Revert "hoc-clk: add live vdd2, live boost clock and basic pwm dimming"

This reverts commit 15b7df8ef1.
This commit is contained in:
souldbminersmwc
2025-11-09 16:14:52 -05:00
parent 22ec140738
commit 21a3f953d7
3804 changed files with 435 additions and 570162 deletions

View File

@@ -1,703 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
constexpr inline int AesKeySizeMax = 256 / BITSIZEOF(u8);
enum AesMode {
AesMode_Aes128 = ((SE_CONFIG_ENC_MODE_AESMODE_KEY128 << SE_CONFIG_ENC_MODE_OFFSET) | (SE_CONFIG_DEC_MODE_AESMODE_KEY128 << SE_CONFIG_DEC_MODE_OFFSET)) >> SE_CONFIG_DEC_MODE_OFFSET,
AesMode_Aes192 = ((SE_CONFIG_ENC_MODE_AESMODE_KEY192 << SE_CONFIG_ENC_MODE_OFFSET) | (SE_CONFIG_DEC_MODE_AESMODE_KEY192 << SE_CONFIG_DEC_MODE_OFFSET)) >> SE_CONFIG_DEC_MODE_OFFSET,
AesMode_Aes256 = ((SE_CONFIG_ENC_MODE_AESMODE_KEY256 << SE_CONFIG_ENC_MODE_OFFSET) | (SE_CONFIG_DEC_MODE_AESMODE_KEY256 << SE_CONFIG_DEC_MODE_OFFSET)) >> SE_CONFIG_DEC_MODE_OFFSET,
};
enum MemoryInterface {
MemoryInterface_Ahb = SE_CRYPTO_CONFIG_MEMIF_AHB,
MemoryInterface_Mc = SE_CRYPTO_CONFIG_MEMIF_MCCIF,
};
constexpr inline u32 AesConfigEcb = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
constexpr inline u32 AesConfigCtr = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 1),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, LINEAR_CTR),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BOTTOM),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
constexpr inline u32 AesConfigCmac = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, INIT_AESOUT),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, TOP),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, ENABLE));
constexpr inline u32 AesConfigCbcEncrypt = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, INIT_AESOUT),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, TOP),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
constexpr inline u32 AesConfigCbcDecrypt = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, INIT_PREV_MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BOTTOM),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
void SetConfig(volatile SecurityEngineRegisters *SE, bool encrypt, SE_CONFIG_DST dst) {
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM (CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM_SEL(CONFIG_ENC_ALG, encrypt, AES_ENC, NOP),
SE_REG_BITS_ENUM_SEL(CONFIG_DEC_ALG, encrypt, NOP, AES_DEC),
SE_REG_BITS_VALUE (CONFIG_DST, dst));
}
void SetAesConfig(volatile SecurityEngineRegisters *SE, int slot, bool encrypt, u32 config) {
const u32 encoded = reg::Encode(SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
SE_REG_BITS_VALUE (CRYPTO_CONFIG_KEY_INDEX, slot),
SE_REG_BITS_ENUM_SEL(CRYPTO_CONFIG_CORE_SEL, encrypt, ENCRYPT, DECRYPT));
reg::Write(SE->SE_CRYPTO_CONFIG, (config | encoded));
}
void SetBlockCount(volatile SecurityEngineRegisters *SE, int count) {
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, count - 1);
}
void UpdateAesMode(volatile SecurityEngineRegisters *SE, AesMode mode) {
reg::ReadWrite(SE->SE_CONFIG, REG_BITS_VALUE(16, 16, mode));
}
void UpdateMemoryInterface(volatile SecurityEngineRegisters *SE, MemoryInterface memif) {
reg::ReadWrite(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_VALUE(CRYPTO_CONFIG_MEMIF, memif));
}
void SetCounter(volatile SecurityEngineRegisters *SE, const void *ctr) {
const u32 *ctr_32 = reinterpret_cast<const u32 *>(ctr);
/* Copy the input ctr to the linear CTR registers. */
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[0], util::LoadLittleEndian(ctr_32 + 0));
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[1], util::LoadLittleEndian(ctr_32 + 1));
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[2], util::LoadLittleEndian(ctr_32 + 2));
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[3], util::LoadLittleEndian(ctr_32 + 3));
}
void SetAesKeyIv(volatile SecurityEngineRegisters *SE, int slot, const void *iv, size_t iv_size) {
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
AMS_ABORT_UNLESS(iv_size <= AesBlockSize);
/* Set each iv word in order. */
const u32 *iv_u32 = static_cast<const u32 *>(iv);
const int num_words = iv_size / sizeof(u32);
for (int i = 0; i < num_words; ++i) {
/* Select the keyslot. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, ORIGINAL_IV),
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
/* Set the iv word. */
SE->SE_CRYPTO_KEYTABLE_DATA = *(iv_u32++);
}
}
void SetEncryptedAesKey(int dst_slot, int kek_slot, const void *key, size_t key_size, AesMode mode) {
AMS_ABORT_UNLESS(key_size <= AesKeySizeMax);
AMS_ABORT_UNLESS(0 <= dst_slot && dst_slot < AesKeySlotCount);
AMS_ABORT_UNLESS(0 <= kek_slot && kek_slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Configure for single AES ECB decryption to key table. */
SetConfig(SE, false, SE_CONFIG_DST_KEYTABLE);
SetAesConfig(SE, kek_slot, false, AesConfigEcb);
UpdateAesMode(SE, mode);
SetBlockCount(SE, 1);
/* Select the destination keyslot. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, dst_slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_0_3));
/* Ensure that the se sees the keydata we want it to. */
hw::FlushDataCache(key, key_size);
hw::DataSynchronizationBarrierInnerShareable();
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, key, key_size);
}
void EncryptAes(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, AesMode mode) {
/* If nothing to decrypt, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(dst_size == AesBlockSize);
AMS_ABORT_UNLESS(src_size == AesBlockSize);
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Configure for AES-ECB encryption to memory. */
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, true, AesConfigEcb);
UpdateAesMode(SE, mode);
/* Execute the operation. */
ExecuteOperationSingleBlock(SE, dst, dst_size, src, src_size);
}
void ExpandSubkey(u8 *subkey) {
/* Shift everything left one bit. */
u8 prev = 0;
for (int i = AesBlockSize - 1; i >= 0; --i) {
const u8 top = (subkey[i] >> 7);
subkey[i] = ((subkey[i] << 1) | prev);
prev = top;
}
/* And xor with Rb if necessary. */
if (prev != 0) {
subkey[AesBlockSize - 1] ^= 0x87;
}
}
void ExpandSubkeyLittleEndian(u8 *subkey) {
/* Shift everything left one bit. */
u8 prev = 0;
for (size_t i = 0; i < AesBlockSize; ++i) {
const u8 top = (subkey[i] >> 7);
subkey[i] = ((subkey[i] << 1) | prev);
prev = top;
}
/* And xor with Rb if necessary. */
if (prev != 0) {
subkey[0] ^= 0x87;
}
}
void GetCmacResult(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size) {
const int num_words = dst_size / sizeof(u32);
for (int i = 0; i < num_words; ++i) {
reg::Write(static_cast<u32 *>(dst) + i, reg::Read(SE->SE_HASH_RESULT[i]));
}
}
void ComputeAesCmac(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, AesMode mode) {
/* Validate input. */
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine mac extents. */
const int num_blocks = util::DivideUp(src_size, AesBlockSize);
const size_t last_block_size = (src_size == 0) ? 0 : (src_size - ((num_blocks - 1) * AesBlockSize));
/* Create subkey. */
u8 subkey[AesBlockSize];
{
/* Encrypt zeroes. */
std::memset(subkey, 0, sizeof(subkey));
EncryptAes(subkey, sizeof(subkey), slot, subkey, sizeof(subkey), mode);
/* Expand. */
ExpandSubkey(subkey);
/* Account for last block. */
if (last_block_size != AesBlockSize) {
ExpandSubkey(subkey);
}
}
/* Configure for AES-CMAC. */
SetConfig(SE, true, SE_CONFIG_DST_HASH_REG);
SetAesConfig(SE, slot, true, AesConfigCmac);
UpdateAesMode(SE, mode);
/* Set the IV to zero. */
for (int i = 0; i < 4; ++i) {
/* Select the keyslot. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, ORIGINAL_IV),
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
/* Set the iv word. */
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
}
/* Handle blocks before the last. */
if (num_blocks > 1) {
SetBlockCount(SE, num_blocks - 1);
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, src, src_size);
reg::ReadWrite(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM(CRYPTO_CONFIG_IV_SELECT, UPDATED));
}
/* Handle the last block. */
{
SetBlockCount(SE, 1);
/* Create the last block. */
u8 last_block[AesBlockSize];
if (last_block_size < sizeof(last_block)) {
std::memset(last_block, 0, sizeof(last_block));
last_block[last_block_size] = 0x80;
}
std::memcpy(last_block, static_cast<const u8 *>(src) + src_size - last_block_size, last_block_size);
/* Xor with the subkey. */
for (size_t i = 0; i < AesBlockSize; ++i) {
last_block[i] ^= subkey[i];
}
/* Ensure the SE sees correct data. */
hw::FlushDataCache(last_block, sizeof(last_block));
hw::DataSynchronizationBarrierInnerShareable();
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, last_block, sizeof(last_block));
}
/* Get the output. */
GetCmacResult(SE, dst, dst_size);
}
void EncryptAesCbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size, AesMode mode) {
/* If nothing to encrypt, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine extents. */
const size_t num_blocks = src_size / AesBlockSize;
const size_t aligned_size = num_blocks * AesBlockSize;
AMS_ABORT_UNLESS(src_size == aligned_size);
/* Configure for aes-cbc encryption. */
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, true, AesConfigCbcEncrypt);
UpdateAesMode(SE, mode);
/* Set the iv. */
SetAesKeyIv(SE, slot, iv, iv_size);
/* Set the block count. */
SetBlockCount(SE, num_blocks);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
}
void DecryptAesCbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size, AesMode mode) {
/* If nothing to decrypt, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine extents. */
const size_t num_blocks = src_size / AesBlockSize;
const size_t aligned_size = num_blocks * AesBlockSize;
AMS_ABORT_UNLESS(src_size == aligned_size);
/* Configure for aes-cbc encryption. */
SetConfig(SE, false, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, false, AesConfigCbcDecrypt);
UpdateAesMode(SE, mode);
/* Set the iv. */
SetAesKeyIv(SE, slot, iv, iv_size);
/* Set the block count. */
SetBlockCount(SE, num_blocks);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
}
void XorWithXtsTweak(void *dst, size_t dst_size, const void *src, size_t src_size, const void *base_tweak) {
/* Copy tweak. */
u8 tweak[se::AesBlockSize];
std::memcpy(tweak, base_tweak, sizeof(tweak));
/* Perform xor. */
u8 *dst_u8 = static_cast<u8 *>(dst);
const u8 *src_u8 = static_cast<const u8 *>(src);
const size_t num_blocks = std::min<size_t>(dst_size, src_size) / sizeof(tweak);
for (size_t i = 0; i < num_blocks; ++i) {
for (size_t j = 0; j < sizeof(tweak); ++j) {
dst_u8[j] = src_u8[j] ^ tweak[j];
}
dst_u8 += sizeof(tweak);
src_u8 += sizeof(tweak);
ExpandSubkeyLittleEndian(tweak);
}
}
void DecryptAesXts(void *dst, size_t dst_size, int slot_enc, int slot_tweak, const void *src, size_t src_size, size_t sector, AesMode mode) {
/* If nothing to decrypt, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(util::IsAligned(dst_size, AesBlockSize));
AMS_ABORT_UNLESS(util::IsAligned(src_size, AesBlockSize));
AMS_ABORT_UNLESS(0 <= slot_enc && slot_enc < AesKeySlotCount);
AMS_ABORT_UNLESS(0 <= slot_tweak && slot_tweak < AesKeySlotCount);
/* Generate tweak. */
u32 base_tweak[se::AesBlockSize / sizeof(u32)] = {};
base_tweak[util::size(base_tweak) - 1] = util::ConvertToBigEndian<u32>(static_cast<u32>(sector));
if constexpr (sizeof(sector) > sizeof(u32)) {
static_assert(sizeof(sector) <= sizeof(u64));
base_tweak[util::size(base_tweak) - 2] = util::ConvertToBigEndian<u32>(static_cast<u32>(sector >> BITSIZEOF(u32)));
}
se::EncryptAes128(base_tweak, sizeof(base_tweak), slot_tweak, base_tweak, sizeof(base_tweak));
/* Xor all data. */
XorWithXtsTweak(dst, dst_size, src, src_size, base_tweak);
/* Ensure the SE sees correct data. */
hw::FlushDataCache(dst, dst_size);
/* Decrypt all data. */
{
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine extents. */
const size_t num_blocks = dst_size / AesBlockSize;
/* Configure for AES-ECB decryption to memory. */
SetConfig(SE, false, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot_enc, false, AesConfigEcb);
UpdateAesMode(SE, mode);
/* Set the block count. */
SetBlockCount(SE, num_blocks);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, dst, dst_size);
/* Ensure the cpu sees correct data. */
hw::InvalidateDataCache(dst, dst_size);
}
/* Xor all data. */
XorWithXtsTweak(dst, dst_size, dst, dst_size, base_tweak);
}
void ComputeAes128Async(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, DoneHandler handler, u32 config, bool encrypt, volatile SecurityEngineRegisters *SE) {
/* If nothing to decrypt, succeed. */
if (size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Configure for the specific operation. */
SetConfig(SE, encrypt, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, encrypt, config);
UpdateMemoryInterface(SE, MemoryInterface_Mc);
/* Configure the number of blocks. */
const int num_blocks = size / AesBlockSize;
SetBlockCount(SE, num_blocks);
/* Set the done handler. */
SetDoneHandler(SE, handler);
/* Start the raw operation. */
StartOperationRaw(SE, SE_OPERATION_OP_START, out_ll_address, in_ll_address);
}
void ClearAesKeySlot(volatile SecurityEngineRegisters *SE, int slot) {
/* Validate the key slot. */
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
for (int i = 0; i < 16; ++i) {
/* Select the keyslot. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot), SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_WORD, i));
/* Write the data. */
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
}
}
}
void ClearAesKeySlot(int slot) {
/* Clear the slot in SE1. */
ClearAesKeySlot(GetRegisters(), slot);
}
void ClearAesKeySlot2(int slot) {
/* Clear the slot in SE2. */
ClearAesKeySlot(GetRegisters2(), slot);
}
void ClearAesKeyIv(int slot) {
/* Validate the key slot. */
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Set each iv word in order. */
for (int i = 0; i < 4; ++i) {
/* Select the keyslot original iv. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, ORIGINAL_IV),
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
/* Set the iv word. */
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
/* Select the keyslot updated iv. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, UPDATED_IV),
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
/* Set the iv word. */
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
}
}
void LockAesKeySlot(int slot, u32 flags) {
/* Validate the key slot. */
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Set non per-key flags. */
if ((flags & ~KeySlotLockFlags_PerKey) != 0) {
/* KeySlotLockFlags_DstKeyTableOnly is Mariko-only. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
reg::ReadWrite(SE->SE_CRYPTO_KEYTABLE_ACCESS[slot], REG_BITS_VALUE(0, 7, ~flags), REG_BITS_VALUE(7, 1, ((flags & KeySlotLockFlags_DstKeyTableOnly) != 0) ? 1 : 0));
} else {
reg::ReadWrite(SE->SE_CRYPTO_KEYTABLE_ACCESS[slot], REG_BITS_VALUE(0, 7, ~flags));
}
}
/* Set per-key flag. */
if ((flags & KeySlotLockFlags_PerKey) != 0) {
reg::ReadWrite(SE->SE_CRYPTO_SECURITY_PERKEY, REG_BITS_VALUE(slot, 1, 0));
}
}
void SetAesKey(int slot, const void *key, size_t key_size) {
/* Validate the key slot and key size. */
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
AMS_ABORT_UNLESS(key_size <= AesKeySizeMax);
/* Get the engine. */
auto *SE = GetRegisters();
/* Set each key word in order. */
const u32 *key_u32 = static_cast<const u32 *>(key);
const int num_words = key_size / sizeof(u32);
for (int i = 0; i < num_words; ++i) {
/* Select the keyslot. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, KEY),
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
/* Set the key word. */
SE->SE_CRYPTO_KEYTABLE_DATA = *(key_u32++);
}
}
void SetEncryptedAesKey128(int dst_slot, int kek_slot, const void *key, size_t key_size) {
return SetEncryptedAesKey(dst_slot, kek_slot, key, key_size, AesMode_Aes128);
}
void SetEncryptedAesKey256(int dst_slot, int kek_slot, const void *key, size_t key_size) {
return SetEncryptedAesKey(dst_slot, kek_slot, key, key_size, AesMode_Aes256);
}
void EncryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
return EncryptAes(dst, dst_size, slot, src, src_size, AesMode_Aes128);
}
void DecryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
/* If nothing to decrypt, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(dst_size == AesBlockSize);
AMS_ABORT_UNLESS(src_size == AesBlockSize);
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Configure for AES-ECB decryption to memory. */
SetConfig(SE, false, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, false, AesConfigEcb);
ExecuteOperationSingleBlock(SE, dst, dst_size, src, src_size);
}
void ComputeAes128Ctr(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
/* If nothing to do, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine how many full blocks we can operate on. */
const size_t num_blocks = src_size / AesBlockSize;
const size_t aligned_size = num_blocks * AesBlockSize;
const size_t fractional = src_size - aligned_size;
/* Here Nintendo writes 1 to SE_SPARE. It's unclear why they do this, but we will do so as well. */
SE->SE_SPARE = 0x1;
/* Configure for AES-CTR encryption/decryption to memory. */
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, true, AesConfigCtr);
/* Set the counter. */
SetCounter(SE, iv);
/* Process as many aligned blocks as we can. */
if (aligned_size > 0) {
/* Configure the engine to process the right number of blocks. */
SetBlockCount(SE, num_blocks);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
/* Synchronize around this point. */
hw::DataSynchronizationBarrierInnerShareable();
}
/* Process a single block to output. */
if (fractional > 0 && dst_size > aligned_size) {
const size_t copy_size = std::min(fractional, dst_size - aligned_size);
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, copy_size, static_cast<const u8 *>(src) + aligned_size, fractional);
}
}
void ComputeAes128Cmac(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
return ComputeAesCmac(dst, dst_size, slot, src, src_size, AesMode_Aes128);
}
void ComputeAes256Cmac(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
return ComputeAesCmac(dst, dst_size, slot, src, src_size, AesMode_Aes256);
}
void EncryptAes128Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
return EncryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes128);
}
void EncryptAes256Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
return EncryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes256);
}
void DecryptAes128Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
return DecryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes128);
}
void DecryptAes256Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
return DecryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes256);
}
void DecryptAes128Xts(void *dst, size_t dst_size, int slot_enc, int slot_tweak, const void *src, size_t src_size, size_t sector) {
return DecryptAesXts(dst, dst_size, slot_enc, slot_tweak, src, src_size, sector, AesMode_Aes128);
}
void EncryptAes128CbcAsync(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, const void *iv, size_t iv_size, DoneHandler handler) {
/* Validate the iv. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
/* Get the registers. */
volatile auto *SE = GetRegisters();
/* Set the iv. */
SetAesKeyIv(SE, slot, iv, iv_size);
/* Perform the asynchronous aes operation. */
ComputeAes128Async(out_ll_address, slot, in_ll_address, size, handler, AesConfigCbcEncrypt, true, SE);
}
void DecryptAes128CbcAsync(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, const void *iv, size_t iv_size, DoneHandler handler) {
/* Validate the iv. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
/* Get the registers. */
volatile auto *SE = GetRegisters();
/* Set the iv. */
SetAesKeyIv(SE, slot, iv, iv_size);
/* Perform the asynchronous aes operation. */
ComputeAes128Async(out_ll_address, slot, in_ll_address, size, handler, AesConfigCbcDecrypt, false, SE);
}
void ComputeAes128CtrAsync(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, const void *iv, size_t iv_size, DoneHandler handler) {
/* Validate the iv. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
/* Get the registers. */
volatile auto *SE = GetRegisters();
/* Here Nintendo writes 1 to SE_SPARE. It's unclear why they do this, but we will do so as well. */
SE->SE_SPARE = 0x1;
/* Set the counter. */
SetCounter(SE, iv);
/* Perform the asynchronous aes operation. */
ComputeAes128Async(out_ll_address, slot, in_ll_address, size, handler, AesConfigCtr, true, SE);
}
}

