mirror of
https://github.com/Atmosphere-NX/Atmosphere.git
synced 2024-11-30 15:52:15 +00:00
189 lines
8.3 KiB
C++
189 lines
8.3 KiB
C++
/*
|
|
* Copyright (c) 2018-2020 Atmosphère-NX
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms and conditions of the GNU General Public License,
|
|
* version 2, as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
* more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
#include <exosphere.hpp>
|
|
#include "secmon_boot.hpp"
|
|
#include "secmon_boot_functions.hpp"
|
|
#include "../smc/secmon_random_cache.hpp"
|
|
#include "../smc/secmon_smc_handler.hpp"
|
|
#include "../secmon_cache.hpp"
|
|
#include "../secmon_cpu_context.hpp"
|
|
#include "../secmon_misc.hpp"
|
|
#include "../secmon_setup.hpp"
|
|
|
|
namespace ams::secmon {
|
|
|
|
namespace {
|
|
|
|
constexpr inline const uintptr_t Package2LoadAddress = MemoryRegionDramPackage2Payloads.GetAddress();
|
|
|
|
}
|
|
|
|
void Main() {
|
|
/* Set library register addresses. */
|
|
actmon::SetRegisterAddress(MemoryRegionVirtualDeviceActivityMonitor.GetAddress());
|
|
clkrst::SetRegisterAddress(MemoryRegionVirtualDeviceClkRst.GetAddress());
|
|
flow::SetRegisterAddress(MemoryRegionVirtualDeviceFlowController.GetAddress());
|
|
fuse::SetRegisterAddress(MemoryRegionVirtualDeviceFuses.GetAddress());
|
|
gic::SetRegisterAddress(MemoryRegionVirtualDeviceGicDistributor.GetAddress(), MemoryRegionVirtualDeviceGicCpuInterface.GetAddress());
|
|
i2c::SetRegisterAddress(i2c::Port_1, MemoryRegionVirtualDeviceI2c1.GetAddress());
|
|
i2c::SetRegisterAddress(i2c::Port_5, MemoryRegionVirtualDeviceI2c5.GetAddress());
|
|
pinmux::SetRegisterAddress(MemoryRegionVirtualDeviceApbMisc.GetAddress(), MemoryRegionVirtualDeviceGpio.GetAddress());
|
|
pmc::SetRegisterAddress(MemoryRegionVirtualDevicePmc.GetAddress());
|
|
se::SetRegisterAddress(MemoryRegionVirtualDeviceSecurityEngine.GetAddress(), MemoryRegionVirtualDeviceSecurityEngine2.GetAddress());
|
|
uart::SetRegisterAddress(MemoryRegionVirtualDeviceUart.GetAddress());
|
|
wdt::SetRegisterAddress(MemoryRegionVirtualDeviceTimer.GetAddress());
|
|
util::SetRegisterAddress(MemoryRegionVirtualDeviceTimer.GetAddress());
|
|
|
|
/* Get the secure monitor parameters. */
|
|
auto &secmon_params = *reinterpret_cast<pkg1::SecureMonitorParameters *>(MemoryRegionVirtualDeviceBootloaderParams.GetAddress());
|
|
|
|
/* Perform initialization. */
|
|
{
|
|
/* Perform initial setup. */
|
|
/* This checks the security engine's validity, and configures common interrupts in the GIC. */
|
|
/* This also initializes the global configuration context. */
|
|
secmon::Setup1();
|
|
|
|
/* Save the boot info. */
|
|
secmon::SaveBootInfo(secmon_params);
|
|
|
|
/* Perform cold-boot specific init. */
|
|
secmon::boot::InitializeColdBoot();
|
|
|
|
/* Setup the SoC security measures. */
|
|
secmon::SetupSocSecurity();
|
|
|
|
/* Setup the Cpu core context. */
|
|
secmon::SetupCpuCoreContext();
|
|
|
|
/* Clear the crt0 code that was present in iram. */
|
|
secmon::boot::ClearIram();
|
|
|
|
/* Alert the bootloader that we're initialized. */
|
|
secmon_params.secmon_state = pkg1::SecureMonitorState_Initialized;
|
|
}
|
|
|
|
/* Wait for NX Bootloader to finish loading the BootConfig. */
|
|
secmon::boot::WaitForNxBootloader(secmon_params, pkg1::BootloaderState_LoadedBootConfig);
|
|
hw::DataSynchronizationBarrierInnerShareable();
|
|
|
|
/* Load the bootconfig. */
|
|
secmon::boot::LoadBootConfig(MemoryRegionPhysicalIramBootConfig.GetPointer());
|
|
|
|
/* Verify or clear the boot config. */
|
|
secmon::boot::VerifyOrClearBootConfig();
|
|
|
|
/* Get the boot config. */
|
|
const auto &bc = secmon::GetBootConfig();
|
|
|
|
/* Set the tsc value by the boot config. */
|
|
{
|
|
constexpr u64 TscMask = (static_cast<u64>(1) << 55) - 1;
|
|
|
|
secmon::boot::EnableTsc(bc.data.GetInitialTscValue() & TscMask);
|
|
}
|
|
|
|
/* Wait for NX Bootloader to initialize DRAM. */
|
|
secmon::boot::WaitForNxBootloader(secmon_params, pkg1::BootloaderState_InitializedDram);
|
|
|
|
/* Secure the PMC and MC. */
|
|
secmon::SetupPmcAndMcSecure();
|
|
|
|
/* Copy warmboot to dram. */
|
|
{
|
|
/* Define warmboot extents. */
|
|
const void * const src = MemoryRegionPhysicalIramWarmbootBin.GetPointer();
|
|
void * const dst = MemoryRegionVirtualDramSecureDataStoreWarmbootFirmware.GetPointer();
|
|
const size_t size = MemoryRegionPhysicalIramWarmbootBin.GetSize();
|
|
|
|
/* Ensure we copy the correct data. */
|
|
hw::FlushDataCache(src, size);
|
|
hw::DataSynchronizationBarrierInnerShareable();
|
|
|
|
/* Copy warmboot.bin to its secure dram location. */
|
|
std::memcpy(dst, src, size);
|
|
}
|
|
|
|
/* Unmap the identity mapping. */
|
|
secmon::boot::UnmapPhysicalIdentityMapping();
|
|
|
|
/* Setup the GPU carveout's magic numbers. */
|
|
secmon::boot::WriteGpuCarveoutMagicNumbers();
|
|
|
|
/* Wait for NX bootloader to load Package2. */
|
|
secmon::boot::WaitForNxBootloader(secmon_params, pkg1::BootloaderState_LoadedPackage2);
|
|
|
|
/* Parse and decrypt the package2 header. */
|
|
pkg2::Package2Meta &pkg2_meta = secmon::boot::GetEphemeralPackage2Meta();
|
|
const uintptr_t pkg2_payloads_start = MemoryRegionDramPackage2.GetAddress() + sizeof(pkg2::Package2Header);
|
|
{
|
|
/* Read the encrypred header. */
|
|
pkg2::Package2Header encrypted_header;
|
|
|
|
const auto *dram_header = MemoryRegionDramPackage2.GetPointer<pkg2::Package2Header>();
|
|
hw::FlushDataCache(dram_header, sizeof(*dram_header));
|
|
hw::DataSynchronizationBarrierInnerShareable();
|
|
|
|
std::memcpy(std::addressof(encrypted_header), dram_header, sizeof(encrypted_header));
|
|
|
|
/* Atmosphere extension: support plaintext package2, identified by all-zeroes signature and decrypted header. */
|
|
secmon::boot::UpdateBootConfigForPackage2Header(encrypted_header);
|
|
|
|
/* Verify the package2 header's signature. */
|
|
secmon::boot::VerifyPackage2HeaderSignature(encrypted_header, !bc.signed_data.IsPackage2SignatureVerificationDisabled());
|
|
|
|
/* Decrypt the package2 header. */
|
|
secmon::boot::DecryptPackage2Header(std::addressof(pkg2_meta), encrypted_header.meta, !bc.signed_data.IsPackage2EncryptionDisabled());
|
|
}
|
|
|
|
/* Verify the package2 header. */
|
|
secmon::boot::VerifyPackage2Header(pkg2_meta);
|
|
|
|
/* Save the package2 hash if in recovery boot. */
|
|
if (secmon::IsRecoveryBoot()) {
|
|
se::Sha256Hash hash;
|
|
secmon::boot::CalculatePackage2Hash(std::addressof(hash), pkg2_meta, MemoryRegionDramPackage2.GetAddress());
|
|
secmon::SetPackage2Hash(hash);
|
|
}
|
|
|
|
/* Verify the package2 payloads. */
|
|
secmon::boot::CheckVerifyResult(secmon::boot::VerifyPackage2Payloads(pkg2_meta, pkg2_payloads_start), pkg1::ErrorInfo_InvalidPackage2Payload, "package2 payload verification failed");
|
|
|
|
/* Decrypt/Move the package2 payloads to the right places. */
|
|
secmon::boot::DecryptAndLoadPackage2Payloads(Package2LoadAddress, pkg2_meta, pkg2_payloads_start, !bc.signed_data.IsPackage2EncryptionDisabled());
|
|
|
|
/* Ensure that the CPU sees correct package2 data. */
|
|
secmon::FlushEntireDataCache();
|
|
secmon::EnsureInstructionConsistency();
|
|
|
|
/* Set the core's entrypoint and argument. */
|
|
secmon::SetEntryContext(0, Package2LoadAddress + pkg2_meta.entrypoint, 0);
|
|
|
|
/* Unmap DRAM. */
|
|
secmon::boot::UnmapDram();
|
|
|
|
/* Wait for NX bootloader to be done. */
|
|
secmon::boot::WaitForNxBootloader(secmon_params, pkg1::BootloaderState_Done);
|
|
|
|
/* Perform final initialization. */
|
|
secmon::SetupSocProtections();
|
|
secmon::SetupCpuSErrorDebug();
|
|
|
|
/* Configure the smc handler tables to reflect the current target firmware. */
|
|
secmon::smc::ConfigureSmcHandlersForTargetFirmware();
|
|
}
|
|
|
|
}
|