GM_1927-57_CS2_Entry_letter

High-bandwidth Digital Content Protection SystemMapping HDCP to DisplayPortRevision 2.221 December, 2012NoticeTHIS DOCUMENT IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel Corporation disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted herein.The cryptographic functions described in this specification may be subject to export control by the United States, Japanese, and/or other governments.Copyright © 1999-2012 by Intel Corporation. Third-party brands and names are the property of their respective owners.AcknowledgementSTMicroelectronics and Parade Technologies have contributed to the development of this specification.Intellectual PropertyImplementation of this specification requires a license from the Digital Content Protection LLC.Contact InformationDigital Content Protection LLCC/O Vital Technical Marketing, Inc.3855 SW 153rd DriveBeaverton, OR 97006Email: info@Web: Revision History1 Introduction (5)1.1 Scope (5)1.2 Definitions (5)1.3 Overview (8)1.4 Terminology (9)1.5 References (9)2 Authentication Protocol (10)2.1 Overview (10)2.2 Authentication and Key Exchange (11)2.2.1 Pairing (14)2.3 Locality Check (15)2.4 Session Key Exchange (16)2.5 Authentication with Repeaters (17)2.5.1 Upstream Propagation of Topology Information (17)2.5.2 Downstream Propagation of Content Stream Management Information (22)2.6 Link Integrity Check (23)2.6.1 Link Integrity Check in MST Mode (23)2.6.2 Link Integrity Check in SST Mode (24)2.7 Key Derivation (25)2.8 HDCP Transmitter State Diagram (25)2.9 HDCP Receiver State Diagram (30)2.10 HDCP Repeater State Diagrams (32)2.10.1 Propagation of Topology Errors (33)2.10.2 HDCP Repeater Downstream State Diagram (33)2.10.3 HDCP Repeater Upstream State Diagram (38)2.11 Converters (42)2.11.1 HDCP 2 – HDCP 1.x Converters (42)2.11.2 HDCP 1.x – HDCP 2 Converters (44)2.12 Session Key Validity (45)2.13 Random Number Generation (45)2.14 CP_IRQ Interrupt Processing (46)2.15 HDCP Port (46)3 HDCP Encryption (51)3.1 Data Encryption (51)3.2 HDCP Cipher (54)3.3 Encryption Status Signaling in MST Mode (56)3.4 Encryption Status Signaling in SST Mode (58)3.5 Uniqueness of k s and r iv (60)4 Authentication Protocol Messages (62)4.1 Overview (62)4.2 Message Format (62)4.2.1 AKE_Init (Write) (62)4.2.2 AKE_Send_Cert (Read) (62)4.2.3 AKE_No_Stored_km (Write) (62)4.2.4 AKE_Stored_km (Write) (62)4.2.5 AKE_Send_H_prime (Read) (62)4.2.6 AKE_Send_Pairing_Info (Read) (63)4.2.7 LC_Init (Write) (63)4.2.8 LC_Send_L_prime (Read) (63)4.2.9 SKE_Send_Eks (Write) (63)4.2.10 RepeaterAuth_Send_ReceiverID_List (Read) (63)4.2.11 RepeaterAuth_Send_Ack (Write) (64)4.2.12 RepeaterAuth_Stream_Manage (Write) (64)4.2.13 RepeaterAuth_Stream_Ready (Read) (65)5 Renewability (66)5.1 SRM Size and Scalability (67)5.2 Updating SRMs (68)Appendix A. Core Functions and Confidentiality and Integrity of Values (70)Appendix B. DCP LLC Public Key (73)Appendix C. Bibliography (Informative) (74)1 Introduction1.1 ScopeThis specification describes the mapping of High-bandwidth Digital Content Protection (HDCP)system to DisplayPort, Revision 2.20.For the purpose of this specification, it is assumed that the Audiovisual content is transmitted overa DisplayPort based wired display link. In an HDCP System, two or more HDCP Devices areinterconnected through an HDCP-protected Interface. The Audiovisual Content flows from theUpstream Content Control Function into the HDCP System at the most upstream HDCPTransmitter. From there the Audiovisual Content encrypted by the HDCP System, referred to asHDCP Content, flows through a tree-shaped topology of HDCP Receivers over HDCP-protectedInterfaces. This specification describes a content protection mechanism for: (1) authentication ofHDCP Receivers to their immediate upstream connection (i.e., an HDCP Transmitter), (2)revocation of HDCP Receivers that are determined by the Digital Content Protection, LLC, to beinvalid, and (3) HDCP Encryption of Audiovisual Content over the HDCP-protected Interfacesbetween HDCP Transmitters and their downstream HDCP Receivers. HDCP Receivers mayrender the HDCP Content in audio and visual form for human consumption. HDCP Receiversmay be HDCP Repeaters that serve as downstream HDCP Transmitters emitting the HDCPContent further downstream to one or more additional HDCP Receivers.Unless otherwise specified, the term “HDCP Receiver” is also used to refer to the upstreamHDCP-protected interface port of an HDCP Repeater. Similarly, the term “HDCP Transmitter” isalso used to refer to the downstream HDCP-protected interface port of an HDCP Repeater. HDCPTransmitters must support HDCP Repeaters.The state machines in this specification define the required behavior of HDCP Devices. The link-visible behavior of HDCP Devices implementing the specified state machines must be identical,even if implementations differ from the descriptions. The behavior of HDCP Devicesimplementing the specified state machines must also be identical from the perspective of an entityoutside of the HDCP System.Implementations must include all elements of the content protection system described herein,unless the element is specifically identified as informative or optional. Adopters must also ensurethat implementations satisfy the robustness and compliance rules described in the technologylicense.Device discovery and association, and link setup and teardown, is outside the scope of thisspecification.1.2 DefinitionsThe following terminology, as used throughout this specification, is defined as herein:Audiovisual Content. Audiovisual works (as defined in the United States Copyright Act as ineffect on January 1, 1978), text and graphic images, are referred to as AudioVisual Content.Authorized Device. An HDCP Device that is permitted access to HDCP Content is referred to asan Authorized Device. An HDCP Transmitter may test if a connected HDCP Receiver is anAuthorized Device by successfully completing the following stages of the authentication protocol– Authentication and Key Exchange (AKE) and Locality check. If the authentication protocolsuccessfully results in establishing authentication, then the other device is considered by the HDCPTransmitter to be an Authorized Device.Content Stream. Content Stream consists of Audiovisual Content received from an Upstream Content Control Function that is to be encrypted and Audiovisual Content received from an Upstream Content Control Function that is encrypted by the HDCP System.Device Key Set. An HDCP Receiver has a Device Key Set, which consists of its corresponding Device Secret Keys along with the associated Public Key Certificate.Device Secret Keys. For an HDCP Transmitter, Device Secret Key consists of the secret Global Constant. For an HDCP Receiver, Device Secret Keys consists of the secret Global Constant and the RSA private key. The Device Secret Keys are to be protected from exposure outside of the HDCP Device.downstream. The term, downstream, is used as an adjective to refer to being towards the sink of the HDCP Content. For example, when an HDCP Transmitter and an HDCP Receiver are connected over an HDCP-protected Interface, the HDCP Receiver can be referred to as the downstream HDCP Device in this connection. For another example, on an HDCP Repeater, the HDCP-protected Interface Port(s) which can emit HDCP Content can be referred to as its downstream HDCP-protected Interface Port(s). See also, upstream.Global Constant. A 128-bit random, secret constant provided only to HDCP adopters and used during HDCP Content encryption or decryptionHDCP 1.x. HDCP 1.x refers to, specifically, the variant of HDCP described by Revision 1.00 (referred to as HDCP 1.0), Revision 1.10 (referred to as HDCP 1.1), Revision 1.20 (referred to as HDCP 1.2) and Revision 1.30 (referred to as HDCP 1.3) along with their associated errata, if applicable.HDCP 1.x-compliant Device. An HDCP Device that is designed in adherence to HDCP 1.x, defined above, is referred to as an HDCP 1.x-compliant Device.HDCP 2. HDCP 2 refers to, specifically, the variant of HDCP mapping for all HDCP protected interfaces described by Revision 2.00 and higher versions along with their associated errata, if applicable.HDCP 2.0. HDCP 2.0 refers to, specifically, the variant of HDCP mapping for all HDCP protected interfaces described by Revision 2.00 of the corresponding specifications along with their associated errata, if applicable.HDCP 2.0-compliant Device. An HDCP Device that is designed in adherence to HDCP 2.0 is referred to as an HDCP 2.0-compliant Device.HDCP 2.2. HDCP 2.2 refers to, specifically, the variant of HDCP mapping described by Revision 2.20 of this specification along with its associated errata, if applicable.HDCP 2.2-compliant Device. An HDCP Device that is designed in adherence to HDCP 2.2 is referred to as an HDCP 2.2-compliant Device.HDCP Cipher. The HDCP encryption module consisting of a 128-bit AES module that is operated in a Counter (CTR) mode is referred to as HDCP Cipher.HDCP Content. HDCP Content consists of Audiovisual Content that is protected by the HDCP System. HDCP Content includes the Audiovisual Content in encrypted form as it is transferred from an HDCP Transmitter to an HDCP Receiver over an HDCP-protected Interface, as well as any translations of the same content, or portions thereof. For avoidance of doubt, Audiovisual Content that is never encrypted by the HDCP System is not HDCP Content.HDCP Device. Any device that contains one or more HDCP-protected Interface Port and is designed in adherence to HDCP is referred to as an HDCP Device.HDCP Encryption. HDCP Encryption is the encryption technology of HDCP when applied to the protection of HDCP Content in an HDCP System.HDCP Receiver. An HDCP Device that can receive and decrypt HDCP Content through one or more of its HDCP-protected Interface Ports is referred to as an HDCP Receiver.HDCP Repeater. An HDCP Device that can receive and decrypt HDCP Content through one or more of its HDCP-protected Interface Ports, and can also re-encrypt and emit said HDCP Content through one or more of its HDCP-protected Interface Ports, is referred to as an HDCP Repeater. An HDCP Repeater may also be referred to as either an HDCP Receiver or an HDCP Transmitter when referring to either the upstream side or the downstream side, respectively.HDCP Session. An HDCP Session is established between an HDCP Transmitter and HDCP Receiver with the transmission or reception of the authentication initiation message, AKE_Init. The established HDCP Session remains valid until it is aborted by the HDCP Transmitter or a new HDCP Session is established, which invalidates the HDCP Session that was previously established, by the transmission or reception of a new AKE_Init message.HDCP System. An HDCP System consists of an HDCP Transmitter, zero or more HDCP Repeaters and one or more HDCP Receivers connected through their HDCP-protected interfaces in a tree topology; whereas the said HDCP Transmitter is the HDCP Device most upstream, and receives the Audiovisual Content from one or more Upstream Content Control Functions. All HDCP Devices connected to other HDCP Devices in an HDCP System over HDCP-protected Interfaces are part of the HDCP System.HDCP Transmitter. An HDCP Device that can encrypt and emit HDCP Content through one or more of its HDCP-protected Interface Ports is referred to as an HDCP Transmitter.HDCP. HDCP is an acronym for High-bandwidth Digital Content Protection. This term refers to this content protection system as described by any revision of this specification and its errata.HDCP-protected Interface Port. A connection point on an HDCP Device that supports an HDCP-protected Interface is referred to as an HDCP-protected Interface Port.HDCP-protected Interface. An interface for which HDCP applies is described as an HDCP-protected Interface.Master Key. A 128-bit random, secret cryptographic key negotiated between the HDCP Transmitter and the HDCP Receiver during Authentication and Key Exchange and used to pair the HDCP Transmitter with the HDCP Receiver.Public Key Certificate. Each HDCP Receiver is issued a Public Key Certificate signed by DCP LLC, and contains the Receiver ID and RSA public key corresponding to the HDCP Receiver. Receiver Connected Indication. An indication to the HDCP Transmitter that an active receiver has been connected to it. The format of the indication or the method used by the HDCP Transmitter to connect to or disconnect from a receiver is outside the scope of this specification.Receiver Disconnected Indication. An indication to the HDCP Transmitter that the receiver has been disconnected from it. The format of the indication or the method used by the HDCP Transmitter to connect to or disconnect from a receiver is outside the scope of this specification.Receiver ID. A 40-bit value that uniquely identifies the HDCP Receiver. It has the same format asan HDCP 1.x KSV i.e. it contains 20 ones and 20 zeroes.Session Key. A 128-bit random, secret cryptographic key negotiated between the HDCPTransmitter and the HDCP Receiver during Session Key exchange and used during HDCPContent encryption or decryption.Upstream Content Control Function. The HDCP Transmitter most upstream in the HDCPSystem receives Audiovisual Content to be protected from the Upstream Content ControlFunction. The Upstream Content Control Function is not part of the HDCP System, and themethods used, if any, by the Upstream Content Control Function to determine for itself the HDCPSystem is correctly authenticated or permitted to receive the Audiovisual Content, or to transfer theAudiovisual Content to the HDCP System, are beyond the scope of this specification. On apersonal computer platform, an example of an Upstream Content Control Function may besoftware designed to emit Audiovisual Content to a display or other presentation device thatrequires HDCP.upstream. The term, upstream, is used as an adjective to refer to being towards the source of theHDCP Content. For example, when an HDCP Transmitter and an HDCP Receiver are connectedover an HDCP-protected Interface, the HDCP Transmitter can be referred to as the upstreamHDCP Device in this connection. For another example, on an HDCP Repeater, the HDCP-protected Interface Port(s) which can receive HDCP Content can be referred to as its upstreamHDCP-protected Interface Port(s). See also, downstream.1.3 Overview1.HDCP is designed to protect the transmission of Audiovisual Content between an HDCPTransmitter and an HDCP Receiver. The HDCP Transmitter may support simultaneousconnections to HDCP Receivers through one or more of its HDCP-protected interface ports.The system also allows for HDCP Repeaters that support downstream HDCP-protectedInterface Ports. The HDCP System allows up to four levels of HDCP Repeaters and as manyas 32 total HDCP Devices, including HDCP Repeaters, to be connected to an HDCP-protected Interface port.Figure 1.1 illustrates an example connection topology for HDCP Devices.There are three elements of the content protection system. Each element plays a specific role in thesystem. First, there is the authentication protocol, through which the HDCP Transmitter verifiesthat a given HDCP Receiver is licensed to receive HDCP Content. The authentication protocol isimplemented between the HDCP Transmitter and its corresponding downstream HDCP Receiver.With the legitimacy of the HDCP Receiver determined, encrypted HDCP Content is transmittedbetween the two devices based on shared secrets established during the authentication protocol.This prevents eavesdropping devices from utilizing the content. Finally, in the event that legitimatedevices are compromised to permit unauthorized use of HDCP Content, renewability allows anHDCP Transmitter to identify such compromised devices and prevent the transmission of HDCPContent.This document contains chapters describing in detail the requirements of each of these elements. Inaddition, a chapter is devoted to describing the cipher structure that is used in the encryption ofHDCP Content.1.4 TerminologyThroughout this specification, names that appear in italic refer to values that are exchanged duringthe HDCP cryptographic protocol. C-style notation is used throughout the state diagrams andprotocol diagrams, although the logic functions AND, OR, and XOR are written out where atextual description would be more clear.This specification uses the big-endian notation to represent bit strings so that the most significantbit in the representation is stored in the left-most bit position. The concatenation operator ‘||’combines two values into one. For eight-bit values a and b, the result of (a || b) is a 16-bit value,with the value a in the most significant eight bits and b in the least significant eight bits.1.5 References[1].Digital Content Protection (DCP) LLC, High-bandwidth Digital Content Protection System,Revision 1.4, July 8, 2009.[2].Digital Content Protection (DCP) LLC, HDCP Specification 1.3 – Amendment forDisplayPort, Revision 1.0, December 19, 2006.[3].National Institute of Standards and Technology (NIST), Advanced Encryption Standard(AES), FIPS Publication 197, November 26, 2001.[4].RSA Laboratories, RSA Cryptography Standard, PKCS #1 v2.1, June 14, 2002.[5].National Institute of Standards and Technology (NIST), Secure Hash Standard (SHS), FIPSPublication 180-2, August 1, 2002.[6].Internet Engineering Task Force (IETF), HMAC: Keyed-Hashing for Message Authentication,Request for Comments (RFC) 2104, February 1997.[7].National Institute of Standards and Technology (NIST), Recommendation for RandomNumber Generation Using Deterministic Random Bit Generators, Special Publication 800-90,March 2007[8].VESA® DisplayPort® Standard, Version 1, Revision 2a, May 23, 20122 Authentication Protocol2.1 OverviewThe HDCP authentication protocol is an exchange between an HDCP Transmitter and an HDCPReceiver that affirms to the HDCP Transmitter that the HDCP Receiver is authorized to receiveHDCP Content. It is comprised of the following stages•Authentication and Key Exchange (AKE) – The HDCP Receiver’s public key certificate is verified by the HDCP Transmitter. A Master Key k m is exchanged. •Locality Check – The HDCP Transmitter enforces locality on the content by requiring that the Round Trip Time (RTT) between a pair of messages is not more than 7 ms. •Session Key Exchange (SKE) – The HDCP Transmitter exchanges Session Key k s with the HDCP Receiver. • Authentication with Repeaters – The step is performed by the HDCP Transmitter onlywith HDCP Repeaters. In this step, the repeater assembles downstream topologyinformation and forwards it to the upstream HDCP Transmitter.Successful completion of AKE and locality check stages affirms to the HDCP Transmitter that theHDCP Receiver is authorized to receive HDCP Content. At the end of the authentication protocol,a communication path is established between the HDCP Transmitter and HDCP Receiver that onlyAuthorized Devices can access.All HDCP Devices contain a 128-bit secret Global Constant denoted by lc 128. All HDCP Devicesshare the same Global Constant. lc 128 is provided only to HDCP adopters.The HDCP Transmitter contains the 3072-bit RSA public key of DCP LLC denoted by kpub dcp .The HDCP Receiver is issued 1024-bit RSA public and private keys. The public key is stored in aPublic Key Certificate issued by DCP LLC, denoted by cert rx . Table 2.1 gives the fields containedin the certificate. All values are stored in big-endian format. Table 2.1. Public Key Certificate of HDCP ReceiverThe secret RSA private key is denoted by kpriv rx . The computation time of RSA private keyoperation can be reduced by using the Chinese Remainder Theorem (CRT) technique. Therefore, itis recommended that HDCP Receivers use the CRT technique for private key computations.Name Size (bits) BitpositionFunction Receiver ID 40 4175:4136 Unique receiver identifier. It has the same format as an HDCP 1.x KSV i.e. it contains 20 ones and 20 zeroesReceiver Public Key 1048 4135:3088 Unique RSA public key of HDCP Receiver denoted by kpub rx . The first 1024 bits is the big-endian representation of the modulus n and the trailing 24 bits is the big-endian representation of the public exponent eReserved2 4 3087:3084 Reserved for future definition. Must be 0x0 or 0x1.Reserved1 12 3083:3072 Reserved for future definition. Must be 0x000DCP LLC Signature 3072 3071:0 A cryptographic signature calculated over all preceding fields of the certificate. RSASSA-PKCS1-v1_5 is the signature scheme used as defined byPKCS #1 V2.1: RSA Cryptography Standard. SHA-256 is the underlyinghash function2.2 Authentication and Key ExchangeAuthentication and Key Exchange (AKE) is the first step in the authentication protocol. Figure 2.1and Figure 2.2 illustrates the AKE. The HDCP Transmitter (Device A ) can initiate authenticationat any time, even before a previous authentication exchange has completed. The HDCPTransmitter initiates a new HDCP Session by sending the authentication initiation message,AKE_Init. Message formats are defined in Section 4.2.Figure 2.1. Authentication and Key Exchange (Without Storedk m )200 msFigure 2.2. Authentication and Key Exchange (With Stored k m )The HDCP Transmitter•Initiates authentication by sending the initiation message, AKE_Init, containing a 64-bit pseudo-random value (r tx) and TxCaps parameters.•Reads AKE_Send_Cert from the receiver containing cert rx, a 64-bit pseudo-random value (r rx) and RxCaps. REPEATER bit in RxCaps indicates whether the connected receiver is an HDCP Repeater. If REPEATER is set to one, it indicates the receiver is an HDCP Repeater. If REPEATER is zero, the receiver is not an HDCP Repeater. The AKE_Send_Cert message must be available for the transmitter to read within 100 ms from the time the transmitter finishes writing the AKE_Init message parameters to the HDCP Receiver. The HDCP Transmitter must not attempt to read AKE_Send_Cert sooner than 100 ms after writing the AKE_Init message. If the AKE_Send_Cert message is not available for the transmitter to read within 100 ms, the transmitter aborts the authentication protocol.•Extracts Receiver ID from cert rxo If the HDCP Transmitter does not have a 128-bit Master Key k m stored corresponding to the Receiver ID (See Section 2.2.1)Verifies the signature on the certificate using kpub dcp. Failure ofsignature verification constitutes an authentication failure and theHDCP Transmitter aborts the authentication protocol.Generates a pseudo-random 128-bit Master Key k m. Encrypts k m withkpub rx(E kpub(km)) and sends AKE_No_Stored_km message to thereceiver containing the 1024-bit E kpub(km). RSAES-OAEP encryptionscheme must be used as defined by PKCS #1 V2.1: RSACryptography Standard. SHA-256 is the underlying hash function.The mask generation function used is MGF1 which uses SHA-256 asits underlying hash function.Verifies integrity of the System Renewability Message (SRM). It doesthis by checking the signature of the SRM using kpub dcp. Failure ofthis integrity check constitutes an authentication failure and causes theHDCP Transmitter to abort authentication protocol.The top-level HDCP Transmitter checks to see if the Receiver ID ofthe connected device is found in the revocation list. If the Receiver IDof the connected HDCP Device is found in the revocation list,authentication fails and the authentication protocol is aborted. SRMintegrity check and revocation check are performed only by the top-level HDCP Transmitter.Performs key derivation as explained in Section 2.7 to generate 256-bit k d. k d = dkey0 || dkey1, where dkey0 and dkey1 are derived keysgenerated when ctr = 0 and ctr = 1 respectively. dkey0 and dkey1 are inbig-endian order.Computes 256-bit H = HMAC-SHA256(r tx || RxCaps || TxCaps, k d)where HMAC-SHA256 is computed over r tx || RxCaps || TxCaps andthe key used for HMAC is k d.Reads the H’_AVAILABLE status bit in the RxStatus register as soonas it receives the CP_IRQ interrupt. If the H’_AVAILABLE status bitis set, reads the AKE_Send_H_prime message from the receivercontaining the 256-bit H’. The CP_IRQ interrupt must be generatedand the AKE_Send_H_prime message must be available for thetransmitter to read within one second from the time the transmitterfinishes writing the AKE_No_Stored_km message parameters to theHDCP Receiver. If the AKE_Send_H_prime message is not availablefor the transmitter to read within one second or there is a mismatchbetween H and H’, the transmitter aborts the authentication protocol.o If the HDCP Transmitter has a 128-bit Master Key k m stored corresponding to the Receiver ID (See Section 2.2.1)Sends AKE_Stored_km message to the receiver with the 128-bitE kh(k m) and the 128-bit m corresponding to the Receiver ID of theHDCP ReceiverVerifies integrity of the System Renewability Message (SRM). It doesthis by checking the signature of the SRM using kpub dcp. Failure ofthis integrity check constitutes an authentication failure and causes theHDCP Transmitter to abort the authentication protocol.The top-level HDCP Transmitter checks to see if the Receiver ID ofthe connected device is found in the revocation list. If the Receiver IDof the connected HDCP Device is found in the revocation list,authentication fails and the authentication protocol is aborted.Performs key derivation as explained in Section 2.7 to generate 256-bit k d. k d = dkey0 || dkey1, where dkey0 and dkey1 are derived keysgenerated when ctr = 0 and ctr = 1 respectively. dkey0 and dkey1 are inbig-endian order.Computes 256-bit H = HMAC-SHA256(r tx|| RxCaps || TxCaps, k d)where HMAC-SHA256 is computed over r tx || RxCaps || TxCaps andthe key used for HMAC is k d.Reads the H’_AVAILABLE status bit in the RxStatus register as soonas it receives the CP_IRQ interrupt. If the H’_AVAILABLE status bitis set, reads the AKE_Send_H_prime message from the receivercontaining the 256-bit H’. The CP_IRQ interrupt must be generatedand the AKE_Send_H_prime message must be available for thetransmitter to read within 200 ms from the time the transmitter finisheswriting the AKE_Stored_km message parameters to the HDCPReceiver. If the AKE_Send_H_prime message is not available for thetransmitter to read within 200 ms or there is a mismatch between Hand H’, the transmitter aborts the authentication protocol.The HDCP Receiver•Makes available the AKE_Send_Cert message for the transmitter to read in response to AKE_Init. The AKE_Send_Cert message must be available for the transmitter to readwithin 100 ms from the time the transmitter finishes writing the AKE_Init message parameters to the HDCP Receiver.•If AKE_No_Stored_km is received, the HDCP Receivero Decrypts k m with kpriv rx using RSAES-OAEP decryption scheme.。

