exo2: Initial work on the exosphere rewrite.

exo2: Implement uncompressor stub and boot code up to Main(). exo2: implement some more init (uart/gic) exo2: implement more of init exo2: improve reg api, add keyslot flag setters exo2: implement se aes decryption/enc exo2: fix bugs in loader stub/mmu mappings exo2: start skeletoning bootconfig/global context types arch: fix makefile flags exo2: implement through master key derivation exo2: implement device master keygen exo2: more init through start of SetupSocSecurity exo2: implement pmc secure scratch management se: implement sticky bit validation libexosphere: fix building for arm32 libexo: fix makefile flags libexo: support building for arm64/arm sc7fw: skeleton binary sc7fw: skeleton a little more sc7fw: implement all non-dram functionality exo2: fix DivideUp error sc7fw: implement more dram code, fix reg library errors sc7fw: complete sc7fw impl. exo2: skeleton the rest of SetupSocSecurity exo2: implement fiq interrupt handler exo2: implement all exception handlers exo2: skeleton the entire smc api, implement the svc invoker exo2: implement rest of SetupSocSecurity exo2: correct slave security errors exo2: fix register definition exo2: minor fixes
2025-05-27 21:24:11 -04:00 · 2020-05-04 23:33:16 -07:00 · 2020-05-04 23:33:16 -07:00 · f66b41c027
commit f66b41c027
parent 71e0102f7a
192 changed files with 15093 additions and 24 deletions
--- a/exosphere2/program/source/secmon_key_storage.cpp
+++ b/exosphere2/program/source/secmon_key_storage.cpp
@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2018-2020 Atmosphère-NX
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <exosphere.hpp>
+#include "secmon_key_storage.hpp"
+
+namespace ams::secmon {
+
+    namespace {
+
+        constinit u8 g_rsa_moduli[ImportRsaKey_Count][se::RsaSize] = {};
+        constinit bool g_rsa_modulus_committed[ImportRsaKey_Count] = {};
+
+        ALWAYS_INLINE u8 *GetRsaKeyModulus(ImportRsaKey which) {
+            return g_rsa_moduli[which];
+        }
+
+        ALWAYS_INLINE u8 *GetRsaKeyPrivateExponent(ImportRsaKey which) {
+            return ::ams::secmon::impl::GetRsaPrivateExponentStorage(static_cast<int>(which));
+        }
+
+        ALWAYS_INLINE bool IsRsaKeyProvisional(ImportRsaKey which) {
+            return g_rsa_modulus_committed[which] == false;
+        }
+
+        void ClearRsaKeyModulus(ImportRsaKey which) {
+            g_rsa_modulus_committed[which] = false;
+            std::memset(g_rsa_moduli[which], 0, se::RsaSize);
+        }
+
+        ALWAYS_INLINE u8 *GetMasterKeyStorage(int index) {
+            return ::ams::secmon::impl::GetMasterKeyStorage(index);
+        }
+
+        ALWAYS_INLINE u8 *GetDeviceMasterKeyStorage(int index) {
+            return ::ams::secmon::impl::GetDeviceMasterKeyStorage(index);
+        }
+
+    }
+
+    void ImportRsaKeyExponent(ImportRsaKey which, const void *src, size_t size) {
+        /* If we import an exponent, the modulus is not committed. */
+        ClearRsaKeyModulus(which);
+
+        /* Copy the exponent. */
+        std::memcpy(GetRsaKeyPrivateExponent(which), src, size);
+    }
+
+    void ImportRsaKeyModulusProvisionally(ImportRsaKey which, const void *src, size_t size) {
+        std::memcpy(GetRsaKeyModulus(which), src, std::min(static_cast<int>(size), se::RsaSize));
+    }
+
+    void CommitRsaKeyModulus(ImportRsaKey which) {
+        g_rsa_modulus_committed[which] = true;
+    }
+
+    bool LoadRsaKey(int slot, ImportRsaKey which) {
+        /* If the key is still provisional, we can't load it. */
+        if (IsRsaKeyProvisional(which)) {
+            return false;
+        }
+
+        se::SetRsaKey(slot, GetRsaKeyModulus(which), se::RsaSize, GetRsaKeyPrivateExponent(which), se::RsaSize);
+        return true;
+    }
+
+    void LoadProvisionalRsaKey(int slot, ImportRsaKey which) {
+        se::SetRsaKey(slot, GetRsaKeyModulus(which), se::RsaSize, GetRsaKeyPrivateExponent(which), se::RsaSize);
+    }
+
+    void SetMasterKey(int generation, const void *src, size_t size) {
+        const int index = generation - pkg1::KeyGeneration_Min;
+        se::EncryptAes128(GetMasterKeyStorage(index), se::AesBlockSize, pkg1::AesKeySlot_RandomForKeyStorageWrap, src, size);
+    }
+
+    void LoadMasterKey(int slot, int generation) {
+        const int index = std::min(0, generation - pkg1::KeyGeneration_Min);
+        se::SetEncryptedAesKey128(slot, pkg1::AesKeySlot_RandomForKeyStorageWrap, GetMasterKeyStorage(index), se::AesBlockSize);
+    }
+
+    void SetDeviceMasterKey(int generation, const void *src, size_t size) {
+        const int index = generation - pkg1::KeyGeneration_4_0_0;
+        se::EncryptAes128(GetDeviceMasterKeyStorage(index), se::AesBlockSize, pkg1::AesKeySlot_RandomForKeyStorageWrap, src, size);
+    }
+
+    void LoadDeviceMasterKey(int slot, int generation) {
+        const int index = std::min(0, generation - pkg1::KeyGeneration_4_0_0);
+        se::SetEncryptedAesKey128(slot, pkg1::AesKeySlot_RandomForKeyStorageWrap, GetDeviceMasterKeyStorage(index), se::AesBlockSize);
+    }
+
+}