6.2.0: Difference between revisions
| (4 intermediate revisions by 3 users not shown) | |||
| Line 18: | Line 18: | ||
====Secure Monitor==== | ====Secure Monitor==== | ||
The Secure Monitor was updated. | The Secure Monitor was updated: | ||
* BootReason is now saved before security engine/warmboot firmware setup. | |||
* The SYSCTR0 registers are now validated to contain expected values on bootup. | |||
* generate_srk() is now called before any other security engine key derivation is done. | |||
* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware. | |||
* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC. | |||
* The usual code changes for adding a new master key/device master key are in place. | |||
There are zero changes to code outside of the coldboot .init section (pk2ldr). | |||
====Kernel==== | ====Kernel==== | ||
| Line 27: | Line 36: | ||
====Warmboot==== | ====Warmboot==== | ||
The firmware revision magic was changed from 0x87 to 0xA8. | * The firmware revision magic was changed from 0x87 to 0xA8. | ||
==System Titles== | ==System Titles== | ||
| Line 38: | Line 47: | ||
There seems to be no new service IPC commands. | There seems to be no new service IPC commands. | ||
* bcat: The codebin was updated, but no strings were added/changed. | |||
* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>". | |||
* nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]]. | |||
==See Also== | ==See Also== | ||