Nintendo Switch Brew

Secure Monitor: Difference between revisions

← Older editNewer edit →
No edit summary
No edit summary
Line 59: Line 59:
| [5.0.0+] 0xC300100D || [[#DecryptOrImportRsaPrivateKey]]
| [5.0.0+] 0xC300100D || [[#DecryptOrImportRsaPrivateKey]]
|-
|-
| [1.0.0-4.1.0] 0xC300100E || [[#ImportLotusKey]]
| [1.0.0-4.1.0] 0xC300100E || [[#ImportSecureExpModKey]]
|-
|-
| 0xC300060F || [[#StorageExpMod]]
| 0xC300060F || [[#SecureExpMod]]
|-
|-
| 0xC3000610 || [[#UnwrapTitleKey]]
| 0xC3000610 || [[#UnwrapTitleKey]]
Line 129: Line 129:
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.


=== ImportLotusKey ===
=== ImportSecureExpModKey ===
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.


Line 137: Line 137:


=== SecureExpMod ===
=== SecureExpMod ===
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command.
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportSecureExpModKey]] command.


[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#SecureExpModMode]].
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#SecureExpModMode]].
Line 180: Line 180:


=== CpuSuspend ===
=== CpuSuspend ===
Takes an u64 '''PowerState''', an u64 '''EntrypointAddr''' and an u64 '''ContextId'''. No output.
Takes an u64 '''PowerState''', an u64 '''EntrypointAddress''' and an u64 '''ContextId'''. No output.


Suspends the CPU (CPU0).
Suspends the CPU (CPU0).
Line 192: Line 192:


=== CpuOn ===
=== CpuOn ===
Takes an u64 '''TargetCpu''', an u64 '''EntrypointAddr''' and an u64 '''ContextId'''. Returns [[#Result]].
Takes an u64 '''TargetCpu''', an u64 '''EntrypointAddress''' and an u64 '''ContextId'''. Returns [[#Result]].


Turns on the CPU (CPU1, CPU2 or CPU3).
Turns on the CPU (CPU1, CPU2 or CPU3).


=== GetConfig ===
=== GetConfig ===
Takes a [[#ConfigItem]]. Returns [[#Result]] and a '''ConfigVal'''.
Takes a [[#ConfigItem]]. Returns [[#Result]] and a '''ConfigValue'''.


==== ConfigItem ====
==== ConfigItem ====
Line 214: Line 214:
| 5 || [[#HardwareType]]
| 5 || [[#HardwareType]]
|-
|-
| 6 || [[#IsRetail]]
| 6 || [[#HardwareState]]
|-
|-
| 7 || [[#IsRecoveryBoot]]
| 7 || [[#IsRecoveryBoot]]
Line 224: Line 224:
| 10 || [[#MemoryMode]]
| 10 || [[#MemoryMode]]
|-
|-
| 11 || [[#IsDebugMode]]
| 11 || [[#IsDevelopmentFunctionEnabled]]
|-
|-
| 12 || [[#KernelConfiguration]]
| 12 || [[#KernelConfiguration]]
Line 329: Line 329:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! SoC
! SocType
! Platform
! Platform
! DramId
! DramId
! Revision
! Revision
! DVFS version
! DVFS
|-
|-
| T210
| Erista
| jetson-tx1
| jetson-tx1
| N/A
| N/A
Line 351: Line 351:
  11_1600000_02_V9.8.3_V1.6
  11_1600000_02_V9.8.3_V1.6
|-
|-
| T210
| Erista
| nx-abcb
| nx-abcb
| EristaIcosaSamsung4gb
| EristaIcosaSamsung4gb
Line 367: Line 367:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| T210
| Erista
| nx-abcb
| nx-abcb
| EristaIcosaMicron4gb
| EristaIcosaMicron4gb
Line 383: Line 383:
  10_1600000_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
| T210
| Erista
| nx-abcb
| nx-abcb
| EristaIcosaHynix4gb
| EristaIcosaHynix4gb
Line 399: Line 399:
  10_1600000_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
| T210
| Erista
| nx-abca2
| nx-abca2
| EristaIcosaSamsung4gb, EristaIcosaMicron4gb
| EristaIcosaSamsung4gb, EristaIcosaMicron4gb
Line 415: Line 415:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| T210
| Erista
| nx-abca2
| nx-abca2
| EristaIcosaHynix4gb
| EristaIcosaHynix4gb
Line 431: Line 431:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| T210
| Erista
| nx-abca2
| nx-abca2
| EristaIcosaSamsung6gb
| EristaIcosaSamsung6gb
Line 447: Line 447:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowax1x2Samsung4gb
| MarikoIowax1x2Samsung4gb
Line 456: Line 456:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung4gb, MarikoHoagSamsung4gb
| MarikoIowaSamsung4gb, MarikoHoagSamsung4gb
Line 465: Line 465:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung8gb, MarikoHoagSamsung8gb
| MarikoIowaSamsung8gb, MarikoHoagSamsung8gb
Line 474: Line 474:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaHynix4gb, MarikoHoagHynix4gb
| MarikoIowaHynix4gb, MarikoHoagHynix4gb
Line 483: Line 483:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaMicron4gb, MarikoHoagMicron4gb
| MarikoIowaMicron4gb, MarikoHoagMicron4gb
Line 492: Line 492:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung4gbY
| MarikoIowaSamsung4gbY
Line 501: Line 501:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y4gbX
| MarikoIowaSamsung1y4gbX
Line 510: Line 510:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y8gbX
| MarikoIowaSamsung1y8gbX
Line 519: Line 519:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoHoagSamsung1y4gbX
| MarikoHoagSamsung1y4gbX
Line 528: Line 528:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y4gbY
| MarikoIowaSamsung1y4gbY
Line 537: Line 537:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y8gbY
| MarikoIowaSamsung1y8gbY
Line 546: Line 546:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| T214
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y4gbA
| MarikoIowaSamsung1y4gbA
Line 573: Line 573:


===== HardwareType =====
===== HardwareType =====
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
{| class=wikitable
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
! Value || Description
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
|-
* 3 (Invalid).
| 0 || Icosa
|-
| 1 || Copper
|-
| 2 || [8.0.0+] Hoag ([1.0.0-7.0.1] Invalid)
|-
| 3 || [4.0.0+] Iowa
|-
| 4 || [8.0.0+] Calcio
|-
| 5 || [10.0.0+] Unknown
|-
| 15 || Invalid
|}


Value 2 is reserved and considered invalid.
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].


[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 3 ('''Iowa'''; Mariko retail, EDEV and SDEV), if new hardware type (bits 16-19) is '''Iowa'''.
* 4 (Invalid).


Value 2 is reserved and considered invalid.
[7.0.0+] This item can now only be 0 (Icosa) or 15 (Invalid) in Erista units.


[7.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]], but is now only 0 (Icosa) or 0xF (Invalid) in retail units.
Hardware is '''Icosa''' (Erista retail, EDEV and SDEV) if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.


[8.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
Hardware is '''Copper''' (Erista prototype) if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 2 ('''Hoag'''; Mariko Lite retail and HDEV), if new hardware type (bits 16-19) is '''Hoag'''.
* 3 ('''Iowa'''; Mariko retail, EDEV and SDEV), if new hardware type (bits 16-19) is '''Iowa'''.
* 4 ('''Calcio'''; Mariko prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 5 (Invalid).


It is still only 0 (Icosa) or 0xF (Invalid) in retail units.
[4.0.0+] Hardware is '''Iowa''' (Mariko retail, EDEV and SDEV) if new hardware type (bits 16-19) is '''Iowa'''.


[10.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
[8.0.0+] Hardware is '''Hoag''' (Mariko Lite retail and HDEV) if new hardware type (bits 16-19) is '''Hoag'''.
* 0 ('''Icosa'''; Erista retail, EDEV and SDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
* 1 ('''Copper'''; Erista prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 2 ('''Hoag'''; Mariko Lite retail and HDEV), if new hardware type (bits 16-19) is '''Hoag'''.
* 3 ('''Iowa'''; Mariko retail, EDEV and SDEV), if new hardware type (bits 16-19) is '''Iowa'''.
* 4 ('''Calcio'''; Mariko prototype), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 5 ('''Unknown'''), if new hardware type (bits 16-19) is 0x4.
* 6 (Invalid).


It is still only 0 (Icosa) or 0xF (Invalid) in retail units.
[8.0.0+] Hardware is '''Calcio''' (Mariko prototype) if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.


===== IsRetail =====
[10.0.0+] Hardware is '''Unknown''' if new hardware type (bits 16-19) is 0x4.
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid).
 
===== HardwareState =====
{| class=wikitable
! Value || Description
|-
| 0 || Development
|-
| 1 || Production
|-
| 2 || Invalid
|}
 
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].


===== IsRecoveryBoot =====
===== IsRecoveryBoot =====
Line 684: Line 692:
|}
|}


===== IsDebugMode =====
===== IsDevelopmentFunctionEnabled =====
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail.
Kernel uses this to determine behavior of [[SVC#svcBreak|svcBreak]] positive arguments. It will break instead of just force-exiting the process which is what happens on retail.


[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
Line 718: Line 726:
Kernel reads this when setting up memory-related code.
Kernel reads this when setting up memory-related code.


EnableNonZeroFillMemory is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs.
'''EnableNonZeroFillMemory''' is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs.


EnableUserExceptionHandler is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).
'''EnableUserExceptionHandler''' is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).


PerformanceMonitoringUnit is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
'''PerformanceMonitoringUnit''' is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).


EnableApplicationExtraThread is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads.
'''EnableApplicationExtraThread''' is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads.


CallShowErrorOnPanic is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
'''CallShowErrorOnPanic''' is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.


MemorySize determines how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB.
'''MemorySize''' determines how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB.


===== IsChargerHiZModeEnabled =====
===== IsChargerHiZModeEnabled =====
Line 742: Line 750:
|-
|-
! Value
! Value
! SoC
! SocType
! GPU
! GPU
! Power Blocks
! Power Blocks
|-
|-
| 0
| 0
| T210
| Erista
| GM20B (0x12B)
| GM20B (0x12B)
| max77620_sd0, max77621_cpu and max77621_gpu
| max77620_sd0, max77621_cpu and max77621_gpu
|-
|-
| 1
| 1
| T214
| Mariko
| GM20B_B (0x12E)
| GM20B_B (0x12E)
| max77620_sd0, max77812_cpu and max77812_gpu
| max77620_sd0, max77812_cpu and max77812_gpu
|-
|-
| 2
| 2
| T214
| Mariko
| GM20B_B (0x12E)
| GM20B_B (0x12E)
| max77620_sd0, max77812_cpu and max77812_gpu
| max77620_sd0, max77812_cpu and max77812_gpu
|}
|}
This item is currently hardcoded to 0.


[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware.
[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware.
Line 775: Line 781:


=== GenerateRandomBytes ===
=== GenerateRandomBytes ===
Takes an u64 '''RndSize'''. Returns [[#Result]] and '''RndData'''.
Takes an u64 '''Size'''. Returns [[#Result]] and '''RandomBytes'''.


The kernel limits '''RndSize''' to 0x38 (for fitting in return registers).
The kernel limits '''Size''' to 0x38 (for fitting in return registers).


=== Panic ===
=== Panic ===
Takes an u32 '''PanicColor''' and issues a system panic.
Takes an u32 '''Color''' and issues a system panic.


The kernel always calls this with '''PanicColor''' set to 0xF00.
The kernel always calls this with '''Color''' set to 0xF00.


=== ConfigureCarveout ===
=== ConfigureCarveout ===
Takes an u64 '''CarveoutIdx''', an u64 '''CarveoutAddr''' and an u64 '''CarveoutSize'''. Returns [[#Result]].
Takes an u64 '''Index''', an u64 '''Address''' and an u64 '''Size'''. Returns [[#Result]].


If '''CarveoutIdx''' is 0, '''CarveoutAddr''' and '''CarveoutSize''' are used to configure '''MC_SECURITY_CARVEOUT4'''.
If '''Index''' is 0, '''Address''' and '''Size''' are used to configure '''MC_SECURITY_CARVEOUT4'''.
If '''CarveoutIdx''' is 1, '''CarveoutAddr''' and '''CarveoutSize''' are used to configure '''MC_SECURITY_CARVEOUT5'''.
If '''Index''' is 1, '''Address''' and '''Size''' are used to configure '''MC_SECURITY_CARVEOUT5'''.
Any other '''CarveoutIdx''' values are invalid.
Any other '''Index''' values are invalid.


The kernel calls this with '''CarveoutIdx''' set to 0, '''CarveoutAddr''' set to 0x80060000 and '''CarveoutSize''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions.
The kernel calls this with '''Index''' set to 0, '''Address''' set to 0x80060000 and '''Size''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions.


=== ReadWriteRegister ===
=== ReadWriteRegister ===
Takes an u64 '''RegAddr''', an u32 '''RwMask''' and an u32 '''InValue'''. Returns [[#Result]] and an u32 '''OutValue'''.
Takes an u64 '''Register''', an u32 '''Mask''' and an u32 '''InValue'''. Returns [[#Result]] and an u32 '''OutValue'''.


Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor.
Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor.
Line 806: Line 812:
| 1 || RsaPrivate
| 1 || RsaPrivate
|-
|-
| 2 || RsaSecureExpMod
| 2 || SecureExpMod
|-
| 3 || RsaOaep
|-
| 4 || [5.0.0+] RsaImport
|-
| 5 || [5.0.0+]
|-
|-
| 3 || TitleKey
| 6 || [5.0.0+]
|}
|}
TitleKey represents a RSA wrapped AES key.


= CipherMode =
= CipherMode =
Line 848: Line 858:
|-
|-
| 2 || Drm
| 2 || Drm
|}
= EsKeyType =
{| class=wikitable
! Value || Name
|-
| 0 || TitleKey
|-
| 1 || ElicenseKey
|}
|}


Line 866: Line 885:
| 5 || Invalid async operation
| 5 || Invalid async operation
|-
|-
| [8.0.0+] 6 || Not permitted
| 6 || [8.0.0+] Not permitted
|}
|}
Retrieved from "https://switchbrew.org/wiki/Secure_Monitor"