1
0
Fork 0
mirror of https://github.com/Atmosphere-NX/Atmosphere.git synced 2024-12-23 02:42:09 +00:00

loader: implement 8.1.0 changes

This commit is contained in:
Michael Scire 2019-06-19 11:51:30 -07:00
parent 06e4158b93
commit 6699fda8c9
7 changed files with 75 additions and 43 deletions

View file

@ -203,12 +203,37 @@ void decrypt_data_into_keyslot(unsigned int keyslot_dst, unsigned int keyslot_sr
generic_panic();
}
/* Write config, validate. */
se->CONFIG_REG = (ALG_AES_DEC | DST_KEYTAB);
if (se->CONFIG_REG != (ALG_AES_DEC | DST_KEYTAB)) {
generic_panic();
}
se->CRYPTO_REG = keyslot_src << 24;
if (se->CRYPTO_REG != (keyslot_src << 24)) {
generic_panic();
}
se->BLOCK_COUNT_REG = 0;
if (se->BLOCK_COUNT_REG != 0) {
generic_panic();
}
se->CRYPTO_KEYTABLE_DST_REG = keyslot_dst << 8;
if (se->CRYPTO_KEYTABLE_DST_REG != (keyslot_dst << 8)) {
generic_panic();
}
/* Clear address context. */
se->IN_LL_ADDR_REG = 0;
se->OUT_LL_ADDR_REG = 0;
if (se->IN_LL_ADDR_REG != 0 || se->OUT_LL_ADDR_REG != 0) {
generic_panic();
}
trigger_se_blocking_op(OP_START, NULL, 0, wrapped_key, wrapped_key_size);
/* Validate address context. */
if (se->IN_LL_ADDR_REG == 0 || se->OUT_LL_ADDR_REG == 0) {
generic_panic();
}
}
void se_synchronous_exp_mod(unsigned int keyslot, void *dst, size_t dst_size, const void *src, size_t src_size) {
@ -320,6 +345,11 @@ void trigger_se_blocking_op(unsigned int op, void *dst, size_t dst_size, const v
/* Set registers for operation. */
se->ERR_STATUS_REG = se->ERR_STATUS_REG;
se->INT_STATUS_REG = se->INT_STATUS_REG;
if (se->IN_LL_ADDR_REG != (uint32_t) get_physical_address(&in_ll) || se->OUT_LL_ADDR_REG != (uint32_t) get_physical_address(&out_ll) || (se->INT_STATUS_REG & 0x10)) {
generic_panic();
}
se->OPERATION_REG = op;
while (!(se->INT_STATUS_REG & 0x10)) { /* Wait a while */ }
@ -725,39 +755,3 @@ void se_save_context(unsigned int srkgen_keyslot, unsigned int rng_keyslot, void
se->CONFIG_REG = 0;
se_encrypt_with_srk(work_buf, 0, NULL, 0);
}
void se_save_partial_context(unsigned int srkgen_keyslot, unsigned int rng_keyslot, void *dst) {
volatile tegra_se_t *se = se_get_regs();
uint8_t _work_buf[0x80];
uint8_t *work_buf = (uint8_t *)(((uintptr_t)_work_buf + 0x7F) & ~0x3F);
/* Generate the SRK (context save encryption key). */
se_generate_random_key(srkgen_keyslot, rng_keyslot);
se_generate_srk(srkgen_keyslot);
se_generate_random(rng_keyslot, work_buf, 0x10);
/* Save known pattern. */
static const uint8_t context_save_known_pattern[0x10] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
se->CONTEXT_SAVE_CONFIG_REG = (CTX_SAVE_SRC_MEM);
se->BLOCK_COUNT_REG = 0;
se_encrypt_with_srk(dst + 0x00, 0x10, context_save_known_pattern, 0x10);
/* Save specific keyslots 0xC, 0xD, 0xE. */
se->CONTEXT_SAVE_CONFIG_REG = (CTX_SAVE_SRC_KEYTABLE_AES) | (0xE << CTX_SAVE_KEY_INDEX_SHIFT) | (CTX_SAVE_KEY_LOW_BITS);
se->BLOCK_COUNT_REG = 0;
se_encrypt_with_srk(dst + 0x10, 0x10, NULL, 0);
se->CONTEXT_SAVE_CONFIG_REG = (CTX_SAVE_SRC_KEYTABLE_AES) | (0xC << CTX_SAVE_KEY_INDEX_SHIFT) | (CTX_SAVE_KEY_LOW_BITS);
se->BLOCK_COUNT_REG = 0;
se_encrypt_with_srk(dst + 0x20, 0x10, NULL, 0);
se->CONTEXT_SAVE_CONFIG_REG = (CTX_SAVE_SRC_KEYTABLE_AES) | (0xD << CTX_SAVE_KEY_INDEX_SHIFT) | (CTX_SAVE_KEY_LOW_BITS);
se->BLOCK_COUNT_REG = 0;
se_encrypt_with_srk(dst + 0x30, 0x10, NULL, 0);
/* Save SRK into PMC registers. */
se->CONTEXT_SAVE_CONFIG_REG = (CTX_SAVE_SRC_SRK);
se->BLOCK_COUNT_REG = 0;
se_encrypt_with_srk(work_buf, 0, NULL, 0);
se->CONFIG_REG = 0;
se_encrypt_with_srk(work_buf, 0, NULL, 0);
}

View file

@ -222,6 +222,4 @@ void se_set_in_context_save_mode(bool is_context_save_mode);
void se_generate_random_key(unsigned int dst_keyslot, unsigned int rng_keyslot);
void se_save_context(unsigned int srk_keyslot, unsigned int rng_keyslot, void *dst);
void se_save_partial_context(unsigned int srk_keyslot, unsigned int rng_keyslot, void *dst);
#endif

View file

@ -17,8 +17,15 @@
#include <stdbool.h>
#include <stdarg.h>
#include "utils.h"
#include "se.h"
#include <inttypes.h>
__attribute__ ((noreturn)) void generic_panic(void) {
/* Clear keyslots. */
clear_aes_keyslot(0xD);
for (size_t i = 0; i < 0x10; i++) {
clear_aes_keyslot(i);
}
clear_aes_keyslot(0xD);
while(1) { /* ... */ }
}

@ -1 +1 @@
Subproject commit 281534d9f805af7dccbdd4e0e8883d4d055581ff
Subproject commit 7e0ed3b38f437791fdd398c7058c376c9d2a6853

View file

@ -37,7 +37,7 @@ class NpdmUtils {
u8 default_cpuid;
u32 _0x10;
u32 system_resource_size;
u32 process_category;
u32 version;
u32 main_stack_size;
char title_name[0x50];
u32 aci0_offset;

View file

@ -25,6 +25,35 @@
#include "ldr_npdm.hpp"
#include "ldr_nso.hpp"
static inline bool IsDisallowedVersion810(const u64 title_id, const u32 version) {
return version == 0 &&
(title_id == TitleId_Settings ||
title_id == TitleId_Bus ||
title_id == TitleId_Audio ||
title_id == TitleId_NvServices ||
title_id == TitleId_Ns ||
title_id == TitleId_Ssl ||
title_id == TitleId_Es ||
title_id == TitleId_Creport ||
title_id == TitleId_Ro);
}
Result ProcessCreation::ValidateProcessVersion(u64 title_id, u32 version) {
if (GetRuntimeFirmwareVersion() < FirmwareVersion_810) {
return ResultSuccess;
} else {
#ifdef LDR_VALIDATE_PROCESS_VERSION
if (IsDisallowedVersion810(title_id, version)) {
return ResultLoaderInvalidVersion;
} else {
return ResultSuccess;
}
#else
return ResultSuccess;
#endif
}
}
Result ProcessCreation::InitializeProcessInfo(NpdmUtils::NpdmInfo *npdm, Handle reslimit_h, u64 arg_flags, ProcessInfo *out_proc_info) {
/* Initialize a ProcessInfo using an npdm. */
*out_proc_info = {};
@ -36,8 +65,8 @@ Result ProcessCreation::InitializeProcessInfo(NpdmUtils::NpdmInfo *npdm, Handle
/* Set title id. */
out_proc_info->title_id = npdm->aci0->title_id;
/* Set process category. */
out_proc_info->process_category = npdm->header->process_category;
/* Set version. */
out_proc_info->version = npdm->header->version;
/* Copy reslimit handle raw. */
out_proc_info->reslimit_h = reslimit_h;
@ -145,6 +174,9 @@ Result ProcessCreation::CreateProcess(Handle *out_process_h, u64 index, char *nc
/* Load the process's NPDM. */
R_TRY(NpdmUtils::LoadNpdmFromCache(target_process->tid_sid.title_id, &npdm_info));
/* Validate version. */
R_TRY(ValidateProcessVersion(target_process->tid_sid.title_id, npdm_info.header->version));
/* Validate the title we're loading is what we expect. */
if (npdm_info.aci0->title_id < npdm_info.acid->title_id_range_min || npdm_info.aci0->title_id > npdm_info.acid->title_id_range_max) {
return ResultLoaderInvalidProgramId;

View file

@ -27,7 +27,7 @@ class ProcessCreation {
public:
struct ProcessInfo {
u8 name[12];
u32 process_category;
u32 version;
u64 title_id;
u64 code_addr;
u32 code_num_pages;
@ -35,6 +35,7 @@ class ProcessCreation {
Handle reslimit_h;
u32 system_resource_num_pages;
};
static Result ValidateProcessVersion(u64 title_id, u32 version);
static Result InitializeProcessInfo(NpdmUtils::NpdmInfo *npdm, Handle reslimit_h, u64 arg_flags, ProcessInfo *out_proc_info);
static Result CreateProcess(Handle *out_process_h, u64 index, char *nca_path, LaunchQueue::LaunchItem *launch_item, u64 arg_flags, Handle reslimit_h);
};