IPL blobs

First stage IPL loaded by the bootrom

This is usually copied from memory mapped SPI NOR into the internal SRAM (IMI).

mercury5 notes

infinity3 notes

authentication notes

In case authentication is performed, a 256 bytes are expected just after normal IPL image. Those bytes are passed through crypto peripheral (0x1f224480 - 0x1f2244af) starting from the last byte till the first one. 256 bytes value seams to be computed out of which 32 last are taken. A SHA256 value of the IPL image is calculated by other part of crypto engine (0x1f224400 - 0x1f22445f) and its result is compared with the hash explained above.

deep sleep notes

The IPL checks the 0x1f001c48 regiter value and if it is 0xBABE, the board may be coming back from deep sleep, otherwise it will determine the type of reset (WDT, HW or SW). If 0xBABE is found:

Version capability/feature matrix

version msc313 msc313e msc316dc checks IPLC chksum notes
I3g0c706bbIPL_QFN64MW y y n[0] n  
I3gd156225IPL_EFUSE ? y y y [1]

infinity6 notes

Version capability/feature matrix

version ssc325 checks IPLC chksum notes
I6gf1d3932IPL y    

Second stage IPL loaded by the first stage IPL

The header format is the same as the first stage IPL but the second 4 bytes are “IPLC”