Application Group number Command number Permission value Absolute device path pointing of the described device Type of the device Size of the smallest addressable unit in the device in bytes Offset in bytes of the start of the device relative to its parents offset 0 with a granularity of its parents block size Length of the device in bytes Name of file or directory Size of file or directory Indicator if it is file or directory Time of last modification supported ciphers A1 CA ServiceModeLevel FlashModeLevel AdvanceServiceModeLevel LimitedProductionModeLevel VeryLimitedProductionModeLevel ProductionModeLevel System commands group (0x01) The Loader Start-up Status command is sent by the ME to notify the host that it has started. The Status parameter indicates in what mode the Loader started. 0 = started successfully, 1 = failed to start (lack of permissions), 2 = software module failed to initialize Loader version identifier Protocol version identifier

This command is used to change the loader UART baudrate. Baud rate.

The Reboot command is used to instruct the Loader to reset the ME. Upon receiving this command, the Loader shuts down in a controlled fashion and restarts the ME. The Mode parameter is used to select the mode of reset. 0 = normal restart, 1 = restart in service mode, 2 = restart with JTAG debugging enabled, 3 = restart in service mode and with JTAG debugging enabled

The Loader shuts down in a controlled fashion and proceeds to shut down the ME itself.

The Loader returns a list of implemented commands and whether they are permitted to execute in the current Loader state. Further fine-grained permission controls might also deny execution of a specific command.

Number of implemented commands An array of command identifiers. The Permitted field indicates whether the command can be executed at the current time (non-zero value means allowed)

Receive, verify and execute software, which can be a signed Loader. After having sent this command, the ME will attempt to read the software payload data from the host using the Bulk protocol or from the flash file system depending on the selected path. Execute mode: 1 = execution from specified address, 2 = first load the software then execute. File system or Bulk id path Total length of the execute software file

This command is used to escalate the privileges of the operator. Two modes of authentication are available by default; Control Key authentication and Certificate based authentication. The authentication command sets the loader in a specific authentication context when it takes control over the command flow. After receiving the authentication command, the Loader will send the appropriate request for information to the PC. Authentication type: 0 = Control Key authentication, 1 = Certificate authentication.

This command is used by the Loader to retrieve the SimLock Control Keys from the host in order to authenticate a user. The command is used in authentication context.

This command is used by the Loader to perform a certificate authentication. The command is only used in authentication context. Authentication Challenge buffer length Authentication Challenge that must be signed using the correct certificate and returned to the Loader

Updated authentication challenge buffer length Signed authentication challenge together with the requested permissions.

This command is used to collect printouts (debug data) and measurements results. Type of requested data.

Length of output buffer. Output data buffer. Contain debug data (printouts) or measurement data.

This command is used by the Loader to get the minimal progress status from all running commands.

Command progress status presented in percent.

The Set System Time command is used to instruct the Loader to use real world time and date during its run time. Upon receiving this command, the Loader sets internal Real Time Clock. This command can be issued more then once by PC tool. Number of seconds since January 1, 1970 (midnight UTC/GMT).

This command is used to instruct the Loader to switch to a new communication device. Communication device number to switch to. Communication device parameters.

This command is used by the Loader to retrieve the SimLock Control Keys data buffer from the host in order to authenticate a user. The command is used in authentication context.

Length of output buffer. Data buffer with all SIMLock keys.

The Loader shuts down the global communication and enters in a Relay working mode. Communication device number of the relay input (host device). Communication device number of the relay ouptut (target device). Communication device number for the loader commands (control device).

supportedcmdtype="longrunning"> This command is used by the Loader to deauthenticates the ME from prior authentications to prevent unauthorized access. Deauthentication type: 1 = permanent deauthentication, 0 = deauthenticate until next reboot of the ME.

Flash Commands group (0x02) This command is used to initiate a flashing session. The Type argument is used to select the type of file to process and Length parameter defines the total size of the file. Total length of the opened file Type of the opened file. Currently the only supported type is x-empflash/flasharchive File system or Bulk id path

The Loader returns a list of detected block devices. A block device can be a physical device ( flash0 , mmc0 , usb0 ), a logical device ( cabs0 , mbbs0 ) or a file system volume ( boot , sys ). Together they form paths on the form /flash0/mbbs0 or /flash1/cabs1/vfat .

