Secure Monitor: Difference between revisions

(39 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Secure Monitor Calls =
= Secure Monitor Calls =
The secure monitor provides two top level handlers of which each provides a range of sub handlers.
The secure monitor provides two top level handlers of which each provides a range of sub handlers.


Secure Monitor Calls follow the ARM SMC calling convention up to a small change:
Secure Monitor calls follow the ARM SMC calling convention with a small change:
{| class=wikitable
{| class=wikitable
! Bit number || Bit mask || Description
! Bits || Description
|-
|-
| 31 || 0x80000000 || Set to 0 means Yielding Call; Set to 1 means Fast Call.
| 0-7 || Function Number
|-
|-
| 30 || 0x40000000 || Set to 0 means SMC32 convention; Set to 1 means SMC64.
| 8-15 || Argument Type
|-
|-
| 29-24 || 0x3F000000 || Service Call ranges.
| 16-23 || Reserved
|-
|-
| 23-16 || 0x00FF0000 || Must be zero.
| 24-29 || Call Range
|-
|-
| 15-8 || 0x0000FF00 || Argument type. This is different from the ARM SMC calling convention.
| 30 || Call Convention (0 = SMC32, 1 = SMC64)
|-
|-
| 7-0 || 0x000000FF || Function number within the range call type.
| 31 || Call Type (0 = Yielding Call, 1 = Fast Call)
|}
|}


Line 24: Line 23:
SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call.
SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call.


== ID 0 ==
== FunctionId0 ==
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]].
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. SMCs should be called from CPUID 3 (where SPL runs).


{| class=wikitable
{| class=wikitable
! Sub-ID || Name || In || Out
! Value || Name
|-
|-
| 0xC3000401 || SetConfig || ||
| 0xC3000401 || SetConfig
|-
|-
| 0xC3000002 || GetConfig (Same as ID 1, Sub-ID 4) || ||
| 0xC3000002 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId1]])
|-
|-
| 0xC3000003 || CheckStatus || ||
| 0xC3000003 || GetResult
|-
|-
| 0xC3000404 || GetResult || ||
| 0xC3000404 || GetResultData
|-
|-
| 0xC3000E05 || ExpMod || ||
| 0xC3000E05 || ModularExponentiate
|-
|-
| 0xC3000006 || GetRandomBytes (Same as ID 1, Sub-ID 5) || ||
| 0xC3000006 || [[#GenerateRandomBytes|GenerateRandomBytes]] (same as in [[#FunctionId1]])
|-
|-
| 0xC3000007 || [[#GenerateAesKek]] || ||
| 0xC3000007 || [[#GenerateAesKek|GenerateAesKek]]
|-
|-
| 0xC3000008 || [[#LoadAesKey]] || ||
| 0xC3000008 || [[#LoadAesKey|LoadAesKey]]
|-
|-
| 0xC3000009 || [[#CryptAes]] || ||
| 0xC3000009 || [[#ComputeAes|ComputeAes]]
|-
|-
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
| 0xC300000A || [[#GenerateSpecificAesKey|GenerateSpecificAesKey]]
|-
|-
| 0xC300040B || [[#ComputeCmac]] || ||
| 0xC300040B || [[#ComputeCmac|ComputeCmac]]
|-
|-
| [1.0.0-4.1.0] 0xC300100C || [[#LoadRsaOaepKey]] || ||
| [1.0.0-4.1.0] 0xC300100C || [[#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey]]
|-
|-
| [5.0.0+] 0xC300D60C || [[#EncryptRsaKeyForImport]] || ||
| [5.0.0+] 0xC300D60C || [[#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData]]
|-
|-
| [1.0.0-4.1.0] 0xC300100D || [[#DecryptRsaPrivateKey]] || ||
| 0xC300100D || [[#DecryptDeviceUniqueData|DecryptDeviceUniqueData]]
|-
|-
| [5.0.0] 0xC300100D || [[#DecryptOrImportRsaKey]] || ||
| [1.0.0-4.1.0] 0xC300100E || [[#DecryptAndImportLotusKey|DecryptAndImportLotusKey]]
|-
|-
| [1.0.0-4.1.0] 0xC300100E || [[#LoadSecureExpModKey]] || ||
| 0xC300060F || [[#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey]]
|-
|-
| 0xC300060F || [[#SecureExpMod]] || ||
| 0xC3000610 || [[#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey]]
|-
|-
| 0xC3000610 || [[#UnwrapRsaOaepWrappedTitleKey]] || ||
| 0xC3000011 || [[#LoadPreparedAesKey|LoadPreparedAesKey]]
|-
|-
| 0xC3000011 || [[#LoadTitleKey]] || ||
| 0xC3000012 || [2.0.0+] [[#PrepareEsCommonKey|PrepareEsCommonKey]]
|-
| 0xC3000012 || [2.0.0+] UnwrapAesWrappedTitleKey || ||
|}
|}


Line 81: Line 78:
** Further, this means: Actual AES/RSA keys never leave TrustZone.
** Further, this means: Actual AES/RSA keys never leave TrustZone.


