Changes

559 bytes added ,  19:53, 11 April 2020
no edit summary
Line 1: Line 1: −
== BootROM ==
+
= BootROM =
 
The bootrom initializes two keyslots in the hardware engine:
 
The bootrom initializes two keyslots in the hardware engine:
   Line 48: Line 48:  
   }
 
   }
 
   
 
   
== Falcon coprocessor ==
+
= Falcon coprocessor =
 
The falcon processor (TSEC) generates a special console-unique key (that will be referred to as the "tsec key").
 
The falcon processor (TSEC) generates a special console-unique key (that will be referred to as the "tsec key").
    
This is presumably using data stored in fuses that only microcode authenticated by NVidia has access to.
 
This is presumably using data stored in fuses that only microcode authenticated by NVidia has access to.
   −
== Package1ldr ==
+
= Package1ldr =
 
+
== Key table ==
=== Key table during package1ldr ===
+
[1.0.0-3.0.2] During package1ldr:
 
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 84: Line 83:  
|}
 
|}
   −
=== [1.0.0-3.0.2] Key table after package1ldr ===
+
[1.0.0-3.0.2] After package1ldr:
 
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 107: Line 105:  
|}
 
|}
   −
=== [4.0.0]+ Key table after package1ldr (Secure Monitor boot) ===
+
[4.0.0+] After package1ldr (Secure Monitor boot):
 
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 142: Line 139:  
|}
 
|}
   −
=== [4.0.0]+ Key table after package1ldr (Secure Monitor runtime) ===
+
[4.0.0+] After package1ldr (Secure Monitor runtime):
 
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 171: Line 167:  
|}
 
|}
   −
=== [6.2.0]+ Key table after package1ldr/TSEC Payload (Secure Monitor boot) ===
+
[6.2.0+] After package1ldr/TSEC Payload (Secure Monitor boot):
 
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 206: Line 201:  
|}
 
|}
   −
 
+
== Key generation ==
=== Key generation ===
   
Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption.
 
Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption.
   Line 297: Line 291:  
The key-derivation is described in more detail [[Package1#Key_generation|here]].
 
The key-derivation is described in more detail [[Package1#Key_generation|here]].
   −
==== Keyblob ====
+
=== Keyblob ===
 
There are 32 keyblobs written to NAND at factory, with each keyblob encrypted with a console-unique key derived from the console's SBK, the console's tsec key, and a constant specific to each keyblob.
 
There are 32 keyblobs written to NAND at factory, with each keyblob encrypted with a console-unique key derived from the console's SBK, the console's tsec key, and a constant specific to each keyblob.
    
Despite being encrypted with console unique keys, though, the decrypted keyblob contents are shared for all consoles.
 
Despite being encrypted with console unique keys, though, the decrypted keyblob contents are shared for all consoles.
   −
==== Seeds ====
+
Used keyblobs are as follows:
  normalseed_retail = d8a2410a...
  −
 
  −
  [1.0.0] wrapped_keyblob_key = df206f59...
  −
  [1.0.0] simpleseed_dev0  = aff11423...
  −
  [1.0.0] simpleseed_dev1  = 5e177ee1...
  −
  [1.0.0] normalseed_dev    = 0542a0fd...
  −
 
  −
  [3.0.0] wrapped_keyblob_key = 0c25615d... 
  −
  [3.0.0] simpleseed_dev0  = de00216a...
  −
  [3.0.0] simpleseed_dev1  = 2db7c0a1...
  −
  [3.0.0] normalseed_dev    = 678c5a03...
  −
 
  −
  [3.0.1] wrapped_keyblob_key = 337685ee... 
  −
  [3.0.1] simpleseed_dev0  = e045f5ba...
  −
  [3.0.1] simpleseed_dev1  = 84d92e0d...
  −
  [3.0.1] normalseed_dev    = cd88155b...
  −
 
  −
  [4.0.0] wrapped_keyblob_key = 2d1f4880...
  −
 
  −
==== Table of used keyblobs ====
      
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 357: Line 331:  
Starting from 6.2.0, key generation no longer uses keyblobs.
 
Starting from 6.2.0, key generation no longer uses keyblobs.
   −
== Secure Monitor Init ==
+
=== Seeds ===
 +
  normalseed_retail = d8a2410a...
 +
 
 +
  [1.0.0] wrapped_keyblob_key = df206f59...
 +
  [1.0.0] simpleseed_dev0  = aff11423...
 +
  [1.0.0] simpleseed_dev1  = 5e177ee1...
 +
  [1.0.0] normalseed_dev    = 0542a0fd...
 +
 
 +
  [3.0.0] wrapped_keyblob_key = 0c25615d... 
 +
  [3.0.0] simpleseed_dev0  = de00216a...
 +
  [3.0.0] simpleseed_dev1  = 2db7c0a1...
 +
  [3.0.0] normalseed_dev    = 678c5a03...
 +
 
 +
  [3.0.1] wrapped_keyblob_key = 337685ee... 
 +
  [3.0.1] simpleseed_dev0  = e045f5ba...
 +
  [3.0.1] simpleseed_dev1  = 84d92e0d...
 +
  [3.0.1] normalseed_dev    = cd88155b...
 +
 
 +
  [4.0.0] wrapped_keyblob_key = 2d1f4880...
 +
 
 +
=== Versions ===
 +
The key generation system has historically been revised several times. Each version is bound to a specific BCT public key and can be identified by its first byte as follows:
 +
 
 +
{| class="wikitable" border="1"
 +
|-
 +
! Version
 +
! BCT public key's first byte
 +
! Description
 +
|-
 +
| K1
 +
| 0x11
 +
| Erista prototype development
 +
|-
 +
| K2
 +
| 0xFB
 +
| Erista prototype development
 +
|-
 +
| K3
 +
| 0x4F
 +
| Erista prototype development
 +
|-
 +
| K4
 +
|
 +
| Erista prototype retail
 +
|-
 +
| K5
 +
| 0x37
 +
| Erista development
 +
|-
 +
| K6
 +
| 0xF7
 +
| Erista retail
 +
|-
 +
| M1
 +
| 0xDD
 +
| Mariko prototype development
 +
|-
 +
| M2
 +
| 0xC3
 +
| Mariko development
 +
|-
 +
| M3
 +
| 0x9B
 +
| Mariko retail
 +
|}
 +
 
 +
= Secure Monitor Init =
 
On all versions, the key to decrypt [[Package2]] is generated by decrypting a constant seed with the master key. The key is erased after use.   
 
On all versions, the key to decrypt [[Package2]] is generated by decrypting a constant seed with the master key. The key is erased after use.   
    
Additionally, starting from 4.0.0, the Secure Monitor init will decrypt another constant seed successively with a special per console key and a special static key passed by package1loader, to generate the firmware specific per-console key. The operation will erase these special keys passed by package1loader.  
 
Additionally, starting from 4.0.0, the Secure Monitor init will decrypt another constant seed successively with a special per console key and a special static key passed by package1loader, to generate the firmware specific per-console key. The operation will erase these special keys passed by package1loader.  
   −
== Secure Monitor ==
+
= Secure Monitor =
 
The secure monitor performs some runtime cryptographic operations. See [[SMC]] for what operations it provides.
 
The secure monitor performs some runtime cryptographic operations. See [[SMC]] for what operations it provides.