Template Configuration - Pavona Documentation

This IP was configured with the following parameters:

name	value	dtgen
otp_mmap	OrderedDict([(‘otp’, OrderedDict([(‘width’, 2), (‘depth’, 10240), (‘size’, 20480), (‘addr_width’, 14), (‘byte_addr_width’, 15)])), (‘scrambling’, OrderedDict([(‘key_size’, 16), (‘iv_size’, 8), (‘cnst_size’, 16), (‘keys’, [OrderedDict([(‘name’, ‘Secret0Key’), (‘value’, ‘’)]), OrderedDict([(‘name’, ‘Secret1Key’), (‘value’, ‘’)]), OrderedDict([(‘name’, ‘Secret2Key’), (‘value’, ‘’)]), OrderedDict([(‘name’, ‘Secret3Key’), (‘value’, ‘’)])]), (‘digests’, [OrderedDict([(‘name’, ‘CnstyDigest’), (‘iv_value’, ‘’), (‘cnst_value’, ‘’)]), OrderedDict([(‘name’, ‘SramDataKey’), (‘iv_value’, ‘’), (‘cnst_value’, ‘’)])]), (‘num_keys’, 4), (‘num_digests’, 2)])), (‘partitions’, [OrderedDict([(‘name’, ‘VENDOR_TEST’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, True), (‘hw_digest’, False), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, False), (‘bkout_type’, False), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘SCRATCH’), (‘size’, 56), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 0)]), OrderedDict([(‘name’, ‘VENDOR_TEST_DIGEST’), (‘size’, 8), (‘offset’, 56), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘VENDOR_TEST_ZER’), (‘size’, 8), (‘offset’, 64), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Vendor test partition.\nThis is reserved for manufacturing smoke checks. The OTP wrapper\ncontrol logic inside prim_otp is allowed to read/write to this\nregion. ECC uncorrectable errors seen on the functional prim_otp\ninterface will not lead to an alert for this partition.\nInstead, such errors will be reported as correctable ECC errors.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 72), (‘offset’, 0)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, True), (‘hw_digest’, False), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘items’, [OrderedDict([(‘name’, ‘CREATOR_SW_CFG_AST_CFG’), (‘size’, 124), (‘desc’, ‘AST configuration data. These values get blindly copied to\nthe AST CSRs during ROM execution.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 72)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_AST_INIT_SIZE’), (‘size’, 4), (‘desc’, ‘Controls how many 32-bit words from the CREATOR_SW_CFG_AST_CFG item\nget copied to the AST CSRs during ROM execution.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 196)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_ROM_SECURE_BOOT_EN’), (‘size’, 4), (‘ismubi’, True), (‘inv_default’, ‘’), (‘desc’, ‘Secure boot chicken bit. Secure boot is enabled iff this is\nset to kMultiBitBool32True. OTBN is not loaded with any code\nfor any other values.’), (‘isdigest’, False), (‘iszer’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 200)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_ROM_SIGGEN_EN’), (‘size’, 4), (‘ismubi’, True), (‘inv_default’, ‘’), (‘desc’, ‘Signature generation chicken bit. Asset signatures are\ngenerated iff both this item and\nCREATOR_SW_CFG_ROM_SECURE_BOOT_EN are set to\nkMultiBitBool32True.’), (‘isdigest’, False), (‘iszer’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 204)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_ROM_SIGVERIFY_EN’), (‘size’, 4), (‘ismubi’, True), (‘inv_default’, ‘’), (‘desc’, ‘Signature verification chicken bit. Asset signatures are\nverified iff this item, the CREATOR_SW_CFG_ROM_SECURE_BOOT_EN\nand the CREATOR_SW_CFG_ROM_SIGGEN_EN ones are all set to\nkMultiBitBool32True.’), (‘isdigest’, False), (‘iszer’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 208)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_SIGVERIFY_SPX_EN’), (‘size’, 4), (‘desc’, ‘Controls whether or not SPHINCS+ signature verification will\nbe executed when the ROM attempts to boot the ROM_EXT.\nA value of kSigverifySpxDisabledOtp disables SPHINCS+\nsignature verification, while all other values enable it.\nNote, SPHINCS+ signature verification is always disabled in\nTEST_UNLOCKED* LC states.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 212)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_EN’), (‘size’, 4), (‘desc’, ‘Whether or not to enable use of hardware generated entropy\n(from the entropy complex via EDN) in the `rnd_uint32`\nfunction. A value of kHardenedBoolTrue enables the use of\nhardware generated entropy, while all other values disable.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 216)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_JITTER_EN’), (‘size’, 4), (‘desc’, ‘Whether or not to enable clock jitter. A value of\nkMultiBitBool4False disables, while all other values enable.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 220)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RET_RAM_RESET_MASK’), (‘size’, 4), (‘desc’, ‘Reset reason mask used to initialize (by overwriting with\nrandom data) retention SRAM during ROM execution. A value of\n0 only initializes retention SRAM on power-on-resets.See\nrstmgr RESET_INFO CSR documentation for more details.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 224)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_CPUCTRL’), (‘size’, 4), (‘desc’, ‘Value to write to the Ibex CPUCTRL CSR during ROM execution.\nThis field controls settings such as ICACHE enablement. See\nIbex documentation for more information.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 228)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 232)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 236)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 240)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 244)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 248)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 252)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 256)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 260)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 264)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_ALERT_THRESHOLD’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 268)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_RNG_HEALTH_CONFIG_DIGEST’), (‘size’, 4), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 272)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_SRAM_KEY_RENEW_AND_INIT_EN’), (‘size’, 4), (‘desc’, ‘Whether or not the ROM should request SRAM to be rescrambled\nwith a new key on every boot. This includes renewing the\nscrambling key and then initializing SRAM with pseudo-random\ndata. kHardenedBoolFalse disables, while all other values\nenable.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 276)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_DIGEST’), (‘size’, 8), (‘offset’, 280), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘CREATOR_SW_CFG_ZER’), (‘size’, 8), (‘offset’, 288), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Software configuration partition.\nThis is for device-specific calibration data. For example, clock,\nLDO, RNG.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 224), (‘offset’, 72)]), OrderedDict([(‘name’, ‘OWNER_SW_CFG’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, True), (‘hw_digest’, False), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘items’, [OrderedDict([(‘name’, ‘OWNER_SW_CFG_ROM_ERROR_REPORTING’), (‘size’, 4), (‘desc’, ‘The shutdown error reporting verbosity used by the ROM.\nShould be configured to one of several\n`shutdown_error_redact_t` values. See\n`sw/device/silicon_creator/lib/shutdown.h` for more details.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 296)]), OrderedDict([(‘name’, ‘OWNER_SW_CFG_ROM_ALERT_CLASS_EN’), (‘size’, 4), (‘desc’, ‘A four byte packed field, where each byte controls whether\nor not the ROM enables each alert class (A through D) of the\nalert_handler. The byte-sized sub-fields are arranged from D\nto A, MSB to LSB. Each byte should be set to an\n`alert_enable_t` value accordingly. See the alert_handler\ndocumentation for more details.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 300)]), OrderedDict([(‘name’, ‘OWNER_SW_CFG_ROM_ALERT_ESCALATION’), (‘size’, 4), (‘desc’, ‘A four byte packed field, where each byte controls the\nescalation configuration for each alert class (A through D)\nof the alert_handler configured by the ROM. The byte-sized\nsub-fields are arranged from D to A, MSB to LSB. Each byte\nshould be set to an `alert_escalate_t` value accordingly.\nSee the alert_handler documentation for more details.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 304)]), OrderedDict([(‘name’, ‘OWNER_SW_CFG_ROM_ALERT_CLASSIFICATION’), (‘size’, 788), (‘desc’, ‘The alert classifications (A through D) for each alert\nsource of the alert_handler to be configured by the ROM. The\nfield consists of a contiguous 320-byte block, or 80 32-bit\nwords. The four bytes in each word encode the configuration\nof a single alert source across four lifecycle states, in\norder from LSB to MSB: PROD, PROD_END, DEV, and RMA. Each\nbyte should be set to an `alert_class_t` value accordingly.\nThe order of the 197 32-bit words, from LSB to MSB can be\nfound in the DRAGONFLY_ALERTS list in\n`hw/top_dragonfly/data/autogen/defs.bzl`.\nSee the alert_handler documentation for more details.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 308)]), OrderedDict([(‘name’, ‘OWNER_SW_CFG_ROM_LOCAL_ALERT_CLASSIFICATION’), (‘size’, 28), (‘desc’, ‘Same as the `OWNER_SW_CFG_ROM_ALERT_CLASSIFICATION` field,\nexcept these configuration correspond to the local alert\nsources found in the `DRAGONFLY_LOC_ALERTS list in\n`rules/const.bzl.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1096)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_ACCUM_THRESH'), ('size', 16), ('desc', 'The alert accumulation threshold values for each alert class\n(A through D) of the alert_handler to be configured by the\nROM. This field consists of four 32-bit words encoding the\naccumulation thresholds for each alert class A through D\narranged LSW to MSW. See the alert_handler documentation for\nmore details.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1124)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_TIMEOUT_CYCLES'), ('size', 16), ('desc', 'Same as the OWNER_SW_CFG_ROM_ALERT_ACCUM_THRESHfield,\nexcept each value corresponds to the interrupt timeout\nconfiguration of an alert class.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1140)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_PHASE_CYCLES'), ('size', 64), ('desc', 'The alert escalation phase durations, measured in clock\ncycles, the ROM will configure the four alert phases for\neach alert class of the alert_handler. This field consists\nof a contiguous 64-byte block, or an array of four 128-bit\nfields. Each 128-bit sub-field encodes four 32-bit words that\ncontain the alert phase cycle count configurations for alert\nescalation phases 0 to 3, from LSW to MSW. Each 128-bit\nsub-field is contains all configurations for a single alert\nclass, arranged from class A to D, from LS to MS. For\nexample, the cycle durations of each escalation phase in\nthis field should be configured as such, from LSB to MSB:\n<classA,phase0>...<classA,phase3>...<classD,phase0>...\n<classD,phase3>. See the alert_handler documentation for\nmore details.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1156)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_DIGEST_PROD'), ('size', 4), ('desc', 'The expected CRC32 digest over all of the alert_handler\nconfigurations set up by the ROM for a device operating in\nthe PROD LC state. The ROM reads this field and checks it\nagainst a digest it computes over the alert_handler\nconfiguration it programmed. This field is expected to be\nautomatically computed by theotp_alert_digest()`Bazel\nrule. See the`alert_config_crc32()`function in the\nSiliconCreator alert_handler driver for more details on what\nconfigurations are included in this digest.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1220)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_DIGEST_PROD_END'), ('size', 4), ('desc', 'Same as the`OWNER_SW_CFG_ROM_ALERT_DIGEST_PROD`field,\nexcept the expected digest is for chips operating in the\nPROD_END LC state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1224)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_DIGEST_DEV'), ('size', 4), ('desc', 'Same as the`OWNER_SW_CFG_ROM_ALERT_DIGEST_PROD`field,\nexcept the expected digest is for chips operating in the\nDEV LC state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1228)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_ALERT_DIGEST_RMA'), ('size', 4), ('desc', 'Same as the`OWNER_SW_CFG_ROM_ALERT_DIGEST_PRODfield,\nexcept the expected digest is for chips operating in the\nRMA LC state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1232)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_WATCHDOG_BITE_THRESHOLD_CYCLES'), ('size', 4), ('desc', 'Watchdog timer bite threshold (in cycles) configured by the ROM.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1236)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN'), ('size', 4), ('desc', 'Whether or not to configure the attestation SW binding CSRs\nof the keymgr with the value of the measurement of the OTP\nCreatorSwCfg, OwnerSwCfg, and secure boot key integrity digest.\nA value of kHardenedBoolTrue uses the ROM computed OTP\nmeasurements.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1240)]), OrderedDict([('name', 'OWNER_SW_CFG_ROM_RSTMGR_INFO_EN'), ('size', 4), ('desc', "A two byte packed word that indicates the expected rstmgr\nalert and CPU info dump enable states, configured in the\nrstmgr's ALERT_INFO_CTRL and CPU_INFO_CTRL CSRs respectively.\nThe expected format of this fields is\n{0,0,kHardenedBool,kHardenedBool}, read MSB to LSB, where\nthe left most kHardenedBool* entry indicates the expected\nenablement state of the ALERT_INFO_CTRL, and the right most\nindicates the enablement state of the CPU_INFO_CTRL. Since\nthe ROM expects both to be disabled upon handing over\nexecution control to the ROM_EXT, this entire OTP field\nshould be left unprovisioned, or set to all 0."), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1244)]), OrderedDict([('name', 'OWNER_SW_CFG_DIGEST'), ('size', 8), ('offset', 1248), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'OWNER_SW_CFG_ZER'), ('size', 8), ('offset', 1256), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software configuration partition.\nThis contains data that changes software behavior in the ROM, for\nexample enabling defensive features in ROM or selecting failure\nmodes if verification fails.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 968), ('offset', 296)]), OrderedDict([('name', 'OWNERSHIP_SLOT_STATE'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', False), ('hw_digest', False), ('write_lock', 'None'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'OWNERSHIP_SLOT_STATE_ROT_OWNER_AUTH'), ('size', 16), ('desc', 'RoT Owner Ownership transfer state management\nOWNERSHIP_ST_RAW: ownership not yet claimed (factory default)\nOWNERSHIP_ST_LOCKED0: first ownership slot claimed\nOWNERSHIP_ST_RELEASED0: first ownership slot released (assets have been cleared, ready to xfer)\nOWNERSHIP_ST_LOCKED1: second ownership slot claimed\nOWNERSHIP_ST_SCRAPPED: scrap state - terminal'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1264)]), OrderedDict([('name', 'OWNERSHIP_SLOT_STATE_PLAT_INTEG_AUTH'), ('size', 16), ('desc', 'Platform Integrator Ownership transfer state management\nOWNERSHIP_ST_RAW: ownership not yet claimed (factory default)\nOWNERSHIP_ST_LOCKED0: first ownership slot claimed\nOWNERSHIP_ST_RELEASED0: first ownership slot released (assets have been cleared, ready to xfer)\nOWNERSHIP_ST_LOCKED1: second ownership slot claimed\nOWNERSHIP_ST_SCRAPPED: scrap state - terminal'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1280)]), OrderedDict([('name', 'OWNERSHIP_SLOT_STATE_PLAT_OWNER_AUTH'), ('size', 16), ('desc', 'Platform Owner Ownership transfer state management\nOWNERSHIP_ST_RAW: ownership not yet claimed (factory default)\nOWNERSHIP_ST_LOCKED0: first ownership slot claimed\nOWNERSHIP_ST_RELEASED0: first ownership slot released (assets have been cleared, ready to xfer)\nOWNERSHIP_ST_LOCKED1: second ownership slot claimed\nOWNERSHIP_ST_RELEASED1: second ownership slot released (assets have been cleared, ready to xfer)\nOWNERSHIP_ST_LOCKED2: third ownership slot claimed\nOWNERSHIP_ST_RELEASED2: third ownership slot released (assets have been cleared, ready to xfer)\nOWNERSHIP_ST_LOCKED3: fourth ownership slot claimed\nOWNERSHIP_ST_SCRAPPED: scrap state - terminal'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1296)]), OrderedDict([('name', 'OWNERSHIP_SLOT_STATE_ZER'), ('size', 8), ('offset', 1312), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'SW managed asset ownership states partition.\n\nMulti-bit enable value for the tracking the asset ownership states.\nNote that the states can be written multiple times in a device lifetime.\nThe values to be written are engineered in the same way as the LC_CTRL\nstate encoding words so that the ECC encoding remains valid even after\nupdating the values.\n\nThe constants can be found in the lc_ctrl_state_pkg.sv package.\n\nThe programming order has to adhere to:\n\nOWNERSHIP_ST_RAW (factory all-zero state) ->\nOWNERSHIP_ST_LOCKED0 ->\nOWNERSHIP_ST_RELEASED0 ->\n...\nOWNERSHIP_ST_SCRAPPED\n\nNote that if there are less than 4 slots available the higher slot states\nbecome logically equivalent to OWNERSHIP_SCRAPPED (firmware has to handle\nthis correctly).'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 56), ('offset', 1264)]), OrderedDict([('name', 'ROT_CREATOR_IDENTITY'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'ROT_CREATOR_IDENTITY_CERT'), ('size', 768), ('desc', 'RoT Device Identity Certificate endorsed by the Silicon Creator stable PKI (off device).\nIt is expected to be provisioned at Factory Testing (FT) stage when LC = DEV or PROD.\nProvisioning happens through a secured channel between the DUT and the HSM, i.e. the key\nis protected against supply-chain and manufacturing attacks.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 1320)]), OrderedDict([('name', 'ROT_CREATOR_IDENTITY_CERT_CMAC'), ('size', 16), ('desc', 'A Cipher-based MAC for the RoT Device Identity Certificate.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2088)]), OrderedDict([('name', 'ROT_CREATOR_IDENTITY_DIGEST'), ('size', 8), ('offset', 2104), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'ROT_CREATOR_IDENTITY_ZER'), ('size', 8), ('offset', 2112), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed partition for the RoT Creator identity.