Nintendo Switch Brew

Secure Monitor: Difference between revisions

← Older editNewer edit →
as seen on 5.0.1 kernel
No edit summary
(20 intermediate revisions by 4 users not shown)
Line 25: Line 25:


== ID 0 ==
== ID 0 ==
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]].
Functions exposed to user-mode processes using [[SVC|svcCallSecureMonitor]]. SMCs should be called from CPUID 3 (where SPL runs).


{| class=wikitable
{| class=wikitable
Line 34: Line 34:
| 0xC3000002 || GetConfig (Same as ID 1, Sub-ID 4) || ||
| 0xC3000002 || GetConfig (Same as ID 1, Sub-ID 4) || ||
|-
|-
| 0xC3000003 || CheckStatus || ||
| 0xC3000003 || GetResult || ||
|-
|-
| 0xC3000404 || GetResult || ||
| 0xC3000404 || GetResultData || ||
|-
|-
| 0xC3000E05 || ExpMod || ||
| 0xC3000E05 || ExpMod || ||
|-
|-
| 0xC3000006 || GetRandomBytes (Same as ID 1, Sub-ID 5) || ||
| 0xC3000006 || GenerateRandomBytes (Same as ID 1, Sub-ID 5) || ||
|-
|-
| 0xC3000007 || [[#GenerateAesKek]] || ||
| 0xC3000007 || [[#GenerateAesKek]] || ||
Line 46: Line 46:
| 0xC3000008 || [[#LoadAesKey]] || ||
| 0xC3000008 || [[#LoadAesKey]] || ||
|-
|-
| 0xC3000009 || [[#CryptAes]] || ||
| 0xC3000009 || [[#ComputeAes]] || ||
|-
|-
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
| 0xC300000A || [[#GenerateSpecificAesKey]] || ||
Line 52: Line 52:
| 0xC300040B || [[#ComputeCmac]] || ||
| 0xC300040B || [[#ComputeCmac]] || ||
|-
|-
| [1.0.0-4.1.0] 0xC300100C || [[#LoadRsaOaepKey]] || ||
| [1.0.0-4.1.0] 0xC300100C || [[#ImportEsKey]] || ||
|-
|-
| [5.0.0+] 0xC300D60C || [[#EncryptRsaKeyForImport]] || ||
| [5.0.0+] 0xC300D60C || [[#ReEncryptRsaPrivateKey]] || ||
|-
|-
| [1.0.0-4.1.0] 0xC300100D || [[#DecryptRsaPrivateKey]] || ||
| [1.0.0-4.1.0] 0xC300100D || [[#DecryptRsaPrivateKey]] || ||
|-
|-
| [5.0.0] 0xC300100D || [[#DecryptOrImportRsaKey]] || ||
| [5.0.0+] 0xC300100D || [[#DecryptOrImportRsaPrivateKey]] || ||
|-
|-
| [1.0.0-4.1.0] 0xC300100E || [[#LoadSecureExpModKey]] || ||
| [1.0.0-4.1.0] 0xC300100E || [[#ImportLotusKey]] || ||
|-
|-
| 0xC300060F || [[#SecureExpMod]] || ||
| 0xC300060F || [[#StorageExpMod]] || ||
|-
|-
| 0xC3000610 || [[#UnwrapRsaOaepWrappedTitleKey]] || ||
| 0xC3000610 || [[#UnwrapTitleKey]] || ||
|-
|-
| 0xC3000011 || [[#LoadTitleKey]] || ||
| 0xC3000011 || [[#LoadTitleKey]] || ||
|-
|-
| 0xC3000012 || [2.0.0+] UnwrapAesWrappedTitleKey || ||
| 0xC3000012 || [2.0.0+] [[#UnwrapCommonTitleKey]] || ||
|}
|}


Line 80: Line 80:
** This means: Plaintext kek keys never leave TrustZone.
** This means: Plaintext kek keys never leave TrustZone.
** Further, this means: Actual AES/RSA keys never leave TrustZone.
** Further, this means: Actual AES/RSA keys never leave TrustZone.
Note:
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.


=== GenerateAesKek ===
=== GenerateAesKek ===
Line 94: Line 91:
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_Aes]].
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_Aes]].


=== CryptAes ===
=== ComputeAes ===
Encrypts/decrypts using Aes (CTR and CBC).
Encrypts/decrypts using AES (CTR and CBC). Takes an [[#enum_CipherMode]].


Key must be set prior using one of the [[#LoadAesKey]], [[#GenerateSpecificAesKey]] or [[#LoadRsaWrappedAesKey]] commands.
Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands.


