mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2025-01-25 00:14:27 +00:00
fs.mitm: loosen boot0 write restrictions, protect keyblobs.
This commit is contained in:
parent
d88fd04c73
commit
a07e37121d
3 changed files with 46 additions and 13 deletions
|
@ -23,10 +23,6 @@
|
||||||
static HosMutex g_boot0_mutex;
|
static HosMutex g_boot0_mutex;
|
||||||
static u8 g_boot0_bct_buffer[Boot0Storage::BctEndOffset];
|
static u8 g_boot0_bct_buffer[Boot0Storage::BctEndOffset];
|
||||||
|
|
||||||
bool Boot0Storage::AllowWrites() {
|
|
||||||
return this->title_id < 0x0100000000001000ULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool Boot0Storage::CanModifyBctPubks() {
|
bool Boot0Storage::CanModifyBctPubks() {
|
||||||
return this->title_id != 0x010000000000001FULL;
|
return this->title_id != 0x010000000000001FULL;
|
||||||
}
|
}
|
||||||
|
@ -40,18 +36,52 @@ Result Boot0Storage::Read(void *_buffer, size_t size, u64 offset) {
|
||||||
Result Boot0Storage::Write(void *_buffer, size_t size, u64 offset) {
|
Result Boot0Storage::Write(void *_buffer, size_t size, u64 offset) {
|
||||||
std::scoped_lock<HosMutex> lk{g_boot0_mutex};
|
std::scoped_lock<HosMutex> lk{g_boot0_mutex};
|
||||||
|
|
||||||
if (!AllowWrites()) {
|
Result rc = 0;
|
||||||
return 0x313802;
|
u8 *buffer = static_cast<u8 *>(_buffer);
|
||||||
|
|
||||||
|
/* Protect the keyblob region from writes. */
|
||||||
|
if (offset <= EksStart) {
|
||||||
|
if (offset + size < EksStart) {
|
||||||
|
/* Fall through, no need to do anything here. */
|
||||||
|
} else {
|
||||||
|
if (offset + size < EksEnd) {
|
||||||
|
/* Adjust size to avoid writing end of data. */
|
||||||
|
size = EksStart - offset;
|
||||||
|
} else {
|
||||||
|
/* Perform portion of write falling past end of keyblobs. */
|
||||||
|
const u64 diff = EksEnd - offset;
|
||||||
|
if (R_FAILED((rc = Base::Write(buffer + diff, size - diff, EksEnd)))) {
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
/* Adjust size to avoid writing end of data. */
|
||||||
|
size = EksStart - offset;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (offset < EksEnd) {
|
||||||
|
if (offset + size < EksEnd) {
|
||||||
|
/* Ignore writes falling strictly within the region. */
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
/* Only write past the end of the keyblob region. */
|
||||||
|
buffer = buffer + (EksEnd - offset);
|
||||||
|
size -= (EksEnd - offset);
|
||||||
|
offset = EksEnd;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* Fall through, no need to do anything here. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (size == 0) {
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We care about protecting autorcm from NS. */
|
/* We care about protecting autorcm from NS. */
|
||||||
if (CanModifyBctPubks() || offset >= BctEndOffset || (offset + BctSize >= BctEndOffset && offset % BctSize >= BctPubkEnd)) {
|
if (CanModifyBctPubks() || offset >= BctEndOffset || (offset + BctSize >= BctEndOffset && offset % BctSize >= BctPubkEnd)) {
|
||||||
return Base::Write(_buffer, size, offset);
|
return Base::Write(buffer, size, offset);
|
||||||
}
|
}
|
||||||
|
|
||||||
Result rc = 0;
|
|
||||||
u8 *buffer = static_cast<u8 *>(_buffer);
|
|
||||||
|
|
||||||
/* First, let's deal with the data past the end. */
|
/* First, let's deal with the data past the end. */
|
||||||
if (offset + size >= BctEndOffset) {
|
if (offset + size >= BctEndOffset) {
|
||||||
const u64 diff = BctEndOffset - offset;
|
const u64 diff = BctEndOffset - offset;
|
||||||
|
|
|
@ -142,10 +142,13 @@ class Boot0Storage : public SectoredProxyStorage<0x200> {
|
||||||
static constexpr u64 BctPubkStart = 0x210;
|
static constexpr u64 BctPubkStart = 0x210;
|
||||||
static constexpr u64 BctPubkSize = 0x100;
|
static constexpr u64 BctPubkSize = 0x100;
|
||||||
static constexpr u64 BctPubkEnd = BctPubkStart + BctPubkSize;
|
static constexpr u64 BctPubkEnd = BctPubkStart + BctPubkSize;
|
||||||
|
|
||||||
|
static constexpr u64 EksStart = 0x180000;
|
||||||
|
static constexpr u64 EksSize = 0x4000;
|
||||||
|
static constexpr u64 EksEnd = EksStart + EksSize;
|
||||||
private:
|
private:
|
||||||
u64 title_id;
|
u64 title_id;
|
||||||
private:
|
private:
|
||||||
bool AllowWrites();
|
|
||||||
bool CanModifyBctPubks();
|
bool CanModifyBctPubks();
|
||||||
public:
|
public:
|
||||||
Boot0Storage(FsStorage *s, u64 t) : Base(s), title_id(t) { }
|
Boot0Storage(FsStorage *s, u64 t) : Base(s), title_id(t) { }
|
||||||
|
|
|
@ -41,8 +41,8 @@ class FsMitmService : public IMitmServiceObject {
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool ShouldMitm(u64 pid, u64 tid) {
|
static bool ShouldMitm(u64 pid, u64 tid) {
|
||||||
/* fs.mitm should always mitm everything. */
|
/* fs.mitm should always mitm everything that's not a kip. */
|
||||||
return true;
|
return pid >= 0x50;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void PostProcess(IMitmServiceObject *obj, IpcResponseContext *ctx);
|
static void PostProcess(IMitmServiceObject *obj, IpcResponseContext *ctx);
|
||||||
|
|
Loading…
Reference in a new issue