diff --git a/bootloader/frontend/fe_info.c b/bootloader/frontend/fe_info.c
index aa1b639..8fbcd2d 100644
--- a/bootloader/frontend/fe_info.c
+++ b/bootloader/frontend/fe_info.c
@@ -30,6 +30,7 @@
 #include "../soc/fuse.h"
 #include "../soc/i2c.h"
 #include "../soc/kfuse.h"
+#include "../soc/smmu.h"
 #include "../soc/t210.h"
 #include "../storage/mmc.h"
 #include "../storage/nx_emmc.h"
@@ -347,6 +348,10 @@ void print_tsec_key()
 	gfx_clear_partial_grey(&gfx_ctxt, 0x1B, 0, 1256);
 	gfx_con_setpos(&gfx_con, 0, 0);
 
+	u32 retries = 0;
+	u32 key_ver_max = 3;
+
+	tsec_ctxt_t tsec_ctxt;
 	sdmmc_storage_t storage;
 	sdmmc_t sdmmc;
 
@@ -366,19 +371,76 @@ void print_tsec_key()
 	}
 
 	u8 keys[0x10 * 3];
-	for (u32 i = 1; i <= 3; i++)
-	{
-		int res = tsec_query(keys + ((i - 1) * 0x10), i, pkg1 + pkg1_id->tsec_off);
 
-		gfx_printf(&gfx_con, "%kTSEC key %d: %k", 0xFF00DDFF, i, 0xFFCCCCCC);
-		if (res >= 0)
+	tsec_ctxt.size = 0xF00;
+	tsec_ctxt.fw = (u8 *)pkg1 + pkg1_id->tsec_off;
+	tsec_ctxt.pkg1 = pkg1;
+	tsec_ctxt.pkg11_off = pkg1_id->pkg11_off;
+	tsec_ctxt.secmon_base = pkg1_id->secmon_base;
+
+	if (pkg1_id->kb >= KB_FIRMWARE_VERSION_620)
+	{
+		tsec_ctxt.size = 0x2900;
+		u8 *tsec_paged = (u8 *)page_alloc(3);
+		memcpy(tsec_paged, (void *)tsec_ctxt.fw, tsec_ctxt.size);
+		tsec_ctxt.fw = tsec_paged;
+
+		key_ver_max = 1;
+	}
+
+	for (u32 i = 1; i <= key_ver_max; i++)
+	{
+		tsec_ctxt.key_ver = i;
+		int res = 0;
+
+		while (tsec_query(keys + ((i - 1) * 0x10), pkg1_id->kb, &tsec_ctxt) < 0)
 		{
-			for (u32 j = 0; j < 0x10; j++)
-				gfx_printf(&gfx_con, "%02X", keys[((i - 1) * 0x10) + j]);
+			if (pkg1_id->kb <= KB_FIRMWARE_VERSION_600)
+				memset(keys + ((i - 1) * 0x10), 0x00, 0x10);
+			else
+				memset(keys, 0x00, 0x30);
+
+			retries++;
+
+			if (retries > 3)
+			{
+				res = -1;
+				break;
+			}
+		}
+
+		if (pkg1_id->kb <= KB_FIRMWARE_VERSION_600)
+		{
+			gfx_printf(&gfx_con, "%kTSEC key %d: %k", 0xFF00DDFF, i, 0xFFCCCCCC);
+
+			if (res >= 0)
+			{
+				for (u32 j = 0; j < 0x10; j++)
+					gfx_printf(&gfx_con, "%02X", keys[((i - 1) * 0x10) + j]);
+			}
+			else
+				EPRINTFARGS("ERROR %X", res);
+			gfx_putc(&gfx_con, '\n');
 		}
 		else
-			EPRINTFARGS("ERROR %X", res);
-		gfx_putc(&gfx_con, '\n');
+		{
+			gfx_printf(&gfx_con, "%kTSEC key:  %k", 0xFF00DDFF, 0xFFCCCCCC);
+
+			if (res >= 0)
+			{
+				for (u32 j = 0; j < 0x10; j++)
+					gfx_printf(&gfx_con, "%02X", keys[j]);
+				gfx_putc(&gfx_con, '\n');
+
+				gfx_printf(&gfx_con, "%kTSEC root: %k", 0xFF00DDFF, 0xFFCCCCCC);
+				for (u32 j = 0; j < 0x10; j++)
+					gfx_printf(&gfx_con, "%02X", keys[0x10 + j]);
+			}
+			else
+				EPRINTFARGS("ERROR %X", res);
+			gfx_putc(&gfx_con, '\n');
+		}
+		
 	}
 
