SBROM

SBROM Error Codes
The SBROM performs several verification steps before executing the loaded TOC0 image, so there are many ways it can fail and dump you to FEL. Thankfully, the SBROM records an error code in most failure paths, and these can help you debug your TOC0 image generation process.

Obviously, these error codes are meant for internal debugging, so they are not neatly organized. The location, encoding, and granularity of these error codes vary from chip to chip. There may be more than one set of codes recorded by a single SBROM implementation. Some error codes may be used multiple places within the SBROM, making them ambiguous. Finally, the descriptions provided below are reverse-engineered from the SBROM code, so they may not always be accurate.

The BROMs do not contain any human-readable log messages, but they use use several methods of reporting integer status and error codes:
 * Storing information in SRAM. This usually includes the contents of various eFuses, such as BROM_CONFIG and ROTPK_HASH.
 * Reading from or writing to an "dummy" or unmapped address in MMIO space. Presumably this is visible to JTAG.
 * Toggling a bit in MMIO space (usually in the SYSCON region), with the number of pulses or the width of each pulse varying based on the status/error code. Presumably this is visible to JTAG or a logic analyzer.
 * Writing to a MMIO register in the SYSCON or RTC region. Sometimes the BROM splits the register into two 16-bit words and alternates between them on consecutive boots.

H5 SBROM
The H5 SBROM writes the following codes to the SYSCON at 0x1c000f0, using the functions at 0x033c (low word) and 0x0374 (high word), roughly in the order listed below.

These are the possible values for the certificate signature status:

The H5 SBROM also contains a dummy MMIO read function at 0x202c, and a SYSCON bit toggle function at 0x0264. Neither of these are interesting.