
*
* - If a BCT is encrypted, it is encrypted starting from the
* NvBootConfigTableRec::RandomAesBlock field and ends at the end of the BCT
* (the end of the NvBootConfigTable::Reserved area).
* - If a BL is encrypted, the entire BL image, including any padding, is
* encrypted.
* - Signatures are computed as a CMAC hash over the encrypted data.
* - All cryptographic operations use 128-bit AES in CBC mode w/an IV of 0's.
*
* @par Requirements for a Good BCT
*
* To be used by the BR, the BCT's CryptoHash must match the hash value
* computed while reading the BCT from the secondary boot device.
*
* For secondary boot devices that do not naturally divide storage into pages
* and blocks, suitable values have been chosen to provide a consistent model
* for BCT and BL loading. For eMMC devices, the page size is fixed at 512
* bytes and the block size is 4096 bytes.
*
* <!-- Additional requirements for BCTs created from scratch are:
* - The BootDataVersion must match the BR's data structure version number.
* - The block and page sizes must lie within the allowed range.
* - The block and page sizes must match the sizes used by the device manager
* to talk to the device.
* - The partition size must be a multiple of the block size.
* - The number of SDRAM and device parameter sets must be within range.
* - The block size used by the bad block table must be the BCT's block size.
* - The block size must be <= the virtual block size used by the
* bad block table.
* - The number of entries used within the bad block table must fit within
* the space available in the table.
* - The number of entries used must be equal to the number of virtual blocks
* that fit within the partition size.
* - The number of BLs present must fit within the available table space.
* - For each BL in the table:
* -# The starting page must fit within a block.
* -# The length of the BL > 0.
* -# The BL must fit within the partition.
* -# The entry point must lie within the BL.
* - The \c Reserved field must contain the padding pattern, which is one byte
* of 0x80 followed by bytes of 0x00.
* -->
* @par Boot ROM Search for a Good BCT
*
* After configuring the hardware to read from the secondary boot device,
* the BR commences a search for a valid BCT. In the descriptions that
* follow, the term "slot" refers to a potential location of a BCT in a block.
* A slot is the smallest integral number of pages that can hold a BCT.
* Thus, every BCT begins at the start of a page and may span multiple pages.
*
* The search sequence is:
* <pre>
* Block 0, Slot 0
* Block 0, Slot 1
* Block 1, Slot 0
* Block 1, Slot 1
* Block 1, Slot 2
* . . .
* Block 1, Slot N
* Block 2, Slot 0
* . . .
* Block 2, Slot N
* . . .
* Block 63, Slot N
* </pre>
*
* A few points worthy of note:
* - Block 0 is treated differently from the rest. In some storage devices,
* this block has special properties, such as being guaranteed to be good
* from the factory.
* - The remaining blocks that are searched are journal blocks. These are
* backups which provide a means to boot the system in the presence of
* unexpected failures or interrupted device updates.
* - The search within a journal block ends as soon as a bad BCT or a read
* error is found.
* - Not all of the journal blocks need to contain BCTs. If the BR reads
* non-BCT data, it should fail to validate.
* - The search terminates when:
* -# A good BCT is found in either of the slots in Block 0.
* -# A good BCT is found in a journal block and either the end of the
* block is reached or an error (validation failure or read error)
* occurs. The last good BCT in the journal block is used.
*
* Once a good BCT has been located, the BR proceeds with the boot sequence.
*
* <!-- Details of the SDRAM and device parameters are contained within their
* respective header files.
* -->
*
* The BR attempts to load each BL in the order they appear in the BootLoader
* table (which is an array of \c NvBootLoaderInfo structures) until locating a
* good one. A BL is good if it fits within the
* destination memory area and passes the signature check.
*
* The BR begins reading a BL from NvBootLoaderInfoRec::StartPage within
* NvBootLoaderInfoRec::StartBlock. It continues to read pages sequentially
* from this point, skipping over known bad blocks. Read failures cause the
* BR to use data from the redundant copies in an effort to assemble a
* complete, good BL.
*
* By default, the BR will only load BLs from the first generation it finds.