1.1初始化概述1.2预初始化1.3通过ROM代码初始化设备1.4 HLOS支持服务1.1初始化概述本章概述了从开机到操作系统（OS）和应用程序执行的设备初始化要求、整个初始化过程（包括硬件和软件相关步骤）、一般ROM代码操作要求和行为预期。

1.1.1术语•Bootstrap：在内存引导阶段由ROM代码启动的初始软件•配置头（CH）：初始软件之前的可选结构，允许重新定义ROM代码默认设置•下载软件：在外围设备启动阶段，通过ROM代码将初始软件下载到内部静态RAM（SRAM）•eFuse：通常在工厂设置的一次性可编程存储器位置•闪存加载程序：在预闪存阶段由ROM代码启动的下载软件。

它还可以在外部存储器中编程图像。

•初始软件：由任何ROM代码机制执行的软件（内存启动或外围启动）。

初始软件是引导和下载软件的通用术语。

•内存引导：ROM代码机制，包括从外部内存执行初始软件•主CPU:ARM®Cortex®-A15 MPCore™CPU-ID为0的CPU。

它配置多核平台并启动ROM代码，以确保设备从大容量存储器（存储器引导）或外围接口（外围设备引导）引导。

•外围启动：ROM代码机制，包括轮询选定的接口、下载和执行内部RAM中的初始软件（在本例中，是下载的软件）•永久引导设备：默认情况下，包含引导序列中要执行的映像的内存设备。

它是默认的内存引导设备。

如果没有对软件引导配置进行编程，则在热复位后使用永久引导设备。

•预闪存：外设启动的一种特殊情况，使用ROM代码机制对外部闪存进行编程•ROM代码：设备ROM中实现引导的片上软件•ROM代码控制启动阶段：该阶段涵盖从平台释放重置到第一个用户或客户拥有的软件开始执行的顺序操作。

此阶段完全由设备ROM代码控制。

•保存和恢复（SAR）RAM内存：在热复位或从低功耗模式唤醒后未清除的片上RAM内存•从CPU：ARM Cortex-A15 MPCore CPU，CPU-ID为1。