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 800), ('offset', 1320)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_NON_RAW_MFW_CODESIGN_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2120)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_NON_RAW_MFW_CODESIGN_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleBootstrapFirmwareSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2124)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_NON_RAW_MFW_CODESIGN_KEY'), ('size', 64), ('desc', 'Public Key used to verify manufacturing and debug firmware images.\nKey Type: ECC NIST-P256 Curve.\nIt is expected to be provisioned at Final Test (FT) stage when LC = TEST_UNLOCKED.\nTogether with the ROM2_PATCH_SIGVERIFY_KEY and KEYMANIFEST_KEY keys, and their\nassociated device ID and metadata (stored in resp. KEY_DEVICE_ID and KEY_METADATA),\nthis key is signed with a Silicon Creator endorsed ECDSA P-256 key in order to protect\nit from supply-chain and manufacturing attacks.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2128)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_ROM2_PATCH_SIGVERIFY_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2192)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_ROM2_PATCH_SIGVERIFY_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRomPatchSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2196)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_ROM2_PATCH_SIGVERIFY_KEY'), ('size', 64), ('desc', 'Public Key used to verify the ROM2 OTP based patch.\nKey Type: ECC NIST-P256 Curve.\nIt is expected to be provisioned at Final Test (FT) stage when LC = TEST_UNLOCKED.\nTogether with the NON_RAW_MFW_CODESIGN_KEY and KEYMANIFEST_KEY keys, and their\nassociated device ID and metadata (stored in resp. KEY_DEVICE_ID and KEY_METADATA),\nthis key is signed with a Silicon Creator endorsed ECDSA P-256 key in order to protect\nit from supply-chain and manufacturing attacks.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2200)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2264)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2268)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_KEYMANIFEST_KEY'), ('size', 64), ('desc', 'Public Key used to verify the RoT Creator (a.k.a. Silicon Creator) Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nTogether with the ROM2_PATCH_SIGVERIFY_KEY and NON_RAW_MFW_CODESIGN_KEY keys, and their\nassociated device ID and metadata (stored in resp. KEY_DEVICE_ID and KEY_METADATA),\nthis key is signed with a Silicon Creator endorsed ECDSA P-256 key in order to protect\nit from supply-chain and manufacturing attacks.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2272)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_KEY_BINDING'), ('size', 64), ('desc', 'A key binding value used to bind the ROT_OWNER_AUTH_SLOT0 keys to a SKU.\nThis item must store a SKU specific payload known at FT, like for example a fused\nproduct identitfier or a ROM constant. The base ROM must verify the authenticity of\nthe ROT_OWNER_AUTH_SLOT0 first and then match the KEY_BINDING via an inline ROM check\nbefore it uses the keys provisioned in this partition.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2336)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_KEY_SIGNATURE'), ('size', 64), ('desc', 'ECDSA P-256 signature of the NON_RAW_MFW_CODESIGN_KEY,\nROM2_PATCH_SIGVERIFY_KEY, KEYMANIFEST_KEY, KEY_BINDING items in this partition.\nAs those three keys are expected to be provisioned at Final Test (FT) stage when\nLC = TEST_UNLOCKED, this signatures aims at protecting them from supply-chain and\nmanufacturing attacks.\nROM images must include the corresponding signing key in order to verify all three\nsignatures.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2400)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_DIGEST'), ('size', 8), ('offset', 2464), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT0_ZER'), ('size', 8), ('offset', 2472), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed partition for the first RoT Owner (a.k.a. RoT Creator) key manifest.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 360), ('offset', 2120)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_NON_RAW_MFW_CODESIGN_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2480)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_NON_RAW_MFW_CODESIGN_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleBootstrapFirmwareSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2484)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_NON_RAW_MFW_CODESIGN_KEY'), ('size', 64), ('desc', 'Public Key used to verify manufacturing and debug firmware images.\nKey Type: ECC NIST-P256 Curve.\nIt is expected to be provisioned at Final Test (FT) stage when LC = TEST_UNLOCKED.\nTogether with the ROM2_PATCH_SIGVERIFY_KEY and KEYMANIFEST_KEY keys, and their\nassociated device ID and metadata (stored in resp. KEY_DEVICE_ID and KEY_METADATA),\nthis key is signed with a Silicon Creator endorsed ECDSA P-256 key in order to protect\nit from supply-chain and manufacturing attacks.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2488)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_ROM2_PATCH_SIGVERIFY_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2552)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_ROM2_PATCH_SIGVERIFY_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRomPatchSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2556)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_ROM2_PATCH_SIGVERIFY_KEY'), ('size', 64), ('desc', 'Public Key used to verify the ROM2 OTP based patch.\nKey Type: ECC NIST-P256 Curve.\nIt is expected to be provisioned at Final Test (FT) stage when LC = TEST_UNLOCKED.\nTogether with the NON_RAW_MFW_CODESIGN_KEY and KEYMANIFEST_KEY keys, and their\nassociated device ID and metadata (stored in resp. KEY_DEVICE_ID and KEY_METADATA),\nthis key is signed with a Silicon Creator endorsed ECDSA P-256 key in order to protect\nit from supply-chain and manufacturing attacks.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2560)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2624)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2628)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_KEYMANIFEST_KEY'), ('size', 64), ('desc', 'Public Key used to verify the RoT Owner (a.k.a. Silicon Owner) Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nIt is expected to be provisioned as part of the RoT Owner intra-role ownership transfer\nprocess, when LC = PROD.