* A generation is a set of BLs with the same version number. If FailBack
* is enabled via an AO bit, the BR will continue to load BLs from older
* generations if it is unable to successfully load a BL from the newest
* generation. The age of a generation is implied by the order of entries
* in the BootLoader table--smaller indices indicate newer generations.
* All BLs of the same generation must occupy adjacent entries in the
* BootLoader table.
*/
#ifndef INCLUDED_NVBOOT_BCT_H
#define INCLUDED_NVBOOT_BCT_H
#include "nvcommon.h"
#include "nvboot_config.h"
#include "nvboot_devparams.h"
#include "nvboot_fuse.h"
#include "nvboot_hash.h"
#include "nvboot_sdram_param.h"
#include "nvboot_se_aes.h"
#include "nvboot_se_rsa.h"
#include "nvboot_crypto_param.h"
#if defined(__cplusplus)
extern "C"
{
#endif
/**
* Stores information needed to locate and verify a boot loader.
*
* There is one \c NvBootLoaderInfo structure for each copy of a BL stored on
* the device.
*/
typedef struct NvBootLoaderInfoRec
{
/// Specifies a version number for the BL. The assignment of numbers is
/// arbitrary; the numbers are only used to identify redundant copies
/// (which have the same version number) and to distinguish between
/// different versions of the BL (which have different numbers).
NvU32 Version;
/// Specifies the first physical block on the secondary boot device
/// that contains the start of the BL. The first block can never be
/// a known bad block.
NvU32 StartBlock;
/// Specifies the page within the first block that contains the start
/// of the BL.
NvU32 StartPage;
/// Specifies the length of the BL in bytes. BLs must be padded
/// to an integral number of 16 bytes with the padding pattern.
/// @note The end of the BL cannot fall within the last 16 bytes of
/// a page. Add another 16 bytes to work around this restriction if
/// needed.
NvU32 Length;
/// Specifies the starting address of the memory region into which the
/// BL will be loaded.
NvU32 LoadAddress;
/// Specifies the entry point address in the loaded BL image.
NvU32 EntryPoint;
/// Specifies an attribute available for use by other code.
/// Not interpreted by the Boot ROM.
NvU32 Attribute;
/// All cryptographic signatures supported will be stored here. The BL can be
/// simultaneously signed by all cryptographic signature types.
NvBootCryptoSignatures Signatures;
} NvBootLoaderInfo;
/**
* Stores information needed to locate MTS Preboot image on the boot media.
*
* MTS boot structure for each of the Preboot.
*
*/
typedef struct NvBootPrebootInfoRec
{
/// Specifies a version number for the MTS image. The assignment of
/// numbers is arbitrary; the numbers are only used to identify redundant.
NvU32 Version;
/// Specifies the first physical block on the secondary boot device
/// that contains the start of the MTS image. The first block can never be
/// a known bad block.
NvU32 StartBlock;
/// Specifies the page within the first block that contains the start
/// of the MTS image.
NvU32 StartPage;
/// Specifies the length of the MTS image in bytes. MTS image must be
/// padded to an integral number of 16 bytes with the padding pattern.
/// @note The end of the MTS image cannot fall within the last 16 bytes of
/// a page. Add another 16 bytes to work around this restriction if
/// needed.
NvU32 Length;
} NvBootPrebootInfo;
/**
* Stores information needed to locate MB1 Bct on the boot media.
*
* MB1 Bct information.
*
*/
typedef struct NvBootMb1BcttInfoRec
{
/// Specifies the first physical block on the secondary boot device
/// that contains the start of the Mb1 Bct image.
NvU32 SectorInfo;
/// Specifies the partitionsize of the block holding the mb1-bct copies
NvU32 PartitionSize;
} NvBootMb1BcttInfo;
/**
* Identifies the types of devices from which the system booted.
* Used to identify primary and secondary boot devices.
* Note that these no longer match the fuse API device values (for
* backward compatibility with AP15).
