Secure Monitor: Difference between revisions
No edit summary |
|||
| Line 92: | Line 92: | ||
=== ComputeAes === | === ComputeAes === | ||
Encrypts/decrypts using | Encrypts/decrypts using AES (CTR and CBC). Takes an [[#enum_CipherMode]]. | ||
Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands. | Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands. | ||
| Line 126: | Line 126: | ||
=== DecryptOrImportRsaPrivateKey === | === DecryptOrImportRsaPrivateKey === | ||
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional | This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional [[#enum_DecryptOrImportMode]]. | ||
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed. | This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed. | ||
| Line 135: | Line 135: | ||
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]]. | The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]]. | ||
[5.0.0] This function was removed | [5.0.0] This function was removed. | ||
=== SecureExpMod === | === SecureExpMod === | ||
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command. | Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command. | ||
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]]. | [5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#enum_SecureExpModMode]]. | ||
=== UnwrapTitleKey === | === UnwrapTitleKey === | ||
| Line 172: | Line 172: | ||
Note: | Note: | ||
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key. | The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key. | ||
=== enum CipherMode === | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || CipherMode_CbcEncrypt | |||
|- | |||
| 1 || CipherMode_CbcDecrypt | |||
|- | |||
| 2 || CipherMode_Ctr | |||
|} | |||
=== enum DecryptOrImportMode === | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || DecryptOrImportMode_DecryptRsaPrivateKey | |||
|- | |||
| 1 || DecryptOrImportMode_ImportLotusKey | |||
|- | |||
| 2 || DecryptOrImportMode_ImportEsKey | |||
|- | |||
| 3 || DecryptOrImportMode_ImportSslKey | |||
|- | |||
| 4 || DecryptOrImportMode_ImportDrmKey | |||
|} | |||
=== enum SecureExpModMode === | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || SecureExpModMode_Lotus | |||
|- | |||
| 1 || SecureExpModMode_Ssl | |||
|- | |||
| 2 || SecureExpModMode_Drm | |||
|} | |||
== ID 1 == | == ID 1 == | ||
| Line 187: | Line 224: | ||
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val | | 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val | ||
|- | |- | ||
| 0xC3000005 || [[# | | 0xC3000005 || [[#GenerateRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes | ||
|- | |- | ||
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result | | 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result | ||
| Line 242: | Line 279: | ||
| 14 || [4.0.0+] [[#IsKiosk]] | | 14 || [4.0.0+] [[#IsKiosk]] | ||
|- | |- | ||
| 15 || [5.0.0+] [[# | | 15 || [5.0.0+] [[#RegulatorType]] | ||
|- | |- | ||
| 16 || [5.0.0+] [[# | | 16 || [5.0.0+] [[#KeyGeneration]] | ||
|- | |- | ||
| 17 || [5.0.0+] [[#Package2Hash]] | | 17 || [5.0.0+] [[#Package2Hash]] | ||
| Line 524: | Line 561: | ||
This tells if the TI Charger (bq24192) is active. | This tells if the TI Charger (bq24192) is active. | ||
==== | ==== KeyGeneration ==== | ||
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2. | This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2. | ||
| Line 534: | Line 571: | ||
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores. | [4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores. | ||
==== | ==== RegulatorType ==== | ||
This item is currently hardcoded to 0. | This item is currently hardcoded to 0. | ||
| Line 564: | Line 601: | ||
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead. | This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead. | ||
=== | === GenerateRandomBytes === | ||
Takes a '''size''' and returns '''rand_bytes'''. | Takes a '''size''' and returns '''rand_bytes'''. | ||