Line 1: |
Line 1: |
− | == BootROM ==
| + | = BootROM = |
| The bootrom initializes two keyslots in the hardware engine: | | The bootrom initializes two keyslots in the hardware engine: |
| | | |
Line 48: |
Line 48: |
| } | | } |
| | | |
− | == Falcon coprocessor ==
| + | = Falcon coprocessor = |
| The falcon processor (TSEC) generates a special console-unique key (that will be referred to as the "tsec key"). | | The falcon processor (TSEC) generates a special console-unique key (that will be referred to as the "tsec key"). |
| | | |
| This is presumably using data stored in fuses that only microcode authenticated by NVidia has access to. | | This is presumably using data stored in fuses that only microcode authenticated by NVidia has access to. |
| | | |
− | == Package1ldr ==
| + | = Package1ldr = |
− | | + | == Key table == |
− | === Key table during package1ldr ===
| + | [1.0.0-3.0.2] During package1ldr: |
− | | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| |- | | |- |
Line 84: |
Line 83: |
| |} | | |} |
| | | |
− | === [1.0.0-3.0.2] Key table after package1ldr ===
| + | [1.0.0-3.0.2] After package1ldr: |
− | | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| |- | | |- |
Line 107: |
Line 105: |
| |} | | |} |
| | | |
− | === [4.0.0]+ Key table after package1ldr (Secure Monitor boot) ===
| + | [4.0.0+] After package1ldr (Secure Monitor boot): |
− | | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| |- | | |- |
Line 142: |
Line 139: |
| |} | | |} |
| | | |
− | === [4.0.0]+ Key table after package1ldr (Secure Monitor runtime) ===
| + | [4.0.0+] After package1ldr (Secure Monitor runtime): |
− | | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| |- | | |- |
Line 171: |
Line 167: |
| |} | | |} |
| | | |
− | === [6.2.0]+ Key table after package1ldr/TSEC Payload (Secure Monitor boot) ===
| + | [6.2.0+] After package1ldr/TSEC Payload (Secure Monitor boot): |
− | | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| |- | | |- |
Line 206: |
Line 201: |
| |} | | |} |
| | | |
− | | + | == Key generation == |
− | === Key generation ===
| |
| Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption. | | Note: aes_unwrap(wrapped_key, wrap_key) is just another name for a single AES-128 block decryption. |
| | | |
Line 297: |
Line 291: |
| The key-derivation is described in more detail [[Package1#Key_generation|here]]. | | The key-derivation is described in more detail [[Package1#Key_generation|here]]. |
| | | |
− | ==== Keyblob ====
| + | === Keyblob === |
| There are 32 keyblobs written to NAND at factory, with each keyblob encrypted with a console-unique key derived from the console's SBK, the console's tsec key, and a constant specific to each keyblob. | | There are 32 keyblobs written to NAND at factory, with each keyblob encrypted with a console-unique key derived from the console's SBK, the console's tsec key, and a constant specific to each keyblob. |
| | | |
| Despite being encrypted with console unique keys, though, the decrypted keyblob contents are shared for all consoles. | | Despite being encrypted with console unique keys, though, the decrypted keyblob contents are shared for all consoles. |
| | | |
− | ==== Seeds ====
| + | Used keyblobs are as follows: |
− | normalseed_retail = d8a2410a...
| |
− |
| |
− | [1.0.0] wrapped_keyblob_key = df206f59...
| |
− | [1.0.0] simpleseed_dev0 = aff11423...
| |
− | [1.0.0] simpleseed_dev1 = 5e177ee1...
| |
− | [1.0.0] normalseed_dev = 0542a0fd...
| |
− |
| |
− | [3.0.0] wrapped_keyblob_key = 0c25615d...
| |
− | [3.0.0] simpleseed_dev0 = de00216a...
| |
− | [3.0.0] simpleseed_dev1 = 2db7c0a1...
| |
− | [3.0.0] normalseed_dev = 678c5a03...
| |
− |
| |
− | [3.0.1] wrapped_keyblob_key = 337685ee...
| |
− | [3.0.1] simpleseed_dev0 = e045f5ba...
| |
− | [3.0.1] simpleseed_dev1 = 84d92e0d...
| |
− | [3.0.1] normalseed_dev = cd88155b...
| |
− |
| |
− | [4.0.0] wrapped_keyblob_key = 2d1f4880...
| |
− | | |
− | ==== Table of used keyblobs ====
| |
| | | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
Line 357: |
Line 331: |
| Starting from 6.2.0, key generation no longer uses keyblobs. | | Starting from 6.2.0, key generation no longer uses keyblobs. |
| | | |
− | == Secure Monitor Init == | + | === Seeds === |
| + | normalseed_retail = d8a2410a... |
| + | |
| + | [1.0.0] wrapped_keyblob_key = df206f59... |
| + | [1.0.0] simpleseed_dev0 = aff11423... |
| + | [1.0.0] simpleseed_dev1 = 5e177ee1... |
| + | [1.0.0] normalseed_dev = 0542a0fd... |
| + | |
| + | [3.0.0] wrapped_keyblob_key = 0c25615d... |
| + | [3.0.0] simpleseed_dev0 = de00216a... |
| + | [3.0.0] simpleseed_dev1 = 2db7c0a1... |
| + | [3.0.0] normalseed_dev = 678c5a03... |
| + | |
| + | [3.0.1] wrapped_keyblob_key = 337685ee... |
| + | [3.0.1] simpleseed_dev0 = e045f5ba... |
| + | [3.0.1] simpleseed_dev1 = 84d92e0d... |
| + | [3.0.1] normalseed_dev = cd88155b... |
| + | |
| + | [4.0.0] wrapped_keyblob_key = 2d1f4880... |
| + | |
| + | === Versions === |
| + | The key generation system has historically been revised several times. Each version is bound to a specific BCT public key and can be identified by its first byte as follows: |
| + | |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Version |
| + | ! BCT public key's first byte |
| + | ! Description |
| + | |- |
| + | | K1 |
| + | | 0x11 |
| + | | Erista prototype development |
| + | |- |
| + | | K2 |
| + | | 0xFB |
| + | | Erista prototype development |
| + | |- |
| + | | K3 |
| + | | 0x4F |
| + | | Erista prototype development |
| + | |- |
| + | | K4 |
| + | | |
| + | | Erista prototype retail |
| + | |- |
| + | | K5 |
| + | | 0x37 |
| + | | Erista development |
| + | |- |
| + | | K6 |
| + | | 0xF7 |
| + | | Erista retail |
| + | |- |
| + | | M1 |
| + | | 0xDD |
| + | | Mariko prototype development |
| + | |- |
| + | | M2 |
| + | | 0xC3 |
| + | | Mariko development |
| + | |- |
| + | | M3 |
| + | | 0x9B |
| + | | Mariko retail |
| + | |} |
| + | |
| + | = Secure Monitor Init = |
| On all versions, the key to decrypt [[Package2]] is generated by decrypting a constant seed with the master key. The key is erased after use. | | On all versions, the key to decrypt [[Package2]] is generated by decrypting a constant seed with the master key. The key is erased after use. |
| | | |
| Additionally, starting from 4.0.0, the Secure Monitor init will decrypt another constant seed successively with a special per console key and a special static key passed by package1loader, to generate the firmware specific per-console key. The operation will erase these special keys passed by package1loader. | | Additionally, starting from 4.0.0, the Secure Monitor init will decrypt another constant seed successively with a special per console key and a special static key passed by package1loader, to generate the firmware specific per-console key. The operation will erase these special keys passed by package1loader. |
| | | |
− | == Secure Monitor ==
| + | = Secure Monitor = |
| The secure monitor performs some runtime cryptographic operations. See [[SMC]] for what operations it provides. | | The secure monitor performs some runtime cryptographic operations. See [[SMC]] for what operations it provides. |