*/
typedef enum
{
/// Specifies a default (unset) value
NvBootDevType_None = 0,
/// Specifies SPI NOR
NvBootDevType_Spi,
/// Specifies SPI NOR
NvBootDevType_Qspi = NvBootDevType_Spi,
/// Specifies SDMMC (either eMMC or eSD)
NvBootDevType_Sdmmc,
/// Specifies internal ROM (i.e., the BR)
NvBootDevType_Irom,
/// Specifies UART (only available internal to NVIDIA)
NvBootDevType_Uart,
/// Specifies USB (i.e., Xusb RCM)
NvBootDevType_Usb,
/// Specifies USB3 boot interface
NvBootDevType_Usb3,
/// Specifies SATA boot interface
NvBootDevType_Sata,
/// Specifies UFS boot interface
NvBootDevType_Ufs,
NvBootDevType_Foos,
/// Specifies Production Mode Uart Boot
NvBootDevType_ProdUart,
NvBootDevType_Max,
NvBootDevType_Force32 = 0x7FFFFFFF
} NvBootDevType;
/**
* Contains the information needed to load BLs from the secondary boot device.
*
* - Supplying NumParamSets = 0 indicates not to load any of them.
* - Supplying NumDramSets = 0 indicates not to load any of them.
* - The \c RandomAesBlock member exists to increase the difficulty of
* key attacks based on knowledge of this structure.
*/
typedef struct NvBootConfigTableSdramRec
{
/// *** UNSIGNED SECTION OF THE BCT *** ///
///
/// IMPORTANT NOTE: If the start of the unsigned section changes from
/// RandomAesBlock to some other starting point,
/// other parts of Boot ROM must be updated!
/// See SignatureOffset in function ReadOneBct
/// in nvboot_bct.c, as well as the compile time
/// assert at around line 59 nvboot_bct.c.
/// (This is NOT a comprehensive list).
///
/// IMPORTANT NOTE 2: The size of the unsigned section must be a multiple
/// of the AES block size, to maintain compatibility
/// with the nvboot_reader function LaunchCryptoOps!
///
/// Specifies a size/length information of the BCT.
/// This shall be size of BRBCT and Full BCT.
/// There are only two legal sizes as far BR is concerned.
NvU32 BctSize;
/// Specify Preproduction Debug features in BootROM
NvU32 BootROMPreproductionDebugFeatures;
/// The BCT will house public, non-secret cryptographic parameters necessary
/// for the authentication of the BCT and Boot Images. These parameters are
/// collectively known as Public Cryptographic Parameters (PCP) and they will
/// be stored in the unsigned section of the BCT.
/// The BR will check the validity of these parameters by calculating the SHA256
/// hash of the Pcp and compare against the value burned in fuses.
NvBootPublicCryptoParameters Pcp;
/// All cryptographic signatures supported will be stored here. The BCT can be
/// simultaneously signed by all cryptographic signature types.
NvBootCryptoSignatures Signatures;
/// DEPRECATED. Will be removed for the Pcp above.
/// Sepcifies the RSA public key's modulus
NvBootRsaKeyModulus Key;
/// DEPRECATED. Will be removed. Do not use.
/// Specifies the AES-CMAC MAC or RSASSA-PSS signature for the rest of the BCT structure
NvBootObjectSignature Signature;
/// Specifies the Factory Secure Provisioning number to be used.
/// Only valid and consumed by BR in NvProduction Mode.
/// Because the key number is specified in the BCT, BR needs to read in
/// the BCT first to know the key number to validate against.
/// This field must match SecProvisioningKeyNum_Secure to be a valid BCT for use
/// in the Factory Secure Provisioning mode.
NvU32 SecProvisioningKeyNum_Insecure;
/// A 256-bit AES key encrypted by a reserved 256-bit AES "key wrap" key.
/// Only used in Factory Secure Provisioning mode.
NvBootAes256KeyNvU8 SecProvisioningKeyWrapKey;
/// Specifies a region of data available to customers of the BR.
/// This data region is primarily used by a manufacturing utility
/// or BL to store useful information that needs to be
/// shared among manufacturing utility, BL, and OS image.
/// BR only provides framework and does not use this data
/// @note Some of this space has already been allocated for use
/// by NVIDIA.
/// Information currently stored in the \c CustomerData[] buffer is
/// defined below.
