Cryptosystem: Difference between revisions
6.2.0 keygen details |
|||
Line 171: | Line 171: | ||
|} | |} | ||
=== [6.2.0]+ Key table after package1ldr/TSEC Payload (Secure Monitor boot) === | |||
{| class="wikitable" border="1" | |||
|- | |||
! Keyslot | |||
! Name | |||
! Set by | |||
! Per-console | |||
! Per-firmware | |||
|- | |||
| 12 | |||
| TsecKey | |||
| [[TSEC#Payload|Package1ldr TSEC Firmware]] | |||
| Yes | |||
| No | |||
|- | |||
| 13 | |||
| TsecRootKey | |||
| [[TSEC#Payload|Package1ldr TSEC Firmware]] | |||
| No | |||
| Unknown | |||
|- | |||
| 14 | |||
| SecureBootKey | |||
| Bootrom | |||
| Yes | |||
| No | |||
|- | |||
| 15 | |||
| SecureStorageKey | |||
| Bootrom | |||
| Yes | |||
| No | |||
|} | |||
Line 217: | Line 251: | ||
.. and on 4.0.0 it was further moved around: | .. and on 4.0.0 it was further moved around: | ||
keyblob_key /* slot13 */ = aes_unwrap(aes_unwrap(wrapped_keyblob_key, tsec_key /* slot13 */), sbk /* slot14 */) | keyblob_key /* slot13 */ = aes_unwrap(aes_unwrap(wrapped_keyblob_key, tsec_key /* slot13 */), sbk /* slot14 */) | ||
cmac_key /* slot11 */ = aes_unwrap(59c7fb6f.., keyblob_key) | cmac_key /* slot11 */ = aes_unwrap(59c7fb6f.., keyblob_key) | ||
Line 232: | Line 265: | ||
new_per_console_key /* slot13 */ = aes_unwrap(0c9109db.., old_keyblob_key) | new_per_console_key /* slot13 */ = aes_unwrap(0c9109db.., old_keyblob_key) | ||
per_console_key /* slot15 */ = aes_unwrap(4f025f0e.., old_keyblob_key) | per_console_key /* slot15 */ = aes_unwrap(4f025f0e.., old_keyblob_key) | ||
.. and on 6.2.0, they moved key generation out of package1ldr, and into the Secure Monitor's boot section: | |||
clear_keyslots_other_than_12_13_and_14() | |||
old_keyblob_key /* slot15 */ = aes_unwrap(aes_unwrap(df206f59.., tsec_key /* slot12 */), sbk /* slot14 */) | |||
/* Previously, master_kek was stored at keyblob+0x20) */ | |||
master_kek /* slot13 */ = aes_unwrap(374b7729.. /* probably firmware specific */, tsec_root_key /* slot13 */) | |||
clear_keyslot(12) | |||
// Final keys: | |||
new_master_key /* slot12 */ = aes_unwrap(2dc1f48d.., master_kek) | |||
master_key /* slot13 */ = aes_unwrap(normalseed_retail, master_kek) | |||
new_per_console_key /* slot14 */ = aes_unwrap(0c9109db.., old_keyblob_key) | |||
per_console_key /* slot15 */ = aes_unwrap(4f025f0e.., old_keyblob_key) | |||
SBK and SSK keyslots are cleared after keys have been generated. | SBK and SSK keyslots are cleared after keys have been generated. | ||
Line 243: | Line 293: | ||
This means that if you have an attack on the bootloader, you need to re-preform it every time they move to a new keyblob. | This means that if you have an attack on the bootloader, you need to re-preform it every time they move to a new keyblob. | ||
Dumping the SBK and TSEC key of any single system should be enough to derive all key material on the system. | Dumping the SBK and TSEC key of any single system should be enough to derive all key material on the system, prior to 6.2.0. | ||
The key-derivation is described in more detail [[Package1#Key_generation|here]]. | The key-derivation is described in more detail [[Package1#Key_generation|here]]. |