2,939
edits
Changes
Jump to navigation
Jump to search
Line 5,277:
Line 5,277: − + − + − + − + − + − + − Loading into $cX using xdst instruction sets ACL($cX) to 0x13 and 0x1F, for heavy secure and non-secure mode respectively.+ − Spilling a $cX to DMEM using xdld instruction is allowed if (ACL($cX) & 2) or (ACL($cX) & 8), for heavy secure and non-secure mode respectively.+ − + + + + + + + + + + + + + + + + + + + + + + + + + + Line 5,304:
Line 5,329: − + Line 5,314:
Line 5,339: − + Line 5,322:
Line 5,347: − + Line 5,328:
Line 5,353: − + Line 5,334:
Line 5,359: − + Line 5,340:
Line 5,365: − + Line 5,346:
Line 5,371: − + Line 5,352:
Line 5,377: − + Line 5,358:
Line 5,383: − + Line 5,364:
Line 5,389: − + Line 5,370:
Line 5,395: − + Line 5,376:
Line 5,401: − + Line 5,382:
Line 5,407: − + Line 5,388:
Line 5,413: − + Line 5,394:
Line 5,419: − + Line 5,400:
Line 5,425: − + Line 5,406:
Line 5,431: − + Line 5,412:
Line 5,437: − + Line 5,418:
Line 5,443: − + Line 5,424:
Line 5,449: − +
no edit summary
! Description
! Description
|-
|-
| 0 || Secure Keyable (forced set if bit1 is set; once cleared, cannot be set again)
| 0 || [[#Secure Keyable|Secure Keyable]]
|-
|-
| 1 || Secure Readable (once cleared, cannot be set again)
| 1 || [[#Secure Readable|Secure Readable]]
|-
|-
| 2 || Keyable (forced set if bit3 is set; forced clear if bit0 is clear; can be toggled back and forth)
| 2 || [[#Insecure Keyable|Insecure Keyable]]
|-
|-
| 3 || Readable (forced clear if bit1 is clear; can be toggled back and forth)
| 3 || [[#Insecure Readable|Insecure Readable]]
|-
|-
| 4 || Writeable (can be toggled back and forth)
| 4 || [[#Insecure Writeable|Insecure Writeable]]
|}
|}
On boot, the ACL is 0x1F for all $cX.
On boot, every crypto register has an ACL value of 0x1F.
In HS mode, [[#STORE|STORE]] can always write to a crypto register and resets its ACL value back to 0x1F. In NS mode, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode.
In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes.
Loading a secret into $cX sets a per-secret ACL, unconditionally.
Loading a secret into a crypto register sets a per-secret ACL, unconditionally.
==== Secure Keyable ====
Controls if a crypto register can be used as key in HS mode.
Forced set if the crypto register has [[#Secure Readable|Secure Readable]] access. Once cleared, this access mode cannot be set again.
==== Secure Readable ====
Controls if a crypto register can be read in HS mode.
Once cleared, this access mode cannot be set again.
==== Insecure Keyable ====
Controls if a crypto register can be used as key in NS mode.
Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access.
==== Insecure Readable ====
Controls if a crypto register can be read in NS mode.
This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access.
==== Insecure Writeable ====
Controls if a crypto register can be written to in NS mode.
This access mode has no effect in HS mode.
=== Secrets ===
=== Secrets ===
! Index || ACL || Description
! Index || ACL || Description
|-
|-
| 0x00 || 0x13 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
| 0x00 || 0x03 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
|-
|-
| 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm.
| 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm.
| 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x05 || 0x13 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
| 0x05 || 0x03 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
|-
|-
| 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).
| 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register).
| 0x08 || 0x00 ||
| 0x08 || 0x00 ||
|-
|-
| 0x09 || 0x13 || Used by nvhost_tsec firmware.
| 0x09 || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x0A || 0x01 ||
| 0x0A || 0x01 ||
| 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
| 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
|-
|-
| 0x0C || 0x13 ||
| 0x0C || 0x03 ||
|-
|-
| 0x0D || 0x01 ||
| 0x0D || 0x01 ||
| 0x0E || 0x00 ||
| 0x0E || 0x00 ||
|-
|-
| 0x0F || 0x13 || Used by nvhost_tsec firmware.