\nProvisioning happens through an Ownership Claim operation, after the previous RoT\nOwner completed a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2632)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2696)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2700)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_UNLOCK4XFER_KEY'), ('size', 64), ('desc', 'Public Key used to verify the RoT Owner Unlock Ownership firmware image.\nKey Type: ECC NIST-P256 Curve.\nIt is expected to be provisioned as part of the RoT Owner intra-role ownership transfer\nprocess, when LC = PROD.\nProvisioning happens through an Ownership Claim operation, after the previous RoT\nOwner completed a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2704)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_DIGEST'), ('size', 8), ('offset', 2768), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'ROT_OWNER_AUTH_SLOT1_ZER'), ('size', 8), ('offset', 2776), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed RoT Owner slot 1 partition.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 304), ('offset', 2480)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2784)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2788)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_KEYMANIFEST_KEY'), ('size', 64), ('desc', "Public Key used to verify the Platform Integrator Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Integrator Activation process, at the Platform\nIntegrator's manufacturing facilities.\nThe initial Platform Integrator provisions its Key Manifest public key using the provisioning\nboot service provided by the current RoT Owner."), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2792)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2856)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2860)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_UNLOCK4XFER_KEY'), ('size', 64), ('desc', "Public Key used to verify the Platform Integrator Unlock Ownership firmware image.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Integrator Activation process, at the Platform\nIntegrator's manufacturing facilities.\nThe initial Platform Integrator provisions its Key Manifest public key using the provisioning\nboot service provided by the current RoT Owner."), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2864)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_DIGEST'), ('size', 8), ('offset', 2928), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT0_ZER'), ('size', 8), ('offset', 2936), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed Platform Integrator slot 0 partition.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 160), ('offset', 2784)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2944)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2948)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_KEYMANIFEST_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Integrator Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Integrator intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Integrator completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 2952)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3016)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3020)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_UNLOCK4XFER_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Integrator Unlock Ownership firmware image\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Integrator intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Integrator completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3024)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_DIGEST'), ('size', 8), ('offset', 3088), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'PLAT_INTEG_AUTH_SLOT1_ZER'), ('size', 8), ('offset', 3096), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed Platform Integrator slot 1 partition.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 160), ('offset', 2944)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3104)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3108)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_KEYMANIFEST_KEY'), ('size', 64), ('desc', "Public Key used to verify the Platform Owner Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner Activation process, at the Platform\nOwner's facilities.\nThe initial Platform Owner provisions its Key Manifest public key using the provisioning\nboot service provided by the current RoT Owner."), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3112)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3176)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3180)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_UNLOCK4XFER_KEY'), ('size', 64), ('desc', "Public Key used to verify the Platform Owner Unlock Ownership firmware image.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner Activation process, at the Platform\nOwner's facilities.\nThe initial Platform Owner provisions its Key Manifest public key using the provisioning\nboot service provided by the current RoT Owner."), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3184)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_DIGEST'), ('size', 8), ('offset', 3248), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT0_ZER'), ('size', 8), ('offset', 3256), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed Platform Owner slot 0 partition.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 160), ('offset', 3104)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3264)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3268)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_KEYMANIFEST_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Owner Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Owner completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3272)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3336)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3340)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_UNLOCK4XFER_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Owner Unlock Ownership firmware image.