mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 20:31:14 +00:00
sept-s: Implement key derivation
This commit is contained in:
parent
fb2baa8c8d
commit
f1068d6c3f
4 changed files with 141 additions and 16 deletions
|
@ -28,6 +28,7 @@
|
||||||
#include "mc.h"
|
#include "mc.h"
|
||||||
#include "se.h"
|
#include "se.h"
|
||||||
#include "pmc.h"
|
#include "pmc.h"
|
||||||
|
#include "emc.h"
|
||||||
#include "fuse.h"
|
#include "fuse.h"
|
||||||
#include "i2c.h"
|
#include "i2c.h"
|
||||||
#include "ips.h"
|
#include "ips.h"
|
||||||
|
@ -308,6 +309,12 @@ static void nxboot_move_bootconfig() {
|
||||||
free(bootconfig);
|
free(bootconfig);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool get_and_clear_has_run_sept(void) {
|
||||||
|
bool has_run_sept = (MAKE_EMC_REG(EMC_SCRATCH0) & 0x80000000) != 0;
|
||||||
|
MAKE_EMC_REG(EMC_SCRATCH0) &= ~0x80000000;
|
||||||
|
return has_run_sept;
|
||||||
|
}
|
||||||
|
|
||||||
/* This is the main function responsible for booting Horizon. */
|
/* This is the main function responsible for booting Horizon. */
|
||||||
static nx_keyblob_t __attribute__((aligned(16))) g_keyblobs[32];
|
static nx_keyblob_t __attribute__((aligned(16))) g_keyblobs[32];
|
||||||
uint32_t nxboot_main(void) {
|
uint32_t nxboot_main(void) {
|
||||||
|
@ -412,23 +419,15 @@ uint32_t nxboot_main(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_700) {
|
|
||||||
/* TODO: Detect when we have been loaded by sept-secondary, and thus have keys provided for us. */
|
|
||||||
reboot_to_sept(tsec_fw, tsec_fw_size, sept_secondary_enc, sept_secondary_enc_size);
|
|
||||||
}
|
|
||||||
|
|
||||||
print(SCREEN_LOG_LEVEL_MANDATORY, "[NXBOOT]: Loaded firmware from eMMC...\n");
|
print(SCREEN_LOG_LEVEL_MANDATORY, "[NXBOOT]: Loaded firmware from eMMC...\n");
|
||||||
|
|
||||||
/* Get the TSEC keys. */
|
/* Get the TSEC keys. */
|
||||||
uint8_t tsec_key[0x10] = {0};
|
uint8_t tsec_key[0x10] = {0};
|
||||||
uint8_t tsec_root_keys[0x20][0x10] = {0};
|
uint8_t tsec_root_keys[0x20][0x10] = {0};
|
||||||
if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_700) {
|
if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_700) {
|
||||||
/* TODO: what else to do here? */
|
/* Detect whether we need to run sept-secondary in order to derive keys. */
|
||||||
|
if (!get_and_clear_has_run_sept()) {
|
||||||
/* Patch TSEC firmware to exit after generating TSEC key. */
|
reboot_to_sept(tsec_fw, tsec_fw_size, sept_secondary_enc, sept_secondary_enc_size);
|
||||||
*((volatile uint16_t *)((uintptr_t)tsec_fw + 0x2DB5)) = 0x02F8;
|
|
||||||
if (tsec_get_key(tsec_key, 1, tsec_fw, tsec_fw_size) != 0) {
|
|
||||||
fatal_error("[NXBOOT]: Failed to get TSEC key!\n");
|
|
||||||
}
|
}
|
||||||
} else if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_620) {
|
} else if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_620) {
|
||||||
uint8_t tsec_keys[0x20] = {0};
|
uint8_t tsec_keys[0x20] = {0};
|
||||||
|
@ -446,11 +445,13 @@ uint32_t nxboot_main(void) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Derive keydata. */
