Migrating to SYSFW version v2021.01

[processor-sdk/pdk.git] / packages / ti / drv / sciclient / soc / sysfw / binaries / system-firmware-public-documentation / 3_boardcfg / BOARDCFG_SEC.html

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  <title>Security Board Configuration &mdash; TISCI User Guide</title>
  

  
  
    <link rel="shortcut icon" href="../_static/favicon.ico"/>
  

  

  
  
    

  

  
  
    <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
  

  
    <link rel="stylesheet" href="../_static/theme_overrides.css" type="text/css" />
  

  
        <link rel="index" title="Index"
              href="../genindex.html"/>
        <link rel="search" title="Search" href="../search.html"/>
    <link rel="top" title="TISCI User Guide" href="../index.html"/>
        <link rel="up" title="Chapter 3: Board Configuration" href="index.html"/>
        <link rel="next" title="Power Management Board Configuration" href="BOARDCFG_PM.html"/>
        <link rel="prev" title="Resource Management Board Configuration" href="BOARDCFG_RM.html"/> 

  
  <script src="../_static/js/modernizr.min.js"></script>

</head>

<body class="wy-body-for-nav" role="document">
  <header id="tiHeader">
    <div class="top">
      <ul>
        <li id="top_logo">
          <a href="http://www.ti.com">
            <img src="../_static/img/ti_logo.png"/>
          </a>
        </li>
      </ul>
    </div>
    <div class="nav"></div>
  </header>
  <div class="wy-grid-for-nav">

    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search">
          

          
            <a href="../index.html" class="icon icon-home"> TISCI
          

          
          </a>

          
            
            
              <div class="version">
                21.01.00
              </div>
            
          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
                <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../1_intro/index.html">Chapter 1: Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../2_tisci_msgs/index.html">Chapter 2: TISCI Message Documentation</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Chapter 3: Board Configuration</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="BOARDCFG.html">Board Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="BOARDCFG_RM.html">Resource Management Board Configuration</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Security Board Configuration</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#security-configuration-in-system-firmware">Security Configuration in System Firmware</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#tisci-api-for-security-board-config">TISCI API for Security Board Config</a></li>
<li class="toctree-l4"><a class="reference internal" href="#configuration-substructure-enumeration">Configuration substructure enumeration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#processor-access-list">Processor Access List</a></li>
<li class="toctree-l4"><a class="reference internal" href="#host-hierarchy">Host Hierarchy</a></li>
<li class="toctree-l4"><a class="reference internal" href="#extended-otp-array-configuration">Extended OTP array configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#derived-kek-management">Derived KEK Management</a></li>
<li class="toctree-l4"><a class="reference internal" href="#reserved-entry">Reserved Entry</a></li>
<li class="toctree-l4"><a class="reference internal" href="#secure-debug-unlock">Secure Debug Unlock</a></li>
<li class="toctree-l4"><a class="reference internal" href="#security-handover">Security Handover</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="BOARDCFG_PM.html">Power Management Board Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="BOARDCFG_COMBINED_IMG_FORMAT.html">Board Configuration with ROM Combined Image format</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../4_trace/index.html">Chapter 4: Interpreting Trace Data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../5_soc_doc/index.html">Chapter 5: SoC Family Specific Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../6_topic_user_guides/index.html">Chapter 6: Topic User Guides</a></li>
</ul>

            
          
        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
        <a href="../index.html">TISCI</a>
      </nav>


      
      <div class="wy-nav-content">
        <div class="rst-content">
          

 



<div role="navigation" aria-label="breadcrumbs navigation">
  <ul class="wy-breadcrumbs">
    <li><a href="../index.html">Docs</a> &raquo;</li>
      
          <li><a href="index.html">Chapter 3: Board Configuration</a> &raquo;</li>
      
    <li>Security Board Configuration</li>
      <li class="wy-breadcrumbs-aside">
        
          
        
