TSEC: Difference between revisions - Nintendo Switch Brew

Line 3,305:

! Description

|-

| 0-1

| 0

| ~~TSEC_FALCON_SCTL_SEC_MODE~~

| TSEC_FALCON_SCTL_LSMODE

~~0: Non~~-~~secure~~

|-

1~~: Light Secure~~

| 1

~~2: Heavy Secure~~

| TSEC_FALCON_SCTL_HSMODE

|-

| 4-5

| ~~Previous security mode~~

| Unknown

~~0: Non-secure~~

~~1: Light Secure~~

~~2: Heavy Secure~~

|-

| 12-13

Line 3,860:

Line 3,857:

0x14: cenc (fuc5 opcode 0xD0)

0x15: cdec (fuc5 opcode 0xD4)

0x16: ~~csigauth~~ (fuc5 opcode 0xD8)

0x16: csigcmp (fuc5 opcode 0xD8)

0x17: csigenc (fuc5 opcode 0xDC)

0x18: csigclr (fuc5 opcode 0xE0)

Line 4,148:

Line 4,145:

|-

| 16

| Forbidden signature operation (csigenc, csigclr ~~or csigauth~~ in NS mode)

| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)

|-

| 20

| Invalid signature operation (~~csigauth~~ in HS mode)

| Invalid signature operation (csigcmp in HS mode)

|-

| 24

Line 4,982:

Line 4,979:

==== Implementation ====

Under certain circumstances, it is possible to observe [[#~~sigauth~~|~~sigauth~~]] being briefly written to [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] as "~~csigauth~~ $c4 $c6" while the opcodes in [[#TSEC_SCP_STAT2|TSEC_SCP_STAT2]] are set to "cxsin" and "~~csigauth~~", respectively.

Under certain circumstances, it is possible to observe [[#sigcmp|sigcmp]] being briefly written to [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] as "csigcmp $c4 $c6" while the opcodes in [[#TSEC_SCP_STAT2|TSEC_SCP_STAT2]] are set to "cxsin" and "csigcmp", respectively.

Via [[#TSEC_SCP_DBG0|TSEC_SCP_DBG0]] it can be observed that a 3-sized macro sequence is loaded into cs0 during a secure mode transition.

Line 5,039:

Line 5,036:

| 0x15 || dec || $cX || $cY || <code>$cX = aes_dec(active_key_idx, $cY); ACL(X) = ACL(active_key_idx) & ACL(Y);</code> ||

|-

| 0x16 || [[#~~sigauth~~|~~sigauth~~]] || $cX || $cY || <code>if (hash_verify($cX, $cY)) { has_sig = true; current_sig = $cX; }</code> || ?

| 0x16 || [[#sigcmp|sigcmp]] || $cX || $cY || <code>if (hash_verify($cX, $cY)) { has_sig = true; current_sig = $cX; }</code> || ?

|-

| 0x17 || [[#sigclr|sigclr]] || N/A || N/A || <code>has_sig = false;</code> ||

Line 5,046:

Line 5,043:

|}

==== ~~sigauth~~ ====

==== sigcmp ====

<code>00000000: f5 3c XY d8 ~~csigauth~~ $cY $cX</code>

<code>00000000: f5 3c XY d8 csigcmp $cY $cX</code>

Takes 2 crypto registers as operands and is automatically executed when jumping to a code region previously uploaded as secret. This instruction does not work in secure mode.

@@ Line 3,305: / Line 3,305: @@
 !  Description
 |-
-| 0-1
+| 0
-| TSEC_FALCON_SCTL_SEC_MODE
+| TSEC_FALCON_SCTL_LSMODE
-: Non-secure
+|-
-: Light Secure
+| 1
-: Heavy Secure
+| TSEC_FALCON_SCTL_HSMODE
 |-
 | 4-5
-| Previous security mode
+| Unknown
-: Non-secure
-: Light Secure
-: Heavy Secure
 |-
 | 12-13
@@ Line 3,860: / Line 3,857: @@
 x14: cenc (fuc5 opcode 0xD0)
 x15: cdec (fuc5 opcode 0xD4)
-x16: csigauth (fuc5 opcode 0xD8)
+x16: csigcmp (fuc5 opcode 0xD8)
 x17: csigenc (fuc5 opcode 0xDC)
 x18: csigclr (fuc5 opcode 0xE0)
@@ Line 4,148: / Line 4,145: @@
 |-
 | 16
-| Forbidden signature operation (csigenc, csigclr or csigauth in NS mode)
+| Forbidden signature operation (csigcmp, csigenc or csigclr in NS mode)
 |-
 | 20
-| Invalid signature operation (csigauth in HS mode)
+| Invalid signature operation (csigcmp in HS mode)
 |-
 | 24
@@ Line 4,982: / Line 4,979: @@
 ==== Implementation ====
-Under certain circumstances, it is possible to observe [[#sigauth|sigauth]] being briefly written to [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] as "csigauth $c4 $c6" while the opcodes in [[#TSEC_SCP_STAT2|TSEC_SCP_STAT2]] are set to "cxsin" and "csigauth", respectively.
+Under certain circumstances, it is possible to observe [[#sigcmp|sigcmp]] being briefly written to [[#TSEC_SCP_CMD|TSEC_SCP_CMD]] as "csigcmp $c4 $c6" while the opcodes in [[#TSEC_SCP_STAT2|TSEC_SCP_STAT2]] are set to "cxsin" and "csigcmp", respectively.
 Via [[#TSEC_SCP_DBG0|TSEC_SCP_DBG0]] it can be observed that a 3-sized macro sequence is loaded into cs0 during a secure mode transition.
@@ Line 5,039: / Line 5,036: @@
 | 0x15 || dec || $cX || $cY || <code>$cX = aes_dec(active_key_idx, $cY); ACL(X) = ACL(active_key_idx) & ACL(Y);</code> ||
 |-
-| 0x16 || [[#sigauth|sigauth]] || $cX || $cY || <code>if (hash_verify($cX, $cY)) { has_sig = true; current_sig = $cX; }</code> || ?
+| 0x16 || [[#sigcmp|sigcmp]] || $cX || $cY || <code>if (hash_verify($cX, $cY)) { has_sig = true; current_sig = $cX; }</code> || ?
 |-
 | 0x17 || [[#sigclr|sigclr]] || N/A || N/A || <code>has_sig = false;</code> ||
@@ Line 5,046: / Line 5,043: @@
 |}
-==== sigauth ====
+==== sigcmp ====
-<code>00000000: f5 3c XY d8     csigauth $cY $cX</code>
+<code>00000000: f5 3c XY d8     csigcmp $cY $cX</code>
 Takes 2 crypto registers as operands and is automatically executed when jumping to a code region previously uploaded as secret. This instruction does not work in secure mode.