View File

@@ -1,181 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
struct LinkedListEntry {
u32 zero;
u32 address;
u32 size;
};
static_assert(util::is_pod<LinkedListEntry>::value);
static_assert(sizeof(LinkedListEntry) == 0xC);
uintptr_t GetPhysicalAddress(const void *ptr) {
const uintptr_t virt_address = reinterpret_cast<uintptr_t>(ptr);
#if defined(ATMOSPHERE_ARCH_ARM64)
u64 phys_address;
__asm__ __volatile__("at s1e3r, %[virt]; mrs %[phys], par_el1" : [phys]"=r"(phys_address) : [virt]"r"(virt_address) : "memory", "cc");
return (phys_address & 0x0000FFFFFFFFF000ul) | (virt_address & 0x0000000000000FFFul);
#elif defined(ATMOSPHERE_ARCH_ARM)
return virt_address;
#else
#error "Unknown architecture for Tegra Security Engine physical address translation"
#endif
}
constexpr void SetLinkedListEntry(LinkedListEntry *entry, const void *ptr, size_t size) {
/* Clear the zero field. */
entry->zero = 0;
/* Set the address. */
if (ptr != nullptr) {
entry->address = GetPhysicalAddress(ptr);
entry->size = static_cast<u32>(size);
} else {
entry->address = 0;
entry->size = 0;
}
}
void StartOperation(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op) {
/* Write back the current values of the error and interrupt status. */
reg::Write(SE->SE_ERR_STATUS, reg::Read(SE->SE_ERR_STATUS));
reg::Write(SE->SE_INT_STATUS, reg::Read(SE->SE_INT_STATUS));
/* Write the operation. */
reg::Write(SE->SE_OPERATION, SE_REG_BITS_VALUE(OPERATION_OP, op));
}
void EnsureOperationStarted(volatile SecurityEngineRegisters *SE) {
/* Read the operation register to make sure our write takes. */
reg::Read(SE->SE_OPERATION);
hw::DataSynchronizationBarrierInnerShareable();
}
void WaitForOperationComplete(volatile SecurityEngineRegisters *SE) {
/* Spin until the operation is done. */
while (reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_SE_OP_DONE, CLEAR))) { /* ... */ }
/* Check for operation success. */
ValidateAesOperationResult(SE);
}
}
void ExecuteOperation(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, void *dst, size_t dst_size, const void *src, size_t src_size) {
/* Set the linked list entries. */
LinkedListEntry src_entry;
LinkedListEntry dst_entry;
SetLinkedListEntry(std::addressof(src_entry), src, src_size);
SetLinkedListEntry(std::addressof(dst_entry), dst, dst_size);
/* Ensure the linked list entry data is seen correctly. */
hw::FlushDataCache(std::addressof(src_entry), sizeof(src_entry));
hw::FlushDataCache(std::addressof(dst_entry), sizeof(dst_entry));
hw::DataSynchronizationBarrierInnerShareable();
/* Configure the linked list addresses. */
reg::Write(SE->SE_IN_LL_ADDR, static_cast<u32>(GetPhysicalAddress(std::addressof(src_entry))));
reg::Write(SE->SE_OUT_LL_ADDR, static_cast<u32>(GetPhysicalAddress(std::addressof(dst_entry))));
/* Start the operation. */
StartOperation(SE, op);
/* Wait for the operation to complete. */
WaitForOperationComplete(SE);
}
void ExecuteOperationSingleBlock(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size) {
/* Validate sizes. */
AMS_ABORT_UNLESS(dst_size <= AesBlockSize);
AMS_ABORT_UNLESS(src_size <= AesBlockSize);
/* Set the block count to 1. */
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
/* Create an aligned buffer. */
util::AlignedBuffer<hw::DataCacheLineSize, AesBlockSize> aligned;
std::memcpy(aligned, src, src_size);
hw::FlushDataCache(aligned, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, aligned, AesBlockSize, aligned, AesBlockSize);
/* Ensure that the CPU will see the correct output. */
hw::DataSynchronizationBarrierInnerShareable();
hw::FlushDataCache(aligned, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
/* Copy the output to the destination. */
std::memcpy(dst, aligned, dst_size);
}
void StartInputOperation(volatile SecurityEngineRegisters *SE, const void *src, size_t src_size) {
/* Set the linked list entry. */
LinkedListEntry src_entry;
SetLinkedListEntry(std::addressof(src_entry), src, src_size);
/* Ensure the linked list entry data is seen correctly. */
hw::FlushDataCache(std::addressof(src_entry), sizeof(src_entry));
hw::DataSynchronizationBarrierInnerShareable();
/* Configure the linked list addresses. */
reg::Write(SE->SE_IN_LL_ADDR, static_cast<u32>(GetPhysicalAddress(std::addressof(src_entry))));
/* Start the operation. */
StartOperation(SE, SE_OPERATION_OP_START);
/* Ensure the operation is started. */
EnsureOperationStarted(SE);
}
void StartOperationRaw(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, u32 out_ll_address, u32 in_ll_address) {
/* Configure the linked list addresses. */
reg::Write(SE->SE_IN_LL_ADDR, in_ll_address);
reg::Write(SE->SE_OUT_LL_ADDR, out_ll_address);
/* Start the operation. */
StartOperation(SE, op);
/* Ensure the operation is started. */
EnsureOperationStarted(SE);
}
void ValidateAesOperationResult(volatile SecurityEngineRegisters *SE) {
/* Ensure no error occurred. */
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_ERR_STAT, CLEAR)));
/* Ensure the security engine is idle. */
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_STATE, IDLE)));
/* Ensure there is no error status. */
AMS_ABORT_UNLESS(reg::Read(SE->SE_ERR_STATUS) == 0);
}
void ValidateAesOperationResult() {
return ValidateAesOperationResult(GetRegisters());
}
}

View File

@@ -1,33 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_registers.hpp"
namespace ams::se {
volatile SecurityEngineRegisters *GetRegisters();
volatile SecurityEngineRegisters *GetRegisters2();
void ExecuteOperation(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, void *dst, size_t dst_size, const void *src, size_t src_size);
void ExecuteOperationSingleBlock(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size);
void StartInputOperation(volatile SecurityEngineRegisters *SE, const void *src, size_t src_size);
void StartOperationRaw(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, u32 out_ll_address, u32 in_ll_address);
void SetDoneHandler(volatile SecurityEngineRegisters *SE, DoneHandler handler);
void ValidateAesOperationResult(volatile SecurityEngineRegisters *SE);
}

View File

@@ -1,72 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
void SetMessageSize(volatile SecurityEngineRegisters *SE, size_t src_size) {
/* Set the message size. */
reg::Write(SE->SE_SHA_MSG_LENGTH[0], src_size * BITSIZEOF(u8));
reg::Write(SE->SE_SHA_MSG_LENGTH[1], 0);
reg::Write(SE->SE_SHA_MSG_LENGTH[2], 0);
reg::Write(SE->SE_SHA_MSG_LENGTH[3], 0);
/* Set the message remaining size. */
reg::Write(SE->SE_SHA_MSG_LEFT[0], src_size * BITSIZEOF(u8));
reg::Write(SE->SE_SHA_MSG_LEFT[1], 0);
reg::Write(SE->SE_SHA_MSG_LEFT[2], 0);
reg::Write(SE->SE_SHA_MSG_LEFT[3], 0);
}
void GetHashResult(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size) {
/* Copy out the words. */
const int num_words = dst_size / sizeof(u32);
for (int i = 0; i < num_words; ++i) {
const u32 word = reg::Read(SE->SE_HASH_RESULT[i]);
util::StoreBigEndian(static_cast<u32 *>(dst) + i, word);
}
}
}
void CalculateSha256(Sha256Hash *dst, const void *src, size_t src_size) {
/* Get the engine. */
auto *SE = GetRegisters();
/* Configure the engine to perform SHA256 "encryption". */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, SHA256),
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, SHA),
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
SE_REG_BITS_ENUM(CONFIG_DST, HASH_REG));
/* Begin a hardware hash operation. */
reg::Write(SE->SE_SHA_CONFIG, SE_REG_BITS_VALUE(SHA_CONFIG_HW_INIT_HASH, 1));
/* Set the message size. */
SetMessageSize(SE, src_size);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, src, src_size);
/* Get the result. */
GetHashResult(SE, dst, sizeof(*dst));
}
}

