Following are the different scenarios for triggering a secure lockdown in the PLM:
Tamper Event
When a tamper event occurs, the response is configured as SYS_INTERRUPT
in the TAMPER_RESP_X register and the
actual secure lockdown response is configured in the reserved RTCA location. The
sequence is described in PLM Lockdown Flow.
Boot Failures
When a boot failure occurs and the Halt-on-Boot eFuses are programmed, a
secure lockdown is triggered in the PLM. If the boot mode is not JTAG and PLM_DEBUG_MODE
is not enabled, the PLM checks if the
Halt-on-Boot eFuse is programmed:
- If it is not blown, it executes multiboot.
- If the eFuse is programmed, it executes secure lockdown with the
SEC_LOCKDOWN_0
response same as the BootROM implementation and then triggersTAMPER_RESP_0
to RCU for executing the secure lockdown of the PMC.
Secure Lockdown over IPI
When a host issues the TamperTrigger
IPI command to the PLM,
a secure lockdown is triggered.
This API is supported by the IPI which has a single payload to mention the
tamper response. Valid tamper responses are SEC_LOCKDOWN_0
, SEC_LOCKDOWN_1
, and
SRST
. This function validates the tamper response payload
argument that is received. If a valid tamper response is received in the command, it
executes the received tamper response. Otherwise, it returns a unique error
code.
Command Format | ||||
---|---|---|---|---|
Reserved [31:25] = 0x0 | Security Flag [24] | Length [23:16] =1 | PLM=1 | CMD_TAMPER_TRIGGER=35 |
Reserved [31:8] | Tamper Response [7:0] |
This command triggers the Tamper Response. If successful, the PLM does not send any response as it is handed off to the BootROM running on RCU. Valid tamper responses are:
Field Name | Bits | Description |
---|---|---|
BBRAM_ERASE | 4 | Zeroize non-volatile BBRAM key in addition to the tamper response specified. |
SYS_LOCKDOWN_1 | 3 | Secure lockdown with I/O tristated. If multiple bits are set, only the MSB bit is taken. |
SYS_LOCKDOWN_0 | 2 | Secure lockdown without I/O tristated. If multiple bits are set, only MSB bit is taken. |
SRST | 1 | System reset. |
Reserved | 0 | Not valid. |