Secure Monitor: Difference between revisions
No edit summary |
|||
(20 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
= Secure Monitor | = Secure Monitor calls = | ||
The secure monitor provides two top level handlers of which each provides a range of sub handlers. | The secure monitor provides two top level handlers of which each provides a range of sub handlers. | ||
Secure Monitor | Secure Monitor calls follow the ARM SMC calling convention up to a small change: | ||
{| class=wikitable | {| class=wikitable | ||
! Bit number || Bit mask || Description | ! Bit number || Bit mask || Description | ||
Line 24: | Line 23: | ||
SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call. | SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call. | ||
== | == FunctionId0 == | ||
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. SMCs should be called from CPUID 3 (where SPL runs). | Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. SMCs should be called from CPUID 3 (where SPL runs). | ||
{| class=wikitable | {| class=wikitable | ||
! | ! Value || Name | ||
|- | |- | ||
| 0xC3000401 || SetConfig | | 0xC3000401 || SetConfig | ||
|- | |- | ||
| 0xC3000002 || GetConfig ( | | 0xC3000002 || [[#GetConfig]] (same as in [[#FunctionId1]]) | ||
|- | |- | ||
| 0xC3000003 || | | 0xC3000003 || GetResult | ||
|- | |- | ||
| 0xC3000404 || | | 0xC3000404 || GetResultData | ||
|- | |- | ||
| 0xC3000E05 || ExpMod | | 0xC3000E05 || ExpMod | ||
|- | |- | ||
| 0xC3000006 || | | 0xC3000006 || [[#GenerateRandomBytes]] (same as in [[#FunctionId1]]) | ||
|- | |- | ||
| 0xC3000007 || [[#GenerateAesKek]] | | 0xC3000007 || [[#GenerateAesKek]] | ||
|- | |- | ||
| 0xC3000008 || [[#LoadAesKey]] | | 0xC3000008 || [[#LoadAesKey]] | ||
|- | |- | ||
| 0xC3000009 || [[# | | 0xC3000009 || [[#ComputeAes]] | ||
|- | |- | ||
| 0xC300000A || [[#GenerateSpecificAesKey]] | | 0xC300000A || [[#GenerateSpecificAesKey]] | ||
|- | |- | ||
| 0xC300040B || [[#ComputeCmac]] | | 0xC300040B || [[#ComputeCmac]] | ||
|- | |- | ||
| [1.0.0-4.1.0] 0xC300100C || [[# | | [1.0.0-4.1.0] 0xC300100C || [[#ImportEsKey]] | ||
|- | |- | ||
| [5.0.0+] 0xC300D60C || [[# | | [5.0.0+] 0xC300D60C || [[#ReEncryptRsaPrivateKey]] | ||
|- | |- | ||
| [1.0.0-4.1.0] 0xC300100D || [[#DecryptRsaPrivateKey]] | | [1.0.0-4.1.0] 0xC300100D || [[#DecryptRsaPrivateKey]] | ||
|- | |- | ||
| [5.0.0] 0xC300100D || [[# | | [5.0.0+] 0xC300100D || [[#DecryptOrImportRsaPrivateKey]] | ||
|- | |- | ||
| [1.0.0-4.1.0] 0xC300100E || [[# | | [1.0.0-4.1.0] 0xC300100E || [[#ImportLotusKey]] | ||
|- | |- | ||
| 0xC300060F || [[# | | 0xC300060F || [[#StorageExpMod]] | ||
|- | |- | ||
| 0xC3000610 || [[# | | 0xC3000610 || [[#UnwrapTitleKey]] | ||
|- | |- | ||
| 0xC3000011 || [[#LoadTitleKey]] | | 0xC3000011 || [[#LoadTitleKey]] | ||
|- | |- | ||
| 0xC3000012 || [2.0.0+] | | 0xC3000012 || [2.0.0+] [[#UnwrapCommonTitleKey]] | ||
|} | |} | ||
Line 80: | Line 79: | ||
** This means: Plaintext kek keys never leave TrustZone. | ** This means: Plaintext kek keys never leave TrustZone. | ||
** Further, this means: Actual AES/RSA keys never leave TrustZone. | ** Further, this means: Actual AES/RSA keys never leave TrustZone. | ||
=== GenerateAesKek === | === GenerateAesKek === | ||
Takes an "access key" as input, an [[# | Takes an "access key" as input, an [[#CryptoUsecase]]. | ||
Returns a session-unique kek for said usecase. | Returns a session-unique kek for said usecase. | ||
Line 92: | Line 88: | ||
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key. | Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase Aes]]. | ||
=== | === ComputeAes === | ||
Encrypts/decrypts using | Encrypts/decrypts using AES (CTR and CBC). Takes an [[#CipherMode]]. | ||
