mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2025-01-08 21:47:57 +00:00
fusee/sept: changes for exo2 (note: not final)
This commit is contained in:
parent
91e0bbd9d7
commit
1fb9407d5d
6 changed files with 12 additions and 50 deletions
|
@ -228,8 +228,8 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_9_0_0:
|
case ATMOSPHERE_TARGET_FIRMWARE_9_0_0:
|
||||||
decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10);
|
decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10);
|
||||||
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
||||||
decrypt_data_into_keyslot(0xE, 0xC, masterkey_4x_seed, 0x10);
|
decrypt_data_into_keyslot(0xD, 0xC, masterkey_seed, 0x10);
|
||||||
decrypt_data_into_keyslot(0xC, 0xC, masterkey_seed, 0x10);
|
decrypt_data_into_keyslot(0xC, 0xC, masterkey_4x_seed, 0x10);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -239,12 +239,6 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
||||||
return mkey_detect_revision(fuse_get_retail_type() != 0);
|
return mkey_detect_revision(fuse_get_retail_type() != 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Sets final keyslot flags, for handover to TZ/Exosphere. Setting these will prevent the BPMP from using the device key or master key. */
|
|
||||||
void finalize_nx_keydata(uint32_t target_firmware) {
|
|
||||||
set_aes_keyslot_flags(0xC, 0xFF);
|
|
||||||
set_aes_keyslot_flags((target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (KEYSLOT_SWITCH_4XOLDDEVICEKEY) : (KEYSLOT_SWITCH_DEVICEKEY), 0xFF);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void generate_specific_aes_key(void *dst, const void *wrapped_key, bool should_mask, uint32_t target_firmware, uint32_t generation) {
|
static void generate_specific_aes_key(void *dst, const void *wrapped_key, bool should_mask, uint32_t target_firmware, uint32_t generation) {
|
||||||
unsigned int keyslot = (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (devkey_get_keyslot(generation)) : (KEYSLOT_SWITCH_DEVICEKEY);
|
unsigned int keyslot = (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (devkey_get_keyslot(generation)) : (KEYSLOT_SWITCH_DEVICEKEY);
|
||||||
|
|
||||||
|
|
|
@ -49,7 +49,6 @@ typedef struct nx_keyblob_t {
|
||||||
|
|
||||||
int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, uint32_t available_revision, const void *tsec_key, void *tsec_root_key, unsigned int *out_keygen_type);
|
int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, uint32_t available_revision, const void *tsec_key, void *tsec_root_key, unsigned int *out_keygen_type);
|
||||||
int load_package1_key(uint32_t revision);
|
int load_package1_key(uint32_t revision);
|
||||||
void finalize_nx_keydata(uint32_t target_firmware);
|
|
||||||
void derive_bis_key(void *dst, BisPartition partition_id, uint32_t target_firmware);
|
void derive_bis_key(void *dst, BisPartition partition_id, uint32_t target_firmware);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -957,7 +957,7 @@ uint32_t nxboot_main(void) {
|
||||||
if (MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) {
|
if (MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) {
|
||||||
exosphere_memaddr = (void *)0x4002D000;
|
exosphere_memaddr = (void *)0x4002D000;
|
||||||
} else {
|
} else {
|
||||||
exosphere_memaddr = (void *)0x4002B000;
|
exosphere_memaddr = (void *)0x40030000;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Copy Exosphère to a good location or read it directly to it. */
|
/* Copy Exosphère to a good location or read it directly to it. */
|
||||||
|
|
|
@ -29,37 +29,6 @@
|
||||||
|
|
||||||
void nxboot_finish(uint32_t boot_memaddr) {
|
