TOC0

= TOC0 Header =

= TOC0 Items =

RoT certificate (ID 0x010101)
Self-signed DER encoded X.509-like certificate containing a SHA256 hash of the boot code.

If a ROTPK_HASH is programmed only certificates with that key are accepted.

The certificate has a similar structure to standard X.509 certificates, but is different in details:
 * the public key is stored in a non-standard way
 * the hash is added at the place of extensions, but not as real extension
 * the signature doesn't use a standard algorithm, misses the last 4 bytes (bug!) and is stored in a non-standard way

TODO: maybe add ASN.1 of the certificate

TOC0 boot code (ID 0x010202)
Similar to boot0, only "TOC0.GLH" magic instead of "eGON.BT0". After verifying against the SHA256 hash in the certificate, this item is copied at the run address given in the item header and executed in secure mode.

TOC0 images generation
There is a preliminary script: https://gist.github.com/jemk/2abcab1359c4bce793679c5854062331

Some notes:
 * You may need to replace the ".sum" method with ".reduce(:+)" to run it with modern versions of Ruby
 * You may need to change the entry point address from 0x0 to 0x10000 if you want to run it on A64/H64/H5 (the default 0x0 value is used for H3)

ToDo

 * Find out how to check the boot source when booting via TOC0 (for comparison, with eGON.BT0 the boot media type is stored at the offset 0x28 in SRAM A1).
 * Check and document the SPL size limits (is it the same 32K as with eGON.BT0?).
 * Check if it is actually possible to configure secure peripherals after booting via eGON.BT0. Are there any other differences?
 * Implement and test FEL boot for TOC0 bootloaders.