Boot Configurations#
The following table shows the programmable boot configuration fields. The boot configurations can be done in either the eFuse (OTP) or NWP MBR.
| S.no | Field | Description | Number of bits | Default Setting in MBR | Default setting in eFuse/OTP | Is a security feature? |
|---|---|---|---|---|---|---|
| 1 | enable_autobaud_detection |
1: Auto baud rate detection for UART is enabled 0: Auto baud disabled Default baud rate – 115200 bps |
1 | Disabled: 0 | 0 | No |
| 2 | safe_upgrade_frm_host |
1: Upgrade the image from backup, instead of overwriting the primary location directly. 0: Overwrite the primary location directly. |
1 | Enabled: 1 | 0 | Yes |
| 3 | disable_ta_jtag |
0: Enable NWP JTAG interface. 1: Disable NWP JTAG interface. Refer to Debug Lock section. |
1 | Enabled: 0 | 0 | Yes |
| 4 | enable_glitch_mitigation |
If glitch mitigation is enabled, the efuse bits related to the JTAG interface are read again before enabling or disabling the JTAG interface. 1: Enable reading efuse bits related to JTAG interface again before enabling or disabling JTAG interface. 0: Disable reading efuse bits related to JTAG interface again before enabling or disabling JTAG interface. |
1 | Disabled: 0 | 0 | Yes |
| 5 | ta_anti_roll_back |
This feature prevents the NWP firmware from being downgraded to older versions. 1: Enable the Anti Rollback feature. 0: Disable the Anti Rollback feature. |
1 | Disabled: 0 | 0 | Yes |
| 6 | ta_secure_boot_enable |
1: Enable Secure Boot for NWP. 0: Disable Secure Boot for NWP. |
1 | Disabled: 0 | 0 | Yes |
| 7 | ta_digital_signature_validation |
1: Digital signature validation is enabled for NWP firmware. 0: Digital signature validation is disabled for NWP firmware. |
1 | Disabled: 0 | 0 | Yes |
| 8 | ta_encrypt_firmware |
00: Firmware is stored in an unencrypted form in the flash. 01: Firmware is stored in an encrypted form in the flash using CTR mode. 10: Firmware is stored in an encrypted form in the flash using XTS mode. 11: Reserved for future use. |
2 | Disabled: 00 | 0 | Yes |
| 9 | mbr_mic_sign_enable |
Enable MIC and Signature for the combined memory region, which includes the MBR, Boot Descriptor, and Key Descriptor Table. 00: CRC 01: MIC 10: Reserved 11: Sign Applicable only when key is present in OTP. |
2 | CRC check is enabled: 00 | 0 | Yes |
| 10 | mic_protected_content_length |
This field depicts how much space is MIC protected using OTP key and MIC stored in OTP. |
4 | Disabled: 0 | 0 | Yes |
| 11 | ta_otp_lock_r1 |
This is a programming lock for the NWP OTP, specifically for the R1 address region (0–127). When the OTP is locked, the user cannot modify the secure boot-related parameters present in the R1 address region. 1: NWP OTP programming is locked. 0: NWP OTP programming is not locked. |
1 | NA | 0 | Yes |