1
0
Fork 0
mirror of https://github.com/CTCaer/hekate.git synced 2024-12-23 08:32:04 +00:00

fuse/hwinit: move automatic SBK set into fuse

This commit is contained in:
CTCaer 2021-08-28 16:46:15 +03:00
parent 73df5e6743
commit 7c72c9777a
3 changed files with 33 additions and 21 deletions

View file

@ -19,6 +19,8 @@
#include <string.h>
#include <sec/se.h>
#include <sec/se_t210.h>
#include <soc/fuse.h>
#include <soc/hw_init.h>
#include <soc/t210.h>
@ -124,6 +126,30 @@ u32 fuse_read_hw_type()
return FUSE_NX_HW_TYPE_ICOSA;
}
int fuse_set_sbk()
{
if (FUSE(FUSE_PRIVATE_KEY0) != 0xFFFFFFFF)
{
// Read SBK from fuses.
u32 sbk[4] = {
FUSE(FUSE_PRIVATE_KEY0),
FUSE(FUSE_PRIVATE_KEY1),
FUSE(FUSE_PRIVATE_KEY2),
FUSE(FUSE_PRIVATE_KEY3)
};
// Set SBK to slot 14.
se_aes_key_set(14, sbk, SE_KEY_128_SIZE);
// Lock SBK from being read.
se_key_acc_ctrl(14, SE_KEY_TBL_DIS_KEYREAD_FLAG);
return 1;
}
return 0;
}
void fuse_wait_idle()
{
u32 ctrl;

View file

@ -98,6 +98,7 @@ u32 fuse_read_odm_keygen_rev();
u32 fuse_read_dramid(bool raw_id);
u32 fuse_read_hw_state();
u32 fuse_read_hw_type();
int fuse_set_sbk();
void fuse_wait_idle();
int fuse_read_ipatch(void (*ipatch)(u32 offset, u32 value));
int fuse_read_evp_thunk(u32 *iram_evp_thunks, u32 *iram_evp_thunks_len);

View file

@ -250,29 +250,14 @@ static void _mbist_workaround()
static void _config_se_brom()
{
// Enable fuse clock.
// Enable Fuse visibility.
clock_enable_fuse(true);
// Skip SBK/SSK if sept was run.
bool sbk_skip = b_cfg.boot_cfg & BOOT_CFG_SEPT_RUN || FUSE(FUSE_PRIVATE_KEY0) == 0xFFFFFFFF;
if (!sbk_skip)
{
// Bootrom part we skipped.
u32 sbk[4] = {
FUSE(FUSE_PRIVATE_KEY0),
FUSE(FUSE_PRIVATE_KEY1),
FUSE(FUSE_PRIVATE_KEY2),
FUSE(FUSE_PRIVATE_KEY3)
};
// Set SBK to slot 14.
se_aes_key_set(14, sbk, SE_KEY_128_SIZE);
// Try to set SBK from fuses. If patched, skip.
fuse_set_sbk();
// Lock SBK from being read.
se_key_acc_ctrl(14, SE_KEY_TBL_DIS_KEYREAD_FLAG);
// Lock SSK (although it's not set and unused anyways).
se_key_acc_ctrl(15, SE_KEY_TBL_DIS_KEYREAD_FLAG);
}
// Lock SSK (although it's not set and unused anyways).
// se_key_acc_ctrl(15, SE_KEY_TBL_DIS_KEYREAD_FLAG);
// This memset needs to happen here, else TZRAM will behave weirdly later on.
memset((void *)TZRAM_BASE, 0, 0x10000);
@ -352,7 +337,7 @@ void hw_init()
// Enable Security Engine clock.
clock_enable_se();
// Enable Fuse clock.
// Enable Fuse visibility.
clock_enable_fuse(true);
// Disable Fuse programming.