885
edits
Changes
Jump to navigation
Jump to search
Line 18:
Line 18: − + + + + + + + + + +
→Secure Monitor: we full diff now
====Secure Monitor====
====Secure Monitor====
The Secure Monitor was updated. [details to be filled in later].
The Secure Monitor was updated:
* BootReason is now saved before security engine/warmboot firmware setup.
* The SYSCTR0 registers are now validated to contain expected values on bootup.
* generate_srk() is now called before any other security engine key derivation is done.
* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.
* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.
* The usual code changes for adding a new master key/device master key are in place.
There are zero changes to code outside of the coldboot .init section (pk2ldr).
====Kernel====
====Kernel====