BCT: Difference between revisions
Jump to navigation
Jump to search
Created page with "BCT (Boot Configuration Table) is a data structure present on Tegra based devices that supplies boot time configuration parameters. The Switch 2 can use different types of BCTs with the BRBCT (BootROM BCT) being installed into the first bytes of UFS storage's LUN0 and LUN1. = Structure = == BRBCT == {| class="wikitable" border="1" |- ! Offset ! Size ! Description |- | 0x0 | 0x4 | Magic ("BCTB") |- | 0x4 | 0x4..." |
No edit summary |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 17: | Line 17: | ||
| 0x4 | | 0x4 | ||
| 0x40 | | 0x40 | ||
| | | BctHash (SHA-512 hash over data from 0x44 to 0x2000) | ||
|- | |- | ||
| 0x44 | | 0x44 | ||
| 0x180 | | 0x180 | ||
| | | PublicParams | ||
|- | |- | ||
| 0x1C4 | | 0x1C4 | ||
| 0x40 | | 0x40 | ||
| | | CryptoHash (SHA-512 hash over data from 0x1200 to 0x2000) | ||
|- | |- | ||
| 0x204 | | 0x204 | ||
| 0xB10 | | 0xB10 | ||
| | | CryptoSignature (XMSS-SHA2_20_256 signature) | ||
|- | |- | ||
| 0xD14 | | 0xD14 | ||
| Line 50: | Line 50: | ||
! Size | ! Size | ||
! Description | ! Description | ||
|- | |||
| style="background: orange" | AAD Section Begin | |||
| style="background: orange" | | |||
| style="background: orange" | | |||
|- | |- | ||
| 0x0 | | 0x0 | ||
| 0x10 | | 0x10 | ||
| | | Salt1. Random 16 bytes. | ||
|- | |- | ||
| 0x10 | | 0x10 | ||
| Line 60: | Line 64: | ||
|- | |- | ||
| 0x14 | | 0x14 | ||
| 0x14 | |||
| KdfLabel | |||
|- | |||
| 0x28 | |||
| 0x4 | |||
| Zeroes | |||
|- | |||
| 0x2C | |||
| 0x0C | |||
| AesGcmIv | |||
|- | |||
| style="background: orange" | AAD Section End | |||
| style="background: orange" | | |||
| style="background: orange" | | |||
|- | |||
| 0x38 | | 0x38 | ||
| | | 0x10 | ||
| AesGcmTag | |||
|- | |- | ||
| 0x48 | | 0x48 | ||
| 0xC0 ( | | 0xC0 (0x30 * 4) | ||
| BlInfo | | [[#BlInfo|BlInfo]] | ||
|- | |- | ||
| 0x108 | | 0x108 | ||
| | | 0x1 | ||
| | | VerMajor | ||
|- | |||
| 0x109 | |||
| 0x1 | |||
| VerMinor | |||
|- | |||
| 0x10A | |||
| 0x1 | |||
| RatchetLevel | |||
|- | |||
| 0x10B | |||
| 0x1 | |||
| RevokePk. Bit0: RevokeH0, Bit1: RevokeH1 | |||
|- | |- | ||
| 0x10C | | 0x10C | ||
| Line 76: | Line 108: | ||
|- | |- | ||
| 0x50C | | 0x50C | ||
| | | 0x284 | ||
| | | | ||
|- | |||
| 0x790 | |||
| 0x10 | |||
| Salt2. Random 16 bytes. | |||
|- | |- | ||
| 0x7A0 | | 0x7A0 | ||
| Line 84: | Line 120: | ||
|- | |- | ||
| 0x7B0 | | 0x7B0 | ||
| | | 0x8 | ||
| | | BrBctBinding | ||
|- | |||
| 0x7B8 | |||
| 0x8 | |||
| SbkKdfLabel | |||
|- | |||
| 0x7C0 | |||
| 0x8 | |||
| UnknownKdfLabel0 | |||
|- | |||
| 0x7C8 | |||
| 0x8 | |||
| UnknownKdfLabel1 | |||
|- | |||
| 0x7D0 | |||
| 0x8 | |||
| FsiKdfLabel | |||
|- | |- | ||
| 0x7D8 | | 0x7D8 | ||
| Line 113: | Line 165: | ||
| 0x7F0 | | 0x7F0 | ||
| 0x4 | | 0x4 | ||
| BfBlBits | | [[#BfBlBits|BfBlBits]] | ||