/// @note Some of the information mentioned shall be deprecated
/// or replaced by something else in future releases
///
/// -# Start location of OS image (physical blocks). Size:- NvU32
/// OS image is written from block boundary.
/// -# Length of OS image. Size:- NvU32
/// -# OS Flavor: wince or winwm (windows mobile). Size:-NvU32
/// wince type image is a raw binary
/// winwm has different image layout (".dio" format)
/// -# Information about how many columns (banks) are used for
/// NAND interleave operations. Size:- NvU8
/// -# Pointer to DRM device certificate location. Size:-NvU32
/// -# Pointer to secure clock information. Size:- NvU32
/// -# \a custopt data filed. Size: NvU32
/// RM allows ODM adaptations and ODM query implementations
/// to read this value at runtime and use it for various useful
/// features.
/// For example: use of single BSP image that supports multiple product
/// SKUs.
/// @note The storage space is much larger for AP20 than AP15 or AP16.
NvU8 CustomerData[NVBOOT_BCT_CUSTOMER_DATA_SIZE];
/// *** START OF SIGNED SECTION OF THE BCT *** ///
///
/// Specifies a chunk of random data.
NvBootHash RandomAesBlock;
/// Specifies the Unique ID / ECID of the chip that this BCT is specifically
/// generated for. This field is required if SecureJtagControl == NV_TRUE.
/// It is optional otherwise. This is to prevent a signed BCT with
/// SecureJtagControl == NV_TRUE being leaked into the field that would
/// enable JTAG debug for all devices signed with the same private RSA key.
NvBootECID UniqueChipId;
/// Specifies the version of the BR data structures used to build this BCT.
/// \c BootDataVersion must match the version number in the BR.
NvU32 BootDataVersion;
/// Specifies the size of a physical block on the secondary boot device
/// in log2(bytes).
NvU32 BlockSizeLog2;
/// Specifies the size of a page on the secondary boot device
/// in log2(bytes).
NvU32 PageSizeLog2;
/// Specifies the size of the boot partition in bytes.
/// Used for internal error checking; BLs must fit within this region.
NvU32 PartitionSize;
/// Specifies the number of valid device parameter sets provided within
/// this BCT. If the device straps are left floating, the same parameters
/// should be replicated to all NVBOOT_BCT_MAX_PARAM_SETS sets.
NvU32 NumParamSets;
// Specifies the type of device for parameter set DevParams[i]
NvBootDevType DevType[NVBOOT_BCT_MAX_PARAM_SETS];
/// Specifies the device parameters with which to reinitialize the
/// secondary boot device controller. The device straps index into this
/// table. The definition of \c NvBootDevParams is contained within
/// nvboot_devparams.h and the specific device nvboot_*_param.h files.
NvBootDevParams DevParams[NVBOOT_BCT_MAX_PARAM_SETS];
/// Specifies the number of BLs described in the BootLoader table.
NvU32 BootLoadersUsed;
/// Specifies the information needed to locate and validate each BL.
/// The BR uses entries 0 through BootLoadersUsed-1.
NvBootLoaderInfo BootLoader[NVBOOT_MAX_BOOTLOADERS];
/// Specifies if the Mts Preboot to be handled in BR or skipped
NvU8 MtsPrebootInit;
/// Specifies the number of Mts boot components described in the mts boot table.
NvU32 MtsBootComponentsUsed;
/// Specifies Mts Preboot placeholder to validate Denver PreBoot
/// components. The BR interprets entries 0/1 for preboot
NvBootPrebootInfo MtsBootComponents[NVBOOT_MAX_MTS_COMPONENTS];
/// Specify Mb1 Bct info
NvBootMb1BcttInfo Mb1Bct;
/// MB1 is loaded by default by BR.
/// A non-zero value means BR will skip NVIDIA authentication of the first BL
/// in preproduction mode only.
NvU8 Mb1LoadDisable;
/// Specifies to enable I/D cachec for R5 post bct.
