Secure Monitor: Difference between revisions

← Older edit

@@ Line 1: / Line 1: @@
-= Secure Monitor Calls =
+= SMC =
 The secure monitor provides two top level handlers of which each provides a range of sub handlers.
@@ Line 204: / Line 204: @@
 | 1 || [[#DisableProgramVerification]]
 |-
-| 2 || [[#DramId]]
+| 2 || [S1] [[#DramId]]
 |-
 | 3 || [[#SecurityEngineInterruptNumber]]
 |-
-| 4 || [[#FuseVersion]]
+| 4 || [S1] [[#FuseVersion]]
 |-
 | 5 || [[#HardwareType]]
@@ Line 214: / Line 214: @@
 | 6 || [[#HardwareState]]
 |-
-| 7 || [[#IsRecoveryBoot]]
+| 7 || [S1] [[#IsRecoveryBoot]]
 |-
 | 8 || [[#DeviceId]]
@@ Line 226: / Line 226: @@
 | 12 || [[#KernelConfiguration]]
 |-
-| 13 || [[#IsChargerHiZModeEnabled]]
+| 13 || [S1] [[#IsChargerHiZModeEnabled]]
 |-
 | 14 || [4.0.0+] [[#RetailInteractiveDisplayState]]
 |-
-| 15 || [5.0.0+] [[#RegulatorType]]
+| 15 || [S1] [5.0.0+] [[#RegulatorType]]
 |-
 | 16 || [5.0.0+] [[#DeviceUniqueKeyGeneration]]
 |-
 | 17 || [5.0.0+] [[#Package2Hash]]
+|-
+| 18 || [S2]
+|-
+| 19 || [S2]
+|-
+| 256-280 || [S2] [[#Bcc]]
 |}
@@ Line 822: / Line 828: @@
 ===== Package2Hash =====
 This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
+===== Bcc =====
+This is a 0x320 bytes buffer split across 25 items of 0x20 bytes each. When put together, these form a Boot Certificate Chain (BCC) for Switch 2 remote device attestation.
+The format follows the [https://pigweed.googlesource.com/open-dice/+/HEAD/docs/specification.md Open Profile for DICE] from Google and includes the main DK_pub and the following entries (twice, likely for phases 2 and 3):
+* codeHash (empty)
+* configurationDescriptor ("Security version" set to 0)
+* authorityHash (empty)
+* mode ("Normal")
+* keyUsage ("keyCertSign")
+* subjectPublicKey (changes on reboot)
 === ShowError ===