Secure Monitor: Difference between revisions
No edit summary |
|||
Line 31: | Line 31: | ||
| 0xC3000401 || SetConfig | | 0xC3000401 || SetConfig | ||
|- | |- | ||
| 0xC3000002 || [[#GetConfig]] (same as in [[#FunctionId1]]) | | 0xC3000002 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId1]]) | ||
|- | |- | ||
| 0xC3000003 || GetResult | | 0xC3000003 || GetResult | ||
Line 39: | Line 39: | ||
| 0xC3000E05 || ModularExponentiate | | 0xC3000E05 || ModularExponentiate | ||
|- | |- | ||
| 0xC3000006 || [[#GenerateRandomBytes]] (same as in [[#FunctionId1]]) | | 0xC3000006 || [[#GenerateRandomBytes|GenerateRandomBytes]] (same as in [[#FunctionId1]]) | ||
|- | |- | ||
| 0xC3000007 || [[#GenerateAesKek]] | | 0xC3000007 || [[#GenerateAesKek|GenerateAesKek]] | ||
|- | |- | ||
| 0xC3000008 || [[#LoadAesKey]] | | 0xC3000008 || [[#LoadAesKey|LoadAesKey]] | ||
|- | |- | ||
| 0xC3000009 || [[#ComputeAes]] | | 0xC3000009 || [[#ComputeAes|ComputeAes]] | ||
|- | |- | ||
| 0xC300000A || [[#GenerateSpecificAesKey]] | | 0xC300000A || [[#GenerateSpecificAesKey|GenerateSpecificAesKey]] | ||
|- | |- | ||
| 0xC300040B || [[#ComputeCmac]] | | 0xC300040B || [[#ComputeCmac|ComputeCmac]] | ||
|- | |- | ||
| [1.0.0-4.1.0] 0xC300100C || [[#DecryptAndImportEsDeviceKey]] | | [1.0.0-4.1.0] 0xC300100C || [[#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey]] | ||
|- | |- | ||
| [5.0.0+] 0xC300D60C || [[#ReencryptDeviceUniqueData]] | | [5.0.0+] 0xC300D60C || [[#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData]] | ||
|- | |- | ||
| 0xC300100D || [[#DecryptDeviceUniqueData]] | | 0xC300100D || [[#DecryptDeviceUniqueData|DecryptDeviceUniqueData]] | ||
|- | |- | ||
| [1.0.0-4.1.0] 0xC300100E || [[#DecryptAndImportLotusKey]] | | [1.0.0-4.1.0] 0xC300100E || [[#DecryptAndImportLotusKey|DecryptAndImportLotusKey]] | ||
|- | |- | ||
| 0xC300060F || [[#ModularExponentiateByStorageKey]] | | 0xC300060F || [[#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey]] | ||
|- | |- | ||
| 0xC3000610 || [[#PrepareEsDeviceUniqueKey]] | | 0xC3000610 || [[#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey]] | ||
|- | |- | ||
| 0xC3000011 || [[#LoadPreparedAesKey]] | | 0xC3000011 || [[#LoadPreparedAesKey|LoadPreparedAesKey]] | ||
|- | |- | ||
| 0xC3000012 || [2.0.0+] [[#PrepareEsCommonKey]] | | 0xC3000012 || [2.0.0+] [[#PrepareEsCommonKey|PrepareEsCommonKey]] | ||
|} | |} | ||
Line 77: | Line 77: | ||
** This means: Plaintext kek keys never leave TrustZone. | ** This means: Plaintext kek keys never leave TrustZone. | ||
** Further, this means: Actual AES/RSA keys never leave TrustZone. | ** Further, this means: Actual AES/RSA keys never leave TrustZone. | ||
=== GenerateRandomBytes === | |||
Takes an u64 '''Size'''. Returns [[#Result]] and '''RandomBytes'''. | |||
'''Size''' is limited to 0x38 (for fitting in return registers). | |||
=== GenerateAesKek === | === GenerateAesKek === | ||
Line 155: | Line 160: | ||
! Value || Name | ! Value || Name | ||
|- | |- | ||
| 0xC4000001 || [[#SuspendCpu]] | | 0xC4000001 || [[#SuspendCpu|SuspendCpu]] | ||
|- | |- | ||
| 0x84000002 || [[#PowerOffCpu]] | | 0x84000002 || [[#PowerOffCpu|PowerOffCpu]] | ||
|- | |- | ||
| 0xC4000003 || [[#PowerOnCpu]] | | 0xC4000003 || [[#PowerOnCpu|PowerOnCpu]] | ||
|- | |- | ||
| 0xC3000004 || [[#GetConfig]] (same as in [[#FunctionId0]]) | | 0xC3000004 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId0]]) | ||
|- | |- | ||
| 0xC3000005 || [[#GenerateRandomBytes|GenerateRandomBytesNonBlock]] (same as in [[#FunctionId0]]) | | 0xC3000005 || [[#GenerateRandomBytes|GenerateRandomBytesNonBlock]] (same as in [[#FunctionId0]]) | ||
|- | |- | ||
| 0xC3000006 || [[#ShowError]] | | 0xC3000006 || [[#ShowError|ShowError]] | ||
|- | |- | ||
| 0xC3000007 || [2.0.0+] [[#SetKernelCarveoutRegion]] | | 0xC3000007 || [2.0.0+] [[#SetKernelCarveoutRegion|SetKernelCarveoutRegion]] | ||
|- | |- | ||
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]] | | 0xC3000008 || [2.0.0+] [[#ReadWriteRegister|ReadWriteRegister]] | ||
|} | |} | ||