NvU8 EnableR5Cache;
/// Specifies AO MSS SCR lock bit check or skip in Preproduction only
NvU8 AoMssScrSkip;
/// Specifies if the SdramInit to be handled in BR or skipped
NvU8 SdramInit;
/// Specifies if the CanInit to be enabled in Mb1
NvU8 CanInit;
/// Specifies EMEM_BOM for memory configuration
NvU32 EmemBomMemoryCfg;
/// Specifies PCIEA0 config for AMAP configuration
NvU32 AmapPcieA0;
/// Specifies PCIEA1 config for AMAP configuration
NvU32 AmapPcieA1;
/// Specifies PCIEA2 config for AMAP configuration
NvU32 AmapPcieA2;
/// Specifies PCIEA3 config for AMAP configuration
NvU32 AmapPcieA3;
/// Specifies MSS Region Enable1
/// Regardless of region setting, for production platform BR should
/// ignore this setting and enabled by BR by default.
NvU8 MssMtsRegionGen0;
/// Specifies MSS Region Enable2
NvU8 MssTzRegionGen1;
/// Specifies MSS Region Enable3
NvU8 MssRegionEnable3;
/// Specifies MSS Region Enable4
NvU8 MssRegionEnable4;
/// Specifies whether FailBack should be used when looking for a good BL.
NvBool EnableFailBack;
/// Specify KEK size select
/// 0 - sets of 128 bit keys.
/// 1 - 256 bit key
NvU8 BctKEKKeySelect;
/// Specify whether or not to enable denver dfd access
/// CustDenverDfdEn = NV_FALSE (0) = Disable Dfd access.
/// CustDenverDfdEn = NV_TRUE (1) = Enable Dfd access.
NvBool CustDenverDfdEn;
/// Specifies which debug features to be enabled or disabled.
/// Maps directly to APBDEV_PMC_DEBUG_AUTHENTICATION_0. Must specify
/// the ECID of the chip in UniqueChipId on production systems.
/// 0x1 = ENABLED. 0x0 = DISABLED.
/// SCE_Secure_Debug - bit 10
/// SPE_Secure_Debug - bit 9
/// BPMP_Secure_Debug - bit 8
/// Reserved bits [7:6]
/// DBGEN - bit 5
/// NIDEN - bit 4
/// SPIDEN - bit 3
/// SPNIDEN - bit 2
/// DEVICEEN - bit 1
/// JTAG_ENABLE - bit 0
NvU32 SecureDebugControl;
/// Specifies the factory secure provisioning key number to use.
/// There are 64 such 256-bit AES keys.
/// Specifying a key number of 0 will cause Boot ROM to default to
/// NvProduction mode boot (i.e. Factory Secure Provisioning mode disabled).
/// Specifying a key number of 1 to 15 is invalid. These are anti-cloning keys
/// numbers and BR will ignore these values.
/// BR will ignore this field if the secure_provision_index fuse is burned.
/// Key number 64 (index [63]) is reserved for NVIDIA debug use.
/// So, this field will only be used if the chip is in NvProductionMode,
/// and when secure_provision_index is zero, and when SecProvisioningKeyNum
/// is not 0 to 15.
/// This key number must match SecProvisioningKeyNum_Insecure.
NvU32 SecProvisioningKeyNum_Secure;
/// Specifies the number of valid SDRAM parameter sets provided within
/// this BCT. If the SDRAM straps are left floating, the same parameters
/// should be replicated to all NVBOOT_BCT_MAX_SDRAM_SETS sets.
NvU32 NumSdramSets;
/// Specifies the SDRAM parameters with which to initialize the SDRAM
/// controller. The SDRAM straps index into this table. The definition
/// of NvBootDevParams is contained within nvboot_sdram_param.h.
NvBootSdramParams SdramParams[NVBOOT_BCT_MAX_SDRAM_SETS];
/// only defined for Full Bct
/// Boot CPU
NvU32 BootCpu; // 3?
/// Safe Boot frequency
NvU32 SafeBootFrequency;
/// Specify A57_voltage
NvU32 BootCpuAVoltage;
/// Specify A57-frequency
NvU32 BootCpuAFrequency;
/// Specify Denver_voltage
NvU32 BootCpuDenverVoltage;
/// Specify Denver-frequency
NvU32 BootCpuDenverFrequency;
/// Specify Boot DV Comp params
NvU32 DVCompParams[4]; //0-3
/// Specify ccplex platform features
NvU64 CcplexPlatformFeatures;// 2, 32 bits variants
/// Specifies a reserved area at the end of the BCT that must be filled
/// with the padding pattern.
