nold/hekate
1
0
Fork 0
mirror of https://github.com/CTCaer/hekate synced 2024-07-06 16:33:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

hos: Small refactoring

Browse source
This commit is contained in:
CTCaer 2020-06-14 01:27:08 +03:00
parent 8e836d958f
commit 53325617bb
4 changed files with 72 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
bootloader/hos/hos.c
View file

@ -58,8 +58,8 @@ extern hekate_config h_cfg;
#define PKG2_LOAD_ADDR 0xA9800000 #define PKG2_LOAD_ADDR 0xA9800000
// Secmon mailbox. // Secmon mailbox.
#define SECMON_MB_ADDR 0x40002EF8 #define SECMON_MAILBOX_ADDR 0x40002EF8
#define SECMON7_MB_ADDR 0x400000F8 #define SECMON7_MAILBOX_ADDR 0x400000F8
typedef struct _secmon_mailbox_t typedef struct _secmon_mailbox_t
{ {
// < 4.0.0 Signals - 0: Not ready, 1: BCT ready, 2: DRAM and pkg2 ready, 3: Continue boot. // < 4.0.0 Signals - 0: Not ready, 1: BCT ready, 2: DRAM and pkg2 ready, 3: Continue boot.
@ -70,12 +70,12 @@ typedef struct _secmon_mailbox_t
} secmon_mailbox_t; } secmon_mailbox_t;
static const u8 keyblob_keyseeds[][0x10] = { static const u8 keyblob_keyseeds[][0x10] = {
{ 0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3 }, //1.0.0 { 0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3 }, // 1.0.0.
{ 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, //3.0.0 { 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, // 3.0.0.
{ 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, //3.0.1 { 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, // 3.0.1.
{ 0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE }, //4.0.0 { 0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE }, // 4.0.0.
{ 0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80 }, //5.0.0 { 0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80 }, // 5.0.0.
{ 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } //6.0.0 { 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } // 6.0.0.
}; };
static const u8 cmac_keyseed[0x10] = static const u8 cmac_keyseed[0x10] =
@ -87,7 +87,7 @@ static const u8 master_keyseed_retail[0x10] =
static const u8 console_keyseed[0x10] = static const u8 console_keyseed[0x10] =
{ 0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78 }; { 0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78 };
const u8 package2_keyseed[] = const u8 package2_keyseed[0x10] =
{ 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7 }; { 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7 };
static const u8 master_keyseed_4xx_5xx_610[0x10] = static const u8 master_keyseed_4xx_5xx_610[0x10] =
@ -572,7 +572,6 @@ DPRINTF("Parsed GPT\n");
goto out; goto out;
// Read in package2 header and get package2 real size. // Read in package2 header and get package2 real size.
//TODO: implement memalign for DMA buffers.
static const u32 BCT_SIZE = 0x4000; static const u32 BCT_SIZE = 0x4000;
bctBuf = (u8 *)malloc(BCT_SIZE); bctBuf = (u8 *)malloc(BCT_SIZE);
nx_emmc_part_read(&storage, pkg2_part, BCT_SIZE / NX_EMMC_BLOCKSIZE, 1, bctBuf); nx_emmc_part_read(&storage, pkg2_part, BCT_SIZE / NX_EMMC_BLOCKSIZE, 1, bctBuf);
@ -591,7 +590,7 @@ DPRINTF("pkg2 size aligned is %08X\n", pkg2_size_aligned);
ctxt->pkg2_size = pkg2_size; ctxt->pkg2_size = pkg2_size;
nx_emmc_part_read(&storage, pkg2_part, BCT_SIZE / NX_EMMC_BLOCKSIZE, nx_emmc_part_read(&storage, pkg2_part, BCT_SIZE / NX_EMMC_BLOCKSIZE,
pkg2_size_aligned / NX_EMMC_BLOCKSIZE, ctxt->pkg2); pkg2_size_aligned / NX_EMMC_BLOCKSIZE, ctxt->pkg2);
out:; out:
nx_emmc_gpt_free(&gpt); nx_emmc_gpt_free(&gpt);
sdmmc_storage_end(&storage); sdmmc_storage_end(&storage);
@ -642,11 +641,12 @@ static bool _get_fs_exfat_compatible(link_t *info)
int hos_launch(ini_sec_t *cfg) int hos_launch(ini_sec_t *cfg)
{ {
minerva_change_freq(FREQ_1600); u8 kb;
launch_ctxt_t ctxt; launch_ctxt_t ctxt;
tsec_ctxt_t tsec_ctxt; tsec_ctxt_t tsec_ctxt;
volatile secmon_mailbox_t *secmon_mb; volatile secmon_mailbox_t *secmon_mailbox;
minerva_change_freq(FREQ_1600);
memset(&ctxt, 0, sizeof(launch_ctxt_t)); memset(&ctxt, 0, sizeof(launch_ctxt_t));
memset(&tsec_ctxt, 0, sizeof(tsec_ctxt_t)); memset(&tsec_ctxt, 0, sizeof(tsec_ctxt_t));
list_init(&ctxt.kip1_list); list_init(&ctxt.kip1_list);
@ -657,7 +657,7 @@ int hos_launch(ini_sec_t *cfg)
gfx_clear_grey(0x1B); gfx_clear_grey(0x1B);
gfx_con_setpos(0, 0); gfx_con_setpos(0, 0);
gfx_printf("Initializing...\n\n"); gfx_puts("Initializing...\n\n");
// Read package1 and the correct keyblob. // Read package1 and the correct keyblob.
if (!_read_emmc_pkg1(&ctxt)) if (!_read_emmc_pkg1(&ctxt))
@ -694,14 +694,14 @@ int hos_launch(ini_sec_t *cfg)
{ {
u32 fuses = fuse_read_odm(7); u32 fuses = fuse_read_odm(7);
if ((h_cfg.autonogc && if ((h_cfg.autonogc &&
((!(fuses & ~0xF) && (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_400)) || // LAFW v2. ((!(fuses & ~0xF) && (kb >= KB_FIRMWARE_VERSION_400)) || // LAFW v2.
(!(fuses & ~0x3FF) && (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_900)))) // LAFW v3. (!(fuses & ~0x3FF) && (kb >= KB_FIRMWARE_VERSION_900)))) // LAFW v3.
|| ((emu_cfg.enabled && !h_cfg.emummc_force_disable) && || ((emu_cfg.enabled && !h_cfg.emummc_force_disable) &&
((fuses & 0x400) && (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_810)))) ((fuses & 0x400) && (kb <= KB_FIRMWARE_VERSION_810))))
config_kip1patch(&ctxt, "nogc"); config_kip1patch(&ctxt, "nogc");
} }
gfx_printf("Loaded config, pkg1 and keyblob\n"); gfx_puts("Loaded config, pkg1 and keyblob\n");
// Generate keys. // Generate keys.
if (!h_cfg.se_keygen_done) if (!h_cfg.se_keygen_done)
@ -711,29 +711,29 @@ int hos_launch(ini_sec_t *cfg)
tsec_ctxt.pkg11_off = ctxt.pkg1_id->pkg11_off; tsec_ctxt.pkg11_off = ctxt.pkg1_id->pkg11_off;
tsec_ctxt.secmon_base = ctxt.pkg1_id->secmon_base; tsec_ctxt.secmon_base = ctxt.pkg1_id->secmon_base;
if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_700 && !h_cfg.sept_run) if (kb >= KB_FIRMWARE_VERSION_700 && !h_cfg.sept_run)
{ {
_hos_crit_error("Failed to run sept"); _hos_crit_error("Failed to run sept");
return 0; return 0;
} }
if (!hos_keygen(ctxt.keyblob, ctxt.pkg1_id->kb, &tsec_ctxt, &ctxt)) if (!hos_keygen(ctxt.keyblob, kb, &tsec_ctxt, &ctxt))
return 0; return 0;
gfx_printf("Generated keys\n"); gfx_puts("Generated keys\n");
if (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_600) if (kb <= KB_FIRMWARE_VERSION_600)
h_cfg.se_keygen_done = 1; h_cfg.se_keygen_done = 1;
} }
// Decrypt and unpack package1 if we require parts of it. // Decrypt and unpack package1 if we require parts of it.
