Debug authentication on RW612/RW610#
Introduction#
The fundamental principles of debugging, which require access to the system state and system information, conflict with the principles of security, which require the restriction of access to assets. Thus, many products disable debug access completely before deploying the product. To address these challenges, the chip offers a debug authentication protocol as a mechanism to authenticate the debugger (an external entity) has the credentials approved by the product manufacturer before granting debug access to the device. The debug authentication is a challenge-response scheme and assures that only the debugger in possession of the required debug credentials can successfully authenticate over the debug interface and access restricted parts of the device.
The protocol is divided into steps as described below:
The debugger initiates the Debug Mailbox message exchange by setting the CSW[RESYNCH_REQ] bit and CSW[CHIP_RESET_REQ] bit of DM-AP.
The debugger waits (minimum 30 ms) for the devices to restart and enter debug mailbox request handling loop.
The debugger sends Debug Authentication Start command (command code 10h) to the device.
The device responds back with Debug Authentication Challenge (DAC) packet based on the debug access rights preconfigured in CMPA fields, which are collectively referred as Device Credential Constraints Configuration (DCFG_CC). The response packet also contains a 32 bytes random challenge vector.
The debugger responds to the challenge with a Debug Authentication Response (DAR) message by using an appropriate debug certificate, matching the device identifier in the DAC. The DAR packet contains the debug access permission certificate, also referred as Debug Credential (DC), and a cryptographic signature binding the DC and the challenge vector provided in the DAC.
The device on receiving the DAR, validates the contents by verifying the cryptographic signature of the message using the debugger’s public key present in the embedded the Debug Credential (DC). On successful validation of DAR, the device enables access to the debug domains permitted in the DC
WARNING!#
This configuration is used only for demonstration purpose. For final security device configuration go through all configuration possibilities and define your own specific config/keys.
1. Prerequisites#
SPSDK is needed with examples extension.
pip install spsdk[examples]
(Please refer to the installation documentation.)This example uses FRDM-RW612 board. This is example board configuration without external debugger. It is also possible to use configuration with external debugger such as JLink debug probe.
Running signed MBI application (see Device preparation)
1.1 Let’s prepare the environment#
from spsdk.utils.jupyter_utils import YamlDiffWidget
# This env variable sets colored logger output to STDOUT
%env JUPYTER_SPSDK=1
# Set a magic for command execution and echo
%alias execute echo %l && %l
%alias_magic ! execute
WORKSPACE = "workspace/" # change this to path to your workspace
KEYS = "../../_data/keys/ecc256/" # change this to path to your keys
INPUTS = "inputs/"
DC_CONFIG = INPUTS + "dc_config.yaml"
SR_CONFIG = INPUTS + "sr_config.yaml"
# choose debug interface
INTERFACE = "pyocd"
# choose family
FAMILY = "rw612"
env: JUPYTER_SPSDK=1
Created `%!` as an alias for `%execute`.
2. Generate RoT + Debug auth keys#
First we need to generate Root of Trust Keys (RoTKs)/Super Root Keys (SRKs) and Debug Credential Key (DCK). Use nxpcrypto app to generate secp256r1 keys (see How-to-get-keys-using-nxpcrypto). We will need by default create 4 RoTKs and 1 DCK.
The notebook is using pre-generated keys just for that example purposes from folder _data/keys/ecc256
in root of all SPSDK examples.
3. Device preparation#
In chip MUST be loaded signed application to show capability of DAT in real application.. To achieve that we do those steps:
Go to ISP mode using nxpdebugmbox utility
Create signed MBI with matching keys used in example
Create Bootable image with generated example and FCB block
Load the created image into chip flash
# force device to ISP mode
%! nxpdebugmbox -f $FAMILY -i $INTERFACE cmd ispmode -m 1
# check if the device is connected and detected by PC
%! nxpdevscan
nxpdebugmbox -f rw612 -i pyocd cmd ispmode -m 1
# Interface Id Description
-------------------------------------------------------
0 PyOCD 1069211762 Segger J-Link MCU-Link
Entering into ISP mode succeeded
nxpdevscan
-------- Connected NXP USB Devices --------
-------- Connected NXP UART Devices --------
Port: COM119
Type: mboot device
-------- Connected NXP SIO Devices --------
-------- Connected NXP UUU Devices --------
# determine the interface connection based on the result from nxpdevscan
UART = "-p COM119"
# Create MBI
%! nxpimage mbi export -c inputs/mbi_xip_signed.yaml
# Merge MBI and FCB to bootable image
%! nxpimage bootable-image merge -c inputs/bootimg_rw61x_flexspi_nor.yaml -o workspace/bootable_image.bin
# Load it into flash
# Memory configuration
%! nxpmemcfg blhost-script -f $FAMILY -p flexspi_nor -m W25QxxxJV -i quad_spi --output workspace/script.txt --force
%! blhost $UART batch workspace/script.txt
# Erase memory
%! blhost $UART flash-erase-region 0x08000000 0x10000
# Write
%! blhost $UART write-memory 0x08000000 workspace/bootable_image.bin
nxpimage mbi export -c inputs/mbi_xip_signed.yaml
RKTH: e2cca7cf09a45d2f1942969fda1c68ecaad78fad416d143292dad2f618291ddd
Success. (Master Boot Image: workspace/mbi.bin created.)
nxpimage bootable-image merge -c inputs/bootimg_rw61x_flexspi_nor.yaml -o workspace/bootable_image.bin
Success. (Bootable Image: workspace/bootable_image.bin created)
nxpmemcfg blhost-script -f rw612 -p flexspi_nor -m W25QxxxJV -i quad_spi --output workspace/script.txt --force
Loaded option words: Opt0: 0xC0000007
Exported blhost script.
blhost -p COM119 batch workspace/script.txt
Response status = 0 (0x0) Success.
Response status = 0 (0x0) Success.
blhost -p COM119 flash-erase-region 0x08000000 0x10000
Response status = 0 (0x0) Success.
blhost -p COM119 write-memory 0x08000000 workspace/bootable_image.bin
Writing memory
Response status = 0 (0x0) Success.
Response word 1 = 22772 (0x58f4)
4. Generate debug credential file including its configuration file#
First we need to prepare the configuration file for debug credential file
export. Let’s begin by creating a template configuration file using the nxpdebugmbox dat dc get-template
command. To simplify this example, we have already prepared that configuration, which can be found in the ./inputs/dc_config.yaml file. Below, we’ll compare the differences between the template and our customized example to highlight the additions we’ve made.
Note: As is mentioned in introduction, the DC file should be created by owner of RoT credentials.
Note: Example how to get UUID for one device: Connect debug probe into the connector and read the UUID by nxpdebugmbox -f rw612 tool get-uuid
NOTICE: Specify the chip revision precisely, because there is in SOCC value!
A1: socc = 0x4
A2: socc = 0xA
# Get difference of template and user YAML configuration
YamlDiffWidget("inputs/dc_config.diffc").html
nxpdebugmbox -f rw612 dat dc get-template -o workspace/dc_config.yaml --force
The Debug Credentials template for rw612 has been saved into workspace/dc_config.yaml YAML file
Configuration Differences
# ================================= Debug Credential file template for rw612 family. =================================
# -------------------------------------------------------- Note --------------------------------------------------------
# Debug credential file has following binary structure:
# ============================================
# ============================================
# === Version ===
# ============================================
# === Soc Class ===
# ============================================
# === UUID ===
# ============================================
# === RoT Meta SHA256 of following: ===
# === RoT Key0 SHA256 ===
# === RoT Key1 SHA256 ===
# === RoT Key2 SHA256 ===
# === RoT Key3 SHA256 ===
# ============================================
# === Debugger Key DCK (Pub): ===
# === ===
# ============================================
# === CC SOCU ===
# ============================================
# === CC VU ===
# ============================================
# === CB ===
# ============================================
# === RoT Key (pub) ===
# === ===
# ============================================
# ============================================
# === Signature of all block ===
# === SHA256 of whole block => Sign(RoTK) ===
# ============================================
# ============================================
# ============================================
# Debug Credential Signature
# ============================================
# There are two ways how sign the final DC data blob.
# 1. In case that you is available private pair for rot_meta with index rot_id just use first simple style
# to use it by rotk key. As a second way to do same is use sign_provider (or signProvider - both are accepted) option
# with 'type=file'.
# 2. For case that Debug Credential files are generated in untrusted environment (without access to RoT private keys),
# there is option to use plugin (example how to create own plugin is in: ./SPSDK/examples/dat/hsm/). The plugin
# has simple interface that allows handle DC data blob into plugin with index of RoT meta public key to get back signed
# DC image.
# Those options are exclusive, so only one option could be used to sign the DC.
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# ------------------------------===== The chip family name [Conditionally required] =====-------------------------------
# Description: NXP chip family identifier.
# Possible options:
# lpc55s36, lpc55s66, lpc55s69, mcxa132, mcxa133, mcxa142, mcxa143, mcxa144, mcxa145, mcxa146, mcxa152, mcxa153,
# mcxa154, mcxa155, mcxa156, mcxn235, mcxn236, mcxn546, mcxn547, mcxn946, mcxn947, mcxw716a, mcxw716c, mimx8ulp,
# mimx9131, mimx9352, mimx9596, mimxrt1181, mimxrt1182, mimxrt1187, mimxrt1189, mimxrt533s, mimxrt555s, mimxrt595s,
# mimxrt685s, mimxrt798s, nhs52s04, rw610, rw612>
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options:
revision: latest
# ======================================================================================================================
# == Debug Credential Content ==
# ======================================================================================================================
# ------------------------------------------===== Device UUID [Required] =====------------------------------------------
# Description: 128-bit IETF RFC4122 compliant non-sequential Universally Unique Identifier (UUID)
uuid: '00000000000000000000000000000000' The template file uses zeroized UUID. To create a debug credential file for specific par run the "get-uuid" command listed below and replace to zeros at the UUID field by the UUID value returned by the command in the yaml file."
# -------------------------------------------===== SoC Usage [Required] =====-------------------------------------------
# Description: A CC (constraint) value that is a bit mask, and whose bits are used in an SoCC-specific manner. These
# bits are typically used for controlling which debug domains are accessed via the authentication protocol, but device-
# specific debug options can be managed in this way also.
cc_socu: '0x0FFF' Changed on value 0x00FFFFF0 to set everything open. For more info about this value check the documentation
# -----------------------------------------===== Vendor Usage [Required] =====------------------------------------------
# Description: A CC (constraint) value that is opaque to the debug authentication protocol itself but which can be
# leveraged by vendors in product-specific ways.
cc_vu: 0
# ---------------------------------------===== Credential Beacon [Required] =====---------------------------------------
# Description: A value that is passed through the authentication protocol, which is not interpreted by the protocol but
# is instead made visible to the application being debugged. A credential beacon is associated with a DC and is
# therefore vendor/RoT-signed. An authentication beacon is provided and signed by the debugger during the authentication
# process.
cc_beacon: 0 We keep the cc beacon on value zero, it's enough for example purposes
# -----------------------------------------===== RoT meta-data [Required] =====-----------------------------------------
# Description: The RoT meta-data required by the device to corroborate; the ROTID sent in the DAC, the field in this DC,
# and any additional RoT state that is not stored within the device. This allows different RoT identification,
# management and revocation solutions to be handled.
rot_meta: Updated Root Of Trust public keys to used in our example
- ./rotk0.pub
- ./rotk1.pub
- ./rotk2.pub
- ./rotk3.pub
- ../../_data/keys/ecc256/srk0_ecc256.pub
- ../../_data/keys/ecc256/srk1_ecc256.pub
- ../../_data/keys/ecc256/srk2_ecc256.pub
- ../../_data/keys/ecc256/srk3_ecc256.pub
# ----------------------------------------===== RoT Identifier [Required] =====-----------------------------------------
# Description: RoTID allows the debugger to infer which RoT public key(s) are acceptable to the device. If the debugger
# cannot or does not provide such a credential, the authentication process will fail.
rot_id: 0 We keep it same because in our example the private key to sign whole DC file has been chooses with index 0
# -------------------------------------===== Debug Credential Key [Required] =====--------------------------------------
# Description: A user-owned key pair. The public part of the key is associated with a DC, the private part is held by
# the user and used to produce signatures during authentication.
dck: dck.pub Updated Debug Credential public key to used in our example
dck: ../../_data/keys/ecc256/dck_ecc256.pub
# ----------------------------===== RoT signature private key [Conditionally required] =====----------------------------
# Description: Private key for the RoT meta chosen by rot_id to sign the image.
rotk: ../../_data/keys/ecc256/srk0_ecc256.pem
rotk: rotk0.pem Add path to private key file for signing used in our example
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=;key_number= '.
sign_provider: type=sasp;key_number=0 This is removed, because we are using private key in this example
# Copyright 2024 NXP
#
# SPDX-License-Identifier: BSD-3-Clause
# ================================== Debug Credential file Configuration for rw612 ===================================
# -------------------------------------------------------- Note --------------------------------------------------------
# Debug credential file has following binary structure:
# ============================================
# ============================================
# === Version ===
# ============================================
# === Soc Class ===
# ============================================
# === UUID ===
# ============================================
# === RoT Meta SHA256 of following: ===
# === RoT Key0 SHA256 ===
# === RoT Key1 SHA256 ===
# === RoT Key2 SHA256 ===
# === RoT Key3 SHA256 ===
# ============================================
# === Debugger Key DCK (Pub): ===
# === ===
# ============================================
# === CC SOCU ===
# ============================================
# === CC VU ===
# ============================================
# === CB ===
# ============================================
# === RoT Key (pub) ===
# === ===
# ============================================
# ============================================
# === Signature of all block ===
# === SHA256 of whole block => Sign(RoTK) ===
# ============================================
# ============================================
# ============================================
# Debug Credential Signature
# ============================================
# There are two ways how sign the final DC data blob.
# 1. In case that you is available private pair for rot_meta with index rot_id just use first simple style
# to use it by rotk key. As a second way to do same is use sign_provider (or signProvider - both are accepted) option
# with 'type=file'.
# 2. For case that Debug Credential files are generated in untrusted environment (without access to RoT private keys),
# there is option to use plugin (example how to create own plugin is in: ./SPSDK/examples/dat/hsm/). The plugin
# has simple interface that allows handle DC data blob into plugin with index of RoT meta public key to get back signed
# DC image.
# Those options are exclusive, so only one option could be used to sign the DC.
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# ------------------------------===== The chip family name [Conditionally required] =====-------------------------------
# Description: NXP chip family identifier.
# Possible options:
# lpc55s36, lpc55s66, lpc55s69, mcxa132, mcxa133, mcxa142, mcxa143, mcxa144, mcxa145, mcxa146, mcxa152, mcxa153,
# mcxa154, mcxa155, mcxa156, mcxn235, mcxn236, mcxn546, mcxn547, mcxn946, mcxn947, mcxw716a, mcxw716c, mimx8ulp,
# mimx9131, mimx9352, mimx9596, mimxrt1181, mimxrt1182, mimxrt1187, mimxrt1189, mimxrt533s, mimxrt555s, mimxrt595s,
# mimxrt685s, mimxrt798s, nhs52s04, rw610, rw612>
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options:
revision: latest
# ======================================================================================================================
# == Debug Credential Content ==
# ======================================================================================================================
# ------------------------------------------===== Device UUID [Required] =====------------------------------------------
# Description: 128-bit IETF RFC4122 compliant non-sequential Universally Unique Identifier (UUID)
uuid: '00000000000000000000000000000000' The template file uses zeroized UUID. To create a debug credential file for specific par run the "get-uuid" command listed below and replace to zeros at the UUID field by the UUID value returned by the command in the yaml file."
# -------------------------------------------===== SoC Usage [Required] =====-------------------------------------------
# Description: A CC (constraint) value that is a bit mask, and whose bits are used in an SoCC-specific manner. These
# bits are typically used for controlling which debug domains are accessed via the authentication protocol, but device-
# specific debug options can be managed in this way also.
cc_socu: '0x0FFF' Changed on value 0x00FFFFF0 to set everything open. For more info about this value check the documentation
# -----------------------------------------===== Vendor Usage [Required] =====------------------------------------------
# Description: A CC (constraint) value that is opaque to the debug authentication protocol itself but which can be
# leveraged by vendors in product-specific ways.
cc_vu: 0
# ---------------------------------------===== Credential Beacon [Required] =====---------------------------------------
# Description: A value that is passed through the authentication protocol, which is not interpreted by the protocol but
# is instead made visible to the application being debugged. A credential beacon is associated with a DC and is
# therefore vendor/RoT-signed. An authentication beacon is provided and signed by the debugger during the authentication
# process.
cc_beacon: 0 We keep the cc beacon on value zero, it's enough for example purposes
# -----------------------------------------===== RoT meta-data [Required] =====-----------------------------------------
# Description: The RoT meta-data required by the device to corroborate; the ROTID sent in the DAC, the field in this DC,
# and any additional RoT state that is not stored within the device. This allows different RoT identification,
# management and revocation solutions to be handled.
rot_meta: Updated Root Of Trust public keys to used in our example
- ../../_data/keys/ecc256/srk0_ecc256.pub
- ../../_data/keys/ecc256/srk1_ecc256.pub
- ../../_data/keys/ecc256/srk2_ecc256.pub
- ../../_data/keys/ecc256/srk3_ecc256.pub
# ----------------------------------------===== RoT Identifier [Required] =====-----------------------------------------
# Description: RoTID allows the debugger to infer which RoT public key(s) are acceptable to the device. If the debugger
# cannot or does not provide such a credential, the authentication process will fail.
rot_id: 0 We keep it same because in our example the private key to sign whole DC file has been chooses with index 0
# -------------------------------------===== Debug Credential Key [Required] =====--------------------------------------
# Description: A user-owned key pair. The public part of the key is associated with a DC, the private part is held by
# the user and used to produce signatures during authentication.
dck: ../../_data/keys/ecc256/dck_ecc256.pub Updated Debug Credential public key to used in our example
# ----------------------------===== RoT signature private key [Conditionally required] =====----------------------------
# Description: Private key for the RoT meta chosen by rot_id to sign the image.
rotk: ../../_data/keys/ecc256/srk0_ecc256.pem Add path to private key file for signing used in our example
Now we generate dc file based on yaml configuration.
DC_FILE_PATH = WORKSPACE + "debug_auth.dc"
%! nxpdebugmbox -f $FAMILY dat dc export -c $DC_CONFIG -o $DC_FILE_PATH --force
nxpdebugmbox -f rw612 dat dc export -c inputs/dc_config.yaml -o workspace/debug_auth.dc --force
RKTH: e2cca7cf09a45d2f1942969fda1c68ecaad78fad416d143292dad2f618291ddd
Creating Debug credential file succeeded
5. Shadow registers configuration#
The following is an introduction to one of the variants of the shadow register configuration for DAT. The illustrative use case that is presented is based on disabling the debug access control registers.
The debug access control rights and security policies are configurable.
The configuration fields are referred to as device configuration for credential constraints (DCFG_CC).
Life Cycle (LC) state in shadow registers to be configured should be either Develop2 (0x0707) or In-Field (0x0F0F).
The RKTH value must be specified.
At the end of this chapter there is test of access to chip memory, that should ends without guaranteed access, because chip is running signed application and debug access is disabled.
# Get difference of template and user YAML configuration
YamlDiffWidget("inputs/sr_config.diffc").html
shadowregs -f rw612 get-template -o workspace/sr_config.yaml --force
The Shadow registers template for rw612 has been saved into workspace/sr_config.yaml YAML file
Configuration Differences
# ====================================== Shadow register configuration template ======================================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Optional] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options:
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options:
revision: latest
# -----------------------------------===== Shadow registers Settings [Required] =====-----------------------------------
registers:
# ------------------------------------------===== LOCK_CFG0 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A000, Width: 16b; Lock configuration fuse word 0.
LOCK_CFG0:
# ---------------------------------------===== BOOT_CFG_LOCK [Optional] =====---------------------------------------
# Description: Offset: 0b, Width: 3b, When set, BOOT_CFG_LOCK[2:0] bits controls read/write/override protection to
# BOOT_CFG 0-6 fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
BOOT_CFG_LOCK: Unlocked
# -------------------------------------===== SEC_BOOT_CFG_LOCK [Optional] =====-------------------------------------
# Description: Offset: 3b, Width: 3b, When set, SEC_BOOT_CFG_LOCK[2:0] bits controls read/write/override protection
# to SEC_BOOT_CFG 0-8 fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
SEC_BOOT_CFG_LOCK: Unlocked
# -----------------------------------===== DCFG_CC_SOCU_NS_LOCK [Optional] =====------------------------------------
# Description: Offset: 9b, Width: 3b, When set, DCFG_CC_SOCU_NS_LOCK[2:0] bits controls read/write/override
# protection to DCFG_CC_SOCU_NS fuse word.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
DCFG_CC_SOCU_NS_LOCK: Unlocked
# ---------------------------------------===== LOCK_CFG_LOCK [Optional] =====---------------------------------------
# Description: Offset: 12b, Width: 3b, When set, LOCK_CFG_LOCK[2:0] bits controls read/write/override protection to
# LOCK_CFG 0-2 fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
LOCK_CFG_LOCK: Unlocked
# ------------------------------------------===== LOCK_CFG1 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A004, Width: 16b; Lock configuration fuse word 1.
LOCK_CFG1:
# ---------------------------------------===== CUST_KEY_LOCK [Optional] =====---------------------------------------
# Description: Offset: 0b, Width: 3b, When set, CUST_KEY_LOCK[2:0] bits controls read/write/override protection to
# CUST_SK_MK and RKTH fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
CUST_KEY_LOCK: Unlocked
# -------------------------------------===== DCFG_CC_SOCU_LOCK [Optional] =====-------------------------------------
# Description: Offset: 6b, Width: 3b, When set, DCFG_CC_SOCU_LOCK[2:0] bits controls read/write/override protection
# to DCFG_CC_SOCU and DCFG_CC_SOCU_AP fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
DCFG_CC_SOCU_LOCK: Unlocked
# --------------------------------------===== LIFECYCLE_LOCK [Optional] =====---------------------------------------
# Description: Offset: 9b, Width: 3b, When set, LIFECYCLE_LOCK[2:0] bits controls read/write/override protection to
# LIFE_CYCLE_STATE fuse word.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
LIFECYCLE_LOCK: Unlocked
# ----------------------------------------===== CRC_HI_LOCK [Optional] =====----------------------------------------
# Description: Offset: 12b, Width: 3b, When set, CRC_HI_LOCK[2:0] bits controls read/write/override protection to
# CRC 4-7 fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
CRC_HI_LOCK: Unlocked
# ------------------------------------------===== LOCK_CFG2 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A008, Width: 16b; Lock configuration fuse word 2.
LOCK_CFG2:
# ----------------------------------------===== CRC_LO_LOCK [Optional] =====----------------------------------------
# Description: Offset: 9b, Width: 3b, When set, CRC_LO_LOCK[2:0] bits controls read/write/override protection to CRC
# 0-3 fuse words.
# - Unlocked, (0): Unlocked
# - WR_LOCK, (1): Write Lock
# - OP_LOCK, (2): Operational Lock
# - OP+WP_LOCK, (3): OP and WP_LOCK
# - RD_LOCK, (4): Read Lock
# - RP+WP_LOCK, (5): RP and WP_LOCK
# - RP+OP_LOCK, (6): RP and OP_LOCK
# - All locks, (7): All locks
# Possible options:
CRC_LO_LOCK: Unlocked
# ------------------------------------------===== BOOT_CFG0 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A03C, Width: 32b; Boot configuration fuse word 0.
BOOT_CFG0:
# ------------------------------------===== PRIMARY_BOOT_SOURCE [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 4b, Primary boot source. (a.k.a. Master boot source)
# - ISP_PIN_BOOT, (0): ISP pins will determine boot source.
# - FLEXSPI_BOOT, (1): Boot from FlexSPI flash device using FlexSPI interface pins.
# - SDIO_BOOT, (3): Boot from SDIO (Serial) port.
# - SPI_BOOT, (4): Boot using SPI slave interface using master boot mode.
# - I2C_BOOT, (5): I2C boot mode.
# - UART_BOOT, (6): Boot using UART interface using master boot mode.
# - Reserved, (7): Reserved.
# - USBHID_BOOT, (8): USB-HID boot mode.
# - ISP_MODE, (9): Always enter ISP mode. DEFAULT_ISP_MODE field will determine the ISP interface.
# - Test_MODE, (10): Reserved
# - QSPI_FALLBACK_SPINOR_BOOT, (12): Boot from Octal/Quad SPI flash device using FlexSPI channel A interface pins.
# If image is not found check recovery boot using SPI flash device through FlexComm.
# Possible options:
# ISP_MODE, Test_MODE, QSPI_FALLBACK_SPINOR_BOOT>
PRIMARY_BOOT_SOURCE: ISP_PIN_BOOT The primary source is updated to select the FlexSPI as primary boot device
