Difference between revisions of "Cmep Key Ring Base"
Jump to navigation
Jump to search
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) |
||
| Line 59: | Line 59: | ||
| 0x11-0x1F || N || 0x0502 || 0x0100 || N || ? || ? || ? | | 0x11-0x1F || N || 0x0502 || 0x0100 || N || ? || ? || ? | ||
|- | |- | ||
| − | | 0x20 || N || 0x061F || 0x0200 || Y || ? || first_loader (0x344) || Derived from 0x344, used for hmac-sha256 over | + | | 0x20 || N || 0x061F || 0x0200 || Y || ? || first_loader (0x344) || Derived from 0x344, used for hmac-sha256 over ENC files. |
|- | |- | ||
| 0x21-0x24 || N || 0x061F || 0x061F || N || ? || ? || supports encryption and decryption | | 0x21-0x24 || N || 0x061F || 0x061F || N || ? || ? || supports encryption and decryption | ||
| Line 81: | Line 81: | ||
| 0x204-0x205 || Y || 0x006F || 0x006F || Y || Y || ? || ? | | 0x204-0x205 || Y || 0x006F || 0x006F || Y || Y || ? || ? | ||
|- | |- | ||
| − | | 0x206 || Y || 0x00AF || 0x00A0 || Y || ? || ? || Used to derive key used to decrypt personalized layer over | + | | 0x206 || Y || 0x00AF || 0x00A0 || Y || ? || ? || Used to derive key used to decrypt personalized layer over ENC. Should be per-console. |
|- | |- | ||
| 0x207 || Y || 0x00AF || 0x00A0 || Y || ? || ? || Used instead of the above key when secret debug mode is set. (Possibly non-per-console?) | | 0x207 || Y || 0x00AF || 0x00A0 || Y || ? || ? || Used instead of the above key when secret debug mode is set. (Possibly non-per-console?) | ||
|- | |- | ||
| − | | 0x208-0x20D || Y || 0x00AF || 0x00A0 || Y || ? || ? || 6 keys used to decrypt | + | | 0x208-0x20D || Y || 0x00AF || 0x00A0 || Y || ? || ? || 6 keys used to decrypt ENC metadata, which one is used depends on key revision in ENC header. |
|- | |- | ||
| 0x20E-0x20F || Y || ? || 0x0010 || Y || ? || ? || Maybe per-console eMMC crypto keys? Protected by second_loader. | | 0x20E-0x20F || Y || ? || 0x0010 || Y || ? || ? || Maybe per-console eMMC crypto keys? Protected by second_loader. | ||
| Line 107: | Line 107: | ||
| 0x300-0x33F || Y || 0x0002 || 0x0000 || Y || ? || ? || ? | | 0x300-0x33F || Y || 0x0002 || 0x0000 || Y || ? || ? || ? | ||
|- | |- | ||
| − | | 0x340 || Y || 0x012F || 0x012F || Y || ? || ? || Used to decrypt keys into the 0x10 keyslot | + | | 0x340 || Y || 0x012F || 0x012F || Y || ? || ? || Used to decrypt keys into the 0x10 keyslot. |
|- | |- | ||
| 0x341-0x343 || Y || 0x012F || 0x0120 || Y || ? || ? || ? | | 0x341-0x343 || Y || 0x012F || 0x0120 || Y || ? || ? || ? | ||
| Line 113: | Line 113: | ||
| 0x344 || Y || 0x022F || 0x0220 || Y || ? || ? || Used to derive key 0x20 in bootrom. | | 0x344 || Y || 0x022F || 0x0220 || Y || ? || ? || Used to derive key 0x20 in bootrom. | ||
|- | |- | ||
| − | | 0x345-0x348 || Y || 0x022F || 0x022F || Y || ? || ? || Used to decrypt keys into one of the 0x21-0x24 keyslot | + | | 0x345-0x348 || Y || 0x022F || 0x022F || Y || ? || ? || Used to decrypt keys into one of the 0x21-0x24 keyslot. |
|- | |- | ||
| 0x349-0x353 || Y || 0x022F ||0x0220 || Y || ? || ? || ? | | 0x349-0x353 || Y || 0x022F ||0x0220 || Y || ? || ? || ? | ||
| Line 135: | Line 135: | ||
| 0x507 || N || 0x1800 || 0x1800 || Y || N || ? || ? | | 0x507 || N || 0x1800 || 0x1800 || Y || N || ? || ? | ||
|- | |- | ||
| − | | 0x508 || N || 0x1800 || 0x1800 || Y || N || second loader || | + | | 0x508 || N || 0x1800 || 0x1800 || Y || N || second loader || Baryon version (from Ernie cmd 0x1). 4 bytes. Set to 0x100010A on FW 1.05, 0x0100010B on FW 1.50, 0x100060D on FW 1.692. If lower (older) than 0x90903, old Syscon protocols (unencrypted packets and NVS) are used. |