Indicates the number of returned devices Absolute device path, Type of the device, Block Size, Start address of the device, Length of the device

This command is used to initiate a Dump session. Path to the device to dump. Start of the dump relative to the start of the device indicated by Path in bytes. Actual start is determined by the Mode parameter. Length of the dump in bytes. Actual length is determined by the Mode parameter. File system or bulk id path. If set to 0 dump flash including redundant area, if set to 1 dump flash without redundant area.

This command is used to erase a flash device or part of a flash device. Path to the device to erase. Start of the dump relative to the start of the device indicated by Path in bytes. This must be a multiple of the block size of the device. Length of the dump in bytes. This must be a multiple of the block size of the device.

This command is used to flash raw flash image. Address where RAW image should be written. This must be a multiple of the block size of the device. Length of RAW data in bytes Target flash device.[0,1] Bulk id path

This command is used to set enhanced area on eMC card. Path to the device where area will be set. Start address of enhanced area in bytes. Length of the enhanced area in bytes.

File System Commands Group (0x03) Retrieve properties of the specified file system volume Path of file system volume

File system type Total size of the file system (in bytes) Available space (in bytes)

Formats an unmounted file system volume. This operation fails if the volume is currently in use. Device path of the file system volume

List files and directories residing in a specified path File system path

Number of directory entries Name and Size of file or directory, Mode as indicator if it is file or directory, Time of last modification

Moves or renames a file. File system path (source) File system path (destination)

Deletes the specified file or directory. The Loader will only delete empty directories. File system path

Copies a file from the PC to the ME, between two directories or file systems on the ME or from the ME to the PC. File system or bulk id path (source) File system or bulk id path (destination)

Creates a directory File system path

Retrieves the properties of a file or directory File system path

File Type and Access restrictions descriptor (see 5.1) File size in bytes Last modification time stamp Last access time stamp Creation time stamp

Changes the access permissions of a path File system path New access permissions

Read all manifests in elf files and send it to PC File system path

OTP handling commands Group (0x04) Reads the specified bits from the OTP Indicates which OTP memory is to be read Starting offset in bits Length of read in bits

Length of read bits Length of the DataBits buffer A left-adjusted buffer of the read data. Padded with zeroes. Length of returned value (in bytes), equal to floor((Length + 7) / 8). Length of the LockStatus of read bits Length of the LockStatus buffer A left-adjusted buffer of the lock status of each read bit. Padded with zeroes. Length of returned value (in bytes), equal to floor((Length + 7) / 8).

Writes and locks the specified bits in the OTP Indicates which OTP memory is to be read Starting offset in bits Length of write in bits Length of DataBits buffer Left-adjusted byte buffer containing the data to be written. Only Length bits will be written.

Writes and locks the specified bits in the OTP Indicates which OTP memory is to be written and locked If = 0 - Write only complete lockable areas. If != 0 Write complete lockable areas even if not all bit are received in cache.

Installs Secure objects into OTP or Flash File system or bulk id path Secure Object destination address

Parameter Storage Commands Group (0x05) Reads the specified unit from Global Data area GD storage area to read from (gdfs, trim area) Unit id to read

Length of the Data buffer The read data

Writes the specified unit to Global Data area GD storage area to write to (gdfs, trim area) Unit id to write Length of the Data buffer The data to write

Reads a complete Global Data area GD storage area to read (gdfs, trim area) File system or bulk id path indicating the destination of the read operation

Writes a complete Global Data area GD storage area to write (gdfs, trim area) Data Length when is used bulk transfer File system or bulk id path indicating the source of the write operation

Erases a complete Global Data area GD storage area to erase (gdfs, trim area)

Security settings Commands Group (0x06) Set the ME domain Target domain

Get the ME domain

The ME Domain

Reads a security data unit (such as a secure static or dynamic data unit) Unit id to read

Length of the Data buffer The unit data

Writes a security data unit (such as a secure static or dynamic data unit) Unit id to write Length of the Data buffer The data to write

Associates all security data units with the current ME

Initialize a SW version table, intended for checking the ARB functionality. ARB Type to update Length of the Data buffer The data to write

ADbg test suite (automatic test tool) List all modules, test cases and its parameters

CmdData

List all modules, interface groups, interface functions and its parameters

CmdData

Set test case precondition ModuleId IntGroupId IntFunctionId RecoveryFlag Precondition_p

Recovery test case condition ModuleId IntGroupId IntFunctionId

Run test case ModuleId CaseId Precondition_p