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
  <div class="section" id="security-board-configuration">
<h1>Security Board Configuration<a class="headerlink" href="#security-board-configuration" title="Permalink to this headline">¶</a></h1>
<div class="section" id="security-configuration-in-system-firmware">
<span id="pub-boardcfg-sec-intro"></span><h2>Security Configuration in System Firmware<a class="headerlink" href="#security-configuration-in-system-firmware" title="Permalink to this headline">¶</a></h2>
<p>The security portion of system firmware has options that can be configured
independently of the main Board Configuration. These options are controlled
through the security board configuration. In addition, initialization of the
secure portion of the system firmware is deferred until the secure board
configuration is sent to allow tuning of the system boot time.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">This message MUST be sent in order to initialize the security capabilities of
system firmware. Until it is received no security functionality is available.</p>
</div>
<p>A standalone board configuration message contains the security
data within a flat-typed array.  The security data is provided
separately to reduce DMSC boot time.  The security board cfg message
is sent any time after the boot notification message is sent and has no
dependence upon receipt of the standard board configuration message.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Security Board configuration requires to be signed and encrypted on HS devices
to ensure authenticity and protect secrets. Please refer to
<a class="reference internal" href="../6_topic_user_guides/hs_boardcfg_signing.html"><span class="doc">Signing Board Configuration on HS devices</span></a> on how to sign and encrypt
board configuration on HS devices.</p>
</div>
<div class="section" id="tisci-api-for-security-board-config">
<span id="pub-boardcfg-security-tisci"></span><h3>TISCI API for Security Board Config<a class="headerlink" href="#tisci-api-for-security-board-config" title="Permalink to this headline">¶</a></h3>
<p>The following are the parameters required in the TI-SCI message to pass security
board configuration data to DMSC after DMSC sends boot notification complete.
The security board configuration message is not dependent on receipt of the
standard board configuration message.</p>
<div class="section" id="usage">
<h4>Usage<a class="headerlink" href="#usage" title="Permalink to this headline">¶</a></h4>
<table border="1" class="docutils">
<colgroup>
<col width="75%" />
<col width="25%" />
</colgroup>
<tbody valign="top">
<tr class="row-odd"><td><strong>Message Type</strong></td>
<td>Normal</td>
</tr>
<tr class="row-even"><td><strong>Secure Queue Only?</strong></td>
<td>Yes</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="tisci-message-id">
<h4>TISCI Message ID<a class="headerlink" href="#tisci-message-id" title="Permalink to this headline">¶</a></h4>
<p><code class="docutils literal"><span class="pre">TISCI_MSG_BOARD_CONFIG_SECURITY</span>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="pre">(0x000DU)</span></code></p>
</div>
<div class="section" id="message-data-structures">
<h4>Message Data Structures<a class="headerlink" href="#message-data-structures" title="Permalink to this headline">¶</a></h4>
<p><p><strong>struct tisci_msg_board_config_security_req</strong></p>
<p>TISCI_MSG_BOARD_CONFIG_SECURITY request to provide the location and size of the boardcfg security configuration structure.</p>
<table border="1" class="docutils">
<colgroup>
<col width="21%" />
<col width="17%" />
<col width="62%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>hdr</td>
<td>struct tisci_header</td>
<td>TISCI header</td>
</tr>
<tr class="row-odd"><td>boardcfg_securityp_low</td>
<td>u32</td>
<td>Low 32-bits of physical pointer to boardcfg security configuration struct.</td>
</tr>
<tr class="row-even"><td>boardcfg_securityp_high</td>
<td>u32</td>
<td>High 32-bits of physical pointer to boardcfg security configuration struct.</td>
</tr>
<tr class="row-odd"><td>boardcfg_security_size</td>
<td>u16</td>
<td>Size of security configuration data.</td>
</tr>
<tr class="row-even"><td>boardcfg_security_devgrp</td>
<td>devgrp_t</td>
<td>Device group for the security board configuration.</td>
</tr>
</tbody>
</table>
</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p>Even though the security board configuration structure contains the
<code class="docutils literal"><span class="pre">boardcfg_security_devgrp</span></code> member, it is ignored. Initialization of
firewalls is performed for a devgrp when it is enabled via the core board
configuration message. This is necessary to ensure isolation. See
<a class="reference internal" href="BOARDCFG.html"><span class="doc">Board Configuration</span></a>.</p>
<p class="last">The reamining security services are initialized when the security board configuration is
received for the first time. Subsequent security board configuration messages do not have
any effect on operation of System Firmware.</p>
</div>
<p><p><strong>struct tisci_msg_board_config_security_resp</strong></p>
<p>Empty response for TISCI_MSG_BOARD_CONFIG_SECURITY.</p>
<table border="1" class="docutils">
<colgroup>
<col width="27%" />
<col width="43%" />
<col width="31%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>hdr</td>
<td>struct tisci_header</td>
<td>TISCI header.</td>
</tr>
</tbody>
</table>
<p>Although this message is essentially empty and contains only a header
 a full data structure is created for consistency in implementation.</p>
</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The boardcfg data structures described below <strong>must</strong> be placed in
MCU OCMC SRAM. The address used in the TISCI message will be
in MCU OCMC SRAM.</p>
</div>
</div>
</div>
<div class="section" id="configuration-substructure-enumeration">
<span id="pub-boardcfg-sec"></span><h3>Configuration substructure enumeration<a class="headerlink" href="#configuration-substructure-enumeration" title="Permalink to this headline">¶</a></h3>
<p>This is a fixed size c-structure which both defines the format of the
configuration as well as reserves DMSC memory to store the
configuration. The boardcfg_sec data structure makes use of the same
<a class="reference internal" href="BOARDCFG.html#pub-boardcfg-abi-rev"><span class="std std-ref">ABI revision structure</span></a> structure for the top level and
<a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a> for each member structure as the top level
boardcfg structure does..</p>
<table border="1" class="docutils">
<colgroup>
<col width="16%" />
<col width="37%" />
<col width="47%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>boardcfg_abi_rev</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-abi-rev"><span class="std std-ref">ABI revision structure</span></a></td>
<td>Board Config ABI version (separate from DMSC ABI version)</td>
</tr>
<tr class="row-odd"><td>processor_acl_list</td>
<td><a class="reference internal" href="#pub-boardcfg-proc-acl"><span class="std std-ref">Processor Access List</span></a></td>
<td>Processor access control list configuration</td>
</tr>
<tr class="row-even"><td>host_hierarchy</td>
<td><a class="reference internal" href="#pub-boardcfg-host-hierarchy"><span class="std std-ref">Host Hierarchy</span></a></td>
<td>Host hierarchy configuration</td>
</tr>
<tr class="row-odd"><td>otp_config</td>
<td><a class="reference internal" href="#pub-boardcfg-ext-otp-config"><span class="std std-ref">Extended OTP array configuration</span></a></td>
<td>Extended OTP access configuration</td>
</tr>
<tr class="row-even"><td>dkek_config</td>
<td><a class="reference internal" href="#pub-boardcfg-dkek-config"><span class="std std-ref">Derived KEK Management</span></a></td>
<td>DKEK access configuration</td>
</tr>
<tr class="row-odd"><td>reserved_cfg_entry</td>
<td><a class="reference internal" href="#pub-boardcfg-reserved-entry"><span class="std std-ref">Reserved Entry</span></a></td>
<td>Reserved configuration entry</td>
</tr>
<tr class="row-even"><td>reserved_cfg_entry</td>
<td><a class="reference internal" href="#pub-boardcfg-secure-debug-unlock"><span class="std std-ref">Secure Debug Unlock</span></a></td>
<td>Secure debug unlock configuration</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="processor-access-list">
<span id="pub-boardcfg-proc-acl"></span><h3>Processor Access List<a class="headerlink" href="#processor-access-list" title="Permalink to this headline">¶</a></h3>
<p>Access Control List for various Processors in the SoC.</p>
<div class="section" id="boardcfg-proc">
<span id="pub-boardcfg-proc"></span><h4>boardcfg_proc<a class="headerlink" href="#boardcfg-proc" title="Permalink to this headline">¶</a></h4>
<table border="1" class="docutils">
<colgroup>
<col width="15%" />
<col width="54%" />
<col width="31%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>proc_access_list</td>
<td><a class="reference internal" href="#pub-processor-access-list"><span class="std std-ref">processor_access_list</span></a> [32]</td>
<td>Processor access description</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0xF1EA</span></code>.</p>
</div>
<div class="section" id="processor-access-list-entry">
<span id="pub-processor-access-list"></span><h4>Processor access list entry<a class="headerlink" href="#processor-access-list-entry" title="Permalink to this headline">¶</a></h4>
<table border="1" class="docutils">
<colgroup>
<col width="25%" />
<col width="5%" />
<col width="70%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>processor_id</td>
<td>u8</td>
<td>Processor ID (mandatory) - Use 0 to mark unused</td>
</tr>
<tr class="row-odd"><td>proc_access_master</td>
<td>u16</td>
<td>Recovery Host ID or Primary control master host ID (mandatory)</td>
</tr>
<tr class="row-even"><td>proc_access_secondary[0-2]</td>
<td>u16</td>
<td>Other Host IDs that can control this processor(set to DMSC host ID if unused)</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="host-hierarchy">
<span id="pub-boardcfg-host-hierarchy"></span><h3>Host Hierarchy<a class="headerlink" href="#host-hierarchy" title="Permalink to this headline">¶</a></h3>
<p>Host Hierarchy for various processing entities in the SoC.  Host hierarchy
defines the supervisory tree for all processing entities in the SoC.</p>
<div class="section" id="boardcfg-host-hierarchy">
<h4>boardcfg_host_hierarchy<a class="headerlink" href="#boardcfg-host-hierarchy" title="Permalink to this headline">¶</a></h4>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="49%" />
<col width="31%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>host_hierarchy_entries</td>
<td><a class="reference internal" href="#pub-host-hierarchy"><span class="std std-ref">host_hierarchy_entries</span></a> [32]</td>
<td>Host hierarchy description</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0x8D27</span></code>.</p>
</div>
<div class="section" id="host-hierarchy-entry">
<span id="pub-host-hierarchy"></span><h4>Host hierarchy entry<a class="headerlink" href="#host-hierarchy-entry" title="Permalink to this headline">¶</a></h4>
<table border="1" class="docutils">
<colgroup>
<col width="23%" />
<col width="7%" />
<col width="70%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>host_id</td>
<td>u8</td>
<td>Processing entity Host ID (mandatory) - Use 0 to mark unused</td>
</tr>
<tr class="row-odd"><td>supervisor_host_id</td>
<td>u8</td>
<td>Supervisor Host ID</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="extended-otp-array-configuration">
<span id="pub-boardcfg-ext-otp-config"></span><h3>Extended OTP array configuration<a class="headerlink" href="#extended-otp-array-configuration" title="Permalink to this headline">¶</a></h3>
<p>The below structure defines which hosts read the OTP area and which host has
permissions to write to the OTP area. Please also refer to the below documents
to understand the usage of the board configuration structure.</p>
<ol class="arabic simple">
<li><a class="reference internal" href="../6_topic_user_guides/extended_otp.html"><span class="doc">Using Extended OTP on HS devices</span></a> and</li>
<li><a class="reference internal" href="../2_tisci_msgs/security/extended_otp.html"><span class="doc">Extended OTP TISCI Description</span></a> and</li>
</ol>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="49%" />
<col width="31%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>otp_entry</td>
<td><a class="reference internal" href="#pub-boardcfg-otp-entry"><span class="std std-ref">otp_entry</span></a> [32]</td>
<td>OTP MMR access control per row</td>
</tr>
<tr class="row-even"><td>write_host</td>
<td>u8</td>
<td>ID of the host who can perform
writes to OTP rows</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0x4081</span></code>.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Wildcard host ID (128U/0x80) cannot be used in the <code class="docutils literal"><span class="pre">write_host</span></code> field. The host ID used here must map to
a secure proxy thread.</p>
</div>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">Even though OTP functionality is not available on GP devices, the boardcfg structure for OTP must be present.
The header must be populated with the size and magic number correctly.</p>
</div>
<div class="section" id="extended-otp-row-entry">
<span id="pub-boardcfg-otp-entry"></span><h4>Extended OTP Row Entry<a class="headerlink" href="#extended-otp-row-entry" title="Permalink to this headline">¶</a></h4>
<table border="1" class="docutils">
<colgroup>
<col width="17%" />
<col width="10%" />
<col width="73%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>host_id</td>
<td>u8</td>
<td><p class="first">Host ID</p>
<ul class="last simple">
<li>Set to 128 if the MMR must be accesible to all hosts</li>
<li>Set to 0 if the MMR must not be accesible to any host</li>
</ul>
</td>
</tr>
<tr class="row-odd"><td>host_perms</td>
<td>u8</td>
<td><p class="first">2 bit wide fields specifying permissions</p>
<ul class="last simple">
<li>bit 1:0 - 10b - non-secure, any other value secure</li>
<li>bit 7:2 - Reserved for future use.</li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="derived-kek-management">
<span id="pub-boardcfg-dkek-config"></span><h3>Derived KEK Management<a class="headerlink" href="#derived-kek-management" title="Permalink to this headline">¶</a></h3>
<p>The below structure controls access to DKEK on the SOC.
Please also refer to the below documents to understand the usage of the board configuration structure.</p>
<ol class="arabic simple">
<li><a class="reference internal" href="../6_topic_user_guides/dkek_management.html"><span class="doc">Using Derived KEK on HS devices</span></a> and</li>
<li><a class="reference internal" href="../2_tisci_msgs/security/dkek_management.html"><span class="doc">Derived KEK TISCI Description</span></a> and</li>
</ol>
<table border="1" class="docutils">
<colgroup>
<col width="25%" />
<col width="23%" />
<col width="52%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>dkek_allowed_hosts</td>
<td>u8[4]</td>
<td><p class="first">Hosts allowed access to DKEK</p>
<p class="last">Set one of the entries to 128 if DKEK must accessible to all
hosts.</p>
</td>
</tr>
<tr class="row-even"><td>allow_dkek_export_tisci</td>
<td>u8</td>
<td><p class="first">Flag indicating whether DKEK can be exported via TISCI API</p>
<p class="last">Set to 0x5A if TISCI export is allowed.</p>
</td>
</tr>
<tr class="row-odd"><td>rsvd</td>
<td>u8[3]</td>
<td>Reserved field. Currently unused. Set to 0.</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0x5170</span></code>.</p>
</div>
<div class="section" id="reserved-entry">
<span id="pub-boardcfg-reserved-entry"></span><h3>Reserved Entry<a class="headerlink" href="#reserved-entry" title="Permalink to this headline">¶</a></h3>
<p>The below entry is reserved for future use.</p>
<table border="1" class="docutils">
<colgroup>
<col width="16%" />
<col width="31%" />
<col width="54%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>rsvd</td>
<td>u8[4]</td>
<td>Reserved for future use. Set to 0</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0x23BE</span></code>.</p>
</div>
<div class="section" id="secure-debug-unlock">
<span id="pub-boardcfg-secure-debug-unlock"></span><h3>Secure Debug Unlock<a class="headerlink" href="#secure-debug-unlock" title="Permalink to this headline">¶</a></h3>
<table border="1" class="docutils">
<colgroup>
<col width="25%" />
<col width="23%" />
<col width="52%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>allow_jtag_unlock</td>
<td>u8</td>
<td><p class="first">Set to 0x5A if runtime jtag unlock is allowed.</p>
<p class="last">Set to 0 otherwise.</p>
</td>
</tr>
<tr class="row-even"><td>allow_wildcard_unlock</td>
<td>u8</td>
<td><p class="first">If this field is set to 0x5A, the same debug unlock
certificate will work across all devices where it passes the
remaining checks.</p>
<p>Set to 0 otherwise to enforce UID match before jtag unlock
The X509 certificate must contain the UID of the device
being unlocked in the designated field</p>
<p class="last">NOTE: This field is dependent on the <code class="docutils literal"><span class="pre">allow_jtag_unlock</span></code>
field above. If <code class="docutils literal"><span class="pre">allow_jtag_unlock</span></code> is set to 0, this field
is not used.</p>
</td>
</tr>
<tr class="row-odd"><td>allow_debug_level_rsvd</td>
<td>u8</td>
<td><p class="first">Reserved field. Currently unused. Set to 0.</p>
<p class="last">This field can be used in the future to control the level of
debug allowed with a certificate.</p>
</td>
</tr>
<tr class="row-even"><td>rsvd</td>
<td>u8</td>
<td>Reserved field. Currently unused. Set to 0.</td>
</tr>
<tr class="row-odd"><td>min_cert_rev</td>
<td>u32</td>
<td>Minimum revision value that must be contained in the debug
unlock certificate for it to be accepted.
Use this field to enforce rollback protection for debug
unlock certificates.
Set to 0 if you do not wish to use this field.</td>
</tr>
<tr class="row-even"><td>jtag_unlock_hosts</td>
<td>u8[4]</td>
<td><p class="first">Hosts allowed send jtag unlock message via TISCI</p>
<p class="last">Set one of the entries to 128 if jtag unlock must be allowed
for all hosts.</p>
</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0x42AF</span></code>.</p>
</div>
<div class="section" id="security-handover">
<span id="pub-boardcfg-security-handover"></span><h3>Security Handover<a class="headerlink" href="#security-handover" title="Permalink to this headline">¶</a></h3>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">This section is only processed on AM64 devices.</p>
</div>
<p>Please also refer to the below documents to understand the usage of the board configuration structure.</p>
<ol class="arabic simple">
<li><a class="reference internal" href="../6_topic_user_guides/security_handover.html"><span class="doc">Performing Security Handover</span></a> and</li>
<li><a class="reference internal" href="../2_tisci_msgs/security/security_handover.html"><span class="doc">Security Handover Message Description</span></a> and</li>
</ol>
<table border="1" class="docutils">
<colgroup>
<col width="25%" />
<col width="23%" />
<col width="52%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Element</th>
<th class="head">Type</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>subhdr</td>
<td><a class="reference internal" href="BOARDCFG.html#pub-boardcfg-subhdr"><span class="std std-ref">boardcfg substructure header</span></a></td>
<td>Magic and size for integrity check</td>
</tr>
<tr class="row-odd"><td>handover_msg_sender</td>
<td>u8</td>
<td><p class="first">ID of the host who will send the security handover message</p>
<p class="last">Set to 0 if security handover is not desired
or is unsupported on the device.</p>
</td>
</tr>
<tr class="row-even"><td>handover_to_host_id</td>
<td>u8</td>
<td><p class="first">ID of the host who takes over the security functionality</p>
<p>The credentials of this host are programmed in the firewalls
protecting the security configuration registers.</p>
<p class="last">Set to 0 if security handover is not desired
or is unsupported on the device.</p>
</td>
</tr>
<tr class="row-odd"><td>rsvd</td>
<td>u8[4]</td>
<td><p class="first">Reserved field. Currently unused. Set to 0.</p>
<p class="last">Security handover currently transfers   ownership of the
SOC firewalls. These flags are intended for future use
to indicate whether ownership of additional resources must
be transferred</p>
</td>
</tr>
</tbody>
</table>
<p>The magic number to be populated in the <code class="docutils literal"><span class="pre">subhdr</span></code> is <code class="docutils literal"><span class="pre">0x608F</span></code>.</p>
</div>
</div>
</div>


