Nintendo Switch Brew

Secure Monitor: Difference between revisions

← Older edit
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Secure Monitor Calls =
= SMC =
The secure monitor provides two top level handlers of which each provides a range of sub handlers.
The secure monitor provides two top level handlers of which each provides a range of sub handlers.


Line 204: Line 204:
| 1 || [[#DisableProgramVerification]]
| 1 || [[#DisableProgramVerification]]
|-
|-
| 2 || [[#DramId]]
| 2 || [S1] [[#DramId]]
|-
|-
| 3 || [[#SecurityEngineInterruptNumber]]
| 3 || [[#SecurityEngineInterruptNumber]]
|-
|-
| 4 || [[#FuseVersion]]
| 4 || [S1] [[#FuseVersion]]
|-
|-
| 5 || [[#HardwareType]]
| 5 || [[#HardwareType]]
Line 214: Line 214:
| 6 || [[#HardwareState]]
| 6 || [[#HardwareState]]
|-
|-
| 7 || [[#IsRecoveryBoot]]
| 7 || [S1] [[#IsRecoveryBoot]]
|-
|-
| 8 || [[#DeviceId]]
| 8 || [[#DeviceId]]
Line 226: Line 226:
| 12 || [[#KernelConfiguration]]
| 12 || [[#KernelConfiguration]]
|-
|-
| 13 || [[#IsChargerHiZModeEnabled]]
| 13 || [S1] [[#IsChargerHiZModeEnabled]]
|-
|-
| 14 || [4.0.0+] [[#QuestState]]
| 14 || [4.0.0+] [[#RetailInteractiveDisplayState]]
|-
|-
| 15 || [5.0.0+] [[#RegulatorType]]
| 15 || [S1] [5.0.0+] [[#RegulatorType]]
|-
|-
| 16 || [5.0.0+] [[#DeviceUniqueKeyGeneration]]
| 16 || [5.0.0+] [[#DeviceUniqueKeyGeneration]]
|-
|-
| 17 || [5.0.0+] [[#Package2Hash]]
| 17 || [5.0.0+] [[#Package2Hash]]
|-
| 18 || [S2]
|-
| 19 || [S2]
|-
| 256-280 || [S2] [[#Bcc]]
|}
|}


Line 334: Line 340:
|-
|-
| 29
| 29
| [15.0.0+] MarikoIowax1x2Samsung4gb
| [16.0.0+] MarikoIowaHynix1a4gb ([15.0.0-15.0.1] MarikoIowax1x2Samsung4gb)
|-
|-
| 30
| 30
| [15.0.0+] MarikoHoagx1x2Samsung4gb
| [16.0.0+] MarikoHoagHynix1a4gb ([15.0.0-15.0.1] MarikoHoagx1x2Samsung4gb)
|-
|-
| 31
| 31
| [15.0.0+] MarikoAulax1x2Samsung4gb
| [16.0.0+] MarikoAulaHynix1a4gb ([15.0.0-15.0.1] MarikoAulax1x2Samsung4gb)
|-
|-
| 32
| 32
| [15.0.0+] MarikoIowaSamsung4gbY
| [16.0.0+] MarikoIowaMicron1a4gb ([15.0.0-15.0.1] MarikoIowaSamsung4gbY)
|-
|-
| 33
| 33
| [15.0.0+] MarikoHoagSamsung4gbY
| [16.0.0+] MarikoHoagMicron1a4gb ([15.0.0-15.0.1] MarikoHoagSamsung4gbY)
|-
|-
| 34
| 34
| [15.0.0+] MarikoAulaSamsung4gbY
| [16.0.0+] MarikoAulaMicron1a4gb ([15.0.0-15.0.1] MarikoAulaSamsung4gbY)
|}
|}


Line 627: Line 633:
Hardware is '''Icosa''' (Erista retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 1 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 0.
Hardware is '''Icosa''' (Erista retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 1 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 0.


Hardware is '''Copper''' (Erista simulation) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1.
Hardware is '''Copper''' (unreleased Erista model) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1.


[4.0.0+] Hardware is '''Iowa''' (Mariko retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 1.
[4.0.0+] Hardware is '''Iowa''' (Mariko retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 1.
Line 633: Line 639:
[8.0.0+] Hardware is '''Hoag''' (Mariko Lite retail and HDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 2.
[8.0.0+] Hardware is '''Hoag''' (Mariko Lite retail and HDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 2.


[8.0.0+] Hardware is '''Calcio''' (Mariko simulation) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1.
[8.0.0+] Hardware is '''Calcio''' (unreleased Mariko model) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1.


[10.0.0+] Hardware is '''Aula''' (Mariko OLED Model retail and ADEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 4.
[10.0.0+] Hardware is '''Aula''' (Mariko OLED Model retail and ADEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 4.
Line 744: Line 750:
|-
|-
| 2
| 2
| PerformanceMonitoringUnit
| EnablePmuAccess
|-
|-
| 3
| 3
| [8.0.0+] EnableApplicationExtraThread
| [8.0.0+] EnableExtraThreadResourceAllocation
|-
| 4
| [13.0.0+] DisableDynamicSystemResourceAllocation
|-
|-
| 8
| 8
Line 762: Line 771:
'''EnableUserExceptionHandler''' is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).
'''EnableUserExceptionHandler''' is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).


'''PerformanceMonitoringUnit''' is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
'''EnablePmuAccess''' is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).


'''EnableApplicationExtraThread''' is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads.
'''EnableExtraThreadResourceAllocation''' is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads.


'''CallShowErrorOnPanic''' is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
'''CallShowErrorOnPanic''' is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
Line 773: Line 782:
This tells if the TI Charger (bq24192) is active.
This tells if the TI Charger (bq24192) is active.


===== QuestState =====
===== RetailInteractiveDisplayState =====
{| class=wikitable
{| class=wikitable
! Value || Description
! Value || Description
Line 819: Line 828:
===== Package2Hash =====
===== Package2Hash =====
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
===== Bcc =====
This is a 0x320 bytes buffer split across 25 items of 0x20 bytes each. When put together, these form a Boot Certificate Chain (BCC) for Switch 2 remote device attestation.
The format follows the [https://pigweed.googlesource.com/open-dice/+/HEAD/docs/specification.md Open Profile for DICE] from Google and includes the main DK_pub and the following entries (twice, likely for phases 2 and 3):
* codeHash (empty)
* configurationDescriptor ("Security version" set to 0)
* authorityHash (empty)
* mode ("Normal")
* keyUsage ("keyCertSign")
* subjectPublicKey (changes on reboot)


=== ShowError ===
=== ShowError ===
Retrieved from "https://switchbrew.org/wiki/Secure_Monitor"