TSEC: Difference between revisions - Nintendo Switch Brew

Line 5,302:

On boot, every crypto register has an ACL value of 0x1F.

In HS mode, [[#STORE|STORE]] can always write to a crypto register ~~and resets its ACL value back to 0x1F~~. In NS ~~mode~~, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.

In HS mode, [[#STORE|STORE]] can always write to a crypto register. In NS and LS modes, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.

In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS ~~mode~~, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.

In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS and LS modes, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.

Loading a secret into a crypto register sets a per-secret ACL, unconditionally.

Line 5,319:

==== Insecure Keyable ====

Controls if a crypto register can be used as key in NS ~~mode~~.

Controls if a crypto register can be used as key in NS and LS modes.

Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access.

==== Insecure Readable ====

Controls if a crypto register can be read in NS ~~mode~~.

Controls if a crypto register can be read in NS and LS modes.

This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access.

==== Insecure Writeable ====

Controls if a crypto register can be written to in NS ~~mode~~.

Controls if a crypto register can be written to in NS and LS modes.

This access mode has no effect in HS mode.

@@ Line 5,302: / Line 5,302: @@
 On boot, every crypto register has an ACL value of 0x1F.
-In HS mode, [[#STORE|STORE]] can always write to a crypto register and resets its ACL value back to 0x1F. In NS mode, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.
+In HS mode, [[#STORE|STORE]] can always write to a crypto register. In NS and LS modes, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.
-In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.
+In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS and LS modes, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.
 Loading a secret into a crypto register sets a per-secret ACL, unconditionally.
@@ Line 5,319: / Line 5,319: @@
 ==== Insecure Keyable ====
-Controls if a crypto register can be used as key in NS mode.
+Controls if a crypto register can be used as key in NS and LS modes.
 Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access.
 ==== Insecure Readable ====
-Controls if a crypto register can be read in NS mode.
+Controls if a crypto register can be read in NS and LS modes.
 This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access.
 ==== Insecure Writeable ====
-Controls if a crypto register can be written to in NS mode.
+Controls if a crypto register can be written to in NS and LS modes.
 This access mode has no effect in HS mode.