TSEC: Difference between revisions - Nintendo Switch Brew

Line 1,444:

0x0020: xdst (with cxset) or cxsin (fuc5 opcode 0x88)

0x0030: xdld (with cxset) or cxsout (fuc5 opcode 0x8C)

0x0040: ~~csrng~~ (fuc5 opcode 0x90)

0x0040: crng (fuc5 opcode 0x90)

0x0050: cs0begin (fuc5 opcode 0x94)

0x0060: cs0exec (fuc5 opcode 0x98)

Line 1,450:

0x0080: cs1exec (fuc5 opcode 0xA0)

0x0090: (fuc5 opcode 0xA4)

0x00A0: (fuc5 opcode 0xA8)

0x00A0: cchmod (fuc5 opcode 0xA8)

0x00B0: cxor (fuc5 opcode 0xAC)

0x00C0: cadd (fuc5 opcode 0xB0)

Line 1,464:

0x0160: (fuc5 opcode 0xD8)

0x0170: csigenc (fuc5 opcode 0xDC)

0x0180: ~~cchmod~~ (fuc5 opcode 0xE0)

0x0180: csigclr (fuc5 opcode 0xE0)

|-

| 31

Line 2,173:

load_keygen(key_buf, key_version, is_blob_dec);

// fuc5 crypt ~~cchmod~~ instruction

// fuc5 crypt csigclr instruction

// ~~Resets~~ the ~~ACL bits~~

// Clears the cauth signature

~~cchmod~~();

csigclr();

// Clear all crypto registers

Line 2,736:

cxor(c7, c7);

// fuc5 crypt ~~cchmod~~ instruction

// fuc5 crypt csigclr instruction

// ~~Resets~~ the ~~ACL bits~~

// Clears the cauth signature

~~cchmod~~();

csigclr();

// Jump to Payload

Line 2,870:

== Notes ==

[https://wiki.0x04.net/wiki/Marcin_Ko%C5%9Bcielnicki mwk] ~~shared additional info learned~~ from ~~RE of~~ falcon processors over the years, ~~which hasn~~'~~t made it into envytools documentation yet~~:

Part of the information here (which hasn't made it into envytools documentation yet) was shared by [https://wiki.0x04.net/wiki/Marcin_Ko%C5%9Bcielnicki mwk] from reverse engineering falcon processors over the years.

=== Register ACLs ===

Falcon tracks permission metadata about each crypto reg. Permissions include read/write ability per execution mode, as well as ability to use the reg for encrypt/decrypt, among other permissions. Permissions are propagated when registers are referenced by instructions (e.g. moving a value from read-protected $cX to $cY will result in $cY also being read-protected).

=== Authenticated Mode Entry/Exit ===

Entry to Authenticated Mode always sets $pc to the address supplied in $cauth (ie the base of the signature-checked region). This takes effect when trying to branch to any address within the range covered by $cauth. Entry to Authenticated Mode (also called "Secure Mode") computes a MAC over the $cauth region and compares it to $c6 in order to perform the signature check.

Exit from Authenticated Mode must poke a special register before leaving authenticated code pages and a failure to do this would result in the Falcon core halting. Every Falcon based unit (TSEC, NVDEC, VIC) must map this register in their engine-specific subset of registers. In TSEC's case, the register is [[#TSEC_SCP_CTL_MODE|TSEC_SCP_CTL_MODE]].

=== csigclr ===

<code>00000000: f5 3c 00 e0 csigclr</code>

This instruction takes no operands and appears to clear the saved cauth signature used by the csigenc instruction.

=== cchmod ===

<code>00000000: f5 3c XY a8 cchmod $cY 0X</code> or <code>00000000: f5 3c XY a9 cchmod $cY 1X</code>

This instruction takes a crypto register and a 5 bit immediate value. It appears to set the [[#Register ACLs|crypto registers' ACL]] bits as follows:

{| class="wikitable" border="1"

! Bits

! Description

|-

| 0

| Allow register to be used as key in NS or LS mode

|-

| 1

| Allow register to be used as key in HS mode

|-

| 2

| Set register as readable in NS or LS mode

|-

| 3

| Set register as readable in HS mode

|-

| 4

| Set register as writable in NS or LS mode

|}

=== crng ===

This instruction takes no operands and appears to initialize a crypto register with random data.

=== cxset ===

Line 2,900:

Line 2,942:

For example, if override type=0b000, then the "length" argument to <code>xdst</code> is instead treated as the index of the target $cX register.

~~=== Register ACLs ===~~

Falcon tracks permission metadata about each crypto reg. Permissions include read/write ability per execution mode, as well as ability to use the reg for encrypt/decrypt, among other permissions. Permissions are propagated when registers are referenced by instructions (e.g. moving a value from read-protected $cX to $cY will result in $cY also being read-protected).

~~=== Authenticated Mode Entry/Exit ===~~

Entry to Authenticated Mode always sets $pc to the address supplied in $cauth (ie the base of the signature-checked region). This takes effect when trying to branch to any address within the range covered by $cauth. Entry to Authenticated Mode (also called "Secure Mode") computes a MAC over the $cauth region and compares it to $c6 in order to perform the signature check.

Exit from Authenticated Mode must poke a special register before leaving authenticated code pages and a failure to do this would result in the Falcon core halting. Every Falcon based unit (TSEC, NVDEC, VIC) must map this register in their engine-specific subset of registers. In TSEC's case, the register is [[#TSEC_SCP_CTL_MODE|TSEC_SCP_CTL_MODE]].

~~=== Unknown Instructions ===~~

~~<code>00000000: f5 3c 00 e0 cchmod</code> - resets all crypto register's permissions.~~

~~<code>00000000: f5 3c XY a8 c_unk $cY X</code> - unknown crypto operation.~~

~~<code>00000000: f5 3c 0X 90 crng $cX</code> - seems to initialize a crypto register with random data.~~

=== Secrets ===

Line 2,932:

Line 2,959:

| 0x05 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.

|-

| 0x07 || Used by nvhost_tsec firmware.

| 0x07 || Used by [6.0.0+] nvhost_tsec firmware.

|-

| 0x09 || Used by nvhost_tsec firmware.

Line 2,940:

Line 2,967:

| 0x0F || Used by nvhost_tsec firmware.

|-

| 0x15 || Used by ~~nvhost_tsec,~~ nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod and ~~nvhost_nvdec020_ns~~ firmwares.

| 0x10 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.

|-

| 0x15 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.

|-

| 0x26 || Used by [[#KeygenLdr|KeygenLdr]].

