Make tsec checks faster and cover unluckiest cases

+ changes for readability
This commit is contained in:
Kostas Missos 2018-12-16 16:55:56 +02:00
parent 30d3c76655
commit 5ed875ce90
4 changed files with 17 additions and 4 deletions

View file

@ -184,8 +184,12 @@ int keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
memset(tmp, 0x00, 0x20); memset(tmp, 0x00, 0x20);
retries++; retries++;
if (retries > 3) // We rely on racing conditions, make sure we cover even the unluckiest cases.
if (retries > 15)
{
gfx_printf(&gfx_con, "%k\nFailed to get TSEC keys. Please try again.%k\n\n", 0xFFFF0000, 0xFFCCCCCC);
return 0; return 0;
}
} }
if (kb >= KB_FIRMWARE_VERSION_620) if (kb >= KB_FIRMWARE_VERSION_620)

View file

@ -32,6 +32,8 @@
#define KB_FIRMWARE_VERSION_620 6 #define KB_FIRMWARE_VERSION_620 6
#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_620 #define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_620
#define HOS_PKG11_MAGIC 0x31314B50
typedef struct _launch_ctxt_t typedef struct _launch_ctxt_t
{ {
void *keyblob; void *keyblob;

View file

@ -64,6 +64,7 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
int res = 0; int res = 0;
u8 *fwbuf = NULL; u8 *fwbuf = NULL;
u32 *pdir, *car, *fuse, *pmc, *flowctrl, *se, *mc, *iram, *evec; u32 *pdir, *car, *fuse, *pmc, *flowctrl, *se, *mc, *iram, *evec;
u32 *pkg11_magic_off;
//Enable clocks. //Enable clocks.
clock_enable_host1x(); clock_enable_host1x();
@ -161,6 +162,8 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
// IRAM // IRAM
iram = page_alloc(0x30); iram = page_alloc(0x30);
memcpy(iram, tsec_ctxt->pkg1, 0x30000); memcpy(iram, tsec_ctxt->pkg1, 0x30000);
// PKG1.1 magic offset.
pkg11_magic_off = (u32 *)(iram + ((tsec_ctxt->pkg11_off + 0x20) / 4));
smmu_map(pdir, 0x40010000, (u32)iram, 0x30, _READABLE | _WRITABLE | _NONSECURE); smmu_map(pdir, 0x40010000, (u32)iram, 0x30, _READABLE | _WRITABLE | _NONSECURE);
// Exception vectors // Exception vectors
@ -216,16 +219,17 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
u32 key[16] = {0}; u32 key[16] = {0};
u32 kidx = 0; u32 kidx = 0;
while (memcmp((u8 *)(iram + ((tsec_ctxt->pkg11_off + 0x20) / 4)), "PK11", 4)) while (*pkg11_magic_off != HOS_PKG11_MAGIC)
{ {
smmu_flush_all(); smmu_flush_all();
if (k == se[SE_KEYTABLE_DATA0_REG_OFFSET / 4]) if (k == se[SE_KEYTABLE_DATA0_REG_OFFSET / 4])
continue; continue;
k = se[SE_KEYTABLE_DATA0_REG_OFFSET / 4]; k = se[SE_KEYTABLE_DATA0_REG_OFFSET / 4];
key[kidx++] = k; key[kidx++] = k;
// Failsafe. // Failsafe.
if ((u32)get_tmr_us() - start > 500000) if ((u32)get_tmr_us() - start > 125000)
break; break;
} }
@ -237,6 +241,9 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
goto out; goto out;
} }
// Give some extra time to make sure PKG1.1 is decrypted.
msleep(50);
memcpy(tsec_keys, &key, 0x20); memcpy(tsec_keys, &key, 0x20);
memcpy(tsec_ctxt->pkg1, iram, 0x30000); memcpy(tsec_ctxt->pkg1, iram, 0x30000);

View file

@ -94,7 +94,7 @@ void smmu_enable()
cluster_boot_cpu0((u32)smmu_payload); cluster_boot_cpu0((u32)smmu_payload);
smmu_used = true; smmu_used = true;
msleep(100); msleep(150);
smmu_flush_all(); smmu_flush_all();
} }