OEM-FW Ratchet ConfigurationΒΆ

Roll-back prevention for oem-fw is controlled by using the OEM-FW Ratchet configuration. Ratcheting is when the older version of the software is precluded from loading. The ratchet version of the software is incremented after fixing the security bugs, and this version is compared against the version that is stored in the Boot Component Header (BCH) of the software before loading. This file defines the minimum ratchet level for OEM-FW components. If the version in BCH is lower than the minimum ratchet level in BCT, the binary/firmware will not be loaded.

Each entry in the config file is of the form:

/dts-v1/;
/{
  ratchet {
        <loader_name1> {
        <fw_name1> = < <fw_index1> <ratchet_value> >;
                <fw_name2> = < <fw_index2> <ratchet_value> >;
        };
        <loader_name2> {
             fw_name3> = < <fw_index3> <ratchet_value> >;
        };
      };

};

where:

  • <fw_index#> is the unique index for each oem-fw.

  • <loader_name#> is the name of the Boot Stage binary, which loads firmware corresponding to fw_index.

  • <fw_name#> is the name of the firmware.

  • <ratchet_value> is the ratchet_value for the firmware.

The ratchet configuration file is in the hardware/nvidia/platform/t23x/<platform>/bct/ratchet directory.

Here is the new DTS example:

 /dts-v1/;
 /{
   ratchet {
           mb1 {
         mb1bct = <1 3>;
                 spefw = <2 0>;
           };
           mb2 {
               cpubl = <11 5>;
           };
       };

};

Here is the previous CFG format:

//ratchet
ratchet.1.mb1.mb1bct = 3;
ratchet.2.mb1.spefw = 0;
ratchet.11.mb2.cpubl = 5;