Nintendo Switch Brew

TSEC: Difference between revisions

← Older editNewer edit →
No edit summary
Line 652: Line 652:
| 0x04
| 0x04
|-
|-
| TSEC_SCP_CTL_SCP
| [[#TSEC_SCP_CTL_SCP|TSEC_SCP_CTL_SCP]]
| 0x54501414
| 0x54501414
| 0x04
| 0x04
Line 660: Line 660:
| 0x04
| 0x04
|-
|-
| TSEC_SCP_CTL_DBG
| [[#TSEC_SCP_CTL_DBG|TSEC_SCP_CTL_DBG]]
| 0x5450141C
| 0x5450141C
| 0x04
| 0x04
Line 696: Line 696:
| 0x04
| 0x04
|-
|-
| TSEC_SCP_RND_STAT1
| [[#TSEC_SCP_RND_STAT1|TSEC_SCP_RND_STAT1]]
| 0x54501474
| 0x54501474
| 0x04
| 0x04
Line 712: Line 712:
| 0x04
| 0x04
|-
|-
| TSEC_SCP_SEC_ERR
| [[#TSEC_SCP_SEC_ERR|TSEC_SCP_SEC_ERR]]
| 0x54501494
| 0x54501494
| 0x04
| 0x04
Line 2,429: Line 2,429:
|-
|-
| 4-5
| 4-5
| TSEC_FALCON_SCTL_OLD_SEC_MODE
| Previous security mode
  0: Non-secure
  0: Non-secure
  1: Light Secure
  1: Light Secure
Line 2,597: Line 2,597:
!  Description
!  Description
|-
|-
| 20
| 10
| Enable the [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register
| Enable the LOAD interface
|-
|-
| 16
| 12
| Enable the SEQ controller
| Enable the STORE interface
|-
|-
| 14
| 14
| Enable the CMD interface
| Enable the CMD interface
|-
|-
| 12
| 16
| Enable the STORE interface
| Enable the SEQ controller
|-
|-
| 10
| 20
| Enable the LOAD interface
| Enable the [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register
|}
|}


Line 2,619: Line 2,619:
|-
|-
| 0
| 0
| Flush SEQ controller
| Flush the SEQ controller
|-
| 8
| Unknown
|-
|-
| 11
| 11
Line 2,626: Line 2,629:
| 12
| 12
| Enable the RND controller
| Enable the RND controller
|}
=== TSEC_SCP_CFG ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
|-
| 16-31
| 16
| Timeout value
| Enable LOAD interface dummy mode (all reads return 0)
|-
| 20
| Enable LOAD interface bypassing (all reads are dropped)
|-
| 24
| Enable STORE interface bypassing (all writes are dropped)
|}
|}


Line 2,653: Line 2,656:
| 0
| 0
| Enable lockdown mode
| Enable lockdown mode
|-
| 1
| Unknown
|-
| 2
| Unknown
|-
| 3
| Unknown
|-
|-
| 4
| 4
| Lock SCP and RND
| Lock the SCP
|-
| 5
| Unknown
|-
| 6
| Unknown
|-
| 7
| Unknown
|}
|}


Controls lockdown mode and can only be cleared in Heavy Secure mode.
Controls lockdown mode and can only be cleared in Heavy Secure mode.


=== TSEC_SCP_CTL_PKEY ===
=== TSEC_SCP_CFG ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
Line 2,666: Line 2,687:
|-
|-
| 0
| 0
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
| Unknown
|-
|-
| 1
| 1
| TSEC_SCP_CTL_PKEY_LOADED
| Unknown
|}
 
=== TSEC_SCP_DBG0 ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
|-
| 0-3
| 2
| Index
| Unknown
|-
| 3
| Unknown
|-
|-
| 4
| 4
| Automatic increment
| Unknown
|-
| 8
| Flush the CMD interface
|-
|-
| 5-6
| 12-13
| Target
| Carry chain size
  0: None
  0: 32 bits
  1: Unknown
  1: 64 bits
  2: Unknown
  2: 96 bits
  3: SEQ
  3: 128 bits
|-
|-
| 8-12
| 16-31
| SEQ size
| Timeout value
|}
|}


Used for debugging crypto controllers such as the SEQ (crypto sequence).
=== TSEC_SCP_CTL_SCP ===
 
=== TSEC_SCP_DBG1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
!  Description
!  Description
|-
|-
| 0-3
| 0
| SEQ instruction's first operand
| Swap SCP master
|-
|-
| 4-9
| 1
| SEQ instruction's second operand
| Current SCP master
|-
0: Falcon
| 10-14
1: External
| SEQ instruction's opcode
|}
|}


Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ controller.
=== TSEC_SCP_CTL_PKEY ===
 
=== TSEC_SCP_DBG2 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
!  Description
!  Description
|-
|-
| 0-1
| 0
| SEQ state
| TSEC_SCP_CTL_PKEY_REQUEST_RELOAD
  0: Idle
|-
1: Recording is active (cs0begin/cs1begin)
| 1
| TSEC_SCP_CTL_PKEY_LOADED
|}
 
=== TSEC_SCP_CTL_DBG ===
{| class="wikitable" border="1"
!  Bits
! Description
|-
| 0
| Unknown
|-
| 4
| Unknown
|-
|-
| 4-7
| 8
| Number of SEQ instructions left
| Unknown
|-
|-
| 12-15
| 12
| Active crypto key register
| Unknown
|}
|}


Used for retrieving additional debug data associated with the SEQ controller.
=== TSEC_SCP_DBG0 ===
 
=== TSEC_SCP_CMD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
Line 2,738: Line 2,765:
|-
|-
| 0-3
| 0-3
| Destination register
| Index
|-
|-
| 8-13
| 4
| Source register or immediate value
| Automatic increment
|-
| 5-6
| Target
0: None
1: STORE
2: LOAD
3: SEQ
|-
| 8-12
| SEQ size
|-
| 13-16
| Unknown
|-
| 17
| SEQ instruction is valid
|-
| 18
| SEQ controller is running in HS mode
|-
| 19-22
| LOAD size
|-
|-
| 20-24
| 23
| Command opcode
| LOAD instruction is valid
0x0:  nop (fuc5 opcode 0x00)
|-
0x1:  cmov (fuc5 opcode 0x84)
| 24
0x2:  cxsin (fuc5 opcode 0x88) or xdst (with cxset)
| LOAD interface is running in HS mode
0x3:  cxsout (fuc5 opcode 0x8C) or xdld (with cxset)
|-
0x4:  crnd (fuc5 opcode 0x90)
| 25-26
0x5:  cs0begin (fuc5 opcode 0x94)
| STORE size
0x6:  cs0exec (fuc5 opcode 0x98)
0x7:  cs1begin (fuc5 opcode 0x9C)
0x8:  cs1exec (fuc5 opcode 0xA0)
0x9:  invalid (fuc5 opcode 0xA4)
0xA:  cchmod (fuc5 opcode 0xA8)
0xB:  cxor (fuc5 opcode 0xAC)
0xC:  cadd (fuc5 opcode 0xB0)
0xD:  cand (fuc5 opcode 0xB4)
0xE:  crev (fuc5 opcode 0xB8)
0xF:  cprecmac (fuc5 opcode 0xBC)
0x10: csecret (fuc5 opcode 0xC0)
0x11: ckeyreg (fuc5 opcode 0xC4)
0x12: ckexp (fuc5 opcode 0xC8)
0x13: ckrexp (fuc5 opcode 0xCC)
0x14: cenc (fuc5 opcode 0xD0)
0x15: cdec (fuc5 opcode 0xD4)
0x16: csigauth (fuc5 opcode 0xD8)
0x17: csigenc (fuc5 opcode 0xDC)
0x18: csigclr (fuc5 opcode 0xE0)
|-
|-
| 28
| 30
| Set if the command is valid
| STORE instruction is valid
|-
|-
| 31
| 31
| Set if running in HS mode
| STORE interface is running in HS mode
|}
|}


Contains information on the last crypto command executed.
Used for debugging crypto controllers such as the SEQ (crypto sequence).


=== TSEC_SCP_STAT0 ===
=== TSEC_SCP_DBG1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
!  Description
!  Description
|-
|-
| 0
| 0-3
| SCP is active
| SEQ instruction's first operand
|-
|-
| 2
| 4-9
| CMD interface is active
| SEQ instruction's second operand
|-
|-
| 6
| 10-14
| SEQ controller is active
| SEQ instruction's opcode
|-
| 14
| AES controller is active
|-
| 16
| RND controller is active
|}
|}


Contains the status of the crypto controllers and interfaces.
Used for retrieving debug data. Contains information on the last crypto sequence created when debugging the SEQ controller.


