Nintendo Switch Brew

TSEC: Difference between revisions

← Older editNewer edit →
No edit summary
Line 1,736: Line 1,736:
| 27
| 27
| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C
| TSEC_TEGRA_CTL_TMPI_DISABLE_OUTPUT_I2C
|}
= Boot Process =
TSEC is configured and initialized by the first bootloader during key generation.
[6.2.0+] TSEC is now configured at the end of the first bootloader's main function.
== Initialization ==
During this stage several clocks are programmed.
// Program the HOST1X clock and resets
// Uses RST_DEVICES_L, CLK_OUT_ENB_L, CLK_SOURCE_HOST1X and CLK_L_HOST1X
enable_host1x_clkrst();
// Program the TSEC clock and resets
// Uses RST_DEVICES_U, CLK_OUT_ENB_U, CLK_SOURCE_TSEC and CLK_U_TSEC
enable_tsec_clkrst();
// Program the SOR_SAFE clock and resets
// Uses RST_DEVICES_Y, CLK_OUT_ENB_Y and CLK_Y_SOR_SAFE
enable_sor_safe_clkrst();
// Program the SOR0 clock and resets
// Uses RST_DEVICES_X, CLK_OUT_ENB_X and CLK_X_SOR0
enable_sor0_clkrst();
// Program the SOR1 clock and resets
// Uses RST_DEVICES_X, CLK_OUT_ENB_X, CLK_SOURCE_SOR1 and CLK_X_SOR1
enable_sor1_clkrst();
// Program the KFUSE clock resets
// Uses RST_DEVICES_H, CLK_OUT_ENB_H and CLK_H_KFUSE
enable_kfuse_clkrst();
== Configuration ==
In this stage the Falcon IRQs, interfaces and DMA engine are configured.
// Clear the Falcon DMA control register
*(u32 *)FALCON_DMACTL = 0;
// Enable Falcon IRQs
*(u32 *)FALCON_IRQMSET = 0xFFF2;
// Enable Falcon IRQs
*(u32 *)FALCON_IRQDEST = 0xFFF0;
// Enable Falcon interfaces
*(u32 *)FALCON_ITFEN = 0x03;
// Wait for Falcon's DMA engine to be idle
wait_flcn_dma_idle();
== Firmware loading ==
The Falcon firmware code is stored in the first bootloader's data segment in IMEM.
// Set DMA transfer base address to 0x40011900 >> 0x08
*(u32 *)FALCON_DMATRFBASE = 0x400119;
u32 trf_mode = 0;    // A value of 0 sets FALCON_DMATRFCMD_IMEM
u32 dst_offset = 0;
u32 src_offset = 0;
// Load code into Falcon (0x100 bytes at a time)
while (src_offset < 0xF00)
{
    flcn_load_firm(trf_mode, src_offset, dst_offset);
    src_offset += 0x100;
    dst_offset += 0x100;
}
[6.2.0+] The transfer base address and size of the Falcon firmware code changed.
// Set DMA transfer base address to 0x40010E00 >> 0x08
*(u32 *)FALCON_DMATRFBASE = 0x40010E;
u32 trf_mode = 0;    // A value of 0 sets FALCON_DMATRFCMD_IMEM
u32 dst_offset = 0;
u32 src_offset = 0;
// Load code into Falcon (0x100 bytes at a time)
while (src_offset < 0x2900)
{
    flcn_load_firm(trf_mode, src_offset, dst_offset);
    src_offset += 0x100;
    dst_offset += 0x100;
}
== Firmware booting ==
Falcon is booted up and the first bootloader waits for it to finish.
// Set magic value in host1x scratch space
*(u32 *)0x50003300 = 0x34C2E1DA;
// Clear Falcon scratch1 MMIO
*(u32 *)FALCON_SCRATCH1 = 0;
// Set Falcon boot key version in scratch0 MMIO
*(u32 *)FALCON_SCRATCH0 = 0x01;
// Set Falcon's boot vector address
*(u32 *)FALCON_BOOTVEC = 0;
// Signal Falcon's CPU
*(u32 *)FALCON_CPUCTL = 0x02;
// Wait for Falcon's DMA engine to be idle
wait_flcn_dma_idle();
u32 boot_res = 0;
// The bootloader allows the TSEC two seconds from this point to do its job
u32 maximum_time = read_timer() + 2000000;
while (!boot_res)
{
    // Read boot result from scratch1 MMIO
    boot_res = *(u32 *)FALCON_SCRATCH1;
   
    // Read from TIMERUS_CNTR_1US (microseconds from boot)
    u32 current_time = read_timer();
   
