sept: Disallow sept if improper BCT to avoid black screen

This commit is contained in:
CTCaer 2021-02-06 03:24:58 +02:00
parent 0857d7ff0e
commit ea83566fc9
5 changed files with 50 additions and 71 deletions

View file

@ -55,6 +55,7 @@ u8 warmboot_reboot[] = {
}; };
#define SEPT_PRI_ADDR 0x4003F000 #define SEPT_PRI_ADDR 0x4003F000
#define SEPT_PRI_ENTRY 0x40010340
#define SEPT_PK1T_ADDR 0xC0400000 #define SEPT_PK1T_ADDR 0xC0400000
#define SEPT_TCSZ_ADDR (SEPT_PK1T_ADDR - 0x4) #define SEPT_TCSZ_ADDR (SEPT_PK1T_ADDR - 0x4)
@ -127,6 +128,17 @@ void check_sept(ini_sec_t *cfg_sec)
goto out_free; goto out_free;
} }
u8 *bct_bldr = (u8 *)calloc(1, 512);
sdmmc_storage_read(&emmc_storage, 0x2200 / NX_EMMC_BLOCKSIZE, 1, &bct_bldr);
u32 bootloader_entrypoint = *(u32 *)&bct_bldr[0x144];
free(bct_bldr);
if (bootloader_entrypoint > SEPT_PRI_ENTRY)
{
gfx_con.mute = false;
EPRINTF("Failed to run sept\n""Main BCT is improper!\nRun sept with proper BCT at least once\nto cache keys.");
goto out_free;
}
sdmmc_storage_end(&emmc_storage); sdmmc_storage_end(&emmc_storage);
reboot_to_sept((u8 *)pkg1 + pkg1_id->tsec_off, pkg1_id->kb, cfg_sec); reboot_to_sept((u8 *)pkg1 + pkg1_id->tsec_off, pkg1_id->kb, cfg_sec);
} }

View file

@ -312,7 +312,13 @@ static lv_res_t _create_mbox_cal0(lv_obj_t *btn)
u32 bootloader_offset = BOOTLOADER_MAIN_OFFSET; u32 bootloader_offset = BOOTLOADER_MAIN_OFFSET;
u32 pk1_offset = h_cfg.t210b01 ? sizeof(bl_hdr_t210b01_t) : 0; // Skip T210B01 OEM header. u32 pk1_offset = h_cfg.t210b01 ? sizeof(bl_hdr_t210b01_t) : 0; // Skip T210B01 OEM header.
u8 *pkg1 = (u8 *)malloc(BOOTLOADER_SIZE); u8 *pkg1 = (u8 *)malloc(BOOTLOADER_SIZE);
sdmmc_storage_init_mmc(&emmc_storage, &emmc_sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400);
if (!sdmmc_storage_init_mmc(&emmc_storage, &emmc_sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400))
{
lv_label_set_text(lb_desc, "#FFDD00 Failed to init eMMC!#");
goto out;
}
sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0); sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0);
try_load: try_load:
@ -326,7 +332,7 @@ try_load:
if (!pkg1_id) if (!pkg1_id)
{ {
strcat(txt_buf, "#FFDD00 Unknown pkg1 version for reading#\n#FFDD00 TSEC firmware!#\n"); strcat(txt_buf, "#FFDD00 Unknown pkg1 version!#\n");
// Try backup bootloader. // Try backup bootloader.
if (bootloader_offset != BOOTLOADER_BACKUP_OFFSET) if (bootloader_offset != BOOTLOADER_BACKUP_OFFSET)
{ {
@ -363,6 +369,19 @@ try_load:
h_cfg.sept_run = true; h_cfg.sept_run = true;
else else
{ {
// Check that BCT is proper so sept can run.
u8 *bct_bldr = (u8 *)calloc(1, 512);
sdmmc_storage_read(&emmc_storage, 0x2200 / NX_EMMC_BLOCKSIZE, 1, &bct_bldr);
u32 bootloader_entrypoint = *(u32 *)&bct_bldr[0x144];
free(bct_bldr);
if (bootloader_entrypoint > SEPT_PRI_ENTRY)
{
lv_label_set_text(lb_desc, "#FFDD00 Failed to run sept because main BCT is improper!#\n"
"#FFDD00 Run sept with proper BCT at least once to cache keys.#\n");
goto out;
}
// Set boot cfg.
b_cfg->autoboot = 0; b_cfg->autoboot = 0;
b_cfg->autoboot_list = 0; b_cfg->autoboot_list = 0;
b_cfg->extra_cfg = EXTRA_CFG_NYX_BIS; b_cfg->extra_cfg = EXTRA_CFG_NYX_BIS;