© 2017 NXP B.V.SCM-i.MX 6 Series Yocto Linux User'sGuide1. IntroductionThe NXP SCM Linux BSP (Board Support Package) leverages the existing i.MX 6 Linux BSP release L4.1.15-2.0.0. The i.MX Linux BSP is a collection of binary files, source code, and support files that can be used to create a U-Boot bootloader, a Linux kernel image, and a root file system. The Yocto Project is the framework of choice to build the images described in this document, although other methods can be also used.The purpose of this document is to explain how to build an image and install the Linux BSP using the Yocto Project build environment on the SCM-i.MX 6Dual/Quad Quick Start (QWKS) board and the SCM-i.MX 6SoloX Evaluation Board (EVB). This release supports these SCM-i.MX 6 Series boards:• Quick Start Board for SCM-i.MX 6Dual/6Quad (QWKS-SCMIMX6DQ)• Evaluation Board for SCM-i.MX 6SoloX (EVB-SCMIMX6SX)NXP Semiconductors Document Number: SCMIMX6LRNUGUser's GuideRev. L4.1.15-2.0.0-ga , 04/2017Contents1. Introduction........................................................................ 1 1.1. Supporting documents ............................................ 22. Enabling Linux OS for SCM-i.MX 6Dual/6Quad/SoloX .. 2 2.1. Host setup ............................................................... 2 2.2. Host packages ......................................................... 23.Building Linux OS for SCM i.MX platforms .................... 3 3.1. Setting up the Repo utility ...................................... 3 3.2. Installing Yocto Project layers ................................ 3 3.3. Building the Yocto image ....................................... 4 3.4. Choosing a graphical back end ............................... 4 4. Deploying the image .......................................................... 5 4.1. Flashing the SD card image .................................... 5 4.2. MFGTool (Manufacturing Tool) ............................ 6 5. Specifying displays ............................................................ 6 6. Reset and boot switch configuration .................................. 7 6.1. Boot switch settings for QWKS SCM-i.MX 6D/Q . 7 6.2. Boot switch settings for EVB SCM-i.MX 6SoloX . 8 7. SCM uboot and kernel repos .............................................. 8 8. References.......................................................................... 8 9.Revision history (9)Enabling Linux OS for SCM-i.MX 6Dual/6Quad/SoloX1.1. Supporting documentsThese documents provide additional information and can be found at the NXP webpage (L4.1.15-2.0.0_LINUX_DOCS):•i.MX Linux® Release Notes—Provides the release information.•i.MX Linux® User's Guide—Contains the information on installing the U-Boot and Linux OS and using the i.MX-specific features.•i.MX Yocto Project User's Guide—Contains the instructions for setting up and building the Linux OS in the Yocto Project.•i.MX Linux®Reference Manual—Contains the information about the Linux drivers for i.MX.•i.MX BSP Porting Guide—Contains the instructions to port the BSP to a new board.These quick start guides contain basic information about the board and its setup:•QWKS board for SCM-i.MX 6D/Q Quick Start Guide•Evaluation board for SCM-i.MX 6SoloX Quick Start Guide2. Enabling Linux OS for SCM-i.MX 6Dual/6Quad/SoloXThis section describes how to obtain the SCM-related build environment for Yocto. This assumes that you are familiar with the standard i.MX Yocto Linux OS BSP environment and build process. If you are not familiar with this process, see the NXP Yocto Project User’s Guide (available at L4.1.15-2.0.0_LINUX_DOCS).2.1. Host setupTo get the Yocto Project expected behavior on a Linux OS host machine, install the packages and utilities described below. The hard disk space required on the host machine is an important consideration. For example, when building on a machine running Ubuntu, the minimum hard disk space required is about 50 GB for the X11 backend. It is recommended that at least 120 GB is provided, which is enough to compile any backend.The minimum recommended Ubuntu version is 14.04, but the builds for dizzy work on 12.04 (or later). Earlier versions may cause the Yocto Project build setup to fail, because it requires python versions only available on Ubuntu 12.04 (or later). See the Yocto Project reference manual for more information.2.2. Host packagesThe Yocto Project build requires that the packages documented under the Yocto Project are installed for the build. Visit the Yocto Project Quick Start at /docs/current/yocto-project-qs/yocto-project-qs.html and check for the packages that must be installed on your build machine.The essential Yocto Project host packages are:$ sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath socat libsdl1.2-devThe i.MX layers’ host packages for the Ubuntu 12.04 (or 14.04) host setup are:$ sudo apt-get install libsdl1.2-dev xterm sed cvs subversion coreutils texi2html docbook-utils python-pysqlite2 help2man make gcc g++ desktop-file-utils libgl1-mesa-dev libglu1-mesa-dev mercurial autoconf automake groff curl lzop asciidocThe i.MX layers’ host packages for the Ubuntu 12.04 host setup are:$ sudo apt-get install uboot-mkimageThe i.MX layers’ host packages for the Ubuntu 14.04 host s etup are:$ sudo apt-get install u-boot-toolsThe configuration tool uses the default version of grep that is on your build machine. If there is a different version of grep in your path, it may cause the builds to fail. One workaround is to rename the special versi on to something not containing “grep”.3. Building Linux OS for SCM i.MX platforms3.1. Setting up the Repo utilityRepo is a tool built on top of GIT, which makes it easier to manage projects that contain multiple repositories that do not have to be on the same server. Repo complements the layered nature of the Yocto Project very well, making it easier for customers to add their own layers to the BSP.To install the Repo utility, perform these steps:1.Create a bin folder in the home directory.$ mkdir ~/bin (this step may not be needed if the bin folder already exists)$ curl /git-repo-downloads/repo > ~/bin/repo$ chmod a+x ~/bin/repo2.Add this line to the .bashrc file to ensure that the ~/bin folder is in your PATH variable:$ export PATH=~/bin:$PATH3.2. Installing Yocto Project layersAll the SCM-related changes are collected in the new meta-nxp-imx-scm layer, which is obtained through the Repo sync pointing to the corresponding scm-imx branch.Make sure that GIT is set up properly with these commands:$ git config --global "Your Name"$ git config --global user.email "Your Email"$ git config --listThe NXP Yocto Project BSP Release directory contains the sources directory, which contains the recipes used to build, one (or more) build directories, and a set of scripts used to set up the environment. The recipes used to build the project come from both the community and NXP. The Yocto Project layers are downloaded to the sources directory. This sets up the recipes that are used to build the project. The following code snippets show how to set up the SCM L4.1.15-2.0.0_ga Yocto environment for the SCM-i.MX 6 QWKS board and the evaluation board. In this example, a directory called fsl-arm-yocto-bsp is created for the project. Any name can be used instead of this.Building Linux OS for SCM i.MX platforms3.2.1. SCM-i.MX 6D/Q quick start board$ mkdir fsl-arm-yocto-bsp$ cd fsl-arm-yocto-bsp$ repo init -u git:///imx/fsl-arm-yocto-bsp.git -b imx-4.1-krogoth -m scm-imx-4.1.15-2.0.0.xml$ repo sync3.2.2. SCM-i.MX 6SoloX evaluation board$ mkdir my-evb_6sxscm-yocto-bsp$ cd my-evb_6sxscm-yocto-bsp$ repo init -u git:///imx/fsl-arm-yocto-bsp.git -b imx-4.1-krogoth -m scm-imx-4.1.15-2.0.0.xml$ repo sync3.3. Building the Yocto imageNote that the quick start board for SCM-i.MX 6D/Q and the evaluation board for SCM-i.MX 6SoloX are commercially available with a 1 GB LPDDR2 PoP memory configuration.This release supports the imx6dqscm-1gb-qwks, imx6dqscm-1gb-qwks-rev3, and imx6sxscm-1gb-evb. Set the machine configuration in MACHINE= in the following section.3.3.1. Choosing a machineChoose the machine configuration that matches your reference board.•imx6dqscm-1gb-qwks (QWKS board for SCM-i.MX 6DQ with 1 GB LPDDR2 PoP)•imx6dqscm-1gb-qwks-rev3 (QWKS board Rev C for SCM-i.MX 6DQ with 1GB LPDDR2 PoP) •imx6sxscm-1gb-evb (EVB for SCM-i.MX 6SX with 1 GB LPDDR2 PoP)3.4. Choosing a graphical back endBefore the setup, choose a graphical back end. The default is X11.Choose one of these graphical back ends:•X11•Wayland: using the Weston compositor•XWayland•FrameBufferSpecify the machine configuration for each graphical back end.The following are examples of building the Yocto image for each back end using the QWKS board for SCM-i.MX 6D/Q and the evaluation board for SCM-i.MX 6SoloX. Do not forget to replace the machine configuration with what matches your reference board.3.4.1. X11 image on QWKS board Rev C for SCM-i.MX 6D/Q$ DISTRO=fsl-imx-x11 imx6dqscm-1gb-qwks-rev3 source fsl-setup-release.sh -b build-x11$ bitbake fsl-image-gui3.4.2. FrameBuffer image on evaluation board for SCM-i.MX 6SX$ DISTRO=fsl-imx-fb MACHINE=imx6sxscm-1gb-evb source fsl-setup-release.sh –b build-fb-evb_6sxscm$ bitbake fsl-image-qt53.4.3. XWayland image on QWKS board for SCM-i.MX 6D/Q$ DISTRO=fsl-imx-xwayland MACHINE=imx6dqscm-1gb-qwks source fsl-setup-release.sh –b build-xwayland$ bitbake fsl-image-gui3.4.4. Wayland image on QWKS board for SCM-i.MX 6D/Q$ DISTRO=fsl-imx-wayland MACHINE=imx6dqscm-1gb-qwks source fsl-setup-release.sh -b build-wayland$ bitbake fsl-image-qt5The fsl-setup-release script installs the meta-fsl-bsp-release layer and configures theDISTRO_FEATURES required to choose the graphical back end. The –b parameter specifies the build directory target. In this build directory, the conf directory that contains the local.conf file is created from the setup where the MACHINE and DISTRO_FEATURES are set. The meta-fslbsp-release layer is added into the bblayer.conf file in the conf directory under the build directory specified by the –e parameter.4. Deploying the imageAfter the build is complete, the created image resides in the <build directory>/tmp/deploy/images directory. The image is (for the most part) specific to the machine set in the environment setup. Each image build creates the U-Boot, kernel, and image type based on the IMAGE_FSTYPES defined in the machine configuration file. Most machine configurations provide the SD card image (.sdcard), ext4, and tar.bz2. The ext4 is the root file system only. The .sdcard image contains the U-Boot, kernel, and rootfs, completely set up for use on an SD card.4.1. Flashing the SD card imageThe SD card image provides the full system to boot with the U-Boot and kernel. To flash the SD card image, run this command:$ sudo dd if=<image name>.sdcard of=/dev/sd<partition> bs=1M && syncFor more information about flashing, see “P reparing an SD/MMC Card to Boot” in the i.MX Linux User's Guide (document IMXLUG).Specifying displays4.2. MFGTool (Manufacturing Tool)MFGTool is one of the ways to place the image on a device. To download the manufacturing tool for the SCM-i.MX 6D/Q and for details on how to use it, download the SCM-i.MX 6 Manufacturing Toolkit for Linux 4.1.15-2.0.0 under the "Downloads" tab from /qwks-scm-imx6dq. Similarly, download the manufacturing tool for the SCM-i.MX 6SoloX evaluation board under the "Downloads" tab from /evb-scm-imx6sx.5. Specifying displaysSpecify the display information on the Linux OS boot command line. It is not dependent on the source of the Linux OS image. If nothing is specified for the display, the settings in the device tree are used. Find the specific parameters in the i.MX 6 Release Notes L4.1.15-2.0.0 (available at L4.1.15-2.0.0_LINUX_DOCS). The examples are shown in the following subsections. Interrupt the auto-boot and enter the following commands.5.1.1. Display options for QWKS board for SCM-i.MX 6D/QHDMI displayU-Boot > setenv mmcargs 'setenv bootargs console=${console},${baudrate} ${smp}root=${mmcroot} video=mxcfb0:dev=hdmi,1920x1080M@60,if=RGB24'U-Boot > run bootcmd5.1.2. Display options for EVB for SCM-i.MX 6SXNote that the SCM-i.MX 6SX EVB supports HDMI with a HDMI accessory card (MCIMXHDMICARD) that plugs into the LCD connector on the EVB.Accessory boards:•The LVDS connector pairs with the NXP MCIMX-LVDS1 LCD display board.•The LCD expansion connector (parallel, 24-bit) pairs with the NXP MCIMXHDMICARD adapter board.LVDS displayU-Boot > setenv mmcargs 'setenv bootargs console=${console},${baudrate} ${smp}root=${mmcroot} ${dmfc} video=mxcfb0:dev=ldb,1024x768M@60,if=RGB666 ldb=sep0'U-Boot > run bootcmdHDMI display (dual display for the HDMI as primary and the LVDS as secondary)U-Boot > setenv mmcargs 'setenv bootargs console=${console},${baudrate} ${smp}root=${mmcroot} video=mxcfb0:dev=hdmi,1920x1080M@60,if=RGB24video=mxcfb1:dev=ldb,LDBXGA,if=RGB666'U-Boot > run bootcmdLCD displayu-boot > setenv mmcargs 'setenv bootargs ${bootargs}root=${mmcroot} rootwait rw video=mxcfb0:dev=lcd,if=RGB565'u-boot> run bootcmd6. Reset and boot switch configuration6.1. Boot switch settings for QWKS SCM-i.MX 6D/QThere are two push-button switches on the QWKS-SCMIMX6DQ board. SW1 (SW3 for QWKS board Rev B) is the system reset that resets the PMIC. SW2 is the i.MX 6Dual/6Quad on/off button that is needed for Android.There are three boot options. The board can boot either from the internal SPI-NOR flash inside the SCM-i.MX6Dual/6Quad or from either of the two SD card slots. The following table shows the switch settings for the boot options.Table 1.Boot configuration switch settingsBoot from top SD slot (SD3)Boot from bottom SD slot (SD2)Boot from internal SPI NORDefault1.References6.2. Boot switch settings for EVB SCM-i.MX 6SoloXThis table shows the jumper configuration to boot the evaluation board from the SD card slot SD3.7. SCM uboot and kernel repositoriesThe kernel and uboot patches for both SCM-i.MX 6 QWKS board and evaluation board are integrated in specific git repositories. Below are the git repos for SCM-i.MX 6 uboot and kernel:uBoot repo: /git/cgit.cgi/imx/uboot-imx.gitSCM Branch: scm-imx_v2016.03_4.1.15_2.0.0_gakernel repo: /git/cgit.cgi/imx/linux-imx.gitSCM branch: scm-imx_4.1.15_2.0.0_ga8. References1.For details about setting up the Host and Yocto Project, see the NXP Yocto Project User’s Guide(document IMXLXYOCTOUG).2.For information about downloading images using U-Boot, see “Downloading images usingU-Boot” in the i.MX Linux User's Guide (document IMXLUG).3.For information about setting up the SD/MMC card, see “P reparing an SD/MMC card to boot” inthe i.MX Linux User's Guide (document IMXLUG).9. Revision historyDocument Number: SCMIMX6LRNUGRev. L4.1.15-2.0.0-ga04/2017How to Reach Us: Home Page: Web Support: /supportInformation in this document is provided solely to enable system and softwareimplementers to use NXP products. There are no express or implied copyright licenses granted hereunder to design or fabricate any integrated circuits based on the information in this document. NXP reserves the right to make changes without further notice to any products herein.NXP makes no warranty, representation, or guarantee regarding the suitability of its products for any particular purpose, nor does NXP assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation consequentia l or incidental damages. “Typical”parameters that may be provided in NXP data sheets and/or specifications can and do vary in different applications, and actual performance may vary over time. All operating parameters, including “typicals,” must be valida ted for each customer application by customer’s technical experts. NXP does not convey any license under its patent rights nor the rights of others. NXP sells products pursuant to standard terms and conditions of sale, which can be found at the following address: /SalesTermsandConditions .NXP, the NXP logo, NXP SECURE CONNECTIONS FOR A SMARTER WORLD, Freescale, and the Freescale logo are trademarks of NXP B.V. All other product or service names are the property of their respective owners.ARM, the ARM Powered logo, and Cortex are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. © 2017 NXP B.V.。

Supplier Name 供应商:Orig. Date 创建日期:Supplier DUNS Number 邓白氏号:Rev. Date 修订日期:Plant Location Country 工厂所在国家:GM Initiator GM 发起者:Part name 零件名:GM Initiating Plant GM 发起工厂:Part number 零件号:Provider 提供者:PRR Number PRR 号:PQE 第三方过程质量工程师:Problem description 问题描述:Default Items 默认项目Yes No X X X CS2 Specific Items 二级受控特殊项目Yes No X X X Other Items 其它项目Yes No XX X XX X XXXXXX Other GM Initiator Specific Items (please list) GM 发起者其他特殊要求（请列出）13) Corrective action report (other than PRR response)纠正措施报告（除了PRR 回复）14) Evidence of error proofing/error detection, if applicable 防错/探错装置的证据（若适用）1) Email requesting exit from CS2 (if marked "no", please specify method of communication)以邮件方式通知二级受控退出要求(若标注"NO",请注明其它沟通方式)5) Unless revised, the supplier's exit package will be based upon this document.除非要修订，供应商退出申请包应基于该文件。

mfrc522程序注释#include#include\#include\#include\#include#definemaxrlen18/*******rxmodereg预设为106kbit/s的通信速率******************//************************************************************************功能：寻卡*参数表明:req_code[in]:寻卡方式*0x52=寻感应区内所有符合14443a标准的卡*0x26=寻未进入休眠状态的卡*ptagtype[out]：卡片类型代码*0x4400=mifare_ultralight*0x0400=mifare_one(s50)*0x0200=mifare_one(s70)*0x0800 =mifare_pro(x)*0x4403=mifare_desfire*回到:顺利回到mi_ok***********************************************************************/charpc drequest(unsignedcharreq_code,unsignedchar*ptagtype){charstatus;unsignedintunlen;clearbitmask(status2reg,0x08);//清mfcrypto1on，就可以通过软件清零，该位用以命令crypto1的拨打情况，mfauthent（检验密钥）命令顺利继续执行后置1writerawrc(bitframingreg,0x07);//txlastbits([2-0])表示发送的最后一个字节7位发送//xtest=readrawrc(bitframingreg);//if(xtest==0x07)//{led_green=0;}//else{led_green=1;while(1){}}setbitmask(txcontrolreg,0x03);//txcontrolreg 低2位（tx2rfen和tx1rfen）置1，tx2和tx1管脚输出信号调制在13.56mhz的载波上//if(status==mi_ok)//{led_green=0;}//else{led_green=1;}if((status==mi_ok)&&(unlen==0x10))//发送成功并且接收16位数据{{status=mi_err;}returnstatus;}/***********************************************************************功能：严防冲撞*参数说明:psnr[out]:卡片序列号，4字节*返回:成功返回mi_ok**********************************************************************/charpcd anticoll(unsignedchar*psnr){charstatus;unsignedchari,snr_check=0;unsignedintunlen;clearbitmask(status2reg,0x08);//清mfcrypto1on，只能通过软件清零，该位用来指示crypto1的接通情况，mfauthent（验证密钥）命令成功执行后置1writerawrc(bitframingreg,0x00);//txlastbits([2-0])则表示传送的最后一个字节的所有位都传送clearbitmask(collreg,0x80);//高位置0，所有接收的位在冲突后清除if(status==mi_ok){for(i=0;i<4;i++){}setbitmask(collreg,0x80);//置1，回归正常returnstatus;}/***********************************************************************功能：选取卡片*参数说明:psnr[in]:卡片序列号，4字节*返回:成功返回mi_ok**********************************************************************/charpcd select(unsignedchar*psnr){charstatus;unsignedchari;unsignedintunlen;clearbitmask(status2reg,0x08);//清mfcrypto1on，就可以通过软件清零，该位用以命令crypto1的拨打情况，mfauthent（检验密钥）命令顺利继续执行后置1if((status==mi_ok)&&(unlen==0x18))//接收24位{status=mi_ok;}else{status=mi_err;}returnstatus;}/***********************************************************************功能：检验卡片密码*参数说明:auth_mode[in]:密码验证模式*0x60=验证a密钥*0x61=验证b密钥*addr[in]：块地址*pkey[in]：密码*psnr[in]：卡片序列号，4字节*回到:顺利回到mi_ok**********************************************************************/charpcd authstate(unsignedcharauth_mode,unsignedcharaddr,unsignedchar*pkey,unsignedchar*psnr){charstatus;unsignedintunlen;for(i=0;i<4;i++)/*源代码就是6，不晓得正不恰当*/returnstatus;}/***********************************************************************功能：加载m1卡一块数据*参数表明:addr[in]：块地址*pdata[out]：读出的数据，16字节*返回:成功返回mi_ok***********************************************************************/charpc dread(unsignedcharaddr,unsignedchar*pdata){charstatus;unsignedintunlen;for(i=0;i<16;i++){status=mi_err;}returnstatus;}/*********************************************************************功能：写下数据至m1卡一块*参数表明:addr[in]：块地址*pdata[in]：写入的数据，16字节*返回:成功返回mi_ok********************************************************************/charpcdwr ite(unsignedcharaddr,unsignedchar*pdata){charstatus;unsignedintunlen;{status=mi_err;}。

