Secure Monitor: Difference between revisions
(39 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
= Secure Monitor Calls = | = Secure Monitor Calls = | ||
The secure monitor provides two top level handlers of which each provides a range of sub handlers. | The secure monitor provides two top level handlers of which each provides a range of sub handlers. | ||
Secure Monitor | Secure Monitor calls follow the ARM SMC calling convention with a small change: | ||
{| class=wikitable | {| class=wikitable | ||
! | ! Bits || Description | ||
|- | |- | ||
| | | 0-7 || Function Number | ||
|- | |- | ||
| | | 8-15 || Argument Type | ||
|- | |- | ||
| | | 16-23 || Reserved | ||
|- | |- | ||
| | | 24-29 || Call Range | ||
|- | |- | ||
| | | 30 || Call Convention (0 = SMC32, 1 = SMC64) | ||
|- | |- | ||
| | | 31 || Call Type (0 = Yielding Call, 1 = Fast Call) | ||
|} | |} | ||
Line 24: | Line 23: | ||
SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call. | SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call. | ||
== | == FunctionId0 == | ||
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. | Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. SMCs should be called from CPUID 3 (where SPL runs). | ||
{| class=wikitable | {| class=wikitable | ||
! | ! Value || Name | ||
|- | |- | ||
| 0xC3000401 || SetConfig | | 0xC3000401 || SetConfig | ||
|- | |- | ||
| 0xC3000002 || GetConfig ( | | 0xC3000002 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId1]]) | ||
|- | |- | ||
| 0xC3000003 || | | 0xC3000003 || GetResult | ||
|- | |- | ||
| 0xC3000404 || | | 0xC3000404 || GetResultData | ||
|- | |- | ||
| 0xC3000E05 || | | 0xC3000E05 || ModularExponentiate | ||
|- | |- | ||
| 0xC3000006 || | | 0xC3000006 || [[#GenerateRandomBytes|GenerateRandomBytes]] (same as in [[#FunctionId1]]) | ||
|- | |- | ||
| 0xC3000007 || [[#GenerateAesKek]] | | 0xC3000007 || [[#GenerateAesKek|GenerateAesKek]] | ||
|- | |- | ||
| 0xC3000008 || [[#LoadAesKey]] | | 0xC3000008 || [[#LoadAesKey|LoadAesKey]] | ||
|- | |- | ||
| 0xC3000009 || [[# | | 0xC3000009 || [[#ComputeAes|ComputeAes]] | ||
|- | |- | ||
| 0xC300000A || [[#GenerateSpecificAesKey]] | | 0xC300000A || [[#GenerateSpecificAesKey|GenerateSpecificAesKey]] | ||
|- | |- | ||
| 0xC300040B || [[#ComputeCmac]] | | 0xC300040B || [[#ComputeCmac|ComputeCmac]] | ||
|- | |- | ||
| [1.0.0-4.1.0] 0xC300100C || [[# | | [1.0.0-4.1.0] 0xC300100C || [[#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey]] | ||
|- | |- | ||
| [5.0.0+] 0xC300D60C || [[# | | [5.0.0+] 0xC300D60C || [[#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData]] | ||
|- | |- | ||
| | | 0xC300100D || [[#DecryptDeviceUniqueData|DecryptDeviceUniqueData]] | ||
|- | |- | ||
| [ | | [1.0.0-4.1.0] 0xC300100E || [[#DecryptAndImportLotusKey|DecryptAndImportLotusKey]] | ||
|- | |- | ||
| | | 0xC300060F || [[#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey]] | ||
|- | |- | ||
| | | 0xC3000610 || [[#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey]] | ||
|- | |- | ||
| | | 0xC3000011 || [[#LoadPreparedAesKey|LoadPreparedAesKey]] | ||
|- | |- | ||
| 0xC3000012 || [2.0.0+] [[#PrepareEsCommonKey|PrepareEsCommonKey]] | |||
| 0xC3000012 || [2.0.0+] | |||
|} | |} | ||
Line 81: | Line 78: | ||
** Further, this means: Actual AES/RSA keys never leave TrustZone. | ** Further, this means: Actual AES/RSA keys never leave TrustZone. | ||
=== GenerateRandomBytes === | |||
Takes an u64 '''Size'''. Returns [[#Result]] and '''RandomBytes'''. | |||