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Owner completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3344)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_DIGEST'), ('size', 8), ('offset', 3408), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT1_ZER'), ('size', 8), ('offset', 3416), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed Platform Owner slot 1 partition.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 160), ('offset', 3264)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3424)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3428)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_KEYMANIFEST_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Owner Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Owner completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3432)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3496)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3500)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_UNLOCK4XFER_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Owner Unlock Ownership firmware image.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Owner completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3504)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_DIGEST'), ('size', 8), ('offset', 3568), ('ismubi', False), ('isdigest', True), ('iszer', False), ('inv_default', '<random>'), ('iskeymgr_creator', False), ('iskeymgr_owner', False)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT2_ZER'), ('size', 8), ('offset', 3576), ('ismubi', False), ('isdigest', False), ('iszer', True), ('inv_default', 0), ('iskeymgr_creator', False), ('iskeymgr_owner', False)])]), ('desc', 'Software managed Platform Owner slot 2 partition.'), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('ignore_read_lock_in_rma', False), ('size', 160), ('offset', 3424)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT3'), ('variant', 'Unbuffered'), ('absorb', False), ('secret', False), ('sw_digest', True), ('hw_digest', False), ('write_lock', 'Digest'), ('read_lock', 'CSR'), ('key_sel', 'NoKey'), ('integrity', True), ('bkout_type', False), ('zeroizable', True), ('items', [OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT3_KEYMANIFEST_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3584)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT3_KEYMANIFEST_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleKeyBundleSigning32-bit\nvalue as defined by the sigverify API.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3588)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT3_KEYMANIFEST_KEY'), ('size', 64), ('desc', 'Public Key used to verify the Platform Owner Key Manifest.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Owner completes a Relinquish operation.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3592)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT3_UNLOCK4XFER_KEY_TYPE'), ('size', 4), ('desc', 'Key usage type. One of the following 32-bit values defined\nby the sigverify API:\n- kSigverifyKeyTypeTest for manufacturing, testing and RMA keys.\nKeys of this type can be used only in TEST_UNLOCKED* and RMA life\ncycle states.\n- kSigverifyKeyTypeProd for production keys.\nKeys of this type can be used in all operational life cycle states, i.e.\nstates in which CPU execution is enabled.\n- kSigverifyKeyTypeDev for development keys.\nKeys of this type can be used only in the DEV life cycle state.'), ('isdigest', False), ('iszer', False), ('ismubi', False), ('iskeymgr_creator', False), ('iskeymgr_owner', False), ('absorb', False), ('inv_default', 0), ('offset', 3656)]), OrderedDict([('name', 'PLAT_OWNER_AUTH_SLOT3_UNLOCK4XFER_KEY_ROLE'), ('size', 4), ('desc', 'Key role that describes the kind of assets a key could sign.\nThis must be set to thekSigverifyKeyRoleRelinquishOwnership` 32-bit\nvalue as defined by the sigverify API.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 3660)]), OrderedDict([(‘name’, ‘PLAT_OWNER_AUTH_SLOT3_UNLOCK4XFER_KEY’), (‘size’, 64), (‘desc’, ‘Public Key used to verify the Platform Owner Unlock Ownership firmware image.\nKey Type: ECC NIST-P256 Curve.\nThis should be provisioned during the Platform Owner intra-role ownership transfer\nprocess when the lifecycle state (LC) is PROD. Provisioning occurs via an Ownership Claim\noperation after the previous Platform Owner completes a Relinquish operation.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 3664)]), OrderedDict([(‘name’, ‘PLAT_OWNER_AUTH_SLOT3_DIGEST’), (‘size’, 8), (‘offset’, 3728), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘PLAT_OWNER_AUTH_SLOT3_ZER’), (‘size’, 8), (‘offset’, 3736), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Software managed Platform Owner slot 3 partition.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 160), (‘offset’, 3584)]), OrderedDict([(‘name’, ‘EXT_NVM’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, False), (‘hw_digest’, False), (‘write_lock’, ‘None’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, False), (‘bkout_type’, False), (‘zeroizable’, True), (‘items’, [OrderedDict([(‘name’, ‘EXT_NVM_ANTIREPLAY_FRESHNESS_CNT’), (‘size’, 1024), (‘desc’, ‘Fully SW managed partition\n1 bit (double bit allocated for redundancy - i.e. 2 physical bits for every logical bit) per day\nassuming 10 year product lifecycle, allocating 8192 bits of freshness protection.\nImplemented as thermometer encoding. Redundant bit programming & logical OR-ing managed by\nsoftware. Cannot be ECC protected since different bits in a fuse row are programmed at different times.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 3744)]), OrderedDict([(‘name’, ‘EXT_NVM_ZER’), (‘size’, 8), (‘offset’, 4768), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Anti-replay protection Strike Counters partition.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 1032), (‘offset’, 3744)]), OrderedDict([(‘name’, ‘ROM_PATCH’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, True), (‘hw_digest’, False), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘items’, [OrderedDict([(‘name’, ‘ROM_PATCH_DATA’), (‘size’, 8192), (‘desc’, ‘Fully SW managed partition.\nROM patch section for signed ROM patches.