csrng

Cmd Name
0 #GetRandomBytes

GetRandomBytes

Takes a type-6 buffer and fills it with random data.

spl:

Cmd Name Notes
0 #GetConfig wrapper for GetConfig
1 user supplied modulus and exponent
2 #GenerateAesKek wrapper for KeygenAndSealX
3 LoadAesKey wrapper for SetKeyslotFromXY
4 GenerateAesKey decrypts 0x10 bytes using AES ECB, uses SetKeyslotFromXY with a fixed Y
5 #SetConfig wrapper for SetConfig
7 GetRandom uses PrngX931
9 wrapper for ImportParamsForFWithXY
10 wrapper for ExpMod
11 #IsDevUnit
12 GenerateSpecificAesKey wrapper for KeygenA
13 #DecryptExpModParamsWithXY wrapper for DecryptExpModParamsWithXY
14 decrypts 0x10 bytes using AES ECB, uses SetKeyslotFromXY with fixed X and Y
15 DecryptAesCtr wrapper for SymmetricCrypto
16 ComputeCmac wrapper for CMAC
17 wrapper for ImportParamsFor10WithXY
18 wrapper for ExpModAndKeygenAndSealZ
19 wrapper for SetKeyslotFromZ
20 wrapper for KeygenAndSealZ
21 #UninitializeSpl
22 #InitializeSpl
23 GetSplWaitEvent

GetConfig

Takes an input word (ConfigItem), and returns a u64 with the config params.

ConfigItem Name
1 DisableProgramVerification
2 MemoryConfiguration
5 HardwareType (0=Icosa, 1=Copper)
6 IsRetail
7 IsRecoveryBoot
8 DeviceId (byte7 clear).
9 BootReason
10 MemoryArrange
11 AllowSkippingNrrSignatures. Also used by FS-sysmodule for non-RSA: when zero, bit62 in fsp-pr registration permissions are force-cleared to zero, otherwise the original is used.
13 BatteryProfile?

Output from this when used by NIM must match the set:cal DeviceId with byte7 cleared, otherwise NIM will panic.

RO checks id11, if set then skipping NRR rsa signatures is allowed.

GenerateAesKek

Takes a 16-byte seed ("BisEncryptionKeySourceForKek") and two words ("KeyGeneration" and "option") as input. KeyGeneration ranges from 0 to 2.

Same input gives same output. Output changes when system is rebooted.

SetConfig

Takes two input words, a ConfigItem and the value to set.

ConfigItem Name
13 Battery profile?

IsDevUnit

No input params.

Uses #GetConfig internally with id=6. Returns true if output from that is 0, or if the SMC returned error 2.

Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.

DecryptExpModParamsWithXY

Last SPL cmd used by SSL-sysmodule for TLS client-privk.

UninitializeSpl

Returns a single u32 (always 3?) only once.

InitializeSpl

Takes a single u32 (always 3?) only once.