Cmep Key Ring Base: Difference between revisions
Jump to navigation
Jump to search
Line 107: | Line 107: | ||
| 0x510 || 3 || 0x1800 || Yes || ? | | 0x510 || 3 || 0x1800 || Yes || ? | ||
|- | |- | ||
| 0x511 || 3 || 0x1800 || Yes || Unique per boot session id | | 0x511 || 3 || 0x1800 || Yes || Unique per boot session id, Syscon shared 0xD0 session key | ||
|- | |- | ||
| 0x512 || 7 || 0x1800 || Yes || Tick count? | | 0x512 || 7 || 0x1800 || Yes || Tick count? |
Revision as of 16:50, 20 March 2018
Key Ring Slots 0xE0058000
Slot | Mode | Protection | Per-console | Description |
---|---|---|---|---|
0 | 3 | 0x0442 | ? | ? |
1 | 1 | 0x0442 | ? | ? |
2-7 | 1 | 0x0040 | ? | ? |
8 | 3 | 0x0081 | Yes. | enp per-console key |
9 | 1 | 0x0080 | ? | ? |
0xA-0xF | 3 | 0x0080 | ? | ? |
0x10 | 1 | 0x0502 | ? | supports decryption only |
0x11-0x1F | 1 | 0x0100 | ? | ? |
0x20 | 3 | 0x0200 | ? | ? |
0x21-0x24 | 1 | 0x061F | ? | supports encryption and decryption |
0x25-0x2F | 1 | 0x0200 | ? | ? |
0x30-0x34 | 1 | 0x041F | ? | ? |
0x35-0x7F | 1 | 0x0000 | ? | ? |
0x80-0xFF | 0 | 0x0000 | ? | ? |
0x100 | 1 | 0x041F | ? | ? |
0x101-0x17F | 1 | 0x0000 | ? | ? |
0x180-0x1FF | 0 | 0x0000 | ? | ? |
0x200-0x203 | 3 | 0x0000 | ? | ? |
0x204-0x205 | 3 | 0x006F | ? | ? |
0x206-0x20D | 3 | 0x00A0 | ? | ? |
0x20E-0x20F | 3 | 0x0010 | ? | Maybe per-console emmc crypto keys? |
0x210-0x211 | 3 | 0x0000 | ? | ? |
0x212-0x213 | 3 | 0x001F | ? | ? |
0x214-0x215 | 3 | 0x0000 | ? | ? |
0x216 | 3 | 0x001F | ? | ? |
0x217 | 3 | 0x0000 | ? | ? |
0x218-0x2FF | 0 | 0x0000 | ? | ? |
0x300-0x33F | 3 | 0x0000 | ? | ? |
0x340 | 3 | 0x012F | ? | Used to decrypt keys into the 0x10 key slot |
0x341-0x343 | 3 | 0x0120 | ? | ? |
0x344 | 3 | 0x0220 | ? | ? |
0x345-0x348 | 3 | 0x022F | ? | Used to decrypt keys into one of the 0x21-0x24 key slot |
0x349-0x353 | 3 | 0x0220 | ? | ? |
0x354-0x3FF | 3 | 0x0000 | ? | ? |
0x400-0x47F | 1 | 0x0000 | ? | ? |
0x480-0x4FF | 0 | 0x0000 | ? | ? |
0x500 | 1 | 0x1800 | ? | ? |
0x501 | 7 | 0x1000 | ? | Downgrade protection? Set to 4 on 1.692, 0 on 1.05. |
0x502-0x504 | 3 | 0x1800 | Yes | ? |
0x505 | 1 | 0x0000 | ? | ? |
0x506 | 3 | 0x1800 | ? | ? |
0x507 | 3 | 0x1800 | No | ? |
0x508 | 3 | 0x1800 | No | Revocation related. Set to 0x100060D on 1.692, 0x100010A on 1.05, 0x0100010B on 1.50 |
0x509 | 3 | 0x1800 | Yes | IDPS of unit |
0x50A | 3 | 0x1800 | ? | Byte15bit0,byte14bit0,byte14bit1,byte11bit4: Revocation related. Byte13bit0: Enable F00D debug prints. |
0x50B | 3 | 0x1800 | ? | ? |
0x50C | 3 | 0x1800 | No | Flags. Set to 1 on 1.692 and newer, 0 on older |
0x50D | 3 | 0x1800 | Yes | Per Console Root Key |
0x50E | 3 | 0x1800 | Yes | Current firmware version. |
0x50F | 3 | 0x1800 | Yes | Factory firmware version. |
0x510 | 3 | 0x1800 | Yes | ? |
0x511 | 3 | 0x1800 | Yes | Unique per boot session id, Syscon shared 0xD0 session key |
0x512 | 7 | 0x1800 | Yes | Tick count? |
0x513 | 3 | 0x1800 | No | DRAM size. Set to 0x20000000 on retail, 0x40000000 on devkit. |
0x514 | 3 | 0x1800 | No? | F00d-cmd F01 AES-256-CMAC key. Protected on 1.05. |
0x515 | 3 | 0x1800 | No? | F00d-cmd F01 AES-256-CBC key. Protected on 1.05. |
0x516 | 3 | 0x1800 | ? | F00d-cmd F01 writes (u32)1 here when exporting the infoblk. Next time main() executes this flag is cleared. |
0x517 | 3 | 0x1800 | When initializing the EEPROM, this is zeroed if 0x50D has bit8 clear (on 1.692). | |
0x518 | 3 | 0x1800 | No | Another current FW version (3.60+?) |
0x519 | 3 | 0x1800 | No | 00s |
0x51A | 3 | 0x1800 | Yes | Randomized 0x20 byte key unique every boot/reboot/resume used for kernel coredump encryption |
0x51B | 3 | 0x1800 | No | Some kind of model info 0x406000 on retail and 0x416000 on devkit |
0x51C-0x57F | 1 | 0x0000 | ? | ? |
0x580-0x5FF | 0 | 0x0000 | ? | ? |
0x600-0x602 | 3 | 0x1000 | Yes | ? |
0x603 | 3 | 0x1000 | No | ? |
0x604 | 3 | 0x1000 | No | ? |
0x605-0x607 | 3 | 0x0000 | ? | ? |
0x608-0x6FF | 0 | 0x0000 | ? | ? |
0x700-0x7FF | 3 | 0x0000 | ? | ? |