=== TSEC_SCP_STAT1 ===
=== TSEC_SCP_DBG2 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
Line 2,809: Line 2,833:
|-
|-
| 0-1
| 0-1
| Signature comparison result
| SEQ controller's state
  0: None
  0: Idle
  1: Running
  1: Recording is active (cs0begin/cs1begin)
2: Failed
|-
3: Succeeded
| 4-7
| Number of SEQ instructions left
|-
| 12-15
| Active crypto key register
|}
|}


Contains the status of the last authentication attempt.
Used for retrieving additional debug data associated with the SEQ controller.


=== TSEC_SCP_STAT2 ===
=== TSEC_SCP_CMD ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
!  Description
!  Description
|-
|-
| 0-4
| 0-3
| Current SEQ opcode
| Destination register
|-
|-
| 5-9
| 8-13
| Current CMD opcode
| Source register or immediate value
|-
|-
| 10-14
| 20-24
| Pending CMD opcode
| Command opcode
0x0:  nop (fuc5 opcode 0x00)
0x1:  cmov (fuc5 opcode 0x84)
0x2:  cxsin (fuc5 opcode 0x88) or xdst (with cxset)
0x3:  cxsout (fuc5 opcode 0x8C) or xdld (with cxset)
0x4:  crnd (fuc5 opcode 0x90)
0x5:  cs0begin (fuc5 opcode 0x94)
0x6:  cs0exec (fuc5 opcode 0x98)
0x7:  cs1begin (fuc5 opcode 0x9C)
0x8:  cs1exec (fuc5 opcode 0xA0)
0x9:  invalid (fuc5 opcode 0xA4)
0xA:  cchmod (fuc5 opcode 0xA8)
0xB:  cxor (fuc5 opcode 0xAC)
0xC:  cadd (fuc5 opcode 0xB0)
0xD:  cand (fuc5 opcode 0xB4)
0xE:  crev (fuc5 opcode 0xB8)
0xF:  cprecmac (fuc5 opcode 0xBC)
0x10: csecret (fuc5 opcode 0xC0)
0x11: ckeyreg (fuc5 opcode 0xC4)
0x12: ckexp (fuc5 opcode 0xC8)
0x13: ckrexp (fuc5 opcode 0xCC)
0x14: cenc (fuc5 opcode 0xD0)
0x15: cdec (fuc5 opcode 0xD4)
0x16: csigauth (fuc5 opcode 0xD8)
0x17: csigenc (fuc5 opcode 0xDC)
0x18: csigclr (fuc5 opcode 0xE0)
|-
|-
| 15-16
| 28
| AES operation
| CMD instruction is valid
0: Encryption
1: Decryption
2: Key expansion
3: Key reverse expansion
|-
|-
| 25
| 31
| STORE operation is stalled
| CMD interface is running in HS mode
|-
| 26
| LOAD operation is stalled
|-
| 27
| RND operation is stalled
|-
| 29
| AES operation is stalled
|}
|}


Contains the status of crypto operations.
Contains information on the last crypto command executed.


=== TSEC_SCP_RND_STAT0 ===
=== TSEC_SCP_STAT0 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
Line 2,860: Line 2,900:
|-
|-
| 0
| 0
| RND is ready
| SCP is active
|}
 
Contains the status of the RND controller.
 
=== TSEC_SCP_IRQSTAT ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
|-
| 0
| 2
| RND ready
| CMD interface is active
|-
|-
| 8
| 4
| ACL error
| STORE interface is active
|-
|-
| 12
| 6
| SEC error
| SEQ controller is active
|-
|-
| 16
| 8
| CMD error
| [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] register is enabled
|-
|-
| 20
| 10
| Single step
| LOAD interface is active
|-
|-
| 24
| 14
| RND called
| AES controller is active
|-
|-
| 28
| 16
| Timeout
| RND controller is active
|}
|}


Used for getting the status of crypto IRQs.
Contains the status of the crypto controllers and interfaces.


=== TSEC_SCP_IRQMASK ===
=== TSEC_SCP_STAT1 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits
!  Description
!  Description
|-
|-
| 0
| 0-1
| RND ready
| Signature comparison result
0: None
1: Running
2: Failed
3: Succeeded
|-
| 4
| LOAD interface is running in HS mode
|-
| 6
| LOAD interface is ready
|-
|-
| 8
| 8
| ACL error
| STORE interface is running in HS mode
|-
| 10
| STORE interface received a valid instruction
|-
| 12
| CMD interface is running in HS mode
|-
| 14
| CMD interface received a valid instruction
|}
 
Contains the status of the last authentication attempt and other miscellaneous statuses.
 
=== TSEC_SCP_STAT2 ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0-4
| Current SEQ opcode
|-
| 5-9
| Current CMD opcode
|-
| 10-14
| Pending CMD opcode
|-
| 15-16
| AES operation
0: Encryption
1: Decryption
2: Key expansion
3: Key reverse expansion
|-
|-
| 12
| 24
| SEC error
| Unknown
|-
|-
| 16
| 25
| CMD error
| STORE operation is stalled
|-
|-
| 20
| 26
| Single step
| LOAD operation is stalled
|-
|-
| 24
| 27
| RND called
| RND operation is stalled
|-
|-
| 28
| 28
| Timeout
| Unknown
|}
|-
 
| 29
Used for getting the value of the mask for crypto IRQs.
| AES operation is stalled
 
|}
=== TSEC_SCP_ACL_ERR ===
 
{| class="wikitable" border="1"
Contains the status of crypto operations.
!  Bits
 
!  Description
=== TSEC_SCP_RND_STAT0 ===
|-
{| class="wikitable" border="1"
| 0
!  Bits
| Writing to a crypto register without the correct ACL
!  Description
|-
|-
| 4
| 0
| Reading from a crypto register without the correct ACL
| RND controller is ready
|-
|-
| 8
| 4-7
| Invalid ACL change (cchmod)
| Unknown
|-
| 8-11
| Unknown
|-
| 16
| Unknown
|-
| 20
| Unknown
|}
 
=== TSEC_SCP_RND_STAT1 ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0-15
| Unknown
|-
| 16-31
| Unknown
|}
 
=== TSEC_SCP_IRQSTAT ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0
| RND ready
|-
| 8
| ACL error
|-
| 12
| SEC error
|-
| 16
| CMD error
|-
| 20
| Single step
|-
| 24
| RND operation
|-
| 28
| Timeout
|}
 
Used for getting the status of crypto IRQs.
 
=== TSEC_SCP_IRQMASK ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0
| RND ready
|-
| 8
| ACL error
|-
| 12
| SEC error
|-
| 16
| CMD error
|-
| 20
| Single step
|-
| 24
| RND operation
|-
| 28
| Timeout
|}
 
Used for getting the value of the mask for crypto IRQs.
 
=== TSEC_SCP_ACL_ERR ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0
| Writing to a crypto register without the correct ACL
|-
| 4
| Reading from a crypto register without the correct ACL
|-
| 8
| Invalid ACL change (cchmod)
|-
| 31
| ACL error occurred
|}
 
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.
 
=== TSEC_SCP_SEC_ERR ===
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0
| Unknown
|-
| 1-2
| Unknown
|-
| 4
| Unknown
|-
| 5-6
| Unknown
|-
| 16
| Unknown
|-
| 17-18
| Unknown
|-
| 20
| Unknown
|-
| 21-22
| Unknown
|-
| 24
| Unknown
|-
| 25-26
| Unknown
|-
|-
| 31
| 31
| ACL error occurred
| SEC error occurred
|}
|}
Contains information on errors generated by the [[#TSEC_SCP_IRQSTAT|ACL error]] IRQ.


=== TSEC_SCP_CMD_ERR ===
=== TSEC_SCP_CMD_ERR ===
Line 2,961: Line 3,169:
|-
|-
| 16
| 16
| Insecure signature (csigenc, csigclr or csigauth)
| Forbidden signature operation (csigenc, csigclr or csigauth in NS mode)
|-
|-
| 20
| 20
| Invalid signature (csigauth in HS mode)
| Invalid signature operation (csigauth in HS mode)
|-
|-
| 24
| 24
Retrieved from "https://switchbrew.org/wiki/TSEC"