'''Size''' is limited to 0x38 (for fitting in return registers). | |||
=== GenerateAesKek === | === GenerateAesKek === | ||
Takes an "access key" as input, an [[# | Takes an "access key" as input, an [[#CryptoUsecase]]. | ||
Returns a session-unique kek for said usecase. | Returns a session-unique kek for said usecase. | ||
Line 92: | Line 91: | ||
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key. | Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase Aes]]. | ||
=== | === ComputeAes === | ||
Encrypts/decrypts using | Encrypts/decrypts using AES (CTR and CBC). Takes an [[#CipherMode]]. | ||
Key must be set prior using one of the [[#LoadAesKey]] | Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands. | ||
=== GenerateSpecificAesKey === | === GenerateSpecificAesKey === | ||
Takes a wrapped AES key and decrypts it using static data. | |||
=== | === ComputeCmac === | ||
Calculates CMAC over input data. | |||
=== DecryptAndImportEsDeviceKey === | |||
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key. | Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase TitleKey]]. | ||
[5.0.0] This function was removed and replaced with [[#ReencryptDeviceUniqueData]]. | |||
=== | === ReencryptDeviceUniqueData === | ||
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key. | Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key. | ||
Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid. | Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid. | ||
The re-encrypted key is then passed to the user, for use with [[# | The re-encrypted key is then passed to the user, for use with [[#DecryptDeviceUniqueData]]. | ||
=== | === DecryptDeviceUniqueData === | ||
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key. | Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key. | ||
The session kek must have been created with [[# | The session kek must have been created with [[#CryptoUsecase|CryptoUsecase RsaPrivate]]. | ||
[4.0.0+] The SMC handler when certain conditions pass and | [4.0.0+] The SMC handler when certain conditions pass and FunctionId0==0xC300100D now returns error 0x6 instead of calling the handler funcptr. | ||
[5.0.0+] This function now takes an additional input [[#DecryptOrImportMode]]. This extends the original functionality to enable importing private keys into the security engine instead of decrypting them. | |||
=== DecryptAndImportLotusKey === | |||
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key. | |||
The session kek must have been created with [[#CryptoUsecase|CryptoUsecase RsaSecureExpMod]]. | |||
[5.0.0] This function was removed. | |||
=== ModularExponentiateByStorageKey === | |||
Performs an ExpMod operation using an exponent previously loaded with the [[#DecryptAndImportLotusKey]] command. | |||
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptDeviceUniqueData]] and takes an [[#SecureExpModMode]]. | |||
=== | === PrepareEsDeviceUniqueKey === | ||
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash. | Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash. | ||
Performs an | Performs an ExpMod operation using an exponent previously loaded with the [[#DecryptAndImportEsDeviceKey]] command, and then validates/extracts a Titlekey from the resulting message. | ||
Returns a session-unique AES key especially for use in [[#LoadTitleKey]]. | Returns a session-unique AES key especially for use in [[#LoadTitleKey]]. | ||
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptDeviceUniqueData]]. | |||
=== | === LoadPreparedAesKey === | ||
