Difference between revisions of "SPL services"

From Nintendo Switch Brew
Jump to navigation Jump to search
Line 33: Line 33:
 
| 10 || || wrapper for [[SMC#ExpMod|ExpMod]]
 
| 10 || || wrapper for [[SMC#ExpMod|ExpMod]]
 
|-
 
|-
| 11 || [[#IsDevUnit]] ||
+
| 11 || [[#IsDevelopment]] ||
 
|-
 
|-
 
| 12 || GenerateSpecificAesKey || wrapper for [[SMC#KeygenA|KeygenA]]
 
| 12 || GenerateSpecificAesKey || wrapper for [[SMC#KeygenA|KeygenA]]
Line 110: Line 110:
 
|}
 
|}
  
== IsDevUnit ==
+
== IsDevelopment ==
 
No input params.
 
No input params.
  

Revision as of 17:06, 5 August 2017

csrng

Cmd Name
0 #GetRandomBytes

GetRandomBytes

Takes a type-6 buffer and fills it with random data.

spl:

Cmd Name Notes
0 #GetConfig wrapper for GetConfig
1 user supplied modulus and exponent
2 #GenerateAesKek wrapper for KeygenAndSealX
3 LoadAesKey wrapper for SetKeyslotFromXY
4 GenerateAesKey decrypts 0x10 bytes using AES ECB, uses SetKeyslotFromXY with a fixed Y
5 #SetConfig wrapper for SetConfig
7 GetRandom uses PrngX931
9 wrapper for ImportParamsForFWithXY
10 wrapper for ExpMod
11 #IsDevelopment
12 GenerateSpecificAesKey wrapper for KeygenA
13 #DecryptExpModParamsWithXY wrapper for DecryptExpModParamsWithXY
14 decrypts 0x10 bytes using AES ECB, uses SetKeyslotFromXY with fixed X and Y
15 DecryptAesCtr wrapper for SymmetricCrypto
16 ComputeCmac wrapper for CMAC
17 wrapper for ImportParamsFor10WithXY
18 wrapper for ExpModAndKeygenAndSealZ
19 wrapper for SetKeyslotFromZ
20 wrapper for KeygenAndSealZ
21 #UninitializeSpl
22 #InitializeSpl
23 GetSplWaitEvent

GetConfig

Takes an input word (ConfigItem), and returns a u64 with the config params.

ConfigItem Name
1 DisableProgramVerification
2 MemoryConfiguration
5 HardwareType (0=Icosa, 1=Copper)
6 IsRetail
7 IsRecoveryBoot
8 DeviceId (byte7 clear).
9 BootReason
10 MemoryArrange
11 AllowSkippingNrrSignatures. Also used by FS-sysmodule for non-RSA: when zero, bit62 in fsp-pr registration permissions are force-cleared to zero, otherwise the original is used.
13 BatteryProfile?

PM checks id1 and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).

NIM checks that id8 output must match the set:cal DeviceId with byte7 cleared, otherwise panic.

RO checks id11, if set then skipping NRR rsa signatures is allowed.

GenerateAesKek

Takes a 16-byte seed ("BisEncryptionKeySourceForKek") and two words ("KeyGeneration" and "option") as input. KeyGeneration ranges from 0 to 2.

Same input gives same output. Output changes when system is rebooted.

SetConfig

Takes two input words, a ConfigItem and the value to set.

ConfigItem Name
13 Battery profile?

IsDevelopment

No input params.

Uses #GetConfig internally with id=6. Returns true if output from that is 0, or if the SMC returned error 2.

Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.

DecryptExpModParamsWithXY

Last SPL cmd used by SSL-sysmodule for TLS client-privk.

UninitializeSpl

Returns a single u32 (always 3?) only once.

InitializeSpl

Takes a single u32 (always 3?) only once.