Note:
=== GenerateRandomBytes ===
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.
Takes an u64 '''Size'''. Returns [[#Result]] and '''RandomBytes'''.
 
'''Size''' is limited to 0x38 (for fitting in return registers).


=== GenerateAesKek ===
=== GenerateAesKek ===
Takes an "access key" as input, an [[#enum_CryptoUsecase]].
Takes an "access key" as input, an [[#CryptoUsecase]].


Returns a session-unique kek for said usecase.
Returns a session-unique kek for said usecase.
Line 92: Line 91:
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key.


The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_Aes]].
The session kek must have been created with [[#CryptoUsecase|CryptoUsecase Aes]].


=== CryptAes ===
=== ComputeAes ===
Encrypts/decrypts using Aes (CTR and CBC).
Encrypts/decrypts using AES (CTR and CBC). Takes an [[#CipherMode]].


Key must be set prior using one of the [[#LoadAesKey]], [[#GenerateSpecificAesKey]] or [[#LoadRsaWrappedAesKey]] commands.
Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands.


=== GenerateSpecificAesKey ===
=== GenerateSpecificAesKey ===
Todo: This one seems unrelated to [[#enum_CryptoUsecase]].
Takes a wrapped AES key and decrypts it using static data.


=== LoadRsaOaepKey ===
=== ComputeCmac ===
Calculates CMAC over input data.
 
=== DecryptAndImportEsDeviceKey ===
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.


The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaOaep]].
The session kek must have been created with [[#CryptoUsecase|CryptoUsecase TitleKey]].


This function was removed in [[5.0.0]], and replaced with [[#EncryptRsaKeyForImport]].
[5.0.0] This function was removed and replaced with [[#ReencryptDeviceUniqueData]].


=== EncryptRsaKeyForImport ===
=== ReencryptDeviceUniqueData ===
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key.
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key.


Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid.
Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid.


The re-encrypted key is then passed to the user, for use with [[#DecryptOrImportRsaKey]].
The re-encrypted key is then passed to the user, for use with [[#DecryptDeviceUniqueData]].


=== DecryptRsaPrivateKey ===
=== DecryptDeviceUniqueData ===
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key.


The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaPrivate]].
The session kek must have been created with [[#CryptoUsecase|CryptoUsecase RsaPrivate]].


[4.0.0+] The SMC handler when certain conditions pass and SMC_ID==0xC300100D now returns error 0x6 instead of calling the handler funcptr.
[4.0.0+] The SMC handler when certain conditions pass and FunctionId0==0xC300100D now returns error 0x6 instead of calling the handler funcptr.


=== DecryptOrImportRsaKey ===
[5.0.0+] This function now takes an additional input [[#DecryptOrImportMode]]. This extends the original functionality to enable importing private keys into the security engine instead of decrypting them.


This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional enum member argument.
=== DecryptAndImportLotusKey ===
 
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.


=== LoadSecureExpModKey ===
The session kek must have been created with [[#CryptoUsecase|CryptoUsecase RsaSecureExpMod]].
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.


The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]].
[5.0.0] This function was removed.


This function was removed in [[5.0.0]], and replaced with [[#EncryptRsaKeyForImport]].
=== ModularExponentiateByStorageKey ===
Performs an ExpMod operation using an exponent previously loaded with the [[#DecryptAndImportLotusKey]] command.


=== SecureExpMod ===
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptDeviceUniqueData]] and takes an [[#SecureExpModMode]].
Performs an Exp Mod operation using an exponent previously loaded with the [[#LoadSecureExpModKey]] command.


=== UnwrapRsaOaepWrappedTitleKey ===
=== PrepareEsDeviceUniqueKey ===
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash.
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash.


Performs an Exp Mod operation using an exponent previously loaded with the [[#LoadRsaOaepKey]] command, and then validates/extracts a Titlekey from the resulting message.
Performs an ExpMod operation using an exponent previously loaded with the [[#DecryptAndImportEsDeviceKey]] command, and then validates/extracts a Titlekey from the resulting message.


Returns a session-unique AES key especially for use in [[#LoadTitleKey]].
Returns a session-unique AES key especially for use in [[#LoadTitleKey]].


=== LoadTitleKey ===
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptDeviceUniqueData]].
Takes a session-unique AES key from [[#UnwrapAesWrappedTitleKey]] or [[#UnwrapRsaOaepWrappedTitleKey]].


