From 72f83ea43e1e4c0c662acb57a2bac5b89bdda2ef Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 14 Nov 2020 11:11:41 -0800 Subject: [PATCH] exo: reserve a portion of iram for secure monitor debug (including code) --- exosphere/program/source/secmon_map.cpp | 5 +++++ .../exosphere/secmon/secmon_memory_layout.hpp | 18 ++++++++++++++++++ .../source/bpc_mitm/bpc_ams_power_utils.cpp | 2 +- stratosphere/boot/source/boot_power_utils.cpp | 2 +- troposphere/reboot_to_payload/source/main.c | 18 +++++++++--------- 5 files changed, 34 insertions(+), 11 deletions(-) diff --git a/exosphere/program/source/secmon_map.cpp b/exosphere/program/source/secmon_map.cpp index 4dbe006f1..984b6782c 100644 --- a/exosphere/program/source/secmon_map.cpp +++ b/exosphere/program/source/secmon_map.cpp @@ -196,6 +196,11 @@ namespace ams::secmon { return 0; } + /* Validate that the page isn't a secure monitor debug page. */ + if (MemoryRegionPhysicalIramSecureMonitorDebug.Contains(address, 1)) { + return 0; + } + /* Validate that the page is aligned. */ if (!util::IsAligned(address, 4_KB)) { return 0; diff --git a/libraries/libexosphere/include/exosphere/secmon/secmon_memory_layout.hpp b/libraries/libexosphere/include/exosphere/secmon/secmon_memory_layout.hpp index c6ec12b37..13462f9b7 100644 --- a/libraries/libexosphere/include/exosphere/secmon/secmon_memory_layout.hpp +++ b/libraries/libexosphere/include/exosphere/secmon/secmon_memory_layout.hpp @@ -89,8 +89,10 @@ namespace ams::secmon { constexpr inline const MemoryRegion MemoryRegionPhysicalIram = MemoryRegion(UINT64_C(0x40000000), 0x40000); constexpr inline const MemoryRegion MemoryRegionPhysicalTzram = MemoryRegion(UINT64_C(0x7C010000), 0x10000); + constexpr inline const MemoryRegion MemoryRegionPhysicalTzramMariko = MemoryRegion(UINT64_C(0x7C010000), 0x40000); static_assert(MemoryRegionPhysical.Contains(MemoryRegionPhysicalIram)); static_assert(MemoryRegionPhysical.Contains(MemoryRegionPhysicalTzram)); + static_assert(MemoryRegionPhysicalTzramMariko.Contains(MemoryRegionPhysicalTzram)); constexpr inline const MemoryRegion MemoryRegionPhysicalTzramVolatile(UINT64_C(0x7C010000), 0x2000); static_assert(MemoryRegionPhysicalTzram.Contains(MemoryRegionPhysicalTzramVolatile)); @@ -193,6 +195,10 @@ namespace ams::secmon { constexpr inline const MemoryRegion MemoryRegionVirtualTzramProgramExceptionVectors(UINT64_C(0x1F00C0000), 0x800); static_assert(MemoryRegionVirtualTzramProgram.Contains(MemoryRegionVirtualTzramProgramExceptionVectors)); + constexpr inline const MemoryRegion MemoryRegionVirtualTzramMarikoProgram(UINT64_C(0x1F00D0000), 0x20000); + constexpr inline const MemoryRegion MemoryRegionPhysicalTzramMarikoProgram(UINT64_C(0x7C020000), 0x20000); + static_assert(MemoryRegionPhysicalTzramMariko.Contains(MemoryRegionVirtualTzramMarikoProgram)); + constexpr inline const MemoryRegion MemoryRegionVirtualTzramProgramMain(UINT64_C(0x1F00C0800), 0xB800); static_assert(MemoryRegionVirtualTzramProgram.Contains(MemoryRegionVirtualTzramProgramMain)); @@ -218,6 +224,13 @@ namespace ams::secmon { static_assert(MemoryRegionVirtual.Contains(MemoryRegionVirtualIramSc7Firmware)); static_assert(MemoryRegionPhysicalIram.Contains(MemoryRegionPhysicalIramSc7Firmware)); + constexpr inline const MemoryRegion MemoryRegionPhysicalIramSecureMonitorDebug(UINT64_C(0x40030000), 0x8000); + static_assert(MemoryRegionPhysicalIram.Contains(MemoryRegionPhysicalIramSecureMonitorDebug)); + + constexpr inline const MemoryRegion MemoryRegionVirtualDebugCode = MemoryRegion(UINT64_C(0x1F0150000), 0x4000); + constexpr inline const MemoryRegion MemoryRegionPhysicalDebugCode = MemoryRegion(UINT64_C(0x40034000), 0x4000); + static_assert(MemoryRegionPhysicalIramSecureMonitorDebug.Contains(MemoryRegionPhysicalDebugCode)); + constexpr inline const MemoryRegion MemoryRegionVirtualDebug = MemoryRegion(UINT64_C(0x1F0160000), 0x10000); static_assert(MemoryRegionVirtual.Contains(MemoryRegionVirtualDebug)); @@ -233,6 +246,11 @@ namespace ams::secmon { static_assert(MemoryRegionVirtual.Contains(MemoryRegionVirtualDramSecureDataStore)); static_assert(MemoryRegionDram.Contains(MemoryRegionPhysicalDramSecureDataStore)); + constexpr inline const MemoryRegion MemoryRegionVirtualDramDebugDataStore = MemoryRegion(UINT64_C(0x1F0110000), 0x4000); + constexpr inline const MemoryRegion MemoryRegionPhysicalDramDebugDataStore = MemoryRegion( UINT64_C(0x8000C000), 0x4000); + static_assert(MemoryRegionVirtual.Contains(MemoryRegionVirtualDramSecureDataStore)); + static_assert(MemoryRegionDram.Contains(MemoryRegionPhysicalDramSecureDataStore)); + constexpr inline const MemoryRegion MemoryRegionVirtualDramSecureDataStoreTzram = MemoryRegion(UINT64_C(0x1F0100000), 0xE000); constexpr inline const MemoryRegion MemoryRegionVirtualDramSecureDataStoreWarmbootFirmware = MemoryRegion(UINT64_C(0x1F010E000), 0x17C0); constexpr inline const MemoryRegion MemoryRegionVirtualDramSecureDataStoreSecurityEngineState = MemoryRegion(UINT64_C(0x1F010F7C0), 0x0840); diff --git a/stratosphere/ams_mitm/source/bpc_mitm/bpc_ams_power_utils.cpp b/stratosphere/ams_mitm/source/bpc_mitm/bpc_ams_power_utils.cpp index d88b661b8..0a328aa0c 100644 --- a/stratosphere/ams_mitm/source/bpc_mitm/bpc_ams_power_utils.cpp +++ b/stratosphere/ams_mitm/source/bpc_mitm/bpc_ams_power_utils.cpp @@ -25,7 +25,7 @@ namespace ams::mitm::bpc { constexpr uintptr_t IramBase = 0x40000000ull; constexpr uintptr_t IramPayloadBase = 0x40010000ull; constexpr size_t IramSize = 0x40000; - constexpr size_t IramPayloadMaxSize = 0x2E000; + constexpr size_t IramPayloadMaxSize = 0x20000; /* Helper enum. */ enum class RebootType : u32 { diff --git a/stratosphere/boot/source/boot_power_utils.cpp b/stratosphere/boot/source/boot_power_utils.cpp index d01342d6c..59228e3c8 100644 --- a/stratosphere/boot/source/boot_power_utils.cpp +++ b/stratosphere/boot/source/boot_power_utils.cpp @@ -26,7 +26,7 @@ namespace ams::boot { constexpr uintptr_t IramBase = 0x40000000ull; constexpr uintptr_t IramPayloadBase = 0x40010000ull; constexpr size_t IramSize = 0x40000; - constexpr size_t IramPayloadMaxSize = 0x2E000; + constexpr size_t IramPayloadMaxSize = 0x20000; /* Globals. */ alignas(os::MemoryPageSize) u8 g_work_page[os::MemoryPageSize]; diff --git a/troposphere/reboot_to_payload/source/main.c b/troposphere/reboot_to_payload/source/main.c index 3c6dcf0e1..80fe79e3c 100644 --- a/troposphere/reboot_to_payload/source/main.c +++ b/troposphere/reboot_to_payload/source/main.c @@ -4,7 +4,7 @@ #include -#define IRAM_PAYLOAD_MAX_SIZE 0x2F000 +#define IRAM_PAYLOAD_MAX_SIZE 0x20000 #define IRAM_PAYLOAD_BASE 0x40010000 static alignas(0x1000) u8 g_reboot_payload[IRAM_PAYLOAD_MAX_SIZE]; @@ -13,7 +13,7 @@ static alignas(0x1000) u8 g_work_page[0x1000]; void do_iram_dram_copy(void *buf, uintptr_t iram_addr, size_t size, int option) { memcpy(g_work_page, buf, size); - + SecmonArgs args = {0}; args.X[0] = 0xF0000201; /* smcAmsIramCopy */ args.X[1] = (uintptr_t)g_work_page; /* DRAM Address */ @@ -21,7 +21,7 @@ void do_iram_dram_copy(void *buf, uintptr_t iram_addr, size_t size, int option) args.X[3] = size; /* Copy size */ args.X[4] = option; /* 0 = Read, 1 = Write */ svcCallSecureMonitor(&args); - + memcpy(buf, g_work_page, size); } @@ -42,18 +42,18 @@ static void clear_iram(void) { static void reboot_to_payload(void) { clear_iram(); - + for (size_t i = 0; i < IRAM_PAYLOAD_MAX_SIZE; i += 0x1000) { copy_to_iram(IRAM_PAYLOAD_BASE + i, &g_reboot_payload[i], 0x1000); } - + splSetConfig((SplConfigItem)65001, 2); } int main(int argc, char **argv) { consoleInit(NULL); - + bool can_reboot = true; Result rc = splInitialize(); if (R_FAILED(rc)) { @@ -70,7 +70,7 @@ int main(int argc, char **argv) printf("Press [-] to reboot to payload\n"); } } - + printf("Press [L] to exit\n"); // Main loop @@ -89,7 +89,7 @@ int main(int argc, char **argv) if (can_reboot && kDown & KEY_MINUS) { reboot_to_payload(); } - if (kDown & KEY_L) { break; } // break in order to return to hbmenu + if (kDown & KEY_L) { break; } // break in order to return to hbmenu consoleUpdate(NULL); } @@ -97,7 +97,7 @@ int main(int argc, char **argv) if (can_reboot) { splExit(); } - + consoleExit(NULL); return 0; }