hos: Header for pkg2 is now more proper

bootloader/hos/hos.c

@@ -864,7 +864,7 @@ int hos_launch(ini_sec_t *cfg)
 	}
 
 	// Rebuild and encrypt package2.
-	pkg2_build_encrypt((void *)PKG2_LOAD_ADDR, ctxt.kernel, ctxt.kernel_size, &kip1_info, ctxt.new_pkg2);
+	pkg2_build_encrypt((void *)PKG2_LOAD_ADDR, ctxt.kernel, ctxt.kernel_size, &kip1_info, ctxt.new_pkg2, kb);
 
 	gfx_puts("Rebuilt & loaded pkg2\n");
 
@@ -885,7 +885,7 @@ int hos_launch(ini_sec_t *cfg)
 		PMC(APBDEV_PMC_SECURE_SCRATCH32) = 0x104; // Warmboot 3.0.1/.2 PA address id.
 
 	// Finalize per firmware key access.
-	switch (ctxt.pkg1_id->kb)
+	switch (kb)
 	{
 	case KB_FIRMWARE_VERSION_100_200:
 	case KB_FIRMWARE_VERSION_300:

bootloader/hos/pkg2.c

@@ -1395,7 +1395,7 @@ DPRINTF("adding kip1 '%s' @ %08X (%08X)\n", ki->kip1->name, (u32)ki->kip1, ki->s
 	return ini1_size;
 }
 
-void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info, bool new_pkg2)
+void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info, bool new_pkg2, u8 kb)
 {
 	u8 *pdst = (u8 *)dst;
 
@@ -1406,14 +1406,20 @@ void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_i
 	// Header.
 	pkg2_hdr_t *hdr = (pkg2_hdr_t *)pdst;
 	memset(hdr, 0, sizeof(pkg2_hdr_t));
-	pdst += sizeof(pkg2_hdr_t);
+
+	// Set initial header values.
 	hdr->magic = PKG2_MAGIC;
+	hdr->bl_ver = 0;
+	hdr->pkg2_ver = 0xFF;
+
 	if (!new_pkg2)
 		hdr->base = 0x10000000;
 	else
 		hdr->base = 0x60000;
 DPRINTF("kernel @ %08X (%08X)\n", (u32)kernel, kernel_size);
 
+	pdst += sizeof(pkg2_hdr_t);
+
 	// Kernel.
 	memcpy(pdst, kernel, kernel_size);
 	if (!new_pkg2)
@@ -1436,9 +1442,20 @@ DPRINTF("kernel encrypted\n");
 		ini1_size = _pkg2_ini1_build(pdst, hdr, kips_info, new_pkg2);
 DPRINTF("INI1 encrypted\n");
 
+	// Calculate SHA256 over encrypted Kernel and INI1.
+	u8 *pk2_hash_data = (u8 *)dst + 0x100 + sizeof(pkg2_hdr_t);
+	se_calc_sha256_oneshot(&hdr->sec_sha256[0x20 * PKG2_SEC_KERNEL],
+		(void *)pk2_hash_data, hdr->sec_size[PKG2_SEC_KERNEL]);
+	pk2_hash_data += hdr->sec_size[PKG2_SEC_KERNEL];
+	se_calc_sha256_oneshot(&hdr->sec_sha256[0x20 * PKG2_SEC_INI1],
+		(void *)pk2_hash_data, hdr->sec_size[PKG2_SEC_INI1]);
+
 	//Encrypt header.
+	u8 key_ver = kb ? kb + 1 : 0;
 	*(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + ini1_size;
+	hdr->ctr[4] = key_ver;
 	se_aes_crypt_ctr(8, hdr, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr);
 	memset(hdr->ctr, 0 , 0x10);
 	*(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + ini1_size;
+	hdr->ctr[4] = key_ver;
 }

bootloader/hos/pkg2.h

@@ -68,7 +68,8 @@ typedef struct _pkg2_hdr_t
 	u32 magic;
 	u32 base;
 	u32 pad0;
-	u16 version;
+	u8  pkg2_ver;
+	u8  bl_ver;
 	u16 pad1;
 	u32 sec_size[4];
 	u32 sec_off[4];
@@ -154,6 +155,6 @@ const char* pkg2_patch_kips(link_t *info, char* patchNames);
 
 const pkg2_kernel_id_t *pkg2_identify(u8 *hash);
 pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb);
-void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info, bool new_pkg2);
+void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info, bool new_pkg2, u8 kb);
 
 #endif

nyx/nyx_gui/hos/pkg2.h

@@ -41,7 +41,8 @@ typedef struct _pkg2_hdr_t
 	u32 magic;
 	u32 base;
 	u32 pad0;
-	u16 version;
+	u8  pkg2_ver;
+	u8  bl_ver;
 	u16 pad1;
 	u32 sec_size[4];
 	u32 sec_off[4];