sept-s: Implement key derivation

2025-06-02 07:39:49 -04:00 · 2019-02-20 11:31:36 -08:00 · 2019-02-20 11:31:36 -08:00 · f1068d6c3f
commit f1068d6c3f
parent fb2baa8c8d
4 changed files with 141 additions and 16 deletions
--- a/fusee/fusee-secondary/src/nxboot.c
+++ b/fusee/fusee-secondary/src/nxboot.c
@ -28,6 +28,7 @@
 #include "mc.h"
 #include "se.h"
 #include "pmc.h"
+#include "emc.h"
 #include "fuse.h"
 #include "i2c.h"
 #include "ips.h"
@ -308,6 +309,12 @@ static void nxboot_move_bootconfig() {
    free(bootconfig);
 }

+static bool get_and_clear_has_run_sept(void) {
+    bool has_run_sept = (MAKE_EMC_REG(EMC_SCRATCH0) & 0x80000000) != 0;
+    MAKE_EMC_REG(EMC_SCRATCH0) &= ~0x80000000;
+    return has_run_sept;
+}
+
 /* This is the main function responsible for booting Horizon. */
 static nx_keyblob_t __attribute__((aligned(16))) g_keyblobs[32];
 uint32_t nxboot_main(void) {
@ -411,11 +418,6 @@ uint32_t nxboot_main(void) {
            tsec_fw_size = 0xF00;
        }
    }
-    
-    if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_700) {
-        /* TODO: Detect when we have been loaded by sept-secondary, and thus have keys provided for us. */
-        reboot_to_sept(tsec_fw, tsec_fw_size, sept_secondary_enc, sept_secondary_enc_size);
-    }

    print(SCREEN_LOG_LEVEL_MANDATORY, "[NXBOOT]: Loaded firmware from eMMC...\n");

@ -423,12 +425,9 @@ uint32_t nxboot_main(void) {
    uint8_t tsec_key[0x10] = {0};
    uint8_t tsec_root_keys[0x20][0x10] = {0};
    if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_700) {
-        /* TODO: what else to do here? */
-        
-        /* Patch TSEC firmware to exit after generating TSEC key. */
-        *((volatile uint16_t *)((uintptr_t)tsec_fw + 0x2DB5)) = 0x02F8;
-        if (tsec_get_key(tsec_key, 1, tsec_fw, tsec_fw_size) != 0) {
-            fatal_error("[NXBOOT]: Failed to get TSEC key!\n");
+        /* Detect whether we need to run sept-secondary in order to derive keys. */
+        if (!get_and_clear_has_run_sept()) {
+            reboot_to_sept(tsec_fw, tsec_fw_size, sept_secondary_enc, sept_secondary_enc_size);
        }
    } else if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_620) {
        uint8_t tsec_keys[0x20] = {0};
@ -446,10 +445,12 @@ uint32_t nxboot_main(void) {
        }
    }
    
-    /* Derive keydata. */
+    /* Derive keydata. If on 7.0.0+, sept has already derived keys for us. */
    unsigned int keygen_type = 0;
-    if (derive_nx_keydata(target_firmware, g_keyblobs, available_revision, tsec_key, tsec_root_keys, &keygen_type) != 0) {
-        fatal_error("[NXBOOT]: Key derivation failed!\n");
+    if (target_firmware < ATMOSPHERE_TARGET_FIRMWARE_700) {
+        if (derive_nx_keydata(target_firmware, g_keyblobs, available_revision, tsec_key, tsec_root_keys, &keygen_type) != 0) {
+            fatal_error("[NXBOOT]: Key derivation failed!\n");
+        }
    }

    /* Setup boot configuration for Exosphère. */