Security Engine
The Nintendo Switch uses Tegra's Security Engine (SE) for handling cryptographic opearations at the system's lowest level.
The SE driver is mapped to physical address 0x70012000 with a total size of 0x2000 bytes and exposes several registers for programming the Security Engine.
Registers
| Name | Address |
|---|---|
| SE_OPERATION_UNK0 | 0x70012000 |
| SE_OPERATION_UNK1 | 0x70012004 |
| SE_OPERATION | 0x70012008 |
| SE_INT_ENABLE | 0x7001200C |
| SE_INT_STATUS | 0x70012010 |
| SE_CONFIG | 0x70012014 |
| SE_IN_LL_ADDR | 0x70012018 |
| SE_OUT_LL_ADDR | 0x70012024 |
| SE_HASH_RESULT | 0x70012030 |
| SE_CONTEXT_SAVE_CONFIG | 0x70012070 |
| SE_SHA_CONFIG | 0x70012200 |
| SE_SHA_MSG_LENGTH | 0x70012204 |
| SE_SHA_MSG_UNK0 | 0x70012208 |
| SE_SHA_MSG_UNK1 | 0x7001220C |
| SE_SHA_MSG_UNK2 | 0x70012210 |
| SE_SHA_MSG_LEFT | 0x70012214 |
| SE_SHA_MSG_UNK3 | 0x70012218 |
| SE_SHA_MSG_UNK4 | 0x7001221C |
| SE_SHA_MSG_UNK5 | 0x70012220 |
| SE_AES_KEY_READ_DISABLE | 0x70012280 |
| SE_AES_KEYTABLE_ACCESS | 0x70012284 |
| SE_CRYPTO | 0x70012304 |
| SE_CRYPTO_CTR | 0x70012308 |
| SE_BLOCK_COUNT | 0x70012318 |
| SE_AES_KEYTABLE_ADDR | 0x7001231C |
| SE_AES_KEYTABLE_DATA | 0x70012320 |
| SE_CRYPTO_KEYTABLE_DST | 0x70012330 |
| SE_RNG_CONFIG | 0x70012340 |
| SE_RNG_SRC_CONFIG | 0x70012344 |
| SE_RNG_RESEED_INTERVAL | 0x70012348 |
| SE_RSA_CONFIG | 0x70012400 |
| SE_RSA_KEY_SIZE | 0x70012404 |
| SE_RSA_EXP_SIZE | 0x70012408 |
| SE_RSA_KEY_READ_DISABLE | 0x7001240C |
| SE_RSA_KEYTABLE_ACCESS | 0x70012410 |
| SE_RSA_KEYTABLE_ADDR | 0x70012420 |
| SE_RSA_KEYTABLE_DATA | 0x70012424 |
| SE_RSA_OUTPUT | 0x70012428 |
| SE_STATUS_FLAGS | 0x70012800 |
| SE_ERR_STATUS | 0x70012804 |
| SE_SPARE_0 | 0x7001280C |