           </div>
          </div>
          <footer>
  
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
      
        <a href="BOARDCFG_PM.html" class="btn btn-neutral float-right" title="Power Management Board Configuration" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
      
      
        <a href="BOARDCFG_RM.html" class="btn btn-neutral" title="Resource Management Board Configuration" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
      
    </div>
  

  <hr/>

  <div role="contentinfo">
    <p>
      <a href="http://www.ti.com/corp/docs/legal/copyright.shtml">&copy; Copyright 2016-2021</a>, Texas Instruments Incorporated. All rights reserved. <br>
      <a href="http://www.ti.com/corp/docs/legal/trademark/trademrk.htm">Trademarks</a> | <a href="http://www.ti.com/corp/docs/legal/privacy.shtml">Privacy policy</a> | <a href="http://www.ti.com/corp/docs/legal/termsofuse.shtml">Terms of use</a> | <a href="http://www.ti.com/lsds/ti/legal/termsofsale.page">Terms of sale</a>

    </p>
  </div> 

</footer>

        </div>
      </div>

    </section>

  </div>
  


  

    <script type="text/javascript">
        var DOCUMENTATION_OPTIONS = {
            URL_ROOT:'../',
            VERSION:'21.01.00',
            COLLAPSE_INDEX:false,
            FILE_SUFFIX:'.html',
            HAS_SOURCE:  true
        };
    </script>
      <script type="text/javascript" src="../_static/jquery.js"></script>
      <script type="text/javascript" src="../_static/underscore.js"></script>
      <script type="text/javascript" src="../_static/doctools.js"></script>
      <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>

    <script src="http://www.ti.com/assets/js/headerfooter/analytics.js" type="text/javascript" charset="utf-8"></script>

  

  
  
    <script type="text/javascript" src="../_static/js/theme.js"></script>
  

  
  
  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.StickyNav.enable();
        });

      var menuHeight = window.innerHeight;

      var contentOffset = $(".wy-nav-content-wrap").offset();
      var contentHeight = $(".wy-nav-content-wrap").height();
      var contentBottom = contentOffset.top + contentHeight;

      function setNavbarTop() {
          var scrollTop = $(window).scrollTop();
          var maxTop = scrollTop + menuHeight;

          // If past the header
          if (scrollTop > contentOffset.top && maxTop < contentBottom) {
            stickyTop = scrollTop - contentOffset.top;
          } else if (maxTop > contentBottom) {
            stickyTop = scrollTop - contentOffset.top - (maxTop - contentBottom);
          } else {
            stickyTop = 0;
          }

          $(".wy-nav-side").css("top", stickyTop);
      }

      $(document).ready(function() {
        setNavbarTop();
        $(window).scroll(function () {
          setNavbarTop();
        });

        $('body').on("mousewheel", function () {
            // Remove default behavior
            event.preventDefault();
            // Scroll without smoothing
            var wheelDelta = event.wheelDelta;
            var currentScrollPosition = window.pageYOffset;
            window.scrollTo(0, currentScrollPosition - wheelDelta);
        });
      });
  </script>
   

</body>
</html>