Key must be set prior using one of the [[#LoadAesKey]] | Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands. | ||
=== GenerateSpecificAesKey === | === GenerateSpecificAesKey === | ||
Takes a wrapped AES key and decrypts it using static data. | |||
=== | === ComputeCmac === | ||
Calculates CMAC over input data. | |||
=== ImportEsKey === | |||
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key. | Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase TitleKey]]. | ||
[5.0.0] This function was removed and replaced with [[#ReEncryptRsaPrivateKey]]. | |||
=== | === ReEncryptRsaPrivateKey === | ||
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key. | Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key. | ||
Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid. | Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid. | ||
The re-encrypted key is then passed to the user, for use with [[# | The re-encrypted key is then passed to the user, for use with [[#DecryptOrImportRsaPrivateKey]]. | ||
=== DecryptRsaPrivateKey === | === DecryptRsaPrivateKey === | ||
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key. | Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase RsaPrivate]]. | ||
[4.0.0+] The SMC handler when certain conditions pass and | [4.0.0+] The SMC handler when certain conditions pass and FunctionId0==0xC300100D now returns error 0x6 instead of calling the handler funcptr. | ||
[5.0.0+] This function was replaced by [[#DecryptOrImportRsaPrivateKey]]. | |||
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional | === DecryptOrImportRsaPrivateKey === | ||
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional [[#DecryptOrImportMode]]. | |||
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed. | This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed. | ||
=== | === ImportLotusKey === | ||
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key. | Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase RsaSecureExpMod]]. | ||
[5.0.0] This function was removed. | |||
=== SecureExpMod === | === SecureExpMod === | ||
Performs an | Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command. | ||
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#SecureExpModMode]]. | |||
=== | === UnwrapTitleKey === | ||
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash. | Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash. | ||
Performs an | Performs an ExpMod operation using an exponent previously loaded with the [[#ImportEsKey]] command, and then validates/extracts a Titlekey from the resulting message. | ||
Returns a session-unique AES key especially for use in [[#LoadTitleKey]]. | Returns a session-unique AES key especially for use in [[#LoadTitleKey]]. | ||
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]]. | |||
=== LoadTitleKey === | === LoadTitleKey === | ||
Takes a session-unique AES key from [[# | Takes a session-unique AES key from [[#UnwrapCommonTitleKey]] or [[#UnwrapTitleKey]]. | ||
=== | === UnwrapCommonTitleKey === | ||
Takes an AES-wrapped TitleKey and returns a sealed AES key. | |||
== | == FunctionId1 == | ||
Functions exposed to the kernel internally. | Functions exposed to the kernel internally. | ||
{| class=wikitable | {| class=wikitable | ||
! | ! Value || Name | ||
|- | |- | ||
| 0xC4000001 || [[#CpuSuspend]] | | 0xC4000001 || [[#CpuSuspend]] | ||
|- | |- | ||
| 0x84000002 || [[#CpuOff]] | | 0x84000002 || [[#CpuOff]] | ||
|- | |- | ||
| 0xC4000003 || [[#CpuOn]] | | 0xC4000003 || [[#CpuOn]] | ||
|- | |- | ||
| 0xC3000004 || [[#GetConfig]] ( | | 0xC3000004 || [[#GetConfig]] (same as in [[#FunctionId0]]) | ||
