Cmep registers: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:


= F00D/ARM =
= Cmep/ARM =


== E0000000: MailboxFoodToArm ==
== 0xE0000000: MailboxCmepToArm ==
Response to ARM is written here.
Response to ARM is written here.


== E0000010: MailboxArmToFood ==
== 0xE0000010: MailboxArmToCmep ==
Request from ARM is written here.
Request from ARM is written here.


== E0000020: MailboxFoodToDebugger ==
== 0xE0000020: MailboxCmepToDebugger ==
Size: 2x u32.
Size: 2* u32.


== E0000028: MailboxDebuggerToFood ==
== 0xE0000028: MailboxDebuggerToCmep ==
Size: 2x u32.
Size: 2* u32.


== E0000060: MailboxDebuggerToFood2 ==
== 0xE0000060: MailboxDebuggerToCmep2 ==
Size: 2x u32.
Size: 2* u32.


= F00D controller =
= Cmep controller =


== E0010000: FootReset ==
== 0xE0010000: CmepReset ==
     Bit0: Hangs. ARM uses this to reset the F00D subsystem.
     Bit0: Hangs. ARM uses this to reset the cMeP subsystem.


== E0010004: FoodStatus ==
== 0xE0010004: CmepStatus ==
     Bit31:  IsFoodAlive
     Bit31:  IsCmepAlive
     Bit0-2: ?
     Bit0-2: ?


Line 29: Line 29:
     0xE0010010: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     0xE0010010: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


== E0010010 ==
== 0xE0010010: Unknown ==
Reads back 0x7FF. Then hangs after delay.
Reads back 0x7FF. Then hangs after delay.


Line 39: Line 39:
     0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


= F00D_E0020000 =
= Cmep 0xE0020000 =


== E0020000 ==
== 0xE0020000: Unknown ==
     Bit0: Reboot when cleared.
     Bit0: Reboot when cleared.
     Bit1: Hang when cleared. Unrecoverable
     Bit1: Hang when cleared. Unrecoverable
Line 51: Line 51:
     Bit17:
     Bit17:


== E0020004: ? ==
== 0xE0020004: Unknown ==
second_loader writes 0x30003 followed by 0 here, after clearing keys.
second_loader writes 0x30003 followed by 0 here, after clearing keys.


== E0020020: ? ==
== E0020020: Unknown ==


<s>rsa_expmod() reads and writes back this register before reading the result of the RSA operation.</s>
<s>rsa_expmod() reads and writes back this register before reading the result of the RSA operation.</s>
Line 67: Line 67:
Size: 8x u32.
Size: 8x u32.


== E0030020: KeySetValueTrigger ==
== 0xE0030020: KeySetValueTrigger ==
Write keyslot here, and it will write value written above to it.
Write keyslot here, and it will write value written above to it.


== E0030024: KeySetProtect ==
== 0xE0030024: KeySetProtect ==
     Bit0-15:  KeyslotNumber
     Bit0-15:  KeyslotNumber
     Bit16-31: KeyslotClearFlags
     Bit16-31: KeyslotClearFlags


== E0030028: KeyQueryProtect ==
== 0xE0030028: KeyQueryProtect ==
     Bit0-15: KeyslotNumber
     Bit0-15: KeyslotNumber


== E003002C: KeyQueryProtectResult ==
== 0xE003002C: KeyQueryProtectResult ==
     Bit0: SlotExists
     Bit0: SlotExists
     Bit1: HasBeenWrittenOnce. You cannot use a key if this is not set.
     Bit1: HasBeenWrittenOnce. You cannot use a key if this is not set.
Line 105: Line 105:
= SceBignum controller =
= SceBignum controller =


== E0040108 RsaSignatureBuffer ==
== 0xE0040108: RsaSignatureBuffer ==
Size: 0x100 bytes.
Size: 0x100 bytes.


== E0040400 RsaModulusBuffer ==
== 0xE0040400: RsaModulusBuffer ==
Size: 0x100 bytes.
Size: 0x100 bytes.


== E0040800 RsaControl ==
== 0xE0040800: RsaControl ==
In u32's.
In u32's.


== E0040800 RsaStatus ==
== 0xE0040800: RsaStatus ==
     Bit31: Busy
     Bit31: Busy


== E0040808 RsaExponent ==
== 0xE0040808: RsaExponent ==


= SceBigmac controller =
= SceBigmac controller =
Line 142: Line 142:
</source>
</source>


== E005000C BigmacOp ==
== 0xE005000C: BigmacOp ==
Unlike Dmac5, DES is not supported for Bigmac.
Unlike for Dmac5, DES is not supported for Bigmac.


   Bit0-6: Algorithm
   Bit0-6: Algorithm
Line 215: Line 215:
VULN! Any SHA with length==0 produces an output of all zeroes!
VULN! Any SHA with length==0 produces an output of all zeroes!


== E005003C BigmacRng ==
== 0xE005003C: BigmacRng ==
Reads a random value.
Reads a random value.


== E0050200 BigmacExternalKey ==
== 0xE0050200: BigmacExternalKey ==
Size: 0x20 bytes
Size: 0x20 bytes


Line 225: Line 225:
= SceBigmac Keyring =
= SceBigmac Keyring =


== E0058000 KeyRingDirectAccess ==
== 0xE0058000: KeyRingDirectAccess ==
Size: 0x10000 bytes.
Size: 0x10000 bytes.


Line 282: Line 282:
= SceEmmcController =
= SceEmmcController =


== 0xE0070000 EmmcCrypto Toggle/Status? ==
== 0xE0070000: EmmcCrypto Toggle/Status? ==


Toggle : Set to 1.
Toggle : Set to 1.


Status : enabled emmc encdec?
Status : enabled emmc enc/dec?


== 0xE0070004 EmmcCrypto avaliable status ==
== 0xE0070004: EmmcCrypto avalaible status ==


bit0(& 1) : Not available -> second_loader throw error.
bit0(& 1) : Not available -> second_loader throw error.


== 0xE0070008 EmmcCrypto keyset ==
== 0xE0070008: EmmcCrypto keyset ==


1.69-3.73 : 0x20E and 0x20F.
1.69-3.73 : 0x20E and 0x20F.
Line 298: Line 298:
write only.
write only.


== 0xE007000C Unknown ==
== 0xE007000C: Unknown ==


Can to read the 2.
Can to read the 2.
Line 304: Line 304:
= 0xE00C0000 =
= 0xE00C0000 =


== 0xE00CC000 ==
== 0xE00CC000: Unknown ==


Unknown, Can to read the 0x10006331.
Unknown, Can to read the 0x10006331.


== 0xE00CC014 ==
== 0xE00CC014: Unknown ==


Unknown, Can to read the 0x300000.
Unknown, Can to read the 0x300000.


== 0xE00CC070 ==
== 0xE00CC070: Unknown ==


Unknown, Can to read the 1.
Unknown, Can to read the 1.


== 0xE00CC078 ==
== 0xE00CC078: Unknown ==


Unknown, Can to read the 0x300.
Unknown, Can to read the 0x300.


[[Category:Keyring]]
[[Category:Keyring]]

Revision as of 21:56, 2 September 2021

Cmep/ARM

0xE0000000: MailboxCmepToArm

Response to ARM is written here.

0xE0000010: MailboxArmToCmep

Request from ARM is written here.

0xE0000020: MailboxCmepToDebugger

Size: 2* u32.

0xE0000028: MailboxDebuggerToCmep

Size: 2* u32.

0xE0000060: MailboxDebuggerToCmep2

Size: 2* u32.

Cmep controller

0xE0010000: CmepReset

   Bit0: Hangs. ARM uses this to reset the cMeP subsystem.

0xE0010004: CmepStatus

   Bit31:  IsCmepAlive
   Bit0-2: ?
   0xE0010000: 00 00 00 00 05 00 00 80 00 00 00 00 00 00 00 00
   0xE0010010: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xE0010010: Unknown

Reads back 0x7FF. Then hangs after delay.

   Bit5: Disables Key* registers, and KeyRingDirectAccess

No bit appears to disable Rsa* registers, or Bigmac*.

   0xE0020000: 0F 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
   0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Cmep 0xE0020000

0xE0020000: Unknown

   Bit0: Reboot when cleared.
   Bit1: Hang when cleared. Unrecoverable
   Bit2: No hang when cleared.
   Bit3: No hang when cleared.
   Bit4:
   Bit5:
   Bit16: No hang when cleared.
   Bit17:

0xE0020004: Unknown

second_loader writes 0x30003 followed by 0 here, after clearing keys.

E0020020: Unknown

rsa_expmod() reads and writes back this register before reading the result of the RSA operation.

May be a kind of timer.

Or working state.

Keyring controller

0xE0030000-0xE003001F: KeySetValue

Size: 8x u32.

0xE0030020: KeySetValueTrigger

Write keyslot here, and it will write value written above to it.

0xE0030024: KeySetProtect

   Bit0-15:  KeyslotNumber
   Bit16-31: KeyslotClearFlags

0xE0030028: KeyQueryProtect

   Bit0-15: KeyslotNumber

0xE003002C: KeyQueryProtectResult

   Bit0: SlotExists
   Bit1: HasBeenWrittenOnce. You cannot use a key if this is not set.
   Bit2: HasBeenWrittenMoreThanOnce
   Bit16:   Clearable   | AesEncryptAllowed (CTR+CBC+ECB, any key size)
   Bit17:   Clearable   | AesDecryptAllowed (CTR+CBC+ECB, any key size)
   Bit18:   Clearable   | ShaHmacAllowed (SHA1+SHA256)
   Bit19:   Clearable   | AesCmacAllowed
   Bit20:   Clearable   | EmmcCryptoAllowed (qualified guess!)
   Bit21:   Fixed       | IsMaster
   Bit22:   Fixed       | MemberOfGroup0
   Bit23:   Fixed       | MemberOfGroup1
   Bit24:   Fixed       | MemberOfGroup2
   Bit25:   Fixed       | MemberOfGroup3
   Bit26:   Clearable   | SetByBigmacAllowed
   Bit27:   Clearable   | SetByKeyringAllowed
   Bit28:   Clearable   | GetByKeyringAllowed

A master key can only write into a slave keyslot belonging to the same group(s) as itself.

A master key cannot write into a non-slave keyslot or external memory.

Normal keyslots are keyslots that don't belong to any group (bit21-25 are all zeroes). They can be written by slaves of groups, and also by normal non-keyslot operations.

A slave can write output to a normal keyslot or to external memory.

SceBignum controller

0xE0040108: RsaSignatureBuffer

Size: 0x100 bytes.

0xE0040400: RsaModulusBuffer

Size: 0x100 bytes.

0xE0040800: RsaControl

In u32's.

0xE0040800: RsaStatus

   Bit31: Busy

0xE0040808: RsaExponent

SceBigmac controller

// base:0xE0050000(channel0), 0xE0050080(channel1)
typedef struct SceBigmacOp {
	const void *src;
	union {
		void *dst;
		int slot_id;
	};
	SceSize len;
	int func; // BigmacOp

	int key_slot;
	void *iv;
	void *next;
	int ready; // Writing 1 here starts bigmac operation.

	int status;
	int res; // Set when invalid keyslot (0xFFF). Bit18: Set when keyslot is not allowed to perform operation.
} SceBigmacOp;

0xE005000C: BigmacOp

Unlike for Dmac5, DES is not supported for Bigmac.

 Bit0-6: Algorithm
 0x00 = Zeroes?
 0x01 = AesEcbEncrypt
 0x02 = AesEcbDecrypt
 0x03 = Sha1
 0x04 = Rng
 0x05 = Zeroes
 0x06 = Zeroes
 0x07 = Zeroes
 0x09 = AesCbcEncrypt
 0x0A = AesCbcDecrypt
 0x0B = Sha224
 0x0C = memset
 0x0D = Zeroes
 0x0E = Zeroes
 0x0F = Zeroes
 0x10 = AesCtr
 0x11 = AesCtrEncrypt
 0x12 = AesCtrDecrypt
 0x13 = Sha256
 0x1B = !!! HANG !!!
 0x23 = HmacSha1, keylength=32 bytes
 0x2B = !!! HANG !!!
 0x33 = HmacSha256, keylength=32 bytes
 0x3B = AesCmac
 0x41  = !!! HANG !!!
 0x43 = <0x03>
 0x4B = <0x0b>
 0x53 = <0x13>
 0x61  = !!! HANG !!!
 0x7B = <0x3b>
 0x141 = !!! HANG !!!
   Bit7:    UseExternalKey
   Bit8-10: KeySize (0=64bit, 1=128bit, 2=192bit, 3=256bit)
            (Applies only to AesEcb, AesCbc, AesCmac)
   Bit11:   Nothing noticable for AesEcbEncrypt
   Bit12:   Nothing noticable for AesEcbEncrypt
   Bit24:   Causes hang
   Bit25:   Causes hang
   Bit28:   IsDstKeyslot

The following are known to be able to write keyslots:

 * AesEcbEncrypt/Decrypt:
     Size is rounded up to multiple of 4.
     If size > 16, size = 16.
     Read |size| bytes from |src| into HW state.
     The remaining 16-|size| bytes of state *ARE KEPT FROM RESULT OF PREVIOUS AES OPERATION*.
     VULN! This allows key recovery of all slave keyslots during boot.
     The key written to keyslot is always 16 bytes long, padded with 00's.
 * AesCbcEncrypt/Decrypt: Size is rounded up to multiple of 4. 
 * AesCtrEncrypt/Decrypt: Size is rounded up to multiple of 4.
 * AesCmac                Puts the 16 byte hash into keyslot.
                          Bytes 16-31 are *FORCED* 0.
 * Sha1:                  Puts the 20 byte hash into keyslot.
                          Bytes 20-31 are *FORCED* 0.
 * Sha224:                Puts the 28 byte hash into keyslot.
                          Bytes 28-31 are *FORCED* 0.
 * Sha256:                Puts the 32 byte hash into keyslot.
 * HmacSha1               Probably same as Sha1.
 * HmacSha256             Probably same as Sha256.
 * Rng

AesCtrEncrypt when having a keyslot dst, still reads from src.

VULN! Any SHA with length==0 produces an output of all zeroes!

0xE005003C: BigmacRng

Reads a random value.

0xE0050200: BigmacExternalKey

Size: 0x20 bytes

VULN! Allows partial overwrite. However when using keyslot crypto, this key remains unaffected. Thus it cannot be used to recover keyslot keys.

SceBigmac Keyring

0xE0058000: KeyRingDirectAccess

Size: 0x10000 bytes.

Key slots

0x000-0x07F:

   Initial state: Empty keyslots.
   0x000-0x007: Empty group0 slave keyslots, for AES decryption only.
   0x008-0x00F: Empty group1 slave keyslots, any algo.
   0x010-0x01F: Empty group2 slave keyslots, for AES decryption only.
   0x020-0x02F: Empty group3 slave keyslots, any algo.
   0x030-0x07F: Empty normal keyslots, any algo.

0x100-0x17F:

   Initial state: Empty keyslots.
   0x100-0x17F: Empty normal keyslots, any algo.

0x200-0x217:

   Initial state: Filled in, key material.
   0x200-0x203: AES decryption-only keys (for memory buffers).
   0x204-0x205: Master keys (for group0), any algo.
   0x206-0x20D: Master keys (for group1), any algo.
   0x20E-0x20F: Emmc keys, fully protected.
   0x210-0x217: General purpose keys (for memory buffers).

0x300-0x3FF:

   Initial state: Filled in, key material.
   0x300-0x33F: AES decryption-only keys (for memory buffers).
   0x340-0x343: Master keys (for group2), any algo.
   0x344-0x353: Master keys (for group3), any algo.
   0x354-0x3FF: General purpose keys (for memory buffers).

0x400-0x47F:

   Initial state: Empty data storage, read-write from keyring.

0x500-0x57F:

   Initial state: Empty data storage, read-write from keyring.

0x600-0x607:

   Initial state: Filled in data, read-only. Keyring only.
   0x603: u32 BootromFlags.
     Bit0-15: HasRsaRevocationKey. This is set to 0xFFFF.
     Bit16:   UseAlternativeEmmcClock

0x700-0x77F:

   Initial state: Filled in data, read-only. Keyring only.
   0x700-0x708: RsaRevocationKey0
   0x708-0x710: RsaRevocationKey1
   0x710-0x718: RsaRevocationKey2
   0x718-0x720: RsaRevocationKey3
   0x720-0x728: RsaRevocationKey4
   0x728-0x730: RsaRevocationKey5
   ...
   0x778-0x780: RsaRevocationKey15

SceEmmcController

0xE0070000: EmmcCrypto Toggle/Status?

Toggle : Set to 1.

Status : enabled emmc enc/dec?

0xE0070004: EmmcCrypto avalaible status

bit0(& 1) : Not available -> second_loader throw error.

0xE0070008: EmmcCrypto keyset

1.69-3.73 : 0x20E and 0x20F.

write only.

0xE007000C: Unknown

Can to read the 2.

0xE00C0000

0xE00CC000: Unknown

Unknown, Can to read the 0x10006331.

0xE00CC014: Unknown

Unknown, Can to read the 0x300000.

0xE00CC070: Unknown

Unknown, Can to read the 1.

0xE00CC078: Unknown

Unknown, Can to read the 0x300.