View file

@ -1160,6 +1160,19 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
h_cfg.sept_run = true; h_cfg.sept_run = true;
else else
{ {
// Check that BCT is proper so sept can run.
u8 *bct_bldr = (u8 *)calloc(1, 512);
sdmmc_storage_read(&emmc_storage, 0x2200 / NX_EMMC_BLOCKSIZE, 1, &bct_bldr);
u32 bootloader_entrypoint = *(u32 *)&bct_bldr[0x144];
free(bct_bldr);
if (bootloader_entrypoint > SEPT_PRI_ENTRY)
{
lv_label_set_text(lb_desc, "#FFDD00 Failed to run sept because main BCT is improper!#\n"
"#FFDD00 Run sept with proper BCT at least once to cache keys.#\n");
goto out_free;
}
// Set boot cfg.
b_cfg->autoboot = 0; b_cfg->autoboot = 0;
b_cfg->autoboot_list = 0; b_cfg->autoboot_list = 0;
b_cfg->extra_cfg = EXTRA_CFG_NYX_DUMP; b_cfg->extra_cfg = EXTRA_CFG_NYX_DUMP;

View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2019 CTCaer * Copyright (c) 2019-2021 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -68,72 +68,6 @@ extern volatile nyx_storage_t *nyx_str;
extern bool is_ipl_updated(void *buf); extern bool is_ipl_updated(void *buf);
extern void reloc_patcher(u32 payload_dst, u32 payload_src, u32 payload_size); extern void reloc_patcher(u32 payload_dst, u32 payload_src, u32 payload_size);
void check_sept()
{
if (h_cfg.t210b01)
{
h_cfg.sept_run = true;
return;
}
hos_eks_get();
// Check if non-hekate payload is used for sept and restore it.
if (h_cfg.sept_run)
{
if (!f_stat("sept/payload.bak", NULL))
{
f_unlink("sept/payload.bin");
f_rename("sept/payload.bak", "sept/payload.bin");
}
return;
}
u8 *pkg1 = (u8 *)calloc(1, 0x40000);
sdmmc_storage_t storage;
sdmmc_t sdmmc;
if (!sdmmc_storage_init_mmc(&storage, &sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400))
{
EPRINTF("Failed to init eMMC.");
goto out_free;
}
sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0);
// Read package1.
char *build_date = malloc(32);
sdmmc_storage_read(&storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1);
const pkg1_id_t *pkg1_id = pkg1_identify(pkg1, build_date);
free(build_date);
if (!pkg1_id)
{
EPRINTF("Unknown pkg1 version.");
goto out_free;
}
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_700 && !h_cfg.sept_run)
{
u32 key_idx = 0;
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_810)
key_idx = 1;
if (h_cfg.eks && h_cfg.eks->enabled[key_idx] >= pkg1_id->kb)
{
h_cfg.sept_run = true;
goto out_free;
}
sdmmc_storage_end(&storage);
reboot_to_sept((u8 *)pkg1 + pkg1_id->tsec_off, pkg1_id->kb);
}
out_free:
free(pkg1);
sdmmc_storage_end(&storage);
}
int reboot_to_sept(const u8 *tsec_fw, u32 kb) int reboot_to_sept(const u8 *tsec_fw, u32 kb)
{ {
FIL fp; FIL fp;

View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2019 CTCaer * Copyright (c) 2019-2021 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -19,7 +19,8 @@
#include <utils/types.h> #include <utils/types.h>
void check_sept(); #define SEPT_PRI_ENTRY 0x40010340
int reboot_to_sept(const u8 *tsec_fw, u32 kb); int reboot_to_sept(const u8 *tsec_fw, u32 kb);
#endif #endif