|- | |- | ||
| 0x7F4 | | 0x7F4 | ||
| | | 0x20 | ||
| TzTestKey | |||
|- | |||
| 0x814 | |||
| 0x20 | |||
| FskpTestKey | |||
|- | |||
| 0x834 | |||
| 0x20 | |||
| PkaTestKey | |||
|- | |||
| 0x854 | |||
| 0x24 | |||
| | | | ||
|- | |||
| 0x878 | |||
| 0x01 | |||
| FskpKeyAesType | |||
|- | |||
| 0x879 | |||
| 0x01 | |||
| FskpKeyHmacType | |||
|- | |||
| 0x87A | |||
| 0x01 | |||
| PkaTestKeyType | |||
|- | |- | ||
| 0x87B | | 0x87B | ||
| Line 136: | Line 212: | ||
|- | |- | ||
| 0x8C0 | | 0x8C0 | ||
| | | 0x4FC | ||
| | | | ||
|- | |||
| 0xDBC | |||
| 0x44 | |||
| Digest | |||
|} | |} | ||
| Line 149: | Line 229: | ||
| 0x0 | | 0x0 | ||
| 0x4 | | 0x4 | ||
| | | StartBlock0 | ||
|- | |- | ||
| 0x4 | | 0x4 | ||
| 0x4 | | 0x4 | ||
| | | StartPage0 | ||
|- | |- | ||
| 0x8 | | 0x8 | ||
| 0x4 | | 0x4 | ||
| | | Version0 | ||
|- | |- | ||
| 0xC | | 0xC | ||
| 0x4 | | 0x4 | ||
| | | Random0 | ||
|- | |||
| 0x10 | |||
| 0x4 | |||
| StartBlock1 | |||
|- | |||
| 0x14 | |||
| 0x4 | |||
| StartPage1 | |||
|- | |||
| 0x18 | |||
| 0x4 | |||
| Version1 | |||
|- | |||
| 0x1C | |||
| 0x4 | |||
| Random1 | |||
|- | |||
| 0x20 | |||
| 0x4 | |||
| StartBlock2 | |||
|- | |||
| 0x24 | |||
| 0x4 | |||
| StartPage2 | |||
|- | |||
| 0x28 | |||
| 0x4 | |||
| Version2 | |||
|- | |||
| 0x2C | |||
| 0x4 | |||
| Random2 | |||
|} | |||
==== BfBlBits ==== | |||
{| class="wikitable" border="1" | |||
! Bits | |||
! Description | |||
|- | |||
| 0 | |||
| GpioSelectBootChain | |||
|- | |||
| 1 | |||
| Mb1DebugProduction | |||
|- | |||
| 2 | |||
| Sc7RfDebugProduction | |||
|- | |||
| 3 | |||
| PscBlDebugProduction | |||
|- | |||
| 4 | |||
| PscRfDebugProduction | |||
|- | |||
| 5 | |||
| PscFwDebugProduction | |||
|- | |||
| 6 | |||
| BpmpDebugProduction | |||
|- | |||
| 7 | |||
| BpmpIstDebugProduction | |||
|- | |||
| 8 | |||
| MceDebugProduction | |||
|- | |||
| 9 | |||
| IstCcplexDebugProduction | |||
|- | |||
| 10 | |||
| IstFwDebugProduction | |||
|- | |||
| 11 | |||
| RtcRailViolationDetect | |||
|- | |||
| 12 | |||
| CustNvCcplexDfdEn | |||
|- | |||
| 13 | |||
| DebugWithTestKeys | |||
|- | |||
| 14 | |||
| DebugWithTestKeysDuringPscDebug | |||
|- | |||
| 15 | |||
| DisableBootromClockBoost | |||
|- | |||
| 16 | |||
| DisablePscromClkBoost | |||
|- | |||
| 17 | |||
| EnableScpmReset | |||
|- | |||
| 18 | |||
| SkipOemAuthDiagBoot | |||
|- | |||
| 19 | |||
| DiagBoot | |||
|- | |||
| 20 | |||
| BpmpDiagBoot | |||
|- | |||
| 21 | |||
| L0Ist | |||
|- | |||
| 22 | |||
| L1Ist | |||
|- | |||
| 23-31 | |||
| | |||
|} | |} | ||
Latest revision as of 22:37, 17 June 2025
BCT (Boot Configuration Table) is a data structure present on Tegra based devices that supplies boot time configuration parameters.
The Switch 2 can use different types of BCTs with the BRBCT (BootROM BCT) being installed into the first bytes of UFS storage's LUN0 and LUN1.
