TSEC: Difference between revisions

← Older edit Newer edit →

@@ Line 435: / Line 435: @@
   // fuc5 crypt cxset instruction
-  // Set crypto transfer mode
+  // Clear overrides?
-  *(u32 *)cx = 0x80;
+  cxset(0x80);
   // fuc5 crypt cauth instruction
-  *(u32 *)cauth &= 0x7FFFF;
+  // Clear auth_addr
+ cauth(old_cauth & 0x7FFFF);
   // Set the target port for memory transfers
-  // Target will now be 0 (crypto)
+  // Target will now be 0 (crypto?)
   xtargets(0);
@@ Line 452: / Line 453: @@
   // fuc5 crypt cxset instruction
-  // Set crypto transfer mode
+  // The next 2 xfer instructions will be overridden
-  *(u32 *)cx = 0x02;
+ // and target changes from DMA to crypto
+  cxset(0x02);
-  // Transfer data from/to Falcon
+  // Transfer data to crypto register c0
-  // This should clear all previous hashes
+  // This should clear any leftover data
   xdst(0, 0);
@@ Line 462: / Line 464: @@
   xdwait();
-  // Clear crypto registers
+  // Clear all crypto registers, except c6 which is used for auth
   *(u32 *)c0 ^= *(u32 *)c0;
   *(u32 *)c1 = *(u32 *)c0;
@@ Line 496: / Line 498: @@
   load_stage2(key_buf, key_version, is_blob_dec);
-  // Clear crypto registers
+ // Partially unknown fuc5 instruction
+ // Likely forces propagation of permissions, hiding all cX registers
+ acl_chmod(c0, c0);
+  // Clear all crypto registers and propagate permissions
   *(u32 *)c0 ^= *(u32 *)c0;
   *(u32 *)c1 ^= *(u32 *)c1;
@@ Line 506: / Line 512: @@
   *(u32 *)c7 ^= *(u32 *)c7;
-  // Signal unknown engine
+  // Exit Authenticated Mode
   *(u32 *)0x00010300 = 0;