Application ReportSPRA958H – September 2008 Running an Application from Internal Flash Memory on theTMS320F28xxx DSP David M. Alter DSP Applications - Semiconductor GroupABSTRACTSeveral special requirements exist for running an application from on-chip flash memoryon the TMS320F28xxx DSP. These requirements generally do not manifest themselvesduring development in RAM since the Code Composer Studio™ debugger can maskproblems associated with initialized sections and how they are linked to memory. Thisapplication report covers the requirements needed to properly configure applicationsoftware for execution from on-chip flash memory. Requirements for both DSP/BIOS™and non-DSP/BIOS projects are presented. Some performance considerations andtechniques are also discussed. Example code projects are included that run from on-chipflash on the eZdspF2812™, eZdspF2808, and eZdspF28335 development boards. Codeexamples that run from internal RAM are also provided for completeness. These codeexamples provide a starting point for code development, if desired.Project collateral and source code discussed in this application report can be downloadedfrom the following URL: /sc/techlit/spra958.zip.Note that the issues discussed in this application report apply directly to current membersof the TMS320F28xxx DSP family, specifically: F2810, F2811, F2812, F2801, F2801-60,F2802, F2802-60, F2806, F2808, F2809, F28015, F28016, F28044, F28232, F28234,F28235, F28332, F28334, and F28335 devices. Applicability to future devices in theTMS320F28xxx family, although quite likely, is not guaranteed. In addition, the code andtechniques presented in this application report for DSP/BIOS projects were developed onCode Composer Studio v3.3.81.5 using C-compiler v5.1.0 and DSP/BIOS v5.33. It isalways suggested that the reader upgrade to the latest version. However, keep in mindthat future versions of DSP/BIOS may have differences that make some of the itemsdiscussed in this report unnecessary (although in all likelihood backwards compatibility willbe maintained, so that the techniques discussed here should still work).Finally, this application report does not provide a tutorial on writing and building code forthe F28xxx DSP. It is assumed that the reader already has at least the main framework oftheir application code running from RAM, probably using the Code Composer Studiodebugger to perform the code download. This report only identifies the special items thatmust be considered when moving the application into on-chip flash memory.Code Composer Studio and DSP/BIOS are trademarks of Texas Instruments.eZdsp is a trademark of Spectrum Digital Incorporated.Trademarks are the property of their respective owners.1SPRA958HContents1Introduction (3)2Creating a User Linker Command File (3)2.1Non-DSP/BIOS Projects (3)2.2DSP/BIOS Projects (4)3Where to Link the Sections (4)3.1Non-DSP/BIOS Projects (5)3.2DSP/BIOS Projects (7)4Copying Sections from Flash to RAM (9)4.1Copying the Interrupt Vectors (non-DSP/BIOS projects only) (9)4.2Copying the .hwi_vec Section (DSP/BIOS projects only) (10)4.3Copying the .trcdata Section (DSP/BIOS projects only) (10)4.4Initializing the Flash Control Registers (DSP/BIOS and non-DSP/BIOS projects) (12)4.5Maximizing Performance by Executing Time-critical Functions from RAM (14)4.6Maximizing Performance by Linking Critical Global Constants to RAM (15)4.6.1Method 1: Running All Constant Arrays from RAM (15)4.6.2Method 2: Running a Specific Constant Array from RAM (18)5Programming the Code Security Module Passwords (19)6Executing Your Code from Flash after a DSP Reset (23)7Disabling the Watchdog Timer During C-Environment Boot (25)8C-Code Examples (27)8.1General Overview (27)8.2Directory Structure and File Utilizations (28)8.3Additional Information (35)References (38)Revision History (39)FiguresFigure 1.Specifying the User Init Function in the DSP/BIOS Configuration tool (11)Figure 2.Specifying the Link Order In Code Composer Studio (17)Figure 3.DSP/BIOS MEM Properties for CSM Password Locations (22)Figure 4.DSP/BIOS MEM Properties for CSM Reserved Locations (22)Figure 5.DSP/BIOS MEM Properties for Jump to Flash Entry Point (24)TablesTable 1.Section Linking in Non-DSP/BIOS Projects (Large memory model) (6)Table 2.Section Linking In DSP/BIOS Projects (Large Memory Model) (7)Table 3.Example Code File Directories (28)Table 4.F2812 Example Code File Inventory and Utilization (29)Table 5.F2808 Example Code File Inventory and Utilization (31)Table 6.F28335 Example Code File Inventory and Utilization (33)2Running an Application from Internal Flash Memory on the TMS320F28xxx DSPSPRA958H1 IntroductionThe TMS320F28xxx DSP family has been designed for standalone operation in embeddedcontroller applications. The on-chip flash usually eliminates the need for external non-volatilememory and a host processor from which to bootload. Configuring an application to run fromflash memory is a relatively easy matter provided that one follow a few simple steps. This report covers the major concerns and steps needed to properly configure application software forexecution from internal flash memory. Requirements for both DSP/BIOS and non-DSP/BIOSprojects are presented. Some performance considerations and techniques are also discussed.Note that the issues discussed in this application report apply directly to current membersof the TMS320F28xxx DSP family. The term F28xxx here, and throughout the remainderof this document, refers specifically to the F2810, F2811, F2812, F2801, F2801-60,F2802, F2802-60, F2806, F2808, F2809, F28015, F28016, F28044, F28232, F28234,F28235, F28332, F28334, and F28335 devices. Applicability to future devices in theTMS320F28xxx family, although quite likely, is not guaranteed. In addition, the code andtechniques presented in this application report for DSP/BIOS projects were developed onCode Composer Studio v3.3.81.5 using C-compiler v5.1.0 and DSP/BIOS v5.33. It isalways suggested that the reader upgrade to the latest version. However, keep in mindthat future versions of DSP/BIOS may have differences that make some of the itemsdiscussed in this report unnecessary (although in all likelihood backwards compatibility willbe maintained, so that the techniques discussed here should still work).Finally, this application report does not provide a tutorial on writing and building code for theF28xx DSP. It is assumed that the reader already has at least the main framework of theirapplication code running from RAM, probably using the CCS debugger to perform the codedownload. This report only identifies the special items that must be considered when moving the application into on-chip flash memory.2 Creating a User Linker Command File2.1 Non-DSP/BIOS ProjectsIn non-DSP/BIOS applications, the user linker command file will be where most memory isdefined, and where the linking of most sections is specified. The format of this file is no different than the linker command file you are currently using to run your application from RAM. Thedifference will be in where you link the sections (to be discussed in Section 3). More information on linker command files can be found in reference [9]. The non-DSP/BIOS code projects thataccompany this application report contain linker command files that can be used for reference.The DSP281x, DSP280x, DSP2804x, and DSP2833x peripheral header files contain linkercommand files named DSP281x_Headers_nonBIOS.cmd, DSP280x_Headers_nonBIOS.cmd, DSP2804x_Headers_nonBIOS.cmd, and DSP2833x_Headers_nonBIOS.cmd respectively (see references [15-18]). These files contains linker MEMORY and SECTIONS declarations forlinking the peripheral register structures. Simply add the appropriate one of these linkercommand files to your code project in addition to your user linker command file.Running an Application from Internal Flash Memory on the TMS320F28xxx DSP 3SPRA958HIn general, the order of the linker command files is unimportant since during a project build, CCS evaluates the MEMORY section of every linker command file before evaluating the SECTIONS section of any linker command file. This ensures that all memories are defined before linkingany sections to those memories. However, advanced users may need manual control over the order of linker command file evaluation in some rare situations. This can be specified withinCCS on the Project → Build_Options, Link_Order tab.2.2 DSP/BIOS ProjectsThe DSP/BIOS configuration tool generates a linker command file that specifies how to link all DSP/BIOS generated sections, and by default all C-compiler generated sections. When running your application from RAM, this linker command file may be the only one in use. However, when executing from flash memory, there will likely be a need to generate and link one or more user defined sections. In particular, any code that configures the on-chip flash control registers (e.g.flash wait-states) cannot execute from flash. In addition, one may want to run certain timecritical functions from RAM (instead of flash) to maximize performance. A user linker command file must be created to handle these user defined sections.CCS supports having more than one linker command file in a project. Hence, all one needs to do is add both the user linker command file, as well as the DSP/BIOS generated linkercommand file, to their project. In general, the order of the linker command files is unimportant since during a project build, CCS evaluates the MEMORY section of every linker command file before evaluating the SECTIONS section of any linker command file. This ensures that allmemories are defined before linking any sections to those memories. However, advanced users may need manual control over the order of linker command file evaluation in some raresituations (for example, to preempt and override DSP/BIOS linkage of a section). This can be specified within CCS on the Project → Build_Options, Link_Order tab.The DSP281x, DSP280x, DSP2804x, and DSP2833x peripheral header files contain linkercommand files named DSP281x_Headers_nonBIOS.cmd, DSP280x_Headers_nonBIOS.cmd, DSP2804x_Headers_nonBIOS.cmd, and DSP2833x_Headers_nonBIOS.cmd respectively (see references [15-18]). These file contains linker MEMORY and SECTIONS declarations for linking the peripheral register structures. Simply add the appropriate one of these linker command files to your code project as well.3 Where to Link the SectionsTwo basic section types exist: initialized, and uninitialized. Initialized sections must contain valid values at device power-up. For example, code and constants are found in initialized sections.When designing a stand-alone embedded system with the F28xxx DSP (e.g., no emulator ordebugger in use, no host processor present to perform bootloading), all initialized sections must be linked to non-volatile memory (e.g., on-chip flash). An uninitialized section does not contain valid values at device power-up. For example, variables are found in uninitialized sections.Code will write values to the variable locations during code execution. Therefore, uninitialized sections must be linked to volatile memory (e.g., RAM).4Running an Application from Internal Flash Memory on the TMS320F28xxx DSPSPRA958H It is suggested that the -w linker option be invoked. The -w option will produce a warning if the linker encounters any sections in your project that have not been explicitly specified for linking ina linker command file. When the linker encounters an unspecified section, it uses a defaultallocation algorithm to link the section into memory (it will link the section to the first definedmemory with enough available free space). This is almost always risky, and can lead tounreliable and unpredictable code behavior. The -w option will identify any unspecified sections(e.g., those accidentally forgotten by the user) so that the user can make the necessary additionto the appropriate linker command file. The -w option can be selected in CCS on the Project →Build_Options menu, Linker tab, select the Advanced category, and then check the -w optionbox. It is checked by default for new projects.CAUTION:It is important that the large memory model be used with the C-compiler (asopposed to the small memory model). Small memory model requires certaininitialized sections to be linked to non-volatile memory in the lower 64Kw ofaddressable space. However, no flash memory is present in this region on anyF28xxx devices, and this will likely be true for future F28xxx devices as well.Therefore, large memory model should be used. In Code Composer Studio, thelarge memory model is on the Project → Build_Options menu. Select theCompiler tab, choose the Advanced category, and check the -ml option box. Fornon-DSP/BIOS projects, one should include the large memory model C-compilerruntime support library into their code project. For the fixed-point devices, thisis library rts2800_ml.lib (as opposed to rts2800.lib, which is for the smallmemory model). For the floating-point devices, this is file rts2800_fpu32.lib forplain C code, or rts2800_fpu32_eh.lib for C++ code (there are no small memorymodel libraries for the floating-point devices). For DSP/BIOS projects,DSP/BIOS will take care of including the required library. The user should notinclude any runtime support library in a DSP/BIOS project.3.1 Non-DSP/BIOS ProjectsThe compiler uses a number of specific sections. These sections are the same whether you are running from RAM or flash. However, when running a program from flash, all initialized sections must be linked to non-volatile memory, whereas all uninitialized sections must be linked tovolatile memory. Table 1 shows where to link each compiler generated section on the F28xxx DSP. Information on the function of each section can be found in reference [5]. Any usercreated initialized section should be linked to flash (e.g., those sections created using theCODE_SECTION compiler pragma), whereas any user created uninitialized sections should be linked to RAM (e.g., those sections created using the DATA_SECTION compiler pragma).Running an Application from Internal Flash Memory on the TMS320F28xxx DSP 5SPRA958H6 Running an Application from Internal Flash Memory on the TMS320F28xxx DSPTable 1. Section Linking in Non-DSP/BIOS Projects (Large memory model) Section Name Where to Link.cinit Flash.cio RAM.const Flash.econst Flash.pinit Flash.switch Flash.text Flash .bss RAM.ebss RAM .stack Lower 64Kw RAM.sysmem RAM.esysmem RAM.reset RAM 1Table 1 Notes:1The .reset section contains nothing more than a 32-bit interrupt vector that points to theC-compiler boot function in the runtime support library (the _c_int00 routine). It generally is not used. Instead, the user typically creates their own branch instruction to point to the starting point of the code (see Sections 6 and 7). When not in use, the .reset section should be omitted from the code build by using a DSECT modifier in the linker command file. For example:/********************************************************************* User's linker command file********************************************************************/SECTIONS{.reset : > FLASH, PAGE = 0, TYPE = DSECT}SPRA958HRunning an Application from Internal Flash Memory on the TMS320F28xxx DSP 73.2 DSP/BIOS ProjectsThe memory section manager in the DSP/BIOS configuration tool allows one to specify where to link the various DSP/BIOS and C-compiler generated sections. Table 2 indicates where the sections shown on each tab of the memory section manager should be linked (i.e., RAM or FLASH). Note that this information has been tabulated specifically for DSP/BIOS v5.33. Later versions of DSP/BIOS, although quite likely to be the same, may have some differences. The reader should check the version they are using and simply be aware of potential differences while proceeding. To check your DSP/BIOS version from within CCS, go to the Help → About menu, click the Component_Manager button, and view the TMS320C28XX DSP/BIOS version under the Target_Content_(DSP/BIOS) tree.Table 2. Section Linking In DSP/BIOS Projects (Large Memory Model) Memory Section Manager TAB Section NameWhere to Link Segment for DSP/BIOS ObjectsRAM General Segment for malloc()/free()RAM Argument Buffer Section (.args)RAM Stack Section (.stack)Lower 64Kw RAM DSP/BIOS Init Tables (.gblinit)Flash TRC Initial Values (.trcdata)RAM 1 DSP/BIOS Kernel State (.sysdata)RAM BIOS Data DSP/BIOS Conf Sections (*.obj)RAM BIOS Code Section (.bios)Flash Startup Code Section (.sysinit)Flash Function Stub Memory (.hwi)Flash Interrupt Service Table Memory (.hwi_vec)PIEVECT RAM 2 BIOS Code RTDX Text Segment (.rtdx_text)Flash Text Section (.text)Flash Switch Jump Tables (.switch) Flash C Variables Section (.bss) RAM C Variables Section (.ebss) RAM Data Initialization Section (.cinit)FlashCompiler Sections C Function Initialization Table (.pinit) FlashSPRA958H8 Running an Application from Internal Flash Memory on the TMS320F28xxx DSP Constant Section (.econst)Flash Constant Section (.const)Flash Data Section (.data)Flash Data Section (.cio)RAM Load Address - BIOS Code Section (.bios)Flash 3 Load Address - Startup Code Section (.sysinit)Flash 3 Load Address - DSP/BIOS Init Tables (.gblinit)Flash 3 Load Address - TRC Initial Value (.trcdata)Flash 1 Load Address - Text Section (.text)Flash 3 Load Address - Switch Jump Tables (.switch)Flash 3 Load Address - Data Initialization Section (.cinit)Flash 3 Load Address - C Function Initialization Table (.pinit)Flash 3 Load Address - Constant Section (.econst)Flash 3 Load Address - Constant Section (.const)Flash 3 Load Address - Data Section (.data)Flash 3 Load Address - Function Stub Memory (.hwi)Flash 3 Load Address - Interrupt Service Table Memory (.hwi_vec)Flash 2 Load Address Load Address - RTDX Text Segment (.rtdx_text) Flash 3Table 2 Notes:1 The .trcdata section must be copied by the user from its load address (specified on theLoad_Address tab) to its run address (specified on the BIOS_Data tab) at runtime. See Section4.3 for details on performing this copy.2 The PIEVECT RAM is a specific block of RAM associated with the Peripheral InterruptExpansion (PIE) peripheral. On current F28xxx devices, the PIE RAM is a 256x16 block starting at address 0x000D00 in data space. For other devices, confirm the address in the device datasheet. The memory section manager in the DSP/BIOS configuration tool should already have a pre-defined memory named PIEVECT. The .hwi_vec section must be copied by the user from its load address (specified on the memory section manager Load_Address Tab) to its run address (specified on the memory section manager BIOS_Code Tab) at runtime. See Section4.2 for details on performing this copy.3The specific flash memory selected as the load address for this section should be the same flash memory selected previously as the run address for the section (e.g., on the BIOS_Data, BIOS_Code, or Compiler_Sections tab).SPRA958H 4 Copying Sections from Flash to RAM4.1 Copying the Interrupt Vectors (non-DSP/BIOS projects only)The Peripheral Interrupt Expansion (PIE) module manages interrupt requests on F28xxxdevices. At power-up, all interrupt vectors must be located in non-volatile memory (i.e., flash), but copied to the PIEVECT RAM as part of the device initialization procedure in your code. The PIEVECT RAM is a specific block of RAM, which on current F28xxx devices is a 256x16 block starting at address 0x000D00 in data space.Several approaches exist for linking the interrupt vectors to flash and then copying them to the PIEVECT RAM at runtime. One approach is to create a constant C-structure of function pointers that contains all 128 32-bit vectors. If using the DSP28xx peripheral structures (see references [15-18]), such a structure, called PieVectTableInit, has already been created in thecorresponding file DSP28xxx_PieVect.c. Since this structure is declared using the const typequalifier, it will be placed in the .econst section by the compiler. One simply needs to copy this structure to the PIEVECT RAM at runtime. The C-compiler runtime support library contains amemory copy function called memcpy() that can be used to perform the copy task. Thisfunction is used as follows:/********************************************************************* User's C-source file********************************************************************//********************************************************************* NOTE: This function assumes use of the DSP28xxx Peripheral Header* File structures (see References [15-18]).********************************************************************/#include <string.h>void main(void){/*** Initialize the PIE_RAM ***/PieCtrlRegs.PIECTRL.bit.ENPIE = 0; // Disable the PIEasm(" EALLOW"); // Enable EALLOW protected register access memcpy((void *)0x000D00, &PieVectTableInit, 256);asm(" EDIS"); // Disable EALLOW protected register access }The above example uses a hard coded address for the start of the PIE RAM, specifically0x000D00. If this is objectionable (as hard coded addresses are not good programmingpractice), one can use a DATA_SECTION pragma to create an uninitialized dummy variable,and link this variable to the PIE RAM. The name of the dummy variable can then be used inplace of the hard coded address. For example, when using any of the DSP28xxx deviceperipheral structures, an uninitialized structure called PieVectTable is created and linked overthe PIEVECT RAM. The memcpy() instruction in the previous example can be replaced by:memcpy(&PieVectTable, &PieVectTableInit, 256);Note that the length is 256. The memcpy function copies 16-bit words (as opposed to copying 128 32-bit words).Running an Application from Internal Flash Memory on the TMS320F28xxx DSP 9SPRA958H4.2 Copying the .hwi_vec Section (DSP/BIOS projects only)The DSP/BIOS .hwi_vec section contains the interrupt vectors, and must be loaded to flash but run from RAM. The user is responsible for copying this section from its load address to its run address. This is typically done in main(). The DSP/BIOS configuration tool generates globalsymbols that can be accessed by code in order to determine the load address, run address, and length of the .hwi_vec section. These symbol names are:hwi_vec_loadstarthwi_vec_loadendhwi_vec_runstartEach symbol is self-explanatory from its name. Note that the symbols are not pointers, butrather symbolically reference the 16-bit data value found at the corresponding location (i.e., start or end) of the section. The C-compiler runtime support library contains a memory copy function called memcpy() that can be used to perform the copy task. A C-code example of how to use this function to perform the section copy follows. Note that the PIEVECT RAM is EALLOWprotected. Therefore, inline EALLOW and EDIS assembly instructions must bracket the memory copy of the .hwi_vec section, as shown./********************************************************************* User's C-source file********************************************************************/#include <string.h>extern unsigned int hwi_vec_loadstart;extern unsigned int hwi_vec_loadend;extern unsigned int hwi_vec_runstart;void main(void){/*** Initialize the .hwi_vec section ***/asm(" EALLOW"); /* Enable EALLOW protected register access */ memcpy(&hwi_vec_runstart,&hwi_vec_loadstart,&hwi_vec_loadend - &hwi_vec_loadstart);asm(" EDIS"); /* Disable EALLOW protected register access */ }4.3 Copying the .trcdata Section (DSP/BIOS projects only)The DSP/BIOS .trcdata sections must be loaded to flash, but run from RAM. The user isresponsible for copying this section from its load address to its run address. However, unlike the .hwi_vec section, the copying of .trcdata must be performed prior to main(). This is becauseDSP/BIOS modifies the contents of .trcdata during DSP/BIOS initialization (which also occurs prior to main()).10Running an Application from Internal Flash Memory on the TMS320F28xxx DSPThe DSP/BIOS configuration tool provides for a user initialization function which can be utilized to perform the .trcdata section copy prior to both main() and DSP/BIOS initialization. This can be found in the project configuration file under System - Global Settings Properties, as shown in Figure 1.Figure 1. Specifying the User Init Function in the DSP/BIOS Configuration toolWhat remains is to create the user initialization function. The DSP/BIOS configuration toolgenerates global symbols that can be accessed by code in order to determine the load address, run address, and length of each section. These symbol names are:trcdata_loadstarttrcdata_loadend trcdata_runstartEach symbol is self-explanatory from its name. Note that the symbols are not pointers, butrather symbolically reference the 16-bit data value found at the corresponding location (i.e., start or end) of the section. The C-compiler runtime support library contains a memory copy function called memcpy() that can be used to perform the copy task. A C-code example of a user init function that performs the .trcdatasection copy follows. Check this box Enter yourfunction namehere (note theleading underscore)/********************************************************************* User's C-source file********************************************************************/#include <string.h>extern unsigned int trcdata_loadstart;extern unsigned int trcdata_loadend;extern unsigned int trcdata_runstart;void UserInit(void){/*** Initialize the .trcdata section before main() ***/memcpy(&trcdata_runstart,&trcdata_loadstart,&trcdata_loadend - &trcdata_loadstart);}4.4 Initializing the Flash Control Registers (DSP/BIOS and non-DSP/BIOS projects)The initialization code for the flash control registers, FOPT, FPWR, FSTDBYWAIT,FACTIVEWAIT, FBANKWAIT, and FOTPWAIT, cannot be executed from the flash memory or unpredictable results may occur. Therefore, the initialization function for the flash controlregisters must be copied from flash (its load address) to RAM (its run address) at runtime.CAUTION:The flash control registers are protected by the Code Security Module (CSM). Ifthe CSM is secured, you must run the flash register initialization code from CSMsecured RAM (e.g. L0 through L3 SARAM, see the device data sheet for yourspecific device) or the initialization code will be unable to access the flashregisters. Note that the CSM is always secured at device reset, although theROM bootloader will unlock it if you are using dummy passwords of 0xFFFF.The CODE_SECTION pragma of the C compiler can be used to create a separately linkable section for the flash initialization function. For example, suppose the flash register configuration is to be performed in the C function InitFlash(), and it is desired to place this function into alinkable section called secureRamFuncs. The following C-code example shows proper use of the CODE_SECTION pragma along with an example configuration of the flash registers:。

