Name Description Location(s) Function(s)
IROM Instruction ROM (Boot ROM) Internal ROM Establish root keys
Authenticate & Load BCT
Authenticate and jump to MB1
MB1 Stage 1 Internal SRAM Initialize DRAM
Boot Loader Authenticate & Load MB2 to DRAM
Bring CPU out of reset
(1) The MB1 is located in eMMC, when BPMP run, it is loaded into SRAM, right? And where is IROM loaded after BPMP runs?
(2) For TX2 devKit, the “Public Key Cryptography” is flash into eMMC, then where does SBK, KEK, SSK, DK flash into?
(3) The security boot section of l4t32.2 document note that “Once a fuse bit is set to 1, you cannot change its value back to 0”, that means we must prudently set a fuse bit, cause we can’t reverse it back no more, so how should I test those fuse bits?
(4) I want test security boot relative keys. How to generate SBK Key, DK(KEK), and ODM Fuses?
you should also refer to Jetson TX2 Boot Flow for the detail booting process.
there’re loading and authentication flow for MB1, and copies MB1 into SysRAM. MB2 also had similar flows for authentication, but MB1 copy it into DRAM. after that, BPMP-FW own the controls.
(1) For TX2 boot flow, upon the release of reset button, BPMP execute BootROM. I think the BootROM is hard-coded to the board EEPROM, but which place is it loaded when it is executed, internal RAM, SDRAM, or some else?
But I still don’t know which RAM is bootRom loaded in when BPMP runs it. I am clear that when the board is off, it stores in internal ROM. But when it is running, where the data and instruction of bootRom are loaded?
If the bootROM is loaded in a RAM, then what program initialize that RAM?
Yes, I have studied that document for a long time. As it describes, ‘The NVIDIA® Jetson™ TX2 BootROM (BR) is hard-wired in the Tegra chip,’ and ‘Upon release of reset, BPMP executes from IROM’, that means BPMP exchanges data with internal ROM directly without loading it into RAM first. But as far as I know, every program must run in RAM but not in ROM, so here I bother you.