=== enum CryptoUsecase ===
=== LoadPreparedAesKey ===
{| class=wikitable
Takes a session-unique AES key from [[#PrepareEsCommonKey]] or [[#PrepareEsDeviceUniqueKey]].
! Value || Name
 
|-
=== PrepareEsCommonKey ===
| 0 || CryptoUsecase_Aes
Takes an AES-wrapped common TitleKey and returns a sealed AES key.
|-
| 1 || CryptoUsecase_RsaPrivate
|-
| 2 || CryptoUsecase_RsaSecureExpMod
|-
| 3 || CryptoUsecase_RsaOaep
|}


== ID 1 ==
== FunctionId1 ==
Functions exposed to the kernel internally.
Functions exposed to the kernel internally.


{| class=wikitable
{| class=wikitable
! Sub-ID || Name || In || Out
! Value || Name
|-
|-
| 0xC4000001 || [[#CpuSuspend]] || X1=power_state, X2=entrypoint_addr, X3=context_id || None
| 0xC4000001 || [[#SuspendCpu|SuspendCpu]]
|-
|-
| 0x84000002 || [[#CpuOff]] || None || None
| 0x84000002 || [[#PowerOffCpu|PowerOffCpu]]
|-
|-
| 0xC4000003 || [[#CpuOn]] || X1=target_cpu, X2=entrypoint_addr, X3=context_id, X4,X5,X6,X7=0 || X0=result
| 0xC4000003 || [[#PowerOnCpu|PowerOnCpu]]
|-
|-
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
| 0xC3000004 || [[#GetConfig|GetConfig]] (same as in [[#FunctionId0]])
|-
|-
| 0xC3000005 || [[#GetRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes
| 0xC3000005 || [[#GenerateRandomBytes|GenerateRandomBytesNonBlocking]]
|-
|-
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result
| 0xC3000006 || [[#ShowError|ShowError]]
|-
|-
| 0xC3000007 || [2.0.0+] [[#ConfigureCarveout]] || X1=carveout_index, X2=region_phys_addr, X3=region_size, X4,X5,X6,X7=0 || X0=result
| 0xC3000007 || [2.0.0+] [[#SetKernelCarveoutRegion|SetKernelCarveoutRegion]]
|-
|-
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]] || X1=reg_addr, W2=rw_mask, W3=in_val, X4,X5,X6,X7=0 || X0=result, W1=out_val
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister|ReadWriteRegister]]
|}
|}


=== CpuSuspend ===
=== SuspendCpu ===
Standard ARM PCSI SMC. Suspends the CPU (CPU0).
Takes an u64 '''PowerState''', an u64 '''EntrypointAddress''' and an u64 '''ContextId'''. No output.


The kernel calls this SMC on shutdown with '''power_state''' set to 0x0201001B (power level: 0x02==system; power type: 0x01==powerdown; ID: 0x1B).
Suspends the CPU (CPU0).


=== CpuOff ===
The kernel calls this SMC on shutdown with '''PowerState''' set to 0x0201001B (power level: 0x02==system; power type: 0x01==powerdown; ID: 0x1B).
Standard ARM PCSI SMC. Turns off the CPU (CPU1, CPU2 or CPU3).


=== CpuOn ===
=== PowerOffCpu ===
Standard ARM PCSI SMC. Turns on the CPU (CPU1, CPU2 or CPU3).
No input/output.
 
Turns off the CPU (CPU1, CPU2 or CPU3).
 
=== PowerOnCpu ===
Takes an u64 '''TargetCpu''', an u64 '''EntrypointAddress''' and an u64 '''ContextId'''. Returns [[#Result]].
 
Turns on the CPU (CPU1, CPU2 or CPU3).


=== GetConfig ===
=== GetConfig ===
Takes a '''config_item''' and returns an associated '''config_val'''.
Takes a [[#ConfigItem]]. Returns [[#Result]] and a '''ConfigValue'''.


