6.2.0: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 18:

====Secure Monitor====

The Secure Monitor was updated. ~~[details~~ to ~~be filled~~ in ~~later]~~.

The Secure Monitor was updated:

* BootReason is now saved before security engine/warmboot firmware setup.

* The SYSCTR0 registers are now validated to contain expected values on bootup.

* generate_srk() is now called before any other security engine key derivation is done.

* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.

* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.

* The usual code changes for adding a new master key/device master key are in place.

There are zero changes to code outside of the coldboot .init section (pk2ldr).

====Kernel====

Line 27:

Line 36:

====Warmboot====

The firmware revision magic was changed from 0x87 to 0xA8.

* The firmware revision magic was changed from 0x87 to 0xA8.

==System Titles==

Line 40:

Line 49:

* bcat: The codebin was updated, but no strings were added/changed.

* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs ~~was~~ changed to "v4-<newhexstr>".

* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>".

* nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]].

==See Also==

@@ Line 18: / Line 18: @@
 ====Secure Monitor====
-The Secure Monitor was updated. [details to be filled in later].
+The Secure Monitor was updated:
+* BootReason is now saved before security engine/warmboot firmware setup.
+* The SYSCTR0 registers are now validated to contain expected values on bootup.
+* generate_srk() is now called before any other security engine key derivation is done.
+* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.
+* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.
+* The usual code changes for adding a new master key/device master key are in place.
+There are zero changes to code outside of the coldboot .init section (pk2ldr).
 ====Kernel====
@@ Line 27: / Line 36: @@
 ====Warmboot====
-The firmware revision magic was changed from 0x87 to 0xA8.
+* The firmware revision magic was changed from 0x87 to 0xA8.
 ==System Titles==
@@ Line 40: / Line 49: @@
 * bcat: The codebin was updated, but no strings were added/changed.
-* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs was changed to "v4-<newhexstr>".
+* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>".
+* nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]].
 ==See Also==