|- | |- | ||
| 0xC3000005 || [[# | | 0xC3000005 || [[#GenerateRandomBytes]] (same as in [[#FunctionId0]]) | ||
|- | |- | ||
| 0xC3000006 || [[#Panic]] | | 0xC3000006 || [[#Panic]] | ||
|- | |- | ||
| 0xC3000007 || [2.0.0+] [[#ConfigureCarveout]] | | 0xC3000007 || [2.0.0+] [[#ConfigureCarveout]] | ||
|- | |- | ||
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]] | | 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]] | ||
|} | |} | ||
=== CpuSuspend === | === CpuSuspend === | ||
Takes an u64 '''PowerState''', an u64 '''EntrypointAddr''' and an u64 '''ContextId'''. No output. | |||
Suspends the CPU (CPU0). | |||
The kernel calls this SMC on shutdown with ''' | The kernel calls this SMC on shutdown with '''PowerState''' set to 0x0201001B (power level: 0x02==system; power type: 0x01==powerdown; ID: 0x1B). | ||
=== CpuOff === | === CpuOff === | ||
No input/output. | |||
Turns off the CPU (CPU1, CPU2 or CPU3). | |||
=== CpuOn === | === CpuOn === | ||
Takes an u64 '''TargetCpu''', an u64 '''EntrypointAddr''' and an u64 '''ContextId'''. Returns [[#Result]]. | |||
Turns on the CPU (CPU1, CPU2 or CPU3). | |||
=== GetConfig === | === GetConfig === | ||
Takes a | Takes a [[#ConfigItem]]. Returns [[#Result]] and a '''ConfigVal'''. | ||
==== ConfigItem ==== | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! Value || Name | ||
|- | |- | ||
| 1 || [[#DisableProgramVerification]] | | 1 || [[#DisableProgramVerification]] | ||
Line 207: | Line 208: | ||
| 2 || [[#DramId]] | | 2 || [[#DramId]] | ||
|- | |- | ||
| 3 || [[# | | 3 || [[#SecurityEngineInterruptNumber]] | ||
|- | |- | ||
| 4 || [[# | | 4 || [[#FuseVersion]] | ||
|- | |- | ||
| 5 || [[#HardwareType]] | | 5 || [[#HardwareType]] | ||
Line 221: | Line 222: | ||
| 9 || [1.0.0-4.0.0] [[#BootReason]] | | 9 || [1.0.0-4.0.0] [[#BootReason]] | ||
|- | |- | ||
| 10 || [[# | | 10 || [[#MemoryMode]] | ||
|- | |- | ||
| 11 || [[#IsDebugMode]] | | 11 || [[#IsDebugMode]] | ||
Line 229: | Line 230: | ||
| 13 || [[#IsChargerHiZModeEnabled]] | | 13 || [[#IsChargerHiZModeEnabled]] | ||
|- | |- | ||
| 14 || [4.0.0+] [[# | | 14 || [4.0.0+] [[#IsQuest]] | ||
|- | |- | ||
| 15 || [5.0.0+] [[# | | 15 || [5.0.0+] [[#RegulatorType]] | ||
|- | |- | ||
| 16 || [5.0.0+] [[# | | 16 || [5.0.0+] [[#DeviceUniqueKeyGeneration]] | ||
|- | |- | ||
| 17 || [5.0.0+] [[#Package2Hash]] | | 17 || [5.0.0+] [[#Package2Hash]] | ||
|} | |} | ||
==== DisableProgramVerification ==== | ===== DisableProgramVerification ===== | ||
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false). | [[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false). | ||
==== DramId ==== | ===== DramId ===== | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! Value | ||
! | ! Description | ||
|- | |- | ||
| | | 0 | ||
| | | EristaIcosaSamsung4gb | ||
|- | |- | ||
| | | 1 | ||
| | | EristaIcosaHynix4gb | ||
|- | |- | ||
| | | 2 | ||
| | | EristaIcosaMicron4gb | ||
|- | |- | ||
| | | 3 | ||
| | | Reserved | ||
|- | |- | ||
| | | 4 | ||
| | | EristaIcosaSamsung6gb | ||
|- | |- | ||
| | | 5 | ||
| | | [4.0.0+] Reserved | ||
|- | |- | ||
| | | 6 | ||
| | | [4.0.0+] Reserved | ||
|- | |- | ||
| | | 7 | ||
| | | [5.0.0+] MarikoIowax1x2Samsung4gb ([4.0.0-4.1.0] Reserved) | ||
|- | |- | ||
| | | 8 | ||
| | | [5.0.0+] MarikoIowaSamsung4gb | ||
|- | |- | ||
| | | 9 | ||
| | | [5.0.0+] MarikoIowaSamsung8gb | ||
|- | |- | ||
| | | 10 | ||
| | | [6.0.0+] MarikoIowaHynix4gb ([5.0.0-5.1.0] Reserved) | ||
|- | |- | ||
| | | 11 | ||
| | | [7.0.0+] MarikoIowaMicron4gb ([5.0.0-6.2.0] Reserved) | ||
|- | |- | ||
| | | 12 | ||
| | | [5.0.0+] MarikoHoagSamsung4gb | ||
|- | |- | ||
| | | 13 | ||
| | | [5.0.0+] MarikoHoagSamsung8gb | ||
