333
edits
Changes
no edit summary
RAM:00000000 ; 6: 0x4103df2b 0x00108206 0x0000df2b : svc #0x2b (offset 0x9e)
RAM:00000000 ; 6: 0x4103df2b 0x00108206 0x0000df2b : svc #0x2b (offset 0x9e)
RAM:00000000 ; 7: 0x495c0060 0x001092b8 0x00000060 : lsls r0, r4, #1
RAM:00000000 ; 7: 0x495c0060 0x001092b8 0x00000060 : lsls r0, r4, #1
RAM:00000000 ; 8: 0x62e3ef5b 0x0010c5c6 0x0000ef5b
RAM:00000000 ; 8: 0x62e3ef5b 0x0010c5c6 0x0000ef5b : svc #0x5b (offset 0xfe)
RAM:00000000 ; 9: 0x10d1df6a 0x001021a2 0x0000df6a : svc #0x6a (offset 0x11c)
RAM:00000000 ; 9: 0x10d1df6a 0x001021a2 0x0000df6a : svc #0x6a (offset 0x11c)
RAM:00000004 MOV R2, LR
RAM:00000004 MOV R2, LR
RAM:000000FE
RAM:000000FE
RAM:000000FE
RAM:000000FE
RAM:000000FE sub_FE
RAM:000000FE sub_FE ; 8: 0x62e3ef5b 0x0010c5c6 0x0000ef5b : svc #0x5b (offset 0xfe)
RAM:000000FE POP {R2}
RAM:000000FE POP {R2}
RAM:00000100 MOV R4, SP
RAM:00000100 MOV R4, SP
return;
return;
</syntaxhighlight>
</syntaxhighlight>
==== IROM patch 1 ====
This patch stubs the function responsible for disabling read access for the SE AES keyslots.
Due to a programming mistake, when loading the OEM AES keys the aforementioned function would be called with the wrong arguments. The patch prevents this by simply stubbing the function altogether, which is only acceptable because the Mariko's SE hardware already boots with keyslot reading permanently disabled.
==== IROM patch 2 ====
This patch forces the function responsible for checking if SE context atomic save is enabled (by checking a fuse) to always return true.
Some Mariko units have been found to not have the relevant fuse bit (bit 7 in [[#FUSE_BOOT_SECURITY_INFO|FUSE_BOOT_SECURITY_INFO]]) burned, so the patch serves as a workaround for this.
==== IROM patch 3 ====
This patch forces a jump to the same routine used by [[#IROM_patch_0_2|IROM patch 0]] if loading a bootloader failed.
By setting all IRAM memory from 0x4000FC20 to 0x40040000 to 0xEAFFFFFE, a bootloader that somehow failed validation is effectively erased from memory.
==== IROM patch 4 ====
This patch stores a stack cookie (value 0x5A55F0E1) after a RCM message is received and before it's validated.
==== IROM patch 5 ====
This patch checks the stack cookie stored by [[#IROM_patch_4_2|IROM patch 4]] right after a RCM message is validated.
If the stack cookie's value is still 0x5A55F0E1, the bootrom jumps to a panic. If it changed to anything other than 0, the same routine used by [[#IROM_patch_0_2|IROM patch 0]] is called. Presumably, this is an attempt at mitigating fault injection attacks against skipping the validation of RCM messages.
==== IROM patch 6 ====
This patch sanitizes the crypto context right before receiving a RCM message.
<syntaxhighlight lang="c">
u32 FUSE_PRIVATEKEYDISABLE = 0x7000F828;
u32 SE1_CRYPTO_KEYTABLE_ADDR = 0x7001231C;
u32 SE2_CRYPTO_KEYTABLE_ADDR = 0x7041231C;
u32 SE1_CRYPTO_KEYTABLE_DATA = 0x70012320;
u32 SE2_CRYPTO_KEYTABLE_DATA = 0x70412320;
// Hide the private key fuses
*(u32 *)FUSE_PRIVATEKEYDISABLE = 0x1;
u32 crypto_keytable_val = 0xE0;
// Clear SE1/SE2 keyslot 0xE (contains the SBK)
for (int i = 0; i < 0x7; i++) {
*(u32 *)SE1_CRYPTO_KEYTABLE_ADDR = crypto_keytable_val;
*(u32 *)SE1_CRYPTO_KEYTABLE_DATA = 0;
*(u32 *)SE2_CRYPTO_KEYTABLE_ADDR = crypto_keytable_val;
*(u32 *)SE2_CRYPTO_KEYTABLE_DATA = 0;
crypto_keytable_val++;
}
crypto_keytable_val = 0xF0;
// Clear SE1/SE2 keyslot 0xF (contains the SSK)
for (int i = 0; i < 0x07; i++) {
*(u32 *)SE1_CRYPTO_KEYTABLE_ADDR = crypto_keytable_val;
*(u32 *)SE1_CRYPTO_KEYTABLE_DATA = 0;
*(u32 *)SE2_CRYPTO_KEYTABLE_ADDR = crypto_keytable_val;
*(u32 *)SE2_CRYPTO_KEYTABLE_DATA = 0;
crypto_keytable_val++;
}
crypto_keytable_val = 0xC0;
// Clear SE1/SE2 keyslot 0xC (contains the KEK)
for (int i = 0; i < 0x7; i++) {
*(u32 *)SE1_CRYPTO_KEYTABLE_ADDR = crypto_keytable_val;
*(u32 *)SE1_CRYPTO_KEYTABLE_DATA = 0;
*(u32 *)SE2_CRYPTO_KEYTABLE_ADDR = crypto_keytable_val;
*(u32 *)SE2_CRYPTO_KEYTABLE_DATA = 0;
crypto_keytable_val++;
}
u8 se_instance = 0; // SE1
u8 se_src_key_slot = 0xD;
u8 se_src_key_size = 0; // 128 bits
u8 se_dst_key_slot = 0xD;
u8 se_dst_key_size = 0; // 128 bits
u8 *se_src_key_data = 0x40004164;
// Overwrite SE1 keyslot 0xD (contains the BEK)
se_decrypt_key_into_key_slot(se_instance, se_src_key_slot, se_src_key_size, se_dst_key_slot, se_dst_key_size, se_src_key_data);
se_instance = 1; // SE2
// Overwrite SE2 keyslot 0xD (contains the BEK)
se_decrypt_key_into_key_slot(se_instance, se_src_key_slot, se_src_key_size, se_dst_key_slot, se_dst_key_size, se_src_key_data);
/*
Untranslated instructions:
LDR R0, =0x4000FC20
MOV R8, R0
*/
return;
</syntaxhighlight>
==== IROM patch 7 ====
This patch doubles the maximum value passed to the function responsible for generating random numbers with the SE. These values are then used for randomizing the duration of wait loops scattered around the bootrom.
==== IROM patch 8 ====
This patch forces memcpy to always fall outside of current stack limits.
==== IROM patch 9 ====
This patch forces TZRAM to be cleared on any boot type (instead of clearing it only on coldboot).
= Anti-downgrade =
= Anti-downgrade =
| 17.0.0-18.1.0
| 17.0.0-18.1.0
| 19
| 19
| 1
|-
| 19.0.0-19.0.1
| 20
| 1
| 1
|}
|}