~funderscore blog cgit wiki get in touch
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFerass El Hafidi <funderscore@postmarketos.org>2025-02-20 18:18:14 +0000
committerFerass El Hafidi <funderscore@postmarketos.org>2025-02-20 18:18:14 +0000
commitfffcee663078f43f31c9c65642577b0e1113c002 (patch)
treee0e72a0a7c98e8daeb847fddf238889065864d4d
parent23da4bbe9a1ef2be2d35b356f57670d9573df606 (diff)
downloadreversing-gxbb-bl2-master.tar.gz
docs/gx-bootrom.md: add more docs about OTPHEADmaster
Signed-off-by: Ferass El Hafidi <funderscore@postmarketos.org>
Diffstat
-rw-r--r--docs/gx-bootrom.md13
1 files changed, 12 insertions, 1 deletions
diff --git a/docs/gx-bootrom.md b/docs/gx-bootrom.md
index a733109..8cfce2c 100644
--- a/docs/gx-bootrom.md
+++ b/docs/gx-bootrom.md
@@ -7,7 +7,7 @@ Sample bootROM UART log of a successful boot on Amlogic S805Y:
### Status messages
* `GXL:BL1:9ac50e:bb16dc`: Indicates SoC generation, git commit hash (?)
-* `FEAT`: Dump of 0xc8100228 register
+* `FEAT`: Dump of `SECUREBOOT_FLAG` (`0xc8100228`):
* `POC`: POC pin
* `RCY`: If HDMI boot dongle is plugged in, this is `1`, else `0`
@@ -19,3 +19,14 @@ Sample bootROM UART log of a successful boot on Amlogic S805Y:
* `A7`: Wrong magic (!= `@AML`) or version number
* `C7`: Wrong header size or digest offset
* `CF`: Payload size or offset too big
+
+### EFUSE/OTP
+
+Where many settings are set, e.g. regarding SecureBoot. A copy of it is
+available at `0xd9013c00` (in AHB SRAM).
+
+The AES key and IV are located at `0xd9013c50` and `0xd9013c70` respectively.
+On a secureboot-enabled device, they can be dumped easily using
+[amlogic-usbdl](https://fredericb.info/2021/02/amlogic-usbdl-unsigned-code-loader-for-amlogic-bootrom.html).
+
+[Will do more research later]