|- | |- | ||
| | | 14 | ||
| | | [7.0.0+] MarikoHoagHynix4gb ([5.0.0-6.2.0] Reserved) | ||
|- | |- | ||
| | | 15 | ||
| | | [7.0.0+] MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved) | ||
|- | |||
| 16 | |||
| [8.0.0+] MarikoIowaSamsung4gbY | |||
|- | |||
| 17 | |||
| [9.0.0+] MarikoIowaSamsung1y4gbX | |||
|- | |||
| 18 | |||
| [9.0.0+] MarikoIowaSamsung1y8gbX | |||
|- | |||
| 19 | |||
| [9.0.0+] MarikoHoagSamsung1y4gbX | |||
|- | |||
| 20 | |||
| [9.0.0+] MarikoIowaSamsung1y4gbY | |||
|- | |||
| 21 | |||
| [9.0.0+] MarikoIowaSamsung1y8gbY | |||
|- | |||
| 22 | |||
| [9.0.0+] MarikoIowaSamsung1y4gbA | |||
|} | |} | ||
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | |||
[[PCV_services|PCV]] selects memory training tables based on DramId. | [[PCV_services|PCV]] selects memory training tables based on DramId. | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! SoC | ||
! | ! Platform | ||
! | ! DramId | ||
! | ! Revision | ||
! DVFS version | |||
|- | |- | ||
| | | T210 | ||
| | | jetson-tx1 | ||
| | | N/A | ||
| 0x07 | |||
| | | | ||
11_40800_01_V9.8.3_V1.6 | 11_40800_01_V9.8.3_V1.6 | ||
Line 321: | Line 345: | ||
11_1600000_02_V9.8.3_V1.6 | 11_1600000_02_V9.8.3_V1.6 | ||
|- | |- | ||
| | | T210 | ||
| | | nx-abcb | ||
| | | EristaIcosaSamsung4gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 336: | Line 361: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | T210 | ||
| | | nx-abcb | ||
| | | EristaIcosaMicron4gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.4_V1.6 | 10_40800_NoCfgVersion_V9.8.4_V1.6 | ||
Line 351: | Line 377: | ||
10_1600000_NoCfgVersion_V9.8.4_V1.6 | 10_1600000_NoCfgVersion_V9.8.4_V1.6 | ||
|- | |- | ||
| | | T210 | ||
| | | nx-abcb | ||
| | | EristaIcosaHynix4gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.4_V1.6 | 10_40800_NoCfgVersion_V9.8.4_V1.6 | ||
Line 366: | Line 393: | ||
10_1600000_NoCfgVersion_V9.8.4_V1.6 | 10_1600000_NoCfgVersion_V9.8.4_V1.6 | ||
|- | |- | ||
| | | T210 | ||
| | | nx-abca2 | ||
| | | EristaIcosaSamsung4gb, EristaIcosaMicron4gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 381: | Line 409: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | T210 | ||
| | | nx-abca2 | ||
| | | EristaIcosaHynix4gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 396: | Line 425: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | T210 | ||
| | | nx-abca2 | ||
| | | EristaIcosaSamsung6gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 411: | Line 441: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | T214 | ||
| | | nx-abca2, nx-abcb, nx-abcc | ||
| | | MarikoIowax1x2Samsung4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.3.1_V2.0 | 01_204000_NoCfgVersion_V0.3.1_V2.0 | ||
Line 419: | Line 450: | ||
01_1600000_NoCfgVersion_V0.3.1_V2.0 | 01_1600000_NoCfgVersion_V0.3.1_V2.0 | ||
|- | |- | ||
| | | T214 | ||
| | | nx-abca2, nx-abcb, nx-abcc | ||
| | | MarikoIowaSamsung4gb, MarikoHoagSamsung4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.3.1_V2.0 | 01_204000_NoCfgVersion_V0.3.1_V2.0 | ||
Line 427: | Line 459: | ||
01_1600000_NoCfgVersion_V0.3.1_V2.0 | 01_1600000_NoCfgVersion_V0.3.1_V2.0 | ||
|- | |- | ||
| | | T214 | ||
| | | nx-abca2, nx-abcb, nx-abcc | ||
| | | MarikoIowaSamsung8gb, MarikoHoagSamsung8gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.4.2_V2.0 | 01_204000_NoCfgVersion_V0.4.2_V2.0 | ||
Line 435: | Line 468: | ||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | 01_1600000_NoCfgVersion_V0.4.2_V2.0 | ||
|- | |- | ||
| | | T214 | ||
| | | nx-abca2, nx-abcb, nx-abcc | ||
| | | MarikoIowaHynix4gb, MarikoHoagHynix4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.3.1_V2.0 | 01_204000_NoCfgVersion_V0.3.1_V2.0 | ||