Takes a session-unique AES key from [[#PrepareEsCommonKey]] or [[#PrepareEsDeviceUniqueKey]]. | |||
=== PrepareEsCommonKey === | |||
Takes an AES-wrapped common TitleKey and returns a sealed AES key. | |||
== | == FunctionId1 == | ||
Functions exposed to the kernel internally. | Functions exposed to the kernel internally. | ||
{| class=wikitable | {| class=wikitable | ||
! | ! Value || Name | ||
|- | |- | ||
| 0xC4000001 || [[# | | 0xC4000001 || [[#SuspendCpu|SuspendCpu]] | ||
|- | |- | ||
| 0x84000002 || [[# | | 0x84000002 || [[#PowerOffCpu|PowerOffCpu]] | ||
|- | |- | ||
| 0xC4000003 || [[# | | 0xC4000003 || [[#PowerOnCpu|PowerOnCpu]] | ||
|- | |- | ||
| 0xC3000004 || [[#GetConfig]] ( | | 0xC3000004 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId0]]) | ||
|- | |- | ||
| 0xC3000005 || [[# | | 0xC3000005 || [[#GenerateRandomBytes|GenerateRandomBytesNonBlocking]] | ||
|- | |- | ||
| 0xC3000006 || [[# | | 0xC3000006 || [[#ShowError|ShowError]] | ||
|- | |- | ||
| 0xC3000007 || [2.0.0+] [[# | | 0xC3000007 || [2.0.0+] [[#SetKernelCarveoutRegion|SetKernelCarveoutRegion]] | ||
|- | |- | ||
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]] | | 0xC3000008 || [2.0.0+] [[#ReadWriteRegister|ReadWriteRegister]] | ||
|} | |} | ||
=== | === SuspendCpu === | ||
Takes an u64 '''PowerState''', an u64 '''EntrypointAddress''' and an u64 '''ContextId'''. No output. | |||
Suspends the CPU (CPU0). | |||
== | The kernel calls this SMC on shutdown with '''PowerState''' set to 0x0201001B (power level: 0x02==system; power type: 0x01==powerdown; ID: 0x1B). | ||
=== | === PowerOffCpu === | ||
No input/output. | |||
Turns off the CPU (CPU1, CPU2 or CPU3). | |||
=== PowerOnCpu === | |||
Takes an u64 '''TargetCpu''', an u64 '''EntrypointAddress''' and an u64 '''ContextId'''. Returns [[#Result]]. | |||
Turns on the CPU (CPU1, CPU2 or CPU3). | |||
=== GetConfig === | === GetConfig === | ||
Takes a | Takes a [[#ConfigItem]]. Returns [[#Result]] and a '''ConfigValue'''. | ||
==== ConfigItem ==== | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! Value || Name | ||
|- | |- | ||
| 1 || [[#DisableProgramVerification]] | | 1 || [[#DisableProgramVerification]] | ||
Line 207: | Line 206: | ||
| 2 || [[#DramId]] | | 2 || [[#DramId]] | ||
|- | |- | ||
| 3 || [[# | | 3 || [[#SecurityEngineInterruptNumber]] | ||
|- | |- | ||
| 4 || [[# | | 4 || [[#FuseVersion]] | ||
|- | |- | ||
| 5 || [[#HardwareType]] | | 5 || [[#HardwareType]] | ||
|- | |- | ||
| 6 || [[# | | 6 || [[#HardwareState]] | ||
|- | |- | ||
| 7 || [[#IsRecoveryBoot]] | | 7 || [[#IsRecoveryBoot]] | ||
Line 221: | Line 220: | ||
| 9 || [1.0.0-4.0.0] [[#BootReason]] | | 9 || [1.0.0-4.0.0] [[#BootReason]] | ||
|- | |- | ||
| 10 || [[# | | 10 || [[#MemoryMode]] | ||
|- | |- | ||
| 11 || [[# | | 11 || [[#IsDevelopmentFunctionEnabled]] | ||
|- | |- | ||
| 12 || [[#KernelConfiguration]] | | 12 || [[#KernelConfiguration]] | ||
Line 229: | Line 228: | ||
| 13 || [[#IsChargerHiZModeEnabled]] | | 13 || [[#IsChargerHiZModeEnabled]] | ||
|- | |- | ||
| 14 || [4.0.0+] [[# | | 14 || [4.0.0+] [[#QuestState]] | ||
|- | |- | ||
| 15 || [5.0.0+] [[# | | 15 || [5.0.0+] [[#RegulatorType]] | ||
|- | |- | ||
| 16 || [5.0.0+] [[# | | 16 || [5.0.0+] [[#DeviceUniqueKeyGeneration]] | ||
|- | |- | ||
| 17 || [5.0.0+] [[#Package2Hash]] | | 17 || [5.0.0+] [[#Package2Hash]] | ||
|} | |} | ||
==== DisableProgramVerification ==== | ===== DisableProgramVerification ===== | ||
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false). | [[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false). | ||
