Fuses for OEM Field Ratcheting
|
Fuse Ownership |
Fuse Name |
Bits |
|---|---|---|
|
NV Owned |
N/A |
N/A |
|
OEM Owned (Field) |
fuse_system_fw_field_ratchet0[31:0] |
32 Bits |
|
fuse_system_fw_field_ratchet1[31:0] |
32 Bits |
|
|
fuse_system_fw_field_ratchet2[31:0] |
32 Bits |
|
|
fuse_system_fw_field_ratchet3[31:0] |
32 Bits |
Passing Ratchet Status to Guest OSes
Ratchet fuse burning status is passed to guest OS via the kernel device tree. There are
separate nodes for MB1, MTS, and MB1-BCT at the following location under the
/proc interface.
/proc/device-tree/chosen/ratchet-statusEach node has two fields: status and error.
- "error" has the appropriate ratchet error value.
- "status" can have following status strings:
|
Ratcheting Status |
Description |
|---|---|
|
not_tried |
Default status. Ratchet check path is skipped. |
|
skipped_a |
Active Boot Chain firmware ratchet matches with HW fuses. |
|
skipped_b |
Inactive Boot Chain firmware ratchet matches with HW fuses. |
|
updated |
Ratchet fuses are successfully updated with SW ratchet value. |
|
failed |
Ratchet fuse update(burning) failed. |
|
no_option |
Ratchet update check skipped as Opt-in fuse is not set by OEM |
Lock Fuse Burning
If the SecurityMode fuse is burned, the quickboot locks fuse burning at the end of ratchet handling before kernel handoff to prevent malicious over-ratcheting.
Set bit #0 of register FUSE_DISABLEREGPROGRAM_0.