Line 443: | Line 477: | ||
01_1600000_NoCfgVersion_V0.3.1_V2.0 | 01_1600000_NoCfgVersion_V0.3.1_V2.0 | ||
|- | |- | ||
| | | T214 | ||
| | | nx-abca2, nx-abcb, nx-abcc | ||
| | | MarikoIowaMicron4gb, MarikoHoagMicron4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.4.2_V2.0 | 01_204000_NoCfgVersion_V0.4.2_V2.0 | ||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | 01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | ||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | 01_1600000_NoCfgVersion_V0.4.2_V2.0 | ||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoIowaSamsung4gbY | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoIowaSamsung1y4gbX | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoIowaSamsung1y8gbX | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoHoagSamsung1y4gbX | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoIowaSamsung1y4gbY | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoIowaSamsung1y8gbY | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| T214 | |||
| nx-abca2, nx-abcb, nx-abcc | |||
| MarikoIowaSamsung1y4gbA | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.5_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.5_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.5_V2.0 | |||
|} | |} | ||
nx- | '''nx-abca2''' ('''Icosa''' in '''Erista''', '''Iowa''' in '''Mariko''') hardware types are variations of the retail, EDEV and SDEV form factors. | ||
nx- | '''nx-abcb''' ('''Copper''' in '''Erista''', '''Calcio''' in '''Mariko''') is a prototype unit. Among other differences, this has extra hardware to support HDMI output. | ||
[8.0.0+] '''nx-abcc''' ('''Hoag''') was added for the Lite retail and HDEV form factors. | |||
==== | '''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X. | ||
===== SecurityEngineInterruptNumber ===== | |||
SPL uses this for setting up the security engine IRQ. | SPL uses this for setting up the security engine IRQ. | ||
==== | ===== FuseVersion ===== | ||
The current [[Package2#Versions|Package1 Maxver Constant]] - 1. | The current [[Package2#Versions|Package1 Maxver Constant]] - 1. | ||
==== HardwareType ==== | ===== HardwareType ===== | ||
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 ( | [1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be: | ||
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''. | |||
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''. | |||
* 3 (Invalid). | |||
Value 2 is reserved and considered invalid. | |||
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be: | |||
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''. | |||
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''. | |||
* 3 ('''Iowa'''; Mariko retail, EDEV and SDEV), if new hardware type (bits 16-19) is '''Iowa'''. | |||
* 4 (Invalid). | |||
Value 2 is reserved and considered invalid. | |||
[7.0.0+] This item | [7.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]], but is now only 0 (Icosa) or 0xF (Invalid) in retail units. | ||
==== IsRetail ==== | [8.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be: | ||
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''. | |||
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''. | |||
* 2 ('''Hoag'''; Mariko Lite retail and HDEV), if new hardware type (bits 16-19) is '''Hoag'''. | |||
* 3 ('''Iowa'''; Mariko retail, EDEV and SDEV), if new hardware type (bits 16-19) is '''Iowa'''. | |||
* 4 ('''Calcio'''; Mariko prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''. | |||
* 5 (Invalid). | |||
It is still only 0 (Icosa) or 0xF (Invalid) in retail units. | |||
===== IsRetail ===== | |||
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid). | This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid). | ||
==== IsRecoveryBoot ==== | ===== IsRecoveryBoot ===== | ||
Used to determine if the system is booting from SafeMode firmware. | Used to determine if the system is booting from SafeMode firmware. | ||
Under normal circumstances, this just returns bit 0 of the active [[BCT#bootloader0_info|bootloader info]]'s attribute field. | Under normal circumstances, this just returns bit 0 of the active [[BCT#bootloader0_info|bootloader info]]'s attribute field. | ||
==== DeviceId ==== | ===== DeviceId ===== | ||
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown. | [[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown. | ||
==== BootReason ==== | ===== BootReason ===== | ||
{| class=wikitable | |||
! Value || Description | |||
|- | |||
| 0 || Invalid | |||
|- | |||
| 1 || AcOk | |||
|- | |||
| 2 || OnKey | |||
|- | |||
| 3 || RtcAlarm1 | |||
|- | |||
| 4 || RtcAlarm2 | |||
|} | |||
Used to determine how the system booted. | Used to determine how the system booted. | ||
==== | ===== MemoryMode ===== | ||
{| class="wikitable" border="1" | |||
|- | |||
! Bits | |||
! Description | |||
|- | |||
| 0-3 | |||
| Purpose (0 = None, 1 = ForStandard, 2 = ForAppletDev, 3 = ForSystemDev) | |||
|- | |||
| 4-7 | |||
| Size (0 = 4GB, 1 = 6GB, 2 = 8GB) | |||
|} | |||
==== IsDebugMode ==== | [[Process Manager services|PM]] and the kernel decide memory arrangement based on MemoryMode. | ||
{| class="wikitable" border="1" | |||
|- | |||
! MemoryArrange | |||
! MemoryMode | |||
! Description | |||
|- | |||
| 0 | |||
| 0x01 | |||
| Standard | |||
|- | |||
| 1 | |||
| 0x02 | |||
| StandardForAppletDev | |||
|- | |||
| 2 | |||
| 0x03 | |||
| StandardForSystemDev | |||
|- | |||
| 3 | |||
| 0x11 | |||
| Expanded | |||
|- | |||
| 4 | |||
| 0x12 | |||
| ExpandedForAppletDev | |||
|- | |||
| 5 | |||
| 0x21 | |||
| ExpandedForMarikoDev | |||
|} | |||
===== IsDebugMode ===== | |||
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail. | Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail. | ||
Line 495: | Line 672: | ||
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed. | [3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed. | ||
===== KernelConfiguration ===== | |||
{| class="wikitable" border="1" | |||
|- | |||
! Bits | |||
! Description | |||
|- | |||
| 0 | |||
| EnableNonZeroFillMemory | |||
|- | |||
| 1 | |||
| EnableUserExceptionHandler | |||
|- | |||
| 2 | |||
| PerformanceMonitoringUnit | |||
|- | |||
| 3 | |||
| [8.0.0+] EnableApplicationExtraThread | |||
|- | |||
| 8 | |||
| CallShowErrorOnPanic | |||
|- | |||
| 16-17 | |||
| MemorySize | |||
|} | |||
Kernel reads this when setting up memory-related code. | |||
EnableNonZeroFillMemory is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. | |||
EnableUserExceptionHandler is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers). | |||
PerformanceMonitoringUnit is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0). | |||
EnableApplicationExtraThread is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads. | |||
CallShowErrorOnPanic is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping. | |||
MemorySize determines how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB. | |||
==== IsChargerHiZModeEnabled ==== | ===== IsChargerHiZModeEnabled ===== | ||
This tells if the TI Charger (bq24192) is active. | This tells if the TI Charger (bq24192) is active. | ||
==== | ===== IsQuest ===== | ||
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | ||
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores. | [4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores. | ||