PRIMARY_BOOT_SOURCE: FLEXSPI_BOOT
# -------------------------------------===== DEFAULT_ISP_MODE [Optional] =====--------------------------------------
# Description: Offset: 4b, Width: 3b, ISP boot mode
# - AUTO_ISP, (0): Auto detect ISP mode. The RW61x probes active peripheral from one of the below serial interfaces
# and download image from the probed peripherals: UART, I2C, SPI, USB-HID.
# - USB_HID_ISP, (1): The USB HID class is used to download the image of the USB0 port.
# - UART_ISP, (2): Support ISP command interface on UART port only.
# - SPI_ISP, (3): Support ISP command interface on SPI port only.
# - I2C_ISP, (4): Support ISP command interface on I2C port only.
# - DISABLE_ISP, (7): Disable ISP fall through when proper image is not found on primary boot device.
# Possible options:
DEFAULT_ISP_MODE: AUTO_ISP
# --------------------------------------===== BOOT_CLK_SPEED [Optional] =====---------------------------------------
# Description: Offset: 7b, Width: 1b, Defines clock speeds during boot.
BOOT_CLK_SPEED: 0
# --------------------------------------===== STOP_ON_FAILURE [Optional] =====--------------------------------------
# Description: Offset: 10b, Width: 1b, If set, then enables GPIO Port and PIN information upon failure.
STOP_ON_FAILURE: 0
# --------------------------------------===== TZM_IMAGE_TYPE [Optional] =====---------------------------------------
# Description: Offset: 12b, Width: 2b, TrustZone-M mode
# - IGNORED, (0): Ignored
# - ENFORCE_PRESET_VALUE, (1): Enforce preset TZM data in image manifest.
# - ENFORCE_PRESET_VALUE, (2): Enforce preset TZM data in image manifest.
# - ENFORCE_PRESET_VALUE, (3): Enforce preset TZM data in image manifest.
# Possible options:
TZM_IMAGE_TYPE: IGNORED
# ------------------------------------===== REDUNDANT_SPI_PORT [Optional] =====-------------------------------------
# Description: Offset: 16b, Width: 3b, FlexComm port to use for redundant SPI flash boot.
# - FC0, (0): Use FlexCom0 pins P0_0 (SCK), P0_1 (MISO), P0_2 (MOSI), P0_3 (SEL).
# - FC1, (1): Use FlexCom1 pins P0_7 (SCK), P0_8 (MISO), P0_9 (MOSI), P0_10 (SEL).
# - FC2, (2): Use FlexCom2 pins P0_14 (SCK), P0_15 (MISO), P0_16 (MOSI), P0_17 (SEL).
# - FC3, (3): Use FlexCom3 pins P0_21 (SCK), P0_22 (MISO), P0_23 (MOSI), P0_24 (SEL).
# - FC4, (4): Use FlexCom4 pins P0_28 (SCK), P0_29 (MISO), P0_30 (MOSI), P0_31 (SEL).
# - FC5, (5): Use FlexCom5 pins P1_3 (SCK), P1_4 (MISO), P1_5 (MOSI), P1_6 (SEL).
# - FC6, (6): Use FlexCom6 pins P3_25 (SCK), P3_26 (MISO), P3_27 (MOSI), P3_28 (SEL).
# - FC7, (7): Use FlexCom7 pins P4_0 (SCK), P4_1 (MISO), P4_2 (MOSI), P4_3 (SEL).
# Possible options:
REDUNDANT_SPI_PORT: FC0
# --------------------------------------===== SECURE_BOOT_EN [Optional] =====---------------------------------------
# Description: Offset: 19b, Width: 2b, Secure boot enable config
# - DISABLED, (0): Allow non-secure images with and without CRC. Used during development.
# - DISABLED, (1): RFU
# - ENABLED, (2): Secure boot is enabled. Do complete ECDSA checking of signed images. (ECDSA signed)
# - ENABLED, (3): Secure boot is enabled. Do complete ECDSA checking of signed images. (ECDSA signed)
# Possible options:
SECURE_BOOT_EN: DISABLED Secure boot is changed to enable Debug authentication protocol functionality and also show that functionality on real example
SECURE_BOOT_EN: ENABLED
# ---------------------------------------===== DICE_INC_OTP [Optional] =====----------------------------------------
# Description: Offset: 22b, Width: 1b, Include OTP fuse area in DICE computation
# - NOT_INCLUDED, (0): Not included
# - INCLUDED, (1): Included
# Possible options:
DICE_INC_OTP: NOT_INCLUDED
# -----------------------------------------===== DICE_SKIP [Optional] =====-----------------------------------------
# Description: Offset: 23b, Width: 1b, Skip DICE computation
# - NO_SKIP, (0): Enable DICE
# - SKIP, (1): Disable DICE
# Possible options:
DICE_SKIP: NO_SKIP DICE is skipped to be sure that it doesn't influence that DAT example
DICE_SKIP: SKIP
# --------------------------------------===== BOOT_FAIL_PORT [Optional] =====---------------------------------------
# Description: Offset: 24b, Width: 3b, GPIO port number to use for indicating boot failure. Defines GPIO port
# number.
BOOT_FAIL_PORT: 0
# ---------------------------------------===== BOOT_FAIL_PIN [Optional] =====---------------------------------------
# Description: Offset: 27b, Width: 5b, Defines GPIO pin number.
# Note: Please note GPIO[22:27] can not be used as BOOT_FAIL pins.
BOOT_FAIL_PIN: 0
# ------------------------------------------===== BOOT_CFG1 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A040, Width: 32b; Boot configuration word specifying FlexSPI flash devices settings.
BOOT_CFG1:
# -----------------------------------===== FLEXSPI_AUTO_PROBE_EN [Optional] =====-----------------------------------
# Description: Offset: 0b, Width: 1b, Flash auto probe feature enable. Auto probing is enabled if the bit is 1.
# - FLASH_AUTO_PROBE, (0): The Boot ROM looks for a FCB on the flash. Boot ROM reads a 512 byte FCB into on-chip
# SRAM and configures the FlexSPI controller accordingly.
# - FCB_FROM_FLASH, (1): The Boot ROM will perform flash auto probe sequence using parameters from OTP fuse values
# for FLEXSPI_PROBE_TYPE, FLEXSPI_FLASH_TYPE, FLEXSPI_DUMMY_CYCLES, FLEXSPI_FREQUENCY.
# Possible options:
FLEXSPI_AUTO_PROBE_EN: FLASH_AUTO_PROBE
# ------------------------------------===== FLEXSPI_PROBE_TYPE [Optional] =====-------------------------------------
# Description: Offset: 1b, Width: 3b, Flash probe type
# - QSPI_NOR, (0): QuadSPI NOR
# Possible options:
FLEXSPI_PROBE_TYPE: QSPI_NOR
# ------------------------------------===== FLEXSPI_FLASH_TYPE [Optional] =====-------------------------------------
# Description: Offset: 4b, Width: 3b, Flash type. This field affects the default configuration of the Boot ROM Flash
# driver (before any input from flash itself is available).
# - FLEXSPI_SDR_3B, (0): Device supports SDR and uses 3 byte addresses for read. In case of autoprobing, when
# generating an FCB from the SFDP information, commands for SRD operation are generated. In case of configuration
# from FCB, for reading of flash memory, command 0x03 is used.
# - FLEXSPI_DDR_4B, (1): Device supports DDR and uses 4 byte addresses for read. In case of autoprobing, when
# generating an FCB from the SFDP information, the command set for DDR operation is used. In case of configuration
# from FCB, for reading of flash memory, command 0x13 is used.
# Possible options:
FLEXSPI_FLASH_TYPE: FLEXSPI_SDR_3B
# -----------------------------------===== FLEXSPI_DUMMY_CYCLES [Optional] =====------------------------------------
# Description: Offset: 7b, Width: 4b, Dummy cycles for read command.
# - AUTO_PROB, (0): The dummy cycles are probed automatically.
# - 1, (1): The number of dummy cycles is 1.
# - 2, (2): The number of dummy cycles is 2.
# - 3, (3): The number of dummy cycles is 3.
# - 4, (4): The number of dummy cycles is 4.
# - 5, (5): The number of dummy cycles is 5.
# - 6, (6): The number of dummy cycles is 6.
# - 7, (7): The number of dummy cycles is 7.
# - 8, (8): The number of dummy cycles is 8.
# - 9, (9): The number of dummy cycles is 9.
# - 10, (10): The number of dummy cycles is 10.
# - 11, (11): The number of dummy cycles is 11.
# - 12, (12): The number of dummy cycles is 12.
# - 13, (13): The number of dummy cycles is 13.
# - 14, (14): The number of dummy cycles is 14.
# - 15, (15): The number of dummy cycles is 15.
# Possible options:
FLEXSPI_DUMMY_CYCLES: AUTO_PROB
# -------------------------------------===== FLEXSPI_FREQUENCY [Optional] =====-------------------------------------
# Description: Offset: 11b, Width: 3b, Flash SPI clock frequency to use for auto probing.
# - FLEXSPI_100MHZ, (0): Use a clock frequency of 100 MHz.
# - FLEXSPI_120MHZ, (1): Use a clock frequency of 120 MHz.
# - FLEXSPI_133MHZ, (2): Use a clock frequency of 133 MHz.
# - FLEXSPI_166MHZ, (3): Use a clock frequency of 166 MHz.
# - FLEXSPI_200MHZ, (4): Use a clock frequency of 200 MHz.
# - FLEXSPI_80MHZ, (5): Use a clock frequency of 80 MHz.
# - FLEXSPI_60MHZ, (6): Use a clock frequency of 60 MHz.
# - FLEXSPI_50MHZ, (7): Use a clock frequency of 50 MHz.
# Possible options:
# FLEXSPI_60MHZ, FLEXSPI_50MHZ>
FLEXSPI_FREQUENCY: FLEXSPI_100MHZ
# --------------------------------------===== FLEXSPI_RST_SEQ [Optional] =====--------------------------------------
# Description: Offset: 14b, Width: 2b, Select the flash reset sequence to use for regular boot.
# - NO_RESET_PERFORMED, (0): Don't perform any reset.
# - JEDEC_RESET, (1): The Boot ROM performs a reset sequence according to the JEDEC specification.
# - RESET_COMMAND, (2): The Boot ROM sends commands for resetting the flash. The sequence is fixed command byte 0x66
# (enable reset) followed by command byte 0x99 (reset device) using SPI (single wire).
# - WAKEUP_COMMAND, (3): The Boot ROM sends a wakeup command to the flash. The sequence is fixed command byte 0xAB
# using SPI (single wire). As the wakeup command is using SPI, it has to be ensured that the flash is in a mode
# where it can accept SPI commands before the system is put to low-power mode.
# Possible options:
FLEXSPI_RST_SEQ: NO_RESET_PERFORMED
# -----------------------------------===== FLEXSPI_RST_HOLD_TIME [Optional] =====-----------------------------------
# Description: Offset: 16b, Width: 4b, Set the time to wait after reset sequence for regular boot.
# - NO_DELAY, (0): No additional delay.
# - 100US_DELAY, (1): Wait for 100 us.
# - 500US_DELAY, (2): Wait for 500 us.
# - 1MS_DELAY, (3): Wait for 1 ms.
# - 10MS_DELAY, (4): Wait for 10 ms.
# - 20MS_DELAY, (5): Wait for 20 ms.
# - 40MS_DELAY, (6): Wait for 40 ms.
# - 60MS_DELAY, (7): Wait for 60 ms.
# - 80MS_DELAY, (8): Wait for 80 ms.
# - 100MS_DELAY, (9): Wait for 100 ms.
# - 120MS_DELAY, (10): Wait for 120 ms.
# - 140MS_DELAY, (11): Wait for 140 ms.
# - 160MS_DELAY, (12): Wait for 160 ms.
# - 180MS_DELAY, (13): Wait for 180 ms.
# - 200MS_DELAY, (14): Wait for 200 ms.
# - 220MS_DELAY, (15): Wait for 220 ms.
# Possible options:
# 80MS_DELAY, 100MS_DELAY, 120MS_DELAY, 140MS_DELAY, 160MS_DELAY, 180MS_DELAY, 200MS_DELAY, 220MS_DELAY>
FLEXSPI_RST_HOLD_TIME: NO_DELAY
# --------------------------------------===== FLEXSPI_WUP_SEQ [Optional] =====--------------------------------------
# Description: Offset: 20b, Width: 2b, Select the flash reset sequence to use for boot from low power mode.
# - NO_RESET_PERFORMED, (0): Don't perform any reset.
# - JEDEC_RESET, (1): The Boot ROM performs a reset sequence according to the JEDEC specification.
# - RESET_COMMAND, (2): The Boot ROM sends commands for resetting the flash. The sequence is fixed command byte 0x66
# (enable reset) followed by command byte 0x99 (reset device) using SPI (single wire).
# - WAKEUP_COMMAND, (3): The Boot ROM sends a wakeup command to the flash. The sequence is fixed command byte 0xAB
# using SPI (single wire). As the wakeup command is using SPI, it has to be ensured that the flash is in a mode
# where it can accept SPI commands before the system is put to low-power mode.
# Possible options:
FLEXSPI_WUP_SEQ: NO_RESET_PERFORMED
# -----------------------------------===== FLEXSPI_WUP_HOLD_TIME [Optional] =====-----------------------------------
# Description: Offset: 22b, Width: 4b, Set the time to wait after reset sequence for boot from low power mode.
# - NO_DELAY, (0): No additional delay.
# - 100US_DELAY, (1): Wait for 100 us.
# - 500US_DELAY, (2): Wait for 500 us.
# - 1MS_DELAY, (3): Wait for 1 ms.
# - 10MS_DELAY, (4): Wait for 10 ms.
# - 20MS_DELAY, (5): Wait for 20 ms.
# - 40MS_DELAY, (6): Wait for 40 ms.
# - 60MS_DELAY, (7): Wait for 60 ms.
# - 80MS_DELAY, (8): Wait for 80 ms.
# - 100MS_DELAY, (9): Wait for 100 ms.
# - 120MS_DELAY, (10): Wait for 120 ms.
# - 140MS_DELAY, (11): Wait for 140 ms.
# - 160MS_DELAY, (12): Wait for 160 ms.
# - 180MS_DELAY, (13): Wait for 180 ms.
# - 200MS_DELAY, (14): Wait for 200 ms.
# - 220MS_DELAY, (15): Wait for 220 ms.
# Possible options:
# 80MS_DELAY, 100MS_DELAY, 120MS_DELAY, 140MS_DELAY, 160MS_DELAY, 180MS_DELAY, 200MS_DELAY, 220MS_DELAY>
FLEXSPI_WUP_HOLD_TIME: NO_DELAY
# -------------------------------------===== FLEXSPI_HOLD_TIME [Optional] =====-------------------------------------
# Description: Offset: 26b, Width: 2b, Wait time before access to Serial Flash.
# - NO_DELAY, (0): No additional delay
# - 500US_DELAY, (1): Wait for 500 us.
# - 3MS_DELAY, (2): Wait for 3 ms.
# - 10MS_DELAY, (3): Wait for 10 ms.
# Possible options:
FLEXSPI_HOLD_TIME: NO_DELAY
# -----------------------------------===== FLEXSPI_PWR_HOLD_TIME [Optional] =====-----------------------------------
# Description: Offset: 28b, Width: 4b, Delay after POR before accessing Quad/Octal-SPI flash devices in addition to
# delay defined by QSPI_HOLD TIME field.
# - NO_DELAY, (0): No additional delay.
# - 100US_DELAY, (1): Wait for 100 us.
# - 500US_DELAY, (2): Wait for 500 us.
# - 1MS_DELAY, (3): Wait for 1 ms.
# - 10MS_DELAY, (4): Wait for 10 ms.
# - 20MS_DELAY, (5): Wait for 20 ms.
# - 40MS_DELAY, (6): Wait for 40 ms.
# - 60MS_DELAY, (7): Wait for 60 ms.
# - 80MS_DELAY, (8): Wait for 80 ms.
# - 100MS_DELAY, (9): Wait for 100 ms.
# - 120MS_DELAY, (10): Wait for 120 ms.
# - 140MS_DELAY, (11): Wait for 140 ms.
# - 160MS_DELAY, (12): Wait for 160 ms.
# - 180MS_DELAY, (13): Wait for 180 ms.
# - 200MS_DELAY, (14): Wait for 200 ms.
# - 220MS_DELAY, (15): Wait for 220 ms.
# Possible options:
# 80MS_DELAY, 100MS_DELAY, 120MS_DELAY, 140MS_DELAY, 160MS_DELAY, 180MS_DELAY, 200MS_DELAY, 220MS_DELAY>
FLEXSPI_PWR_HOLD_TIME: NO_DELAY
# ------------------------------------------===== BOOT_CFG2 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A044, Width: 32b; Boot configuration word specifying settings for FlexSPI image.
BOOT_CFG2:
# ------------------------------------===== FLEXSPI_IMAGE_SIZE [Optional] =====-------------------------------------
# Description: Offset: 0b, Width: 4b, The size of the flash memory to use for a boot image.
# - SIZE_OFFSET, (0): The size of the boot image is considered to be equal to the offset of the second image.
# - SIZE_1MB, (1): Size of remapped area is 1MByte.
# - SIZE_2MB, (2): Size of remapped area is 2MByte.
# - SIZE_3MB, (3): Size of remapped area is 3MByte.
# - SIZE_4MB, (4): Size of remapped area is 4MByte.
# - SIZE_5MB, (5): Size of remapped area is 5MByte.
# - SIZE_6MB, (6): Size of remapped area is 6MByte.
# - SIZE_7MB, (7): Size of remapped area is 7MByte.
# - SIZE_8MB, (8): Size of remapped area is 8MByte.
# - SIZE_9MB, (9): Size of remapped area is 9MByte.
# - SIZE_10MB, (10): Size of remapped area is 10MByte.
# - SIZE_11MB, (11): Size of remapped area is 11MByte.
# - SIZE_12MB, (12): Size of remapped area is 12MByte.
# - SIZE_256KB, (13): Size of remapped area is 256KByte.
# - SIZE_512KB, (14): Size of remapped area is 512KByte.
# - SIZE_768KB, (15): Size of remapped area is 768KByte.
# Possible options:
# SIZE_9MB, SIZE_10MB, SIZE_11MB, SIZE_12MB, SIZE_256KB, SIZE_512KB, SIZE_768KB>
FLEXSPI_IMAGE_SIZE: SIZE_OFFSET
# ----------------------------------===== FLEXSPI_DELAY_CELL_NUM [Optional] =====-----------------------------------
# Description: Offset: 4b, Width: 7b, Delay cell numbers for flash read sampling via DQS (either internal loopback
# or external DQS).
# delay = 1600ps, if value = 0
# delay = value * 100ps
FLEXSPI_DELAY_CELL_NUM: 0
# -----------------------------------===== FLEXSPI_IMAGE_OFFSET [Optional] =====------------------------------------
# Description: Offset: 11b, Width: 10b, The offset in flash memory where the second boot image starts. The offset to
# the second image is X * 256 KB.
FLEXSPI_IMAGE_OFFSET: 0
# ------------------------------------------===== BOOT_CFG3 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A048, Width: 32b; Boot configuration fuse word 3.
BOOT_CFG3:
# ----------------------------------------===== ROTK0_USAGE [Optional] =====----------------------------------------
# Description: Offset: 0b, Width: 3b, RoT key 0 usage properties.
# - All_usage_key, (0): Usable as debug CA, image CA, FW CA, image and FW key.
# - DebugCA, (1): Usable as debug CA only.
# - ImageCA_FwCA, (2): Usable as image (boot and FW) CA only.
# - DebugCA_ImageCA_FwCA, (3): Usable as debug, boot and FW image CA.
# - ImageKey_FwKey, (4): Usable as image key and FW update key only.
# - ImageKey, (5): Usable as boot image key only.
# - FwKey, (6): Usable as FW update image key only.
# - Unused, (7): Key slot is not used.
# Possible options:
# Unused>
ROTK0_USAGE: All_usage_key
# ----------------------------------------===== ROTK1_USAGE [Optional] =====----------------------------------------
# Description: Offset: 3b, Width: 3b, RoT key 1 usage properties.
# - All_usage_key, (0): Usable as debug CA, image CA, FW CA, image and FW key.
# - DebugCA, (1): Usable as debug CA only.
# - ImageCA_FwCA, (2): Usable as image (boot and FW) CA only.
# - DebugCA_ImageCA_FwCA, (3): Usable as debug, boot and FW image CA.
# - ImageKey_FwKey, (4): Usable as image key and FW update key only.
# - ImageKey, (5): Usable as boot image key only.
# - FwKey, (6): Usable as FW update image key only.
# - Unused, (7): Key slot is not used.
# Possible options:
# Unused>
ROTK1_USAGE: All_usage_key
# ----------------------------------------===== ROTK2_USAGE [Optional] =====----------------------------------------
# Description: Offset: 6b, Width: 3b, RoT key 2 usage properties.
# - All_usage_key, (0): Usable as debug CA, image CA, FW CA, image and FW key.
# - DebugCA, (1): Usable as debug CA only.
# - ImageCA_FwCA, (2): Usable as image (boot and FW) CA only.
# - DebugCA_ImageCA_FwCA, (3): Usable as debug, boot and FW image CA.
# - ImageKey_FwKey, (4): Usable as image key and FW update key only.
# - ImageKey, (5): Usable as boot image key only.
# - FwKey, (6): Usable as FW update image key only.
# - Unused, (7): Key slot is not used.
# Possible options:
# Unused>
ROTK2_USAGE: All_usage_key
# ----------------------------------------===== ROTK3_USAGE [Optional] =====----------------------------------------
# Description: Offset: 9b, Width: 3b, RoT key 3 usage properties.
# - All_usage_key, (0): Usable as debug CA, image CA, FW CA, image and FW key.
# - DebugCA, (1): Usable as debug CA only.
# - ImageCA_FwCA, (2): Usable as image (boot and FW) CA only.
# - DebugCA_ImageCA_FwCA, (3): Usable as debug, boot and FW image CA.
# - ImageKey_FwKey, (4): Usable as image key and FW update key only.
# - ImageKey, (5): Usable as boot image key only.
# - FwKey, (6): Usable as FW update image key only.
# - Unused, (7): Key slot is not used.
# Possible options:
# Unused>
ROTK3_USAGE: All_usage_key
# -----------------------------------------===== ENF_CNSA [Optional] =====------------------------------------------
# Description: Offset: 12b, Width: 2b, Enforce CNSA (Commercial National Security Algorithm) suite keys.
# - P-256_KEY, (0): ECC P-256 keys.
# - P-384_KEY, (1): ECC P-384 keys.
# - P-384_KEY, (2): ECC P-384 keys.
# - P-384_KEY, (3): ECC P-384 keys.
# Possible options:
ENF_CNSA: P-256_KEY
# -------------------------------------===== ENABLE_CRC_CHECK [Optional] =====--------------------------------------
# Description: Offset: 14b, Width: 2b, Enable CRC checks over OTP words.
# CRC1 = CRC over OTP fuses from 15 - 21
# CRC2 = CRC over OTP fuses from 00 - 02
# CRC6 = CRC over OTP fuses from 92 - 115
# - DISABLE, (0): Disable CRC check over OTPs.
# - ENABLE_NXP_OTP, (1): Perform CRC check over NXP OTPs.
# - ENABLE_ALL_OTP, (2): Perform CRC check over NXP and OEM OTPs.
# Possible options:
ENABLE_CRC_CHECK: DISABLE
# ---------------------------------------===== FIPS_KDF_STEN [Optional] =====---------------------------------------
# Description: Offset: 16b, Width: 2b, Enable self-test for CKDF block on power-up. Needed for FIPS certification.
# If this field is non-zero run self-test and log result in BOOT_STATE register.
# - SKIP_SELF_TEST_RUN, (0): Self-tests run is skipped and results are not included.
# - INCLUDE_SELF_TEST_RESULTS, (1): On failure continue to boot.
# - FALL_THROUGH_ISP_ON_FAIL, (2): On failure fall through ISP.
# - LOCK_DEVICE_ON_FAIL, (3): Stop on execution on fail.
# Possible options:
FIPS_KDF_STEN: SKIP_SELF_TEST_RUN
# --------------------------------------===== FIPS_CMAC_STEN [Optional] =====---------------------------------------
# Description: Offset: 18b, Width: 2b, Enable self-test for CMAC block on power-up. Needed for FIPS certification.
# If this field is non-zero run self-test and log result in BOOT_STATE register.
# - SKIP_SELF_TEST_RUN, (0): Self-tests run is skipped and results are not included.
# - INCLUDE_SELF_TEST_RESULTS, (1): On failure continue to boot.
# - FALL_THROUGH_ISP_ON_FAIL, (2): On failure fall through ISP.
# - LOCK_DEVICE_ON_FAIL, (3): Stop on execution on fail.
# Possible options:
FIPS_CMAC_STEN: SKIP_SELF_TEST_RUN
# --------------------------------------===== FIPS_DRBG_STEN [Optional] =====---------------------------------------
# Description: Offset: 20b, Width: 2b, Enable self-test for DRBG block on power-up. Needed for FIPS certification.
# If this field is non-zero run self-test and log result in BOOT_STATE register.
# - SKIP_SELF_TEST_RUN, (0): Self-tests run is skipped and results are not included.
# - INCLUDE_SELF_TEST_RESULTS, (1): On failure continue to boot.
# - FALL_THROUGH_ISP_ON_FAIL, (2): On failure fall through ISP.
# - LOCK_DEVICE_ON_FAIL, (3): Stop on execution on fail.
# Possible options:
FIPS_DRBG_STEN: SKIP_SELF_TEST_RUN
# --------------------------------------===== FIPS_ECDSA_STEN [Optional] =====--------------------------------------
# Description: Offset: 22b, Width: 2b, Enable self-test for ECDSA block on power-up. Needed for FIPS certification.
# If this field is non-zero run self-test and log result in BOOT_STATE register.
# - SKIP_SELF_TEST_RUN, (0): Self-tests run is skipped and results are not included.
# - INCLUDE_SELF_TEST_RESULTS, (1): On failure continue to boot.
# - FALL_THROUGH_ISP_ON_FAIL, (2): On failure fall through ISP.
# - LOCK_DEVICE_ON_FAIL, (3): Stop on execution on fail.
# Possible options:
FIPS_ECDSA_STEN: SKIP_SELF_TEST_RUN
# ---------------------------------------===== FIPS_AES_STEN [Optional] =====---------------------------------------
# Description: Offset: 24b, Width: 2b, Enable self-test for AES block on power-up. Needed for FIPS certification. If
# this field is non-zero run self-test and log result in BOOT_STATE register.
# - SKIP_SELF_TEST_RUN, (0): Self-tests run is skipped and results are not included.
# - INCLUDE_SELF_TEST_RESULTS, (1): On failure continue to boot.
# - FALL_THROUGH_ISP_ON_FAIL, (2): On failure fall through ISP.
# - LOCK_DEVICE_ON_FAIL, (3): Stop on execution on fail.
# Possible options:
FIPS_AES_STEN: SKIP_SELF_TEST_RUN
# ---------------------------------------===== FIPS_SHA_STEN [Optional] =====---------------------------------------
# Description: Offset: 26b, Width: 2b, Enable self-test for SHA2 block on power-up. Needed for FIPS certification.
# If this field is non-zero run self-test and log result in BOOT_STATE register.
# - SKIP_SELF_TEST_RUN, (0): Self-tests run is skipped and results are not included.
# - INCLUDE_SELF_TEST_RESULTS, (1): On failure continue to boot.
# - FALL_THROUGH_ISP_ON_FAIL, (2): On failure fall through ISP.
# - LOCK_DEVICE_ON_FAIL, (3): Stop on execution on fail.
# Possible options:
FIPS_SHA_STEN: SKIP_SELF_TEST_RUN
# ---------------------------------===== SKIP_PM_SIGN_VERIFICATION [Optional] =====---------------------------------
# Description: Offset: 28b, Width: 2b, On boot-up from PM3/PM4, do not run through ECDSA signature verification of
# the image.
# - NO_SKIP, (0): Image verification is not skipped upon wake up from PM3 and PM4.
# - NO_SKIP, (1): Image verification is not skipped upon wake up from PM3 and PM4.
# - NO_SKIP, (2): Image verification is not skipped upon wake up from PM3 and PM4.
# - SKIP, (3): Image verification is skipped upon wake up from PM3 and PM4.
# Possible options:
SKIP_PM_SIGN_VERIFICATION: NO_SKIP
# ------------------------------------------===== BOOT_CFG4 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A04C, Width: 32b; Boot configuration word specifying settings for recovery image.
BOOT_CFG4:
# ------------------------------------===== RECOVERY_IMAGE_SIZE [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 4b, Recovery image size
# - SIZE_OFFSET, (0): The size of the boot image is considered to be equal to the offset of the second image.
# - SIZE_1MB, (1): Size of remapped area is 1MByte.
# - SIZE_2MB, (2): Size of remapped area is 2MByte.
# - SIZE_3MB, (3): Size of remapped area is 3MByte.
# - SIZE_4MB, (4): Size of remapped area is 4MByte.
# - SIZE_5MB, (5): Size of remapped area is 5MByte.
# - SIZE_6MB, (6): Size of remapped area is 6MByte.
# - SIZE_7MB, (7): Size of remapped area is 7MByte.
# - SIZE_8MB, (8): Size of remapped area is 8MByte.
# - SIZE_9MB, (9): Size of remapped area is 9MByte.
# - SIZE_10MB, (10): Size of remapped area is 10MByte.
# - SIZE_11MB, (11): Size of remapped area is 11MByte.
# - SIZE_12MB, (12): Size of remapped area is 12MByte.
# - SIZE_256KB, (13): Size of remapped area is 256KByte.
# - SIZE_512KB, (14): Size of remapped area is 512KByte.
# - SIZE_768KB, (15): Size of remapped area is 768KByte.
# Possible options:
# SIZE_9MB, SIZE_10MB, SIZE_11MB, SIZE_12MB, SIZE_256KB, SIZE_512KB, SIZE_768KB>
RECOVERY_IMAGE_SIZE: SIZE_OFFSET
# -----------------------------------===== RECOVERY_IMAGE_OFFSET [Optional] =====-----------------------------------
# Description: Offset: 4b, Width: 10b, The offset in flash memory where the second boot image starts for recovery
# image. The offset to the second image is X * 256 kB.
RECOVERY_IMAGE_OFFSET: 0
# -------------------------------------===== RECOVERY_BOOT_EN [Optional] =====--------------------------------------
# Description: Offset: 14b, Width: 1b, Configures recovery boot flag
# - DISABLED, (0): Boot from recovery image is disabled.
# - ENABLED, (1): Boot from recovery image is enabled.
# Possible options:
RECOVERY_BOOT_EN: DISABLED
# ------------------------------------------===== BOOT_CFG5 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A050, Width: 32b; The USB VID and PID can be customized by writing the new values to the
# USB_VID and USB_PID fields in this fuse word field.
BOOT_CFG5:
# ------------------------------------------===== USB_VID [Optional] =====------------------------------------------
# Description: Offset: 0b, Width: 16b, Value of USB VID
USB_VID: 0
# ------------------------------------------===== USB_PID [Optional] =====------------------------------------------
# Description: Offset: 16b, Width: 16b, Value of USB PID
USB_PID: 0
# ------------------------------------------===== BOOT_CFG6 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A054, Width: 32b; The SDIO VID and PID can be customized by writing the new values to the
# SDIO_VID and SDIO_PID fields in this fuse word field.
BOOT_CFG6:
# -----------------------------------------===== SDIO_VID [Optional] =====------------------------------------------
# Description: Offset: 0b, Width: 16b, Value of SDIO VID
SDIO_VID: 0
# -----------------------------------------===== SDIO_PID [Optional] =====------------------------------------------
# Description: Offset: 16b, Width: 16b, Value of SDIO PID
SDIO_PID: 0
# ----------------------------------------===== SEC_BOOT_CFG0 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A058, Width: 16b; Root key revocation fuse word.
SEC_BOOT_CFG0:
# --------------------------------------===== REVOKE_ROOTKEY0 [Optional] =====--------------------------------------
# Description: Offset: 0b, Width: 1b, RoT Key 0 enable
# - ENABLED, (0): RoT Key is enabled.
# - REVOKED, (1): RoT Key is revoked.
# Possible options:
REVOKE_ROOTKEY0: ENABLED
# --------------------------------------===== REVOKE_ROOTKEY1 [Optional] =====--------------------------------------
# Description: Offset: 1b, Width: 1b, RoT Key 1 enable
# - ENABLED, (0): RoT Key is enabled.
# - REVOKED, (1): RoT Key is revoked.
# Possible options:
REVOKE_ROOTKEY1: ENABLED
# --------------------------------------===== REVOKE_ROOTKEY2 [Optional] =====--------------------------------------
# Description: Offset: 2b, Width: 1b, RoT Key 2 enable
# - ENABLED, (0): RoT Key is enabled.
# - REVOKED, (1): RoT Key is revoked.
# Possible options:
REVOKE_ROOTKEY2: ENABLED
# --------------------------------------===== REVOKE_ROOTKEY3 [Optional] =====--------------------------------------
# Description: Offset: 3b, Width: 1b, RoT Key 3 enable
# - ENABLED, (0): RoT Key is enabled.
# - REVOKED, (1): RoT Key is revoked.
# Possible options:
REVOKE_ROOTKEY3: ENABLED
# -----------------------------------===== NXP_PROV_FW_EXEC_DIS [Optional] =====------------------------------------
# Description: Offset: 5b, Width: 1b, Flag to disable execution of NXP signed provisioning Firmwares
# - EXEC_NOT_DISABLED, (0): Execution of NXP provisioning fw is not disabled.
# - EXEC_DISABLED, (1): Execution of NXP provisioning fw is disabled.
# Possible options:
NXP_PROV_FW_EXEC_DIS: EXEC_NOT_DISABLED
# ----------------------------------------===== SEC_BOOT_CFG1 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A05C, Width: 16b; DAP Vendor Usage configurations fuse word.
SEC_BOOT_CFG1:
# -------------------------------------===== DAP_VENDOR_USAGE [Optional] =====--------------------------------------
# Description: Offset: 0b, Width: 16b, Lower 16-bits of Vendor Usage field in Debug Credentials defined in NXP's
# Debug Authentication Protocol specifications Version 1.0.
DAP_VENDOR_USAGE: 0
# ----------------------------------------===== SEC_BOOT_CFG2 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A060, Width: 16b; Lower 16-bits of revoke Image signing key configuration fuse word.
SEC_BOOT_CFG2:
# --------------------------------------===== REVOKE_IMG_KEY [Optional] =====---------------------------------------
# Description: Offset: 0b, Width: 16b, Image key revocation bits.
REVOKE_IMG_KEY: 0
# ----------------------------------------===== SEC_BOOT_CFG3 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A064, Width: 16b; Upper 16-bits of revoke Image signing key configuration fuse word.
SEC_BOOT_CFG3:
# --------------------------------------===== REVOKE_IMG_KEY [Optional] =====---------------------------------------
# Description: Offset: 0b, Width: 16b, Image key revocation bits.
REVOKE_IMG_KEY: 0
# ----------------------------------------===== SEC_BOOT_CFG4 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A068, Width: 16b; User defined
SEC_BOOT_CFG4:
# -------------------------------------------===== User [Optional] =====--------------------------------------------
# Description: Offset: 0b, Width: 16b, User defined
User: 0
# ----------------------------------------===== SEC_BOOT_CFG5 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A06C, Width: 32b; User defined
SEC_BOOT_CFG5:
# ---------------------------------------===== SEC_BOOT_CFG5 [Optional] =====---------------------------------------
# Description: Offset: 0b, Width: 32b, User defined
SEC_BOOT_CFG5: 0
# ----------------------------------------===== SEC_BOOT_CFG6 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A070, Width: 32b; SDIO Block size settings fuse word.
SEC_BOOT_CFG6:
# -------------------------------------===== SDIO_F0_BLOCKSIZE [Optional] =====-------------------------------------
# Description: Offset: 0b, Width: 16b, SDIO Block F0 size
# `16b00` = SDIO_F0_BLOCKSIZE will be fixed `0x1`
# `SDIO_F0_BLOCKSIZE` = Fuse value
SDIO_F0_BLOCKSIZE: 0
# -------------------------------------===== SDIO_FN_BLOCKSIZE [Optional] =====-------------------------------------
# Description: Offset: 16b, Width: 16b, SDIO Block FN size
# `16b00` = SDIO_FN_BLOCKSIZE will be fixed `0x200`
# `SDIO_FN_BLOCKSIZE` = Fuse value
SDIO_FN_BLOCKSIZE: 0
# ----------------------------------------===== SEC_BOOT_CFG7 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A074, Width: 32b; SDIO configuration settings fuse word.
SEC_BOOT_CFG7:
# -----------------------------------------===== SDIO_REV [Optional] =====------------------------------------------
# Description: Offset: 0b, Width: 8b, Configure SDIO version revision.
# `8b00` = SDIO_REV will be fixed `0x30`
# `SDIO_REV ` = Fuse value
SDIO_REV: 0
# ----------------------------------------===== SDIO_SPEED [Optional] =====-----------------------------------------
# Description: Offset: 8b, Width: 8b, Configure SDIO Speed.
# `8b00` = SDIO_SPEED will be fixed `0xB`
# `SDIO_SPEED` = Fuse value
SDIO_SPEED: 0
# ---------------------------------------===== SDIO_TIMEOUT [Optional] =====----------------------------------------
# Description: Offset: 16b, Width: 16b, Configure SDIO Timeout.
# `16b00` = SDIO_TIMEOUT will be fixed `0x14`
# `SDIO_TIMEOUT` = Fuse value
SDIO_TIMEOUT: 0
# ----------------------------------------===== SEC_BOOT_CFG8 [Optional] =====----------------------------------------
# Description: Offset: 0x4000A078, Width: 32b; User defined
SEC_BOOT_CFG8:
# ---------------------------------------===== SEC_BOOT_CFG8 [Optional] =====---------------------------------------
# Description: Offset: 0b, Width: 32b, User defined
SEC_BOOT_CFG8: 0
# ---------------------------------------===== DCFG_CC_SOCU_NS [Optional] =====---------------------------------------
# Description: Offset: 0x4000A07C, Width: 32b; The DCFG_CC_SOCU_NS configuration fields can be used to increase the
# restriction level specified in DCFG_CC_SOCU. With TZ-M, the part can be sold by level 1 customers (secure code
# developer) to level-2 customers who develops non-secure code only.
# - In this scenario, or easy of development, Level-I customer releases the part to always allow non-secure debug.
# - To allow level-2 customers to further seal the part DCFG_CC_SOCU_NS is used.
# - ROM will use this word to further restrict the debug access.
# - Layout of this word is same as DCFG_CC_SOCU.
# - Combinations of PINNED_xxxEN and DFLT_xxxEN bits and resulting access restriction levels are:
# 1. PINNED_xxxEN=1,DFLT_xxxEN=1: Restriction level 0. Access to the sub-domain is always enabled. This setting is
# provided for module use case scenario where DCFG_CC_SOCU_NS would be used to define further access restrictions
# before final deployment of the product.
# 2. PINNED_xxxEN=0,DFLT_xxxEN=0: Restriction level 1. Access to the sub-domain is disabled at startup. But the access
# can be enabled through the debug authentication process by providing an appropriate Debug Credential (DC)
# certificate.
# 3. PINNED_xxxEN=0,DFLT_xxxEN=1: Illegal setting. Part will lock-up if this setting is selected.
# 4. PINNED_xxxEN=1,DFLT_xxxEN=0: Restriction level 2. Access to the sub-domain is permanently disabled and cannot be
# reversed. This setting offers the highest level of restriction.
DCFG_CC_SOCU_NS:
# ---------------------------------------===== DFLT_NIDEN_NS [Optional] =====---------------------------------------
# Description: Offset: 8b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined non-secure
# domain of CPU0.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_NIDEN_NS: DISABLED
# ---------------------------------------===== DFLT_DBGEN_NS [Optional] =====---------------------------------------
# Description: Offset: 9b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined non-secure domain
# of CPU0.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_DBGEN_NS: DISABLED
# --------------------------------------===== DFLT_SPNIDEN_NS [Optional] =====--------------------------------------
# Description: Offset: 10b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined secure domain
# of CPU0
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_SPNIDEN_NS: DISABLED
# --------------------------------------===== DFLT_SPIDEN_NS [Optional] =====---------------------------------------
# Description: Offset: 11b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined secure domain of
# CPU0.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_SPIDEN_NS: DISABLED
# ---------------------------------------===== DFLT_TAPEN_NS [Optional] =====---------------------------------------
# Description: Offset: 12b, Width: 1b, Controls TAP (Test Access Point) controller used for structural integrity
# testing of silicon by NXP as part of Return Material Analysis (RMA)
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_TAPEN_NS: DISABLED
# -------------------------------------===== DFLT_CPU1NIDEN_NS [Optional] =====-------------------------------------
# Description: Offset: 13b, Width: 1b, Controls non-Invasive debugging of CPU1.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU1NIDEN_NS: DISABLED
# -------------------------------------===== DFLT_CPU1DBGEN_NS [Optional] =====-------------------------------------
# Description: Offset: 14b, Width: 1b, Controls invasive debugging of CPU1.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU1DBGEN_NS: DISABLED
# -------------------------------------===== DFLT_CPU2NIDEN_NS [Optional] =====-------------------------------------
# Description: Offset: 15b, Width: 1b, Controls non-Invasive debugging of CPU2.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU2NIDEN_NS: DISABLED
# -------------------------------------===== DFLT_CPU2DBGEN_NS [Optional] =====-------------------------------------
# Description: Offset: 16b, Width: 1b, Controls invasive debugging of CPU2.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU2DBGEN_NS: DISABLED
# -------------------------------------===== DFLT_ISPCMDEN_NS [Optional] =====--------------------------------------
# Description: Offset: 17b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_ISPCMDEN_NS: DISABLED The debug mailbox 'switch to ISP mode' command is enabled also in locked state (to simplify example)
# --------------------------------------===== DFLT_FACMDEN_NS [Optional] =====--------------------------------------
# Description: Offset: 18b, Width: 1b, Controls whether DM-AP Set FA Mode command (command code: 0x06) can be issued
# after authentication
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_FACMDEN_NS: DISABLED
# --------------------------------------===== PINNED_NIDEN_NS [Optional] =====--------------------------------------
# Description: Offset: 19b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined non-secure
# domain of CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_NIDEN_NS: DAR_CC
# --------------------------------------===== PINNED_DBGEN_NS [Optional] =====--------------------------------------
# Description: Offset: 20b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined non-secure domain
# of CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_DBGEN_NS: DAR_CC
# -------------------------------------===== PINNED_SPNIDEN_NS [Optional] =====-------------------------------------
# Description: Offset: 21b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined secure domain
# of CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_SPNIDEN_NS: DAR_CC
# -------------------------------------===== PINNED_SPIDEN_NS [Optional] =====--------------------------------------
# Description: Offset: 22b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined secure domain of
# CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_SPIDEN_NS: DAR_CC
# --------------------------------------===== PINNED_TAPEN_NS [Optional] =====--------------------------------------
# Description: Offset: 23b, Width: 1b, Controls TAP (Test Access Point) controller used for structural integrity
# testing of silicon by NXP as part of Return Material Analysis (RMA)
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_TAPEN_NS: DAR_CC
# ------------------------------------===== PINNED_CPU1NIDEN_NS [Optional] =====------------------------------------
# Description: Offset: 24b, Width: 1b, Controls non-Invasive debugging of CPU1
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU1NIDEN_NS: DAR_CC
# ------------------------------------===== PINNED_CPU1DBGEN_NS [Optional] =====------------------------------------
# Description: Offset: 25b, Width: 1b, Controls invasive debugging of CPU1.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU1DBGEN_NS: DAR_CC
# ------------------------------------===== PINNED_CPU2NIDEN_NS [Optional] =====------------------------------------
# Description: Offset: 26b, Width: 1b, Controls non-Invasive debugging of CPU2.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU2NIDEN_NS: DAR_CC
# ------------------------------------===== PINNED_CPU2DBGEN_NS [Optional] =====------------------------------------
# Description: Offset: 27b, Width: 1b, Controls invasive debugging of CPU2.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU2DBGEN_NS: DAR_CC
# ------------------------------------===== PINNED_ISPCMDEN_NS [Optional] =====-------------------------------------
# Description: Offset: 28b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_ISPCMDEN_NS: DAR_CC The debug mailbox 'switch to ISP mode' command is enabled also in locked state (to simplify example)
PINNED_ISPCMDEN_NS: FIXED
# -------------------------------------===== PINNED_FACMDEN_NS [Optional] =====-------------------------------------
# Description: Offset: 29b, Width: 1b, Controls whether DM-AP Set FA Mode command (command code: 0x06) can be issued
# after authentication
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_FACMDEN_NS: DAR_CC
# ------------------------------------===== FORCE_UUID_MATCH_NS [Optional] =====------------------------------------
# Description: Offset: 30b, Width: 1b, When set, debug authentication protocol only accepts Debug Credential
# certificates (DC) with matching UUID.
# - NO_FORCE_UUID_MATCH, (0): Accepts Debug Credential certificates (DC) with any UUID.
# - FORCE_UUID_MATCH, (1): Accepts Debug Credential certificates (DC) with matching UUID.
# Possible options:
FORCE_UUID_MATCH_NS: NO_FORCE_UUID_MATCH
# ----------------------------------------===== DCFG_CC_SOCU [Optional] =====-----------------------------------------
# Description: Offset: 0x4000A084, Width: 32b; The DCFG_CC_SOCU configuration field specifies the debug access
# restrictions per debug domain. The DCFG_CC_SOCU_NS fields can be used to increase the restriction level specified in
# DCFG_CC_SOCU but cannot be used to reduce the restriction level.
# - Combinations of PINNED_xxxEN and DFLT_xxxEN bits and resulting access restriction levels are:
# 1. PINNED_xxxEN=1,DFLT_xxxEN=1: Restriction level 0. Access to the sub-domain is always enabled. This setting is
# provided for module use case scenario where DCFG_CC_SOCU_NS would be used to define further access restrictions
# before final deployment of the product.
# 2. PINNED_xxxEN=0,DFLT_xxxEN=0: Restriction level 1. Access to the sub-domain is disabled at startup. But the
# access can be enabled through the debug authentication process by providing an appropriate Debug Credential (DC)
# certificate.
# 3. PINNED_xxxEN=0,DFLT_xxxEN=1: Illegal setting. Part will lock-up if this setting is selected.
# 4. PINNED_xxxEN=1,DFLT_xxxEN=0: Restriction level 2. Access to the sub-domain is permanently disabled and cannot be
# reversed. This setting offers the highest level of restriction.
DCFG_CC_SOCU:
# ----------------------------------------===== DFLT_NIDEN [Optional] =====-----------------------------------------
# Description: Offset: 8b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined non-secure
# domain of CPU0.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_NIDEN: DISABLED
# ----------------------------------------===== DFLT_DBGEN [Optional] =====-----------------------------------------
# Description: Offset: 9b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined non-secure domain
# of CPU0.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_DBGEN: DISABLED
# ---------------------------------------===== DFLT_SPNIDEN [Optional] =====----------------------------------------
# Description: Offset: 10b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined secure domain
# of CPU0
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_SPNIDEN: DISABLED
# ----------------------------------------===== DFLT_SPIDEN [Optional] =====----------------------------------------
# Description: Offset: 11b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined secure domain of
# CPU0.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_SPIDEN: DISABLED
# ----------------------------------------===== DFLT_TAPEN [Optional] =====-----------------------------------------
# Description: Offset: 12b, Width: 1b, Controls TAP (Test Access Point) controller used for structural integrity
# testing of silicon by NXP as part of Return Material Analysis (RMA)
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_TAPEN: DISABLED
# --------------------------------------===== DFLT_CPU1NIDEN [Optional] =====---------------------------------------
# Description: Offset: 13b, Width: 1b, Controls non-Invasive debugging of CPU1.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU1NIDEN: DISABLED
# --------------------------------------===== DFLT_CPU1DBGEN [Optional] =====---------------------------------------
# Description: Offset: 14b, Width: 1b, Controls invasive debugging of CPU1.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU1DBGEN: DISABLED
# --------------------------------------===== DFLT_CPU2NIDEN [Optional] =====---------------------------------------
# Description: Offset: 15b, Width: 1b, Controls non-Invasive debugging of CPU2.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU2NIDEN: DISABLED
# --------------------------------------===== DFLT_CPU2DBGEN [Optional] =====---------------------------------------
# Description: Offset: 16b, Width: 1b, Controls invasive debugging of CPU2.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_CPU2DBGEN: DISABLED
# ---------------------------------------===== DFLT_ISPCMDEN [Optional] =====---------------------------------------
# Description: Offset: 17b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_ISPCMDEN: DISABLED The debug mailbox 'switch to ISP mode' command is enabled also in locked state (to simplify example)
DFLT_ISPCMDEN: ENABLED
# ---------------------------------------===== DFLT_FACMDEN [Optional] =====----------------------------------------
# Description: Offset: 18b, Width: 1b, Controls whether DM-AP Set FA Mode command (command code: 0x06) can be issued
# after authentication
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_FACMDEN: DISABLED
# ---------------------------------------===== PINNED_NIDEN [Optional] =====----------------------------------------
# Description: Offset: 19b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined non-secure
# domain of CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_NIDEN: DAR_CC
# ---------------------------------------===== PINNED_DBGEN [Optional] =====----------------------------------------
# Description: Offset: 20b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined non-secure domain
# of CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_DBGEN: DAR_CC
# --------------------------------------===== PINNED_SPNIDEN [Optional] =====---------------------------------------
# Description: Offset: 21b, Width: 1b, Controls non-Invasive debugging of TrustZone for Arm8-M defined secure domain
# of CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_SPNIDEN: DAR_CC
# ---------------------------------------===== PINNED_SPIDEN [Optional] =====---------------------------------------
# Description: Offset: 22b, Width: 1b, Controls invasive debugging of TrustZone for Arm8-M defined secure domain of
# CPU0
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_SPIDEN: DAR_CC
# ---------------------------------------===== PINNED_TAPEN [Optional] =====----------------------------------------
# Description: Offset: 23b, Width: 1b, Controls TAP (Test Access Point) controller used for structural integrity
# testing of silicon by NXP as part of Return Material Analysis (RMA)
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_TAPEN: DAR_CC
# -------------------------------------===== PINNED_CPU1NIDEN [Optional] =====--------------------------------------
# Description: Offset: 24b, Width: 1b, Controls non-Invasive debugging of CPU1
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU1NIDEN: DAR_CC
# -------------------------------------===== PINNED_CPU1DBGEN [Optional] =====--------------------------------------
# Description: Offset: 25b, Width: 1b, Controls invasive debugging of CPU1.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU1DBGEN: DAR_CC
# -------------------------------------===== PINNED_CPU2NIDEN [Optional] =====--------------------------------------
# Description: Offset: 26b, Width: 1b, Controls non-Invasive debugging of CPU2.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU2NIDEN: DAR_CC
# -------------------------------------===== PINNED_CPU2DBGEN [Optional] =====--------------------------------------
# Description: Offset: 27b, Width: 1b, Controls invasive debugging of CPU2.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_CPU2DBGEN: DAR_CC
