Nintendo Switch Brew

Secure Monitor: Difference between revisions

← Older editNewer edit →
No edit summary
(8 intermediate revisions by 2 users not shown)
Line 92: Line 92:


=== ComputeAes ===
=== ComputeAes ===
Encrypts/decrypts using Aes (CTR and CBC).
Encrypts/decrypts using AES (CTR and CBC). Takes an [[#enum_CipherMode]].


Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands.
Key must be set prior using one of the [[#LoadAesKey]] or [[#GenerateSpecificAesKey]] commands.
Line 126: Line 126:


=== DecryptOrImportRsaPrivateKey ===
=== DecryptOrImportRsaPrivateKey ===
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional enum member argument.
This function replaced [[#DecryptRsaPrivateKey]] in [[5.0.0]], adding an additional [[#enum_DecryptOrImportMode]].


This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.
This SMC extends DecryptRsaPrivateKey's original functionality to enable importing private keys into the security engine instead of decrypting them, when certain enum members are passed.
Line 135: Line 135:
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]].
The session kek must have been created with [[#enum_CryptoUsecase|CryptoUsecase_RsaSecureExpMod]].


[5.0.0] This function was removed and replaced with [[#ReEncryptRsaPrivateKey]].
[5.0.0] This function was removed.


=== SecureExpMod ===
=== SecureExpMod ===
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command.
Performs an ExpMod operation using an exponent previously loaded with the [[#ImportLotusKey]] command.


[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]].
[5.0.0+] This now uses any exponent previously loaded with [[#DecryptOrImportRsaPrivateKey]] and takes an [[#enum_SecureExpModMode]].


=== UnwrapTitleKey ===
=== UnwrapTitleKey ===
Line 172: Line 172:
Note:
Note:
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.
The [[#enum_CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.
=== enum CipherMode ===
{| class=wikitable
! Value || Name
|-
| 0 || CipherMode_CbcEncrypt
|-
| 1 || CipherMode_CbcDecrypt
|-
| 2 || CipherMode_Ctr
|}
=== enum DecryptOrImportMode ===
{| class=wikitable
! Value || Name
|-
| 0 || DecryptOrImportMode_DecryptRsaPrivateKey
|-
| 1 || DecryptOrImportMode_ImportLotusKey
|-
| 2 || DecryptOrImportMode_ImportEsKey
|-
| 3 || DecryptOrImportMode_ImportSslKey
|-
| 4 || DecryptOrImportMode_ImportDrmKey
|}
=== enum SecureExpModMode ===
{| class=wikitable
! Value || Name
|-
| 0 || SecureExpModMode_Lotus
|-
| 1 || SecureExpModMode_Ssl
|-
| 2 || SecureExpModMode_Drm
|}


== ID 1 ==
== ID 1 ==
Line 187: Line 224:
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
| 0xC3000004 || [[#GetConfig]] (Same as ID 0, Sub-ID 2) || W1=config_item, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4=config_val
|-
|-
| 0xC3000005 || [[#GetRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes
| 0xC3000005 || [[#GenerateRandomBytes]] (Same as ID 0, Sub-ID 6) || X1=size, X2,X3,X4,X5,X6,X7=0 || X0=result, X1,X2,X3,X4,X5,X6,X7=rand_bytes
|-
|-
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result
| 0xC3000006 || [[#Panic]] || W1=panic_color, X2,X3,X4,X5,X6,X7=0 || X0=result
Line 242: Line 279:
| 14 || [4.0.0+] [[#IsKiosk]]
| 14 || [4.0.0+] [[#IsKiosk]]
|-
|-
| 15 || [5.0.0+] [[#NewHardwareType]]
| 15 || [5.0.0+] [[#RegulatorType]]
|-
|-
| 16 || [5.0.0+] [[#NewKeyGeneration]]
| 16 || [5.0.0+] [[#KeyGeneration]]
|-
|-
| 17 || [5.0.0+] [[#Package2Hash]]
| 17 || [5.0.0+] [[#Package2Hash]]
Line 276: Line 313:
|-
|-
|  5
|  5
|  [4.0.0+] Reserved (DramId_EristaIcosaHynix6gb)
|  [4.0.0+] Reserved
|-
|-
|  6
|  6
|  [4.0.0+] Reserved (DramId_EristaIcosaMicron6gb)
|  [4.0.0+] Reserved
|-
|-
|  7
|  7
Line 307: Line 344:
|  15
|  15
|  [7.0.0+] DramId_MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved)
|  [7.0.0+] DramId_MarikoHoagMicron4gb ([5.0.0-6.2.0] Reserved)
|-
|  16
|  [8.0.0+] DramId_MarikoIowaSamsung4gbY
|-
|  17
|  [9.0.0+] DramId_MarikoIowaSamsung1y4gbX
|-
|  18
|  [9.0.0+] DramId_MarikoIowaSamsung1y8gbX
|-
|  19
|  [9.0.0+] DramId_MarikoHoagSamsung1y4gbX
|-
|  20
|  [9.0.0+] DramId_MarikoIowaSamsung1y4gbY
|-
|  21
|  [9.0.0+] DramId_MarikoIowaSamsung1y8gbY
|-
|  22
|  [9.0.0+] DramId_MarikoIowaSamsung1y4gbA
|}
|}