1产品概述●本品是4.2英寸电子墨水屏模块，分辨率为400x300，带有内部控制器，使用SPI 接口通信。

●具有耗低、视角宽、阳光直射下仍可清晰显示等优点，常用于货架标签、工业仪表等显示应用。

特点● 无需背光，断电可长时间保持最后一屏的显示内容 ● 功耗非常低，基本只在刷新时耗电● SPI 控制接口，可接入Raspberry /Arduino/Nucleo 等主控板 ●提供完善的配套资料手册(Raspberry/Arduino/STM32等示例程序)产品参数工作电压： 3.3V通信接口：3-wire SPI、4-wire SPI外形尺寸：90.1mm × 77.0mm × 1.18mm显示尺寸：84.8mm × 63.6mm点距：0.212 × 0.212分辨率：400 × 300显示颜色：黑、白灰度等级： 2刷新功耗：26.4mW(typ.)待机功耗：<0.017mW可视角度：>170°接口说明VCC： 3.3VGND：GNDDIN：SPI通信MOSI引脚CLK：SPI通信SCK引脚CS：SPI片选引脚（低电平有效）DC：数据/命令控制引脚（高电平表示数据，低电平表示命令）RST：外部复位引脚（低电平复位）BUSY：忙状态输出引脚（低电平表示忙）23工作原理 器件介绍本产品使用的电子纸采用“微胶囊电泳显示”技术进行图像显示，其基本原理是悬浮在液体中的带电纳米粒子受到电场作用而产生迁移。

电子纸显示屏是靠反射环境光来显示图案的，不需要背光，即使是在阳光底下，电子纸显示屏依然清晰可视，可视角度几乎达到了180°。

因此，电子纸显示屏非常适合阅读。

通信协议CS 用于从机片选。

仅当CS 为低电平时，模块才会工作。

DC 用于模块的数据/命令控制。

当DC 为低电平时，接收到的数据会被当做指令执行。

SCLK 用于SPI 通信时钟。

Linux命令高级技巧使用ipcs和ipcrm管理共享内存和信号量Linux命令高级技巧：使用ipcs和ipcrm管理共享内存和信号量在Linux操作系统中，共享内存和信号量是进程间通信的重要手段。

使用ipcs和ipcrm命令可以对共享内存和信号量进行管理和操作。

本文将介绍如何使用ipcs和ipcrm命令来高效管理共享内存和信号量。

一、共享内存介绍及管理共享内存是进程之间共享数据的一种方式，提高了进程间数据交换的效率。

在Linux中，使用ipcs命令可以查看当前系统中存在的共享内存情况。

```bash$ ipcs -m```上述命令将列出所有共享内存的相关信息，包括共享内存的标识符、大小、进程ID等。

通过查看这些信息，我们可以了解当前系统的共享内存使用情况。

接下来，我们可以使用ipcrm命令来删除无用的共享内存。

```bash$ ipcrm -m <共享内存标识符>```上述命令将删除指定标识符的共享内存。

需要注意的是，只有创建该共享内存的进程或具有足够权限的用户才能删除共享内存。

二、信号量介绍及管理信号量是用来协调多个进程之间对共享资源的访问的一种机制。

在Linux中，使用ipcs命令可以查看当前系统中存在的信号量。

```bash$ ipcs -s```上述命令将列出所有信号量的相关信息，包括信号量的标识符、当前值、进程ID等。

通过查看这些信息，我们可以了解当前系统的信号量使用情况。

与共享内存类似，我们可以使用ipcrm命令来删除无用的信号量。

```bash$ ipcrm -s <信号量标识符>```上述命令将删除指定标识符的信号量。

同样需要注意的是，只有创建该信号量的进程或具有足够权限的用户才能删除信号量。

三、使用案例下面以一个实际的使用案例来说明如何使用ipcs和ipcrm命令进行共享内存和信号量的管理。

假设我们有两个进程A和B，需要使用共享内存和信号量进行数据交换和同步。

AT88CK101 Atmel CryptoAuthentication Development KitHARDWARE USER GUIDEAtmel CryptoAuthentication AT88CK101 DaughterboardAtmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_112015AT88CK101 Development Kit [HARDWARE USER GUIDE] Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_11201522IntroductionThe Atmel ®CryptoAuthentication™ AT88CK101 is a daughterboard that interfaces with a MCU board via a 10-pin header. The daughterboard has a single 8-pin SOIC socket which can support the AtmelATSHA204A, ATAES132A, ATECC108A, and ATECC508A crypto element devices. The daughter board comes in two different variations with a socket that supports either an 8-lead SOIC or an 8-leadUDFN/XDFN. This kit uses a modular approach, enabling the daughterboard to connect directly to an STKseries Atmel AVR ® or Atmel ARM ®development platform to easily add security to applications. An optional adapter kit is also available when the 10-pin header on the daughterboard is incompatible. The AT88CK101provides a test point header for the I 2C, SWI, and SPI signals. The AT88CK101 is sold with the Atmel AT88Microbase module to form the Atmel AT88CK101-XXX Starter Kit. The AT88Microbase AVR-based base board comes with a USB interface that lets designers learn and experiment on their PCs.Contents∙ Atmel AT88CK101 DaughterboardFeatures∙ 8-lead SOIC and UDFN/XDFN Socket∙ Supports the ATSHA204A, ATAES132A, ATECC108A, and ATECC508A Devices ∙Supports Communication Protocols: – I 2C– SWI (Single-Wire Interface) – SPI ∙ Power LED ∙Test Points HeaderFigure 1.AT88CK101 DaughterboardPin 1 Indicator HeaderStandoff HoleStandoff HoleProtocolTable of ContentsAT88CK101 Starter Kit (4)Development Kit Configuration (5)10-pin Interface Header (5)6-pin Test Header (5)Supports 8-lead SOIC and SPI Interfaces (5)Configurations (6)References and Further Information (7)Revision History (8)AT88CK101 Development Kit [HARDWARE USER GUIDE]Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_1120153 3AT88CK101 Development Kit [HARDWARE USER GUIDE] Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_11201544AT88CK101 Starter KitThe AT88CK101 is sold with the Atmel AT88Microbase module to form the AT88CK101-XXX Starter Kit. For additional information on the AT88Microbase, refer to the Atmel AT88Microbase Hardware User Guide .Figure 2.AT88CK101STK8 Starter KitFigure 3.AT88CK101 Daughterboard with AT88MicrobaseAT88CK101 Development Kit [HARDWARE USER GUIDE]Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_11201555 Development Kit Configuration10-pin Interface HeaderTable 1-1. 10-pin Interface Header (1)(2)Notes: 1. I C Pins:SCL, SDA2. SPI Pins:/CS, SCLK, MOSI, MISO6-pin Test HeaderTable 1-2.6-pin Test HeaderSupports 8-lead SOIC and SPI InterfacesThe AT88CK101 supports 8-lead SOIC and SPI Interfaces with the following pinout configuration.Figure 4.Pinout ConfigurationsNote:Drawings are not to scale.Top View 8-lead SOICNC NC NC NCV CC NC SCL SDA12348765Top View8-lead SOIC/CS SO NC GNDV CC NC SCK SI12348765ConfigurationsThe below table describes the how to configure the AT88CK101 with respect to the AT88Microbase and the STK/EVK development platforms.Table 1. AT88CK101STK8 Starter Kit Configuration GuideNote: X = Don’t CareFigure 5. AT88CK101 Adapter Board Mounted to STK600AT88CK101 Development Kit [HARDWARE USER GUIDE]Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_11201566Figure 6. Atmel AT88CK301ADP Adapter KitTable 2. 10-pin Squid CableReferences and Further InformationSchematics, Gerber files, Bill Of Materials (BOM), development and demonstration software is conveniently downloadable from the Atmel website at /cryptokits.ATMEL EVALUATION BOARD/KIT IMPORTANT NOTICE AND DISCLAIMERThis evaluation board/kit is intended for user's internal development and evaluation purposes only. It is not a finished product and may not comply with technical or legal requirements that are applicable to finished products, including, without limitation, directives or regulations relating to electromagnetic compatibility, recycling (WEEE), FCC, CE or UL. Atmel is providing this evaluation board/kit “AS IS” without any warranties or indemnities. The user assumes all responsibility and liability for handling and use of the evaluation board/kit including, without limitation, the responsibility to take any and all appropriate precautions with regard to electrostatic discharge and other technical issues. User indemnifies Atmel from any claim arising from user's handling or use of this evaluation board/kit. Except for the limited purpose of internal development and evaluation as specified above, no license, express or implied, by estoppel or otherwise, to any Atmel intellectual property right is granted hereunder. ATMEL SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMGES RELATING TO USE OF THIS EVALUATION BOARD/KIT.ATMEL CORPORATION1600 Technology DriveSan Jose, CA 95110USAAT88CK101 Development Kit [HARDWARE USER GUIDE]Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_1120157 7AT88CK101 Development Kit [HARDWARE USER GUIDE] Atmel-8726A-CryptoAuth-AT88CK101-Hardware-UserGuide_11201588Revision History。