View File

@@ -1,142 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
constinit uintptr_t g_register_address = secmon::MemoryRegionPhysicalDeviceSecurityEngine.GetAddress();
constinit uintptr_t g_register2_address = secmon::MemoryRegionPhysicalDeviceSecurityEngine2.GetAddress();
constinit DoneHandler g_done_handler = nullptr;
void SetSecure(volatile SecurityEngineRegisters *SE, bool secure) {
/* Set the security software setting. */
if (secure) {
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_SOFT_SETTING, SECURE));
} else {
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_SOFT_SETTING, NONSECURE));
}
/* Read the status register to force an update. */
reg::Read(SE->SE_SE_SECURITY);
}
}
volatile SecurityEngineRegisters *GetRegisters() {
return reinterpret_cast<volatile SecurityEngineRegisters *>(g_register_address);
}
volatile SecurityEngineRegisters *GetRegisters2() {
return reinterpret_cast<volatile SecurityEngineRegisters *>(g_register2_address);
}
void SetRegisterAddress(uintptr_t address, uintptr_t address2) {
g_register_address = address;
g_register2_address = address2;
}
void Initialize() {
auto *SE = GetRegisters();
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_STATE, IDLE)));
}
void SetSecure(bool secure) {
/* Set security for SE1. */
SetSecure(GetRegisters(), secure);
/* If SE2 is present, set security for SE2. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
SetSecure(GetRegisters2(), secure);
}
}
void SetTzramSecure() {
auto *SE = GetRegisters();
/* Set the TZRAM setting to secure. */
SE->SE_TZRAM_SECURITY = SE_TZRAM_SETTING_SECURE;
}
void SetPerKeySecure() {
auto *SE = GetRegisters();
/* Update PERKEY_SETTING to secure. */
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_PERKEY_SETTING, SECURE));
}
void SetContextSaveSecure() {
/* Context save lock to trustzone secure is only available on mariko. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
auto *SE = GetRegisters();
auto *SE2 = GetRegisters2();
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_CTX_SAVE_TZ_LOCK, SECURE));
reg::ReadWrite(SE2->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_CTX_SAVE_TZ_LOCK, SECURE));
}
}
void Lockout() {
auto *SE = GetRegisters();
/* Lock access to the AES keyslots. */
for (int i = 0; i < AesKeySlotCount; ++i) {
SE->SE_CRYPTO_KEYTABLE_ACCESS[i] = 0;
}
/* Lock access to the RSA keyslots. */
for (int i = 0; i < RsaKeySlotCount; ++i) {
SE->SE_RSA_KEYTABLE_ACCESS[i] = 0;
}
/* Set Per Key secure. */
SetPerKeySecure();
/* Configure SE_SECURITY. */
{
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_HARD_SETTING, SECURE),
SE_REG_BITS_ENUM(SECURITY_ENG_DIS, DISABLE),
SE_REG_BITS_ENUM(SECURITY_PERKEY_SETTING, SECURE),
SE_REG_BITS_ENUM(SECURITY_SOFT_SETTING, SECURE));
}
}
void HandleInterrupt() {
/* Get the registers. */
auto *SE = GetRegisters();
/* Disable the SE interrupt. */
reg::Write(SE->SE_INT_ENABLE, 0);
/* Execute the handler if we have one. */
if (const auto handler = g_done_handler; handler != nullptr) {
g_done_handler = nullptr;
handler();
}
}
void SetDoneHandler(volatile SecurityEngineRegisters *SE, DoneHandler handler) {
/* Set the done handler. */
g_done_handler = handler;
/* Configure to trigger an interrupt when done. */
reg::Write(SE->SE_INT_ENABLE, SE_REG_BITS_ENUM(INT_ENABLE_SE_OP_DONE, ENABLE));
}
}

View File

@@ -1,122 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
/* NOTE: This implementation is mostly copy/pasted from crypto::impl::RsaOaepImpl. */
namespace {
constexpr inline size_t HashSize = sizeof(Sha256Hash);
constexpr inline u8 HeadMagic = 0x00;
void ApplyMGF1(u8 *dst, size_t dst_size, const void *src, size_t src_size) {
/* Check our pre-conditions. */
AMS_ABORT_UNLESS(src_size <= RsaSize - (1 + HashSize));
/* Create a buffer. */
util::AlignedBuffer<hw::DataCacheLineSize, RsaSize - (1 + HashSize) + sizeof(u32)> buf;
u32 counter = 0;
while (dst_size > 0) {
/* Setup the current hash buffer. */
const size_t cur_size = std::min(HashSize, dst_size);
std::memcpy(static_cast<u8 *>(buf), src, src_size);
{
u32 counter_be;
util::StoreBigEndian(std::addressof(counter_be), counter++);
std::memcpy(static_cast<u8 *>(buf) + src_size, std::addressof(counter_be), sizeof(counter_be));
}
/* Ensure se sees correct data. */
hw::FlushDataCache(buf, src_size + sizeof(u32));
hw::DataSynchronizationBarrierInnerShareable();
/* Calculate the hash. */
Sha256Hash hash;
se::CalculateSha256(std::addressof(hash), buf, src_size + sizeof(u32));
/* Mask the current output. */
const u8 *mask = hash.bytes;
for (size_t i = 0; i < cur_size; ++i) {
*(dst++) ^= *(mask++);
}
/* Advance. */
dst_size -= cur_size;
}
}
}
size_t DecodeRsaOaepSha256(void *dst, size_t dst_size, void *src, size_t src_size, const void *label_digest, size_t label_digest_size) {
/* Check our preconditions. */
AMS_ABORT_UNLESS(src_size == RsaSize);
AMS_ABORT_UNLESS(label_digest_size == HashSize);
/* Get a byte-readable copy of the input. */
u8 *buf = static_cast<u8 *>(src);
/* Validate sanity byte. */
bool is_valid = buf[0] == HeadMagic;
/* Decrypt seed and masked db. */
size_t db_len = src_size - HashSize - 1;
u8 *seed = buf + 1;
u8 *db = seed + HashSize;
ApplyMGF1(seed, HashSize, db, db_len);
ApplyMGF1(db, db_len, seed, HashSize);
/* Check the label digest. */
is_valid &= crypto::IsSameBytes(label_digest, db, HashSize);
/* Skip past the label digest. */
db += HashSize;
db_len -= HashSize;
/* Verify that DB is of the form 0000...0001 < message > */
s32 msg_ofs = 0;
{
int looking_for_one = 1;
int invalid_db_padding = 0;
int is_zero;
int is_one;
for (size_t i = 0; i < db_len; /* ... */) {
is_zero = (db[i] == 0);
is_one = (db[i] == 1);
msg_ofs += (looking_for_one & is_one) * (static_cast<s32>(++i));
looking_for_one &= ~is_one;
invalid_db_padding |= (looking_for_one & ~is_zero);
}
is_valid &= (invalid_db_padding == 0);
}
/* If we're invalid, return zero size. */
const size_t valid_msg_size = db_len - msg_ofs;
const size_t msg_size = std::min(dst_size, static_cast<size_t>(is_valid) * valid_msg_size);
/* Copy to output. */
std::memcpy(dst, db + msg_ofs, msg_size);
/* Return copied size. */
return msg_size;
}
}