Line 312: Line 370:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
!  SoC
!  Platform
!  Platform
!  DramId
!  DramId
Line 317: Line 376:
!  DVFS version
!  DVFS version
|-
|-
|  T210
|  jetson-tx1
|  jetson-tx1
|  N/A
|  N/A
Line 332: Line 392:
  11_1600000_02_V9.8.3_V1.6
  11_1600000_02_V9.8.3_V1.6
|-
|-
|  T210
|  nx-abcb
|  nx-abcb
|  EristaIcosaSamsung4gb
|  EristaIcosaSamsung4gb
Line 347: Line 408:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  T210
|  nx-abcb
|  nx-abcb
|  EristaIcosaMicron4gb
|  EristaIcosaMicron4gb
Line 362: Line 424:
  10_1600000_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
|  T210
|  nx-abcb
|  nx-abcb
|  EristaIcosaHynix4gb
|  EristaIcosaHynix4gb
Line 377: Line 440:
  10_1600000_NoCfgVersion_V9.8.4_V1.6
  10_1600000_NoCfgVersion_V9.8.4_V1.6
|-
|-
|  T210
|  nx-abca2
|  nx-abca2
|  EristaIcosaSamsung4gb or EristaIcosaMicron4gb
|  EristaIcosaSamsung4gb, EristaIcosaMicron4gb
|  0x07
|  0x07
|  
|  
Line 392: Line 456:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  T210
|  nx-abca2
|  nx-abca2
|  EristaIcosaHynix4gb
|  EristaIcosaHynix4gb
Line 407: Line 472:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  T210
|  nx-abca2
|  nx-abca2
|  EristaIcosaSamsung6gb
|  EristaIcosaSamsung6gb
Line 422: Line 488:
  10_1600000_NoCfgVersion_V9.8.7_V1.6
  10_1600000_NoCfgVersion_V9.8.7_V1.6
|-
|-
|  nx-abca2
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowax1x2Samsung4gb
|  MarikoIowax1x2Samsung4gb
|  0x03
|  0x03
Line 430: Line 497:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
|  nx-abca2
|  T214
|  MarikoIowaSamsung4gb or MarikoHoagSamsung4gb
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaSamsung4gb, MarikoHoagSamsung4gb
|  0x03
|  0x03
|   
|   
Line 438: Line 506:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
|  nx-abca2
|  T214
|  MarikoIowaSamsung8gb or MarikoHoagSamsung8gb
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaSamsung8gb, MarikoHoagSamsung8gb
|  0x03
|  0x03
|
|
Line 446: Line 515:
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|-
|  nx-abca2
|  T214
|  MarikoIowaHynix4gb or MarikoHoagHynix4gb
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaHynix4gb, MarikoHoagHynix4gb
|  0x03
|  0x03
|   
|   
Line 454: Line 524:
  01_1600000_NoCfgVersion_V0.3.1_V2.0
  01_1600000_NoCfgVersion_V0.3.1_V2.0
|-
|-
|  nx-abca2
|  T214
|  MarikoIowaMicron4gb or MarikoHoagMicron4gb
|  nx-abca2, nx-abcb, nx-abcc
|  MarikoIowaMicron4gb, MarikoHoagMicron4gb
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoIowaSamsung4gbY
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoIowaSamsung1y4gbX
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoIowaSamsung1y8gbX
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoHoagSamsung1y4gbX
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoIowaSamsung1y4gbY
|  0x03
01_204000_NoCfgVersion_V0.4.2_V2.0
01_1331200.0_NoCfgVersion_V0.4.2_V2.0
01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoIowaSamsung1y8gbY
|  0x03
|  0x03
|   
|   
Line 461: Line 586:
  01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  01_1331200.0_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
  01_1600000_NoCfgVersion_V0.4.2_V2.0
|-
|  T214
|  nx-abca2, nx-abcb, nx-abcc
|  DramId_MarikoIowaSamsung1y4gbA
|  0x03
01_204000_NoCfgVersion_V0.4.5_V2.0
01_1331200.0_NoCfgVersion_V0.4.5_V2.0
01_1600000_NoCfgVersion_V0.4.5_V2.0
|}
|}
'''nx-abca2''' ('''Icosa''' in '''Erista''', '''Iowa''' in '''Mariko''') hardware types are variations of the retail and EDEV form factors.


'''nx-abcb''' ('''Copper''') is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
'''nx-abcb''' ('''Copper''') is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.