|- | |- | ||
| 0x509 || N || 0x1800 || 0x1800 || Y || Y || second loader || ConsoleId of unit. Comes from IdStorage (eMMC). | | 0x509 || N || 0x1800 || 0x1800 || Y || Y || second loader || ConsoleId of unit. Comes from IdStorage (eMMC). | ||
| Line 143: | Line 143: | ||
| 0x50B || N || 0x1800 || 0x1800 || Y || ? || second loader || From 0xD2 SNVS block 0, 8 bytes. (?Mgmt Data?) | | 0x50B || N || 0x1800 || 0x1800 || Y || ? || second loader || From 0xD2 SNVS block 0, 8 bytes. (?Mgmt Data?) | ||
|- | |- | ||
| − | | 0x50C || N || 0x1800 || 0x1800 || Y || N || second loader || | + | | 0x50C || N || 0x1800 || 0x1800 || Y || N || second loader || Some boot flags. Like Boot type indicator 1. Set to 1 on FW 1.692 and newer, 0 on older. |
|- | |- | ||
| 0x50D || N || 0x1800 || 0x1800 || Y || Y || second loader || OpenPSID of unit. Comes from IdStorage (eMMC). | | 0x50D || N || 0x1800 || 0x1800 || Y || Y || second loader || OpenPSID of unit. Comes from IdStorage (eMMC). | ||
| Line 193: | Line 193: | ||
| 0x608-0x6FF || X || 0x0000 || 0x0000 || X || ? || ? || Not used | | 0x608-0x6FF || X || 0x0000 || 0x0000 || X || ? || ? || Not used | ||
|- | |- | ||
| − | | 0x700-0x7FF || Y || 0x1000 || 0x0000 || Y || N || ? || 16 public RSA keys for | + | | 0x700-0x7FF || Y || 0x1000 || 0x0000 || Y || N || ? || 16 public RSA keys for ENC files. Which key is used depends on public key revision specified in ENC header. |
|} | |} | ||
Revision as of 17:24, 24 May 2020
Physical address = 0xE0058000 + 32 * slot
Permission bits
If a key slot is not locked, it can target f00d memory or unlocked keyslot
| Bit | Function |
|---|---|
| 0x01 | Encryption operation allowed |
| 0x02 | Decryption operation allowed |
| 0x04 | ? operation allowed |
| 0x08 | ? operation allowed |
| 0x10 | ? |
| 0x20 | Master Keyslot can target user keyslot (based on Mask Group below) |
| 0x40 | Keyslot Pairing Lock Mask Group 0 (Master slots 0x204-0x205 and user slots 0-7) |
| 0x80 | Keyslot Pairing Lock Mask Group 1 (Master slots 0x206-0x20D and user slots 8-0xF) |
| 0x100 | Keyslot Pairing Lock Mask Group 2 (Master slots 0x340-0x343 and user slots 0x10-0x1F) |
| 0x200 | Keyslot Pairing Lock Mask Group 3 (Master slots 0x344-0x353 and user slots 0x20-0x2F) |
| 0x400 | Locked Keyslot can target f00d memory |
| 0x800 | can be written directly by f00d |
| 0x1000 | can be read directly by f00d |
Key Ring Slots 0xE0058000
| Slot | Initial Valid | Initial Protection | Protection (1.69) | Ever Valid (1.69) | Per Console? (1.69) | Set By? | Description |
|---|---|---|---|---|---|---|---|
| 0 | N | 0x0442 | 0x0442 | Y | ? | ? | ? |
| 1 | N | 0x0442 | 0x0442 | N | ? | ? | ? |
| 2-7 | N | 0x0442 | 0x0040 | N | ? | ? | ? |
| 8 | N | 0x049F | 0x0081 | Y | Y | first_loader (0x206/0x207) | SLSK per-console key (encrypt) |
| 9 | N | 0x049F | 0x0080 | N | ? | first_loader (0x206/0x207) | SLSK per-console key (decrypt) |
| 0xA | N | 0x049F | 0x0080 | Y | N | first_loader (0x208-0x20D) | SLSK metadata key |
| 0xB-0xF | N | 0x049F | 0x0080 | Y | N | first_loader (0x208-0x20D) | ? |
| 0x10 | N | 0x0502 | 0x0502 | N | ? | ? | supports decryption only |
| 0x11-0x1F | N | 0x0502 | 0x0100 | N | ? | ? | ? |
| 0x20 | N | 0x061F | 0x0200 | Y | ? | first_loader (0x344) | Derived from 0x344, used for hmac-sha256 over ENC files. |
| 0x21-0x24 | N | 0x061F | 0x061F | N | ? | ? | supports encryption and decryption |
| 0x25-0x2F | N | 0x061F | 0x0200 | N | ? | ? | ? |
| 0x30-0x34 | N | 0x041F | 0x041F | N | ? | ? | ? |
| 0x35-0x7F | N | 0x041F | 0x0000 | N | ? | ? | ? |
| 0x80-0xFF | X | 0x0000 | 0x0000 | X | ? | ? | Not used |
| 0x100 | N | 0x041F | 0x041F | N | ? | ? | ? |
| 0x101-0x17F | N | 0x041F | 0x0000 | N | ? | ? | ? |
| 0x180-0x1FF | X | 0x0000 | 0x0000 | X | ? | ? | Not used |
| 0x200-0x203 | Y | 0x0002 | 0x0000 | Y | ? | ? | ? |
| 0x204-0x205 | Y | 0x006F | 0x006F | Y | Y | ? | ? |
| 0x206 | Y | 0x00AF | 0x00A0 | Y | ? | ? | Used to derive key used to decrypt personalized layer over ENC. Should be per-console. |
| 0x207 | Y | 0x00AF | 0x00A0 | Y | ? | ? | Used instead of the above key when secret debug mode is set. (Possibly non-per-console?) |
| 0x208-0x20D | Y | 0x00AF | 0x00A0 | Y | ? | ? | 6 keys used to decrypt ENC metadata, which one is used depends on key revision in ENC header. |
| 0x20E-0x20F | Y | ? | 0x0010 | Y | ? | ? | Maybe per-console eMMC crypto keys? Protected by second_loader. |
| 0x210-0x211 | Y | 0x001F | 0x0000 | Y | ? | ? | ? |
| 0x212 | Y | 0x001F | 0x001F | Y | Y | ? | AES256-CMAC key used by KIRK commands 0x12 and 0x19. |
| 0x213 | Y | 0x001F | 0x001F | Y | Y | ? | Used to derive SMI keys, which are used for factory fw decryption. |
| 0x214 | Y | 0x001F | 0x0000 | Y | ? | ? | AES256CBC key used to derive (by encryption) keyslots 0x514 and 0x515 in second_loader. IVs hardcoded in second_loader. |
| 0x215 | Y | 0x001F | 0x0000 | Y | ? | ? | ? |
| 0x216 | Y | 0x001F | 0x001F | Y | ? | ? | AES256CBC key used to derive (by encryption) keyslots 0x502-0x504 in second_loader on FW >= 0.996. Single IV hardcoded in second_loader. For FW < 0.996, the keyslots 0x502-0x504 are hardcoded in second_loader. |
| 0x217 | Y | 0x001F | 0x0000 | Y | ? | ? | ? |
| 0x218-0x2FF | X | 0x0000 | 0x0000 | X | ? | ? | Not used |
| 0x300-0x33F | Y | 0x0002 | 0x0000 | Y | ? | ? | ? |
| 0x340 | Y | 0x012F | 0x012F | Y | ? | ? | Used to decrypt keys into the 0x10 keyslot. |
| 0x341-0x343 | Y | 0x012F | 0x0120 | Y | ? | ? | ? |
| 0x344 | Y | 0x022F | 0x0220 | Y | ? | ? | Used to derive key 0x20 in bootrom. |
| 0x345-0x348 | Y | 0x022F | 0x022F | Y | ? | ? | Used to decrypt keys into one of the 0x21-0x24 keyslot. |
| 0x349-0x353 | Y | 0x022F | 0x0220 | Y | ? | ? | ? |
| 0x354-0x3FF | Y | 0x001F | 0x0000 | Y | ? | ? | ? |
| 0x400-0x47F | N | 0x1800 | 0x0000 | N | ? | ? | ? |
| 0x480-0x4FF | X | 0x0000 | 0x0000 | X | ? | ? | Not used |
| 0x500 | N | 0x1800 | 0x1800 | N | ? | ? | ? |
| 0x501 | N | 0x1800 | 0x1000 | Y | N | first_loader | Used by bootrom first_loader to figure out whether to load from eMMC or ARM comms after reset |
| 0x502-0x504 | N | 0x1800 | 0x1800 | Y | Y | second_loader | Related to Ernie SNVS. |
| 0x505 | N | 0x1800 | 0x0000 | N | ? | ? | ? |
| 0x506 | N | 0x1800 | 0x1800 | Y | ? | ? | ? |
| 0x507 | N | 0x1800 | 0x1800 | Y | N | ? | ? |
| 0x508 | N | 0x1800 | 0x1800 | Y | N | second loader | Baryon version (from Ernie cmd 0x1). 4 bytes. Set to 0x100010A on FW 1.05, 0x0100010B on FW 1.50, 0x100060D on FW 1.692. If lower (older) than 0x90903, old Syscon protocols (unencrypted packets and NVS) are used. |
| 0x509 | N | 0x1800 | 0x1800 | Y | Y | second loader | ConsoleId of unit. Comes from IdStorage (eMMC). |
| 0x50A | N | 0x1800 | 0x1800 | Y | ? | second loader | QA flags. 0x10 bytes. |
