diff --git a/exosphere2/program/source/boot/secmon_make_page_table.cpp b/exosphere2/program/source/boot/secmon_make_page_table.cpp index c30ebee86..4309cf994 100644 --- a/exosphere2/program/source/boot/secmon_make_page_table.cpp +++ b/exosphere2/program/source/boot/secmon_make_page_table.cpp @@ -125,7 +125,7 @@ namespace ams::secmon::boot { SetL3BlockEntry(l3, MemoryRegionVirtualTzramConfigurationData.GetAddress(), MemoryRegionPhysicalTzramConfigurationData.GetAddress(), MemoryRegionVirtualTzramConfigurationData.GetSize(), MappingAttributesEl3SecureRwData); /* Map the page tables. */ - SetL3BlockEntry(l3, util::AlignDown(MemoryRegionVirtualTzramL1PageTable.GetAddress(), PageSize), util::AlignDown(MemoryRegionPhysicalTzramL1PageTable.GetAddress(), PageSize), PageSize, MappingAttributesEl3SecureDevice); + SetL3BlockEntry(l3, util::AlignDown(MemoryRegionVirtualTzramL1PageTable.GetAddress(), PageSize), util::AlignDown(MemoryRegionPhysicalTzramL1PageTable.GetAddress(), PageSize), PageSize, MappingAttributesEl3SecureRwData); SetL3BlockEntry(l3, MemoryRegionVirtualTzramL2L3PageTable.GetAddress(), MemoryRegionPhysicalTzramL2L3PageTable.GetAddress(), MemoryRegionVirtualTzramL2L3PageTable.GetSize(), MappingAttributesEl3SecureRwData); } } diff --git a/exosphere2/program/source/secmon_error.cpp b/exosphere2/program/source/secmon_error.cpp index 68338212d..a9e6181c5 100644 --- a/exosphere2/program/source/secmon_error.cpp +++ b/exosphere2/program/source/secmon_error.cpp @@ -19,6 +19,26 @@ namespace ams::diag { void AbortImpl() { + /* TODO: This is here for debugging. Remove this when exo2 is working. */ +#if 1 + { + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x00) = 0xDDDDDDDD; + + u64 temp_reg; + __asm__ __volatile__("mov %0, lr" : "=r"(temp_reg) :: "memory"); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x10) = static_cast(temp_reg >> 0); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x14) = static_cast(temp_reg >> 32); + + + __asm__ __volatile__("mov %0, sp" : "=r"(temp_reg) :: "memory"); + for (int i = 0; i < 0x100; i += 4) { + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x20 + i) = *(volatile u32 *)(temp_reg + i); + } + *(volatile u32 *)(secmon::MemoryRegionVirtualDevicePmc.GetAddress() + 0x50) = 0x02; + *(volatile u32 *)(secmon::MemoryRegionVirtualDevicePmc.GetAddress() + 0x00) = 0x10; + } +#endif + secmon::SetError(pkg1::ErrorInfo_UnknownAbort); secmon::ErrorReboot(); } @@ -36,6 +56,42 @@ namespace ams::secmon { } NORETURN void ErrorReboot() { + /* TODO: This is here for debugging. Remove this when exo2 is working. */ +#if 1 + { + u64 temp_reg; + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x00) = 0x5A5A5A5A; + + __asm__ __volatile__("mrs %0, esr_el3" : "=r"(temp_reg) :: "memory"); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x08) = static_cast(temp_reg >> 0); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x0C) = static_cast(temp_reg >> 32); + + __asm__ __volatile__("mrs %0, elr_el3" : "=r"(temp_reg) :: "memory"); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x18) = static_cast(temp_reg >> 0); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x1C) = static_cast(temp_reg >> 32); + + __asm__ __volatile__("mrs %0, far_el3" : "=r"(temp_reg) :: "memory"); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x18) = static_cast(temp_reg >> 0); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x1C) = static_cast(temp_reg >> 32); + + __asm__ __volatile__("mov %0, lr" : "=r"(temp_reg) :: "memory"); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x20) = static_cast(temp_reg >> 0); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x24) = static_cast(temp_reg >> 32); + + __asm__ __volatile__("mov %0, sp" : "=r"(temp_reg) :: "memory"); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x30) = static_cast(temp_reg >> 0); + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x34) = static_cast(temp_reg >> 32); + + for (int i = 0; i < 0x100; i += 4) { + *(volatile u32 *)(secmon::MemoryRegionVirtualDebug.GetAddress() + 0x40 + i) = *(volatile u32 *)(temp_reg + i); + } + *(volatile u32 *)(secmon::MemoryRegionVirtualDevicePmc.GetAddress() + 0x50) = 0x02; + *(volatile u32 *)(secmon::MemoryRegionVirtualDevicePmc.GetAddress() + 0x00) = 0x10; + + util::WaitMicroSeconds(1000); + } +#endif + /* Lockout the security engine. */ se::Lockout(); diff --git a/exosphere2/program/source/secmon_map.cpp b/exosphere2/program/source/secmon_map.cpp index 229bd121b..f3bd02792 100644 --- a/exosphere2/program/source/secmon_map.cpp +++ b/exosphere2/program/source/secmon_map.cpp @@ -21,6 +21,9 @@ namespace ams::secmon { namespace { + constexpr inline const uintptr_t BootCodeAddress = MemoryRegionVirtualTzramBootCode.GetAddress(); + constexpr inline const size_t BootCodeSize = MemoryRegionVirtualTzramBootCode.GetSize(); + using namespace ams::mmu; constexpr void UnmapBootCodeImpl(u64 *l1, u64 *l2, u64 *l3, uintptr_t boot_code, size_t boot_code_size) { @@ -39,6 +42,20 @@ namespace ams::secmon { InvalidateL1Entries(l1, MemoryRegionPhysical.GetAddress(), MemoryRegionPhysical.GetSize()); } + void ClearLow(uintptr_t address, size_t size) { + /* Clear the low part. */ + util::ClearMemory(reinterpret_cast(address), size / 2); + } + + void ClearHigh(uintptr_t address, size_t size) { + /* Clear the high part. */ + util::ClearMemory(reinterpret_cast(address + size / 2), size / 2); + } + + } + + void ClearBootCodeHigh() { + ClearHigh(BootCodeAddress, BootCodeSize); } void UnmapBootCode() { @@ -46,15 +63,11 @@ namespace ams::secmon { u64 * const l1 = MemoryRegionVirtualTzramL1PageTable.GetPointer(); u64 * const l2_l3 = MemoryRegionVirtualTzramL2L3PageTable.GetPointer(); - /* Get the boot code region. */ - const uintptr_t boot_code = MemoryRegionVirtualTzramBootCode.GetAddress(); - const size_t boot_code_size = MemoryRegionVirtualTzramBootCode.GetSize(); - - /* Clear the boot code. */ - util::ClearMemory(reinterpret_cast(boot_code), boot_code_size); + /* Clear the low boot code region; high was already cleared by a previous call. */ + ClearLow(BootCodeAddress, BootCodeSize); /* Unmap. */ - UnmapBootCodeImpl(l1, l2_l3, l2_l3, boot_code, boot_code_size); + UnmapBootCodeImpl(l1, l2_l3, l2_l3, BootCodeAddress, BootCodeSize); /* Ensure the mappings are consistent. */ secmon::EnsureMappingConsistency(); diff --git a/exosphere2/program/source/secmon_setup.cpp b/exosphere2/program/source/secmon_setup.cpp index f6fc4a84f..833e98b9a 100644 --- a/exosphere2/program/source/secmon_setup.cpp +++ b/exosphere2/program/source/secmon_setup.cpp @@ -52,7 +52,7 @@ namespace ams::secmon { constinit const se::StickyBits ExpectedSeStickyBits = { .se_security = (1 << 0), /* SE_HARD_SETTING */ .tzram_security = 0, - .crypto_security_perkey = 0, + .crypto_security_perkey = (1 << pkg1::AesKeySlot_UserEnd) - 1, .crypto_keytable_access = { (1 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 0: User keyslot. KEYUSE, UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. UIVREAD, OIVREAD, KEYREAD disabled. */ (1 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 1: User keyslot. KEYUSE, UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. UIVREAD, OIVREAD, KEYREAD disabled. */ @@ -60,15 +60,15 @@ namespace ams::secmon { (1 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 3: User keyslot. KEYUSE, UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. UIVREAD, OIVREAD, KEYREAD disabled. */ (1 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 4: User keyslot. KEYUSE, UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. UIVREAD, OIVREAD, KEYREAD disabled. */ (1 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 5: User keyslot. KEYUSE, UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. UIVREAD, OIVREAD, KEYREAD disabled. */ - (0 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 