'''nx-abca2''' ('''Icosa''' or '''Hoag''' in '''Erista''', '''Iowa''' or '''Hoag''' in '''Mariko''') hardware types are variations of the retail or EDEV form factors.
[8.0.0+] '''nx-abcc''' ('''Hoag''') was added for '''Mariko'''.


'''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X.
'''Erista''' memory is LPDDR4, while '''Mariko''' memory is LPDDR4X.
Line 476: Line 612:


==== HardwareType ====
==== HardwareType ====
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 (Hoag) or 3 (Invalid).
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
* 0 ('''Icosa'''; Erista retail and EDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
* 1 ('''Copper'''; Erista SDEV), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 3 (Invalid).
 
Value 2 is reserved and considered invalid.


[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 2 (Hoag), 3 (Mariko) or 4 (Invalid).
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
* 0 ('''Icosa'''; Erista retail and EDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
* 1 ('''Copper'''; Erista SDEV), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 3 ('''Iowa'''; Mariko retail and EDEV), if new hardware type (bits 16-19) is '''Iowa'''.
* 4 (Invalid).


[7.0.0+] This item no longer depends on fuses and can only be 0 (Icosa) or 0xF (Invalid) in retail units.
Value 2 is reserved and considered invalid.
 
[7.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]], but is now only 0 (Icosa) or 0xF (Invalid) in retail units.
 
[8.0.0+] This item can be obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be:
* 0 ('''Icosa'''; Erista retail and EDEV), if development flag (bit 8) is '''Retail''' and production flag (bit 2) is '''Production'''.
* 1 ('''Copper'''; Erista SDEV), if development flag (bit 8) is '''Development''' and production flag (bit 2) is '''Prototype'''.
* 2 ('''Hoag'''; Mariko Lite retail and HDEV), if new hardware type (bits 16-19) is '''Hoag'''.
* 3 ('''Iowa'''; Mariko retail and EDEV), if new hardware type (bits 16-19) is '''Iowa'''.
* 4 ('''Calcio''').
* 5 (Invalid).
 
It is still only 0 (Icosa) or 0xF (Invalid) in retail units.


==== IsRetail ====
==== IsRetail ====
Line 495: Line 652:
==== BootReason ====
==== BootReason ====
Used to determine how the system booted.
Used to determine how the system booted.
{| class=wikitable
! Value || Description
|-
| 0 || Invalid
|-
| 1 || AcOk
|-
| 2 || OnKey
|-
| 3 || RtcAlarm1
|-
| 4 || RtcAlarm2
|}


==== MemoryArrange ====
==== MemoryArrange ====
Line 516: Line 687:


Bit 2 is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
Bit 2 is a boolean determining whether kernel should enable usermode access to the Performance Monitors (whether PMUSERENR_EL0 should be 1 or 0).
[8.0.0+] Bit 3 is a boolean determining whether the kernldr should allocate 0x68000 extra bytes before INI1 data


Bits 8-15 are a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
Bits 8-15 are a boolean determining whether kernel should call smcPanic on error instead of infinite-looping.
Line 524: Line 697:
This tells if the TI Charger (bq24192) is active.
This tells if the TI Charger (bq24192) is active.


==== NewKeyGeneration ====
==== KeyGeneration ====
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.


Line 534: Line 707:
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.
[4.0.0+] [[Settings_services|Settings]] uses this value to overwrite the quest flag from [[Settings_services#set:sys|GetQuestFlag]]. This is used to detect if a Switch is a kiosk unit for display at retail stores.


==== NewHardwareType ====
==== RegulatorType ====
This item is currently hardcoded to 0.
This item is currently hardcoded to 0.


Line 552: Line 725:
|  1
|  1
|  T214
|  T214
GM2?? (0x12E)
GM20B_B (0x12E)
|  max77620_sd0, max77812_cpu and max77812_gpu
|  max77620_sd0, max77812_cpu and max77812_gpu
|-
|-
|  2
|  2
|  T214
|  T214
GM2?? (0x12E)
GM20B_B (0x12E)
|  max77620_sd0, max77812_cpu and max77812_gpu
|  max77620_sd0, max77812_cpu and max77812_gpu
|}
|}
Line 564: Line 737:
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.


=== GetRandomBytes ===
=== GenerateRandomBytes ===
Takes a '''size''' and returns '''rand_bytes'''.
Takes a '''size''' and returns '''rand_bytes'''.


Line 590: Line 763:
! Value || Description
! Value || Description
|-
|-
| 2 || Invalid input
| 0 || Success
|-
| 1 || Not implemented
|-
| 2 || Invalid argument
|-
| 3 || In progress
|-
| 4 || No async operation
|-
| 5 || Invalid async operation
|-
|-
| 3 || Busy
| [8.0.0+] 6 || Blacklisted
|}
|}
Retrieved from "https://switchbrew.org/wiki/Secure_Monitor"