==== DramId ==== | ===== DramId ===== | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! Value | ||
! | ! Description | ||
|- | |||
| 0 | |||
| EristaIcosaSamsung4gb | |||
|- | |||
| 1 | |||
| EristaIcosaHynix4gb | |||
|- | |||
| 2 | |||
| EristaIcosaMicron4gb | |||
|- | |||
| 3 | |||
| EristaCopperSamsung4gb | |||
|- | |||
| 4 | |||
| EristaIcosaSamsung6gb | |||
|- | |||
| 5 | |||
| [4.0.0+] EristaCopperHynix4gb | |||
|- | |||
| 6 | |||
| [4.0.0+] EristaCopperMicron4gb | |||
|- | |||
| 7 | |||
| [5.0.0+] MarikoIowax1x2Samsung4gb ([4.0.0-4.1.0] Reserved) | |||
|- | |||
| 8 | |||
| [5.0.0+] MarikoIowaSamsung4gb | |||
|- | |||
| 9 | |||
| [5.0.0+] MarikoIowaSamsung8gb | |||
|- | |||
| 10 | |||
| [6.0.0+] MarikoIowaHynix4gb ([5.0.0-5.1.0] Reserved) | |||
|- | |- | ||
| | | 11 | ||
| | | [7.0.0+] MarikoIowaMicron4gb ([5.0.0-6.2.0] Reserved) | ||
|- | |- | ||
| | | 12 | ||
| | | [5.0.0+] MarikoHoagSamsung4gb | ||
|- | |- | ||
| | | 13 | ||
| | | [5.0.0+] MarikoHoagSamsung8gb | ||
|- | |- | ||
| | | 14 | ||
| | | [7.0.0+] MarikoHoagHynix4gb ([5.0.0-6.2.0] Reserved) | ||
|- | |- | ||
| | | 15 | ||
| | | [7.0.0+] MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved) | ||
|- | |- | ||
| | | 16 | ||
| | | [8.0.0+] MarikoIowaSamsung4gbY | ||
|- | |- | ||
| | | 17 | ||
| | | [9.0.0+] MarikoIowaSamsung1y4gbX | ||
|- | |- | ||
| | | 18 | ||
| | | [9.0.0+] MarikoIowaSamsung1y8gbX | ||
|- | |- | ||
| | | 19 | ||
| | | [9.0.0+] MarikoHoagSamsung1y4gbX | ||
|- | |- | ||
| | | 20 | ||
| | | [9.0.0+] MarikoIowaSamsung1y4gbY | ||
|- | |- | ||
| | | 21 | ||
| | | [9.0.0+] MarikoIowaSamsung1y8gbY | ||
|- | |- | ||
| | | 22 | ||
| | | [9.0.0+] MarikoIowaSamsung1y4gbA | ||
|- | |- | ||
| | | 23 | ||
| | | [10.0.0+] MarikoUnkSamsung1y8gbX | ||
|- | |- | ||
| | | 24 | ||
| | | [10.0.0+] MarikoUnkSamsung1y4gbX | ||
|} | |} | ||
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | |||
[[PCV_services|PCV]] selects memory training tables based on DramId. | [[PCV_services|PCV]] selects memory training tables based on DramId. | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! SocType | ||
! | ! Platform | ||
! | ! DramId | ||
! | ! Revision | ||
! DVFS | |||
|- | |- | ||
| | | Erista | ||
| | | jetson-tx1 | ||
| | | N/A | ||
| 0x07 | |||
| | | | ||
11_40800_01_V9.8.3_V1.6 | 11_40800_01_V9.8.3_V1.6 | ||
Line 315: | Line 349: | ||
11_1600000_02_V9.8.3_V1.6 | 11_1600000_02_V9.8.3_V1.6 | ||
|- | |- | ||
| nx-abca2 | | Erista | ||
| | | nx-abcb | ||
| | | EristaIcosaSamsung4gb | ||
| 0x07 | |||
| | |||
10_40800_NoCfgVersion_V9.8.7_V1.6 | |||
10_68000_NoCfgVersion_V9.8.7_V1.6 | |||
10_102000_NoCfgVersion_V9.8.7_V1.6 | |||
10_204000_NoCfgVersion_V9.8.7_V1.6 | |||
10_408000_NoCfgVersion_V9.8.7_V1.6 | |||
10_665600_NoCfgVersion_V9.8.7_V1.6 | |||
10_800000_NoCfgVersion_V9.8.7_V1.6 | |||
10_1065600_NoCfgVersion_V9.8.7_V1.6 | |||
10_1331200_NoCfgVersion_V9.8.7_V1.6 | |||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | |||
|- | |||
| Erista | |||
| nx-abcb | |||
| EristaIcosaMicron4gb | |||
| 0x07 | |||
| | |||
10_40800_NoCfgVersion_V9.8.4_V1.6 | |||
10_68000_NoCfgVersion_V9.8.4_V1.6 | |||
10_102000_NoCfgVersion_V9.8.4_V1.6 | |||
10_204000_NoCfgVersion_V9.8.4_V1.6 | |||
10_408000_NoCfgVersion_V9.8.4_V1.6 | |||
10_665600_NoCfgVersion_V9.8.4_V1.6 | |||
10_800000_NoCfgVersion_V9.8.4_V1.6 | |||
10_1065600_NoCfgVersion_V9.8.4_V1.6 | |||
10_1331200_NoCfgVersion_V9.8.4_V1.6 | |||
10_1600000_NoCfgVersion_V9.8.4_V1.6 | |||
