Nintendo Switch Brew

Secure Monitor: Difference between revisions

← Older editNewer edit →
No edit summary
(37 intermediate revisions by 6 users not shown)
Line 22: Line 22:
If bit ''n'' is set in the argument type then parameter X''n'' is treated as a pointer and the kernel will setup address translation for it in [[SVC#svcCallSecureMonitor|svcCallSecureMonitor]].
If bit ''n'' is set in the argument type then parameter X''n'' is treated as a pointer and the kernel will setup address translation for it in [[SVC#svcCallSecureMonitor|svcCallSecureMonitor]].


== Id 0 ==
SMC arguments are passed using registers X0-X7 with X0 always sending the call sub-id and returning the result of the call.
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]].
 
== ID 0 ==
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. SMCs should be called from CPUID 3 (where SPL runs).


{| class=wikitable
{| class=wikitable
! Sub-Id || Name || In || Out
! Sub-ID || Name || In || Out
|-
|-
| 0xC3000401 || SetConfig || ||
| 0xC3000401 || SetConfig || ||
|-
|-
| 0xC3000002 || GetConfig (Same as Id 1 Sub-Id 4.) || ||
| 0xC3000002 || GetConfig (Same as ID 1, Sub-ID 4) || ||
|-
|-
| 0xC3000003 || CheckStatus || ||
| 0xC3000003 || GetResult || ||
|-
|-
| 0xC3000404 || GetResult || ||
| 0xC3000404 || GetResultData || ||
|-
|-
| 0xC3000E05 || ExpMod || ||
| 0xC3000E05 || ExpMod || ||
|-
|-
| 0xC3000006 || GetRandomBytes (Same as Id 1 Sub-Id 5.) || ||
| 0xC3000006 || GenerateRandomBytes (Same as ID 1, Sub-ID 5) || ||
|-
|-
| 0xC3000007 || [[#GenerateAesKek]] || ||
| 0xC3000007 || [[#GenerateAesKek]] || ||
Line 44: Line 46:
| 0xC3000008 || [[#LoadAesKey]] || ||
| 0xC3000008 || [[#LoadAesKey]] || ||
|-
|-
| 0xC3000009 || [[#CryptAes]] || ||
| 0xC3000009 || [[#ComputeAes]] || ||
|-
|-
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
Line 50: Line 52:
| 0xC300040B || [[#ComputeCmac]] || ||
| 0xC300040B || [[#ComputeCmac]] || ||
|-
|-
| 0xC300100C || [[#LoadRsaPrivateKey]] || ||
| [1.0.0-4.1.0] 0xC300100C || [[#ImportEsKey]] || ||
|-
| [5.0.0+] 0xC300D60C || [[#ReEncryptRsaPrivateKey]] || ||
|-
| [1.0.0-4.1.0] 0xC300100D || [[#DecryptRsaPrivateKey]] || ||
|-
|-
| 0xC300100D || [[#PrivateRsa]] || ||
| [5.0.0+] 0xC300100D || [[#DecryptOrImportRsaPrivateKey]] || ||
|-
|-
| 0xC300100E || [[#LoadRsaPublicKey]] || ||
| [1.0.0-4.1.0] 0xC300100E || [[#ImportLotusKey]] || ||
|-
|-
| 0xC300060F || [[#PublicRsa]] || ||
| 0xC300060F || [[#StorageExpMod]] || ||
|-
|-
| 0xC3000610 || [[#UnwrapRsaEncryptedAesKey]] || ||
| 0xC3000610 || [[#UnwrapTitleKey]] || ||
|-
|-
| 0xC3000011 || [[#LoadRsaWrappedAesKey]] || ||
| 0xC3000011 || [[#LoadTitleKey]] || ||
|-
|-
| 0xC3000012 || [2.0.0+] GenerateRsaWrappedAesKek || ||
| 0xC3000012 || [2.0.0+] [[#UnwrapCommonTitleKey]] || ||
|}
|}


Line 76: Line 82:


=== GenerateAesKek ===
=== GenerateAesKek ===
Takes an "access key" as input, an [[#CryptoUsecase]].
Takes an "access key" as input, an [[#enum_CryptoUsecase]].


Returns a session-unique kek for said usecase.
Returns a session-unique kek for said usecase.
Line 83: Line 89:
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped AES key.


The session kek must have been created with CryptoUsecase_Aes.
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_Aes]].


=== CryptAes ===
=== ComputeAes ===
Encrypts/decrypts using Aes (CTR and CBC).
Encrypts/decrypts using AES (CTR and CBC). Takes an [[#enum_CipherMode]].


Key must be set prior using one of the [[#LoadAesKey]], [[#GenerateSpecificAesKey]] or [[#LoadRsaWrappedAesKey]] commands.
Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands.


=== GenerateSpecificAesKey ===
=== GenerateSpecificAesKey ===
Todo: This one seems unrelated to [[#CryptoUsecase]].
Takes a wrapped AES key and decrypts it using static data.
 
=== ComputeCmac ===
Calculates CMAC over input data.


=== LoadRsaPrivateKey ===
=== ImportEsKey ===
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.


The session kek must have been created with CryptoUsecase_PrivateRsa.
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]].


=== PrivateRsa ===
[5.0.0] This function was removed and replaced with [[#ReEncryptRsaPrivateKey]].
Encrypts using Rsa private key.


Key must be set prior using the [[#LoadRsaPrivateKey]] command.
=== ReEncryptRsaPrivateKey ===
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key.


=== LoadRsaPublicKey ===
Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA public key.


The session kek must have been created with CryptoUsecase_PublicRsa.
The re-encrypted key is then passed to the user, for use with [[#DecryptOrImportRsaPrivateKey]].


=== PublicRsa ===
=== DecryptRsaPrivateKey ===
Encrypts using Rsa public key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, an enum member, and a wrapped RSA private key.


Key must be set prior using the [[#LoadRsaPublicKey]] command.
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaPrivate]].


=== UnwrapRsaEncryptedAesKey ===
[4.0.0+] The SMC handler when certain conditions pass and SMC_ID==0xC300100D now returns error 0x6 instead of calling the handler funcptr.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA public key.


Returns a session-unique AES key especially for use in [[#LoadRsaWrappedAesKey]].
[5.0.0+] This function was replaced by [[#DecryptOrImportRsaPrivateKey]].


The session kek must have been created with CryptoUsecase_RsaWrappedAesKey.
=== DecryptOrImportRsaPrivateKey ===
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional [[#enum_DecryptOrImportMode]].


=== LoadRsaWrappedAesKey ===
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.
Takes a session-unique AES key from [[#UnwrapRsaEncryptedAesKey]].
 
=== ImportLotusKey ===
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.
 
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]].
 
[5.0.0] This function was removed.
 
=== SecureExpMod ===
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command.
 
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#enum_SecureExpModMode]].
 
=== UnwrapTitleKey ===
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash.
 
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportEsKey]] command, and then validates/extracts a Titlekey from the resulting message.
 
Returns a session-unique AES key especially for use in [[#LoadTitleKey]].
 
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]].
 
=== LoadTitleKey ===
Takes a session-unique AES key from [[#UnwrapCommonTitleKey]] or [[#UnwrapTitleKey]].
 
=== UnwrapCommonTitleKey ===
Takes an AES-wrapped TitleKey and returns a sealed AES key.


=== enum CryptoUsecase ===
=== enum CryptoUsecase ===
Line 129: Line 163:
| 0 || CryptoUsecase_Aes
| 0 || CryptoUsecase_Aes
|-
|-
| 1 || CryptoUsecase_PrivateRsa
| 1 || CryptoUsecase_RsaPrivate
|-
| 2 || CryptoUsecase_RsaSecureExpMod
|-
| 3 || CryptoUsecase_TitleKey
|}
 
Note:
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.
 
=== enum CipherMode ===
{| class=wikitable
! Value || Name
|-
| 0 || CipherMode_CbcEncrypt
|-
|-
| 2 || CryptoUsecase_PublicRsa
| 1 || CipherMode_CbcDecrypt
|-
|-
| 3 || CryptoUsecase_RsaWrappedAesKey
| 2 || CipherMode_Ctr
|}
|}


== Id 1 ==
=== enum DecryptOrImportMode ===
{| class=wikitable
! Value || Name
|-
| 0 || DecryptOrImportMode_DecryptRsaPrivateKey
|-
| 1 || DecryptOrImportMode_ImportLotusKey
|-
| 2 || DecryptOrImportMode_ImportEsKey
|-
| 3 || DecryptOrImportMode_ImportSslKey
|-
| 4 || DecryptOrImportMode_ImportDrmKey
|}
 
=== enum SecureExpModMode ===
{| class=wikitable
! Value || Name
|-
| 0 || SecureExpModMode_Lotus
|-
| 1 || SecureExpModMode_Ssl
|-
| 2 || SecureExpModMode_Drm
|}
 
== ID 1 ==
Functions exposed to the kernel internally.
Functions exposed to the kernel internally.


{| class=wikitable
{| class=wikitable
! Sub-Id || Name || In || Out
! Sub-ID || Name || In || Out
|-
| 0xC4000001 || [[#CpuSuspend]] || X1=power_state, X2=entrypoint_addr, X3=context_id || None
|-
| 0x84000002 || [[#CpuOff]] || None || None
|-
| 0xC4000003 || [[#CpuOn]] || X1=target_cpu, X2=entrypoint_addr, X3=context_id, X4,X5,X6,X7=0 || X0=result
|-
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
|-
| 0xC3000005 || [[#GenerateRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes
|-
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result
|-
| 0xC3000007 || [2.0.0+] [[#ConfigureCarveout]] || X1=carveout_index, X2=region_phys_addr, X3=region_size, X4,X5,X6,X7=0 || X0=result
|-
| 0xC3000008 || [2.0.0+] [[#ReadWriteRegister]] || X1=reg_addr, W2=rw_mask, W3=in_val, X4,X5,X6,X7=0 || X0=result, W1=out_val
|}
 
=== CpuSuspend ===
Standard ARM PCSI SMC. Suspends the CPU (CPU0).
 
The kernel calls this SMC on shutdown with '''power_state''' set to 0x0201001B (power level: 0x02==system; power type: 0x01==powerdown; ID: 0x1B).
 
=== CpuOff ===
Standard ARM PCSI SMC. Turns off the CPU (CPU1, CPU2 or CPU3).
 
=== CpuOn ===
Standard ARM PCSI SMC. Turns on the CPU (CPU1, CPU2 or CPU3).
 
=== GetConfig ===
Takes a '''config_item''' and returns an associated '''config_val'''.
 
{| class="wikitable" border="1"
|-
! ConfigItem || Name
|-
| 1 || [[#DisableProgramVerification]]
|-
| 2 || [[#DramId]]
|-
| 3 || [[#SecurityEngineIrqNumber]]
|-
| 4 || [[#Version]]
|-
| 5 || [[#HardwareType]]
|-
| 6 || [[#IsRetail]]
|-
| 7 || [[#IsRecoveryBoot]]
|-
| 8 || [[#DeviceId]]
|-
| 9 || [1.0.0-4.0.0] [[#BootReason]]
|-
|-
| 0xC4000001 || CpuSuspend || X1=power_state, X2=entrypoint_addr, X3=context_addr || None
| 10 || [[#MemoryArrange]]
|-
|-
| 0x84000002 || CpuOff || None || None
| 11 || [[#IsDebugMode]]
|-
|-
| 0xC4000003 || CpuOn || ||
| 12 || [[#KernelConfiguration]]
|-
|-
| 0xC3000004 || GetConfig (Same as Id 0 Sub-Id 2.) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
| 13 || [[#IsChargerHiZModeEnabled]]
|-
|-
| 0xC3000005 || GetRandomBytes (Same as Id 0 Sub-Id 6.) || X1=dst_addr, X2,X3,X4,X5,X6,X7=0 ||
| 14 || [4.0.0+] [[#IsKiosk]]
|-
|-
| 0xC3000006 || Panic || W1=unk, X2,X3,X4,X5,X6,X7=0 || X0=result
| 15 || [5.0.0+] [[#RegulatorType]]
|-
|-
| 0xC3000007 || [2.0.0+] ProtectKernelRegion || ||
| 16 || [5.0.0+] [[#KeyGeneration]]
|-
|-
| 0xC3000008 || [2.0.0+] ReadWriteRegister || ||
| 17 || [5.0.0+] [[#Package2Hash]]
|}
|}
==== DisableProgramVerification ====
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).
==== DramId ====
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
{| class="wikitable" border="1"
|-
!  Value
!  Description
|-
|  0
|  DramId_EristaIcosaSamsung4gb
|-
|  1
|  DramId_EristaIcosaHynix4gb
|-
|  2
|  DramId_EristaIcosaMicron4gb
|-
|  3
|  Reserved
|-
|  4
|  DramId_EristaIcosaSamsung6gb
|-
|  5
|  [4.0.0+] Reserved
|-
|  6
|  [4.0.0+] Reserved
|-
|  7
|  [5.0.0+] DramId_MarikoIowax1x2Samsung4gb ([4.0.0-4.1.0] Reserved)
|-
|  8
|  [5.0.0+] DramId_MarikoIowaSamsung4gb
|-
|  9
|  [5.0.0+] DramId_MarikoIowaSamsung8gb
|-
|  10
|  [6.0.0+] DramId_MarikoIowaHynix4gb ([5.0.0-5.1.0] Reserved)
|-
|  11
|  [7.0.0+] DramId_MarikoIowaMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|  12
|  [5.0.0+] DramId_MarikoHoagSamsung4gb
|-
|  13
|  [5.0.0+] DramId_MarikoHoagSamsung8gb
|-
|  14
|  [7.0.0+] DramId_MarikoHoagHynix4gb ([5.0.0-6.2.0] Reserved)
|-
|  15
|  [7.0.0+] DramId_MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|  16
|  [8.0.0+] DramId_MarikoUnkSamsung4gb
|}
[[PCV_services|PCV]] selects memory training tables based on DramId.
{| class="wikitable" border="1"
|-
!  SoC
!  Platform
!  DramId
!  Revision
!  DVFS version
|-
|  T210
|  jetson-tx1
|  N/A
|  0x07
|
11_40800_01_V9.8.3_V1.6
11_68000_01_V9.8.3_V1.6
11_102000_01_V9.8.3_V1.6
11_204000_05_V9.8.3_V1.6
11_408000_02_V9.8.3_V1.6
11_665600_03_V9.8.3_V1.6
11_800000_01_V9.8.3_V1.6
11_1065600_01_V9.8.3_V1.6
11_1331200_01_V9.8.3_V1.6
11_1600000_02_V9.8.3_V1.6
|-
|  T210
|  nx-abcb
|  EristaIcosaSamsung4gb
|  0x07
|
10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|  T210
|  nx-abcb
|  EristaIcosaMicron4gb
|  0x07
|
10_40800_NoCfgVersion_V9.8.4_V1.6
10_68000_NoCfgVersion_V9.8.4_V1.6
10_102000_NoCfgVersion_V9.8.4_V1.6
10_204000_NoCfgVersion_V9.8.4_V1.6
10_408000_NoCfgVersion_V9.8.4_V1.6
10_665600_NoCfgVersion_V9.8.4_V1.6
10_800000_NoCfgVersion_V9.8.4_V1.6
10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|  T210
|  nx-abcb
|  EristaIcosaHynix4gb
|  0x07
|
10_40800_NoCfgVersion_V9.8.4_V1.6
10_68000_NoCfgVersion_V9.8.4_V1.6
10_102000_NoCfgVersion_V9.8.4_V1.6
10_204000_NoCfgVersion_V9.8.4_V1.6
10_408000_NoCfgVersion_V9.8.4_V1.6
10_665600_NoCfgVersion_V9.8.4_V1.6
10_800000_NoCfgVersion_V9.8.4_V1.6
10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|  T210
|  nx-abca2
|  EristaIcosaSamsung4gb, EristaIcosaMicron4gb
|  0x07
|
10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|  T210
|  nx-abca2
|  EristaIcosaHynix4gb
|  0x07
|
10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|  T210
|  nx-abca2
|  EristaIcosaSamsung6gb
|  0x07
|
10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowax1x2Samsung4gb
|  0x03
|
01_204000_NoCfgVersion_V0.3.1_V2.0
01_1331200.0_NoCfgVersion_V0.3.1_V2.0
01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaSamsung4gb, MarikoHoagSamsung4gb
|  0x03
01_204000_NoCfgVersion_V0.3.1_V2.0
01_1331200.0_NoCfgVersion_V0.3.1_V2.0
01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaSamsung8gb, MarikoHoagSamsung8gb
|  0x03
|
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaHynix4gb, MarikoHoagHynix4gb
|  0x03
01_204000_NoCfgVersion_V0.3.1_V2.0
01_1331200.0_NoCfgVersion_V0.3.1_V2.0
01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaMicron4gb, MarikoHoagMicron4gb
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoUnkSamsung4gb
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|}
'''nx-abca2''' ('''Icosa''' or '''Hoag''' in '''Erista''', '''Iowa''' or '''Hoag''' in '''Mariko''') hardware types are variations of the retail and EDEV form factors.
'''nx-abcb''' ('''Copper''') is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
[8.0.0+] '''nx-abcc''' was added for '''Mariko'''.
'''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X.
==== SecurityEngineIrqNumber ====
SPL uses this for setting up the security engine IRQ.
==== Version ====
The current [[Package2#Versions|Package1 Maxver Constant]] - 1.
==== HardwareType ====
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 (Hoag) or 3 (Invalid).
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 (Hoag), 3 (Iowa) or 4 (Invalid).
[7.0.0+] This item no longer depends on fuses and can only be 0 (Icosa) or 0xF (Invalid) in retail units.
[8.0.0+] This item can be 0 (Icosa), 1 (Copper), 2 (Hoag), 3 (Iowa), 4 (Calcio) or 5 (Invalid). It still can only be 0 (Icosa) or 0xF (Invalid) in retail units.
==== IsRetail ====
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid).
==== IsRecoveryBoot ====
Used to determine if the system is booting from SafeMode firmware.
Under normal circumstances, this just returns bit 0 of the active [[BCT#bootloader0_info|bootloader info]]'s attribute field.
==== DeviceId ====
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown.
==== BootReason ====
Used to determine how the system booted.
{| class=wikitable
! Value || Description
|-
| 0 || Invalid
|-
| 1 || AcOk
|-
| 2 || OnKey
|-
| 3 || RtcAlarm1
|-
| 4 || RtcAlarm2
|}
==== MemoryArrange ====
[[Process Manager services|PM]] uses this item for selecting the appropriate size for each [[SVC#LimitableResource|LimitableResource_Memory]].
==== IsDebugMode ====
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail.
[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed.
The value of this field is loaded from [[BootConfig]] unsigned-config+0x10 u8 bit1.
==== KernelConfiguration ====
Kernel reads this when setting up memory-related code.
Bit 0 is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs.
Bit 1 is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).
Bit 2 is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
[8.0.0+] Bit 3 is a boolean determining whether the kernldr should allocate 0x68000 extra bytes before INI1 data
Bits 8-15 are a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
Bits 16-17 determine how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB.
==== IsChargerHiZModeEnabled ====
This tells if the TI Charger (bq24192) is active.
==== KeyGeneration ====
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey".
==== IsKiosk ====
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.
==== RegulatorType ====
This item is currently hardcoded to 0.
[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware.
{| class="wikitable" border="1"
|-
!  Value
!  SoC
!  GPU
!  Power Blocks
|-
|  0
|  T210
|  GM20B (0x12B)
|  max77620_sd0, max77621_cpu and max77621_gpu
|-
|  1
|  T214
|  GM20B_B (0x12E)
|  max77620_sd0, max77812_cpu and max77812_gpu
|-
|  2
|  T214
|  GM20B_B (0x12E)
|  max77620_sd0, max77812_cpu and max77812_gpu
|}
==== Package2Hash ====
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
=== GenerateRandomBytes ===
Takes a '''size''' and returns '''rand_bytes'''.
The kernel limits '''size''' to 0x38 (for fitting in return registers).
=== Panic ===
Issues a system panic.
The kernel always calls this with '''panic_color''' set to 0xF00.
=== ConfigureCarveout ===
Configures memory controller carveout regions.
If '''carveout_index''' is 0, '''region_phys_addr''' and '''region_size''' are used to configure '''MC_SECURITY_CARVEOUT4'''.
If '''carveout_index''' is 1, '''region_phys_addr''' and '''region_size''' are used to configure '''MC_SECURITY_CARVEOUT5'''.
Any other '''carveout_index''' values are invalid.
The kernel calls this with '''carveout_index''' set to 0, '''region_phys_addr''' set to 0x80060000 and '''region_size''' set to a dynamically calculated size which covers all the kernel and built-in sysmodules' DRAM regions.
=== ReadWriteRegister ===
Relays [[SVC#svcReadWriteRegister|svcReadWriteRegister]] to the Secure Monitor.


= Errors =
= Errors =
2: Invalid input
{| class=wikitable
3: Busy
! Value || Description
|-
| 0 || Success
|-
| 1 || Not implemented
|-
| 2 || Invalid argument
|-
| 3 || In progress
|-
| 4 || No async operation
|-
| 5 || Invalid async operation
|-
| [8.0.0+] 6 || Blacklisted
|}
Retrieved from "https://switchbrew.org/wiki/Secure_Monitor"