Security Engine: Difference between revisions

From Nintendo Switch Brew
Jump to navigation Jump to search
← Older editNewer edit →
mNo edit summary
No edit summary
Line 1: Line 1:
The security engine (SE) is responsible for the crypto done on the switch. SE is mapped to physical address 0x70012000.
The Nintendo Switch uses Tegra's Security Engine (SE) for handling cryptographic opearations at the system's lowest level.


= SE registers =
The SE driver is mapped to physical address 0x70012000 with a total size of 0x2000 bytes and exposes several registers for programming the Security Engine.
 
= Registers =
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Register
! Name
! Offset
! Address
|-
| OPERATION_REG_OFFSET
| 0x008
|-
| INT_ENABLE_REG_OFFSET
| 0x00C
|-
| INT_STATUS_REG_OFFSET
| 0x010
|-
| CONFIG_REG_OFFSET
| 0x014
|-
|-
| IN_LL_ADDR_REG_OFFSET
| SE_OPERATION_UNK0
| 0x018
| 0x70012000
|-
|-
| OUT_LL_ADDR_REG_OFFSET
| SE_OPERATION_UNK1
| 0x024
| 0x70012004
|-
|-
| HASH_RESULT_REG_OFFSET
| SE_OPERATION
| 0x030
| 0x70012008
|-
|-
| CONTEXT_SAVE_CONFIG_REG_OFFSET
| SE_INT_ENABLE
| 0x070
| 0x7001200C
|-
|-
| SHA_CONFIG_REG
| SE_INT_STATUS
| 0x200
| 0x70012010
|-
|-
| SHA_MSG_LENGTH_REG
| SE_CONFIG
| 0x204
| 0x70012014
|-
|-
| SHA_MSG_LEFT_REG
| SE_IN_LL_ADDR
| 0x214
| 0x70012018
|-
|-
| KEYSLOT_1
| SE_OUT_LL_ADDR
| 0x284
| 0x70012024
|-
|-
| KEYSLOT_2
| SE_HASH_RESULT
| 0x288
| 0x70012030
|-
|-
| KEYSLOT_3
| SE_CONTEXT_SAVE_CONFIG
| 0x28C
| 0x70012070
|-
|-
| KEYSLOT_4
| SE_SHA_CONFIG
| 0x290
| 0x70012200
|-
|-
| KEYSLOT_5
| SE_SHA_MSG_LENGTH
| 0x294
| 0x70012204
|-
|-
| KEYSLOT_6
| SE_SHA_MSG_UNK0
| 0x298
| 0x70012208
|-
|-
| KEYSLOT_7
| SE_SHA_MSG_UNK1
| 0x29C
| 0x7001220C
|-
|-
| KEYSLOT_8
| SE_SHA_MSG_UNK2
| 0x2A0
| 0x70012210
|-
|-
| KEYSLOT_9
| SE_SHA_MSG_LEFT
| 0x2A4
| 0x70012214
|-
|-
| KEYSLOT_10
| SE_SHA_MSG_UNK3
| 0x2A8
| 0x70012218
|-
|-
| KEYSLOT_11
| SE_SHA_MSG_UNK4
| 0x2AC
| 0x7001221C
|-
|-
| KEYSLOT_12
| SE_SHA_MSG_UNK5
| 0x2B0
| 0x70012220
|-
|-
| KEYSLOT_13
| SE_AES_KEY_READ_DISABLE
| 0x2B4
| 0x70012280
|-
|-
| KEYSLOT_14
| SE_AES_KEYTABLE_ACCESS
| 0x2B8
| 0x70012284
|-
|-
| KEYSLOT_15
| SE_CRYPTO
| 0x2BC
| 0x70012304
|-
|-
| KEYSLOT_16
| SE_CRYPTO_CTR
| 0x2C0
| 0x70012308
|-
|-
| CRYPTO_REG
| SE_BLOCK_COUNT
| 0x304
| 0x70012318
|-
|-
| CRYPTO_CTR_REG
| SE_AES_KEYTABLE_ADDR
| 0x308
| 0x7001231C
|-
|-
| BLOCK_COUNT_REG
| SE_AES_KEYTABLE_DATA
| 0x318
| 0x70012320
|-
|-
| KEYTABLE_REG
| SE_CRYPTO_KEYTABLE_DST
| 0x31C
| 0x70012330
|-
|-
| KEYTABLE_DATA0_REG
| SE_RNG_CONFIG
| 0x320
| 0x70012340
|-
|-
| CRYPTO_KEYTABLE_DST_REG
| SE_RNG_SRC_CONFIG
| 0x330
| 0x70012344
|-
|-
| RNG_CONFIG_REG
| SE_RNG_RESEED_INTERVAL
| 0x340
| 0x70012348
|-
|-
| RNG_SRC_CONFIG_REG
| SE_RSA_CONFIG
| 0x344
| 0x70012400
|-
|-
| RNG_RESEED_INTERVAL_REG
| SE_RSA_KEY_SIZE
| 0x348
| 0x70012404
|-
|-
| RSA_CONFIG
| SE_RSA_EXP_SIZE
| 0x400
| 0x70012408
|-
|-
| RSA_KEY_SIZE_REG_OFFSET
| SE_RSA_KEY_READ_DISABLE
| 0x404
| 0x7001240C
|-
|-
| RSA_EXP_SIZE_REG_OFFSET
| SE_RSA_KEYTABLE_ACCESS
| 0x408
| 0x70012410
|-
|-
| RSA_KEYSLOT_1
| SE_RSA_KEYTABLE_ADDR
| 0x410
| 0x70012420
|-
|-
| RSA_KEYSLOT_2
| SE_RSA_KEYTABLE_DATA
| 0x414
| 0x70012424
|-
|-
| RSA_KEYTABLE_ADDR
| SE_RSA_OUTPUT
| 0x420
| 0x70012428
|-
|-
| RSA_KEYTABLE_DATA
| SE_STATUS_FLAGS
| 0x424
| 0x70012800
|-
|-
| RSA_OUTPUT
| SE_ERR_STATUS
| 0x428
| 0x70012804
|-
|-
| SPARE_0_REG_OFFSET
| SE_SPARE_0
| 0x80C
| 0x7001280C
|}
|}

Revision as of 22:05, 10 April 2018

The Nintendo Switch uses Tegra's Security Engine (SE) for handling cryptographic opearations at the system's lowest level.

The SE driver is mapped to physical address 0x70012000 with a total size of 0x2000 bytes and exposes several registers for programming the Security Engine.

Registers

Name Address
SE_OPERATION_UNK0 0x70012000
SE_OPERATION_UNK1 0x70012004
SE_OPERATION 0x70012008
SE_INT_ENABLE 0x7001200C
SE_INT_STATUS 0x70012010
SE_CONFIG 0x70012014
SE_IN_LL_ADDR 0x70012018
SE_OUT_LL_ADDR 0x70012024
SE_HASH_RESULT 0x70012030
SE_CONTEXT_SAVE_CONFIG 0x70012070
SE_SHA_CONFIG 0x70012200
SE_SHA_MSG_LENGTH 0x70012204
SE_SHA_MSG_UNK0 0x70012208
SE_SHA_MSG_UNK1 0x7001220C
SE_SHA_MSG_UNK2 0x70012210
SE_SHA_MSG_LEFT 0x70012214
SE_SHA_MSG_UNK3 0x70012218
SE_SHA_MSG_UNK4 0x7001221C
SE_SHA_MSG_UNK5 0x70012220
SE_AES_KEY_READ_DISABLE 0x70012280
SE_AES_KEYTABLE_ACCESS 0x70012284
SE_CRYPTO 0x70012304
SE_CRYPTO_CTR 0x70012308
SE_BLOCK_COUNT 0x70012318
SE_AES_KEYTABLE_ADDR 0x7001231C
SE_AES_KEYTABLE_DATA 0x70012320
SE_CRYPTO_KEYTABLE_DST 0x70012330
SE_RNG_CONFIG 0x70012340
SE_RNG_SRC_CONFIG 0x70012344
SE_RNG_RESEED_INTERVAL 0x70012348
SE_RSA_CONFIG 0x70012400
SE_RSA_KEY_SIZE 0x70012404
SE_RSA_EXP_SIZE 0x70012408
SE_RSA_KEY_READ_DISABLE 0x7001240C
SE_RSA_KEYTABLE_ACCESS 0x70012410
SE_RSA_KEYTABLE_ADDR 0x70012420
SE_RSA_KEYTABLE_DATA 0x70012424
SE_RSA_OUTPUT 0x70012428
SE_STATUS_FLAGS 0x70012800
SE_ERR_STATUS 0x70012804
SE_SPARE_0 0x7001280C
Retrieved from "https://switchbrew.org/w/index.php?title=Security_Engine&oldid=4445"