|- | |||
| Erista | |||
| nx-abcb | |||
| EristaIcosaHynix4gb | |||
| 0x07 | |||
| | |||
10_40800_NoCfgVersion_V9.8.4_V1.6 | |||
10_68000_NoCfgVersion_V9.8.4_V1.6 | |||
10_102000_NoCfgVersion_V9.8.4_V1.6 | |||
10_204000_NoCfgVersion_V9.8.4_V1.6 | |||
10_408000_NoCfgVersion_V9.8.4_V1.6 | |||
10_665600_NoCfgVersion_V9.8.4_V1.6 | |||
10_800000_NoCfgVersion_V9.8.4_V1.6 | |||
10_1065600_NoCfgVersion_V9.8.4_V1.6 | |||
10_1331200_NoCfgVersion_V9.8.4_V1.6 | |||
10_1600000_NoCfgVersion_V9.8.4_V1.6 | |||
|- | |||
| Erista | |||
| nx-abca2 | |||
| EristaIcosaSamsung4gb, EristaIcosaMicron4gb | |||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 330: | Line 413: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | Erista | ||
| | | nx-abca2 | ||
| | | EristaIcosaHynix4gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 345: | Line 429: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | Erista | ||
| | | nx-abca2 | ||
| | | EristaIcosaSamsung6gb | ||
| 0x07 | |||
| | | | ||
10_40800_NoCfgVersion_V9.8.7_V1.6 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | ||
Line 360: | Line 445: | ||
10_1600000_NoCfgVersion_V9.8.7_V1.6 | 10_1600000_NoCfgVersion_V9.8.7_V1.6 | ||
|- | |- | ||
| | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowax1x2Samsung4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.3.1_V2.0 | 01_204000_NoCfgVersion_V0.3.1_V2.0 | ||
Line 368: | Line 454: | ||
01_1600000_NoCfgVersion_V0.3.1_V2.0 | 01_1600000_NoCfgVersion_V0.3.1_V2.0 | ||
|- | |- | ||
| | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowaSamsung4gb, MarikoHoagSamsung4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.3.1_V2.0 | 01_204000_NoCfgVersion_V0.3.1_V2.0 | ||
Line 376: | Line 463: | ||
01_1600000_NoCfgVersion_V0.3.1_V2.0 | 01_1600000_NoCfgVersion_V0.3.1_V2.0 | ||
|- | |- | ||
| | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowaSamsung8gb, MarikoHoagSamsung8gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.4.2_V2.0 | 01_204000_NoCfgVersion_V0.4.2_V2.0 | ||
Line 384: | Line 472: | ||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | 01_1600000_NoCfgVersion_V0.4.2_V2.0 | ||
|- | |- | ||
| | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowaHynix4gb, MarikoHoagHynix4gb | ||
| 0x03 | |||
| | | | ||
01_204000_NoCfgVersion_V0.3.1_V2.0 | 01_204000_NoCfgVersion_V0.3.1_V2.0 | ||
Line 392: | Line 481: | ||
01_1600000_NoCfgVersion_V0.3.1_V2.0 | 01_1600000_NoCfgVersion_V0.3.1_V2.0 | ||
|- | |- | ||
| nx-abcb | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowaMicron4gb, MarikoHoagMicron4gb | ||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| Mariko | |||
| nx-abca2, nx-abcb, nx-abcc, nx-abcd | |||
| MarikoIowaSamsung4gbY | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| Mariko | |||
| nx-abca2, nx-abcb, nx-abcc, nx-abcd | |||
| MarikoIowaSamsung1y4gbX | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| Mariko | |||
| nx-abca2, nx-abcb, nx-abcc, nx-abcd | |||
| MarikoIowaSamsung1y8gbX | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| Mariko | |||
| nx-abca2, nx-abcb, nx-abcc, nx-abcd | |||
| MarikoHoagSamsung1y4gbX | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |||
| Mariko | |||
| nx-abca2, nx-abcb, nx-abcc, nx-abcd | |||
| MarikoIowaSamsung1y4gbY | |||
| 0x03 | |||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |- | ||
| | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowaSamsung1y8gbY | ||
| | | 0x03 | ||
| | |||
01_204000_NoCfgVersion_V0.4.2_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.2_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.2_V2.0 | |||
|- | |- | ||
| | | Mariko | ||
| | | nx-abca2, nx-abcb, nx-abcc, nx-abcd | ||
| | | MarikoIowaSamsung1y4gbA | ||
| | | 0x03 | ||
| | |||
01_204000_NoCfgVersion_V0.4.5_V2.0 | |||
01_1331200.0_NoCfgVersion_V0.4.5_V2.0 | |||
01_1600000_NoCfgVersion_V0.4.5_V2.0 | |||
|} | |} | ||
nx-abcb (Copper) is | '''nx-abca2''' ('''Icosa''' in '''Erista''', '''Iowa''' in '''Mariko''') hardware types are variations of the retail, EDEV and SDEV form factors. | ||
'''nx-abcb''' ('''Copper''' in '''Erista''', '''Calcio''' in '''Mariko''') is a prototype unit. Among other differences, this has extra hardware to support HDMI output. | |||
nx- | [8.0.0+] '''nx-abcc''' ('''Hoag''') was added for the Lite retail and HDEV form factors. | ||
==== | [10.0.0+] '''nx-abcd''' was added. | ||
'''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X. | |||
===== SecurityEngineInterruptNumber ===== | |||
SPL uses this for setting up the security engine IRQ. | SPL uses this for setting up the security engine IRQ. | ||
==== | ===== FuseVersion ===== | ||
The current [[Package2#Versions| | The current [[Package2#Versions|bootloader maximum version]] - 1. | ||
==== HardwareType ==== | ===== HardwareType ===== | ||
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | {| class=wikitable | ||
! Value || Description | |||
|- | |||
| 0 || Icosa | |||
|- | |||
| 1 || Copper | |||
|- | |||
| 2 || [8.0.0+] Hoag ([1.0.0-7.0.1] Invalid) | |||
|- | |||
| 3 || [4.0.0+] Iowa | |||
|- | |||
| 4 || [8.0.0+] Calcio | |||
|- | |||
| 5 || [10.0.0+] Unknown | |||
|- | |||
| 15 || Invalid | |||
|} | |||
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | |||
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | |||
[7.0.0+] This item can now only be 0 (Icosa) or 15 (Invalid) in Erista units. | |||
Hardware is '''Icosa''' (Erista retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 1 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 0. | |||
Hardware is '''Copper''' (Erista prototype) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1. | |||
[4.0.0+] Hardware is '''Iowa''' (Mariko retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 1. | |||
[8.0.0+] Hardware is '''Hoag''' (Mariko Lite retail and HDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 2. | |||
[8.0.0+] Hardware is '''Calcio''' (Mariko prototype) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1. | |||
[10.0.0+] Hardware is '''Unknown''' if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 4. | |||
===== HardwareState ===== | |||
{| class=wikitable | |||
! Value || Description | |||
|- | |||
| 0 || Development | |||
|- | |||
| 1 || Production | |||
|- | |||
| 2 || Invalid | |||
|} | |||
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | |||
Hardware is '''Development''' if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState1]] (bits 0-1) is 3 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState2]] (bit 9) is 0. | |||
Hardware is '''Production''' if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState1]] (bits 0-1) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState2]] (bit 9) is 1. | |||
==== IsRecoveryBoot ==== | ===== IsRecoveryBoot ===== | ||
Used to determine if the system is booting from SafeMode firmware. | Used to determine if the system is booting from SafeMode firmware. | ||
==== DeviceId ==== | Under normal circumstances, this just returns bit 0 of the active [[BCT#bootloader0_info|bootloader info]]'s attribute field. | ||
