Re: [WIP][DEV] S-Off [off-topic discussion prohibited]
Originally Posted by Reevine
Does anyone know if the SB 3.0 cookie stores any signed cert? I'm assuming it does but would like to get some input on this.
The boot cookie itself does not contain any signed certs. Those are contained in qfuses. The cookie is a simple form of IPC. (Well, it's inter-boot communication, not inter-process) It is just a small identifier retained in ram between reboots used to determine how the bootloader should function. ie: do we boot as normal in to pbl -> sbl or do we stay in pbl and enter download mode? Also, once in pbl download mode, the cookie (actually 3 different magic numbers) determines if "emergency" download mode is to be used.
In reality, download mode is exactly the same in the pbl and the sbl's. The difference (and resulting confusion) comes from the availability of resources at different points in the boot process. For instance download mode can access the emmc, but only after that subsystem has been successfully initialized by the bootloaders. This is where the cookie comed in. The magic numbers store a flag letting the earlier bootloaders know (after a warm reboot) the highest possible download mode that can be entered (before encountering the same fatal error as before).
Because all download modes are the same, the "cookie" is used to check whether emergency download (aka ehostdl) is available.
It's also worth mentioning that this boot cookie (all 3 magic numbers) are ONLY set when an error occurs. Under a normal boot the reserved memory region that holds these numbers will be unset or null. When an error is encountered one or more magic numbers are set (depending on the type of error) and the error is logged to it's own separate memory region (which can be read through jtag or via commands in download mode).