View File

@@ -1,262 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
namespace ams::se {
struct SecurityEngineRegisters {
u32 SE_SE_SECURITY;
u32 SE_TZRAM_SECURITY;
u32 SE_OPERATION;
u32 SE_INT_ENABLE;
u32 SE_INT_STATUS;
u32 SE_CONFIG;
u32 SE_IN_LL_ADDR;
u32 SE_IN_CUR_BYTE_ADDR;
u32 SE_IN_CUR_LL_ID;
u32 SE_OUT_LL_ADDR;
u32 SE_OUT_CUR_BYTE_ADDR;
u32 SE_OUT_CUR_LL_ID;
u32 SE_HASH_RESULT[0x10];
u32 SE_CTX_SAVE_CONFIG;
u32 SE_CTX_SAVE_AUTO;
u32 _0x78[0x62];
u32 SE_SHA_CONFIG;
u32 SE_SHA_MSG_LENGTH[0x4];
u32 SE_SHA_MSG_LEFT[0x4];
u32 _0x224[0x17];
u32 SE_CRYPTO_SECURITY_PERKEY;
u32 SE_CRYPTO_KEYTABLE_ACCESS[0x10];
u32 _0x2C4[0x10];
u32 SE_CRYPTO_CONFIG;
u32 SE_CRYPTO_LINEAR_CTR[0x4];
u32 SE_CRYPTO_LAST_BLOCK;
u32 SE_CRYPTO_KEYTABLE_ADDR;
u32 SE_CRYPTO_KEYTABLE_DATA;
u32 _0x324[0x3];
u32 SE_CRYPTO_KEYTABLE_DST;
u32 _0x334[0x3];
u32 SE_RNG_CONFIG;
u32 SE_RNG_SRC_CONFIG;
u32 SE_RNG_RESEED_INTERVAL;
u32 _0x34C[0x2D];
u32 SE_RSA_CONFIG;
u32 SE_RSA_KEY_SIZE;
u32 SE_RSA_EXP_SIZE;
u32 SE_RSA_SECURITY_PERKEY;
u32 SE_RSA_KEYTABLE_ACCESS[0x2];
u32 _0x418[0x2];
u32 SE_RSA_KEYTABLE_ADDR;
u32 SE_RSA_KEYTABLE_DATA;
u32 SE_RSA_OUTPUT[0x40];
u32 _0x528[0x6];
u32 SE_TZRAM_OPERATION;
u32 _0x544[0xAF];
u32 SE_STATUS;
u32 SE_ERR_STATUS;
u32 SE_MISC;
u32 SE_SPARE;
u32 SE_ENTROPY_DEBUG_COUNTER;
u32 _0x814;
u32 _0x818;
u32 _0x81C;
u32 _0x820[0x5F8];
};
static_assert(util::is_pod<SecurityEngineRegisters>::value);
static_assert(sizeof(SecurityEngineRegisters) == secmon::MemoryRegionPhysicalDeviceSecurityEngine.GetSize());
static_assert(AesKeySlotCount == util::size(SecurityEngineRegisters{}.SE_CRYPTO_KEYTABLE_ACCESS));
static_assert(RsaKeySlotCount == util::size(SecurityEngineRegisters{}.SE_RSA_KEYTABLE_ACCESS));
#define SE_REG_BITS_MASK(NAME) REG_NAMED_BITS_MASK (SE, NAME)
#define SE_REG_BITS_VALUE(NAME, VALUE) REG_NAMED_BITS_VALUE (SE, NAME, VALUE)
#define SE_REG_BITS_ENUM(NAME, ENUM) REG_NAMED_BITS_ENUM (SE, NAME, ENUM)
#define SE_REG_BITS_ENUM_SEL(NAME, __COND__, TRUE_ENUM, FALSE_ENUM) REG_NAMED_BITS_ENUM_SEL(SE, NAME, __COND__, TRUE_ENUM, FALSE_ENUM)
#define DEFINE_SE_REG(NAME, __OFFSET__, __WIDTH__) REG_DEFINE_NAMED_REG (SE, NAME, __OFFSET__, __WIDTH__)
#define DEFINE_SE_REG_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE) REG_DEFINE_NAMED_BIT_ENUM (SE, NAME, __OFFSET__, ZERO, ONE)
#define DEFINE_SE_REG_TWO_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE, TWO, THREE) REG_DEFINE_NAMED_TWO_BIT_ENUM (SE, NAME, __OFFSET__, ZERO, ONE, TWO, THREE)
#define DEFINE_SE_REG_THREE_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN) REG_DEFINE_NAMED_THREE_BIT_ENUM(SE, NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN)
#define DEFINE_SE_REG_FOUR_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN, EIGHT, NINE, TEN, ELEVEN, TWELVE, THIRTEEN, FOURTEEN, FIFTEEN) REG_DEFINE_NAMED_FOUR_BIT_ENUM (SE, NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN, EIGHT, NINE, TEN, ELEVEN, TWELVE, THIRTEEN, FOURTEEN, FIFTEEN)
#define DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(NAME, __OFFSET__) \
REG_DEFINE_NAMED_REG(SE, NAME, __OFFSET__, 1); \
\
enum SE_##NAME { \
SE_##NAME##_##CLEAR = 0, \
SE_##NAME##_##ACTIVE = 1, \
SE_##NAME##_##SW_CLEAR = 1, \
};
/* SE_STATUS. */
DEFINE_SE_REG_TWO_BIT_ENUM(STATUS_STATE, 0, IDLE, BUSY, WAIT_OUT, WAIT_IN);
DEFINE_SE_REG_BIT_ENUM(STATUS_MEM_INTERFACE, 2, IDLE, BUSY);
/* SE_SECURITY */
DEFINE_SE_REG_BIT_ENUM(SECURITY_HARD_SETTING, 0, SECURE, NONSECURE);
DEFINE_SE_REG_BIT_ENUM(SECURITY_ENG_DIS, 1, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(SECURITY_PERKEY_SETTING, 2, SECURE, NONSECURE);
DEFINE_SE_REG_BIT_ENUM(SECURITY_CTX_SAVE_TZ_LOCK, 4, SECURE, NONSECURE);
DEFINE_SE_REG_BIT_ENUM(SECURITY_CTX_TZ_LOCK_SOFT, 5, SECURE, NONSECURE);
DEFINE_SE_REG_BIT_ENUM(SECURITY_SOFT_SETTING, 16, SECURE, NONSECURE);
/* SE_TZRAM_SECURITY */
DEFINE_SE_REG(TZRAM_SETTING, 0, BITSIZEOF(u32));
constexpr inline u32 SE_TZRAM_SETTING_SECURE = 0;
/* SE_TZRAM_OPERATION */
DEFINE_SE_REG_BIT_ENUM(TZRAM_OPERATION_REQ, 0, IDLE, INITIATE);
DEFINE_SE_REG_BIT_ENUM(TZRAM_OPERATION_MODE, 1, SAVE, RESTORE);
DEFINE_SE_REG_BIT_ENUM(TZRAM_OPERATION_BUSY, 2, NO, YES);
DEFINE_SE_REG(TZRAM_OPERATION_CURR_ADDR, 16, 16);
/* SE_OPERATION */
DEFINE_SE_REG_THREE_BIT_ENUM(OPERATION_OP, 0, ABORT, START, RESTART_OUT, CTX_SAVE, RESTART_IN, RESERVED_5, RESERVED_6, RESERVED_7);
/* SE_INT_ENABLE */
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_IN_LL_BUF_RD, 0, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_IN_DONE, 1, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_OUT_LL_BUF_WR, 2, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_OUT_DONE, 3, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_SE_OP_DONE, 4, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_RESEED_CNTR_EXHAUSTED, 5, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_ERR_STAT, 16, DISABLE, ENABLE);
/* SE_INT_STATUS */
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_IN_LL_BUF_RD, 0);
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_IN_DONE, 1);
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_OUT_LL_BUF_WR, 2);
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_OUT_DONE, 3);
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_SE_OP_DONE, 4);
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_RESEED_CNTR_EXHAUSTED, 5);
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_ERR_STAT, 16);
/* SE_CONFIG */
DEFINE_SE_REG(CONFIG_DEC_MODE, 16, 8);
DEFINE_SE_REG(CONFIG_ENC_MODE, 24, 8);
DEFINE_SE_REG_THREE_BIT_ENUM(CONFIG_DST, 2, MEMORY, HASH_REG, KEYTABLE, SRK, RSA_REG, RESERVED5, RESERVED6, RESERVED7);
DEFINE_SE_REG_FOUR_BIT_ENUM(CONFIG_DEC_ALG, 8, NOP, AES_DEC, RESERVED2, RESERVED3, RESERVED4, RESERVED5, RESERVED6, RESERVED7, RESERVED8, RESERVED9, RESERVED10, RESERVED11, RESERVED12, RESERVED13, RESERVED14, RESERVED15);
DEFINE_SE_REG_FOUR_BIT_ENUM(CONFIG_ENC_ALG, 12, NOP, AES_ENC, RNG, SHA, RSA, RESERVED5, RESERVED6, RESERVED7, RESERVED8, RESERVED9, RESERVED10, RESERVED11, RESERVED12, RESERVED13, RESERVED14, RESERVED15);
enum SE_CONFIG_DEC_MODE {
SE_CONFIG_DEC_MODE_AESMODE_KEY128 = 0,
SE_CONFIG_DEC_MODE_AESMODE_KEY192 = 1,
SE_CONFIG_DEC_MODE_AESMODE_KEY256 = 2,
};
enum SE_CONFIG_ENC_MODE {
SE_CONFIG_ENC_MODE_AESMODE_KEY128 = 0,
SE_CONFIG_ENC_MODE_AESMODE_KEY192 = 1,
SE_CONFIG_ENC_MODE_AESMODE_KEY256 = 2,
SE_CONFIG_ENC_MODE_SHA1 = 1,
SE_CONFIG_ENC_MODE_SHA224 = 4,
SE_CONFIG_ENC_MODE_SHA256 = 5,
SE_CONFIG_ENC_MODE_SHA384 = 6,
SE_CONFIG_ENC_MODE_SHA512 = 7,
};
/* SE_CTX_SAVE_CONFIG */
DEFINE_SE_REG_TWO_BIT_ENUM(CTX_SAVE_CONFIG_AES_WORD_QUAD, 0, KEYS_0_3, KEYS_4_7, ORIGINAL_IVS, UPDATED_IVS);
DEFINE_SE_REG(CTX_SAVE_CONFIG_PKA1_WORD_QUAD_L, 0, 4);
DEFINE_SE_REG(CTX_SAVE_CONFIG_AES_KEY_INDEX, 8, 4);
DEFINE_SE_REG(CTX_SAVE_CONFIG_RSA_WORD_QUAD, 12, 4);
DEFINE_SE_REG(CTX_SAVE_CONFIG_PKA1_WORD_QUAD_H, 12, 4);
DEFINE_SE_REG_TWO_BIT_ENUM(CTX_SAVE_CONFIG_RSA_KEY_INDEX, 16, SLOT0_EXPONENT, SLOT0_MODULUS, SLOT1_EXPONENT, SLOT1_MODULUS);
DEFINE_SE_REG_BIT_ENUM(CTX_SAVE_CONFIG_STICKY_WORD_QUAD, 24, WORDS_0_3, WORDS_4_7);
DEFINE_SE_REG_THREE_BIT_ENUM(CTX_SAVE_CONFIG_SRC, 29, STICKY_BITS, RSA_KEYTABLE, AES_KEYTABLE, PKA1_STICKY_BITS, MEM, RESERVED5, SRK, PKA1_KEYTABLE);
/* SE_CTX_SAVE_AUTO */
DEFINE_SE_REG_BIT_ENUM(CTX_SAVE_AUTO_ENABLE, 0, NO, YES);
DEFINE_SE_REG_BIT_ENUM(CTX_SAVE_AUTO_LOCK, 8, NO, YES);
DEFINE_SE_REG(CTX_SAVE_AUTO_CURR_CNT, 16, 10);
/* SE_SHA_CONFIG */
DEFINE_SE_REG(SHA_CONFIG_HW_INIT_HASH, 0, 1);
/* SE_CRYPTO_KEYTABLE_ADDR */
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_WORD, 0, 4);
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_IV_WORD, 0, 2);
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, 0, 3);
enum SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD {
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_0 = 0u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_1 = 1u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_2 = 2u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_3 = 3u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_4 = 4u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_5 = 5u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_6 = 6u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_7 = 7u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_0 = 8u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_1 = 9u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_2 = 10u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_3 = 11u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_0 = 12u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_1 = 13u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_2 = 14u,
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_3 = 15u,
};
DEFINE_SE_REG_BIT_ENUM(CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, 2, ORIGINAL_IV, UPDATED_IV);
DEFINE_SE_REG_BIT_ENUM(CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, 3, KEY, IV);
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, 4, 4);
/* SE_RSA_CONFIG */
DEFINE_SE_REG(RSA_CONFIG_KEY_SLOT, 24, 1);
/* SE_RSA_KEYTABLE_ADDR */
DEFINE_SE_REG(RSA_KEYTABLE_ADDR_WORD_ADDR, 0, 6);
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ADDR_EXPMOD_SEL, 6, EXPONENT, MODULUS);
DEFINE_SE_REG(RSA_KEYTABLE_ADDR_KEY_SLOT, 7, 1);
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ADDR_INPUT_MODE, 8, REGISTER, MEMORY);
/* SE_RSA_KEYTABLE_ACCESS */
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ACCESS_KEYREAD, 0, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ACCESS_KEYUPDATE, 1, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ACCESS_KEYUSE, 2, DISABLE, ENABLE);
/* SE_CRYPTO_CONFIG */
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_HASH_ENB, 0, DISABLE, ENABLE);
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_CONFIG_XOR_POS, 1, BYPASS, RESERVED, TOP, BOTTOM);
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_CONFIG_INPUT_SEL, 3, MEMORY, RANDOM, INIT_AESOUT, LINEAR_CTR);
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_CONFIG_VCTRAM_SEL, 5, MEMORY, RESERVED, INIT_AESOUT, INIT_PREV_MEMORY);
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_IV_SELECT, 7, ORIGINAL, UPDATED);
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_CORE_SEL, 8, DECRYPT, ENCRYPT);
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_KEYSCH_BYPASS, 10, DISABLE, ENABLE);
DEFINE_SE_REG(CRYPTO_CONFIG_CTR_CNTN, 11, 8);
DEFINE_SE_REG(CRYPTO_CONFIG_KEY_INDEX, 24, 4);
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_MEMIF, 31, AHB, MCCIF);
/* SE_CRYPTO_KEYTABLE_DST */
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, 0, KEYS_0_3, KEYS_4_7, ORIGINAL_IV, UPDATED_IV);
DEFINE_SE_REG(CRYPTO_KEYTABLE_DST_KEY_INDEX, 8, 4);
/* SE_RNG_CONFIG */
DEFINE_SE_REG_TWO_BIT_ENUM(RNG_CONFIG_MODE, 0, NORMAL, FORCE_INSTANTIATION, FORCE_RESEED, RESERVED3);
DEFINE_SE_REG_TWO_BIT_ENUM(RNG_CONFIG_SRC, 2, NONE, ENTROPY, LFSR, RESERVED3);
/* SE_RNG_SRC_CONFIG */
DEFINE_SE_REG_BIT_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE_LOCK, 0, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE, 1, DISABLE, ENABLE);
DEFINE_SE_REG_BIT_ENUM(RNG_SRC_CONFIG_HW_DISABLE_CYA, 2, DISABLE, ENABLE);
DEFINE_SE_REG(RNG_SRC_CONFIG_RO_ENTROPY_SUBSAMPLE, 4, 3);
DEFINE_SE_REG(RNG_SRC_CONFIG_RO_ENTROPY_DATA_FLUSH, 8, 1);
}

