Security Configuration

MB1 and MB2 program most of the SCRs and firewalls in T23x. The list of SCRs/firewalls, their order, and their addresses are predetermined. The values are taken from the SCR configuration file.

Each entry in this configuration file is in the following form:

/ {
  scr {
      reg@<index> {
          <parameter> = <value>;
       };
   };
};

where:

  • <index> is the index of the SCR/firewall in the predefined list.

  • <parameter> and its <value> can be as follows:

Parameters

Value

exclusion-info

Exclusion info is a bit field defined as the following bits:
  • 0: 1

  • Do not program in coldboot or SC7-exit.

  • 1: Program in coldboot, but skip in the SC7-exit.

  • 2: Program at end of MB2 instead of MB1.

value

32-bit value for the SCR register.

Note

The values of the SCRs are programmed in the increasing order of indexes and not in the order in which they appear in the configuration file. The scr/firewalls, which are not specified in the configuration file, are locked without restricting the access to the protected registers.

The scr configuration files are in the Linux_for_Tegra/bootloader/generic/BCT directory.

Here is an example of the format of SCR the config file:

/dts-v1/;

#include "tegra234-chip.dtsi"
#include "tegra234-mb2-bct-scr-p3701-0000-override.dts"

/ {
    tfc {
        reg@5138 { /* CBB_CENTRAL_CBB_FIREWALL_QSPI0_BLF, READ_CTL */
            exclusion-info = <2>;
            value = <0x00100009>;
        };

        reg@5139 { /* CBB_CENTRAL_CBB_FIREWALL_QSPI0_BLF, WRITE_CTL */
            exclusion-info = <2>;
            value = <0x00100009>;
        };

        reg@505 { /* PADCTL_G4_SCR_SCR_SOC_GPIO19_0 */
            exclusion-info = <2>;
            value = <0x38000606>;
        };

        reg@972 { /* TKE_FSI_SCR_TKESCR_0 */
            exclusion-info = <0>;
            value = <0x20000000>;
        };
        .
        .
        .