Additional 72xx/73xx-specific pages for the GenComm protocol by Deep Sea Electronics PlcAuthor: G. MiddletonVersion: 1.02 draft (in progress)Revision data: 11/10/2008 – by P.ColquhounFilename: 72xx-73xx Gencomm pt 2.DOCTable of contents1.General requirements 22.Page 140 – Required File Versions 23.Page 141 – Module Information 34.Page 142 – ECU Trouble Codes 45.Page 150 – Named Alarm Identifiers 56.Page 151 – State Machine String Identifier 67.Page 152 – User calibration of expansion module analogue inputs 78.Page 153 – Unnamed alarm conditions 89.Page 154 – Named Alarm Conditions 1010.Page 156 – Expansion module enable status 1211.Page 158 – Expansion module communications status 1312.Page 160 – Unnamed input function 1413.Page 170 – Unnamed input status 1514.Page 171 – Unnamed input status (contd) 1715.Page 180 – Unnamed output sources & polarities 1916.Page 181 – Unnamed output sources & polarities (contd) 2117.Page 190 – Unnamed output status 2218.Page 200-231 – Unnamed alarm strings 2419.Page 240-245 – Analogue Input Name Strings 2520.Page 250 – Misc strings 25Change historyChanges from Version 1.01 to 1.02Section 20: Added LED insert cards strings1.IntroductionThe purpose of this document is to define how the P55xx products use the manufacturer specific registers in the GenComm protocol. In some cases reference is also made to the 55x series for comparison, but it should not be assumed that any item is available on the 55x unless specifically stated.2.General requirementsNotesmunication is compliant with the GenComm protocol2.Manufacturer specific GenComm registers are used to configure, calibrate and administer the P55x products.3.Page 140 – Required File VersionsThis is implemented for 72xx/73xx modules and indicates to the PC software what versions the different interfaces required by the module are.This is implemented for 72xx/73xx modules and indicates to the PC software what versions the different interfaces supported by the module are.Note that all major/minor version information is intended to be read as bits 16:9 as major version, 8:1 as minor version.Notes:1.Reading register 0 effectively latches a copy of the trouble code list at that time and so allows the list to be read without risk ofthe contents changing until register 0 is re-read. This also applies to reading the short descriptive strings for the trouble codes (see following pages), so that the list of trouble codes can be read in one or more sections and then the associated strings read as needed. To see any updates to the list, the PC needs to re-read register 0 and so latch the list once more.6.Page 150 – Named Alarm IdentifiersThis is implemented for 72xx/73xx modules and indicates to the PC software what string is to be used for the named alarm (which is the register address into the page).7.Page 151 – State Machine String IdentifierThis is implemented for 72xx/73xx modules and indicates to the PC software what string IDs the different state machines require to be displayed on the SCADA mimic.8.Page 152 – User calibration of expansion module analogue inputsThis is only applicable for 73xx modules at present and provides a similar interface to page 132 but allows for the much larger number of analogue inputs requiring user calibration for the 73xx modules.9.Page 153 – Unnamed alarm conditionsThis is implemented for 72xx/73xx modules and indicates to the PC the current condition/status of all the unnamed alarm sources, including expansion modules (only supported by 73xx modules).Its operation is very similar to that of page 8 registers 128 & upwards except that the maximum number of supported sources has been increased from 128 to 256 to reflect the much larger number of inputs available.Notes on alarm codes1.An alarm that is fitted but disabled by the configuration of the slave device returns code 0.2.An alarm that is not implemented on a particular control unit returns code 15.3.An indication that does not require a message to be displayed when inactive returns either code 8 or 10.4.An indication that does require a message to be displayed when inactive returns either code 9 or 10.10.Page 154 – Named Alarm ConditionsThis is implemented for 72xx/73xx modules and indicates to the PC the current condition/status of all the named alarm sources.Its operation is very similar to that of page 8 registers 0 to 127 except that the supported sources have been re-ordered and limited to those currently supported for 7xxx modules.Notes:1.These are read only registers.2.Each alarm can be in one of 15 conditions as shown in the table below.3.Registers 1-8 contain the status of named, internally generated, alarms and indications. These may be extended by future versions ofGenComm and any software that reads them must be able to cope with such extensions. This is possible because register 0 specifies the number of pre-defined internal alarm conditions that are implemented on a slave device, the software should read and process the specified number. The software does not need to know the definitions of any new alarms since it can read the alarms strings and display them as specified by the alarm condition. All unimplemented pre-defined alarms return the unimplemented value 15, not an exception.Notes on alarm codes5.An alarm that is fitted but disabled by the configuration of the slave device returns code 0.6.An alarm that is not implemented on a particular control unit returns code 15.7.An indication that does not require a message to be displayed when inactive returns either code 8 or 10.8.An indication that does require a message to be displayed when inactive returns either code 9 or 10.11.Page 156 – Expansion module enable statusThis is implemented for 73xx modules and indicates to the PC software what expansion modules are currently included in the configuration. There is no support for expansion modules in 72xx modules so all expansion modules will be reported as disabled in the configuration.Note:Only 4 off 2130 expansion modules (A, B, C & D) are supported on 73xx, the other 6 off (E through J) will always return NO to indicate they are not enabled in the configuration.All 10 off 2157 and 2548 expansion modules are supported on the 73xx.12.Page 158 – Expansion module communications statusThis is implemented for 73xx modules and indicates to the PC software what expansion modules are failing to communicate with the 73xx module. If an expansion module is not enabled in the configuration, it will always report no failures to communicate. There is no support for expansion modules in 72xx modules so all expansion modules will be reported as disabled in the configuration, meaning they will always report no failures to communicate.Note:Only 4 off 2130 expansion modules (A, B, C & D) are supported on 73xx, the other 6 off (E through J) will always return NO to indicate they are not enabled in the configuration and so have no communications failures.All 10 off 2157 and 2548 expansion modules are supported on the 73xx.This is implemented for 72xx/73xx modules and indicates to the PC software what each built-in digital input function is set as.Note:A value of 0 indicates that the digital input has been configured by the user to generate an alarm. The register number itself provides the relationship back to which digital input it is that has caused the alarm. For analogue inputs, there are two entries, one per potential alarm source (low and high) to indicate that the input is an alarm source. No other value is expected for an analogue input.Any other value indicates that the input has been configured as an auxiliary input function. The individual list of functions is available in the 7xxx File Structure Definitions document (under the Configuration File section).This is implemented for 72xx/73xx modules and indicates to the PC software what the current status of each digital input to the module is (indicating both the actual input state and the active/inactive indication from the module).Note:-For digital inputs, the raw status indicates to the PC software the switch position (i.e. open or closed), effectively providing an electrical status display.Processed status indicates to the PC whether the input is considered active by the module or not (basically the electrical state is compared with the polarity configured for an input and this is then reported to give an LED-type status indication).For analogue inputs, the raw status indicates the sender category while the processed status gives the sender reading. As the same analogue input has both low and high status registers, this does mean that the sender category and sender values are repeated across the two registers.15.Page 171 – Unnamed input status (contd)This is implemented for 72xx/73xx modules and indicates to the PC software what the current status of each digital input to the module is (indicating both the actual input state and the active/inactive indication from the module).Note:-Raw status indicates to the PC software the switch position (i.e. open or closed), effectively providing an electrical status display. Processed status indicates to the PC whether the input is considered active by the module or not (basically the electrical state is compared with the polarity configured for an input and this is then reported to give an LED-type status indication).For analogue inputs, the raw status indicates the sender category while the processed status gives the sender reading. As the same analogue input has both low and high status registers, this does mean that the sender category and sender values are repeated across the two registers.16.Page 180 – Unnamed output sources & polaritiesThis is implemented for 72xx/73xx modules and indicates to the PC software what each module output has been configured to use as its source and polarity (both digital outputs and LEDs).17.Page 181 – Unnamed output sources & polarities (contd)This is implemented for 72xx/73xx modules and indicates to the PC software what each module output has been configured to use as its source and polarity (both digital outputs and LEDs).18.Page 190 – Unnamed output statusThis is implemented for 72xx/73xx modules and indicates to the PC software what the current status of each output from the module is (both digital outputs and LEDs).19.Page 200-231 – Unnamed alarm stringsThis is implemented for 72zxx/73xx modules to provide the various unnamed alarm strings (including internal and external digital and analogue inputs).They are used in place of pages 64-95 as the inactive strings are not implemented to reduce the register count required to support the large number of expansion inputs, hence their positioning in the private GenComm pages.The order of the strings is the same as for the input functions and input status pages to simplify the look-up process for the PC software.Note:-Reading from the reserved pages will return spaces (I hope)…20.Page 240-245 – Analogue Input Name StringsThis is implemented for 72zxx/73xx modules to provide the name strings for various analogue inputs (including internal and external analogue inputs).The order of the strings is the same as for the input functions and input status pages to simplify the look-up process for the PC software.21.Page 250 – Misc stringsThis is implemented for 72zxx/73xx modules to provide the name strings for various analogue inputs (including internal and external analogue inputs).The order of the strings is the same as for the input functions and input status pages to simplify the look-up process for the PC software.。

修改EEPROM进入Test Mode方式：P20拉Low(GND)，然后上电;BAT+（VDD）：3.3~4.2V，GND：GNDUART_TX：MCU RXUART_RX：MCU TX在Test Mode下，波特率固定位1152001，MCU修改Device Name的指令：0127FC13000B104475616C2D5350500000000000000000红色字体部分是设备名称，是ASCII，目前的是Dual-SPP；执行完上面指令后，MCU会收到下面信息：040E040127FC0000代表执行成功；02代表没有写入成功；2，MCU修改波特率的指令：0127FC0400210103红色字体部分是波特率的Index，请按照下表填写：No.Index波特率100961200201460800302230400403115200504576006053840070628800807192009081440010099600110A4800120B2400执行完上面指令后，MCU会收到下面信息：040E040127FC0000代表执行成功；02代表没有写入成功；3，MCU修改Device Name的指令：A，修改4位PIN Code:0127FC07004B0430303030B，修改6位PIN Code(需要两个指令): 0127FC07004B04303030300127FC0500E3023030PIN Code修改使用ASCII码，且为0~9数字执行完上面指令后，MCU会收到下面信息：040E040127FC0000代表执行成功；02代表没有写入成功；。

磁盘阵列常见日志信息及解决方式_v磁盘阵列常见日志简介目录1．控制器事件 01．1 严重警告 01．2 一般警告 (1)1．3 通知 (1)2．磁盘 (2)2．1 严重警告 (2)2. 2 一般警告 (3)3．通道 (4)3．1 严重警告 (4)3．2 通知 (6)4．逻辑盘 (6)4．1 严重警告 (6)4．2 通知 (8)5．常见事件 (10)5．1 严重警告 (10)6．周边设备 (11)6．1 严重警告 (12)7．SES 设备 (13)7．1 严重警告 (13)8．常见外围设备 (14)8．1 严重警告 (14)1．控制器事件1．1 严重警告1 .Controller SDRAM ECC Error Detected发生原因：内存Single-bit/Multi-bits Errors处理方法：检查内存是否故障，重新更新FW，如仍有故障请联系供应商解决出现频率：一般2. Controller SDRAM Parity Error Detected发生原因：内存校验错误处理方法：更新FW，更换内存测试，如故障仍未解决，请联系供应商解决。

出现频率：低3. Controller ALERT: Power Supply Unstable or NVRAM Failed发生原因：电源电压输出过低,或者NVRAM内部错误.处理方法：请与供应商联系,如必要可更换新电源出现频率：低4. Controller ALERT: Redundant Controller Failure Detected发生原因：双控制器其中之一发生故障，另一控制器接管处理方法：检查双控制器在硬件、FW及其他设置上是否一致，如确认为硬件故障所致，请联系供应商解决。

出现频率：低5. CHL:_ FATAL ERROR (_)发现原因：其中一个通道发生故障处理方法：请检查连接线路,双控的模式下,让另一控制器将接替故障控制器的工作,并联系供应商解决.6. Controller BBU Absent or Failed!发生原因：BBU(电池)被移走或故障处理方法：检查BBU是否安装正常出现频率：一般7. BBU Failure Detected发生原因：BBU发生故障处理方法：请联系供应商解决.8. Controller PCI Bus Parity Error Detected发生原因：可能由于控制器内部的温度过高造成部件发生故障处理方法：请联系供应商解决.9. Force Controller Write-Through on Triggered Cause发生原因：控制器切换写入方式为Write-Through处理方法：恢复原来的工作状态,如未解决,请联系供应商解决.1．2 一般警告10. Controller BBU Not Fully Charged!发生原因：BBU充电不足,并且不建议将cach的模式由write-throung改为write-back处理方法：如果电池不能满足长时间的电量负荷,请联系供应商更换电池.11. Controller BBU Thermal Shutdown/Enter Sleep-Mode!发生原因：BBU温度过高（>=45），或是充电完成超过7小时造成控制器BBU突然关闭或者休眠.处理方法：检查环境通风是否良好，电池是否安装正确，出现此日志一般不需要进行特别操作12. Memory Not Sufficient to Fully Support Current Config.发生原因：使用的内存与当前的型号或配置不符处理方法：检查内存是否正常，更换内存测试1．3 通知1. CONTROLLER notice: NVRAM Factory Defaults Restored发生原因：Firmware已经恢复到出厂设置处理方法：请按ESC清掉该信息即可.2. Controller Initialization Completed发生原因：控制器初始化完成.处理方法：系统正常启动.3. Controller NOTICE: Redundant Controller Firmware Updated。

查看HP小型机的信息的命令集1、机型#model9000/800/L2000-44注意：其中44是指每个cpu有440MHZ。

2、cpu个数#topCPU LOAD USER NICE SYS IDLE BLOCK SWAIT INTR SSYS0 0.02 0.0% 0.0% 0.% 0.0% 0.0% 0.0% 0.0%1 0.00 0.6% 0.0% 0.% 0.0% 0.0% 0.0% 0.0%2 0.00 2.% 97.0% 0.0% 0.0% 0.0% 0.0%3 0.00 0.4% 0.0% 0.0% 99.6% 0.0% 0.0% 0.0% 0.0%3、硬盘的大小信息#diskinfo /dev/rdsk/c1t0d0SCSI describe of c1t0d0:vendor: SEAGATEproduct id: ST39204LCtype: direct accesssize: 8891556 Kbytesbytes per sector: 5124、硬盘的个数#ioscan -funC diskdisk 0 0/0/1/1.0.0 sdisk CLAIMED DEVICE SEAGATE ST39204LC/dev/dsk/c1t0d0 /dev/rdsk/c1t0d0disk 1 0/0/1/1.2.0 sdisk CLAIMED DEVICE SEAGATE ST39204LC/dev/dsk/c1t2d0 /dev/rdsk/c1t2d0disk 2 0/0/2/0.0.0 sdisk CLAIMED DEVICE SEAGATE ST39204LC/dev/dsk/c2t0d0 /dev/rdsk/c2t0d0disk 3 0/0/2/0.2.0 sdisk CLAIMED DEVICE SEAGATE ST39204LC/dev/dsk/c2t2d0 /dev/rdsk/c2t2d0disk 4 0/0/2/1.2.0 sdisk CLAIMED DEVICE HP DVD-ROM 305/dev/dsk/c3t2d0 /dev/rdsk/c3t2d0disk 5 0/4/0/0.8.0 sdisk CLAIMED DEVICE SEAGATE ST39236LC/dev/dsk/c4t8d0 /dev/rdsk/c4t8d05、查看操作系统版本和license#uname -aHP-UX scp1 B.11.00 U 9000/800 1124961527 unlimited-user license6、如何查看内存#dmesgMemory Information:physical page size = 4096 bytes, logical page size = 4096 bytesPhysical: 2097152 Kbytes, lockable: 1866308 Kbytes, available: 1902728 Kbyts 7、如何查看文件系统#bdfFilesystem kbytes used avail %used Mounted on/dev/vg00/lvol3 1025617 24790 898265 3% //dev/vg00/lvol1 700691 35482 595139 6% /stand/dev/vg00/lvol8 2097152 436927 1557195 22% /var/dev/vg00/lvol7 1048576 481524 531631 48% /usr/dev/vg00/lvol6 255253 148 229579 0% /tmp/dev/vg01/lv_tellin 2051553 127152 1719245 7% /tellin/dev/vg00/lvol5 2097152 81783 1889462 4% /opt/dev/vg01/lv_informix 2051553 413823 1432574 22% /opt/informix/dev/vg00/lvol4 524288 1229 490375 0% /home存在两个文件中：/etc/fstab /etc/mnttab8、查看卷组、卷组所包括的逻辑卷、以及该卷组所包括的物理磁盘#vgdisplay -v vg00则结果都是按照逻辑卷组、逻辑卷、物理磁盘的顺序全部显示。

(date)NamePresident/CEOSupplier Co NameMfg Location Duns:Pres/CEO’s Corp Address (Street)Pres/CEO’s Corp Address (City, ST ZIP)Subject: Entry into Controlled Shipping-Level 2Dear Mr. /Mrs./Ms. (last name only):Controlled Shipping is part of General Motors Supplier Processes and Measurements Procedure, GP-5, and is part ofthe Supplier Quality Improvement Process. Controlled Shipping is a containment and problem solving process. General Motors has determined that current controls by your organization are insufficient to insulate initiating GM (list affected GM plant name/s and state/s) Plant from the receipt of non-conforming parts/material produced by yourfacility. This letter is formal notification and confirms discussions held with your organization that effective (date), your (manuf’g location City, ST) facility has been placed into Controlled Shipping-Level 2(CS2). CS2 includes compliance to GP-5 as evaluated by a third party Provider assessment, for the following non-conformances. Seetable below:Part Number***(List all affected part numbers)Part Name*** (List all affected part names)Non-conformance(s) (List defects as noted on the exit request and entry letter)PRR Number (List all current and recent PRR’s related to the non-conformity)Plants Affected*** (List all affected GM operations or plants)Vehicle Lines Affected*** (List all affected GM vehicle lines) (The Initiating SQE should complete either thevehicle platformsProduct Lines Affected*** (List all affected GM product lines) or the non-vehicle product lines affected)No Providers Recommended (double click on box to edit)SQE has not recommended or required the use of any specified provider from GM’s approved provider list.Other Special Instructions***This Controlled Shipping-Level 2 process may be completed on ALL similar part numbers or similar manufacturing processes for these listed non-conformances for ALL possibly affected GeneralMotors vehicles or product lines at the discretion of General Motors.Therefore,you must immediately:1. Implement CS2 containment and pay the costs of the approved third-party CS2 Containment andAssessment Provider. The GM-defined Controlled Shipping-Level 2 Process activities are in addition to any existing controls and containment activities. The list of GM-approved containment and assessment providers isattached.2. Controlled Shipping-Level 1 containment must remain in effect. If Controlled Shipping-Level 1 is not inplace, consider this CS2 Entry letter as formal notification to immediately implement CS1 for the specifieddefect(s) in accordance with GM General Procedure 5 (GP-5).3. Pay the costs of the GM-approved CS2 Provider assessments, plus any spill prevention activities asrequired and follow up activities associated with any PRR action items. Follow up activities will continue and will be monitored until supplier compliance to GP-5 is validated.4. Implement and pay the costs of GM defined containment activities over and above your current processcontrols and containment activities. The supplier must enter into a contract with a GM-approved CS2Provider within 24 hours.The CS2 Provider must establish the CS2 containment and conduct a CS2 Kickoff Meeting within 24 hours ofreceiving a Purchase Order.The first assessment shall be initiated within 3 business days and submitted to GM within 5 business daysafter receiving the Purchase Order.Follow up assessments shall be conducted on the 15th working day, and every 30 working days thereafter,until a passing assessment is achieved.The required documentation includes the CS2 Assessment, Matrix, Masterdot Action Plan, 5Y AnalysisUSING THE DRILL DEEP WORKSHEET and Read Across.The Training Needs Verification must be completed within 5 days and updated after 45 days unless thesupplier has exited CS2.5. Return the attached “Controlled Shipping Confirmation Reply” within 24 hours of the receipt of this letter.6. Clearly identify the qualified shipments to indicate that the authorized Controlled Shipping Provider hascompleted the containment process.7. GM requires that your Irreversible Corrective Action plans for CS2 issues be submitted to the GM andCS2 Provider representatives for review.8. Submit your Irreversible Corrective Action plans to your TS16949 registrar for review and/or assessment.Please authorize your registrar to submit the review and/or assessment findings to General Motors.Note: Failure to comply with this process or the inability to implement successful CS2 action plans or containmentactivities will result in the implementation of New Business Hold-Quality. Reference the GM Supplier QualityProcesses and Measurements Procedure GP-5 at for additional details concerningControlled Shipping.The attached CS2 Confirmation Reply form must be completed and returned within 24 hours to the GMcontacts noted below.If you have any questions, your GM contacts are:- SQE @ (phone number), fax: (fax number), & e-mail: (address), who, along with the CS2 (Initiating SQE’s name)Provider Quality Engineer, will be monitoring and defining your Controlled Shipping activities, andNote to TS16949 Registrar: pursuant to this CS2 notification letter, General Motors requests yourassessment findings be submitted to the individuals noted above.Sincerely,__________________________________________(Name)Group ManagerNAVOGeneral Motors CorporationAttachmentsCopy:Attachment: Entry into CS2 letter,Supplier Responsibilities During Controlled Shipping-Level 2:Maintain Controlled Shipping-Level 1 inspections and communications.Contain all non-conforming parts at the supplier, warehouses, in transit, and at any General Motors locationsimmediately upon notification of Controlled Shipping status.Participate in all Controlled Shipping-Level 2 meetings as required.Establish an CS2 containment area that is separated from the normal production and from the ControlledShipping-Level 1areas. This containment area may be located within the normal production area if the GeneralMotors representatives approve the location based on material flow, possible damage due to excessive handling,or product design considerations.Provide gaging, tooling, or equipment, if required, for product or process inspections.Validate data-supported Corrective Actions. Outline your plans for reviewing your CS2 data.Track and report your progress by using the GM-approved report formats as specified by the GMrepresentatives and the TS16949 Registrar monitoring these activities.Participate and pay the costs of GM approved Supplier Assessment process as required by GM.Meet the defined CS2 exit criteria.Exit Criteria:No PRRs issued for the listed defects and inspection data showing no rejects into the inspection area for a minimum of 20 working days AFTER implementation of Irreversible Corrective Actions. If deemedappropriate by Supplier Quality, the duration of the Controlled Shipping activities may be adjusted.Implement Error Proofing as appropriate within your process for the defect(s) noted above.Supplier corrective actions that are classified as Error Proofing solutions require only 5-days’inspection data for validation. Criteria are as follows :1.The corrective action is classified with a detection score of 1, 2, or 3 as per the AIAG PFMEA manual.2. “Master rejects” have been made to validate the error proofing on a regular basis in production. The CS2PQE must verify that the “master rejects” work correctly and are used to validate error proofing in production.This must be added to the supplier’s process control plan.3. The GM SQE and CS2 Provider PQE agree to the above.Evidence that a thorough problem-solving process was used, the true root causes of the problems werediscovered, and effective Irreversible Corrective Actions were implemented and validated.Statistical Process Control used when appropriate to confirm stable and capable processes during the 20working days after implementation of Irreversible Corrective Actions.All documents [Potential Failure Mode and Effects Analysis (PFMEA), Process Control Plan, Pre-Launch (GP-12)Control Plan, Process Flow Diagram, Operator Work Instructions, training records, PM Plans, approved PRR response per GP-5, etc.] must be modified and approved, and PPAP submitted and approved as required.Pass CS2 assessment and close all items in the CS2 Action Plans.Statement from your TS16949 registrar of review and approval of the specific issue corrective actions.Evidence of layer audits specific to the issue corrective actions.Evidence of successful completion of required workshop action plans. GM may require workshops based uponassessments or as results of visits into supplier facilities.Required workshops, such as an LEP workshop for a mislabel CS2, must be taken to exit CS2. Completion of allworkshop action items is NOT required to exit CS2. Long-term corrective action items are required for CS1exit. Note: Supplier may exit CS2 only when all CS2 exit criteria are met. The supplier may be required toremain in CS1 until all long-term action items from workshops are completed.GM SQEs must respond to a supplier’s request from exit from CS2 within 72 hours of exit pa ckagereceipt.1. CS2s will be considered approved for exit if there is no GM response within 72 hours.2. Denial of CS2 exit requires GM SQE to submit a business case with a manager signature (see attached ExitRequest Denial Form).The supplier is required to copy the initiating SQE's team leader for all exit packages.The supplier will remain in Controlled Shipping status until written authorization to exit CS is received from:- SQE @ (phone number), fax: (fax number), & e-mail: (address).(Initiating SQE’s name)MAJOR DISRUPTION PREVENTION SUMMARY SHEET1) This initiative is Supplier Funded and Supported by GM Approved Third Party Engineers (PQE). GM PQEs aretrained in the procedure.2) This initiative must be implemented at all Supplier Facilities utilizing similar processes or producing similarproducts.3) This initiative covers all PRRs issued to the supplier facility for the preceding 8 weeks at the supplier facility, plusall additional PRRs issued while the CS Activity is in place.4) At the CS2 Kickoff Meeting, the PQE will initiate the Major Disruption Prevention Initiative. Final details will bedecided at that point.5) Five Why Analysisa) Five Why Analysis will be utilized to determine true root causesi) Corrective Actions must be implemented for each “why” root cause.b) Five Why Analysis will be utilized to determine why the problem was not detected.i) Corrective Actions must be implemented for each escape “why” root cause.c) Five Why Analysis will be utilized to determine why the problem was not prevented. This investigatessystemic issues.i) Corrective Actions must be implemented for each prevention “why” root cause.d) Corrective Actions must be verified.e) Results must be included on Lessons Learned.6) Major Disruption Prevention Read Acrossa) PRR Read Across must be created for all supplier locations utilizing similar processes or producing similarproducts.7) Cost of Qualitya) Supplier must track the cost of quality relative to spills and/or this PRR.8) Action Plana) Supplier must maintain a Master Dot Action Plan for tracking all action items related to the CS and SpillPrevention Activities. This includes items determined by the read across, 5 Why analysis, CS2 Assessment,CS2 Matrix and any GM Required Workshops.b) CS2 exit requirements on Read Across:Original duns must be color coded Green for corrective action on all Read Across items for CS2 issue.Other duns location with similar process must be Yellow (minimum) on CS2 issue.Other PRR's within 8-week window must be Green (duns on CS2) or Yellow (other locations) forcontainment. Other read across items (i.e. predict corrective action) can be Red if closure dates areidentified.GENERAL MOTORS GUIDELINES FOR CONTROLLED SHIPPING EXIT PACKAGE (S)Documentation should be sent to the Originating Plant SQE and other GM Personnel as defined in the kickoff meeting.All documentation should be contained in a binder or report folder indexed for easy location of all documentation. Package should include:1. Letter requesting exit on company letterhead2. Updated PFMEA, Control Plan, Operator Work Instructions, Preventative Maintenance Plan, Flow Chart, andPrelaunch Control Plan (GP-12) with changes highlighted3. Evidence of error proofing, including implementation, validation and periodic verification.4. Well-illustrated Corrective Action Report (5Y, Quad report...)5. Acceptable PRR response. The author decides whether the response is accepted.6. Containment Data7. Training records8. PPAP documentation, if related to corrective action9. Evidence of layered audits related to the corrective action.10. Evidence of attendance and implementation of action plans generated by required workshops, if any11. GP-12 data when requested12. Other documentation and information as requested by GM13. Statistical data as appropriate.The following information is only required for CS2:14. Copy of Passing Assessment and completed action plans.15. TS 16949 Registrar’s statement of approval (or plan) for all activities undertaken by supplier related to thecontrolled shipping issue (s). GM can require additional activities.CONTROLLED SHIPPING-LEVEL 2 CONFIRMATION REPLYGM 1927-53*** Note please send back to both parties listed below via e-mail***Do not separate this page from the rest of the letter & do not scan – keep in MS Word format.TO:GM SQE Assigned to supplier dunsEmail Address: GM SQE@(Plant or Organization name)(Address Street)(Address City, ST Zip Code)FROM:Supplier Co NameManuf’g Location DunsManuf’g Address (Street)Manuf’g Address (City, ST ZIP Code)We acknowledge receipt of your letter dated, (insert date), advising us that our above facility has been placed into Controlled Shipping-Level 2.Yes NoDid you notify your TS16949 registrar? (mandatory for exit)If "NO" please explain:It is MANDATORY that you choose a GM approved provider. (GM Approved CS2 Providers can be found in GM SupplyPower – Quality Library – 3rd Party Provider Management – 3rd Party Provider Services – link below)https:///apps/supplypower/NASApp/spcds/CDSRetrieval?id=137952&togglefolder=20219&doc_lang=en&lob=qualityYes NoGM is concerned with cases of GM personnel directing a supplier to choose a specific provider from thelist of GM’s approved providers above. Suppliers are free to choose from any of the provide rs listed asGM Approved service providers in GM SupplyPower as stated above in this letter. To address suchconcerns, please answer the following question - Have you been required any GM representative touse the specified CS provider you have indicated above? If you answer “yes” to this statement,please explain why: (Description of requirement to use a given provider)(double click on box to check) /(single click on blue area & type)We understand the CS2 containment process requirements:The Purchase Order # (mandatory)PO#, or other terms of agreement: verbal, blanket PO dated: PO date .Provider Contact Name type name @ e-mail address: type e-mailWe do not fully understand the containment process requirements.Please contact: Name of Contact at phone#: (Telephone number)The following is a description of how conforming parts and shipments will be identified to indicate that they have beencertified as conforming to requirements.The CS2 containment activities will be performed at the following location:The person responsible for the CS2 containment activities:Name: Title: .Phone: Fax: E-mail: .(Signature of person responsible for containment) (Date)。