===== DeviceId ===== | |||
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown. | [[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown. | ||
==== BootReason ==== | ===== BootReason ===== | ||
{| class=wikitable | |||
! Value || Description | |||
|- | |||
| 0 || Invalid | |||
|- | |||
| 1 || AcOk | |||
|- | |||
| 2 || OnKey | |||
|- | |||
| 3 || RtcAlarm1 | |||
|- | |||
| 4 || RtcAlarm2 | |||
|} | |||
Used to determine how the system booted. | Used to determine how the system booted. | ||
==== | ===== MemoryMode ===== | ||
[[Process Manager services|PM]] | {| class="wikitable" border="1" | ||
|- | |||
! Bits | |||
! Description | |||
|- | |||
| 0-3 | |||
| Purpose (0 = None, 1 = ForStandard, 2 = ForAppletDev, 3 = ForSystemDev) | |||
|- | |||
| 4-7 | |||
| Size (0 = 4GB, 1 = 6GB, 2 = 8GB) | |||
|} | |||
[[Process Manager services|PM]] and the kernel decide memory arrangement based on MemoryMode. | |||
{| class="wikitable" border="1" | |||
|- | |||
! MemoryArrange | |||
! MemoryMode | |||
! Description | |||
|- | |||
| 0 | |||
| 0x01 | |||
| Standard | |||
|- | |||
| 1 | |||
| 0x02 | |||
| StandardForAppletDev | |||
|- | |||
| 2 | |||
| 0x03 | |||
| StandardForSystemDev | |||
|- | |||
| 3 | |||
| 0x11 | |||
| Expanded | |||
|- | |||
| 4 | |||
| 0x12 | |||
| ExpandedForAppletDev | |||
|- | |||
| 5 | |||
| 0x21 | |||
| ExpandedForMarikoDev | |||
|} | |||
==== | ===== IsDevelopmentFunctionEnabled ===== | ||
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail. | Kernel uses this to determine behavior of [[SVC#svcBreak|svcBreak]] positive arguments. It will break instead of just force-exiting the process which is what happens on retail. | ||
[2.0.0+] This is also used with certain debug [[SVC|SVCs]]. | [2.0.0+] This is also used with certain debug [[SVC|SVCs]]. | ||
Line 477: | Line 701: | ||
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed. | [3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed. | ||
===== KernelConfiguration ===== | |||
{| class="wikitable" border="1" | |||
|- | |||
! Bits | |||
! Description | |||
|- | |||
| 0 | |||
| EnableNonZeroFillMemory | |||
|- | |||
| 1 | |||
| EnableUserExceptionHandler | |||
|- | |||
| 2 | |||
| PerformanceMonitoringUnit | |||
|- | |||
| 3 | |||
| [8.0.0+] EnableApplicationExtraThread | |||
|- | |||
| 8 | |||
| CallShowErrorOnPanic | |||
|- | |||
| 16-17 | |||
| MemorySize | |||
|} | |||
Kernel reads this when setting up memory-related code. | |||
Kernel reads this when setting up memory-related code. | |||
'''EnableNonZeroFillMemory''' is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. | |||
'''EnableUserExceptionHandler''' is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers). | |||
'''PerformanceMonitoringUnit''' is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0). | |||
'''EnableApplicationExtraThread''' is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads. | |||
'''CallShowErrorOnPanic''' is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping. | |||
==== IsChargerHiZModeEnabled ==== | '''MemorySize''' determines how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB. | ||
===== IsChargerHiZModeEnabled ===== | |||
This tells if the TI Charger (bq24192) is active. | This tells if the TI Charger (bq24192) is active. | ||
==== | ===== QuestState ===== | ||
{| class=wikitable | |||
! Value || Description | |||
|- | |||
| 0 || Disabled | |||
|- | |||
| 1 || Enabled | |||
|} | |||
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. | ||
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores. | [4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores. | ||
==== | ===== RegulatorType ===== | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
! | ! Value | ||
! | ! SocType | ||
! GPU | |||
! Power Blocks | |||
|- | |- | ||
| | | 0 | ||
| | | Erista | ||
| GM20B (0x12B) | |||
| max77620_sd0, max77621_cpu and max77621_gpu | |||
|- | |- | ||
| | | 1 | ||
| | | Mariko | ||
| GM20B_B (0x12E) | |||
| max77620_sd0, max77812_cpu and max77812_gpu | |||
|- | |- | ||
| | | 2 | ||
| | | Mariko | ||
| GM20B_B (0x12E) | |||
| max77620_sd0, max77812_cpu and max77812_gpu | |||
|} | |} | ||
[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware. | |||
=== | ===== DeviceUniqueKeyGeneration ===== | ||
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2. | |||
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey". | |||
=== | ===== Package2Hash ===== | ||
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead. | |||
=== ShowError === | |||
Takes an u32 '''Color''' and issues a system panic. | |||
The kernel always calls this with ''' | The kernel always calls this with '''Color''' set to 0xF00. | ||
=== | === SetKernelCarveoutRegion === | ||
Takes an u64 '''Index''', an u64 '''Address''' and an u64 '''Size'''. Returns [[#Result]]. | |||
If ''' | If '''Index''' is 0, '''Address''' and '''Size''' are used to configure '''MC_SECURITY_CARVEOUT4'''. | ||
If ''' | If '''Index''' is 1, '''Address''' and '''Size''' are used to configure '''MC_SECURITY_CARVEOUT5'''. | ||
Any other ''' | Any other '''Index''' values are invalid. | ||
The kernel calls this with ''' | The kernel calls this with '''Index''' set to 0, '''Address''' set to 0x80060000 and '''Size''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions. | ||
=== ReadWriteRegister === | === ReadWriteRegister === | ||
Takes an u64 '''Register''', an u32 '''Mask''' and an u32 '''InValue'''. Returns [[#Result]] and an u32 '''OutValue'''. | |||
Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor. | Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor. | ||
= | = CryptoUsecase = | ||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || Aes | |||
|- | |||
| 1 || RsaPrivate | |||
|- | |||
| 2 || SecureExpMod | |||
|- | |||
| 3 || RsaOaep | |||
|- | |||
| 4 || [5.0.0+] RsaImport | |||
|- | |||
| 5 || [5.0.0+] | |||
|- | |||
| 6 || [5.0.0+] | |||
|} | |||
= CipherMode = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || CbcEncrypt | |||
|- | |||
| 1 || CbcDecrypt | |||
|- | |||
| 2 || Ctr | |||
|} | |||
= DecryptOrImportMode = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || DecryptRsaPrivateKey | |||
|- | |||
| 1 || ImportLotusKey | |||
|- | |||
| 2 || ImportEsKey | |||
|- | |||
| 3 || ImportSslKey | |||
|- | |||
| 4 || ImportDrmKey | |||
|} | |||
= SecureExpModMode = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || Lotus | |||
|- | |||
| 1 || Ssl | |||
|- | |||
| 2 || Drm | |||
|} | |||
= EsKeyType = | |||
{| class=wikitable | |||
! Value || Name | |||
|- | |||
| 0 || TitleKey | |||
|- | |||
| 1 || ElicenseKey | |||
|} | |||
= Result = | |||
{| class=wikitable | {| class=wikitable | ||
! Value || Description | ! Value || Description | ||
|- | |- | ||
| 2 || Invalid | | 0 || Success | ||
|- | |||
| 1 || Not implemented | |||
|- | |||
| 2 || Invalid argument | |||
|- | |||
| 3 || In progress | |||
|- | |||
| 4 || No async operation | |||
|- | |||
| 5 || Invalid async operation | |||
|- | |- | ||
| | | 6 || [8.0.0+] Not permitted | ||
|} | |} |