.. _SD.Bootloader.OemFwRachetConfig:

.. include:: /content/swdocs.rsts

.. spelling::
   BootROM
   BR
   BCT
   dts
   coldboot
   CPU
   BL
   tegrabct
   tegrabct_v2
   Mem
   MB1
   MB2
   OEM
   FW
   Ratchet
   OEM
   oem
   FW
   fw
   mb1bct
   spefw
   cpubl
   BCH
   bct
   

OEM-FW Ratchet Configuration
!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Roll-back prevention for ``oem-fw`` is controlled by using the OEM-FW Ratchet configuration. Ratcheting is when the older version of the software is precluded from loading. The ratchet version of the software is incremented after fixing the security bugs, and this version is compared against the version that is stored in the Boot Component Header (BCH) of the software before loading. This file defines the minimum ratchet level for OEM-FW components. If the version in BCH is lower than the minimum ratchet level in BCT, the binary/firmware will not be loaded.

Each entry in the config file is of the form:

.. code-block:: none

   /dts-v1/;
   /{
     ratchet {
	   <loader_name1> {
       	   <fw_name1> = < <fw_index1> <ratchet_value> >;
		   <fw_name2> = < <fw_index2> <ratchet_value> >;
	   };
	   <loader_name2> {
	        fw_name3> = < <fw_index3> <ratchet_value> >;
	   };
	 };
	 
   };

where:

  - ``<fw_index#>`` is the unique index for each oem-fw.
  - ``<loader_name#>`` is the name of the Boot Stage binary, which loads firmware corresponding to fw_index.
  - ``<fw_name#>`` is the name of the firmware.
  - ``<ratchet_value>`` is the ratchet_value for the firmware.

The ratchet configuration file is in the ``hardware/nvidia/platform/t23x/<platform>/bct/ratchet`` directory.

Here is the new DTS example:

.. code-block:: none

   /dts-v1/;
   /{
     ratchet {
	     mb1 {
       	   mb1bct = <1 3>;
		   spefw = <2 0>;
	     };
	     mb2 {
	         cpubl = <11 5>;
	     };
	 };
	 
  };
  
Here is the previous CFG format:

.. code-block:: none

   //ratchet
   ratchet.1.mb1.mb1bct = 3; 
   ratchet.2.mb1.spefw = 0; 
   ratchet.11.mb2.cpubl = 5;