Authentication and Validation of Binaries
- BPMP related firmware binaries including MB1, BPMP_FW, and associated calibration data
- PSC related firmwares including PSC-BL1 and PSC-FW
- CCPLEX related firmware binaries including MB2, MCE, ARM Trusted Firmware, Secure OS, partition table, and associated calibration data
- CCPLEX virtualization binaries including Hypervisor, servers, Partition Loader, and associated calibration data
- Auxiliary firmwares including FSI, DCE, RCE, PVA, APE
- Key IST firmware binaries and calibration data
- Runtime IST firmware binaries and calibration data
- SC7 support binaries
- Guest OS binaries including kernel, Primary IFS, and associated calibration data
A Binary Component Header (BCH) contains information about the binaries in a binary group. It is attached to the top of each binary or can be attached to one binary in the binary group. Up to four binaries can belong to a group. A BCH has an array of four elements, which contain:
- Size of the binary
- Version number
- Hash value
For more information about BCH refer to Grouping of Boot Images.
Dual Authentication of Firmware
MB1 firmware, BPMP firmware, and CPU firmware are delivered in binary form and are signed with the NVIDIA and OEM RSA keys. As a result, two validation steps are required:
- Authentication and validation with the OEM key
- Authentication and validation with the NVIDIA key
Recovery Support
For authentication and validation information consult Understanding Security.
SecureOS
The SecureOS (TOS) runs in EL3 mode and provides SecureMode support.
Hypervisor-based Flow
The hypervisor-based flow is as follows:
Virtual Machine
The Virtual Machine (VM) is an emulation of a native system. It is a software container that functions as an independent system with its own dedicated hardware and operating system, called guest OS in the context of Hypervisor.
Partition Loader
The PartitionLoader (PL) is a special purpose boot loader image embedded into the Hypervisor. It acts as Virtual boot ROM for the virtual machine.