    // Booting is taking too long
    if (current_time > maximum_time)
      panic();
}
// Invalid boot result was returned
if (boot_res != 0xB0B0B0B0)
    panic();
[6.2.0+] Falcon is booted up, but the first bootloader is left in an infinite loop.
// Set magic value in host1x scratch space
*(u32 *)0x50003300 = 0x34C2E1DA;
// Clear Falcon scratch1 MMIO
*(u32 *)FALCON_SCRATCH1 = 0;
// Set Falcon boot key version in scratch0 MMIO
*(u32 *)FALCON_SCRATCH0 = 0x01;
// Set Falcon's boot vector address
*(u32 *)FALCON_BOOTVEC = 0;
// Signal Falcon's CPU
*(u32 *)FALCON_CPUCTL = 0x02;
// Infinite loop
deadlock();
== TSEC key generation ==
The TSEC key is generated by reading SOR1 registers modified by the Falcon CPU.
// Clear magic value in host1x scratch space
*(u32 *)0x50003300 = 0;
// Read TSEC key
u32 tsec_key[4];
tsec_key[0] = *(u32 *)NV_SOR_DP_HDCP_BKSV_LSB;
tsec_key[1] = *(u32 *)NV_SOR_TMDS_HDCP_BKSV_LSB;
tsec_key[2] = *(u32 *)NV_SOR_TMDS_HDCP_CN_MSB;
tsec_key[3] = *(u32 *)NV_SOR_TMDS_HDCP_CN_LSB;
// Clear SOR1 registers
*(u32 *)NV_SOR_DP_HDCP_BKSV_LSB = 0;
*(u32 *)NV_SOR_TMDS_HDCP_BKSV_LSB = 0;
*(u32 *)NV_SOR_TMDS_HDCP_CN_MSB = 0;
*(u32 *)NV_SOR_TMDS_HDCP_CN_LSB = 0;
if (out_size < 0x10)
    out_size = 0x10;
// Copy back the TSEC key
memcpy(out_buf, tsec_key, out_size);
[6.2.0+] This is now done inside an encrypted TSEC payload.
== Cleanup ==
Clocks and resets are disabled before returning.
// Deprogram KFUSE clock and resets
// Uses RST_DEVICES_H, CLK_OUT_ENB_H and CLK_H_KFUSE
disable_kfuse_clkrst();
// Deprogram SOR1 clock and resets
// Uses RST_DEVICES_X, CLK_OUT_ENB_X, CLK_SOURCE_SOR1 and CLK_X_SOR1
disable_sor1_clkrst();
// Deprogram SOR0 clock and resets
// Uses RST_DEVICES_X, CLK_OUT_ENB_X and CLK_X_SOR0
disable_sor0_clkrst();
// Deprogram SOR_SAFE clock and resets
// Uses RST_DEVICES_Y, CLK_OUT_ENB_Y and CLK_Y_SOR_SAFE
disable_sor_safe_clkrst();
// Deprogram TSEC clock and resets
// Uses RST_DEVICES_U, CLK_OUT_ENB_U, CLK_SOURCE_TSEC and CLK_U_TSEC
disable_tsec_clkrst();
// Deprogram HOST1X clock and resets
// Uses RST_DEVICES_L, CLK_OUT_ENB_L, CLK_SOURCE_HOST1X and CLK_L_HOST1X
disable_host1x_clkrst();
return;
= TSEC Firmware =
The actual code loaded into TSEC is assembled in NVIDIA's proprietary fuc5 ISA using crypto extensions.
Stored inside the first bootloader, this firmware binary is split into 4 blobs (names are unofficial): [[#Boot|Boot]] (unencrypted and unauthenticated code), [[#KeygenLdr|KeygenLdr]] (unencrypted and authenticated code), [[#Keygen|Keygen]] (encrypted and authenticated code) and [[#Key data|key data]].
[6.2.0+] There are now 6 blobs (names are unofficial): [[#Boot|Boot]] (unencrypted and unauthenticated code), [[#Loader|Loader]] (unencrypted and unauthenticated code), [[#KeygenLdr|KeygenLdr]] (unencrypted and authenticated code), [[#Keygen|Keygen]] (encrypted and authenticated code), [[#Payload|Payload]] (part unencrypted and unauthenticated code, part encrypted and authenticated code) and [[#Key data|key data]].
Firmware can be disassembled with [http://envytools.readthedocs.io/en/latest/ envytools'] [https://github.com/envytools/envytools/tree/master/envydis envydis]:
<code>envydis -i tsec_fw.bin -m falcon -V fuc5 -F crypt</code>
Note that the instruction set has variable length instructions, and the disassembler is not very good at detecting locations it should start disassembling from. One needs to disassemble multiple sub-regions and join them together.
== Boot ==
During this stage, [[#Key data|key data]] is loaded and [[#KeygenLdr|KeygenLdr]] is authenticated, loaded and executed.
Before returning, this stage writes back to the host (using MMIO registers) and sets the key used by the first bootloader.
[6.2.0+] During this stage, [[#Key data|key data]] is loaded and execution jumps to [[#Loader|Loader]].
=== Initialization ===
Falcon sets up it's own stack pointer.
// Read data segment size from IO space
u32 data_seg_size = *(u32 *)UC_CAPS;
data_seg_size >>= 0x09;
data_seg_size &= 0x1FF;
data_seg_size <<= 0x08;
// Set the stack pointer
*(u32 *)sp = data_seg_size;
=== Main ===
Falcon reads the [[#Key data|key data]] and then authenticates, loads and executes [[#KeygenLdr|KeygenLdr]] which sets the TSEC key.
u32 boot_base_addr = 0;
u8 key_data_buf[0x7C];
// Read the key data from memory
u32 key_data_addr = 0x300;
u32 key_data_size = 0x7C;
read_code(key_data_buf, key_data_addr, key_data_size);
// Read the next code segment into boot base
u32 blob1_addr = 0x400;
u32 blob1_size = *(u32 *)(key_data_buf + 0x74);
read_code(boot_base_addr, blob1_addr, blob1_size);
// Upload the next code segment into Falcon's CODE region
u32 blob1_virt_addr = 0x300;
bool use_secret = true;
upload_code(blob1_virt_addr, boot_base_addr, blob1_size, blob1_virt_addr, use_secret);
u32 boot_res = 0;
bool is_done = false;
u32 time = 0;
bool is_blob_dec = false;
while (!is_done)
{
    if (time > 4000000)
    {
      // Write boot failed (timeout) magic to FALCON_SCRATCH1
      boot_res = 0xC0C0C0C0;
      *(u32 *)FALCON_SCRATCH1 = boot_res;
     
      break;
    }
   
    // Load key version from FALCON_SCRATCH0 (bootloader sends 0x01)
    u32 key_version = *(u32 *)FALCON_SCRATCH0;
    if (key_version == 0x64)
    {
      // Skip all next stages
      boot_res = 0xB0B0B0B0;
      *(u32 *)FALCON_SCRATCH1 = boot_res;
     
      break;
    }
    else
    {
      if (key_version > 0x03)
          boot_res = 0xD0D0D0D0;    // Invalid key version
      else if (key_version == 0)
          boot_res = 0xB0B0B0B0;    // No keys used
      else
      {
          u32 key_buf[0x7C];
         
          // Copy key data
          memcpy(key_buf, key_data_buf, 0x7C);
          u32 crypt_reg_flag = 0x00060000;
          u32 blob1_hash_addr = key_buf + 0x20;
          // fuc5 crypt cauth instruction
          // Set auth_addr to 0x300 and auth_size to blob1_size
          cauth((blob1_size << 0x10) | (0x300 >> 0x08));
          // fuc5 crypt cxset instruction
          // The next 2 xfer instructions will be overridden
          // and target changes from DMA to crypto
          cxset(0x02);
         
          // Transfer data to crypto register c6
  xdst(0, (blob1_hash_addr | crypt_reg_flag));
 
  // Wait for all data loads/stores to finish
  xdwait();
         
          // Jump to KeygenLdr
          u32 keygenldr_res = exec_keygenldr(key_buf, key_version, is_blob_dec);
          is_blob_dec = true;  // Set this to prevent decrypting again
          // Set boot finish magic on success
  if (keygenldr_res == 0)
            boot_res = 0xB0B0B0B0
      }
     
      // Write result to FALCON_SCRATCH1
      *(u32 *)FALCON_SCRATCH1 = boot_res;
      if (boot_res == 0xB0B0B0B0)
          is_done = true;
    }
    time++;
}
// Overwrite the TSEC key in SOR1 registers
// This has no effect because the KeygenLdr locks out the TSEC DMA engine
tsec_set_key(key_data_buf);
return boot_res;
[6.2.0+] Falcon reads the [[#Key data|key data]] and jumps to [[#Loader|Loader]].
u8 key_data_buf[0x84];
// Read the key data from memory
u32 key_data_addr = 0x300;
u32 key_data_size = 0x84;
read_code(key_data_buf, key_data_addr, key_data_size);
// Calculate the next blob's address
u32 blob4_size = *(u32 *)(key_data_buf + 0x80);
u32 blob0_size = *(u32 *)(key_data_buf + 0x70);
u32 blob1_size = *(u32 *)(key_data_buf + 0x74);
u32 blob2_size = *(u32 *)(key_data_buf + 0x78);
u32 blob3_addr = ((((blob0_size + blob1_size) + 0x100) + blob2_size) + blob4_size);
// Jump to next blob
(void *)blob3_addr();
 
