Line 5,277: |
Line 5,277: |
| ! Description | | ! Description |
| |- | | |- |
− | | 0 || Secure Keyable (forced set if bit1 is set; once cleared, cannot be set again) | + | | 0 || [[#Secure Keyable|Secure Keyable]] |
| |- | | |- |
− | | 1 || Secure Readable (once cleared, cannot be set again) | + | | 1 || [[#Secure Readable|Secure Readable]] |
| |- | | |- |
− | | 2 || Keyable (forced set if bit3 is set; forced clear if bit0 is clear; can be toggled back and forth) | + | | 2 || [[#Insecure Keyable|Insecure Keyable]] |
| |- | | |- |
− | | 3 || Readable (forced clear if bit1 is clear; can be toggled back and forth) | + | | 3 || [[#Insecure Readable|Insecure Readable]] |
| |- | | |- |
− | | 4 || Writeable (can be toggled back and forth) | + | | 4 || [[#Insecure Writeable|Insecure Writeable]] |
| |} | | |} |
| | | |
− | On boot, the ACL is 0x1F for all $cX. | + | On boot, every crypto register has an ACL value of 0x1F. |
| | | |
− | Loading into $cX using xdst instruction sets ACL($cX) to 0x13 and 0x1F, for heavy secure and non-secure mode respectively.
| + | In HS mode, [[#STORE|STORE]] can always write to a crypto register and resets its ACL value back to 0x1F. In NS mode, [[#STORE|STORE]] can only write to a crypto register if it has the [[#Insecure Writeable|Insecure Writeable]] access mode. |
| | | |
− | Spilling a $cX to DMEM using xdld instruction is allowed if (ACL($cX) & 2) or (ACL($cX) & 8), for heavy secure and non-secure mode respectively.
| + | In HS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Secure Readable|Secure Readable]] access mode. In NS mode, [[#LOAD|LOAD]] can only retrieve a crypto register's value if it has the [[#Insecure Readable|Insecure Readable]] and [[#Secure Readable|Secure Readable]] access modes. |
| | | |
− | Loading a secret into $cX sets a per-secret ACL, unconditionally. | + | Loading a secret into a crypto register sets a per-secret ACL, unconditionally. |
| + | |
| + | ==== Secure Keyable ==== |
| + | Controls if a crypto register can be used as key in HS mode. |
| + | |
| + | Forced set if the crypto register has [[#Secure Readable|Secure Readable]] access. Once cleared, this access mode cannot be set again. |
| + | |
| + | ==== Secure Readable ==== |
| + | Controls if a crypto register can be read in HS mode. |
| + | |
| + | Once cleared, this access mode cannot be set again. |
| + | |
| + | ==== Insecure Keyable ==== |
| + | Controls if a crypto register can be used as key in NS mode. |
| + | |
| + | Forced set if the crypto register has [[#Secure Readable|Insecure Readable]] access. This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Keyable]] access. |
| + | |
| + | ==== Insecure Readable ==== |
| + | Controls if a crypto register can be read in NS mode. |
| + | |
| + | This access mode cannot be set if the crypto register doesn't have [[#Secure Keyable|Secure Readable]] access. |
| + | |
| + | ==== Insecure Writeable ==== |
| + | Controls if a crypto register can be written to in NS mode. |
| + | |
| + | This access mode has no effect in HS mode. |
| | | |
| === Secrets === | | === Secrets === |
Line 5,304: |
Line 5,329: |
| ! Index || ACL || Description | | ! Index || ACL || Description |
| |- | | |- |
− | | 0x00 || 0x13 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. | + | | 0x00 || 0x03 || Used by [[TSEC_Firmware#Keygen|Keygen]], nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. |
| |- | | |- |
| | 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm. | | | 0x01 || 0x00 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] for the signature generation algorithm. |
Line 5,314: |
Line 5,339: |
| | 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. | | | 0x04 || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
| |- | | |- |
− | | 0x05 || 0x13 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. | + | | 0x05 || 0x03 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares. |
| |- | | |- |
| | 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register). | | | 0x06 || 0x01 || Used by Falcon's [[#Secure BootROM|Secure BootROM]] as key to decrypt data during authentication (decided by bit 17 in the [[#SEC|SEC]] register). |
