mirror of
https://github.com/CTCaer/hekate
synced 2024-11-16 00:49:27 +00:00
hos: Support new sept/exo keyslots
This commit is contained in:
parent
f7f99bddab
commit
d607a8830b
8 changed files with 105 additions and 47 deletions
|
@ -47,10 +47,9 @@ void set_default_configuration()
|
|||
h_cfg.errors = 0;
|
||||
h_cfg.eks = NULL;
|
||||
h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN;
|
||||
h_cfg.aes_slots_new = false;
|
||||
h_cfg.rcm_patched = fuse_check_patched_rcm();
|
||||
h_cfg.emummc_force_disable = false;
|
||||
|
||||
sd_power_cycle_time_start = 0;
|
||||
}
|
||||
|
||||
int create_config_entry()
|
||||
|
|
|
@ -35,6 +35,7 @@ typedef struct _hekate_config
|
|||
// Global temporary config.
|
||||
bool se_keygen_done;
|
||||
bool sept_run;
|
||||
bool aes_slots_new;
|
||||
bool emummc_force_disable;
|
||||
bool rcm_patched;
|
||||
u32 errors;
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
#include "../storage/nx_emmc.h"
|
||||
#include "../storage/nx_sd.h"
|
||||
#include "../storage/sdmmc.h"
|
||||
#include "../utils/btn.h"
|
||||
#include "../utils/util.h"
|
||||
#include "../gfx/gfx.h"
|
||||
|
||||
|
@ -272,8 +273,16 @@ void hos_eks_save(u32 kb)
|
|||
memcpy(h_cfg.eks->dkg, keys + 10 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->dkk, keys + 15 * 0x10, 0x10);
|
||||
|
||||
memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * 0x10, 0x10);
|
||||
if (!h_cfg.aes_slots_new)
|
||||
{
|
||||
memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * 0x10, 0x10);
|
||||
}
|
||||
else // New sept slots.
|
||||
{
|
||||
memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 13 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 12 * 0x10, 0x10);
|
||||
}
|
||||
|
||||
// Encrypt EKS blob.
|
||||
u8 *eks = calloc(512 , 1);
|
||||
|
@ -386,17 +395,29 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
|
|||
se_aes_key_set(10, h_cfg.eks->dkg, 0x10);
|
||||
// Set Device key to slot 15.
|
||||
se_aes_key_set(15, h_cfg.eks->dkk, 0x10);
|
||||
// Set Master key to slot 12.
|
||||
se_aes_key_set(12, h_cfg.eks->keys[key_idx].mkk, 0x10);
|
||||
// Set FW Device key key to slot 13.
|
||||
se_aes_key_set(13, h_cfg.eks->keys[key_idx].fdk, 0x10);
|
||||
|
||||
// Lock FDK.
|
||||
se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
|
||||
if (!h_cfg.aes_slots_new)
|
||||
{
|
||||
// Set Master key to slot 12.
|
||||
se_aes_key_set(12, h_cfg.eks->keys[key_idx].mkk, 0x10);
|
||||
// Set FW Device key key to slot 13.
|
||||
se_aes_key_set(13, h_cfg.eks->keys[key_idx].fdk, 0x10);
|
||||
// Lock FDK.
|
||||
se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
|
||||
}
|
||||
else // New exosphere.
|
||||
{
|
||||
// Set Master key to slot 13.
|
||||
se_aes_key_set(13, h_cfg.eks->keys[key_idx].mkk, 0x10);
|
||||
// Set FW Device key key to slot 12.
|
||||
se_aes_key_set(12, h_cfg.eks->keys[key_idx].fdk, 0x10);
|
||||
// Lock FDK.
|
||||
se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
|
||||
}
|
||||
}
|
||||
|
||||
se_aes_key_clear(8);
|
||||
se_aes_unwrap_key(8, 12, package2_keyseed);
|
||||
se_aes_unwrap_key(8, !h_cfg.aes_slots_new ? 12 : 13, package2_keyseed);
|
||||
}
|
||||
else if (kb == KB_FIRMWARE_VERSION_620)
|
||||
{
|
||||
|
@ -422,11 +443,20 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
|
|||
se_aes_unwrap_key(15, 15, console_keyseed);
|
||||
|
||||
se_aes_unwrap_key(13, 13, master_keyseed_620);
|
||||
se_aes_unwrap_key(12, 13, master_keyseed_retail);
|
||||
se_aes_unwrap_key(14, 13, master_keyseed_4xx_5xx_610);
|
||||
|
||||
if (!h_cfg.aes_slots_new)
|
||||
{
|
||||
se_aes_unwrap_key(14, 13, master_keyseed_4xx_5xx_610);
|
||||
se_aes_unwrap_key(12, 13, master_keyseed_retail);
|
||||
}
|
||||
else // New exosphere.
|
||||
{
|
||||
se_aes_unwrap_key(12, 13, master_keyseed_4xx_5xx_610);
|
||||
se_aes_unwrap_key(13, 13, master_keyseed_retail);
|
||||
}
|
||||
|
||||
// Package2 key.
