mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 12:21:18 +00:00
fusee: always use the exo2 (modern tz) key layout
This commit is contained in:
parent
6780b096ca
commit
47512cc8a2
1 changed files with 11 additions and 36 deletions
|
@ -161,8 +161,8 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
||||||
void *tsec_root_key = (void *)((uintptr_t)tsec_root_keys + 0x10 * (rev - MASTERKEY_REVISION_620));
|
void *tsec_root_key = (void *)((uintptr_t)tsec_root_keys + 0x10 * (rev - MASTERKEY_REVISION_620));
|
||||||
if (memcmp(tsec_root_key, zeroes, 0x10) != 0) {
|
if (memcmp(tsec_root_key, zeroes, 0x10) != 0) {
|
||||||
/* We got a valid key from emulation. */
|
/* We got a valid key from emulation. */
|
||||||
set_aes_keyslot(0xC, tsec_root_key, 0x10);
|
set_aes_keyslot(0xD, tsec_root_key, 0x10);
|
||||||
se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620], 0x10);
|
se_aes_ecb_decrypt_block(0xD, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620], 0x10);
|
||||||
memcpy(g_dec_keyblobs[rev].master_kek, work_buffer, 0x10);
|
memcpy(g_dec_keyblobs[rev].master_kek, work_buffer, 0x10);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -179,8 +179,8 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
||||||
fclose(extkey_file);
|
fclose(extkey_file);
|
||||||
for (unsigned int rev = MASTERKEY_REVISION_620; rev < MASTERKEY_REVISION_MAX; rev++) {
|
for (unsigned int rev = MASTERKEY_REVISION_620; rev < MASTERKEY_REVISION_MAX; rev++) {
|
||||||
if (memcmp(extkeys.tsec_root_keys[rev - MASTERKEY_REVISION_620], zeroes, 0x10) != 0) {
|
if (memcmp(extkeys.tsec_root_keys[rev - MASTERKEY_REVISION_620], zeroes, 0x10) != 0) {
|
||||||
set_aes_keyslot(0xC, extkeys.tsec_root_keys[rev - MASTERKEY_REVISION_620], 0x10);
|
set_aes_keyslot(0xD, extkeys.tsec_root_keys[rev - MASTERKEY_REVISION_620], 0x10);
|
||||||
se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620], 0x10);
|
se_aes_ecb_decrypt_block(0xD, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620], 0x10);
|
||||||
memcpy(g_dec_keyblobs[rev].master_kek, work_buffer, 0x10);
|
memcpy(g_dec_keyblobs[rev].master_kek, work_buffer, 0x10);
|
||||||
} else {
|
} else {
|
||||||
memcpy(g_dec_keyblobs[rev].master_kek, extkeys.master_keks[rev], 0x10);
|
memcpy(g_dec_keyblobs[rev].master_kek, extkeys.master_keks[rev], 0x10);
|
||||||
|
@ -198,7 +198,7 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
||||||
clear_aes_keyslot(0xE);
|
clear_aes_keyslot(0xE);
|
||||||
|
|
||||||
/* Get needed data. */
|
/* Get needed data. */
|
||||||
set_aes_keyslot(0xC, g_dec_keyblobs[available_revision].master_kek, 0x10);
|
set_aes_keyslot(0xD, g_dec_keyblobs[available_revision].master_kek, 0x10);
|
||||||
|
|
||||||
/* Also set the Package1 key for the revision that is stored on the eMMC boot0 partition. */
|
/* Also set the Package1 key for the revision that is stored on the eMMC boot0 partition. */
|
||||||
if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_6_2_0) {
|
if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_6_2_0) {
|
||||||
|
@ -206,42 +206,17 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Derive keys for Exosphere, lock critical keyslots. */
|
/* Derive keys for Exosphere, lock critical keyslots. */
|
||||||
switch (target_firmware) {
|
decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10);
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_1_0_0:
|
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_2_0_0:
|
decrypt_data_into_keyslot(0xC, 0xD, masterkey_4x_seed, 0x10);
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_3_0_0:
|
decrypt_data_into_keyslot(0xD, 0xD, masterkey_seed, 0x10);
|
||||||
decrypt_data_into_keyslot(0xD, 0xF, devicekey_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xC, 0xC, masterkey_seed, 0x10);
|
|
||||||
break;
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_4_0_0:
|
|
||||||
decrypt_data_into_keyslot(0xD, 0xF, devicekey_4x_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xE, 0xC, masterkey_4x_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xC, 0xC, masterkey_seed, 0x10);
|
|
||||||
break;
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_5_0_0:
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_6_0_0:
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_6_2_0:
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_7_0_0:
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_8_0_0:
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_8_1_0:
|
|
||||||
case ATMOSPHERE_TARGET_FIRMWARE_9_0_0:
|
|
||||||
decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xD, 0xC, masterkey_seed, 0x10);
|
|
||||||
decrypt_data_into_keyslot(0xC, 0xC, masterkey_4x_seed, 0x10);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Setup master key revision, derive older master keys for use. */
|
/* Setup master key revision, derive older master keys for use. */
|
||||||
return mkey_detect_revision(fuse_get_retail_type() != 0);
|
return mkey_detect_revision(fuse_get_retail_type() != 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void generate_specific_aes_key(void *dst, const void *wrapped_key, bool should_mask, uint32_t target_firmware, uint32_t generation) {
|
static void generate_specific_aes_key(void *dst, const void *wrapped_key, bool should_mask, uint32_t target_firmware, uint32_t generation) {
|
||||||
unsigned int keyslot = (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (devkey_get_keyslot(generation)) : (KEYSLOT_SWITCH_DEVICEKEY);
|
unsigned int keyslot = devkey_get_keyslot(generation);
|
||||||
|
|
||||||
|
|
||||||
if (fuse_get_bootrom_patch_version() < 0x7F) {
|
if (fuse_get_bootrom_patch_version() < 0x7F) {
|
||||||
/* On dev units, use a fixed "all-zeroes" seed. */
|
/* On dev units, use a fixed "all-zeroes" seed. */
|
||||||
|
@ -273,7 +248,7 @@ static void generate_personalized_aes_key_for_bis(void *dst, const void *wrapped
|
||||||
0x89, 0x61, 0x5E, 0xE0, 0x5C, 0x31, 0xB6, 0x80, 0x5F, 0xE5, 0x8F, 0x3D, 0xA2, 0x4F, 0x7A, 0xA8
|
0x89, 0x61, 0x5E, 0xE0, 0x5C, 0x31, 0xB6, 0x80, 0x5F, 0xE5, 0x8F, 0x3D, 0xA2, 0x4F, 0x7A, 0xA8
|
||||||
};
|
};
|
||||||
|
|
||||||
unsigned int keyslot = (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (devkey_get_keyslot(generation)) : (KEYSLOT_SWITCH_DEVICEKEY);
|
unsigned int keyslot = devkey_get_keyslot(generation);
|
||||||
/* Derive kek. */
|
/* Derive kek. */
|
||||||
decrypt_data_into_keyslot(KEYSLOT_SWITCH_TEMPKEY, keyslot, kek_source, 0x10);
|
decrypt_data_into_keyslot(KEYSLOT_SWITCH_TEMPKEY, keyslot, kek_source, 0x10);
|
||||||
decrypt_data_into_keyslot(KEYSLOT_SWITCH_TEMPKEY, KEYSLOT_SWITCH_TEMPKEY, wrapped_kek, 0x10);
|
decrypt_data_into_keyslot(KEYSLOT_SWITCH_TEMPKEY, KEYSLOT_SWITCH_TEMPKEY, wrapped_kek, 0x10);
|
||||||
|
|
Loading…
Reference in a new issue