8.1.0: Difference between revisions

Retrieved from "https://switchbrew.org/wiki/8.1.0"

Please enable JavaScript to pass antispam protection!
Here are the instructions how to enable JavaScript in your web browser http://www.enable-javascript.com.
Antispam by CleanTalk.

@@ Line 22: / Line 22: @@
 The Secure Monitor was updated.
-<check back later for diff>
+* The SE key read disable function no longer writes zero to AES_KEY_READ_DISABLE/RSA_KEY_READ_DISABLE.
+* Functions for locking/checking PMC secure scratch now have additional bitmasks 0x40/0x80 for locking more secure scratch registers.
+* NVDEC/TSECB access to the kernel carveout was removed.
+* On suspend (SC7 Entry), SWR_USBD_RST is now checked, and AHB arbitration disable is now checked to be COP, ARC, USB, USB2.
+** This further mitigates against Deja Vu.
+* TZ/SE context save logic has been changed.
+** The context save function now first generates 16 random bytes, and securely saves them to scratch (using the usual write-writelock-check-readlock-checklocked pattern).
+** It then generates a random aes-256 key, and derives an actual encryption/MAC key by decrypting the random data with that key.
+*** Previously, it generated a random aes-256 key and used it directly.
+*** This prevents attacks that might coerce the usage of a specific aes-256 key instead of a random one.
+** Calls into the check scratch locked/lock scratch function which previously passed one bitmask at a time now pass multiple
+*** Accordingly, the lock/check locked functions now support multiple bitmasks instead of single bitmasks at a time.
+* The function that initializes the SE/derives keys now sets flag 0x100 on AES keyslots 8-15, and RSA keyslots 0-1.
 ====Kernel====
-<check back later for diff>
+Kernel was not changed.
 ====Warmboot====
-<check back later for diff>
+* The firmware revision magic was changed from 0x129 to 0x14A.
+* Security Engine state validation was changed (first six keyslots now expected to read zeroes instead of FFs).
+* <check back for more diffs later>
 ====FIRM Sysmodules====
-FIRM sysmodules were updated. Specific diffs for a few sysmodules are below <check back later, to be updated>:
+FIRM sysmodules were updated. Specific diffs available below:
+=====[[Boot]]=====
+Only GNU build hash was updated.
+=====[[Filesystem services|FS]]=====
+Only GNU build hash was updated.
 =====[[Loader services|Loader]]=====
@@ Line 46: / Line 66: @@
 *** creport
 *** ro
+=====[[NCM services|NCM]]=====
+Only GNU build hash was updated.
+=====[[Process Manager services|PM]]=====
+Only GNU build hash was updated.
+=====[[Services_API|SM]]=====
+SM was not updated.
+=====[[SPL services|SPL]]=====
+SPL was not updated.
 ==System Titles==
+Updated titles:
+* Sysmodules:
+** settings Rebuilt.
+** bus Identical codebin.
+** bcat .text updated.
+** hid .text updated.
+** audio Identical codebin.
+** wlan .text updated.
+** nvservices Only GNU build hash was updated.
+** nvnflinger .text updated.
+** account .text updated.
+** ns .text updated.
+** am .text updated.
+** ssl Rebuilt.
+** vi .text updated.
+** es .text updated.
+** fatal .text updated.
+** creport Identical codebin.
+** ro Identical codebin.
+** grc .text updated.
+* ErrorMessage, BrowserDll, [[System_Version_Title]], FIRM, qlaunch, web-applets (main codebin rebuilt), and RebootlessSystemUpdateVersion.
 No changes with IPC service commands.
+Titles' RomFS changes, besides [[System_Version_Title]]:
+* ErrorMessage: Error 2124-4517 was updated with actual strings etc. "/2181/4017/common" and "/DatabaseInfo" were updated.
+* BrowserDll: the NROs and buildinfo were updated.
+* RebootlessSystemUpdateVersion: The "/version" file was updated.
+* qlaunch: "/lyt/Notification.szs" was updated.
+* Web-applets: "/buildinfo/buildinfo.dat" and "/.nrr/netfront.nrr" were updated.
 ==Keys==
@@ Line 57: / Line 117: @@
 System update report(s):
 * [https://yls8.mtheall.com/ninupdates/reports.php?date=06-17-19_08-05-09&sys=hac]
+{{NavboxVersions}}
+[[Category:System versions]]