exo: add logging to boot under debug config

exosphere/program/program.ld

@@ -116,21 +116,24 @@ SECTIONS
     {
         KEEP(secmon_main.o(.text*))
         KEEP(secmon_boot_functions.o(.text*))
-        KEEP (secmon_boot_cache.o(.text*))
+        KEEP(secmon_boot_cache.o(.text*))
         KEEP(secmon_boot_config.o(.text*))
         KEEP(secmon_boot_setup.o(.text*))
+        KEEP(secmon_boot_rsa.o(.text*))
         KEEP(secmon_package2.o(.text*))
         secmon_main.o(.rodata*)
         secmon_boot_functions.o(.rodata*)
         secmon_boot_cache.o(.rodata*)
         secmon_boot_config.o(.rodata*)
         secmon_boot_setup.o(.rodata*)
+        secmon_boot_rsa.o(.rodata*)
         secmon_package2.o(.rodata*)
         secmon_main.o(.data*)
         secmon_boot_functions.o(.data*)
         secmon_boot_cache.o(.data*)
         secmon_boot_config.o(.data*)
         secmon_boot_setup.o(.data*)
+        secmon_boot_rsa.o(.data*)
         secmon_package2.o(.data*)
         . = ALIGN(8);
     } >tzram_boot AT>glob
@@ -143,6 +146,7 @@ SECTIONS
         secmon_boot_cache.o(.bss* COMMON)
         secmon_boot_config.o(.bss* COMMON)
         secmon_boot_setup.o(.bss* COMMON)
+        secmon_boot_rsa.o(.bss* COMMON)
         secmon_package2.o(.bss* COMMON)
         __boot_bss_end__ = ABSOLUTE(.);
     } >tzram_boot AT>glob

exosphere/program/source/boot/secmon_boot_functions.cpp

@@ -157,7 +157,7 @@ namespace ams::secmon::boot {
         const u8 * const mod  = secmon::boot::GetPackage2RsaModulus(pkg1::IsProductionForPublicKey());
         const size_t mod_size = se::RsaSize;
         if (verify) {
-            CheckVerifyResult(secmon::boot::VerifyPackage2Signature(header, mod, mod_size), pkg1::ErrorInfo_InvalidPackage2Signature, "package2 header sign verification failed");
+            CheckVerifyResult(secmon::boot::VerifyPackage2Signature(header, mod, mod_size), pkg1::ErrorInfo_InvalidPackage2Signature, "pkg2 sign FAIL");
         }
     }
 
@@ -177,10 +177,10 @@ namespace ams::secmon::boot {
 
     void VerifyPackage2Header(const pkg2::Package2Meta &meta) {
         /* Validate the metadata. */
-        CheckVerifyResult(VerifyPackage2Meta(meta),    pkg1::ErrorInfo_InvalidPackage2Meta, "package2 meta verification failed");
+        CheckVerifyResult(VerifyPackage2Meta(meta),    pkg1::ErrorInfo_InvalidPackage2Meta, "pkg2 meta FAIL");
 
         /* Validate the version. */
-        CheckVerifyResult(VerifyPackage2Version(meta), pkg1::ErrorInfo_InvalidPackage2Version, "package2 version verification failed");
+        CheckVerifyResult(VerifyPackage2Version(meta), pkg1::ErrorInfo_InvalidPackage2Version, "pkg2 version FAIL");
     }
 
     void DecryptAndLoadPackage2Payloads(uintptr_t dst, const pkg2::Package2Meta &meta, uintptr_t src, bool encrypted) {
@@ -188,6 +188,8 @@ namespace ams::secmon::boot {
         const u8 key_generation = meta.GetKeyGeneration();
         /* Decrypt or load each payload in order. */
         for (int i = 0; i < pkg2::PayloadCount; ++i) {
+            AMS_SECMON_LOG("pkg2 payload[%d]: %09lx -> %09lx size=%08x\n", i, dst + meta.payload_offsets[i], src, meta.payload_sizes[i]);
+
             if (encrypted) {
                 DecryptPayload(dst + meta.payload_offsets[i], src, meta.payload_sizes[i], meta.payload_ivs[i], sizeof(meta.payload_ivs[i]), key_generation);
             } else {

exosphere/program/source/boot/secmon_boot_setup.cpp

@@ -179,7 +179,7 @@ namespace ams::secmon::boot {
         void DeriveAllMasterKeys(bool is_prod, u8 * const work_block) {
             /* Determine the generation. */
             const int generation = DetermineKeyGeneration(is_prod);
-            AMS_SECMON_LOG("Using Key Generation %02X\n", static_cast<unsigned int>(generation));
+            AMS_SECMON_LOG("KeyGen: %02X\n", static_cast<unsigned int>(generation));
 
             /* Set the global generation. */
             ::ams::secmon::impl::SetKeyGeneration(generation);

exosphere/program/source/boot/secmon_main.cpp

@@ -56,7 +56,7 @@ namespace ams::secmon {
             /* This checks the security engine's validity, and configures common interrupts in the GIC. */
             /* This also initializes the global configuration context. */
             secmon::Setup1();
-            AMS_SECMON_LOG("%s\n", "SecureMonitor boot begin.");
+            AMS_SECMON_LOG("%s\n", "Boot begin.");
 
             /* Save the boot info. */
             secmon::SaveBootInfo(secmon_params);
@@ -163,7 +163,7 @@ namespace ams::secmon {
         }
 
         /* Verify the package2 payloads. */
-        secmon::boot::CheckVerifyResult(secmon::boot::VerifyPackage2Payloads(pkg2_meta, pkg2_payloads_start), pkg1::ErrorInfo_InvalidPackage2Payload, "package2 payload verification failed");
+        secmon::boot::CheckVerifyResult(secmon::boot::VerifyPackage2Payloads(pkg2_meta, pkg2_payloads_start), pkg1::ErrorInfo_InvalidPackage2Payload, "pkg2 payload FAIL");
 
         /* Decrypt/Move the package2 payloads to the right places. */
         secmon::boot::DecryptAndLoadPackage2Payloads(Package2LoadAddress, pkg2_meta, pkg2_payloads_start, !bc.signed_data.IsPackage2EncryptionDisabled());
@@ -194,7 +194,7 @@ namespace ams::secmon {
         /* Configure the smc handler tables to reflect the current target firmware. */
         secmon::smc::ConfigureSmcHandlersForTargetFirmware();
 
-        AMS_SECMON_LOG("%s\n", "SecureMonitor boot end.");
+        AMS_SECMON_LOG("%s\n", "Boot end.");
     }
 
 }