if (!ctxt.warmboot || !ctxt.secmon) if (!ctxt.warmboot || !ctxt.secmon)
{ {
if (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_600) if (kb <= KB_FIRMWARE_VERSION_600)
pkg1_decrypt(ctxt.pkg1_id, ctxt.pkg1); pkg1_decrypt(ctxt.pkg1_id, ctxt.pkg1);
if (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_620 && !(emu_cfg.enabled && !h_cfg.emummc_force_disable)) if (kb <= KB_FIRMWARE_VERSION_620 && !(emu_cfg.enabled && !h_cfg.emummc_force_disable))
{ {
pkg1_unpack((void *)ctxt.pkg1_id->warmboot_base, (void *)ctxt.pkg1_id->secmon_base, NULL, ctxt.pkg1_id, ctxt.pkg1); pkg1_unpack((void *)ctxt.pkg1_id->warmboot_base, (void *)ctxt.pkg1_id->secmon_base, NULL, ctxt.pkg1_id, ctxt.pkg1);
gfx_printf("Decrypted & unpacked pkg1\n"); gfx_puts("Decrypted & unpacked pkg1\n");
} }
else else
{ {
@ -747,7 +747,7 @@ int hos_launch(ini_sec_t *cfg)
memcpy((void *)ctxt.pkg1_id->warmboot_base, ctxt.warmboot, ctxt.warmboot_size); memcpy((void *)ctxt.pkg1_id->warmboot_base, ctxt.warmboot, ctxt.warmboot_size);
else else
{ {
if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_700) if (kb >= KB_FIRMWARE_VERSION_700)
{ {
_hos_crit_error("No warmboot provided!"); _hos_crit_error("No warmboot provided!");
return 0; return 0;
@ -774,7 +774,7 @@ int hos_launch(ini_sec_t *cfg)
*(vu32 *)(ctxt.pkg1_id->secmon_base + secmon_patchset[i].off) = secmon_patchset[i].val; *(vu32 *)(ctxt.pkg1_id->secmon_base + secmon_patchset[i].off) = secmon_patchset[i].val;
} }
gfx_printf("Loaded warmboot and secmon\n"); gfx_puts("Loaded warmboot and secmon\n");
// Read package2. // Read package2.
u8 *bootConfigBuf = _read_emmc_pkg2(&ctxt); u8 *bootConfigBuf = _read_emmc_pkg2(&ctxt);
@ -784,24 +784,24 @@ int hos_launch(ini_sec_t *cfg)
return 0; return 0;
} }
gfx_printf("Read pkg2\n"); gfx_puts("Read pkg2\n");
// Decrypt package2 and parse KIP1 blobs in INI1 section. // Decrypt package2 and parse KIP1 blobs in INI1 section.
pkg2_hdr_t *pkg2_hdr = pkg2_decrypt(ctxt.pkg2, ctxt.pkg1_id->kb); pkg2_hdr_t *pkg2_hdr = pkg2_decrypt(ctxt.pkg2, kb);
if (!pkg2_hdr) if (!pkg2_hdr)
{ {
_hos_crit_error("Pkg2 decryption failed!"); _hos_crit_error("Pkg2 decryption failed!");
if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_700) if (kb >= KB_FIRMWARE_VERSION_700)
{ {
EPRINTF("Is Sept updated?"); EPRINTF("Is Sept updated?");
// Clear EKS slot, in case something went wrong with sept keygen. // Clear EKS slot, in case something went wrong with sept keygen.
hos_eks_clear(ctxt.pkg1_id->kb); hos_eks_clear(kb);
} }
return 0; return 0;
} }
else if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_700) else if (kb >= KB_FIRMWARE_VERSION_700)
hos_eks_save(ctxt.pkg1_id->kb); // Save EKS slot if it doesn't exist. hos_eks_save(kb); // Save EKS slot if it doesn't exist.
