Skip to content
Permalink
Browse files

Merge branch 'master' of git.n-n.moe:reinx/reinx

  • Loading branch information...
MarieKirya committed Mar 12, 2019
2 parents 72b0c96 + b4ac8db commit b1f7f1992d5cce26dd59c7bceb4630b060f94386
Showing with 802 additions and 418 deletions.
  1. +2 −1 link.ld
  2. +25 −21 src/bootloader.c
  3. +1 −1 src/bootloader.h
  4. +6 −6 src/bootrom.c
  5. +1 −1 src/bootrom.h
  6. +55 −303 src/firmware.c
  7. +3 −1 src/firmware.h
  8. +1 −0 src/hwinit.h
  9. +4 −5 src/hwinit/di.c
  10. +5 −5 src/hwinit/types.h
  11. +1 −1 src/kippatches/fs.inc
  12. +38 −27 src/package.c
  13. +10 −9 src/package.h
  14. +290 −0 src/patches.c
  15. +29 −0 src/patches.h
  16. +112 −0 src/secmon.c
  17. +24 −0 src/secmon.h
  18. +108 −0 src/sept.c
  19. +43 −0 src/sept.h
  20. +44 −37 src/start.s
@@ -2,8 +2,9 @@ ENTRY(_start)

SECTIONS
{
PROVIDE(__payload_start = 0x40003000);
PROVIDE(__payload_start = 0x40008000);
PROVIDE(__heap_start = 0x90020000);
PROVIDE(__stack_start = 0x90010000);

. = __payload_start;
.text.start :
@@ -17,9 +17,12 @@
*/

#include "hwinit.h"
#include "firmware.h"
#include "error.h"
#include "bootloader.h"
#include "package.h"
#include "bootrom.h"

void check_sku() {
if (FUSE(0x110) != 0x83)
panic();
@@ -61,7 +64,6 @@ void check_config_fuses() {

int keygen(u8 *keyblob, u32 fwVer, void * pkg1, pk11_offs * offs) {
u8 tmp[0x20];
int sp = fwVer >= KB_FIRMWARE_VERSION_620;
tsec_ctxt_t tsec_ctxt;
tsec_ctxt.key_ver = 1;
tsec_ctxt.fw = pkg1 + offs->tsec_off;
@@ -70,12 +72,11 @@ int keygen(u8 *keyblob, u32 fwVer, void * pkg1, pk11_offs * offs) {
tsec_ctxt.secmon_base = offs->secmon_base;
if(fwVer <= KB_FIRMWARE_VERSION_620) tsec_ctxt.size = 0xF00;
if(fwVer == KB_FIRMWARE_VERSION_620) tsec_ctxt.size = 0x2900;
if(fwVer >= KB_FIRMWARE_VERSION_700) tsec_ctxt.size = 0x3000;


se_key_acc_ctrl(0xE, 0x15);
se_key_acc_ctrl(0xD, 0x15);
if (sp) {

if (fwVer == KB_FIRMWARE_VERSION_620) {
print("Going to emulate TSEC\nSize: 0x%x\nLoc: 0x%x\nOff: 0x%x\n", tsec_ctxt.size, tsec_ctxt.fw-tsec_ctxt.pkg1, tsec_ctxt.pkg11_off);
u8 *tsec_paged = (u8 *)page_alloc(3);
if(fopen("/ReiNX/tsecfw.bin", "rb")) {
@@ -84,29 +85,30 @@ int keygen(u8 *keyblob, u32 fwVer, void * pkg1, pk11_offs * offs) {
}else{
memcpy(tsec_paged, (void *)tsec_ctxt.fw, tsec_ctxt.size);
}

print("Copied, emulaing tsec\n");
}

int retries = 0;
int ret = tsec_query(tmp, fwVer, &tsec_ctxt);
while (ret < 0)
{
print("Failed to keygen, retrying\n");
memset(tmp, 0x00, 0x20);
if (++retries > 3)
return 0;
ret = tsec_query(tmp, fwVer, &tsec_ctxt);
print("Copied, emulaing tsec\n");
}

