Changes

4,102 bytes removed ,  18:44, 12 May 2020
no edit summary
Line 1: Line 1: −
SPL is responsible for handling all cryptographic operations within the system and relaying them to the [[#SMC|Secure Monitor]] when necessary.
+
SPL ("Secure Platform services") is responsible for handling all cryptographic operations within the system and relaying them to the [[SMC|Secure Monitor]] when necessary.
    
During [1.0.0-3.0.2], the only existing services were "csrng" and "spl:". However, in [4.0.0+] the "spl:" service was refactored and split into new services with different permission levels. Each service exposes the IPC command list differently in order to prevent cryptographic operations to take place in the wrong context.
 
During [1.0.0-3.0.2], the only existing services were "csrng" and "spl:". However, in [4.0.0+] the "spl:" service was refactored and split into new services with different permission levels. Each service exposes the IPC command list differently in order to prevent cryptographic operations to take place in the wrong context.
 +
 +
In [2.0.0+] where previously only one AES keyslot was used, there is now support for 4 of them and when the session closes, all allocated AES keyslots are automatically freed.
    
= csrng =
 
= csrng =
Line 10: Line 12:  
! Cmd || Name
 
! Cmd || Name
 
|-
 
|-
| 0 || [[#GetRandomBytes]]
+
| 0 || [[#GenerateRandomBytes]]
 +
|}
 +
 
 +
== GenerateRandomBytes ==
 +
Takes an output type-0xA buffer and fills it with random data from [[SMC#GenerateRandomBytes|GenerateRandomBytes SMC]]. Same command for "spl:" and "csrng" services, except for buffer-type.
 +
 
 +
= spl: =
 +
This is "nn::spl::detail::IGeneralInterface".
 +
 
 +
{| class="wikitable" border="1"
 +
|-
 +
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 +
|-
 +
| 5 || [[#SetConfig]]
 +
|-
 +
| 7 || [[#GenerateRandomBytes]]
 +
|-
 +
| 11 || [[#IsDevelopment]]
 +
|-
 +
| 24 || [3.0.0+] [[#SetBootReason]]
 +
|-
 +
| 25 || [3.0.0+] [[#GetBootReason]]
 
|}
 
|}
   −
== GetRandomBytes ==
+
== GetConfig ==
Takes a type-6 buffer and fills it with random data from [[SMC#GetRandomBytes|GetRandomBytes SMC]]. Same command for "spl:" and "csrng" services.
+
Wrapper for [[SMC#GetConfig|GetConfig SMC]].
 +
 
 +
Takes an input u32 '''ConfigItem'''. Returns one or more output u64s '''ConfigValue'''.
 +
 
 +
== ModularExponentiate ==
 +
Wrapper for [[SMC#ModularExponentiate|ModularExponentiate SMC]].
 +
 
 +
Takes an output type-0xA buffer '''DataOut''' and 3 input type-0x9 buffers '''DataIn''', '''ExpIn''' and '''ModIn'''.
 +
 
 +
Performs asymmetric crypto with user supplied modulus and exponent.
 +
 
 +
== GenerateAesKek ==
 +
Wrapper for [[SMC#GenerateAesKek|GenerateAesKek SMC]].
 +
 
 +
Takes an input 16-byte '''KeySource''' and two input u32s '''Generation''' and '''Option'''. Returns an output 16-byte '''AccessKey'''.
 +
 
 +
== LoadAesKey ==
 +
Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].
 +
 
 +
Takes an input u32 '''Keyslot''' , an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''.
 +
 
 +
Sets the specified '''Keyslot''' with a key generated from '''AccessKey''' and '''KeySource'''.
 +
 
 +
[2.0.0+] Now verifies that the keyslot in use (0..3) is allocated by the current spl session, otherwise errors with 0xD21A. Previously, keyslot was hardcoded to 0.
 +
 
 +
== GenerateAesKey ==
 +
Takes an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''. Returns an output 16-byte '''AesKey'''.
 +
 
 +
Generates a new key by decrypting (AES-ECB) '''KeySource''' with a key generated from the supplied '''AccessKey''' and the key set with [[SMC#LoadAesKey|LoadAesKey SMC]].
 +
 
 +
[2.0.0+] Previously, it always used keyslot 0. Now it tries to allocate a keyslot to be used and returns 0xD01A if they're all busy. When the command is done, the keyslot is released.
 +
 
 +
== SetConfig ==
 +
Wrapper for [[SMC#SetConfig|SetConfig SMC]].
 +
 
 +
Takes an input u32 '''ConfigItem''' and an input u64 '''ConfigValue'''.
 +
 
 +
Only '''ConfigItem''' 13 (IsChargerHiZModeEnabled) can be set.
 +
 
 +
== ImportLotusKey ==
 +
Wrapper for [[SMC#DecryptAndImportLotusKey|DecryptAndImportLotusKey SMC]].
 +
 
 +
Takes an input type-0x9 buffer '''DataIn''', an input 16-byte '''AccessKey''', an input 16-byte '''KeySource''' and an input u32 '''Version''' (0 for normal keys or 1 for extended keys).
 +
 
 +
Decrypts '''DataIn''' with a key generated from '''AccessKey''' and '''KeySource''' and imports it for later usage.
 +
 
 +
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
 +
 
 +
== DecryptLotusMessage ==
 +
Takes 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''.
 +
 
 +
Uses the [[SMC#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey SMC]] to decrypt '''DataIn''' using the private key imported with [[#ImportLotusKey]] and the supplied '''ModIn''' and '''LabelHashIn'''.
 +
 
 +
== IsDevelopment ==
 +
No input. Returns an output u8 bool.
 +
 
 +
Uses [[#GetConfig]] internally.
 +
 
 +
== GenerateSpecificAesKey ==
 +
Wrapper for [[SMC#GenerateSpecificAesKey|GenerateSpecificAesKey SMC]].
   −
= spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu =
+
Takes an input 16-byte '''KeySource''' and two input u32s '''Generation''' and '''Option'''. Returns an output 16-byte '''AesKey'''.
These are "nn::spl::detail::IGeneralInterface", "nn::spl::detail::ICryptoInterface", "nn::spl::detail::IFsInterface", "nn::spl::detail::ISslInterface", "nn::spl::detail::IEsInterface" and "nn::spl::detail::IManuInterface"(?).
     −
[2.0.0+] Where previously only one AES engine was utilized, there is now support for 4 of them.
+
== DecryptDeviceUniqueData ==
 +
Wrapper for [[SMC#DecryptDeviceUniqueData|DecryptDeviceUniqueData SMC]].
   −
[2.0.0+] When the session closes, all AES engines that were locked are automatically unlocked.
+
Takes an output type-0xA buffer '''DataOut''', an input type-0x9 '''DataIn''', an input 16-byte '''AccessKey''', an input 16-byte '''KeySource''' and an input u32 '''Version''' (0 for normal keys or 1 for extended keys).
 +
 
 +
Decrypts '''DataIn''' into '''DataOut''' with a key generated from '''AccessKey''' and '''KeySource'''.
 +
 
 +
Used by [[SSL_services|SSL]] for TLS client-privk.
 +
 
 +
[5.0.0+] The '''Version''' argument was removed.
 +
 
 +
== DecryptAesKey ==
 +
Takes an input 16-byte '''KeySource''' and two input u32s '''Generation''' and '''Option'''. Returns an output 16-byte '''AesKey'''.
 +
 
 +
Decrypts (AES-ECB) '''KeySource''' with a key set with [[SMC#LoadAesKey|LoadAesKey SMC]].
 +
 
 +
[2.0.0+] Introduced same keyslot allocation code as for [[#GenerateAesKey]].
 +
 
 +
== CryptAesCtr ==
 +
Takes an output type-0x46 buffer '''DataOut''', an input u32 '''Keyslot''', an input type-0x45 buffer '''DataIn''' and an input 16-byte '''IvCtr'''.
 +
 
 +
Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''DataIn''' into '''DataOut''' using the key set in the specified '''Keyslot'''.
 +
 
 +
[2.0.0+] Verifies the keyslot was allocated by the current session.
 +
 
 +
== ComputeCmac ==
 +
Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].
 +
 
 +
Takes an input type-0x9 buffer '''DataIn''' and an input u32 '''Keyslot'''. Returns an output 16-byte '''Cmac'''.
 +
 
 +
[2.0.0+] Verifies the keyslot was allocated by the current session.
 +
 
 +
== ImportEsKey ==
 +
Wrapper for [[SMC#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey SMC]].
 +
 
 +
Takes an input type-0x9 buffer '''DataIn''', an input 16-byte '''AccessKey''', an input 16-byte '''KeySource''' and an input u32 '''Version''' (0 for normal keys or 1 for extended keys).
 +
 
 +
Decrypts '''DataIn''' with a key generated from '''AccessKey''' and '''KeySource''' and imports it for later usage.
 +
 
 +
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
 +
 
 +
== UnwrapTitleKey ==
 +
Wrapper for [[SMC#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey SMC]].
 +
 
 +
Takes an output type-0xA buffer '''DataOut''' and 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''. Returns an output u32 '''DataOutSize'''.
 +
 
 +
[3.0.0+] Now takes an input u32 '''Generation'''.
 +
 
 +
Decrypts '''DataIn''' into '''DataOut''' using the private key imported with [[#ImportEsKey]] and the supplied '''ModIn'''. Afterwards, verifies RSA-OAEP encoding using '''LabelHashIn'''.
 +
 
 +
== LoadTitleKey ==
 +
Wrapper for [[SMC#LoadPreparedAesKey|LoadPreparedAesKey SMC]].
 +
 
 +
Takes an input u32 '''Keyslot''' and an input 16-byte '''AccessKey'''.
 +
 
 +
[2.0.0+] Verifies the keyslot was allocated in the current session.
 +
 
 +
== UnwrapCommonTitleKey ==
 +
Wrapper for [[SMC#PrepareEsCommonKey|PrepareEsCommonKey SMC]].
 +
 
 +
Takes an input 16-byte '''KeySource'''. Returns an output 16-byte '''AccessKey'''.
 +
 
 +
[3.0.0+] Now takes an input u32 '''Generation'''.
 +
 
 +
== AllocateAesKeyslot ==
 +
Returns an output u32 '''Keyslot'''.
 +
 
 +
Returns error 0xD01A if all keyslots are taken.
 +
 
 +
== DeallocateAesKeySlot ==
 +
Takes an input u32 '''Keyslot'''.
 +
 
 +
Returns error 0xD21A if the keyslot wasn't allocated by current session.
 +
 
 +
== GetAesKeyslotAvailableEvent ==
 +
Returns an output event handle for synchronizing with the AES keyslots.
 +
 
 +
== SetBootReason ==
 +
Takes an input u32 '''BootReason'''.
 +
 
 +
[4.0.0+] Returns 0xD41A if a value has been previously set without being [[#GetBootReason|gotten]].
 +
 
 +
== GetBootReason ==
 +
Returns an output u32 '''BootReason'''.
 +
 
 +
[4.0.0+] Returns 0xD61A if a value has not previously been set and unsets the value after getting it.
 +
 
 +
== LoadPreparedAesKey ==
 +
Same as [[#LoadTitleKey|LoadTitleKey]].
 +
 
 +
= spl:mig =
 +
This is "nn::spl::detail::ICryptoInterface".
    
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Cmd || Name || Permissions
+
! Cmd || Name
 
|-
 
|-
| 0 || [[#GetConfig]] || spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 0 || [[#GetConfig]]
 
|-
 
|-
| 1 || [[#UserExpMod]] || spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 1 || [[#ModularExponentiate]]
 
|-
 
|-
| 2 || [[#GenerateAesKek]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 5 || [[#SetConfig]]
 
|-
 
|-
| 3 || [[#LoadAesKey]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 7 || [[#GenerateRandomBytes]]
 
|-
 
|-
| 4 || [[#GenerateAesKey]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 11 || [[#IsDevelopment]]
 
|-
 
|-
| 5 || [[#SetConfig]] || spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 24 || [3.0.0+] [[#SetBootReason]]
 
|-
 
|-
| 7 || [[#GetRandomBytes]] || spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 25 || [3.0.0+] [[#GetBootReason]]
 
|-
 
|-
| 9 || [[#LoadSecureExpModKey]] || spl:fs
+
| 2 || [[#GenerateAesKek]]
 
|-
 
|-
| 10 || [[#SecureExpMod]] || spl:fs
+
| 3 || [[#LoadAesKey]]
 
|-
 
|-
| 11 || [[#IsDevelopment]] || spl:, spl:mig, spl:fs, spl:ssl spl:es, spl:manu
+
| 4 || [[#GenerateAesKey]]
 
|-
 
|-
| 12 || [[#GenerateSpecificAesKey]] || spl:fs
+
| 14 || [[#DecryptAesKey]]
 
|-
 
|-
| 13 || [[#DecryptRsaPrivateKey]] || spl:ssl, spl:es, spl:manu
+
| 15 || [[#CryptAesCtr]]
 
|-
 
|-
| 14 || [[#DecryptAesKey]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 16 || [[#ComputeCmac]]
 
|-
 
|-
| 15 || [[#DecryptAesCtr]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 
|-
 
|-
| 16 || [[#ComputeCmac]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 
|-
 
|-
| 17 || [[#LoadRsaOaepKey]] || spl:es
+
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|}
 +
 
 +
= spl:fs =
 +
This is "nn::spl::detail::IFsInterface".
 +
 
 +
{| class="wikitable" border="1"
 +
|-
 +
! Cmd || Name
 
|-
 
|-
| 18 || [[#UnwrapRsaOaepWrappedTitleKey]] || spl:es
+
| 0 || [[#GetConfig]]
 
|-
 
|-
| 19 || [[#LoadTitleKey]] || spl:fs
+
| 1 || [[#ModularExponentiate]]
 
|-
 
|-
| 20 || [2.0.0+] [[#UnwrapAesWrappedTitleKey ]] || spl:es
+
| 5 || [[#SetConfig]]
 
|-
 
|-
| 21 || [2.0.0+] [[#LockAesEngine]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 7 || [[#GenerateRandomBytes]]
 
|-
 
|-
| 22 || [2.0.0+] [[#UnlockAesEngine]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 11 || [[#IsDevelopment]]
 
|-
 
|-
| 23 || [2.0.0+] [[#GetSplWaitEvent]] || spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 24 || [3.0.0+] [[#SetBootReason]]
 
|-
 
|-
| 24 || [3.0.0+] [[#SetSharedData]] || spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 25 || [3.0.0+] [[#GetBootReason]]
 
|-
 
|-
| 25 || [3.0.0+] [[#GetSharedData]] || spl:, spl:mig, spl:fs, spl:ssl, spl:es, spl:manu
+
| 2 || [[#GenerateAesKek]]
 
|-
 
|-
| 26 || [5.0.0+] ImportSslRsaKey || spl:ssl
+
| 3 || [[#LoadAesKey]]
 
|-
 
|-
| 27 || [5.0.0+] SecureExpModWithSslKey || spl:ssl
+
| 4 || [[#GenerateAesKey]]
 
|-
 
|-
| 28 || [5.0.0+] ImportEsRsaKey || spl:es
+
| 14 || [[#DecryptAesKey]]
 
|-
 
|-
| 29 || [5.0.0+] SecureExpModWithEsKey || spl:es
+
| 15 || [[#CryptAesCtr]]
 
|-
 
|-
| 30 || [5.0.0+] EncryptManuRsaKeyForImport || spl:manu
+
| 16 || [[#ComputeCmac]]
 
|-
 
|-
| 31 || [5.0.0+] GetPackage2Hash || spl:fs
+
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 +
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|-
 +
| 9 || [[#ImportLotusKey]]
 +
|-
 +
| 10 || [[#DecryptLotusMessage]]
 +
|-
 +
| 12 || [[#GenerateSpecificAesKey]]
 +
|-
 +
| 19 || [[#LoadTitleKey]]
 +
|-
 +
| 31 || [5.0.0+] GetPackage2Hash
 
|}
 
|}
   −
== GetConfig ==
+
= spl:ssl =
Wrapper for [[SMC#GetConfig|GetConfig SMC]].
+
This is "nn::spl::detail::ISslInterface".
 
  −
Takes a u32 ('''ConfigItem'''), and returns one or more u64s ('''ConfigVal''').
      
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! ConfigItem || Name
+
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 
|-
 
|-
| 1 || [[#DisableProgramVerification]]
+
| 5 || [[#SetConfig]]
 
|-
 
|-
| 2 || [[#DramId]]
+
| 7 || [[#GenerateRandomBytes]]
 
|-
 
|-
| 3 || [[#SecurityEngineIrqNumber]]
+
| 11 || [[#IsDevelopment]]
 
|-
 
|-
| 4 || [[#Version]]
+
| 24 || [3.0.0+] [[#SetBootReason]]
 
|-
 
|-
| 5 || [[#HardwareType]]
+
| 25 || [3.0.0+] [[#GetBootReason]]
 
|-
 
|-
| 6 || [[#IsRetail]]
+
| 2 || [[#GenerateAesKek]]
 
|-
 
|-
| 7 || [[#IsRecoveryBoot]]
+
| 3 || [[#LoadAesKey]]
 
|-
 
|-
| 8 || [[#DeviceId]]
+
| 4 || [[#GenerateAesKey]]
 
|-
 
|-
| 9 || [1.0.0-4.0.0] [[#BootReason]]
+
| 14 || [[#DecryptAesKey]]
 
|-
 
|-
| 10 || [[#MemoryArrange]]
+
| 15 || [[#CryptAesCtr]]
 
|-
 
|-
| 11 || [[#IsDebugMode]]
+
| 16 || [[#ComputeCmac]]
 
|-
 
|-
| 12 || [[#KernelMemoryConfiguration]]
+
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 
|-
 
|-
| 13 || [[#BatteryProfile]]
+
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 
|-
 
|-
| 14 || [4.0.0+] [[#Unknown0]]
+
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 
|-
 
|-
| 15 || [5.0.0+] [[#NewHardwareType]]
+
| 13 || [[#DecryptDeviceUniqueData]]
 
|-
 
|-
| 16 || [5.0.0+] [[#NewKeyGeneration]]
+
| 26 || [5.0.0+] DecryptAndStoreSslClientCertKey
 
|-
 
|-
| 17 || [5.0.0+] [[#Package2Hash]]
+
| 27 || [5.0.0+] ModularExponentiateWithSslClientCertKey
 
|}
 
|}
   −
=== DisableProgramVerification ===
+
= spl:es =
[[Process Manager services|PM]] checks this item and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).
+
This is "nn::spl::detail::IEsInterface".
 
  −
=== DramId ===
  −
This is extracted directly from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
      
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Value
+
! Cmd || Name
!  Description
   
|-
 
|-
| 0
+
| 0 || [[#GetConfig]]
| DramId_EristaIcosaSamsung4gb
   
|-
 
|-
| 1
+
| 1 || [[#ModularExponentiate]]
| DramId_EristaIcosaHynix4gb
   
|-
 
|-
| 2
+
| 5 || [[#SetConfig]]
| DramId_EristaIcosaMicron4gb
   
|-
 
|-
| 3
+
| 7 || [[#GenerateRandomBytes]]
| Reserved
   
|-
 
|-
| 4
+
| 11 || [[#IsDevelopment]]
| DramId_EristaIcosaSamsung6gb
   
|-
 
|-
| 5
+
| 24 || [3.0.0+] [[#SetBootReason]]
| [5.0.0+] Reserved
   
|-
 
|-
| 6
+
| 25 || [3.0.0+] [[#GetBootReason]]
| [5.0.0+] Reserved
   
|-
 
|-
| 7
+
| 2 || [[#GenerateAesKek]]
| [5.0.0+] DramId_MarikoIowax1x2Samsung4gb
   
|-
 
|-
| 8
+
| 3 || [[#LoadAesKey]]
| [5.0.0+] DramId_MarikoIowaSamsung4gb
   
|-
 
|-
| 9
+
| 4 || [[#GenerateAesKey]]
| [5.0.0+] DramId_MarikoIowaSamsung8gb
   
|-
 
|-
| 10
+
| 14 || [[#DecryptAesKey]]
| [5.0.0+] Reserved
   
|-
 
|-
| 11
+
| 15 || [[#CryptAesCtr]]
| [5.0.0+] Reserved
   
|-
 
|-
| 12
+
| 16 || [[#ComputeCmac]]
| [5.0.0+] DramId_MarikoHoagSamsung4gb
   
|-
 
|-
| 13
+
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
| [5.0.0+] DramId_MarikoHoagSamsung8gb
+
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|-
 +
| 13 || [[#DecryptDeviceUniqueData]]
 +
|-
 +
| 17 || [[#ImportEsKey]]
 +
|-
 +
| 18 || [[#UnwrapTitleKey]]
 +
|-
 +
| 20 || [2.0.0+] [[#PrepareEsCommonKey]]
 +
|-
 +
| 28 || [5.0.0+] DecryptAndStoreDrmDeviceCertKey
 +
|-
 +
| 29 || [5.0.0+] ModularExponentiateWithDrmDeviceCertKey
 +
|-
 +
| 31 || [6.0.0+] PrepareEsArchiveKey
 +
|-
 +
| 32 || [6.0.0+] [[#LoadPreparedAesKey]]
 
|}
 
|}
   −
[[PCV_services|PCV]] configures memory profiles based on DramId.
+
= spl:manu =
 +
This is "nn::spl::detail::IManuInterface".
 +
 
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Platform
+
! Cmd || Name
!  DramId
+
|-
!  Version
+
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 
|-
 
|-
| jetson-tx1
+
| 5 || [[#SetConfig]]
| N/A
  −
| 11_40800_01_V9.8.3_V1.6
   
|-
 
|-
| nx-abcb
+
| 7 || [[#GenerateRandomBytes]]
| EristaIcosaSamsung4gb
  −
| 10_40800_NoCfgVersion_V9.8.7_V1.6
   
|-
 
|-
| nx-abcb
+
| 11 || [[#IsDevelopment]]
| EristaIcosaMicron4gb
  −
| 10_40800_NoCfgVersion_V9.8.4_V1.6
   
|-
 
|-
| nx-abcb
+
| 24 || [3.0.0+] [[#SetBootReason]]
| EristaIcosaHynix4gb
  −
| 10_40800_NoCfgVersion_V9.8.4_V1.6
   
|-
 
|-
| nx-abca2
+
| 25 || [3.0.0+] [[#GetBootReason]]
| EristaIcosaSamsung4gb or EristaIcosaMicron4gb
  −
| 10_40800_NoCfgVersion_V9.8.7_V1.6
   
|-
 
|-
| nx-abca2
+
| 2 || [[#GenerateAesKek]]
| EristaIcosaHynix4gb
  −
| 10_40800_NoCfgVersion_V9.8.7_V1.6
   
