diff --git a/fusee/fusee-secondary/src/key_derivation.c b/fusee/fusee-secondary/src/key_derivation.c index 57982b1bf..b101c7f34 100644 --- a/fusee/fusee-secondary/src/key_derivation.c +++ b/fusee/fusee-secondary/src/key_derivation.c @@ -227,9 +227,9 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui case ATMOSPHERE_TARGET_FIRMWARE_8_1_0: case ATMOSPHERE_TARGET_FIRMWARE_9_0_0: decrypt_data_into_keyslot(0xA, 0xF, devicekey_4x_seed, 0x10); - decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10); - decrypt_data_into_keyslot(0xE, 0xC, masterkey_4x_seed, 0x10); - decrypt_data_into_keyslot(0xC, 0xC, masterkey_seed, 0x10); + decrypt_data_into_keyslot(0xF, 0xF, devicekey_seed, 0x10); + decrypt_data_into_keyslot(0xD, 0xC, masterkey_seed, 0x10); + decrypt_data_into_keyslot(0xC, 0xC, masterkey_4x_seed, 0x10); break; default: return -1; @@ -239,12 +239,6 @@ int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, ui return mkey_detect_revision(fuse_get_retail_type() != 0); } -/* Sets final keyslot flags, for handover to TZ/Exosphere. Setting these will prevent the BPMP from using the device key or master key. */ -void finalize_nx_keydata(uint32_t target_firmware) { - set_aes_keyslot_flags(0xC, 0xFF); - set_aes_keyslot_flags((target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (KEYSLOT_SWITCH_4XOLDDEVICEKEY) : (KEYSLOT_SWITCH_DEVICEKEY), 0xFF); -} - static void generate_specific_aes_key(void *dst, const void *wrapped_key, bool should_mask, uint32_t target_firmware, uint32_t generation) { unsigned int keyslot = (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_4_0_0) ? (devkey_get_keyslot(generation)) : (KEYSLOT_SWITCH_DEVICEKEY); diff --git a/fusee/fusee-secondary/src/key_derivation.h b/fusee/fusee-secondary/src/key_derivation.h index 14108115f..48ec076a2 100644 --- a/fusee/fusee-secondary/src/key_derivation.h +++ b/fusee/fusee-secondary/src/key_derivation.h @@ -13,7 +13,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ - + #ifndef FUSEE_KEYDERIVATION_H #define FUSEE_KEYDERIVATION_H @@ -49,7 +49,6 @@ typedef struct nx_keyblob_t { int derive_nx_keydata(uint32_t target_firmware, const nx_keyblob_t *keyblobs, uint32_t available_revision, const void *tsec_key, void *tsec_root_key, unsigned int *out_keygen_type); int load_package1_key(uint32_t revision); -void finalize_nx_keydata(uint32_t target_firmware); void derive_bis_key(void *dst, BisPartition partition_id, uint32_t target_firmware); #endif diff --git a/fusee/fusee-secondary/src/nxboot.c b/fusee/fusee-secondary/src/nxboot.c index 1a50ba754..28ec5fb34 100644 --- a/fusee/fusee-secondary/src/nxboot.c +++ b/fusee/fusee-secondary/src/nxboot.c @@ -957,7 +957,7 @@ uint32_t nxboot_main(void) { if (MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) { exosphere_memaddr = (void *)0x4002D000; } else { - exosphere_memaddr = (void *)0x4002B000; + exosphere_memaddr = (void *)0x40030000; } /* Copy Exosphère to a good location or read it directly to it. */ diff --git a/fusee/fusee-secondary/src/nxboot_iram.c