Cryptosystem: Difference between revisions

6.2.0 keygen details
Line 171: Line 171:
|}
|}


=== [6.2.0]+ Key table after package1ldr/TSEC Payload (Secure Monitor boot) ===
{| class="wikitable" border="1"
|-
! Keyslot
! Name
! Set by
! Per-console
! Per-firmware
|-
| 12
| TsecKey
| [[TSEC#Payload|Package1ldr TSEC Firmware]]
| Yes
| No
|-
| 13
| TsecRootKey
| [[TSEC#Payload|Package1ldr TSEC Firmware]]
| No
| Unknown
|-
| 14
| SecureBootKey
| Bootrom
| Yes
| No
|-
| 15
| SecureStorageKey
| Bootrom
| Yes
| No
|}




Line 217: Line 251:
.. and on 4.0.0 it was further moved around:
.. and on 4.0.0 it was further moved around:


  old_keyblob_key /* slot15 */ = aes_unwrap(aes_unwrap(df206f59.., tsec_key /* slot13 */), sbk /* slot14 */)
   keyblob_key    /* slot13 */ = aes_unwrap(aes_unwrap(wrapped_keyblob_key, tsec_key /* slot13 */), sbk /* slot14 */)
   keyblob_key    /* slot13 */ = aes_unwrap(aes_unwrap(wrapped_keyblob_key, tsec_key /* slot13 */), sbk /* slot14 */)
   cmac_key        /* slot11 */ = aes_unwrap(59c7fb6f.., keyblob_key)
   cmac_key        /* slot11 */ = aes_unwrap(59c7fb6f.., keyblob_key)
Line 232: Line 265:
   new_per_console_key /* slot13 */ = aes_unwrap(0c9109db.., old_keyblob_key)
   new_per_console_key /* slot13 */ = aes_unwrap(0c9109db.., old_keyblob_key)
   per_console_key    /* slot15 */ = aes_unwrap(4f025f0e.., old_keyblob_key)
   per_console_key    /* slot15 */ = aes_unwrap(4f025f0e.., old_keyblob_key)
.. and on 6.2.0, they moved key generation out of package1ldr, and into the Secure Monitor's boot section:
  clear_keyslots_other_than_12_13_and_14()
 
  old_keyblob_key /* slot15 */ = aes_unwrap(aes_unwrap(df206f59.., tsec_key /* slot12 */), sbk /* slot14 */)
  /* Previously, master_kek was stored at keyblob+0x20) */
  master_kek      /* slot13 */ = aes_unwrap(374b7729.. /* probably firmware specific */, tsec_root_key /* slot13 */)
 
  clear_keyslot(12)
 
  // Final keys:
  new_master_key      /* slot12 */ = aes_unwrap(2dc1f48d.., master_kek)       
  master_key          /* slot13 */ = aes_unwrap(normalseed_retail, master_kek)
  new_per_console_key /* slot14 */ = aes_unwrap(0c9109db.., old_keyblob_key)
  per_console_key    /* slot15 */ = aes_unwrap(4f025f0e.., old_keyblob_key)


SBK and SSK keyslots are cleared after keys have been generated.
SBK and SSK keyslots are cleared after keys have been generated.
Line 243: Line 293:
This means that if you have an attack on the bootloader, you need to re-preform it every time they move to a new keyblob.
This means that if you have an attack on the bootloader, you need to re-preform it every time they move to a new keyblob.


Dumping the SBK and TSEC key of any single system should be enough to derive all key material on the system.
Dumping the SBK and TSEC key of any single system should be enough to derive all key material on the system, prior to 6.2.0.


The key-derivation is described in more detail [[Package1#Key_generation|here]].
The key-derivation is described in more detail [[Package1#Key_generation|here]].