From 1473adf5c4a6b7d833ceff60e8d8c3ed0fd02ab9 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sun, 28 Jun 2020 05:37:51 -0700 Subject: [PATCH] fusee/exo: correct device key management for newer consoles (closes #1053) --- .../program/source/boot/secmon_boot_setup.cpp | 9 ++-- fusee/fusee-secondary/src/key_derivation.c | 5 ++- fusee/fusee-secondary/src/nxboot.c | 8 +--- .../exosphere/pkg1/pkg1_se_key_slots.hpp | 41 ++++++++++--------- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/exosphere/program/source/boot/secmon_boot_setup.cpp b/exosphere/program/source/boot/secmon_boot_setup.cpp index 2f7217f25..11237594b 100644 --- a/exosphere/program/source/boot/secmon_boot_setup.cpp +++ b/exosphere/program/source/boot/secmon_boot_setup.cpp @@ -218,6 +218,9 @@ namespace ams::secmon::boot { /* Get the current key generation. */ const int current_generation = secmon::GetKeyGeneration(); + /* Get the kek slot. */ + const int kek_slot = fuse::GetSocType() == fuse::SocType_Mariko ? pkg1::AesKeySlot_DeviceMasterKeySourceKekMariko : pkg1::AesKeySlot_DeviceMasterKeySourceKekErista; + /* Iterate for all generations. */ for (int i = 0; i < pkg1::OldDeviceMasterKeyCount; ++i) { const int generation = pkg1::KeyGeneration_4_0_0 + i; @@ -229,7 +232,7 @@ namespace ams::secmon::boot { se::SetEncryptedAesKey128(pkg1::AesKeySlot_Temporary, pkg1::AesKeySlot_Temporary, is_prod ? DeviceMasterKekSourcesProd[i] : DeviceMasterKekSourcesDev[i], se::AesBlockSize); /* Decrypt the device master key source into the work block. */ - se::DecryptAes128(work_block, se::AesBlockSize, pkg1::AesKeySlot_DeviceMasterKeySourceKek, DeviceMasterKeySourceSources[i], se::AesBlockSize); + se::DecryptAes128(work_block, se::AesBlockSize, kek_slot, DeviceMasterKeySourceSources[i], se::AesBlockSize); /* If we're decrypting the current device master key, decrypt into the keyslot. */ if (generation == current_generation) { @@ -244,8 +247,8 @@ namespace ams::secmon::boot { } /* Clear and lock the Device Master Key Source Kek. */ - se::ClearAesKeySlot(pkg1::AesKeySlot_DeviceMasterKeySourceKek); - se::LockAesKeySlot(pkg1::AesKeySlot_DeviceMasterKeySourceKek, se::KeySlotLockFlags_AllLockKek); + se::ClearAesKeySlot(pkg1::AesKeySlot_DeviceMasterKeySourceKekMariko); + se::LockAesKeySlot(pkg1::AesKeySlot_DeviceMasterKeySourceKekMariko, se::KeySlotLockFlags_AllLockKek); } void DeriveAllKeys() { diff --git a/fusee/fusee-secondary/src/key_derivation.c b/fusee/fusee-secondary/src/key_derivation.c index 190e37539..73a052bdf 100644 --- a/fusee/fusee-secondary/src/key_derivation.c +++ b/fusee/fusee-secondary/src/key_derivation.c @@ -273,7 +273,10 @@ void derive_bis_key(void *dst, BisPartition partition_id, uint32_t target_firmwa } }; - const uint32_t bis_key_generation = fuse_get_5x_key_generation(); + uint32_t bis_key_generation = fuse_get_5x_key_generation(); + if (bis_key_generation > 0) { + bis_key_generation -= 1; + } static const uint8_t AL16 bis_kek_source[0x10] = {0x34, 0xC1, 0xA0, 0xC4, 0x82, 0x58, 0xF8, 0xB4, 0xFA, 0x9E, 0x5E, 0x6A, 0xDA, 0xFC, 0x7E, 0x4F}; switch (partition_id) { diff --git a/fusee/fusee-secondary/src/nxboot.c b/fusee/fusee-secondary/src/nxboot.c index 0fa866ed7..1161be07b 100644 --- a/fusee/fusee-secondary/src/nxboot.c +++ b/fusee/fusee-secondary/src/nxboot.c @@ -838,13 +838,7 @@ uint32_t nxboot_main(void) { /* Derive new device keys. */ { - if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_5_0_0) { - derive_new_device_keys(fuse_get_retail_type() != 0, KEYSLOT_SWITCH_5XNEWDEVICEKEYGENKEY, target_firmware); - } else if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) { - derive_new_device_keys(fuse_get_retail_type() != 0, KEYSLOT_SWITCH_4XNEWDEVICEKEYGENKEY, target_firmware); - } else { - /* No new keys to derive */ - } + derive_new_device_keys(fuse_get_retail_type() != 0, KEYSLOT_SWITCH_5XNEWDEVICEKEYGENKEY, target_firmware); } /* Set the system partition's keys. */ diff --git a/libraries/libexosphere/include/exosphere/pkg1/pkg1_se_key_slots.hpp b/libraries/libexosphere/include/exosphere/pkg1/pkg1_se_key_slots.hpp index ead3d4124..260722d8d 100644 --- a/libraries/libexosphere/include/exosphere/pkg1/pkg1_se_key_slots.hpp +++ b/libraries/libexosphere/include/exosphere/pkg1/pkg1_se_key_slots.hpp @@ -19,34 +19,35 @@ namespace ams::pkg1 { enum AesKeySlot { - AesKeySlot_UserStart = 0, + AesKeySlot_UserStart = 0, - AesKeySlot_TzramSaveKek = 2, - AesKeySlot_TzramSaveKey = 3, + AesKeySlot_TzramSaveKek = 2, + AesKeySlot_TzramSaveKey = 3, - AesKeySlot_UserLast = 5, - AesKeySlot_UserEnd = AesKeySlot_UserLast + 1, + AesKeySlot_UserLast = 5, + AesKeySlot_UserEnd = AesKeySlot_UserLast + 1, - AesKeySlot_SecmonStart = 8, + AesKeySlot_SecmonStart = 8, - AesKeySlot_Temporary = 8, - AesKeySlot_Smc = 9, - AesKeySlot_RandomForUserWrap = 10, - AesKeySlot_RandomForKeyStorageWrap = 11, - AesKeySlot_DeviceMaster = 12, - AesKeySlot_Master = 13, - AesKeySlot_Device = 15, + AesKeySlot_Temporary = 8, + AesKeySlot_Smc = 9, + AesKeySlot_RandomForUserWrap = 10, + AesKeySlot_RandomForKeyStorageWrap = 11, + AesKeySlot_DeviceMaster = 12, + AesKeySlot_Master = 13, + AesKeySlot_Device = 15, - AesKeySlot_SecmonEnd = 16, + AesKeySlot_SecmonEnd = 16, /* Used only during boot. */ - AesKeySlot_Tsec = 12, - AesKeySlot_TsecRoot = 13, - AesKeySlot_SecureBoot = 14, - AesKeySlot_SecureStorage = 15, + AesKeySlot_Tsec = 12, + AesKeySlot_TsecRoot = 13, + AesKeySlot_SecureBoot = 14, + AesKeySlot_SecureStorage = 15, - AesKeySlot_MasterKek = 13, - AesKeySlot_DeviceMasterKeySourceKek = 14, + AesKeySlot_DeviceMasterKeySourceKekErista = 10, + AesKeySlot_MasterKek = 13, + AesKeySlot_DeviceMasterKeySourceKekMariko = 14, }; enum RsaKeySlot {