if(sp) {
if (fwVer < KB_FIRMWARE_VERSION_700) {
int retries = 0;
int ret = tsec_query(tmp, fwVer, &tsec_ctxt);
while (ret < 0)
{
print("Failed to keygen, retrying\n");
memset(tmp, 0x00, 0x20);
if (++retries > 3)
return 0;
ret = tsec_query(tmp, fwVer, &tsec_ctxt);
}
}

if(fwVer == KB_FIRMWARE_VERSION_620) {
// Set TSEC key.
se_aes_key_set(12, tmp, 0x10);

// Derive keyblob keys from TSEC+SBK.
se_aes_crypt_block_ecb(13, 0, tmp, keyblob_keyseeds[0]);
se_aes_unwrap_key(15, 14, tmp);

// Set TSEC root key.
se_aes_key_set(13, tmp + 0x10, 0x10);

@@ -115,7 +117,7 @@ int keygen(u8 *keyblob, u32 fwVer, void * pkg1, pk11_offs * offs) {
se_aes_unwrap_key(8, 8, new_master_keyseed);
se_aes_unwrap_key(8, 8, pre400_master_keyseed);
se_aes_unwrap_key(8, 8, pk21_keyseed);
} else {
} else if (fwVer < KB_FIRMWARE_VERSION_620) {
se_key_acc_ctrl(13, 0x15);
se_key_acc_ctrl(14, 0x15);

@@ -322,6 +324,8 @@ void setup() {
}

void bootloader() {
if (has_keygen_ran())
return;
mbist_workaround();
clock_enable_se();

@@ -28,7 +28,7 @@ static const pk11_offs _pk11_offs[] = {
{ KB_FIRMWARE_VERSION_500, 0x1900, 0x3FE0, { 1, 2, 0 }, 0x4002B000, 0x4003B000 }, //5.0.0 - 5.0.2
{ KB_FIRMWARE_VERSION_600, 0x1900, 0x3FE0, { 1, 2, 0 }, 0x4002B000, 0x4003D800 }, //6.0.0
{ KB_FIRMWARE_VERSION_620, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x4002B000, 0x4003D800 }, //6.2.0
{ KB_FIRMWARE_VERSION_700, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x4002B000, 0x4003E000 }, //7.0.0
{ KB_FIRMWARE_VERSION_700, 0x0F00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000 }, //7.0.0
{ NULL } // End.
};

@@ -21,19 +21,19 @@ void bootrom(void) {
// Bootrom part we skipped.
u32 sbk[4] = { FUSE(0x1A4), FUSE(0x1A8), FUSE(0x1AC), FUSE(0x1B0) };
se_aes_key_set(14, sbk, 0x10);

// Lock SBK from being read.
SE(SE_KEY_TABLE_ACCESS_REG_OFFSET + 14 * 4) = 0x7E;

// Lock SSK (although it's not set and unused anyways).
SE(SE_KEY_TABLE_ACCESS_REG_OFFSET + 15 * 4) = 0x7E;

// This memset needs to happen here, else TZRAM will behave weirdly later on.
memset((void *)0x7C010000, 0, 0x10000);
PMC(APBDEV_PMC_CRYPTO_OP) = 0;
SE(SE_INT_STATUS_REG_OFFSET) = 0x1F;

// Lock SSK (although it's not set and unused anyways).
SE(SE_KEY_TABLE_ACCESS_REG_OFFSET + 15 * 4) = 0x7E;


// Clear the boot reason to avoid problems later
PMC(APBDEV_PMC_SCRATCH200) = 0x0;
PMC(APBDEV_PMC_RST_STATUS_0) = 0x0;
}
}
@@ -16,4 +16,4 @@

#pragma once

void bootrom(void);
void bootrom(void);
Oops, something went wrong.

0 comments on commit b1f7f19

Please sign in to comment.
You can’t perform that action at this time.