Structure
BRBCT
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Magic ("BCTB") |
| 0x4 | 0x40 | BctHash (SHA-512 hash over data from 0x44 to 0x2000) |
| 0x44 | 0x180 | PublicParams |
| 0x1C4 | 0x40 | CryptoHash (SHA-512 hash over data from 0x1200 to 0x2000) |
| 0x204 | 0xB10 | CryptoSignature (XMSS-SHA2_20_256 signature) |
| 0xD14 | 0x400 | CustomerInfo |
| 0x1114 | 0xEC | |
| 0x1200 | 0xE00 | SignedSect |
SignedSect
| Offset | Size | Description |
|---|---|---|
| AAD Section Begin | ||
| 0x0 | 0x10 | Salt1. Random 16 bytes. |
| 0x10 | 0x4 | Magic ("BCTB") |
| 0x14 | 0x14 | KdfLabel |
| 0x28 | 0x4 | Zeroes |
| 0x2C | 0x0C | AesGcmIv |
| AAD Section End | ||
| 0x38 | 0x10 | AesGcmTag |
| 0x48 | 0xC0 (0x30 * 4) | BlInfo |
| 0x108 | 0x1 | VerMajor |
| 0x109 | 0x1 | VerMinor |
| 0x10A | 0x1 | RatchetLevel |
| 0x10B | 0x1 | RevokePk. Bit0: RevokeH0, Bit1: RevokeH1 |
| 0x10C | 0x400 | CustomerInfo |
| 0x50C | 0x284 | |
| 0x790 | 0x10 | Salt2. Random 16 bytes. |
| 0x7A0 | 0x10 | Ecid |
| 0x7B0 | 0x8 | BrBctBinding |
| 0x7B8 | 0x8 | SbkKdfLabel |
| 0x7C0 | 0x8 | UnknownKdfLabel0 |
| 0x7C8 | 0x8 | UnknownKdfLabel1 |
| 0x7D0 | 0x8 | FsiKdfLabel |
| 0x7D8 | 0x4 | NonGpioSelectBootChain |
| 0x7DC | 0x4 | BootLoadersUsed |
| 0x7E0 | 0x4 | SecureDebugControlNoneEcid |
| 0x7E4 | 0x4 | SecureDebugControlEcid |
| 0x7E8 | 0x4 | PreprodDevSign |
| 0x7EC | 0x4 | SecProvisioningKeynumSecure |
| 0x7F0 | 0x4 | BfBlBits |
| 0x7F4 | 0x20 | TzTestKey |
| 0x814 | 0x20 | FskpTestKey |
| 0x834 | 0x20 | PkaTestKey |
| 0x854 | 0x24 | |
| 0x878 | 0x01 | FskpKeyAesType |
| 0x879 | 0x01 | FskpKeyHmacType |
| 0x87A | 0x01 | PkaTestKeyType |
| 0x87B | 0x20 | SecProvisionDerivationString1 |
| 0x89B | 0x20 | SecProvisionDerivationString2 |
| 0x8BB | 0x1 | |
| 0x8BC | 0x4 | SoftSkuOverwrite |
| 0x8C0 | 0x4FC | |
| 0xDBC | 0x44 | Digest |
BlInfo
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | StartBlock0 |
| 0x4 | 0x4 | StartPage0 |
| 0x8 | 0x4 | Version0 |
| 0xC | 0x4 | Random0 |
| 0x10 | 0x4 | StartBlock1 |
| 0x14 | 0x4 | StartPage1 |
| 0x18 | 0x4 | Version1 |
| 0x1C | 0x4 | Random1 |
| 0x20 | 0x4 | StartBlock2 |
| 0x24 | 0x4 | StartPage2 |
| 0x28 | 0x4 | Version2 |
| 0x2C | 0x4 | Random2 |
BfBlBits
| Bits | Description |
|---|---|
| 0 | GpioSelectBootChain |
| 1 | Mb1DebugProduction |
| 2 | Sc7RfDebugProduction |
| 3 | PscBlDebugProduction |
| 4 | PscRfDebugProduction |
| 5 | PscFwDebugProduction |
| 6 | BpmpDebugProduction |
| 7 | BpmpIstDebugProduction |
| 8 | MceDebugProduction |
| 9 | IstCcplexDebugProduction |
| 10 | IstFwDebugProduction |
| 11 | RtcRailViolationDetect |
| 12 | CustNvCcplexDfdEn |
| 13 | DebugWithTestKeys |
| 14 | DebugWithTestKeysDuringPscDebug |
| 15 | DisableBootromClockBoost |
| 16 | DisablePscromClkBoost |
| 17 | EnableScpmReset |
| 18 | SkipOemAuthDiagBoot |
| 19 | DiagBoot |
| 20 | BpmpDiagBoot |
| 21 | L0Ist |
| 22 | L1Ist |
| 23-31 |