=== GenerateSpecificAesKey ===
=== GenerateSpecificAesKey ===
Todo: This one seems unrelated to [[#enum_CryptoUsecase]].
Takes a wrapped AES key and decrypts it using static data.


=== LoadRsaOaepKey ===
=== ComputeCmac ===
Calculates CMAC over input data.
 
=== ImportEsKey ===
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.


The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaOaep]].
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]].


This function was removed in [[5.0.0]], and replaced with [[#EncryptRsaKeyForImport]].
[5.0.0] This function was removed and replaced with [[#ReEncryptRsaPrivateKey]].


=== EncryptRsaKeyForImport ===
=== ReEncryptRsaPrivateKey ===
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key.
Takes in two session keks created with [[#GenerateAesKek]], two wrapped AES keys, an enum member, and a wrapped RSA private key.


Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid.
Decrypts and validates the wrapped RSA private key with the first kek/wrapped key, and re-encrypts it with the second if valid.


The re-encrypted key is then passed to the user, for use with [[#DecryptOrImportRsaKey]].
The re-encrypted key is then passed to the user, for use with [[#DecryptOrImportRsaPrivateKey]].


=== DecryptRsaPrivateKey ===
=== DecryptRsaPrivateKey ===
Line 123: Line 123:
[4.0.0+] The SMC handler when certain conditions pass and SMC_ID==0xC300100D now returns error 0x6 instead of calling the handler funcptr.
[4.0.0+] The SMC handler when certain conditions pass and SMC_ID==0xC300100D now returns error 0x6 instead of calling the handler funcptr.


=== DecryptOrImportRsaKey ===
[5.0.0+] This function was replaced by [[#DecryptOrImportRsaPrivateKey]].


This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional enum member argument.
=== DecryptOrImportRsaPrivateKey ===
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional [[#enum_DecryptOrImportMode]].


This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.


=== LoadSecureExpModKey ===
=== ImportLotusKey ===
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.


The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]].
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]].


This function was removed in [[5.0.0]], and replaced with [[#EncryptRsaKeyForImport]].
[5.0.0] This function was removed.


=== SecureExpMod ===
=== SecureExpMod ===
Performs an Exp Mod operation using an exponent previously loaded with the [[#LoadSecureExpModKey]] command.
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command.


=== UnwrapRsaOaepWrappedTitleKey ===
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#enum_SecureExpModMode]].
 
=== UnwrapTitleKey ===
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash.
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash.


Performs an Exp Mod operation using an exponent previously loaded with the [[#LoadRsaOaepKey]] command, and then validates/extracts a Titlekey from the resulting message.
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportEsKey]] command, and then validates/extracts a Titlekey from the resulting message.


Returns a session-unique AES key especially for use in [[#LoadTitleKey]].
Returns a session-unique AES key especially for use in [[#LoadTitleKey]].
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]].


=== LoadTitleKey ===
=== LoadTitleKey ===
Takes a session-unique AES key from [[#UnwrapAesWrappedTitleKey]] or [[#UnwrapRsaOaepWrappedTitleKey]].
Takes a session-unique AES key from [[#UnwrapCommonTitleKey]] or [[#UnwrapTitleKey]].
 
=== UnwrapCommonTitleKey ===
Takes an AES-wrapped TitleKey and returns a sealed AES key.


=== enum CryptoUsecase ===
=== enum CryptoUsecase ===
Line 159: Line 167:
| 2 || CryptoUsecase_RsaSecureExpMod
| 2 || CryptoUsecase_RsaSecureExpMod
|-
|-
| 3 || CryptoUsecase_RsaOaep
| 3 || CryptoUsecase_TitleKey
|}
 
Note:
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.
 
=== enum CipherMode ===
{| class=wikitable
! Value || Name
|-
| 0 || CipherMode_CbcEncrypt
|-
| 1 || CipherMode_CbcDecrypt
|-
| 2 || CipherMode_Ctr
|}
 
=== enum DecryptOrImportMode ===
{| class=wikitable
! Value || Name
|-
| 0 || DecryptOrImportMode_DecryptRsaPrivateKey
|-
| 1 || DecryptOrImportMode_ImportLotusKey
|-
| 2 || DecryptOrImportMode_ImportEsKey
|-
| 3 || DecryptOrImportMode_ImportSslKey
|-
| 4 || DecryptOrImportMode_ImportDrmKey
|}
 
=== enum SecureExpModMode ===
{| class=wikitable
! Value || Name
|-
| 0 || SecureExpModMode_Lotus
|-
| 1 || SecureExpModMode_Ssl
|-
| 2 || SecureExpModMode_Drm
|}
|}


Line 176: Line 224:
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
|-
|-
| 0xC3000005 || [[#GetRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes
| 0xC3000005 || [[#GenerateRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes
|-
|-
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result
Line 225: Line 273:
| 11 || [[#IsDebugMode]]
| 11 || [[#IsDebugMode]]
|-
|-
| 12 || [[#UnitConfiguration]]
| 12 || [[#KernelConfiguration]]
|-
|-
| 13 || [[#IsChargerHiZModeEnabled]]
| 13 || [[#IsChargerHiZModeEnabled]]
Line 231: Line 279:
| 14 || [4.0.0+] [[#IsKiosk]]
| 14 || [4.0.0+] [[#IsKiosk]]
|-
|-
| 15 || [5.0.0+] [[#NewHardwareType]]
| 15 || [5.0.0+] [[#RegulatorType]]
|-
|-
| 16 || [5.0.0+] [[#NewKeyGeneration]]
| 16 || [5.0.0+] [[#KeyGeneration]]
|-
|-
| 17 || [5.0.0+] [[#Package2Hash]]
| 17 || [5.0.0+] [[#Package2Hash]]
Line 265: Line 313:
|-
|-
|  5
|  5
|  [5.0.0+] Reserved
|  [4.0.0+] Reserved
|-
|-
|  6
|  6
|  [5.0.0+] Reserved
|  [4.0.0+] Reserved
|-
|-
|  7
|  7
|  [5.0.0+] DramId_MarikoIowax1x2Samsung4gb
|  [5.0.0+] DramId_MarikoIowax1x2Samsung4gb ([4.0.0-4.1.0] Reserved)
|-
|-
|  8
|  8
Line 280: Line 328:
|-
|-
|  10
|  10
|  [5.0.0+] Reserved
[6.0.0+] DramId_MarikoIowaHynix4gb ([5.0.0-5.1.0] Reserved)
|-
|-
|  11
|  11
|  [5.0.0+] Reserved
[7.0.0+] DramId_MarikoIowaMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|-
|  12
|  12
Line 290: Line 338:
|  13
|  13
|  [5.0.0+] DramId_MarikoHoagSamsung8gb
|  [5.0.0+] DramId_MarikoHoagSamsung8gb
|-
|  14
|  [7.0.0+] DramId_MarikoHoagHynix4gb ([5.0.0-6.2.0] Reserved)
|-
|  15
|  [7.0.0+] DramId_MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|  16
|  [8.0.0+] DramId_MarikoUnkSamsung4gb
|}
|}


