4.0.0: Difference between revisions

Line 38:

The package1 entrypoint address specified by BCT was increased by 0x20-bytes, since there's now an additional 0x20-bytes at the start of package1. The additional data is identical to the 0x20-byte block before it.

====Package1====

setKeyslotFlags (LT_4001011a)

Instead of writing ~flags directly to securityEngine->KEYSLOT_FLAGS[keyslot], this now preserves the high bits of the existing flags.

getOdmFuse4Type (LT_40010614)

This func now includes bits 16-19 in the OR'd flag used in the switch, and now returns 4 as a default invalid result instead of the low bit of [[Fuses|FUSE_SPARE_BIT_5]].

checkFuseCoherency (LT_400106e4)

This func was updated to take into account the new invalid retval for getOdmFuse4Type. C

Check that bootrom patch version was < 0x1F was removed, and patch version is still validated to be < 0x7F.

decryptAndParsePK11 (LT_40010734)

The entrypoint calculation code no longer adds *(package11Header + 0x4) to the address.

generateKeys (LT_400107a2)

setKeyslotFlags(keyslot, 0x15) is now additionally called on keyslots 14 and 15.

The code for switching key generation method depending on fuses (unit type) and last byte of PKC modulus has been removed, and replaced with a call to a single key generation function.

The code block inbetween the keyslot-config code was replaced with just a call to LT_40011264.

setKeyslotFlags(keyslot, 0xFF) is now used on keyslots 12 and 15 instead of 12 and 13.

downgradeFuseCheck (LT_400111cc)

The burnt fuse information stored in .rodata now expects 4 fuses to be burnt for retail units, instead of 3.

generateKeysFromBITAddress (LT_40011264)

Instead of calling generateKeysLegacyMethod, this now calls generateKeysFromKeyblobAndKeyseeds (the main key generation function). Legacy key generation code has been removed.

generateKeysFromKeyblobAndKeyseeds (LT_400112f0)

The function now takes in two keyseeds and sizes, previously it only took in one (keyseed, size) pair.

Keyslot 15 (SSK) is now used where keyslot 10 was used previously, and keyslot 15 is no longer cleared when keyslot 14 (SBK) is cleared.

The [[Flash_Filesystem|Keyblob]] keyseed was updated for keyblob 4.

code block following the keyblob clear code was updated:

After the decrypted keyblob is cleared, decryptDataIntoKeyslot(KEYSLOT_14, KEYSLOT_12, secondKeySeed, secondKeySeedSize) is now called before decryptDataIntoKeyslot(KEYSLOT_12, KEYSLOT_12, firstKeySeed, firstKeySeedSize).

At the end of the function, "decryptDataIntoKeyslot(KEYSLOT_13, KEYSLOT_10, perConsoleKeyseed2, 0x10); clearKeyslot(KEYSLOT_10);" has been replaced with "decryptDataIntoKeyslot(KEYSLOT_13, KEYSLOT_15, perConsoleKeyseed3, 0x10); decryptDataIntoKeyslot(KEYSLOT_15, KEYSLOT_15, perConsoleKeyseed2, 0x10);"

==Keys==

@@ Line 38: / Line 38: @@
 The package1 entrypoint address specified by BCT was increased by 0x20-bytes, since there's now an additional 0x20-bytes at the start of package1. The additional data is identical to the 0x20-byte block before it.
+====Package1====
+  setKeyslotFlags (LT_4001011a)
+  Instead of writing ~flags directly to securityEngine->KEYSLOT_FLAGS[keyslot], this now preserves the high bits of the existing flags.
+  getOdmFuse4Type (LT_40010614)
+  This func now includes bits 16-19 in the OR'd flag used in the switch, and now returns 4 as a default invalid result instead of the low bit of [[Fuses|FUSE_SPARE_BIT_5]].
+  checkFuseCoherency (LT_400106e4)
+  This func was updated to take into account the new invalid retval for getOdmFuse4Type. C
+  Check that bootrom patch version was < 0x1F was removed, and patch version is still validated to be < 0x7F.
+  decryptAndParsePK11 (LT_40010734)
+  The entrypoint calculation code no longer adds *(package11Header + 0x4) to the address.
+  generateKeys (LT_400107a2)
+  setKeyslotFlags(keyslot, 0x15) is now additionally called on keyslots 14 and 15.
+  The code for switching key generation method depending on fuses (unit type) and last byte of PKC modulus has been removed, and replaced with a call to a single key generation function.
+  The code block inbetween the keyslot-config code was replaced with just a call to LT_40011264.
+  setKeyslotFlags(keyslot, 0xFF) is now used on keyslots 12 and 15 instead of 12 and 13.
+  downgradeFuseCheck (LT_400111cc)
+  The burnt fuse information stored in .rodata now expects 4 fuses to be burnt for retail units, instead of 3.
+  generateKeysFromBITAddress (LT_40011264)
+  Instead of calling generateKeysLegacyMethod, this now calls generateKeysFromKeyblobAndKeyseeds (the main key generation function). Legacy key generation code has been removed.
+  generateKeysFromKeyblobAndKeyseeds (LT_400112f0)
+  The function now takes in two keyseeds and sizes, previously it only took in one (keyseed, size) pair.
+  Keyslot 15 (SSK) is now used where keyslot 10 was used previously, and keyslot 15 is no longer cleared when keyslot 14 (SBK) is cleared.
+  The [[Flash_Filesystem|Keyblob]] keyseed was updated for keyblob 4.
+  code block following the keyblob clear code was updated:
+  After the decrypted keyblob is cleared, decryptDataIntoKeyslot(KEYSLOT_14, KEYSLOT_12, secondKeySeed, secondKeySeedSize) is now called before decryptDataIntoKeyslot(KEYSLOT_12, KEYSLOT_12, firstKeySeed, firstKeySeedSize).
+  At the end of the function, "decryptDataIntoKeyslot(KEYSLOT_13, KEYSLOT_10, perConsoleKeyseed2, 0x10); clearKeyslot(KEYSLOT_10);" has been replaced with "decryptDataIntoKeyslot(KEYSLOT_13, KEYSLOT_15, perConsoleKeyseed3, 0x10); decryptDataIntoKeyslot(KEYSLOT_15, KEYSLOT_15, perConsoleKeyseed2, 0x10);"
 ==Keys==