Difference between revisions of "SMC"

From Nintendo Switch Brew
Jump to navigation Jump to search
m
Line 44: Line 44:
 
| 0xC3000008 || [[#LoadAesKey]] || ||
 
| 0xC3000008 || [[#LoadAesKey]] || ||
 
|-
 
|-
| 0xC3000009 || [[#DecryptAesCtr]] || ||
+
| 0xC3000009 || [[#DecryptAes]] || ||
 
|-
 
|-
 
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
 
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
Line 73: Line 73:
 
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key.
 
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key.
  
The session kek must have been created with CryptoUsecase_AesCtr.
+
The session kek must have been created with CryptoUsecase_Aes.
  
=== DecryptAesCtr ===
+
=== DecryptAes ===
Encrypts/decrypts using AesCtr.
+
Encrypts/decrypts using Aes (CTR, CBC-Encrypt, CBC-Decrypt).
  
 
Key must be set prior using one of the [[#LoadAesKey]], [[#GenerateSpecificAesKey]] or [[#LoadRsaWrappedAesKey]] commands.
 
Key must be set prior using one of the [[#LoadAesKey]], [[#GenerateSpecificAesKey]] or [[#LoadRsaWrappedAesKey]] commands.
Line 117: Line 117:
 
! Value || Name
 
! Value || Name
 
|-
 
|-
| 0 || CryptoUsecase_AesCtr
+
| 0 || CryptoUsecase_Aes
 
|-
 
|-
 
| 1 || CryptoUsecase_PrivateRsa
 
| 1 || CryptoUsecase_PrivateRsa

Revision as of 22:34, 4 October 2017

Secure Monitor Calls

The secure monitor provides two top level handlers of which each provides a range of sub handlers.

Secure Monitor Calls follow the ARM SMC calling convention up to a small change:

Bit number Bit mask Description
31 0x80000000 Set to 0 means Yielding Call; Set to 1 means Fast Call.
30 0x40000000 Set to 0 means SMC32 convention; Set to 1 means SMC64.
29-24 0x3F000000 Service Call ranges.
23-16 0x00FF0000 Must be zero.
15-8 0x0000FF00 Argument type. This is different from the ARM SMC calling convention.
7-0 0x000000FF Function number within the range call type.

If bit n is set in the argument type then parameter Xn is treated as a pointer and the kernel will setup address translation for it in svcCallSecureMonitor.

Id 0

Functions exposed to user-mode processes using svcCallSecureMonitor.

Sub-Id Name In Out
0xC3000401 SetConfig
0xC3000002 GetConfig (Same as Id 1 Sub-Id 4.)
0xC3000003 CheckStatus
0xC3000404 GetResult
0xC3000E05 ExpMod
0xC3000006 GetRandomBytes (Same as Id 1 Sub-Id 5.)
0xC3000007 #GenerateAesKek
0xC3000008 #LoadAesKey
0xC3000009 #DecryptAes
0xC300000A #GenerateSpecificAesKey
0xC300040B #ComputeCmac
0xC300100C #LoadRsaPrivateKey
0xC300100D #PrivateRsa
0xC300100E #LoadRsaPublicKey
0xC300060F #PublicRsa
0xC3000610 #UnwrapRsaEncryptedAesKey
0xC3000011 #LoadRsaWrappedAesKey
0xC3000012 [2.0.0+] GenerateRsaKek

GenerateAesKek

Takes an "access key" as input, an #CryptoUsecase.

Returns a session-unique kek for said usecase.

LoadAesKey

Takes a session kek created with #GenerateAesKek, and a wrapped AES key.

The session kek must have been created with CryptoUsecase_Aes.

DecryptAes

Encrypts/decrypts using Aes (CTR, CBC-Encrypt, CBC-Decrypt).

Key must be set prior using one of the #LoadAesKey, #GenerateSpecificAesKey or #LoadRsaWrappedAesKey commands.

GenerateSpecificAesKey

Todo: This one seems unrelated to #CryptoUsecase.

LoadRsaPrivateKey

Takes a session kek created with #GenerateAesKek, and a wrapped RSA private key.

The session kek must have been created with CryptoUsecase_PrivateRsa.

PrivateRsa

Encrypts using Rsa private key.

Key must be set prior using the #LoadRsaPrivateKey command.

LoadRsaPublicKey

Takes a session kek created with #GenerateAesKek, and a wrapped RSA public key.

The session kek must have been created with CryptoUsecase_PublicRsa.

PublicRsa

Encrypts using Rsa public key.

Key must be set prior using the #LoadRsaPublicKey command.

UnwrapRsaEncryptedAesKey

Takes a session kek created with #GenerateAesKek, and a wrapped RSA public key.

Returns a session-unique AES key especially for use in #LoadRsaWrappedAesKey.

The session kek must have been created with CryptoUsecase_RsaWrappedAesKey.

LoadRsaWrappedAesKey

Takes a session-unique AES key from #UnwrapRsaEncryptedAesKey.

enum CryptoUsecase

Value Name
0 CryptoUsecase_Aes
1 CryptoUsecase_PrivateRsa
2 CryptoUsecase_PublicRsa
3 CryptoUsecase_RsaWrappedAesKey


Id 1

Functions exposed to the kernel internally.

Sub-Id Name In Out
0xC4000001 CpuSuspend (oyasumi)
0x84000002 CpuOff
0xC4000003 CpuOn
0xC3000004 GetConfig (Same as Id 0 Sub-Id 2.)
0xC3000005 GetRandomBytes (Same as Id 0 Sub-Id 6.)
0xC3000006 Panic
0xC3000007 [2.0.0+] ProtectKernelRegion
0xC3000008 [2.0.0+] ReadWriteRegister