6: Unused keyslot. UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. KEYUSE, UIVREAD, OIVREAD, KEYREAD disabled. */ - (0 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 7: Unused keyslot. UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. KEYUSE, UIVREAD, OIVREAD, KEYREAD disabled. */ + (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 6: Unused keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ + (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 7: Unused keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ (0 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 8: Temp keyslot. UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. KEYUSE, UIVREAD, OIVREAD, KEYREAD disabled. */ (0 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 9: SmcTemp keyslot. UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. KEYUSE, UIVREAD, OIVREAD, KEYREAD disabled. */ (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 10: Wrap1 keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 11: Wrap2 keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 12: DMaster keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 13: Master keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ - (0 << 6) | (1 << 5) | (0 << 4) | (1 << 3) | (0 << 2) | (1 << 1) | (0 << 0), /* 14: Unused keyslot. UIVUPDATE, OIVUPDATE, KEYUPDATE enabled. KEYUSE, UIVREAD, OIVREAD, KEYREAD disabled. */ + (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 14: Unused keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ (0 << 6) | (0 << 5) | (0 << 4) | (0 << 3) | (0 << 2) | (0 << 1) | (0 << 0), /* 13: Device keyslot. KEYUSE, UIVUPDATE, UIVREAD, OIVUPDATE, OIVREAD, KEYUPDATE, KEYREAD disabled. */ }, .rsa_security_perkey = 0, diff --git a/exosphere2/program/source/secmon_start_virtual.s b/exosphere2/program/source/secmon_start_virtual.s index 1356f94ab..0727929ac 100644 --- a/exosphere2/program/source/secmon_start_virtual.s +++ b/exosphere2/program/source/secmon_start_virtual.s @@ -24,7 +24,7 @@ _ZN3ams6secmon5StartEv: mov sp, x20 /* Set SPSEL 0 stack pointer to a temporary location in volatile memory. */ - msr spsel, #1 + msr spsel, #0 ldr x20, =0x1F01C0800 mov sp, x20 @@ -34,17 +34,20 @@ _ZN3ams6secmon5StartEv: /* Invoke main. */ bl _ZN3ams6secmon4MainEv + /* Clear boot code high. */ + bl _ZN3ams6secmon17ClearBootCodeHighEv + /* Set the stack pointer to the core 3 exception stack address. */ ldr x20, =0x1F01F9000 mov sp, x20 + /* Unmap the boot code region (and clear the low part). */ + bl _ZN3ams6secmon13UnmapBootCodeEv + /* Initialize the random cache. */ /* NOTE: Nintendo does this much earlier, but we reuse volatile space. */ bl _ZN3ams6secmon3smc15FillRandomCacheEv - /* Unmap the boot code region. */ - bl _ZN3ams6secmon13UnmapBootCodeEv - /* Jump to lower exception level. */ b _ZN3ams6secmon25JumpToLowerExceptionLevelEv @@ -169,7 +172,6 @@ _ZN3ams6secmon25ReleaseCommonSmcStackLockEv: /* Return. */ ret - ret .section .text._ZN3ams6secmon26ReleaseCommonWarmbootStackEv, "ax", %progbits .align 4 diff --git a/exosphere2/program/source/smc/secmon_smc_handler.cpp b/exosphere2/program/source/smc/secmon_smc_handler.cpp index 75bfa4357..346af6f3d 100644 --- a/exosphere2/program/source/smc/secmon_smc_handler.cpp +++ b/exosphere2/program/source/smc/secmon_smc_handler.cpp @@ -228,6 +228,21 @@ namespace ams::secmon::smc { /* Set the invocation result. */ args.r[0] = static_cast(InvokeSmcHandler(info, args)); + +/* TODO: For debugging. Remove this when exo2 is complete. */ +#if 1 + if (args.r[0] == static_cast(SmcResult::NotImplemented)) { + *(volatile u32 *)(MemoryRegionVirtualDebug.GetAddress()) = 0xBBBBBBBB; + *(volatile u32 *)(MemoryRegionVirtualDebug.GetAddress() + 0x10) = static_cast(info.function_id); + for (size_t i = 0; i < sizeof(args) / sizeof(u32); ++i) { + ((volatile u32 *)(MemoryRegionVirtualDebug.GetAddress() + 