View File

@@ -1,162 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
constexpr inline int RngReseedInterval = 70001;
void ConfigRng(volatile SecurityEngineRegisters *SE, SE_CONFIG_DST dst, SE_RNG_CONFIG_MODE mode) {
/* Configure the engine to do RNG encryption. */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM (CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM (CONFIG_ENC_ALG, RNG),
SE_REG_BITS_ENUM (CONFIG_DEC_ALG, NOP),
SE_REG_BITS_VALUE(CONFIG_DST, dst));
reg::Write(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_CORE_SEL, ENCRYPT),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, RANDOM),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
/* Configure the RNG to use Entropy as source. */
reg::Write(SE->SE_RNG_CONFIG, SE_REG_BITS_ENUM(RNG_CONFIG_SRC, ENTROPY), SE_REG_BITS_VALUE(RNG_CONFIG_MODE, mode));
}
void InitializeRandom(volatile SecurityEngineRegisters *SE) {
/* Lock the entropy source. */
reg::Write(SE->SE_RNG_SRC_CONFIG, SE_REG_BITS_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE, ENABLE),
SE_REG_BITS_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE_LOCK, ENABLE));
/* Set the reseed interval to force a reseed every 70000 blocks. */
SE->SE_RNG_RESEED_INTERVAL = RngReseedInterval;
/* Initialize the DRBG. */
{
u8 dummy_buf[AesBlockSize];
/* Configure the engine to force drbg instantiation by writing random to memory. */
ConfigRng(SE, SE_CONFIG_DST_MEMORY, SE_RNG_CONFIG_MODE_FORCE_INSTANTIATION);
/* Configure to do a single RNG block operation to trigger DRBG init. */
SE->SE_CRYPTO_LAST_BLOCK = 0;
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dummy_buf, sizeof(dummy_buf), nullptr, 0);
}
}
void GenerateSrk(volatile SecurityEngineRegisters *SE) {
/* Configure the RNG to output to SRK and force a reseed. */
ConfigRng(SE, SE_CONFIG_DST_SRK, SE_RNG_CONFIG_MODE_FORCE_RESEED);
/* Configure a single block operation. */
SE->SE_CRYPTO_LAST_BLOCK = 0;
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
}
}
void InitializeRandom() {
/* Initialize random for SE1. */
InitializeRandom(GetRegisters());
/* If we have SE2, initialize random for SE2. */
/* NOTE: Nintendo's implementation of this is incorrect. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
InitializeRandom(GetRegisters2());
}
}
void GenerateRandomBytes(void *dst, size_t size) {
/* If we're not generating any bytes, there's nothing to do. */
if (size == 0) {
return;
}
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine how many blocks to generate. */
const size_t num_blocks = size / AesBlockSize;
const size_t aligned_size = num_blocks * AesBlockSize;
const size_t fractional = size - aligned_size;
/* Configure the RNG to generate random to memory. */
ConfigRng(SE, SE_CONFIG_DST_MEMORY, SE_RNG_CONFIG_MODE_NORMAL);
/* Generate as many aligned blocks as we can. */
if (aligned_size > 0) {
/* Configure the engine to generate the right number of blocks. */
SE->SE_CRYPTO_LAST_BLOCK = num_blocks - 1;
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, aligned_size, nullptr, 0);
}
/* Generate a single block to output. */
if (fractional > 0) {
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, fractional, nullptr, 0);
}
}
void SetRandomKey(int slot) {
/* NOTE: Nintendo does not validate the destination keyslot here. */
/* Get the engine. */
auto *SE = GetRegisters();
/* Configure the RNG to output to the keytable. */
ConfigRng(SE, SE_CONFIG_DST_KEYTABLE, SE_RNG_CONFIG_MODE_NORMAL);
/* Configure the keytable destination to be the low part of the key. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_0_3));
/* Configure a single block operation. */
SE->SE_CRYPTO_LAST_BLOCK = 0;
/* Execute the operation to generate a random low-part of the key. */
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
/* Configure the keytable destination to be the high part of the key. */
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_4_7));
/* Execute the operation to generate a random high-part of the key. */
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
}
void GenerateSrk() {
/* Generate SRK for SE1. */
GenerateSrk(GetRegisters());
/* If we have SE2, generate SRK for SE2. */
/* NOTE: Nintendo's implementation of this is incorrect. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
GenerateSrk(GetRegisters2());
}
}
}