| 0x50B | N | 0x1800 | 0x1800 | Y | ? | second loader | From 0xD2 SNVS block 0, 8 bytes. (?Mgmt Data?) |
| 0x50C | N | 0x1800 | 0x1800 | Y | N | second loader | Some boot flags. Like Boot type indicator 1. Set to 1 on FW 1.692 and newer, 0 on older. |
| 0x50D | N | 0x1800 | 0x1800 | Y | Y | second loader | OpenPSID of unit. Comes from IdStorage (eMMC). |
| 0x50E | N | 0x1800 | 0x1800 | Y | Y | second loader | Current firmware version. Comes from SNVS (Ernie). |
| 0x50F | N | 0x1800 | 0x1800 | Y | Y | second loader | Factory firmware version. Comes from IdStorage (eMMC). 4 bytes. |
| 0x510 | N | 0x1800 | 0x1800 | Y | Y | second loader | DIP Switches. 0x20 bytes. Comes from Ernie cmd 0x90 offset 0xE0. |
| 0x511 | N | 0x1800 | 0x1800 | Y | Y | second loader | Unique per boot session id. Ernie shared 0xD0 session key. AES128CBC key used to encrypt with null IV a buffer of size 0x30 bytes coming from Ernie in second_loader. Also used to enc/dec the content of Ernie "packets 0x28" coming from Ernie. If (baryonVersion < 0x90903 && (ernieDLVersion & 0xffffff) < 0x3600) it is zeroed by second_loader. |
| 0x512 | N | 0x1800 | 0x1800 | Y | Y | second loader | Tick count? Used as a challenge at the start of each Ernie encrypted communication. Set to a random value when session key is set. Incremented by 1 after each usage. |
| 0x513 | N | 0x1800 | 0x1800 | Y | N | second loader | DRAM size. Set to 0x20000000 by default, 0x40000000 on DevKit in DevKit Memory Size mode. |
| 0x514 | N | 0x1800 | 0x1800 | Y | N? | second loader | F00d-cmd F01 AES-128-CMAC key. Protected on FW 1.05. Data size 0x90 bytes. Used to verify SKSO integrity. |
| 0x515 | N | 0x1800 | 0x1800 | Y | N? | second loader | F00d-cmd F01 AES-128-CBC key. Protected on FW 1.05. Data size 0xA0 bytes. Hardcoded IV. Used to encrypt/decrypt SKSO (the content written into keyslots 0x511, 0x512, 0x517 and 0x519). |
| 0x516 | N | 0x1800 | 0x1800 | Y | ? | second loader | F00d-cmd F01 writes (u32)1 here when exporting the infoblk. Set to 0 at the start of second_loader main(). Checked for 0 before initiating communication with Ernie. 4 bytes. |
| 0x517 | N | 0x1800 | 0x1800 | Y | ? | second loader | When initializing the EEPROM, this is zeroed if 0x50D has bit8 clear (on 1.692). |
| 0x518 | N | 0x1800 | 0x1800 | Y | N | second loader | Another current FW version (3.60+?). Comes from SNVS (Ernie). |
| 0x519 | N | 0x1800 | 0x1800 | Y | N | second loader | zeroes |
| 0x51A | N | 0x1800 | 0x1800 | Y | Y | ? | Encrypted Session Key (FW 2.12+). Randomized 0x20 byte key unique every boot/reboot/resume used for kernel coredump encryption. See Sysroot and SCECAF#Kernel_Coredump_Encrypted_ELF. |
| 0x51B | N | 0x1800 | 0x1800 | Y | N | second loader | Hardware Info. 4 bytes. |
| 0x51C-0x57F | N | 0x1800 | 0x0000 | N | ? | ? | ? |
| 0x580-0x5FF | X | 0x0000 | 0x0000 | X | ? | ? | Not used |
| 0x600 | Y | 0x1000 | 0x1000 | Y | Y | ? | VisibleId of unit |
| 0x601 | Y | 0x1000 | 0x1000 | Y | Y | ? | ? |
| 0x602 | Y | 0x1000 | 0x1000 | Y | Y | ? | ? |
| 0x603 | Y | 0x1000 | 0x1000 | Y | N | ? | ? |
| 0x604 | Y | 0x1000 | 0x1000 | Y | N | ? | ? |
| 0x605-0x607 | Y | 0x1000 | 0x0000 | Y | ? | ? | ? |
| 0x608-0x6FF | X | 0x0000 | 0x0000 | X | ? | ? | Not used |
| 0x700-0x7FF | Y | 0x1000 | 0x0000 | Y | N | ? | 16 public RSA keys for ENC files. Which key is used depends on public key revision specified in ENC header. |