return 0;
==== tsec_set_key ====
This method takes '''key_data_buf''' (a 16 bytes buffer) as argument and writes its contents to SOR1 registers.
// This is TSEC_MMIO + 0x1000 + (0x1C300 / 0x40)
*(u32 *)TSEC_DMA_UNK = 0xFFF;
// Read the key's words
u32 key0 = *(u32 *)(key_data_buf + 0x00);
u32 key1 = *(u32 *)(key_data_buf + 0x04);
u32 key2 = *(u32 *)(key_data_buf + 0x08);
u32 key3 = *(u32 *)(key_data_buf + 0x0C);
u32 result = 0;
// Write to SOR1 register
result = tsec_dma_write(NV_SOR_DP_HDCP_BKSV_LSB, key0);
// Failed to write
if (result)
    return result;
// Write to SOR1 register
result = tsec_dma_write(NV_SOR_TMDS_HDCP_BKSV_LSB, key1);
// Failed to write
if (result)
    return result;
// Write to SOR1 register
result = tsec_dma_write(NV_SOR_TMDS_HDCP_CN_MSB, key2);
// Failed to write
if (result)
    return result;
// Write to SOR1 register
result = tsec_dma_write(NV_SOR_TMDS_HDCP_CN_LSB, key3);
// Failed to write
if (result)
    return result;
return result;
===== tsec_dma_write =====
This method takes '''addr''' and '''value''' as arguments and performs a DMA write using TSEC MMIO.
u32 result = 0;
// Wait for TSEC DMA engine
// This waits for bit 0x0C in TSEC_DMA_CMD to be 0
result = wait_tsec_dma();
// Wait failed
if (result)
    return 1;
// Set the destination address
// This is TSEC_MMIO + 0x1000 + (0x1C100 / 0x40)
*(u32 *)TSEC_DMA_ADDR = addr;
// Set the value
// This is TSEC_MMIO + 0x1000 + (0x1C200 / 0x40)
*(u32 *)TSEC_DMA_VAL = value;
// Start transfer?
// This is TSEC_MMIO + 0x1000 + (0x1C000 / 0x40)
*(u32 *)TSEC_DMA_CMD = 0x800000F2;
// Wait for TSEC DMA engine
// This waits for bit 0x0C in TSEC_DMA_CMD to be 0
result = wait_tsec_dma();
// Wait failed
if (result)
    return 1;
return 0;
== KeygenLdr ==
This stage is responsible for reconfiguring the Falcon's crypto co-processor and loading, decrypting, authenticating and executing [[#Keygen|Keygen]].
=== Main ===
// Clear interrupt flags
*(u8 *)flags_ie0 = 0;
*(u8 *)flags_ie1 = 0;
*(u8 *)flags_ie2 = 0;
// fuc5 crypt cxset instruction
// Clear overrides?
cxset(0x80);
// fuc5 crypt cauth instruction
// Clear bit 0x13 in cauth
cauth(cauth_old & ~(1 << 0x13));
// Set the target port for memory transfers
xtargets(0);
// Wait for all data loads/stores to finish
xdwait();
// Wait for all code loads to finish
xcwait();
// fuc5 crypt cxset instruction
// The next 2 xfer instructions will be overridden
// and target changes from DMA to crypto
cxset(0x02);
// Transfer data to crypto register c0
// This should clear any leftover data
xdst(0, 0);
// Wait for all data loads/stores to finish
xdwait();
// Clear all crypto registers, except c6 which is used for auth
cxor(c0, c0);
cmov(c1, c0);
cmov(c2, c0);
cmov(c3, c0);
cmov(c4, c0);
cmov(c5, c0);
cmov(c7, c0);
// Clear TSEC_TEGRA_CTL_TKFI_KFUSE
// This is TSEC_MMIO + 0x1000 + (0x20E00 / 0x40)
*(u32 *)TSEC_TEGRA_CTL &= 0xEFFFF;
// Set TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
// This is TSEC_MMIO + 0x1000 + (0x10600 / 0x40)
*(u32 *)TSEC_SCP_CTL_PKEY |= 0x01;
u32 is_pkey_loaded = 0;
// Wait for TSEC_SCP_CTL_PKEY_LOADED
while (!is_pkey_loaded)
    is_pkey_loaded = (*(u32 *)TSEC_SCP_CTL_PKEY & 0x02);
// Read data segment size from IO space
u32 data_seg_size = *(u32 *)UC_CAPS;
data_seg_size >>= 0x09;
data_seg_size &= 0x1FF;
data_seg_size <<= 0x08;
// Check stack bounds
if ((*(u32 *)sp >= data_seg_size) || (*(u32 *)sp < 0x800))
  exit();
// Decrypt and load Keygen stage
load_keygen(key_buf, key_version, is_blob_dec);
// fuc5 crypt csigclr instruction
// Clears the cauth signature
csigclr();
// Clear all crypto registers
cxor(c0, c0);
cxor(c1, c1);
cxor(c2, c2);
cxor(c3, c3);
cxor(c4, c4);
cxor(c5, c5);
cxor(c6, c6);
cxor(c7, c7);
// Exit Authenticated Mode
// This is TSEC_MMIO + 0x1000 + (0x10300 / 0x40)
*(u32 *)TSEC_SCP_CTL_AUTH_MODE = 0;
return;
==== load_keygen ====
u32 res = 0;
u32 boot_base_addr = 0;
u32 blob0_addr = 0;
u32 blob0_size = *(u32 *)(key_buf + 0x70);
// Load blob0 code again
read_code(boot_base_addr, blob0_addr, blob0_size);
// Generate "CODE_SIG_01" key into c4 crypto register
gen_usr_key(0, 0);
// Encrypt buffer with c4
u8 sig_key[0x10];
enc_buf(sig_key, blob0_size);
u32 src_addr = boot_base_addr;
u32 src_size = blob0_size;
u32 iv_addr = sig_key;
u32 dst_addr = sig_key;
u32 mode = 0x02;  // AES-CMAC
u32 version = 0;
// Do AES-CMAC over blob0 code
do_crypto(src_addr, src_size, iv_addr, dst_addr, mode, version);
// Compare the hashes
if (memcmp(dst_addr, key_buf + 0x10, 0x10))
{
  res = 0xDEADBEEF;
  return res;
}
u32 blob1_size = *(u32 *)(key_buf + 0x74);
// Decrypt Keygen blob if needed
if (!is_blob_dec)
{
    // Read Stage2's size from key buffer
    u32 blob2_size = *(u32 *)(key_buf + 0x78);
    // Check stack bounds
    if (*(u32 *)sp > blob2_size)
    {
      u32 boot_base_addr = 0;
      u32 blob2_virt_addr = blob0_size + blob1_size;
      u32 blob2_addr = blob2_virt_addr + 0x100;
     