==== ConfigItem ====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! ConfigItem || Name
! Value || Name
|-
|-
| 1 || [[#DisableProgramVerification]]
| 1 || [[#DisableProgramVerification]]
Line 207: Line 206:
| 2 || [[#DramId]]
| 2 || [[#DramId]]
|-
|-
| 3 || [[#SecurityEngineIrqNumber]]
| 3 || [[#SecurityEngineInterruptNumber]]
|-
|-
| 4 || [[#Version]]
| 4 || [[#FuseVersion]]
|-
|-
| 5 || [[#HardwareType]]
| 5 || [[#HardwareType]]
|-
|-
| 6 || [[#IsRetail]]
| 6 || [[#HardwareState]]
|-
|-
| 7 || [[#IsRecoveryBoot]]
| 7 || [[#IsRecoveryBoot]]
Line 221: Line 220:
| 9 || [1.0.0-4.0.0] [[#BootReason]]
| 9 || [1.0.0-4.0.0] [[#BootReason]]
|-
|-
| 10 || [[#MemoryArrange]]
| 10 || [[#MemoryMode]]
|-
|-
| 11 || [[#IsDebugMode]]
| 11 || [[#IsDevelopmentFunctionEnabled]]
|-
|-
| 12 || [[#KernelConfiguration]]
| 12 || [[#KernelConfiguration]]
Line 229: Line 228:
| 13 || [[#IsChargerHiZModeEnabled]]
| 13 || [[#IsChargerHiZModeEnabled]]
|-
|-
| 14 || [4.0.0+] [[#IsKiosk]]
| 14 || [4.0.0+] [[#QuestState]]
|-
|-
| 15 || [5.0.0+] [[#NewHardwareType]]
| 15 || [5.0.0+] [[#RegulatorType]]
|-
|-
| 16 || [5.0.0+] [[#NewKeyGeneration]]
| 16 || [5.0.0+] [[#DeviceUniqueKeyGeneration]]
|-
|-
| 17 || [5.0.0+] [[#Package2Hash]]
| 17 || [5.0.0+] [[#Package2Hash]]
|}
|}


==== DisableProgramVerification ====
===== DisableProgramVerification =====
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).


==== DramId ====
===== DramId =====
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
 
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Value
! Value
! Description
! Description
|-
| 0
| EristaIcosaSamsung4gb
|-
| 1
| EristaIcosaHynix4gb
|-
| 2
| EristaIcosaMicron4gb
|-
| 3
| EristaCopperSamsung4gb
|-
| 4
| EristaIcosaSamsung6gb
|-
| 5
| [4.0.0+] EristaCopperHynix4gb
|-
| 6
| [4.0.0+] EristaCopperMicron4gb
|-
| 7
| [5.0.0+] MarikoIowax1x2Samsung4gb ([4.0.0-4.1.0] Reserved)
|-
| 8
| [5.0.0+] MarikoIowaSamsung4gb
|-
| 9
| [5.0.0+] MarikoIowaSamsung8gb
|-
| 10
| [6.0.0+] MarikoIowaHynix4gb ([5.0.0-5.1.0] Reserved)
|-
|-
| 0
| 11
| DramId_EristaIcosaSamsung4gb
| [7.0.0+] MarikoIowaMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|-
| 1
| 12
| DramId_EristaIcosaHynix4gb
| [5.0.0+] MarikoHoagSamsung4gb
|-
|-
| 2
| 13
| DramId_EristaIcosaMicron4gb
| [5.0.0+] MarikoHoagSamsung8gb
|-
|-
| 3
| 14
| Reserved
| [7.0.0+] MarikoHoagHynix4gb ([5.0.0-6.2.0] Reserved)
|-
|-
| 4
| 15
| DramId_EristaIcosaSamsung6gb
| [7.0.0+] MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|-
| 5
| 16
| [4.0.0+] Reserved
| [8.0.0+] MarikoIowaSamsung4gbY
|-
|-
| 6
| 17
| [4.0.0+] Reserved
| [9.0.0+] MarikoIowaSamsung1y4gbX
|-
|-
| 7
| 18
| [5.0.0+] DramId_MarikoIowax1x2Samsung4gb ([4.0.0-4.1.0] Reserved)
| [9.0.0+] MarikoIowaSamsung1y8gbX
|-
|-
| 8
| 19
| [5.0.0+] DramId_MarikoIowaSamsung4gb
| [9.0.0+] MarikoHoagSamsung1y4gbX
|-
|-
| 9
| 20
| [5.0.0+] DramId_MarikoIowaSamsung8gb
| [9.0.0+] MarikoIowaSamsung1y4gbY
|-
|-
| 10
| 21
| [6.0.0+] DramId_MarikoIowaHynix4gb ([5.0.0-5.1.0] Reserved)
| [9.0.0+] MarikoIowaSamsung1y8gbY
|-
|-
| 11
| 22
| [5.0.0+] Reserved
| [9.0.0+] MarikoIowaSamsung1y4gbA
|-
|-
| 12
| 23
| [5.0.0+] DramId_MarikoHoagSamsung4gb
| [10.0.0+] MarikoUnkSamsung1y8gbX
|-
|-
| 13
| 24
| [5.0.0+] DramId_MarikoHoagSamsung8gb
| [10.0.0+] MarikoUnkSamsung1y4gbX
|}
|}
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].


[[PCV_services|PCV]] selects memory training tables based on DramId.
[[PCV_services|PCV]] selects memory training tables based on DramId.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Platform
! SocType
! DramId
! Platform
! Revision
! DramId
! DVFS version
! Revision
! DVFS
|-
|-
| jetson-tx1
| Erista
| N/A
| jetson-tx1
| 0x07
| N/A
| 0x07
|
|
  11_40800_01_V9.8.3_V1.6
  11_40800_01_V9.8.3_V1.6
Line 315: Line 349:
  11_1600000_02_V9.8.3_V1.6
  11_1600000_02_V9.8.3_V1.6
|-
|-
|  nx-abca2
| Erista
| EristaIcosaSamsung4gb or EristaIcosaMicron4gb
| nx-abcb
| 0x07
| EristaIcosaSamsung4gb
| 0x07
|
10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
| Erista
| nx-abcb
| EristaIcosaMicron4gb
| 0x07
|
10_40800_NoCfgVersion_V9.8.4_V1.6
10_68000_NoCfgVersion_V9.8.4_V1.6
10_102000_NoCfgVersion_V9.8.4_V1.6
10_204000_NoCfgVersion_V9.8.4_V1.6
10_408000_NoCfgVersion_V9.8.4_V1.6
10_665600_NoCfgVersion_V9.8.4_V1.6
10_800000_NoCfgVersion_V9.8.4_V1.6
10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
| Erista
| nx-abcb
| EristaIcosaHynix4gb
| 0x07
|
10_40800_NoCfgVersion_V9.8.4_V1.6
10_68000_NoCfgVersion_V9.8.4_V1.6
10_102000_NoCfgVersion_V9.8.4_V1.6
10_204000_NoCfgVersion_V9.8.4_V1.6
10_408000_NoCfgVersion_V9.8.4_V1.6
10_665600_NoCfgVersion_V9.8.4_V1.6
10_800000_NoCfgVersion_V9.8.4_V1.6
10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
| Erista
| nx-abca2
| EristaIcosaSamsung4gb, EristaIcosaMicron4gb
| 0x07
|  
|  
  10_40800_NoCfgVersion_V9.8.7_V1.6
  10_40800_NoCfgVersion_V9.8.7_V1.6
Line 330: Line 413:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| nx-abca2
| Erista
| EristaIcosaHynix4gb
| nx-abca2
| 0x07
| EristaIcosaHynix4gb
| 0x07
|
|
  10_40800_NoCfgVersion_V9.8.7_V1.6
  10_40800_NoCfgVersion_V9.8.7_V1.6
Line 345: Line 429:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| nx-abca2
| Erista
| EristaIcosaSamsung6gb
| nx-abca2
| 0x07
| EristaIcosaSamsung6gb
| 0x07
|
|
  10_40800_NoCfgVersion_V9.8.7_V1.6
  10_40800_NoCfgVersion_V9.8.7_V1.6
Line 360: Line 445:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
| nx-abca2
| Mariko
| MarikoIowax1x2Samsung4gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| 0x03
| MarikoIowax1x2Samsung4gb
| 0x03
|
|
  01_204000_NoCfgVersion_V0.3.1_V2.0
  01_204000_NoCfgVersion_V0.3.1_V2.0
Line 368: Line 454:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
| nx-abca2
| Mariko
| MarikoIowaSamsung4gb or MarikoHoagSamsung4gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| 0x03
| MarikoIowaSamsung4gb, MarikoHoagSamsung4gb
| 0x03
|   
|   
  01_204000_NoCfgVersion_V0.3.1_V2.0
  01_204000_NoCfgVersion_V0.3.1_V2.0
Line 376: Line 463:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
| nx-abca2
| Mariko
| MarikoIowaSamsung8gb or MarikoHoagSamsung8gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| 0x03
| MarikoIowaSamsung8gb, MarikoHoagSamsung8gb
| 0x03
|
|
  01_204000_NoCfgVersion_V0.4.2_V2.0
  01_204000_NoCfgVersion_V0.4.2_V2.0
Line 384: Line 472:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| nx-abca2
| Mariko
| MarikoIowaHynix4gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| 0x03
| MarikoIowaHynix4gb, MarikoHoagHynix4gb
| 0x03
|   
|   
  01_204000_NoCfgVersion_V0.3.1_V2.0
  01_204000_NoCfgVersion_V0.3.1_V2.0
Line 392: Line 481:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
|  nx-abcb
| Mariko
EristaIcosaSamsung4gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
0x07
| MarikoIowaMicron4gb, MarikoHoagMicron4gb
|
| 0x03
  10_40800_NoCfgVersion_V9.8.7_V1.6
|   
  10_68000_NoCfgVersion_V9.8.7_V1.6
01_204000_NoCfgVersion_V0.4.2_V2.0
  10_102000_NoCfgVersion_V9.8.7_V1.6
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  10_204000_NoCfgVersion_V9.8.7_V1.6
01_1600000_NoCfgVersion_V0.4.2_V2.0
  10_408000_NoCfgVersion_V9.8.7_V1.6
|-
  10_665600_NoCfgVersion_V9.8.7_V1.6
| Mariko
  10_800000_NoCfgVersion_V9.8.7_V1.6
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
  10_1065600_NoCfgVersion_V9.8.7_V1.6
| MarikoIowaSamsung4gbY
  10_1331200_NoCfgVersion_V9.8.7_V1.6
| 0x03
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|   
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y4gbX
| 0x03
  01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y8gbX
| 0x03
|  
01_204000_NoCfgVersion_V0.4.2_V2.0
  01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoHoagSamsung1y4gbX
| 0x03
  01_204000_NoCfgVersion_V0.4.2_V2.0
  01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
| Mariko
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| MarikoIowaSamsung1y4gbY
| 0x03
|  
01_204000_NoCfgVersion_V0.4.2_V2.0
  01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
| nx-abcb
| Mariko
| EristaIcosaMicron4gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| 0x07
| MarikoIowaSamsung1y8gbY
|
| 0x03
10_40800_NoCfgVersion_V9.8.4_V1.6
|   
10_68000_NoCfgVersion_V9.8.4_V1.6
  01_204000_NoCfgVersion_V0.4.2_V2.0
10_102000_NoCfgVersion_V9.8.4_V1.6
  01_1331200.0_NoCfgVersion_V0.4.2_V2.0
10_204000_NoCfgVersion_V9.8.4_V1.6
  01_1600000_NoCfgVersion_V0.4.2_V2.0
10_408000_NoCfgVersion_V9.8.4_V1.6
  10_665600_NoCfgVersion_V9.8.4_V1.6
  10_800000_NoCfgVersion_V9.8.4_V1.6
  10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
| nx-abcb
| Mariko
| EristaIcosaHynix4gb
| nx-abca2, nx-abcb, nx-abcc, nx-abcd
| 0x07
| MarikoIowaSamsung1y4gbA
|
| 0x03
10_40800_NoCfgVersion_V9.8.4_V1.6
|   
10_68000_NoCfgVersion_V9.8.4_V1.6
  01_204000_NoCfgVersion_V0.4.5_V2.0
10_102000_NoCfgVersion_V9.8.4_V1.6
  01_1331200.0_NoCfgVersion_V0.4.5_V2.0
10_204000_NoCfgVersion_V9.8.4_V1.6
  01_1600000_NoCfgVersion_V0.4.5_V2.0
10_408000_NoCfgVersion_V9.8.4_V1.6
  10_665600_NoCfgVersion_V9.8.4_V1.6
  10_800000_NoCfgVersion_V9.8.4_V1.6
  10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|}
|}


nx-abcb (Copper) is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
'''nx-abca2''' ('''Icosa''' in '''Erista''', '''Iowa''' in '''Mariko''') hardware types are variations of the retail, EDEV and SDEV form factors.
 
'''nx-abcb''' ('''Copper''' in '''Erista''', '''Calcio''' in '''Mariko''') is a prototype unit. Among other differences, this has extra hardware to support HDMI output.


nx-abca2 (Icosa) hardware types are variations of the retail form factor.
[8.0.0+] '''nx-abcc''' ('''Hoag''') was added for the Lite retail and HDEV form factors.


==== SecurityEngineIrqNumber ====
[10.0.0+] '''nx-abcd''' was added.
 
'''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X.
 
===== SecurityEngineInterruptNumber =====
SPL uses this for setting up the security engine IRQ.
SPL uses this for setting up the security engine IRQ.


==== Version ====
===== FuseVersion =====
The current [[Package2#Versions|Package1 Maxver Constant]] - 1.
The current [[Package2#Versions|bootloader maximum version]] - 1.


==== HardwareType ====
===== HardwareType =====
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper) or 3 (Invalid).
{| class=wikitable
! Value || Description
|-
| 0 || Icosa
|-
| 1 || Copper
|-
| 2 || [8.0.0+] Hoag ([1.0.0-7.0.1] Invalid)
|-
| 3 || [4.0.0+] Iowa
|-
| 4 || [8.0.0+] Calcio
|-
| 5 || [10.0.0+] Unknown
|-
| 15 || Invalid
|}
 
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
 
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
 
[7.0.0+] This item can now only be 0 (Icosa) or 15 (Invalid) in Erista units.
 
Hardware is '''Icosa''' (Erista retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 1 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 0.
 
Hardware is '''Copper''' (Erista prototype) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1.
 
[4.0.0+] Hardware is '''Iowa''' (Mariko retail, EDEV and SDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 1.
 
[8.0.0+] Hardware is '''Hoag''' (Mariko Lite retail and HDEV) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 2.
 
[8.0.0+] Hardware is '''Calcio''' (Mariko prototype) if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType1]] (bit 2) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType2]] (bit 8) is 1.
 
[10.0.0+] Hardware is '''Unknown''' if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareType3]] (bits 16-19) is 4.
 
===== HardwareState =====
{| class=wikitable
! Value || Description
|-
| 0 || Development
|-
| 1 || Production
|-
| 2 || Invalid
|}


[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 3 (Mariko) or 4 (Invalid).
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].


A value of 2 (Hoag) is always mapped to 4 (Invalid).
Hardware is '''Development''' if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState1]] (bits 0-1) is 3 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState2]] (bit 9) is 0.


==== IsRetail ====
Hardware is '''Production''' if [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState1]] (bits 0-1) is 0 and [[Fuse_registers#FUSE_RESERVED_ODM4|HardwareState2]] (bit 9) is 1.
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid).


==== IsRecoveryBoot ====
===== IsRecoveryBoot =====
Used to determine if the system is booting from SafeMode firmware.
Used to determine if the system is booting from SafeMode firmware.


==== DeviceId ====
Under normal circumstances, this just returns bit 0 of the active [[BCT#bootloader0_info|bootloader info]]'s attribute field.
 
===== DeviceId =====
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown.
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown.


==== BootReason ====
===== BootReason =====
{| class=wikitable
! Value || Description
|-
| 0 || Invalid
|-
| 1 || AcOk
|-
| 2 || OnKey
|-
| 3 || RtcAlarm1
|-
| 4 || RtcAlarm2
|}
 
Used to determine how the system booted.
Used to determine how the system booted.


==== MemoryArrange ====
===== MemoryMode =====
[[Process Manager services|PM]] uses this item for selecting the appropriate size for each [[SVC#LimitableResource|LimitableResource_Memory]].
{| class="wikitable" border="1"
|-
! Bits
! Description
|-
| 0-3
| Purpose (0 = None, 1 = ForStandard, 2 = ForAppletDev, 3 = ForSystemDev)
|-
| 4-7
| Size (0 = 4GB, 1 = 6GB, 2 = 8GB)
|}
 
[[Process Manager services|PM]] and the kernel decide memory arrangement based on MemoryMode.
{| class="wikitable" border="1"
|-
! MemoryArrange
! MemoryMode
! Description
|-
| 0
| 0x01
| Standard
|-
| 1
| 0x02
| StandardForAppletDev
|-
| 2
| 0x03
| StandardForSystemDev
|-
| 3
| 0x11
| Expanded
|-
| 4
| 0x12
| ExpandedForAppletDev
|-
| 5
| 0x21
| ExpandedForMarikoDev
|}


==== IsDebugMode ====
===== IsDevelopmentFunctionEnabled =====
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail.
Kernel uses this to determine behavior of [[SVC#svcBreak|svcBreak]] positive arguments. It will break instead of just force-exiting the process which is what happens on retail.


[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
Line 477: Line 701:
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed.
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed.


The value of this field is loaded from [[BootConfig]] unsigned-config+0x10 u8 bit1.
===== KernelConfiguration =====
{| class="wikitable" border="1"
|-
! Bits
! Description
|-
| 0
| EnableNonZeroFillMemory
|-
| 1
| EnableUserExceptionHandler
|-
| 2
| PerformanceMonitoringUnit
|-
| 3
| [8.0.0+] EnableApplicationExtraThread
|-
| 8
| CallShowErrorOnPanic
|-
| 16-17
| MemorySize
|}


==== KernelConfiguration ====
Kernel reads this when setting up memory-related code.
Kernel reads this when setting up memory-related code.  


Bit 0 is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs.
'''EnableNonZeroFillMemory''' is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs.


Bit 1 is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).
'''EnableUserExceptionHandler''' is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).


Bit 2 is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
'''PerformanceMonitoringUnit''' is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).


Bits 8-15 are a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
'''EnableApplicationExtraThread''' is a boolean determining whether the kernel should increase the KThread slabheap capacity by 160. This also increases object capacities that are calculated based on number of threads.


Bits 16-17 determine how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB.
'''CallShowErrorOnPanic''' is a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.


==== IsChargerHiZModeEnabled ====
'''MemorySize''' determines how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB.
 
===== IsChargerHiZModeEnabled =====
This tells if the TI Charger (bq24192) is active.
This tells if the TI Charger (bq24192) is active.


==== NewKeyGeneration ====
===== QuestState =====
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.
{| class=wikitable
 
! Value || Description
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey".
|-
| 0 || Disabled
|-
| 1 || Enabled
|}


==== IsKiosk ====
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].


[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.


==== NewHardwareType ====
===== RegulatorType =====
This item is currently hardcoded to 0.
 
[5.0.0+] [[PCV_services|PCV]] overrides the value from [[#HardwareType|HardwareType]] and configures PMIC devices with this item.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Value
! Value
! Devices
! SocType
! GPU
! Power Blocks
|-
|-
| 0
| 0
| max77620_sd0, max77621_cpu and max77621_gpu
| Erista
| GM20B (0x12B)
| max77620_sd0, max77621_cpu and max77621_gpu
|-
|-
| 1
| 1
| max77620_sd0, max77812_cpu and max77812_gpu
| Mariko
| GM20B_B (0x12E)
| max77620_sd0, max77812_cpu and max77812_gpu
|-
|-
| 2
| 2
| max77620_sd0, max77812_cpu and max77812_gpu
| Mariko
| GM20B_B (0x12E)
| max77620_sd0, max77812_cpu and max77812_gpu
|}
|}


==== Package2Hash ====
[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware.
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.


=== GetRandomBytes ===
===== DeviceUniqueKeyGeneration =====
Takes a '''size''' and returns '''rand_bytes'''.
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.


The kernel limits '''size''' to 0x38 (for fitting in return registers).
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey".


=== Panic ===
===== Package2Hash =====
Issues a system panic.
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
 
=== ShowError ===
Takes an u32 '''Color''' and issues a system panic.


The kernel always calls this with '''panic_color''' set to 0xF00.
The kernel always calls this with '''Color''' set to 0xF00.


=== ConfigureCarveout ===
=== SetKernelCarveoutRegion ===
Configures memory controller carveout regions.
Takes an u64 '''Index''', an u64 '''Address''' and an u64 '''Size'''. Returns [[#Result]].


If '''carveout_index''' is 0, '''region_phys_addr''' and '''region_size''' are used to configure '''MC_SECURITY_CARVEOUT4'''.
If '''Index''' is 0, '''Address''' and '''Size''' are used to configure '''MC_SECURITY_CARVEOUT4'''.
If '''carveout_index''' is 1, '''region_phys_addr''' and '''region_size''' are used to configure '''MC_SECURITY_CARVEOUT5'''.
If '''Index''' is 1, '''Address''' and '''Size''' are used to configure '''MC_SECURITY_CARVEOUT5'''.
Any other '''carveout_index''' values are invalid.
Any other '''Index''' values are invalid.


The kernel calls this with '''carveout_index''' set to 0, '''region_phys_addr''' set to 0x80060000 and '''region_size''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions.
The kernel calls this with '''Index''' set to 0, '''Address''' set to 0x80060000 and '''Size''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions.


=== ReadWriteRegister ===
=== ReadWriteRegister ===
Takes an u64 '''Register''', an u32 '''Mask''' and an u32 '''InValue'''. Returns [[#Result]] and an u32 '''OutValue'''.
Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor.
Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor.


= Errors =
= CryptoUsecase =
{| class=wikitable
! Value || Name
|-
| 0 || Aes
|-
| 1 || RsaPrivate
|-
| 2 || SecureExpMod
|-
| 3 || RsaOaep
|-
| 4 || [5.0.0+] RsaImport
|-
| 5 || [5.0.0+]
|-
| 6 || [5.0.0+]
|}
 
= CipherMode =
{| class=wikitable
! Value || Name
|-
| 0 || CbcEncrypt
|-
| 1 || CbcDecrypt
|-
| 2 || Ctr
|}
 
= DecryptOrImportMode =
{| class=wikitable
! Value || Name
|-
| 0 || DecryptRsaPrivateKey
|-
| 1 || ImportLotusKey
|-
| 2 || ImportEsKey
|-
| 3 || ImportSslKey
|-
| 4 || ImportDrmKey
|}
 
= SecureExpModMode =
{| class=wikitable
! Value || Name
|-
| 0 || Lotus
|-
| 1 || Ssl
|-
| 2 || Drm
|}
 
= EsKeyType =
{| class=wikitable
! Value || Name
|-
| 0 || TitleKey
|-
| 1 || ElicenseKey
|}
 
= Result =
{| class=wikitable
{| class=wikitable
! Value || Description
! Value || Description
|-
|-
| 2 || Invalid input
| 0 || Success
|-
| 1 || Not implemented
|-
| 2 || Invalid argument
|-
| 3 || In progress
|-
| 4 || No async operation
|-
| 5 || Invalid async operation
|-
|-
| 3 || Busy
| 6 || [8.0.0+] Not permitted
|}
|}