Secure Monitor: Difference between revisions

Selver (talk | contribs)
m Fix links to CryptoUseCase (#CryptoUsecase to #enum_CryptoUsecase)
Moved config vals from SPL_services
Line 198: Line 198:
=== GetConfig ===
=== GetConfig ===
Takes a '''config_item''' and returns an associated '''config_val'''.
Takes a '''config_item''' and returns an associated '''config_val'''.
{| class="wikitable" border="1"
|-
! ConfigItem || Name
|-
| 1 || [[#DisableProgramVerification]]
|-
| 2 || [[#DramId]]
|-
| 3 || [[#SecurityEngineIrqNumber]]
|-
| 4 || [[#Version]]
|-
| 5 || [[#HardwareType]]
|-
| 6 || [[#IsRetail]]
|-
| 7 || [[#IsRecoveryBoot]]
|-
| 8 || [[#DeviceId]]
|-
| 9 || [1.0.0-4.0.0] [[#BootReason]]
|-
| 10 || [[#MemoryArrange]]
|-
| 11 || [[#IsDebugMode]]
|-
| 12 || [[#KernelMemoryConfiguration]]
|-
| 13 || [[#IsChargerHiZModeEnabled]]
|-
| 14 || [4.0.0+] [[#IsKiosk]]
|-
| 15 || [5.0.0+] [[#NewHardwareType]]
|-
| 16 || [5.0.0+] [[#NewKeyGeneration]]
|-
| 17 || [5.0.0+] [[#Package2Hash]]
|}
==== DisableProgramVerification ====
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).
==== DramId ====
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
{| class="wikitable" border="1"
|-
!  Value
!  Description
|-
|  0
|  DramId_EristaIcosaSamsung4gb
|-
|  1
|  DramId_EristaIcosaHynix4gb
|-
|  2
|  DramId_EristaIcosaMicron4gb
|-
|  3
|  Reserved
|-
|  4
|  DramId_EristaIcosaSamsung6gb
|-
|  5
|  [5.0.0+] Reserved
|-
|  6
|  [5.0.0+] Reserved
|-
|  7
|  [5.0.0+] DramId_MarikoIowax1x2Samsung4gb
|-
|  8
|  [5.0.0+] DramId_MarikoIowaSamsung4gb
|-
|  9
|  [5.0.0+] DramId_MarikoIowaSamsung8gb
|-
|  10
|  [5.0.0+] Reserved
|-
|  11
|  [5.0.0+] Reserved
|-
|  12
|  [5.0.0+] DramId_MarikoHoagSamsung4gb
|-
|  13
|  [5.0.0+] DramId_MarikoHoagSamsung8gb
|}
[[PCV_services|PCV]] configures memory profiles based on DramId.
{| class="wikitable" border="1"
|-
!  Platform
!  DramId
!  Version
|-
|  jetson-tx1
|  N/A
|  11_40800_01_V9.8.3_V1.6
|-
|  nx-abcb
|  EristaIcosaSamsung4gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
|-
|  nx-abcb
|  EristaIcosaMicron4gb
|  10_40800_NoCfgVersion_V9.8.4_V1.6
|-
|  nx-abcb
|  EristaIcosaHynix4gb
|  10_40800_NoCfgVersion_V9.8.4_V1.6
|-
|  nx-abca2
|  EristaIcosaSamsung4gb or EristaIcosaMicron4gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
|-
|  nx-abca2
|  EristaIcosaHynix4gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
|-
|  nx-abca2
|  EristaIcosaSamsung6gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
|-
|  nx-abca2
|  MarikoIowax1x2Samsung4gb
|  01_204000_NoCfgVersion_V0.3.1_V2.0
|-
|  nx-abca2
|  MarikoIowaSamsung4gb or MarikoHoagSamsung4gb
|  01_204000_NoCfgVersion_V0.3.1_V2.0
|-
|  nx-abca2
|  MarikoIowaSamsung8gb or MarikoHoagSamsung8gb
|  01_204000_NoCfgVersion_V0.4.2_V2.0
|}
nx-abcb (Copper) is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
nx-abca2 (Icosa) hardware types are variations of the retail form factor.
==== SecurityEngineIrqNumber ====
SPL uses this for setting up the security engine IRQ.
==== Version ====
The current [[Package2#Versions|Package1 Maxver Constant]] - 1.
==== HardwareType ====
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper) or 3 (Invalid).
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 3 (Mariko) or 4 (Invalid).
A value of 2 (Hoag?) is always mapped to 4 (Invalid).
==== IsRetail ====
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid).
==== IsRecoveryBoot ====
Used to determine if the system is booting from SafeMode firmware.
==== DeviceId ====
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown.
==== BootReason ====
Used to determine how the system booted.
==== MemoryArrange ====
[[Process Manager services|PM]] uses this item for selecting the appropriate size for each [[SVC#LimitableResource|LimitableResource_Memory]].
==== IsDebugMode ====
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail.
[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed.
The value of this field is loaded from [[BootConfig]] unsigned-config+0x10 u8 bit1.
==== KernelMemoryConfiguration ====
Kernel reads this when setting up memory-related code. If bit0 is set, it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. If bit17-16 is 0b01, the kernel assumes 6GB of DRAM instead of 4GB.
==== IsChargerHiZModeEnabled ====
This tells if the TI Charger (bq24192) is active.
==== NewKeyGeneration ====
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey".
==== IsKiosk ====
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.
==== NewHardwareType ====
This item is currently hardcoded to 0.
[5.0.0+] [[PCV_services|PCV]] overrides the value from [[#HardwareType|HardwareType]] and configures PMIC devices with this item.
{| class="wikitable" border="1"
|-
!  Value
!  Devices
|-
|  0
|  max77620_sd0, max77621_cpu and max77621_gpu
|-
|  1
|  max77620_sd0, max77812_cpu and max77812_gpu
|-
|  2
|  max77620_sd0, max77812_cpu and max77812_gpu
|}
==== Package2Hash ====
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.


=== GetRandomBytes ===
=== GetRandomBytes ===