NvU8 Reserved[NVBOOT_BCT_DRAM_RESERVED_SIZE];
} NvBootConfigTableSdram;
/**
* Contains the information needed to load BLs from the secondary boot device.
*
* - Supplying NumParamSets = 0 indicates not to load any of them.
* - The \c RandomAesBlock member exists to increase the difficulty of
* key attacks based on knowledge of this structure.
*/
typedef struct NvBootConfigTableRec
{
/// *** UNSIGNED SECTION OF THE BCT *** ///
///
/// IMPORTANT NOTE: If the start of the unsigned section changes from
/// RandomAesBlock to some other starting point,
/// other parts of Boot ROM must be updated!
/// See SignatureOffset in function ReadOneBct
/// in nvboot_bct.c, as well as the compile time
/// assert at around line 59 nvboot_bct.c.
/// (This is NOT a comprehensive list).
///
/// IMPORTANT NOTE 2: The size of the unsigned section must be a multiple
/// of the AES block size, to maintain compatibility
/// with the nvboot_reader function LaunchCryptoOps!
///
/// Specifies a size/length information of the BCT.
NvU32 BctSize;
/// Specify Preproduction Debug features in BootROM
NvU32 BootROMPreproductionDebugFeatures;
/// Reserved field.
NvU32 NvUnsignedReserved;
/// The BCT will house public, non-secret cryptographic parameters necessary
/// for the authentication of the BCT and Boot Images. These parameters are
/// collectively known as Public Cryptographic Parameters (PCP) and they will
/// be stored in the unsigned section of the BCT.
NvBootPublicCryptoParameters Pcp;
/// All cryptographic signatures supported will be stored here. The BCT can be
/// simultaneously signed by all cryptographic signature types.
NvBootCryptoSignatures Signatures;
/// Specifies the Factory Secure Provisioning number to be used.
/// Only valid and consumed by BR in NvProduction Mode.
/// Because the key number is specified in the BCT, BR needs to read in
/// the BCT first to know the key number to validate against.
/// This field must match SecProvisioningKeyNum_Secure to be a valid BCT for use
/// in the Factory Secure Provisioning mode.
NvU32 SecProvisioningKeyNum_Insecure;
/// A 256-bit AES key encrypted by a reserved 256-bit AES "key wrap" key.
/// Only used in Factory Secure Provisioning mode.
NvBootAes256KeyNvU8 SecProvisioningKeyWrapKey;
/// Specifies a region of data available to customers of the BR.
/// This data region is primarily used by a manufacturing utility
/// or BL to store useful information that needs to be
/// shared among manufacturing utility, BL, and OS image.
/// BR only provides framework and does not use this data
/// @note Some of this space has already been allocated for use
/// by NVIDIA.
/// Information currently stored in the \c CustomerData[] buffer is
/// defined below.
/// @note Some of the information mentioned shall be deprecated
/// or replaced by something else in future releases
///
/// -# Start location of OS image (physical blocks). Size:- NvU32
/// OS image is written from block boundary.
/// -# Length of OS image. Size:- NvU32
/// -# OS Flavor: wince or winwm (windows mobile). Size:-NvU32
/// wince type image is a raw binary
/// winwm has different image layout (".dio" format)
/// -# Information about how many columns (banks) are used for
/// NAND interleave operations. Size:- NvU8
/// -# Pointer to DRM device certificate location. Size:-NvU32
/// -# Pointer to secure clock information. Size:- NvU32
/// -# \a custopt data filed. Size: NvU32
/// RM allows ODM adaptations and ODM query implementations
/// to read this value at runtime and use it for various useful
/// features.
/// For example: use of single BSP image that supports multiple product
/// SKUs.
/// @note The storage space is much larger for AP20 than AP15 or AP16.