\nEach patch contains a header, a signature, the patch match/redirect configuration and the actual patch code.\nPlease refer to the Dragonfly ROM boot & patching specification for more details.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 4776)]), OrderedDict([(‘name’, ‘ROM_PATCH_DIGEST’), (‘size’, 8), (‘offset’, 12968), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘ROM_PATCH_ZER’), (‘size’, 8), (‘offset’, 12976), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘ROM Patch Code section. May contain multiple signed ROM2 patches.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 8208), (‘offset’, 4776)]), OrderedDict([(‘name’, ‘SOC_FUSES_CP’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, True), (‘hw_digest’, False), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘items’, [OrderedDict([(‘name’, ‘SOC_FUSES_CP1_DATA’), (‘size’, 256), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 12984)]), OrderedDict([(‘name’, ‘SOC_FUSES_CP2_DATA’), (‘size’, 128), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 13240)]), OrderedDict([(‘name’, ‘SOC_FUSES_CP_DIGEST’), (‘size’, 8), (‘offset’, 13368), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘SoC fuses partition for the Chip Probe (CP) manufacturing stage.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘zeroizable’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 392), (‘offset’, 12984)]), OrderedDict([(‘name’, ‘SOC_FUSES_FT’), (‘variant’, ‘Unbuffered’), (‘absorb’, False), (‘secret’, False), (‘sw_digest’, True), (‘hw_digest’, False), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘items’, [OrderedDict([(‘name’, ‘SOC_FUSES_FT1_DATA’), (‘size’, 384), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 13376)]), OrderedDict([(‘name’, ‘SOC_FUSES_FT2_DATA’), (‘size’, 3840), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘inv_default’, 0), (‘offset’, 13760)]), OrderedDict([(‘name’, ‘SOC_FUSES_FT_DIGEST’), (‘size’, 8), (‘offset’, 17600), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘SoC fuses partition for the Factory Testing (FT) manufacturing stage.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘zeroizable’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 4232), (‘offset’, 13376)]), OrderedDict([(‘name’, ‘SCRATCH_FUSES’), (‘variant’, ‘Unbuffered’), (‘absorb’, True), (‘secret’, False), (‘sw_digest’, False), (‘hw_digest’, False), (‘write_lock’, ‘None’), (‘read_lock’, ‘CSR’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘items’, [OrderedDict([(‘name’, ‘SCRATCH_FUSES_DATA’), (‘absorb’, True), (‘desc’, ‘Fully SW managed partition.\nUnstructured, single item partition for any RoT firmware (runtime,\nbootstrap, manufacturing) to use and organize freely.’), (‘size’, 2392), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘inv_default’, 0), (‘offset’, 17608)]), OrderedDict([(‘name’, ‘SCRATCH_FUSES_ZER’), (‘size’, 8), (‘offset’, 20000), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Unstructured scratch data partition.’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 2400), (‘offset’, 17608)]), OrderedDict([(‘name’, ‘HW_CFG0’), (‘variant’, ‘Buffered’), (‘secret’, False), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘None’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, True), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘DEVICE_ID’), (‘size’, 32), (‘inv_default’, ‘’), (‘desc’, ‘Unique device identifier that is always exposed through the\nlifecycle JTAG tap. See documentation on Device Identifiers.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20008)]), OrderedDict([(‘name’, ‘HW_CFG0_DIGEST’), (‘size’, 8), (‘offset’, 20040), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘HW_CFG0_ZER’), (‘size’, 8), (‘offset’, 20048), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Hardware configuration partition 0.\nThis contains a device identifier.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 48), (‘offset’, 20008)]), OrderedDict([(‘name’, ‘HW_CFG1’), (‘variant’, ‘Buffered’), (‘secret’, False), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘None’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, True), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘EN_CSRNG_SW_APP_READ’), (‘size’, 1), (‘ismubi’, True), (‘inv_default’, ‘’), (‘desc’, ‘Enablement of CSRNG software application interface. A\nkMultiBitBool8True value enables, while all other values\ndisable. Enablement is required to extract output from\nCSRNG via software.’), (‘isdigest’, False), (‘iszer’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20056)]), OrderedDict([(‘name’, ‘EN_SRAM_IFETCH’), (‘size’, 1), (‘ismubi’, True), (‘inv_default’, ‘’), (‘desc’, ‘Enablement of execute from SRAM switch in the sram_ctrl (see\nEXEC CSR). A kMultiBitBool8True value enables, while all\nother values disable.’), (‘isdigest’, False), (‘iszer’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20057)]), OrderedDict([(‘name’, ‘HW_CFG1_DIGEST’), (‘size’, 8), (‘offset’, 20064), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘HW_CFG1_ZER’), (‘size’, 8), (‘offset’, 20072), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Hardware configuration partition 1.\nThis contains several hardware feature switches.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 24), (‘offset’, 20056)]), OrderedDict([(‘name’, ‘HW_CFG2’), (‘variant’, ‘Buffered’), (‘secret’, False), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘None’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, True), (‘zeroizable’, True), (‘items’, [OrderedDict([(‘name’, ‘SOC_DBG_STATE’), (‘size’, 4), (‘inv_default’, 0), (‘desc’, ‘Multi-bit enable value for the SOC debug authorization.\nSOC_DBG_STATE will be written twice in a device lifetime. The\nvalues to be written are engineered in the same way as the LC_CTRL\nstate encoding words: the ECC encoding remains valid even after\nwriting the second value on top of the first.\nThe constants can be found in the lc_ctrl_state_pkg.sv package.\nThe programming order has to adhere to:\nSOC_DBG_RAW -> SOC_DBG_PRE_PROD -> SOC_DBG_PROD.\nEncoding:\nSOC_DBG_RAW: this value is all-zeroes and will be the NOP state;\nthe LC controller will take precedence.