0x20))[i] = reinterpret_cast(std::addressof(args))[i]; + } + *(volatile u32 *)(MemoryRegionVirtualDevicePmc.GetAddress() + 0x50) = 0x02; + *(volatile u32 *)(MemoryRegionVirtualDevicePmc.GetAddress() + 0x00) = 0x10; + + util::WaitMicroSeconds(1000); + } +#endif } } diff --git a/libraries/libexosphere/include/exosphere/mmu/mmu_api.arch.arm64.hpp b/libraries/libexosphere/include/exosphere/mmu/mmu_api.arch.arm64.hpp index ada818af0..07fea9c43 100644 --- a/libraries/libexosphere/include/exosphere/mmu/mmu_api.arch.arm64.hpp +++ b/libraries/libexosphere/include/exosphere/mmu/mmu_api.arch.arm64.hpp @@ -201,22 +201,29 @@ namespace ams::mmu::arch::arm64 { return ((address >> L3EntryShift) & TableEntryIndexMask); } - constexpr ALWAYS_INLINE void SetTableImpl(u64 *table, u64 index, u64 value) { - /* Ensure (for constexpr validation purposes) that the entry we set is clear. */ - if (table[index]) { - __builtin_unreachable(); - } - - /* Set the value. */ + constexpr ALWAYS_INLINE void SetTableEntryImpl(volatile u64 *table, u64 index, u64 value) { + /* Write the value. */ table[index] = value; } + constexpr ALWAYS_INLINE void SetTableEntry(u64 *table, u64 index, u64 value) { + /* Ensure (for constexpr validation purposes) that the entry we set is clear. */ + if (std::is_constant_evaluated()) { + if (table[index]) { + __builtin_unreachable(); + } + } + + /* Set the value. */ + SetTableEntryImpl(table, index, value); + } + constexpr void SetL1TableEntry(u64 *table, uintptr_t virt_addr, uintptr_t phys_addr, PageTableTableAttribute attr) { - SetTableImpl(table, GetL1EntryIndex(virt_addr), MakeTableEntry(phys_addr & TableEntryMask, attr)); + SetTableEntry(table, GetL1EntryIndex(virt_addr), MakeTableEntry(phys_addr & TableEntryMask, attr)); } constexpr void SetL2TableEntry(u64 *table, uintptr_t virt_addr, uintptr_t phys_addr, PageTableTableAttribute attr) { - SetTableImpl(table, GetL2EntryIndex(virt_addr), MakeTableEntry(phys_addr & TableEntryMask, attr)); + SetTableEntry(table, GetL2EntryIndex(virt_addr), MakeTableEntry(phys_addr & TableEntryMask, attr)); } constexpr void SetL1BlockEntry(u64 *table, uintptr_t virt_addr, uintptr_t phys_addr, size_t size, PageTableMappingAttribute attr) { @@ -224,7 +231,7 @@ namespace ams::mmu::arch::arm64 { const u64 count = (size >> L1EntryShift); for (u64 i = 0; i < count; ++i) { - SetTableImpl(table, start + i, MakeL1BlockEntry((phys_addr & L1EntryMask) + (i << L1EntryShift), attr)); + SetTableEntry(table, start + i, MakeL1BlockEntry((phys_addr & L1EntryMask) + (i << L1EntryShift), attr)); } } @@ -233,7 +240,7 @@ namespace ams::mmu::arch::arm64 { const u64 count = (size >> L2EntryShift); for (u64 i = 0; i < count; ++i) { - SetTableImpl(table, start + i, MakeL2BlockEntry((phys_addr & L2EntryMask) + (i << L2EntryShift), attr)); + SetTableEntry(table, start + i, MakeL2BlockEntry((phys_addr & L2EntryMask) + (i << L2EntryShift), attr)); } } @@ -242,11 +249,11 @@ namespace ams::mmu::arch::arm64 { const u64 count = (size >> L3EntryShift); for (u64 i = 0; i < count; ++i) { - SetTableImpl(table, start + i, MakeL3BlockEntry((phys_addr & L3EntryMask) + (i << L3EntryShift), attr)); + SetTableEntry(table, start + i, MakeL3BlockEntry((phys_addr & L3EntryMask) + (i << L3EntryShift), attr)); } } - constexpr void InvalidateL1Entries(u64 *table, uintptr_t virt_addr, size_t size) { + constexpr void InvalidateL1Entries(volatile u64 *table, uintptr_t virt_addr, size_t size) { const u64 start = GetL1EntryIndex(virt_addr); const u64 count = (size >> L1EntryShift); const u64 end = start + count; @@ -256,7 +263,7 @@ namespace ams::mmu::arch::arm64 { } } - constexpr void InvalidateL2Entries(u64 *table, uintptr_t virt_addr, size_t size) { + constexpr void InvalidateL2Entries(volatile u64 *table, uintptr_t virt_addr, size_t size) { const u64 start = GetL2EntryIndex(virt_addr); const u64 count = (size >> L2EntryShift); const u64 end = start + count; @@ -266,7 +273,7 @@ namespace ams::mmu::arch::arm64 { } } - constexpr void InvalidateL3Entries(u64 *table, uintptr_t virt_addr, size_t size) { + constexpr void InvalidateL3Entries(volatile u64 *table, uintptr_t virt_addr, size_t size) { const u64 start = GetL3EntryIndex(virt_addr); const u64 count = (size >> L3EntryShift); const u64 end = start + count; diff --git a/libraries/libexosphere/include/exosphere/secmon/secmon_configuration_context.arch.arm64.hpp b/libraries/libexosphere/include/exosphere/secmon/secmon_configuration_context.arch.arm64.hpp index bf8515650..5b2c5bdcb 100644 --- a/libraries/libexosphere/include/exosphere/secmon/secmon_configuration_context.arch.arm64.hpp +++ b/libraries/libexosphere/include/exosphere/secmon/secmon_configuration_context.arch.arm64.hpp @@ -30,17 +30,17 @@ namespace ams::secmon { EmummcConfiguration emummc_cfg; u8 _raw_emummc_config[0x120]; }; - union { - u8 _misc_data[0x400 - sizeof(_raw_exosphere_config) - sizeof(_raw_emummc_config)]; - }; u8 sealed_device_keys[pkg1::KeyGeneration_Max][se::AesBlockSize]; u8 sealed_master_keys[pkg1::KeyGeneration_Max][se::AesBlockSize]; pkg1::BootConfig boot_config; u8 rsa_private_exponents[4][se::RsaSize]; + union { + u8 _misc_data[0xFC0 - sizeof(_raw_exosphere_config) - sizeof(_raw_emummc_config) - sizeof(sealed_device_keys) - sizeof(sealed_master_keys) - sizeof(boot_config) - sizeof(rsa_private_exponents)]; + }; + /* u8 l1_page_table[0x40]; */ }; - static_assert(sizeof(ConfigurationContext) == 0x1000); + static_assert(sizeof(ConfigurationContext) == 0xFC0); static_assert(util::is_pod::value); - static_assert(offsetof(ConfigurationContext, sealed_device_keys) == 0x400); namespace impl { diff --git a/libraries/libexosphere/source/se/se_execute.cpp b/libraries/libexosphere/source/se/se_execute.cpp index dbe3cbcc7..35b18fcda 100644 --- a/libraries/libexosphere/source/se/se_execute.cpp +++ b/libraries/libexosphere/source/se/se_execute.cpp @@ -101,14 +101,14 @@ namespace ams::se { void ExecuteOperationSingleBlock(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size) { /* Validate sizes. */ AMS_ABORT_UNLESS(dst_size <= AesBlockSize); - AMS_ABORT_UNLESS(src_size == AesBlockSize); + AMS_ABORT_UNLESS(src_size <= AesBlockSize); /* Set the block count to 1. */ reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0); /* Create an aligned buffer. */ util::AlignedBuffer aligned; - std::memcpy(aligned, src, AesBlockSize); + std::memcpy(aligned, src, src_size); hw::FlushDataCache(aligned, AesBlockSize); hw::DataSynchronizationBarrierInnerShareable(); diff --git a/libraries/libexosphere/source/se/se_management.cpp b/libraries/libexosphere/source/se/se_management.cpp index de845c2f0..8c145fd59 100644 --- a/libraries/libexosphere/source/se/se_management.cpp +++ b/libraries/libexosphere/source/se/se_management.cpp @@ -62,12 +62,6 @@ namespace ams::se { void SetPerKeySecure() { auto *SE = GetRegisters(); - /* Clear AES PerKey security. */ - SE->SE_CRYPTO_SECURITY_PERKEY = 0; - - /* Clear RSA PerKey security. */ - SE->SE_RSA_SECURITY_PERKEY = 0; - /* Update PERKEY_SETTING to secure. */ reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_PERKEY_SETTING, SECURE)); } diff --git a/libraries/libexosphere/source/se/se_suspend.cpp b/libraries/libexosphere/source/se/se_suspend.cpp index 03473deb4..ca5134a35 100644 --- a/libraries/libexosphere/source/se/se_suspend.cpp +++ b/libraries/libexosphere/source/se/se_suspend.cpp @@ -44,8 +44,8 @@ namespace ams::se { if (!TestRegister(SE->SE_CRYPTO_KEYTABLE_ACCESS[i], bits.crypto_keytable_access[i])) { return false; } } - /* Test RSA_SCEURITY_PERKEY */ - if (!TestRegister(SE->SE_CRYPTO_SECURITY_PERKEY, bits.rsa_security_perkey)) { return false; } + /* Test RSA_SECURITY_PERKEY */ + if (!TestRegister(SE->SE_RSA_SECURITY_PERKEY, bits.rsa_security_perkey)) { return false; } /* Check RSA_KEYTABLE_ACCESS. */ for (int i = 0; i < RsaKeySlotCount; ++i) {