      // Read Keygen encrypted blob
      read_code(boot_base_addr, blob2_addr, blob2_size);
      // Generate "CODE_ENC_01" key into c4 crypt register
      gen_usr_key(0x01, 0x01);
     
      u32 src_addr = boot_base_addr;
      u32 src_size = blob2_size;
      u32 iv_addr = key_buf + 0x40;
      u32 dst_addr = boot_base_addr;
      u32 mode = 0;  // AES-128-ECB
      u32 version = 0;
     
      // Decrypt Keygen blob
      do_crypto(src_addr, src_size, iv_addr, dst_addr, mode, version);
     
      // Upload the next code segment into Falcon's CODE region
      bool use_secret = true;
      upload_code(blob2_virt_addr, boot_base_addr, blob2_size, blob2_virt_addr, use_secret);
      // Clear out the decrypted blob
      memset(boot_base_addr, 0, blob2_size);
    }
}
// fuc5 crypt cxset instruction
// The next 2 xfer instructions will be overridden
// and target changes from DMA to crypto
cxset(0x02);
u32 crypt_reg_flag = 0x00060000;
u32 blob2_hash_addr = key_buf + 0x30;
// Transfer data to crypto register c6
xdst(0, (blob2_hash_addr | crypt_reg_flag));
// Wait for all data loads/stores to finish
xdwait();
// Save previous cauth value
u32 c_old = cauth_old;
// fuc5 crypt cauth instruction
// Set auth_addr to blob2_virt_addr and auth_size to blob2_size
cauth((blob2_virt_addr >> 0x08) | (blob2_size << 0x10));
u32 hovi_key_addr = 0;
// Select next stage key
if (key_version == 0x01) // Use HOVI_EKS_01
  hovi_key_addr = key_buf + 0x50;
else if (key_version == 0x02)         // Use HOVI_COMMON_01
  hovi_key_addr = key_buf + 0x60;
else if (key_version == 0x03)         // Use debug key (empty)
  hovi_key_addr = key_buf + 0x00;
else
  res = 0xD0D0D0D0
// Jump to Keygen
if (hovi_key_addr)
  res = exec_keygen(hovi_key_addr, key_version);
         
// Clear out key data
memset(key_buf, 0, 0x7C);
// fuc5 crypt cauth instruction
// Restore previous cauth value
cauth(c_old);
return res;
===== gen_usr_key =====
This method takes '''type''' and '''mode''' as arguments and generates a key.
u8 seed_buf[0x10];
// Read a 16 bytes seed based on supplied type
/*
    Type 0: "CODE_SIG_01" + null padding
    Type 1: "CODE_ENC_01" + null padding
*/
get_seed(seed_buf, type);
// This will write the seed into crypto register c0
crypt_store(0, seed_buf);
// fuc5 csecret instruction
// Load selected secret into crypto register c1
csecret(c1, 0x26);
// fuc5 ckeyreg instruction
// Bind c1 register as the key for enc/dec operations
ckeyreg(c1);
// fuc5 cenc instruction
// Encrypt seed_buf (in c0) using keyreg value as key into c1
cenc(c1, c0);
// fuc5 csigenc instruction
// Encrypt c1 register with the auth signature stored in c6
csigenc(c1, c1);
// Copy the result into c4 (will be used as key)
cmov(c4, c1);
// Do key expansion (for decryption)
if (mode != 0)
    ckexp(c4, c4); // fuc5 ckexp instruction
return;
===== enc_buffer =====
This method takes '''buf''' (a 16 bytes buffer) and '''size''' as arguments and encrypts the supplied buffer.
// Set first 3 words to null
*(u32 *)(buf + 0x00) = 0;
*(u32 *)(buf + 0x04) = 0;
*(u32 *)(buf + 0x08) = 0;
// Swap halves (b16, b32 and b16 again)
hswap(size);
// Store the size as the last word
*(u32 *)(buf + 0x0C) = size;
// This will write buf into crypto register c3
crypt_store(0x03, buf);
// fuc5 ckeyreg instruction
// Bind c4 register (from keygen) as the key for enc/dec operations
ckeyreg(c4);
// fuc5 cenc instruction
// Encrypt buf (in c3) using keyreg value as key into c5
cenc(c5, c3);
// This will read into buf from crypto register c5
crypt_load(0x05, buf);
return;
===== do_crypto =====
This is the method responsible for all crypto operations performed during [[#KeygenLdr|KeygenLdr]]. It takes '''src_addr''', '''src_size''', '''iv_addr''', '''dst_addr''', '''mode''' and '''use_imem''' as arguments.
// Check for invalid source data size
if (!src_size || (src_size & 0x0F))
  exit();
// Check for invalid source data address
if (src_addr & 0x0F)
  exit();
// Check for invalid destination data address
if (dst_addr & 0x0F)
  exit();
// Use IV if available
if (iv_addr)
{
  // This will write the iv_addr into crypto register c5
  crypt_store(0x05, iv_addr);
}
else
{
  // Clear c5 register (use null IV)
  cxor(c5, c5);
}
// Use key in c4
ckeyreg(c4);
// AES-128-CBC decrypt
if (mode == 0x00)
{
  // Create crypto script with 5 instructions
  cs0begin(0x05);
  cxsin(c3);                  // Read 0x10 bytes from crypto stream into c3
  cdec(c2, c3);                // Decrypt from c3 into c2
  cxor(c5, c2);                // XOR c2 with c5 and store in c5
  cxsout(c5);                  // Write 0x10 bytes into crypto stream from c5
  cmov(c5, c3);                // Move c3 into c5
}
else if (mode == 0x01) // AES-128-CBC encrypt
{
  // Create crypto script with 4 instructions
  cs0begin(0x04);
  cxsin(c3);                  // Read 0x10 bytes from crypto stream into c3
  cxor(c3, c5);                // XOR c5 with c3 and store in c3
  cenc(c5, c3);                // Encrypt from c3 into c5
  cxsout(c5);                  // Write 0x10 bytes into crypto stream from c5
}
else if (mode == 0x02) // AES-CMAC
{
  // Create crypto script with 3 instructions
  cs0begin(0x03);
  cxsin(c3);                  // Read 0x10 bytes from crypto stream into c3
  cxor(c5, c3);                // XOR c5 with c3 and store in c3
  cenc(c5, c5);                // Encrypt from c5 into c5
}
else if (mode == 0x03) // AES-128-ECB decrypt
{
  // Create crypto script with 3 instructions
  cs0begin(0x03);
  cxsin(c3);                  // Read 0x10 bytes from crypto stream into c3
  cdec(c5, c3);                // Decrypt from c3 into c5
  cxsout(c5);                  // Write 0x10 bytes into crypto stream from c5
}
else if (mode == 0x04) // AES-128-ECB encrypt
{
  // Create crypto script with 3 instructions
  cs0begin(0x03);
  cxsin(c3);                  // Read 0x10 bytes from crypto stream into c3
  cenc(c5, c3);                // Encrypt from c3 into c5
  cxsout(c5);                  // Write 0x10 bytes into crypto stream from c5
}
else
  return;
// Main loop
while (src_size > 0)
{
  u32 blk_count = (src_size >> 0x04);
  if (blk_count > 0x10)
    blk_count = 0x10;
 
  // Check size align
  if (blk_count & (blk_count - 0x01))
    blk_count = 0x01;
  u32 blk_size = (blk_count << 0x04);
 
  u32 crypt_xfer_src = 0;
  u32 crypt_xfer_dst = 0;
 
  if (block_size == 0x20)
  {
      crypt_xfer_src = (0x00030000 | src_addr);
      crypt_xfer_dst = (0x00030000 | dst_addr);
     
      // Execute crypto script 2 times (1 for each block)
      cs0exec(0x02);
  }
  if (block_size == 0x40)
  {
      crypt_xfer_src = (0x00040000 | src_addr);
      crypt_xfer_dst = (0x00040000 | dst_addr);
     
      // Execute crypto script 4 times (1 for each block)
      cs0exec(0x04);
  }
  if (block_size == 0x80)
  {
      crypt_xfer_src = (0x00050000 | src_addr);
      crypt_xfer_dst = (0x00050000 | dst_addr);
     
      // Execute crypto script 8 times (1 for each block)
      cs0exec(0x08);
  }
  if (block_size == 0x100)
  {
      crypt_xfer_src = (0x00060000 | src_addr);
      crypt_xfer_dst = (0x00060000 | dst_addr);
     
      // Execute crypto script 16 times (1 for each block)
      cs0exec(0x10);
  }
  else
  {
      crypt_xfer_src = (0x00020000 | src_addr);
      crypt_xfer_dst = (0x00020000 | dst_addr);
     
      // Execute crypto script 1 time (1 for each block)
      cs0exec(0x01);
      // Ensure proper block size
      block_size = 0x10;
  }
  // fuc5 crypt cxset instruction
  // The next xfer instruction will be overridden
  // and target changes from DMA to crypto input/output stream
  if (use_imem)
    cxset(0xA1);        // Flag 0xA0 is falcon imem <-> crypto input/output stream
  else
    cxset(0x21);        // Flag 0x20 is external mem <-> crypto input/output stream
  // Transfer data into the crypto input/output stream
  xdst(crypt_xfer_src, crypt_xfer_src);
 
  // AES-CMAC only needs one more xfer instruction
  if (mode == 0x02)
  {
      // fuc5 crypt cxset instruction
      // The next xfer instruction will be overridden
      // and target changes from DMA to crypto input/output stream
      if (use_imem)
        cxset(0xA1);    // Flag 0xA0 is falcon imem <-> crypto input/output stream
      else
        cxset(0x21);    // Flag 0x20 is external mem <-> crypto input/output stream
      // Wait for all data loads/stores to finish
      xdwait();
  }
  else  // AES enc/dec needs 2 more xfer instructions
  {
      // fuc5 crypt cxset instruction
      // The next 2 xfer instructions will be overridden
      // and target changes from DMA to crypto input/output stream
      if (use_imem)
        cxset(0xA2);            // Flag 0xA0 is falcon imem <-> crypto input/output stream
      else
        cxset(0x22);            // Flag 0x20 is external mem <-> crypto input/output stream
      // Transfer data from the crypto input/output stream
      xdld(crypt_xfer_dst, crypt_xfer_dst);
      // Wait for all data loads/stores to finish
      xdwait();
      // Increase the destination address by block size
      dst_addr += block_size;
  }
 
  // Increase the source address by block size
  src_addr += block_size;
  // Decrease the source size by block size
  src_size -= block_size;
}
// AES-CMAC result is in c5
if (mode == 0x02)
{
    // This will read into dst_addr from crypto register c5
    crypt_load(0x05, dst_addr);
}
return;
== Keygen ==
This stage is decrypted by [[#KeygenLdr|KeygenLdr]] using a key generated by encrypting a seed with an hardware secret. It will generate the final TSEC key.
== Loader ==
This stage starts by authenticating and executing [[#KeygenLdr|KeygenLdr]] which in turn authenticates, decrypts and executes [[#Keygen|Keygen]] (both blobs remain unchanged from previous firmware versions).
After the TSEC key has been generated, execution returns to this stage which then parses and executes [[#Payload|Payload]].
=== Main ===
u8 key_data_buf[0x84];
u8 tmp_key_data_buf[0x84];
// Read the key data from memory
u32 key_data_addr = 0x300;
u32 key_data_size = 0x84;
read_code(key_data_buf, key_data_addr, key_data_size);
// Read the KeygenLdr blob from memory
u32 boot_base_addr = 0;
u32 blob1_addr = 0x400;
u32 blob1_size = *(u32 *)(key_data_buf + 0x74);
read_code(boot_base_addr, blob1_addr, blob1_size);
 
// Upload the next code segment into Falcon's CODE region
u32 blob1_virt_addr = 0x300;
bool use_secret = true;
upload_code(blob1_virt_addr, boot_base_addr, blob1_size, blob1_virt_addr, use_secret);
// Backup the key data
memcpy(tmp_key_data_buf, key_data_buf, 0x84);
// Save previous cauth value
u32 c_old = cauth_old;
// fuc5 crypt cauth instruction
// Set auth_addr to 0x300 and auth_size to blob1_size
cauth((blob1_size << 0x10) | (0x300 >> 0x08));
// fuc5 crypt cxset instruction
// The next 2 xfer instructions will be overridden
// and target changes from DMA to crypto
cxset(0x02);
u32 crypt_reg_flag = 0x00060000;
u32 blob1_hash_addr = tmp_key_data_buf + 0x20;
// Transfer data to crypto register c6
xdst(0, (blob1_hash_addr | crypt_reg_flag));
// Wait for all data loads/stores to finish
xdwait();
u32 key_version = 0x01;
bool is_blob_dec = false;
// Jump to KeygenLdr
u32 keygenldr_res = exec_keygenldr(tmp_key_data_buf, key_version, is_blob_dec);
// Set boot finish magic on success
if (keygenldr_res == 0)
  keygenldr_res = 0xB0B0B0B0
     
// Write result to FALCON_SCRATCH1
*(u32 *)FALCON_SCRATCH1 = keygenldr_res;
if (keygenldr_res != 0xB0B0B0B0)
  return keygenldr_res;
// fuc5 crypt cauth instruction
// Restore previous cauth value
cauth(c_old);
u8 flcn_hdr_buf[0x18];
u8 flcn_os_hdr_buf[0x10];
blob1_size = *(u32 *)(key_data_buf + 0x74);
u32 blob2_size = *(u32 *)(key_data_buf + 0x78);
u32 blob0_size = *(u32 *)(key_data_buf + 0x70);
// Read the Payload blob's Falcon header from memory
u32 blob4_flcn_hdr_addr = (((blob0_size + blob1_size) + 0x100) + blob2_size);
read_code(flcn_hdr_buf, blob4_flcn_hdr_addr, 0x18);
blob1_size = *(u32 *)(key_data_buf + 0x74);
blob2_size = *(u32 *)(key_data_buf + 0x78);
blob0_size = *(u32 *)(key_data_buf + 0x70);
u32 flcn_hdr_size = *(u32 *)(flcn_hdr_buf + 0x0C);
// Read the Payload blob's Falcon OS header from memory
u32 blob4_flcn_os_hdr_addr = ((((blob0_size + blob1_size) + 0x100) + blob2_size) + flcn_hdr_size);
read_code(flcn_os_hdr_buf, blob4_flcn_os_hdr_addr, 0x10);
blob1_size = *(u32 *)(key_data_buf + 0x74);
blob2_size = *(u32 *)(key_data_buf + 0x78);
blob0_size = *(u32 *)(key_data_buf + 0x70);
u32 flcn_code_hdr_size = *(u32 *)(flcn_hdr_buf + 0x10);
u32 flcn_os_size = *(u32 *)(flcn_os_hdr_buf + 0x04);
// Read the Payload blob's Falcon OS image from memory
u32 blob4_flcn_os_addr = ((((blob0_size + blob1_size) + 0x100) + blob2_size) + flcn_code_hdr_size);
read_code(boot_base_addr, blob4_flcn_os_hdr_addr, flcn_os_size);
// Upload the Payload's Falcon OS image boot stub code segment into Falcon's CODE region
u32 blob4_flcn_os_boot_virt_addr = 0;
u32 blob4_flcn_os_boot_size = 0x100;
use_secret = false;
upload_code(blob4_flcn_os_boot_virt_addr, boot_base_addr, blob4_flcn_os_boot_size, blob4_flcn_os_boot_virt_addr, use_secret);
flcn_os_size = *(u32 *)(flcn_os_hdr_buf + 0x04);
// Upload the Payload blob's Falcon OS encrypted image code segment into Falcon's CODE region
u32 blob4_flcn_os_img_virt_addr = 0x100;
u32 blob4_flcn_os_img_size = (flcn_os_size - 0x100);
use_secret = true;
upload_code(blob4_flcn_os_img_virt_addr, boot_base_addr + 0x100, blob4_flcn_os_img_size, blob4_flcn_os_img_virt_addr, use_secret);
// Wait for all code loads to finish
xcwait();
blob1_size = *(u32 *)(key_data_buf + 0x74);
blob2_size = *(u32 *)(key_data_buf + 0x78);
blob0_size = *(u32 *)(key_data_buf + 0x70);
flcn_code_hdr_size = *(u32 *)(flcn_hdr_buf + 0x10);
u32 flcn_os_code_size = *(u32 *)(flcn_os_hdr_buf + 0x08);
// Read the Payload blob's falcon OS image's hash from memory
u32 blob4_flcn_os_img_hash_addr = (((((blob0_size + blob1_size) + 0x100) + blob2_size) + flcn_code_hdr_size) + flcn_os_code_size);
read_code(0, blob4_flcn_os_img_hash_addr, 0x10);
// Read data segment size from IO space
u32 data_seg_size = *(u32 *)UC_CAPS;
data_seg_size >>= 0x03;
data_seg_size &= 0x3FC0;
u32 data_addr = 0x10;
// Clear all data except the first 0x10 bytes (Payload blob's Falcon OS image's hash)
for (int data_word_count = 0x04; data_word_count < data_seg_size; data_word_count++)
{
  *(u32 *)(data_addr) = 0;
  data_addr += 0x04;
}
// Clear all crypto registers
cxor(c0, c0);
cxor(c1, c1);
cxor(c2, c2);
cxor(c3, c3);
cxor(c4, c4);
cxor(c5, c5);
cxor(c6, c6);
cxor(c7, c7);
// fuc5 crypt csigclr instruction
// Clears the cauth signature
csigclr();
// Jump to Payload
exec_payload();
return 0xB0B0B0B0;
== Payload ==
This stage prepares the stack then authenticates, decrypts and executes the Payload blob's Falcon OS image.
=== Main ===
// Read data segment size from IO space
u32 data_seg_size = *(u32 *)UC_CAPS;
data_seg_size >>= 0x01;
data_seg_size &= 0xFF00;
// Set the stack pointer
*(u32 *)sp = data_seg_size;
// Jump to the Payload blob's Falcon OS image boot stub
exec_flcn_os_boot();
// Halt execution
exit();
return;
==== exec_flcn_os_boot ====
// Read the transfer base address from IO space
u32 xfer_ext_base_addr = *(u32 *)XFER_EXT_BASE;
// Copy transfer base address to data memory
u32 scratch_data_addr = 0x300;
*(u32 *)scratch_data_addr = xfer_ext_base_addr;
// Set the transfer base address
xcbase(xfer_ext_base_addr);
// fuc5 crypt cxset instruction
// The next xfer instruction will be overridden
// and target changes from DMA to crypto
cxset(0x01);
u32 crypt_reg_flag = 0x00060000;
u32 blob4_flcn_os_img_hash_addr = 0;
// Transfer data to crypto register c6
xdst(0, (blob4_flcn_os_img_hash_addr | crypt_reg_flag));
// fuc5 crypt cxset instruction
// The next xfer instruction will be overridden
// and target changes from DMA to crypto
cxset(0x01);
// Wait for all data loads/stores to finish
xdwait();
cmov(c7, c6);
cxor(c7, c7);
// fuc5 crypt cauth instruction
// Set auth_addr to 0x100, auth_size to 0x1300,
// bit 16 (is_secret) and bit 17 (is_encrypted)
cauth((0x02 << 0x10) | (0x01 << 0x10) | (0x1300 << 0x10) | (0x100 >> 0x08));
// Clear interrupt flags
*(u8 *)flags_ie0 = 0;
*(u8 *)flags_ie1 = 0;
// Jump to the Payload blob's Falcon OS image
exec_flcn_os_img();
return 0x0F0F0F0F;
== Key data ==
Small buffer stored after the [[#Boot|Boot]] blob and used across all stages.
{| class="wikitable" border="1"
!  Offset
!  Size
!  Description
|-
| 0x00
| 0x10
| Debug key (empty)
|-
| 0x10
| 0x10
| blob0 ([[#Boot|Boot]]) auth hash
|-
| 0x20
| 0x10
| blob1 ([[#KeygenLdr|KeygenLdr]]) auth hash
|-
| 0x30
| 0x10
| blob2 ([[#Keygen|Keygen]]) auth hash
|-
| 0x40
| 0x10
| blob2 ([[#Keygen|Keygen]]) AES IV
|-
| 0x50
| 0x10
| HOVI EKS seed
|-
| 0x60
| 0x10
| HOVI COMMON seed
|-
| 0x70
| 0x04
| blob0 ([[#Boot|Boot]]) size
|-
| 0x74
| 0x04
| blob1 ([[#KeygenLdr|KeygenLdr]]) size
|-
| 0x78
| 0x04
| blob2 ([[#Keygen|Keygen]]) size
|-
| 0x7C
| 0x04
| [6.2.0+] blob3 ([[#Loader|Loader]]) size
|-
| 0x80
| 0x04
| [6.2.0+] blob4 ([[#Payload|Payload]]) size
|}
|}


Retrieved from "https://switchbrew.org/wiki/TSEC"