Security Engine

Revision as of 21:05, 10 April 2018 by Hexkyz (talk | contribs)

The Nintendo Switch uses Tegra's Security Engine (SE) for handling cryptographic opearations at the system's lowest level.

The SE driver is mapped to physical address 0x70012000 with a total size of 0x2000 bytes and exposes several registers for programming the Security Engine.

Registers

Name Address
SE_OPERATION_UNK0 0x70012000
SE_OPERATION_UNK1 0x70012004
SE_OPERATION 0x70012008
SE_INT_ENABLE 0x7001200C
SE_INT_STATUS 0x70012010
SE_CONFIG 0x70012014
SE_IN_LL_ADDR 0x70012018
SE_OUT_LL_ADDR 0x70012024
SE_HASH_RESULT 0x70012030
SE_CONTEXT_SAVE_CONFIG 0x70012070
SE_SHA_CONFIG 0x70012200
SE_SHA_MSG_LENGTH 0x70012204
SE_SHA_MSG_UNK0 0x70012208
SE_SHA_MSG_UNK1 0x7001220C
SE_SHA_MSG_UNK2 0x70012210
SE_SHA_MSG_LEFT 0x70012214
SE_SHA_MSG_UNK3 0x70012218
SE_SHA_MSG_UNK4 0x7001221C
SE_SHA_MSG_UNK5 0x70012220
SE_AES_KEY_READ_DISABLE 0x70012280
SE_AES_KEYTABLE_ACCESS 0x70012284
SE_CRYPTO 0x70012304
SE_CRYPTO_CTR 0x70012308
SE_BLOCK_COUNT 0x70012318
SE_AES_KEYTABLE_ADDR 0x7001231C
SE_AES_KEYTABLE_DATA 0x70012320
SE_CRYPTO_KEYTABLE_DST 0x70012330
SE_RNG_CONFIG 0x70012340
SE_RNG_SRC_CONFIG 0x70012344
SE_RNG_RESEED_INTERVAL 0x70012348
SE_RSA_CONFIG 0x70012400
SE_RSA_KEY_SIZE 0x70012404
SE_RSA_EXP_SIZE 0x70012408
SE_RSA_KEY_READ_DISABLE 0x7001240C
SE_RSA_KEYTABLE_ACCESS 0x70012410
SE_RSA_KEYTABLE_ADDR 0x70012420
SE_RSA_KEYTABLE_DATA 0x70012424
SE_RSA_OUTPUT 0x70012428
SE_STATUS_FLAGS 0x70012800
SE_ERR_STATUS 0x70012804
SE_SPARE_0 0x7001280C