May 1, 2024

Zynq bootrom

The Xilinx TRM states that "The BootROM memory is used exclusively by the boot process and is not visible to the user."

So this is a clear challenge to someone investigating the details of these chips. I don't expect any dramatic secrets to be hidden, and it is actually kind of nice that the bootrom "hides itself" once its job is done, rather than cluttering up the address space. Whatever the case, it must be exposed to the processor at some point and it is our job to figure out how to dump it and examine it.

The secret uart loader is the key

This isn't my work. It was done by "404" who gives a python script to dump the bootrom by exploiting some code in the uart loader in a way that was never intended.

My investigations

Feedback? Questions? Drop me a line!

Tom's Computer Info / tom@mmto.org