\nSOC_DBG_PRE_PROD: this is where the ROT will be in PROD state\nbut SOC will be in the pre-production unlock state\nSOC_DBG_PROD: this is the state where the SOC moves to production,\nand the challenge-response based authentication protocol is\nrequired to unlock SOC debug features’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20080)]), OrderedDict([(‘name’, ‘MANUF_STATE’), (‘size’, 32), (‘inv_default’, ‘’), (‘desc’, ‘Field to capture the manufacturing state.’), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20084)]), OrderedDict([(‘name’, ‘HW_CFG2_DIGEST’), (‘size’, 8), (‘offset’, 20120), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘HW_CFG2_ZER’), (‘size’, 8), (‘offset’, 20128), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Hardware configuration partition 2.\nThis contains the SoC debug state and the manufacturing state.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 56), (‘offset’, 20080)]), OrderedDict([(‘name’, ‘SECRET0’), (‘variant’, ‘Buffered’), (‘secret’, True), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘Digest’), (‘ignore_read_lock_in_rma’, True), (‘key_sel’, ‘Secret0Key’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘TEST_UNLOCK_TOKEN’), (‘inv_default’, ‘’), (‘size’, 16), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20136)]), OrderedDict([(‘name’, ‘TEST_EXIT_TOKEN’), (‘inv_default’, ‘’), (‘size’, 16), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20152)]), OrderedDict([(‘name’, ‘SECRET0_DIGEST’), (‘size’, 8), (‘offset’, 20168), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘SECRET0_ZER’), (‘size’, 8), (‘offset’, 20176), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Secret partition 0.\nThis contains TEST lifecycle unlock tokens.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘size’, 48), (‘offset’, 20136)]), OrderedDict([(‘name’, ‘SECRET1’), (‘variant’, ‘Buffered’), (‘secret’, True), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘Digest’), (‘ignore_read_lock_in_rma’, True), (‘key_sel’, ‘Secret1Key’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘SRAM_DATA_KEY_SEED’), (‘inv_default’, ‘’), (‘size’, 16), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20184)]), OrderedDict([(‘name’, ‘SECRET1_DIGEST’), (‘size’, 8), (‘offset’, 20200), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘SECRET1_ZER’), (‘size’, 8), (‘offset’, 20208), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Secret partition 1.\nThis contains the SRAM scrambling key seed.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘size’, 32), (‘offset’, 20184)]), OrderedDict([(‘name’, ‘SECRET2’), (‘variant’, ‘Buffered’), (‘secret’, True), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘Digest’), (‘ignore_read_lock_in_rma’, True), (‘key_sel’, ‘Secret2Key’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘RMA_TOKEN’), (‘inv_default’, ‘’), (‘size’, 16), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20216)]), OrderedDict([(‘name’, ‘CREATOR_ROOT_KEY_SHARE0’), (‘inv_default’, ‘’), (‘size’, 32), (‘iskeymgr_creator’, True), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20232)]), OrderedDict([(‘name’, ‘CREATOR_ROOT_KEY_SHARE1’), (‘inv_default’, ‘’), (‘size’, 32), (‘iskeymgr_creator’, True), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20264)]), OrderedDict([(‘name’, ‘CREATOR_SEED’), (‘inv_default’, ‘’), (‘size’, 32), (‘iskeymgr_creator’, True), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20296)]), OrderedDict([(‘name’, ‘SECRET2_DIGEST’), (‘size’, 8), (‘offset’, 20328), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘SECRET2_ZER’), (‘size’, 8), (‘offset’, 20336), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Secret partition 2.\nThis contains RMA unlock token, creator root key, and creator seed.’), (‘absorb’, False), (‘iskeymgr_creator’, True), (‘iskeymgr_owner’, False), (‘size’, 128), (‘offset’, 20216)]), OrderedDict([(‘name’, ‘SECRET3’), (‘variant’, ‘Buffered’), (‘secret’, True), (‘sw_digest’, False), (‘hw_digest’, True), (‘write_lock’, ‘Digest’), (‘read_lock’, ‘Digest’), (‘key_sel’, ‘Secret3Key’), (‘integrity’, True), (‘bkout_type’, False), (‘zeroizable’, True), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘OWNER_SEED’), (‘inv_default’, ‘’), (‘size’, 32), (‘iskeymgr_owner’, True), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘absorb’, False), (‘offset’, 20344)]), OrderedDict([(‘name’, ‘SECRET3_DIGEST’), (‘size’, 8), (‘offset’, 20376), (‘ismubi’, False), (‘isdigest’, True), (‘iszer’, False), (‘inv_default’, ‘’), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)]), OrderedDict([(‘name’, ‘SECRET3_ZER’), (‘size’, 8), (‘offset’, 20384), (‘ismubi’, False), (‘isdigest’, False), (‘iszer’, True), (‘inv_default’, 0), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False)])]), (‘desc’, ‘Secret partition 3.\nThis contains the owner seed.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, True), (‘ignore_read_lock_in_rma’, False), (‘size’, 48), (‘offset’, 20344)]), OrderedDict([(‘name’, ‘LIFE_CYCLE’), (‘variant’, ‘LifeCycle’), (‘secret’, False), (‘sw_digest’, False), (‘hw_digest’, False), (‘write_lock’, ‘None’), (‘read_lock’, ‘None’), (‘key_sel’, ‘NoKey’), (‘integrity’, True), (‘bkout_type’, False), (‘skip_sw_header’, True), (‘items’, [OrderedDict([(‘name’, ‘LC_TRANSITION_CNT’), (‘inv_default’, ‘’), (‘size’, 48), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20392)]), OrderedDict([(‘name’, ‘LC_STATE’), (‘inv_default’, ‘’), (‘size’, 40), (‘isdigest’, False), (‘iszer’, False), (‘ismubi’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘absorb’, False), (‘offset’, 20440)])]), (‘desc’, ‘Lifecycle partition.\nThis contains lifecycle transition count and state. This partition\ncannot be locked since the life cycle state needs to advance to RMA\nin-field. Note that while this partition is not marked secret, it\nis not readable nor writeable via the DAI. Only the LC controller\ncan access this partition, and even via the LC controller it is not\npossible to read the raw manufacturing life cycle state in encoded\nform, since that encoding is considered a netlist secret. The LC\ncontroller only exposes a decoded version of this state.’), (‘absorb’, False), (‘iskeymgr_creator’, False), (‘iskeymgr_owner’, False), (‘zeroizable’, False), (‘ignore_read_lock_in_rma’, False), (‘size’, 88), (‘offset’, 20392)])])])
enable_flash_key	False
topname	dragonfly
uniquified_modules	OrderedDict()
module_instance_name	otp_ctrl