Changes

88 bytes added ,  00:06, 21 October 2017
this table is way too unreadable, trying to keep complexity down
Line 57: Line 57:  
== Package1 ==
 
== Package1 ==
   −
=== Key generation ===
+
=== Key table during package1 ===
    
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 64: Line 64:  
! Name
 
! Name
 
! Set by
 
! Set by
! Cleared by
   
! Per-console
 
! Per-console
 
! Per-firmware
 
! Per-firmware
! Introduced in
  −
! Deprecated on
   
|-
 
|-
 
| 11
 
| 11
 
| Package1Key
 
| Package1Key
| [[Package1]]
   
| [[Package1]]
 
| [[Package1]]
 
| No
 
| No
 
| Yes
 
| Yes
| [[1.0.0]]
+
|-
| Never
+
| 14
 +
| SecureBootKey
 +
| Bootrom
 +
| No
 +
| No
 +
|-
 +
| 15
 +
| SecureStorageKey
 +
| Bootrom
 +
| Yes
 +
| No
 +
|}
 +
 
 +
=== [1.0.0-3.0.2] Key table after package1 ===
 +
 
 +
{| class="wikitable" border="1"
 +
|-
 +
! Keyslot
 +
! Name
 +
! Set by
 +
! Per-console
 +
! Per-firmware
 
|-
 
|-
 
| 12
 
| 12
 
| MasterKey
 
| MasterKey
 
| [[Package1]]
 
| [[Package1]]
| Forever
   
| No
 
| No
 
| Yes, on security updates
 
| Yes, on security updates
| [[1.0.0]]
  −
| Never
   
|-
 
|-
 
| 13
 
| 13
 
| PerConsoleKey
 
| PerConsoleKey
 
| [[Package1]]
 
| [[Package1]]
| Forever
   
| Yes
 
| Yes
 
| No
 
| No
| [[1.0.0]]
+
|}
| [[4.0.0]]
+
 
 +
=== [4.0.0]+ Key table after package1 ===
 +
 
 +
{| class="wikitable" border="1"
 
|-
 
|-
| 13
+
! Keyslot
| OtherPerConsoleKey
+
! Name
 +
! Set by
 +
! Per-console
 +
! Per-firmware
 +
|-
 +
| 12
 +
| MasterKey
 
| [[Package1]]
 
| [[Package1]]
| ?
  −
| Yes
   
| No
 
| No
| [[4.0.0]]
+
| Yes, on security updates
| Never
   
|-
 
|-
| 14
+
| 13
| SecureBootKey
+
| PerConsoleKey_40
| Bootrom
   
| [[Package1]]
 
| [[Package1]]
 +
| Yes
 
| No
 
| No
| No
  −
| [[1.0.0]]
  −
| Never
   
|-
 
|-
 
| 14
 
| 14
| OtherMasterKey
+
| MasterKey_40
 
| [[Package1]]
 
| [[Package1]]
| ?
   
| No
 
| No
 
| Yes, on security updates
 
| Yes, on security updates
| [[4.0.0]]
  −
| Never
  −
|-
  −
| 15
  −
| SecureStorageKey
  −
| Bootrom
  −
| [[Package1]]
  −
| Yes
  −
| No
  −
| [[1.0.0]]
  −
| Never
   
|-
 
|-
 
| 15
 
| 15
 
| PerConsoleKey
 
| PerConsoleKey
 
| [[Package1]]
 
| [[Package1]]
| Forever
   
| Yes
 
| Yes
 
| No
 
| No
| [[4.0.0]]
  −
| Never
   
|}
 
|}
 +
 +
 +
 +
=== Key generation ===
 +
    
Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption.
 
Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption.