Nintendo Switch Brew

Changes

Security Engine (view source)

Revision as of 21:05, 10 April 2018

292 bytes added ,  21:05, 10 April 2018
no edit summary
Line 1: Line 1: −
The security engine (SE) is responsible for the crypto done on the switch. SE is mapped to physical address 0x70012000.
+
The Nintendo Switch uses Tegra's Security Engine (SE) for handling cryptographic opearations at the system's lowest level.
   −
= SE registers =
+
The SE driver is mapped to physical address 0x70012000 with a total size of 0x2000 bytes and exposes several registers for programming the Security Engine.
 +
 
 +
= Registers =
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Register
+
! Name
! Offset
+
! Address
|-
  −
| OPERATION_REG_OFFSET
  −
| 0x008
  −
|-
  −
| INT_ENABLE_REG_OFFSET
  −
| 0x00C
  −
|-
  −
| INT_STATUS_REG_OFFSET
  −
| 0x010
  −
|-
  −
| CONFIG_REG_OFFSET
  −
| 0x014
   
|-
 
|-
| IN_LL_ADDR_REG_OFFSET
+
| SE_OPERATION_UNK0
| 0x018
+
| 0x70012000
 
|-
 
|-
| OUT_LL_ADDR_REG_OFFSET
+
| SE_OPERATION_UNK1
| 0x024
+
| 0x70012004
 
|-
 
|-
| HASH_RESULT_REG_OFFSET
+
| SE_OPERATION
| 0x030
+
| 0x70012008
 
|-
 
|-
| CONTEXT_SAVE_CONFIG_REG_OFFSET
+
| SE_INT_ENABLE
| 0x070
+
| 0x7001200C
 
|-
 
|-
| SHA_CONFIG_REG
+
| SE_INT_STATUS
| 0x200
+
| 0x70012010
 
|-
 
|-
| SHA_MSG_LENGTH_REG
+
| SE_CONFIG
| 0x204
+
| 0x70012014
 
|-
 
|-
| SHA_MSG_LEFT_REG
+
| SE_IN_LL_ADDR
| 0x214
+
| 0x70012018
 
|-
 
|-
| KEYSLOT_1
+
| SE_OUT_LL_ADDR
| 0x284
+
| 0x70012024
 
|-
 
|-
| KEYSLOT_2
+
| SE_HASH_RESULT
| 0x288
+
| 0x70012030
 
|-
 
|-
| KEYSLOT_3
+
| SE_CONTEXT_SAVE_CONFIG
| 0x28C
+
| 0x70012070
 
|-
 
|-
| KEYSLOT_4
+
| SE_SHA_CONFIG
| 0x290
+
| 0x70012200
 
|-
 
|-
| KEYSLOT_5
+
| SE_SHA_MSG_LENGTH
| 0x294
+
| 0x70012204
 
|-
 
|-
| KEYSLOT_6
+
| SE_SHA_MSG_UNK0
| 0x298
+
| 0x70012208
 
|-
 
|-
| KEYSLOT_7
+
| SE_SHA_MSG_UNK1
| 0x29C
+
| 0x7001220C
 
|-
 
|-
| KEYSLOT_8
+
| SE_SHA_MSG_UNK2
| 0x2A0
+
| 0x70012210
 
|-
 
|-
| KEYSLOT_9
+
| SE_SHA_MSG_LEFT
| 0x2A4
+
| 0x70012214
 
|-
 
|-
| KEYSLOT_10
+
| SE_SHA_MSG_UNK3
| 0x2A8
+
| 0x70012218
 
|-
 
|-
| KEYSLOT_11
+
| SE_SHA_MSG_UNK4
| 0x2AC
+
| 0x7001221C
 
|-
 
|-
| KEYSLOT_12
+
| SE_SHA_MSG_UNK5
| 0x2B0
+
| 0x70012220
 
|-
 
|-
| KEYSLOT_13
+
| SE_AES_KEY_READ_DISABLE
| 0x2B4
+
| 0x70012280
 
|-
 
|-
| KEYSLOT_14
+
| SE_AES_KEYTABLE_ACCESS
| 0x2B8
+
| 0x70012284
 
|-
 
|-
| KEYSLOT_15
+
| SE_CRYPTO
| 0x2BC
+
| 0x70012304
 
|-
 
|-
| KEYSLOT_16
+
| SE_CRYPTO_CTR
| 0x2C0
+
| 0x70012308
 
|-
 
|-
| CRYPTO_REG
+
| SE_BLOCK_COUNT
| 0x304
+
| 0x70012318
 
|-
 
|-
| CRYPTO_CTR_REG
+
| SE_AES_KEYTABLE_ADDR
| 0x308
+
| 0x7001231C
 
|-
 
|-
| BLOCK_COUNT_REG
+
| SE_AES_KEYTABLE_DATA
| 0x318
+
| 0x70012320
 
|-
 
|-
| KEYTABLE_REG
+
| SE_CRYPTO_KEYTABLE_DST
| 0x31C
+
| 0x70012330
 
|-
 
|-
| KEYTABLE_DATA0_REG
+
| SE_RNG_CONFIG
| 0x320
+
| 0x70012340
 
|-
 
|-
| CRYPTO_KEYTABLE_DST_REG
+
| SE_RNG_SRC_CONFIG
| 0x330
+
| 0x70012344
 
|-
 
|-
| RNG_CONFIG_REG
+
| SE_RNG_RESEED_INTERVAL
| 0x340
+
| 0x70012348
 
|-
 
|-
| RNG_SRC_CONFIG_REG
+
| SE_RSA_CONFIG
| 0x344
+
| 0x70012400
 
|-
 
|-
| RNG_RESEED_INTERVAL_REG
+
| SE_RSA_KEY_SIZE
| 0x348
+
| 0x70012404
 
|-
 
|-
| RSA_CONFIG
+
| SE_RSA_EXP_SIZE
| 0x400
+
| 0x70012408
 
|-
 
|-
| RSA_KEY_SIZE_REG_OFFSET
+
| SE_RSA_KEY_READ_DISABLE
| 0x404
+
| 0x7001240C
 
|-
 
|-
| RSA_EXP_SIZE_REG_OFFSET
+
| SE_RSA_KEYTABLE_ACCESS
| 0x408
+
| 0x70012410
 
|-
 
|-
| RSA_KEYSLOT_1
+
| SE_RSA_KEYTABLE_ADDR
| 0x410
+
| 0x70012420
 
|-
 
|-
| RSA_KEYSLOT_2
+
| SE_RSA_KEYTABLE_DATA
| 0x414
+
| 0x70012424
 
|-
 
|-
| RSA_KEYTABLE_ADDR
+
| SE_RSA_OUTPUT
| 0x420
+
| 0x70012428
 
|-
 
|-
| RSA_KEYTABLE_DATA
+
| SE_STATUS_FLAGS
| 0x424
+
| 0x70012800
 
|-
 
|-
| RSA_OUTPUT
+
| SE_ERR_STATUS
| 0x428
+
| 0x70012804
 
|-
 
|-
| SPARE_0_REG_OFFSET
+
| SE_SPARE_0
| 0x80C
+
| 0x7001280C
 
|}
 
|}
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/4445"