Secure Monitor: Difference between revisions

No edit summary
Line 31: Line 31:
| 0xC3000401 || SetConfig
| 0xC3000401 || SetConfig
|-
|-
| 0xC3000002 || [[#GetConfig]] (same as in [[#FunctionId1]])
| 0xC3000002 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId1]])
|-
|-
| 0xC3000003 || GetResult
| 0xC3000003 || GetResult
Line 39: Line 39:
| 0xC3000E05 || ModularExponentiate
| 0xC3000E05 || ModularExponentiate
|-
|-
| 0xC3000006 || [[#GenerateRandomBytes]] (same as in [[#FunctionId1]])
| 0xC3000006 || [[#GenerateRandomBytes|GenerateRandomBytes]] (same as in [[#FunctionId1]])
|-
|-
| 0xC3000007 || [[#GenerateAesKek]]
| 0xC3000007 || [[#GenerateAesKek|GenerateAesKek]]
|-
|-
| 0xC3000008 || [[#LoadAesKey]]
| 0xC3000008 || [[#LoadAesKey|LoadAesKey]]
|-
|-
| 0xC3000009 || [[#ComputeAes]]
| 0xC3000009 || [[#ComputeAes|ComputeAes]]
|-
|-
| 0xC300000A || [[#GenerateSpecificAesKey]]
| 0xC300000A || [[#GenerateSpecificAesKey|GenerateSpecificAesKey]]
|-
|-
| 0xC300040B || [[#ComputeCmac]]
| 0xC300040B || [[#ComputeCmac|ComputeCmac]]
|-
|-
| [1.0.0-4.1.0] 0xC300100C || [[#DecryptAndImportEsDeviceKey]]
| [1.0.0-4.1.0] 0xC300100C || [[#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey]]
|-
|-
| [5.0.0+] 0xC300D60C || [[#ReencryptDeviceUniqueData]]
| [5.0.0+] 0xC300D60C || [[#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData]]
|-
|-
| 0xC300100D || [[#DecryptDeviceUniqueData]]
| 0xC300100D || [[#DecryptDeviceUniqueData|DecryptDeviceUniqueData]]
|-
|-
| [1.0.0-4.1.0] 0xC300100E || [[#DecryptAndImportLotusKey]]
| [1.0.0-4.1.0] 0xC300100E || [[#DecryptAndImportLotusKey|DecryptAndImportLotusKey]]
|-
|-
| 0xC300060F || [[#ModularExponentiateByStorageKey]]
| 0xC300060F || [[#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey]]
|-
|-
| 0xC3000610 || [[#PrepareEsDeviceUniqueKey]]
| 0xC3000610 || [[#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey]]
|-
|-
| 0xC3000011 || [[#LoadPreparedAesKey]]
| 0xC3000011 || [[#LoadPreparedAesKey|LoadPreparedAesKey]]
|-
|-
| 0xC3000012 || [2.0.0+] [[#PrepareEsCommonKey]]
| 0xC3000012 || [2.0.0+] [[#PrepareEsCommonKey|PrepareEsCommonKey]]
|}
|}


Line 77: Line 77:
** This means: Plaintext kek keys never leave TrustZone.
** This means: Plaintext kek keys never leave TrustZone.
** Further, this means: Actual AES/RSA keys never leave TrustZone.
** Further, this means: Actual AES/RSA keys never leave TrustZone.
=== GenerateRandomBytes ===
Takes an u64 '''Size'''. Returns [[#Result]] and '''RandomBytes'''.
'''Size''' is limited to 0x38 (for fitting in return registers).


=== GenerateAesKek ===
=== GenerateAesKek ===
Line 155: Line 160:
! Value || Name
! Value || Name
|-
|-
| 0xC4000001 || [[#SuspendCpu]]
| 0xC4000001 || [[#SuspendCpu|SuspendCpu]]
|-
|-
| 0x84000002 || [[#PowerOffCpu]]
| 0x84000002 || [[#PowerOffCpu|PowerOffCpu]]
|-
|-
| 0xC4000003 || [[#PowerOnCpu]]
| 0xC4000003 || [[#PowerOnCpu|PowerOnCpu]]
|-
|-
| 0xC3000004 || [[#GetConfig]] (same as in [[#FunctionId0]])
| 0xC3000004 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId0]])
|-
|-
| 0xC3000005 || [[#GenerateRandomBytes|GenerateRandomBytesNonBlock]] (same as in [[#FunctionId0]])
| 0xC3000005 || [[#GenerateRandomBytes|GenerateRandomBytesNonBlock]] (same as in [[#FunctionId0]])
|-
|-
| 0xC3000006 || [[#ShowError]]
| 0xC3000006 || [[#ShowError|ShowError]]
|-
|-
| 0xC3000007 || [2.0.0+] [[#SetKernelCarveoutRegion]]
| 0xC3000007 || [2.0.0+] [[#SetKernelCarveoutRegion|SetKernelCarveoutRegion]]
|-
|-
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]]
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister|ReadWriteRegister]]
|}
|}