fusee/exo: BYOK support for 6.2.0. Proper support TODO.

2025-05-23 03:06:52 -04:00 · 2018-11-25 22:37:24 -08:00 · 2018-11-25 22:37:24 -08:00 · 767a4b3606
commit 767a4b3606
parent a71d98d78b
13 changed files with 343 additions and 63 deletions
--- a/exosphere/src/package2.c
+++ b/exosphere/src/package2.c
@ -144,7 +144,7 @@ static void setup_se(void) {
        decrypt_data_into_keyslot(KEYSLOT_SWITCH_6XTSECROOTKEY, KEYSLOT_SWITCH_6XTSECROOTKEY, new_master_kek_sources[0], 0x10);
        decrypt_data_into_keyslot(KEYSLOT_SWITCH_MASTERKEY, KEYSLOT_SWITCH_6XTSECROOTKEY, masterkey_seed, 0x10);
        decrypt_data_into_keyslot(KEYSLOT_SWITCH_5XNEWDEVICEKEYGENKEY, KEYSLOT_SWITCH_6XTSECROOTKEY, devicekek_4x_seed, 0x10);
-        clear_aes_keyslot(KEYSLOT_SWITCH_6XTSECROOTKEY);
+        clear_aes_keyslot(KEYSLOT_SWITCH_6XTSECROOTKEY);  
    }

    /* Detect Master Key revision. */
@ -346,7 +346,7 @@ static bool validate_package2_metadata(package2_meta_t *metadata) {

    /* Perform version checks. */
    /* We will be compatible with all package2s released before current, but not newer ones. */
-    if (metadata->version_max >= PACKAGE2_MINVER_THEORETICAL && metadata->version_min < PACKAGE2_MAXVER_600_CURRENT) {
+    if (metadata->version_max >= PACKAGE2_MINVER_THEORETICAL && metadata->version_min < PACKAGE2_MAXVER_620_CURRENT) {
        return true;
    }

@ -466,6 +466,7 @@ static void copy_warmboot_bin_to_dram() {
            warmboot_src = (uint8_t *)0x4003B000;
            break;
        case EXOSPHERE_TARGET_FIRMWARE_600:
+        case EXOSPHERE_TARGET_FIRMWARE_620:
            warmboot_src = (uint8_t *)0x4003D800;
            break;
    }
--- a/exosphere/src/package2.h
+++ b/exosphere/src/package2.h
@ -67,7 +67,8 @@ static inline uintptr_t get_nx_bootloader_mailbox_base(void) {
 #define PACKAGE2_MAXVER_302 0x5
 #define PACKAGE2_MAXVER_400_410 0x6
 #define PACKAGE2_MAXVER_500_510 0x7
-#define PACKAGE2_MAXVER_600_CURRENT 0x8
+#define PACKAGE2_MAXVER_600_610 0x8
+#define PACKAGE2_MAXVER_620_CURRENT 0x9

 #define PACKAGE2_MINVER_100 0x3
 #define PACKAGE2_MINVER_200 0x4
@ -75,7 +76,8 @@ static inline uintptr_t get_nx_bootloader_mailbox_base(void) {
 #define PACKAGE2_MINVER_302 0x6
 #define PACKAGE2_MINVER_400_410 0x7
 #define PACKAGE2_MINVER_500_510 0x8
-#define PACKAGE2_MINVER_600_CURRENT 0x9
+#define PACKAGE2_MINVER_600_610 0x9
+#define PACKAGE2_MINVER_620_CURRENT 0xA

 typedef struct {
    union {
--- a/exosphere/src/smc_api.c
+++ b/exosphere/src/smc_api.c
@ -159,6 +159,7 @@ void set_version_specific_smcs(void) {
            break;
        case EXOSPHERE_TARGET_FIRMWARE_500:
        case EXOSPHERE_TARGET_FIRMWARE_600:
+        case EXOSPHERE_TARGET_FIRMWARE_620:
            /* No more LoadSecureExpModKey. */
            g_smc_user_table[0xE].handler = NULL;
            g_smc_user_table[0xC].id = 0xC300D60C;
--- a/exosphere/src/smc_user.c
+++ b/exosphere/src/smc_user.c
@ -49,6 +49,7 @@ static bool is_user_keyslot_valid(unsigned int keyslot) {
        case EXOSPHERE_TARGET_FIRMWARE_500:
            return keyslot <= 3;
        case EXOSPHERE_TARGET_FIRMWARE_600:
+        case EXOSPHERE_TARGET_FIRMWARE_620:
        default:
            return keyslot <= 5;
    }
@ -166,7 +167,7 @@ uint32_t user_generate_aes_kek(smc_args_t *args) {
    /* 5.0.0+ Bounds checking. */
    if (exosphere_get_target_firmware() >= EXOSPHERE_TARGET_FIRMWARE_500) {
        if (is_personalized) {
-            if (master_key_rev > MASTERKEY_REVISION_MAX || (MASTERKEY_REVISION_300 <= master_key_rev + 1 && master_key_rev + 1 < MASTERKEY_REVISION_400_410)) {
+            if (master_key_rev >= MASTERKEY_REVISION_MAX || (MASTERKEY_REVISION_300 <= master_key_rev && master_key_rev < MASTERKEY_REVISION_400_410)) {
                return 2;
            }
            if (mask_id > 3 || usecase >= CRYPTOUSECASE_MAX_5X) {