==== | ===== RegulatorType ===== | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! Value | ||
! | ! SoC | ||
! | ! GPU | ||
! | ! Power Blocks | ||
|- | |- | ||
| | | 0 | ||
| | | T210 | ||
| | | GM20B (0x12B) | ||
| | | max77620_sd0, max77621_cpu and max77621_gpu | ||
|- | |- | ||
| | | 1 | ||
| | | T214 | ||
| | | GM20B_B (0x12E) | ||
| | | max77620_sd0, max77812_cpu and max77812_gpu | ||
|- | |- | ||
| | | 2 | ||
| | | T214 | ||
| | | GM20B_B (0x12E) | ||
| | | max77620_sd0, max77812_cpu and max77812_gpu | ||
|} | |} | ||
==== Package2Hash ==== | This item is currently hardcoded to 0. | ||
[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware. | |||
===== DeviceUniqueKeyGeneration ===== | |||
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2. | |||
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey". | |||
===== Package2Hash ===== | |||
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead. | This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead. | ||
=== | === GenerateRandomBytes === | ||
Takes | Takes an u64 '''RndSize'''. Returns [[#Result]] and '''RndData'''. | ||
The kernel limits ''' | The kernel limits '''RndSize''' to 0x38 (for fitting in return registers). | ||
=== Panic === | === Panic === | ||
Takes an u32 '''PanicColor''' and issues a system panic. | |||
The kernel always calls this with ''' | The kernel always calls this with '''PanicColor''' set to 0xF00. | ||
=== ConfigureCarveout === | === ConfigureCarveout === | ||
Takes an u64 '''CarveoutIdx''', an u64 '''CarveoutAddr''' and an u64 '''CarveoutSize'''. Returns [[#Result]]. | |||
If ''' | If '''CarveoutIdx''' is 0, '''CarveoutAddr''' and '''CarveoutSize''' are used to configure '''MC_SECURITY_CARVEOUT4'''. | ||
If ''' | If '''CarveoutIdx''' is 1, '''CarveoutAddr''' and '''CarveoutSize''' are used to configure '''MC_SECURITY_CARVEOUT5'''. | ||
Any other ''' | Any other '''CarveoutIdx''' values are invalid. | ||
The kernel calls this with ''' | The kernel calls this with '''CarveoutIdx''' set to 0, '''CarveoutAddr''' set to 0x80060000 and '''CarveoutSize''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions. | ||
=== ReadWriteRegister === | === ReadWriteRegister === | ||
Takes an u64 '''RegAddr''', an u32 '''RwMask''' and an u32 '''InValue'''. Returns [[#Result]] and an u32 '''OutValue'''. | |||
Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor. | Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor. | ||
= | = CryptoUsecase = | ||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || Aes | |||
|- | |||
| 1 || RsaPrivate | |||
|- | |||
| 2 || RsaSecureExpMod | |||
|- | |||
| 3 || TitleKey | |||
|} | |||
TitleKey represents a RSA wrapped AES key. | |||
= CipherMode = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || CbcEncrypt | |||
|- | |||
| 1 || CbcDecrypt | |||
|- | |||
| 2 || Ctr | |||
|} | |||
= DecryptOrImportMode = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || DecryptRsaPrivateKey | |||
|- | |||
| 1 || ImportLotusKey | |||
|- | |||
| 2 || ImportEsKey | |||
|- | |||
| 3 || ImportSslKey | |||
|- | |||
| 4 || ImportDrmKey | |||
|} | |||
= SecureExpModMode = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || Lotus | |||
|- | |||
| 1 || Ssl | |||
|- | |||
| 2 || Drm | |||
|} | |||
= Result = | |||
{| class=wikitable | {| class=wikitable | ||
! Value || Description | ! Value || Description | ||
|- | |- | ||
| 2 || Invalid | | 0 || Success | ||
|- | |||
| 1 || Not implemented | |||
|- | |||
| 2 || Invalid argument | |||
|- | |||
| 3 || In progress | |||
|- | |||
| 4 || No async operation | |||
|- | |||
| 5 || Invalid async operation | |||
|- | |- | ||
| | | [8.0.0+] 6 || Not permitted | ||
|} | |} |