|
/* Derive keydata. If on 7.0.0+, sept has already derived keys for us. */
|
||||||
unsigned int keygen_type = 0;
|
unsigned int keygen_type = 0;
|
||||||
|
if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_700) {
|
||||||
if (derive_nx_keydata(target_firmware, g_keyblobs, available_revision, tsec_key, tsec_root_keys, &keygen_type) != 0) {
|
if (derive_nx_keydata(target_firmware, g_keyblobs, available_revision, tsec_key, tsec_root_keys, &keygen_type) != 0) {
|
||||||
fatal_error("[NXBOOT]: Key derivation failed!\n");
|
fatal_error("[NXBOOT]: Key derivation failed!\n");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Setup boot configuration for Exosphère. */
|
/* Setup boot configuration for Exosphère. */
|
||||||
nxboot_configure_exosphere(target_firmware, keygen_type);
|
nxboot_configure_exosphere(target_firmware, keygen_type);
|
||||||
|
|
85
sept/sept-secondary/src/key_derivation.c
Normal file
85
sept/sept-secondary/src/key_derivation.c
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2018 Atmosphère-NX
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms and conditions of the GNU General Public License,
|
||||||
|
* version 2, as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||||
|
* more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "key_derivation.h"
|
||||||
|
#include "se.h"
|
||||||
|
#include "fuse.h"
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
|
#define AL16 ALIGN(16)
|
||||||
|
|
||||||
|
static const uint8_t AL16 keyblob_seed_00[0x10] = {
|
||||||
|
0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3
|
||||||
|
};
|
||||||
|
|
||||||
|
static const uint8_t AL16 masterkey_seed[0x10] = {
|
||||||
|
0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C
|
||||||
|
};
|
||||||
|
|
||||||
|
static const uint8_t AL16 devicekey_seed[0x10] = {
|
||||||
|
0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78
|
||||||
|
};
|
||||||
|
|
||||||
|
static const uint8_t AL16 devicekey_4x_seed[0x10] = {
|
||||||
|
0x0C, 0x91, 0x09, 0xDB, 0x93, 0x93, 0x07, 0x81, 0x07, 0x3C, 0xC4, 0x16, 0x22, 0x7C, 0x6C, 0x28
|
||||||
|
};
|
||||||
|
|
||||||
|
static const uint8_t AL16 masterkey_4x_seed[0x10] = {
|
||||||
|
0x2D, 0xC1, 0xF4, 0x8D, 0xF3, 0x5B, 0x69, 0x33, 0x42, 0x10, 0xAC, 0x65, 0xDA, 0x90, 0x46, 0x66
|
||||||
|
};
|
||||||
|
|
||||||
|
static const uint8_t AL16 new_master_kek_seed_7x[0x10] = {
|
||||||
|
0x9A, 0x3E, 0xA9, 0xAB, 0xFD, 0x56, 0x46, 0x1C, 0x9B, 0xF6, 0x48, 0x7F, 0x5C, 0xFA, 0x09, 0x5C
|
||||||
|
};
|
||||||
|
|
||||||
|
void derive_7x_keys(const void *tsec_key, void *tsec_root_key) {
|
||||||
|
uint8_t AL16 work_buffer[0x10];
|
||||||
|
uint8_t AL16 master_kek[0x10];
|
||||||
|
|
||||||
|
/* Set keyslot flags properly in preparation of derivation. */
|
||||||
|
set_aes_keyslot_flags(0xE, 0x15);
|
||||||
|
set_aes_keyslot_flags(0xD, 0x15);
|
||||||
|
|
||||||
|
/* Set the TSEC key. */
|
||||||
|
set_aes_keyslot(0xD, tsec_key, 0x10);
|
||||||
|
|
||||||
|
/* Derive keyblob key 0. */
|
||||||
|