# --------------------------------------===== PINNED_ISPCMDEN [Optional] =====--------------------------------------
# Description: Offset: 28b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_ISPCMDEN: DAR_CC
PINNED_ISPCMDEN: FIXED
# --------------------------------------===== PINNED_FACMDEN [Optional] =====---------------------------------------
# Description: Offset: 29b, Width: 1b, Controls whether DM-AP Set FA Mode command (command code: 0x06) can be issued
# after authentication
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_FACMDEN: DAR_CC
# -------------------------------------===== FORCE_UUID_MATCH [Optional] =====--------------------------------------
# Description: Offset: 30b, Width: 1b, When set, debug authentication protocol only accepts Debug Credential
# certificates (DC) with matching UUID.
# - NO_FORCE_UUID_MATCH, (0): Accepts Debug Credential certificates (DC) with any UUID.
# - FORCE_UUID_MATCH, (1): Accepts Debug Credential certificates (DC) with matching UUID.
# Possible options:
FORCE_UUID_MATCH: NO_FORCE_UUID_MATCH
# --------------------------------------===== LIFE_CYCLE_STATE [Optional] =====---------------------------------------
# Description: Offset: 0x4000A0B4, Width: 16b; Life cycle state of rw61x platform.
LIFE_CYCLE_STATE:
# --------------------------------------------===== LCS [Optional] =====--------------------------------------------
# Description: Offset: 0b, Width: 8b, Possible values of rw61x lifecycle states
# - Blank, (0): Initial state in NXP factory.
# - Provisioned, (1): NXP provisioned state.
# - Develop, (3): Initial customer development state after leaving NXP manufacturing.
# - Develop2, (7): Optional customer development state. Used for development of NS world code.
# - In-Field, (15): In-field application state for end-customer use.
# - Field Return OEM, (31): Field return state.
# - Failure Analysis (FA), (63): NXP field return state (CQC).
# - In-Field Locked, (207): Alternative in-field application state that disables debug capability and prevents use
# of field return/failure analysis states. The rest of the behavior of the device is same as the In-field state.
# - Shredded, (255): Bricked state to prevent device use.
# Possible options:
# Field Locked, Shredded>
LCS: Develop Life cycle of chip is temporary moved to 'In-field' to properly enable DAT on chip
LCS: In-Field
# ---------------------------------------===== LCS_REDUNDANT [Optional] =====---------------------------------------
# Description: Offset: 8b, Width: 8b, Repeat values of lifecycle state due to a security
# - Blank, (0): Initial state in NXP factory.
# - Provisioned, (1): NXP provisioned state.
# - Develop, (3): Initial customer development state after leaving NXP manufacturing.
# - Develop2, (7): Optional customer development state. Used for development of NS world code.
# - In-Field, (15): In-field application state for end-customer use.
# - Field Return OEM, (31): Field return state.
# - Failure Analysis (FA), (63): NXP field return state (CQC).
# - In-Field Locked, (207): Alternative in-field application state that disables debug capability and prevents use
# of field return/failure analysis states. The rest of the behavior of the device is same as the In-field state.
# - Shredded, (255): Bricked state to prevent device use.
# Possible options:
# Field Locked, Shredded>
LCS_REDUNDANT: Develop Life cycle of chip is temporary moved to 'In-field' to properly enable DAT on chip
LCS_REDUNDANT: In-Field
# --------------------------------------===== CUST_SK_MK[31:0] [Optional] =====---------------------------------------
# Description: Offset: 0x4000A170, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[31:0]:
# -------------------------------------===== CUST_SK_MK[31:0] [Optional] =====--------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[31:0]: 0
# --------------------------------------===== CUST_SK_MK[63:32] [Optional] =====--------------------------------------
# Description: Offset: 0x4000A174, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[63:32]:
# -------------------------------------===== CUST_SK_MK[63:32] [Optional] =====-------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[63:32]: 0
# --------------------------------------===== CUST_SK_MK[95:64] [Optional] =====--------------------------------------
# Description: Offset: 0x4000A178, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[95:64]:
# -------------------------------------===== CUST_SK_MK[95:64] [Optional] =====-------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[95:64]: 0
# -------------------------------------===== CUST_SK_MK[127:96] [Optional] =====--------------------------------------
# Description: Offset: 0x4000A17C, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[127:96]:
# ------------------------------------===== CUST_SK_MK[127:96] [Optional] =====-------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[127:96]: 0
# -------------------------------------===== CUST_SK_MK[159:128] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A180, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[159:128]:
# ------------------------------------===== CUST_SK_MK[159:128] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[159:128]: 0
# -------------------------------------===== CUST_SK_MK[191:160] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A184, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[191:160]:
# ------------------------------------===== CUST_SK_MK[191:160] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[191:160]: 0
# -------------------------------------===== CUST_SK_MK[223:192] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A188, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[223:192]:
# ------------------------------------===== CUST_SK_MK[223:192] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[223:192]: 0
# -------------------------------------===== CUST_SK_MK[255:224] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A18C, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[255:224]:
# ------------------------------------===== CUST_SK_MK[255:224] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[255:224]: 0
# -------------------------------------===== CUST_SK_MK[287:256] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A190, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[287:256]:
# ------------------------------------===== CUST_SK_MK[287:256] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[287:256]: 0
# -------------------------------------===== CUST_SK_MK[319:288] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A194, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[319:288]:
# ------------------------------------===== CUST_SK_MK[319:288] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[319:288]: 0
# -------------------------------------===== CUST_SK_MK[351:320] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A198, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[351:320]:
# ------------------------------------===== CUST_SK_MK[351:320] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[351:320]: 0
# -------------------------------------===== CUST_SK_MK[383:352] [Optional] =====-------------------------------------
# Description: Offset: 0x4000A19C, Width: 32b; FW encryption and decryption key wrapped by RFC3394, used for FW
# decryption
CUST_SK_MK[383:352]:
# ------------------------------------===== CUST_SK_MK[383:352] [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 32b, FW encryption and decryption key wrapped by RFC3394, used for FW decryption
CUST_SK_MK[383:352]: 0
# --------------------------------------------===== RKTH [Optional] =====---------------------------------------------
# Description: Offset: 0x4000A1A0, Width: 384b; ROTKH field is compounded by 12 32-bit fields and contains Root key
# table hash. For ECC P-256 keys RKTH is a 32-byte SHA-256 digest of four SHA-256 digests computed over four OEM
# public keys (OEM has four private-public key pairs in case one of its private keys becomes compromised) or in case
# that ECC P-384 keys are used, RKTH is 48-byte SHA-384 digest.
RKTH: '0000000000000000000000000000000000000000000000000000000000000000' RKTH value is specified to allow boot ROM validate the used public RoT keys. The value has been gotten from `nxpdebugmbox dat dc export` command. But there is alternative to get when signed MBI is generated or use `nxpcrypto rot calculate-hash` command.
RKTH: 'e2cca7cf09a45d2f1942969fda1c68ecaad78fad416d143292dad2f618291ddd'
# Copyright 2024 NXP
#
# SPDX-License-Identifier: BSD-3-Clause
# ===================================== Shadow Registers Configuration for rw612 =====================================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Optional] =====--------------------------------------
# Description: NXP chip family identifier.
# Possible options:
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
# Possible options:
revision: latest
# -----------------------------------===== Shadow registers Settings [Required] =====-----------------------------------
registers:
# ------------------------------------------===== BOOT_CFG0 [Optional] =====------------------------------------------
# Description: Offset: 0x4000A03C, Width: 32b; Boot configuration fuse word 0.
BOOT_CFG0:
# ------------------------------------===== PRIMARY_BOOT_SOURCE [Optional] =====------------------------------------
# Description: Offset: 0b, Width: 4b, Primary boot source. (a.k.a. Master boot source)
# - ISP_PIN_BOOT, (0): ISP pins will determine boot source.
# - FLEXSPI_BOOT, (1): Boot from FlexSPI flash device using FlexSPI interface pins.
# - SDIO_BOOT, (3): Boot from SDIO (Serial) port.
# - SPI_BOOT, (4): Boot using SPI slave interface using master boot mode.
# - I2C_BOOT, (5): I2C boot mode.
# - UART_BOOT, (6): Boot using UART interface using master boot mode.
# - Reserved, (7): Reserved.
# - USBHID_BOOT, (8): USB-HID boot mode.
# - ISP_MODE, (9): Always enter ISP mode. DEFAULT_ISP_MODE field will determine the ISP interface.
# - Test_MODE, (10): Reserved
# - QSPI_FALLBACK_SPINOR_BOOT, (12): Boot from Octal/Quad SPI flash device using FlexSPI channel A interface pins.
# If image is not found check recovery boot using SPI flash device through FlexComm.
# Possible options:
# ISP_MODE, Test_MODE, QSPI_FALLBACK_SPINOR_BOOT>
PRIMARY_BOOT_SOURCE: FLEXSPI_BOOT The primary source is updated to select the FlexSPI as primary boot device
# --------------------------------------===== SECURE_BOOT_EN [Optional] =====---------------------------------------
# Description: Offset: 19b, Width: 2b, Secure boot enable config
# - DISABLED, (0): Allow non-secure images with and without CRC. Used during development.
# - DISABLED, (1): RFU
# - ENABLED, (2): Secure boot is enabled. Do complete ECDSA checking of signed images. (ECDSA signed)
# - ENABLED, (3): Secure boot is enabled. Do complete ECDSA checking of signed images. (ECDSA signed)
# Possible options:
SECURE_BOOT_EN: ENABLED Secure boot is changed to enable Debug authentication protocol functionality and also show that functionality on real example
# -----------------------------------------===== DICE_SKIP [Optional] =====-----------------------------------------
# Description: Offset: 23b, Width: 1b, Skip DICE computation
# - NO_SKIP, (0): Enable DICE
# - SKIP, (1): Disable DICE
# Possible options:
DICE_SKIP: SKIP DICE is skipped to be sure that it doesn't influence that DAT example
# ---------------------------------------===== DCFG_CC_SOCU_NS [Optional] =====---------------------------------------
# Description: Offset: 0x4000A07C, Width: 32b; The DCFG_CC_SOCU_NS configuration fields can be used to increase the
# restriction level specified in DCFG_CC_SOCU. With TZ-M, the part can be sold by level 1 customers (secure code
# developer) to level-2 customers who develops non-secure code only.
# - In this scenario, or easy of development, Level-I customer releases the part to always allow non-secure debug.
# - To allow level-2 customers to further seal the part DCFG_CC_SOCU_NS is used.
# - ROM will use this word to further restrict the debug access.
# - Layout of this word is same as DCFG_CC_SOCU.
# - Combinations of PINNED_xxxEN and DFLT_xxxEN bits and resulting access restriction levels are:
# 1. PINNED_xxxEN=1,DFLT_xxxEN=1: Restriction level 0. Access to the sub-domain is always enabled. This setting is
# provided for module use case scenario where DCFG_CC_SOCU_NS would be used to define further access restrictions
# before final deployment of the product.
# 2. PINNED_xxxEN=0,DFLT_xxxEN=0: Restriction level 1. Access to the sub-domain is disabled at startup. But the access
# can be enabled through the debug authentication process by providing an appropriate Debug Credential (DC)
# certificate.
# 3. PINNED_xxxEN=0,DFLT_xxxEN=1: Illegal setting. Part will lock-up if this setting is selected.
# 4. PINNED_xxxEN=1,DFLT_xxxEN=0: Restriction level 2. Access to the sub-domain is permanently disabled and cannot be
# reversed. This setting offers the highest level of restriction.
DCFG_CC_SOCU_NS:
# ------------------------------------===== PINNED_ISPCMDEN_NS [Optional] =====-------------------------------------
# Description: Offset: 28b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_ISPCMDEN_NS: FIXED The debug mailbox 'switch to ISP mode' command is enabled also in locked state (to simplify example)
