Cmep registers: Difference between revisions
Line 283: | Line 283: | ||
Size is rounded up to multiple of 4. | Size is rounded up to multiple of 4. | ||
If size > 16, size = 16. | If size > 16, size = 16. | ||
Read |size| bytes from |src| into HW state. | Read |size| bytes from |src| into HW state. | ||
The remaining 16-|size| bytes of state *ARE KEPT FROM RESULT OF PREVIOUS AES OPERATION*. | The remaining 16-|size| bytes of state *ARE KEPT FROM RESULT OF PREVIOUS AES OPERATION*. | ||
VULN! This allows key recovery of all slave keyrings during boot. | VULN! This allows key recovery of all slave keyrings during boot. | ||
The key written to keyring is always 16 bytes long, padded with 00's. | The key written to keyring is always 16 bytes long, padded with 00's. | ||
* AesCbcEncrypt/Decrypt: Size is rounded up to multiple of 4. | * AesCbcEncrypt/Decrypt: Size is rounded up to multiple of 4. | ||
* AesCtrEncrypt/Decrypt: Size is rounded up to multiple of 4. | * AesCtrEncrypt/Decrypt: Size is rounded up to multiple of 4. |
Revision as of 04:36, 24 February 2022
0xE0000000: Cmep/ARM
0xE0000000: MailboxCmepToArm
Response to ARM is written here.
0xE0000010: MailboxArmToCmep
Request from ARM is written here.
0xE0000020: MailboxCmepToDebugger
Size: 2 * DOWORD.
0xE0000028: MailboxDebuggerToCmep
Size: 2 * DWORD.
0xE0000060: MailboxDebuggerToCmep2
Size: 2 * DWORD.
0xE0010000: Cmep controller
Address | Length | Description |
---|---|---|
0xE0010000 | 4 | TZ sets it to 1 then 0 and it appears cmep resets. |
0xE0010004 | 4 | Read by second_loader, checked against mask (& 5) and (& 8). Read by TZ after setting reset, checked if flag 0x80000000 is set. Ex: 0x80000005. Writing values to it from cmep does nothing. |
0xE0010000: CmepReset
Bit0: Hangs. ARM uses this to reset the cMeP subsystem.
0xE0010004: CmepStatus
Bit31: IsCmepAlive Bit0-2: ?
0xE0010000: 00 00 00 00 05 00 00 80 00 00 00 00 00 00 00 00 0xE0010010: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xE0010010: Unknown
Reads back 0x7FF. Then hangs after delay.
Bit5: Disables Key* registers, and Cmep KeyRings.
No bit appears to disable Rsa* registers, or Bigmac*.
0xE0020000: 0F 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xE0020000: Cmep 0xE0020000
Address | Length | Description |
---|---|---|
0xE0020000 | 4 | second_loader sets it to 0x30003 after ?clearing keys?. secure_kernel sets it to 0x2000F. |
0xE0020004 | 4 | ?Error code?/?Allowed DMAC5 keyring to Non-Secure?. Read by second_loader, checked against 0x8000001F. Also set to ?0? by second_loader when setting 0x30003 at 0xE0020000. |
0xE0020020 | 4 | Checked for 0 by second_loader. May be a kind of timer or working state. |
0xE0020040 | 0x10 | Read As |
0xE0020100 | 0x20 | Per-console 256-bit key from keyring 0x602 is copied here by second_loader. Maybe related to eMMC. |
0xE0020000 flags
Bit0: Reboot when cleared. Bit1: Makes first_loader load secure_kernel. Hang when cleared and unrecoverable. Bit2: No hang when cleared. Bit3: No hang when cleared. Bit4: ? Bit5: ? Bit16: Allows ARM to reset cmep. No hang when cleared. Bit17: ?
0xE0030000: Bigmac Keyring controller
This device is mapped to ScePervasiveResetReg at offset 0x190 for controlling reset and enabling mask writing.
typedef struct BigmacKeyringControllerRegs { // physical address 0xE0030000 SceUInt32 keyring_new_value[8]; SceUInt32 keyring_set_value_trigger; SceUInt32 keyring_clear_flags; SceUInt32 keyring_query_flags_request; SceUInt32 keyring_query_flags_response; } BigmacKeyringControllerRegs;
0xE0030000: KeyringNewValue
Size: 8 * DWORD.
0xE0030020: KeyringSetValueTrigger
Write value to a keyring. Requires the keyring to be enabled and WriteByCmepAllowed flag to be set.
Write a keyring to this address, and the Bigmac Keyring Controller will write value from physical address 0xE0030000 to the keyring.
0xE0030024: KeyringClearFlags
Note that there is no known way to set some keyrings flags in any way (doing keyring_flags |= or_flags), even though the opposite (clearing flags) is doable for some flags.
Writing ((flags_mask<<16)|keyring_id)
to keyring_clear_flags
clear flags for this keyring.
Bit0-15: KeyringId Bit16-31: KeyringClearFlagsMask
0xE0030028: KeyringQueryFlags
Writing keyring_id
to keyring_query_flags_request
returns current flags in keyring_query_flags_response
.
Bit0-15: KeyringId
0xE003002C: KeyringQueryFlagsResponse
Bit Mask value Clearable Description 0 (0x0000 0001): N/A | KeyringExists 1 (0x0000 0002): N/A | KeyringEnabled. You cannot use the keyring if this is not set. 2 (0x0000 0004): N/A | Unknown 16 (0x0001 0000): Clearable | AesEncryptAllowed (CTR+CBC+ECB, any key size) 17 (0x0002 0000): Clearable | AesDecryptAllowed (CTR+CBC+ECB, any key size) 18 (0x0004 0000): Clearable | ShaHmacAllowed (SHA1+SHA256) 19 (0x0008 0000): Clearable | AesCmacAllowed 20 (0x0010 0000): Clearable | ?EmmcCryptoAllowed (qualified guess!, maybe AES XTS)?. ?Master keyring can target memory? 21 (0x0020 0000): Fixed | IsMaster. Master keyring can target slave keyring (based on Mask Group below). 22 (0x0040 0000): Fixed | MemberOfGroup0. Keyring Pairing Lock Mask Group 0 (master keyrings 0x204-0x205 and slave keyrings 0-7). 23 (0x0080 0000): Fixed | MemberOfGroup1. Keyring Pairing Lock Mask Group 1 (master keyrings 0x206-0x20D and slave keyrings 8-0xF). 24 (0x0100 0000): Fixed | MemberOfGroup2. Keyring Pairing Lock Mask Group 2 (master keyrings 0x340-0x343 and slave keyrings 0x10-0x1F). 25 (0x0200 0000): Fixed | MemberOfGroup3. Keyring Pairing Lock Mask Group 3 (master keyrings 0x344-0x353 and slave keyrings 0x20-0x2F). 26 (0x0400 0000): Clearable | ?WriteByBigmacAllowed?. ?Locked keyring can target cmep memory.? 27 (0x0800 0000): Clearable | WriteByCmepAllowed. Can be written directly by cmep. 28 (0x1000 0000): Clearable | ReadByCmepAllowed. Can be read directly by cmep.
A normal keyring is a keyring that do not belong to any group (bit21-25 are all zeroes). It can be written by slaves of groups, and also by normal non-keyring operations. They can write to ?a normal keyring or to external memory?.
A master keyring can only write into a slave keyring belonging to the same group(s) as itself. A master keyring cannot write into a non-slave keyring or external memory.
A slave keyring can write to a normal keyring or to external memory, but not to a master keyring.
VULN!! If a keyring has AesDecryptAllowed flag, it is possible to encrypt arbitrary AES blocks without AesEncryptAllowed flag by using AES CTR mode.
SceBignum controller
0xE0040108: RsaSignatureBuffer
Size: 0x100 bytes.
0xE0040400: RsaModulusBuffer
Size: 0x100 bytes.
0xE0040800: RsaControl
In DWORDs.
0xE0040800: RsaStatus
Bit31: Busy
0xE0040808: RsaExponent
Bigmac Crypto Controller
// base: 0xE0050000 (channel0), 0xE0050080 (channel1) typedef struct BigmacOp { const void *src; union { void *dst; SceUInt32 dst_keyring_id; }; SceSize len; int func; // operation SceUInt32 work_keyring_id; void *iv; void *next; int ready; // Writing 1 here starts the operation. int status; int res; // Set when invalid keyring (0xFFF). Bit18: Set when keyring is not allowed to perform operation. } BigmacOp;
0xE005000C: Bigmac crypto controller function
Bits Mask Value Description 0~ 1 | 0x00000003 | The func index 2 | 0x00000004 | RNG 3~ 5 | 0x00000038 | The algo index 6 | 0x00000040 | DES (Probably) 7 | 0x00000080 | Using external key (not keyring) 8~ 9 | 0x00000300 | Keysize. 0x000:64-bits 0x100:128-bits 0x200:192-bits 0x300:256-bits 10~11 | 0x00000C00 | Hash transform flags. 0x400:hashUpdate 0x800:hashFinalize 0xC00:Probably a fusion of hashUpdate and hashFinalize? 14~23 | 0x00FFF000 | Unknown 24~25 | 0x03000000 | Causes hang 26~27 | 0x0C000000 | Unknown 28 | 0x10000000 | Dst is keyring 29~31 | 0xE0000000 | Unknown
Func list
func + RNG = bzero?
Index Real Value Description 0 | 0x00000000 | Memcpy (DMAC only) 1 | 0x00000001 | AesEcbEncrypt 2 | 0x00000002 | AesEcbDecrypt 3 | 0x00000003 | Secure Hash Algorithm
Algo list
Index Func Real Value Description 0 | 1 | 0x00000001 | AesEcbEncrypt 1 | 1 | 0x00000009 | AesCbcEncrypt 2 | 1 | 0x00000011 | AesCtrEncrypt 3 | 1 | 0x00000019 | Unknown 4 | 1 | 0x00000021 | AesCtrEncrypt 5 | 1 | 0x00000029 | Unknown 6 | 1 | 0x00000031 | Unknown 7 | 1 | 0x00000039 | Unknown 0 | 2 | 0x00000002 | AesEcbDecrypt 1 | 2 | 0x0000000A | AesCbcDecrypt 2 | 2 | 0x00000012 | AesCtrDecrypt 3 | 2 | 0x0000001A | Unknown 4 | 2 | 0x00000022 | AesCtrEdcrypt 5 | 2 | 0x0000002A | Unknown 6 | 2 | 0x00000032 | Unknown 7 | 2 | 0x0000003A | Unknown 0 | 3 | 0x00000003 | SHA1 1 | 3 | 0x0000000B | SHA224 2 | 3 | 0x00000013 | SHA256 3 | 3 | 0x0000001B | !!! HANG !!! 4 | 3 | 0x00000023 | HmacSha1 5 | 3 | 0x0000002B | HmacSha224. This is DMAC only. If running on Bigmac, it triggered hang up. 6 | 3 | 0x00000033 | HmacSha256 7 | 3 | 0x0000003B | AesCmac 0 | RNG | 0x00000004 | RNG 1 | RNG | 0x0000000C | Memset 2 | RNG | 0x00000014 | Unknown 3 | RNG | 0x0000001C | Unknown 4 | RNG | 0x00000024 | Unknown 5 | RNG | 0x0000002C | Unknown 6 | RNG | 0x00000034 | Unknown 7 | RNG | 0x0000003C | Unknown
DES algos
Unlike for Dmac5, DES is not supported for keyring Controller.
DES is DMAC only. If running on Bigmac, it triggered hang up. (this is true?)
It's 3DES if keysize is 128 or 192
If DES + SHA, DES bit is ignored (Execute SHA command).
Algo Func Real Value Description 0 | 0 | 0x00000040 | Unknown 0 | 1 | 0x00000041 | DesEcbEncrypt 0 | 2 | 0x00000042 | DesEcbDecrypt 1 | 1 | 0x00000049 | DesCbcEncrypt 1 | 2 | 0x0000004A | DesCbcDecrypt 4 | 1 | 0x00000061 | Unknown. hang up on bigmac. (DES + AesCtrEncrypt) // If you have more found, add that to here
The following are known to be able to write keyrings:
* AesEcbEncrypt/Decrypt: Size is rounded up to multiple of 4. If size > 16, size = 16. Read |size| bytes from |src| into HW state. The remaining 16-|size| bytes of state *ARE KEPT FROM RESULT OF PREVIOUS AES OPERATION*. VULN! This allows key recovery of all slave keyrings during boot. The key written to keyring is always 16 bytes long, padded with 00's. * AesCbcEncrypt/Decrypt: Size is rounded up to multiple of 4. * AesCtrEncrypt/Decrypt: Size is rounded up to multiple of 4. * AesCmac Puts the 16 byte hash into keyring. Bytes 16-31 are *FORCED* 0. * Sha1: Puts the 20 byte hash into keyring. Bytes 20-31 are *FORCED* 0. * Sha224: Puts the 28 byte hash into keyring. Bytes 28-31 are *FORCED* 0. * Sha256: Puts the 32 byte hash into keyring. * HmacSha1 Probably same as Sha1. * HmacSha256 Probably same as Sha256. * Rng
AesCtrEncrypt when having a keyring dst, still reads from src.
VULN! Any SHA with length==0 produces an output of all zeroes!
0xE005003C: Bigmac Rng
Reads a random value.
0xE0050100: Bigmac unknown 0x100 data
0xE0050200: Bigmac External Key
Size: 0x20 bytes
VULN! Allows partial overwrite. However when using keyring crypto, this key remains unaffected thus it cannot be used to recover keyring keys.
Bigmac Key Ring Base
See F00D Key Ring Base.
0xE0058000: Bigmac KeyRings
Size: 0x10000 bytes.
0x000-0x07F:
Initial state: Empty keyrings. 0x000-0x007: Empty group0 slave keyrings, for AES decryption only. 0x008-0x00F: Empty group1 slave keyrings, any algo. 0x010-0x01F: Empty group2 slave keyrings, for AES decryption only. 0x020-0x02F: Empty group3 slave keyrings, any algo. 0x030-0x07F: Empty normal keyrings, any algo.
0x100-0x17F:
Initial state: Empty keyrings. 0x100-0x17F: Empty normal keyrings, any algo.
0x200-0x217:
Initial state: Filled in, key material. 0x200-0x203: AES decryption-only keys (for memory buffers). 0x204-0x205: Master keys (for group0), any algo. 0x206-0x20D: Master keys (for group1), any algo. 0x20E-0x20F: Emmc keys, fully protected. 0x210-0x217: General purpose keys (for memory buffers).
0x300-0x3FF:
Initial state: Filled in, key material. 0x300-0x33F: AES decryption-only keys (for memory buffers). 0x340-0x343: Master keys (for group2), any algo. 0x344-0x353: Master keys (for group3), any algo. 0x354-0x3FF: General purpose keys (for memory buffers).
0x400-0x47F:
Initial state: Empty data storage, read-write from keyring.
0x500-0x57F:
Initial state: Empty data storage, read-write from keyring.
0x600-0x607:
Initial state: Filled in data, read-only. Keyring only. 0x603: DWORD BootromFlags. Bit0-15: HasRsaRevocationKey. This is set to 0xFFFF. Bit16: UseAlternativeEmmcClock
0x700-0x77F:
Initial state: Filled in data, read-only. Keyring only. 0x700-0x708: RsaRevocationKey0 0x708-0x710: RsaRevocationKey1 0x710-0x718: RsaRevocationKey2 0x718-0x720: RsaRevocationKey3 0x720-0x728: RsaRevocationKey4 0x728-0x730: RsaRevocationKey5 ... 0x778-0x780: RsaRevocationKey15
0xE0070000: SceEmmcController
Address | Length | Description |
---|---|---|
0xE0070000 | 4 | Ex: 1. Set to 0, then 1 after writing to 0xE0070008. |
0xE0070008 | 4 | Set to 0x020E020F in second_loader. ?eMMC related? |
0xE007000C | 4 | Ex: 2. |
0xE0070014 | 4 | Set to 6 under some condition in second_loader. |
0xE0070000: EmmcCrypto Toggle/Status?
Toggle: Set to 1.
Status: enabled emmc enc/dec?
0xE0070004: EmmcCrypto avalaible status
bit0(& 1): Not available -> second_loader throws error.
0xE0070008: EmmcCrypto keyset
Read value example: 0x20E and 0x20F (FW 1.69-3.73).
write only.
0xE007000C: Unknown
Read value example: 2
0xE00C0000
0xE00CC000: Unknown
Unknown. Read value example: 0x10006331
0xE00CC014: Unknown
Unknown. Read value example: 0x300000
0xE00CC070: Unknown
Unknown. Read value example: 1
0xE00CC078: Unknown
Unknown. Read value example: 0x300