NvU8 CustomerData[NVBOOT_BCT_CUSTOMER_DATA_SIZE];
/// *** START OF SIGNED SECTION OF THE BCT *** ///
///
/// Specifies a chunk of random data.
NvBootHash RandomAesBlock;
/// Specifies the Unique ID / ECID of the chip that this BCT is specifically
/// generated for. This field is required if SecureJtagControl == NV_TRUE.
/// It is optional otherwise. This is to prevent a signed BCT with
/// SecureJtagControl == NV_TRUE being leaked into the field that would
/// enable JTAG debug for all devices signed with the same private RSA key.
NvBootECID UniqueChipId;
/// Specifies the version of the BR data structures used to build this BCT.
/// \c BootDataVersion must match the version number in the BR.
NvU32 BootDataVersion;
/// Specifies the size of a physical block on the secondary boot device
/// in log2(bytes).
NvU32 BlockSizeLog2;
/// Specifies the size of a page on the secondary boot device
/// in log2(bytes).
NvU32 PageSizeLog2;
/// Specifies the size of the boot partition in bytes.
/// Used for internal error checking; BLs must fit within this region.
NvU32 PartitionSize;
/// Specifies the number of valid device parameter sets provided within
/// this BCT. If the device straps are left floating, the same parameters
/// should be replicated to all NVBOOT_BCT_MAX_PARAM_SETS sets.
NvU32 NumParamSets;
// Specifies the type of device for parameter set DevParams[i]
NvBootDevType DevType[NVBOOT_BCT_MAX_PARAM_SETS];
/// Specifies the device parameters with which to reinitialize the
/// secondary boot device controller. The device straps index into this
/// table. The definition of \c NvBootDevParams is contained within
/// nvboot_devparams.h and the specific device nvboot_*_param.h files.
NvBootDevParams DevParams[NVBOOT_BCT_MAX_PARAM_SETS];
/// Specifies the number of BLs described in the BootLoader table.
NvU32 BootLoadersUsed;
/// Specifies the information needed to locate and validate each BL.
/// The BR uses entries 0 through BootLoadersUsed-1.
NvBootLoaderInfo BootLoader[NVBOOT_MAX_BOOTLOADERS];
/// Specify Mb1 Bct info
NvBootMb1BcttInfo Mb1Bct;
/// MB1 is loaded by default by BR.
/// A non-zero value means BR will skip NVIDIA authentication of the first BL
/// in preproduction mode only.
NvBool Mb1LoadDisable;
/// Specifies to enable I/D cachec for R5 post bct.
NvBool EnableR5Cache;
/// Specifies AO MSS SCR lock bit check or skip in Preproduction only
NvBool AoMssScrSkip;
/// Specifies if the SdramInit to be handled in BR or skipped
NvBool SdramInit;
/// Specifies if the CanInit to be enabled in Mb1
NvBool CanInit;
/// Specifies EMEM_BOM for memory configuration
NvU32 EmemBomMemoryCfg;
/// Specifies PCIEA1 config for AMAP configuration
NvBool AmapPcieA1;
/// Specifies PCIEA2 config for AMAP configuration
NvBool AmapPcieA2;
/// Specifies PCIEA3 config for AMAP configuration
NvBool AmapPcieA3;
/// Specifies PCIEA4 config for AMAP configuration
NvBool AmapPcieA4;
/// Specifies MSS Mts Region Generate key0
/// Regardless of region setting, for production platform BR should
/// ignore this setting and enabled by BR by default.