void nxboot_finish(uint32_t boot_memaddr) {
|
||||||
uint32_t target_firmware = MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware;
|
uint32_t target_firmware = MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware;
|
||||||
volatile tegra_se_t *se = se_get_regs();
|
|
||||||
|
|
||||||
/* Clear used keyslots. */
|
|
||||||
clear_aes_keyslot(KEYSLOT_SWITCH_PACKAGE2KEY);
|
|
||||||
clear_aes_keyslot(KEYSLOT_SWITCH_RNGKEY);
|
|
||||||
|
|
||||||
/* Lock keyslots. */
|
|
||||||
set_aes_keyslot_flags(KEYSLOT_SWITCH_MASTERKEY, 0xFF);
|
|
||||||
if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) {
|
|
||||||
set_aes_keyslot_flags(KEYSLOT_SWITCH_DEVICEKEY, 0xFF);
|
|
||||||
} else {
|
|
||||||
set_aes_keyslot_flags(KEYSLOT_SWITCH_4XOLDDEVICEKEY, 0xFF);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Finalize the GPU UCODE carveout. */
|
|
||||||
/* NOTE: [4.0.0+] This is now done in the Secure Monitor. */
|
|
||||||
/* mc_config_carveout_finalize(); */
|
|
||||||
|
|
||||||
/* Lock AES keyslots. */
|
|
||||||
for (uint32_t i = 0; i < 16; i++)
|
|
||||||
set_aes_keyslot_flags(i, 0x15);
|
|
||||||
|
|
||||||
/* Lock RSA keyslots. */
|
|
||||||
for (uint32_t i = 0; i < 2; i++)
|
|
||||||
set_rsa_keyslot_flags(i, 1);
|
|
||||||
|
|
||||||
/* Lock the Security Engine. */
|
|
||||||
se->SE_TZRAM_SECURITY = 0;
|
|
||||||
se->SE_CRYPTO_SECURITY_PERKEY = 0;
|
|
||||||
se->SE_RSA_SECURITY_PERKEY = 0;
|
|
||||||
se->SE_SE_SECURITY &= 0xFFFFFFFB;
|
|
||||||
|
|
||||||
/* Boot up Exosphère. */
|
/* Boot up Exosphère. */
|
||||||
MAILBOX_NX_BOOTLOADER_IS_SECMON_AWAKE(target_firmware) = 0;
|
MAILBOX_NX_BOOTLOADER_IS_SECMON_AWAKE(target_firmware) = 0;
|
||||||
|
|
|
@ -26,8 +26,8 @@
|
||||||
#define KEYSLOT_SWITCH_TEMPKEY 0x9
|
#define KEYSLOT_SWITCH_TEMPKEY 0x9
|
||||||
#define KEYSLOT_SWITCH_SESSIONKEY 0xA
|
#define KEYSLOT_SWITCH_SESSIONKEY 0xA
|
||||||
#define KEYSLOT_SWITCH_RNGKEY 0xB
|
#define KEYSLOT_SWITCH_RNGKEY 0xB
|
||||||
#define KEYSLOT_SWITCH_MASTERKEY 0xC
|
#define KEYSLOT_SWITCH_MASTERKEY 0xD
|
||||||
#define KEYSLOT_SWITCH_DEVICEKEY 0xD
|
#define KEYSLOT_SWITCH_DEVICEKEY 0xC
|
||||||
|
|
||||||
/* This keyslot was added in 4.0.0. */
|
/* This keyslot was added in 4.0.0. */
|
||||||
#define KEYSLOT_SWITCH_4XNEWDEVICEKEYGENKEY 0xD
|
#define KEYSLOT_SWITCH_4XNEWDEVICEKEYGENKEY 0xD
|
||||||
|
|
|
@ -63,11 +63,11 @@ void load_keys(const uint8_t *se_state) {
|
||||||
/* Clear keyslot 0xB. */
|
/* Clear keyslot 0xB. */
|
||||||
clear_aes_keyslot(0xB);
|
clear_aes_keyslot(0xB);
|
||||||
|
|
||||||
/* Copy master key out of state keyslot 0xC into keyslot 0xC. */
|
/* Copy firmware device key out of state keyslot 0xE into keyslot 0xC. */
|
||||||
set_aes_keyslot(0xC, se_state + 0x30 + (0xC * 0x20), 0x10);
|
set_aes_keyslot(0xC, se_state + 0x30 + (0xE * 0x20), 0x10);
|
||||||
|
|
||||||
/* Copy firmware device key out of state keyslot 0xE into keyslot 0xD. */
|
/* Copy master key out of state keyslot 0xC into keyslot 0xD. */
|
||||||
set_aes_keyslot(0xD, se_state + 0x30 + (0xE * 0x20), 0x10);
|
set_aes_keyslot(0xD, se_state + 0x30 + (0xC * 0x20), 0x10);
|
||||||
|
|
||||||
/* Clear keyslot 0xE. */
|
/* Clear keyslot 0xE. */
|
||||||
clear_aes_keyslot(0xE);
|
clear_aes_keyslot(0xE);
|
||||||
|
@ -77,5 +77,5 @@ void load_keys(const uint8_t *se_state) {
|
||||||
|
|
||||||
/* Set keyslot flags properly in preparation for secmon. */
|
/* Set keyslot flags properly in preparation for secmon. */
|
||||||
set_aes_keyslot_flags(0xE, 0x15);
|
set_aes_keyslot_flags(0xE, 0x15);
|
||||||
set_aes_keyslot_flags(0xD, 0x15);
|
set_aes_keyslot_flags(0xC, 0x15);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue