Cmep Key Ring Base: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
 
(73 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Physical address = 0xE0058000 + 32 * slot
Physical address: <code>0xE0058000 + 0x20 * keyring_number</code>.


=== Permission bits ===
Flags: See [[Cmep_registers#0xE003002C:_KeyringQueryFlagsResponse|here]]
If a key slot is not locked, it can target f00d memory or unlocked keyslot
 
= Keyring information =
 
== 0x0~0xFF: Slave keyrings ==
 
  Initial state: Empty keyrings.
    0x000-0x007: Empty group0 slave keyrings, for AES decryption only.
    0x008-0x00F: Empty group1 slave keyrings, any algorithm.
    0x010-0x01F: Empty group2 slave keyrings, for AES decryption only.
    0x020-0x02F: Empty group3 slave keyrings, any algorithm.
    0x030-0x07F: Empty normal keyrings, any algorithm.


{| class="wikitable"
{| class="wikitable"
|-
|-
! Bit          !! Function
! Keyring
! Initial flags
! Flags after kernel boot
! Per-console
! Set By
! Description
|-
|-
| 0x1          || Encryption operation allowed
| 0
| rowspan="3" | 0x04420001
| 0x04420003
| Y/N
| Secure Modules
| General common keyring for crypto operation.
|-
|-
| 0x2          || Decryption operation allowed
| 1
<!-- | 0x04420001 -->
| 0x04420001
| rowspan="2" | ?
| rowspan="2" | ?
| rowspan="2" | ?
|-
|-
| 0x4          || ? operation allowed
| 2-7
<!-- | 0x04420001 -->
| 0x00400001
<!-- | ?
| ?
| ? -->
|-
|-
| 0x8          || ? operation allowed
| 8
| rowspan="3" | 0x049F0001
| 0x00810003
| rowspan="2" | Y
| rowspan="3" | first_loader
| [[SLSK]] personalization key. Derived from keyrings 0x206.
|-
|-
| 0x10        || ?
| 9
<!-- | 0x049F0001 -->
| 0x00800001
<!-- | ? -->
<!-- | ? -->
| [[SLSK]] personalization key. Derived from keyrings 0x207.
|-
|-
| 0x20        || Master Keyslot can target user keyslot (based on Mask Group below)
| 0xA-0xF
<!-- | 0x049F0001 -->
| 0x00800003
| N
<!-- | first_loader -->
| 6 [[SLSK]] metadata decryption keys. Derived from keyrings 0x208-0x20D.
|-
|-
| 0x40        || Keyslot Pairing Lock Mask Group 0 (Master slots 0x204-0x205 and user slots 0-7)
| 0x10
| rowspan="2" | 0x05020001
| 0x05020001
| rowspan="2" | ?
| rowspan="2" | ?
| Supports decryption only.
|-
|-
| 0x80        || Keyslot Pairing Lock Mask Group 1 (Master slots 0x206-0x20D and user slots 8-0xF)
| 0x11-0x1F
<!-- | 0x05020001 -->
| 0x01000001
<!-- | ? -->
<!-- | ? -->
| ?
|-
|-
| 0x100        || Keyslot Pairing Lock Mask Group 2 (Master slots 0x340-0x343 and user slots 0x10-0x1F)
| 0x20
| rowspan="3" | 0x061F0001
| 0x02000003
| N
| first_loader
| [[SLSK]] HMAC-SHA256 Key. Derived from keyring 0x344.
|-
|-
| 0x200        || Keyslot Pairing Lock Mask Group 3 (Master slots 0x344-0x353 and user slots 0x20-0x2F)
| 0x21-0x24
<!-- | 0x061F0001 -->
| 0x061F0001
| rowspan="5" | ?
| rowspan="5" | N/A
| Supports encryption and decryption.
|-
|-
| 0x400        || Locked Keyslot can target f00d memory
| 0x25-0x2F
<!-- | 0x061F0001 -->
| 0x02000001
<!-- | ? -->
<!-- | ? -->
| rowspan="3" | ?
|-
|-
| 0x800        || Can be written directly by f00d
| 0x30-0x34
| rowspan="2" | 0x041F0001
| 0x041F0001
<!-- | ? -->
<!-- | ? -->
<!-- | ? -->
|-
|-
| 0x1000      || Can be read directly by f00d
| 0x35-0x7F
<!-- | 0x041F0001 -->
| 0x00000001
<!-- | ? -->
<!-- | ? -->
<!-- | ? -->
|-
| 0x80-0xFF
| 0x00000000
| 0x00000000
<!-- | ?
| N/A -->
| Not exist.
|}
|}


=== Key Ring Slots 0xE0058000 ===
== 0x100~0x1FF: Slave keyrings (Reserved) ==
 
  Initial state: Empty keyrings.
    0x100-0x17F: Empty normal keyrings, any algorithm.


{| class="wikitable"
{| class="wikitable"
|-
|-
! Slot          !! Initial Valid !! Initial Protection !! Protection (1.69)  !! Ever Valid (1.69) !! Per Console (1.69) !! Set By !! Description
! Keyring
! Initial flags
! Flags after kernel boot
! Per-console
! Set By
! Description
|-
|-
| 0              || N || 0x0442 || 0x0442      || Y || ? || ?           || ?
| 0x100
| 0x041F0001
| 0x041F0001
| ?
| ?
| ?
|-
|-
| 1              || N || 0x0442 || 0x0442      || N || ? || ?           || ?
| 0x101-0x13F
| 0x00000001
| rowspan="2" | 0x00000001
| rowspan="2" | ?
| rowspan="2" | ?
| rowspan="2" | ?
|-
|-
| 2-7            || N || 0x0442 || 0x0040      || N || ? || ?          || ?
| 0x140-0x17F
<!-- | 0x041F0001 -->
| 0x041F0001
<!-- | ?
| ?
| ? -->
|-
| 0x180-0x1FF
| 0x00000000
| 0x00000000
<!-- | ? -->
| N/A
| Not exist.
|}
 
== 0x200~0x2FF: Master keyrings ==
 
  Initial state: Filled in, key material.
    0x200-0x203: AES decryption-only keys (for memory buffers).
    0x204-0x205: Master keys (for group0), any algorithm.
    0x206-0x20D: Master keys (for group1), any algorithm.
    0x20E-0x20F: Emmc keys, fully protected.
    0x210-0x217: General purpose keys (for memory buffers).
 
{| class="wikitable"
|-
|-
| 8              || N || 0x049F || 0x0081      || Y || Y || first_loader (0x206/0x207) || SLSK per-console key (encrypt)
! Keyring
! Initial flags
! Flags after kernel boot
! Per-console
! Set By
! Description
|-
|-
| 9              || N || 0x049F || 0x0080      || N || ? || first_loader (0x206/0x207) || SLSK per-console key (decrypt)
| 0x200-0x203
| 0x00020003
| 0x00000003
| ?
| Fuses
| ?
|-
|-
| 0xA            || N || 0x049F || 0x0080      || Y || N || first_loader (0x208-0x20D) || SLSK metadata key
| 0x204
| rowspan="2" | 0x006F0003
| rowspan="2" | 0x006F0003
| rowspan="2" | Y
| rowspan="7" | Fuses
| AES-256 master key for IdStorage Certificates AES-128-ECB keys derivation. Used by KIRK commands 0x10, 0x12, 0x17 and 0x19.
|-
|-
| 0xB-0xF        || N || 0x049F || 0x0080      || Y || N || first_loader (0x208-0x20D) || ?
| 0x205
<!-- | 0x006F0003
| 0x006F0003
| Y
| Fuses -->
| ?
|-
|-
| 0x10          || N || 0x0502 || 0x0502      || N || ? ||  ?          || Supports decryption only.
| 0x206
| rowspan="3" | 0x00AF0003
| rowspan="3" | 0x00A00003
| rowspan="2" | Y
<!-- | Fuses -->
| Master key used to derive key that decrypts personalized layer over [[SLSK]].  
|-
|-
| 0x11-0x1F      || N || 0x0502 || 0x0100      || N || ? || ?          || ?
| 0x207
<!-- | 0x00AF0003
| 0x00A00003
| ?
| Fuses -->
| Master key used instead of keyring 0x206 when first_loader secret debug mode is set.
|-
|-
| 0x20          || N || 0x061F || 0x0200      || Y || ? || first_loader (0x344) || Derived from keyslot 0x344, used for hmac-sha256 over ENC files.
| 0x208-0x20D
<!-- | 0x00AF0003
| 0x00A00003 -->
| N
<!-- | Fuses -->
| 6 master keys used to derive AES-128-CBC Key that decrypts [[SLSK]] metadata. Which one is used depends on encryption key revision in [[SLSK]] header.
|-
|-
| 0x21-0x24      || N || 0x061F || 0x061F      || N || ? ||  ?          || Supports encryption and decryption.
| 0x20E
| rowspan="2" | 0xXXXX0003
| rowspan="2" | 0x00100003
| rowspan="2" | Y
<!-- | Fuses -->
| per-console eMMC crypto keys.
|-
|-
| 0x25-0x2F      || N || 0x061F || 0x0200      || N || ? || ?          || ?
| 0x20F
<!-- | 0xXXXX0003
| 0x00100003
| ?
| Fuses -->
| per-console eMMC crypto keys.
|-
|-
| 0x30-0x34      || N || 0x041F || 0x041F      || N || ? ||  ?           || ?
| 0x210-0x211
| rowspan="7" | 0x001F0003
| 0x00000003
| ?
| Fuses
| ?
|-
|-
| 0x35-0x7F      || N || 0x041F || 0x0000      || N || ? ||  ?          || ?
| 0x212
<!-- | 0x001F0003 -->
| rowspan="2" | 0x001F0003
| rowspan="2" | Y
| rowspan="2" | Fuses
| AES-256-CMAC key used by KIRK commands 0x12 and 0x19.
|-
|-
| 0x80-0xFF      || X || 0x0000 || 0x0000      || X || ? ||  ?          || Not used.
| 0x213
<!-- | 0x001F0003
| 0x001F0003
| Y
| Bigmac -->
| AES-256-CBC key used to derive (by seed encryption) SMI keys in second_loader, which are used for minimum firmware version decryption.
|-
|-
| 0x100          || N || 0x041F || 0x041F      || N || ? || ?          || ?
| 0x214
<!-- | 0x001F0003 -->
| rowspan="2" | 0x00000003
| rowspan="2" | ?
| rowspan="2" | Fuses
| AES-256-CBC key used to derive (by seed encryption) keyrings 0x514 and 0x515 in second_loader. IVs and seeds hardcoded in second_loader.
|-
|-
| 0x101-0x17F    || N || 0x041F || 0x0000      || N || ? |?           || ?
| 0x215
<!-- | 0x001F0003
| 0x00000003
| ?
| ? -->
| ?
|-
|-
| 0x180-0x1FF    || X || 0x0000 || 0x0000      || X || ? ||  ?          || Not used.
| 0x216
<!-- | 0x001F0003 -->
| 0x001F0003
| Y
| Fuses
| AES-256-CBC key used to derive (by seed encryption) keyrings 0x502-0x504 in second_loader. IV hardcoded in second_loader. If SMI minimum FW < 0.996, this key is not used and keyrings 0x502-0x504 are set with hardcoded values from second_loader.
|-
|-
| 0x200-0x203    || Y || 0x0002 || 0x0000      || Y || ? || ?           || ?
| 0x217
<!-- | 0x001F0003 -->
| 0x00000003
| ?
| Fuses
| ?
|-
|-
| 0x204          || Y || 0x006F || 0x006F      || Y || Y ||  ?          || AES-256 master key for IdStorage Certificates AES-128-ECB keys derivation. Used by KIRK commands 0x10, 0x12, 0x17 and 0x19.
| 0x218-0x2FF
| 0x00000000
| 0x00000000
| X
| N/A
| Not exist.
|}
 
== 0x300~0x3FF: Master keyrings 2 ==
 
  Initial state: Filled in, key material.
    0x300-0x33F: AES decryption-only keys (for memory buffers).
    0x340-0x343: Master keys (for group2), any algorithm.
    0x344-0x353: Master keys (for group3), any algorithm.
    0x354-0x3FF: General purpose keys (for memory buffers).
 
{| class="wikitable"
|-
|-
| 0x205          || Y || 0x006F || 0x006F      || Y || Y ||  ?          || ?
! Keyring !! Initial flags !! Flags after kernel boot !! Per-console !! Set By !! Description
|-
|-
| 0x206          || Y || 0x00AF || 0x00A0      || Y || ? || ?           || Used to derive key used to decrypt personalized layer over ENC. Should be per-console.
| 0x300-0x33F || 0x00020003 || 0x00000003 || N || ROM || ?
|-
|-
| 0x207          || Y || 0x00AF || 0x00A0      || Y || ? ||  ?          || Used instead of the above key when secret debug mode is set. (Possibly non-per-console?)
| 0x340 || 0x012F0003 || 0x012F0003 || N || ROM || Used to decrypt keys into the 0x10 keyring.
|-
|-
| 0x208-0x20D    || Y || 0x00AF || 0x00A0      || Y || ? ||  ?          || 6 keys used to decrypt ENC metadata, which one is used depends on key revision in ENC header.
| 0x341-0x343 || 0x012F0003 || 0x01200003 || N || ROM || ?
|-
|-
| 0x20E-0x20F    || Y || ? || 0x0010      || Y || ? ||  ?          || Maybe per-console eMMC crypto keys? Protected by second_loader.
| 0x344 || 0x022F0003 || 0x02200003 || N || ROM || Master key used to derive the 0x20 keyring in first_loader.
|-
|-
| 0x210-0x211    || Y || 0x001F || 0x0000      || Y || ? ||  ?          || ?
| 0x345 || 0x022F0003 || 0x022F0003 || N || ROM || Used by GameCard authentication command 56.
|-
|-
| 0x212          || Y || 0x001F || 0x001F      || Y || Y ||  ?          || AES-256-CMAC key used by KIRK commands 0x12 and 0x19.
| 0x346 || 0x022F0003 || 0x022F0003 || N || ROM || Used to decrypt keys into one of the 0x21-0x24 keyrings.
|-
|-
| 0x213          || Y || 0x001F || 0x001F      || Y || Y ||  ?          || AES-256-CBC key used to derive (by seed encryption) SMI keys in second_loader, which are used for minimum firmware version decryption.
| 0x347 || 0x022F0003 || 0x022F0003 || N || ROM || Used to decrypt keys into one of the 0x21-0x24 keyrings.
|-
|-
| 0x214          || Y || 0x001F || 0x0000      || Y || ? ||  ?          || AES-256-CBC key used to derive (by seed encryption) keyslots 0x514 and 0x515 in second_loader. IVs and seeds hardcoded in second_loader.
| 0x348 || 0x022F0003 || 0x022F0003 || N || ROM || Used by GameCard authentication command 56.
|-
|-
| 0x215          || Y || 0x001F || 0x0000      || Y || ? ||  ?          || ?
| 0x349-0x353 || 0x022F0003 || 0x02200003 || N || ROM || ?
|-
|-
| 0x216          || Y || 0x001F || 0x001F      || Y || ? || ?           || AES-256-CBC key used to derive (by seed encryption) keyslots 0x502-0x504 in second_loader. IV hardcoded in second_loader. If SMI minimum FW < 0.996, this key is not used and keyslots 0x502-0x504 are set with hardcoded values from second_loader.
| 0x354-0x3FF || 0x001F0003 || 0x00000003 || N || ROM || ?
|}
 
== 0x400~0x4FF: RW storage keyrings (Reserved) ==
 
  Initial state: Empty data storage, read-write from keyring.
 
{| class="wikitable"
|-
|-
| 0x217          || Y || 0x001F || 0x0000      || Y || ? ||  ?          || ?
! Keyring
! Initial flags
! Flags after kernel boot
! Per-console
! Set By
! Description
|-
|-
| 0x218-0x2FF    || X || 0x0000 || 0x0000      || X || ? |?           || Not used.
| 0x400-0x47F
| 0x18000001
| 0x00000001
| ?
| ?
| ?
|-
|-
| 0x300-0x33F    || Y || 0x0002 || 0x0000      || Y || ? ||  ?          || ?
| 0x480-0x4FF
| 0x00000000
| 0x00000000
| X
| N/A
| Not exist.
|}
 
== 0x500~0x5FF: RW storage keyrings ==
 
  Initial state: Empty data storage, read-write from keyring.
 
{| class="wikitable"
|-
|-
| 0x340          || Y || 0x012F || 0x012F      || Y || ? ||  ?          || Used to decrypt keys into the 0x10 keyslot.
! Keyring !! Initial flags !! Flags after kernel boot !! Per-console !! Set By !! Description
|-
|-
| 0x341-0x343    || Y || 0x012F || 0x0120      || Y || ? || ?           || ?
| 0x500 || 0x18000001 || 0x18000001 || ? || ? || ?
|-
|-
| 0x344          || Y || 0x022F || 0x0220      || Y || ? || ?          || Used to derive key 0x20 in bootrom.
| 0x501 || 0x18000001? || 0x10000007 || N || first_loader
| Offset 0x0: <code>bootRomStatus</code> (selects first_loader load source after reset - eMMC/ARM comms)
Offset 0x1C: [[SLSK]] AES Key revision (bitmask <code>0xF0000000</code>)
|-
|-
| 0x345-0x348    || Y || 0x022F || 0x022F      || Y || ? ||  ?          || Used to decrypt keys into one of the 0x21-0x24 keyslots.
| 0x502 || 0x18000001 || 0x18000003 || Y || second_loader || AES XTS Tweak for Ernie SNVS sectors.
|-
|-
| 0x349-0x353    || Y || 0x022F || 0x0220      || Y || ? ||  ?          || ?
| 0x503 || 0x18000001 || 0x18000003 || Y || second_loader || AES XTS Decryption Key for Ernie SNVS sectors.
|-
|-
| 0x354-0x3FF    || Y || 0x001F || 0x0000      || Y || ? || ?          || ?
| 0x504 || 0x18000001 || 0x18000003 || Y || second_loader || AES-128-CMAC Key for Ernie SNVS sectors.
|-
|-
| 0x400-0x47F    || N || 0x1800 || 0x0000      || N || ? || ?           || ?
| 0x505 || 0x18000001 || 0x00000001 || ? || ? || ?
|-
|-
| 0x480-0x4FF    || X || 0x0000 || 0x0000      || X || ? ||  ?          || Not used.
| 0x506 || 0x18000001 || 0x18000003 || N || second_loader || QAF Token AES-256-CBC and AES-256-CMAC key. Hardcoded in second_loader. Used with IV = keyring 0x507.
|-
|-
| 0x500          || N || 0x1800 || 0x1800      || N || ? ||  ?          || ?
| 0x507 || 0x18000001 || 0x18000003 || N || second_loader || QAF Token AES-256-CBC IV. Hardcoded in second_loader.
|-
|-
| 0x501          || N || 0x1800 || 0x1000      || Y || N || first_loader || Used by bootrom first_loader to figure out whether to load from eMMC or ARM comms after reset
| 0x508 || 0x18000001 || 0x18000003 || Y || second_loader || Ernie version. Comes from [[Ernie]] Code Flash memory ([[Ernie]] command 1). 4 bytes. If lower (older) than 0x00090903, old Ernie protocols (unencrypted SNVS packets and maybe different SNVS keys) are used.
|-
|-
| 0x502-0x504    || N || 0x1800 || 0x1800      || Y || Y || second_loader || Related to Ernie SNVS.
| 0x509 || 0x18000001 || 0x18000003 || Y || second_loader || ConsoleId of unit. Comes from IdStorage (eMMC).
|-
|-
| 0x505          || N || 0x1800 || 0x0000      || N || ? || ?            || ?
| 0x50A || 0x18000001? || 0x18000007 || Y || second_loader || [[KBL Param#QA_flags|QA flags]]. 0x10 bytes. Comes from [[Ernie]] NVS ([[Ernie]] command 0x1082).
|-
|-
| 0x506          || N || 0x1800 || 0x1800      || Y || N || second_loader || QAF Token AES-256-CBC and AES-256-CMAC key. Hardcoded in second_loader. IV = keyslot 0x507.
| 0x50B || 0x18000001 || 0x18000003 || Y || second_loader || Mgmt Data. 8 bytes. Comes from [[Ernie]] SNVS block 0 ([[Ernie]] command 0xD2).
|-
|-
| 0x507          || N || 0x1800 || 0x1800      || Y || N || second_loader || QAF Token AES-256-CBC IV. Hardcoded in second_loader.
| 0x50C || 0x18000001 || 0x18000003 || N || second_loader || [[Second_Loader#Boot_type_indicator_1_for_SLSK]]
|-
|-
| 0x508          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Baryon version (from Ernie cmd 0x1). 4 bytes. Set to 0x100010A on FW 1.05, 0x0100010B on FW 1.50, 0x100060D on FW 1.692. If lower (older) than 0x90903, old Syscon protocols (unencrypted packets and NVS) are used.
| 0x50D || 0x18000001 || 0x18000003 || Y || second_loader || OpenPSID of unit. Comes from IdStorage (eMMC).
|-
|-
| 0x509          || N || 0x1800 || 0x1800      || Y || Y || second_loader || ConsoleId of unit. Comes from IdStorage (eMMC).
| 0x50E || 0x18000001
| 1.69: 0x18000003
3.60: 0x10000003
| Y || second_loader || Current System Software version. Comes from [[Ernie]] SNVS sector 1 first block ([[Ernie]] command 0xD0). Used by secure_kernel for KPRX version checks.
|-
|-
| 0x50A          || N || 0x1800 || 0x1800      || Y || Y || second_loader || [[Sysroot#QA_flags|QA flags]]. 0x10 bytes. Comes from NVS (Ernie).
| 0x50F || 0x18000001 || 0x18000003 || Y || second_loader || Minimum firmware version. 4 bytes. Comes from IdStorage SMI leaf (eMMC).
|-
|-
| 0x50B          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Mgmt Data. 8 bytes. Comes from SNVS block 0 (Ernie command 0xD2).
| 0x510 || 0x18000001 || 0x18000003 || Y || second_loader || [[KBL Param#DIP_Switches|DIP Switches]]. 0x20 bytes. Comes from CP and [[Ernie]] ScratchPad ([[Ernie]] command 0x90 offset 0xE0).
|-
|-
| 0x50C          || N || 0x1800 || 0x1800      || Y || N || second_loader || Some boot flags. Like Boot type indicator 1. Set to 1 on FW 1.692 and newer, 0 on older.
| 0x511 || 0x18000001 || 0x18000003 || N (random) || second_loader || Ernie communication session key. Unique per boot. It is generated by a handshake with Ernie through Ernie command 0xD0. AES-128-ECB key used to encrypt/decrypt the content of Ernie secure packets. If (ernieVersion < 0x90903 && (ernieDLVersion & 0xffffff) < 0x3600) it is zeroed by second_loader. Part of SKSO data. Used by secure_kernel command 0xF01.
|-
|-
| 0x50D          || N || 0x1800 || 0x1800      || Y || Y || second_loader || OpenPSID of unit. Comes from IdStorage (eMMC).
| 0x512 || 0x18000001? || 0x18000007 || N (counter) || second_loader || Ernie communication ticket count. Used as a challenge at the start of each secure Ernie encrypted communication, for example for SNVS read/write. On each boot it is set to a random value by second_loader. Incremented by 1 after each Ernie secure commmand usage. Part of SKSO data. Used by secure_kernel command 0xF01.
|-
|-
| 0x50E          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Current firmware version. Comes from SNVS (Ernie).
| 0x513 || 0x18000001 || 0x18000003 || Y || second_loader || DRAM size. Set to 0x20000000 by default, 0x40000000 on DevKit in DevKit Memory Size mode. Determined by [[KBL Param#DIP_Switches|DIP Switches]] (CP).
|-
|-
| 0x50F          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Minimum firmware version. Comes from IdStorage SMI leaf (eMMC). 4 bytes.
| 0x514 || 0x18000001 || 0x18000003 || see keyring 0x214 || second_loader || SKSO AES-256-CMAC key. Protected on FW 1.05. Data size 0x90 bytes. Used to verify SKSO. Used by secure_kernel command 0xF01.
|-
|-
| 0x510          || N || 0x1800 || 0x1800      || Y || Y || second_loader || [[Sysroot#DIP_Switches|DIP Switches]]. 0x20 bytes. Comes from Ernie cmd 0x90 offset 0xE0.
| 0x515 || 0x18000001 || 0x18000003 || see keyring 0x214 || second_loader || SKSO AES-128-CBC key. Protected on FW 1.05. Data size 0xA0 bytes. Hardcoded IV in second_loader and second_kernel. Used to encrypt/decrypt SKSO (the content written into keyrings 0x511, 0x512, 0x517 and 0x519). Used by secure_kernel command 0xF01.
|-
|-
| 0x511          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Unique per boot session id. Ernie command 0xD0 shared session key. AES-128-CBC key used to encrypt with null IV a buffer of size 0x30 bytes coming from Ernie in second_loader. Also used to enc/dec the content of Ernie "packets 0x28" coming from Ernie. If (baryonVersion < 0x90903 && (ernieDLVersion & 0xffffff) < 0x3600) it is zeroed by second_loader. Part of SKSO data. Used by SK command 0xF01.
| 0x516 || 0x18000001? || 0x18000007 || N || second_loader || Some status. Set to 0 at the start of second_loader main(). Checked for 0 before initiating communication with Ernie. 4 bytes. Used by secure_kernel command 0xF01: writes (u32)1 here after having exported the SKSO to paddr 0x4001FF00.
|-
|-
| 0x512          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Ticket count. Used as a challenge at the start of each secure Ernie encrypted communication, for example for SNVS read/write. Set to a random value when session key is set. Incremented by 1 after each usage. Part of SKSO data. Used by SK command 0xF01.
| 0x517 || 0x18000001 || 0x18000003 || Y || second_loader, act_sm || Kit Activation status. 4 bytes. Part of SKSO data. When initializing the keyrings, this is zeroed if keyring ?0x50D? has bit8 clear (on FW 1.692). Used by secure_kernel command 0xF01.
|-
|-
| 0x513          || N || 0x1800 || 0x1800      || Y || Y || second_loader || DRAM size. Set to 0x20000000 by default, 0x40000000 on DevKit in DevKit Memory Size mode. Determined from DIPSW (CP).
| 0x518 || 0x18000001 || 0x18000003 || Y || second_loader || Fallback current System Software version (3.60+?). Comes from SNVS sector 1 second block ([[Ernie]] command 0xD0). Used in in update_service_sm command 0x40002 as fallback for "os0" SPKGs version checks.
|-
|-
| 0x514          || N || 0x1800 || 0x1800      || Y || N? || second_loader || SKSO AES-256-CMAC key. Protected on FW 1.05. Data size 0x90 bytes. Used to verify SKSO. Used by SK command 0xF01.
| 0x519 || 0x18000001 || 0x18000003 || Y? || second_loader/utoken_sm || Part of SKSO data. Used by secure_kernel command 0xF01. Not used (maybe zeroed) on old FWs. Used on FW 3.60.
|-
|-
| 0x515          || N || 0x1800 || 0x1800      || Y || N? || second_loader || SKSO AES-128-CBC key. Protected on FW 1.05. Data size 0xA0 bytes. Hardcoded IV in second_loader and second_kernel. Used to encrypt/decrypt SKSO (the content written into keyslots 0x511, 0x512, 0x517 and 0x519). Used by SK command 0xF01.
| 0x51A || 0x18000001 || 0x18000003 || N (random) || second_loader || Coredump Encrypted Session Key (FW 2.12+). Randomized 0x20 byte key. Unique for every boot/reboot/resume. Used for Kernel coredump encryption. See [[KBL Param]] and [[SCECAF#Kernel_Coredump_Encrypted_ELF]]. Used by secure_kernel command 0x1001.
|-
|-
| 0x516          || N || 0x1800 || 0x1800      || Y || ? || second_loader || Some status. Set to 0 at the start of second_loader main(). Checked for 0 before initiating communication with Ernie. 4 bytes. Used by SK command 0xF01: writes (u32)1 here after having exported the SKSO to paddr 0x4001FF00.
| 0x51B || 0x18000001 || 0x18000003 || Y || second_loader || [[KBL Param#Hardware_Info|Hardware Info]]. 4 bytes. Comes from [[Ernie]] Code Flash memory ([[Ernie]] command 5).
|-
|-
| 0x517          || N || 0x1800 || 0x1800      || Y || ? || second_loader, act_sm || Part of SKSO data. When initializing the EEPROM, this is zeroed if keyslot ?0x50D? has bit8 clear (on FW 1.692). Used by SK command 0xF01.
| 0x51C-0x51D || 0x18000001 || 0x00000001 || ? || ? || Used in update_service_sm for NVS. 4 bytes for each keyring.
|-
|-
| 0x518          || N || 0x1800 || 0x1800      || Y || Y || second_loader || Another current FW version (3.60+?). Comes from SNVS (Ernie).
| 0x51E-0x521 || 0x18000001 || 0x00000001 || ? || ? || Used in update_service_sm for NVS. 4 bytes for each keyring.
|-
|-
| 0x519          || N || 0x1800 || 0x1800      || Y || N || second_loader || Part of SKSO data. Used by SK command 0xF01. Not used (maybe zeroed) on old FWs. Used on FW 3.60.
| 0x522-0x57F || 0x18000001 || 0x00000001 || ? || ? || ?
|-
|-
| 0x51A          || N || 0x1800 || 0x1800      || Y || N (random) || second_loader || Encrypted Session Key (FW 2.12+). Randomized 0x20 byte key. Unique for every boot/reboot/resume. Used for Kernel coredump encryption. See [[Sysroot]] and [[SCECAF#Kernel_Coredump_Encrypted_ELF]]. Used by SK command 0x1001.
| 0x580-0x5FF
| 0x00000000
| 0x00000000
| X
| N/A
| Not exist.
|}
 
== 0x600~0x6FF: OTP keyrings ==
 
  Initial state: Filled in data, read-only. Keyring only.
    0x603: DWORD BootromFlags.
      Bit 0~15: HasRsaRevocationKey. This is set to 0xFFFF.
      Bit  16: UseAlternativeEmmcClock
      Bit  17: Maybe eMMC clock speed option.
 
{| class="wikitable"
|-
|-
| 0x51B          || N || 0x1800 || 0x1800      || Y || Y || second_loader || [[Sysroot#Hardware_Info|Hardware Info]]. 4 bytes.
! Keyring !! Initial flags !! Flags after kernel boot !! Per-console !! Set By !! Description
|-
|-
| 0x51C - 0x51D  || N || 0x1800 || 0x0000      || N || ? ||  ?            || Used in update_service_sm. 4 bytes for each keyslot.
| 0x600 || 0x10000003 || 0x10000003 || Y || Fuses || VisibleId of unit. Can also be obtained through [[Syscon UART RPC]] command 0x120.
|-
|-
| 0x51E - 0x521  || N || 0x1800 || 0x0000      || N || ? ||  ?            || Used in update_service_sm. 4 bytes for each keyslot.
| 0x601 || 0x10000003 || 0x10000003 || Y || Fuses || First half (0x20 bytes) of [https://www.psdevwiki.com/psp/index.php?title=Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert]. Copied to 0xE0020120 by second_loader.
|-
|-
| 0x522-0x57F    || N || 0x1800 || 0x0000      || N || ? ||  ?            || ?
| 0x602 || 0x10000003 || 0x10000003 || Y || Fuses || Second half (0x20 bytes) of [https://www.psdevwiki.com/psp/index.php?title=Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert]. Copied to 0xE0020100 by second_loader.
|-
|-
| 0x580-0x5FF    || X || 0x0000 || 0x0000      || X || ? ||  ?            || Not used.
| 0x603 || 0x10000003 || 0x10000003 || N || Fuses || [[SLSK]] RSA public key flags
|-
|-
| 0x600          || Y || 0x1000 || 0x1000      || Y || Y ||  ?           || VisibleId of unit.
| 0x604 || 0x10000003 || 0x10000003 || N || Fuses || ?
|-
|-
| 0x601          || Y || 0x1000 || 0x1000      || Y || Y ||  ?            || ?
| 0x605 || 0x10000003 || 0x00000003 || N || Fuses || ?
|-
|-
| 0x602          || Y || 0x1000 || 0x1000      || Y || Y || ?            || ?
| 0x606 || 0x10000003 || 0x00000003 || Y || Fuses || ?
|-
|-
| 0x603          || Y || 0x1000 || 0x1000      || Y || N ||  ?            || ?
| 0x607 || 0x10000003 || 0x00000003 || Y || Fuses || ?
|-
|-
| 0x604          || Y || 0x1000 || 0x1000      || Y || N || ?            || ?
| 0x608-0x6FF || 0x00000000 || 0x00000000 || X || N/A || Does not exist.
|}
 
== 0x700~0x7FF: SLSK RSA Public keyrings ==
 
  Initial state: Filled in data, read-only. Keyring only.
 
{| class="wikitable"
|-
|-
| 0x605-0x607    || Y || 0x1000 || 0x0000      || Y || ? ||  ?            || ?
! Keyring !! Initial flags !! Flags after kernel boot !! Per-console !! Set By !! Description
|-
|-
| 0x608-0x6FF    || X || 0x0000 || 0x0000      || X || X ||  ?            || Not used.
| 0x700-0x77F || 0x10000003 || 0x00000003 || N || ROM || 16 RSA public keys for [[SLSK]] files. Which key is used depends on public key revision specified in [[SLSK]] header.
|-
|-
| 0x700-0x7FF   || Y || 0x1000 || 0x0000      || Y || N || ?            || 16 public RSA keys for ENC files. Which key is used depends on public key revision specified in ENC header.
| 0x780-0x7FF || 0x00000000 || 0x00000000 || N || ROM || -
|}
|}

Latest revision as of 19:07, 9 October 2024

Physical address: 0xE0058000 + 0x20 * keyring_number.

Flags: See here

Keyring information

0x0~0xFF: Slave keyrings

 Initial state: Empty keyrings.
   0x000-0x007: Empty group0 slave keyrings, for AES decryption only.
   0x008-0x00F: Empty group1 slave keyrings, any algorithm.
   0x010-0x01F: Empty group2 slave keyrings, for AES decryption only.
   0x020-0x02F: Empty group3 slave keyrings, any algorithm.
   0x030-0x07F: Empty normal keyrings, any algorithm.
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0 0x04420001 0x04420003 Y/N Secure Modules General common keyring for crypto operation.
1 0x04420001 ? ? ?
2-7 0x00400001
8 0x049F0001 0x00810003 Y first_loader SLSK personalization key. Derived from keyrings 0x206.
9 0x00800001 SLSK personalization key. Derived from keyrings 0x207.
0xA-0xF 0x00800003 N 6 SLSK metadata decryption keys. Derived from keyrings 0x208-0x20D.
0x10 0x05020001 0x05020001 ? ? Supports decryption only.
0x11-0x1F 0x01000001 ?
0x20 0x061F0001 0x02000003 N first_loader SLSK HMAC-SHA256 Key. Derived from keyring 0x344.
0x21-0x24 0x061F0001 ? N/A Supports encryption and decryption.
0x25-0x2F 0x02000001 ?
0x30-0x34 0x041F0001 0x041F0001
0x35-0x7F 0x00000001
0x80-0xFF 0x00000000 0x00000000 Not exist.

0x100~0x1FF: Slave keyrings (Reserved)

 Initial state: Empty keyrings.
   0x100-0x17F: Empty normal keyrings, any algorithm.
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x100 0x041F0001 0x041F0001 ? ? ?
0x101-0x13F 0x00000001 0x00000001 ? ? ?
0x140-0x17F 0x041F0001
0x180-0x1FF 0x00000000 0x00000000 N/A Not exist.

0x200~0x2FF: Master keyrings

 Initial state: Filled in, key material.
   0x200-0x203: AES decryption-only keys (for memory buffers).
   0x204-0x205: Master keys (for group0), any algorithm.
   0x206-0x20D: Master keys (for group1), any algorithm.
   0x20E-0x20F: Emmc keys, fully protected.
   0x210-0x217: General purpose keys (for memory buffers).
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x200-0x203 0x00020003 0x00000003 ? Fuses ?
0x204 0x006F0003 0x006F0003 Y Fuses AES-256 master key for IdStorage Certificates AES-128-ECB keys derivation. Used by KIRK commands 0x10, 0x12, 0x17 and 0x19.
0x205 ?
0x206 0x00AF0003 0x00A00003 Y Master key used to derive key that decrypts personalized layer over SLSK.
0x207 Master key used instead of keyring 0x206 when first_loader secret debug mode is set.
0x208-0x20D N 6 master keys used to derive AES-128-CBC Key that decrypts SLSK metadata. Which one is used depends on encryption key revision in SLSK header.
0x20E 0xXXXX0003 0x00100003 Y per-console eMMC crypto keys.
0x20F per-console eMMC crypto keys.
0x210-0x211 0x001F0003 0x00000003 ? Fuses ?
0x212 0x001F0003 Y Fuses AES-256-CMAC key used by KIRK commands 0x12 and 0x19.
0x213 AES-256-CBC key used to derive (by seed encryption) SMI keys in second_loader, which are used for minimum firmware version decryption.
0x214 0x00000003 ? Fuses AES-256-CBC key used to derive (by seed encryption) keyrings 0x514 and 0x515 in second_loader. IVs and seeds hardcoded in second_loader.
0x215 ?
0x216 0x001F0003 Y Fuses AES-256-CBC key used to derive (by seed encryption) keyrings 0x502-0x504 in second_loader. IV hardcoded in second_loader. If SMI minimum FW < 0.996, this key is not used and keyrings 0x502-0x504 are set with hardcoded values from second_loader.
0x217 0x00000003 ? Fuses ?
0x218-0x2FF 0x00000000 0x00000000 X N/A Not exist.

0x300~0x3FF: Master keyrings 2

 Initial state: Filled in, key material.
   0x300-0x33F: AES decryption-only keys (for memory buffers).
   0x340-0x343: Master keys (for group2), any algorithm.
   0x344-0x353: Master keys (for group3), any algorithm.
   0x354-0x3FF: General purpose keys (for memory buffers).
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x300-0x33F 0x00020003 0x00000003 N ROM ?
0x340 0x012F0003 0x012F0003 N ROM Used to decrypt keys into the 0x10 keyring.
0x341-0x343 0x012F0003 0x01200003 N ROM ?
0x344 0x022F0003 0x02200003 N ROM Master key used to derive the 0x20 keyring in first_loader.
0x345 0x022F0003 0x022F0003 N ROM Used by GameCard authentication command 56.
0x346 0x022F0003 0x022F0003 N ROM Used to decrypt keys into one of the 0x21-0x24 keyrings.
0x347 0x022F0003 0x022F0003 N ROM Used to decrypt keys into one of the 0x21-0x24 keyrings.
0x348 0x022F0003 0x022F0003 N ROM Used by GameCard authentication command 56.
0x349-0x353 0x022F0003 0x02200003 N ROM ?
0x354-0x3FF 0x001F0003 0x00000003 N ROM ?

0x400~0x4FF: RW storage keyrings (Reserved)

 Initial state: Empty data storage, read-write from keyring.
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x400-0x47F 0x18000001 0x00000001 ? ? ?
0x480-0x4FF 0x00000000 0x00000000 X N/A Not exist.

0x500~0x5FF: RW storage keyrings

 Initial state: Empty data storage, read-write from keyring.
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x500 0x18000001 0x18000001 ? ? ?
0x501 0x18000001? 0x10000007 N first_loader Offset 0x0: bootRomStatus (selects first_loader load source after reset - eMMC/ARM comms)

Offset 0x1C: SLSK AES Key revision (bitmask 0xF0000000)

0x502 0x18000001 0x18000003 Y second_loader AES XTS Tweak for Ernie SNVS sectors.
0x503 0x18000001 0x18000003 Y second_loader AES XTS Decryption Key for Ernie SNVS sectors.
0x504 0x18000001 0x18000003 Y second_loader AES-128-CMAC Key for Ernie SNVS sectors.
0x505 0x18000001 0x00000001 ? ? ?
0x506 0x18000001 0x18000003 N second_loader QAF Token AES-256-CBC and AES-256-CMAC key. Hardcoded in second_loader. Used with IV = keyring 0x507.
0x507 0x18000001 0x18000003 N second_loader QAF Token AES-256-CBC IV. Hardcoded in second_loader.
0x508 0x18000001 0x18000003 Y second_loader Ernie version. Comes from Ernie Code Flash memory (Ernie command 1). 4 bytes. If lower (older) than 0x00090903, old Ernie protocols (unencrypted SNVS packets and maybe different SNVS keys) are used.
0x509 0x18000001 0x18000003 Y second_loader ConsoleId of unit. Comes from IdStorage (eMMC).
0x50A 0x18000001? 0x18000007 Y second_loader QA flags. 0x10 bytes. Comes from Ernie NVS (Ernie command 0x1082).
0x50B 0x18000001 0x18000003 Y second_loader Mgmt Data. 8 bytes. Comes from Ernie SNVS block 0 (Ernie command 0xD2).
0x50C 0x18000001 0x18000003 N second_loader Second_Loader#Boot_type_indicator_1_for_SLSK
0x50D 0x18000001 0x18000003 Y second_loader OpenPSID of unit. Comes from IdStorage (eMMC).
0x50E 0x18000001 1.69: 0x18000003

3.60: 0x10000003

Y second_loader Current System Software version. Comes from Ernie SNVS sector 1 first block (Ernie command 0xD0). Used by secure_kernel for KPRX version checks.
0x50F 0x18000001 0x18000003 Y second_loader Minimum firmware version. 4 bytes. Comes from IdStorage SMI leaf (eMMC).
0x510 0x18000001 0x18000003 Y second_loader DIP Switches. 0x20 bytes. Comes from CP and Ernie ScratchPad (Ernie command 0x90 offset 0xE0).
0x511 0x18000001 0x18000003 N (random) second_loader Ernie communication session key. Unique per boot. It is generated by a handshake with Ernie through Ernie command 0xD0. AES-128-ECB key used to encrypt/decrypt the content of Ernie secure packets. If (ernieVersion < 0x90903 && (ernieDLVersion & 0xffffff) < 0x3600) it is zeroed by second_loader. Part of SKSO data. Used by secure_kernel command 0xF01.
0x512 0x18000001? 0x18000007 N (counter) second_loader Ernie communication ticket count. Used as a challenge at the start of each secure Ernie encrypted communication, for example for SNVS read/write. On each boot it is set to a random value by second_loader. Incremented by 1 after each Ernie secure commmand usage. Part of SKSO data. Used by secure_kernel command 0xF01.
0x513 0x18000001 0x18000003 Y second_loader DRAM size. Set to 0x20000000 by default, 0x40000000 on DevKit in DevKit Memory Size mode. Determined by DIP Switches (CP).
0x514 0x18000001 0x18000003 see keyring 0x214 second_loader SKSO AES-256-CMAC key. Protected on FW 1.05. Data size 0x90 bytes. Used to verify SKSO. Used by secure_kernel command 0xF01.
0x515 0x18000001 0x18000003 see keyring 0x214 second_loader SKSO AES-128-CBC key. Protected on FW 1.05. Data size 0xA0 bytes. Hardcoded IV in second_loader and second_kernel. Used to encrypt/decrypt SKSO (the content written into keyrings 0x511, 0x512, 0x517 and 0x519). Used by secure_kernel command 0xF01.
0x516 0x18000001? 0x18000007 N second_loader Some status. Set to 0 at the start of second_loader main(). Checked for 0 before initiating communication with Ernie. 4 bytes. Used by secure_kernel command 0xF01: writes (u32)1 here after having exported the SKSO to paddr 0x4001FF00.
0x517 0x18000001 0x18000003 Y second_loader, act_sm Kit Activation status. 4 bytes. Part of SKSO data. When initializing the keyrings, this is zeroed if keyring ?0x50D? has bit8 clear (on FW 1.692). Used by secure_kernel command 0xF01.
0x518 0x18000001 0x18000003 Y second_loader Fallback current System Software version (3.60+?). Comes from SNVS sector 1 second block (Ernie command 0xD0). Used in in update_service_sm command 0x40002 as fallback for "os0" SPKGs version checks.
0x519 0x18000001 0x18000003 Y? second_loader/utoken_sm Part of SKSO data. Used by secure_kernel command 0xF01. Not used (maybe zeroed) on old FWs. Used on FW 3.60.
0x51A 0x18000001 0x18000003 N (random) second_loader Coredump Encrypted Session Key (FW 2.12+). Randomized 0x20 byte key. Unique for every boot/reboot/resume. Used for Kernel coredump encryption. See KBL Param and SCECAF#Kernel_Coredump_Encrypted_ELF. Used by secure_kernel command 0x1001.
0x51B 0x18000001 0x18000003 Y second_loader Hardware Info. 4 bytes. Comes from Ernie Code Flash memory (Ernie command 5).
0x51C-0x51D 0x18000001 0x00000001 ? ? Used in update_service_sm for NVS. 4 bytes for each keyring.
0x51E-0x521 0x18000001 0x00000001 ? ? Used in update_service_sm for NVS. 4 bytes for each keyring.
0x522-0x57F 0x18000001 0x00000001 ? ? ?
0x580-0x5FF 0x00000000 0x00000000 X N/A Not exist.

0x600~0x6FF: OTP keyrings

 Initial state: Filled in data, read-only. Keyring only.
   0x603: DWORD BootromFlags.
     Bit 0~15: HasRsaRevocationKey. This is set to 0xFFFF.
     Bit   16: UseAlternativeEmmcClock
     Bit   17: Maybe eMMC clock speed option.
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x600 0x10000003 0x10000003 Y Fuses VisibleId of unit. Can also be obtained through Syscon UART RPC command 0x120.
0x601 0x10000003 0x10000003 Y Fuses First half (0x20 bytes) of ScePspIndividualKeyMeshCert. Copied to 0xE0020120 by second_loader.
0x602 0x10000003 0x10000003 Y Fuses Second half (0x20 bytes) of ScePspIndividualKeyMeshCert. Copied to 0xE0020100 by second_loader.
0x603 0x10000003 0x10000003 N Fuses SLSK RSA public key flags
0x604 0x10000003 0x10000003 N Fuses ?
0x605 0x10000003 0x00000003 N Fuses ?
0x606 0x10000003 0x00000003 Y Fuses ?
0x607 0x10000003 0x00000003 Y Fuses ?
0x608-0x6FF 0x00000000 0x00000000 X N/A Does not exist.

0x700~0x7FF: SLSK RSA Public keyrings

 Initial state: Filled in data, read-only. Keyring only.
Keyring Initial flags Flags after kernel boot Per-console Set By Description
0x700-0x77F 0x10000003 0x00000003 N ROM 16 RSA public keys for SLSK files. Which key is used depends on public key revision specified in SLSK header.
0x780-0x7FF 0x00000000 0x00000000 N ROM -