View File

@@ -1,230 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
struct RsaKeyInfo {
int modulus_size_val;
int exponent_size_val;
};
constinit RsaKeyInfo g_rsa_key_infos[RsaKeySlotCount] = {};
void ClearRsaKeySlot(volatile SecurityEngineRegisters *SE, int slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL expmod) {
constexpr int NumWords = se::RsaSize / sizeof(u32);
for (int i = 0; i < NumWords; ++i) {
/* Select the keyslot word. */
reg::Write(SE->SE_RSA_KEYTABLE_ADDR, SE_REG_BITS_ENUM (RSA_KEYTABLE_ADDR_INPUT_MODE, REGISTER),
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_KEY_SLOT, slot),
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_EXPMOD_SEL, expmod),
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_WORD_ADDR, i));
/* Clear the keyslot word. */
SE->SE_RSA_KEYTABLE_DATA = 0;
}
}
void SetRsaKey(volatile SecurityEngineRegisters *SE, int slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL expmod, const void *key, size_t key_size) {
const int num_words = key_size / sizeof(u32);
for (int i = 0; i < num_words; ++i) {
/* Select the keyslot word. */
reg::Write(SE->SE_RSA_KEYTABLE_ADDR, SE_REG_BITS_ENUM (RSA_KEYTABLE_ADDR_INPUT_MODE, REGISTER),
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_KEY_SLOT, slot),
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_EXPMOD_SEL, expmod),
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_WORD_ADDR, i));
/* Get the word. */
const u32 word = util::LoadBigEndian(static_cast<const u32 *>(key) + (num_words - 1 - i));
/* Write the keyslot word. */
SE->SE_RSA_KEYTABLE_DATA = word;
}
}
void GetRsaResult(volatile SecurityEngineRegisters *SE, void *dst, size_t size) {
/* Copy out the words. */
const int num_words = size / sizeof(u32);
for (int i = 0; i < num_words; ++i) {
const u32 word = reg::Read(SE->SE_RSA_OUTPUT[i]);
util::StoreBigEndian(static_cast<u32 *>(dst) + num_words - 1 - i, word);
}
}
void WaitForInputReadComplete(volatile SecurityEngineRegisters *SE) {
while (reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_IN_DONE, CLEAR))) { /* ... */ }
}
}
void ClearRsaKeySlot(int slot) {
/* Validate the key slot. */
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
/* Clear the info. */
g_rsa_key_infos[slot] = {};
/* Get the engine. */
auto *SE = GetRegisters();
/* Clear the modulus. */
ClearRsaKeySlot(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_MODULUS);
/* Clear the exponent. */
ClearRsaKeySlot(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_EXPONENT);
}
void LockRsaKeySlot(int slot, u32 flags) {
/* Validate the key slot. */
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Set non per-key flags. */
if ((flags & ~KeySlotLockFlags_PerKey) != 0) {
/* Pack the flags into the expected format. */
u32 value = 0;
value |= ((flags & KeySlotLockFlags_KeyRead) == 0) ? (1u << 0) : 0;
value |= ((flags & KeySlotLockFlags_KeyRead) == 0) ? (1u << 1) : 0;
value |= ((flags & KeySlotLockFlags_KeyRead) == 0) ? (1u << 2) : 0;
reg::Write(SE->SE_RSA_KEYTABLE_ACCESS[slot], SE_REG_BITS_ENUM_SEL(RSA_KEYTABLE_ACCESS_KEYREAD, (flags & KeySlotLockFlags_KeyRead) != 0, DISABLE, ENABLE),
SE_REG_BITS_ENUM_SEL(RSA_KEYTABLE_ACCESS_KEYUPDATE, (flags & KeySlotLockFlags_KeyWrite) != 0, DISABLE, ENABLE),
SE_REG_BITS_ENUM_SEL(RSA_KEYTABLE_ACCESS_KEYUSE, (flags & KeySlotLockFlags_KeyUse) != 0, DISABLE, ENABLE));
}
/* Set per-key flag. */
if ((flags & KeySlotLockFlags_PerKey) != 0) {
reg::ReadWrite(SE->SE_RSA_SECURITY_PERKEY, REG_BITS_VALUE(slot, 1, 0));
}
}
void SetRsaKey(int slot, const void *mod, size_t mod_size, const void *exp, size_t exp_size) {
/* Validate the key slot and sizes. */
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
AMS_ABORT_UNLESS(mod_size <= RsaSize);
AMS_ABORT_UNLESS(exp_size <= RsaSize);
/* Set the sizes in the info. */
auto &info = g_rsa_key_infos[slot];
info.modulus_size_val = (mod_size / 64) - 1;
info.exponent_size_val = (exp_size / 4);
/* Get the engine. */
auto *SE = GetRegisters();
/* Set the modulus and exponent. */
SetRsaKey(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_MODULUS, mod, mod_size);
SetRsaKey(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_EXPONENT, exp, exp_size);
}
void ModularExponentiate(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
/* Validate the slot and sizes. */
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
AMS_ABORT_UNLESS(src_size <= RsaSize);
AMS_ABORT_UNLESS(dst_size <= RsaSize);
/* Get the engine. */
auto *SE = GetRegisters();
/* Create a work buffer. */
u8 work[RsaSize];
util::ClearMemory(work, sizeof(work));
/* Copy the input into the work buffer (reversing endianness). */
const u8 *src_u8 = static_cast<const u8 *>(src);
for (size_t i = 0; i < src_size; ++i) {
work[src_size - 1 - i] = src_u8[i];
}
/* Flush the work buffer to ensure the SE sees correct results. */
hw::FlushDataCache(work, sizeof(work));
hw::DataSynchronizationBarrierInnerShareable();
/* Configure the engine to perform RSA encryption. */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, RSA),
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
SE_REG_BITS_ENUM(CONFIG_DST, RSA_REG));
/* Configure the engine to use the keyslot and correct modulus/exp sizes. */
const auto &info = g_rsa_key_infos[slot];
reg::Write(SE->SE_RSA_CONFIG, SE_REG_BITS_VALUE(RSA_CONFIG_KEY_SLOT, slot));
reg::Write(SE->SE_RSA_KEY_SIZE, info.modulus_size_val);
reg::Write(SE->SE_RSA_EXP_SIZE, info.exponent_size_val);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, work, src_size);
/* Copy out the result. */
GetRsaResult(SE, dst, dst_size);
}
void ModularExponentiateAsync(int slot, const void *src, size_t src_size, DoneHandler handler) {
/* Validate the slot and size. */
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
AMS_ABORT_UNLESS(src_size <= RsaSize);
/* Get the engine. */
auto *SE = GetRegisters();
/* Create a work buffer. */
u8 work[RsaSize];
util::ClearMemory(work, sizeof(work));
/* Copy the input into the work buffer (reversing endianness). */
const u8 *src_u8 = static_cast<const u8 *>(src);
for (size_t i = 0; i < src_size; ++i) {
work[src_size - 1 - i] = src_u8[i];
}
/* Flush the work buffer to ensure the SE sees correct results. */
hw::FlushDataCache(work, sizeof(work));
hw::DataSynchronizationBarrierInnerShareable();
/* Configure the engine to perform RSA encryption. */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, RSA),
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
SE_REG_BITS_ENUM(CONFIG_DST, RSA_REG));
/* Configure the engine to use the keyslot and correct modulus/exp sizes. */
const auto &info = g_rsa_key_infos[slot];
reg::Write(SE->SE_RSA_CONFIG, SE_REG_BITS_VALUE(RSA_CONFIG_KEY_SLOT, slot));
reg::Write(SE->SE_RSA_KEY_SIZE, info.modulus_size_val);
reg::Write(SE->SE_RSA_EXP_SIZE, info.exponent_size_val);
/* Set the done handler. */
SetDoneHandler(SE, handler);
/* Trigger the input operation. */
StartInputOperation(SE, work, src_size);
/* Wait for input to be read by the se. */
WaitForInputReadComplete(SE);
}
void GetRsaResult(void *dst, size_t dst_size) {
GetRsaResult(GetRegisters(), dst, dst_size);
}
}