se_aes_ecb_decrypt_block(0xD, work_buffer, 0x10, keyblob_seed_00, 0x10);
|
||||||
|
decrypt_data_into_keyslot(0xF, 0xE, work_buffer, 0x10);
|
||||||
|
|
||||||
|
/* Derive the master kek. */
|
||||||
|
set_aes_keyslot(0xC, tsec_root_key, 0x10);
|
||||||
|
se_aes_ecb_decrypt_block(0xC, master_kek, 0x10, new_master_kek_seed_7x, 0x10);
|
||||||
|
|
||||||
|
/* Clear the SBK. */
|
||||||
|
clear_aes_keyslot(0xE);
|
||||||
|
|
||||||
|
/* Set master kek. */
|
||||||
|
set_aes_keyslot(0xC, master_kek, 0x10);
|
||||||
|
|
||||||
|
/* Derive keys for exosphere. */
|
||||||
|
decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10);
|
||||||
|
decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10);
|
||||||
|
decrypt_data_into_keyslot(0xE, 0xC, masterkey_4x_seed, 0x10);
|
||||||
|
decrypt_data_into_keyslot(0xC, 0xC, masterkey_seed, 0x10);
|
||||||
|
|
||||||
|
/* Clear master kek from memory. */
|
||||||
|
for (size_t i = 0; i < sizeof(master_kek); i++) {
|
||||||
|
master_kek[i] = 0xCC;
|
||||||
|
work_buffer[i] = 0xCC;
|
||||||
|
}
|
||||||
|
}
|
26
sept/sept-secondary/src/key_derivation.h
Normal file
26
sept/sept-secondary/src/key_derivation.h
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2018 Atmosphère-NX
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms and conditions of the GNU General Public License,
|
||||||
|
* version 2, as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||||
|
* more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef SEPT_KEYDERIVATION_H
|
||||||
|
#define SEPT_KEYDERIVATION_H
|
||||||
|
|
||||||
|
#include <stddef.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
void derive_7x_keys(const void *tsec_key, void *tsec_root_key);
|
||||||
|
|
||||||
|
#endif
|
|
@ -21,6 +21,8 @@
|
||||||
#include "di.h"
|
#include "di.h"
|
||||||
#include "se.h"
|
#include "se.h"
|
||||||
#include "pmc.h"
|
#include "pmc.h"
|
||||||
|
#include "emc.h"
|
||||||
|
#include "key_derivation.h"
|
||||||
#include "timers.h"
|
#include "timers.h"
|
||||||
#include "fs_utils.h"
|
#include "fs_utils.h"
|
||||||
#include "stage2.h"
|
#include "stage2.h"
|
||||||
|
@ -151,9 +153,20 @@ int main(void) {
|
||||||
|
|
||||||
/* Say hello. */
|
/* Say hello. */
|
||||||
print(SCREEN_LOG_LEVEL_MANDATORY, "Welcome to Atmosph\xe8re sept-secondary!\n");
|
print(SCREEN_LOG_LEVEL_MANDATORY, "Welcome to Atmosph\xe8re sept-secondary!\n");
|
||||||
while (true) { }
|
|
||||||
|
|
||||||
/* TODO: Derive keys. */
|
/* Derive keys. */
|
||||||
|
derive_7x_keys(g_tsec_key, g_tsec_root_key);
|
||||||
|
|
||||||
|
/* Cleanup keys in memory. */
|
||||||
|
for (size_t i = 0; i < 0x10; i += 4) {
|
||||||
|
g_tsec_root_key[i/4] = 0xCCCCCCCC;
|
||||||
|
g_tsec_key[i/4] = 0xCCCCCCCC;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Mark EMC scratch to say that sept has run. */
|
||||||
|
MAKE_EMC_REG(EMC_SCRATCH0) |= 0x80000000;
|
||||||
|
|
||||||
|
while (true) { }
|
||||||
|
|
||||||
/* TODO: Chainload to payload. */
|
/* TODO: Chainload to payload. */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue