OEM-FW Ratchet Configuration

Roll-back prevention for oem-fw is controlled by using the OEM-FW Ratchet configuration. Ratcheting is when the older version of the software is precluded from loading. The ratchet version of the software is incremented after fixing the security bugs, and this version is compared against the version that is stored in the Boot Component Header (BCH) of the software before loading. This file defines the minimum ratchet level for OEM-FW components. If the version in BCH is lower than the minimum ratchet level in BCT, the binary/firmware will not be loaded.

Each entry in the config file is of the form:

/dts-v1/;
/{
  ratchet {
        <loader_name1> {
        <fw_name1> = < <fw_index1> <ratchet_value> >;
                <fw_name2> = < <fw_index2> <ratchet_value> >;
        };
        <loader_name2> {
             fw_name3> = < <fw_index3> <ratchet_value> >;
        };
      };

};

where:

  • <fw_index#> is the unique index for each oem-fw.

  • <loader_name#> is the name of the Boot Stage binary, which loads firmware corresponding to fw_index.

  • <fw_name#> is the name of the firmware.

  • <ratchet_value> is the ratchet_value for the firmware.

The ratchet configuration file is in the Linux_for_Tegra/bootloader/generic/BCT directory.

Here is the DTS example:

/dts-v1/;

/ {
    ratchet {
        /* name = <index value> */
        mb1bct = <1 0>;
        membct = <2 0>;
        bpmp_fw_dtb = <3 0>;
        mb2rf = <4 0>;
        mb2 = <5 0>;
        /* index 6 and 7 are reserved */
        mb2_applet = <8 0>;
        fskp_fw = <9 0>;

        /* index 15 is reserved */
        spe = <16 0>;
        /* index 17 and 18 are reserved */
        sce = <19 0>;
        rce = <20 0>;
        ape = <21 0>;
        dce = <22 0>;
        atf = <23 0>;
        tos = <24 0>;
        /* index 25 is reserved */
        cpubl = <26 0>;
        cpubl_dtb = <27 0>;
    };
};