[[PCV_services|PCV]] configures memory profiles based on DramId.
[[PCV_services|PCV]] selects memory training tables based on DramId.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
!  SoC
!  Platform
!  Platform
!  DramId
!  DramId
Version
Revision
!  DVFS version
|-
|-
|  T210
|  jetson-tx1
|  jetson-tx1
|  N/A
|  N/A
|  11_40800_01_V9.8.3_V1.6
| 0x07
|
  11_40800_01_V9.8.3_V1.6
11_68000_01_V9.8.3_V1.6
11_102000_01_V9.8.3_V1.6
11_204000_05_V9.8.3_V1.6
11_408000_02_V9.8.3_V1.6
11_665600_03_V9.8.3_V1.6
11_800000_01_V9.8.3_V1.6
11_1065600_01_V9.8.3_V1.6
11_1331200_01_V9.8.3_V1.6
11_1600000_02_V9.8.3_V1.6
|-
|-
|  T210
|  nx-abcb
|  nx-abcb
|  EristaIcosaSamsung4gb
|  EristaIcosaSamsung4gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
| 0x07
|
  10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  T210
|  nx-abcb
|  nx-abcb
|  EristaIcosaMicron4gb
|  EristaIcosaMicron4gb
|  10_40800_NoCfgVersion_V9.8.4_V1.6
| 0x07
|
  10_40800_NoCfgVersion_V9.8.4_V1.6
10_68000_NoCfgVersion_V9.8.4_V1.6
10_102000_NoCfgVersion_V9.8.4_V1.6
10_204000_NoCfgVersion_V9.8.4_V1.6
10_408000_NoCfgVersion_V9.8.4_V1.6
10_665600_NoCfgVersion_V9.8.4_V1.6
10_800000_NoCfgVersion_V9.8.4_V1.6
10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
|  T210
|  nx-abcb
|  nx-abcb
|  EristaIcosaHynix4gb
|  EristaIcosaHynix4gb
|  10_40800_NoCfgVersion_V9.8.4_V1.6
| 0x07
|
  10_40800_NoCfgVersion_V9.8.4_V1.6
10_68000_NoCfgVersion_V9.8.4_V1.6
10_102000_NoCfgVersion_V9.8.4_V1.6
10_204000_NoCfgVersion_V9.8.4_V1.6
10_408000_NoCfgVersion_V9.8.4_V1.6
10_665600_NoCfgVersion_V9.8.4_V1.6
10_800000_NoCfgVersion_V9.8.4_V1.6
10_1065600_NoCfgVersion_V9.8.4_V1.6
10_1331200_NoCfgVersion_V9.8.4_V1.6
10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
|  T210
|  nx-abca2
|  nx-abca2
|  EristaIcosaSamsung4gb or EristaIcosaMicron4gb
|  EristaIcosaSamsung4gb, EristaIcosaMicron4gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
| 0x07
|
  10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  T210
|  nx-abca2
|  nx-abca2
|  EristaIcosaHynix4gb
|  EristaIcosaHynix4gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
| 0x07
|
  10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  T210
|  nx-abca2
|  nx-abca2
|  EristaIcosaSamsung6gb
|  EristaIcosaSamsung6gb
|  10_40800_NoCfgVersion_V9.8.7_V1.6
| 0x07
|
  10_40800_NoCfgVersion_V9.8.7_V1.6
10_68000_NoCfgVersion_V9.8.7_V1.6
10_102000_NoCfgVersion_V9.8.7_V1.6
10_204000_NoCfgVersion_V9.8.7_V1.6
10_408000_NoCfgVersion_V9.8.7_V1.6
10_665600_NoCfgVersion_V9.8.7_V1.6
10_800000_NoCfgVersion_V9.8.7_V1.6
10_1065600_NoCfgVersion_V9.8.7_V1.6
10_1331200_NoCfgVersion_V9.8.7_V1.6
10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  nx-abca2
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowax1x2Samsung4gb
|  MarikoIowax1x2Samsung4gb
|  01_204000_NoCfgVersion_V0.3.1_V2.0
| 0x03
|
  01_204000_NoCfgVersion_V0.3.1_V2.0
01_1331200.0_NoCfgVersion_V0.3.1_V2.0
01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaSamsung4gb, MarikoHoagSamsung4gb
|  0x03
01_204000_NoCfgVersion_V0.3.1_V2.0
01_1331200.0_NoCfgVersion_V0.3.1_V2.0
01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaSamsung8gb, MarikoHoagSamsung8gb
|  0x03
|
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaHynix4gb, MarikoHoagHynix4gb
|  0x03
01_204000_NoCfgVersion_V0.3.1_V2.0
01_1331200.0_NoCfgVersion_V0.3.1_V2.0
01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
|  nx-abca2
|  T214
MarikoIowaSamsung4gb or MarikoHoagSamsung4gb
|  nx-abca2, nx-abcb, nx-abcc
|  01_204000_NoCfgVersion_V0.3.1_V2.0
|  MarikoIowaMicron4gb, MarikoHoagMicron4gb
0x03
|
  01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
|  nx-abca2
|  T214
MarikoIowaSamsung8gb or MarikoHoagSamsung8gb
|  nx-abca2, nx-abcb, nx-abcc
|  01_204000_NoCfgVersion_V0.4.2_V2.0
|  MarikoUnkSamsung4gb
0x03
|
  01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|}
|}


nx-abcb (Copper) is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
'''nx-abca2''' ('''Icosa''' or '''Hoag''' in '''Erista''', '''Iowa''' or '''Hoag''' in '''Mariko''') hardware types are variations of the retail and EDEV form factors.
 
'''nx-abcb''' ('''Copper''') is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
 
[8.0.0+] '''nx-abcc''' was added for '''Mariko'''.


nx-abca2 (Icosa) hardware types are variations of the retail form factor.
'''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X.


==== SecurityEngineIrqNumber ====
==== SecurityEngineIrqNumber ====
Line 351: Line 540:


==== HardwareType ====
==== HardwareType ====
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper) or 3 (Invalid).
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 (Hoag) or 3 (Invalid).
 
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 (Hoag), 3 (Iowa) or 4 (Invalid).


[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 3 (Mariko) or 4 (Invalid).
[7.0.0+] This item no longer depends on fuses and can only be 0 (Icosa) or 0xF (Invalid) in retail units.


A value of 2 (Hoag?) is always mapped to 4 (Invalid).
[8.0.0+] This item can be 0 (Icosa), 1 (Copper), 2 (Hoag), 3 (Iowa), 4 (Calcio) or 5 (Invalid). It still can only be 0 (Icosa) or 0xF (Invalid) in retail units.