b/fusee/fusee-secondary/src/nxboot_iram.c index bc40d9afd..17df294c5 100644 --- a/fusee/fusee-secondary/src/nxboot_iram.c +++ b/fusee/fusee-secondary/src/nxboot_iram.c @@ -29,37 +29,6 @@ void nxboot_finish(uint32_t boot_memaddr) { uint32_t target_firmware = MAILBOX_EXOSPHERE_CONFIGURATION->target_firmware; - volatile tegra_se_t *se = se_get_regs(); - - /* Clear used keyslots. */ - clear_aes_keyslot(KEYSLOT_SWITCH_PACKAGE2KEY); - clear_aes_keyslot(KEYSLOT_SWITCH_RNGKEY); - - /* Lock keyslots. */ - set_aes_keyslot_flags(KEYSLOT_SWITCH_MASTERKEY, 0xFF); - if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_4_0_0) { - set_aes_keyslot_flags(KEYSLOT_SWITCH_DEVICEKEY, 0xFF); - } else { - set_aes_keyslot_flags(KEYSLOT_SWITCH_4XOLDDEVICEKEY, 0xFF); - } - - /* Finalize the GPU UCODE carveout. */ - /* NOTE: [4.0.0+] This is now done in the Secure Monitor. */ - /* mc_config_carveout_finalize(); */ - - /* Lock AES keyslots. */ - for (uint32_t i = 0; i < 16; i++) - set_aes_keyslot_flags(i, 0x15); - - /* Lock RSA keyslots. */ - for (uint32_t i = 0; i < 2; i++) - set_rsa_keyslot_flags(i, 1); - - /* Lock the Security Engine. */ - se->SE_TZRAM_SECURITY = 0; - se->SE_CRYPTO_SECURITY_PERKEY = 0; - se->SE_RSA_SECURITY_PERKEY = 0; - se->SE_SE_SECURITY &= 0xFFFFFFFB; /* Boot up Exosphère. */ MAILBOX_NX_BOOTLOADER_IS_SECMON_AWAKE(target_firmware) = 0; diff --git a/fusee/fusee-secondary/src/se.h b/fusee/fusee-secondary/src/se.h index 9bcc33996..cb7c3ca28 100644 --- a/fusee/fusee-secondary/src/se.h +++ b/fusee/fusee-secondary/src/se.h @@ -26,8 +26,8 @@ #define KEYSLOT_SWITCH_TEMPKEY 0x9 #define KEYSLOT_SWITCH_SESSIONKEY 0xA #define KEYSLOT_SWITCH_RNGKEY 0xB -#define KEYSLOT_SWITCH_MASTERKEY 0xC -#define KEYSLOT_SWITCH_DEVICEKEY 0xD +#define KEYSLOT_SWITCH_MASTERKEY 0xD +#define KEYSLOT_SWITCH_DEVICEKEY 0xC /* This keyslot was added in 4.0.0. */ #define KEYSLOT_SWITCH_4XNEWDEVICEKEYGENKEY 0xD diff --git a/sept/sept-secondary/src/key_derivation.c b/sept/sept-secondary/src/key_derivation.c index e273170bb..94287d8f5 100644 --- a/sept/sept-secondary/src/key_derivation.c +++ b/sept/sept-secondary/src/key_derivation.c @@ -63,11 +63,11 @@ void load_keys(const uint8_t *se_state) { /* Clear keyslot 0xB. */ clear_aes_keyslot(0xB); - /* Copy master key out of state keyslot 0xC into keyslot 0xC. */ - set_aes_keyslot(0xC, se_state + 0x30 + (0xC * 0x20), 0x10); + /* Copy firmware device key out of state keyslot 0xE into keyslot 0xC. */ + set_aes_keyslot(0xC, se_state + 0x30 + (0xE * 0x20), 0x10); - /* Copy firmware device key out of state keyslot 0xE into keyslot 0xD. */ - set_aes_keyslot(0xD, se_state + 0x30 + (0xE * 0x20), 0x10); + /* Copy master key out of state keyslot 0xC into keyslot 0xD. */ + set_aes_keyslot(0xD, se_state + 0x30 + (0xC * 0x20), 0x10); /* Clear keyslot 0xE. */ clear_aes_keyslot(0xE); @@ -77,5 +77,5 @@ void load_keys(const uint8_t *se_state) { /* Set keyslot flags properly in preparation for secmon. */ set_aes_keyslot_flags(0xE, 0x15); - set_aes_keyslot_flags(0xD, 0x15); + set_aes_keyslot_flags(0xC, 0x15); }