|-
 
|-
| nx-abca2
+
| 3 || [[#LoadAesKey]]
| EristaIcosaSamsung6gb
  −
| 10_40800_NoCfgVersion_V9.8.7_V1.6
   
|-
 
|-
| nx-abca2
+
| 4 || [[#GenerateAesKey]]
| MarikoIowax1x2Samsung4gb
  −
| 01_204000_NoCfgVersion_V0.3.1_V2.0
   
|-
 
|-
| nx-abca2
+
| 14 || [[#DecryptAesKey]]
| MarikoIowaSamsung4gb or MarikoHoagSamsung4gb
  −
| 01_204000_NoCfgVersion_V0.3.1_V2.0
   
|-
 
|-
| nx-abca2
+
| 15 || [[#CryptAesCtr]]
| MarikoIowaSamsung8gb or MarikoHoagSamsung8gb
  −
| 01_204000_NoCfgVersion_V0.4.2_V2.0
  −
|}
  −
 
  −
nx-abcb (Copper) is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
  −
 
  −
nx-abca2 (Icosa) hardware types are variations of the retail form factor.
  −
 
  −
=== SecurityEngineIrqNumber ===
  −
SPL uses this for setting up the security engine IRQ.
  −
 
  −
=== Version ===
  −
The current [[Package2#Versions|Package1 Maxver Constant]] - 1.
  −
 
  −
=== HardwareType ===
  −
[1.0.0+] This item is obtained by checking bits 8 and 2 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper) or 3 (Invalid).
  −
 
  −
[4.0.0+] This item is obtained by checking bits 8, 2 and 16-19 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Icosa), 1 (Copper), 3 (Mariko) or 4 (Invalid).
  −
 
  −
A value of 2 (Hoag?) is always mapped to 4 (Invalid).
  −
 
  −
=== IsRetail ===
  −
This item is obtained by checking bits 9 and 0-1 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]]. It can be 0 (Debug), 1 (Retail) or 2 (Invalid).
  −
 
  −
=== IsRecoveryBoot ===
  −
Used to determine if the system is booting from SafeMode firmware.
  −
 
  −
=== DeviceId ===
  −
[[NIM_services|NIM]] checks if this item matches the [[Settings_services|set:cal]] DeviceId with byte7 cleared. If they don't match, a panic is thrown.
  −
 
  −
=== BootReason ===
  −
Used to determine how the system booted.
  −
 
  −
=== MemoryArrange ===
  −
[[Process Manager services|PM]] uses this item for selecting the appropriate size for each [[SVC#LimitableResource|LimitableResource_Memory]].
  −
 
  −
=== IsDebugMode ===
  −
Kernel uses this to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail.
  −
 
  −
[2.0.0+] This is also used with certain debug [[SVC|SVCs]].
  −
 
  −
[3.0.0+] [[Loader services|RO]] checks this and if set then skipping NRR rsa signatures is allowed.
  −
 
  −
=== KernelMemoryConfiguration ===
  −
Kernel reads this when setting up memory-related code. If bit0 is set, it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. If bit17-16 is 0b01, the kernel assumes 6GB of DRAM instead of 4GB.
  −
 
  −
=== BatteryProfile ===
  −
This tells if the TI Charger (bq24192) is active.
  −
 
  −
=== NewKeyGeneration ===
  −
This item is obtained from [[Fuse_registers#FUSE_RESERVED_ODM2|FUSE_RESERVED_ODM2]] if bit 11 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]] is set, [[Fuse_registers#FUSE_RESERVED_ODM0|FUSE_RESERVED_ODM0]] matches 0x8E61ECAE and [[Fuse_registers#FUSE_RESERVED_ODM1|FUSE_RESERVED_ODM1]] matches 0xF2BA3BB2.
  −
 
  −
[5.0.0+] [[Filesystem services|FS]] can now use this value for the '''KeyGeneration''' parameter when calling [[#GenerateAesKek|GenerateAesKek]] during "GetBisEncryptionKey".
  −
 
  −
=== Unknown0 ===
  −
This item is bit 10 from [[Fuse_registers#FUSE_RESERVED_ODM4|FUSE_RESERVED_ODM4]].
  −
 
  −
=== NewHardwareType ===
  −
This item is currently hardcoded to 0.
  −
 
  −
[5.0.0+] [[PCV_services|PCV]] overrides the value from [[#HardwareType|HardwareType]] and configures PMIC devices with this item.
  −
{| class="wikitable" border="1"
   
|-
 
|-
!  Value
+
| 16 || [[#ComputeCmac]]
!  Devices
   
|-
 
|-
| 0
+
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
|  max77620_sd0, max77621_cpu and max77621_gpu
   
|-
 
|-
| 1
+
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
| max77620_sd0, max77812_cpu and max77812_gpu
   
|-
 
|-
| 2
+
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
| max77620_sd0, max77812_cpu and max77812_gpu
  −
|}
  −
 
  −
=== Package2Hash ===
  −
This is a SHA-256 hash calculated over the [[Package2|package2]] image. Since the hash calculation is an optional step in pkg2ldr, this item is only valid in recovery mode. Otherwise, an error is returned instead.
  −
 
  −
== UserExpMod ==
  −
Wrapper for [[SMC#ExpMod|ExpMod SMC]].
  −
 
  −
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''exp_in_buf''' and '''mod_in_buf''').
  −
 
  −
Performs asymmetric crypto with user supplied modulus and exponent.
  −
 
  −
== GenerateAesKek ==
  −
Wrapper for [[SMC#GenerateAesKek|GenerateAesKek SMC]].
  −
 
  −
Takes a 16-byte EKS ('''Encryption Key Source''') and two words ('''KeyGeneration''' and '''option''') as input.
  −
 
  −
Returns a scrambled sealed KEK ('''Key Encryption Key''' used as '''key_x''').
  −
 
  −
== LoadAesKey ==
  −
Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].
  −
 
  −
Takes a u32 ('''keyslot''') and two 16-byte keys ('''key_x''' and '''key_y''').
  −
 
  −
Sets the specified '''keyslot''' with a key generated from '''key_x''' and '''key_y'''.
  −
 
  −
[2.0.0+] Now verifies that the engine in use (0..3) is locked/owned by the current spl session, otherwise errors with 0xD21A. Previously engine was hardcoded to 0.
  −
 
  −
== GenerateAesKey ==
  −
Takes a 16-byte KEK ('''key_x''') and a 16-byte encrypted key ('''enc_key''').
  −
 
  −
Generates a new key by decrypting (AES-ECB) '''enc_key''' with a key generated from the supplied '''key_x''' and a fixed '''key_y''' set with [[SMC#LoadAesKey|LoadAesKey SMC]].
  −
 
  −
[2.0.0+] Previously, it always used engine 0. Now it tries to allocate an engine to be used and returns 0xD01A if they're all busy. When the command is done, the engine is released.
  −
 
  −
== SetConfig ==
  −
Wrapper for [[SMC#SetConfig|SetConfig SMC]].
  −
 
  −
Takes a u32 ('''ConfigItem''') and a u64 ('''ConfigVal''').
  −
 
  −
{| class="wikitable" border="1"
   
|-
 
|-
! ConfigItem || Name
+
| 13 || [[#DecryptDeviceUniqueData]]
 
|-
 
|-
| 13 || BatteryProfile
+
| 30 || [5.0.0+] ReencryptDeviceUniqueData
 
|}
 
|}
   −
Any other '''ConfigItem''', besides 13, can't be set.
+
[[Category:Services]]
 
  −
== LoadSecureExpModKey ==
  −
Wrapper for [[SMC#LoadSecureExpModKey|LoadSecureExpModKey SMC]].
  −
 
  −
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
  −
'''version''' is 0 for normal keys or 1 for extended keys.
  −
 
  −
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage.
  −
 
  −
[5.0.0+] This now calls [[SMC#EncryptRsaKeyForImport|EncryptRsaKeyForImport SMC]] instead.
  −
 
  −
== SecureExpMod ==
  −
Takes 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''param0_in_buf''').
  −
 
  −
Uses [[SMC#SecureExpMod|SecureExpMod SMC]] to decrypt '''data_in_buf''' using the private key imported with [[#LoadSecureExpModKey]] and the supplied '''mod_in_buf''' and '''param0_in_buf'''.
  −
 
  −
Generates and returns a 16-byte sealed titlekey.
  −
 
  −
== IsDevelopment ==
  −
No input params.
  −
 
  −
Uses [[#GetConfig]] internally with id=6. Returns true if output from that is 0, or if the SMC returned error 2.
  −
 
  −
Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.
  −
 
  −
== GenerateSpecificAesKey ==
  −
Wrapper for [[SMC#GenerateSpecificAesKey|GenerateSpecificAesKey SMC]].
  −
 
  −
Takes a 16-byte seed ('''key_seed''') and two words ('''KeyGeneration''' and '''option''') as input.
  −
 
  −
Returns a scrambled key ('''key_a''').
  −
 
  −
== DecryptRsaPrivateKey ==
  −
Wrapper for [[SMC#DecryptRsaPrivateKey|DecryptRsaPrivateKey SMC]].
  −
 
  −
Takes one type-10 (C descriptor) buffer ('''dec_privk_out_buf'''), one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
  −
'''version''' is 0 for normal keys or 1 for extended keys.
  −
 
  −
Decrypts '''enc_privk_in_buf''' into '''dec_privk_out_buf''' with a key generated from '''key_x''' and '''key_y'''.
  −
 
  −
Used by [[SSL_services|SSL]]-sysmodule for TLS client-privk.
  −
 
  −
[5.0.0+] This now calls [[SMC#DecryptOrImportRsaKey|DecryptOrImportRsaKey SMC]] instead.
  −
 
  −
== DecryptAesKey ==
  −
Takes a 16-byte encrypted key ('''enc_key''') and two words ('''KeyGeneration''' and '''option''') as input.
  −
 
  −
Decrypts (AES-ECB) '''enc_key''' with a key generated from fixed '''key_x''' and '''key_y''' set with [[SMC#LoadAesKey|LoadAesKey SMC]] and returns a 16-byte decrypted key ('''dec_key''').
  −
 
  −
[2.0.0+] Introduced same engine allocation code as for [[#GenerateAesKey]].
  −
 
  −
== DecryptAesCtr ==
  −
Takes a type-0x46 (B descriptor) buffer ('''data_out_buf'''), a u32 ('''keyslot'''), a type-0x45 (A descriptor) buffer ('''data_in_buf''') and a 16-byte CTR ('''aes_ctr''').
  −
 
  −
Uses [[SMC#CryptAes|CryptAes SMC]] to decrypt '''data_in_buf''' into '''data_out_buf''', using the key set in the specified '''keyslot'''.
  −
 
  −
[2.0.0+] Verifies the engine is locked by current session.
  −
 
  −
== ComputeCmac ==
  −
Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].
  −
 
  −
Takes one type-9 (X descriptor) buffer ('''data_in_buf''') and a u32 ('''type?''').
  −
 
  −
Returns a 16-byte CMAC calculated over '''data_in_buf'''.
  −
 
  −
[2.0.0+] Verifies the engine is locked by current session.
  −
 
  −
== LoadRsaOaepKey ==
  −
Wrapper for [[SMC#LoadRsaOaepKey|LoadRsaOaepKey SMC]].
  −
 
  −
Takes one type-9 (X descriptor) buffer (enc_privk_in_buf), a 16-byte KEK (key_x), a 16-byte key (key_y) and a u32 (version). version is 0 for normal keys or 1 for extended keys.
  −
 
  −
Decrypts enc_privk_in_buf with a key generated from key_x and key_y and imports it for later usage.
  −
 
  −
== UnwrapRsaOaepWrappedTitleKey ==
  −
Wrapper for [[SMC#UnwrapRsaOaepWrappedTitleKey|UnwrapRsaOaepWrappedTitleKey SMC]].
  −
 
  −
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf''').
  −
 
  −
Decrypts '''data_in_buf''' into '''data_out_buf''' using the private key imported with [[#LoadRsaOaepKey]] and the supplied '''mod_in_buf'''. Afterwards, verifies RSA-OAEP encoding using '''label_hash_in_buf'''.
  −
 
  −
Returns an u32 ('''dec_data_size''').
  −
 
  −
== LoadTitleKey ==
  −
Wrapper for [[SMC#LoadTitleKey|LoadTitleKey SMC]].
  −
 
  −
Takes a u32 ('''keyslot''') and a 16-byte sealed titlekey.
  −
 
  −
Sets the specified '''keyslot''' with the titlekey.
  −
 
  −
[2.0.0+] Verifies the engine is locked by current session.
  −
 
  −
== UnwrapAesWrappedTitleKey ==
  −
Wrapper for [[SMC#UnwrapAesWrappedTitleKey|UnwrapAesWrappedTitleKey SMC]].
  −
 
  −
Takes a 16-byte EKS ('''Encryption Key Source''').
  −
 
  −
Returns a sealed titlekey.
  −
 
  −
== LockAesEngine ==
  −
Returns the id of the engine that was locked, or 0xD01A if all engines are busy. You need to lock an engine before using AES functions.
  −
 
  −
== UnlockAesEngine ==
  −
Takes a single u32 and unlocks the engine with that id. It must be owned by current session otherwise 0xD21A will be returned.
  −
 
  −
== GetSplWaitEvent ==
  −
Returns an event handle for synchronizing with the locked AES engine.
  −
 
  −
== SetSharedData ==
  −
Sets a static dword in spl .bss to the user input u32.
  −
 
  −
[4.0.0+] returns 0xD41A if a value has been previously set without being [[#GetSharedData|gotten]].
  −
 
  −
== GetSharedData ==
  −
Returns the static dword in spl .bss that can be set via [[#SetSharedData]].
  −
 
  −
[4.0.0+] returns 0xD61A if a value has not previously been set, and unsets the value after getting it.