mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 12:21:18 +00:00
fusee/sept: changes for exo2 (note: not final)
This commit is contained in:
parent
91e0bbd9d7
commit
1fb9407d5d
6 changed files with 12 additions and 50 deletions
|
@ -227,9 +227,9 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
|||
case ATMOSPHERE_TARGET_FIRMWARE_8_1_0:
|
||||
case ATMOSPHERE_TARGET_FIRMWARE_9_0_0:
|
||||
decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10);
|
||||
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
||||
decrypt_data_into_keyslot(0xE, 0xC, masterkey_4x_seed, 0x10);
|
||||
decrypt_data_into_keyslot(0xC, 0xC, masterkey_seed, 0x10);
|
||||
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
||||
decrypt_data_into_keyslot(0xD, 0xC, masterkey_seed, 0x10);
|
||||
decrypt_data_into_keyslot(0xC, 0xC, masterkey_4x_seed, 0x10);
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
|
@ -239,12 +239,6 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
|||
return mkey_detect_revision(fuse_get_retail_type() != 0);
|
||||
}
|
||||
|
||||
/* Sets final keyslot flags, for handover to TZ/Exosphere. Setting these will prevent the BPMP from using the device key or master key. */
|
||||
void finalize_nx_keydata(uint32_t target_firmware) {
|
||||
set_aes_keyslot_flags(0xC, 0xFF);
|
||||
set_aes_keyslot_flags((target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (KEYSLOT_SWITCH_4XOLDDEVICEKEY) : (KEYSLOT_SWITCH_DEVICEKEY), 0xFF);
|
||||
}
|
||||
|
||||
static void generate_specific_aes_key(void *dst, const void *wrapped_key, bool should_mask, uint32_t target_firmware, uint32_t generation) {
|
||||
unsigned int keyslot = (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (devkey_get_keyslot(generation)) : (KEYSLOT_SWITCH_DEVICEKEY);
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef FUSEE_KEYDERIVATION_H
|
||||
#define FUSEE_KEYDERIVATION_H
|
||||
|
||||
|
@ -49,7 +49,6 @@ typedef struct nx_keyblob_t {
|
|||
|
||||
int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, uint32_t available_revision, const void *tsec_key, void *tsec_root_key, unsigned int *out_keygen_type);
|
||||
int load_package1_key(uint32_t revision);
|
||||
void finalize_nx_keydata(uint32_t target_firmware);
|
||||
void derive_bis_key(void *dst, BisPartition partition_id, uint32_t target_firmware);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -957,7 +957,7 @@ uint32_t nxboot_main(void) {
|
|||
if (MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) {
|
||||
exosphere_memaddr = (void *)0x4002D000;
|
||||
} else {
|
||||
exosphere_memaddr = (void *)0x4002B000;
|
||||
exosphere_memaddr = (void *)0x40030000;
|
||||
}
|
||||
|
||||
/* Copy Exosphère to a good location or read it directly to it. */
|
||||
|
|
|
@ -29,37 +29,6 @@
|
|||
|
||||
void nxboot_finish(uint32_t boot_memaddr) {
|
||||
uint32_t target_firmware = MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware;
|
||||
volatile tegra_se_t *se = se_get_regs();
|
||||
|
||||
/* Clear used keyslots. */
|
||||
clear_aes_keyslot(KEYSLOT_SWITCH_PACKAGE2KEY);
|
||||
clear_aes_keyslot(KEYSLOT_SWITCH_RNGKEY);
|
||||
|
||||
/* Lock keyslots. */
|
||||
set_aes_keyslot_flags(KEYSLOT_SWITCH_MASTERKEY, 0xFF);
|
||||
if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) {
|
||||
set_aes_keyslot_flags(KEYSLOT_SWITCH_DEVICEKEY, 0xFF);
|
||||
} else {
|
||||
set_aes_keyslot_flags(KEYSLOT_SWITCH_4XOLDDEVICEKEY, 0xFF);
|
||||
}
|
||||
|
||||
/* Finalize the GPU UCODE carveout. */
|
||||
/* NOTE: [4.0.0+] This is now done in the Secure Monitor. */
|
||||
/* mc_config_carveout_finalize(); */
|
||||
|
||||
/* Lock AES keyslots. */
|
||||
for (uint32_t i = 0; i < 16; i++)
|
||||
set_aes_keyslot_flags(i, 0x15);
|
||||
|
||||
/* Lock RSA keyslots. */
|
||||
for (uint32_t i = 0; i < 2; i++)
|
||||
set_rsa_keyslot_flags(i, 1);
|
||||
|
||||
/* Lock the Security Engine. */
|
||||
se->SE_TZRAM_SECURITY = 0;
|
||||
se->SE_CRYPTO_SECURITY_PERKEY = 0;
|
||||
se->SE_RSA_SECURITY_PERKEY = 0;
|
||||
se->SE_SE_SECURITY &= 0xFFFFFFFB;
|
||||
|
||||
/* Boot up Exosphère. */
|
||||
MAILBOX_NX_BOOTLOADER_IS_SECMON_AWAKE(target_firmware) = 0;
|
||||
|
|
|
@ -26,8 +26,8 @@
|
|||
#define KEYSLOT_SWITCH_TEMPKEY 0x9
|
||||
#define KEYSLOT_SWITCH_SESSIONKEY 0xA
|
||||
#define KEYSLOT_SWITCH_RNGKEY 0xB
|
||||
#define KEYSLOT_SWITCH_MASTERKEY 0xC
|
||||
#define KEYSLOT_SWITCH_DEVICEKEY 0xD
|
||||
#define KEYSLOT_SWITCH_MASTERKEY 0xD
|
||||
#define KEYSLOT_SWITCH_DEVICEKEY 0xC
|
||||
|
||||
/* This keyslot was added in 4.0.0. */
|
||||
#define KEYSLOT_SWITCH_4XNEWDEVICEKEYGENKEY 0xD
|
||||
|
|
|
@ -63,11 +63,11 @@ void load_keys(const uint8_t *se_state) {
|
|||
/* Clear keyslot 0xB. */
|
||||
clear_aes_keyslot(0xB);
|
||||
|
||||
/* Copy master key out of state keyslot 0xC into keyslot 0xC. */
|
||||
set_aes_keyslot(0xC, se_state + 0x30 + (0xC * 0x20), 0x10);
|
||||
/* Copy firmware device key out of state keyslot 0xE into keyslot 0xC. */
|
||||
set_aes_keyslot(0xC, se_state + 0x30 + (0xE * 0x20), 0x10);
|
||||
|
||||
/* Copy firmware device key out of state keyslot 0xE into keyslot 0xD. */
|
||||
set_aes_keyslot(0xD, se_state + 0x30 + (0xE * 0x20), 0x10);
|
||||
/* Copy master key out of state keyslot 0xC into keyslot 0xD. */
|
||||
set_aes_keyslot(0xD, se_state + 0x30 + (0xC * 0x20), 0x10);
|
||||
|
||||
/* Clear keyslot 0xE. */
|
||||
clear_aes_keyslot(0xE);
|
||||
|
@ -77,5 +77,5 @@ void load_keys(const uint8_t *se_state) {
|
|||
|
||||
/* Set keyslot flags properly in preparation for secmon. */
|
||||
set_aes_keyslot_flags(0xE, 0x15);
|
||||
set_aes_keyslot_flags(0xD, 0x15);
|
||||
set_aes_keyslot_flags(0xC, 0x15);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue