fusee_cpp: validate mtc overlay before jumping to it.

mtc will jump back to us, so we need a compatible binary.

This also makes some changes to our layout to minimize the likelihood of
an incompatible mtc binary (I made some arbitrary .text/.rodata/.rwdata changes)
and saw identical mtc binaries, so hopefully this all works out.
This commit is contained in:
Michael Scire 2021-09-03 01:49:18 -07:00 committed by SciresM
parent b520f5c53b
commit 5950ff5b5e
4 changed files with 24 additions and 5 deletions

View file

@ -23,6 +23,9 @@ SECTIONS
KEEP(*(.text._ZN3ams4util15GetMicroSecondsEv)) KEEP(*(.text._ZN3ams4util15GetMicroSecondsEv))
KEEP(*(.text._ZN3ams4util16WaitMicroSecondsEi)) KEEP(*(.text._ZN3ams4util16WaitMicroSecondsEi))
KEEP(*(.text._ZN3ams6nxboot14ShowFatalErrorEPKcz)) KEEP(*(.text._ZN3ams6nxboot14ShowFatalErrorEPKcz))
KEEP(*(.text.memcpy))
KEEP(*(.text.memset))
KEEP(*(.text.memcmp))
_*.o(SORT(.text*)) _*.o(SORT(.text*))
*(.text.unlikely .text.*_unlikely .text.unlikely.*) *(.text.unlikely .text.*_unlikely .text.unlikely.*)
*(.text.exit .text.exit.*) *(.text.exit .text.exit.*)

View file

@ -28,15 +28,25 @@ namespace ams::nxboot {
void LoadMemoryTrainingOverlay(fs::FileHandle archive_file) { void LoadMemoryTrainingOverlay(fs::FileHandle archive_file) {
Result result; Result result;
u32 verif_hash;
u32 store_hash;
if (fuse::GetSocType() == fuse::SocType_Erista) { if (fuse::GetSocType() == fuse::SocType_Erista) {
result = fs::ReadFile(archive_file, __builtin_offsetof(SecondaryArchive, ovl_mtc_erista), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_erista)); result = fs::ReadFile(archive_file, __builtin_offsetof(SecondaryArchive, ovl_mtc_erista), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_erista));
verif_hash = reinterpret_cast<const u32 *>(GetOverlayDestination())[-2];
store_hash = reinterpret_cast<const u32 *>(GetOverlayDestination())[(sizeof(SecondaryArchive{}.ovl_mtc_erista) / sizeof(u32)) - 1];
} else /* if (fuse::GetSocType() == fuse::SocType_Mariko) */ { } else /* if (fuse::GetSocType() == fuse::SocType_Mariko) */ {
result = fs::ReadFile(archive_file, __builtin_offsetof(SecondaryArchive, ovl_mtc_mariko), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_mariko)); result = fs::ReadFile(archive_file, __builtin_offsetof(SecondaryArchive, ovl_mtc_mariko), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_mariko));
verif_hash = reinterpret_cast<const u32 *>(GetOverlayDestination())[-1];
store_hash = reinterpret_cast<const u32 *>(GetOverlayDestination())[(sizeof(SecondaryArchive{}.ovl_mtc_mariko) / sizeof(u32)) - 1];
} }
if (R_FAILED(result)) { if (R_FAILED(result)) {
ShowFatalError("Failed to load MTC overlay: 0x%08" PRIx32 "\n", result.GetValue()); ShowFatalError("Failed to load MTC overlay: 0x%08" PRIx32 "\n", result.GetValue());
} }
if (verif_hash != store_hash) {
ShowFatalError("Incorrect fusee version! (program=0x%08" PRIx32 ", mtc=0x%08" PRIx32 ")\n", verif_hash, store_hash);
}
} }
} }
@ -53,7 +63,7 @@ namespace ams::nxboot {
if (fuse::GetSocType() == fuse::SocType_Erista) { if (fuse::GetSocType() == fuse::SocType_Erista) {
/* NOTE: Erista does not do memory clock restoration. */ /* NOTE: Erista does not do memory clock restoration. */
/* std::memcpy(const_cast<u8 *>(GetSecondaryArchive().ovl_mtc_erista), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_erista)); */ /* std::memcpy(const_cast<u8 *>(GetSecondaryArchive().ovl_mtc_erista), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_erista)); */
} else { } else /* if (fuse::GetSocType() == fuse::SocType_Mariko) */ {
std::memcpy(const_cast<u8 *>(GetSecondaryArchive().ovl_mtc_mariko), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_mariko)); std::memcpy(const_cast<u8 *>(GetSecondaryArchive().ovl_mtc_mariko), GetOverlayDestination(), sizeof(SecondaryArchive{}.ovl_mtc_mariko));
} }
} }
@ -62,7 +72,7 @@ namespace ams::nxboot {
if (fuse::GetSocType() == fuse::SocType_Erista) { if (fuse::GetSocType() == fuse::SocType_Erista) {
/* NOTE: Erista does not do memory clock restoration. */ /* NOTE: Erista does not do memory clock restoration. */
/* std::memcpy(GetOverlayDestination(), GetSecondaryArchive().ovl_mtc_erista, sizeof(SecondaryArchive{}.ovl_mtc_erista)); */ /* std::memcpy(GetOverlayDestination(), GetSecondaryArchive().ovl_mtc_erista, sizeof(SecondaryArchive{}.ovl_mtc_erista)); */
} else { } else /* if (fuse::GetSocType() == fuse::SocType_Mariko) */ {
std::memcpy(GetOverlayDestination(), GetSecondaryArchive().ovl_mtc_mariko, sizeof(SecondaryArchive{}.ovl_mtc_mariko)); std::memcpy(GetOverlayDestination(), GetSecondaryArchive().ovl_mtc_mariko, sizeof(SecondaryArchive{}.ovl_mtc_mariko));
} }
} }

