8.1.0: Difference between revisions
| (5 intermediate revisions by 2 users not shown) | |||
| Line 22: | Line 22: | ||
The Secure Monitor was updated. | The Secure Monitor was updated. | ||
* The SE key read disable function no longer writes zero to AES_KEY_READ_DISABLE/RSA_KEY_READ_DISABLE. | |||
* Functions for locking/checking PMC secure scratch now have additional bitmasks 0x40/0x80 for locking more secure scratch registers. | |||
* NVDEC/TSECB access to the kernel carveout was removed. | |||
* On suspend (SC7 Entry), SWR_USBD_RST is now checked, and AHB arbitration disable is now checked to be COP, ARC, USB, USB2. | |||
** This further mitigates against Deja Vu. | |||
* TZ/SE context save logic has been changed. | |||
** The context save function now first generates 16 random bytes, and securely saves them to scratch (using the usual write-writelock-check-readlock-checklocked pattern). | |||
** It then generates a random aes-256 key, and derives an actual encryption/MAC key by decrypting the random data with that key. | |||
*** Previously, it generated a random aes-256 key and used it directly. | |||
*** This prevents attacks that might coerce the usage of a specific aes-256 key instead of a random one. | |||
** Calls into the check scratch locked/lock scratch function which previously passed one bitmask at a time now pass multiple | |||
*** Accordingly, the lock/check locked functions now support multiple bitmasks instead of single bitmasks at a time. | |||
* The function that initializes the SE/derives keys now sets flag 0x100 on AES keyslots 8-15, and RSA keyslots 0-1. | |||
====Kernel==== | ====Kernel==== | ||
| Line 68: | Line 80: | ||
==System Titles== | ==System Titles== | ||
Updated titles: | |||
* Sysmodules: | |||
** settings Rebuilt. | |||
** bus Identical codebin. | |||
** bcat .text updated. | |||
** hid .text updated. | |||
** audio Identical codebin. | |||
** wlan .text updated. | |||
** nvservices Only GNU build hash was updated. | |||
** nvnflinger .text updated. | |||
** account .text updated. | |||
** ns .text updated. | |||
** am .text updated. | |||
** ssl Rebuilt. | |||
** vi .text updated. | |||
** es .text updated. | |||
** fatal .text updated. | |||
** creport Identical codebin. | |||
** ro Identical codebin. | |||
** grc .text updated. | |||
* ErrorMessage, BrowserDll, [[System_Version_Title]], FIRM, qlaunch, web-applets (main codebin rebuilt), and RebootlessSystemUpdateVersion. | |||
No changes with IPC service commands. | No changes with IPC service commands. | ||
Titles' RomFS changes: | Titles' RomFS changes, besides [[System_Version_Title]]: | ||
* ErrorMessage: Error 2124-4517 was updated with actual strings etc. "/2181/4017/common" and "/DatabaseInfo" were updated. | |||
* BrowserDll: the NROs and buildinfo were updated. | * BrowserDll: the NROs and buildinfo were updated. | ||
* RebootlessSystemUpdateVersion: The "/version" file was updated. | |||
* qlaunch: "/lyt/Notification.szs" was updated. | |||
* Web-applets: "/buildinfo/buildinfo.dat" and "/.nrr/netfront.nrr" were updated. | |||
==Keys== | ==Keys== | ||
| Line 80: | Line 117: | ||
System update report(s): | System update report(s): | ||
* [https://yls8.mtheall.com/ninupdates/reports.php?date=06-17-19_08-05-09&sys=hac] | * [https://yls8.mtheall.com/ninupdates/reports.php?date=06-17-19_08-05-09&sys=hac] | ||
{{NavboxVersions}} | |||
[[Category:System versions]] | |||