| 0x0F || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
| 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
| 0x11 || 0x00 ||
| 0x11 || 0x00 ||
|-
|-
| 0x12 || 0x13 ||
| 0x12 || 0x03 ||
|-
|-
| 0x13 || 0x01 ||
| 0x13 || 0x01 ||
| 0x14 || 0x00 ||
| 0x14 || 0x00 ||
|-
|-
| 0x15 || 0x13 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
| 0x15 || 0x03 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
|-
|-
| 0x16 || 0x01 ||
| 0x16 || 0x01 ||
| 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware.
| 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware.
|-
|-
| 0x18 || 0x13 ||
| 0x18 || 0x03 ||
|-
|-
| 0x19 || 0x01 ||
| 0x19 || 0x01 ||
| 0x1A || 0x00 ||
| 0x1A || 0x00 ||
|-
|-
| 0x1B || 0x13 ||
| 0x1B || 0x03 ||
|-
|-
| 0x1C || 0x01 ||
| 0x1C || 0x01 ||
| 0x1D || 0x00 ||
| 0x1D || 0x00 ||
|-
|-
| 0x1E || 0x13 ||
| 0x1E || 0x03 ||
|-
|-
| 0x1F || 0x01 ||
| 0x1F || 0x01 ||
| 0x20 || 0x00 ||
| 0x20 || 0x00 ||
|-
|-
| 0x21 || 0x13 ||
| 0x21 || 0x03 ||
|-
|-
| 0x22 || 0x01 ||
| 0x22 || 0x01 ||
| 0x23 || 0x00 ||
| 0x23 || 0x00 ||
|-
|-
| 0x24 || 0x13 ||
| 0x24 || 0x03 ||
|-
|-
| 0x25 || 0x01 ||
| 0x25 || 0x01 ||
| 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]
| 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]]
|-
|-
| 0x27 || 0x13 ||
| 0x27 || 0x03 ||
|-
|-
| 0x28 || 0x01 ||
| 0x28 || 0x01 ||
| 0x29 || 0x00 ||
| 0x29 || 0x00 ||
|-
|-
| 0x2A || 0x13 ||
| 0x2A || 0x03 ||
|-
|-
| 0x2B || 0x01 ||
| 0x2B || 0x01 ||
| 0x2C || 0x00 ||
| 0x2C || 0x00 ||
|-
|-
| 0x2D || 0x13 ||
| 0x2D || 0x03 ||
|-
|-
| 0x2E || 0x01 ||
| 0x2E || 0x01 ||
| 0x2F || 0x00 ||
| 0x2F || 0x00 ||
|-
|-
| 0x30 || 0x13 ||
| 0x30 || 0x03 ||
|-
|-
| 0x31 || 0x01 ||
| 0x31 || 0x01 ||
| 0x32 || 0x00 ||
| 0x32 || 0x00 ||
|-
|-
| 0x33 || 0x13 ||
| 0x33 || 0x03 ||
|-
|-
| 0x34 || 0x01 ||
| 0x34 || 0x01 ||
| 0x35 || 0x00 ||
| 0x35 || 0x00 ||
|-
|-
| 0x36 || 0x13 ||
| 0x36 || 0x03 ||
|-
|-
| 0x37 || 0x01 ||
| 0x37 || 0x01 ||
| 0x38 || 0x00 ||
| 0x38 || 0x00 ||
|-
|-
| 0x39 || 0x13 ||
| 0x39 || 0x03 ||
|-
|-
| 0x3A || 0x01 ||
| 0x3A || 0x01 ||
| 0x3B || 0x00 ||
| 0x3B || 0x00 ||
|-
|-
| 0x3C || 0x13 || Used by nvhost_tsec firmware.
| 0x3C || 0x03 || Used by nvhost_tsec firmware.
|-
|-
| 0x3D || 0x01 ||
| 0x3D || 0x01 ||