==== IsRetail ====
==== IsRetail ====
Line 362: Line 553:
==== IsRecoveryBoot ====
==== IsRecoveryBoot ====
Used to determine if the system is booting from SafeMode firmware.
Used to determine if the system is booting from SafeMode firmware.
Under normal circumstances, this just returns bit 0 of the active [[BCT#bootloader0_info|bootloader info]]'s attribute field.


==== DeviceId ====
==== DeviceId ====
Line 368: Line 561:
==== BootReason ====
==== BootReason ====
Used to determine how the system booted.
Used to determine how the system booted.
{| class=wikitable
! Value || Description
|-
| 0 || Invalid
|-
| 1 || AcOk
|-
| 2 || OnKey
|-
| 3 || RtcAlarm1
|-
| 4 || RtcAlarm2
|}


==== MemoryArrange ====
==== MemoryArrange ====
Line 381: Line 588:
The value of this field is loaded from [[BootConfig]] unsigned-config+0x10 u8 bit1.
The value of this field is loaded from [[BootConfig]] unsigned-config+0x10 u8 bit1.


==== UnitConfiguration ====
==== KernelConfiguration ====
Kernel reads this when setting up memory-related code. If bit0 is set, it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. If bit17-16 is 0b01, the kernel assumes 6GB of DRAM instead of 4GB.
Kernel reads this when setting up memory-related code.  
 
Bit 0 is a boolean determining whether kernel should it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs.
 
Bit 1 is a boolean determining whether kernel should forcefully enable usermode exception handlers (when false, only certain aborts (((1LL << (esr >> 26)) & 0x1115804400224001) == 0, typically data/prefetch aborts) that occur when the faulting address is in a readable region with MemoryType_CodeStatic will trigger usermode exception handlers).
 
Bit 2 is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
 
[8.0.0+] Bit 3 is a boolean determining whether the kernldr should allocate 0x68000 extra bytes before INI1 data
 
Bits 8-15 are a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.


bit1 and bit2 are boolean values.
Bits 16-17 determine how much memory is available. 00/03 = 4 GB, 01 = 6 GB, 02 = 8 GB.
If bit15-8 is zero, kernel will loop forever without calling smcPanic, nonzero smcPanics with 0xf00 and then loops.


==== IsChargerHiZModeEnabled ====
==== IsChargerHiZModeEnabled ====
This tells if the TI Charger (bq24192) is active.
This tells if the TI Charger (bq24192) is active.


==== NewKeyGeneration ====
==== KeyGeneration ====
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.


Line 400: Line 616:
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.


==== NewHardwareType ====
==== RegulatorType ====
This item is currently hardcoded to 0.
This item is currently hardcoded to 0.


[5.0.0+] [[PCV_services|PCV]] overrides the value from [[#HardwareType|HardwareType]] and configures PMIC devices with this item.
[5.0.0+] [[PCV_services|PCV]] uses this value in combination with [[#HardwareType|HardwareType]] to configure power blocks and memory tables for different hardware.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
!  Value
!  Value
Devices
SoC
!  GPU
!  Power Blocks
|-
|-
|  0
|  0
|  T210
|  GM20B (0x12B)
|  max77620_sd0, max77621_cpu and max77621_gpu
|  max77620_sd0, max77621_cpu and max77621_gpu
|-
|-
|  1
|  1
|  T214
|  GM20B_B (0x12E)
|  max77620_sd0, max77812_cpu and max77812_gpu
|  max77620_sd0, max77812_cpu and max77812_gpu
|-
|-
|  2
|  2
|  T214
|  GM20B_B (0x12E)
|  max77620_sd0, max77812_cpu and max77812_gpu
|  max77620_sd0, max77812_cpu and max77812_gpu
|}
|}
Line 422: Line 646:
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.


=== GetRandomBytes ===
=== GenerateRandomBytes ===
Takes a '''size''' and returns '''rand_bytes'''.
Takes a '''size''' and returns '''rand_bytes'''.


Line 448: Line 672:
! Value || Description
! Value || Description
|-
|-
| 2 || Invalid input
| 0 || Success
|-
| 1 || Not implemented
|-
| 2 || Invalid argument
|-
| 3 || In progress
|-
| 4 || No async operation
|-
| 5 || Invalid async operation
|-
|-
| 3 || Busy
| [8.0.0+] 6 || Blacklisted
|}
|}
Retrieved from "https://switchbrew.org/wiki/Secure_Monitor"