Difference between revisions of "SPL services"
| Line 53: | Line 53: | ||
| 20 || || wrapper for [[SMC#KeygenAndSealZ|KeygenAndSealZ]] | | 20 || || wrapper for [[SMC#KeygenAndSealZ|KeygenAndSealZ]] | ||
|- | |- | ||
| − | | 21 || || | + | | 21 || [[#UninitializeSpl]] || |
|- | |- | ||
| − | | 22 || || | + | | 22 || [[#InitializeSpl]] || |
|- | |- | ||
| 23 || GetSplWaitEvent || | | 23 || GetSplWaitEvent || | ||
| Line 117: | Line 117: | ||
== DecryptExpModParamsWithXY == | == DecryptExpModParamsWithXY == | ||
Last SPL cmd used by [[SSL_services|SSL]]-sysmodule for TLS client-privk. | Last SPL cmd used by [[SSL_services|SSL]]-sysmodule for TLS client-privk. | ||
| + | |||
| + | == UninitializeSpl == | ||
| + | Returns a single u32 (always 3?) only once. | ||
| + | |||
| + | == InitializeSpl == | ||
| + | Takes a single u32 (always 3?) only once. | ||
Revision as of 18:42, 21 July 2017
csrng
| Cmd | Name |
|---|---|
| 0 | #GetRandomBytes |
GetRandomBytes
Takes a type-6 buffer and fills it with random data.
spl:
| Cmd | Name | Notes |
|---|---|---|
| 0 | #GetConfig | wrapper for GetConfig |
| 1 | user supplied modulus and exponent | |
| 2 | #GenerateAesKek | wrapper for KeygenAndSealX |
| 3 | LoadAesKey | wrapper for SetKeyslotFromXY |
| 4 | GenerateAesKey | decrypts 0x10 bytes using AES ECB, uses SetKeyslotFromXY with a fixed Y |
| 5 | #SetConfig | wrapper for SetConfig |
| 7 | GetRandom | uses PrngX931 |
| 9 | wrapper for ImportParamsForFWithXY | |
| 10 | wrapper for ExpMod | |
| 11 | #IsDevUnit | |
| 12 | GenerateSpecificAesKey | wrapper for KeygenA |
| 13 | #DecryptExpModParamsWithXY | wrapper for DecryptExpModParamsWithXY |
| 14 | decrypts 0x10 bytes using AES ECB, uses SetKeyslotFromXY with fixed X and Y | |
| 15 | DecryptAesCtr | wrapper for SymmetricCrypto |
| 16 | ComputeCmac | wrapper for CMAC |
| 17 | wrapper for ImportParamsFor10WithXY | |
| 18 | wrapper for ExpModAndKeygenAndSealZ | |
| 19 | wrapper for SetKeyslotFromZ | |
| 20 | wrapper for KeygenAndSealZ | |
| 21 | #UninitializeSpl | |
| 22 | #InitializeSpl | |
| 23 | GetSplWaitEvent |
GetConfig
Takes an input word (ConfigItem), and returns a u64 with the config params.
| ConfigItem | Name |
|---|---|
| 1 | DisableProgramVerification |
| 2 | MemoryConfiguration |
| 5 | HardwareType (0=Icosa, 1=Copper) |
| 6 | IsRetail |
| 7 | IsRecoveryBoot |
| 8 | DeviceId (byte7 clear). |
| 9 | BootReason |
| 10 | MemoryArrange |
| 11 | AllowSkippingNrrSignatures |
| 13 | BatteryProfile? |
Output from this when used by NIM must match the set:cal DeviceId with byte7 cleared, otherwise NIM will panic.
RO checks id11, if set then skipping NRR rsa signatures is allowed.
GenerateAesKek
Takes a 16-byte seed ("BisEncryptionKeySourceForKek") and two words ("KeyGeneration" and "option") as input. KeyGeneration ranges from 0 to 2.
Same input gives same output. Output changes when system is rebooted.
SetConfig
Takes two input words, a ConfigItem and the value to set.
| ConfigItem | Name |
|---|---|
| 13 | Battery profile? |
IsDevUnit
No input params.
Uses #GetConfig internally with id=6. Returns true if output from that is 0, or if the SMC returned error 2.
Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.
DecryptExpModParamsWithXY
Last SPL cmd used by SSL-sysmodule for TLS client-privk.
UninitializeSpl
Returns a single u32 (always 3?) only once.
InitializeSpl
Takes a single u32 (always 3?) only once.