NvBool MssMtsRegionGenKey0;
/// Specifies MSS Tz Region generatke key1
NvBool MssTzRegionGenKey1;
/// Specifies MSS Vpr Region generate key2
NvBool MssVprRegionGenKey2;
/// Specifies MSS Gsc Region generate key3
NvBool MssGscRegionGenKey3;
/// Specifies MSS region encrypt clock source selection
NvBool MssRegionskipEncryptClkSrc;
/// Specifies MSS MTS Carveout distribute key0
NvBool MssMtsCoDisKey0;
/// Specifies MSS TZ Carveout distribute key1
NvBool MssTzCoDisKey1;
/// Specifies MSS VPR Carveout distribute key2
NvBool MssVprCoDisKey2;
/// Specifies MSS GSC Carveout distribute key3
NvBool MssGscCoDisKey3;
/// Specifies MSS MTS Carveout Enable key0
NvBool MssMtsCoEnKey0;
/// Specifies MSS TZ Carveout Enable key1
NvBool MssTzCoEnKey1;
/// Specifies MSS VPR Carveout Enable key2
NvBool MssVprCoEnKey2;
/// Specifies MSS GSC Carveout Enable key3
NvBool MssGscCoEnKey3;
/// Specifies EncryptDistribute lock
NvBool MssSkipEncryptLock;
/// Specifies TSA CRS Bpmp R override
NvU32 TsaCfgBpmpR;
/// Specifies TSA CRS Bpmp W override
NvU32 TsaCfgBpmpW;
/// Specifies TSA CRS Bpmp DMA R override
NvU32 TsaCfgBpmpDmaR;
/// Specifies TSA CRS Bpmp DMA W override
NvU32 TsaCfgBpmpDmaW;
/// Specifies TSA CRS Se RD override
NvU32 TsaCfgSesR;
/// Specifies TSA CRS Se W override
NvU32 TsaCfgSesW;
/// Specifies override Bpmp Cpu Clk dividers
NvU32 BootClientBpmpCpu;
/// Specifies override Bpmp Apb Clk dividers
NvU32 BootClientBpmpApb;
/// Specifies override Bpmp Axi Cbb dividers
NvU32 BootClientAxiCbb;
/// Specifies override Se Clk dividers
NvU32 BootClientSe;
/// Specifies override Emc Clk roc dividers
NvU32 BootClientEmcRoc;
/// Specifies whether FailBack should be used when looking for a good BL.
NvBool EnableFailBack;
/// Specify KEK size select
/// 0 - sets of 128 bit keys.
/// 1 - 256 bit key
NvU8 BctKEKKeySelect;
/// Specify whether or not to enable denver dfd access
/// CustDenverDfdEn = NV_FALSE (0) = Disable Dfd access.
/// CustDenverDfdEn = NV_TRUE (1) = Enable Dfd access.
NvBool CustDenverDfdEn;
/// Specifies which debug features to be enabled or disabled.
/// Maps directly to PMC_IMPL_DEBUG_AUTHENICATION_0. Must specify
/// the ECID of the chip in UniqueChipId on production systems.
/// 0x1 = ENABLED. 0x0 = DISABLED.
/// Ramdump Enable - bit 31.
/// SCE_Secure_Debug - bit 10
/// SPE_Secure_Debug - bit 9
/// BPMP_Secure_Debug - bit 8
/// Reserved bits [7:6]
/// DBGEN - bit 5
/// NIDEN - bit 4
/// SPIDEN - bit 3
/// SPNIDEN - bit 2
/// DEVICEEN - bit 1
/// JTAG_ENABLE - bit 0
/// ECID check is mandatory for bits 0, 1, 2, 3, 5, 31.
NvU32 SecureDebugControl;
/// Specifies the factory secure provisioning key number to use.
/// There are 64 such 256-bit AES keys.
/// Specifying a key number of 0 will cause Boot ROM to default to
/// NvProduction mode boot (i.e. Factory Secure Provisioning mode disabled).
/// Specifying a key number of 1 to 15 is invalid. These are anti-cloning keys
/// numbers and BR will ignore these values.
/// BR will ignore this field if the secure_provision_index fuse is burned.
/// Key number 64 (index [63]) is reserved for NVIDIA debug use.
/// So, this field will only be used if the chip is in NvProductionMode,
/// and when secure_provision_index is zero, and when SecProvisioningKeyNum
/// is not 0 to 15.
/// This key number must match SecProvisioningKeyNum_Insecure.
NvU32 SecProvisioningKeyNum_Secure;
/// Specifies a reserved area at the end of the BCT that must be filled
/// with the padding pattern.
NvU8 Reserved[NVBOOT_BCT_RESERVED_SIZE];
} NvBootConfigTable;
#if defined(__cplusplus)
}
#endif
#endif /* #ifndef INCLUDED_NVBOOT_BCT_H */