spl:

Cmd	Name	Notes
0	#GetConfig	wrapper for GetConfig
1	ExpMod	user supplied modulus and exponent
2	#KeygenAndSealX	wrapper for KeygenAndSealX
3	SetKeyslotFromXY	wrapper for SetKeyslotFromXY
4	DecryptAESCBCWithX	decrypts 16 bytes, uses SetKeyslotFromXY with a fixed Y and a fixed CBC IV
5	#SetConfig	wrapper for SetConfig
7	Prng	uses PrngX931
9	ImportExpModParams	wrapper for ImportParamsForFWithXY
10	ExpMod	wrapper for ExpMod
11	#GetDevunitFlag	uses GetConfig
12	KeygenA	wrapper for KeygenA
13	#DecryptExpModParamsWithXY	wrapper for DecryptExpModParamsWithXY
14	DecryptAESCBC	decrypts 16 bytes, uses SetKeyslotFromXY with fixed X, Y and a fixed CBC IV
15	SymmetricCrypto	wrapper for SymmetricCrypto
16	CMAC	wrapper for CMAC
17	ImportExpModParams	wrapper for ImportParamsFor10WithXY
18	ExpModAndKeygenAndSealZ	wrapper for ExpModAndKeygenAndSealZ
19	SetKeyslotFromZ	wrapper for SetKeyslotFromZ
20	KeygenAndSealZ	wrapper for KeygenAndSealZ
21
22
23	GetSplWaitEvent

GetConfig

Takes an input word (ConfigItem), and returns a u64 with the config params.

ConfigItem	Name
2	MemoryConfiguration
5	HardwareType (0=Icosa, 1=Copper)
7	IsRecoveryBoot
8	DeviceId (byte7 clear).
9	BootReason
11	AllowSkippingNrrSignatures
13	BatteryProfile?

Output from this when used by NIM must match the set:cal DeviceId with byte7 cleared, otherwise NIM will panic.

RO checks id11, if set then skipping NRR rsa signatures is allowed.

Takes 16-bytes as input and two u32s. Outputs random-looking 16-bytes.

Same input gives same output. Output changes when system is rebooted.

Takes two input words, a ConfigItem and the value to set.

ConfigItem	Name
13	Battery profile?

No input params.

Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.

Last SPL cmd used by SSL-sysmodule for TLS client-privk.