Provides access to the data stored by the Secure NVM Write service or data programmed via a bitstream. If the data is programmed using authentication, the USK key used at the time of programming must also be provided.
| System Service Descriptor Bit Field | Value | Description |
|---|---|---|
| 15:7 | MBOXADDR[10:2] | Mailbox address. See Table 2. |
| 6:0 | 18H | Secure NVM Read service command |
The following table lists the Secure NVM Read Service Mailbox Format (18H).
| Offset | Length (bytes) | Parameter | Direction | Description |
|---|---|---|---|---|
| 0 | 1 | SNVMADDR | Input | sNVM address |
| 1 | 3 | RESERVED | — | Reserved |
| 4 | 12 | USK | Input | User Secret Key (ignored if page is plaintext) |
| 16 | 4 | ADMIN | Output | Page admin data contains current write counter value, page type, and ROM flag. (see Table 3) |
| 20 | 236 or 252 | DATA | Output | Data read from sNVM. 236 bytes of data per page is available when the data is authenticated. 252 bytes of data per page is available when the data is not authenticated. |
| Field | Offset | Size (bits) | Description |
|---|---|---|---|
| CYCLES | 0 | 20 | The current write counter for the page. Since there is no redundant copy, the counter cannot be guaranteed to survive a failed programming attempt. |
| PAGETYPE | 20 | 2 | Specifies how the DATA field is used. Each page may contain plaintext, authenticated plaintext, or authenticated ciphertext. See Table 4. |
| RESERVED | 22 | 1 | — |
| ROMFLAG | 23 | 1 | Specifies whether the page can be modified at runtime by the sNVM system services. If ‘1’, the page cannot be written by the sNVM system services. |
| UNUSED | 24 | 8 | — |
| PAGETYPE | Offset | Size (bits) | DATA Usage | Description |
|---|---|---|---|---|
| 0 | — | — | Blank | Blank page |
| 1 | 0 | 1888 | CT | Authenticated and Encrypted |
| 1888 | 128 | SIVTAG | ||
| 2 | 0 | 1888 | PT | Authenticated Plaintext |
| 1888 | 128 | SIVTAG | ||
| 3 | 0 | 2016 | PT | Plaintext |
The page admin word (bits 31:0) is stored in ones-complement form. This is necessary to avoid a time consuming operation during zeroization to make the sNVM page look blank upon completion of zeroization.