|
||||
se_aes_unwrap_key(8, 12, package2_keyseed);
|
||||
se_aes_unwrap_key(8, !h_cfg.aes_slots_new ? 12 : 13, package2_keyseed);
|
||||
|
||||
h_cfg.se_keygen_done = 1;
|
||||
}
|
||||
|
@ -465,32 +495,42 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
|
|||
|
||||
se_aes_crypt_block_ecb(12, 0, tmp, master_keyseed_retail);
|
||||
|
||||
switch (kb)
|
||||
if (!h_cfg.aes_slots_new)
|
||||
{
|
||||
switch (kb)
|
||||
{
|
||||
case KB_FIRMWARE_VERSION_100_200:
|
||||
case KB_FIRMWARE_VERSION_300:
|
||||
case KB_FIRMWARE_VERSION_301:
|
||||
se_aes_unwrap_key(13, 15, console_keyseed);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_retail);
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_400:
|
||||
se_aes_unwrap_key(13, 15, console_keyseed_4xx_5xx);
|
||||
se_aes_unwrap_key(15, 15, console_keyseed);
|
||||
se_aes_unwrap_key(14, 12, master_keyseed_4xx_5xx_610);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_retail);
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_500:
|
||||
case KB_FIRMWARE_VERSION_600:
|
||||
se_aes_unwrap_key(10, 15, console_keyseed_4xx_5xx);
|
||||
se_aes_unwrap_key(15, 15, console_keyseed);
|
||||
se_aes_unwrap_key(14, 12, master_keyseed_4xx_5xx_610);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_retail);
|
||||
break;
|
||||
}
|
||||
}
|
||||
else // New exosphere.
|
||||
{
|
||||
case KB_FIRMWARE_VERSION_100_200:
|
||||
case KB_FIRMWARE_VERSION_300:
|
||||
case KB_FIRMWARE_VERSION_301:
|
||||
se_aes_unwrap_key(13, 15, console_keyseed);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_retail);
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_400:
|
||||
se_aes_unwrap_key(13, 15, console_keyseed_4xx_5xx);
|
||||
se_aes_unwrap_key(15, 15, console_keyseed);
|
||||
se_aes_unwrap_key(14, 12, master_keyseed_4xx_5xx_610);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_retail);
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_500:
|
||||
case KB_FIRMWARE_VERSION_600:
|
||||
se_aes_unwrap_key(10, 15, console_keyseed_4xx_5xx);
|
||||
se_aes_unwrap_key(15, 15, console_keyseed);
|
||||
se_aes_unwrap_key(14, 12, master_keyseed_4xx_5xx_610);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_retail);
|
||||
break;
|
||||
se_aes_unwrap_key(13, 12, master_keyseed_retail);
|
||||
se_aes_unwrap_key(12, 12, master_keyseed_4xx_5xx_610);
|
||||
}
|
||||
|
||||
// Package2 key.
|
||||
se_key_acc_ctrl(8, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
|
||||
se_aes_unwrap_key(8, 12, package2_keyseed);
|
||||
se_aes_unwrap_key(8, !h_cfg.aes_slots_new ? 12 : 13, package2_keyseed);
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
@ -989,5 +1029,6 @@ int hos_launch(ini_sec_t *cfg)
|
|||
|
||||
error:
|
||||
sdmmc_storage_end(&emmc_storage);
|
||||
h_cfg.aes_slots_new = false;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1296,7 +1296,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
|
|||
if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX))
|
||||
{
|
||||
u8 tmp_mkey[0x10];
|
||||
u8 decr_slot = 12; // Sept mkey.
|
||||
u8 decr_slot = !h_cfg.aes_slots_new ? 12 : 13; // Sept mkey.
|
||||
u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / 0x10;
|
||||
u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
|
||||
u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb);
|
||||
|
@ -1327,7 +1327,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
|
|||
{
|
||||
mkey_seeds_cnt--;
|
||||
mkey_seeds_idx = mkey_seeds_cnt;
|
||||
decr_slot = 12; // Sept mkey.
|
||||
decr_slot = !h_cfg.aes_slots_new ? 12 : 13; // Sept mkey.
|
||||
}
|
||||
|
||||
// Out of keys. pkg2 is latest or process failed.
|
||||
|
|
|
@ -38,7 +38,6 @@ void set_default_configuration()
|
|||
h_cfg.autoboot_list = 0;
|
||||
h_cfg.bootwait = 3;
|
||||
h_cfg.se_keygen_done = 0;
|
||||
h_cfg.sbar_time_keeping = 0;
|
||||
h_cfg.backlight = 100;
|
||||
h_cfg.autohosoff = 0;
|
||||
h_cfg.autonogc = 1;
|
||||
|
@ -48,6 +47,7 @@ void set_default_configuration()
|
|||
h_cfg.errors = 0;
|
||||
h_cfg.eks = NULL;
|
||||
h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN;
|
||||
h_cfg.aes_slots_new = false;
|
||||
h_cfg.rcm_patched = fuse_check_patched_rcm();
|
||||
h_cfg.emummc_force_disable = false;
|
||||
|
||||
|
|
|
@ -35,9 +35,9 @@ typedef struct _hekate_config
|
|||
// Global temporary config.
|
||||
bool se_keygen_done;
|
||||
bool sept_run;
|
||||
bool aes_slots_new;
|
||||
bool emummc_force_disable;
|
||||
bool rcm_patched;
|
||||
u32 sbar_time_keeping;
|
||||
u32 errors;
|
||||
hos_eks_mbr_t *eks;
|
||||
} hekate_config;
|
||||
|
|
|
@ -181,8 +181,16 @@ void hos_eks_save(u32 kb)
|
|||
memcpy(h_cfg.eks->dkg, keys + 10 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->dkk, keys + 15 * 0x10, 0x10);
|
||||
|
||||
memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * 0x10, 0x10);
|
||||
if (!h_cfg.aes_slots_new)
|
||||
{
|
||||
memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * 0x10, 0x10);
|
||||
}
|
||||
else // New sept slots.
|
||||
{
|
||||
memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 13 * 0x10, 0x10);
|
||||
memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 12 * 0x10, 0x10);
|
||||
}
|
||||
|
||||
// Encrypt EKS blob.
|
||||
u8 *eks = calloc(512 , 1);
|
||||
|
@ -242,7 +250,7 @@ out:
|
|||
|
||||
int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
||||
{
|
||||
u8 tmp[0x20];
|
||||
u8 tmp[0x30];
|
||||
u32 retries = 0;
|
||||
|
||||
if (kb > KB_FIRMWARE_VERSION_MAX)
|
||||
|
@ -300,9 +308,11 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
|||
// Set Device key to slot 15.
|
||||
se_aes_key_set(15, h_cfg.eks->dkk, 0x10);
|
||||
}
|
||||
else
|
||||
h_cfg.aes_slots_new = se_key_acc_ctrl_get(12) == 0x6A;
|
||||
|
||||
se_aes_key_clear(8);
|
||||
se_aes_unwrap_key(8, 12, package2_keyseed);
|
||||
se_aes_unwrap_key(8, !h_cfg.aes_slots_new ? 12 : 13, package2_keyseed);
|
||||
}
|
||||
else if (kb == KB_FIRMWARE_VERSION_620)
|
||||
{
|
||||
|
@ -311,11 +321,16 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
|||
// Set TSEC root key.
|
||||
se_aes_key_set(13, tmp + 0x10, 0x10);
|
||||
|
||||
// Decrypt keyblob and set keyslots
|
||||
se_aes_crypt_block_ecb(12, 0, tmp + 0x20, keyblob_keyseeds[0]);
|
||||
se_aes_unwrap_key(15, 14, tmp + 0x20);
|
||||
se_aes_unwrap_key(10, 15, console_keyseed_4xx_5xx);
|
||||
se_aes_unwrap_key(15, 15, console_keyseed);
|
||||
|
||||
// Package2 key.
|
||||
se_aes_key_set(8, tmp + 0x10, 0x10);
|
||||
se_aes_unwrap_key(8, 8, master_keyseed_620);
|
||||
se_aes_unwrap_key(8, 8, master_keyseed_retail);
|
||||
se_aes_unwrap_key(8, 8, package2_keyseed);
|
||||
se_aes_unwrap_key(8, 13, master_keyseed_620);
|
||||
se_aes_unwrap_key(9, 8, master_keyseed_retail);
|
||||
se_aes_unwrap_key(8, 9, package2_keyseed);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
#include "pkg2.h"
|
||||
#include "hos.h"
|
||||
|
||||
#include "../config/config.h"
|
||||
#include "../libs/fatfs/ff.h"
|
||||
#include "../utils/aarch64_util.h"
|
||||
#include "../mem/heap.h"
|
||||
|
@ -28,6 +29,7 @@
|
|||
|
||||
#include "../gfx/gfx.h"
|
||||
|
||||
extern hekate_config h_cfg;
|
||||
extern const u8 package2_keyseed[];
|
||||
|
||||
u32 pkg2_newkern_ini1_val;
|
||||
|
@ -158,7 +160,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
|
|||
if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX))
|
||||
{
|
||||
u8 tmp_mkey[0x10];
|
||||
u8 decr_slot = 12; // Sept mkey.
|
||||
u8 decr_slot = !h_cfg.aes_slots_new ? 12 : 13; // Sept mkey.
|
||||
u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / 0x10;
|
||||
u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
|
||||
u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb);
|
||||
|
@ -189,7 +191,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
|
|||
{
|
||||
mkey_seeds_cnt--;
|
||||
mkey_seeds_idx = mkey_seeds_cnt;
|
||||
decr_slot = 12; // Sept mkey.
|
||||
decr_slot = !h_cfg.aes_slots_new ? 12 : 13; // Sept mkey.
|
||||
}
|
||||
|
||||
// Out of keys. pkg2 is latest or process failed.
|
||||
|
|
Loading…
Reference in a new issue