Man page - raspiotp(7)

Packages contains this manual

Package:  raspi-utils-core
apt-get install raspi-utils-core

Manuals in package:
• raspiotp(7)
• vcgencmd(1)
• raspirev(7)
• vcmailbox(7)
• vcmailbox(1)
Documentations in package:
• raspi-utils-core

Manual

RASPIOTP

NAME
DESCRIPTION
OTP REGISTERS
INDUSTRIAL USE
Customer OTP settings
Locking the OTP changes
Making customer OTP bits unreadable
SEE ALSO
REFERENCES

---

NAME

raspiotp - the Raspberry Pi OTP register bits

DESCRIPTION

All SoCs used by the Raspberry Pi range have a inbuilt One-Time Programmable (OTP) memory block. It is 66 32-bit values long, although only a few locations have factory-programmed data. The vcgencmd (1) utility can be used to display the contents of the OTP like so:

$ vcgencmd otp_dump

OTP REGISTERS

This list contains the publicly available information on the registers. If a register or bit is not defined here, then it is not public.

17

bootmode register

Bit 1

			sets the oscillator frequency to 19.2MHz
	Bit 3		enables pull ups on the SDIO pins
	Bit 19		enables GPIO bootmode
	Bit 20		sets the bank to check for GPIO bootmode
	Bit 21		enables booting from SD card
	Bit 22		sets the bank to boot from
	Bit 28		enables USB device booting
	Bit 29		enables USB host booting (ethernet and mass storage)
	18

copy of bootmode register

	28		serial number
	29		˜(serial number)
	30		revision code; raspirev (7)
	36-43		customer OTP values (see INDUSTRIAL USE below)
	45		MPG2 decode key
	46		WVC1 decode key
	64-65		MAC address; if set, system will use this in preference to the automatically generated address based on the serial number
	66		advanced boot register

Bits 0-6

GPIO for ETH_CLK output pin

Bit 7

enables ETH_CLK output

Bits 8-14

GPIO for LAN_RUN output pin

	Bit 15		enables LAN_RUN output
	Bit 24		extends USB HUB timeout parameter
	Bit 25		ETH_CLK frequency: 0=25MHz, 1=24MHz

INDUSTRIAL USE

The Raspberry Pi is often used as part of another product. This section describes some extra facilities available to use other capabilities of the Pi.

Customer OTP settings

There are a number of OTP values that can be used. To see a list of all the OTP values, you can use:

$ vcgencmd otp_dump

In register locations 36 to 43 (inclusive), there are eight rows of 32 bits available for the customer (detailed in OTP REGISTERS above).

To program these bits, you will need to use the vcmailbox. This is a Linux driver interface to the firmware which will handle the programming of the rows. To do this, please refer to the documentation at [MAILBOX], and the vcmailbox (1) example application. For example:

$ vcmailbox 0x00010004 8 8 0 0
0x00000020 0x80000000 0x00010004 0x00000008 0x800000008 0xnnnnnnnn
0x00000000 0x00000000

The above uses the GET_BOARD_SERIAL tag (detailed under [MAILBOX]) with a request size of 8 bytes and response size of 8 bytes (sending two integers for the request 0, 0). The response to this will be two integers (0x00000020 and 0x80000000) followed by the tag code, the request length, the response length (with the 31st bit set to indicate that it is a response) then the 64 bit serial number (where the MS 32bits are always 0).

To set the customer OTP values you will need to use the SET_CUSTOMER_OTP (0x38021) tag as follows:

$ vcmailbox 0x00038021 [8+rows*4] [8+rows*4] [start] [rows] [value] ...

	start		the first row to program from 0-7
	rows		number of rows to program
	value		each value to program

So, to program OTP customer rows 4, 5, and 6 to 0x11111111, 0x22222222, 0x33333333 respectively, you would use:

$ vcmailbox 0x00038021 20 20 4 3 0x11111111 0x22222222 0x33333333

This will then program rows 40, 41, and 42. To read the values back, you can use:

$ vcmailbox 0x00030021 20 20 4 3 0 0 0
0x0000002c 0x80000000 0x00030021 0x00000014 0x80000014 0x00000000
0x00000003 0x11111111 0x22222222 0x33333333

If you’d like to integrate this functionality into your own code, you should be able to achieve this by using the vcmailbox.c code as an example.

Locking the OTP changes

It is possible to lock the OTP changes to avoid them being edited again. This can be done using a special argument with the OTP write mailbox:

$ vcmailbox 0x00038021 8 8 0xffffffff 0xaffe0000

Once locked, the customer OTP values can no longer be altered. Note that this locking operation is irreversible.

Making customer OTP bits unreadable

It is possible to prevent the customer OTP bits from being read at all. This can be done using a special argument with the OTP write mailbox:

$ vcmailbox 0x00038021 8 8 0xffffffff 0xaffebabe

This operation is unlikely to be useful for the vast majority of users, and is irreversible.

SEE ALSO

vcgencmd (1), raspirev (7), [SOURCE]

REFERENCES

[MAILBOX]

https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface

[SOURCE]

https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#otp-register-and-bit-definitions and https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#industrial-use-of-the-raspberry-pi

---