View file

@ -725,6 +725,8 @@ namespace ams::nxboot {
AddNogcPatches(fs_meta, fs_version); AddNogcPatches(fs_meta, fs_version);
} }
/* TODO ams.tma2: add mount_host patches. */
/* Add generic patches. */ /* Add generic patches. */
{ {
/* Create patch path. */ /* Create patch path. */

View file

@ -132,7 +132,11 @@ def main(argc, argv):
all_kips = get_kips() all_kips = get_kips()
with open('../../program%s.bin' % target, 'rb') as f: with open('../../program%s.bin' % target, 'rb') as f:
data = f.read() data = f.read()
fusee_program = lz4_compress(data[:0x2B000] + get_overlay(data, 0)[:0x11000]) erista_mtc = get_overlay(data, 1)
mariko_mtc = get_overlay(data, 2)
erista_hsh = hashlib.sha256(erista_mtc[:-4]).digest()[:4]
mariko_hsh = hashlib.sha256(mariko_mtc[:-4]).digest()[:4]
fusee_program = lz4_compress(data[:0x2B000 - 8] + erista_hsh + mariko_hsh + get_overlay(data, 0)[:0x11000])
with open('../../program%s.lz4' % target, 'wb') as f: with open('../../program%s.lz4' % target, 'wb') as f:
f.write(fusee_program) f.write(fusee_program)
with open('../../fusee-boogaloo%s.bin' % target, 'wb') as f: with open('../../fusee-boogaloo%s.bin' % target, 'wb') as f:
@ -145,9 +149,9 @@ def main(argc, argv):
# Write Mariko Fatal # Write Mariko Fatal
f.write(pad(read_file('../../../../exosphere/mariko_fatal%s.bin' % target), 0x1C000)) f.write(pad(read_file('../../../../exosphere/mariko_fatal%s.bin' % target), 0x1C000))
# Write Erista MTC # Write Erista MTC
f.write(get_overlay(data, 1)) f.write(erista_mtc[:-4] + erista_hsh)
# Write Mariko MTC # Write Mariko MTC
f.write(get_overlay(data, 2)) f.write(mariko_mtc[:-4] + mariko_hsh)
# Write exosphere # Write exosphere
f.write(pad(read_file('../../../../exosphere/exosphere%s.bin' % target), 0xE000)) f.write(pad(read_file('../../../../exosphere/exosphere%s.bin' % target), 0xE000))
# Write mesosphere # Write mesosphere