Secure Lockdown Support in PLM - 2023.2 English

Following are the different scenarios for triggering a secure lockdown in the PLM:

Tamper Event

When a tamper event occurs, the response is configured as SYS_INTERRUPT in the TAMPER_RESP_X register and the actual secure lockdown response is configured in the reserved RTCA location. The sequence is described in PLM Lockdown Flow.

Boot Failures

When a boot failure occurs and the Halt-on-Boot eFuses are programmed, a secure lockdown is triggered in the PLM. If the boot mode is not JTAG and PLM_DEBUG_MODE is not enabled, the PLM checks if the Halt-on-Boot eFuse is programmed:

• If it is not blown, it executes multiboot.
• If the eFuse is programmed, it executes secure lockdown with the SEC_LOCKDOWN_0 response same as the BootROM implementation and then triggers TAMPER_RESP_0 to RCU for executing the secure lockdown of the PMC.

Secure Lockdown over IPI

When a host issues the TamperTrigger IPI command to the PLM, a secure lockdown is triggered.

This API is supported by the IPI which has a single payload to mention the tamper response. Valid tamper responses are SEC_LOCKDOWN_0, SEC_LOCKDOWN_1, and SRST. This function validates the tamper response payload argument that is received. If a valid tamper response is received in the command, it executes the received tamper response. Otherwise, it returns a unique error code.

This command triggers the Tamper Response. If successful, the PLM does not send any response as it is handed off to the BootROM running on RCU. Valid tamper responses are: