Cryptosystem: Difference between revisions
m Undo revision 6770 by Shchmue (talk) - ("Storage" is used in all other patents and all nv code, docs and binaries Tag: Undo |
No edit summary |
||
| Line 1: | Line 1: | ||
= BootROM = | |||
The bootrom initializes two keyslots in the hardware engine: | The bootrom initializes two keyslots in the hardware engine: | ||
| Line 48: | Line 48: | ||
} | } | ||
= Falcon coprocessor = | |||
The falcon processor (TSEC) generates a special console-unique key (that will be referred to as the "tsec key"). | The falcon processor (TSEC) generates a special console-unique key (that will be referred to as the "tsec key"). | ||
This is presumably using data stored in fuses that only microcode authenticated by NVidia has access to. | This is presumably using data stored in fuses that only microcode authenticated by NVidia has access to. | ||
= Package1ldr = | |||
== Key table == | |||
[1.0.0-3.0.2] During package1ldr: | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 84: | Line 83: | ||
|} | |} | ||
[1.0.0-3.0.2] After package1ldr: | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 107: | Line 105: | ||
|} | |} | ||
[4.0.0+] After package1ldr (Secure Monitor boot): | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 142: | Line 139: | ||
|} | |} | ||
[4.0.0+] After package1ldr (Secure Monitor runtime): | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 171: | Line 167: | ||
|} | |} | ||
[6.2.0+] After package1ldr/TSEC Payload (Secure Monitor boot): | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 206: | Line 201: | ||
|} | |} | ||
== Key generation == | |||
Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption. | Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption. | ||
| Line 297: | Line 291: | ||
The key-derivation is described in more detail [[Package1#Key_generation|here]]. | The key-derivation is described in more detail [[Package1#Key_generation|here]]. | ||
=== Keyblob === | |||
There are 32 keyblobs written to NAND at factory, with each keyblob encrypted with a console-unique key derived from the console's SBK, the console's tsec key, and a constant specific to each keyblob. | There are 32 keyblobs written to NAND at factory, with each keyblob encrypted with a console-unique key derived from the console's SBK, the console's tsec key, and a constant specific to each keyblob. | ||
Despite being encrypted with console unique keys, though, the decrypted keyblob contents are shared for all consoles. | Despite being encrypted with console unique keys, though, the decrypted keyblob contents are shared for all consoles. | ||
Used keyblobs are as follows: | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
| Line 357: | Line 331: | ||
Starting from 6.2.0, key generation no longer uses keyblobs. | Starting from 6.2.0, key generation no longer uses keyblobs. | ||
== Secure Monitor Init | === Seeds === | ||
normalseed_retail = d8a2410a... | |||
[1.0.0] wrapped_keyblob_key = df206f59... | |||
[1.0.0] simpleseed_dev0 = aff11423... | |||
[1.0.0] simpleseed_dev1 = 5e177ee1... | |||
[1.0.0] normalseed_dev = 0542a0fd... | |||
[3.0.0] wrapped_keyblob_key = 0c25615d... | |||
[3.0.0] simpleseed_dev0 = de00216a... | |||
[3.0.0] simpleseed_dev1 = 2db7c0a1... | |||
[3.0.0] normalseed_dev = 678c5a03... | |||
[3.0.1] wrapped_keyblob_key = 337685ee... | |||
[3.0.1] simpleseed_dev0 = e045f5ba... | |||
[3.0.1] simpleseed_dev1 = 84d92e0d... | |||
[3.0.1] normalseed_dev = cd88155b... | |||
[4.0.0] wrapped_keyblob_key = 2d1f4880... | |||
=== Versions === | |||
The key generation system has historically been revised several times. Each version is bound to a specific BCT public key and can be identified by its first byte as follows: | |||
{| class="wikitable" border="1" | |||
|- | |||
! Version | |||
! BCT public key's first byte | |||
! Description | |||
|- | |||
| K1 | |||
| 0x11 | |||
| Erista prototype development | |||
|- | |||
| K2 | |||
| 0xFB | |||
| Erista prototype development | |||
|- | |||
| K3 | |||
| 0x4F | |||
| Erista prototype development | |||
|- | |||
| K4 | |||
| | |||
| Erista prototype retail | |||
|- | |||
| K5 | |||
| 0x37 | |||
| Erista development | |||
|- | |||
| K6 | |||
| 0xF7 | |||
| Erista retail | |||
|- | |||
| M1 | |||
| 0xDD | |||
| Mariko prototype development | |||
|- | |||
| M2 | |||
| 0xC3 | |||
| Mariko development | |||
|- | |||
| M3 | |||
| 0x9B | |||
| Mariko retail | |||
|} | |||
= Secure Monitor Init = | |||
On all versions, the key to decrypt [[Package2]] is generated by decrypting a constant seed with the master key. The key is erased after use. | On all versions, the key to decrypt [[Package2]] is generated by decrypting a constant seed with the master key. The key is erased after use. | ||
Additionally, starting from 4.0.0, the Secure Monitor init will decrypt another constant seed successively with a special per console key and a special static key passed by package1loader, to generate the firmware specific per-console key. The operation will erase these special keys passed by package1loader. | Additionally, starting from 4.0.0, the Secure Monitor init will decrypt another constant seed successively with a special per console key and a special static key passed by package1loader, to generate the firmware specific per-console key. The operation will erase these special keys passed by package1loader. | ||
= Secure Monitor = | |||
The secure monitor performs some runtime cryptographic operations. See [[SMC]] for what operations it provides. | The secure monitor performs some runtime cryptographic operations. See [[SMC]] for what operations it provides. | ||