# ----------------------------------------===== DCFG_CC_SOCU [Optional] =====-----------------------------------------
# Description: Offset: 0x4000A084, Width: 32b; The DCFG_CC_SOCU configuration field specifies the debug access
# restrictions per debug domain. The DCFG_CC_SOCU_NS fields can be used to increase the restriction level specified in
# DCFG_CC_SOCU but cannot be used to reduce the restriction level.
# - Combinations of PINNED_xxxEN and DFLT_xxxEN bits and resulting access restriction levels are:
# 1. PINNED_xxxEN=1,DFLT_xxxEN=1: Restriction level 0. Access to the sub-domain is always enabled. This setting is
# provided for module use case scenario where DCFG_CC_SOCU_NS would be used to define further access restrictions
# before final deployment of the product.
# 2. PINNED_xxxEN=0,DFLT_xxxEN=0: Restriction level 1. Access to the sub-domain is disabled at startup. But the
# access can be enabled through the debug authentication process by providing an appropriate Debug Credential (DC)
# certificate.
# 3. PINNED_xxxEN=0,DFLT_xxxEN=1: Illegal setting. Part will lock-up if this setting is selected.
# 4. PINNED_xxxEN=1,DFLT_xxxEN=0: Restriction level 2. Access to the sub-domain is permanently disabled and cannot be
# reversed. This setting offers the highest level of restriction.
DCFG_CC_SOCU:
# ---------------------------------------===== DFLT_ISPCMDEN [Optional] =====---------------------------------------
# Description: Offset: 17b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DISABLED, (0): Disabled
# - ENABLED, (1): Enabled
# Possible options:
DFLT_ISPCMDEN: ENABLED The debug mailbox 'switch to ISP mode' command is enabled also in locked state (to simplify example)
# --------------------------------------===== PINNED_ISPCMDEN [Optional] =====--------------------------------------
# Description: Offset: 28b, Width: 1b, Controls whether ISP boot flow DM-AP command (command code: 0x05) can be
# issued after authentication.
# - DAR_CC, (0): Debug Authentication Response determines the state.
# - FIXED, (1): Enabled
# Possible options:
PINNED_ISPCMDEN: FIXED
# --------------------------------------===== LIFE_CYCLE_STATE [Optional] =====---------------------------------------
# Description: Offset: 0x4000A0B4, Width: 16b; Life cycle state of rw61x platform.
LIFE_CYCLE_STATE:
# --------------------------------------------===== LCS [Optional] =====--------------------------------------------
# Description: Offset: 0b, Width: 8b, Possible values of rw61x lifecycle states
# - Blank, (0): Initial state in NXP factory.
# - Provisioned, (1): NXP provisioned state.
# - Develop, (3): Initial customer development state after leaving NXP manufacturing.
# - Develop2, (7): Optional customer development state. Used for development of NS world code.
# - In-Field, (15): In-field application state for end-customer use.
# - Field Return OEM, (31): Field return state.
# - Failure Analysis (FA), (63): NXP field return state (CQC).
# - In-Field Locked, (207): Alternative in-field application state that disables debug capability and prevents use
# of field return/failure analysis states. The rest of the behavior of the device is same as the In-field state.
# - Shredded, (255): Bricked state to prevent device use.
# Possible options:
# Field Locked, Shredded>
LCS: In-Field Life cycle of chip is temporary moved to 'In-field' to properly enable DAT on chip
# ---------------------------------------===== LCS_REDUNDANT [Optional] =====---------------------------------------
# Description: Offset: 8b, Width: 8b, Repeat values of lifecycle state due to a security
# - Blank, (0): Initial state in NXP factory.
# - Provisioned, (1): NXP provisioned state.
# - Develop, (3): Initial customer development state after leaving NXP manufacturing.
# - Develop2, (7): Optional customer development state. Used for development of NS world code.
# - In-Field, (15): In-field application state for end-customer use.
# - Field Return OEM, (31): Field return state.
# - Failure Analysis (FA), (63): NXP field return state (CQC).
# - In-Field Locked, (207): Alternative in-field application state that disables debug capability and prevents use
# of field return/failure analysis states. The rest of the behavior of the device is same as the In-field state.
# - Shredded, (255): Bricked state to prevent device use.
# Possible options:
# Field Locked, Shredded>
LCS_REDUNDANT: In-Field Life cycle of chip is temporary moved to 'In-field' to properly enable DAT on chip
# --------------------------------------------===== RKTH [Optional] =====---------------------------------------------
# Description: Offset: 0x4000A1A0, Width: 384b; ROTKH field is compounded by 12 32-bit fields and contains Root key
# table hash. For ECC P-256 keys RKTH is a 32-byte SHA-256 digest of four SHA-256 digests computed over four OEM
# public keys (OEM has four private-public key pairs in case one of its private keys becomes compromised) or in case
# that ECC P-384 keys are used, RKTH is 48-byte SHA-384 digest.
RKTH: 'e2cca7cf09a45d2f1942969fda1c68ecaad78fad416d143292dad2f618291ddd' RKTH value is specified to allow boot ROM validate the used public RoT keys. The value has been gotten from `nxpdebugmbox dat dc export` command. But there is alternative to get when signed MBI is generated or use `nxpcrypto rot calculate-hash` command.
5.1 Apply the Shadow register configuration#
The following commands loads prepared configuration for shadow registers (set RKTH, move life cycle to In-field state, enable secure boot). After load the MCU will be resets and to prove that settings are active the test-connection command is called and should returns that there is no debug connection to MCU.
# load modified shadowregs
%! shadowregs -i $INTERFACE -f $FAMILY loadconfig -c $SR_CONFIG --no-verify
# reset the device to load modified shadowregs
%! shadowregs -i $INTERFACE -f $FAMILY reset
# check the device is not accessible for debugging
%! nxpdebugmbox -f $FAMILY -i $INTERFACE mem-tool test-connection
shadowregs -i pyocd -f rw612 loadconfig -c inputs/sr_config.yaml --no-verify
# Interface Id Description
-------------------------------------------------------
0 PyOCD 1069211762 Segger J-Link MCU-Link
The Shadow registers has been loaded by configuration in C:\_DDM\GIT\PROVISIONING\spsdk2\examples\dat\rw612\inputs\sr_config.yaml YAML file
shadowregs -i pyocd -f rw612 reset
# Interface Id Description
-------------------------------------------------------
0 PyOCD 1069211762 Segger J-Link MCU-Link
The target has been reset.
nxpdebugmbox -f rw612 -i pyocd mem-tool test-connection
# Interface Id Description
-------------------------------------------------------
0 PyOCD 1069211762 Segger J-Link MCU-Link
The device is not-accessible for debugging.
6. Debug authentication challenge#
In the previous steps, we loaded a configuration with all the keys and enabled the debug authentication in the device. We have also created the DC certificate and private key for the debug authentication challenge. In addition, a protocol version and a beacon must be specified.
RW61x devices support two versions of ECDSA keys:
ECDSA P-256 signature verification RoT key(s)
ECDSA P-384 signature verification RoT key(s)
The debug authentication process can be extended with beacons. The authentication beacon defines the system-specific debug policy use case such as: restricting debug authentication to only certain devices having specific system product ID during manufacturing phase.
6.1 Generate debug authentication configuration file#
In advance we will prepare the configuration file for debug authentication procedure itself. Let’s begin again by creating a template configuration file using the nxpdebugmbox dat get-template
command. To simplify this example, we have already prepared that configuration, which can be found in the ./inputs/dat_config.yaml file. Below, we’ll compare the differences between the template and our customized example to highlight the additions we’ve made. This tiny configuration file is needed that specify the data from in-field technician.
# Get difference of template and user YAML configuration
YamlDiffWidget("inputs/dat_config.diffc").html
nxpdebugmbox -f rw612 dat get-template -o workspace/dat_config.yaml --force
Creating workspace/dat_config.yaml template file.
Configuration Differences
# ============================== Debug Authentication Configuration template for rw612. ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
revision: latest
# ======================================================================================================================
# == Debug Authentication Content ==
# ======================================================================================================================
# -------------------------------===== Debug Credential Certificate file [Required] =====-------------------------------
# Description: A debug credential binary file provided by owner of Root Keys. The file could be created by 'dc' group of
# commands.
certificate: dc.bin Path to debug credential certificate (that we created in previous step)
certificate: ./workspace/debug_auth.dc
# -------------------------------------===== Authentication beacon [Required] =====-------------------------------------
# Description: Debug authentication process can be extended with beacons. DEBUG_AUTH_BEACON (this field) contain
# information from debug authentication after debugger is successfully authenticated. This register contain data from
# Authentication beacon [31:16] which is defined during authentication session and Credential beacon [15:0] which is
# defined on RoT keys owner side during debug credential file generation and signing. When credential beacon non-zero
# value is used in this field, ROM defers opening debug access to user application. The result of the authentication
# process is written to DBG_FEATURES register while the user application after doing its extended processing, such as
# clean-up of critical keys and secrets, should copy the value to DBG_FEATURES_DP register to enable the debug access.
beacon: 0 We keep the beacon on value zero, it's enough for example purposes
# -------------------------------------------===== Keys set [Optional] =====--------------------------------------------
# Description: Selection of keys origin.
# Possible options:
srk_set: oem We keep default value on OEM
# ----------------------------===== DCK signature private key [Conditionally required] =====----------------------------
# Description: Private key that match the public key in debug credential file, to sign Debug Authentication response.
dck_private_key: ../../_data/keys/ecc256/dck_ecc256.pem
dck_private_key: dck.pem Updated Debug Credential private key to used in our example
# -------------------------------===== Signature Provider [Conditionally required] =====--------------------------------
# Description: Signature provider configuration in format 'type=;key_number= '.
sign_provider: type=sasp;key_number=0 This is removed, because we are using private key in this example
# Copyright 2024 NXP
#
# SPDX-License-Identifier: BSD-3-Clause
# ============================== Debug Authentication procedure Configuration for rw612 ==============================
# ======================================================================================================================
# == General Options ==
# ======================================================================================================================
# -------------------------------------===== The chip family name [Required] =====--------------------------------------
# Description: NXP chip family identifier.
family: rw612
# -----------------------------------------===== MCU revision [Optional] =====------------------------------------------
# Description: Revision of silicon. The 'latest' name, means most current revision.
revision: latest
# ======================================================================================================================
# == Debug Authentication Content ==
# ======================================================================================================================
# -------------------------------===== Debug Credential Certificate file [Required] =====-------------------------------
# Description: A debug credential binary file provided by owner of Root Keys. The file could be created by 'dc' group of
# commands.
certificate: ./workspace/debug_auth.dc Path to debug credential certificate (that we created in previous step)
# -------------------------------------===== Authentication beacon [Required] =====-------------------------------------
# Description: Debug authentication process can be extended with beacons. DEBUG_AUTH_BEACON (this field) contain
# information from debug authentication after debugger is successfully authenticated. This register contain data from
# Authentication beacon [31:16] which is defined during authentication session and Credential beacon [15:0] which is
# defined on RoT keys owner side during debug credential file generation and signing. When credential beacon non-zero
# value is used in this field, ROM defers opening debug access to user application. The result of the authentication
# process is written to DBG_FEATURES register while the user application after doing its extended processing, such as
# clean-up of critical keys and secrets, should copy the value to DBG_FEATURES_DP register to enable the debug access.
beacon: 0 We keep the beacon on value zero, it's enough for example purposes
# -------------------------------------------===== Keys set [Optional] =====--------------------------------------------
# Description: Selection of keys origin.
# Possible options:
srk_set: oem We keep default value on OEM
# ----------------------------===== DCK signature private key [Conditionally required] =====----------------------------
# Description: Private key that match the public key in debug credential file, to sign Debug Authentication response.
dck_private_key: ../../_data/keys/ecc256/dck_ecc256.pem Updated Debug Credential private key to used in our example
6.2 Perform Debug authentication#
The following command performs debug authentication challenge-response protocol itself. It should ends with unlocked device to debug.
DAT_CONFIG = INPUTS + "dat_config.yaml"
%! nxpdebugmbox -v -f $FAMILY -i $INTERFACE dat auth -c $DAT_CONFIG
nxpdebugmbox -v -f rw612 -i pyocd dat auth -c inputs/dat_config.yaml
INFO:spsdk.apps.nxpdebugmbox:Starting Debug Authentication
# Interface Id Description
-------------------------------------------------------
0 PyOCD 1069211762 Segger J-Link MCU-Link
INFO:spsdk.debuggers.debug_probe_pyocd:PyOCD connected via J-Link MCU-Link probe.
INFO:spsdk.apps.nxpdebugmbox:DAC:
Version : Version 2.0
SOCC : 0x0000000A
UUID : 254A3E01B4A243D8AEBDEC26C6534E83
CC_VU : 0
ROTID_rkh_revocation : 5813F8FD
ROTID_rkth_hash : f30f3c6947995c5885e72fdfc75b6b76cd8b7a5eee56246d51080d9be1fbb310
CC_soc_pinned : 00000100
CC_soc_default : 00000000
Challenge : dbb9c42895a431460221bdd796e8e9bb88ee7bc1378f3b8e48c7b2c632079660
INFO:spsdk.apps.nxpdebugmbox:DAR:
DAC:
Version : Version 2.0
SOCC : 0x0000000A
UUID : 254A3E01B4A243D8AEBDEC26C6534E83
CC_VU : 0
ROTID_rkh_revocation : 5813F8FD
ROTID_rkth_hash : f30f3c6947995c5885e72fdfc75b6b76cd8b7a5eee56246d51080d9be1fbb310
CC_soc_pinned : 00000100
CC_soc_default : 00000000
Challenge : dbb9c42895a431460221bdd796e8e9bb88ee7bc1378f3b8e48c7b2c632079660
DC:
Version : Version 2.0
SOCC : 0x0000000A
UUID : 00000000000000000000000000000000
CC_SOCC : 0xfff
CC_VU : 0x0
BEACON : 0
Number of records in flags: 4
CRTK table has 4 entries
CTRK hash : e2cca7cf09a45d2f1942969fda1c68ecaad78fad416d143292dad2f618291ddd
Authentication Beacon: 0
INFO:spsdk.debuggers.debug_probe_pyocd:PyOCD connected via J-Link MCU-Link probe.
Debug Authentication ends successfully.