Line 5,322: |
Line 5,347: |
| | 0x08 || 0x00 || | | | 0x08 || 0x00 || |
| |- | | |- |
− | | 0x09 || 0x13 || Used by nvhost_tsec firmware. | + | | 0x09 || 0x03 || Used by nvhost_tsec firmware. |
| |- | | |- |
| | 0x0A || 0x01 || | | | 0x0A || 0x01 || |
Line 5,328: |
Line 5,353: |
| | 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. | | | 0x0B || 0x00 || Used by nvhost_tsec, nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares. |
| |- | | |- |
− | | 0x0C || 0x13 || | + | | 0x0C || 0x03 || |
| |- | | |- |
| | 0x0D || 0x01 || | | | 0x0D || 0x01 || |
Line 5,334: |
Line 5,359: |
| | 0x0E || 0x00 || | | | 0x0E || 0x00 || |
| |- | | |- |
− | | 0x0F || 0x13 || Used by nvhost_tsec firmware. | + | | 0x0F || 0x03 || Used by nvhost_tsec firmware. |
| |- | | |- |
| | 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware. | | | 0x10 || 0x01 || Used by [1.0.0-5.1.0] nvhost_tsec firmware. |
Line 5,340: |
Line 5,365: |
| | 0x11 || 0x00 || | | | 0x11 || 0x00 || |
| |- | | |- |
− | | 0x12 || 0x13 || | + | | 0x12 || 0x03 || |
| |- | | |- |
| | 0x13 || 0x01 || | | | 0x13 || 0x01 || |
Line 5,346: |
Line 5,371: |
| | 0x14 || 0x00 || | | | 0x14 || 0x00 || |
| |- | | |- |
− | | 0x15 || 0x13 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares. | + | | 0x15 || 0x03 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares. |
| |- | | |- |
| | 0x16 || 0x01 || | | | 0x16 || 0x01 || |
Line 5,352: |
Line 5,377: |
| | 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware. | | | 0x17 || 0x00 || Used by [11.0.0+] nvhost_tsec firmware. |
| |- | | |- |
− | | 0x18 || 0x13 || | + | | 0x18 || 0x03 || |
| |- | | |- |
| | 0x19 || 0x01 || | | | 0x19 || 0x01 || |
Line 5,358: |
Line 5,383: |
| | 0x1A || 0x00 || | | | 0x1A || 0x00 || |
| |- | | |- |
− | | 0x1B || 0x13 || | + | | 0x1B || 0x03 || |
| |- | | |- |
| | 0x1C || 0x01 || | | | 0x1C || 0x01 || |
Line 5,364: |
Line 5,389: |
| | 0x1D || 0x00 || | | | 0x1D || 0x00 || |
| |- | | |- |
− | | 0x1E || 0x13 || | + | | 0x1E || 0x03 || |
| |- | | |- |
| | 0x1F || 0x01 || | | | 0x1F || 0x01 || |
Line 5,370: |
Line 5,395: |
| | 0x20 || 0x00 || | | | 0x20 || 0x00 || |
| |- | | |- |
− | | 0x21 || 0x13 || | + | | 0x21 || 0x03 || |
| |- | | |- |
| | 0x22 || 0x01 || | | | 0x22 || 0x01 || |
Line 5,376: |
Line 5,401: |
| | 0x23 || 0x00 || | | | 0x23 || 0x00 || |
| |- | | |- |
− | | 0x24 || 0x13 || | + | | 0x24 || 0x03 || |
| |- | | |- |
| | 0x25 || 0x01 || | | | 0x25 || 0x01 || |
Line 5,382: |
Line 5,407: |
| | 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]] | | | 0x26 || 0x00 || Used by [[TSEC_Firmware#KeygenLdr|KeygenLdr]] and [[TSEC_Firmware#SecureBoot|SecureBoot]] |
| |- | | |- |
− | | 0x27 || 0x13 || | + | | 0x27 || 0x03 || |
| |- | | |- |
| | 0x28 || 0x01 || | | | 0x28 || 0x01 || |
Line 5,388: |
Line 5,413: |
| | 0x29 || 0x00 || | | | 0x29 || 0x00 || |
| |- | | |- |
− | | 0x2A || 0x13 || | + | | 0x2A || 0x03 || |
| |- | | |- |
| | 0x2B || 0x01 || | | | 0x2B || 0x01 || |
Line 5,394: |
Line 5,419: |
| | 0x2C || 0x00 || | | | 0x2C || 0x00 || |
| |- | | |- |
− | | 0x2D || 0x13 || | + | | 0x2D || 0x03 || |
| |- | | |- |
| | 0x2E || 0x01 || | | | 0x2E || 0x01 || |
Line 5,400: |
Line 5,425: |
| | 0x2F || 0x00 || | | | 0x2F || 0x00 || |
| |- | | |- |
− | | 0x30 || 0x13 || | + | | 0x30 || 0x03 || |
| |- | | |- |
| | 0x31 || 0x01 || | | | 0x31 || 0x01 || |
Line 5,406: |
Line 5,431: |
| | 0x32 || 0x00 || | | | 0x32 || 0x00 || |
| |- | | |- |
− | | 0x33 || 0x13 || | + | | 0x33 || 0x03 || |
| |- | | |- |
| | 0x34 || 0x01 || | | | 0x34 || 0x01 || |
Line 5,412: |
Line 5,437: |
| | 0x35 || 0x00 || | | | 0x35 || 0x00 || |
| |- | | |- |
− | | 0x36 || 0x13 || | + | | 0x36 || 0x03 || |
| |- | | |- |
| | 0x37 || 0x01 || | | | 0x37 || 0x01 || |
Line 5,418: |
Line 5,443: |
| | 0x38 || 0x00 || | | | 0x38 || 0x00 || |
| |- | | |- |
− | | 0x39 || 0x13 || | + | | 0x39 || 0x03 || |
| |- | | |- |
| | 0x3A || 0x01 || | | | 0x3A || 0x01 || |
Line 5,424: |
Line 5,449: |
| | 0x3B || 0x00 || | | | 0x3B || 0x00 || |
| |- | | |- |
− | | 0x3C || 0x13 || Used by nvhost_tsec firmware. | + | | 0x3C || 0x03 || Used by nvhost_tsec firmware. |
| |- | | |- |
| | 0x3D || 0x01 || | | | 0x3D || 0x01 || |