Man page - raspiotp(7)

Packages contas this manual

Package: raspi-utils-core
apt-get install raspi-utils-core

Manuals in package:

Documentations in package:

raspi-utils-core

Manual

RASPIOTP(7)

Miscellaneous Information Manual

RASPIOTP(7)

NAME

raspiotp - the Raspberry Pi OTP register bits

DESCRIPTION

All SoCs used by the Raspberry Pi range have a inbuilt One-Time Programmable (OTP) memory block. It is 66 32-bit values long, although only a few locations have factory-programmed data. The vcgencmd(1) utility can be used to display the contents of the OTP like so:

$ vcgencmd otp_dump

OTP REGISTERS

This list contains the publicly available information on the registers. If a register or bit is not defined here, then it is not public.

17: bootmode register

Bit 1: sets the oscillator frequency to 19.2MHz
Bit 3: enables pull ups on the SDIO pins
Bit 19: enables GPIO bootmode
Bit 20: sets the bank to check for GPIO bootmode
Bit 21: enables booting from SD card
Bit 22: sets the bank to boot from
Bit 28: enables USB device booting
Bit 29: enables USB host booting (ethernet and mass storage)

18: copy of bootmode register
28: serial number
29: ~(serial number)
30: revision code; raspirev(7)
36-43: customer OTP values (see INDUSTRIAL USE below)
45: MPG2 decode key
46: WVC1 decode key
64-65: MAC address; if set, system will use this in preference to the automatically generated address based on the serial number
66: advanced boot register

Bits 0-6: GPIO for ETH_CLK output pin
Bit 7: enables ETH_CLK output
Bits 8-14: GPIO for LAN_RUN output pin
Bit 15: enables LAN_RUN output
Bit 24: extends USB HUB timeout parameter
Bit 25: ETH_CLK frequency: 0=25MHz, 1=24MHz

INDUSTRIAL USE

The Raspberry Pi is often used as part of another product. This section describes some extra facilities available to use other capabilities of the Pi.

Customer OTP settings

There are a number of OTP values that can be used. To see a list of all the OTP values, you can use:

$ vcgencmd otp_dump

In register locations 36 to 43 (inclusive), there are eight rows of 32 bits available for the customer (detailed in OTP REGISTERS above).

To program these bits, you will need to use the vcmailbox. This is a Linux driver interface to the firmware which will handle the programming of the rows. To do this, please refer to the documentation at [MAILBOX], and the vcmailbox(1) example application. For example:

$ vcmailbox 0x00010004 8 8 0 0
0x00000020 0x80000000 0x00010004 0x00000008 0x800000008 0xnnnnnnnn
0x00000000 0x00000000

The above uses the GET_BOARD_SERIAL tag (detailed under [MAILBOX]) with a request size of 8 bytes and response size of 8 bytes (sending two integers for the request 0, 0). The response to this will be two integers (0x00000020 and 0x80000000) followed by the tag code, the request length, the response length (with the 31st bit set to indicate that it is a response) then the 64 bit serial number (where the MS 32bits are always 0).

To set the customer OTP values you will need to use the SET_CUSTOMER_OTP (0x38021) tag as follows:

$ vcmailbox 0x00038021 [8+rows*4] [8+rows*4] [start] [rows] [value] ...

start: the first row to program from 0-7
rows: number of rows to program
value: each value to program

So, to program OTP customer rows 4, 5, and 6 to 0x11111111, 0x22222222, 0x33333333 respectively, you would use:

$ vcmailbox 0x00038021 20 20 4 3 0x11111111 0x22222222 0x33333333

This will then program rows 40, 41, and 42. To read the values back, you can use:

$ vcmailbox 0x00030021 20 20 4 3 0 0 0
0x0000002c 0x80000000 0x00030021 0x00000014 0x80000014 0x00000000
0x00000003 0x11111111 0x22222222 0x33333333

If you'd like to integrate this functionality into your own code, you should be able to achieve this by using the vcmailbox.c code as an example.

Locking the OTP changes

It is possible to lock the OTP changes to avoid them being edited again. This can be done using a special argument with the OTP write mailbox:

$ vcmailbox 0x00038021 8 8 0xffffffff 0xaffe0000

Once locked, the customer OTP values can no longer be altered. Note that this locking operation is irreversible.

Making customer OTP bits unreadable

It is possible to prevent the customer OTP bits from being read at all. This can be done using a special argument with the OTP write mailbox:

$ vcmailbox 0x00038021 8 8 0xffffffff 0xaffebabe

This operation is unlikely to be useful for the vast majority of users, and is irreversible.

REFERENCES

[MAILBOX]: https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface
[SOURCE]: https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#otp-register-and-bit-definitions and https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#industrial-use-of-the-raspberry-pi