 	gfx_puts(&gfx_con, "\nPress POWER to dump them to SD Card.\nPress VOL to go to the menu.\n");
diff --git a/bootloader/frontend/fe_tools.c b/bootloader/frontend/fe_tools.c
index 24edab2..587ce7e 100644
--- a/bootloader/frontend/fe_tools.c
+++ b/bootloader/frontend/fe_tools.c
@@ -29,6 +29,7 @@
 #include "../libs/fatfs/ff.h"
 #include "../mem/heap.h"
 #include "../power/max7762x.h"
+#include "../sec/se.h"
 #include "../storage/nx_emmc.h"
 #include "../storage/sdmmc.h"
 #include "../utils/btn.h"
@@ -58,6 +59,9 @@ void dump_packages12()
 	u8 *secmon = (u8 *)calloc(1, 0x40000);
 	u8 *loader = (u8 *)calloc(1, 0x40000);
 	u8 *pkg2 = NULL;
+	u8 kb = 0;
+
+	tsec_ctxt_t tsec_ctxt;
 
 	gfx_clear_partial_grey(&gfx_ctxt, 0x1B, 0, 1256);
 	gfx_con_setpos(&gfx_con, 0, 0);
@@ -82,19 +86,29 @@ void dump_packages12()
 		goto out_free;
 	}
 
-	if (!h_cfg.se_keygen_done)
+	kb = pkg1_id->kb;
+
+	if (!h_cfg.se_keygen_done || kb >= KB_FIRMWARE_VERSION_620)
 	{
+		tsec_ctxt.key_ver = 1;
+		tsec_ctxt.fw = (void *)pkg1 + pkg1_id->tsec_off;
+		tsec_ctxt.pkg1 = (void *)pkg1;
+		tsec_ctxt.pkg11_off = pkg1_id->pkg11_off;
+		tsec_ctxt.secmon_base = pkg1_id->secmon_base;
+
 		// Read keyblob.
 		u8 *keyblob = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1);
-		sdmmc_storage_read(&storage, 0x180000 / NX_EMMC_BLOCKSIZE + pkg1_id->kb, 1, keyblob);
+		sdmmc_storage_read(&storage, 0x180000 / NX_EMMC_BLOCKSIZE + kb, 1, keyblob);
 
 		// Decrypt.
-		keygen(keyblob, pkg1_id->kb, (u8 *)pkg1 + pkg1_id->tsec_off);
+		keygen(keyblob, kb, &tsec_ctxt);
 
 		h_cfg.se_keygen_done = 1;
 		free(keyblob);
 	}
-	pkg1_decrypt(pkg1_id, pkg1);
+
+	if (kb <= KB_FIRMWARE_VERSION_600)
+		pkg1_decrypt(pkg1_id, pkg1);
 
 	pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1);
 
@@ -194,6 +208,9 @@ out_free:
 	sdmmc_storage_end(&storage);
 	sd_unmount();
 
+	if (kb >= KB_FIRMWARE_VERSION_620)
+		se_aes_key_clear(8);
+
 	btn_wait();
 }
 
diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c
index 34e3a52..ccb831a 100644
--- a/bootloader/hos/hos.c
+++ b/bootloader/hos/hos.c
@@ -559,7 +559,7 @@ int hos_launch(ini_sec_t *cfg)
 	_se_lock(ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_600);
 
 	// Reset sysctr0 counters.
-	if (kb >= KB_FIRMWARE_VERSION_620)
+	if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_620)
 		_sysctr0_reset();
 
 	// Free allocated memory.
diff --git a/bootloader/soc/clock.c b/bootloader/soc/clock.c
index 411b593..6673b4c 100644
--- a/bootloader/soc/clock.c
+++ b/bootloader/soc/clock.c
@@ -35,7 +35,7 @@ static const clock_t _clock_i2c[] = {
 /* I2C3 */ { 0 },
 /* I2C4 */ { 0 },
 /* I2C5 */ { CLK_RST_CONTROLLER_RST_DEVICES_H, CLK_RST_CONTROLLER_CLK_OUT_ENB_H, CLK_RST_CONTROLLER_CLK_SOURCE_I2C5, 0xF, 6, 0 },
-	/* I2C6 */ { 0 }
+/* I2C6 */ { 0 }
 };
 
 static clock_t _clock_se = {