diff options
Diffstat (limited to 'src/t210/nvboot_bct_t210.h')
-rw-r--r-- | src/t210/nvboot_bct_t210.h | 406 |
1 files changed, 406 insertions, 0 deletions
diff --git a/src/t210/nvboot_bct_t210.h b/src/t210/nvboot_bct_t210.h new file mode 100644 index 0000000..90841f6 --- /dev/null +++ b/src/t210/nvboot_bct_t210.h @@ -0,0 +1,406 @@ +/* + * Copyright (c) 2015, NVIDIA CORPORATION. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * See file CREDITS for list of people who contributed to this + * project. + */ + +#ifndef INCLUDED_NVBOOT_BCT_T210_H +#define INCLUDED_NVBOOT_BCT_T210_H + +#include <sys/types.h> +#include "nvboot_sdram_param_t210.h" + +/** + * Defines the number of 32-bit words in the customer_data area of the BCT. + */ +#define NVBOOT_BCT_CUSTOMER_DATA_WORDS 49 + +/** + * Defines the number of bytes in the customer_data area of the BCT. + */ +#define NVBOOT_BCT_CUSTOMER_DATA_SIZE \ + (NVBOOT_BCT_CUSTOMER_DATA_WORDS * 4) + +/** + * Defines the number of bytes in the reserved area of the BCT. + */ +#define NVBOOT_BCT_RESERVED_SIZE 18 + +/** + * Defines the maximum number of bootloader descriptions in the BCT. + */ +#define NVBOOT_MAX_BOOTLOADERS 4 + +/** + * Defines the maximum number of device parameter sets in the BCT. + * The value must be equal to (1 << # of device straps) + */ +#define NVBOOT_BCT_MAX_PARAM_SETS 1 + +/** + * Defines the maximum number of SDRAM parameter sets in the BCT. + * The value must be equal to (1 << # of SDRAM straps) + */ +#define NVBOOT_BCT_MAX_SDRAM_SETS 4 + +/** + * Defines the number of entries (bits) in the bad block table. + * The consequences of changing its value are as follows. Using P as the + * # of physical blocks in the boot loader and B as the value of this + * constant: + * B > P: There will be unused storage in the bad block table. + * B < P: The virtual block size will be greater than the physical block + * size, so the granularity of the bad block table will be less than + * one bit per physical block. + * + * 4096 bits is enough to represent an 8MiB partition of 2KiB blocks with one + * bit per block (1 virtual block = 1 physical block). This occupies 512 bytes + * of storage. + */ +#define NVBOOT_BAD_BLOCK_TABLE_SIZE 4096 + +/** + * Defines the amount of padding needed to pad the bad block table to a + * multiple of AES block size. + */ +#define NVBOOT_BAD_BLOCK_TABLE_PADDING 10 + +/** + * Defines the maximum number of blocks to search for BCTs. + * + * This value covers the initial block and a set of journal blocks. + * + * Ideally, this number will span several erase units for reliable updates + * and tolerance for blocks to become bad with use. Safe updates require + * a minimum of 2 erase units in which BCTs can appear. + * + * To ensure that the BCT search spans a sufficient range of configurations, + * the search block count has been set to 64. This allows for redundancy with + * a wide range of parts and provides room for greater problems in this + * region of the device. + */ +#define NVBOOT_MAX_BCT_SEARCH_BLOCKS 64 + +#define ARSE_RSA_MAX_MODULUS_SIZE 2048 + +/** + * Defines the RSA modulus length in bits and bytes used for PKC secure boot. + */ +enum {NVBOOT_SE_RSA_MODULUS_LENGTH_BITS = ARSE_RSA_MAX_MODULUS_SIZE}; + +/* + * Defines the CMAC-AES-128 hash length in 32 bit words. (128 bits = 4 words) + */ +enum {NVBOOT_CMAC_AES_HASH_LENGTH = 4}; + +/** + * Defines the storage for a hash value (128 bits). + */ +typedef struct nvboot_hash_rec { + u_int32_t hash[NVBOOT_CMAC_AES_HASH_LENGTH]; +} nvboot_hash; + +/* + * Defines the storage for the RSA public key's modulus + * in the BCT + */ +typedef struct nvboot_rsa_key_modulus_rec { + /* The modulus size is 2048-bits. */ + u_int32_t modulus[NVBOOT_SE_RSA_MODULUS_LENGTH_BITS / 8 / 4]; +} nvboot_rsa_key_modulus; + +typedef struct nvboot_rsa_pss_sig_rec { + /* + * The RSA-PSS signature length is equal to the + * length in octets of the RSA modulus. + * In our case, it's 2048-bits. + */ + u_int32_t signature[NVBOOT_SE_RSA_MODULUS_LENGTH_BITS / 8 / 4]; +} nvboot_rsa_pss_sig; + +typedef struct nvboot_object_signature_rec { + /* + * Specifies the AES-CMAC signature for the rest of the BCT structure + * if symmetric key encryption secure boot scheme is used. + */ + nvboot_hash crypto_hash; + + /* + * Specifies the RSASSA-PSS signature for the rest of the BCT structure + * if public key cryptography secure boot scheme is used. + */ + nvboot_rsa_pss_sig rsa_pss_sig; +} nvboot_object_signature; + +typedef struct nvboot_ecid_rec { + u_int32_t ecid_0; + u_int32_t ecid_1; + u_int32_t ecid_2; + u_int32_t ecid_3; +} nvboot_ecid; + +/* Defines various data widths supported. */ +typedef enum { + /** + * Specifies a 1 bit interface to eMMC. + * Note that 1-bit data width is only for the driver's internal use. + * Fuses doesn't provide option to select 1-bit data width. + * The driver selects 1-bit internally based on need. + * It is used for reading Extended CSD and when the power class + * requirements of a card for 4-bit or 8-bit transfers are not + * supported by the target board. + */ + nvboot_sdmmc_data_width_1bit = 0, + + /* Specifies a 4 bit interface to eMMC. */ + nvboot_sdmmc_data_width_4bit = 1, + + /* Specifies a 8 bit interface to eMMC. */ + nvboot_sdmmc_data_width_8bit = 2, + /* Specifies a 4 bit Ddr interface to eMMC. */ + nvboot_sdmmc_data_width_ddr_4bit = 5, + /* Specifies a 8 bit Ddr interface to eMMC. */ + nvboot_sdmmc_data_width_ddr_8bit = 6, + + nvboot_sdmmc_data_width_num, + nvboot_sdmmc_data_width_force32 = 0x7FFFFFFF +} nvboot_sdmmc_data_width; + +/* Defines the parameters that can be changed after BCT is read. */ +typedef struct nvboot_sdmmc_params_rec { + /** + * Specifies the clock divider for the SDMMC controller's clock source, + * which is PLLP running at 216MHz. If it is set to 9, then the SDMMC + * controller runs at 216/9 = 24MHz. + */ + u_int8_t clock_divider; + + /* Specifies the data bus width. Supported data widths are 4/8 bits. */ + nvboot_sdmmc_data_width data_width; + + /** + * Max Power class supported by the target board. + * The driver determines the best data width and clock frequency + * supported within the power class range (0 to Max) if the selected + * data width cannot be used at the chosen clock frequency. + */ + u_int8_t max_power_class_supported; + + /* Specifies the max page size supported by driver */ + u_int8_t multi_page_support; +} nvboot_sdmmc_params; + +typedef enum { + /* Specifies SPI clock source to be PLLP. */ + nvboot_spi_clock_source_pllp_out0 = 0, + + /* Specifies SPI clock source to be ClockM. */ + nvboot_spi_clock_source_clockm = 6, + + nvboot_spi_clock_source_num, + nvboot_spi_clock_source_force32 = 0x7FFFFFF +} nvboot_spi_clock_source; + +/** + * Defines the parameters SPI FLASH devices. + */ +typedef struct nvboot_spiflash_params_rec { + /** + * Specifies the clock source to use. + */ + u_int32_t clock_source; + + /** + * Specifes the clock divider to use. + * The value is a 7-bit value based on an input clock of 432Mhz. + * Divider = (432+ DesiredFrequency-1)/DesiredFrequency; + * Typical values: + * NORMAL_READ at 20MHz: 22 + * FAST_READ at 33MHz: 14 + * FAST_READ at 40MHz: 11 + * FAST_READ at 50MHz: 9 + */ + u_int8_t clock_divider; + + /** + * Specifies the type of command for read operations. + * NV_FALSE specifies a NORMAL_READ Command + * NV_TRUE specifies a FAST_READ Command + */ + u_int8_t read_command_type_fast; + + /* 0 = 2k page size, 1 = 16K page size */ + u_int8_t page_size_2k_or_16k; +} nvboot_spiflash_params; + +/** +* Defines the union of the parameters required by each device. +*/ +typedef union { + u_int8_t size[64]; + /* Specifies optimized parameters for eMMC and eSD */ + nvboot_sdmmc_params sdmmc_params; + /* Specifies optimized parameters for SPI NOR */ + nvboot_spiflash_params spiflash_params; +} nvboot_dev_params; + +/** + * Identifies the types of devices from which the system booted. + * Used to identify primary and secondary boot devices. + * @note These no longer match the fuse API device values (for + * backward compatibility with AP15). + */ +typedef enum { + /* Specifies a default (unset) value. */ + nvboot_dev_type_none = 0, + + /* Specifies SPI NOR. */ + nvboot_dev_type_spi = 3, + + /* Specifies SDMMC (either eMMC or eSD). */ + nvboot_dev_type_sdmmc = 4, + + nvboot_dev_type_max, + + /* Ignore -- Forces compilers to make 32-bit enums. */ + nvboot_dev_type_force32 = 0x7FFFFFFF +} nvboot_dev_type; + +/** + * Stores information needed to locate and verify a boot loader. + * + * There is one \c nv_bootloader_info structure for each copy of a BL stored on + * the device. + */ +typedef struct nv_bootloader_info_rec { + u_int32_t version; + u_int32_t start_blk; + u_int32_t start_page; + u_int32_t length; + u_int32_t load_addr; + u_int32_t entry_point; + u_int32_t attribute; + + /* Specifies the AES-CMAC MAC or RSASSA-PSS signature of the BL. */ + nvboot_object_signature signature; +} nv_bootloader_info; + +/** + * Defines the bad block table structure stored in the BCT. + */ +typedef struct nvboot_badblock_table_rec { + u_int32_t entries_used; + u_int8_t virtual_blk_size_log2; + u_int8_t block_size_log2; + u_int8_t bad_blks[NVBOOT_BAD_BLOCK_TABLE_SIZE / 8]; + /* + * Add a reserved field as padding to make the bad block table structure + * a multiple of 16 bytes (AES block size). + */ + u_int8_t reserved[NVBOOT_BAD_BLOCK_TABLE_PADDING]; +} nvboot_badblock_table; + +enum {NVBOOT_SE_AES_KEY256_LENGTH_BYTES = 32}; +/** + * Contains the information needed to load BLs from the secondary boot device. + * + * - Supplying NumParamSets = 0 indicates not to load any of them. + * - Supplying NumDramSets = 0 indicates not to load any of them. + * - The \c random_aes_blk member exists to increase the difficulty of + * key attacks based on knowledge of this structure. + */ +typedef struct nvboot_config_table_rec { + nvboot_badblock_table badblock_table; + nvboot_rsa_key_modulus key; + nvboot_object_signature signature; /* 310 */ + + /** + * Specifies the Factory Secure Provisioning number to be used. + * Only valid and consumed by BR in NvProduction Mode. + * Because the key number is specified in the BCT, BR needs to read in + * the BCT first to know the key number to validate against. + * This field must match SecProvisioningKeyNum_Secure to be a valid + * BCT for use in the Factory Secure Provisioning mode. + */ + u_int32_t secure_provisioning_key_number_insecure; /* 420 */ + + /** + * A 256-bit AES key encrypted by a reserved 256-bit AES "key wrap" + * key. Only used in Factory Secure Provisioning mode. + */ + u_int8_t aes_key[NVBOOT_SE_AES_KEY256_LENGTH_BYTES]; /* 424 */ + + u_int8_t customer_data[NVBOOT_BCT_CUSTOMER_DATA_SIZE]; /* 444 */ + u_int32_t odm_data; /* 508 */ + u_int32_t reserved1; + + /* START OF SIGNED SECTION OF THE BCT */ + nvboot_hash random_aes_blk; /* 0x510 */ + nvboot_ecid unique_chip_id; /* 0x520 */ + u_int32_t boot_data_version; /* 0x530 */ + u_int32_t block_size_log2; + u_int32_t page_size_log2; + u_int32_t partition_size; + u_int32_t num_param_sets; + nvboot_dev_type dev_type[NVBOOT_BCT_MAX_PARAM_SETS]; + nvboot_dev_params dev_params[NVBOOT_BCT_MAX_PARAM_SETS]; + u_int32_t num_sdram_sets; /* 0x588 */ + nvboot_sdram_params sdram_params[NVBOOT_BCT_MAX_SDRAM_SETS]; /* 0x58c */ + + u_int32_t bootloader_used; /* 0x232c */ + nv_bootloader_info bootloader[NVBOOT_MAX_BOOTLOADERS]; /* 0x2330 */ + + u_int8_t enable_fail_back; + + /** + * Specifies which debug features to be enabled or disabled. + * Maps directly to APBDEV_PMC_DEBUG_AUTHENTICATION_0. Must specify + * the ECID of the chip in UniqueChipId on production systems. + * 0x1 = ENABLED. 0x0 = DISABLED. + * DBGEN - bit 5 + * NIDEN - bit 4 + * SPIDEN - bit 3 + * SPNIDEN - bit 2 + * DEVICEEN - bit 1 + * JTAG_ENABLE - bit 0 + */ + u_int32_t secure_debug_control; + + /** + * Specifies the factory secure provisioning key number to use. + * There are 64 such 256-bit AES keys. + * + * Specifying a key number of 0 will cause Boot ROM to default to + * NvProduction mode boot (i.e. Factory Secure Provisioning mode + * disabled). + * + * Specifying a key number of 1 to 15 is invalid. These are + * anti-cloning keys numbers and BR will ignore these values. + * BR will ignore this field if the secure_provision_index fuse is + * burned. + * + * Key number 64 (index [63]) is reserved for NVIDIA debug use. + * So, this field will only be used if the chip is in NvProductionMode, + * and when secure_provision_index is zero, and when + * SecProvisioningKeyNum is not 0 to 15. + * + * This key number must match SecProvisioningKeyNum_Insecure. + */ + u_int32_t secure_provisioning_key_number_secure; + + u_int8_t reserved[NVBOOT_BCT_RESERVED_SIZE]; +} nvboot_config_table; +#endif /* #ifndef INCLUDED_NVBOOT_BCT_T210_H */ |