Changes

Jump to navigation Jump to search

TSEC Firmware (view source)

Revision as of 18:40, 28 June 2019

1,216 bytes added ,  18:40, 28 June 2019
→‎SecureBoot
Line 1,281: Line 1,281:  
     $flags.ie0 = 0;
 
     $flags.ie0 = 0;
 
     $flags.ie1 = 0;
 
     $flags.ie1 = 0;
 +
 +
    // Jump to the SecureBoot blob's Falcon OS image
 +
    exec_secboot();
 +
 +
    return 0x0F0F0F0F;
 +
</pre>
 +
 +
[8.1.0+] Removed transfer base address setting and added IMEM protection.
 +
<pre>
 +
    // The next xfer instruction will be overridden
 +
    // and target changes from DMA to crypto
 +
    cxset(0x01);
 +
 +
    u32 crypto_reg_flag = 0x00060000;
 +
    u32 blob4_flcn_os_img_hash_addr = 0;
 +
 +
    // Transfer data to crypto register c6
 +
    xdst(0, (blob4_flcn_os_img_hash_addr | crypto_reg_flag));
 +
 +
    // The next xfer instruction will be overridden
 +
    // and target changes from DMA to crypto
 +
    cxset(0x01);
 +
 +
    // Wait for all data loads/stores to finish
 +
    xdwait();
 +
 +
    cmov($c7, $c6);
 +
    cxor($c7, $c7);
 +
 +
    // Set auth_addr to 0x100, auth_size to 0x1D00,
 +
    // bit 16 (use_secret) and bit 17 (is_encrypted)
 +
    $cauth = ((0x02 << 0x10) | (0x01 << 0x10) | (0x1D00 << 0x10) | (0x100 >> 0x08));
 +
 +
    // Clear interrupt flags
 +
    $flags.ie0 = 0;
 +
    $flags.ie1 = 0;
 +
 +
    // Fill remaining IMEM with secret pages
 +
    bool use_secret = true;
 +
    memcpy_d2i(0x1E00, 0, 0x2200, 0x1E00, use_secret);
 +
    memcpy_d2i(0x4000, 0, 0x4000, 0x4000, use_secret);
 +
 +
    // Wait for all code loads to finish
 +
    xcwait();
 
   
 
   
 
     // Jump to the SecureBoot blob's Falcon OS image
 
     // Jump to the SecureBoot blob's Falcon OS image
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/7067"

Navigation menu