The BootROM also looks for the dual device, 8-bit parallel configuration. In this case, the BootROM only reads the even bits of the BootROM header because it is only accessing the first device and the header is split across both devices. The BootROM forms a 32-bit word that includes the even bits of the width detection (0x20) and image identification (0x24) parameter values. When the BootROM detects this condition, it assumes the system uses the 8-bit parallel configuration and programs the controller for the x8 operating mode. This mode is used for the rest of the boot process.
Field Name |
Bit Offset |
Width |
Default Value |
Description |
---|---|---|---|---|
Reserved |
31:16 |
16 |
0x0 |
|
Bhdr RSA |
15:14 |
2 |
0x0 |
0x3: If the RSA_EN eFUSEs are not programmed, RSA authentication of the boot image is done, excluding verification of PPK hash and SPK ID. |
SHA2 select |
13:12 |
2 |
0x0 |
0x3: While doing RSA authentication, SHA2 is used in place of SHA3.(1) All others: SHA3 is used while doing RSA authentication. |
CPU select |
11:10 |
2 |
0x0 |
0x0: Cortex-R5F single (split mode). 0x1: Cortex-A53 single 32-bit. 0x2: Cortex-A53 single 64-bit. 0x3: Cortex-R5F dual (lock-step mode). |
Hashing select |
9:8 |
2 |
0x0 |
0x0, 0x1: No integrity check. 0x2: SHA2 is used as a hash function to do boot image integrity check.(1) 0x3: SHA3 is used as a hash function to do boot image integrity check. Note: This option should not be selected if authentication (RSA) is used. If the RSA_EN eFUSEs are programmed and this option is set, an error occurs. |
PUF HD location |
7:6 |
2 |
0x0 |
0x3: PUF HD is part of the boot header. |
Authenticate only |
5:4 |
2 |
0x0 |
0x3: Boot image is only RSA signed, do not decrypt the image even if 0x28 offset is non-zero. All others: Means if 0x28 is non-zero, then decrypt the boot image. |
OP key |
3:2 |
2 |
0x0 |
0x3: Secure header contains operational key for block 0 decryption. |
Reserved |
1:0 |
2 |
0x0 |
|
Notes: 1.AMD recommends using SHA3 only. SHA2 will be deprecated in 2019.1. |