LIST_INIT(kip1_info); LIST_INIT(kip1_info);
if (!pkg2_parse_kips(&kip1_info, pkg2_hdr, &ctxt.new_pkg2)) if (!pkg2_parse_kips(&kip1_info, pkg2_hdr, &ctxt.new_pkg2))
@ -810,7 +810,7 @@ int hos_launch(ini_sec_t *cfg)
return 0; return 0;
} }
gfx_printf("Parsed ini1\n"); gfx_puts("Parsed ini1\n");
// Use the kernel included in package2 in case we didn't load one already. // Use the kernel included in package2 in case we didn't load one already.
if (!ctxt.kernel) if (!ctxt.kernel)
@ -888,7 +888,7 @@ int hos_launch(ini_sec_t *cfg)
// Rebuild and encrypt package2. // Rebuild and encrypt package2.
pkg2_build_encrypt((void *)PKG2_LOAD_ADDR, ctxt.kernel, ctxt.kernel_size, &kip1_info, ctxt.new_pkg2); pkg2_build_encrypt((void *)PKG2_LOAD_ADDR, ctxt.kernel, ctxt.kernel_size, &kip1_info, ctxt.new_pkg2);
gfx_printf("Rebuilt & loaded pkg2\n"); gfx_puts("Rebuilt & loaded pkg2\n");
gfx_printf("\n%kBooting...%k\n", 0xFF96FF00, 0xFFCCCCCC); gfx_printf("\n%kBooting...%k\n", 0xFF96FF00, 0xFFCCCCCC);
@ -896,19 +896,22 @@ int hos_launch(ini_sec_t *cfg)
se_aes_key_clear(8); se_aes_key_clear(8);
se_aes_key_clear(11); se_aes_key_clear(11);
// Finalize per firmware keys. // Set initial mailbox values.
int bootStateDramPkg2 = 0; int bootStateDramPkg2 = 0;
int bootStatePkg2Continue = 0; int bootStatePkg2Continue = 0;
// Set warmboot PA address ids for 3.0.0 - 3.0.2.
if (kb == KB_FIRMWARE_VERSION_300)
PMC(APBDEV_PMC_SECURE_SCRATCH32) = 0xE3; // Warmboot 3.0.0 PA address id.
else if (kb == KB_FIRMWARE_VERSION_301)
PMC(APBDEV_PMC_SECURE_SCRATCH32) = 0x104; // Warmboot 3.0.1/.2 PA address id.
// Finalize per firmware key access.
switch (ctxt.pkg1_id->kb) switch (ctxt.pkg1_id->kb)
{ {
case KB_FIRMWARE_VERSION_100_200: case KB_FIRMWARE_VERSION_100_200:
case KB_FIRMWARE_VERSION_300: case KB_FIRMWARE_VERSION_300:
case KB_FIRMWARE_VERSION_301: case KB_FIRMWARE_VERSION_301:
if (ctxt.pkg1_id->kb == KB_FIRMWARE_VERSION_300)
PMC(APBDEV_PMC_SECURE_SCRATCH32) = 0xE3; // Warmboot 3.0.0 PA address id.
else if (ctxt.pkg1_id->kb == KB_FIRMWARE_VERSION_301)
PMC(APBDEV_PMC_SECURE_SCRATCH32) = 0x104; // Warmboot 3.0.1/.2 PA address id.
se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG); se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG);
se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG); se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG);
bootStateDramPkg2 = 2; bootStateDramPkg2 = 2;
@ -926,7 +929,7 @@ int hos_launch(ini_sec_t *cfg)
} }
// Clear BCT area for retail units and copy it over if dev unit. // Clear BCT area for retail units and copy it over if dev unit.
if (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_500) if (kb <= KB_FIRMWARE_VERSION_500)
{ {
memset((void *)0x4003D000, 0, 0x3000); memset((void *)0x4003D000, 0, 0x3000);
if ((fuse_read_odm(4) & 3) == 3) if ((fuse_read_odm(4) & 3) == 3)
@ -948,28 +951,28 @@ int hos_launch(ini_sec_t *cfg)
sd_end(); sd_end();
// Finalize MC carveout. // Finalize MC carveout.
if (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_301) if (kb <= KB_FIRMWARE_VERSION_301)
mc_config_carveout(); mc_config_carveout();
// Lock SE before starting 'SecureMonitor' if < 6.2.0, otherwise lock bootrom and ipatches. // Lock SE before starting 'SecureMonitor' if < 6.2.0, otherwise lock bootrom and ipatches.
_se_lock(ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_600); _se_lock(kb <= KB_FIRMWARE_VERSION_600);
// Reset sysctr0 counters. // Reset sysctr0 counters.
if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_620) if (kb >= KB_FIRMWARE_VERSION_620)
_sysctr0_reset(); _sysctr0_reset();
// < 4.0.0 pkg1.1 locks PMC scratches. // < 4.0.0 pkg1.1 locks PMC scratches.
//_pmc_scratch_lock(ctxt.pkg1_id->kb); //_pmc_scratch_lock(kb);
// Set secmon mailbox address. // Set secmon mailbox address.
if (ctxt.pkg1_id->kb >= KB_FIRMWARE_VERSION_700) if (kb >= KB_FIRMWARE_VERSION_700)
secmon_mb = (secmon_mailbox_t *)SECMON7_MB_ADDR; secmon_mailbox = (secmon_mailbox_t *)SECMON7_MAILBOX_ADDR;
else else
secmon_mb = (secmon_mailbox_t *)SECMON_MB_ADDR; secmon_mailbox = (secmon_mailbox_t *)SECMON_MAILBOX_ADDR;
// Start from DRAM ready signal and reset outgoing value. // Start from DRAM ready signal and reset outgoing value.
secmon_mb->in = bootStateDramPkg2; secmon_mailbox->in = bootStateDramPkg2;
secmon_mb->out = 0; secmon_mailbox->out = 0;
// Disable display. This must be executed before secmon to provide support for all fw versions. // Disable display. This must be executed before secmon to provide support for all fw versions.
display_end(); display_end();
@ -990,11 +993,11 @@ int hos_launch(ini_sec_t *cfg)
smmu_exit(); smmu_exit();
else else
ccplex_boot_cpu0(ctxt.pkg1_id->secmon_base); ccplex_boot_cpu0(ctxt.pkg1_id->secmon_base);
while (!secmon_mb->out) while (!secmon_mailbox->out)
; // A usleep(1) only works when in IRAM or with a trained DRAM. ; // A usleep(1) only works when in IRAM or with a trained DRAM.
// Signal pkg2 ready and continue boot. // Signal pkg2 ready and continue boot.
secmon_mb->in = bootStatePkg2Continue; secmon_mailbox->in = bootStatePkg2Continue;
// Halt ourselves in waitevent state and resume if there's JTAG activity. // Halt ourselves in waitevent state and resume if there's JTAG activity.
while (true) while (true)

10
bootloader/hos/pkg2.c
View file

@ -1248,7 +1248,7 @@ const char* pkg2_patch_kips(link_t *info, char* patchNames)
return NULL; return NULL;
} }
static const u8 mkey_keyseed_8xx[][0x10] = static const u8 mkey_vector_8xx[][0x10] =
{ {
// Master key 8 encrypted with 9. (8.1.0 with 9.0.0) // Master key 8 encrypted with 9. (8.1.0 with 9.0.0)
{ 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 }, { 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 },
@ -1286,18 +1286,18 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
// Skip header. // Skip header.
pdata += sizeof(pkg2_hdr_t); pdata += sizeof(pkg2_hdr_t);
//! Check if we need to decrypt with newer mkeys. Valid for sept for 8.1.0 and up. // Check if we need to decrypt with newer mkeys. Valid for sept for 8.1.0 and up.
se_aes_crypt_ctr(8, &mkey_test, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); se_aes_crypt_ctr(8, &mkey_test, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr);
if (mkey_test.magic == PKG2_MAGIC) if (mkey_test.magic == PKG2_MAGIC)
goto key_found; goto key_found;
// Decrypt older pkg2 via new mkeys. // Decrypt older pkg2 via new mkeys.
if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX)) if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX))
{ {
u8 tmp_mkey[0x10]; u8 tmp_mkey[0x10];
u8 decr_slot = 12; // Sept mkey. u8 decr_slot = 12; // Sept mkey.
u8 mkey_seeds_cnt = sizeof(mkey_keyseed_8xx) / 0x10; u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / 0x10;
u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1. u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb); u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb);
@ -1305,7 +1305,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
{ {
// Decrypt and validate mkey. // Decrypt and validate mkey.
int res = _pkg2_key_unwrap_validate(&mkey_test, hdr, decr_slot, int res = _pkg2_key_unwrap_validate(&mkey_test, hdr, decr_slot,
tmp_mkey, mkey_keyseed_8xx[mkey_seeds_idx - 1]); tmp_mkey, mkey_vector_8xx[mkey_seeds_idx - 1]);
if (res) if (res)
{ {

15
nyx/nyx_gui/hos/hos.c
View file

@ -31,7 +31,6 @@
#include "../sec/se_t210.h" #include "../sec/se_t210.h"
#include "../sec/tsec.h" #include "../sec/tsec.h"
#include "../soc/bpmp.h" #include "../soc/bpmp.h"
#include "../soc/cluster.h"
#include "../soc/fuse.h" #include "../soc/fuse.h"
#include "../soc/pmc.h" #include "../soc/pmc.h"
#include "../soc/smmu.h" #include "../soc/smmu.h"
@ -62,12 +61,12 @@ typedef struct _secmon_mailbox_t
} secmon_mailbox_t; } secmon_mailbox_t;
static const u8 keyblob_keyseeds[][0x10] = { static const u8 keyblob_keyseeds[][0x10] = {
{ 0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3 }, //1.0.0 { 0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3 }, // 1.0.0.
{ 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, //3.0.0 { 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, // 3.0.0.
{ 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, //3.0.1 { 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, // 3.0.1.
{ 0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE }, //4.0.0 { 0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE }, // 4.0.0.
{ 0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80 }, //5.0.0 { 0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80 }, // 5.0.0.
{ 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } //6.0.0 { 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } // 6.0.0.
}; };
static const u8 cmac_keyseed[0x10] = static const u8 cmac_keyseed[0x10] =
@ -79,7 +78,7 @@ static const u8 master_keyseed_retail[0x10] =
static const u8 console_keyseed[0x10] = static const u8 console_keyseed[0x10] =
{ 0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78 }; { 0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78 };
const u8 package2_keyseed[] = const u8 package2_keyseed[0x10] =
{ 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7 }; { 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7 };
static const u8 master_keyseed_4xx_5xx_610[0x10] = static const u8 master_keyseed_4xx_5xx_610[0x10] =

10
nyx/nyx_gui/hos/pkg2.c
View file

@ -110,7 +110,7 @@ DPRINTF(" kip1 %d:%s @ %08X (%08X)\n", i, kip1->name, (u32)kip1, ki->size);
return true; return true;
} }
static const u8 mkey_keyseed_8xx[][0x10] = static const u8 mkey_vector_8xx[][0x10] =
{ {
// Master key 8 encrypted with 9. (8.1.0 with 9.0.0) // Master key 8 encrypted with 9. (8.1.0 with 9.0.0)
{ 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 }, { 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 },
@ -148,18 +148,18 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
// Skip header. // Skip header.
pdata += sizeof(pkg2_hdr_t); pdata += sizeof(pkg2_hdr_t);
//! Check if we need to decrypt with newer mkeys. Valid for sept for 8.1.0 and up. // Check if we need to decrypt with newer mkeys. Valid for sept for 8.1.0 and up.
se_aes_crypt_ctr(8, &mkey_test, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); se_aes_crypt_ctr(8, &mkey_test, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr);
if (mkey_test.magic == PKG2_MAGIC) if (mkey_test.magic == PKG2_MAGIC)
goto key_found; goto key_found;
// Decrypt older pkg2 via new mkeys. // Decrypt older pkg2 via new mkeys.
if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX)) if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX))
{ {
u8 tmp_mkey[0x10]; u8 tmp_mkey[0x10];
u8 decr_slot = 12; // Sept mkey. u8 decr_slot = 12; // Sept mkey.
u8 mkey_seeds_cnt = sizeof(mkey_keyseed_8xx) / 0x10; u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / 0x10;
u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1. u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb); u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb);
@ -167,7 +167,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
{ {
// Decrypt and validate mkey. // Decrypt and validate mkey.
int res = _pkg2_key_unwrap_validate(&mkey_test, hdr, decr_slot, int res = _pkg2_key_unwrap_validate(&mkey_test, hdr, decr_slot,
tmp_mkey, mkey_keyseed_8xx[mkey_seeds_idx - 1]); tmp_mkey, mkey_vector_8xx[mkey_seeds_idx - 1]);
if (res) if (res)
{ {