@@ Line 1,444: / Line 1,444: @@
 x0020: xdst (with cxset) or cxsin (fuc5 opcode 0x88)
 x0030: xdld (with cxset) or cxsout (fuc5 opcode 0x8C)
-x0040: csrng (fuc5 opcode 0x90)
+x0040: crng (fuc5 opcode 0x90)
 x0050: cs0begin (fuc5 opcode 0x94)
 x0060: cs0exec (fuc5 opcode 0x98)
@@ Line 1,450: / Line 1,450: @@
 x0080: cs1exec (fuc5 opcode 0xA0)
 x0090: (fuc5 opcode 0xA4)
-x00A0: (fuc5 opcode 0xA8)
+x00A0: cchmod (fuc5 opcode 0xA8)
 x00B0: cxor (fuc5 opcode 0xAC)
 x00C0: cadd (fuc5 opcode 0xB0)
@@ Line 1,464: / Line 1,464: @@
 x0160: (fuc5 opcode 0xD8)
 x0170: csigenc (fuc5 opcode 0xDC)
-x0180: cchmod (fuc5 opcode 0xE0)
+x0180: csigclr (fuc5 opcode 0xE0)
 |-
 | 31
@@ Line 2,173: / Line 2,173: @@
   load_keygen(key_buf, key_version, is_blob_dec);
-  // fuc5 crypt cchmod instruction
+  // fuc5 crypt csigclr instruction
-  // Resets the ACL bits
+  // Clears the cauth signature
-  cchmod();
+  csigclr();
   // Clear all crypto registers
@@ Line 2,736: / Line 2,736: @@
   cxor(c7, c7);
-  // fuc5 crypt cchmod instruction
+  // fuc5 crypt csigclr instruction
-  // Resets the ACL bits
+  // Clears the cauth signature
-  cchmod();
+  csigclr();
   // Jump to Payload
@@ Line 2,870: / Line 2,870: @@
 == Notes ==
-[https://wiki.0x04.net/wiki/Marcin_Ko%C5%9Bcielnicki mwk] shared additional info learned from RE of falcon processors over the years, which hasn't made it into envytools documentation yet:
+Part of the information here (which hasn't made it into envytools documentation yet) was shared by [https://wiki.0x04.net/wiki/Marcin_Ko%C5%9Bcielnicki mwk] from reverse engineering falcon processors over the years.
+=== Register ACLs ===
+Falcon tracks permission metadata about each crypto reg. Permissions include read/write ability per execution mode, as well as ability to use the reg for encrypt/decrypt, among other permissions. Permissions are propagated when registers are referenced by instructions (e.g. moving a value from read-protected $cX to $cY will result in $cY also being read-protected).
+=== Authenticated Mode Entry/Exit ===
+Entry to Authenticated Mode always sets $pc to the address supplied in $cauth (ie the base of the signature-checked region). This takes effect when trying to branch to any address within the range covered by $cauth. Entry to Authenticated Mode (also called "Secure Mode") computes a MAC over the $cauth region and compares it to $c6 in order to perform the signature check.
+Exit from Authenticated Mode must poke a special register before leaving authenticated code pages and a failure to do this would result in the Falcon core halting. Every Falcon based unit (TSEC, NVDEC, VIC) must map this register in their engine-specific subset of registers. In TSEC's case, the register is [[#TSEC_SCP_CTL_MODE|TSEC_SCP_CTL_MODE]].
+=== csigclr ===
+<code>00000000: f5 3c 00 e0     csigclr</code>
+This instruction takes no operands and appears to clear the saved cauth signature used by the csigenc instruction.
+=== cchmod ===
+<code>00000000: f5 3c XY a8     cchmod $cY 0X</code> or <code>00000000: f5 3c XY a9     cchmod $cY 1X</code>
+This instruction takes a crypto register and a 5 bit immediate value. It appears to set the [[#Register ACLs|crypto registers' ACL]] bits as follows:
+{| class="wikitable" border="1"
+!  Bits
+!  Description
+|-
+| 0
+| Allow register to be used as key in NS or LS mode
+|-
+| 1
+| Allow register to be used as key in HS mode
+|-
+| 2
+| Set register as readable in NS or LS mode
+|-
+| 3
+| Set register as readable in HS mode
+|-
+| 4
+| Set register as writable in NS or LS mode
+|}
+=== crng ===
+<code>00000000: f5 3c 0X 90     crng $cX</code>
+This instruction takes no operands and appears to initialize a crypto register with random data.
 === cxset ===
@@ Line 2,900: / Line 2,942: @@
 For example, if override type=0b000, then the "length" argument to <code>xdst</code> is instead treated as the index of the target $cX register.
-=== Register ACLs ===
-Falcon tracks permission metadata about each crypto reg. Permissions include read/write ability per execution mode, as well as ability to use the reg for encrypt/decrypt, among other permissions. Permissions are propagated when registers are referenced by instructions (e.g. moving a value from read-protected $cX to $cY will result in $cY also being read-protected).
-=== Authenticated Mode Entry/Exit ===
-Entry to Authenticated Mode always sets $pc to the address supplied in $cauth (ie the base of the signature-checked region). This takes effect when trying to branch to any address within the range covered by $cauth. Entry to Authenticated Mode (also called "Secure Mode") computes a MAC over the $cauth region and compares it to $c6 in order to perform the signature check.
-Exit from Authenticated Mode must poke a special register before leaving authenticated code pages and a failure to do this would result in the Falcon core halting. Every Falcon based unit (TSEC, NVDEC, VIC) must map this register in their engine-specific subset of registers. In TSEC's case, the register is [[#TSEC_SCP_CTL_MODE|TSEC_SCP_CTL_MODE]].
-=== Unknown Instructions ===
-<code>00000000: f5 3c 00 e0     cchmod</code> - resets all crypto register's permissions.
-<code>00000000: f5 3c XY a8     c_unk $cY X</code> - unknown crypto operation.
-<code>00000000: f5 3c 0X 90     crng $cX</code> - seems to initialize a crypto register with random data.
 === Secrets ===
@@ Line 2,932: / Line 2,959: @@
 | 0x05 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, nvhost_nvdec020_prod, nvhost_nvdec020_ns and acr_ucode firmwares.
 |-
-| 0x07 || Used by nvhost_tsec firmware.
+| 0x07 || Used by [6.0.0+] nvhost_tsec firmware.
 |-
 | 0x09 || Used by nvhost_tsec firmware.
@@ Line 2,940: / Line 2,967: @@
 | 0x0F || Used by nvhost_tsec firmware.
 |-
-| 0x15 || Used by nvhost_tsec, nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod and nvhost_nvdec020_ns firmwares.
+| 0x10 || Used by [1.0.0-5.1.0] nvhost_tsec firmware.
+|-
+| 0x15 || Used by nvhost_nvdec_bl020_prod, [5.0.0+] nvhost_nvdec020_prod, [5.0.0+] nvhost_nvdec020_ns and [6.0.0+] nvhost_tsec firmwares.
 |-
 | 0x26 || Used by [[#KeygenLdr|KeygenLdr]].