View File

@@ -1,354 +0,0 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "se_execute.hpp"
namespace ams::se {
namespace {
constexpr inline size_t SE1ContextSaveOperationCount = 133;
constexpr inline size_t SE2ContextSaveOperationCount = 646;
static_assert(((SE1ContextSaveOperationCount - 2) + 1) * se::AesBlockSize == sizeof(se::Context));
constinit const u8 FixedPattern[AesBlockSize] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
bool TestRegister(volatile u32 &r, u16 v) {
return (static_cast<u16>(reg::Read(r))) == v;
}
void ExecuteContextSaveOperation(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size) {
/* Save the output to a temporary buffer. */
util::AlignedBuffer<hw::DataCacheLineSize, AesBlockSize> temp;
AMS_ABORT_UNLESS(dst_size <= AesBlockSize);
/* Ensure that the cpu and SE see consistent data. */
if (src_size > 0) {
hw::FlushDataCache(src, src_size);
hw::DataSynchronizationBarrierInnerShareable();
}
if (dst_size > 0) {
hw::FlushDataCache(temp, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
}
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_CTX_SAVE, temp, dst_size, src, src_size);
/* Copy output from the operation, if any. */
if (dst_size > 0) {
hw::DataSynchronizationBarrierInnerShareable();
hw::FlushDataCache(temp, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
std::memcpy(dst, temp, dst_size);
}
}
void SaveContextBlock(volatile SecurityEngineRegisters *SE, void *dst) {
/* Configure to encrypt a single block. */
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
/* Execute the operation. */
ExecuteContextSaveOperation(SE, dst, AesBlockSize, nullptr, 0);
}
void ConfigureForAutomaticContextSave(volatile SecurityEngineRegisters *SE) {
/* Configure the engine to do RNG encryption. */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, RNG),
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
SE_REG_BITS_ENUM(CONFIG_DST, MEMORY));
reg::Write(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_CORE_SEL, ENCRYPT),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, RANDOM),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
}
void WaitAutomaticContextSaveDone(volatile SecurityEngineRegisters *SE) {
/* Wait for operation. */
while (!reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_SE_OP_DONE, ACTIVE))) { /* ... */ }
/* Wait for the engine to be idle. */
while (!reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_STATE, IDLE))) { /* ... */ }
/* Wait for the memory interface to be idle. */
while (!reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_MEM_INTERFACE, IDLE))) { /* ... */ }
}
void ValidateErrStatus(volatile SecurityEngineRegisters *SE) {
/* Ensure there is no error status. */
AMS_ABORT_UNLESS(reg::Read(SE->SE_ERR_STATUS) == 0);
/* Ensure no error occurred. */
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_ERR_STAT, CLEAR)));
}
}
bool ValidateStickyBits(const StickyBits &bits) {
/* Get the registers. */
auto *SE = GetRegisters();
/* Check SE_SECURITY. */
if (!TestRegister(SE->SE_SE_SECURITY, bits.se_security)) { return false; }
/* Check TZRAM_SECURITY. */
if (!TestRegister(SE->SE_TZRAM_SECURITY, bits.tzram_security)) { return false; }
/* Check CRYPTO_SECURITY_PERKEY. */
if (!TestRegister(SE->SE_CRYPTO_SECURITY_PERKEY, bits.crypto_security_perkey)) { return false; }
/* Check CRYPTO_KEYTABLE_ACCESS. */
for (int i = 0; i < AesKeySlotCount; ++i) {
if (!TestRegister(SE->SE_CRYPTO_KEYTABLE_ACCESS[i], bits.crypto_keytable_access[i])) { return false; }
}
/* Test RSA_SECURITY_PERKEY */
if (!TestRegister(SE->SE_RSA_SECURITY_PERKEY, bits.rsa_security_perkey)) { return false; }
/* Check RSA_KEYTABLE_ACCESS. */
for (int i = 0; i < RsaKeySlotCount; ++i) {
if (!TestRegister(SE->SE_RSA_KEYTABLE_ACCESS[i], bits.rsa_keytable_access[i])) { return false; }
}
/* All sticky bits are valid. */
return true;
}
void SaveContext(Context *dst) {
/* Get the registers. */
auto *SE = GetRegisters();
/* Generate a random srk. */
GenerateSrk();
/* Save a randomly-generated block. */
{
util::AlignedBuffer<hw::DataCacheLineSize, AesBlockSize> random_block;
/* Flush the region we're about to fill to ensure consistency with the SE. */
hw::FlushDataCache(random_block, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
/* Generate random bytes. */
GenerateRandomBytes(random_block, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
/* Flush to ensure the CPU sees consistent data for the region. */
hw::FlushDataCache(random_block, AesBlockSize);
hw::DataSynchronizationBarrierInnerShareable();
/* Configure to encrypt the random block to memory. */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, AES_ENC),
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
SE_REG_BITS_ENUM(CONFIG_DST, MEMORY));
/* Configure to context save using memory as source. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM(CTX_SAVE_CONFIG_SRC, MEM));
/* Configure to encrypt a single block. */
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
/* Execute the operation. */
ExecuteContextSaveOperation(SE, dst->random, AesBlockSize, random_block, AesBlockSize);
}
/* Save the sticky bits. */
for (size_t i = 0; i < util::size(dst->sticky_bits); ++i) {
/* Configure to encrypt the sticky bits block. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, STICKY_BITS),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_STICKY_WORD_QUAD, i));
/* Save the block. */
SaveContextBlock(SE, dst->sticky_bits[i]);
}
/* Save the aes keytable. */
{
for (size_t key = 0; key < util::size(dst->aes_key); ++key) {
for (auto part = 0; part < AesKeySlotPartCount; ++part) {
/* Configure to encrypt the part of the key. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, AES_KEYTABLE),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_KEY_INDEX, key),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_WORD_QUAD, part));
/* Save the block. */
SaveContextBlock(SE, dst->aes_key[key][part]);
}
}
for (size_t key = 0; key < util::size(dst->aes_oiv); ++key) {
/* Configure to encrypt the original iv. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, AES_KEYTABLE),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_KEY_INDEX, key),
SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_AES_WORD_QUAD, ORIGINAL_IVS));
/* Save the block. */
SaveContextBlock(SE, dst->aes_oiv[key]);
}
for (size_t key = 0; key < util::size(dst->aes_uiv); ++key) {
/* Configure to encrypt the updated iv. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, AES_KEYTABLE),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_KEY_INDEX, key),
SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_AES_WORD_QUAD, UPDATED_IVS));
/* Save the block. */
SaveContextBlock(SE, dst->aes_uiv[key]);
}
}
/* Save the rsa keytable. */
for (size_t key = 0; key < util::size(dst->rsa_key); ++key) {
for (auto part = 0; part < RsaKeySlotPartCount; ++part) {
/* Note that the parts are done in reverse order. */
const auto part_index = RsaKeySlotPartCount - 1 - part;
/* Determine a total key index. */
const auto key_index = key * util::size(dst->rsa_key) + part_index;
for (size_t block = 0; block < RsaSize / AesBlockSize; ++block) {
/* Configure to encrypt the part of the key. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, RSA_KEYTABLE),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_RSA_KEY_INDEX, key_index),
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_RSA_WORD_QUAD, block));
/* Save the block. */
SaveContextBlock(SE, dst->rsa_key[key][part][block]);
}
}
}
/* Save the fixed pattern. */
{
/* Configure to context save using memory as source. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM(CTX_SAVE_CONFIG_SRC, MEM));
/* Configure to encrypt a single block. */
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
/* Execute the operation. */
ExecuteContextSaveOperation(SE, dst->fixed_pattern, AesBlockSize, FixedPattern, AesBlockSize);
}
/* Save the srk. */
{
/* Configure to context save using srk as source. */
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM(CTX_SAVE_CONFIG_SRC, SRK));
/* Configure to encrypt a single block. */
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
/* Execute the operation. */
ExecuteContextSaveOperation(SE, nullptr, 0, nullptr, 0);
}
/* Perform a no-op context save operation. */
{
/* Configure to perform no-op. */
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_ALG, NOP),
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP));
/* Execute the operation. */
ExecuteContextSaveOperation(SE, nullptr, 0, nullptr, 0);
}
}
void ConfigureAutomaticContextSave() {
/* Get registers. */
auto *SE = GetRegisters();
auto *SE2 = GetRegisters2();
/* Automatic context save is supported only on mariko. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
/* Configure SE1 to do automatic context save. */
reg::Write(SE->SE_CTX_SAVE_AUTO, SE_REG_BITS_ENUM(CTX_SAVE_AUTO_ENABLE, YES),
SE_REG_BITS_ENUM(CTX_SAVE_AUTO_LOCK, YES));
/* Configure SE2 to do automatic context save. */
reg::Write(SE2->SE_CTX_SAVE_AUTO, SE_REG_BITS_ENUM(CTX_SAVE_AUTO_ENABLE, YES),
SE_REG_BITS_ENUM(CTX_SAVE_AUTO_LOCK, YES));
}
}
void SaveContextAutomatic() {
/* Get registers. */
auto *SE = GetRegisters();
auto *SE2 = GetRegisters2();
/* Ensure there's no error status before or after we save context. */
ValidateErrStatus();
ON_SCOPE_EXIT { ValidateErrStatus(); };
/* Perform atomic context save. */
{
/* Check that context save has not already been performed. */
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, 0)));
AMS_ABORT_UNLESS(reg::HasValue(SE2->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, 0)));
/* Configure SE1 to do context save. */
ConfigureForAutomaticContextSave(SE);
ConfigureForAutomaticContextSave(SE2);
/* Start the context save operation. */
reg::Write(SE->SE_OPERATION, SE_REG_BITS_ENUM(OPERATION_OP, CTX_SAVE));
reg::Write(SE2->SE_OPERATION, SE_REG_BITS_ENUM(OPERATION_OP, CTX_SAVE));
/* Wait for the context save operation to complete. */
WaitAutomaticContextSaveDone(SE);
WaitAutomaticContextSaveDone(SE2);
/* Check that the correct sizes were written. */
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, SE1ContextSaveOperationCount)));
AMS_ABORT_UNLESS(reg::HasValue(SE2->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, SE2ContextSaveOperationCount)));
}
}
void SaveTzramAutomatic() {
/* Get registers. */
auto *SE = GetRegisters();
/* Begin save-to-shadow-tzram operation. */
reg::Write(SE->SE_TZRAM_OPERATION, SE_REG_BITS_ENUM(TZRAM_OPERATION_MODE, SAVE),
SE_REG_BITS_ENUM(TZRAM_OPERATION_REQ, INITIATE));
/* Wait for operation to complete. */
while (reg::HasValue(SE->SE_TZRAM_OPERATION, SE_REG_BITS_ENUM(TZRAM_OPERATION_BUSY, YES))) { /* ... */ }
}
void ValidateErrStatus() {
/* Ensure SE has no error status. */
ValidateErrStatus(GetRegisters());
/* If on mariko, ensure SE2 has no error status. */
if (fuse::GetSocType() == fuse::SocType_Mariko) {
ValidateErrStatus(GetRegisters2());
}
}
}